| commit | author | age | ||
| 8c9a20 | 1 | /* |
| JM | 2 | * Copyright 2011 gitblit.com. |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 5 | * you may not use this file except in compliance with the License. | |
| 6 | * You may obtain a copy of the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 13 | * See the License for the specific language governing permissions and | |
| 14 | * limitations under the License. | |
| 15 | */ | |
| 7bf6e1 | 16 | package com.gitblit.servlet; |
| 8c9a20 | 17 | |
| JM | 18 | import java.text.MessageFormat; |
| 19 | ||
| cdb2fe | 20 | import com.google.inject.Inject; |
| JM | 21 | import com.google.inject.Singleton; |
| bd0e83 | 22 | |
| 23e08c | 23 | import javax.servlet.http.HttpServletRequest; |
| cacf8b | 24 | |
| c5069a | 25 | import com.gitblit.Constants.AccessRestrictionType; |
| JM | 26 | import com.gitblit.Constants.AuthorizationControl; |
| 7bf6e1 | 27 | import com.gitblit.GitBlitException; |
| JM | 28 | import com.gitblit.IStoredSettings; |
| 29 | import com.gitblit.Keys; | |
| 1b34b0 | 30 | import com.gitblit.manager.IAuthenticationManager; |
| 23e08c | 31 | import com.gitblit.manager.IFederationManager; |
| 1b34b0 | 32 | import com.gitblit.manager.IRepositoryManager; |
| JM | 33 | import com.gitblit.manager.IRuntimeManager; |
| 8c9a20 | 34 | import com.gitblit.models.RepositoryModel; |
| JM | 35 | import com.gitblit.models.UserModel; |
| 36 | import com.gitblit.utils.StringUtils; | |
| 37 | ||
| 892570 | 38 | /** |
| JM | 39 | * The GitFilter is an AccessRestrictionFilter which ensures that Git client |
| 40 | * requests for push, clone, or view restricted repositories are authenticated | |
| 41 | * and authorized. | |
| 699e71 | 42 | * |
| 892570 | 43 | * @author James Moger |
| 699e71 | 44 | * |
| 892570 | 45 | */ |
| 1b34b0 | 46 | @Singleton |
| 8c9a20 | 47 | public class GitFilter extends AccessRestrictionFilter { |
| JM | 48 | |
| 756117 | 49 | protected static final String gitReceivePack = "/git-receive-pack"; |
| 8c9a20 | 50 | |
| 756117 | 51 | protected static final String gitUploadPack = "/git-upload-pack"; |
| bd0e83 | 52 | |
| PM | 53 | protected static final String gitLfs = "/info/lfs"; |
| 54 | ||
| 756117 | 55 | protected static final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD", |
| bd0e83 | 56 | "/objects", gitLfs }; |
| 756117 | 57 | |
| 65d5bb | 58 | private IStoredSettings settings; |
| cacf8b | 59 | |
| 65d5bb | 60 | private IFederationManager federationManager; |
| 23e08c | 61 | |
| 1b34b0 | 62 | @Inject |
| JM | 63 | public GitFilter( |
| 64 | IStoredSettings settings, | |
| 65 | IRuntimeManager runtimeManager, | |
| 66 | IAuthenticationManager authenticationManager, | |
| 67 | IRepositoryManager repositoryManager, | |
| 68 | IFederationManager federationManager) { | |
| 69 | ||
| 70 | super(runtimeManager, authenticationManager, repositoryManager); | |
| 71 | ||
| 72 | this.settings = settings; | |
| 73 | this.federationManager = federationManager; | |
| 116422 | 74 | } |
| JM | 75 | |
| 756117 | 76 | /** |
| JM | 77 | * Extract the repository name from the url. |
| 699e71 | 78 | * |
| ffbf03 | 79 | * @param cloneUrl |
| 756117 | 80 | * @return repository name |
| JM | 81 | */ |
| 82 | public static String getRepositoryName(String value) { | |
| 83 | String repository = value; | |
| 84 | // get the repository name from the url by finding a known url suffix | |
| 85 | for (String urlSuffix : suffixes) { | |
| 86 | if (repository.indexOf(urlSuffix) > -1) { | |
| 87 | repository = repository.substring(0, repository.indexOf(urlSuffix)); | |
| 88 | } | |
| 89 | } | |
| 90 | return repository; | |
| 91 | } | |
| 8c9a20 | 92 | |
| 892570 | 93 | /** |
| JM | 94 | * Extract the repository name from the url. |
| 699e71 | 95 | * |
| 892570 | 96 | * @param url |
| JM | 97 | * @return repository name |
| 98 | */ | |
| 8c9a20 | 99 | @Override |
| JM | 100 | protected String extractRepositoryName(String url) { |
| 756117 | 101 | return GitFilter.getRepositoryName(url); |
| 8c9a20 | 102 | } |
| JM | 103 | |
| 892570 | 104 | /** |
| JM | 105 | * Analyze the url and returns the action of the request. Return values are |
| 106 | * either "/git-receive-pack" or "/git-upload-pack". | |
| 699e71 | 107 | * |
| 831469 | 108 | * @param serverUrl |
| 892570 | 109 | * @return action of the request |
| JM | 110 | */ |
| 8c9a20 | 111 | @Override |
| 892570 | 112 | protected String getUrlRequestAction(String suffix) { |
| 8c9a20 | 113 | if (!StringUtils.isEmpty(suffix)) { |
| JM | 114 | if (suffix.startsWith(gitReceivePack)) { |
| 115 | return gitReceivePack; | |
| 116 | } else if (suffix.startsWith(gitUploadPack)) { | |
| 117 | return gitUploadPack; | |
| 118 | } else if (suffix.contains("?service=git-receive-pack")) { | |
| 119 | return gitReceivePack; | |
| 120 | } else if (suffix.contains("?service=git-upload-pack")) { | |
| 121 | return gitUploadPack; | |
| bd0e83 | 122 | } else if (suffix.startsWith(gitLfs)) { |
| PM | 123 | return gitLfs; |
| d40adc | 124 | } else { |
| JM | 125 | return gitUploadPack; |
| 8c9a20 | 126 | } |
| JM | 127 | } |
| 128 | return null; | |
| 72cb19 | 129 | } |
| 699e71 | 130 | |
| 72cb19 | 131 | /** |
| 23e08c | 132 | * Returns the user making the request, if the user has authenticated. |
| JM | 133 | * |
| 134 | * @param httpRequest | |
| 135 | * @return user | |
| 136 | */ | |
| 137 | @Override | |
| 138 | protected UserModel getUser(HttpServletRequest httpRequest) { | |
| 139 | UserModel user = authenticationManager.authenticate(httpRequest, requiresClientCertificate()); | |
| 140 | if (user == null) { | |
| 141 | user = federationManager.authenticate(httpRequest); | |
| 142 | } | |
| 143 | return user; | |
| 144 | } | |
| 145 | ||
| 146 | /** | |
| 72cb19 | 147 | * Determine if a non-existing repository can be created using this filter. |
| 699e71 | 148 | * |
| 72cb19 | 149 | * @return true if the server allows repository creation on-push |
| JM | 150 | */ |
| 151 | @Override | |
| bd0e83 | 152 | protected boolean isCreationAllowed(String action) { |
| PM | 153 | |
| 154 | //Repository must already exist before large files can be deposited | |
| 155 | if (action.equals(gitLfs)) { | |
| 156 | return false; | |
| 157 | } | |
| 158 | ||
| db4f6b | 159 | return settings.getBoolean(Keys.git.allowCreateOnPush, true); |
| 8c9a20 | 160 | } |
| 699e71 | 161 | |
| b74031 | 162 | /** |
| JM | 163 | * Determine if the repository can receive pushes. |
| 699e71 | 164 | * |
| b74031 | 165 | * @param repository |
| JM | 166 | * @param action |
| 167 | * @return true if the action may be performed | |
| 168 | */ | |
| 169 | @Override | |
| bd0e83 | 170 | protected boolean isActionAllowed(RepositoryModel repository, String action, String method) { |
| 75bca8 | 171 | // the log here has been moved into ReceiveHook to provide clients with |
| JM | 172 | // error messages |
| bd0e83 | 173 | if (gitLfs.equals(action)) { |
| PM | 174 | if (!method.matches("GET|POST|PUT|HEAD")) { |
| 175 | return false; | |
| 176 | } | |
| 177 | } | |
| 178 | ||
| b74031 | 179 | return true; |
| JM | 180 | } |
| 8c9a20 | 181 | |
| 3983a6 | 182 | @Override |
| JM | 183 | protected boolean requiresClientCertificate() { |
| db4f6b | 184 | return settings.getBoolean(Keys.git.requiresClientCertificate, false); |
| 3983a6 | 185 | } |
