gitweb: Add a per-repository authorization hook.

[Gitweb] / gitweb.perl
diff --git a/gitweb.perl b/gitweb.perl

index 102c6ee4dbe892b53d60bb338f50c727c25cc067cc6795530cbf7734c536f613..144d7ee2a56b12aeba816f491c483f447ee4174ec67d1c711eca705341bc27c2 100755 (executable)
--- a/gitweb.perl
+++ b/gitweb.perl
@@ -96,6 +96,11 @@ our $default_projects_order = "project";
  # (only effective if this variable evaluates to true)
  our $export_ok = "++GITWEB_EXPORT_OK++";
  
  # (only effective if this variable evaluates to true)
  our $export_ok = "++GITWEB_EXPORT_OK++";
  
+# show repository only if this subroutine returns true
+# when given the path to the project, for example:
+#    sub { return -e "$_[0]/git-daemon-export-ok"; }
+our $export_auth_hook = undef;
+
  # only allow viewing of repositories also shown on the overview page
  our $strict_export = "++GITWEB_STRICT_EXPORT++";
  
  # only allow viewing of repositories also shown on the overview page
  our $strict_export = "++GITWEB_STRICT_EXPORT++";
  
@@ -401,7 +406,8 @@ sub check_head_link {
  sub check_export_ok {
         my ($dir) = @_;
         return (check_head_link($dir) &&
  sub check_export_ok {
         my ($dir) = @_;
         return (check_head_link($dir) &&
-               (!$export_ok || -e "$dir/$export_ok"));
+               (!$export_ok || -e "$dir/$export_ok") &&
+               (!$export_auth_hook || $export_auth_hook->($dir)));
  }
  
  # process alternate names for backward compatibility
  }
  
  # process alternate names for backward compatibility
@@ -535,23 +541,126 @@ sub evaluate_path_info {
         return if $input_params{'action'};
         $path_info =~ s,^\Q$project\E/*,,;
  
         return if $input_params{'action'};
         $path_info =~ s,^\Q$project\E/*,,;
  
