diff --git a/cmd/symbols/shared/setup.go b/cmd/symbols/shared/setup.go index b7947c6c139..87a47fd42f4 100644 --- a/cmd/symbols/shared/setup.go +++ b/cmd/symbols/shared/setup.go @@ -117,8 +117,8 @@ func loadRockskipConfig(baseConfig env.BaseConfig, ctags types.CtagsConfig, repo LogQueries: baseConfig.GetBool("LOG_QUERIES", "false", "print search queries to stdout"), IndexRequestsQueueSize: baseConfig.GetInt("INDEX_REQUESTS_QUEUE_SIZE", "1000", "how many index requests can be queued at once, at which point new requests will be rejected"), MaxConcurrentlyIndexing: baseConfig.GetInt("ROCKSKIP_MAX_CONCURRENTLY_INDEXING", "4", "maximum number of repositories being indexed at a time (also limits ctags processes)"), - SymbolsCacheSize: baseConfig.GetInt("SYMBOLS_CACHE_SIZE", "100000", "how many tuples of (path, symbol name, int ID) to cache in memory"), - PathSymbolsCacheSize: baseConfig.GetInt("PATH_SYMBOLS_CACHE_SIZE", "10000", "how many sets of symbols for files to cache in memory"), + SymbolsCacheSize: baseConfig.GetInt("SYMBOLS_CACHE_SIZE", "100000", "how many tuples of (path, symbol name, int ID) to cache in memory while indexing a specific repo"), + PathSymbolsCacheSize: baseConfig.GetInt("PATH_SYMBOLS_CACHE_SIZE", "10000", "how many sets of symbols for files to cache in memory while indexing a specific repo"), SearchLastIndexedCommit: baseConfig.GetBool("SEARCH_LAST_INDEXED_COMMIT", "false", "falls back to searching the most recently indexed commit if the requested commit is not indexed"), } } diff --git a/internal/symbols/BUILD.bazel b/internal/symbols/BUILD.bazel index 72bbe0c1ef8..a638c20f70e 100644 --- a/internal/symbols/BUILD.bazel +++ b/internal/symbols/BUILD.bazel @@ -17,7 +17,6 @@ go_library( "//internal/conf/conftypes", "//internal/endpoint", "//internal/grpc/defaults", - "//internal/limiter", "//internal/search", "//internal/search/result", "//internal/symbols/v1:symbols", diff --git a/internal/symbols/client.go b/internal/symbols/client.go index 23f97f37bac..3b8138c4028 100644 --- a/internal/symbols/client.go +++ b/internal/symbols/client.go @@ -15,7 +15,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/conf/conftypes" "github.com/sourcegraph/sourcegraph/internal/endpoint" "github.com/sourcegraph/sourcegraph/internal/grpc/defaults" - "github.com/sourcegraph/sourcegraph/internal/limiter" "github.com/sourcegraph/sourcegraph/internal/search" "github.com/sourcegraph/sourcegraph/internal/search/result" proto "github.com/sourcegraph/sourcegraph/internal/symbols/v1" @@ -34,7 +33,6 @@ func LoadConfig() { DefaultClient = &Client{ Endpoints: defaultEndpoints(), GRPCConnectionCache: defaults.NewConnectionCache(log.Scoped("symbolsConnectionCache")), - HTTPLimiter: limiter.New(500), SubRepoPermsChecker: func() authz.SubRepoPermissionChecker { return authz.DefaultSubRepoPermsChecker }, } } @@ -50,9 +48,6 @@ type Client struct { GRPCConnectionCache *defaults.ConnectionCache - // Limits concurrency of outstanding HTTP posts - HTTPLimiter limiter.Limiter - // SubRepoPermsChecker is function to return the checker to use. It needs to be a // function since we expect the client to be set at runtime once we have a // database connection. @@ -192,26 +187,11 @@ func (c *Client) SymbolInfo(ctx context.Context, args types.RepoCommitPathPoint) } // 🚨 SECURITY: We have a valid result, so we need to apply sub-repo permissions filtering. - if c.SubRepoPermsChecker == nil { - return result, err - } - - checker := c.SubRepoPermsChecker() - if !authz.SubRepoEnabled(checker) { - return result, err - } - - a := actor.FromContext(ctx) - // Filter in place - rc := authz.RepoContent{ - Repo: api.RepoName(args.Repo), - Path: args.Path, - } - perm, err := authz.ActorPermissions(ctx, checker, a, rc) + ok, err := authz.FilterActorPath(ctx, c.SubRepoPermsChecker(), actor.FromContext(ctx), api.RepoName(args.Repo), args.Path) if err != nil { return nil, errors.Wrap(err, "checking sub-repo permissions") } - if !perm.Include(authz.Read) { + if !ok { return nil, nil }