From fc420d5a27f9249d63c088a892e40b5ba0ec7dc8 Mon Sep 17 00:00:00 2001 From: paulr Date: Wed, 9 Nov 2011 03:43:47 +1100 Subject: [PATCH] renamed gwvpgitcontrol.php to gwvpgitwebservice.php --- gwvplib/gwvpgitcontrol.php | 553 ----------------------------------------- gwvplib/gwvpgitwebservice.php | 553 +++++++++++++++++++++++++++++++++++++++++ gwvplib/gwvplib.php | 2 +- 3 files changed, 554 insertions(+), 554 deletions(-) delete mode 100644 gwvplib/gwvpgitcontrol.php create mode 100644 gwvplib/gwvpgitwebservice.php diff --git a/gwvplib/gwvpgitcontrol.php b/gwvplib/gwvpgitcontrol.php deleted file mode 100644 index 7c34d9b..0000000 --- a/gwvplib/gwvpgitcontrol.php +++ /dev/null @@ -1,553 +0,0 @@ -gitload provider loaded on homepage
"; -} - -function gwvp_repoPermissionCheck($repo, $user) -{ - return true; -} - -function gwvp_gitBackendInterface() -{ - // and this is where i re-code the git backend interface from scratch - global $BASE_URL; - - $repo_base = gwvp_getConfigVal("repodir"); - - // TODO: we need to stop passing the repo name around as "repo.git", it needs to be just "repo" - - - /* bizare git problem that ignores 403's or continues on with a push despite them - error_log("FLAP for ".$_SERVER["REQUEST_URI"]); - if(isset($_REQUEST)) { - $dump = print_r($_REQUEST, true); - error_log("FLAP, $dump"); - } - if(isset($_SERVER["PHP_AUTH_USER"])) { - error_log("FLAP: donut hole"); - }*/ - - - - - $repo = ""; - $repoid = false; - $newloc = "/"; - if(isset($_REQUEST["q"])) { - $query = $_REQUEST["q"]; - $qspl = explode("/", $query); - // TODO do this with - $repo = preg_replace("/\.git$/", "", $qspl[1]); - $repoid = gwvp_GetRepoId($repo); - for($i=2; $i < count($qspl); $i++) { - $newloc .= "/".$qspl[$i]; - } - } - - if($repoid == false) { - gwvp_fourZeroFour(); - return; - } - - // we do an update server cause its weird and i cant figure out when it actually needs to happen - chdir("$repo_base/$repo.git"); - exec("/usr/bin/git update-server-info"); - - - // so now we have the repo - // next we determine if this is a read or a write - $write = false; - if(isset($_REQUEST["service"])) { - if($_REQUEST["service"] == "git-receive-pack") { - error_log("got write as receivepack in post"); - $write = true; - } - } - if($_SERVER["REQUEST_METHOD"] == "POST") { - $write = true; - } - // THIS MAY CAUSE ISSUES LATER ON but we do it cause the git client ignores our 403 when it uses git-receive-pack after an auth - // no, this isnt a solution cause auth'd read attempts will come up as writes... - //if(isset($_SERVER["PHP_AUTH_USER"])) { - //$write = true; - //} - - // if its a write, we push for authentication - if($write) { - error_log("is write attempt, ask for login"); - $person = gwvp_checkBasicAuthLogin(); - if($person == false) { - gwvp_AskForBasicAuth(); - return; - } else { - error_log("checking perms for $person against $repoid for repo $repo"); - $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid); - if($perms < 3) { - error_log("perms are $perms and im not allowed"); - gwvp_fourZeroThree(); - exit(0); - } else { - // here we pass to the git backend - error_log("perms are $perms and im allowed"); - gwvp_callGitBackend($person["username"], $repo); - } - } - return; - } - - // if not we figure out the anon permissions for a repo - $perms = gwvp_resolvRepoPerms(-1, $repoid); - - // if they're less then read, we need to then check the user auth permissions - if($perms < 2) { - // we ask for auth - $person = gwvp_checkBasicAuthLogin(); - if($person == false) { - gwvp_AskForBasicAuth(); - return; - } else { - $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid); - if($perms < 3) { - $dump = print_r($person, true); - error_log("in basic read, called 403 for $perms $dump"); - gwvp_fourZeroThree(); - return; - } - } - } - - // if we made it this far, we a read and we have permissions to do so, just search the file from the repo - if(file_exists("$repo_base/$repo.git/$newloc")) { - error_log("would ask $repo for $repo.git/$newloc from $repo_base/$repo.git/$newloc"); - $fh = fopen("$repo_base/$repo.git/$newloc", "rb"); - - error_log("pushing file"); - while(!feof($fh)) { - echo fread($fh, 8192); - } - } else { - //echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE"; - gwvp_fourZeroFour(); - return; - } - -} - - -function gwvp_gitBackendInterface_old() -{ - global $BASE_URL; - - $repo_base = gwvp_getConfigVal("repodir"); - - $repo = ""; - $newloc = "/"; - if(isset($_REQUEST["q"])) { - $query = $_REQUEST["q"]; - $qspl = explode("/", $query); - $repo = $qspl[1]; - for($i=2; $i < count($qspl); $i++) { - $newloc .= "/".$qspl[$i]; - } - } - - $actual_repo_name = preg_replace("/\.git$/", "", $repo); - - $user = gwvp_checkBasicAuthLogin(); - - if(!$user) { - error_log("User is set to false, so its anonymouse"); - } else { - error_log("user is $user"); - } - - // must remember that $user of false is anonymous when we code gwvp_repoPerm'sCheck() - if(!gwvp_repoPermissionCheck($actual_repo_name, $user)) { - error_log("perms check fails - start auth"); - if(isset($_SERVER["PHP_AUTH_USER"])) { - error_log("have auth - push 403"); - gwvp_fourZeroThree(); - } else { - error_log("push auth"); - gwvp_AskForBasicAuth(); - return; - } - } - - // we need to quite a bit of parsing in here. The "repo" will always be /git/repo.git - // but if we get here from a browser, we need to forward back to a normal repo viewer - // the only way i can think of doing this is to check the useragent for the word "git" - - /* - * here we need to - * 1) figure out the repo its acessing - * 2) figure out the perms on the repo - * 3) determine if its a pull or a push - * - if its a pull, we just serve straight from the fs - * - if its a push, we go thru git-http-backend - * 4) if it requiers auth, we push to auth - * - */ - $agent = "git-unknown"; - $isgitagent = false; - - // tested the user agent bit with jgit from eclipse and normal git... seems to work - if(isset($_SERVER["HTTP_USER_AGENT"])) { - $agent = $_SERVER["HTTP_USER_AGENT"]; - error_log("in git backend with user agent $agent"); - if(stristr($agent, "git")!==false) { - $isgitagent = true; - } - } - - - - /* dont need this code right now - if($isgitagent) echo "GIT: i am a git backened interface for a repo $repo, agent $agent"; - else echo "NOT GIT: i am a git backened interface for a repo $repo, agent $agent"; - */ - - // now we need to rebuild the actual request or do we? - //$basegit = "$BASE_URL/git/something.git"; - //$newloc = preg_replace("/^$basegit/", "", $_SERVER["REQUEST_URI"]); - chdir("$repo_base/$repo"); - exec("/usr/bin/git update-server-info"); - - if($_SERVER["REQUEST_METHOD"] == "POST") { - gwvp_AskForBasicAuth(); - gwvp_callGitBackend($repo); - return; - } - - if(isset($_REQUEST["service"])) { - if($_REQUEST["service"] == "git-receive-pack") { - // we are a write call - we need auth and we're going to the backend proper - gwvp_AskForBasicAuth(); - gwvp_callGitBackend($repo); - return; - } - } - - - if(file_exists("$repo_base/$repo/$newloc")) { - error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc"); - $fh = fopen("$repo_base/$repo/$newloc", "rb"); - - error_log("pushing file"); - while(!feof($fh)) { - echo fread($fh, 8192); - } - } else { - echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE"; - header('HTTP/1.0 404 No Such Thing'); - return; - } -} - -function gwvp_canManageRepo($userid, $repoid) -{ - // only the owner or an admin can do these tasks - error_log("Checking repoid, $repoid against userid $userid"); - - if(gwvp_IsUserAdmin(null, null, $userid)) return true; - if(gwvp_IsRepoOwner($userid, $repoid)) return true; - return false; -} - -function gwvp_callGitBackend($username, $repo) -{ - // this is where things become a nightmare - $fh = fopen('php://input', "r"); - - $ruri = $_SERVER["REQUEST_URI"]; - $strrem = "git/$repo.git"; - $euri = str_replace($strrem, "", $_REQUEST["q"]); - //$euri = preg_replace("/^git\/$repo\.git/", "", $_REQUEST["q"]); - - - - $rmeth = $_SERVER["REQUEST_METHOD"]; - - $qs = ""; - foreach($_REQUEST as $key => $var) { - if($key != "q") { - //error_log("adding, $var from $key"); - if($qs == "") $qs.="$key=$var"; - else $qs.="&$key=$var"; - } - } - - //sleep(2); - - - - // this is where the fun, it ends. - $myoutput = ""; - unset($myoutput); - - // this be nasty! - - // setup env - if(isset($procenv)) unset($procenv); - $procenv["GATEWAY_INTERFACE"] = "CGI/1.1"; - $procenv["PATH_TRANSLATED"] = "/tmp/$repo.git/$euri"; - $procenv["REQUEST_METHOD"] = "$rmeth"; - $procenv["GIT_HTTP_EXPORT_ALL"] = "1"; - $procenv["QUERY_STRING"] = "$qs"; - $procenv["HTTP_USER_AGENT"] = "git/1.7.1"; - $procenv["REMOTE_USER"] = "$username"; - $procenv["REMOTE_ADDR"] = "1.2.3.4"; - $procenv["AUTH_TYPE"] = "Basic"; - - if(isset($_SERVER["CONTENT_TYPE"])) { - $procenv["CONTENT_TYPE"] = $_SERVER["CONTENT_TYPE"]; - } else { - //$procenv["CONTENT_TYPE"] = ""; - } - if(isset($_SERVER["CONTENT_LENGTH"])) { - $procenv["CONTENT_LENGTH"] = $_SERVER["CONTENT_LENGTH"]; - } - - error_log("path trans'd is /tmp/$repo.git/$euri from $ruri with ".$_REQUEST["q"]." $strrem"); - - - - - $pwd = "/tmp/"; - - $proc = proc_open("/usr/lib/git-core/git-http-backend", array(array("pipe","rb"),array("pipe","wb"),array("file","/tmp/err", "a")), $pipes, $pwd, $procenv); - - $untilblank = false; - while(!$untilblank&&!feof($pipes[1])) { - $lines_t = fgets($pipes[1]); - $lines = trim($lines_t); - error_log("got line: $lines"); - if($lines_t == "\r\n") { - $untilblank = true; - error_log("now blank"); - } else header($lines); - if($lines === false) { - error_log("got an unexpexted exit..."); - exit(0); - } - - } - - - $firstline = true; - $continue = true; - - if(!stream_set_blocking($fh,0)) { - error_log("cant set input non-blocking"); - } - - if(!stream_set_blocking($pipes[1],0)) { - error_log("cant set pipe1 non-blocking"); - } - - // i was going to use stream_select, but i feel this works better like this - while($continue) { - // do client - if(!feof($fh)) { - $from_client_data = fread($fh,8192); - if($from_client_data !== false) fwrite($pipes[0], $from_client_data); - fflush($pipes[0]); - //fwrite($fl, $from_client_data); - $client_len = strlen($from_client_data); - } else { - error_log("client end"); - $client_len = 0; - } - - // do cgi - // sometimes, we get a \r\n from the cgi, i do not know why she swallowed the fly, - // but i do know that the fgets for the headers above should have comsued that - if(!feof($pipes[1])) { - $from_cgi_data_t = fread($pipes[1],8192); - $from_cgi_data = $from_cgi_data_t; - - // i dont know if this will solve it... it coudl cause some serious issues elsewhere - // TODO: this is a hack, i need to know why the fgets above doesn consume the \r\n even tho it reads it - // i.e. why the pointer doesnt increment over it, cause the freads above then get them again. - if($firstline) { - if(strlen($from_cgi_data_t)>0) { - // i dont get why this happens, and its very frustrating.. im not sure if its a bug in php - // or something the git-http-backend thing is doing.. - // TODO: find out why this happens - $from_cgi_data = preg_replace("/^\r\n/", "", $from_cgi_data_t); - if(strlen($from_cgi_data)!=strlen($from_cgi_data_t)) { - error_log("MOOOKS - we did trunc"); - } else { - error_log("MOOOKS - we did not trunc"); - } - $firstline = false; - } - } - - if($from_cgi_data !== false) { - echo $from_cgi_data; - flush(); - } - $cgi_len = strlen($from_cgi_data); - } else { - error_log("cgi end"); - $cgi_len = 0; - } - - if(feof($pipes[1])) $continue = false; - else { - if($client_len == 0 && $cgi_len == 0) { - usleep(200000); - error_log("sleep tick"); - } else { - error_log("sizes: $client_len, $cgi_len"); - if($cgi_len > 0) { - error_log("from cgi: \"$from_cgi_data\""); - } - } - } - - } - - - //fclose($fl); - fclose($fh); - fclose($pipes[1]); - fclose($pipes[0]); -} - - - -function gwvp_repoExists($name) -{ - $repo_base = gwvp_getConfigVal("repodir"); - - if(file_exists("$repo_base/$name.git")) return true; - else return false; -} - -// default perms: -// 0 - anyone can clone/read, only owner can write -// 1 - noone can clone/read, repo is visible (i.e. name), only owner can read/write repo -// 2 - only owner can see anything -function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms=0) -{ - $repo_base = gwvp_getConfigVal("repodir"); - - // phew, this works, but i tell you this - bundles arent quite as nice as they should be - if($bundle == null) { - error_log("would create $repo_base/$name.git"); - exec("/usr/bin/git init $repo_base/$name.git --bare > /tmp/gitlog 2>&1"); - chdir("$repo_base/$name.git"); - exec("/usr/bin/git update-server-info"); - } else { - error_log("create via mirror on $repo_base/$name.git"); - exec("/usr/bin/git clone --mirror $bundle $repo_base/$name.git > /tmp/gitlog 2>&1"); - chdir("$repo_base/$name.git"); - exec("/usr/bin/git update-server-info"); - } - - // gwvp_AddRepo($reponame, $repodesc, $repoowner, $defaultperms = 0) - gwvp_AddRepo($name, $desc, $ownerid, $defaultperms); - - return true; -} - -// this funciton returns one of three things, read, visible, write, none -// as -// 0 - none -// 1 - visible -// 2 - read -// 3 - write -// 4 - owner/administrator -function gwvp_resolvRepoPerms($userid, $repoid) -{ - $ownerid = gwvp_getRepoOwner($repoid); - $isadmin = gwvp_IsUserAdmin(null, null, $userid); - - error_log("USerid is $userid, ownerid $ownerid"); - - if($isadmin) return 4; - - if($userid == $ownerid) return 4; - - // now we load the perms table and pray - $repoperms = gwvp_getRepoPermissions($repoid); - $usergroups = gwvp_getGroupsForUser(null, $userid); - - $maxperm = 0; - if($repoperms != false) foreach($repoperms as $perm) { - // need to go thru each perm, then check it agains the user we're trying to figure - // the perms on - switch($perm["type"]) { - case "read": - $permval = 2; - break; - case "visible": - $permval = 1; - break; - case "write": - $permval = 3; - break; - default: - $permval = 0; - } - - // we only var if permval is greater then current - if($permval > $maxperm) { - //error_log("going into check for $maxperm/$permval, ".$perm["ref"]); - if($perm["ref"] == "anon") { - $maxperm = $permval; - } else if($perm["ref"] == "authed") { - $maxperm = $permval; - } else { - // now we do splits - $spl = explode(":", $perm["ref"]); - $idtype = $spl[0]; - $idval = $spl[1]; - if($idtype == "group") { - // function gwvp_IsGroupMember($email, $groupname) - if(gwvp_IsGroupMemberById($userid, $idval)) $maxperm = $permval; - } else if ($idtype == "user") { - //error_log("checking $userid, $idval"); - if($userid == $idval) $maxperm = $permval; - } - } - } - } - - // thats TOTALLY going to work... -_0 we should really write a unit test for this, but thats a bit - // hard given the db req's so for now, we'll leave it as is - return $maxperm; -} - -?> \ No newline at end of file diff --git a/gwvplib/gwvpgitwebservice.php b/gwvplib/gwvpgitwebservice.php new file mode 100644 index 0000000..7c34d9b --- /dev/null +++ b/gwvplib/gwvpgitwebservice.php @@ -0,0 +1,553 @@ +gitload provider loaded on homepage
"; +} + +function gwvp_repoPermissionCheck($repo, $user) +{ + return true; +} + +function gwvp_gitBackendInterface() +{ + // and this is where i re-code the git backend interface from scratch + global $BASE_URL; + + $repo_base = gwvp_getConfigVal("repodir"); + + // TODO: we need to stop passing the repo name around as "repo.git", it needs to be just "repo" + + + /* bizare git problem that ignores 403's or continues on with a push despite them + error_log("FLAP for ".$_SERVER["REQUEST_URI"]); + if(isset($_REQUEST)) { + $dump = print_r($_REQUEST, true); + error_log("FLAP, $dump"); + } + if(isset($_SERVER["PHP_AUTH_USER"])) { + error_log("FLAP: donut hole"); + }*/ + + + + + $repo = ""; + $repoid = false; + $newloc = "/"; + if(isset($_REQUEST["q"])) { + $query = $_REQUEST["q"]; + $qspl = explode("/", $query); + // TODO do this with + $repo = preg_replace("/\.git$/", "", $qspl[1]); + $repoid = gwvp_GetRepoId($repo); + for($i=2; $i < count($qspl); $i++) { + $newloc .= "/".$qspl[$i]; + } + } + + if($repoid == false) { + gwvp_fourZeroFour(); + return; + } + + // we do an update server cause its weird and i cant figure out when it actually needs to happen + chdir("$repo_base/$repo.git"); + exec("/usr/bin/git update-server-info"); + + + // so now we have the repo + // next we determine if this is a read or a write + $write = false; + if(isset($_REQUEST["service"])) { + if($_REQUEST["service"] == "git-receive-pack") { + error_log("got write as receivepack in post"); + $write = true; + } + } + if($_SERVER["REQUEST_METHOD"] == "POST") { + $write = true; + } + // THIS MAY CAUSE ISSUES LATER ON but we do it cause the git client ignores our 403 when it uses git-receive-pack after an auth + // no, this isnt a solution cause auth'd read attempts will come up as writes... + //if(isset($_SERVER["PHP_AUTH_USER"])) { + //$write = true; + //} + + // if its a write, we push for authentication + if($write) { + error_log("is write attempt, ask for login"); + $person = gwvp_checkBasicAuthLogin(); + if($person == false) { + gwvp_AskForBasicAuth(); + return; + } else { + error_log("checking perms for $person against $repoid for repo $repo"); + $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid); + if($perms < 3) { + error_log("perms are $perms and im not allowed"); + gwvp_fourZeroThree(); + exit(0); + } else { + // here we pass to the git backend + error_log("perms are $perms and im allowed"); + gwvp_callGitBackend($person["username"], $repo); + } + } + return; + } + + // if not we figure out the anon permissions for a repo + $perms = gwvp_resolvRepoPerms(-1, $repoid); + + // if they're less then read, we need to then check the user auth permissions + if($perms < 2) { + // we ask for auth + $person = gwvp_checkBasicAuthLogin(); + if($person == false) { + gwvp_AskForBasicAuth(); + return; + } else { + $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid); + if($perms < 3) { + $dump = print_r($person, true); + error_log("in basic read, called 403 for $perms $dump"); + gwvp_fourZeroThree(); + return; + } + } + } + + // if we made it this far, we a read and we have permissions to do so, just search the file from the repo + if(file_exists("$repo_base/$repo.git/$newloc")) { + error_log("would ask $repo for $repo.git/$newloc from $repo_base/$repo.git/$newloc"); + $fh = fopen("$repo_base/$repo.git/$newloc", "rb"); + + error_log("pushing file"); + while(!feof($fh)) { + echo fread($fh, 8192); + } + } else { + //echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE"; + gwvp_fourZeroFour(); + return; + } + +} + + +function gwvp_gitBackendInterface_old() +{ + global $BASE_URL; + + $repo_base = gwvp_getConfigVal("repodir"); + + $repo = ""; + $newloc = "/"; + if(isset($_REQUEST["q"])) { + $query = $_REQUEST["q"]; + $qspl = explode("/", $query); + $repo = $qspl[1]; + for($i=2; $i < count($qspl); $i++) { + $newloc .= "/".$qspl[$i]; + } + } + + $actual_repo_name = preg_replace("/\.git$/", "", $repo); + + $user = gwvp_checkBasicAuthLogin(); + + if(!$user) { + error_log("User is set to false, so its anonymouse"); + } else { + error_log("user is $user"); + } + + // must remember that $user of false is anonymous when we code gwvp_repoPerm'sCheck() + if(!gwvp_repoPermissionCheck($actual_repo_name, $user)) { + error_log("perms check fails - start auth"); + if(isset($_SERVER["PHP_AUTH_USER"])) { + error_log("have auth - push 403"); + gwvp_fourZeroThree(); + } else { + error_log("push auth"); + gwvp_AskForBasicAuth(); + return; + } + } + + // we need to quite a bit of parsing in here. The "repo" will always be /git/repo.git + // but if we get here from a browser, we need to forward back to a normal repo viewer + // the only way i can think of doing this is to check the useragent for the word "git" + + /* + * here we need to + * 1) figure out the repo its acessing + * 2) figure out the perms on the repo + * 3) determine if its a pull or a push + * - if its a pull, we just serve straight from the fs + * - if its a push, we go thru git-http-backend + * 4) if it requiers auth, we push to auth + * + */ + $agent = "git-unknown"; + $isgitagent = false; + + // tested the user agent bit with jgit from eclipse and normal git... seems to work + if(isset($_SERVER["HTTP_USER_AGENT"])) { + $agent = $_SERVER["HTTP_USER_AGENT"]; + error_log("in git backend with user agent $agent"); + if(stristr($agent, "git")!==false) { + $isgitagent = true; + } + } + + + + /* dont need this code right now + if($isgitagent) echo "GIT: i am a git backened interface for a repo $repo, agent $agent"; + else echo "NOT GIT: i am a git backened interface for a repo $repo, agent $agent"; + */ + + // now we need to rebuild the actual request or do we? + //$basegit = "$BASE_URL/git/something.git"; + //$newloc = preg_replace("/^$basegit/", "", $_SERVER["REQUEST_URI"]); + chdir("$repo_base/$repo"); + exec("/usr/bin/git update-server-info"); + + if($_SERVER["REQUEST_METHOD"] == "POST") { + gwvp_AskForBasicAuth(); + gwvp_callGitBackend($repo); + return; + } + + if(isset($_REQUEST["service"])) { + if($_REQUEST["service"] == "git-receive-pack") { + // we are a write call - we need auth and we're going to the backend proper + gwvp_AskForBasicAuth(); + gwvp_callGitBackend($repo); + return; + } + } + + + if(file_exists("$repo_base/$repo/$newloc")) { + error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc"); + $fh = fopen("$repo_base/$repo/$newloc", "rb"); + + error_log("pushing file"); + while(!feof($fh)) { + echo fread($fh, 8192); + } + } else { + echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE"; + header('HTTP/1.0 404 No Such Thing'); + return; + } +} + +function gwvp_canManageRepo($userid, $repoid) +{ + // only the owner or an admin can do these tasks + error_log("Checking repoid, $repoid against userid $userid"); + + if(gwvp_IsUserAdmin(null, null, $userid)) return true; + if(gwvp_IsRepoOwner($userid, $repoid)) return true; + return false; +} + +function gwvp_callGitBackend($username, $repo) +{ + // this is where things become a nightmare + $fh = fopen('php://input', "r"); + + $ruri = $_SERVER["REQUEST_URI"]; + $strrem = "git/$repo.git"; + $euri = str_replace($strrem, "", $_REQUEST["q"]); + //$euri = preg_replace("/^git\/$repo\.git/", "", $_REQUEST["q"]); + + + + $rmeth = $_SERVER["REQUEST_METHOD"]; + + $qs = ""; + foreach($_REQUEST as $key => $var) { + if($key != "q") { + //error_log("adding, $var from $key"); + if($qs == "") $qs.