Merge pull request #183 from github/ssh

SSH support

commands/command_env.go

@@ -16,12 +16,21 @@ var (
 func envCommand(cmd *cobra.Command, args []string) {
 	config := lfs.Config
 
-	if endpoint := config.Endpoint(); len(endpoint) > 0 {
+	endpoint := config.Endpoint()
-		Print("Endpoint=%s", endpoint)
+
+	if len(endpoint.Url) > 0 {
+		Print("Endpoint=%s", endpoint.Url)
+		if len(endpoint.SshUserAndHost) > 0 {
+			Print("  SSH=%s:%s", endpoint.SshUserAndHost, endpoint.SshPath)
+		}
 	}
 
 	for _, remote := range config.Remotes() {
-		Print("Endpoint (%s)=%s", remote, config.RemoteEndpoint(remote))
+		remoteEndpoint := config.RemoteEndpoint(remote)
+		Print("Endpoint (%s)=%s", remote, remoteEndpoint.Url)
+		if len(endpoint.SshUserAndHost) > 0 {
+			Print("  SSH=%s:%s", endpoint.SshUserAndHost, endpoint.SshPath)
+		}
 	}
 
 	for _, env := range lfs.Environ() {

lfs/client.go

@@ -148,7 +148,7 @@ func Upload(oidPath, filename string, cb CopyCallback) *WrappedError {
 		return Error(err)
 	}
 
-	req, creds, err := newApiRequest("POST", "")
+	req, creds, err := newApiRequest("POST", oid)
 	if err != nil {
 		return Error(err)
 	}
@@ -367,7 +367,15 @@ func saveCredentials(creds Creds, res *http.Response) {
 }
 
 func newApiRequest(method, oid string) (*http.Request, Creds, error) {
-	u, err := Config.ObjectUrl(oid)
+	endpoint := Config.Endpoint()
+	objectOid := oid
+	operation := "download"
+	if method == "POST" {
+		objectOid = ""
+		operation = "upload"
+	}
+
+	u, err := ObjectUrl(endpoint, objectOid)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -375,6 +383,11 @@ func newApiRequest(method, oid string) (*http.Request, Creds, error) {
 	req, creds, err := newClientRequest(method, u.String())
 	if err == nil {
 		req.Header.Set("Accept", mediaType)
+		if err := mergeSshHeader(req.Header, endpoint, operation, oid); err != nil {
+			tracerx.Printf("ssh: attempted with %s.  Error: %s",
+				endpoint.SshUserAndHost, err.Error(),
+			)
+		}
 	}
 	return req, creds, err
 }
@@ -417,7 +430,7 @@ func getCreds(req *http.Request) (Creds, error) {
 }
 
 func setErrorRequestContext(err *WrappedError, req *http.Request) {
-	err.Set("Endpoint", Config.Endpoint())
+	err.Set("Endpoint", Config.Endpoint().Url)
 	err.Set("URL", fmt.Sprintf("%s %s", req.Method, req.URL.String()))
 	setErrorHeaderContext(err, "Response", req.Header)
 }

lfs/config.go

@@ -20,6 +20,12 @@ type Configuration struct {
 	isTracingHttp         bool
 }
 
+type Endpoint struct {
+	Url            string
+	SshUserAndHost string
+	SshPath        string
+}
+
 var (
 	Config        = NewConfig()
 	httpPrefixRe  = regexp.MustCompile("\\Ahttps?://")
@@ -34,13 +40,26 @@ func NewConfig() *Configuration {
 	return c
 }
 
