fixup: NXD blob/auth: Basic Auth and raw url can now work with previous patches

fc590d35 · Alain Takoudjou · cf274e09 · fc590d35 · fc590d35 · fc590d35
Commit fc590d35 authored May 19, 2020 by Alain Takoudjou
5 changed files
--- a/internal/api/auth.go
+++ b/internal/api/auth.go
@@ -318,7 +318,7 @@ func (a *API) verifyDownloadAccess(project string, user *url.Userinfo, query str
 	// handled by upstream auth backend for git requests only, and we might
 	// want to use e.g. https://gitlab-ci-token:token@/.../raw/...
 	//if authReply.RepoPath != "" || query != "" || len(header) != 0 {
-	if authReply.Repository.RelativePath != "" || query != "" || len(header) != 0 {
+	if authReply.RawReply.Code == http.StatusOK || query != "" || len(header) != 0 {
 		return authReply
 	}
 	if user == nil {

--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -52,6 +52,7 @@ type Config struct {
 	APIQueueLimit            uint          `toml:"-"`
 	APIQueueTimeout          time.Duration `toml:"-"`
 	APICILongPollingDuration time.Duration `toml:"-"`
+	RepoPath                 string        `toml:"-"`
 }
 // LoadConfig from a file

--- a/internal/git/xblob.go
+++ b/internal/git/xblob.go
@@ -23,15 +23,15 @@ import (
 )
 // HTTP handler for `.../raw/<ref>/path`
-func GetBlobRaw(a *api.API) http.Handler {
+func GetBlobRaw(a *api.API, repoPath string) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		handleGetBlobRaw(a, w, r)
+		handleGetBlobRaw(a, w, r, repoPath)
 	})
 }
 var rawRe = regexp.MustCompile(`/raw/`)
-func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request) {
+func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request, repoPath string) {
 	// Extract project & refpath
 	// <project>/raw/branch/file -> <project>, branch/file
 	u := r.URL
@@ -52,8 +52,8 @@ func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request) {
 	// Query download access auth for this project
 	authReply := a.VerifyDownloadAccess(project, user, u.RawQuery, r.Header)
-	//if authReply.RepoPath == "" {
+  //if authReply.Repository.RelativePath == "" {
-        if authReply.Repository.RelativePath == "" {
+  if authReply.RawReply.Code != http.StatusOK {
 		// access denied - copy auth reply to client in full -
 		// there are HTTP code and other headers / body relevant for
 		// about why access was denied.
@@ -71,7 +71,8 @@ func handleGetBlobRaw(a *api.API, w http.ResponseWriter, r *http.Request) {
 	}
 	// Access granted - we can emit the blob
-	emitBlob(w, authReply.Repository.RelativePath, refpath, r)
+	p := repoPath + project + ".git"
+	emitBlob(w, p, refpath, r)
 }

--- a/internal/upstream/routes.go
+++ b/internal/upstream/routes.go
@@ -183,7 +183,7 @@ func (u *upstream) configureRoutes() {
 		route("PUT", gitProjectPattern+`gitlab-lfs/objects/([0-9a-f]{64})/([0-9]+)\z`, lfs.PutStore(api, signingProxy), withMatcher(isContentType("application/octet-stream"))),
 		// Raw blobs
-		route("GET", projectPattern + `raw/`, git.GetBlobRaw(api)),
+		route("GET", projectPattern + `raw/`, git.GetBlobRaw(api, u.RepoPath)),
 		// CI Artifacts
 		route("POST", apiPattern+`v4/jobs/[0-9]+/artifacts\z`, contentEncodingHandler(artifacts.UploadArtifacts(api, proxy))),

--- a/main.go
+++ b/main.go
@@ -57,6 +57,8 @@ var apiCiLongPollingDuration = flag.Duration("apiCiLongPollingDuration", 50, "Lo
 var prometheusListenAddr = flag.String("prometheusListenAddr", "", "Prometheus listening address, e.g. 'localhost:9229'")
+var repoPath = flag.String("repoPath", "", "Gitlab repositorie folder")
 var logConfig = logConfiguration{}
 func init() {
@@ -135,6 +137,7 @@ func main() {
 		APIQueueLimit:            *apiQueueLimit,
 		APIQueueTimeout:          *apiQueueTimeout,
 		APICILongPollingDuration: *apiCiLongPollingDuration,
+		RepoPath:                 *repoPath,
 	}
 	if *configFile != "" {