mirror of
https://github.com/go-gitea/gitea.git
synced 2024-11-24 02:59:42 +08:00
Refactor LFS SSH and internal routers (#32473)
Gitea instance keeps reporting a lot of errors like "LFS SSH transfer connection denied, pure SSH protocol is disabled". When starting debugging the problem, there are more problems found. Try to address most of them: * avoid unnecessary server side error logs (change `fail()` to not log them) * figure out the broken tests/user2/lfs.git (added comments) * avoid `migratePushMirrors` failure when a repository doesn't exist (ignore them) * avoid "Authorization" (internal&lfs) header conflicts, remove the tricky "swapAuth" and use "X-Gitea-Internal-Auth" * make internal token comparing constant time (it wasn't a serous problem because in a real world it's nearly impossible to timing-attack the token, but good to fix and backport) * avoid duplicate routers (introduce AddOwnerRepoGitLFSRoutes) * avoid "internal (private)" routes using session/web context (they should use private context) * fix incorrect "path" usages (use "filepath") * fix incorrect mocked route point handling (need to check func nil correctly) * split some tests from "git general tests" to "git misc tests" (to keep "git_general_test.go" simple) Still no correct result for Git LFS SSH tests. So the code is kept there (`tests/integration/git_lfs_ssh_test.go`) and a FIXME explains the details.
This commit is contained in:
parent
f35e2b0cd1
commit
580e21dd2e
@ -111,13 +111,11 @@ func fail(ctx context.Context, userMessage, logMsgFmt string, args ...any) error
|
|||||||
if !setting.IsProd {
|
if !setting.IsProd {
|
||||||
_, _ = fmt.Fprintln(os.Stderr, "Gitea:", logMsg)
|
_, _ = fmt.Fprintln(os.Stderr, "Gitea:", logMsg)
|
||||||
}
|
}
|
||||||
if userMessage != "" {
|
|
||||||
if unicode.IsPunct(rune(userMessage[len(userMessage)-1])) {
|
if unicode.IsPunct(rune(userMessage[len(userMessage)-1])) {
|
||||||
logMsg = userMessage + " " + logMsg
|
logMsg = userMessage + " " + logMsg
|
||||||
} else {
|
} else {
|
||||||
logMsg = userMessage + ". " + logMsg
|
logMsg = userMessage + ". " + logMsg
|
||||||
}
|
}
|
||||||
}
|
|
||||||
_ = private.SSHLog(ctx, true, logMsg)
|
_ = private.SSHLog(ctx, true, logMsg)
|
||||||
}
|
}
|
||||||
return cli.Exit("", 1)
|
return cli.Exit("", 1)
|
||||||
@ -288,10 +286,10 @@ func runServ(c *cli.Context) error {
|
|||||||
if allowedCommands.Contains(verb) {
|
if allowedCommands.Contains(verb) {
|
||||||
if allowedCommandsLfs.Contains(verb) {
|
if allowedCommandsLfs.Contains(verb) {
|
||||||
if !setting.LFS.StartServer {
|
if !setting.LFS.StartServer {
|
||||||
return fail(ctx, "Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
|
return fail(ctx, "LFS Server is not enabled", "")
|
||||||
}
|
}
|
||||||
if verb == verbLfsTransfer && !setting.LFS.AllowPureSSH {
|
if verb == verbLfsTransfer && !setting.LFS.AllowPureSSH {
|
||||||
return fail(ctx, "Unknown git command", "LFS SSH transfer connection denied, pure SSH protocol is disabled")
|
return fail(ctx, "LFS SSH transfer is not enabled", "")
|
||||||
}
|
}
|
||||||
if len(words) > 2 {
|
if len(words) > 2 {
|
||||||
lfsVerb = words[2]
|
lfsVerb = words[2]
|
||||||
|
@ -1,4 +1,11 @@
|
|||||||
# These are the LFS objects in user2/lfs.git
|
# These are the LFS objects in user2/lfs.git
|
||||||
|
# user2/lfs is an INVALID repository
|
||||||
|
#
|
||||||
|
# commit e9c32647bab825977942598c0efa415de300304b (HEAD -> master)
|
||||||
|
# Author: Rowan Bohde <rowan.bohde@gmail.com>
|
||||||
|
# Date: Thu Aug 1 14:38:23 2024 -0500
|
||||||
|
#
|
||||||
|
# add invalid lfs file
|
||||||
-
|
-
|
||||||
|
|
||||||
id: 1
|
id: 1
|
||||||
@ -11,7 +18,7 @@
|
|||||||
|
|
||||||
id: 2
|
id: 2
|
||||||
oid: 2eccdb43825d2a49d99d542daa20075cff1d97d9d2349a8977efe9c03661737c
|
oid: 2eccdb43825d2a49d99d542daa20075cff1d97d9d2349a8977efe9c03661737c
|
||||||
size: 107
|
size: 107 # real size is 2048
|
||||||
repository_id: 54
|
repository_id: 54
|
||||||
created_unix: 1671607299
|
created_unix: 1671607299
|
||||||
|
|
||||||
@ -30,3 +37,12 @@
|
|||||||
size: 25
|
size: 25
|
||||||
repository_id: 54
|
repository_id: 54
|
||||||
created_unix: 1671607299
|
created_unix: 1671607299
|
||||||
|
|
||||||
|
# this file is missing
|
||||||
|
# -
|
||||||
|
#
|
||||||
|
# id: 5
|
||||||
|
# oid: 9d178b5f15046343fd32f451df93acc2bdd9e6373be478b968e4cad6b6647351
|
||||||
|
# size: 25
|
||||||
|
# repository_id: 54
|
||||||
|
# created_unix: 1671607299
|
||||||
|
@ -12,6 +12,7 @@ import (
|
|||||||
"code.gitea.io/gitea/modules/git"
|
"code.gitea.io/gitea/modules/git"
|
||||||
giturl "code.gitea.io/gitea/modules/git/url"
|
giturl "code.gitea.io/gitea/modules/git/url"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"code.gitea.io/gitea/modules/util"
|
||||||
|
|
||||||
"xorm.io/xorm"
|
"xorm.io/xorm"
|
||||||
)
|
)
|
||||||
@ -163,7 +164,9 @@ func migratePushMirrors(x *xorm.Engine) error {
|
|||||||
|
|
||||||
func getRemoteAddress(ownerName, repoName, remoteName string) (string, error) {
|
func getRemoteAddress(ownerName, repoName, remoteName string) (string, error) {
|
||||||
repoPath := filepath.Join(setting.RepoRootPath, strings.ToLower(ownerName), strings.ToLower(repoName)+".git")
|
repoPath := filepath.Join(setting.RepoRootPath, strings.ToLower(ownerName), strings.ToLower(repoName)+".git")
|
||||||
|
if exist, _ := util.IsExist(repoPath); !exist {
|
||||||
|
return "", nil
|
||||||
|
}
|
||||||
remoteURL, err := git.GetRemoteAddress(context.Background(), repoPath, remoteName)
|
remoteURL, err := git.GetRemoteAddress(context.Background(), repoPath, remoteName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("get remote %s's address of %s/%s failed: %v", remoteName, ownerName, repoName, err)
|
return "", fmt.Errorf("get remote %s's address of %s/%s failed: %v", remoteName, ownerName, repoName, err)
|
||||||
|
@ -146,9 +146,8 @@ func catFileBatch(ctx context.Context, repoPath string) (WriteCloserError, *bufi
|
|||||||
}
|
}
|
||||||
|
|
||||||
// ReadBatchLine reads the header line from cat-file --batch
|
// ReadBatchLine reads the header line from cat-file --batch
|
||||||
// We expect:
|
// We expect: <oid> SP <type> SP <size> LF
|
||||||
// <sha> SP <type> SP <size> LF
|
// then leaving the rest of the stream "<contents> LF" to be read
|
||||||
// sha is a hex encoded here
|
|
||||||
func ReadBatchLine(rd *bufio.Reader) (sha []byte, typ string, size int64, err error) {
|
func ReadBatchLine(rd *bufio.Reader) (sha []byte, typ string, size int64, err error) {
|
||||||
typ, err = rd.ReadString('\n')
|
typ, err = rd.ReadString('\n')
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -36,8 +36,8 @@ type GiteaBackend struct {
|
|||||||
ctx context.Context
|
ctx context.Context
|
||||||
server *url.URL
|
server *url.URL
|
||||||
op string
|
op string
|
||||||
token string
|
authToken string
|
||||||
itoken string
|
internalAuth string
|
||||||
logger transfer.Logger
|
logger transfer.Logger
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -48,7 +48,7 @@ func New(ctx context.Context, repo, op, token string, logger transfer.Logger) (t
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
server = server.JoinPath("api/internal/repo", repo, "info/lfs")
|
server = server.JoinPath("api/internal/repo", repo, "info/lfs")
|
||||||
return &GiteaBackend{ctx: ctx, server: server, op: op, token: token, itoken: fmt.Sprintf("Bearer %s", setting.InternalToken), logger: logger}, nil
|
return &GiteaBackend{ctx: ctx, server: server, op: op, authToken: token, internalAuth: fmt.Sprintf("Bearer %s", setting.InternalToken), logger: logger}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Batch implements transfer.Backend
|
// Batch implements transfer.Backend
|
||||||
@ -73,8 +73,8 @@ func (g *GiteaBackend) Batch(_ string, pointers []transfer.BatchItem, args trans
|
|||||||
}
|
}
|
||||||
url := g.server.JoinPath("objects/batch").String()
|
url := g.server.JoinPath("objects/batch").String()
|
||||||
headers := map[string]string{
|
headers := map[string]string{
|
||||||
headerAuthorisation: g.itoken,
|
headerAuthorization: g.authToken,
|
||||||
headerAuthX: g.token,
|
headerGiteaInternalAuth: g.internalAuth,
|
||||||
headerAccept: mimeGitLFS,
|
headerAccept: mimeGitLFS,
|
||||||
headerContentType: mimeGitLFS,
|
headerContentType: mimeGitLFS,
|
||||||
}
|
}
|
||||||
@ -119,7 +119,7 @@ func (g *GiteaBackend) Batch(_ string, pointers []transfer.BatchItem, args trans
|
|||||||
}
|
}
|
||||||
idMapStr := base64.StdEncoding.EncodeToString(idMapBytes)
|
idMapStr := base64.StdEncoding.EncodeToString(idMapBytes)
|
||||||
item.Args[argID] = idMapStr
|
item.Args[argID] = idMapStr
|
||||||
if authHeader, ok := action.Header[headerAuthorisation]; ok {
|
if authHeader, ok := action.Header[headerAuthorization]; ok {
|
||||||
authHeaderB64 := base64.StdEncoding.EncodeToString([]byte(authHeader))
|
authHeaderB64 := base64.StdEncoding.EncodeToString([]byte(authHeader))
|
||||||
item.Args[argToken] = authHeaderB64
|
item.Args[argToken] = authHeaderB64
|
||||||
}
|
}
|
||||||
@ -142,7 +142,7 @@ func (g *GiteaBackend) Batch(_ string, pointers []transfer.BatchItem, args trans
|
|||||||
}
|
}
|
||||||
idMapStr := base64.StdEncoding.EncodeToString(idMapBytes)
|
idMapStr := base64.StdEncoding.EncodeToString(idMapBytes)
|
||||||
item.Args[argID] = idMapStr
|
item.Args[argID] = idMapStr
|
||||||
if authHeader, ok := action.Header[headerAuthorisation]; ok {
|
if authHeader, ok := action.Header[headerAuthorization]; ok {
|
||||||
authHeaderB64 := base64.StdEncoding.EncodeToString([]byte(authHeader))
|
authHeaderB64 := base64.StdEncoding.EncodeToString([]byte(authHeader))
|
||||||
item.Args[argToken] = authHeaderB64
|
item.Args[argToken] = authHeaderB64
|
||||||
}
|
}
|
||||||
@ -183,8 +183,8 @@ func (g *GiteaBackend) Download(oid string, args transfer.Args) (io.ReadCloser,
|
|||||||
}
|
}
|
||||||
url := action.Href
|
url := action.Href
|
||||||
headers := map[string]string{
|
headers := map[string]string{
|
||||||
headerAuthorisation: g.itoken,
|
headerAuthorization: g.authToken,
|
||||||
headerAuthX: g.token,
|
headerGiteaInternalAuth: g.internalAuth,
|
||||||
headerAccept: mimeOctetStream,
|
headerAccept: mimeOctetStream,
|
||||||
}
|
}
|
||||||
req := newInternalRequest(g.ctx, url, http.MethodGet, headers, nil)
|
req := newInternalRequest(g.ctx, url, http.MethodGet, headers, nil)
|
||||||
@ -229,8 +229,8 @@ func (g *GiteaBackend) Upload(oid string, size int64, r io.Reader, args transfer
|
|||||||
}
|
}
|
||||||
url := action.Href
|
url := action.Href
|
||||||
headers := map[string]string{
|
headers := map[string]string{
|
||||||
headerAuthorisation: g.itoken,
|
headerAuthorization: g.authToken,
|
||||||
headerAuthX: g.token,
|
headerGiteaInternalAuth: g.internalAuth,
|
||||||
headerContentType: mimeOctetStream,
|
headerContentType: mimeOctetStream,
|
||||||
headerContentLength: strconv.FormatInt(size, 10),
|
headerContentLength: strconv.FormatInt(size, 10),
|
||||||
}
|
}
|
||||||
@ -279,8 +279,8 @@ func (g *GiteaBackend) Verify(oid string, size int64, args transfer.Args) (trans
|
|||||||
}
|
}
|
||||||
url := action.Href
|
url := action.Href
|
||||||
headers := map[string]string{
|
headers := map[string]string{
|
||||||
headerAuthorisation: g.itoken,
|
headerAuthorization: g.authToken,
|
||||||
headerAuthX: g.token,
|
headerGiteaInternalAuth: g.internalAuth,
|
||||||
headerAccept: mimeGitLFS,
|
headerAccept: mimeGitLFS,
|
||||||
headerContentType: mimeGitLFS,
|
headerContentType: mimeGitLFS,
|
||||||
}
|
}
|
||||||
|
@ -24,14 +24,14 @@ type giteaLockBackend struct {
|
|||||||
ctx context.Context
|
ctx context.Context
|
||||||
g *GiteaBackend
|
g *GiteaBackend
|
||||||
server *url.URL
|
server *url.URL
|
||||||
token string
|
authToken string
|
||||||
itoken string
|
internalAuth string
|
||||||
logger transfer.Logger
|
logger transfer.Logger
|
||||||
}
|
}
|
||||||
|
|
||||||
func newGiteaLockBackend(g *GiteaBackend) transfer.LockBackend {
|
func newGiteaLockBackend(g *GiteaBackend) transfer.LockBackend {
|
||||||
server := g.server.JoinPath("locks")
|
server := g.server.JoinPath("locks")
|
||||||
return &giteaLockBackend{ctx: g.ctx, g: g, server: server, token: g.token, itoken: g.itoken, logger: g.logger}
|
return &giteaLockBackend{ctx: g.ctx, g: g, server: server, authToken: g.authToken, internalAuth: g.internalAuth, logger: g.logger}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create implements transfer.LockBackend
|
// Create implements transfer.LockBackend
|
||||||
@ -45,8 +45,8 @@ func (g *giteaLockBackend) Create(path, refname string) (transfer.Lock, error) {
|
|||||||
}
|
}
|
||||||
url := g.server.String()
|
url := g.server.String()
|
||||||
headers := map[string]string{
|
headers := map[string]string{
|
||||||
headerAuthorisation: g.itoken,
|
headerAuthorization: g.authToken,
|
||||||
headerAuthX: g.token,
|
headerGiteaInternalAuth: g.internalAuth,
|
||||||
headerAccept: mimeGitLFS,
|
headerAccept: mimeGitLFS,
|
||||||
headerContentType: mimeGitLFS,
|
headerContentType: mimeGitLFS,
|
||||||
}
|
}
|
||||||
@ -97,8 +97,8 @@ func (g *giteaLockBackend) Unlock(lock transfer.Lock) error {
|
|||||||
}
|
}
|
||||||
url := g.server.JoinPath(lock.ID(), "unlock").String()
|
url := g.server.JoinPath(lock.ID(), "unlock").String()
|
||||||
headers := map[string]string{
|
headers := map[string]string{
|
||||||
headerAuthorisation: g.itoken,
|
headerAuthorization: g.authToken,
|
||||||
headerAuthX: g.token,
|
headerGiteaInternalAuth: g.internalAuth,
|
||||||
headerAccept: mimeGitLFS,
|
headerAccept: mimeGitLFS,
|
||||||
headerContentType: mimeGitLFS,
|
headerContentType: mimeGitLFS,
|
||||||
}
|
}
|
||||||
@ -180,8 +180,8 @@ func (g *giteaLockBackend) queryLocks(v url.Values) ([]transfer.Lock, string, er
|
|||||||
urlq.RawQuery = v.Encode()
|
urlq.RawQuery = v.Encode()
|
||||||
url := urlq.String()
|
url := urlq.String()
|
||||||
headers := map[string]string{
|
headers := map[string]string{
|
||||||
headerAuthorisation: g.itoken,
|
headerAuthorization: g.authToken,
|
||||||
headerAuthX: g.token,
|
headerGiteaInternalAuth: g.internalAuth,
|
||||||
headerAccept: mimeGitLFS,
|
headerAccept: mimeGitLFS,
|
||||||
headerContentType: mimeGitLFS,
|
headerContentType: mimeGitLFS,
|
||||||
}
|
}
|
||||||
|
@ -21,8 +21,8 @@ import (
|
|||||||
// HTTP headers
|
// HTTP headers
|
||||||
const (
|
const (
|
||||||
headerAccept = "Accept"
|
headerAccept = "Accept"
|
||||||
headerAuthorisation = "Authorization"
|
headerAuthorization = "Authorization"
|
||||||
headerAuthX = "X-Auth"
|
headerGiteaInternalAuth = "X-Gitea-Internal-Auth"
|
||||||
headerContentType = "Content-Type"
|
headerContentType = "Content-Type"
|
||||||
headerContentLength = "Content-Length"
|
headerContentLength = "Content-Length"
|
||||||
)
|
)
|
||||||
|
@ -43,7 +43,7 @@ Ensure you are running in the correct environment or set the correct configurati
|
|||||||
req := httplib.NewRequest(url, method).
|
req := httplib.NewRequest(url, method).
|
||||||
SetContext(ctx).
|
SetContext(ctx).
|
||||||
Header("X-Real-IP", getClientIP()).
|
Header("X-Real-IP", getClientIP()).
|
||||||
Header("Authorization", fmt.Sprintf("Bearer %s", setting.InternalToken)).
|
Header("X-Gitea-Internal-Auth", fmt.Sprintf("Bearer %s", setting.InternalToken)).
|
||||||
SetTLSClientConfig(&tls.Config{
|
SetTLSClientConfig(&tls.Config{
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
ServerName: setting.Domain,
|
ServerName: setting.Domain,
|
||||||
|
@ -6,6 +6,7 @@ package web
|
|||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
@ -82,15 +83,23 @@ func (r *Router) getPattern(pattern string) string {
|
|||||||
return strings.TrimSuffix(newPattern, "/")
|
return strings.TrimSuffix(newPattern, "/")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func isNilOrFuncNil(v any) bool {
|
||||||
|
if v == nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
r := reflect.ValueOf(v)
|
||||||
|
return r.Kind() == reflect.Func && r.IsNil()
|
||||||
|
}
|
||||||
|
|
||||||
func (r *Router) wrapMiddlewareAndHandler(h []any) ([]func(http.Handler) http.Handler, http.HandlerFunc) {
|
func (r *Router) wrapMiddlewareAndHandler(h []any) ([]func(http.Handler) http.Handler, http.HandlerFunc) {
|
||||||
handlerProviders := make([]func(http.Handler) http.Handler, 0, len(r.curMiddlewares)+len(h)+1)
|
handlerProviders := make([]func(http.Handler) http.Handler, 0, len(r.curMiddlewares)+len(h)+1)
|
||||||
for _, m := range r.curMiddlewares {
|
for _, m := range r.curMiddlewares {
|
||||||
if m != nil {
|
if !isNilOrFuncNil(m) {
|
||||||
handlerProviders = append(handlerProviders, toHandlerProvider(m))
|
handlerProviders = append(handlerProviders, toHandlerProvider(m))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for _, m := range h {
|
for _, m := range h {
|
||||||
if h != nil {
|
if !isNilOrFuncNil(m) {
|
||||||
handlerProviders = append(handlerProviders, toHandlerProvider(m))
|
handlerProviders = append(handlerProviders, toHandlerProvider(m))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
29
routers/common/lfs.go
Normal file
29
routers/common/lfs.go
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
// Copyright 2024 The Gitea Authors. All rights reserved.
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package common
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/web"
|
||||||
|
"code.gitea.io/gitea/services/lfs"
|
||||||
|
)
|
||||||
|
|
||||||
|
func AddOwnerRepoGitLFSRoutes(m *web.Router, middlewares ...any) {
|
||||||
|
// shared by web and internal routers
|
||||||
|
m.Group("/{username}/{reponame}/info/lfs", func() {
|
||||||
|
m.Post("/objects/batch", lfs.CheckAcceptMediaType, lfs.BatchHandler)
|
||||||
|
m.Put("/objects/{oid}/{size}", lfs.UploadHandler)
|
||||||
|
m.Get("/objects/{oid}/{filename}", lfs.DownloadHandler)
|
||||||
|
m.Get("/objects/{oid}", lfs.DownloadHandler)
|
||||||
|
m.Post("/verify", lfs.CheckAcceptMediaType, lfs.VerifyHandler)
|
||||||
|
m.Group("/locks", func() {
|
||||||
|
m.Get("/", lfs.GetListLockHandler)
|
||||||
|
m.Post("/", lfs.PostLockHandler)
|
||||||
|
m.Post("/verify", lfs.VerifyLockHandler)
|
||||||
|
m.Post("/{lid}/unlock", lfs.UnLockHandler)
|
||||||
|
}, lfs.CheckAcceptMediaType)
|
||||||
|
m.Any("/*", http.NotFound)
|
||||||
|
}, middlewares...)
|
||||||
|
}
|
@ -5,6 +5,7 @@
|
|||||||
package private
|
package private
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/subtle"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
@ -14,28 +15,30 @@ import (
|
|||||||
"code.gitea.io/gitea/modules/web"
|
"code.gitea.io/gitea/modules/web"
|
||||||
"code.gitea.io/gitea/routers/common"
|
"code.gitea.io/gitea/routers/common"
|
||||||
"code.gitea.io/gitea/services/context"
|
"code.gitea.io/gitea/services/context"
|
||||||
"code.gitea.io/gitea/services/lfs"
|
|
||||||
|
|
||||||
"gitea.com/go-chi/binding"
|
"gitea.com/go-chi/binding"
|
||||||
chi_middleware "github.com/go-chi/chi/v5/middleware"
|
chi_middleware "github.com/go-chi/chi/v5/middleware"
|
||||||
)
|
)
|
||||||
|
|
||||||
// CheckInternalToken check internal token is set
|
const RouterMockPointInternalLFS = "internal-lfs"
|
||||||
func CheckInternalToken(next http.Handler) http.Handler {
|
|
||||||
|
func authInternal(next http.Handler) http.Handler {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||||
tokens := req.Header.Get("Authorization")
|
|
||||||
fields := strings.SplitN(tokens, " ", 2)
|
|
||||||
if setting.InternalToken == "" {
|
if setting.InternalToken == "" {
|
||||||
log.Warn(`The INTERNAL_TOKEN setting is missing from the configuration file: %q, internal API can't work.`, setting.CustomConf)
|
log.Warn(`The INTERNAL_TOKEN setting is missing from the configuration file: %q, internal API can't work.`, setting.CustomConf)
|
||||||
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if len(fields) != 2 || fields[0] != "Bearer" || fields[1] != setting.InternalToken {
|
|
||||||
|
tokens := req.Header.Get("X-Gitea-Internal-Auth") // TODO: use something like JWT or HMAC to avoid passing the token in the clear
|
||||||
|
after, found := strings.CutPrefix(tokens, "Bearer ")
|
||||||
|
authSucceeded := found && subtle.ConstantTimeCompare([]byte(after), []byte(setting.InternalToken)) == 1
|
||||||
|
if !authSucceeded {
|
||||||
log.Debug("Forbidden attempt to access internal url: Authorization header: %s", tokens)
|
log.Debug("Forbidden attempt to access internal url: Authorization header: %s", tokens)
|
||||||
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
||||||
} else {
|
return
|
||||||
next.ServeHTTP(w, req)
|
|
||||||
}
|
}
|
||||||
|
next.ServeHTTP(w, req)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -48,20 +51,12 @@ func bind[T any](_ T) any {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// SwapAuthToken swaps Authorization header with X-Auth header
|
|
||||||
func swapAuthToken(next http.Handler) http.Handler {
|
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
req.Header.Set("Authorization", req.Header.Get("X-Auth"))
|
|
||||||
next.ServeHTTP(w, req)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
// Routes registers all internal APIs routes to web application.
|
// Routes registers all internal APIs routes to web application.
|
||||||
// These APIs will be invoked by internal commands for example `gitea serv` and etc.
|
// These APIs will be invoked by internal commands for example `gitea serv` and etc.
|
||||||
func Routes() *web.Router {
|
func Routes() *web.Router {
|
||||||
r := web.NewRouter()
|
r := web.NewRouter()
|
||||||
r.Use(context.PrivateContexter())
|
r.Use(context.PrivateContexter())
|
||||||
r.Use(CheckInternalToken)
|
r.Use(authInternal)
|
||||||
// Log the real ip address of the request from SSH is really helpful for diagnosing sometimes.
|
// Log the real ip address of the request from SSH is really helpful for diagnosing sometimes.
|
||||||
// Since internal API will be sent only from Gitea sub commands and it's under control (checked by InternalToken), we can trust the headers.
|
// Since internal API will be sent only from Gitea sub commands and it's under control (checked by InternalToken), we can trust the headers.
|
||||||
r.Use(chi_middleware.RealIP)
|
r.Use(chi_middleware.RealIP)
|
||||||
@ -90,25 +85,13 @@ func Routes() *web.Router {
|
|||||||
r.Post("/restore_repo", RestoreRepo)
|
r.Post("/restore_repo", RestoreRepo)
|
||||||
r.Post("/actions/generate_actions_runner_token", GenerateActionsRunnerToken)
|
r.Post("/actions/generate_actions_runner_token", GenerateActionsRunnerToken)
|
||||||
|
|
||||||
r.Group("/repo/{username}/{reponame}", func() {
|
r.Group("/repo", func() {
|
||||||
r.Group("/info/lfs", func() {
|
// FIXME: it is not right to use context.Contexter here because all routes here should use PrivateContext
|
||||||
r.Post("/objects/batch", lfs.CheckAcceptMediaType, lfs.BatchHandler)
|
common.AddOwnerRepoGitLFSRoutes(r, func(ctx *context.PrivateContext) {
|
||||||
r.Put("/objects/{oid}/{size}", lfs.UploadHandler)
|
webContext := &context.Context{Base: ctx.Base}
|
||||||
r.Get("/objects/{oid}/{filename}", lfs.DownloadHandler)
|
ctx.AppendContextValue(context.WebContextKey, webContext)
|
||||||
r.Get("/objects/{oid}", lfs.DownloadHandler)
|
}, web.RouterMockPoint(RouterMockPointInternalLFS))
|
||||||
r.Post("/verify", lfs.CheckAcceptMediaType, lfs.VerifyHandler)
|
|
||||||
r.Group("/locks", func() {
|
|
||||||
r.Get("/", lfs.GetListLockHandler)
|
|
||||||
r.Post("/", lfs.PostLockHandler)
|
|
||||||
r.Post("/verify", lfs.VerifyLockHandler)
|
|
||||||
r.Post("/{lid}/unlock", lfs.UnLockHandler)
|
|
||||||
}, lfs.CheckAcceptMediaType)
|
|
||||||
r.Any("/*", func(ctx *context.Context) {
|
|
||||||
ctx.NotFound("", nil)
|
|
||||||
})
|
})
|
||||||
}, swapAuthToken)
|
|
||||||
}, common.Sessioner(), context.Contexter())
|
|
||||||
// end "/repo/{username}/{reponame}": git (LFS) API mirror
|
|
||||||
|
|
||||||
return r
|
return r
|
||||||
}
|
}
|
||||||
|
@ -44,7 +44,6 @@ import (
|
|||||||
auth_service "code.gitea.io/gitea/services/auth"
|
auth_service "code.gitea.io/gitea/services/auth"
|
||||||
"code.gitea.io/gitea/services/context"
|
"code.gitea.io/gitea/services/context"
|
||||||
"code.gitea.io/gitea/services/forms"
|
"code.gitea.io/gitea/services/forms"
|
||||||
"code.gitea.io/gitea/services/lfs"
|
|
||||||
|
|
||||||
_ "code.gitea.io/gitea/modules/session" // to registers all internal adapters
|
_ "code.gitea.io/gitea/modules/session" // to registers all internal adapters
|
||||||
|
|
||||||
@ -1598,23 +1597,8 @@ func registerRoutes(m *web.Router) {
|
|||||||
m.Post("/action/{action}", reqSignIn, repo.Action)
|
m.Post("/action/{action}", reqSignIn, repo.Action)
|
||||||
}, ignSignIn, context.RepoAssignment, context.RepoRef())
|
}, ignSignIn, context.RepoAssignment, context.RepoRef())
|
||||||
|
|
||||||
|
common.AddOwnerRepoGitLFSRoutes(m, ignSignInAndCsrf, lfsServerEnabled)
|
||||||
m.Group("/{username}/{reponame}", func() {
|
m.Group("/{username}/{reponame}", func() {
|
||||||
m.Group("/info/lfs", func() {
|
|
||||||
m.Post("/objects/batch", lfs.CheckAcceptMediaType, lfs.BatchHandler)
|
|
||||||
m.Put("/objects/{oid}/{size}", lfs.UploadHandler)
|
|
||||||
m.Get("/objects/{oid}/{filename}", lfs.DownloadHandler)
|
|
||||||
m.Get("/objects/{oid}", lfs.DownloadHandler)
|
|
||||||
m.Post("/verify", lfs.CheckAcceptMediaType, lfs.VerifyHandler)
|
|
||||||
m.Group("/locks", func() {
|
|
||||||
m.Get("/", lfs.GetListLockHandler)
|
|
||||||
m.Post("/", lfs.PostLockHandler)
|
|
||||||
m.Post("/verify", lfs.VerifyLockHandler)
|
|
||||||
m.Post("/{lid}/unlock", lfs.UnLockHandler)
|
|
||||||
}, lfs.CheckAcceptMediaType)
|
|
||||||
m.Any("/*", func(ctx *context.Context) {
|
|
||||||
ctx.NotFound("", nil)
|
|
||||||
})
|
|
||||||
}, ignSignInAndCsrf, lfsServerEnabled)
|
|
||||||
gitHTTPRouters(m)
|
gitHTTPRouters(m)
|
||||||
})
|
})
|
||||||
// end "/{username}/{reponame}.git": git support
|
// end "/{username}/{reponame}.git": git support
|
||||||
|
@ -39,7 +39,7 @@ func TestAPIGetRawFileOrLFS(t *testing.T) {
|
|||||||
|
|
||||||
t.Run("Partial Clone", doPartialGitClone(dstPath2, u))
|
t.Run("Partial Clone", doPartialGitClone(dstPath2, u))
|
||||||
|
|
||||||
lfs, _ := lfsCommitAndPushTest(t, dstPath)
|
lfs := lfsCommitAndPushTest(t, dstPath, littleSize)[0]
|
||||||
|
|
||||||
reqLFS := NewRequest(t, "GET", "/api/v1/repos/user2/repo1/media/"+lfs)
|
reqLFS := NewRequest(t, "GET", "/api/v1/repos/user2/repo1/media/"+lfs)
|
||||||
respLFS := MakeRequestNilResponseRecorder(t, reqLFS, http.StatusOK)
|
respLFS := MakeRequestNilResponseRecorder(t, reqLFS, http.StatusOK)
|
||||||
|
@ -4,8 +4,6 @@
|
|||||||
package integration
|
package integration
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"context"
|
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"fmt"
|
"fmt"
|
||||||
@ -26,27 +24,25 @@ import (
|
|||||||
"code.gitea.io/gitea/models/unittest"
|
"code.gitea.io/gitea/models/unittest"
|
||||||
user_model "code.gitea.io/gitea/models/user"
|
user_model "code.gitea.io/gitea/models/user"
|
||||||
"code.gitea.io/gitea/modules/git"
|
"code.gitea.io/gitea/modules/git"
|
||||||
"code.gitea.io/gitea/modules/gitrepo"
|
|
||||||
"code.gitea.io/gitea/modules/lfs"
|
"code.gitea.io/gitea/modules/lfs"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
api "code.gitea.io/gitea/modules/structs"
|
api "code.gitea.io/gitea/modules/structs"
|
||||||
gitea_context "code.gitea.io/gitea/services/context"
|
gitea_context "code.gitea.io/gitea/services/context"
|
||||||
files_service "code.gitea.io/gitea/services/repository/files"
|
|
||||||
"code.gitea.io/gitea/tests"
|
"code.gitea.io/gitea/tests"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
littleSize = 1024 // 1ko
|
littleSize = 1024 // 1K
|
||||||
bigSize = 128 * 1024 * 1024 // 128Mo
|
bigSize = 128 * 1024 * 1024 // 128M
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestGit(t *testing.T) {
|
func TestGitGeneral(t *testing.T) {
|
||||||
onGiteaRun(t, testGit)
|
onGiteaRun(t, testGitGeneral)
|
||||||
}
|
}
|
||||||
|
|
||||||
func testGit(t *testing.T, u *url.URL) {
|
func testGitGeneral(t *testing.T, u *url.URL) {
|
||||||
username := "user2"
|
username := "user2"
|
||||||
baseAPITestContext := NewAPITestContext(t, username, "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
|
baseAPITestContext := NewAPITestContext(t, username, "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
|
||||||
|
|
||||||
@ -77,10 +73,10 @@ func testGit(t *testing.T, u *url.URL) {
|
|||||||
|
|
||||||
t.Run("Partial Clone", doPartialGitClone(dstPath2, u))
|
t.Run("Partial Clone", doPartialGitClone(dstPath2, u))
|
||||||
|
|
||||||
little, big := standardCommitAndPushTest(t, dstPath)
|
pushedFilesStandard := standardCommitAndPushTest(t, dstPath, littleSize, bigSize)
|
||||||
littleLFS, bigLFS := lfsCommitAndPushTest(t, dstPath)
|
pushedFilesLFS := lfsCommitAndPushTest(t, dstPath, littleSize, bigSize)
|
||||||
rawTest(t, &httpContext, little, big, littleLFS, bigLFS)
|
rawTest(t, &httpContext, pushedFilesStandard[0], pushedFilesStandard[1], pushedFilesLFS[0], pushedFilesLFS[1])
|
||||||
mediaTest(t, &httpContext, little, big, littleLFS, bigLFS)
|
mediaTest(t, &httpContext, pushedFilesStandard[0], pushedFilesStandard[1], pushedFilesLFS[0], pushedFilesLFS[1])
|
||||||
|
|
||||||
t.Run("CreateAgitFlowPull", doCreateAgitFlowPull(dstPath, &httpContext, "test/head"))
|
t.Run("CreateAgitFlowPull", doCreateAgitFlowPull(dstPath, &httpContext, "test/head"))
|
||||||
t.Run("BranchProtectMerge", doBranchProtectPRMerge(&httpContext, dstPath))
|
t.Run("BranchProtectMerge", doBranchProtectPRMerge(&httpContext, dstPath))
|
||||||
@ -89,8 +85,8 @@ func testGit(t *testing.T, u *url.URL) {
|
|||||||
t.Run("MergeFork", func(t *testing.T) {
|
t.Run("MergeFork", func(t *testing.T) {
|
||||||
defer tests.PrintCurrentTest(t)()
|
defer tests.PrintCurrentTest(t)()
|
||||||
