gitlab-org--gitlab-foss/app/controllers/projects/git_http_controller.rb

class Projects::GitHttpController < Projects::GitHttpClientController
  include WorkhorseRequest

  before_action :access_check

  rescue_from Gitlab::GitAccess::UnauthorizedError, with: :render_403
  rescue_from Gitlab::GitAccess::NotFoundError, with: :render_404

  # GET /foo/bar.git/info/refs?service=git-upload-pack (git pull)
  # GET /foo/bar.git/info/refs?service=git-receive-pack (git push)
  def info_refs
    log_user_activity if upload_pack?

    render_ok
  end

  # POST /foo/bar.git/git-upload-pack (git pull)
  def git_upload_pack
    render_ok
  end

  # POST /foo/bar.git/git-receive-pack" (git push)
  def git_receive_pack
    render_ok
  end

  private

  def download_request?
    upload_pack?
  end

  def upload_pack?
    git_command == 'git-upload-pack'
  end

  def git_command
    if action_name == 'info_refs'
      params[:service]
    else
      action_name.dasherize
    end
  end

  def render_ok
    set_workhorse_internal_api_content_type
    render json: Gitlab::Workhorse.git_http_ok(repository, wiki?, user, action_name)
  end

  def render_403(exception)
    render plain: exception.message, status: :forbidden
  end

  def render_404(exception)
    render plain: exception.message, status: :not_found
  end

  def access
    @access ||= access_klass.new(access_actor, project, 'http', authentication_abilities: authentication_abilities, redirected_path: redirected_path)
  end

  def access_actor
    return user if user
    return :ci if ci?
  end

  def access_check
    # Use the magic string '_any' to indicate we do not know what the
    # changes are. This is also what gitlab-shell does.
    access.check(git_command, '_any')
  end

  def access_klass
    @access_klass ||= wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess
  end

  def log_user_activity
    Users::ActivityService.new(user, 'pull').execute
  end
end
Add LFS controllers 2016-07-20 12:41:26 -04:00			`class Projects::GitHttpController < Projects::GitHttpClientController`
Move LfsHelper to a new LfsRequest concern Also create a new WorkhorseRequest concern Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-11-21 10:31:51 -05:00			`include WorkhorseRequest`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00
Refactor to let GitAccess errors bubble up No external behavior change. This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate. 2017-05-19 15:58:45 -04:00			`before_action :access_check`

			`rescue_from Gitlab::GitAccess::UnauthorizedError, with: :render_403`
			`rescue_from Gitlab::GitAccess::NotFoundError, with: :render_404`

Some changes after review from Rémy and Valery 2016-04-22 07:24:53 -04:00			`# GET /foo/bar.git/info/refs?service=git-upload-pack (git pull)`
			`# GET /foo/bar.git/info/refs?service=git-receive-pack (git push)`
			`def info_refs`
Refactor to let GitAccess errors bubble up No external behavior change. This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate. 2017-05-19 15:58:45 -04:00			`log_user_activity if upload_pack?`
Add user activity service and spec. Also added relevant - NOT offline - migration It uses a user activity table instead of a column in users. Tested with mySQL and postgreSQL 2016-10-05 10:41:32 -04:00
Refactor to let GitAccess errors bubble up No external behavior change. This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate. 2017-05-19 15:58:45 -04:00			`render_ok`
Get Grack::Auth tests to pass 2016-03-23 13:34:16 -04:00			`end`
Comment and whitespace 2016-04-15 06:40:43 -04:00
Some changes after review from Rémy and Valery 2016-04-22 07:24:53 -04:00			`# POST /foo/bar.git/git-upload-pack (git pull)`
			`def git_upload_pack`
Refactor to let GitAccess errors bubble up No external behavior change. This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate. 2017-05-19 15:58:45 -04:00			`render_ok`
Some changes after review from Rémy and Valery 2016-04-22 07:24:53 -04:00			`end`

			`# POST /foo/bar.git/git-receive-pack" (git push)`
			`def git_receive_pack`
Refactor to let GitAccess errors bubble up No external behavior change. This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate. 2017-05-19 15:58:45 -04:00			`render_ok`
Get Grack::Auth tests to pass 2016-03-23 13:34:16 -04:00			`end`

			`private`

Add LFS controllers 2016-07-20 12:41:26 -04:00			`def download_request?`
			`upload_pack?`
Get Grack::Auth tests to pass 2016-03-23 13:34:16 -04:00			`end`

			`def upload_pack?`
Some changes after review from Rémy and Valery 2016-04-22 07:24:53 -04:00			`git_command == 'git-upload-pack'`
Add some upload specs 2016-03-24 13:58:29 -04:00			`end`

Some changes after review from Rémy and Valery 2016-04-22 07:24:53 -04:00			`def git_command`
Get Grack::Auth tests to pass 2016-03-23 13:34:16 -04:00			`if action_name == 'info_refs'`
Add some upload specs 2016-03-24 13:58:29 -04:00			`params[:service]`
Get Grack::Auth tests to pass 2016-03-23 13:34:16 -04:00			`else`
Changes after more review from Rémy 2016-06-03 08:57:34 -04:00			`action_name.dasherize`
Get Grack::Auth tests to pass 2016-03-23 13:34:16 -04:00			`end`
			`end`
Comment and whitespace 2016-04-15 06:40:43 -04:00
Get Grack::Auth tests to pass 2016-03-23 13:34:16 -04:00			`def render_ok`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`set_workhorse_internal_api_content_type`
Pass GL_REPOSITORY in Workhorse responses 2017-05-03 17:07:54 -04:00			`render json: Gitlab::Workhorse.git_http_ok(repository, wiki?, user, action_name)`
Get Grack::Auth tests to pass 2016-03-23 13:34:16 -04:00			`end`
Comment and whitespace 2016-04-15 06:40:43 -04:00
Refactor to let GitAccess errors bubble up No external behavior change. This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate. 2017-05-19 15:58:45 -04:00			`def render_403(exception)`
			`render plain: exception.message, status: :forbidden`
Return :forbidden if HTTP protocol access is not allowed 2016-06-23 18:37:57 -04:00			`end`

Refactor to let GitAccess errors bubble up No external behavior change. This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate. 2017-05-19 15:58:45 -04:00			`def render_404(exception)`
			`render plain: exception.message, status: :not_found`
Get Grack::Auth tests to pass 2016-03-23 13:34:16 -04:00			`end`
Add some upload specs 2016-03-24 13:58:29 -04:00
Correct access control flow for Git HTTP requests. 2016-06-27 12:14:44 -04:00			`def access`
Add “Project moved” error to Git-over-HTTP 2017-06-15 20:04:17 -04:00			`@access \|\|= access_klass.new(access_actor, project, 'http', authentication_abilities: authentication_abilities, redirected_path: redirected_path)`
Move CI access logic into GitAccess 2017-05-16 15:58:46 -04:00			`end`

			`def access_actor`
			`return user if user`
			`return :ci if ci?`
Correct access control flow for Git HTTP requests. 2016-06-27 12:14:44 -04:00			`end`

Stop 'git push' over HTTP early Before this change we always let users push Git data over HTTP before deciding whether to accept to push. This was different from pushing over SSH where we terminate a 'git push' early if we already know the user is not allowed to push. This change let Git over HTTP follow the same behavior as Git over SSH. We also distinguish between HTTP 404 and 403 responses when denying Git requests, depending on whether the user is allowed to know the project exists. 2016-08-03 08:54:12 -04:00			`def access_check`
			`# Use the magic string '_any' to indicate we do not know what the`
			`# changes are. This is also what gitlab-shell does.`
Refactor to let GitAccess errors bubble up No external behavior change. This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate. 2017-05-19 15:58:45 -04:00			`access.check(git_command, '_any')`
Add some upload specs 2016-03-24 13:58:29 -04:00			`end`
Fix access to the wiki code via HTTP when repository feature disabled 2017-01-24 15:04:45 -05:00
			`def access_klass`
			`@access_klass \|\|= wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess`
			`end`
Add user activity service and spec. Also added relevant - NOT offline - migration It uses a user activity table instead of a column in users. Tested with mySQL and postgreSQL 2016-10-05 10:41:32 -04:00
			`def log_user_activity`
			`Users::ActivityService.new(user, 'pull').execute`
			`end`
Get Grack::Auth tests to pass 2016-03-23 13:34:16 -04:00			`end`