xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
<root> / tests / http.inc.php (9fa546552927036b3b15b8eaf8e95e313f7b58be) (6,709B) (mode 100644) [raw]
<?php

if (!isset($test_ua))
	$test_ua = "curl";

/*
 * Data is an array
 */
function do_req($url, &$data, &$headers)
{
	global $test_ua, $test_referer;

	if (!is_array($data))
		$data = array();

	$data['rg_debug'] = 1;

	if (!is_array($headers)) {
		rg_log("Headers is not an array, reset it.");
		$headers = array();
	}

	rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)
		. "headers=" . print_r($headers, TRUE));

	$c = curl_init($url);
	if (count($data) > 0) {
		curl_setopt($c, CURLOPT_POST, 1);
		curl_setopt($c, CURLOPT_POSTFIELDS, $data);
	} else {
		if (!strstr($url, '?'))
			$url .= '?rg_debug=1';
		else
			$url .= '&rg_debug=1';
	}
	curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);
	// We cannot use this because we will not have a
	// chance to capture the sid.
	//curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($c, CURLOPT_HEADER, 1);
	curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
	curl_setopt($c, CURLOPT_USERAGENT, $test_ua);
	curl_setopt($c, CURLOPT_REFERER, $test_referer);
	curl_setopt($c, CURLOPT_CERTINFO, TRUE);
	curl_setopt($c, CURLOPT_VERBOSE, TRUE);

	$err = @fopen('php://temp', 'w');
	if ($err !== FALSE) {
		curl_setopt($c, CURLOPT_STDERR, $err);
	} else {
		rg_log('Cannot open stderr redirection!');
	}

	$r = curl_exec($c);

	if ($err !== FALSE) {
		rewind($err);
		$xerr = @fread($err, 16 * 4096);
		fclose($err);
		rg_log_ml($xerr);
	}

	if ($r === FALSE) {
		rg_log_ml("Cannot load (url=$url), data: "
			. print_r($data, TRUE));
		rg_log("curl error: " . curl_error($c));
		return FALSE;
	}

	$ret = array();
	$header_size = curl_getinfo($c, CURLINFO_HEADER_SIZE);
	$ret['header'] = substr($r, 0, $header_size);
	$ret['body'] = substr($r, $header_size);
	curl_close($c);

	// Check for XSS
	if (stristr($ret['body'], '<xss>')) {
		file_put_contents('http_xss.out', $ret['body']);
		rg_log("Found <xss> token! Check http_xss.out. Not good!");
		exit(1);
	}

	// Check with tidy
	if (!empty($ret['body'])) { // we may have a redirect
		// some fixes
		$ret['body'] = str_replace('autocomplete="off"', '', $ret['body']);
		$ret['body'] = str_replace('<xss>', '|xss|', $ret['body']);
		file_put_contents("http.tidy.in", $ret['body']);
		$cmd = "tidy -errors -utf8 -file http.tidy.out http.tidy.in";
		system($cmd, $ec);
		if ($ec != 0) {
			echo "tidy ec=$ec\n";
			echo file_get_contents("http.tidy.out");
			exit(1);
		}
	}

	// Check if a '@@' is present
	if (strstr($ret['body'], '@@')) {
		$t = explode('@@', $ret['body']);
		$t = explode("\n", $t[1]);
		rg_log_ml("We have unresolved variables: [" . $t[0] . "]!");
		exit(1);
	}

	// find sid
	$x = preg_match('/Set-Cookie: sid=([a-zA-Z0-9]*)/', $ret['header'], $matches);
	if (($x === FALSE) || (!isset($matches[1]))) {
		$ret['sid'] = "";
		//rg_log("CHECK: no sid found");
	} else {
		$ret['sid'] = $matches[1];
	}

	$ret['tokens'] = array();
	$x = preg_match_all('/ name="token" value="([a-zA-Z0-9_:]*)"/',
		$ret['body'], $matches);
	//rg_log_ml('DEBUG: matches: ' . print_r($matches, TRUE));
	if (($x === FALSE) || (!isset($matches[1]))) {
		//rg_log("CHECK: no token found");
	} else {
		foreach ($matches[1] as $m) {
			$t = explode(':', $m);
			if (!isset($t[1])) {
				rg_log_ml('body: ' . print_r($ret['body'], TRUE));
				rg_log_ml('matches: ' . print_r($matches[1], TRUE));
				rg_log('Invalid debug token: ' . $m);
				exit(1);
			}
			$ret['tokens'][$t[1]] = $t[0];
		}
	}
	rg_log_ml('DEBUG ret[tokens]: ' . print_r($ret['tokens'], TRUE));

	// find logout token
	$x = preg_match('/logout\?token=([a-zA-Z0-9:]*)"/', $ret['body'], $matches);
	//rg_log_ml('DEBUG: matches[logout]: ' . print_r($matches, TRUE));
	if (($x === FALSE) || (!isset($matches[1]))) {
		$ret['tokens']['logout'] = '';
	} else {
		$t = explode(':', $matches[1]);
		$ret['tokens']['logout'] = $t[0];
	}

	$ret['totp_secret'] = FALSE;
	$x = preg_match_all('/ class="secret_token">([A-Z0-9]*)</', $ret['body'], $matches);
	if (($x !== FALSE) && (isset($matches[1])) && isset($matches[1][0])) {
		$ret['totp_secret'] = $matches[1][0];
		rg_log('DEBUG ret[totp_secret]=' . $ret['totp_secret']);
	}

	$x = preg_match('/Location: (.*)\s/', $ret['header'], $matches);
	if ($x === 1) {
		if (strncmp($url, "http://", 7) == 0)
			$url = substr($url, 7);
		rg_log("redirect to url=$url");
		$t = explode("/", $url, 2);
		$new = "http://" . $t[0] . trim($matches[1]);
		//rg_log("Redirecting to $new...");
		$data = array();
		if (!empty($ret['sid']))
			$headers = array("Cookie: sid=" . $ret['sid']);
		$f = do_req($new, $data, $headers);
		if (empty($f['sid']))
			$f['sid'] = $ret['sid'];
		return $f;
	}

	@rename('http-last.out', 'http-prev.out');
	file_put_contents('http-last.out', $ret['body']);

	return $ret;
}

/*
 * Helper function that will do the login and will return the good sid
 */
function test_login($url, $rg_ui, &$good_sid)
{
	global $test_ua;

	// First we need to load the form so we can get the token
	// We provide an old cookie to test if we generate a new pre-login one
	$data = array();
	$headers = array("Cookie: sid=d978671c2cd12fba05be218bb1653c1ce7bfb947");
	$r = do_req($url . "/op/login", $data, $headers);
	if ($r === FALSE) {
		echo "Cannot load login form.\n";
		return FALSE;
	}
	$good_sid = $r['sid'];
	$good_token = $r['tokens']['login'];
	rg_log("good: sid=$good_sid token=$good_token");
	if (strncmp($good_sid, "X", 1) != 0) {
		rg_log("Seems we did not get a pre-login session!");
		return FALSE;
	}

	// Now, post login form
	rg_log("Do the real login post request");
	$data = array(
		"doit" => 1,
		"token" => $good_token,
		"user" => $rg_ui['username'],
		"pass" => $rg_ui['pass'],
		"lock_ip" => 1
	);
	$headers = array("Cookie: sid=" . $good_sid);
	$r = do_req($url . "/op/login", $data, $headers);
	if ($r === FALSE) {
		rg_log_ml("Cannot login: " . print_r($r, TRUE));
		return FALSE;
	}
	$good_sid = $r['sid'];

	if (strstr($r['body'], "invalid user")) {
		rg_log_ml(print_r($r, TRUE));
		rg_log("Login invalid. Check above!");
		return FALSE;
	}

	return $r;
}

/*
 * Restore password aaaa for user catab
 */
function test_restore($db)
{
	$salt = 'd0a41957b835fbf7bfe63b750db15108cc048259';
	$pass = 'aaaa';
	$pass = rg_user_pass($salt, $pass);
	$sql = "UPDATE users SET salt = '$salt'"
		. ", pass = '$pass'"
		. ", session_time = 3600"
		. " WHERE username = 'catab'";
	$res = rg_sql_query($db, $sql);
	if ($res == FALSE) {
		rg_log("Cannot update (" . rg_sql_error() . ")!");
		exit(1);
	}
	rg_sql_free_result($res);

	rg_cache_unset('user::4::info', RG_SOCKET_NO_WAIT);
}

/*
 * Set user agent
 */
function test_set_ua($s)
{
	global $test_ua;

	$test_ua = $s;
}

/*
 * Set referer
 */
function test_set_referer($s)
{
	global $test_referer;

	$test_referer = $s;
}

?>
Hints

Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master