💾 Archived View for lists.flounder.online › patches › threads › 20210324203822.10854-1-johann@qwertq… captured on 2022-04-28 at 19:24:22. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
From: johann@qwertqwefsday.eu
Date: Wed, 24 Mar 2021 21:38:20 +0100
Message-Id: 20210324203822.10854-1-johann@qwertqwefsday.eu
To: <~aw/patches@lists.sr.ht>
Cc: "Johann150" <johann@qwertqwefsday.eu>
--------------------------------------
From: Johann150 <johann@qwertqwefsday.eu>
---
src/main.rs | 50 ++++++++++++++++++++++++++++++++------
templates/repo-navbar.html | 2 +-
2 files changed, 43 insertions(+), 9 deletions(-)
diff --git a/src/main.rs b/src/main.rs
index 4146a32..87fe0ca 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -137,6 +137,7 @@ fn repo_from_request(repo_name: &str) -> Result<Repository, tide::Error> {
// Prevent path traversal
return Err(tide::Error::from_str(400, "Invalid name"));
}
+ // TODO: check for export_ok file
let repo_path = Path::new(&CONFIG.projectroot).join(repo_name);
Repository::open(repo_path).or_else(|_| {
Err(tide::Error::from_str(
@@ -149,8 +150,6 @@ fn repo_from_request(repo_name: &str) -> Result<Repository, tide::Error> {
async fn repo_home(req: Request<()>) -> tide::Result {
use pulldown_cmark::{escape::escape_html, html::push_html, Options, Parser};
- // TODO check headers to see if this is a git clone, if it is, redirect to .git
-
enum ReadmeFormat {
Plaintext,
Html,
@@ -425,10 +424,44 @@ async fn repo_file(req: Request<()>) -> tide::Result {
Ok(tmpl)
}
-async fn git_clone(req: Request<()>) -> tide::Result {
- let repo = req.param("repo_name")?;
- println!("{}", repo);
- Ok("adsf".into())
+async fn git_data(req: Request<()>) -> tide::Result {
+ match repo_from_request(req.param("repo_name")?) {
+ Ok(repo) => {
+ let path = req
+ .url()
+ .path()
+ .strip_prefix(&format!("/{}/", req.param("repo_name").unwrap()))
+ .unwrap_or_default();
+ let path = repo.path().join(path);
+
+ if !path.starts_with(repo.path()) {
+ // that path got us outside of the repository structure somehow
+ tide::log::warn!("Attempt to acces file outside of repo dir: {:?}", path);
+ Err(tide::Error::from_str(
+ 403,
+ "You do not have access to this file.",
+ ))
+ } else if !path.is_file() {
+ // Either the requested resource does not exist or it is not
+ // a file, i.e. a directory.
+ Err(tide::Error::from_str(
+ 404,
+ "The file you tried to access does not exist.",
+ ))
+ } else {
+ // ok - inside the repo directory
+ let mut resp = tide::Response::new(200);
+ let mut body = tide::Body::from_file(path).await?;
+ body.set_mime("text/plain; charset=utf-8");
+ resp.set_body(body);
+ Ok(resp)
+ }
+ }
+ Err(_) => Err(tide::Error::from_str(
+ 404,
+ "This repository does not exist.",
+ )),
+ }
}
mod filters {
@@ -504,8 +537,9 @@ async fn main() -> Result<(), std::io::Error> {
app.at("/:repo_name").get(repo_home);
app.at("/:repo_name/").get(repo_home);
// git clone stuff -- handle thse urls
- // app.at("/:repo_name/info/refs")
- // app.at("/:repo_name/objects")
+ app.at("/:repo_name/info/refs").get(git_data);
+ app.at("/:repo_name/HEAD").get(git_data);
+ app.at("/:repo_name/objects/*obj").get(git_data);
app.at("/:repo_name/commit/:commit").get(repo_commit);
app.at("/:repo_name/refs").get(repo_refs);
app.at("/:repo_name/log").get(repo_log);
diff --git a/templates/repo-navbar.html b/templates/repo-navbar.html
index 42596ba..f897cfd 100644
--- a/templates/repo-navbar.html
+++ b/templates/repo-navbar.html
@@ -1,5 +1,5 @@
<h1><a href="/">index</a>/{{repo|repo_name}}</h1>
<div>{{repo|description}}</div>
-<div class="clone-url">git clone {{crate::CONFIG.clone_base}}/{{repo|repo_name}}.git</div>
+<div class="clone-url">git clone {{crate::CONFIG.clone_base}}/{{repo|repo_name}}</div>
<div class="navbar"><a href="/{{repo|repo_name|urlencode_strict}}">README</a> | <a href="/{{repo|repo_name|urlencode_strict}}/tree">tree</a> | <a href="/{{repo|repo_name|urlencode_strict}}/log">log</a> | <a href="/{{repo|repo_name|urlencode_strict}}/refs">refs</a></div>
<hr class='thin'>
--
2.20.1
From: alex@alexwennerberg.com
Date: Wed, 24 Mar 2021 13:55:59 -0700
Message-Id: CA5VQH7TO5GT.23YCWYX0YO7BT@debian-alex
To: "Johann Galle" <johann@qwertqwefsday.eu>, <~aw/patches@lists.sr.ht>
In-Reply-To: 20210324203822.10854-1-johann@qwertqwefsday.eu
--------------------------------------
This looks great! I'll test it out, I think it's the last thing I need
before deploying an alpha to git.alexwennerberg.com
On Wed Mar 24, 2021 at 1:38 PM PDT, Johann Galle wrote:
From: Johann150 <johann@qwertqwefsday.eu>
---
src/main.rs | 50 ++++++++++++++++++++++++++++++++------
templates/repo-navbar.html | 2 +-
2 files changed, 43 insertions(+), 9 deletions(-)
diff --git a/src/main.rs b/src/main.rs
index 4146a32..87fe0ca 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -137,6 +137,7 @@ fn repo_from_request(repo_name: &str) ->
Result<Repository, tide::Error> {
// Prevent path traversal
return Err(tide::Error::from_str(400, "Invalid name"));
}
+ // TODO: check for export_ok file
let repo_path = Path::new(&CONFIG.projectroot).join(repo_name);
Repository::open(repo_path).or_else(|_| {
Err(tide::Error::from_str(
@@ -149,8 +150,6 @@ fn repo_from_request(repo_name: &str) ->
Result<Repository, tide::Error> {
async fn repo_home(req: Request<()>) -> tide::Result {
use pulldown_cmark::{escape::escape_html, html::push_html, Options,
Parser};
- // TODO check headers to see if this is a git clone, if it is,
redirect to .git
-
enum ReadmeFormat {
Plaintext,
Html,
@@ -425,10 +424,44 @@ async fn repo_file(req: Request<()>) ->
tide::Result {
Ok(tmpl)
}
-async fn git_clone(req: Request<()>) -> tide::Result {
- let repo = req.param("repo_name")?;
- println!("{}", repo);
- Ok("adsf".into())
+async fn git_data(req: Request<()>) -> tide::Result {
+ match repo_from_request(req.param("repo_name")?) {
+ Ok(repo) => {
+ let path = req
+ .url()
+ .path()
+ .strip_prefix(&format!("/{}/", req.param("repo_name").unwrap()))
+ .unwrap_or_default();
+ let path = repo.path().join(path);
+
+ if !path.starts_with(repo.path()) {
+ // that path got us outside of the repository structure somehow
+ tide::log::warn!("Attempt to acces file outside of repo dir: {:?}",
path);
+ Err(tide::Error::from_str(
+ 403,
+ "You do not have access to this file.",
+ ))
+ } else if !path.is_file() {
+ // Either the requested resource does not exist or it is not
+ // a file, i.e. a directory.
+ Err(tide::Error::from_str(
+ 404,
+ "The file you tried to access does not exist.",
+ ))
+ } else {
+ // ok - inside the repo directory
+ let mut resp = tide::Response::new(200);
+ let mut body = tide::Body::from_file(path).await?;
+ body.set_mime("text/plain; charset=utf-8");
+ resp.set_body(body);
+ Ok(resp)
+ }
+ }
+ Err(_) => Err(tide::Error::from_str(
+ 404,
+ "This repository does not exist.",
+ )),
+ }
}
mod filters {
@@ -504,8 +537,9 @@ async fn main() -> Result<(), std::io::Error> {
app.at("/:repo_name").get(repo_home);
app.at("/:repo_name/").get(repo_home);
// git clone stuff -- handle thse urls
- // app.at("/:repo_name/info/refs")
- // app.at("/:repo_name/objects")
+ app.at("/:repo_name/info/refs").get(git_data);
+ app.at("/:repo_name/HEAD").get(git_data);
+ app.at("/:repo_name/objects/*obj").get(git_data);
app.at("/:repo_name/commit/:commit").get(repo_commit);
app.at("/:repo_name/refs").get(repo_refs);
app.at("/:repo_name/log").get(repo_log);
diff --git a/templates/repo-navbar.html b/templates/repo-navbar.html
index 42596ba..f897cfd 100644
--- a/templates/repo-navbar.html
+++ b/templates/repo-navbar.html
@@ -1,5 +1,5 @@
<h1><a href="/">index</a>/{{repo|repo_name}}</h1>
<div>{{repo|description}}</div>
-<div class="clone-url">git clone
{{crate::CONFIG.clone_base}}/{{repo|repo_name}}.git</div>
+<div class="clone-url">git clone
{{crate::CONFIG.clone_base}}/{{repo|repo_name}}</div>
<div class="navbar"><a
href="/{{repo|repo_name|urlencode_strict}}">README</a> | <a
href="/{{repo|repo_name|urlencode_strict}}/tree">tree</a> | <a
href="/{{repo|repo_name|urlencode_strict}}/log">log</a> | <a
href="/{{repo|repo_name|urlencode_strict}}/refs">refs</a></div>
<hr class='thin'>
--
2.20.1