Skip to content

G
gitlab-foss

李少辉-开发者 / gitlab-foss

通知 15
Star 0
Fork 0
G
gitlab-foss

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
controller.rb 2.6 KB
Newer Older
L
Put controller in its separate file  
Lin Jen-Shin 已提交
1 2 3 4 
module Gitlab
  module Middleware
    class ReadOnly
      class Controller
L
Move constants and update for feedback  
Lin Jen-Shin 已提交
5 6 7 8 
        DISALLOWED_METHODS = %w(POST PATCH PUT DELETE).freeze
        APPLICATION_JSON = 'application/json'.freeze
        ERROR_MESSAGE = 'You cannot perform write operations on a read-only instance'.freeze
L
Put controller in its separate file  
Lin Jen-Shin 已提交
9 10 11 12 13 14 15 16 17 18 
        def initialize(app, env)
          @app = app
          @env = env
        end

        def call
          if disallowed_request? && Gitlab::Database.read_only?
            Rails.logger.debug('GitLab ReadOnly: preventing possible non read-only operation')

            if json_request?
L
Move constants and update for feedback  
Lin Jen-Shin 已提交
19 
              return [403, { 'Content-Type' => APPLICATION_JSON }, [{ 'message' => ERROR_MESSAGE }.to_json]]
L
Put controller in its separate file  
Lin Jen-Shin 已提交
20 
            else
L
Move constants and update for feedback  
Lin Jen-Shin 已提交
21 
              rack_flash.alert = ERROR_MESSAGE
L
Put controller in its separate file  
Lin Jen-Shin 已提交
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 
              rack_session['flash'] = rack_flash.to_session_value

              return [301, { 'Location' => last_visited_url }, []]
            end
          end

          @app.call(@env)
        end

        private

        def disallowed_request?
          DISALLOWED_METHODS.include?(@env['REQUEST_METHOD']) &&
            !whitelisted_routes
        end

        def json_request?
          request.media_type == APPLICATION_JSON
        end

        def rack_flash
          @rack_flash ||= ActionDispatch::Flash::FlashHash.from_session_value(rack_session)
        end

        def rack_session
          @env['rack.session']
        end

        def request
          @env['rack.request'] ||= Rack::Request.new(@env)
        end

        def last_visited_url
          @env['HTTP_REFERER'] || rack_session['user_return_to'] || Gitlab::Routing.url_helpers.root_url
        end

        def route_hash
          @route_hash ||= Rails.application.routes.recognize_path(request.url, { method: request.request_method }) rescue {}
        end

        def whitelisted_routes
          grack_route || ReadOnly.internal_routes.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route
        end

        def sidekiq_route
          request.path.start_with?('/admin/sidekiq')
        end

        def grack_route
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
          return false unless request.path.end_with?('.git/git-upload-pack')

          route_hash[:controller] == 'projects/git_http' && route_hash[:action] == 'git_upload_pack'
        end

        def lfs_route
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
          return false unless request.path.end_with?('/info/lfs/objects/batch')

          route_hash[:controller] == 'projects/lfs_api' && route_hash[:action] == 'batch'
        end
      end
    end
  end
end