BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
5309d445
Commit
5309d445
authored
Feb 07, 2018
by
Lin Jen-Shin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Put controller in its separate file
parent
31f1ec59
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
84 additions
and
79 deletions
+84
-79
read_only.rb
lib/gitlab/middleware/read_only.rb
+1
-79
controller.rb
lib/gitlab/middleware/read_only/controller.rb
+83
-0
No files found.
lib/gitlab/middleware/read_only.rb
View file @
5309d445
...
@@ -5,84 +5,6 @@ module Gitlab
...
@@ -5,84 +5,6 @@ module Gitlab
APPLICATION_JSON
=
'application/json'
.
freeze
APPLICATION_JSON
=
'application/json'
.
freeze
API_VERSIONS
=
(
3
..
4
)
API_VERSIONS
=
(
3
..
4
)
class
Controller
def
initialize
(
app
,
env
)
@app
=
app
@env
=
env
end
def
call
if
disallowed_request?
&&
Gitlab
::
Database
.
read_only?
Rails
.
logger
.
debug
(
'GitLab ReadOnly: preventing possible non read-only operation'
)
error_message
=
'You cannot do writing operations on a read-only GitLab instance'
if
json_request?
return
[
403
,
{
'Content-Type'
=>
'application/json'
},
[{
'message'
=>
error_message
}.
to_json
]]
else
rack_flash
.
alert
=
error_message
rack_session
[
'flash'
]
=
rack_flash
.
to_session_value
return
[
301
,
{
'Location'
=>
last_visited_url
},
[]]
end
end
@app
.
call
(
@env
)
end
private
def
disallowed_request?
DISALLOWED_METHODS
.
include?
(
@env
[
'REQUEST_METHOD'
])
&&
!
whitelisted_routes
end
def
json_request?
request
.
media_type
==
APPLICATION_JSON
end
def
rack_flash
@rack_flash
||=
ActionDispatch
::
Flash
::
FlashHash
.
from_session_value
(
rack_session
)
end
def
rack_session
@env
[
'rack.session'
]
end
def
request
@env
[
'rack.request'
]
||=
Rack
::
Request
.
new
(
@env
)
end
def
last_visited_url
@env
[
'HTTP_REFERER'
]
||
rack_session
[
'user_return_to'
]
||
Gitlab
::
Routing
.
url_helpers
.
root_url
end
def
route_hash
@route_hash
||=
Rails
.
application
.
routes
.
recognize_path
(
request
.
url
,
{
method:
request
.
request_method
})
rescue
{}
end
def
whitelisted_routes
grack_route
||
ReadOnly
.
internal_routes
.
any?
{
|
path
|
request
.
path
.
include?
(
path
)
}
||
lfs_route
||
sidekiq_route
end
def
sidekiq_route
request
.
path
.
start_with?
(
'/admin/sidekiq'
)
end
def
grack_route
# Calling route_hash may be expensive. Only do it if we think there's a possible match
return
false
unless
request
.
path
.
end_with?
(
'.git/git-upload-pack'
)
route_hash
[
:controller
]
==
'projects/git_http'
&&
route_hash
[
:action
]
==
'git_upload_pack'
end
def
lfs_route
# Calling route_hash may be expensive. Only do it if we think there's a possible match
return
false
unless
request
.
path
.
end_with?
(
'/info/lfs/objects/batch'
)
route_hash
[
:controller
]
==
'projects/lfs_api'
&&
route_hash
[
:action
]
==
'batch'
end
end
def
self
.
internal_routes
def
self
.
internal_routes
@internal_routes
||=
@internal_routes
||=
API_VERSIONS
.
map
{
|
version
|
"api/v
#{
version
}
/internal"
}
API_VERSIONS
.
map
{
|
version
|
"api/v
#{
version
}
/internal"
}
...
@@ -93,7 +15,7 @@ module Gitlab
...
@@ -93,7 +15,7 @@ module Gitlab
end
end
def
call
(
env
)
def
call
(
env
)
Controller
.
new
(
@app
,
env
).
call
ReadOnly
::
Controller
.
new
(
@app
,
env
).
call
end
end
end
end
end
end
...
...
lib/gitlab/middleware/read_only/controller.rb
0 → 100644
View file @
5309d445
module
Gitlab
module
Middleware
class
ReadOnly
class
Controller
def
initialize
(
app
,
env
)
@app
=
app
@env
=
env
end
def
call
if
disallowed_request?
&&
Gitlab
::
Database
.
read_only?
Rails
.
logger
.
debug
(
'GitLab ReadOnly: preventing possible non read-only operation'
)
error_message
=
'You cannot do writing operations on a read-only GitLab instance'
if
json_request?
return
[
403
,
{
'Content-Type'
=>
'application/json'
},
[{
'message'
=>
error_message
}.
to_json
]]
else
rack_flash
.
alert
=
error_message
rack_session
[
'flash'
]
=
rack_flash
.
to_session_value
return
[
301
,
{
'Location'
=>
last_visited_url
},
[]]
end
end
@app
.
call
(
@env
)
end
private
def
disallowed_request?
DISALLOWED_METHODS
.
include?
(
@env
[
'REQUEST_METHOD'
])
&&
!
whitelisted_routes
end
def
json_request?
request
.
media_type
==
APPLICATION_JSON
end
def
rack_flash
@rack_flash
||=
ActionDispatch
::
Flash
::
FlashHash
.
from_session_value
(
rack_session
)
end
def
rack_session
@env
[
'rack.session'
]
end
def
request
@env
[
'rack.request'
]
||=
Rack
::
Request
.
new
(
@env
)
end
def
last_visited_url
@env
[
'HTTP_REFERER'
]
||
rack_session
[
'user_return_to'
]
||
Gitlab
::
Routing
.
url_helpers
.
root_url
end
def
route_hash
@route_hash
||=
Rails
.
application
.
routes
.
recognize_path
(
request
.
url
,
{
method:
request
.
request_method
})
rescue
{}
end
def
whitelisted_routes
grack_route
||
ReadOnly
.
internal_routes
.
any?
{
|
path
|
request
.
path
.
include?
(
path
)
}
||
lfs_route
||
sidekiq_route
end
def
sidekiq_route
request
.
path
.
start_with?
(
'/admin/sidekiq'
)
end
def
grack_route
# Calling route_hash may be expensive. Only do it if we think there's a possible match
return
false
unless
request
.
path
.
end_with?
(
'.git/git-upload-pack'
)
route_hash
[
:controller
]
==
'projects/git_http'
&&
route_hash
[
:action
]
==
'git_upload_pack'
end
def
lfs_route
# Calling route_hash may be expensive. Only do it if we think there's a possible match
return
false
unless
request
.
path
.
end_with?
(
'/info/lfs/objects/batch'
)
route_hash
[
:controller
]
==
'projects/lfs_api'
&&
route_hash
[
:action
]
==
'batch'
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment