brownbeagle-gitauth 0.0.1 → 0.0.2

data/README.rdoc

@@ -48,9 +48,19 @@ Would initialize an admin user with the given public key.
 Note that from now on, all gitauth keys should be run either logged in as
 git (via the admin user and ssh) or by being prefixed with asgit or "sudo -H -u git"
 
+=== Web Interface
+
+To start the web interface, just run:
+
+  gitauth webapp
+  
+The first time you boot the web app, you will be prompted
+to enter a username and a password. Please do so
+and then surf to http://your-server-ip:8998/
+
 === Adding Users
 
-Whenever you want to add a user, it's ass imple as:
+Whenever you want to add a user, it's as simple as:
 
   gitauth adduser user-name path-to-public-key
   

data/bin/gitauth

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 #--
-#   Copyright (C) 2009 BrownBeagle
+#   Copyright (C) 2009 Brown Beagle Software
 #   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
 #
 #   This program is free software: you can redistribute it and/or modify
@@ -26,6 +26,7 @@ require File.join(File.dirname(__FILE__), "..", "lib", "gitauth")
 
 class GitAuthRunner < Thor
   
+  # Adding users, groups and repos
   
   desc "addrepo REPO-NAME [PATH-PART]", "Adds a new repository"
   def addrepo(name, path = name)
@@ -43,7 +44,7 @@ class GitAuthRunner < Thor
   def adduser(name, key_path)
     GitAuth.setup!
     admin = !!(options && options[:admin])
-    if GitAuth::Users.create(name, admin, File.read(key_path).strip)
+    if GitAuth::User.create(name, admin, File.read(key_path).strip)
       $stdout.puts "User added"
     else
       $stderr.puts "There was an error adding the given user"
@@ -51,41 +52,34 @@ class GitAuthRunner < Thor
     end
   end
   
-  desc "repos", "Lists all the current repos"
-  def repos
+  desc "addgroup NAME", "Adds a group with the specified name"
+  def addgroup(name)
     GitAuth.setup!
-    $stdout.puts "repositories:"
-    GitAuth::Repo.all.each do |repo|
-      $stdout.puts " - #{repo.name}"
-    end
-  end
-  
-  desc "users", "Lists all users in the system"
-  def users
-    GitAuth.setup!
-    $stdout.puts "users:"
-    GitAuth::Users.all.each do |user|
-      $stdout.puts "- #{user.name}"
+    if GitAuth::Group.create(name)
+      $stdout.puts "The group was added"
+    else
+      $stderr.puts "There was an error creating the aforementioned group"
+      exit! 1
     end
   end
   
+  # Misc. operations
   
-  desc "permissions REPO USER [PERMISION=all,read,write]", "Adds Permissions for a user to a repository"
-  def permissions(repo, user, permissions = "all")
+  desc "permissions REPO USERORGROUP [PERMISION=all,read,write]", "Adds Permissions for a user or group to a repository"
+  def permissions(repo, user_or_group, permissions = "all")
     GitAuth.setup!
     unless %w(read write all).include?(permissions)
       $stderr.puts "Invalid permissions: #{permissions}"
       exit! 1
     end
     repo = GitAuth::Repo.get(repo)
-    user = GitAuth::Users.get(user)
-    if repo.nil? || user.nil?
+    uog  = GitAuth.get_user_or_group(user_or_group)
+    if repo.nil? || uog.nil?
       $stderr.puts "Invalid repository or user, please check the name"
       exit! 1
     end
-    repo.writeable_by(user) if %w(all write).include?(permissions)
-    repo.readable_by(user) if %w(all read).include?(permissions)
-    GitAuth::Users.save!
+    repo.writeable_by(uog) if %w(all write).include?(permissions)
+    repo.readable_by(uog)  if %w(all read).include?(permissions)
     GitAuth::Repo.save!
     $stdout.puts "Permissions Added"
   end
@@ -99,6 +93,10 @@ class GitAuthRunner < Thor
       $stderr.puts "Please log in as the correct user and re-run"
       exit! 1
     end
+    if !GitAuth::Repo.has_git?
+      $stderr.puts "'git' was not found in your path - please install it before continuing."
+      exit! 1
+    end
     require 'fileutils'
     folder = File.expand_path("~/.ssh")
     if !File.exist?(folder) || !File.directory?(folder)
@@ -139,7 +137,7 @@ class GitAuthRunner < Thor
       end
       if !public_key_path.nil? && File.exist?(public_key_path)
         GitAuth.setup!
-        created = GitAuth::Users.create("admin", true, File.read(public_key_path).strip)
+        created = GitAuth::User.create("admin", true, File.read(public_key_path).strip)
         if created
           $stdout.puts "Admin User Created."
         else
@@ -153,6 +151,84 @@ class GitAuthRunner < Thor
       exit! 1
   end
   
+  # Viewing Users etc
+  
+  desc "repos", "Lists all the current repos handled by gitauth"
+  def repos
+    GitAuth.setup!
+    $stdout.puts "Repositories:"
+    GitAuth::Repo.all.each do |repo|
+      line = " - #{repo.name}"
+      line << " (#{repo.path})" if repo.path != repo.name
+      $stdout.puts line
+    end
+  end
+  
+  desc "users", "Lists all users handled by gitauth"
+  def users
+    GitAuth.setup!
+    $stdout.puts "Users:"
+    GitAuth::User.all.each do |user|
+      line = "- #{user}"
+      line << " (admin)" if user.admin?
+      $stdout.puts line
+    end
+  end
+  
+  desc "groups", "Lists all groups handled by gitauth"
+  def groups
+    GitAuth.setup!
+    $stdout.puts "Groups:"
+    GitAuth::Group.all.each do |group|
+      $stdout.puts "- #{group} - #{group.members.empty? ? "no members" : group.members.join(", ")}"
+    end
+  end
+  
+  desc "webapp", "starts serving the GitAuth web-app on Port 8998"
+  def webapp
+    s = GitAuth.settings
+    if s.web_username.to_s.empty? || s.web_password_hash.to_s.empty?
+      $stdout.puts "To use the web interface you must first setup some credentials:"
+      $stdout.print "What username would you like to use? (default is 'gitauth'): "
+      username = Readline.readline.strip
+      username = "gitauth" if username.empty?
+      $stdout.print "What password would you like to use?: "
+      password = read_password
+      while password.empty?
+        $stdout.print "Please try again, What password would you like to use?: "
+        password = read_password
+      end
+      print "Please enter your password again: "
+      confirmation = read_password
+      while confirmation != password
+        print "Wrong password, please confirm again: "
+        confirmation = read_password
+      end
+      require 'digest/sha2'
+      settings = YAML.load_file(File.join(GitAuth::GITAUTH_DIR, "settings.yml"))
+      settings.merge!({
+        "web_username"      => username,
+        "web_password_hash" => Digest::SHA256.hexdigest(password)
+      })
+      File.open(File.join(GitAuth::GITAUTH_DIR, "settings.yml"), "w+") { |f| f.write settings.to_yaml }
+      puts "Username and Password saved."
+      GitAuth.reload_settings!
+    end
+    GitAuth.serve_web!
+  rescue Interrupt
+    exit! 1
+  end
+  
+  protected
+  
+  def read_password
+    system "stty -echo" 
+    line = Readline.readline.strip
+    system "stty echo"
+    print "\n"
+    return line
+  end
+  
 end
 
 if ARGV.empty?

data/bin/gitauth-shell

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 #--
-#   Copyright (C) 2009 BrownBeagle
+#   Copyright (C) 2009 Brown Beagle Software
 #   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
 #
 #   This program is free software: you can redistribute it and/or modify
@@ -32,35 +32,5 @@ File.umask(0022)
 user_name = ARGV[0]
 command   = ENV["SSH_ORIGINAL_COMMAND"]
 
