Commit aeaef0ad authored by Stan Hu's avatar Stan Hu

Support v4 API for GitLab Geo endpoints

parent 904981f7
---
title: Support v4 API for GitLab Geo endpoints
merge_request:
author:
...@@ -2,11 +2,12 @@ module Gitlab ...@@ -2,11 +2,12 @@ module Gitlab
module Middleware module Middleware
class ReadonlyGeo class ReadonlyGeo
DISALLOWED_METHODS = %w(POST PATCH PUT DELETE) DISALLOWED_METHODS = %w(POST PATCH PUT DELETE)
WHITELISTED = %w(api/v3/internal api/v3/geo/refresh_wikis api/v3/geo/receive_events)
APPLICATION_JSON = 'application/json' APPLICATION_JSON = 'application/json'
API_VERSIONS = (3..4)
def initialize(app) def initialize(app)
@app = app @app = app
@whitelisted = internal_routes + geo_routes
end end
def call(env) def call(env)
...@@ -31,6 +32,15 @@ module Gitlab ...@@ -31,6 +32,15 @@ module Gitlab
private private
def internal_routes
API_VERSIONS.flat_map { |version| "api/v#{version}/internal" }
end
def geo_routes
geo_routes = ['refresh_wikis', 'receive_events']
API_VERSIONS.flat_map { |version| geo_routes.map { |route| "api/v#{version}/geo/#{route}" } }
end
def disallowed_request? def disallowed_request?
DISALLOWED_METHODS.include?(@env['REQUEST_METHOD']) && !whitelisted_routes DISALLOWED_METHODS.include?(@env['REQUEST_METHOD']) && !whitelisted_routes
end end
...@@ -60,7 +70,7 @@ module Gitlab ...@@ -60,7 +70,7 @@ module Gitlab
end end
def whitelisted_routes def whitelisted_routes
logout_route || grack_route || WHITELISTED.any? { |path| @request.path.include?(path) } || sidekiq_route logout_route || grack_route || @whitelisted.any? { |path| request.path.include?(path) } || sidekiq_route
end end
def logout_route def logout_route
......
...@@ -76,6 +76,20 @@ describe Gitlab::Middleware::ReadonlyGeo, lib: true do ...@@ -76,6 +76,20 @@ describe Gitlab::Middleware::ReadonlyGeo, lib: true do
expect(response).not_to be_a_redirect expect(response).not_to be_a_redirect
expect(subject).not_to disallow_request expect(subject).not_to disallow_request
end end
it 'expects a POST internal request to be allowed' do
response = request.post("/api/#{API::API.version}/internal")
expect(response).not_to be_a_redirect
expect(subject).not_to disallow_request
end
it 'expects a POST Geo request to be allowed' do
response = request.post("/api/#{API::API.version}/geo/refresh_wikis")
expect(response).not_to be_a_redirect
expect(subject).not_to disallow_request
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment