Hi… I am well aware that this diff view is very suboptimal. It will be fixed when the refactored server comes along!
Remove underscores from Go code, pt 1
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org> package main import ( "bufio" "context" "errors" "os" "github.com/jackc/pgx/v5/pgxpool" "go.lindenii.runxiyu.org/lindenii-common/scfg" ) var database *pgxpool.Pool
var err_unsupported_database_type = errors.New("unsupported database type")
var config struct {
HTTP struct {
Net string `scfg:"net"`
Addr string `scfg:"addr"`
CookieExpiry int `scfg:"cookie_expiry"`
Root string `scfg:"root"`
} `scfg:"http"`
Hooks struct {
Socket string `scfg:"socket"`
Execs string `scfg:"execs"`
} `scfg:"hooks"`
Git struct {
RepoDir string `scfg:"repo_dir"`
} `scfg:"git"`
SSH struct {
Net string `scfg:"net"`
Addr string `scfg:"addr"`
Key string `scfg:"key"`
Root string `scfg:"root"`
} `scfg:"ssh"`
General struct {
Title string `scfg:"title"`
} `scfg:"general"`
DB struct {
Type string `scfg:"type"`
Conn string `scfg:"conn"`
} `scfg:"db"`
}
func load_config(path string) (err error) {
var config_file *os.File
func loadConfig(path string) (err error) {
var configFile *os.File
var decoder *scfg.Decoder
if config_file, err = os.Open(path); err != nil {
if configFile, err = os.Open(path); err != nil {
return err }
defer config_file.Close()
defer configFile.Close()
decoder = scfg.NewDecoder(bufio.NewReader(config_file))
decoder = scfg.NewDecoder(bufio.NewReader(configFile))
if err = decoder.Decode(&config); err != nil {
return err
}
if config.DB.Type != "postgres" {
return err_unsupported_database_type
return errors.New("unsupported database type")
}
if database, err = pgxpool.New(context.Background(), config.DB.Conn); err != nil {
return err
}
global_data["forge_title"] = config.General.Title
return nil
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org> package main import ( "io" "io/fs" "os" "path/filepath" )
// deploy_hooks_to_filesystem deploys the git hooks client to the filesystem.
// deployHooks deploys the git hooks client to the filesystem.
// The git hooks client is expected to be embedded in resources_fs and must be // pre-compiled during the build process; see the Makefile.
func deploy_hooks_to_filesystem() (err error) {
func deployHooks() (err error) {
err = func() (err error) {
var src_fd fs.File
var dst_fd *os.File
if src_fd, err = resources_fs.Open("hookc/hookc"); err != nil {
return err
}
defer src_fd.Close()
if dst_fd, err = os.OpenFile(filepath.Join(config.Hooks.Execs, "hookc"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o755); err != nil {
return err
}
defer dst_fd.Close()
if _, err = io.Copy(dst_fd, src_fd); err != nil {
return err
}
return nil
}()
if err != nil {
return err
}
// Go's embed filesystems do not store permissions; but in any case,
// they would need to be 0o755:
if err = os.Chmod(filepath.Join(config.Hooks.Execs, "hookc"), 0o755); err != nil {
return err
}
for _, hook_name := range []string{
"pre-receive",
} {
if err = os.Symlink(filepath.Join(config.Hooks.Execs, "hookc"), filepath.Join(config.Hooks.Execs, hook_name)); err != nil {
return err
}
}
return nil
}
// SPDX-License-Identifier: AGPL-3.0-only
// SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"bytes"
"context"
"encoding/binary"
"errors"
"fmt"
"io"
"net"
"os"
"path/filepath"
"strconv"
"strings"
"syscall"
"github.com/go-git/go-git/v5/plumbing"
"github.com/go-git/go-git/v5/plumbing/object"
"github.com/jackc/pgx/v5"
"go.lindenii.runxiyu.org/lindenii-common/ansiec"
)
var (
err_get_fd = errors.New("unable to get file descriptor")
err_get_ucred = errors.New("failed getsockopt")
)
// hooks_handle_connection handles a connection from hookc via the
// unix socket.
func hooks_handle_connection(conn net.Conn) {
var ctx context.Context
var cancel context.CancelFunc
var ucred *syscall.Ucred
var err error
var cookie []byte
var pack_to_hook pack_to_hook_t
var ssh_stderr io.Writer
var ok bool
var hook_return_value byte
defer conn.Close()
ctx, cancel = context.WithCancel(context.Background())
defer cancel()
// There aren't reasonable cases where someone would run this as
// another user.
