Use similar interface to access gitolite

Simplified gitolite handle logic Stubn over monkeypatch Stub only specific methods in Gitlab:Gitolite Moved grach auth to lib added specs for keys observer removes SshKey role
2012-08-29 00:04:06 +03:00 · 2012-08-29 00:04:06 +03:00 · 7cdc5b9e04
commit 7cdc5b9e04
parent aded7056fd
20 changed files with 155 additions and 88 deletions
--- a/lib/gitlab/backend/gitolite.rb
+++ b/lib/gitlab/backend/gitolite.rb
@ -0,0 +1,195 @@
+require 'gitolite'
+require 'timeout'
+require 'fileutils'
+
+# TODO: refactor & cleanup 
+module Gitlab
+  class Gitolite
+    class AccessDenied < StandardError; end
+
+    def set_key key_id, key_content, projects
+      self.configure do |c|
+        c.update_keys(key_id, key_content)
+        c.update_project(project.path, projects)
+      end
+    end
+
+    def remove_key key_id, projects
+      self.configure do |c|
+        c.delete_key(key_id)
+        c.update_project(project.path, projects)
+      end
+    end
+
+    def update_repository project
+      self.configure do |c|
+        c.update_project(project.path, project)
+      end
+    end
+
+    alias_method :create_repository, :update_repository
+
+    def remove_repository project
+      self.configure do |c|
+        c.destroy_project(project)
+      end
+    end
+
+    def url_to_repo path
+      Gitlab.config.ssh_path + "#{path}.git"
+    end
+
+    def initialize
+      # create tmp dir
+      @local_dir = File.join(Rails.root, 'tmp',"gitlabhq-gitolite-#{Time.now.to_i}")
+    end
+
+    def enable_automerge
+      self.configure do |git|
+        git.admin_all_repo
+      end
+    end
+
+    private
+
+    def pull
+      # create tmp dir
+      @local_dir = File.join(Rails.root, 'tmp',"gitlabhq-gitolite-#{Time.now.to_i}")
+      Dir.mkdir @local_dir
+
+      `git clone #{self.class.admin_uri} #{@local_dir}/gitolite`
+    end
+
+    def push
+      Dir.chdir(File.join(@local_dir, "gitolite"))
+      `git add -A`
+      `git commit -am "Gitlab"`
+      `git push`
+      Dir.chdir(Rails.root)
+
+      FileUtils.rm_rf(@local_dir)
+    end
+
+    def configure
+      Timeout::timeout(30) do
+        File.open(File.join(Rails.root, 'tmp', "gitlabhq-gitolite.lock"), "w+") do |f|
+          begin 
+            f.flock(File::LOCK_EX)
+            pull
+            yield(self)
+            push
+          ensure
+            f.flock(File::LOCK_UN)
+          end
+        end
+      end
+    rescue Exception => ex
+      Gitlab::Logger.error(ex.message)
+      raise Gitolite::AccessDenied.new("gitolite timeout")
+    end
+
+    def destroy_project(project)
+      FileUtils.rm_rf(project.path_to_repo)
+
+      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
+      conf = ga_repo.config
+      conf.rm_repo(project.path)
+      ga_repo.save
+    end
+
+    #update or create
+    def update_keys(user, key)
+      File.open(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"), 'w') {|f| f.write(key.gsub(/\n/,'')) }
+    end
+
+    def delete_key(user)
+      File.unlink(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"))
+      `cd #{File.join(@local_dir,'gitolite')} ; git rm keydir/#{user}.pub`
+    end
+
+    # update or create
+    def update_project(repo_name, project)
+      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
+      conf = ga_repo.config
+      repo = update_project_config(project, conf)
+      conf.add_repo(repo, true)
+      
+      ga_repo.save
+    end
+
+    # Updates many projects and uses project.path as the repo path
+    # An order of magnitude faster than update_project
+    def update_projects(projects)
+      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
+      conf = ga_repo.config
+
+      projects.each do |project|
+        repo = update_project_config(project, conf)
+        conf.add_repo(repo, true)
+      end
+
+      ga_repo.save
+    end
+
+    def update_project_config(project, conf)
+      repo_name = project.path
+
+      repo = if conf.has_repo?(repo_name)
+               conf.get_repo(repo_name)
+             else 
+               ::Gitolite::Config::Repo.new(repo_name)
+             end
+
+      name_readers = project.repository_readers
+      name_writers = project.repository_writers
+      name_masters = project.repository_masters
+
+      pr_br = project.protected_branches.map(&:name).join("$ ")
+
+      repo.clean_permissions
+
+      # Deny access to protected branches for writers
+      unless name_writers.blank? || pr_br.blank?
+        repo.add_permission("-", pr_br.strip + "$ ", name_writers)
+      end
+
+      # Add read permissions
+      repo.add_permission("R", "", name_readers) unless name_readers.blank?
+
+      # Add write permissions
+      repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
+      repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
+
+      repo
+    end
+
+    def admin_all_repo
+      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
+      conf = ga_repo.config
+      owner_name = ""
+
+      # Read gitolite-admin user
+      #
+      begin 
+        repo = conf.get_repo("gitolite-admin")
+        owner_name = repo.permissions[0]["RW+"][""][0]
+        raise StandardError if owner_name.blank?
+      rescue => ex
+        puts "Can't determine gitolite-admin owner".red
+        raise StandardError
+      end
+
+      # @ALL repos premission for gitolite owner
+      repo_name = "@all"
+      repo = if conf.has_repo?(repo_name)
+               conf.get_repo(repo_name)
+             else 
+               ::Gitolite::Config::Repo.new(repo_name)
+             end
+
+      repo.add_permission("RW+", "", owner_name)
+      conf.add_repo(repo, true)
+      ga_repo.save
+    end
+  end
+end
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@ -0,0 +1,54 @@
+module Grack
+  class Auth < Rack::Auth::Basic
+
+    def valid?
+      # Authentication with username and password
+      email, password = @auth.credentials
+      user = User.find_by_email(email)
+      return false unless user.try(:valid_password?, password)
+
+      # Set GL_USER env variable
+      ENV['GL_USER'] = email
+      # Pass Gitolite update hook
+      ENV['GL_BYPASS_UPDATE_HOOK'] = "true"
+
+      # Need this patch because the rails mount
+      @env['PATH_INFO'] = @env['REQUEST_PATH']
+
+      # Find project by PATH_INFO from env
+      if m = /^\/([\w-]+).git/.match(@env['PATH_INFO']).to_a
+        return false unless project = Project.find_by_path(m.last)
+      end
+
+      # Git upload and receive
+      if @env['REQUEST_METHOD'] == 'GET'
+        true
+      elsif @env['REQUEST_METHOD'] == 'POST'
+        if @env['REQUEST_URI'].end_with?('git-upload-pack')
+          return project.dev_access_for?(user)
+        elsif @env['REQUEST_URI'].end_with?('git-receive-pack')
+          if project.protected_branches.map(&:name).include?(current_ref)
+            project.master_access_for?(user)
+          else
+            project.dev_access_for?(user)
+          end
+        else
+          false
+        end
+      else
+        false
+      end
+    end# valid?
+
+    def current_ref
+      if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
+        input = Zlib::GzipReader.new(@request.body).read
+      else
+        input = @request.body.read
+      end
+      # Need to reset seek point
+      @request.body.rewind
+      /refs\/heads\/([\w-]+)/.match(input).to_a.first
+    end
+  end# Auth
+end# Grack