blob: 63f4e6ea2b273189bdc1f84cbe4bfef623a686dd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
# go-git-server
`go-git-server` is an experimental web server that provides authentication and authorization for git repositories.
An attempt at a secure Git HTTP server implementation in Go that provides authentication and authorization, inspired by Gitolite.
## Design
Initially `go-git-server` wraps the built-in git-http-backend CGI process. This is done to provide complete compatibility out of the box. In the future a native go backend could be created but there's no compelling story to re-write the backend.
Authentication is done using a token that is generated by the server and is a fixed length 28 with the full 255 character range vs the normal ASCII range. The secret is then base64 encoded. Potentially in the future an OAuth token or client side TLS could be implemented.
Authorization is implemented using [casbin.](https://github.com/casbin/casbin) Casbin allows for a flexible authorization models that can potentially provide some extensive controls.
## Focus
The current focus is for a single user and CI user(s) and intends to become self hosted as soon as possible. The focus is to simplify ongoing maintance and hosting simplicity. It's specifically designed for running in kubernetes.
## Why
Tools like gitea are great, but they require things like a DBMS. This increases hosting comlexity and maintenance especially for small teams or single user bases.
## Features
- Git HTTP backend wrapper with authentication
- Token-based authentication
- Role-based access control using Casbin
- Git repository management
- Configuration via Git (optional management repo)
- GitWeb support
## Installation
```bash
# Clone the repository
git clone https://git.ofmax.li/go-git-server
cd go-git-server
# Build the binary
go build ./cmd/main.go
```
## Usage
Start the server:
```bash
./main -r /path/to/repos -t tokens.csv -p policy.csv -m auth_model.ini
```
### Generate Authentication Token
```bash
./main -g
```
This will output a token and its hash. Add the hash to your tokens.csv file.
## Configuration
### Server Configuration (gitserver.yaml)
```yaml
name: "go-git-server"
version: "v1alpha1"
basepath: ./repos
repos:
- name: myrepo
public: false
permissions:
- role: maintainers
mode: 1
git_web_config:
owner: username
description: Repository description
```
### Authentication Model (auth_model.ini)
The authentication model uses Casbin for role-based access control.
### Token File (tokens.csv)
Format:
```
uid:username,hash
```
## Development
Requirements:
- Go 1.21+
- Git
Run tests:
```bash
go test ./...
```
## License
This project is licensed under the MIT License - see the LICENSE file for details.
# TODO
- [ ] Refactor config to be a versioned model
- [ ] hooks env?
|