if ucred, err = get_ucred(conn); err != nil {
if _, err = conn.Write([]byte{1}); err != nil {
return
}
wf_error(conn, "\nUnable to get peer credentials: %v", err)
return
}
if ucred.Uid != uint32(os.Getuid()) {
if _, err = conn.Write([]byte{1}); err != nil {
return
}
wf_error(conn, "\nUID mismatch")
return
}
cookie = make([]byte, 64)
if _, err = conn.Read(cookie); err != nil {
if _, err = conn.Write([]byte{1}); err != nil {
return
}
wf_error(conn, "\nFailed to read cookie: %v", err)
return
}
pack_to_hook, ok = pack_to_hook_by_cookie.Load(string(cookie))
if !ok {
if _, err = conn.Write([]byte{1}); err != nil {
return
}
wf_error(conn, "\nInvalid handler cookie")
return
}
ssh_stderr = pack_to_hook.session.Stderr()
_, _ = ssh_stderr.Write([]byte{'\n'})
hook_return_value = func() byte {
var argc64 uint64
if err = binary.Read(conn, binary.NativeEndian, &argc64); err != nil {
wf_error(ssh_stderr, "Failed to read argc: %v", err)
return 1
}
var args []string
for i := uint64(0); i < argc64; i++ {
var arg bytes.Buffer
for {
b := make([]byte, 1)
n, err := conn.Read(b)
if err != nil || n != 1 {
wf_error(ssh_stderr, "Failed to read arg: %v", err)
return 1
}
if b[0] == 0 {
break
}
arg.WriteByte(b[0])
}
args = append(args, arg.String())
}
git_env := make(map[string]string)
for {
var env_line bytes.Buffer
for {
b := make([]byte, 1)
n, err := conn.Read(b)
if err != nil || n != 1 {
wf_error(ssh_stderr, "Failed to read environment variable: %v", err)
return 1
}
if b[0] == 0 {
break
}
env_line.WriteByte(b[0])
}
if env_line.Len() == 0 {
break
}
kv := env_line.String()
parts := strings.SplitN(kv, "=", 2)
if len(parts) < 2 {
wf_error(ssh_stderr, "Invalid environment variable line: %v", kv)
return 1
}
git_env[parts[0]] = parts[1]
}
var stdin bytes.Buffer
if _, err = io.Copy(&stdin, conn); err != nil {
wf_error(conn, "Failed to read to the stdin buffer: %v", err)
}
switch filepath.Base(args[0]) {
case "pre-receive":
if pack_to_hook.direct_access {
return 0
} else {
all_ok := true
for {
var line, old_oid, rest, new_oid, ref_name string
var found bool
var old_hash, new_hash plumbing.Hash
var old_commit, new_commit *object.Commit
var git_push_option_count int
git_push_option_count, err = strconv.Atoi(git_env["GIT_PUSH_OPTION_COUNT"])
if err != nil {
wf_error(ssh_stderr, "Failed to parse GIT_PUSH_OPTION_COUNT: %v", err)
return 1
}
// TODO: Allow existing users (even if they are already federated or registered) to add a federated user ID... though perhaps this should be in the normal SSH interface instead of the git push interface?
// Also it'd be nice to be able to combine users or whatever
if pack_to_hook.contrib_requirements == "federated" && pack_to_hook.user_type != "federated" && pack_to_hook.user_type != "registered" {
if git_push_option_count == 0 {
wf_error(ssh_stderr, "This repo requires contributors to be either federated or registered users. You must supply your federated user ID as a push option. For example, git push -o fedid=sr.ht:runxiyu")
return 1
}
for i := 0; i < git_push_option_count; i++ {
push_option, ok := git_env[fmt.Sprintf("GIT_PUSH_OPTION_%d", i)]
if !ok {
wf_error(ssh_stderr, "Failed to get push option %d", i)
return 1
}
if strings.HasPrefix(push_option, "fedid=") {
federated_user_identifier := strings.TrimPrefix(push_option, "fedid=")
service, username, found := strings.Cut(federated_user_identifier, ":")
if !found {
wf_error(ssh_stderr, "Invalid federated user identifier %#v does not contain a colon", federated_user_identifier)
return 1
}
ok, err := check_and_update_federated_user_status(ctx, pack_to_hook.user_id, service, username, pack_to_hook.pubkey)
if err != nil {
wf_error(ssh_stderr, "Failed to verify federated user identifier %#v: %v", federated_user_identifier, err)
return 1
}
if !ok {
wf_error(ssh_stderr, "Failed to verify federated user identifier %#v: you don't seem to be on the list", federated_user_identifier)
return 1
}
break
}
if i == git_push_option_count-1 {
wf_error(ssh_stderr, "This repo requires contributors to be either federated or registered users. You must supply your federated user ID as a push option. For example, git push -o fedid=sr.ht:runxiyu")
return 1
}
}
}
line, err = stdin.ReadString('\n')
if errors.Is(err, io.EOF) {
break
} else if err != nil {
wf_error(ssh_stderr, "Failed to read pre-receive line: %v", err)
return 1
}
line = line[:len(line)-1]
old_oid, rest, found = strings.Cut(line, " ")
if !found {
wf_error(ssh_stderr, "Invalid pre-receive line: %v", line)
return 1
}
new_oid, ref_name, found = strings.Cut(rest, " ")
if !found {
wf_error(ssh_stderr, "Invalid pre-receive line: %v", line)
return 1
}
if strings.HasPrefix(ref_name, "refs/heads/contrib/") {
if all_zero_num_string(old_oid) { // New branch
fmt.Fprintln(ssh_stderr, ansiec.Blue+"POK"+ansiec.Reset, ref_name)
var new_mr_id int
err = database.QueryRow(ctx,
"INSERT INTO merge_requests (repo_id, creator, source_ref, status) VALUES ($1, $2, $3, 'open') RETURNING id",
pack_to_hook.repo_id, pack_to_hook.user_id, strings.TrimPrefix(ref_name, "refs/heads/"),
).Scan(&new_mr_id)
if err != nil {
wf_error(ssh_stderr, "Error creating merge request: %v", err)
return 1
}
fmt.Fprintln(ssh_stderr, ansiec.Blue+"Created merge request at", generate_http_remote_url(pack_to_hook.group_path, pack_to_hook.repo_name)+"/contrib/"+strconv.FormatUint(uint64(new_mr_id), 10)+"/"+ansiec.Reset)
} else { // Existing contrib branch
var existing_merge_request_user_id int
var is_ancestor bool
err = database.QueryRow(ctx,
"SELECT COALESCE(creator, 0) FROM merge_requests WHERE source_ref = $1 AND repo_id = $2",
strings.TrimPrefix(ref_name, "refs/heads/"), pack_to_hook.repo_id,
).Scan(&existing_merge_request_user_id)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
wf_error(ssh_stderr, "No existing merge request for existing contrib branch: %v", err)
} else {
wf_error(ssh_stderr, "Error querying for existing merge request: %v", err)
}
return 1
}
if existing_merge_request_user_id == 0 {
all_ok = false
fmt.Fprintln(ssh_stderr, ansiec.Red+"NAK"+ansiec.Reset, ref_name, "(branch belongs to unowned MR)")
continue
}
if existing_merge_request_user_id != pack_to_hook.user_id {
all_ok = false
fmt.Fprintln(ssh_stderr, ansiec.Red+"NAK"+ansiec.Reset, ref_name, "(branch belongs another user's MR)")
continue
}
old_hash = plumbing.NewHash(old_oid)
if old_commit, err = pack_to_hook.repo.CommitObject(old_hash); err != nil {
wf_error(ssh_stderr, "Daemon failed to get old commit: %v", err)
return 1
}
// Potential BUG: I'm not sure if new_commit is guaranteed to be
// detectable as they haven't been merged into the main repo's
// objects yet. But it seems to work, and I don't think there's
// any reason for this to only work intermitently.
new_hash = plumbing.NewHash(new_oid)
if new_commit, err = pack_to_hook.repo.CommitObject(new_hash); err != nil {
wf_error(ssh_stderr, "Daemon failed to get new commit: %v", err)
return 1
}
if is_ancestor, err = old_commit.IsAncestor(new_commit); err != nil {
wf_error(ssh_stderr, "Daemon failed to check if old commit is ancestor: %v", err)
return 1
}
if !is_ancestor {
// TODO: Create MR snapshot ref instead
all_ok = false
fmt.Fprintln(ssh_stderr, ansiec.Red+"NAK"+ansiec.Reset, ref_name, "(force pushes are not supported yet)")
continue
}
fmt.Fprintln(ssh_stderr, ansiec.Blue+"POK"+ansiec.Reset, ref_name)
}
} else { // Non-contrib branch
all_ok = false
fmt.Fprintln(ssh_stderr, ansiec.Red+"NAK"+ansiec.Reset, ref_name, "(you cannot push to branches outside of contrib/*)")
}
}
fmt.Fprintln(ssh_stderr)
if all_ok {
fmt.Fprintln(ssh_stderr, "Overall "+ansiec.Green+"ACK"+ansiec.Reset+" (all checks passed)")
return 0
} else {
fmt.Fprintln(ssh_stderr, "Overall "+ansiec.Red+"NAK"+ansiec.Reset+" (one or more branches failed checks)")
return 1
}
}
default:
fmt.Fprintln(ssh_stderr, ansiec.Red+"Invalid hook:", args[0]+ansiec.Reset)
return 1
}
}()
fmt.Fprintln(ssh_stderr)
_, _ = conn.Write([]byte{hook_return_value})
}
func serve_git_hooks(listener net.Listener) error {
func serveGitHooks(listener net.Listener) error {
for {
conn, err := listener.Accept()
if err != nil {
return err
}
go hooks_handle_connection(conn)
}
}
func get_ucred(conn net.Conn) (ucred *syscall.Ucred, err error) {
var unix_conn *net.UnixConn = conn.(*net.UnixConn)
var fd *os.File
if fd, err = unix_conn.File(); err != nil {
return nil, err_get_fd
}
defer fd.Close()
if ucred, err = syscall.GetsockoptUcred(int(fd.Fd()), syscall.SOL_SOCKET, syscall.SO_PEERCRED); err != nil {
return nil, err_get_ucred
}
return ucred, nil
}
func all_zero_num_string(s string) bool {
for _, r := range s {
if r != '0' {
return false
}
}
return true
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org> package main import ( "errors" "fmt" "net/http" "strconv" "strings" "github.com/jackc/pgx/v5" "go.lindenii.runxiyu.org/lindenii-common/clog" )
type http_router_t struct{}
type httpRouter struct{}
func (router *http_router_t) ServeHTTP(w http.ResponseWriter, r *http.Request) {
func (router *httpRouter) ServeHTTP(w http.ResponseWriter, r *http.Request) {
clog.Info("Incoming HTTP: " + r.RemoteAddr + " " + r.Method + " " + r.RequestURI)
var segments []string
var err error
var non_empty_last_segments_len int
var separator_index int
params := make(map[string]any)
if segments, _, err = parse_request_uri(r.RequestURI); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
non_empty_last_segments_len = len(segments)
if segments[len(segments)-1] == "" {
non_empty_last_segments_len--
}
if segments[0] == ":" {
if len(segments) < 2 {
http.Error(w, "Blank system endpoint", http.StatusNotFound)
return
} else if len(segments) == 2 && redirect_with_slash(w, r) {
return
}
switch segments[1] {
case "static":
static_handler.ServeHTTP(w, r)
return
case "source":
source_handler.ServeHTTP(w, r)
return
}
}
params["url_segments"] = segments
params["global"] = global_data
var _user_id int // 0 for none
_user_id, params["username"], err = get_user_info_from_request(r)
params["user_id"] = _user_id
if errors.Is(err, http.ErrNoCookie) {
} else if errors.Is(err, pgx.ErrNoRows) {
} else if err != nil {
http.Error(w, "Error getting user info from request: "+err.Error(), http.StatusInternalServerError)
return
}
if _user_id == 0 {
params["user_id_string"] = ""
} else {
params["user_id_string"] = strconv.Itoa(_user_id)
}
if segments[0] == ":" {
switch segments[1] {
case "login":
handle_login(w, r, params)
return
case "users":
handle_users(w, r, params)
return
case "gc":
handle_gc(w, r, params)
return
default:
http.Error(w, fmt.Sprintf("Unknown system module type: %s", segments[1]), http.StatusNotFound)
return
}
}
separator_index = -1
for i, part := range segments {
if part == ":" {
separator_index = i
break
}
}
params["separator_index"] = separator_index
var group_path []string
var module_type string
var module_name string
if separator_index > 0 {
group_path = segments[:separator_index]
} else {
group_path = segments[:len(segments)-1]
}
params["group_path"] = group_path
switch {
case non_empty_last_segments_len == 0:
handle_index(w, r, params)
case separator_index == -1:
if redirect_with_slash(w, r) {
return
}
handle_group_index(w, r, params)
case non_empty_last_segments_len == separator_index+1:
http.Error(w, "Illegal path 1", http.StatusNotImplemented)
return
case non_empty_last_segments_len == separator_index+2:
http.Error(w, "Illegal path 2", http.StatusNotImplemented)
return
default:
module_type = segments[separator_index+1]
module_name = segments[separator_index+2]
switch module_type {
case "repos":
params["repo_name"] = module_name
if non_empty_last_segments_len > separator_index+3 {
switch segments[separator_index+3] {
case "info":
if err = handle_repo_info(w, r, params); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
return
case "git-upload-pack":
if err = handle_upload_pack(w, r, params); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
return
}
}
if params["ref_type"], params["ref_name"], err = get_param_ref_and_type(r); err != nil {
if errors.Is(err, err_no_ref_spec) {
params["ref_type"] = ""
} else {
http.Error(w, "Error querying ref type: "+err.Error(), http.StatusInternalServerError)
return
}
}
// TODO: subgroups
if params["repo"], params["repo_description"], params["repo_id"], err = open_git_repo(r.Context(), group_path, module_name); err != nil {
http.Error(w, "Error opening repo: "+err.Error(), http.StatusInternalServerError)
return
}
if non_empty_last_segments_len == separator_index+3 {
if redirect_with_slash(w, r) {
return
}
handle_repo_index(w, r, params)
return
}
repo_feature := segments[separator_index+3]
switch repo_feature {
case "tree":
params["rest"] = strings.Join(segments[separator_index+4:], "/")
if len(segments) < separator_index+5 && redirect_with_slash(w, r) {
return
}
handle_repo_tree(w, r, params)
case "raw":
params["rest"] = strings.Join(segments[separator_index+4:], "/")
if len(segments) < separator_index+5 && redirect_with_slash(w, r) {
return
}
handle_repo_raw(w, r, params)
case "log":
if non_empty_last_segments_len > separator_index+4 {
http.Error(w, "Too many parameters", http.StatusBadRequest)
return
}
if redirect_with_slash(w, r) {
return
}
handle_repo_log(w, r, params)
case "commit":
if redirect_without_slash(w, r) {
return
}
params["commit_id"] = segments[separator_index+4]
handle_repo_commit(w, r, params)
case "contrib":
if redirect_with_slash(w, r) {
return
}
switch non_empty_last_segments_len {
case separator_index + 4:
handle_repo_contrib_index(w, r, params)
case separator_index + 5:
params["mr_id"] = segments[separator_index+4]
handle_repo_contrib_one(w, r, params)
default:
http.Error(w, "Too many parameters", http.StatusBadRequest)
}
default:
http.Error(w, fmt.Sprintf("Unknown repo feature: %s", repo_feature), http.StatusNotFound)
}
default:
http.Error(w, fmt.Sprintf("Unknown module type: %s", module_type), http.StatusNotFound)
}
}
}
// SPDX-License-Identifier: AGPL-3.0-only
// SPDX-FileContributor: Runxi Yu <https://runxiyu.org>
package main
import (
"errors"
"flag"
"net"
"net/http"
"syscall"
"go.lindenii.runxiyu.org/lindenii-common/clog"
_ "net/http/pprof"
)
func main() {
config_path := flag.String(
configPath := flag.String(
"config", "/etc/lindenii/forge.scfg", "path to configuration file", ) flag.Parse()
if err := load_config(*config_path); err != nil {
if err := loadConfig(*configPath); err != nil {
clog.Fatal(1, "Loading configuration: "+err.Error()) }
if err := deploy_hooks_to_filesystem(); err != nil {
if err := deployHooks(); err != nil {
clog.Fatal(1, "Deploying hooks to filesystem: "+err.Error()) }
