Skip to content

Commit 2f2c306

Browse files
koalajoe23koalajoe23
committed
check user and repo for redirects when using git via SSH transport
1 parent 998b6b8 commit 2f2c306

File tree

1 file changed

+39
-1
lines changed

1 file changed

+39
-1
lines changed

cmd/serv.go

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ import (
2020
git_model "code.gitea.io/gitea/models/git"
2121
"code.gitea.io/gitea/models/perm"
2222
"code.gitea.io/gitea/models/repo"
23+
user_model "code.gitea.io/gitea/models/user"
2324
"code.gitea.io/gitea/modules/git"
2425
"code.gitea.io/gitea/modules/json"
2526
"code.gitea.io/gitea/modules/lfstransfer"
@@ -227,12 +228,49 @@ func runServ(ctx context.Context, c *cli.Command) error {
227228
}
228229

229230
username := repoPathFields[0]
231+
var uid int64
232+
233+
if err := initDB(ctx); err != nil {
234+
return fail(ctx, "DB initialization error", "Error while initializing Gitea database")
235+
}
236+
237+
real_uid, err := user_model.LookupUserRedirect(ctx, username)
238+
if err == nil {
239+
uid = real_uid
240+
} else {
241+
user, err := user_model.GetUserByName(ctx, username)
242+
if err == nil {
243+
uid = user.ID
244+
} else {
245+
return fail(ctx, "Invalid username", "Could not find user or org: %s", username)
246+
}
247+
}
248+
249+
//We need the uid for repo redirect lookup
250+
real_user, err := user_model.GetUserByID(ctx, uid)
251+
if err == nil {
252+
username = real_user.Name
253+
} else {
254+
return fail(ctx, "User ID lookup failed", "Could not find user with ID: %d", uid)
255+
}
256+
230257
reponame := strings.TrimSuffix(repoPathFields[1], ".git") // “the-repo-name" or "the-repo-name.wiki"
231258

259+
real_rid, err := repo.LookupRedirect(ctx, uid, reponame)
260+
if err == nil {
261+
real_repo, err := repo.GetRepositoryByID(ctx, real_rid)
262+
if err == nil {
263+
reponame = real_repo.Name
264+
username = real_repo.OwnerName
265+
} else {
266+
return fail(ctx, "Repo ID lookup failed", "Could not find repo with ID: %d", real_rid)
267+
}
268+
}
269+
232270
// LowerCase and trim the repoPath as that's how they are stored.
233271
// This should be done after splitting the repoPath into username and reponame
234272
// so that username and reponame are not affected.
235-
repoPath = strings.ToLower(strings.TrimSpace(repoPath))
273+
repoPath = strings.ToLower(username + "/" + reponame)
236274

237275
if !repo.IsValidSSHAccessRepoName(reponame) {
238276
return fail(ctx, "Invalid repo name", "Invalid repo name: %s", reponame)

0 commit comments

Comments
 (0)