Module: UploadsActions

Extended by:
ActiveSupport::Concern
Includes:
Gitlab::Utils::StrongMemoize, SendFileUpload
Included in:
Banzai::UploadsController, Groups::UploadsController, Projects::UploadsController, UploadsController
Defined in:
app/controllers/concerns/uploads_actions.rb

Constant Summary collapse

ID_BASED_UPLOAD_PATH_VERSION =

Starting with version 2, Markdown upload URLs use project / group IDs instead of paths

2
UPLOAD_MOUNTS = 
%w[avatar attachment file logo pwa_icon header_logo favicon screenshot].freeze
CUSTOM_REQUEST_FORMAT_MAPPING =

We need to avoid setting certain formats. For example, using the :js format would trigger Rails’ cross-origin JavaScript protection. To avoid this, we use the :text format for JS files instead.

{
  js: :text
}.freeze

Instance Method Summary collapse

Methods included from SendFileUpload

#content_type_for, #send_upload

Instance Method Details

#authorizeObject 



70
71
72
73
74
75
76
77
78
79
80
 
# File 'app/controllers/concerns/uploads_actions.rb', line 70

def authorize
  set_workhorse_internal_api_content_type

  authorized = uploader_class.workhorse_authorize(
    has_length: false,
    maximum_size: Gitlab::CurrentSettings.max_attachment_size.megabytes.to_i)

  render json: authorized
rescue SocketError
  render json: _("Error uploading file"), status: :internal_server_error
end

#createObject 



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'app/controllers/concerns/uploads_actions.rb', line 29

def create
  uploader = UploadService.new(model, params[:file], uploader_class, uploaded_by_user_id: current_user&.id).execute

  respond_to do |format|
    if uploader
      format.json do
        render json: { link: uploader.to_h }
      end
    else
      format.json do
        render json: _('Invalid file.'), status: :unprocessable_entity
      end
    end
  end
end

#showObject

This should either

- send the file directly
- or redirect to its URL



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'app/controllers/concerns/uploads_actions.rb', line 49

def show
  Gitlab::PathTraversal.check_path_traversal!(params[:filename])

  return render_404 unless uploader&.exists?

  ttl, directives = *cache_settings
  ttl ||= 0
  directives ||= { private: true, must_revalidate: true }

  expires_in ttl, directives

  file_uploader = [uploader, *uploader.versions.values].find do |version|
    version.filename == params[:filename]
  end

  return render_404 unless file_uploader

  workhorse_set_content_type!
  send_upload(file_uploader, attachment: file_uploader.filename, disposition: content_disposition)
end