Re: [RFC PATCH] gitweb: Support filtering projects by .htaccess files.

[Francis Galiegue <fg@one2team.net>]

Le Monday 03 November 2008 20:17:47 Jakub Narebski, vous avez écrit :
> Dnia poniedziałek 3. listopada 2008 19:44, Francis Galiegue napisał:
> > Le Monday 03 November 2008 19:18:56 Jakub Narebski, vous avez écrit :
> 
> > > > Well, as far as Apache is concerned, it can do:
> > > > 
> > > > * basic .htpasswd authentication,
> > > > * LDAP,
> > > > * PAM,
> > > > * SSL certificate check (via mod_ssl),
> > > > * probably others.
> > > > 
> > > > Plenty of possibilities.
> > > [...]
> > > 
> > > Well, the question is if Apache (and other web servers used with
> > > gitweb) can do authentication based on path_info or on query-string.
> > > Because it is encoded in gitweb (via $projectroot) where to find git
> > > repositories...
> > > 
> > 
> > Can you expand on path_info and query-string? Keep in mind that Apache
> > has mod_rewrite, which can rewrite URLs in any way before it gets
> > actually sent to the underlying program (whether it be a CGI or
> > anything else), even badly (or mischievously).
> 
> What I mean here that the following example gitweb URLs
> 
>   http://example.com/gitweb.cgi?p=some/project.git;a=commit;h=HEAD
>   http://example.com/gitweb.cgi/some/project.git/commit/HEAD
> 
> with the following gitweb configuration
> 
>   $projectroot = /var/scm
> 
> both refer to git repository (directory) at
> 
>   /var/scm/some/project.git
> 
> Apache (or other web server) would have to somehow decide based on URL
> that it refers to some project, and based on project and authentication
> decide whether to grant access to it.
> 
> 
> What is more, and what cannot be done by web server alone, is that we
> would want to not show projects which you don't have access to in the
> 'projects_list' page, i.e. at
> 
>   http://example.com/gitweb.cgi
> 

I see the point. Note that the second URL can be converted into the first one with mod_rewrite, and probably the first to the second as well.

As to what repository is accessible to whom, does gitweb really have an internal mechanism for this? Wouldn't it be "better" is privately accessible projects were available on another website to start with?


--