debian-mirror-gitlab/app/controllers/projects/lfs_api_controller.rb

# frozen_string_literal: true

class Projects::LfsApiController < Projects::GitHttpClientController
  include LfsRequest
  include Gitlab::Utils::StrongMemoize

  LFS_TRANSFER_CONTENT_TYPE = 'application/octet-stream'

  skip_before_action :lfs_check_access!, only: [:deprecated]
  before_action :lfs_check_batch_operation!, only: [:batch]

  def batch
    unless objects.present?
      render_lfs_not_found
      return
    end

    if download_request?
      render json: { objects: download_objects! }
    elsif upload_request?
      render json: { objects: upload_objects! }
    else
      raise "Never reached"
    end
  end

  def deprecated
    render(
      json: {
        message: _('Server supports batch API only, please update your Git LFS client to version 1.0.1 and up.'),
        documentation_url: "#{Gitlab.config.gitlab.url}/help"
      },
      status: :not_implemented
    )
  end

  private

  def download_request?
    params[:operation] == 'download'
  end

  def upload_request?
    params[:operation] == 'upload'
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def existing_oids
    @existing_oids ||= begin
      project.all_lfs_objects.where(oid: objects.map { |o| o['oid'].to_s }).pluck(:oid)
    end
  end
  # rubocop: enable CodeReuse/ActiveRecord

  def download_objects!
    objects.each do |object|
      if existing_oids.include?(object[:oid])
        object[:actions] = download_actions(object)

        if Guest.can?(:download_code, project)
          object[:authenticated] = true
        end
      else
        object[:error] = {
          code: 404,
          message: _("Object does not exist on the server or you don't have permissions to access it")
        }
      end
    end
    objects
  end

  def upload_objects!
    objects.each do |object|
      object[:actions] = upload_actions(object) unless existing_oids.include?(object[:oid])
    end
    objects
  end

  def download_actions(object)
    {
      download: {
        href: "#{project.http_url_to_repo}/gitlab-lfs/objects/#{object[:oid]}",
        header: {
          Authorization: authorization_header
        }.compact
      }
    }
  end

  def upload_actions(object)
    {
      upload: {
        href: "#{project.http_url_to_repo}/gitlab-lfs/objects/#{object[:oid]}/#{object[:size]}",
        header: {
          Authorization: authorization_header,
          # git-lfs v2.5.0 sets the Content-Type based on the uploaded file. This
          # ensures that Workhorse can intercept the request.
          'Content-Type': LFS_TRANSFER_CONTENT_TYPE
        }.compact
      }
    }
  end

  def lfs_check_batch_operation!
    if batch_operation_disallowed?
      render(
        json: {
          message: lfs_read_only_message
        },
        content_type: LfsRequest::CONTENT_TYPE,
        status: 403
      )
    end
  end

  # Overridden in EE
  def batch_operation_disallowed?
    upload_request? && Gitlab::Database.read_only?
  end

  # Overridden in EE
  def lfs_read_only_message
    _('You cannot write to this read-only GitLab instance.')
  end

  def authorization_header
    strong_memoize(:authorization_header) do
      lfs_auth_header || request.headers['Authorization']
    end
  end

  def lfs_auth_header
    return unless user.is_a?(User)

    Gitlab::LfsToken.new(user).basic_encoding
  end
end

Projects::LfsApiController.prepend_if_ee('EE::Projects::LfsApiController')
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# frozen_string_literal: true`

New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`class Projects::LfsApiController < Projects::GitHttpClientController`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`include LfsRequest`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`include Gitlab::Utils::StrongMemoize`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`LFS_TRANSFER_CONTENT_TYPE = 'application/octet-stream'`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`skip_before_action :lfs_check_access!, only: [:deprecated]`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`before_action :lfs_check_batch_operation!, only: [:batch]`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30
			`def batch`
			`unless objects.present?`
			`render_lfs_not_found`
			`return`
			`end`

			`if download_request?`
			`render json: { objects: download_objects! }`
			`elsif upload_request?`
			`render json: { objects: upload_objects! }`
			`else`
			`raise "Never reached"`
			`end`
			`end`

			`def deprecated`
			`render(`
			`json: {`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`message: _('Server supports batch API only, please update your Git LFS client to version 1.0.1 and up.'),`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`documentation_url: "#{Gitlab.config.gitlab.url}/help"`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`},`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`status: :not_implemented`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`)`
			`end`

			`private`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def download_request?`
			`params[:operation] == 'download'`
			`end`

			`def upload_request?`
			`params[:operation] == 'upload'`
			`end`

New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# rubocop: disable CodeReuse/ActiveRecord`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`def existing_oids`
			`@existing_oids \|\|= begin`
New upstream version 10.7.3+dfsg 2018-05-09 12:01:36 +05:30			`project.all_lfs_objects.where(oid: objects.map { \|o\| o['oid'].to_s }).pluck(:oid)`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`end`
			`end`
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# rubocop: enable CodeReuse/ActiveRecord`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30
			`def download_objects!`
			`objects.each do \|object\|`
			`if existing_oids.include?(object[:oid])`
			`object[:actions] = download_actions(object)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
			`if Guest.can?(:download_code, project)`
			`object[:authenticated] = true`
			`end`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`else`
			`object[:error] = {`
			`code: 404,`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`message: _("Object does not exist on the server or you don't have permissions to access it")`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`}`
			`end`
			`end`
			`objects`
			`end`

			`def upload_objects!`
			`objects.each do \|object\|`
			`object[:actions] = upload_actions(object) unless existing_oids.include?(object[:oid])`
			`end`
			`objects`
			`end`

			`def download_actions(object)`
			`{`
			`download: {`
			`href: "#{project.http_url_to_repo}/gitlab-lfs/objects/#{object[:oid]}",`
			`header: {`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`Authorization: authorization_header`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`}.compact`
			`}`
			`}`
			`end`

			`def upload_actions(object)`
			`{`
			`upload: {`
			`href: "#{project.http_url_to_repo}/gitlab-lfs/objects/#{object[:oid]}/#{object[:size]}",`
			`header: {`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`Authorization: authorization_header,`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`# git-lfs v2.5.0 sets the Content-Type based on the uploaded file. This`
			`# ensures that Workhorse can intercept the request.`
			`'Content-Type': LFS_TRANSFER_CONTENT_TYPE`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`}.compact`
			`}`
			`}`
			`end`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
			`def lfs_check_batch_operation!`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`if batch_operation_disallowed?`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`render(`
			`json: {`
			`message: lfs_read_only_message`
			`},`
			`content_type: LfsRequest::CONTENT_TYPE,`
			`status: 403`
			`)`
			`end`
			`end`

New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`# Overridden in EE`
			`def batch_operation_disallowed?`
			`upload_request? && Gitlab::Database.read_only?`
			`end`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`# Overridden in EE`
			`def lfs_read_only_message`
			`_('You cannot write to this read-only GitLab instance.')`
			`end`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30
			`def authorization_header`
			`strong_memoize(:authorization_header) do`
			`lfs_auth_header \|\| request.headers['Authorization']`
			`end`
			`end`

			`def lfs_auth_header`
			`return unless user.is_a?(User)`

			`Gitlab::LfsToken.new(user).basic_encoding`
			`end`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`end`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`Projects::LfsApiController.prepend_if_ee('EE::Projects::LfsApiController')`