Commit Graph

244 Commits

Author SHA1 Message Date
Jason A. Donenfeld
d6e9200cc3 auth: add basic authentication filter framework
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.

Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.

Very plugable and extendable depending on user needs.

The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16 02:28:12 +01:00
Jason A. Donenfeld
a5e1553726 filter: add support for email filter
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
e83b51b4f6 filter: basic write hooking infrastructure
Filters can now call hook_write and unhook_write if they want to
redirect writing to stdout to a different function. This saves us from
potential file descriptor pipes and other less efficient mechanisms.

We do this instead of replacing the call in html_raw because some places
stdlib's printf functions are used (ui-patch or within git itself),
which has its own internal buffering, which makes it difficult to
interlace our function calls. So, we dlsym libc's write and then
override it in the link stage.

While we're at it, we move considerations of argument count into the
generic new filter handler.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
d750c7a2c9 filter: allow for cleanup hook for filter types
At some point, we're going to want to do lazy deallocation of filters.
For example, if we implement lua, we'll want to load the lua runtime
once for each filter, even if that filter is called many times.
Similarly, for persistent exec filters, we'll want to load it once,
despite many open_filter and close_filter calls, and only reap the child
process at the end of the cgit process. For this reason, we add here a
cleanup function that is called at the end of cgit's main().

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
John Keeping
7bd90b8048 filter: add interface layer
Change the existing cgit_{open,close,fprintf}_filter functions to
delegate to filter-specific implementations accessed via function
pointers on the cgit_filter object.

We treat the "exec" filter type slightly specially here by putting its
structure definition in the header file and providing an "init" function
to set up the function pointers.  This is required so that the
ui-snapshot.c code that applies a compression filter can continue to use
the filter interface to do so.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14 02:00:07 +01:00
John Keeping
632efb25c0 filter: add fprintf_filter function
This stops the code in cgit.c::print_repo needing to inspect the
cgit_filter structure, meaning that we can abstract out different filter
types that will have different fields that need to be printed.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14 02:00:07 +01:00
John Keeping
3d8a6507ca filter: pass extra arguments via cgit_open_filter
This avoids poking into the filter data structure at various points in
the code.  We rely on the fact that the number of arguments is fixed
based on the filter type (set in cgit_new_filter) and that the call
sites all know which filter type they're using.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 20:20:20 +01:00
Jason A. Donenfeld
3eae406934 filter: split filter functions into their own file
A first step for more interesting things.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-10 17:45:43 +01:00
Jason A. Donenfeld
b67ea0c022 filter: make exit status local
It's only used in one place, and not useful to have around since
close_filter will die() if exit_status isn't what it expects, anyway. So
this is best as just a local variable instead of as part of the struct.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-10 17:45:43 +01:00
Jason A. Donenfeld
61ff10065b cache: document negative ttls and add about ttl
We've long supported negative ttls, for infinite cache, except the
documentation incorrectly showed one of our defaults as being 5 and not
-1. As well, with a negative ttl, we were actually making the HTTP
expired header go backwards. This changes it to go ahead ten years
instead.

Further, we add an cache-about-ttl option to set a different ttl for
about pages, which are now increasingly being filtered through markdown
or just sent statically anyway.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-08-12 13:14:10 -06:00
Jason A. Donenfeld
dcbc0438b2 readme: use string_list instead of space deliminations
Now this is possible in cgitrc -

readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install

Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-26 16:30:03 +02:00
Jason A. Donenfeld
389cc17357 Add branch-sort and repo.branch-sort options.
When set to "name", branches are sorted by name, which is the current
default. When set to "age", branches are sorted by the age of the
repository.

This feature was requested by Konstantin Ryabitsev for use on
kernel.org.

Proposed-by: Konstantin Ryabitsev <mricon@kernel.org>
2013-04-10 14:48:26 +02:00
John Keeping
d2e20e3814 shared.c: add strbuf_ensure_end
This is a small helper so that we can easily ensure that a strbuf ends
with the specified character.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08 16:10:11 +02:00
John Keeping
fd00d2f9d6 html.c: add various strbuf and varadic helpers
This adds the fmtalloc helper, html_txtf, html_vtxtf, and html_attrf.

These takes a printf style format string like htmlf but escapes the
resulting string.  The html_vtxtf variant takes a va_list whereas
html_txtf is variadic.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08 16:10:11 +02:00
John Keeping
57d09bf448 Mark char* fields in struct cgit_page as const
Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08 15:59:51 +02:00
John Keeping
b1f17f168b Fix out-of-bounds memory accesses with virtual_root=""
The CGit configuration variable virtual_root is normalized so that it
does not have a trailing '/' character, but it is allowed to be empty
(the empty string and NULL have different meanings here) and there is
code that is insufficiently cautious when checking if it ends in a '/':

	if (virtual_root[strlen(virtual_root) - 1] != '/')

Clearly this check is redundant, but rather than simply removing it we
get a slight efficiency improvement by switching the normalization so
that the virtual_root variable always ends in '/'.  Do this with a new
"ensure_end" helper.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08 15:59:46 +02:00
Lukas Fleischer
3a84324379 Maŕk cgit_environment members const
These reflect the values of environment variables and should never be
changed. Add another xstrdup() when we assign environment variables to
strings that are potentially non-constant.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-04-08 15:43:17 +02:00
Lukas Fleischer
1268afe836 Free reflists after usage
Free reflists in cgit_print_branches() and in cgit_print_tags() before
returning reflist structures to the stack.

This fixes following memory leaks seen with "PATH_INFO=/cgit/refs/":

    ==5710== 1,312 (32 direct, 1,280 indirect) bytes in 1 blocks are definitely lost in loss record 63 of 71
    ==5710==    at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5710==    by 0x4C2C2FF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5710==    by 0x46CA9B: xrealloc (wrapper.c:100)
    ==5710==    by 0x40AAA6: cgit_add_ref (shared.c:156)
    ==5710==    by 0x40ABC4: cgit_refs_cb (shared.c:186)
    ==5710==    by 0x44BCBA: do_one_ref (refs.c:527)
    ==5710==    by 0x44D240: do_for_each_ref_in_dir (refs.c:553)
    ==5710==    by 0x44D6BA: do_for_each_ref (refs.c:1298)
    ==5710==    by 0x410FE2: cgit_print_branches (ui-refs.c:191)
    ==5710==    by 0x4111E9: cgit_print_refs (ui-refs.c:244)
    ==5710==    by 0x407C85: refs_fn (cmd.c:105)
    ==5710==    by 0x405DDF: process_request (cgit.c:566)
    ==5710==
    ==5710== 6,846 (256 direct, 6,590 indirect) bytes in 1 blocks are definitely lost in loss record 68 of 71
    ==5710==    at 0x4C2C25E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5710==    by 0x46CA9B: xrealloc (wrapper.c:100)
    ==5710==    by 0x40AAA6: cgit_add_ref (shared.c:156)
    ==5710==    by 0x40ABC4: cgit_refs_cb (shared.c:186)
    ==5710==    by 0x44BCBA: do_one_ref (refs.c:527)
    ==5710==    by 0x44D240: do_for_each_ref_in_dir (refs.c:553)
    ==5710==    by 0x44D6EC: do_for_each_ref (refs.c:1288)
    ==5710==    by 0x4110D5: cgit_print_tags (ui-refs.c:218)
    ==5710==    by 0x4111FD: cgit_print_refs (ui-refs.c:246)
    ==5710==    by 0x407C85: refs_fn (cmd.c:105)
    ==5710==    by 0x405DDF: process_request (cgit.c:566)
    ==5710==    by 0x407490: cache_process (cache.c:322)

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-03-04 19:55:12 -05:00
John Keeping
2ab1cd9f3b Update git to v1.7.7.7
This release changes the archive interface so that we now need to pass
argv into write_archive().

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-03-02 10:38:03 -05:00
Florian Pritz
b1e172acca Make "owner" column on index page configurable
This is not really needed for personal sites where all repos belong to
the same person. Since it is pretty useful for shared sites however, it
should be configurable.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-02-01 12:50:24 +01:00
Tobias Bieniek
792f813d34 ui-log: Add "commit-sort" option for controlling commit ordering
This makes it possible to use strict commit date ordering or strict
topological ordering by passing the corresponding flags to "git log".

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2012-10-17 16:30:29 +02:00
Tobias Bieniek
7a4e7c8ffb ui-repolist: Add "section-sort" flag to control section sorting.
Flag which, when set to "1", will sort the sections on the repository
listing by name. Set this flag to "0" if the order in the cgitrc file
should be preserved. Default value: "1".

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2012-10-17 16:30:22 +02:00
Jason A. Donenfeld
521e10c884 scan-tree: Unify gitweb.* and cgit.* settings into one config option.
After some back and forth with Jamie and René, it looks like the git
config semantics are going to be like this:

- gitweb.category maps to the cgit repo config key "section"
- gitweb.description maps to the cgit repo config key "desc"
- gitweb.owner maps to the cgit repo config key "owner"
- cgit.* maps to all cgit repo config keys

This option can be enabled with "enable-git-config=1", and replaces
all previous "enable-gitweb-*" config keys.

The order of operations is as follows:

- git config settings are applied in the order that they exist in
  the git config file
- if the owner is not set from git config, get the owner using the
  usual getpwuid call
- if the description is not set from git config, look inside the
  static $path/description file
- if section-from-path=1, override whatever previous settings were
  inside of git config using the section-from-path logic
- parse $path/cgitrc for local repo.* settings, that override all
  previous settings
2012-10-17 16:30:09 +02:00
Jason A. Donenfeld
fdfb6a6d80 ui-repolist: Rename section-sort to repository-sort.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2012-10-16 23:32:53 +02:00
Jason A. Donenfeld
184c5655b2 ui-repolist: Case insensitive sorting and age sort
Add two options, one for doing the ordinary name sorts in a
case-insensitive manner, and another for choosing to sort repos in each
section by age instead of by name.
2012-07-12 20:01:46 +02:00
Jason A. Donenfeld
fc9181ff3d scan-tree: Support gitweb.category.
Use gitweb.category from git config to determine repo's section, if
option is enabled.
2012-07-12 20:01:46 +02:00
Jason A. Donenfeld
b56be4ba3a scan-tree: Support gitweb.description.
Use gitweb.description instead of description file to determine
description, if option is enabled.
2012-07-12 20:01:46 +02:00
Lars Hjemli
ae90a0b2d1 Merge branch 'fh/mimetypes' 2012-03-18 21:01:28 +00:00
Lars Hjemli
2b9fab8d30 Merge branch 'lh/module-links' 2012-03-18 20:59:36 +00:00
Lars Hjemli
04254fa903 Merge branch 'stable' 2012-01-03 16:06:58 +00:00
Tim Chen
f2ced535e9 Fix diff mode switching when side-by-side-diffs=1
When side-by-side-diffs=1 was set in cgitrc, specyfing 'ss=0' in the query-
string would not switch to unified diffs. This patch fixes the issue by
introducing a separate variable to track the occurrence of "ss" in the
querystring.
2012-01-03 16:02:14 +00:00
Ferry Huberts
d01c600c17 ui_plain: automatically lookup mimetype when mimetype-file is set
For sites that do not want to configure mime types by hand but
still want the correct mime type for 'plain' blobs, configuring
a mime type file is made possible. This is handy since such a
file is normally already provided (at least on Linux systems).

Also, this reflects the gitweb option '$mimetypes_file'

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-07-19 09:30:07 +00:00
Lars Hjemli
6857bec50a ui-tree.c: add support for path-selected submodule links
The current 'repo.module-link' option is sufficient when all gitlinks
in a repository can be converted to commit links in a uniform way, but
not when different submodules/paths needs different settings.

This patch adds support for 'repo.module-link.<path>', which will be
used for linking to submodules at paths matching one such entry.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-15 10:40:13 +02:00
Lars Hjemli
a1429dbc89 cgit.c: add 'clone-url' setting with support for macro expansion
The current 'clone-prefix' setting has some known issues:
* All repos get the same 'clone-prefix' value since the setting is not
  adopted during repo registration (in cgitrc, or during scan-path traversal),
  but only when the setting is used.
* The generated clone-urls for a repo is a combination of 'clone-prefix', a
  slash and the repo url. This doesn't work well with e.g. ssh-style urls
  like 'git@example.org:repo.git', since the inserted slash will make the
  repo relative to the filesystem root.
* If 'remove-suffix' is enabled, the generated clone-urls will not work for
  cloning (except for http-urls to cgit itself) since they miss the '.git'
  suffix.

The new 'clone-url' setting is designed to avoid the mentioned issues:
* Each repo adopts the default 'clone-url' when the repo is defined. This
  allows different groups of repos to adopt different values.
* The clone-urls for a repo is generated by expanding environment variables
  in a string template without inserting arbitrary characters, hence any
  kind of clone-url can be generated.
* Macro expansion also eases the 'remove-suffix' pain since it's now
  possible to define e.g. 'clone-url=git://foo.org/$CGIT_REPO_URL.git' for
  a set of repos. A furter improvement would be to define e.g.
  $CGIT_REPO_SUFFIX to '.git' for all repos which had their url prettified,
  or to store the original $CGIT_REPO_URL in e.g. $CGIT_REPO_REAL_URL before
  suffix removal.

Reviewed-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-13 23:04:30 +00:00
Lars Hjemli
3ec6b30950 cgit.c: always setup cgit repo environment variables
When cgit learned to setup environment variables for certain repo
settings before invoking a filter process, the setup occurred inside
cgit_open_filter().

This patch moves the setup out of cgit_open_filter() and into
prepare_repo_cmd() to prepare for additional uses of these variables.

Reviewed-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-13 23:03:46 +00:00
Lars Hjemli
ab350a77b1 Merge branch 'fh/filter-api'
Conflicts:
	cgit.c
2011-05-23 23:28:38 +02:00
Lars Hjemli
4837fddc35 Merge branch 'dm/disable-clone' 2011-05-14 20:00:33 +02:00
Ferry Huberts
d87bba846d cgit_open_filter: also take the repo as a parameter
To prepare for handing repo configuration to the
filter script that is executed.

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26 11:03:42 +01:00
Ferry Huberts
9240a828d1 new_filter: determine extra_args from filter type
Currently the number of extra arguments is linked hard to the type of
the filter. This is also logical since it would be confusing to have
a different number of arguments for the same type of filter depending
on the context under which the filter is run (unless ofcourse one the
parameters would make the context clear, which is currently not the
case).

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26 11:03:41 +01:00
Dan McGee
42231328d3 Allow disabling of HTTP clone URLs
If advertising other URLs to your users, you may not want to make this
available through cgit (e.g. if you have the smart HTTP transport set up
elsewhere). Allow disabling the three magic commands that simulate the
git server, but default it to enabled.

Signed-off-by: Dan McGee <dpmcgee@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19 15:00:18 +01:00
Lars Hjemli
979c460e7f Merge branch 'br/misc'
* br/misc:
  Use transparent background for the cgit logo
  ssdiff: anchors for ssdiff
  implement repo.logo and repo.logo-link
2011-02-19 14:51:00 +01:00
Bernhard Reutner-Fischer
808c685ebb implement repo.logo and repo.logo-link
Allow for per repo logo and logo-link; Use global logo and logo-link per
default.

Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19 14:41:39 +01:00
Lars Hjemli
fb9e6d1594 Merge branch 'jh/scan-path'
* jh/scan-path:
  scan_path(): Do not recurse into hidden directories by default
  scan_path(): Improve handling of inaccessible directories
2011-02-19 14:25:55 +01:00
Johan Herland
df522794c3 scan_path(): Do not recurse into hidden directories by default
Paths that start with a period ('.') are considered hidden in the Unix world.
scan_path() should arguably not recurse into these directories by default.
This patch makes it so, and introduces the "scan-hidden-path" config variable
for overriding the new default and revert to the old behaviour (scanning _all_
directories, including hidden .directories).

Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <larsh@prediktor.no>
2011-02-19 14:25:14 +01:00
Johan Herland
9a8d39c668 ui-log: Implement support for commit graphs
Teach CGit to print an ASCII art commit graph to the left of the commit
message, similar to 'git log --graph'. The graph adds extra lines (table
rows) to the log when needed to add/remove/shuffle edges in the graph.

When 'showmsg' is enabled, the graph is automatically padded to account
for the extra lines added by the commit message/notes.

This feature is controlled by a new config variable: "enable-commit-graph"
(disabled by default), and individual repos can control it by setting
"repo.enable-commit-graph".

Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-11-16 08:18:36 +01:00
Johan Herland
1415f3f3e0 ui-log: Fix filecount/linecount when path limit is in effect
When using ui-log with path limits, the listing of commits enables parent
rewriting in Git's internal log machinery. This did not work well together
with cgit_diff_commit() which is used to generate the filecount and
linecount numbers for each commit in the log view. cgit_diff_commit() would
operate without any path limits, and would therefore process the full diff
between the commits shown (which, because of parent rewriting, is not the
same as processing the diff for the commit itself). Additionally, the bottom
commit in the log view would (again, because of parent rewriting) have zero
parents, causing us to process the entire diff between the empty tree and
that commit. Since path limits were not in effect, this would (in large
projects) reports thousands of files and millions of lines changed in that
bottom commit.

This patch fixes the issue by applying the same path limit to
cgit_diff_commit() as is applied to the rest of the log view. The result is
that the filecount/linecount now only reflects the diff as it pertains to
the given path limit.

Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-11-09 16:37:39 +01:00
Felix Hanley
e0c6f23789 Add strict-export option
This option is used to specify a filename which needs to be present in
the repositories found during `scan-path` processing. By setting this
option to 'git-daemon-export-ok', only repositories explicitly marked
for git daemon export will be included in the cgit configuration.

Signed-off-by: Felix Hanley <felix@seconddrawer.com.au>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-11-08 19:41:13 +01:00
Lars Hjemli
a9d6e6e695 Merge branch 'ml/bugfix' 2010-09-19 19:00:05 +02:00
Lars Hjemli
536c7a1eb2 Merge branch 'lh/section-from-path'
Conflicts:
	scan-tree.c
2010-09-19 18:46:17 +02:00
Mark Lodato
a4c58d92bf use __attribute__ to catch printf format mistakes
Use "__attribute__((format (printf,N,M)))", as is done in git, do catch
mistakes in printf-style format strings.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-09-04 11:11:40 -04:00