Merge branch 'main' into refactor-cli-to-ts-redone

Author: kriswest

package-lock.json

@@ -6,7 +6,7 @@
     "git-proxy-cli": "./dist/index.js"
   },
   "dependencies": {
-    "axios": "^1.11.0",
+    "axios": "^1.12.2",
     "yargs": "^17.7.2",
     "@finos/git-proxy": "file:../.."
   },

packages/git-proxy-cli/package.json

@@ -30,8 +30,6 @@ const isEmailAllowed = (email: string): boolean => {
 };
 
 const exec = async (req: any, action: Action): Promise<Action> => {
-  console.log({ req, action });
-
   const step = new Step('checkAuthorEmails');
 
   const uniqueAuthorEmails = [

src/proxy/processors/push-action/checkAuthorEmails.ts

@@ -51,8 +51,6 @@ const isMessageAllowed = (commitMessage: string): boolean => {
 
 // Execute if the repo is approved
 const exec = async (req: any, action: Action): Promise<Action> => {
-  console.log({ req, action });
-
   const step = new Step('checkCommitMessages');
 
   const uniqueCommitMessages = [...new Set(action.commitData?.map((commit) => commit.message))];

src/proxy/processors/push-action/checkCommitMessages.ts

@@ -9,15 +9,14 @@ const exec = async (req: any, action: Action): Promise<Action> => {
   const step = new Step('pullRemote');
 
   try {
-    action.proxyGitPath = `${dir}/${action.timestamp}`;
-
-    step.log(`Creating folder ${action.proxyGitPath}`);
+    action.proxyGitPath = `${dir}/${action.id}`;
 
     if (!fs.existsSync(dir)) {
       fs.mkdirSync(dir);
     }
 
     if (!fs.existsSync(action.proxyGitPath)) {
+      step.log(`Creating folder ${action.proxyGitPath}`);
       fs.mkdirSync(action.proxyGitPath, 0o755);
     }
 
@@ -33,15 +32,12 @@ const exec = async (req: any, action: Action): Promise<Action> => {
       fs,
       http: gitHttpClient,
       url: action.url,
-      onAuth: () => ({
-        username,
-        password,
-      }),
       dir: `${action.proxyGitPath}/${action.repoName}`,
+      onAuth: () => ({ username, password }),
+      singleBranch: true,
+      depth: 1,
     });
 
-    console.log('Clone Success: ', action.url);
-
     step.log(`Completed ${cmd}`);
     step.setContent(`Completed ${cmd}`);
   } catch (e: any) {

src/proxy/processors/push-action/pullRemote.ts

@@ -6,23 +6,31 @@ import { executeChain } from '../chain';
 import { processUrlPath, validGitRequest, getAllProxiedHosts } from './helper';
 import { ProxyOptions } from 'express-http-proxy';
 
+enum ActionType {
+  // eslint-disable-next-line no-unused-vars
+  ALLOWED = 'Allowed',
+  // eslint-disable-next-line no-unused-vars
+  ERROR = 'Error',
+  // eslint-disable-next-line no-unused-vars
+  BLOCKED = 'Blocked',
+}
+
 const logAction = (
   url: string,
   host: string | null | undefined,
   userAgent: string | null | undefined,
-  errMsg: string | null | undefined,
-  blockMsg?: string | null | undefined,
+  type: ActionType,
+  message?: string,
 ) => {
-  let msg = `Action processed: ${!(errMsg || blockMsg) ? 'Allowed' : 'Blocked'}
+  let msg = `Action processed: ${type}
     Request URL: ${url}
     Host:        ${host}
     User-Agent:  ${userAgent}`;
-  if (errMsg) {
-    msg += `\n    Error:       ${errMsg}`;
-  }
-  if (blockMsg) {
-    msg += `\n    Blocked:     ${blockMsg}`;
+
+  if (message && type !== ActionType.ALLOWED) {
+    msg += `\n    ${type}:       ${message}`;
   }
+
   console.log(msg);
 };
 
@@ -34,76 +42,69 @@ const proxyFilter: ProxyOptions['filter'] = async (req, res) => {
       urlComponents.gitPath === undefined ||
       !validGitRequest(urlComponents.gitPath, req.headers)
     ) {
-      logAction(
-        req.url,
-        req.headers.host,
-        req.headers['user-agent'],
-        'Invalid request received',
-        null,
-      );
-      // return status 200 to ensure that the error message is rendered by the git client
-      res.status(200).send(handleMessage('Invalid request received'));
+      const message = 'Invalid request received';
+      logAction(req.url, req.headers.host, req.headers['user-agent'], ActionType.ERROR, message);
+      res.status(200).send(handleMessage(message));
       return false;
     }
 
     const action = await executeChain(req, res);
 
