mirror of
https://github.com/thomiceli/opengist.git
synced 2025-01-03 16:22:40 +00:00
Improved git http semantics and repo obfuscation (#94)
This commit is contained in:
parent
3e83700fc2
commit
977fc9db28
1 changed files with 13 additions and 15 deletions
|
@ -47,30 +47,28 @@ func gitHttp(ctx echo.Context) error {
|
||||||
|
|
||||||
gist := getData(ctx, "gist").(*db.Gist)
|
gist := getData(ctx, "gist").(*db.Gist)
|
||||||
|
|
||||||
// Shows basic auth if :
|
isInfoRefs := strings.HasSuffix(route.gitUrl, "/info/refs$")
|
||||||
// - user wants to push the gist
|
|
||||||
// - user wants to clone a private gist
|
isPull := ctx.QueryParam("service") == "git-upload-pack" ||
|
||||||
// - gist is not found (obfuscation)
|
|
||||||
// - admin setting to require login is set to true
|
|
||||||
noAuth := (ctx.QueryParam("service") == "git-upload-pack" ||
|
|
||||||
strings.HasSuffix(ctx.Request().URL.Path, "git-upload-pack") ||
|
strings.HasSuffix(ctx.Request().URL.Path, "git-upload-pack") ||
|
||||||
ctx.Request().Method == "GET") &&
|
ctx.Request().Method == "GET" && !isInfoRefs
|
||||||
gist.Private != 2 &&
|
|
||||||
gist.ID != 0 &&
|
|
||||||
!getData(ctx, "RequireLogin").(bool)
|
|
||||||
|
|
||||||
repositoryPath := git.RepositoryPath(gist.User.Username, gist.Uuid)
|
repositoryPath := git.RepositoryPath(gist.User.Username, gist.Uuid)
|
||||||
|
|
||||||
if _, err := os.Stat(repositoryPath); os.IsNotExist(err) {
|
if _, err := os.Stat(repositoryPath); os.IsNotExist(err) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Info().Err(err).Msg("Repository directory does not exist")
|
||||||
return errorRes(404, "Repository directory does not exist", err)
|
return errorRes(404, "Repository directory does not exist", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Set("repositoryPath", repositoryPath)
|
ctx.Set("repositoryPath", repositoryPath)
|
||||||
|
|
||||||
// Requires Basic Auth if we push the repository
|
// Shows basic auth if :
|
||||||
if noAuth {
|
// - user wants to push the gist
|
||||||
|
// - user wants to clone/pull a private gist
|
||||||
|
// - gist is not found (obfuscation)
|
||||||
|
// - admin setting to require login is set to true
|
||||||
|
if isPull && gist.Private != 2 && gist.ID != 0 && !getData(ctx, "RequireLogin").(bool) {
|
||||||
return route.handler(ctx)
|
return route.handler(ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -90,7 +88,7 @@ func gitHttp(ctx echo.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if gist.ID == 0 {
|
if gist.ID == 0 {
|
||||||
return errorRes(404, "Not found", nil)
|
return plainText(ctx, 404, "Check your credentials or make sure you have access to the Gist")
|
||||||
}
|
}
|
||||||
|
|
||||||
if ok, err := argon2id.verify(authPassword, gist.User.Password); !ok || gist.User.Username != authUsername {
|
if ok, err := argon2id.verify(authPassword, gist.User.Password); !ok || gist.User.Username != authUsername {
|
||||||
|
@ -98,7 +96,7 @@ func gitHttp(ctx echo.Context) error {
|
||||||
return errorRes(500, "Cannot verify password", err)
|
return errorRes(500, "Cannot verify password", err)
|
||||||
}
|
}
|
||||||
log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
|
log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
|
||||||
return errorRes(404, "Not found", nil)
|
return plainText(ctx, 404, "Check your credentials or make sure you have access to the Gist")
|
||||||
}
|
}
|
||||||
|
|
||||||
return route.handler(ctx)
|
return route.handler(ctx)
|
||||||
|
|
Loading…
Reference in a new issue