2019-03-06 07:12:04 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module ApplicationSettingImplementation
|
|
|
|
extend ActiveSupport::Concern
|
2019-07-24 13:59:38 -04:00
|
|
|
include Gitlab::Utils::StrongMemoize
|
2019-03-06 07:12:04 -05:00
|
|
|
|
2019-09-26 17:06:29 -04:00
|
|
|
STRING_LIST_SEPARATOR = %r{\s*[,;]\s* # comma or semicolon, optionally surrounded by whitespace
|
2019-03-06 07:12:04 -05:00
|
|
|
| # or
|
|
|
|
\s # any whitespace character
|
|
|
|
| # or
|
|
|
|
[\r\n] # any number of newline characters
|
2019-05-05 06:19:14 -04:00
|
|
|
}x.freeze
|
2019-03-06 07:12:04 -05:00
|
|
|
|
|
|
|
# Setting a key restriction to `-1` means that all keys of this type are
|
|
|
|
# forbidden.
|
|
|
|
FORBIDDEN_KEY_VALUE = KeyRestrictionValidator::FORBIDDEN
|
|
|
|
SUPPORTED_KEY_TYPES = %i[rsa dsa ecdsa ed25519].freeze
|
2021-06-21 17:08:33 -04:00
|
|
|
VALID_RUNNER_REGISTRAR_TYPES = %w(project group).freeze
|
2019-03-06 07:12:04 -05:00
|
|
|
|
2019-09-26 17:06:29 -04:00
|
|
|
DEFAULT_PROTECTED_PATHS = [
|
|
|
|
'/users/password',
|
|
|
|
'/users/sign_in',
|
|
|
|
'/api/v3/session.json',
|
|
|
|
'/api/v3/session',
|
|
|
|
'/api/v4/session.json',
|
|
|
|
'/api/v4/session',
|
|
|
|
'/users',
|
|
|
|
'/users/confirmation',
|
|
|
|
'/unsubscribes/',
|
2019-12-02 07:06:45 -05:00
|
|
|
'/import/github/personal_access_token',
|
|
|
|
'/admin/session'
|
2019-09-26 17:06:29 -04:00
|
|
|
].freeze
|
|
|
|
|
2019-12-16 07:07:43 -05:00
|
|
|
DEFAULT_MINIMUM_PASSWORD_LENGTH = 8
|
|
|
|
|
2019-03-06 07:12:04 -05:00
|
|
|
class_methods do
|
|
|
|
def defaults
|
|
|
|
{
|
2021-03-17 20:08:58 -04:00
|
|
|
admin_mode: false,
|
2019-03-06 07:12:04 -05:00
|
|
|
after_sign_up_text: nil,
|
|
|
|
akismet_enabled: false,
|
2021-04-30 14:10:09 -04:00
|
|
|
akismet_api_key: nil,
|
2019-07-26 06:21:52 -04:00
|
|
|
allow_local_requests_from_system_hooks: true,
|
2020-07-31 14:09:37 -04:00
|
|
|
allow_local_requests_from_web_hooks_and_services: false,
|
2019-02-20 18:51:55 -05:00
|
|
|
asset_proxy_enabled: false,
|
2019-03-06 07:12:04 -05:00
|
|
|
authorized_keys_enabled: true, # TODO default to false if the instance is configured to use AuthorizedKeysCommand
|
2019-02-20 18:51:55 -05:00
|
|
|
commit_email_hostname: default_commit_email_hostname,
|
2020-04-08 05:09:43 -04:00
|
|
|
container_expiration_policies_enable_historic_entries: false,
|
2020-05-08 17:09:47 -04:00
|
|
|
container_registry_features: [],
|
2019-03-06 07:12:04 -05:00
|
|
|
container_registry_token_expire_delay: 5,
|
2020-05-08 17:09:47 -04:00
|
|
|
container_registry_vendor: '',
|
|
|
|
container_registry_version: '',
|
2020-07-31 14:09:37 -04:00
|
|
|
custom_http_clone_url_root: nil,
|
2019-03-06 07:12:04 -05:00
|
|
|
default_artifacts_expire_in: '30 days',
|
2020-07-31 14:09:37 -04:00
|
|
|
default_branch_name: nil,
|
2019-03-06 07:12:04 -05:00
|
|
|
default_branch_protection: Settings.gitlab['default_branch_protection'],
|
2019-11-13 10:07:29 -05:00
|
|
|
default_ci_config_path: nil,
|
2019-03-06 07:12:04 -05:00
|
|
|
default_group_visibility: Settings.gitlab.default_projects_features['visibility_level'],
|
2019-04-05 14:49:46 -04:00
|
|
|
default_project_creation: Settings.gitlab['default_project_creation'],
|
2019-03-06 07:12:04 -05:00
|
|
|
default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
|
|
|
|
default_projects_limit: Settings.gitlab['default_projects_limit'],
|
|
|
|
default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
|
2019-02-20 18:51:55 -05:00
|
|
|
diff_max_patch_bytes: Gitlab::Git::Diff::DEFAULT_MAX_PATCH_BYTES,
|
2021-06-15 02:10:17 -04:00
|
|
|
diff_max_files: Commit::DEFAULT_MAX_DIFF_FILES_SETTING,
|
|
|
|
diff_max_lines: Commit::DEFAULT_MAX_DIFF_LINES_SETTING,
|
2020-12-06 22:09:49 -05:00
|
|
|
disable_feed_token: false,
|
2019-03-06 07:12:04 -05:00
|
|
|
disabled_oauth_sign_in_sources: [],
|
2019-02-20 18:51:55 -05:00
|
|
|
dns_rebinding_protection_enabled: true,
|
2020-11-10 07:08:57 -05:00
|
|
|
domain_allowlist: Settings.gitlab['domain_allowlist'],
|
2019-03-06 07:12:04 -05:00
|
|
|
dsa_key_restriction: 0,
|
|
|
|
ecdsa_key_restriction: 0,
|
|
|
|
ed25519_key_restriction: 0,
|
2019-11-08 01:06:24 -05:00
|
|
|
eks_access_key_id: nil,
|
2020-07-31 14:09:37 -04:00
|
|
|
eks_account_id: nil,
|
|
|
|
eks_integration_enabled: false,
|
2019-11-08 01:06:24 -05:00
|
|
|
eks_secret_access_key: nil,
|
2020-02-19 22:08:57 -05:00
|
|
|
email_restrictions_enabled: false,
|
|
|
|
email_restrictions: nil,
|
2021-04-15 20:09:09 -04:00
|
|
|
external_pipeline_validation_service_timeout: nil,
|
|
|
|
external_pipeline_validation_service_token: nil,
|
|
|
|
external_pipeline_validation_service_url: nil,
|
2019-03-06 07:12:04 -05:00
|
|
|
first_day_of_week: 0,
|
2021-05-07 05:10:27 -04:00
|
|
|
floc_enabled: false,
|
2019-03-06 07:12:04 -05:00
|
|
|
gitaly_timeout_default: 55,
|
|
|
|
gitaly_timeout_fast: 10,
|
|
|
|
gitaly_timeout_medium: 30,
|
2020-09-16 14:09:47 -04:00
|
|
|
gitpod_enabled: false,
|
|
|
|
gitpod_url: 'https://gitpod.io/',
|
2019-03-06 07:12:04 -05:00
|
|
|
gravatar_enabled: Settings.gravatar['enabled'],
|
2020-07-31 14:09:37 -04:00
|
|
|
group_download_export_limit: 1,
|
|
|
|
group_export_limit: 6,
|
|
|
|
group_import_limit: 6,
|
2019-03-06 07:12:04 -05:00
|
|
|
help_page_hide_commercial_content: false,
|
|
|
|
help_page_text: nil,
|
2020-10-05 14:08:51 -04:00
|
|
|
help_page_documentation_base_url: nil,
|
2019-03-06 07:12:04 -05:00
|
|
|
hide_third_party_offers: false,
|
|
|
|
housekeeping_bitmaps_enabled: true,
|
|
|
|
housekeeping_enabled: true,
|
|
|
|
housekeeping_full_repack_period: 50,
|
|
|
|
housekeeping_gc_period: 200,
|
|
|
|
housekeeping_incremental_repack_period: 10,
|
|
|
|
import_sources: Settings.gitlab['import_sources'],
|
2021-01-12 10:10:37 -05:00
|
|
|
invisible_captcha_enabled: false,
|
2020-04-14 11:09:44 -04:00
|
|
|
issues_create_limit: 300,
|
2019-02-20 18:51:55 -05:00
|
|
|
local_markdown_version: 0,
|
2020-07-31 14:09:37 -04:00
|
|
|
login_recaptcha_protection_enabled: false,
|
2021-06-29 14:07:04 -04:00
|
|
|
mailgun_signing_key: nil,
|
|
|
|
mailgun_events_enabled: false,
|
2019-03-06 07:12:04 -05:00
|
|
|
max_artifacts_size: Settings.artifacts['max_size'],
|
|
|
|
max_attachment_size: Settings.gitlab['max_attachment_size'],
|
2021-01-13 16:11:00 -05:00
|
|
|
max_import_size: 0,
|
2021-08-31 23:11:03 -04:00
|
|
|
max_yaml_size_bytes: 1.megabyte,
|
|
|
|
max_yaml_depth: 100,
|
2020-07-31 14:09:37 -04:00
|
|
|
minimum_password_length: DEFAULT_MINIMUM_PASSWORD_LENGTH,
|
2019-03-06 07:12:04 -05:00
|
|
|
mirror_available: true,
|
2021-02-11 07:08:52 -05:00
|
|
|
notes_create_limit: 300,
|
|
|
|
notes_create_limit_allowlist: [],
|
2020-06-22 11:09:27 -04:00
|
|
|
notify_on_unknown_sign_in: true,
|
2019-02-20 18:51:55 -05:00
|
|
|
outbound_local_requests_whitelist: [],
|
2019-03-06 07:12:04 -05:00
|
|
|
password_authentication_enabled_for_git: true,
|
|
|
|
password_authentication_enabled_for_web: Settings.gitlab['signin_enabled'],
|
|
|
|
performance_bar_allowed_group_id: nil,
|
2020-12-15 10:09:59 -05:00
|
|
|
personal_access_token_prefix: nil,
|
2019-03-06 07:12:04 -05:00
|
|
|
plantuml_enabled: false,
|
|
|
|
plantuml_url: nil,
|
|
|
|
polling_interval_multiplier: 1,
|
2020-07-31 14:09:37 -04:00
|
|
|
productivity_analytics_start_date: Time.current,
|
|
|
|
project_download_export_limit: 1,
|
2019-03-06 07:12:04 -05:00
|
|
|
project_export_enabled: true,
|
2020-07-31 14:09:37 -04:00
|
|
|
project_export_limit: 6,
|
|
|
|
project_import_limit: 6,
|
2020-05-14 05:07:53 -04:00
|
|
|
protected_ci_variables: true,
|
2020-07-31 14:09:37 -04:00
|
|
|
protected_paths: DEFAULT_PROTECTED_PATHS,
|
2019-10-17 08:07:33 -04:00
|
|
|
push_event_activities_limit: 3,
|
2020-07-31 14:09:37 -04:00
|
|
|
push_event_hooks_limit: 3,
|
2019-02-20 18:51:55 -05:00
|
|
|
raw_blob_request_limit: 300,
|
2019-03-06 07:12:04 -05:00
|
|
|
recaptcha_enabled: false,
|
|
|
|
repository_checks_enabled: true,
|
2021-03-11 10:09:10 -05:00
|
|
|
repository_storages_weighted: { 'default' => 100 },
|
2020-07-31 14:09:37 -04:00
|
|
|
repository_storages: ['default'],
|
2020-11-16 10:09:23 -05:00
|
|
|
require_admin_approval_after_user_signup: true,
|
2019-03-06 07:12:04 -05:00
|
|
|
require_two_factor_authentication: false,
|
|
|
|
restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
|
2020-07-31 14:09:37 -04:00
|
|
|
rsa_key_restriction: 0,
|
2019-03-06 07:12:04 -05:00
|
|
|
send_user_confirmation_email: false,
|
2020-07-31 14:09:37 -04:00
|
|
|
session_expire_delay: Settings.gitlab['session_expire_delay'],
|
2019-03-06 07:12:04 -05:00
|
|
|
shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'],
|
|
|
|
shared_runners_text: nil,
|
2021-10-20 08:13:26 -04:00
|
|
|
sidekiq_job_limiter_mode: Gitlab::SidekiqMiddleware::SizeLimiter::Validator::COMPRESS_MODE,
|
|
|
|
sidekiq_job_limiter_compression_threshold_bytes: Gitlab::SidekiqMiddleware::SizeLimiter::Validator::DEFAULT_COMPRESSION_THRESHOLD_BYTES,
|
|
|
|
sidekiq_job_limiter_limit_bytes: Gitlab::SidekiqMiddleware::SizeLimiter::Validator::DEFAULT_SIZE_LIMIT,
|
2019-03-06 07:12:04 -05:00
|
|
|
sign_in_text: nil,
|
|
|
|
signup_enabled: Settings.gitlab['signup_enabled'],
|
2020-07-31 14:09:37 -04:00
|
|
|
snippet_size_limit: 50.megabytes,
|
|
|
|
snowplow_app_id: nil,
|
|
|
|
snowplow_collector_hostname: nil,
|
|
|
|
snowplow_cookie_domain: nil,
|
|
|
|
snowplow_enabled: false,
|
2019-11-15 13:06:24 -05:00
|
|
|
sourcegraph_enabled: false,
|
|
|
|
sourcegraph_public_only: true,
|
2020-07-31 14:09:37 -04:00
|
|
|
sourcegraph_url: nil,
|
2020-05-22 05:08:09 -04:00
|
|
|
spam_check_endpoint_enabled: false,
|
|
|
|
spam_check_endpoint_url: nil,
|
2021-04-30 14:10:09 -04:00
|
|
|
spam_check_api_key: nil,
|
2021-09-28 05:11:19 -04:00
|
|
|
suggest_pipeline_enabled: true,
|
2019-03-06 07:12:04 -05:00
|
|
|
terminal_max_session_time: 0,
|
|
|
|
throttle_authenticated_api_enabled: false,
|
|
|
|
throttle_authenticated_api_period_in_seconds: 3600,
|
|
|
|
throttle_authenticated_api_requests_per_period: 7200,
|
2021-09-01 14:08:49 -04:00
|
|
|
throttle_authenticated_git_lfs_enabled: false,
|
|
|
|
throttle_authenticated_git_lfs_period_in_seconds: 60,
|
|
|
|
throttle_authenticated_git_lfs_requests_per_period: 1000,
|
2019-03-06 07:12:04 -05:00
|
|
|
throttle_authenticated_web_enabled: false,
|
|
|
|
throttle_authenticated_web_period_in_seconds: 3600,
|
|
|
|
throttle_authenticated_web_requests_per_period: 7200,
|
2021-04-21 11:09:35 -04:00
|
|
|
throttle_authenticated_packages_api_enabled: false,
|
|
|
|
throttle_authenticated_packages_api_period_in_seconds: 15,
|
|
|
|
throttle_authenticated_packages_api_requests_per_period: 1000,
|
2021-08-26 20:08:45 -04:00
|
|
|
throttle_authenticated_files_api_enabled: false,
|
|
|
|
throttle_authenticated_files_api_period_in_seconds: 15,
