Removed the verifyGitRequest function

2 files changed, 8 insertions, 21 deletions

diff --git a/packages/server/src/api/util.ts b/packages/server/src/api/util.ts
index 0314db7..d467fed 100644
--- a/packages/server/src/api/util.ts
+++ b/packages/server/src/api/util.ts
@@ -1,7 +1,7 @@
 import { Commit } from "../git/commit";
 import { Repository } from "../git/repository";
 
-type VerificationResultType = "SUCCESS" | "NOT_FOUND" | "INVALID" | "ACCESS_DENIED";
+type VerificationResultType = "SUCCESS" | "NOT_FOUND" | "INVALID";
 
 export class VerificationResult {
 	constructor(result: VerificationResultType, subject?: string) {
@@ -10,8 +10,7 @@ export class VerificationResult {
 		if(result !== "SUCCESS") {
 			const verification_error_types = {
 				NOT_FOUND: { code: 404, message: `${String(subject?.substr(0, 1).toUpperCase()) + subject?.substr(1)} not found!` },
-				INVALID: { code: 403, message: `Invalid ${subject}` },
-				ACCESS_DENIED: { code: 403, message: "Access denied!" }
+				INVALID: { code: 403, message: `Invalid ${subject}` }
 			};
 
 			this.message = verification_error_types[result].message;
@@ -40,16 +39,4 @@ export async function verifySHA(repository: Repository, sha: string): Promise<Ve
 	}
 
 	return new VerificationResult("SUCCESS");
-}
-
-export function verifyGitRequest(path_name: string, service: string): VerificationResult {
-	if((/\.\/|\.\./u).test(path_name)) {
-		return new VerificationResult("INVALID", "path");
-	}
-
-	if(service !== "git-upload-pack") {
-		return new VerificationResult("ACCESS_DENIED");
-	}
-
-	return new VerificationResult("SUCCESS");
 }
\ No newline at end of file
diff --git a/packages/server/src/git/http.ts b/packages/server/src/git/http.ts
index 76a91d9..36bae04 100644
--- a/packages/server/src/git/http.ts
+++ b/packages/server/src/git/http.ts
@@ -3,7 +3,6 @@ import { Repository } from "./repository";
 import { Route } from "../types/fastify";
 import { join } from "path";
 import { spawn } from "child_process";
-import { verifyGitRequest } from "../api/util";
 
 export interface Request extends FastifyRequest {
 	params: Route["Params"],
@@ -28,16 +27,17 @@ export function connect(repository: Repository, req: Request, reply: FastifyRepl
 
 	const content_type = `application/x-${service}-${is_discovery ? "advertisement" : "result"}`;
 
-	const valid_request = verifyGitRequest(parsed_url.pathname, service);
-	if(valid_request.success === false && valid_request.code) {
+	// Deny any malicious requests
+	if(/\.\/|\.\./u.test(parsed_url.pathname) || service !== "git-upload-pack") {
 		reply.header("Content-Type", content_type);
-		reply.code(valid_request.code).send(valid_request.message);
+		reply.code(403).send("Access denied!");
 		return;
 	}
 
 	reply.raw.writeHead(200, { "Content-Type": content_type });
 
 	const spawn_args = [ "--stateless-rpc", join(repository.base_dir, repository.name.full) ];
+
 	if(is_discovery) {
 		spawn_args.push("--advertise-refs");
 	}
@@ -58,6 +58,8 @@ export function connect(repository: Repository, req: Request, reply: FastifyRepl
 		});
 	}
 
+	git_service.stdout.pipe(reply.raw);
+
 	// Spawn error
 	git_service.on("error", err => {
 		console.log(err);
@@ -69,6 +71,4 @@ export function connect(repository: Repository, req: Request, reply: FastifyRepl
 		console.log(stderr.toString());
 		reply.raw.end();
 	});
-
-	git_service.stdout.pipe(reply.raw);
 }
\ No newline at end of file