From cb65e790ae1619c2b3c79ca1b0f2109e6776d56e Mon Sep 17 00:00:00 2001
From: Naoki Takezoe <takezoe@gmail.com>
Date: Sun, 5 Jul 2015 15:38:55 +0900
Subject: [PATCH] (refs #812)Apply GitRepositoryFilter to SSH access too

---
 .../core/plugin/GitRepositoryRouting.scala    | 22 ++++++++++++
 .../scala/gitbucket/core/ssh/GitCommand.scala | 34 +++++++++++--------
 2 files changed, 41 insertions(+), 15 deletions(-)

diff --git a/src/main/scala/gitbucket/core/plugin/GitRepositoryRouting.scala b/src/main/scala/gitbucket/core/plugin/GitRepositoryRouting.scala
index 47654e8de..61089f089 100644
--- a/src/main/scala/gitbucket/core/plugin/GitRepositoryRouting.scala
+++ b/src/main/scala/gitbucket/core/plugin/GitRepositoryRouting.scala
@@ -3,6 +3,13 @@ package gitbucket.core.plugin
 import gitbucket.core.model.Session
 import gitbucket.core.service.SystemSettingsService.SystemSettings
 
+/**
+ * Define the Git repository routing.
+ *
+ * @param urlPattern the regular expression which matches the repository path (e.g. "gist/(.+?)/(.+?)\\.git")
+ * @param localPath the string to assemble local file path of repository (e.g. "gist/$1/$2")
+ * @param filter the filter for request to the Git repository which is defined by this routing
+ */
 case class GitRepositoryRouting(urlPattern: String, localPath: String, filter: GitRepositoryFilter){
 
   def this(urlPattern: String, localPath: String) = {
@@ -14,7 +21,22 @@ case class GitRepositoryRouting(urlPattern: String, localPath: String, filter: G
 
 }
 
+/**
+ * Filters request to plug-in served repository. This is used to provide authentication mainly.
+ */
 trait GitRepositoryFilter {
+
+  /**
+   * Filters request to Git repository. If this method returns true then request is accepted.
+   *
+   * @param path the repository path which starts with '/'
+   * @param userName the authenticated user name or None
+   * @param settings the system settings
+   * @param isUpdating true if update request, otherwise false
+   * @param session the database session
+   * @return true if allow accessing to repository, otherwise false.
+   */
   def filter(path: String, userName: Option[String], settings: SystemSettings, isUpdating: Boolean)
             (implicit session: Session): Boolean
+
 }
\ No newline at end of file
diff --git a/src/main/scala/gitbucket/core/ssh/GitCommand.scala b/src/main/scala/gitbucket/core/ssh/GitCommand.scala
index bca00accd..43502dd51 100644
--- a/src/main/scala/gitbucket/core/ssh/GitCommand.scala
+++ b/src/main/scala/gitbucket/core/ssh/GitCommand.scala
@@ -104,7 +104,7 @@ class DefaultGitUploadPack(owner: String, repoName: String, baseUrl: String) ext
 }
 
 class DefaultGitReceivePack(owner: String, repoName: String, baseUrl: String) extends DefaultGitCommand(owner, repoName)
-    with SystemSettingsService with RepositoryService with AccountService {
+    with RepositoryService with AccountService {
 
   override protected def runTask(user: String)(implicit session: Session): Unit = {
     getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", ""), baseUrl).foreach { repositoryInfo =>
@@ -124,28 +124,32 @@ class DefaultGitReceivePack(owner: String, repoName: String, baseUrl: String) ex
   }
 }
 
-class PluginGitUploadPack(repoName: String, baseUrl: String, routing: GitRepositoryRouting) extends GitCommand {
+class PluginGitUploadPack(repoName: String, baseUrl: String, routing: GitRepositoryRouting) extends GitCommand
+    with SystemSettingsService {
 
   override protected def runTask(user: String)(implicit session: Session): Unit = {
-    // TODO filter??
-    val path = routing.urlPattern.r.replaceFirstIn(repoName, routing.localPath)
-    using(Git.open(new File(Directory.GitBucketHome, path))){ git =>
-      val repository = git.getRepository
-      val upload = new UploadPack(repository)
-      upload.upload(in, out, err)
+    if(routing.filter.filter("/" + repoName, Some(user), loadSystemSettings(), false)){
+      val path = routing.urlPattern.r.replaceFirstIn(repoName, routing.localPath)
+      using(Git.open(new File(Directory.GitBucketHome, path))){ git =>
+        val repository = git.getRepository
+        val upload = new UploadPack(repository)
+        upload.upload(in, out, err)
+      }
     }
   }
 }
 
-class PluginGitReceivePack(repoName: String, baseUrl: String, routing: GitRepositoryRouting) extends GitCommand {
+class PluginGitReceivePack(repoName: String, baseUrl: String, routing: GitRepositoryRouting) extends GitCommand
+    with SystemSettingsService {
 
   override protected def runTask(user: String)(implicit session: Session): Unit = {
-    // TODO filter??
-    val path = routing.urlPattern.r.replaceFirstIn(repoName, routing.localPath)
-    using(Git.open(new File(Directory.GitBucketHome, path))){ git =>
-      val repository = git.getRepository
-      val receive = new ReceivePack(repository)
-      receive.receive(in, out, err)
+    if(routing.filter.filter("/" + repoName, Some(user), loadSystemSettings(), true)){
+      val path = routing.urlPattern.r.replaceFirstIn(repoName, routing.localPath)
+      using(Git.open(new File(Directory.GitBucketHome, path))){ git =>
+        val repository = git.getRepository
+        val receive = new ReceivePack(repository)
+        receive.receive(in, out, err)
+      }
     }
   }
 }