Hi… I am well aware that this diff view is very suboptimal. It will be fixed when the refactored server comes along!
Add SPDX license headers to all Go files
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"context"
)
// get_path_perm_by_group_repo_key returns the filesystem path and direct
// access permission for a given repo and a provided ssh public key.
func get_path_perm_by_group_repo_key(ctx context.Context, group_name, repo_name, ssh_pubkey string) (repo_id int, filesystem_path string, access bool, contrib_requirements string, user_type string, user_id int, err error) {
err = database.QueryRow(ctx,
`SELECT
r.id,
r.filesystem_path,
CASE
WHEN ugr.user_id IS NOT NULL THEN TRUE
ELSE FALSE
END AS has_role_in_group,
r.contrib_requirements,
COALESCE(u.type, ''),
COALESCE(u.id, 0)
FROM
groups g
JOIN
repos r ON r.group_id = g.id
LEFT JOIN
ssh_public_keys s ON s.key_string = $3
LEFT JOIN
users u ON u.id = s.user_id
LEFT JOIN
user_group_roles ugr ON ugr.group_id = g.id AND ugr.user_id = u.id
WHERE
g.name = $1
AND r.name = $2;`,
group_name, repo_name, ssh_pubkey,
).Scan(&repo_id, &filesystem_path, &access, &contrib_requirements, &user_type, &user_id)
return
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"bufio"
"context"
"errors"
"os"
"github.com/jackc/pgx/v5/pgxpool"
"go.lindenii.runxiyu.org/lindenii-common/scfg"
)
var database *pgxpool.Pool
var err_unsupported_database_type = errors.New("unsupported database type")
var config struct {
HTTP struct {
Net string `scfg:"net"`
Addr string `scfg:"addr"`
CookieExpiry int `scfg:"cookie_expiry"`
Root string `scfg:"root"`
} `scfg:"http"`
Hooks struct {
Socket string `scfg:"socket"`
Execs string `scfg:"execs"`
} `scfg:"hooks"`
SSH struct {
Net string `scfg:"net"`
Addr string `scfg:"addr"`
Key string `scfg:"key"`
Root string `scfg:"root"`
} `scfg:"ssh"`
General struct {
Title string `scfg:"title"`
} `scfg:"general"`
DB struct {
Type string `scfg:"type"`
Conn string `scfg:"conn"`
} `scfg:"db"`
}
func load_config(path string) (err error) {
config_file, err := os.Open(path)
if err != nil {
return err
}
defer config_file.Close()
decoder := scfg.NewDecoder(bufio.NewReader(config_file))
err = decoder.Decode(&config)
if err != nil {
return err
}
if config.DB.Type != "postgres" {
return err_unsupported_database_type
}
database, err = pgxpool.New(context.Background(), config.DB.Conn)
if err != nil {
return err
}
global_data["forge_title"] = config.General.Title
return nil
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"context"
)
// query_list is a helper function that executes a query and returns a list of
// results.
func query_list[T any](ctx context.Context, query string, args ...any) ([]T, error) {
rows, err := database.Query(ctx, query, args...)
if err != nil {
return nil, err
}
defer rows.Close()
var result []T
for rows.Next() {
var item T
if err := rows.Scan(&item); err != nil {
return nil, err
}
result = append(result, item)
}
if err := rows.Err(); err != nil {
return nil, err
}
return result, nil
}
// query_name_desc_list is a helper function that executes a query and returns a
// list of name_desc_t results.
func query_name_desc_list(ctx context.Context, query string, args ...any) ([]name_desc_t, error) {
rows, err := database.Query(ctx, query, args...)
if err != nil {
return nil, err
}
defer rows.Close()
result := []name_desc_t{}
for rows.Next() {
var name, description string
if err := rows.Scan(&name, &description); err != nil {
return nil, err
}
result = append(result, name_desc_t{name, description})
}
return result, rows.Err()
}
// name_desc_t holds a name and a description.
type name_desc_t struct {
Name string
Description string
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"bytes"
"fmt"
"strings"
"time"
"github.com/go-git/go-git/v5/plumbing/object"
)
// get_patch_from_commit formats a commit object as if it was returned by
// git-format-patch.
func format_patch_from_commit(commit *object.Commit) (string, error) {
_, patch, err := get_patch_from_commit(commit)
if err != nil {
return "", err
}
var buf bytes.Buffer
author := commit.Author
date := author.When.Format(time.RFC1123Z)
commit_msg_title, commit_msg_details, _ := strings.Cut(commit.Message, "\n")
// This date is hardcoded in Git.
fmt.Fprintf(&buf, "From %s Mon Sep 17 00:00:00 2001\n", commit.Hash)
fmt.Fprintf(&buf, "From: %s <%s>\n", author.Name, author.Email)
fmt.Fprintf(&buf, "Date: %s\n", date)
fmt.Fprintf(&buf, "Subject: [PATCH] %s\n\n", commit_msg_title)
if commit_msg_details != "" {
commit_msg_details_first_line, commit_msg_details_rest, _ := strings.Cut(commit_msg_details, "\n")
if strings.TrimSpace(commit_msg_details_first_line) == "" {
commit_msg_details = commit_msg_details_rest
}
buf.WriteString(commit_msg_details)
buf.WriteString("\n")
}
buf.WriteString("---\n")
fmt.Fprint(&buf, patch.Stats().String())
fmt.Fprintln(&buf)
buf.WriteString(patch.String())
fmt.Fprintf(&buf, "\n-- \n2.48.1\n")
return buf.String(), nil
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"errors"
"io"
"os"
"path/filepath"
)
// deploy_hooks_to_filesystem deploys the git hooks client to the filesystem.
// The git hooks client is expected to be embedded in resources_fs and must be
// pre-compiled during the build process; see the Makefile.
func deploy_hooks_to_filesystem() (err error) {
err = func() error {
src_fd, err := resources_fs.Open("git_hooks_client/git_hooks_client")
if err != nil {
return err
}
defer src_fd.Close()
dst_fd, err := os.OpenFile(filepath.Join(config.Hooks.Execs, "git_hooks_client"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o755)
if err != nil {
return err
}
defer dst_fd.Close()
_, err = io.Copy(dst_fd, src_fd)
if err != nil {
return err
}
return nil
}()
if err != nil {
return err
}
// Go's embed filesystems do not store permissions; but in any case,
// they would need to be 0o755:
err = os.Chmod(filepath.Join(config.Hooks.Execs, "git_hooks_client"), 0o755)
if err != nil {
return err
}
for _, hook_name := range []string{
"pre-receive",
} {
err = os.Symlink(filepath.Join(config.Hooks.Execs, "git_hooks_client"), filepath.Join(config.Hooks.Execs, hook_name))
if err != nil && !errors.Is(err, os.ErrExist) {
return err
}
}
return nil
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"bytes"
"context"
"encoding/binary"
"errors"
"fmt"
"io"
"net"
"os"
"path/filepath"
"strconv"
"strings"
"syscall"
"github.com/go-git/go-git/v5/plumbing"
"github.com/jackc/pgx/v5"
"go.lindenii.runxiyu.org/lindenii-common/ansiec"
)
var (
err_get_fd = errors.New("unable to get file descriptor")
err_get_ucred = errors.New("failed getsockopt")
)
// hooks_handle_connection handles a connection from git_hooks_client via the
// unix socket.
func hooks_handle_connection(conn net.Conn) {
defer conn.Close()
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// There aren't reasonable cases where someone would run this as
// another user.
