debian-mirror-gitlab/workhorse/internal/upload/multipart_uploader.go

package upload

import (
	"net/http"

	"gitlab.com/gitlab-org/gitlab/workhorse/internal/api"
)

// Multipart is a request middleware. If the request has a MIME multipart
// request body, the middleware will iterate through the multipart parts.
// When it finds a file part (filename != ""), the middleware will save
// the file contents to a temporary location and replace the file part
// with a reference to the temporary location.
func Multipart(rails PreAuthorizer, h http.Handler, p Preparer) http.Handler {
	return rails.PreAuthorizeHandler(func(w http.ResponseWriter, r *http.Request, a *api.Response) {
		s := &SavedFileTracker{Request: r}

		interceptMultipartFiles(w, r, h, s, &eagerAuthorizer{a}, p)
	}, "/authorize")
}

// SkipRailsPreAuthMultipart behaves like Multipart except it does not
// pre-authorize with Rails. It is intended for use on catch-all routes
// where we cannot pre-authorize both because we don't know which Rails
// endpoint to call, and because eagerly pre-authorizing would add too
// much overhead.
func SkipRailsPreAuthMultipart(tempPath string, myAPI *api.API, h http.Handler, p Preparer) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		s := &SavedFileTracker{Request: r}

		// We use testAuthorizer as a temporary measure. When
		// https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/742 is done, we
		// should only be using apiAuthorizer.
		fa := &testAuthorizer{
			test:   &apiAuthorizer{myAPI},
			actual: &eagerAuthorizer{&api.Response{TempPath: tempPath}},
		}

		interceptMultipartFiles(w, r, h, s, fa, p)
	})
}
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`package upload`

			`import (`
			`"net/http"`

New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30			`"gitlab.com/gitlab-org/gitlab/workhorse/internal/api"`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`)`

New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`// Multipart is a request middleware. If the request has a MIME multipart`
			`// request body, the middleware will iterate through the multipart parts.`
			`// When it finds a file part (filename != ""), the middleware will save`
			`// the file contents to a temporary location and replace the file part`
			`// with a reference to the temporary location.`
			`func Multipart(rails PreAuthorizer, h http.Handler, p Preparer) http.Handler {`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`return rails.PreAuthorizeHandler(func(w http.ResponseWriter, r http.Request, a api.Response) {`
			`s := &SavedFileTracker{Request: r}`

New upstream version 15.1.3+ds1 2022-07-23 23:45:48 +05:30			`interceptMultipartFiles(w, r, h, s, &eagerAuthorizer{a}, p)`
			`}, "/authorize")`
			`}`

			`// SkipRailsPreAuthMultipart behaves like Multipart except it does not`
			`// pre-authorize with Rails. It is intended for use on catch-all routes`
			`// where we cannot pre-authorize both because we don't know which Rails`
			`// endpoint to call, and because eagerly pre-authorizing would add too`
			`// much overhead.`
			`func SkipRailsPreAuthMultipart(tempPath string, myAPI *api.API, h http.Handler, p Preparer) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`s := &SavedFileTracker{Request: r}`

			`// We use testAuthorizer as a temporary measure. When`
			`// https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/742 is done, we`
			`// should only be using apiAuthorizer.`
			`fa := &testAuthorizer{`
			`test: &apiAuthorizer{myAPI},`
			`actual: &eagerAuthorizer{&api.Response{TempPath: tempPath}},`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`}`

New upstream version 15.1.3+ds1 2022-07-23 23:45:48 +05:30			`interceptMultipartFiles(w, r, h, s, fa, p)`
			`})`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`}`