tjh.dev / core
forked from tangled.org/core
this repo has no description
fork atom

fix @oppiliappan's nonsense

anirudh.fi 555dfd74 f787e5e4

verified
+21 -6
+21 -6
cmd/repoguard/main.go
··· 26 26 incomingUser = flag.String("user", "", "Allowed git user") 27 27 baseDirFlag = flag.String("base-dir", "/home/git", "Base directory for git repositories") 28 28 logPathFlag = flag.String("log-path", "/var/log/git-wrapper.log", "Path to log file") 29 - endpoint = flag.String("internal-api", "http://localhost:5555", "Internal API endpoint") 29 + endpoint = flag.String("internal-api", "http://localhost:5444", "Internal API endpoint") 30 30 ) 31 31 32 32 func main() { ··· 68 68 69 69 // did:foo/repo-name or 70 70 // handle/repo-name 71 - components := filepath.SplitList(cmdParts[2]) 71 + 72 + components := strings.Split(strings.Trim(cmdParts[1], "'"), "/") 73 + logEvent("Command components", map[string]interface{}{ 74 + "components": components, 75 + }) 72 76 if len(components) != 2 { 73 77 exitWithLog("invalid repo format, needs <user>/<repo>") 74 78 } ··· 89 93 90 94 if gitCommand != "git-upload-pack" { 91 95 if !isPushPermitted(*incomingUser, qualifiedRepoName) { 96 + logEvent("all infos", map[string]interface{}{ 97 + "did": *incomingUser, 98 + "reponame": qualifiedRepoName, 99 + }) 92 100 exitWithLog("access denied: user not allowed") 93 101 } 94 102 } ··· 187 195 } 188 196 189 197 func isPushPermitted(user, qualifiedRepoName string) bool { 190 - url, _ := url.Parse(*endpoint + "/push-allowed/") 191 - url.Query().Add(user, user) 192 - url.Query().Add(user, qualifiedRepoName) 198 + u, _ := url.Parse(*endpoint + "/push-allowed") 199 + q := u.Query() 200 + q.Add("user", user) 201 + q.Add("repo", qualifiedRepoName) 202 + u.RawQuery = q.Encode() 193 203 194 - req, err := http.Get(url.String()) 204 + req, err := http.Get(u.String()) 195 205 if err != nil { 196 206 exitWithLog(fmt.Sprintf("error verifying permissions: %v", err)) 197 207 } 208 + 209 + logEvent("url", map[string]interface{}{ 210 + "url": u.String(), 211 + "status": req.Status, 212 + }) 198 213 199 214 return req.StatusCode == http.StatusNoContent 200 215 }