Filter Git LFS HTTP requests through auth filter

Git LFS requests include the authorization as HTTP Basic but this is ignored and the user is treated as anonymous. Filter these requests through the same auth filter as used for git, so that the user can be determined. The filter URL is based on the existing LFS regex [1] but ignores the "/a/" prefix so that it is not called 2 times when LFS request starting with "/a/" is performed. [1] com.google.gerrit.httpd.plugins.LfsPluginServlet.URL_REGEX Change-Id: I7ac47233cb003068722c117760731ae20ec63ace Signed-off-by: Jacek Centkowski <jcentkowski@collab.net> Signed-off-by: David Pursehouse <dpursehouse@collab.net>
2017-01-20 15:17:38 +01:00
parent 6e4dae993d
commit 70642f1358
2 changed files with 8 additions and 1 deletions
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java
@@ -15,6 +15,7 @@
 package com.google.gerrit.httpd;

 import static com.google.gerrit.reviewdb.client.AuthType.OAUTH;
+import static com.google.gerrit.httpd.plugins.LfsPluginServlet.LFS_REST;

 import com.google.gerrit.reviewdb.client.CoreDownloadSchemes;
 import com.google.gerrit.server.config.AuthConfig;
@@ -26,6 +27,9 @@ import javax.servlet.Filter;

 /** Configures Git access over HTTP with authentication. */
 public class GitOverHttpModule extends ServletModule {
+  private static final String LFS_URL_REGEX =
+      "^(?:(?!/a/))" + LFS_REST;
+
  private final AuthConfig authConfig;
  private final DownloadConfig downloadConfig;

@@ -57,6 +61,7 @@ public class GitOverHttpModule extends ServletModule {
      serveRegex(git).with(GitOverHttpServlet.class);
    }

+    filterRegex(LFS_URL_REGEX).through(authFilter);
    filter("/a/*").through(authFilter);
  }

--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/LfsPluginServlet.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/LfsPluginServlet.java
@@ -57,8 +57,10 @@ public class LfsPluginServlet extends HttpServlet
  private static final Logger log
      = LoggerFactory.getLogger(LfsPluginServlet.class);

+  public static final String LFS_REST =
+      "(?:/p/|/)(.+)(?:/info/lfs/objects/batch)$";
  public static final String URL_REGEX =
-      "^(?:/a)?(?:/p/|/)(.+)(?:/info/lfs/objects/batch)$";
+      "^(?:/a)?" + LFS_REST;

  private static final String CONTENTTYPE_VND_GIT_LFS_JSON =
      "application/vnd.git-lfs+json; charset=utf-8";