Commit db93eb91 authored by Nick Thomas's avatar Nick Thomas

Merge branch 'revert-92a25640' into 'master'

Revert "Merge branch 'authorize_uploads' into 'master'"

See merge request gitlab-org/gitlab-workhorse!267
parents 92a25640 27f44d73
...@@ -25,15 +25,13 @@ type MultipartClaims struct { ...@@ -25,15 +25,13 @@ type MultipartClaims struct {
jwt.StandardClaims jwt.StandardClaims
} }
type PreAuthorizer interface { func Accelerate(tempDir string, h http.Handler) http.Handler {
PreAuthorizeHandler(next api.HandleFunc, suffix string) http.Handler // TODO: for Object Store this will need a authorize call
} return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
localOnlyPreAuth := &api.Response{TempPath: tempDir}
func Accelerate(rails PreAuthorizer, h http.Handler) http.Handler {
return rails.PreAuthorizeHandler(func(w http.ResponseWriter, r *http.Request, a *api.Response) {
s := &savedFileTracker{request: r} s := &savedFileTracker{request: r}
HandleFileUploads(w, r, h, a, s) HandleFileUploads(w, r, h, localOnlyPreAuth, s)
}, "/authorize") })
} }
func (s *savedFileTracker) ProcessFile(_ context.Context, fieldName string, file *filestore.FileHandler, _ *multipart.Writer) error { func (s *savedFileTracker) ProcessFile(_ context.Context, fieldName string, file *filestore.FileHandler, _ *multipart.Writer) error {
......
package upload
import (
"net/http"
"gitlab.com/gitlab-org/gitlab-workhorse/internal/api"
)
// SkipRailsAuthorizer implements a fake PreAuthorizer that do not calls rails API and
// authorize each call as a local only upload to TempPath
type SkipRailsAuthorizer struct {
// TempPath is the temporary path for a local only upload
TempPath string
}
// PreAuthorizeHandler implements PreAuthorizer. It always grant the upload.
// The fake API response contains only TempPath
func (l *SkipRailsAuthorizer) PreAuthorizeHandler(next api.HandleFunc, _ string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
next(w, r, &api.Response{TempPath: l.TempPath})
})
}
...@@ -145,8 +145,7 @@ func (u *Upstream) configureRoutes() { ...@@ -145,8 +145,7 @@ func (u *Upstream) configureRoutes() {
sendurl.SendURL, sendurl.SendURL,
) )
uploadPath := path.Join(u.DocumentRoot, "uploads/tmp") uploadAccelerateProxy := upload.Accelerate(path.Join(u.DocumentRoot, "uploads/tmp"), proxy)
uploadAccelerateProxy := upload.Accelerate(&upload.SkipRailsAuthorizer{TempPath: uploadPath}, proxy)
ciAPIProxyQueue := queueing.QueueRequests("ci_api_job_requests", uploadAccelerateProxy, u.APILimit, u.APIQueueLimit, u.APIQueueTimeout) ciAPIProxyQueue := queueing.QueueRequests("ci_api_job_requests", uploadAccelerateProxy, u.APILimit, u.APIQueueLimit, u.APIQueueTimeout)
ciAPILongPolling := builds.RegisterHandler(ciAPIProxyQueue, redis.WatchKey, u.APICILongPollingDuration) ciAPILongPolling := builds.RegisterHandler(ciAPIProxyQueue, redis.WatchKey, u.APICILongPollingDuration)
...@@ -183,9 +182,6 @@ func (u *Upstream) configureRoutes() { ...@@ -183,9 +182,6 @@ func (u *Upstream) configureRoutes() {
), ),
), ),
// Uploads
route("POST", projectPattern+`uploads\z`, upload.Accelerate(api, proxy)),
// For legacy reasons, user uploads are stored under the document root. // For legacy reasons, user uploads are stored under the document root.
// To prevent anybody who knows/guesses the URL of a user-uploaded file // To prevent anybody who knows/guesses the URL of a user-uploaded file
// from downloading it we make sure requests to /uploads/ do _not_ pass // from downloading it we make sure requests to /uploads/ do _not_ pass
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment