diff options
Diffstat (limited to 'lib')
94 files changed, 1340 insertions, 428 deletions
| diff --git a/lib/api/api.rb b/lib/api/api.rb index f3f64244589..e953f3d2eca 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -146,6 +146,7 @@ module API      mount ::API::Repositories      mount ::API::Runner      mount ::API::Runners +    mount ::API::Search      mount ::API::Services      mount ::API::Settings      mount ::API::SidekiqMetrics diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb index 9aeebc34525..c2113551207 100644 --- a/lib/api/api_guard.rb +++ b/lib/api/api_guard.rb @@ -42,7 +42,7 @@ module API        include Gitlab::Auth::UserAuthFinders        def find_current_user! -        user = find_user_from_access_token || find_user_from_warden +        user = find_user_from_sources          return unless user          forbidden!('User is blocked') unless Gitlab::UserAccess.new(user).allowed? && user.can?(:access_api) @@ -50,6 +50,10 @@ module API          user        end +      def find_user_from_sources +        find_user_from_access_token || find_user_from_warden +      end +        private        # An array of scopes that were registered (using `allow_access_with_scope`) diff --git a/lib/api/branches.rb b/lib/api/branches.rb index 0791a110c39..1794207e29b 100644 --- a/lib/api/branches.rb +++ b/lib/api/branches.rb @@ -29,6 +29,8 @@ module API          use :pagination        end        get ':id/repository/branches' do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42329') +          repository = user_project.repository          branches = ::Kaminari.paginate_array(repository.branches.sort_by(&:name))          merged_branch_names = repository.merged_branch_names(branches.map(&:name)) diff --git a/lib/api/entities.rb b/lib/api/entities.rb index e13463ec66b..7838de13c56 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -314,24 +314,20 @@ module API        end      end -    class ProjectSnippet < Grape::Entity +    class Snippet < Grape::Entity        expose :id, :title, :file_name, :description        expose :author, using: Entities::UserBasic        expose :updated_at, :created_at - -      expose :web_url do |snippet, options| +      expose :project_id +      expose :web_url do |snippet|          Gitlab::UrlBuilder.build(snippet)        end      end -    class PersonalSnippet < Grape::Entity -      expose :id, :title, :file_name, :description -      expose :author, using: Entities::UserBasic -      expose :updated_at, :created_at +    class ProjectSnippet < Snippet +    end -      expose :web_url do |snippet| -        Gitlab::UrlBuilder.build(snippet) -      end +    class PersonalSnippet < Snippet        expose :raw_url do |snippet|          Gitlab::UrlBuilder.build(snippet) + "/raw"        end @@ -1168,5 +1164,14 @@ module API      class ApplicationWithSecret < Application        expose :secret      end + +    class Blob < Grape::Entity +      expose :basename +      expose :data +      expose :filename +      expose :id +      expose :ref +      expose :startline +    end    end  end diff --git a/lib/api/helpers/internal_helpers.rb b/lib/api/helpers/internal_helpers.rb index eb67de81a0d..cd59da6fc70 100644 --- a/lib/api/helpers/internal_helpers.rb +++ b/lib/api/helpers/internal_helpers.rb @@ -60,8 +60,20 @@ module API          false        end +      def project_path +        project&.path || project_path_match[:project_path] +      end + +      def namespace_path +        project&.namespace&.full_path || project_path_match[:namespace_path] +      end +        private +      def project_path_match +        @project_path_match ||= params[:project].match(Gitlab::PathRegex.full_project_git_path_regex) || {} +      end +        # rubocop:disable Gitlab/ModuleWithInstanceVariables        def set_project          if params[:gl_repository] diff --git a/lib/api/helpers/pagination.rb b/lib/api/helpers/pagination.rb index bb70370ba77..09805049169 100644 --- a/lib/api/helpers/pagination.rb +++ b/lib/api/helpers/pagination.rb @@ -12,13 +12,16 @@ module API        private        def add_pagination_headers(paginated_data) -        header 'X-Total',       paginated_data.total_count.to_s -        header 'X-Total-Pages', total_pages(paginated_data).to_s          header 'X-Per-Page',    paginated_data.limit_value.to_s          header 'X-Page',        paginated_data.current_page.to_s          header 'X-Next-Page',   paginated_data.next_page.to_s          header 'X-Prev-Page',   paginated_data.prev_page.to_s          header 'Link',          pagination_links(paginated_data) + +        return if data_without_counts?(paginated_data) + +        header 'X-Total',       paginated_data.total_count.to_s +        header 'X-Total-Pages', total_pages(paginated_data).to_s        end        def pagination_links(paginated_data) @@ -37,8 +40,10 @@ module API          request_params[:page] = 1          links << %(<#{request_url}?#{request_params.to_query}>; rel="first") -        request_params[:page] = total_pages(paginated_data) -        links << %(<#{request_url}?#{request_params.to_query}>; rel="last") +        unless data_without_counts?(paginated_data) +          request_params[:page] = total_pages(paginated_data) +          links << %(<#{request_url}?#{request_params.to_query}>; rel="last") +        end          links.join(', ')        end @@ -55,6 +60,10 @@ module API          relation        end + +      def data_without_counts?(paginated_data) +        paginated_data.is_a?(Kaminari::PaginatableWithoutCount) +      end      end    end  end diff --git a/lib/api/helpers/runner.rb b/lib/api/helpers/runner.rb index 2cae53dba53..fbe30192a16 100644 --- a/lib/api/helpers/runner.rb +++ b/lib/api/helpers/runner.rb @@ -1,15 +1,12 @@  module API    module Helpers      module Runner -      include Gitlab::CurrentSettings -        JOB_TOKEN_HEADER = 'HTTP_JOB_TOKEN'.freeze        JOB_TOKEN_PARAM = :token -      UPDATE_RUNNER_EVERY = 10 * 60        def runner_registration_token_valid?          ActiveSupport::SecurityUtils.variable_size_secure_compare(params[:token], -                                                                  current_application_settings.runners_registration_token) +                                                                  Gitlab::CurrentSettings.runners_registration_token)        end        def get_runner_version_from_params @@ -20,30 +17,14 @@ module API        def authenticate_runner!          forbidden! unless current_runner + +        current_runner.update_cached_info(get_runner_version_from_params)        end        def current_runner          @runner ||= ::Ci::Runner.find_by_token(params[:token].to_s)        end -      def update_runner_info -        return unless update_runner? - -        current_runner.contacted_at = Time.now -        current_runner.assign_attributes(get_runner_version_from_params) -        current_runner.save if current_runner.changed? -      end - -      def update_runner? -        # Use a random threshold to prevent beating DB updates. -        # It generates a distribution between [40m, 80m]. -        # -        contacted_at_max_age = UPDATE_RUNNER_EVERY + Random.rand(UPDATE_RUNNER_EVERY) - -        current_runner.contacted_at.nil? || -          (Time.now - current_runner.contacted_at) >= contacted_at_max_age -      end -        def validate_job!(job)          not_found! unless job @@ -70,7 +51,7 @@ module API        end        def max_artifacts_size -        current_application_settings.max_artifacts_size.megabytes.to_i +        Gitlab::CurrentSettings.max_artifacts_size.megabytes.to_i        end      end    end diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 063f0d6599c..9285fb90cdc 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -42,11 +42,14 @@ module API            end          access_checker_klass = wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess -        access_checker = access_checker_klass -          .new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities, redirected_path: redirected_path) +        access_checker = access_checker_klass.new(actor, project, +          protocol, authentication_abilities: ssh_authentication_abilities, +                    namespace_path: namespace_path, project_path: project_path, +                    redirected_path: redirected_path)          begin            access_checker.check(params[:action], params[:changes]) +          @project ||= access_checker.project          rescue Gitlab::GitAccess::UnauthorizedError, Gitlab::GitAccess::NotFoundError => e            return { status: false, message: e.message }          end @@ -207,8 +210,11 @@ module API          # A user is not guaranteed to be returned; an orphaned write deploy          # key could be used          if user -          redirect_message = Gitlab::Checks::ProjectMoved.fetch_redirect_message(user.id, project.id) +          redirect_message = Gitlab::Checks::ProjectMoved.fetch_message(user.id, project.id) +          project_created_message = Gitlab::Checks::ProjectCreated.fetch_message(user.id, project.id) +            output[:redirected_message] = redirect_message if redirect_message +          output[:project_created_message] = project_created_message if project_created_message          end          output diff --git a/lib/api/issues.rb b/lib/api/issues.rb index c99fe3ab5b3..b6c278c89d0 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -161,6 +161,8 @@ module API          use :issue_params        end        post ':id/issues' do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42320') +          authorize! :create_issue, user_project          # Setting created_at time only allowed for admins and project owners @@ -201,6 +203,8 @@ module API                          :labels, :created_at, :due_date, :confidential, :state_event        end        put ':id/issues/:issue_iid' do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42322') +          issue = user_project.issues.find_by!(iid: params.delete(:issue_iid))          authorize! :update_issue, issue @@ -234,6 +238,8 @@ module API          requires :to_project_id, type: Integer, desc: 'The ID of the new project'        end        post ':id/issues/:issue_iid/move' do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42323') +          issue = user_project.issues.find_by(iid: params[:issue_iid])          not_found!('Issue') unless issue diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 420aaf1c964..719afa09295 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -152,6 +152,8 @@ module API          use :optional_params        end        post ":id/merge_requests" do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42316') +          authorize! :create_merge_request, user_project          mr_params = declared_params(include_missing: false) @@ -256,6 +258,8 @@ module API          at_least_one_of(*at_least_one_of_ce)        end        put ':id/merge_requests/:merge_request_iid' do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42318') +          merge_request = find_merge_request_with_access(params.delete(:merge_request_iid), :update_merge_request)          mr_params = declared_params(include_missing: false) @@ -283,6 +287,8 @@ module API          optional :sha, type: String, desc: 'When present, must have the HEAD SHA of the source branch'        end        put ':id/merge_requests/:merge_request_iid/merge' do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42317') +          merge_request = find_project_merge_request(params[:merge_request_iid])          merge_when_pipeline_succeeds = to_boolean(params[:merge_when_pipeline_succeeds]) diff --git a/lib/api/pipelines.rb b/lib/api/pipelines.rb index 675c963bae2..d2b8b832e4e 100644 --- a/lib/api/pipelines.rb +++ b/lib/api/pipelines.rb @@ -42,6 +42,8 @@ module API          requires :ref, type: String,  desc: 'Reference'        end        post ':id/pipeline' do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42124') +          authorize! :create_pipeline, user_project          new_pipeline = Ci::CreatePipelineService.new(user_project, diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 8b5e4f8edcc..5b481121a10 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -210,6 +210,8 @@ module API          optional :namespace, type: String, desc: 'The ID or name of the namespace that the project will be forked into'        end        post ':id/fork' do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42284') +          fork_params = declared_params(include_missing: false)          namespace_id = fork_params[:namespace] diff --git a/lib/api/runner.rb b/lib/api/runner.rb index e6e85d41806..be044a8433e 100644 --- a/lib/api/runner.rb +++ b/lib/api/runner.rb @@ -78,7 +78,6 @@ module API        post '/request' do          authenticate_runner!          no_content! unless current_runner.active? -        update_runner_info          if current_runner.runner_queue_value_latest?(params[:last_update])            header 'X-GitLab-Last-Update', params[:last_update] diff --git a/lib/api/search.rb b/lib/api/search.rb new file mode 100644 index 00000000000..9f08fd96a3b --- /dev/null +++ b/lib/api/search.rb @@ -0,0 +1,115 @@ +module API +  class Search < Grape::API +    include PaginationParams + +    before { authenticate! } + +    helpers do +      SCOPE_ENTITY = { +        merge_requests: Entities::MergeRequestBasic, +        issues: Entities::IssueBasic, +        projects: Entities::BasicProjectDetails, +        milestones: Entities::Milestone, +        notes: Entities::Note, +        commits: Entities::Commit, +        blobs: Entities::Blob, +        wiki_blobs: Entities::Blob, +        snippet_titles: Entities::Snippet, +        snippet_blobs: Entities::Snippet +      }.freeze + +      def search(additional_params = {}) +        search_params = { +          scope: params[:scope], +          search: params[:search], +          snippets: snippets?, +          page: params[:page], +          per_page: params[:per_page] +        }.merge(additional_params) + +        results = SearchService.new(current_user, search_params).search_objects + +        process_results(results) +      end + +      def process_results(results) +        case params[:scope] +        when 'wiki_blobs' +          paginate(results).map { |blob| Gitlab::ProjectSearchResults.parse_search_result(blob) } +        when 'blobs' +          paginate(results).map { |blob| blob[1] } +        else +          paginate(results) +        end +      end + +      def snippets? +        %w(snippet_blobs snippet_titles).include?(params[:scope]).to_s +      end + +      def entity +        SCOPE_ENTITY[params[:scope].to_sym] +      end +    end + +    resource :search do +      desc 'Search on GitLab' do +        detail 'This feature was introduced in GitLab 10.5.' +      end +      params do +        requires :search, type: String, desc: 'The expression it should be searched for' +        requires :scope, +          type: String, +          desc: 'The scope of search, available scopes: +            projects, issues, merge_requests, milestones, snippet_titles, snippet_blobs', +          values: %w(projects issues merge_requests milestones snippet_titles snippet_blobs) +        use :pagination +      end +      get do +        present search, with: entity +      end +    end + +    resource :groups, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do +      desc 'Search on GitLab' do +        detail 'This feature was introduced in GitLab 10.5.' +      end +      params do +        requires :id, type: String, desc: 'The ID of a group' +        requires :search, type: String, desc: 'The expression it should be searched for' +        requires :scope, +          type: String, +          desc: 'The scope of search, available scopes: +            projects, issues, merge_requests, milestones', +          values: %w(projects issues merge_requests milestones) +        use :pagination +      end +      get ':id/-/search' do +        find_group!(params[:id]) + +        present search(group_id: params[:id]), with: entity +      end +    end + +    resource :projects, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do +      desc 'Search on GitLab' do +        detail 'This feature was introduced in GitLab 10.5.' +      end +      params do +        requires :id, type: String, desc: 'The ID of a project' +        requires :search, type: String, desc: 'The expression it should be searched for' +        requires :scope, +          type: String, +          desc: 'The scope of search, available scopes: +            issues, merge_requests, milestones, notes, wiki_blobs, commits, blobs', +          values: %w(issues merge_requests milestones notes wiki_blobs commits blobs) +        use :pagination +      end +      get ':id/-/search' do +        find_project!(params[:id]) + +        present search(project_id: params[:id]), with: entity +      end +    end +  end +end diff --git a/lib/api/triggers.rb b/lib/api/triggers.rb index dd6801664b1..b3709455bc3 100644 --- a/lib/api/triggers.rb +++ b/lib/api/triggers.rb @@ -15,6 +15,8 @@ module API          optional :variables, type: Hash, desc: 'The list of variables to be injected into build'        end        post ":id/(ref/:ref/)trigger/pipeline", requirements: { ref: /.+/ } do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42283') +          # validate variables          params[:variables] = params[:variables].to_h          unless params[:variables].all? { |key, value| key.is_a?(String) && value.is_a?(String) } diff --git a/lib/api/users.rb b/lib/api/users.rb index e5de31ad51b..3cc12724b8a 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -18,6 +18,14 @@ module API            User.find_by(id: id) || not_found!('User')          end +        def reorder_users(users) +          if params[:order_by] && params[:sort] +            users.reorder(params[:order_by] => params[:sort]) +          else +            users +          end +        end +          params :optional_attributes do            optional :skype, type: String, desc: 'The Skype username'            optional :linkedin, type: String, desc: 'The LinkedIn username' @@ -35,6 +43,13 @@ module API            optional :avatar, type: File, desc: 'Avatar image for user'            all_or_none_of :extern_uid, :provider          end + +        params :sort_params do +          optional :order_by, type: String, values: %w[id name username created_at updated_at], +                              default: 'id', desc: 'Return users ordered by a field' +          optional :sort, type: String, values: %w[asc desc], default: 'desc', +                          desc: 'Return users sorted in ascending and descending order' +        end        end        desc 'Get the list of users' do @@ -53,16 +68,18 @@ module API          optional :created_before, type: DateTime, desc: 'Return users created before the specified time'          all_or_none_of :extern_uid, :provider +        use :sort_params          use :pagination        end        get do          authenticated_as_admin! if params[:external].present? || (params[:extern_uid].present? && params[:provider].present?)          unless current_user&.admin? -          params.except!(:created_after, :created_before) +          params.except!(:created_after, :created_before, :order_by, :sort)          end          users = UsersFinder.new(current_user, params).execute +        users = reorder_users(users)          authorized = can?(current_user, :read_users_list) @@ -383,6 +400,8 @@ module API          optional :hard_delete, type: Boolean, desc: "Whether to remove a user's contributions"        end        delete ":id" do +        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42279') +          authenticated_as_admin!          user = User.find_by(id: params[:id]) diff --git a/lib/api/v3/branches.rb b/lib/api/v3/branches.rb index b201bf77667..25176c5b38e 100644 --- a/lib/api/v3/branches.rb +++ b/lib/api/v3/branches.rb @@ -14,6 +14,8 @@ module API            success ::API::Entities::Branch          end          get ":id/repository/branches" do +          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42276') +            repository = user_project.repository            branches = repository.branches.sort_by(&:name)            merged_branch_names = repository.merged_branch_names(branches.map(&:name)) diff --git a/lib/api/v3/issues.rb b/lib/api/v3/issues.rb index cb371fdbab8..b59947d81d9 100644 --- a/lib/api/v3/issues.rb +++ b/lib/api/v3/issues.rb @@ -134,6 +134,8 @@ module API            use :issue_params          end          post ':id/issues' do +          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42131') +            # Setting created_at time only allowed for admins and project owners            unless current_user.admin? || user_project.owner == current_user              params.delete(:created_at) @@ -169,6 +171,8 @@ module API                            :labels, :created_at, :due_date, :confidential, :state_event          end          put ':id/issues/:issue_id' do +          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42132') +            issue = user_project.issues.find(params.delete(:issue_id))            authorize! :update_issue, issue @@ -201,6 +205,8 @@ module API            requires :to_project_id, type: Integer, desc: 'The ID of the new project'          end          post ':id/issues/:issue_id/move' do +          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42133') +            issue = user_project.issues.find_by(id: params[:issue_id])            not_found!('Issue') unless issue diff --git a/lib/api/v3/merge_requests.rb b/lib/api/v3/merge_requests.rb index 0a24fea52a3..ce216497996 100644 --- a/lib/api/v3/merge_requests.rb +++ b/lib/api/v3/merge_requests.rb @@ -91,6 +91,8 @@ module API            use :optional_params          end          post ":id/merge_requests" do +          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42126') +            authorize! :create_merge_request, user_project            mr_params = declared_params(include_missing: false) @@ -167,6 +169,8 @@ module API                              :remove_source_branch            end            put path do +            Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42127') +              merge_request = find_merge_request_with_access(params.delete(:merge_request_id), :update_merge_request)              mr_params = declared_params(include_missing: false) diff --git a/lib/api/v3/pipelines.rb b/lib/api/v3/pipelines.rb index c48cbd2b765..6d31c12f572 100644 --- a/lib/api/v3/pipelines.rb +++ b/lib/api/v3/pipelines.rb @@ -19,6 +19,8 @@ module API                                desc: 'Either running, branches, or tags'          end          get ':id/pipelines' do +          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42123') +            authorize! :read_pipeline, user_project            pipelines = PipelinesFinder.new(user_project, scope: params[:scope]).execute diff --git a/lib/api/v3/projects.rb b/lib/api/v3/projects.rb index c856ba99f09..7d8b1f369fe 100644 --- a/lib/api/v3/projects.rb +++ b/lib/api/v3/projects.rb @@ -174,7 +174,7 @@ module API            use :pagination          end          get "/search/:query", requirements: { query: %r{[^/]+} } do -          search_service = Search::GlobalService.new(current_user, search: params[:query]).execute +          search_service = ::Search::GlobalService.new(current_user, search: params[:query]).execute            projects = search_service.objects('projects', params[:page], false)            projects = projects.reorder(params[:order_by] => params[:sort]) diff --git a/lib/api/v3/triggers.rb b/lib/api/v3/triggers.rb index 534911fde5c..34f07dfb486 100644 --- a/lib/api/v3/triggers.rb +++ b/lib/api/v3/triggers.rb @@ -16,6 +16,8 @@ module API            optional :variables, type: Hash, desc: 'The list of variables to be injected into build'          end          post ":id/(ref/:ref/)trigger/builds", requirements: { ref: /.+/ } do +          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42121') +            # validate variables            params[:variables] = params[:variables].to_h            unless params[:variables].all? { |key, value| key.is_a?(String) && value.is_a?(String) } diff --git a/lib/banzai/color_parser.rb b/lib/banzai/color_parser.rb new file mode 100644 index 00000000000..355c364b07b --- /dev/null +++ b/lib/banzai/color_parser.rb @@ -0,0 +1,44 @@ +module Banzai +  module ColorParser +    ALPHA = /0(?:\.\d+)?|\.\d+|1(?:\.0+)?/ # 0.0..1.0 +    PERCENTS = /(?:\d{1,2}|100)%/ # 00%..100% +    ALPHA_CHANNEL = /(?:,\s*(?:#{ALPHA}|#{PERCENTS}))?/ +    BITS = /\d{1,2}|1\d\d|2(?:[0-4]\d|5[0-5])/ # 00..255 +    DEGS = /-?\d+(?:deg)?/i # [-]digits[deg] +    RADS = /-?(?:\d+(?:\.\d+)?|\.\d+)rad/i # [-](digits[.digits] OR .digits)rad +    HEX_FORMAT = /\#(?:\h{3}|\h{4}|\h{6}|\h{8})/ +    RGB_FORMAT = %r{ +      (?:rgba? +        \( +          (?: +            (?:(?:#{BITS},\s*){2}#{BITS}) +            | +            (?:(?:#{PERCENTS},\s*){2}#{PERCENTS}) +          ) +          #{ALPHA_CHANNEL} +        \) +      ) +    }xi +    HSL_FORMAT = %r{ +      (?:hsla? +        \( +          (?:#{DEGS}|#{RADS}),\s*#{PERCENTS},\s*#{PERCENTS} +          #{ALPHA_CHANNEL} +        \) +      ) +    }xi + +    FORMATS = [HEX_FORMAT, RGB_FORMAT, HSL_FORMAT].freeze + +    COLOR_FORMAT = /\A(#{Regexp.union(FORMATS)})\z/ix + +    # Public: Analyzes whether the String is a color code. +    # +    # text - The String to be parsed. +    # +    # Returns the recognized color String or nil if none was found. +    def self.parse(text) +      text if COLOR_FORMAT =~ text +    end +  end +end diff --git a/lib/banzai/filter/color_filter.rb b/lib/banzai/filter/color_filter.rb new file mode 100644 index 00000000000..6ab29ac281f --- /dev/null +++ b/lib/banzai/filter/color_filter.rb @@ -0,0 +1,31 @@ +module Banzai +  module Filter +    # HTML filter that renders `color` followed by a color "chip". +    # +    class ColorFilter < HTML::Pipeline::Filter +      COLOR_CHIP_CLASS = 'gfm-color_chip'.freeze + +      def call +        doc.css('code').each do |node| +          color = ColorParser.parse(node.content) +          node << color_chip(color) if color +        end + +        doc +      end + +      private + +      def color_chip(color) +        checkerboard = doc.document.create_element('span', class: COLOR_CHIP_CLASS) +        chip = doc.document.create_element('span', style: inline_styles(color: color)) + +        checkerboard << chip +      end + +      def inline_styles(color:) +        "background-color: #{color};" +      end +    end +  end +end diff --git a/lib/banzai/pipeline/broadcast_message_pipeline.rb b/lib/banzai/pipeline/broadcast_message_pipeline.rb index adc09c8afbd..5dd572de3a1 100644 --- a/lib/banzai/pipeline/broadcast_message_pipeline.rb +++ b/lib/banzai/pipeline/broadcast_message_pipeline.rb @@ -7,6 +7,7 @@ module Banzai            Filter::SanitizationFilter,            Filter::EmojiFilter, +          Filter::ColorFilter,            Filter::AutolinkFilter,            Filter::ExternalLinkFilter          ] diff --git a/lib/banzai/pipeline/gfm_pipeline.rb b/lib/banzai/pipeline/gfm_pipeline.rb index c746f6f64e9..4001b8a85e3 100644 --- a/lib/banzai/pipeline/gfm_pipeline.rb +++ b/lib/banzai/pipeline/gfm_pipeline.rb @@ -14,6 +14,7 @@ module Banzai            Filter::SyntaxHighlightFilter,            Filter::MathFilter, +          Filter::ColorFilter,            Filter::MermaidFilter,            Filter::VideoLinkFilter,            Filter::ImageLazyLoadFilter, diff --git a/lib/carrier_wave_string_file.rb b/lib/carrier_wave_string_file.rb new file mode 100644 index 00000000000..6c848902e4a --- /dev/null +++ b/lib/carrier_wave_string_file.rb @@ -0,0 +1,5 @@ +class CarrierWaveStringFile < StringIO +  def original_filename +    "" +  end +end diff --git a/lib/constraints/user_url_constrainer.rb b/lib/constraints/user_url_constrainer.rb index b7633aa7cbb..3b3ed1c6ddb 100644 --- a/lib/constraints/user_url_constrainer.rb +++ b/lib/constraints/user_url_constrainer.rb @@ -2,7 +2,7 @@ class UserUrlConstrainer    def matches?(request)      full_path = request.params[:username] -    return false unless UserPathValidator.valid_path?(full_path) +    return false unless NamespacePathValidator.valid_path?(full_path)      User.find_by_full_path(full_path, follow_redirects: request.get?).present?    end diff --git a/lib/email_template_interceptor.rb b/lib/email_template_interceptor.rb index f2bf3d0fb2b..3978a6d9fe4 100644 --- a/lib/email_template_interceptor.rb +++ b/lib/email_template_interceptor.rb @@ -1,10 +1,8 @@  # Read about interceptors in http://guides.rubyonrails.org/action_mailer_basics.html#intercepting-emails  class EmailTemplateInterceptor -  extend Gitlab::CurrentSettings -    def self.delivering_email(message)      # Remove HTML part if HTML emails are disabled. -    unless current_application_settings.html_emails_enabled +    unless Gitlab::CurrentSettings.html_emails_enabled        message.parts.delete_if do |part|          part.content_type.start_with?('text/html')        end diff --git a/lib/gitlab/asciidoc.rb b/lib/gitlab/asciidoc.rb index cead1c7eacd..ee7f4be6b9f 100644 --- a/lib/gitlab/asciidoc.rb +++ b/lib/gitlab/asciidoc.rb @@ -6,8 +6,6 @@ module Gitlab    # Parser/renderer for the AsciiDoc format that uses Asciidoctor and filters    # the resulting HTML through HTML pipeline filters.    module Asciidoc -    extend Gitlab::CurrentSettings -      DEFAULT_ADOC_ATTRS = [        'showtitle', 'idprefix=user-content-', 'idseparator=-', 'env=gitlab',        'env-gitlab', 'source-highlighter=html-pipeline', 'icons=font' @@ -33,9 +31,9 @@ module Gitlab      def self.plantuml_setup        Asciidoctor::PlantUml.configure do |conf| -        conf.url = current_application_settings.plantuml_url -        conf.svg_enable = current_application_settings.plantuml_enabled -        conf.png_enable = current_application_settings.plantuml_enabled +        conf.url = Gitlab::CurrentSettings.plantuml_url +        conf.svg_enable = Gitlab::CurrentSettings.plantuml_enabled +        conf.png_enable = Gitlab::CurrentSettings.plantuml_enabled          conf.txt_enable = false        end      end diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 65d7fd3ec70..05932378173 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -14,8 +14,6 @@ module Gitlab      DEFAULT_SCOPES = [:api].freeze      class << self -      include Gitlab::CurrentSettings -        def find_for_git_client(login, password, project:, ip:)          raise "Must provide an IP for rate limiting" if ip.nil? @@ -57,7 +55,7 @@ module Gitlab            if user.nil? || user.ldap_user?              # Second chance - try LDAP authentication              Gitlab::LDAP::Authentication.login(login, password) -          elsif current_application_settings.password_authentication_enabled_for_git? +          elsif Gitlab::CurrentSettings.password_authentication_enabled_for_git?              user if user.active? && user.valid_password?(password)            end          end @@ -87,7 +85,7 @@ module Gitlab        private        def authenticate_using_internal_or_ldap_password? -        current_application_settings.password_authentication_enabled_for_git? || Gitlab::LDAP::Config.enabled? +        Gitlab::CurrentSettings.password_authentication_enabled_for_git? || Gitlab::LDAP::Config.enabled?        end        def service_request_check(login, password, project) diff --git a/lib/gitlab/badge/coverage/report.rb b/lib/gitlab/badge/coverage/report.rb index 9a0482306b7..778d78185ff 100644 --- a/lib/gitlab/badge/coverage/report.rb +++ b/lib/gitlab/badge/coverage/report.rb @@ -23,7 +23,7 @@ module Gitlab            @coverage ||= raw_coverage            return unless @coverage -          @coverage.to_i +          @coverage.to_f.round(2)          end          def metadata diff --git a/lib/gitlab/badge/coverage/template.rb b/lib/gitlab/badge/coverage/template.rb index fcecb1d9665..afbf9dd17e3 100644 --- a/lib/gitlab/badge/coverage/template.rb +++ b/lib/gitlab/badge/coverage/template.rb @@ -25,7 +25,7 @@ module Gitlab          end          def value_text -          @status ? "#{@status}%" : 'unknown' +          @status ? ("%.2f%%" % @status) : 'unknown'          end          def key_width @@ -33,7 +33,7 @@ module Gitlab          end          def value_width -          @status ? 36 : 58 +          @status ? 54 : 58          end          def value_color diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb index 945d70e7a24..d75e73dac10 100644 --- a/lib/gitlab/checks/change_access.rb +++ b/lib/gitlab/checks/change_access.rb @@ -31,13 +31,14 @@ module Gitlab          @protocol = protocol        end -      def exec +      def exec(skip_commits_check: false)          return true if skip_authorization          push_checks          branch_checks          tag_checks          lfs_objects_exist_check +        commits_check unless skip_commits_check          true        end @@ -117,6 +118,24 @@ module Gitlab          end        end +      def commits_check +        return if deletion? || newrev.nil? + +        # n+1: https://gitlab.com/gitlab-org/gitlab-ee/issues/3593 +        ::Gitlab::GitalyClient.allow_n_plus_1_calls do +          commits.each do |commit| +            commit_check.validate(commit, validations_for_commit(commit)) +          end +        end + +        commit_check.validate_file_paths +      end + +      # Method overwritten in EE to inject custom validations +      def validations_for_commit(_) +        [] +      end +        private        def updated_from_web? @@ -150,6 +169,14 @@ module Gitlab            raise GitAccess::UnauthorizedError, ERROR_MESSAGES[:lfs_objects_missing]          end        end + +      def commit_check +        @commit_check ||= Gitlab::Checks::CommitCheck.new(project, user_access.user, newrev, oldrev) +      end + +      def commits +        project.repository.new_commits(newrev) +      end      end    end  end diff --git a/lib/gitlab/checks/commit_check.rb b/lib/gitlab/checks/commit_check.rb new file mode 100644 index 00000000000..ae0cd142378 --- /dev/null +++ b/lib/gitlab/checks/commit_check.rb @@ -0,0 +1,61 @@ +module Gitlab +  module Checks +    class CommitCheck +      include Gitlab::Utils::StrongMemoize + +      attr_reader :project, :user, :newrev, :oldrev + +      def initialize(project, user, newrev, oldrev) +        @project = project +        @user = user +        @newrev = user +        @oldrev = user +        @file_paths = [] +      end + +      def validate(commit, validations) +        return if validations.empty? && path_validations.empty? + +        commit.raw_deltas.each do |diff| +          @file_paths << (diff.new_path || diff.old_path) + +          validations.each do |validation| +            if error = validation.call(diff) +              raise ::Gitlab::GitAccess::UnauthorizedError, error +            end +          end +        end +      end + +      def validate_file_paths +        path_validations.each do |validation| +          if error = validation.call(@file_paths) +            raise ::Gitlab::GitAccess::UnauthorizedError, error +          end +        end +      end + +      private + +      def validate_lfs_file_locks? +        strong_memoize(:validate_lfs_file_locks) do +          project.lfs_enabled? && project.lfs_file_locks.any? && newrev && oldrev +        end +      end + +      def lfs_file_locks_validation +        lambda do |paths| +          lfs_lock = project.lfs_file_locks.where(path: paths).where.not(user_id: user.id).first + +          if lfs_lock +            return "The path '#{lfs_lock.path}' is locked in Git LFS by #{lfs_lock.user.name}" +          end +        end +      end + +      def path_validations +        validate_lfs_file_locks? ? [lfs_file_locks_validation] : [] +      end +    end +  end +end diff --git a/lib/gitlab/checks/force_push.rb b/lib/gitlab/checks/force_push.rb index dc5d285ea65..c9c3050cfc2 100644 --- a/lib/gitlab/checks/force_push.rb +++ b/lib/gitlab/checks/force_push.rb @@ -15,8 +15,8 @@ module Gitlab                .ancestor?(oldrev, newrev)            else              Gitlab::Git::RevList.new( -              path_to_repo: project.repository.path_to_repo, -              oldrev: oldrev, newrev: newrev).missed_ref.present? +              project.repository.raw, oldrev: oldrev, newrev: newrev +            ).missed_ref.present?            end          end        end diff --git a/lib/gitlab/checks/post_push_message.rb b/lib/gitlab/checks/post_push_message.rb new file mode 100644 index 00000000000..473c0385b34 --- /dev/null +++ b/lib/gitlab/checks/post_push_message.rb @@ -0,0 +1,46 @@ +module Gitlab +  module Checks +    class PostPushMessage +      def initialize(project, user, protocol) +        @project = project +        @user = user +        @protocol = protocol +      end + +      def self.fetch_message(user_id, project_id) +        key = message_key(user_id, project_id) + +        Gitlab::Redis::SharedState.with do |redis| +          message = redis.get(key) +          redis.del(key) +          message +        end +      end + +      def add_message +        return unless user.present? && project.present? + +        Gitlab::Redis::SharedState.with do |redis| +          key = self.class.message_key(user.id, project.id) +          redis.setex(key, 5.minutes, message) +        end +      end + +      def message +        raise NotImplementedError +      end + +      protected + +      attr_reader :project, :user, :protocol + +      def self.message_key(user_id, project_id) +        raise NotImplementedError +      end + +      def url_to_repo +        protocol == 'ssh' ? project.ssh_url_to_repo : project.http_url_to_repo +      end +    end +  end +end diff --git a/lib/gitlab/checks/project_created.rb b/lib/gitlab/checks/project_created.rb new file mode 100644 index 00000000000..cec270d6a58 --- /dev/null +++ b/lib/gitlab/checks/project_created.rb @@ -0,0 +1,31 @@ +module Gitlab +  module Checks +    class ProjectCreated < PostPushMessage +      PROJECT_CREATED = "project_created".freeze + +      def message +        <<~MESSAGE + +        The private project #{project.full_path} was successfully created. + +        To configure the remote, run: +          git remote add origin #{url_to_repo} + +        To view the project, visit: +          #{project_url} + +        MESSAGE +      end + +      private + +      def self.message_key(user_id, project_id) +        "#{PROJECT_CREATED}:#{user_id}:#{project_id}" +      end + +      def project_url +        Gitlab::Routing.url_helpers.project_url(project) +      end +    end +  end +end diff --git a/lib/gitlab/checks/project_moved.rb b/lib/gitlab/checks/project_moved.rb index dfb2f4d4054..3263790a876 100644 --- a/lib/gitlab/checks/project_moved.rb +++ b/lib/gitlab/checks/project_moved.rb @@ -1,38 +1,16 @@  module Gitlab    module Checks -    class ProjectMoved +    class ProjectMoved < PostPushMessage        REDIRECT_NAMESPACE = "redirect_namespace".freeze -      def initialize(project, user, redirected_path, protocol) -        @project = project -        @user = user +      def initialize(project, user, protocol, redirected_path)          @redirected_path = redirected_path -        @protocol = protocol -      end - -      def self.fetch_redirect_message(user_id, project_id) -        redirect_key = redirect_message_key(user_id, project_id) -        Gitlab::Redis::SharedState.with do |redis| -          message = redis.get(redirect_key) -          redis.del(redirect_key) -          message -        end -      end - -      def add_redirect_message -        # Don't bother with sending a redirect message for anonymous clones -        # because they never see it via the `/internal/post_receive` endpoint -        return unless user.present? && project.present? - -        Gitlab::Redis::SharedState.with do |redis| -          key = self.class.redirect_message_key(user.id, project.id) -          redis.setex(key, 5.minutes, redirect_message) -        end +        super(project, user, protocol)        end -      def redirect_message(rejected: false) -        <<~MESSAGE.strip_heredoc +      def message(rejected: false) +        <<~MESSAGE          Project '#{redirected_path}' was moved to '#{project.full_path}'.          Please update your Git remote: @@ -47,17 +25,17 @@ module Gitlab        private -      attr_reader :project, :redirected_path, :protocol, :user +      attr_reader :redirected_path -      def self.redirect_message_key(user_id, project_id) +      def self.message_key(user_id, project_id)          "#{REDIRECT_NAMESPACE}:#{user_id}:#{project_id}"        end        def remote_url_message(rejected)          if rejected -          "git remote set-url origin #{url} and try again." +          "git remote set-url origin #{url_to_repo} and try again."          else -          "git remote set-url origin #{url}" +          "git remote set-url origin #{url_to_repo}"          end        end diff --git a/lib/gitlab/ci/config/loader.rb b/lib/gitlab/ci/config/loader.rb index e7d9f6a7761..141d2714cb6 100644 --- a/lib/gitlab/ci/config/loader.rb +++ b/lib/gitlab/ci/config/loader.rb @@ -6,6 +6,8 @@ module Gitlab          def initialize(config)            @config = YAML.safe_load(config, [Symbol], [], true) +        rescue Psych::Exception => e +          raise FormatError, e.message          end          def valid? diff --git a/lib/gitlab/ci/yaml_processor.rb b/lib/gitlab/ci/yaml_processor.rb index 0bd78b03448..a7285ac8f9d 100644 --- a/lib/gitlab/ci/yaml_processor.rb +++ b/lib/gitlab/ci/yaml_processor.rb @@ -85,7 +85,7 @@ module Gitlab          begin            Gitlab::Ci::YamlProcessor.new(content)            nil -        rescue ValidationError, Psych::SyntaxError => e +        rescue ValidationError => e            e.message          end        end diff --git a/lib/gitlab/current_settings.rb b/lib/gitlab/current_settings.rb index 91fd9cc7631..b7c596a973d 100644 --- a/lib/gitlab/current_settings.rb +++ b/lib/gitlab/current_settings.rb @@ -1,73 +1,79 @@  module Gitlab    module CurrentSettings -    extend self +    class << self +      def current_application_settings +        if RequestStore.active? +          RequestStore.fetch(:current_application_settings) { ensure_application_settings! } +        else +          ensure_application_settings! +        end +      end -    def current_application_settings -      if RequestStore.active? -        RequestStore.fetch(:current_application_settings) { ensure_application_settings! } -      else -        ensure_application_settings! +      def fake_application_settings(defaults = ::ApplicationSetting.defaults) +        Gitlab::FakeApplicationSettings.new(defaults)        end -    end -    delegate :sidekiq_throttling_enabled?, to: :current_application_settings +      def method_missing(name, *args, &block) +        current_application_settings.send(name, *args, &block) # rubocop:disable GitlabSecurity/PublicSend +      end -    def fake_application_settings(defaults = ::ApplicationSetting.defaults) -      FakeApplicationSettings.new(defaults) -    end +      def respond_to_missing?(name, include_private = false) +        current_application_settings.respond_to?(name, include_private) || super +      end -    private +      private -    def ensure_application_settings! -      return in_memory_application_settings if ENV['IN_MEMORY_APPLICATION_SETTINGS'] == 'true' +      def ensure_application_settings! +        return in_memory_application_settings if ENV['IN_MEMORY_APPLICATION_SETTINGS'] == 'true' -      cached_application_settings || uncached_application_settings -    end +        cached_application_settings || uncached_application_settings +      end -    def cached_application_settings -      begin -        ::ApplicationSetting.cached -      rescue ::Redis::BaseError, ::Errno::ENOENT, ::Errno::EADDRNOTAVAIL -        # In case Redis isn't running or the Redis UNIX socket file is not available +      def cached_application_settings +        begin +          ::ApplicationSetting.cached +        rescue ::Redis::BaseError, ::Errno::ENOENT, ::Errno::EADDRNOTAVAIL +          # In case Redis isn't running or the Redis UNIX socket file is not available +        end        end -    end -    def uncached_application_settings -      return fake_application_settings unless connect_to_db? +      def uncached_application_settings +        return fake_application_settings unless connect_to_db? -      db_settings = ::ApplicationSetting.current +        db_settings = ::ApplicationSetting.current -      # If there are pending migrations, it's possible there are columns that -      # need to be added to the application settings. To prevent Rake tasks -      # and other callers from failing, use any loaded settings and return -      # defaults for missing columns. -      if ActiveRecord::Migrator.needs_migration? -        defaults = ::ApplicationSetting.defaults -        defaults.merge!(db_settings.attributes.symbolize_keys) if db_settings.present? -        return fake_application_settings(defaults) -      end +        # If there are pending migrations, it's possible there are columns that +        # need to be added to the application settings. To prevent Rake tasks +        # and other callers from failing, use any loaded settings and return +        # defaults for missing columns. +        if ActiveRecord::Migrator.needs_migration? +          defaults = ::ApplicationSetting.defaults +          defaults.merge!(db_settings.attributes.symbolize_keys) if db_settings.present? +          return fake_application_settings(defaults) +        end -      return db_settings if db_settings.present? +        return db_settings if db_settings.present? -      ::ApplicationSetting.create_from_defaults || in_memory_application_settings -    end +        ::ApplicationSetting.create_from_defaults || in_memory_application_settings +      end -    def in_memory_application_settings -      @in_memory_application_settings ||= ::ApplicationSetting.new(::ApplicationSetting.defaults) # rubocop:disable Gitlab/ModuleWithInstanceVariables -    rescue ActiveRecord::StatementInvalid, ActiveRecord::UnknownAttributeError -      # In case migrations the application_settings table is not created yet, -      # we fallback to a simple OpenStruct -      fake_application_settings -    end +      def in_memory_application_settings +        @in_memory_application_settings ||= ::ApplicationSetting.new(::ApplicationSetting.defaults) # rubocop:disable Gitlab/ModuleWithInstanceVariables +      rescue ActiveRecord::StatementInvalid, ActiveRecord::UnknownAttributeError +        # In case migrations the application_settings table is not created yet, +        # we fallback to a simple OpenStruct +        fake_application_settings +      end -    def connect_to_db? -      # When the DBMS is not available, an exception (e.g. PG::ConnectionBad) is raised -      active_db_connection = ActiveRecord::Base.connection.active? rescue false +      def connect_to_db? +        # When the DBMS is not available, an exception (e.g. PG::ConnectionBad) is raised +        active_db_connection = ActiveRecord::Base.connection.active? rescue false -      active_db_connection && -        ActiveRecord::Base.connection.table_exists?('application_settings') -    rescue ActiveRecord::NoDatabaseError -      false +        active_db_connection && +          ActiveRecord::Base.connection.table_exists?('application_settings') +      rescue ActiveRecord::NoDatabaseError +        false +      end      end    end  end diff --git a/lib/gitlab/gfm/uploads_rewriter.rb b/lib/gitlab/gfm/uploads_rewriter.rb index 3fdc3c27f73..1b74f735679 100644 --- a/lib/gitlab/gfm/uploads_rewriter.rb +++ b/lib/gitlab/gfm/uploads_rewriter.rb @@ -46,7 +46,7 @@ module Gitlab        private        def find_file(project, secret, file) -        uploader = FileUploader.new(project, secret) +        uploader = FileUploader.new(project, secret: secret)          uploader.retrieve_from_store!(file)          uploader.file        end diff --git a/lib/gitlab/git/blob.rb b/lib/gitlab/git/blob.rb index 4828301dbb9..b2fca2c16de 100644 --- a/lib/gitlab/git/blob.rb +++ b/lib/gitlab/git/blob.rb @@ -53,11 +53,7 @@ module Gitlab          def batch(repository, blob_references, blob_size_limit: MAX_DATA_DISPLAY_SIZE)            Gitlab::GitalyClient.migrate(:list_blobs_by_sha_path) do |is_enabled|              if is_enabled -              Gitlab::GitalyClient.allow_n_plus_1_calls do -                blob_references.map do |sha, path| -                  find_by_gitaly(repository, sha, path, limit: blob_size_limit) -                end -              end +              repository.gitaly_blob_client.get_blobs(blob_references, blob_size_limit).to_a              else                blob_references.map do |sha, path|                  find_by_rugged(repository, sha, path, limit: blob_size_limit) diff --git a/lib/gitlab/git/branch.rb b/lib/gitlab/git/branch.rb index 3487e099381..ae7e88f0503 100644 --- a/lib/gitlab/git/branch.rb +++ b/lib/gitlab/git/branch.rb @@ -1,5 +1,3 @@ -# Gitaly note: JV: no RPC's here. -  module Gitlab    module Git      class Branch < Ref diff --git a/lib/gitlab/git/commit.rb b/lib/gitlab/git/commit.rb index 768617e2cae..d95561fe1b2 100644 --- a/lib/gitlab/git/commit.rb +++ b/lib/gitlab/git/commit.rb @@ -402,15 +402,6 @@ module Gitlab          end        end -      # Get a collection of Rugged::Reference objects for this commit. -      # -      # Ex. -      #   commit.ref(repo) -      # -      def refs(repo) -        repo.refs_hash[id] -      end -        # Get ref names collection        #        # Ex. @@ -418,7 +409,7 @@ module Gitlab        #        def ref_names(repo)          refs(repo).map do |ref| -          ref.name.sub(%r{^refs/(heads|remotes|tags)/}, "") +          ref.sub(%r{^refs/(heads|remotes|tags)/}, "")          end        end @@ -553,6 +544,15 @@ module Gitlab            date: Google::Protobuf::Timestamp.new(seconds: author_or_committer[:time].to_i)          )        end + +      # Get a collection of Gitlab::Git::Ref objects for this commit. +      # +      # Ex. +      #   commit.ref(repo) +      # +      def refs(repo) +        repo.refs_hash[id] +      end      end    end  end diff --git a/lib/gitlab/git/hook.rb b/lib/gitlab/git/hook.rb index e29a1f7afa1..24f027d8da4 100644 --- a/lib/gitlab/git/hook.rb +++ b/lib/gitlab/git/hook.rb @@ -82,14 +82,20 @@ module Gitlab        end        def call_update_hook(gl_id, gl_username, oldrev, newrev, ref) -        Dir.chdir(repo_path) do -          env = { -            'GL_ID' => gl_id, -            'GL_USERNAME' => gl_username -          } -          stdout, stderr, status = Open3.capture3(env, path, ref, oldrev, newrev) -          [status.success?, (stderr.presence || stdout).gsub(/\R/, "<br>").html_safe] -        end +        env = { +          'GL_ID' => gl_id, +          'GL_USERNAME' => gl_username, +          'PWD' => repo_path +        } + +        options = { +          chdir: repo_path +        } + +        args = [ref, oldrev, newrev] + +        stdout, stderr, status = Open3.capture3(env, path, *args, options) +        [status.success?, (stderr.presence || stdout).gsub(/\R/, "<br>").html_safe]        end        def retrieve_error_message(stderr, stdout) diff --git a/lib/gitlab/git/lfs_changes.rb b/lib/gitlab/git/lfs_changes.rb index 732dd5d998a..48434047fce 100644 --- a/lib/gitlab/git/lfs_changes.rb +++ b/lib/gitlab/git/lfs_changes.rb @@ -25,8 +25,7 @@ module Gitlab        private        def rev_list -        ::Gitlab::Git::RevList.new(path_to_repo: @repository.path_to_repo, -                                   newrev: @newrev) +        Gitlab::Git::RevList.new(@repository, newrev: @newrev)        end      end    end diff --git a/lib/gitlab/git/lfs_pointer_file.rb b/lib/gitlab/git/lfs_pointer_file.rb new file mode 100644 index 00000000000..da12ed7d125 --- /dev/null +++ b/lib/gitlab/git/lfs_pointer_file.rb @@ -0,0 +1,25 @@ +module Gitlab +  module Git +    class LfsPointerFile +      def initialize(data) +        @data = data +      end + +      def pointer +        @pointer ||= <<~FILE +          version https://git-lfs.github.com/spec/v1 +          oid sha256:#{sha256} +          size #{size} +        FILE +      end + +      def size +        @size ||= @data.bytesize +      end + +      def sha256 +        @sha256 ||= Digest::SHA256.hexdigest(@data) +      end +    end +  end +end diff --git a/lib/gitlab/git/popen.rb b/lib/gitlab/git/popen.rb index e0bd2bbe47b..c1767046ff0 100644 --- a/lib/gitlab/git/popen.rb +++ b/lib/gitlab/git/popen.rb @@ -25,7 +25,7 @@ module Gitlab            stdin.close            if lazy_block -            return lazy_block.call(stdout.lazy) +            return [lazy_block.call(stdout.lazy), 0]            else              cmd_output << stdout.read            end diff --git a/lib/gitlab/git/repository.rb b/lib/gitlab/git/repository.rb index f28624ff37a..6761fb0937a 100644 --- a/lib/gitlab/git/repository.rb +++ b/lib/gitlab/git/repository.rb @@ -128,6 +128,10 @@ module Gitlab          raise NoRepository.new('no repository for such path')        end +      def cleanup +        @rugged&.close +      end +        def circuit_breaker          @circuit_breaker ||= Gitlab::Git::Storage::CircuitBreaker.for_storage(storage)        end @@ -627,21 +631,18 @@ module Gitlab          end        end -      # Get refs hash which key is SHA1 -      # and value is a Rugged::Reference +      # Get refs hash which key is is the commit id +      # and value is a Gitlab::Git::Tag or Gitlab::Git::Branch +      # Note that both inherit from Gitlab::Git::Ref        def refs_hash -        # Initialize only when first call -        if @refs_hash.nil? -          @refs_hash = Hash.new { |h, k| h[k] = [] } - -          rugged.references.each do |r| -            # Symbolic/remote references may not have an OID; skip over them -            target_oid = r.target.try(:oid) -            if target_oid -              sha = rev_parse_target(target_oid).oid -              @refs_hash[sha] << r -            end -          end +        return @refs_hash if @refs_hash + +        @refs_hash = Hash.new { |h, k| h[k] = [] } + +        (tags + branches).each do |ref| +          next unless ref.target && ref.name + +          @refs_hash[ref.dereferenced_target.id] << ref.name          end          @refs_hash @@ -1222,33 +1223,13 @@ module Gitlab        end        def squash(user, squash_id, branch:, start_sha:, end_sha:, author:, message:) -        squash_path = worktree_path(SQUASH_WORKTREE_PREFIX, squash_id) -        env = git_env_for_user(user).merge( -          'GIT_AUTHOR_NAME' => author.name, -          'GIT_AUTHOR_EMAIL' => author.email -        ) -        diff_range = "#{start_sha}...#{end_sha}" -        diff_files = run_git!( -          %W(diff --name-only --diff-filter=a --binary #{diff_range}) -        ).chomp - -        with_worktree(squash_path, branch, sparse_checkout_files: diff_files, env: env) do -          # Apply diff of the `diff_range` to the worktree -          diff = run_git!(%W(diff --binary #{diff_range})) -          run_git!(%w(apply --index), chdir: squash_path, env: env) do |stdin| -            stdin.write(diff) +        gitaly_migrate(:squash) do |is_enabled| +          if is_enabled +            gitaly_operation_client.user_squash(user, squash_id, branch, +              start_sha, end_sha, author, message) +          else +            git_squash(user, squash_id, branch, start_sha, end_sha, author, message)            end - -          # Commit the `diff_range` diff -          run_git!(%W(commit --no-verify --message #{message}), chdir: squash_path, env: env) - -          # Return the squash sha. May print a warning for ambiguous refs, but -          # we can ignore that with `--quiet` and just take the SHA, if present. -          # HEAD here always refers to the current HEAD commit, even if there is -          # another ref called HEAD. -          run_git!( -            %w(rev-parse --quiet --verify HEAD), chdir: squash_path, env: env -          ).chomp          end        end @@ -1363,20 +1344,23 @@ module Gitlab          raise CommandError.new(e)        end -      def refs_contains_sha(ref_type, sha) -        args = %W(#{ref_type} --contains #{sha}) -        names = run_git(args).first - -        if names.respond_to?(:split) -          names = names.split("\n").map(&:strip) - -          names.each do |name| -            name.slice! '* ' +      def branch_names_contains_sha(sha) +        gitaly_migrate(:branch_names_contains_sha) do |is_enabled| +          if is_enabled +            gitaly_ref_client.branch_names_contains_sha(sha) +          else +            refs_contains_sha(:branch, sha)            end +        end +      end -          names -        else -          [] +      def tag_names_contains_sha(sha) +        gitaly_migrate(:tag_names_contains_sha) do |is_enabled| +          if is_enabled +            gitaly_ref_client.tag_names_contains_sha(sha) +          else +            refs_contains_sha(:tag, sha) +          end          end        end @@ -1444,6 +1428,26 @@ module Gitlab          end        end +      def rev_list(including: [], excluding: [], objects: false, &block) +        args = ['rev-list'] + +        args.push(*rev_list_param(including)) + +        exclude_param = *rev_list_param(excluding) +        if exclude_param.any? +          args.push('--not') +          args.push(*exclude_param) +        end + +        args.push('--objects') if objects + +        run_git!(args, lazy_block: block) +      end + +      def missed_ref(oldrev, newrev) +        run_git!(['rev-list', '--max-count=1', oldrev, "^#{newrev}"]) +      end +        private        def local_write_ref(ref_path, ref, old_ref: nil, shell: true) @@ -1454,6 +1458,21 @@ module Gitlab          end        end +      def refs_contains_sha(ref_type, sha) +        args = %W(#{ref_type} --contains #{sha}) +        names = run_git(args).first + +        return [] unless names.respond_to?