3 files changed,
41 insertions(+),
56 deletions(-)
Author:
Oleksandr Smirnov
olexsmir@gmail.com
Committed at:
2026-01-21 02:16:43 +0200
Change ID:
kmotoklossmmuynpvomzvwzrtlqqmzqv
Parent:
1ea9b7f
M
internal/handlers/git.go
@@ -2,6 +2,7 @@ package handlers
import ( "compress/gzip" + "fmt" "io" "log/slog" "net/http"@@ -31,19 +32,13 @@ }
} func (h *handlers) infoRefs(w http.ResponseWriter, r *http.Request) { - name := filepath.Clean(r.PathValue("name")) - repo, err := git.Open(filepath.Join(h.c.Repo.Dir, name), "") + name := r.PathValue("name") + _, err := h.openPublicRepo(name, "") if err != nil { h.write404(w, err) return } - isPrivate, err := repo.IsPrivate() - if isPrivate || err != nil { - h.write404(w, err) - return - } - w.Header().Set("content-type", "application/x-git-upload-pack-advertisement") w.WriteHeader(http.StatusOK)@@ -57,19 +52,13 @@ }
} func (h *handlers) uploadPack(w http.ResponseWriter, r *http.Request) { - name := filepath.Clean(r.PathValue("name")) - repo, err := git.Open(filepath.Join(h.c.Repo.Dir, name), "") + name := r.PathValue("name") + _, err := h.openPublicRepo(name, "") if err != nil { h.write404(w, err) return } - isPrivate, err := repo.IsPrivate() - if isPrivate || err != nil { - h.write404(w, err) - return - } - w.Header().Set("content-type", "application/x-git-upload-pack-result") w.Header().Set("Connection", "Keep-Alive") w.Header().Set("Transfer-Encoding", "chunked")@@ -95,6 +84,25 @@ ); err != nil {
slog.Error("git: upload-pack", "err", err) return } +} + +func (h *handlers) openPublicRepo(name, ref string) (*git.Repo, error) { + n := filepath.Clean(name) + repo, err := git.Open(filepath.Join(h.c.Repo.Dir, n), ref) + if err != nil { + return nil, err + } + + isPrivate, err := repo.IsPrivate() + if err != nil { + return nil, err + } + + if isPrivate { + return nil, fmt.Errorf("repo is private") + } + + return repo, nil } type flushWriter struct {
M
internal/handlers/repo.go
@@ -17,7 +17,6 @@
"github.com/yuin/goldmark" "github.com/yuin/goldmark/extension" "github.com/yuin/goldmark/renderer/html" - "olexsmir.xyz/mugit/internal/git" "olexsmir.xyz/mugit/internal/humanize" )@@ -36,7 +35,7 @@
repoInfos := []repoInfo{} for _, dir := range dirs { name := dir.Name() - repo, err := git.Open(filepath.Join(h.c.Repo.Dir, name), "") + repo, err := h.openPublicRepo(name, "") if err != nil { slog.Error("", "name", name, "err", err) continue@@ -54,11 +53,6 @@ slog.Error("", "err", err)
continue } - if isPrivate, err := repo.IsPrivate(); err != nil || isPrivate { - slog.Error("", "err", err) - continue - } - repoInfos = append(repoInfos, repoInfo{ Name: name, Desc: desc,@@ -85,19 +79,13 @@ extension.Linkify,
)) func (h *handlers) repoIndex(w http.ResponseWriter, r *http.Request) { - name := filepath.Clean(r.PathValue("name")) - repo, err := git.Open(filepath.Join(h.c.Repo.Dir, name), "") + name := r.PathValue("name") + repo, err := h.openPublicRepo(name, "") if err != nil { h.write404(w, err) return } - isPrivate, err := repo.IsPrivate() - if isPrivate || err != nil { - h.write404(w, err) - return - } - var readmeContents template.HTML for _, readme := range h.c.Repo.Readmes { ext := filepath.Ext(readme)@@ -154,11 +142,11 @@ h.templ(w, "repo_index", data)
} func (h *handlers) repoTree(w http.ResponseWriter, r *http.Request) { - name := filepath.Clean(r.PathValue("name")) + name := r.PathValue("name") ref := r.PathValue("ref") treePath := r.PathValue("rest") - repo, err := git.Open(filepath.Join(h.c.Repo.Dir, name), ref) + repo, err := h.openPublicRepo(name, ref) if err != nil { h.write404(w, err) return@@ -195,7 +183,7 @@ h.templ(w, "repo_tree", data)
} func (h *handlers) fileContents(w http.ResponseWriter, r *http.Request) { - name := filepath.Clean(r.PathValue("name")) + name := r.PathValue("name") ref := r.PathValue("ref") treePath := r.PathValue("rest")@@ -204,14 +192,8 @@ if rawParam, err := strconv.ParseBool(r.URL.Query().Get("raw")); err == nil {
raw = rawParam } - repo, err := git.Open(filepath.Join(h.c.Repo.Dir, name), "") + repo, err := h.openPublicRepo(name, ref) if err != nil { - h.write404(w, err) - return - } - - isPrivate, err := repo.IsPrivate() - if isPrivate || err != nil { h.write404(w, err) return }@@ -261,10 +243,10 @@ h.templ(w, "file", data)
} func (h *handlers) log(w http.ResponseWriter, r *http.Request) { - name := filepath.Clean(r.PathValue("name")) + name := r.PathValue("name") ref := r.PathValue("ref") - repo, err := git.Open(filepath.Join(h.c.Repo.Dir, name), ref) + repo, err := h.openPublicRepo(name, ref) if err != nil { h.write404(w, err) return@@ -299,10 +281,9 @@ h.templ(w, "repo_log", data)
} func (h *handlers) commit(w http.ResponseWriter, r *http.Request) { - name := filepath.Clean(r.PathValue("name")) + name := r.PathValue("name") ref := r.PathValue("ref") - - repo, err := git.Open(filepath.Join(h.c.Repo.Dir, name), ref) + repo, err := h.openPublicRepo(name, ref) if err != nil { h.write404(w, err) return@@ -337,8 +318,8 @@ h.templ(w, "commit", data)
} func (h *handlers) refs(w http.ResponseWriter, r *http.Request) { - name := filepath.Clean(r.PathValue("name")) - repo, err := git.Open(filepath.Join(h.c.Repo.Dir, name), "") + name := r.PathValue("name") + repo, err := h.openPublicRepo(name, "") if err != nil { h.write404(w, err) return
M
internal/ssh/server.go
@@ -4,6 +4,7 @@ import (
"fmt" "log/slog" "path/filepath" + "slices" "strconv" "github.com/gliderlabs/ssh"@@ -53,14 +54,9 @@ }
slog.Info("ssh request", "fingerprint", fingerprint) - authorized := false - for _, authKey := range s.authKeys { - if ssh.KeysEqual(key, authKey) { - authorized = true - break - } - } - + authorized := slices.ContainsFunc(s.authKeys, func(i gossh.PublicKey) bool { + return ssh.KeysEqual(key, i) + }) ctx.SetValue(authorizedKey, authorized) return true }