Module: API::Helpers::InternalHelpers

Defined in:

lib/api/helpers/internal_helpers.rb

Constant Summary

UNKNOWN_CHECK_RESULT_ERROR =

'Unknown check result'

Instance Attribute Summary

• #redirected_path ⇒ Object readonly

  Returns the value of attribute redirected_path.

Instance Method Summary

• #access_check!(actor, params) ⇒ Object

  rubocop:disable Gitlab/ModuleWithInstanceVariables.

• #access_check_result ⇒ Object

  rubocop:enable Gitlab/ModuleWithInstanceVariables.

• #access_checker_for(actor, protocol) ⇒ Object

  rubocop:enable Gitlab/ModuleWithInstanceVariables.

• #access_checker_klass ⇒ Object
• #actor ⇒ Object
• #container ⇒ Object
• #include_ip_address_in_audit_event?(ip_address) ⇒ Boolean
• #log_user_activity(actor) ⇒ Object
• #need_git_audit_event? ⇒ Boolean
• #parse_env ⇒ Object
• #project ⇒ Object
• #redis_ping ⇒ Object
• #repo_type ⇒ Object

  rubocop:disable Gitlab/ModuleWithInstanceVariables.

• #response_with_status(code: 200, success: true, message: nil, **extra_options) ⇒ Object
• #send_git_audit_streaming_event(msg) ⇒ Object
• #ssh_authentication_abilities ⇒ Object
• #unsuccessful_response?(response) ⇒ Boolean
• #with_admin_mode_bypass!(actor_id, &block) ⇒ Object

Instance Attribute Details

#redirected_path ⇒ Object (readonly)

Returns the value of attribute redirected_path.

# File 'lib/api/helpers/internal_helpers.rb', line 6

def redirected_path
  @redirected_path
end

Instance Method Details

#access_check!(actor, params) ⇒ Object

rubocop:disable Gitlab/ModuleWithInstanceVariables

# File 'lib/api/helpers/internal_helpers.rb', line 52

def access_check!(actor, params)
  access_checker = access_checker_for(actor, params[:protocol])
  access_checker.check(params[:action], params[:changes]).tap do |result|
    break result if @project || !repo_type.project?

    # If we have created a project directly from a git push
    # we have to assign its value to both @project and @container
    @project = @container = access_checker.container
  end
end

#access_check_result ⇒ Object

rubocop:enable Gitlab/ModuleWithInstanceVariables

# File 'lib/api/helpers/internal_helpers.rb', line 33

def access_check_result
  with_admin_mode_bypass!(actor.user&.id) do
    access_check!(actor, params)
  end
rescue Gitlab::GitAccess::ForbiddenError => e
  # The return code needs to be 401. If we return 403
  # the custom message we return won't be shown to the user
  # and, instead, the default message 'GitLab: API is not accessible'
  # will be displayed
  response_with_status(code: 401, success: false, message: e.message)
rescue Gitlab::GitAccess::TimeoutError => e
  response_with_status(code: 503, success: false, message: e.message)
rescue Gitlab::GitAccess::NotFoundError => e
  response_with_status(code: 404, success: false, message: e.message)
rescue Gitlab::GitAccessProject::CreationError => e
  response_with_status(code: 422, success: false, message: e.message)
end

#access_checker_for(actor, protocol) ⇒ Object

rubocop:enable Gitlab/ModuleWithInstanceVariables

# File 'lib/api/helpers/internal_helpers.rb', line 64

def access_checker_for(actor, protocol)
  access_checker_klass.new(actor.key_or_user, container, protocol,
    authentication_abilities: ssh_authentication_abilities,
    repository_path: repository_path,
    redirected_path: redirected_path,
    push_options: params[:push_options],
    gitaly_context: gitaly_context(params)
  )
end

#access_checker_klass ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 74

def access_checker_klass
  repo_type.access_checker_class
end

#actor ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 12

def actor
  @actor ||= Support::GitAccessActor.from_params(params)
end

#container ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 27

def container
  parse_repo_path unless defined?(@container)
  @container
end

#include_ip_address_in_audit_event?(ip_address) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/api/helpers/internal_helpers.rb', line 143

def include_ip_address_in_audit_event?(ip_address)
  params[:protocol] == 'ssh' && ip_address
end

#log_user_activity(actor) ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 94

def log_user_activity(actor)
  commands = Gitlab::GitAccess::DOWNLOAD_COMMANDS

  return unless commands.include?(params[:action])

  ::Users::ActivityService.new(author: actor, namespace: project&.namespace, project: project).execute

  return unless project && actor

  Gitlab::EventStore.publish(
    ::Users::ActivityEvent.new(data: {
      user_id: actor.id,
      namespace_id: project.root_ancestor.id
    })
  )
end

#need_git_audit_event? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/api/helpers/internal_helpers.rb', line 139

def need_git_audit_event?
  false
end

#parse_env ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 86

def parse_env
  return {} if params[:env].blank?

  Gitlab::Json.parse(params[:env])
rescue JSON::ParserError
  {}
end

#project ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 22

def project
  parse_repo_path unless defined?(@project)
  @project
end

#redis_ping ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 111

def redis_ping
  result = Gitlab::Redis::SharedState.with { |redis| redis.ping }

  result == 'PONG'
rescue StandardError => e
  Gitlab::AppLogger.warn("GitLab: An unexpected error occurred in pinging to Redis: #{e}")
  false
end

#repo_type ⇒ Object

rubocop:disable Gitlab/ModuleWithInstanceVariables

# File 'lib/api/helpers/internal_helpers.rb', line 17

def repo_type
  parse_repo_path unless defined?(@repo_type)
  @repo_type
end

#response_with_status(code: 200, success: true, message: nil, **extra_options) ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 120

def response_with_status(code: 200, success: true, message: nil, **extra_options)
  status code
  { status: success, message: message }.merge(extra_options).compact
end

#send_git_audit_streaming_event(msg) ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 135

def send_git_audit_streaming_event(msg)
  # Defined in EE
end

#ssh_authentication_abilities ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 78

def ssh_authentication_abilities
  [
    :read_project,
    :download_code,
    :push_code
  ]
end

#unsuccessful_response?(response) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/api/helpers/internal_helpers.rb', line 125

def unsuccessful_response?(response)
  response.is_a?(Hash) && response[:status] == false
end

#with_admin_mode_bypass!(actor_id, &block) ⇒ Object

# File 'lib/api/helpers/internal_helpers.rb', line 129

def with_admin_mode_bypass!(actor_id, &block)
  return yield unless Gitlab::CurrentSettings.admin_mode

  Gitlab::Auth::CurrentUserMode.bypass_session!(actor_id, &block)
end