|
|
|
|
throttle_authenticated_files_api_requests_per_period: 500,
|
2021-09-28 08:11:10 -04:00
|
|
|
throttle_authenticated_deprecated_api_enabled: false,
|
|
|
|
throttle_authenticated_deprecated_api_period_in_seconds: 3600,
|
|
|
|
throttle_authenticated_deprecated_api_requests_per_period: 3600,
|
2020-07-31 14:09:37 -04:00
|
|
|
throttle_incident_management_notification_enabled: false,
|
|
|
|
throttle_incident_management_notification_per_period: 3600,
|
|
|
|
throttle_incident_management_notification_period_in_seconds: 3600,
|
2019-09-26 17:06:29 -04:00
|
|
|
throttle_protected_paths_enabled: false,
|
|
|
|
throttle_protected_paths_in_seconds: 10,
|
|
|
|
throttle_protected_paths_per_period: 60,
|
2021-09-13 11:10:34 -04:00
|
|
|
throttle_unauthenticated_api_enabled: false,
|
|
|
|
throttle_unauthenticated_api_period_in_seconds: 3600,
|
|
|
|
throttle_unauthenticated_api_requests_per_period: 3600,
|
2020-07-31 14:09:37 -04:00
|
|
|
throttle_unauthenticated_enabled: false,
|
|
|
|
throttle_unauthenticated_period_in_seconds: 3600,
|
|
|
|
throttle_unauthenticated_requests_per_period: 3600,
|
2021-04-21 11:09:35 -04:00
|
|
|
throttle_unauthenticated_packages_api_enabled: false,
|
|
|
|
throttle_unauthenticated_packages_api_period_in_seconds: 15,
|
|
|
|
throttle_unauthenticated_packages_api_requests_per_period: 800,
|
2021-08-26 20:08:45 -04:00
|
|
|
throttle_unauthenticated_files_api_enabled: false,
|
|
|
|
throttle_unauthenticated_files_api_period_in_seconds: 15,
|
|
|
|
throttle_unauthenticated_files_api_requests_per_period: 125,
|
2021-09-28 08:11:10 -04:00
|
|
|
throttle_unauthenticated_deprecated_api_enabled: false,
|
|
|
|
throttle_unauthenticated_deprecated_api_period_in_seconds: 3600,
|
|
|
|
throttle_unauthenticated_deprecated_api_requests_per_period: 1800,
|
2019-06-11 06:40:01 -04:00
|
|
|
time_tracking_limit_to_hours: false,
|
2019-03-06 07:12:04 -05:00
|
|
|
two_factor_grace_period: 48,
|
|
|
|
unique_ips_limit_enabled: false,
|
|
|
|
unique_ips_limit_per_user: 10,
|
|
|
|
unique_ips_limit_time_window: 3600,
|
|
|
|
usage_ping_enabled: Settings.gitlab['usage_ping_enabled'],
|
2020-07-31 14:09:37 -04:00
|
|
|
usage_stats_set_by_user_id: nil,
|
2019-03-06 07:12:04 -05:00
|
|
|
user_default_external: false,
|
|
|
|
user_default_internal_regex: nil,
|
|
|
|
user_show_add_ssh_key_message: true,
|
2021-06-21 17:08:33 -04:00
|
|
|
valid_runner_registrars: VALID_RUNNER_REGISTRAR_TYPES,
|
2020-09-02 05:10:23 -04:00
|
|
|
wiki_page_max_content_bytes: 50.megabytes,
|
2020-10-26 14:08:27 -04:00
|
|
|
container_registry_delete_tags_service_timeout: 250,
|
2020-11-28 16:09:37 -05:00
|
|
|
container_registry_expiration_policies_worker_capacity: 0,
|
|
|
|
kroki_enabled: false,
|
2021-01-04 07:10:44 -05:00
|
|
|
kroki_url: nil,
|
2021-02-16 22:08:59 -05:00
|
|
|
kroki_formats: { blockdiag: false, bpmn: false, excalidraw: false },
|
2021-04-27 11:09:52 -04:00
|
|
|
rate_limiting_response_text: nil,
|
2021-09-07 02:11:06 -04:00
|
|
|
whats_new_variant: 0,
|
|
|
|
user_deactivation_emails_enabled: true
|
2019-03-06 07:12:04 -05:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def default_commit_email_hostname
|
|
|
|
"users.noreply.#{Gitlab.config.gitlab.host}"
|
|
|
|
end
|
|
|
|
|
|
|
|
def create_from_defaults
|
|
|
|
build_from_defaults.tap(&:save)
|
|
|
|
end
|
|
|
|
|
|
|
|
def human_attribute_name(attr, _options = {})
|
|
|
|
if attr == :default_artifacts_expire_in
|
|
|
|
'Default artifacts expiration'
|
|
|
|
else
|
|
|
|
super
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def home_page_url_column_exists?
|
2021-11-15 10:10:57 -05:00
|
|
|
ApplicationSetting.database.cached_column_exists?(:home_page_url)
|
2019-03-06 07:12:04 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def help_page_support_url_column_exists?
|
2021-11-15 10:10:57 -05:00
|
|
|
ApplicationSetting.database.cached_column_exists?(:help_page_support_url)
|
2019-03-06 07:12:04 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def disabled_oauth_sign_in_sources=(sources)
|
|
|
|
sources = (sources || []).map(&:to_s) & Devise.omniauth_providers.map(&:to_s)
|
|
|
|
super(sources)
|
|
|
|
end
|
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
def domain_allowlist_raw
|
2020-11-10 07:08:57 -05:00
|
|
|
array_to_string(self.domain_allowlist)
|
2019-03-06 07:12:04 -05:00
|
|
|
end
|
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
def domain_denylist_raw
|
2020-11-10 07:08:57 -05:00
|
|
|
array_to_string(self.domain_denylist)
|
2019-03-06 07:12:04 -05:00
|
|
|
end
|
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
def domain_allowlist_raw=(values)
|
2020-11-10 07:08:57 -05:00
|
|
|
self.domain_allowlist = strings_to_array(values)
|
2019-03-06 07:12:04 -05:00
|
|
|
end
|
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
def domain_denylist_raw=(values)
|
2020-11-10 07:08:57 -05:00
|
|
|
self.domain_denylist = strings_to_array(values)
|
2019-03-06 07:12:04 -05:00
|
|
|
end
|
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
def domain_denylist_file=(file)
|
|
|
|
self.domain_denylist_raw = file.read
|
2019-03-06 07:12:04 -05:00
|
|
|
end
|
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
def outbound_local_requests_allowlist_raw
|
2019-07-24 13:59:38 -04:00
|
|
|
array_to_string(self.outbound_local_requests_whitelist)
|
|
|
|
end
|
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
def outbound_local_requests_allowlist_raw=(values)
|
|
|
|
clear_memoization(:outbound_local_requests_allowlist_arrays)
|
2019-07-31 13:38:15 -04:00
|
|
|
|
2019-09-26 17:06:29 -04:00
|
|
|
self.outbound_local_requests_whitelist = strings_to_array(values)
|
2019-07-24 13:59:38 -04:00
|
|
|
end
|
|
|
|
|
2019-07-31 13:38:15 -04:00
|
|
|
def add_to_outbound_local_requests_whitelist(values_array)
|
2020-10-29 02:08:45 -04:00
|
|
|
clear_memoization(:outbound_local_requests_allowlist_arrays)
|
2019-07-31 13:38:15 -04:00
|
|
|
|
|
|
|
self.outbound_local_requests_whitelist ||= []
|
|
|
|
self.outbound_local_requests_whitelist += values_array
|
|
|
|
|
|
|
|
self.outbound_local_requests_whitelist.uniq!
