Skip to content

Commit

Permalink
fix: gittar remove skipAuth (erda-project#1856)
Browse files Browse the repository at this point in the history
* fix: remove skipAuth

* polish the code and add unit test
  • Loading branch information
littlejiancc authored and erda-bot committed Sep 15, 2021
1 parent db1a92c commit a7bcb03
Show file tree
Hide file tree
Showing 4 changed files with 132 additions and 44 deletions.
79 changes: 40 additions & 39 deletions modules/gittar/auth/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -196,50 +196,43 @@ func doAuth(c *webcontext.Context, repo *models.Repo, repoName string) {
var gitRepository = &gitmodule.Repository{}
var err error
var userInfo *ucauth.UserInfo
//skip authentication
host := c.Host()
for _, skipUrl := range conf.SkipAuthUrls() {
if skipUrl != "" && strings.HasSuffix(host, skipUrl) {
logrus.Debugf("skip authenticate host: %s", host)
gitRepository, err = openRepository(c, repo)
if err != nil {
c.AbortWithStatus(500, err)
return
}
c.Set("repository", gitRepository)

userIdStr := c.GetHeader(httputil.UserHeader)
if userIdStr == "" {
c.AbortWithStatus(500, errors.New("the userID is empty"))
return
}
if !isGitProtocolRequest(c) {
gitRepository, err = openRepository(c, repo)
if err != nil {
c.AbortWithStatus(500, err)
return
}
c.Set("repository", gitRepository)

userInfoDto, err := uc.FindUserById(userIdStr)
if err != nil {
c.AbortWithStatus(500, err)
return
}
logrus.Infof("repo: %s userId: %v, username: %s", repoName, userIdStr, userInfoDto.Username)
//校验通过缓存5分钟结果
//校验失败每次都会请求
_, validateError := ValidaUserRepoWithCache(c, userIdStr, repo)
if validateError != nil {
logrus.Infof("openapi auth fail repo:%s user:%s", repoName, userInfoDto.Username)
c.AbortWithStatus(403, validateError)
return
}
c.Set("repository", gitRepository)
//c.Set("lock", repoLock.Lock)
userIdStr := c.GetHeader(httputil.UserHeader)
if userIdStr == "" {
c.AbortWithStatus(500, errors.New("the userID is empty"))
return
}
userInfoDto, err := uc.FindUserById(userIdStr)
if err != nil {
c.AbortWithStatus(500, err)
return
}
logrus.Infof("repo: %s userId: %v, username: %s", repoName, userIdStr, userInfoDto.Username)

c.Set("user", &models.User{
Name: userInfoDto.Username,
NickName: userInfoDto.NickName,
Email: userInfoDto.Email,
Id: userIdStr,
})
c.Next()
// if success, caches the results for 5 minutes
_, validateError := ValidaUserRepoWithCache(c, userIdStr, repo)
if validateError != nil {
logrus.Infof("openapi auth fail repo:%s user:%s", repoName, userInfoDto.Username)
c.AbortWithStatus(403, validateError)
return
}

c.Set("user", &models.User{
Name: userInfoDto.Username,
NickName: userInfoDto.NickName,
Email: userInfoDto.Email,
Id: userIdStr,
})
c.Next()
return
}

userInfo, err = GetUserInfoByTokenOrBasicAuth(c, repo.ProjectID)
Expand Down Expand Up @@ -463,3 +456,11 @@ func getOrgIDV3(c *webcontext.Context, orgName string) (int64, error) {
}
return orgID, nil
}

// isGitProtocolRequest if request like git clone,git push... return true
func isGitProtocolRequest(c *webcontext.Context) bool {
if c.GetHeader("Git-Protocol") != "" {
return true
}
return false
}
88 changes: 88 additions & 0 deletions modules/gittar/auth/auth_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
// Copyright (c) 2021 Terminus, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package auth

import (
"net/http"
"net/http/httptest"
"testing"

"bou.ke/monkey"
"github.com/labstack/echo"

"github.com/erda-project/erda/modules/gittar/models"
"github.com/erda-project/erda/modules/gittar/pkg/gitmodule"
"github.com/erda-project/erda/modules/gittar/webcontext"
)

func TestIsGitProtocolRequest(t *testing.T) {
e := echo.New()
req1 := httptest.NewRequest(http.MethodGet, "/", nil)
req2 := httptest.NewRequest(http.MethodGet, "/", nil)
req1.Header.Add("Git-Protocol", "version")
res := httptest.NewRecorder()
ctx1 := &webcontext.Context{
EchoContext: e.NewContext(req1, res),
Repository: nil,
User: nil,
Service: nil,
DBClient: nil,
Bundle: nil,
UCAuth: nil,
EtcdClient: nil,
}
ctx2 := &webcontext.Context{
EchoContext: e.NewContext(req2, res),
Repository: nil,
User: nil,
Service: nil,
DBClient: nil,
Bundle: nil,
UCAuth: nil,
EtcdClient: nil,
}

if isGitProtocolRequest(ctx1) != true {
t.Error("fail")
}
if isGitProtocolRequest(ctx2) == true {
t.Error("fail")
}
}

func TestDoAuthWithHttpProtocolWithoutUserID(t *testing.T) {
e := echo.New()
req := httptest.NewRequest(http.MethodGet, "/", nil)
res := httptest.NewRecorder()
ctx := &webcontext.Context{
EchoContext: e.NewContext(req, res),
Repository: nil,
User: nil,
Service: nil,
DBClient: nil,
Bundle: nil,
UCAuth: nil,
EtcdClient: nil,
}
monkey.Patch(openRepository, func(ctx *webcontext.Context, repo *models.Repo) (*gitmodule.Repository, error) {
return nil, nil
})
defer monkey.UnpatchAll()

doAuth(ctx, nil, "")
if ctx.EchoContext.Response().Status != 500 {
t.Error("fail")
}
}
3 changes: 3 additions & 0 deletions modules/gittar/initialize.go
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,9 @@ func (p *provider) Initialize() error {
// cron task to git gc all repository
go gc.ScheduledExecuteClean()

// start hook task consumer
models.Init(dbClient)

return e.Start(":" + conf.ListenPort())
}

Expand Down
6 changes: 1 addition & 5 deletions modules/gittar/models/web_hook.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,11 +120,7 @@ func (svc *Service) CreateHookTask(task *WebHookTask) error {

}

func init() {
db, err := OpenDB()
if err != nil {
panic(err)
}
func Init(db *DBClient) {
for i := 0; i < 5; i += 1 {
go StartHookTaskConsumer(db)
}
Expand Down

0 comments on commit a7bcb03

Please sign in to comment.