diff options
Diffstat (limited to 'modules/viewvc')
| -rw-r--r-- | modules/viewvc/files/robots.txt | 29 | ||||
| -rw-r--r-- | modules/viewvc/files/setcookieredirect.html | 28 | ||||
| -rw-r--r-- | modules/viewvc/manifests/init.pp | 53 | ||||
| -rw-r--r-- | modules/viewvc/manifests/var.pp | 9 | ||||
| -rwxr-xr-x | modules/viewvc/templates/kill_viewvc.sh | 11 | ||||
| -rw-r--r-- | modules/viewvc/templates/vhost.conf | 2 | ||||
| -rw-r--r-- | modules/viewvc/templates/viewvc.conf | 8 |
7 files changed, 120 insertions, 20 deletions
diff --git a/modules/viewvc/files/robots.txt b/modules/viewvc/files/robots.txt new file mode 100644 index 00000000..dbb13834 --- /dev/null +++ b/modules/viewvc/files/robots.txt @@ -0,0 +1,29 @@ +User-agent: Googlebot +User-agent: Baiduspider +User-agent: bingbot +User-agent: YandexBot +User-agent: Mail.RU_Bot +User-agent: MJ12bot +User-agent: ClaudeBot +User-agent: Amazonbot +User-agent: PetalBot +User-agent: Bytespider +User-agent: facebookexternalhit +Disallow: /*/tags/ +Disallow: *?view=annotate* +Disallow: *?annotate=* +Disallow: *?view=diff* +Disallow: *?r1=* +Disallow: *sortby=* +Disallow: *sortdir=* +Disallow: *?revision=*&view=markup&* +Disallow: *pathrev=* +Disallow: *?*&view=log* +Disallow: *view=log&* +Disallow: *diff_format=* +User-agent: AhrefsBot +Disallow: / +User-agent: Sogou web spider +Disallow: / +User-agent: * +Crawl-delay: 30 diff --git a/modules/viewvc/files/setcookieredirect.html b/modules/viewvc/files/setcookieredirect.html new file mode 100644 index 00000000..fe98b9dc --- /dev/null +++ b/modules/viewvc/files/setcookieredirect.html @@ -0,0 +1,28 @@ +<!DOCTYPE html> +<html> + <head> + <title>User check</title> + <script type="text/javascript" defer> + const randomValue = "6436"; // Chosen by fair dice roll. Guaranteed to be random. + document.cookie = `session=${randomValue}; path=/; expires=${new Date(Date.now() + 24*3600*1000).toUTCString()}`; + const params = new Proxy(new URLSearchParams(window.location.search), { + get: (searchParams, prop) => searchParams.get(prop), + }); + let path = params.to; + // Sanitize redirect path to avoid malicious arbitrary redirects + if (/^\/[-a-zA-Z0-9~_.?&=/+]*$/.test(decodeURIComponent(path))) { + const current = new URL(window.location.toLocaleString()); + window.location.href = encodeURI(current.origin + decodeURIComponent(path)); + } else { + window.onload = function() { + document.getElementById('error').innerHTML = 'Error! Bad redirect location!'; + } + } + </script> + </head> + <body> + Redirecting back... + <br> + <p id="error"><!-- space for error message --></p> + </body> +</html> diff --git a/modules/viewvc/manifests/init.pp b/modules/viewvc/manifests/init.pp index 882fe288..bd676f29 100644 --- a/modules/viewvc/manifests/init.pp +++ b/modules/viewvc/manifests/init.pp @@ -1,13 +1,15 @@ class viewvc { + include apache::mod::fcgid + include viewvc::var package {['viewvc', - 'python-svn', + 'python2-svn', 'python-flup']: } # http_expiration_time = 600 # svn_roots = admin: svn://svn.mageia.org/svn/adm/ file { '/etc/viewvc/viewvc.conf': - content => template('viewvc/viewvc.conf'), + content => template($viewvc::var::tmpl_viewvc_conf), notify => Service['apache'], require => Package['viewvc'], } @@ -16,7 +18,7 @@ class viewvc { webapp_file => 'viewvc/webapp.conf', } - local_script { 'kill_viewvc': + mga_common::local_script { 'kill_viewvc': content => template('viewvc/kill_viewvc.sh'), } @@ -28,10 +30,45 @@ class viewvc { environment => 'MAILTO=root', } - apache::vhost::base { "svnweb.