search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix URL regexps
[girocco.git] / cgi / Git / RepoCGI.pm
blobec44cd122d97121e465865e4eac70456ac0a932c
1 package Git::RepoCGI;
2
3 use strict;
4 use warnings;
5
6
7 ### Administrativa
8
9 BEGIN {
10 our $VERSION = '0.1';
11 our @ISA = qw(Exporter);
12 our @EXPORT = qw(scrypt html_esc jailed_file
13 filedb_atomic_append filedb_atomic_edit
14 valid_name valid_email valid_repo_url valid_web_url);
15
16 use CGI qw(:standard :escapeHTML -nosticky);
17 use CGI::Util qw(unescape);
18 use CGI::Carp qw(fatalsToBrowser);
19 }
20
21
22 ### RepoCGI object
23
24 sub new {
25 my $class = shift;
26 my ($heading) = @_;
27 my $repo = {};
28
29 $repo->{cgi} = CGI->new;
30
31 print $repo->{cgi}->header(-type=>'text/html', -charset => 'utf-8');
32
33 print <<EOT;
34 <?xml version="1.0" encoding="utf-8"?>
35 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
36 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
37
38 <head>
39 <title>repo.or.cz :: $heading</title>
40 <link rel="stylesheet" type="text/css" href="/gitweb.css"/>
41 <link rel="shortcut icon" href="/git-favicon.png" type="image/png"/>
42 </head>
43
44 <body>
45
46 <div class="page_header">
47 <a href="http://git.or.cz/" title="Git homepage"><img src="/git-logo.png" width="72" height="27" alt="git" style="float:right; border-width:0px;"/></a>
48 <a href="/">repo.or.cz</a>
49 <div class="search">
50 Administration Interface
51 </div>
52 </div>
53
54 <h1>$heading</h1>
55 EOT
56
57 bless $repo, $class;
58 }
59
60 sub DESTROY {
61 my $self = shift;
62 my $cgi = $self->cgi;
63 my $cginame = $cgi->url(-absolute => 1);
64 $cginame =~ s#^/m/##;
65 if ($cginame =~ /^[a-zA-Z0-9_.\/-]+\.cgi$/) {
66 print <<EOT;
67 <div align="right">
68 <a href="http://repo.or.cz/gitweb.cgi/repo.git?a=blob;f=cgi/$cginame">(view source)</a>
69 </div>
70 EOT
71 }
72 print <<EOT;
73 </body>
74 </html>
75 EOT
76 }
77
78 sub cgi {
79 my $self = shift;
80 $self->{cgi};
81 }
82
83 sub err {
84 my $self = shift;
85 print "<p style=\"text-color: red\">@_</p>\n";
86 $self->{err}++;
87 }
88
89 sub err_check {
90 my $self = shift;
91 my $err = $self->{err};
92 $err and print "<p>Operation aborted due to $err errors.</p>\n";
93 $err;
94 }
95
96 sub wparam {
97 my $self = shift;
98 my ($param) = @_;
99 my $val = $self->{cgi}->param($param);
100 $val =~ s/^\s*(.*?)\s*$/$1/;
101 $val;
102 }
103
104
105 ### Random utility functions
106
107 sub scrypt {
108 my ($pwd) = @_;
109 crypt($pwd, join ('', ('.', '/', 2..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
110 }
111
112 sub html_esc {
113 my ($str) = @_;
114 $str =~ s/&/&amp;/g;
115 $str =~ s/</&lt;/g; $str =~ s/>/&gt;/g;
116 $str =~ s/"/&quot;/g;
117 $str;
118 }
119
120 sub jailed_file {
121 my ($filename) = @_;
122 "/home/repo/j/$filename";
123 }
124
125 sub lock_file {
126 my ($path) = @_;
127
128 $path .= '.lock';
129
130 use Errno qw(EEXIST);
131 use Fcntl qw(O_WRONLY O_CREAT O_EXCL);
132 use IO::Handle;
133 my $handle = new IO::Handle;
134
135 unless (sysopen($handle, $path, O_WRONLY|O_CREAT|O_EXCL)) {
136 my $cnt = 0;
137 while (not sysopen($handle, $path, O_WRONLY|O_CREAT|O_EXCL)) {
138 ($! == EEXIST) or die "$path open failed: $!";
139 ($cnt++ < 16) or die "$path open failed: cannot open lockfile";
140 sleep(1);
141 }
142 }
143 # XXX: filedb-specific
144 chmod 0664, $path or die "$path g+w failed: $!";
145
146 $handle;
147 }
148
149 sub unlock_file {
150 my ($path) = @_;
151
152 rename "$path.lock", $path or die "$path unlock failed: $!";
153 }
154
155 sub filedb_atomic_append {
156 my ($file, $line) = @_;
157 my $id = 65536;
158
159 open my $src, $file or die "$file open for reading failed: $!";
160 my $dst = lock_file($file);
161
162 while (<$src>) {
163 my $aid = (split /:/)[2];
164 $id = $aid + 1 if ($aid >= $id);
165
166 print $dst $_ or die "$file(l) write failed: $!";
167 }
168
169 $line =~ s/\\i/$id/g;
170 print $dst "$line\n" or die "$file(l) write failed: $!";
171
172 close $dst or die "$file(l) close failed: $!";
173 close $src;
174
175 unlock_file($file);
176
177 $id;
178 }
179
180 sub filedb_atomic_edit {
181 my ($file, $fn) = @_;
182
183 open my $src, $file or die "$file open for reading failed: $!";
184 my $dst = lock_file($file);
185
186 while (<$src>) {
187 print $dst $fn->($_) or die "$file(l) write failed: $!";
188 }
189
190 close $dst or die "$file(l) close failed: $!";
191 close $src;
192
193 unlock_file($file);
194 }
195
196 # BOTH user AND project name!
197 sub valid_name {
198 $_ = $_[0];
199 /^[a-zA-Z0-9_+-]+$/;
200 }
201 sub valid_email {
202 $_ = $_[0];
203 /^[a-zA-Z0-9+._-]+@[a-zA-Z0-9-.]+$/;
204 }
205 sub valid_web_url {
206 $_ = $_[0];
207 /^http:\/\/[a-zA-Z0-9-.]+(\/[_\%a-zA-Z0-9.\/~-]*)?(#[a-zA-Z0-9._-]+)?$/;
208 }
209 sub valid_repo_url {
210 $_ = $_[0];
211 /^http:\/\/[a-zA-Z0-9-.]+(\/[_\%a-zA-Z0-9.\/~-]*)?$/ or
212 /^git:\/\/[a-zA-Z0-9-.]+(\/[_\%a-zA-Z0-9.\/~-]*)?$/;
213 }
214
215
216 ### Project object
217
218 package Git::RepoCGI::Project;
219
220 BEGIN { use Git::RepoCGI; }
221
222 our %propmap = (
223 url => 'base_url',
224 email => 'owner',
225 desc => 'description',
226 README => 'README',
227 hp => 'homepage',
228 );
229
230 sub _property_path {
231 my $self = shift;
232 my ($name) = @_;
233 $self->{path}.'/'.$name;
234 }
235
236 sub _property_fget {
237 my $self = shift;
238 my ($name) = @_;
239 my $value;
240 $propmap{$name} or die "unknown property: $name";
241 open P, $self->_property_path($propmap{$name}) or return undef;
242 chomp($value = <P>);
243 close P;
244 $value;
245 }
246
247 sub _property_fput {
248 my $self = shift;
249 my ($name, $value) = @_;
250 $propmap{$name} or die "unknown property: $name";
251 open P, '>'.$self->_property_path($propmap{$name}) or die "$name put failed: $!";
252 $value ne '' and print P "$value\n";
253 close P;
254 chmod 0664, $self->_property_path($propmap{$name}) or die "$name chmod failed: $!";
255 }
256
257 sub _properties_load {
258 my $self = shift;
259 foreach my $prop (keys %propmap) {
260 $self->{$prop} = $self->_property_fget($prop);
261 }
262 }
263
264 sub _properties_save {
265 my $self = shift;
266 foreach my $prop (keys %propmap) {
267 $self->_property_fput($prop, $self->{$prop});
268 }
269 }
270
271 sub _nofetch_path {
272 my $self = shift;
273 $self->_property_path('.nofetch');
274 }
275
276 sub _nofetch {
277 my $self = shift;
278 my ($nofetch) = @_;
279 my $np = $self->_nofetch_path;
280 if ($nofetch) {
281 open X, '>'.$np or die "nofetch failed: $!";
282 close X;
283 } else {
284 unlink $np or die "yesfetch failed: $!";
285 }
286 }
287
288 sub _group_add {
289 my $self = shift;
290 my ($xtra) = @_;
291 $xtra .= join(',', @{$self->{users}});
292 filedb_atomic_append(jailed_file('/etc/group'),
293 join(':', $self->{name}, $self->{crypt}, '\i', $xtra));
294 }
295
296 sub _group_update {
297 my $self = shift;
298 my $xtra = join(',', @{$self->{users}});
299 filedb_atomic_edit(jailed_file('/etc/group'),
300 sub {
301 $_ = $_[0];
302 chomp;
303 if ($self->{name} eq (split /:/)[0]) {
304 # preserve readonly flag
305 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
306 return join(':', $self->{name}, $self->{crypt}, $self->{gid}, $xtra)."\n";
307 } else {
308 return "$_\n";
309 }
310 }
311 );
312 }
313
314 sub _hook_path {
315 my $self = shift;
316 my ($name) = @_;
317 $self->{path}.'/hooks/'.$name;
318 }
319
320 sub _hook_install {
321 my $self = shift;
322 my ($name) = @_;
323 open SRC, "/home/repo/repomgr/$name-hook" or die "cannot open hook $name: $!";
324 open DST, '>'.$self->_hook_path($name) or die "cannot open hook $name for writing: $!";
325 while (<SRC>) { print DST $_; }
326 close DST;
327 close SRC;
328 chmod 0775, $self->_hook_path($name) or die "cannot chmod hook $name: $!";
329 }
330
331 sub _hooks_install {
332 my $self = shift;
333 foreach my $hook ('update') {
334 $self->_hook_install($hook);
335 }
336 }
337
338 # private constructor, do not use
339 sub _new {
340 my $class = shift;
341 my ($name, $path) = @_;
342 valid_name($name) or die "refusing to create project with invalid name ($name)!";
343 my $proj = { name => $name, path => $path };
344
345 bless $proj, $class;
346 }
347
348 # public constructor #0
349 # creates a virtual project not connected to disk image
350 # you can conjure() it later to disk
351 sub ghost {
352 my $class = shift;
353 my ($name, $mirror) = @_;
354 my $self = $class->_new($name, $mirror ? "/home/repo/repodata/to-clone/$name" : "/srv/git/$name.git");
355 $self->{users} = [];
356 $self->{mirror} = $mirror;
357 $self;
358 }
359
360 # public constructor #1
361 sub load {
362 my $class = shift;
363 my ($name) = @_;
364
365 open F, jailed_file("/etc/group") or die "project load failed: $!";
366 while (<F>) {
367 chomp;
368 @_ = split /:+/;
369 next unless (shift eq $name);
370
371 my $self = $class->_new($name, "/srv/git/$name.git");
372 (-d $self->{path}) or die "invalid path (".$self->{path}.") for project ".$self->{name};
373
374 my $ulist;
375 ($self->{crypt}, $self->{gid}, $ulist) = @_;
376 $ulist ||= '';
377 $self->{users} = [split /,/, $ulist];
378 $self->{mirror} = ! -e $self->_nofetch_path;
379
380 $self->_properties_load;
381 return $self;
382 }
383 close F;
384 undef;
385 }
386
387 # $proj may not be in sane state if this returns false!