(:split) + +        names = names.split("\n").map(&:strip) + +        names.each do |name| +          name.slice! '* ' +        end + +        names +      end +        def rugged_write_config(full_path:)          rugged.config['gitlab.fullpath'] = full_path        end @@ -1477,7 +1496,7 @@ module Gitlab          Rails.logger.error "Unable to create #{ref_path} reference for repository #{path}: #{ex}"        end -      def run_git(args, chdir: path, env: {}, nice: false, &block) +      def run_git(args, chdir: path, env: {}, nice: false, lazy_block: nil, &block)          cmd = [Gitlab.config.git.bin_path, *args]          cmd.unshift("nice") if nice @@ -1487,12 +1506,12 @@ module Gitlab          end          circuit_breaker.perform do -          popen(cmd, chdir, env, &block) +          popen(cmd, chdir, env, lazy_block: lazy_block, &block)          end        end -      def run_git!(args, chdir: path, env: {}, nice: false, &block) -        output, status = run_git(args, chdir: chdir, env: env, nice: nice, &block) +      def run_git!(args, chdir: path, env: {}, nice: false, lazy_block: nil, &block) +        output, status = run_git(args, chdir: chdir, env: env, nice: nice, lazy_block: lazy_block, &block)          raise GitError, output unless status.zero? @@ -2164,6 +2183,37 @@ module Gitlab          end        end +      def git_squash(user, squash_id, branch, start_sha, end_sha, author, message) +        squash_path = worktree_path(SQUASH_WORKTREE_PREFIX, squash_id) +        env = git_env_for_user(user).merge( +          'GIT_AUTHOR_NAME' => author.name, +          'GIT_AUTHOR_EMAIL' => author.email +        ) +        diff_range = "#{start_sha}...#{end_sha}" +        diff_files = run_git!( +          %W(diff --name-only --diff-filter=a --binary #{diff_range}) +        ).chomp + +        with_worktree(squash_path, branch, sparse_checkout_files: diff_files, env: env) do +          # Apply diff of the `diff_range` to the worktree +          diff = run_git!(%W(diff --binary #{diff_range})) +          run_git!(%w(apply --index), chdir: squash_path, env: env) do |stdin| +            stdin.write(diff) +          end + +          # Commit the `diff_range` diff +          run_git!(%W(commit --no-verify --message #{message}), chdir: squash_path, env: env) + +          # Return the squash sha. May print a warning for ambiguous refs, but +          # we can ignore that with `--quiet` and just take the SHA, if present. +          # HEAD here always refers to the current HEAD commit, even if there is +          # another ref called HEAD. +          run_git!( +            %w(rev-parse --quiet --verify HEAD), chdir: squash_path, env: env +          ).chomp +        end +      end +        def local_fetch_ref(source_path, source_ref:, target_ref:)          args = %W(fetch --no-tags -f #{source_path} #{source_ref}:#{target_ref})          run_git(args) @@ -2343,6 +2393,10 @@ module Gitlab        rescue Rugged::ReferenceError          0        end + +      def rev_list_param(spec) +        spec == :all ? ['--all'] : spec +      end      end    end  end diff --git a/lib/gitlab/git/rev_list.rb b/lib/gitlab/git/rev_list.rb index f8b2e7e0e21..38c3a55f96f 100644 --- a/lib/gitlab/git/rev_list.rb +++ b/lib/gitlab/git/rev_list.rb @@ -5,17 +5,17 @@ module Gitlab      class RevList        include Gitlab::Git::Popen -      attr_reader :oldrev, :newrev, :path_to_repo +      attr_reader :oldrev, :newrev, :repository -      def initialize(path_to_repo:, newrev:, oldrev: nil) +      def initialize(repository, newrev:, oldrev: nil)          @oldrev = oldrev          @newrev = newrev -        @path_to_repo = path_to_repo +        @repository = repository        end        # This method returns an array of new commit references        def new_refs -        execute([*base_args, newrev, '--not', '--all']) +        repository.rev_list(including: newrev, excluding: :all).split("\n")        end        # Finds newly added objects @@ -28,66 +28,39 @@ module Gitlab        # When given a block it will yield objects as a lazy enumerator so        # the caller can limit work done instead of processing megabytes of data        def new_objects(require_path: nil, not_in: nil, &lazy_block) -        args = [*base_args, newrev, *not_in_refs(not_in), '--objects'] +        opts = { +          including: newrev, +          excluding: not_in.nil? ? :all : not_in, +          require_path: require_path +        } -        get_objects(args, require_path: require_path, &lazy_block) +        get_objects(opts, &lazy_block)        end        def all_objects(require_path: nil, &lazy_block) -        args = [*base_args, '--all', '--objects'] - -        get_objects(args, require_path: require_path, &lazy_block) +        get_objects(including: :all, require_path: require_path, &lazy_block)        end        # This methods returns an array of missed references        #        # Should become obsolete after https://gitlab.com/gitlab-org/gitaly/issues/348.        def missed_ref -        execute([*base_args, '--max-count=1', oldrev, "^#{newrev}"]) +        repository.missed_ref(oldrev, newrev).split("\n")        end        private -      def not_in_refs(references) -        return ['--not', '--all'] unless references -        return [] if references.empty? - -        references.prepend('--not') -      end -        def execute(args) -        output, status = popen(args, nil, Gitlab::Git::Env.to_env_hash) - -        unless status.zero? -          raise "Got a non-zero exit code while calling out `#{args.join(' ')}`: #{output}" -        end - -        output.split("\n") -      end - -      def lazy_execute(args, &lazy_block) -        popen(args, nil, Gitlab::Git::Env.to_env_hash, lazy_block: lazy_block) -      end - -      def base_args -        [ -          Gitlab.config.git.bin_path, -          "--git-dir=#{path_to_repo}", -          'rev-list' -        ] +        repository.rev_list(args).split("\n")        end -      def get_objects(args, require_path: nil) -        if block_given? -          lazy_execute(args) do |lazy_output| -            objects = objects_from_output(lazy_output, require_path: require_path) +      def get_objects(including: [], excluding: [], require_path: nil) +        opts = { including: including, excluding: excluding, objects: true } -            yield(objects) -          end -        else -          object_output = execute(args) +        repository.rev_list(opts) do |lazy_output| +          objects = objects_from_output(lazy_output, require_path: require_path) -          objects_from_output(object_output, require_path: require_path) +          yield(objects)          end        end diff --git a/lib/gitlab/git/tag.rb b/lib/gitlab/git/tag.rb index bc4e160dce9..8a8f7b051ed 100644 --- a/lib/gitlab/git/tag.rb +++ b/lib/gitlab/git/tag.rb @@ -1,5 +1,3 @@ -# Gitaly note: JV: no RPC's here. -#  module Gitlab    module Git      class Tag < Ref diff --git a/lib/gitlab/git/wiki.rb b/lib/gitlab/git/wiki.rb index ccdb8975342..ac12271a87e 100644 --- a/lib/gitlab/git/wiki.rb +++ b/lib/gitlab/git/wiki.rb @@ -68,8 +68,9 @@ module Gitlab          end        end +      # Disable because of https://gitlab.com/gitlab-org/gitlab-ce/issues/42039        def page(title:, version: nil, dir: nil) -        @repository.gitaly_migrate(:wiki_find_page) do |is_enabled| +        @repository.gitaly_migrate(:wiki_find_page, status: Gitlab::GitalyClient::MigrationStatus::DISABLED) do |is_enabled|            if is_enabled              gitaly_find_page(title: title, version: version, dir: dir)            else @@ -93,11 +94,23 @@ module Gitlab        #  :per_page - The number of items per page.        #  :limit    - Total number of items to return.        def page_versions(page_path, options = {}) -        current_page = gollum_page_by_path(page_path) +        @repository.gitaly_migrate(:wiki_page_versions) do |is_enabled| +          if is_enabled +            versions = gitaly_wiki_client.page_versions(page_path, options) + +            # Gitaly uses gollum-lib to get the versions. Gollum defaults to 20 +            # per page, but also fetches 20 if `limit` or `per_page` < 20. +            # Slicing returns an array with the expected number of items. +            slice_bound = options[:limit] || options[:per_page] || Gollum::Page.per_page +            versions[0..slice_bound] +          else +            current_page = gollum_page_by_path(page_path) -        commits_from_page(current_page, options).map do |gitlab_git_commit| -          gollum_page = gollum_wiki.page(current_page.title, gitlab_git_commit.id) -          Gitlab::Git::WikiPageVersion.new(gitlab_git_commit, gollum_page&.format) +            commits_from_page(current_page, options).map do |gitlab_git_commit| +              gollum_page = gollum_wiki.page(current_page.title, gitlab_git_commit.id) +              Gitlab::Git::WikiPageVersion.new(gitlab_git_commit, gollum_page&.format) +            end +          end          end        end @@ -192,7 +205,10 @@ module Gitlab          assert_type!(format, Symbol)          assert_type!(commit_details, CommitDetails) -        gollum_wiki.write_page(name, format, content, commit_details.to_h) +        filename = File.basename(name) +        dir = (tmp_dir = File.dirname(name)) == '.' ? '' : tmp_dir + +        gollum_wiki.write_page(filename, format, content, commit_details.to_h, dir)          nil        rescue Gollum::DuplicatePageError => e @@ -210,7 +226,15 @@ module Gitlab          assert_type!(format, Symbol)          assert_type!(commit_details, CommitDetails) -        gollum_wiki.update_page(gollum_page_by_path(page_path), title, format, content, commit_details.to_h) +        page = gollum_page_by_path(page_path) +        committer = Gollum::Committer.new(page.wiki, commit_details.to_h) + +        # Instead of performing two renames if the title has changed, +        # the update_page will only update the format and content and +        # the rename_page will do anything related to moving/renaming +        gollum_wiki.update_page(page, page.name, format, content, committer: committer) +        gollum_wiki.rename_page(page, title, committer: committer) +        committer.commit          nil        end diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 56f6febe86d..8ec3386184a 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -2,15 +2,19 @@  # class return an instance of `GitlabAccessStatus`  module Gitlab    class GitAccess +    include Gitlab::Utils::StrongMemoize +      UnauthorizedError = Class.new(StandardError)      NotFoundError = Class.new(StandardError) +    ProjectCreationError = Class.new(StandardError)      ProjectMovedError = Class.new(NotFoundError)      ERROR_MESSAGES = {        upload: 'You are not allowed to upload code for this project.',        download: 'You are not allowed to download code from this project.', -      deploy_key_upload: -        'This deploy key does not have write access to this project.', +      auth_upload: 'You are not allowed to upload code.', +      auth_download: 'You are not allowed to download code.', +      deploy_key_upload: 'This deploy key does not have write access to this project.',        no_repo: 'A repository for this project does not exist yet.',        project_not_found: 'The project you were looking for could not be found.',        account_blocked: 'Your account has been blocked.', @@ -25,24 +29,31 @@ module Gitlab      PUSH_COMMANDS = %w{ git-receive-pack }.freeze      ALL_COMMANDS = DOWNLOAD_COMMANDS + PUSH_COMMANDS -    attr_reader :actor, :project, :protocol, :authentication_abilities, :redirected_path +    attr_reader :actor, :project, :protocol, :authentication_abilities, :namespace_path, :project_path, :redirected_path -    def initialize(actor, project, protocol, authentication_abilities:, redirected_path: nil) +    def initialize(actor, project, protocol, authentication_abilities:, namespace_path: nil, project_path: nil, redirected_path: nil)        @actor    = actor        @project  = project        @protocol = protocol -      @redirected_path = redirected_path        @authentication_abilities = authentication_abilities +      @namespace_path = namespace_path +      @project_path = project_path +      @redirected_path = redirected_path      end      def check(cmd, changes)        check_protocol!        check_valid_actor!        check_active_user! -      check_project_accessibility! -      check_project_moved! +      check_authentication_abilities!(cmd)        check_command_disabled!(cmd)        check_command_existence!(cmd) +      check_db_accessibility!(cmd) + +      ensure_project_on_push!(cmd, changes) + +      check_project_accessibility! +      check_project_moved!        check_repository_existence!        case cmd @@ -95,6 +106,19 @@ module Gitlab        end      end +    def check_authentication_abilities!(cmd) +      case cmd +      when *DOWNLOAD_COMMANDS +        unless authentication_abilities.include?(:download_code) || authentication_abilities.include?(:build_download_code) +          raise UnauthorizedError, ERROR_MESSAGES[:auth_download] +        end +      when *PUSH_COMMANDS +        unless authentication_abilities.include?(:push_code) +          raise UnauthorizedError, ERROR_MESSAGES[:auth_upload] +        end +      end +    end +      def check_project_accessibility!        if project.blank? || !can_read_project?          raise NotFoundError, ERROR_MESSAGES[:project_not_found] @@ -104,12 +128,12 @@ module Gitlab      def check_project_moved!        return if redirected_path.nil? -      project_moved = Checks::ProjectMoved.new(project, user, redirected_path, protocol) +      project_moved = Checks::ProjectMoved.new(project, user, protocol, redirected_path)        if project_moved.permanent_redirect? -        project_moved.add_redirect_message +        project_moved.add_message        else -        raise ProjectMovedError, project_moved.redirect_message(rejected: true) +        raise ProjectMovedError, project_moved.message(rejected: true)        end      end @@ -139,6 +163,40 @@ module Gitlab        end      end +    def check_db_accessibility!(cmd) +      return unless receive_pack?(cmd) + +      if Gitlab::Database.read_only? +        raise UnauthorizedError, push_to_read_only_message +      end +    end + +    def ensure_project_on_push!(cmd, changes) +      return if project || deploy_key? +      return unless receive_pack?(cmd) && changes == '_any' && authentication_abilities.include?(:push_code) + +      namespace = Namespace.find_by_full_path(namespace_path) + +      return unless user&.can?(:create_projects, namespace) + +      project_params = { +        path: project_path, +        namespace_id: namespace.id, +        visibility_level: Gitlab::VisibilityLevel::PRIVATE +      } + +      project = Projects::CreateService.new(user, project_params).execute + +      unless project.saved? +        raise ProjectCreationError, "Could not create project: #{project.errors.full_messages.join(', ')}" +      end + +      @project = project +      user_access.project = @project + +      Checks::ProjectCreated.new(project, user, protocol).add_message +    end +      def check_repository_existence!        unless project.repository.exists?          raise UnauthorizedError, ERROR_MESSAGES[:no_repo] @@ -146,9 +204,8 @@ module Gitlab      end      def check_download_access! -      return if deploy_key? - -      passed = user_can_download_code? || +      passed = deploy_key? || +        user_can_download_code? ||          build_can_download_code? ||          guest_can_download_code? @@ -162,35 +219,21 @@ module Gitlab          raise UnauthorizedError, ERROR_MESSAGES[:read_only]        end -      if Gitlab::Database.read_only? -        raise UnauthorizedError, push_to_read_only_message -      end -        if deploy_key -        check_deploy_key_push_access! +        unless deploy_key.can_push_to?(project) +          raise UnauthorizedError, ERROR_MESSAGES[:deploy_key_upload] +        end        elsif user -        check_user_push_access! +        # User access is verified in check_change_access!        else          raise UnauthorizedError, ERROR_MESSAGES[:upload]        end -      return if changes.blank? # Allow access. +      return if changes.blank? # Allow access this is needed for EE.        check_change_access!(changes)      end -    def check_user_push_access! -      unless authentication_abilities.include?(:push_code) -        raise UnauthorizedError, ERROR_MESSAGES[:upload] -      end -    end - -    def check_deploy_key_push_access! -      unless deploy_key.can_push_to?(project) -        raise UnauthorizedError, ERROR_MESSAGES[:deploy_key_upload] -      end -    end -      def check_change_access!(changes)        changes_list = Gitlab::ChangesList.new(changes) diff --git a/lib/gitlab/gitaly_client/blob_service.rb b/lib/gitlab/gitaly_client/blob_service.rb index d70a1a7665e..dfa0fa43b0f 100644 --- a/lib/gitlab/gitaly_client/blob_service.rb +++ b/lib/gitlab/gitaly_client/blob_service.rb @@ -1,6 +1,8 @@  module Gitlab    module GitalyClient      class BlobService +      include Gitlab::EncodingHelper +        def initialize(repository)          @gitaly_repo = repository.gitaly_repository        end @@ -54,6 +56,30 @@ module Gitlab            end          end        end + +      def get_blobs(revision_paths, limit = -1) +        return [] if revision_paths.empty? + +        revision_paths.map! do |rev, path| +          Gitaly::GetBlobsRequest::RevisionPath.new(revision: rev, path: encode_binary(path)) +        end + +        request = Gitaly::GetBlobsRequest.new( +          repository: @gitaly_repo, +          revision_paths: revision_paths, +          limit: limit +        ) + +        response = GitalyClient.call( +          @gitaly_repo.storage_name, +          :blob_service, +          :get_blobs, +          request, +          timeout: GitalyClient.default_timeout +        ) + +        GitalyClient::BlobsStitcher.new(response) +      end      end    end  end diff --git a/lib/gitlab/gitaly_client/blobs_stitcher.rb b/lib/gitlab/gitaly_client/blobs_stitcher.rb new file mode 100644 index 00000000000..5ca592ff812 --- /dev/null +++ b/lib/gitlab/gitaly_client/blobs_stitcher.rb @@ -0,0 +1,47 @@ +module Gitlab +  module GitalyClient +    class BlobsStitcher +      include Enumerable + +      def initialize(rpc_response) +        @rpc_response = rpc_response +      end + +      def each +        current_blob_data = nil + +        @rpc_response.each do |msg| +          begin +            if msg.oid.blank? && msg.data.blank? +              next +            elsif msg.oid.present? +              yield new_blob(current_blob_data) if current_blob_data + +              current_blob_data = msg.to_h.slice(:oid, :path, :size, :revision, :mode) +              current_blob_data[:data] = msg.data.dup +            else +              current_blob_data[:data] << msg.data +            end +          end +        end + +        yield new_blob(current_blob_data) if current_blob_data +      end + +      private + +      def new_blob(blob_data) +        Gitlab::Git::Blob.new( +          id: blob_data[:oid], +          mode: blob_data[:mode].to_s(8), +          name: File.basename(blob_data[:path]), +          path: blob_data[:path], +          size: blob_data[:size], +          commit_id: blob_data[:revision], +          data: blob_data[:data], +          binary: Gitlab::Git::Blob.binary?(blob_data[:data]) +        ) +      end +    end +  end +end diff --git a/lib/gitlab/gitaly_client/commit_service.rb b/lib/gitlab/gitaly_client/commit_service.rb index 5767f06b0ce..269a048cf5d 100644 --- a/lib/gitlab/gitaly_client/commit_service.rb +++ b/lib/gitlab/gitaly_client/commit_service.rb @@ -222,14 +222,25 @@ module Gitlab        end        def find_commit(revision) -        request = Gitaly::FindCommitRequest.new( -          repository: @gitaly_repo, -          revision: encode_binary(revision) -        ) - -        response = GitalyClient.call(@repository.storage, :commit_service, :find_commit, request, timeout: GitalyClient.medium_timeout) - -        response.commit +        if RequestStore.active? +          # We don't use RequeStstore.fetch(key) { ... } directly because `revision` +          # can be a branch name, so we can't use it as a key as it could point +          # to another commit later on (happens a lot in tests). +          key = { +            storage: @gitaly_repo.storage_name, +            relative_path: @gitaly_repo.relative_path, +            commit_id: revision +          } +          return RequestStore[key] if RequestStore.exist?(key) + +          commit = call_find_commit(revision) +          return unless commit + +          key[:commit_id] = commit.id +          RequestStore[key] = commit +        else +          call_find_commit(revision) +        end        end        def patch(revision) @@ -346,6 +357,17 @@ module Gitlab        def encode_repeated(a)          Google::Protobuf::RepeatedField.new(:bytes, a.map { |s| encode_binary(s) } )        end + +      def call_find_commit(revision) +        request = Gitaly::FindCommitRequest.new( +          repository: @gitaly_repo, +          revision: encode_binary(revision) +        ) + +        response = GitalyClient.call(@repository.storage, :commit_service, :find_commit, request, timeout: GitalyClient.medium_timeout) + +        response.commit +      end      end    end  end diff --git a/lib/gitlab/gitaly_client/operation_service.rb b/lib/gitlab/gitaly_client/operation_service.rb index cd2734b5a07..831cfd1e014 100644 --- a/lib/gitlab/gitaly_client/operation_service.rb +++ b/lib/gitlab/gitaly_client/operation_service.rb @@ -183,6 +183,32 @@ module Gitlab          end        end +      def user_squash(user, squash_id, branch, start_sha, end_sha, author, message) +        request = Gitaly::UserSquashRequest.new( +          repository: @gitaly_repo, +          user: Gitlab::Git::User.from_gitlab(user).to_gitaly, +          squash_id: squash_id.to_s, +          branch: encode_binary(branch), +          start_sha: start_sha, +          end_sha: end_sha, +          author: Gitlab::Git::User.from_gitlab(author).to_gitaly, +          commit_message: encode_binary(message) +        ) + +        response = GitalyClient.call( +          @repository.storage, +          :operation_service, +          :user_squash, +          request +        ) + +        if response.git_error.presence +          raise Gitlab::Git::Repository::GitError, response.git_error +        end + +        response.squash_sha +      end +        def user_commit_files(          user, branch_name, commit_message, actions, author_email, author_name,          start_branch_name, start_repository) diff --git a/lib/gitlab/gitaly_client/ref_service.rb b/lib/gitlab/gitaly_client/ref_service.rb index 8b9a224b700..ba6b577fd17 100644 --- a/lib/gitlab/gitaly_client/ref_service.rb +++ b/lib/gitlab/gitaly_client/ref_service.rb @@ -145,6 +145,32 @@ module Gitlab          raise Gitlab::Git::Repository::GitError, response.git_error if response.git_error.present?        end +      # Limit: 0 implies no limit, thus all tag names will be returned +      def tag_names_contains_sha(sha, limit: 0) +        request = Gitaly::ListTagNamesContainingCommitRequest.new( +          repository: @gitaly_repo, +          commit_id: sha, +          limit: limit +        ) + +        stream = GitalyClient.call(@repository.storage, :ref_service, :list_tag_names_containing_commit, request) + +        consume_ref_contains_sha_response(stream, :tag_names) +      end + +      # Limit: 0 implies no limit, thus all tag names will be returned +      def branch_names_contains_sha(sha, limit: 0) +        request = Gitaly::ListBranchNamesContainingCommitRequest.new( +          repository: @gitaly_repo, +          commit_id: sha, +          limit: limit +        ) + +        stream = GitalyClient.call(@repository.storage, :ref_service, :list_branch_names_containing_commit, request) + +        consume_ref_contains_sha_response(stream, :branch_names) +      end +        private        def consume_refs_response(response) @@ -215,6 +241,13 @@ module Gitlab          Gitlab::Git::Commit.decorate(@repository, hash)        end +      def consume_ref_contains_sha_response(stream, collection_name) +        stream.each_with_object([]) do |response, array| +          encoded_names = response.send(collection_name).map { |b| Gitlab::Git.ref_name(b) } # rubocop:disable GitlabSecurity/PublicSend +          array.concat(encoded_names) +        end +      end +        def invalid_ref!(message)          raise Gitlab::Git::Repository::InvalidRef.new(message)        end diff --git a/lib/gitlab/gitaly_client/wiki_page.rb b/lib/gitlab/gitaly_client/wiki_page.rb index 7339468e911..a02d15db5dd 100644 --- a/lib/gitlab/gitaly_client/wiki_page.rb +++ b/lib/gitlab/gitaly_client/wiki_page.rb @@ -4,6 +4,7 @@ module Gitlab        ATTRS = %i(title format url_path path name historical raw_data).freeze        include AttributesBag +      include Gitlab::EncodingHelper        def initialize(params)          super @@ -11,6 +12,10 @@ module Gitlab          # All gRPC strings in a response are frozen, so we get an unfrozen          # version here so appending to `raw_data` doesn't blow up.          @raw_data = @raw_data.dup + +        @title = encode_utf8(@title) +        @path = encode_utf8(@path) +        @name = encode_utf8(@name)        end        def historical? diff --git a/lib/gitlab/gitaly_client/wiki_service.rb b/lib/gitlab/gitaly_client/wiki_service.rb index 8e87a8cc36f..0d8dd5cb8f4 100644 --- a/lib/gitlab/gitaly_client/wiki_service.rb +++ b/lib/gitlab/gitaly_client/wiki_service.rb @@ -101,6 +101,30 @@ module Gitlab          pages        end +      # options: +      #  :page     - The Integer page number. +      #  :per_page - The number of items per page. +      #  :limit    - Total number of items to return. +      def page_versions(page_path, options) +        request = Gitaly::WikiGetPageVersionsRequest.new( +          repository: @gitaly_repo, +          page_path: encode_binary(page_path), +          page: options[:page] || 1, +          per_page: options[:per_page] || Gollum::Page.per_page +        ) + +        stream = GitalyClient.call(@repository.storage, :wiki_service, :wiki_get_page_versions, request) + +        versions = [] +        stream.each do |message| +          message.versions.each do |version| +            versions << new_wiki_page_version(version) +          end +        end + +        versions +      end +        def find_file(name, revision)          request = Gitaly::WikiFindFileRequest.new(            repository: @gitaly_repo, @@ -141,7 +165,7 @@ module Gitlab        private -      # If a block is given and the yielded value is true, iteration will be +      # If a block is given and the yielded value is truthy, iteration will be        # stopped early at that point; else the iterator is consumed entirely.        # The iterator is traversed with `next` to allow resuming the iteration.        def wiki_page_from_iterator(iterator) @@ -158,10 +182,7 @@ module Gitlab            else              wiki_page = GitalyClient::WikiPage.new(page.to_h) -            version = Gitlab::Git::WikiPageVersion.new( -              Gitlab::Git::Commit.decorate(@repository, page.version.commit), -              page.version.format -            ) +            version = new_wiki_page_version(page.version)            end          end @@ -170,6 +191,13 @@ module Gitlab          [wiki_page, version]        end +      def new_wiki_page_version(version) +        Gitlab::Git::WikiPageVersion.new( +          Gitlab::Git::Commit.decorate(@repository, version.commit), +          version.format +        ) +      end +        def gitaly_commit_details(commit_details)          Gitaly::WikiCommitDetails.new(            name: encode_binary(commit_details.name), diff --git a/lib/gitlab/gon_helper.rb b/lib/gitlab/gon_helper.rb index 9148d7571f2..86a90d57d9c 100644 --- a/lib/gitlab/gon_helper.rb +++ b/lib/gitlab/gon_helper.rb @@ -3,12 +3,11 @@  module Gitlab    module GonHelper      include WebpackHelper -    include Gitlab::CurrentSettings      def add_gon_variables        gon.api_version            = 'v4'        gon.default_avatar_url     = URI.join(Gitlab.config.gitlab.url, ActionController::Base.helpers.image_path('no_avatar.png')).to_s -      gon.max_file_size          = current_application_settings.max_attachment_size +      gon.max_file_size          = Gitlab::CurrentSettings.max_attachment_size        gon.asset_host             = ActionController::Base.asset_host        gon.webpack_public_path    = webpack_public_path        gon.relative_url_root      = Gitlab.config.gitlab.relative_url_root @@ -16,7 +15,7 @@ module Gitlab        gon.user_color_scheme      = Gitlab::ColorSchemes.for_user(current_user).css_class        gon.katex_css_url          = ActionController::Base.helpers.asset_path('katex.css')        gon.katex_js_url           = ActionController::Base.helpers.asset_path('katex.js') -      gon.sentry_dsn             = current_application_settings.clientside_sentry_dsn if current_application_settings.clientside_sentry_enabled +      gon.sentry_dsn             = Gitlab::CurrentSettings.clientside_sentry_dsn if Gitlab::CurrentSettings.clientside_sentry_enabled        gon.gitlab_url             = Gitlab.config.gitlab.url        gon.revision               = Gitlab::REVISION        gon.gitlab_logo            = ActionController::Base.helpers.asset_path('gitlab_logo.png') diff --git a/lib/gitlab/import_export/import_export.yml b/lib/gitlab/import_export/import_export.yml index 2daed10f678..9f404003125 100644 --- a/lib/gitlab/import_export/import_export.yml +++ b/lib/gitlab/import_export/import_export.yml @@ -27,6 +27,8 @@ project_tree:    - :releases    - project_members:      - :user +  - lfs_file_locks: +    - :user    - merge_requests:      - notes:        - :author diff --git a/lib/gitlab/import_export/relation_factory.rb b/lib/gitlab/import_export/relation_factory.rb index cb711a83433..759833a5ee5 100644 --- a/lib/gitlab/import_export/relation_factory.rb +++ b/lib/gitlab/import_export/relation_factory.rb @@ -139,13 +139,12 @@ module Gitlab        end        def setup_label -        return unless @relation_hash['type'] == 'GroupLabel' -          # If there's no group, move the label to a project label -        if @relation_hash['group_id'] +        if @relation_hash['type'] == 'GroupLabel' && @relation_hash['group_id']            @relation_hash['project_id'] = nil            @relation_name = :group_label          else +          @relation_hash['group_id'] = nil            @relation_hash['type'] = 'ProjectLabel'          end        end diff --git a/lib/gitlab/kubernetes/helm/pod.rb b/lib/gitlab/kubernetes/helm/pod.rb index a3216759cae..ca5e06009fa 100644 --- a/lib/gitlab/kubernetes/helm/pod.rb +++ b/lib/gitlab/kubernetes/helm/pod.rb @@ -64,7 +64,7 @@ module Gitlab              {                name: 'configuration-volume',                configMap: { -                name: 'values-content-configuration', +                name: "values-content-configuration-#{command.name}",                  items: [{ key: 'values', path: 'values.yaml' }]                }              } @@ -81,7 +81,11 @@ module Gitlab          def create_config_map            resource = ::Kubeclient::Resource.new -          resource.metadata = { name: 'values-content-configuration', namespace: namespace_name, labels: { name: 'values-content-configuration' } } +          resource.metadata = { +            name: "values-content-configuration-#{command.name}", +            namespace: namespace_name, +            labels: { name: "values-content-configuration-#{command.name}" } +          }            resource.data = { values: File.read(command.chart_values_file) }            kubeclient.create_config_map(resource)          end diff --git a/lib/gitlab/ldap/auth_hash.rb b/lib/gitlab/ldap/auth_hash.rb index 1bd0965679a..96171dc26c4 100644 --- a/lib/gitlab/ldap/auth_hash.rb +++ b/lib/gitlab/ldap/auth_hash.rb @@ -7,6 +7,12 @@ module Gitlab          @uid ||= Gitlab::LDAP::Person.normalize_dn(super)        end +      def username +        super.tap do |username| +          username.downcase! if ldap_config.lowercase_usernames +        end +      end +        private        def get_info(key) diff --git a/lib/gitlab/ldap/config.rb b/lib/gitlab/ldap/config.rb index cde60addcf7..47b3fce3e7a 100644 --- a/lib/gitlab/ldap/config.rb +++ b/lib/gitlab/ldap/config.rb @@ -139,6 +139,10 @@ module Gitlab          options['allow_username_or_email_login']        end +      def lowercase_usernames +        options['lowercase_usernames'] +      end +        def name_proc          if allow_username_or_email_login            proc { |name| name.gsub(/@.*\z/, '') } diff --git a/lib/gitlab/ldap/person.rb b/lib/gitlab/ldap/person.rb index e81cec6ba1a..b91757c2a4b 100644 --- a/lib/gitlab/ldap/person.rb +++ b/lib/gitlab/ldap/person.rb @@ -82,7 +82,9 @@ module Gitlab          # be returned. We need only one for username.          # Ex. `uid` returns only one value but `mail` may          # return an array of multiple email addresses. -        [username].flatten.first +        [username].flatten.first.tap do |username| +          username.downcase! if config.lowercase_usernames +        end        end        def email diff --git a/lib/gitlab/legacy_github_import/project_creator.rb b/lib/gitlab/legacy_github_import/project_creator.rb index 41e7eac4d08..cbabe5454ca 100644 --- a/lib/gitlab/legacy_github_import/project_creator.rb +++ b/lib/gitlab/legacy_github_import/project_creator.rb @@ -1,8 +1,6 @@  module Gitlab    module LegacyGithubImport      class ProjectCreator -      include Gitlab::CurrentSettings -        attr_reader :repo, :name, :namespace, :current_user, :session_data, :type        def initialize(repo, name, namespace, current_user, session_data, type: 'github') @@ -36,7 +34,7 @@ module Gitlab        end        def visibility_level -        repo.private ? Gitlab::VisibilityLevel::PRIVATE : current_application_settings.default_project_visibility +        repo.private ? Gitlab::VisibilityLevel::PRIVATE : Gitlab::CurrentSettings.default_project_visibility        end        # diff --git a/lib/gitlab/metrics/prometheus.rb b/lib/gitlab/metrics/prometheus.rb index f07ea3560ff..d12ba0ec176 100644 --- a/lib/gitlab/metrics/prometheus.rb +++ b/lib/gitlab/metrics/prometheus.rb @@ -71,8 +71,7 @@ module Gitlab          end          def prometheus_metrics_enabled_unmemoized -          metrics_folder_present? && -            Gitlab::CurrentSettings.current_application_settings[:prometheus_metrics_enabled] || false +          metrics_folder_present? && Gitlab::CurrentSettings.prometheus_metrics_enabled || false          end        end      end diff --git a/lib/gitlab/middleware/go.rb b/lib/gitlab/middleware/go.rb index afbc2600634..1a570f480c6 100644 --- a/lib/gitlab/middleware/go.rb +++ b/lib/gitlab/middleware/go.rb @@ -4,7 +4,6 @@ module Gitlab    module Middleware      class Go        include ActionView::Helpers::TagHelper -      include Gitlab::CurrentSettings        PROJECT_PATH_REGEX = %r{\A(#{Gitlab::PathRegex.full_namespace_route_regex}/#{Gitlab::PathRegex.project_route_regex})/}.freeze @@ -42,7 +41,7 @@ module Gitlab          project_url = URI.join(config.gitlab.url, path)          import_prefix = strip_url(project_url.to_s) -        repository_url = if current_application_settings.enabled_git_access_protocol == 'ssh' +        repository_url = if Gitlab::CurrentSettings.enabled_git_access_protocol == 'ssh'                             shell = config.gitlab_shell                             port = ":#{shell.ssh_port}" unless shell.ssh_port == 22                             "ssh://#{shell.ssh_user}@#{shell.ssh_host}#{port}/#{path}.git" diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb index e40a001d20c..a3e1c66c19f 100644 --- a/lib/gitlab/o_auth/user.rb +++ b/lib/gitlab/o_auth/user.rb @@ -178,7 +178,7 @@ module Gitlab          valid_username = ::Namespace.clean_path(username)          uniquify = Uniquify.new -        valid_username = uniquify.string(valid_username) { |s| !UserPathValidator.valid_path?(s) } +        valid_username = uniquify.string(valid_username) { |s| !NamespacePathValidator.valid_path?(s) }          name = auth_hash.name          name = valid_username if name.strip.empty? diff --git a/lib/gitlab/path_regex.rb b/lib/gitlab/path_regex.rb index 7e5dfd33502..4dc38aae61e 100644 --- a/lib/gitlab/path_regex.rb +++ b/lib/gitlab/path_regex.rb @@ -171,24 +171,16 @@ module Gitlab        @project_git_route_regex ||= /#{project_route_regex}\.git/.freeze      end -    def root_namespace_path_regex -      @root_namespace_path_regex ||= %r{\A#{root_namespace_route_regex}/\z} -    end -      def full_namespace_path_regex        @full_namespace_path_regex ||= %r{\A#{full_namespace_route_regex}/\z}      end -    def project_path_regex -      @project_path_regex ||= %r{\A#{project_route_regex}/\z} -    end -      def full_project_path_regex        @full_project_path_regex ||= %r{\A#{full_namespace_route_regex}/#{project_route_regex}/\z}      end -    def full_namespace_format_regex -      @namespace_format_regex ||= /A#{FULL_NAMESPACE_FORMAT_REGEX}\z/.freeze +    def full_project_git_path_regex +      @full_project_git_path_regex ||= %r{\A\/?(?<namespace_path>#{full_namespace_route_regex})\/(?<project_path>#{project_route_regex})\.git\z}      end      def namespace_format_regex diff --git a/lib/gitlab/performance_bar.rb b/lib/gitlab/performance_bar.rb index e29e168fc5a..6c2b2036074 100644 --- a/lib/gitlab/performance_bar.rb +++ b/lib/gitlab/performance_bar.rb @@ -1,7 +1,5 @@  module Gitlab    module PerformanceBar -    extend Gitlab::CurrentSettings -      ALLOWED_USER_IDS_KEY = 'performance_bar_allowed_user_ids:v2'.freeze      EXPIRY_TIME = 5.minutes @@ -13,7 +11,7 @@ module Gitlab      end      def self.allowed_group_id -      current_application_settings.performance_bar_allowed_group_id +      Gitlab::CurrentSettings.performance_bar_allowed_group_id      end      def self.allowed_user_ids diff --git a/lib/gitlab/polling_interval.rb b/lib/gitlab/polling_interval.rb index 4780675a492..fe4bdfe3831 100644 --- a/lib/gitlab/polling_interval.rb +++ b/lib/gitlab/polling_interval.rb @@ -1,12 +1,10 @@  module Gitlab    class PollingInterval -    extend Gitlab::CurrentSettings -      HEADER_NAME = 'Poll-Interval'.freeze      def self.set_header(response, interval:)        if polling_enabled? -        multiplier = current_application_settings.polling_interval_multiplier +        multiplier = Gitlab::CurrentSettings.polling_interval_multiplier          value = (interval * multiplier).to_i        else          value = -1 @@ -16,7 +14,7 @@ module Gitlab      end      def self.polling_enabled? -      !current_application_settings.polling_interval_multiplier.zero? +      !Gitlab::CurrentSettings.polling_interval_multiplier.zero?      end    end  end diff --git a/lib/gitlab/project_search_results.rb b/lib/gitlab/project_search_results.rb index 4823f703ba4..9e2fa07a205 100644 --- a/lib/gitlab/project_search_results.rb +++ b/lib/gitlab/project_search_results.rb @@ -2,11 +2,12 @@ module Gitlab    class ProjectSearchResults < SearchResults      attr_reader :project, :repository_ref -    def initialize(current_user, project, query, repository_ref = nil) +    def initialize(current_user, project, query, repository_ref = nil, per_page: 20)        @current_user = current_user        @project = project        @repository_ref = repository_ref.presence || project.default_branch        @query = query +      @per_page = per_page      end      def objects(scope, page = nil) diff --git a/lib/gitlab/prometheus/queries/additional_metrics_deployment_query.rb b/lib/gitlab/prometheus/queries/additional_metrics_deployment_query.rb index 69d055c901c..294a6ae34ca 100644 --- a/lib/gitlab/prometheus/queries/additional_metrics_deployment_query.rb +++ b/lib/gitlab/prometheus/queries/additional_metrics_deployment_query.rb @@ -4,7 +4,7 @@ module Gitlab        class AdditionalMetricsDeploymentQuery < BaseQuery          include QueryAdditionalMetrics -        def query(deployment_id) +        def query(environment_id, deployment_id)            Deployment.find_by(id: deployment_id).try do |deployment|              query_metrics(                common_query_context( diff --git a/lib/gitlab/prometheus/queries/deployment_query.rb b/lib/gitlab/prometheus/queries/deployment_query.rb index 170f483540e..6e6da593178 100644 --- a/lib/gitlab/prometheus/queries/deployment_query.rb +++ b/lib/gitlab/prometheus/queries/deployment_query.rb @@ -2,7 +2,7 @@ module Gitlab    module Prometheus      module Queries        class DeploymentQuery < BaseQuery -        def query(deployment_id) +        def query(environment_id, deployment_id)            Deployment.find_by(id: deployment_id).try do |deployment|              environment_slug = deployment.environment.slug diff --git a/lib/gitlab/prometheus_client.rb b/lib/gitlab/prometheus_client.rb index aa94614bf18..10527972663 100644 --- a/lib/gitlab/prometheus_client.rb +++ b/lib/gitlab/prometheus_client.rb @@ -3,10 +3,10 @@ module Gitlab    # Helper methods to interact with Prometheus network services & resources    class PrometheusClient -    attr_reader :api_url +    attr_reader :rest_client, :headers -    def initialize(api_url:) -      @api_url = api_url +    def initialize(rest_client) +      @rest_client = rest_client      end      def ping @@ -40,37 +40,40 @@ module Gitlab      private      def json_api_get(type, args = {}) -      get(join_api_url(type, args)) +      path = ['api', 'v1', type].join('/') +      get(path, args) +    rescue JSON::ParserError +      raise PrometheusError, 'Parsing response failed'      rescue Errno::ECONNREFUSED        raise PrometheusError, 'Connection refused'      end -    def join_api_url(type, args = {}) -      url = URI.parse(api_url) -    rescue URI::Error -      raise PrometheusError, "Invalid API URL: #{api_url}" -    else -      url.path = [url.path.sub(%r{/+\z}, ''), 'api', 'v1', type].join('/') -      url.query = args.to_query - -      url.to_s -    end - -    def get(url) -      handle_response(HTTParty.get(url)) +    def get(path, args) +      response = rest_client[path].get(params: args) +      handle_response(response)      rescue SocketError -      raise PrometheusError, "Can't connect to #{url}" +      raise PrometheusError, "Can't connect to #{rest_client.url}"      rescue OpenSSL::SSL::SSLError -      raise PrometheusError, "#{url} contains invalid SSL data" -    rescue HTTParty::Error +      raise PrometheusError, "#{rest_client.url} contains invalid SSL data" +    rescue RestClient::ExceptionWithResponse => ex +      handle_exception_response(ex.response) +    rescue RestClient::Exception        raise PrometheusError, "Network connection error"      end      def handle_response(response) -      if response.code == 200 && response['status'] == 'success' -        response['data'] || {} -      elsif response.code == 400 -        raise PrometheusError, response['error'] || 'Bad data received' +      json_data = JSON.parse(response.body) +      if response.code == 200 && json_data['status'] == 'success' +        json_data['data'] || {} +      else +        raise PrometheusError, "#{response.code} - #{response.body}" +      end +    end + +    def handle_exception_response(response) +      if response.code == 400 +        json_data = JSON.parse(response.body) +        raise PrometheusError, json_data['error'] || 'Bad data received'        else          raise PrometheusError, "#{response.code} - #{response.body}"        end diff --git a/lib/gitlab/protocol_access.rb b/lib/gitlab/protocol_access.rb index 09fa14764e6..2819c7d062c 100644 --- a/lib/gitlab/protocol_access.rb +++ b/lib/gitlab/protocol_access.rb @@ -1,14 +1,12 @@  module Gitlab    module ProtocolAccess -    extend Gitlab::CurrentSettings -      def self.allowed?(protocol)        if protocol == 'web'          true -      elsif current_application_settings.enabled_git_access_protocol.blank? +      elsif Gitlab::CurrentSettings.enabled_git_access_protocol.blank?          true        else -        protocol == current_application_settings.enabled_git_access_protocol +        protocol == Gitlab::CurrentSettings.enabled_git_access_protocol        end      end    end diff --git a/lib/gitlab/query_limiting.rb b/lib/gitlab/query_limiting.rb new file mode 100644 index 00000000000..f64f1757144 --- /dev/null +++ b/lib/gitlab/query_limiting.rb @@ -0,0 +1,36 @@ +module Gitlab +  module QueryLimiting +    # Returns true if we should enable tracking of query counts. +    # +    # This is only enabled in production/staging if we're running on GitLab.com. +    # This ensures we don't produce any errors that users can't do anything +    # about themselves. +    def self.enable? +      Gitlab.com? || Rails.env.development? || Rails.env.test? +    end + +    # Allows the current request to execute any number of SQL queries. +    # +    # This method should _only_ be used when there's a corresponding issue to +    # reduce the number of queries. +    # +    # The issue URL is only meant to push developers into creating an issue +    # instead of blindly whitelisting offending blocks of code. +    def self.whitelist(issue_url) +      return unless enable_whitelist? + +      unless issue_url.start_with?('https://') +        raise( +          ArgumentError, +          'You must provide a valid issue URL in order to whitelist a block of code' +        ) +      end + +      Transaction&.current&.whitelisted = true +    end + +    def self.enable_whitelist? +      Rails.env.development? || Rails.env.test? +    end +  end +end diff --git a/lib/gitlab/query_limiting/active_support_subscriber.rb b/lib/gitlab/query_limiting/active_support_subscriber.rb new file mode 100644 index 00000000000..66049c94ec6 --- /dev/null +++ b/lib/gitlab/query_limiting/active_support_subscriber.rb @@ -0,0 +1,11 @@ +module Gitlab +  module QueryLimiting +    class ActiveSupportSubscriber < ActiveSupport::Subscriber +      attach_to :active_record + +      def sql(*) +        Transaction.current&.increment +      end +    end +  end +end diff --git a/lib/gitlab/query_limiting/middleware.rb b/lib/gitlab/query_limiting/middleware.rb new file mode 100644 index 00000000000..949ae79a047 --- /dev/null +++ b/lib/gitlab/query_limiting/middleware.rb @@ -0,0 +1,55 @@ +# frozen_string_literal: true + +module Gitlab +  module QueryLimiting +    # Middleware for reporting (or raising) when a request performs more than a +    # certain amount of database queries. +    class Middleware +      CONTROLLER_KEY = 'action_controller.instance'.freeze +      ENDPOINT_KEY = 'api.endpoint'.freeze + +      def initialize(app) +        @app = app +      end + +      def call(env) +        transaction, retval = Transaction.run do +          @app.call(env) +        end + +        transaction.action = action_name(env) +        transaction.act_upon_results + +        retval +      end + +      def action_name(env) +        if env[CONTROLLER_KEY] +          action_for_rails(env) +        elsif env[ENDPOINT_KEY] +          action_for_grape(env) +        end +      end + +      private + +      def action_for_rails(env) +        controller = env[CONTROLLER_KEY] +        action = "#{controller.class.name}##{controller.action_name}" + +        if controller.content_type == 'text/html' +          action +        else +          "#{action} (#{controller.content_type})" +        end +      end + +      def action_for_grape(env) +        endpoint = env[ENDPOINT_KEY] +        route = endpoint.route rescue nil + +        "#{route.request_method} #{route.path}" if route +      end +    end +  end +end diff --git a/lib/gitlab/query_limiting/transaction.rb b/lib/gitlab/query_limiting/transaction.rb new file mode 100644 index 00000000000..3cbafadb0d0 --- /dev/null +++ b/lib/gitlab/query_limiting/transaction.rb @@ -0,0 +1,83 @@ +module Gitlab +  module QueryLimiting +    class Transaction +      THREAD_KEY = :__gitlab_query_counts_transaction + +      attr_accessor :count, :whitelisted + +      # The name of the action (e.g. `UsersController#show`) that is being +      # executed. +      attr_accessor :action + +      # The maximum number of SQL queries that can be executed in a request. For +      # the sake of keeping things simple we hardcode this value here, it's not +      # supposed to be changed very often anyway. +      THRESHOLD = 100 + +      # Error that is raised whenever exceeding the maximum number of queries. +      ThresholdExceededError = Class.new(StandardError) + +      def self.current +        Thread.current[THREAD_KEY] +      end + +      # Starts a new transaction and returns it and the blocks' return value. +      # +      # Example: +      # +      #     transaction, retval = Transaction.run do +      #       10 +      #     end +      # +      #     retval # => 10 +      def self.run +        transaction = new +        Thread.current[THREAD_KEY] = transaction + +        [transaction, yield] +      ensure +        Thread.current[THREAD_KEY] = nil +      end + +      def initialize +        @action = nil +        @count = 0 +        @whitelisted = false +      end + +      # Sends a notification based on the number of executed SQL queries. +      def act_upon_results +        return unless threshold_exceeded? + +        error = ThresholdExceededError.new(error_message) + +        if raise_error? +          raise(error) +        else +          # Raven automatically logs to the Rails log if disabled, thus we don't +          # need to manually log anything in case Sentry support is not enabled. +          Raven.capture_exception(error) +        end +      end + +      def increment +        @count += 1 unless whitelisted +      end + +      def raise_error? +        Rails.env.test? +      end + +      def threshold_exceeded? +        count > THRESHOLD +      end + +      def error_message +        header = 'Too many SQL queries were executed' +        header += " in #{action}" if action + +        "#{header}: a maximum of #{THRESHOLD} is allowed but #{count} SQL queries were executed" +      end +    end +  end +end diff --git a/lib/gitlab/recaptcha.rb b/lib/gitlab/recaptcha.rb index c463dd487a0..c9efa28d7e7 100644 --- a/lib/gitlab/recaptcha.rb +++ b/lib/gitlab/recaptcha.rb @@ -1,12 +1,10 @@  module Gitlab    module Recaptcha -    extend Gitlab::CurrentSettings -      def self.load_configurations! -      if current_application_settings.recaptcha_enabled +      if Gitlab::CurrentSettings.recaptcha_enabled          ::Recaptcha.configure do |config| -          config.public_key  = current_application_settings.recaptcha_site_key -          config.private_key = current_application_settings.recaptcha_private_key +          config.public_key  = Gitlab::CurrentSettings.recaptcha_site_key +          config.private_key = Gitlab::CurrentSettings.recaptcha_private_key          end          true @@ -14,7 +12,7 @@ module Gitlab      end      def self.enabled? -      current_application_settings.recaptcha_enabled +      Gitlab::CurrentSettings.recaptcha_enabled      end    end  end diff --git a/lib/gitlab/search_results.rb b/lib/gitlab/search_results.rb index 7362514167f..5ad219179f3 100644 --- a/lib/gitlab/search_results.rb +++ b/lib/gitlab/search_results.rb @@ -10,6 +10,7 @@ module Gitlab          @ref = opts.fetch(:ref, nil)          @startline = opts.fetch(:startline, nil)          @data = opts.fetch(:data, nil) +        @per_page = opts.fetch(:per_page, 20)        end        def path @@ -21,7 +22,7 @@ module Gitlab        end      end -    attr_reader :current_user, :query +    attr_reader :current_user, :query, :per_page      # Limit search results by passed projects      # It allows us to search only for projects user has access to @@ -33,11 +34,12 @@ module Gitlab      # query      attr_reader :default_project_filter -    def initialize(current_user, limit_projects, query, default_project_filter: false) +    def initialize(current_user, limit_projects, query, default_project_filter: false, per_page: 20)        @current_user = current_user        @limit_projects = limit_projects || Project.all        @query = query        @default_project_filter = default_project_filter +      @per_page = per_page      end      def objects(scope, page = nil, without_count = true) @@ -153,10 +155,6 @@ module Gitlab        'projects'      end -    def per_page -      20 -    end -      def project_ids_relation        limit_projects.select(:id).reorder(nil)      end diff --git a/lib/gitlab/sentry.rb b/lib/gitlab/sentry.rb index 159d0e7952e..4a22fc80f75 100644 --- a/lib/gitlab/sentry.rb +++ b/lib/gitlab/sentry.rb @@ -1,9 +1,7 @@  module Gitlab    module Sentry -    extend Gitlab::CurrentSettings -      def self.enabled? -      Rails.env.production? && current_application_settings.sentry_enabled? +      Rails.env.production? && Gitlab::CurrentSettings.sentry_enabled?      end      def self.context(current_user = nil) diff --git a/lib/gitlab/sidekiq_middleware/memory_killer.rb b/lib/gitlab/sidekiq_middleware/memory_killer.rb index 2bfb7caefd9..b89ae2505c9 100644 --- a/lib/gitlab/sidekiq_middleware/memory_killer.rb +++ b/lib/gitlab/sidekiq_middleware/memory_killer.rb @@ -45,7 +45,7 @@ module Gitlab        private        def get_rss -        output, status = Gitlab::Popen.popen(%W(ps -o rss= -p #{pid})) +        output, status = Gitlab::Popen.popen(%W(ps -o rss= -p #{pid}), Rails.root.to_s)          return 0 unless status.zero?          output.to_i diff --git a/lib/gitlab/ssh_public_key.rb b/lib/gitlab/ssh_public_key.rb index 89ca1298120..545e7c74f7e 100644 --- a/lib/gitlab/ssh_public_key.rb +++ b/lib/gitlab/ssh_public_key.rb @@ -21,6 +21,22 @@ module Gitlab        technology(name)&.supported_sizes      end +    def self.sanitize(key_content) +      ssh_type, *parts = key_content.strip.split + +      return key_content if parts.empty? + +      parts.each_with_object("#{ssh_type} ").with_index do |(part, content), index| +        content << part + +        if Gitlab::SSHPublicKey.new(content).valid? +          break [content, parts[index + 1]].compact.join(' ') # Add the comment part if present +        elsif parts.size == index + 1 # return original content if we've reached the last element +          break key_content +        end +      end +    end +      attr_reader :key_text, :key      # Unqualified MD5 fingerprint for compatibility @@ -37,23 +53,23 @@ module Gitlab      end      def valid? -      key.present? +      key.present? && bits && technology.supported_sizes.include?(bits)      end      def type -      technology.name if valid? +      technology.name if key.present?      end      def bits -      return unless valid? +      return if key.blank?        case type        when :rsa -        key.n.num_bits +        key.n&.num_bits        when :dsa -        key.p.num_bits +        key.p&.num_bits        when :ecdsa -        key.group.order.num_bits +        key.group.order&.num_bits        when :ed25519          256        else diff --git a/lib/gitlab/usage_data.rb b/lib/gitlab/usage_data.rb index 2adcc9809b3..9d13d1d781f 100644 --- a/lib/gitlab/usage_data.rb +++ b/lib/gitlab/usage_data.rb @@ -1,8 +1,6 @@  module Gitlab    class UsageData      class << self -      include Gitlab::CurrentSettings -        def data(force_refresh: false)          Rails.cache.fetch('usage_data', force: force_refresh, expires_in: 2.weeks) { uncached_data }        end @@ -19,7 +17,7 @@ module Gitlab        def license_usage_data          usage_data = { -          uuid: current_application_settings.uuid, +          uuid: Gitlab::CurrentSettings.uuid,            hostname: Gitlab.config.gitlab.host,            version: Gitlab::VERSION,            active_user_count: User.active.count, @@ -79,9 +77,9 @@ module Gitlab        def features_usage_data_ce          { -          signup: current_application_settings.allow_signup?, +          signup: Gitlab::CurrentSettings.allow_signup?,            ldap: Gitlab.config.ldap.enabled, -          gravatar: current_application_settings.gravatar_enabled?, +          gravatar: Gitlab::CurrentSettings.gravatar_enabled?,            omniauth: Gitlab.config.omniauth.enabled,            reply_by_email: Gitlab::IncomingEmail.enabled?,            container_registry: Gitlab.config.registry.enabled, diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index f357488ac61..15eb1c41213 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -6,7 +6,8 @@ module Gitlab        [user&.id, project&.id]      end -    attr_reader :user, :project +    attr_reader :user +    attr_accessor :project      def initialize(user, project: nil)        @user = user diff --git a/lib/gitlab/visibility_level.rb b/lib/gitlab/visibility_level.rb index 6ced06a863d..2612208a927 100644 --- a/lib/gitlab/visibility_level.rb +++ b/lib/gitlab/visibility_level.rb @@ -5,7 +5,6 @@  #  module Gitlab    module VisibilityLevel -    extend CurrentSettings      extend ActiveSupport::Concern      included do @@ -58,9 +57,9 @@ module Gitlab        end        def allowed_levels -        restricted_levels = current_application_settings.restricted_visibility_levels +        restricted_levels = Gitlab::CurrentSettings.restricted_visibility_levels -        self.values - restricted_levels +        self.values - Array(restricted_levels)        end        def closest_allowed_level(target_level) @@ -81,7 +80,7 @@ module Gitlab        end        def non_restricted_level?(level) -        restricted_levels = current_application_settings.restricted_visibility_levels +        restricted_levels = Gitlab::CurrentSettings.restricted_visibility_levels          if restricted_levels.nil?            true diff --git a/lib/tasks/flay.rake b/lib/tasks/flay.rake index b1e012e70c5..4b4881cecb8 100644 --- a/lib/tasks/flay.rake +++ b/lib/tasks/flay.rake @@ -2,7 +2,7 @@ desc 'Code duplication analyze via flay'  task :flay do    output = `bundle exec flay --mass 35 app/ lib/gitlab/ 2> #{File::NULL}` -  if output.include? "Similar code found" +  if output.include?("Similar code found") || output.include?("IDENTICAL code found")      puts output      exit 1    end | 
