debian-mirror-gitlab/lib/gitlab/workhorse.rb

312 lines
9 KiB
Ruby
Raw Normal View History

2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
2016-04-02 18:10:28 +05:30
require 'base64'
require 'json'
2016-09-29 09:46:39 +05:30
require 'securerandom'
2017-08-17 22:00:37 +05:30
require 'uri'
2016-04-02 18:10:28 +05:30
module Gitlab
class Workhorse
2019-12-04 20:38:33 +05:30
SEND_DATA_HEADER = 'Gitlab-Workhorse-Send-Data'
2021-12-11 22:18:48 +05:30
SEND_DEPENDENCY_CONTENT_TYPE_HEADER = 'Workhorse-Proxy-Content-Type'
2019-12-04 20:38:33 +05:30
VERSION_FILE = 'GITLAB_WORKHORSE_VERSION'
INTERNAL_API_CONTENT_TYPE = 'application/vnd.gitlab-workhorse+json'
INTERNAL_API_REQUEST_HEADER = 'Gitlab-Workhorse-Api-Request'
2022-10-11 01:57:18 +05:30
NOTIFICATION_PREFIX = 'workhorse:notifications:'
2018-03-27 19:54:05 +05:30
ALLOWED_GIT_HTTP_ACTIONS = %w[git_receive_pack git_upload_pack info_refs].freeze
2019-12-04 20:38:33 +05:30
DETECT_HEADER = 'Gitlab-Workhorse-Detect-Content-Type'
2019-12-26 22:10:19 +05:30
ARCHIVE_FORMATS = %w(zip tar.gz tar.bz2 tar).freeze
2016-09-29 09:46:39 +05:30
2019-12-04 20:38:33 +05:30
include JwtAuthenticatable
2016-06-02 11:05:42 +05:30
2016-04-02 18:10:28 +05:30
class << self
2019-07-07 11:18:12 +05:30
def git_http_ok(repository, repo_type, user, action, show_all_refs: false)
2018-03-27 19:54:05 +05:30
raise "Unsupported action: #{action}" unless ALLOWED_GIT_HTTP_ACTIONS.include?(action.to_s)
2018-11-20 20:47:30 +05:30
attrs = {
2016-09-29 09:46:39 +05:30
GL_ID: Gitlab::GlId.gl_id(user),
2020-04-08 14:13:33 +05:30
GL_REPOSITORY: repo_type.identifier_for_container(repository.container),
2018-03-17 18:26:18 +05:30
GL_USERNAME: user&.username,
2018-05-09 12:01:36 +05:30
ShowAllRefs: show_all_refs,
Repository: repository.gitaly_repository.to_h,
2018-11-20 20:47:30 +05:30
GitConfigOptions: [],
2018-05-09 12:01:36 +05:30
GitalyServer: {
2020-03-13 15:44:24 +05:30
address: Gitlab::GitalyClient.address(repository.storage),
token: Gitlab::GitalyClient.token(repository.storage),
2023-01-13 00:05:48 +05:30
features: Feature::Gitaly.server_feature_flags(
user: ::Feature::Gitaly.user_actor(user),
repository: repository,
project: ::Feature::Gitaly.project_actor(repository.container),
group: ::Feature::Gitaly.group_actor(repository.container)
)
2018-05-09 12:01:36 +05:30
}
2016-09-29 09:46:39 +05:30
}
2018-11-20 20:47:30 +05:30
# Custom option for git-receive-pack command
receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
if receive_max_input_size > 0
attrs[:GitConfigOptions] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
end
attrs
2016-09-29 09:46:39 +05:30
end
2016-04-02 18:10:28 +05:30
def send_git_blob(repository, blob)
2018-11-18 11:00:15 +05:30
params = {
'GitalyServer' => gitaly_server_hash(repository),
'GetBlobRequest' => {
repository: repository.gitaly_repository.to_h,
oid: blob.id,
limit: -1
}
}
2016-04-02 18:10:28 +05:30
[
2016-06-02 11:05:42 +05:30
SEND_DATA_HEADER,
"git-blob:#{encode(params)}"
2016-04-02 18:10:28 +05:30
]
end
2016-06-02 11:05:42 +05:30
2019-07-31 22:56:46 +05:30
def send_git_archive(repository, ref:, format:, append_sha:, path: nil)
2016-06-02 11:05:42 +05:30
format ||= 'tar.gz'
2018-12-13 13:39:08 +05:30
format = format.downcase
2016-06-02 11:05:42 +05:30
2019-07-31 22:56:46 +05:30
metadata = repository.archive_metadata(
ref,
Gitlab.config.gitlab.repository_downloads_path,
format,
append_sha: append_sha,
path: path
)
2018-03-17 18:26:18 +05:30
2019-07-31 22:56:46 +05:30
raise "Repository or ref not found" if metadata.empty?
2020-05-24 23:13:21 +05:30
params = send_git_archive_params(repository, metadata, path, archive_format(format))
2019-07-31 22:56:46 +05:30
# If present, DisableCache must be a Boolean. Otherwise
# workhorse ignores it.
2018-03-17 18:26:18 +05:30
params['DisableCache'] = true if git_archive_cache_disabled?
2019-07-31 22:56:46 +05:30
params['GitalyServer'] = gitaly_server_hash(repository)
2018-03-17 18:26:18 +05:30
2016-06-02 11:05:42 +05:30
[
SEND_DATA_HEADER,
"git-archive:#{encode(params)}"
2016-06-02 11:05:42 +05:30
]
end
2018-05-09 12:01:36 +05:30
def send_git_snapshot(repository)
params = {
'GitalyServer' => gitaly_server_hash(repository),
'GetSnapshotRequest' => Gitaly::GetSnapshotRequest.new(
repository: repository.gitaly_repository
).to_json
}
[
SEND_DATA_HEADER,
"git-snapshot:#{encode(params)}"
]
end
def send_git_diff(repository, diff_refs)
2018-11-18 11:00:15 +05:30
params = {
'GitalyServer' => gitaly_server_hash(repository),
'RawDiffRequest' => Gitaly::RawDiffRequest.new(
gitaly_diff_or_patch_hash(repository, diff_refs)
).to_json
}
[
SEND_DATA_HEADER,
"git-diff:#{encode(params)}"
]
end
2016-08-24 12:49:21 +05:30
def send_git_patch(repository, diff_refs)
2018-11-18 11:00:15 +05:30
params = {
'GitalyServer' => gitaly_server_hash(repository),
'RawPatchRequest' => Gitaly::RawPatchRequest.new(
gitaly_diff_or_patch_hash(repository, diff_refs)
).to_json
}
2016-08-24 12:49:21 +05:30
[
SEND_DATA_HEADER,
"git-format-patch:#{encode(params)}"
]
end
2020-05-24 23:13:21 +05:30
def send_artifacts_entry(file, entry)
2018-03-17 18:26:18 +05:30
archive = file.file_storage? ? file.path : file.url
2016-08-24 12:49:21 +05:30
params = {
2018-03-17 18:26:18 +05:30
'Archive' => archive,
'Entry' => Base64.encode64(entry.to_s)
2016-08-24 12:49:21 +05:30
}
[
SEND_DATA_HEADER,
"artifacts-entry:#{encode(params)}"
]
end
2018-03-17 18:26:18 +05:30
def send_url(url, allow_redirects: false)
params = {
'URL' => url,
'AllowRedirects' => allow_redirects
}
[
SEND_DATA_HEADER,
"send-url:#{encode(params)}"
]
end
2020-11-24 15:15:51 +05:30
def send_scaled_image(location, width, content_type)
2020-10-24 23:57:45 +05:30
params = {
'Location' => location,
2020-11-24 15:15:51 +05:30
'Width' => width,
'ContentType' => content_type
2020-10-24 23:57:45 +05:30
}
[
SEND_DATA_HEADER,
"send-scaled-img:#{encode(params)}"
]
end
2021-12-11 22:18:48 +05:30
def send_dependency(headers, url)
2021-11-18 22:05:49 +05:30
params = {
2021-12-11 22:18:48 +05:30
'Header' => headers,
2021-11-18 22:05:49 +05:30
'Url' => url
}
[
SEND_DATA_HEADER,
"send-dependency:#{encode(params)}"
]
end
2019-07-07 11:18:12 +05:30
def channel_websocket(channel)
2017-08-17 22:00:37 +05:30
details = {
2019-07-07 11:18:12 +05:30
'Channel' => {
'Subprotocols' => channel[:subprotocols],
'Url' => channel[:url],
'Header' => channel[:headers],
'MaxSessionTime' => channel[:max_session_time]
2017-08-17 22:00:37 +05:30
}
}
2019-07-07 11:18:12 +05:30
details['Channel']['CAPem'] = channel[:ca_pem] if channel.key?(:ca_pem)
2017-08-17 22:00:37 +05:30
details
end
2016-09-13 17:45:13 +05:30
def version
path = Rails.root.join(VERSION_FILE)
path.readable? ? path.read.chomp : 'unknown'
end
2016-09-29 09:46:39 +05:30
def verify_api_request!(request_headers)
2022-03-02 08:16:31 +05:30
decode_jwt_with_issuer(request_headers[INTERNAL_API_REQUEST_HEADER])
2017-08-17 22:00:37 +05:30
end
2022-03-02 08:16:31 +05:30
def decode_jwt_with_issuer(encoded_message)
decode_jwt(encoded_message, issuer: 'gitlab-workhorse')
2016-09-29 09:46:39 +05:30
end
def secret_path
2017-08-17 22:00:37 +05:30
Gitlab.config.workhorse.secret_file
end
def set_key_and_notify(key, value, expire: nil, overwrite: true)
2019-10-12 21:52:04 +05:30
Gitlab::Redis::SharedState.with do |redis|
2017-08-17 22:00:37 +05:30
result = redis.set(key, value, ex: expire, nx: !overwrite)
if result
2022-10-11 01:57:18 +05:30
redis.publish(NOTIFICATION_PREFIX + key, value)
2017-08-17 22:00:37 +05:30
value
else
redis.get(key)
end
end
2016-09-29 09:46:39 +05:30
end
2016-11-03 12:29:30 +05:30
2022-07-16 23:28:13 +05:30
def detect_content_type
[
Gitlab::Workhorse::DETECT_HEADER,
'true'
]
end
2016-06-02 11:05:42 +05:30
protected
2019-07-31 22:56:46 +05:30
# This is the outermost encoding of a senddata: header. It is safe for
# inclusion in HTTP response headers
2016-06-02 11:05:42 +05:30
def encode(hash)
2020-05-24 23:13:21 +05:30
Base64.urlsafe_encode64(Gitlab::Json.dump(hash))
2016-06-02 11:05:42 +05:30
end
2017-09-10 17:25:29 +05:30
2019-07-31 22:56:46 +05:30
# This is for encoding individual fields inside the senddata JSON that
# contain binary data. In workhorse, the corresponding struct field should
# be type []byte
def encode_binary(binary)
Base64.encode64(binary)
end
2017-09-10 17:25:29 +05:30
def gitaly_server_hash(repository)
{
2020-07-28 23:09:34 +05:30
address: Gitlab::GitalyClient.address(repository.shard),
token: Gitlab::GitalyClient.token(repository.shard),
2023-01-13 00:05:48 +05:30
features: Feature::Gitaly.server_feature_flags(
user: ::Feature::Gitaly.user_actor,
repository: repository,
project: ::Feature::Gitaly.project_actor(repository.container),
group: ::Feature::Gitaly.group_actor(repository.container)
)
2017-09-10 17:25:29 +05:30
}
end
2018-03-17 18:26:18 +05:30
def gitaly_diff_or_patch_hash(repository, diff_refs)
{
repository: repository.gitaly_repository,
left_commit_id: diff_refs.base_sha,
right_commit_id: diff_refs.head_sha
}
end
def git_archive_cache_disabled?
ENV['WORKHORSE_ARCHIVE_CACHE_DISABLED'].present? || Feature.enabled?(:workhorse_archive_cache_disabled)
end
2019-07-31 22:56:46 +05:30
def archive_format(format)
case format
when "tar.bz2", "tbz", "tbz2", "tb2", "bz2"
Gitaly::GetArchiveRequest::Format::TAR_BZ2
when "tar"
Gitaly::GetArchiveRequest::Format::TAR
when "zip"
Gitaly::GetArchiveRequest::Format::ZIP
else
Gitaly::GetArchiveRequest::Format::TAR_GZ
end
end
def send_git_archive_params(repository, metadata, path, format)
{
'ArchivePath' => metadata['ArchivePath'],
'GetArchiveRequest' => encode_binary(
Gitaly::GetArchiveRequest.new(
repository: repository.gitaly_repository,
commit_id: metadata['CommitId'],
prefix: metadata['ArchivePrefix'],
format: format,
2021-01-03 14:25:43 +05:30
path: path.presence || "",
2021-09-04 01:27:46 +05:30
include_lfs_blobs: true
2019-07-31 22:56:46 +05:30
).to_proto
)
}
end
2016-04-02 18:10:28 +05:30
end
end
end