View Javadoc
1   /*
2    * Copyright (C) 2011, Google Inc. and others
3    *
4    * This program and the accompanying materials are made available under the
5    * terms of the Eclipse Distribution License v. 1.0 which is available at
6    * https://www.eclipse.org/org/documents/edl-v10.php.
7    *
8    * SPDX-License-Identifier: BSD-3-Clause
9    */
10  
11  package org.eclipse.jgit.http.server;
12  
13  import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
14  import static javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
15  import static javax.servlet.http.HttpServletResponse.SC_NOT_FOUND;
16  import static org.eclipse.jgit.http.server.ServletUtils.ATTRIBUTE_HANDLER;
17  import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_SIDE_BAND_64K;
18  import static org.eclipse.jgit.transport.SideBandOutputStream.CH_ERROR;
19  import static org.eclipse.jgit.transport.SideBandOutputStream.SMALL_BUF;
20  
21  import java.io.ByteArrayOutputStream;
22  import java.io.IOException;
23  import java.io.OutputStream;
24  import java.util.Arrays;
25  import java.util.Collections;
26  import java.util.List;
27  
28  import javax.servlet.http.HttpServletRequest;
29  import javax.servlet.http.HttpServletResponse;
30  
31  import org.eclipse.jgit.internal.transport.parser.FirstCommand;
32  import org.eclipse.jgit.lib.Constants;
33  import org.eclipse.jgit.transport.PacketLineIn;
34  import org.eclipse.jgit.transport.PacketLineOut;
35  import org.eclipse.jgit.transport.ReceivePack;
36  import org.eclipse.jgit.transport.RequestNotYetReadException;
37  import org.eclipse.jgit.transport.SideBandOutputStream;
38  
39  /**
40   * Utility functions for handling the Git-over-HTTP protocol.
41   */
42  public class GitSmartHttpTools {
43  	private static final String INFO_REFS = Constants.INFO_REFS;
44  
45  	/** Name of the git-upload-pack service. */
46  	public static final String UPLOAD_PACK = "git-upload-pack";
47  
48  	/** Name of the git-receive-pack service. */
49  	public static final String RECEIVE_PACK = "git-receive-pack";
50  
51  	/** Content type supplied by the client to the /git-upload-pack handler. */
52  	public static final String UPLOAD_PACK_REQUEST_TYPE =
53  			"application/x-git-upload-pack-request";
54  
55  	/** Content type returned from the /git-upload-pack handler. */
56  	public static final String UPLOAD_PACK_RESULT_TYPE =
57  			"application/x-git-upload-pack-result";
58  
59  	/** Content type supplied by the client to the /git-receive-pack handler. */
60  	public static final String RECEIVE_PACK_REQUEST_TYPE =
61  			"application/x-git-receive-pack-request";
62  
63  	/** Content type returned from the /git-receive-pack handler. */
64  	public static final String RECEIVE_PACK_RESULT_TYPE =
65  			"application/x-git-receive-pack-result";
66  
67  	/** Git service names accepted by the /info/refs?service= handler. */
68  	public static final List<String> VALID_SERVICES =
69  			Collections.unmodifiableList(Arrays.asList(new String[] {
70  					UPLOAD_PACK, RECEIVE_PACK }));
71  
72  	private static final String INFO_REFS_PATH = "/" + INFO_REFS;
73  	private static final String UPLOAD_PACK_PATH = "/" + UPLOAD_PACK;
74  	private static final String RECEIVE_PACK_PATH = "/" + RECEIVE_PACK;
75  
76  	private static final List<String> SERVICE_SUFFIXES =
77  			Collections.unmodifiableList(Arrays.asList(new String[] {
78  					INFO_REFS_PATH, UPLOAD_PACK_PATH, RECEIVE_PACK_PATH }));
79  
80  	/**
81  	 * Check a request for Git-over-HTTP indicators.
82  	 *
83  	 * @param req
84  	 *            the current HTTP request that may have been made by Git.
85  	 * @return true if the request is likely made by a Git client program.
86  	 */
87  	public static boolean isGitClient(HttpServletRequest req) {
88  		return isInfoRefs(req) || isUploadPack(req) || isReceivePack(req);
89  	}
90  
91  	/**
92  	 * Send an error to the Git client or browser.
93  	 * <p>
94  	 * Server implementors may use this method to send customized error messages
95  	 * to a Git protocol client using an HTTP 200 OK response with the error
96  	 * embedded in the payload. If the request was not issued by a Git client,
97  	 * an HTTP response code is returned instead.
98  	 *
99  	 * @param req
100 	 *            current request.
101 	 * @param res
102 	 *            current response.
103 	 * @param httpStatus
104 	 *            HTTP status code to set if the client is not a Git client.
105 	 * @throws IOException
106 	 *             the response cannot be sent.
107 	 */
108 	public static void sendError(HttpServletRequest req,
109 			HttpServletResponse res, int httpStatus) throws IOException {
110 		sendError(req, res, httpStatus, null);
111 	}
112 
113 	/**
114 	 * Send an error to the Git client or browser.
