Allow serving zip from disk in chroot

This is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101
where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled
To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561

Changelog: fixed

4 files changed, 54 insertions, 7 deletions

diff --git a/internal/config/config.go b/internal/config/config.go
index 0842a195..6de66bcf 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -146,6 +146,10 @@ type ZipServing struct {
 	RefreshInterval    time.Duration
 	OpenTimeout        time.Duration
 	AllowedPaths       []string
+	// TODO: this is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101
+	// where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled
+	// To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561
+	ChrootPath string
 }
 
 func gitlabServerFromFlags() string {
@@ -329,6 +333,14 @@ func loadConfig() *Config {
 		setGitLabAPISecretKey(*gitLabAPISecretKey, config)
 	}
 
+	// TODO: this is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101
+	// where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled
+	// To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561
+	if config.Daemon.InplaceChroot {
+		config.Zip.ChrootPath = *pagesRoot
+		config.Zip.AllowedPaths = append(config.Zip.AllowedPaths, "/")
+	}
+
 	validateConfig(config)
 
 	return config
diff --git a/internal/httpfs/http_fs.go b/internal/httpfs/http_fs.go
index cd2edb83..1ce90057 100644
--- a/internal/httpfs/http_fs.go
+++ b/internal/httpfs/http_fs.go
@@ -55,6 +55,13 @@ func (p *fileSystemPaths) Open(name string) (http.File, error) {
 		return nil, err
 	}
 	for _, allowedPath := range p.allowedPaths {
+		// TODO: this is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101
+		// where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled
+		// To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561
+		if allowedPath == "/" {
+			return os.Open(absPath)
+		}
+
 		if strings.HasPrefix(absPath, allowedPath+"/") {
 			return os.Open(absPath)
 		}
diff --git a/internal/vfs/zip/vfs.go b/internal/vfs/zip/vfs.go
index b69522f9..fc83fca2 100644
--- a/internal/vfs/zip/vfs.go
+++ b/internal/vfs/zip/vfs.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"net/http"
 	"net/url"
+	"strings"
 	"sync"
 	"time"
 
@@ -50,6 +51,11 @@ type zipVFS struct {
 
 	archiveCount int64
 	httpClient   *http.Client
+
+	// TODO: this is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101
+	// where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled
+	// To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561
+	chrootPath string
 }
 
 // New creates a zipVFS instance that can be used by a serving request
@@ -93,6 +99,7 @@ func (fs *zipVFS) Reconfigure(cfg *config.Config) error {
 	fs.cacheExpirationInterval = cfg.Zip.ExpirationInterval
 	fs.cacheRefreshInterval = cfg.Zip.RefreshInterval
 	fs.cacheCleanupInterval = cfg.Zip.CleanupInterval
+	fs.chrootPath = cfg.Zip.ChrootPath
 
 	if err := fs.reconfigureTransport(cfg); err != nil {
 		return err
@@ -239,10 +246,21 @@ func (fs *zipVFS) findOrOpenArchive(ctx context.Context, key, path string) (*zip
 		return nil, err
 	}
 
-	err = zipArchive.openArchive(ctx, path)
+	err = zipArchive.openArchive(ctx, fs.removeChrootPath(path))
 	if err != nil {
 		return nil, err
 	}
 
 	return zipArchive, nil
 }
+
+// TODO: this is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101
+// where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled
+// To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561
+func (fs *zipVFS) removeChrootPath(path string) string {
+	if fs.chrootPath == "" || strings.HasPrefix(path, "http") {
+		return path
+	}
+
+	return strings.ReplaceAll(path, fs.chrootPath, "")
+}
diff --git a/test/acceptance/zip_test.go b/test/acceptance/zip_test.go
index a7e82d27..008ccc4b 100644
--- a/test/acceptance/zip_test.go
+++ b/test/acceptance/zip_test.go
@@ -107,8 +107,6 @@ func TestZipServing(t *testing.T) {
 }
 
 func TestZipServingFromDisk(t *testing.T) {
-	skipUnlessEnabled(t, "not-inplace-chroot")
-
 	chdir := false
 	defer testhelpers.ChdirInPath(t, "../../shared/pages", &chdir)()
 
@@ -185,10 +183,22 @@ func TestZipServingFromDisk(t *testing.T) {
 			expectedContent:    "The page you're looking for could not be found",
 		},
 		"file_not_allowed_in_path": {
-			host:               "zip-not-allowed-path.gitlab.io",
-			urlSuffix:          "/",
-			expectedStatusCode: http.StatusInternalServerError,
-			expectedContent:    "Whoops, something went wrong on our end.",
+			host:      "zip-not-allowed-path.gitlab.io",
+			urlSuffix: "/",
+			expectedStatusCode: func() int {
+				if os.Getenv("TEST_DAEMONIZE") == "inplace" {
+					return http.StatusNotFound
+				}
+
+				return http.StatusInternalServerError
+			}(),
+			expectedContent: func() string {
+				if os.Getenv("TEST_DAEMONIZE") == "inplace" {
+					return "The page you're looking for could not be found"
+				}
+
+				return "Whoops, something went wrong on our end."
+			}(),
 		},
 	}