opengist/internal/ssh/git_ssh.go

123 lines
3.1 KiB
Go
Raw Normal View History

2023-03-14 15:22:52 +00:00
package ssh
import (
"errors"
"io"
"os/exec"
"strings"
"github.com/rs/zerolog/log"
"github.com/thomiceli/opengist/internal/auth"
2023-09-02 22:30:57 +00:00
"github.com/thomiceli/opengist/internal/db"
2023-05-15 19:07:29 +00:00
"github.com/thomiceli/opengist/internal/git"
2023-03-14 15:22:52 +00:00
"golang.org/x/crypto/ssh"
"gorm.io/gorm"
)
2023-05-01 00:55:34 +00:00
func runGitCommand(ch ssh.Channel, gitCmd string, key string, ip string) error {
2023-03-14 15:22:52 +00:00
verb, args := parseCommand(gitCmd)
if !strings.HasPrefix(verb, "git-") {
verb = ""
}
verb = strings.TrimPrefix(verb, "git-")
if verb != "upload-pack" && verb != "receive-pack" {
return errors.New("invalid command")
}
repoFullName := strings.ToLower(strings.Trim(args, "'"))
repoFields := strings.SplitN(repoFullName, "/", 2)
if len(repoFields) != 2 {
return errors.New("invalid gist path")
}
userName := strings.ToLower(repoFields[0])
gistName := strings.TrimSuffix(strings.ToLower(repoFields[1]), ".git")
2023-09-02 22:30:57 +00:00
gist, err := db.GetGist(userName, gistName)
2023-03-14 15:22:52 +00:00
if err != nil {
return errors.New("gist not found")
}
allowUnauthenticated, err := auth.ShouldAllowUnauthenticatedGistAccess(db.AuthInfo{}, true)
2023-04-28 18:31:10 +00:00
if err != nil {
2024-11-17 20:25:59 +00:00
errorSsh("Failed to get auth info", err)
2023-04-28 18:31:10 +00:00
return errors.New("internal server error")
}
// Check for the key if :
// - user wants to push the gist
// - user wants to clone a private gist
// - gist is not found (obfuscation)
// - admin setting to require login is set to true
if verb == "receive-pack" ||
2024-05-27 23:30:08 +00:00
gist.Private == db.PrivateVisibility ||
gist.ID == 0 ||
!allowUnauthenticated {
2024-05-27 23:30:08 +00:00
var userToCheckPermissions *db.User
if gist.Private != db.PrivateVisibility && verb == "upload-pack" {
userToCheckPermissions, _ = db.GetUserFromSSHKey(key)
} else {
userToCheckPermissions = &gist.User
}
pubKey, err := db.SSHKeyExistsForUser(key, userToCheckPermissions.ID)
2023-03-14 15:22:52 +00:00
if err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
log.Warn().Msg("Invalid SSH authentication attempt from " + ip)
return errors.New("gist not found")
2023-03-14 15:22:52 +00:00
}
errorSsh("Failed to get user by SSH key id", err)
return errors.New("internal server error")
}
2023-09-02 22:30:57 +00:00
_ = db.SSHKeyLastUsedNow(pubKey.Content)
2023-03-14 15:22:52 +00:00
}
2023-03-14 22:26:39 +00:00
repositoryPath := git.RepositoryPath(gist.User.Username, gist.Uuid)
2023-03-14 15:22:52 +00:00
cmd := exec.Command("git", verb, repositoryPath)
cmd.Dir = repositoryPath
stdin, _ := cmd.StdinPipe()
stdout, _ := cmd.StdoutPipe()
stderr, _ := cmd.StderrPipe()
if err = cmd.Start(); err != nil {
errorSsh("Failed to start git command", err)
return errors.New("internal server error")
}
// avoid blocking
go func() {
_, _ = io.Copy(stdin, ch)
}()
_, _ = io.Copy(ch, stdout)
_, _ = io.Copy(ch, stderr)
err = cmd.Wait()
if err != nil {
errorSsh("Failed to wait for git command", err)
return errors.New("internal server error")
}
// updatedAt is updated only if serviceType is receive-pack
if verb == "receive-pack" {
2023-03-17 13:56:39 +00:00
_ = gist.SetLastActiveNow()
_ = gist.UpdatePreviewAndCount(false)
2024-01-04 02:38:15 +00:00
gist.AddInIndex()
2023-03-14 15:22:52 +00:00
}
return nil
}
func parseCommand(cmd string) (string, string) {
split := strings.SplitN(cmd, " ", 2)
if len(split) != 2 {
return "", ""
}
return split[0], strings.Replace(split[1], "'/", "'", 1)
}