X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=lib%2FPublicInbox%2FGitHTTPBackend.pm;h=81ff23fc006d409cb8c5fd2f0d1efa0425fcf0cb;hb=55b707d788ce13696e4411389583e720ea6dab01;hp=cba025e7edcb0604bebcc03f2ad6d831c05e3c9e;hpb=da55b58b7205de38c466aca2d452ef67677f1753;p=public-inbox.git diff --git a/lib/PublicInbox/GitHTTPBackend.pm b/lib/PublicInbox/GitHTTPBackend.pm index cba025e7..81ff23fc 100644 --- a/lib/PublicInbox/GitHTTPBackend.pm +++ b/lib/PublicInbox/GitHTTPBackend.pm @@ -1,17 +1,24 @@ -# Copyright (C) 2016 all contributors +# Copyright (C) 2016-2019 all contributors # License: AGPL-3.0+ # when no endpoints match, fallback to this and serve a static file -# or smart HTTP +# or smart HTTP. This is our wrapper for git-http-backend(1) package PublicInbox::GitHTTPBackend; use strict; use warnings; use Fcntl qw(:seek); -use POSIX qw(dup2); +use IO::Handle; # ->flush +use HTTP::Date qw(time2str); +use PublicInbox::Qspawn; +use PublicInbox::Tmpfile; +use PublicInbox::WwwStatic qw(r @NO_CACHE); + +# 32 is same as the git-daemon connection limit +my $default_limiter = PublicInbox::Qspawn::Limiter->new(32); # n.b. serving "description" and "cloneurl" should be innocuous enough to # not cause problems. serving "config" might... -my @text = qw[HEAD info/refs +my @text = qw[HEAD info/refs info/attributes objects/info/(?:http-alternates|alternates|packs) cloneurl description]; @@ -20,192 +27,146 @@ my @binary = qw! objects/pack/pack-[a-f0-9]{40}\.(?:pack|idx) !; -our $ANY = join('|', @binary, @text); +our $ANY = join('|', @binary, @text, 'git-upload-pack'); my $BIN = join('|', @binary); my $TEXT = join('|', @text); -sub r { - [ $_[0] , [qw(Content-Type text/plain Content-Length 0) ], [] ] -} - sub serve { - my ($cgi, $git, $path) = @_; - my $service = $cgi->param('service') || ''; - if ($service =~ /\Agit-\w+-pack\z/ || $path =~ /\Agit-\w+-pack\z/) { - my $ok = serve_smart($cgi, $git, $path); + my ($env, $git, $path) = @_; + + # Documentation/technical/http-protocol.txt in git.git + # requires one and exactly one query parameter: + if ($env->{QUERY_STRING} =~ /\Aservice=git-[A-Za-z0-9_]+-pack\z/ || + $path =~ /\Agit-[A-Za-z0-9_]+-pack\z/) { + my $ok = serve_smart($env, $git, $path); return $ok if $ok; } + serve_dumb($env, $git, $path); +} + +sub err ($@) { + my ($env, @msg) = @_; + $env->{'psgi.errors'}->print(@msg, "\n"); +} + +my $prev = 0; +my $exp; +sub cache_one_year { + my ($h) = @_; + my $t = time + 31536000; + push @$h, 'Expires', $t == $prev ? $exp : ($exp = time2str($prev = $t)), + 'Cache-Control', 'public, max-age=31536000'; +} + +sub serve_dumb { + my ($env, $git, $path) = @_; + + my $h = []; my $type; - if ($path =~ /\A(?:$BIN)\z/o) { - $type = 'application/octet-stream'; + if ($path =~ m!\Aobjects/[a-f0-9]{2}/[a-f0-9]{38}\z!) { + $type = 'application/x-git-loose-object'; + cache_one_year($h); + } elsif ($path =~ m!\Aobjects/pack/pack-[a-f0-9]{40}\.pack\z!) { + $type = 'application/x-git-packed-objects'; + cache_one_year($h); + } elsif ($path =~ m!