projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch '15699-update-gem'
[arvados.git]
/
services
/
keep-web
/
handler.go
diff --git
a/services/keep-web/handler.go
b/services/keep-web/handler.go
index b5c11e553c115c872d5ded605e0ad3b54956d406..f9e0c1a505376b76e9242ac721a09d7a37fc17ba 100644
(file)
--- a/
services/keep-web/handler.go
+++ b/
services/keep-web/handler.go
@@
-79,9
+79,10
@@
func (h *handler) setup() {
h.clientPool = arvadosclient.MakeClientPool()
keepclient.RefreshServiceDiscoveryOnSIGHUP()
h.clientPool = arvadosclient.MakeClientPool()
keepclient.RefreshServiceDiscoveryOnSIGHUP()
+ keepclient.DefaultBlockCache.MaxBlocks = h.Config.cluster.Collections.WebDAVCache.MaxBlockEntries
h.healthHandler = &health.Handler{
h.healthHandler = &health.Handler{
- Token: h.Config.ManagementToken,
+ Token: h.Config.
cluster.
ManagementToken,
Prefix: "/_health/",
}
Prefix: "/_health/",
}
@@
-249,9
+250,9
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
var pathToken bool
var attachment bool
var useSiteFS bool
var pathToken bool
var attachment bool
var useSiteFS bool
- credentialsOK := h.Config.TrustAllContent
+ credentialsOK := h.Config.
cluster.Collections.
TrustAllContent
- if r.Host != "" && r.Host == h.Config.
AttachmentOnly
Host {
+ if r.Host != "" && r.Host == h.Config.
cluster.Services.WebDAVDownload.ExternalURL.
Host {
credentialsOK = true
attachment = true
} else if r.FormValue("disposition") == "attachment" {
credentialsOK = true
attachment = true
} else if r.FormValue("disposition") == "attachment" {
@@
-283,8
+284,11
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
} else {
// /collections/ID/PATH...
collectionID = parseCollectionIDFromURL(pathParts[1])
} else {
// /collections/ID/PATH...
collectionID = parseCollectionIDFromURL(pathParts[1])
- tokens = h.Config.AnonymousTokens
stripParts = 2
stripParts = 2
+ // This path is only meant to work for public
+ // data. Tokens provided with the request are
+ // ignored.
+ credentialsOK = false
}
}
}
}
@@
-298,6
+302,10
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
forceReload = true
}
forceReload = true
}
+ if credentialsOK {
+ reqTokens = auth.CredentialsFromRequest(r).Tokens
+ }
+
formToken := r.FormValue("api_token")
if formToken != "" && r.Header.Get("Origin") != "" && attachment && r.URL.Query().Get("api_token") == "" {
// The client provided an explicit token in the POST
formToken := r.FormValue("api_token")
if formToken != "" && r.Header.Get("Origin") != "" && attachment && r.URL.Query().Get("api_token") == "" {
// The client provided an explicit token in the POST
@@
-313,7
+321,7
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
//
// * The token isn't embedded in the URL, so we don't
// need to worry about bookmarks and copy/paste.
//
// * The token isn't embedded in the URL, so we don't
// need to worry about bookmarks and copy/paste.
-
tokens = append(t
okens, formToken)
+
reqTokens = append(reqT
okens, formToken)
} else if formToken != "" && browserMethod[r.Method] {
// The client provided an explicit token in the query
// string, or a form in POST body. We must put the
} else if formToken != "" && browserMethod[r.Method] {
// The client provided an explicit token in the query
// string, or a form in POST body. We must put the
@@
-325,10
+333,7
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
}
if useSiteFS {
}
if useSiteFS {
- if tokens == nil {
- tokens = auth.CredentialsFromRequest(r).Tokens
- }
- h.serveSiteFS(w, r, tokens, credentialsOK, attachment)
+ h.serveSiteFS(w, r, reqTokens, credentialsOK, attachment)
return
}
return
}
@@
-347,10
+352,7
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
}
if tokens == nil {
}
if tokens == nil {
- if credentialsOK {
- reqTokens = auth.CredentialsFromRequest(r).Tokens
- }
- tokens = append(reqTokens, h.Config.AnonymousTokens...)
+ tokens = append(reqTokens, h.Config.cluster.Users.AnonymousUserToken)
}
if len(targetPath) > 0 && targetPath[0] == "_" {
}
if len(targetPath) > 0 && targetPath[0] == "_" {