2018-07-04 13:32:46 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-08-18 10:31:44 -04:00
|
|
|
class GitlabUploader < CarrierWave::Uploader::Base
|
2020-03-12 14:09:28 -04:00
|
|
|
include ContentTypeWhitelist::Concern
|
|
|
|
|
2018-02-02 08:59:43 -05:00
|
|
|
class_attribute :options
|
2017-02-28 13:34:43 -05:00
|
|
|
|
2020-11-02 16:09:10 -05:00
|
|
|
PROTECTED_METHODS = %i(filename cache_dir work_dir store_dir).freeze
|
|
|
|
|
|
|
|
ObjectNotReadyError = Class.new(StandardError)
|
|
|
|
|
2018-02-02 08:59:43 -05:00
|
|
|
class << self
|
|
|
|
# DSL setter
|
|
|
|
def storage_options(options)
|
|
|
|
self.options = options
|
|
|
|
end
|
2017-02-23 16:54:25 -05:00
|
|
|
|
2018-02-02 08:59:43 -05:00
|
|
|
def root
|
|
|
|
options.storage_path
|
|
|
|
end
|
2017-06-08 01:23:52 -04:00
|
|
|
|
2018-02-02 08:59:43 -05:00
|
|
|
# represent the directory namespacing at the class level
|
|
|
|
def base_dir
|
|
|
|
options.fetch('base_dir', '')
|
|
|
|
end
|
2017-02-23 16:54:25 -05:00
|
|
|
|
2018-02-02 08:59:43 -05:00
|
|
|
def file_storage?
|
|
|
|
storage == CarrierWave::Storage::File
|
|
|
|
end
|
|
|
|
|
|
|
|
def absolute_path(upload_record)
|
|
|
|
File.join(root, upload_record.path)
|
|
|
|
end
|
2017-05-04 17:02:51 -04:00
|
|
|
end
|
|
|
|
|
2018-02-02 08:59:43 -05:00
|
|
|
storage_options Gitlab.config.uploads
|
|
|
|
|
2017-06-07 23:32:38 -04:00
|
|
|
delegate :base_dir, :file_storage?, to: :class
|
|
|
|
|
2020-11-02 16:09:10 -05:00
|
|
|
before :cache, :protect_from_path_traversal!
|
|
|
|
|
2018-01-29 16:06:17 -05:00
|
|
|
def initialize(model, mounted_as = nil, **uploader_context)
|
|
|
|
super(model, mounted_as)
|
|
|
|
end
|
|
|
|
|
2017-06-01 03:52:19 -04:00
|
|
|
def file_cache_storage?
|
2017-05-04 17:02:51 -04:00
|
|
|
cache_storage.is_a?(CarrierWave::Storage::File)
|
2017-02-23 16:54:25 -05:00
|
|
|
end
|
|
|
|
|
2016-08-18 10:31:44 -04:00
|
|
|
def move_to_cache
|
2018-02-02 08:59:43 -05:00
|
|
|
file_storage?
|
2016-08-18 10:31:44 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def move_to_store
|
2018-02-02 08:59:43 -05:00
|
|
|
file_storage?
|
2017-02-28 13:34:43 -05:00
|
|
|
end
|
2017-05-01 09:14:35 -04:00
|
|
|
|
|
|
|
def exists?
|
2017-09-19 10:34:10 -04:00
|
|
|
file.present?
|
2017-05-01 09:14:35 -04:00
|
|
|
end
|
2017-06-05 01:12:18 -04:00
|
|
|
|
2018-02-02 08:59:43 -05:00
|
|
|
def cache_dir
|
|
|
|
File.join(root, base_dir, 'tmp/cache')
|
|
|
|
end
|
|
|
|
|
2017-06-05 01:12:18 -04:00
|
|
|
def work_dir
|
2018-02-02 08:59:43 -05:00
|
|
|
File.join(root, base_dir, 'tmp/work')
|
2017-06-05 01:12:18 -04:00
|
|
|
end
|
|
|
|
|
2017-06-12 17:42:11 -04:00
|
|
|
def filename
|
|
|
|
super || file&.filename
|
|
|
|
end
|
|
|
|
|
2018-10-03 11:09:16 -04:00
|
|
|
def relative_path
|
|
|
|
return path if pathname.relative?
|
|
|
|
|
|
|
|
pathname.relative_path_from(Pathname.new(root))
|
|
|
|
end
|
|
|
|
|
2018-02-21 11:09:30 -05:00
|
|
|
def model_valid?
|
|
|
|
!!model
|
|
|
|
end
|
|
|
|
|
2018-04-23 12:59:53 -04:00
|
|
|
def local_url
|
|
|
|
File.join('/', self.class.base_dir, dynamic_segment, filename)
|
|
|
|
end
|
|
|
|
|
2018-07-09 08:18:31 -04:00
|
|
|
def cached_size
|
|
|
|
size
|
|
|
|
end
|
|
|
|
|
2018-07-09 07:34:18 -04:00
|
|
|
def open
|
2018-07-09 12:13:34 -04:00
|
|
|
stream =
|
|
|
|
if file_storage?
|
|
|
|
File.open(path, "rb") if path
|
|
|
|
else
|
|
|
|
::Gitlab::HttpIO.new(url, cached_size) if url
|
|
|
|
end
|
2018-07-09 07:34:18 -04:00
|
|
|
|
|
|
|
return unless stream
|
|
|
|
return stream unless block_given?
|
|
|
|
|
|
|
|
begin
|
|
|
|
yield(stream)
|
|
|
|
ensure
|
|
|
|
stream.close
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-10-02 20:05:59 -04:00
|
|
|
# Used to replace an existing upload with another +file+ without modifying stored metadata
|
|
|
|
# Use this method only to repair/replace an existing upload, or to upload to a Geo secondary node
|
|
|
|
#
|
|
|
|
# @param [CarrierWave::SanitizedFile] file that will replace existing upload
|
|
|
|
# @return CarrierWave::SanitizedFile
|
|
|
|
def replace_file_without_saving!(file)
|
|
|
|
raise ArgumentError, 'should be a CarrierWave::SanitizedFile' unless file.is_a? CarrierWave::SanitizedFile
|
|
|
|
|
|
|
|
storage.store!(file)
|
|
|
|
end
|
|
|
|
|
2017-06-05 01:12:18 -04:00
|
|
|
private
|
|
|
|
|
2018-02-02 08:59:43 -05:00
|
|
|
# Designed to be overridden by child uploaders that have a dynamic path
|
|
|
|
# segment -- that is, a path that changes based on mutable attributes of its
|
|
|
|
# associated model
|
|
|
|
#
|
|
|
|
# For example, `FileUploader` builds the storage path based on the associated
|
|
|
|
# project model's `path_with_namespace` value, which can change when the
|
|
|
|
# project or its containing namespace is moved or renamed.
|
2020-11-02 16:09:10 -05:00
|
|
|
#
|
|
|
|
# When implementing this method, raise `ObjectNotReadyError` if the model
|
|
|
|
# does not yet exist, as it will be tested in `#protect_from_path_traversal!`
|
2018-02-02 08:59:43 -05:00
|
|
|
def dynamic_segment
|
|
|
|
raise(NotImplementedError)
|
|
|
|
end
|
|
|
|
|
2017-06-05 01:12:18 -04:00
|
|
|
# To prevent files from moving across filesystems, override the default
|
|
|
|
# implementation:
|
|
|
|
# http://github.com/carrierwaveuploader/carrierwave/blob/v1.0.0/lib/carrierwave/uploader/cache.rb#L181-L183
|
|
|
|
def workfile_path(for_file = original_filename)
|
|
|
|
# To be safe, keep this directory outside of the the cache directory
|
|
|
|
# because calling CarrierWave.clean_cache_files! will remove any files in
|
|
|
|
# the cache directory.
|
2018-02-02 08:59:43 -05:00
|
|
|
File.join(work_dir, cache_id, version_name.to_s, for_file)
|
2017-06-05 01:12:18 -04:00
|
|
|
end
|
2018-10-03 11:09:16 -04:00
|
|
|
|
|
|
|
def pathname
|
|
|
|
@pathname ||= Pathname.new(path)
|
|
|
|
end
|
2020-11-02 16:09:10 -05:00
|
|
|
|
|
|
|
# Protect against path traversal attacks
|
|
|
|
# This takes a list of methods to test for path traversal, e.g. ../../
|
|
|
|
# and checks each of them. This uses `.send` so that any potential errors
|
|
|
|
# don't block the entire set from being tested.
|
|
|
|
#
|
|
|
|
# @param [CarrierWave::SanitizedFile]
|
|
|
|
# @return [Nil]
|
|
|
|
# @raise [Gitlab::Utils::PathTraversalAttackError]
|
|
|
|
def protect_from_path_traversal!(file)
|
|
|
|
PROTECTED_METHODS.each do |method|
|
|
|
|
Gitlab::Utils.check_path_traversal!(self.send(method)) # rubocop: disable GitlabSecurity/PublicSend
|
|
|
|
|
|
|
|
rescue ObjectNotReadyError
|
|
|
|
# Do nothing. This test was attempted before the file was ready for that method
|
|
|
|
end
|
|
|
|
end
|
2016-08-18 10:31:44 -04:00
|
|
|
end
|