chenyifan01
3 years ago
5 changed files with 47 additions and 10 deletions
Unified View
Diff Options
-
+13 -9models/helper_environment.go
-
+1 -1modules/repository/hooks.go
-
+3 -0modules/setting/repository.go
-
+26 -0modules/ssh/ssh.go
-
+4 -0routers/repo/http.go
+ 13
- 9
models/helper_environment.go
View File
| @@ -12,15 +12,19 @@ import ( | |||||
| // env keys for git hooks need | // env keys for git hooks need | ||||
| const ( | const ( | ||||
| EnvRepoName = "GITEA_REPO_NAME" | |||||
| EnvRepoUsername = "GITEA_REPO_USER_NAME" | |||||
| EnvRepoIsWiki = "GITEA_REPO_IS_WIKI" | |||||
| EnvPusherName = "GITEA_PUSHER_NAME" | |||||
| EnvPusherEmail = "GITEA_PUSHER_EMAIL" | |||||
| EnvPusherID = "GITEA_PUSHER_ID" | |||||
| EnvKeyID = "GITEA_KEY_ID" | |||||
| EnvIsDeployKey = "GITEA_IS_DEPLOY_KEY" | |||||
| EnvIsInternal = "GITEA_INTERNAL_PUSH" | |||||
| EnvRepoName = "GITEA_REPO_NAME" | |||||
| EnvRepoUsername = "GITEA_REPO_USER_NAME" | |||||
| EnvRepoIsWiki = "GITEA_REPO_IS_WIKI" | |||||
| EnvPusherName = "GITEA_PUSHER_NAME" | |||||
| EnvPusherEmail = "GITEA_PUSHER_EMAIL" | |||||
| EnvPusherID = "GITEA_PUSHER_ID" | |||||
| EnvKeyID = "GITEA_KEY_ID" | |||||
| EnvIsDeployKey = "GITEA_IS_DEPLOY_KEY" | |||||
| EnvIsInternal = "GITEA_INTERNAL_PUSH" | |||||
| EnvRepoSize = "REPO_CURRENT_SIZE" | |||||
| EnvRepoMaxFileSize = "REPO_MAX_FILE_SIZE" | |||||
| EnvRepoMaxSize = "REPO_MAX_SIZE" | |||||
| EnvPushSizeCheckFlag = "PUSH_SIZE_CHECK_FLAG" | |||||
| ) | ) | ||||
| // InternalPushingEnvironment returns an os environment to switch off hooks on push | // InternalPushingEnvironment returns an os environment to switch off hooks on push | ||||
+ 1
- 1
modules/repository/hooks.go
View File
| @@ -36,7 +36,7 @@ func getHookTemplates() (hookNames, hookTpls, giteaHookTpls, sizeLimitTpls []str | |||||
| fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' post-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf), | fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' post-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf), | ||||
| } | } | ||||
| sizeLimitTpls = []string{ | sizeLimitTpls = []string{ | ||||
| fmt.Sprintf("#!/usr/bin/env %s\n\n\nset -o pipefail\n\nreadonly DEFAULT_FILE_MAXSIZE_MB=\"30\" \nreadonly CONFIG_NAME=\"hooks.maxfilesize\"\nreadonly NULLSHA=\"0000000000000000000000000000000000000000\"\nreadonly EXIT_SUCCESS=0\nreadonly EXIT_FAILURE=1\nreadonly DEFAULT_REPO_MAXSIZE_MB=\"1024\" \nreadonly CHECK_FLAG_ON=0\n\n\nstatus=\"$EXIT_SUCCESS\"\n\nfunction readINI()\n{\n FILENAME='%s'; SECTION=$1; KEY=$2\n RESULT=`awk -F '=' '/\\['$SECTION'\\]/{a=1}a==1&&$1~/'$KEY'/{print $2;exit}' $FILENAME`\n echo $RESULT\n}\n\n# skip this hook entirely if shell check is not open\ncheck_flag=$(readINI 'repository.upload' 'SHELL_FLAG')\nif [[ $check_flag != $CHECK_FLAG_ON ]]; then\nexit $EXIT_SUCCESS\nfi\n\n\n#######################################\n# check the file max size limit\n#######################################\n\n# get the maximum filesize configured for this repository or the default\nfunction get_file_maxsize() {\n local value;\n value=$(readINI 'repository.upload' 'FILE_MAX_SIZE')\n if [[ \"$?\" != $EXIT_SUCCESS ]] || [[ -z \"$value\" ]]; then\n echo \"$DEFAULT_FILE_MAXSIZE_MB\"\n return \"$EXIT_SUCCESS\"\n fi\n echo \"$value\"\n return \"$EXIT_SUCCESS\"\n}\n\n# get maximum filesize (from repository-specific config)\nmaxsize_mb=\"$(get_file_maxsize)\"\n\nif [[ \"$?