Hi… I am well aware that this diff view is very suboptimal. It will be fixed when the refactored server comes along!
*.go: Use lowercase error values
package main import ( "bufio" "context" "errors" "os" "github.com/jackc/pgx/v5/pgxpool" "go.lindenii.runxiyu.org/lindenii-common/scfg" ) var database *pgxpool.Pool
var err_unsupported_database_type = errors.New("Unsupported database type")
var err_unsupported_database_type = errors.New("unsupported database type")
var config struct {
HTTP struct {
Net string `scfg:"net"`
Addr string `scfg:"addr"`
CookieExpiry int `scfg:"cookie_expiry"`
Root string `scfg:"root"`
} `scfg:"http"`
Hooks struct {
Socket string `scfg:"socket"`
Execs string `scfg:"execs"`
} `scfg:"hooks"`
SSH struct {
Net string `scfg:"net"`
Addr string `scfg:"addr"`
Key string `scfg:"key"`
Root string `scfg:"root"`
} `scfg:"ssh"`
General struct {
Title string `scfg:"title"`
} `scfg:"general"`
DB struct {
Type string `scfg:"type"`
Conn string `scfg:"conn"`
} `scfg:"db"`
}
func load_config(path string) (err error) {
config_file, err := os.Open(path)
if err != nil {
return err
}
defer config_file.Close()
decoder := scfg.NewDecoder(bufio.NewReader(config_file))
err = decoder.Decode(&config)
if err != nil {
return err
}
if config.DB.Type != "postgres" {
return err_unsupported_database_type
}
database, err = pgxpool.New(context.Background(), config.DB.Conn)
if err != nil {
return err
}
global_data["forge_title"] = config.General.Title
return nil
}
package main import ( "bytes" "encoding/binary" "errors" "fmt" "io" "net" "os" "path/filepath" "strings" "syscall" ) var (
err_get_fd = errors.New("Unable to get file descriptor")
err_get_ucred = errors.New("Failed getsockopt")
err_get_fd = errors.New("unable to get file descriptor")
err_get_ucred = errors.New("failed getsockopt")
)
// hooks_handle_connection handles a connection from git_hooks_client via the
// unix socket.
func hooks_handle_connection(conn net.Conn) {
defer conn.Close()
// There aren't reasonable cases where someone would run this as
// another user.
ucred, err := get_ucred(conn)
if err != nil {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
fmt.Fprintln(conn, "Unable to get peer credentials:", err.Error())
return
}
if ucred.Uid != uint32(os.Getuid()) {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
fmt.Fprintln(conn, "UID mismatch")
return
}
cookie := make([]byte, 64)
_, err = conn.Read(cookie)
if err != nil {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
fmt.Fprintln(conn, "Failed to read cookie:", err.Error())
return
}
pack_to_hook, ok := pack_to_hook_by_cookie.Load(string(cookie))
if !ok {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
fmt.Fprintln(conn, "Invalid handler cookie")
return
}
var argc64 uint64
err = binary.Read(conn, binary.NativeEndian, &argc64)
if err != nil {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
fmt.Fprintln(conn, "Failed to read argc:", err.Error())
return
}
var args []string
for i := uint64(0); i < argc64; i++ {
var arg bytes.Buffer
for {
b := make([]byte, 1)
n, err := conn.Read(b)
if err != nil || n != 1 {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
fmt.Fprintln(conn, "Failed to read arg:", err.Error())
return
}
if b[0] == 0 {
break
}
arg.WriteByte(b[0])
}
args = append(args, arg.String())
}
var stdin bytes.Buffer
_, err = io.Copy(&stdin, conn)
if err != nil {
fmt.Fprintln(conn, "Failed to read to the stdin buffer:", err.Error())
}
switch filepath.Base(args[0]) {
case "pre-receive":
if pack_to_hook.direct_access {
if _, err := conn.Write([]byte{0}); err != nil {
return
}
} else {
ref_ok := make(map[string]uint8)
// 0 for ok
// 1 for rejection due to not a contrib branch
// 2 for rejection due to not being a new branch
for {
line, err := stdin.ReadString('\n')
if errors.Is(err, io.EOF) {
break
}
line = line[:len(line)-1]
old_oid, rest, found := strings.Cut(line, " ")
if !found {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
fmt.Fprintln(conn, "Invalid pre-receive line:", line)
break
}
new_oid, ref_name, found := strings.Cut(rest, " ")
if !found {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
fmt.Fprintln(conn, "Invalid pre-receive line:", line)
break
}
_ = new_oid
if strings.HasPrefix(ref_name, "refs/heads/contrib/") {
if all_zero_num_string(old_oid) {
ref_ok[ref_name] = 0
} else {
ref_ok[ref_name] = 2
}
} else {
ref_ok[ref_name] = 1
}
}
if or_all_in_map(ref_ok) == 0 {
if _, err := conn.Write([]byte{0}); err != nil {
return
}
fmt.Fprintln(conn, "Stuff")
} else {
if _, err := conn.Write([]byte{1}); err != nil {
return
}
for ref, status := range ref_ok {
switch status {
case 0:
fmt.Fprintln(conn, "Acceptable", ref)
case 1:
fmt.Fprintln(conn, "Not in the contrib/ namespace", ref)
case 2:
fmt.Fprintln(conn, "Branch already exists", ref)
default:
panic("Invalid branch status")
}
}
}
}
default:
if _, err := conn.Write([]byte{1}); err != nil {
return
}
fmt.Fprintln(conn, "Invalid hook:", args[0])
}
}
func serve_git_hooks(listener net.Listener) error {
for {
conn, err := listener.Accept()
if err != nil {
return err
}
go hooks_handle_connection(conn)
}
}
func get_ucred(conn net.Conn) (*syscall.Ucred, error) {
unix_conn := conn.(*net.UnixConn)
fd, err := unix_conn.File()
if err != nil {
return nil, err_get_fd
}
defer fd.Close()
ucred, err := syscall.GetsockoptUcred(int(fd.Fd()), syscall.SOL_SOCKET, syscall.SO_PEERCRED)
if err != nil {
return nil, err_get_ucred
}
return ucred, nil
}
func all_zero_num_string(s string) bool {
for _, r := range s {
if r != '0' {
return false
}
}
return true
}
func or_all_in_map[K comparable, V uint8 | uint16 | uint32 | uint64](m map[K]V) (result V) {
for _, value := range m {
result |= value
}
return
}
package main import ( "context" "errors" "io" "strings" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" "go.lindenii.runxiyu.org/lindenii-common/misc" ) var (
err_getting_commit_tree = errors.New("Error getting commit tree")
err_getting_patch_of_commit = errors.New("Error getting patch of commit")
err_getting_parent_commit_object = errors.New("Error getting parent commit object")
err_getting_commit_tree = errors.New("error getting commit tree")
err_getting_patch_of_commit = errors.New("error getting patch of commit")
err_getting_parent_commit_object = errors.New("error getting parent commit object")
)
// open_git_repo opens a git repository by group and repo name.
func open_git_repo(ctx context.Context, group_name, repo_name string) (repo *git.Repository, description string, repo_id int, err error) {
var fs_path string
err = database.QueryRow(ctx, "SELECT r.filesystem_path, COALESCE(r.description, ''), r.id FROM repos r JOIN groups g ON r.group_id = g.id WHERE g.name = $1 AND r.name = $2;", group_name, repo_name).Scan(&fs_path, &description, &repo_id)
if err != nil {
return
}
repo, err = git.PlainOpen(fs_path)
return
}
// go-git's tree entries are not friendly for use in HTML templates.