-func (c *Configuration) Endpoint() string {
+func ObjectUrl(endpoint Endpoint, oid string) (*url.URL, error) {
+	u, err := url.Parse(endpoint.Url)
+	if err != nil {
+		return nil, err
+	}
+
+	u.Path = path.Join(u.Path, "objects")
+	if len(oid) > 0 {
+		u.Path = path.Join(u.Path, oid)
+	}
+	return u, nil
+}
+
+func (c *Configuration) Endpoint() Endpoint {
 	if url, ok := c.GitConfig("lfs.url"); ok {
-		return url
+		return Endpoint{Url: url}
 	}
 
 	if len(c.CurrentRemote) > 0 && c.CurrentRemote != defaultRemote {
-		if endpoint := c.RemoteEndpoint(c.CurrentRemote); len(endpoint) > 0 {
+		if endpoint := c.RemoteEndpoint(c.CurrentRemote); len(endpoint.Url) > 0 {
 			return endpoint
 		}
 	}
@@ -48,32 +67,41 @@ func (c *Configuration) Endpoint() string {
 	return c.RemoteEndpoint(defaultRemote)
 }
 
-func (c *Configuration) RemoteEndpoint(remote string) string {
+func (c *Configuration) RemoteEndpoint(remote string) Endpoint {
 	if len(remote) == 0 {
 		remote = defaultRemote
 	}
 
 	if url, ok := c.GitConfig("remote." + remote + ".lfs_url"); ok {
-		return url
+		return Endpoint{Url: url}
 	}
 
 	if url, ok := c.GitConfig("remote." + remote + ".url"); ok {
+		endpoint := Endpoint{Url: url}
+
 		if !httpPrefixRe.MatchString(url) {
 			pieces := strings.SplitN(url, ":", 2)
 			hostPieces := strings.SplitN(pieces[0], "@", 2)
 			if len(hostPieces) < 2 {
-				return "unknown"
+				endpoint.Url = "<unknown>"
+				return endpoint
 			}
-			url = fmt.Sprintf("https://%s/%s", hostPieces[1], pieces[1])
+
+			endpoint.SshUserAndHost = pieces[0]
+			endpoint.SshPath = pieces[1]
+			endpoint.Url = fmt.Sprintf("https://%s/%s", hostPieces[1], pieces[1])
 		}
 
 		if path.Ext(url) == ".git" {
-			return url + "/info/lfs"
+			endpoint.Url += "/info/lfs"
+		} else {
+			endpoint.Url += ".git/info/lfs"
 		}
-		return url + ".git/info/lfs"
+
+		return endpoint
 	}
 
-	return ""
+	return Endpoint{}
 }
 
 func (c *Configuration) Remotes() []string {
@@ -93,16 +121,7 @@ func (c *Configuration) SetConfig(key, value string) {
 }
 
 func (c *Configuration) ObjectUrl(oid string) (*url.URL, error) {
-	u, err := url.Parse(c.Endpoint())
+	return ObjectUrl(c.Endpoint(), oid)
-	if err != nil {
-		return nil, err
-	}
-
-	u.Path = path.Join(u.Path, "objects")
-	if len(oid) > 0 {
-		u.Path = path.Join(u.Path, oid)
-	}
-	return u, nil
 }
 
 type AltConfig struct {

lfs/config_test.go

@@ -11,7 +11,10 @@ func TestEndpointDefaultsToOrigin(t *testing.T) {
 		remotes:   []string{},
 	}
 
-	assert.Equal(t, "abc", config.Endpoint())
+	endpoint := config.Endpoint()
+	assert.Equal(t, "abc", endpoint.Url)
+	assert.Equal(t, "", endpoint.SshUserAndHost)
+	assert.Equal(t, "", endpoint.SshPath)
 }
 
 func TestEndpointOverridesOrigin(t *testing.T) {
@@ -23,7 +26,10 @@ func TestEndpointOverridesOrigin(t *testing.T) {
 		remotes: []string{},
 	}
 
-	assert.Equal(t, "abc", config.Endpoint())
+	endpoint := config.Endpoint()
+	assert.Equal(t, "abc", endpoint.Url)
+	assert.Equal(t, "", endpoint.SshUserAndHost)
+	assert.Equal(t, "", endpoint.SshPath)
 }
 
 func TestEndpointNoOverrideDefaultRemote(t *testing.T) {
@@ -35,7 +41,10 @@ func TestEndpointNoOverrideDefaultRemote(t *testing.T) {
 		remotes: []string{},
 	}
 
-	assert.Equal(t, "abc", config.Endpoint())
+	endpoint := config.Endpoint()
+	assert.Equal(t, "abc", endpoint.Url)
+	assert.Equal(t, "", endpoint.SshUserAndHost)
+	assert.Equal(t, "", endpoint.SshPath)
 }
 
 func TestEndpointUseAlternateRemote(t *testing.T) {
@@ -49,61 +58,97 @@ func TestEndpointUseAlternateRemote(t *testing.T) {
 
 	config.CurrentRemote = "other"
 
-	assert.Equal(t, "def", config.Endpoint())
+	endpoint := config.Endpoint()
+	assert.Equal(t, "def", endpoint.Url)
+	assert.Equal(t, "", endpoint.SshUserAndHost)
+	assert.Equal(t, "", endpoint.SshPath)
 }
 
-func TestEndpointAddsMediaSuffix(t *testing.T) {
+func TestEndpointAddsLfsSuffix(t *testing.T) {
 	config := &Configuration{
 		gitConfig: map[string]string{"remote.origin.url": "https://example.com/foo/bar"},
 		remotes:   []string{},
 	}
 
-	assert.Equal(t, "https://example.com/foo/bar.git/info/lfs", config.Endpoint())
+	endpoint := config.Endpoint()
+	assert.Equal(t, "https://example.com/foo/bar.git/info/lfs", endpoint.Url)
+	assert.Equal(t, "", endpoint.SshUserAndHost)
+	assert.Equal(t, "", endpoint.SshPath)
 }
 
-func TestBareEndpointAddsMediaSuffix(t *testing.T) {
+func TestBareEndpointAddsLfsSuffix(t *testing.T) {
 	config := &Configuration{
 		gitConfig: map[string]string{"remote.origin.url": "https://example.com/foo/bar.git"},
 		remotes:   []string{},
 	}
 
-	assert.Equal(t, "https://example.com/foo/bar.git/info/lfs", config.Endpoint())
+	endpoint := config.Endpoint()
+	assert.Equal(t, "https://example.com/foo/bar.git/info/lfs", endpoint.Url)
+	assert.Equal(t, "", endpoint.SshUserAndHost)
+	assert.Equal(t, "", endpoint.SshPath)
 }
 
-func TestSSHEndpointAddsMediaSuffix(t *testing.T) {
+func TestSSHEndpointOverridden(t *testing.T) {
+	config := &Configuration{
+		gitConfig: map[string]string{
+			"remote.origin.url":     "git@example.com:foo/bar",
+			"remote.origin.lfs_url": "lfs",
+		},
+		remotes: []string{},
+	}
+
+	endpoint := config.Endpoint()
+	assert.Equal(t, "lfs", endpoint.Url)
+	assert.Equal(t, "", endpoint.SshUserAndHost)
+	assert.Equal(t, "", endpoint.SshPath)
+}
+
+func TestSSHEndpointAddsLfsSuffix(t *testing.T) {
 	config := &Configuration{
 		gitConfig: map[string]string{"remote.origin.url": "git@example.com:foo/bar"},
 		remotes:   []string{},
 	}
 
-	assert.Equal(t, "https://example.com/foo/bar.git/info/lfs", config.Endpoint())
+	endpoint := config.Endpoint()
+	assert.Equal(t, "https://example.com/foo/bar.git/info/lfs", endpoint.Url)
+	assert.Equal(t, "git@example.com", endpoint.SshUserAndHost)
+	assert.Equal(t, "foo/bar", endpoint.SshPath)
 }
 
-func TestBareSSHEndpointAddsMediaSuffix(t *testing.T) {
+func TestBareSSHEndpointAddsLfsSuffix(t *testing.T) {
 	config := &Configuration{
 		gitConfig: map[string]string{"remote.origin.url": "git@example.com:foo/bar.git"},
 		remotes:   []string{},
 	}
 
