···
incomingUser = flag.String("user", "", "Allowed git user")
baseDirFlag = flag.String("base-dir", "/home/git", "Base directory for git repositories")
logPathFlag = flag.String("log-path", "/var/log/git-wrapper.log", "Path to log file")
29
-
endpoint = flag.String("internal-api", "http://localhost:5555", "Internal API endpoint")
29
+
endpoint = flag.String("internal-api", "http://localhost:5444", "Internal API endpoint")
···
71
-
components := filepath.SplitList(cmdParts[2])
72
+
components := strings.Split(strings.Trim(cmdParts[1], "'"), "/")
73
+
logEvent("Command components", map[string]interface{}{
74
+
"components": components,
if len(components) != 2 {
exitWithLog("invalid repo format, needs <user>/<repo>")
···
if gitCommand != "git-upload-pack" {
if !isPushPermitted(*incomingUser, qualifiedRepoName) {
96
+
logEvent("all infos", map[string]interface{}{
97
+
"did": *incomingUser,
98
+
"reponame": qualifiedRepoName,
exitWithLog("access denied: user not allowed")
···
func isPushPermitted(user, qualifiedRepoName string) bool {
190
-
url, _ := url.Parse(*endpoint + "/push-allowed/")
191
-
url.Query().Add(user, user)
192
-
url.Query().Add(user, qualifiedRepoName)
198
+
u, _ := url.Parse(*endpoint + "/push-allowed")
200
+
q.Add("user", user)
201
+
q.Add("repo", qualifiedRepoName)
202
+
u.RawQuery = q.Encode()
194
-
req, err := http.Get(url.String())
204
+
req, err := http.Get(u.String())
exitWithLog(fmt.Sprintf("error verifying permissions: %v", err))
209
+
logEvent("url", map[string]interface{}{
211
+
"status": req.Status,
return req.StatusCode == http.StatusNoContent
kot.pink
anirudh.fi