debian-mirror-gitlab/app/models/hooks/web_hook.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

213 lines
5.7 KiB
Ruby
Raw Normal View History

2018-11-20 20:47:30 +05:30
# frozen_string_literal: true
2019-07-07 11:18:12 +05:30
class WebHook < ApplicationRecord
2015-04-26 12:48:37 +05:30
include Sortable
2014-09-02 18:07:02 +05:30
2022-08-13 15:12:31 +05:30
InterpolationError = Class.new(StandardError)
2021-09-04 01:27:46 +05:30
MAX_FAILURES = 100
2021-06-08 01:23:25 +05:30
FAILURE_THRESHOLD = 3 # three strikes
INITIAL_BACKOFF = 10.minutes
MAX_BACKOFF = 1.day
BACKOFF_GROWTH_FACTOR = 2.0
2018-12-05 23:21:45 +05:30
attr_encrypted :token,
2022-08-27 11:52:29 +05:30
mode: :per_attribute_iv,
2018-12-05 23:21:45 +05:30
algorithm: 'aes-256-gcm',
2022-08-27 11:52:29 +05:30
key: Settings.attr_encrypted_db_key_base_32
2018-12-05 23:21:45 +05:30
attr_encrypted :url,
2022-08-27 11:52:29 +05:30
mode: :per_attribute_iv,
2018-12-05 23:21:45 +05:30
algorithm: 'aes-256-gcm',
2022-08-27 11:52:29 +05:30
key: Settings.attr_encrypted_db_key_base_32
2018-12-05 23:21:45 +05:30
2022-07-23 23:45:48 +05:30
attr_encrypted :url_variables,
mode: :per_attribute_iv,
key: Settings.attr_encrypted_db_key_base_32,
algorithm: 'aes-256-gcm',
marshal: true,
marshaler: ::Gitlab::Json,
encode: false,
encode_iv: false
2019-12-21 20:55:43 +05:30
has_many :web_hook_logs
2014-09-02 18:07:02 +05:30
2019-10-12 21:52:04 +05:30
validates :url, presence: true
validates :url, public_url: true, unless: ->(hook) { hook.is_a?(SystemHook) }
2018-11-08 19:23:39 +05:30
2018-03-17 18:26:18 +05:30
validates :token, format: { without: /\n/ }
2018-11-20 20:47:30 +05:30
validates :push_events_branch_filter, branch_filter: true
2022-07-23 23:45:48 +05:30
validates :url_variables, json_schema: { filename: 'web_hooks_url_variables' }
2022-08-13 15:12:31 +05:30
validate :no_missing_url_variables
2022-07-23 23:45:48 +05:30
after_initialize :initialize_url_variables
2014-09-02 18:07:02 +05:30
2021-06-08 01:23:25 +05:30
scope :executable, -> do
next all unless Feature.enabled?(:web_hooks_disable_failed)
where('recent_failures <= ? AND (disabled_until IS NULL OR disabled_until < ?)', FAILURE_THRESHOLD, Time.current)
end
2022-08-13 15:12:31 +05:30
# Inverse of executable
scope :disabled, -> do
where('recent_failures > ? OR disabled_until >= ?', FAILURE_THRESHOLD, Time.current)
end
2021-06-08 01:23:25 +05:30
def executable?
2022-01-26 12:08:38 +05:30
!temporarily_disabled? && !permanently_disabled?
end
2022-08-27 11:52:29 +05:30
def temporarily_disabled?
return false unless web_hooks_disable_failed?
2022-01-26 12:08:38 +05:30
disabled_until.present? && disabled_until >= Time.current
end
2022-08-27 11:52:29 +05:30
def permanently_disabled?
return false unless web_hooks_disable_failed?
2021-06-08 01:23:25 +05:30
2022-01-26 12:08:38 +05:30
recent_failures > FAILURE_THRESHOLD
2021-06-08 01:23:25 +05:30
end
2018-12-05 23:21:45 +05:30
# rubocop: disable CodeReuse/ServiceClass
2022-04-04 11:22:00 +05:30
def execute(data, hook_name, force: false)
# hook.executable? is checked in WebHookService#execute
WebHookService.new(self, data, hook_name, force: force).execute
2014-09-02 18:07:02 +05:30
end
2018-12-05 23:21:45 +05:30
# rubocop: enable CodeReuse/ServiceClass
2014-09-02 18:07:02 +05:30
2018-12-05 23:21:45 +05:30
# rubocop: disable CodeReuse/ServiceClass
2015-09-11 14:41:01 +05:30
def async_execute(data, hook_name)
2021-06-08 01:23:25 +05:30
WebHookService.new(self, data, hook_name).async_execute if executable?
2016-06-02 11:05:42 +05:30
end
2018-12-05 23:21:45 +05:30
# rubocop: enable CodeReuse/ServiceClass
2018-11-08 19:23:39 +05:30
# Allow urls pointing localhost and the local network
def allow_local_requests?
2019-10-12 21:52:04 +05:30
Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
2018-11-08 19:23:39 +05:30
end
2020-01-01 13:55:28 +05:30
def help_path
'user/project/integrations/webhooks'
end
2021-06-08 01:23:25 +05:30
def next_backoff
return MAX_BACKOFF if backoff_count >= 8 # optimization to prevent expensive exponentiation and possible overflows
(INITIAL_BACKOFF * (BACKOFF_GROWTH_FACTOR**backoff_count))
.clamp(INITIAL_BACKOFF, MAX_BACKOFF)
.seconds
end
def disable!
2022-01-26 12:08:38 +05:30
return if permanently_disabled?
2021-10-27 15:23:28 +05:30
update_attribute(:recent_failures, FAILURE_THRESHOLD + 1)
2021-06-08 01:23:25 +05:30
end
def enable!
2021-09-04 01:27:46 +05:30
return if recent_failures == 0 && disabled_until.nil? && backoff_count == 0
2021-10-27 15:23:28 +05:30
assign_attributes(recent_failures: 0, disabled_until: nil, backoff_count: 0)
save(validate: false)
2021-06-08 01:23:25 +05:30
end
2021-09-04 01:27:46 +05:30
def backoff!
2022-01-26 12:08:38 +05:30
return if permanently_disabled? || (backoff_count >= MAX_FAILURES && temporarily_disabled?)
2021-11-11 11:23:49 +05:30
2021-10-27 15:23:28 +05:30
assign_attributes(disabled_until: next_backoff.from_now, backoff_count: backoff_count.succ.clamp(0, MAX_FAILURES))
save(validate: false)
2021-09-04 01:27:46 +05:30
end
def failed!
2021-10-27 15:23:28 +05:30
return unless recent_failures < MAX_FAILURES
assign_attributes(recent_failures: recent_failures + 1)
save(validate: false)
2021-09-04 01:27:46 +05:30
end
2022-01-26 12:08:38 +05:30
# @return [Boolean] Whether or not the WebHook is currently throttled.
def rate_limited?
2022-07-23 23:45:48 +05:30
rate_limiter.rate_limited?
2022-01-26 12:08:38 +05:30
end
2022-07-23 23:45:48 +05:30
# @return [Integer] The rate limit for the WebHook. `0` for no limit.
2021-06-08 01:23:25 +05:30
def rate_limit
2022-07-23 23:45:48 +05:30
rate_limiter.limit
2021-06-08 01:23:25 +05:30
end
2022-03-02 08:16:31 +05:30
# Returns the associated Project or Group for the WebHook if one exists.
# Overridden by inheriting classes.
def parent
end
2021-09-04 01:27:46 +05:30
# Custom attributes to be included in the worker context.
def application_context
{ related_class: type }
end
2022-07-23 23:45:48 +05:30
def alert_status
if temporarily_disabled?
:temporarily_disabled
elsif permanently_disabled?
:disabled
else
:executable
end
end
# Exclude binary columns by default - they have no sensible JSON encoding
def serializable_hash(options = nil)
options = options.try(:dup) || {}
options[:except] = Array(options[:except]).dup
options[:except].concat [:encrypted_url_variables, :encrypted_url_variables_iv]
super(options)
end
2022-08-13 15:12:31 +05:30
# See app/validators/json_schemas/web_hooks_url_variables.json
VARIABLE_REFERENCE_RE = /\{([A-Za-z_][A-Za-z0-9_]+)\}/.freeze
def interpolated_url
return url unless url.include?('{')
vars = url_variables
url.gsub(VARIABLE_REFERENCE_RE) do
vars.fetch(_1.delete_prefix('{').delete_suffix('}'))
end
rescue KeyError => e
raise InterpolationError, "Invalid URL template. Missing key #{e.key}"
end
def update_last_failure
# Overridden in child classes.
end
2021-06-08 01:23:25 +05:30
private
def web_hooks_disable_failed?
Feature.enabled?(:web_hooks_disable_failed)
end
2022-07-23 23:45:48 +05:30
def initialize_url_variables
self.url_variables = {} if encrypted_url_variables.nil?
end
def rate_limiter
@rate_limiter ||= Gitlab::WebHooks::RateLimiter.new(self)
end
2022-08-13 15:12:31 +05:30
def no_missing_url_variables
return if url.nil?
variable_names = url_variables.keys
used_variables = url.scan(VARIABLE_REFERENCE_RE).map(&:first)
missing = used_variables - variable_names
return if missing.empty?
errors.add(:url, "Invalid URL template. Missing keys: #{missing}")
end
2014-09-02 18:07:02 +05:30
end