gitlab-org--gitlab-foss/app/controllers/concerns/uploads_actions.rb

# frozen_string_literal: true

module UploadsActions
  include Gitlab::Utils::StrongMemoize
  include SendFileUpload

  UPLOAD_MOUNTS = %w(avatar attachment file logo header_logo favicon).freeze

  def create
    uploader = UploadService.new(model, params[:file], uploader_class).execute

    respond_to do |format|
      if uploader
        format.json do
          render json: { link: uploader.to_h }
        end
      else
        format.json do
          render json: _('Invalid file.'), status: :unprocessable_entity
        end
      end
    end
  end

  # This should either
  #   - send the file directly
  #   - or redirect to its URL
  #
  def show
    return render_404 unless uploader&.exists?

    if cache_publicly?
      # We need to reset caching from the applications controller to get rid of the no-store value
      headers['Cache-Control'] = ''
      expires_in 5.minutes, public: true, must_revalidate: false
    else
      expires_in 0.seconds, must_revalidate: true, private: true
    end

    disposition = uploader.image_or_video? ? 'inline' : 'attachment'

    uploaders = [uploader, *uploader.versions.values]
    uploader = uploaders.find { |version| version.filename == params[:filename] }

    return render_404 unless uploader

    workhorse_set_content_type!
    send_upload(uploader, attachment: uploader.filename, disposition: disposition)
  end

  def authorize
    set_workhorse_internal_api_content_type

    authorized = uploader_class.workhorse_authorize(
      has_length: false,
      maximum_size: Gitlab::CurrentSettings.max_attachment_size.megabytes.to_i)

    render json: authorized
  rescue SocketError
    render json: _("Error uploading file"), status: :internal_server_error
  end

  private

  def uploader_class
    raise NotImplementedError
  end

  def upload_mount
    mounted_as = params[:mounted_as]
    mounted_as if UPLOAD_MOUNTS.include?(mounted_as)
  end

  def uploader_mounted?
    upload_model_class < CarrierWave::Mount::Extension && !upload_mount.nil?
  end

  def uploader
    strong_memoize(:uploader) do
      if uploader_mounted?
        model.public_send(upload_mount) # rubocop:disable GitlabSecurity/PublicSend
      else
        build_uploader_from_upload || build_uploader_from_params
      end
    end
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def build_uploader_from_upload
    return unless uploader = build_uploader

    upload_paths = uploader.upload_paths(params[:filename])
    upload = Upload.find_by(model: model, uploader: uploader_class.to_s, path: upload_paths)
    upload&.build_uploader
  end
  # rubocop: enable CodeReuse/ActiveRecord

  def build_uploader_from_params
    return unless uploader = build_uploader

    uploader.retrieve_from_store!(params[:filename])
    uploader
  end

  def build_uploader
    return unless params[:secret] && params[:filename]

    uploader = uploader_class.new(model, secret: params[:secret])

    return unless uploader.model_valid?

    uploader
  end

  def image_or_video?
    uploader && uploader.exists? && uploader.image_or_video?
  end

  def find_model
    nil
  end

  def cache_publicly?
    false
  end

  def model
    strong_memoize(:model) { find_model }
  end
end
Enable frozen string in app/controllers/*/.rb Enables frozen string for the following: * app/controllers/.rb app/controllers/admin/*/.rb * app/controllers/boards/*/.rb * app/controllers/ci/*/.rb * app/controllers/concerns/*/.rb Partially addresses #47424. 2018-09-14 05:42:05 +00:00			`# frozen_string_literal: true`

Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00			`module UploadsActions`
Support uploads for groups 2017-12-06 11:36:11 +00:00			`include Gitlab::Utils::StrongMemoize`
Add proxy_download to perform proxied sending of all files 2018-03-09 14:16:06 +00:00			`include SendFileUpload`
Support uploads for groups 2017-12-06 11:36:11 +00:00
allow uploading favicon in appearance settings 2017-09-26 07:54:32 +00:00			`UPLOAD_MOUNTS = %w(avatar attachment file logo header_logo favicon).freeze`
port of 594e6a0a625^..f74c90f68c6 2018-01-29 17:57:34 +00:00
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00			`def create`
Remove caching of CSV file Load whole file in memory to simplify code 2019-01-03 05:17:07 +00:00			`uploader = UploadService.new(model, params[:file], uploader_class).execute`
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00
			`respond_to do \|format\|`
Remove caching of CSV file Load whole file in memory to simplify code 2019-01-03 05:17:07 +00:00			`if uploader`
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00			`format.json do`
Remove caching of CSV file Load whole file in memory to simplify code 2019-01-03 05:17:07 +00:00			`render json: { link: uploader.to_h }`
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00			`end`
			`else`
			`format.json do`
Externalize strings in projects controllers - concerns - dashboard - groups - import 2019-03-27 16:52:52 +00:00			`render json: _('Invalid file.'), status: :unprocessable_entity`
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00			`end`
			`end`
			`end`
			`end`

port of 594e6a0a625^..f74c90f68c6 2018-01-29 17:57:34 +00:00			`# This should either`
			`# - send the file directly`
			`# - or redirect to its URL`
			`#`
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00			`def show`
Fix 500 error when loading an invalid upload URL 2018-02-21 16:09:30 +00:00			`return render_404 unless uploader&.exists?`
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00
Turned cache_privately? into cache_publicly? Also removed unnecessary comment 2019-01-22 10:09:04 +00:00			`if cache_publicly?`
Changed the Caching of User Avatars to be public and to 5 minutes 2019-01-21 21:25:54 +00:00			`# We need to reset caching from the applications controller to get rid of the no-store value`
			`headers['Cache-Control'] = ''`
			`expires_in 5.minutes, public: true, must_revalidate: false`
Turned cache_privately? into cache_publicly? Also removed unnecessary comment 2019-01-22 10:09:04 +00:00			`else`
			`expires_in 0.seconds, must_revalidate: true, private: true`
Changed the Caching of User Avatars to be public and to 5 minutes 2019-01-21 21:25:54 +00:00			`end`
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00
Add proxy_download to perform proxied sending of all files 2018-03-09 14:16:06 +00:00			`disposition = uploader.image_or_video? ? 'inline' : 'attachment'`

simplify uploader versions check 2018-04-13 19:29:01 +00:00			`uploaders = [uploader, *uploader.versions.values]`
			`uploader = uploaders.find { \|version\| version.filename == params[:filename] }`
ability to get an image's alternative version 2018-04-12 12:11:21 +00:00
simplify uploader versions check 2018-04-13 19:29:01 +00:00			`return render_404 unless uploader`
ability to get an image's alternative version 2018-04-12 12:11:21 +00:00
Add feature flag for workhorse content type calculation 2018-12-06 21:22:39 +00:00			`workhorse_set_content_type!`
simplify uploader versions check 2018-04-13 19:29:01 +00:00			`send_upload(uploader, attachment: uploader.filename, disposition: disposition)`
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00			`end`
Support uploads for groups 2017-12-06 11:36:11 +00:00
Add workhorse authorize method for project/group uploads This method can be used by workhorse to get presigned URLs used for direct upload of files. 2018-06-12 15:54:37 +00:00			`def authorize`
			`set_workhorse_internal_api_content_type`

			`authorized = uploader_class.workhorse_authorize(`
			`has_length: false,`
			`maximum_size: Gitlab::CurrentSettings.max_attachment_size.megabytes.to_i)`

			`render json: authorized`
Handled exception during file upload 2018-09-05 13:24:06 +00:00			`rescue SocketError`
Externalize strings in projects controllers - concerns - dashboard - groups - import 2019-03-27 16:52:52 +00:00			`render json: _("Error uploading file"), status: :internal_server_error`
Add workhorse authorize method for project/group uploads This method can be used by workhorse to get presigned URLs used for direct upload of files. 2018-06-12 15:54:37 +00:00			`end`

Support uploads for groups 2017-12-06 11:36:11 +00:00			`private`

port of 594e6a0a625^..f74c90f68c6 2018-01-29 17:57:34 +00:00			`def uploader_class`
			`raise NotImplementedError`
			`end`

			`def upload_mount`
			`mounted_as = params[:mounted_as]`
			`mounted_as if UPLOAD_MOUNTS.include?(mounted_as)`
			`end`

			`def uploader_mounted?`
			`upload_model_class < CarrierWave::Mount::Extension && !upload_mount.nil?`
			`end`

Support uploads for groups 2017-12-06 11:36:11 +00:00			`def uploader`
			`strong_memoize(:uploader) do`
port of 594e6a0a625^..f74c90f68c6 2018-01-29 17:57:34 +00:00			`if uploader_mounted?`
			`model.public_send(upload_mount) # rubocop:disable GitlabSecurity/PublicSend`
			`else`
			`build_uploader_from_upload \|\| build_uploader_from_params`
			`end`
			`end`
			`end`
Support uploads for groups 2017-12-06 11:36:11 +00:00
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 15:31:01 +00:00			`# rubocop: disable CodeReuse/ActiveRecord`
port of 594e6a0a625^..f74c90f68c6 2018-01-29 17:57:34 +00:00			`def build_uploader_from_upload`
Merge branch 'poc-upload-hashing-path' into 'master' File uploads on objects storage should use hashed storage Closes #4952 See merge request gitlab-org/gitlab-ee!4597 2018-03-02 15:41:40 +00:00			`return unless uploader = build_uploader`
Support uploads for groups 2017-12-06 11:36:11 +00:00
Merge branch 'poc-upload-hashing-path' into 'master' File uploads on objects storage should use hashed storage Closes #4952 See merge request gitlab-org/gitlab-ee!4597 2018-03-02 15:41:40 +00:00			`upload_paths = uploader.upload_paths(params[:filename])`
Queries for Upload should be scoped by model 2019-07-11 04:48:50 +00:00			`upload = Upload.find_by(model: model, uploader: uploader_class.to_s, path: upload_paths)`
port of 594e6a0a625^..f74c90f68c6 2018-01-29 17:57:34 +00:00			`upload&.build_uploader`
			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 15:31:01 +00:00			`# rubocop: enable CodeReuse/ActiveRecord`
port of 594e6a0a625^..f74c90f68c6 2018-01-29 17:57:34 +00:00
			`def build_uploader_from_params`
Merge branch 'poc-upload-hashing-path' into 'master' File uploads on objects storage should use hashed storage Closes #4952 See merge request gitlab-org/gitlab-ee!4597 2018-03-02 15:41:40 +00:00			`return unless uploader = build_uploader`

			`uploader.retrieve_from_store!(params[:filename])`
			`uploader`
			`end`

			`def build_uploader`
			`return unless params[:secret] && params[:filename]`

add the uploader context to the upload model 2018-01-29 21:06:17 +00:00			`uploader = uploader_class.new(model, secret: params[:secret])`
Fix 500 error when loading an invalid upload URL 2018-02-21 16:09:30 +00:00
Merge branch 'poc-upload-hashing-path' into 'master' File uploads on objects storage should use hashed storage Closes #4952 See merge request gitlab-org/gitlab-ee!4597 2018-03-02 15:41:40 +00:00			`return unless uploader.model_valid?`
Fix 500 error when loading an invalid upload URL 2018-02-21 16:09:30 +00:00
port of 594e6a0a625^..f74c90f68c6 2018-01-29 17:57:34 +00:00			`uploader`
Support uploads for groups 2017-12-06 11:36:11 +00:00			`end`

			`def image_or_video?`
			`uploader && uploader.exists? && uploader.image_or_video?`
			`end`

port of 594e6a0a625^..f74c90f68c6 2018-01-29 17:57:34 +00:00			`def find_model`
			`nil`
			`end`

Turned cache_privately? into cache_publicly? Also removed unnecessary comment 2019-01-22 10:09:04 +00:00			`def cache_publicly?`
			`false`
Changed the Caching of User Avatars to be public and to 5 minutes 2019-01-21 21:25:54 +00:00			`end`

port of 594e6a0a625^..f74c90f68c6 2018-01-29 17:57:34 +00:00			`def model`
			`strong_memoize(:model) { find_model }`
Support uploads for groups 2017-12-06 11:36:11 +00:00			`end`
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00			`end`