aboutsummaryrefslogtreecommitdiffstats
path: root/cmd/git-lfs-server
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/git-lfs-server')
-rw-r--r--cmd/git-lfs-server/main.go897
1 files changed, 0 insertions, 897 deletions
diff --git a/cmd/git-lfs-server/main.go b/cmd/git-lfs-server/main.go
deleted file mode 100644
index eec7d00..0000000
--- a/cmd/git-lfs-server/main.go
+++ /dev/null
@@ -1,897 +0,0 @@
1package main
2
3import (
4 "bytes"
5 "context"
6 "crypto/ed25519"
7 "crypto/sha256"
8 "encoding/base64"
9 "encoding/hex"
10 "encoding/json"
11 "errors"
12 "fmt"
13 "hash"
14 "io"
15 "mime"
16 "net"
17 "net/http"
18 "net/url"
19 "os"
20 "os/exec"
21 "path"
22 "regexp"
23 "runtime/debug"
24 "slices"
25 "strconv"
26 "strings"
27 "time"
28 "unicode"
29
30 "github.com/golang-jwt/jwt/v5"
31 "github.com/minio/minio-go/v7"
32 "github.com/minio/minio-go/v7/pkg/credentials"
33 "github.com/rs/xid"
34)
35
36type operation string
37type transferAdapter string
38type hashAlgo string
39
40const (
41 operationDownload operation = "download"
42 operationUpload operation = "upload"
43 transferAdapterBasic transferAdapter = "basic"
44 hashAlgoSHA256 hashAlgo = "sha256"
45)
46
47const lfsMIME = "application/vnd.git-lfs+json"
48
49type batchRef struct {
50 Name string `json:"name"`
51}
52
53type batchRequestObject struct {
54 OID string `json:"oid"`
55 Size int64 `json:"size"`
56}
57
58type batchRequest struct {
59 Operation operation `json:"operation"`
60 Transfers []transferAdapter `json:"transfers,omitempty"`
61 Ref *batchRef `json:"ref,omitempty"`
62 Objects []batchRequestObject `json:"objects"`
63 HashAlgo hashAlgo `json:"hash_algo,omitempty"`
64}
65
66type batchAction struct {
67 HRef string `json:"href"`
68 Header map[string]string `json:"header,omitempty"`
69 // In seconds.
70 ExpiresIn int64 `json:"expires_in,omitempty"`
71 // expires_at (RFC3339) could also be used, but we leave it out since we
72 // don't use it.
73}
74
75type batchError struct {
76 Code int `json:"code"`
77 Message string `json:"message"`
78}
79
80type batchResponseObject struct {
81 OID string `json:"oid"`
82 Size int64 `json:"size"`
83 Authenticated *bool `json:"authenticated"`
84 Actions map[operation]batchAction `json:"actions,omitempty"`
85 Error *batchError `json:"error,omitempty"`
86}
87
88type batchResponse struct {
89 Transfer transferAdapter `json:"transfer,omitempty"`
90 Objects []batchResponseObject `json:"objects"`
91 HashAlgo hashAlgo `json:"hash_algo,omitempty"`
92}
93
94type handler struct {
95 mc *minio.Client
96 bucket string
97 anonUser string
98 gitolitePath string
99 privateKey ed25519.PrivateKey
100 baseURL *url.URL
101 exportAllForwardedHosts []string
102}
103
104func isValidSHA256Hash(hash string) bool {
105 if len(hash) != 64 {
106 return false
107 }
108 for _, c := range hash {
109 if !unicode.Is(unicode.ASCII_Hex_Digit, c) {
110 return false
111 }
112 }
113 return true
114}
115
116type lfsError struct {
117 Message string `json:"message"`
118 DocumentationURL string `json:"documentation_url,omitempty"`
119 RequestID string `json:"request_id,omitempty"`
120}
121
122func makeRespError(ctx context.Context, w http.ResponseWriter, message string, code int) {
123 err := lfsError{Message: message}
124 if val := ctx.Value(requestIDKey); val != nil {
125 err.RequestID = val.(string)
126 }
127 w.Header().Set("Content-Type", lfsMIME+"; charset=utf-8")
128 w.WriteHeader(code)
129 json.NewEncoder(w).Encode(err)
130}
131
132func makeObjError(obj parsedBatchObject, message string, code int) batchResponseObject {
133 return batchResponseObject{
134 OID: obj.fullHash,
135 Size: obj.size,
136 Error: &batchError{
137 Message: message,
138 Code: code,
139 },
140 }
141}
142
143func sha256AsBase64(hash string) string {
144 raw, err := hex.DecodeString(hash)
145 if err != nil {
146 return ""
147 }
148 return base64.StdEncoding.EncodeToString(raw)
149}
150
151func (h *handler) handleDownloadObject(ctx context.Context, repo string, obj parsedBatchObject) batchResponseObject {
152 fullPath := path.Join(repo+".git", "lfs/objects", obj.firstByte, obj.secondByte, obj.fullHash)
153
154 info, err := h.mc.StatObject(ctx, h.bucket, fullPath, minio.StatObjectOptions{Checksum: true})
155 if err != nil {
156 var resp minio.ErrorResponse
157 if errors.As(err, &resp) && resp.StatusCode == http.StatusNotFound {
158 return makeObjError(obj, "Object does not exist", http.StatusNotFound)
159 }
160 // TODO: consider not making this an object-specific, but rather a
161 // generic error such that the entire Batch API request fails.
162 reqlog(ctx, "Failed to query object information (full path: %s): %s", fullPath, err)
163 return makeObjError(obj, "Failed to query object information", http.StatusInternalServerError)
164 }
165 if info.ChecksumSHA256 != "" && strings.ToLower(info.ChecksumSHA256) != obj.fullHash {
166 return makeObjError(obj, "Object corrupted", http.StatusUnprocessableEntity)
167 }
168 if info.Size != obj.size {
169 return makeObjError(obj, "Incorrect size specified for object or object currupted", http.StatusUnprocessableEntity)
170 }
171
172 expiresIn := time.Minute * 10
173 claims := handleObjectCustomClaims{
174 Gitolfs3: handleObjectGitolfs3Claims{
175 Type: "basic-transfer",
176 Operation: operationDownload,
177 Repository: repo,
178 OID: obj.fullHash,
179 Size: obj.size,
180 },
181 RegisteredClaims: &jwt.RegisteredClaims{
182 IssuedAt: jwt.NewNumericDate(time.Now()),
183 ExpiresAt: jwt.NewNumericDate(time.Now().Add(expiresIn)),
184 },
185 }
186
187 token := jwt.NewWithClaims(jwt.SigningMethodEdDSA, claims)
188 ss, err := token.SignedString(h.privateKey)
189 if err != nil {
190 // TODO: consider not making this an object-specific, but rather a
191 // generic error such that the entire Batch API request fails.
192 reqlog(ctx, "Fatal: failed to generate JWT: %s", err)
193 return makeObjError(obj, "Failed to generate token", http.StatusInternalServerError)
194 }
195 uploadPath := path.Join(repo+".git", "info/lfs/objects", obj.firstByte, obj.secondByte, obj.fullHash)
196
197 authenticated := true
198 return batchResponseObject{
199 OID: obj.fullHash,
200 Size: obj.size,
201 Authenticated: &authenticated,
202 Actions: map[operation]batchAction{
203 operationDownload: {
204 Header: map[string]string{
205 "Authorization": "Bearer " + ss,
206 },
207 HRef: h.baseURL.ResolveReference(&url.URL{Path: uploadPath}).String(),
208 ExpiresIn: int64(expiresIn.Seconds()),
209 },
210 },
211 }
212}
213
214type handleObjectGitolfs3Claims struct {
215 Type string `json:"type"`
216 Operation operation `json:"operation"`
217 Repository string `json:"repository"`
218 OID string `json:"oid"`
219 Size int64 `json:"size"`
220}
221
222type handleObjectCustomClaims struct {
223 Gitolfs3 handleObjectGitolfs3Claims `json:"gitolfs3"`
224 *jwt.RegisteredClaims
225}
226
227// Return nil when the object already exists
228func (h *handler) handleUploadObject(ctx context.Context, repo string, obj parsedBatchObject) *batchResponseObject {
229 fullPath := path.Join(repo+".git", "lfs/objects", obj.firstByte, obj.secondByte, obj.fullHash)
230 _, err := h.mc.StatObject(ctx, h.bucket, fullPath, minio.GetObjectOptions{})
231 if err == nil {
232 // The object exists
233 return nil
234 }
235
236 var resp minio.ErrorResponse
237 if !errors.As(err, &resp) || resp.StatusCode != http.StatusNotFound {
238 // TODO: consider not making this an object-specific, but rather a
239 // generic error such that the entire Batch API request fails.
240 reqlog(ctx, "Failed to generate action href (full path: %s): %s", fullPath, err)
241 objErr := makeObjError(obj, "Failed to generate action href", http.StatusInternalServerError)
242 return &objErr
243 }
244
245 expiresIn := time.Minute * 10
246 claims := handleObjectCustomClaims{
247 Gitolfs3: handleObjectGitolfs3Claims{
248 Type: "basic-transfer",
249 Operation: operationUpload,
250 Repository: repo,
251 OID: obj.fullHash,
252 Size: obj.size,
253 },
254 RegisteredClaims: &jwt.RegisteredClaims{
255 IssuedAt: jwt.NewNumericDate(time.Now()),
256 ExpiresAt: jwt.NewNumericDate(time.Now().Add(expiresIn)),
257 },
258 }
259
260 token := jwt.NewWithClaims(jwt.SigningMethodEdDSA, claims)
261 ss, err := token.SignedString(h.privateKey)
262 if err != nil {
263 // TODO: consider not making this an object-specific, but rather a
264 // generic error such that the entire Batch API request fails.
265 reqlog(ctx, "Fatal: failed to generate JWT: %s", err)
266 objErr := makeObjError(obj, "Failed to generate token", http.StatusInternalServerError)
267 return &objErr
268 }
269
270 uploadPath := path.Join(repo+".git", "info/lfs/objects", obj.firstByte, obj.secondByte, obj.fullHash)
271 uploadHRef := h.baseURL.ResolveReference(&url.URL{Path: uploadPath}).String()
272 // The object does not exist.
273 authenticated := true
274 return &batchResponseObject{
275 OID: obj.fullHash,
276 Size: obj.size,
277 Authenticated: &authenticated,
278 Actions: map[operation]batchAction{
279 operationUpload: {
280 Header: map[string]string{
281 "Authorization": "Bearer " + ss,
282 },
283 HRef: uploadHRef,
284 ExpiresIn: int64(expiresIn.Seconds()),
285 },
286 },
287 }
288}
289
290type validatingReader struct {
291 promisedSize int64
292 promisedSha256 []byte
293
294 reader io.Reader
295 bytesRead int64
296 current hash.Hash
297 err error
298}
299
300func newValidatingReader(promisedSize int64, promisedSha256 []byte, r io.Reader) *validatingReader {
301 return &validatingReader{
302 promisedSize: promisedSize,
303 promisedSha256: promisedSha256,
304 reader: r,
305 current: sha256.New(),
306 }
307}
308
309var errTooBig = errors.New("validator: uploaded file bigger than indicated")
310var errTooSmall = errors.New("validator: uploaded file smaller than indicated")
311var errBadSum = errors.New("validator: bad checksum provided or file corrupted")
312
313func (i *validatingReader) Read(b []byte) (int, error) {
314 if i.err != nil {
315 return 0, i.err
316 }
317 n, err := i.reader.Read(b)
318 i.bytesRead += int64(n)
319 if i.bytesRead > i.promisedSize {
320 i.err = errTooBig
321 return 0, i.err
322 }
323 if err != nil && errors.Is(err, io.EOF) {
324 if i.bytesRead < i.promisedSize {
325 i.err = errTooSmall
326 return n, i.err
327 }
328 }
329 // According to the documentation, Hash.Write never returns an error
330 i.current.Write(b[:n])
331 if i.bytesRead == i.promisedSize {
332 if !bytes.Equal(i.promisedSha256, i.current.Sum(nil)) {
333 i.err = errBadSum
334 return 0, i.err
335 }
336 }
337 return n, err
338}
339
340func (h *handler) handlePutObject(w http.ResponseWriter, r *http.Request, repo, oid string) {
341 ctx := r.Context()
342
343 authz := r.Header.Get("Authorization")
344 if authz == "" {
345 makeRespError(ctx, w, "Missing Authorization header", http.StatusBadRequest)
346 return
347 }
348 if !strings.HasPrefix(authz, "Bearer ") {
349 makeRespError(ctx, w, "Invalid Authorization header", http.StatusBadRequest)
350 return
351 }
352 authz = strings.TrimPrefix(authz, "Bearer ")
353
354 var claims handleObjectCustomClaims
355 _, err := jwt.ParseWithClaims(authz, &claims, func(token *jwt.Token) (any, error) {
356 if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
357 return nil, fmt.Errorf("expected signing method EdDSA, got %s", token.Header["alg"])
358 }
359 return h.privateKey.Public(), nil
360 })
361 if err != nil {
362 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
363 return
364 }
365 if claims.Gitolfs3.Type != "basic-transfer" {
366 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
367 return
368 }
369 if claims.Gitolfs3.Repository != repo {
370 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
371 return
372 }
373 if claims.Gitolfs3.OID != oid {
374 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
375 return
376 }
377 if claims.Gitolfs3.Operation != operationUpload {
378 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
379 return
380 }
381
382 // Check with claims
383 if lengthStr := r.Header.Get("Content-Length"); lengthStr != "" {
384 length, err := strconv.ParseInt(lengthStr, 10, 64)
385 if err != nil {
386 makeRespError(ctx, w, "Bad Content-Length format", http.StatusBadRequest)
387 return
388 }
389 if length != claims.Gitolfs3.Size {
390 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
391 return
392 }
393 }
394
395 sha256Raw, err := hex.DecodeString(oid)
396 if err != nil || len(sha256Raw) != sha256.Size {
397 makeRespError(ctx, w, "Invalid OID", http.StatusBadRequest)
398 return
399 }
400
401 reader := newValidatingReader(claims.Gitolfs3.Size, sha256Raw, r.Body)
402
403 fullPath := path.Join(repo+".git", "lfs/objects", oid[:2], oid[2:4], oid)
404 _, err = h.mc.PutObject(ctx, h.bucket, fullPath, reader, int64(claims.Gitolfs3.Size), minio.PutObjectOptions{
405 SendContentMd5: true,
406 })
407 if err != nil {
408 if errors.Is(err, errBadSum) {
409 makeRespError(ctx, w, "Bad checksum (OID does not match contents)", http.StatusBadRequest)
410 } else if errors.Is(err, errTooSmall) {
411 makeRespError(ctx, w, "Uploaded object smaller than expected", http.StatusBadRequest)
412 } else if errors.Is(err, errTooBig) {
413 makeRespError(ctx, w, "Uploaded object bigger than expected", http.StatusBadRequest)
414 } else {
415 reqlog(ctx, "Failed to upload object: %s", err)
416 makeRespError(ctx, w, "Failed to upload object", http.StatusInternalServerError)
417 }
418 return
419 }
420}
421
422func (h *handler) handleGetObject(w http.ResponseWriter, r *http.Request, repo, oid string) {
423 ctx := r.Context()
424
425 authz := r.Header.Get("Authorization")
426 if authz == "" {
427 makeRespError(ctx, w, "Missing Authorization header", http.StatusBadRequest)
428 return
429 }
430 if !strings.HasPrefix(authz, "Bearer ") {
431 makeRespError(ctx, w, "Invalid Authorization header", http.StatusBadRequest)
432 return
433 }
434 authz = strings.TrimPrefix(authz, "Bearer ")
435
436 var claims handleObjectCustomClaims
437 _, err := jwt.ParseWithClaims(authz, &claims, func(token *jwt.Token) (any, error) {
438 if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
439 return nil, fmt.Errorf("expected signing method EdDSA, got %s", token.Header["alg"])
440 }
441 return h.privateKey.Public(), nil
442 })
443 if err != nil {
444 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
445 return
446 }
447 if claims.Gitolfs3.Type != "basic-transfer" {
448 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
449 return
450 }
451 if claims.Gitolfs3.Repository != repo {
452 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
453 return
454 }
455 if claims.Gitolfs3.OID != oid {
456 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
457 return
458 }
459 if claims.Gitolfs3.Operation != operationDownload {
460 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
461 return
462 }
463
464 sha256Raw, err := hex.DecodeString(oid)
465 if err != nil || len(sha256Raw) != sha256.Size {
466 makeRespError(ctx, w, "Invalid OID", http.StatusBadRequest)
467 return
468 }
469
470 fullPath := path.Join(repo+".git", "lfs/objects", oid[:2], oid[2:4], oid)
471 obj, err := h.mc.GetObject(ctx, h.bucket, fullPath, minio.GetObjectOptions{})
472
473 var resp minio.ErrorResponse
474 if errors.As(err, &resp) && resp.StatusCode != http.StatusNotFound {
475 makeRespError(ctx, w, "Not found", http.StatusNotFound)
476 return
477 } else if err != nil {
478 reqlog(ctx, "Failed to get object: %s", err)
479 makeRespError(ctx, w, "Failed to get object", http.StatusInternalServerError)
480 return
481 }
482
483 stat, err := obj.Stat()
484 if err != nil {
485 reqlog(ctx, "Failed to stat: %s", err)
486 makeRespError(ctx, w, "Internal server error", http.StatusInternalServerError)
487 return
488 }
489
490 if stat.Size != claims.Gitolfs3.Size {
491 reqlog(ctx, "Claims size does not match S3 object size")
492 makeRespError(ctx, w, "Internal server error", http.StatusInternalServerError)
493 return
494 }
495
496 w.Header().Set("Content-Length", strconv.FormatInt(claims.Gitolfs3.Size, 10))
497 w.WriteHeader(http.StatusOK)
498
499 vr := newValidatingReader(claims.Gitolfs3.Size, sha256Raw, obj)
500 _, err = io.Copy(w, vr)
501 if errors.Is(err, errBadSum) {
502 reqlog(ctx, "Bad object checksum")
503 }
504}
505
506type parsedBatchObject struct {
507 firstByte string
508 secondByte string
509 fullHash string
510 size int64
511}
512
513func isLFSMediaType(t string) bool {
514 if mediaType, params, err := mime.ParseMediaType(t); err == nil {
515 if mediaType == lfsMIME {
516 if params["charset"] == "" || strings.ToLower(params["charset"]) == "utf-8" {
517 return true
518 }
519 }
520 }
521 return false
522}
523
524var reBatchAPI = regexp.MustCompile(`^([a-zA-Z0-9-_/]+)\.git/info/lfs/objects/batch$`)
525var reObjUpload = regexp.MustCompile(`^([a-zA-Z0-9-_/]+)\.git/info/lfs/objects/([0-9a-f]{2})/([0-9a-f]{2})/([0-9a-f]{64})$`)
526
527type requestID struct{}
528
529var requestIDKey requestID
530
531// TODO: make a shared package for this
532type lfsAuthGitolfs3Claims struct {
533 Type string `json:"type"`
534 Repository string `json:"repository"`
535 Permission operation `json:"permission"`
536}
537
538type lfsAuthCustomClaims struct {
539 Gitolfs3 lfsAuthGitolfs3Claims `json:"gitolfs3"`
540 *jwt.RegisteredClaims
541}
542
543// Request to perform <operation> in <repository> [on reference <refspec>]
544type operationRequest struct {
545 operation operation
546 repository string
547 refspec *string
548}
549
550func (h *handler) getGitoliteAccess(repo, user, gitolitePerm string, refspec *string) (bool, error) {
551 // gitolite access -q: returns only exit code
552 gitoliteArgs := []string{"access", "-q", repo, user, gitolitePerm}
553 if refspec != nil {
554 gitoliteArgs = append(gitoliteArgs, *refspec)
555 }
556 cmd := exec.Command(h.gitolitePath, gitoliteArgs...)
557 err := cmd.Run()
558 if err != nil {
559 var exitErr *exec.ExitError
560 if !errors.As(err, &exitErr) {
561 return false, fmt.Errorf("(running %s): %w", cmd, err)
562 }
563 return false, nil
564 }
565 return true, nil
566}
567
568func (h *handler) authorizeBatchAPI(w http.ResponseWriter, r *http.Request, or operationRequest) bool {
569 user := h.anonUser
570 ctx := r.Context()
571
572 if or.operation == operationDownload {
573 // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
574 forwardedHost := r.Header.Get("X-Forwarded-Host")
575 if forwardedHost != "" && slices.Contains(h.exportAllForwardedHosts, forwardedHost) {
576 // This is a forwarded host for which all repositories are exported,
577 // regardless of ownership configuration in Gitolite.
