debian-mirror-gitlab/app/controllers/search_controller.rb

# frozen_string_literal: true

class SearchController < ApplicationController
  include ControllerWithCrossProjectAccessCheck
  include SearchHelper
  include RedisTracking

  RESCUE_FROM_TIMEOUT_ACTIONS = [:count, :show].freeze

  track_redis_hll_event :show, name: 'i_search_total'

  around_action :allow_gitaly_ref_name_caching

  before_action :block_anonymous_global_searches, :check_scope_global_search_enabled, except: :opensearch
  before_action :strip_surrounding_whitespace_from_search, except: :opensearch
  skip_before_action :authenticate_user!
  requires_cross_project_access if: -> do
    search_term_present = params[:search].present? || params[:term].present?
    search_term_present && !params[:project_id].present?
  end

  rescue_from ActiveRecord::QueryCanceled, with: :render_timeout

  layout 'search'

  feature_category :global_search
  urgency :high, [:opensearch]

  def show
    @project = search_service.project
    @group = search_service.group

    return if params[:search].blank?

    return unless search_term_valid?

    return if check_single_commit_result?

    @search_term = params[:search]
    @sort = params[:sort] || default_sort

    @search_service = Gitlab::View::Presenter::Factory.new(search_service, current_user: current_user).fabricate!
    @scope = @search_service.scope
    @without_count = @search_service.without_count?
    @show_snippets = @search_service.show_snippets?
    @search_results = @search_service.search_results
    @search_objects = @search_service.search_objects
    @search_highlight = @search_service.search_highlight
    @aggregations = @search_service.search_aggregations

    increment_search_counters
  end

  def count
    params.require([:search, :scope])

    scope = search_service.scope

    count = 0
    ApplicationRecord.with_fast_read_statement_timeout do
      count = search_service.search_results.formatted_count(scope)
    end

    # Users switching tabs will keep fetching the same tab counts so it's a
    # good idea to cache in their browser just for a short time. They can still
    # clear cache if they are seeing an incorrect count but inaccurate count is
    # not such a bad thing.
    expires_in 1.minute

    render json: { count: count }
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def autocomplete
    term = params[:term]

    if params[:project_id].present?
      @project = Project.find_by(id: params[:project_id])
      @project = nil unless can?(current_user, :read_project, @project)
    end

    @ref = params[:project_ref] if params[:project_ref].present?

    render json: search_autocomplete_opts(term).to_json
  end
  # rubocop: enable CodeReuse/ActiveRecord

  def opensearch
  end

  private

  # overridden in EE
  def default_sort
    'created_desc'
  end

  def search_term_valid?
    unless search_service.valid_query_length?
      flash[:alert] = t('errors.messages.search_chars_too_long', count: SearchService::SEARCH_CHAR_LIMIT)
      return false
    end

    unless search_service.valid_terms_count?
      flash[:alert] = t('errors.messages.search_terms_too_long', count: SearchService::SEARCH_TERM_LIMIT)
      return false
    end

    true
  end

  def check_single_commit_result?
    return false if params[:force_search_results]
    return false unless @project.present?
    # download_code project policy grants user the read_commit ability
    return false unless Ability.allowed?(current_user, :download_code, @project)

    query = params[:search].strip.downcase
    return false unless Commit.valid_hash?(query)

    commit = @project.commit_by(oid: query)
    return false unless commit.present?

    link = search_path(safe_params.merge(force_search_results: true))
    flash[:notice] = html_escape(_("You have been redirected to the only result; see the %{a_start}search results%{a_end} instead.")) % { a_start: "<a href=\"#{link}\"><u>".html_safe, a_end: '</u></a>'.html_safe }
    redirect_to project_commit_path(@project, commit)

    true
  end

  def increment_search_counters
    Gitlab::UsageDataCounters::SearchCounter.count(:all_searches)

    return if params[:nav_source] != 'navbar'

    Gitlab::UsageDataCounters::SearchCounter.count(:navbar_searches)
  end

  def append_info_to_payload(payload)
    super

    # Merging to :metadata will ensure these are logged as top level keys
    payload[:metadata] ||= {}
    payload[:metadata]['meta.search.group_id'] = params[:group_id]
    payload[:metadata]['meta.search.project_id'] = params[:project_id]
    payload[:metadata]['meta.search.scope'] = params[:scope] || @scope
    payload[:metadata]['meta.search.filters.confidential'] = params[:confidential]
    payload[:metadata]['meta.search.filters.state'] = params[:state]
    payload[:metadata]['meta.search.force_search_results'] = params[:force_search_results]
  end

  def block_anonymous_global_searches
    return if params[:project_id].present? || params[:group_id].present?
    return if current_user
    return unless ::Feature.enabled?(:block_anonymous_global_searches, type: :ops)

    store_location_for(:user, request.fullpath)

    redirect_to new_user_session_path, alert: _('You must be logged in to search across all of GitLab')
  end

  def check_scope_global_search_enabled
    return if params[:project_id].present? || params[:group_id].present?

    search_allowed = case params[:scope]
                     when 'blobs'
                       Feature.enabled?(:global_search_code_tab, current_user, type: :ops, default_enabled: true)
                     when 'commits'
                       Feature.enabled?(:global_search_commits_tab, current_user, type: :ops, default_enabled: true)
                     when 'issues'
                       Feature.enabled?(:global_search_issues_tab, current_user, type: :ops, default_enabled: true)
                     when 'merge_requests'
                       Feature.enabled?(:global_search_merge_requests_tab, current_user, type: :ops, default_enabled: true)
                     when 'wiki_blobs'
                       Feature.enabled?(:global_search_wiki_tab, current_user, type: :ops, default_enabled: true)
                     else
                       true
                     end

    return if search_allowed

    redirect_to search_path, alert: _('Global Search is disabled for this scope')
  end

  def render_timeout(exception)
    raise exception unless action_name.to_sym.in?(RESCUE_FROM_TIMEOUT_ACTIONS)

    log_exception(exception)

    @timeout = true

    if count_action_name?
      render json: {}, status: :request_timeout
    else
      render status: :request_timeout
    end
  end

  def count_action_name?
    action_name.to_sym == :count
  end

  def strip_surrounding_whitespace_from_search
    %i(term search).each { |param| params[param]&.strip! }
  end
end

SearchController.prepend_mod_with('SearchController')
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# frozen_string_literal: true`

Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`class SearchController < ApplicationController`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`include ControllerWithCrossProjectAccessCheck`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`include SearchHelper`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`include RedisTracking`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30			`RESCUE_FROM_TIMEOUT_ACTIONS = [:count, :show].freeze`

New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`track_redis_hll_event :show, name: 'i_search_total'`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`around_action :allow_gitaly_ref_name_caching`

New upstream version 14.3.4+ds1 2021-11-11 11:23:49 +05:30			`before_action :block_anonymous_global_searches, :check_scope_global_search_enabled, except: :opensearch`
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`before_action :strip_surrounding_whitespace_from_search, except: :opensearch`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`skip_before_action :authenticate_user!`
			`requires_cross_project_access if: -> do`
			`search_term_present = params[:search].present? \|\| params[:term].present?`
			`search_term_present && !params[:project_id].present?`
			`end`

New upstream version 14.1.7+ds1 2021-09-30 23:02:18 +05:30			`rescue_from ActiveRecord::QueryCanceled, with: :render_timeout`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`layout 'search'`

New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`feature_category :global_search`
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`urgency :high, [:opensearch]`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`def show`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`@project = search_service.project`
			`@group = search_service.group`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`return if params[:search].blank?`
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`return unless search_term_valid?`

New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`return if check_single_commit_result?`

Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`@search_term = params[:search]`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`@sort = params[:sort] \|\| default_sort`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`@search_service = Gitlab::View::Presenter::Factory.new(search_service, current_user: current_user).fabricate!`
			`@scope = @search_service.scope`
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30			`@without_count = @search_service.without_count?`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`@show_snippets = @search_service.show_snippets?`
			`@search_results = @search_service.search_results`
			`@search_objects = @search_service.search_objects`
			`@search_highlight = @search_service.search_highlight`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`@aggregations = @search_service.search_aggregations`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`increment_search_counters`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`end`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`def count`
			`params.require([:search, :scope])`

			`scope = search_service.scope`
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30
			`count = 0`
			`ApplicationRecord.with_fast_read_statement_timeout do`
			`count = search_service.search_results.formatted_count(scope)`
			`end`
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`# Users switching tabs will keep fetching the same tab counts so it's a`
			`# good idea to cache in their browser just for a short time. They can still`
			`# clear cache if they are seeing an incorrect count but inaccurate count is`
			`# not such a bad thing.`
			`expires_in 1.minute`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`render json: { count: count }`
			`end`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`# rubocop: disable CodeReuse/ActiveRecord`
			`def autocomplete`
			`term = params[:term]`

			`if params[:project_id].present?`
			`@project = Project.find_by(id: params[:project_id])`
			`@project = nil unless can?(current_user, :read_project, @project)`
			`end`

			`@ref = params[:project_ref] if params[:project_ref].present?`

			`render json: search_autocomplete_opts(term).to_json`
			`end`
			`# rubocop: enable CodeReuse/ActiveRecord`

New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`def opensearch`
			`end`

