Commit e5666ad52a5650ad80be33beeabef13d58003918 – server – forge

server

Lindenii Forge’s main backend daemon

Hi… I am well aware that this diff view is very suboptimal. It will be fixed when the refactored server comes along!

Commit info

e5666ad52a5650ad80be33beeabef13d58003918

Author

Runxi Yu <me@runxiyu.org>

Author date

Thu, 20 Feb 2025 11:09:55 +0800

Committer

Runxi Yu <me@runxiyu.org>

Committer date

Thu, 20 Feb 2025 11:09:55 +0800

Actions

Get patch

hooks: Use colorful SSH messages

--- a/git_hooks_handle.go 0100644
+++ b/git_hooks_handle.go 0100644

package main

import (
	"bytes"
	"context"
	"encoding/binary"
	"errors"
	"fmt"
	"io"
	"net"
	"os"
	"path/filepath"
	"strings"
	"syscall"

	"github.com/jackc/pgx/v5"
	"github.com/go-git/go-git/v5"
	"github.com/go-git/go-git/v5/plumbing"

	"go.lindenii.runxiyu.org/lindenii-common/ansiec"

)

var (
	err_get_fd    = errors.New("unable to get file descriptor")
	err_get_ucred = errors.New("failed getsockopt")
)

// hooks_handle_connection handles a connection from git_hooks_client via the
// unix socket.
func hooks_handle_connection(conn net.Conn) {
	defer conn.Close()
	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()

	// There aren't reasonable cases where someone would run this as
	// another user.
	ucred, err := get_ucred(conn)
	if err != nil {
		if _, err := conn.Write([]byte{1}); err != nil {
			return
		}

		fmt.Fprintln(conn, "Unable to get peer credentials:", err.Error())

		wf_error(conn, "\nUnable to get peer credentials: %v", err)

		return
	}
	if ucred.Uid != uint32(os.Getuid()) {
		if _, err := conn.Write([]byte{1}); err != nil {
			return
		}

		fmt.Fprintln(conn, "UID mismatch")

		wf_error(conn, "\nUID mismatch")

		return
	}

	cookie := make([]byte, 64)
	_, err = conn.Read(cookie)
	if err != nil {
		if _, err := conn.Write([]byte{1}); err != nil {
			return
		}

		fmt.Fprintln(conn, "Failed to read cookie:", err.Error())

		wf_error(conn, "\nFailed to read cookie: %v", err)

		return
	}

	pack_to_hook, ok := pack_to_hook_by_cookie.Load(string(cookie))
	if !ok {
		if _, err := conn.Write([]byte{1}); err != nil {
			return
		}

		fmt.Fprintln(conn, "Invalid handler cookie")

		wf_error(conn, "\nInvalid handler cookie")

		return
	}

	ssh_stderr := pack_to_hook.session.Stderr()


	ssh_stderr.Write([]byte{'\n'})


	hook_return_value := func() byte {
		var argc64 uint64
		err = binary.Read(conn, binary.NativeEndian, &argc64)
		if err != nil {

			fmt.Fprintln(ssh_stderr, "Failed to read argc:", err.Error())

			wf_error(ssh_stderr, "Failed to read argc: %v", err)

			return 1
		}
		var args []string
		for i := uint64(0); i < argc64; i++ {
			var arg bytes.Buffer
			for {
				b := make([]byte, 1)
				n, err := conn.Read(b)
				if err != nil || n != 1 {

					fmt.Fprintln(ssh_stderr, "Failed to read arg:", err.Error())

					wf_error(ssh_stderr, "Failed to read arg: %v", err)

					return 1
				}
				if b[0] == 0 {
					break
				}
				arg.WriteByte(b[0])
			}
			args = append(args, arg.String())
		}

		var stdin bytes.Buffer
		_, err = io.Copy(&stdin, conn)
		if err != nil {

			fmt.Fprintln(conn, "Failed to read to the stdin buffer:", err.Error())

			wf_error(conn, "Failed to read to the stdin buffer: %v", err)