     if (action.error || action.blocked) {
-      res.set('content-type', 'application/x-git-receive-pack-result');
-      res.set('expires', 'Fri, 01 Jan 1980 00:00:00 GMT');
-      res.set('pragma', 'no-cache');
-      res.set('cache-control', 'no-cache, max-age=0, must-revalidate');
-      res.set('vary', 'Accept-Encoding');
-      res.set('x-frame-options', 'DENY');
-      res.set('connection', 'close');
-
-      const packetMessage = handleMessage(action.errorMessage ?? action.blockedMessage ?? '');
-
-      logAction(
-        req.url,
-        req.headers.host,
-        req.headers['user-agent'],
-        action.errorMessage,
-        action.blockedMessage,
-      );
-      // return status 200 to ensure that the error message is rendered by the git client
-      res.status(200).send(packetMessage);
+      const message = action.errorMessage ?? action.blockedMessage ?? 'Unknown error';
+      const type = action.error ? ActionType.ERROR : ActionType.BLOCKED;
+
+      logAction(req.url, req.headers.host, req.headers['user-agent'], type, message);
+      sendErrorResponse(req, res, message);
       return false;
     }
 
-    logAction(
-      req.url,
-      req.headers.host,
-      req.headers['user-agent'],
-      action.errorMessage,
-      action.blockedMessage,
-    );
+    logAction(req.url, req.headers.host, req.headers['user-agent'], ActionType.ALLOWED);
 
     // this is the only case where we do not respond directly, instead we return true to proxy the request
     return true;
   } catch (e) {
-    const packetMessage = handleMessage(`Error occurred in proxy filter function ${e}`);
-
-    logAction(
-      req.url,
-      req.headers.host,
-      req.headers['user-agent'],
-      'Error occurred in proxy filter function: ' + ((e as Error).message ?? e),
-      null,
-    );
+    const message = `Error occurred in proxy filter function ${(e as Error).message ?? e}`;
 
-    // return status 200 to ensure that the error message is rendered by the git client
-    res.status(200).send(packetMessage);
+    logAction(req.url, req.headers.host, req.headers['user-agent'], ActionType.ERROR, message);
+    sendErrorResponse(req, res, message);
     return false;
   }
 };
 
+const sendErrorResponse = (req: Request, res: Response, message: string): void => {
+  // GET requests to /info/refs (used to check refs for many git operations) must use Git protocol error packet format
+  if (req.method === 'GET' && req.url.includes('/info/refs')) {
+    res.set('content-type', 'application/x-git-upload-pack-advertisement');
+    res.status(200).send(handleRefsErrorMessage(message));
+    return;
+  }
+
+  // Standard git receive-pack response
+  res.set('content-type', 'application/x-git-receive-pack-result');
+  res.set('expires', 'Fri, 01 Jan 1980 00:00:00 GMT');
+  res.set('pragma', 'no-cache');
+  res.set('cache-control', 'no-cache, max-age=0, must-revalidate');
+  res.set('vary', 'Accept-Encoding');
+  res.set('x-frame-options', 'DENY');
+  res.set('connection', 'close');
+
+  res.status(200).send(handleMessage(message));
+};
+
 const handleMessage = (message: string): string => {
   const body = `\t${message}`;
   const len = (6 + Buffer.byteLength(body)).toString(16).padStart(4, '0');
   return `${len}\x02${body}\n0000`;
 };
 
+const handleRefsErrorMessage = (message: string): string => {
+  // Git protocol for GET /info/refs error packets: PKT-LINE("ERR" SP explanation-text)
+  const errorBody = `ERR ${message}`;
+  const len = (4 + Buffer.byteLength(errorBody)).toString(16).padStart(4, '0');
+  return `${len}${errorBody}\n0000`;
+};
+
 const getRequestPathResolver: (prefix: string) => ProxyOptions['proxyReqPathResolver'] = (
   prefix,
 ) => {
@@ -155,15 +156,10 @@ const teeAndValidate = async (req: Request, res: Response, next: NextFunction) =
     (req as any).body = buf;
     const verdict = await executeChain(req, res);
     if (verdict.error || verdict.blocked) {
-      const msg = verdict.errorMessage ?? verdict.blockedMessage ?? '';
+      const message = verdict.errorMessage ?? verdict.blockedMessage ?? 'Unknown error';
+      const type = verdict.error ? ActionType.ERROR : ActionType.BLOCKED;
 
-      logAction(
-        req.url,
-        req.headers?.host,
-        req.headers?.['user-agent'],
-        verdict.errorMessage,
-        verdict.blockedMessage,
-      );
+      logAction(req.url, req.headers?.host, req.headers?.['user-agent'], type, message);
 
       res
         .set({
@@ -176,7 +172,7 @@ const teeAndValidate = async (req: Request, res: Response, next: NextFunction) =
           connection: 'close',
         })
         .status(200) // return status 200 to ensure that the error message is rendered by the git client
-        .send(handleMessage(msg));
+        .send(handleMessage(message));
       return;
     }
 
@@ -216,7 +212,8 @@ const getRouter = async () => {
         proxyReqOptDecorator: proxyReqOptDecorator,
         proxyReqBodyDecorator: proxyReqBodyDecorator,
         proxyErrorHandler: proxyErrorHandler,
-      }),
+        stream: true,
+      } as any),
     );
   });
 
