Commit graph

6 commits

Author SHA1 Message Date
Stan Hu
244ed8adb3 Fix object storage uploads not working with AWS v2
Because we were passing query strings as symbols, the fog-aws storage
driver was omitting the uploadId and partNumber query strings
from the signature in multipart uploads. This fix makes AWS and Ceph work with
v2 signatures.

See: https://github.com/fog/fog-aws/blob/v3.0.0/lib/fog/aws/storage.rb#L733

Closes https://gitlab.com/gitlab-org/gitlab-workhorse/issues/181
2018-09-14 07:43:39 -07:00
Stan Hu
262b974123 Fix attachments not displaying inline with Google Cloud Storage
There were several issues:

1. With Google Cloud Storage, we can't override the Content-Type with
Response-Content-Type once it is set.  Setting the value to
`application/octet-stream` doesn't buy us anything. GCS defaults to
`application/octet-stream`, and AWS uses `binary/octet-stream`. Just remove
this `Content-Type` when we upload new files.

2. CarrierWave and fog-google need to support query parameters:
https://github.com/fog/fog-google/pull/409/files, https://github.com/carrierwaveuploader/carrierwave/pull/2332/files.
CarrierWave has been monkey-patched until an official release.

3. Workhorse also needs to remove the Content-Type header in the request
(ef80978ff8/internal/objectstore/object.go (L66)),
or we'll get a 403 error when uploading due to signed URLs not matching the headers.
Upgrading to Workhorse 6.1.0 for https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/297
will make Workhorse use the headers that are used by Rails.

Closes #49957
2018-09-05 17:01:54 -07:00
Stan Hu
97cabfb65c Send required object storage PUT headers in /uploads/authorize API
As revealed in https://gitlab.com/gitlab-org/gitlab-ce/issues/49957, Rails
generates a signed URL with a fixed HTTP header with `Content-Type:
application/octet-stream`. However, if we change or remove that for
some reason in Workhorse, this breaks the upload with a 403 Unauthorized because
the signed URL is not valid.

We can make this more robust by doing the following:

1. In the `/uploads/authorize` request, Rails can return a `StoreHeaders` key-value
pair in the JSON response containing the required headers that the PUT
request must include.
2. Use those HTTP headers if that value is present.
3. For backwards compatibility, if that key is not present, default to
the old behavior of sending the fixed `Content-Type` header.

See https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/297 as well.
2018-08-23 12:40:24 -07:00
Kamil Trzciński
53d1c87c86 Fix Fog mocking 2018-06-05 16:48:42 +02:00
Kamil Trzciński
eea26a93e7 Update validator 2018-06-04 22:31:01 +02:00
Kamil Trzciński
b8370c9f55 Support presigned multipart uploads 2018-06-04 13:04:29 +02:00