-{- making local repositories (used by webapp mostly)
- -
- - Copyright 2012-2014 Joey Hess <id@joeyh.name>
- -
- - Licensed under the GNU GPL version 3 or higher.
- -}
-module Annex.MakeRepo where
-import Assistant.WebApp.Common
-import Annex.Init
-import qualified Git.Construct
-import qualified Git.Config
-import qualified Git.Command
-import qualified Git.Branch
-import qualified Annex
-import Annex.UUID
-import Annex.Direct
-import Annex.Action
-import Types.StandardGroups
-import Logs.PreferredContent
-import qualified Annex.Branch
-import Utility.Process.Transcript
-{- Makes a new git repository. Or, if a git repository already
- - exists, returns False. -}
-makeRepo :: FilePath -> Bool -> IO Bool
-makeRepo path bare = ifM (probeRepoExists path)
- ( return False
- , do
- (transcript, ok) <-
- processTranscript "git" (toCommand params) Nothing
- unless ok $
- error $ "git init failed!\nOutput:\n" ++ transcript
- return True
- )
- where
- baseparams = [Param "init", Param "--quiet"]
- params
- | bare = baseparams ++ [Param "--bare", File path]
- | otherwise = baseparams ++ [File path]
-{- Runs an action in the git repository in the specified directory. -}
-inDir :: FilePath -> Annex a -> IO a
-inDir dir a = do
- state <- Annex.new =<< Git.Config.read =<< Git.Construct.fromPath dir
- Annex.eval state $ a `finally` stopCoProcesses
-{- Creates a new repository, and returns its UUID. -}
-initRepo :: Bool -> Bool -> FilePath -> Maybe String -> Maybe StandardGroup -> IO UUID
-initRepo True primary_assistant_repo dir desc mgroup = inDir dir $ do
- initRepo' desc mgroup
- {- Initialize the master branch, so things that expect
- - to have it will work, before any files are added. -}
- unlessM (Git.Config.isBare <$> gitRepo) $
- void $ inRepo $ Git.Branch.commitCommand Git.Branch.AutomaticCommit
- [ Param "--quiet"
- , Param "--allow-empty"
- , Param "-m"
- , Param "created repository"
- ]
- {- Repositories directly managed by the assistant use direct mode.
- -
- - Automatic gc is disabled, as it can be slow. Insted, gc is done
- - once a day.
- -}
- when primary_assistant_repo $ do
- setDirect True
- inRepo $ Git.Command.run
- [Param "config", Param "gc.auto", Param "0"]
- getUUID
-{- Repo already exists, could be a non-git-annex repo though so
- - still initialize it. -}
-initRepo False _ dir desc mgroup = inDir dir $ do
- initRepo' desc mgroup
- getUUID
-initRepo' :: Maybe String -> Maybe StandardGroup -> Annex ()
-initRepo' desc mgroup = unlessM isInitialized $ do
- initialize (AutoInit False) desc Nothing
- u <- getUUID
- maybe noop (defaultStandardGroup u) mgroup
- {- Ensure branch gets committed right away so it is
- - available for merging immediately. -}
- Annex.Branch.commit "update"
-{- Checks if a git repo exists at a location. -}
-probeRepoExists :: FilePath -> IO Bool
-probeRepoExists dir = isJust <$>
- catchDefaultIO Nothing (Git.Construct.checkForRepo dir)
diff --git a/Assistant/Threads/PairListener.hs b/Assistant/Threads/PairListener.hs
deleted file mode 100644
index 09eaf1fe8..000000000
--- a/Assistant/Threads/PairListener.hs
+++ /dev/null
@@ -1,154 +0,0 @@
-{- git-annex assistant thread to listen for incoming pairing traffic
- -
- - Copyright 2012 Joey Hess <id@joeyh.name>
- -
- - Licensed under the GNU GPL version 3 or higher.
