gitlab-org--gitlab-foss/app/controllers/projects/commits_controller.rb
Stan Hu 384a92b736 Check for valid refs in CommitController before doing anything
Before a 404 would be rendered only after a request to Gitaly would
return with an InvalidArgument error. Now we check that the ref have a
valid format before sending it to Gitaly. In both cases, a 404 is
returned to the user, but this change prevents Gitaly from generating
error noise in production.

Closes https://gitlab.com/gitlab-org/gitaly/issues/1425
2018-12-09 21:56:31 -08:00

81 lines
2.4 KiB
Ruby

# frozen_string_literal: true
require "base64"
class Projects::CommitsController < Projects::ApplicationController
include ExtractsPath
include RendersCommits
prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:rss) }
before_action :whitelist_query_limiting, except: :commits_root
before_action :require_non_empty_project
before_action :assign_ref_vars, except: :commits_root
before_action :authorize_download_code!
before_action :validate_ref!, except: :commits_root
before_action :set_commits, except: :commits_root
def commits_root
redirect_to project_commits_path(@project, @project.default_branch)
end
# rubocop: disable CodeReuse/ActiveRecord
def show
@merge_request = MergeRequestsFinder.new(current_user, project_id: @project.id).execute.opened
.find_by(source_project: @project, source_branch: @ref, target_branch: @repository.root_ref)
respond_to do |format|
format.html
format.atom { render layout: 'xml.atom' }
format.json do
pager_json(
'projects/commits/_commits',
@commits.size,
project: @project,
ref: @ref)
end
end
end
# rubocop: enable CodeReuse/ActiveRecord
def signatures
respond_to do |format|
format.json do
render json: {
signatures: @commits.select(&:has_signature?).map do |commit|
{
commit_sha: commit.sha,
html: view_to_html_string('projects/commit/_signature', signature: commit.signature)
}
end
}
end
end
end
private
def validate_ref!
render_404 unless valid_ref?(@ref)
end
def set_commits
render_404 unless @path.empty? || request.format == :atom || @repository.blob_at(@commit.id, @path) || @repository.tree(@commit.id, @path).entries.present?
@limit, @offset = (params[:limit] || 40).to_i, (params[:offset] || 0).to_i
search = params[:search]
@commits =
if search.present?
@repository.find_commits_by_message(search, @ref, @path, @limit, @offset)
else
@repository.commits(@ref, path: @path, limit: @limit, offset: @offset)
end
@commits = @commits.with_pipeline_status
@commits = set_commits_for_rendering(@commits)
end
def whitelist_query_limiting
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42330')
end
end