Commit graph

16 commits

Author SHA1 Message Date
GitLab Bot
09093c1278 Add latest changes from gitlab-org/gitlab@master 2020-04-15 18:09:36 +00:00
GitLab Bot
874ead9c3a Add latest changes from gitlab-org/gitlab@master 2020-04-14 15:09:44 +00:00
GitLab Release Tools Bot
461101c3b5 Merge branch 'security-60551-fix-upload-scope' into 'master'
Queries for Upload should be scoped by model

See merge request gitlab/gitlabhq!3229
2019-07-26 13:40:54 +00:00
Nick Thomas
4aa76dddec
Remove dead MySQL code
None of this code can be reached any more, so it can all be removed
2019-07-23 16:53:03 +01:00
Adam Hegyi
dfe906209e Queries for Upload should be scoped by model 2019-07-11 15:52:55 +02:00
Sean McGivern
ec85debaf5 Speed up avatar URLs with object storage
With object storage enabled, calling `#filename` on an upload does this:

1. Call the `#filename` method on the CarrierWave object.
2. Generate the URL for that object.
3. If the uploader isn't public, do so by generating an authenticated
   URL, including signing that request.

That's all correct behaviour, but for the case where we use `#filename`,
it's typically to generate a GitLab URL. That URL doesn't need to be
signed because we do our own auth.

Signing the URLs can be very expensive, especially in batch (say, we
need to get the avatar URLs for 150 users in one request). It's all
unnecessary work. If we used the `RecordsUploads` concern, we have
already recorded a `path` in the database. That `path` is actually
generated from CarrierWave's `#filename` at upload time, so we don't
need to recompute it - we can just use it and strip off the prefix if
it's available.

On a sample users autocomplete URL, at least 10% of the time before this
change went to signing URLs. After this change, we spend no time in URL
signing, and still get the correct results.
2019-04-04 11:32:42 +01:00
Stan Hu
bcdb5a0a2d Fix failing MySQL spec due to deadlock condition
`spec/features/uploads/user_uploads_file_to_note_spec.rb` was failing in
master because MySQL detected a deadlock when a DELETE and INSERT for
the same indexed item occurred within a transaction in the `uploads`
table.  Due to InnoDB's next-key locking algorithm
(innodb_locks_unsafe_for_binlog in
https://dev.mysql.com/doc/refman/5.5/en/innodb-parameters.html), InnoDB
sets an exclusive lock for any of the indexed records it encounters, so
the INSERT will fail until the DELETE is committed.

To fix this, we just disable the transaction for MySQL and keep
it for PostgreSQL.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55161
2019-01-14 21:17:40 -08:00
Yorick Peterse
2039c8280d
Disable existing offenses for the CodeReuse cops
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
2018-09-11 17:32:00 +02:00
gfyoung
d5ee813e3d Enable frozen string in apps/validators/*.rb
Partially addresses #47424.
2018-07-05 00:13:58 -07:00
Micaël Bergeron
44975f8a5a
shave off another 20% query 2018-06-07 10:01:47 -04:00
Kamil Trzciński
a22f6fa6e5 Merge branch 'fix/sm/atomic-migration' into 'master'
Fix migrate! method (Minimal fix with ExclusiveLock to prevent race conditions)

Closes #4928 and #4980

See merge request gitlab-org/gitlab-ee!4624
2018-02-28 21:28:26 +01:00
Micaël Bergeron
74ddc80590 add the uploader context to the upload model 2018-02-02 09:28:15 -05:00
Micaël Bergeron
2057a6acde port of 594e6a0a625^..f74c90f68c6 2018-02-01 12:14:46 -05:00
Jarka Kadlecova
2e311d9d1a Support uploads for newly created personal snippets 2017-06-07 07:52:41 +02:00
Robert Speicher
5c41338fa3 Handle relative and absolute Upload paths in the Uploaders 2017-03-06 14:41:10 -05:00
Robert Speicher
3a0be1c5fc Add RecordsUploads module to record Upload records via callbacks 2017-03-06 14:41:09 -05:00