\Aobjects/pack/pack-[a-f0-9]{40}\.idx\z!) { + $type = 'application/x-git-packed-objects-toc'; + cache_one_year($h); } elsif ($path =~ /\A(?:$TEXT)\z/o) { $type = 'text/plain'; + push @$h, @NO_CACHE; } else { return r(404); } - my $f = "$git->{git_dir}/$path"; - return r(404) unless -f $f && -r _; - my @st = stat(_); - my $size = $st[7]; - - # TODO: If-Modified-Since and Last-Modified - open my $in, '<', $f or return r(404); - my $code = 200; - my $len = $size; - my @h; - - my $env = $cgi->{env}; - my $range = $env->{HTTP_RANGE}; - if (defined $range && $range =~ /\bbytes=(\d*)-(\d*)\z/) { - ($code, $len) = prepare_range($cgi, $in, \@h, $1, $2, $size); - if ($code == 416) { - push @h, 'Content-Range', "bytes */$size"; - return [ 416, \@h, [] ]; - } - } - - push @h, 'Content-Type', $type, 'Content-Length', $len; - sub { - my ($res) = @_; # Plack callback - my $fh = $res->([ $code, \@h ]); - my $buf; - my $n = 8192; - while ($len > 0) { - $n = $len if $len < $n; - my $r = read($in, $buf, $n); - last if (!defined($r) || $r <= 0); - $len -= $r; - $fh->write($buf); - } - $fh->close; - } + $path = "$git->{git_dir}/$path"; + PublicInbox::WwwStatic::response($env, $h, $path, $type); } -sub prepare_range { - my ($cgi, $in, $h, $beg, $end, $size) = @_; - my $code = 200; - my $len = $size; - if ($beg eq '') { - if ($end ne '') { # "bytes=-$end" => last N bytes - $beg = $size - $end; - $beg = 0 if $beg < 0; - $end = $size - 1; - $code = 206; - } else { - $code = 416; - } - } else { - if ($beg > $size) { - $code = 416; - } elsif ($end eq '' || $end >= $size) { - $end = $size - 1; - $code = 206; - } elsif ($end < $size) { - $code = 206; - } else { - $code = 416; - } - } - if ($code == 206) { - $len = $end - $beg + 1; - if ($len <= 0) { - $code = 416; - } else { - seek($in, $beg, SEEK_SET) or return [ 500, [], [] ]; - push @$h, qw(Accept-Ranges bytes Content-Range); - push @$h, "bytes $beg-$end/$size"; - - # FIXME: Plack::Middleware::Deflater bug? - $cgi->{env}->{'psgix.no-compress'} = 1; - } - } - ($code, $len); +sub git_parse_hdr { # {parse_hdr} for Qspawn + my ($r, $bref, $dumb_args) = @_; + my $res = parse_cgi_headers($r, $bref) or return; # incomplete + $res->[0] == 403 ? serve_dumb(@$dumb_args) : $res; } # returns undef if 403 so it falls back to dumb HTTP sub serve_smart { - my ($cgi, $git, $path) = @_; - my $env = $cgi->{env}; + my ($env, $git, $path) = @_; + my %env = %ENV; + # GIT_COMMITTER_NAME, GIT_COMMITTER_EMAIL + # may be set in the server-process and are passed as-is + foreach my $name (qw(QUERY_STRING + REMOTE_USER REMOTE_ADDR + HTTP_CONTENT_ENCODING + CONTENT_TYPE + SERVER_PROTOCOL + REQUEST_METHOD)) { + my $val = $env->{$name}; + $env{$name} = $val if defined $val; + } + my $limiter = $git->{-httpbackend_limiter} || $default_limiter; + $env{GIT_HTTP_EXPORT_ALL} = '1'; + $env{PATH_TRANSLATED} = "$git->{git_dir}/$path"; + my $rdr = input_prepare($env) or return r(500); + my $qsp = PublicInbox::Qspawn->new([qw(git http-backend)], \%env, $rdr); + $qsp->psgi_return($env, $limiter, \&git_parse_hdr, [$env, $git, $path]); +} + +sub input_prepare { + my ($env) = @_; my $input = $env->{'psgi.input'}; + my $fd = eval { fileno($input) }; + if (defined $fd && $fd >= 0) { + return { 0 => $fd }; + } + my $id = "git-http.input.$env->{REMOTE_ADDR}:$env->{REMOTE_PORT}"; + my $in = tmpfile($id); + unless (defined $in) { + err($env, "could not open temporary file: $!"); + return; + } my $buf; - my $in; - my $err = $env->{'psgi.errors'}; - if (fileno($input) >= 0) { - $in = $input; - } else { # FIXME untested - $in = IO::File->new_tmpfile; - while (1) { - my $r = $input->read($buf, 8192); - unless (defined $r) { - $err->print('error reading input: ', $!, "\n"); - return r(500); - } - last if ($r == 0); - $in->write($buf); + while (1) { + my $r = $input->read($buf, 8192); + unless (defined $r) { + err($env, "error reading input: $!"); + return; + } + last if $r == 0; + unless (print $in $buf) { + err($env, "error writing temporary file: $!"); + return; } - $in->flush; - $in->sysseek(0, SEEK_SET); - } - my ($rpipe, $wpipe); - unless (pipe($rpipe, $wpipe)) { - $err->print('error creating pipe', $!, "\n"); - return r(500); } - my $pid = fork; # TODO: vfork under Linux... - unless (defined $pid) { - $err->print('error forking: ', $!, "\n"); - return r(500); + # ensure it's visible to git-http-backend(1): + unless ($in->flush) { + err($env, "error writing temporary file: $!"); + return; } - if ($pid == 0) { - # GIT_HTTP_EXPORT_ALL, GIT_COMMITTER_NAME, GIT_COMMITTER_EMAIL - # may be set in the server-process and are passed as-is - foreach my $name (qw(QUERY_STRING - REMOTE_USER REMOTE_ADDR - HTTP_CONTENT_ENCODING - CONTENT_TYPE - SERVER_PROTOCOL - REQUEST_METHOD)) { - my $val = $env->{$name}; - $ENV{$name} = $val if defined $val; - } - # $ENV{GIT_PROJECT_ROOT} = $git->{git_dir}; - $ENV{GIT_HTTP_EXPORT_ALL} = '1'; - $ENV{PATH_TRANSLATED} = "$git->{git_dir}/$path"; - dup2(fileno($in), 0) or die "redirect stdin failed: $!\n"; - dup2(fileno($wpipe), 1) or die "redirect stdout failed: $!\n"; - my @cmd = qw(git http-backend); - exec(@cmd) or die 'exec `' . join(' ', @cmd). "' failed: $!\n"; + unless (defined(sysseek($in, 0, SEEK_SET))) { + err($env, "error seeking temporary file: $!"); + return; } - $wpipe = undef; - $in = undef; - my @h; + { 0 => $in }; +} + +sub parse_cgi_headers { + my ($r, $bref) = @_; + return r(500) unless defined $r && $r >= 0; + $$bref =~ s/\A(.*?)\r?\n\r?\n//s or return $r == 0 ? r(500) : undef; + my $h = $1; my $code = 200; - { - local $/ = "\r\n"; - while (defined(my $line = <$rpipe>)) { - if ($line =~ /\AStatus:\s*(\d+)/) { - $code = $1; - } else { - chomp $line; - last if $line eq ''; - push @h, split(/:\s*/, $line, 2); - } - } - } - return if $code == 403; - sub { - my ($cb) = @_; - my $fh = $cb->([ $code, \@h ]); - while (1) { - my $r = sysread($rpipe, $buf, 8192); - die "$!\n" unless defined $r; - last if ($r == 0); - $fh->write($buf); + my @h; + foreach my $l (split(/\r?\n/, $h)) { + my ($k, $v) = split(/:\s*/, $l, 2); + if ($k =~ /\AStatus\z/i) { + ($code) = ($v =~ /\b([0-9]+)\b/); + } else { + push @h, $k, $v; } - $fh->close; } + [ $code, \@h ] } 1;