From c7bb18886251e5187afbdb8d2101e200eb895ab6 Mon Sep 17 00:00:00 2001
From: paulr <me@pjr.cc>
Date: Sat, 5 Nov 2011 02:56:36 +1100
Subject: [PATCH] wow, i just pulled a repo via git from this interface... its
 beautiful... havent got backend setup for pushing yet, but we're a
 step closer. I've found i can "read" without having to use
 git-http-backend - which is grand.

Other changes
Made a single function for checking user auth
added a function to push for a basic auth login
added a function to check for basic auth details
---
 gwvplib/gwvpauth.php       |   52 +++++++++++++++++++++++++-----
 gwvplib/gwvpgitcontrol.php |   74 +++++++++++++++++++++++++++++++++++++++----
 gwvplib/gwvplib.php        |    2 +-
 3 files changed, 111 insertions(+), 17 deletions(-)

diff --git a/gwvplib/gwvpauth.php b/gwvplib/gwvpauth.php
index 8aa0533..f7e036d 100644
--- a/gwvplib/gwvpauth.php
+++ b/gwvplib/gwvpauth.php
@@ -30,6 +30,15 @@ function gwvp_AuthCallMe()
 	return false;
 }
 
+function gwvp_AskForBasicAuth()
+{
+	if(!isset($_SERVER["PHP_AUTH_USER"])) {
+		header('WWW-Authenticate: Basic realm="My Realm"');
+		header('HTTP/1.0 401 Unauthorized');
+		exit(0);
+	} else return; 
+}
+
 // $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
 function gwvp_CheckAuthLevel($levels)
 {
@@ -45,6 +54,12 @@ function gwvp_CheckAuthLevel($levels)
 	return false;
 }
 
+function gwvp_fourZeroThree()
+{
+	header("HTTP/1.0 403 Permission Denied");
+	exit(0);
+}
+
 function gwvp_AuthNoPerms()
 {
 	gwvp_goMainPage("gwvp_AuthNoPermsBody");
@@ -77,6 +92,18 @@ function gwvp_RegistrationCall()
 	}
 }
 
+function gwvp_authUserPass($user, $pass)
+{
+	$details = gwvp_getUser($user);
+	if($details == false) {
+		return false;
+	}
+	
+	if(sha1($pass)!=$details["password"]) return false;
+	
+	return $details["username"];
+}
+
 function gwvp_AuthHandleLogin()
 {
 	global $BASE_URL;
@@ -86,17 +113,9 @@ function gwvp_AuthHandleLogin()
 	if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
 	if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];
 
-	$details = gwvp_getUser($user);
-	if($details == false) {
-		gwvp_SendMessage("error", "Login Failed");
-		header("Location: $BASE_URL");
-		return false;
-	}
-
-	if(sha1($pass)!=$details["password"]) {
+	if(gwvp_authUserPass($user, $pass) === false) {
 		gwvp_SendMessage("error", "Login Failed");
 		header("Location: $BASE_URL");
-		return false;
 	} else {
 		$_SESSION["isloggedin"] = true;
 		$_SESSION["username"] = "$user";
@@ -141,6 +160,21 @@ function gwvp_RegistrationPageBody()
 	<?php
 }
 
+function gwvp_checkBasicAuthLogin()
+{
+	$user = false;
+	$pass = false;
+	if(isset($_SERVER["PHP_AUTH_USER"])) {
+		$user = $_SERVER["PHP_AUTH_USER"];
+	} else return false;
+	
+	if(isset($_SERVER["PHP_AUTH_PW"])) {
+		$pass = $_SERVER["PHP_AUTH_PW"];
+	} else return false;
+	
+	return gwvp_authUserPass($user, $pass);
+}
+
 function gwvp_IsLoggedIn()
 {
 	if(isset($_SESSION["isloggedin"])) {
diff --git a/gwvplib/gwvpgitcontrol.php b/gwvplib/gwvpgitcontrol.php
index b5c7c49..a949fab 100644
--- a/gwvplib/gwvpgitcontrol.php
+++ b/gwvplib/gwvpgitcontrol.php
@@ -22,8 +22,49 @@ function gwvp_gitControlCallMe()
 	