ucred, err := get_ucred(conn)
if err != nil {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
wf_error(conn, "\nUnable to get peer credentials: %v", err)
return
}
if ucred.Uid != uint32(os.Getuid()) {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
wf_error(conn, "\nUID mismatch")
return
}
cookie := make([]byte, 64)
_, err = conn.Read(cookie)
if err != nil {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
wf_error(conn, "\nFailed to read cookie: %v", err)
return
}
pack_to_hook, ok := pack_to_hook_by_cookie.Load(string(cookie))
if !ok {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
wf_error(conn, "\nInvalid handler cookie")
return
}
ssh_stderr := pack_to_hook.session.Stderr()
ssh_stderr.Write([]byte{'\n'})
hook_return_value := func() byte {
var argc64 uint64
err = binary.Read(conn, binary.NativeEndian, &argc64)
if err != nil {
wf_error(ssh_stderr, "Failed to read argc: %v", err)
return 1
}
var args []string
for i := uint64(0); i < argc64; i++ {
var arg bytes.Buffer
for {
b := make([]byte, 1)
n, err := conn.Read(b)
if err != nil || n != 1 {
wf_error(ssh_stderr, "Failed to read arg: %v", err)
return 1
}
if b[0] == 0 {
break
}
arg.WriteByte(b[0])
}
args = append(args, arg.String())
}
var stdin bytes.Buffer
_, err = io.Copy(&stdin, conn)
if err != nil {
wf_error(conn, "Failed to read to the stdin buffer: %v", err)
}
switch filepath.Base(args[0]) {
case "pre-receive":
if pack_to_hook.direct_access {
return 0
} else {
all_ok := true
for {
line, err := stdin.ReadString('\n')
if errors.Is(err, io.EOF) {
break
}
line = line[:len(line)-1]
old_oid, rest, found := strings.Cut(line, " ")
if !found {
wf_error(ssh_stderr, "Invalid pre-receive line: %v", line)
return 1
}
new_oid, ref_name, found := strings.Cut(rest, " ")
if !found {
wf_error(ssh_stderr, "Invalid pre-receive line: %v", line)
return 1
}
if strings.HasPrefix(ref_name, "refs/heads/contrib/") {
if all_zero_num_string(old_oid) { // New branch
fmt.Fprintln(ssh_stderr, ansiec.Blue+"POK"+ansiec.Reset, ref_name)
var new_mr_id int
err = database.QueryRow(ctx,
"INSERT INTO merge_requests (repo_id, creator, source_ref, status) VALUES ($1, $2, $3, 'open') RETURNING id",
pack_to_hook.repo_id, pack_to_hook.user_id, strings.TrimPrefix(ref_name, "refs/heads/"),
).Scan(&new_mr_id)
if err != nil {
wf_error(ssh_stderr, "Error creating merge request: %v", err)
return 1
}
fmt.Fprintln(ssh_stderr, ansiec.Blue+"Created merge request at", generate_http_remote_url(pack_to_hook.group_name, pack_to_hook.repo_name)+"/contrib/"+strconv.FormatUint(uint64(new_mr_id), 10)+"/"+ansiec.Reset)
} else { // Existing contrib branch
var existing_merge_request_user_id int
err = database.QueryRow(ctx,
"SELECT COALESCE(creator, 0) FROM merge_requests WHERE source_ref = $1 AND repo_id = $2",
strings.TrimPrefix(ref_name, "refs/heads/"), pack_to_hook.repo_id,
).Scan(&existing_merge_request_user_id)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
wf_error(ssh_stderr, "No existing merge request for existing contrib branch: %v", err)
} else {
wf_error(ssh_stderr, "Error querying for existing merge request: %v", err)
}
return 1
}
if existing_merge_request_user_id == 0 {
all_ok = false
fmt.Fprintln(ssh_stderr, ansiec.Red+"NAK"+ansiec.Reset, ref_name, "(branch belongs to unowned MR)")
continue
}
if existing_merge_request_user_id != pack_to_hook.user_id {
all_ok = false
fmt.Fprintln(ssh_stderr, ansiec.Red+"NAK"+ansiec.Reset, ref_name, "(branch belongs another user's MR)")
continue
}
old_hash := plumbing.NewHash(old_oid)
old_commit, err := pack_to_hook.repo.CommitObject(old_hash)
if err != nil {
wf_error(ssh_stderr, "Daemon failed to get old commit: %v", err)
return 1
}
// Potential BUG: I'm not sure if new_commit is guaranteed to be
// detectable as they haven't been merged into the main repo's
// objects yet. But it seems to work, and I don't think there's
// any reason for this to only work intermitently.
new_hash := plumbing.NewHash(new_oid)
new_commit, err := pack_to_hook.repo.CommitObject(new_hash)
if err != nil {
wf_error(ssh_stderr, "Daemon failed to get new commit: %v", err)
return 1
}
is_ancestor, err := old_commit.IsAncestor(new_commit)
if err != nil {
wf_error(ssh_stderr, "Daemon failed to check if old commit is ancestor: %v", err)
return 1
}
if !is_ancestor {
// TODO: Create MR snapshot ref instead
all_ok = false
fmt.Fprintln(ssh_stderr, ansiec.Red+"NAK"+ansiec.Reset, ref_name, "(force pushes are not supported yet)")
continue
}
fmt.Fprintln(ssh_stderr, ansiec.Blue+"POK"+ansiec.Reset, ref_name)
}
} else { // Non-contrib branch
all_ok = false
fmt.Fprintln(ssh_stderr, ansiec.Red+"NAK"+ansiec.Reset, ref_name, "(you cannot push to branches outside of contrib/*)")
}
}
fmt.Fprintln(ssh_stderr)
if all_ok {
fmt.Fprintln(ssh_stderr, "Overall "+ansiec.Green+"ACK"+ansiec.Reset+" (all checks passed)")
return 0
} else {
fmt.Fprintln(ssh_stderr, "Overall "+ansiec.Red+"NAK"+ansiec.Reset+" (one or more branches failed checks)")
return 1
}
}
default:
fmt.Fprintln(ssh_stderr, ansiec.Red+"Invalid hook:", args[0]+ansiec.Reset)
return 1
}
}()
fmt.Fprintln(ssh_stderr)
_, _ = conn.Write([]byte{hook_return_value})
}
func serve_git_hooks(listener net.Listener) error {
for {
conn, err := listener.Accept()
if err != nil {
return err
}
go hooks_handle_connection(conn)
}
}
func get_ucred(conn net.Conn) (*syscall.Ucred, error) {
unix_conn := conn.(*net.UnixConn)
fd, err := unix_conn.File()
if err != nil {
return nil, err_get_fd
}
defer fd.Close()
ucred, err := syscall.GetsockoptUcred(int(fd.Fd()), syscall.SOL_SOCKET, syscall.SO_PEERCRED)
if err != nil {
return nil, err_get_ucred
}
return ucred, nil
}
func all_zero_num_string(s string) bool {
for _, r := range s {
if r != '0' {
return false
}
}
return true
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"github.com/go-git/go-git/v5"
git_format_config "github.com/go-git/go-git/v5/plumbing/format/config"
)
// git_bare_init_with_default_hooks initializes a bare git repository with the
// forge-deployed hooks directory as the hooksPath.
func git_bare_init_with_default_hooks(repo_path string) (err error) {
repo, err := git.PlainInit(repo_path, true)
if err != nil {
return err
}
git_config, err := repo.Config()
if err != nil {
return err
}
git_config.Raw.SetOption("core", git_format_config.NoSubsection, "hooksPath", config.Hooks.Execs)
err = repo.SetConfig(git_config)
if err != nil {
return err
}
return nil
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"context"
"errors"
"io"
"strings"
"github.com/go-git/go-git/v5"
"github.com/go-git/go-git/v5/plumbing"
"github.com/go-git/go-git/v5/plumbing/object"
)
// open_git_repo opens a git repository by group and repo name.
func open_git_repo(ctx context.Context, group_name, repo_name string) (repo *git.Repository, description string, repo_id int, err error) {
var fs_path string
err = database.QueryRow(ctx, "SELECT r.filesystem_path, COALESCE(r.description, ''), r.id FROM repos r JOIN groups g ON r.group_id = g.id WHERE g.name = $1 AND r.name = $2;", group_name, repo_name).Scan(&fs_path, &description, &repo_id)
if err != nil {
return
}
repo, err = git.PlainOpen(fs_path)
return
}
// go-git's tree entries are not friendly for use in HTML templates.
type display_git_tree_entry_t struct {
Name string
Mode string
Size int64
Is_file bool
Is_subtree bool
}
func build_display_git_tree(tree *object.Tree) []display_git_tree_entry_t {
display_git_tree := make([]display_git_tree_entry_t, 0)
for _, entry := range tree.Entries {
display_git_tree_entry := display_git_tree_entry_t{}
os_mode, err := entry.Mode.ToOSFileMode()
if err != nil {
display_git_tree_entry.Mode = "x---------"
} else {
display_git_tree_entry.Mode = os_mode.String()
}
display_git_tree_entry.Is_file = entry.Mode.IsFile()
display_git_tree_entry.Size, err = tree.Size(entry.Name)
if err != nil {
display_git_tree_entry.Size = 0
}
display_git_tree_entry.Name = strings.TrimPrefix(entry.Name, "/")
display_git_tree = append(display_git_tree, display_git_tree_entry)
}
return display_git_tree
}
func get_recent_commits(repo *git.Repository, head_hash plumbing.Hash, number_of_commits int) (recent_commits []*object.Commit, err error) {
commit_iter, err := repo.Log(&git.LogOptions{From: head_hash})
if err != nil {
return nil, err
}
recent_commits = make([]*object.Commit, 0)
defer commit_iter.Close()
if number_of_commits < 0 {
for {
this_recent_commit, err := commit_iter.Next()
if errors.Is(err, io.EOF) {
return recent_commits, nil
} else if err != nil {
return nil, err
}
recent_commits = append(recent_commits, this_recent_commit)
}
} else {
for range number_of_commits {
this_recent_commit, err := commit_iter.Next()
if errors.Is(err, io.EOF) {
return recent_commits, nil
} else if err != nil {
return nil, err
}
recent_commits = append(recent_commits, this_recent_commit)
}
}
return recent_commits, err
}
func get_patch_from_commit(commit_object *object.Commit) (parent_commit_hash plumbing.Hash, patch *object.Patch, ret_err error) {
parent_commit_object, err := commit_object.Parent(0)
if errors.Is(err, object.ErrParentNotFound) {
commit_tree, err := commit_object.Tree()
if err != nil {
ret_err = err
return
}
patch, err = (&object.Tree{}).Patch(commit_tree)
if err != nil {
ret_err = err
return
}
} else if err != nil {
ret_err = err
return
} else {
parent_commit_hash = parent_commit_object.Hash
patch, err = parent_commit_object.Patch(commit_object)
if err != nil {
ret_err = err
return
}
}
return
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"github.com/go-git/go-git/v5"
"github.com/go-git/go-git/v5/plumbing"
)
// get_ref_hash_from_type_and_name returns the hash of a reference given its
// type and name as supplied in URL queries.
func get_ref_hash_from_type_and_name(repo *git.Repository, ref_type, ref_name string) (ref_hash plumbing.Hash, ret_err error) {
switch ref_type {
case "":
head, err := repo.Head()
if err != nil {
ret_err = err
return
}
ref_hash = head.Hash()
case "commit":
ref_hash = plumbing.NewHash(ref_name)
case "branch":
ref, err := repo.Reference(plumbing.NewBranchReferenceName(ref_name), true)
if err != nil {
ret_err = err
return
}
ref_hash = ref.Hash()
case "tag":
ref, err := repo.Reference(plumbing.NewTagReferenceName(ref_name), true)
if err != nil {
ret_err = err
return
}
ref_hash = ref.Hash()
default:
panic("Invalid ref type " + ref_type)
}
return
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"net/http"
)
func get_user_info_from_request(r *http.Request) (id int, username string, err error) {
session_cookie, err := r.Cookie("session")
if err != nil {
return
}
err = database.QueryRow(r.Context(), "SELECT user_id, COALESCE(username, '') FROM users u JOIN sessions s ON u.id = s.user_id WHERE s.session_id = $1;", session_cookie.Value).Scan(&id, &username)
return
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
// global_data is passed as "global" when rendering HTML templates.
var global_data = map[string]any{
"server_public_key_string": &server_public_key_string,
"server_public_key_fingerprint": &server_public_key_fingerprint,
"forge_version": VERSION,
// Some other ones are populated after config parsing
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"net/http"
)
func handle_group_repos(w http.ResponseWriter, r *http.Request, params map[string]any) {
group_name := params["group_name"]
repos, err := query_name_desc_list(r.Context(), "SELECT r.name, COALESCE(r.description, '') FROM repos r JOIN groups g ON r.group_id = g.id WHERE g.name = $1;", group_name)
if err != nil {
http.Error(w, "Error getting groups: "+err.Error(), http.StatusInternalServerError)
return
}
params["repos"] = repos
render_template(w, "group_repos", params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"net/http"
)
func handle_index(w http.ResponseWriter, r *http.Request, params map[string]any) {
groups, err := query_name_desc_list(r.Context(), "SELECT name, COALESCE(description, '') FROM groups")
if err != nil {
http.Error(w, "Error querying groups: "+err.Error(), http.StatusInternalServerError)
return
}
params["groups"] = groups
render_template(w, "index", params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"crypto/rand"
"encoding/base64"
"errors"
"fmt"
"net/http"
"time"
"github.com/alexedwards/argon2id"
"github.com/jackc/pgx/v5"
)
func handle_login(w http.ResponseWriter, r *http.Request, params map[string]any) {
if r.Method != "POST" {
render_template(w, "login", params)
return
}
var user_id int
username := r.PostFormValue("username")
password := r.PostFormValue("password")
var password_hash string
err := database.QueryRow(r.Context(), "SELECT id, COALESCE(password, '') FROM users WHERE username = $1", username).Scan(&user_id, &password_hash)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
params["login_error"] = "Unknown username"
render_template(w, "login", params)
return
}
http.Error(w, "Error querying user information: "+err.Error(), http.StatusInternalServerError)
return
}
if password_hash == "" {
params["login_error"] = "User has no password"
render_template(w, "login", params)
return
}
match, err := argon2id.ComparePasswordAndHash(password, password_hash)
if err != nil {
http.Error(w, "Error comparing password and hash: "+err.Error(), http.StatusInternalServerError)
return
}
if !match {
params["login_error"] = "Invalid password"
render_template(w, "login", params)
return
}
cookie_value, err := random_urlsafe_string(16)
if err != nil {
http.Error(w, "Error getting random string: "+err.Error(), http.StatusInternalServerError)
return
}
now := time.Now()
expiry := now.Add(time.Duration(config.HTTP.CookieExpiry) * time.Second)
cookie := http.Cookie{
Name: "session",
Value: cookie_value,
SameSite: http.SameSiteLaxMode,
HttpOnly: true,
Secure: false, // TODO
Expires: expiry,
Path: "/",
// TODO: Expire
}
http.SetCookie(w, &cookie)
_, err = database.Exec(r.Context(), "INSERT INTO sessions (user_id, session_id) VALUES ($1, $2)", user_id, cookie_value)
if err != nil {
http.Error(w, "Error inserting session: "+err.Error(), http.StatusInternalServerError)
return
}
http.Redirect(w, r, "/", http.StatusSeeOther)
}
// random_urlsafe_string generates a random string of the given entropic size
// using the URL-safe base64 encoding. The actual size of the string returned
// will be 4*sz.
func random_urlsafe_string(sz int) (string, error) {
r := make([]byte, 3*sz)
_, err := rand.Read(r)
if err != nil {
return "", fmt.Errorf("error generating random string: %w", err)
}
return base64.RawURLEncoding.EncodeToString(r), nil
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"fmt"
"net/http"
"strings"
"github.com/go-git/go-git/v5"
"github.com/go-git/go-git/v5/plumbing"
"github.com/go-git/go-git/v5/plumbing/filemode"
"github.com/go-git/go-git/v5/plumbing/format/diff"
"go.lindenii.runxiyu.org/lindenii-common/misc"
)
// The file patch type from go-git isn't really usable in HTML templates
// either.
type usable_file_patch struct {
From diff.File
To diff.File
Chunks []usable_chunk
}
type usable_chunk struct {
Operation diff.Operation
Content string
}
func handle_repo_commit(w http.ResponseWriter, r *http.Request, params map[string]any) {
repo, commit_id_specified_string := params["repo"].(*git.Repository), params["commit_id"].(string)
commit_id_specified_string_without_suffix := strings.TrimSuffix(commit_id_specified_string, ".patch")
commit_id := plumbing.NewHash(commit_id_specified_string_without_suffix)
commit_object, err := repo.CommitObject(commit_id)
if err != nil {
http.Error(w, "Error getting commit object: "+err.Error(), http.StatusInternalServerError)
return
}
if commit_id_specified_string_without_suffix != commit_id_specified_string {
patch, err := format_patch_from_commit(commit_object)
if err != nil {
http.Error(w, "Error formatting patch: "+err.Error(), http.StatusInternalServerError)
return
}
fmt.Fprintln(w, patch)
return
}
commit_id_string := commit_object.Hash.String()
if commit_id_string != commit_id_specified_string {
http.Redirect(w, r, commit_id_string, http.StatusSeeOther)
return
}
params["commit_object"] = commit_object
params["commit_id"] = commit_id_string
parent_commit_hash, patch, err := get_patch_from_commit(commit_object)
if err != nil {
http.Error(w, "Error getting patch from commit: "+err.Error(), http.StatusInternalServerError)
return
}
params["parent_commit_hash"] = parent_commit_hash.String()
params["patch"] = patch
params["file_patches"] = make_usable_file_patches(patch)
render_template(w, "repo_commit", params)
}
type fake_diff_file struct {
hash plumbing.Hash
mode filemode.FileMode
path string
}
func (f fake_diff_file) Hash() plumbing.Hash {
return f.hash
}
func (f fake_diff_file) Mode() filemode.FileMode {
return f.mode
}
func (f fake_diff_file) Path() string {
return f.path
}
var fake_diff_file_null = fake_diff_file{
hash: plumbing.NewHash("0000000000000000000000000000000000000000"),
mode: misc.First_or_panic(filemode.New("100644")),
path: "",
}
func make_usable_file_patches(patch diff.Patch) (usable_file_patches []usable_file_patch) {
// TODO: Remove unnecessary context
// TODO: Prepend "+"/"-"/" " instead of solely distinguishing based on color
usable_file_patches = make([]usable_file_patch, 0)
for _, file_patch := range patch.FilePatches() {
from, to := file_patch.Files()
if from == nil {
from = fake_diff_file_null
}
if to == nil {
to = fake_diff_file_null
}
chunks := []usable_chunk{}
for _, chunk := range file_patch.Chunks() {
content := chunk.Content()
if len(content) > 0 && content[0] == '\n' {
content = "\n" + content
} // Horrible hack to fix how browsers newlines that immediately proceed <pre>
chunks = append(chunks, usable_chunk{
Operation: chunk.Type(),
Content: content,
})
}
usable_file_patch := usable_file_patch{
Chunks: chunks,
From: from,
To: to,
}
usable_file_patches = append(usable_file_patches, usable_file_patch)
}
return
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"net/http"
)
type id_title_status_t struct {
ID int
Title string
Status string
}
func handle_repo_contrib_index(w http.ResponseWriter, r *http.Request, params map[string]any) {
rows, err := database.Query(r.Context(), "SELECT id, COALESCE(title, 'Untitled'), status FROM merge_requests WHERE repo_id = $1", params["repo_id"])
if err != nil {
http.Error(w, "Error querying merge requests: "+err.Error(), http.StatusInternalServerError)
return
}
defer rows.Close()
result := []id_title_status_t{}
for rows.Next() {
var id int
var title, status string
if err := rows.Scan(&id, &title, &status); err != nil {
http.Error(w, "Error scanning merge request: "+err.Error(), http.StatusInternalServerError)
return
}
result = append(result, id_title_status_t{id, title, status})
}
if err := rows.Err(); err != nil {
http.Error(w, "Error ranging over merge requests: "+err.Error(), http.StatusInternalServerError)
return
}
params["merge_requests"] = result
render_template(w, "repo_contrib_index", params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"net/http"
"strconv"
"github.com/go-git/go-git/v5"
"github.com/go-git/go-git/v5/plumbing"
)
func handle_repo_contrib_one(w http.ResponseWriter, r *http.Request, params map[string]any) {
mr_id_string := params["mr_id"].(string)
mr_id, err := strconv.ParseInt(mr_id_string, 10, strconv.IntSize)
if err != nil {
http.Error(w, "Merge request ID not an integer: "+err.Error(), http.StatusBadRequest)
return
}
var title, status, source_ref, destination_branch string
err = database.QueryRow(r.Context(), "SELECT COALESCE(title, ''), status, source_ref, COALESCE(destination_branch, '') FROM merge_requests WHERE id = $1", mr_id).Scan(&title, &status, &source_ref, &destination_branch)
if err != nil {
http.Error(w, "Error querying merge request: "+err.Error(), http.StatusInternalServerError)
return
}
repo := params["repo"].(*git.Repository)
source_ref_hash, err := get_ref_hash_from_type_and_name(repo, "branch", source_ref)
if err != nil {
http.Error(w, "Error getting source ref hash: "+err.Error(), http.StatusInternalServerError)
return
}
source_commit, err := repo.CommitObject(source_ref_hash)
if err != nil {
http.Error(w, "Error getting source commit: "+err.Error(), http.StatusInternalServerError)
return
}
params["source_commit"] = source_commit
var destination_branch_hash plumbing.Hash
if destination_branch == "" {
destination_branch = "HEAD"
destination_branch_hash, err = get_ref_hash_from_type_and_name(repo, "", "")
} else {
destination_branch_hash, err = get_ref_hash_from_type_and_name(repo, "branch", destination_branch)
if err != nil {
http.Error(w, "Error getting destination branch hash: "+err.Error(), http.StatusInternalServerError)
return
}
}
destination_commit, err := repo.CommitObject(destination_branch_hash)
if err != nil {
http.Error(w, "Error getting destination commit: "+err.Error(), http.StatusInternalServerError)
return
}
params["destination_commit"] = destination_commit
patch, err := destination_commit.Patch(source_commit)
if err != nil {
http.Error(w, "Error getting patch: "+err.Error(), http.StatusInternalServerError)
return
}
params["file_patches"] = make_usable_file_patches(patch)
params["mr_title"], params["mr_status"], params["mr_source_ref"], params["mr_destination_branch"] = title, status, source_ref, destination_branch
render_template(w, "repo_contrib_one", params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"net/http"
"github.com/go-git/go-git/v5"
)
func handle_repo_index(w http.ResponseWriter, r *http.Request, params map[string]any) {
repo, repo_name, group_name := params["repo"].(*git.Repository), params["repo_name"].(string), params["group_name"].(string)
ref_hash, err := get_ref_hash_from_type_and_name(repo, params["ref_type"].(string), params["ref_name"].(string))
if err != nil {
http.Error(w, "Error getting ref hash: "+err.Error(), http.StatusInternalServerError)
return
}
recent_commits, err := get_recent_commits(repo, ref_hash, 3)
if err != nil {
http.Error(w, "Error getting recent commits: "+err.Error(), http.StatusInternalServerError)
return
}
params["commits"] = recent_commits
commit_object, err := repo.CommitObject(ref_hash)
if err != nil {
http.Error(w, "Error getting commit object: "+err.Error(), http.StatusInternalServerError)
return
}
tree, err := commit_object.Tree()
if err != nil {
http.Error(w, "Error getting file tree: "+err.Error(), http.StatusInternalServerError)
return
}
params["readme_filename"], params["readme"] = render_readme_at_tree(tree)
params["files"] = build_display_git_tree(tree)
params["http_clone_url"] = generate_http_remote_url(group_name, repo_name)
params["ssh_clone_url"] = generate_ssh_remote_url(group_name, repo_name)
render_template(w, "repo_index", params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"fmt"
"io"
"net/http"
"os/exec"
)
func handle_repo_info(w http.ResponseWriter, r *http.Request, params map[string]any) (err error) {
group_name, repo_name := params["group_name"].(string), params["repo_name"].(string)
var repo_path string
err = database.QueryRow(r.Context(), "SELECT r.filesystem_path FROM repos r JOIN groups g ON r.group_id = g.id WHERE g.name = $1 AND r.name = $2;", group_name, repo_name).Scan(&repo_path)
if err != nil {
return err
}
w.Header().Set("Content-Type", "application/x-git-upload-pack-advertisement")
w.WriteHeader(http.StatusOK)
cmd := exec.Command("git", "upload-pack", "--stateless-rpc", "--advertise-refs", repo_path)
stdout, err := cmd.StdoutPipe()
if err != nil {
return err
}
cmd.Stderr = cmd.Stdout
defer func() {
_ = stdout.Close()
}()
err = cmd.Start()
if err != nil {
return err
}
err = pack_line(w, "# service=git-upload-pack\n")
if err != nil {
return err
}
err = pack_flush(w)
if err != nil {
return
}
_, err = io.Copy(w, stdout)
if err != nil {
return err
}
err = cmd.Wait()
if err != nil {
return err
}
return nil
}
// Taken from https://github.com/icyphox/legit, MIT license
func pack_line(w io.Writer, s string) error {
_, err := fmt.Fprintf(w, "%04x%s", len(s)+4, s)
return err
}
// Taken from https://github.com/icyphox/legit, MIT license
func pack_flush(w io.Writer) error {
_, err := fmt.Fprint(w, "0000")
return err
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"net/http"
"github.com/go-git/go-git/v5"
)
// TODO: I probably shouldn't include *all* commits here...
