debian-mirror-gitlab/lib/gitlab/metrics/subscribers/rack_attack.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

88 lines
2.7 KiB
Ruby
Raw Normal View History

2021-03-11 19:13:27 +05:30
# frozen_string_literal: true
module Gitlab
module Metrics
module Subscribers
# - Adds logging for all Rack Attack blocks and throttling events.
# - Instrument the cache operations of RackAttack to use in structured
# logs. Two fields are exposed:
# + rack_attack_redis_count: the number of redis calls triggered by
# RackAttack in a request.
# + rack_attack_redis_duration_s: the total duration of all redis calls
# triggered by RackAttack in a request.
class RackAttack < ActiveSupport::Subscriber
attach_to 'rack_attack'
INSTRUMENTATION_STORE_KEY = :rack_attack_instrumentation
def self.payload
Gitlab::SafeRequestStore[INSTRUMENTATION_STORE_KEY] ||= {
rack_attack_redis_count: 0,
rack_attack_redis_duration_s: 0.0
}
end
def redis(event)
self.class.payload[:rack_attack_redis_count] += 1
self.class.payload[:rack_attack_redis_duration_s] += event.duration.to_f / 1000
end
def safelist(event)
req = event.payload[:request]
Gitlab::Instrumentation::Throttle.safelist = req.env['rack.attack.matched']
end
def throttle(event)
2022-07-16 23:28:13 +05:30
log_into_auth_logger(event, status: 429)
2021-03-11 19:13:27 +05:30
end
def blocklist(event)
2022-07-16 23:28:13 +05:30
log_into_auth_logger(event, status: 403)
2021-03-11 19:13:27 +05:30
end
def track(event)
2022-07-16 23:28:13 +05:30
log_into_auth_logger(event, status: nil)
2021-03-11 19:13:27 +05:30
end
private
2022-07-16 23:28:13 +05:30
def log_into_auth_logger(event, status:)
2021-03-11 19:13:27 +05:30
req = event.payload[:request]
rack_attack_info = {
message: 'Rack_Attack',
env: req.env['rack.attack.match_type'],
remote_ip: req.ip,
request_method: req.request_method,
path: req.fullpath,
matched: req.env['rack.attack.matched']
}
2022-07-16 23:28:13 +05:30
if status
rack_attack_info[:status] = status
end
2022-05-03 16:02:30 +05:30
discriminator = req.env['rack.attack.match_discriminator'].to_s
discriminator_id = discriminator.split(':').last
2021-03-11 19:13:27 +05:30
2022-05-03 16:02:30 +05:30
if discriminator.starts_with?('user:')
user = User.find_by(id: discriminator_id) # rubocop:disable CodeReuse/ActiveRecord
rack_attack_info[:user_id] = discriminator_id.to_i
2021-03-11 19:13:27 +05:30
rack_attack_info['meta.user'] = user.username unless user.nil?
2022-05-03 16:02:30 +05:30
elsif discriminator.starts_with?('deploy_token:')
rack_attack_info[:deploy_token_id] = discriminator_id.to_i
2021-03-11 19:13:27 +05:30
end
Gitlab::InstrumentationHelper.add_instrumentation_data(rack_attack_info)
logger.error(rack_attack_info)
end
def logger
Gitlab::AuthLogger
end
end
end
end
end