debian-mirror-gitlab/app/controllers/projects/artifacts_controller.rb
2023-04-23 21:23:45 +05:30

188 lines
4.6 KiB
Ruby

# frozen_string_literal: true
class Projects::ArtifactsController < Projects::ApplicationController
include Ci::AuthBuildTrace
include ExtractsPath
include RendersBlob
include SendFileUpload
include Gitlab::Ci::Artifacts::Logger
urgency :low, [:browse, :file, :latest_succeeded]
layout 'project'
before_action :authorize_read_build!
before_action :authorize_read_build_trace!, only: [:download]
before_action :authorize_read_job_artifacts!, only: [:download]
before_action :authorize_update_build!, only: [:keep]
before_action :authorize_destroy_artifacts!, only: [:destroy]
before_action :extract_ref_name_and_path
before_action :validate_artifacts!, except: [:index, :download, :raw, :destroy]
before_action :entry, only: [:external_file, :file]
MAX_PER_PAGE = 20
feature_category :build_artifacts
def index
# Loading artifacts is very expensive in projects with a lot of artifacts.
# This feature flag prevents a DOS attack vector.
# It should be removed only after resolving the underlying performance
# issues: https://gitlab.com/gitlab-org/gitlab/issues/32281
return head :no_content unless Feature.enabled?(:artifacts_management_page, @project)
end
def destroy
notice = if artifact.destroy
_('Artifact was successfully deleted.')
else
_('Artifact could not be deleted.')
end
redirect_to project_artifacts_path(@project), status: :see_other, notice: notice
end
def download
return render_404 unless artifact_file
log_artifacts_filesize(artifact_file.model)
send_upload(artifact_file, attachment: artifact_file.filename, proxy: params[:proxy])
end
def browse
@path = params[:path]
directory = @path ? "#{@path}/" : ''
@entry = build.artifacts_metadata_entry(directory)
render_404 unless @entry.exists?
end
# External files are redirected to Gitlab Pages and might have unsecure content
# To warn the user about the possible unsecure content, we show a warning page
# before redirecting the user.
def external_file
@blob = @entry.blob
end
def file
blob = @entry.blob
conditionally_expand_blob(blob)
if blob.external_link?(build)
redirect_to external_file_project_job_artifacts_path(@project, @build, path: params[:path])
else
respond_to do |format|
format.html do
render 'file'
end
format.json do
render_blob_json(blob)
end
end
end
end
def raw
return render_404 unless zip_artifact?
return render_404 unless artifact_file
path = Gitlab::Ci::Build::Artifacts::Path.new(params[:path])
send_artifacts_entry(artifact_file, path)
end
def keep
build.keep_artifacts!
redirect_to project_job_path(project, build)
end
def latest_succeeded
target_path = artifacts_action_path(@path, project, build)
if target_path
redirect_to(target_path)
else
render_404
end
end
private
def extract_ref_name_and_path
return unless params[:ref_name_and_path]
@ref_name, @path = extract_ref(params[:ref_name_and_path])
end
def artifacts_params
params.permit(:sort)
end
def validate_artifacts!
render_404 unless build&.available_artifacts?
end
def build
@build ||= begin
build = build_from_id || build_from_sha || build_from_ref
build&.present(current_user: current_user)
end
end
def artifact
@artifact ||=
project.job_artifacts.find(params[:id])
end
def build_from_id
project.builds.find_by_id(params[:job_id]) if params[:job_id]
end
def build_from_sha
return if params[:job].blank?
return unless @ref_name
commit = project.commit(@ref_name)
return unless commit
project.latest_successful_build_for_sha(params[:job], commit.id)
end
def build_from_ref
return if params[:job].blank?
return unless @ref_name
project.latest_successful_build_for_ref(params[:job], @ref_name)
end
def job_artifact
@job_artifact ||= build&.artifact_for_type(params[:file_type] || :archive)
end
def artifact_file
@artifact_file ||= job_artifact&.file
end
def zip_artifact?
types = HashWithIndifferentAccess.new(Ci::JobArtifact::TYPE_AND_FORMAT_PAIRS)
file_type = params[:file_type] || :archive
types[file_type] == :zip
end
def entry
@entry = build.artifacts_metadata_entry(params[:path])
render_404 unless @entry.exists?
end
def authorize_read_build_trace!
return unless params[:file_type] == 'trace'
super
end
def authorize_read_job_artifacts!
return access_denied! unless can?(current_user, :read_job_artifacts, job_artifact)
end
end