FileResolver.java

/*
 * Copyright (C) 2009-2022, Google Inc. and others
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Distribution License v. 1.0 which is available at
 * https://www.eclipse.org/org/documents/edl-v10.php.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

package org.eclipse.jgit.transport.resolver;

import java.io.File;
import java.io.IOException;
import java.util.Collection;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;

import org.eclipse.jgit.errors.RepositoryNotFoundException;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.lib.RepositoryCache;
import org.eclipse.jgit.lib.RepositoryCache.FileKey;
import org.eclipse.jgit.util.FS;
import org.eclipse.jgit.util.StringUtils;

/**
 * Default resolver serving from the local filesystem.
 *
 * @param <C>
 *            type of connection
 */
public class FileResolver<C> implements RepositoryResolver<C> {
    private volatile boolean exportAll;

    private final Map<String, Repository> exports;

    private final Collection<File> exportBase;

    /**
     * Initialize an empty file based resolver.
     */
    public FileResolver() {
        exports = new ConcurrentHashMap<>();
        exportBase = new CopyOnWriteArrayList<>();
    }

    /**
     * Create a new resolver for the given path.
     *
     * @param basePath
     *            the base path all repositories are rooted under.
     * @param exportAll
     *            if true, exports all repositories, ignoring the check for the
     *            {@code git-daemon-export-ok} files.
     */
    public FileResolver(File basePath, boolean exportAll) {
        this();
        exportDirectory(basePath);
        setExportAll(exportAll);
    }

    /** {@inheritDoc} */
    @Override
    public Repository open(C req, String name)
            throws RepositoryNotFoundException, ServiceNotEnabledException {
        if (isUnreasonableName(name))
            throw new RepositoryNotFoundException(name);

        Repository db = exports.get(StringUtils.nameWithDotGit(name));
        if (db != null) {
            db.incrementOpen();
            return db;
        }

        for (File base : exportBase) {
            File dir = FileKey.resolve(new File(base, name), FS.DETECTED);
            if (dir == null)
                continue;

            try {
                FileKey key = FileKey.exact(dir, FS.DETECTED);
                db = RepositoryCache.open(key, true);
            } catch (IOException e) {
                throw new RepositoryNotFoundException(name, e);
            }

            try {
                if (isExportOk(req, name, db)) {
                    // We have to leak the open count to the caller, they
                    // are responsible for closing the repository if we
                    // complete successfully.
                    return db;
                }
                throw new ServiceNotEnabledException();

            } catch (RuntimeException | IOException e) {
                db.close();
                throw new RepositoryNotFoundException(name, e);

            } catch (ServiceNotEnabledException e) {
                db.close();
                throw e;
            }
        }

        if (exportBase.size() == 1) {
            File dir = new File(exportBase.iterator().next(), name);
            throw new RepositoryNotFoundException(name,
                    new RepositoryNotFoundException(dir));
        }

        throw new RepositoryNotFoundException(name);
    }

    /**
     * Whether <code>git-daemon-export-ok</code> is required to export a
     * repository
     *
     * @return false if <code>git-daemon-export-ok</code> is required to export
     *         a repository; true if <code>git-daemon-export-ok</code> is
     *         ignored.
     * @see #setExportAll(boolean)
     */
    public boolean isExportAll() {
        return exportAll;
    }

    /**
     * Set whether or not to export all repositories.
     * <p>
     * If false (the default), repositories must have a
     * <code>git-daemon-export-ok</code> file to be accessed through this
     * daemon.
     * <p>
     * If true, all repositories are available through the daemon, whether or
     * not <code>git-daemon-export-ok</code> exists.
     *
     * @param export a boolean.
     */
    public void setExportAll(boolean export) {
        exportAll = export;
    }

    /**
     * Add a single repository to the set that is exported by this daemon.
     * <p>
     * The existence (or lack-thereof) of <code>git-daemon-export-ok</code> is
     * ignored by this method. The repository is always published.
     *
     * @param name
     *            name the repository will be published under.
     * @param db
     *            the repository instance.
     */
    public void exportRepository(String name, Repository db) {
        exports.put(StringUtils.nameWithDotGit(name), db);
    }

    /**
     * Recursively export all Git repositories within a directory.
     *
     * @param dir
     *            the directory to export. This directory must not itself be a
     *            git repository, but any directory below it which has a file
     *            named <code>git-daemon-export-ok</code> will be published.
     */
    public void exportDirectory(File dir) {
        exportBase.add(dir);
    }

    /**
     * Check if this repository can be served.
     * <p>
     * The default implementation of this method returns true only if either
     * {@link #isExportAll()} is true, or the {@code git-daemon-export-ok} file
     * is present in the repository's directory.
     *
     * @param req
     *            the current HTTP request.
     * @param repositoryName
     *            name of the repository, as present in the URL.
     * @param db
     *            the opened repository instance.
     * @return true if the repository is accessible; false if not.
     * @throws java.io.IOException
     *             the repository could not be accessed, the caller will claim
     *             the repository does not exist.
     */
    protected boolean isExportOk(C req, String repositoryName, Repository db)
            throws IOException {
        if (isExportAll())
            return true;
        else if (db.getDirectory() != null)
            return new File(db.getDirectory(), "git-daemon-export-ok").exists(); //$NON-NLS-1$
        else
            return false;
    }

    private static boolean isUnreasonableName(String name) {
        if (name.length() == 0)
            return true; // no empty paths

        if (name.indexOf('\\') >= 0)
            return true; // no windows/dos style paths
        if (new File(name).isAbsolute())
            return true; // no absolute paths

        if (name.startsWith("../")) //$NON-NLS-1$
            return true; // no "l../etc/passwd"
        if (name.contains("/../")) //$NON-NLS-1$
            return true; // no "foo/../etc/passwd"
        if (name.contains("/./")) //$NON-NLS-1$
            return true; // "foo/./foo" is insane to ask
        if (name.contains("//")) //$NON-NLS-1$
            return true; // double slashes is sloppy, don't use it

        return false; // is a reasonable name
    }
}