$::domain": - aliases => {'/viewvc' => '/var/www/viewvc/', - '/' => '/usr/share/viewvc/bin/wsgi/viewvc.fcgi/'}, - content => template('viewvc/vhost.conf') + $viewvc_docroot = '/usr/share/viewvc/templates/docroot' + $robotsfile = "$viewvc_docroot/robots.txt" + file { $robotsfile: + ensure => present, + mode => '0644', + owner => root, + group => root, + source => 'puppet:///modules/viewvc/robots.txt', + } + + file { "$viewvc_docroot/setcookieredirect.html": + ensure => present, + mode => '0644', + owner => root, + group => root, + source => 'puppet:///modules/viewvc/setcookieredirect.html', + } + + $vhost_aliases = { + '/viewvc' => $viewvc_docroot, + '/robots.txt' => $robotsfile, + '/_check' => "$viewvc_docroot/setcookieredirect.html", + } + + $script_aliases = { + '/' => '/usr/share/viewvc/bin/wsgi/viewvc.fcgi/', + } + + $process = 4 + + apache::vhost::base { $viewvc::var::hostname: + aliases => $vhost_aliases, + content => template('apache/vhost_fcgid_norobot.conf'), } -} + apache::vhost::base { "ssl_${viewvc::var::hostname}": + vhost => $viewvc::var::hostname, + use_ssl => true, + aliases => $vhost_aliases, + content => template('apache/vhost_fcgid_norobot.conf'), + } +} diff --git a/modules/viewvc/manifests/var.pp b/modules/viewvc/manifests/var.pp new file mode 100644 index 00000000..9027d808 --- /dev/null +++ b/modules/viewvc/manifests/var.pp @@ -0,0 +1,9 @@ +# $hostname: +# vhost used by viewvc +# $tmpl_viewvc_conf: +# path to /etc/viewvc.conf template file +class viewvc::var( + $hostname = "svnweb.${::domain}", + $tmpl_viewvc_conf = 'viewvc/viewvc.conf' +) { +} diff --git a/modules/viewvc/templates/kill_viewvc.sh b/modules/viewvc/templates/kill_viewvc.sh index 4c27d3f3..7283a10c 100755 --- a/modules/viewvc/templates/kill_viewvc.sh +++ b/modules/viewvc/templates/kill_viewvc.sh @@ -1,13 +1,12 @@ #!/bin/sh +# Kill viewvc if the process gets too large +max_memory=1000000 # size in KiB -max_memory=1000000 - -for process in `pgrep viewvc.fcgi` +for process in $(pgrep viewvc.fcgi) do process_mem=$(pmap "$process" | grep total | sed 's/ \+total \+\([[:digit:]]\+\)K/\1/') - if [ "$process_mem" -gt "$max_memory" ] + if [ -n "$process_mem" ] && [ "$process_mem" -gt "$max_memory" ] then - kill -15 "$process" + kill -15 "$process" fi done - diff --git a/modules/viewvc/templates/vhost.conf b/modules/viewvc/templates/vhost.conf deleted file mode 100644 index 28916f98..00000000 --- a/modules/viewvc/templates/vhost.conf +++ /dev/null @@ -1,2 +0,0 @@ - FastCgiServer /usr/share/viewvc/bin/wsgi/viewvc.fcgi -processes 4 -idle-timeout 30 - diff --git a/modules/viewvc/templates/viewvc.conf b/modules/viewvc/templates/viewvc.conf index 920aa9ed..dec74771 100644 --- a/modules/viewvc/templates/viewvc.conf +++ b/modules/viewvc/templates/viewvc.conf @@ -113,7 +113,7 @@ ## repositories may reside. Rather than force you to add a new entry ## to 'cvs_roots' or 'svn_roots' each time you create a new repository, ## ViewVC rewards you for organising all your repositories under a few -## parent directories by allowing you to simply specifiy just those +## parent directories by allowing you to simply specify just those ## parent directories. ViewVC will then notice each repository in that ## directory as a new root whose name is the subdirectory of the parent ## path in which that repository lives. @@ -326,7 +326,7 @@ mime_types_files = /etc/viewvc/mimetypes.conf, /etc/httpd/conf/mime.types #checkout_magic = 0 ## allowed_views: List the ViewVC views which are enabled. Views not -## in this comma-delited list will not be served (or, will return an +## in this comma-delimited list will not be served (or, will return an ## error on attempted access). ## Possible values: "annotate", "co", "diff", "markup", "roots", "tar" ## @@ -484,7 +484,7 @@ http_expiration_time = 600 ## #hr_funout = 0 -## hr_ignore_white: Ignore whitespace (indendation and stuff) for human +## hr_ignore_white: Ignore whitespace (indentation and stuff) for human ## readable diffs. ## ('-w' option to diff) ## @@ -650,7 +650,7 @@ log_pagesize = 100 ## directory specified by the "template_dir" configuration option (see ## the documentation for that option for details). But if you want to ## use a different template for a particular view, simply uncomment the -## appropriate option below and specify the currect location of the EZT +## appropriate option below and specify the correct location of the EZT ## template file you wish to use for that view. ## ## Templates are specified relative to the configured template |