diff --git a/bin/gandalf.go b/bin/gandalf.go index 6a30987..eeff9c9 100644 --- a/bin/gandalf.go +++ b/bin/gandalf.go @@ -83,6 +83,14 @@ func requestedRepository() (repository.Repository, error) { // The following format is allowed: // (git-[a-z-]+) '/?([\w-+@][\w-+.@]*/)?([\w-]+)\.git' func parseGitCommand() (command, name string, err error) { + // The following regex validates the git command, which is in the form: + // [/] + // with namespace being optional. If a namespace is used, we validate it + // according to the following: + // - a namespace is optional + // - a namespace contains only alphanumerics, underlines, @´s, -´s, +´s + // and periods but it does not start with a period (.) + // - one and exactly one slash (/) separates namespace and the actual name r, err := regexp.Compile(`(git-[a-z-]+) '/?([\w-+@][\w-+.@]*/)?([\w-]+)\.git'`) if err != nil { panic(err) diff --git a/repository/repository.go b/repository/repository.go index 567064a..ab00f9e 100644 --- a/repository/repository.go +++ b/repository/repository.go @@ -257,11 +257,15 @@ func (r *Repository) ReadOnlyURL() string { // A valid repository MUST have: // - a name without any special chars only alphanumeric and underlines are allowed. // - at least one user in users array -// A valid repository MAY have one namespace since: -// - one slash (/) separates namespace and name -// - a namespace does not start with period -// - a namespace contains ony alphanumeric, underlines @, - and period +// A valid repository MAY have one namespace since the following is obeyed: +// - a namespace is optional +// - a namespace contains only alphanumerics, underlines, @´s, -´s, +´s and +// periods but it does not start with a period (.) +// - one and exactly one slash (/) separates namespace and the actual name func (r *Repository) isValid() (bool, error) { + // The following regex validates the name of a repository, which may + // contain a namespace. If a namespace is used, we validate it + // accordingly (see comments above) m, e := regexp.Match(`^([\w-+@][\w-+.@]*/)?[\w-]+$`, []byte(r.Name)) if e != nil { panic(e)