debian-mirror-gitlab/lib/api/api.rb

366 lines
13 KiB
Ruby
Raw Normal View History

2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
module API
2021-01-03 14:25:43 +05:30
class API < ::API::Base
2015-04-26 12:48:37 +05:30
include APIGuard
2022-11-25 23:54:43 +05:30
include Helpers::OpenApi
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
LOG_FILENAME = Rails.root.join("log", "api_json.log")
2019-07-31 22:56:46 +05:30
NO_SLASH_URL_PART_REGEX = %r{[^/]+}.freeze
2019-02-15 15:39:39 +05:30
NAMESPACE_OR_PROJECT_REQUIREMENTS = { id: NO_SLASH_URL_PART_REGEX }.freeze
COMMIT_ENDPOINT_REQUIREMENTS = NAMESPACE_OR_PROJECT_REQUIREMENTS.merge(sha: NO_SLASH_URL_PART_REGEX).freeze
2019-03-02 22:35:43 +05:30
USER_REQUIREMENTS = { user_id: NO_SLASH_URL_PART_REGEX }.freeze
2019-09-30 21:07:59 +05:30
LOG_FILTERS = ::Rails.application.config.filter_parameters + [/^output$/]
2021-11-18 22:05:49 +05:30
LOG_FORMATTER = Gitlab::GrapeLogging::Formatters::LogrageWithTimestamp.new
2023-01-13 00:05:48 +05:30
LOGGER = Logger.new(LOG_FILENAME)
2018-03-17 18:26:18 +05:30
2018-11-08 19:23:39 +05:30
insert_before Grape::Middleware::Error,
GrapeLogging::Middleware::RequestLogger,
2023-01-13 00:05:48 +05:30
logger: LOGGER,
2021-11-18 22:05:49 +05:30
formatter: LOG_FORMATTER,
2018-11-08 19:23:39 +05:30
include: [
2023-01-13 00:05:48 +05:30
Gitlab::GrapeLogging::Loggers::FilterParameters.new(LOG_FILTERS),
2019-12-04 20:38:33 +05:30
Gitlab::GrapeLogging::Loggers::ClientEnvLogger.new,
2018-11-20 20:47:30 +05:30
Gitlab::GrapeLogging::Loggers::RouteLogger.new,
2018-11-08 19:23:39 +05:30
Gitlab::GrapeLogging::Loggers::UserLogger.new,
2022-08-27 11:52:29 +05:30
Gitlab::GrapeLogging::Loggers::TokenLogger.new,
2019-12-26 22:10:19 +05:30
Gitlab::GrapeLogging::Loggers::ExceptionLogger.new,
2018-11-20 20:47:30 +05:30
Gitlab::GrapeLogging::Loggers::QueueDurationLogger.new,
2019-02-15 15:39:39 +05:30
Gitlab::GrapeLogging::Loggers::PerfLogger.new,
2020-05-24 23:13:21 +05:30
Gitlab::GrapeLogging::Loggers::CorrelationIdLogger.new,
2021-01-29 00:20:46 +05:30
Gitlab::GrapeLogging::Loggers::ContextLogger.new,
2021-12-11 22:18:48 +05:30
Gitlab::GrapeLogging::Loggers::ContentLogger.new,
2022-08-13 15:12:31 +05:30
Gitlab::GrapeLogging::Loggers::UrgencyLogger.new,
Gitlab::GrapeLogging::Loggers::ResponseLogger.new
2018-11-08 19:23:39 +05:30
]
2018-03-17 18:26:18 +05:30
2017-09-10 17:25:29 +05:30
allow_access_with_scope :api
2021-03-11 19:13:27 +05:30
allow_access_with_scope :read_api, if: -> (request) { request.get? || request.head? }
2017-09-10 17:25:29 +05:30
prefix :api
2017-08-17 22:00:37 +05:30
version 'v3', using: :path do
2018-11-08 19:23:39 +05:30
route :any, '*path' do
error!('API V3 is no longer supported. Use API V4 instead.', 410)
end
2017-08-17 22:00:37 +05:30
end
2018-11-08 19:23:39 +05:30
version 'v4', using: :path
2018-03-17 18:26:18 +05:30
before do
header['X-Frame-Options'] = 'SAMEORIGIN'
header['X-Content-Type-Options'] = 'nosniff'
2022-08-27 11:52:29 +05:30
if Rails.application.config.content_security_policy && !Rails.application.config.content_security_policy_report_only
policy = ActionDispatch::ContentSecurityPolicy.new { |p| p.default_src :none }
end
request.env[ActionDispatch::ContentSecurityPolicy::Request::POLICY] = policy
2018-03-17 18:26:18 +05:30
end
2017-08-17 22:00:37 +05:30
2020-03-13 15:44:24 +05:30
before do
2020-07-28 23:09:34 +05:30
coerce_nil_params_to_array!
2021-11-18 22:05:49 +05:30
api_endpoint = request.env[Grape::Env::API_ENDPOINT]
2021-01-29 00:20:46 +05:30
feature_category = api_endpoint.options[:for].try(:feature_category_for_app, api_endpoint).to_s
2021-11-18 22:05:49 +05:30
# remote_ip is added here and the ContextLogger so that the
# client_id field is set correctly, as the user object does not
# survive between multiple context pushes.
2020-03-13 15:44:24 +05:30
Gitlab::ApplicationContext.push(
2020-04-08 14:13:33 +05:30
user: -> { @current_user },
2020-03-13 15:44:24 +05:30
project: -> { @project },
namespace: -> { @group },
2021-04-17 20:07:23 +05:30
runner: -> { @current_runner || @runner },
2021-03-08 18:12:59 +05:30
remote_ip: request.ip,
2021-11-18 22:05:49 +05:30
caller_id: api_endpoint.endpoint_id,
2021-01-29 00:20:46 +05:30
feature_category: feature_category
2020-03-13 15:44:24 +05:30
)
end
2020-10-24 23:57:45 +05:30
before do
set_peek_enabled_for_current_request
end
2021-03-11 19:13:27 +05:30
after do
Gitlab::UsageDataCounters::VSCodeExtensionActivityUniqueCounter.track_api_request_when_trackable(user_agent: request&.user_agent, user: @current_user)
end
2022-04-04 11:22:00 +05:30
after do
Gitlab::UsageDataCounters::JetBrainsPluginActivityUniqueCounter.track_api_request_when_trackable(user_agent: request&.user_agent, user: @current_user)
end
2022-06-21 17:19:12 +05:30
after do
Gitlab::UsageDataCounters::GitLabCliActivityUniqueCounter.track_api_request_when_trackable(user_agent: request&.user_agent, user: @current_user)
end
2017-09-10 17:25:29 +05:30
# The locale is set to the current user's locale when `current_user` is loaded
after { Gitlab::I18n.use_default_locale }
2014-09-02 18:07:02 +05:30
2016-09-13 17:45:13 +05:30
rescue_from Gitlab::Access::AccessDeniedError do
rack_response({ 'message' => '403 Forbidden' }.to_json, 403)
end
2014-09-02 18:07:02 +05:30
rescue_from ActiveRecord::RecordNotFound do
2015-04-26 12:48:37 +05:30
rack_response({ 'message' => '404 Not found' }.to_json, 404)
2014-09-02 18:07:02 +05:30
end
2019-09-30 21:07:59 +05:30
rescue_from(
::ActiveRecord::StaleObjectError,
::Gitlab::ExclusiveLeaseHelpers::FailedToObtainLockError
) do
2019-02-15 15:39:39 +05:30
rack_response({ 'message' => '409 Conflict: Resource lock' }.to_json, 409)
end
2018-05-09 12:01:36 +05:30
rescue_from UploadedFile::InvalidPathError do |e|
rack_response({ 'message' => e.message }.to_json, 400)
end
rescue_from ObjectStorage::RemoteStoreError do |e|
rack_response({ 'message' => e.message }.to_json, 500)
end
2016-09-13 17:45:13 +05:30
# Retain 405 error rather than a 500 error for Grape 0.15.0+.
2017-08-17 22:00:37 +05:30
# https://github.com/ruby-grape/grape/blob/a3a28f5b5dfbb2797442e006dbffd750b27f2a76/UPGRADING.md#changes-to-method-not-allowed-routes
rescue_from Grape::Exceptions::MethodNotAllowed do |e|
error! e.message, e.status, e.headers
end
2016-09-13 17:45:13 +05:30
rescue_from Grape::Exceptions::Base do |e|
error! e.message, e.status, e.headers
end
2017-08-17 22:00:37 +05:30
rescue_from Gitlab::Auth::TooManyIps do |e|
rack_response({ 'message' => '403 Forbidden' }.to_json, 403)
end
2014-09-02 18:07:02 +05:30
rescue_from :all do |exception|
2016-09-29 09:46:39 +05:30
handle_api_exception(exception)
2014-09-02 18:07:02 +05:30
end
2020-05-24 23:13:21 +05:30
# This is a specific exception raised by `rack-timeout` gem when Puma
# requests surpass its timeout. Given it inherits from Exception, we
# should rescue it separately. For more info, see:
2022-07-23 23:45:48 +05:30
# - https://github.com/zombocom/rack-timeout/blob/master/doc/exceptions.md
2020-05-24 23:13:21 +05:30
# - https://github.com/ruby-grape/grape#exception-handling
rescue_from Rack::Timeout::RequestTimeoutException do |exception|
handle_api_exception(exception)
end
2021-11-18 22:05:49 +05:30
rescue_from RateLimitedService::RateLimitedError do |exception|
exception.log_request(context.request, context.current_user)
rack_response({ 'message' => { 'error' => exception.message } }.to_json, 429, exception.headers)
end
2014-09-02 18:07:02 +05:30
format :json
2020-07-28 23:09:34 +05:30
formatter :json, Gitlab::Json::GrapeFormatter
2021-03-11 19:13:27 +05:30
content_type :json, 'application/json'
2021-01-29 00:20:46 +05:30
2016-06-02 11:05:42 +05:30
# Ensure the namespace is right, otherwise we might load Grape::API::Helpers
helpers ::API::Helpers
2017-08-17 22:00:37 +05:30
helpers ::API::Helpers::CommonHelpers
2020-10-24 23:57:45 +05:30
helpers ::API::Helpers::PerformanceBarHelpers
2021-11-18 22:05:49 +05:30
helpers ::API::Helpers::RateLimiter
2016-06-02 11:05:42 +05:30
2020-03-13 15:44:24 +05:30
namespace do
after do
2020-04-22 19:07:51 +05:30
::Users::ActivityService.new(@current_user).execute
2020-03-13 15:44:24 +05:30
end
2022-11-25 23:54:43 +05:30
# Mount endpoints to include in the OpenAPI V2 documentation here
namespace do
2023-01-13 00:05:48 +05:30
# Keep in alphabetical order
mount ::API::AccessRequests
2023-03-04 22:38:38 +05:30
mount ::API::Admin::BatchedBackgroundMigrations
2023-01-13 00:05:48 +05:30
mount ::API::Admin::Ci::Variables
mount ::API::Admin::InstanceClusters
mount ::API::Admin::PlanLimits
2023-03-04 22:38:38 +05:30
mount ::API::AlertManagementAlerts
2023-01-13 00:05:48 +05:30
mount ::API::Appearance
mount ::API::Applications
mount ::API::Avatar
mount ::API::Badges
mount ::API::Branches
mount ::API::BroadcastMessages
mount ::API::BulkImports
2023-03-04 22:38:38 +05:30
mount ::API::Ci::JobArtifacts
mount ::API::Groups
2023-01-13 00:05:48 +05:30
mount ::API::Ci::Jobs
mount ::API::Ci::ResourceGroups
mount ::API::Ci::Runner
mount ::API::Ci::Runners
2023-03-04 22:38:38 +05:30
mount ::API::Ci::SecureFiles
2023-01-13 00:05:48 +05:30
mount ::API::Ci::Pipelines
mount ::API::Ci::PipelineSchedules
mount ::API::Ci::Triggers
mount ::API::Ci::Variables
mount ::API::Clusters::AgentTokens
mount ::API::Clusters::Agents
mount ::API::Commits
mount ::API::CommitStatuses
2023-03-04 22:38:38 +05:30
mount ::API::ComposerPackages
mount ::API::ConanInstancePackages
mount ::API::ConanProjectPackages
mount ::API::ContainerRegistryEvent
mount ::API::ContainerRepositories
mount ::API::DebianGroupPackages
mount ::API::DebianProjectPackages
2023-01-13 00:05:48 +05:30
mount ::API::DependencyProxy
mount ::API::DeployKeys
mount ::API::DeployTokens
mount ::API::Deployments
mount ::API::Environments
mount ::API::ErrorTracking::ClientKeys
mount ::API::ErrorTracking::ProjectSettings
2023-03-04 22:38:38 +05:30
mount ::API::Events
2023-01-13 00:05:48 +05:30
mount ::API::FeatureFlags
mount ::API::FeatureFlagsUserLists
mount ::API::Features
mount ::API::Files
mount ::API::FreezePeriods
2023-03-04 22:38:38 +05:30
mount ::API::GenericPackages
2023-01-13 00:05:48 +05:30
mount ::API::Geo
mount ::API::GoProxy
mount ::API::GroupAvatar
mount ::API::GroupClusters
mount ::API::GroupContainerRepositories
2023-03-04 22:38:38 +05:30
mount ::API::GroupDebianDistributions
2023-01-13 00:05:48 +05:30
mount ::API::GroupExport
mount ::API::GroupImport
mount ::API::GroupPackages
mount ::API::GroupVariables
2023-03-04 22:38:38 +05:30
mount ::API::HelmPackages
2023-01-13 00:05:48 +05:30
mount ::API::ImportBitbucketServer
mount ::API::ImportGithub
mount ::API::Integrations
2023-03-04 22:38:38 +05:30
mount ::API::Integrations::JiraConnect::Subscriptions
2023-01-13 00:05:48 +05:30
mount ::API::Invitations
mount ::API::IssueLinks
mount ::API::Keys
mount ::API::Lint
mount ::API::Markdown
2023-03-04 22:38:38 +05:30
mount ::API::MavenPackages
mount ::API::Members
2023-01-13 00:05:48 +05:30
mount ::API::MergeRequestApprovals
2023-03-04 22:38:38 +05:30
mount ::API::MergeRequests
2023-01-13 00:05:48 +05:30
mount ::API::MergeRequestDiffs
2022-11-25 23:54:43 +05:30
mount ::API::Metadata
2023-01-13 00:05:48 +05:30
mount ::API::Metrics::Dashboard::Annotations
mount ::API::Metrics::UserStarredDashboards
2023-03-04 22:38:38 +05:30
mount ::API::Namespaces
mount ::API::NpmInstancePackages
mount ::API::NpmProjectPackages
mount ::API::NugetGroupPackages
mount ::API::NugetProjectPackages
2023-01-13 00:05:48 +05:30
mount ::API::PackageFiles
2023-03-04 22:38:38 +05:30
mount ::API::Pages
2023-03-17 16:20:25 +05:30
mount ::API::PagesDomains
2023-01-13 00:05:48 +05:30
mount ::API::PersonalAccessTokens::SelfInformation
mount ::API::PersonalAccessTokens
mount ::API::ProjectClusters
2023-03-04 22:38:38 +05:30
mount ::API::ProjectContainerRepositories
mount ::API::ProjectDebianDistributions
2023-01-13 00:05:48 +05:30
mount ::API::ProjectEvents
mount ::API::ProjectExport
mount ::API::ProjectHooks
mount ::API::ProjectImport
2023-03-04 22:38:38 +05:30
mount ::API::ProjectPackages
2023-01-13 00:05:48 +05:30
mount ::API::ProjectRepositoryStorageMoves
mount ::API::ProjectSnippets
mount ::API::ProjectSnapshots
mount ::API::ProjectStatistics
mount ::API::ProjectTemplates
2023-03-04 22:38:38 +05:30
mount ::API::Projects
2023-01-13 00:05:48 +05:30
mount ::API::ProtectedBranches
mount ::API::ProtectedTags
2023-03-04 22:38:38 +05:30
mount ::API::PypiPackages
2023-01-13 00:05:48 +05:30
mount ::API::Releases
mount ::API::Release::Links
mount ::API::RemoteMirrors
mount ::API::Repositories
mount ::API::ResourceAccessTokens
mount ::API::ResourceMilestoneEvents
2023-03-04 22:38:38 +05:30
mount ::API::RpmProjectPackages
mount ::API::RubygemPackages
2023-01-13 00:05:48 +05:30
mount ::API::Snippets
mount ::API::SnippetRepositoryStorageMoves
mount ::API::Statistics
mount ::API::Submodules
mount ::API::Suggestions
mount ::API::SystemHooks
mount ::API::Tags
mount ::API::Terraform::Modules::V1::Packages
mount ::API::Terraform::State
mount ::API::Terraform::StateVersion
mount ::API::Topics
mount ::API::Unleash
2023-03-04 22:38:38 +05:30
mount ::API::UsageData
mount ::API::UsageDataNonSqlMetrics
mount ::API::UsageDataQueries
2023-03-17 16:20:25 +05:30
mount ::API::Users
2023-01-13 00:05:48 +05:30
mount ::API::UserCounts
mount ::API::Wikis
2022-11-25 23:54:43 +05:30
add_open_api_documentation!
