Add relative git object dir envvars to check access requestfeature/add-pwd-envvar-to-check-access-request

5 files changed, 140 insertions, 7 deletions

diff --git a/CHANGELOG b/CHANGELOG
index dcdb5ac..3e0d977 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,6 @@
+v5.9.4
+  - Add relative git object dir envvars to check access request
+
 v5.9.3
   - Expose GitLab username to hooks in `GL_USERNAME` environment variable
 
diff --git a/VERSION b/VERSION
index 99a8b57..c5b7013 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-5.9.3
+5.9.4
diff --git a/lib/gitlab_access.rb b/lib/gitlab_access.rb
index 3cdeb3e..e1a5e35 100644
--- a/lib/gitlab_access.rb
+++ b/lib/gitlab_access.rb
@@ -3,6 +3,7 @@ require_relative 'gitlab_net'
 require_relative 'gitlab_access_status'
 require_relative 'names_helper'
 require_relative 'gitlab_metrics'
+require_relative 'object_dirs_helper'
 require 'json'
 
 class GitlabAccess
@@ -23,12 +24,7 @@ class GitlabAccess
 
   def exec
     status = GitlabMetrics.measure('check-access:git-receive-pack') do
-      env = {
-        "GIT_ALTERNATE_OBJECT_DIRECTORIES" => ENV["GIT_ALTERNATE_OBJECT_DIRECTORIES"],
-        "GIT_OBJECT_DIRECTORY" => ENV["GIT_OBJECT_DIRECTORY"]
-      }
-
-      api.check_access('git-receive-pack', @gl_repository, @repo_path, @actor, @changes, @protocol, env: env.to_json)
+      api.check_access('git-receive-pack', @gl_repository, @repo_path, @actor, @changes, @protocol, env: ObjectDirsHelper.all_attributes.to_json)
     end
 
     raise AccessDeniedError, status.message unless status.allowed?
diff --git a/lib/object_dirs_helper.rb b/lib/object_dirs_helper.rb
new file mode 100644
index 0000000..e175a03
--- /dev/null
+++ b/lib/object_dirs_helper.rb
@@ -0,0 +1,39 @@
+require 'pathname'
+
+class ObjectDirsHelper
+  class << self
+    def all_attributes
+      {
+        "GIT_ALTERNATE_OBJECT_DIRECTORIES" => absolute_alt_object_dirs,
+        "GIT_ALTERNATE_OBJECT_DIRECTORIES_RELATIVE" => relative_alt_object_dirs,
+        "GIT_OBJECT_DIRECTORY" => absolute_object_dir,
+        "GIT_OBJECT_DIRECTORY_RELATIVE" => relative_object_dir
+      }
+    end
+
+    def absolute_object_dir
+      ENV['GIT_OBJECT_DIRECTORY']
+    end
+
+    def relative_object_dir
+      relative_path(absolute_object_dir)
+    end
+
+    def absolute_alt_object_dirs
+      ENV['GIT_ALTERNATE_OBJECT_DIRECTORIES'].to_s.split(File::PATH_SEPARATOR)
+    end
+
+    def relative_alt_object_dirs
+      absolute_alt_object_dirs.map { |dir| relative_path(dir) }.compact
+    end
+
+    private
+
+    def relative_path(absolute_path)
+      return if absolute_path.nil?
+
+      repo_dir = Dir.pwd
+      Pathname.new(absolute_path).relative_path_from(Pathname.new(repo_dir)).to_s
+    end
+  end
+end
diff --git a/spec/object_dirs_helper_spec.rb b/spec/object_dirs_helper_spec.rb
new file mode 100644
index 0000000..c2d0db7
--- /dev/null
+++ b/spec/object_dirs_helper_spec.rb
@@ -0,0 +1,95 @@
+require_relative 'spec_helper'
+require_relative '../lib/object_dirs_helper'
+
+describe ObjectDirsHelper do
+  before do
+    allow(Dir).to receive(:pwd).and_return('/home/git/repositories/foo/bar.git')
+  end
+
+  describe '.all_attributes' do
+    it do
+      expect(described_class.all_attributes.keys).to include(*%w[
+                                                        GIT_OBJECT_DIRECTORY
+                                                        GIT_OBJECT_DIRECTORY_RELATIVE
+                                                        GIT_ALTERNATE_OBJECT_DIRECTORIES
+                                                        GIT_ALTERNATE_OBJECT_DIRECTORIES_RELATIVE
+                                                             ])
+    end
+  end
+
+  describe '.absolute_object_dir' do
+    subject { described_class.absolute_object_dir }
+
+    context 'when GIT_OBJECT_DIRECTORY is set' do
+      let(:dir) { '/home/git/repositories/foo/bar.git/./objects' }
+
+      before do
+        allow(ENV).to receive(:[]).with('GIT_OBJECT_DIRECTORY').and_return(dir)
+      end
+
+      it { expect(subject).to eq(dir) }
+    end
+
+    context 'when GIT_OBJECT_DIRECTORY is not set' do
+      it { expect(subject).to be_nil }
+    end
+  end
+
+  describe '.absolute_alt_object_dirs' do
+    subject { described_class.absolute_alt_object_dirs }
+
+    context 'when GIT_ALTERNATE_OBJECT_DIRECTORIES is set' do
+      let(:dirs) { [
+        '/home/git/repositories/foo/bar.git/./incoming-UKU6Gl',
+        '/home/git/repositories/foo/bar.git/./incoming-AcU7Qr'
+      ] }
+
+      before do
+        allow(ENV).to receive(:[]).with('GIT_ALTERNATE_OBJECT_DIRECTORIES').and_return(dirs.join(File::PATH_SEPARATOR))
+      end
+
+      it { expect(subject).to eq(dirs) }
+    end
+
+    context 'when GIT_ALTERNATE_OBJECT_DIRECTORIES is not set' do
+      it { expect(subject).to eq([]) }
+    end
+  end
+
+  describe '.relative_alt_object_dirs' do
+    subject { described_class.relative_alt_object_dirs }
+
+    context 'when GIT_ALTERNATE_OBJECT_DIRECTORIES is set' do
+      let(:dirs) { [
+        '/home/git/repositories/foo/bar.git/./objects/incoming-UKU6Gl',
+        '/home/git/repositories/foo/bar.git/./objects/incoming-AcU7Qr'
+      ] }
+
+      before do
+        allow(ENV).to receive(:[]).with('GIT_ALTERNATE_OBJECT_DIRECTORIES').and_return(dirs.join(File::PATH_SEPARATOR))
+      end
+
+      it { expect(subject).to eq(['objects/incoming-UKU6Gl', 'objects/incoming-AcU7Qr']) }
+    end
+
+    context 'when GIT_ALTERNATE_OBJECT_DIRECTORIES is not set' do
+      it { expect(subject).to eq([]) }
+    end
+  end
+
+  describe '.relative_object_dir' do
+    subject { described_class.relative_object_dir }
+
+    context 'when GIT_OBJECT_DIRECTORY is set' do
+      before do
+        allow(ENV).to receive(:[]).with('GIT_OBJECT_DIRECTORY').and_return('/home/git/repositories/foo/bar.git/./objects')
+      end
+
+      it { expect(subject).to eq('objects') }
+    end
+
+    context 'when GIT_OBJECT_DIRECTORY is not set' do
+      it { expect(subject).to be_nil }
+    end
+  end
+end