46 lines
1 KiB
Ruby
46 lines
1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Ci
|
|
class SecureFileUploader < GitlabUploader
|
|
include ObjectStorage::Concern
|
|
|
|
storage_options Gitlab.config.ci_secure_files
|
|
|
|
# Use Lockbox to encrypt/decrypt the stored file (registers CarrierWave callbacks)
|
|
encrypt(key: :key)
|
|
|
|
def key
|
|
OpenSSL::HMAC.digest('SHA256', Gitlab::Application.secrets.db_key_base, model.project_id.to_s)
|
|
end
|
|
|
|
def checksum
|
|
@checksum ||= Digest::SHA256.hexdigest(model.file.read)
|
|
end
|
|
|
|
def store_dir
|
|
dynamic_segment
|
|
end
|
|
|
|
private
|
|
|
|
def dynamic_segment
|
|
Gitlab::HashedPath.new('secure_files', model.id, root_hash: model.project_id)
|
|
end
|
|
|
|
class << self
|
|
# direct upload is disabled since the file
|
|
# must always be encrypted
|
|
def direct_upload_enabled?
|
|
false
|
|
end
|
|
|
|
def background_upload_enabled?
|
|
false
|
|
end
|
|
|
|
def default_store
|
|
object_store_enabled? ? ObjectStorage::Store::REMOTE : ObjectStorage::Store::LOCAL
|
|
end
|
|
end
|
|
end
|
|
end
|