closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5454 Commits
2 Branches
178 MiB
Tree: a52cd59727
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a52cd59727'
${ noResults }
gitea/modules/lfs/server.go

549 lines
13 KiB
Raw Normal View History

Git LFS support v2 (#122) * Import github.com/git-lfs/lfs-test-server as lfs module base Imported commit is 3968aac269a77b73924649b9412ae03f7ccd3198 Removed: Dockerfile CONTRIBUTING.md mgmt* script/ vendor/ kvlogger.go .dockerignore .gitignore README.md * Remove config, add JWT support from github.com/mgit-at/lfs-test-server Imported commit f0cdcc5a01599c5a955dc1bbf683bb4acecdba83 * Add LFS settings * Add LFS meta object model * Add LFS routes and initialization * Import github.com/dgrijalva/jwt-go into vendor/ * Adapt LFS module: handlers, routing, meta store * Move LFS routes to /user/repo/info/lfs/* * Add request header checks to LFS BatchHandler / PostHandler * Implement LFS basic authentication * Rework JWT secret generation / load * Implement LFS SSH token authentication with JWT Specification: https://github.com/github/git-lfs/tree/master/docs/api * Integrate LFS settings into install process * Remove LFS objects when repository is deleted Only removes objects from content store when deleted repo is the only referencing repository * Make LFS module stateless Fixes bug where LFS would not work after installation without restarting Gitea * Change 500 'Internal Server Error' to 400 'Bad Request' * Change sql query to xorm call * Remove unneeded type from LFS module * Change internal imports to code.gitea.io/gitea/ * Add Gitea authors copyright * Change basic auth realm to "gitea-lfs" * Add unique indexes to LFS model * Use xorm count function in LFS check on repository delete * Return io.ReadCloser from content store and close after usage * Add LFS info to runWeb() * Export LFS content store base path * LFS file download from UI * Work around git-lfs client issue with unauthenticated requests Returning a dummy Authorization header for unauthenticated requests lets git-lfs client skip asking for auth credentials See: https://github.com/github/git-lfs/issues/1088 * Fix unauthenticated UI downloads from public repositories * Authentication check order, Finish LFS file view logic * Ignore LFS hooks if installed for current OS user Fixes Gitea UI actions for repositories tracking LFS files. Checks for minimum needed git version by parsing the semantic version string. * Hide LFS metafile diff from commit view, marking as binary * Show LFS notice if file in commit view is tracked * Add notbefore/nbf JWT claim * Correct lint suggestions - comments for structs and functions - Add comments to LFS model - Function comment for GetRandomBytesAsBase64 - LFS server function comments and lint variable suggestion * Move secret generation code out of conditional Ensures no LFS code may run with an empty secret * Do not hand out JWT tokens if LFS server support is disabled
8 years ago
Fix typos in models/ and modules/ (#1248)
7 years ago
Git LFS support v2 (#122) * Import github.com/git-lfs/lfs-test-server as lfs module base Imported commit is 3968aac269a77b73924649b9412ae03f7ccd3198 Removed: Dockerfile CONTRIBUTING.md mgmt* script/ vendor/ kvlogger.go .dockerignore .gitignore README.md * Remove config, add JWT support from github.com/mgit-at/lfs-test-server Imported commit f0cdcc5a01599c5a955dc1bbf683bb4acecdba83 * Add LFS settings * Add LFS meta object model * Add LFS routes and initialization * Import github.com/dgrijalva/jwt-go into vendor/ * Adapt LFS module: handlers, routing, meta store * Move LFS routes to /user/repo/info/lfs/* * Add request header checks to LFS BatchHandler / PostHandler * Implement LFS basic authentication * Rework JWT secret generation / load * Implement LFS SSH token authentication with JWT Specification: https://github.com/github/git-lfs/tree/master/docs/api * Integrate LFS settings into install process * Remove LFS objects when repository is deleted Only removes objects from content store when deleted repo is the only referencing repository * Make LFS module stateless Fixes bug where LFS would not work after installation without restarting Gitea * Change 500 'Internal Server Error' to 400 'Bad Request' * Change sql query to xorm call * Remove unneeded type from LFS module * Change internal imports to code.gitea.io/gitea/ * Add Gitea authors copyright * Change basic auth realm to "gitea-lfs" * Add unique indexes to LFS model * Use xorm count function in LFS check on repository delete * Return io.ReadCloser from content store and close after usage * Add LFS info to runWeb() * Export LFS content store base path * LFS file download from UI * Work around git-lfs client issue with unauthenticated requests Returning a dummy Authorization header for unauthenticated requests lets git-lfs client skip asking for auth credentials See: https://github.com/github/git-lfs/issues/1088 * Fix unauthenticated UI downloads from public repositories * Authentication check order, Finish LFS file view logic * Ignore LFS hooks if installed for current OS user Fixes Gitea UI actions for repositories tracking LFS files. Checks for minimum needed git version by parsing the semantic version string. * Hide LFS metafile diff from commit view, marking as binary * Show LFS notice if file in commit view is tracked * Add notbefore/nbf JWT claim * Correct lint suggestions - comments for structs and functions - Add comments to LFS model - Function comment for GetRandomBytesAsBase64 - LFS server function comments and lint variable suggestion * Move secret generation code out of conditional Ensures no LFS code may run with an empty secret * Do not hand out JWT tokens if LFS server support is disabled
8 years ago
refactor: Remove unnecessary type conversions (#772)
7 years ago
Git LFS support v2 (#122) * Import github.com/git-lfs/lfs-test-server as lfs module base Imported commit is 3968aac269a77b73924649b9412ae03f7ccd3198 Removed: Dockerfile CONTRIBUTING.md mgmt* script/ vendor/ kvlogger.go .dockerignore .gitignore README.md * Remove config, add JWT support from github.com/mgit-at/lfs-test-server Imported commit f0cdcc5a01599c5a955dc1bbf683bb4acecdba83 * Add LFS settings * Add LFS meta object model * Add LFS routes and initialization * Import github.com/dgrijalva/jwt-go into vendor/ * Adapt LFS module: handlers, routing, meta store * Move LFS routes to /user/repo/info/lfs/* * Add request header checks to LFS BatchHandler / PostHandler * Implement LFS basic authentication * Rework JWT secret generation / load * Implement LFS SSH token authentication with JWT Specification: https://github.com/github/git-lfs/tree/master/docs/api * Integrate LFS settings into install process * Remove LFS objects when repository is deleted Only removes objects from content store when deleted repo is the only referencing repository * Make LFS module stateless Fixes bug where LFS would not work after installation without restarting Gitea * Change 500 'Internal Server Error' to 400 'Bad Request' * Change sql query to xorm call * Remove unneeded type from LFS module * Change internal imports to code.gitea.io/gitea/ * Add Gitea authors copyright * Change basic auth realm to "gitea-lfs" * Add unique indexes to LFS model * Use xorm count function in LFS check on repository delete * Return io.ReadCloser from content store and close after usage * Add LFS info to runWeb() * Export LFS content store base path * LFS file download from UI * Work around git-lfs client issue with unauthenticated requests Returning a dummy Authorization header for unauthenticated requests lets git-lfs client skip asking for auth credentials See: https://github.com/github/git-lfs/issues/1088 * Fix unauthenticated UI downloads from public repositories * Authentication check order, Finish LFS file view logic * Ignore LFS hooks if installed for current OS user Fixes Gitea UI actions for repositories tracking LFS files. Checks for minimum needed git version by parsing the semantic version string. * Hide LFS metafile diff from commit view, marking as binary * Show LFS notice if file in commit view is tracked * Add notbefore/nbf JWT claim * Correct lint suggestions - comments for structs and functions - Add comments to LFS model - Function comment for GetRandomBytesAsBase64 - LFS server function comments and lint variable suggestion * Move secret generation code out of conditional Ensures no LFS code may run with an empty secret * Do not hand out JWT tokens if LFS server support is disabled
8 years ago
Refactor and fix incorrect comment (#1247)
7 years ago
Git LFS support v2 (#122) * Import github.com/git-lfs/lfs-test-server as lfs module base Imported commit is 3968aac269a77b73924649b9412ae03f7ccd3198 Removed: Dockerfile CONTRIBUTING.md mgmt* script/ vendor/ kvlogger.go .dockerignore .gitignore README.md * Remove config, add JWT support from github.com/mgit-at/lfs-test-server Imported commit f0cdcc5a01599c5a955dc1bbf683bb4acecdba83 * Add LFS settings * Add LFS meta object model * Add LFS routes and initialization * Import github.com/dgrijalva/jwt-go into vendor/ * Adapt LFS module: handlers, routing, meta store * Move LFS routes to /user/repo/info/lfs/* * Add request header checks to LFS BatchHandler / PostHandler * Implement LFS basic authentication * Rework JWT secret generation / load * Implement LFS SSH token authentication with JWT Specification: https://github.com/github/git-lfs/tree/master/docs/api * Integrate LFS settings into install process * Remove LFS objects when repository is deleted Only removes objects from content store when deleted repo is the only referencing repository * Make LFS module stateless Fixes bug where LFS would not work after installation without restarting Gitea * Change 500 'Internal Server Error' to 400 'Bad Request' * Change sql query to xorm call * Remove unneeded type from LFS module * Change internal imports to code.gitea.io/gitea/ * Add Gitea authors copyright * Change basic auth realm to "gitea-lfs" * Add unique indexes to LFS model * Use xorm count function in LFS check on repository delete * Return io.ReadCloser from content store and close after usage * Add LFS info to runWeb() * Export LFS content store base path * LFS file download from UI * Work around git-lfs client issue with unauthenticated requests Returning a dummy Authorization header for unauthenticated requests lets git-lfs client skip asking for auth credentials See: https://github.com/github/git-lfs/issues/1088 * Fix unauthenticated UI downloads from public repositories * Authentication check order, Finish LFS file view logic * Ignore LFS hooks if installed for current OS user Fixes Gitea UI actions for repositories tracking LFS files. Checks for minimum needed git version by parsing the semantic version string. * Hide LFS metafile diff from commit view, marking as binary * Show LFS notice if file in commit view is tracked * Add notbefore/nbf JWT claim * Correct lint suggestions - comments for structs and functions - Add comments to LFS model - Function comment for GetRandomBytesAsBase64 - LFS server function comments and lint variable suggestion * Move secret generation code out of conditional Ensures no LFS code may run with an empty secret * Do not hand out JWT tokens if LFS server support is disabled
8 years ago
Refactor and fix incorrect comment (#1247)
7 years ago
Git LFS support v2 (#122) * Import github.com/git-lfs/lfs-test-server as lfs module base Imported commit is 3968aac269a77b73924649b9412ae03f7ccd3198 Removed: Dockerfile CONTRIBUTING.md mgmt* script/ vendor/ kvlogger.go .dockerignore .gitignore README.md * Remove config, add JWT support from github.com/mgit-at/lfs-test-server Imported commit f0cdcc5a01599c5a955dc1bbf683bb4acecdba83 * Add LFS settings * Add LFS meta object model * Add LFS routes and initialization * Import github.com/dgrijalva/jwt-go into vendor/ * Adapt LFS module: handlers, routing, meta store * Move LFS routes to /user/repo/info/lfs/* * Add request header checks to LFS BatchHandler / PostHandler * Implement LFS basic authentication * Rework JWT secret generation / load * Implement LFS SSH token authentication with JWT Specification: https://github.com/github/git-lfs/tree/master/docs/api * Integrate LFS settings into install process * Remove LFS objects when repository is deleted Only removes objects from content store when deleted repo is the only referencing repository * Make LFS module stateless Fixes bug where LFS would not work after installation without restarting Gitea * Change 500 'Internal Server Error' to 400 'Bad Request' * Change sql query to xorm call * Remove unneeded type from LFS module * Change internal imports to code.gitea.io/gitea/ * Add Gitea authors copyright * Change basic auth realm to "gitea-lfs" * Add unique indexes to LFS model * Use xorm count function in LFS check on repository delete * Return io.ReadCloser from content store and close after usage * Add LFS info to runWeb() * Export LFS content store base path * LFS file download from UI * Work around git-lfs client issue with unauthenticated requests Returning a dummy Authorization header for unauthenticated requests lets git-lfs client skip asking for auth credentials See: https://github.com/github/git-lfs/issues/1088 * Fix unauthenticated UI downloads from public repositories * Authentication check order, Finish LFS file view logic * Ignore LFS hooks if installed for current OS user Fixes Gitea UI actions for repositories tracking LFS files. Checks for minimum needed git version by parsing the semantic version string. * Hide LFS metafile diff from commit view, marking as binary * Show LFS notice if file in commit view is tracked * Add notbefore/nbf JWT claim * Correct lint suggestions - comments for structs and functions - Add comments to LFS model - Function comment for GetRandomBytesAsBase64 - LFS server function comments and lint variable suggestion * Move secret generation code out of conditional Ensures no LFS code may run with an empty secret * Do not hand out JWT tokens if LFS server support is disabled
8 years ago
 
  1. package lfs
  2. 

  3. import (
  4. 	"encoding/base64"
  5. 	"encoding/json"
  6. 	"fmt"
  7. 	"io"
  8. 	"net/http"
  9. 	"regexp"
  10. 	"strconv"
  11. 	"strings"
  12. 	"time"
  13. 

  14. 	"code.gitea.io/gitea/models"
  15. 	"code.gitea.io/gitea/modules/context"
  16. 	"code.gitea.io/gitea/modules/log"
  17. 	"code.gitea.io/gitea/modules/setting"
  18. 	"github.com/dgrijalva/jwt-go"
  19. 	"gopkg.in/macaron.v1"
  20. )
  21. 

  22. const (
  23. 	contentMediaType = "application/vnd.git-lfs"
  24. 	metaMediaType    = contentMediaType + "+json"
  25. )
  26. 

  27. // RequestVars contain variables from the HTTP request. Variables from routing, json body decoding, and

  28. // some headers are stored.

  29. type RequestVars struct {
  30. 	Oid           string
  31. 	Size          int64
  32. 	User          string
  33. 	Password      string
  34. 	Repo          string
  35. 	Authorization string
  36. }
  37. 

  38. // BatchVars contains multiple RequestVars processed in one batch operation.

  39. // https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md

  40. type BatchVars struct {
  41. 	Transfers []string       `json:"transfers,omitempty"`
  42. 	Operation string         `json:"operation"`
  43. 	Objects   []*RequestVars `json:"objects"`
  44. }
  45. 

  46. // BatchResponse contains multiple object metadata Representation structures

  47. // for use with the batch API.

  48. type BatchResponse struct {
  49. 	Transfer string            `json:"transfer,omitempty"`
  50. 	Objects  []*Representation `json:"objects"`
  51. }
  52. 

  53. // Representation is object metadata as seen by clients of the lfs server.

  54. type Representation struct {
  55. 	Oid     string           `json:"oid"`
  56. 	Size    int64            `json:"size"`
  57. 	Actions map[string]*link `json:"actions"`
  58. 	Error   *ObjectError     `json:"error,omitempty"`
  59. }
  60. 

  61. // ObjectError defines the JSON structure returned to the client in case of an error

  62. type ObjectError struct {
  63. 	Code    int    `json:"code"`
  64. 	Message string `json:"message"`
  65. }
  66. 

  67. // ObjectLink builds a URL linking to the object.

  68. func (v *RequestVars) ObjectLink() string {
  69. 	return fmt.Sprintf("%s%s/%s/info/lfs/objects/%s", setting.AppURL, v.User, v.Repo, v.Oid)
  70. }
  71. 

  72. // link provides a structure used to build a hypermedia representation of an HTTP link.

  73. type link struct {
  74. 	Href      string            `json:"href"`
  75. 	Header    map[string]string `json:"header,omitempty"`
  76. 	ExpiresAt time.Time         `json:"expires_at,omitempty"`
  77. }
  78. 

  79. // ObjectOidHandler is the main request routing entry point into LFS server functions

  80. func ObjectOidHandler(ctx *context.Context) {
  81. 

  82. 	if !setting.LFS.StartServer {
  83. 		writeStatus(ctx, 404)
  84. 		return
  85. 	}
  86. 

  87. 	if ctx.Req.Method == "GET" || ctx.Req.Method == "HEAD" {
  88. 		if MetaMatcher(ctx.Req) {
  89. 			GetMetaHandler(ctx)
  90. 			return
  91. 		}
  92. 		if ContentMatcher(ctx.Req) || len(ctx.Params("filename")) > 0 {
  93. 			GetContentHandler(ctx)
  94. 			return
  95. 		}
  96. 	} else if ctx.Req.Method == "PUT" && ContentMatcher(ctx.Req) {
  97. 		PutHandler(ctx)
  98. 		return
  99. 	}
  100. 

  101. }
  102. 

  103. // GetContentHandler gets the content from the content store

  104. func GetContentHandler(ctx *context.Context) {
  105. 

  106. 	rv := unpack(ctx)
  107. 

  108. 	meta, err := models.GetLFSMetaObjectByOid(rv.Oid)
  109. 	if err != nil {
  110. 		writeStatus(ctx, 404)
  111. 		return
  112. 	}
  113. 

  114. 	repository, err := models.GetRepositoryByID(meta.RepositoryID)
  115. 

  116. 	if err != nil {
  117. 		writeStatus(ctx, 404)
  118. 		return
  119. 	}
  120. 

  121. 	if !authenticate(ctx, repository, rv.Authorization, false) {
  122. 		requireAuth(ctx)
  123. 		return
  124. 	}
  125. 

  126. 	// Support resume download using Range header

  127. 	var fromByte int64
  128. 	statusCode := 200
  129. 	if rangeHdr := ctx.Req.Header.Get("Range"); rangeHdr != "" {
  130. 		regex := regexp.MustCompile(`bytes=(\d+)\-.*`)
  131. 		match := regex.FindStringSubmatch(rangeHdr)
  132. 		if match != nil && len(match) > 1 {
  133. 			statusCode = 206
  134. 			fromByte, _ = strconv.ParseInt(match[1], 10, 32)
  135. 			ctx.Resp.Header().Set("Content-Range", fmt.Sprintf("bytes %d-%d/%d", fromByte, meta.Size-1, meta.Size-fromByte))
  136. 		}
  137. 	}
  138. 

  139. 	contentStore := &ContentStore{BasePath: setting.LFS.ContentPath}
  140. 	content, err := contentStore.Get(meta, fromByte)
  141. 	if err != nil {
  142. 		writeStatus(ctx, 404)
  143. 		return
  144. 	}
  145. 

  146. 	ctx.Resp.Header().Set("Content-Length", strconv.FormatInt(meta.Size, 10))
  147. 	ctx.Resp.Header().Set("Content-Type", "application/octet-stream")
  148. 

  149. 	filename := ctx.Params("filename")
  150. 	if len(filename) > 0 {
  151. 		decodedFilename, err := base64.RawURLEncoding.DecodeString(filename)
  152. 		if err == nil {
  153. 			ctx.Resp.Header().Set("Content-Disposition", "attachment; filename=\""+string(decodedFilename)+"\"")
  154. 		}
  155. 	}
  156. 

  157. 	ctx.Resp.WriteHeader(statusCode)
  158. 	io.Copy(ctx.Resp, content)
  159. 	content.Close()
  160. 	logRequest(ctx.Req, statusCode)
  161. }
  162. 

  163. // GetMetaHandler retrieves metadata about the object

  164. func GetMetaHandler(ctx *context.Context) {
  165. 

  166. 	rv := unpack(ctx)
  167. 

  168. 	meta, err := models.GetLFSMetaObjectByOid(rv.Oid)
  169. 	if err != nil {
  170. 		writeStatus(ctx, 404)
  171. 		return
  172. 	}
  173. 

  174. 	repository, err := models.GetRepositoryByID(meta.RepositoryID)
  175. 

  176. 	if err != nil {
  177. 		writeStatus(ctx, 404)
  178. 		return
  179. 	}
  180. 

  181. 	if !authenticate(ctx, repository, rv.Authorization, false) {
  182. 		requireAuth(ctx)
  183. 		return
  184. 	}
  185. 

  186. 	ctx.Resp.Header().Set("Content-Type", metaMediaType)
  187. 

  188. 	if ctx.Req.Method == "GET" {
  189. 		enc := json.NewEncoder(ctx.Resp)
  190. 		enc.Encode(Represent(rv, meta, true, false))
  191. 	}
  192. 

  193. 	logRequest(ctx.Req, 200)
  194. }
  195. 

  196. // PostHandler instructs the client how to upload data

  197. func PostHandler(ctx *context.Context) {
  198. 

  199. 	if !setting.LFS.StartServer {
  200. 		writeStatus(ctx, 404)
  201. 		return
  202. 	}
  203. 

  204. 	if !MetaMatcher(ctx.Req) {
  205. 		writeStatus(ctx, 400)
  206. 		return
  207. 	}
  208. 

  209. 	rv := unpack(ctx)
  210. 

  211. 	repositoryString := rv.User + "/" + rv.Repo
  212. 	repository, err := models.GetRepositoryByRef(repositoryString)
  213. 

  214. 	if err != nil {
  215. 		log.Debug("Could not find repository: %s - %s", repositoryString, err)
  216. 		writeStatus(ctx, 404)
  217. 		return
  218. 	}
  219. 

  220. 	if !authenticate(ctx, repository, rv.Authorization, true) {
  221. 		requireAuth(ctx)
  222. 	}
  223. 

  224. 	meta, err := models.NewLFSMetaObject(&models.LFSMetaObject{Oid: rv.Oid, Size: rv.Size, RepositoryID: repository.ID})
  225. 

  226. 	if err != nil {
  227. 		writeStatus(ctx, 404)
  228. 		return
  229. 	}
  230. 

  231. 	ctx.Resp.Header().Set("Content-Type", metaMediaType)
  232. 

  233. 	sentStatus := 202
  234. 	contentStore := &ContentStore{BasePath: setting.LFS.ContentPath}
  235. 	if meta.Existing && contentStore.Exists(meta) {
  236. 		sentStatus = 200
  237. 	}
  238. 	ctx.Resp.WriteHeader(sentStatus)
  239. 

  240. 	enc := json.NewEncoder(ctx.Resp)
  241. 	enc.Encode(Represent(rv, meta, meta.Existing, true))
  242. 	logRequest(ctx.Req, sentStatus)
  243. }
  244. 

  245. // BatchHandler provides the batch api

  246. func BatchHandler(ctx *context.Context) {
  247. 

  248. 	if !setting.LFS.StartServer {
  249. 		writeStatus(ctx, 404)
  250. 		return
  251. 	}
  252. 

  253. 	if !MetaMatcher(ctx.Req) {
  254. 		writeStatus(ctx, 400)
  255. 		return
  256. 	}
  257. 

  258. 	bv := unpackbatch(ctx)
  259. 

  260. 	var responseObjects []*Representation
  261. 

  262. 	// Create a response object

  263. 	for _, object := range bv.Objects {
  264. 

  265. 		repositoryString := object.User + "/" + object.Repo
  266. 		repository, err := models.GetRepositoryByRef(repositoryString)
  267. 

  268. 		if err != nil {
  269. 			log.Debug("Could not find repository: %s - %s", repositoryString, err)
  270. 			writeStatus(ctx, 404)
  271. 			return
  272. 		}
  273. 

  274. 		requireWrite := false
  275. 		if bv.Operation == "upload" {
  276. 			requireWrite = true
  277. 		}
  278. 

  279. 		if !authenticate(ctx, repository, object.Authorization, requireWrite) {
  280. 			requireAuth(ctx)
  281. 			return
  282. 		}
  283. 

  284. 		meta, err := models.GetLFSMetaObjectByOid(object.Oid)
  285. 

  286. 		contentStore := &ContentStore{BasePath: setting.LFS.ContentPath}
  287. 		if err == nil && contentStore.Exists(meta) { // Object is found and exists

  288. 			responseObjects = append(responseObjects, Represent(object, meta, true, false))
  289. 			continue
  290. 		}
  291. 

  292. 		// Object is not found

  293. 		meta, err = models.NewLFSMetaObject(&models.LFSMetaObject{Oid: object.Oid, Size: object.Size, RepositoryID: repository.ID})
  294. 

  295. 		if err == nil {
  296. 			responseObjects = append(responseObjects, Represent(object, meta, meta.Existing, true))
  297. 		}
  298. 	}
  299. 

  300. 	ctx.Resp.Header().Set("Content-Type", metaMediaType)
  301. 

  302. 	respobj := &BatchResponse{Objects: responseObjects}
  303. 

  304. 	enc := json.NewEncoder(ctx.Resp)
  305. 	enc.Encode(respobj)
  306. 	logRequest(ctx.Req, 200)
  307. }
  308. 

  309. // PutHandler receives data from the client and puts it into the content store

  310. func PutHandler(ctx *context.Context) {
  311. 	rv := unpack(ctx)
  312. 

  313. 	meta, err := models.GetLFSMetaObjectByOid(rv.Oid)
  314. 

  315. 	if err != nil {
  316. 		writeStatus(ctx, 404)
  317. 		return
  318. 	}
  319. 

  320. 	repository, err := models.GetRepositoryByID(meta.RepositoryID)
  321. 

  322. 	if err != nil {
  323. 		writeStatus(ctx, 404)
  324. 		return
  325. 	}
  326. 

  327. 	if !authenticate(ctx, repository, rv.Authorization, true) {
  328. 		requireAuth(ctx)
  329. 		return
  330. 	}
  331. 

  332. 	contentStore := &ContentStore{BasePath: setting.LFS.ContentPath}
  333. 	if err := contentStore.Put(meta, ctx.Req.Body().ReadCloser()); err != nil {
  334. 		models.RemoveLFSMetaObjectByOid(rv.Oid)
  335. 		ctx.Resp.WriteHeader(500)
  336. 		fmt.Fprintf(ctx.Resp, `{"message":"%s"}`, err)
  337. 		return
  338. 	}
  339. 

  340. 	logRequest(ctx.Req, 200)
  341. }
  342. 

  343. // Represent takes a RequestVars and Meta and turns it into a Representation suitable

  344. // for json encoding

  345. func Represent(rv *RequestVars, meta *models.LFSMetaObject, download, upload bool) *Representation {
  346. 	rep := &Representation{
  347. 		Oid:     meta.Oid,
  348. 		Size:    meta.Size,
  349. 		Actions: make(map[string]*link),
  350. 	}
  351. 

  352. 	header := make(map[string]string)
  353. 	header["Accept"] = contentMediaType
  354. 

  355. 	if rv.Authorization == "" {
  356. 		//https://github.com/github/git-lfs/issues/1088

  357. 		header["Authorization"] = "Authorization: Basic dummy"
  358. 	} else {
  359. 		header["Authorization"] = rv.Authorization
  360. 	}
  361. 

  362. 	if download {
  363. 		rep.Actions["download"] = &link{Href: rv.ObjectLink(), Header: header}
  364. 	}
  365. 

  366. 	if upload {
  367. 		rep.Actions["upload"] = &link{Href: rv.ObjectLink(), Header: header}
  368. 	}
  369. 

  370. 	return rep
  371. }
  372. 

  373. // ContentMatcher provides a mux.MatcherFunc that only allows requests that contain

  374. // an Accept header with the contentMediaType

  375. func ContentMatcher(r macaron.Request) bool {
  376. 	mediaParts := strings.Split(r.Header.Get("Accept"), ";")
  377. 	mt := mediaParts[0]
  378. 	return mt == contentMediaType
  379. }
  380. 

  381. // MetaMatcher provides a mux.MatcherFunc that only allows requests that contain

  382. // an Accept header with the metaMediaType

  383. func MetaMatcher(r macaron.Request) bool {
  384. 	mediaParts := strings.Split(r.Header.Get("Accept"), ";")
  385. 	mt := mediaParts[0]
  386. 	return mt == metaMediaType
  387. }
  388. 

  389. func unpack(ctx *context.Context) *RequestVars {
  390. 	r := ctx.Req
  391. 	rv := &RequestVars{
  392. 		User:          ctx.Params("username"),
  393. 		Repo:          strings.TrimSuffix(ctx.Params("reponame"), ".git"),
  394. 		Oid:           ctx.Params("oid"),
  395. 		Authorization: r.Header.Get("Authorization"),
  396. 	}
  397. 

  398. 	if r.Method == "POST" { // Maybe also check if +json

  399. 		var p RequestVars
  400. 		dec := json.NewDecoder(r.Body().ReadCloser())
  401. 		err := dec.Decode(&p)
  402. 		if err != nil {
  403. 			return rv
  404. 		}
  405. 

  406. 		rv.Oid = p.Oid
  407. 		rv.Size = p.Size
  408. 	}
  409. 

  410. 	return rv
  411. }
  412. 

  413. // TODO cheap hack, unify with unpack

  414. func unpackbatch(ctx *context.Context) *BatchVars {
  415. 

  416. 	r := ctx.Req
  417. 	var bv BatchVars
  418. 

  419. 	dec := json.NewDecoder(r.Body().ReadCloser())
  420. 	err := dec.Decode(&bv)
  421. 	if err != nil {
  422. 		return &bv
  423. 	}
  424. 

  425. 	for i := 0; i < len(bv.Objects); i++ {
  426. 		bv.Objects[i].User = ctx.Params("username")
  427. 		bv.Objects[i].Repo = strings.TrimSuffix(ctx.Params("reponame"), ".git")
  428. 		bv.Objects[i].Authorization = r.Header.Get("Authorization")
  429. 	}
  430. 

  431. 	return &bv
  432. }
  433. 

  434. func writeStatus(ctx *context.Context, status int) {
  435. 	message := http.StatusText(status)
  436. 

  437. 	mediaParts := strings.Split(ctx.Req.Header.Get("Accept"), ";")
  438. 	mt := mediaParts[0]
  439. 	if strings.HasSuffix(mt, "+json") {
  440. 		message = `{"message":"` + message + `"}`
  441. 	}
  442. 

  443. 	ctx.Resp.WriteHeader(status)
  444. 	fmt.Fprint(ctx.Resp, message)
  445. 	logRequest(ctx.Req, status)
  446. }
  447. 

  448. func logRequest(r macaron.Request, status int) {
  449. 	log.Debug("LFS request - Method: %s, URL: %s, Status %d", r.Method, r.URL, status)
  450. }
  451. 

  452. // authenticate uses the authorization string to determine whether

  453. // or not to proceed. This server assumes an HTTP Basic auth format.

  454. func authenticate(ctx *context.Context, repository *models.Repository, authorization string, requireWrite bool) bool {
  455. 

  456. 	accessMode := models.AccessModeRead
  457. 	if requireWrite {
  458. 		accessMode = models.AccessModeWrite
  459. 	}
  460. 

  461. 	if !repository.IsPrivate && !requireWrite {
  462. 		return true
  463. 	}
  464. 

  465. 	if ctx.IsSigned {
  466. 		accessCheck, _ := models.HasAccess(ctx.User.ID, repository, accessMode)
  467. 		return accessCheck
  468. 	}
  469. 

  470. 	if authorization == "" {
  471. 		return false
  472. 	}
  473. 

  474. 	if authenticateToken(repository, authorization, requireWrite) {
  475. 		return true
  476. 	}
  477. 

  478. 	if !strings.HasPrefix(authorization, "Basic ") {
  479. 		return false
  480. 	}
  481. 

  482. 	c, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(authorization, "Basic "))
  483. 	if err != nil {
  484. 		return false
  485. 	}
  486. 	cs := string(c)
  487. 	i := strings.IndexByte(cs, ':')
  488. 	if i < 0 {
  489. 		return false
  490. 	}
  491. 	user, password := cs[:i], cs[i+1:]
  492. 

  493. 	userModel, err := models.GetUserByName(user)
  494. 	if err != nil {
  495. 		return false
  496. 	}
  497. 

  498. 	if !userModel.ValidatePassword(password) {
  499. 		return false
  500. 	}
  501. 

  502. 	accessCheck, _ := models.HasAccess(userModel.ID, repository, accessMode)
  503. 	return accessCheck
  504. }
  505. 

  506. func authenticateToken(repository *models.Repository, authorization string, requireWrite bool) bool {
  507. 	if !strings.HasPrefix(authorization, "Bearer ") {
  508. 		return false
  509. 	}
  510. 

  511. 	token, err := jwt.Parse(authorization[7:], func(t *jwt.Token) (interface{}, error) {
  512. 		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
  513. 			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
  514. 		}
  515. 		return setting.LFS.JWTSecretBytes, nil
  516. 	})
  517. 	if err != nil {
  518. 		return false
  519. 	}
  520. 	claims, claimsOk := token.Claims.(jwt.MapClaims)
  521. 	if !token.Valid || !claimsOk {
  522. 		return false
  523. 	}
  524. 

  525. 	opStr, ok := claims["op"].(string)
  526. 	if !ok {
  527. 		return false
  528. 	}
  529. 

  530. 	if requireWrite && opStr != "upload" {
  531. 		return false
  532. 	}
  533. 

  534. 	repoID, ok := claims["repo"].(float64)
  535. 	if !ok {
  536. 		return false
  537. 	}
  538. 

  539. 	if repository.ID != int64(repoID) {
  540. 		return false
  541. 	}
  542. 

  543. 	return true
  544. }
  545. 

  546. func requireAuth(ctx *context.Context) {
  547. 	ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
  548. 	writeStatus(ctx, 401)
  549. }