search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gitweb: Use pre-generated project list instead of find
[girocco.git] / Girocco / Project.pm
blobe30b53a22854a1940cfa604b04073fbb82a17386
1 package Girocco::Project;
2
3 use strict;
4 use warnings;
5
6 BEGIN {
7 use Girocco::CGI;
8 use Girocco::User;
9 use Girocco::Util;
10 use Girocco::ProjPerm;
11 use Girocco::Config;
12 use base ('Girocco::ProjPerm::'.$Girocco::Config::permission_control); # mwahaha
13 }
14
15 our $metadata_fields = {
16 homepage => ['Homepage URL', 'hp', 'text'],
17 shortdesc => ['Short description', 'desc', 'text'],
18 README => ['README (HTML, lt 8kb)', 'README', 'textarea'],
19 };
20
21 sub _mkdir_forkees {
22 my $self = shift;
23 my @pelems = split('/', $self->{name});
24 pop @pelems; # do not create dir for the project itself
25 my $path = $self->{base_path};
26 foreach my $pelem (@pelems) {
27 $path .= "/$pelem";
28 (-d "$path") or mkdir $path or die "mkdir $path: $!";
29 chmod 0775, $path; # ok if fails (dir may already exist and be owned by someone else)
30 }
31 }
32
33 our %propmap = (
34 url => ':baseurl',
35 email => ':owner',
36 desc => 'description',
37 README => 'README.html',
38 hp => ':homepage',
39 );
40
41 sub _property_path {
42 my $self = shift;
43 my ($name) = @_;
44 $self->{path}.'/'.$name;
45 }
46
47 sub _property_fget {
48 my $self = shift;
49 my ($name) = @_;
50 my $pname = $propmap{$name};
51 $pname or die "unknown property: $name";
52 if ($pname =~ s/^://) {
53 return `git --git-dir="$self->{path}" config "gitweb.$pname"`
54 }
55
56 open P, $self->_property_path($pname) or return undef;
57 my @value = <P>;
58 close P;
59 my $value = join('', @value); chomp $value;
60 $value;
61 }
62
63 sub _property_fput {
64 my $self = shift;
65 my ($name, $value) = @_;
66 my $pname = $propmap{$name};
67 $pname or die "unknown property: $name";
68 $value ||= '';
69 if ($pname =~ s/^://) {
70 return `git --git-dir="$self->{path}" config "gitweb.$pname" "$value"`
71 }
72
73 my $P = lock_file($self->_property_path($pname));
74 $value ne '' and print $P "$value\n";
75 close $P;
76 unlock_file($self->_property_path($pname));
77 }
78
79 sub _properties_load {
80 my $self = shift;
81 foreach my $prop (keys %propmap) {
82 $self->{$prop} = $self->_property_fget($prop);
83 }
84 }
85
86 sub _properties_save {
87 my $self = shift;
88 foreach my $prop (keys %propmap) {
89 $self->_property_fput($prop, $self->{$prop});
90 }
91 }
92
93 sub _nofetch_path {
94 my $self = shift;
95 $self->_property_path('.nofetch');
96 }
97
98 sub _nofetch {
99 my $self = shift;
100 my ($nofetch) = @_;
101 my $np = $self->_nofetch_path;
102 if ($nofetch) {
103 open X, '>'.$np or die "nofetch failed: $!";
104 close X;
105 } else {
106 unlink $np or die "yesfetch failed: $!";
107 }
108 }
109
110 sub _clonelog_path {
111 my $self = shift;
112 $self->_property_path('.clonelog');
113 }
114
115 sub _clonefail_path {
116 my $self = shift;
117 $self->_property_path('.clone_failed');
118 }
119
120 sub _clonep_path {
121 my $self = shift;
122 $self->_property_path('.clone_in_progress');
123 }
124
125 sub _clonep {
126 my $self = shift;
127 my ($nofetch) = @_;
128 my $np = $self->_clonep_path;
129 if ($nofetch) {
130 open X, '>'.$np or die "clonep failed: $!";
131 close X;
132 } else {
133 unlink $np or die "clonef failed: $!";
134 }
135 }
136 sub _alternates_setup {
137 my $self = shift;
138 return unless $self->{name} =~ m#/#;
139 my $forkee_name = get_forkee_name($self->{name});
140 my $forkee_path = get_forkee_path($self->{name});
141 return unless -d $forkee_path;
142 mkdir $self->{path}.'/refs'; chmod 0775, $self->{path}.'/refs';
143 mkdir $self->{path}.'/objects'; chmod 0775, $self->{path}.'/objects';
144 mkdir $self->{path}.'/objects/info'; chmod 0775, $self->{path}.'/objects/info';
145
146 # We set up both alternates and http_alternates since we cannot use
147 # relative path in alternates - that doesn't work recursively.
148
149 my $filename = $self->{path}.'/objects/info/alternates';
150 open X, '>'.$filename or die "alternates failed: $!";
151 print X "$forkee_path/objects\n";
152 close X;
153 chmod 0664, $filename or warn "cannot chmod $filename: $!";
154
155 if ($Girocco::Config::httppullurl) {
156 $filename = $self->{path}.'/objects/info/http-alternates';
157 open X, '>'.$filename or die "http-alternates failed: $!";
158 my $upfork = $forkee_name;
159 do { print X "$Girocco::Config::httppullurl/$upfork.git/objects\n"; } while ($upfork =~ s#/?.+?$## and $upfork); #
160 close X;
161 chmod 0664, $filename or warn "cannot chmod $filename: $!";
162 }
163
164 # The symlink is problematic since git remote prune will traverse it.
165 #symlink "$forkee_path/refs", $self->{path}.'/refs/forkee';
166 }
167
168 sub _ctags_setup {
169 my $self = shift;
170 mkdir $self->{path}.'/ctags'; chmod 01777, $self->{path}.'/ctags';
171 }
172
173 sub _group_add {
174 my $self = shift;
175 my ($xtra) = @_;
176 $xtra .= join(',', @{$self->{users}});
177 filedb_atomic_append(jailed_file('/etc/group'),
178 join(':', $self->{name}, $self->{crypt}, '\i', $xtra));
179 }
180
181 sub _group_update {
182 my $self = shift;
183 my $xtra = join(',', @{$self->{users}});
184 filedb_atomic_edit(jailed_file('/etc/group'),
185 sub {
186 $_ = $_[0];
187 chomp;
188 if ($self->{name} eq (split /:/)[0]) {
189 # preserve readonly flag
190 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
191 return join(':', $self->{name}, $self->{crypt}, $self->{gid}, $xtra)."\n";
192 } else {
193 return "$_\n";
194 }
195 }
196 );
197 }
198
199 sub _group_remove {
200 my $self = shift;
201 filedb_atomic_edit(jailed_file('/etc/group'),
202 sub {
203 $self->{name} ne (split /:/)[0] and return $_;
204 }
205 );
206 }
207
208 sub _hook_path {
209 my $self = shift;
210 my ($name) = @_;
211 $self->{path}.'/hooks/'.$name;
212 }
213
214 sub _hook_install {
215 my $self = shift;
216 my ($name) = @_;
217 open SRC, "$Girocco::Config::basedir/$name-hook" or die "cannot open hook $name: $!";
218 open DST, '>'.$self->_hook_path($name) or die "cannot open hook $name for writing: $!";
219 while (<SRC>) { print DST $_; }
220 close DST;
221 close SRC;
222 chmod 0775, $self->_hook_path($name) or die "cannot chmod hook $name: $!";
223 }
224
225 sub _hooks_install {
226 my $self = shift;
227 foreach my $hook ('update') {
228 $self->_hook_install($hook);
229 }
230 }
231
232 # private constructor, do not use
233 sub _new {
234 my $class = shift;
235 my ($name, $base_path, $path) = @_;
236 valid_name($name) or die "refusing to create project with invalid name ($name)!";
237 $path ||= "$base_path/$name.git";
238 my $proj = { name => $name, base_path => $base_path, path => $path };
239
240 bless $proj, $class;
241 }
242
243 # public constructor #0
244 # creates a virtual project not connected to disk image
245 # you can conjure() it later to disk
246 sub ghost {
247 my $class = shift;
248 my ($name, $mirror) = @_;
249 my $self = $class->_new($name, $Girocco::Config::reporoot);
250 $self->{users} = [];
251 $self->{mirror} = $mirror;
252 $self;
253 }
254
255 # public constructor #1
256 sub load {
257 my $class = shift;
258 my ($name) = @_;
259
260 open F, jailed_file("/etc/group") or die "project load failed: $!";
261 while (<F>) {
262 chomp;
263 @_ = split /:+/;
264 next unless (shift eq $name);
265
266 my $self = $class->_new($name, $Girocco::Config::reporoot);
267 (-d $self->{path}) or die "invalid path (".$self->{path}.") for project ".$self->{name};
268
269 my $ulist;
270 ($self->{crypt}, $self->{gid}, $ulist) = @_;
271 $ulist ||= '';
272 $self->{users} = [split /,/, $ulist];
273 $self->{orig_users} = [@{$self->{users}}];
274 $self->{mirror} = ! -e $self->_nofetch_path;
275 $self->{clone_in_progress} = -e $self->_clonep_path;
276 $self->{clone_logged} = -e $self->_clonelog_path;
277 $self->{clone_failed} = -e $self->_clonefail_path;
278 $self->{ccrypt} = $self->{crypt};
279
280 $self->_properties_load;
281 return $self;
282 }
283 close F;
284 undef;
285 }
286
287 # $proj may not be in sane state if this returns false!
