debian-mirror-gitlab/app/uploaders/ci/secure_file_uploader.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

43 lines
903 B
Ruby
Raw Normal View History

2022-03-02 08:16:31 +05:30
# frozen_string_literal: true
module Ci
class SecureFileUploader < GitlabUploader
include ObjectStorage::Concern
2023-05-27 22:25:52 +05:30
storage_location :ci_secure_files
2022-03-02 08:16:31 +05:30
# Use Lockbox to encrypt/decrypt the stored file (registers CarrierWave callbacks)
encrypt(key: :key)
def key
2022-06-21 17:19:12 +05:30
Digest::SHA256.digest model.key_data
2022-03-02 08:16:31 +05:30
end
def checksum
@checksum ||= Digest::SHA256.hexdigest(model.file.read)
end
def store_dir
dynamic_segment
end
private
def dynamic_segment
Gitlab::HashedPath.new('secure_files', model.id, root_hash: model.project_id)
end
class << self
# direct upload is disabled since the file
# must always be encrypted
def direct_upload_enabled?
false
end
def default_store
object_store_enabled? ? ObjectStorage::Store::REMOTE : ObjectStorage::Store::LOCAL
end
end
end
end