5b075413d9
LFS uploads are handled in concert by workhorse and rails. In normal use, workhorse: * Authorizes the request with rails (upload_authorize) * Handles the upload of the file to a tempfile - disk or object storage * Validates the file size and contents * Hands off to rails to complete the upload (upload_finalize) In `upload_finalize`, the LFS object is linked to the project. As LFS objects are deduplicated across all projects, it may already exist. If not, the temporary file is copied to the correct place, and will be used by all future LFS objects with the same OID. Workhorse uses the Content-Type of the request to decide to follow this routine, as the URLs are ambiguous. If the Content-Type is anything but "application/octet-stream", the request is proxied directly to rails, on the assumption that this is a normal file edit request. If it's an actual LFS request with a different content-type, however, it is routed to the Rails `upload_finalize` action, which treats it as an LFS upload just as it would a workhorse-modified request. The outcome is that users can upload LFS objects that don't match the declared size or OID. They can also create links to LFS objects they don't really own, allowing them to read the contents of files if they know just the size or OID. We can close this hole by requiring requests to `upload_finalize` to be sourced from Workhorse. The mechanism to do this already exists.
89 lines
2.1 KiB
Ruby
89 lines
2.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Projects::LfsStorageController < Projects::GitHttpClientController
|
|
include LfsRequest
|
|
include WorkhorseRequest
|
|
include SendFileUpload
|
|
|
|
skip_before_action :verify_workhorse_api!, only: :download
|
|
|
|
def download
|
|
lfs_object = LfsObject.find_by_oid(oid)
|
|
unless lfs_object && lfs_object.file.exists?
|
|
render_lfs_not_found
|
|
return
|
|
end
|
|
|
|
send_upload(lfs_object.file, send_params: { content_type: "application/octet-stream" })
|
|
end
|
|
|
|
def upload_authorize
|
|
set_workhorse_internal_api_content_type
|
|
|
|
authorized = LfsObjectUploader.workhorse_authorize(has_length: true)
|
|
authorized.merge!(LfsOid: oid, LfsSize: size)
|
|
|
|
render json: authorized
|
|
end
|
|
|
|
def upload_finalize
|
|
if store_file!(oid, size)
|
|
head 200
|
|
else
|
|
render plain: 'Unprocessable entity', status: :unprocessable_entity
|
|
end
|
|
rescue ActiveRecord::RecordInvalid
|
|
render_lfs_forbidden
|
|
rescue UploadedFile::InvalidPathError
|
|
render_lfs_forbidden
|
|
rescue ObjectStorage::RemoteStoreError
|
|
render_lfs_forbidden
|
|
end
|
|
|
|
private
|
|
|
|
def download_request?
|
|
action_name == 'download'
|
|
end
|
|
|
|
def upload_request?
|
|
%w[upload_authorize upload_finalize].include? action_name
|
|
end
|
|
|
|
def oid
|
|
params[:oid].to_s
|
|
end
|
|
|
|
def size
|
|
params[:size].to_i
|
|
end
|
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
def store_file!(oid, size)
|
|
object = LfsObject.find_by(oid: oid, size: size)
|
|
unless object&.file&.exists?
|
|
object = create_file!(oid, size)
|
|
end
|
|
|
|
return unless object
|
|
|
|
link_to_project!(object)
|
|
end
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
|
|
def create_file!(oid, size)
|
|
uploaded_file = UploadedFile.from_params(
|
|
params, :file, LfsObjectUploader.workhorse_local_upload_path)
|
|
return unless uploaded_file
|
|
|
|
LfsObject.create!(oid: oid, size: size, file: uploaded_file)
|
|
end
|
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
def link_to_project!(object)
|
|
if object && !object.projects.exists?(storage_project.id)
|
|
object.lfs_objects_projects.create!(project: storage_project)
|
|
end
|
|
end
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
end
|