gitlab-org--gitlab-foss/lib/gitlab/workhorse.rb

276 lines
8.3 KiB
Ruby
Raw Normal View History

2016-02-01 05:33:22 -05:00
require 'base64'
require 'json'
require 'securerandom'
2017-03-24 13:22:42 -04:00
require 'uri'
2016-02-01 05:33:22 -05:00
module Gitlab
class Workhorse
2017-02-21 18:32:18 -05:00
SEND_DATA_HEADER = 'Gitlab-Workhorse-Send-Data'.freeze
VERSION_FILE = 'GITLAB_WORKHORSE_VERSION'.freeze
INTERNAL_API_CONTENT_TYPE = 'application/vnd.gitlab-workhorse+json'.freeze
INTERNAL_API_REQUEST_HEADER = 'Gitlab-Workhorse-Api-Request'.freeze
NOTIFICATION_CHANNEL = 'workhorse:notifications'.freeze
# Supposedly the effective key size for HMAC-SHA256 is 256 bits, i.e. 32
# bytes https://tools.ietf.org/html/rfc4868#section-2.6
SECRET_LENGTH = 32
2016-02-02 08:09:55 -05:00
2016-02-11 12:10:14 -05:00
class << self
def git_http_ok(repository, is_wiki, user, action, show_all_refs: false)
project = repository.project
repo_path = repository.path_to_repo
params = {
GL_ID: Gitlab::GlId.gl_id(user),
GL_REPOSITORY: Gitlab::GlRepository.gl_repository(project, is_wiki),
GL_USERNAME: user&.username,
RepoPath: repo_path,
ShowAllRefs: show_all_refs
2016-04-06 11:52:12 -04:00
}
server = {
address: Gitlab::GitalyClient.address(project.repository_storage),
token: Gitlab::GitalyClient.token(project.repository_storage)
}
params[:Repository] = repository.gitaly_repository.to_h
feature_enabled = case action.to_s
when 'git_receive_pack'
Gitlab::GitalyClient.feature_enabled?(
:post_receive_pack,
status: Gitlab::GitalyClient::MigrationStatus::OPT_OUT
)
when 'git_upload_pack'
2017-09-01 04:45:19 -04:00
true
when 'info_refs'
true
else
raise "Unsupported action: #{action}"
end
if feature_enabled
params[:GitalyServer] = server
2017-03-24 13:22:42 -04:00
end
params
2016-04-06 11:52:12 -04:00
end
def lfs_upload_ok(oid, size)
{
2018-01-29 12:57:34 -05:00
StoreLFSPath: LfsObjectUploader.workhorse_upload_path,
LfsOid: oid,
LfsSize: size
}
end
def artifact_upload_ok
2018-01-29 12:57:34 -05:00
{ TempPath: JobArtifactUploader.workhorse_upload_path }
end
2016-02-01 05:33:22 -05:00
def send_git_blob(repository, blob)
params = if Gitlab::GitalyClient.feature_enabled?(:workhorse_raw_show)
2017-07-09 23:43:20 -04:00
{
'GitalyServer' => gitaly_server_hash(repository),
'GetBlobRequest' => {
repository: repository.gitaly_repository.to_h,
oid: blob.id,
limit: -1
}
}
else
{
'RepoPath' => repository.path_to_repo,
'BlobId' => blob.id
}
end
2016-02-01 05:33:22 -05:00
[
2016-02-02 08:09:55 -05:00
SEND_DATA_HEADER,
2016-06-08 08:30:15 -04:00
"git-blob:#{encode(params)}"
2016-02-01 05:33:22 -05:00
]
end
2016-02-02 08:09:55 -05:00
def send_git_archive(repository, ref:, format:)
2016-02-02 08:09:55 -05:00
format ||= 'tar.gz'
format.downcase!
params = repository.archive_metadata(ref, Gitlab.config.gitlab.repository_downloads_path, format)
2016-02-02 08:09:55 -05:00
raise "Repository or ref not found" if params.empty?
if Gitlab::GitalyClient.feature_enabled?(:workhorse_archive)
params.merge!(
'GitalyServer' => gitaly_server_hash(repository),
'GitalyRepository' => repository.gitaly_repository.to_h
)
end
# If present DisableCache must be a Boolean. Otherwise workhorse ignores it.
params['DisableCache'] = true if git_archive_cache_disabled?
2016-02-02 08:09:55 -05:00
[
SEND_DATA_HEADER,
2016-06-08 08:30:15 -04:00
"git-archive:#{encode(params)}"
2016-02-02 08:09:55 -05:00
]
end
2016-05-12 14:50:49 -04:00
2016-06-08 08:30:15 -04:00
def send_git_diff(repository, diff_refs)
params = if Gitlab::GitalyClient.feature_enabled?(:workhorse_send_git_diff)
{
'GitalyServer' => gitaly_server_hash(repository),
'RawDiffRequest' => Gitaly::RawDiffRequest.new(
gitaly_diff_or_patch_hash(repository, diff_refs)
).to_json
}
else
workhorse_diff_or_patch_hash(repository, diff_refs)
end
2016-05-12 14:50:49 -04:00
[
SEND_DATA_HEADER,
"git-diff:#{encode(params)}"
2016-02-02 08:09:55 -05:00
]
end
2016-07-03 17:01:13 -04:00
def send_git_patch(repository, diff_refs)
params = if Gitlab::GitalyClient.feature_enabled?(:workhorse_send_git_patch)
{
'GitalyServer' => gitaly_server_hash(repository),
'RawPatchRequest' => Gitaly::RawPatchRequest.new(
gitaly_diff_or_patch_hash(repository, diff_refs)
).to_json
}
else
workhorse_diff_or_patch_hash(repository, diff_refs)
end
[
2016-06-28 08:59:25 -04:00
SEND_DATA_HEADER,
"git-format-patch:#{encode(params)}"
]
end
def send_artifacts_entry(build, entry)
2018-01-29 12:57:34 -05:00
file = build.artifacts_file
archive = file.file_storage? ? file.path : file.url
params = {
2018-01-29 12:57:34 -05:00
'Archive' => archive,
'Entry' => Base64.encode64(entry.to_s)
}
[
SEND_DATA_HEADER,
"artifacts-entry:#{encode(params)}"
]
end
2018-02-06 09:31:39 -05:00
def send_url(url, allow_redirects: false)
params = {
'URL' => url,
'AllowRedirects' => allow_redirects
}
[
SEND_DATA_HEADER,
"send-url:#{encode(params)}"
]
end
def terminal_websocket(terminal)
details = {
'Terminal' => {
'Subprotocols' => terminal[:subprotocols],
'Url' => terminal[:url],
'Header' => terminal[:headers],
'MaxSessionTime' => terminal[:max_session_time]
}
}
details['Terminal']['CAPem'] = terminal[:ca_pem] if terminal.key?(:ca_pem)
details
end
def version
path = Rails.root.join(VERSION_FILE)
path.readable? ? path.read.chomp : 'unknown'
end
def secret
@secret ||= begin
bytes = Base64.strict_decode64(File.read(secret_path).chomp)
raise "#{secret_path} does not contain #{SECRET_LENGTH} bytes" if bytes.length != SECRET_LENGTH
bytes
end
end
def write_secret
bytes = SecureRandom.random_bytes(SECRET_LENGTH)
File.open(secret_path, 'w:BINARY', 0600) do |f|
2016-09-26 08:21:39 -04:00
f.chmod(0600) # If the file already existed, the '0600' passed to 'open' above was a no-op.
f.write(Base64.strict_encode64(bytes))
end
end
def verify_api_request!(request_headers)
2016-08-18 10:31:44 -04:00
decode_jwt(request_headers[INTERNAL_API_REQUEST_HEADER])
end
def decode_jwt(encoded_message)
JWT.decode(
2016-08-18 10:31:44 -04:00
encoded_message,
secret,
true,
{ iss: 'gitlab-workhorse', verify_iss: true, algorithm: 'HS256' }
)
end
def secret_path
Gitlab.config.workhorse.secret_file
end
2017-03-06 05:44:45 -05:00
def set_key_and_notify(key, value, expire: nil, overwrite: true)
Gitlab::Redis::Queues.with do |redis|
result = redis.set(key, value, ex: expire, nx: !overwrite)
if result
2017-03-06 05:44:45 -05:00
redis.publish(NOTIFICATION_CHANNEL, "#{key}=#{value}")
value
else
redis.get(key)
end
end
end
2016-02-02 08:09:55 -05:00
protected
2016-02-02 08:09:55 -05:00
def encode(hash)
Base64.urlsafe_encode64(JSON.dump(hash))
end
2017-07-09 23:43:20 -04:00
def gitaly_server_hash(repository)
{
address: Gitlab::GitalyClient.address(repository.project.repository_storage),
token: Gitlab::GitalyClient.token(repository.project.repository_storage)
}
end
def workhorse_diff_or_patch_hash(repository, diff_refs)
{
'RepoPath' => repository.path_to_repo,
'ShaFrom' => diff_refs.base_sha,
'ShaTo' => diff_refs.head_sha
}
end
def gitaly_diff_or_patch_hash(repository, diff_refs)
{
repository: repository.gitaly_repository,
left_commit_id: diff_refs.base_sha,
right_commit_id: diff_refs.head_sha
}
end
def git_archive_cache_disabled?
ENV['WORKHORSE_ARCHIVE_CACHE_DISABLED'].present? || Feature.enabled?(:workhorse_archive_cache_disabled)
end
2016-02-01 05:33:22 -05:00
end
end
2016-02-01 06:27:35 -05:00
end