Merge remote-tracking branch 'upstream/master' into no-ivar-in-modules

* upstream/master: (126 commits)
  Update VERSION to 10.3.0-pre
  Update CHANGELOG.md for 10.2.0
  default fill color for SVGs
  ignore hashed repos (for now) when using `rake gitlab:cleanup:repos`
  Use Redis cache for branch existence checks
  Update CONTRIBUTING.md: Link definition of done to criteria
  Use `make install` for Gitaly setups in non-test environments
  FileUploader should check for hashed_storage?(:attachments) to use disk_path
  Set the default gitlab-shell timeout to 3 hours
  Update composite pipelines index to include "id"
  Use arrays in Pipeline#latest_builds_with_artifacts
  Fix blank states using old css
  Skip confirmation user api
  Custom issue tracker
  Revert "check for `read_only?` first before seeing if request is disallowed"
  add `#with_metadata` scope to remove a N+1 from the notes' API
  Fix promoting milestone updating all issuables without milestone
  Batchload blobs for diff generation
  check for `read_only?` first before seeing if request is disallowed
  use `Gitlab::Routing.url_helpers` instead of `Rails.application.routes.url_helpers`
  ...

10 files changed, 99 insertions, 4 deletions

diff --git a/config/application.rb b/config/application.rb
index 5100ec5d2b7..6436f887d14 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -113,7 +113,7 @@ module Gitlab
 
     config.action_view.sanitized_allowed_protocols = %w(smb)
 
-    config.middleware.insert_before Warden::Manager, Rack::Attack
+    config.middleware.insert_after Warden::Manager, Rack::Attack
 
     # Allow access to GitLab API from other domains
     config.middleware.insert_before Warden::Manager, Rack::Cors do
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 7547ba4a8fa..7f6e68ceed6 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -559,8 +559,8 @@ production: &base
     upload_pack: true
     receive_pack: true
 
-    # Git import/fetch timeout
-    # git_timeout: 800
+    # Git import/fetch timeout, in seconds. Defaults to 3 hours.
+    # git_timeout: 10800
 
     # If you use non-standard ssh port you need to specify it
     # ssh_port: 22
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index d1156b0c8a8..f7c83f7b0f7 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -429,7 +429,7 @@ Settings.gitlab_shell['ssh_port']     ||= 22
 Settings.gitlab_shell['ssh_user']     ||= Settings.gitlab.user
 Settings.gitlab_shell['owner_group']  ||= Settings.gitlab.user
 Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.__send__(:build_gitlab_shell_ssh_path_prefix)
-Settings.gitlab_shell['git_timeout'] ||= 800
+Settings.gitlab_shell['git_timeout'] ||= 10800
 
 #
 # Workhorse
diff --git a/config/initializers/ar5_batching.rb b/config/initializers/ar5_batching.rb
index 35e8b3808e2..6ebaf8834d2 100644
--- a/config/initializers/ar5_batching.rb
+++ b/config/initializers/ar5_batching.rb
@@ -34,6 +34,7 @@ module ActiveRecord
         yield yielded_relation
 
