bug fixed

.gitignore

@@ -33,3 +33,4 @@ _testmain.go
 *.exe~
 gogs
 __pycache__
+*.pem

routers/repo/git.go

@@ -0,0 +1,55 @@
+package repo
+
+import (
+	"fmt"
+	"strings"
+)
+
+const advertise_refs = "--advertise-refs"
+
+func command(cmd string, opts ...string) string {
+	return fmt.Sprintf("git %s %s", cmd, strings.Join(opts, " "))
+}
+
+/*func upload_pack(repository_path string, opts ...string) string {
+	cmd = "upload-pack"
+	opts = append(opts, "--stateless-rpc", repository_path)
+	return command(cmd, opts...)
+}
+
+func receive_pack(repository_path string, opts ...string) string {
+	cmd = "receive-pack"
+	opts = append(opts, "--stateless-rpc", repository_path)
+	return command(cmd, opts...)
+}*/
+
+/*func update_server_info(repository_path, opts = {}, &block)
+      cmd = "update-server-info"
+      args = []
+      opts.each {|k,v| args << command_options[k] if command_options.has_key?(k) }
+      opts[:args] = args
+      Dir.chdir(repository_path) do # "git update-server-info" does not take a parameter to specify the repository, so set the working directory to the repository
+        self.command(cmd, opts, &block)
+      end
+    end
+
+    def get_config_setting(repository_path, key)
+      path = get_config_location(repository_path)
+      raise "Config file could not be found for repository in #{repository_path}." unless path
+      self.command("config", {:args => ["-f #{path}", key]}).chomp
+    end
+
+    def get_config_location(repository_path)
+      non_bare = File.join(repository_path,'.git') # This is where the config file will be if the repository is non-bare
+      if File.exists?(non_bare) then # The repository is non-bare
+        non_bare_config = File.join(non_bare, 'config')
+        return non_bare_config if File.exists?(non_bare_config)
+      else # We are dealing with a bare repository
+        bare_config = File.join(repository_path, "config")
+        return bare_config if File.exists?(bare_config)
+      end
+      return nil
+    end
+
+  end
+*/

routers/repo/repo.go

@@ -14,8 +14,6 @@ import (
 
 	"github.com/go-martini/martini"
 
-	"github.com/gogits/webdav"
-
 	"github.com/gogits/gogs/models"
 	"github.com/gogits/gogs/modules/auth"
 	"github.com/gogits/gogs/modules/base"
@@ -266,89 +264,6 @@ func authRequired(ctx *middleware.Context) {
 	ctx.HTML(401, fmt.Sprintf("status/401"))
 }
 
-func Http(ctx *middleware.Context, params martini.Params) {
-	username := params["username"]
-	reponame := params["reponame"]
-	if strings.HasSuffix(reponame, ".git") {
-		reponame = reponame[:len(reponame)-4]
-	}
-
-	//fmt.Println("req:", ctx.Req.Header)
-
-	repoUser, err := models.GetUserByName(username)
-	if err != nil {
-		ctx.Handle(500, "repo.GetUserByName", nil)
-		return
-	}
-
-	repo, err := models.GetRepositoryByName(repoUser.Id, reponame)
-	if err != nil {
-		ctx.Handle(500, "repo.GetRepositoryByName", nil)
-		return
-	}
-
-	isPull := webdav.IsPullMethod(ctx.Req.Method)
-	var askAuth = !(!repo.IsPrivate && isPull)
-
-	//authRequired(ctx)
-	//return
-
-	// check access
-	if askAuth {
-		// check digit auth
-
-		// check basic auth
-		baHead := ctx.Req.Header.Get("Authorization")
-		if baHead == "" {
-			authRequired(ctx)
-			return
-		}
-
-		auths := strings.Fields(baHead)
-		if len(auths) != 2 || auths[0] != "Basic" {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
-		}
-		authUsername, passwd, err := basicDecode(auths[1])
-		if err != nil {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
-		}
-
-		authUser, err := models.GetUserByName(authUsername)
-		if err != nil {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
-		}
-
-		newUser := &models.User{Passwd: passwd}
-		newUser.EncodePasswd()
-		if authUser.Passwd != newUser.Passwd {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
-		}
-
-		var tp = models.AU_WRITABLE
-		if isPull {
-			tp = models.AU_READABLE
-		}
-
-		has, err := models.HasAccess(authUsername, username+"/"+reponame, tp)
-		if err != nil || !has {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
-		}
-	}
-
-	dir := models.RepoPath(username, reponame)
-
-	prefix := path.Join("/", username, params["reponame"])
-	server := webdav.NewServer(
-		dir, prefix, true)
-
-	server.ServeHTTP(ctx.ResponseWriter, ctx.Req)
-}
-
 func Setting(ctx *middleware.Context, params martini.Params) {
 	if !ctx.Repo.IsOwner {
 		ctx.Handle(404, "repo.Setting", nil)

web.go

@@ -11,11 +11,10 @@ import (
 
 	"github.com/codegangsta/cli"
 	"github.com/go-martini/martini"
+
 	// "github.com/martini-contrib/oauth2"
 	// "github.com/martini-contrib/sessions"
-
 	"github.com/gogits/binding"
-
 	"github.com/gogits/gogs/modules/auth"
 	"github.com/gogits/gogs/modules/avatar"
 	"github.com/gogits/gogs/modules/base"
@@ -74,6 +73,11 @@ func runWeb(*cli.Context) {
 
 	reqSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: true})
 	ignSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: base.Service.RequireSignInView})
+	ignSignInAndCsrf := middleware.Toggle(&middleware.ToggleOptions{
+		SignInRequire: base.Service.RequireSignInView,
+		DisableCsrf:   true,
+	})
+
 	reqSignOut := middleware.Toggle(&middleware.ToggleOptions{SignOutRequire: true})
 
 	// Routers.
@@ -164,7 +168,7 @@ func runWeb(*cli.Context) {
 	m.Group("/:username", func(r martini.Router) {
 		r.Any("/:reponame/**", repo.Http)
 		r.Get("/:reponame", middleware.RepoAssignment(true, true, true), repo.Single)
-	}, ignSignIn)
+	}, ignSignInAndCsrf)
 
 	// Not found handler.
 	m.NotFound(routers.NotFound)