search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Cloning design overhaul - daemon instead of cronjobs
[girocco.git] / Girocco / Project.pm
bloba396160e99ff7a8727a463e140177e21eace36a3
1 package Girocco::Project;
2
3 use strict;
4 use warnings;
5
6 BEGIN {
7 use Girocco::CGI;
8 use Girocco::User;
9 use Girocco::Util;
10 use Girocco::ProjPerm;
11 use Girocco::Config;
12 use base ('Girocco::ProjPerm::'.$Girocco::Config::permission_control); # mwahaha
13 }
14
15 sub _mkdir_forkees {
16 my $self = shift;
17 my @pelems = split('/', $self->{name});
18 pop @pelems; # do not create dir for the project itself
19 my $path = $self->{base_path};
20 foreach my $pelem (@pelems) {
21 $path .= "/$pelem";
22 (-d "$path") or mkdir $path or die "mkdir $path: $!";
23 chmod 0775, $path; # ok if fails (dir may already exist and be owned by someone else)
24 }
25 }
26
27 our %propmap = (
28 url => 'base_url',
29 email => 'owner',
30 desc => 'description',
31 README => 'README.html',
32 hp => 'homepage',
33 );
34
35 sub _property_path {
36 my $self = shift;
37 my ($name) = @_;
38 $self->{path}.'/'.$name;
39 }
40
41 sub _property_fget {
42 my $self = shift;
43 my ($name) = @_;
44 $propmap{$name} or die "unknown property: $name";
45 open P, $self->_property_path($propmap{$name}) or return undef;
46 my @value = <P>;
47 close P;
48 my $value = join('', @value); chomp $value;
49 $value;
50 }
51
52 sub _property_fput {
53 my $self = shift;
54 my ($name, $value) = @_;
55 $propmap{$name} or die "unknown property: $name";
56 $value ||= '';
57
58 my $P = lock_file($self->_property_path($propmap{$name}));
59 $value ne '' and print $P "$value\n";
60 close $P;
61 unlock_file($self->_property_path($propmap{$name}));
62 }
63
64 sub _properties_load {
65 my $self = shift;
66 foreach my $prop (keys %propmap) {
67 $self->{$prop} = $self->_property_fget($prop);
68 }
69 }
70
71 sub _properties_save {
72 my $self = shift;
73 foreach my $prop (keys %propmap) {
74 $self->_property_fput($prop, $self->{$prop});
75 }
76 }
77
78 sub _nofetch_path {
79 my $self = shift;
80 $self->_property_path('.nofetch');
81 }
82
83 sub _nofetch {
84 my $self = shift;
85 my ($nofetch) = @_;
86 my $np = $self->_nofetch_path;
87 if ($nofetch) {
88 open X, '>'.$np or die "nofetch failed: $!";
89 close X;
90 } else {
91 unlink $np or die "yesfetch failed: $!";
92 }
93 }
94
95 sub _alternates_setup {
96 my $self = shift;
97 return unless $self->{name} =~ m#/#;
98 my $forkee_name = get_forkee_name($self->{name});
99 my $forkee_path = get_forkee_path($self->{name});
100 return unless -d $forkee_path;
101 mkdir $self->{path}.'/refs'; chmod 0775, $self->{path}.'/refs';
102 mkdir $self->{path}.'/objects'; chmod 0775, $self->{path}.'/objects';
103 mkdir $self->{path}.'/objects/info'; chmod 0775, $self->{path}.'/objects/info';
104
105 # We set up both alternates and http_alternates since we cannot use
106 # relative path in alternates - that doesn't work recursively.
