From 37d01ff9d8ea00237fc962045eab68ded41f1ec9 Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Fri, 11 Apr 2014 21:12:54 -0700
Subject: [PATCH] config: make the leading /r/ prefix optional on https?: URLs

Do not require Git clients that set the User-Agent header to a
string containing "git/" (case insensitively) to use the /r/
prefix to access the https?: repository URLs.

This makes for a cleaner user experience.
---
 Girocco/Config.pm |  8 ++++++++
 apache.conf       | 40 ++++++++++++++++++++++++++++++++++------
 2 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/Girocco/Config.pm b/Girocco/Config.pm
index ad6fc86..9ece320 100644
--- a/Girocco/Config.pm
+++ b/Girocco/Config.pm
@@ -255,11 +255,19 @@ our $webadmurl = "http://repo.or.cz";
 our $htmlurl = "http://repo.or.cz/h";
 
 # HTTP URL of the repository collection (undef if N/A)
+# If mod_rewrite is enabled and the sample apache.conf configuration is used
+# (with paths suitably updated), the trailing "/r" is optional for Git clients
+# that send a User-Agent string containing "git/" (case insensitively).
 our $httppullurl = "http://repo.or.cz/r";
 
 # HTTPS push URL of the repository collection (undef if N/A)
 # If this is defined, the openssl command must be available
+# The sample apache.conf configuration requires mod_rewrite be enabled to
+# support https push operations.
 # Normally this should be set to $httppullurl with http: replaced with https:
+# If the sample apache.conf configuration is used (with paths suitably updated),
+# the trailing "/r" is optional for Git clients that send a User-Agent string
+# containing "git/" (case insensitively).
 our $httpspushurl = undef;
 
 # Git URL of the repository collection (undef if N/A)
diff --git a/apache.conf b/apache.conf
index 9e70102..0b92fc9 100644
--- a/apache.conf
+++ b/apache.conf
@@ -51,6 +51,7 @@
 		Order deny,allow
 		Deny from all
 		<Files git-http-backend-verify>
+			Options ExecCGI
 			Allow from all
 		</Files>
 		Satisfy all
@@ -64,9 +65,19 @@
 	# non-smart HTTP requests can be denied directly by the web server
 
 	<IfDefine !SmartHTTPOnly>
-	# These accelerate non-smart HTTP access to loose objects and packs
+	# These accelerate non-smart HTTP access to loose objects and packs with the /r/ prefix
 	AliasMatch ^/r/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$		/srv/git/$1
 	AliasMatch ^/r/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$	/srv/git/$1
+
+	# These accelerate non-smart HTTP access for Git user agents without the /r/ prefix
+	<IfModule rewrite_module>
+			RewriteEngine On
+			RewriteCond %{HTTP_USER_AGENT} git/ [NC]
+			RewriteRule "(?x) ^/((?!r/).*/objects/(?: \
+				(?:[0-9a-f]{2}/[0-9a-f]{38}) | \
+				(?:pack/pack-[0-9a-f]{40}.(?:pack|idx)) ))$" \
+				/srv/git/$1 [L]
+	</IfModule>
 	</IfDefine>
 
 	<IfDefine SmartHTTPOnly>
@@ -74,13 +85,27 @@
 	RewriteEngine On
 	RewriteCond %{REQUEST_METHOD} !^POST$
 	RewriteRule ^/r/.*(?<!/info/refs)$ - [F]
+	RewriteCond %{HTTP_USER_AGENT} git/ [NC]
+	RewriteCond %{REQUEST_METHOD} !^POST$
+	RewriteRule ^/(?!r/).*(?<!/info/refs)$ - [F]
 	RewriteCond %{QUERY_STRING} !(^|&)service=git-(upload|receive)-pack(&|$)
 	RewriteRule ^/r/.*/info/refs$ - [F]
+	RewriteCond %{HTTP_USER_AGENT} git/ [NC]
+	RewriteCond %{QUERY_STRING} !(^|&)service=git-(upload|receive)-pack(&|$)
+	RewriteRule ^/(?!r/).*/info/refs$ - [F]
 	</IfDefine>
 
 	# SetEnv GIT_HTTP_BACKEND_BIN to override Config.pm $git_http_backend_bin
 	ScriptAlias /r/ /home/repo/repomgr/bin/git-http-backend-verify/
 
+	# This allows HTTP access for Git user agents without the /r/ prefix
+	<IfModule rewrite_module>
+			RewriteEngine On
+			RewriteCond %{HTTP_USER_AGENT} git/ [NC]
+			RewriteRule ^/(?!r/)(.*)$ \
+				/home/repo/repomgr/bin/git-http-backend-verify/$1 \
+				[L,H=cgi-script]
+	</IfModule>
 </VirtualHost>
 
 
@@ -111,9 +136,6 @@
 	SSLVerifyDepth 3
 	SSLOptions +FakeBasicAuth +StrictRequire
 	SSLEngine on
-	<Location />
-		SSLRequireSSL
-	</Location>
 
 	# This configuration allows fetching over https without a certificate
 	# while always requiring a certificate for pushing over https
@@ -121,11 +143,17 @@
 	SSLVerifyClient optional
 	RewriteCond %{QUERY_STRING} (^|&)service=git-receive-pack(&|$)
 	RewriteRule ^/r/.*/info/refs$ - [env=client_auth_required:1]
+	RewriteCond %{HTTP_USER_AGENT} git/ [NC]
+	RewriteCond %{QUERY_STRING} (^|&)service=git-receive-pack(&|$)
+	RewriteRule ^/(?!r/).*/info/refs$ - [env=client_auth_required:1]
 	RewriteRule ^/r/.*/git-receive-pack$ - [env=client_auth_required:1]
+	RewriteCond %{HTTP_USER_AGENT} git/ [NC]
+	RewriteRule ^/(?!r/).*/git-receive-pack$ - [env=client_auth_required:1]
 	RewriteCond %{ENV:client_auth_required} 1
 	RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
 	RewriteRule .* %{REQUEST_URI} [R=401]
-	<LocationMatch ^/r/>
+	<Location />
+		SSLRequireSSL
 		Order deny,allow
 		Deny from env=client_auth_required
 		SSLOptions +FakeBasicAuth
@@ -135,7 +163,7 @@
 		Anonymous *
 		Require valid-user
 		Satisfy any
-	</LocationMatch>
+	</Location>
 
 	# *** IMPORTANT ***
 	#
-- 
2.11.4.GIT