#!/usr/bin/perl

use strict;
use warnings;

# === auth-command ===
# the command that GL users actually run

# part of the gitolite (GL) suite

# how run:      via sshd, being listed in "command=" in ssh authkeys
# when:         every login by a GL user
# input:        $1 is GL username, plus $SSH_ORIGINAL_COMMAND
# output:
# security:
#     - currently, we just make some basic checks, copied from gitosis

# robustness:

# other notes:

# ----------------------------------------------------------------------------
#       common definitions
# ----------------------------------------------------------------------------


our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $GL_ADMINDIR);
our %repos;

# the common setup module is in the same directory as this running program is
my $bindir = $0;
$bindir =~ s/\/[^\/]+$//;
require "$bindir/gitolite.pm";

# ask where the rc file is, get it, and "do" it
&where_is_rc();
die "parse $ENV{GL_RC} failed: "       . ($! or $@) unless do $ENV{GL_RC};
# then "do" the compiled config file, whose name we now know
die "parse $GL_CONF_COMPILED failed: " . ($! or $@) unless do $GL_CONF_COMPILED;

# add a custom path for git binaries, if specified
$ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;

# ----------------------------------------------------------------------------
#       definitions specific to this program
# ----------------------------------------------------------------------------

my $R_COMMANDS=qr/^(git[ -]upload-pack|git[ -]upload-archive)$/;
my $W_COMMANDS=qr/^git[ -]receive-pack$/;
my $REPONAME_PATT=qr(^[0-9a-zA-Z][0-9a-zA-Z._/-]*$); # very simple pattern

# ----------------------------------------------------------------------------
#       start...
# ----------------------------------------------------------------------------

# first, fix the biggest gripe I have with gitosis, a 1-line change
my $user=$ENV{GL_USER}=shift;       # there; now that's available everywhere!

# ----------------------------------------------------------------------------
#       sanity checks on SSH_ORIGINAL_COMMAND
# ----------------------------------------------------------------------------

# SSH_ORIGINAL_COMMAND must exist; if not, we die with a nice message
unless ($ENV{SSH_ORIGINAL_COMMAND}) {
    # send back some useful info if no command was given
    print "hello $user, the gitolite version here is ";
    system("cat", "$GL_ADMINDIR/src/VERSION");
    print "\ryou have the following permissions:\n\r";
    for my $r (sort keys %repos) {
        my $perm .= "  R" if $repos{$r}{R}{$user};
        $perm .= "  W" if $repos{$r}{W}{$user};
        print "$perm\t$r\n\r" if $perm;
    }
    exit 1;
}

my $cmd = $ENV{SSH_ORIGINAL_COMMAND};

# split into command and arguments; the pattern allows old style as well as
# new style: "git-subcommand arg" or "git subcommand arg", just like gitosis
# does, although I'm not sure how necessary that is
#
# keep in mind this is how git sends across the command:
#   git-receive-pack 'reponame.git'
# including the single quotes

my ($verb, $repo) = ($cmd =~ /^\s*(git\s+\S+|\S+)\s+'\/?(.*?)(?:.git)?'/);
die "bad command: $cmd.  Make sure the repo name is exactly as in your config\n"
    unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS )
        and  $repo and   $repo =~ $REPONAME_PATT );

# ----------------------------------------------------------------------------
#       first level permissions check
# ----------------------------------------------------------------------------

# we know the user and repo; we just need to know what perm he's trying
my $perm = ($verb =~ $R_COMMANDS ? 'R' : 'W');

die "$perm access for $repo denied to $user\n"
    unless $repos{$repo}{$perm}{$user}
        or $repos{$repo}{$perm}{'@all'};

# ----------------------------------------------------------------------------
#       logging, timestamp.  also setup env vars for later
# ----------------------------------------------------------------------------

# reponame
$ENV{GL_REPO}=$repo;

# timestamp
my ($s, $min, $h, $d, $m, $y) = (localtime)[0..5];
$y += 1900; $m++;               # usual adjustments
for ($s, $min, $h, $d, $m) {
    $_ = "0$_" if $_ < 10;
}
$ENV{GL_TS} = "$y-$m-$d.$h:$min:$s";

# substitute template parameters and set the logfile name 
$GL_LOGT =~ s/%y/$y/g;
$GL_LOGT =~ s/%m/$m/g;
$GL_LOGT =~ s/%d/$d/g;
$ENV{GL_LOG} = $GL_LOGT;

# if log failure isn't important enough to block access, get rid of all the
# error checking
open my $log_fh, ">>", $ENV{GL_LOG}
    or die "open log failed: $!\n";
print $log_fh "$ENV{GL_TS}\t$ENV{SSH_ORIGINAL_COMMAND}\t$user\n";
close $log_fh or die "close log failed: $!\n";

# ----------------------------------------------------------------------------
#       over to git now
# ----------------------------------------------------------------------------

$repo = "'$REPO_BASE/$repo.git'";
exec("git", "shell", "-c", "$verb $repo");
