From 9effe1630d97039b3e01cd9b58ed07e75be1d63c Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 25 Feb 2013 08:40:30 -0500
Subject: [PATCH] Merge pull request #75 from thefake/master

---
 src/com/gitblit/DownloadZipServlet.java |  112 +++++++++++++++++++++++++++++++++++++++++--------------
 1 files changed, 83 insertions(+), 29 deletions(-)

diff --git a/src/com/gitblit/DownloadZipServlet.java b/src/com/gitblit/DownloadZipServlet.java
index 32369ae..0feee87 100644
--- a/src/com/gitblit/DownloadZipServlet.java
+++ b/src/com/gitblit/DownloadZipServlet.java
@@ -15,8 +15,12 @@
  */
 package com.gitblit;
 
+import java.io.IOException;
+import java.text.MessageFormat;
+import java.text.ParseException;
 import java.util.Date;
 
+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,20 +29,14 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.gitblit.Constants.AccessRestrictionType;
-import com.gitblit.models.RepositoryModel;
+import com.gitblit.utils.CompressionUtils;
 import com.gitblit.utils.JGitUtils;
+import com.gitblit.utils.MarkdownUtils;
 import com.gitblit.utils.StringUtils;
 
 /**
  * Streams out a zip file from the specified repository for any tree path at any
  * revision.
- * 
- * Unlike the GitServlet and the SyndicationServlet, this servlet is not
- * protected by an AccessRestrictionFilter. It performs its own authorization
- * check, but it does not perform any authentication. The assumption is that
- * requests to this servlet are made via the web ui and not by direct url
- * access.  Unauthorized requests fail with a standard 403 (FORBIDDEN) code.
  * 
  * @author James Moger
  * 
@@ -48,6 +46,25 @@
 	private static final long serialVersionUID = 1L;
 
 	private transient Logger logger = LoggerFactory.getLogger(DownloadZipServlet.class);
+	
+	public static enum Format {
+		zip(".zip"), tar(".tar"), gz(".tar.gz"), xz(".tar.xz"), bzip2(".tar.bzip2");
+		
+		public final String extension;
+		
+		Format(String ext) {
+			this.extension = ext;
+		}
+		
+		public static Format fromName(String name) {
+			for (Format format : values()) {
+				if (format.name().equalsIgnoreCase(name)) {
+					return format;
+				}
+			}
+			return zip;
+		}
+	}
 
 	public DownloadZipServlet() {
 		super();
@@ -60,19 +77,21 @@
 	 * @param repository
 	 * @param objectId
 	 * @param path
+	 * @param format
 	 * @return an url
 	 */
-	public static String asLink(String baseURL, String repository, String objectId, String path) {
+	public static String asLink(String baseURL, String repository, String objectId, String path, Format format) {
 		if (baseURL.length() > 0 && baseURL.charAt(baseURL.length() - 1) == '/') {
 			baseURL = baseURL.substring(0, baseURL.length() - 1);
 		}
 		return baseURL + Constants.ZIP_PATH + "?r=" + repository
 				+ (path == null ? "" : ("&p=" + path))
-				+ (objectId == null ? "" : ("&h=" + objectId));
+				+ (objectId == null ? "" : ("&h=" + objectId))
+				+ (format == null ? "" : ("&format=" + format.name()));
 	}
 
 	/**
-	 * Performs the authorization and zip streaming of the specified elements.
+	 * Creates a zip stream from the repository of the requested data.
 	 * 
 	 * @param request
 	 * @param response
@@ -86,60 +105,95 @@
 			logger.warn("Zip downloads are disabled");
 			response.sendError(HttpServletResponse.SC_FORBIDDEN);
 			return;
-
 		}
+		
+		Format format = Format.zip;
 		String repository = request.getParameter("r");
 		String basePath = request.getParameter("p");
 		String objectId = request.getParameter("h");
-
+		String f = request.getParameter("format");
+		if (!StringUtils.isEmpty(f)) {
+			format = Format.fromName(f);
+		}
+		
 		try {
 			String name = repository;
 			if (name.indexOf('/') > -1) {
 				name = name.substring(name.lastIndexOf('/') + 1);
 			}
+			name = StringUtils.stripDotGit(name);
 
-			// check roles first
-			boolean authorized = request.isUserInRole(Constants.ADMIN_ROLE);
-			authorized |= request.isUserInRole(repository);
-
-			if (!authorized) {
-				RepositoryModel model = GitBlit.self().getRepositoryModel(repository);
-				if (model.accessRestriction.atLeast(AccessRestrictionType.VIEW)) {
-					logger.warn("Unauthorized access via zip servlet for " + model.name);
-					response.sendError(HttpServletResponse.SC_FORBIDDEN);
-					return;
-				}
-			}
 			if (!StringUtils.isEmpty(basePath)) {
 				name += "-" + basePath.replace('/', '_');
 			}
 			if (!StringUtils.isEmpty(objectId)) {
 				name += "-" + objectId;
 			}
-
+						
 			Repository r = GitBlit.self().getRepository(repository);
+			if (r == null) {
+				if (GitBlit.self().isCollectingGarbage(repository)) {
+					error(response, MessageFormat.format("# Error\nGitblit is busy collecting garbage in {0}", repository));
+					return;
+				} else {
+					error(response, MessageFormat.format("# Error\nFailed to find repository {0}", repository));
+					return;
+				}
+			}
 			RevCommit commit = JGitUtils.getCommit(r, objectId);
+			if (commit == null) {
+				error(response, MessageFormat.format("# Error\nFailed to find commit {0}", objectId));
+				r.close();
+				return;
+			}
 			Date date = JGitUtils.getCommitDate(commit);
+
 			String contentType = "application/octet-stream";
 			response.setContentType(contentType + "; charset=" + response.getCharacterEncoding());
-			response.setHeader("Content-Disposition", "attachment; filename=\"" + name + ".zip"
-					+ "\"");
+			response.setHeader("Content-Disposition", "attachment; filename=\"" + name + format.extension + "\"");
 			response.setDateHeader("Last-Modified", date.getTime());
 			response.setHeader("Cache-Control", "no-cache");
 			response.setHeader("Pragma", "no-cache");
 			response.setDateHeader("Expires", 0);
 
 			try {
-				JGitUtils.zip(r, basePath, objectId, response.getOutputStream());
+				switch (format) {
+				case zip:
+					CompressionUtils.zip(r, basePath, objectId, response.getOutputStream());
+					break;
+				case tar:
+					CompressionUtils.tar(r, basePath, objectId, response.getOutputStream());
+					break;
+				case gz:
+					CompressionUtils.gz(r, basePath, objectId, response.getOutputStream());
+					break;
+				case xz:
+					CompressionUtils.xz(r, basePath, objectId, response.getOutputStream());
+					break;
+				case bzip2:
+					CompressionUtils.bzip2(r, basePath, objectId, response.getOutputStream());
+					break;
+				}
+				
 				response.flushBuffer();
 			} catch (Throwable t) {
 				logger.error("Failed to write attachment to client", t);
 			}
+
+			// close the repository
+			r.close();
 		} catch (Throwable t) {
 			logger.error("Failed to write attachment to client", t);
 		}
 	}
 
+	private void error(HttpServletResponse response, String mkd) throws ServletException,
+			IOException, ParseException {
+		String content = MarkdownUtils.transformMarkdown(mkd);
+		response.setContentType("text/html; charset=" + Constants.ENCODING);
+		response.getWriter().write(content);
+	}
+
 	@Override
 	protected void doPost(javax.servlet.http.HttpServletRequest request,
 			javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException,

--
Gitblit v1.9.1