- -}
-module Assistant.Threads.PairListener where
-import Assistant.Common
-import Assistant.Pairing
-import Assistant.Pairing.Network
-import Assistant.Pairing.MakeRemote
-import Assistant.WebApp (UrlRenderer)
-import Assistant.WebApp.Types
-import Assistant.Alert
-import Assistant.DaemonStatus
-import Utility.ThreadScheduler
-import Git
-import Network.Multicast
-import Network.Socket
-import qualified Data.ByteString as B
-import qualified Data.ByteString.UTF8 as BU8
-import qualified Network.Socket.ByteString as B
-import qualified Data.Text as T
-pairListenerThread :: UrlRenderer -> NamedThread
-pairListenerThread urlrenderer = namedThread "PairListener" $ do
- listener <- asIO1 $ go [] []
- liftIO $ withSocketsDo $
- runEvery (Seconds 60) $ void $ tryIO $
- listener =<< getsock
- where
- {- Note this can crash if there's no network interface,
- - or only one like lo that doesn't support multicast. -}
- getsock = multicastReceiver (multicastAddress IPv4AddrClass) pairingPort
- go reqs cache sock = liftIO (getmsg sock B.empty) >>= \msg -> case readish (BU8.toString msg) of
- Nothing -> go reqs cache sock
- Just m -> do
- debug ["received", show msg]
- (pip, verified) <- verificationCheck m
- =<< (pairingInProgress <$> getDaemonStatus)
- let wrongstage = maybe False (\p -> pairMsgStage m <= inProgressPairStage p) pip
- let fromus = maybe False (\p -> remoteSshPubKey (pairMsgData m) == remoteSshPubKey (inProgressPairData p)) pip
- case (wrongstage, fromus, checkSane (pairMsgData m), pairMsgStage m) of
- (_, True, _, _) -> do
- debug ["ignoring message that looped back"]
- go reqs cache sock
- (_, _, False, _) -> do
- liftAnnex $ warning $
- "illegal control characters in pairing message; ignoring (" ++ show (pairMsgData m) ++ ")"
- go reqs cache sock
- -- PairReq starts a pairing process, so a
- -- new one is always heeded, even if
- -- some other pairing is in process.
- (_, _, _, PairReq) -> if m `elem` reqs
- then go reqs (invalidateCache m cache) sock
- else do
- pairReqReceived verified urlrenderer m
- go (m:take 10 reqs) (invalidateCache m cache) sock
- (True, _, _, _) -> do
- debug
- ["ignoring out of order message"
- , show (pairMsgStage m)
- , "expected"
- , show (succ . inProgressPairStage <$> pip)
- ]
- go reqs cache sock
- (_, _, _, PairAck) -> do
- cache' <- pairAckReceived verified pip m cache
- go reqs cache' sock
- (_,_ , _, PairDone) -> do
- pairDoneReceived verified pip m
- go reqs cache sock
- {- As well as verifying the message using the shared secret,
- - check its UUID against the UUID we have stored. If
- - they're the same, someone is sending bogus messages,
- - which could be an attempt to brute force the shared secret. -}
- verificationCheck _ Nothing = return (Nothing, False)
- verificationCheck m (Just pip)
- | not verified && sameuuid = do
- liftAnnex $ warning
- "detected possible pairing brute force attempt; disabled pairing"
- stopSending pip
- return (Nothing, False)
- | otherwise = return (Just pip, verified && sameuuid)
- where
- verified = verifiedPairMsg m pip
- sameuuid = pairUUID (inProgressPairData pip) == pairUUID (pairMsgData m)
- {- PairReqs invalidate the cache of recently finished pairings.
- - This is so that, if a new pairing is started with the
- - same secret used before, a bogus PairDone is not sent. -}
- invalidateCache msg = filter (not . verifiedPairMsg msg)
- getmsg sock c = do
- (msg, _) <- B.recvFrom sock chunksz
- if B.length msg < chunksz
- then return $ c <> msg
- else getmsg sock $ c <> msg
- where
- chunksz = 1024
-{- Show an alert when a PairReq is seen. -}
-pairReqReceived :: Bool -> UrlRenderer -> PairMsg -> Assistant ()
-pairReqReceived True _ _ = noop -- ignore our own PairReq
-pairReqReceived False urlrenderer msg = do
- button <- mkAlertButton True (T.pack "Respond") urlrenderer (FinishLocalPairR msg)
- void $ addAlert $ pairRequestReceivedAlert repo button
- where
- repo = pairRepo msg
-{- When a verified PairAck is seen, a host is ready to pair with us, and has
- - already configured our ssh key. Stop sending PairReqs, finish the pairing,
- - and send a single PairDone. -}
-pairAckReceived :: Bool -> Maybe PairingInProgress -> PairMsg -> [PairingInProgress] -> Assistant [PairingInProgress]
-pairAckReceived True (Just pip) msg cache = do
- stopSending pip
- repodir <- repoPath <$> liftAnnex gitRepo
- liftIO $ setupAuthorizedKeys msg repodir
- finishedLocalPairing msg (inProgressSshKeyPair pip)
- startSending pip PairDone $ multicastPairMsg
- (Just 1) (inProgressSecret pip) (inProgressPairData pip)
- return $ pip : take 10 cache
-{- A stale PairAck might also be seen, after we've finished pairing.
- - Perhaps our PairDone was not received. To handle this, we keep
- - a cache of recently finished pairings, and re-send PairDone in
- - response to stale PairAcks for them. -}
-pairAckReceived _ _ msg cache = do
- let pips = filter (verifiedPairMsg msg) cache
- unless (null pips) $
- forM_ pips $ \pip ->
- startSending pip PairDone $ multicastPairMsg
- (Just 1) (inProgressSecret pip) (inProgressPairData pip)
- return cache
-{- If we get a verified PairDone, the host has accepted our PairAck, and
- - has paired with us. Stop sending PairAcks, and finish pairing with them.
- -
- - TODO: Should third-party hosts remove their pair request alert when they
- - see a PairDone?
- - Complication: The user could have already clicked on the alert and be
- - entering the secret. Would be better to start a fresh pair request in this
- - situation.
- -}
-pairDoneReceived :: Bool -> Maybe PairingInProgress -> PairMsg -> Assistant ()
-pairDoneReceived False _ _ = noop -- not verified
-pairDoneReceived True Nothing _ = noop -- not in progress
-pairDoneReceived True (Just pip) msg = do
- stopSending pip
- finishedLocalPairing msg (inProgressSshKeyPair pip)
diff --git a/Assistant/Threads/WebApp.hs b/Assistant/Threads/WebApp.hs
deleted file mode 100644
index dfb631bc6..000000000
--- a/Assistant/Threads/WebApp.hs
+++ /dev/null
@@ -1,137 +0,0 @@
-{- git-annex assistant webapp thread
- -
- - Copyright 2012-2014 Joey Hess <id@joeyh.name>
- -
- - Licensed under the GNU GPL version 3 or higher.
- -}
-{-# LANGUAGE TemplateHaskell, MultiParamTypeClasses #-}
-{-# LANGUAGE ViewPatterns, OverloadedStrings #-}
-{-# OPTIONS_GHC -fno-warn-orphans #-}
-module Assistant.Threads.WebApp where
-import Assistant.Common
-import Assistant.WebApp
-import Assistant.WebApp.Types
-import Assistant.WebApp.DashBoard
-import Assistant.WebApp.SideBar
-import Assistant.WebApp.Notifications
-import Assistant.WebApp.RepoList
-import Assistant.WebApp.Configurators
-import Assistant.WebApp.Configurators.Local
-import Assistant.WebApp.Configurators.Ssh
-import Assistant.WebApp.Configurators.Pairing
-import Assistant.WebApp.Configurators.AWS
-import Assistant.WebApp.Configurators.IA
-import Assistant.WebApp.Configurators.WebDAV
-import Assistant.WebApp.Configurators.Preferences
-import Assistant.WebApp.Configurators.Unused
-import Assistant.WebApp.Configurators.Edit
-import Assistant.WebApp.Configurators.Delete
-import Assistant.WebApp.Configurators.Fsck
-import Assistant.WebApp.Configurators.Upgrade
-import Assistant.WebApp.Documentation
-import Assistant.WebApp.Control
-import Assistant.WebApp.OtherRepos
-import Assistant.WebApp.Repair
-import Assistant.WebApp.Pairing
-import Assistant.Types.ThreadedMonad
-import Utility.WebApp
-import Utility.AuthToken
-import Utility.Tmp
-import Utility.FileMode
-import Git
-import qualified Annex
-import Yesod
-import Network.Socket (SockAddr, HostName)
-import Data.Text (pack, unpack)
-import qualified Network.Wai.Handler.WarpTLS as TLS
-import Network.Wai.Middleware.RequestLogger
-mkYesodDispatch "WebApp" $(parseRoutesFile "Assistant/WebApp/routes")
-type Url = String
- :: AssistantData
- -> UrlRenderer
- -> Bool
- -> Maybe String
- -> Maybe (IO Url)
- -> Maybe HostName
- -> Maybe (Url -> FilePath -> IO ())
- -> NamedThread
-webAppThread assistantdata urlrenderer noannex cannotrun postfirstrun listenhost onstartup = thread $ liftIO $ do
- listenhost' <- if isJust listenhost
- then pure listenhost
- else getAnnex $ annexListen <$> Annex.getGitConfig
- tlssettings <- getAnnex getTlsSettings
-#ifdef __ANDROID__
- when (isJust listenhost') $
- -- See Utility.WebApp
- giveup "Sorry, --listen is not currently supported on Android"
- webapp <- WebApp
- <$> pure assistantdata
- <*> genAuthToken 128
- <*> getreldir
- <*> pure staticRoutes
- <*> pure postfirstrun
- <*> pure cannotrun
- <*> pure noannex
- <*> pure listenhost'
- <*> newWormholePairingState
- setUrlRenderer urlrenderer $ yesodRender webapp (pack "")
- app <- toWaiAppPlain webapp
- app' <- ifM debugEnabled
- ( return $ logStdout app
- , return app
- )
- runWebApp tlssettings listenhost' app' $ \addr -> if noannex
- then withTmpFile "webapp.html" $ \tmpfile h -> do
- hClose h
- go tlssettings addr webapp tmpfile Nothing
- else do
- htmlshim <- getAnnex' $ fromRepo gitAnnexHtmlShim
- urlfile <- getAnnex' $ fromRepo gitAnnexUrlFile
- go tlssettings addr webapp htmlshim (Just urlfile)
- where
- -- The webapp thread does not wait for the startupSanityCheckThread
- -- to finish, so that the user interface remains responsive while
- -- that's going on.
- thread = namedThreadUnchecked "WebApp"
- getreldir
- | noannex = return Nothing
- | otherwise = Just <$>
- (relHome =<< absPath
- =<< getAnnex' (fromRepo repoPath))
- go tlssettings addr webapp htmlshim urlfile = do
- let url = myUrl tlssettings webapp addr
- maybe noop (`writeFileProtected` url) urlfile
- writeHtmlShim "Starting webapp..." url htmlshim
- maybe noop (\a -> a url htmlshim) onstartup
- getAnnex a
- | noannex = pure Nothing
- | otherwise = getAnnex' a
- getAnnex' = runThreadState (threadState assistantdata)
-myUrl :: Maybe TLS.TLSSettings -> WebApp -> SockAddr -> Url
-myUrl tlssettings webapp addr = unpack $ yesodRender webapp urlbase DashboardR []
- where
- urlbase = pack $ proto ++ "://" ++ show addr
- proto
- | isJust tlssettings = "https"
- | otherwise = "http"
-getTlsSettings :: Annex (Maybe TLS.TLSSettings)
-getTlsSettings = do
- cert <- fromRepo gitAnnexWebCertificate
- privkey <- fromRepo gitAnnexWebPrivKey
- ifM (liftIO $ allM doesFileExist [cert, privkey])
- ( return $ Just $ TLS.tlsSettings cert privkey
- , return Nothing
- )
diff --git a/BuildFlags.hs b/BuildFlags.hs
index e750506e6..312ec62a9 100644
--- a/BuildFlags.hs
+++ b/BuildFlags.hs
@@ -23,8 +23,6 @@ buildFlags = filter (not . null)
, "Webapp"
-#warning Building without the webapp. You probably need to install Yesod..
, "Pairing"
index 1bb6ebbab..d3007b4ec 100644
@@ -6,11 +6,6 @@ Copyright: © 2010-2018 Joey Hess <id@joeyh.name>
© 2022 Benjamin Barenblat <bbarenblat@gmail.com>
License: GPL-3+
-Files: Assistant/WebApp.hs Assistant/WebApp/* templates/* static/*
-Copyright: © 2012-2017 Joey Hess <id@joeyh.name>
- © 2014 Sören Brunk
-License: AGPL-3+
Files: Remote/Ddar.hs
Copyright: © 2011 Joey Hess <id@joeyh.name>
© 2014 Robie Basak <robie@justgohome.co.uk>
@@ -150,666 +145,3 @@ License: BSD-2-clause
diff --git a/Command/WebApp.hs b/Command/WebApp.hs
deleted file mode 100644
index d9c001b22..000000000
--- a/Command/WebApp.hs
+++ /dev/null
@@ -1,264 +0,0 @@
-{- git-annex webapp launcher
- -
- - Copyright 2012 Joey Hess <id@joeyh.name>
- -
- - Licensed under the GNU GPL version 3 or higher.
- -}
-module Command.WebApp where
-import Command
-import Assistant
-import Assistant.Common
-import Assistant.NamedThread
-import Assistant.Threads.WebApp
-import Assistant.WebApp
-import Assistant.Install
-import Annex.Environment
-import Utility.WebApp
-import Utility.Daemon (checkDaemon)
-#ifdef __ANDROID__
-import Utility.Env
-import Utility.UserInfo
-import Annex.Init
-import qualified Git
-import qualified Git.Config
-import qualified Git.CurrentRepo
-import qualified Annex
-import Config.Files
-import Upgrade
-import Annex.Version
-import Control.Concurrent
-import Control.Concurrent.STM
-cmd :: Command
-cmd = noCommit $ dontCheck repoExists $ notBareRepo $
- noRepo (startNoRepo <$$> optParser) $
- command "webapp" SectionCommon "launch webapp"
- paramNothing (seek <$$> optParser)
-data WebAppOptions = WebAppOptions
- { listenAddress :: Maybe String
- }
-optParser :: CmdParamsDesc -> Parser WebAppOptions
-optParser _ = WebAppOptions
- <$> optional (strOption
- ( long "listen" <> metavar paramAddress
- <> help "accept connections to this address"
- ))
-seek :: WebAppOptions -> CommandSeek
-seek = commandAction . start
-start :: WebAppOptions -> CommandStart
-start = start' True
-start' :: Bool -> WebAppOptions -> CommandStart
-start' allowauto o = do
- liftIO ensureInstalled
- ifM (isInitialized <&&> notHome)
- ( maybe notinitialized (go <=< needsUpgrade) =<< getVersion
- , if allowauto
- then liftIO $ startNoRepo o
- else notinitialized
- )
- stop
- where
- go cannotrun = do
- browser <- fromRepo webBrowser
- f <- liftIO . absPath =<< fromRepo gitAnnexHtmlShim
- listenAddress' <- if isJust (listenAddress o)
- then pure (listenAddress o)
- else annexListen <$> Annex.getGitConfig
- ifM (checkpid <&&> checkshim f)
- ( if isJust (listenAddress o)
- then giveup "The assistant is already running, so --listen cannot be used."
