educoder/app/controllers/gits_controller.rb

class GitsController < ApplicationController

  # 说明：
  # 以下Git认证只针对新版git，Gitlab的Git认证不走该控制器
  # 思路：
  # 1、用户通过Git客户端推送代码的时候，这个时候Git客户端肯定会强制用户输入邮箱的
  # 2、通过web端版本库界面更新代码（如果用户邮箱不存在，则用系统备用邮箱）
  # 供 git-workhorse反向调用认证
  def auth
    # HTTP_AUTHORIZATION: "Basic 这里base64编码的的密码(user:passwd)"
    logger.info("11111112222223333 HTTP_AUTHORIZATION: #{request.env["HTTP_AUTHORIZATION"]}")
    # logger.info("#########-----request_env: #{request.env}")
    # {"service"=>"git-receive-pack", "controller"=>"gits", "action"=>"auth",
    # "url"=>"forge01/cermyt39.git/info/refs"}
    #
    gituser = edu_setting('git_username')
    gitpassword = edu_setting('git_password')

    result = false
    if request.env["HTTP_AUTHORIZATION"] && request.env["HTTP_AUTHORIZATION"].split(" ").length == 2
      username_password = Base64.decode64(request.env["HTTP_AUTHORIZATION"].split(" ")[1])
      input_username = username_password.split(":")[0].strip()
      input_password = username_password.split(":")[1].strip()
      uid_logger("git start auth: input_username is #{input_username}")


      # Git 超级权限用户
      if input_username.strip == gituser.strip && input_password.strip == gitpassword.strip
        result = true
      else
        # 用户是否对对象拥有权限
        system_user = User.find_by_login(input_username) || User.find_by_mail(input_username) || User.find_by_phone(input_username)

        # 如果用户名密码错误
        if system_user && !system_user.check_password?(input_password)
          uid_logger_error("git start: password is wrong")
          result = false
        else
          git_url = params["url"]
          username = git_url.split("/")[0]
          shixunname = git_url.split("/")[1].split(".")[0]
          repo_name = username + "/" + shixunname
          uid_logger("git start: repo_name is #{repo_name}")
          shixun = Shixun.select([:id, :user_id, :repo_name, :identifier]).where(repo_name: repo_name).first
          uid_logger("git start auth: shixun identifier is #{shixun.try(:identifier)}")
          uid_logger("git start auth: systemuser is #{system_user.try(:login)}")

          if shixun.present?
            if system_user.present? && system_user.manager_of_shixun?(shixun)
              result = true
            else
              uid_logger_error("gituser is not shixun manager")
              result = false
            end
          else
            uid_logger_error("shixun is not exist")
            # result = false
            result = true # 为了测试跳出
          end
        end
      end
    end

    authenticate_or_request_with_http_basic do |username, password|
      result
    end
  end

end