if err := load_templates(); err != nil {
if err := loadTemplates(); err != nil {
clog.Fatal(1, "Loading templates: "+err.Error()) } // UNIX socket listener for hooks
var hooks_listener net.Listener
var hooksListener net.Listener
var err error
hooks_listener, err = net.Listen("unix", config.Hooks.Socket)
hooksListener, err = net.Listen("unix", config.Hooks.Socket)
if errors.Is(err, syscall.EADDRINUSE) {
clog.Warn("Removing stale socket " + config.Hooks.Socket)
if err = syscall.Unlink(config.Hooks.Socket); err != nil {
clog.Fatal(1, "Removing stale socket: "+err.Error())
}
if hooks_listener, err = net.Listen("unix", config.Hooks.Socket); err != nil {
if hooksListener, err = net.Listen("unix", config.Hooks.Socket); err != nil {
clog.Fatal(1, "Listening hooks: "+err.Error())
}
} else if err != nil {
clog.Fatal(1, "Listening hooks: "+err.Error())
}
clog.Info("Listening hooks on unix " + config.Hooks.Socket)
go func() {
if err = serve_git_hooks(hooks_listener); err != nil {
if err = serveGitHooks(hooksListener); err != nil {
clog.Fatal(1, "Serving hooks: "+err.Error()) } }() // SSH listener
ssh_listener, err := net.Listen(config.SSH.Net, config.SSH.Addr)
sshListener, err := net.Listen(config.SSH.Net, config.SSH.Addr)
if errors.Is(err, syscall.EADDRINUSE) && config.SSH.Net == "unix" {
clog.Warn("Removing stale socket " + config.SSH.Addr)
if err = syscall.Unlink(config.SSH.Addr); err != nil {
clog.Fatal(1, "Removing stale socket: "+err.Error())
}
if ssh_listener, err = net.Listen(config.SSH.Net, config.SSH.Addr); err != nil {
if sshListener, err = net.Listen(config.SSH.Net, config.SSH.Addr); err != nil {
clog.Fatal(1, "Listening SSH: "+err.Error())
}
} else if err != nil {
clog.Fatal(1, "Listening SSH: "+err.Error())
}
clog.Info("Listening SSH on " + config.SSH.Net + " " + config.SSH.Addr)
go func() {
if err = serve_ssh(ssh_listener); err != nil {
if err = serveSSH(sshListener); err != nil {
clog.Fatal(1, "Serving SSH: "+err.Error()) } }() // HTTP listener
http_listener, err := net.Listen(config.HTTP.Net, config.HTTP.Addr)
httpListener, err := net.Listen(config.HTTP.Net, config.HTTP.Addr)
if errors.Is(err, syscall.EADDRINUSE) && config.HTTP.Net == "unix" {
clog.Warn("Removing stale socket " + config.HTTP.Addr)
if err = syscall.Unlink(config.HTTP.Addr); err != nil {
clog.Fatal(1, "Removing stale socket: "+err.Error())
}
if http_listener, err = net.Listen(config.HTTP.Net, config.HTTP.Addr); err != nil {
if httpListener, err = net.Listen(config.HTTP.Net, config.HTTP.Addr); err != nil {
clog.Fatal(1, "Listening HTTP: "+err.Error())
}
} else if err != nil {
clog.Fatal(1, "Listening HTTP: "+err.Error())
}
clog.Info("Listening HTTP on " + config.HTTP.Net + " " + config.HTTP.Addr)
go func() {
if err = http.Serve(http_listener, &http_router_t{}); err != nil {
if err = http.Serve(httpListener, &httpRouter{}); err != nil {
clog.Fatal(1, "Serving HTTP: "+err.Error()) } }() // Pprof listener
pprof_listener, err := net.Listen("tcp", "localhost:6060")
pprofListener, err := net.Listen("tcp", "localhost:6060")
if err != nil {
clog.Fatal(1, "Listening pprof: "+err.Error())
}
clog.Info("Listening pprof on tcp localhost:6060")
go func() {
if err = http.Serve(pprof_listener, nil); err != nil {
if err = http.Serve(pprofListener, nil); err != nil {
clog.Fatal(1, "Serving pprof: "+err.Error())
}
}()
select {}
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org> package main import ( "embed" "html/template" "io/fs" "net/http" "github.com/tdewolff/minify/v2" "github.com/tdewolff/minify/v2/html" ) // We embed all source for easy AGPL compliance. // //go:embed .gitignore .gitattributes //go:embed LICENSE README.md //go:embed *.go go.mod go.sum //go:embed *.scfg //go:embed Makefile //go:embed static/* templates/* scripts/* sql/* //go:embed hookc/*.c //go:embed vendor/* var source_fs embed.FS var source_handler = http.StripPrefix( "/:/source/", http.FileServer(http.FS(source_fs)), ) //go:embed templates/* static/* hookc/hookc var resources_fs embed.FS var templates *template.Template