func handle_repo_log(w http.ResponseWriter, r *http.Request, params map[string]any) {
repo := params["repo"].(*git.Repository)
ref_hash, err := get_ref_hash_from_type_and_name(repo, params["ref_type"].(string), params["ref_name"].(string))
if err != nil {
http.Error(w, "Error getting ref hash: "+err.Error(), http.StatusInternalServerError)
return
}
commits, err := get_recent_commits(repo, ref_hash, -1)
if err != nil {
http.Error(w, "Error getting recent commits: "+err.Error(), http.StatusInternalServerError)
return
}
params["commits"] = commits
render_template(w, "repo_log", params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"fmt"
"net/http"
"path"
"strings"
"github.com/go-git/go-git/v5"
"github.com/go-git/go-git/v5/plumbing/object"
)
func handle_repo_raw(w http.ResponseWriter, r *http.Request, params map[string]any) {
raw_path_spec := params["rest"].(string)
repo, path_spec := params["repo"].(*git.Repository), strings.TrimSuffix(raw_path_spec, "/")
params["path_spec"] = path_spec
ref_hash, err := get_ref_hash_from_type_and_name(repo, params["ref_type"].(string), params["ref_name"].(string))
if err != nil {
http.Error(w, "Error getting ref hash: "+err.Error(), http.StatusInternalServerError)
return
}
commit_object, err := repo.CommitObject(ref_hash)
if err != nil {
http.Error(w, "Error getting commit object: "+err.Error(), http.StatusInternalServerError)
return
}
tree, err := commit_object.Tree()
if err != nil {
http.Error(w, "Error getting file tree: "+err.Error(), http.StatusInternalServerError)
return
}
var target *object.Tree
if path_spec == "" {
target = tree
} else {
target, err = tree.Tree(path_spec)
if err != nil {
file, err := tree.File(path_spec)
if err != nil {
http.Error(w, "Error retrieving path: "+err.Error(), http.StatusInternalServerError)
return
}
if len(raw_path_spec) != 0 && raw_path_spec[len(raw_path_spec)-1] == '/' {
http.Redirect(w, r, "../"+path_spec, http.StatusSeeOther)
return
}
file_contents, err := file.Contents()
if err != nil {
http.Error(w, "Error reading file: "+err.Error(), http.StatusInternalServerError)
return
}
fmt.Fprintln(w, file_contents)
return
}
}
if len(raw_path_spec) != 0 && raw_path_spec[len(raw_path_spec)-1] != '/' {
http.Redirect(w, r, path.Base(path_spec)+"/", http.StatusSeeOther)
return
}
params["files"] = build_display_git_tree(target)
render_template(w, "repo_raw_dir", params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"bytes"
"html/template"
"net/http"
"path"
"strings"
chroma_formatters_html "github.com/alecthomas/chroma/v2/formatters/html"
chroma_lexers "github.com/alecthomas/chroma/v2/lexers"
chroma_styles "github.com/alecthomas/chroma/v2/styles"
"github.com/go-git/go-git/v5"
"github.com/go-git/go-git/v5/plumbing/object"
)
func handle_repo_tree(w http.ResponseWriter, r *http.Request, params map[string]any) {
raw_path_spec := params["rest"].(string)
repo, path_spec := params["repo"].(*git.Repository), strings.TrimSuffix(raw_path_spec, "/")
params["path_spec"] = path_spec
ref_hash, err := get_ref_hash_from_type_and_name(repo, params["ref_type"].(string), params["ref_name"].(string))
if err != nil {
http.Error(w, "Error getting ref hash: "+err.Error(), http.StatusInternalServerError)
return
}
commit_object, err := repo.CommitObject(ref_hash)
if err != nil {
http.Error(w, "Error getting commit object: "+err.Error(), http.StatusInternalServerError)
return
}
tree, err := commit_object.Tree()
if err != nil {
http.Error(w, "Error getting file tree: "+err.Error(), http.StatusInternalServerError)
return
}
var target *object.Tree
if path_spec == "" {
target = tree
} else {
target, err = tree.Tree(path_spec)
if err != nil {
file, err := tree.File(path_spec)
if err != nil {
http.Error(w, "Error retrieving path: "+err.Error(), http.StatusInternalServerError)
return
}
if len(raw_path_spec) != 0 && raw_path_spec[len(raw_path_spec)-1] == '/' {
http.Redirect(w, r, "../"+path_spec, http.StatusSeeOther)
return
}
file_contents, err := file.Contents()
if err != nil {
http.Error(w, "Error reading file: "+err.Error(), http.StatusInternalServerError)
return
}
lexer := chroma_lexers.Match(path_spec)
if lexer == nil {
lexer = chroma_lexers.Fallback
}
iterator, err := lexer.Tokenise(nil, file_contents)
if err != nil {
http.Error(w, "Error tokenizing code: "+err.Error(), http.StatusInternalServerError)
return
}
var formatted_unencapsulated bytes.Buffer
style := chroma_styles.Get("autumn")
formatter := chroma_formatters_html.New(chroma_formatters_html.WithClasses(true), chroma_formatters_html.TabWidth(8))
err = formatter.Format(&formatted_unencapsulated, style, iterator)
if err != nil {
http.Error(w, "Error formatting code: "+err.Error(), http.StatusInternalServerError)
return
}
formatted_encapsulated := template.HTML(formatted_unencapsulated.Bytes())
params["file_contents"] = formatted_encapsulated
render_template(w, "repo_tree_file", params)
return
}
}
if len(raw_path_spec) != 0 && raw_path_spec[len(raw_path_spec)-1] != '/' {
http.Redirect(w, r, path.Base(path_spec)+"/", http.StatusSeeOther)
return
}
params["readme_filename"], params["readme"] = render_readme_at_tree(target)
params["files"] = build_display_git_tree(target)
render_template(w, "repo_tree_dir", params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"io"
"net/http"
"os"
"os/exec"
)
func handle_upload_pack(w http.ResponseWriter, r *http.Request, params map[string]any) (err error) {
group_name, repo_name := params["group_name"].(string), params["repo_name"].(string)
var repo_path string
err = database.QueryRow(r.Context(), "SELECT r.filesystem_path FROM repos r JOIN groups g ON r.group_id = g.id WHERE g.name = $1 AND r.name = $2;", group_name, repo_name).Scan(&repo_path)
if err != nil {
return err
}
w.Header().Set("Content-Type", "application/x-git-upload-pack-result")
w.Header().Set("Connection", "Keep-Alive")
w.Header().Set("Transfer-Encoding", "chunked")
w.WriteHeader(http.StatusOK)
cmd := exec.Command("git", "upload-pack", "--stateless-rpc", repo_path)
cmd.Env = append(os.Environ(), "LINDENII_FORGE_HOOKS_SOCKET_PATH="+config.Hooks.Socket)
stdout, err := cmd.StdoutPipe()
if err != nil {
return err
}
cmd.Stderr = cmd.Stdout
defer func() {
_ = stdout.Close()
}()
stdin, err := cmd.StdinPipe()
if err != nil {
return err
}
defer func() {
_ = stdin.Close()
}()
err = cmd.Start()
if err != nil {
return err
}
_, err = io.Copy(stdin, r.Body)
if err != nil {
return err
}
err = stdin.Close()
if err != nil {
return err
}
_, err = io.Copy(w, stdout)
if err != nil {
return err
}
err = cmd.Wait()
if err != nil {
return err
}
return nil
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"net/http"
)
func handle_users(w http.ResponseWriter, r *http.Request, params map[string]any) {
http.Error(w, "Not implemented", http.StatusNotImplemented)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"bytes"
"html"
"html/template"
"strings"
"github.com/go-git/go-git/v5/plumbing/object"
"github.com/microcosm-cc/bluemonday"
"github.com/niklasfasching/go-org/org"
"github.com/yuin/goldmark"
"github.com/yuin/goldmark/extension"
