.

fa260e77 · Kirill Smelkov · 548ed041 · fa260e77 · fa260e77 · fa260e77
Commit fa260e77 authored Nov 25, 2015 by Kirill Smelkov
Hide whitespace changes
Inline Side-by-side

Showing with 67 additions and 12 deletions

authorization.go authorization.go +6 -0

blob.go blob.go +58 -11

git-http.go git-http.go +2 -0

upstream.go upstream.go +1 -1

No files found.
--- a/authorization.go
+++ b/authorization.go
@@ -5,12 +5,15 @@ import (
 	"encoding/json"
 	"errors"
 	"io"
+//	"os"
 	"net/http"
 	"strings"
+	"log"
 )

 func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHandleFunc {
 	return func(w http.ResponseWriter, r *gitRequest) {
+		log.Printf("AUTH1")
 		authReq, err := r.u.newUpstreamRequest(r.Request, nil, suffix)
 		if err != nil {
 			fail500(w, "newUpstreamRequest", err)
@@ -46,6 +49,8 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan
 		// The auth backend validated the client request and told us additional
 		// request metadata. We must extract this information from the auth
 		// response body.
+		//log.Printf("resp body: %s", authResponse.Body)
+		//io.Copy(os.Stdout, authResponse.Body)
 		if err := json.NewDecoder(authResponse.Body).Decode(&r.authorizationResponse); err != nil {
 			fail500(w, "decode authorization response", err)
 			return
@@ -68,6 +73,7 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan

 func repoPreAuthorizeHandler(handleFunc serviceHandleFunc) serviceHandleFunc {
 	return preAuthorizeHandler(func(w http.ResponseWriter, r *gitRequest) {
+		log.Printf("AUTH2")
 		if r.RepoPath == "" {
 			fail500(w, "repoPreAuthorizeHandler", errors.New("missing authorization response"))
 			return

--- a/blob.go
+++ b/blob.go
@@ -5,6 +5,10 @@ Handler for raw blob downloads
 package main

 import (
+	"io"
+	"log"
+	"strings"
+	"regexp"
 	"net/http"
 )

@@ -21,20 +25,63 @@ Content-Type: text/plain; charset=utf-8
 */

 func blobPreAuthorizeHandler(handleFunc serviceHandleFunc) serviceHandleFunc {
-	func (w http.ResponseWriter, r *gitRequest) {
-		reqCheckDownload, err := http.newRequest("GET", requestBlob.Path /*TODO strip after repo*/ + '/git-upload-pack', nil)
-		if err != nil {
-			fail500(w, "GET git-upload-pack")
-			return
-		}
-
-		requestBlob := r.Request
-		r.Request = reqCheckDownload
+	return func (w http.ResponseWriter, r *gitRequest) {
 	}
 }

 func handleGetBlobRaw(w http.ResponseWriter, r *gitRequest) {
-	blobCmd := gitCommand(""/*XXX GL_ID*/, "git", "--git-dir="+r.RepoPath, "cat-file", "blob", ...)
+	log.Printf("BLOB1")
+	// extract project name
+	projectRe := regexp.MustCompile(`^/[\w\.-]+/[\w\.-]+/`)
+	project := projectRe.FindString(r.Request.URL.Path)
+	refpath := r.Request.URL.Path[len(project):]
+	if project == "" {
+		fail500(w, "extract project name", nil)
+		return
+	}
+
+	//assert project[-1] == "/"
+	project = project[:len(project)-1]
+	log.Printf("project: %v", project)
+
+	if refpath[:4] != "raw/" {
+		fail500(w, "refpath != raw/...", nil)
+		return
+	}
+	refpath = refpath[4:]
+	log.Printf("refpath: %v", refpath)
+
+	// request to verify whether download is possible via asking as git fetch would do
+	// XXX privateToken not propagated ...
+	reqCheckDownload, err := http.NewRequest("GET", project + ".git/info/refs?service=git-upload-pack", nil)
+	if err != nil {
+		fail500(w, "GET git-upload-pack", err)
+		return
+	}
+
+	// swap original request to 'verify-download' one
+	//requestBlob := r.Request
+	r.Request = reqCheckDownload
+
+	preAuthorizeHandler(func(w http.ResponseWriter, r *gitRequest) {
+			handleGetBlobRaw2(w, r, refpath)
+		}, "") (w, r)
+
+}
+
+func handleGetBlobRaw2(w http.ResponseWriter, r *gitRequest, refpath string) {
+	// XXX we assume <ref>/<path> format and ref not containing "/"
+	// XXX but gitlab allows ref with / and tries to do longest-match to existing refs
+	s := strings.SplitN(refpath, "/", 2)
+	log.Printf("RAW2  s: %v", s)
+	if len(s) != 2 {
+		fail500(w, "refpath split", nil)
+		return
+	}
+
+	ref, path := s[0], s[1]
+
+	blobCmd := gitCommand(""/*XXX GL_ID*/, "git", "--git-dir="+r.RepoPath, "cat-file", "blob", ref + ":" + path)
 	blobStdout, err := blobCmd.StdoutPipe()
 	if err != nil {
 		fail500(w, "handleGetBlobRaw", err)
@@ -55,7 +102,7 @@ func handleGetBlobRaw(w http.ResponseWriter, r *gitRequest) {
 		return
 	}
 	if err := blobCmd.Wait(); err != nil {
-		logContext("wait")
+		logContext("wait", err)
 		return
 	}
 }
--- a/git-http.go
+++ b/git-http.go
@@ -10,9 +10,11 @@ import (
 	"net/http"
 	"path/filepath"
 	"strings"
+	"log"
 )

 func handleGetInfoRefs(w http.ResponseWriter, r *gitRequest) {
+	log.Printf("HELLO WORLD")
 	rpc := r.URL.Query().Get("service")
 	if !(rpc == "git-upload-pack" || rpc == "git-receive-pack") {
 		// The 'dumb' Git HTTP protocol is not supported

--- a/upstream.go
+++ b/upstream.go
@@ -74,7 +74,7 @@ var gitServices = [...]gitService{
 	gitService{"GET", regexp.MustCompile(`/repository/archive.tar\z`), repoPreAuthorizeHandler(handleGetArchive)},
 	gitService{"GET", regexp.MustCompile(`/repository/archive.tar.gz\z`), repoPreAuthorizeHandler(handleGetArchive)},
 	gitService{"GET", regexp.MustCompile(`/repository/archive.tar.bz2\z`), repoPreAuthorizeHandler(handleGetArchive)},
-	gitService("GET", regexp.MustCompile(`/raw/.+\z`, blobPreAuthorizeHandler(handleGetRawBlob)},
+	gitService{"GET", regexp.MustCompile(`/raw/.+\z`), handleGetBlobRaw},
 	gitService{"GET", regexp.MustCompile(`/uploads/`), handleSendFile},

 	// Git LFS