From b5763e91cdeaba55b3c426129ba3c4f9638c5eb1 Mon Sep 17 00:00:00 2001
From: Valery Sizov <valery@gitlab.com>
Date: Wed, 15 Oct 2014 18:26:15 +0300
Subject: add gitlab-shell identification

---
 lib/api/helpers.rb  | 8 ++++++++
 lib/api/internal.rb | 4 ++++
 2 files changed, 12 insertions(+)

(limited to 'lib')

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 3262884f6d3..027fb20ec46 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -67,6 +67,10 @@ module API
       unauthorized! unless current_user
     end
 
+    def authenticate_by_gitlab_shell_token!
+      unauthorized! unless secret_token == params['secret_token']
+    end
+
     def authenticated_as_admin!
       forbidden! unless current_user.is_admin?
     end
@@ -193,5 +197,9 @@ module API
                        abilities
                      end
     end
+
+    def secret_token
+      File.read(Rails.root.join('.gitlab_shell_secret'))
+    end
   end
 end
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 9ac659f50fd..ebf2296097d 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -1,6 +1,10 @@
 module API
   # Internal access API
   class Internal < Grape::API
+    before {
+      authenticate_by_gitlab_shell_token!
+    }
+
     namespace 'internal' do
       # Check if git command is allowed to project
       #
-- 
cgit v1.2.1