New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`private`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`# overridden in EE`
			`def default_sort`
			`'created_desc'`
			`end`

New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`def search_term_valid?`
			`unless search_service.valid_query_length?`
			`flash[:alert] = t('errors.messages.search_chars_too_long', count: SearchService::SEARCH_CHAR_LIMIT)`
			`return false`
			`end`

			`unless search_service.valid_terms_count?`
			`flash[:alert] = t('errors.messages.search_terms_too_long', count: SearchService::SEARCH_TERM_LIMIT)`
			`return false`
			`end`

			`true`
			`end`

New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`def check_single_commit_result?`
			`return false if params[:force_search_results]`
			`return false unless @project.present?`
			`# download_code project policy grants user the read_commit ability`
			`return false unless Ability.allowed?(current_user, :download_code, @project)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`query = params[:search].strip.downcase`
			`return false unless Commit.valid_hash?(query)`

			`commit = @project.commit_by(oid: query)`
			`return false unless commit.present?`

			`link = search_path(safe_params.merge(force_search_results: true))`
			`flash[:notice] = html_escape(_("You have been redirected to the only result; see the %{a_start}search results%{a_end} instead.")) % { a_start: "<a href=\"#{link}\"><u>".html_safe, a_end: '</u></a>'.html_safe }`
			`redirect_to project_commit_path(@project, commit)`

			`true`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`def increment_search_counters`
			`Gitlab::UsageDataCounters::SearchCounter.count(:all_searches)`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`return if params[:nav_source] != 'navbar'`

New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`Gitlab::UsageDataCounters::SearchCounter.count(:navbar_searches)`
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`end`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30
			`def append_info_to_payload(payload)`
			`super`

			`# Merging to :metadata will ensure these are logged as top level keys`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`payload[:metadata] \|\|= {}`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`payload[:metadata]['meta.search.group_id'] = params[:group_id]`
			`payload[:metadata]['meta.search.project_id'] = params[:project_id]`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`payload[:metadata]['meta.search.scope'] = params[:scope] \|\| @scope`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`payload[:metadata]['meta.search.filters.confidential'] = params[:confidential]`
			`payload[:metadata]['meta.search.filters.state'] = params[:state]`
			`payload[:metadata]['meta.search.force_search_results'] = params[:force_search_results]`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`end`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30
			`def block_anonymous_global_searches`
			`return if params[:project_id].present? \|\| params[:group_id].present?`
			`return if current_user`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`return unless ::Feature.enabled?(:block_anonymous_global_searches, type: :ops)`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30
			`store_location_for(:user, request.fullpath)`

			`redirect_to new_user_session_path, alert: _('You must be logged in to search across all of GitLab')`
			`end`
New upstream version 14.1.7+ds1 2021-09-30 23:02:18 +05:30
New upstream version 14.3.4+ds1 2021-11-11 11:23:49 +05:30			`def check_scope_global_search_enabled`
			`return if params[:project_id].present? \|\| params[:group_id].present?`

			`search_allowed = case params[:scope]`
			`when 'blobs'`
			`Feature.enabled?(:global_search_code_tab, current_user, type: :ops, default_enabled: true)`
			`when 'commits'`
			`Feature.enabled?(:global_search_commits_tab, current_user, type: :ops, default_enabled: true)`
			`when 'issues'`
			`Feature.enabled?(:global_search_issues_tab, current_user, type: :ops, default_enabled: true)`
			`when 'merge_requests'`
			`Feature.enabled?(:global_search_merge_requests_tab, current_user, type: :ops, default_enabled: true)`
			`when 'wiki_blobs'`
			`Feature.enabled?(:global_search_wiki_tab, current_user, type: :ops, default_enabled: true)`
			`else`
			`true`
			`end`

			`return if search_allowed`

			`redirect_to search_path, alert: _('Global Search is disabled for this scope')`
			`end`

New upstream version 14.1.7+ds1 2021-09-30 23:02:18 +05:30			`def render_timeout(exception)`
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30			`raise exception unless action_name.to_sym.in?(RESCUE_FROM_TIMEOUT_ACTIONS)`
New upstream version 14.1.7+ds1 2021-09-30 23:02:18 +05:30
			`log_exception(exception)`

			`@timeout = true`
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30
			`if count_action_name?`
			`render json: {}, status: :request_timeout`
			`else`
			`render status: :request_timeout`
			`end`
			`end`

			`def count_action_name?`
			`action_name.to_sym == :count`
New upstream version 14.1.7+ds1 2021-09-30 23:02:18 +05:30			`end`
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30
			`def strip_surrounding_whitespace_from_search`
			`%i(term search).each { \|param\| params[param]&.strip! }`
			`end`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`end`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`SearchController.prepend_mod_with('SearchController')`