feat: http filtering #415

coopernetes · 2024-01-24T22:10:32Z

Fixes #410

(Hello from Git Proxy 👋)

netlify · 2024-01-24T22:10:37Z

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	`3092274`
🔍 Latest deploy log	https://app.netlify.com/sites/endearing-brigadeiros-63f9d0/deploys/65c5486ba8402200084474c4

src/proxy/routes/index.js

src/proxy/index.js

test/testRouteFilter.js

JamieSlome

I've left a couple of comments; otherwise very straight forward and solid implementation 👍 ❤️ 🍰

I love my emojis...

JamieSlome · 2024-02-06T15:42:47Z

@coopernetes - can we resolve merge conflicts? I merged #409 which also had changes to the router in src/proxy/index.js?

JamieSlome

LGTM! 🍰

Just need the merge conflict resolved and good to go!

codecov · 2024-02-06T21:07:10Z

Codecov Report

Attention: 7 lines in your changes are missing coverage. Please review.

Comparison is base (e5bb34a) 56.85% compared to head (3092274) 57.15%.

Files	Patch %	Lines
src/proxy/routes/index.js	68.18%	7 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #415      +/-   ##
==========================================
+ Coverage   56.85%   57.15%   +0.30%     
==========================================
  Files          39       39              
  Lines        1036     1055      +19     
==========================================
+ Hits          589      603      +14     
- Misses        447      452       +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

JamieSlome · 2024-02-06T21:14:23Z

Oh, Codecov how we love you so. @coopernetes - happy to bump up the coverage before we merge?

We should probably make the project level Action informational and the PR level breaking whilst we slowly bring up the coverage for the rest of the repository.

coopernetes · 2024-02-06T23:23:38Z

Oh, Codecov how we love you so. @coopernetes - happy to bump up the coverage before we merge?

Most of the required refactoring for getting additional coverage is not something I want to do in this PR. I would essentially have to rewrite the Express middleware & routing layer to abstract it into a set of testable functions. That's probably effort better spent on changes to move us to 2.x.

We should probably make the project level Action informational and the PR level breaking whilst we slowly bring up the coverage for the rest of the repository.

Let me see what codecov makes available in their configuration. I would like to preserve the PR comment for the report even if the status check isn't blocking builds. This gives needed feedback in the PR while we improve overall coverage.

https://docs.codecov.com/docs/codecovyml-reference

coopernetes · 2024-02-06T23:26:35Z

Looking at the details, I think we can retest this after #429 is merged. The "baseline" report is misreported against a different branch.

https://app.codecov.io/gh/finos/git-proxy/tree/bugfix%2Fci-permissions

JamieSlome · 2024-02-07T07:14:48Z

@coopernetes - agree with your comment before last. #429 is now merged by the way 👌

JamieSlome · 2024-02-07T08:17:11Z

@coopernetes - as long as we can keep a view of the coverage of suggested changes in the PR that is good enough for now.

JamieSlome · 2024-02-07T08:23:18Z

Looking at Codecov, it looks like it is already achieving this. We just don't want to return a failing state to CI.

coopernetes · 2024-02-08T13:58:42Z

Now that #442 is merged, let me rebase again and retest. @JamieSlome are you good with the latest changes? Hoping to get this merged soon.

JamieSlome

LGTM @coopernetes ❤️

Would like to get an idea of the coverage percentage but happy to merge in any case. Will keep my eyes open for your re-base.

Fixes finos#410

- Accept is only set for certain git actions so refactored into one validation function - pass routes correctly to express (fix TypeError on startup)

- separate out the HTTP git filtering logic from the URL parsing, which includes stripping the GitHub repo owner/name.

coopernetes · 2024-02-08T21:41:03Z

LGTM @coopernetes ❤️

Would like to get an idea of the coverage percentage but happy to merge in any case. Will keep my eyes open for your re-base.

codecov/project — 57.15% (+0.30%) compared to e5bb34a 😅

* feat: filter non-git HTTP requests being proxied Fixes finos#410 * feat: refactor to one validation function - Accept is only set for certain git actions so refactored into one validation function - pass routes correctly to express (fix TypeError on startup) * feat: separate url stripping into its own function - separate out the HTTP git filtering logic from the URL parsing, which includes stripping the GitHub repo owner/name.

- new abstraction layers for creating & configuring providers - unify filter & provider configuration into a single properties class - allow filters to apply on push and/or fetch arbitrarily - prevent ProxyServlet from sending error'd requests (stop processing when the servlet sends an error back to the client) - re-worked GitClient to be more complete (all common ANSI colors included) and friendly for callers. Also, helper method to handle plain & emoji symbols Three filters are implemented so far: - a path-based whitelist (provider agnostic) on repository owners, names and/or full "slugs" - check that the client is sending authentication (GitHub only) - only permit proxy requests from valid git clients (a more complete version of finos#415)

JamieSlome mentioned this pull request Jan 25, 2024

Filter HTTP requests that are not specific to git operations #410

Closed