git_wit 0.0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,82 @@
+# GitWit
+
+[![Build Status](https://travis-ci.org/xdissent/git_wit.png?branch=master)](https://travis-ci.org/xdissent/git_wit)
+
+Dead simple Git hosting for Rails apps.
+
+## Quickstart
+
+Run `rails g git_wit:install` and checkout `config/initializers/git_wit.rb`.
+You'll want to first change `config.repositories_path` to a folder where you'd
+like to store your repositories. Let's use "tmp/repositories" in our app root
+for fun:
+
+```ruby
+config.repositories_path = Rails.root.join("tmp", "repositories").to_s
+```
+
+Normally you wouldn't want to allow users to send their authentication 
+credentials over an insecure protocol like HTTP, because they'll be sent in 
+plain text over the wire. And since anonymous write access is always disallowed,
+that means you can't safely push over HTTP without SSL. To disable these 
+protections, something you'd **never** do in a production environment, change
+the following config values in the initializer:
+
+```
+config.insecure_auth = true
+config.insecure_write = true
+```
+
+Now let's set up some simple (fake) authentication and authorization:
+
+```ruby
+config.authenticate = ->(user, password) do
+  %w(reader writer).include?(user) && user == password
+end
+
+config.authorize_read = ->(user, repository) do
+  %w(reader writer).include?(user)
+end
+
+config.authorize_write = ->(user, repository) do
+  user == "writer"
+end
+```
+
+What we've done is effectively create two users: `reader` and `writer`. Both can
+read all repositories, but only `writer` may write (and can write to any repo.)
+Both users are considered authenticated if the password matches the username.
+
+Now your app is ready to start serving git repos over HTTP. Just create the 
+repositories folder, initialize a repo and start the server:
+
+```console
+$ mkdir -p tmp/repositories
+$ git init --bare tmp/repositories/example.git
+$ rails s
+```
+
+Clone your repo, make some changes, and push:
+
+```console
+$ git clone http://localhost:3000/example.git
+$ cd example
+$ touch README
+$ git add README
+$ git commit -m "First"
+$ git push origin master
+```
+
+Your server will ask you for a username and password when you push - use 
+`writer` for both and it should accept your changes.
+
+## SSH support
+
+See the dummy app in `test/dummy` for a working example of `authorized_keys` 
+management for the `ssh_user`.
+
+**NOTE** To manage SSH keys, the `ssh_user` *must* be allowed to `sudo` as the
+Rails application user, **and** vice versa. More documentation is forthcoming.
+
+
+This project rocks and uses MIT-LICENSE.

data/Rakefile

@@ -0,0 +1,40 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'GitWit'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test

data/app/controllers/git_wit/application_controller.rb

@@ -0,0 +1,6 @@
+module GitWit
+  class ApplicationController < ActionController::Metal
+    include AbstractController::Callbacks
+    include ActionController::HttpAuthentication::Basic::ControllerMethods
+  end
+end

data/app/controllers/git_wit/git_controller.rb

@@ -0,0 +1,116 @@
+require "open3"
+require_dependency "git_wit/application_controller"
+
+module GitWit
+  class GitController < ApplicationController
+
+    ENV_KEEPERS = %w(REQUEST_METHOD QUERY_STRING REMOTE_ADDR SERVER_ADDR 
+        SERVER_NAME SERVER_PORT CONTENT_TYPE)
+
+    before_filter :authenticate, :authorize, :find_repository
+
+    def service
+      # Shell out to git-http-backend.
+      out, err, status = Open3.capture3 shell_env, GitWit.git_http_backend_path, 
+        stdin_data: request.raw_post, binmode: true
+
+      # Bail if the backend failed.
+      raise GitError, err unless status.success?
+
+      # Split headers and body from response.
+      headers, body = out.split("\r\n\r\n", 2)
+      
+      # Convert CGI headers to HTTP headers.
+      headers = Hash[headers.split("\r\n").map { |l| l.split(/\s*\:\s*/, 2) }]
+
+      # Set status from header if given, otherwise it's a 200.
+      self.status = headers.delete("Status").to_i if headers.key? "Status"
+
+      # Set response body if given, otherwise empty string.
+      self.response_body = body.presence || ""
+    end
+
+    private
+    def shell_env
+      request.headers.dup.extract!(*ENV_KEEPERS).merge(http_env).merge(git_env)
+    end
+
+    def git_env
+      {
+        GIT_HTTP_EXPORT_ALL: "uknoit",
+        GIT_PROJECT_ROOT: GitWit.repositories_path,
+        PATH_INFO: "/#{params[:repository]}/#{params[:refs] || params[:service]}",
+        REMOTE_USER: (user_attr(:username) || @username),
+        GIT_COMMITTER_NAME: user_attr(:committer_name),
+        GIT_COMMITTER_EMAIL: user_attr(:committer_email)
+      }.reject { |_, v| v.nil? }.stringify_keys
+    end
+
+    def http_env
+      request.headers.select { |k, _| k.start_with? "HTTP_" }
+    end
+
+    def authenticate
+      # Disallow authentication over insecure protocol per configuration.
+      raise ForbiddenError if !GitWit.insecure_auth \
+        && request.authorization.present? && !request.ssl?
+
+      # Authenticate user *ONLY IF CREDENTIALS ARE PROVIDED*
+      @user = authenticate_with_http_basic do |username, password|
+        @username = username
+        user = GitWit.user_for_authentication username
+        user if GitWit.authenticate user, password
+      end
+
+      # Request credentials again if provided and no user was authenticated.
+      if @user.nil? && request.authorization.present?
+        request_http_basic_authentication_if_allowed
+      end
+    end
+
+    def request_http_basic_authentication_if_allowed
+      raise ForbiddenError if !GitWit.insecure_auth && !request.ssl?
+      request_http_basic_authentication GitWit.realm
+    end
+
+    def authorize
+      write_op? ? authorize_write : authorize_read
+    end
+
+    def authorize_write
+      # Never allow anonymous write operations.
+      return request_http_basic_authentication_if_allowed if @user.nil?
+
+      # Disallow write operations over insecure protocol per configuration.
+      raise ForbiddenError if !GitWit.insecure_write && !request.ssl?
+
+      # Authorize for write operations.
+      raise UnauthorizedError unless GitWit.authorize_write @user, params[:repository]
+    end
+
+    def authorize_read
+      return if GitWit.authorize_read(@user, params[:repository])
+      return request_http_basic_authentication_if_allowed if @user.nil?
+      raise UnauthorizedError
+    end
+
+    # TODO: Sure about this?
+    def write_op?
+      params[:service] == "git-receive-pack"
+    end
+
+    def find_repository
+      repo_path = File.join GitWit.repositories_path, params[:repository]
+      raise NotFoundError unless File.exist? repo_path
+    end
+
+    def user_attr(sym)
+      try_user GitWit.config.send("#{sym}_attribute")
+    end
+
+    def try_user(sym_or_proc)
+      return @user.try(sym_or_proc) if sym_or_proc.is_a? Symbol
+      sym_or_proc.call(@user) if sym_or_proc.respond_to? :call
+    end
+  end
+end

data/bin/gw-shell

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+
+require "git_wit/shell"
+GitWit::Shell.run

data/config/initializers/git_wit.rb

@@ -0,0 +1,2 @@
+# Configures GitWit defaults (before app initializer)
+GitWit.default_config!

data/config/routes.rb

@@ -0,0 +1,5 @@
+GitWit::Engine.routes.draw do
+  get ":repository/*refs" => "git#service", repository: /[\-\/\w\.]+\.git/
+  post ":repository/:service" => "git#service", repository: /[\-\/\w\.]+\.git/, 
+    service: /git-[\w\-]+/
+end

data/lib/generators/git_wit/install/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Creates a GitWit initializer for your application.
+
+Example:
+    rails generate git_wit:install
+
+    This will create:
+        config/intializers/git_wit.rb

data/lib/generators/git_wit/install/install_generator.rb

@@ -0,0 +1,15 @@
+class GitWit::InstallGenerator < Rails::Generators::Base
+  source_root File.expand_path('../../templates', __FILE__)
+
+  def copy_initializer
+    template "git_wit.rb", "config/initializers/git_wit.rb"
+  end
+
+  def show_readme
+    readme "README" if behavior == :invoke
+  end
+
+  def mount_route
+    route 'mount GitWit::Engine => "/"'
+  end
+end

data/lib/generators/git_wit/templates/README

@@ -0,0 +1,11 @@
+ _________________________________________________________________
+|__       ____      ___        __    ____    __      ___        __|
+   |  ____|  |_    _| |__    __| |  |    |  | |_    _| |__    __| 
+  /  /  __     |  |      |  |    |  |    |  |   |  |      |  |    
+ |  |  |  \    |  |      |  |    |  |    |  |   |  |      |  |    
+  \  \__|  |  _|  |_     |  |     \  \/\/  /   _|  |_     |  |    
+ __|      |__|      |____|  |______\      /___|      |____|  |____
+|_________________________________________________________________|
+
+Thank you for installing GitWit. You'll need to configure the initializer
+at config/initializers/git_wit.rb to reflect your settings.

data/lib/generators/git_wit/templates/git_wit.rb

@@ -0,0 +1,78 @@
+# Configure GitWit for your application using this initializer.
+GitWit.configure do |config|
+
+  # Configure the path to the repositories. This folder should be readable
+  # and writable by your application. Use an absolute path for best results.
+  # No trailing slash necessary.
+  # config.repositories_path = "/var/git"
+
+  # Configure the user for which to manage SSH keys (if enabled.) This user 
+  # must be allowed to run gw-ssh (or bundle exec or rvm or whatever) via sudo 
+  # as the application user.
+  # config.ssh_user = "git"
+
+  # Configure the absolute path to the authorized_keys file for ssh_user. By
+  # default, this will be calculated as "~ssh_user/.ssh/authorized_keys". 
+  # config.authorized_keys_path = "/var/git/.ssh/authorized_keys"
+
+  # Configure the path to the git-http-backend binary.
+  # config.git_http_backend_path = "/usr/libexec/git-core/git-http-backend"
+
+  # Configure the HTTP Basic Auth Realm. Go nuts.
+  # config.realm = "GitWit"
+
+  # Allow or disable write operations (push) via non-secure (http) protocols.
+  # config.insecure_write = false
+
+  # Allow or disable authentication via non-secure (http) protocols. GitWit uses
+  # HTTP Basic authentication, which sends your password in cleartext. This is
+  # bad behaviour so the default is to completely disallow authentication
+  # without SSL. Note that this will effectively disable insecure write
+  # operations as well when set to false, since writes require authentication.
+  # config.insecure_auth = false
+
+  # Configure git user attributes. GitWit will "try" these attributes when
+  # discerning the user information to pass to git. These may be callables that
+  # accept the user model (if authenticated) and should return a string value.
+  # If nil (or return nil), reasonable defaults will be used.
+  #
+  # config.username_attribute = :login          # REMOTE_USER
+  # config.committer_email_attribute = :email   # GIT_COMMITTER_NAME
+  # config.committer_name_attribute = :name     # GIT_COMMITTER_EMAIL
+
+  # Customize how the user is derived from the username. Below is an example for 
+  # devise. Your callable should accept a username return a user model. A string
+  # is OK if you don't want to use real models. In fact, the default just 
+  # returns the username as the user model. You'll get the user as an argument 
+  # to the config.authenticate method later for actual authentication. Returning
+  # nil means "authentication failed."
+  # 
+  # config.user_for_authentication = ->(username) do
+  #   user = User.find_for_authentication username: username
+  #   user if user.active_for_authentication?
+  # end
+
+  # Customize the authentication handler. Below is an example for devise. Your
+  # callable should accept a user (from config.user_for_authentication) and 
+  # a password. Return a boolean indicating whether the user is autenticated
+  # against the given password.
+  # 
+  # config.authenticate = ->(user, password) do
+  #   user.try :valid_password, password
+  # end
+
+  # Customize the authorization handlers. There are two - one for read and one
+  # for write operations. They will receive the user model (if authenticated)
+  # and the repository path as a string (without config.repositories_path 
+  # prefixed.) A boolean should be returned. Below are some examples.
+  # 
+  # config.authorize_read = ->(user, repository) do
+  #   repo = Repository.find_by_path repository
+  #   repo.public? || repo.user_id = user.id
+  # end
+  #
+  # config.authorize_write = ->(user, repository) do
+  #   repo = Repository.find_by_path repository
+  #   repo.user_id = user.id || user.admin?
+  # end
+end

data/lib/git_wit/auth.rb

@@ -0,0 +1,28 @@
+module GitWit
+  def self.user_for_authentication(username)
+    if config.user_for_authentication.respond_to?(:call)
+      return config.user_for_authentication.call(username)
+    end
+    username
+  end
+
+  def self.authenticate(user, password)
+    if config.authenticate.respond_to?(:call)
+      return config.authenticate.call(user, password)
+    end
+    false
+  end
+
+  def self.authorize_write(user, repository)
+    authorize :write, user, repository
+  end
+
+  def self.authorize_read(user, repository)
+    authorize :read, user, repository
+  end
+
+  def self.authorize(operation, user, repository)
+    cfg = config.send "authorize_#{operation}".to_sym
+    cfg.respond_to?(:call) ? cfg.call(user, repository) : false
+  end
+end

data/lib/git_wit/authorized_keys.rb

@@ -0,0 +1,102 @@
+require "tempfile"
+require "authorized_keys"
+
+module GitWit
+  def self.regenerate_authorized_keys(keymap)
+    key_file = authorized_keys_file
+    key_file.clear do |file|
+      keymap.each do |username, keys|
+        keys.each do |key|
+          key_file.add AuthorizedKeys::Key.shell_key_for_username(username, key)
+        end
+      end
+    end
+  end
+
+  def self.add_authorized_key(username, key)
+    authorized_keys_file.add AuthorizedKeys::Key.shell_key_for_username(username, key)
+  end
+
+  def self.remove_authorized_key(key)
+    authorized_keys_file.remove key
+  end
+
+  def self.authorized_keys_file
+    AuthorizedKeys::File.new authorized_keys_path
+  end
+
+  def self.authorized_keys_path
+    config.authorized_keys_path || File.expand_path("~#{ssh_user}/.ssh/authorized_keys")
+  end
+
+  module AuthorizedKeys
+    class File < ::AuthorizedKeys::File
+      attr_accessor :original_location
+
+      def keys
+        list = []
+        modify "r" do |file|
+          file.each do |line|
+            list << Key.new(line.chomp)
+          end
+        end
+        list
+      end
+
+      def remove(key)
+        key = Key.new(key) if key.is_a?(String)
+        cached_keys = keys
+        modify 'w' do |file|
+          cached_keys.each do |k|
+            file.puts k unless key == k
+          end
+        end
+      end
+
+      def owned?
+        owner == Process.uid
+      end
+
+      def owner(file = nil)
+        file ||= location
+        ::File.stat(file).uid
+      rescue Errno::EACCES, Errno::ENOENT
+        parent = ::File.dirname file
+        owner parent unless file == parent
+      end
+
+      def modify(mode, &block)
+        return super if owned? || self.original_location
+        contents = %x(sudo -u "##{owner}" cat "#{location}") unless mode.include? "w"
+        original_owner = owner
+        self.original_location = location
+        tmp = Tempfile.new "git_wit_authorized_keys"
+        self.location = tmp.path
+        tmp.write contents unless mode.include? "w"
+        tmp.close
+        super
+        self.location = original_location
+        if mode != "r"
+          %x(cat "#{tmp.path}" | sudo -u "##{owner}" tee "#{location}" >/dev/null)
+        end
+        tmp.unlink
+        self.original_location = nil
+      end
+
+      def clear(&block)
+        modify "w", &block
+      end
+    end
+
+    class Key < ::AuthorizedKeys::Key
+      SHELL_OPTIONS = %w(no-port-forwarding no-X11-forwarding 
+        no-agent-forwarding no-pty)
+
+      def self.shell_key_for_username(username, key)
+        key = self.new key if key.is_a? String
+        key.options = [%(command="gw-shell #{username}"), *SHELL_OPTIONS]
+        key
+      end
+    end
+  end
+end

data/lib/git_wit/engine.rb

@@ -0,0 +1,12 @@
+module GitWit
+  class Engine < ::Rails::Engine
+    isolate_namespace GitWit
+
+    config.action_dispatch.rescue_responses.merge!(
+      "GitWit::NotFoundError"     => :not_found,
+      "GitWit::ForbiddenError"    => :forbidden,
+      "GitWit::UnauthorizedError" => :unauthorized,
+      "GitWit::GitError"          => :internal_server_error
+    )
+  end
+end

data/lib/git_wit/errors.rb

@@ -0,0 +1,6 @@
+module GitWit
+  class NotFoundError < Exception; end
+  class ForbiddenError < Exception; end
+  class UnauthorizedError < Exception; end
+  class GitError < Exception; end
+end

data/lib/git_wit/shell.rb

@@ -0,0 +1,72 @@
+module GitWit
+  module Shell
+    SHELL_COMMANDS = %w(git-upload-pack git-receive-pack git-upload-archive)
+    SUDO_ENV_KEYS = %w(SSH_ORIGINAL_COMMAND GEM_HOME GEM_PATH PATH 
+      BUNDLE_GEMFILE RAILS_ENV)
+
+    def self.exec_with_sudo!(user = app_user)
+      return if running_as?(user)
+      Dir.chdir rails_root
+      env = SUDO_ENV_KEYS.map { |k| "#{k}=#{ENV[k]}" if ENV[k] }.compact
+      env << "RAILS_ROOT=#{rails_root}" << "TERM=dumb"
+      cmd = ["sudo", "-u", "##{app_user}", *env, "-s", $PROGRAM_NAME, *ARGV]
+      exec *cmd
+    end
+
+    def self.running_as?(user)
+      Process.uid == user
+    end
+
+    def self.app_user
+      File.stat(rails_root).uid
+    end
+
+    def self.rails_root
+      return File.expand_path(ENV["RAILS_ROOT"]) if ENV["RAILS_ROOT"].present?
+      return File.expand_path("..", ENV["BUNDLE_GEMFILE"]) if ENV["BUNDLE_GEMFILE"].present?
+      Dir.pwd
+    end
+
+    def self.boot_app
+      require File.expand_path File.join(rails_root, "config/environment")
+    end
+
+    def self.parse_ssh_original_command
+      /^(?<cmd>git-[^\s]+)\s+'(?<repository>[^']+\.git)'/ =~ ENV["SSH_ORIGINAL_COMMAND"]
+      abort "Uknown command #{cmd}" unless SHELL_COMMANDS.include? cmd
+      [cmd, repository]
+    end
+
+    def self.authenticate(username)
+      GitWit.user_for_authentication username
+    end
+
+    def self.authenticate!(username)
+      user = authenticate username
+      abort "Anonymous access denied" unless user.present?
+      user
+    end
+
+    def self.authorize(command, user, repository)
+      op = command == "git-receive-pack" ? :write : :read
+      GitWit.authorize op, user, repository
+    end
+
+    def self.authorize!(command, user, repository)
+      abort "Unauthorized" unless authorize command, user, repository
+    end
+
+    def self.run
+      exec_with_sudo!
+      boot_app
+      command, repository = parse_ssh_original_command
+      user = authenticate! ARGV[0]
+      authorize! command, user, repository
+
+      repo_path = File.expand_path File.join(GitWit.repositories_path, repository)
+      cmd = ["git", "shell", "-c", "#{command} '#{repo_path}'"]
+      Rails.logger.info "GitWit SSH command: #{cmd.join " "}"
+      exec *cmd
+    end
+  end
+end

data/lib/git_wit/version.rb

@@ -0,0 +1,3 @@
+module GitWit
+  VERSION = "0.0.1"
+end

data/lib/git_wit.rb

@@ -0,0 +1,38 @@
+require "active_support/configurable"
+require "git_wit/engine"
+require "git_wit/errors"
+require "git_wit/auth"
+require "git_wit/shell"
+require "git_wit/authorized_keys"
+
+module GitWit
+  include ActiveSupport::Configurable
+
+  config_accessor :repositories_path, :ssh_user, :realm,
+    :git_http_backend_path, :insecure_write, :insecure_auth
+
+  def self.reset_config!
+    @_config = nil
+  end
+
+  def self.stash_config
+    @_stashed = @_config.dup
+  end
+
+  def self.restore_config
+    @_config = @_stashed
+    @_stashed = nil
+  end
+
+  def self.default_config!
+    reset_config!
+    configure do |config|
+      config.realm = "GitWit"
+      config.repositories_path = "/var/git"
+      config.ssh_user = "git"
+      config.git_http_backend_path = "/usr/libexec/git-core/git-http-backend"
+      config.insecure_write = false
+      config.insecure_auth = false
+    end
+  end
+end