Skip to content

G
gitlab-workhorse
Commit 13f6a040 authored by Kirill Smelkov's avatar Kirill Smelkov
Browse files
Options

.

parent 38d44f67
Show whitespace changes
Inline Side-by-side
Showing with 83 additions and 42 deletions
main_test.go
View file @ 13f6a040
...@@ -460,8 +460,17 @@ func sha1s(data []byte) string { ...@@ -460,8 +460,17 @@ func sha1s(data []byte) string {
return fmt.Sprintf("%x", sha1.Sum(data)) return fmt.Sprintf("%x", sha1.Sum(data))
} }
func download(t *testing.T, url string) (*http.Response, []byte) { func download(t *testing.T, url string, h http.Header) (*http.Response, []byte) {
resp, err := http.Get(url) req, err := http.NewRequest("GET", url, nil)
if err != nil {
t.Fatal(err)
}
// copy header to request
for k,v := range h {
req.Header[k] = v
}
client := &http.Client{}
resp, err := client.Do(req)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
...@@ -473,65 +482,87 @@ func download(t *testing.T, url string) (*http.Response, []byte) { ...@@ -473,65 +482,87 @@ func download(t *testing.T, url string) (*http.Response, []byte) {
return resp, body return resp, body
} }
func TestAllowedBlobDownload(t *testing.T) { // Context for downloading & verifying paths under URL prefix
// Prepare test server and backend type DownloadContext struct {
ts := testAuthServer(nil, 200, gitOkBody(t)) t *testing.T
defer ts.Close() urlPrefix string
ws := startWorkhorseServer(ts.URL) Header http.Header
defer ws.Close() }
func DownloadContextNew(t *testing.T, urlPrefix string) *DownloadContext {
h := make(http.Header)
return &DownloadContext{t, urlPrefix, h}
}
func (dl DownloadContext) downloadRaw(path string) (*http.Response, []byte) {
return download(dl.t, dl.urlPrefix + path, dl.Header)
}
downloadRaw := func (refpath string) (*http.Response, []byte) { // download `path` and expect content sha1 to be `expectSha1`
return download(t, fmt.Sprintf("%s/%s/raw/%s", ws.URL, testProject, refpath)) func (dl DownloadContext) ExpectSha1(path, expectSha1 string) {
resp, out := dl.downloadRaw(path)
if resp.StatusCode != 200 {
dl.t.Fatalf("Unexpected status code (expected 200, got %v)", resp.StatusCode)
} }
downloadAndExpectSha1 := func (refpath, expectSha1 string) {
_, out := downloadRaw(refpath)
outSha1 := sha1s(out) outSha1 := sha1s(out)
if outSha1 != expectSha1 { if outSha1 != expectSha1 {
t.Fatal("Unexpected content in blob download") dl.t.Fatal("Unexpected content in blob download")
}
}
downloadAndExpect := func (refpath, expect string) {
downloadAndExpectSha1(refpath, sha1s([]byte(expect)))
} }
}
// download `path` and expect content data to be `expect`
func (dl DownloadContext) Expect(path, expect string) {
dl.ExpectSha1(path, sha1s([]byte(expect)))
}
downloadAndExpect("5f923865/README.md", "testme\n======\n\nSample repo for testing gitlab features\n") // download `path` and expect HTTP status code to be `code`
downloadAndExpectSha1("5f923865/files/ruby/popen.rb", "68990cc20fa74383358797a27967fa2b45d7d8f6") func (dl DownloadContext) ExpectCode(path string, code int) {
downloadAndExpectSha1("874797c3/files/ruby/popen.rb", "4c266708f2bfd7ca3fed3f7ec74253f92ff3fe73") resp, _ := dl.downloadRaw(path)
resp, _ := downloadRaw("master/non-existing-file") if resp.StatusCode != code {
if resp.StatusCode != 404 { dl.t.Fatalf("Unexpected status code (expected %v, got %v)", code, resp.StatusCode)
t.Fatalf("Unexpected status code (expected 404, got %v)", resp.StatusCode)
} }
} }
func TestBlobDownload(t *testing.T) {
// Prepare test server and "all-ok" auth backend
ts := testAuthServer(nil, 200, gitOkBody(t))
defer ts.Close()
ws := startWorkhorseServer(ts.URL)
defer ws.Close()
dl := DownloadContextNew(t, fmt.Sprintf("%s/%s/raw", ws.URL, testProject))
dl.Expect("/5f923865/README.md", "testme\n======\n\nSample repo for testing gitlab features\n")
dl.ExpectSha1("/5f923865/README.md", "5f7af35c185a9e5face2f4afb6d7c4f00328d04c")
dl.ExpectSha1("/5f923865/files/ruby/popen.rb", "68990cc20fa74383358797a27967fa2b45d7d8f6")
dl.ExpectSha1("/874797c3/files/ruby/popen.rb", "4c266708f2bfd7ca3fed3f7ec74253f92ff3fe73")
dl.ExpectCode("/master/non-existing-file", 404)
}
func TestDeniedBlobDownload(t *testing.T) { func TestDeniedBlobDownload(t *testing.T) {
// Prepare test server and backend // Prepare test server and "all-deny" auth backend
ts := testAuthServer(nil, 403, "Access denied") ts := testAuthServer(nil, 403, "Access denied")
defer ts.Close() defer ts.Close()
ws := startWorkhorseServer(ts.URL) ws := startWorkhorseServer(ts.URL)
defer ws.Close() defer ws.Close()
dl := DownloadContextNew(t, fmt.Sprintf("%s/%s/raw", ws.URL, testProject))
downloadAndExpect := func (refpath string, code int) { dl.ExpectCode("/5f923865/README.md", 403)
resp, _ := download(t, fmt.Sprintf("%s/%s/raw/%s", ws.URL, testProject, refpath)) dl.ExpectCode("/5f923865/files/ruby/popen.rb", 403)
if resp.StatusCode != code { dl.ExpectCode("/874797c3/files/ruby/popen.rb", 403)
t.Fatalf("Unexpected status code (expected %v, got %v)", code, resp.StatusCode) dl.ExpectCode("/master/non-existing-file", 403)
}
}
downloadAndExpect("5f923865/README.md", 403)
downloadAndExpect("5f923865/files/ruby/popen.rb", 403)
downloadAndExpect("874797c3/files/ruby/popen.rb", 403)
downloadAndExpect("master/non-existing-file", 403)
} }
func TestPrivateBlobDownload(t *testing.T) { func TestPrivateBlobDownload(t *testing.T) {
// Prepare test server and auth backend:
// access is ok if token is provided either via query or via header // access is ok if token is provided either via query or via header
ts := testServerWithHandler(url, func(w, http.ResponseWriter, r *http.Request) { ts := testServerWithHandler(nil, func(w http.ResponseWriter, r *http.Request) {
log.Println("UPSTREAM", r.Method, r.URL) log.Println("UPSTREAM", r.Method, r.URL)
token_ok1 := r.URL.Query().Get("aaa_token") == "TOKEN-4AAA" token_ok1 := r.URL.Query().Get("aaa_token") == "TOKEN-4AAA"
token_ok2 := r.Header.Get("BBB-TOKEN") == "TOKEN-4BBB" token_ok2 := r.Header.Get("BBB-TOKEN") == "TOKEN-4BBB"
if !(token_ok1 || token_ok2) { if !(token_ok1 || token_ok2) {
w.WriteHeader(403) w.WriteHeader(403)
fmt.Fprintf("w", "Access denied") fmt.Fprintf(w, "Access denied")
return
} }
data, err := json.Marshal(gitOkBody(t)) data, err := json.Marshal(gitOkBody(t))
...@@ -541,10 +572,20 @@ func TestPrivateBlobDownload(t *testing.T) { ...@@ -541,10 +572,20 @@ func TestPrivateBlobDownload(t *testing.T) {
w.WriteHeader(200) w.WriteHeader(200)
w.Write(data) w.Write(data)
} })
defer ts.Close() defer ts.Close()
ws := startWorkhorseServer(ts.URL) ws := startWorkhorseServer(ts.URL)
defer ws.Close() defer ws.Close()
dl := DownloadContextNew(t, fmt.Sprintf("%s/%s/raw", ws.URL, testProject))
download(t, "%s/%s/raw/5f923865/README.md
dl.ExpectCode("/5f923865/README.md", 403)
dl.ExpectCode("/5f923865/README.md?bbb_token=TOKEN-4BBB", 403)
dl.ExpectCode("/5f923865/README.md?aaa_token=TOKEN-4AAA", 200)
dl.ExpectSha1("/5f923865/README.md?aaa_token=TOKEN-4AAA", "5f7af35c185a9e5face2f4afb6d7c4f00328d04c")
dl.Header.Add("AAA-TOKEN", "TOKEN-4AAA")
dl.ExpectCode("/5f923865/README.md", 403)
dl.Header.Add("BBB-TOKEN", "TOKEN-4BBB")
dl.ExpectCode("/5f923865/README.md", 200)
dl.ExpectSha1("/5f923865/README.md", "5f7af35c185a9e5face2f4afb6d7c4f00328d04c")
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7