GitFOSS

// 3rd-party
import type { ReqHandler } from "@ethicdevs/react-monolith";

import { GitServer } from "@ethicdevs/fastify-git-server";
import { AppRoute, AppRouteParams } from "../routes.defs";
import { makeGitServerService } from "../services/gitServer";

const onSSHAuth: ReqHandler<AppRouteParams, AppRoute.SSH_AUTH> = async (
  request,
  reply,
) => {
  const gitService = makeGitServerService({
    request,
    cryptoService: request.cryptoService,
  });

  request.body =
    typeof request.body === "string" ? JSON.parse(request.body) : request.body;

  const { command, repoSlug, username, publicKey } = request.body;

  console.log("SSH auth request received with body:", request.body);

  const result = await gitService.repositoryResolver(
    repoSlug.replace(/\.git$/, ""),
  );

  console.log("result from repositoryResolver:", result);

  let { authMode, gitRepositoryDir } = result;
  gitRepositoryDir = gitRepositoryDir.toString().endsWith(".git")
    ? gitRepositoryDir
    : `${gitRepositoryDir}.git`;

  if (
    authMode === GitServer.AuthMode.NEVER ||
    (authMode === GitServer.AuthMode.PUSH_ONLY &&
      command !== "git-receive-pack") // push
  ) {
    console.log("Successful auth:", {
      authMode,
      command,
      gitRepositoryDir,
    });

    reply.status(200).send({
      success: true,
      authMode,
      command,
      gitRepositoryDir,
    });
    return;
  }

  const isAuthorizationValid = await gitService.authorizationResolver(
    repoSlug.replace(/\.git$/, "") + ".pub", // indicates publicKey auth
    {
      username,
      password: publicKey,
    },
  );

  console.log("is auth valid?", isAuthorizationValid);

  if (isAuthorizationValid) {
    const [orgSlug, repoName] = repoSlug.replace(/\.git$/, "").split("/");
    request.prisma.repository
      .findFirst({
        where: {
          slug: repoName,
          organization: {
            slug: orgSlug,
          },
        },
      })
      .then(async (repo) => {
        if (repo == null) return Promise.resolve(null);
        const updatedRepo = await request.prisma.repository.update({
          where: {
            id: repo.id,
          },
          data: {
            lastPushedAt: new Date(Date.now()),
          },
        });
        return updatedRepo;
      });
  }

  reply.status(isAuthorizationValid ? 200 : 403).send({
    success: isAuthorizationValid,
    authMode,
    command,
    gitRepositoryDir,
  });
};

export const SSHAuthController = {
  onSSHAuth,
};