-GitAuth::Client.start!(user_name, command) do |c|
-  
-  c.on(:invalid_user) do |c|
-    c.exit_with_error "An invalid user / key was used. Please ensure it is setup with GitAuth"
-  end
-  
-  c.on(:invalid_command) do |c|
-    if c.user.shell_accessible?
-      exec(ENV["SHELL"])
-    else
-      c.exit_with_error "SSH_ORIGINAL_COMMAND is needed, mmmkay?"
-    end
-  end
-  
-  c.on(:invalid_repository) do |c|
-   c.exit_with_error "Ze repository you specified does not exist."
-  end
-  
-  c.on(:bad_command) do |c|
-    c.exit_with_error "A Bad Command Has Failed Ye, Thou Shalt Not Continue."
-  end
-
-  c.on(:access_denied) do |c|
-    c.exit_with_error "These are not the droids you are looking for"
-  end
-
-  c.on(:fatal_error) do |c|
-    c.exit_with_error "Holy crap, we've imploded cap'n!"
-  end
-  
-end
+GitAuth::Client.start!(user_name, command)
 

data/lib/gitauth/client.rb

@@ -25,20 +25,12 @@ module GitAuth
     attr_accessor :user, :command
     
     def initialize(user_name, command)
-      GitAuth.logger.debug "Initializing client with command: '#{command}' and user name '#{user_name}'"
+      GitAuth.logger.debug "Initializing client with command: #{command.inspect} and user name #{user_name.inspect}"
       @callbacks = Hash.new { |h,k| h[k] = [] }
-      @user      = GitAuth::Users.get(user_name.to_s.strip)
+      @user      = GitAuth::User.get(user_name.to_s.strip)
       @command   = command
     end
     
-    def on(command, &blk)
-      @callbacks[command.to_sym] << blk
-    end
-    
-    def execute_callback!(command)
-      @callbacks[command.to_sym].each { |c| c.call(self) }
-    end
-    
     def exit_with_error(error)
       GitAuth.logger.warn "Exiting with error: #{error}"
       $stderr.puts error
@@ -47,24 +39,30 @@ module GitAuth
     
     def run!
       if @user.nil?
-        execute_callback! :invalid_user
+        exit_with_error "An invalid user / key was used. Please ensure it is setup with GitAuth"
       elsif @command.to_s.strip.empty?
-        execute_callback! :invalid_command
+        if user.shell_accessible?
+          exec(ENV["SHELL"])
+        else
+          exit_with_error "SSH_ORIGINAL_COMMAND is needed, mmmkay?"
+        end
       else
         command   = Command.parse!(@command)
-        repo      = Repo.get(extract_repo_name(command))
+        repo      = command.bad? ? nil : Repo.get(extract_repo_name(command))
         if command.bad?
-          execute_callback! :bad_command
+          if user.shell_accessible?
+            exec(@command)
+          else
+            exit_with_error "A Bad Command Has Failed Ye, Thou Shalt Not Continue."
+          end
         elsif repo.nil?
-          execute_callback! :invalid_repository
+          exit_with_error "Ze repository you specified does not exist."
         elsif user.can_execute?(command, repo)
-          # We can go ahead.
           git_shell_argument = "#{command.verb} '#{repo.real_path}'"
-          # And execute that soab.
           GitAuth.logger.info "Running command: #{git_shell_argument} for user: #{@user.name}"
           exec("git-shell", "-c", git_shell_argument)
         else
-          execute_callback! :access_denied
+          exit_with_error "These are not the droids you are looking for"
         end
       end
     rescue Exception => e
@@ -72,7 +70,7 @@ module GitAuth
       e.backtrace.each do |l|
         GitAuth.logger.fatal "  => #{l}"
       end
-      execute_callback! :fatal_error
+      exit_with_error "Holy crap, we've imploded cap'n!"
     end
     
     def self.start!(user, command)

data/lib/gitauth/command.rb

@@ -34,7 +34,7 @@ module GitAuth
     # Standard Commands
     READ_COMMANDS  = ["git-upload-pack", "git upload-pack"]
     WRITE_COMMANDS = ["git-receive-pack", "git receive-pack"]
-    PATH_REGEXP    = /^'([a-z0-9\-\+]+(\.git)?)'$/i.freeze
+    PATH_REGEXP    = /^'([\w\_\-\.\+]+(\.git)?)'$/i.freeze
     
     attr_reader :path, :verb, :command
     
@@ -61,7 +61,7 @@ module GitAuth
     # These exceptions are FUGLY.
     # Clean up, mmkay?
     def process!
-      raise BadCommandError if @command.include?("\n")
+      raise BadCommandError if @command.include?("\n") || @command !~ /^git/i
       @verb, @argument = split_command
       raise BadCommandError if @argument.nil? || @argument.is_a?(Array) 
       # Check if it's read / write

data/lib/gitauth/group.rb

@@ -0,0 +1,86 @@
+#--
+#   Copyright (C) 2009 Brown Beagle Software
+#   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU Affero General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU Affero General Public License for more details.
+#
+#   You should have received a copy of the GNU Affero General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#++
+
+
+module GitAuth
+  class Group < SaveableClass(:groups)
+
+    attr_accessor :name, :members
+    
+    def initialize(name)
+      @name  = name
+      @members = []
+    end
+    
+    def destroy!
+      GitAuth::Repo.all.each { |r| r.remove_permissions_for(self) }
+      self.class.all.each { |r| r.remove_member(self) }
+      self.class.all.reject! { |g| g == self }
+      GitAuth::Repo.save!
+      self.class.save!
+    end
+    
+    def add_member(member)
+      return if member == self
+      @members << member.to_s
+      @members.uniq!
+    end
+    
+    def remove_member(member)
+      @members.reject! { |m| m == member.to_s }
+    end
+    
+    def ==(group)
+      group.is_a?(Group) && group.name == self.name
+    end
+    
+    def member?(user_or_group, recurse = false, level = 0)
+      member = @members.include?(user_or_group.to_s)
+      Thread.current[:checked_groups] = [] if level == 0
+      if !member
+        return false if level > 0 && Thread.current[:checked_groups].include?(self)
+        Thread.current[:checked_groups] << self
+        member = recurse && @members.map { |m| Group.get(m) }.compact.any? { |g| g.member?(user_or_group, true, level + 1) } 
+      end
+      Thread.current[:checked_groups] = nil if level == 0
+      return member
+    end
+    
+    def to_s
+      "@#{name}"
+    end
+    
+    def self.create(name)
+      name = name.to_s.strip.gsub(/^@/, "")
+      return false if name.empty? || name !~ /^([\w\_\-\.]+)$/
+      self.add_item self.new(name)
+      return true
+    end
+    
+    def self.get(name)
+      GitAuth.logger.debug "Getting group named #{name.inspect}"
+      real_name = name.to_s.gsub(/^@/, "")
+      self.all.detect { |g| g.name == real_name }
+    end
+    
+    def self.group?(name)
+      name.to_s =~ /^@/ && !get(name).nil?
+    end
+    
+  end
+end

data/lib/gitauth/repo.rb

@@ -18,28 +18,8 @@
 
 require 'fileutils'
 module GitAuth
-  class Repo
-    REPOS_PATH = File.join(GitAuth::GITAUTH_DIR, "repositories.yml")
-    
-    def self.all
-      @@all_repositories ||= nil
-    end
-    
-    def self.load!
-      self.all = YAML.load_file(REPOS_PATH) rescue nil if File.exist?(REPOS_PATH)
-      self.all = [] unless self.all.is_a?(Array)
-    end
-    
-    def self.save!
-      load! if self.all.nil?
-      File.open(REPOS_PATH, "w+") do |f|
-        f.write self.all.to_yaml
-      end
-    end
-    
-    def self.all=(value)
-      @@all_repositories = value
-    end
+  class Repo < SaveableClass(:repositories)
+    NAME_RE    = /^([\w\_\-\.\+]+(\.git)?)$/i
     
     def self.get(name)
       GitAuth.logger.debug "Getting Repo w/ name: '#{name}'"
@@ -47,43 +27,55 @@ module GitAuth
     end
     
     def self.create(name, path = name)
-      return false unless self.get(name).nil?
+      return false if name.nil? || path.nil?
+      return false if self.get(name) || self.all.any? { |r| r.path == path } || name !~ NAME_RE || path !~ NAME_RE
       repository = self.new(name, path)
-      if repository.create_repo!
-        self.load!
-        self.all << repository
-        self.save!
-        return true
-      else
-        return false
-      end
+      return false unless repository.create_repo!
+      self.add_item(repository)
+      return true
     end
     
-    attr_accessor :name, :path
+    attr_accessor :name, :path, :permissions
     
     def initialize(name, path, auto_create = false)
       @name, @path = name, path
       @permissions = {}
     end
     
-    def writeable_by(user)
+    def ==(other)
+      other.is_a?(Repo) && other.name == name && other.path == path
+    end
+    
+    def writeable_by(user_or_group)
       @permissions[:write] ||= []
-      @permissions[:write] << user.name
+      @permissions[:write] << user_or_group.to_s
       @permissions[:write].uniq!
     end
     
-    def readable_by(user)
+    def readable_by(user_or_group)
       @permissions[:read] ||= []
-      @permissions[:read] << user.name
+      @permissions[:read] << user_or_group.to_s
       @permissions[:read].uniq!
     end
     
-    def writeable_by?(user)
-      (@permissions[:write] || []).include? user.name
+    def writeable_by?(user_or_group)
+      !(@permissions[:write] || []).detect do |writer|
+        writer = GitAuth.get_user_or_group(writer)
+        writer == user_or_group || (writer.is_a?(Group) && writer.member?(user_or_group, true))
+      end.nil?
     end
     
-    def readable_by?(user)
-      (@permissions[:read] || []).include? user.name
+    def readable_by?(user_or_group)
+      !(@permissions[:read] || []).detect do |reader|
+        reader = GitAuth.get_user_or_group(reader)
+        reader == user_or_group || (reader.is_a?(Group) && reader.member?(user_or_group, true))
+      end.nil?
+    end
+    
+    def remove_permissions_for(user_or_group)
+      @permissions.each_value do |val|
+        val.reject! { |m| m == user_or_group.to_s }
+      end
     end
     
     def real_path
@@ -91,6 +83,7 @@ module GitAuth
     end
     
     def create_repo!
+      return false if !self.class.has_git?
       path = self.real_path
       unless File.exist?(path) && File.directory?(path)
         FileUtils.mkdir_p(path)
@@ -102,5 +95,15 @@ module GitAuth
       end
     end
     
+    def destroy!
+      FileUtils.rm_rf(self.real_path) if File.exist?(self.real_path)
+      self.class.all.reject! { |r| r == self }
+      self.class.save!
+    end
+    
+    def self.has_git?
+      !`which git`.strip.empty?
+    end
+    
   end
 end

data/lib/gitauth/saveable_class.rb

@@ -0,0 +1,60 @@
+#--
+#   Copyright (C) 2009 Brown Beagle Software
+#   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU Affero General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU Affero General Public License for more details.
+#
+#   You should have received a copy of the GNU Affero General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#++
+
+
+module GitAuth
+  def self.SaveableClass(kind)
+    klass = Class.new
+    path_name = "#{kind.to_s.upcase}_PATH"
+    yaml_file_name = "#{kind}.yml"
+    
+    saveable_class_def = <<-END
+    
+      #{path_name} = File.join(GitAuth::GITAUTH_DIR, #{yaml_file_name.inspect})
+    
+      def self.all
+        @@all_#{kind} ||= nil
+      end
+      
+      def self.all=(value)
+        @@all_#{kind} = value
+      end
+      
+      def self.load!
+        self.all = YAML.load_file(#{path_name}) rescue nil if File.exist?(#{path_name})
+        self.all = [] unless self.all.is_a?(Array)
+      end
+
+      def self.save!
+        load! if self.all.nil?
+        File.open(#{path_name}, "w+") do |f|
+          f.write self.all.to_yaml
+        end
+      end
+      
+      def self.add_item(item)
+        self.load! if self.all.nil?
+        self.all << item
+        self.save!
+      end
+    
+    END
+    klass.class_eval(saveable_class_def)
+    return klass
+  end
+end