Class: Gitlab::Workhorse
- Inherits:
-
Object
- Object
- Gitlab::Workhorse
- Includes:
- JwtAuthenticatable
- Defined in:
- lib/gitlab/workhorse.rb
Constant Summary collapse
- SEND_DATA_HEADER =
'Gitlab-Workhorse-Send-Data'
- SEND_DEPENDENCY_CONTENT_TYPE_HEADER =
'Workhorse-Proxy-Content-Type'
- VERSION_FILE =
'GITLAB_WORKHORSE_VERSION'
- INTERNAL_API_CONTENT_TYPE =
'application/vnd.gitlab-workhorse+json'
- INTERNAL_API_REQUEST_HEADER =
'Gitlab-Workhorse-Api-Request'
- NOTIFICATION_PREFIX =
'workhorse:notifications:'
- ALLOWED_GIT_HTTP_ACTIONS =
%w[git_receive_pack git_upload_pack info_refs].freeze
- DETECT_HEADER =
'Gitlab-Workhorse-Detect-Content-Type'
- ARCHIVE_FORMATS =
%w[zip tar.gz tar.bz2 tar].freeze
Constants included from JwtAuthenticatable
JwtAuthenticatable::SECRET_LENGTH
Class Method Summary collapse
- .channel_websocket(channel) ⇒ Object
- .cleanup_key(key) ⇒ Object
- .decode_jwt_with_issuer(encoded_message) ⇒ Object
- .detect_content_type ⇒ Object
- .git_http_ok(repository, repo_type, user, action, show_all_refs: false) ⇒ Object
- .secret_path ⇒ Object
- .send_artifacts_entry(file, entry) ⇒ Object
- .send_dependency(headers, url, upload_config: {}) ⇒ Object
- .send_git_archive(repository, ref:, format:, append_sha:, path: nil) ⇒ Object
- .send_git_blob(repository, blob) ⇒ Object
- .send_git_diff(repository, diff_refs) ⇒ Object
- .send_git_patch(repository, diff_refs) ⇒ Object
- .send_git_snapshot(repository) ⇒ Object
- .send_scaled_image(location, width, content_type) ⇒ Object
- .send_url(url, allow_redirects: false, method: 'GET', body: nil, headers: nil) ⇒ Object
- .set_key_and_notify(key, value, expire: nil, overwrite: true) ⇒ Object
- .verify_api_request!(request_headers) ⇒ Object
- .version ⇒ Object
Methods included from JwtAuthenticatable
Class Method Details
.channel_websocket(channel) ⇒ Object
205 206 207 208 209 210 211 212 213 214 215 216 217 |
# File 'lib/gitlab/workhorse.rb', line 205 def channel_websocket(channel) details = { 'Channel' => { 'Subprotocols' => channel[:subprotocols], 'Url' => channel[:url], 'Header' => channel[:headers], 'MaxSessionTime' => channel[:max_session_time] } } details['Channel']['CAPem'] = channel[:ca_pem] if channel.key?(:ca_pem) details end |
.cleanup_key(key) ⇒ Object
236 237 238 |
# File 'lib/gitlab/workhorse.rb', line 236 def cleanup_key(key) with_redis { |redis| redis.del(key) } end |
.decode_jwt_with_issuer(encoded_message) ⇒ Object
228 229 230 |
# File 'lib/gitlab/workhorse.rb', line 228 def decode_jwt_with_issuer() decode_jwt(, issuer: 'gitlab-workhorse') end |
.detect_content_type ⇒ Object
253 254 255 256 257 258 |
# File 'lib/gitlab/workhorse.rb', line 253 def detect_content_type [ Gitlab::Workhorse::DETECT_HEADER, 'true' ] end |
.git_http_ok(repository, repo_type, user, action, show_all_refs: false) ⇒ Object
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/gitlab/workhorse.rb', line 23 def git_http_ok(repository, repo_type, user, action, show_all_refs: false) raise "Unsupported action: #{action}" unless ALLOWED_GIT_HTTP_ACTIONS.include?(action.to_s) attrs = { GL_ID: Gitlab::GlId.gl_id(user), GL_REPOSITORY: repo_type.identifier_for_container(repository.container), GL_USERNAME: user&.username, ShowAllRefs: show_all_refs, Repository: repository.gitaly_repository.to_h, GitConfigOptions: [], GitalyServer: { address: Gitlab::GitalyClient.address(repository.storage), token: Gitlab::GitalyClient.token(repository.storage), call_metadata: Feature::Gitaly.server_feature_flags( user: ::Feature::Gitaly.user_actor(user), repository: repository, project: ::Feature::Gitaly.project_actor(repository.container), group: ::Feature::Gitaly.group_actor(repository.container) ) } } # Custom option for git-receive-pack command receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i if receive_max_input_size > 0 attrs[:GitConfigOptions] << "receive.maxInputSize=#{receive_max_input_size.megabytes}" end attrs[:GitalyServer][:call_metadata].merge!( 'user_id' => attrs[:GL_ID].presence, 'username' => attrs[:GL_USERNAME].presence, 'remote_ip' => Gitlab::ApplicationContext.current_context_attribute(:remote_ip).presence ).compact! attrs end |
.secret_path ⇒ Object
232 233 234 |
# File 'lib/gitlab/workhorse.rb', line 232 def secret_path Gitlab.config.workhorse.secret_file end |
.send_artifacts_entry(file, entry) ⇒ Object
145 146 147 148 149 150 151 152 153 154 155 156 157 |
# File 'lib/gitlab/workhorse.rb', line 145 def send_artifacts_entry(file, entry) archive = file.file_storage? ? file.path : file.url params = { 'Archive' => archive, 'Entry' => Base64.encode64(entry.to_s) } [ SEND_DATA_HEADER, "artifacts-entry:#{encode(params)}" ] end |
.send_dependency(headers, url, upload_config: {}) ⇒ Object
