Skip to content

G
gitlab-workhorse
Commit cf274e09 authored by Alain Takoudjou's avatar Alain Takoudjou
Browse files
Options

fixup: NXD blob/auth: Teach it to handle HTTP Basic Auth

parent 101427e3
Hide whitespace changes
Inline Side-by-side
Showing with 33 additions and 2 deletions
internal/git/xblob.go
View file @ cf274e09
...@@ -17,6 +17,9 @@ import ( ...@@ -17,6 +17,9 @@ import (
"net/url" "net/url"
"regexp" "regexp"
"strings" "strings"
"os/exec"
"syscall"
"os"
) )
// HTTP handler for `.../raw/<ref>/path` // HTTP handler for `.../raw/<ref>/path`
...@@ -49,7 +52,8 @@ func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request) { ...@@ -49,7 +52,8 @@ func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request) {
// Query download access auth for this project // Query download access auth for this project
authReply := a.VerifyDownloadAccess(project, user, u.RawQuery, r.Header) authReply := a.VerifyDownloadAccess(project, user, u.RawQuery, r.Header)
if authReply.RepoPath == "" { //if authReply.RepoPath == "" {
if authReply.Repository.RelativePath == "" {
// access denied - copy auth reply to client in full - // access denied - copy auth reply to client in full -
// there are HTTP code and other headers / body relevant for // there are HTTP code and other headers / body relevant for
// about why access was denied. // about why access was denied.
...@@ -67,9 +71,36 @@ func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request) { ...@@ -67,9 +71,36 @@ func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request) {
} }
// Access granted - we can emit the blob // Access granted - we can emit the blob
emitBlob(w, authReply.RepoPath, refpath, r) emitBlob(w, authReply.Repository.RelativePath, refpath, r)
} }
// Put back gitCommand function which was removed in
var execCommand = exec.Command
// Git subprocess helpers
func gitCommand(glId string, glRepository string, name string, args ...string) *exec.Cmd {
cmd := execCommand(name, args...)
// Start the command in its own process group (nice for signalling)
cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
// Explicitly set the environment for the Git command
cmd.Env = []string{
fmt.Sprintf("HOME=%s", os.Getenv("HOME")),
fmt.Sprintf("PATH=%s", os.Getenv("PATH")),
fmt.Sprintf("LD_LIBRARY_PATH=%s", os.Getenv("LD_LIBRARY_PATH")),
fmt.Sprintf("GL_ID=%s", glId),
fmt.Sprintf("GL_PROTOCOL=http"),
}
if glRepository != "" {
cmd.Env = append(cmd.Env, fmt.Sprintf("GL_REPOSITORY=%s", glRepository))
}
// If we don't do something with cmd.Stderr, Git errors will be lost
cmd.Stderr = os.Stderr
return cmd
}
// Emit content of blob located at <ref>/path (jointly denoted as 'refpath') to output // Emit content of blob located at <ref>/path (jointly denoted as 'refpath') to output
func emitBlob(w http.ResponseWriter, repopath string, refpath string, r *http.Request) { func emitBlob(w http.ResponseWriter, repopath string, refpath string, r *http.Request) {
// Communicate with `git cat-file --batch` trying refs from longest // Communicate with `git cat-file --batch` trying refs from longest
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7