started on auth

Command/P2PHttp.hs

@@ -24,7 +24,16 @@ import Control.Concurrent.STM
 cmd :: Command
 cmd = command "p2phttp" SectionPlumbing
 	"communicate in P2P protocol over http"
-	paramNothing (withParams seek)
+	paramNothing (seek <$$> optParser)
+
+data Options = Options
+	{ cmdParams :: CmdParams
+	, authEnvOption :: Bool
+	, authEnvHttpOption :: Bool
+	, readOnlyOption :: Bool
+	, appendOnlyOption :: Bool
+	, wideOpenOption :: Bool
+	}
 
 seek :: CmdParams -> CommandSeek
 seek ["server"] = startConcurrency commandStages $

P2P/Http.hs

@@ -119,6 +119,7 @@ type GetAPI
 	:> BypassUUIDs
 	:> AssociatedFileParam
 	:> OffsetParam
+	:> AuthHeader
 	:> StreamGet NoFraming OctetStream
 		(Headers '[DataLengthHeader] (SourceIO B.ByteString))
 
@@ -132,6 +133,7 @@ serveGet
 	-> [B64UUID Bypass]
 	-> Maybe B64FilePath
 	-> Maybe Offset
+	-> Maybe Auth
 	-> Handler (Headers '[DataLengthHeader] (S.SourceT IO B.ByteString))
 serveGet = undefined
 
@@ -143,6 +145,7 @@ clientGet
 	-> [B64UUID Bypass]
 	-> Maybe B64FilePath
 	-> Maybe Offset
+	-> Maybe Auth
 	-> ClientM (Headers '[DataLengthHeader] (S.SourceT IO B.ByteString))
 clientGet (ProtocolVersion ver) = case ver of
 	3 -> v3 V3
@@ -563,3 +566,5 @@ type OffsetParam = QueryParam "offset" Offset
 type DataLengthHeader = Header "X-git-annex-data-length" Integer
 
 type LockIDParam = QueryParam' '[Required] "lockid" LockID
+
+type AuthHeader = Header "Authorization" Auth

P2P/Http/State.hs

@@ -26,12 +26,14 @@ import Control.Concurrent.STM
 
 data P2PHttpServerState = P2PHttpServerState
 	{ acquireP2PConnection :: AcquireP2PConnection
+	, getServerMode :: GetServerMode
 	, openLocks :: TMVar (M.Map LockID Locker)
 	}
 
-mkP2PHttpServerState :: AcquireP2PConnection -> IO P2PHttpServerState
-mkP2PHttpServerState acquireconn = P2PHttpServerState
+mkP2PHttpServerState :: AcquireP2PConnection -> GetServerMode -> IO P2PHttpServerState
+mkP2PHttpServerState acquireconn getservermode = P2PHttpServerState
 	<$> pure acquireconn
+	<*> pure getservermode
 	<*> newTMVarIO mempty
 
 withP2PConnection
@@ -61,6 +63,8 @@ withP2PConnection apiver st cu su bypass connaction = do
 		, connectionServerMode = P2P.ServeReadWrite -- XXX auth
 		}
 
+type GetServerMode = IsSecure -> Maybe BasicAuthData -> Maybe P2P.ServerMode
+
 data ConnectionParams = ConnectionParams
 	{ connectionProtocolVersion :: P2P.ProtocolVersion
 	, connectionServerUUID :: UUID

P2P/Http/Types.hs

@@ -98,6 +98,12 @@ data LockResult = LockResult Bool (Maybe LockID)
 newtype UnlockRequest = UnlockRequest Bool
 	deriving (Show, Generic, NFData)
 
+-- Not using servant's build-in basic authentication support,
+-- because whether authentication is needed depends on server
+-- configuration.
+data Auth = Auth T.Text T.Text
+	deriving (Show, Generic, NFData)
+
 newtype ConnectionKeepAlive = ConnectionKeepAlive T.Text
 
 connectionKeepAlive :: ConnectionKeepAlive

doc/design/p2p_protocol_over_http/draft1.mdwn

@@ -19,16 +19,15 @@ underlying data is.
 
 ## authentication
 
-A git-annex protocol endpoint can optionally operate in readonly mode without
-authentication.
+Some requests need authentication. Which requests do depends on the
+configuration of the HTTP server. When a request needs authentication,
+it will fail with 401 Unauthorized.
 
-Authentication is required to make any changes.
+Authentication is done using HTTP basic auth. The realm to use when
+authenticating is "git-annex".
 
-Authentication is done using HTTP basic auth. 
-
-The user is recommended to only authenticate over HTTPS, since otherwise
-HTTP basic auth (as well as git-annex data) can be snooped. But some users
-may want git-annex to use HTTP in eg a LAN.
+Note that HTTP basic auth is not encrypted so is only secure when used
+over HTTPS.
 
 ## protocol version
 
@@ -82,15 +81,13 @@ It is not part of the P2P protocol per se, but is provided to let
 other clients than git-annex easily download the content of keys from the
 http server.
 
-When the key is not present on the server, this returns a 404 Not Found.
+When the key is not present on the server, it will respond
+with 404 Not Found.
 
 ### GET /git-annex/v3/key/$key
 
 Get the content of a key from the server.
 
-This is designed so it can be used both by a peer in the P2P protocol,
-and by a regular HTTP client that just wants to download a file.
-
 Example:
 
     > GET /git-annex/v3/key/SHA1--foo&associatedfile=bar&clientuuid=79a5a1f4-07e8-11ef-873d-97f93ca91925&serveruuid=ecf6d4ca-07e8-11ef-8990-9b8c1f696bf6 HTTP/1.1

doc/git-annex-p2phttp.mdwn

@@ -4,7 +4,7 @@ git-annex-p2phttp - HTTP server for git-annex P2P protocol
 
 # SYNOPSIS
 
-git-annex p2phttp [params ...]
+git-annex p2phttp
 
 # DESCRIPTION
 
@@ -12,6 +12,45 @@ This allows a git-annex repository to be accessed over HTTP.
 It is the git-annex equivilant of git-http-backend(1), for serving
 a repository over HTTP with write access for authenticated users.
 
+# OPTIONS
+
+* `--authenv`
+
+  Allows users to be authenticated with a username and password.
+  For security, this only allows authentication when the user connects over
+  HTTPS.
+
+  To configure the passwords, set environment variables
+  like `GIT_ANNEX_P2PHTTP_PASSWORD_alice=foo123`
+
+  The permissions of users can also be configured by setting
+  environment variables like 
+  `GIT_ANNEX_P2PHTTP_PERMISSIONS_alice=readonly`. The value
+  can be either "readonly" or "appendonly". When this is not set,
+  the default is to give the user full write access.
+
+* `--authenv-http`
+
+  Like `--authenv`, but allows authentication when the user connects
+  over HTTP. This is not secure, since HTTP basic authentication is not
+  encrypted.
+
+* `--readonly`
+
+  Allows unauthenticated users to read the repository, but not make
+  modifications to it.
+
+* `--appendonly`
+
+  Allows unauthenticated users to read the repository, and store data in
+  it, but not remove data from it.
+
+* `--wideopen`
+
+  Gives unauthenticated users full access to the repository.
+
+  Please think carefully before enabling this option.
+
 # SEE ALSO
 
 [[git-annex]](1)