Files

 fc61feb

/

ssh.go

Blame

Blame

Latest commit

 

History

History

117 lines (98 loc) · 2.84 KB

 fc61feb

/

ssh.go

Top

File metadata and controls

• Code
• Blame

117 lines (98 loc) · 2.84 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

package lfshttp

import (

"bytes"

"encoding/json"

"strings"

"time"

"github.com/git-lfs/git-lfs/v3/config"

"github.com/git-lfs/git-lfs/v3/ssh"

"github.com/git-lfs/git-lfs/v3/subprocess"

"github.com/git-lfs/git-lfs/v3/tools"

"github.com/rubyist/tracerx"

)

type SSHResolver interface {

Resolve(Endpoint, string) (sshAuthResponse, error)

}

func withSSHCache(ssh SSHResolver) SSHResolver {

return &sshCache{

endpoints: make(map[string]*sshAuthResponse),

ssh: ssh,

}

}

type sshCache struct {

endpoints map[string]*sshAuthResponse

ssh SSHResolver

}

func (c *sshCache) Resolve(e Endpoint, method string) (sshAuthResponse, error) {

if len(e.SSHMetadata.UserAndHost) == 0 {

return sshAuthResponse{}, nil

}

key := strings.Join([]string{e.SSHMetadata.UserAndHost, e.SSHMetadata.Port, e.SSHMetadata.Path, method}, "//")

if res, ok := c.endpoints[key]; ok {

if _, expired := res.IsExpiredWithin(5 * time.Second); !expired {

tracerx.Printf("ssh cache: %s git-lfs-authenticate %s %s",

e.SSHMetadata.UserAndHost, e.SSHMetadata.Path, endpointOperation(e, method))

return *res, nil

} else {

tracerx.Printf("ssh cache expired: %s git-lfs-authenticate %s %s",

e.SSHMetadata.UserAndHost, e.SSHMetadata.Path, endpointOperation(e, method))

}

}

res, err := c.ssh.Resolve(e, method)

if err == nil {

c.endpoints[key] = &res

}

return res, err

}

type sshAuthResponse struct {

Message string `json:"-"`

Href string `json:"href"`

Header map[string]string `json:"header"`

ExpiresAt time.Time `json:"expires_at"`

ExpiresIn int `json:"expires_in"`

createdAt time.Time

}

func (r *sshAuthResponse) IsExpiredWithin(d time.Duration) (time.Time, bool) {

return tools.IsExpiredAtOrIn(r.createdAt, d, r.ExpiresAt,

time.Duration(r.ExpiresIn)*time.Second)

}

type sshAuthClient struct {

os config.Environment

git config.Environment

}

func (c *sshAuthClient) Resolve(e Endpoint, method string) (sshAuthResponse, error) {

res := sshAuthResponse{}

if len(e.SSHMetadata.UserAndHost) == 0 {

return res, nil

}

exe, args, _, _ := ssh.GetLFSExeAndArgs(c.os, c.git, &e.SSHMetadata, "git-lfs-authenticate", endpointOperation(e, method), false, "")

cmd, err := subprocess.ExecCommand(exe, args...)

if err != nil {

return res, err

}

// Save stdout and stderr in separate buffers

var outbuf, errbuf bytes.Buffer

cmd.Stdout = &outbuf

cmd.Stderr = &errbuf

now := time.Now()

// Execute command

err = cmd.Start()

if err == nil {

err = cmd.Wait()

}

// Processing result

if err != nil {

res.Message = strings.TrimSpace(errbuf.String())

} else {

err = json.Unmarshal(outbuf.Bytes(), &res)

if res.ExpiresIn == 0 && res.ExpiresAt.IsZero() {

ttl := c.git.Int("lfs.defaulttokenttl", 0)

if ttl < 0 {

ttl = 0

}

res.ExpiresIn = ttl

}

res.createdAt = now

}

return res, err

}