This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and extendable depending on user needs.
The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Filters can now call hook_write and unhook_write if they want to
redirect writing to stdout to a different function. This saves us from
potential file descriptor pipes and other less efficient mechanisms.
We do this instead of replacing the call in html_raw because some places
stdlib's printf functions are used (ui-patch or within git itself),
which has its own internal buffering, which makes it difficult to
interlace our function calls. So, we dlsym libc's write and then
override it in the link stage.
While we're at it, we move considerations of argument count into the
generic new filter handler.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
At some point, we're going to want to do lazy deallocation of filters.
For example, if we implement lua, we'll want to load the lua runtime
once for each filter, even if that filter is called many times.
Similarly, for persistent exec filters, we'll want to load it once,
despite many open_filter and close_filter calls, and only reap the child
process at the end of the cgit process. For this reason, we add here a
cleanup function that is called at the end of cgit's main().
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Change the existing cgit_{open,close,fprintf}_filter functions to
delegate to filter-specific implementations accessed via function
pointers on the cgit_filter object.
We treat the "exec" filter type slightly specially here by putting its
structure definition in the header file and providing an "init" function
to set up the function pointers. This is required so that the
ui-snapshot.c code that applies a compression filter can continue to use
the filter interface to do so.
Signed-off-by: John Keeping <john@keeping.me.uk>
This stops the code in cgit.c::print_repo needing to inspect the
cgit_filter structure, meaning that we can abstract out different filter
types that will have different fields that need to be printed.
Signed-off-by: John Keeping <john@keeping.me.uk>
This avoids poking into the filter data structure at various points in
the code. We rely on the fact that the number of arguments is fixed
based on the filter type (set in cgit_new_filter) and that the call
sites all know which filter type they're using.
Signed-off-by: John Keeping <john@keeping.me.uk>
It's only used in one place, and not useful to have around since
close_filter will die() if exit_status isn't what it expects, anyway. So
this is best as just a local variable instead of as part of the struct.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
We've long supported negative ttls, for infinite cache, except the
documentation incorrectly showed one of our defaults as being 5 and not
-1. As well, with a negative ttl, we were actually making the HTTP
expired header go backwards. This changes it to go ahead ten years
instead.
Further, we add an cache-about-ttl option to set a different ttl for
about pages, which are now increasingly being filtered through markdown
or just sent statically anyway.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Now this is possible in cgitrc -
readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install
Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
When set to "name", branches are sorted by name, which is the current
default. When set to "age", branches are sorted by the age of the
repository.
This feature was requested by Konstantin Ryabitsev for use on
kernel.org.
Proposed-by: Konstantin Ryabitsev <mricon@kernel.org>
This adds the fmtalloc helper, html_txtf, html_vtxtf, and html_attrf.
These takes a printf style format string like htmlf but escapes the
resulting string. The html_vtxtf variant takes a va_list whereas
html_txtf is variadic.
Signed-off-by: John Keeping <john@keeping.me.uk>
The CGit configuration variable virtual_root is normalized so that it
does not have a trailing '/' character, but it is allowed to be empty
(the empty string and NULL have different meanings here) and there is
code that is insufficiently cautious when checking if it ends in a '/':
if (virtual_root[strlen(virtual_root) - 1] != '/')
Clearly this check is redundant, but rather than simply removing it we
get a slight efficiency improvement by switching the normalization so
that the virtual_root variable always ends in '/'. Do this with a new
"ensure_end" helper.
Signed-off-by: John Keeping <john@keeping.me.uk>
These reflect the values of environment variables and should never be
changed. Add another xstrdup() when we assign environment variables to
strings that are potentially non-constant.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Free reflists in cgit_print_branches() and in cgit_print_tags() before
returning reflist structures to the stack.
This fixes following memory leaks seen with "PATH_INFO=/cgit/refs/":
==5710== 1,312 (32 direct, 1,280 indirect) bytes in 1 blocks are definitely lost in loss record 63 of 71
==5710== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5710== by 0x4C2C2FF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5710== by 0x46CA9B: xrealloc (wrapper.c:100)
==5710== by 0x40AAA6: cgit_add_ref (shared.c:156)
==5710== by 0x40ABC4: cgit_refs_cb (shared.c:186)
==5710== by 0x44BCBA: do_one_ref (refs.c:527)
==5710== by 0x44D240: do_for_each_ref_in_dir (refs.c:553)
==5710== by 0x44D6BA: do_for_each_ref (refs.c:1298)
==5710== by 0x410FE2: cgit_print_branches (ui-refs.c:191)
==5710== by 0x4111E9: cgit_print_refs (ui-refs.c:244)
==5710== by 0x407C85: refs_fn (cmd.c:105)
==5710== by 0x405DDF: process_request (cgit.c:566)
==5710==
==5710== 6,846 (256 direct, 6,590 indirect) bytes in 1 blocks are definitely lost in loss record 68 of 71
==5710== at 0x4C2C25E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5710== by 0x46CA9B: xrealloc (wrapper.c:100)
==5710== by 0x40AAA6: cgit_add_ref (shared.c:156)
==5710== by 0x40ABC4: cgit_refs_cb (shared.c:186)
==5710== by 0x44BCBA: do_one_ref (refs.c:527)
==5710== by 0x44D240: do_for_each_ref_in_dir (refs.c:553)
==5710== by 0x44D6EC: do_for_each_ref (refs.c:1288)
==5710== by 0x4110D5: cgit_print_tags (ui-refs.c:218)
==5710== by 0x4111FD: cgit_print_refs (ui-refs.c:246)
==5710== by 0x407C85: refs_fn (cmd.c:105)
==5710== by 0x405DDF: process_request (cgit.c:566)
==5710== by 0x407490: cache_process (cache.c:322)
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
This is not really needed for personal sites where all repos belong to
the same person. Since it is pretty useful for shared sites however, it
should be configurable.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This makes it possible to use strict commit date ordering or strict
topological ordering by passing the corresponding flags to "git log".
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Flag which, when set to "1", will sort the sections on the repository
listing by name. Set this flag to "0" if the order in the cgitrc file
should be preserved. Default value: "1".
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
After some back and forth with Jamie and René, it looks like the git
config semantics are going to be like this:
- gitweb.category maps to the cgit repo config key "section"
- gitweb.description maps to the cgit repo config key "desc"
- gitweb.owner maps to the cgit repo config key "owner"
- cgit.* maps to all cgit repo config keys
This option can be enabled with "enable-git-config=1", and replaces
all previous "enable-gitweb-*" config keys.
The order of operations is as follows:
- git config settings are applied in the order that they exist in
the git config file
- if the owner is not set from git config, get the owner using the
usual getpwuid call
- if the description is not set from git config, look inside the
static $path/description file
- if section-from-path=1, override whatever previous settings were
inside of git config using the section-from-path logic
- parse $path/cgitrc for local repo.* settings, that override all
previous settings
Add two options, one for doing the ordinary name sorts in a
case-insensitive manner, and another for choosing to sort repos in each
section by age instead of by name.
When side-by-side-diffs=1 was set in cgitrc, specyfing 'ss=0' in the query-
string would not switch to unified diffs. This patch fixes the issue by
introducing a separate variable to track the occurrence of "ss" in the
querystring.
For sites that do not want to configure mime types by hand but
still want the correct mime type for 'plain' blobs, configuring
a mime type file is made possible. This is handy since such a
file is normally already provided (at least on Linux systems).
Also, this reflects the gitweb option '$mimetypes_file'
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
The current 'repo.module-link' option is sufficient when all gitlinks
in a repository can be converted to commit links in a uniform way, but
not when different submodules/paths needs different settings.
This patch adds support for 'repo.module-link.<path>', which will be
used for linking to submodules at paths matching one such entry.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
The current 'clone-prefix' setting has some known issues:
* All repos get the same 'clone-prefix' value since the setting is not
adopted during repo registration (in cgitrc, or during scan-path traversal),
but only when the setting is used.
* The generated clone-urls for a repo is a combination of 'clone-prefix', a
slash and the repo url. This doesn't work well with e.g. ssh-style urls
like 'git@example.org:repo.git', since the inserted slash will make the
repo relative to the filesystem root.
* If 'remove-suffix' is enabled, the generated clone-urls will not work for
cloning (except for http-urls to cgit itself) since they miss the '.git'
suffix.
The new 'clone-url' setting is designed to avoid the mentioned issues:
* Each repo adopts the default 'clone-url' when the repo is defined. This
allows different groups of repos to adopt different values.
* The clone-urls for a repo is generated by expanding environment variables
in a string template without inserting arbitrary characters, hence any
kind of clone-url can be generated.
* Macro expansion also eases the 'remove-suffix' pain since it's now
possible to define e.g. 'clone-url=git://foo.org/$CGIT_REPO_URL.git' for
a set of repos. A furter improvement would be to define e.g.
$CGIT_REPO_SUFFIX to '.git' for all repos which had their url prettified,
or to store the original $CGIT_REPO_URL in e.g. $CGIT_REPO_REAL_URL before
suffix removal.
Reviewed-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When cgit learned to setup environment variables for certain repo
settings before invoking a filter process, the setup occurred inside
cgit_open_filter().
This patch moves the setup out of cgit_open_filter() and into
prepare_repo_cmd() to prepare for additional uses of these variables.
Reviewed-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
To prepare for handing repo configuration to the
filter script that is executed.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Currently the number of extra arguments is linked hard to the type of
the filter. This is also logical since it would be confusing to have
a different number of arguments for the same type of filter depending
on the context under which the filter is run (unless ofcourse one the
parameters would make the context clear, which is currently not the
case).
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
If advertising other URLs to your users, you may not want to make this
available through cgit (e.g. if you have the smart HTTP transport set up
elsewhere). Allow disabling the three magic commands that simulate the
git server, but default it to enabled.
Signed-off-by: Dan McGee <dpmcgee@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Allow for per repo logo and logo-link; Use global logo and logo-link per
default.
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Paths that start with a period ('.') are considered hidden in the Unix world.
scan_path() should arguably not recurse into these directories by default.
This patch makes it so, and introduces the "scan-hidden-path" config variable
for overriding the new default and revert to the old behaviour (scanning _all_
directories, including hidden .directories).
Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <larsh@prediktor.no>
Teach CGit to print an ASCII art commit graph to the left of the commit
message, similar to 'git log --graph'. The graph adds extra lines (table
rows) to the log when needed to add/remove/shuffle edges in the graph.
When 'showmsg' is enabled, the graph is automatically padded to account
for the extra lines added by the commit message/notes.
This feature is controlled by a new config variable: "enable-commit-graph"
(disabled by default), and individual repos can control it by setting
"repo.enable-commit-graph".
Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When using ui-log with path limits, the listing of commits enables parent
rewriting in Git's internal log machinery. This did not work well together
with cgit_diff_commit() which is used to generate the filecount and
linecount numbers for each commit in the log view. cgit_diff_commit() would
operate without any path limits, and would therefore process the full diff
between the commits shown (which, because of parent rewriting, is not the
same as processing the diff for the commit itself). Additionally, the bottom
commit in the log view would (again, because of parent rewriting) have zero
parents, causing us to process the entire diff between the empty tree and
that commit. Since path limits were not in effect, this would (in large
projects) reports thousands of files and millions of lines changed in that
bottom commit.
This patch fixes the issue by applying the same path limit to
cgit_diff_commit() as is applied to the rest of the log view. The result is
that the filecount/linecount now only reflects the diff as it pertains to
the given path limit.
Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This option is used to specify a filename which needs to be present in
the repositories found during `scan-path` processing. By setting this
option to 'git-daemon-export-ok', only repositories explicitly marked
for git daemon export will be included in the cgit configuration.
Signed-off-by: Felix Hanley <felix@seconddrawer.com.au>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Use "__attribute__((format (printf,N,M)))", as is done in git, do catch
mistakes in printf-style format strings.
Signed-off-by: Mark Lodato <lodatom@gmail.com>