Add authentification check

Author: craflin

src/HttpRequest.cpp

@@ -6,80 +6,99 @@
 static class Curl
 {
 public:
-  Curl()
-  {
-    curl_global_init(CURL_GLOBAL_ALL);
-  }
-  ~Curl()
-  {
-    curl_global_cleanup();
-  }
+    Curl()
+    {
+        curl_global_init(CURL_GLOBAL_ALL);
+    }
+    ~Curl()
+    {
+        curl_global_cleanup();
+    }
 
 } curl;
 
 HttpRequest::HttpRequest() : curl(0) {}
 
 HttpRequest::~HttpRequest()
 {
-  if(curl)
-    curl_easy_cleanup(curl);
+    if (curl)
+        curl_easy_cleanup(curl);
 }
 
-bool HttpRequest::get(const String& url, Buffer& data, bool checkCertificate)
+bool HttpRequest::get(const String &url, Buffer &data, const HashMap<String, String> &headerFields, bool checkCertificate)
 {
-  if(!curl)
-  {
-    curl = curl_easy_init();
-    if(!curl)
+    if (!curl)
+    {
+        curl = curl_easy_init();
+        if (!curl)
+        {
+            error = "Could not initialize curl.";
+            return false;
+        }
+    }
+    else
+        curl_easy_reset(curl);
+
+    struct WriteResult
+    {
+        static size_t writeResponse(void *ptr, size_t size, size_t nmemb, void *stream)
+        {
+            WriteResult *result = (struct WriteResult *)stream;
+            size_t newBytes = size * nmemb;
+            size_t totalSize = result->buffer->size() + newBytes;
+            if (totalSize > (size_t)result->buffer->capacity())
+                result->buffer->reserve(totalSize * 2);
+            result->buffer->append((const byte *)ptr, newBytes);
+            return newBytes;
+        }
+
+        Buffer *buffer;
+    } writeResult = {&data};
+
+    curl_easy_setopt(curl, CURLOPT_URL, (const char *)url);
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteResult::writeResponse);
+    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &writeResult);
+    curl_easy_setopt(curl, CURLOPT_TIMEOUT, 40);
+    if (!checkCertificate)
+        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+
+    class SList
+    {
+    public:
+        SList() : _slist(nullptr) {}
+        ~SList() { if (_slist) curl_slist_free_all(_slist);}
+        operator curl_slist*() {return _slist;}
+        void append(const char* value) {_slist = curl_slist_append(_slist, value);}
+    private:
+        curl_slist* _slist;
+    };
+
+    SList header;
+    if (!headerFields.isEmpty())
+    {
+        for (HashMap<String, String>::Iterator i = headerFields.begin(), end = headerFields.end(); i != end; ++i)
+            header.append(i.key() + ": " + *i);
+        curl_easy_setopt(curl, CURLOPT_HTTPHEADER, (curl_slist*)header);
+    }
+
+    data.clear();
+    data.reserve(1500);
+
+    CURLcode status = curl_easy_perform(curl);
+    if (status != 0)
     {
-      error = "Could not initialize curl.";
-      return false;
+        error.printf("%s.", curl_easy_strerror(status));
+        return false;
     }
-  }
-  else
-    curl_easy_reset(curl);
 
-  struct WriteResult
-  {
-    static size_t writeResponse(void *ptr, size_t size, size_t nmemb, void *stream)
+    long code;
+    curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &code);
+    if (code != 200)
     {
-      WriteResult* result = (struct WriteResult *)stream;
-      size_t newBytes = size * nmemb;
-      size_t totalSize = result->buffer->size() + newBytes;
-      if(totalSize > (size_t)result->buffer->capacity())
-        result->buffer->reserve(totalSize * 2);
-      result->buffer->append((const byte*)ptr, newBytes);
-      return newBytes;
+        error.printf("Server responded with code %u.", (uint)code);
+        return false;
     }
 
-    Buffer* buffer;
-  } writeResult = { &data };
-
-  curl_easy_setopt(curl, CURLOPT_URL, (const char*)url);
-  curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteResult::writeResponse);
-  curl_easy_setopt(curl, CURLOPT_WRITEDATA, &writeResult);
-  curl_easy_setopt(curl, CURLOPT_TIMEOUT, 40);
-  if(!checkCertificate)
-    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
-
-  data.clear();
-  data.reserve(1500);
-
-  CURLcode status = curl_easy_perform(curl);
-  if(status != 0)
-  {
-    error.printf("%s.", curl_easy_strerror(status));
-    return false;
-  }
-
-  long code;
-  curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &code);
-  if(code != 200)
-  {
-    error.printf("Server responded with code %u.", (uint)code);
-    return false;
-  }
-
-  error.clear();
-  return true;
+    error.clear();
+    return true;
 }

src/HttpRequest.hpp

@@ -4,6 +4,7 @@
 
 #include <nstd/String.hpp>
 #include <nstd/Buffer.hpp>
+#include <nstd/HashMap.hpp>
 
 class HttpRequest
 {
@@ -13,7 +14,7 @@ class HttpRequest
 
   const String& getErrorString() {return error;}
 
-  bool get(const String& url, Buffer& data, bool checkCertificate = true);
+  bool get(const String& url, Buffer& data, const HashMap<String, String>& headerFields = HashMap<String, String>(), bool checkCertificate = true);
 
 private:
   void* curl;

src/Settings.cpp

@@ -4,10 +4,11 @@
 #include <nstd/File.hpp>
 #include <nstd/List.hpp>
 #include <nstd/Log.hpp>
+#include <nstd/Directory.hpp>
 
 Settings::Settings()
     : listenAddr{Socket::anyAddress, 80}
-    , cacheDir("/tmp/gchsd")
+    , cacheDir(Directory::getTempDirectory() + "/gchsd")
 {
     ;
 }

src/Worker.cpp

@@ -7,6 +7,9 @@
 #include <nstd/Directory.hpp>
 #include <nstd/Error.hpp>
 #include <nstd/Process.hpp>
+#include <nstd/HashMap.hpp>
+
+#include "HttpRequest.hpp"
 
 Worker::Worker(const Settings& settings, Socket& client, ICallback& callback)
     : _settings(settings)
@@ -109,9 +112,9 @@ String getRequestUrl(const String& path)
     return result;
 }
 
-bool parseGetRequestPath(const String& path, String& url, String& repoUrl, String& repo, String& service)
+bool parseGetRequestPath(const String& path, String& repoUrl, String& repo, String& service)
 {
-    url = getRequestUrl(path);
+    String url = getRequestUrl(path);
     const char* x = url.find("/info/refs?service=");
     if (!x)
         return false;
@@ -125,9 +128,9 @@ bool parseGetRequestPath(const String& path, String& url, String& repoUrl, Strin
 }
 
 
-bool parsePostRequestPath(const String& path, String& url, String& repoUrl, String& repo, String& service)
+bool parsePostRequestPath(const String& path, String& repoUrl, String& repo, String& service)
 {
-    url = getRequestUrl(path);
+    String url = getRequestUrl(path);
     if (!url.endsWith("/git-upload-pack"))
         return false;
     repoUrl = url.substr(0, url.length() - 16);
@@ -138,6 +141,35 @@ bool parsePostRequestPath(const String& path, String& url, String& repoUrl, Stri
     return true;
 }
 
+bool getAuth(const String& header, String& auth)
+{
+    const char* authStart = header.find("\r\nAuthorization: ");
+    if (!authStart)
+        return false;
+    authStart += 17;
+    const char* authEnd = String::find(authStart, "\r\n");
+    if (!authEnd)
+        return false;
+    auth = header.substr(authStart - (const char*)header, authEnd - authStart);
+    return true;
+}
+
+bool isAccessible(const String& url, const String& auth)
+{
+    HttpRequest httpRequest;
+    HashMap<String, String> headerFields;
+    if (!auth.isEmpty())
+        headerFields.append("Authorization", auth);
+    Buffer data;
+    return httpRequest.get(url, data, headerFields, false);
+}
+
+void requestAuth(Socket& client)
+{
+    String response = "HTTP/1.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"\"\r\n\r\n";
+    client.send((const byte*)(const char*)response, response.length());
+}
+
 }
 
 void Worker::handleRequest()
@@ -151,29 +183,40 @@ void Worker::handleRequest()
     if (!parseHeader(header, method, path))
         return;
 
-    // todo: auth
-    // logic? 
-    // if auth is in header check auth with uplink
-    // else check if uplink can be accessed without auth
-    // else ? request auth
-
-    if (method == "GET")
-        handleGetRequest(path);
-    else if (method == "POST")
-        handlePostRequest(path, body);
-}
-
-void Worker::handleGetRequest(const String& path)
-{
-    String requestUrl;
     String repoUrl;
     String repo;
     String service;
-    if (!parseGetRequestPath(path, requestUrl, repoUrl, repo, service))
+    if (method == "GET")
+    {
+        if (!parseGetRequestPath(path, repoUrl, repo, service))
+            return;
+    }
+    else if (method == "POST")
+    {
+        if (!parsePostRequestPath(path, repoUrl, repo, service))
+            return;
+    }
+    else
         return;
+
     if (service != "git-upload-pack")
         return;
 
+    String authCheckUrl = repoUrl + "/info/refs?service=git-upload-pack";
+    String auth;
+    getAuth(header, auth);
+    // todo: auth cache?
+    if (!isAccessible(authCheckUrl, auth))
+        return requestAuth(_client);
+
+    if (method == "GET")
+        handleGetRequest(repoUrl, repo);
+    else if (method == "POST")
+        handlePostRequest(repo, body);
+}
+
+void Worker::handleGetRequest(const String& repoUrl, const String& repo)
+{
     // todo: avoid concurrent git fetch !
 
     // create cache dir
@@ -215,7 +258,7 @@ void Worker::handleGetRequest(const String& path)
             return Log::errorf("Could not launch command '%s': %s", (const char*)command, (const char*)Error::getErrorString());
 
         String response = "HTTP/1.1 200 OK\r\n";
-        response.append(String("Content-Type: application/x-") + service +"-advertisement\r\n");
+        response.append("Content-Type: application/x-git-upload-pack-advertisement\r\n");
         response.append("Cache-Control: no-cache\r\n\r\n");
         response.append("001e# service=git-upload-pack\n0000");
         if (_client.send((const byte*)(const char*)response, response.length()) != response.length())
@@ -236,17 +279,8 @@ void Worker::handleGetRequest(const String& path)
     }
 }
 
-void Worker::handlePostRequest(const String& path, String& body)
+void Worker::handlePostRequest(const String& repo, String& body)
 {
-    String requestUrl;
-    String repoUrl;
-    String repo;
-    String service;
-    if (!parsePostRequestPath(path, requestUrl, repoUrl, repo, service))
-        return;
-    if (service != "git-upload-pack")
-        return;
-
     String cacheDir = _settings.cacheDir + "/" + repo;
 
     {
@@ -261,7 +295,7 @@ void Worker::handlePostRequest(const String& path, String& body)
             return;
 
         String response = "HTTP/1.1 200 OK\r\n";
-        response.append(String("Content-Type: application/x-") + service +"-advertisement\r\n");
+        response.append("Content-Type: application/x-git-upload-pack-advertisement\r\n");
         response.append("Cache-Control: no-cache\r\n\r\n");
         if (_client.send((const byte*)(const char*)response, response.length()) != response.length())
             return;

src/Worker.hpp

@@ -32,6 +32,6 @@ class Worker
 private:
     uint main();
     void handleRequest();
-    void handleGetRequest(const String& path);
+    void handleGetRequest(const String& repoUrl, const String& repo);
     void handlePostRequest(const String& path, String& body);
 };