Class: Gitlab::Workhorse

Inherits:

Object

• Object
• Gitlab::Workhorse

Includes:

JwtAuthenticatable

Defined in:

lib/gitlab/workhorse.rb

Constant Summary

SEND_DATA_HEADER =

'Gitlab-Workhorse-Send-Data'

VERSION_FILE =

'GITLAB_WORKHORSE_VERSION'

INTERNAL_API_CONTENT_TYPE =

'application/vnd.gitlab-workhorse+json'

INTERNAL_API_REQUEST_HEADER =

'Gitlab-Workhorse-Api-Request'

NOTIFICATION_CHANNEL =

'workhorse:notifications'

ALLOWED_GIT_HTTP_ACTIONS =

%w[git_receive_pack git_upload_pack info_refs].freeze

DETECT_HEADER =

'Gitlab-Workhorse-Detect-Content-Type'

ARCHIVE_FORMATS =

%w(zip tar.gz tar.bz2 tar).freeze

Constants included from JwtAuthenticatable

JwtAuthenticatable::SECRET_LENGTH

Class Method Summary

• .channel_websocket(channel) ⇒ Object
• .decode_jwt(encoded_message) ⇒ Object
• .git_http_ok(repository, repo_type, user, action, show_all_refs: false) ⇒ Object
• .secret_path ⇒ Object
• .send_artifacts_entry(file, entry) ⇒ Object
• .send_git_archive(repository, ref:, format:, append_sha:, path: nil) ⇒ Object
• .send_git_blob(repository, blob) ⇒ Object
• .send_git_diff(repository, diff_refs) ⇒ Object
• .send_git_patch(repository, diff_refs) ⇒ Object
• .send_git_snapshot(repository) ⇒ Object
• .send_scaled_image(location, width, content_type) ⇒ Object
• .send_url(url, allow_redirects: false) ⇒ Object
• .set_key_and_notify(key, value, expire: nil, overwrite: true) ⇒ Object
• .verify_api_request!(request_headers) ⇒ Object
• .version ⇒ Object

Methods included from JwtAuthenticatable

included

Class Method Details

.channel_websocket(channel) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 172

def channel_websocket(channel)
  details = {
    'Channel' => {
      'Subprotocols' => channel[:subprotocols],
      'Url' => channel[:url],
      'Header' => channel[:headers],
      'MaxSessionTime' => channel[:max_session_time]
    }
  }
  details['Channel']['CAPem'] = channel[:ca_pem] if channel.key?(:ca_pem)

  details
end

.decode_jwt(encoded_message) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 195

def decode_jwt(encoded_message)
  decode_jwt_for_issuer('gitlab-workhorse', encoded_message)
end

.git_http_ok(repository, repo_type, user, action, show_all_refs: false) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 22

def git_http_ok(repository, repo_type, user, action, show_all_refs: false)
  raise "Unsupported action: #{action}" unless ALLOWED_GIT_HTTP_ACTIONS.include?(action.to_s)

  attrs = {
    GL_ID: Gitlab::GlId.gl_id(user),
    GL_REPOSITORY: repo_type.identifier_for_container(repository.container),
    GL_USERNAME: user&.username,
    ShowAllRefs: show_all_refs,
    Repository: repository.gitaly_repository.to_h,
    GitConfigOptions: [],
    GitalyServer: {
      address: Gitlab::GitalyClient.address(repository.storage),
      token: Gitlab::GitalyClient.token(repository.storage),
      features: Feature::Gitaly.server_feature_flags
    }
  }

  # Custom option for git-receive-pack command
  receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
  if receive_max_input_size > 0
    attrs[:GitConfigOptions] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
  end

  attrs
end

.secret_path ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 199

def secret_path
  Gitlab.config.workhorse.secret_file
end

.send_artifacts_entry(file, entry) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 133

def send_artifacts_entry(file, entry)
  archive = file.file_storage? ? file.path : file.url

  params = {
    'Archive' => archive,
    'Entry' => Base64.encode64(entry.to_s)
  }

  [
    SEND_DATA_HEADER,
    "artifacts-entry:#{encode(params)}"
  ]
end

.send_git_archive(repository, ref:, format:, append_sha:, path: nil) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 64

def send_git_archive(repository, ref:, format:, append_sha:, path: nil)
  format ||= 'tar.gz'
  format = format.downcase

  metadata = repository.archive_metadata(
    ref,
    Gitlab.config.gitlab.repository_downloads_path,
    format,
    append_sha: append_sha,
    path: path
  )

  raise "Repository or ref not found" if metadata.empty?

  params = send_git_archive_params(repository, metadata, path, archive_format(format))

  # If present, DisableCache must be a Boolean. Otherwise
  # workhorse ignores it.
  params['DisableCache'] = true if git_archive_cache_disabled?
  params['GitalyServer'] = gitaly_server_hash(repository)

  [
    SEND_DATA_HEADER,
    "git-archive:#{encode(params)}"
  ]
end

.send_git_blob(repository, blob) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 48

def send_git_blob(repository, blob)
  params = {
    'GitalyServer' => gitaly_server_hash(repository),
    'GetBlobRequest' => {
      repository: repository.gitaly_repository.to_h,
      oid: blob.id,
      limit: -1
    }
  }

  [
    SEND_DATA_HEADER,
    "git-blob:#{encode(params)}"
  ]
end

.send_git_diff(repository, diff_refs) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 105

def send_git_diff(repository, diff_refs)
  params = {
    'GitalyServer' => gitaly_server_hash(repository),
    'RawDiffRequest' => Gitaly::RawDiffRequest.new(
      gitaly_diff_or_patch_hash(repository, diff_refs)
    ).to_json
  }

  [
    SEND_DATA_HEADER,
    "git-diff:#{encode(params)}"
  ]
end

.send_git_patch(repository, diff_refs) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 119

def send_git_patch(repository, diff_refs)
  params = {
    'GitalyServer' => gitaly_server_hash(repository),
    'RawPatchRequest' => Gitaly::RawPatchRequest.new(
      gitaly_diff_or_patch_hash(repository, diff_refs)
    ).to_json
  }

  [
    SEND_DATA_HEADER,
    "git-format-patch:#{encode(params)}"
  ]
end

.send_git_snapshot(repository) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 91

def send_git_snapshot(repository)
  params = {
    'GitalyServer' => gitaly_server_hash(repository),
    'GetSnapshotRequest' => Gitaly::GetSnapshotRequest.new(
      repository: repository.gitaly_repository
    ).to_json
  }

  [
    SEND_DATA_HEADER,
    "git-snapshot:#{encode(params)}"
  ]
end

.send_scaled_image(location, width, content_type) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 159

def send_scaled_image(location, width, content_type)
  params = {
    'Location' => location,
    'Width' => width,
    'ContentType' => content_type
  }

  [
    SEND_DATA_HEADER,
    "send-scaled-img:#{encode(params)}"
  ]
end

.send_url(url, allow_redirects: false) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 147

def send_url(url, allow_redirects: false)
  params = {
    'URL' => url,
    'AllowRedirects' => allow_redirects
  }

  [
    SEND_DATA_HEADER,
    "send-url:#{encode(params)}"
  ]
end

.set_key_and_notify(key, value, expire: nil, overwrite: true) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 203

def set_key_and_notify(key, value, expire: nil, overwrite: true)
  Gitlab::Redis::SharedState.with do |redis|
    result = redis.set(key, value, ex: expire, nx: !overwrite)
    if result
      redis.publish(NOTIFICATION_CHANNEL, "#{key}=#{value}")
      value
    else
      redis.get(key)
    end
  end
end

.verify_api_request!(request_headers) ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 191

def verify_api_request!(request_headers)
  decode_jwt(request_headers[INTERNAL_API_REQUEST_HEADER])
end

.version ⇒ Object

# File 'lib/gitlab/workhorse.rb', line 186

def version
  path = Rails.root.join(VERSION_FILE)
  path.readable? ? path.read.chomp : 'unknown'
end