10 "git.curoverse.com/arvados.git/sdk/go/arvadosclient"
11 "git.curoverse.com/arvados.git/sdk/go/auth"
12 "git.curoverse.com/arvados.git/sdk/go/httpserver"
15 var clientPool = arvadosclient.MakeClientPool()
17 type authHandler struct {
21 func (h *authHandler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
26 var validApiToken bool
28 w := httpserver.WrapResponseWriter(wOrig)
31 if w.WroteStatus() == 0 {
32 // Nobody has called WriteHeader yet: that
34 w.WriteHeader(statusCode)
35 w.Write([]byte(statusText))
38 // If the given password is a valid token, log the first 10 characters of the token.
39 // Otherwise: log the string <invalid> if a password is given, else an empty string.
42 if len(apiToken) > 0 {
43 passwordToLog = "<invalid>"
46 passwordToLog = apiToken[0:10]
49 httpserver.Log(r.RemoteAddr, passwordToLog, w.WroteStatus(), statusText, repoName, r.Method, r.URL.Path)
52 creds := auth.NewCredentialsFromHTTPRequest(r)
53 if len(creds.Tokens) == 0 {
54 statusCode, statusText = http.StatusUnauthorized, "no credentials provided"
55 w.Header().Add("WWW-Authenticate", "Basic realm=\"git\"")
58 apiToken = creds.Tokens[0]
60 // Access to paths "/foo/bar.git/*" and "/foo/bar/.git/*" are
61 // protected by the permissions on the repository named
63 pathParts := strings.SplitN(r.URL.Path[1:], ".git/", 2)
64 if len(pathParts) != 2 {
65 statusCode, statusText = http.StatusBadRequest, "bad request"
68 repoName = pathParts[0]
69 repoName = strings.TrimRight(repoName, "/")
71 arv := clientPool.Get()
73 statusCode, statusText = http.StatusInternalServerError, "connection pool failed: "+clientPool.Err().Error()
76 defer clientPool.Put(arv)
78 // Ask API server whether the repository is readable using
79 // this token (by trying to read it!)
80 arv.ApiToken = apiToken
81 reposFound := arvadosclient.Dict{}
82 if err := arv.List("repositories", arvadosclient.Dict{
83 "filters": [][]string{{"name", "=", repoName}},
84 }, &reposFound); err != nil {
85 statusCode, statusText = http.StatusInternalServerError, err.Error()
89 if avail, ok := reposFound["items_available"].(float64); !ok {
90 statusCode, statusText = http.StatusInternalServerError, "bad list response from API"
93 statusCode, statusText = http.StatusNotFound, "not found"
96 statusCode, statusText = http.StatusInternalServerError, "name collision"
100 repoUUID := reposFound["items"].([]interface{})[0].(map[string]interface{})["uuid"].(string)
102 isWrite := strings.HasSuffix(r.URL.Path, "/git-receive-pack")
106 err := arv.Update("repositories", repoUUID, arvadosclient.Dict{
107 "repository": arvadosclient.Dict{
108 "modified_at": time.Now().String(),
110 }, &arvadosclient.Dict{})
112 statusCode, statusText = http.StatusForbidden, err.Error()
118 // Regardless of whether the client asked for "/foo.git" or
119 // "/foo/.git", we choose whichever variant exists in our repo
120 // root, and we try {uuid}.git and {uuid}/.git first. If none
121 // of these exist, we 404 even though the API told us the repo
122 // _should_ exist (presumably this means the repo was just
123 // created, and gitolite sync hasn't run yet).
126 "/" + repoUUID + ".git",
127 "/" + repoUUID + "/.git",
128 "/" + repoName + ".git",
129 "/" + repoName + "/.git",
131 for _, dir := range tryDirs {
132 if fileInfo, err := os.Stat(theConfig.Root + dir); err != nil {
133 if !os.IsNotExist(err) {
134 statusCode, statusText = http.StatusInternalServerError, err.Error()
137 } else if fileInfo.IsDir() {
138 rewrittenPath = dir + "/" + pathParts[1]
142 if rewrittenPath == "" {
143 log.Println("WARNING:", repoUUID,
144 "git directory not found in", theConfig.Root, tryDirs)
145 // We say "content not found" to disambiguate from the
146 // earlier "API says that repo does not exist" error.
147 statusCode, statusText = http.StatusNotFound, "content not found"
150 r.URL.Path = rewrittenPath
152 h.handler.ServeHTTP(&w, r)
projects / arvados.git / blob