41 lines
1.6 KiB
Go
41 lines
1.6 KiB
Go
package upload
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"gitlab.com/gitlab-org/gitlab/workhorse/internal/api"
|
|
)
|
|
|
|
// Multipart is a request middleware. If the request has a MIME multipart
|
|
// request body, the middleware will iterate through the multipart parts.
|
|
// When it finds a file part (filename != ""), the middleware will save
|
|
// the file contents to a temporary location and replace the file part
|
|
// with a reference to the temporary location.
|
|
func Multipart(rails PreAuthorizer, h http.Handler, p Preparer) http.Handler {
|
|
return rails.PreAuthorizeHandler(func(w http.ResponseWriter, r *http.Request, a *api.Response) {
|
|
s := &SavedFileTracker{Request: r}
|
|
|
|
interceptMultipartFiles(w, r, h, s, &eagerAuthorizer{a}, p)
|
|
}, "/authorize")
|
|
}
|
|
|
|
// SkipRailsPreAuthMultipart behaves like Multipart except it does not
|
|
// pre-authorize with Rails. It is intended for use on catch-all routes
|
|
// where we cannot pre-authorize both because we don't know which Rails
|
|
// endpoint to call, and because eagerly pre-authorizing would add too
|
|
// much overhead.
|
|
func SkipRailsPreAuthMultipart(tempPath string, myAPI *api.API, h http.Handler, p Preparer) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
s := &SavedFileTracker{Request: r}
|
|
|
|
// We use testAuthorizer as a temporary measure. When
|
|
// https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/742 is done, we
|
|
// should only be using apiAuthorizer.
|
|
fa := &testAuthorizer{
|
|
test: &apiAuthorizer{myAPI},
|
|
actual: &eagerAuthorizer{&api.Response{TempPath: tempPath}},
|
|
}
|
|
|
|
interceptMultipartFiles(w, r, h, s, fa, p)
|
|
})
|
|
}
|