From f466308755fb503c0939989633d741a9e4ec8312 Mon Sep 17 00:00:00 2001 From: dzdidi Date: Sun, 28 Jan 2024 14:02:55 +0000 Subject: [PATCH] clean Signed-off-by: dzdidi --- src/acl.js | 20 ++++++++++++++++++++ src/{acl => auth}/index.js | 0 src/{acl => auth}/nip98.js | 0 src/git-remote-pear.js | 9 ++++----- src/home.js | 36 ++---------------------------------- src/rpc.js | 16 +++------------- 6 files changed, 29 insertions(+), 52 deletions(-) create mode 100644 src/acl.js rename src/{acl => auth}/index.js (100%) rename src/{acl => auth}/nip98.js (100%) diff --git a/src/acl.js b/src/acl.js new file mode 100644 index 0000000..4216d19 --- /dev/null +++ b/src/acl.js @@ -0,0 +1,20 @@ +const home = require('./home') + +const roles = { + admin: { + description: 'Read and write to all branches', + }, + contributor: { + description: 'Read and write to all branches except protected ones', + }, + viewer: { + description: 'Read all branches', + }, +} +const DEFAULT_ACL = { + visibibility: 'public', // public|private + protectedBranches: ['master'], + ACL: {} +} + + diff --git a/src/acl/index.js b/src/auth/index.js similarity index 100% rename from src/acl/index.js rename to src/auth/index.js diff --git a/src/acl/nip98.js b/src/auth/nip98.js similarity index 100% rename from src/acl/nip98.js rename to src/auth/nip98.js diff --git a/src/git-remote-pear.js b/src/git-remote-pear.js index 0cc08b3..4824212 100755 --- a/src/git-remote-pear.js +++ b/src/git-remote-pear.js @@ -11,7 +11,7 @@ const crypto = require('hypercore-crypto') const git = require('./git.js') const home = require('./home') -const acl = require('./acl') +const auth = require('./auth') const fs = require('fs') @@ -42,7 +42,7 @@ swarm.on('connection', async (socket) => { let payload = { body: { url, method: 'get-repos' } } if (process.env.GIT_PEAR_AUTH) { - payload.header = await acl.getToken(payload.body) + payload.header = await auth.getToken(payload.body) } const reposRes = await rpc.request('get-repos', Buffer.from(JSON.stringify(payload))) @@ -71,10 +71,9 @@ swarm.on('connection', async (socket) => { await drive.core.update({ wait: true }) - // TODO: ACL payload = { body: { url, method: 'get-refs', data: repoName }} if (process.env.GIT_PEAR_AUTH) { - payload.header = await acl.getToken(payload.body) + payload.header = await auth.getToken(payload.body) } const refsRes = await rpc.request('get-refs', Buffer.from(JSON.stringify(payload))) @@ -128,7 +127,7 @@ async function talkToGit (refs, drive, repoName, rpc, commit) { method } } if (process.env.GIT_PEAR_AUTH) { - payload.header = await acl.getToken(payload.body) + payload.header = await auth.getToken(payload.body) } const res = await rpc.request(method, Buffer.from(JSON.stringify(payload))) diff --git a/src/home.js b/src/home.js index 4ac2dad..e2d8162 100644 --- a/src/home.js +++ b/src/home.js @@ -10,38 +10,10 @@ function createAppFolder (name) { fs.mkdirSync(`${APP_HOME}/${name}/code`, { recursive: true }) } -function shareAppFolder (name, entry) { - const p = `${APP_HOME}/${name}/.git-daemon-export-ok` - fs.openSync(p, 'a') - const aclFile = fs.readFileSync(p, 'utf8') - const aclJson = JSON.parse(aclFile || '{ "protectedBranches": ["master"], "ACL": {}}') - - let [userId = '*', permissions = 'r', branch = '*'] = entry?.split(':') || [] - - if (!aclJson.ACL[userId]) aclJson.ACL[userId] = { [branch]: permissions } - fs.writeFileSync(p, JSON.stringify(aclJson)) +function shareAppFolder (name) { + fs.openSync(`${APP_HOME}/${name}/.git-daemon-export-ok`, 'w') } -function addProtectedBranch (name, branch) { - const aclFile = fs.readFileSync(`${APP_HOME}/${name}/.git-daemon-export-ok`, 'utf8') - const aclJson = JSON.parse(aclFile || '{ "protectedBranches": [], "ACL": {}}') - if (!aclJson.protectedBranches.includes(branch)) aclJson.protectedBranches.push(branch) - fs.writeFileSync(aclFile, JSON.stringify(aclJson)) -} - -function removeProtectedBranch (name, branch) { - const aclFile = fs.readFileSync(`${APP_HOME}/${name}/.git-daemon-export-ok`, 'a') - const aclJson = JSON.parse(aclFile || '{ "protectedBranches": [], "ACL": {}}') - aclJson.protectedBranches = aclJson.protectedBranches.filter(b => b !== branch) - fs.writeFileSync(aclFile, JSON.stringify(aclJson)) -} - -function removeUserFromACL (name, userId) { - const aclFile = fs.readFileSync(`${APP_HOME}/${name}/.git-daemon-export-ok`, 'a') - const aclJson = JSON.parse(aclFile || '{ "protectedBranches": [], "ACL": {}}') - delete aclJson.ACL[userId] - fs.writeFileSync(aclFile, JSON.stringify(aclJson)) -} function unshareAppFolder (name) { fs.unlinkSync(`${APP_HOME}/${name}/.git-daemon-export-ok`) @@ -57,10 +29,6 @@ function isShared (name) { function getACL (name) { if (!fs.existsSync(`${APP_HOME}/${name}/.git-daemon-export-ok`)) throw new Error('Repo is not shared') - - const aclFile = fs.readFileSync(`${APP_HOME}/${name}/.git-daemon-export-ok`, 'utf8') - aclJson = JSON.parse(aclFile || '{ "protectedBranches": [], "ACL": {}}') - return aclJson } function list (sharedOnly) { diff --git a/src/rpc.js b/src/rpc.js index 9ba949b..b089e19 100755 --- a/src/rpc.js +++ b/src/rpc.js @@ -1,7 +1,7 @@ const ProtomuxRPC = require('protomux-rpc') const { spawn } = require('child_process') const home = require('./home') -const acl = require('./acl') +const auth = require('./auth') module.exports = class RPC { constructor (announcedRefs, repositories, drives) { @@ -98,7 +98,7 @@ module.exports = class RPC { }) } - async parseReq(publicKey, req, access, branch = '*') { + async parseReq(publicKey, req) { if (!req) throw new Error('Request is empty') let request = JSON.parse(req.toString()) const parsed = { @@ -116,22 +116,12 @@ module.exports = class RPC { if (process.env.GIT_PEAR_AUTH === 'naitive') { userId = publicKey } else { - userId = (await acl.getId({ ...request.body, payload: request.header })).userId + userId = (await auth.getId({ ...request.body, payload: request.header })).userId } const aclObj = home.getACL(parsed.repoName) const userACL = aclObj[userId] || aclObj['*'] if (!userACL) throw new Error('You are not allowed to access this repo') - if (aclObj.protectecBranches.includes(branch)) { - // protected branch must have exaplicit access grant - if (access === 'w') { - - } else { - // - } - } else { - - } return parsed }