From 810fa8641790fd77ba7e7b65545492fb6f80153b Mon Sep 17 00:00:00 2001 From: HampusM Date: Tue, 22 Jun 2021 14:04:32 +0200 Subject: Git-receive-pack responds 403 & info/refs responds with content type text/plain on unknown services --- packages/server/src/app.ts | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'packages/server') diff --git a/packages/server/src/app.ts b/packages/server/src/app.ts index e8200d7..717f106 100644 --- a/packages/server/src/app.ts +++ b/packages/server/src/app.ts @@ -96,14 +96,18 @@ fastify.route({ } if(!req.query.service) { + reply.header("Content-Type", "text/plain"); reply.code(403).send("Missing service query parameter\n"); return; } - else if(req.query.service !== "git-upload-pack") { + + if(req.query.service !== "git-upload-pack") { + reply.header("Content-Type", "text/plain"); reply.code(403).send("Access denied!\n"); return; } - else if(Object.keys(req.query).length !== 1) { + + if(Object.keys(req.query).length !== 1) { reply.code(403).send("Too many query parameters!\n"); return; } @@ -127,6 +131,15 @@ fastify.route({ } }); +fastify.route({ + method: "POST", + url: "/:repo([a-zA-Z0-9\\.\\-_]+)/git-receive-pack", + handler: (req, reply) => { + reply.header("Content-Type", "application/x-git-receive-pack-result"); + reply.code(403).send("Access denied!"); + } +}); + fastify.route({ method: "GET", url: "/:repo([a-zA-Z0-9\\.\\-_]+)/refs/tags/:tag", -- cgit v1.2.3-18-g5258