summaryrefslogtreecommitdiff
path: root/lib/gitlab_shell.rb
diff options
context:
space:
mode:
authorPatricio Cano <suprnova32@gmail.com>2016-08-25 17:34:34 -0500
committerPatricio Cano <suprnova32@gmail.com>2016-09-06 12:06:45 -0500
commitdbf374e10ad859a02ef69af53031e245913b6e65 (patch)
tree304e387c2702db9f9685f8a951ef3d65c60ad09c /lib/gitlab_shell.rb
parentc6d8af599dc797ec8ba7874380abad393b439c9e (diff)
downloadgitlab-shell-dbf374e10ad859a02ef69af53031e245913b6e65.tar.gz
Added LFS support to SSH
- Required changes to GitLab Shell include the actual handling of the `git-lfs-authenticate` command and the retrieval of the correct credentials.
Diffstat (limited to 'lib/gitlab_shell.rb')
-rw-r--r--lib/gitlab_shell.rb23
1 files changed, 22 insertions, 1 deletions
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb
index 1fdb9e5..ab98a6e 100644
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -1,4 +1,6 @@
require 'shellwords'
+require 'base64'
+require 'json'
require_relative 'gitlab_net'
@@ -11,7 +13,7 @@ class GitlabShell
API_COMMANDS = %w(2fa_recovery_codes)
GL_PROTOCOL = 'ssh'.freeze
- attr_accessor :key_id, :repo_name, :command
+ attr_accessor :key_id, :repo_name, :command, :git_access, :repository_http_path
attr_reader :repo_path
def initialize(key_id)
@@ -94,6 +96,7 @@ class GitlabShell
raise AccessDeniedError, status.message unless status.allowed?
self.repo_path = status.repository_path
+ @repository_http_path = status.repository_http_path
end
def process_cmd(args)
@@ -117,6 +120,11 @@ class GitlabShell
$logger.info "gitlab-shell: executing git-annex command <#{parsed_args.join(' ')}> for #{log_username}."
exec_cmd(*parsed_args)
+
+ elsif @command == 'git-lfs-authenticate'
+ $logger.info "gitlab-shell: Processing LFS authentication for #{log_username}."
+ lfs_authenticate
+
else
$logger.info "gitlab-shell: executing git command <#{@command} #{repo_path}> for #{log_username}."
exec_cmd(@command, repo_path)
@@ -184,6 +192,19 @@ class GitlabShell
non_dashed[0, 2] == %w{git-annex-shell gcryptsetup}
end
+ def lfs_authenticate
+ return unless user
+
+ authorization = {
+ header: {
+ Authorization: "Basic #{Base64.strict_encode64("#{user['username']}:#{user['lfs_token']}")}"
+ },
+ href: "#{repository_http_path}/info/lfs/"
+ }
+
+ puts JSON.generate(authorization)
+ end
+
private
def continue?(question)