[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [egit-dev] [mylyn-reviews-dev] what does gerrit connector use to list projects?
|
> Gerrit uses HTTP Digest authentication, and /projects/ assumes by
> default anonymous access and doesn't prompt for authentication. If the
> user knows they need to authenticate to see a project they might be
> interested in, they can force the server to authenticate them by
> adding a "/a/" prefix to the URL:
> This is a unique problem to
> Gerrit I think because Gerrit relies on Digest authentication where
> the user agent can't just preset the Authorization HTTP header with
> the supplied credentials on the first request.
Gitblit uses HTTP Basic authentication and strongly recommends coupling
that with https.
Like Gerrit, Gitblit already has a JSON-based RPC mechanism for query
and control.
Sample repository enumeration output here:
http://demo-gitblit.rhcloud.com/rpc?req=list_repositories
It is not exactly a REST implementation, but it is fairly close. It is
documented here http://gitblit.com/rpc.html.
I'm thinking even if I implement Gerrit's repository model (which
suprisingly does not specify a clone url? how do you choose
git/ssh/http?), we may fall apart on authentication and that is a
critical piece for both projects.
For Gitblit, anonymous and authenticated requests are both
http://demo-gitblit.rhcloud.com/rpc?req=list_repositories
If the request has an "Authorization" header set to "basic
base64(username:password)" the response will include the user's
accessible repositories, if not it will return whatever is anonymously
available. Nice and simple... and insecure unless using https. :)
So maybe Gitblit would still benefit from it's own clone source
implementation.
Anyone on the EGit team want to implement that for me? You'd be saving
the environment... just think of how many CPU cycles you'd be trimming
for Gitblit users to clone repositories. Don't you want to be a Green
hero? :-)
In the event that someone feels courageous and it's a rainy day...
Below are the 3 utility classes and 1 model class involved with making a
successful "list_repositories" RPC request from the Gitblit Manager app
to any (configured) Gitblit instance since v0.7.0 (2011-11-11). For the
purpose of an EGit clone source, this could be consolidated into 1 or 2
methods and a really simple model class. The only complications should
be:
1. need a JSON deserializer (Gitblit and Gerrit both use GSON)
2. need option of ignoring self-signed certificate verification failures
(including hostnames!); you'll see that ConnectionUtils does this
automatically.
Alternatively, Gitblit could generate a different format if a JSON
deserialiazer is unwanted: csv, yaml, xml, whatever. You name it, I'll
do it.
https://github.com/gitblit/gitblit/blob/master/src/com/gitblit/utils/RpcUtils.java
https://github.com/gitblit/gitblit/blob/master/src/com/gitblit/utils/JsonUtils.java
https://github.com/gitblit/gitblit/blob/master/src/com/gitblit/utils/ConnectionUtils.java
https://github.com/gitblit/gitblit/blob/master/src/com/gitblit/models/RepositoryModel.java
-J
