search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Girocco::Notify: Introduce, add ref-change support to taskd
[girocco/mytab.git] / Girocco / Project.pm
blob9ac71c05edce02279ef2dc01a15453b6a5859c59
1 package Girocco::Project;
2
3 use strict;
4 use warnings;
5
6 BEGIN {
7 use Girocco::CGI;
8 use Girocco::User;
9 use Girocco::Util;
10 use Girocco::ProjPerm;
11 use Girocco::Config;
12 use base ('Girocco::ProjPerm::'.$Girocco::Config::permission_control); # mwahaha
13 }
14
15 our $metadata_fields = {
16 homepage => ['Homepage URL', 'hp', 'text'],
17 shortdesc => ['Short description', 'desc', 'text'],
18 README => ['README (HTML, lt 8kb)', 'README', 'textarea'],
19 };
20
21 sub _mkdir_forkees {
22 my $self = shift;
23 my @pelems = split('/', $self->{name});
24 pop @pelems; # do not create dir for the project itself
25 my $path = $self->{base_path};
26 foreach my $pelem (@pelems) {
27 $path .= "/$pelem";
28 (-d "$path") or mkdir $path or die "mkdir $path: $!";
29 chmod 0775, $path; # ok if fails (dir may already exist and be owned by someone else)
30 }
31 }
32
33 our %propmap = (
34 url => ':baseurl',
35 email => ':owner',
36 desc => 'description',
37 README => 'README.html',
38 hp => ':homepage',
39 notifymail => '%hooks.mailinglist',
40 notifyjson => '%hooks.jsonurl',
41 );
42
43 sub _property_path {
44 my $self = shift;
45 my ($name) = @_;
46 $self->{path}.'/'.$name;
47 }
48
49 sub _property_fget {
50 my $self = shift;
51 my ($name) = @_;
52 my $pname = $propmap{$name};
53 $pname or die "unknown property: $name";
54 if ($pname =~ s/^://) {
55 return `git --git-dir="$self->{path}" config "gitweb.$pname"`
56 } elsif ($pname =~ s/^%//) {
57 return `git --git-dir="$self->{path}" config "$pname"`
58 }
59
60 open P, $self->_property_path($pname) or return undef;
61 my @value = <P>;
62 close P;
63 my $value = join('', @value); chomp $value;
64 $value;
65 }
66
67 sub _property_fput {
68 my $self = shift;
69 my ($name, $value) = @_;
70 my $pname = $propmap{$name};
71 $pname or die "unknown property: $name";
72 $value ||= '';
73 if ($pname =~ s/^://) {
74 return `git --git-dir="$self->{path}" config "gitweb.$pname" "$value"`
75 } elsif ($pname =~ s/^%//) {
76 return `git --git-dir="$self->{path}" config "$pname" "$value"`
77 }
78
79 my $P = lock_file($self->_property_path($pname));
80 $value ne '' and print $P "$value\n";
81 close $P;
82 unlock_file($self->_property_path($pname));
83 }
84
85 sub _properties_load {
86 my $self = shift;
87 foreach my $prop (keys %propmap) {
88 $self->{$prop} = $self->_property_fget($prop);
89 }
90 }
91
92 sub _properties_save {
93 my $self = shift;
94 foreach my $prop (keys %propmap) {
95 $self->_property_fput($prop, $self->{$prop});
96 }
97 }
98
99 sub _nofetch_path {
100 my $self = shift;
101 $self->_property_path('.nofetch');
102 }
103
104 sub _nofetch {
105 my $self = shift;
106 my ($nofetch) = @_;
107 my $np = $self->_nofetch_path;
108 if ($nofetch) {
109 open X, '>'.$np or die "nofetch failed: $!";
110 close X;
111 } else {
112 unlink $np or die "yesfetch failed: $!";
113 }
114 }
115
116 sub _clonelog_path {
117 my $self = shift;
118 $self->_property_path('.clonelog');
119 }
120
121 sub _clonefail_path {
122 my $self = shift;
123 $self->_property_path('.clone_failed');
124 }
125
126 sub _clonep_path {
127 my $self = shift;
128 $self->_property_path('.clone_in_progress');
129 }
130
131 sub _clonep {
132 my $self = shift;
133 my ($nofetch) = @_;
134 my $np = $self->_clonep_path;
135 if ($nofetch) {
136 open X, '>'.$np or die "clonep failed: $!";
137 close X;
138 } else {
139 unlink $np or die "clonef failed: $!";
140 }
141 }
142 sub _alternates_setup {
143 my $self = shift;
144 return unless $self->{name} =~ m#/#;
145 my $forkee_name = get_forkee_name($self->{name});
146 my $forkee_path = get_forkee_path($self->{name});
147 return unless -d $forkee_path;
148 mkdir $self->{path}.'/refs'; chmod 0775, $self->{path}.'/refs';
149 mkdir $self->{path}.'/objects'; chmod 0775, $self->{path}.'/objects';
150 mkdir $self->{path}.'/objects/info'; chmod 0775, $self->{path}.'/objects/info';
151
152 # We set up both alternates and http_alternates since we cannot use
153 # relative path in alternates - that doesn't work recursively.
154
155 my $filename = $self->{path}.'/objects/info/alternates';
156 open X, '>'.$filename or die "alternates failed: $!";
157 print X "$forkee_path/objects\n";
158 close X;
159 chmod 0664, $filename or warn "cannot chmod $filename: $!";
160
161 if ($Girocco::Config::httppullurl) {
162 $filename = $self->{path}.'/objects/info/http-alternates';
163 open X, '>'.$filename or die "http-alternates failed: $!";
164 my $upfork = $forkee_name;
165 do { print X "$Girocco::Config::httppullurl/$upfork.git/objects\n"; } while ($upfork =~ s#/?.+?$## and $upfork); #
166 close X;
167 chmod 0664, $filename or warn "cannot chmod $filename: $!";
168 }
169
170 # The symlink is problematic since git remote prune will traverse it.
171 #symlink "$forkee_path/refs", $self->{path}.'/refs/forkee';
172 }
173
174 sub _ctags_setup {
175 my $self = shift;
176 mkdir $self->{path}.'/ctags'; chmod 01777, $self->{path}.'/ctags';
177 }
178
179 sub _group_add {
180 my $self = shift;
181 my ($xtra) = @_;
182 $xtra .= join(',', @{$self->{users}});
183 filedb_atomic_append(jailed_file('/etc/group'),
184 join(':', $self->{name}, $self->{crypt}, '\i', $xtra));
185 }
186
187 sub _group_update {
188 my $self = shift;
189 my $xtra = join(',', @{$self->{users}});
190 filedb_atomic_edit(jailed_file('/etc/group'),
191 sub {
192 $_ = $_[0];
193 chomp;
194 if ($self->{name} eq (split /:/)[0]) {
195 # preserve readonly flag
196 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
197 return join(':', $self->{name}, $self->{crypt}, $self->{gid}, $xtra)."\n";
198 } else {
199 return "$_\n";
200 }
201 }
202 );
203 }
204
205 sub _group_remove {
206 my $self = shift;
207 filedb_atomic_edit(jailed_file('/etc/group'),
208 sub {
209 $self->{name} ne (split /:/)[0] and return $_;
210 }
211 );
212 }
213
214 sub _hook_path {
215 my $self = shift;
216 my ($name) = @_;
217 $self->{path}.'/hooks/'.$name;
218 }
219
220 sub _hook_install {
221 my $self = shift;
222 my ($name) = @_;
223 open SRC, "$Girocco::Config::basedir/$name-hook" or die "cannot open hook $name: $!";
224 open DST, '>'.$self->_hook_path($name) or die "cannot open hook $name for writing: $!";
225 while (<SRC>) { print DST $_; }
226 close DST;
227 close SRC;
228 chmod 0775, $self->_hook_path($name) or die "cannot chmod hook $name: $!";
229 }
230
231 sub _hooks_install {
232 my $self = shift;
233 foreach my $hook ('post-receive', 'update') {
234 $self->_hook_install($hook);
235 }
236 }
237
238 # private constructor, do not use
239 sub _new {
240 my $class = shift;
241 my ($name, $base_path, $path) = @_;
242 valid_name($name) or die "refusing to create project with invalid name ($name)!";
243 $path ||= "$base_path/$name.git";
244 my $proj = { name => $name, base_path => $base_path, path => $path };
245
246 bless $proj, $class;
247 }
248
249 # public constructor #0
250 # creates a virtual project not connected to disk image
251 # you can conjure() it later to disk
252 sub ghost {
253 my $class = shift;
254 my ($name, $mirror) = @_;
255 my $self = $class->_new($name, $Girocco::Config::reporoot);
256 $self->{users} = [];
257 $self->{mirror} = $mirror;
258 $self;
259 }
260
261 # public constructor #1
262 sub load {
263 my $class = shift;
264 my ($name) = @_;
265
266 open F, jailed_file("/etc/group") or die "project load failed: $!";
267 while (<F>) {
268 chomp;
269 @_ = split /:+/;
270 next unless (shift eq $name);
271
272 my $self = $class->_new($name, $Girocco::Config::reporoot);
273 (-d $self->{path}) or die "invalid path (".$self->{path}.") for project ".$self->{name};
274
275 my $ulist;
276 ($self->{crypt}, $self->{gid}, $ulist) = @_;
277 $ulist ||= '';
278 $self->{users} = [split /,/, $ulist];
279 $self->{orig_users} = [@{$self->{users}}];
280 $self->{mirror} = ! -e $self->_nofetch_path;
281 $self->{clone_in_progress} = -e $self->_clonep_path;
282 $self->{clone_logged} = -e $self->_clonelog_path;
283 $self->{clone_failed} = -e $self->_clonefail_path;
284 $self->{ccrypt} = $self->{crypt};
285
286 $self->_properties_load;
287 return $self;
288 }
289 close F;
290 undef;
291 }
292
293 # $proj may not be in sane state if this returns false!
294 sub cgi_fill {
295 my $self = shift;
296 my ($gcgi) = @_;
297 my $cgi = $gcgi->cgi;
298
299 my ($pwd, $pwd2) = ($cgi->param('pwd'), $cgi->param('pwd2'));
300 $pwd ||= ''; $pwd2 ||= ''; # in case passwords are disabled
301 if ($pwd or not $self->{crypt}) {
302 $self->{crypt} = scrypt($pwd);
303 }
304
305 if ($pwd2 and $pwd ne $pwd2) {
306 $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
307 }
308
309 $self->{cpwd} = $cgi->param('cpwd');
310
311 if ($Girocco::Config::project_owners eq 'email') {
312 $self->{email} = $gcgi->wparam('email');
313 valid_email($self->{email})
314 or $gcgi->err("Your email sure looks weird...?");
315 }
316
317 $self->{url} = $gcgi->wparam('url');
318 if ($self->{url}) {
319 valid_repo_url($self->{url})
320 or $gcgi->err("Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.");
321 }
322
323 $self->{desc} = $gcgi->wparam('desc');
324 length($self->{desc}) <= 1024
325 or $gcgi->err("<b>Short</b> description length &gt; 1kb!");
326
327 $self->{README} = $gcgi->wparam('README');
328 length($self->{README}) <= 8192
329 or $gcgi->err("README length &gt; 8kb!");
330
331 $self->{hp} = $gcgi->wparam('hp');
332 if ($self->{hp}) {
333 valid_web_url($self->{hp})
334 or $gcgi->err("Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
335 }
336
337 # FIXME: Permit only existing users
338 $self->{users} = [grep { Girocco::User::valid_name($_) } $cgi->param('user')];
339
340 not $gcgi->err_check;
341 }
342
343 sub form_defaults {
344 my $self = shift;
345 (
346 name => $self->{name},
347 email => $self->{email},
348 url => $self->{url},
349 desc => html_esc($self->{desc}),
350 README => html_esc($self->{README}),
351 hp => $self->{hp},
352 users => $self->{users},
353 );
354 }
355
356 sub authenticate {
357 my $self = shift;
358 my ($gcgi) = @_;
359
360 $self->{ccrypt} or die "Can't authenticate against a project with no password";
361 $self->{cpwd} ||= '';
362 unless ($self->{ccrypt} eq crypt($self->{cpwd}, $self->{ccrypt})) {
363 $gcgi->err("Your admin password does not match!");
364 return 0;
365 }
366 return 1;
367 }
368
369 sub _setup {
370 my $self = shift;
371 my ($pushers) = @_;
372
373 $self->_mkdir_forkees;
374
375 mkdir($self->{path}) or die "mkdir $self->{path} failed: $!";
376 if ($Girocco::Config::owning_group) {
377 my $gid = scalar(getgrnam($Girocco::Config::owning_group));
378 chown(-1, $gid, $self->{path}) or die "chgrp $gid $self->{path} failed: $!";
379 chmod(02775, $self->{path}) or die "chmod 2775 $self->{path} failed: $!";
380 } else {
381 chmod(02777, $self->{path}) or die "chmod 2777 $self->{path} failed: $!";
382 }
383 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'init', '--bare', '--shared='.$self->shared_mode()) == 0
384 or die "git init $self->{path} failed: $?";
385 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', 'receive.denyNonFastforwards', 'false') == 0
386 or die "disabling receive.denyNonFastforwards failed: $?";
387 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', 'gc.auto', '0') == 0
388 or die "disabling gc.auto failed: $?";
389
390 # /info must have right permissions even before the fixup job,
391 # and git init didn't do it for some reason.
392 if ($Girocco::Config::owning_group) {
393 chmod(02775, $self->{path}."/info") or die "chmod 2775 $self->{path}/info failed: $!";
394 } else {
395 chmod(02777, $self->{path}."/info") or die "chmod 2777 $self->{path}/info failed: $!";
396 }
397
398 $self->_properties_save;
399 $self->_alternates_setup;
400 $self->_ctags_setup;
401 $self->_group_add($pushers);
402 $self->_hooks_install;
403 $self->perm_initialize;
404 system($Girocco::Config::basedir . '/gitweb/genindex.sh');
405 }
406
407 sub premirror {
408 my $self = shift;
409
410 $self->_setup(':');
411 $self->_clonep(1);
412 }
413
414 sub conjure {
415 my $self = shift;
416
417 $self->_setup;
418 $self->_nofetch(1);
419 }
420
421 sub clone {
422 my $self = shift;
423
424 unlink ($self->_clonefail_path()); # Ignore EEXIST error
425 unlink ($self->_clonelog_path()); # Ignore EEXIST error
426
427 use IO::Socket;
428 my $sock = IO::Socket::UNIX->new($Girocco::Config::chroot.'/etc/taskd.socket') or die "cannot connect to taskd.socket: $!";
429 $sock->print("clone ".$self->{name}."\n");
430 # Just ignore reply, we are going to succeed anyway and the I/O
431 # would apparently get quite hairy.
432 $sock->flush();
433 sleep 2; # *cough*
434 $sock->close();
435 }
436
437 sub update {
438 my $self = shift;
439
440 $self->_properties_save;
441 $self->_group_update;
442
443 my @users_add = grep { $a = $_; not scalar grep { $a eq $_ } $self->{orig_users} } $self->{users};
444 my @users_del = grep { $a = $_; not scalar grep { $a eq $_ } $self->{users} } $self->{orig_users};
445 $self->perm_user_add($_, Girocco::User::resolve_uid($_)) foreach (@users_add);
446 $self->perm_user_del($_, Girocco::User::resolve_uid($_)) foreach (@users_del);
447
448 1;
449 }
450
451 sub update_password {
452 my $self = shift;
453 my ($pwd) = @_;
454
455 $self->{crypt} = scrypt($pwd);
456 $self->_group_update;
457 }
458
459 # You can explicitly do this just on a ghost() repository too.
460 sub delete {
461 my $self = shift;
462
463 if (-d $self->{path}) {
464 system('rm', '-rf', $self->{path}) == 0
465 or die "rm -rf $self->{path} failed: $?";
466 }
467 $self->_group_remove;
468 }
469
470 sub has_forks {
471 my $self = shift;
472
473 return glob($Girocco::Config::reporoot.'/'.$self->{name}.'/*');
474 }
475
476
477 ### static methods
478
479 sub get_forkee_name {
480 $_ = $_[0];
481 (m#^(.*)/.*?$#)[0]; #
482 }
483 sub get_forkee_path {
484 my $forkee = $Girocco::Config::reporoot.'/'.get_forkee_name($_[0]).'.git';
485 -d $forkee ? $forkee : '';
486 }
487
488 sub valid_name {
489 $_ = $_[0];
490 (not m#/# or -d get_forkee_path($_)) # will also catch ^/
491 and (not m#\./#)
492 and (not m#/$#)
493 and m#^[a-zA-Z0-9+./_-]+$#;
494 }
495
496 sub does_exist {
497 my ($name) = @_;
498 valid_name($name) or die "tried to query for project with invalid name $name!";
499 (-d $Girocco::Config::reporoot."/$name.git");
500 }
501
502
503 1;