diff options
Diffstat (limited to 'config/initializers')
| -rw-r--r-- | config/initializers/1_settings.rb | 4 | ||||
| -rw-r--r-- | config/initializers/7_prometheus_metrics.rb | 15 | ||||
| -rw-r--r-- | config/initializers/8_metrics.rb | 5 | ||||
| -rw-r--r-- | config/initializers/ar5_batching.rb | 1 | ||||
| -rw-r--r-- | config/initializers/batch_loader.rb | 1 | ||||
| -rw-r--r-- | config/initializers/devise.rb | 3 | ||||
| -rw-r--r-- | config/initializers/forbid_sidekiq_in_transactions.rb | 19 | ||||
| -rw-r--r-- | config/initializers/gollum.rb | 32 | ||||
| -rw-r--r-- | config/initializers/math_lexer.rb | 2 | ||||
| -rw-r--r-- | config/initializers/omniauth.rb | 1 | ||||
| -rw-r--r-- | config/initializers/plantuml_lexer.rb | 2 | ||||
| -rw-r--r-- | config/initializers/postgresql_cte.rb | 2 | ||||
| -rw-r--r-- | config/initializers/rack_attack_global.rb | 61 | ||||
| -rw-r--r-- | config/initializers/sidekiq.rb | 8 |
14 files changed, 121 insertions, 35 deletions
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 224ae5aa56b..b0cfd50233a 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -256,7 +256,7 @@ rescue ArgumentError # no user configured end Settings.gitlab['time_zone'] ||= nil Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil? -Settings.gitlab['password_authentication_enabled'] ||= true if Settings.gitlab['password_authentication_enabled'].nil? +Settings.gitlab['signin_enabled'] ||= true if Settings.gitlab['signin_enabled'].nil? Settings.gitlab['restricted_visibility_levels'] = Settings.__send__(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], []) Settings.gitlab['username_changing_enabled'] = true if Settings.gitlab['username_changing_enabled'].nil? Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)' if Settings.gitlab['issue_closing_pattern'].nil? @@ -443,7 +443,7 @@ Settings.gitlab_shell['ssh_port'] ||= 22 Settings.gitlab_shell['ssh_user'] ||= Settings.gitlab.user Settings.gitlab_shell['owner_group'] ||= Settings.gitlab.user Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.__send__(:build_gitlab_shell_ssh_path_prefix) -Settings.gitlab_shell['git_timeout'] ||= 800 +Settings.gitlab_shell['git_timeout'] ||= 10800 # # Workhorse diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb index e8f33593fe0..eb7959e4da6 100644 --- a/config/initializers/7_prometheus_metrics.rb +++ b/config/initializers/7_prometheus_metrics.rb @@ -11,15 +11,12 @@ Prometheus::Client.configure do |config| config.multiprocess_files_dir ||= Rails.root.join('tmp/prometheus_multiproc_dir') end - config.pid_provider = -> do - wid = Prometheus::Client::Support::Unicorn.worker_id - wid = Process.pid if wid.nil? - if wid.nil? - "process_pid_#{Process.pid}" - else - "worker_id_#{wid}" - end - end + config.pid_provider = Prometheus::Client::Support::Unicorn.method(:worker_pid_provider) +end + +Gitlab::Application.configure do |config| + # 0 should be Sentry to catch errors in this middleware + config.middleware.insert(1, Gitlab::Metrics::RequestsRackMiddleware) end Sidekiq.configure_server do |config| diff --git a/config/initializers/8_metrics.rb b/config/initializers/8_metrics.rb index 7ef594836d6..45b39b2a38d 100644 --- a/config/initializers/8_metrics.rb +++ b/config/initializers/8_metrics.rb @@ -118,11 +118,6 @@ def instrument_classes(instrumentation) end # rubocop:enable Metrics/AbcSize -Gitlab::Application.configure do |config| - # 0 should be Sentry to catch errors in this middleware - config.middleware.insert(1, Gitlab::Metrics::RequestsRackMiddleware) -end - if Gitlab::Metrics.enabled? require 'pathname' require 'influxdb' diff --git a/config/initializers/ar5_batching.rb b/config/initializers/ar5_batching.rb index 35e8b3808e2..6ebaf8834d2 100644 --- a/config/initializers/ar5_batching.rb +++ b/config/initializers/ar5_batching.rb @@ -34,6 +34,7 @@ module ActiveRecord yield yielded_relation break if ids.length < of + batch_relation = relation.where(arel_table[primary_key].gt(primary_key_offset)) end end diff --git a/config/initializers/batch_loader.rb b/config/initializers/batch_loader.rb new file mode 100644 index 00000000000..2e2256b0eb9 --- /dev/null +++ b/config/initializers/batch_loader.rb @@ -0,0 +1 @@ +Rails.application.config.middleware.use(BatchLoader::Middleware) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index c6ec0aeda7b..051ef93b205 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -195,7 +195,7 @@ Devise.setup do |config| config.navigational_formats = [:"*/*", "*/*", :html, :zip] # The default HTTP method used to sign out a resource. Default is :delete. - config.sign_out_via = :delete + config.sign_out_via = :get # ==> OmniAuth # To configure a new OmniAuth provider copy and edit omniauth.rb.sample @@ -236,6 +236,7 @@ Devise.setup do |config| provider['args'][:on_single_sign_out] = lambda do |request| ticket = request.params[:session_index] raise "Service Ticket not found." unless Gitlab::OAuth::Session.valid?(:cas3, ticket) + Gitlab::OAuth::Session.destroy(:cas3, ticket) true end diff --git a/config/initializers/forbid_sidekiq_in_transactions.rb b/config/initializers/forbid_sidekiq_in_transactions.rb index a78711fe599..bedd57ede04 100644 --- a/config/initializers/forbid_sidekiq_in_transactions.rb +++ b/config/initializers/forbid_sidekiq_in_transactions.rb @@ -13,20 +13,19 @@ module Sidekiq module ClassMethods module NoSchedulingFromTransactions - NESTING = ::Rails.env.test? ? 1 : 0 - %i(perform_async perform_at perform_in).each do |name| define_method(name) do |*args| - return super(*args) if Sidekiq::Worker.skip_transaction_check - return super(*args) unless ActiveRecord::Base.connection.open_transactions > NESTING + if !Sidekiq::Worker.skip_transaction_check && AfterCommitQueue.inside_transaction? + raise <<-MSG.strip_heredoc + `#{self}.#{name}` cannot be called inside a transaction as this can lead to + race conditions when the worker runs before the transaction is committed and + tries to access a model that has not been saved yet. - raise <<-MSG.strip_heredoc - `#{self}.#{name}` cannot be called inside a transaction as this can lead to - race conditions when the worker runs before the transaction is committed and - tries to access a model that has not been saved yet. + Use an `after_commit` hook, or include `AfterCommitQueue` and use a `run_after_commit` block instead. + MSG + end - Use an `after_commit` hook, or include `AfterCommitQueue` and use a `run_after_commit` block instead. - MSG + super(*args) end end end diff --git a/config/initializers/gollum.rb b/config/initializers/gollum.rb index 1ebe3c7a742..f1066f83dd9 100644 --- a/config/initializers/gollum.rb +++ b/config/initializers/gollum.rb @@ -1,3 +1,7 @@ +# WARNING changes in this file must be manually propagated to gitaly-ruby. +# +# https://gitlab.com/gitlab-org/gitaly/blob/master/ruby/lib/gitlab/gollum.rb + module Gollum GIT_ADAPTER = "rugged".freeze end @@ -10,4 +14,32 @@ module Gollum index.send(name, *args) end end + + class Wiki + def pages(treeish = nil, limit: nil) + tree_list((treeish || @ref), limit: limit) + end + + def tree_list(ref, limit: nil) + if (sha = @access.ref_to_sha(ref)) + commit = @access.commit(sha) + tree_map_for(sha).inject([]) do |list, entry| + next list unless @page_class.valid_page_name?(entry.name) + + list << entry.page(self, commit) + break list if limit && list.size >= limit + + list + end + else + [] + end + end + end +end + +Rails.application.configure do + config.after_initialize do + Gollum::Page.per_page = Kaminari.config.default_per_page + end end diff --git a/config/initializers/math_lexer.rb b/config/initializers/math_lexer.rb deleted file mode 100644 index 8a3388a267e..00000000000 --- a/config/initializers/math_lexer.rb +++ /dev/null @@ -1,2 +0,0 @@ -# Touch the lexers so it is registered with Rouge -Rouge::Lexers::Math diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index fddb018e948..e9e1f1c4e9b 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -3,6 +3,7 @@ if Gitlab::LDAP::Config.enabled? Gitlab::LDAP::Config.available_servers.each do |server| # do not redeclare LDAP next if server['provider_name'] == 'ldap' + const_set(server['provider_class'], Class.new(LDAP)) end end diff --git a/config/initializers/plantuml_lexer.rb b/config/initializers/plantuml_lexer.rb deleted file mode 100644 index e8a77b146fa..00000000000 --- a/config/initializers/plantuml_lexer.rb +++ /dev/null @@ -1,2 +0,0 @@ -# Touch the lexers so it is registered with Rouge -Rouge::Lexers::Plantuml diff --git a/config/initializers/postgresql_cte.rb b/config/initializers/postgresql_cte.rb index 7f0df8949db..38a9cd68d57 100644 --- a/config/initializers/postgresql_cte.rb +++ b/config/initializers/postgresql_cte.rb @@ -61,11 +61,13 @@ module ActiveRecord def with_values=(values) raise ImmutableRelation if @loaded + @values[:with] = values end def recursive_value=(value) raise ImmutableRelation if @loaded + @values[:recursive] = value end diff --git a/config/initializers/rack_attack_global.rb b/config/initializers/rack_attack_global.rb new file mode 100644 index 00000000000..9453df2ec5a --- /dev/null +++ b/config/initializers/rack_attack_global.rb @@ -0,0 +1,61 @@ +module Gitlab::Throttle + def self.settings + Gitlab::CurrentSettings.current_application_settings + end + + def self.unauthenticated_options + limit_proc = proc { |req| settings.throttle_unauthenticated_requests_per_period } + period_proc = proc { |req| settings.throttle_unauthenticated_period_in_seconds.seconds } + { limit: limit_proc, period: period_proc } + end + + def self.authenticated_api_options + limit_proc = proc { |req| settings.throttle_authenticated_api_requests_per_period } + period_proc = proc { |req| settings.throttle_authenticated_api_period_in_seconds.seconds } + { limit: limit_proc, period: period_proc } + end + + def self.authenticated_web_options + limit_proc = proc { |req| settings.throttle_authenticated_web_requests_per_period } + period_proc = proc { |req| settings.throttle_authenticated_web_period_in_seconds.seconds } + { limit: limit_proc, period: period_proc } + end +end + +class Rack::Attack + throttle('throttle_unauthenticated', Gitlab::Throttle.unauthenticated_options) do |req| + Gitlab::Throttle.settings.throttle_unauthenticated_enabled && + req.unauthenticated? && + req.ip + end + + throttle('throttle_authenticated_api', Gitlab::Throttle.authenticated_api_options) do |req| + Gitlab::Throttle.settings.throttle_authenticated_api_enabled && + req.api_request? && + req.authenticated_user_id + end + + throttle('throttle_authenticated_web', Gitlab::Throttle.authenticated_web_options) do |req| + Gitlab::Throttle.settings.throttle_authenticated_web_enabled && + req.web_request? && + req.authenticated_user_id + end + + class Request + def unauthenticated? + !authenticated_user_id + end + + def authenticated_user_id + Gitlab::Auth::RequestAuthenticator.new(self).user&.id + end + + def api_request? + path.start_with?('/api') + end + + def web_request? + !api_request? + end + end +end diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb index a1cc9655319..ba4481ae602 100644 --- a/config/initializers/sidekiq.rb +++ b/config/initializers/sidekiq.rb @@ -64,13 +64,13 @@ end # The Sidekiq client API always adds the queue to the Sidekiq queue # list, but mail_room and gitlab-shell do not. This is only necessary # for monitoring. -config = YAML.load_file(Rails.root.join('config', 'sidekiq_queues.yml').to_s) - begin + queues = Gitlab::SidekiqConfig.worker_queues + Sidekiq.redis do |conn| conn.pipelined do - config[:queues].each do |queue| - conn.sadd('queues', queue[0]) + queues.each do |queue| + conn.sadd('queues', queue) end end end |