From 300340cfc9cae726e739988bed4bcb3e38e1210b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Thu, 14 Feb 2019 09:51:19 +0100
Subject: [PATCH] Allow https access from git in private mode

---
 scripts/_common.sh | 18 ++++++++++++++++++
 scripts/install    |  5 +----
 scripts/upgrade    |  3 +++
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 62fac07..8723dba 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -81,3 +81,21 @@ set_permission() {
     chmod u=rwX,g=rX,o= "/home/$app"
     chmod u=rwX,g=rX,o= "/var/log/$app"
 }
+
+set_access_settings() {
+    if [ "$is_public" = '1' ]
+    then
+        ynh_app_setting_set $app unprotected_uris "/"
+    else
+        # For an access to the git server by https in private mode we need to allow the access to theses URL :
+        #  - "DOMAIN/PATH/USER/REPOSITORY/info/refs"
+        #  - "DOMAIN/PATH/USER/REPOSITORY/git-upload-pack"
+        #  - "DOMAIN/PATH/USER/REPOSITORY/git-receive-pack"
+
+        excaped_domain=${domain//'.'/'%.'}
+        excaped_domain=${excaped_domain//'-'/'%-'}
+        excaped_path=${path_url//'.'/'%.'}
+        excaped_path=${excaped_path//'-'/'%-'}
+        ynh_app_setting_set $app skipped_regex "$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-receive%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-upload%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/info/refs"
+    fi
+}
diff --git a/scripts/install b/scripts/install
index b592d7b..174ffb5 100644
--- a/scripts/install
+++ b/scripts/install
@@ -104,10 +104,7 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
 #=================================================
 
 # Unprotect root from SSO if public
-if [ "$is_public" = '1' ]
-then
-    ynh_app_setting_set $app unprotected_uris "/"
-fi
+set_access_settings
 
 # Add gitea to YunoHost's monitored services
 yunohost service add "$app" --log "/var/log/$app/$app.log"
diff --git a/scripts/upgrade b/scripts/upgrade
index 54b53b6..898b6fb 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -106,6 +106,9 @@ config_nginx
 # Set permissions
 set_permission
 
+# Unprotect root from SSO if public
+set_access_settings
+
 # Reload services
 # ynh_check_starting "INFO] Listen: http://0.0.0.0:" "/var/log/$app/gitea.log"
 sleep 20