gitlab-org--gitlab-foss/lib/gitlab/middleware/read_only/controller.rb

module Gitlab
  module Middleware
    class ReadOnly
      class Controller
        DISALLOWED_METHODS = %w(POST PATCH PUT DELETE).freeze
        APPLICATION_JSON = 'application/json'.freeze
        ERROR_MESSAGE = 'You cannot perform write operations on a read-only instance'.freeze

        def initialize(app, env)
          @app = app
          @env = env
        end

        def call
          if disallowed_request? && Gitlab::Database.read_only?
            Rails.logger.debug('GitLab ReadOnly: preventing possible non read-only operation')

            if json_request?
              return [403, { 'Content-Type' => APPLICATION_JSON }, [{ 'message' => ERROR_MESSAGE }.to_json]]
            else
              rack_flash.alert = ERROR_MESSAGE
              rack_session['flash'] = rack_flash.to_session_value

              return [301, { 'Location' => last_visited_url }, []]
            end
          end

          @app.call(@env)
        end

        private

        def disallowed_request?
          DISALLOWED_METHODS.include?(@env['REQUEST_METHOD']) &&
            !whitelisted_routes
        end

        def json_request?
          request.media_type == APPLICATION_JSON
        end

        def rack_flash
          @rack_flash ||= ActionDispatch::Flash::FlashHash.from_session_value(rack_session)
        end

        def rack_session
          @env['rack.session']
        end

        def request
          @env['rack.request'] ||= Rack::Request.new(@env)
        end

        def last_visited_url
          @env['HTTP_REFERER'] || rack_session['user_return_to'] || Gitlab::Routing.url_helpers.root_url
        end

        def route_hash
          @route_hash ||= Rails.application.routes.recognize_path(request.url, { method: request.request_method }) rescue {}
        end

        def whitelisted_routes
          grack_route || ReadOnly.internal_routes.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route
        end

        def sidekiq_route
          request.path.start_with?('/admin/sidekiq')
        end

        def grack_route
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
          return false unless request.path.end_with?('.git/git-upload-pack')

          route_hash[:controller] == 'projects/git_http' && route_hash[:action] == 'git_upload_pack'
        end

        def lfs_route
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
          return false unless request.path.end_with?('/info/lfs/objects/batch')

          route_hash[:controller] == 'projects/lfs_api' && route_hash[:action] == 'batch'
        end
      end
    end
  end
end
Put controller in its separate file 2018-02-07 09:44:18 -05:00			`module Gitlab`
			`module Middleware`
			`class ReadOnly`
			`class Controller`
Move constants and update for feedback 2018-03-02 11:39:42 -05:00			`DISALLOWED_METHODS = %w(POST PATCH PUT DELETE).freeze`
			`APPLICATION_JSON = 'application/json'.freeze`
			`ERROR_MESSAGE = 'You cannot perform write operations on a read-only instance'.freeze`

Put controller in its separate file 2018-02-07 09:44:18 -05:00			`def initialize(app, env)`
			`@app = app`
			`@env = env`
			`end`

			`def call`
			`if disallowed_request? && Gitlab::Database.read_only?`
			`Rails.logger.debug('GitLab ReadOnly: preventing possible non read-only operation')`

			`if json_request?`
Move constants and update for feedback 2018-03-02 11:39:42 -05:00			`return [403, { 'Content-Type' => APPLICATION_JSON }, [{ 'message' => ERROR_MESSAGE }.to_json]]`
Put controller in its separate file 2018-02-07 09:44:18 -05:00			`else`
Move constants and update for feedback 2018-03-02 11:39:42 -05:00			`rack_flash.alert = ERROR_MESSAGE`
Put controller in its separate file 2018-02-07 09:44:18 -05:00			`rack_session['flash'] = rack_flash.to_session_value`

			`return [301, { 'Location' => last_visited_url }, []]`
			`end`
			`end`

			`@app.call(@env)`
			`end`

			`private`

			`def disallowed_request?`
			`DISALLOWED_METHODS.include?(@env['REQUEST_METHOD']) &&`
			`!whitelisted_routes`
			`end`

			`def json_request?`
			`request.media_type == APPLICATION_JSON`
			`end`

			`def rack_flash`
			`@rack_flash \|\|= ActionDispatch::Flash::FlashHash.from_session_value(rack_session)`
			`end`

			`def rack_session`
			`@env['rack.session']`
			`end`

			`def request`
			`@env['rack.request'] \|\|= Rack::Request.new(@env)`
			`end`

			`def last_visited_url`
			`@env['HTTP_REFERER'] \|\| rack_session['user_return_to'] \|\| Gitlab::Routing.url_helpers.root_url`
			`end`

			`def route_hash`
			`@route_hash \|\|= Rails.application.routes.recognize_path(request.url, { method: request.request_method }) rescue {}`
			`end`

			`def whitelisted_routes`
			`grack_route \|\| ReadOnly.internal_routes.any? { \|path\| request.path.include?(path) } \|\| lfs_route \|\| sidekiq_route`
			`end`

			`def sidekiq_route`
			`request.path.start_with?('/admin/sidekiq')`
			`end`

			`def grack_route`
			`# Calling route_hash may be expensive. Only do it if we think there's a possible match`
			`return false unless request.path.end_with?('.git/git-upload-pack')`

			`route_hash[:controller] == 'projects/git_http' && route_hash[:action] == 'git_upload_pack'`
			`end`

			`def lfs_route`
			`# Calling route_hash may be expensive. Only do it if we think there's a possible match`
			`return false unless request.path.end_with?('/info/lfs/objects/batch')`

			`route_hash[:controller] == 'projects/lfs_api' && route_hash[:action] == 'batch'`
			`end`
			`end`
			`end`
			`end`
			`end`