Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-workhorse
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-workhorse
Commits
921cdfef
Commit
921cdfef
authored
Nov 26, 2015
by
Kirill Smelkov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
X Factor out auth verification to separate function
parent
ad3c668c
Pipeline
#110
failed with stage
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
38 additions
and
18 deletions
+38
-18
blob.go
blob.go
+38
-18
No files found.
blob.go
View file @
921cdfef
...
...
@@ -31,43 +31,63 @@ func blobPreAuthorizeHandler(handleFunc serviceHandleFunc) serviceHandleFunc {
}
}
// verify that download access is authorized by auth backend
func
verifyDownloadAccess
(
w
http
.
ResponseWriter
,
r
*
gitRequest
,
project
string
)
(
downloadOk
bool
)
{
downloadOk
=
false
// request to verify whether download is possible via asking as git fetch would do
// XXX privateToken not propagated, etc ...
reqDownloadAccess
,
err
:=
http
.
NewRequest
(
"GET"
,
project
+
".git/info/refs?service=git-upload-pack"
,
nil
)
if
err
!=
nil
{
fail500
(
w
,
"GET git-upload-pack"
,
err
)
return
}
// swap original request to 'verify-download' one
//requestBlob := r.Request
r
.
Request
=
reqDownloadAccess
preAuthorizeHandler
(
func
(
w
http
.
ResponseWriter
,
r
*
gitRequest
)
{
// if we ever get to this point - auth handler approved
// access and thus it is ok to download
downloadOk
=
true
},
""
)
(
w
,
r
)
return
}
var
projectRe
=
regexp
.
MustCompile
(
`^/[\w\.-]+/[\w\.-]+/`
)
func
handleGetBlobRaw
(
w
http
.
ResponseWriter
,
r
*
gitRequest
)
{
Tstart
:=
time
.
Now
()
// extract project & refpath
// /namespace/project/raw/branch/file -> /namespace/project, branch/file
projectRe
:=
regexp
.
MustCompile
(
`^/[\w\.-]+/[\w\.-]+/`
)
project
:=
projectRe
.
FindString
(
r
.
Request
.
URL
.
Path
)
refpath
:=
r
.
Request
.
URL
.
Path
[
len
(
project
)
:
]
if
project
==
""
{
fail500
(
w
,
"extract project name"
,
nil
)
return
}
//assert project[-1] == "/"
//
assert project[-1] == "/"
project
=
project
[
:
len
(
project
)
-
1
]
// assert refpath[:4] == "raw/"
if
refpath
[
:
4
]
!=
"raw/"
{
fail500
(
w
,
"refpath != raw/..."
,
nil
)
return
}
refpath
=
refpath
[
4
:
]
//log.Printf("BLOB1 %v %v", project, refpath)
// request to verify whether download is possible via asking as git fetch would do
// XXX privateToken not propagated, etc ...
reqDownloadAccess
,
err
:=
http
.
NewRequest
(
"GET"
,
project
+
".git/info/refs?service=git-upload-pack"
,
nil
)
if
err
!=
nil
{
fail500
(
w
,
"GET git-upload-pack"
,
err
)
if
!
verifyDownloadAccess
(
w
,
r
,
project
)
{
// XXX verifyDownloadAccess already emitted 403 headers etc ...
return
}
// swap original request to 'verify-download' one
//requestBlob := r.Request
r
.
Request
=
reqDownloadAccess
preAuthorizeHandler
(
func
(
w
http
.
ResponseWriter
,
r
*
gitRequest
)
{
handleGetBlobRaw2
(
w
,
r
,
refpath
)
},
""
)
(
w
,
r
)
handleGetBlobRaw2
(
w
,
r
,
refpath
)
Tend
:=
time
.
Now
()
...
...
@@ -105,9 +125,9 @@ func handleGetBlobRaw2(w http.ResponseWriter, r *gitRequest, refpath string) {
//setRawHeaders(...)
w
.
WriteHeader
(
200
)
// XXX too early
//_, err = io.Copy(os.Stdout, blobStdout)
if
err
!=
nil
{
panic
(
err
)
}
//
if err != nil {
//
panic(err)
//
}
if
_
,
err
:=
io
.
Copy
(
w
,
blobStdout
);
err
!=
nil
{
logContext
(
"io.Copy"
,
err
)
return
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment