Merge remote-tracking branch 'ri/richardipsum/refactor'

author: Daniel Silverstone <dsilvers@digital-scurf.org> 2014-05-16 18:03:13 +0100
committer: Daniel Silverstone <dsilvers@digital-scurf.org> 2014-05-16 18:03:13 +0100
commit: f010726f585dc15f71673ca4be749757e9ed10cb (patch)
tree: 5a85de10bfdc398392e3176df2382172b956d942
parent: 93f36f49ff6a92f307e1eacbdd91673734ca7dc5 (diff)
parent: 800ec03542c7bc09afbddce9a2b01f94d615fce9 (diff)
download: gitano-f010726f585dc15f71673ca4be749757e9ed10cb.tar.gz
5 files changed, 38 insertions, 158 deletions
diff --git a/bin/gitano-auth.in b/bin/gitano-auth.in
index 3901166..2190ae0 100644
--- a/bin/gitano-auth.in
+++ b/bin/gitano-auth.in
@@ -20,152 +20,28 @@ local sp = require "luxio.subprocess"
 -- @@GITANO_SHARE_PATH
 -- @@GITANO_PLUGIN_PATH
 
-local repo_root, username, keytag = ...
+local repo_root, user, keytag = ...
 
 gitano.config.repo_path(repo_root)
 
 local cmdline = luxio.getenv "SSH_ORIGINAL_COMMAND" or ""
 
-local transactionid = gitano.log.syslog.open()
-
 if cmdline:match("^[ \t\n]*$") then
    gitano.log.fatal("No command provided, cannot continue")
 end
 
-local parsed_cmdline, warnings = gitano.util.parse_cmdline(cmdline)
-
-local start_log_level = gitano.log.get_level()
--- Clamp level at info until we have checked if the caller
--- is an admin or not
-gitano.log.cap_level(gitano.log.level.INFO)
-
-if (#warnings > 0) then
-   gitano.log.error("Warnings encountered parsing commandline.");
-   gitano.log.warn("\t" ..  cmdline)
-   gitano.log.warn("")
-   gitano.log.warn("Parsed as:")
-   for i = 1, #parsed_cmdline do
-      gitano.log.warn(("  =[%2d]> %s"):format(i, parsed_cmdline[i]))
-   end
-   gitano.log.warn("\nWarnings were:")
-   for i = 1, #warnings do
-      gitano.log.warn(" * " .. warnings[i])
-   end
-   gitano.log.warn("")
-   gitano.log.fatal("Game over, sorry\n")
-end
-
--- Now load the administration data
-
-local admin_repo = gall.repository.new((repo_root or "") .. "/gitano-admin.git")
-
-if not admin_repo then
-   gitano.log.fatal("Unable to locate administration repository.  Cannot continue");
-end
-
-local admin_head = admin_repo:get(admin_repo.HEAD)
-
-if not admin_head then
-   gitano.log.fatal("Unable to find the HEAD of the administration repository.  Cannot continue");
-end
-
-local config, msg = gitano.config.parse(admin_head)
-
-if not config then
-   gitano.log.critical("Unable to parse administration repository.")
-   gitano.log.critical("  * " .. (msg or "No error?"))
-   gitano.log.fatal("Cannot continue")
-end
-
--- Now, are we an admin?
-if config.groups["gitano-admin"].filtered_members[username] then
-   -- Yep, so blithely reset logging level
-   gitano.log.set_level(start_log_level)
-end
-
-if not config.global.silent then
-   -- Not silent, bump to chatty level automatically
-   gitano.log.bump_level(gitano.log.level.CHAT)
-end
-
-local repo
-
--- Find the command
+local authorized, cmd, parsed_cmdline, config, env, repo =
+   gitano.auth.is_authorized(user, "ssh", cmdline, repo_root)
 
+if authorized then
+   local exit = gitano.util.run_command(cmd, cmdline, parsed_cmdline,
+      user, config, env, repo)
 
-ip = string.match(luxio.getenv "SSH_CLIENT", "^[^ ]+") or ""
-
-gitano.log.syslog.info("Client connected from", ip, "as", username,
-                       "(" .. keytag .. ")", "Executing command:",
-                       cmdline)
-
-local cmd = gitano.command.get(parsed_cmdline[1])
-
-if not cmd then
-   gitano.log.fatal("Unknown command: " .. parsed_cmdline[1])
-end
-
-if cmd.takes_repo then
-   repo, parsed_cmdline = cmd.detect_repo(config, parsed_cmdline)
-   if not repo and not parsed_cmdline then
-      gitano.log.fatal("Failed to acquire repository object")
+   if exit ~= 0 then
+      gitano.log.fatal("Error running command, exiting")
    end
-end
-
--- Validate the commandline, massaging it as necessary.
-
-if not cmd.validate(config, repo, parsed_cmdline) then
-   gitano.log.fatal("Validation of command line failed")
-end
-
--- Construct our context ready for prep
-local context = {
-   source = "ssh",
-   user = username,
-   keytag = keytag,
-}
-
-local action, reason = cmd.prep(config, repo, parsed_cmdline, context)
-
-if not action then
-   gitano.log.crit(reason)
-   gitano.log.fatal("Ruleset did not complete cleanly")
-end
-
-if action == "allow" then
-   gitano.log.info(reason or "Ruleset permitted action")
-else
-   gitano.log.critical(reason)
-   gitano.log.fatal("Ruleset denied action.  Sorry.")
-end
-
-gitano.log.debug("Welcome to " .. config.global.site_name)
-gitano.log.debug("Running:")
-for i = 1, #parsed_cmdline do
-   gitano.log.debug(" => " .. parsed_cmdline[i])
-end
-gitano.log.debug("")
-gitano.log.debug("On behalf of " .. username .. " using key " .. keytag)
-
--- Set up some useful environment variables
-
-local env = {
-   ["GITANO_ROOT"] = repo_root,
-   ["GITANO_USER"] = username,
-   ["GITANO_KEYTAG"] = keytag,
-   ["GITANO_PROJECT"] = (repo or {}).name,
-   ["GITANO_SOURCE"] = "ssh",
-   ["GITANO_TRANSACTION_ID"] = transactionid,
-}
-
-local how, why = cmd.run(config, repo, parsed_cmdline, env)
-
-if how ~= "exit" or why ~= 0 then
-   gitano.log.critical("Error running sub-process:",
-		       ("%s (%d)"):format(how, why))
-   gitano.log.fatal("Unable to continue")
 else
-   gitano.log.syslog.info(cmdline, "completed successfully")
+   gitano.log.fatal("Not authorized")
 end
 
 gitano.log.syslog.close()
diff --git a/bin/gitano-command.cgi.in b/bin/gitano-command.cgi.in
index 1954635..2fa1db2 100755
--- a/bin/gitano-command.cgi.in
+++ b/bin/gitano-command.cgi.in
@@ -29,26 +29,6 @@ function url_decode(str)
   return str
 end
 
-function run_command(cmd, cmdline, parsed_cmdline, user, config, env, repo)
-   gitano.log.debug("Welcome to " .. config.global.site_name)
-   gitano.log.debug("Running:")
-   for i = 1, #parsed_cmdline do
-      gitano.log.debug(" => " .. parsed_cmdline[i])
-   end
-   gitano.log.debug("")
-   gitano.log.debug("On behalf of " .. user .. " using key " .. env["GITANO_KEYTAG"])
-
-   local how, why = cmd.run(config, repo, parsed_cmdline, env)
-
-   if how ~= "exit" or why ~= 0 then
-      gitano.log.critical("Error running " .. parsed_cmdline[1] .. ": " .. how)
-      return why
-   else
-      gitano.log.syslog.info(cmdline, "completed successfully")
-      return 0
-   end
-end
-
 if os.getenv("QUERY_STRING") then
    local query_string = url_decode(os.getenv("QUERY_STRING"))
    local cmdline = query_string
@@ -74,10 +54,10 @@ if os.getenv("QUERY_STRING") then
    gitano.log.buffer_output()
 
