diff options
| author | Liam Mitchell <[email protected]> | 2026-03-09 19:24:03 -0700 |
|---|---|---|
| committer | Liam Mitchell <[email protected]> | 2026-03-09 19:24:03 -0700 |
| commit | 8a71531578315dacb84ab55e4b85606b53e8c015 (patch) | |
| tree | f49a67466d076930541c9d9e0fffeb4bc73a463f /src/zenserver/storage/projectstore | |
| parent | Merge branch 'main' into lm/restrict-content-type (diff) | |
| parent | Merge pull request #710 from ue-foundation/lm/oidctoken-exe-path (diff) | |
| download | zen-8a71531578315dacb84ab55e4b85606b53e8c015.tar.xz zen-8a71531578315dacb84ab55e4b85606b53e8c015.zip | |
Merge branch 'main' into lm/restrict-content-type
Diffstat (limited to 'src/zenserver/storage/projectstore')
| -rw-r--r-- | src/zenserver/storage/projectstore/httpprojectstore.cpp | 81 | ||||
| -rw-r--r-- | src/zenserver/storage/projectstore/httpprojectstore.h | 20 |
2 files changed, 62 insertions, 39 deletions
diff --git a/src/zenserver/storage/projectstore/httpprojectstore.cpp b/src/zenserver/storage/projectstore/httpprojectstore.cpp index 836d84292..2fa10a292 100644 --- a/src/zenserver/storage/projectstore/httpprojectstore.cpp +++ b/src/zenserver/storage/projectstore/httpprojectstore.cpp @@ -28,6 +28,7 @@ #include <zenstore/oplogreferencedset.h> #include <zenstore/projectstore.h> #include <zenstore/zenstore.h> +#include <zenutil/authutils.h> #include <zenutil/openprocesscache.h> #include <zenutil/workerpools.h> @@ -106,7 +107,6 @@ CSVWriteOp(CidStore& CidStore, ////////////////////////////////////////////////////////////////////////// namespace { - void CbWriteOp(CidStore& CidStore, bool Details, bool OpDetails, @@ -273,7 +273,9 @@ namespace { size_t MaxBlockSize, size_t MaxChunkEmbedSize, size_t MaximumInMemoryDownloadSize, - const std::filesystem::path& TempFilePath) + const std::filesystem::path& TempFilePath, + const std::filesystem::path& OidcTokenExePath, + bool AllowExternalOidcTokenExe) { ZEN_MEMSCOPE(GetProjectHttpTag()); @@ -340,19 +342,24 @@ namespace { AccessToken = GetEnvVariable(AccessTokenEnvVariable); } } - std::filesystem::path OidcExePath; - if (std::string_view OidcExePathString = Cloud["oidc-exe-path"].AsString(); !OidcExePathString.empty()) + + std::filesystem::path OidcExePath = FindOidcTokenExePath(OidcTokenExePath.string()); + if (OidcExePath.empty() && AllowExternalOidcTokenExe) { - std::filesystem::path OidcExePathMaybe(OidcExePathString); - if (IsFile(OidcExePathMaybe)) - { - OidcExePath = std::move(OidcExePathMaybe); - } - else + if (std::string_view OidcExePathString = Cloud["oidc-exe-path"].AsString(); !OidcExePathString.empty()) { - ZEN_WARN("Path to OidcToken executable '{}' can not be reached by server", OidcExePathString); + std::filesystem::path OidcExePathMaybe(OidcExePathString); + if (IsFile(OidcExePathMaybe)) + { + OidcExePath = std::move(OidcExePathMaybe); + } + else + { + ZEN_WARN("Path to OidcToken executable '{}' can not be reached by server", OidcExePathString); + } } } + std::string_view KeyParam = Cloud["key"sv].AsString(); if (KeyParam.empty()) { @@ -470,19 +477,24 @@ namespace { AccessToken = GetEnvVariable(AccessTokenEnvVariable); } } - std::filesystem::path OidcExePath; - if (std::string_view OidcExePathString = Builds["oidc-exe-path"].AsString(); !OidcExePathString.empty()) + + std::filesystem::path OidcExePath = FindOidcTokenExePath(OidcTokenExePath.string()); + if (OidcExePath.empty() && AllowExternalOidcTokenExe) { - std::filesystem::path OidcExePathMaybe(OidcExePathString); - if (IsFile(OidcExePathMaybe)) - { - OidcExePath = std::move(OidcExePathMaybe); - } - else + if (std::string_view OidcExePathString = Builds["oidc-exe-path"].AsString(); !OidcExePathString.empty()) { - ZEN_WARN("Path to OidcToken executable '{}' can not be reached by server", OidcExePathString); + std::filesystem::path OidcExePathMaybe(OidcExePathString); + if (IsFile(OidcExePathMaybe)) + { + OidcExePath = std::move(OidcExePathMaybe); + } + else + { + ZEN_WARN("Path to OidcToken executable '{}' can not be reached by server", OidcExePathString); + } } } + std::string_view BuildIdParam = Builds["buildsid"sv].AsString(); if (BuildIdParam.empty()) { @@ -647,14 +659,16 @@ namespace { ////////////////////////////////////////////////////////////////////////// -HttpProjectService::HttpProjectService(CidStore& Store, - ProjectStore* Projects, - HttpStatusService& StatusService, - HttpStatsService& StatsService, - AuthMgr& AuthMgr, - OpenProcessCache& InOpenProcessCache, - JobQueue& InJobQueue, - bool InRestrictContentTypes) +HttpProjectService::HttpProjectService(CidStore& Store, + ProjectStore* Projects, + HttpStatusService& StatusService, + HttpStatsService& StatsService, + AuthMgr& AuthMgr, + OpenProcessCache& InOpenProcessCache, + JobQueue& InJobQueue, + bool InRestrictContentTypes, + const std::filesystem::path& InOidcTokenExePath, + bool InAllowExternalOidcTokenExe) : m_Log(logging::Get("project")) , m_CidStore(Store) , m_ProjectStore(Projects) @@ -664,6 +678,8 @@ HttpProjectService::HttpProjectService(CidStore& Store, , m_OpenProcessCache(InOpenProcessCache) , m_JobQueue(InJobQueue) , m_RestrictContentTypes(InRestrictContentTypes) +, m_OidcTokenExePath(InOidcTokenExePath) +, m_AllowExternalOidcTokenExe(InAllowExternalOidcTokenExe) { ZEN_MEMSCOPE(GetProjectHttpTag()); @@ -2825,8 +2841,9 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req) MaxBlockSize, MaxChunkEmbedSize, GetMaxMemoryBufferSize(MaxBlockSize, BoostWorkerMemory), - Oplog->TempPath())); - + Oplog->TempPath(), + m_OidcTokenExePath, + m_AllowExternalOidcTokenExe)); if (RemoteStoreResult->Store == nullptr) { return HttpReq.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, RemoteStoreResult->Description); @@ -2905,7 +2922,9 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req) MaxBlockSize, MaxChunkEmbedSize, GetMaxMemoryBufferSize(MaxBlockSize, BoostWorkerMemory), - Oplog->TempPath()); + Oplog->TempPath(), + m_OidcTokenExePath, + m_AllowExternalOidcTokenExe); if (RemoteStoreResult.Store == nullptr) { diff --git a/src/zenserver/storage/projectstore/httpprojectstore.h b/src/zenserver/storage/projectstore/httpprojectstore.h index a1f649ed6..917337324 100644 --- a/src/zenserver/storage/projectstore/httpprojectstore.h +++ b/src/zenserver/storage/projectstore/httpprojectstore.h @@ -38,14 +38,16 @@ class TransferThreadWorkers; class HttpProjectService : public HttpService, public IHttpStatusProvider, public IHttpStatsProvider { public: - HttpProjectService(CidStore& Store, - ProjectStore* InProjectStore, - HttpStatusService& StatusService, - HttpStatsService& StatsService, - AuthMgr& AuthMgr, - OpenProcessCache& InOpenProcessCache, - JobQueue& InJobQueue, - bool InRestrictContentTypes); + HttpProjectService(CidStore& Store, + ProjectStore* InProjectStore, + HttpStatusService& StatusService, + HttpStatsService& StatsService, + AuthMgr& AuthMgr, + OpenProcessCache& InOpenProcessCache, + JobQueue& InJobQueue, + bool InRestrictContentTypes, + const std::filesystem::path& InOidcTokenExePath, + bool AllowExternalOidcTokenExe); ~HttpProjectService(); virtual const char* BaseUri() const override; @@ -112,6 +114,8 @@ private: RwLock m_ThreadWorkersLock; Ref<TransferThreadWorkers> m_ThreadWorkers; bool m_RestrictContentTypes; + std::filesystem::path m_OidcTokenExePath; + bool m_AllowExternalOidcTokenExe; Ref<TransferThreadWorkers> GetThreadWorkers(bool BoostWorkers, bool SingleThreaded); }; |