187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 |
# File 'lib/gitlab/workhorse.rb', line 187 def send_dependency(headers, url, upload_config: {}) params = { 'Headers' => headers.transform_values { |v| Array.wrap(v) }, 'Url' => url, 'UploadConfig' => { 'Method' => upload_config[:method], 'Url' => upload_config[:url], 'Headers' => (upload_config[:headers] || {}).transform_values { |v| Array.wrap(v) } }.compact_blank! } params.compact_blank! [ SEND_DATA_HEADER, "send-dependency:#{encode(params)}" ] end |
.send_git_archive(repository, ref:, format:, append_sha:, path: nil) ⇒ Object
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/gitlab/workhorse.rb', line 76 def send_git_archive(repository, ref:, format:, append_sha:, path: nil) format ||= 'tar.gz' format = format.downcase = repository.( ref, Gitlab.config.gitlab.repository_downloads_path, format, append_sha: append_sha, path: path ) raise "Repository or ref not found" if .empty? params = send_git_archive_params(repository, , path, archive_format(format)) # If present, DisableCache must be a Boolean. Otherwise # workhorse ignores it. params['DisableCache'] = true if git_archive_cache_disabled? params['GitalyServer'] = gitaly_server_hash(repository) [ SEND_DATA_HEADER, "git-archive:#{encode(params)}" ] end |
.send_git_blob(repository, blob) ⇒ Object
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/gitlab/workhorse.rb', line 60 def send_git_blob(repository, blob) params = { 'GitalyServer' => gitaly_server_hash(repository), 'GetBlobRequest' => { repository: repository.gitaly_repository.to_h, oid: blob.id, limit: -1 } } [ SEND_DATA_HEADER, "git-blob:#{encode(params)}" ] end |
.send_git_diff(repository, diff_refs) ⇒ Object
117 118 119 120 121 122 123 124 125 126 127 128 129 |
# File 'lib/gitlab/workhorse.rb', line 117 def send_git_diff(repository, diff_refs) params = { 'GitalyServer' => gitaly_server_hash(repository), 'RawDiffRequest' => Gitaly::RawDiffRequest.new( gitaly_diff_or_patch_hash(repository, diff_refs) ).to_json } [ SEND_DATA_HEADER, "git-diff:#{encode(params)}" ] end |
.send_git_patch(repository, diff_refs) ⇒ Object
131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/gitlab/workhorse.rb', line 131 def send_git_patch(repository, diff_refs) params = { 'GitalyServer' => gitaly_server_hash(repository), 'RawPatchRequest' => Gitaly::RawPatchRequest.new( gitaly_diff_or_patch_hash(repository, diff_refs) ).to_json } [ SEND_DATA_HEADER, "git-format-patch:#{encode(params)}" ] end |
.send_git_snapshot(repository) ⇒ Object
103 104 105 106 107 108 109 110 111 112 113 114 115 |
# File 'lib/gitlab/workhorse.rb', line 103 def send_git_snapshot(repository) params = { 'GitalyServer' => gitaly_server_hash(repository), 'GetSnapshotRequest' => Gitaly::GetSnapshotRequest.new( repository: repository.gitaly_repository ).to_json } [ SEND_DATA_HEADER, "git-snapshot:#{encode(params)}" ] end |
.send_scaled_image(location, width, content_type) ⇒ Object
174 175 176 177 178 179 180 181 182 183 184 185 |
# File 'lib/gitlab/workhorse.rb', line 174 def send_scaled_image(location, width, content_type) params = { 'Location' => location, 'Width' => width, 'ContentType' => content_type } [ SEND_DATA_HEADER, "send-scaled-img:#{encode(params)}" ] end |
.send_url(url, allow_redirects: false, method: 'GET', body: nil, headers: nil) ⇒ Object
159 160 161 162 163 164 165 166 167 168 169 170 171 172 |
# File 'lib/gitlab/workhorse.rb', line 159 def send_url(url, allow_redirects: false, method: 'GET', body: nil, headers: nil) params = { 'URL' => url, 'AllowRedirects' => allow_redirects, 'Body' => body.to_s, 'Header' => headers, 'Method' => method }.compact [ SEND_DATA_HEADER, "send-url:#{encode(params)}" ] end |
.set_key_and_notify(key, value, expire: nil, overwrite: true) ⇒ Object
240 241 242 243 244 245 246 247 248 249 250 251 |
# File 'lib/gitlab/workhorse.rb', line 240 def set_key_and_notify(key, value, expire: nil, overwrite: true) with_redis do |redis| result = redis.set(key, value, ex: expire, nx: !overwrite) if result redis.publish(NOTIFICATION_PREFIX + key, value) value else redis.get(key) end end end |
.verify_api_request!(request_headers) ⇒ Object
224 225 226 |
# File 'lib/gitlab/workhorse.rb', line 224 def verify_api_request!(request_headers) decode_jwt_with_issuer(request_headers[INTERNAL_API_REQUEST_HEADER]) end |
.version ⇒ Object
219 220 221 222 |
# File 'lib/gitlab/workhorse.rb', line 219 def version path = Rails.root.join(VERSION_FILE) path.readable? ? path.read.chomp : 'unknown' end |