debian-mirror-gitlab/app/controllers/repositories/lfs_api_controller.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

189 lines
5 KiB
Ruby
Raw Normal View History

2020-03-13 15:44:24 +05:30
# frozen_string_literal: true
module Repositories
class LfsApiController < Repositories::GitHttpClientController
include LfsRequest
include Gitlab::Utils::StrongMemoize
LFS_TRANSFER_CONTENT_TYPE = 'application/octet-stream'
skip_before_action :lfs_check_access!, only: [:deprecated]
before_action :lfs_check_batch_operation!, only: [:batch]
2021-10-27 15:23:28 +05:30
# added here as a part of the refactor, will be removed
# https://gitlab.com/gitlab-org/gitlab/-/issues/328692
delegate :deploy_token, :user, to: :authentication_result, allow_nil: true
2021-12-11 22:18:48 +05:30
urgency :medium, [:batch]
2021-10-27 15:23:28 +05:30
2020-03-13 15:44:24 +05:30
def batch
unless objects.present?
render_lfs_not_found
return
end
if download_request?
2021-01-29 00:20:46 +05:30
render json: { objects: download_objects! }, content_type: LfsRequest::CONTENT_TYPE
2020-03-13 15:44:24 +05:30
elsif upload_request?
2021-01-29 00:20:46 +05:30
render json: { objects: upload_objects! }, content_type: LfsRequest::CONTENT_TYPE
2020-03-13 15:44:24 +05:30
else
raise "Never reached"
end
end
def deprecated
render(
json: {
message: _('Server supports batch API only, please update your Git LFS client to version 1.0.1 and up.'),
documentation_url: "#{Gitlab.config.gitlab.url}/help"
},
2021-01-29 00:20:46 +05:30
content_type: LfsRequest::CONTENT_TYPE,
2020-03-13 15:44:24 +05:30
status: :not_implemented
)
end
private
def download_request?
params[:operation] == 'download'
end
def upload_request?
params[:operation] == 'upload'
end
def download_objects!
2020-11-24 15:15:51 +05:30
existing_oids = project.lfs_objects_oids(oids: objects_oids)
2020-04-08 14:13:33 +05:30
2020-03-13 15:44:24 +05:30
objects.each do |object|
if existing_oids.include?(object[:oid])
object[:actions] = download_actions(object)
if Guest.can?(:download_code, project)
object[:authenticated] = true
end
else
object[:error] = {
code: 404,
message: _("Object does not exist on the server or you don't have permissions to access it")
}
end
end
2020-04-08 14:13:33 +05:30
2020-03-13 15:44:24 +05:30
objects
end
def upload_objects!
2020-04-08 14:13:33 +05:30
existing_oids = project.lfs_objects_oids(oids: objects_oids)
2020-03-13 15:44:24 +05:30
objects.each do |object|
2022-01-26 12:08:38 +05:30
next if existing_oids.include?(object[:oid])
next if should_auto_link? && oids_from_fork.include?(object[:oid]) && link_to_project!(object)
object[:actions] = upload_actions(object)
2020-03-13 15:44:24 +05:30
end
2020-04-08 14:13:33 +05:30
2020-03-13 15:44:24 +05:30
objects
end
def download_actions(object)
{
download: {
href: "#{project.http_url_to_repo}/gitlab-lfs/objects/#{object[:oid]}",
header: {
Authorization: authorization_header
}.compact
}
}
end
def upload_actions(object)
{
upload: {
2021-02-22 17:27:13 +05:30
href: "#{upload_http_url_to_repo}/gitlab-lfs/objects/#{object[:oid]}/#{object[:size]}",
header: upload_headers
2020-03-13 15:44:24 +05:30
}
}
end
2021-02-22 17:27:13 +05:30
# Overridden in EE
def upload_http_url_to_repo
project.http_url_to_repo
end
def upload_headers
2021-03-08 18:12:59 +05:30
{
2021-02-22 17:27:13 +05:30
Authorization: authorization_header,
# git-lfs v2.5.0 sets the Content-Type based on the uploaded file. This
# ensures that Workhorse can intercept the request.
2021-03-08 18:12:59 +05:30
'Content-Type': LFS_TRANSFER_CONTENT_TYPE,
'Transfer-Encoding': 'chunked'
2021-02-22 17:27:13 +05:30
}
end
2020-03-13 15:44:24 +05:30
def lfs_check_batch_operation!
if batch_operation_disallowed?
render(
json: {
message: lfs_read_only_message
},
content_type: LfsRequest::CONTENT_TYPE,
status: :forbidden
)
end
end
# Overridden in EE
def batch_operation_disallowed?
upload_request? && Gitlab::Database.read_only?
end
# Overridden in EE
def lfs_read_only_message
_('You cannot write to this read-only GitLab instance.')
end
def authorization_header
strong_memoize(:authorization_header) do
lfs_auth_header || request.headers['Authorization']
end
end
def lfs_auth_header
2021-10-27 15:23:28 +05:30
return unless user
2020-03-13 15:44:24 +05:30
Gitlab::LfsToken.new(user).basic_encoding
end
2022-01-26 12:08:38 +05:30
def should_auto_link?
return false unless project.forked?
# Sanity check in case for some reason the user doesn't have access to the parent
can?(user, :download_code, project.fork_source)
end
def oids_from_fork
@oids_from_fork ||= project.lfs_objects_oids_from_fork_source(oids: objects_oids)
end
def link_to_project!(object)
lfs_object = LfsObject.for_oid_and_size(object[:oid], object[:size])
return unless lfs_object
LfsObjectsProject.link_to_project!(lfs_object, project)
2023-05-27 22:25:52 +05:30
Gitlab::AppJsonLogger.info(
message: "LFS object auto-linked to forked project",
lfs_object_oid: lfs_object.oid,
lfs_object_size: lfs_object.size,
source_project_id: project.fork_source.id,
source_project_path: project.fork_source.full_path,
target_project_id: project.project_id,
target_project_path: project.full_path
)
2022-01-26 12:08:38 +05:30
end
2020-03-13 15:44:24 +05:30
end
end
2021-06-08 01:23:25 +05:30
Repositories::LfsApiController.prepend_mod_with('Repositories::LfsApiController')