="$key=$var"; + else $qs.="&$key=$var"; + } + } + + //sleep(2); + + + + // this is where the fun, it ends. + $myoutput = ""; + unset($myoutput); + + // this be nasty! + + // setup env + if(isset($procenv)) unset($procenv); + $procenv["GATEWAY_INTERFACE"] = "CGI/1.1"; + $procenv["PATH_TRANSLATED"] = "/tmp/$repo.git/$euri"; + $procenv["REQUEST_METHOD"] = "$rmeth"; + $procenv["GIT_HTTP_EXPORT_ALL"] = "1"; + $procenv["QUERY_STRING"] = "$qs"; + $procenv["HTTP_USER_AGENT"] = "git/1.7.1"; + $procenv["REMOTE_USER"] = "$username"; + $procenv["REMOTE_ADDR"] = "1.2.3.4"; + $procenv["AUTH_TYPE"] = "Basic"; + + if(isset($_SERVER["CONTENT_TYPE"])) { + $procenv["CONTENT_TYPE"] = $_SERVER["CONTENT_TYPE"]; + } else { + //$procenv["CONTENT_TYPE"] = ""; + } + if(isset($_SERVER["CONTENT_LENGTH"])) { + $procenv["CONTENT_LENGTH"] = $_SERVER["CONTENT_LENGTH"]; + } + + error_log("path trans'd is /tmp/$repo.git/$euri from $ruri with ".$_REQUEST["q"]." $strrem"); + + + + + $pwd = "/tmp/"; + + $proc = proc_open("/usr/lib/git-core/git-http-backend", array(array("pipe","rb"),array("pipe","wb"),array("file","/tmp/err", "a")), $pipes, $pwd, $procenv); + + $untilblank = false; + while(!$untilblank&&!feof($pipes[1])) { + $lines_t = fgets($pipes[1]); + $lines = trim($lines_t); + error_log("got line: $lines"); + if($lines_t == "\r\n") { + $untilblank = true; + error_log("now blank"); + } else header($lines); + if($lines === false) { + error_log("got an unexpexted exit..."); + exit(0); + } + + } + + + $firstline = true; + $continue = true; + + if(!stream_set_blocking($fh,0)) { + error_log("cant set input non-blocking"); + } + + if(!stream_set_blocking($pipes[1],0)) { + error_log("cant set pipe1 non-blocking"); + } + + // i was going to use stream_select, but i feel this works better like this + while($continue) { + // do client + if(!feof($fh)) { + $from_client_data = fread($fh,8192); + if($from_client_data !== false) fwrite($pipes[0], $from_client_data); + fflush($pipes[0]); + //fwrite($fl, $from_client_data); + $client_len = strlen($from_client_data); + } else { + error_log("client end"); + $client_len = 0; + } + + // do cgi + // sometimes, we get a \r\n from the cgi, i do not know why she swallowed the fly, + // but i do know that the fgets for the headers above should have comsued that + if(!feof($pipes[1])) { + $from_cgi_data_t = fread($pipes[1],8192); + $from_cgi_data = $from_cgi_data_t; + + // i dont know if this will solve it... it coudl cause some serious issues elsewhere + // TODO: this is a hack, i need to know why the fgets above doesn consume the \r\n even tho it reads it + // i.e. why the pointer doesnt increment over it, cause the freads above then get them again. + if($firstline) { + if(strlen($from_cgi_data_t)>0) { + // i dont get why this happens, and its very frustrating.. im not sure if its a bug in php + // or something the git-http-backend thing is doing.. + // TODO: find out why this happens + $from_cgi_data = preg_replace("/^\r\n/", "", $from_cgi_data_t); + if(strlen($from_cgi_data)!=strlen($from_cgi_data_t)) { + error_log("MOOOKS - we did trunc"); + } else { + error_log("MOOOKS - we did not trunc"); + } + $firstline = false; + } + } + + if($from_cgi_data !