tangled.org / core
this repo has no description
fork atom

fix @oppiliappan's nonsense

Anirudh Oppiliappan 555dfd74 f787e5e4

options
unified split
Changed files
+21 -6
cmd
repoguard
main.go
+21 -6
cmd/repoguard/main.go
··· 26 incomingUser = flag.String("user", "", "Allowed git user") 27 baseDirFlag = flag.String("base-dir", "/home/git", "Base directory for git repositories") 28 logPathFlag = flag.String("log-path", "/var/log/git-wrapper.log", "Path to log file") 29 - endpoint = flag.String("internal-api", "http://localhost:5555", "Internal API endpoint") 30 ) 31 32 func main() { ··· 68 69 // did:foo/repo-name or 70 // handle/repo-name 71 - components := filepath.SplitList(cmdParts[2]) 72 if len(components) != 2 { 73 exitWithLog("invalid repo format, needs <user>/<repo>") 74 } ··· 89 90 if gitCommand != "git-upload-pack" { 91 if !isPushPermitted(*incomingUser, qualifiedRepoName) { 92 exitWithLog("access denied: user not allowed") 93 } 94 } ··· 187 } 188 189 func isPushPermitted(user, qualifiedRepoName string) bool { 190 - url, _ := url.Parse(*endpoint + "/push-allowed/") 191 - url.Query().Add(user, user) 192 - url.Query().Add(user, qualifiedRepoName) 193 194 - req, err := http.Get(url.String()) 195 if err != nil { 196 exitWithLog(fmt.Sprintf("error verifying permissions: %v", err)) 197 } 198 199 return req.StatusCode == http.StatusNoContent 200 }
··· 26 incomingUser = flag.String("user", "", "Allowed git user") 27 baseDirFlag = flag.String("base-dir", "/home/git", "Base directory for git repositories") 28 logPathFlag = flag.String("log-path", "/var/log/git-wrapper.log", "Path to log file") 29 + endpoint = flag.String("internal-api", "http://localhost:5444", "Internal API endpoint") 30 ) 31 32 func main() { ··· 68 69 // did:foo/repo-name or 70 // handle/repo-name 71 + 72 + components := strings.Split(strings.Trim(cmdParts[1], "'"), "/") 73 + logEvent("Command components", map[string]interface{}{ 74 + "components": components, 75 + }) 76 if len(components) != 2 { 77 exitWithLog("invalid repo format, needs <user>/<repo>") 78 } ··· 93 94 if gitCommand != "git-upload-pack" { 95 if !isPushPermitted(*incomingUser, qualifiedRepoName) { 96 + logEvent("all infos", map[string]interface{}{ 97 + "did": *incomingUser, 98 + "reponame": qualifiedRepoName, 99 + }) 100 exitWithLog("access denied: user not allowed") 101 } 102 } ··· 195 } 196 197 func isPushPermitted(user, qualifiedRepoName string) bool { 198 + u, _ := url.Parse(*endpoint + "/push-allowed") 199 + q := u.Query() 200 + q.Add("user", user) 201 + q.Add("repo", qualifiedRepoName) 202 + u.RawQuery = q.Encode() 203 204 + req, err := http.Get(u.String()) 205 if err != nil { 206 exitWithLog(fmt.Sprintf("error verifying permissions: %v", err)) 207 } 208 + 209 + logEvent("url", map[string]interface{}{ 210 + "url": u.String(), 211 + "status": req.Status, 212 + }) 213 214 return req.StatusCode == http.StatusNoContent 215 }