debian-mirror-gitlab/app/uploaders/ci/secure_file_uploader.rb
2022-03-02 08:16:31 +05:30

46 lines
1 KiB
Ruby

# frozen_string_literal: true
module Ci
class SecureFileUploader < GitlabUploader
include ObjectStorage::Concern
storage_options Gitlab.config.ci_secure_files
# Use Lockbox to encrypt/decrypt the stored file (registers CarrierWave callbacks)
encrypt(key: :key)
def key
OpenSSL::HMAC.digest('SHA256', Gitlab::Application.secrets.db_key_base, model.project_id.to_s)
end
def checksum
@checksum ||= Digest::SHA256.hexdigest(model.file.read)
end
def store_dir
dynamic_segment
end
private
def dynamic_segment
Gitlab::HashedPath.new('secure_files', model.id, root_hash: model.project_id)
end
class << self
# direct upload is disabled since the file
# must always be encrypted
def direct_upload_enabled?
false
end
def background_upload_enabled?
false
end
def default_store
object_store_enabled? ? ObjectStorage::Store::REMOTE : ObjectStorage::Store::LOCAL
end
end
end
end