         break if ids.length < of
+
         batch_relation = relation.where(arel_table[primary_key].gt(primary_key_offset))
       end
     end
diff --git a/config/initializers/batch_loader.rb b/config/initializers/batch_loader.rb
new file mode 100644
index 00000000000..2e2256b0eb9
--- /dev/null
+++ b/config/initializers/batch_loader.rb
@@ -0,0 +1 @@
+Rails.application.config.middleware.use(BatchLoader::Middleware)
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 958859be6cf..051ef93b205 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -236,6 +236,7 @@ Devise.setup do |config|
         provider['args'][:on_single_sign_out] = lambda do |request|
           ticket = request.params[:session_index]
           raise "Service Ticket not found." unless Gitlab::OAuth::Session.valid?(:cas3, ticket)
+
           Gitlab::OAuth::Session.destroy(:cas3, ticket)
           true
         end
diff --git a/config/initializers/gollum.rb b/config/initializers/gollum.rb
index 1ebe3c7a742..2fd47a3f4d3 100644
--- a/config/initializers/gollum.rb
+++ b/config/initializers/gollum.rb
@@ -10,4 +10,32 @@ module Gollum
       index.send(name, *args)
     end
   end
+
+  class Wiki
+    def pages(treeish = nil, limit: nil)
+      tree_list((treeish || @ref), limit: limit)
+    end
+
+    def tree_list(ref, limit: nil)
+      if (sha = @access.ref_to_sha(ref))
+        commit = @access.commit(sha)
+        tree_map_for(sha).inject([]) do |list, entry|
+          next list unless @page_class.valid_page_name?(entry.name)
+
+          list << entry.page(self, commit)
+          break list if limit && list.size >= limit
+
+          list
+        end
+      else
+        []
+      end
+    end
+  end
+end
+
+Rails.application.configure do
+  config.after_initialize do
+    Gollum::Page.per_page = Kaminari.config.default_per_page
+  end
 end
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index fddb018e948..e9e1f1c4e9b 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -3,6 +3,7 @@ if Gitlab::LDAP::Config.enabled?
     Gitlab::LDAP::Config.available_servers.each do |server|
       # do not redeclare LDAP
       next if server['provider_name'] == 'ldap'
+
       const_set(server['provider_class'], Class.new(LDAP))
     end
   end
diff --git a/config/initializers/postgresql_cte.rb b/config/initializers/postgresql_cte.rb
index 7f0df8949db..38a9cd68d57 100644
--- a/config/initializers/postgresql_cte.rb
+++ b/config/initializers/postgresql_cte.rb
@@ -61,11 +61,13 @@ module ActiveRecord
 
     def with_values=(values)
       raise ImmutableRelation if @loaded
+
       @values[:with] = values
     end
 
     def recursive_value=(value)
       raise ImmutableRelation if @loaded
+
       @values[:recursive] = value
     end
 
diff --git a/config/initializers/rack_attack_global.rb b/config/initializers/rack_attack_global.rb
new file mode 100644
index 00000000000..9453df2ec5a
--- /dev/null
+++ b/config/initializers/rack_attack_global.rb
@@ -0,0 +1,61 @@
+module Gitlab::Throttle
+  def self.settings
+    Gitlab::CurrentSettings.current_application_settings
+  end
+
+  def self.unauthenticated_options
+    limit_proc = proc { |req| settings.throttle_unauthenticated_requests_per_period }
+    period_proc = proc { |req| settings.throttle_unauthenticated_period_in_seconds.seconds }
+    { limit: limit_proc, period: period_proc }
+  end
+
+  def self.authenticated_api_options
+    limit_proc = proc { |req| settings.throttle_authenticated_api_requests_per_period }
+    period_proc = proc { |req| settings.throttle_authenticated_api_period_in_seconds.seconds }
+    { limit: limit_proc, period: period_proc }
+  end
+
+  def self.authenticated_web_options
+    limit_proc = proc { |req| settings.throttle_authenticated_web_requests_per_period }
+    period_proc = proc { |req| settings.throttle_authenticated_web_period_in_seconds.seconds }
+    { limit: limit_proc, period: period_proc }
+  end
+end
+
+class Rack::Attack
+  throttle('throttle_unauthenticated', Gitlab::Throttle.unauthenticated_options) do |req|
+    Gitlab::Throttle.settings.throttle_unauthenticated_enabled &&
+      req.unauthenticated? &&
+      req.ip
+  end
+
+  throttle('throttle_authenticated_api', Gitlab::Throttle.authenticated_api_options) do |req|
+    Gitlab::Throttle.settings.throttle_authenticated_api_enabled &&
+      req.api_request? &&
+      req.authenticated_user_id
+  end
+
+  throttle('throttle_authenticated_web', Gitlab::Throttle.authenticated_web_options) do |req|
+    Gitlab::Throttle.settings.throttle_authenticated_web_enabled &&
+      req.web_request? &&
+      req.authenticated_user_id
+  end
+
+  class Request
+    def unauthenticated?
+      !authenticated_user_id
+    end
+
+    def authenticated_user_id
+      Gitlab::Auth::RequestAuthenticator.new(self).user&.id
+    end
+
+    def api_request?
+      path.start_with?('/api')
+    end
+
+    def web_request?
+      !api_request?
+    end
+  end
+end