Commit 1364d688e454454258c6c97b1dc844cc94a67a9e – server – lindenii/forge/

Commit info
ID	1364d688e454454258c6c97b1dc844cc94a67a9e
Author	Runxi Yu<me@runxiyu.org>
Author date	Thu, 13 Feb 2025 15:16:11 +0800
Committer	Runxi Yu<me@runxiyu.org>
Committer date	Thu, 13 Feb 2025 15:16:11 +0800
Actions	Get patch

--- a/config.go 0100644
+++ b/config.go 0100644

package main

import (
	"bufio"
	"context"
	"errors"
	"os"

	"github.com/jackc/pgx/v5/pgxpool"
	"go.lindenii.runxiyu.org/lindenii-common/scfg"
)

var database *pgxpool.Pool

var err_unsupported_database_type = errors.New("Unsupported database type")

var config struct {
	HTTP struct {
		Net          string `scfg:"net"`
		Addr         string `scfg:"addr"`
		CookieExpiry int    `scfg:"cookie_expiry"`
	} `scfg:"http"`
	SSH struct {
		Net  string `scfg:"net"`
		Addr string `scfg:"addr"`
		Key  string `scfg:"key"`

		Root string `scfg:"root"`

	} `scfg:"ssh"`
	Git struct {
		Root string `scfg:"root"`
	} `scfg:"git"`
	DB struct {
		Type string `scfg:"type"`
		Conn string `scfg:"conn"`
	} `scfg:"db"`
}

func load_config(path string) (err error) {
	config_file, err := os.Open(path)
	if err != nil {
		return err
	}
	defer config_file.Close()

	decoder := scfg.NewDecoder(bufio.NewReader(config_file))
	err = decoder.Decode(&config)
	if err != nil {
		return err
	}

	if config.DB.Type != "postgres" {
		return err_unsupported_database_type
	}
	database, err = pgxpool.New(context.Background(), config.DB.Conn)
	if err != nil {
		return err
	}

	return nil
}

--- a/forge.scfg 0100644
+++ b/forge.scfg 0100644

http {
	net tcp
	addr :8080
	cookie_expiry 604800
}

ssh {
	net tcp
	addr :2222
	key /etc/ssh/ssh_host_ed25519_key

	root ssh://forge.example.org

}

db {
	type postgres
	conn postgresql:///lindenii-forge?host=/var/run/postgresql
}

git {
	root /srv/git
}

--- a/http_handle_repo_index.go 0100644
+++ b/http_handle_repo_index.go 0100644

package main

import (
	"net/http"

	"net/url"

)

func handle_repo_index(w http.ResponseWriter, r *http.Request, params map[string]any) {
	group_name, repo_name := params["group_name"].(string), params["repo_name"].(string)
	repo, description, err := open_git_repo(r.Context(), group_name, repo_name)
	if err != nil {
		http.Error(w, "Error opening repo:: "+err.Error(), http.StatusInternalServerError)
		return
	}
	params["repo_description"] = description
	head, err := repo.Head()
	if err != nil {
		http.Error(w, "Error getting repo HEAD:: "+err.Error(), http.StatusInternalServerError)
		return
	}
	params["ref"] = head.Name().Short()
	head_hash := head.Hash()
	recent_commits, err := get_recent_commits(repo, head_hash, 3)
	if err != nil {
		http.Error(w, "Error getting recent commits:: "+err.Error(), http.StatusInternalServerError)
		return
	}
	params["commits"] = recent_commits
	commit_object, err := repo.CommitObject(head_hash)
	if err != nil {
		http.Error(w, "Error getting commit object:: "+err.Error(), http.StatusInternalServerError)
		return
	}
	tree, err := commit_object.Tree()
	if err != nil {
		http.Error(w, "Error getting file tree:: "+err.Error(), http.StatusInternalServerError)
		return
	}

	params["readme_filename"], params["readme"] = render_readme_at_tree(tree)
	params["files"] = build_display_git_tree(tree)

	params["clone_url"] = "ssh://" + r.Host + "/" + url.PathEscape(group_name) + "/:/repos/" + url.PathEscape(repo_name)

	params["clone_url"] = generate_ssh_remote_url(group_name, repo_name)


	err = templates.ExecuteTemplate(w, "repo_index", params)
	if err != nil {
		http.Error(w, "Error rendering template:: "+err.Error(), http.StatusInternalServerError)
		return
	}
}

--- a/http_handle_repo_info.go 0100644
+++ b/http_handle_repo_info.go 0100644

package main

import (
	"net/http"

	"net/url"

)

func handle_repo_info(w http.ResponseWriter, r *http.Request, params map[string]any) {

	http.Error(w, "\x1b[1;93mHi! We do not support Git operations over HTTP yet.\x1b[0m\n\x1b[1;93mMeanwhile, please use ssh by simply replacing the scheme with \"ssh://\":\x1b[0m\n\x1b[1;93mssh://"+r.Host+"/"+url.PathEscape(params["group_name"].(string))+"/:/repos/"+url.PathEscape(params["repo_name"].(string))+"\x1b[0m", http.StatusNotImplemented)

	http.Error(w, "\x1b[1;93mHi! We do not support Git operations over HTTP yet.\x1b[0m\n\x1b[1;93mMeanwhile, please use ssh by simply replacing the scheme with \"ssh://\":\x1b[0m\n\x1b[1;93m"+ generate_ssh_remote_url(params["group_name"].(string), params["repo_name"].(string)) + "\x1b[0m", http.StatusNotImplemented)

--- a/ssh_server.go 0100644
+++ b/ssh_server.go 0100644

package main

import (
	"fmt"
	"net"
	"os"
	"os/exec"
	"strings"

	glider_ssh "github.com/gliderlabs/ssh"
	"go.lindenii.runxiyu.org/lindenii-common/clog"
	go_ssh "golang.org/x/crypto/ssh"
)

var (
	server_public_key_string      string
	server_public_key_fingerprint string
	server_public_key             go_ssh.PublicKey
)

func serve_ssh(listener net.Listener) error {
	host_key_bytes, err := os.ReadFile(config.SSH.Key)
	if err != nil {
		return err
	}

	host_key, err := go_ssh.ParsePrivateKey(host_key_bytes)
	if err != nil {
		return err
	}

	server_public_key = host_key.PublicKey()
	server_public_key_string = string(go_ssh.MarshalAuthorizedKey(server_public_key))
	server_public_key_fingerprint = string(go_ssh.FingerprintSHA256(server_public_key))

	server := &glider_ssh.Server{
		Handler: func(session glider_ssh.Session) {
			client_public_key := session.PublicKey()
			var client_public_key_string string
			if client_public_key != nil {
				client_public_key_string = string(go_ssh.MarshalAuthorizedKey(client_public_key))
			}

			clog.Debug("Incoming SSH: " + session.RemoteAddr().String() + " " + strings.TrimSuffix(client_public_key_string, "\n") + " " + session.RawCommand())

			cmd := session.Command()

			if len(cmd) < 2 {
				fmt.Fprintln(session.Stderr(), "Insufficient arguments")
				return
			}

			if cmd[0] != "git-upload-pack" {
				fmt.Fprintln(session.Stderr(), "Unsupported command")
				return
			}

			fs_path, err := get_repo_path_from_ssh_path(session.Context(), cmd[1])
			if err != nil {
				fmt.Fprintln(session.Stderr(), "Error while getting repo path:", err)
				return
			}

			proc := exec.CommandContext(session.Context(), cmd[0], fs_path)
			proc.Stdin = session
			proc.Stdout = session
			proc.Stderr = session.Stderr()

			err = proc.Start()
			if err != nil {
				fmt.Fprintln(session.Stderr(), "Error while starting process:", err)
				return
			}
			err = proc.Wait()
			if exit_error, ok := err.(*exec.ExitError); ok {
				fmt.Fprintln(session.Stderr(), "Process exited with error", exit_error.ExitCode())
			} else if err != nil {
				fmt.Fprintln(session.Stderr(), "Error while waiting for process:", err)
			}
		},
		PublicKeyHandler:           func(ctx glider_ssh.Context, key glider_ssh.PublicKey) bool { return true },
		KeyboardInteractiveHandler: func(ctx glider_ssh.Context, challenge go_ssh.KeyboardInteractiveChallenge) bool { return true },

		// It is intentional that we do not check any credentials and accept all connections.
		// This allows all users to connect and clone repositories; when pushing is added later,
		// we will check their public key in the session handler, not in the auth handlers.

	}

	server.AddHostKey(host_key)

	go func() {
		err = server.Serve(listener)
		if err != nil {
			clog.Fatal(1, "Serving SSH: "+err.Error())
		}
	}()

	return nil
}

--- /dev/null
+++ b/ssh_url_generation.go 0100644

package main

import (
	"net/url"
	"strings"
)

func generate_ssh_remote_url(group_name, repo_name string) string {
	return strings.TrimSuffix(config.SSH.Root, "/")+"/"+url.PathEscape(group_name)+"/:/repos/"+url.PathEscape(repo_name)
}