diff options
Diffstat (limited to 'workhorse/internal')
-rw-r--r-- | workhorse/internal/artifacts/artifacts_upload_test.go | 2 | ||||
-rw-r--r-- | workhorse/internal/filestore/file_handler.go | 2 | ||||
-rw-r--r-- | workhorse/internal/filestore/file_handler_test.go | 2 | ||||
-rw-r--r-- | workhorse/internal/imageresizer/image_resizer.go | 4 | ||||
-rw-r--r-- | workhorse/internal/secret/jwt.go | 2 | ||||
-rw-r--r-- | workhorse/internal/testhelper/testhelper.go | 2 | ||||
-rw-r--r-- | workhorse/internal/upload/accelerate.go | 2 | ||||
-rw-r--r-- | workhorse/internal/upload/body_uploader_test.go | 2 | ||||
-rw-r--r-- | workhorse/internal/upload/saved_file_tracker_test.go | 2 | ||||
-rw-r--r-- | workhorse/internal/upstream/roundtripper/roundtripper.go | 10 | ||||
-rw-r--r-- | workhorse/internal/upstream/roundtripper/roundtripper_test.go | 56 | ||||
-rw-r--r-- | workhorse/internal/upstream/routes.go | 2 |
12 files changed, 73 insertions, 15 deletions
diff --git a/workhorse/internal/artifacts/artifacts_upload_test.go b/workhorse/internal/artifacts/artifacts_upload_test.go index ce078c78559..2b11d56f4ee 100644 --- a/workhorse/internal/artifacts/artifacts_upload_test.go +++ b/workhorse/internal/artifacts/artifacts_upload_test.go @@ -14,7 +14,7 @@ import ( "os" "testing" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" "gitlab.com/gitlab-org/gitlab/workhorse/internal/api" "gitlab.com/gitlab-org/gitlab/workhorse/internal/filestore" diff --git a/workhorse/internal/filestore/file_handler.go b/workhorse/internal/filestore/file_handler.go index 06948941c04..b4d7250fe0c 100644 --- a/workhorse/internal/filestore/file_handler.go +++ b/workhorse/internal/filestore/file_handler.go @@ -10,7 +10,7 @@ import ( "strconv" "time" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" "gitlab.com/gitlab-org/labkit/log" diff --git a/workhorse/internal/filestore/file_handler_test.go b/workhorse/internal/filestore/file_handler_test.go index b1d4e64b666..16af56dcf48 100644 --- a/workhorse/internal/filestore/file_handler_test.go +++ b/workhorse/internal/filestore/file_handler_test.go @@ -12,7 +12,7 @@ import ( "testing" "time" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/require" "gocloud.dev/blob" diff --git a/workhorse/internal/imageresizer/image_resizer.go b/workhorse/internal/imageresizer/image_resizer.go index a21d2838acb..cd0fa946530 100644 --- a/workhorse/internal/imageresizer/image_resizer.go +++ b/workhorse/internal/imageresizer/image_resizer.go @@ -186,12 +186,15 @@ func (r *Resizer) Inject(w http.ResponseWriter, req *http.Request, paramsData st } defer imageFile.reader.Close() + widthLabelVal := strconv.Itoa(int(params.Width)) + outcome.originalFileSize = imageFile.contentLength setLastModified(w, imageFile.lastModified) // If the original file has not changed, then any cached resized versions have not changed either. if checkNotModified(req, imageFile.lastModified) { writeNotModified(w) + imageResizeDurations.WithLabelValues(params.ContentType, widthLabelVal).Observe(time.Since(start).Seconds()) outcome.ok(statusClientCache) return } @@ -221,7 +224,6 @@ func (r *Resizer) Inject(w http.ResponseWriter, req *http.Request, paramsData st return } - widthLabelVal := strconv.Itoa(int(params.Width)) imageResizeDurations.WithLabelValues(params.ContentType, widthLabelVal).Observe(time.Since(start).Seconds()) outcome.ok(statusSuccess) diff --git a/workhorse/internal/secret/jwt.go b/workhorse/internal/secret/jwt.go index 04335e58f76..804f3a9aba9 100644 --- a/workhorse/internal/secret/jwt.go +++ b/workhorse/internal/secret/jwt.go @@ -3,7 +3,7 @@ package secret import ( "fmt" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" ) var ( diff --git a/workhorse/internal/testhelper/testhelper.go b/workhorse/internal/testhelper/testhelper.go index d94341cd2b6..7e66563e438 100644 --- a/workhorse/internal/testhelper/testhelper.go +++ b/workhorse/internal/testhelper/testhelper.go @@ -14,7 +14,7 @@ import ( "testing" "time" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/labkit/log" diff --git a/workhorse/internal/upload/accelerate.go b/workhorse/internal/upload/accelerate.go index 08a84c6f670..81f44d33a82 100644 --- a/workhorse/internal/upload/accelerate.go +++ b/workhorse/internal/upload/accelerate.go @@ -4,7 +4,7 @@ import ( "fmt" "net/http" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" "gitlab.com/gitlab-org/gitlab/workhorse/internal/api" "gitlab.com/gitlab-org/gitlab/workhorse/internal/helper" diff --git a/workhorse/internal/upload/body_uploader_test.go b/workhorse/internal/upload/body_uploader_test.go index 35509cb86c4..aeb366616ca 100644 --- a/workhorse/internal/upload/body_uploader_test.go +++ b/workhorse/internal/upload/body_uploader_test.go @@ -11,7 +11,7 @@ import ( "strings" "testing" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitlab/workhorse/internal/api" diff --git a/workhorse/internal/upload/saved_file_tracker_test.go b/workhorse/internal/upload/saved_file_tracker_test.go index b294d04b216..b34dd9aed4f 100644 --- a/workhorse/internal/upload/saved_file_tracker_test.go +++ b/workhorse/internal/upload/saved_file_tracker_test.go @@ -3,7 +3,7 @@ package upload import ( "context" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" "net/http" "testing" diff --git a/workhorse/internal/upstream/roundtripper/roundtripper.go b/workhorse/internal/upstream/roundtripper/roundtripper.go index 947b80ddcf6..fdbca5c0120 100644 --- a/workhorse/internal/upstream/roundtripper/roundtripper.go +++ b/workhorse/internal/upstream/roundtripper/roundtripper.go @@ -2,6 +2,7 @@ package roundtripper import ( "context" + "crypto/tls" "fmt" "net" "net/http" @@ -15,10 +16,6 @@ import ( ) func mustParseAddress(address, scheme string) string { - if scheme == "https" { - panic("TLS is not supported for backend connections") - } - for _, suffix := range []string{"", ":" + scheme} { address += suffix if host, port, err := net.SplitHostPort(address); err == nil && host != "" && port != "" { @@ -31,9 +28,14 @@ func mustParseAddress(address, scheme string) string { // NewBackendRoundTripper returns a new RoundTripper instance using the provided values func NewBackendRoundTripper(backend *url.URL, socket string, proxyHeadersTimeout time.Duration, developmentMode bool) http.RoundTripper { + return newBackendRoundTripper(backend, socket, proxyHeadersTimeout, developmentMode, nil) +} + +func newBackendRoundTripper(backend *url.URL, socket string, proxyHeadersTimeout time.Duration, developmentMode bool, tlsConf *tls.Config) http.RoundTripper { // Copied from the definition of http.DefaultTransport. We can't literally copy http.DefaultTransport because of its hidden internal state. transport, dialer := newBackendTransport() transport.ResponseHeaderTimeout = proxyHeadersTimeout + transport.TLSClientConfig = tlsConf if backend != nil && socket == "" { address := mustParseAddress(backend.Host, backend.Scheme) diff --git a/workhorse/internal/upstream/roundtripper/roundtripper_test.go b/workhorse/internal/upstream/roundtripper/roundtripper_test.go index 79ffa244918..eed71cc5bae 100644 --- a/workhorse/internal/upstream/roundtripper/roundtripper_test.go +++ b/workhorse/internal/upstream/roundtripper/roundtripper_test.go @@ -1,6 +1,13 @@ package roundtripper import ( + "crypto/tls" + "crypto/x509" + "fmt" + "io/ioutil" + "net/http" + "net/http/httptest" + "net/url" "strconv" "testing" @@ -12,6 +19,7 @@ func TestMustParseAddress(t *testing.T) { {"1.2.3.4:56", "http", "1.2.3.4:56"}, {"[::1]:23", "http", "::1:23"}, {"4.5.6.7", "http", "4.5.6.7:http"}, + {"4.5.6.7", "https", "4.5.6.7:https"}, } for i, example := range successExamples { t.Run(strconv.Itoa(i), func(t *testing.T) { @@ -23,7 +31,6 @@ func TestMustParseAddress(t *testing.T) { func TestMustParseAddressPanic(t *testing.T) { panicExamples := []struct{ address, scheme string }{ {"1.2.3.4", ""}, - {"1.2.3.4", "https"}, } for i, panicExample := range panicExamples { @@ -37,3 +44,50 @@ func TestMustParseAddressPanic(t *testing.T) { }) } } + +func TestSupportsHTTPBackend(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(200) + fmt.Fprint(w, "successful response") + })) + defer ts.Close() + + testNewBackendRoundTripper(t, ts, nil, "successful response") +} + +func TestSupportsHTTPSBackend(t *testing.T) { + ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(200) + fmt.Fprint(w, "successful response") + })) + defer ts.Close() + + certpool := x509.NewCertPool() + certpool.AddCert(ts.Certificate()) + tlsClientConfig := &tls.Config{ + RootCAs: certpool, + } + + testNewBackendRoundTripper(t, ts, tlsClientConfig, "successful response") +} + +func testNewBackendRoundTripper(t *testing.T, ts *httptest.Server, tlsClientConfig *tls.Config, expectedResponseBody string) { + t.Helper() + + backend, err := url.Parse(ts.URL) + require.NoError(t, err, "parse url") + + rt := newBackendRoundTripper(backend, "", 0, true, tlsClientConfig) + + req, err := http.NewRequest("GET", ts.URL+"/", nil) + require.NoError(t, err, "build request") + + response, err := rt.RoundTrip(req) + require.NoError(t, err, "perform roundtrip") + defer response.Body.Close() + + body, err := ioutil.ReadAll(response.Body) + require.NoError(t, err) + + require.Equal(t, expectedResponseBody, string(body)) +} diff --git a/workhorse/internal/upstream/routes.go b/workhorse/internal/upstream/routes.go index a4b453f047d..8c85c5144e5 100644 --- a/workhorse/internal/upstream/routes.go +++ b/workhorse/internal/upstream/routes.go @@ -359,7 +359,7 @@ func configureRoutes(u *upstream) { u.route("", "^/-/metrics$", defaultUpstream), // Authentication routes - u.route("", "^/users/(sign_in|sign_out)$", defaultUpstream), + u.route("", "^/users/auth/geo/(sign_in|sign_out)$", defaultUpstream), u.route("", "^/oauth/geo/(auth|callback|logout)$", defaultUpstream), // Admin Area > Geo routes |