		}

		switch filepath.Base(args[0]) {
		case "pre-receive":
			if pack_to_hook.direct_access {
				return 0
			} else {
				all_ok := true
				for {
					line, err := stdin.ReadString('\n')
					if errors.Is(err, io.EOF) {
						break
					}
					line = line[:len(line)-1]

					old_oid, rest, found := strings.Cut(line, " ")
					if !found {

						fmt.Fprintln(ssh_stderr, "Invalid pre-receive line:", line)

						wf_error(ssh_stderr, "Invalid pre-receive line: %v", line)

						return 1
					}

					new_oid, ref_name, found := strings.Cut(rest, " ")
					if !found {

						fmt.Fprintln(ssh_stderr, "Invalid pre-receive line:", line)

						wf_error(ssh_stderr, "Invalid pre-receive line: %v", line)

						return 1
					}

					if strings.HasPrefix(ref_name, "refs/heads/contrib/") {
						if all_zero_num_string(old_oid) { // New branch

							fmt.Fprintln(ssh_stderr, "Acceptable push to new contrib branch: "+ref_name)

							fmt.Fprintln(ssh_stderr, ansiec.Blue + "POK" + ansiec.Reset, ref_name)

							_, err = database.Exec(ctx,
								"INSERT INTO merge_requests (repo_id, creator, source_ref, status) VALUES ($1, $2, $3, 'open')",
								pack_to_hook.repo_id, pack_to_hook.user_id, strings.TrimPrefix(ref_name, "refs/heads/"),
							)
							if err != nil {

								fmt.Fprintln(ssh_stderr, "Error creating merge request:", err.Error())

								wf_error(ssh_stderr, "Error creating merge request: %v", err)

								return 1
							}
						} else { // Existing contrib branch
							var existing_merge_request_user_id int
							err = database.QueryRow(ctx,
								"SELECT COALESCE(creator, 0) FROM merge_requests WHERE source_ref = $1 AND repo_id = $2",
								strings.TrimPrefix(ref_name, "refs/heads/"), pack_to_hook.repo_id,
							).Scan(&existing_merge_request_user_id)
							if err != nil {
								if errors.Is(err, pgx.ErrNoRows) {

									fmt.Fprintln(ssh_stderr, "No existing merge request for existing contrib branch:", err.Error())

									wf_error(ssh_stderr, "No existing merge request for existing contrib branch: %v", err)

								} else {

									fmt.Fprintln(ssh_stderr, "Error querying for existing merge request:", err.Error())

									wf_error(ssh_stderr, "Error querying for existing merge request: %v", err)

								}
								return 1
							}
							if existing_merge_request_user_id == 0 {
								all_ok = false

								fmt.Fprintln(ssh_stderr, "Rejecting push to merge request with no owner", ref_name)

								fmt.Fprintln(ssh_stderr, ansiec.Red + "NAK" + ansiec.Reset, ref_name, "(branch belongs to unowned MR)")

								continue
							}

							if existing_merge_request_user_id != pack_to_hook.user_id {
								all_ok = false

								fmt.Fprintln(ssh_stderr, "Rejecting push to existing contrib branch owned by another user:", ref_name)

								fmt.Fprintln(ssh_stderr, ansiec.Red + "NAK" + ansiec.Reset, ref_name, "(branch belongs another user's MR)")

								continue
							}

							repo, err := git.PlainOpen(pack_to_hook.repo_path)
							if err != nil {

								fmt.Fprintln(ssh_stderr, "Daemon failed to open repo:", err.Error())

								wf_error(ssh_stderr, "Daemon failed to open repo: %v", err)

								return 1
							}

							old_hash := plumbing.NewHash(old_oid)

							old_commit, err := repo.CommitObject(old_hash)
							if err != nil {

								fmt.Fprintln(ssh_stderr, "Daemon failed to get old commit:", err.Error())

								wf_error(ssh_stderr, "Daemon failed to get old commit: %v", err)

								return 1
							}

							// Potential BUG: I'm not sure if new_commit is guaranteed to be
							// detectable as they haven't been merged into the main repo's
							// objects yet. But it seems to work, and I don't think there's
							// any reason for this to only work intermitently.
							new_hash := plumbing.NewHash(new_oid)
							new_commit, err := repo.CommitObject(new_hash)
							if err != nil {

								fmt.Fprintln(ssh_stderr, "Daemon failed to get new commit:", err.Error())

								wf_error(ssh_stderr, "Daemon failed to get new commit: %v", err)

								return 1
							}

							is_ancestor, err := old_commit.IsAncestor(new_commit)
							if err != nil {

								fmt.Fprintln(ssh_stderr, "Daemon failed to check if old commit is ancestor:", err.Error())

								wf_error(ssh_stderr, "Daemon failed to check if old commit is ancestor: %v", err)

								return 1
							}

							if !is_ancestor {
								// TODO: Create MR snapshot ref instead
								all_ok = false

								fmt.Fprintln(ssh_stderr, "Rejecting force push to contrib branch: "+ref_name)

								fmt.Fprintln(ssh_stderr, ansiec.Red + "NAK" + ansiec.Reset, ref_name, "(force pushes are not supported yet)")

								continue
							}

							fmt.Fprintln(ssh_stderr, "Acceptable push to existing contrib branch: "+ref_name)

							fmt.Fprintln(ssh_stderr, ansiec.Blue + "POK" + ansiec.Reset, ref_name)

						}
					} else { // Non-contrib branch
						all_ok = false

						fmt.Fprintln(ssh_stderr, "Rejecting push to non-contrib branch: "+ref_name)

						fmt.Fprintln(ssh_stderr, ansiec.Red + "NAK" + ansiec.Reset, ref_name, "(you cannot push to branches outside of contrib/*)")

					}
				}

				if all_ok {

					fmt.Fprintln(ssh_stderr)
					fmt.Fprintln(ssh_stderr, ansiec.Green + "ACK" + ansiec.Reset + " (all checks passed)")

					return 0
				} else {

					fmt.Fprintln(ssh_stderr)
					fmt.Fprintln(ssh_stderr, ansiec.Red + "NAK" + ansiec.Reset + " (one or more branches failed checks; rejecting everything)")

					return 1
				}
			}
		default:

			fmt.Fprintln(ssh_stderr, "Invalid hook:", args[0])

			fmt.Fprintln(ssh_stderr, ansiec.Red + "Invalid hook:", args[0] + ansiec.Reset)

			return 1
		}
	}()


	fmt.Fprintln(ssh_stderr)


	_, _ = conn.Write([]byte{hook_return_value})
}

func serve_git_hooks(listener net.Listener) error {
	for {
		conn, err := listener.Accept()
		if err != nil {
			return err
		}
		go hooks_handle_connection(conn)
	}
}

func get_ucred(conn net.Conn) (*syscall.Ucred, error) {
	unix_conn := conn.(*net.UnixConn)
	fd, err := unix_conn.File()
	if err != nil {
		return nil, err_get_fd
	}
	defer fd.Close()

	ucred, err := syscall.GetsockoptUcred(int(fd.Fd()), syscall.SOL_SOCKET, syscall.SO_PEERCRED)
	if err != nil {
		return nil, err_get_ucred
	}
	return ucred, nil
}

func all_zero_num_string(s string) bool {
	for _, r := range s {
		if r != '0' {
			return false
		}
	}
	return true
}

--- a/ssh_utils.go 0100644
+++ b/ssh_utils.go 0100644

package main

import (
	"context"
	"errors"

	"fmt"
	"io"

	"net/url"
	"strings"


	"go.lindenii.runxiyu.org/lindenii-common/ansiec"

)

var err_ssh_illegal_endpoint = errors.New("illegal endpoint during SSH access")

func get_repo_path_perms_from_ssh_path_pubkey(ctx context.Context, ssh_path string, ssh_pubkey string) (repo_id int, repo_path string, direct_access bool, contrib_requirements string, user_type string, user_id int, err error) {
	segments := strings.Split(strings.TrimPrefix(ssh_path, "/"), "/")

	for i, segment := range segments {
		var err error
		segments[i], err = url.PathUnescape(segment)
		if err != nil {
			return 0, "", false, "", "", 0, err
		}
	}

	if segments[0] == ":" {
		return 0, "", false, "", "", 0, err_ssh_illegal_endpoint
	}

	separator_index := -1
	for i, part := range segments {
		if part == ":" {
			separator_index = i
			break
		}
	}
	if segments[len(segments)-1] == "" {
		segments = segments[:len(segments)-1]
	}

	switch {
	case separator_index == -1:
		return 0, "", false, "", "", 0, err_ssh_illegal_endpoint
	case len(segments) <= separator_index+2:
		return 0, "", false, "", "", 0, err_ssh_illegal_endpoint
	}

	group_name := segments[0]
	module_type := segments[separator_index+1]
	module_name := segments[separator_index+2]
	switch module_type {
	case "repos":
		return get_path_perm_by_group_repo_key(ctx, group_name, module_name, ssh_pubkey)
	default:
		return 0, "", false, "", "", 0, err_ssh_illegal_endpoint
	}
}


func wf_error(w io.Writer, format string, args ...any) {
	fmt.Fprintln(w, ansiec.Red + fmt.Sprintf(format, args...) + ansiec.Reset)
}