BigW Consortium Gitlab

application_setting.rb 11.9 KB
Newer Older
1
class ApplicationSetting < ActiveRecord::Base
2
  include CacheMarkdownField
3
  include TokenAuthenticatable
4

5
  add_authentication_token_field :runners_registration_token
6
  add_authentication_token_field :health_check_access_token
7

8
  CACHE_KEY = 'application_setting.last'.freeze
9 10 11 12 13 14
  DOMAIN_LIST_SEPARATOR = %r{\s*[,;]\s*     # comma or semicolon, optionally surrounded by whitespace
                            |               # or
                            \s              # any whitespace character
                            |               # or
                            [\r\n]          # any number of newline characters
                          }x
15

16 17 18 19 20 21 22
  serialize :restricted_visibility_levels # rubocop:disable Cop/ActiveRecordSerialize
  serialize :import_sources # rubocop:disable Cop/ActiveRecordSerialize
  serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiveRecordSerialize
  serialize :domain_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize
  serialize :domain_blacklist, Array # rubocop:disable Cop/ActiveRecordSerialize
  serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize
  serialize :sidekiq_throttling_queues, Array # rubocop:disable Cop/ActiveRecordSerialize
23

24 25 26 27 28
  cache_markdown_field :sign_in_text
  cache_markdown_field :help_page_text
  cache_markdown_field :shared_runners_text, pipeline: :plain_markdown
  cache_markdown_field :after_sign_up_text

29
  attr_accessor :domain_whitelist_raw, :domain_blacklist_raw
30

31 32
  validates :uuid, presence: true

33
  validates :session_expire_delay,
34 35
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 0 }
36

37
  validates :home_page_url,
38 39
            allow_blank: true,
            url: true,
40 41 42 43 44 45
            if: :home_page_url_column_exists?

  validates :help_page_support_url,
            allow_blank: true,
            url: true,
            if: :help_page_support_url_column_exists?
46

47
  validates :after_sign_out_path,
48 49
            allow_blank: true,
            url: true
50

51
  validates :admin_notification_email,
52
            email: true,
53
            allow_blank: true
54

55
  validates :two_factor_grace_period,
56 57 58 59 60 61 62 63 64
            numericality: { greater_than_or_equal_to: 0 }

  validates :recaptcha_site_key,
            presence: true,
            if: :recaptcha_enabled

  validates :recaptcha_private_key,
            presence: true,
            if: :recaptcha_enabled
65

Jeroen Nijhof committed
66 67 68 69
  validates :sentry_dsn,
            presence: true,
            if: :sentry_enabled

70 71 72 73
  validates :clientside_sentry_dsn,
            presence: true,
            if: :clientside_sentry_enabled

74 75 76 77
  validates :akismet_api_key,
            presence: true,
            if: :akismet_enabled

78 79 80 81 82 83 84 85 86 87
  validates :unique_ips_limit_per_user,
            numericality: { greater_than_or_equal_to: 1 },
            presence: true,
            if: :unique_ips_limit_enabled

  validates :unique_ips_limit_time_window,
            numericality: { greater_than_or_equal_to: 0 },
            presence: true,
            if: :unique_ips_limit_enabled

88 89 90 91
  validates :koding_url,
            presence: true,
            if: :koding_enabled

92 93 94 95
  validates :plantuml_url,
            presence: true,
            if: :plantuml_enabled

96 97 98 99
  validates :max_attachment_size,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

100 101 102 103
  validates :max_artifacts_size,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

104
  validates :default_artifacts_expire_in, presence: true, duration: true
105

106 107 108 109
  validates :container_registry_token_expire_delay,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

110 111
  validates :repository_storages, presence: true
  validate :check_repository_storages
112

113
  validates :enabled_git_access_protocol,
114
            inclusion: { in: %w(ssh http), allow_blank: true, allow_nil: true }
115

116
  validates :domain_blacklist,
117
            presence: { message: 'Domain blacklist cannot be empty if Blacklist is enabled.' },
118 119
            if: :domain_blacklist_enabled?

120 121 122 123 124 125 126 127 128
  validates :sidekiq_throttling_factor,
            numericality: { greater_than: 0, less_than: 1 },
            presence: { message: 'Throttling factor cannot be empty if Sidekiq Throttling is enabled.' },
            if: :sidekiq_throttling_enabled?

  validates :sidekiq_throttling_queues,
            presence: { message: 'Queues to throttle cannot be empty if Sidekiq Throttling is enabled.' },
            if: :sidekiq_throttling_enabled?

129 130 131 132 133 134 135 136 137 138 139 140
  validates :housekeeping_incremental_repack_period,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

  validates :housekeeping_full_repack_period,
            presence: true,
            numericality: { only_integer: true, greater_than: :housekeeping_incremental_repack_period }

  validates :housekeeping_gc_period,
            presence: true,
            numericality: { only_integer: true, greater_than: :housekeeping_full_repack_period }

141 142 143 144
  validates :terminal_max_session_time,
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 0 }

145 146 147 148
  validates :polling_interval_multiplier,
            presence: true,
            numericality: { greater_than_or_equal_to: 0 }

149
  validates_each :restricted_visibility_levels do |record, attr, value|
150
    value&.each do |level|
151
      unless Gitlab::VisibilityLevel.options.value?(level)
152
        record.errors.add(attr, "'#{level}' is not a valid visibility level")
153 154 155 156
      end
    end
  end

157
  validates_each :import_sources do |record, attr, value|
158
    value&.each do |source|
159
      unless Gitlab::ImportSources.options.value?(source)
160
        record.errors.add(attr, "'#{source}' is not a import source")
161 162 163 164
      end
    end
  end

165
  validates_each :disabled_oauth_sign_in_sources do |record, attr, value|
166 167 168
    value&.each do |source|
      unless Devise.omniauth_providers.include?(source.to_sym)
        record.errors.add(attr, "'#{source}' is not an OAuth sign-in source")
169 170 171 172
      end
    end
  end

173
  before_validation :ensure_uuid!
174
  before_save :ensure_runners_registration_token
175
  before_save :ensure_health_check_access_token
176

177
  after_commit do
178
    Rails.cache.write(CACHE_KEY, self)
179 180
  end

181
  def self.current
182 183
    ensure_cache_setup

184
    Rails.cache.fetch(CACHE_KEY) do
185 186
      ApplicationSetting.last
    end
187
  end
188

189
  def self.expire
190
    Rails.cache.delete(CACHE_KEY)
191 192
  rescue
    # Gracefully handle when Redis is not available. For example,
193
    # omnibus may fail here during gitlab:assets:compile.
194 195
  end

196
  def self.cached
197 198 199
    value = Rails.cache.read(CACHE_KEY)
    ensure_cache_setup if value.present?
    value
200 201
  end

202 203 204 205 206 207
  def self.ensure_cache_setup
    # This is a workaround for a Rails bug that causes attribute methods not
    # to be loaded when read from cache: https://github.com/rails/rails/issues/27348
    ApplicationSetting.define_attribute_methods
  end

208
  def self.defaults
209 210 211 212
    {
      after_sign_up_text: nil,
      akismet_enabled: false,
      container_registry_token_expire_delay: 5,
213
      default_artifacts_expire_in: '30 days',
214 215 216 217
      default_branch_protection: Settings.gitlab['default_branch_protection'],
      default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
      default_projects_limit: Settings.gitlab['default_projects_limit'],
      default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
218
      default_group_visibility: Settings.gitlab.default_projects_features['visibility_level'],
219 220 221 222
      disabled_oauth_sign_in_sources: [],
      domain_whitelist: Settings.gitlab['domain_whitelist'],
      gravatar_enabled: Settings.gravatar['enabled'],
      help_page_text: nil,
223
      help_page_hide_commercial_content: false,
224 225 226
      unique_ips_limit_per_user: 10,
      unique_ips_limit_time_window: 3600,
      unique_ips_limit_enabled: false,
227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251
      housekeeping_bitmaps_enabled: true,
      housekeeping_enabled: true,
      housekeeping_full_repack_period: 50,
      housekeeping_gc_period: 200,
      housekeeping_incremental_repack_period: 10,
      import_sources: Gitlab::ImportSources.values,
      koding_enabled: false,
      koding_url: nil,
      max_artifacts_size: Settings.artifacts['max_size'],
      max_attachment_size: Settings.gitlab['max_attachment_size'],
      plantuml_enabled: false,
      plantuml_url: nil,
      recaptcha_enabled: false,
      repository_checks_enabled: true,
      repository_storages: ['default'],
      require_two_factor_authentication: false,
      restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
      session_expire_delay: Settings.gitlab['session_expire_delay'],
      send_user_confirmation_email: false,
      shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'],
      shared_runners_text: nil,
      sidekiq_throttling_enabled: false,
      sign_in_text: nil,
      signin_enabled: Settings.gitlab['signin_enabled'],
      signup_enabled: Settings.gitlab['signup_enabled'],
252
      terminal_max_session_time: 0,
253
      two_factor_grace_period: 48,
254
      user_default_external: false,
255
      polling_interval_multiplier: 1,
256
      usage_ping_enabled: Settings.gitlab['usage_ping_enabled']
257 258 259
    }
  end

260
  def self.create_from_defaults
261
    create(defaults)
262
  end
263

264 265 266 267 268 269 270 271
  def self.human_attribute_name(attr, _options = {})
    if attr == :default_artifacts_expire_in
      'Default artifacts expiration'
    else
      super
    end
  end

272
  def home_page_url_column_exists?
273 274
    ActiveRecord::Base.connection.column_exists?(:application_settings, :home_page_url)
  end
275

276 277 278 279
  def help_page_support_url_column_exists?
    ActiveRecord::Base.connection.column_exists?(:application_settings, :help_page_support_url)
  end

280 281 282 283
  def sidekiq_throttling_column_exists?
    ActiveRecord::Base.connection.column_exists?(:application_settings, :sidekiq_throttling_enabled)
  end

284
  def domain_whitelist_raw
285
    self.domain_whitelist&.join("\n")
286 287
  end

288
  def domain_blacklist_raw
289
    self.domain_blacklist&.join("\n")
290 291
  end

292 293 294 295 296
  def domain_whitelist_raw=(values)
    self.domain_whitelist = []
    self.domain_whitelist = values.split(DOMAIN_LIST_SEPARATOR)
    self.domain_whitelist.reject! { |d| d.empty? }
    self.domain_whitelist
297
  end
298

299 300
  def domain_blacklist_raw=(values)
    self.domain_blacklist = []
301
    self.domain_blacklist = values.split(DOMAIN_LIST_SEPARATOR)
302
    self.domain_blacklist.reject! { |d| d.empty? }
303
    self.domain_blacklist
304 305 306 307 308 309
  end

  def domain_blacklist_file=(file)
    self.domain_blacklist_raw = file.read
  end

310
  def repository_storages
311
    Array(read_attribute(:repository_storages))
312 313 314 315 316 317 318 319 320 321 322
  end

  # repository_storage is still required in the API. Remove in 9.0
  def repository_storage
    repository_storages.first
  end

  def repository_storage=(value)
    self.repository_storages = [value]
  end

323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338
  def default_project_visibility=(level)
    super(Gitlab::VisibilityLevel.level_value(level))
  end

  def default_snippet_visibility=(level)
    super(Gitlab::VisibilityLevel.level_value(level))
  end

  def default_group_visibility=(level)
    super(Gitlab::VisibilityLevel.level_value(level))
  end

  def restricted_visibility_levels=(levels)
    super(levels.map { |level| Gitlab::VisibilityLevel.level_value(level) })
  end

339 340 341 342 343 344
  # Choose one of the available repository storage options. Currently all have
  # equal weighting.
  def pick_repository_storage
    repository_storages.sample
  end

345 346 347
  def runners_registration_token
    ensure_runners_registration_token!
  end
348 349 350 351

  def health_check_access_token
    ensure_health_check_access_token!
  end
352

353 354 355 356 357 358
  def sidekiq_throttling_enabled?
    return false unless sidekiq_throttling_column_exists?

    sidekiq_throttling_enabled
  end

359 360 361 362 363 364 365 366
  def usage_ping_can_be_configured?
    Settings.gitlab.usage_ping_enabled
  end

  def usage_ping_enabled
    usage_ping_can_be_configured? && super
  end

367 368
  private

369 370 371 372 373 374
  def ensure_uuid!
    return if uuid?

    self.uuid = SecureRandom.uuid
  end

375 376 377 378 379
  def check_repository_storages
    invalid = repository_storages - Gitlab.config.repositories.storages.keys
    errors.add(:repository_storages, "can't include: #{invalid.join(", ")}") unless
      invalid.empty?
  end
380
end