controller.rb 4.65 KB
Newer Older
1 2
# frozen_string_literal: true

3 4 5 6
module Gitlab
  module Middleware
    class ReadOnly
      class Controller
7 8
        prepend_if_ee('EE::Gitlab::Middleware::ReadOnly::Controller') # rubocop: disable Cop/InjectEnterpriseEditionModule

9
        DISALLOWED_METHODS = %w(POST PATCH PUT DELETE).freeze
10
        APPLICATION_JSON = 'application/json'
11
        APPLICATION_JSON_TYPES = %W{#{APPLICATION_JSON} application/vnd.git-lfs+json}.freeze
12
        ERROR_MESSAGE = 'You cannot perform write operations on a read-only instance'
13

14 15 16 17 18 19 20 21 22
        WHITELISTED_GIT_ROUTES = {
          'projects/git_http' => %w{git_upload_pack git_receive_pack}
        }.freeze

        WHITELISTED_GIT_LFS_ROUTES = {
          'projects/lfs_api' => %w{batch},
          'projects/lfs_locks_api' => %w{verify create unlock}
        }.freeze

23 24 25 26
        WHITELISTED_GIT_REVISION_ROUTES = {
          'projects/compare' => %w{create}
        }.freeze

27 28 29 30
        WHITELISTED_LOGOUT_ROUTES = {
          'sessions' => %w{destroy}
        }.freeze

31 32
        GRAPHQL_URL = '/api/graphql'

33 34 35 36 37 38 39
        def initialize(app, env)
          @app = app
          @env = env
        end

        def call
          if disallowed_request? && Gitlab::Database.read_only?
40
            Rails.logger.debug('GitLab ReadOnly: preventing possible non read-only operation') # rubocop:disable Gitlab/RailsLogger
41 42

            if json_request?
43
              return [403, { 'Content-Type' => APPLICATION_JSON }, [{ 'message' => ERROR_MESSAGE }.to_json]]
44
            else
45
              rack_flash.alert = ERROR_MESSAGE
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
              rack_session['flash'] = rack_flash.to_session_value

              return [301, { 'Location' => last_visited_url }, []]
            end
          end

          @app.call(@env)
        end

        private

        def disallowed_request?
          DISALLOWED_METHODS.include?(@env['REQUEST_METHOD']) &&
            !whitelisted_routes
        end

        def json_request?
63
          APPLICATION_JSON_TYPES.include?(request.media_type)
64 65 66 67 68 69 70 71 72 73 74
        end

        def rack_flash
          @rack_flash ||= ActionDispatch::Flash::FlashHash.from_session_value(rack_session)
        end

        def rack_session
          @env['rack.session']
        end

        def request
75
          @env['actionpack.request'] ||= ActionDispatch::Request.new(@env)
76 77 78 79 80 81 82 83 84 85
        end

        def last_visited_url
          @env['HTTP_REFERER'] || rack_session['user_return_to'] || Gitlab::Routing.url_helpers.root_url
        end

        def route_hash
          @route_hash ||= Rails.application.routes.recognize_path(request.url, { method: request.request_method }) rescue {}
        end

86 87 88 89
        def relative_url
          File.join('', Gitlab.config.gitlab.relative_url_root).chomp('/')
        end

90
        # Overridden in EE module
91
        def whitelisted_routes
92
          grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || logout_route? || graphql_query?
93 94
        end

95
        def grack_route?
96
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
97 98
          return false unless
            request.path.end_with?('.git/git-upload-pack', '.git/git-receive-pack')
99

100
          WHITELISTED_GIT_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
101 102
        end

103 104 105 106
        def internal_route?
          ReadOnly.internal_routes.any? { |path| request.path.include?(path) }
        end

107 108 109 110 111 112 113
        def compare_git_revisions_route?
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
          return false unless request.post? && request.path.end_with?('compare')

          WHITELISTED_GIT_REVISION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
        end

114
        def lfs_route?
115
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
116 117 118 119 120 121 122 123
          unless request.path.end_with?('/info/lfs/objects/batch',
            '/info/lfs/locks', '/info/lfs/locks/verify') ||
              %r{/info/lfs/locks/\d+/unlock\z}.match?(request.path)
            return false
          end

          WHITELISTED_GIT_LFS_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
        end
124

125 126 127 128 129 130 131
        def logout_route?
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
          return false unless request.post? && request.path.end_with?('/users/sign_out')

          WHITELISTED_LOGOUT_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
        end

132 133
        def sidekiq_route?
          request.path.start_with?("#{relative_url}/admin/sidekiq")
134
        end
135 136 137 138

        def graphql_query?
          request.post? && request.path.start_with?(GRAPHQL_URL)
        end
139 140 141 142
      end
    end
  end
end