t.Run("CreatePRAndMerge", doMergeFork(httpContext, forkedUserCtx, "master", httpContext.Username+":master"))
|
t.Run("CreatePRAndMerge", doMergeFork(httpContext, forkedUserCtx, "master", httpContext.Username+":master"))
|
||||||
rawTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
|
rawTest(t, &forkedUserCtx, pushedFilesStandard[0], pushedFilesStandard[1], pushedFilesLFS[0], pushedFilesLFS[1])
|
||||||
mediaTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
|
mediaTest(t, &forkedUserCtx, pushedFilesStandard[0], pushedFilesStandard[1], pushedFilesLFS[0], pushedFilesLFS[1])
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("PushCreate", doPushCreate(httpContext, u))
|
t.Run("PushCreate", doPushCreate(httpContext, u))
|
||||||
@ -118,18 +114,18 @@ func testGit(t *testing.T, u *url.URL) {
|
|||||||
|
|
||||||
t.Run("Clone", doGitClone(dstPath, sshURL))
|
t.Run("Clone", doGitClone(dstPath, sshURL))
|
||||||
|
|
||||||
little, big := standardCommitAndPushTest(t, dstPath)
|
pushedFilesStandard := standardCommitAndPushTest(t, dstPath, littleSize, bigSize)
|
||||||
littleLFS, bigLFS := lfsCommitAndPushTest(t, dstPath)
|
pushedFilesLFS := lfsCommitAndPushTest(t, dstPath, littleSize, bigSize)
|
||||||
rawTest(t, &sshContext, little, big, littleLFS, bigLFS)
|
rawTest(t, &sshContext, pushedFilesStandard[0], pushedFilesStandard[1], pushedFilesLFS[0], pushedFilesLFS[1])
|
||||||
mediaTest(t, &sshContext, little, big, littleLFS, bigLFS)
|
mediaTest(t, &sshContext, pushedFilesStandard[0], pushedFilesStandard[1], pushedFilesLFS[0], pushedFilesLFS[1])
|
||||||
|
|
||||||
t.Run("CreateAgitFlowPull", doCreateAgitFlowPull(dstPath, &sshContext, "test/head2"))
|
t.Run("CreateAgitFlowPull", doCreateAgitFlowPull(dstPath, &sshContext, "test/head2"))
|
||||||
t.Run("BranchProtectMerge", doBranchProtectPRMerge(&sshContext, dstPath))
|
t.Run("BranchProtectMerge", doBranchProtectPRMerge(&sshContext, dstPath))
|
||||||
t.Run("MergeFork", func(t *testing.T) {
|
t.Run("MergeFork", func(t *testing.T) {
|
||||||
defer tests.PrintCurrentTest(t)()
|
defer tests.PrintCurrentTest(t)()
|
||||||
t.Run("CreatePRAndMerge", doMergeFork(sshContext, forkedUserCtx, "master", sshContext.Username+":master"))
|
t.Run("CreatePRAndMerge", doMergeFork(sshContext, forkedUserCtx, "master", sshContext.Username+":master"))
|
||||||
rawTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
|
rawTest(t, &forkedUserCtx, pushedFilesStandard[0], pushedFilesStandard[1], pushedFilesLFS[0], pushedFilesLFS[1])
|
||||||
mediaTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
|
mediaTest(t, &forkedUserCtx, pushedFilesStandard[0], pushedFilesStandard[1], pushedFilesLFS[0], pushedFilesLFS[1])
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("PushCreate", doPushCreate(sshContext, sshURL))
|
t.Run("PushCreate", doPushCreate(sshContext, sshURL))
|
||||||
@ -142,16 +138,16 @@ func ensureAnonymousClone(t *testing.T, u *url.URL) {
|
|||||||
t.Run("CloneAnonymous", doGitClone(dstLocalPath, u))
|
t.Run("CloneAnonymous", doGitClone(dstLocalPath, u))
|
||||||
}
|
}
|
||||||
|
|
||||||
func standardCommitAndPushTest(t *testing.T, dstPath string) (little, big string) {
|
func standardCommitAndPushTest(t *testing.T, dstPath string, sizes ...int) (pushedFiles []string) {
|
||||||
t.Run("Standard", func(t *testing.T) {
|
t.Run("CommitAndPushStandard", func(t *testing.T) {
|
||||||
defer tests.PrintCurrentTest(t)()
|
defer tests.PrintCurrentTest(t)()
|
||||||
little, big = commitAndPushTest(t, dstPath, "data-file-")
|
pushedFiles = commitAndPushTest(t, dstPath, "data-file-", sizes...)
|
||||||
})
|
})
|
||||||
return little, big
|
return pushedFiles
|
||||||
}
|
}
|
||||||
|
|
||||||
func lfsCommitAndPushTest(t *testing.T, dstPath string) (littleLFS, bigLFS string) {
|
func lfsCommitAndPushTest(t *testing.T, dstPath string, sizes ...int) (pushedFiles []string) {
|
||||||
t.Run("LFS", func(t *testing.T) {
|
t.Run("CommitAndPushLFS", func(t *testing.T) {
|
||||||
defer tests.PrintCurrentTest(t)()
|
defer tests.PrintCurrentTest(t)()
|
||||||
prefix := "lfs-data-file-"
|
prefix := "lfs-data-file-"
|
||||||
err := git.NewCommand(git.DefaultContext, "lfs").AddArguments("install").Run(&git.RunOpts{Dir: dstPath})
|
err := git.NewCommand(git.DefaultContext, "lfs").AddArguments("install").Run(&git.RunOpts{Dir: dstPath})
|
||||||
@ -176,33 +172,23 @@ func lfsCommitAndPushTest(t *testing.T, dstPath string) (littleLFS, bigLFS strin
|
|||||||
})
|
})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
littleLFS, bigLFS = commitAndPushTest(t, dstPath, prefix)
|
pushedFiles = commitAndPushTest(t, dstPath, prefix, sizes...)
|
||||||
|
|
||||||
t.Run("Locks", func(t *testing.T) {
|
t.Run("Locks", func(t *testing.T) {
|
||||||
defer tests.PrintCurrentTest(t)()
|
defer tests.PrintCurrentTest(t)()
|
||||||
lockTest(t, dstPath)
|
lockTest(t, dstPath)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
return littleLFS, bigLFS
|
return pushedFiles
|
||||||
}
|
}
|
||||||
|
|
||||||
func commitAndPushTest(t *testing.T, dstPath, prefix string) (little, big string) {
|
func commitAndPushTest(t *testing.T, dstPath, prefix string, sizes ...int) (pushedFiles []string) {
|
||||||
t.Run("PushCommit", func(t *testing.T) {
|
for _, size := range sizes {
|
||||||
|
t.Run("PushCommit Size-"+strconv.Itoa(size), func(t *testing.T) {
|
||||||
defer tests.PrintCurrentTest(t)()
|
defer tests.PrintCurrentTest(t)()
|
||||||
t.Run("Little", func(t *testing.T) {
|
pushedFiles = append(pushedFiles, doCommitAndPush(t, size, dstPath, prefix))
|
||||||
defer tests.PrintCurrentTest(t)()
|
|
||||||
little = doCommitAndPush(t, littleSize, dstPath, prefix)
|
|
||||||
})
|
})
|
||||||
t.Run("Big", func(t *testing.T) {
|
|
||||||
if testing.Short() {
|
|
||||||
t.Skip("Skipping test in short mode.")