288 sub cgi_fill {
289 my $self = shift;
290 my ($gcgi) = @_;
291 my $cgi = $gcgi->cgi;
292
293 my ($pwd, $pwd2) = ($cgi->param('pwd'), $cgi->param('pwd2'));
294 $pwd ||= ''; $pwd2 ||= ''; # in case passwords are disabled
295 if ($pwd or not $self->{crypt}) {
296 $self->{crypt} = scrypt($pwd);
297 }
298
299 if ($pwd2 and $pwd ne $pwd2) {
300 $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
301 }
302
303 $self->{cpwd} = $cgi->param('cpwd');
304
305 if ($Girocco::Config::project_owners eq 'email') {
306 $self->{email} = $gcgi->wparam('email');
307 valid_email($self->{email})
308 or $gcgi->err("Your email sure looks weird...?");
309 }
310
311 $self->{url} = $gcgi->wparam('url');
312 if ($self->{url}) {
313 valid_repo_url($self->{url})
314 or $gcgi->err("Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.");
315 }
316
317 $self->{desc} = $gcgi->wparam('desc');
318 length($self->{desc}) <= 1024
319 or $gcgi->err("<b>Short</b> description length &gt; 1kb!");
320
321 $self->{README} = $gcgi->wparam('README');
322 length($self->{README}) <= 8192
323 or $gcgi->err("README length &gt; 8kb!");
324
325 $self->{hp} = $gcgi->wparam('hp');
326 if ($self->{hp}) {
327 valid_web_url($self->{hp})
328 or $gcgi->err("Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
329 }
330
331 # FIXME: Permit only existing users
332 $self->{users} = [grep { Girocco::User::valid_name($_) } $cgi->param('user')];
333
334 not $gcgi->err_check;
335 }
336
337 sub form_defaults {
338 my $self = shift;
339 (
340 name => $self->{name},
341 email => $self->{email},
342 url => $self->{url},
343 desc => html_esc($self->{desc}),
344 README => html_esc($self->{README}),
345 hp => $self->{hp},
346 users => $self->{users},
347 );
348 }
349
350 sub authenticate {
351 my $self = shift;
352 my ($gcgi) = @_;
353
354 $self->{ccrypt} or die "Can't authenticate against a project with no password";
355 $self->{cpwd} ||= '';
356 unless ($self->{ccrypt} eq crypt($self->{cpwd}, $self->{ccrypt})) {
357 $gcgi->err("Your admin password does not match!");
358 return 0;
359 }
360 return 1;
361 }
362
363 sub _setup {
364 my $self = shift;
365 my ($pushers) = @_;
366
367 $self->_mkdir_forkees;
368
369 mkdir($self->{path}) or die "mkdir $self->{path} failed: $!";
370 if ($Girocco::Config::owning_group) {
371 my $gid = scalar(getgrnam($Girocco::Config::owning_group));
372 chown(-1, $gid, $self->{path}) or die "chgrp $gid $self->{path} failed: $!";
373 chmod(02775, $self->{path}) or die "chmod 2775 $self->{path} failed: $!";
374 } else {
375 chmod(02777, $self->{path}) or die "chmod 2777 $self->{path} failed: $!";
376 }
377 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'init', '--bare', '--shared='.$self->shared_mode()) == 0
378 or die "git init $self->{path} failed: $?";
379 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', 'receive.denyNonFastforwards', 'false') == 0
380 or die "disabling receive.denyNonFastforwards failed: $?";
381 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', 'gc.auto', '0') == 0
382 or die "disabling gc.auto failed: $?";
383
384 # /info must have right permissions even before the fixup job,
385 # and git init didn't do it for some reason.
