Commit fa260e77 authored by Kirill Smelkov's avatar Kirill Smelkov

.

parent 548ed041
Pipeline #105 failed with stage
...@@ -5,12 +5,15 @@ import ( ...@@ -5,12 +5,15 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"io" "io"
// "os"
"net/http" "net/http"
"strings" "strings"
"log"
) )
func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHandleFunc { func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHandleFunc {
return func(w http.ResponseWriter, r *gitRequest) { return func(w http.ResponseWriter, r *gitRequest) {
log.Printf("AUTH1")
authReq, err := r.u.newUpstreamRequest(r.Request, nil, suffix) authReq, err := r.u.newUpstreamRequest(r.Request, nil, suffix)
if err != nil { if err != nil {
fail500(w, "newUpstreamRequest", err) fail500(w, "newUpstreamRequest", err)
...@@ -46,6 +49,8 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan ...@@ -46,6 +49,8 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan
// The auth backend validated the client request and told us additional // The auth backend validated the client request and told us additional
// request metadata. We must extract this information from the auth // request metadata. We must extract this information from the auth
// response body. // response body.
//log.Printf("resp body: %s", authResponse.Body)
//io.Copy(os.Stdout, authResponse.Body)
if err := json.NewDecoder(authResponse.Body).Decode(&r.authorizationResponse); err != nil { if err := json.NewDecoder(authResponse.Body).Decode(&r.authorizationResponse); err != nil {
fail500(w, "decode authorization response", err) fail500(w, "decode authorization response", err)
return return
...@@ -68,6 +73,7 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan ...@@ -68,6 +73,7 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan
func repoPreAuthorizeHandler(handleFunc serviceHandleFunc) serviceHandleFunc { func repoPreAuthorizeHandler(handleFunc serviceHandleFunc) serviceHandleFunc {
return preAuthorizeHandler(func(w http.ResponseWriter, r *gitRequest) { return preAuthorizeHandler(func(w http.ResponseWriter, r *gitRequest) {
log.Printf("AUTH2")
if r.RepoPath == "" { if r.RepoPath == "" {
fail500(w, "repoPreAuthorizeHandler", errors.New("missing authorization response")) fail500(w, "repoPreAuthorizeHandler", errors.New("missing authorization response"))
return return
......
...@@ -5,6 +5,10 @@ Handler for raw blob downloads ...@@ -5,6 +5,10 @@ Handler for raw blob downloads
package main package main
import ( import (
"io"
"log"
"strings"
"regexp"
"net/http" "net/http"
) )
...@@ -21,20 +25,63 @@ Content-Type: text/plain; charset=utf-8 ...@@ -21,20 +25,63 @@ Content-Type: text/plain; charset=utf-8
*/ */
func blobPreAuthorizeHandler(handleFunc serviceHandleFunc) serviceHandleFunc { func blobPreAuthorizeHandler(handleFunc serviceHandleFunc) serviceHandleFunc {
func (w http.ResponseWriter, r *gitRequest) { return func (w http.ResponseWriter, r *gitRequest) {
reqCheckDownload, err := http.newRequest("GET", requestBlob.Path /*TODO strip after repo*/ + '/git-upload-pack', nil)
if err != nil {
fail500(w, "GET git-upload-pack")
return
}
requestBlob := r.Request
r.Request = reqCheckDownload
} }
} }
func handleGetBlobRaw(w http.ResponseWriter, r *gitRequest) { func handleGetBlobRaw(w http.ResponseWriter, r *gitRequest) {
blobCmd := gitCommand(""/*XXX GL_ID*/, "git", "--git-dir="+r.RepoPath, "cat-file", "blob", ...) log.Printf("BLOB1")
// extract project name
projectRe := regexp.MustCompile(`^/[\w\.-]+/[\w\.-]+/`)
project := projectRe.FindString(r.Request.URL.Path)
refpath := r.Request.URL.Path[len(project):]
if project == "" {
fail500(w, "extract project name", nil)
return
}
//assert project[-1] == "/"
project = project[:len(project)-1]
log.Printf("project: %v", project)
if refpath[:4] != "raw/" {
fail500(w, "refpath != raw/...", nil)
return
}
refpath = refpath[4:]
log.Printf("refpath: %v", refpath)
// request to verify whether download is possible via asking as git fetch would do
// XXX privateToken not propagated ...
reqCheckDownload, err := http.NewRequest("GET", project + ".git/info/refs?service=git-upload-pack", nil)
if err != nil {
fail500(w, "GET git-upload-pack", err)
return
}
// swap original request to 'verify-download' one
//requestBlob := r.Request
r.Request = reqCheckDownload
preAuthorizeHandler(func(w http.ResponseWriter, r *gitRequest) {
handleGetBlobRaw2(w, r, refpath)
}, "") (w, r)
}
func handleGetBlobRaw2(w http.ResponseWriter, r *gitRequest, refpath string) {
// XXX we assume <ref>/<path> format and ref not containing "/"
// XXX but gitlab allows ref with / and tries to do longest-match to existing refs
s := strings.SplitN(refpath, "/", 2)
log.Printf("RAW2 s: %v", s)
if len(s) != 2 {
fail500(w, "refpath split", nil)
return
}
ref, path := s[0], s[1]
blobCmd := gitCommand(""/*XXX GL_ID*/, "git", "--git-dir="+r.RepoPath, "cat-file", "blob", ref + ":" + path)
blobStdout, err := blobCmd.StdoutPipe() blobStdout, err := blobCmd.StdoutPipe()
if err != nil { if err != nil {
fail500(w, "handleGetBlobRaw", err) fail500(w, "handleGetBlobRaw", err)
...@@ -55,7 +102,7 @@ func handleGetBlobRaw(w http.ResponseWriter, r *gitRequest) { ...@@ -55,7 +102,7 @@ func handleGetBlobRaw(w http.ResponseWriter, r *gitRequest) {
return return
} }
if err := blobCmd.Wait(); err != nil { if err := blobCmd.Wait(); err != nil {
logContext("wait") logContext("wait", err)
return return
} }
} }
...@@ -10,9 +10,11 @@ import ( ...@@ -10,9 +10,11 @@ import (
"net/http" "net/http"
"path/filepath" "path/filepath"
"strings" "strings"
"log"
) )
func handleGetInfoRefs(w http.ResponseWriter, r *gitRequest) { func handleGetInfoRefs(w http.ResponseWriter, r *gitRequest) {
log.Printf("HELLO WORLD")
rpc := r.URL.Query().Get("service") rpc := r.URL.Query().Get("service")
if !(rpc == "git-upload-pack" || rpc == "git-receive-pack") { if !(rpc == "git-upload-pack" || rpc == "git-receive-pack") {
// The 'dumb' Git HTTP protocol is not supported // The 'dumb' Git HTTP protocol is not supported
......
...@@ -74,7 +74,7 @@ var gitServices = [...]gitService{ ...@@ -74,7 +74,7 @@ var gitServices = [...]gitService{
gitService{"GET", regexp.MustCompile(`/repository/archive.tar\z`), repoPreAuthorizeHandler(handleGetArchive)}, gitService{"GET", regexp.MustCompile(`/repository/archive.tar\z`), repoPreAuthorizeHandler(handleGetArchive)},
gitService{"GET", regexp.MustCompile(`/repository/archive.tar.gz\z`), repoPreAuthorizeHandler(handleGetArchive)}, gitService{"GET", regexp.MustCompile(`/repository/archive.tar.gz\z`), repoPreAuthorizeHandler(handleGetArchive)},
gitService{"GET", regexp.MustCompile(`/repository/archive.tar.bz2\z`), repoPreAuthorizeHandler(handleGetArchive)}, gitService{"GET", regexp.MustCompile(`/repository/archive.tar.bz2\z`), repoPreAuthorizeHandler(handleGetArchive)},
gitService("GET", regexp.MustCompile(`/raw/.+\z`, blobPreAuthorizeHandler(handleGetRawBlob)}, gitService{"GET", regexp.MustCompile(`/raw/.+\z`), handleGetBlobRaw},
gitService{"GET", regexp.MustCompile(`/uploads/`), handleSendFile}, gitService{"GET", regexp.MustCompile(`/uploads/`), handleSendFile},
// Git LFS // Git LFS
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment