From 781ddb65dbfe977f9f0ffef11eb975d51160c982 Mon Sep 17 00:00:00 2001
From: dzdidi <deniszalessky@gmail.com>
Date: Thu, 25 Jan 2024 21:39:59 +0000
Subject: [PATCH] dummy acl

Signed-off-by: dzdidi <deniszalessky@gmail.com>
---
 src/home.js |  5 +++++
 src/rpc.js  | 17 ++++++++++++-----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/home.js b/src/home.js
index a7db197..90e3c3d 100644
--- a/src/home.js
+++ b/src/home.js
@@ -30,6 +30,10 @@ function isShared (name) {
   return fs.existsSync(`${APP_HOME}/${name}/.git-daemon-export-ok`)
 }
 
+function getACL (name) {
+  return fs.readFileSync(`${APP_HOME}/${name}/.git-daemon-export-ok`).toString().split('\n').filter(Boolean)
+}
+
 function list (sharedOnly) {
   const repos = fs.readdirSync(APP_HOME)
   if (!sharedOnly) return repos.filter(r => !r.startsWith('.') && isInitialized(r))
@@ -125,4 +129,5 @@ module.exports = {
   isDaemonRunning,
   removeDaemonPid,
   shareWith,
+  getACL,
 }
diff --git a/src/rpc.js b/src/rpc.js
index 9b67540..e872d8e 100755
--- a/src/rpc.js
+++ b/src/rpc.js
@@ -101,17 +101,24 @@ module.exports = class RPC {
   async parseReq(req) {
     let payload
     let request = JSON.parse(req.toString())
+    const result = {
+      repoName: request.body.url?.split('/')?.pop(),
+      branch: request.body.data?.split('#')[0],
+      url: request.body.url
+    }
     if (process.env.GIT_PEAR_AUTH) {
       payload = await acl.getId({
         ...request.body,
         payload: request.header
       })
+      // read .git-daemon-export-ok 
+      // check if payload.userId is presenet there
+      const aclList = home.getACL(result.repoName)
+      if (!aclList.includes(payload.userId)) {
+        throw new Error(`You are not allowed to access this repo: ${payload.userId}`)
+      }
     }
 
-    return {
-      repoName: request.body.url?.split('/')?.pop(),
-      branch: request.body.data?.split('#')[0],
-      url: request.body.url
-    }
+    return result
   }
 }