Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-workhorse
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-workhorse
Commits
4d4c1f02
Commit
4d4c1f02
authored
Dec 14, 2015
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Don't use ServerMux due to URI normalization: we do it our own way
parent
3be3f01d
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
58 additions
and
17 deletions
+58
-17
helpers.go
helpers.go
+26
-0
main.go
main.go
+1
-6
upstream.go
upstream.go
+31
-11
No files found.
helpers.go
View file @
4d4c1f02
...
...
@@ -12,6 +12,7 @@ import (
"os"
"os/exec"
"syscall"
"path"
)
func
fail500
(
w
http
.
ResponseWriter
,
err
error
)
{
...
...
@@ -23,6 +24,13 @@ func logError(err error) {
log
.
Printf
(
"error: %v"
,
err
)
}
func
httpError
(
w
http
.
ResponseWriter
,
r
*
http
.
Request
,
error
string
,
code
int
)
{
if
r
.
ProtoAtLeast
(
1
,
1
)
{
w
.
Header
()
.
Set
(
"Connection"
,
"close"
)
}
http
.
Error
(
w
,
error
,
code
)
}
// Git subprocess helpers
func
gitCommand
(
gl_id
string
,
name
string
,
args
...
string
)
*
exec
.
Cmd
{
cmd
:=
exec
.
Command
(
name
,
args
...
)
...
...
@@ -90,3 +98,21 @@ func openFile(path string) (file *os.File, fi os.FileInfo, err error) {
return
}
// Borrowed from: net/http/server.go
// Return the canonical path for p, eliminating . and .. elements.
func
cleanURIPath
(
p
string
)
string
{
if
p
==
""
{
return
"/"
}
if
p
[
0
]
!=
'/'
{
p
=
"/"
+
p
}
np
:=
path
.
Clean
(
p
)
// path.Clean removes trailing slash except for root;
// put the trailing slash back if necessary.
if
p
[
len
(
p
)
-
1
]
==
'/'
&&
np
!=
"/"
{
np
+=
"/"
}
return
np
}
main.go
View file @
4d4c1f02
...
...
@@ -171,10 +171,5 @@ func main() {
upstream
:=
newUpstream
(
*
authBackend
,
proxyTransport
)
upstream
.
SetRelativeURLRoot
(
*
relativeURLRoot
)
// Because net/http/pprof installs itself in the DefaultServeMux
// we create a fresh one for the Git server.
serveMux
:=
http
.
NewServeMux
()
serveMux
.
Handle
(
upstream
.
relativeURLRoot
,
upstream
)
log
.
Fatal
(
http
.
Serve
(
listener
,
serveMux
))
log
.
Fatal
(
http
.
Serve
(
listener
,
upstream
))
}
upstream.go
View file @
4d4c1f02
...
...
@@ -12,6 +12,7 @@ import (
"net/http/httputil"
"net/url"
"strings"
"fmt"
)
type
serviceHandleFunc
func
(
w
http
.
ResponseWriter
,
r
*
gitRequest
)
...
...
@@ -26,29 +27,29 @@ type upstream struct {
type
authorizationResponse
struct
{
// GL_ID is an environment variable used by gitlab-shell hooks during 'git
// push' and 'git pull'
GL_ID
string
GL_ID
string
// RepoPath is the full path on disk to the Git repository the request is
// about
RepoPath
string
RepoPath
string
// ArchivePath is the full path where we should find/create a cached copy
// of a requested archive
ArchivePath
string
ArchivePath
string
// ArchivePrefix is used to put extracted archive contents in a
// subdirectory
ArchivePrefix
string
// CommitId is used do prevent race conditions between the 'time of check'
// in the GitLab Rails app and the 'time of use' in gitlab-workhorse.
CommitId
string
CommitId
string
// StoreLFSPath is provided by the GitLab Rails application
// to mark where the tmp file should be placed
StoreLFSPath
string
StoreLFSPath
string
// LFS object id
LfsOid
string
LfsOid
string
// LFS object size
LfsSize
int64
LfsSize
int64
// TmpPath is the path where we should store temporary files
// This is set by authorization middleware
TempPath
string
TempPath
string
}
// A gitRequest is an *http.Request decorated with attributes returned by the
...
...
@@ -56,7 +57,7 @@ type authorizationResponse struct {
type
gitRequest
struct
{
*
http
.
Request
authorizationResponse
u
*
upstream
u
*
upstream
// This field contains the URL.Path stripped from RelativeUrlRoot
relativeURIPath
string
...
...
@@ -92,10 +93,29 @@ func (u *upstream) ServeHTTP(ow http.ResponseWriter, r *http.Request) {
w
:=
newLoggingResponseWriter
(
ow
)
defer
w
.
Log
(
r
)
// Drop WebSocket connection and CONNECT method
if
r
.
RequestURI
==
"*"
{
httpError
(
&
w
,
r
,
"Connection upgrade not allowed"
,
http
.
StatusBadRequest
)
return
}
// Disallow connect
if
r
.
Method
==
"CONNECT"
{
httpError
(
&
w
,
r
,
"CONNECT not allowed"
,
http
.
StatusBadRequest
)
return
}
// Check URL Root
URIPath
:=
cleanURIPath
(
r
.
URL
.
Path
)
if
!
strings
.
HasPrefix
(
URIPath
,
u
.
relativeURLRoot
)
{
httpError
(
&
w
,
r
,
fmt
.
Sprintf
(
"Not found %q"
,
URIPath
),
http
.
StatusNotFound
)
return
}
// Strip prefix and add "/"
// To match against non-relative URL
// Making it simpler for our matcher
relativeURIPath
:=
"/"
+
strings
.
TrimPrefix
(
r
.
URL
.
Path
,
u
.
relativeURLRoot
)
relativeURIPath
:=
cleanURIPath
(
strings
.
TrimPrefix
(
URIPath
,
u
.
relativeURLRoot
)
)
// Look for a matching Git service
foundService
:=
false
...
...
@@ -112,7 +132,7 @@ func (u *upstream) ServeHTTP(ow http.ResponseWriter, r *http.Request) {
if
!
foundService
{
// The protocol spec in git/Documentation/technical/http-protocol.txt
// says we must return 403 if no matching service is found.
http
.
Error
(
&
w
,
"Forbidden"
,
403
)
http
Error
(
&
w
,
r
,
"Forbidden"
,
http
.
StatusForbidden
)
return
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment