Commit fc590d35 authored by Alain Takoudjou's avatar Alain Takoudjou

fixup: NXD blob/auth: Basic Auth and raw url can now work with previous patches

parent cf274e09
......@@ -318,7 +318,7 @@ func (a *API) verifyDownloadAccess(project string, user *url.Userinfo, query str
// handled by upstream auth backend for git requests only, and we might
// want to use e.g. https://gitlab-ci-token:token@/.../raw/...
//if authReply.RepoPath != "" || query != "" || len(header) != 0 {
if authReply.Repository.RelativePath != "" || query != "" || len(header) != 0 {
if authReply.RawReply.Code == http.StatusOK || query != "" || len(header) != 0 {
return authReply
}
if user == nil {
......
......@@ -52,6 +52,7 @@ type Config struct {
APIQueueLimit uint `toml:"-"`
APIQueueTimeout time.Duration `toml:"-"`
APICILongPollingDuration time.Duration `toml:"-"`
RepoPath string `toml:"-"`
}
// LoadConfig from a file
......
......@@ -23,15 +23,15 @@ import (
)
// HTTP handler for `.../raw/<ref>/path`
func GetBlobRaw(a *api.API) http.Handler {
func GetBlobRaw(a *api.API, repoPath string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
handleGetBlobRaw(a, w, r)
handleGetBlobRaw(a, w, r, repoPath)
})
}
var rawRe = regexp.MustCompile(`/raw/`)
func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request) {
func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request, repoPath string) {
// Extract project & refpath
// <project>/raw/branch/file -> <project>, branch/file
u := r.URL
......@@ -52,8 +52,8 @@ func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request) {
// Query download access auth for this project
authReply := a.VerifyDownloadAccess(project, user, u.RawQuery, r.Header)
//if authReply.RepoPath == "" {
if authReply.Repository.RelativePath == "" {
//if authReply.Repository.RelativePath == "" {
if authReply.RawReply.Code != http.StatusOK {
// access denied - copy auth reply to client in full -
// there are HTTP code and other headers / body relevant for
// about why access was denied.
......@@ -71,7 +71,8 @@ func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request) {
}
// Access granted - we can emit the blob
emitBlob(w, authReply.Repository.RelativePath, refpath, r)
p := repoPath + project + ".git"
emitBlob(w, p, refpath, r)
}
......
......@@ -183,7 +183,7 @@ func (u *upstream) configureRoutes() {
route("PUT", gitProjectPattern+`gitlab-lfs/objects/([0-9a-f]{64})/([0-9]+)\z`, lfs.PutStore(api, signingProxy), withMatcher(isContentType("application/octet-stream"))),
// Raw blobs
route("GET", projectPattern + `raw/`, git.GetBlobRaw(api)),
route("GET", projectPattern + `raw/`, git.GetBlobRaw(api, u.RepoPath)),
// CI Artifacts
route("POST", apiPattern+`v4/jobs/[0-9]+/artifacts\z`, contentEncodingHandler(artifacts.UploadArtifacts(api, proxy))),
......
......@@ -57,6 +57,8 @@ var apiCiLongPollingDuration = flag.Duration("apiCiLongPollingDuration", 50, "Lo
var prometheusListenAddr = flag.String("prometheusListenAddr", "", "Prometheus listening address, e.g. 'localhost:9229'")
var repoPath = flag.String("repoPath", "", "Gitlab repositorie folder")
var logConfig = logConfiguration{}
func init() {
......@@ -135,6 +137,7 @@ func main() {
APIQueueLimit: *apiQueueLimit,
APIQueueTimeout: *apiQueueTimeout,
APICILongPollingDuration: *apiCiLongPollingDuration,
RepoPath: *repoPath,
}
if *configFile != "" {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment