tjh.dev / test
forked from tangled.org/core
Mirror of @tangled.org/core. Running on a Raspberry Pi Zero 2 (Please be gentle).
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

knotserver: git: improve protocol handling

- Disable caching of responses as suggested by documentation.
<https://git-scm.com/docs/http-protocol#_smart_server_response>
- Return plain-text errors so the git client will display them.
- Check Content-Type of upload-pack request.

authored by

tjh and committed by
Tangled 6ec3a3d5 d67e7d07

+12 -3
+12 -3
knotserver/git.go
··· 39 39 serviceName := r.URL.Query().Get("service") 40 40 switch serviceName { 41 41 case "git-upload-pack": 42 - w.Header().Set("content-type", "application/x-git-upload-pack-advertisement") 42 + w.Header().Set("Content-Type", "application/x-git-upload-pack-advertisement") 43 + w.Header().Set("Connection", "Keep-Alive") 44 + w.Header().Set("Cache-Control", "no-cache, max-age=0, must-revalidate") 43 45 w.WriteHeader(http.StatusOK) 44 46 45 47 if err := cmd.InfoRefs(); err != nil { ··· 61 59 name := chi.URLParam(r, "name") 62 60 repo, err := securejoin.SecureJoin(d.c.Repo.ScanPath, filepath.Join(did, name)) 63 61 if err != nil { 64 - writeError(w, err.Error(), 500) 62 + gitError(w, err.Error(), http.StatusInternalServerError) 65 63 d.l.Error("git: failed to secure join repo path", "handler", "UploadPack", "error", err) 66 64 return 65 + } 66 + 67 + const expectedContentType = "application/x-git-upload-pack-request" 68 + contentType := r.Header.Get("Content-Type") 69 + if contentType != expectedContentType { 70 + gitError(w, fmt.Sprintf("Expected Content-Type: '%s', but received '%s'.", expectedContentType, contentType), http.StatusUnsupportedMediaType) 67 71 } 68 72 69 73 var bodyReader io.ReadCloser = r.Body 70 74 if r.Header.Get("Content-Encoding") == "gzip" { 71 75 gzipReader, err := gzip.NewReader(r.Body) 72 76 if err != nil { 73 - writeError(w, err.Error(), 500) 77 + gitError(w, err.Error(), http.StatusInternalServerError) 74 78 d.l.Error("git: failed to create gzip reader", "handler", "UploadPack", "error", err) 75 79 return 76 80 } ··· 86 78 87 79 w.Header().Set("Content-Type", "application/x-git-upload-pack-result") 88 80 w.Header().Set("Connection", "Keep-Alive") 81 + w.Header().Set("Cache-Control", "no-cache, max-age=0, must-revalidate") 89 82 90 83 d.l.Info("git: executing git-upload-pack", "handler", "UploadPack", "repo", repo) 91 84