2020-04-08 14:13:33 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-10-15 14:42:47 +05:30
|
|
|
require 'settingslogic'
|
2019-10-12 21:52:04 +05:30
|
|
|
require 'digest/md5'
|
2018-10-15 14:42:47 +05:30
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
# We can not use `Rails.root` here, as this file might be loaded without the
|
|
|
|
# full Rails environment being loaded. We can not use `require_relative` either,
|
|
|
|
# as Rails uses `load` for `require_dependency` (used when loading the Rails
|
|
|
|
# environment). This could then lead to this file being loaded twice.
|
|
|
|
require_dependency File.expand_path('../lib/gitlab', __dir__)
|
|
|
|
|
2018-10-15 14:42:47 +05:30
|
|
|
class Settings < Settingslogic
|
|
|
|
source ENV.fetch('GITLAB_CONFIG') { Pathname.new(File.expand_path('..', __dir__)).join('config/gitlab.yml') }
|
|
|
|
namespace ENV.fetch('GITLAB_ENV') { Rails.env }
|
|
|
|
|
|
|
|
class << self
|
|
|
|
def gitlab_on_standard_port?
|
|
|
|
on_standard_port?(gitlab)
|
|
|
|
end
|
|
|
|
|
|
|
|
def host_without_www(url)
|
|
|
|
host(url).sub('www.', '')
|
|
|
|
end
|
|
|
|
|
|
|
|
def build_gitlab_ci_url
|
|
|
|
custom_port =
|
|
|
|
if on_standard_port?(gitlab)
|
|
|
|
nil
|
|
|
|
else
|
|
|
|
":#{gitlab.port}"
|
|
|
|
end
|
|
|
|
|
|
|
|
[
|
|
|
|
gitlab.protocol,
|
|
|
|
"://",
|
|
|
|
gitlab.host,
|
|
|
|
custom_port,
|
|
|
|
gitlab.relative_url_root
|
|
|
|
].join('')
|
|
|
|
end
|
|
|
|
|
|
|
|
def build_pages_url
|
|
|
|
base_url(pages).join('')
|
|
|
|
end
|
|
|
|
|
|
|
|
def build_gitlab_shell_ssh_path_prefix
|
2020-04-08 14:13:33 +05:30
|
|
|
user = "#{gitlab_shell.ssh_user}@" unless gitlab_shell.ssh_user.empty?
|
|
|
|
user_host = "#{user}#{gitlab_shell.ssh_host}"
|
2018-10-15 14:42:47 +05:30
|
|
|
|
|
|
|
if gitlab_shell.ssh_port != 22
|
|
|
|
"ssh://#{user_host}:#{gitlab_shell.ssh_port}/"
|
|
|
|
else
|
|
|
|
if gitlab_shell.ssh_host.include? ':'
|
|
|
|
"[#{user_host}]:"
|
|
|
|
else
|
|
|
|
"#{user_host}:"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def build_base_gitlab_url
|
|
|
|
base_url(gitlab).join('')
|
|
|
|
end
|
|
|
|
|
|
|
|
def build_gitlab_url
|
|
|
|
(base_url(gitlab) + [gitlab.relative_url_root]).join('')
|
|
|
|
end
|
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
def kerberos_protocol
|
|
|
|
kerberos.https ? "https" : "http"
|
|
|
|
end
|
|
|
|
|
|
|
|
def kerberos_port
|
|
|
|
kerberos.use_dedicated_port ? kerberos.port : gitlab.port
|
|
|
|
end
|
|
|
|
|
|
|
|
# Curl expects username/password for authentication. However when using GSS-Negotiate not credentials should be needed.
|
|
|
|
# By inserting in the Kerberos dedicated URL ":@", we give to curl an empty username and password and GSS auth goes ahead
|
|
|
|
# Known bug reported in http://sourceforge.net/p/curl/bugs/440/ and http://curl.haxx.se/docs/knownbugs.html
|
|
|
|
def build_gitlab_kerberos_url
|
|
|
|
[
|
|
|
|
kerberos_protocol,
|
|
|
|
"://:@",
|
|
|
|
gitlab.host,
|
|
|
|
":#{kerberos_port}",
|
|
|
|
gitlab.relative_url_root
|
|
|
|
].join('')
|
|
|
|
end
|
|
|
|
|
|
|
|
def alternative_gitlab_kerberos_url?
|
|
|
|
kerberos.enabled && (build_gitlab_kerberos_url != build_gitlab_url)
|
|
|
|
end
|
|
|
|
|
2018-10-15 14:42:47 +05:30
|
|
|
# check that values in `current` (string or integer) is a contant in `modul`.
|
|
|
|
def verify_constant_array(modul, current, default)
|
|
|
|
values = default || []
|
|
|
|
unless current.nil?
