Skip to content

Commit 229e9d0

Browse files
christian-schillingchristian-schilling
authored
Implement blocklist for upstream repos (#669)
1 parent 6e4be0e commit 229e9d0

File tree

3 files changed

+34
-0
lines changed

3 files changed

+34
-0
lines changed

josh-proxy/src/bin/josh-proxy.rs

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -467,6 +467,22 @@ async fn call_service(
467467
return Ok(builder.body(hyper::Body::empty())?);
468468
}
469469

470+
let block = std::env::var("JOSH_REPO_BLOCK").unwrap_or("".to_owned());
471+
let block = block.split(";").collect::<Vec<_>>();
472+
473+
for b in block {
474+
if b == parsed_url.upstream_repo {
475+
return Ok(make_response(
476+
hyper::Body::from(formatdoc!(
477+
r#"
478+
Access to this repo is blocked via JOSH_REPO_BLOCK
479+
"#
480+
)),
481+
hyper::StatusCode::UNPROCESSABLE_ENTITY,
482+
));
483+
}
484+
}
485+
470486
match fetch_upstream(
471487
serv.clone(),
472488
parsed_url.upstream_repo.to_owned(),

tests/proxy/clone_blocked.t

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
$ . ${TESTDIR}/setup_test_env.sh
2+
$ cd ${TESTTMP}
3+
4+
$ git clone -q http://localhost:8002/blocked_repo.git
5+
remote: Access to this repo is blocked via JOSH_REPO_BLOCK
6+
fatal: unable to access 'http://localhost:8002/blocked_repo.git/': The requested URL returned error: 422
7+
[128]
8+
9+
$ bash ${TESTDIR}/destroy_test_env.sh
10+
refs
11+
|-- heads
12+
`-- tags
13+
14+
2 directories, 0 files
15+

tests/proxy/setup_test_env.sh

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,15 @@ killall hyper-cgi-test-server >/dev/null 2>&1 || true
55

66
git init --bare ${TESTTMP}/remote/real_repo.git/ 1> /dev/null
77
git config -f ${TESTTMP}/remote/real_repo.git/config http.receivepack true
8+
git init --bare ${TESTTMP}/remote/blocked_repo.git/ 1> /dev/null
9+
git config -f ${TESTTMP}/remote/blocked_repo.git/config http.receivepack true
810
git init --bare ${TESTTMP}/remote/real/repo2.git/ 1> /dev/null
911
git config -f ${TESTTMP}/remote/real/repo2.git/config http.receivepack true
1012
export RUST_LOG=trace
1113

1214
export GIT_CONFIG_NOSYSTEM=1
1315
export JOSH_SERVICE_NAME="josh-proxy-test"
16+
export JOSH_REPO_BLOCK="/blocked_repo.git"
1417

1518
GIT_DIR=${TESTTMP}/remote/ GIT_PROJECT_ROOT=${TESTTMP}/remote/ GIT_HTTP_EXPORT_ALL=1 hyper-cgi-test-server\
1619
--port=8001\

0 commit comments

Comments
 (0)