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
defer tests.PrintCurrentTest(t)()
|
return pushedFiles
|
||||||
big = doCommitAndPush(t, bigSize, dstPath, prefix)
|
|
||||||
})
|
|
||||||
})
|
|
||||||
return little, big
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func rawTest(t *testing.T, ctx *APITestContext, little, big, littleLFS, bigLFS string) {
|
func rawTest(t *testing.T, ctx *APITestContext, little, big, littleLFS, bigLFS string) {
|
||||||
@ -903,100 +889,3 @@ func doCreateAgitFlowPull(dstPath string, ctx *APITestContext, headBranch string
|
|||||||
t.Run("CheckoutMasterAgain", doGitCheckoutBranch(dstPath, "master"))
|
t.Run("CheckoutMasterAgain", doGitCheckoutBranch(dstPath, "master"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDataAsync_Issue29101(t *testing.T) {
|
|
||||||
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
|
||||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
|
||||||
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
|
|
||||||
|
|
||||||
resp, err := files_service.ChangeRepoFiles(db.DefaultContext, repo, user, &files_service.ChangeRepoFilesOptions{
|
|
||||||
Files: []*files_service.ChangeRepoFile{
|
|
||||||
{
|
|
||||||
Operation: "create",
|
|
||||||
TreePath: "test.txt",
|
|
||||||
ContentReader: bytes.NewReader(make([]byte, 10000)),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
OldBranch: repo.DefaultBranch,
|
|
||||||
NewBranch: repo.DefaultBranch,
|
|
||||||
})
|
|
||||||
assert.NoError(t, err)
|
|
||||||
|
|
||||||
sha := resp.Commit.SHA
|
|
||||||
|
|
||||||
gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, repo)
|
|
||||||
assert.NoError(t, err)
|
|
||||||
|
|
||||||
commit, err := gitRepo.GetCommit(sha)
|
|
||||||
assert.NoError(t, err)
|
|
||||||
|
|
||||||
entry, err := commit.GetTreeEntryByPath("test.txt")
|
|
||||||
assert.NoError(t, err)
|
|
||||||
|
|
||||||
b := entry.Blob()
|
|
||||||
|
|
||||||
r, err := b.DataAsync()
|
|
||||||
assert.NoError(t, err)
|
|
||||||
defer r.Close()
|
|
||||||
|
|
||||||
r2, err := b.DataAsync()
|
|
||||||
assert.NoError(t, err)
|
|
||||||
defer r2.Close()
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestAgitPullPush(t *testing.T) {
|
|
||||||
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
|
||||||
baseAPITestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
|
|
||||||
|
|
||||||
u.Path = baseAPITestContext.GitPath()
|
|
||||||
u.User = url.UserPassword("user2", userPassword)
|
|
||||||
|
|
||||||
dstPath := t.TempDir()
|
|
||||||
doGitClone(dstPath, u)(t)
|
|
||||||
|
|
||||||
gitRepo, err := git.OpenRepository(context.Background(), dstPath)
|
|
||||||
assert.NoError(t, err)
|
|
||||||
defer gitRepo.Close()
|
|
||||||
|
|
||||||
doGitCreateBranch(dstPath, "test-agit-push")
|
|
||||||
|
|
||||||
// commit 1
|
|
||||||
_, err = generateCommitWithNewData(littleSize, dstPath, "user2@example.com", "User Two", "branch-data-file-")
|
|
||||||
assert.NoError(t, err)
|
|
||||||
|
|
||||||
// push to create an agit pull request
|
|
||||||
err = git.NewCommand(git.DefaultContext, "push", "origin",
|
|
||||||
"-o", "title=test-title", "-o", "description=test-description",
|
|
||||||
"HEAD:refs/for/master/test-agit-push",
|
|
||||||
).Run(&git.RunOpts{Dir: dstPath})
|
|
||||||
assert.NoError(t, err)
|
|
||||||
|
|
||||||
// check pull request exist
|
|
||||||
pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{BaseRepoID: 1, Flow: issues_model.PullRequestFlowAGit, HeadBranch: "user2/test-agit-push"})
|
|
||||||
assert.NoError(t, pr.LoadIssue(db.DefaultContext))
|
|
||||||
assert.Equal(t, "test-title", pr.Issue.Title)
|
|
||||||
assert.Equal(t, "test-description", pr.Issue.Content)
|
|
||||||
|
|
||||||
// commit 2
|
|
||||||
_, err = generateCommitWithNewData(littleSize, dstPath, "user2@example.com", "User Two", "branch-data-file-2-")
|
|
||||||
assert.NoError(t, err)
|
|
||||||
|
|
||||||
// push 2
|
|
||||||
err = git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master/test-agit-push").Run(&git.RunOpts{Dir: dstPath})
|
|
||||||
assert.NoError(t, err)
|
|
||||||
|
|
||||||
// reset to first commit
|
|
||||||
err = git.NewCommand(git.DefaultContext, "reset", "--hard", "HEAD~1").Run(&git.RunOpts{Dir: dstPath})
|
|
||||||
assert.NoError(t, err)
|
|
||||||
|
|
||||||
// test force push without confirm
|
|
||||||
_, stderr, err := git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master/test-agit-push").RunStdString(&git.RunOpts{Dir: dstPath})
|
|
||||||
assert.Error(t, err)
|
|
||||||
assert.Contains(t, stderr, "[remote rejected] HEAD -> refs/for/master/test-agit-push (request `force-push` push option)")
|
|
||||||
|
|
||||||
// test force push with confirm
|
|
||||||
err = git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master/test-agit-push", "-o", "force-push").Run(&git.RunOpts{Dir: dstPath})
|
|
||||||
assert.NoError(t, err)
|
|
||||||
})
|
|
||||||
}
|
|
61
tests/integration/git_lfs_ssh_test.go
Normal file
61
tests/integration/git_lfs_ssh_test.go
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
// Copyright 2024 The Gitea Authors. All rights reserved.
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package integration
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/url"
|
||||||
|
"sync"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
auth_model "code.gitea.io/gitea/models/auth"
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"code.gitea.io/gitea/modules/web"
|
||||||
|
"code.gitea.io/gitea/routers/private"
|
||||||
|
"code.gitea.io/gitea/services/context"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestGitLFSSSH(t *testing.T) {
|
||||||
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||||
|
dstPath := t.TempDir()
|
||||||
|
apiTestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
|
||||||
|
|
||||||
|
var mu sync.Mutex
|
||||||
|
var routerCalls []string
|
||||||
|
web.RouteMock(private.RouterMockPointInternalLFS, func(ctx *context.PrivateContext) {
|
||||||
|
mu.Lock()
|
||||||
|
routerCalls = append(routerCalls, ctx.Req.Method+" "+ctx.Req.URL.Path)
|
||||||
|
mu.Unlock()
|
||||||
|
})
|
||||||
|
|
||||||
|
withKeyFile(t, "my-testing-key", func(keyFile string) {
|
||||||
|
t.Run("CreateUserKey", doAPICreateUserKey(apiTestContext, "test-key", keyFile))
|
||||||
|
cloneURL := createSSHUrl(apiTestContext.GitPath(), u)
|
||||||
|
t.Run("Clone", doGitClone(dstPath, cloneURL))
|
||||||
|
|
||||||
|
cfg, err := setting.CfgProvider.PrepareSaving()
|
||||||
|
require.NoError(t, err)
|
||||||
|
cfg.Section("server").Key("LFS_ALLOW_PURE_SSH").SetValue("true")
|
||||||
|
setting.LFS.AllowPureSSH = true
|
||||||
|
require.NoError(t, cfg.Save())
|
||||||
|
|
||||||
|
// do LFS SSH transfer?
|
||||||
|
lfsCommitAndPushTest(t, dstPath, 10)
|
||||||
|
})
|
||||||
|
|
||||||
|
// FIXME: Here we only see the following calls, but actually there should be calls to "PUT"?
|
||||||
|
// 0 = {string} "GET /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
||||||
|
// 1 = {string} "POST /api/internal/repo/user2/repo1.git/info/lfs/objects/batch"
|
||||||
|
// 2 = {string} "GET /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
||||||
|
// 3 = {string} "POST /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
||||||
|
// 4 = {string} "GET /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
||||||
|
// 5 = {string} "GET /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
||||||
|
// 6 = {string} "GET /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
||||||
|
// 7 = {string} "POST /api/internal/repo/user2/repo1.git/info/lfs/locks/24/unlock"
|
||||||
|
assert.NotEmpty(t, routerCalls)
|
||||||
|
// assert.Contains(t, routerCalls, "PUT /api/internal/repo/user2/repo1.git/info/lfs/objects/....")
|
||||||
|
})
|
||||||
|
}
|
138
tests/integration/git_misc_test.go
Normal file
138
tests/integration/git_misc_test.go
Normal file
@ -0,0 +1,138 @@
|
|||||||
|
// Copyright 2024 The Gitea Authors. All rights reserved.