388 sub cgi_fill {
389 my $self = shift;
390 my ($repo) = @_;
391 my $cgi = $repo->cgi;
392
393 my $pwd = $cgi->param('pwd');
394 if ($pwd ne '' or not $self->{crypt}) {
395 $self->{crypt} = scrypt($pwd);
396 }
397
398 $self->{email} = $repo->wparam('email');
399 valid_email($self->{email})
400 or $repo->err("Your email sure looks weird...?");
401
402 $self->{url} = $repo->wparam('url');
403 if ($self->{url}) {
404 valid_repo_url($self->{url})
405 or $repo->err("Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.");
406 }
407
408 $self->{desc} = $repo->wparam('desc');
409 length($self->{desc}) <= 1024
410 or $repo->err("<b>Short</b> description length > 1kb!");
411
412 $self->{README} = $repo->wparam('README');
413 length($self->{README}) <= 8192
414 or $repo->err("README length > 8kb!");
415
416 $self->{hp} = $repo->wparam('hp');
417 if ($self->{hp}) {
418 valid_web_url($self->{hp})
419 or $repo->err("Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
420 }
421
422 # FIXME: Permit only existing users
423 $self->{users} = [grep { valid_name($_) } $cgi->param('user')];
424
425 not $repo->err_check;
426 }
427
428 sub form_defaults {
429 my $self = shift;
430 (
431 name => $self->{name},
432 email => $self->{email},
433 url => $self->{url},
434 desc => html_esc($self->{desc}),
435 README => html_esc($self->{README}),
436 hp => $self->{hp},
437 users => $self->{users},
438 );
439 }
440
441 sub premirror {
442 my $self = shift;
443
444 mkdir $self->{path} or die "mkdir failed: $!";
445 chmod 0775, $self->{path} or die "chmod failed: $!";
446 $self->_properties_save;
447 $self->_group_add(':');
448 }
449
450 sub conjure {
451 my $self = shift;
452
453 system('cg-admin-setuprepo', '-g', 'repo', $self->{path}) == 0
454 or die "cg-admin-setuprepo failed: $?";
455 $self->_nofetch(1);
456 $self->_properties_save;
457 $self->_group_add;
458 $self->_hooks_install;
459 }
460
461 sub update {
462 my $self = shift;
463
464 $self->_properties_save;
465 $self->_group_update;
466 }
467
468 # static method
469 sub does_exist {
470 my ($name) = @_;
471 valid_name($name) or die "tried to query for project with invalid name $name!";
472 (available($name)
473 or -d "/home/repo/repodata/cloning/$name"
474 or -d "/home/repo/repodata/to-clone/$name");
475 }
476 sub available {
477 my ($name) = @_;
478 valid_name($name) or die "tried to query for project with invalid name $name!";
479 (-d "/srv/git/$name.git");
480 }
481
482
483 ### User object
484
485 package Git::RepoCGI::User;
486
487 BEGIN { use Git::RepoCGI; }
488
489 sub _passwd_add {
490 my $self = shift;
491 filedb_atomic_append(jailed_file('/etc/passwd'),
492 join(':', $self->{name}, 'x', '\i', 65536, $self->{email}, '/', '/bin/git-shell'));
493 }
494
495 sub _sshkey_path {
496 my $self = shift;
497 '/etc/sshkeys/'.$self->{name};
498 }
499
500 sub _sshkey_save {
501 my $self = shift;
502 open F, ">".jailed_file($self->_sshkey_path) or die "sshkey failed: $!";
503 print F $self->{keys}."\n";
504 close F;
505 chmod 0664, jailed_file($self->_sshkey_path);
506 }
507
508 # private constructor, do not use
509 sub _new {
510 my $class = shift;
511 my ($name) = @_;
512 valid_name($name) or die "refusing to create user with invalid name ($name)!";
513 my $proj = { name => $name };
514
515 bless $proj, $class;
516 }
517
518 # public constructor #0
519 # creates a virtual user not connected to disk record
520 # you can conjure() it later to disk
521 sub ghost {
522 my $class = shift;
523 my ($name) = @_;
524 my $self = $class->_new($name);
525 $self;
526 }
527
528 # $user may not be in sane state if this returns false!
529 sub cgi_fill {
530 my $self = shift;
531 my ($repo) = @_;
532 my $cgi = $repo->cgi;
533
534 $self->{name} = $repo->wparam('name');
535 valid_name($self->{name})
536 or $repo->err("Name contains invalid characters.");
537
538 $self->{email} = $repo->wparam('email');
539 valid_email($self->{email})
540 or $repo->err("Your email sure looks weird...?");
541
542 $self->{keys} = $cgi->param('keys');
543 length($self->{keys}) <= 4096
544 or $repo->err("The list of keys is more than 4kb. Do you really need that much?");
545
546 not $repo->err_check;
547 }
548
549 sub conjure {
550 my $self = shift;
551
552 $self->_passwd_add;
553 $self->_sshkey_save;
554 }
555
556 # static method
557 sub does_exist {
558 my ($name) = @_;
559 valid_name($name) or die "tried to query for user with invalid name $name!";
560 (-e jailed_file("/etc/sshkeys/$name"));
561 }
562 sub available {
563 does_exist(@_);
564 }
565
566
567 1;
The repo.or.cz duct tape "Girocco"