| JM | 186 | |
| 892570 | 187 | /** |
| JM | 188 | * Determine if the repository requires authentication. |
| 699e71 | 189 | * |
| 892570 | 190 | * @param repository |
| 3f8cd4 | 191 | * @param action |
| bd0e83 | 192 | * @param method |
| 892570 | 193 | * @return true if authentication required |
| JM | 194 | */ |
| 8c9a20 | 195 | @Override |
| bd0e83 | 196 | protected boolean requiresAuthentication(RepositoryModel repository, String action, String method) { |
| 3f8cd4 | 197 | if (gitUploadPack.equals(action)) { |
| JM | 198 | // send to client |
| 699e71 | 199 | return repository.accessRestriction.atLeast(AccessRestrictionType.CLONE); |
| 3f8cd4 | 200 | } else if (gitReceivePack.equals(action)) { |
| JM | 201 | // receive from client |
| 202 | return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH); | |
| bd0e83 | 203 | } else if (gitLfs.equals(action)) { |
| PM | 204 | |
| 205 | if (method.matches("GET|HEAD")) { | |
| 206 | return repository.accessRestriction.atLeast(AccessRestrictionType.CLONE); | |
| 207 | } else { | |
| 208 | //NOTE: Treat POST as PUT as as without reading message type cannot determine | |
| 209 | return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH); | |
| 210 | } | |
| 3f8cd4 | 211 | } |
| JM | 212 | return false; |
| 8c9a20 | 213 | } |
| JM | 214 | |
| 892570 | 215 | /** |
| JM | 216 | * Determine if the user can access the repository and perform the specified |
| 217 | * action. | |
| 699e71 | 218 | * |
| 892570 | 219 | * @param repository |
| JM | 220 | * @param user |
| 221 | * @param action | |
| 222 | * @return true if user may execute the action on the repository | |
| 223 | */ | |
| 8c9a20 | 224 | @Override |
| 892570 | 225 | protected boolean canAccess(RepositoryModel repository, UserModel user, String action) { |
| db4f6b | 226 | if (!settings.getBoolean(Keys.git.enableGitServlet, true)) { |
| 5450d0 | 227 | // Git Servlet disabled |
| JM | 228 | return false; |
| 699e71 | 229 | } |
| 20714a | 230 | if (action.equals(gitReceivePack)) { |
| 0b953c | 231 | // push permissions are enforced in the receive pack |
| JM | 232 | return true; |
| 20714a | 233 | } else if (action.equals(gitUploadPack)) { |
| JM | 234 | // Clone request |
| 235 | if (user.canClone(repository)) { | |
| 236 | return true; | |
| 237 | } else { | |
| 238 | // user is unauthorized to clone this repository | |
| 239 | logger.warn(MessageFormat.format("user {0} is not authorized to clone {1}", | |
| 240 | user.username, repository)); | |
| 241 | return false; | |
| 8c9a20 | 242 | } |
| JM | 243 | } |
| 244 | return true; | |
| 245 | } | |
| 699e71 | 246 | |
| 72cb19 | 247 | /** |
| JM | 248 | * An authenticated user with the CREATE role can create a repository on |
| 249 | * push. | |
| 699e71 | 250 | * |
| 72cb19 | 251 | * @param user |
| JM | 252 | * @param repository |
| 253 | * @param action | |
| 254 | * @return the repository model, if it is created, null otherwise | |
| 255 | */ | |
| 256 | @Override | |
| 257 | protected RepositoryModel createRepository(UserModel user, String repository, String action) { | |
| 258 | boolean isPush = !StringUtils.isEmpty(action) && gitReceivePack.equals(action); | |
| bd0e83 | 259 | |
| PM | 260 | if (action.equals(gitLfs)) { |
| 261 | //Repository must already exist for any filestore actions | |
| 262 | return null; | |
| 263 | } | |
| 264 | ||
| 72cb19 | 265 | if (isPush) { |
| ec7ac2 | 266 | if (user.canCreate(repository)) { |
| 72cb19 | 267 | // user is pushing to a new repository |
| 3e44b6 | 268 | // validate name |
| JM | 269 | if (repository.startsWith("../")) { |
| 270 | logger.error(MessageFormat.format("Illegal relative path in repository name! {0}", repository)); | |
