gitlab-org--gitlab-foss/app/controllers/search_controller.rb

# frozen_string_literal: true

class SearchController < ApplicationController
  include ControllerWithCrossProjectAccessCheck
  include SearchHelper
  include RedisTracking

  RESCUE_FROM_TIMEOUT_ACTIONS = [:count, :show, :autocomplete].freeze

  track_redis_hll_event :show, name: 'i_search_total'

  around_action :allow_gitaly_ref_name_caching

  before_action :block_anonymous_global_searches, :check_scope_global_search_enabled, except: :opensearch
  skip_before_action :authenticate_user!
  requires_cross_project_access if: -> do
    search_term_present = params[:search].present? || params[:term].present?
    search_term_present && !params[:project_id].present?
  end
  before_action :check_email_search_rate_limit!, only: [:show, :count, :autocomplete]

  rescue_from ActiveRecord::QueryCanceled, with: :render_timeout

  layout 'search'

  feature_category :global_search
  urgency :high, [:opensearch]
  urgency :low, [:count]

  def show
    @project = search_service.project
    @group = search_service.group

    return if params[:search].blank?

    return unless search_term_valid?

    return if check_single_commit_result?

    @search_term = params[:search]
    @sort = params[:sort] || default_sort

    @search_service = Gitlab::View::Presenter::Factory.new(search_service, current_user: current_user).fabricate!
    @scope = @search_service.scope
    @without_count = @search_service.without_count?
    @show_snippets = @search_service.show_snippets?
    @search_results = @search_service.search_results
    @search_objects = @search_service.search_objects
    @search_highlight = @search_service.search_highlight
    @aggregations = @search_service.search_aggregations

    increment_search_counters
  end

  def count
    params.require([:search, :scope])

    scope = search_service.scope

    count = 0
    ApplicationRecord.with_fast_read_statement_timeout do
      count = search_service.search_results.formatted_count(scope)
    end

    # Users switching tabs will keep fetching the same tab counts so it's a
    # good idea to cache in their browser just for a short time. They can still
    # clear cache if they are seeing an incorrect count but inaccurate count is
    # not such a bad thing.
    expires_in 1.minute

    render json: { count: count }
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def autocomplete
    term = params[:term]

    @project = search_service.project
    @ref = params[:project_ref] if params[:project_ref].present?

    render json: search_autocomplete_opts(term).to_json
  end
  # rubocop: enable CodeReuse/ActiveRecord

  def opensearch
  end

  private

  # overridden in EE
  def default_sort
    'created_desc'
  end

  def search_term_valid?
    unless search_service.valid_query_length?
      flash[:alert] = t('errors.messages.search_chars_too_long', count: Gitlab::Search::Params::SEARCH_CHAR_LIMIT)
      return false
    end

    unless search_service.valid_terms_count?
      flash[:alert] = t('errors.messages.search_terms_too_long', count: Gitlab::Search::Params::SEARCH_TERM_LIMIT)
      return false
    end

    true
  end

  def check_single_commit_result?
    return false if params[:force_search_results]
    return false unless @project.present?
    # download_code project policy grants user the read_commit ability
    return false unless Ability.allowed?(current_user, :download_code, @project)

    query = params[:search].strip.downcase
    return false unless Commit.valid_hash?(query)

    commit = @project.commit_by(oid: query)
    return false unless commit.present?

    link = search_path(safe_params.merge(force_search_results: true))
    flash[:notice] = html_escape(_("You have been redirected to the only result; see the %{a_start}search results%{a_end} instead.")) % { a_start: "<a href=\"#{link}\"><u>".html_safe, a_end: '</u></a>'.html_safe }
    redirect_to project_commit_path(@project, commit)

    true
  end

  def increment_search_counters
    Gitlab::UsageDataCounters::SearchCounter.count(:all_searches)

    return if params[:nav_source] != 'navbar'

    Gitlab::UsageDataCounters::SearchCounter.count(:navbar_searches)
  end

  def append_info_to_payload(payload)
    super

    # Merging to :metadata will ensure these are logged as top level keys
    payload[:metadata] ||= {}
    payload[:metadata]['meta.search.group_id'] = params[:group_id]
    payload[:metadata]['meta.search.project_id'] = params[:project_id]
    payload[:metadata]['meta.search.scope'] = params[:scope] || @scope
    payload[:metadata]['meta.search.filters.confidential'] = params[:confidential]
    payload[:metadata]['meta.search.filters.state'] = params[:state]
    payload[:metadata]['meta.search.force_search_results'] = params[:force_search_results]
    payload[:metadata]['meta.search.project_ids'] = params[:project_ids]
    payload[:metadata]['meta.search.search_level'] = params[:search_level]

    if search_service.abuse_detected?
      payload[:metadata]['abuse.confidence'] = Gitlab::Abuse.confidence(:certain)
      payload[:metadata]['abuse.messages'] = search_service.abuse_messages
    end
  end

  def block_anonymous_global_searches
    return unless search_service.global_search?
    return if current_user
    return unless ::Feature.enabled?(:block_anonymous_global_searches, type: :ops)

    store_location_for(:user, request.fullpath)

    redirect_to new_user_session_path, alert: _('You must be logged in to search across all of GitLab')
  end

  def check_scope_global_search_enabled
    return unless search_service.global_search?

    search_allowed = case params[:scope]
                     when 'blobs'
                       Feature.enabled?(:global_search_code_tab, current_user, type: :ops, default_enabled: true)
                     when 'commits'
                       Feature.enabled?(:global_search_commits_tab, current_user, type: :ops, default_enabled: true)
                     when 'issues'
                       Feature.enabled?(:global_search_issues_tab, current_user, type: :ops, default_enabled: true)
                     when 'merge_requests'
                       Feature.enabled?(:global_search_merge_requests_tab, current_user, type: :ops, default_enabled: true)
                     when 'wiki_blobs'
                       Feature.enabled?(:global_search_wiki_tab, current_user, type: :ops, default_enabled: true)
                     else
                       true
                     end

    return if search_allowed

    redirect_to search_path, alert: _('Global Search is disabled for this scope')
  end

  def render_timeout(exception)
    raise exception unless action_name.to_sym.in?(RESCUE_FROM_TIMEOUT_ACTIONS)

    log_exception(exception)

    @timeout = true

    case action_name.to_sym
    when :count
      render json: {}, status: :request_timeout
    when :autocomplete
      render json: [], status: :request_timeout
    else
      render status: :request_timeout
    end
  end

  def check_email_search_rate_limit!
    return unless search_service.params.email_lookup?

    check_rate_limit!(:user_email_lookup, scope: [current_user])
  end
end

SearchController.prepend_mod_with('SearchController')
Enable frozen string in app/controllers/*/.rb Enables frozen string for the following: * app/controllers/.rb app/controllers/admin/*/.rb * app/controllers/boards/*/.rb * app/controllers/ci/*/.rb * app/controllers/concerns/*/.rb Partially addresses #47424. 2018-09-14 01:42:05 -04:00			`# frozen_string_literal: true`

Simple search implementation 2012-03-15 19:14:39 -04:00			`class SearchController < ApplicationController`
Port `read_cross_project` ability from EE 2017-12-11 09:21:06 -05:00			`include ControllerWithCrossProjectAccessCheck`
Refactor search autocomplete. Use ajax for source Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-01-18 07:16:46 -05:00			`include SearchHelper`
Add latest changes from gitlab-org/gitlab@master 2020-08-28 08:10:37 -04:00			`include RedisTracking`
Refactor search autocomplete. Use ajax for source Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-01-18 07:16:46 -05:00
Add latest changes from gitlab-org/gitlab@master 2021-12-07 07:10:33 -05:00			`RESCUE_FROM_TIMEOUT_ACTIONS = [:count, :show, :autocomplete].freeze`
Add latest changes from gitlab-org/gitlab@master 2021-07-28 11:09:57 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-02-11 10:09:11 -05:00			`track_redis_hll_event :show, name: 'i_search_total'`
Add latest changes from gitlab-org/gitlab@master 2020-08-28 08:10:37 -04:00
Enable Gitaly ref caching for SearchController As we noticed in https://gitlab.com/gitlab-org/gitlab-ce/issues/56627#note_185828742, clicking on the "Issues" tab often requests the same reference in rendering Markdown. 2019-06-26 19:19:59 -04:00			`around_action :allow_gitaly_ref_name_caching`

Add latest changes from gitlab-org/gitlab@master 2021-08-26 17:11:25 -04:00			`before_action :block_anonymous_global_searches, :check_scope_global_search_enabled, except: :opensearch`
Port `read_cross_project` ability from EE 2017-12-11 09:21:06 -05:00			`skip_before_action :authenticate_user!`
			`requires_cross_project_access if: -> do`
			`search_term_present = params[:search].present? \|\| params[:term].present?`
			`search_term_present && !params[:project_id].present?`
			`end`
Add latest changes from gitlab-org/gitlab@master 2021-12-20 13:13:27 -05:00			`before_action :check_email_search_rate_limit!, only: [:show, :count, :autocomplete]`
Port `read_cross_project` ability from EE 2017-12-11 09:21:06 -05:00
Add latest changes from gitlab-org/gitlab@master 2021-07-09 08:08:17 -04:00			`rescue_from ActiveRecord::QueryCanceled, with: :render_timeout`

Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 04:39:11 -04:00			`layout 'search'`
Add a page title to every page. 2015-04-30 13:06:18 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-10-05 08:08:47 -04:00			`feature_category :global_search`
Add latest changes from gitlab-org/gitlab@master 2021-10-05 08:12:58 -04:00			`urgency :high, [:opensearch]`
Add latest changes from gitlab-org/gitlab@master 2022-02-22 19:18:11 -05:00			`urgency :low, [:count]`
Add latest changes from gitlab-org/gitlab@master 2020-10-05 08:08:47 -04:00
Simple search implementation 2012-03-15 19:14:39 -04:00			`def show`
Refactor SearchController#show 2017-03-31 09:03:55 -04:00			`@project = search_service.project`
			`@group = search_service.group`
Draft improvements to search layout Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-04-28 05:48:42 -04:00
Fix broken commits search 2016-11-07 13:36:58 -05:00			`return if params[:search].blank?`
Fixed search dropdown labels not displaying This would only happen when the search term was empty because the method was returning before the controller could find the group or project for the toggle Closes #21783 2016-09-09 07:08:49 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-12-26 16:07:49 -05:00			`return unless search_term_valid?`

Add latest changes from gitlab-org/gitlab@master 2020-10-21 23:08:25 -04:00			`return if check_single_commit_result?`

Fixed issue with dropdown option not sticking CHANGELOG item 2016-04-19 03:52:15 -04:00			`@search_term = params[:search]`
Add latest changes from gitlab-org/gitlab@master 2020-10-26 08:08:44 -04:00			`@sort = params[:sort] \|\| default_sort`
Fixed issue with dropdown option not sticking CHANGELOG item 2016-04-19 03:52:15 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-12-01 10:09:28 -05:00			`@search_service = Gitlab::View::Presenter::Factory.new(search_service, current_user: current_user).fabricate!`
			`@scope = @search_service.scope`
Add latest changes from gitlab-org/gitlab@master 2021-08-13 05:09:58 -04:00			`@without_count = @search_service.without_count?`
Add latest changes from gitlab-org/gitlab@master 2020-12-01 10:09:28 -05:00			`@show_snippets = @search_service.show_snippets?`
			`@search_results = @search_service.search_results`
			`@search_objects = @search_service.search_objects`
			`@search_highlight = @search_service.search_highlight`
Add latest changes from gitlab-org/gitlab@master 2021-10-26 14:09:19 -04:00			`@aggregations = @search_service.search_aggregations`
Adds cacheless render to Banzai object render 2017-08-23 12:53:29 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-05-25 02:08:38 -04:00			`increment_search_counters`
Allow public repo searching GITLAB-1386 Change-Id: I9a0bbe8db1a9bb00cef33b3e1854d78844b70a45 2013-10-23 16:27:40 -04:00			`end`
Refactor search autocomplete. Use ajax for source Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-01-18 07:16:46 -05:00
Load search result counts asynchronously Querying all counts for the different search results in the same request led to timeouts, so we now only calculate the count for the current search results, and request the others in separate asynchronous calls. 2019-07-15 13:59:57 -04:00			`def count`
			`params.require([:search, :scope])`

			`scope = search_service.scope`
Add latest changes from gitlab-org/gitlab@master 2021-04-15 14:09:01 -04:00
			`count = 0`
			`ApplicationRecord.with_fast_read_statement_timeout do`
			`count = search_service.search_results.formatted_count(scope)`
			`end`
Load search result counts asynchronously Querying all counts for the different search results in the same request led to timeouts, so we now only calculate the count for the current search results, and request the others in separate asynchronous calls. 2019-07-15 13:59:57 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-02-25 13:11:05 -05:00			`# Users switching tabs will keep fetching the same tab counts so it's a`
			`# good idea to cache in their browser just for a short time. They can still`
			`# clear cache if they are seeing an incorrect count but inaccurate count is`
			`# not such a bad thing.`
			`expires_in 1.minute`

Load search result counts asynchronously Querying all counts for the different search results in the same request led to timeouts, so we now only calculate the count for the current search results, and request the others in separate asynchronous calls. 2019-07-15 13:59:57 -04:00			`render json: { count: count }`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-07-10 05:09:01 -04:00			`# rubocop: disable CodeReuse/ActiveRecord`
			`def autocomplete`
			`term = params[:term]`