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package integration
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"context"
|
||||||
|
"io"
|
||||||
|
"net/url"
|
||||||
|
"sync"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
auth_model "code.gitea.io/gitea/models/auth"
|
||||||
|
"code.gitea.io/gitea/models/db"
|
||||||
|
issues_model "code.gitea.io/gitea/models/issues"
|
||||||
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
|
"code.gitea.io/gitea/models/unittest"
|
||||||
|
user_model "code.gitea.io/gitea/models/user"
|
||||||
|
"code.gitea.io/gitea/modules/git"
|
||||||
|
"code.gitea.io/gitea/modules/gitrepo"
|
||||||
|
files_service "code.gitea.io/gitea/services/repository/files"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestDataAsyncDoubleRead_Issue29101(t *testing.T) {
|
||||||
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||||
|
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||||
|
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
|
||||||
|
|
||||||
|
testContent := bytes.Repeat([]byte{'a'}, 10000)
|
||||||
|
resp, err := files_service.ChangeRepoFiles(db.DefaultContext, repo, user, &files_service.ChangeRepoFilesOptions{
|
||||||
|
Files: []*files_service.ChangeRepoFile{
|
||||||
|
{
|
||||||
|
Operation: "create",
|
||||||
|
TreePath: "test.txt",
|
||||||
|
ContentReader: bytes.NewReader(testContent),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
OldBranch: repo.DefaultBranch,
|
||||||
|
NewBranch: repo.DefaultBranch,
|
||||||
|
})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
sha := resp.Commit.SHA
|
||||||
|
|
||||||
|
gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, repo)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
commit, err := gitRepo.GetCommit(sha)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
entry, err := commit.GetTreeEntryByPath("test.txt")
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
b := entry.Blob()
|
||||||
|
r1, err := b.DataAsync()
|
||||||
|
assert.NoError(t, err)
|
||||||
|
defer r1.Close()
|
||||||
|
r2, err := b.DataAsync()
|
||||||
|
assert.NoError(t, err)
|
||||||
|
defer r2.Close()
|
||||||
|
|
||||||
|
var data1, data2 []byte
|
||||||
|
wg := sync.WaitGroup{}
|
||||||
|
wg.Add(2)
|
||||||
|
go func() {
|
||||||
|
data1, _ = io.ReadAll(r1)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
wg.Done()
|
||||||
|
}()
|
||||||
|
go func() {
|
||||||
|
data2, _ = io.ReadAll(r2)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
wg.Done()
|
||||||
|
}()
|
||||||
|
wg.Wait()
|
||||||
|
assert.Equal(t, testContent, data1)
|
||||||
|
assert.Equal(t, testContent, data2)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAgitPullPush(t *testing.T) {
|
||||||
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||||
|
baseAPITestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
|
||||||
|
|
||||||
|
u.Path = baseAPITestContext.GitPath()
|
||||||
|
u.User = url.UserPassword("user2", userPassword)
|
||||||
|
|
||||||
|
dstPath := t.TempDir()
|
||||||
|
doGitClone(dstPath, u)(t)
|
||||||
|
|
||||||
|
gitRepo, err := git.OpenRepository(context.Background(), dstPath)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
defer gitRepo.Close()
|
||||||
|
|
||||||
|
doGitCreateBranch(dstPath, "test-agit-push")
|
||||||
|
|
||||||
|
// commit 1
|
||||||
|
_, err = generateCommitWithNewData(littleSize, dstPath, "user2@example.com", "User Two", "branch-data-file-")
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
// push to create an agit pull request
|
||||||
|
err = git.NewCommand(git.DefaultContext, "push", "origin",
|
||||||
|
"-o", "title=test-title", "-o", "description=test-description",
|
||||||
|
"HEAD:refs/for/master/test-agit-push",
|
||||||
|
).Run(&git.RunOpts{Dir: dstPath})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
// check pull request exist
|
||||||
|
pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{BaseRepoID: 1, Flow: issues_model.PullRequestFlowAGit, HeadBranch: "user2/test-agit-push"})
|
||||||
|
assert.NoError(t, pr.LoadIssue(db.DefaultContext))
|
||||||
|
assert.Equal(t, "test-title", pr.Issue.Title)
|
||||||
|
assert.Equal(t, "test-description", pr.Issue.Content)
|
||||||
|
|
||||||
|
// commit 2
|
||||||
|
_, err = generateCommitWithNewData(littleSize, dstPath, "user2@example.com", "User Two", "branch-data-file-2-")
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
// push 2
|
||||||
|
err = git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master/test-agit-push").Run(&git.RunOpts{Dir: dstPath})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
// reset to first commit
|
||||||
|
err = git.NewCommand(git.DefaultContext, "reset", "--hard", "HEAD~1").Run(&git.RunOpts{Dir: dstPath})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
// test force push without confirm
|
||||||
|
_, stderr, err := git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master/test-agit-push").RunStdString(&git.RunOpts{Dir: dstPath})
|
||||||
|
assert.Error(t, err)
|
||||||
|
assert.Contains(t, stderr, "[remote rejected] HEAD -> refs/for/master/test-agit-push (request `force-push` push option)")
|
||||||
|
|
||||||
|
// test force push with confirm
|
||||||
|
err = git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master/test-agit-push", "-o", "force-push").Run(&git.RunOpts{Dir: dstPath})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
})
|
||||||
|
}
|
@ -9,7 +9,6 @@ import (
|
|||||||
"database/sql"
|
"database/sql"
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
@ -53,7 +52,7 @@ func InitTest(requireGitea bool) {
|
|||||||
if setting.IsWindows {
|
if setting.IsWindows {
|
||||||
giteaBinary += ".exe"
|
giteaBinary += ".exe"
|
||||||
}
|
}
|
||||||
setting.AppPath = path.Join(giteaRoot, giteaBinary)
|
setting.AppPath = filepath.Join(giteaRoot, giteaBinary)
|
||||||
if _, err := os.Stat(setting.AppPath); err != nil {
|
if _, err := os.Stat(setting.AppPath); err != nil {
|
||||||
exitf("Could not find gitea binary at %s", setting.AppPath)
|
exitf("Could not find gitea binary at %s", setting.AppPath)
|
||||||
}
|
}
|
||||||
@ -70,7 +69,7 @@ func InitTest(requireGitea bool) {
|
|||||||
exitf(`sqlite3 requires: import _ "github.com/mattn/go-sqlite3" or -tags sqlite,sqlite_unlock_notify`)
|
exitf(`sqlite3 requires: import _ "github.com/mattn/go-sqlite3" or -tags sqlite,sqlite_unlock_notify`)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if !path.IsAbs(giteaConf) {
|
if !filepath.IsAbs(giteaConf) {
|
||||||
setting.CustomConf = filepath.Join(giteaRoot, giteaConf)
|
setting.CustomConf = filepath.Join(giteaRoot, giteaConf)
|
||||||
} else {
|
} else {
|
||||||
setting.CustomConf = giteaConf
|
setting.CustomConf = giteaConf
|
||||||
@ -193,8 +192,12 @@ func PrepareAttachmentsStorage(t testing.TB) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func PrepareGitRepoDirectory(t testing.TB) {
|
func PrepareGitRepoDirectory(t testing.TB) {
|
||||||
|
if !assert.NotEmpty(t, setting.RepoRootPath) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
assert.NoError(t, util.RemoveAll(setting.RepoRootPath))
|
assert.NoError(t, util.RemoveAll(setting.RepoRootPath))
|
||||||
assert.NoError(t, unittest.CopyDir(path.Join(filepath.Dir(setting.AppPath), "tests/gitea-repositories-meta"), setting.RepoRootPath))
|
assert.NoError(t, unittest.CopyDir(filepath.Join(filepath.Dir(setting.AppPath), "tests/gitea-repositories-meta"), setting.RepoRootPath))
|
||||||
|
|
||||||
ownerDirs, err := os.ReadDir(setting.RepoRootPath)
|
ownerDirs, err := os.ReadDir(setting.RepoRootPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user