#!/usr/bin/env ruby
#--
#   Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies)
#
#   This program is free software: you can redistribute it and/or modify
#   it under the terms of the GNU Affero General Public License as published by
#   the Free Software Foundation, either version 3 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU Affero General Public License for more details.
#
#   You should have received a copy of the GNU Affero General Public License
#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
#++

incpath = File.dirname(__FILE__)
$: << incpath

require "pre_receive_guard"
require 'logger'

logger = if ENV["GITORIOUS_BASE_DIR"]
           Logger.new(File.join(ENV["GITORIOUS_BASE_DIR"], "log/pre_receive_guard.log"))
         else
           Logger.new("/tmp/pre_receive_guard.log")
         end

while data = gets
  begin
    pre_receive_guard = Gitorious::SSH::PreReceiveGuard.new(ENV.to_hash, data)
    oldrev, newrev, ref = data.chomp.split(" ")

    if ref == "refs/heads/yousource_metafiles" # FIXME Hardcoded ref name
      # It's the metabranch so check metafiles
      if !pre_receive_guard.valid_metainfo?(newrev, ref)
        pre_receive_guard.gitorious_says "Invalid metainformation files"
        exit!(1)
      end
    end

    if pre_receive_guard.allow_push?
      if pre_receive_guard.deny_merge_request_update_with_sha?(newrev)
        # it's a request to delete a merge request ref
        logger.info("delete-merge-request.ref denied for #{ENV['GITORIOUS_USER'].inspect}" +
          " to #{pre_receive_guard.git_spec.inspect} via " +
          "#{ENV['GITORIOUS_WRITABLE_BY_URL'].inspect}")
          pre_receive_guard.gitorious_says "You can't delete a merge-request ref"
          exit!(1)
      end

      if pre_receive_guard.deny_force_pushes?
        if pre_receive_guard.null_sha?(newrev)
          # it's a request to delete a ref
          logger.info("delete-ref denied for #{ENV['GITORIOUS_USER'].inspect} to " +
            "#{pre_receive_guard.git_spec.inspect} via " +
            "#{ENV['GITORIOUS_WRITABLE_BY_URL'].inspect}")
          pre_receive_guard.gitorious_says "This repository does not allow deleting refs"
          exit!(1)
        end

        merge_base = `git merge-base #{oldrev} #{newrev}`.chomp
        if merge_base != oldrev
          # it's a force-push
          logger.info("force-push denied for #{ENV['GITORIOUS_USER'].inspect} to " +
            "#{pre_receive_guard.git_spec.inspect} via "+
            "#{ENV['GITORIOUS_WRITABLE_BY_URL'].inspect}")
          pre_receive_guard.gitorious_says "This repository does only allow fast-forwards"
          exit!(1)
        end
      end

      # If we get here, everything should be good to go and we
      # wait for the next line to be fed to us, or just let this
      # script finish..
      logger.info("Allowed #{ENV['GITORIOUS_USER'].inspect} to " +
        "#{pre_receive_guard.git_spec.inspect} via " +
        "#{ENV['GITORIOUS_WRITABLE_BY_URL'].inspect}")
    else
      pre_receive_guard.gitorious_says "You do not have write access to this repository"
      logger.info("Denied #{ENV['GITORIOUS_USER'].inspect} to " +
        "#{pre_receive_guard.git_spec.inspect} via " +
        "#{ENV['GITORIOUS_WRITABLE_BY_URL'].inspect}")
      exit!(1)
    end
  rescue Errno::ECONNREFUSED
    logger.fatal "Connection refused"
    pre_receive_guard.gitorious_says "Temporary interuption. Please try again shortly"
    exit!(1)
  end
end