Let go middleware response http semantic status code

Baodongrequested to merge
gitlab-jh/jh-team/gitlab:fix-http-code-when-go-get-for-multi-subgroup-private-repo-without-auth into master

Related issue link: #36354 (closed)

What does this MR do and why?

Let go middleware response HTTP semantic status code.

Gitlab::Middleware::Go is a Rack middleware to fetch Golang module.

Bug reproduce

For example, there is a private repo: default_box, under multi level namespace: icbd-group/golang .

go get -u gitlab.com/icbd-group/golang/default_box

go get will automatically make such a request for us, and then parse the repo path in it.

curl "https://gitlab.com/icbd-group/golang/default_box?go-get=1"

Response status code: 200

Response body:

<html><head><meta name="go-import" content="gitlab.com/icbd-group/golang git https://gitlab.com/icbd-group/golang.git" /><meta name="go-source" content="gitlab.com/icbd-group/golang https://gitlab.com/icbd-group/golang https://gitlab.com/icbd-group/golang/-/tree/master{/dir} https://gitlab.com/icbd-group/golang/-/blob/master{/dir}/{file}#L{line}" /></head><body>go get https://gitlab.com/icbd-group/golang</body></html>

Obviously, the response here is not as expected, the returned repo path is wrong.

So, users will think it's a BUG from GitLab.

Actually, the root cause was that the user did not configure the correct auth information.

Reference config doc: https://docs.gitlab.com/ee/development/go_guide/dependencies.html

Effect after modification

(https://icbd.natapp4.cc is my local GDK environment)

Forwarding https://icbd.natapp4.cc -> 127.0.0.1:3000

when Not Found

go get "icbd.natapp4.cc/gdk-dev/nonexistent"
go: unrecognized import path "icbd.natapp4.cc/gdk-dev/nonexistent": reading https://icbd.natapp4.cc/gdk-dev/nonexistent?go-get=1: 404 Not Found

when Unauthorized

In order to prevent the project from being exposed, no authentication is regarded as not found here.

go get "icbd.natapp4.cc/gdk-dev/sub-group/default_box"
go: unrecognized import path "icbd.natapp4.cc/gdk-dev/sub-group/default_box": reading https://icbd.natapp4.cc/gdk-dev/sub-group/default_box?go-get=1: 404 Not Found

Letting middleware return the HTTP semantic status code will allow users to discover their configuration errors earlier.

/cc JH EM @prajnamas

Edited by Baodong

Merge request reports