BigW Consortium Gitlab

internal.rb 4.46 KB
Newer Older
1
module API
2
  # Internal access API
Dmitriy Zaporozhets committed
3
  class Internal < Grape::API
4
    before { authenticate_by_gitlab_shell_token! }
5

6 7
    helpers ::API::Helpers::InternalHelpers

8
    namespace 'internal' do
9
      # Check if git command is allowed to project
10
      #
11
      # Params:
12 13
      #   key_id - ssh key id for Git over SSH
      #   user_id - user id for Git over HTTP
14
      #   protocol - Git access protocol being used, e.g. HTTP or SSH
15 16
      #   project - project path with namespace
      #   action - git action (git-upload-pack or git-receive-pack)
17
      #   changes - changes as "oldrev newrev ref", see Gitlab::ChangesList
18
      post "/allowed" do
19
        status 200
20

21 22 23
        # Stores some Git-specific env thread-safely
        Gitlab::Git::Env.set(parse_env)

24
        actor =
25 26 27 28 29
          if params[:key_id]
            Key.find_by(id: params[:key_id])
          elsif params[:user_id]
            User.find_by(id: params[:user_id])
          end
30

31 32
        protocol = params[:protocol]

33 34
        actor.update_last_used_at if actor.is_a?(Key)

35 36
        access_checker_klass = wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess
        access_checker = access_checker_klass
37
          .new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities, redirected_path: redirected_path)
38

39
        begin
40
          access_checker.check(params[:action], params[:changes])
41 42 43
        rescue Gitlab::GitAccess::UnauthorizedError, Gitlab::GitAccess::NotFoundError => e
          return { status: false, message: e.message }
        end
44

45
        log_user_activity(actor)
46

47
        {
48 49
          status: true,
          gl_repository: gl_repository,
50 51
          repository_path: repository_path,
          gitaly: gitaly_payload(params[:action])
52
        }
53 54
      end

55 56 57 58
      post "/lfs_authenticate" do
        status 200

        key = Key.find(params[:key_id])
59 60
        key.update_last_used_at

61 62 63 64
        token_handler = Gitlab::LfsToken.new(key)

        {
          username: token_handler.actor_name,
65
          lfs_token: token_handler.token,
66 67 68 69
          repository_http_path: project.http_url_to_repo
        }
      end

70 71 72 73
      get "/merge_request_urls" do
        ::MergeRequests::GetUrlsService.new(project).execute(params[:changes])
      end

74
      #
75
      # Discover user by ssh key or user id
76 77
      #
      get "/discover" do
78 79 80 81 82 83 84
        if params[:key_id]
          key = Key.find(params[:key_id])
          user = key.user
        elsif params[:user_id]
          user = User.find_by(id: params[:user_id])
        end
        present user, with: Entities::UserSafe
85
      end
Dmitriy Zaporozhets committed
86 87 88

      get "/check" do
        {
89
          api_version: API.version,
90
          gitlab_version: Gitlab::VERSION,
91
          gitlab_rev: Gitlab::REVISION
Dmitriy Zaporozhets committed
92 93
        }
      end
94

95 96 97 98 99 100 101 102
      get "/broadcast_messages" do
        if messages = BroadcastMessage.current
          present messages, with: Entities::BroadcastMessage
        else
          []
        end
      end

103
      get "/broadcast_message" do
104
        if message = BroadcastMessage.current&.last
105
          present message, with: Entities::BroadcastMessage
106 107
        else
          {}
108 109
        end
      end
110 111 112 113

      post '/two_factor_recovery_codes' do
        status 200

114 115
        key = Key.find_by(id: params[:key_id])

116 117 118
        if key
          key.update_last_used_at
        else
119 120
          return { 'success' => false, 'message' => 'Could not find the given key' }
        end
121

122
        if key.is_a?(DeployKey)
123 124 125
          return { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' }
        end

126 127 128
        user = key.user

        unless user
129 130 131 132 133 134 135
          return { success: false, message: 'Could not find a user for the given key' }
        end

        unless user.two_factor_enabled?
          return { success: false, message: 'Two-factor authentication is not enabled for this user' }
        end

136 137
        codes = nil

138
        ::Users::UpdateService.new(user).execute! do |user|
139
          codes = user.generate_otp_backup_codes!
140
        end
141

142
        { success: true, recovery_codes: codes }
143
      end
144 145 146 147

      post "/notify_post_receive" do
        status 200

148 149 150 151 152
        # TODO: Re-enable when Gitaly is processing the post-receive notification
        # return unless Gitlab::GitalyClient.enabled?
        #
        # begin
        #   repository = wiki? ? project.wiki.repository : project.repository
153
        #   Gitlab::GitalyClient::NotificationService.new(repository.raw_repository).post_receive
154 155 156
        # rescue GRPC::Unavailable => e
        #   render_api_error!(e, 500)
        # end
157
      end
Dmitriy Zaporozhets committed
158 159 160
    end
  end
end