-       my ($refname, $pathname) = split(/:/, $path_info, 2);
+       # next, check if we have an action
+       my $action = $path_info;
+       $action =~ s,/.*$,,;
+       if (exists $actions{$action}) {
+               $path_info =~ s,^$action/*,,;
+               $input_params{'action'} = $action;
+       }
+
+       # list of actions that want hash_base instead of hash, but can have no
+       # pathname (f) parameter
+       my @wants_base = (
+               'tree',
+               'history',
+       );
+
+       # we want to catch
+       # [$hash_parent_base[:$file_parent]..]$hash_parent[:$file_name]
+       my ($parentrefname, $parentpathname, $refname, $pathname) =
+               ($path_info =~ /^(?:(.+?)(?::(.+))?\.\.)?(.+?)(?::(.+))?$/);
+
+       # first, analyze the 'current' part
         if (defined $pathname) {
         if (defined $pathname) {
-               # we got "project.git/branch:filename" or "project.git/branch:dir/"
-               # we could use git_get_type(branch:pathname), but it needs $git_dir
+               # we got "branch:filename" or "branch:dir/"
+               # we could use git_get_type(branch:pathname), but:
+               # - it needs $git_dir
+               # - it does a git() call
+               # - the convention of terminating directories with a slash
+               #   makes it superfluous
+               # - embedding the action in the PATH_INFO would make it even
+               #   more superfluous
                 $pathname =~ s,^/+,,;
                 if (!$pathname || substr($pathname, -1) eq "/") {
                 $pathname =~ s,^/+,,;
                 if (!$pathname || substr($pathname, -1) eq "/") {
-                       $input_params{'action'} = "tree";
+                       $input_params{'action'} ||= "tree";
                         $pathname =~ s,/$,,;
                 } else {
                         $pathname =~ s,/$,,;
                 } else {
-                       $input_params{'action'} = "blob_plain";
+                       # the default action depends on whether we had parent info
+                       # or not
+                       if ($parentrefname) {
+                               $input_params{'action'} ||= "blobdiff_plain";
+                       } else {
+                               $input_params{'action'} ||= "blob_plain";
+                       }
                 }
                 $input_params{'hash_base'} ||= $refname;
                 $input_params{'file_name'} ||= $pathname;
         } elsif (defined $refname) {
                 }
                 $input_params{'hash_base'} ||= $refname;
                 $input_params{'file_name'} ||= $pathname;
         } elsif (defined $refname) {
-               # we got "project.git/branch"
-               $input_params{'action'} = "shortlog";
-               $input_params{'hash'} ||= $refname;
+               # we got "branch". In this case we have to choose if we have to
+               # set hash or hash_base.
+               #
+               # Most of the actions without a pathname only want hash to be
+               # set, except for the ones specified in @wants_base that want
+               # hash_base instead. It should also be noted that hand-crafted
+               # links having 'history' as an action and no pathname or hash
+               # set will fail, but that happens regardless of PATH_INFO.
+               $input_params{'action'} ||= "shortlog";
+               if (grep { $_ eq $input_params{'action'} } @wants_base) {
+                       $input_params{'hash_base'} ||= $refname;
+               } else {
+                       $input_params{'hash'} ||= $refname;
+               }
+       }
+
+       # next, handle the 'parent' part, if present
+       if (defined $parentrefname) {
+               # a missing pathspec defaults to the 'current' filename, allowing e.g.
+               # someproject/blobdiff/oldrev..newrev:/filename
+               if ($parentpathname) {
+                       $parentpathname =~ s,^/+,,;
+                       $parentpathname =~ s,/$,,;
+                       $input_params{'file_parent'} ||= $parentpathname;
+               } else {
+                       $input_params{'file_parent'} ||= $input_params{'file_name'};
+               }
+               # we assume that hash_parent_base is wanted if a path was specified,
+               # or if the action wants hash_base instead of hash
+               if (defined $input_params{'file_parent'} ||
+                       grep { $_ eq $input_params{'action'} } @wants_base) {
+                       $input_params{'hash_parent_base'} ||= $parentrefname;
+               } else {
+                       $input_params{'hash_parent'} ||= $parentrefname;
+               }
+       }
+
+       # for the snapshot action, we allow URLs in the form
+       # $project/snapshot/$hash.ext
+       # where .ext determines the snapshot and gets removed from the
+       # passed $refname to provide the $hash.
+       #
+       # To be able to tell that $refname includes the format extension, we
+       # require the following two conditions to be satisfied:
+       # - the hash input parameter MUST have been set from the $refname part
+       #   of the URL (i.e. they must be equal)
+       # - the snapshot format MUST NOT have been defined already (e.g. from
+       #   CGI parameter sf)
+       # It's also useless to try any matching unless $refname has a dot,
+       # so we check for that too
+       if (defined $input_params{'action'} &&
+               $input_params{'action'} eq 'snapshot' &&
+               defined $refname && index($refname, '.') != -1 &&
+               $refname eq $input_params{'hash'} &&
+               !defined $input_params{'snapshot_format'}) {
+               # We loop over the known snapshot formats, checking for
+               # extensions. Allowed extensions are both the defined suffix
+               # (which includes the initial dot already) and the snapshot
+               # format key itself, with a prepended dot
+               while (my ($fmt, %opt) = each %known_snapshot_formats) {
+                       my $hash = $refname;
+                       my $sfx;
+                       $hash =~ s/(\Q$opt{'suffix'}\E|\Q.$fmt\E)$//;
+                       next unless $sfx = $1;
+                       # a valid suffix was found, so set the snapshot format
+                       # and reset the hash parameter
+                       $input_params{'snapshot_format'} = $fmt;
+                       $input_params{'hash'} = $hash;
+                       # we also set the format suffix to the one requested
+                       # in the URL: this way a request for e.g. .tgz returns
+                       # a .tgz instead of a .tar.gz
+                       $known_snapshot_formats{$fmt}{'suffix'} = $sfx;
+                       last;
+               }
         }
  }
  evaluate_path_info();
         }
  }
  evaluate_path_info();
@@ -658,6 +767,10 @@ if (defined $searchtext) {
  our $git_dir;
  $git_dir = "$projectroot/$project" if $project;
  
  our $git_dir;
  $git_dir = "$projectroot/$project" if $project;
  
+# list of supported snapshot formats
+our @snapshot_fmts = gitweb_check_feature('snapshot');
+@snapshot_fmts = filter_snapshot_fmts(@snapshot_fmts);
+
  # dispatch
  if (!defined $action) {
         if (defined $hash) {
  # dispatch
  if (!defined $action) {
         if (defined $hash) {
@@ -700,14 +813,78 @@ sub href (%) {
  
         my ($use_pathinfo) = gitweb_check_feature('pathinfo');
         if ($use_pathinfo) {
  
         my ($use_pathinfo) = gitweb_check_feature('pathinfo');
         if ($use_pathinfo) {
-               # use PATH_INFO for project name
+               # try to put as many parameters as possible in PATH_INFO:
+               #   - project name
+               #   - action
+               #   - hash_parent or hash_parent_base:/file_parent
+               #   - hash or hash_base:/filename
+               #   - the snapshot_format as an appropriate suffix
+
+               # When the script is the root DirectoryIndex for the domain,
+               # $href here would be something like http://gitweb.example.com/
+               # Thus, we strip any trailing / from $href, to spare us double
+               # slashes in the final URL
+               $href =~ s,/$,,;
+
+               # Then add the project name, if present
                 $href .= "/".esc_url($params{'project'}) if defined $params{'project'};
                 delete $params{'project'};
  
                 $href .= "/".esc_url($params{'project'}) if defined $params{'project'};
                 delete $params{'project'};
  
-               # Summary just uses the project path URL
-               if (defined $params{'action'} && $params{'action'} eq 'summary') {
+               # since we destructively absorb parameters, we keep this
+               # boolean that remembers if we're handling a snapshot
+               my $is_snapshot = $params{'action'} eq 'snapshot';
+
+               # Summary just uses the project path URL, any other action is
+               # added to the URL
+               if (defined $params{'action'}) {
+                       $href .= "/".esc_url($params{'action'}) unless $params{'action'} eq 'summary';
                         delete $params{'action'};
                 }
                         delete $params{'action'};
                 }
+
+               # Next, we put hash_parent_base:/file_parent..hash_base:/file_name,
+               # stripping nonexistent or useless pieces
+               $href .= "/" if ($params{'hash_base'} || $params{'hash_parent_base'}
+                       || $params{'hash_parent'} || $params{'hash'});
+               if (defined $params{'hash_base'}) {
+                       if (defined $params{'hash_parent_base'}) {
+                               $href .= esc_url($params{'hash_parent_base'});
+                               # skip the file_parent if it's the same as the file_name
+                               delete $params{'file_parent'} if $params{'file_parent'} eq $params{'file_name'};
+                               if (defined $params{'file_parent'} && $params{'file_parent'} !~ /\.\./) {
+                                       $href .= ":/".esc_url($params{'file_parent'});
+                                       delete $params{'file_parent'};
+                               }
+                               $href .= "..";
+                               delete $params{'hash_parent'};
+                               delete $params{'hash_parent_base'};
+                       } elsif (defined $params{'hash_parent'}) {
+                               $href .= esc_url($params{'hash_parent'}). "..";
+                               delete $params{'hash_parent'};
+                       }
+
+                       $href .= esc_url($params{'hash_base'});
+                       if (defined $params{'file_name'} && $params{'file_name'} !~ /\.\./) {
+                               $href .= ":/".esc_url($params{'file_name'});
+                               delete $params{'file_name'};
+                       }
+                       delete $params{'hash'};
+                       delete $params{'hash_base'};
+               } elsif (defined $params{'hash'}) {
+                       $href .= esc_url($params{'hash'});
+                       delete $params{'hash'};
+               }
+
+               # If the action was a snapshot, we can absorb the
+               # snapshot_format parameter too
+               if ($is_snapshot) {
+                       my $fmt = $params{'snapshot_format'};
+                       # snapshot_format should always be defined when href()
+                       # is called, but just in case some code forgets, we
+                       # fall back to the default
+                       $fmt ||= $snapshot_fmts[0];
+                       $href .= $known_snapshot_formats{$fmt}{'suffix'};
+                       delete $params{'snapshot_format'};
+               }
         }
  
         # now encode the parameters explicitly
         }
  
         # now encode the parameters explicitly
@@ -743,8 +920,7 @@ sub validate_project {
         my $input = shift || return undef;
         if (!validate_pathname($input) ||
                 !(-d "$projectroot/$input") ||
         my $input = shift || return undef;
         if (!validate_pathname($input) ||
                 !(-d "$projectroot/$input") ||
-               !check_head_link("$projectroot/$input") ||
-               ($export_ok && !(-e "$projectroot/$input/$export_ok")) ||
+               !check_export_ok("$projectroot/$input") ||
                 ($strict_export && !project_in_list($input))) {
                 return undef;
         } else {
                 ($strict_export && !project_in_list($input))) {
                 return undef;
         } else {
@@ -1537,8 +1713,6 @@ sub format_diff_line {
  # linked.  Pass the hash of the tree/commit to snapshot.
  sub format_snapshot_links {
         my ($hash) = @_;
  # linked.  Pass the hash of the tree/commit to snapshot.
  sub format_snapshot_links {
         my ($hash) = @_;
-       my @snapshot_fmts = gitweb_check_feature('snapshot');
-       @snapshot_fmts = filter_snapshot_fmts(@snapshot_fmts);
         my $num_fmts = @snapshot_fmts;
         if ($num_fmts > 1) {
                 # A parenthesized list of links bearing format names.
         my $num_fmts = @snapshot_fmts;
         if ($num_fmts > 1) {
                 # A parenthesized list of links bearing format names.
@@ -1847,7 +2021,10 @@ sub git_get_project_ctags {
         my $ctags = {};
  
         $git_dir = "$projectroot/$path";
         my $ctags = {};
  
         $git_dir = "$projectroot/$path";
-       foreach (<$git_dir/ctags/*>) {
+       unless (opendir D, "$git_dir/ctags") {
+               return $ctags;
+       }
+       foreach (grep { -f $_ } map { "$git_dir/ctags/$_" } readdir(D)) {
                 open CT, $_ or next;
                 my $val = <CT>;
                 chomp $val;
                 open CT, $_ or next;
                 my $val = <CT>;
                 chomp $val;
@@ -1855,6 +2032,7 @@ sub git_get_project_ctags {
                 my $ctag = $_; $ctag =~ s#.*/##;
                 $ctags->{$ctag} = $val;
         }
                 my $ctag = $_; $ctag =~ s#.*/##;
                 $ctags->{$ctag} = $val;
         }
+       closedir D;
         $ctags;
  }
  
         $ctags;
  }
  
@@ -4741,20 +4919,17 @@ sub git_tree {
  }
  
  sub git_snapshot {
  }
  
  sub git_snapshot {
-       my @supported_fmts = gitweb_check_feature('snapshot');
-       @supported_fmts = filter_snapshot_fmts(@supported_fmts);
-
         my $format = $input_params{'snapshot_format'};
         my $format = $input_params{'snapshot_format'};
-       if (!@supported_fmts) {
+       if (!@snapshot_fmts) {
                 die_error(403, "Snapshots not allowed");
         }
         # default to first supported snapshot format
                 die_error(403, "Snapshots not allowed");
         }
         # default to first supported snapshot format
-       $format ||= $supported_fmts[0];
+       $format ||= $snapshot_fmts[0];
         if ($format !~ m/^[a-z0-9]+$/) {
                 die_error(400, "Invalid snapshot format parameter");
         } elsif (!exists($known_snapshot_formats{$format})) {
                 die_error(400, "Unknown snapshot format");
         if ($format !~ m/^[a-z0-9]+$/) {
                 die_error(400, "Invalid snapshot format parameter");
         } elsif (!exists($known_snapshot_formats{$format})) {
                 die_error(400, "Unknown snapshot format");
-       } elsif (!grep($_ eq $format, @supported_fmts)) {
+       } elsif (!grep($_ eq $format, @snapshot_fmts)) {
                 die_error(403, "Unsupported snapshot format");
         }
  
                 die_error(403, "Unsupported snapshot format");
         }