|
|
|
|
values = []
|
|
|
|
current.each do |constant|
|
|
|
|
values.push(verify_constant(modul, constant, nil))
|
|
|
|
end
|
|
|
|
values.delete_if { |value| value.nil? }
|
|
|
|
end
|
|
|
|
|
|
|
|
values
|
|
|
|
end
|
|
|
|
|
|
|
|
# check that `current` (string or integer) is a contant in `modul`.
|
|
|
|
def verify_constant(modul, current, default)
|
2019-12-21 20:55:43 +05:30
|
|
|
constant = modul.constants.find { |name| modul.const_get(name, false) == current }
|
|
|
|
value = constant.nil? ? default : modul.const_get(constant, false)
|
2018-10-15 14:42:47 +05:30
|
|
|
if current.is_a? String
|
2019-12-21 20:55:43 +05:30
|
|
|
value = modul.const_get(current.upcase, false) rescue default
|
2018-10-15 14:42:47 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
value
|
|
|
|
end
|
|
|
|
|
|
|
|
def absolute(path)
|
|
|
|
File.expand_path(path, Rails.root)
|
|
|
|
end
|
|
|
|
|
2018-11-08 19:23:39 +05:30
|
|
|
# Ruby 2.4+ requires passing in the exact required length for OpenSSL keys
|
|
|
|
# (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1).
|
|
|
|
# Previous versions quietly truncated the input.
|
|
|
|
#
|
|
|
|
# Use this when using :per_attribute_iv mode for attr_encrypted.
|
|
|
|
# We have to truncate the string to 32 bytes for a 256-bit cipher.
|
|
|
|
def attr_encrypted_db_key_base_truncated
|
|
|
|
Gitlab::Application.secrets.db_key_base[0..31]
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
def attr_encrypted_db_key_base_32
|
|
|
|
Gitlab::Utils.ensure_utf8_size(attr_encrypted_db_key_base, bytes: 32.bytes)
|
|
|
|
end
|
|
|
|
|
|
|
|
def attr_encrypted_db_key_base_12
|
|
|
|
Gitlab::Utils.ensure_utf8_size(attr_encrypted_db_key_base, bytes: 12.bytes)
|
|
|
|
end
|
|
|
|
|
2018-11-08 19:23:39 +05:30
|
|
|
# This should be used for :per_attribute_salt_and_iv mode. There is no
|
|
|
|
# need to truncate the key because the encryptor will use the salt to
|
|
|
|
# generate a hash of the password:
|
|
|
|
# https://github.com/attr-encrypted/encryptor/blob/c3a62c4a9e74686dd95e0548f9dc2a361fdc95d1/lib/encryptor.rb#L77
|
|
|
|
def attr_encrypted_db_key_base
|
|
|
|
Gitlab::Application.secrets.db_key_base
|
|
|
|
end
|
|
|
|
|
2020-04-08 14:13:33 +05:30
|
|
|
def load_dynamic_cron_schedules!
|
|
|
|
cron_jobs['gitlab_usage_ping_worker']['cron'] ||= cron_for_usage_ping
|
|
|
|
end
|
|
|
|
|
2018-10-15 14:42:47 +05:30
|
|
|
private
|
|
|
|
|
|
|
|
def base_url(config)
|
|
|
|
custom_port = on_standard_port?(config) ? nil : ":#{config.port}"
|
|
|
|
|
|
|
|
[
|
|
|
|
config.protocol,
|
|
|
|
"://",
|
|
|
|
config.host,
|
|
|
|
custom_port
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
|
|
|
def on_standard_port?(config)
|
|
|
|
config.port.to_i == (config.https ? 443 : 80)
|
|
|
|
end
|
|
|
|
|
|
|
|
# Extract the host part of the given +url+.
|
|
|
|
def host(url)
|
|
|
|
url = url.downcase
|
|
|
|
url = "http://#{url}" unless url.start_with?('http')
|
|
|
|
|
|
|
|
# Get rid of the path so that we don't even have to encode it
|
|
|
|
url_without_path = url.sub(%r{(https?://[^/]+)/?.*}, '\1')
|
|
|
|
|
|
|
|
URI.parse(url_without_path).host
|
|
|
|
end
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
# Runs at a random time of day on a consistent day of the week based on
|
|
|
|
# the instance UUID. This is to balance the load on the service receiving
|
|
|
|
# these pings. The sidekiq job handles temporary http failures.
|
2018-10-15 14:42:47 +05:30
|
|
|
def cron_for_usage_ping
|
|
|
|
hour = rand(24)
|
2019-10-12 21:52:04 +05:30
|
|
|
minute = rand(60)
|
|
|
|
# Set a default UUID for the case when the UUID hasn't been initialized.
|
|
|
|
uuid = Gitlab::CurrentSettings.uuid || 'uuid-not-set'
|
|
|
|
day_of_week = Digest::MD5.hexdigest(uuid).to_i(16) % 7
|
2018-10-15 14:42:47 +05:30
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
"#{minute} #{hour} * * #{day_of_week}"
|
2018-10-15 14:42:47 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|