Class: Auth::DependencyProxyAuthenticationService

Inherits:

BaseService

• Object
• BaseService
• Auth::DependencyProxyAuthenticationService

Extended by:

Gitlab::Utils::StrongMemoize

Defined in:

app/services/auth/dependency_proxy_authentication_service.rb

Constant Summary

AUDIENCE =

'dependency_proxy'

HMAC_KEY =

'gitlab-dependency-proxy'

DEFAULT_EXPIRE_TIME =

1.minute

Instance Attribute Summary

Attributes inherited from BaseService

#current_user, #params, #project

Class Method Summary

• .secret ⇒ Object
• .token_expire_at ⇒ Object

Instance Method Summary

• #execute(authentication_abilities:) ⇒ Object

Methods inherited from BaseService

#initialize

Methods included from BaseServiceUtility

#deny_visibility_level, #event_service, #log_error, #log_info, #notification_service, #system_hook_service, #todo_service, #visibility_level

Methods included from Gitlab::Allowable

#can?

Constructor Details

This class inherits a constructor from BaseService

Class Method Details

.secret ⇒ Object

# File 'app/services/auth/dependency_proxy_authentication_service.rb', line 19

def secret
  strong_memoize(:secret) do
    OpenSSL::HMAC.hexdigest(
      'sha256',
      ::Settings.attr_encrypted_db_key_base,
      HMAC_KEY
    )
  end
end

.token_expire_at ⇒ Object

# File 'app/services/auth/dependency_proxy_authentication_service.rb', line 29

def token_expire_at
  Time.current + Gitlab::CurrentSettings.container_registry_token_expire_delay.minutes
end

Instance Method Details

#execute(authentication_abilities:) ⇒ Object

# File 'app/services/auth/dependency_proxy_authentication_service.rb', line 9

def execute(authentication_abilities:)
  return error('dependency proxy not enabled', 404) unless ::Gitlab.config.dependency_proxy.enabled
  return error('access forbidden', 403) unless valid_user_actor?

  { token: authorized_token.encoded }
end