#!/usr/bin/env python
# We'll need the schema module to play with the database.
from schema import db
import schema
users = schema.get_table('users')
repo_acls = schema.get_table('repository_acls')
# We'll also need some SQLAlchemy functionality to write queries.
from sqlalchemy.sql import select
# We need hashlib to play with password hashes.
import hashlib
# random and string for salt generation
import string, random
def generate_salt(size=16, chars=string.ascii_letters + string.digits):
"""
Generates a salt according to `this StackOverflow answer
<http://stackoverflow.com/a/2257449>`_.
"""
return ''.join(random.choice(chars) for x in range(size))
def hash_password(password, salt):
"""
Salts and hashes the password, returning hex-encoded string of the
SHA256 hash.
"""
return hashlib.sha256(salt + password).hexdigest()
#!/usr/bin/env python
"""
Module to manipulate git repositories and their hooks.
"""
# We'll need the schema module to play with the database.
from schema import db
import schema
repos = schema.get_table('repositories')
repo_acls = schema.get_table('repository_acls')
users = schema.get_table('users') # repository ACLs refer to users
repo_root = "/opt/git"
base_hook_dir = 'default_hooks' # name of directory from which we grab hook code
# We'll also need some SQLAlchemy functionality to write queries.
from sqlalchemy.sql import select
from sqlalchemy.sql.expression import and_, or_, join, outerjoin, subquery
# We do a lot of path manipulation...
import os
def format_name(name):
# append .git extension if missing; it seems to be a convention
if len(name) < 4 or name[-4:] != ".git":
name += ".git"
# make sure the path derives from the root
# TODO: we need canonicalization here to prevent traversal attacks
path = os.path.join(repo_root, name)
#!/usr/bin/env python
# We'll need the schema module to play with the database.
from schema import db
import schema
keys = schema.get_table('keys')
users = schema.get_table('users') # used when generating authorized_keys
# We'll also need some SQLAlchemy functionality to write queries.
from sqlalchemy.sql import select
# os.path and errno are used in rewriting the authorized_keys file
import os, errno
# TODO: We assume RSA keys at the moment.
def validate_key(key):
"""
Validate that a given string looks like a proper public key.
"""
# Validate that the string parses
import base64, binascii
try:
base64.decodestring(key)
except binascii.Error:
return False
# Validate the Base64 alphabet described in RFC 3548
valid_chars = [chr(ord('A') + i) for i in range(26)]
valid_chars += [chr(ord('a') + i) for i in range(26)]
valid_chars += [chr(ord('0') + i) for i in range(10)]
valid_chars += ['+', '/', '=']
#!/usr/bin/env python
"""
Module to manipulate git repositories and their hooks.
"""
# We'll need the schema module to play with the database.
from schema import db
import schema
repos = schema.get_table("repositories")
repo_acls = schema.get_table("repository_acls")
users = schema.get_table("users") # repository ACLs refer to users
repo_root = "/opt/git"
base_hook_dir = "default_hooks" # name of directory from which we grab hook code
# We'll also need some SQLAlchemy functionality to write queries.
from sqlalchemy.sql import select
from sqlalchemy.sql.expression import and_, or_, join, outerjoin, subquery
# We do a lot of path manipulation...
import os
def format_name(name):
# append .git extension if missing; it seems to be a convention
if len(name) < 4 or name[-4:] != ".git":
name += ".git"
# make sure the path derives from the root
# TODO: we need canonicalization here to prevent traversal attacks
#!/usr/bin/env python
# We'll need the schema module to play with the database.
from schema import db
import schema
users = schema.get_table('users')
repo_acls = schema.get_table('repository_acls')
# We'll also need some SQLAlchemy functionality to write queries.
from sqlalchemy.sql import select
# We need hashlib to play with password hashes.
import hashlib
# random and string for salt generation
import string, random
def generate_salt(size=16, chars=string.ascii_letters + string.digits):
"""
Generates a salt according to `this StackOverflow answer
<http://stackoverflow.com/a/2257449>`_.
"""
return ''.join(random.choice(chars) for x in range(size))
def hash_password(password, salt):
"""
Salts and hashes the password, returning hex-encoded string of the
SHA256 hash.
"""
return hashlib.sha256(salt + password).hexdigest()
def create_user(name, password, commit_name=None, commit_email=None, can_create_users=False, can_create_repositories=False):
#!/usr/bin/env python
# We'll need the schema module to play with the database.
from schema import db
import schema
keys = schema.get_table('keys')
users = schema.get_table('users') # used when generating authorized_keys
# We'll also need some SQLAlchemy functionality to write queries.
from sqlalchemy.sql import select
# os.path and errno are used in rewriting the authorized_keys file
import os, errno
# TODO: We assume RSA keys at the moment.
def validate_key(key):
"""
Validate that a given string looks like a proper public key.
"""
# Validate that the string parses
import base64, binascii
try:
base64.decodestring(key)
except binascii.Error:
return False
# Validate the Base64 alphabet described in RFC 3548
valid_chars = [chr(ord('A') + i) for i in range(26)]
valid_chars += [chr(ord('a') + i) for i in range(26)]
valid_chars += [chr(ord('0') + i) for i in range(10)]
