#!/usr/bin/python3

import sys
import os
import re
import yaml
from sys import stderr

repo_regex = re.compile(r'\'([a-zA-Z0-9-]+)(.git)?\'$')
command_regex = re.compile('^[a-zA-Z0-9-]+')

valid_ro_commands=('git-upload-pack')
valid_rw_commands=('git-upload-pack', 'git-receive-pack')

#print >>sys.stderr, "command d'org: %s" % os.environ['SSH_ORIGINAL_COMMAND']

if 'SSH_ORIGINAL_COMMAND' not in os.environ:
        print('You are not authorized to login directly.', file=stderr)
        sys.exit(1)

ssh_original_command = os.environ['SSH_ORIGINAL_COMMAND']
user = sys.argv[1]

conf = yaml.load(open('/home/calendros/seele/git/config.yaml', 'r'))
#print('conf: ', conf)

if user not in conf:
    print('access not allowed for user {}.'.format(user), file=stderr)
    sys.exit(1)

if ssh_original_command == 'ls' or ssh_original_command == 'list':
    print('\n'.join([repo for repo in conf[user].keys()]))
    sys.exit(0)

repo = repo_regex.findall(ssh_original_command)[0][0]
if repo.endswith('.git'):
    repo = repo[:-4]

if repo not in conf[user].keys():
    print('repository {} not allowed for {}.'.format(repo, user), file=stderr)
    sys.exit(1)

command = command_regex.findall(ssh_original_command)[0]

if ((conf[user][repo] == 'rw' and command not in valid_rw_commands)
        or (conf[user][repo] == 'ro' and command not in valid_ro_commands)):
    print('command {} not allowed for {}.'.format(command, user), file=stderr)
    sys.exit(1)

os.chdir(os.path.join(
        os.path.dirname(os.path.abspath(__file__)),
        'repositories'))

command_map = {
    'git-upload-pack': lambda: os.execv('/usr/bin/git-upload-pack',
        ['/usr/bin/git-upload-pack', '--strict', '--timeout=600', repo]),
    'git-receive-pack': lambda: os.execv('/usr/bin/git-receive-pack',
        ['/usr/bin/git-receive-pack', repo])
    }

command_map[command]()