2018-12-05 23:21:45 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
module API
|
|
|
|
|
module Helpers
|
|
|
|
|
module Runner
|
|
|
|
|
JOB_TOKEN_HEADER = 'HTTP_JOB_TOKEN'.freeze
|
|
|
|
|
JOB_TOKEN_PARAM = :token
|
|
|
|
|
|
|
|
|
|
def runner_registration_token_valid?
|
|
|
|
|
ActiveSupport::SecurityUtils.variable_size_secure_compare(params[:token],
|
2018-03-17 18:26:18 +05:30
|
|
|
Gitlab::CurrentSettings.runners_registration_token)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
def authenticate_runner!
|
|
|
|
|
forbidden! unless current_runner
|
2018-03-17 18:26:18 +05:30
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
current_runner
|
|
|
|
|
.update_cached_info(get_runner_details_from_request)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
def get_runner_details_from_request
|
|
|
|
|
return get_runner_ip unless params['info'].present?
|
|
|
|
|
|
|
|
|
|
attributes_for_keys(%w(name version revision platform architecture), params['info'])
|
|
|
|
|
.merge(get_runner_ip)
|
|
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
def get_runner_ip
|
|
|
|
|
{ ip_address: request.ip }
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def current_runner
|
|
|
|
|
@runner ||= ::Ci::Runner.find_by_token(params[:token].to_s)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def validate_job!(job)
|
|
|
|
|
not_found! unless job
|
|
|
|
|
|
2017-09-10 17:25:29 +05:30
|
|
|
project = job.project
|
2019-01-03 12:48:30 +05:30
|
|
|
job_forbidden!(job, 'Project has been deleted!') if project.nil? || project.pending_delete?
|
|
|
|
|
job_forbidden!(job, 'Job has been erased!') if job.erased?
|
|
|
|
|
job_forbidden!(job, 'Not running!') unless job.running?
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
2019-01-03 12:48:30 +05:30
|
|
|
def authenticate_job_by_token!
|
|
|
|
|
token = (params[JOB_TOKEN_PARAM] || env[JOB_TOKEN_HEADER]).to_s
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2019-01-03 12:48:30 +05:30
|
|
|
Ci::Build.find_by_token(token).tap do |job|
|
|
|
|
|
validate_job!(job)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
2019-01-03 12:48:30 +05:30
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2019-01-03 12:48:30 +05:30
|
|
|
# we look for a job that has ID and token matching
|
|
|
|
|
def authenticate_job!
|
|
|
|
|
authenticate_job_by_token!.tap do |job|
|
|
|
|
|
job_forbidden!(job, 'Invalid Job ID!') unless job.id == params[:id]
|
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
2019-01-03 12:48:30 +05:30
|
|
|
# we look for a job that has been shared via pipeline using the ID
|
|
|
|
|
def authenticate_pipeline_job!
|
|
|
|
|
job = authenticate_job_by_token!
|
|
|
|
|
|
|
|
|
|
job.pipeline.builds.find(params[:id])
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def max_artifacts_size
|
2018-03-17 18:26:18 +05:30
|
|
|
Gitlab::CurrentSettings.max_artifacts_size.megabytes.to_i
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
2018-11-08 19:23:39 +05:30
|
|
|
|
|
|
|
|
def job_forbidden!(job, reason)
|
|
|
|
|
header 'Job-Status', job.status
|
|
|
|
|
forbidden!(reason)
|
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
