Ensure URL format of git repositories

repositories.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"net/url"
 	"strconv"
 	"strings"
 	"time"
@@ -67,7 +68,6 @@ func declareAPIAuthRepositoriesRoutes(router *gin.RouterGroup) {
 				if r.IdWork == work.(*Work).Id {
 					// Is the URL used elsewhere?
 					repos, _ := getRepositoriesByURI(r.URI)
-					log.Println(repos)
 					if len(repos) > 1 {
 						r.AlreadyUsed = true
 					}
@@ -95,6 +95,28 @@ func declareAPIAuthRepositoriesRoutes(router *gin.RouterGroup) {
 			return
 		}
 
+		uri, err := url.Parse(repository.URI)
+		if err != nil {
+			tmp := strings.Split(repository.URI, ":")
+			if len(tmp) == 2 {
+				uri, err = url.Parse(fmt.Sprintf("ssh://%s/%s", tmp[0], tmp[1]))
+			} else if len(tmp) == 3 {
+				uri, err = url.Parse(fmt.Sprintf("%s://%s/%s", tmp[0], tmp[1], tmp[2]))
+			}
+
+			if err != nil {
+				c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": fmt.Sprintf("invalid repository URL: %s", err.Error())})
+				return
+			}
+		}
+
+		if strings.Contains(uri.Host, "epita.fr") {
+			if !strings.HasPrefix(uri.Path, fmt.Sprintf("/%s/", u.Login)) {
+				c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": "repository URL forbidden"})
+				return
+			}
+		}
+
 		var w *Work
 		if work, ok := c.Get("work"); ok {
 			w = work.(*Work)
@@ -128,7 +150,6 @@ func declareAPIAuthRepositoriesRoutes(router *gin.RouterGroup) {
 
 		// Is the URL used elsewhere?
 		repos, _ := getRepositoriesByURI(repo.URI)
-		log.Println(repos)
 		if len(repos) > 1 {
 			repo.AlreadyUsed = true
 		}