Branch restrictions — fully enforced:
CRUD rules with pattern (exact or glob like release/*), requirePR, blockForcePush, bypass user list Enforcement via pkt-line parsing inside the git HTTP handler — before any data reaches git http-backend, each ref update is extracted and checked against stored rules Direct push to main with requirePR: true → 403 with message; push to unprotected branches still works Inline checkboxes in the UI update rules immediately Branching model — stored config: GET/PUT per repo, defaults to feature/bugfix/release/hotfix prefixes Toggle enabled/disabled, custom prefix per type with live preview No enforcement (naming guide only, as Bitbucket does) Merge strategies — enforced in PR merge endpoint: GET/PUT per repo, defaults all three allowed Merge handler now accepts strategy: "merge"|"squash"|"rebase" in request body, checks against stored policy Disallowed strategy → 409 with clear error; allowed strategy → merges and fires pull_request webhook Must have at least one strategy enabled (validated server-side) Webhooks — full delivery with HMAC: CRUD with title, URL, secret (optional), events (push/pull_request/issue), active toggle Test button sends live HTTP POST to the configured URL and shows status code in UI FireWebhooks() fires asynchronously from PR merge and can be called from any handler X-ForgeBucket-Signature-256: sha256=<hmac> header when secret is set Last delivery status and timestamp stored on webhook record and shown in list
This commit is contained in:
@@ -2,6 +2,7 @@ package handlers
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
@@ -104,6 +105,17 @@ func (h *GitHTTPHandler) ServeGit(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
_ = authedReadOnly
|
||||
|
||||
// Branch protection check: parse pkt-lines from the receive-pack body,
|
||||
// check each ref against stored protection rules, then restore the body.
|
||||
if service == "git-receive-pack" {
|
||||
if reason, newBody := checkProtectionsFromBody(h.db, repo.ID, authedUser, r.Body); reason != "" {
|
||||
http.Error(w, reason, http.StatusForbidden)
|
||||
return
|
||||
} else {
|
||||
r.Body = io.NopCloser(newBody)
|
||||
}
|
||||
}
|
||||
|
||||
// Build PATH_INFO: /{reponame}.git/{suffix}
|
||||
// Strip the /{owner}/{repoGit} prefix from the raw URL path to get the suffix.
|
||||
prefix := "/" + owner + "/" + repoGit
|
||||
@@ -226,3 +238,58 @@ func runGitBackend(ctx context.Context, w http.ResponseWriter, body io.Reader, g
|
||||
}
|
||||
return waitErr
|
||||
}
|
||||
|
||||
// checkProtectionsFromBody parses git pkt-line ref updates from a receive-pack body,
|
||||
// checks each ref against stored branch protection rules, and returns a denial reason
|
||||
// (or "") plus a restored reader so the body can still be passed to http-backend.
|
||||
func checkProtectionsFromBody(db *xorm.Engine, repoID int64, pusher string, body io.Reader) (reason string, restored io.Reader) {
|
||||
var buf bytes.Buffer
|
||||
zeroOID := strings.Repeat("0", 40)
|
||||
|
||||
for {
|
||||
// Every pkt-line starts with a 4-hex-digit length that includes itself.
|
||||
lenBuf := make([]byte, 4)
|
||||
if _, err := io.ReadFull(body, lenBuf); err != nil {
|
||||
break
|
||||
}
|
||||
buf.Write(lenBuf)
|
||||
|
||||
pktLen64, err := strconv.ParseInt(string(lenBuf), 16, 32)
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
if pktLen64 == 0 {
|
||||
// Flush packet — end of ref-update list.
|
||||
break
|
||||
}
|
||||
dataLen := int(pktLen64) - 4
|
||||
if dataLen <= 0 {
|
||||
break
|
||||
}
|
||||
data := make([]byte, dataLen)
|
||||
if _, err := io.ReadFull(body, data); err != nil {
|
||||
break
|
||||
}
|
||||
buf.Write(data)
|
||||
|
||||
// Strip NUL-separated capabilities (only on first pkt-line) and trailing newline.
|
||||
line := strings.TrimRight(strings.SplitN(string(data), "\x00", 2)[0], "\n")
|
||||
parts := strings.SplitN(line, " ", 3)
|
||||
if len(parts) != 3 {
|
||||
continue
|
||||
}
|
||||
oldRev, newRev, refname := parts[0], parts[1], parts[2]
|
||||
|
||||
// New branches (oldRev all zeros) are not subject to protection.
|
||||
if oldRev == zeroOID {
|
||||
continue
|
||||
}
|
||||
// Detect force push: if newRev is all zeros it's a branch deletion.
|
||||
isForcePush := newRev == zeroOID
|
||||
|
||||
if msg := CheckBranchProtection(db, repoID, pusher, refname, isForcePush); msg != "" {
|
||||
return msg, io.MultiReader(&buf, body)
|
||||
}
|
||||
}
|
||||
return "", io.MultiReader(&buf, body)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user