2018-10-22 03:00:50 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-02-01 05:33:22 -05:00
|
|
|
require 'base64'
|
|
|
|
require 'json'
|
2016-08-19 13:10:41 -04:00
|
|
|
require 'securerandom'
|
2017-03-24 13:22:42 -04:00
|
|
|
require 'uri'
|
2016-02-01 05:33:22 -05:00
|
|
|
|
|
|
|
module Gitlab
|
|
|
|
class Workhorse
|
2019-08-31 15:25:25 -04:00
|
|
|
SEND_DATA_HEADER = 'Gitlab-Workhorse-Send-Data'
|
2021-11-04 05:12:56 -04:00
|
|
|
SEND_DEPENDENCY_CONTENT_TYPE_HEADER = 'Workhorse-Proxy-Content-Type'
|
2019-08-31 15:25:25 -04:00
|
|
|
VERSION_FILE = 'GITLAB_WORKHORSE_VERSION'
|
|
|
|
INTERNAL_API_CONTENT_TYPE = 'application/vnd.gitlab-workhorse+json'
|
|
|
|
INTERNAL_API_REQUEST_HEADER = 'Gitlab-Workhorse-Api-Request'
|
|
|
|
NOTIFICATION_CHANNEL = 'workhorse:notifications'
|
2018-03-07 10:22:37 -05:00
|
|
|
ALLOWED_GIT_HTTP_ACTIONS = %w[git_receive_pack git_upload_pack info_refs].freeze
|
2019-08-31 15:25:25 -04:00
|
|
|
DETECT_HEADER = 'Gitlab-Workhorse-Detect-Content-Type'
|
2019-10-31 11:06:41 -04:00
|
|
|
ARCHIVE_FORMATS = %w(zip tar.gz tar.bz2 tar).freeze
|
2016-08-19 13:10:41 -04:00
|
|
|
|
2019-09-03 19:03:20 -04:00
|
|
|
include JwtAuthenticatable
|
2016-02-02 08:09:55 -05:00
|
|
|
|
2016-02-11 12:10:14 -05:00
|
|
|
class << self
|
2019-03-18 12:51:11 -04:00
|
|
|
def git_http_ok(repository, repo_type, user, action, show_all_refs: false)
|
2018-03-07 10:22:37 -05:00
|
|
|
raise "Unsupported action: #{action}" unless ALLOWED_GIT_HTTP_ACTIONS.include?(action.to_s)
|
2018-03-06 09:17:00 -05:00
|
|
|
|
2018-08-01 10:47:14 -04:00
|
|
|
attrs = {
|
2016-08-19 13:10:41 -04:00
|
|
|
GL_ID: Gitlab::GlId.gl_id(user),
|
2020-03-04 19:07:49 -05:00
|
|
|
GL_REPOSITORY: repo_type.identifier_for_container(repository.container),
|
2017-08-03 14:38:33 -04:00
|
|
|
GL_USERNAME: user&.username,
|
2018-03-29 04:35:33 -04:00
|
|
|
ShowAllRefs: show_all_refs,
|
|
|
|
Repository: repository.gitaly_repository.to_h,
|
2018-08-01 10:47:14 -04:00
|
|
|
GitConfigOptions: [],
|
2018-03-29 04:35:33 -04:00
|
|
|
GitalyServer: {
|
2019-12-27 10:08:16 -05:00
|
|
|
address: Gitlab::GitalyClient.address(repository.storage),
|
|
|
|
token: Gitlab::GitalyClient.token(repository.storage),
|
2022-05-03 23:08:09 -04:00
|
|
|
features: Feature::Gitaly.server_feature_flags(repository.project)
|
2018-03-29 04:35:33 -04:00
|
|
|
}
|
2017-07-06 08:45:29 -04:00
|
|
|
}
|
2018-08-01 10:47:14 -04:00
|
|
|
|
|
|
|
# Custom option for git-receive-pack command
|
|
|
|
receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
|
|
|
|
if receive_max_input_size > 0
|
|
|
|
attrs[:GitConfigOptions] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
|
|
|
|
end
|
|
|
|
|
|
|
|
attrs
|
2016-04-06 11:52:12 -04:00
|
|
|
end
|
|
|
|
|
2016-02-01 05:33:22 -05:00
|
|
|
def send_git_blob(repository, blob)
|
2018-07-09 06:02:02 -04:00
|
|
|
params = {
|
|
|
|
'GitalyServer' => gitaly_server_hash(repository),
|
|
|
|
'GetBlobRequest' => {
|
|
|
|
repository: repository.gitaly_repository.to_h,
|
|
|
|
oid: blob.id,
|
|
|
|
limit: -1
|
|
|
|
}
|
|
|
|
}
|
2016-02-01 05:33:22 -05:00
|
|
|
|
|
|
|
[
|
2016-02-02 08:09:55 -05:00
|
|
|
SEND_DATA_HEADER,
|
2016-06-08 08:30:15 -04:00
|
|
|
"git-blob:#{encode(params)}"
|
2016-02-01 05:33:22 -05:00
|
|
|
]
|
|
|
|
end
|
2016-02-02 08:09:55 -05:00
|
|
|
|
2019-04-11 10:03:02 -04:00
|
|
|
def send_git_archive(repository, ref:, format:, append_sha:, path: nil)
|
2016-02-02 08:09:55 -05:00
|
|
|
format ||= 'tar.gz'
|
2018-10-22 03:00:50 -04:00
|
|
|
format = format.downcase
|
2019-04-11 10:33:27 -04:00
|
|
|
|
|
|
|
metadata = repository.archive_metadata(
|
|
|
|
ref,
|
|
|
|
Gitlab.config.gitlab.repository_downloads_path,
|
|
|
|
format,
|
|
|
|
append_sha: append_sha,
|
|
|
|
path: path
|
|
|
|
)
|
2016-02-02 08:09:55 -05:00
|
|
|
|
2019-04-11 10:03:02 -04:00
|
|
|
raise "Repository or ref not found" if metadata.empty?
|
|
|
|
|
2020-04-21 11:21:10 -04:00
|
|
|
params = send_git_archive_params(repository, metadata, path, archive_format(format))
|
2017-09-30 20:13:23 -04:00
|
|
|
|
2019-04-11 10:33:27 -04:00
|
|
|
# If present, DisableCache must be a Boolean. Otherwise
|
|
|
|
# workhorse ignores it.
|
2018-01-09 10:59:46 -05:00
|
|
|
params['DisableCache'] = true if git_archive_cache_disabled?
|
2019-04-11 10:33:27 -04:00
|
|
|
params['GitalyServer'] = gitaly_server_hash(repository)
|
2018-01-09 10:59:46 -05:00
|
|
|
|
2016-02-02 08:09:55 -05:00
|
|
|
[
|
|
|
|
SEND_DATA_HEADER,
|
2016-06-08 08:30:15 -04:00
|
|
|
"git-archive:#{encode(params)}"
|
2016-02-02 08:09:55 -05:00
|
|
|
]
|
|
|
|
end
|
2016-05-12 14:50:49 -04:00
|
|
|
|
2018-04-03 13:57:55 -04:00
|
|
|
def send_git_snapshot(repository)
|
|
|
|
params = {
|
|
|
|
'GitalyServer' => gitaly_server_hash(repository),
|
|
|
|
'GetSnapshotRequest' => Gitaly::GetSnapshotRequest.new(
|
|
|
|
repository: repository.gitaly_repository
|
|
|
|
).to_json
|
|
|
|
}
|
|
|
|
|
|
|
|
[
|
|
|
|
SEND_DATA_HEADER,
|
|
|
|
"git-snapshot:#{encode(params)}"
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
2016-06-08 08:30:15 -04:00
|
|
|
def send_git_diff(repository, diff_refs)
|
2018-07-06 06:01:15 -04:00
|
|
|
params = {
|
|
|
|
'GitalyServer' => gitaly_server_hash(repository),
|
|
|
|
'RawDiffRequest' => Gitaly::RawDiffRequest.new(
|
|
|
|
gitaly_diff_or_patch_hash(repository, diff_refs)
|
|
|
|
).to_json
|
|
|
|
}
|
2016-05-12 14:50:49 -04:00
|
|
|
|
|
|
|
[
|
|
|
|
SEND_DATA_HEADER,
|
|
|
|
"git-diff:#{encode(params)}"
|
2016-02-02 08:09:55 -05:00
|
|
|
]
|
|
|
|
end
|
2016-06-06 07:16:30 -04:00
|
|
|
|
2016-07-03 17:01:13 -04:00
|
|
|
def send_git_patch(repository, diff_refs)
|
2018-07-11 06:59:15 -04:00
|
|
|
params = {
|
|
|
|
'GitalyServer' => gitaly_server_hash(repository),
|
|
|
|
'RawPatchRequest' => Gitaly::RawPatchRequest.new(
|
|
|
|
gitaly_diff_or_patch_hash(repository, diff_refs)
|
|
|
|
).to_json
|
|
|
|
}
|
2016-06-10 08:57:50 -04:00
|
|
|
|
|
|
|
[
|
2016-06-28 08:59:25 -04:00
|
|
|
SEND_DATA_HEADER,
|
2016-06-10 08:57:50 -04:00
|
|
|
"git-format-patch:#{encode(params)}"
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
2020-05-15 14:07:52 -04:00
|
|
|
def send_artifacts_entry(file, entry)
|
2018-01-29 12:57:34 -05:00
|
|
|
archive = file.file_storage? ? file.path : file.url
|
|
|
|
|
2016-07-05 10:58:38 -04:00
|
|
|
params = {
|
2018-01-29 12:57:34 -05:00
|
|
|
'Archive' => archive,
|
2017-09-08 08:04:44 -04:00
|
|
|
'Entry' => Base64.encode64(entry.to_s)
|
2016-07-05 10:58:38 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
[
|
|
|
|
SEND_DATA_HEADER,
|
|
|
|
"artifacts-entry:#{encode(params)}"
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
2018-02-06 09:31:39 -05:00
|
|
|
def send_url(url, allow_redirects: false)
|
|
|
|
params = {
|
|
|
|
'URL' => url,
|
|
|
|
'AllowRedirects' => allow_redirects
|
|
|
|
}
|
|
|
|
|
|
|
|
[
|
|
|
|
SEND_DATA_HEADER,
|
|
|
|
"send-url:#{encode(params)}"
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
2020-08-28 02:10:45 -04:00
|
|
|
def send_scaled_image(location, width, content_type)
|
2020-08-10 14:09:54 -04:00
|
|
|
params = {
|
|
|
|
'Location' => location,
|
2020-08-28 02:10:45 -04:00
|
|
|
'Width' => width,
|
|
|
|
'ContentType' => content_type
|
2020-08-10 14:09:54 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
[
|
|
|
|
SEND_DATA_HEADER,
|
|
|
|
"send-scaled-img:#{encode(params)}"
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
2021-11-04 05:12:56 -04:00
|
|
|
def send_dependency(headers, url)
|
2021-10-15 11:10:09 -04:00
|
|
|
params = {
|
2021-11-04 05:12:56 -04:00
|
|
|
'Header' => headers,
|
2021-10-15 11:10:09 -04:00
|
|
|
'Url' => url
|
|
|
|
}
|
|
|
|
|
|
|
|
[
|
|
|
|
SEND_DATA_HEADER,
|
|
|
|
"send-dependency:#{encode(params)}"
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
2019-04-04 14:32:02 -04:00
|
|
|
def channel_websocket(channel)
|
2016-11-22 14:55:56 -05:00
|
|
|
details = {
|
2019-04-04 14:32:02 -04:00
|
|
|
'Channel' => {
|
|
|
|
'Subprotocols' => channel[:subprotocols],
|
|
|
|
'Url' => channel[:url],
|
|
|
|
'Header' => channel[:headers],
|
|
|
|
'MaxSessionTime' => channel[:max_session_time]
|
2016-11-22 14:55:56 -05:00
|
|
|
}
|
|
|
|
}
|
2019-04-04 14:32:02 -04:00
|
|
|
details['Channel']['CAPem'] = channel[:ca_pem] if channel.key?(:ca_pem)
|
2016-11-22 14:55:56 -05:00
|
|
|
|
|
|
|
details
|
|
|
|
end
|
|
|
|
|
2016-07-18 07:58:08 -04:00
|
|
|
def version
|
2016-07-21 16:04:28 -04:00
|
|
|
path = Rails.root.join(VERSION_FILE)
|
|
|
|
path.readable? ? path.read.chomp : 'unknown'
|
2016-07-18 07:58:08 -04:00
|
|
|
end
|
|
|
|
|
2016-08-19 13:10:41 -04:00
|
|
|
def verify_api_request!(request_headers)
|
2022-01-06 01:10:35 -05:00
|
|
|
decode_jwt_with_issuer(request_headers[INTERNAL_API_REQUEST_HEADER])
|
2016-08-18 10:31:44 -04:00
|
|
|
end
|
|
|
|
|
2022-01-06 01:10:35 -05:00
|
|
|
def decode_jwt_with_issuer(encoded_message)
|
|
|
|
decode_jwt(encoded_message, issuer: 'gitlab-workhorse')
|
2016-08-19 13:10:41 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def secret_path
|
2017-03-30 20:37:45 -04:00
|
|
|
Gitlab.config.workhorse.secret_file
|
2016-08-19 13:10:41 -04:00
|
|
|
end
|
2016-09-20 12:21:52 -04:00
|
|
|
|
2017-03-06 05:44:45 -05:00
|
|
|
def set_key_and_notify(key, value, expire: nil, overwrite: true)
|
2019-07-22 02:00:37 -04:00
|
|
|
Gitlab::Redis::SharedState.with do |redis|
|
2017-02-28 06:07:04 -05:00
|
|
|
result = redis.set(key, value, ex: expire, nx: !overwrite)
|
|
|
|
if result
|
2017-03-06 05:44:45 -05:00
|
|
|
redis.publish(NOTIFICATION_CHANNEL, "#{key}=#{value}")
|
2017-02-28 06:07:04 -05:00
|
|
|
value
|
|
|
|
else
|
|
|
|
redis.get(key)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2022-04-05 14:09:00 -04:00
|
|
|
def detect_content_type
|
|
|
|
[
|
|
|
|
Gitlab::Workhorse::DETECT_HEADER,
|
|
|
|
'true'
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
2016-02-02 08:09:55 -05:00
|
|
|
protected
|
2016-06-06 07:16:30 -04:00
|
|
|
|
2019-04-11 10:29:08 -04:00
|
|
|
# This is the outermost encoding of a senddata: header. It is safe for
|
|
|
|
# inclusion in HTTP response headers
|
2016-02-02 08:09:55 -05:00
|
|
|
def encode(hash)
|
2020-04-30 20:09:59 -04:00
|
|
|
Base64.urlsafe_encode64(Gitlab::Json.dump(hash))
|
2016-02-02 08:09:55 -05:00
|
|
|
end
|
2017-07-09 23:43:20 -04:00
|
|
|
|
2019-04-11 10:29:08 -04:00
|
|
|
# This is for encoding individual fields inside the senddata JSON that
|
|
|
|
# contain binary data. In workhorse, the corresponding struct field should
|
|
|
|
# be type []byte
|
2019-04-11 10:03:02 -04:00
|
|
|
def encode_binary(binary)
|
2019-04-11 10:29:08 -04:00
|
|
|
Base64.encode64(binary)
|
2019-04-11 10:03:02 -04:00
|
|
|
end
|
|
|
|
|
2017-07-09 23:43:20 -04:00
|
|
|
def gitaly_server_hash(repository)
|
|
|
|
{
|
2020-06-25 08:09:00 -04:00
|
|
|
address: Gitlab::GitalyClient.address(repository.shard),
|
|
|
|
token: Gitlab::GitalyClient.token(repository.shard),
|
2021-02-16 10:09:50 -05:00
|
|
|
features: Feature::Gitaly.server_feature_flags(repository.project)
|
2017-07-09 23:43:20 -04:00
|
|
|
}
|
|
|
|
end
|
2017-10-02 14:51:20 -04:00
|
|
|
|
|
|
|
def gitaly_diff_or_patch_hash(repository, diff_refs)
|
|
|
|
{
|
|
|
|
repository: repository.gitaly_repository,
|
|
|
|
left_commit_id: diff_refs.base_sha,
|
|
|
|
right_commit_id: diff_refs.head_sha
|
|
|
|
}
|
|
|
|
end
|
2018-01-09 10:59:46 -05:00
|
|
|
|
|
|
|
def git_archive_cache_disabled?
|
|
|
|
ENV['WORKHORSE_ARCHIVE_CACHE_DISABLED'].present? || Feature.enabled?(:workhorse_archive_cache_disabled)
|
|
|
|
end
|
2019-04-11 10:03:02 -04:00
|
|
|
|
|
|
|
def archive_format(format)
|
|
|
|
case format
|
|
|
|
when "tar.bz2", "tbz", "tbz2", "tb2", "bz2"
|
|
|
|
Gitaly::GetArchiveRequest::Format::TAR_BZ2
|
|
|
|
when "tar"
|
|
|
|
Gitaly::GetArchiveRequest::Format::TAR
|
|
|
|
when "zip"
|
|
|
|
Gitaly::GetArchiveRequest::Format::ZIP
|
|
|
|
else
|
|
|
|
Gitaly::GetArchiveRequest::Format::TAR_GZ
|
|
|
|
end
|
|
|
|
end
|
2019-04-11 10:33:27 -04:00
|
|
|
|
|
|
|
def send_git_archive_params(repository, metadata, path, format)
|
|
|
|
{
|
|
|
|
'ArchivePath' => metadata['ArchivePath'],
|
|
|
|
'GetArchiveRequest' => encode_binary(
|
|
|
|
Gitaly::GetArchiveRequest.new(
|
|
|
|
repository: repository.gitaly_repository,
|
|
|
|
commit_id: metadata['CommitId'],
|
|
|
|
prefix: metadata['ArchivePrefix'],
|
|
|
|
format: format,
|
2020-10-15 17:09:12 -04:00
|
|
|
path: path.presence || "",
|
2021-05-31 14:09:56 -04:00
|
|
|
include_lfs_blobs: true
|
2019-04-11 10:33:27 -04:00
|
|
|
).to_proto
|
|
|
|
)
|
|
|
|
}
|
|
|
|
end
|
2016-02-01 05:33:22 -05:00
|
|
|
end
|
|
|
|
end
|
2016-02-01 06:27:35 -05:00
|
|
|
end
|