Add latest changes from gitlab-org/gitlab@master 2021-12-07 07:10:33 -05:00			`@project = search_service.project`
Add latest changes from gitlab-org/gitlab@master 2020-07-10 05:09:01 -04:00			`@ref = params[:project_ref] if params[:project_ref].present?`

			`render json: search_autocomplete_opts(term).to_json`
			`end`
			`# rubocop: enable CodeReuse/ActiveRecord`

Add latest changes from gitlab-org/gitlab@master 2021-02-01 07:09:03 -05:00			`def opensearch`
			`end`

Search feature: redirects to commit page if query is commit sha and only commit found See !8028 and #24833 2017-01-10 23:20:32 -05:00			`private`

Add latest changes from gitlab-org/gitlab@master 2020-10-26 08:08:44 -04:00			`# overridden in EE`
			`def default_sort`
			`'created_desc'`
			`end`

Add latest changes from gitlab-org/gitlab@master 2019-12-26 16:07:49 -05:00			`def search_term_valid?`
Add latest changes from gitlab-org/gitlab@master 2020-01-14 13:08:31 -05:00			`unless search_service.valid_query_length?`
Add latest changes from gitlab-org/gitlab@master 2021-12-09 07:15:43 -05:00			`flash[:alert] = t('errors.messages.search_chars_too_long', count: Gitlab::Search::Params::SEARCH_CHAR_LIMIT)`
Add latest changes from gitlab-org/gitlab@master 2019-12-26 16:07:49 -05:00			`return false`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-01-14 13:08:31 -05:00			`unless search_service.valid_terms_count?`
Add latest changes from gitlab-org/gitlab@master 2021-12-09 07:15:43 -05:00			`flash[:alert] = t('errors.messages.search_terms_too_long', count: Gitlab::Search::Params::SEARCH_TERM_LIMIT)`
Add latest changes from gitlab-org/gitlab@master 2019-12-26 16:07:49 -05:00			`return false`
			`end`

			`true`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-10-21 23:08:25 -04:00			`def check_single_commit_result?`
			`return false if params[:force_search_results]`
			`return false unless @project.present?`
			`# download_code project policy grants user the read_commit ability`
			`return false unless Ability.allowed?(current_user, :download_code, @project)`
Search feature: redirects to commit page if query is commit sha and only commit found See !8028 and #24833 2017-01-10 23:20:32 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-10-21 23:08:25 -04:00			`query = params[:search].strip.downcase`
			`return false unless Commit.valid_hash?(query)`

			`commit = @project.commit_by(oid: query)`
			`return false unless commit.present?`

			`link = search_path(safe_params.merge(force_search_results: true))`
			`flash[:notice] = html_escape(_("You have been redirected to the only result; see the %{a_start}search results%{a_end} instead.")) % { a_start: "<a href=\"#{link}\"><u>".html_safe, a_end: '</u></a>'.html_safe }`
			`redirect_to project_commit_path(@project, commit)`

			`true`
Search feature: redirects to commit page if query is commit sha and only commit found See !8028 and #24833 2017-01-10 23:20:32 -05:00			`end`
Added navbar searches usage ping counter Added usage ping counter when the user makes a search through the navbar search component. 2019-07-29 05:58:58 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-05-25 02:08:38 -04:00			`def increment_search_counters`
			`Gitlab::UsageDataCounters::SearchCounter.count(:all_searches)`

Added navbar searches usage ping counter Added usage ping counter when the user makes a search through the navbar search component. 2019-07-29 05:58:58 -04:00			`return if params[:nav_source] != 'navbar'`

Add latest changes from gitlab-org/gitlab@master 2020-05-25 02:08:38 -04:00			`Gitlab::UsageDataCounters::SearchCounter.count(:navbar_searches)`
Added navbar searches usage ping counter Added usage ping counter when the user makes a search through the navbar search component. 2019-07-29 05:58:58 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-07-30 08:09:33 -04:00
			`def append_info_to_payload(payload)`
			`super`

			`# Merging to :metadata will ensure these are logged as top level keys`
Add latest changes from gitlab-org/gitlab@master 2020-09-13 23:09:21 -04:00			`payload[:metadata] \|\|= {}`
Add latest changes from gitlab-org/gitlab@master 2020-07-30 08:09:33 -04:00			`payload[:metadata]['meta.search.group_id'] = params[:group_id]`
			`payload[:metadata]['meta.search.project_id'] = params[:project_id]`
Add latest changes from gitlab-org/gitlab@master 2021-02-24 13:11:28 -05:00			`payload[:metadata]['meta.search.scope'] = params[:scope] \|\| @scope`
Add latest changes from gitlab-org/gitlab@master 2020-10-24 02:08:52 -04:00			`payload[:metadata]['meta.search.filters.confidential'] = params[:confidential]`
			`payload[:metadata]['meta.search.filters.state'] = params[:state]`
			`payload[:metadata]['meta.search.force_search_results'] = params[:force_search_results]`
Add latest changes from gitlab-org/gitlab@master 2022-01-05 04:13:24 -05:00			`payload[:metadata]['meta.search.project_ids'] = params[:project_ids]`
Add latest changes from gitlab-org/gitlab@master 2022-02-16 01:12:24 -05:00			`payload[:metadata]['meta.search.search_level'] = params[:search_level]`
Add latest changes from gitlab-org/gitlab@master 2021-12-09 07:15:43 -05:00
			`if search_service.abuse_detected?`
			`payload[:metadata]['abuse.confidence'] = Gitlab::Abuse.confidence(:certain)`
			`payload[:metadata]['abuse.messages'] = search_service.abuse_messages`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-07-30 08:09:33 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-09-11 08:08:50 -04:00
			`def block_anonymous_global_searches`
Add latest changes from gitlab-org/gitlab@master 2021-12-06 07:10:19 -05:00			`return unless search_service.global_search?`
Add latest changes from gitlab-org/gitlab@master 2020-09-11 08:08:50 -04:00			`return if current_user`
Add latest changes from gitlab-org/gitlab@master 2021-11-15 04:09:53 -05:00			`return unless ::Feature.enabled?(:block_anonymous_global_searches, type: :ops)`
Add latest changes from gitlab-org/gitlab@master 2020-09-11 08:08:50 -04:00
			`store_location_for(:user, request.fullpath)`

			`redirect_to new_user_session_path, alert: _('You must be logged in to search across all of GitLab')`
			`end`
Add latest changes from gitlab-org/gitlab@master 2021-07-09 08:08:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-08-26 17:11:25 -04:00			`def check_scope_global_search_enabled`
Add latest changes from gitlab-org/gitlab@master 2021-12-06 07:10:19 -05:00			`return unless search_service.global_search?`
Add latest changes from gitlab-org/gitlab@master 2021-08-26 17:11:25 -04:00
			`search_allowed = case params[:scope]`
			`when 'blobs'`
			`Feature.enabled?(:global_search_code_tab, current_user, type: :ops, default_enabled: true)`
			`when 'commits'`
			`Feature.enabled?(:global_search_commits_tab, current_user, type: :ops, default_enabled: true)`
			`when 'issues'`
			`Feature.enabled?(:global_search_issues_tab, current_user, type: :ops, default_enabled: true)`
			`when 'merge_requests'`
			`Feature.enabled?(:global_search_merge_requests_tab, current_user, type: :ops, default_enabled: true)`
			`when 'wiki_blobs'`
			`Feature.enabled?(:global_search_wiki_tab, current_user, type: :ops, default_enabled: true)`
			`else`
			`true`
			`end`

			`return if search_allowed`

			`redirect_to search_path, alert: _('Global Search is disabled for this scope')`
			`end`

Add latest changes from gitlab-org/gitlab@master 2021-07-09 08:08:17 -04:00			`def render_timeout(exception)`
Add latest changes from gitlab-org/gitlab@master 2021-07-28 11:09:57 -04:00			`raise exception unless action_name.to_sym.in?(RESCUE_FROM_TIMEOUT_ACTIONS)`
Add latest changes from gitlab-org/gitlab@master 2021-07-09 08:08:17 -04:00
			`log_exception(exception)`

			`@timeout = true`
Add latest changes from gitlab-org/gitlab@master 2021-07-28 11:09:57 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-12-07 07:10:33 -05:00			`case action_name.to_sym`
			`when :count`
Add latest changes from gitlab-org/gitlab@master 2021-07-28 11:09:57 -04:00			`render json: {}, status: :request_timeout`
Add latest changes from gitlab-org/gitlab@master 2021-12-07 07:10:33 -05:00			`when :autocomplete`
			`render json: [], status: :request_timeout`
Add latest changes from gitlab-org/gitlab@master 2021-07-28 11:09:57 -04:00			`else`
			`render status: :request_timeout`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2021-12-20 13:13:27 -05:00
			`def check_email_search_rate_limit!`
			`return unless search_service.params.email_lookup?`

			`check_rate_limit!(:user_email_lookup, scope: [current_user])`
			`end`
Simple search implementation 2012-03-15 19:14:39 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-08-28 08:10:37 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-05-11 17:10:21 -04:00			`SearchController.prepend_mod_with('SearchController')`