[dav] authorisation

including dedicated middle ware handler

cmd/web.go

@@ -420,8 +420,8 @@ func runWeb(c *cli.Context) error {
 		m.Combo("/fork/:repoid").Get(repo.Fork).
 			Post(bindIgnErr(form.CreateRepo{}), repo.ForkPost)
 	}, reqSignIn)
-	m.Any("/:username/:reponame/_dav/*", dav.Dav, context.RepoAssignment(), context.RepoRef())
-	m.Any("/:username/:reponame/_dav", dav.Dav, context.RepoAssignment(), context.RepoRef())
+	m.Any("/:username/:reponame/_dav/*", dav.DavMiddle(), dav.Dav)
+	m.Any("/:username/:reponame/_dav", dav.DavMiddle(), dav.Dav)
 
 	m.Group("/:username/:reponame", func() {
 		m.Group("/settings", func() {

pkg/dav/dav.go

@@ -27,7 +27,7 @@ const ANNEXPEEKSIZE  = 1024
 
 func Dav(c *gctx.Context, handler *webdav.Handler) {
 	if checkPerms(c) != nil {
-		c.WriteHeader(http.StatusUnauthorized)
+		Webdav401(c)
 		return
 	}
 	handler.ServeHTTP(c.Resp, c.Req.Request)
@@ -259,6 +259,9 @@ func (i GinFinfo) Sys() interface{} {
 }
 
 func checkPerms(c *gctx.Context) error {
+	if ! c.Repo.HasAccess() {
+		return fmt.Errorf("no access")
+	}
 	return nil
 }
 
@@ -307,3 +310,10 @@ func getROwnerID(path string) (int64, error) {
 	}
 	return -100, fmt.Errorf("Could not determine repo owner")
 }
+
+func Webdav401(c *gctx.Context) {
+	//todo realm
+	c.Header().Add("WWW-Authenticate", "Basic realm=\"localhost\"")
+	c.WriteHeader(http.StatusUnauthorized)
+	return
+}

pkg/dav/middle.go

@@ -0,0 +1,98 @@
+package dav
+
+import (
+	"gopkg.in/macaron.v1"
+	"strings"
+	"net/http"
+	"github.com/G-Node/gogs/models"
+	"github.com/G-Node/gogs/pkg/context"
+	"github.com/G-Node/git-module"
+)
+
+// [0]: issues, [1]: wiki
+func DavMiddle() macaron.Handler {
+	return func(c *context.Context) {
+		var (
+			owner *models.User
+			err   error
+		)
+
+		ownerName := c.Params(":username")
+		repoName := strings.TrimSuffix(c.Params(":reponame"), ".git")
+
+		// Check if the user is the same as the repository owner
+		if c.IsLogged && c.User.LowerName == strings.ToLower(ownerName) {
+			owner = c.User
+		} else {
+			owner, err = models.GetUserByName(ownerName)
+			if err != nil {
+				Webdav401(c)
+				return
+			}
+		}
+		c.Repo.Owner = owner
+
+		repo, err := models.GetRepositoryByName(owner.ID, repoName)
+		if err != nil {
+			Webdav401(c)
+			return
+		}
+
+		c.Repo.Repository = repo
+		c.Repo.RepoLink = repo.Link()
+
+		// Admin has super access.
+		if c.IsLogged && c.User.IsAdmin {
+			c.Repo.AccessMode = models.ACCESS_MODE_OWNER
+		} else {
+			mode, err := models.AccessLevel(c.UserID(), repo)
+			if err != nil {
+				c.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+			c.Repo.AccessMode = mode
+		}
+
+		if repo.IsMirror {
+			c.Repo.Mirror, err = models.GetMirrorByRepoID(repo.ID)
+			if err != nil {
+				c.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+		}
+
+		gitRepo, err := git.OpenRepository(models.RepoPath(ownerName, repoName))
+		if err != nil {
+			c.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+		c.Repo.GitRepo = gitRepo
+
+		tags, err := c.Repo.GitRepo.GetTags()
+		if err != nil {
+			c.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+		c.Repo.Repository.NumTags = len(tags)
+
+		// repo is bare and display enable
+		if c.Repo.Repository.IsBare {
+			return
+		}
+
+		brs, err := c.Repo.GitRepo.GetBranches()
+		if err != nil {
+			c.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+		// If not branch selected, try default one.
+		// If default branch doesn't exists, fall back to some other branch.
+		if len(c.Repo.BranchName) == 0 {
+			if len(c.Repo.Repository.DefaultBranch) > 0 && gitRepo.IsBranchExist(c.Repo.Repository.DefaultBranch) {
+				c.Repo.BranchName = c.Repo.Repository.DefaultBranch
+			} else if len(brs) > 0 {
+				c.Repo.BranchName = brs[0]
+			}
+		}
+	}
+}