# Copyright (C) 2016-2020 all contributors # License: AGPL-3.0+ # when no endpoints match, fallback to this and serve a static file # or smart HTTP. This is our wrapper for git-http-backend(1) package PublicInbox::GitHTTPBackend; use strict; use warnings; use Fcntl qw(:seek); use IO::Handle; # ->flush use HTTP::Date qw(time2str); use PublicInbox::Qspawn; use PublicInbox::Tmpfile; use PublicInbox::WwwStatic qw(r @NO_CACHE); # 32 is same as the git-daemon connection limit my $default_limiter = PublicInbox::Qspawn::Limiter->new(32); # n.b. serving "description" and "cloneurl" should be innocuous enough to # not cause problems. serving "config" might... my @text = qw[HEAD info/refs info/attributes objects/info/(?:http-alternates|alternates|packs) cloneurl description]; my @binary = qw! objects/[a-f0-9]{2}/[a-f0-9]{38} objects/pack/pack-[a-f0-9]{40}\.(?:pack|idx) !; our $ANY = join('|', @binary, @text, 'git-upload-pack'); my $BIN = join('|', @binary); my $TEXT = join('|', @text); sub serve { my ($env, $git, $path) = @_; # Documentation/technical/http-protocol.txt in git.git # requires one and exactly one query parameter: if ($env->{QUERY_STRING} =~ /\Aservice=git-[A-Za-z0-9_]+-pack\z/ || $path =~ /\Agit-[A-Za-z0-9_]+-pack\z/) { my $ok = serve_smart($env, $git, $path); return $ok if $ok; } serve_dumb($env, $git, $path); } sub err ($@) { my ($env, @msg) = @_; $env->{'psgi.errors'}->print(@msg, "\n"); } my $prev = 0; my $exp; sub cache_one_year { my ($h) = @_; my $t = time + 31536000; push @$h, 'Expires', $t == $prev ? $exp : ($exp = time2str($prev = $t)), 'Cache-Control', 'public, max-age=31536000'; } sub serve_dumb { my ($env, $git, $path) = @_; my $h = []; my $type; if ($path =~ m!\Aobjects/[a-f0-9]{2}/[a-f0-9]{38}\z!) { $type = 'application/x-git-loose-object'; cache_one_year($h); } elsif ($path =~ m!\Aobjects/pack/pack-[a-f0-9]{40}\.pack\z!) { $type = 'application/x-git-packed-objects'; cache_one_year($h); } elsif ($path =~ m!\Aobjects/pack/pack-[a-f0-9]{40}\.idx\z!) { $type = 'application/x-git-packed-objects-toc'; cache_one_year($h); } elsif ($path =~ /\A(?:$TEXT)\z/o) { $type = 'text/plain'; push @$h, @NO_CACHE; } else { return r(404); } $path = "$git->{git_dir}/$path"; PublicInbox::WwwStatic::response($env, $h, $path, $type); } sub git_parse_hdr { # {parse_hdr} for Qspawn my ($r, $bref, $dumb_args) = @_; my $res = parse_cgi_headers($r, $bref) or return; # incomplete $res->[0] == 403 ? serve_dumb(@$dumb_args) : $res; } # returns undef if 403 so it falls back to dumb HTTP sub serve_smart { my ($env, $git, $path) = @_; my %env = %ENV; # GIT_COMMITTER_NAME, GIT_COMMITTER_EMAIL # may be set in the server-process and are passed as-is foreach my $name (qw(QUERY_STRING REMOTE_USER REMOTE_ADDR HTTP_CONTENT_ENCODING CONTENT_TYPE SERVER_PROTOCOL REQUEST_METHOD)) { my $val = $env->{$name}; $env{$name} = $val if defined $val; } my $limiter = $git->{-httpbackend_limiter} || $default_limiter; $env{GIT_HTTP_EXPORT_ALL} = '1'; $env{PATH_TRANSLATED} = "$git->{git_dir}/$path"; my $rdr = input_prepare($env) or return r(500); my $qsp = PublicInbox::Qspawn->new([qw(git http-backend)], \%env, $rdr); $qsp->psgi_return($env, $limiter, \&git_parse_hdr, [$env, $git, $path]); } sub input_prepare { my ($env) = @_; my $input = $env->{'psgi.input'}; my $fd = eval { fileno($input) }; if (defined $fd && $fd >= 0) { return { 0 => $fd }; } my $id = "git-http.input.$env->{REMOTE_ADDR}:$env->{REMOTE_PORT}"; my $in = tmpfile($id); unless (defined $in) { err($env, "could not open temporary file: $!"); return; } my $buf; while (1) { my $r = $input->read($buf, 8192); unless (defined $r) { err($env, "error reading input: $!"); return; } last if $r == 0; unless (print $in $buf) { err($env, "error writing temporary file: $!"); return; } } # ensure it's visible to git-http-backend(1): unless ($in->flush) { err($env, "error writing temporary file: $!"); return; } unless (defined(sysseek($in, 0, SEEK_SET))) { err($env, "error seeking temporary file: $!"); return; } { 0 => $in }; } sub parse_cgi_headers { my ($r, $bref) = @_; return r(500) unless defined $r && $r >= 0; $$bref =~ s/\A(.*?)\r?\n\r?\n//s or return $r == 0 ? r(500) : undef; my $h = $1; my $code = 200; my @h; foreach my $l (split(/\r?\n/, $h)) { my ($k, $v) = split(/:\s*/, $l, 2); if ($k =~ /\AStatus\z/i) { ($code) = ($v =~ /\b([0-9]+)\b/); } else { push @h, $k, $v; } } [ $code, \@h ] } 1;