.

authorization.go

@@ -8,12 +8,11 @@ import (
 	"log"
 	"net/http"
 	"strings"
-	"time"
 )
 
 func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHandleFunc {
 	return func(w http.ResponseWriter, r *gitRequest) {
-		Tstart := time.Now()
+		//Tstart := time.Now()
 		//log.Printf("AUTH1")
 		authReq, err := r.u.newUpstreamRequest(r.Request, nil, suffix)
 		if err != nil {
@@ -66,13 +65,13 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan
 			}
 		}
 
-		Tendauth := time.Now()
+		//Tendauth := time.Now()
 
 		handleFunc(w, r)
 
-		Tend := time.Now()
-		log.Printf("Tauth:\t%s", Tendauth.Sub(Tstart))
-		log.Printf("Tauth+handle:\t%s", Tend.Sub(Tstart))
+		//Tend := time.Now()
+		//log.Printf("Tauth:\t%s", Tendauth.Sub(Tstart))
+		//log.Printf("Tauth+handle:\t%s", Tend.Sub(Tstart))
 	}
 }
 

blob.go

@@ -9,6 +9,7 @@ package main
 
 import (
 	"bufio"
+	"errors"
 	"fmt"
 	"io"
 	"log"
@@ -23,7 +24,7 @@ import (
 type AuthReply struct {
 	// raw reply from auth backend & preAuthorizeHandler().
 	// recorded so we can replay it from auth cache to each client in full
-	// if access is rejected.
+	// if access is rejected.	XXX for accepted too? (see WWW-Authenticate in preAuthorizeHandler)
 	RawReply *httptest.ResponseRecorder
 
 	// decoded auth reply
@@ -48,7 +49,7 @@ type AuthCacheEntry struct {
 var authCache = make(map[string]*AuthCacheEntry)
 
 // Time period for refreshing / removing unused entires in authCache
-const authCacheRefresh = 30 * time.Second
+const authCacheRefresh = 5 * time.Second	// XXX 30
 
 // Goroutine to refresh auth cache entry periodically while it is used.
 // if the entry is detected to be not used - remove it from cache and stop refreshing.
@@ -77,6 +78,7 @@ func authRefreshEntry(u *upstream, project string) {
 		log.Printf("AUTH - refreshing %v", project)
 		// XXX what if it stucks?
 		authReply, err := askAuthBackend(u, project)
+		log.Printf("<- err: %v", err)
 		if err != nil {
 			// an error -> delete entry from cache and be done with
 			// refreshing	XXX lock, unify with ^^^
@@ -91,8 +93,12 @@ func authRefreshEntry(u *upstream, project string) {
 	}
 }
 
-// Ask auth backend about whether download is ok for a project
-func askAuthBackend(u *upstream, project string) (AuthReply, error) {
+// Ask auth backend about whether download is ok for a project.
+// Authorization is approved if AuthReply.RepoPath != "" on return
+// In case of errors, diagnostic is emitted to AuthReply.RawReply XXX not only diagnostic
+var ErrAuthFailed = errors.New("authorization failed")
+
+func askAuthBackend(u *upstream, project string) AuthReply {
 	authReply := AuthReply{
 		RawReply: httptest.NewRecorder(),
 	}
@@ -114,17 +120,18 @@ func askAuthBackend(u *upstream, project string) (AuthReply, error) {
 		u:       u,
 	}
 
+	err = ErrAuthFailed
 	preAuthorizeHandler(
 		func(w http.ResponseWriter, r *gitRequest) {
+			// XXX
 			// if we ever get to this point - auth handler approved
 			// access and thus it is ok to download
-			// downloadOk = true	XXX
-			// NOTE we can use authorizationResponse.RepoPath != "" as test for this
+			err = nil
+			// propagate authorizationResponse back
+			authReply.authorizationResponse = r.authorizationResponse
 		}, "")(authReply.RawReply, r)
 
-	// propagate authorizationResponse back and we are done
-	authReply.authorizationResponse = r.authorizationResponse
-	return authReply, nil
+	return authReply, err
 }
 
 // Verify that download access is ok or not.