386 if ($Girocco::Config::owning_group) {
387 chmod(02775, $self->{path}."/info") or die "chmod 2775 $self->{path}/info failed: $!";
388 } else {
389 chmod(02777, $self->{path}."/info") or die "chmod 2777 $self->{path}/info failed: $!";
390 }
391
392 $self->_properties_save;
393 $self->_alternates_setup;
394 $self->_ctags_setup;
395 $self->_group_add($pushers);
396 $self->_hooks_install;
397 $self->perm_initialize;
398 system($Girocco::Config::basedir . '/gitweb/genindex.sh');
399 }
400
401 sub premirror {
402 my $self = shift;
403
404 $self->_setup(':');
405 $self->_clonep(1);
406 }
407
408 sub conjure {
409 my $self = shift;
410
411 $self->_setup;
412 $self->_nofetch(1);
413 }
414
415 sub clone {
416 my $self = shift;
417
418 unlink ($self->_clonefail_path()); # Ignore EEXIST error
419
420 use IO::Socket;
421 my $sock = IO::Socket::UNIX->new('/tmp/girocco.cloned') or die "cannot connect to girocco.cloned: $!";
422 $sock->print($self->{name}.".git\n");
423 # Just ignore reply, we are going to succeed anyway and the I/O
424 # would apparently get quite hairy.
425 $sock->flush();
426 sleep 2; # *cough*
427 $sock->close();
428 }
429
430 sub update {
431 my $self = shift;
432
433 $self->_properties_save;
434 $self->_group_update;
435
436 my @users_add = grep { $a = $_; not scalar grep { $a eq $_ } $self->{orig_users} } $self->{users};
437 my @users_del = grep { $a = $_; not scalar grep { $a eq $_ } $self->{users} } $self->{orig_users};
438 $self->perm_user_add($_, Girocco::User::resolve_uid($_)) foreach (@users_add);
439 $self->perm_user_del($_, Girocco::User::resolve_uid($_)) foreach (@users_del);
440
441 1;
442 }
443
444 sub update_password {
445 my $self = shift;
446 my ($pwd) = @_;
447
448 $self->{crypt} = scrypt($pwd);
449 $self->_group_update;
450 }
451
452 # You can explicitly do this just on a ghost() repository too.
453 sub delete {
454 my $self = shift;
455
456 if (-d $self->{path}) {
457 system('rm', '-rf', $self->{path}) == 0
458 or die "rm -rf $self->{path} failed: $?";
459 }
460 $self->_group_remove;
461 }
462
463 sub has_forks {
464 my $self = shift;
465
466 return glob($Girocco::Config::reporoot.'/'.$self->{name}.'/*');
467 }
468
469
470 ### static methods
471
472 sub get_forkee_name {
473 $_ = $_[0];
474 (m#^(.*)/.*?$#)[0]; #
475 }
476 sub get_forkee_path {
477 my $forkee = $Girocco::Config::reporoot.'/'.get_forkee_name($_[0]).'.git';
478 -d $forkee ? $forkee : '';
479 }
480
481 sub valid_name {
482 $_ = $_[0];
483 (not m#/# or -d get_forkee_path($_)) # will also catch ^/
484 and (not m#\./#)
485 and (not m#/$#)
486 and m#^[a-zA-Z0-9+./_-]+$#;
487 }
488
489 sub does_exist {
490 my ($name) = @_;
491 valid_name($name) or die "tried to query for project with invalid name $name!";
492 available($name);
493 }
494 sub available {
495 my ($name) = @_;
496 valid_name($name) or die "tried to query for project with invalid name $name!";
497 (-d $Girocco::Config::reporoot."/$name.git");
498 }
499
500
501 1;
The repo.or.cz duct tape "Girocco"