| commit | bd7602523971487416a4e987a0925f8a57ebfbe0 | [log] [tgz] |
|---|---|---|
| author | Luca Milanesio <luca.milanesio@gmail.com> | Fri Apr 19 12:33:48 2024 +0100 |
| committer | Luca Milanesio <luca.milanesio@gmail.com> | Fri Apr 19 13:29:12 2024 +0100 |
| tree | 2ad597b4679c049e0847e8c8011c860de72c69e5 | |
| parent | f94abd64a288e5c25adee4d3e88bf79990f77c5b [diff] |
Fix OutOfScopeException getting the serverName from HTTP request Whenever the caller was coming from an HTTP thread that was not coming from a Guice filter (e.g. GitHub OAuth filter) the request for the canonicalWebUrl was throwing an OutOfScopeException. One sample scenario was the following stack of calls: c.g.g.m.v.VirtualHostHttpCanonicalWebUrlProvider.lambda$getServerName java.base/java.util.Optional.map c.g.g.m.v.VirtualHostHttpCanonicalWebUrlProvider.getServerName c.g.g.m.v.VirtualHostHttpCanonicalWebUrlProvider.get c.g.g.p.g.o.CanonicalWebUrls.getCannonicalWebUrl c.g.g.p.g.o.CanonicalWebUrls.getOAuthFinalRedirectUrl c.g.g.p.g.o.OAuthProtocol.getAuthorizationUrl c.g.g.p.g.o.OAuthProtocol.loginPhase1 c.g.g.p.g.o.GitHubLogin.login c.g.g.p.g.o.OAuthWebFilter.login c.g.g.p.g.o.OAuthWebFilter.doFilter c.g.g.p.g.o.OAuthFilter.doFilter org.eclipse.jetty.servlet.FilterHolder.doFilter Because the request for a canonical web url was coming from OAuthFilter.doFilter invoked directly from Jetty, the Guice filter did not manage to inject the current request, making the lamba execution of the map to throw an unchecked exception. By swapping the check between the local thread the scoped HTTP request and catching the OutOfScopeException, the above condition would just return into an empty server name. Change-Id: Ie645fa3e07d128d6fbdbd0624196e7c43d35929c
Gerrit lib module to split the projects' space into virtual hosts similarly of what you would do with an HTTP Server and different domain names.
Build this module as it was a Gerrit plugin:
virtualhost directory to Gerrit /plugins/virtualhostbazel build plugins/virtualhostvirtualhost.jar module is generated under /bazel-genfiles/plugins/virtualhost/Copy virtualhost.jar library to Gerrit /lib and add the following two extra settings to gerrit.config:
[gerrit] installModule = com.gerritforge.gerrit.modules.virtualhost.GuiceModule [httpd] filterClass = com.gerritforge.gerrit.modules.virtualhost.VirtualHostFilter
X-Forwarded-Host Header:When Gerrit is hidden behind multiple service layers (eg. reverse-proxy and load balancer), it is essential to ensure the propagation from the upstream proxy of the header X-Forwarded-Host from the upstream proxy.
/etc/virtualhost.config contains the definition of the virtual hosts and the set of projects included.
Each server section defines a virtual host and contains a set of projects included. Projects are defined using Gerrit ref-matching expressions and can be repeated multiple times to include multiple matchers.
Example to include all the projects starting with team1/ and the ones starting with the username:
[server "team1.mycompany.com"]
projects = team1/*
projects = ${username}/*
For all the other server names that are not defined and for SSH access, there is a special default section that lists of visible projects.
Example to include all the projects by default:
[default] projects = ^.*