diff options
author | HampusM <hampus@hampusmat.com> | 2021-06-22 14:04:32 +0200 |
---|---|---|
committer | HampusM <hampus@hampusmat.com> | 2021-06-22 14:04:32 +0200 |
commit | 810fa8641790fd77ba7e7b65545492fb6f80153b (patch) | |
tree | df0fca09cb5a8b32c3e26e9cc1046a90847b2528 /packages/server | |
parent | 43faf0bfd5544f9338e1442ab5b1fcb3210867ac (diff) |
Git-receive-pack responds 403 & info/refs responds with content type text/plain on unknown services
Diffstat (limited to 'packages/server')
-rw-r--r-- | packages/server/src/app.ts | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/packages/server/src/app.ts b/packages/server/src/app.ts index e8200d7..717f106 100644 --- a/packages/server/src/app.ts +++ b/packages/server/src/app.ts @@ -96,14 +96,18 @@ fastify.route<Route>({ } if(!req.query.service) { + reply.header("Content-Type", "text/plain"); reply.code(403).send("Missing service query parameter\n"); return; } - else if(req.query.service !== "git-upload-pack") { + + if(req.query.service !== "git-upload-pack") { + reply.header("Content-Type", "text/plain"); reply.code(403).send("Access denied!\n"); return; } - else if(Object.keys(req.query).length !== 1) { + + if(Object.keys(req.query).length !== 1) { reply.code(403).send("Too many query parameters!\n"); return; } @@ -127,6 +131,15 @@ fastify.route<Route>({ } }); +fastify.route({ + method: "POST", + url: "/:repo([a-zA-Z0-9\\.\\-_]+)/git-receive-pack", + handler: (req, reply) => { + reply.header("Content-Type", "application/x-git-receive-pack-result"); + reply.code(403).send("Access denied!"); + } +}); + fastify.route<Route>({ method: "GET", url: "/:repo([a-zA-Z0-9\\.\\-_]+)/refs/tags/:tag", |