@@ -229,7 +226,8 @@ const getRouter = async () => {
     proxyReqOptDecorator: proxyReqOptDecorator,
     proxyReqBodyDecorator: proxyReqBodyDecorator,
     proxyErrorHandler: proxyErrorHandler,
-  });
+    stream: true,
+  } as any);
 
   console.log('proxy keys registered: ', JSON.stringify(proxyKeys));
 
@@ -259,4 +257,12 @@ const getRouter = async () => {
   return router;
 };
 
-export { proxyFilter, getRouter, handleMessage, isPackPost, teeAndValidate, validGitRequest };
+export {
+  proxyFilter,
+  getRouter,
+  handleMessage,
+  handleRefsErrorMessage,
+  isPackPost,
+  teeAndValidate,
+  validGitRequest,
+};

src/proxy/routes/index.ts

@@ -78,8 +78,6 @@ router.post('/:id/reject', async (req, res) => {
 });
 
 router.post('/:id/authorise', async (req, res) => {
-  console.log({ req });
-
   const questions = req.body.params?.attestation;
   console.log({ questions });
 

src/service/routes/push.js

@@ -0,0 +1,11 @@
+const stripTrailingSlashes = (s: string) => s.replace(/\/+$/, '');
+
+/**
+ * The base URL for API requests.
+ *
+ * Uses the `VITE_API_URI` environment variable if set, otherwise defaults to the current origin.
+ * @return {string} The base URL to use for API requests.
+ */
+export const API_BASE = process.env.VITE_API_URI
+  ? stripTrailingSlashes(process.env.VITE_API_URI)
+  : '';

src/ui/apiBase.ts

@@ -18,6 +18,8 @@ import axios from 'axios';
 import { getAxiosConfig } from '../../services/auth';
 import { UserData } from '../../../types/models';
 
+import { API_BASE } from '../../apiBase';
+
 const useStyles = makeStyles(styles);
 
 const DashboardNavbarLinks: React.FC = () => {
@@ -51,11 +53,7 @@ const DashboardNavbarLinks: React.FC = () => {
 
   const logout = async () => {
     try {
-      const { data } = await axios.post(
-        `${process.env.VITE_API_URI || 'http://localhost:3000'}/api/auth/logout`,
-        {},
-        getAxiosConfig(),
-      );
+      const { data } = await axios.post(`${API_BASE}/api/auth/logout`, {}, getAxiosConfig());
 
       if (!data.isAuth && !data.user) {
         setAuth(false);

src/ui/components/Navbars/DashboardNavbarLinks.tsx

@@ -2,9 +2,9 @@ import axios, { AxiosError, AxiosResponse } from 'axios';
 import { getAxiosConfig, processAuthError } from './auth';
 import { UserData } from '../../types/models';
 
-type SetStateCallback<T> = (value: T | ((prevValue: T) => T)) => void;
+import { API_BASE } from '../apiBase';
 
-const baseUrl = process.env.VITE_API_URI || location.origin;
+type SetStateCallback<T> = (value: T | ((prevValue: T) => T)) => void;
 
 const getUser = async (
   setIsLoading?: SetStateCallback<boolean>,
@@ -13,9 +13,9 @@ const getUser = async (
   setIsError?: SetStateCallback<boolean>,
   id: string | null = null,
 ): Promise<void> => {
-  let url = `${baseUrl}/api/auth/profile`;
+  let url = `${API_BASE}/api/auth/profile`;
   if (id) {
-    url = `${baseUrl}/api/v1/user/${id}`;
+    url = `${API_BASE}/api/v1/user/${id}`;
   }
   console.log(url);
 
@@ -43,7 +43,7 @@ const getUsers = async (
   setErrorMessage: SetStateCallback<string>,
   query: Record<string, string> = {},
 ): Promise<void> => {
-  const url = new URL(`${baseUrl}/api/v1/user`);
+  const url = new URL(`${API_BASE}/api/v1/user`);
   url.search = new URLSearchParams(query).toString();
 
   setIsLoading(true);
@@ -70,7 +70,7 @@ const getUsers = async (
 
 const updateUser = async (data: UserData): Promise<void> => {
   console.log(data);
-  const url = new URL(`${baseUrl}/api/auth/gitAccount`);
+  const url = new URL(`${API_BASE}/api/auth/gitAccount`);
 
   try {
     await axios.post(url.toString(), data, getAxiosConfig());
@@ -89,7 +89,7 @@ const getUserLoggedIn = async (
   setIsError: SetStateCallback<boolean>,
   setAuth: SetStateCallback<boolean>,
 ): Promise<void> => {
-  const url = new URL(`${baseUrl}/api/auth/me`);
+  const url = new URL(`${API_BASE}/api/auth/me`);
 
   try {
     const response: AxiosResponse<UserData> = await axios(url.toString(), getAxiosConfig());