| 271 | return null; | |
| 272 | } | |
| 273 | if (repository.contains("/../")) { | |
| 274 | logger.error(MessageFormat.format("Illegal relative path in repository name! {0}", repository)); | |
| 275 | return null; | |
| 699e71 | 276 | } |
| 3e44b6 | 277 | |
| JM | 278 | // confirm valid characters in repository name |
| 279 | Character c = StringUtils.findInvalidCharacter(repository); | |
| 280 | if (c != null) { | |
| 281 | logger.error(MessageFormat.format("Invalid character '{0}' in repository name {1}!", c, repository)); | |
| 282 | return null; | |
| 283 | } | |
| 284 | ||
| 285 | // create repository | |
| 72cb19 | 286 | RepositoryModel model = new RepositoryModel(); |
| JM | 287 | model.name = repository; |
| 661db6 | 288 | model.addOwner(user.username); |
| 72cb19 | 289 | model.projectPath = StringUtils.getFirstPathElement(repository); |
| JM | 290 | if (model.isUsersPersonalRepository(user.username)) { |
| 291 | // personal repository, default to private for user | |
| 292 | model.authorizationControl = AuthorizationControl.NAMED; | |
| 293 | model.accessRestriction = AccessRestrictionType.VIEW; | |
| 294 | } else { | |
| 295 | // common repository, user default server settings | |
| db4f6b | 296 | model.authorizationControl = AuthorizationControl.fromName(settings.getString(Keys.git.defaultAuthorizationControl, "")); |
| JM | 297 | model.accessRestriction = AccessRestrictionType.fromName(settings.getString(Keys.git.defaultAccessRestriction, "PUSH")); |
| 72cb19 | 298 | } |
| JM | 299 | |
| 300 | // create the repository | |
| 301 | try { | |
| db4f6b | 302 | repositoryManager.updateRepositoryModel(model.name, model, true); |
| 3e44b6 | 303 | logger.info(MessageFormat.format("{0} created {1} ON-PUSH", user.username, model.name)); |
| db4f6b | 304 | return repositoryManager.getRepositoryModel(model.name); |
| 72cb19 | 305 | } catch (GitBlitException e) { |
| 3e44b6 | 306 | logger.error(MessageFormat.format("{0} failed to create repository {1} ON-PUSH!", user.username, model.name), e); |
| 72cb19 | 307 | } |
| JM | 308 | } else { |
| 309 | logger.warn(MessageFormat.format("{0} is not permitted to create repository {1} ON-PUSH!", user.username, repository)); | |
| 310 | } | |
| 311 | } | |
| 699e71 | 312 | |
| 72cb19 | 313 | // repository could not be created or action was not a push |
| JM | 314 | return null; |
| 315 | } | |
| bd0e83 | 316 | |
| PM | 317 | /** |
| 318 | * Git lfs action uses an alternative authentication header, | |
| 319 | * | |
| 320 | * @param action | |
| 321 | * @return | |
| 322 | */ | |
| 323 | @Override | |
| 324 | protected String getAuthenticationHeader(String action) { | |
| 325 | ||
| 326 | if (action.equals(gitLfs)) { | |
| 327 | return "LFS-Authenticate"; | |
| 328 | } | |
| 329 | ||
| 330 | return super.getAuthenticationHeader(action); | |
| 331 | } | |
| 332 | ||
| 333 | /** | |
| 334 | * Interrogates the request headers based on the action | |
| 335 | * @param action | |
| 336 | * @param request | |
| 337 | * @return | |
| 338 | */ | |
| 339 | @Override | |
| 340 | protected boolean hasValidRequestHeader(String action, | |
| 341 | HttpServletRequest request) { | |
| 342 | ||
| 343 | if (action.equals(gitLfs) && request.getMethod().equals("POST")) { | |
| 344 | if ( !hasContentInRequestHeader(request, "Accept", FilestoreServlet.GIT_LFS_META_MIME) | |
| 345 | || !hasContentInRequestHeader(request, "Content-Type", FilestoreServlet.GIT_LFS_META_MIME)) { | |
| 346 | return false; | |
| 347 | } | |
| 348 | } | |
| 349 | ||
| 350 | return super.hasValidRequestHeader(action, request); | |
| 351 | } | |
| 8c9a20 | 352 | } |