)
var markdown_converter = goldmark.New(goldmark.WithExtensions(extension.GFM))
func render_readme_at_tree(tree *object.Tree) (readme_filename string, readme_content template.HTML) {
var readme_rendered_unsafe bytes.Buffer
readme_file, err := tree.File("README")
if err == nil {
readme_file_contents, err := readme_file.Contents()
if err != nil {
return "Error fetching README", string_escape_html("Unable to fetch contents of README: " + err.Error())
}
return "README", template.HTML("<pre>" + html.EscapeString(readme_file_contents) + "</pre>")
}
readme_file, err = tree.File("README.md")
if err == nil {
readme_file_contents, err := readme_file.Contents()
if err != nil {
return "Error fetching README", string_escape_html("Unable to fetch contents of README: " + err.Error())
}
err = markdown_converter.Convert([]byte(readme_file_contents), &readme_rendered_unsafe)
if err != nil {
return "Error fetching README", string_escape_html("Unable to render README: " + err.Error())
}
return "README.md", template.HTML(bluemonday.UGCPolicy().SanitizeBytes(readme_rendered_unsafe.Bytes()))
}
readme_file, err = tree.File("README.org")
if err == nil {
readme_file_contents, err := readme_file.Contents()
if err != nil {
return "Error fetching README", string_escape_html("Unable to fetch contents of README: " + err.Error())
}
org_html, err := org.New().Parse(strings.NewReader(readme_file_contents), readme_filename).Write(org.NewHTMLWriter())
if err != nil {
return "Error fetching README", string_escape_html("Unable to render README: " + err.Error())
}
return "README.org", template.HTML(bluemonday.UGCPolicy().Sanitize(org_html))
}
return "", ""
}
func string_escape_html(s string) template.HTML {
return template.HTML(html.EscapeString(s))
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"errors"
"fmt"
"net/http"
"strconv"
"strings"
"github.com/jackc/pgx/v5"
"go.lindenii.runxiyu.org/lindenii-common/clog"
)
type http_router_t struct{}
func (router *http_router_t) ServeHTTP(w http.ResponseWriter, r *http.Request) {
clog.Info("Incoming HTTP: " + r.RemoteAddr + " " + r.Method + " " + r.RequestURI)
segments, _, err := parse_request_uri(r.RequestURI)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
non_empty_last_segments_len := len(segments)
if segments[len(segments)-1] == "" {
non_empty_last_segments_len--
}
if segments[0] == ":" {
if len(segments) < 2 {
http.Error(w, "Blank system endpoint", http.StatusNotFound)
return
} else if len(segments) == 2 && redirect_with_slash(w, r) {
return
}
switch segments[1] {
case "static":
static_handler.ServeHTTP(w, r)
return
case "source":
source_handler.ServeHTTP(w, r)
return
}
}
params := make(map[string]any)
params["url_segments"] = segments
params["global"] = global_data
var _user_id int // 0 for none
_user_id, params["username"], err = get_user_info_from_request(r)
if errors.Is(err, http.ErrNoCookie) {
} else if errors.Is(err, pgx.ErrNoRows) {
} else if err != nil {
http.Error(w, "Error getting user info from request: "+err.Error(), http.StatusInternalServerError)
return
}
if _user_id == 0 {
params["user_id"] = ""
} else {
params["user_id"] = strconv.Itoa(_user_id)
}
if segments[0] == ":" {
switch segments[1] {
case "login":
handle_login(w, r, params)
return
case "users":
handle_users(w, r, params)
return
default:
http.Error(w, fmt.Sprintf("Unknown system module type: %s", segments[1]), http.StatusNotFound)
return
}
}
separator_index := -1
for i, part := range segments {
if part == ":" {
separator_index = i
break
}
}
params["separator_index"] = separator_index
// TODO
if separator_index > 1 {
http.Error(w, "Subgroups haven't been implemented yet", http.StatusNotImplemented)
return
}
switch {
case non_empty_last_segments_len == 0:
handle_index(w, r, params)
case separator_index == -1:
http.Error(w, "Group indexing hasn't been implemented yet", http.StatusNotImplemented)
case non_empty_last_segments_len == separator_index+1:
http.Error(w, "Group root hasn't been implemented yet", http.StatusNotImplemented)
case non_empty_last_segments_len == separator_index+2:
if redirect_with_slash(w, r) {
return
}
module_type := segments[separator_index+1]
params["group_name"] = segments[0]
switch module_type {
case "repos":
handle_group_repos(w, r, params)
default:
http.Error(w, fmt.Sprintf("Unknown module type: %s", module_type), http.StatusNotFound)
}
default:
module_type := segments[separator_index+1]
module_name := segments[separator_index+2]
group_name := segments[0]
params["group_name"] = group_name
switch module_type {
case "repos":
params["repo_name"] = module_name
if non_empty_last_segments_len > separator_index+3 {
switch segments[separator_index+3] {
case "info":
err = handle_repo_info(w, r, params)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
return
case "git-upload-pack":
err = handle_upload_pack(w, r, params)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
return
}
}
params["ref_type"], params["ref_name"], err = get_param_ref_and_type(r)
if err != nil {
if errors.Is(err, err_no_ref_spec) {
params["ref_type"] = ""
} else {
http.Error(w, "Error querying ref type: "+err.Error(), http.StatusInternalServerError)
return
}
}
// TODO: subgroups
params["repo"], params["repo_description"], params["repo_id"], err = open_git_repo(r.Context(), group_name, module_name)
if err != nil {
http.Error(w, "Error opening repo: "+err.Error(), http.StatusInternalServerError)
return
}
if non_empty_last_segments_len == separator_index+3 {
if redirect_with_slash(w, r) {
return
}
handle_repo_index(w, r, params)
return
}
repo_feature := segments[separator_index+3]
switch repo_feature {
case "tree":
params["rest"] = strings.Join(segments[separator_index+4:], "/")
if len(segments) < separator_index+5 && redirect_with_slash(w, r) {
return
}
handle_repo_tree(w, r, params)
case "raw":
params["rest"] = strings.Join(segments[separator_index+4:], "/")
if len(segments) < separator_index+5 && redirect_with_slash(w, r) {
return
}
handle_repo_raw(w, r, params)
case "log":
if non_empty_last_segments_len > separator_index+4 {
http.Error(w, "Too many parameters", http.StatusBadRequest)
return
}
if redirect_with_slash(w, r) {
return
}
handle_repo_log(w, r, params)
case "commit":
if redirect_without_slash(w, r) {
return
}
params["commit_id"] = segments[separator_index+4]
handle_repo_commit(w, r, params)
case "contrib":
if redirect_with_slash(w, r) {
return
}
switch non_empty_last_segments_len {
case separator_index + 4:
handle_repo_contrib_index(w, r, params)
case separator_index + 5:
params["mr_id"] = segments[separator_index+4]
handle_repo_contrib_one(w, r, params)
default:
http.Error(w, "Too many parameters", http.StatusBadRequest)
}
default:
http.Error(w, fmt.Sprintf("Unknown repo feature: %s", repo_feature), http.StatusNotFound)
}
default:
http.Error(w, fmt.Sprintf("Unknown module type: %s", module_type), http.StatusNotFound)
}
}
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import "net/http"
// render_template abstracts out the annoyances of reporting template rendering
// errors.
func render_template(w http.ResponseWriter, template_name string, params map[string]any) {
err := templates.ExecuteTemplate(w, template_name, params)
if err != nil {
http.Error(w, "Error rendering template: "+err.Error(), http.StatusInternalServerError)
}
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"path"
"strings"
)
func first_line(s string) string {
before, _, _ := strings.Cut(s, "\n")
return before
}
func base_name(s string) string {
return path.Base(s)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"errors"
"flag"
"net"
"net/http"
"syscall"
"go.lindenii.runxiyu.org/lindenii-common/clog"
)
func main() {
config_path := flag.String(
"config",
"/etc/lindenii/forge.scfg",
"path to configuration file",
)
flag.Parse()
if err := load_config(*config_path); err != nil {
clog.Fatal(1, "Loading configuration: "+err.Error())
}
if err := deploy_hooks_to_filesystem(); err != nil {
clog.Fatal(1, "Deploying hooks to filesystem: "+err.Error())
}
if err := load_templates(); err != nil {
clog.Fatal(1, "Loading templates: "+err.Error())
}
// UNIX socket listener for hooks
var hooks_listener net.Listener
var err error
hooks_listener, err = net.Listen("unix", config.Hooks.Socket)
if errors.Is(err, syscall.EADDRINUSE) {
clog.Warn("Removing stale socket " + config.Hooks.Socket)
if err := syscall.Unlink(config.Hooks.Socket); err != nil {
clog.Fatal(1, "Removing stale socket: "+err.Error())
}
hooks_listener, err = net.Listen("unix", config.Hooks.Socket)
if err != nil {
clog.Fatal(1, "Listening hooks: "+err.Error())
}
} else if err != nil {
clog.Fatal(1, "Listening hooks: "+err.Error())
}
clog.Info("Listening hooks on unix " + config.Hooks.Socket)
go func() {
if err := serve_git_hooks(hooks_listener); err != nil {
clog.Fatal(1, "Serving hooks: "+err.Error())
}
}()
// SSH listener
ssh_listener, err := net.Listen(config.SSH.Net, config.SSH.Addr)
if errors.Is(err, syscall.EADDRINUSE) && config.SSH.Net == "unix" {
clog.Warn("Removing stale socket " + config.SSH.Addr)
if err := syscall.Unlink(config.SSH.Addr); err != nil {
clog.Fatal(1, "Removing stale socket: "+err.Error())
}
ssh_listener, err = net.Listen(config.SSH.Net, config.SSH.Addr)
if err != nil {
clog.Fatal(1, "Listening SSH: "+err.Error())
}
} else if err != nil {
clog.Fatal(1, "Listening SSH: "+err.Error())
}
clog.Info("Listening SSH on " + config.SSH.Net + " " + config.SSH.Addr)
go func() {
if err := serve_ssh(ssh_listener); err != nil {
clog.Fatal(1, "Serving SSH: "+err.Error())
}
}()
// HTTP listener
http_listener, err := net.Listen(config.HTTP.Net, config.HTTP.Addr)
if errors.Is(err, syscall.EADDRINUSE) && config.HTTP.Net == "unix" {
clog.Warn("Removing stale socket " + config.HTTP.Addr)
if err := syscall.Unlink(config.HTTP.Addr); err != nil {
clog.Fatal(1, "Removing stale socket: "+err.Error())
}
http_listener, err = net.Listen(config.HTTP.Net, config.HTTP.Addr)
if err != nil {
clog.Fatal(1, "Listening HTTP: "+err.Error())
}
} else if err != nil {
clog.Fatal(1, "Listening HTTP: "+err.Error())
}
clog.Info("Listening HTTP on " + config.HTTP.Net + " " + config.HTTP.Addr)
go func() {
if err := http.Serve(http_listener, &http_router_t{}); err != nil {
clog.Fatal(1, "Serving HTTP: "+err.Error())
}
}()
select {}
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"net/url"
"strings"
)
// We don't use path.Join because it collapses multiple slashes into one.
func generate_ssh_remote_url(group_name, repo_name string) string {
return strings.TrimSuffix(config.SSH.Root, "/") + "/" + url.PathEscape(group_name) + "/:/repos/" + url.PathEscape(repo_name)
}
func generate_http_remote_url(group_name, repo_name string) string {
return strings.TrimSuffix(config.HTTP.Root, "/") + "/" + url.PathEscape(group_name) + "/:/repos/" + url.PathEscape(repo_name)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"embed"
"html/template"
"io/fs"
"net/http"
)
// We embed all source for easy AGPL compliance.
//
//go:embed .gitignore .gitattributes
//go:embed LICENSE README.md
//go:embed *.go go.mod go.sum
//go:embed *.scfg
//go:embed Makefile
//go:embed schema.sql
//go:embed static/* templates/*
//go:embed git_hooks_client/*.c
//go:embed vendor/*
var source_fs embed.FS
var source_handler = http.StripPrefix(
"/:/source/",
http.FileServer(http.FS(source_fs)),
)
//go:embed templates/* static/* git_hooks_client/git_hooks_client
var resources_fs embed.FS
var templates *template.Template
func load_templates() (err error) {
templates, err = template.New("templates").Funcs(template.FuncMap{
"first_line": first_line,
"base_name": base_name,
}).ParseFS(resources_fs, "templates/*")
return err
}
var static_handler http.Handler
func init() {
static_fs, err := fs.Sub(resources_fs, "static")
if err != nil {
panic(err)
}
static_handler = http.StripPrefix("/:/static/", http.FileServer(http.FS(static_fs)))
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"errors"
"fmt"
"os"
"os/exec"
glider_ssh "github.com/gliderlabs/ssh"
"github.com/go-git/go-git/v5"
"go.lindenii.runxiyu.org/lindenii-common/cmap"
)
type pack_to_hook_t struct {
session glider_ssh.Session
repo *git.Repository
pubkey string
direct_access bool
repo_path string
user_id int
repo_id int
group_name string
repo_name string
}
var pack_to_hook_by_cookie = cmap.Map[string, pack_to_hook_t]{}
// ssh_handle_receive_pack handles attempts to push to repos.
func ssh_handle_receive_pack(session glider_ssh.Session, pubkey string, repo_identifier string) (err error) {
group_name, repo_name, repo_id, repo_path, direct_access, contrib_requirements, user_type, user_id, err := get_repo_path_perms_from_ssh_path_pubkey(session.Context(), repo_identifier, pubkey)
if err != nil {
return err
}
repo, err := git.PlainOpen(repo_path)
if err != nil {
return err
}
repo_config, err := repo.Config()
if err != nil {
return err
}
repo_config_core := repo_config.Raw.Section("core")
if repo_config_core == nil {
return errors.New("Repository has no core section in config")
}
hooksPath := repo_config_core.OptionAll("hooksPath")
if len(hooksPath) != 1 || hooksPath[0] != config.Hooks.Execs {
return errors.New("Repository has hooksPath set to an unexpected value")
}
if !direct_access {
switch contrib_requirements {
case "closed":
if !direct_access {
return errors.New("You need direct access to push to this repo.")
}
case "registered_user":
if user_type != "registered" {
return errors.New("You need to be a registered user to push to this repo.")
}
case "ssh_pubkey":
if pubkey == "" {
return errors.New("You need to have an SSH public key to push to this repo.")
}
if user_type == "" {
user_id, err = add_user_ssh(session.Context(), pubkey)
if err != nil {
return err
}
fmt.Fprintln(session.Stderr(), "You are now registered as user ID", user_id)
}
case "public":
default:
panic("unknown contrib_requirements value " + contrib_requirements)
}
}
cookie, err := random_urlsafe_string(16)
if err != nil {
fmt.Fprintln(session.Stderr(), "Error while generating cookie:", err)
}
fmt.Println(group_name, repo_name)
pack_to_hook_by_cookie.Store(cookie, pack_to_hook_t{
session: session,
pubkey: pubkey,
direct_access: direct_access,
repo_path: repo_path,
user_id: user_id,
repo_id: repo_id,
group_name: group_name,
repo_name: repo_name,
repo: repo,
})
defer pack_to_hook_by_cookie.Delete(cookie)
// The Delete won't execute until proc.Wait returns unless something
// horribly wrong such as a panic occurs.
proc := exec.CommandContext(session.Context(), "git-receive-pack", repo_path)
proc.Env = append(os.Environ(),
"LINDENII_FORGE_HOOKS_SOCKET_PATH="+config.Hooks.Socket,
"LINDENII_FORGE_HOOKS_COOKIE="+cookie,
)
proc.Stdin = session
proc.Stdout = session
proc.Stderr = session.Stderr()
err = proc.Start()
if err != nil {
fmt.Fprintln(session.Stderr(), "Error while starting process:", err)
return err
}
err = proc.Wait()
if exitError, ok := err.(*exec.ExitError); ok {
fmt.Fprintln(session.Stderr(), "Process exited with error", exitError.ExitCode())
} else if err != nil {
fmt.Fprintln(session.Stderr(), "Error while waiting for process:", err)
}
return err
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"fmt"
"os"
"os/exec"
glider_ssh "github.com/gliderlabs/ssh"
)
// ssh_handle_upload_pack handles clones/fetches. It just uses git-upload-pack
// and has no ACL checks.
