diff --git a/app.rb b/app.rb index f9a3416..be51f10 100644 --- a/app.rb +++ b/app.rb @@ -293,9 +293,17 @@ get "/bldcfginfo" do if @filename.nil? print_error_page(503, "Не задано имя конфигурационного файла") else - @page_name = @filename - @content = File.readlines(@filename) - erb :cfgsinfo + unless check_safe_path(@filename) + print_error_page(503, "Доступ к файлу #{@filename} запрещен") + else + unless File.exist?(@filename) + print_error_page(503, "Файл #{@filename} не существует") + else + @page_name = @filename + @content = File.readlines(@filename) + erb :cfgsinfo + end + end end end @@ -401,7 +409,7 @@ post "/prjagit/:id" do if prj_info.nil? print_error_page(503, "Путь к проектам не существует") else - proj_repo_list = prj.get_project_gits(prj_info[:id]) + proj_repo_list = prj.get_project_gits(prj_info[:id], repo) git_info = repo.get_repo_short_info_by_id(params["gitlist"].to_i) if git_info.nil? print_error_page(503, "Репозиторий исчез") @@ -446,7 +454,7 @@ get "/prjrgit/:id/:git_id" do if prj_info.nil? print_error_page(503, "Путь к проектам не существует") else - proj_repo_list = prj.get_project_gits(prj_info[:id]) + proj_repo_list = prj.get_project_gits(prj_info[:id], repo) git_info = repo.get_repo_short_info_by_id(params["git_id"].to_i) if git_info.nil? print_error_page(503, "Репозиторий исчез") @@ -466,6 +474,84 @@ get "/prjrgit/:id/:git_id" do redirect back end +get "/prjgitf/:id/:git_id" do + prj = ProjectsActions.new(cfg.get_projects_path, db) + if prj.path.nil? + print_error_page(503, "Путь к проектам не существует") + else + repo = GitRepo.new(cfg.get_repo, db) + if repo.path.nil? + print_error_page(503, "Путь к репозиториям не существует") + else + prj_info = prj.get_project(params["id"]) + if prj_info.nil? + print_error_page(503, "Путь к проектам не существует") + else + proj_repo_list = prj.get_project_gits(prj_info[:id], repo) + git_info = repo.get_repo_short_info_by_id(params["git_id"].to_i) + if git_info.nil? + print_error_page(503, "Репозиторий исчез") + else + if params["p"].nil? + filepath = "" + else + filepath = params["p"] + end + proj_path = prj.get_project_path_git(prj_info[:id], git_info[:reponame]) + f_path = File.join(proj_path, filepath) + if File.exist?(f_path) + if File.directory?(f_path) + @file_content = [] + @files_list = Dir[File.join(f_path, "*")].map do |item| + if File.directory?(item) + { :file => item.delete_prefix(proj_path + "/"), :isdir => true } + else + { :file => item.delete_prefix(proj_path + "/"), :isdir => false } + end + end + else + @file_content = File.readlines(f_path) + @files_list = Dir[File.join(File.dirname(f_path), "*")].map do |item| + if File.directory?(item) + { :file => item.delete_prefix(proj_path + "/"), :isdir => true } + else + { :file => item.delete_prefix(proj_path + "/"), :isdir => false } + end + end + end + if filepath != "" + if File.dirname(f_path) == proj_path + fn = "" + else + if File.directory?(f_path) + fn = File.dirname(f_path).delete_prefix(proj_path + "/") + else + f_path = File.dirname(f_path) + if File.dirname(f_path) == proj_path + fn = "" + else + fn = File.dirname(f_path).delete_prefix(proj_path + "/") + end + end + end + @files_list = [{ :file => "..", :isdir => true, :fname => fn }] + @files_list + end + @proj_info = prj_info + @proj_git_name = git_info + @file_name = filepath + erb :fileinfo + else + print_error_page(503, "Файл не существует") + end + end + end + end + end +end + +get "/gitbld/:id/:git_id" do +end + not_found do status 404 @page_name = "Кто-то потерялся" diff --git a/classes/gitinfo.rb b/classes/gitinfo.rb index 8c3c0d6..7c939df 100644 --- a/classes/gitinfo.rb +++ b/classes/gitinfo.rb @@ -188,9 +188,7 @@ class GitRepo f.flock(File::LOCK_SH) git_path = File.join(@path, repo_name + ".git") bare_repo = Rugged::Repository.new(git_path) - pp bare_repo.head - pp repo.head - res = (bare_repo.head.oid == repo.head.oid) + res = (bare_repo.head.target.tree.oid == repo.head.target.tree.oid) end res end diff --git a/classes/projects.rb b/classes/projects.rb index 08d6443..1318fb0 100644 --- a/classes/projects.rb +++ b/classes/projects.rb @@ -59,6 +59,11 @@ class ProjectsActions fname end + def get_project_path_git(id, gitname) + proj_path = get_project_path(id) + File.join(proj_path, PROJECTS_STRUCTURE[:SRC], gitname) + end + def create_project(name, description, configuration) @error = nil ret_val = 0 diff --git a/classes/utilities.rb b/classes/utilities.rb index 3cdc14b..53ef905 100644 --- a/classes/utilities.rb +++ b/classes/utilities.rb @@ -24,3 +24,9 @@ def check_partname_in_array(filename, search_array) end fnd end + +def check_safe_path(filename) + current_dir = Dir.pwd + home_dir = Dir.home + filename.start_with?("/etc/mock") || filename.start_with?(current_dir) || filename.start_with?(home_dir) +end diff --git a/views/fileinfo.erb b/views/fileinfo.erb new file mode 100644 index 0000000..7b8e751 --- /dev/null +++ b/views/fileinfo.erb @@ -0,0 +1,34 @@ +<%= erb :header %> +
+
+
+

+ <%= @proj_info[:projname] %> +

+
<%= @proj_git_name[:reponame] %>
+
+ <% @files_list.each do |item| %> + <% if item[:isdir] %> + <% if item[:file] == ".." %> + <%= item[:file] %> + <% else %> + <%= item[:file] %> + <% end %> + <% else %> + <%= item[:file] %> + <% end %> + <% end %> +
+
+
+
<%= @file_name %>
+ <% @file_content.each_with_index do |data, index| %> +
+
<%= index+1 %>
+
<%= data %>
+
+ <% end %> +
+
+
+<%= erb :footer %> \ No newline at end of file