Merge branch 'workhorse-8.62.0' into 'master'

Workhorse 8.62.0

See merge request gitlab-org/gitlab!53864

GITLAB_WORKHORSE_VERSION

-8.61.0
+8.62.0

changelogs/unreleased/workhorse-8-62-0.yml

+---
+title: Update GitLab Workhorse to v8.62.0
+merge_request: 53864
+author:
+type: other

workhorse/CHANGELOG

 # Changelog for gitlab-workhorse
 
+## v8.62.0
+
+### Added
+- Add RubyGems registry upload route
+  https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/680
+
+### Fixed
+- Cleanup Connection headers
+  https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/678
+
 ## v8.61.0
 
 ### Fixed

workhorse/VERSION

-8.61.0
+8.62.0

workhorse/internal/api/api.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/textproto"
 	"net/url"
 	"strconv"
 	"strings"
@@ -188,6 +189,8 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error
 
 	authReq = authReq.WithContext(r.Context())
 
+	removeConnectionHeaders(authReq.Header)
+
 	// Clean some headers when issuing a new request without body
 	authReq.Header.Del("Content-Type")
 	authReq.Header.Del("Content-Encoding")
@@ -203,7 +206,9 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error
 	authReq.Header.Del("Proxy-Authenticate")
 	authReq.Header.Del("Proxy-Authorization")
 	authReq.Header.Del("Te")
-	authReq.Header.Del("Trailers")
+	// "Trailer", not "Trailers" as per rfc2616; See errata https://www.rfc-editor.org/errata_search.php?eid=4522
+	// See https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#field.connection
+	authReq.Header.Del("Trailer")
 	authReq.Header.Del("Upgrade")
 
 	// Also forward the Host header, which is excluded from the Header map by the http library.
@@ -290,6 +295,18 @@ func (api *API) doRequestWithoutRedirects(authReq *http.Request) (*http.Response
 	return signingTripper.RoundTrip(authReq)
 }
 
+// removeConnectionHeaders removes hop-by-hop headers listed in the "Connection" header of h.
+// See https://tools.ietf.org/html/rfc7230#section-6.1
+func removeConnectionHeaders(h http.Header) {
+	for _, f := range h["Connection"] {
+		for _, sf := range strings.Split(f, ",") {
+			if sf = textproto.TrimString(sf); sf != "" {
+				h.Del(sf)
+			}
+		}
+	}
+}
+
 func copyAuthHeader(httpResponse *http.Response, w http.ResponseWriter) {
 	// Negotiate authentication (Kerberos) may need to return a WWW-Authenticate
 	// header to the client even in case of success as per RFC4559.

workhorse/internal/upstream/routes.go

@@ -264,6 +264,9 @@ func (u *upstream) configureRoutes() {
 		// Debian Artifact Repository
 		u.route("PUT", apiPattern+`v4/projects/[0-9]+/packages/debian/`, upload.BodyUploader(api, signingProxy, preparers.packages)),
 
+		// Gem Artifact Repository
+		u.route("POST", apiPattern+`v4/projects/[0-9]+/packages/rubygems/`, upload.BodyUploader(api, signingProxy, preparers.packages)),
+
 		// We are porting API to disk acceleration
 		// we need to declare each routes until we have fixed all the routes on the rails codebase.
 		// Overall status can be seen at https://gitlab.com/groups/gitlab-org/-/epics/1802#current-status

workhorse/upload_test.go

@@ -292,9 +292,9 @@ func TestLfsUpload(t *testing.T) {
 	require.Equal(t, rspBody, string(rspData))
 }
 
-func packageUploadTestServer(t *testing.T, resource string, reqBody string, rspBody string) *httptest.Server {
+func packageUploadTestServer(t *testing.T, method string, resource string, reqBody string, rspBody string) *httptest.Server {
 	return testhelper.TestServerWithHandler(regexp.MustCompile(`.`), func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, r.Method, "PUT")
+		require.Equal(t, r.Method, method)
 		apiResponse := fmt.Sprintf(
 			`{"TempPath":%q, "Size": %d}`, scratchDir, len(reqBody),
 		)
@@ -330,17 +330,17 @@ func packageUploadTestServer(t *testing.T, resource string, reqBody string, rspB
 	})
 }
 
-func testPackageFileUpload(t *testing.T, resource string) {
+func testPackageFileUpload(t *testing.T, method string, resource string) {
 	reqBody := "test data"
 	rspBody := "test success"
 
-	ts := packageUploadTestServer(t, resource, reqBody, rspBody)
+	ts := packageUploadTestServer(t, method, resource, reqBody, rspBody)
 	defer ts.Close()
 
 	ws := startWorkhorseServer(ts.URL)
 	defer ws.Close()
 
-	req, err := http.NewRequest("PUT", ws.URL+resource, strings.NewReader(reqBody))
+	req, err := http.NewRequest(method, ws.URL+resource, strings.NewReader(reqBody))
 	require.NoError(t, err)
 
 	resp, err := http.DefaultClient.Do(req)
@@ -355,15 +355,19 @@ func testPackageFileUpload(t *testing.T, resource string) {
 }
 
 func TestPackageFilesUpload(t *testing.T) {
-	routes := []string{
-		"/api/v4/packages/conan/v1/files",
-		"/api/v4/projects/2412/packages/conan/v1/files",
-		"/api/v4/projects/2412/packages/maven/v1/files",
-		"/api/v4/projects/2412/packages/generic/mypackage/0.0.1/myfile.tar.gz",
-		"/api/v4/projects/2412/packages/debian/libsample0_1.2.3~alpha2-1_amd64.deb",
+	routes := []struct {
+		method   string
+		resource string
+	}{
+		{"PUT", "/api/v4/packages/conan/v1/files"},
+		{"PUT", "/api/v4/projects/2412/packages/conan/v1/files"},
+		{"PUT", "/api/v4/projects/2412/packages/maven/v1/files"},
+		{"PUT", "/api/v4/projects/2412/packages/generic/mypackage/0.0.1/myfile.tar.gz"},
+		{"PUT", "/api/v4/projects/2412/packages/debian/libsample0_1.2.3~alpha2-1_amd64.deb"},
+		{"POST", "/api/v4/projects/2412/packages/rubygems/api/v1/gems/sample.gem"},
 	}
 
 	for _, r := range routes {
-		testPackageFileUpload(t, r)
+		testPackageFileUpload(t, r.method, r.resource)
 	}
 }