Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-workhorse
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-workhorse
Commits
902684ec
Commit
902684ec
authored
Dec 02, 2015
by
Kirill Smelkov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
.
parent
451b74af
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
21 additions
and
15 deletions
+21
-15
authorization.go
authorization.go
+5
-6
blob.go
blob.go
+16
-9
No files found.
authorization.go
View file @
902684ec
...
@@ -8,12 +8,11 @@ import (
...
@@ -8,12 +8,11 @@ import (
"log"
"log"
"net/http"
"net/http"
"strings"
"strings"
"time"
)
)
func
preAuthorizeHandler
(
handleFunc
serviceHandleFunc
,
suffix
string
)
serviceHandleFunc
{
func
preAuthorizeHandler
(
handleFunc
serviceHandleFunc
,
suffix
string
)
serviceHandleFunc
{
return
func
(
w
http
.
ResponseWriter
,
r
*
gitRequest
)
{
return
func
(
w
http
.
ResponseWriter
,
r
*
gitRequest
)
{
Tstart
:=
time
.
Now
()
//
Tstart := time.Now()
//log.Printf("AUTH1")
//log.Printf("AUTH1")
authReq
,
err
:=
r
.
u
.
newUpstreamRequest
(
r
.
Request
,
nil
,
suffix
)
authReq
,
err
:=
r
.
u
.
newUpstreamRequest
(
r
.
Request
,
nil
,
suffix
)
if
err
!=
nil
{
if
err
!=
nil
{
...
@@ -66,13 +65,13 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan
...
@@ -66,13 +65,13 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan
}
}
}
}
Tendauth
:=
time
.
Now
()
//
Tendauth := time.Now()
handleFunc
(
w
,
r
)
handleFunc
(
w
,
r
)
Tend
:=
time
.
Now
()
//
Tend := time.Now()
log
.
Printf
(
"Tauth:
\t
%s"
,
Tendauth
.
Sub
(
Tstart
))
//
log.Printf("Tauth:\t%s", Tendauth.Sub(Tstart))
log
.
Printf
(
"Tauth+handle:
\t
%s"
,
Tend
.
Sub
(
Tstart
))
//
log.Printf("Tauth+handle:\t%s", Tend.Sub(Tstart))
}
}
}
}
...
...
blob.go
View file @
902684ec
...
@@ -9,6 +9,7 @@ package main
...
@@ -9,6 +9,7 @@ package main
import
(
import
(
"bufio"
"bufio"
"errors"
"fmt"
"fmt"
"io"
"io"
"log"
"log"
...
@@ -23,7 +24,7 @@ import (
...
@@ -23,7 +24,7 @@ import (
type
AuthReply
struct
{
type
AuthReply
struct
{
// raw reply from auth backend & preAuthorizeHandler().
// raw reply from auth backend & preAuthorizeHandler().
// recorded so we can replay it from auth cache to each client in full
// recorded so we can replay it from auth cache to each client in full
// if access is rejected.
// if access is rejected.
XXX for accepted too? (see WWW-Authenticate in preAuthorizeHandler)
RawReply
*
httptest
.
ResponseRecorder
RawReply
*
httptest
.
ResponseRecorder
// decoded auth reply
// decoded auth reply
...
@@ -48,7 +49,7 @@ type AuthCacheEntry struct {
...
@@ -48,7 +49,7 @@ type AuthCacheEntry struct {
var
authCache
=
make
(
map
[
string
]
*
AuthCacheEntry
)
var
authCache
=
make
(
map
[
string
]
*
AuthCacheEntry
)
// Time period for refreshing / removing unused entires in authCache
// Time period for refreshing / removing unused entires in authCache
const
authCacheRefresh
=
30
*
time
.
Second
const
authCacheRefresh
=
5
*
time
.
Second
// XXX 30
// Goroutine to refresh auth cache entry periodically while it is used.
// Goroutine to refresh auth cache entry periodically while it is used.
// if the entry is detected to be not used - remove it from cache and stop refreshing.
// if the entry is detected to be not used - remove it from cache and stop refreshing.
...
@@ -77,6 +78,7 @@ func authRefreshEntry(u *upstream, project string) {
...
@@ -77,6 +78,7 @@ func authRefreshEntry(u *upstream, project string) {
log
.
Printf
(
"AUTH - refreshing %v"
,
project
)
log
.
Printf
(
"AUTH - refreshing %v"
,
project
)
// XXX what if it stucks?
// XXX what if it stucks?
authReply
,
err
:=
askAuthBackend
(
u
,
project
)
authReply
,
err
:=
askAuthBackend
(
u
,
project
)
log
.
Printf
(
"<- err: %v"
,
err
)
if
err
!=
nil
{
if
err
!=
nil
{
// an error -> delete entry from cache and be done with
// an error -> delete entry from cache and be done with
// refreshing XXX lock, unify with ^^^
// refreshing XXX lock, unify with ^^^
...
@@ -91,8 +93,12 @@ func authRefreshEntry(u *upstream, project string) {
...
@@ -91,8 +93,12 @@ func authRefreshEntry(u *upstream, project string) {
}
}
}
}
// Ask auth backend about whether download is ok for a project
// Ask auth backend about whether download is ok for a project.
func
askAuthBackend
(
u
*
upstream
,
project
string
)
(
AuthReply
,
error
)
{
// Authorization is approved if AuthReply.RepoPath != "" on return
// In case of errors, diagnostic is emitted to AuthReply.RawReply XXX not only diagnostic
var
ErrAuthFailed
=
errors
.
New
(
"authorization failed"
)
func
askAuthBackend
(
u
*
upstream
,
project
string
)
AuthReply
{
authReply
:=
AuthReply
{
authReply
:=
AuthReply
{
RawReply
:
httptest
.
NewRecorder
(),
RawReply
:
httptest
.
NewRecorder
(),
}
}
...
@@ -114,17 +120,18 @@ func askAuthBackend(u *upstream, project string) (AuthReply, error) {
...
@@ -114,17 +120,18 @@ func askAuthBackend(u *upstream, project string) (AuthReply, error) {
u
:
u
,
u
:
u
,
}
}
err
=
ErrAuthFailed
preAuthorizeHandler
(
preAuthorizeHandler
(
func
(
w
http
.
ResponseWriter
,
r
*
gitRequest
)
{
func
(
w
http
.
ResponseWriter
,
r
*
gitRequest
)
{
// XXX
// if we ever get to this point - auth handler approved
// if we ever get to this point - auth handler approved
// access and thus it is ok to download
// access and thus it is ok to download
// downloadOk = true XXX
err
=
nil
// NOTE we can use authorizationResponse.RepoPath != "" as test for this
// propagate authorizationResponse back
authReply
.
authorizationResponse
=
r
.
authorizationResponse
},
""
)(
authReply
.
RawReply
,
r
)
},
""
)(
authReply
.
RawReply
,
r
)
// propagate authorizationResponse back and we are done
return
authReply
,
err
authReply
.
authorizationResponse
=
r
.
authorizationResponse
return
authReply
,
nil
}
}
// Verify that download access is ok or not.
// Verify that download access is ok or not.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment