2022-03-02 08:16:31 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module Ci
|
|
|
|
class SecureFileUploader < GitlabUploader
|
|
|
|
include ObjectStorage::Concern
|
|
|
|
|
|
|
|
storage_options Gitlab.config.ci_secure_files
|
|
|
|
|
|
|
|
# Use Lockbox to encrypt/decrypt the stored file (registers CarrierWave callbacks)
|
|
|
|
encrypt(key: :key)
|
|
|
|
|
|
|
|
def key
|
2022-06-21 17:19:12 +05:30
|
|
|
Digest::SHA256.digest model.key_data
|
2022-03-02 08:16:31 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
def checksum
|
|
|
|
@checksum ||= Digest::SHA256.hexdigest(model.file.read)
|
|
|
|
end
|
|
|
|
|
|
|
|
def store_dir
|
|
|
|
dynamic_segment
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def dynamic_segment
|
|
|
|
Gitlab::HashedPath.new('secure_files', model.id, root_hash: model.project_id)
|
|
|
|
end
|
|
|
|
|
|
|
|
class << self
|
|
|
|
# direct upload is disabled since the file
|
|
|
|
# must always be encrypted
|
|
|
|
def direct_upload_enabled?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
|
|
|
def default_store
|
|
|
|
object_store_enabled? ? ObjectStorage::Store::REMOTE : ObjectStorage::Store::LOCAL
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|