#!/bin/bash
# This script acts as a wrapper for git commands when the git user connects via SSH. It ensures that only allowed git commands are executed and that they are executed in the correct context.

# Check if the SSH_ORIGINAL_COMMAND environment variable is set. This variable contains the command that the user attempted to execute when connecting via SSH.
if [ -z "$SSH_ORIGINAL_COMMAND" ]; then
    echo "Interactive login not permitted" >&2
    exit 1
fi

# Handle git init to create new bare repositories
if [[ "$SSH_ORIGINAL_COMMAND" == git\ init* ]]; then
    repo=$(echo "$SSH_ORIGINAL_COMMAND" | awk '{print $NF}')

    # Block path traversal attempts and absolute paths
    if [[ "$repo" == *..* ]] || [[ "$repo" == /* ]]; then
        echo "Invalid path" >&2
        exit 1
    fi

    path="/repositories/$repo"

    # Check if the repository already exists
    if [ -d "$path" ]; then
        echo "Repository already exists: $repo" >&2
        exit 1
    fi

    exec git init --bare "$path"
fi

# Normalize the SSH_ORIGINAL_COMMAND as modern Git clients can send either form depending on version and protocol negotiation
SSH_ORIGINAL_COMMAND=$(echo "$SSH_ORIGINAL_COMMAND" | sed \
    's/^git upload-pack/git-upload-pack/;
     s/^git receive-pack/git-receive-pack/;
     s/^git upload-archive/git-upload-archive/')

# Parse the SSH_ORIGINAL_COMMAND to extract the git command and the repository path. The expected format is something like "git-upload-pack 'repository.git'".
cmd=$(echo "$SSH_ORIGINAL_COMMAND" | cut -d' ' -f1)
path=$(echo "$SSH_ORIGINAL_COMMAND" | cut -d"'" -f2)

# Block path traversal attempts
if [[ "$path" == *..* ]]; then
    echo "Invalid path" >&2
    exit 1
fi

case "$cmd" in
    # Allow only specific git commands and ensure that the repository path is correctly prefixed with /repositories if it's not an absolute path.
    git-upload-pack|git-receive-pack|git-upload-archive)
        # If the path is not an absolute path, prefix it with /repositories to ensure that all git operations are confined to the /repositories directory.
        [[ "$path" != /* ]] && path="/repositories/$path"

        # Check if the repository exists at the specified path
        if [ ! -d "$path" ]; then
            echo "Repository not found: $path" >&2
            exit 1
        fi

        exec "$cmd" "$path"
        ;;
    # If the command is not one of the allowed git commands, reject it and print an error message.
    *)
        echo "Command not allowed: $cmd" >&2
        exit 1
        ;;
esac