Class: Gitlab::Workhorse

Inherits:
Object
  • Object
show all
Includes:
JwtAuthenticatable
Defined in:
lib/gitlab/workhorse.rb

Constant Summary collapse

SEND_DATA_HEADER = 
'Gitlab-Workhorse-Send-Data'
SEND_DEPENDENCY_CONTENT_TYPE_HEADER = 
'Workhorse-Proxy-Content-Type'
VERSION_FILE = 
'GITLAB_WORKHORSE_VERSION'
INTERNAL_API_CONTENT_TYPE = 
'application/vnd.gitlab-workhorse+json'
INTERNAL_API_REQUEST_HEADER = 
'Gitlab-Workhorse-Api-Request'
NOTIFICATION_CHANNEL = 
'workhorse:notifications'
ALLOWED_GIT_HTTP_ACTIONS = 
%w[git_receive_pack git_upload_pack info_refs].freeze
DETECT_HEADER = 
'Gitlab-Workhorse-Detect-Content-Type'
ARCHIVE_FORMATS = 
%w(zip tar.gz tar.bz2 tar).freeze

Constants included from JwtAuthenticatable

JwtAuthenticatable::SECRET_LENGTH

Class Method Summary collapse

Methods included from JwtAuthenticatable

included

Class Method Details

.channel_websocket(channel) ⇒ Object 


185
186
187
188
189
190
191
192
193
194
195
196
197
 
# File 'lib/gitlab/workhorse.rb', line 185

def channel_websocket(channel)
  details = {
    'Channel' => {
      'Subprotocols' => channel[:subprotocols],
      'Url' => channel[:url],
      'Header' => channel[:headers],
      'MaxSessionTime' => channel[:max_session_time]
    }
  }
  details['Channel']['CAPem'] = channel[:ca_pem] if channel.key?(:ca_pem)

  details
end

.decode_jwt_with_issuer(encoded_message) ⇒ Object 


208
209
210
 
# File 'lib/gitlab/workhorse.rb', line 208

def decode_jwt_with_issuer(encoded_message)
  decode_jwt(encoded_message, issuer: 'gitlab-workhorse')
end

.detect_content_typeObject 


228
229
230
231
232
233
 
# File 'lib/gitlab/workhorse.rb', line 228

def detect_content_type
  [
    Gitlab::Workhorse::DETECT_HEADER,
    'true'
  ]
end

.git_http_ok(repository, repo_type, user, action, show_all_refs: false) ⇒ Object 


23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/gitlab/workhorse.rb', line 23

def git_http_ok(repository, repo_type, user, action, show_all_refs: false)
  raise "Unsupported action: #{action}" unless ALLOWED_GIT_HTTP_ACTIONS.include?(action.to_s)

  attrs = {
    GL_ID: Gitlab::GlId.gl_id(user),
    GL_REPOSITORY: repo_type.identifier_for_container(repository.container),
    GL_USERNAME: user&.username,
    ShowAllRefs: show_all_refs,
    Repository: repository.gitaly_repository.to_h,
    GitConfigOptions: [],
    GitalyServer: {
      address: Gitlab::GitalyClient.address(repository.storage),
      token: Gitlab::GitalyClient.token(repository.storage),
      features: Feature::Gitaly.server_feature_flags(repository.project)
    }
  }

  # Custom option for git-receive-pack command
  receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
  if receive_max_input_size > 0
    attrs[:GitConfigOptions] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
  end

  attrs
end

.secret_pathObject 


212
213
214
 
# File 'lib/gitlab/workhorse.rb', line 212

def secret_path
  Gitlab.config.workhorse.secret_file
end

.send_artifacts_entry(file, entry) ⇒ Object 


134
135
136
137
138
139
140
141
142
143
144
145
146
 
# File 'lib/gitlab/workhorse.rb', line 134

def send_artifacts_entry(file, entry)
  archive = file.file_storage? ? file.path : file.url

  params = {
    'Archive' => archive,
    'Entry' => Base64.encode64(entry.to_s)
  }

  [
    SEND_DATA_HEADER,
    "artifacts-entry:#{encode(params)}"
  ]
end

.send_dependency(headers, url) ⇒ Object 


173
174
175
176
177
178
179
180
181
182
183
 
# File 'lib/gitlab/workhorse.rb', line 173

def send_dependency(headers, url)
  params = {
    'Header' => headers,
    'Url' => url
  }

  [
    SEND_DATA_HEADER,
    "send-dependency:#{encode(params)}"
  ]
end

.send_git_archive(repository, ref:, format:, append_sha:, path: nil) ⇒ Object 


65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'lib/gitlab/workhorse.rb', line 65

def send_git_archive(repository, ref:, format:, append_sha:, path: nil)
  format ||= 'tar.gz'
  format = format.downcase

  metadata = repository.archive_metadata(
    ref,
    Gitlab.config.gitlab.repository_downloads_path,
    format,
    append_sha: append_sha,
    path: path
  )

  raise "Repository or ref not found" if metadata.empty?

  params = send_git_archive_params(repository, metadata, path, archive_format(format))

  # If present, DisableCache must be a Boolean. Otherwise
  # workhorse ignores it.
  params['DisableCache'] = true if git_archive_cache_disabled?
  params['GitalyServer'] = gitaly_server_hash(repository)

  [
    SEND_DATA_HEADER,
    "git-archive:#{encode(params)}"
  ]
end

.send_git_blob(repository, blob) ⇒ Object 


49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/gitlab/workhorse.rb', line 49

def send_git_blob(repository, blob)
  params = {
    'GitalyServer' => gitaly_server_hash(repository),
    'GetBlobRequest' => {
      repository: repository.gitaly_repository.to_h,
      oid: blob.id,
      limit: -1
    }
  }

  [
    SEND_DATA_HEADER,
    "git-blob:#{encode(params)}"
  ]
end

.send_git_diff(repository, diff_refs) ⇒ Object 


106
107
108
109
110
111
112
113
114
115
116
117
118
 
# File 'lib/gitlab/workhorse.rb', line 106

def send_git_diff(repository, diff_refs)
  params = {
    'GitalyServer' => gitaly_server_hash(repository),
    'RawDiffRequest' => Gitaly::RawDiffRequest.new(
      gitaly_diff_or_patch_hash(repository, diff_refs)
    ).to_json
  }

  [
    SEND_DATA_HEADER,
    "git-diff:#{encode(params)}"
  ]
end

.send_git_patch(repository, diff_refs) ⇒ Object 


120
121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'lib/gitlab/workhorse.rb', line 120

def send_git_patch(repository, diff_refs)
  params = {
    'GitalyServer' => gitaly_server_hash(repository),
    'RawPatchRequest' => Gitaly::RawPatchRequest.new(
      gitaly_diff_or_patch_hash(repository, diff_refs)
    ).to_json
  }

  [
    SEND_DATA_HEADER,
    "git-format-patch:#{encode(params)}"
  ]
end

.send_git_snapshot(repository) ⇒ Object 


92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/gitlab/workhorse.rb', line 92

def send_git_snapshot(repository)
  params = {
    'GitalyServer' => gitaly_server_hash(repository),
    'GetSnapshotRequest' => Gitaly::GetSnapshotRequest.new(
      repository: repository.gitaly_repository
    ).to_json
  }

  [
    SEND_DATA_HEADER,
    "git-snapshot:#{encode(params)}"
  ]
end

.send_scaled_image(location, width, content_type) ⇒ Object 


160
161
162
163
164
165
166
167
168
169
170
171
 
# File 'lib/gitlab/workhorse.rb', line 160

def send_scaled_image(location, width, content_type)
  params = {
    'Location' => location,
    'Width' => width,
    'ContentType' => content_type
  }

  [
    SEND_DATA_HEADER,
    "send-scaled-img:#{encode(params)}"
  ]
end

.send_url(url, allow_redirects: false) ⇒ Object 


148
149
150
151
152
153
154
155
156
157
158
 
# File 'lib/gitlab/workhorse.rb', line 148

def send_url(url, allow_redirects: false)
  params = {
    'URL' => url,
    'AllowRedirects' => allow_redirects
  }

  [
    SEND_DATA_HEADER,
    "send-url:#{encode(params)}"
  ]
end

.set_key_and_notify(key, value, expire: nil, overwrite: true) ⇒ Object 


216
217
218
219
220
221
222
223
224
225
226
 
# File 'lib/gitlab/workhorse.rb', line 216

def set_key_and_notify(key, value, expire: nil, overwrite: true)
  Gitlab::Redis::SharedState.with do |redis|
    result = redis.set(key, value, ex: expire, nx: !overwrite)
    if result
      redis.publish(NOTIFICATION_CHANNEL, "#{key}=#{value}")
      value
    else
      redis.get(key)
    end
  end
end

.verify_api_request!(request_headers) ⇒ Object 


204
205
206
 
# File 'lib/gitlab/workhorse.rb', line 204

def verify_api_request!(request_headers)
  decode_jwt_with_issuer(request_headers[INTERNAL_API_REQUEST_HEADER])
end

.versionObject 


199
200
201
202
 
# File 'lib/gitlab/workhorse.rb', line 199

def version
  path = Rails.root.join(VERSION_FILE)
  path.readable? ? path.read.chomp : 'unknown'
end