tangled.org
anirudh.fi
+21
-6
cmd/repoguard/main.go
+21
-6
cmd/repoguard/main.go
···
26
26
incomingUser = flag.String("user", "", "Allowed git user")
27
27
baseDirFlag = flag.String("base-dir", "/home/git", "Base directory for git repositories")
28
28
logPathFlag = flag.String("log-path", "/var/log/git-wrapper.log", "Path to log file")
29
-
endpoint = flag.String("internal-api", "http://localhost:5555", "Internal API endpoint")
29
+
endpoint = flag.String("internal-api", "http://localhost:5444", "Internal API endpoint")
30
30
)
31
31
32
32
func main() {
···
68
68
69
69
// did:foo/repo-name or
70
70
// handle/repo-name
71
-
components := filepath.SplitList(cmdParts[2])
71
+
72
+
components := strings.Split(strings.Trim(cmdParts[1], "'"), "/")
73
+
logEvent("Command components", map[string]interface{}{
74
+
"components": components,
75
+
})
72
76
if len(components) != 2 {
73
77
exitWithLog("invalid repo format, needs <user>/<repo>")
74
78
}
···
89
93
90
94
if gitCommand != "git-upload-pack" {
91
95
if !isPushPermitted(*incomingUser, qualifiedRepoName) {
96
+
logEvent("all infos", map[string]interface{}{
97
+
"did": *incomingUser,
98
+
"reponame": qualifiedRepoName,
99
+
})
92
100
exitWithLog("access denied: user not allowed")
93
101
}
94
102
}
···
187
195
}
188
196
189
197
func isPushPermitted(user, qualifiedRepoName string) bool {
190
-
url, _ := url.Parse(*endpoint + "/push-allowed/")
191
-
url.Query().Add(user, user)
192
-
url.Query().Add(user, qualifiedRepoName)
198
+
u, _ := url.Parse(*endpoint + "/push-allowed")
199
+
q := u.Query()
200
+
q.Add("user", user)
201
+
q.Add("repo", qualifiedRepoName)
202
+
u.RawQuery = q.Encode()
193
203
194
-
req, err := http.Get(url.String())
204
+
req, err := http.Get(u.String())
195
205
if err != nil {
196
206
exitWithLog(fmt.Sprintf("error verifying permissions: %v", err))
197
207
}
208
+
209
+
logEvent("url", map[string]interface{}{
210
+
"url": u.String(),
211
+
"status": req.Status,
212
+
})
198
213
199
214
return req.StatusCode == http.StatusNoContent
200
215
}