def http_auth(request):
try:
unauthorized_httpResponse = HttpResponse(status=401)
unauthorized_httpResponse[
'WWW-Authenticate'] = 'Basic realm="%s"' % 'Restricted'
if not request.META.has_key('HTTP_X_SET_REQUESTURI'):
return unauthorized_httpResponse
orgi_request_uri = request.META['HTTP_X_SET_REQUESTURI'].strip()
(desc_username, desc_reponame,
action) = _get_desc_name(orgi_request_uri)
if desc_username == '' or desc_reponame == '':
return unauthorized_httpResponse
suffix = '.git'
if desc_reponame.endswith(suffix):
desc_reponame = desc_reponame[0:len(desc_reponame) - len(suffix)]
repo = RepoManager.get_repo_by_name(desc_username, desc_reponame)
if repo is None:
return unauthorized_httpResponse
# if deploy key
if 'git-receive-pack' not in orgi_request_uri:
deploy_key = None
username, password = _http_authenticate_name_password(request)
if username is not None:
deploy_key = username
if deploy_key is not None and deploy_key != '' and repo.deploy_url == deploy_key:
return HttpResponse(status=200)
if repo.auth_type == 0:
# if orgi_request_uri.endswith('?service=git-receive-pack') or action == 'git-receive-pack':
if 'git-receive-pack' in orgi_request_uri:
user = _http_authenticate_user(request)
if not RepoManager.is_allowed_access_repo(
repo, user, REPO_PERMISSION.WRITE):
return unauthorized_httpResponse
return HttpResponse(status=200)
else:
user = _http_authenticate_user(request)
if 'git-receive-pack' in orgi_request_uri:
if RepoManager.is_allowed_access_repo(repo, user,
REPO_PERMISSION.WRITE):
return HttpResponse(status=200)
else:
if RepoManager.is_allowed_access_repo(
repo, user, REPO_PERMISSION.READ_ONLY):
return HttpResponse(status=200)
except Exception, e:
print e
def http_auth(request):
try:
unauthorized_httpResponse = HttpResponse(status=401)
unauthorized_httpResponse['WWW-Authenticate'] = 'Basic realm="%s"' % 'Restricted'
if not request.META.has_key('HTTP_X_SET_REQUESTURI'):
return unauthorized_httpResponse
orgi_request_uri = request.META['HTTP_X_SET_REQUESTURI'].strip()
(desc_username, desc_reponame, action) = _get_desc_name(orgi_request_uri)
if desc_username == '' or desc_reponame == '':
return unauthorized_httpResponse
suffix = '.git'
if desc_reponame.endswith(suffix):
desc_reponame = desc_reponame[0:len(desc_reponame)-len(suffix)]
repo = RepoManager.get_repo_by_name(desc_username, desc_reponame)
if repo is None:
return unauthorized_httpResponse
# if deploy key
if 'git-receive-pack' not in orgi_request_uri:
deploy_key = None
username, password = _http_authenticate_name_password(request)
if username is not None:
deploy_key = username
if deploy_key is not None and deploy_key != '' and repo.deploy_url == deploy_key:
return HttpResponse(status=200)
if repo.auth_type == 0:
# if orgi_request_uri.endswith('?service=git-receive-pack') or action == 'git-receive-pack':
if 'git-receive-pack' in orgi_request_uri:
user = _http_authenticate_user(request)
if not RepoManager.is_allowed_access_repo(repo, user, REPO_PERMISSION.WRITE):
return unauthorized_httpResponse
return HttpResponse(status=200)
else:
user = _http_authenticate_user(request)
if 'git-receive-pack' in orgi_request_uri:
if RepoManager.is_allowed_access_repo(repo, user, REPO_PERMISSION.WRITE):
return HttpResponse(status=200)
else:
if RepoManager.is_allowed_access_repo(repo, user, REPO_PERMISSION.READ_ONLY):
return HttpResponse(status=200)
except Exception, e:
print e
def wrap(request, *args, **kwargs):
if len(args) >= 2:
user_name = args[0]; repo_name = args[1]
repo = RepoManager.get_repo_by_name(user_name, repo_name)
if repo is None:
return error_with_reason(request, 'repo_not_found')
if repo.auth_type != 0 and not request.user.is_authenticated():
return HttpResponseRedirect('/login/?next=' + urlquote(request.path))
is_allowed_access_repo = RepoManager.is_allowed_access_repo(repo, request.user, REPO_PERMISSION.READ_ONLY)
if not is_allowed_access_repo:
if request.method == 'POST':
return json_failed(403, u'没有管理权限')
return error_with_reason(request, 'repo_permission_denied')
if request.user.is_authenticated():
feedAction = FeedAction()
feedAction.add_recently_view_repo_now(request.user.id, repo.id)
return function(request, *args, **kwargs)
def wrap(request, *args, **kwargs):
if len(args) >= 2:
user_name = args[0]
repo_name = args[1]
repo = RepoManager.get_repo_by_name(user_name, repo_name)
if repo is None:
return error_with_reason(request, 'repo_not_found')
if repo.auth_type != 0 and not request.user.is_authenticated():
return HttpResponseRedirect('/login/?next=' +
urlquote(request.path))
is_allowed_access_repo = RepoManager.is_allowed_access_repo(
repo, request.user, REPO_PERMISSION.READ_ONLY)
if not is_allowed_access_repo:
if request.method == 'POST':
return json_failed(403, u'没有管理权限')
return error_with_reason(request, 'repo_permission_denied')
if request.user.is_authenticated():
feedAction = FeedAction()
feedAction.add_recently_view_repo_now(request.user.id, repo.id)
return function(request, *args, **kwargs)
def keyauth(request, fingerprint, command):
command = command.strip()
last_blank_idx = command.rfind(' ')
if last_blank_idx == -1:
return not_git_command()
pre_command = command[0:last_blank_idx]
short_repo_path = command[last_blank_idx + 1:]
if pre_command == '' or '"' in pre_command or '\'' in pre_command or short_repo_path == '':
return not_git_command()
first_repo_char_idx = -1
slash_idx = -1
last_repo_char_idx = -1
for i in range(0, len(short_repo_path)):
schar = short_repo_path[i]
if first_repo_char_idx == -1 and re.match('\w', schar):
first_repo_char_idx = i
if schar == '/':
slash_idx = i
if re.match('[a-zA-Z0-9_\-]', schar):
last_repo_char_idx = i
if not (first_repo_char_idx > -1 and first_repo_char_idx < slash_idx
and slash_idx < last_repo_char_idx):
return not_git_command()
username = short_repo_path[first_repo_char_idx:slash_idx]
reponame = short_repo_path[slash_idx + 1:last_repo_char_idx + 1]
if reponame.endswith('.git'):
reponame = reponame[0:len(reponame) - 4]
if not (re.match('^[a-zA-Z0-9_\-]+$', username)
and RepoManager.is_allowed_reponame_pattern(reponame)):
return not_git_command()
user = GsuserManager.get_user_by_name(username)
if user is None:
return not_git_command()
userprofile = GsuserManager.get_userprofile_by_id(user.id)
if userprofile is None:
return not_git_command()
if userprofile.used_quote > userprofile.quote:
return not_git_command()
repo = RepoManager.get_repo_by_userId_name(user.id, reponame)
if repo is None:
return not_git_command()
quote = userprofile.quote
# author of the repo
userPubkey = KeyauthManager.get_userpubkey_by_userId_fingerprint(
user.id, fingerprint)
if userPubkey is not None:
return response_full_git_command(quote, pre_command, user, user, repo)
userpubkeys = KeyauthManager.list_userpubkey_by_fingerprint(fingerprint)
for userpubkey in userpubkeys:
# member of the repo
repoMember = RepoManager.get_repo_member(repo.id, userpubkey.user_id)
# member of the team user
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
user.id, userpubkey.user_id)
if repoMember or teamMember:
pushUser = GsuserManager.get_user_by_id(userpubkey.user_id)
if 'git-receive-pack' in pre_command:
if RepoManager.is_allowed_access_repo(repo, pushUser,
REPO_PERMISSION.WRITE):
return response_full_git_command(quote, pre_command,
pushUser, user, repo)
elif RepoManager.is_allowed_access_repo(repo, pushUser,
REPO_PERMISSION.READ_ONLY):
return response_full_git_command(quote, pre_command, pushUser,
user, repo)
return not_git_command()
def keyauth(request, fingerprint, command):
command = command.strip()
last_blank_idx = command.rfind(' ')
if last_blank_idx == -1:
return not_git_command()
pre_command = command[0 : last_blank_idx]
short_repo_path = command[last_blank_idx+1 :]
if pre_command == '' or '"' in pre_command or '\'' in pre_command or short_repo_path == '':
return not_git_command()
first_repo_char_idx = -1
slash_idx = -1
last_repo_char_idx = -1
for i in range(0, len(short_repo_path)):
schar = short_repo_path[i]
if first_repo_char_idx == -1 and re.match('\w', schar):
first_repo_char_idx = i
if schar == '/':
slash_idx = i
if re.match('[a-zA-Z0-9_\-]', schar):
last_repo_char_idx = i
if not (first_repo_char_idx > -1 and first_repo_char_idx < slash_idx and slash_idx < last_repo_char_idx):
return not_git_command()
username = short_repo_path[first_repo_char_idx : slash_idx]
reponame = short_repo_path[slash_idx+1 : last_repo_char_idx+1]
if reponame.endswith('.git'):
reponame = reponame[0 : len(reponame)-4]
if not (re.match('^[a-zA-Z0-9_\-]+$', username) and RepoManager.is_allowed_reponame_pattern(reponame)):
return not_git_command()
user = GsuserManager.get_user_by_name(username)
if user is None:
return not_git_command()
userprofile = GsuserManager.get_userprofile_by_id(user.id)
if userprofile is None:
return not_git_command()
if userprofile.used_quote > userprofile.quote:
return not_git_command()
repo = RepoManager.get_repo_by_userId_name(user.id, reponame)
if repo is None:
return not_git_command()
quote = userprofile.quote
# author of the repo
userPubkey = KeyauthManager.get_userpubkey_by_userId_fingerprint(user.id, fingerprint)
if userPubkey is not None:
return response_full_git_command(quote, pre_command, user, user, repo)
userpubkeys = KeyauthManager.list_userpubkey_by_fingerprint(fingerprint)
for userpubkey in userpubkeys:
# member of the repo
repoMember = RepoManager.get_repo_member(repo.id, userpubkey.user_id)
# member of the team user
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(user.id, userpubkey.user_id)
if repoMember or teamMember:
pushUser = GsuserManager.get_user_by_id(userpubkey.user_id)
if 'git-receive-pack' in pre_command:
if RepoManager.is_allowed_access_repo(repo, pushUser, REPO_PERMISSION.WRITE):
return response_full_git_command(quote, pre_command, pushUser, user, repo)
elif RepoManager.is_allowed_access_repo(repo, pushUser, REPO_PERMISSION.READ_ONLY):
return response_full_git_command(quote, pre_command, pushUser, user, repo)
return not_git_command()