-	assert.Equal(t, "https://example.com/foo/bar.git/info/lfs", config.Endpoint())
+	endpoint := config.Endpoint()
+	assert.Equal(t, "https://example.com/foo/bar.git/info/lfs", endpoint.Url)
+	assert.Equal(t, "git@example.com", endpoint.SshUserAndHost)
+	assert.Equal(t, "foo/bar.git", endpoint.SshPath)
 }
 
-func TestHTTPEndpointAddsMediaSuffix(t *testing.T) {
+func TestHTTPEndpointAddsLfsSuffix(t *testing.T) {
 	config := &Configuration{
 		gitConfig: map[string]string{"remote.origin.url": "http://example.com/foo/bar"},
 		remotes:   []string{},
 	}
 
-	assert.Equal(t, "http://example.com/foo/bar.git/info/lfs", config.Endpoint())
+	endpoint := config.Endpoint()
+	assert.Equal(t, "http://example.com/foo/bar.git/info/lfs", endpoint.Url)
+	assert.Equal(t, "", endpoint.SshUserAndHost)
+	assert.Equal(t, "", endpoint.SshPath)
 }
 
-func TestBareHTTPEndpointAddsMediaSuffix(t *testing.T) {
+func TestBareHTTPEndpointAddsLfsSuffix(t *testing.T) {
 	config := &Configuration{
 		gitConfig: map[string]string{"remote.origin.url": "http://example.com/foo/bar.git"},
 		remotes:   []string{},
 	}
 
-	assert.Equal(t, "http://example.com/foo/bar.git/info/lfs", config.Endpoint())
+	endpoint := config.Endpoint()
+	assert.Equal(t, "http://example.com/foo/bar.git/info/lfs", endpoint.Url)
+	assert.Equal(t, "", endpoint.SshUserAndHost)
+	assert.Equal(t, "", endpoint.SshPath)
 }
 
 func TestObjectUrl(t *testing.T) {

lfs/ssh.go

@@ -0,0 +1,54 @@
+package lfs
+
+import (
+	"encoding/json"
+	"github.com/rubyist/tracerx"
+	"net/http"
+	"os/exec"
+)
+
+type sshAuthResponse struct {
+	Message   string            `json:"-"`
+	Header    map[string]string `json:"header"`
+	ExpiresAt string            `json:"expires_at"`
+}
+
+func mergeSshHeader(header http.Header, endpoint Endpoint, operation, oid string) error {
+	if len(endpoint.SshUserAndHost) == 0 {
+		return nil
+	}
+
+	res, err := sshAuthenticate(endpoint, operation, oid)
+	if err != nil {
+		return err
+	}
+
+	if res.Header != nil {
+		for key, value := range res.Header {
+			header.Set(key, value)
+		}
+	}
+
+	return nil
+}
+
+func sshAuthenticate(endpoint Endpoint, operation, oid string) (sshAuthResponse, error) {
+	tracerx.Printf("ssh: %s git-lfs-authenticate %s %s %s",
+		endpoint.SshUserAndHost, endpoint.SshPath, operation, oid)
+	cmd := exec.Command("ssh", endpoint.SshUserAndHost,
+		"git-lfs-authenticate",
+		endpoint.SshPath,
+		operation, oid,
+	)
+
+	out, err := cmd.CombinedOutput()
+	res := sshAuthResponse{}
+
+	if err != nil {
+		res.Message = string(out)
+	} else {
+		err = json.Unmarshal(out, &res)
+	}
+
+	return res, err
+}

script/release.go

@@ -12,7 +12,7 @@ import (
 
 var (
 	ReleaseId    = flag.Int("id", 0, "github/git-lfs Release ID")
-	uploadUrlFmt = "https://uploads.github.com/repos/github/git-lfs/releases/%d/assets?%s"
+	uploadUrlFmt = "https://uploads.github.com/repos/github/git-lfs-interim/releases/%d/assets?%s"
 )
 
 func mainRelease() {