Show nice error message when internal API is unreachable.

author: Douwe Maan <douwe@gitlab.com> 2015-02-11 23:43:57 +0100
committer: Douwe Maan <douwe@gitlab.com> 2015-02-11 23:43:57 +0100
commit: 562d7eb4ecaa9ca35f970567c0f09cdb29d26521 (patch)
tree: 032eb81a84675799500b5ecb54789fea90f3fcb6 /lib
parent: f92a9c5a5f3f1cfc8a827abcf67a508133f39f04 (diff)
download: gitlab-shell-562d7eb4ecaa9ca35f970567c0f09cdb29d26521.tar.gz
4 files changed, 39 insertions, 23 deletions
diff --git a/lib/gitlab_access.rb b/lib/gitlab_access.rb
index 547b81d..22343fd 100644
--- a/lib/gitlab_access.rb
+++ b/lib/gitlab_access.rb
@@ -18,15 +18,20 @@ class GitlabAccess
   end
 
   def exec
-    status = api.check_access('git-receive-pack', @repo_name, @actor, @changes)
-    if status.allowed?
-      true
-    else
-      # reset GL_ID env since we stop git push here
-      ENV['GL_ID'] = nil
-      puts "GitLab: #{status.message}"
-      false
+    begin
+      status = api.check_access('git-receive-pack', @repo_name, @actor, @changes)
+
+      return true if status.allowed?
+
+      message = status.message
+    rescue GitlabNet::ApiUnreachableError
+      message = "Failed to authorize your Git request: internal API unreachable"
     end
+
+    # reset GL_ID env since we stop git push here
+    ENV['GL_ID'] = nil
+    puts "GitLab: #{message}"
+    false
   end
 
   protected
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index 88c7e75..6e76c98 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -7,6 +7,8 @@ require_relative 'gitlab_logger'
 require_relative 'gitlab_access'
 
 class GitlabNet
+  class ApiUnreachableError < StandardError; end
+
   def check_access(cmd, repo, actor, changes)
     project_name = repo.gsub("'", "")
     project_name = project_name.gsub(/\.git\Z/, "")
@@ -97,7 +99,11 @@ class GitlabNet
     http = http_client_for(uri)
     request = http_request_for(method, uri, params)
 
-    response = http.start { http.request(request) }
+    begin
+      response = http.start { http.request(request) }
+    rescue 
+      raise ApiUnreachableError 
+    end
 
     if response.code == "200"
       $logger.debug "Received response #{response.code} => <#{response.body}>."
diff --git a/lib/gitlab_post_receive.rb b/lib/gitlab_post_receive.rb
index 7cd5535..98b935b 100644
--- a/lib/gitlab_post_receive.rb
+++ b/lib/gitlab_post_receive.rb
@@ -18,9 +18,13 @@ class GitlabPostReceive
 
     update_redis
 
-    if broadcast_message = GitlabNet.new.broadcast_message
-      puts
-      print_broadcast_message(broadcast_message["message"])
+    begin
+      broadcast_message = GitlabNet.new.broadcast_message
+      if broadcast_message
+        puts
+        print_broadcast_message(broadcast_message["message"])
+      end
+    rescue GitlabNet::ApiUnreachableError
     end
   end
 
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb
index 95fad9e..9605136 100644
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -21,12 +21,13 @@ class GitlabShell
       if git_cmds.include?(@git_cmd)
         ENV['GL_ID'] = @key_id
 
-        if validate_access
+        access = api.check_access(@git_cmd, @repo_name, @key_id, '_any')
+        if access.allowed?
           process_cmd
         else
           message = "gitlab-shell: Access denied for git command <#{@origin_cmd}> by #{log_username}."
           $logger.warn message
-          $stderr.puts "Access denied."
+          puts access.message
         end
       else
         raise DisallowedCommandError
@@ -34,10 +35,13 @@ class GitlabShell
     else
       puts "Welcome to GitLab, #{username}!"
     end
+  rescue GitlabNet::ApiUnreachableError => ex
+    $logger.warn "gitlab-shell: Failed to connect to internal API"
+    puts "Failed to authorize your Git request: internal API unreachable"
   rescue DisallowedCommandError => ex
     message = "gitlab-shell: Attempt to execute disallowed command <#{@origin_cmd}> by #{log_username}."
     $logger.warn message
-    puts 'Not allowed command'
+    puts 'Disallowed command'
   end
 
   protected
@@ -59,10 +63,6 @@ class GitlabShell
     exec_cmd(@git_cmd, repo_full_path)
   end
 
-  def validate_access
-    api.check_access(@git_cmd, @repo_name, @key_id, '_any').allowed?
-  end
-
   # This method is not covered by Rspec because it ends the current Ruby process.
   def exec_cmd(*args)
     Kernel::exec({'PATH' => ENV['PATH'], 'LD_LIBRARY_PATH' => ENV['LD_LIBRARY_PATH'], 'GL_ID' => ENV['GL_ID']}, *args, unsetenv_others: true)
@@ -73,11 +73,12 @@ class GitlabShell
   end
 
   def user
-    # Can't use "@user ||=" because that will keep hitting the API when @user is really nil!
-    if instance_variable_defined?('@user')
-      @user
-    else
+    return @user if defined?(@user)
+
+    begin
       @user = api.discover(@key_id)
+    rescue GitlabNet::ApiUnreachableError
+      @user = nil
     end
   end
author	Douwe Maan <douwe@gitlab.com>	2015-02-11 23:43:57 +0100
committer	Douwe Maan <douwe@gitlab.com>	2015-02-11 23:43:57 +0100
commit	562d7eb4ecaa9ca35f970567c0f09cdb29d26521 (patch)
tree	032eb81a84675799500b5ecb54789fea90f3fcb6 /lib
parent	f92a9c5a5f3f1cfc8a827abcf67a508133f39f04 (diff)
download	gitlab-shell-562d7eb4ecaa9ca35f970567c0f09cdb29d26521.tar.gz