Commit 902684ec authored by Kirill Smelkov's avatar Kirill Smelkov

.

parent 451b74af
...@@ -8,12 +8,11 @@ import ( ...@@ -8,12 +8,11 @@ import (
"log" "log"
"net/http" "net/http"
"strings" "strings"
"time"
) )
func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHandleFunc { func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHandleFunc {
return func(w http.ResponseWriter, r *gitRequest) { return func(w http.ResponseWriter, r *gitRequest) {
Tstart := time.Now() //Tstart := time.Now()
//log.Printf("AUTH1") //log.Printf("AUTH1")
authReq, err := r.u.newUpstreamRequest(r.Request, nil, suffix) authReq, err := r.u.newUpstreamRequest(r.Request, nil, suffix)
if err != nil { if err != nil {
...@@ -66,13 +65,13 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan ...@@ -66,13 +65,13 @@ func preAuthorizeHandler(handleFunc serviceHandleFunc, suffix string) serviceHan
} }
} }
Tendauth := time.Now() //Tendauth := time.Now()
handleFunc(w, r) handleFunc(w, r)
Tend := time.Now() //Tend := time.Now()
log.Printf("Tauth:\t%s", Tendauth.Sub(Tstart)) //log.Printf("Tauth:\t%s", Tendauth.Sub(Tstart))
log.Printf("Tauth+handle:\t%s", Tend.Sub(Tstart)) //log.Printf("Tauth+handle:\t%s", Tend.Sub(Tstart))
} }
} }
......
...@@ -9,6 +9,7 @@ package main ...@@ -9,6 +9,7 @@ package main
import ( import (
"bufio" "bufio"
"errors"
"fmt" "fmt"
"io" "io"
"log" "log"
...@@ -23,7 +24,7 @@ import ( ...@@ -23,7 +24,7 @@ import (
type AuthReply struct { type AuthReply struct {
// raw reply from auth backend & preAuthorizeHandler(). // raw reply from auth backend & preAuthorizeHandler().
// recorded so we can replay it from auth cache to each client in full // recorded so we can replay it from auth cache to each client in full
// if access is rejected. // if access is rejected. XXX for accepted too? (see WWW-Authenticate in preAuthorizeHandler)
RawReply *httptest.ResponseRecorder RawReply *httptest.ResponseRecorder
// decoded auth reply // decoded auth reply
...@@ -48,7 +49,7 @@ type AuthCacheEntry struct { ...@@ -48,7 +49,7 @@ type AuthCacheEntry struct {
var authCache = make(map[string]*AuthCacheEntry) var authCache = make(map[string]*AuthCacheEntry)
// Time period for refreshing / removing unused entires in authCache // Time period for refreshing / removing unused entires in authCache
const authCacheRefresh = 30 * time.Second const authCacheRefresh = 5 * time.Second // XXX 30
// Goroutine to refresh auth cache entry periodically while it is used. // Goroutine to refresh auth cache entry periodically while it is used.
// if the entry is detected to be not used - remove it from cache and stop refreshing. // if the entry is detected to be not used - remove it from cache and stop refreshing.
...@@ -77,6 +78,7 @@ func authRefreshEntry(u *upstream, project string) { ...@@ -77,6 +78,7 @@ func authRefreshEntry(u *upstream, project string) {
log.Printf("AUTH - refreshing %v", project) log.Printf("AUTH - refreshing %v", project)
// XXX what if it stucks? // XXX what if it stucks?
authReply, err := askAuthBackend(u, project) authReply, err := askAuthBackend(u, project)
log.Printf("<- err: %v", err)
if err != nil { if err != nil {
// an error -> delete entry from cache and be done with // an error -> delete entry from cache and be done with
// refreshing XXX lock, unify with ^^^ // refreshing XXX lock, unify with ^^^
...@@ -91,8 +93,12 @@ func authRefreshEntry(u *upstream, project string) { ...@@ -91,8 +93,12 @@ func authRefreshEntry(u *upstream, project string) {
} }
} }
// Ask auth backend about whether download is ok for a project // Ask auth backend about whether download is ok for a project.
func askAuthBackend(u *upstream, project string) (AuthReply, error) { // Authorization is approved if AuthReply.RepoPath != "" on return
// In case of errors, diagnostic is emitted to AuthReply.RawReply XXX not only diagnostic
var ErrAuthFailed = errors.New("authorization failed")
func askAuthBackend(u *upstream, project string) AuthReply {
authReply := AuthReply{ authReply := AuthReply{
RawReply: httptest.NewRecorder(), RawReply: httptest.NewRecorder(),
} }
...@@ -114,17 +120,18 @@ func askAuthBackend(u *upstream, project string) (AuthReply, error) { ...@@ -114,17 +120,18 @@ func askAuthBackend(u *upstream, project string) (AuthReply, error) {
u: u, u: u,
} }
err = ErrAuthFailed
preAuthorizeHandler( preAuthorizeHandler(
func(w http.ResponseWriter, r *gitRequest) { func(w http.ResponseWriter, r *gitRequest) {
// XXX
// if we ever get to this point - auth handler approved // if we ever get to this point - auth handler approved
// access and thus it is ok to download // access and thus it is ok to download
// downloadOk = true XXX err = nil
// NOTE we can use authorizationResponse.RepoPath != "" as test for this // propagate authorizationResponse back
authReply.authorizationResponse = r.authorizationResponse
}, "")(authReply.RawReply, r) }, "")(authReply.RawReply, r)
// propagate authorizationResponse back and we are done return authReply, err
authReply.authorizationResponse = r.authorizationResponse
return authReply, nil
} }
// Verify that download access is ok or not. // Verify that download access is ok or not.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment