debian-mirror-gitlab/lib/api/ci/secure_files.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

122 lines
4.4 KiB
Ruby
Raw Normal View History

2022-04-04 11:22:00 +05:30
# frozen_string_literal: true
module API
module Ci
class SecureFiles < ::API::Base
include PaginationParams
before do
authenticate!
2022-05-07 20:08:51 +05:30
authorize! :read_secure_files, user_project
2022-04-04 11:22:00 +05:30
end
2023-04-23 21:23:45 +05:30
feature_category :mobile_devops
2022-04-04 11:22:00 +05:30
default_format :json
params do
2023-03-04 22:38:38 +05:30
requires :id, types: [String, Integer], desc: 'The ID or URL-encoded path of the project owned by the
authenticated user'
2022-04-04 11:22:00 +05:30
end
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
2023-03-04 22:38:38 +05:30
desc 'Get list of secure files in a project' do
success Entities::Ci::SecureFile
tags %w[secure_files]
end
2022-04-04 11:22:00 +05:30
params do
use :pagination
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
get ':id/secure_files' do
2022-07-23 23:45:48 +05:30
secure_files = user_project.secure_files.order_by_created_at
2022-04-04 11:22:00 +05:30
present paginate(secure_files), with: Entities::Ci::SecureFile
end
2023-03-04 22:38:38 +05:30
desc 'Get the details of a specific secure file in a project' do
success Entities::Ci::SecureFile
tags %w[secure_files]
failure [{ code: 404, message: '404 Not found' }]
end
2022-04-04 11:22:00 +05:30
params do
2023-03-04 22:38:38 +05:30
requires :id, type: Integer, desc: 'The ID of a secure file'
2022-04-04 11:22:00 +05:30
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
get ':id/secure_files/:secure_file_id' do
secure_file = user_project.secure_files.find(params[:secure_file_id])
present secure_file, with: Entities::Ci::SecureFile
end
2023-03-04 22:38:38 +05:30
desc 'Download secure file' do
failure [{ code: 404, message: '404 Not found' }]
tags %w[secure_files]
end
2022-04-04 11:22:00 +05:30
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
get ':id/secure_files/:secure_file_id/download' do
secure_file = user_project.secure_files.find(params[:secure_file_id])
content_type 'application/octet-stream'
env['api.format'] = :binary
header['Content-Disposition'] = "attachment; filename=#{secure_file.name}"
body secure_file.file.read
end
2022-05-07 20:08:51 +05:30
resource do
before do
2022-06-21 17:19:12 +05:30
read_only_feature_flag_enabled?
2022-05-07 20:08:51 +05:30
authorize! :admin_secure_files, user_project
end
2022-04-04 11:22:00 +05:30
2023-03-04 22:38:38 +05:30
desc 'Create a secure file' do
success Entities::Ci::SecureFile
tags %w[secure_files]
failure [{ code: 400, message: '400 Bad Request' }]
end
2022-05-07 20:08:51 +05:30
params do
2023-03-04 22:38:38 +05:30
requires :name, type: String, desc: 'The name of the file being uploaded. The filename must be unique within
the project'
requires :file, types: [Rack::Multipart::UploadedFile, ::API::Validations::Types::WorkhorseFile], desc: 'The secure file being uploaded', documentation: { type: 'file' }
2022-05-07 20:08:51 +05:30
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
post ':id/secure_files' do
secure_file = user_project.secure_files.new(
2022-11-25 23:54:43 +05:30
name: Gitlab::Utils.check_path_traversal!(params[:name])
2022-05-07 20:08:51 +05:30
)
secure_file.file = params[:file]
file_too_large! unless secure_file.file.size < ::Ci::SecureFile::FILE_SIZE_LIMIT.to_i
if secure_file.save
2023-03-04 22:38:38 +05:30
::Ci::ParseSecureFileMetadataWorker.perform_async(secure_file.id) # rubocop:disable CodeReuse/Worker
2022-05-07 20:08:51 +05:30
present secure_file, with: Entities::Ci::SecureFile
else
render_validation_error!(secure_file)
end
2022-04-04 11:22:00 +05:30
end
2023-03-04 22:38:38 +05:30
desc 'Remove a secure file' do
tags %w[secure_files]
failure [{ code: 404, message: '404 Not found' }]
end
2022-05-07 20:08:51 +05:30
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
delete ':id/secure_files/:secure_file_id' do
secure_file = user_project.secure_files.find(params[:secure_file_id])
2022-04-04 11:22:00 +05:30
2022-05-07 20:08:51 +05:30
::Ci::DestroySecureFileService.new(user_project, current_user).execute(secure_file)
2022-04-04 11:22:00 +05:30
2022-05-07 20:08:51 +05:30
no_content!
end
2022-04-04 11:22:00 +05:30
end
end
helpers do
2022-06-21 17:19:12 +05:30
def read_only_feature_flag_enabled?
2022-07-16 23:28:13 +05:30
service_unavailable! if Feature.enabled?(:ci_secure_files_read_only, user_project, type: :ops)
2022-06-21 17:19:12 +05:30
end
2022-04-04 11:22:00 +05:30
end
end
end
end