From 9d66497abca96905fbeba53bf8983301710d6064 Mon Sep 17 00:00:00 2001 From: Thibault Meyer Date: Sun, 18 Sep 2016 10:54:33 +0200 Subject: [PATCH 1/3] Can disable GIT interactions by HTTP protocol --- conf/app.ini | 2 ++ modules/context/repo.go | 1 + modules/setting/setting.go | 1 + routers/repo/http.go | 5 +++++ templates/repo/bare.tmpl | 14 ++++++++++---- templates/repo/home.tmpl | 14 ++++++++++---- templates/repo/wiki/view.tmpl | 16 +++++++++++----- 7 files changed, 40 insertions(+), 13 deletions(-) diff --git a/conf/app.ini b/conf/app.ini index 8110ac851..b0c0a6f43 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -24,6 +24,8 @@ PULL_REQUEST_QUEUE_LENGTH = 1000 ; Preferred Licenses to place at the top of the List ; Name must match file name in conf/license or custom/conf/license PREFERRED_LICENSES = Apache License 2.0,MIT License +; Disable ability to interact with repositories by HTTP protocol +DISABLE_HTTP_GIT= false [repository.editor] ; List of file extensions that should have line wraps in the CodeMirror editor diff --git a/modules/context/repo.go b/modules/context/repo.go index f078523e7..8b52a20a4 100644 --- a/modules/context/repo.go +++ b/modules/context/repo.go @@ -256,6 +256,7 @@ func RepoAssignment(args ...bool) macaron.Handler { ctx.Data["IsRepositoryWriter"] = ctx.Repo.IsWriter() ctx.Data["DisableSSH"] = setting.SSH.Disabled + ctx.Data["DisableHTTP"] = setting.Repository.DisableHttpGit ctx.Data["CloneLink"] = repo.CloneLink() ctx.Data["WikiCloneLink"] = repo.WikiCloneLink() diff --git a/modules/setting/setting.go b/modules/setting/setting.go index cff3e7dbc..0e0d8f9d3 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -116,6 +116,7 @@ var ( MirrorQueueLength int PullRequestQueueLength int PreferredLicenses []string + DisableHttpGit bool // Repository editor settings Editor struct { diff --git a/routers/repo/http.go b/routers/repo/http.go index 80afcec41..47cc19945 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -479,6 +479,11 @@ func HTTPBackend(ctx *context.Context, cfg *serviceConfig) http.HandlerFunc { for _, route := range routes { r.URL.Path = strings.ToLower(r.URL.Path) // blue: In case some repo name has upper case name if m := route.reg.FindStringSubmatch(r.URL.Path); m != nil { + if setting.Repository.DisableHttpGit { + w.WriteHeader(http.StatusForbidden) + w.Write([]byte("Interacting with repositories by HTTP protocol is not allowed")) + return + } if route.method != r.Method { if r.Proto == "HTTP/1.1" { w.WriteHeader(http.StatusMethodNotAllowed) diff --git a/templates/repo/bare.tmpl b/templates/repo/bare.tmpl index 63baea16a..af45e672c 100644 --- a/templates/repo/bare.tmpl +++ b/templates/repo/bare.tmpl @@ -16,15 +16,21 @@

{{.i18n.Tr "repo.clone_this_repo"}} {{.i18n.Tr "repo.clone_helper" "http://git-scm.com/book/en/Git-Basics-Getting-a-Git-Repository" | Str2html}}

- + {{if not $.DisableHTTP}} + + {{end}} {{if not $.DisableSSH}} {{end}} - + {{if not $.DisableHTTP}} + + {{else}} + + {{end}} diff --git a/templates/repo/home.tmpl b/templates/repo/home.tmpl index c0c06a143..52d93a213 100644 --- a/templates/repo/home.tmpl +++ b/templates/repo/home.tmpl @@ -51,15 +51,21 @@ {{if eq $n 0}}
- + {{if not $.DisableHTTP}} + + {{end}} {{if not $.DisableSSH}} {{end}} - + {{if not $.DisableHTTP}} + + {{else}} + + {{end}} diff --git a/templates/repo/wiki/view.tmpl b/templates/repo/wiki/view.tmpl index ff828789c..7c4f34fb1 100644 --- a/templates/repo/wiki/view.tmpl +++ b/templates/repo/wiki/view.tmpl @@ -29,15 +29,21 @@
- + {{if not $.DisableHTTP}} + + {{end}} {{if not $.DisableSSH}} - {{end}} - + {{if not $.DisableHTTP}} + + {{else}} + + {{end}} From 93f1eabe3087ac723f8f404def8dba40359f0d64 Mon Sep 17 00:00:00 2001 From: Thibault Meyer Date: Tue, 4 Oct 2016 18:58:14 +0200 Subject: [PATCH 2/3] rename variable + fix wiki link --- modules/context/repo.go | 2 +- modules/setting/setting.go | 3 ++- routers/repo/http.go | 2 +- templates/repo/wiki/view.tmpl | 8 ++++---- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/modules/context/repo.go b/modules/context/repo.go index 8b52a20a4..b3d483df3 100644 --- a/modules/context/repo.go +++ b/modules/context/repo.go @@ -256,7 +256,7 @@ func RepoAssignment(args ...bool) macaron.Handler { ctx.Data["IsRepositoryWriter"] = ctx.Repo.IsWriter() ctx.Data["DisableSSH"] = setting.SSH.Disabled - ctx.Data["DisableHTTP"] = setting.Repository.DisableHttpGit + ctx.Data["DisableHTTP"] = setting.Repository.DisableHTTPGit ctx.Data["CloneLink"] = repo.CloneLink() ctx.Data["WikiCloneLink"] = repo.WikiCloneLink() diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 0e0d8f9d3..647003107 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -116,7 +116,7 @@ var ( MirrorQueueLength int PullRequestQueueLength int PreferredLicenses []string - DisableHttpGit bool + DisableHTTPGit bool // Repository editor settings Editor struct { @@ -491,6 +491,7 @@ func NewContext() { // Determine and create root git repository path. sec = Cfg.Section("repository") + Repository.DisableHTTPGit = sec.Key("DISABLE_HTTP_GIT").MustBool() RepoRootPath = sec.Key("ROOT").MustString(path.Join(homeDir, "gogs-repositories")) forcePathSeparator(RepoRootPath) if !filepath.IsAbs(RepoRootPath) { diff --git a/routers/repo/http.go b/routers/repo/http.go index 47cc19945..65a5d5fac 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -479,7 +479,7 @@ func HTTPBackend(ctx *context.Context, cfg *serviceConfig) http.HandlerFunc { for _, route := range routes { r.URL.Path = strings.ToLower(r.URL.Path) // blue: In case some repo name has upper case name if m := route.reg.FindStringSubmatch(r.URL.Path); m != nil { - if setting.Repository.DisableHttpGit { + if setting.Repository.DisableHTTPGit { w.WriteHeader(http.StatusForbidden) w.Write([]byte("Interacting with repositories by HTTP protocol is not allowed")) return diff --git a/templates/repo/wiki/view.tmpl b/templates/repo/wiki/view.tmpl index 7c4f34fb1..dc4938ab0 100644 --- a/templates/repo/wiki/view.tmpl +++ b/templates/repo/wiki/view.tmpl @@ -30,19 +30,19 @@
{{if not $.DisableHTTP}} - {{end}} {{if not $.DisableSSH}} - {{end}} {{if not $.DisableHTTP}} - + {{else}} - + {{end}}