Alexander Gavrilov wrote:
> How about the following patch, that simply adds a hook, and provides
> an example using mod_perl in the documentation?
Very nice, simple yet powerfull solution.
> --- >8 ---
> Subject: [PATCH] gitweb: Add a per-repository authorization hook.
>
> Add a configuration variable that can be used to specify an
> arbitrary subroutine that will be called in the same situations
> where $export_ok is checked, and its return value used
> to decide whether the repository is to be shown.
>
> This allows the user to implement custom authentication
> schemes, for example by issuing a subrequest through mod_perl
> and checking if Apache will authorize it.
>
> Signed-off-by: Alexander Gavrilov <angavrilov@xxxxxxxxx>
If somebody could check out example given for this feature, I'd add
Acked-by: Jakub Narebski <jnareb@xxxxxxxxx>
> ---
> gitweb/INSTALL | 21 +++++++++++++++++++++
> gitweb/gitweb.perl | 8 +++++++-
> 2 files changed, 28 insertions(+), 1 deletions(-)
>
> diff --git a/gitweb/INSTALL b/gitweb/INSTALL
> index 26967e2..fa5917a 100644
> --- a/gitweb/INSTALL
> +++ b/gitweb/INSTALL
> @@ -166,6 +166,27 @@ Gitweb repositories
> shows repositories only if this file exists in its object database
> (if directory has the magic file named $export_ok).
>
> +- Finally, it is possible to specify an arbitrary perl subroutine that
> + will be called for each project to determine if it can be exported.
> + The subroutine receives an absolute path to the project as its only
> + parameter.
> +
> + For example, if you use mod_perl to run the script, and have dumb
> + http protocol authentication configured for your repositories, you
> + can use the following hook to allow access only if the user is
> + authorized to read the files:
> +
> + $export_auth_hook = sub {
> + use Apache2::SubRequest ();
> + use Apache2::Const -compile => qw(HTTP_OK);
> + my $path = "$_[0]/HEAD";
> + my $r = Apache2::RequestUtil->request;
> + my $sub = $r->lookup_file($path);
> + return $sub->filename eq $path
> + && $sub->status == Apache2::Const::HTTP_OK;
> + };
Can anybody check this? Or was it checked by author?
> +
> +
> Generating projects list using gitweb
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
> index 172ea6b..9329880 100755
> --- a/gitweb/gitweb.perl
> +++ b/gitweb/gitweb.perl
> @@ -95,6 +95,11 @@ our $default_projects_order = "project";
> # (only effective if this variable evaluates to true)
> our $export_ok = "++GITWEB_EXPORT_OK++";
>
> +# show repository only if this subroutine returns true
> +# when given the path to the project, for example:
> +# sub { return -e "$_[0]/git-daemon-export-ok"; }
> +our $export_auth_hook = undef;
> +
Simple, yet powerfull. Nice short example.
> # only allow viewing of repositories also shown on the overview page
> our $strict_export = "++GITWEB_STRICT_EXPORT++";
>
> @@ -400,7 +405,8 @@ sub check_head_link {
> sub check_export_ok {
> my ($dir) = @_;
> return (check_head_link($dir) &&
> - (!$export_ok || -e "$dir/$export_ok"));
> + (!$export_ok || -e "$dir/$export_ok") &&
> + (!$export_auth_hook || $export_auth_hook->($dir)));
Nice.
> }
>
> # process alternate names for backward compatibility
> --
> tg: (0d4f9de..) t/authenticate/hook (depends on: t/authenticate/unify-exportok)
>
P.S. Why doesn't TopGit add git and TopGit version to signature?
--
Jakub Narebski
Poland
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