- else do
- url <- liftIO . readFile
- =<< fromRepo gitAnnexUrlFile
- liftIO $ if isJust listenAddress'
- then putStrLn url
- else liftIO $ openBrowser browser f url Nothing Nothing
- , do
- startDaemon True True Nothing cannotrun listenAddress' $ Just $
- \origout origerr url htmlshim ->
- if isJust listenAddress'
- then maybe noop (`hPutStrLn` url) origout
- else openBrowser browser htmlshim url origout origerr
- )
- checkpid = do
- pidfile <- fromRepo gitAnnexPidFile
- liftIO $ isJust <$> checkDaemon pidfile
- checkshim f = liftIO $ doesFileExist f
- notinitialized = do
- g <- Annex.gitRepo
- liftIO $ cannotStartIn (Git.repoLocation g) "repository has not been initialized by git-annex"
- liftIO $ firstRun o
-{- If HOME is a git repo, even if it's initialized for git-annex,
- - the user almost certianly does not want to run the assistant there. -}
-notHome :: Annex Bool
-notHome = do
- g <- Annex.gitRepo
- d <- liftIO $ absPath (Git.repoLocation g)
- h <- liftIO $ absPath =<< myHomeDir
- return (d /= h)
-{- When run without a repo, start the first available listed repository in
- - the autostart file. If none, it's our first time being run! -}
-startNoRepo :: WebAppOptions -> IO ()
-startNoRepo o = go =<< liftIO (filterM doesDirectoryExist =<< readAutoStartFile)
- where
- go [] = firstRun o
- go (d:ds) = do
- v <- tryNonAsync $ do
- setCurrentDirectory d
- Annex.new =<< Git.CurrentRepo.get
- case v of
- Left e -> do
- cannotStartIn d (show e)
- go ds
- Right state -> void $ Annex.eval state $ do
- whenM (fromRepo Git.repoIsLocalBare) $
- giveup $ d ++ " is a bare git repository, cannot run the webapp in it"
- callCommandAction $
- start' False o
-cannotStartIn :: FilePath -> String -> IO ()
-cannotStartIn d reason = warningIO $ "unable to start webapp in repository " ++ d ++ ": " ++ reason
-{- Run the webapp without a repository, which prompts the user, makes one,
- - changes to it, starts the regular assistant, and redirects the
- - browser to its url.
- -
- - This is a very tricky dance -- The first webapp calls the signaler,
- - which signals the main thread when it's ok to continue by writing to a
- - MVar. The main thread starts the second webapp, and uses its callback
- - to write its url back to the MVar, from where the signaler retrieves it,
- - returning it to the first webapp, which does the redirect.
- -
- - Note that it's important that mainthread never terminates! Much
- - of this complication is due to needing to keep the mainthread running.
- -}
-firstRun :: WebAppOptions -> IO ()
-firstRun o = do
- checkEnvironmentIO
- {- Without a repository, we cannot have an Annex monad, so cannot
- - get a ThreadState. This is only safe because the
- - webapp checks its noAnnex field before accessing the
- - threadstate. -}
- let st = error "annex state not available"
- {- Get a DaemonStatus without running in the Annex monad. -}
- dstatus <- atomically . newTVar =<< newDaemonStatus
- d <- newAssistantData st dstatus
- urlrenderer <- newUrlRenderer
- v <- newEmptyMVar
- let callback a = Just $ a v
- runAssistant d $ do
- startNamedThread urlrenderer $
- webAppThread d urlrenderer True Nothing
- (callback signaler)
- (listenAddress o)
- (callback mainthread)
- waitNamedThreads
- where
- signaler v = do
- putMVar v ""
- takeMVar v
- mainthread v url htmlshim
- | isJust (listenAddress o)= do
- putStrLn url
- hFlush stdout
- go
- | otherwise = do
- browser <- maybe Nothing webBrowser
- <$> catchDefaultIO Nothing Git.Config.global
- openBrowser browser htmlshim url Nothing Nothing
- go
- where
- go = do
- _wait <- takeMVar v
- state <- Annex.new =<< Git.CurrentRepo.get
- Annex.eval state $
- startDaemon True True Nothing Nothing (listenAddress o) $ Just $
- sendurlback v
- sendurlback v _origout _origerr url _htmlshim = do
- recordUrl url
- putMVar v url
-recordUrl :: String -> IO ()
-#ifdef __ANDROID__
-{- The Android app has a menu item that opens the url recorded
- - in this file. -}
-recordUrl url = writeFile "/sdcard/git-annex.home/.git-annex-url" url
-recordUrl _ = noop
-openBrowser :: Maybe FilePath -> FilePath -> String -> Maybe Handle -> Maybe Handle -> IO ()
-openBrowser mcmd htmlshim realurl outh errh = do
- htmlshim' <- absPath htmlshim
- openBrowser' mcmd htmlshim' realurl outh errh
-openBrowser' :: Maybe FilePath -> FilePath -> String -> Maybe Handle -> Maybe Handle -> IO ()
-#ifndef __ANDROID__
-openBrowser' mcmd htmlshim _realurl outh errh = runbrowser
-openBrowser' mcmd htmlshim realurl outh errh = do
- recordUrl url
- {- Android's `am` command does not work reliably across the
- - wide range of Android devices. Intead, FIFO should be set to
- - the filename of a fifo that we can write the URL to. -}
- v <- getEnv "FIFO"
- case v of
- Nothing -> runbrowser
- Just f -> void $ forkIO $ do
- fd <- openFd f WriteOnly Nothing defaultFileFlags
- void $ fdWrite fd url
- closeFd fd
- where
- p = case mcmd of
- Just c -> proc c [htmlshim]
- Nothing ->
-#ifndef mingw32_HOST_OS
- browserProc url
- {- Windows hack to avoid using the full path,
- - which might contain spaces that cause problems
- - for browserProc. -}
- (browserProc (takeFileName htmlshim))
- { cwd = Just (takeDirectory htmlshim) }
-#ifdef __ANDROID__
- {- Android does not support file:// urls, but neither is
- - the security of the url in the process table important
- - there, so just use the real url. -}
- url = realurl
- url = fileUrl htmlshim
- runbrowser = do
- hPutStrLn (fromMaybe stdout outh) $ "Launching web browser on " ++ url
- hFlush stdout
- environ <- cleanEnvironment
- (_, _, _, pid) <- createProcess p
- { env = environ
- , std_out = maybe Inherit UseHandle outh
- , std_err = maybe Inherit UseHandle errh
- }
- exitcode <- waitForProcess pid
- unless (exitcode == ExitSuccess) $
- hPutStrLn (fromMaybe stderr errh) "failed to start web browser"
-{- web.browser is a generic git config setting for a web browser program -}
-webBrowser :: Git.Repo -> Maybe FilePath
-webBrowser = Git.Config.getMaybe "web.browser"
-fileUrl :: FilePath -> String
-fileUrl file = "file://" ++ file
diff --git a/Utility/WebApp.hs b/Utility/WebApp.hs
deleted file mode 100644
index 6fc154329..000000000
--- a/Utility/WebApp.hs
+++ /dev/null
@@ -1,221 +0,0 @@
-{- Yesod webapp
- -
- - Copyright 2012-2014 Joey Hess <id@joeyh.name>
- -
- - License: BSD-2-clause
- -}
-{-# LANGUAGE OverloadedStrings, CPP, RankNTypes #-}
-module Utility.WebApp where
-import Common
-import Utility.Tmp
-import Utility.FileMode
-import Utility.AuthToken
-import qualified Yesod
-import qualified Network.Wai as Wai
-import Network.Wai.Handler.Warp
-import Network.Wai.Handler.WarpTLS
-import Network.HTTP.Types
-import qualified Data.CaseInsensitive as CI
-import Network.Socket
-import "crypto-api" Crypto.Random
-import qualified Web.ClientSession as CS
-import qualified Data.ByteString as B
-import qualified Data.Text as T
-import qualified Data.Text.Encoding as TE
-import Blaze.ByteString.Builder.Char.Utf8 (fromText)
-import Blaze.ByteString.Builder (Builder)
-import Control.Arrow ((***))
-import Control.Concurrent
-#ifdef __ANDROID__
-import Data.Endian
-localhost :: HostName
-localhost = "localhost"
-{- Builds a command to use to start or open a web browser showing an url. -}
-browserProc :: String -> CreateProcess
-#ifdef darwin_HOST_OS
-browserProc url = proc "open" [url]
-#ifdef __ANDROID__
--- Warning: The `am` command does not work very reliably on Android.
-browserProc url = proc "am"
- ["start", "-a", "android.intent.action.VIEW", "-d", url]
-#ifdef mingw32_HOST_OS
--- Warning: On Windows, no quoting or escaping of the url seems possible,
--- so spaces in it will cause problems. One approach is to make the url
--- be a relative filename, and adjust the returned CreateProcess to change
--- to the directory it's in.
