application_setting.rb 7.88 KB
Newer Older
1
class ApplicationSetting < ActiveRecord::Base
2
  include CacheMarkdownField
3
  include TokenAuthenticatable
4

5
  add_authentication_token_field :runners_registration_token
6
  add_authentication_token_field :health_check_access_token
7

8
  CACHE_KEY = 'application_setting.last'
9 10 11 12 13 14
  DOMAIN_LIST_SEPARATOR = %r{\s*[,;]\s*     # comma or semicolon, optionally surrounded by whitespace
                            |               # or
                            \s              # any whitespace character
                            |               # or
                            [\r\n]          # any number of newline characters
                          }x
15

16
  serialize :restricted_visibility_levels
17
  serialize :import_sources
18
  serialize :disabled_oauth_sign_in_sources, Array
19
  serialize :domain_whitelist, Array
20
  serialize :domain_blacklist, Array
21
  serialize :repository_storages
22

23 24 25 26 27
  cache_markdown_field :sign_in_text
  cache_markdown_field :help_page_text
  cache_markdown_field :shared_runners_text, pipeline: :plain_markdown
  cache_markdown_field :after_sign_up_text

28
  attr_accessor :domain_whitelist_raw, :domain_blacklist_raw
29 30

  validates :session_expire_delay,
31 32
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 0 }
33

34
  validates :home_page_url,
35 36 37
            allow_blank: true,
            url: true,
            if: :home_page_url_column_exist
38

39
  validates :after_sign_out_path,
40 41
            allow_blank: true,
            url: true
42

43
  validates :admin_notification_email,
44
            email: true,
45
            allow_blank: true
46

47
  validates :two_factor_grace_period,
48 49 50 51 52 53 54 55 56
            numericality: { greater_than_or_equal_to: 0 }

  validates :recaptcha_site_key,
            presence: true,
            if: :recaptcha_enabled

  validates :recaptcha_private_key,
            presence: true,
            if: :recaptcha_enabled
57

Jeroen Nijhof's avatar
Jeroen Nijhof committed
58 59 60 61
  validates :sentry_dsn,
            presence: true,
            if: :sentry_enabled

62 63 64 65
  validates :akismet_api_key,
            presence: true,
            if: :akismet_enabled

66 67 68 69
  validates :koding_url,
            presence: true,
            if: :koding_enabled

70 71 72 73
  validates :max_attachment_size,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

74 75 76 77
  validates :container_registry_token_expire_delay,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

78 79
  validates :repository_storages, presence: true
  validate :check_repository_storages
80

81
  validates :enabled_git_access_protocol,
82
            inclusion: { in: %w(ssh http), allow_blank: true, allow_nil: true }
83

84
  validates :domain_blacklist,
85
            presence: { message: 'Domain blacklist cannot be empty if Blacklist is enabled.' },
86 87
            if: :domain_blacklist_enabled?

88 89 90 91 92 93 94 95 96 97 98 99
  validates :housekeeping_incremental_repack_period,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

  validates :housekeeping_full_repack_period,
            presence: true,
            numericality: { only_integer: true, greater_than: :housekeeping_incremental_repack_period }

  validates :housekeeping_gc_period,
            presence: true,
            numericality: { only_integer: true, greater_than: :housekeeping_full_repack_period }

100
  validates_each :restricted_visibility_levels do |record, attr, value|
101 102 103 104 105
    unless value.nil?
      value.each do |level|
        unless Gitlab::VisibilityLevel.options.has_value?(level)
          record.errors.add(attr, "'#{level}' is not a valid visibility level")
        end
106 107 108 109
      end
    end
  end

110 111 112 113 114 115 116 117 118 119
  validates_each :import_sources do |record, attr, value|
    unless value.nil?
      value.each do |source|
        unless Gitlab::ImportSources.options.has_value?(source)
          record.errors.add(attr, "'#{source}' is not a import source")
        end
      end
    end
  end

120 121 122 123
  validates_each :disabled_oauth_sign_in_sources do |record, attr, value|
    unless value.nil?
      value.each do |source|
        unless Devise.omniauth_providers.include?(source.to_sym)
Andrei Gliga's avatar
typo  
Andrei Gliga committed
124
          record.errors.add(attr, "'#{source}' is not an OAuth sign-in source")
125 126 127 128 129
        end
      end
    end
  end

130
  before_save :ensure_runners_registration_token
131
  before_save :ensure_health_check_access_token
132

133
  after_commit do
134
    Rails.cache.write(CACHE_KEY, self)
135 136
  end

137
  def self.current
138
    Rails.cache.fetch(CACHE_KEY) do
139 140
      ApplicationSetting.last
    end
141
  end
142

143
  def self.expire
144
    Rails.cache.delete(CACHE_KEY)
145 146
  end

147 148 149 150
  def self.cached
    Rails.cache.fetch(CACHE_KEY)
  end

151 152 153
  def self.create_from_defaults
    create(
      default_projects_limit: Settings.gitlab['default_projects_limit'],
154
      default_branch_protection: Settings.gitlab['default_branch_protection'],
155 156 157
      signup_enabled: Settings.gitlab['signup_enabled'],
      signin_enabled: Settings.gitlab['signin_enabled'],
      gravatar_enabled: Settings.gravatar['enabled'],
158 159 160 161
      sign_in_text: nil,
      after_sign_up_text: nil,
      help_page_text: nil,
      shared_runners_text: nil,
162
      restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
Vinnie Okada's avatar
Vinnie Okada committed
163
      max_attachment_size: Settings.gitlab['max_attachment_size'],
164
      session_expire_delay: Settings.gitlab['session_expire_delay'],
Vinnie Okada's avatar
Vinnie Okada committed
165
      default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
166
      default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
167
      domain_whitelist: Settings.gitlab['domain_whitelist'],
168
      import_sources: Gitlab::ImportSources.values,
169
      shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'],
Kamil Trzcinski's avatar
Kamil Trzcinski committed
170
      max_artifacts_size: Settings.artifacts['max_size'],
171
      require_two_factor_authentication: false,
172 173
      two_factor_grace_period: 48,
      recaptcha_enabled: false,
174
      akismet_enabled: false,
175 176
      koding_enabled: false,
      koding_url: nil,
177
      repository_checks_enabled: true,
178
      disabled_oauth_sign_in_sources: [],
179 180
      send_user_confirmation_email: false,
      container_registry_token_expire_delay: 5,
181
      repository_storages: ['default'],
182
      user_default_external: false,
183 184 185 186 187
      housekeeping_enabled: true,
      housekeeping_bitmaps_enabled: true,
      housekeeping_incremental_repack_period: 10,
      housekeeping_full_repack_period: 50,
      housekeeping_gc_period: 200,
188 189
    )
  end
190 191 192 193

  def home_page_url_column_exist
    ActiveRecord::Base.connection.column_exists?(:application_settings, :home_page_url)
  end
194

195 196
  def domain_whitelist_raw
    self.domain_whitelist.join("\n") unless self.domain_whitelist.nil?
197 198
  end

199 200 201 202
  def domain_blacklist_raw
    self.domain_blacklist.join("\n") unless self.domain_blacklist.nil?
  end

203 204 205 206 207
  def domain_whitelist_raw=(values)
    self.domain_whitelist = []
    self.domain_whitelist = values.split(DOMAIN_LIST_SEPARATOR)
    self.domain_whitelist.reject! { |d| d.empty? }
    self.domain_whitelist
208
  end
209

210 211
  def domain_blacklist_raw=(values)
    self.domain_blacklist = []
212
    self.domain_blacklist = values.split(DOMAIN_LIST_SEPARATOR)
213
    self.domain_blacklist.reject! { |d| d.empty? }
214
    self.domain_blacklist
215 216 217 218 219 220
  end

  def domain_blacklist_file=(file)
    self.domain_blacklist_raw = file.read
  end

221
  def repository_storages
222
    Array(read_attribute(:repository_storages))
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239
  end

  # repository_storage is still required in the API. Remove in 9.0
  def repository_storage
    repository_storages.first
  end

  def repository_storage=(value)
    self.repository_storages = [value]
  end

  # Choose one of the available repository storage options. Currently all have
  # equal weighting.
  def pick_repository_storage
    repository_storages.sample
  end

240 241 242
  def runners_registration_token
    ensure_runners_registration_token!
  end
243 244 245 246

  def health_check_access_token
    ensure_health_check_access_token!
  end
247 248 249 250 251 252 253 254

  private

  def check_repository_storages
    invalid = repository_storages - Gitlab.config.repositories.storages.keys
    errors.add(:repository_storages, "can't include: #{invalid.join(", ")}") unless
      invalid.empty?
  end
255
end