-- @@SHEBANG -- -*- Lua -*- -- command cgi -- -- Git (with) Augmented network operations -- User authentication wrapper -- -- Copyright 2014-2017 Richard Ipsum -- All rights reserved. -- -- Redistribution and use in source and binary forms, with or without -- modification, are permitted provided that the following conditions -- are met: -- 1. Redistributions of source code must retain the above copyright -- notice, this list of conditions and the following disclaimer. -- 2. Redistributions in binary form must reproduce the above copyright -- notice, this list of conditions and the following disclaimer in the -- documentation and/or other materials provided with the distribution. -- 3. Neither the name of the author nor the names of their contributors -- may be used to endorse or promote products derived from this software -- without specific prior written permission. -- -- THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- SUCH DAMAGE. -- -- -- @@GITANO_LUA_PATH local gitano = require "gitano" local gall = require "gall" local luxio = require "luxio" local sio = require "luxio.simple" -- @@GITANO_BIN_PATH -- @@GITANO_SHARE_PATH -- @@GITANO_I18N_PATH -- @@GITANO_PLUGIN_PATH local stdout = sio.stdout function url_decode(str) str = string.gsub(str, "+", " ") str = string.gsub(str, "%%(%x%x)", function(h) return string.char(tonumber(h,16)) end) str = string.gsub(str, "\r\n", "\n") return str end if os.getenv("QUERY_STRING") then local query_string = url_decode(os.getenv("QUERY_STRING")) local cmdline = query_string local _, e = string.find(query_string, "cmd=") if not e then stdout:write("Status: 400 Bad request\r\n\r\n") stdout:write("FATAL: " .. gitano.i18n.expand("ERROR_NO_COMMAND") .. "\n") return end cmdline = string.sub(query_string, e + 1, #query_string) if cmdline == '' then stdout:write("Status: 400 Bad request\r\n\r\n") stdout:write("FATAL: " .. gitano.i18n.expand("ERROR_NO_COMMAND") .. "\n") return end local user = os.getenv("REMOTE_USER") or "gitano/anonymous" gitano.log.buffer_output() local start_log_level = gitano.log.get_level() gitano.log.cap_level(gitano.log.level.INFO) local transactionid = gitano.log.syslog.open() local authorized, cmd, parsed_cmdline, config, env, repo = gitano.auth.is_authorized(user, "http", cmdline, os.getenv("GITANO_ROOT"), transactionid, start_log_level) if authorized then local exit = gitano.util.run_command(cmd, cmdline, parsed_cmdline, user, config, env, repo) stdout:write("Status: " .. (exit == 0 and "200 OK" or "400 Bad request") .. "\r\n\r\n") stdout:write(gitano.log.get_buffered_output() or "") else stdout:write("Status: 403 Forbidden\r\n\r\n") stdout:write(gitano.log.get_buffered_output() or "") stdout:write("FATAL: " .. gitano.i18n.expand("ERROR_NOT_AUTHORISED") .. "\n") end gitano.log.syslog.close() else stdout:write("Status: 400 Bad request\r\n\r\n") stdout:write("FATAL: " .. gitano.i18n.expand("ERROR_NO_COMMAND") .. "\n") end