|  | @@ -5,6 +5,8 @@
 | 
	
		
			
				|  |  |  package repo
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  import (
 | 
	
		
			
				|  |  | +	"encoding/base64"
 | 
	
		
			
				|  |  | +	"errors"
 | 
	
		
			
				|  |  |  	"fmt"
 | 
	
		
			
				|  |  |  	"path"
 | 
	
		
			
				|  |  |  	"path/filepath"
 | 
	
	
		
			
				|  | @@ -237,15 +239,105 @@ func SingleDownload(ctx *middleware.Context, params martini.Params) {
 | 
	
		
			
				|  |  |  	ctx.Res.Write(data)
 | 
	
		
			
				|  |  |  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -func Http(ctx *middleware.Context, params martini.Params) {
 | 
	
		
			
				|  |  | -	// TODO: access check
 | 
	
		
			
				|  |  | +func basicEncode(username, password string) string {
 | 
	
		
			
				|  |  | +	auth := username + ":" + password
 | 
	
		
			
				|  |  | +	return base64.StdEncoding.EncodeToString([]byte(auth))
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +func basicDecode(encoded string) (user string, name string, err error) {
 | 
	
		
			
				|  |  | +	var s []byte
 | 
	
		
			
				|  |  | +	s, err = base64.StdEncoding.DecodeString(encoded)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	a := strings.Split(string(s), ":")
 | 
	
		
			
				|  |  | +	if len(a) == 2 {
 | 
	
		
			
				|  |  | +		user, name = a[0], a[1]
 | 
	
		
			
				|  |  | +	} else {
 | 
	
		
			
				|  |  | +		err = errors.New("decode failed")
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	return
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +func authRequired(ctx *middleware.Context) {
 | 
	
		
			
				|  |  | +	ctx.ResponseWriter.Header().Set("WWW-Authenticate", `Basic realm="Gogs Auth"`)
 | 
	
		
			
				|  |  | +	ctx.Data["ErrorMsg"] = "no basic auth and digit auth"
 | 
	
		
			
				|  |  | +	ctx.HTML(401, fmt.Sprintf("status/401"))
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | +func Http(ctx *middleware.Context, params martini.Params) {
 | 
	
		
			
				|  |  |  	username := params["username"]
 | 
	
		
			
				|  |  |  	reponame := params["reponame"]
 | 
	
		
			
				|  |  |  	if strings.HasSuffix(reponame, ".git") {
 | 
	
		
			
				|  |  |  		reponame = reponame[:len(reponame)-4]
 | 
	
		
			
				|  |  |  	}
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | +	repoUser, err := models.GetUserByName(username)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		ctx.Handle(500, "repo.GetUserByName", nil)
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	repo, err := models.GetRepositoryByName(repoUser.Id, reponame)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		ctx.Handle(500, "repo.GetRepositoryByName", nil)
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	isPull := webdav.IsPullMethod(ctx.Req.Method)
 | 
	
		
			
				|  |  | +	var askAuth = !(!repo.IsPrivate && isPull)
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//authRequired(ctx)
 | 
	
		
			
				|  |  | +	//return
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	// check access
 | 
	
		
			
				|  |  | +	if askAuth {
 | 
	
		
			
				|  |  | +		// check digit auth
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		// check basic auth
 | 
	
		
			
				|  |  | +		baHead := ctx.Req.Header.Get("Authorization")
 | 
	
		
			
				|  |  | +		if baHead != "" {
 | 
	
		
			
				|  |  | +			auths := strings.Fields(baHead)
 | 
	
		
			
				|  |  | +			if len(auths) != 2 || auths[0] != "Basic" {
 | 
	
		
			
				|  |  | +				ctx.Handle(401, "no basic auth and digit auth", nil)
 | 
	
		
			
				|  |  | +				return
 | 
	
		
			
				|  |  | +			}
 | 
	
		
			
				|  |  | +			authUsername, passwd, err := basicDecode(auths[1])
 | 
	
		
			
				|  |  | +			if err != nil {
 | 
	
		
			
				|  |  | +				ctx.Handle(401, "no basic auth and digit auth", nil)
 | 
	
		
			
				|  |  | +				return
 | 
	
		
			
				|  |  | +			}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +			authUser, err := models.GetUserByName(authUsername)
 | 
	
		
			
				|  |  | +			if err != nil {
 | 
	
		
			
				|  |  | +				ctx.Handle(401, "no basic auth and digit auth", nil)
 | 
	
		
			
				|  |  | +				return
 | 
	
		
			
				|  |  | +			}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +			newUser := &models.User{Passwd: passwd}
 | 
	
		
			
				|  |  | +			newUser.EncodePasswd()
 | 
	
		
			
				|  |  | +			if authUser.Passwd != newUser.Passwd {
 | 
	
		
			
				|  |  | +				ctx.Handle(401, "no basic auth and digit auth", nil)
 | 
	
		
			
				|  |  | +				return
 | 
	
		
			
				|  |  | +			}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +			var tp = models.AU_WRITABLE
 | 
	
		
			
				|  |  | +			if isPull {
 | 
	
		
			
				|  |  | +				tp = models.AU_READABLE
 | 
	
		
			
				|  |  | +			}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +			has, err := models.HasAccess(authUsername, username+"/"+reponame, tp)
 | 
	
		
			
				|  |  | +			if err != nil || !has {
 | 
	
		
			
				|  |  | +				ctx.Handle(401, "no basic auth and digit auth", nil)
 | 
	
		
			
				|  |  | +				return
 | 
	
		
			
				|  |  | +			}
 | 
	
		
			
				|  |  | +		} else {
 | 
	
		
			
				|  |  | +			authRequired(ctx)
 | 
	
		
			
				|  |  | +			return
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |  	prefix := path.Join("/", username, params["reponame"])
 | 
	
		
			
				|  |  |  	server := webdav.NewServer(
 | 
	
		
			
				|  |  |  		models.RepoPath(username, reponame),
 |