X Clarify errors from askAuthBackend

aed96aca · Kirill Smelkov · 902684ec · aed96aca
Commit aed96aca authored Dec 02, 2015 by Kirill Smelkov
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 39 deletions

blob.go blob.go +11 -39

No files found.
--- a/blob.go
+++ b/blob.go
@@ -9,7 +9,6 @@ package main

 import (
 	"bufio"
-	"errors"
 	"fmt"
 	"io"
 	"log"
@@ -67,6 +66,7 @@ func authRefreshEntry(u *upstream, project string) {
 			break // no need to further refresh
 		}

+		// clear cache entry if it is not used
 		log.Printf("AUTH refresh - %v #hit: %v", project, auth.Nhit)
 		if auth.Nhit == 0 { // not used - we can remove and stop refreshing
 			log.Printf("AUTH - removing %v", project)
@@ -77,14 +77,7 @@ func authRefreshEntry(u *upstream, project string) {

 		log.Printf("AUTH - refreshing %v", project)
 		// XXX what if it stucks?
-		authReply, err := askAuthBackend(u, project)
-		log.Printf("<- err: %v", err)
-		if err != nil {
-			// an error -> delete entry from cache and be done with
-			// refreshing	XXX lock, unify with ^^^
-			delete(authCache, project)
-			break
-		}
+		authReply := askAuthBackend(u, project)

 		// XXX lock
 		auth.AuthReply = authReply
@@ -96,8 +89,6 @@ func authRefreshEntry(u *upstream, project string) {
 // Ask auth backend about whether download is ok for a project.
 // Authorization is approved if AuthReply.RepoPath != "" on return
 // In case of errors, diagnostic is emitted to AuthReply.RawReply XXX not only diagnostic
-var ErrAuthFailed = errors.New("authorization failed")
-
 func askAuthBackend(u *upstream, project string) AuthReply {
 	authReply := AuthReply{
 		RawReply: httptest.NewRecorder(),
@@ -110,34 +101,32 @@ func askAuthBackend(u *upstream, project string) AuthReply {
 		project+".git/info/refs?service=git-upload-pack", nil)
 	if err != nil {
 		fail500(authReply.RawReply, "GET git-upload-pack", err)
-		return authReply, err
+		return authReply
 	}

 	// prepare everything and go through preAuthorizeHandler() that will send
 	// request to auth backend and analyze/parse the reply into r.authorizationResponse
+	// it also logs/emits output in case of errors - we do not have to do it here
 	r := &gitRequest{
 		Request: reqDownloadAccess,
 		u:       u,
 	}

-	err = ErrAuthFailed
 	preAuthorizeHandler(
 		func(w http.ResponseWriter, r *gitRequest) {
-			// XXX
 			// if we ever get to this point - auth handler approved
 			// access and thus it is ok to download
-			err = nil
-			// propagate authorizationResponse back
 			authReply.authorizationResponse = r.authorizationResponse
 		}, "")(authReply.RawReply, r)

-	return authReply, err
+	return authReply
 }

 // Verify that download access is ok or not.
 // first we try to see authCache; if information is not there -> ask auth backend
+// download is ok if AuthReply.RepoPath != ""
 // XXX return -> *AuthReply ?
-func verifyDownloadAccess(w http.ResponseWriter, u *upstream, project string) (AuthReply, error) {
+func verifyDownloadAccess(w http.ResponseWriter, u *upstream, project string) AuthReply {
 	// XXX lock authCache
 	auth, ok := authCache[project]
 	if ok {
@@ -146,20 +135,17 @@ func verifyDownloadAccess(w http.ResponseWriter, u *upstream, project string) (A
 		//	project,
 		//	time.Since(time.Unix(auth.Tauth, 0)),
 		//	auth.Nhit)
-		return auth.AuthReply, nil
+		return auth.AuthReply
 	}

-	authReply, err := askAuthBackend(u, project)
-	if err != nil {
-		return authReply, err
-	}
+	authReply := askAuthBackend(u, project)

 	// XXX lock
 	// store in cache and start cache entry refresher
 	authCache[project] = &AuthCacheEntry{authReply, time.Now().Unix(), 0}
 	go authRefreshEntry(u, project)

-	return authReply, nil
+	return authReply
 }

 // HTTP handler for `.../raw/<ref>/path`
@@ -182,11 +168,7 @@ func handleGetBlobRaw(w http.ResponseWriter, r *gitRequest) {
 	refpath = refpath[4:]              // strip 'raw/...'

 	// Query download access auth for this project
-	authReply, err := verifyDownloadAccess(w, r.u, project)
-	if err != nil {
-		fail500(w, "verifyDownloadAccess", err)
-		return
-	}
+	authReply := verifyDownloadAccess(w, r.u, project)
 	if authReply.RepoPath == "" {
 		// access denied - copy auth reply to client in full -
 		// there are HTTP code and other headers / body relevant for
@@ -203,16 +185,6 @@ func handleGetBlobRaw(w http.ResponseWriter, r *gitRequest) {
 	emitBlob(w, authReply.RepoPath, refpath)
 }

-/*
-Cache-Control: private
-ETag: "4c10677531b44f555ebbdaff24a9b2d6"
-
-X-Content-Type-Options: nosniff
-Content-Disposition: inline
-Content-Transfer-Encoding: binary
-
-Content-Type: text/plain; charset=utf-8
-*/

 // Emit content of blob located at <ref>/path (jointly denoted as 'refpath') to output
 func emitBlob(w http.ResponseWriter, repopath string, refpath string) {