    local authorized, cmd, parsed_cmdline, config, env, repo =
-      gitano.auth.is_authorized(user, "http", cmdline)
+      gitano.auth.is_authorized(user, "http", cmdline, os.getenv("GITANO_ROOT"))
 
    if authorized then
-      local exit = run_command(cmd, cmdline, parsed_cmdline,
+      local exit = gitano.util.run_command(cmd, cmdline, parsed_cmdline,
 			       user, config, env, repo)
 
       stdout:write("Status: " .. (exit == 0 and "200 OK" or "400 Bad request")
diff --git a/bin/gitano-smart-http.cgi.in b/bin/gitano-smart-http.cgi.in
index 017c4e7..f294b28 100755
--- a/bin/gitano-smart-http.cgi.in
+++ b/bin/gitano-smart-http.cgi.in
@@ -59,7 +59,8 @@ if request_method == "GET" or request_method == "POST" then
    local user = os.getenv("REMOTE_USER") or "gitano/anonymous"
    local cmdline = parse_request(request_method)
 
-   if cmdline and gitano.auth.is_authorized(user, "http", cmdline) then
+   if cmdline and gitano.auth.is_authorized(user, "http", cmdline,
+                                            os.getenv("GITANO_ROOT")) then
       local proc = subprocess.spawn_simple({"git", "http-backend"})
       local exit_code
 
diff --git a/lib/gitano/auth.lua b/lib/gitano/auth.lua
index 8c3a4e6..2e275dd 100644
--- a/lib/gitano/auth.lua
+++ b/lib/gitano/auth.lua
@@ -49,8 +49,7 @@ local function set_environment(repo_root, repo, context, transactionid)
    return env
 end
 
-local function is_authorized(user, source, cmdline)
-   local repo_root = os.getenv("GITANO_ROOT")
+local function is_authorized(user, source, cmdline, repo_root)
    local keytag = ""
    local authorized = false
 
diff --git a/lib/gitano/util.lua b/lib/gitano/util.lua
index 291c68d..ab8730a 100644
--- a/lib/gitano/util.lua
+++ b/lib/gitano/util.lua
@@ -15,6 +15,28 @@ local tconcat = table.concat
 
 local check_password = scrypt.verify_password
 
+local function run_command(cmd, cmdline, parsed_cmdline, user,
+                           config, env, repo)
+   log.debug("Welcome to " .. config.global.site_name)
+   log.debug("Running:")
+   for i = 1, #parsed_cmdline do
+      log.debug(" => " .. parsed_cmdline[i])
+   end
+   log.debug("")
+   log.debug("On behalf of " .. user .. " using key " .. env["GITANO_KEYTAG"])
+
+   local how, why = cmd.run(config, repo, parsed_cmdline, env)
+
+   if how ~= "exit" or why ~= 0 then
+      log.critical("Error running " .. parsed_cmdline[1] .. ": " .. how)
+      log.critical("Unable to continue")
+      return why
+   else
+      log.syslog.info(cmdline, "completed successfully")
+      return 0
+   end
+end
+
 local function hash_password(password)
    -- For the moment we are using scrypt,
    -- we may decide to use other hash functions in the future
@@ -502,4 +524,6 @@ return {
 
    hash_password = hash_password,
    check_password = check_password,
+
+   run_command = run_command,
 }
author	Daniel Silverstone <dsilvers@digital-scurf.org>	2014-05-16 18:03:13 +0100
committer	Daniel Silverstone <dsilvers@digital-scurf.org>	2014-05-16 18:03:13 +0100
commit	f010726f585dc15f71673ca4be749757e9ed10cb (patch)
tree	5a85de10bfdc398392e3176df2382172b956d942
parent	93f36f49ff6a92f307e1eacbdd91673734ca7dc5 (diff)
parent	800ec03542c7bc09afbddce9a2b01f94d615fce9 (diff)
download	gitano-f010726f585dc15f71673ca4be749757e9ed10cb.tar.gz