|
|
|
|
end
|
|
|
|
|
2020-03-10 08:08:16 -04:00
|
|
|
# This method separates out the strings stored in the
|
2020-11-10 07:08:57 -05:00
|
|
|
# application_setting.outbound_local_requests_whitelist array into 2 arrays;
|
2020-03-10 08:08:16 -04:00
|
|
|
# an array of IPAddr objects (`[IPAddr.new('127.0.0.1')]`), and an array of
|
|
|
|
# domain strings (`['www.example.com']`).
|
2020-10-29 02:08:45 -04:00
|
|
|
def outbound_local_requests_allowlist_arrays
|
|
|
|
strong_memoize(:outbound_local_requests_allowlist_arrays) do
|
2019-07-31 02:54:03 -04:00
|
|
|
next [[], []] unless self.outbound_local_requests_whitelist
|
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
ip_allowlist, domain_allowlist = separate_allowlists(self.outbound_local_requests_whitelist)
|
2019-07-24 13:59:38 -04:00
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
[ip_allowlist, domain_allowlist]
|
2019-07-24 13:59:38 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-09-26 17:06:29 -04:00
|
|
|
def protected_paths_raw
|
|
|
|
array_to_string(self.protected_paths)
|
|
|
|
end
|
|
|
|
|
|
|
|
def protected_paths_raw=(values)
|
|
|
|
self.protected_paths = strings_to_array(values)
|
|
|
|
end
|
|
|
|
|
2021-02-11 07:08:52 -05:00
|
|
|
def notes_create_limit_allowlist_raw
|
|
|
|
array_to_string(self.notes_create_limit_allowlist)
|
|
|
|
end
|
|
|
|
|
|
|
|
def notes_create_limit_allowlist_raw=(values)
|
|
|
|
self.notes_create_limit_allowlist = strings_to_array(values).map(&:downcase)
|
|
|
|
end
|
|
|
|
|
2021-03-03 10:10:53 -05:00
|
|
|
def asset_proxy_whitelist=(values)
|
2019-09-26 17:06:29 -04:00
|
|
|
values = strings_to_array(values) if values.is_a?(String)
|
2019-02-20 18:51:55 -05:00
|
|
|
|
2021-02-03 01:10:04 -05:00
|
|
|
# make sure we always allow the running host
|
2019-02-20 18:51:55 -05:00
|
|
|
values << Gitlab.config.gitlab.host unless values.include?(Gitlab.config.gitlab.host)
|
|
|
|
|
2021-03-03 10:10:53 -05:00
|
|
|
self[:asset_proxy_whitelist] = values
|
2019-02-20 18:51:55 -05:00
|
|
|
end
|
2021-03-03 10:10:53 -05:00
|
|
|
alias_method :asset_proxy_allowlist=, :asset_proxy_whitelist=
|
2019-02-20 18:51:55 -05:00
|
|
|
|
2021-03-03 10:10:53 -05:00
|
|
|
def asset_proxy_allowlist
|
|
|
|
read_attribute(:asset_proxy_whitelist)
|
2019-03-06 07:12:04 -05:00
|
|
|
end
|
|
|
|
|
2021-03-03 10:10:53 -05:00
|
|
|
def repository_storages
|
|
|
|
Array(read_attribute(:repository_storages))
|
2020-05-25 20:08:21 -04:00
|
|
|
end
|
|
|
|
|
2019-03-06 07:12:04 -05:00
|
|
|
def commit_email_hostname
|
|
|
|
super.presence || self.class.default_commit_email_hostname
|
|
|
|
end
|
|
|
|
|
|
|
|
def default_project_visibility=(level)
|
|
|
|
super(Gitlab::VisibilityLevel.level_value(level))
|
|
|
|
end
|
|
|
|
|
|
|
|
def default_snippet_visibility=(level)
|
|
|
|
super(Gitlab::VisibilityLevel.level_value(level))
|
|
|
|
end
|
|
|
|
|
|
|
|
def default_group_visibility=(level)
|
|
|
|
super(Gitlab::VisibilityLevel.level_value(level))
|
|
|
|
end
|
|
|
|
|
|
|
|
def restricted_visibility_levels=(levels)
|
|
|
|
super(levels&.map { |level| Gitlab::VisibilityLevel.level_value(level) })
|
|
|
|
end
|
|
|
|
|
|
|
|
def performance_bar_allowed_group
|
|
|
|
Group.find_by_id(performance_bar_allowed_group_id)
|
|
|
|
end
|
|
|
|
|
|
|
|
# Return true if the Performance Bar is enabled for a given group
|
|
|
|
def performance_bar_enabled
|
|
|
|
performance_bar_allowed_group_id.present?
|
|
|
|
end
|
|
|
|
|
2020-06-16 14:09:01 -04:00
|
|
|
def normalized_repository_storage_weights
|
|
|
|
strong_memoize(:normalized_repository_storage_weights) do
|
2021-03-11 10:09:10 -05:00
|
|
|
repository_storages_weights = repository_storages_weighted.slice(*Gitlab.config.repositories.storages.keys)
|
|
|
|
weights_total = repository_storages_weights.values.reduce(:+)
|
2020-06-16 14:09:01 -04:00
|
|
|
|
2021-03-11 10:09:10 -05:00
|
|
|
repository_storages_weights.transform_values do |w|
|
2020-06-16 14:09:01 -04:00
|
|
|
next w if weights_total == 0
|
|
|
|
|
|
|
|
w.to_f / weights_total
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# Choose one of the available repository storage options based on a normalized weighted probability.
|
2019-03-06 07:12:04 -05:00
|
|
|
def pick_repository_storage
|
2020-06-16 14:09:01 -04:00
|
|
|
normalized_repository_storage_weights.max_by { |_, weight| rand**(1.0 / weight) }.first
|
2019-03-06 07:12:04 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def runners_registration_token
|
|
|
|
ensure_runners_registration_token!
|
|
|
|
end
|
|
|
|
|
|
|
|
def health_check_access_token
|
|
|
|
ensure_health_check_access_token!
|
|
|
|
end
|
|
|
|
|
|
|
|
def usage_ping_can_be_configured?
|
|
|
|
Settings.gitlab.usage_ping_enabled
|
|
|
|
end
|
|
|
|
|
2021-06-30 05:08:07 -04:00
|
|
|
def usage_ping_features_enabled?
|
|
|
|
usage_ping_enabled? && usage_ping_features_enabled
|
|
|
|
end
|
|
|
|
|
2019-03-06 07:12:04 -05:00
|
|
|
def usage_ping_enabled
|
|
|
|
usage_ping_can_be_configured? && super
|
|
|
|
end
|
2021-06-10 23:10:14 -04:00
|
|
|
alias_method :usage_ping_enabled?, :usage_ping_enabled
|
2019-03-06 07:12:04 -05:00
|
|
|
|
|
|
|
def allowed_key_types
|
|
|
|
SUPPORTED_KEY_TYPES.select do |type|
|
|
|
|
key_restriction_for(type) != FORBIDDEN_KEY_VALUE
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def key_restriction_for(type)
|
|
|
|
attr_name = "#{type}_key_restriction"
|
|
|
|
|
|
|
|
has_attribute?(attr_name) ? public_send(attr_name) : FORBIDDEN_KEY_VALUE # rubocop:disable GitlabSecurity/PublicSend
|
|
|
|
end
|
|
|
|
|
|
|
|
def allow_signup?
|
|
|
|
signup_enabled? && password_authentication_enabled_for_web?
|
|
|
|
end
|
|
|
|
|
|
|
|
def password_authentication_enabled?
|
|
|
|
password_authentication_enabled_for_web? || password_authentication_enabled_for_git?
|
|
|
|
end
|
|
|
|
|
|
|
|
def user_default_internal_regex_enabled?
|
|
|
|
user_default_external? && user_default_internal_regex.present?
|
|
|
|
end
|
|
|
|
|
|
|
|
def user_default_internal_regex_instance
|
|
|
|
Regexp.new(user_default_internal_regex, Regexp::IGNORECASE)
|
|
|
|
end
|
|
|
|
|
|
|
|
delegate :terms, to: :latest_terms, allow_nil: true
|
|
|
|
def latest_terms
|
|
|
|
@latest_terms ||= ApplicationSetting::Term.latest
|
|
|
|
end
|
|
|
|
|
|
|
|
def reset_memoized_terms
|
|
|
|
@latest_terms = nil # rubocop:disable Gitlab/ModuleWithInstanceVariables
|
|
|
|
latest_terms
|
|
|
|
end
|
|
|
|
|
|
|
|
def archive_builds_older_than
|
|
|
|
archive_builds_in_seconds.seconds.ago if archive_builds_in_seconds
|
|
|
|
end
|
|
|
|
|
2019-07-22 10:56:40 -04:00
|
|
|
def static_objects_external_storage_enabled?
|
|
|
|
static_objects_external_storage_url.present?
|
|
|
|
end
|
|
|
|
|
2020-03-12 17:09:45 -04:00
|
|
|
# This will eventually be configurable
|
|
|
|
# https://gitlab.com/gitlab-org/gitlab/issues/208161
|
|
|
|
def web_ide_clientside_preview_bundler_url
|
|
|
|
'https://sandbox-prod.gitlab-static.net'
|
|
|
|
end
|
|
|
|
|
2019-03-06 07:12:04 -05:00
|
|
|
private
|
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
def separate_allowlists(string_array)
|
|
|
|
string_array.reduce([[], []]) do |(ip_allowlist, domain_allowlist), string|
|
2020-03-15 23:09:14 -04:00
|
|
|
address, port = parse_addr_and_port(string)
|
|
|
|
|
|
|
|
ip_obj = Gitlab::Utils.string_to_ip_object(address)
|
2020-03-10 08:08:16 -04:00
|
|
|
|
|
|
|
if ip_obj
|
2020-10-29 02:08:45 -04:00
|
|
|
ip_allowlist << Gitlab::UrlBlockers::IpAllowlistEntry.new(ip_obj, port: port)
|
2020-03-10 08:08:16 -04:00
|
|
|
else
|
2020-10-29 02:08:45 -04:00
|
|
|
domain_allowlist << Gitlab::UrlBlockers::DomainAllowlistEntry.new(address, port: port)
|
2020-03-10 08:08:16 -04:00
|
|
|
end
|
|
|
|
|
2020-10-29 02:08:45 -04:00
|
|
|
[ip_allowlist, domain_allowlist]
|
2020-03-10 08:08:16 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-03-15 23:09:14 -04:00
|
|
|
def parse_addr_and_port(str)
|
|
|
|
case str
|
|
|
|
when /\A\[(?<address> .* )\]:(?<port> \d+ )\z/x # string like "[::1]:80"
|
2021-04-19 17:09:27 -04:00
|
|
|
address = $~[:address]
|
|
|
|
port = $~[:port]
|
2020-03-15 23:09:14 -04:00
|
|
|
when /\A(?<address> [^:]+ ):(?<port> \d+ )\z/x # string like "127.0.0.1:80"
|
2021-04-19 17:09:27 -04:00
|
|
|
address = $~[:address]
|
|
|
|
port = $~[:port]
|
2020-03-15 23:09:14 -04:00
|
|
|
else # string with no port number
|
2021-04-19 17:09:27 -04:00
|
|
|
address = str
|
|
|
|
port = nil
|
2020-03-15 23:09:14 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
[address, port&.to_i]
|
|
|
|
end
|
|
|
|
|
2019-07-24 13:59:38 -04:00
|
|
|
def array_to_string(arr)
|
|
|
|
arr&.join("\n")
|
|
|
|
end
|
|
|
|
|
2019-09-26 17:06:29 -04:00
|
|
|
def strings_to_array(values)
|
2019-07-31 02:54:03 -04:00
|
|
|
return [] unless values
|
|
|
|
|
2019-07-24 13:59:38 -04:00
|
|
|
values
|
2019-09-26 17:06:29 -04:00
|
|
|
.split(STRING_LIST_SEPARATOR)
|
2019-02-20 18:51:55 -05:00
|
|
|
.map(&:strip)
|
2019-07-24 13:59:38 -04:00
|
|
|
.reject(&:empty?)
|
|
|
|
.uniq
|
|
|
|
end
|
|
|
|
|
2019-03-06 07:12:04 -05:00
|
|
|
def ensure_uuid!
|
|
|
|
return if uuid?
|
|
|
|
|
|
|
|
self.uuid = SecureRandom.uuid
|
|
|
|
end
|
|
|
|
|
|
|
|
def check_repository_storages
|
|
|
|
invalid = repository_storages - Gitlab.config.repositories.storages.keys
|
|
|
|
errors.add(:repository_storages, "can't include: #{invalid.join(", ")}") unless
|
|
|
|
invalid.empty?
|
|
|
|
end
|
|
|
|
|
2021-03-11 10:09:10 -05:00
|
|
|
def coerce_repository_storages_weighted
|
|
|
|
repository_storages_weighted.transform_values!(&:to_i)
|
|
|
|
end
|
|
|
|
|
2020-05-25 20:08:21 -04:00
|
|
|
def check_repository_storages_weighted
|
|
|
|
invalid = repository_storages_weighted.keys - Gitlab.config.repositories.storages.keys
|
2021-03-11 10:09:10 -05:00
|
|
|
errors.add(:repository_storages_weighted, _("can't include: %{invalid_storages}") % { invalid_storages: invalid.join(", ") }) unless
|
2020-05-25 20:08:21 -04:00
|
|
|
invalid.empty?
|
2020-07-21 20:09:26 -04:00
|
|
|
|
|
|
|
repository_storages_weighted.each do |key, val|
|
|
|
|
next unless val.present?
|
|
|
|
|
2021-03-11 10:09:10 -05:00
|
|
|
errors.add(:repository_storages_weighted, _("value for '%{storage}' must be an integer") % { storage: key }) unless val.is_a?(Integer)
|
|
|
|
errors.add(:repository_storages_weighted, _("value for '%{storage}' must be between 0 and 100") % { storage: key }) unless val.between?(0, 100)
|
2020-07-21 20:09:26 -04:00
|
|
|
end
|
2020-05-25 20:08:21 -04:00
|
|
|
end
|
|
|
|
|
2021-06-21 17:08:33 -04:00
|
|
|
def check_valid_runner_registrars
|
|
|
|
valid = valid_runner_registrar_combinations.include?(valid_runner_registrars)
|
|
|
|
errors.add(:valid_runner_registrars, _("%{value} is not included in the list") % { value: valid_runner_registrars }) unless valid
|
|
|
|
end
|
|
|
|
|
|
|
|
def valid_runner_registrar_combinations
|
|
|
|
0.upto(VALID_RUNNER_REGISTRAR_TYPES.size).flat_map do |n|
|
|
|
|
VALID_RUNNER_REGISTRAR_TYPES.permutation(n).to_a
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-03-06 07:12:04 -05:00
|
|
|
def terms_exist
|
|
|
|
return unless enforce_terms?
|
|
|
|
|
2020-03-03 04:07:54 -05:00
|
|
|
errors.add(:base, _('You need to set terms to be enforced')) unless terms.present?
|
2019-03-06 07:12:04 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def expire_performance_bar_allowed_user_ids_cache
|
|
|
|
Gitlab::PerformanceBar.expire_allowed_user_ids_cache
|
|
|
|
end
|
|
|
|
end
|