projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
10998: Adds test to confirm that keepclient's block cache is set up.
[arvados.git]
/
services
/
keep-web
/
handler.go
diff --git
a/services/keep-web/handler.go
b/services/keep-web/handler.go
index 6a7dc5dbacb7840cc759bb1447803b8d56aed726..863b91a7e1beecae13635cb0e89c830bb264faac 100644
(file)
--- a/
services/keep-web/handler.go
+++ b/
services/keep-web/handler.go
@@
-25,7
+25,7
@@
import (
"git.curoverse.com/arvados.git/sdk/go/health"
"git.curoverse.com/arvados.git/sdk/go/httpserver"
"git.curoverse.com/arvados.git/sdk/go/keepclient"
"git.curoverse.com/arvados.git/sdk/go/health"
"git.curoverse.com/arvados.git/sdk/go/httpserver"
"git.curoverse.com/arvados.git/sdk/go/keepclient"
- log "github.com/
S
irupsen/logrus"
+ log "github.com/
s
irupsen/logrus"
"golang.org/x/net/webdav"
)
"golang.org/x/net/webdav"
)
@@
-81,7
+81,7
@@
func (h *handler) setup() {
keepclient.RefreshServiceDiscoveryOnSIGHUP()
h.healthHandler = &health.Handler{
keepclient.RefreshServiceDiscoveryOnSIGHUP()
h.healthHandler = &health.Handler{
- Token: h.Config.ManagementToken,
+ Token: h.Config.
cluster.
ManagementToken,
Prefix: "/_health/",
}
Prefix: "/_health/",
}
@@
-249,9
+249,9
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
var pathToken bool
var attachment bool
var useSiteFS bool
var pathToken bool
var attachment bool
var useSiteFS bool
- credentialsOK := h.Config.TrustAllContent
+ credentialsOK := h.Config.
cluster.Collections.
TrustAllContent
- if r.Host != "" && r.Host == h.Config.
AttachmentOnly
Host {
+ if r.Host != "" && r.Host == h.Config.
cluster.Services.WebDAVDownload.ExternalURL.
Host {
credentialsOK = true
attachment = true
} else if r.FormValue("disposition") == "attachment" {
credentialsOK = true
attachment = true
} else if r.FormValue("disposition") == "attachment" {
@@
-283,8
+283,11
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
} else {
// /collections/ID/PATH...
collectionID = parseCollectionIDFromURL(pathParts[1])
} else {
// /collections/ID/PATH...
collectionID = parseCollectionIDFromURL(pathParts[1])
- tokens = h.Config.AnonymousTokens
stripParts = 2
stripParts = 2
+ // This path is only meant to work for public
+ // data. Tokens provided with the request are
+ // ignored.
+ credentialsOK = false
}
}
}
}
@@
-298,6
+301,10
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
forceReload = true
}
forceReload = true
}
+ if credentialsOK {
+ reqTokens = auth.CredentialsFromRequest(r).Tokens
+ }
+
formToken := r.FormValue("api_token")
if formToken != "" && r.Header.Get("Origin") != "" && attachment && r.URL.Query().Get("api_token") == "" {
// The client provided an explicit token in the POST
formToken := r.FormValue("api_token")
if formToken != "" && r.Header.Get("Origin") != "" && attachment && r.URL.Query().Get("api_token") == "" {
// The client provided an explicit token in the POST
@@
-313,7
+320,7
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
//
// * The token isn't embedded in the URL, so we don't
// need to worry about bookmarks and copy/paste.
//
// * The token isn't embedded in the URL, so we don't
// need to worry about bookmarks and copy/paste.
-
tokens = append(t
okens, formToken)
+
reqTokens = append(reqT
okens, formToken)
} else if formToken != "" && browserMethod[r.Method] {
// The client provided an explicit token in the query
// string, or a form in POST body. We must put the
} else if formToken != "" && browserMethod[r.Method] {
// The client provided an explicit token in the query
// string, or a form in POST body. We must put the
@@
-325,10
+332,7
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
}
if useSiteFS {
}
if useSiteFS {
- if tokens == nil {
- tokens = auth.CredentialsFromRequest(r).Tokens
- }
- h.serveSiteFS(w, r, tokens, credentialsOK, attachment)
+ h.serveSiteFS(w, r, reqTokens, credentialsOK, attachment)
return
}
return
}
@@
-347,10
+351,7
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
}
if tokens == nil {
}
if tokens == nil {
- if credentialsOK {
- reqTokens = auth.CredentialsFromRequest(r).Tokens
- }
- tokens = append(reqTokens, h.Config.AnonymousTokens...)
+ tokens = append(reqTokens, h.Config.cluster.Users.AnonymousUserToken)
}
if len(targetPath) > 0 && targetPath[0] == "_" {
}
if len(targetPath) > 0 && targetPath[0] == "_" {