diff options
| -rw-r--r-- | README.md | 23 | ||||
| -rw-r--r-- | cmd/main.go | 1 | ||||
| -rw-r--r-- | gitserver.yaml | 30 | ||||
| -rw-r--r-- | internal/admin/model.go | 10 | ||||
| -rw-r--r-- | internal/authz/middleware.go | 5 | ||||
| -rw-r--r-- | internal/authz/middleware_test.go | 18 | ||||
| -rw-r--r-- | justfile | 11 |
7 files changed, 56 insertions, 42 deletions
@@ -19,24 +19,7 @@ The current focus is for a single user and CI user(s) and intends to become self Tools like gitea are great, but they require things like a DBMS. This increases hosting comlexity and maintenance especially for small teams or single user bases. -### Admin events -triggered by handler? -triggered by hooks? - -* [ ] new repo -* [ ] admin push - -### Git Mgmt - -* [ ] git web export -* [ ] web description - -### Policy Mgmt - -* [x] policy generate -* [x] upsert policies - -## Hooks - -what's the env for this? +# TODO +- [ ] Refactor config to be a versioned model +- [ ] hooks env?
\ No newline at end of file diff --git a/cmd/main.go b/cmd/main.go index 38c3724..84d2fa0 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -25,7 +25,6 @@ var ( func main() { flag.Parse() - print(reposDir) if newToken { token, hash, err := authz.GenerateNewToken() if err != nil { diff --git a/gitserver.yaml b/gitserver.yaml index 5640200..70d8eed 100644 --- a/gitserver.yaml +++ b/gitserver.yaml @@ -2,18 +2,18 @@ name: "go-git-server" version: "v1alpha1" repos: - - name: mgmt - public: false - permissions: - - role: admin - mode: 1 - - name: testmerepo - public: true - git_web_config: - owner: grumps - description: >- - A wrapper to git http-backend providing authentcation and authorization - inspired by gitolite. - permissions: - - role: maintainers - mode: 1 +- name: mgmt + public: false + permissions: + - role: admin + mode: 1 +- name: testmerepo + public: true + git_web_config: + owner: grumps + description: >- + A wrapper to git http-backend providing authentcation and authorization + inspired by gitolite. + permissions: + - role: maintainers + mode: 1 diff --git a/internal/admin/model.go b/internal/admin/model.go index bf97b0f..2b97c5a 100644 --- a/internal/admin/model.go +++ b/internal/admin/model.go @@ -63,9 +63,13 @@ type GitRepo struct { // ServerRepos repos that are part of this server instance type ServerRepos struct { - Name string `json:"name"` - Version string `json:"version"` - Repos []*GitRepo `json:"repos"` + // Name of the configuration + Name string `json:"name"` + // Version of the config file + Version string `json:"version"` + // Repos a list of repos that are managed + Repos []*GitRepo `json:"repos"` + // this is set by the cli on start basePath string } diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go index 6763323..abebcdb 100644 --- a/internal/authz/middleware.go +++ b/internal/authz/middleware.go @@ -54,6 +54,7 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler { urn, ok := ctx.Value(AuthzUrnKey).(string) if !ok || urn == "" { http.Error(rw, "Bad Request", http.StatusBadRequest) + return } repo := req.URL.Path action := req.Method @@ -61,10 +62,12 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler { if err != nil { log.Printf("error running enforce %s", err) http.Error(rw, "Bad Request", http.StatusBadRequest) + return } if !ok { - log.Printf("Access denied") + log.Printf("Not Authorized - attempted access %s", urn) http.Error(rw, "Access denied", http.StatusForbidden) + return } log.Printf("Method %s Url %s", action, repo) next.ServeHTTP(rw, req.WithContext(ctx)) diff --git a/internal/authz/middleware_test.go b/internal/authz/middleware_test.go index 9ed9081..314c24e 100644 --- a/internal/authz/middleware_test.go +++ b/internal/authz/middleware_test.go @@ -1,8 +1,11 @@ package authz import ( + "bytes" "context" "fmt" + "io" + "log" "net/http" "net/http/httptest" "testing" @@ -13,6 +16,10 @@ import ( func junkTestHandler() http.HandlerFunc { return func(rw http.ResponseWriter, req *http.Request) { rw.WriteHeader(http.StatusOK) + _, err := rw.Write([]byte("Im a body")) + if err != nil { + log.Fatalf("couldn't write http body %s", err) + } } } @@ -89,18 +96,21 @@ func TestAuthorization(t *testing.T) { user string expectedStatus int description string + body []byte }{ { url: fmt.Sprintf("%s/%s", baseURL, "repo/url"), user: "uid:jack", expectedStatus: 200, description: "an authorized action should yield a 200", + body: []byte("Im a body"), }, { url: fmt.Sprintf("%s/%s", baseURL, "repo/url/bar"), user: "uid:chumba", expectedStatus: 403, description: "an unauthorized action should yield a 403", + body: []byte("Access denied\n"), }, } svcr := admin.NewService( @@ -120,8 +130,16 @@ func TestAuthorization(t *testing.T) { authHandler.ServeHTTP(recorder, req) result := recorder.Result() defer result.Body.Close() + body, err := io.ReadAll(result.Body) + if err != nil { + t.Fatal("couldn't read response body") + } + if result.StatusCode != tc.expectedStatus { t.Fatalf("Test Case %s failed Expected: %d Found: %d", tc.description, tc.expectedStatus, result.StatusCode) } + if !bytes.Equal(body, tc.body) { + t.Fatalf("Test Case %s failed Expected: %d Found: %d", tc.description, tc.body, body) + } } } @@ -1,12 +1,19 @@ TEMPDIR := `mktemp -d` +alias dr := debug-run +alias dt := debug-test build: CGO=0 go build -o go-git-server cmd/main.go +run: + go run cmd/main.go -s {{justfile_directory()}}/gitserver.yaml -r $(mktemp -d) + test: golangci-lint run go test -v -coverprofile={{ TEMPDIR }}/testcover.out ./... go tool cover -func={{ TEMPDIR }}/testcover.out +debug-run: + dlv debug cmd/main.go -- -s {{justfile_directory()}}/gitserver.yaml -r $(mktemp -d) -debug-test: - dlv test -- -test.v +debug-test pkg: + dlv test {{pkg}} -- -test.v |