Factor out uid/gid allocation to next_free_id()

[girocco.git] / cgi / regproj.cgi

#!/usr/bin/perl
# (c) Petr Baudis <pasky@suse.cz>
# GPLv2

use strict;
use warnings;

use lib qw(/home/repo/repomgr/cgi);
use Git::RepoCGI;

my $repo = Git::RepoCGI->new('Project Registration');
my $cgi = $repo->cgi;

sub save_proj_data {
        my ($path, $url, $email, $desc, $hp) = @_;
        open F, ">$path/base_url" or die "base_url failed: $!"; print F "$url\n"; close F;
        open F, ">$path/owner" or die "owner failed: $!"; print F "$email\n"; close F;
        open F, ">$path/description" or die "desc failed: $!"; print F "$desc\n"; close F;
        open F, ">$path/homepage" or die "hp failed: $!"; print F "$hp\n"; close F;
}

sub add_group {
        my ($name, $pwd, $xtra) = @_;
        # racy!
        my $gid = next_free_id(jailed_file('/etc/group'));
        open F, ">>".jailed_file("/etc/group") or die "group append failed: $!";
        print F "$name:".scrypt($pwd).":$gid:$xtra\n";
        close F;
        $gid;
}

sub setup_push {
        my ($name, $pwd, $email, $url, $desc, $hp) = @_;
        system("cg-admin-setuprepo -g repo /srv/git/$name.git") == 0 or die "cg-admin-setuprepo failed: $?";
        open X, ">/srv/git/$name.git/.nofetch" or die "nofetch failed: $!"; close X;
        save_proj_data("/srv/git/$name.git", $url, $email, $desc, $hp);
        chmod 0664, map { "/srv/git/$name.git/$_" } qw(base_url owner description homepage);
        add_group($name, $pwd, '');
        print <<EOT;
<p>
Project successfuly set up.
You can <a href="p/editproj.pl">assign users</a> now (use project name as username, admin password as password).
You need to <a href="reguser.pl">register a user</a> first if you have not done so yet.
(One user can have push access to multiple projects and multiple users can have push access to one project.)
</p>
<p>You may experience permission problems if you try to push right now. If so, that should get fixed automagically in few minutes.</p>
<p>Enjoy yourself!</p>
EOT
}

sub setup_mirror {
        my ($name, $pwd, $email, $url, $desc, $hp) = @_;
        mkdir "/home/repo/repodata/to-clone/$name" or die "mkdir failed: $!";
        save_proj_data("/home/repo/repodata/to-clone/$name", $url, $email, $desc, $hp);
        chmod 0775, "/home/repo/repodata/to-clone/$name" or die "chmod failed: $!";
        add_group($name, $pwd, ':');
        print "<p>Initiated mirroring. You will be notified by mail about results.</p>\n";
}

if ($cgi->param('name')) {
        # submitted, let's see
        # FIXME: racy, do a lock
        my $name = $repo->wparam('name');
        my $email = $repo->wparam('email');
        my $url = $repo->wparam('url');
        my $desc = $repo->wparam('desc');
        my $hp = $repo->wparam('hp');
        my $pwd = $cgi->param('pwd');
        $name =~ /^[a-zA-Z0-9_+-]+$/
                or $repo->err "Name contains invalid characters.";
        (-d "/srv/git/$name.git" or -d "/home/repo/repodata/cloning/$name" or -d "/home/repo/repodata/to-clone/$name")
                and $repo->err "Project with that name already exists.";
        if ($url) {
                $url =~ /^http:\/\/[a-zA-Z0-9-.]+\/[_\%a-zA-Z0-9.\/~-]+$/ or
                $url =~ /^git:\/\/[a-zA-Z0-9-.]+\/[_\%a-zA-Z0-9.\/~-]+$/
                        or $repo->err "Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.";
        } else {
                $cgi->param('mode') eq 'mirror'
                        and $repo->err "Missing URL.";
        }
        if ($hp) {
                $hp =~ /^http:\/\/[a-zA-Z0-9-.]+\/[_\%a-zA-Z0-9.\/~-]+$/
                        or $repo->err "Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.";
        }
        $email =~ /^[a-zA-Z0-9+._-]+@[a-zA-Z0-9-.]+$/
                or $repo->err "Your email sure looks weird...?";
        length($desc) <= 1024
                or $repo->err "<b>Short</b> description length > 1kb!";
        unless ($repo->err_check) {
                if ($cgi->param('mode') eq 'mirror') {
                        setup_mirror($name, $pwd, $email, $url, $desc, $hp);
                } elsif ($cgi->param('mode') eq 'push') {
                        setup_push($name, $pwd, $email, $url, $desc, $hp);
                }
                exit;
        }
}

print <<EOT;
<p>Here you can register a project. It can be hosted in two modes: mirror mode and push mode. In the first mode, we will check another repository at a given URL each hour and mirror any new updates. In the second mode, registered users with appropriate permissions will be able to push to the repository. You currently cannot switch freely between those two modes; if you want to switch an existing project, please contact the administrator.</p>
<p>You will need the admin password to adjust project settings later (mirroring URL, list of users allowed to push, project description, ...). Use the project name as the username when asked by the browser.</p>
<p>By submitting this form, you are confirming that the repository contains only free software and redistributing it does not violate any law of Czech Republic. Have fun!</p>
<form method="post">
<p>Project name (w/o the .git suffix): <input type="text" name="name" /></p>
<p>Admin password: <input type="password" name="pwd" /></p>
<p>E-mail contact: <input type="text" name="email" /></p>
<p>Description: <input type="text" name="desc" /></p>
<p>Homepage URL: <input type="text" name="hp" /></p>
<p>Hosting mode:</p><ul>
<li><input type="radio" name="mode" value="mirror" />Mirror mode. Repository URL: <input type="text" name="url" /></li>
<li><input type="radio" name="mode" value="push" />Push mode.</li></ul>
<p><input type="submit" name="y0" value="Register" /></p>
</form>
EOT