Merge branch '208674-use-wh-acceleration-for-ui-project-import' into 'master'

Use WH acceleration on Project Import file upload via UI See merge request gitlab-org/gitlab!26278

Merge branch '208674-use-wh-acceleration-for-ui-project-import' into 'master'
Use WH acceleration on Project Import file upload via UI See merge request gitlab-org/gitlab!26278
e0bf321b · Nick Thomas · f9ed8e1d · 39396bdf · e0bf321b · e0bf321b
Commit e0bf321b authored Mar 10, 2020 by Nick Thomas
4 changed files
--- a/app/controllers/import/gitlab_projects_controller.rb
+++ b/app/controllers/import/gitlab_projects_controller.rb
 # frozen_string_literal: true

 class Import::GitlabProjectsController < Import::BaseController
+  include WorkhorseRequest
+
  before_action :whitelist_query_limiting, only: [:create]
  before_action :verify_gitlab_project_import_enabled

+  skip_before_action :verify_authenticity_token, only: [:authorize]
+  before_action :verify_workhorse_api!, only: [:authorize]
+
  def new
    @namespace = Namespace.find(project_params[:namespace_id])
    return render_404 unless current_user.can?(:create_projects, @namespace)
@@ -28,10 +33,29 @@ class Import::GitlabProjectsController < Import::BaseController
    end
  end

+  def authorize
+    set_workhorse_internal_api_content_type
+
+    authorized = ImportExportUploader.workhorse_authorize(
+      has_length: false,
+      maximum_size: Gitlab::CurrentSettings.max_attachment_size.megabytes.to_i)
+
+    render json: authorized
+  rescue SocketError
+    render json: _("Error uploading file"), status: :internal_server_error
+  end
+
  private

  def file_is_valid?
-    return false unless project_params[:file] && project_params[:file].respond_to?(:read)
+    # TODO: remove the condition and the private method after the WH version including
+    # https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/470
+    # is released and GITLAB_WORKHORSE_VERSION is updated accordingly.
+    if with_workhorse_upload_acceleration?
+      return false unless project_params[:file].is_a?(::UploadedFile)
+    else
+      return false unless project_params[:file] && project_params[:file].respond_to?(:read)
+    end

    filename = project_params[:file].original_filename

@@ -51,4 +75,8 @@ class Import::GitlabProjectsController < Import::BaseController
  def whitelist_query_limiting
    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42437')
  end
+
+  def with_workhorse_upload_acceleration?
+    request.headers[Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER].present?
+  end
 end
--- a/changelogs/unreleased/208674-use-wh-acceleration-for-ui-project-import.yml
+++ b/changelogs/unreleased/208674-use-wh-acceleration-for-ui-project-import.yml
+---
+title: Use Workhorse acceleration for Project Import file upload via UI
+merge_request: 26278
+author:
+type: performance
--- a/config/routes/import.rb
+++ b/config/routes/import.rb
@@ -60,6 +60,7 @@ namespace :import do

  resource :gitlab_project, only: [:create, :new] do
    post :create
+    post :authorize
  end

  resource :manifest, only: [:create, :new], controller: :manifest do

--- a/spec/controllers/import/gitlab_projects_controller_spec.rb
+++ b/spec/controllers/import/gitlab_projects_controller_spec.rb
@@ -39,4 +39,62 @@ describe Import::GitlabProjectsController do

    it_behaves_like 'project import rate limiter'
  end
+
+  describe 'POST authorize' do
+    let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
+
+    before do
+      request.headers['GitLab-Workhorse'] = '1.0'
+      request.headers[Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER] = workhorse_token
+    end
+
+    it 'authorizes importing project with workhorse header' do
+      post :authorize, format: :json
+
+      expect(response).to have_gitlab_http_status(:ok)
+      expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
+    end
+
+    it 'rejects requests that bypassed gitlab-workhorse or have invalid header' do
+      request.headers[Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER] = 'INVALID_HEADER'
+
+      expect { post :authorize, format: :json }.to raise_error(JWT::DecodeError)
+    end
+
+    context 'when using remote storage' do
+      context 'when direct upload is enabled' do
+        before do
+          stub_uploads_object_storage(ImportExportUploader, enabled: true, direct_upload: true)
+        end
+
+        it 'responds with status 200, location of file remote store and object details' do
+          post :authorize, format: :json
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
+          expect(json_response).not_to have_key('TempPath')
+          expect(json_response['RemoteObject']).to have_key('ID')
+          expect(json_response['RemoteObject']).to have_key('GetURL')
+          expect(json_response['RemoteObject']).to have_key('StoreURL')
+          expect(json_response['RemoteObject']).to have_key('DeleteURL')
+          expect(json_response['RemoteObject']).to have_key('MultipartUpload')
+        end
+      end
+
+      context 'when direct upload is disabled' do
+        before do
+          stub_uploads_object_storage(ImportExportUploader, enabled: true, direct_upload: false)
+        end
+
+        it 'handles as a local file' do
+          post :authorize, format: :json
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
+          expect(json_response['TempPath']).to eq(ImportExportUploader.workhorse_local_upload_path)
+          expect(json_response['RemoteObject']).to be_nil
+        end
+      end
+    end
+  end
 end