-browserProc url = proc "cmd" ["/c start " ++ url]
-browserProc url = proc "xdg-open" [url]
-{- Binds to a socket on localhost, or possibly a different specified
- - hostname or address, and runs a webapp on it.
- -
- - An IO action can also be run, to do something with the address,
- - such as start a web browser to view the webapp.
- -}
-runWebApp :: Maybe TLSSettings -> Maybe HostName -> Wai.Application -> (SockAddr -> IO ()) -> IO ()
-runWebApp tlssettings h app observer = withSocketsDo $ do
- sock <- getSocket h
- void $ forkIO $ go webAppSettings sock app
- sockaddr <- fixSockAddr <$> getSocketName sock
- observer sockaddr
- where
- go = (maybe runSettingsSocket (\ts -> runTLSSocket ts) tlssettings)
-fixSockAddr :: SockAddr -> SockAddr
-#ifdef __ANDROID__
-{- On Android, the port is currently incorrectly returned in network
- - byte order, which is wrong on little endian systems. -}
-fixSockAddr (SockAddrInet (PortNum port) addr) = SockAddrInet (PortNum $ swapEndian port) addr
-fixSockAddr addr = addr
--- disable buggy sloworis attack prevention code
-webAppSettings :: Settings
-webAppSettings = setTimeout halfhour defaultSettings
- where
- halfhour = 30 * 60
-{- Binds to a local socket, or if specified, to a socket on the specified
- - hostname or address. Selects any free port, unless the hostname ends with
- - ":port"
- -
- - Prefers to bind to the ipv4 address rather than the ipv6 address
- - of localhost, if it's available.
- -}
-getSocket :: Maybe HostName -> IO Socket
-getSocket h = do
-#if defined(__ANDROID__) || defined (mingw32_HOST_OS)
- -- getAddrInfo currently segfaults on Android.
- -- The HostName is ignored by this code.
- when (isJust h) $
- error "getSocket with HostName not supported on this OS"
- addr <- inet_addr ""
- sock <- socket AF_INET Stream defaultProtocol
- preparesocket sock
- bind sock (SockAddrInet aNY_PORT addr)
- use sock
- where
- addrs <- getAddrInfo (Just hints) (Just hostname) Nothing
- case (partition (\a -> addrFamily a == AF_INET) addrs) of
- (v4addr:_, _) -> go v4addr
- (_, v6addr:_) -> go v6addr
- _ -> error "unable to bind to a local socket"
- where
- hostname = fromMaybe localhost h
- hints = defaultHints { addrSocketType = Stream }
- {- Repeated attempts because bind sometimes fails for an
- - unknown reason on OSX. -}
- go addr = go' 100 addr
- go' :: Int -> AddrInfo -> IO Socket
- go' 0 _ = error "unable to bind to local socket"
- go' n addr = do
- r <- tryIO $ bracketOnError (open addr) close (useaddr addr)
- either (const $ go' (pred n) addr) return r
- open addr = socket (addrFamily addr) (addrSocketType addr) (addrProtocol addr)
- useaddr addr sock = do
- preparesocket sock
- bind sock (addrAddress addr)
- use sock
- preparesocket sock = setSocketOption sock ReuseAddr 1
- use sock = do
- listen sock maxListenQueue
- return sock
-lookupRequestField :: CI.CI B.ByteString -> Wai.Request -> B.ByteString
-lookupRequestField k req = fromMaybe "" . lookup k $ Wai.requestHeaders req
-{- Rather than storing a session key on disk, use a random key
- - that will only be valid for this run of the webapp. -}
-webAppSessionBackend :: Yesod.Yesod y => y -> IO (Maybe Yesod.SessionBackend)
-webAppSessionBackend _ = do
- g <- newGenIO :: IO SystemRandom
- case genBytes 96 g of
- Left e -> error $ "failed to generate random key: " ++ show e
- Right (s, _) -> case CS.initKey s of
- Left e -> error $ "failed to initialize key: " ++ show e
- Right key -> use key
- where
- timeout = 120 * 60 -- 120 minutes
- use key =
- Just . Yesod.clientSessionBackend key . fst
- <$> Yesod.clientSessionDateCacher timeout
-{- A Yesod isAuthorized method, which checks the auth cgi parameter
- - against a token extracted from the Yesod application.
- -
- - Note that the usual Yesod error page is bypassed on error, to avoid
- - possibly leaking the auth token in urls on that page!
- -
- - If the predicate does not match the route, the auth parameter is not
- - needed.
- -}
-checkAuthToken :: Yesod.MonadHandler m => Yesod.RenderRoute site => (Yesod.HandlerSite m -> AuthToken) -> Yesod.Route site -> ([T.Text] -> Bool) -> m Yesod.AuthResult
-checkAuthToken extractAuthToken r predicate
- | not (predicate (fst (Yesod.renderRoute r))) = return Yesod.Authorized
- | otherwise = do
- webapp <- Yesod.getYesod
- req <- Yesod.getRequest
- let params = Yesod.reqGetParams req
- if (toAuthToken =<< lookup "auth" params) == Just (extractAuthToken webapp)
- then return Yesod.Authorized
- else Yesod.sendResponseStatus unauthorized401 ()
-{- A Yesod joinPath method, which adds an auth cgi parameter to every
- - url matching a predicate, containing a token extracted from the
- - Yesod application.
- -
- - A typical predicate would exclude files under /static.
- -}
-insertAuthToken :: forall y. (y -> AuthToken)
- -> ([T.Text] -> Bool)
- -> y
- -> T.Text
- -> [T.Text]
- -> [(T.Text, T.Text)]
- -> Builder
-insertAuthToken extractAuthToken predicate webapp root pathbits params =
- fromText root `mappend` encodePath pathbits' encodedparams
- where
- pathbits' = if null pathbits then [T.empty] else pathbits
- encodedparams = map (TE.encodeUtf8 *** go) params'
- go "" = Nothing
- go x = Just $ TE.encodeUtf8 x
- authparam = (T.pack "auth", fromAuthToken (extractAuthToken webapp))
- params'
- | predicate pathbits = authparam:params
- | otherwise = params
-{- Creates a html shim file that's used to redirect into the webapp,
- - to avoid exposing the secret token when launching the web browser. -}
-writeHtmlShim :: String -> String -> FilePath -> IO ()
-writeHtmlShim title url file = viaTmp writeFileProtected file $ genHtmlShim title url
-{- TODO: generate this static file using Yesod. -}
-genHtmlShim :: String -> String -> String
-genHtmlShim title url = unlines
- [ "<html>"
- , "<head>"
- , "<title>"++ title ++ "</title>"
- , "<meta http-equiv=\"refresh\" content=\"1; URL="++url++"\">"
- , "<body>"
- , "<p>"
- , "<a href=\"" ++ url ++ "\">" ++ title ++ "</a>"
- , "</p>"
- , "</body>"
- , "</html>"
- ]
diff --git a/Utility/Yesod.hs b/Utility/Yesod.hs
deleted file mode 100644
index 0223f9fc4..000000000
--- a/Utility/Yesod.hs
+++ /dev/null
@@ -1,56 +0,0 @@
-{- Yesod stuff, that's typically found in the scaffolded site.
- -
- - Also a bit of a compatability layer to make it easier to support yesod
- - 1.1-1.4 in the same code base.
- -
- - Copyright 2012-2014 Joey Hess <id@joeyh.name>
- -
- - Licensed under the GNU GPL version 3 or higher.
- -}
-{-# LANGUAGE CPP, RankNTypes, FlexibleContexts #-}
-module Utility.Yesod
- ( module Y
- , liftH
-#ifndef __NO_TH__
- , widgetFile
- , hamletTemplate
-#if ! MIN_VERSION_yesod_core(1,2,20)
- , withUrlRenderer
- ) where
-import Yesod as Y
-import Yesod.Form.Bootstrap3 as Y hiding (bfs)
-#ifndef __NO_TH__
-import Yesod.Default.Util
-import Language.Haskell.TH.Syntax (Q, Exp)
-import Data.Default (def)
-import Text.Hamlet hiding (Html)
-#if ! MIN_VERSION_yesod(1,4,0)
-import Data.Text (Text)
-#ifndef __NO_TH__
-widgetFile :: String -> Q Exp
-widgetFile = widgetFileNoReload $ def
- { wfsHamletSettings = defaultHamletSettings
- { hamletNewlines = AlwaysNewlines
- }
- }
-hamletTemplate :: FilePath -> FilePath
-hamletTemplate f = globFile "hamlet" f
-{- Lift Handler to Widget -}
-liftH :: Monad m => HandlerT site m a -> WidgetT site m a
-liftH = handlerToWidget
-#if ! MIN_VERSION_yesod_core(1,2,20)
-withUrlRenderer :: MonadHandler m => ((Route (HandlerSite m) -> [(Text, Text)] -> Text) -> output) -> m output
-withUrlRenderer = giveUrlRenderer
diff --git a/git-annex.cabal b/git-annex.cabal
index 5b87cb04b..d94b1469f 100644
--- a/git-annex.cabal
+++ b/git-annex.cabal
@@ -143,113 +143,6 @@ Extra-Source-Files:
Flag S3
Description: Enable S3 support
@@ -457,60 +350,6 @@ Executable git-annex
if flag(Pairing)
Build-Depends: network-multicast, network-info