== false) { + echo $from_cgi_data; + flush(); + } + $cgi_len = strlen($from_cgi_data); + } else { + error_log("cgi end"); + $cgi_len = 0; + } + + if(feof($pipes[1])) $continue = false; + else { + if($client_len == 0 && $cgi_len == 0) { + usleep(200000); + error_log("sleep tick"); + } else { + error_log("sizes: $client_len, $cgi_len"); + if($cgi_len > 0) { + error_log("from cgi: \"$from_cgi_data\""); + } + } + } + + } + + + //fclose($fl); + fclose($fh); + fclose($pipes[1]); + fclose($pipes[0]); +} + + + +function gwvp_repoExists($name) +{ + $repo_base = gwvp_getConfigVal("repodir"); + + if(file_exists("$repo_base/$name.git")) return true; + else return false; +} + +// default perms: +// 0 - anyone can clone/read, only owner can write +// 1 - noone can clone/read, repo is visible (i.e. name), only owner can read/write repo +// 2 - only owner can see anything +function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms=0) +{ + $repo_base = gwvp_getConfigVal("repodir"); + + // phew, this works, but i tell you this - bundles arent quite as nice as they should be + if($bundle == null) { + error_log("would create $repo_base/$name.git"); + exec("/usr/bin/git init $repo_base/$name.git --bare > /tmp/gitlog 2>&1"); + chdir("$repo_base/$name.git"); + exec("/usr/bin/git update-server-info"); + } else { + error_log("create via mirror on $repo_base/$name.git"); + exec("/usr/bin/git clone --mirror $bundle $repo_base/$name.git > /tmp/gitlog 2>&1"); + chdir("$repo_base/$name.git"); + exec("/usr/bin/git update-server-info"); + } + + // gwvp_AddRepo($reponame, $repodesc, $repoowner, $defaultperms = 0) + gwvp_AddRepo($name, $desc, $ownerid, $defaultperms); + + return true; +} + +// this funciton returns one of three things, read, visible, write, none +// as +// 0 - none +// 1 - visible +// 2 - read +// 3 - write +// 4 - owner/administrator +function gwvp_resolvRepoPerms($userid, $repoid) +{ + $ownerid = gwvp_getRepoOwner($repoid); + $isadmin = gwvp_IsUserAdmin(null, null, $userid); + + error_log("USerid is $userid, ownerid $ownerid"); + + if($isadmin) return 4; + + if($userid == $ownerid) return 4; + + // now we load the perms table and pray + $repoperms = gwvp_getRepoPermissions($repoid); + $usergroups = gwvp_getGroupsForUser(null, $userid); + + $maxperm = 0; + if($repoperms != false) foreach($repoperms as $perm) { + // need to go thru each perm, then check it agains the user we're trying to figure + // the perms on + switch($perm["type"]) { + case "read": + $permval = 2; + break; + case "visible": + $permval = 1; + break; + case "write": + $permval = 3; + break; + default: + $permval = 0; + } + + // we only var if permval is greater then current + if($permval > $maxperm) { + //error_log("going into check for $maxperm/$permval, ".$perm["ref"]); + if($perm["ref"] == "anon") { + $maxperm = $permval; + } else if($perm["ref"] == "authed") { + $maxperm = $permval; + } else { + // now we do splits + $spl = explode(":", $perm["ref"]); + $idtype = $spl[0]; + $idval = $spl[1]; + if($idtype == "group") { + // function gwvp_IsGroupMember($email, $groupname) + if(gwvp_IsGroupMemberById($userid, $idval)) $maxperm = $permval; + } else if ($idtype == "user") { + //error_log("checking $userid, $idval"); + if($userid == $idval) $maxperm = $permval; + } + } + } + } + + // thats TOTALLY going to work... -_0 we should really write a unit test for this, but thats a bit + // hard given the db req's so for now, we'll leave it as is + return $maxperm; +} + +?> \ No newline at end of file diff --git a/gwvplib/gwvplib.php b/gwvplib/gwvplib.php index 9850e97..b1908d5 100644 --- a/gwvplib/gwvplib.php +++ b/gwvplib/gwvplib.php @@ -8,7 +8,7 @@ require_once("gwvpauth.php"); require_once("gwvpsetup.php"); require_once("gwvpdatabase.php"); require_once("gwvpconfig.php"); -require_once("gwvpgitcontrol.php"); +require_once("gwvpgitwebservice.php"); require_once("gwvpinputcheck.php"); require_once("gwvpemail.php"); -- 1.7.0.4