Commit f528eb7c authored by Nick Thomas's avatar Nick Thomas

Revert "Merge branch 'revert-92a25640' into 'master'"

This reverts merge request !267
parent db93eb91
...@@ -25,13 +25,15 @@ type MultipartClaims struct { ...@@ -25,13 +25,15 @@ type MultipartClaims struct {
jwt.StandardClaims jwt.StandardClaims
} }
func Accelerate(tempDir string, h http.Handler) http.Handler { type PreAuthorizer interface {
// TODO: for Object Store this will need a authorize call PreAuthorizeHandler(next api.HandleFunc, suffix string) http.Handler
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { }
localOnlyPreAuth := &api.Response{TempPath: tempDir}
func Accelerate(rails PreAuthorizer, h http.Handler) http.Handler {
return rails.PreAuthorizeHandler(func(w http.ResponseWriter, r *http.Request, a *api.Response) {
s := &savedFileTracker{request: r} s := &savedFileTracker{request: r}
HandleFileUploads(w, r, h, localOnlyPreAuth, s) HandleFileUploads(w, r, h, a, s)
}) }, "/authorize")
} }
func (s *savedFileTracker) ProcessFile(_ context.Context, fieldName string, file *filestore.FileHandler, _ *multipart.Writer) error { func (s *savedFileTracker) ProcessFile(_ context.Context, fieldName string, file *filestore.FileHandler, _ *multipart.Writer) error {
......
package upload
import (
"net/http"
"gitlab.com/gitlab-org/gitlab-workhorse/internal/api"
)
// SkipRailsAuthorizer implements a fake PreAuthorizer that do not calls rails API and
// authorize each call as a local only upload to TempPath
type SkipRailsAuthorizer struct {
// TempPath is the temporary path for a local only upload
TempPath string
}
// PreAuthorizeHandler implements PreAuthorizer. It always grant the upload.
// The fake API response contains only TempPath
func (l *SkipRailsAuthorizer) PreAuthorizeHandler(next api.HandleFunc, _ string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
next(w, r, &api.Response{TempPath: l.TempPath})
})
}
...@@ -145,7 +145,8 @@ func (u *Upstream) configureRoutes() { ...@@ -145,7 +145,8 @@ func (u *Upstream) configureRoutes() {
sendurl.SendURL, sendurl.SendURL,
) )
uploadAccelerateProxy := upload.Accelerate(path.Join(u.DocumentRoot, "uploads/tmp"), proxy) uploadPath := path.Join(u.DocumentRoot, "uploads/tmp")
uploadAccelerateProxy := upload.Accelerate(&upload.SkipRailsAuthorizer{TempPath: uploadPath}, proxy)
ciAPIProxyQueue := queueing.QueueRequests("ci_api_job_requests", uploadAccelerateProxy, u.APILimit, u.APIQueueLimit, u.APIQueueTimeout) ciAPIProxyQueue := queueing.QueueRequests("ci_api_job_requests", uploadAccelerateProxy, u.APILimit, u.APIQueueLimit, u.APIQueueTimeout)
ciAPILongPolling := builds.RegisterHandler(ciAPIProxyQueue, redis.WatchKey, u.APICILongPollingDuration) ciAPILongPolling := builds.RegisterHandler(ciAPIProxyQueue, redis.WatchKey, u.APICILongPollingDuration)
...@@ -182,6 +183,9 @@ func (u *Upstream) configureRoutes() { ...@@ -182,6 +183,9 @@ func (u *Upstream) configureRoutes() {
), ),
), ),
// Uploads
route("POST", projectPattern+`uploads\z`, upload.Accelerate(api, proxy)),
// For legacy reasons, user uploads are stored under the document root. // For legacy reasons, user uploads are stored under the document root.
// To prevent anybody who knows/guesses the URL of a user-uploaded file // To prevent anybody who knows/guesses the URL of a user-uploaded file
// from downloading it we make sure requests to /uploads/ do _not_ pass // from downloading it we make sure requests to /uploads/ do _not_ pass
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment