gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectServlet.java - gerrit - Git at Google

 // Copyright (C) 2010 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 // http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package com.google.gerrit.httpd;

 import com.google.gerrit.common.PageLinks;
 import com.google.gerrit.reviewdb.Change;
 import com.google.gerrit.reviewdb.Project;
 import com.google.gerrit.reviewdb.ReviewDb;
 import com.google.gerrit.server.AnonymousUser;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.cache.Cache;
 import com.google.gerrit.server.cache.CacheModule;
 import com.google.gerrit.server.config.CanonicalWebUrl;
 import com.google.gerrit.server.git.GitRepositoryManager;
 import com.google.gerrit.server.git.ReceiveCommits;
 import com.google.gerrit.server.git.TagCache;
 import com.google.gerrit.server.git.TransferConfig;
 import com.google.gerrit.server.git.VisibleRefFilter;
 import com.google.gerrit.server.project.NoSuchProjectException;
 import com.google.gerrit.server.project.ProjectControl;
 import com.google.inject.AbstractModule;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import com.google.inject.TypeLiteral;
 import com.google.inject.name.Named;

 import org.eclipse.jgit.errors.RepositoryNotFoundException;
 import org.eclipse.jgit.http.server.GitServlet;
 import org.eclipse.jgit.http.server.resolver.AsIsFileService;
 import org.eclipse.jgit.lib.ObjectId;
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.storage.pack.PackConfig;
 import org.eclipse.jgit.transport.ReceivePack;
 import org.eclipse.jgit.transport.UploadPack;
 import org.eclipse.jgit.transport.resolver.ReceivePackFactory;
 import org.eclipse.jgit.transport.resolver.RepositoryResolver;
 import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
 import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
 import org.eclipse.jgit.transport.resolver.UploadPackFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import java.io.IOException;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;

 import javax.annotation.Nullable;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 /** Serves Git repositories over HTTP. */
 @Singleton
 public class ProjectServlet extends GitServlet {
   private static final long serialVersionUID = 1L;
   private static final Logger log =
       LoggerFactory.getLogger(ProjectServlet.class);

   private static final String ATT_CONTROL = ProjectControl.class.getName();
   private static final String ATT_RC = ReceiveCommits.class.getName();
   private static final String ID_CACHE = "adv_bases";

   static class Module extends AbstractModule {
     @Override
     protected void configure() {
       bind(Resolver.class);
       bind(Upload.class);
       bind(Receive.class);
       bind(ReceiveFilter.class);
       install(new CacheModule() {
         @Override
         protected void configure() {
           TypeLiteral<Cache<AdvertisedObjectsCacheKey, Set<ObjectId>>> cache =
               new TypeLiteral<Cache<AdvertisedObjectsCacheKey, Set<ObjectId>>>() {};
           core(cache, ID_CACHE)
             .memoryLimit(4096)
             .maxAge(10, TimeUnit.MINUTES);
         }
       });
     }
   }

   static ProjectControl getProjectControl(ServletRequest req)
       throws ServiceNotEnabledException {
     ProjectControl pc = (ProjectControl) req.getAttribute(ATT_CONTROL);
     if (pc == null) {
       log.error("No " + ATT_CONTROL + " in request", new Exception("here"));
       throw new ServiceNotEnabledException();
     }
     return pc;
   }

   private final Provider<String> urlProvider;

   @Inject
   ProjectServlet(final Resolver resolver, final Upload upload,
       final Receive receive,
       final ReceiveFilter receiveFilter,
       @CanonicalWebUrl @Nullable Provider<String> urlProvider) {
     this.urlProvider = urlProvider;

     setRepositoryResolver(resolver);
     setAsIsFileService(AsIsFileService.DISABLED);
     setUploadPackFactory(upload);
     setReceivePackFactory(receive);
     addReceivePackFilter(receiveFilter);
   }

   @Override
   public void init(ServletConfig config) throws ServletException {
     super.init(config);

     serveRegex("^/(.*?)/?$").with(new HttpServlet() {
       private static final long serialVersionUID = 1L;

       @Override
       protected void doGet(HttpServletRequest req, HttpServletResponse rsp)
           throws IOException {
         ProjectControl pc;
         try {
           pc = getProjectControl(req);
         } catch (ServiceNotEnabledException e) {
           rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
           return;
         }

         Project.NameKey dst = pc.getProject().getNameKey();
         StringBuilder r = new StringBuilder();
         r.append(urlProvider.get());
         r.append('#');
         r.append(PageLinks.toChangeQuery(PageLinks.projectQuery(dst,
             Change.Status.NEW)));
         rsp.sendRedirect(r.toString());
       }
     });
   }

   static class Resolver implements RepositoryResolver<HttpServletRequest> {
     private final GitRepositoryManager manager;
     private final ProjectControl.Factory projectControlFactory;

     @Inject
     Resolver(GitRepositoryManager manager,
         ProjectControl.Factory projectControlFactory) {
       this.manager = manager;
       this.projectControlFactory = projectControlFactory;
     }

     @Override
     public Repository open(HttpServletRequest req, String projectName)
         throws RepositoryNotFoundException, ServiceNotAuthorizedException,
         ServiceNotEnabledException {
       if (projectName.endsWith(".git")) {
         // Be nice and drop the trailing ".git" suffix, which we never keep
         // in our database, but clients might mistakenly provide anyway.
         //
         projectName = projectName.substring(0, projectName.length() - 4);
       }

       if (projectName.startsWith("/")) {
         // Be nice and drop the leading "/" if supplied by an absolute path.
         // We don't have a file system hierarchy, just a flat namespace in
         // the database's Project entities. We never encode these with a
         // leading '/' but users might accidentally include them in Git URLs.
         //
         projectName = projectName.substring(1);
       }

       final ProjectControl pc;
       try {
         final Project.NameKey nameKey = new Project.NameKey(projectName);
         pc = projectControlFactory.controlFor(nameKey);
       } catch (NoSuchProjectException err) {
         throw new RepositoryNotFoundException(projectName);
       }
       if (!pc.isVisible()) {
         if (pc.getCurrentUser() instanceof AnonymousUser) {
           throw new ServiceNotAuthorizedException();
         } else {
           throw new ServiceNotEnabledException();
         }
       }
       req.setAttribute(ATT_CONTROL, pc);

       return manager.openRepository(pc.getProject().getNameKey());
     }
   }

   static class Upload implements UploadPackFactory<HttpServletRequest> {
     private final Provider<ReviewDb> db;
     private final PackConfig packConfig;
     private final TagCache tagCache;

     @Inject
     Upload(final Provider<ReviewDb> db, final TransferConfig tc,
         final TagCache tagCache) {
       this.db = db;
       this.packConfig = tc.getPackConfig();
       this.tagCache = tagCache;
     }

     @Override
     public UploadPack create(HttpServletRequest req, Repository repo)
         throws ServiceNotEnabledException, ServiceNotAuthorizedException {
       ProjectControl pc = getProjectControl(req);
       if (!pc.canRunUploadPack()) {
         throw new ServiceNotAuthorizedException();
       }

       // The Resolver above already checked READ access for us.
       //
       UploadPack up = new UploadPack(repo);
       up.setPackConfig(packConfig);
       if (!pc.allRefsAreVisible()) {
         up.setRefFilter(new VisibleRefFilter(tagCache, repo, pc, db.get(), true));
       }
       return up;
     }
   }

   static class Receive implements ReceivePackFactory<HttpServletRequest> {
     private final ReceiveCommits.Factory factory;

     @Inject
     Receive(final ReceiveCommits.Factory factory) {
       this.factory = factory;
     }

     @Override
     public ReceivePack create(HttpServletRequest req, Repository db)
         throws ServiceNotEnabledException, ServiceNotAuthorizedException {
       final ProjectControl pc = getProjectControl(req);
       if (!pc.canRunReceivePack()) {
         throw new ServiceNotAuthorizedException();
       }

       if (pc.getCurrentUser() instanceof IdentifiedUser) {
         final IdentifiedUser user = (IdentifiedUser) pc.getCurrentUser();
         final ReceiveCommits rc = factory.create(pc, db);
         final ReceiveCommits.Capable s = rc.canUpload();
         if (s != ReceiveCommits.Capable.OK) {
           // TODO We should alert the user to this message on the HTTP
           // response channel, assuming Git will even report it to them.
           //
           final String who = user.getUserName();
           final String why = s.getMessage();
           log.warn("Rejected push from " + who + ": " + why);
           throw new ServiceNotEnabledException();
         }

         rc.getReceivePack().setRefLogIdent(user.newRefLogIdent());
         req.setAttribute(ATT_RC, rc);
         return rc.getReceivePack();

       } else {
         throw new ServiceNotAuthorizedException();
       }
     }
   }

   static class ReceiveFilter implements Filter {
     private final Cache<AdvertisedObjectsCacheKey, Set<ObjectId>> cache;

     @Inject
     ReceiveFilter(
         @Named(ID_CACHE) Cache<AdvertisedObjectsCacheKey, Set<ObjectId>> cache) {
       this.cache = cache;
     }

     @Override
     public void doFilter(ServletRequest request, ServletResponse response,
         FilterChain chain) throws IOException, ServletException {
       boolean isGet =
         "GET".equalsIgnoreCase(((HttpServletRequest) request).getMethod());

       ReceiveCommits rc = (ReceiveCommits) request.getAttribute(ATT_RC);
       ReceivePack rp = rc.getReceivePack();
       ProjectControl pc;
       try {
         pc = getProjectControl(request);
       } catch (ServiceNotEnabledException e) {
         // This shouldn't occur, the parent should have stopped processing.
         throw new ServletException(e);
       }

       Project.NameKey projectName = pc.getProject().getNameKey();

       if (!rp.isCheckReferencedObjectsAreReachable()) {
         if (isGet) {
           rc.advertiseHistory();
         }
         chain.doFilter(request, response);
         return;
       }

       if (!(pc.getCurrentUser() instanceof IdentifiedUser)) {
         chain.doFilter(request, response);
         return;
       }

       AdvertisedObjectsCacheKey cacheKey = new AdvertisedObjectsCacheKey(
           ((IdentifiedUser) pc.getCurrentUser()).getAccountId(),
           projectName);

       if (isGet) {
         rc.advertiseHistory();
         cache.remove(cacheKey);
       } else {
         Set<ObjectId> ids = cache.get(cacheKey);
         if (ids != null) {
           rp.getAdvertisedObjects().addAll(ids);
           cache.remove(cacheKey);
         }
       }

       chain.doFilter(request, response);

       if (isGet) {
         cache.put(cacheKey, Collections.unmodifiableSet(
             new HashSet<ObjectId>(rp.getAdvertisedObjects())));
       }
     }

     @Override
     public void init(FilterConfig arg0) throws ServletException {
     }

     @Override
     public void destroy() {
     }
   }
 }
	// Copyright (C) 2010 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package com.google.gerrit.httpd;

	import com.google.gerrit.common.PageLinks;
	import com.google.gerrit.reviewdb.Change;
	import com.google.gerrit.reviewdb.Project;
	import com.google.gerrit.reviewdb.ReviewDb;
	import com.google.gerrit.server.AnonymousUser;
	import com.google.gerrit.server.IdentifiedUser;
	import com.google.gerrit.server.cache.Cache;
	import com.google.gerrit.server.cache.CacheModule;
	import com.google.gerrit.server.config.CanonicalWebUrl;
	import com.google.gerrit.server.git.GitRepositoryManager;
	import com.google.gerrit.server.git.ReceiveCommits;
	import com.google.gerrit.server.git.TagCache;
	import com.google.gerrit.server.git.TransferConfig;
	import com.google.gerrit.server.git.VisibleRefFilter;
	import com.google.gerrit.server.project.NoSuchProjectException;
	import com.google.gerrit.server.project.ProjectControl;
	import com.google.inject.AbstractModule;
	import com.google.inject.Inject;
	import com.google.inject.Provider;
	import com.google.inject.Singleton;
	import com.google.inject.TypeLiteral;
	import com.google.inject.name.Named;

	import org.eclipse.jgit.errors.RepositoryNotFoundException;
	import org.eclipse.jgit.http.server.GitServlet;
	import org.eclipse.jgit.http.server.resolver.AsIsFileService;
	import org.eclipse.jgit.lib.ObjectId;
	import org.eclipse.jgit.lib.Repository;
	import org.eclipse.jgit.storage.pack.PackConfig;
	import org.eclipse.jgit.transport.ReceivePack;
	import org.eclipse.jgit.transport.UploadPack;
	import org.eclipse.jgit.transport.resolver.ReceivePackFactory;
	import org.eclipse.jgit.transport.resolver.RepositoryResolver;
	import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
	import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
	import org.eclipse.jgit.transport.resolver.UploadPackFactory;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import java.io.IOException;
	import java.util.Collections;
	import java.util.HashSet;
	import java.util.Set;
	import java.util.concurrent.TimeUnit;

	import javax.annotation.Nullable;
	import javax.servlet.Filter;
	import javax.servlet.FilterChain;
	import javax.servlet.FilterConfig;
	import javax.servlet.ServletConfig;
	import javax.servlet.ServletException;
	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import javax.servlet.http.HttpServlet;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	/** Serves Git repositories over HTTP. */
	@Singleton
	public class ProjectServlet extends GitServlet {
	private static final long serialVersionUID = 1L;
	private static final Logger log =
	LoggerFactory.getLogger(ProjectServlet.class);

	private static final String ATT_CONTROL = ProjectControl.class.getName();
	private static final String ATT_RC = ReceiveCommits.class.getName();
	private static final String ID_CACHE = "adv_bases";

	static class Module extends AbstractModule {
	@Override
	protected void configure() {
	bind(Resolver.class);
	bind(Upload.class);
	bind(Receive.class);
	bind(ReceiveFilter.class);
	install(new CacheModule() {
	@Override
	protected void configure() {
	TypeLiteral<Cache<AdvertisedObjectsCacheKey, Set<ObjectId>>> cache =
	new TypeLiteral<Cache<AdvertisedObjectsCacheKey, Set<ObjectId>>>() {};
	core(cache, ID_CACHE)
	.memoryLimit(4096)
	.maxAge(10, TimeUnit.MINUTES);
	}
	});
	}
	}

	static ProjectControl getProjectControl(ServletRequest req)
	throws ServiceNotEnabledException {
	ProjectControl pc = (ProjectControl) req.getAttribute(ATT_CONTROL);
	if (pc == null) {
	log.error("No " + ATT_CONTROL + " in request", new Exception("here"));
	throw new ServiceNotEnabledException();
	}
	return pc;
	}

	private final Provider<String> urlProvider;

	@Inject
	ProjectServlet(final Resolver resolver, final Upload upload,
	final Receive receive,
	final ReceiveFilter receiveFilter,
	@CanonicalWebUrl @Nullable Provider<String> urlProvider) {
	this.urlProvider = urlProvider;

	setRepositoryResolver(resolver);
	setAsIsFileService(AsIsFileService.DISABLED);
	setUploadPackFactory(upload);
	setReceivePackFactory(receive);
	addReceivePackFilter(receiveFilter);
	}

	@Override
	public void init(ServletConfig config) throws ServletException {
	super.init(config);

	serveRegex("^/(.*?)/?$").with(new HttpServlet() {
	private static final long serialVersionUID = 1L;

	@Override
	protected void doGet(HttpServletRequest req, HttpServletResponse rsp)
	throws IOException {
	ProjectControl pc;
	try {
	pc = getProjectControl(req);
	} catch (ServiceNotEnabledException e) {
	rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
	return;
	}

	Project.NameKey dst = pc.getProject().getNameKey();
	StringBuilder r = new StringBuilder();
	r.append(urlProvider.get());
	r.append('#');
	r.append(PageLinks.toChangeQuery(PageLinks.projectQuery(dst,
	Change.Status.NEW)));
	rsp.sendRedirect(r.toString());
	}
	});
	}

	static class Resolver implements RepositoryResolver<HttpServletRequest> {
	private final GitRepositoryManager manager;
	private final ProjectControl.Factory projectControlFactory;

	@Inject
	Resolver(GitRepositoryManager manager,
	ProjectControl.Factory projectControlFactory) {
	this.manager = manager;
	this.projectControlFactory = projectControlFactory;
	}

	@Override
	public Repository open(HttpServletRequest req, String projectName)
	throws RepositoryNotFoundException, ServiceNotAuthorizedException,
	ServiceNotEnabledException {
	if (projectName.endsWith(".git")) {
	// Be nice and drop the trailing ".git" suffix, which we never keep
	// in our database, but clients might mistakenly provide anyway.
	//
	projectName = projectName.substring(0, projectName.length() - 4);
	}

	if (projectName.startsWith("/")) {
	// Be nice and drop the leading "/" if supplied by an absolute path.
	// We don't have a file system hierarchy, just a flat namespace in
	// the database's Project entities. We never encode these with a
	// leading '/' but users might accidentally include them in Git URLs.
	//
	projectName = projectName.substring(1);
	}

	final ProjectControl pc;
	try {
	final Project.NameKey nameKey = new Project.NameKey(projectName);
	pc = projectControlFactory.controlFor(nameKey);
	} catch (NoSuchProjectException err) {
	throw new RepositoryNotFoundException(projectName);
	}
	if (!pc.isVisible()) {
	if (pc.getCurrentUser() instanceof AnonymousUser) {
	throw new ServiceNotAuthorizedException();
	} else {
	throw new ServiceNotEnabledException();
	}
	}
	req.setAttribute(ATT_CONTROL, pc);

	return manager.openRepository(pc.getProject().getNameKey());
	}
	}

	static class Upload implements UploadPackFactory<HttpServletRequest> {
	private final Provider<ReviewDb> db;
	private final PackConfig packConfig;
	private final TagCache tagCache;

	@Inject
	Upload(final Provider<ReviewDb> db, final TransferConfig tc,
	final TagCache tagCache) {
	this.db = db;
	this.packConfig = tc.getPackConfig();
	this.tagCache = tagCache;
	}

	@Override
	public UploadPack create(HttpServletRequest req, Repository repo)
	throws ServiceNotEnabledException, ServiceNotAuthorizedException {
	ProjectControl pc = getProjectControl(req);
	if (!pc.canRunUploadPack()) {
	throw new ServiceNotAuthorizedException();
	}

	// The Resolver above already checked READ access for us.
	//
	UploadPack up = new UploadPack(repo);
	up.setPackConfig(packConfig);
	if (!pc.allRefsAreVisible()) {
	up.setRefFilter(new VisibleRefFilter(tagCache, repo, pc, db.get(), true));
	}
	return up;
	}
	}

	static class Receive implements ReceivePackFactory<HttpServletRequest> {
	private final ReceiveCommits.Factory factory;

	@Inject
	Receive(final ReceiveCommits.Factory factory) {
	this.factory = factory;
	}

	@Override
	public ReceivePack create(HttpServletRequest req, Repository db)
	throws ServiceNotEnabledException, ServiceNotAuthorizedException {
	final ProjectControl pc = getProjectControl(req);
	if (!pc.canRunReceivePack()) {
	throw new ServiceNotAuthorizedException();
	}

	if (pc.getCurrentUser() instanceof IdentifiedUser) {
	final IdentifiedUser user = (IdentifiedUser) pc.getCurrentUser();
	final ReceiveCommits rc = factory.create(pc, db);
	final ReceiveCommits.Capable s = rc.canUpload();
	if (s != ReceiveCommits.Capable.OK) {
	// TODO We should alert the user to this message on the HTTP
	// response channel, assuming Git will even report it to them.
	//
	final String who = user.getUserName();
	final String why = s.getMessage();
	log.warn("Rejected push from " + who + ": " + why);
	throw new ServiceNotEnabledException();
	}

	rc.getReceivePack().setRefLogIdent(user.newRefLogIdent());
	req.setAttribute(ATT_RC, rc);
	return rc.getReceivePack();

	} else {
	throw new ServiceNotAuthorizedException();
	}
	}
	}

	static class ReceiveFilter implements Filter {
	private final Cache<AdvertisedObjectsCacheKey, Set<ObjectId>> cache;

	@Inject
	ReceiveFilter(
	@Named(ID_CACHE) Cache<AdvertisedObjectsCacheKey, Set<ObjectId>> cache) {
	this.cache = cache;
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
	FilterChain chain) throws IOException, ServletException {
	boolean isGet =
	"GET".equalsIgnoreCase(((HttpServletRequest) request).getMethod());

	ReceiveCommits rc = (ReceiveCommits) request.getAttribute(ATT_RC);
	ReceivePack rp = rc.getReceivePack();
	ProjectControl pc;
	try {
	pc = getProjectControl(request);
	} catch (ServiceNotEnabledException e) {
	// This shouldn't occur, the parent should have stopped processing.
	throw new ServletException(e);
	}

	Project.NameKey projectName = pc.getProject().getNameKey();

	if (!rp.isCheckReferencedObjectsAreReachable()) {
	if (isGet) {
	rc.advertiseHistory();
	}
	chain.doFilter(request, response);
	return;
	}

	if (!(pc.getCurrentUser() instanceof IdentifiedUser)) {
	chain.doFilter(request, response);
	return;
	}

	AdvertisedObjectsCacheKey cacheKey = new AdvertisedObjectsCacheKey(
	((IdentifiedUser) pc.getCurrentUser()).getAccountId(),
	projectName);

	if (isGet) {
	rc.advertiseHistory();
	cache.remove(cacheKey);
	} else {
	Set<ObjectId> ids = cache.get(cacheKey);
	if (ids != null) {
	rp.getAdvertisedObjects().addAll(ids);
	cache.remove(cacheKey);
	}
	}

	chain.doFilter(request, response);

	if (isGet) {
	cache.put(cacheKey, Collections.unmodifiableSet(
	new HashSet<ObjectId>(rp.getAdvertisedObjects())));
	}
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
	}

	@Override
	public void destroy() {
	}
	}
	}