115 	 * <p>
116 	 * Server implementors may use this method to send customized error messages
117 	 * to a Git protocol client using an HTTP 200 OK response with the error
118 	 * embedded in the payload. If the request was not issued by a Git client,
119 	 * an HTTP response code is returned instead.
120 	 * <p>
121 	 * This method may only be called before handing off the request to
122 	 * {@link org.eclipse.jgit.transport.UploadPack#upload(java.io.InputStream, OutputStream, OutputStream)}
123 	 * or
124 	 * {@link org.eclipse.jgit.transport.ReceivePack#receive(java.io.InputStream, OutputStream, OutputStream)}.
125 	 *
126 	 * @param req
127 	 *            current request.
128 	 * @param res
129 	 *            current response.
130 	 * @param httpStatus
131 	 *            HTTP status code to set if the client is not a Git client.
132 	 * @param textForGit
133 	 *            plain text message to display on the user's console. This is
134 	 *            shown only if the client is likely to be a Git client. If null
135 	 *            or the empty string a default text is chosen based on the HTTP
136 	 *            response code.
137 	 * @throws IOException
138 	 *             the response cannot be sent.
139 	 */
140 	public static void sendError(HttpServletRequest req,
141 			HttpServletResponse res, int httpStatus, String textForGit)
142 			throws IOException {
143 		if (textForGit == null || textForGit.length() == 0) {
144 			switch (httpStatus) {
145 			case SC_FORBIDDEN:
146 				textForGit = HttpServerText.get().repositoryAccessForbidden;
147 				break;
148 			case SC_NOT_FOUND:
149 				textForGit = HttpServerText.get().repositoryNotFound;
150 				break;
151 			case SC_INTERNAL_SERVER_ERROR:
152 				textForGit = HttpServerText.get().internalServerError;
153 				break;
154 			default:
155 				textForGit = "HTTP " + httpStatus;
156 				break;
157 			}
158 		}
159 
160 		if (isInfoRefs(req)) {
161 			sendInfoRefsError(req, res, textForGit, httpStatus);
162 		} else if (isUploadPack(req)) {
163 			sendUploadPackError(req, res, textForGit, httpStatus);
164 		} else if (isReceivePack(req)) {
165 			sendReceivePackError(req, res, textForGit, httpStatus);
166 		} else {
167 			if (httpStatus < 400)
168 				ServletUtils.consumeRequestBody(req);
169 			res.sendError(httpStatus, textForGit);
170 		}
171 	}
172 
173 	private static void sendInfoRefsError(HttpServletRequest req,
174 			HttpServletResponse res, String textForGit, int httpStatus)
175 			throws IOException {
176 		ByteArrayOutputStream buf = new ByteArrayOutputStream(128);
177 		PacketLineOut pck = new PacketLineOut(buf);
178 		String svc = req.getParameter("service");
179 		pck.writeString("# service=" + svc + "\n");
180 		pck.end();
181 		pck.writeString("ERR " + textForGit);
182 		send(req, res, infoRefsResultType(svc), buf.toByteArray(), httpStatus);
183 	}
184 
185 	private static void sendUploadPackError(HttpServletRequest req,
186 			HttpServletResponse res, String textForGit, int httpStatus)
187 			throws IOException {
188 		// Do not use sideband. Sideband is acceptable only while packfile is
189 		// being sent. Other places, like acknowledgement section, do not
190 		// support sideband. Use an error packet.
191 		ByteArrayOutputStream buf = new ByteArrayOutputStream(128);
192 		PacketLineOut pckOut = new PacketLineOut(buf);
193 		writePacket(pckOut, textForGit);
194 		send(req, res, UPLOAD_PACK_RESULT_TYPE, buf.toByteArray(), httpStatus);
195 	}
196 
197 	private static void sendReceivePackError(HttpServletRequest req,
198 			HttpServletResponse res, String textForGit, int httpStatus)
199 			throws IOException {
200 		ByteArrayOutputStream buf = new ByteArrayOutputStream(128);
201 		PacketLineOut pckOut = new PacketLineOut(buf);
202 
203 		boolean sideband;
204 		ReceivePack rp = (ReceivePack) req.getAttribute(ATTRIBUTE_HANDLER);
205 		if (rp != null) {
206 			try {
207 				sideband = rp.isSideBand();
208 			} catch (RequestNotYetReadException e) {
209 				sideband = isReceivePackSideBand(req);
210 			}
211 		} else
212 			sideband = isReceivePackSideBand(req);
213 
214 		if (sideband)
215 			writeSideBand(buf, textForGit);
216 		else
217 			writePacket(pckOut, textForGit);
218 		send(req, res, RECEIVE_PACK_RESULT_TYPE, buf.toByteArray(), httpStatus);
219 	}
220 
221 	private static boolean isReceivePackSideBand(HttpServletRequest req) {
222 		try {
223 			// The client may be in a state where they have sent the sideband
224 			// capability and are expecting a response in the sideband, but we might
225 			// not have a ReceivePack, or it might not have read any of the request.
226 			// So, cheat and read the first line.
227 			String line = new PacketLineIn(req.getInputStream()).readString();
228 			FirstCommand parsed = FirstCommand.fromLine(line);
229 			return parsed.getCapabilities().contains(CAPABILITY_SIDE_BAND_64K);
230 		} catch (IOException e) {
231 			// Probably the connection is closed and a subsequent write will fail, but
232 			// try it just in case.
233 			return false;
234 		}
235 	}
236 
237 	private static void writeSideBand(OutputStream out, String textForGit)
238 			throws IOException {
239 		try (OutputStream msg = new SideBandOutputStream(CH_ERROR, SMALL_BUF,
240 				out)) {
241 			msg.write(Constants.encode("error: " + textForGit));
242 			msg.flush();
243 		}
244 	}
245 
246 	private static void writePacket(PacketLineOut pckOut, String textForGit)
247 			throws IOException {
248 		pckOut.writeString("ERR " + textForGit);
249 	}
250 
251 	private static void send(HttpServletRequest req, HttpServletResponse res,
252 			String type, byte[] buf, int httpStatus) throws IOException {
253 		ServletUtils.consumeRequestBody(req);
254 		res.setStatus(httpStatus);
255 		res.setContentType(type);
256 		res.setContentLength(buf.length);
257 		try (OutputStream os = res.getOutputStream()) {
258 			os.write(buf);
259 		}
260 	}
261 
262 	/**
263 	 * Get the response Content-Type a client expects for the request.
264 	 * <p>
265 	 * This method should only be invoked if
266 	 * {@link #isGitClient(HttpServletRequest)} is true.
267 	 *
268 	 * @param req
269 	 *            current request.
270 	 * @return the Content-Type the client expects.
271 	 * @throws IllegalArgumentException
272 	 *             the request is not a Git client request. See
273 	 *             {@link #isGitClient(HttpServletRequest)}.
274 	 */
275 	public static String getResponseContentType(HttpServletRequest req) {
276 		if (isInfoRefs(req))
277 			return infoRefsResultType(req.getParameter("service"));
278 		else if (isUploadPack(req))
279 			return UPLOAD_PACK_RESULT_TYPE;
280 		else if (isReceivePack(req))
281 			return RECEIVE_PACK_RESULT_TYPE;
282 		else
283 			throw new IllegalArgumentException();
284 	}
285 
286 	static String infoRefsResultType(String svc) {
287 		return "application/x-" + svc + "-advertisement";
288 	}
289 
290 	/**
291 	 * Strip the Git service suffix from a request path.
292 	 *
293 	 * Generally the suffix is stripped by the {@code SuffixPipeline} handling
294 	 * the request, so this method is rarely needed.
295 	 *
296 	 * @param path
297 	 *            the path of the request.
298 	 * @return the path up to the last path component before the service suffix;
299 	 *         the path as-is if it contains no service suffix.
300 	 */
301 	public static String stripServiceSuffix(String path) {
302 		for (String suffix : SERVICE_SUFFIXES) {
303 			if (path.endsWith(suffix))
304 				return path.substring(0, path.length() - suffix.length());
305 		}
306 		return path;
307 	}
308 
309 	/**
310 	 * Check if the HTTP request was for the /info/refs?service= Git handler.
311 	 *
312 	 * @param req
313 	 *            current request.
314 	 * @return true if the request is for the /info/refs service.
315 	 */
316 	public static boolean isInfoRefs(HttpServletRequest req) {
317 		return req.getRequestURI().endsWith(INFO_REFS_PATH)
318 				&& VALID_SERVICES.contains(req.getParameter("service"));
319 	}
320 
321 	/**
322 	 * Check if the HTTP request path ends with the /git-upload-pack handler.
323 	 *
324 	 * @param pathOrUri
325 	 *            path or URI of the request.
326 	 * @return true if the request is for the /git-upload-pack handler.
327 	 */
328 	public static boolean isUploadPack(String pathOrUri) {
329 		return pathOrUri != null && pathOrUri.endsWith(UPLOAD_PACK_PATH);
330 	}
331 
332 	/**
333 	 * Check if the HTTP request was for the /git-upload-pack Git handler.
334 	 *
335 	 * @param req
336 	 *            current request.
337 	 * @return true if the request is for the /git-upload-pack handler.
338 	 */
339 	public static boolean isUploadPack(HttpServletRequest req) {
340 		return isUploadPack(req.getRequestURI())
341 				&& UPLOAD_PACK_REQUEST_TYPE.equals(req.getContentType());
342 	}
343 
344 	/**
345 	 * Check if the HTTP request was for the /git-receive-pack Git handler.
346 	 *
347 	 * @param req
348 	 *            current request.
349 	 * @return true if the request is for the /git-receive-pack handler.
350 	 */
351 	public static boolean isReceivePack(HttpServletRequest req) {
352 		String uri = req.getRequestURI();
353 		return uri != null && uri.endsWith(RECEIVE_PACK_PATH)
354 				&& RECEIVE_PACK_REQUEST_TYPE.equals(req.getContentType());
355 	}
356 
357 	private GitSmartHttpTools() {
358 	}
359 }