diff options
| author | Runxi Yu <me@runxiyu.org> | 2025-02-16 01:48:39 +0800 |
|---|---|---|
| committer | Runxi Yu <me@runxiyu.org> | 2025-02-16 01:52:47 +0800 |
| commit | d212c4606a6eb470067d5302b2350d288d4d9c88 (patch) | |
| tree | 8eac51da018f6bfbfbae1356968ff8908b887ab6 /ssh_handle_receive_pack.go | |
| parent | schema.sql: Fix public keys and add basic group ACL (diff) | |
| download | forge-d212c4606a6eb470067d5302b2350d288d4d9c88.tar.gz forge-d212c4606a6eb470067d5302b2350d288d4d9c88.tar.zst forge-d212c4606a6eb470067d5302b2350d288d4d9c88.zip | |
{ssh_*,acl}.go: Check ACL when receiving packs
Diffstat (limited to 'ssh_handle_receive_pack.go')
| -rw-r--r-- | ssh_handle_receive_pack.go | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ssh_handle_receive_pack.go b/ssh_handle_receive_pack.go index 3395e24..30825ad 100644 --- a/ssh_handle_receive_pack.go +++ b/ssh_handle_receive_pack.go @@ -1,6 +1,8 @@ package main import ( + "errors" + glider_ssh "github.com/gliderlabs/ssh" "github.com/go-git/go-billy/v5/osfs" "github.com/go-git/go-git/v5/plumbing/protocol/packp" @@ -8,11 +10,16 @@ import ( transport_server "github.com/go-git/go-git/v5/plumbing/transport/server" ) +var err_unauthorized_push = errors.New("You are not authorized to push to this repository") + func ssh_handle_receive_pack(session glider_ssh.Session, pubkey string, repo_identifier string) (err error) { - repo_path, err := get_repo_path_from_ssh_path(session.Context(), repo_identifier) + repo_path, access, err := get_repo_path_perms_from_ssh_path_pubkey(session.Context(), repo_identifier, pubkey) if err != nil { return err } + if !access { + return err_unauthorized_push + } endpoint, err := transport.NewEndpoint("/") if err != nil { return err |