Fix permissions/ownership for push-hosted projects

[girocco.git] / cgi / regproj.cgi

#!/usr/bin/perl
# (c) Petr Baudis <pasky@suse.cz>
# GPLv2

use strict;
use warnings;
use CGI qw(:standard :escapeHTML -nosticky);
use CGI::Util qw(unescape);
use CGI::Carp qw(fatalsToBrowser);

my $cgi = CGI->new;

print $cgi->header(-type=>'text/html', -charset => 'utf-8');

print "<html><head><title>Git Project Registration</title></head>\n";
print "<body><h1>Register Project</h1></body>\n";

sub scrypt {
  my ($pwd) = @_;
  crypt($pwd, join ('', ('.', '/', 2..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
}

sub save_proj_data {
  my ($path, $url, $email, $desc) = @_;
  open F, ">$path/base_url" or die "base_url failed: $!"; print F "$url\n"; close F;
  open F, ">$path/owner" or die "owner failed: $!"; print F "$email\n"; close F;
  open F, ">$path/description" or die "desc failed: $!"; print F "$desc\n"; close F;
}

sub add_group {
  my ($name, $pwd, $xtra) = @_;
  my $gid = 65536;
  # racy!
  open F, "/home/repo/j/etc/group" or die "group failed: $!";
  while (<F>) {
    my $agid = (split /:/)[2];
    $gid = $agid + 1 if ($agid >= $gid);
  }
  close F;
  open F, ">>/home/repo/j/etc/group" or die "group append failed: $!";
  print F "$name:".scrypt($pwd).":$gid:$xtra\n";
  close F;
  $gid;
}

sub setup_push {
  my ($name, $pwd, $email, $url, $desc) = @_;
  system("cg-admin-setuprepo -g repo /srv/git/$name.git") == 0 or die "cg-admin-setuprepo failed: $?";
  open X, ">/srv/git/$name.git/.nofetch" or die "nofetch failed: $!"; close X;
  save_proj_data("/srv/git/$name.git", $url, $email, $desc);
  chmod 0664, map { "/srv/git/$name.git/$_" } qw(base_url owner description);
  add_group($name, $pwd, '');
  print "<p>";
  print "Project successfuly set up. ";
  print "You can <a href=\"p/editproj.pl\">assign users</a> now (use project name as username, admin password as password). ";
  print "You need to <a href=\"reguser.pl\">register a user</a> first if you have not done so yet. ";
  print "(One user can have push access to multiple projects and multiple users can have push access to one project.)";
  print "</p>\n";
  print "<p>You may experience permission problems if you try to push right now. If so, that should get fixed automagically in few minutes.</p>\n";
  print "<p>Enjoy yourself!</p>\n";
  print "</body></html>\n";
}

sub setup_mirror {
  my ($name, $pwd, $email, $url, $desc) = @_;
  mkdir "/home/repo/repodata/to-clone/$name" or die "mkdir failed: $!";
  save_proj_data("/home/repo/repodata/to-clone/$name", $url, $email, $desc);
  chmod 0775, "/home/repo/repodata/to-clone/$name" or die "chmod failed: $!";
  add_group($name, $pwd, ':');
  print "<p>Initiated mirroring. You will be notified by mail about results.</p>\n";
  print "</body></html>\n";
}

if ($cgi->param('name')) {
  # submitted, let's see
  # FIXME: racy, do a lock
  my $err = 0;
  sub err { print "<p style=\"text-color: red\">@_</p>\n"; $err++; }
  my $name = $cgi->param('name'); $name =~ s/^\s*(.*?)\s*$/$1/;
  my $desc = $cgi->param('desc'); $desc =~ s/^\s*(.*?)\s*$/$1/;
  my $email = $cgi->param('email'); $email =~ s/^\s*(.*?)\s*$/$1/;
  my $url = $cgi->param('url'); $url =~ s/^\s*(.*?)\s*$/$1/;
  my $pwd = $cgi->param('pwd');
  $name =~ /^[a-zA-Z0-9_+-]+$/
    or err "Name contains invalid characters.";
  (-d "/srv/git/$name.git" or -d "/home/repo/repodata/cloning/$name" or -d "/home/repo/repodata/to-clone/$name")
    and err "Project with that name already exists.";
  if ($url) {
    $url =~ /^http:\/\/[a-zA-Z0-9-.]+\/[_\%a-zA-Z0-9.\/~-]+$/ or
    $url =~ /^git:\/\/[a-zA-Z0-9-.]+\/[_\%a-zA-Z0-9.\/~-]+$/
      or err "Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.";
  } else {
    $cgi->param('mode') eq 'mirror'
      and err "Missing URL.";
  }
  $email =~ /^[a-zA-Z0-9+._-]+@[a-zA-Z0-9-.]+$/
    or err "Your email sure looks weird...?";
  length($desc) <= 1024
    or err "<b>Short</b> description length > 1kb!";
  if ($err) {
    print "<p>Registration aborted due to $err errors.</p>\n";
  } else {
    if ($cgi->param('mode') eq 'mirror') {
      setup_mirror($name, $pwd, $email, $url, $desc);
    } elsif ($cgi->param('mode') eq 'push') {
      setup_push($name, $pwd, $email, $url, $desc);
    }
    exit;
  }
}

print "<p>Here you can register a project. It can be hosted in two modes: mirror mode and push mode. In the first mode, we will check another repository at a given URL each hour and mirror any new updates. In the second mode, registered users with appropriate permissions will be able to push to the repository. You currently cannot switch freely between those two modes; if you want to switch an existing project, please contact the administrator.</p>\n";
print "<p>You will need the admin password to adjust project settings later (mirroring URL, list of users allowed to push, project description, ...). Use the project name as the username when asked by the browser.</p>\n";
print "<p>By submitting this form, you are confirming that the repository contains only free software and redistributing it does not violate any law of Czech Republic. Have fun!</p>\n";
print "<form method=\"post\">\n";
print "<p>Project name (w/o the .git suffix): <input type=\"text\" name=\"name\" /></p>\n";
print "<p>Admin password: <input type=\"password\" name=\"pwd\" /></p>\n";
print "<p>E-mail contact: <input type=\"text\" name=\"email\" /></p>\n";
print "<p>Description: <input type=\"text\" name=\"desc\" /></p>\n";
print "<p>Hosting mode:</p><ul>\n";
print "<li><input type=\"radio\" name=\"mode\" value=\"mirror\" />Mirror mode. Repository URL: <input type=\"text\" name=\"url\" /></li>\n";
print "<li><input type=\"radio\" name=\"mode\" value=\"push\" />Push mode.</li></ul>\n";
print "<p><input type=\"submit\" name=\"y0\" value=\"Register\" /></p>\n";
print "</form>\n";
print "</body></html>\n";