Class: Auth::DependencyProxyAuthenticationService

Inherits:
BaseService
  • Object
show all
Extended by:
Gitlab::Utils::StrongMemoize
Defined in:
app/services/auth/dependency_proxy_authentication_service.rb

Constant Summary collapse

AUDIENCE = 
'dependency_proxy'
HMAC_KEY = 
'gitlab-dependency-proxy'
DEFAULT_EXPIRE_TIME = 
1.minute
REQUIRED_CI_ABILITIES = 
%i[build_read_container_image build_create_container_image].freeze
REQUIRED_USER_ABILITIES = 
%i[read_container_image create_container_image].freeze
REQUIRED_USER_VR_ABILITIES = 
%i[read_dependency_proxy write_dependency_proxy].freeze
MISSING_ABILITIES_MESSAGE = 
'Dependency proxy missing authentication abilities'

Constants inherited from BaseService

BaseService::UnauthorizedError

Instance Attribute Summary

Attributes inherited from BaseService

#current_user, #params, #project

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from BaseService

#initialize

Methods included from BaseServiceUtility

#deny_visibility_level, #event_service, #log_error, #log_info, #notification_service, #system_hook_service, #todo_service, #visibility_level

Methods included from Gitlab::Allowable

#can?, #can_all?, #can_any?

Constructor Details

This class inherits a constructor from BaseService

Class Method Details

.secretObject 



26
27
28
29
30
31
32
33
34
 
# File 'app/services/auth/dependency_proxy_authentication_service.rb', line 26

def secret
  strong_memoize(:secret) do
    OpenSSL::HMAC.hexdigest(
      'sha256',
      ::Gitlab::Encryption::KeyProvider[:db_key_base].encryption_key.secret,
      HMAC_KEY
    )
  end
end

.token_expire_atObject 



36
37
38
 
# File 'app/services/auth/dependency_proxy_authentication_service.rb', line 36

def token_expire_at
  Time.current + Gitlab::CurrentSettings.container_registry_token_expire_delay.minutes
end

Instance Method Details

#execute(authentication_abilities:) ⇒ Object 



14
15
16
17
18
19
20
21
 
# File 'app/services/auth/dependency_proxy_authentication_service.rb', line 14

def execute(authentication_abilities:)
  @authentication_abilities = authentication_abilities

  return error('dependency proxy not enabled', 404) unless ::Gitlab.config.dependency_proxy.enabled
  return error('access forbidden', 403) unless valid_user_actor?

  { token: authorized_token.encoded }
end