func load_templates() (err error) {
func loadTemplates() (err error) {
m := minify.New()
m.Add("text/html", &html.Minifier{TemplateDelims: [2]string{"{{", "}}"}, KeepDefaultAttrVals: true})
templates = template.New("templates").Funcs(template.FuncMap{
"first_line": first_line,
"base_name": base_name,
"path_escape": path_escape,
"query_escape": query_escape,
})
err = fs.WalkDir(resources_fs, "templates", func(path string, d fs.DirEntry, err error) error {
if err != nil {
return err
}
if !d.IsDir() {
content, err := fs.ReadFile(resources_fs, path)
if err != nil {
return err
}
minified, err := m.Bytes("text/html", content)
if err != nil {
return err
}
_, err = templates.Parse(string(minified))
if err != nil {
return err
}
}
return nil
})
return err
}
var static_handler http.Handler
func init() {
static_fs, err := fs.Sub(resources_fs, "static")
if err != nil {
panic(err)
}
static_handler = http.StripPrefix("/:/static/", http.FileServer(http.FS(static_fs)))
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileContributor: Runxi Yu <https://runxiyu.org> package main import ( "fmt" "net" "os" "strings" glider_ssh "github.com/gliderlabs/ssh" "go.lindenii.runxiyu.org/lindenii-common/ansiec" "go.lindenii.runxiyu.org/lindenii-common/clog" go_ssh "golang.org/x/crypto/ssh" ) var ( server_public_key_string string server_public_key_fingerprint string server_public_key go_ssh.PublicKey )
func serve_ssh(listener net.Listener) error {
func serveSSH(listener net.Listener) error {
var host_key_bytes []byte
var host_key go_ssh.Signer
var err error
var server *glider_ssh.Server
if host_key_bytes, err = os.ReadFile(config.SSH.Key); err != nil {
return err
}
if host_key, err = go_ssh.ParsePrivateKey(host_key_bytes); err != nil {
return err
}
server_public_key = host_key.PublicKey()
server_public_key_string = string(go_ssh.MarshalAuthorizedKey(server_public_key))
server_public_key_fingerprint = go_ssh.FingerprintSHA256(server_public_key)
server = &glider_ssh.Server{
Handler: func(session glider_ssh.Session) {
client_public_key := session.PublicKey()
var client_public_key_string string
if client_public_key != nil {
client_public_key_string = strings.TrimSuffix(string(go_ssh.MarshalAuthorizedKey(client_public_key)), "\n")
}
clog.Info("Incoming SSH: " + session.RemoteAddr().String() + " " + client_public_key_string + " " + session.RawCommand())
fmt.Fprintln(session.Stderr(), ansiec.Blue+"Lindenii Forge "+VERSION+", source at "+strings.TrimSuffix(config.HTTP.Root, "/")+"/:/source/"+ansiec.Reset+"\r")
cmd := session.Command()
if len(cmd) < 2 {
fmt.Fprintln(session.Stderr(), "Insufficient arguments\r")
return
}
switch cmd[0] {
case "git-upload-pack":
if len(cmd) > 2 {
fmt.Fprintln(session.Stderr(), "Too many arguments\r")
return
}
err = ssh_handle_upload_pack(session, client_public_key_string, cmd[1])
case "git-receive-pack":
if len(cmd) > 2 {
fmt.Fprintln(session.Stderr(), "Too many arguments\r")
return
}
err = ssh_handle_receive_pack(session, client_public_key_string, cmd[1])
default:
fmt.Fprintln(session.Stderr(), "Unsupported command: "+cmd[0]+"\r")
return
}
if err != nil {
fmt.Fprintln(session.Stderr(), err.Error())
return
}
},
PublicKeyHandler: func(ctx glider_ssh.Context, key glider_ssh.PublicKey) bool { return true },
KeyboardInteractiveHandler: func(ctx glider_ssh.Context, challenge go_ssh.KeyboardInteractiveChallenge) bool { return true },
// It is intentional that we do not check any credentials and accept all connections.
// This allows all users to connect and clone repositories. However, the public key
// is passed to handlers, so e.g. the push handler could check the key and reject the
// push if it needs to.
}
server.AddHostKey(host_key)
if err = server.Serve(listener); err != nil {
clog.Fatal(1, "Serving SSH: "+err.Error())
}
return nil
}