Commit 387a2d45 authored by Kirill Smelkov's avatar Kirill Smelkov

fixup! NXD Teach gitlab-workhorse to serve requests to get raw blobs

During 0.6.4..0.6.5 upstream reworked the way request about downloading
archive is replied. Before it was json in body, after it is json in
headers handled via so-called "senddata" workhorse mechanism:

    https://gitlab.com/gitlab-org/gitlab-workhorse/commit/153527fb

Adjust our patch accordingly about requesting whether it is ok to
download from repository or not.
parent 3de00474
......@@ -2,7 +2,11 @@
package api
import (
"../badgateway"
"../helper"
proxypkg "../proxy"
"../senddata"
"../sendfile"
"fmt"
"net/http"
"net/http/httptest"
......@@ -19,6 +23,24 @@ type AuthReply struct {
Response
}
// for detecting whether archive download is ok via senddata mechanism
type testDownloadOkViaSendArchive struct {
senddata.Prefix
authReply *AuthReply
}
func (aok *testDownloadOkViaSendArchive) Inject(w http.ResponseWriter, r *http.Request, sendData string) {
var param struct{ RepoPath string }
if err := aok.Unpack(&param, sendData); err != nil {
helper.Fail500(w, fmt.Errorf("testDownloadOkViaSendArchive: unpack sendData: %v", err))
return
}
// if we ever get to this point - auth handler approved
// access and thus it is ok to download
aok.authReply.RepoPath = param.RepoPath
}
// Ask auth backend about whether download is ok for a project.
// Authorization is approved if AuthReply.RepoPath != "" on return
// Raw auth backend response is emitted to AuthReply.RawReply
......@@ -46,12 +68,18 @@ func (a *API) VerifyDownloadAccess(project, query string, header http.Header) Au
reqDownloadAccess.Header[k] = v
}
a.PreAuthorizeHandler(
func(w http.ResponseWriter, req *http.Request, resp *Response) {
// if we ever get to this point - auth handler approved
// access and thus it is ok to download
authReply.Response = *resp
}, "").ServeHTTP(authReply.RawReply, reqDownloadAccess)
// Send request to auth backend and detect via aok senddata hook
// whether access is permitted.
aok := &testDownloadOkViaSendArchive{"git-archive:", &authReply}
authProxy := senddata.SendData(
sendfile.SendFile(proxypkg.NewProxy(
a.URL,
a.Version,
a.Client.Transport.(*badgateway.RoundTripper),
)),
aok,
)
authProxy.ServeHTTP(authReply.RawReply, reqDownloadAccess)
return authReply
}
......@@ -16,6 +16,8 @@ import (
"mime/multipart"
"net/http"
"net/http/httptest"
"net/http/httputil"
"net/url"
"os"
"os/exec"
"path"
......@@ -790,7 +792,7 @@ func (dl DownloadContext) ExpectCode(path string, code int) {
func TestBlobDownload(t *testing.T) {
// Prepare test server and "all-ok" auth backend
ts := testAuthServer(nil, 200, gitOkBody(t))
ts := archiveOKServer(t, "")
defer ts.Close()
ws := startWorkhorseServer(ts.URL)
defer ws.Close()
......@@ -832,13 +834,15 @@ func TestPrivateBlobDownload(t *testing.T) {
return
}
data, err := json.Marshal(gitOkBody(t))
// for authorized .../repository/archive.zip reply the same way archiveOKServer does.
aok := archiveOKServer(t, "")
defer aok.Close()
aokurl, err := url.Parse(aok.URL)
if err != nil {
t.Fatal(err)
}
w.WriteHeader(200)
w.Write(data)
proxy := httputil.NewSingleHostReverseProxy(aokurl)
proxy.ServeHTTP(w, r)
})
defer ts.Close()
ws := startWorkhorseServer(ts.URL)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment