| commit | author | age | ||
| 75bca8 | 1 | /* |
| JM | 2 | * Copyright 2013 gitblit.com. |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 5 | * you may not use this file except in compliance with the License. | |
| 6 | * You may obtain a copy of the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 13 | * See the License for the specific language governing permissions and | |
| 14 | * limitations under the License. | |
| 15 | */ | |
| 16 | package com.gitblit.git; | |
| 17 | ||
| 18 | import java.io.File; | |
| 19 | import java.io.IOException; | |
| 20 | import java.text.MessageFormat; | |
| 21 | ||
| 22 | import javax.servlet.http.HttpServletRequest; | |
| 23 | ||
| 24 | import org.eclipse.jgit.errors.RepositoryNotFoundException; | |
| 25 | import org.eclipse.jgit.lib.Repository; | |
| 26 | import org.eclipse.jgit.transport.resolver.FileResolver; | |
| 27 | import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException; | |
| 28 | import org.slf4j.Logger; | |
| 29 | import org.slf4j.LoggerFactory; | |
| 30 | ||
| 31 | import com.gitblit.GitBlit; | |
| 32 | import com.gitblit.models.RepositoryModel; | |
| 33 | import com.gitblit.models.UserModel; | |
| 34 | ||
| 35 | /** | |
| 36 | * Resolves repositories and grants export access. | |
| 37 | * | |
| 38 | * @author James Moger | |
| 39 | * | |
| 40 | */ | |
| 41 | public class RepositoryResolver<X> extends FileResolver<X> { | |
| 42 | ||
| 43 | private final Logger logger = LoggerFactory.getLogger(RepositoryResolver.class); | |
| 44 | ||
| 45 | public RepositoryResolver(File repositoriesFolder) { | |
| 46 | super(repositoriesFolder, true); | |
| 47 | } | |
| 48 | ||
| 49 | /** | |
| 50 | * Open the repository and inject the repository name into the settings. | |
| 51 | */ | |
| 52 | @Override | |
| 53 | public Repository open(final X req, final String name) | |
| 54 | throws RepositoryNotFoundException, ServiceNotEnabledException { | |
| 55 | Repository repo = super.open(req, name); | |
| 40aa84 | 56 | |
| JM | 57 | // Set repository name for the pack factories |
| 75bca8 | 58 | // We do this because the JGit API does not have a consistent way to |
| JM | 59 | // retrieve the repository name from the pack factories or the hooks. |
| 40aa84 | 60 | if (req instanceof HttpServletRequest) { |
| JM | 61 | // http/https request |
| 62 | HttpServletRequest client = (HttpServletRequest) req; | |
| 63 | client.setAttribute("gitblitRepositoryName", name); | |
| 64 | } else if (req instanceof GitDaemonClient) { | |
| 65 | // git request | |
| 66 | GitDaemonClient client = (GitDaemonClient) req; | |
| 67 | client.setRepositoryName(name); | |
| 68 | } | |
| 75bca8 | 69 | return repo; |
| JM | 70 | } |
| 71 | ||
| 72 | /** | |
| 73 | * Check if this repository can be served by the requested client connection. | |
| 74 | */ | |
| 75 | @Override | |
| 76 | protected boolean isExportOk(X req, String repositoryName, Repository db) throws IOException { | |
| 77 | RepositoryModel model = GitBlit.self().getRepositoryModel(repositoryName); | |
| 78 | ||
| 79 | String scheme = null; | |
| 80 | UserModel user = null; | |
| 81 | String origin = null; | |
| 82 | ||
| 40aa84 | 83 | if (req instanceof GitDaemonClient) { |
| 75bca8 | 84 | // git daemon request |
| JM | 85 | // this is an anonymous/unauthenticated protocol |
| 40aa84 | 86 | GitDaemonClient client = (GitDaemonClient) req; |
| 75bca8 | 87 | scheme = "git"; |
| JM | 88 | origin = client.getRemoteAddress().toString(); |
| 89 | user = UserModel.ANONYMOUS; | |
| 90 | } else if (req instanceof HttpServletRequest) { | |
| 91 | // http/https request | |
| 92 | HttpServletRequest httpRequest = (HttpServletRequest) req; | |
| 93 | scheme = httpRequest.getScheme(); | |
| 94 | origin = httpRequest.getRemoteAddr(); | |
| 95 | user = GitBlit.self().authenticate(httpRequest); | |
| 96 | if (user == null) { | |
| 97 | user = UserModel.ANONYMOUS; | |
| 98 | } | |
| 99 | } | |
| 100 | ||
| 101 | if (user.canClone(model)) { | |
| 102 | // user can access this git repo | |
| 103 | logger.debug(MessageFormat.format("{0}:// access of {1} by {2} from {3} PERMITTED", | |
| 104 | scheme, repositoryName, user.username, origin)); | |
| 105 | return true; | |
| 106 | } | |
| 107 | ||
| 108 | // user can not access this git repo | |
| 109 | logger.warn(MessageFormat.format("{0}:// access of {1} by {2} from {3} DENIED", | |
| 110 | scheme, repositoryName, user.username, origin)); | |
| 111 | return false; | |
| 112 | } | |
| 113 | } | |
