gitlab-org--gitlab-foss/lib/api/helpers/internal_helpers.rb

module API
  module Helpers
    module InternalHelpers
      def wiki?
        set_project unless defined?(@wiki)
        @wiki
      end

      def project
        set_project unless defined?(@project)
        @project
      end

      def ssh_authentication_abilities
        [
          :read_project,
          :download_code,
          :push_code
        ]
      end

      def parse_env
        return {} if params[:env].blank?

        JSON.parse(params[:env])
      rescue JSON::ParserError
        {}
      end

      def log_user_activity(actor)
        commands = Gitlab::GitAccess::DOWNLOAD_COMMANDS

        ::Users::ActivityService.new(actor, 'Git SSH').execute if commands.include?(params[:action])
      end

      private

      def set_project
        if params[:gl_repository]
          @project, @wiki = Gitlab::GlRepository.parse(params[:gl_repository])
        else
          @project, @wiki = Gitlab::RepoPath.parse(params[:project])
        end
      end

      # Project id to pass between components that don't share/don't have
      # access to the same filesystem mounts
      def gl_repository
        Gitlab::GlRepository.gl_repository(project, wiki?)
      end

      # Return the repository full path so that gitlab-shell has it when
      # handling ssh commands
      def repository_path
        if wiki?
          project.wiki.repository.path_to_repo
        else
          project.repository.path_to_repo
        end
      end
    end
  end
end
Fix POST /internal/allowed to cope with gitlab-shell v4.0.0 project paths gitlab-shell v3.6.6 would give project paths like so: * namespace/project gitlab-shell v4.0.0 can give project paths like so: * /namespace1/namespace2/project * /namespace/project * /path/to/repository/storage/namespace1/namespace2/project * /path/to/repository/storage/namespace/project 2016-11-15 15:02:44 +00:00			`module API`
			`module Helpers`
			`module InternalHelpers`
			`def wiki?`
Generate and handle a gl_repository param to pass around components This new param allows us to share project information between components that don't share or don't have access to the same filesystem mountpoints, for example between Gitaly and Rails or between Rails and Gitlab-Shell hooks. The previous parameters are still supported, but if found, gl_repository is prefered. The old parameters should be deprecated once all components support the new format. 2017-04-28 16:52:09 +00:00			`set_project unless defined?(@wiki)`
			`@wiki`
Fix POST /internal/allowed to cope with gitlab-shell v4.0.0 project paths gitlab-shell v3.6.6 would give project paths like so: * namespace/project gitlab-shell v4.0.0 can give project paths like so: * /namespace1/namespace2/project * /namespace/project * /path/to/repository/storage/namespace1/namespace2/project * /path/to/repository/storage/namespace/project 2016-11-15 15:02:44 +00:00			`end`

			`def project`
Generate and handle a gl_repository param to pass around components This new param allows us to share project information between components that don't share or don't have access to the same filesystem mountpoints, for example between Gitaly and Rails or between Rails and Gitlab-Shell hooks. The previous parameters are still supported, but if found, gl_repository is prefered. The old parameters should be deprecated once all components support the new format. 2017-04-28 16:52:09 +00:00			`set_project unless defined?(@project)`
			`@project`
Fix POST /internal/allowed to cope with gitlab-shell v4.0.0 project paths gitlab-shell v3.6.6 would give project paths like so: * namespace/project gitlab-shell v4.0.0 can give project paths like so: * /namespace1/namespace2/project * /namespace/project * /path/to/repository/storage/namespace1/namespace2/project * /path/to/repository/storage/namespace/project 2016-11-15 15:02:44 +00:00			`end`

			`def ssh_authentication_abilities`
			`[`
			`:read_project,`
			`:download_code,`
			`:push_code`
			`]`
			`end`
Accept environment variables from the `pre-receive` script. 1. Starting version 2.11, git changed the way the pre-receive flow works. - Previously, the new potential objects would be added to the main repo. If the pre-receive passes, the new objects stay in the repo but are linked up. If the pre-receive fails, the new objects stay orphaned in the repo, and are cleaned up during the next `git gc`. - In 2.11, the new potential objects are added to a temporary "alternate object directory", that git creates for this purpose. If the pre-receive passes, the objects from the alternate object directory are migrated to the main repo. If the pre-receive fails the alternate object directory is simply deleted. 2. In our workflow, the pre-recieve script (in `gitlab-shell) calls the `/allowed` endpoint, which calls out directly to git to perform various checks. These direct calls to git do _not_ have the necessary environment variables set which allow access to the "alternate object directory" (explained above). Therefore these calls to git are not able to access any of the new potential objects to be added during this push. 3. We fix this by accepting the relevant environment variables (GIT_ALTERNATE_OBJECT_DIRECTORIES, GIT_OBJECT_DIRECTORY) on the `/allowed` endpoint, and then include these environment variables while calling out to git. 4. This commit includes (whitelisted) these environment variables while making the "force push" check. A `Gitlab::Git::RevList` module is extracted to prevent `ForcePush` from being littered with these checks. 2016-12-07 07:55:49 +00:00
Set Git-specific env in /api/internal/allowed Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-04-05 07:29:30 +00:00			`def parse_env`
			`return {} if params[:env].blank?`
Accept environment variables from the `pre-receive` script. 1. Starting version 2.11, git changed the way the pre-receive flow works. - Previously, the new potential objects would be added to the main repo. If the pre-receive passes, the new objects stay in the repo but are linked up. If the pre-receive fails, the new objects stay orphaned in the repo, and are cleaned up during the next `git gc`. - In 2.11, the new potential objects are added to a temporary "alternate object directory", that git creates for this purpose. If the pre-receive passes, the objects from the alternate object directory are migrated to the main repo. If the pre-receive fails the alternate object directory is simply deleted. 2. In our workflow, the pre-recieve script (in `gitlab-shell) calls the `/allowed` endpoint, which calls out directly to git to perform various checks. These direct calls to git do _not_ have the necessary environment variables set which allow access to the "alternate object directory" (explained above). Therefore these calls to git are not able to access any of the new potential objects to be added during this push. 3. We fix this by accepting the relevant environment variables (GIT_ALTERNATE_OBJECT_DIRECTORIES, GIT_OBJECT_DIRECTORY) on the `/allowed` endpoint, and then include these environment variables while calling out to git. 4. This commit includes (whitelisted) these environment variables while making the "force push" check. A `Gitlab::Git::RevList` module is extracted to prevent `ForcePush` from being littered with these checks. 2016-12-07 07:55:49 +00:00
			`JSON.parse(params[:env])`
			`rescue JSON::ParserError`
Set Git-specific env in /api/internal/allowed Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-04-05 07:29:30 +00:00			`{}`
Accept environment variables from the `pre-receive` script. 1. Starting version 2.11, git changed the way the pre-receive flow works. - Previously, the new potential objects would be added to the main repo. If the pre-receive passes, the new objects stay in the repo but are linked up. If the pre-receive fails, the new objects stay orphaned in the repo, and are cleaned up during the next `git gc`. - In 2.11, the new potential objects are added to a temporary "alternate object directory", that git creates for this purpose. If the pre-receive passes, the objects from the alternate object directory are migrated to the main repo. If the pre-receive fails the alternate object directory is simply deleted. 2. In our workflow, the pre-recieve script (in `gitlab-shell) calls the `/allowed` endpoint, which calls out directly to git to perform various checks. These direct calls to git do _not_ have the necessary environment variables set which allow access to the "alternate object directory" (explained above). Therefore these calls to git are not able to access any of the new potential objects to be added during this push. 3. We fix this by accepting the relevant environment variables (GIT_ALTERNATE_OBJECT_DIRECTORIES, GIT_OBJECT_DIRECTORY) on the `/allowed` endpoint, and then include these environment variables while calling out to git. 4. This commit includes (whitelisted) these environment variables while making the "force push" check. A `Gitlab::Git::RevList` module is extracted to prevent `ForcePush` from being littered with these checks. 2016-12-07 07:55:49 +00:00			`end`
Remove user activities table and use redis instead of PG for recording activities Refactored specs and added a post deployment migration to remove the activity users table. 2016-11-25 16:10:25 +00:00
			`def log_user_activity(actor)`
Remove unused user activities code 2017-04-12 15:13:24 +00:00			`commands = Gitlab::GitAccess::DOWNLOAD_COMMANDS`
Remove user activities table and use redis instead of PG for recording activities Refactored specs and added a post deployment migration to remove the activity users table. 2016-11-25 16:10:25 +00:00
			`::Users::ActivityService.new(actor, 'Git SSH').execute if commands.include?(params[:action])`
			`end`
Generate and handle a gl_repository param to pass around components This new param allows us to share project information between components that don't share or don't have access to the same filesystem mountpoints, for example between Gitaly and Rails or between Rails and Gitlab-Shell hooks. The previous parameters are still supported, but if found, gl_repository is prefered. The old parameters should be deprecated once all components support the new format. 2017-04-28 16:52:09 +00:00
			`private`

			`def set_project`
			`if params[:gl_repository]`
			`@project, @wiki = Gitlab::GlRepository.parse(params[:gl_repository])`
			`else`
			`@project, @wiki = Gitlab::RepoPath.parse(params[:project])`
			`end`
			`end`
Refactor construction of response 2017-05-23 18:34:58 +00:00
			`# Project id to pass between components that don't share/don't have`
			`# access to the same filesystem mounts`
			`def gl_repository`
			`Gitlab::GlRepository.gl_repository(project, wiki?)`
			`end`

			`# Return the repository full path so that gitlab-shell has it when`
			`# handling ssh commands`
			`def repository_path`
			`if wiki?`
			`project.wiki.repository.path_to_repo`
			`else`
			`project.repository.path_to_repo`
			`end`
			`end`
Fix POST /internal/allowed to cope with gitlab-shell v4.0.0 project paths gitlab-shell v3.6.6 would give project paths like so: * namespace/project gitlab-shell v4.0.0 can give project paths like so: * /namespace1/namespace2/project * /namespace/project * /path/to/repository/storage/namespace1/namespace2/project * /path/to/repository/storage/namespace/project 2016-11-15 15:02:44 +00:00			`end`
			`end`
			`end`