Class: Gitlab::Middleware::ReadOnly::Controller

Inherits:

Object

• Object
• Gitlab::Middleware::ReadOnly::Controller

Defined in:

lib/gitlab/middleware/read_only/controller.rb

Constant Summary

DISALLOWED_METHODS =

%w[POST PATCH PUT DELETE].freeze

APPLICATION_JSON =

'application/json'

APPLICATION_JSON_TYPES =

%W[#{APPLICATION_JSON} application/vnd.git-lfs+json].freeze

ERROR_MESSAGE =

'You cannot perform write operations on a read-only instance'

ALLOWLISTED_GIT_READ_ONLY_ROUTES =

{
  'repositories/git_http' => %w[git_upload_pack]
}.freeze

ALLOWLISTED_GIT_LFS_BATCH_ROUTES =

{
  'repositories/lfs_api' => %w[batch]
}.freeze

ALLOWLISTED_GIT_REVISION_ROUTES =

{
  'projects/compare' => %w[create]
}.freeze

ALLOWLISTED_SESSION_ROUTES =

{
  'sessions' => %w[destroy],
  'admin/sessions' => %w[create destroy]
}.freeze

GRAPHQL_URL =

'/api/graphql'

Instance Method Summary

• #call ⇒ Object
• #initialize(app, env) ⇒ Controller constructor

  A new instance of Controller.

Constructor Details

#initialize(app, env) ⇒ Controller

Returns a new instance of Controller.

# File 'lib/gitlab/middleware/read_only/controller.rb', line 31

def initialize(app, env)
  @app = app
  @env = env
end

Instance Method Details

#call ⇒ Object

# File 'lib/gitlab/middleware/read_only/controller.rb', line 36

def call
  if disallowed_request? && read_only?
    Gitlab::AppLogger.debug('GitLab ReadOnly: preventing possible non read-only operation')

    if json_request?
      return [403, { 'Content-Type' => APPLICATION_JSON }, [{ 'message' => ERROR_MESSAGE }.to_json]]
    else
      rack_flash.alert = ERROR_MESSAGE
      rack_session['flash'] = rack_flash.to_session_value

      return [301, { 'Location' => last_visited_url }, []]
    end
  end

  @app.call(@env)
end