Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
47880945
Commit
47880945
authored
Nov 02, 2020
by
Aakriti Gupta
Committed by
Peter Leitzen
Nov 02, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Change `whitelisted` to `allowlisted` in ReadOnly Middleware
parent
0aeb8866
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
16 additions
and
16 deletions
+16
-16
ee/lib/ee/gitlab/middleware/read_only/controller.rb
ee/lib/ee/gitlab/middleware/read_only/controller.rb
+6
-6
lib/gitlab/middleware/read_only/controller.rb
lib/gitlab/middleware/read_only/controller.rb
+10
-10
No files found.
ee/lib/ee/gitlab/middleware/read_only/controller.rb
View file @
47880945
...
@@ -7,19 +7,19 @@ module EE
...
@@ -7,19 +7,19 @@ module EE
module
Controller
module
Controller
extend
::
Gitlab
::
Utils
::
Override
extend
::
Gitlab
::
Utils
::
Override
WHITE
LISTED_GEO_ROUTES
=
{
ALLOW
LISTED_GEO_ROUTES
=
{
'admin/geo/nodes'
=>
%w{update}
'admin/geo/nodes'
=>
%w{update}
}.
freeze
}.
freeze
WHITE
LISTED_GEO_ROUTES_TRACKING_DB
=
{
ALLOW
LISTED_GEO_ROUTES_TRACKING_DB
=
{
'admin/geo/projects'
=>
%w{destroy resync reverify force_redownload resync_all reverify_all}
,
'admin/geo/projects'
=>
%w{destroy resync reverify force_redownload resync_all reverify_all}
,
'admin/geo/uploads'
=>
%w{destroy}
'admin/geo/uploads'
=>
%w{destroy}
}.
freeze
}.
freeze
private
private
override
:
white
listed_routes
override
:
allow
listed_routes
def
white
listed_routes
def
allow
listed_routes
super
||
geo_node_update_route?
||
geo_proxy_git_ssh_route?
||
geo_api_route?
super
||
geo_node_update_route?
||
geo_proxy_git_ssh_route?
||
geo_api_route?
end
end
...
@@ -30,10 +30,10 @@ module EE
...
@@ -30,10 +30,10 @@ module EE
controller
=
route_hash
[
:controller
]
controller
=
route_hash
[
:controller
]
action
=
route_hash
[
:action
]
action
=
route_hash
[
:action
]
if
WHITE
LISTED_GEO_ROUTES
[
controller
]
&
.
include?
(
action
)
if
ALLOW
LISTED_GEO_ROUTES
[
controller
]
&
.
include?
(
action
)
::
Gitlab
::
Database
.
db_read_write?
::
Gitlab
::
Database
.
db_read_write?
else
else
WHITE
LISTED_GEO_ROUTES_TRACKING_DB
[
controller
]
&
.
include?
(
action
)
ALLOW
LISTED_GEO_ROUTES_TRACKING_DB
[
controller
]
&
.
include?
(
action
)
end
end
end
end
...
...
lib/gitlab/middleware/read_only/controller.rb
View file @
47880945
...
@@ -9,20 +9,20 @@ module Gitlab
...
@@ -9,20 +9,20 @@ module Gitlab
APPLICATION_JSON_TYPES
=
%W{
#{
APPLICATION_JSON
}
application/vnd.git-lfs+json}
.
freeze
APPLICATION_JSON_TYPES
=
%W{
#{
APPLICATION_JSON
}
application/vnd.git-lfs+json}
.
freeze
ERROR_MESSAGE
=
'You cannot perform write operations on a read-only instance'
ERROR_MESSAGE
=
'You cannot perform write operations on a read-only instance'
WHITE
LISTED_GIT_ROUTES
=
{
ALLOW
LISTED_GIT_ROUTES
=
{
'repositories/git_http'
=>
%w{git_upload_pack git_receive_pack}
'repositories/git_http'
=>
%w{git_upload_pack git_receive_pack}
}.
freeze
}.
freeze
WHITE
LISTED_GIT_LFS_ROUTES
=
{
ALLOW
LISTED_GIT_LFS_ROUTES
=
{
'repositories/lfs_api'
=>
%w{batch}
,
'repositories/lfs_api'
=>
%w{batch}
,
'repositories/lfs_locks_api'
=>
%w{verify create unlock}
'repositories/lfs_locks_api'
=>
%w{verify create unlock}
}.
freeze
}.
freeze
WHITE
LISTED_GIT_REVISION_ROUTES
=
{
ALLOW
LISTED_GIT_REVISION_ROUTES
=
{
'projects/compare'
=>
%w{create}
'projects/compare'
=>
%w{create}
}.
freeze
}.
freeze
WHITE
LISTED_SESSION_ROUTES
=
{
ALLOW
LISTED_SESSION_ROUTES
=
{
'sessions'
=>
%w{destroy}
,
'sessions'
=>
%w{destroy}
,
'admin/sessions'
=>
%w{create destroy}
'admin/sessions'
=>
%w{create destroy}
}.
freeze
}.
freeze
...
@@ -55,7 +55,7 @@ module Gitlab
...
@@ -55,7 +55,7 @@ module Gitlab
def
disallowed_request?
def
disallowed_request?
DISALLOWED_METHODS
.
include?
(
@env
[
'REQUEST_METHOD'
])
&&
DISALLOWED_METHODS
.
include?
(
@env
[
'REQUEST_METHOD'
])
&&
!
white
listed_routes
!
allow
listed_routes
end
end
def
json_request?
def
json_request?
...
@@ -87,7 +87,7 @@ module Gitlab
...
@@ -87,7 +87,7 @@ module Gitlab
end
end
# Overridden in EE module
# Overridden in EE module
def
white
listed_routes
def
allow
listed_routes
workhorse_passthrough_route?
||
internal_route?
||
lfs_route?
||
compare_git_revisions_route?
||
sidekiq_route?
||
session_route?
||
graphql_query?
workhorse_passthrough_route?
||
internal_route?
||
lfs_route?
||
compare_git_revisions_route?
||
sidekiq_route?
||
session_route?
||
graphql_query?
end
end
...
@@ -98,7 +98,7 @@ module Gitlab
...
@@ -98,7 +98,7 @@ module Gitlab
return
false
unless
request
.
post?
&&
return
false
unless
request
.
post?
&&
request
.
path
.
end_with?
(
'.git/git-upload-pack'
,
'.git/git-receive-pack'
)
request
.
path
.
end_with?
(
'.git/git-upload-pack'
,
'.git/git-receive-pack'
)
WHITE
LISTED_GIT_ROUTES
[
route_hash
[
:controller
]]
&
.
include?
(
route_hash
[
:action
])
ALLOW
LISTED_GIT_ROUTES
[
route_hash
[
:controller
]]
&
.
include?
(
route_hash
[
:action
])
end
end
def
internal_route?
def
internal_route?
...
@@ -109,7 +109,7 @@ module Gitlab
...
@@ -109,7 +109,7 @@ module Gitlab
# Calling route_hash may be expensive. Only do it if we think there's a possible match
# Calling route_hash may be expensive. Only do it if we think there's a possible match
return
false
unless
request
.
post?
&&
request
.
path
.
end_with?
(
'compare'
)
return
false
unless
request
.
post?
&&
request
.
path
.
end_with?
(
'compare'
)
WHITE
LISTED_GIT_REVISION_ROUTES
[
route_hash
[
:controller
]]
&
.
include?
(
route_hash
[
:action
])
ALLOW
LISTED_GIT_REVISION_ROUTES
[
route_hash
[
:controller
]]
&
.
include?
(
route_hash
[
:action
])
end
end
def
lfs_route?
def
lfs_route?
...
@@ -120,7 +120,7 @@ module Gitlab
...
@@ -120,7 +120,7 @@ module Gitlab
return
false
return
false
end
end
WHITE
LISTED_GIT_LFS_ROUTES
[
route_hash
[
:controller
]]
&
.
include?
(
route_hash
[
:action
])
ALLOW
LISTED_GIT_LFS_ROUTES
[
route_hash
[
:controller
]]
&
.
include?
(
route_hash
[
:action
])
end
end
def
session_route?
def
session_route?
...
@@ -128,7 +128,7 @@ module Gitlab
...
@@ -128,7 +128,7 @@ module Gitlab
return
false
unless
request
.
post?
&&
request
.
path
.
end_with?
(
'/users/sign_out'
,
return
false
unless
request
.
post?
&&
request
.
path
.
end_with?
(
'/users/sign_out'
,
'/admin/session'
,
'/admin/session/destroy'
)
'/admin/session'
,
'/admin/session/destroy'
)
WHITE
LISTED_SESSION_ROUTES
[
route_hash
[
:controller
]]
&
.
include?
(
route_hash
[
:action
])
ALLOW
LISTED_SESSION_ROUTES
[
route_hash
[
:controller
]]
&
.
include?
(
route_hash
[
:action
])
end
end
def
sidekiq_route?
def
sidekiq_route?
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment