[RFC] ui-repolist: add "enable-repo-list-auth" option

Andy Doan andy.doan at linaro.org
Fri Sep 16 23:23:29 CEST 2016


I'm trying to find a good way to prevent displaying links to
repositories that a user doesn't have permission to view. I'm not
sure the best approach, but thought I'd share my idea to get feedback:

The auth-filter works at the repository level but still shows
repositories in ui-repolist. This change allows you to run the
auth-filter against each repo in the ui-repolist to prevent the display
of unauthorized repositories.
---
 cgit.c        |  2 ++
 cgit.h        |  1 +
 cgitrc.5.txt  |  5 +++++
 ui-repolist.c | 17 ++++++++++++++++-
 4 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/cgit.c b/cgit.c
index c769e35..4c81c9c 100644
--- a/cgit.c
+++ b/cgit.c
@@ -212,6 +212,8 @@ static void config_cb(const char *name, const char *value)
 		ctx.cfg.owner_filter = cgit_new_filter(value, OWNER);
 	else if (!strcmp(name, "auth-filter"))
 		ctx.cfg.auth_filter = cgit_new_filter(value, AUTH);
+	else if (!strcmp(name, "enable-repo-list-auth"))
+		ctx.cfg.enable_repo_list_auth = atoi(value);
 	else if (!strcmp(name, "embedded"))
 		ctx.cfg.embedded = atoi(value);
 	else if (!strcmp(name, "max-atom-items"))
diff --git a/cgit.h b/cgit.h
index d940ae3..4752541 100644
--- a/cgit.h
+++ b/cgit.h
@@ -242,6 +242,7 @@ struct cgit_config {
 	int enable_html_serving;
 	int enable_tree_linenumbers;
 	int enable_git_config;
+	int enable_repo_list_auth;
 	int local_time;
 	int max_atom_items;
 	int max_repo_count;
diff --git a/cgitrc.5.txt b/cgitrc.5.txt
index 2762657..29fae4c 100644
--- a/cgitrc.5.txt
+++ b/cgitrc.5.txt
@@ -184,6 +184,11 @@ enable-remote-branches::
 	in the summary and refs views. Default value: "0". See also:
 	"repo.enable-remote-branches".

+enable-repo-list-auth::
+	The auth filter only prevents viewing of repos. When set to "1" this
+	prevents unauthorized users from seeing them listed in the repo list.
+	Default value: "0".
+
 enable-subject-links::
 	Flag which, when set to "1", will make cgit use the subject of the
 	parent commit as link text when generating links to parent commits
diff --git a/ui-repolist.c b/ui-repolist.c
index e9676b8..fc4c1ce 100644
--- a/ui-repolist.c
+++ b/ui-repolist.c
@@ -112,7 +112,22 @@ static int is_visible(struct cgit_repo *repo)
 		return 0;
 	if (!(is_match(repo) && is_in_url(repo)))
 		return 0;
-	return 1;
+	if (!ctx.cfg.auth_filter || !ctx.cfg.enable_repo_list_auth)
+		return 1;
+
+	cgit_open_filter(ctx.cfg.auth_filter, "authenticate-cookie",
+		ctx.env.http_cookie ? ctx.env.http_cookie : "",
+		ctx.env.request_method ? ctx.env.request_method : "",
+		ctx.env.query_string ? ctx.env.query_string : "",
+		ctx.env.http_referer ? ctx.env.http_referer : "",
+		ctx.env.path_info ? ctx.env.path_info : "",
+		ctx.env.http_host ? ctx.env.http_host : "",
+		ctx.env.https ? ctx.env.https : "",
+		repo->name,
+		ctx.qry.page ? ctx.qry.page : "",
+		ctx.qry.url ? ctx.qry.url : "",
+		cgit_loginurl());
+	return cgit_close_filter(ctx.cfg.auth_filter);
 }

 static int any_repos_visible(void)
--
2.7.4



More information about the CGit mailing list