tjh.dev
forked from
tangled.org/core
Mirror of @tangled.org/core. Running on a Raspberry Pi Zero 2 (Please be gentle).
knotserver: allow downloading archives of refs with slashes in their names
This allows us to be more precise when downloading e.g. tags that have the
same name as branches (in which case Git defaults to the branch, not sure
what go-git does).
Signed-off-by: Winter <winter@winter.cafe>
authored by
Tangled
9ff4785b
fdcd5495
+11
-3
+11
-3
knotserver/routes.go
+11
-3
knotserver/routes.go
···
361
361
362
362
ref := strings.TrimSuffix(file, ".tar.gz")
363
363
364
+
unescapedRef, err := url.PathUnescape(ref)
365
+
if err != nil {
366
+
notFound(w)
367
+
return
368
+
}
369
+
370
+
safeRefFilename := strings.ReplaceAll(plumbing.ReferenceName(unescapedRef).Short(), "/", "-")
371
+
364
372
// This allows the browser to use a proper name for the file when
365
373
// downloading
366
-
filename := fmt.Sprintf("%s-%s.tar.gz", name, ref)
374
+
filename := fmt.Sprintf("%s-%s.tar.gz", name, safeRefFilename)
367
375
setContentDisposition(w, filename)
368
376
setGZipMIME(w)
369
377
370
378
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
371
-
gr, err := git.Open(path, ref)
379
+
gr, err := git.Open(path, unescapedRef)
372
380
if err != nil {
373
381
notFound(w)
374
382
return
···
385
377
gw := gzip.NewWriter(w)
386
378
defer gw.Close()
387
379
388
-
prefix := fmt.Sprintf("%s-%s", name, ref)
380
+
prefix := fmt.Sprintf("%s-%s", name, safeRefFilename)
389
381
err = gr.WriteTar(gw, prefix)
390
382
if err != nil {
391
383
// once we start writing to the body we can't report error anymore