brownbeagle-gitauth 0.0.1 → 0.0.2

data/lib/gitauth/{users.rb → user.rb}

@@ -18,41 +18,20 @@
 
 
 module GitAuth
-  class Users
-    
-    USERS_PATH = File.join(GitAuth::GITAUTH_DIR, "users.yml")
-    
-    def self.all
-      @@all_users ||= nil
-    end
-    
-    def self.load!
-      self.all = YAML.load_file(USERS_PATH) rescue nil if File.exist?(USERS_PATH)
-      self.all = [] unless self.all.is_a?(Array)
-    end
-    
-    def self.save!
-      load! if self.all.nil?
-      File.open(USERS_PATH, "w+") do |f|
-        f.write self.all.to_yaml
-      end
-    end
-    
-    def self.all=(value)
-      @@all_users = value
-    end
-    
+  class User < SaveableClass(:users)
+        
     def self.get(name)
       GitAuth.logger.debug "Getting user for the name '#{name}'"
       self.all.detect { |r| r.name == name }
     end
     
     def self.create(name, admin, key)
+      # Basic sanity checking.
+      return false if name.nil? || admin.nil? || key.nil?
+      return false unless name =~ /^([\w\_\-\.]+)$/ && !!admin == admin
       user = self.new(name, admin)
       if user.write_ssh_key!(key)
-        self.load!
-        self.all << user
-        self.save!
+        self.add_item(user)
         return true
       else
         return false
@@ -66,13 +45,16 @@ module GitAuth
       @admin = admin
     end
     
+    def to_s
+      @name.to_s
+    end
+    
     def write_ssh_key!(key)
-      cleaned_key = clean_ssh_key(key)
+      cleaned_key = self.class.clean_ssh_key(key)
       if cleaned_key.nil?
         return false
       else
-        gitauth_path = GitAuth.settings.shell_executable
-        output = "command=\"#{gitauth_path} #{@name}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding#{shell_accessible? ? "" : ",no-pty"} #{cleaned_key}"
+        output = "#{command_prefix} #{cleaned_key}"
         File.open(GitAuth.settings.authorized_keys_file, "a+") do |file|
           file.puts output
         end
@@ -80,6 +62,27 @@ module GitAuth
       end
     end
     
+    def command_prefix
+      "command=\"#{GitAuth.settings.shell_executable} #{@name}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding#{shell_accessible? ? "" : ",no-pty"}"
+    end
+    
+    def destroy!
+      GitAuth::Repo.all.each  { |r| r.remove_permissions_for(self) }
+      GitAuth::Group.all.each { |g| g.remove_member(self) }
+      # Remove the public key from the authorized_keys file.
+      auth_keys_path = GitAuth.settings.authorized_keys_file
+      if File.exist?(auth_keys_path)
+        contents = File.read(auth_keys_path)
+        contents.gsub!(/#{command_prefix} ssh-\w+ [a-zA-Z0-9\/\+]+==\r?\n?/m, "")
+        File.open(auth_keys_path, "w+") { |f| f.write contents }
+      end
+      self.class.all.reject! { |u| u == self }
+      # Finally, save everything
+      self.class.save!
+      GitAuth::Repo.save!
+      GitAuth::Group.save!
+    end
+    
     def admin?
       !!@admin
     end
@@ -107,7 +110,7 @@ module GitAuth
       end
     end
     
-    def clean_ssh_key(key)
+    def self.clean_ssh_key(key)
       if key =~ /^(ssh-\w+ [a-zA-Z0-9\/\+]+==) .*$/
         return $1
       else
@@ -116,4 +119,5 @@ module GitAuth
     end
     
   end
+  Users = User # For Backwards Compat.
 end

data/lib/gitauth/web_app.rb

@@ -0,0 +1,230 @@
+#--
+#   Copyright (C) 2009 Brown Beagle Software
+#   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU Affero General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU Affero General Public License for more details.
+#
+#   You should have received a copy of the GNU Affero General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#++
+
+require 'sinatra'
+require 'digest/sha2'
+module GitAuth
+  class WebApp < Sinatra::Base
+    
+    use Rack::Auth::Basic do |username, password|
+      [username, Digest::SHA256.hexdigest(password)] == [GitAuth.settings.web_username, GitAuth.settings.web_password_hash]
+    end
+    
+    configure do
+      set :port, 8998
+      set :views, File.join(GitAuth::BASE_DIR, "views")
+      set :public, File.join(GitAuth::BASE_DIR, "public")
+      set :static, true
+      set :methodoverride, true
+    end
+    
+    before do
+      GitAuth.force_setup!
+    end
+    
+    helpers do
+      include Rack::Utils
+      alias_method :h, :escape_html
+      
+      def link_to(text, link)
+        "<a href='#{link}'>#{text}</a>"
+      end
+      
+      def delete_link(text, url)
+        id = "deleteable-#{Digest::SHA256.hexdigest(url.to_s)[0, 6]}"
+        html =  "<div class='deletable-container' style='display: none; margin: 0; padding: 0;'>"
+        html << "<form method='post' action='#{url}' id='#{id}'>"
+        html << "<input name='_method' type='hidden' value='delete' />"
+        html << "</form></div>"
+        html << "<a href='#' onclick='if(confirm(\"Are you sure you want to do that? Deletion can not be reversed.\")) $(\"##{id}\").submit(); return false;'>#{text}</a>"
+        return html
+      end
+      
+      def auto_link(member)
+        member = member.to_s
+        url = (member[0] == ?@ ? "/groups/#{URI.encode(member[1..-1])}" : "/users/#{URI.encode(member)}")
+        return link_to(member, url)
+      end
+      
+    end
+    
+    get '/' do
+      @repos  = GitAuth::Repo.all
+      @users  = GitAuth::User.all
+      @groups = GitAuth::Group.all
+      erb :index
+    end
+    
+    
+    # Listing / Index Page
+    
+    get '/repos/:name' do
+      @repo = GitAuth::Repo.get(params[:name])
+      if @repo.nil?
+        redirect root_with_message("The given repository couldn't be found.")
+      else
+        read_perms, write_perms = (@repo.permissions[:read]||[]), (@repo.permissions[:write]||[])
+        @all_access = read_perms & write_perms
+        @read_only  = read_perms - @all_access 
+        @write_only = write_perms - @all_access
+        erb :repo
+      end
+    end
+    
+    get '/users/:name' do
+      @user = GitAuth::User.get(params[:name])
+      if @user.nil?
+        redirect root_with_message("The given user couldn't be found.")
+      else
+        repos  = GitAuth::Repo.all 
+        read_perms  = repos.select { |r| r.readable_by?(@user)  }
+        write_perms = repos.select { |r| r.writeable_by?(@user) }
+        @all_access = read_perms & write_perms
+        @read_only  = read_perms - @all_access
+        @write_only = write_perms - @all_access
+        @groups = GitAuth::Group.all.select { |g| g.member?(@user) }
+        erb :user
+      end
+    end
+    
+    get '/groups/:name' do
+      @group = GitAuth::Group.get(params[:name])
+      if @group.nil?
+        redirect root_with_message("The given group could not be found.")
+      else
+        erb :group
+      end
+    end
+    
+    # Create and update repos
+    
+    post '/repos' do
+      name = params[:repo][:name]
+      path = params[:repo][:path]
+      path = name if path.to_s.strip.empty?
+      if GitAuth::Repo.create(name, path)
+        redirect root_with_message("Repository successfully added")
+      else
+        redirect root_with_message("There was an error adding the repository.")
+      end
+    end
+    
+    post '/repos/:name' do
+      repo = GitAuth::Repo.get(params[:name])
+      if repo.nil?
+        redirect root_with_message("The given repository couldn't be found.")
+      else
+        new_permissions = Hash.new([])
+        [:all, :read, :write].each do |k|
+          if params[:repo][k]
+            perm_lines = params[:repo][k].to_s.split("\n")
+            new_permissions[k] = perm_lines.map do |l|
+              i = GitAuth.get_user_or_group(l.strip)
+              i.nil? ? nil : i.to_s
+            end.compact
+          end
+        end
+        all = new_permissions.delete(:all)
+        new_permissions[:read]  |= all
+        new_permissions[:write] |= all
+        new_permissions.each_value { |v| v.uniq! }
+        repo.permissions = new_permissions
+        GitAuth::Repo.save!
+        redirect "/repos/#{URI.encode(repo.name)}"
+      end
+    end
+    
+    delete '/repos/:name' do
+      repo = GitAuth::Repo.get(params[:name])
+      if repo.nil?
+        redirect root_with_message("The given repository couldn't be found.")
+      else
+        repo.destroy!
+        redirect root_with_message("Repository removed.")
+      end
+    end
+    
+    # Create, delete and update users
+    
+    post '/users' do
+      name  = params[:user][:name]
+      admin = params[:user][:admin].to_s == "1"
+      key   = params[:user][:key]
+      if GitAuth::User.create(name, admin, key)
+        redirect root_with_message("User Added")
+      else
+        redirect root_with_message("There was an error adding the requested user.")
+      end
+    end
+    
+    delete '/users/:name' do
+      user = GitAuth::User.get(params[:name])
+      if user.nil?
+        redirect root_with_message("The specified user couldn't be found.")
+      else
+        user.destroy!
+        redirect root_with_message("User removed.")
+      end
+    end
+    
+    # Create and Update Groups
+    
+    post '/groups' do
+      if GitAuth::Group.create(params[:group][:name])
+        redirect root_with_message("Group added")
+      else
+        redirect root_with_message("There was an error adding the requested group.")
+      end
+    end
+    
+    post '/groups/:name' do
+      group = GitAuth::Group.get(params[:name])
+      if group.nil?
+        redirect root_with_message("The specified group couldn't be found.")
+      else
+        if params[:group][:members]
+          member_lines = params[:group][:members].to_s.split("\n")
+          group.members = member_lines.map do |l|
+            i = GitAuth.get_user_or_group(l.strip)
+            i.nil? ? nil : i.to_s
+          end.compact - [group.to_s]
+          GitAuth::Group.save!
+        end
+        redirect "/groups/#{URI.encode(group.name)}"
+      end
+    end
+    
+    delete '/groups/:name' do
+      group = GitAuth::Group.get(params[:name])
+      if group.nil?
+        redirect root_with_message("The specified group couldn't be found.")
+      else
+        group.destroy!
+        redirect root_with_message("Group removed.")
+      end
+    end
+    
+    
+    # Misc Helpers
+    
+    def root_with_message(message)
+      "/?message=#{URI.encode(message)}"
+    end
+    
+  end
+end

data/lib/gitauth.rb

@@ -1,5 +1,5 @@
 #--
-#   Copyright (C) 2009 BrownBeagle
+#   Copyright (C) 2009 Brown Beagle Software
 #   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
 #
 #   This program is free software: you can redistribute it and/or modify
@@ -23,8 +23,8 @@ require 'ostruct'
 
 module GitAuth
   
-  BASE_DIR      = File.expand_path(File.join(File.dirname(__FILE__), ".."))
-  GITAUTH_DIR   = File.expand_path("~/.gitauth/")
+  BASE_DIR    = File.expand_path(File.join(File.dirname(__FILE__), ".."))
+  GITAUTH_DIR = File.expand_path("~/.gitauth/")
   
   def self.logger
     @logger ||= ::Logger.new(File.join(GITAUTH_DIR, "gitauth.log"))
@@ -34,18 +34,42 @@ module GitAuth
     @settings ||= OpenStruct.new(YAML.load_file(File.join(GITAUTH_DIR, "settings.yml")))
   end
   
+  def self.reload_settings!
+    @settings = nil
+  end
+  
+  def self.get_user_or_group(name)
+    return nil if name.to_s.strip.empty?
+    return (name =~ /^@/ ? Group : User).get(name)
+  end
+  
   def self.setup!
     unless File.exist?(GITAUTH_DIR) && File.directory?(GITAUTH_DIR)
       $stderr.puts "GitAuth not been setup, please run: gitauth install"
       exit! 1
     end
     dir = File.expand_path(File.join(File.dirname(__FILE__), "gitauth"))
-    %w(repo users command client).each do |file|
+    %w(saveable_class repo user command client group).each do |file|
       require File.join(dir, file)
     end
     # Load the users and repositories from a YAML File.
     GitAuth::Repo.load!
-    GitAuth::Users.load!
+    GitAuth::User.load!
+    GitAuth::Group.load!
+  end
+  
+  def self.serve_web!
+    self.setup!
+    require File.join(File.expand_path(File.join(File.dirname(__FILE__), "gitauth")), "web_app")
+    GitAuth::WebApp.run!
+  end
+  
+  def self.force_setup!
+    @settings = nil
+    GitAuth::Repo.all  = nil
+    GitAuth::User.all = nil
+    GitAuth::Group.all = nil
+    self.setup!
   end
   
 end

data/public/gitauth.css

@@ -0,0 +1,264 @@
+/* Reset */
+html, body, div, span, applet, object, iframe,
+h1, h2, h3, h4, h5, h6, p, blockquote, pre,
+a, abbr, acronym, address, big, cite, code,
+del, dfn, em, font, img, ins, kbd, q, s, samp,
+small, strike, strong, sub, sup, tt, var,
+dl, dt, dd, ol, ul, li,
+fieldset, form, label, legend,
+table, caption, tbody, tfoot, thead, tr, th, td {
+	margin: 0;
+	padding: 0;
+	border: 0;
+	outline: 0;
+	font-weight: inherit;
+	font-style: inherit;
+	font-size: 100%;
+	font-family: inherit;
+	vertical-align: baseline;
+}
+/* remember to define focus styles! */
+:focus {
+	outline: 0;
+}
+body {
+	line-height: 1;
+	color: black;
+	background: white;
+}
+ol, ul {
+	list-style: none;
+}
+/* tables still need 'cellspacing="0"' in the markup */
+table {
+	border-collapse: separate;
+	border-spacing: 0;
+}
+caption, th, td {
+	text-align: left;
+	font-weight: normal;
+}
+blockquote:before, blockquote:after,
+q:before, q:after {
+	content: "";
+}
+blockquote, q {
+	quotes: "" "";
+}
+
+/* Other Stuff */
+
+body {
+  background: #222;
+}
+
+#container {
+  width: 640px;
+  margin: 2em auto;
+  padding: 1em;
+  background: #FFF;
+  -moz-border-radius: 0.5em;
+  -webkit-border-radius: 0.5em;
+  border-radius: 0.5em;
+}
+
+#header {
+  text-align: center;
+  margin: 0.5em 0 1em;
+}
+
+#header h1 {
+  font-size: 2em;
+  font-weight: bold;
+}
+
+#header h1 a {
+  text-decoration: none;
+  color: #000;
+}
+
+#footer {
+  color: #777;
+  text-align: center;
+  margin: 1em 0 0;
+}
+
+.section {
+  margin: 0.5em 0 1.5em;
+}
+
+.section h2 {
+  padding: 0.5em;
+  text-transform: uppercase;
+  background: #EEE;
+  border-top: 0.1em solid #999;
+  border-bottom: 0.1em solid #999;
+  font-weight: bold;
+  font-size: 1.25em;
+  color: #333;
+}
+
+.section h2 a {
+  text-decoration: none;
+  color: #233967;
+  margin-left: 0.15em;
+}
+
+form {
+  background: #FDFFE9;
+  border: 0.5em solid #F0EBD4;
+  padding: 0.5em;
+  margin: 1em;
+}
+
+.hidden {
+  display: none;
+}
+
+form .row {
+  margin: 0 0.5em 0.5em;
+  line-height: 1.8em;
+  display: inline-block;
+  display: block;
+}
+
+form .row:after {
+  clear: both;
+  content: '.';
+  display: block;
+  visibility: hidden;
+  height: 0; 
+}
+
+form .row label {
+  display: block;
+  float: left;
+  zoom: 1;
+  width: 30%;
+  font-weight: bold;
+  font-size: 1.1em;
+  padding-top: 0.15em;
+}
+
+form .row input, form .row textarea {
+  font-size: 1.1em;
+  padding: 0.25em;
+  border: 0.15em solid #AAA;
+}
+
+form .row input {
+  width: 60%;
+}
+
+form .row input:focus, form .row textarea:focus {
+  border-color: #3E5299;
+}
+
+form .row p.hint {
+  color: #24813D;
+  padding-left: 30%;
+}
+
+form .buttons {
+  text-align: center;
+  padding: 0.75em;
+}
+
+form .buttons a {
+  text-decoration: none;
+  color: #204B99;
+}
+
+div.message {
+  font-size: 1.2em;
+  text-align: center;
+  padding: 0.5em 1em 1.5em;
+  color: #DE701E;
+}
+
+/* Listings */
+
+.section ul {
+  line-height: 1.8em;
+  margin: 0.5em 1em;
+}
+
+.section ul li {
+  padding: 0.5em 0;
+  color: #333;
+}
+
+.section ul li span.tag {
+  display: inline-block;
+  width: 4em;
+  color: white;
+  background: #666;
+  font-size: 0.8em;
+  text-transform: uppercase;
+  font-weight: bold;
+  text-align: center;
+  padding: 0 0.75em;
+  margin-right: 0.5em;
+}
+
+#users .tag.admin {
+  background: #163F10;
+}
+
+#users .tag.user {
+  background: #141A3F;
+}
+
+#repositories .tag.repo {
+  background: #720E12;
+}
+
+#groups .tag.group {
+  background: #17768A;
+}
+
+.section ul li a {
+  text-decoration: none;
+  color: #395F99;
+}
+
+/* View Stuff */
+
+.view h2 {
+  margin: 0 0 1em;
+  text-align: center;
+  font-weight: bold;
+  font-size: 1.3em;
+  color: #333;
+  border-top: 0.1em solid #DDD;
+  border-bottom: 0.1em solid #DDD;
+  padding: 0.5em;
+}
+
+.view h3 {
+  margin: 0.5em 1em;
+  font-weight: bold;
+  color: #555;
+  font-size: 1.2em;
+}
+
+.view ul {
+  margin: 0.5em 2em;
+  line-height: 1.8em;
+  font-size: 1.1em;
+  list-style: disc inside;
+}
+
+.view ul li {
+}
+
+.view ul li.empty {
+  color: #4A5258;
+}
+
+br.clear { clear: both; }
+
+.view ul li a {
+  text-decoration: none;
+  color: #416999;
+}

data/public/gitauth.js

@@ -0,0 +1,17 @@
+$(function() {
+  setTimeout(function() { $(".message").slideUp("slow"); }, 7500);
+});
+
+function showForm(name)
+{
+  $("#add-" + name + "-link").hide();
+  $("#add-" + name).slideDown("slow");
+  return false;
+}
+
+function hideForm(name)
+{
+  $("#add-" + name + "-link").show();
+  $("#add-" + name).slideUp("slow");
+  return false;
+}