107
108 my $filename = $self->{path}.'/objects/info/alternates';
109 open X, '>'.$filename or die "alternates failed: $!";
110 print X "$forkee_path/objects\n";
111 close X;
112 chmod 0664, $filename or warn "cannot chmod $filename: $!";
113
114 if ($Girocco::Config::httppullurl) {
115 $filename = $self->{path}.'/objects/info/http-alternates';
116 open X, '>'.$filename or die "http-alternates failed: $!";
117 my $upfork = $forkee_name;
118 do { print X "$Girocco::Config::httppullurl/$upfork.git/objects\n"; } while ($upfork =~ s#/?.+?$## and $upfork); #
119 close X;
120 chmod 0664, $filename or warn "cannot chmod $filename: $!";
121 }
122
123 symlink "$forkee_path/refs", $self->{path}.'/refs/forkee';
124 }
125
126 sub _ctags_setup {
127 my $self = shift;
128 mkdir $self->{path}.'/ctags'; chmod 01777, $self->{path}.'/ctags';
129 }
130
131 sub _group_add {
132 my $self = shift;
133 my ($xtra) = @_;
134 $xtra .= join(',', @{$self->{users}});
135 filedb_atomic_append(jailed_file('/etc/group'),
136 join(':', $self->{name}, $self->{crypt}, '\i', $xtra));
137 }
138
139 sub _group_update {
140 my $self = shift;
141 my $xtra = join(',', @{$self->{users}});
142 filedb_atomic_edit(jailed_file('/etc/group'),
143 sub {
144 $_ = $_[0];
145 chomp;
146 if ($self->{name} eq (split /:/)[0]) {
147 # preserve readonly flag
148 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
149 return join(':', $self->{name}, $self->{crypt}, $self->{gid}, $xtra)."\n";
150 } else {
151 return "$_\n";
152 }
153 }
154 );
155 }
156
157 sub _group_remove {
158 my $self = shift;
159 filedb_atomic_edit(jailed_file('/etc/group'),
160 sub {
161 $self->{name} ne (split /:/)[0] and return $_;
162 }
163 );
164 }
165
166 sub _hook_path {
167 my $self = shift;
168 my ($name) = @_;
169 $self->{path}.'/hooks/'.$name;
170 }
171
172 sub _hook_install {
173 my $self = shift;
174 my ($name) = @_;
175 open SRC, "$Girocco::Config::basedir/$name-hook" or die "cannot open hook $name: $!";
176 open DST, '>'.$self->_hook_path($name) or die "cannot open hook $name for writing: $!";
177 while (<SRC>) { print DST $_; }
178 close DST;
179 close SRC;
180 chmod 0775, $self->_hook_path($name) or die "cannot chmod hook $name: $!";
181 }
182
183 sub _hooks_install {
184 my $self = shift;
185 foreach my $hook ('update') {
186 $self->_hook_install($hook);
187 }
188 }
189
190 # private constructor, do not use
191 sub _new {
192 my $class = shift;
193 my ($name, $base_path, $path) = @_;
194 valid_name($name) or die "refusing to create project with invalid name ($name)!";
195 $path ||= "$base_path/$name.git";
196 my $proj = { name => $name, base_path => $base_path, path => $path };
197
198 bless $proj, $class;
199 }
200
201 # public constructor #0
202 # creates a virtual project not connected to disk image
203 # you can conjure() it later to disk
204 sub ghost {
205 my $class = shift;
206 my ($name, $mirror) = @_;
207 my $self = $class->_new($name, $Girocco::Config::reporoot);
208 $self->{users} = [];
209 $self->{mirror} = $mirror;
210 $self;
211 }
212
213 # public constructor #1
214 sub load {
215 my $class = shift;
216 my ($name) = @_;
217
218 open F, jailed_file("/etc/group") or die "project load failed: $!";
219 while (<F>) {
220 chomp;
221 @_ = split /:+/;
222 next unless (shift eq $name);
223
224 my $self = $class->_new($name, $Girocco::Config::reporoot);
225 (-d $self->{path}) or die "invalid path (".$self->{path}.") for project ".$self->{name};
226
227 my $ulist;
228 ($self->{crypt}, $self->{gid}, $ulist) = @_;
229 $ulist ||= '';
230 $self->{users} = [split /,/, $ulist];
231 $self->{orig_users} = [@{$self->{users}}];
232 $self->{mirror} = ! -e $self->_nofetch_path;
233 $self->{ccrypt} = $self->{crypt};
234
235 $self->_properties_load;
236 return $self;
237 }
238 close F;
239 undef;
240 }
241
242 # $proj may not be in sane state if this returns false!
243 sub cgi_fill {
244 my $self = shift;
245 my ($gcgi) = @_;
246 my $cgi = $gcgi->cgi;
247
248 my $pwd = $cgi->param('pwd');
249 if ($pwd ne '' or not $self->{crypt}) {
250 $self->{crypt} = scrypt($pwd);
251 }
252
253 if ($cgi->param('pwd2') and $pwd ne $cgi->param('pwd2')) {
254 $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
255 }
256
257 $self->{cpwd} = $cgi->param('cpwd');
258
259 $self->{email} = $gcgi->wparam('email');
260 valid_email($self->{email})
261 or $gcgi->err("Your email sure looks weird...?");
262
263 $self->{url} = $gcgi->wparam('url');
264 if ($self->{url}) {
265 valid_repo_url($self->{url})
266 or $gcgi->err("Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.");
267 }
268
269 $self->{desc} = $gcgi->wparam('desc');
270 length($self->{desc}) <= 1024
271 or $gcgi->err("<b>Short</b> description length &gt; 1kb!");
272
273 $self->{README} = $gcgi->wparam('README');
274 length($self->{README}) <= 8192
275 or $gcgi->err("README length &gt; 8kb!");
276
277 $self->{hp} = $gcgi->wparam('hp');
278 if ($self->{hp}) {
279 valid_web_url($self->{hp})
280 or $gcgi->err("Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
281 }
282
283 # FIXME: Permit only existing users
284 $self->{users} = [grep { Girocco::User::valid_name($_) } $cgi->param('user')];
285
286 not $gcgi->err_check;
287 }
288
289 sub form_defaults {
290 my $self = shift;
291 (
292 name => $self->{name},
293 email => $self->{email},
294 url => $self->{url},
295 desc => html_esc($self->{desc}),
296 README => html_esc($self->{README}),
297 hp => $self->{hp},
298 users => $self->{users},
299 );
300 }
301
302 sub authenticate {
303 my $self = shift;
304 my ($gcgi) = @_;
305
306 $self->{ccrypt} or die "Can't authenticate against a project with no password";
307 $self->{cpwd} or $gcgi->err("No password entered.");
308 unless ($self->{ccrypt} eq crypt($self->{cpwd}, $self->{ccrypt})) {
309 $gcgi->err("Your admin password does not match!");
310 return 0;
311 }
312 return 1;
313 }
314
315 sub _setup {
316 my $self = shift;
317 my ($pushers) = @_;
318
319 $self->_mkdir_forkees;
320
321 mkdir($self->{path}) or die "mkdir $self->{path} failed: $!";
322 my $gid = scalar(getgrnam($Girocco::Config::owning_group));
323 chown(-1, $gid, $self->{path}) or die "chgrp $gid $self->{path} failed: $!";
324 chmod(02775, $self->{path}) or die "chmod 2775 $self->{path} failed: $!";
325 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'init', '--bare', '--shared='.$self->shared_mode()) == 0
326 or die "git init $self->{path} failed: $?";
327 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', 'receive.denyNonFastforwards', 'false') == 0
328 or die "disabling receive.denyNonFastforwards failed: $?";
329
330 $self->_properties_save;
331 $self->_alternates_setup;
332 $self->_ctags_setup;
333 $self->_group_add($pushers);
334 $self->_hooks_install;
335 $self->perm_initialize;
336 }
337
338 sub premirror {
339 my $self = shift;
340
341 $self->_setup(':');
342 }
343
344 sub conjure {
345 my $self = shift;
346
347 $self->_setup;
348 $self->_nofetch(1);
349 }
350
351 sub clone {
352 my $self = shift;
353
354 use IO::Socket;
355 my $sock = IO::Socket::UNIX->new('/tmp/girocco.cloned') or die "cannot connect to girocco.cloned: $!";
356 $sock->print($self->{name}.".git\n");
357 # Just ignore reply, we are going to succeed anyway and the I/O
358 # would apparently get quite hairy.
359 $sock->flush();
360 sleep 2; # *cough*
361 $sock->close();
362 }
363
364 sub update {
365 my $self = shift;
366
367 $self->_properties_save;
368 $self->_group_update;
369
370 my @users_add = grep { $a = $_; not scalar grep { $a eq $_ } $self->{orig_users} } $self->{users};
371 my @users_del = grep { $a = $_; not scalar grep { $a eq $_ } $self->{users} } $self->{orig_users};
372 $self->perm_user_add($_, Girocco::User::resolve_uid($_)) foreach (@users_add);
373 $self->perm_user_del($_, Girocco::User::resolve_uid($_)) foreach (@users_del);
374 }
375
376 sub update_password {
377 my $self = shift;
378 my ($pwd) = @_;
379
380 $self->{crypt} = scrypt($pwd);
381 $self->_group_update;
382 }
383
384 # You can explicitly do this just on a ghost() repository too.
385 sub delete {
386 my $self = shift;
387
388 if (-d $self->{path}) {
389 system('rm', '-rf', $self->{path}) == 0
390 or die "rm -rf $self->{path} failed: $?";
391 }
392 $self->_group_remove;
393 }
394
395 sub has_forks {
396 my $self = shift;
397
398 return glob($Girocco::Config::reporoot.'/'.$self->{name}.'/*');
399 }
400
401
402 ### static methods
403
404 sub get_forkee_name {
405 $_ = $_[0];
406 (m#^(.*)/.*?$#)[0]; #
407 }
408 sub get_forkee_path {
409 my $forkee = $Girocco::Config::reporoot.'/'.get_forkee_name($_[0]).'.git';
410 -d $forkee ? $forkee : '';
411 }
412
413 sub valid_name {
414 $_ = $_[0];
415 (not m#/# or -d get_forkee_path($_)) # will also catch ^/
416 and (not m#\./#)
417 and (not m#/$#)
418 and m#^[a-zA-Z0-9+./_-]+$#;
419 }
420
421 sub does_exist {
422 my ($name) = @_;
423 valid_name($name) or die "tried to query for project with invalid name $name!";
424 available($name);
425 }
426 sub available {
427 my ($name) = @_;
428 valid_name($name) or die "tried to query for project with invalid name $name!";
429 (-d $Girocco::Config::reporoot."/$name.git");
430 }
431
432
433 1;
The repo.or.cz duct tape "Girocco"