debian-mirror-gitlab/lib/api/ci/secure_files.rb

# frozen_string_literal: true

module API
  module Ci
    class SecureFiles < ::API::Base
      include PaginationParams

      before do
        authenticate!
        feature_flag_enabled?
        authorize! :read_secure_files, user_project
      end

      feature_category :pipeline_authoring

      default_format :json

      params do
        requires :id, types: [String, Integer], desc: 'The ID or URL-encoded path of the project'
      end

      resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
        desc 'List all Secure Files for a Project'
        params do
          use :pagination
        end
        route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
        get ':id/secure_files' do
          secure_files = user_project.secure_files.order_by_created_at
          present paginate(secure_files), with: Entities::Ci::SecureFile
        end

        desc 'Get an individual Secure File'
        params do
          requires :id, type: Integer, desc: 'The Secure File ID'
        end

        route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
        get ':id/secure_files/:secure_file_id' do
          secure_file = user_project.secure_files.find(params[:secure_file_id])
          present secure_file, with: Entities::Ci::SecureFile
        end

        desc 'Download a Secure File'
        route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
        get ':id/secure_files/:secure_file_id/download' do
          secure_file = user_project.secure_files.find(params[:secure_file_id])

          content_type 'application/octet-stream'
          env['api.format'] = :binary
          header['Content-Disposition'] = "attachment; filename=#{secure_file.name}"
          body secure_file.file.read
        end

        resource do
          before do
            read_only_feature_flag_enabled?
            authorize! :admin_secure_files, user_project
          end

          desc 'Upload a Secure File'
          params do
            requires :name, type: String, desc: 'The name of the file'
            requires :file, types: [Rack::Multipart::UploadedFile, ::API::Validations::Types::WorkhorseFile], desc: 'The secure file to be uploaded', documentation: { type: 'file' }
          end
          route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
          post ':id/secure_files' do
            secure_file = user_project.secure_files.new(
              name: Gitlab::Utils.check_path_traversal!(params[:name])
            )

            secure_file.file = params[:file]

            file_too_large! unless secure_file.file.size < ::Ci::SecureFile::FILE_SIZE_LIMIT.to_i

            if secure_file.save
              if Feature.enabled?(:secure_files_metadata_parsers, user_project)
                ::Ci::ParseSecureFileMetadataWorker.perform_async(secure_file.id) # rubocop:disable CodeReuse/Worker
              end

              present secure_file, with: Entities::Ci::SecureFile
            else
              render_validation_error!(secure_file)
            end
          end

          desc 'Delete an individual Secure File'
          route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
          delete ':id/secure_files/:secure_file_id' do
            secure_file = user_project.secure_files.find(params[:secure_file_id])

            ::Ci::DestroySecureFileService.new(user_project, current_user).execute(secure_file)

            no_content!
          end
        end
      end

      helpers do
        def feature_flag_enabled?
          service_unavailable! unless Feature.enabled?(:ci_secure_files, user_project)
        end

        def read_only_feature_flag_enabled?
          service_unavailable! if Feature.enabled?(:ci_secure_files_read_only, user_project, type: :ops)
        end
      end
    end
  end
end
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`# frozen_string_literal: true`

			`module API`
			`module Ci`
			`class SecureFiles < ::API::Base`
			`include PaginationParams`

			`before do`
			`authenticate!`
			`feature_flag_enabled?`
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`authorize! :read_secure_files, user_project`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`end`

			`feature_category :pipeline_authoring`

			`default_format :json`

			`params do`
New upstream version 15.6.4+ds1 2023-01-13 00:05:48 +05:30			`requires :id, types: [String, Integer], desc: 'The ID or URL-encoded path of the project'`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`end`

			`resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do`
			`desc 'List all Secure Files for a Project'`
			`params do`
			`use :pagination`
			`end`
			`route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true`
			`get ':id/secure_files' do`
New upstream version 15.1.3+ds1 2022-07-23 23:45:48 +05:30			`secure_files = user_project.secure_files.order_by_created_at`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`present paginate(secure_files), with: Entities::Ci::SecureFile`
			`end`

			`desc 'Get an individual Secure File'`
			`params do`
			`requires :id, type: Integer, desc: 'The Secure File ID'`
			`end`

			`route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true`
			`get ':id/secure_files/:secure_file_id' do`
			`secure_file = user_project.secure_files.find(params[:secure_file_id])`
			`present secure_file, with: Entities::Ci::SecureFile`
			`end`

			`desc 'Download a Secure File'`
			`route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true`
			`get ':id/secure_files/:secure_file_id/download' do`
			`secure_file = user_project.secure_files.find(params[:secure_file_id])`

			`content_type 'application/octet-stream'`
			`env['api.format'] = :binary`
			`header['Content-Disposition'] = "attachment; filename=#{secure_file.name}"`
			`body secure_file.file.read`
			`end`

New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`resource do`
			`before do`
New upstream version 14.10.4+ds1 2022-06-21 17:19:12 +05:30			`read_only_feature_flag_enabled?`
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`authorize! :admin_secure_files, user_project`
			`end`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`desc 'Upload a Secure File'`
			`params do`
			`requires :name, type: String, desc: 'The name of the file'`
New upstream version 15.6.4+ds1 2023-01-13 00:05:48 +05:30			`requires :file, types: [Rack::Multipart::UploadedFile, ::API::Validations::Types::WorkhorseFile], desc: 'The secure file to be uploaded', documentation: { type: 'file' }`
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`end`
			`route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true`
			`post ':id/secure_files' do`
			`secure_file = user_project.secure_files.new(`
New upstream version 15.5.4+ds1 2022-11-25 23:54:43 +05:30			`name: Gitlab::Utils.check_path_traversal!(params[:name])`
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`)`

			`secure_file.file = params[:file]`

			`file_too_large! unless secure_file.file.size < ::Ci::SecureFile::FILE_SIZE_LIMIT.to_i`

			`if secure_file.save`
New upstream version 15.5.4+ds1 2022-11-25 23:54:43 +05:30			`if Feature.enabled?(:secure_files_metadata_parsers, user_project)`
			`::Ci::ParseSecureFileMetadataWorker.perform_async(secure_file.id) # rubocop:disable CodeReuse/Worker`
			`end`

New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`present secure_file, with: Entities::Ci::SecureFile`
			`else`
			`render_validation_error!(secure_file)`
			`end`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`end`

New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`desc 'Delete an individual Secure File'`
			`route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true`
			`delete ':id/secure_files/:secure_file_id' do`
			`secure_file = user_project.secure_files.find(params[:secure_file_id])`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`::Ci::DestroySecureFileService.new(user_project, current_user).execute(secure_file)`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`no_content!`
			`end`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`end`
			`end`

			`helpers do`
			`def feature_flag_enabled?`
New upstream version 15.0.4+ds1 2022-07-16 23:28:13 +05:30			`service_unavailable! unless Feature.enabled?(:ci_secure_files, user_project)`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`end`
New upstream version 14.10.4+ds1 2022-06-21 17:19:12 +05:30
			`def read_only_feature_flag_enabled?`
New upstream version 15.0.4+ds1 2022-07-16 23:28:13 +05:30			`service_unavailable! if Feature.enabled?(:ci_secure_files_read_only, user_project, type: :ops)`
New upstream version 14.10.4+ds1 2022-06-21 17:19:12 +05:30			`end`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`end`
			`end`
			`end`
			`end`