Project

General

Profile

Download (14.2 KB)

Bug #6263 ยป coverage-services_arv-git-httpd.html

Tom Clegg, 08/27/2015 07:49 PM

 

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style>
body {
background: black;
color: rgb(80, 80, 80);
}
body, pre, #legend span {
font-family: Menlo, monospace;
font-weight: bold;
}
#topbar {
background: black;
position: fixed;
top: 0; left: 0; right: 0;
height: 42px;
border-bottom: 1px solid rgb(80, 80, 80);
}
#content {
margin-top: 50px;
}
#nav, #legend {
float: left;
margin-left: 10px;
}
#legend {
margin-top: 12px;
}
#nav {
margin-top: 10px;
}
#legend span {
margin: 0 5px;
}
.cov0 { color: rgb(192, 0, 0) }
.cov1 { color: rgb(128, 128, 128) }
.cov2 { color: rgb(116, 140, 131) }
.cov3 { color: rgb(104, 152, 134) }
.cov4 { color: rgb(92, 164, 137) }
.cov5 { color: rgb(80, 176, 140) }
.cov6 { color: rgb(68, 188, 143) }
.cov7 { color: rgb(56, 200, 146) }
.cov8 { color: rgb(44, 212, 149) }
.cov9 { color: rgb(32, 224, 152) }
.cov10 { color: rgb(20, 236, 155) }

</style>
</head>
<body>
<div id="topbar">
<div id="nav">
<select id="files">
<option value="file0">git.curoverse.com/arvados.git/services/arv-git-httpd/auth_handler.go (89.0%)</option>
<option value="file1">git.curoverse.com/arvados.git/services/arv-git-httpd/git_handler.go (100.0%)</option>
<option value="file2">git.curoverse.com/arvados.git/services/arv-git-httpd/main.go (43.8%)</option>
<option value="file3">git.curoverse.com/arvados.git/services/arv-git-httpd/server.go (100.0%)</option>
</select>
</div>
<div id="legend">
<span>not tracked</span>
<span class="cov0">no coverage</span>
<span class="cov1">low coverage</span>
<span class="cov2">*</span>
<span class="cov3">*</span>
<span class="cov4">*</span>
<span class="cov5">*</span>
<span class="cov6">*</span>
<span class="cov7">*</span>
<span class="cov8">*</span>
<span class="cov9">*</span>
<span class="cov10">high coverage</span>
</div>
</div>
<div id="content">
<pre class="file" id="file0" >package main

import (
"log"
"net/http"
"os"
"strings"
"time"

"git.curoverse.com/arvados.git/sdk/go/arvadosclient"
"git.curoverse.com/arvados.git/sdk/go/auth"
"git.curoverse.com/arvados.git/sdk/go/httpserver"
)

var clientPool = arvadosclient.MakeClientPool()

type authHandler struct {
handler http.Handler
}

func (h *authHandler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) <span class="cov10" title="74">{
var statusCode int
var statusText string
var apiToken string
var repoName string
var validApiToken bool

w := httpserver.WrapResponseWriter(wOrig)

defer func() </span><span class="cov10" title="74">{
if w.WroteStatus() == 0 </span><span class="cov9" title="61">{
// Nobody has called WriteHeader yet: that
// must be our job.
w.WriteHeader(statusCode)
w.Write([]byte(statusText))
}</span>

// If the given password is a valid token, log the first 10 characters of the token.
// Otherwise: log the string &lt;invalid&gt; if a password is given, else an empty string.
<span class="cov10" title="74">passwordToLog := ""
if !validApiToken </span><span class="cov9" title="52">{
if len(apiToken) &gt; 0 </span><span class="cov6" title="14">{
passwordToLog = "&lt;invalid&gt;"
}</span>
}<span class="cov7" title="22"> else {
passwordToLog = apiToken[0:10]
}</span>

<span class="cov10" title="74">httpserver.Log(r.RemoteAddr, passwordToLog, w.WroteStatus(), statusText, repoName, r.Method, r.URL.Path)</span>
}()

<span class="cov10" title="74">creds := auth.NewCredentialsFromHTTPRequest(r)
if len(creds.Tokens) == 0 </span><span class="cov8" title="38">{
statusCode, statusText = http.StatusUnauthorized, "no credentials provided"
w.Header().Add("WWW-Authenticate", "Basic realm=\"git\"")
return
}</span>
<span class="cov8" title="36">apiToken = creds.Tokens[0]

// Access to paths "/foo/bar.git/*" and "/foo/bar/.git/*" are
// protected by the permissions on the repository named
// "foo/bar".
pathParts := strings.SplitN(r.URL.Path[1:], ".git/", 2)
if len(pathParts) != 2 </span><span class="cov2" title="2">{
statusCode, statusText = http.StatusBadRequest, "bad request"
return
}</span>
<span class="cov8" title="34">repoName = pathParts[0]
repoName = strings.TrimRight(repoName, "/")

arv := clientPool.Get()
if arv == nil </span><span class="cov0" title="0">{
statusCode, statusText = http.StatusInternalServerError, "connection pool failed: "+clientPool.Err().Error()
return
}</span>
<span class="cov8" title="34">defer clientPool.Put(arv)

// Ask API server whether the repository is readable using
// this token (by trying to read it!)
arv.ApiToken = apiToken
reposFound := arvadosclient.Dict{}
if err := arv.List("repositories", arvadosclient.Dict{
"filters": [][]string{{"name", "=", repoName}},
}, &amp;reposFound); err != nil </span><span class="cov6" title="12">{
statusCode, statusText = http.StatusInternalServerError, err.Error()
return
}</span>
<span class="cov7" title="22">validApiToken = true
if avail, ok := reposFound["items_available"].(float64); !ok </span><span class="cov0" title="0">{
statusCode, statusText = http.StatusInternalServerError, "bad list response from API"
return
}</span><span class="cov7" title="22"> else if avail &lt; 1 </span><span class="cov4" title="6">{
statusCode, statusText = http.StatusNotFound, "not found"
return
}</span><span class="cov6" title="16"> else if avail &gt; 1 </span><span class="cov0" title="0">{
statusCode, statusText = http.StatusInternalServerError, "name collision"
return
}</span>

<span class="cov6" title="16">repoUUID := reposFound["items"].([]interface{})[0].(map[string]interface{})["uuid"].(string)

isWrite := strings.HasSuffix(r.URL.Path, "/git-receive-pack")
if !isWrite </span><span class="cov6" title="14">{
statusText = "read"
}</span><span class="cov2" title="2"> else {
err := arv.Update("repositories", repoUUID, arvadosclient.Dict{
"repository": arvadosclient.Dict{
"modified_at": time.Now().String(),
},
}, &amp;arvadosclient.Dict{})
if err != nil </span><span class="cov1" title="1">{
statusCode, statusText = http.StatusForbidden, err.Error()
return
}</span>
<span class="cov1" title="1">statusText = "write"</span>
}

// Regardless of whether the client asked for "/foo.git" or
// "/foo/.git", we choose whichever variant exists in our repo
// root, and we try {uuid}.git and {uuid}/.git first. If none
// of these exist, we 404 even though the API told us the repo
// _should_ exist (presumably this means the repo was just
// created, and gitolite sync hasn't run yet).
<span class="cov6" title="15">rewrittenPath := ""
tryDirs := []string{
"/" + repoUUID + ".git",
"/" + repoUUID + "/.git",
"/" + repoName + ".git",
"/" + repoName + "/.git",
}
for _, dir := range tryDirs </span><span class="cov8" title="31">{
if fileInfo, err := os.Stat(theConfig.Root + dir); err != nil </span><span class="cov7" title="18">{
if !os.IsNotExist(err) </span><span class="cov0" title="0">{
statusCode, statusText = http.StatusInternalServerError, err.Error()
return
}</span>
}<span class="cov6" title="13"> else if fileInfo.IsDir() </span><span class="cov6" title="13">{
rewrittenPath = dir + "/" + pathParts[1]
break</span>
}
}
<span class="cov6" title="15">if rewrittenPath == "" </span><span class="cov2" title="2">{
log.Println("WARNING:", repoUUID,
"git directory not found in", theConfig.Root, tryDirs)
// We say "content not found" to disambiguate from the
// earlier "API says that repo does not exist" error.
statusCode, statusText = http.StatusNotFound, "content not found"
return
}</span>
<span class="cov6" title="13">r.URL.Path = rewrittenPath

h.handler.ServeHTTP(&amp;w, r)</span>
}
</pre>
<pre class="file" id="file1" style="display: none">package main

import (
"log"
"net"
"net/http"
"net/http/cgi"
)

// gitHandler is an http.Handler that invokes git-http-backend (or
// whatever backend is configured) via CGI, with appropriate
// environment variables in place for git-http-backend or
// gitolite-shell.
type gitHandler struct {
cgi.Handler
}

func newGitHandler() http.Handler <span class="cov9" title="12">{
return &amp;gitHandler{
Handler: cgi.Handler{
Path: theConfig.GitCommand,
Dir: theConfig.Root,
Env: []string{
"GIT_PROJECT_ROOT=" + theConfig.Root,
"GIT_HTTP_EXPORT_ALL=",
"SERVER_ADDR=" + theConfig.Addr,
},
InheritEnv: []string{
"PATH",
// Needed if GitCommand is gitolite-shell:
"GITOLITE_HTTP_HOME",
"GL_BYPASS_ACCESS_CHECKS",
},
Args: []string{"http-backend"},
},
}
}</span>

func (h *gitHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) <span class="cov10" title="15">{
remoteHost, remotePort, err := net.SplitHostPort(r.RemoteAddr)
if err != nil </span><span class="cov1" title="1">{
log.Printf("Internal error: SplitHostPort(r.RemoteAddr==%q): %s", r.RemoteAddr, err)
w.WriteHeader(http.StatusInternalServerError)
return
}</span>

// Copy the wrapped cgi.Handler, so these request-specific
// variables don't leak into the next request.
<span class="cov9" title="14">handlerCopy := h.Handler
handlerCopy.Env = append(handlerCopy.Env,
// In Go1.5 we can skip this, net/http/cgi will do it for us:
"REMOTE_HOST="+remoteHost,
"REMOTE_ADDR="+remoteHost,
"REMOTE_PORT="+remotePort,
// Ideally this would be a real username:
"REMOTE_USER="+r.RemoteAddr,
)
handlerCopy.ServeHTTP(w, r)</span>
}
</pre>
<pre class="file" id="file2" style="display: none">package main

import (
"flag"
"log"
"os"
)

type config struct {
Addr string
GitCommand string
Root string
}

var theConfig *config

func init() <span class="cov8" title="1">{
theConfig = &amp;config{}
flag.StringVar(&amp;theConfig.Addr, "address", "0.0.0.0:80",
"Address to listen on, \"host:port\".")
flag.StringVar(&amp;theConfig.GitCommand, "git-command", "/usr/bin/git",
"Path to git or gitolite-shell executable. Each authenticated request will execute this program with a single argument, \"http-backend\".")
cwd, err := os.Getwd()
if err != nil </span><span class="cov0" title="0">{
log.Fatalln("Getwd():", err)
}</span>
<span class="cov8" title="1">flag.StringVar(&amp;theConfig.Root, "repo-root", cwd,
"Path to git repositories.")

// MakeArvadosClient returns an error if token is unset (even
// though we don't need to do anything requiring
// authentication yet). We can't do this in newArvadosClient()
// just before calling MakeArvadosClient(), though, because
// that interferes with the env var needed by "run test
// servers".
os.Setenv("ARVADOS_API_TOKEN", "xxx")</span>
}

func main() <span class="cov0" title="0">{
flag.Parse()
srv := &amp;server{}
if err := srv.Start(); err != nil </span><span class="cov0" title="0">{
log.Fatal(err)
}</span>
<span class="cov0" title="0">log.Println("Listening at", srv.Addr)
log.Println("Repository root", theConfig.Root)
if err := srv.Wait(); err != nil </span><span class="cov0" title="0">{
log.Fatal(err)
}</span>
}
</pre>
<pre class="file" id="file3" style="display: none">package main

import (
"net/http"

"git.curoverse.com/arvados.git/sdk/go/httpserver"
)

type server struct {
httpserver.Server
}

func (srv *server) Start() error <span class="cov10" title="10">{
mux := http.NewServeMux()
mux.Handle("/", &amp;authHandler{newGitHandler()})
srv.Handler = mux
srv.Addr = theConfig.Addr
return srv.Server.Start()
}</span>
</pre>
</div>
</body>
<script>
(function() {
var files = document.getElementById('files');
var visible = document.getElementById('file0');
files.addEventListener('change', onChange, false);
function onChange() {
visible.style.display = 'none';
visible = document.getElementById(files.value);
visible.style.display = 'block';
window.scrollTo(0, 0);
}
})();
</script>
</html>
    (1-1/1)