gitlab-org--gitlab-foss/lib/gitlab/workhorse.rb

require 'base64'
require 'json'
require 'securerandom'
require 'uri'

module Gitlab
  class Workhorse
    SEND_DATA_HEADER = 'Gitlab-Workhorse-Send-Data'.freeze
    VERSION_FILE = 'GITLAB_WORKHORSE_VERSION'.freeze
    INTERNAL_API_CONTENT_TYPE = 'application/vnd.gitlab-workhorse+json'.freeze
    INTERNAL_API_REQUEST_HEADER = 'Gitlab-Workhorse-Api-Request'.freeze
    NOTIFICATION_CHANNEL = 'workhorse:notifications'.freeze

    # Supposedly the effective key size for HMAC-SHA256 is 256 bits, i.e. 32
    # bytes https://tools.ietf.org/html/rfc4868#section-2.6
    SECRET_LENGTH = 32

    class << self
      def git_http_ok(repository, is_wiki, user, action)
        project = repository.project
        repo_path = repository.path_to_repo
        params = {
          GL_ID: Gitlab::GlId.gl_id(user),
          GL_REPOSITORY: Gitlab::GlRepository.gl_repository(project, is_wiki),
          RepoPath: repo_path
        }

        if Gitlab.config.gitaly.enabled
          address = Gitlab::GitalyClient.address(project.repository_storage)
          params[:Repository] = repository.gitaly_repository.to_h

          feature_enabled = case action.to_s
                            when 'git_receive_pack'
                              # Disabled for now, see https://gitlab.com/gitlab-org/gitaly/issues/172
                              false
                            when 'git_upload_pack'
                              Gitlab::GitalyClient.feature_enabled?(:post_upload_pack)
                            when 'info_refs'
                              true
                            else
                              raise "Unsupported action: #{action}"
                            end

          params[:GitalyAddress] = address if feature_enabled
        end

        params
      end

      def lfs_upload_ok(oid, size)
        {
          StoreLFSPath: "#{Gitlab.config.lfs.storage_path}/tmp/upload",
          LfsOid: oid,
          LfsSize: size
        }
      end

      def artifact_upload_ok
        { TempPath: ArtifactUploader.artifacts_upload_path }
      end

      def send_git_blob(repository, blob)
        params = {
          'RepoPath' => repository.path_to_repo,
          'BlobId' => blob.id
        }

        [
          SEND_DATA_HEADER,
          "git-blob:#{encode(params)}"
        ]
      end

      def send_git_archive(repository, ref:, format:)
        format ||= 'tar.gz'
        format.downcase!
        params = repository.archive_metadata(ref, Gitlab.config.gitlab.repository_downloads_path, format)
        raise "Repository or ref not found" if params.empty?

        [
          SEND_DATA_HEADER,
          "git-archive:#{encode(params)}"
        ]
      end

      def send_git_diff(repository, diff_refs)
        params = {
          'RepoPath'  => repository.path_to_repo,
          'ShaFrom'   => diff_refs.base_sha,
          'ShaTo'     => diff_refs.head_sha
        }

        [
          SEND_DATA_HEADER,
          "git-diff:#{encode(params)}"
        ]
      end

      def send_git_patch(repository, diff_refs)
        params = {
          'RepoPath'  => repository.path_to_repo,
          'ShaFrom'   => diff_refs.base_sha,
          'ShaTo'     => diff_refs.head_sha
        }

        [
          SEND_DATA_HEADER,
          "git-format-patch:#{encode(params)}"
        ]
      end

      def send_artifacts_entry(build, entry)
        params = {
          'Archive' => build.artifacts_file.path,
          'Entry' => Base64.encode64(entry.path)
        }

        [
          SEND_DATA_HEADER,
          "artifacts-entry:#{encode(params)}"
        ]
      end

      def terminal_websocket(terminal)
        details = {
          'Terminal' => {
            'Subprotocols' => terminal[:subprotocols],
            'Url' => terminal[:url],
            'Header' => terminal[:headers],
            'MaxSessionTime' => terminal[:max_session_time]
          }
        }
        details['Terminal']['CAPem'] = terminal[:ca_pem] if terminal.has_key?(:ca_pem)

        details
      end

      def version
        path = Rails.root.join(VERSION_FILE)
        path.readable? ? path.read.chomp : 'unknown'
      end

      def secret
        @secret ||= begin
          bytes = Base64.strict_decode64(File.read(secret_path).chomp)
          raise "#{secret_path} does not contain #{SECRET_LENGTH} bytes" if bytes.length != SECRET_LENGTH
          bytes
        end
      end

      def write_secret
        bytes = SecureRandom.random_bytes(SECRET_LENGTH)
        File.open(secret_path, 'w:BINARY', 0600) do |f|
          f.chmod(0600) # If the file already existed, the '0600' passed to 'open' above was a no-op.
          f.write(Base64.strict_encode64(bytes))
        end
      end

      def verify_api_request!(request_headers)
        decode_jwt(request_headers[INTERNAL_API_REQUEST_HEADER])
      end

      def decode_jwt(encoded_message)
        JWT.decode(
          encoded_message,
          secret,
          true,
          { iss: 'gitlab-workhorse', verify_iss: true, algorithm: 'HS256' }
        )
      end

      def secret_path
        Gitlab.config.workhorse.secret_file
      end

      def set_key_and_notify(key, value, expire: nil, overwrite: true)
        Gitlab::Redis.with do |redis|
          result = redis.set(key, value, ex: expire, nx: !overwrite)
          if result
            redis.publish(NOTIFICATION_CHANNEL, "#{key}=#{value}")
            value
          else
            redis.get(key)
          end
        end
      end

      protected

      def encode(hash)
        Base64.urlsafe_encode64(JSON.dump(hash))
      end
    end
  end
end
Use only one header to send git blobs 2016-02-01 05:33:22 -05:00			`require 'base64'`
			`require 'json'`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`require 'securerandom'`
Change socket_path to gitaly_address 2017-03-24 13:22:42 -04:00			`require 'uri'`
Use only one header to send git blobs 2016-02-01 05:33:22 -05:00
			`module Gitlab`
			`class Workhorse`
Enable Style/MutableConstant 2017-02-21 18:32:18 -05:00			`SEND_DATA_HEADER = 'Gitlab-Workhorse-Send-Data'.freeze`
			`VERSION_FILE = 'GITLAB_WORKHORSE_VERSION'.freeze`
			`INTERNAL_API_CONTENT_TYPE = 'application/vnd.gitlab-workhorse+json'.freeze`
			`INTERNAL_API_REQUEST_HEADER = 'Gitlab-Workhorse-Api-Request'.freeze`
Add support for Workhorse notifications 2017-02-28 06:07:04 -05:00			`NOTIFICATION_CHANNEL = 'workhorse:notifications'.freeze`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00
			`# Supposedly the effective key size for HMAC-SHA256 is 256 bits, i.e. 32`
			`# bytes https://tools.ietf.org/html/rfc4868#section-2.6`
			`SECRET_LENGTH = 32`
First version of "git archive" headers 2016-02-02 08:09:55 -05:00
Fix API 2016-02-11 12:10:14 -05:00			`class << self`
Pass GL_REPOSITORY in Workhorse responses 2017-05-03 17:07:54 -04:00			`def git_http_ok(repository, is_wiki, user, action)`
			`project = repository.project`
Pass Gitaly Repository messages to workhorse 2017-03-30 12:48:22 -04:00			`repo_path = repository.path_to_repo`
Pass Gitaly resource path to gitlab-workhorse if Gitaly is enabled 2016-12-26 12:15:40 -05:00			`params = {`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`GL_ID: Gitlab::GlId.gl_id(user),`
Pass GL_REPOSITORY in Workhorse responses 2017-05-03 17:07:54 -04:00			`GL_REPOSITORY: Gitlab::GlRepository.gl_repository(project, is_wiki),`
Enable the Style/TrailingCommaInLiteral cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-05-03 07:22:03 -04:00			`RepoPath: repo_path`
Move workhorse protocol code into lib 2016-04-06 11:52:12 -04:00			`}`
Pass Gitaly resource path to gitlab-workhorse if Gitaly is enabled 2016-12-26 12:15:40 -05:00
Change socket_path to gitaly_address 2017-03-24 13:22:42 -04:00			`if Gitlab.config.gitaly.enabled`
Don't reuse gRPC channels It seems that bad things happen when two gRPC stubs share one gRPC channel so let's stop doing that. The downside of this is that we create more gRPC connections; one per stub. 2017-05-10 08:18:59 -04:00			`address = Gitlab::GitalyClient.address(project.repository_storage)`
Send more Gitaly::Repository fields 2017-04-06 10:54:15 -04:00			`params[:Repository] = repository.gitaly_repository.to_h`
Add feature flags for enabling (Upload\|Receive)Pack for Gitaly Closes gitaly#168 2017-03-30 11:24:36 -04:00
			`feature_enabled = case action.to_s`
			`when 'git_receive_pack'`
Disable support for Gitaly PostReceivePack See https://gitlab.com/gitlab-org/gitaly/issues/172 2017-04-04 07:31:24 -04:00			`# Disabled for now, see https://gitlab.com/gitlab-org/gitaly/issues/172`
			`false`
Add feature flags for enabling (Upload\|Receive)Pack for Gitaly Closes gitaly#168 2017-03-30 11:24:36 -04:00			`when 'git_upload_pack'`
			`Gitlab::GitalyClient.feature_enabled?(:post_upload_pack)`
			`when 'info_refs'`
			`true`
			`else`
			`raise "Unsupported action: #{action}"`
			`end`

Remove deprecated field from workhorse response 2017-04-05 09:57:23 -04:00			`params[:GitalyAddress] = address if feature_enabled`
Change socket_path to gitaly_address 2017-03-24 13:22:42 -04:00			`end`
Pass Gitaly resource path to gitlab-workhorse if Gitaly is enabled 2016-12-26 12:15:40 -05:00
			`params`
Move workhorse protocol code into lib 2016-04-06 11:52:12 -04:00			`end`

Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`def lfs_upload_ok(oid, size)`
			`{`
			`StoreLFSPath: "#{Gitlab.config.lfs.storage_path}/tmp/upload",`
			`LfsOid: oid,`
Enable the Style/TrailingCommaInLiteral cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-05-03 07:22:03 -04:00			`LfsSize: size`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`}`
			`end`

			`def artifact_upload_ok`
			`{ TempPath: ArtifactUploader.artifacts_upload_path }`
			`end`

Use only one header to send git blobs 2016-02-01 05:33:22 -05:00			`def send_git_blob(repository, blob)`
First version of "git archive" headers 2016-02-02 08:09:55 -05:00			`params = {`
Use only one header to send git blobs 2016-02-01 05:33:22 -05:00			`'RepoPath' => repository.path_to_repo,`
Enable the Style/TrailingCommaInLiteral cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-05-03 07:22:03 -04:00			`'BlobId' => blob.id`
Use only one header to send git blobs 2016-02-01 05:33:22 -05:00			`}`

			`[`
First version of "git archive" headers 2016-02-02 08:09:55 -05:00			`SEND_DATA_HEADER,`
Add send_git_diff helper 2016-06-08 08:30:15 -04:00			`"git-blob:#{encode(params)}"`
Use only one header to send git blobs 2016-02-01 05:33:22 -05:00			`]`
			`end`
First version of "git archive" headers 2016-02-02 08:09:55 -05:00
Add workhorse controller and API helpers 2016-06-06 07:16:30 -04:00			`def send_git_archive(repository, ref:, format:)`
First version of "git archive" headers 2016-02-02 08:09:55 -05:00			`format \|\|= 'tar.gz'`
			`format.downcase!`
Add workhorse controller and API helpers 2016-06-06 07:16:30 -04:00			`params = repository.archive_metadata(ref, Gitlab.config.gitlab.repository_downloads_path, format)`
First version of "git archive" headers 2016-02-02 08:09:55 -05:00			`raise "Repository or ref not found" if params.empty?`

			`[`
			`SEND_DATA_HEADER,`
Add send_git_diff helper 2016-06-08 08:30:15 -04:00			`"git-archive:#{encode(params)}"`
First version of "git archive" headers 2016-02-02 08:09:55 -05:00			`]`
			`end`
Workhorse to serve raw diffs 2016-05-12 14:50:49 -04:00
Add send_git_diff helper 2016-06-08 08:30:15 -04:00			`def send_git_diff(repository, diff_refs)`
Workhorse to serve raw diffs 2016-05-12 14:50:49 -04:00			`params = {`
Add send_git_diff helper 2016-06-08 08:30:15 -04:00			`'RepoPath' => repository.path_to_repo,`
Use base SHA for patches and diffs This commit changes the revisions used for diffs. The current behaviour is to show all changes between current tip of master and tip of the MR, rather than matching the output of the web frontend (which just shows the changes in the MR). Switching from start_sha to base_sha fixes this. 2016-09-20 12:21:52 -04:00			`'ShaFrom' => diff_refs.base_sha,`
Represent DiffRefs as proper class instead of tuple array 2016-06-20 12:51:48 -04:00			`'ShaTo' => diff_refs.head_sha`
Workhorse to serve raw diffs 2016-05-12 14:50:49 -04:00			`}`

			`[`
			`SEND_DATA_HEADER,`
			`"git-diff:#{encode(params)}"`
First version of "git archive" headers 2016-02-02 08:09:55 -05:00			`]`
			`end`
Add workhorse controller and API helpers 2016-06-06 07:16:30 -04:00
Add send_git_patch helper 2016-07-03 17:01:13 -04:00			`def send_git_patch(repository, diff_refs)`
Workhorse to serve email diffs Depends on the changes in Workhorse (gitlab-org/gitlab-workhorse!48). 2016-06-10 08:57:50 -04:00			`params = {`
Bump workhorse version 2016-06-28 08:59:25 -04:00			`'RepoPath' => repository.path_to_repo,`
Use base SHA for patches and diffs This commit changes the revisions used for diffs. The current behaviour is to show all changes between current tip of master and tip of the MR, rather than matching the output of the web frontend (which just shows the changes in the MR). Switching from start_sha to base_sha fixes this. 2016-09-20 12:21:52 -04:00			`'ShaFrom' => diff_refs.base_sha,`
Add send_git_patch helper 2016-07-03 17:01:13 -04:00			`'ShaTo' => diff_refs.head_sha`
Workhorse to serve email diffs Depends on the changes in Workhorse (gitlab-org/gitlab-workhorse!48). 2016-06-10 08:57:50 -04:00			`}`

			`[`
Bump workhorse version 2016-06-28 08:59:25 -04:00			`SEND_DATA_HEADER,`
Workhorse to serve email diffs Depends on the changes in Workhorse (gitlab-org/gitlab-workhorse!48). 2016-06-10 08:57:50 -04:00			`"git-format-patch:#{encode(params)}"`
			`]`
			`end`

Use Gitlab-Workhorse-Send-Data to send entry: Closes #19224, Closes #19128 Also requires this MR to work: https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/53 2016-07-05 10:58:38 -04:00			`def send_artifacts_entry(build, entry)`
			`params = {`
			`'Archive' => build.artifacts_file.path,`
			`'Entry' => Base64.encode64(entry.path)`
			`}`

			`[`
			`SEND_DATA_HEADER,`
			`"artifacts-entry:#{encode(params)}"`
			`]`
			`end`

Add terminals to the Kubernetes deployment service 2016-11-22 14:55:56 -05:00			`def terminal_websocket(terminal)`
			`details = {`
			`'Terminal' => {`
			`'Subprotocols' => terminal[:subprotocols],`
			`'Url' => terminal[:url],`
Introduce maximum session time for terminal websocket connection Store the value in application settings. Expose the value to Workhorse. 2017-01-26 13:16:50 -05:00			`'Header' => terminal[:headers],`
Enable the Style/TrailingCommaInLiteral cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-05-03 07:22:03 -04:00			`'MaxSessionTime' => terminal[:max_session_time]`
Add terminals to the Kubernetes deployment service 2016-11-22 14:55:56 -05:00			`}`
			`}`
			`details['Terminal']['CAPem'] = terminal[:ca_pem] if terminal.has_key?(:ca_pem)`

			`details`
			`end`

Add gitlab-workhorse version to admin dashboard Test for showing GitLab Workhorse version on Admin Dashboard Refactoring 2016-07-18 07:58:08 -04:00			`def version`
If version file is unavailable unknown status 2016-07-21 16:04:28 -04:00			`path = Rails.root.join(VERSION_FILE)`
			`path.readable? ? path.read.chomp : 'unknown'`
Add gitlab-workhorse version to admin dashboard Test for showing GitLab Workhorse version on Admin Dashboard Refactoring 2016-07-18 07:58:08 -04:00			`end`

Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`def secret`
			`@secret \|\|= begin`
Allow trailing newline in secret base64 data 2016-09-13 13:45:02 -04:00			`bytes = Base64.strict_decode64(File.read(secret_path).chomp)`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`raise "#{secret_path} does not contain #{SECRET_LENGTH} bytes" if bytes.length != SECRET_LENGTH`
			`bytes`
			`end`
			`end`
Use base SHA for patches and diffs This commit changes the revisions used for diffs. The current behaviour is to show all changes between current tip of master and tip of the MR, rather than matching the output of the web frontend (which just shows the changes in the MR). Switching from start_sha to base_sha fixes this. 2016-09-20 12:21:52 -04:00
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`def write_secret`
			`bytes = SecureRandom.random_bytes(SECRET_LENGTH)`
Use base SHA for patches and diffs This commit changes the revisions used for diffs. The current behaviour is to show all changes between current tip of master and tip of the MR, rather than matching the output of the web frontend (which just shows the changes in the MR). Switching from start_sha to base_sha fixes this. 2016-09-20 12:21:52 -04:00			`File.open(secret_path, 'w:BINARY', 0600) do \|f\|`
Explain the extra chmod 2016-09-26 08:21:39 -04:00			`f.chmod(0600) # If the file already existed, the '0600' passed to 'open' above was a no-op.`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`f.write(Base64.strict_encode64(bytes))`
			`end`
			`end`
Use base SHA for patches and diffs This commit changes the revisions used for diffs. The current behaviour is to show all changes between current tip of master and tip of the MR, rather than matching the output of the web frontend (which just shows the changes in the MR). Switching from start_sha to base_sha fixes this. 2016-09-20 12:21:52 -04:00
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`def verify_api_request!(request_headers)`
Add Gitlab::Middleware::Multipart 2016-08-18 10:31:44 -04:00			`decode_jwt(request_headers[INTERNAL_API_REQUEST_HEADER])`
			`end`

			`def decode_jwt(encoded_message)`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`JWT.decode(`
Add Gitlab::Middleware::Multipart 2016-08-18 10:31:44 -04:00			`encoded_message,`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`secret,`
			`true,`
Enable the Style/TrailingCommaInArguments cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-05-03 07:27:17 -04:00			`{ iss: 'gitlab-workhorse', verify_iss: true, algorithm: 'HS256' }`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`)`
			`end`

			`def secret_path`
Make location of gitlab_workhorse_secret configurable Hard-coding location of configuration files is very bad practice. This patch applies the same approach as currently used for gitlab_shell_secret file. 2017-03-30 20:37:45 -04:00			`Gitlab.config.workhorse.secret_file`
Verify JWT messages from gitlab-workhorse 2016-08-19 13:10:41 -04:00			`end`
Use base SHA for patches and diffs This commit changes the revisions used for diffs. The current behaviour is to show all changes between current tip of master and tip of the MR, rather than matching the output of the web frontend (which just shows the changes in the MR). Switching from start_sha to base_sha fixes this. 2016-09-20 12:21:52 -04:00
Update notification code 2017-03-06 05:44:45 -05:00			`def set_key_and_notify(key, value, expire: nil, overwrite: true)`
Add support for Workhorse notifications 2017-02-28 06:07:04 -05:00			`Gitlab::Redis.with do \|redis\|`
			`result = redis.set(key, value, ex: expire, nx: !overwrite)`
			`if result`
Update notification code 2017-03-06 05:44:45 -05:00			`redis.publish(NOTIFICATION_CHANNEL, "#{key}=#{value}")`
Add support for Workhorse notifications 2017-02-28 06:07:04 -05:00			`value`
			`else`
			`redis.get(key)`
			`end`
			`end`
			`end`

First version of "git archive" headers 2016-02-02 08:09:55 -05:00			`protected`
Add workhorse controller and API helpers 2016-06-06 07:16:30 -04:00
First version of "git archive" headers 2016-02-02 08:09:55 -05:00			`def encode(hash)`
			`Base64.urlsafe_encode64(JSON.dump(hash))`
			`end`
Use only one header to send git blobs 2016-02-01 05:33:22 -05:00			`end`
			`end`
Gotta have newlines 2016-02-01 06:27:35 -05:00			`end`