Commit 387a2d45 authored by Kirill Smelkov's avatar Kirill Smelkov

fixup! NXD Teach gitlab-workhorse to serve requests to get raw blobs

During 0.6.4..0.6.5 upstream reworked the way request about downloading
archive is replied. Before it was json in body, after it is json in
headers handled via so-called "senddata" workhorse mechanism:

    https://gitlab.com/gitlab-org/gitlab-workhorse/commit/153527fb

Adjust our patch accordingly about requesting whether it is ok to
download from repository or not.
parent 3de00474
...@@ -2,7 +2,11 @@ ...@@ -2,7 +2,11 @@
package api package api
import ( import (
"../badgateway"
"../helper" "../helper"
proxypkg "../proxy"
"../senddata"
"../sendfile"
"fmt" "fmt"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
...@@ -19,6 +23,24 @@ type AuthReply struct { ...@@ -19,6 +23,24 @@ type AuthReply struct {
Response Response
} }
// for detecting whether archive download is ok via senddata mechanism
type testDownloadOkViaSendArchive struct {
senddata.Prefix
authReply *AuthReply
}
func (aok *testDownloadOkViaSendArchive) Inject(w http.ResponseWriter, r *http.Request, sendData string) {
var param struct{ RepoPath string }
if err := aok.Unpack(&param, sendData); err != nil {
helper.Fail500(w, fmt.Errorf("testDownloadOkViaSendArchive: unpack sendData: %v", err))
return
}
// if we ever get to this point - auth handler approved
// access and thus it is ok to download
aok.authReply.RepoPath = param.RepoPath
}
// Ask auth backend about whether download is ok for a project. // Ask auth backend about whether download is ok for a project.
// Authorization is approved if AuthReply.RepoPath != "" on return // Authorization is approved if AuthReply.RepoPath != "" on return
// Raw auth backend response is emitted to AuthReply.RawReply // Raw auth backend response is emitted to AuthReply.RawReply
...@@ -46,12 +68,18 @@ func (a *API) VerifyDownloadAccess(project, query string, header http.Header) Au ...@@ -46,12 +68,18 @@ func (a *API) VerifyDownloadAccess(project, query string, header http.Header) Au
reqDownloadAccess.Header[k] = v reqDownloadAccess.Header[k] = v
} }
a.PreAuthorizeHandler( // Send request to auth backend and detect via aok senddata hook
func(w http.ResponseWriter, req *http.Request, resp *Response) { // whether access is permitted.
// if we ever get to this point - auth handler approved aok := &testDownloadOkViaSendArchive{"git-archive:", &authReply}
// access and thus it is ok to download authProxy := senddata.SendData(
authReply.Response = *resp sendfile.SendFile(proxypkg.NewProxy(
}, "").ServeHTTP(authReply.RawReply, reqDownloadAccess) a.URL,
a.Version,
a.Client.Transport.(*badgateway.RoundTripper),
)),
aok,
)
authProxy.ServeHTTP(authReply.RawReply, reqDownloadAccess)
return authReply return authReply
} }
...@@ -16,6 +16,8 @@ import ( ...@@ -16,6 +16,8 @@ import (
"mime/multipart" "mime/multipart"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"net/http/httputil"
"net/url"
"os" "os"
"os/exec" "os/exec"
"path" "path"
...@@ -790,7 +792,7 @@ func (dl DownloadContext) ExpectCode(path string, code int) { ...@@ -790,7 +792,7 @@ func (dl DownloadContext) ExpectCode(path string, code int) {
func TestBlobDownload(t *testing.T) { func TestBlobDownload(t *testing.T) {
// Prepare test server and "all-ok" auth backend // Prepare test server and "all-ok" auth backend
ts := testAuthServer(nil, 200, gitOkBody(t)) ts := archiveOKServer(t, "")
defer ts.Close() defer ts.Close()
ws := startWorkhorseServer(ts.URL) ws := startWorkhorseServer(ts.URL)
defer ws.Close() defer ws.Close()
...@@ -832,13 +834,15 @@ func TestPrivateBlobDownload(t *testing.T) { ...@@ -832,13 +834,15 @@ func TestPrivateBlobDownload(t *testing.T) {
return return
} }
data, err := json.Marshal(gitOkBody(t)) // for authorized .../repository/archive.zip reply the same way archiveOKServer does.
aok := archiveOKServer(t, "")
defer aok.Close()
aokurl, err := url.Parse(aok.URL)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
proxy := httputil.NewSingleHostReverseProxy(aokurl)
w.WriteHeader(200) proxy.ServeHTTP(w, r)
w.Write(data)
}) })
defer ts.Close() defer ts.Close()
ws := startWorkhorseServer(ts.URL) ws := startWorkhorseServer(ts.URL)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment