1/* ui-clone.c: functions for http cloning, based on
  2 * git's http-backend.c by Shawn O. Pearce
  3 *
  4 * Copyright (C) 2006-2014 cgit Development Team <cgit@lists.zx2c4.com>
  5 *
  6 * Licensed under GNU General Public License v2
  7 *   (see COPYING for full license text)
  8 */
  9
 10#include "cgit.h"
 11#include "ui-clone.h"
 12#include "html.h"
 13#include "ui-shared.h"
 14#include "packfile.h"
 15#include "object-store.h"
 16
 17static int print_ref_info(const char *refname, const struct object_id *oid,
 18                          int flags, void *cb_data)
 19{
 20	struct object *obj;
 21
 22	if (!(obj = parse_object(the_repository, oid)))
 23		return 0;
 24
 25	htmlf("%s\t%s\n", oid_to_hex(oid), refname);
 26	if (obj->type == OBJ_TAG) {
 27		if (!(obj = deref_tag(the_repository, obj, refname, 0)))
 28			return 0;
 29		htmlf("%s\t%s^{}\n", oid_to_hex(&obj->oid), refname);
 30	}
 31	return 0;
 32}
 33
 34static void print_pack_info(void)
 35{
 36	struct packed_git *pack;
 37	char *offset;
 38
 39	ctx.page.mimetype = "text/plain";
 40	ctx.page.filename = "objects/info/packs";
 41	cgit_print_http_headers();
 42	reprepare_packed_git(the_repository);
 43	for (pack = get_packed_git(the_repository); pack; pack = pack->next) {
 44		if (pack->pack_local) {
 45			offset = strrchr(pack->pack_name, '/');
 46			if (offset && offset[1] != '\0')
 47				++offset;
 48			else
 49				offset = pack->pack_name;
 50			htmlf("P %s\n", offset);
 51		}
 52	}
 53}
 54
 55static void send_file(const char *path)
 56{
 57	struct stat st;
 58
 59	if (stat(path, &st)) {
 60		switch (errno) {
 61		case ENOENT:
 62			cgit_print_error_page(404, "Not found", "Not found");
 63			break;
 64		case EACCES:
 65			cgit_print_error_page(403, "Forbidden", "Forbidden");
 66			break;
 67		default:
 68			cgit_print_error_page(400, "Bad request", "Bad request");
 69		}
 70		return;
 71	}
 72	ctx.page.mimetype = "application/octet-stream";
 73	ctx.page.filename = path;
 74	skip_prefix(path, ctx.repo->path, &ctx.page.filename);
 75	skip_prefix(ctx.page.filename, "/", &ctx.page.filename);
 76	cgit_print_http_headers();
 77	html_include(path);
 78}
 79
 80void cgit_clone_info(void)
 81{
 82	if (!ctx.qry.path || strcmp(ctx.qry.path, "refs")) {
 83		cgit_print_error_page(400, "Bad request", "Bad request");
 84		return;
 85	}
 86
 87	ctx.page.mimetype = "text/plain";
 88	ctx.page.filename = "info/refs";
 89	cgit_print_http_headers();
 90	for_each_ref(print_ref_info, NULL);
 91}
 92
 93void cgit_clone_objects(void)
 94{
 95	char *p;
 96
 97	if (!ctx.qry.path)
 98		goto err;
 99
100	if (!strcmp(ctx.qry.path, "info/packs")) {
101		print_pack_info();
102		return;
103	}
104
105	/* Avoid directory traversal by forbidding "..", but also work around
106	 * other funny business by just specifying a fairly strict format. For
107	 * example, now we don't have to stress out about the Cygwin port.
108	 */
109	for (p = ctx.qry.path; *p; ++p) {
110		if (*p == '.' && *(p + 1) == '.')
111			goto err;
112		if (!isalnum(*p) && *p != '/' && *p != '.' && *p != '-')
113			goto err;
114	}
115
116	send_file(git_path("objects/%s", ctx.qry.path));
117	return;
118
119err:
120	cgit_print_error_page(400, "Bad request", "Bad request");
121}
122
123void cgit_clone_head(void)
124{
125	send_file(git_path("%s", "HEAD"));
126}