search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Set receive.denyNonFastforwards to false when creating new projects
[girocco/ztw.git] / cgi / Git / RepoCGI.pm
blob061163d53927df3de7214d0c4dbd305ef12dcccd
1 package Git::RepoCGI;
2
3 use strict;
4 use warnings;
5
6
7 ### Administrativa
8
9 BEGIN {
10 our $VERSION = '0.1';
11 our @ISA = qw(Exporter);
12 our @EXPORT = qw(scrypt html_esc jailed_file
13 lock_file unlock_file
14 filedb_atomic_append filedb_atomic_edit
15 proj_get_forkee_name proj_get_forkee_path
16 valid_proj_name valid_user_name valid_email valid_repo_url valid_web_url);
17
18 use CGI qw(:standard :escapeHTML -nosticky);
19 use CGI::Util qw(unescape);
20 use CGI::Carp qw(fatalsToBrowser);
21 }
22
23
24 ### RepoCGI object
25
26 sub new {
27 my $class = shift;
28 my ($heading) = @_;
29 my $repo = {};
30
31 $repo->{cgi} = CGI->new;
32
33 print $repo->{cgi}->header(-type=>'text/html', -charset => 'utf-8');
34
35 print <<EOT;
36 <?xml version="1.0" encoding="utf-8"?>
37 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
38 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
39
40 <head>
41 <title>repo.or.cz :: $heading</title>
42 <link rel="stylesheet" type="text/css" href="/gitweb.css"/>
43 <link rel="shortcut icon" href="/git-favicon.png" type="image/png"/>
44 </head>
45
46 <body>
47
48 <div class="page_header">
49 <a href="http://git.or.cz/" title="Git homepage"><img src="/git-logo.png" width="72" height="27" alt="git" style="float:right; border-width:0px;"/></a>
50 <a href="/">repo.or.cz</a> / administration / $heading
51 </div>
52
53 EOT
54
55 bless $repo, $class;
56 }
57
58 sub DESTROY {
59 my $self = shift;
60 my $cgi = $self->cgi;
61 my $cginame = $cgi->url(-absolute => 1);
62 $cginame =~ s#^/m/##;
63 if ($cginame =~ /^[a-zA-Z0-9_.\/-]+\.cgi$/) {
64 print <<EOT;
65 <div align="right">
66 <a href="http://repo.or.cz/w/repo.git?a=blob;f=cgi/$cginame">(view source)</a>
67 </div>
68 EOT
69 }
70 print <<EOT;
71 </body>
72 </html>
73 EOT
74 }
75
76 sub cgi {
77 my $self = shift;
78 $self->{cgi};
79 }
80
81 sub err {
82 my $self = shift;
83 print "<p style=\"text-color: red\">@_</p>\n";
84 $self->{err}++;
85 }
86
87 sub err_check {
88 my $self = shift;
89 my $err = $self->{err};
90 $err and print "<p>Operation aborted due to $err errors.</p>\n";
91 $err;
92 }
93
94 sub wparam {
95 my $self = shift;
96 my ($param) = @_;
97 my $val = $self->{cgi}->param($param);
98 $val =~ s/^\s*(.*?)\s*$/$1/;
99 $val;
100 }
101
102
103 ### Random utility functions
104
105 sub scrypt {
106 my ($pwd) = @_;
107 crypt($pwd, join ('', ('.', '/', 2..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
108 }
109
110 sub html_esc {
111 my ($str) = @_;
112 $str =~ s/&/&amp;/g;
113 $str =~ s/</&lt;/g; $str =~ s/>/&gt;/g;
114 $str =~ s/"/&quot;/g;
115 $str;
116 }
117
118 sub jailed_file {
119 my ($filename) = @_;
120 "/home/repo/j/$filename";
121 }
122
123 sub lock_file {
124 my ($path) = @_;
125
126 $path .= '.lock';
127
128 use Errno qw(EEXIST);
129 use Fcntl qw(O_WRONLY O_CREAT O_EXCL);
130 use IO::Handle;
131 my $handle = new IO::Handle;
132
133 unless (sysopen($handle, $path, O_WRONLY|O_CREAT|O_EXCL)) {
134 my $cnt = 0;
135 while (not sysopen($handle, $path, O_WRONLY|O_CREAT|O_EXCL)) {
136 ($! == EEXIST) or die "$path open failed: $!";
137 ($cnt++ < 16) or die "$path open failed: cannot open lockfile";
138 sleep(1);
139 }
140 }
141 # XXX: filedb-specific
142 chmod 0664, $path or die "$path g+w failed: $!";
143
144 $handle;
145 }
146
147 sub unlock_file {
148 my ($path) = @_;
149
150 rename "$path.lock", $path or die "$path unlock failed: $!";
151 }
152
153 sub filedb_atomic_append {
154 my ($file, $line) = @_;
155 my $id = 65536;
156
157 open my $src, $file or die "$file open for reading failed: $!";
158 my $dst = lock_file($file);
159
160 while (<$src>) {
161 my $aid = (split /:/)[2];
162 $id = $aid + 1 if ($aid >= $id);
163
164 print $dst $_ or die "$file(l) write failed: $!";
165 }
166
167 $line =~ s/\\i/$id/g;
168 print $dst "$line\n" or die "$file(l) write failed: $!";
169
170 close $dst or die "$file(l) close failed: $!";
171 close $src;
172
173 unlock_file($file);
174
175 $id;
176 }
177
178 sub filedb_atomic_edit {
179 my ($file, $fn) = @_;
180
181 open my $src, $file or die "$file open for reading failed: $!";
182 my $dst = lock_file($file);
183
184 while (<$src>) {
185 print $dst $fn->($_) or die "$file(l) write failed: $!";
186 }
187
188 close $dst or die "$file(l) close failed: $!";
189 close $src;
190
191 unlock_file($file);
192 }
193
194 sub proj_get_forkee_name {
195 $_ = $_[0];
196 (m#^(.*)/.*?$#)[0];
197 }
198 sub proj_get_forkee_path {
199 my $forkee = '/srv/git/'.proj_get_forkee_name($_[0]).'.git';
200 -d $forkee ? $forkee : '';
201 }
202 sub valid_proj_name {
203 $_ = $_[0];
204 (not m#/# or -d proj_get_forkee_path($_)) # will also catch ^/
205 and (not m#\./#)
206 and (not m#/$#)
207 and m#^[a-zA-Z0-9+./_-]+$#;
208 }
209 sub valid_user_name {
210 $_ = $_[0];
211 /^[a-zA-Z0-9+._-]+$/;
212 }
213 sub valid_email {
214 $_ = $_[0];
215 /^[a-zA-Z0-9+._-]+@[a-zA-Z0-9-.]+$/;
216 }
217 sub valid_web_url {
218 $_ = $_[0];
219 /^http:\/\/[a-zA-Z0-9-.]+(\/[_\%a-zA-Z0-9.\/~-]*)?(#[a-zA-Z0-9._-]+)?$/;
220 }
221 sub valid_repo_url {
222 $_ = $_[0];
223 /^http:\/\/[a-zA-Z0-9-.]+(\/[_\%a-zA-Z0-9.\/~-]*)?$/ or
224 /^git:\/\/[a-zA-Z0-9-.]+(\/[_\%a-zA-Z0-9.\/~-]*)?$/;
225 }
226
227
228 ### Project object
229
230 package Git::RepoCGI::Project;
231
232 BEGIN { use Git::RepoCGI; }
233
234 sub _mkdir_forkees {
235 my $self = shift;
236 my @pelems = split('/', $self->{name});
237 pop @pelems; # do not create dir for the project itself
238 my $path = $self->{base_path};
239 foreach my $pelem (@pelems) {
240 $path .= "/$pelem";
241 (-d "$path") or mkdir $path or die "mkdir $path: $!";
242 chmod 0775, $path; # ok if fails (dir may already exist and be owned by someone else)
243 }
244 }
245
246 our %propmap = (
247 url => 'base_url',
248 email => 'owner',
249 desc => 'description',
250 README => 'README.html',
251 hp => 'homepage',
252 );
253
254 sub _property_path {
255 my $self = shift;
256 my ($name) = @_;
257 $self->{path}.'/'.$name;
258 }
259
260 sub _property_fget {
261 my $self = shift;
262 my ($name) = @_;
263 my $value;
264 $propmap{$name} or die "unknown property: $name";
265 open P, $self->_property_path($propmap{$name}) or return undef;
266 chomp($value = <P>);
267 close P;
268 $value;
269 }
270
271 sub _property_fput {
272 my $self = shift;
273 my ($name, $value) = @_;
274 $propmap{$name} or die "unknown property: $name";
275
276 my $P = lock_file($self->_property_path($propmap{$name}));
277 $value ne '' and print $P "$value\n";
278 close $P;
279 unlock_file($self->_property_path($propmap{$name}));
280 }
281
282 sub _properties_load {
283 my $self = shift;
284 foreach my $prop (keys %propmap) {
285 $self->{$prop} = $self->_property_fget($prop);
286 }
287 }
288
289 sub _properties_save {
290 my $self = shift;
291 foreach my $prop (keys %propmap) {
292 $self->_property_fput($prop, $self->{$prop});
293 }
294 }
295
296 sub _nofetch_path {
297 my $self = shift;
298 $self->_property_path('.nofetch');
299 }
300
301 sub _nofetch {
302 my $self = shift;
303 my ($nofetch) = @_;
304 my $np = $self->_nofetch_path;
305 if ($nofetch) {
306 open X, '>'.$np or die "nofetch failed: $!";
307 close X;
308 } else {
309 unlink $np or die "yesfetch failed: $!";
310 }
311 }
312
313 sub _alternates_setup {
314 my $self = shift;
315 return unless $self->{name} =~ m#/#;
316 my $forkee_name = proj_get_forkee_name($self->{name});
317 my $forkee_path = proj_get_forkee_path($self->{name});
318 return unless -d $forkee_path;
319 mkdir $self->{path}.'/refs'; chmod 0775, $self->{path}.'/refs';
320 mkdir $self->{path}.'/objects'; chmod 0775, $self->{path}.'/objects';
321 mkdir $self->{path}.'/objects/info'; chmod 0775, $self->{path}.'/objects/info';
322 my $filename = $self->{path}.'/objects/info/alternates';
323 open X, '>'.$filename or die "alternates failed: $!";
324 # We use relative URL here so that http-fetch groks it automagically.
325 $forkee_name =~ s#^.*/##; # Only the last element of the path matters, again.
326 print X "../../../$forkee_name.git/objects\n";
327 close X;
328 chmod 0664, $filename or warn "cannot chmod $filename: $!";
329 symlink "../../../$forkee_name.git/refs", $self->{path}.'/refs/forkee';
330 }
331
332 sub _group_add {
333 my $self = shift;
334 my ($xtra) = @_;
335 $xtra .= join(',', @{$self->{users}});
336 filedb_atomic_append(jailed_file('/etc/group'),
337 join(':', $self->{name}, $self->{crypt}, '\i', $xtra));
338 }
339
340 sub _group_update {
341 my $self = shift;
342 my $xtra = join(',', @{$self->{users}});
343 filedb_atomic_edit(jailed_file('/etc/group'),
344 sub {
345 $_ = $_[0];
346 chomp;
347 if ($self->{name} eq (split /:/)[0]) {
348 # preserve readonly flag
349 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
350 return join(':', $self->{name}, $self->{crypt}, $self->{gid}, $xtra)."\n";
351 } else {
352 return "$_\n";
353 }
354 }
355 );
356 }
357
358 sub _group_remove {
359 my $self = shift;
360 filedb_atomic_edit(jailed_file('/etc/group'),
361 sub {
362 $self->{name} ne (split /:/)[0] and return $_;
363 }
364 );
365 }
366
367 sub _hook_path {
368 my $self = shift;
369 my ($name) = @_;
370 $self->{path}.'/hooks/'.$name;
371 }
372
373 sub _hook_install {
374 my $self = shift;
375 my ($name) = @_;
376 open SRC, "/home/repo/repomgr/$name-hook" or die "cannot open hook $name: $!";
377 open DST, '>'.$self->_hook_path($name) or die "cannot open hook $name for writing: $!";
378 while (<SRC>) { print DST $_; }
379 close DST;
380 close SRC;
381 chmod 0775, $self->_hook_path($name) or die "cannot chmod hook $name: $!";
382 }
383
384 sub _hooks_install {
385 my $self = shift;
386 foreach my $hook ('update') {
387 $self->_hook_install($hook);
388 }
389 }
390
391 # private constructor, do not use
392 sub _new {
393 my $class = shift;
394 my ($name, $base_path, $path) = @_;
395 valid_proj_name($name) or die "refusing to create project with invalid name ($name)!";
396 $path ||= "$base_path/$name.git";
397 my $proj = { name => $name, base_path => $base_path, path => $path };
398
399 bless $proj, $class;
400 }
401
402 # public constructor #0
403 # creates a virtual project not connected to disk image
404 # you can conjure() it later to disk
405 sub ghost {
406 my $class = shift;
407 my ($name, $mirror) = @_;
408 my $self = $class->_new($name, $mirror ? "/home/repo/repodata/to-clone" : "/srv/git",
409 $mirror ? "/home/repo/repodata/to-clone/$name" : "/srv/git/$name.git");
410 $self->{users} = [];
411 $self->{mirror} = $mirror;
412 $self;
413 }
414
415 # public constructor #1
416 sub load {
417 my $class = shift;
418 my ($name) = @_;
419
420 open F, jailed_file("/etc/group") or die "project load failed: $!";
421 while (<F>) {
422 chomp;
423 @_ = split /:+/;
424 next unless (shift eq $name);
425
426 my $self = $class->_new($name, "/srv/git");
427 (-d $self->{path}) or die "invalid path (".$self->{path}.") for project ".$self->{name};
428
429 my $ulist;
430 ($self->{crypt}, $self->{gid}, $ulist) = @_;
431 $ulist ||= '';
432 $self->{users} = [split /,/, $ulist];
433 $self->{mirror} = ! -e $self->_nofetch_path;
434
435 $self->_properties_load;
436 return $self;
437 }
438 close F;
439 undef;
440 }
441
442 # $proj may not be in sane state if this returns false!
443 sub cgi_fill {
444 my $self = shift;
445 my ($repo) = @_;
446 my $cgi = $repo->cgi;
447
448 my $pwd = $cgi->param('pwd');
449 if ($pwd ne '' or not $self->{crypt}) {
450 $self->{crypt} = scrypt($pwd);
451 }
452
453 $self->{email} = $repo->wparam('email');
454 valid_email($self->{email})
455 or $repo->err("Your email sure looks weird...?");
456
457 $self->{url} = $repo->wparam('url');
458 if ($self->{url}) {
459 valid_repo_url($self->{url})
460 or $repo->err("Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.");
461 }
462
463 $self->{desc} = $repo->wparam('desc');
464 length($self->{desc}) <= 1024
465 or $repo->err("<b>Short</b> description length > 1kb!");
466
467 $self->{README} = $repo->wparam('README');
468 length($self->{README}) <= 8192
469 or $repo->err("README length > 8kb!");
470
471 $self->{hp} = $repo->wparam('hp');
472 if ($self->{hp}) {
473 valid_web_url($self->{hp})
474 or $repo->err("Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
475 }
476
477 # FIXME: Permit only existing users
478 $self->{users} = [grep { valid_user_name($_) } $cgi->param('user')];
479
480 not $repo->err_check;
481 }
482
483 sub form_defaults {
484 my $self = shift;
485 (
486 name => $self->{name},
487 email => $self->{email},
488 url => $self->{url},
489 desc => html_esc($self->{desc}),
490 README => html_esc($self->{README}),
491 hp => $self->{hp},
492 users => $self->{users},
493 );
494 }
495
496 sub premirror {
497 my $self = shift;
498
499 $self->_mkdir_forkees;
500 mkdir $self->{path} or die "mkdir failed: $!";
501 chmod 0775, $self->{path} or die "chmod failed: $!";
502 $self->_properties_save;
503 $self->_alternates_setup;
504 $self->_group_add(':');
505 }
506
507 sub conjure {
508 my $self = shift;
509
510 $self->_mkdir_forkees;
511 system('cg-admin-setuprepo', '-g', 'repo', $self->{path}) == 0
512 or die "cg-admin-setuprepo failed: $?";
513 system('git', '--git-dir='.$self->{path}, 'config', 'receive.denyNonFastforwards', 'false');
514 $self->_nofetch(1);
515 $self->_properties_save;
516 $self->_alternates_setup;
517 $self->_group_add;
518 $self->_hooks_install;
519 }
520
521 sub update {
522 my $self = shift;
523
524 $self->_properties_save;
525 $self->_group_update;
526 }
527
528 # You can explicitly do this just on a ghost() repository too.
529 sub delete {
530 my $self = shift;
531
532 if (-d $self->{path}) {
533 system('rm', '-r', $self->{path}) == 0
534 or die "rm -r failed: $?";
535 }
536 $self->_group_remove;
537 }
538
539 # static method
540 sub does_exist {
541 my ($name) = @_;
542 valid_proj_name($name) or die "tried to query for project with invalid name $name!";
543 (available($name)
544 or -d "/home/repo/repodata/cloning/$name"
545 or -d "/home/repo/repodata/to-clone/$name");
546 }
547 sub available {
548 my ($name) = @_;
549 valid_proj_name($name) or die "tried to query for project with invalid name $name!";
550 (-d "/srv/git/$name.git");
551 }
552
553
554 ### User object
555
556 package Git::RepoCGI::User;
557
558 BEGIN { use Git::RepoCGI; }
559
560 sub _passwd_add {
561 my $self = shift;
562 filedb_atomic_append(jailed_file('/etc/passwd'),
563 join(':', $self->{name}, 'x', '\i', 65534, $self->{email}, '/', '/bin/git-shell'));
564 }
565
566 sub _sshkey_path {
567 my $self = shift;
568 '/etc/sshkeys/'.$self->{name};
569 }
570
571 sub _sshkey_save {
572 my $self = shift;
573 open F, ">".jailed_file($self->_sshkey_path) or die "sshkey failed: $!";
574 print F $self->{keys}."\n";
575 close F;
576 chmod 0664, jailed_file($self->_sshkey_path);
577 }
578
579 # private constructor, do not use
580 sub _new {
581 my $class = shift;
582 my ($name) = @_;
583 valid_user_name($name) or die "refusing to create user with invalid name ($name)!";
584 my $proj = { name => $name };
585
586 bless $proj, $class;
587 }
588
589 # public constructor #0
590 # creates a virtual user not connected to disk record
591 # you can conjure() it later to disk
592 sub ghost {
593 my $class = shift;
594 my ($name) = @_;
595 my $self = $class->_new($name);
596 $self;
597 }
598
599 # $user may not be in sane state if this returns false!
600 sub cgi_fill {
601 my $self = shift;
602 my ($repo) = @_;
603 my $cgi = $repo->cgi;
604
605 $self->{name} = $repo->wparam('name');
606 valid_user_name($self->{name})
607 or $repo->err("Name contains invalid characters.");
608
609 $self->{email} = $repo->wparam('email');
610 valid_email($self->{email})
611 or $repo->err("Your email sure looks weird...?");
612
613 $self->{keys} = $cgi->param('keys');
614 length($self->{keys}) <= 4096
615 or $repo->err("The list of keys is more than 4kb. Do you really need that much?");
616
617 not $repo->err_check;
618 }
619
620 sub conjure {
621 my $self = shift;
622
623 $self->_passwd_add;
624 $self->_sshkey_save;
625 }
626
627 # static method
628 sub does_exist {
629 my ($name) = @_;
630 valid_user_name($name) or die "tried to query for user with invalid name $name!";
631 (-e jailed_file("/etc/sshkeys/$name"));
632 }
633 sub available {
634 does_exist(@_);
635 }
636
637
638 1;
cleanup, watchpoints, and more