Merge branch '216912-http-connection-adapter-with-proxy-settings' into 'master'

HTTP connection adapter with proxy settings See merge request gitlab-org/gitlab!55406

Merge branch '216912-http-connection-adapter-with-proxy-settings' into 'master'
HTTP connection adapter with proxy settings See merge request gitlab-org/gitlab!55406
c3fcc450 · Bob Van Landuyt · 18225011 · b067dc7f · c3fcc450 · c3fcc450
Commit c3fcc450 authored Mar 09, 2021 by Bob Van Landuyt
Showing with 204 additions and 58 deletions

lib/gitlab/http_connection_adapter.rb lib/gitlab/http_connection_adapter.rb +25 -6

spec/lib/gitlab/http_connection_adapter_spec.rb spec/lib/gitlab/http_connection_adapter_spec.rb +179 -52

No files found.
--- a/lib/gitlab/http_connection_adapter.rb
+++ b/lib/gitlab/http_connection_adapter.rb
@@ -11,13 +11,18 @@
 # This option will take precedence over the global setting.
 module Gitlab
  class HTTPConnectionAdapter < HTTParty::ConnectionAdapter
+    extend ::Gitlab::Utils::Override
+    override :connection
    def connection
-      begin
+      @uri, hostname = validate_url!(uri)
-        @uri, hostname = Gitlab::UrlBlocker.validate!(uri, allow_local_network: allow_local_requests?,
-                                                           allow_localhost: allow_local_requests?,
+      if options.key?(:http_proxyaddr)
-                                                           dns_rebind_protection: dns_rebind_protection?)
+        proxy_uri_with_port = uri_with_port(options[:http_proxyaddr], options[:http_proxyport])
-      rescue Gitlab::UrlBlocker::BlockedUrlError => e
+        proxy_uri_validated = validate_url!(proxy_uri_with_port).first
-        raise Gitlab::HTTP::BlockedUrlError, "URL '#{uri}' is blocked: #{e.message}"
+        @options[:http_proxyaddr] = proxy_uri_validated.omit(:port).to_s
+        @options[:http_proxyport] = proxy_uri_validated.port
      end
      super.tap do |http|
@@ -27,6 +32,14 @@ module Gitlab
    private
+    def validate_url!(url)
+      Gitlab::UrlBlocker.validate!(url, allow_local_network: allow_local_requests?,
+                                        allow_localhost: allow_local_requests?,
+                                        dns_rebind_protection: dns_rebind_protection?)
+    rescue Gitlab::UrlBlocker::BlockedUrlError => e
+      raise Gitlab::HTTP::BlockedUrlError, "URL '#{url}' is blocked: #{e.message}"
+    end
    def allow_local_requests?
      options.fetch(:allow_local_requests, allow_settings_local_requests?)
    end
@@ -40,5 +53,11 @@ module Gitlab
    def allow_settings_local_requests?
      Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
    end
+    def uri_with_port(address, port)
+      uri = Addressable::URI.parse(address)
+      uri.port = port if port.present?
+      uri
+    end
  end
 end
--- a/spec/lib/gitlab/http_connection_adapter_spec.rb
+++ b/spec/lib/gitlab/http_connection_adapter_spec.rb