by roundabout, Saturday, 2 December 2023, 10:08:16 (1701511696), pushed by roundabout, Wednesday, 31 July 2024, 06:54:38 (1722408878)
Author identity: vlad <vlad.muntoiu@gmail.com>
93e6321c3d7645c340aac216ec5ff6e272aec62f
app.py
@@ -227,7 +227,7 @@ def main():
return flask.render_template("home.html")
@app.route("/about")
@app.route("/about/")
def about():
return flask.render_template("about.html", platform=platform)
config.py
@@ -15,7 +15,7 @@ AUTH_REALM = "roundabout"
AVATAR_SIZE = (192, 192)
HASHING_ROUNDS = 11
RESERVED_NAMES = ("git", "settings", "logout", "accounts", "info", "alerts", "notifications", "about",)
RESERVED_NAMES = ("git", "settings", "logout", "accounts", "info", "alerts", "notifications", "about", "newrepo")
locking = False
gitHTTP.py
@@ -15,6 +15,9 @@ import datetime
auth = HTTPBasicAuth(realm=config.AUTH_REALM)
@auth.verify_password
def verifyPassword(username, password):
user = User.query.filter_by(username=username).first()
@@ -27,8 +30,10 @@ def verifyPassword(username, password):
@app.route("/git/<username>/<repository>/git-upload-pack", methods=["POST"])
@auth.login_required
@auth.login_required(optional=True)
def gitUploadPack(username, repository):
if auth.current_user() is None and not getVisibility(username, repository):
return authRequired
if not (getVisibility(username, repository) or getPermissionLevel(flask.g.user, username, repository) is not None):
flask.abort(403)
@@ -66,16 +71,23 @@ def gitReceivePack(username, repository):
@app.route("/git/<username>/<repository>/info/refs", methods=["GET"])
@auth.login_required
@auth.login_required(optional=True)
def gitInfoRefs(username, repository):
if not (getVisibility(username, repository) or getPermissionLevel(flask.g.user, username, repository) is not None):
flask.abort(403)
if auth.current_user() is None and (not getVisibility(username, repository) or flask.request.args.get("service") == "git-receive-pack"):
return authRequired
try:
if not (getVisibility(username, repository) or getPermissionLevel(flask.g.user, username, repository) is not None):
flask.abort(403)
except AttributeError:
return authRequired
serverRepoLocation = os.path.join(config.REPOS_PATH, username, repository, ".git")
service = flask.request.args.get("service")
if service.startswith("git"):
service = service[4:]
else:
flask.abort(403)
if service == "receive-pack":
print(getPermissionLevel(flask.g.user, username, repository))