annotate update_repositories.luan @ 10:a7187a447835

restrict repo names
author Franklin Schmidt <fschmidt@gmail.com>
date Tue, 12 Jul 2022 19:40:50 -0600
parents 338ab58d91f2
children c560b4e2f056
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
1 local Luan = require "luan:Luan.luan"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
2 local error = Luan.error
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
3 local pairs = Luan.pairs or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
4 local ipairs = Luan.ipairs or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
5 local parse = Luan.parse or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
6 local stringify = Luan.stringify or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
7 local Io = require "luan:Io.luan"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
8 local uri = Io.uri or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
9 local output_of = Io.output_of or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
10 local print_to = Io.print_to or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
11 local String = require "luan:String.luan"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
12 local trim = String.trim or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
13 local Logging = require "luan:logging/Logging.luan"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
14 local logger = Logging.logger "update_repositories"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
15
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
16 uri("file:repos").mkdir()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
17 uri("file:logs").mkdir()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
18 uri("file:config").mkdir()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
19
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
20 local config
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
21 local config_file = uri "file:config/config.luano"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
22 if config_file.exists() then
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
23 config = parse( config_file.read_text() )
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
24 else
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
25 config = { users={}, repos={} }
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
26 config_file.write_text( stringify(config).."\n" )
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
27 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
28 local repos = config.repos
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
29 for name, repo in pairs(repos) do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
30 repo.name = name
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
31 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
32
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
33 local ROOTPWD = uri("file:.").canonical().to_string()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
34 local repohome = uri("file:repos").canonical().to_string()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
35 local logsdir = uri("file:logs").canonical().to_string()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
36 local nginxauthdir = uri("file:config/nginx").canonical().to_string()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
37
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
38 -- init new repositories
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
39 for repo in pairs(repos) do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
40 if not uri("file:repos/"..repo).exists() then
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
41 logger.info("creating repo "..repo)
10
a7187a447835 restrict repo names
Franklin Schmidt <fschmidt@gmail.com>
parents: 9
diff changeset
42 uri("bash:/usr/local/bin/hg init repos/"..repo).read_text()
0
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
43 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
44 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
45 -- delete unused repos
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
46 for _, child in ipairs( uri("file:repos").children() ) do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
47 local name = child.name()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
48 if repos[name] == nil then
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
49 logger.info("deleting repo "..name)
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
50 child.delete()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
51 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
52 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
53
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
54 -- update hg config
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
55 uri("file:config/web.config").write_text( output_of( function() %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
56 [web]
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
57 allow_push = *
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
58 push_ssl = false
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
59 staticurl = /hg/static
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
60 [paths]
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
61 /repo/ = <%=repohome%>/*
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
62 <% end_function ) )
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
63
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
64 -- update nginx config
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
65 uri("file:config/nginx.conf").write_text( output_of( function() %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
66 location /hg/static/ {
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
67 alias <%=ROOTPWD%>/templates/static/;
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
68 }
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
69
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
70 location /admin/ {
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
71 auth_basic_user_file <%=nginxauthdir%>/_all.pass;
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
72 auth_basic "Restricted";
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
73 proxy_pass http://127.0.0.1:8080;
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
74 }
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
75
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
76 location /private/ {
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
77 auth_basic_user_file <%=nginxauthdir%>/_private.pass;
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
78 auth_basic "Restricted";
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
79 proxy_pass http://127.0.0.1:8080;
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
80 }
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
81
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
82 <% for _, repo in pairs(repos) do %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
83 location /repo/<%=repo.name%>/
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
84 {
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
85 set $auth "off";
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
86 auth_basic_user_file <%=nginxauthdir%>/<%=repo.name%>.pass;
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
87 if ($request_method = POST ) {
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
88 set $auth "Restricted";
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
89 }
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
90 access_log <%=logsdir%>/<%=repo.name%>_access_log;
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
91 error_log <%=logsdir%>/<%=repo.name%>_error_log;
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
92 <% if repo.mode=="private" then %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
93 if ($request_method = GET ) {
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
94 set $auth "Restricted";
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
95 }
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
96 <% end %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
97 auth_basic $auth;
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
98 proxy_pass http://127.0.0.1:8090;
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
99 }
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
100 <% end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
101 end_function ) )
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
102
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
103 -- passwords
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
104 local nginx_dir = uri("file:config/nginx")
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
105 nginx_dir.delete()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
106 nginx_dir.mkdir()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
107 local htpasswds = {}
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
108 do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
109 local writer = nginx_dir.child("_all.pass").text_writer()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
110 for user, password in pairs(config.users) do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
111 local htpasswd = uri("bash:htpasswd -nb "..user.." "..password).read_text()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
112 htpasswd = trim(htpasswd)
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
113 print_to( writer, htpasswd )
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
114 htpasswds[user] = htpasswd
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
115 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
116 writer.close()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
117 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
118 for _, repo in pairs(repos) do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
119 local writer = nginx_dir.child(repo.name..".pass").text_writer()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
120 for _, user_name in ipairs(repo.users) do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
121 local htpasswd = htpasswds[user_name] or error(user_name)
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
122 print_to( writer, htpasswd )
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
123 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
124 writer.close()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
125 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
126 local private = config.private
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
127 if private == nil then
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
128 local all = nginx_dir.child("_all.pass")
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
129 local private = nginx_dir.child("_private.pass")
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
130 all.copy_to(private)
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
131 else
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
132 local writer = nginx_dir.child("_private.pass").text_writer()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
133 for _, user_name in ipairs(private) do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
134 local htpasswd = htpasswds[user_name] or error(user_name)
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
135 print_to( writer, htpasswd )
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
136 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
137 writer.close()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
138 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
139
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
140 -- private
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
141 uri("file:src/private").mkdir()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
142 do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
143 local private_logs = uri "file:src/private/logs"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
144 if not private_logs.exists() then
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
145 local logs = uri("file:logs").canonical()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
146 logs.symlink_from(private_logs)
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
147 logger.info "linked to logs"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
148 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
149 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
150 do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
151 local private_config = uri "file:src/private/config"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
152 if not private_config.exists() then
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
153 local config = uri("file:config").canonical()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
154 config.symlink_from(private_config)
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
155 logger.info "linked to config"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
156 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
157 end