type display_git_tree_entry_t struct {
Name string
Mode string
Size int64
Is_file bool
Is_subtree bool
}
func build_display_git_tree(tree *object.Tree) []display_git_tree_entry_t {
display_git_tree := make([]display_git_tree_entry_t, 0)
for _, entry := range tree.Entries {
display_git_tree_entry := display_git_tree_entry_t{}
os_mode, err := entry.Mode.ToOSFileMode()
if err != nil {
display_git_tree_entry.Mode = "x---------"
} else {
display_git_tree_entry.Mode = os_mode.String()
}
display_git_tree_entry.Is_file = entry.Mode.IsFile()
display_git_tree_entry.Size, err = tree.Size(entry.Name)
if err != nil {
display_git_tree_entry.Size = 0
}
display_git_tree_entry.Name = strings.TrimPrefix(entry.Name, "/")
display_git_tree = append(display_git_tree, display_git_tree_entry)
}
return display_git_tree
}
var err_get_recent_commits = errors.New("Error getting recent commits")
var err_get_recent_commits = errors.New("error getting recent commits")
func get_recent_commits(repo *git.Repository, head_hash plumbing.Hash, number_of_commits int) (recent_commits []*object.Commit, err error) {
commit_iter, err := repo.Log(&git.LogOptions{From: head_hash})
if err != nil {
err = misc.Wrap_one_error(err_get_recent_commits, err)
return nil, err
}
recent_commits = make([]*object.Commit, 0)
defer commit_iter.Close()
if number_of_commits < 0 {
for {
this_recent_commit, err := commit_iter.Next()
if errors.Is(err, io.EOF) {
return recent_commits, nil
} else if err != nil {
err = misc.Wrap_one_error(err_get_recent_commits, err)
return nil, err
}
recent_commits = append(recent_commits, this_recent_commit)
}
} else {
for range number_of_commits {
this_recent_commit, err := commit_iter.Next()
if errors.Is(err, io.EOF) {
return recent_commits, nil
} else if err != nil {
err = misc.Wrap_one_error(err_get_recent_commits, err)
return nil, err
}
recent_commits = append(recent_commits, this_recent_commit)
}
}
return recent_commits, err
}
func get_patch_from_commit(commit_object *object.Commit) (parent_commit_hash plumbing.Hash, patch *object.Patch, ret_err error) {
parent_commit_object, err := commit_object.Parent(0)
if errors.Is(err, object.ErrParentNotFound) {
commit_tree, err := commit_object.Tree()
if err != nil {
ret_err = misc.Wrap_one_error(err_getting_commit_tree, err)
return
}
patch, err = (&object.Tree{}).Patch(commit_tree)
if err != nil {
ret_err = misc.Wrap_one_error(err_getting_patch_of_commit, err)
return
}
} else if err != nil {
ret_err = misc.Wrap_one_error(err_getting_parent_commit_object, err)
return
} else {
parent_commit_hash = parent_commit_object.Hash
patch, err = parent_commit_object.Patch(commit_object)
if err != nil {
ret_err = misc.Wrap_one_error(err_getting_patch_of_commit, err)
return
}
}
return
}
package main import ( "errors" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" "go.lindenii.runxiyu.org/lindenii-common/misc" ) var (
err_getting_tag_reference = errors.New("Error getting tag reference")
err_getting_branch_reference = errors.New("Error getting branch reference")
err_getting_head = errors.New("Error getting HEAD")
err_getting_tag_reference = errors.New("error getting tag reference")
err_getting_branch_reference = errors.New("error getting branch reference")
err_getting_head = errors.New("error getting HEAD")
)
// get_ref_hash_from_type_and_name returns the hash of a reference given its
// type and name as supplied in URL queries.