\" != $EXIT_SUCCESS ]]; then\necho \"failed to get ${CONFIG_NAME} from config\"\nexit \"$EXIT_FAILURE\"\nfi\n\npush_size=\"0\"\n# read lines from stdin (format: \"<oldref> <newref> <refname>\\n\")\nwhile read oldref newref refname; do\n# skip branch deletions\nif [[ \"$newref\" == \"$NULLSHA\" ]]; then\n continue\nfi\n\n# find large objects\n# check all objects from $oldref (possible $NULLSHA) to $newref, but\n# skip all objects that have already been accepted (i.e. are referenced by\n# another branch or tag).\n\nif [[ \"$oldref\" == \"$NULLSHA\" ]]; then\n target=\"$newref\"\nelse\n target=\"${oldref}..${newref}\"\nfi\nmaxsize=`expr $maxsize_mb \\* 1048576` \n\n# find objects in this push_size\n# print like:\n# 08da8e2ab9ae4095bf94dd71ac913132b880b463 commit 214\n# 43e993b768ede5740e8c65de2ed6edec25053ea1 tree 185\n# 4476971d76569039df7569af1b8d03c288f6b193 blob 20167318 b0417e6593a1.zip\nfiles=\"$(git rev-list --objects \"$target\" --tags=\\* | \\\n git cat-file $'--batch-check=%%(objectname) %%(objecttype) %%(objectsize) %%(rest)')\"\n \nif [[ \"$?\" != $EXIT_SUCCESS ]]; then\n echo \"failed to check for large files in ref ${refname}\"\n continue\nfi\n\n# rewrite IFS to seperate line in $files\nIFS=$'\\n'\nfor file in $files; do\n # if don't unset IFS,temp_array=(${file}) will get error answer\n unset IFS\n temp_array=(${file})\n # add all commit files size\n push_size=`expr $push_size + ${temp_array[2]}`\n if [[ ${temp_array[2]} -gt $maxsize ]]; then\n\t if [[ \"$status\" == $EXIT_SUCCESS ]]; then\n\t\techo -e \"Error: Your push was rejected because it contains files larger than $(numfmt --to=iec \"$maxsize_mb\") Mb\"\n\t\techo \"oversize files:\"\n\t\tstatus=\"$EXIT_FAILURE\"\n\t fi\n\t echo -e \"\\033[31m- ${temp_array[3]} \\033[0m (ref: ${refname}) \"\n fi\ndone\n\nif [[ \"$status\" != $EXIT_SUCCESS ]]; then\n\texit \"$status\"\nfi\n\ndone\n\n#######################################\n# check the repo max size limit\n#######################################\nif [[ $push_size -eq \"0\" ]]; then\n\texit $EXIT_SUCCESS\nfi\n\nfunction get_repo_maxsize() {\n local value;\n value=$(readINI 'repository' 'REPO_MAX_SIZE')\n if [[ \"$?\" != $EXIT_SUCCESS ]] || [[ -z \"$value\" ]]; then\n echo \"$DEFAULT_FILE_MAXSIZE\"\n return \"$EXIT_SUCCESS\"\n fi\n echo \"$value\"\n return \"$EXIT_SUCCESS\"\n}\n\n\nsizelimit_mb=\"$(get_repo_maxsize)\"\nlet sizelimit_b=$sizelimit_mb*1024*1024\n\n# repo size at here means the size of repo directory in server \nstr=`du -sb .`\narr=($str)\nreposize_b=${arr[0]}\n\ntotal=`expr $push_size + $reposize_b`\n\nif [ $total -gt $sizelimit_b ]; then\n echo \"Error: Your push was rejected because the repository size is large than $sizelimit_mb Mb\"\n exit $EXIT_FAILURE\nfi\n\n\nexit $EXIT_SUCCESS\n", setting.ScriptType, setting.CustomConf), | |||||
| fmt.Sprintf("#!/usr/bin/env %s\n\n\nset -o pipefail\n\nreadonly DEFAULT_FILE_MAXSIZE_MB=\"30\" \nreadonly CONFIG_NAME=\"hooks.maxfilesize\"\nreadonly NULLSHA=\"0000000000000000000000000000000000000000\"\nreadonly EXIT_SUCCESS=0\nreadonly EXIT_FAILURE=1\nreadonly DEFAULT_REPO_MAXSIZE_MB=\"1024\" \nreadonly CHECK_FLAG_ON=1\n\n\nstatus=\"$EXIT_SUCCESS\"\n\n# skip this hook entirely if shell check is not open\ncheck_flag=${PUSH_SIZE_CHECK_FLAG}\nif [[ $check_flag != $CHECK_FLAG_ON ]]; then\nexit $EXIT_SUCCESS\nfi\n\n\n#######################################\n# check the file max size limit\n#######################################\n\n# get maximum filesize (from repository-specific config)\nmaxsize_mb=\"${REPO_MAX_FILE_SIZE}\"\n\nif [[ \"$?\" != $EXIT_SUCCESS ]]; then\necho \"failed to get ${CONFIG_NAME} from config\"\nexit \"$EXIT_FAILURE\"\nfi\n\npush_size=\"0\"\n# read lines from stdin (format: \"<oldref> <newref> <refname>\\n\")\nwhile read oldref newref refname; do\n# skip branch deletions\nif [[ \"$newref\" == \"$NULLSHA\" ]]; then\n continue\nfi\n\n# find large objects\n# check all objects from $oldref (possible $NULLSHA) to $newref, but\n# skip all objects that have already been accepted (i.e. are referenced by\n# another branch or tag).\n\nif [[ \"$oldref\" == \"$NULLSHA\" ]]; then\n target=\"$newref\"\nelse\n target=\"${oldref}..${newref}\"\nfi\nmaxsize=`expr $maxsize_mb \\* 1048576` \n\n# find objects in this push_size\n# print like:\n# 08da8e2ab9ae4095bf94dd71ac913132b880b463 commit 214\n# 43e993b768ede5740e8c65de2ed6edec25053ea1 tree 185\n# 4476971d76569039df7569af1b8d03c288f6b193 blob 20167318 b0417e6593a1.zip\nfiles=\"$(git rev-list --objects \"$target\" --tags=\\* | \\\n git cat-file $'--batch-check=%%(objectname) %%(objecttype) %%(objectsize) %%(rest)')\"\n \nif [[ \"$?\" != $EXIT_SUCCESS ]]; then\n echo \"failed to check for large files in ref ${refname}\"\n continue\nfi\n\n# rewrite IFS to seperate line in $files\nIFS=$'\\n'\nfor file in $files; do\n # if don't unset IFS,temp_array=(${file}) will get error answer\n unset IFS\n temp_array=(${file})\n # add all commit files size\n push_size=`expr $push_size + ${temp_array[2]}`\n if [[ ${temp_array[2]} -gt $maxsize ]]; then\n\t if [[ \"$status\" == $EXIT_SUCCESS ]]; then\n\t\techo -e \"Error: Your push was rejected because it contains files larger than $(numfmt --to=iec \"$maxsize_mb\") Mb\"\n\t\techo \"oversize files:\"\n\t\tstatus=\"$EXIT_FAILURE\"\n\t fi\n\t echo -e \"\\033[31m- ${temp_array[3]} \\033[0m (ref: ${refname}) \"\n fi\ndone\n\nif [[ \"$status\" != $EXIT_SUCCESS ]]; then\n\texit \"$status\"\nfi\n\ndone\n\n#######################################\n# check the repo max size limit\n#######################################\nif [[ $push_size -eq \"0\" ]]; then\n\texit $EXIT_SUCCESS\nfi\n\n\nsizelimit_mb=\"${REPO_MAX_SIZE}\"\nlet sizelimit_b=$sizelimit_mb*1024*1024\n\n# repo size at here means the size of repo directory in server \nreposize_b=${REPO_CURRENT_SIZE}\n\ntotal=`expr $push_size + $reposize_b`\n\nif [ $total -gt $sizelimit_b ]; then\n echo \"Error: Your push was rejected because the repository size is large than $sizelimit_mb Mb\"\n exit $EXIT_FAILURE\nfi\n\n\nexit $EXIT_SUCCESS\n", setting.ScriptType, setting.CustomConf), | |||||
| fmt.Sprintf(""), | fmt.Sprintf(""), | ||||
| fmt.Sprintf(""), | fmt.Sprintf(""), | ||||
| } | } | ||||
+ 3
- 0
modules/setting/repository.go
View File
| @@ -56,6 +56,7 @@ var ( | |||||
| FileMaxSize int64 | FileMaxSize int64 | ||||
| MaxFiles int | MaxFiles int | ||||
| TotalMaxSize int64 | TotalMaxSize int64 | ||||
| ShellFlag int | |||||
| } `ini:"-"` | } `ini:"-"` | ||||
| // Repository local settings | // Repository local settings | ||||
| @@ -125,6 +126,7 @@ var ( | |||||
| FileMaxSize int64 | FileMaxSize int64 | ||||
| MaxFiles int | MaxFiles int | ||||
| TotalMaxSize int64 | TotalMaxSize int64 | ||||
| ShellFlag int | |||||
| }{ | }{ | ||||
| Enabled: true, | Enabled: true, | ||||
| TempPath: "data/tmp/uploads", | TempPath: "data/tmp/uploads", | ||||
| @@ -132,6 +134,7 @@ var ( | |||||
| FileMaxSize: 30, | FileMaxSize: 30, | ||||
| MaxFiles: 10, | MaxFiles: 10, | ||||
| TotalMaxSize: 1024, | TotalMaxSize: 1024, | ||||
| ShellFlag: 0, | |||||
| }, | }, | ||||
| // Repository local settings | // Repository local settings | ||||
+ 26
- 0
modules/ssh/ssh.go
View File
| @@ -69,8 +69,17 @@ func sessionHandler(session ssh.Session) { | |||||
| os.Environ(), | os.Environ(), | ||||
| "SSH_ORIGINAL_COMMAND="+command, | "SSH_ORIGINAL_COMMAND="+command, | ||||
| "SKIP_MINWINSVC=1", | "SKIP_MINWINSVC=1", | ||||
| models.EnvRepoMaxFileSize+"="+fmt.Sprint(setting.Repository.Upload.FileMaxSize), | |||||
| models.EnvRepoMaxSize+"="+fmt.Sprint(setting.Repository.RepoMaxSize), | |||||
| models.EnvPushSizeCheckFlag+"="+fmt.Sprint(setting.Repository.Upload.ShellFlag), | |||||
| ) | ) | ||||
| if strings.HasPrefix(command, "git-receive-pack") { | |||||
| repo := getRepoFromCommandStr(command) | |||||
| if repo != nil { | |||||
| cmd.Env = append(cmd.Env, models.EnvRepoSize+"="+fmt.Sprint(repo.Size)) | |||||
| } | |||||
| } | |||||
| stdout, err := cmd.StdoutPipe() | stdout, err := cmd.StdoutPipe() | ||||
| if err != nil { | if err != nil { | ||||
| log.Error("SSH: StdoutPipe: %v", err) | log.Error("SSH: StdoutPipe: %v", err) | ||||
| @@ -131,6 +140,23 @@ func sessionHandler(session ssh.Session) { | |||||
| } | } | ||||
| } | } | ||||
| func getRepoFromCommandStr(command string) *models.Repository { | |||||
| repoPath := strings.TrimPrefix(command, "git-receive-pack '") | |||||
| repoPath = strings.TrimSuffix(repoPath, ".git'") | |||||
| if repoPath != "" { | |||||
| nameArray := strings.Split(repoPath, "/") | |||||
| if len(nameArray) >= 2 { | |||||
| ownerName := nameArray[0] | |||||
| repoName := nameArray[1] | |||||
| if repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName); err == nil { | |||||
| return repo | |||||
| } | |||||
| } | |||||
| } | |||||
| return nil | |||||
| } | |||||
| func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool { | func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool { | ||||
| if ctx.User() != setting.SSH.BuiltinServerUser { | if ctx.User() != setting.SSH.BuiltinServerUser { | ||||
| return false | return false | ||||
+ 4
- 0
routers/repo/http.go
View File
| @@ -256,6 +256,10 @@ func HTTP(ctx *context.Context) { | |||||
| models.EnvPusherName + "=" + authUser.Name, | models.EnvPusherName + "=" + authUser.Name, | ||||
| models.EnvPusherID + fmt.Sprintf("=%d", authUser.ID), | models.EnvPusherID + fmt.Sprintf("=%d", authUser.ID), | ||||
| models.EnvIsDeployKey + "=false", | models.EnvIsDeployKey + "=false", | ||||
| models.EnvRepoSize + "=" + fmt.Sprint(repo.Size), | |||||
| models.EnvRepoMaxFileSize + "=" + fmt.Sprint(setting.Repository.Upload.FileMaxSize), | |||||
| models.EnvRepoMaxSize + "=" + fmt.Sprint(setting.Repository.RepoMaxSize), | |||||
| models.EnvPushSizeCheckFlag + "=" + fmt.Sprint(setting.Repository.Upload.ShellFlag), | |||||
| } | } | ||||
| if !authUser.KeepEmailPrivate { | if !authUser.KeepEmailPrivate { | ||||
| environ = append(environ, models.EnvPusherEmail+"="+authUser.Email) | environ = append(environ, models.EnvPusherEmail+"="+authUser.Email) | ||||