func ssh_handle_upload_pack(session glider_ssh.Session, pubkey string, repo_identifier string) (err error) {
_, _, _, repo_path, _, _, _, _, err := get_repo_path_perms_from_ssh_path_pubkey(session.Context(), repo_identifier, pubkey)
if err != nil {
return err
}
proc := exec.CommandContext(session.Context(), "git-upload-pack", repo_path)
proc.Env = append(os.Environ(), "LINDENII_FORGE_HOOKS_SOCKET_PATH="+config.Hooks.Socket)
proc.Stdin = session
proc.Stdout = session
proc.Stderr = session.Stderr()
err = proc.Start()
if err != nil {
fmt.Fprintln(session.Stderr(), "Error while starting process:", err)
return err
}
err = proc.Wait()
if exitError, ok := err.(*exec.ExitError); ok {
fmt.Fprintln(session.Stderr(), "Process exited with error", exitError.ExitCode())
} else if err != nil {
fmt.Fprintln(session.Stderr(), "Error while waiting for process:", err)
}
return err
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"fmt"
"net"
"os"
"strings"
glider_ssh "github.com/gliderlabs/ssh"
"go.lindenii.runxiyu.org/lindenii-common/ansiec"
"go.lindenii.runxiyu.org/lindenii-common/clog"
go_ssh "golang.org/x/crypto/ssh"
)
var (
server_public_key_string string
server_public_key_fingerprint string
server_public_key go_ssh.PublicKey
)
func serve_ssh(listener net.Listener) error {
host_key_bytes, err := os.ReadFile(config.SSH.Key)
if err != nil {
return err
}
host_key, err := go_ssh.ParsePrivateKey(host_key_bytes)
if err != nil {
return err
}
server_public_key = host_key.PublicKey()
server_public_key_string = string(go_ssh.MarshalAuthorizedKey(server_public_key))
server_public_key_fingerprint = string(go_ssh.FingerprintSHA256(server_public_key))
server := &glider_ssh.Server{
Handler: func(session glider_ssh.Session) {
client_public_key := session.PublicKey()
var client_public_key_string string
if client_public_key != nil {
client_public_key_string = strings.TrimSuffix(string(go_ssh.MarshalAuthorizedKey(client_public_key)), "\n")
}
clog.Info("Incoming SSH: " + session.RemoteAddr().String() + " " + client_public_key_string + " " + session.RawCommand())
fmt.Fprintln(session.Stderr(), ansiec.Blue+"Lindenii Forge "+VERSION+", source at "+strings.TrimSuffix(config.HTTP.Root, "/")+"/:/source/"+ansiec.Reset+"\r")
cmd := session.Command()
if len(cmd) < 2 {
fmt.Fprintln(session.Stderr(), "Insufficient arguments\r")
return
}
switch cmd[0] {
case "git-upload-pack":
if len(cmd) > 2 {
fmt.Fprintln(session.Stderr(), "Too many arguments\r")
return
}
err = ssh_handle_upload_pack(session, client_public_key_string, cmd[1])
case "git-receive-pack":
if len(cmd) > 2 {
fmt.Fprintln(session.Stderr(), "Too many arguments\r")
return
}
err = ssh_handle_receive_pack(session, client_public_key_string, cmd[1])
default:
fmt.Fprintln(session.Stderr(), "Unsupported command: "+cmd[0]+"\r")
return
}
if err != nil {
fmt.Fprintln(session.Stderr(), err.Error())
return
}
},
PublicKeyHandler: func(ctx glider_ssh.Context, key glider_ssh.PublicKey) bool { return true },
KeyboardInteractiveHandler: func(ctx glider_ssh.Context, challenge go_ssh.KeyboardInteractiveChallenge) bool { return true },
// It is intentional that we do not check any credentials and accept all connections.
// This allows all users to connect and clone repositories. However, the public key
// is passed to handlers, so e.g. the push handler could check the key and reject the
// push if it needs to.
}
server.AddHostKey(host_key)
err = server.Serve(listener)
if err != nil {
clog.Fatal(1, "Serving SSH: "+err.Error())
}
return nil
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"context"
"errors"
"fmt"
"io"
"net/url"
"strings"
"go.lindenii.runxiyu.org/lindenii-common/ansiec"
)
var err_ssh_illegal_endpoint = errors.New("illegal endpoint during SSH access")
func get_repo_path_perms_from_ssh_path_pubkey(ctx context.Context, ssh_path string, ssh_pubkey string) (group_name string, repo_name string, repo_id int, repo_path string, direct_access bool, contrib_requirements string, user_type string, user_id int, err error) {
segments := strings.Split(strings.TrimPrefix(ssh_path, "/"), "/")
for i, segment := range segments {
var err error
segments[i], err = url.PathUnescape(segment)
if err != nil {
return "", "", 0, "", false, "", "", 0, err
}
}
if segments[0] == ":" {
return "", "", 0, "", false, "", "", 0, err_ssh_illegal_endpoint
}
separator_index := -1
for i, part := range segments {
if part == ":" {
separator_index = i
break
}
}
if segments[len(segments)-1] == "" {
segments = segments[:len(segments)-1]
}
switch {
case separator_index == -1:
return "", "", 0, "", false, "", "", 0, err_ssh_illegal_endpoint
case len(segments) <= separator_index+2:
return "", "", 0, "", false, "", "", 0, err_ssh_illegal_endpoint
}
group_name = segments[0]
module_type := segments[separator_index+1]
module_name := segments[separator_index+2]
repo_name = module_name
switch module_type {
case "repos":
_1, _2, _3, _4, _5, _6, _7 := get_path_perm_by_group_repo_key(ctx, group_name, module_name, ssh_pubkey)
return group_name, repo_name, _1, _2, _3, _4, _5, _6, _7
default:
return "", "", 0, "", false, "", "", 0, err_ssh_illegal_endpoint
}
}
func wf_error(w io.Writer, format string, args ...any) {
fmt.Fprintln(w, ansiec.Red+fmt.Sprintf(format, args...)+ansiec.Reset)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"errors"
"net/http"
"net/url"
"strings"
)
var (
err_duplicate_ref_spec = errors.New("duplicate ref spec")
err_no_ref_spec = errors.New("no ref spec")
)
func get_param_ref_and_type(r *http.Request) (ref_type, ref string, err error) {
qr := r.URL.RawQuery
q, err := url.ParseQuery(qr)
if err != nil {
return
}
done := false
for _, _ref_type := range []string{"commit", "branch", "tag"} {
_ref, ok := q[_ref_type]
if ok {
if done {
err = err_duplicate_ref_spec
return
} else {
done = true
if len(_ref) != 1 {
err = err_duplicate_ref_spec
return
}
ref = _ref[0]
ref_type = _ref_type
}
}
}
if !done {
err = err_no_ref_spec
}
return
}
func parse_request_uri(request_uri string) (segments []string, params url.Values, err error) {
path, params_string, _ := strings.Cut(request_uri, "?")
segments = strings.Split(strings.TrimPrefix(path, "/"), "/")
for i, segment := range segments {
segments[i], err = url.PathUnescape(segment)
if err != nil {
return
}
}
params, err = url.ParseQuery(params_string)
return
}
func redirect_with_slash(w http.ResponseWriter, r *http.Request) bool {
request_uri := r.RequestURI
path_end := strings.IndexAny(request_uri, "?#")
var path, rest string
if path_end == -1 {
path = request_uri
} else {
path = request_uri[:path_end]
rest = request_uri[path_end:]
}
if !strings.HasSuffix(path, "/") {
http.Redirect(w, r, path+"/"+rest, http.StatusSeeOther)
return true
}
return false
}
func redirect_without_slash(w http.ResponseWriter, r *http.Request) bool {
request_uri := r.RequestURI
path_end := strings.IndexAny(request_uri, "?#")
var path, rest string
if path_end == -1 {
path = request_uri
} else {
path = request_uri[:path_end]
rest = request_uri[path_end:]
}
if strings.HasSuffix(path, "/") {
http.Redirect(w, r, strings.TrimSuffix(path, "/")+rest, http.StatusSeeOther)
return true
}
return false
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"context"
)
func add_user_ssh(ctx context.Context, pubkey string) (user_id int, err error) {
tx, err := database.Begin(ctx)
if err != nil {
return
}
defer tx.Rollback(ctx)
err = tx.QueryRow(ctx, `INSERT INTO users (type) VALUES ('pubkey_only') RETURNING id`).Scan(&user_id)
if err != nil {
return
}
_, err = tx.Exec(ctx, `INSERT INTO ssh_public_keys (key_string, user_id) VALUES ($1, $2)`, pubkey, user_id)
if err != nil {
return
}
err = tx.Commit(ctx)
return
}