Feature #2583: Disable HTTP cloning (#3667)

* Can disable GIT interactions by HTTP protocol

* rename variable + fix wiki link

* missing space

conf/app.ini

@@ -24,6 +24,8 @@ PULL_REQUEST_QUEUE_LENGTH = 1000
 ; Preferred Licenses to place at the top of the List
 ; Name must match file name in conf/license or custom/conf/license
 PREFERRED_LICENSES = Apache License 2.0,MIT License
+; Disable ability to interact with repositories by HTTP protocol
+DISABLE_HTTP_GIT = false
 
 [repository.editor]
 ; List of file extensions that should have line wraps in the CodeMirror editor

modules/context/repo.go

@@ -256,6 +256,7 @@ func RepoAssignment(args ...bool) macaron.Handler {
 		ctx.Data["IsRepositoryWriter"] = ctx.Repo.IsWriter()
 
 		ctx.Data["DisableSSH"] = setting.SSH.Disabled
+		ctx.Data["DisableHTTP"] = setting.Repository.DisableHTTPGit
 		ctx.Data["CloneLink"] = repo.CloneLink()
 		ctx.Data["WikiCloneLink"] = repo.WikiCloneLink()
 

modules/setting/setting.go

@@ -118,6 +118,7 @@ var (
 		MirrorQueueLength      int
 		PullRequestQueueLength int
 		PreferredLicenses      []string
+		DisableHTTPGit         bool
 
 		// Repository editor settings
 		Editor struct {
@@ -494,6 +495,7 @@ func NewContext() {
 
 	// Determine and create root git repository path.
 	sec = Cfg.Section("repository")
+	Repository.DisableHTTPGit = sec.Key("DISABLE_HTTP_GIT").MustBool()
 	RepoRootPath = sec.Key("ROOT").MustString(path.Join(homeDir, "gogs-repositories"))
 	forcePathSeparator(RepoRootPath)
 	if !filepath.IsAbs(RepoRootPath) {

routers/repo/http.go

@@ -479,6 +479,11 @@ func HTTPBackend(ctx *context.Context, cfg *serviceConfig) http.HandlerFunc {
 		for _, route := range routes {
 			r.URL.Path = strings.ToLower(r.URL.Path) // blue: In case some repo name has upper case name
 			if m := route.reg.FindStringSubmatch(r.URL.Path); m != nil {
+				if setting.Repository.DisableHTTPGit {
+					w.WriteHeader(http.StatusForbidden)
+					w.Write([]byte("Interacting with repositories by HTTP protocol is not allowed"))
+					return
+				}
 				if route.method != r.Method {
 					if r.Proto == "HTTP/1.1" {
 						w.WriteHeader(http.StatusMethodNotAllowed)

templates/repo/bare.tmpl

@@ -16,15 +16,21 @@
 						<div class="item">
 							<h3>{{.i18n.Tr "repo.clone_this_repo"}} <small>{{.i18n.Tr "repo.clone_helper" "http://git-scm.com/book/en/Git-Basics-Getting-a-Git-Repository" | Str2html}}</small></h3>
 							<div class="ui action small input">
-								<button class="ui basic clone button" id="repo-clone-https" data-link="{{.CloneLink.HTTPS}}">
-									{{if UseHTTPS}}HTTPS{{else}}HTTP{{end}}
-								</button>
+								{{if not $.DisableHTTP}}
+									<button class="ui basic clone button" id="repo-clone-https" data-link="{{.CloneLink.HTTPS}}">
+										{{if UseHTTPS}}HTTPS{{else}}HTTP{{end}}
+									</button>
+								{{end}}
 								{{if not $.DisableSSH}}
 									<button class="ui basic clone button" id="repo-clone-ssh" data-link="{{.CloneLink.SSH}}">
 										SSH
 									</button>
 								{{end}}
-								<input id="repo-clone-url" value="{{$.CloneLink.HTTPS}}" readonly>
+								{{if not $.DisableHTTP}}
+									<input id="repo-clone-url" value="{{$.CloneLink.HTTPS}}" readonly>
+								{{else}}
+									<input id="repo-clone-url" value="{{$.CloneLink.SSH}}" readonly>
+								{{end}}
 								<button class="ui basic button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url">
 									<i class="octicon octicon-clippy"></i>
 								</button>

templates/repo/home.tmpl

@@ -51,15 +51,21 @@
 				<!-- Only show colne panel in repository home page -->
 				{{if eq $n 0}}
 					<div class="ui action small input" id="clone-panel">
-						<button class="ui basic clone button" id="repo-clone-https" data-link="{{.CloneLink.HTTPS}}">
-							{{if UseHTTPS}}HTTPS{{else}}HTTP{{end}}
-						</button>
+						{{if not $.DisableHTTP}}
+							<button class="ui basic clone button" id="repo-clone-https" data-link="{{.CloneLink.HTTPS}}">
+								{{if UseHTTPS}}HTTPS{{else}}HTTP{{end}}
+							</button>
+						{{end}}
 						{{if not $.DisableSSH}}
 							<button class="ui basic clone button" id="repo-clone-ssh" data-link="{{.CloneLink.SSH}}">
 								SSH
 							</button>
 						{{end}}
-						<input id="repo-clone-url" value="{{$.CloneLink.HTTPS}}" readonly>
+						{{if not $.DisableHTTP}}
+							<input id="repo-clone-url" value="{{$.CloneLink.HTTPS}}" readonly>
+						{{else}}
+							<input id="repo-clone-url" value="{{$.CloneLink.SSH}}" readonly>
+						{{end}}
 						<button class="ui basic icon button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url">
 							<i class="octicon octicon-clippy"></i>
 						</button>

templates/repo/wiki/view.tmpl

@@ -29,15 +29,21 @@
 			</div>
 			<div class="ui six wide column">
 				<div class="ui action small input" id="clone-panel">
-					<button class="ui basic clone button" id="repo-clone-https" data-link="{{.WikiCloneLink.HTTPS}}">
-						{{if UseHTTPS}}HTTPS{{else}}HTTP{{end}}
-					</button>
+					{{if not $.DisableHTTP}}
+						<button class="ui basic clone button" id="repo-clone-https" data-link="{{.WikiCloneLink.HTTPS}}">
+							{{if UseHTTPS}}HTTPS{{else}}HTTP{{end}}
+						</button>
+					{{end}}
 					{{if not $.DisableSSH}}
 						<button class="ui basic clone button" id="repo-clone-ssh" data-link="{{.WikiCloneLink.SSH}}">
 							SSH
 						</button>
 					{{end}}
-					<input id="repo-clone-url" value="{{$.WikiCloneLink.HTTPS}}" readonly>
+					{{if not $.DisableHTTP}}
+						<input id="repo-clone-url" value="{{$.WikiCloneLink.HTTPS}}" readonly>
+					{{else}}
+						<input id="repo-clone-url" value="{{$.WikiCloneLink.SSH}}" readonly>
+					{{end}}
 					<button class="ui basic icon button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url">
 						<i class="octicon octicon-clippy"></i>
 					</button>