Fix code review comments + disable authorization on redirections

2021-07-26 19:07:23 +03:00 · 2021-07-26 19:07:23 +03:00 · 0335d8c0bc
commit 0335d8c0bc
parent cc12738f8e
3 changed files with 12 additions and 11 deletions
--- a/Library/Homebrew/download_strategy.rb
+++ b/Library/Homebrew/download_strategy.rb
@ -388,7 +388,9 @@ class CurlDownloadStrategy < AbstractFileDownloadStrategy

      ohai "Downloading #{url}"

-      resolved_url, _, url_time, = resolve_url_basename_time_file_size(url, timeout: end_time&.remaining!)
+      resolved_url, _, url_time, _, is_redirection =
+        resolve_url_basename_time_file_size(url, timeout: end_time&.remaining!)
+      meta[:headers].delete_if { |header| header[0].start_with?("Authorization") } if is_redirection

      fresh = if cached_location.exist? && url_time
        url_time <= cached_location.mtime
@ -449,7 +451,7 @@ class CurlDownloadStrategy < AbstractFileDownloadStrategy
    return @resolved_info_cache[url] if @resolved_info_cache.include?(url)

    if (domain = Homebrew::EnvConfig.artifact_domain)
-      url = url.sub(%r{^((ht|f)tps?://ghcr.io/)?}, "#{domain.chomp("/")}/")
+      url = url.sub(%r{^(https?://#{GitHubPackages::URL_DOMAIN}/)?}o, "#{domain.chomp("/")}/")
    end

    out, _, status= curl_output("--location", "--silent", "--head", "--request", "GET", url.to_s, timeout: timeout)
@ -507,8 +509,9 @@ class CurlDownloadStrategy < AbstractFileDownloadStrategy
           .last

    basename = filenames.last || parse_basename(redirect_url)
+    is_redirection = url != redirect_url

-    @resolved_info_cache[url] = [redirect_url, basename, time, file_size]
+    @resolved_info_cache[url] = [redirect_url, basename, time, file_size, is_redirection]
  end

  def _fetch(url:, resolved_url:, timeout:)
@ -528,8 +531,6 @@ class CurlDownloadStrategy < AbstractFileDownloadStrategy
  def _curl_args
    args = []

-    args += ["-L"] if Homebrew::EnvConfig.artifact_domain
-
    args += ["-b", meta.fetch(:cookies).map { |k, v| "#{k}=#{v}" }.join(";")] if meta.key?(:cookies)

    args += ["-e", meta.fetch(:referer)] if meta.key?(:referer)
@ -566,8 +567,9 @@ class CurlGitHubPackagesDownloadStrategy < CurlDownloadStrategy
  def initialize(url, name, version, **meta)
    meta ||= {}
    meta[:headers] ||= []
-    token = Homebrew::EnvConfig.artifact_domain ? ENV.fetch("HOMEBREW_REGISTRY_ACCESS_TOKEN", "") : "QQ=="
-    meta[:headers] << ["Authorization: Bearer #{token}"] unless token.empty?
+    token = Homebrew::EnvConfig.docker_registry_token
+    token ||= "QQ=="
+    meta[:headers] << ["Authorization: Bearer #{token}"] if token.present?
    super(url, name, version, meta)
  end

--- a/Library/Homebrew/env_config.rb
+++ b/Library/Homebrew/env_config.rb
@ -170,9 +170,8 @@ module Homebrew
        description: "Use this GitHub personal access token when accessing the GitHub Packages Registry "\
                     "(where bottles may be stored).",
      },
-      HOMEBREW_REGISTRY_ACCESS_TOKEN:         {
-        description: "Use this bearer token for authenticating with a private registry proxying GitHub "\
-                     "Packages Registry.",
+      HOMEBREW_DOCKER_REGISTRY_TOKEN:         {
+        description: "Use this bearer token for authenticating with a Docker registry proxying GitHub Packages.",
      },
      HOMEBREW_GITHUB_PACKAGES_USER:          {
        description: "Use this username when accessing the GitHub Packages Registry (where bottles may be stored).",
--- a/Library/Homebrew/github_packages.rb
+++ b/Library/Homebrew/github_packages.rb
@ -15,7 +15,7 @@ class GitHubPackages
  URL_DOMAIN = "ghcr.io"
  URL_PREFIX = "https://#{URL_DOMAIN}/v2/"
  DOCKER_PREFIX = "docker://#{URL_DOMAIN}/"
-  private_constant :URL_DOMAIN
+  public_constant :URL_DOMAIN
  private_constant :URL_PREFIX
  private_constant :DOCKER_PREFIX