BigW Consortium Gitlab

internal.rb 4.4 KB
Newer Older
1
module API
2
  # Internal access API
Dmitriy Zaporozhets committed
3
  class Internal < Grape::API
4
    before { authenticate_by_gitlab_shell_token! }
5

6 7
    helpers ::API::Helpers::InternalHelpers

8
    namespace 'internal' do
9
      # Check if git command is allowed to project
10
      #
11
      # Params:
12 13
      #   key_id - ssh key id for Git over SSH
      #   user_id - user id for Git over HTTP
14
      #   protocol - Git access protocol being used, e.g. HTTP or SSH
15 16
      #   project - project path with namespace
      #   action - git action (git-upload-pack or git-receive-pack)
17
      #   changes - changes as "oldrev newrev ref", see Gitlab::ChangesList
18
      post "/allowed" do
19
        status 200
20

21 22 23
        # Stores some Git-specific env thread-safely
        Gitlab::Git::Env.set(parse_env)

24
        actor =
25 26 27 28 29
          if params[:key_id]
            Key.find_by(id: params[:key_id])
          elsif params[:user_id]
            User.find_by(id: params[:user_id])
          end
30

31 32
        protocol = params[:protocol]

33 34
        actor.update_last_used_at if actor.is_a?(Key)

35 36
        access_checker_klass = wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess
        access_checker = access_checker_klass
37
          .new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities, redirected_path: redirected_path)
38

39
        begin
40
          access_checker.check(params[:action], params[:changes])
41 42 43
        rescue Gitlab::GitAccess::UnauthorizedError, Gitlab::GitAccess::NotFoundError => e
          return { status: false, message: e.message }
        end
44

45
        log_user_activity(actor)
46

47
        {
48 49 50 51
          status: true,
          gl_repository: gl_repository,
          repository_path: repository_path
        }
52 53
      end

54 55 56 57
      post "/lfs_authenticate" do
        status 200

        key = Key.find(params[:key_id])
58 59
        key.update_last_used_at

60 61 62 63
        token_handler = Gitlab::LfsToken.new(key)

        {
          username: token_handler.actor_name,
64
          lfs_token: token_handler.token,
65 66 67 68
          repository_http_path: project.http_url_to_repo
        }
      end

69 70 71 72
      get "/merge_request_urls" do
        ::MergeRequests::GetUrlsService.new(project).execute(params[:changes])
      end

73
      #
74
      # Discover user by ssh key or user id
75 76
      #
      get "/discover" do
77 78 79 80 81 82 83
        if params[:key_id]
          key = Key.find(params[:key_id])
          user = key.user
        elsif params[:user_id]
          user = User.find_by(id: params[:user_id])
        end
        present user, with: Entities::UserSafe
84
      end
Dmitriy Zaporozhets committed
85 86 87

      get "/check" do
        {
88
          api_version: API.version,
89
          gitlab_version: Gitlab::VERSION,
90
          gitlab_rev: Gitlab::REVISION
Dmitriy Zaporozhets committed
91 92
        }
      end
93

94 95 96 97 98 99 100 101
      get "/broadcast_messages" do
        if messages = BroadcastMessage.current
          present messages, with: Entities::BroadcastMessage
        else
          []
        end
      end

102
      get "/broadcast_message" do
103
        if message = BroadcastMessage.current.last
104
          present message, with: Entities::BroadcastMessage
105 106
        else
          {}
107 108
        end
      end
109 110 111 112

      post '/two_factor_recovery_codes' do
        status 200

113 114
        key = Key.find_by(id: params[:key_id])

115 116 117
        if key
          key.update_last_used_at
        else
118 119
          return { 'success' => false, 'message' => 'Could not find the given key' }
        end
120

121
        if key.is_a?(DeployKey)
122 123 124
          return { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' }
        end

125 126 127
        user = key.user

        unless user
128 129 130 131 132 133 134
          return { success: false, message: 'Could not find a user for the given key' }
        end

        unless user.two_factor_enabled?
          return { success: false, message: 'Two-factor authentication is not enabled for this user' }
        end

135 136
        codes = nil

137
        ::Users::UpdateService.new(user).execute! do |user|
138
          codes = user.generate_otp_backup_codes!
139
        end
140

141
        { success: true, recovery_codes: codes }
142
      end
143 144 145 146

      post "/notify_post_receive" do
        status 200

147 148 149 150 151 152 153 154 155
        # TODO: Re-enable when Gitaly is processing the post-receive notification
        # return unless Gitlab::GitalyClient.enabled?
        #
        # begin
        #   repository = wiki? ? project.wiki.repository : project.repository
        #   Gitlab::GitalyClient::Notifications.new(repository.raw_repository).post_receive
        # rescue GRPC::Unavailable => e
        #   render_api_error!(e, 500)
        # end
156
      end
Dmitriy Zaporozhets committed
157 158 159
    end
  end
end