Git-receive-pack responds 403 & info/refs responds with content type text/plain on unknown services

author: HampusM <hampus@hampusmat.com> 2021-06-22 14:04:32 +0200
committer: HampusM <hampus@hampusmat.com> 2021-06-22 14:04:32 +0200
commit: 810fa8641790fd77ba7e7b65545492fb6f80153b (patch)
tree: df0fca09cb5a8b32c3e26e9cc1046a90847b2528 /packages/server/src/app.ts
parent: 43faf0bfd5544f9338e1442ab5b1fcb3210867ac (diff)
1 files changed, 15 insertions, 2 deletions
diff --git a/packages/server/src/app.ts b/packages/server/src/app.ts
index e8200d7..717f106 100644
--- a/packages/server/src/app.ts
+++ b/packages/server/src/app.ts
@@ -96,14 +96,18 @@ fastify.route<Route>({
 		}
 
 		if(!req.query.service) {
+			reply.header("Content-Type", "text/plain");
 			reply.code(403).send("Missing service query parameter\n");
 			return;
 		}
-		else if(req.query.service !== "git-upload-pack") {
+
+		if(req.query.service !== "git-upload-pack") {
+			reply.header("Content-Type", "text/plain");
 			reply.code(403).send("Access denied!\n");
 			return;
 		}
-		else if(Object.keys(req.query).length !== 1) {
+
+		if(Object.keys(req.query).length !== 1) {
 			reply.code(403).send("Too many query parameters!\n");
 			return;
 		}
@@ -127,6 +131,15 @@ fastify.route<Route>({
 	}
 });
 
+fastify.route({
+	method: "POST",
+	url: "/:repo([a-zA-Z0-9\\.\\-_]+)/git-receive-pack",
+	handler: (req, reply) => {
+		reply.header("Content-Type", "application/x-git-receive-pack-result");
+		reply.code(403).send("Access denied!");
+	}
+});
+
 fastify.route<Route>({
 	method: "GET",
 	url: "/:repo([a-zA-Z0-9\\.\\-_]+)/refs/tags/:tag",
author	HampusM <hampus@hampusmat.com>	2021-06-22 14:04:32 +0200
committer	HampusM <hampus@hampusmat.com>	2021-06-22 14:04:32 +0200
commit	810fa8641790fd77ba7e7b65545492fb6f80153b (patch)
tree	df0fca09cb5a8b32c3e26e9cc1046a90847b2528 /packages/server/src/app.ts
parent	43faf0bfd5544f9338e1442ab5b1fcb3210867ac (diff)