func get_ref_hash_from_type_and_name(repo *git.Repository, ref_type, ref_name string) (ref_hash plumbing.Hash, ret_err error) {
switch ref_type {
case "":
head, err := repo.Head()
if err != nil {
ret_err = misc.Wrap_one_error(err_getting_head, err)
return
}
ref_hash = head.Hash()
case "commit":
ref_hash = plumbing.NewHash(ref_name)
case "branch":
ref, err := repo.Reference(plumbing.NewBranchReferenceName(ref_name), true)
if err != nil {
ret_err = misc.Wrap_one_error(err_getting_branch_reference, err)
return
}
ref_hash = ref.Hash()
case "tag":
ref, err := repo.Reference(plumbing.NewTagReferenceName(ref_name), true)
if err != nil {
ret_err = misc.Wrap_one_error(err_getting_tag_reference, err)
return
}
ref_hash = ref.Hash()
default:
panic("Invalid ref type " + ref_type)
}
return
}
package main
import (
"errors"
"fmt"
"net/http"
"strconv"
"strings"
"github.com/jackc/pgx/v5"
"go.lindenii.runxiyu.org/lindenii-common/clog"
)
type http_router_t struct{}
func (router *http_router_t) ServeHTTP(w http.ResponseWriter, r *http.Request) {
clog.Info("Incoming HTTP: " + r.RemoteAddr + " " + r.Method + " " + r.RequestURI)
segments, _, err := parse_request_uri(r.RequestURI)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
non_empty_last_segments_len := len(segments)
if segments[len(segments)-1] == "" {
non_empty_last_segments_len--
}
if segments[0] == ":" {
if len(segments) < 2 {
http.Error(w, "Blank system endpoint", http.StatusNotFound)
return
} else if len(segments) == 2 && redirect_with_slash(w, r) {
return
}
switch segments[1] {
case "static":
static_handler.ServeHTTP(w, r)
return
case "source":
source_handler.ServeHTTP(w, r)
return
}
}
params := make(map[string]any)
params["url_segments"] = segments
params["global"] = global_data
var _user_id int // 0 for none
_user_id, params["username"], err = get_user_info_from_request(r)
if errors.Is(err, http.ErrNoCookie) {
} else if errors.Is(err, pgx.ErrNoRows) {
} else if err != nil {
http.Error(w, "Error getting user info from request: "+err.Error(), http.StatusInternalServerError)
return
}
if _user_id == 0 {
params["user_id"] = ""
} else {
params["user_id"] = strconv.Itoa(_user_id)
}
if segments[0] == ":" {
switch segments[1] {
case "login":
handle_login(w, r, params)
return
case "users":
handle_users(w, r, params)
return
default:
http.Error(w, fmt.Sprintf("Unknown system module type: %s", segments[1]), http.StatusNotFound)
return
}
}
separator_index := -1
for i, part := range segments {
if part == ":" {
separator_index = i
break
}
}
params["separator_index"] = separator_index
// TODO
if separator_index > 1 {
http.Error(w, "Subgroups haven't been implemented yet", http.StatusNotImplemented)
return
}
switch {
case non_empty_last_segments_len == 0:
handle_index(w, r, params)
case separator_index == -1:
http.Error(w, "Group indexing hasn't been implemented yet", http.StatusNotImplemented)
case non_empty_last_segments_len == separator_index+1:
http.Error(w, "Group root hasn't been implemented yet", http.StatusNotImplemented)
case non_empty_last_segments_len == separator_index+2:
if redirect_with_slash(w, r) {
return
}
module_type := segments[separator_index+1]
params["group_name"] = segments[0]
switch module_type {
case "repos":
handle_group_repos(w, r, params)
default:
http.Error(w, fmt.Sprintf("Unknown module type: %s", module_type), http.StatusNotFound)
}
default:
module_type := segments[separator_index+1]
module_name := segments[separator_index+2]
group_name := segments[0]
params["group_name"] = group_name
switch module_type {
case "repos":
params["repo_name"] = module_name
if non_empty_last_segments_len > separator_index+3 {
switch segments[separator_index+3] {
case "info":
err = handle_repo_info(w, r, params)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
return
case "git-upload-pack":
err = handle_upload_pack(w, r, params)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
return
}
}
params["ref_type"], params["ref_name"], err = get_param_ref_and_type(r)
if err != nil {
if errors.Is(err, err_no_ref_spec) {
params["ref_type"] = ""
} else {
http.Error(w, "Error querying ref type: "+err.Error(), http.StatusInternalServerError)
return
}
}
// TODO: subgroups
params["repo"], params["repo_description"], params["repo_id"], err = open_git_repo(r.Context(), group_name, module_name)
if err != nil {
http.Error(w, "Error opening repo: "+err.Error(), http.StatusInternalServerError)
return
}
if non_empty_last_segments_len == separator_index+3 {
if redirect_with_slash(w, r) {
return
}
handle_repo_index(w, r, params)
return
}
repo_feature := segments[separator_index+3]
switch repo_feature {
case "tree":
params["rest"] = strings.Join(segments[separator_index+4:], "/")
if len(segments) < separator_index+5 && redirect_with_slash(w, r) {
return
}
handle_repo_tree(w, r, params)
case "raw":
params["rest"] = strings.Join(segments[separator_index+4:], "/")
if len(segments) < separator_index+5 && redirect_with_slash(w, r) {
return
}
handle_repo_raw(w, r, params)
case "log":
if non_empty_last_segments_len > separator_index+4 {
http.Error(w, "Too many parameters", http.StatusBadRequest)
return
}
if redirect_with_slash(w, r) {
return
}
handle_repo_log(w, r, params)
case "commit":
if redirect_without_slash(w, r) {
return
}
params["commit_id"] = segments[separator_index+4]
handle_repo_commit(w, r, params)
case "contrib":
if redirect_with_slash(w, r) {
return
}
switch non_empty_last_segments_len {
case separator_index+4:
handle_repo_contrib_index(w, r, params)
case separator_index+5:
params["mr_id"] = segments[separator_index+4]
handle_repo_contrib_one(w, r, params)
default:
http.Error(w, "Too many parameters", http.StatusBadRequest)
}
default:
http.Error(w, fmt.Sprintf("Unknown repo feature: %s", repo_feature), http.StatusNotFound)
}
default:
http.Error(w, fmt.Sprintf("Unknown module type: %s", module_type), http.StatusNotFound)
}
}
}
var err_bad_request = errors.New("Bad Request")
var err_bad_request = errors.New("bad request")
package main import ( "errors" "fmt" "os" "os/exec" glider_ssh "github.com/gliderlabs/ssh" "go.lindenii.runxiyu.org/lindenii-common/cmap" )
var err_unauthorized_push = errors.New("You are not authorized to push to this repository")
var err_unauthorized_push = errors.New("you are not authorized to push to this repository")
type pack_to_hook_t struct {
session *glider_ssh.Session
pubkey string
direct_access bool
repo_path string
}
var pack_to_hook_by_cookie = cmap.Map[string, pack_to_hook_t]{}
// ssh_handle_receive_pack handles attempts to push to repos.
func ssh_handle_receive_pack(session glider_ssh.Session, pubkey string, repo_identifier string) (err error) {
// Here "access" means direct maintainer access. access=false doesn't
// necessarily mean the push is declined. This decision is delegated to
// the pre-receive hook, which is then handled by git_hooks_handle.go
// while being aware of the refs to be updated.
repo_path, access, err := get_repo_path_perms_from_ssh_path_pubkey(session.Context(), repo_identifier, pubkey)
if err != nil {
return err
}
cookie, err := random_urlsafe_string(16)
if err != nil {
fmt.Fprintln(session.Stderr(), "Error while generating cookie:", err)
}
pack_to_hook_by_cookie.Store(cookie, pack_to_hook_t{
session: &session,
pubkey: pubkey,
direct_access: access,
repo_path: repo_path,
})
defer pack_to_hook_by_cookie.Delete(cookie)
// The Delete won't execute until proc.Wait returns unless something
// horribly wrong such as a panic occurs.
proc := exec.CommandContext(session.Context(), "git-receive-pack", repo_path)
proc.Env = append(os.Environ(),
"LINDENII_FORGE_HOOKS_SOCKET_PATH="+config.Hooks.Socket,
"LINDENII_FORGE_HOOKS_COOKIE="+cookie,
)
proc.Stdin = session
proc.Stdout = session
proc.Stderr = session.Stderr()
err = proc.Start()
if err != nil {
fmt.Fprintln(session.Stderr(), "Error while starting process:", err)
return err
}
err = proc.Wait()
if exitError, ok := err.(*exec.ExitError); ok {
fmt.Fprintln(session.Stderr(), "Process exited with error", exitError.ExitCode())
} else if err != nil {
fmt.Fprintln(session.Stderr(), "Error while waiting for process:", err)
}
return err
}
package main import ( "context" "errors" "net/url" "strings" )
var err_ssh_illegal_endpoint = errors.New("Illegal endpoint during SSH access")
var err_ssh_illegal_endpoint = errors.New("illegal endpoint during SSH access")
func get_repo_path_perms_from_ssh_path_pubkey(ctx context.Context, ssh_path string, ssh_pubkey string) (repo_path string, direct_access bool, err error) {
segments := strings.Split(strings.TrimPrefix(ssh_path, "/"), "/")
for i, segment := range segments {
var err error
segments[i], err = url.PathUnescape(segment)
if err != nil {
return "", false, err
}
}
if segments[0] == ":" {
return "", false, err_ssh_illegal_endpoint
}
separator_index := -1
for i, part := range segments {
if part == ":" {
separator_index = i
break
}
}
if segments[len(segments)-1] == "" {
segments = segments[:len(segments)-1]
}
switch {
case separator_index == -1:
return "", false, err_ssh_illegal_endpoint
case len(segments) <= separator_index+2:
return "", false, err_ssh_illegal_endpoint
}
group_name := segments[0]
module_type := segments[separator_index+1]
module_name := segments[separator_index+2]
switch module_type {
case "repos":
return get_path_perm_by_group_repo_key(ctx, group_name, module_name, ssh_pubkey)
default:
return "", false, err_ssh_illegal_endpoint
}
}
package main import ( "errors" "net/http" "net/url" "strings" "go.lindenii.runxiyu.org/lindenii-common/misc" ) var (
err_duplicate_ref_spec = errors.New("Duplicate ref spec")
err_no_ref_spec = errors.New("No ref spec")
err_duplicate_ref_spec = errors.New("duplicate ref spec")
err_no_ref_spec = errors.New("no ref spec")
)
func get_param_ref_and_type(r *http.Request) (ref_type, ref string, err error) {
qr := r.URL.RawQuery
q, err := url.ParseQuery(qr)
if err != nil {
return
}
done := false
for _, _ref_type := range []string{"commit", "branch", "tag"} {
_ref, ok := q[_ref_type]
if ok {
if done {
err = err_duplicate_ref_spec
return
} else {
done = true
if len(_ref) != 1 {
err = err_duplicate_ref_spec
return
}
ref = _ref[0]
ref_type = _ref_type
}
}
}
if !done {
err = err_no_ref_spec
}
return
}
func parse_request_uri(request_uri string) (segments []string, params url.Values, err error) {
path, params_string, _ := strings.Cut(request_uri, "?")
segments = strings.Split(strings.TrimPrefix(path, "/"), "/")
for i, segment := range segments {
segments[i], err = url.PathUnescape(segment)
if err != nil {
return nil, nil, misc.Wrap_one_error(err_bad_request, err)
}
}
params, err = url.ParseQuery(params_string)
if err != nil {
return nil, nil, misc.Wrap_one_error(err_bad_request, err)
}
return
}
func redirect_with_slash(w http.ResponseWriter, r *http.Request) bool {
request_uri := r.RequestURI
path_end := strings.IndexAny(request_uri, "?#")
var path, rest string
if path_end == -1 {
path = request_uri
} else {
path = request_uri[:path_end]
rest = request_uri[path_end:]
}
if !strings.HasSuffix(path, "/") {
http.Redirect(w, r, path+"/"+rest, http.StatusSeeOther)
return true
}
return false
}
func redirect_without_slash(w http.ResponseWriter, r *http.Request) bool {
request_uri := r.RequestURI
path_end := strings.IndexAny(request_uri, "?#")
var path, rest string
if path_end == -1 {
path = request_uri
} else {
path = request_uri[:path_end]
rest = request_uri[path_end:]
}
if strings.HasSuffix(path, "/") {
http.Redirect(w, r, strings.TrimSuffix(path, "/")+rest, http.StatusSeeOther)
return true
}
return false
}