aboutsummaryrefslogtreecommitdiff
path: root/packages/server
diff options
context:
space:
mode:
authorHampusM <hampus@hampusmat.com>2021-06-22 14:04:32 +0200
committerHampusM <hampus@hampusmat.com>2021-06-22 14:04:32 +0200
commit810fa8641790fd77ba7e7b65545492fb6f80153b (patch)
treedf0fca09cb5a8b32c3e26e9cc1046a90847b2528 /packages/server
parent43faf0bfd5544f9338e1442ab5b1fcb3210867ac (diff)
Git-receive-pack responds 403 & info/refs responds with content type text/plain on unknown services
Diffstat (limited to 'packages/server')
-rw-r--r--packages/server/src/app.ts17
1 files changed, 15 insertions, 2 deletions
diff --git a/packages/server/src/app.ts b/packages/server/src/app.ts
index e8200d7..717f106 100644
--- a/packages/server/src/app.ts
+++ b/packages/server/src/app.ts
@@ -96,14 +96,18 @@ fastify.route<Route>({
}
if(!req.query.service) {
+ reply.header("Content-Type", "text/plain");
reply.code(403).send("Missing service query parameter\n");
return;
}
- else if(req.query.service !== "git-upload-pack") {
+
+ if(req.query.service !== "git-upload-pack") {
+ reply.header("Content-Type", "text/plain");
reply.code(403).send("Access denied!\n");
return;
}
- else if(Object.keys(req.query).length !== 1) {
+
+ if(Object.keys(req.query).length !== 1) {
reply.code(403).send("Too many query parameters!\n");
return;
}
@@ -127,6 +131,15 @@ fastify.route<Route>({
}
});
+fastify.route({
+ method: "POST",
+ url: "/:repo([a-zA-Z0-9\\.\\-_]+)/git-receive-pack",
+ handler: (req, reply) => {
+ reply.header("Content-Type", "application/x-git-receive-pack-result");
+ reply.code(403).send("Access denied!");
+ }
+});
+
fastify.route<Route>({
method: "GET",
url: "/:repo([a-zA-Z0-9\\.\\-_]+)/refs/tags/:tag",