search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Girocco::Notify: Add support for CIA notifications
[girocco/testingthisout.git] / Girocco / Project.pm
blob64476c6bd12983dcdd58ac26d9ff006de3bcb9ec
1 package Girocco::Project;
2
3 use strict;
4 use warnings;
5
6 BEGIN {
7 use Girocco::CGI;
8 use Girocco::User;
9 use Girocco::Util;
10 use Girocco::ProjPerm;
11 use Girocco::Config;
12 use base ('Girocco::ProjPerm::'.$Girocco::Config::permission_control); # mwahaha
13 }
14
15 our $metadata_fields = {
16 homepage => ['Homepage URL', 'hp', 'text'],
17 shortdesc => ['Short description', 'desc', 'text'],
18 README => ['README (HTML, lt 8kb)', 'README', 'textarea'],
19 };
20
21 sub _mkdir_forkees {
22 my $self = shift;
23 my @pelems = split('/', $self->{name});
24 pop @pelems; # do not create dir for the project itself
25 my $path = $self->{base_path};
26 foreach my $pelem (@pelems) {
27 $path .= "/$pelem";
28 (-d "$path") or mkdir $path or die "mkdir $path: $!";
29 chmod 0775, $path; # ok if fails (dir may already exist and be owned by someone else)
30 }
31 }
32
33 our %propmap = (
34 url => ':baseurl',
35 email => ':owner',
36 desc => 'description',
37 README => 'README.html',
38 hp => ':homepage',
39 notifymail => '%hooks.mailinglist',
40 notifyjson => '%hooks.jsonurl',
41 notifycia => '%hooks.cianame',
42 );
43
44 sub _property_path {
45 my $self = shift;
46 my ($name) = @_;
47 $self->{path}.'/'.$name;
48 }
49
50 sub _property_fget {
51 my $self = shift;
52 my ($name) = @_;
53 my $pname = $propmap{$name};
54 $pname or die "unknown property: $name";
55 if ($pname =~ s/^://) {
56 my $val = `git --git-dir="$self->{path}" config "gitweb.$pname"`;
57 chomp $val;
58 return $val;
59 } elsif ($pname =~ s/^%//) {
60 my $val = `git --git-dir="$self->{path}" config "$pname"`;
61 chomp $val;
62 return $val;
63 }
64
65 open P, $self->_property_path($pname) or return undef;
66 my @value = <P>;
67 close P;
68 my $value = join('', @value); chomp $value;
69 $value;
70 }
71
72 sub _property_fput {
73 my $self = shift;
74 my ($name, $value) = @_;
75 my $pname = $propmap{$name};
76 $pname or die "unknown property: $name";
77 $value ||= '';
78 if ($pname =~ s/^://) {
79 system('git', '--git-dir='.$self->{path}, 'config', "gitweb.$pname", $value);
80 } elsif ($pname =~ s/^%//) {
81 system('git', '--git-dir='.$self->{path}, 'config', $pname, $value);
82 }
83
84 my $P = lock_file($self->_property_path($pname));
85 $value ne '' and print $P "$value\n";
86 close $P;
87 unlock_file($self->_property_path($pname));
88 }
89
90 sub _properties_load {
91 my $self = shift;
92 foreach my $prop (keys %propmap) {
93 $self->{$prop} = $self->_property_fget($prop);
94 }
95 }
96
97 sub _properties_save {
98 my $self = shift;
99 foreach my $prop (keys %propmap) {
100 $self->_property_fput($prop, $self->{$prop});
101 }
102 }
103
104 sub _nofetch_path {
105 my $self = shift;
106 $self->_property_path('.nofetch');
107 }
108
109 sub _nofetch {
110 my $self = shift;
111 my ($nofetch) = @_;
112 my $np = $self->_nofetch_path;
113 if ($nofetch) {
114 open X, '>'.$np or die "nofetch failed: $!";
115 close X;
116 } else {
117 unlink $np or die "yesfetch failed: $!";
118 }
119 }
120
121 sub _clonelog_path {
122 my $self = shift;
123 $self->_property_path('.clonelog');
124 }
125
126 sub _clonefail_path {
127 my $self = shift;
128 $self->_property_path('.clone_failed');
129 }
130
131 sub _clonep_path {
132 my $self = shift;
133 $self->_property_path('.clone_in_progress');
134 }
135
136 sub _clonep {
137 my $self = shift;
138 my ($nofetch) = @_;
139 my $np = $self->_clonep_path;
140 if ($nofetch) {
141 open X, '>'.$np or die "clonep failed: $!";
142 close X;
143 } else {
144 unlink $np or die "clonef failed: $!";
145 }
146 }
147 sub _alternates_setup {
148 my $self = shift;
149 return unless $self->{name} =~ m#/#;
150 my $forkee_name = get_forkee_name($self->{name});
151 my $forkee_path = get_forkee_path($self->{name});
152 return unless -d $forkee_path;
153 mkdir $self->{path}.'/refs'; chmod 0775, $self->{path}.'/refs';
154 mkdir $self->{path}.'/objects'; chmod 0775, $self->{path}.'/objects';
155 mkdir $self->{path}.'/objects/info'; chmod 0775, $self->{path}.'/objects/info';
156
157 # We set up both alternates and http_alternates since we cannot use
158 # relative path in alternates - that doesn't work recursively.
159
160 my $filename = $self->{path}.'/objects/info/alternates';
161 open X, '>'.$filename or die "alternates failed: $!";
162 print X "$forkee_path/objects\n";
163 close X;
164 chmod 0664, $filename or warn "cannot chmod $filename: $!";
165
166 if ($Girocco::Config::httppullurl) {
167 $filename = $self->{path}.'/objects/info/http-alternates';
168 open X, '>'.$filename or die "http-alternates failed: $!";
169 my $upfork = $forkee_name;
170 do { print X "$Girocco::Config::httppullurl/$upfork.git/objects\n"; } while ($upfork =~ s#/?.+?$## and $upfork); #
171 close X;
172 chmod 0664, $filename or warn "cannot chmod $filename: $!";
173 }
174
175 # The symlink is problematic since git remote prune will traverse it.
176 #symlink "$forkee_path/refs", $self->{path}.'/refs/forkee';
177 }
178
179 sub _ctags_setup {
180 my $self = shift;
181 mkdir $self->{path}.'/ctags'; chmod 01777, $self->{path}.'/ctags';
182 }
183
184 sub _group_add {
185 my $self = shift;
186 my ($xtra) = @_;
187 $xtra .= join(',', @{$self->{users}});
188 filedb_atomic_append(jailed_file('/etc/group'),
189 join(':', $self->{name}, $self->{crypt}, '\i', $xtra));
190 }
191
192 sub _group_update {
193 my $self = shift;
194 my $xtra = join(',', @{$self->{users}});
195 filedb_atomic_edit(jailed_file('/etc/group'),
196 sub {
197 $_ = $_[0];
198 chomp;
199 if ($self->{name} eq (split /:/)[0]) {
200 # preserve readonly flag
201 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
202 return join(':', $self->{name}, $self->{crypt}, $self->{gid}, $xtra)."\n";
203 } else {
204 return "$_\n";
205 }
206 }
207 );
208 }
209
210 sub _group_remove {
211 my $self = shift;
212 filedb_atomic_edit(jailed_file('/etc/group'),
213 sub {
214 $self->{name} ne (split /:/)[0] and return $_;
215 }
216 );
217 }
218
219 sub _hook_path {
220 my $self = shift;
221 my ($name) = @_;
222 $self->{path}.'/hooks/'.$name;
223 }
224
225 sub _hook_install {
226 my $self = shift;
227 my ($name) = @_;
228 open SRC, "$Girocco::Config::basedir/$name-hook" or die "cannot open hook $name: $!";
229 open DST, '>'.$self->_hook_path($name) or die "cannot open hook $name for writing: $!";
230 while (<SRC>) { print DST $_; }
231 close DST;
232 close SRC;
233 chmod 0775, $self->_hook_path($name) or die "cannot chmod hook $name: $!";
234 }
235
236 sub _hooks_install {
237 my $self = shift;
238 foreach my $hook ('post-receive', 'update') {
239 $self->_hook_install($hook);
240 }
241 }
242
243 # private constructor, do not use
244 sub _new {
245 my $class = shift;
246 my ($name, $base_path, $path) = @_;
247 valid_name($name) or die "refusing to create project with invalid name ($name)!";
248 $path ||= "$base_path/$name.git";
249 my $proj = { name => $name, base_path => $base_path, path => $path };
250
251 bless $proj, $class;
252 }
253
254 # public constructor #0
255 # creates a virtual project not connected to disk image
256 # you can conjure() it later to disk
257 sub ghost {
258 my $class = shift;
259 my ($name, $mirror) = @_;
260 my $self = $class->_new($name, $Girocco::Config::reporoot);
261 $self->{users} = [];
262 $self->{mirror} = $mirror;
263 $self;
264 }
265
266 # public constructor #1
267 sub load {
268 my $class = shift;
269 my ($name) = @_;
270
271 open F, jailed_file("/etc/group") or die "project load failed: $!";
272 while (<F>) {
273 chomp;
274 @_ = split /:+/;
275 next unless (shift eq $name);
276
277 my $self = $class->_new($name, $Girocco::Config::reporoot);
278 (-d $self->{path}) or die "invalid path (".$self->{path}.") for project ".$self->{name};
279
280 my $ulist;
281 ($self->{crypt}, $self->{gid}, $ulist) = @_;
282 $ulist ||= '';
283 $self->{users} = [split /,/, $ulist];
284 $self->{orig_users} = [@{$self->{users}}];
285 $self->{mirror} = ! -e $self->_nofetch_path;
286 $self->{clone_in_progress} = -e $self->_clonep_path;
287 $self->{clone_logged} = -e $self->_clonelog_path;
288 $self->{clone_failed} = -e $self->_clonefail_path;
289 $self->{ccrypt} = $self->{crypt};
290
291 $self->_properties_load;
292 return $self;
293 }
294 close F;
295 undef;
296 }
297
298 # $proj may not be in sane state if this returns false!
299 sub cgi_fill {
300 my $self = shift;
301 my ($gcgi) = @_;
302 my $cgi = $gcgi->cgi;
303
304 my ($pwd, $pwd2) = ($cgi->param('pwd'), $cgi->param('pwd2'));
305 $pwd ||= ''; $pwd2 ||= ''; # in case passwords are disabled
306 if ($pwd or not $self->{crypt}) {
307 $self->{crypt} = scrypt($pwd);
308 }
309
310 if ($pwd2 and $pwd ne $pwd2) {
311 $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
312 }
313
314 $self->{cpwd} = $cgi->param('cpwd');
315
316 if ($Girocco::Config::project_owners eq 'email') {
317 $self->{email} = $gcgi->wparam('email');
318 valid_email($self->{email})
319 or $gcgi->err("Your email sure looks weird...?");
320 }
321
322 $self->{url} = $gcgi->wparam('url');
323 if ($self->{url}) {
324 valid_repo_url($self->{url})
325 or $gcgi->err("Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.");
326 }
327
328 $self->{desc} = $gcgi->wparam('desc');
329 length($self->{desc}) <= 1024
330 or $gcgi->err("<b>Short</b> description length &gt; 1kb!");
331
332 $self->{README} = $gcgi->wparam('README');
333 length($self->{README}) <= 8192
334 or $gcgi->err("README length &gt; 8kb!");
335
336 $self->{hp} = $gcgi->wparam('hp');
337 if ($self->{hp}) {
338 valid_web_url($self->{hp})
339 or $gcgi->err("Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
340 }
341
342 # FIXME: Permit only existing users
343 $self->{users} = [grep { Girocco::User::valid_name($_) } $cgi->param('user')];
344
345 not $gcgi->err_check;
346 }
347
348 sub form_defaults {
349 my $self = shift;
350 (
351 name => $self->{name},
352 email => $self->{email},
353 url => $self->{url},
354 desc => html_esc($self->{desc}),
355 README => html_esc($self->{README}),
356 hp => $self->{hp},
357 users => $self->{users},
358 );
359 }
360
361 sub authenticate {
362 my $self = shift;
363 my ($gcgi) = @_;
364
365 $self->{ccrypt} or die "Can't authenticate against a project with no password";
366 $self->{cpwd} ||= '';
367 unless ($self->{ccrypt} eq crypt($self->{cpwd}, $self->{ccrypt})) {
368 $gcgi->err("Your admin password does not match!");
369 return 0;
370 }
371 return 1;
372 }
373
374 sub _setup {
375 my $self = shift;
376 my ($pushers) = @_;
377
378 $self->_mkdir_forkees;
379
380 mkdir($self->{path}) or die "mkdir $self->{path} failed: $!";
381 if ($Girocco::Config::owning_group) {
382 my $gid = scalar(getgrnam($Girocco::Config::owning_group));
383 chown(-1, $gid, $self->{path}) or die "chgrp $gid $self->{path} failed: $!";
384 chmod(02775, $self->{path}) or die "chmod 2775 $self->{path} failed: $!";
385 } else {
386 chmod(02777, $self->{path}) or die "chmod 2777 $self->{path} failed: $!";
387 }
388 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'init', '--bare', '--shared='.$self->shared_mode()) == 0
389 or die "git init $self->{path} failed: $?";
390 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', 'receive.denyNonFastforwards', 'false') == 0
391 or die "disabling receive.denyNonFastforwards failed: $?";
392 system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', 'gc.auto', '0') == 0
393 or die "disabling gc.auto failed: $?";
394
395 # /info must have right permissions even before the fixup job,
396 # and git init didn't do it for some reason.
397 if ($Girocco::Config::owning_group) {
398 chmod(02775, $self->{path}."/info") or die "chmod 2775 $self->{path}/info failed: $!";
399 } else {
400 chmod(02777, $self->{path}."/info") or die "chmod 2777 $self->{path}/info failed: $!";
401 }
402
403 $self->_properties_save;
404 $self->_alternates_setup;
405 $self->_ctags_setup;
406 $self->_group_add($pushers);
407 $self->_hooks_install;
408 $self->perm_initialize;
409 system($Girocco::Config::basedir . '/gitweb/genindex.sh');
410 }
411
412 sub premirror {
413 my $self = shift;
414
415 $self->_setup(':');
416 $self->_clonep(1);
417 }
418
419 sub conjure {
420 my $self = shift;
421
422 $self->_setup;
423 $self->_nofetch(1);
424 }
425
426 sub clone {
427 my $self = shift;
428
429 unlink ($self->_clonefail_path()); # Ignore EEXIST error
430 unlink ($self->_clonelog_path()); # Ignore EEXIST error
431
432 use IO::Socket;
433 my $sock = IO::Socket::UNIX->new($Girocco::Config::chroot.'/etc/taskd.socket') or die "cannot connect to taskd.socket: $!";
434 $sock->print("clone ".$self->{name}."\n");
435 # Just ignore reply, we are going to succeed anyway and the I/O
436 # would apparently get quite hairy.
437 $sock->flush();
438 sleep 2; # *cough*
439 $sock->close();
440 }
441
442 sub update {
443 my $self = shift;
444
445 $self->_properties_save;
446 $self->_group_update;
447
448 my @users_add = grep { $a = $_; not scalar grep { $a eq $_ } $self->{orig_users} } $self->{users};
449 my @users_del = grep { $a = $_; not scalar grep { $a eq $_ } $self->{users} } $self->{orig_users};
450 $self->perm_user_add($_, Girocco::User::resolve_uid($_)) foreach (@users_add);
451 $self->perm_user_del($_, Girocco::User::resolve_uid($_)) foreach (@users_del);
452
453 1;
454 }
455
456 sub update_password {
457 my $self = shift;
458 my ($pwd) = @_;
459
460 $self->{crypt} = scrypt($pwd);
461 $self->_group_update;
462 }
463
464 # You can explicitly do this just on a ghost() repository too.
465 sub delete {
466 my $self = shift;
467
468 if (-d $self->{path}) {
469 system('rm', '-rf', $self->{path}) == 0
470 or die "rm -rf $self->{path} failed: $?";
471 }
472 $self->_group_remove;
473 }
474
475 sub has_forks {
476 my $self = shift;
477
478 return glob($Girocco::Config::reporoot.'/'.$self->{name}.'/*');
479 }
480
481
482 ### static methods
483
484 sub get_forkee_name {
485 $_ = $_[0];
486 (m#^(.*)/.*?$#)[0]; #
487 }
488 sub get_forkee_path {
489 my $forkee = $Girocco::Config::reporoot.'/'.get_forkee_name($_[0]).'.git';
490 -d $forkee ? $forkee : '';
491 }
492
493 sub valid_name {
494 $_ = $_[0];
495 (not m#/# or -d get_forkee_path($_)) # will also catch ^/
496 and (not m#\./#)
497 and (not m#/$#)
498 and m#^[a-zA-Z0-9+./_-]+$#;
499 }
500
501 sub does_exist {
502 my ($name) = @_;
503 valid_name($name) or die "tried to query for project with invalid name $name!";
504 (-d $Girocco::Config::reporoot."/$name.git");
505 }
506
507
508 1;