diff --git a/src/home.js b/src/home.js index 90e3c3d..89a9767 100644 --- a/src/home.js +++ b/src/home.js @@ -15,7 +15,13 @@ function shareAppFolder (name) { } function shareWith (userId, branch = '*', permissions = 'rw') { - fs.appendFileSync(`${APP_HOME}/.git-daemon-export-ok`, `${userId}:${branch}:${permissions}\n`) + if (!fs.existsSync(`${APP_HOME}/.git-daemon-export-ok`)) { + fs.writeFileSync(`${APP_HOME}/.git-daemon-export-ok`, '') + } + if (permissions.split('').some(p => !['r', 'w'].includes(p))) { + throw new Error('Permissions must be r, w or rw') + } + fs.appendFileSync(`${APP_HOME}/.git-daemon-export-ok`, `${userId}\t${branch}\t${permissions}\n`) } function unshareAppFolder (name) { @@ -31,7 +37,12 @@ function isShared (name) { } function getACL (name) { - return fs.readFileSync(`${APP_HOME}/${name}/.git-daemon-export-ok`).toString().split('\n').filter(Boolean) + const entries = fs.readFileSync(`${APP_HOME}/${name}/.git-daemon-export-ok`).toString().split('\n').filter(Boolean) + const res = {} + for (const entry of entries) { + const [userId, branch, permissions] = entry.split('\t') + res[userId] = { branch, permissions } + } } function list (sharedOnly) { diff --git a/src/rpc.js b/src/rpc.js index 9cb8ce0..e24ccca 100755 --- a/src/rpc.js +++ b/src/rpc.js @@ -109,14 +109,10 @@ module.exports = class RPC { if (process.env.GIT_PEAR_AUTH) { if (!request.header) throw new Error('You are not allowed to access this repo') - payload = await acl.getId({ - ...request.body, - payload: request.header - }) - // read .git-daemon-export-ok - // check if payload.userId is presenet there + payload = await acl.getId({ ...request.body, payload: request.header }) const aclList = home.getACL(result.repoName) - if (!aclList.includes(payload.userId)) { + // TODO: read specific permissions for the user + if (!Object.keys(aclList).includes(payload.userId)) { throw new Error('You are not allowed to access this repo') } }