end
2020-03-13 15:44:24 +05:30
# Keep in alphabetical order
2020-04-08 14:13:33 +05:30
mount ::API::Admin::Sidekiq
2020-03-13 15:44:24 +05:30
mount ::API::AwardEmoji
mount ::API::Boards
2023-03-04 22:38:38 +05:30
mount ::API::Ci::Pipelines
mount ::API::Ci::PipelineSchedules
2022-04-04 11:22:00 +05:30
mount ::API::Ci::SecureFiles
2022-07-16 23:28:13 +05:30
mount ::API::Discussions
2021-11-18 22:05:49 +05:30
mount ::API::ErrorTracking::Collector
2020-03-13 15:44:24 +05:30
mount ::API::GroupBoards
mount ::API::GroupLabels
mount ::API::GroupMilestones
mount ::API::Issues
mount ::API::Labels
mount ::API::Notes
mount ::API::NotificationSettings
mount ::API::ProjectEvents
mount ::API::ProjectMilestones
mount ::API::ProtectedTags
2022-07-16 23:28:13 +05:30
mount ::API::ResourceLabelEvents
mount ::API::ResourceStateEvents
2020-03-13 15:44:24 +05:30
mount ::API::Search
mount ::API::Settings
mount ::API::SidekiqMetrics
mount ::API::Subscriptions
mount ::API::Tags
mount ::API::Templates
mount ::API::Todos
2020-11-24 15:15:51 +05:30
mount ::API::UsageData
2021-04-29 21:17:54 +05:30
mount ::API::UsageDataNonSqlMetrics
2022-10-11 01:57:18 +05:30
mount ::API::Ml::Mlflow
2020-03-13 15:44:24 +05:30
end
2019-12-04 20:38:33 +05:30
mount ::API::Internal::Base
2021-01-03 14:25:43 +05:30
mount ::API::Internal::Lfs
2019-12-04 20:38:33 +05:30
mount ::API::Internal::Pages
2020-10-24 23:57:45 +05:30
mount ::API::Internal::Kubernetes
2022-08-13 15:12:31 +05:30
mount ::API::Internal::ErrorTracking
2022-03-02 08:16:31 +05:30
mount ::API::Internal::MailRoom
2022-04-04 11:22:00 +05:30
mount ::API::Internal::ContainerRegistry::Migration
2022-07-23 23:45:48 +05:30
mount ::API::Internal::Workhorse
2016-11-03 12:29:30 +05:30
2020-11-24 15:15:51 +05:30
version 'v3', using: :path do
# Although the following endpoints are kept behind V3 namespace,
# they're not deprecated neither should be removed when V3 get
# removed. They're needed as a layer to integrate with Jira
# Development Panel.
namespace '/', requirements: ::API::V3::Github::ENDPOINT_REQUIREMENTS do
mount ::API::V3::Github
end
end
2022-06-21 17:19:12 +05:30
route :any, '*path', feature_category: :not_owned do # rubocop:todo Gitlab/AvoidFeatureCategoryNotOwned
2016-11-03 12:29:30 +05:30
error!('404 Not Found', 404)
end
2014-09-02 18:07:02 +05:30
end
end
2019-12-04 20:38:33 +05:30
2021-06-08 01:23:25 +05:30
API::API.prepend_mod