debian-mirror-gitlab/lib/gitlab/middleware/read_only/controller.rb

157 lines
5.1 KiB
Ruby
Raw Normal View History

2019-02-15 15:39:39 +05:30
# frozen_string_literal: true
2018-03-27 19:54:05 +05:30
module Gitlab
module Middleware
class ReadOnly
class Controller
DISALLOWED_METHODS = %w(POST PATCH PUT DELETE).freeze
2019-12-04 20:38:33 +05:30
APPLICATION_JSON = 'application/json'
2018-11-08 19:23:39 +05:30
APPLICATION_JSON_TYPES = %W{#{APPLICATION_JSON} application/vnd.git-lfs+json}.freeze
2019-12-04 20:38:33 +05:30
ERROR_MESSAGE = 'You cannot perform write operations on a read-only instance'
2018-03-27 19:54:05 +05:30
2021-02-22 17:27:13 +05:30
ALLOWLISTED_GIT_READ_ONLY_ROUTES = {
2021-01-29 00:20:46 +05:30
'repositories/git_http' => %w{git_upload_pack}
2018-11-08 19:23:39 +05:30
}.freeze
2021-01-29 00:20:46 +05:30
ALLOWLISTED_GIT_LFS_BATCH_ROUTES = {
'repositories/lfs_api' => %w{batch}
2018-11-08 19:23:39 +05:30
}.freeze
2021-01-29 00:20:46 +05:30
ALLOWLISTED_GIT_REVISION_ROUTES = {
2019-12-21 20:55:43 +05:30
'projects/compare' => %w{create}
}.freeze
2021-01-29 00:20:46 +05:30
ALLOWLISTED_SESSION_ROUTES = {
2020-03-13 15:44:24 +05:30
'sessions' => %w{destroy},
'admin/sessions' => %w{create destroy}
}.freeze
2019-12-21 20:55:43 +05:30
GRAPHQL_URL = '/api/graphql'
2018-03-27 19:54:05 +05:30
def initialize(app, env)
@app = app
@env = env
end
def call
2021-02-22 17:27:13 +05:30
if disallowed_request? && read_only?
2020-11-24 15:15:51 +05:30
Gitlab::AppLogger.debug('GitLab ReadOnly: preventing possible non read-only operation')
2018-03-27 19:54:05 +05:30
if json_request?
return [403, { 'Content-Type' => APPLICATION_JSON }, [{ 'message' => ERROR_MESSAGE }.to_json]]
else
rack_flash.alert = ERROR_MESSAGE
rack_session['flash'] = rack_flash.to_session_value
return [301, { 'Location' => last_visited_url }, []]
end
end
@app.call(@env)
end
private
def disallowed_request?
DISALLOWED_METHODS.include?(@env['REQUEST_METHOD']) &&
2021-01-29 00:20:46 +05:30
!allowlisted_routes
2018-03-27 19:54:05 +05:30
end
2021-02-22 17:27:13 +05:30
# Overridden in EE module
def read_only?
Gitlab::Database.read_only?
end
2018-03-27 19:54:05 +05:30
def json_request?
2018-11-08 19:23:39 +05:30
APPLICATION_JSON_TYPES.include?(request.media_type)
2018-03-27 19:54:05 +05:30
end
def rack_flash
@rack_flash ||= ActionDispatch::Flash::FlashHash.from_session_value(rack_session)
end
def rack_session
@env['rack.session']
end
def request
2019-03-02 22:35:43 +05:30
@env['actionpack.request'] ||= ActionDispatch::Request.new(@env)
2018-03-27 19:54:05 +05:30
end
def last_visited_url
@env['HTTP_REFERER'] || rack_session['user_return_to'] || Gitlab::Routing.url_helpers.root_url
end
def route_hash
2021-06-02 17:11:27 +05:30
@route_hash ||= Rails.application.routes.recognize_path(request_url, { method: request.request_method }) rescue {}
end
def request_url
request.url.chomp('/')
end
def request_path
@request_path ||= request.path.chomp('/')
2018-03-27 19:54:05 +05:30
end
2019-03-02 22:35:43 +05:30
def relative_url
File.join('', Gitlab.config.gitlab.relative_url_root).chomp('/')
end
2018-11-08 19:23:39 +05:30
# Overridden in EE module
2021-01-29 00:20:46 +05:30
def allowlisted_routes
workhorse_passthrough_route? || internal_route? || lfs_batch_route? || compare_git_revisions_route? || sidekiq_route? || session_route? || graphql_query?
2018-03-27 19:54:05 +05:30
end
2020-04-08 14:13:33 +05:30
# URL for requests passed through gitlab-workhorse to rails-web
# https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/12
def workhorse_passthrough_route?
2018-03-27 19:54:05 +05:30
# Calling route_hash may be expensive. Only do it if we think there's a possible match
2020-04-08 14:13:33 +05:30
return false unless request.post? &&
2021-06-02 17:11:27 +05:30
request_path.end_with?('.git/git-upload-pack')
2018-03-27 19:54:05 +05:30
2021-02-22 17:27:13 +05:30
ALLOWLISTED_GIT_READ_ONLY_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
2018-03-27 19:54:05 +05:30
end
2019-03-02 22:35:43 +05:30
def internal_route?
ReadOnly.internal_routes.any? { |path| request.path.include?(path) }
end
2019-12-21 20:55:43 +05:30
def compare_git_revisions_route?
# Calling route_hash may be expensive. Only do it if we think there's a possible match
return false unless request.post? && request.path.end_with?('compare')
2021-01-29 00:20:46 +05:30
ALLOWLISTED_GIT_REVISION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
2019-12-21 20:55:43 +05:30
end
2021-01-29 00:20:46 +05:30
# Batch upload requests are blocked in:
# https://gitlab.com/gitlab-org/gitlab/blob/master/app/controllers/repositories/lfs_api_controller.rb#L106
def lfs_batch_route?
2018-03-27 19:54:05 +05:30
# Calling route_hash may be expensive. Only do it if we think there's a possible match
2021-06-02 17:11:27 +05:30
return unless request_path.end_with?('/info/lfs/objects/batch')
2018-11-08 19:23:39 +05:30
2021-01-29 00:20:46 +05:30
ALLOWLISTED_GIT_LFS_BATCH_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
2018-11-08 19:23:39 +05:30
end
2018-03-27 19:54:05 +05:30
2020-03-13 15:44:24 +05:30
def session_route?
# Calling route_hash may be expensive. Only do it if we think there's a possible match
2021-06-02 17:11:27 +05:30
return false unless request.post? && request_path.end_with?('/users/sign_out',
2020-03-13 15:44:24 +05:30
'/admin/session', '/admin/session/destroy')
2021-01-29 00:20:46 +05:30
ALLOWLISTED_SESSION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
2020-03-13 15:44:24 +05:30
end
2019-03-02 22:35:43 +05:30
def sidekiq_route?
request.path.start_with?("#{relative_url}/admin/sidekiq")
2018-03-27 19:54:05 +05:30
end
2019-12-21 20:55:43 +05:30
def graphql_query?
2020-10-24 23:57:45 +05:30
request.post? && request.path.start_with?(File.join(relative_url, GRAPHQL_URL))
2019-12-21 20:55:43 +05:30
end
2018-03-27 19:54:05 +05:30
end
end
end
end
2020-05-24 23:13:21 +05:30
2021-06-08 01:23:25 +05:30
Gitlab::Middleware::ReadOnly::Controller.prepend_mod_with('Gitlab::Middleware::ReadOnly::Controller')