Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-workhorse
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-workhorse
Commits
ceb58d11
Commit
ceb58d11
authored
Jan 06, 2016
by
Jacob Vosmaer
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of
https://gitlab.com/gitlab-org/gitlab-workhorse
into uploads-check
parents
8cef7d27
e2ba5727
Changes
7
Show whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
54 additions
and
17 deletions
+54
-17
CHANGELOG
CHANGELOG
+4
-0
README.md
README.md
+10
-0
VERSION
VERSION
+1
-1
authorization.go
authorization.go
+1
-1
main.go
main.go
+0
-2
main_test.go
main_test.go
+24
-0
upstream.go
upstream.go
+14
-13
No files found.
CHANGELOG
View file @
ceb58d11
...
...
@@ -2,6 +2,10 @@
Formerly known as 'gitlab-git-http-server'.
0.5.1
Deprecate -relativeURLRoot option, use -authBackend instead.
0.5.0
Send ALL GitLab requests through gitlab-workhorse.
...
...
README.md
View file @
ceb58d11
...
...
@@ -41,6 +41,16 @@ Gitlab-workhorse can listen on either a TCP or a Unix domain socket. It
can also open a second listening TCP listening socket with the Go
[
net/http/pprof profiler server
](
http://golang.org/pkg/net/http/pprof/
)
.
### Relative URL support
If you are mounting GitLab at a relative URL, e.g.
`example.com/gitlab`
, then you should also use this relative URL in
the
`authBackend`
setting:
```
gitlab-workhorse -authBackend http://localhost:8080/gitlab
```
## Installation
To install into
`/usr/local/bin`
run
`make install`
.
...
...
VERSION
View file @
ceb58d11
0.5.
0
0.5.
1
authorization.go
View file @
ceb58d11
...
...
@@ -9,7 +9,7 @@ import (
)
func
(
u
*
upstream
)
newUpstreamRequest
(
r
*
http
.
Request
,
body
io
.
Reader
,
suffix
string
)
(
*
http
.
Request
,
error
)
{
url
:=
u
.
authBackend
+
r
.
URL
.
RequestURI
(
)
+
suffix
url
:=
u
.
authBackend
+
"/"
+
strings
.
TrimPrefix
(
r
.
URL
.
RequestURI
(),
u
.
relativeURLRoot
)
+
suffix
authReq
,
err
:=
http
.
NewRequest
(
r
.
Method
,
url
,
body
)
if
err
!=
nil
{
return
nil
,
err
...
...
main.go
View file @
ceb58d11
...
...
@@ -36,7 +36,6 @@ var listenUmask = flag.Int("listenUmask", 022, "Umask for Unix socket, default:
var
authBackend
=
flag
.
String
(
"authBackend"
,
"http://localhost:8080"
,
"Authentication/authorization backend"
)
var
authSocket
=
flag
.
String
(
"authSocket"
,
""
,
"Optional: Unix domain socket to dial authBackend at"
)
var
pprofListenAddr
=
flag
.
String
(
"pprofListenAddr"
,
""
,
"pprof listening address, e.g. 'localhost:6060'"
)
var
relativeURLRoot
=
flag
.
String
(
"relativeURLRoot"
,
"/"
,
"GitLab relative URL root"
)
var
documentRoot
=
flag
.
String
(
"documentRoot"
,
"public"
,
"Path to static files content"
)
var
responseHeadersTimeout
=
flag
.
Duration
(
"proxyHeadersTimeout"
,
time
.
Minute
,
"How long to wait for response headers when proxying the request"
)
var
developmentMode
=
flag
.
Bool
(
"developmentMode"
,
false
,
"Allow to serve assets from Rails app"
)
...
...
@@ -180,6 +179,5 @@ func main() {
}
upstream
:=
newUpstream
(
*
authBackend
,
proxyTransport
)
upstream
.
SetRelativeURLRoot
(
*
relativeURLRoot
)
log
.
Fatal
(
http
.
Serve
(
listener
,
upstream
))
}
main_test.go
View file @
ceb58d11
...
...
@@ -13,6 +13,7 @@ import (
"os/exec"
"path"
"regexp"
"strings"
"testing"
"time"
)
...
...
@@ -238,6 +239,29 @@ func TestAllowedApiDownloadZip(t *testing.T) {
runOrFail
(
t
,
extractCmd
)
}
func
TestAllowedApiDownloadZipWithSlash
(
t
*
testing
.
T
)
{
prepareDownloadDir
(
t
)
// Prepare test server and backend
archiveName
:=
"foobar.zip"
ts
:=
testAuthServer
(
nil
,
200
,
archiveOkBody
(
t
,
archiveName
))
defer
ts
.
Close
()
ws
:=
startWorkhorseServer
(
ts
.
URL
)
defer
ws
.
Close
()
// Use foo%2Fbar instead of a numeric ID
downloadCmd
:=
exec
.
Command
(
"curl"
,
"-J"
,
"-O"
,
fmt
.
Sprintf
(
"%s/api/v3/projects/foo%%2Fbar/repository/archive.zip"
,
ws
.
URL
))
if
!
strings
.
Contains
(
downloadCmd
.
Args
[
3
],
`projects/foo%2Fbar/repository`
)
{
t
.
Fatalf
(
"Cannot find percent-2F: %v"
,
downloadCmd
.
Args
)
}
downloadCmd
.
Dir
=
scratchDir
runOrFail
(
t
,
downloadCmd
)
extractCmd
:=
exec
.
Command
(
"unzip"
,
archiveName
)
extractCmd
.
Dir
=
scratchDir
runOrFail
(
t
,
extractCmd
)
}
func
TestDownloadCacheHit
(
t
*
testing
.
T
)
{
prepareDownloadDir
(
t
)
...
...
upstream.go
View file @
ceb58d11
...
...
@@ -64,29 +64,30 @@ type gitRequest struct {
}
func
newUpstream
(
authBackend
string
,
authTransport
http
.
RoundTripper
)
*
upstream
{
u
,
err
:=
url
.
Parse
(
authBackend
)
gitlabURL
,
err
:=
url
.
Parse
(
authBackend
)
if
err
!=
nil
{
log
.
Fatalln
(
err
)
}
relativeURLRoot
:=
gitlabURL
.
Path
if
!
strings
.
HasSuffix
(
relativeURLRoot
,
"/"
)
{
relativeURLRoot
+=
"/"
}
// If the relative URL is '/foobar' and we tell httputil.ReverseProxy to proxy
// to 'http://example.com/foobar' then we get a redirect loop, so we clear the
// Path field here.
gitlabURL
.
Path
=
""
up
:=
&
upstream
{
authBackend
:
authBackend
,
httpClient
:
&
http
.
Client
{
Transport
:
authTransport
},
httpProxy
:
httputil
.
NewSingleHostReverseProxy
(
u
),
relativeURLRoot
:
"/"
,
httpProxy
:
httputil
.
NewSingleHostReverseProxy
(
gitlabURL
),
relativeURLRoot
:
relativeURLRoot
,
}
up
.
httpProxy
.
Transport
=
authTransport
return
up
}
func
(
u
*
upstream
)
SetRelativeURLRoot
(
relativeURLRoot
string
)
{
u
.
relativeURLRoot
=
relativeURLRoot
if
!
strings
.
HasSuffix
(
u
.
relativeURLRoot
,
"/"
)
{
u
.
relativeURLRoot
+=
"/"
}
}
func
(
u
*
upstream
)
ServeHTTP
(
ow
http
.
ResponseWriter
,
r
*
http
.
Request
)
{
var
g
httpRoute
...
...
@@ -106,8 +107,8 @@ func (u *upstream) ServeHTTP(ow http.ResponseWriter, r *http.Request) {
}
// Check URL Root
URIPath
:=
cleanURIPath
(
r
.
URL
.
Path
)
if
!
strings
.
HasPrefix
(
URIPath
,
u
.
relativeURLRoot
)
{
URIPath
:=
cleanURIPath
(
r
.
URL
.
EscapedPath
()
)
if
!
strings
.
HasPrefix
(
URIPath
,
u
.
relativeURLRoot
)
&&
URIPath
+
"/"
!=
u
.
relativeURLRoot
{
httpError
(
&
w
,
r
,
fmt
.
Sprintf
(
"Not found %q"
,
URIPath
),
http
.
StatusNotFound
)
return
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment