Merge branch 'geo/apiv4-fix' into 'master'

Support v4 API for GitLab Geo endpoints See merge request !1256

Merge branch 'geo/apiv4-fix' into 'master'
Support v4 API for GitLab Geo endpoints See merge request !1256
32b88789 · Douwe Maan · 90910331 · aeaef0ad · 32b88789 · 32b88789
Commit 32b88789 authored Feb 17, 2017 by Douwe Maan
3 changed files
--- a/changelogs/unreleased-ee/geo-apiv4-fix.yml
+++ b/changelogs/unreleased-ee/geo-apiv4-fix.yml
+---
+title: Support v4 API for GitLab Geo endpoints
+merge_request:
+author:
--- a/lib/gitlab/middleware/readonly_geo.rb
+++ b/lib/gitlab/middleware/readonly_geo.rb
@@ -2,11 +2,12 @@ module Gitlab
  module Middleware
    class ReadonlyGeo
      DISALLOWED_METHODS = %w(POST PATCH PUT DELETE)
-      WHITELISTED = %w(api/v3/internal api/v3/geo/refresh_wikis api/v3/geo/receive_events)
      APPLICATION_JSON = 'application/json'
+      API_VERSIONS = (3..4)
      def initialize(app)
        @app = app
+        @whitelisted = internal_routes + geo_routes
      end
      def call(env)
@@ -31,6 +32,15 @@ module Gitlab
      private
+      def internal_routes
+        API_VERSIONS.flat_map { |version| "api/v#{version}/internal" }
+      end
+      def geo_routes
+        geo_routes = ['refresh_wikis', 'receive_events']
+        API_VERSIONS.flat_map { |version| geo_routes.map { |route| "api/v#{version}/geo/#{route}" } }
+      end
      def disallowed_request?
        DISALLOWED_METHODS.include?(@env['REQUEST_METHOD']) && !whitelisted_routes
      end
@@ -60,7 +70,7 @@ module Gitlab
      end
      def whitelisted_routes
-        logout_route || grack_route || WHITELISTED.any? { |path| @request.path.include?(path) } || sidekiq_route
+        logout_route || grack_route || @whitelisted.any? { |path| request.path.include?(path) } || sidekiq_route
      end
      def logout_route

--- a/spec/lib/gitlab/middleware/readonly_geo_spec.rb
+++ b/spec/lib/gitlab/middleware/readonly_geo_spec.rb
@@ -76,6 +76,20 @@ describe Gitlab::Middleware::ReadonlyGeo, lib: true do
        expect(response).not_to be_a_redirect
        expect(subject).not_to disallow_request
      end
+      it 'expects a POST internal request to be allowed' do
+        response = request.post("/api/#{API::API.version}/internal")
+        expect(response).not_to be_a_redirect
+        expect(subject).not_to disallow_request
+      end
+      it 'expects a POST Geo request to be allowed' do
+        response = request.post("/api/#{API::API.version}/geo/refresh_wikis")
+        expect(response).not_to be_a_redirect
+        expect(subject).not_to disallow_request
+      end
    end
  end