 }
 
+function gwvp_repoPermissionCheck()
+{
+	return true;
+}
+
 function gwvp_gitBackendInterface()
 {
+	global $repo_base, $BASE_URL;
+	
+	$repo = "";
+	$newloc = "/";
+	if(isset($_REQUEST["q"])) {
+		$query = $_REQUEST["q"];
+		$qspl = explode("/", $query);
+		$repo = $qspl[1];
+		for($i=2; $i < count($qspl); $i++) {
+			$newloc .= "/".$qspl[$i];
+		}
+	}
+	
+	$actual_repo_name = preg_replace("/\.git$/", "", $repo); 
+	
+	$user = gwvp_checkBasicAuthLogin();
+
+	if(!$user) {
+		error_log("User is set to false, so its anonymouse");
+	} else {
+		error_log("user is $user");
+	}
+	
+	// must remember that $user of false is anonymous when we code gwvp_repoPerm'sCheck()
+	if(!gwvp_repoPermissionCheck($actual_repo_name, $user)) {
+		error_log("perms check fails - start auth");
+		if(isset($_SERVER["PHP_AUTH_USER"])) {
+			error_log("have auth - push 403");
+			gwvp_fourZeroThree();
+		} else {
+			error_log("push auth");
+			gwvp_AskForBasicAuth();
+			return;
+		}
+	}
+	
 	// we need to quite a bit of parsing in here. The "repo" will always be /git/repo.git
 	// but if we get here from a browser, we need to forward back to a normal repo viewer
 	// the only way i can think of doing this is to check the useragent for the word "git"
@@ -40,25 +81,44 @@ function gwvp_gitBackendInterface()
 	 */
 	$agent = "git-unknown";
 	$isgitagent = false;
+	
+	// tested the user agent bit with jgit from eclipse and normal git... seems to work
 	if(isset($_SERVER["HTTP_USER_AGENT"])) {
 		$agent = $_SERVER["HTTP_USER_AGENT"];
-		error_log("in git backend with user agent");
+		error_log("in git backend with user agent $agent");
 		if(stristr($agent, "git")!==false) {
 			$isgitagent = true;
 		}
 	}
 	
-	$repo = "";
-	if(isset($_REQUEST["q"])) {
-		$query = $_REQUEST["q"];
-		$qspl = explode("/", $query);
-		$repo = $qspl[1];
-	}
+	
 		
+	/* dont need this code right now
 	if($isgitagent) echo "GIT: i am a git backened interface for a repo $repo, agent $agent";
 	else echo "NOT GIT: i am a git backened interface for a repo $repo, agent $agent";
+	*/
+	
+	// now we need to rebuild the actual request or do we?
+	//$basegit = "$BASE_URL/git/something.git";
+	//$newloc = preg_replace("/^$basegit/", "", $_SERVER["REQUEST_URI"]);
+	
+	if(file_exists("$repo_base/$repo/$newloc")) {
+		error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc");
+		$fh = fopen("$repo_base/$repo/$newloc", "rb");
+		
+		error_log("pushing file");
+		while(!feof($fh)) {
+			echo fread($fh, 8192);
+		}
+	} else {
+		echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE";
+		header('HTTP/1.0 404 No Such Thing');
+		return;
+	}
 }
 
+
+
 function gwvp_repoExists($name)
 {
 	global $repo_base;
diff --git a/gwvplib/gwvplib.php b/gwvplib/gwvplib.php
index 693486c..526c9cc 100644
--- a/gwvplib/gwvplib.php
+++ b/gwvplib/gwvplib.php
@@ -15,7 +15,7 @@ require_once("gwvpgitcontrol.php");
 require_once("gwvppluginloader.php");
 
 // only enable this if you need it:
-require_once("gwvpdebug.php");
+// require_once("gwvpdebug.php");
 
 
 ?>
\ No newline at end of file
-- 
1.7.0.4