578 return true
579 }
580 }
581
582 if authz := r.Header.Get("Authorization"); authz != "" {
583 if !strings.HasPrefix(authz, "Bearer ") {
584 makeRespError(ctx, w, "Invalid Authorization header", http.StatusBadRequest)
585 return false
586 }
587 authz = strings.TrimPrefix(authz, "Bearer ")
588
589 var claims lfsAuthCustomClaims
590 _, err := jwt.ParseWithClaims(authz, &claims, func(token *jwt.Token) (any, error) {
591 if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
592 return nil, fmt.Errorf("expected signing method EdDSA, got %s", token.Header["alg"])
593 }
594 return h.privateKey.Public(), nil
595 })
596 if err != nil {
597 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
598 return false
599 }
600
601 if claims.Gitolfs3.Type != "batch-api" {
602 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
603 return false
604 }
605 if claims.Gitolfs3.Repository != or.repository {
606 makeRespError(ctx, w, "Invalid token", http.StatusUnauthorized)
607 return false
608 }
609 if claims.Gitolfs3.Permission == operationDownload && or.operation == operationUpload {
610 makeRespError(ctx, w, "Forbidden", http.StatusForbidden)
611 return false
612 }
613
614 user = claims.Subject
615 }
616
617 readAccess, err := h.getGitoliteAccess(or.repository, user, "R", or.refspec)
618 if err != nil {
619 reqlog(ctx, "Error checking access info: %s", err)
620 makeRespError(ctx, w, "Failed to query access information", http.StatusInternalServerError)
621 return false
622 }
623 if !readAccess {
624 makeRespError(ctx, w, "Repository not found", http.StatusNotFound)
625 return false
626 }
627 if or.operation == operationUpload {
628 writeAccess, err := h.getGitoliteAccess(or.repository, user, "W", or.refspec)
629 if err != nil {
630 reqlog(ctx, "Error checking access info: %s", err)
631 makeRespError(ctx, w, "Failed to query access information", http.StatusInternalServerError)
632 return false
633 }
634 // User has read access but no write access
635 if !writeAccess {
636 makeRespError(ctx, w, "Forbidden", http.StatusForbidden)
637 return false
638 }
639 }
640
641 return true
642}
643
644func (h *handler) handleBatchAPI(w http.ResponseWriter, r *http.Request, repo string) {
645 ctx := r.Context()
646
647 if !slices.ContainsFunc(r.Header.Values("Accept"), isLFSMediaType) {
648 makeRespError(ctx, w, "Expected "+lfsMIME+" (with UTF-8 charset) in list of acceptable response media types", http.StatusNotAcceptable)
649 return
650 }
651 if !isLFSMediaType(r.Header.Get("Content-Type")) {
652 makeRespError(ctx, w, "Expected request Content-Type to be "+lfsMIME+" (with UTF-8 charset)", http.StatusUnsupportedMediaType)
653 return
654 }
655
656 var body batchRequest
657 if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
658 makeRespError(ctx, w, "Failed to parse request body as JSON", http.StatusBadRequest)
659 return
660 }
661 if body.Operation != operationDownload && body.Operation != operationUpload {
662 makeRespError(ctx, w, "Invalid operation specified", http.StatusBadRequest)
663 return
664 }
665
666 or := operationRequest{
667 operation: body.Operation,
668 repository: repo,
669 }
670 if body.Ref != nil {
671 or.refspec = &body.Ref.Name
672 }
673 if !h.authorizeBatchAPI(w, r.WithContext(ctx), or) {
674 return
675 }
676
677 if body.HashAlgo != hashAlgoSHA256 {
678 makeRespError(ctx, w, "Unsupported hash algorithm specified", http.StatusConflict)
679 return
680 }
681
682 if len(body.Transfers) != 0 && !slices.Contains(body.Transfers, transferAdapterBasic) {
683 makeRespError(ctx, w, "Unsupported transfer adapter specified (supported: basic)", http.StatusConflict)
684 return
685 }
686
687 var objects []parsedBatchObject
688 for _, obj := range body.Objects {
689 oid := strings.ToLower(obj.OID)
690 if !isValidSHA256Hash(oid) {
691 makeRespError(ctx, w, "Invalid hash format in object ID", http.StatusBadRequest)
692 return
693 }
694 objects = append(objects, parsedBatchObject{
695 firstByte: oid[:2],
696 secondByte: oid[2:4],
697 fullHash: oid,
698 size: obj.Size,
699 })
700 }
701
702 resp := batchResponse{
703 Transfer: transferAdapterBasic,
704 HashAlgo: hashAlgoSHA256,
705 }
706 for _, obj := range objects {
707 switch body.Operation {
708 case operationDownload:
709 resp.Objects = append(resp.Objects, h.handleDownloadObject(ctx, repo, obj))
710 case operationUpload:
711 if respObj := h.handleUploadObject(ctx, repo, obj); respObj != nil {
712 resp.Objects = append(resp.Objects, *respObj)
713 }
714 }
715 }
716
717 w.Header().Set("Content-Type", lfsMIME)
718 w.WriteHeader(http.StatusOK)
719 json.NewEncoder(w).Encode(resp)
720}
721
722func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
723 reqID := xid.New().String()
724 ctx := context.WithValue(r.Context(), requestIDKey, reqID)
725 w.Header().Set("X-Request-Id", reqID)
726
727 defer func() {
728 if r := recover(); r != nil {
729 reqlog(ctx, "Panic when serving request: %s", debug.Stack())
730 }
731 }()
732
733 reqPath := strings.TrimPrefix(path.Clean(r.URL.Path), "/")
734
735 if submatches := reBatchAPI.FindStringSubmatch(reqPath); len(submatches) == 2 {
736 if r.Method != http.MethodPost {
737 makeRespError(ctx, w, "Method not allowed", http.StatusMethodNotAllowed)
738 return
739 }
740
741 repo := strings.TrimPrefix(path.Clean(submatches[1]), "/")
742 reqlog(ctx, "Handling batch API request for repository: %s", repo)
743
744 h.handleBatchAPI(w, r.WithContext(ctx), repo)
745 return
746 }
747
748 if submatches := reObjUpload.FindStringSubmatch(reqPath); len(submatches) == 5 {
749 oid0, oid1, oid := submatches[2], submatches[3], submatches[4]
750
751 if !isValidSHA256Hash(oid) {
752 panic("Regex should only allow valid SHA256 hashes")
753 }
754 if oid0 != oid[:2] || oid1 != oid[2:4] {
755 makeRespError(ctx, w, "Bad URL format: malformed OID pattern", http.StatusBadRequest)
756 return
757 }
758
759 repo := strings.TrimPrefix(path.Clean(submatches[1]), "/")
760 reqlog(ctx, "Handling object PUT for repository: %s, OID: %s", repo, oid)
761
762 switch r.Method {
763 case http.MethodGet:
764 h.handleGetObject(w, r.WithContext(ctx), repo, oid)
765 case http.MethodPut:
766 h.handlePutObject(w, r.WithContext(ctx), repo, oid)
767 default:
768 makeRespError(ctx, w, "Method not allowed", http.StatusMethodNotAllowed)
769 }
770
771 return
772 }
773
774 makeRespError(ctx, w, "Not found", http.StatusNotFound)
775}
776
777func reqlog(ctx context.Context, msg string, args ...any) {
778 if val := ctx.Value(requestIDKey); val != nil {
779 fmt.Fprintf(os.Stderr, "[%s] ", val.(string))
780 }
781 fmt.Fprintf(os.Stderr, msg, args...)
782 fmt.Fprint(os.Stderr, "\n")
783}
784
785func log(msg string, args ...any) {
786 fmt.Fprintf(os.Stderr, msg, args...)
787 fmt.Fprint(os.Stderr, "\n")
788}
789
790func die(msg string, args ...any) {
791 log("Environment variables: (dying)")
792 for _, s := range os.Environ() {
793 log(" %s", s)
794 }
795 log(msg, args...)
796 os.Exit(1)
797}
798
799func loadPrivateKey(path string) ed25519.PrivateKey {
800 raw, err := os.ReadFile(path)
801 if err != nil {
802 die("Failed to open specified public key: %s", err)
803 }
804 raw = bytes.TrimSpace(raw)
805
806 if hex.DecodedLen(len(raw)) != ed25519.SeedSize {
807 die("Specified public key file does not contain key (seed) of appropriate length")
808 }
809 decoded := make([]byte, hex.DecodedLen(len(raw)))
810 if _, err = hex.Decode(decoded, raw); err != nil {
811 die("Failed to decode specified public key: %s", err)
812 }
813 return ed25519.NewKeyFromSeed(decoded)
814}
815
816func wipe(b []byte) {
817 for i := range b {
818 b[i] = 0
819 }
820}
821
822func main() {
823 anonUser := os.Getenv("GITOLFS3_ANON_USER")
824 privateKeyPath := os.Getenv("GITOLFS3_PRIVATE_KEY_PATH")
825 endpoint := os.Getenv("GITOLFS3_S3_ENDPOINT")
826 bucket := os.Getenv("GITOLFS3_S3_BUCKET")
827 accessKeyIDFile := os.Getenv("GITOLFS3_S3_ACCESS_KEY_ID_FILE")
828 secretAccessKeyFile := os.Getenv("GITOLFS3_S3_SECRET_ACCESS_KEY_FILE")
829 gitolitePath := os.Getenv("GITOLFS3_GITOLITE_PATH")
830 baseURLStr := os.Getenv("GITOLFS3_BASE_URL")
831 listenHost := os.Getenv("GITOLFS3_LISTEN_HOST")
832 listenPort := os.Getenv("GITOLFS3_LISTEN_PORT")
833 exportAllForwardedHostsStr := os.Getenv("GITOLFS3_EXPORT_ALL_FORWARDED_HOSTS")
834
835 listenAddr := net.JoinHostPort(listenHost, listenPort)
836 exportAllForwardedHosts := strings.Split(exportAllForwardedHostsStr, ",")
837
838 if gitolitePath == "" {
839 gitolitePath = "gitolite"
840 }
841
842 if anonUser == "" {
843 die("Fatal: expected environment variable GITOLFS3_ANON_USER to be set")
844 }
845 if privateKeyPath == "" {
846 die("Fatal: expected environment variable GITOLFS3_PRIVATE_KEY_PATH to be set")
847 }
848 if listenPort == "" {
849 die("Fatal: expected environment variable GITOLFS3_LISTEN_PORT to be set")
850 }
851 if baseURLStr == "" {
852 die("Fatal: expected environment variable GITOLFS3_BASE_URL to be set")
853 }
854 if endpoint == "" {
855 die("Fatal: expected environment variable GITOLFS3_S3_ENDPOINT to be set")
856 }
857 if bucket == "" {
858 die("Fatal: expected environment variable GITOLFS3_S3_BUCKET to be set")
859 }
860
861 if accessKeyIDFile == "" {
862 die("Fatal: expected environment variable GITOLFS3_S3_ACCESS_KEY_ID_FILE to be set")
863 }
864 if secretAccessKeyFile == "" {
865 die("Fatal: expected environment variable GITOLFS3_S3_SECRET_ACCESS_KEY_FILE to be set")
866 }
867
868 accessKeyID, err := os.ReadFile(accessKeyIDFile)
869 if err != nil {
870 die("Fatal: failed to read access key ID from specified file: %s", err)
871 }
872 secretAccessKey, err := os.ReadFile(secretAccessKeyFile)
873 if err != nil {
874 die("Fatal: failed to read secret access key from specified file: %s", err)
875 }
876
877 privateKey := loadPrivateKey(privateKeyPath)
878 defer wipe(privateKey)
879
880 baseURL, err := url.Parse(baseURLStr)
881 if err != nil {
882 die("Fatal: provided BASE_URL has bad format: %s", err)
883 }
884
885 mc, err := minio.New(endpoint, &minio.Options{
886 Creds: credentials.NewStaticV4(string(accessKeyID), string(secretAccessKey), ""),
887 Secure: true,
888 })
889 if err != nil {
890 die("Fatal: failed to create S3 client: %s", err)
891 }
892
893 h := &handler{mc, bucket, anonUser, gitolitePath, privateKey, baseURL, exportAllForwardedHosts}
894 if err = http.ListenAndServe(listenAddr, h); err != nil {
895 die("Fatal: failed to serve CGI: %s", err)
896 }
897}
generated by cgit v1.2.3 (git 2.45.2) at 2024-09-30 21:41:38 +0000