From 6c846f856ceba09c581e6feb2eb21e5e37bbc6cf Mon Sep 17 00:00:00 2001 From: Mebus Date: Sat, 25 Nov 2017 19:24:11 +0100 Subject: [PATCH] added a feature for private repositories --- cmd/rest-server/main.go | 7 +++++ handlers.go | 67 +++++++++++++++++++++++++++++++++++++++++ mux.go | 1 + 3 files changed, 75 insertions(+) diff --git a/cmd/rest-server/main.go b/cmd/rest-server/main.go index 4696403..5b5a42b 100644 --- a/cmd/rest-server/main.go +++ b/cmd/rest-server/main.go @@ -32,6 +32,7 @@ func init() { flags.StringVar(&restserver.Config.TLSCert, "tls-cert", restserver.Config.TLSCert, "TLS certificate path") flags.StringVar(&restserver.Config.TLSKey, "tls-key", restserver.Config.TLSKey, "TLS key path") flags.BoolVar(&restserver.Config.AppendOnly, "append-only", restserver.Config.AppendOnly, "enable append only mode") + flags.BoolVar(&restserver.Config.PrivateRepos, "private-repos", restserver.Config.PrivateRepos, "users can only access their private repo") flags.BoolVar(&restserver.Config.Prometheus, "prometheus", restserver.Config.Prometheus, "enable Prometheus metrics") } @@ -88,6 +89,12 @@ func runRoot(cmd *cobra.Command, args []string) error { log.Println("Authentication enabled") } + if restserver.Config.PrivateRepos { + log.Println("Private repositories enabled") + } else { + log.Println("Private repositories disabled") + } + enabledTLS, privateKey, publicKey, err := tlsSettings() if err != nil { return err diff --git a/handlers.go b/handlers.go index 09b4956..2f0e64e 100644 --- a/handlers.go +++ b/handlers.go @@ -140,6 +140,13 @@ func CheckConfig(w http.ResponseWriter, r *http.Request) { if Config.Debug { log.Println("CheckConfig()") } + + // private repos + if (Config.PrivateRepos && (getUser(r) != getRepo(r))) { + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + cfg, err := getPath(r, "config") if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -163,6 +170,13 @@ func GetConfig(w http.ResponseWriter, r *http.Request) { if Config.Debug { log.Println("GetConfig()") } + + // private repos + if (Config.PrivateRepos && (getUser(r) != getRepo(r))) { + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + cfg, err := getPath(r, "config") if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -186,6 +200,13 @@ func SaveConfig(w http.ResponseWriter, r *http.Request) { if Config.Debug { log.Println("SaveConfig()") } + + // private repos + if (Config.PrivateRepos && (getUser(r) != getRepo(r))) { + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + cfg, err := getPath(r, "config") if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -216,6 +237,12 @@ func DeleteConfig(w http.ResponseWriter, r *http.Request) { log.Println("DeleteConfig()") } + // private repos + if (Config.PrivateRepos && (getUser(r) != getRepo(r))) { + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + if Config.AppendOnly { http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) return @@ -242,9 +269,17 @@ func DeleteConfig(w http.ResponseWriter, r *http.Request) { // ListBlobs lists all blobs of a given type in an arbitrary order. func ListBlobs(w http.ResponseWriter, r *http.Request) { + if Config.Debug { log.Println("ListBlobs()") } + + // private repos + if (Config.PrivateRepos && (getUser(r) != getRepo(r))) { + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + fileType := pat.Param(r, "type") path, err := getPath(r, fileType) if err != nil { @@ -300,6 +335,12 @@ func CheckBlob(w http.ResponseWriter, r *http.Request) { log.Println("CheckBlob()") } + // private repos + if (Config.PrivateRepos && (getUser(r) != getRepo(r))) { + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + path, err := getFilePath(r, pat.Param(r, "type"), pat.Param(r, "name")) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -324,6 +365,12 @@ func GetBlob(w http.ResponseWriter, r *http.Request) { log.Println("GetBlob()") } + // private repos + if (Config.PrivateRepos && (getUser(r) != getRepo(r))) { + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + path, err := getFilePath(r, pat.Param(r, "type"), pat.Param(r, "name")) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -360,6 +407,12 @@ func SaveBlob(w http.ResponseWriter, r *http.Request) { log.Println("SaveBlob()") } + // private repos + if (Config.PrivateRepos && (getUser(r) != getRepo(r))) { + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + path, err := getFilePath(r, pat.Param(r, "type"), pat.Param(r, "name")) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -429,6 +482,13 @@ func DeleteBlob(w http.ResponseWriter, r *http.Request) { log.Println("DeleteBlob()") } + // private repos + if (Config.PrivateRepos && (getUser(r) != getRepo(r))) { + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + + if Config.AppendOnly && pat.Param(r, "type") != "locks" { http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) return @@ -473,6 +533,13 @@ func CreateRepo(w http.ResponseWriter, r *http.Request) { log.Println("CreateRepo()") } + // private repos + if (Config.PrivateRepos && (getUser(r) != getRepo(r))) { + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + + repo, err := join(Config.Path, getRepo(r)) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/mux.go b/mux.go index 77aef41..9ac3c65 100644 --- a/mux.go +++ b/mux.go @@ -22,6 +22,7 @@ var Config = struct { TLSCert string TLS bool AppendOnly bool + PrivateRepos bool Prometheus bool Debug bool }{