Ensure that requests are not forwarded for unknown repositories #1163
Description
Describe the bug
In #1043 it was observed that requests are forwarded to github.com for unknown repositories in some cases:
E.g.
processing request URL: '/gitlab.com/gitlab-community/meta.git/info/refs?service=git-upload-pack'
proxy keys registered: ["/github.com/"]
using fallback
Action processed: Allowed
Request URL: /gitlab.com/gitlab-community/meta.git/info/refs?service=git-upload-pack
Host: 127.0.0.1:61485
User-Agent: git/2.42.0
Request resolved to https://github.com/gitlab.com/gitlab-community/meta.git/info/refs?service=git-upload-pack
This is in the proxy route tests at:
git-proxy/test/testProxyRoute.test.js
Line 427 in 9679618
The test currently passes as the resulting URL is not a project at github.com and hence a 404 is returned through the proxy. However, pull requests - likely any requests - should not be forwarded unless the repository is known/configured in git proxy. This appears to be the intent for pull requests as CheckRepoInAuthorisedList is the only default processor in the pull chain:
Lines 26 to 28 in 9679618
To Reproduce
Run the tests and check the output for test 'should be restarted by the api and stop proxying requests for a host (e.g. gitlab.com) when the last project at that host is DELETED via the API'. "Action processed: Blocked" should appear in the log for that test.
Alternatively, manually construct a URL that git-proxy would produce for a gihub repo, but hasn't as its not configured. Then add that as a remote and attempt to fetch/pull from it.
Expected behavior
"Action processed: Blocked" should always appear in the log for operations on unknown repositories.
Additional context
There exists a test that confirms we run NO actions for anything other than a pull or push request. Whereas I think we should always check that the repository is known before forwarding any request. Otherwise, we risk the proxy being abused in unexpected ways.