Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4da44a5d
Commit
4da44a5d
authored
Sep 09, 2019
by
GitLab Bot
Browse files
Options
Browse Files
Download
Plain Diff
Automatic merge of gitlab-org/gitlab-ce master
parents
cd03aebe
cbb35ea8
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
132 additions
and
1 deletion
+132
-1
.gitignore
.gitignore
+1
-0
config/gitlab.yml.example
config/gitlab.yml.example
+3
-0
config/initializers/1_settings.rb
config/initializers/1_settings.rb
+1
-0
lib/api/api.rb
lib/api/api.rb
+1
-0
lib/api/internal/pages.rb
lib/api/internal/pages.rb
+27
-0
lib/gitlab/pages.rb
lib/gitlab/pages.rb
+16
-1
spec/lib/gitlab/pages_spec.rb
spec/lib/gitlab/pages_spec.rb
+29
-0
spec/requests/api/internal/pages_spec.rb
spec/requests/api/internal/pages_spec.rb
+54
-0
No files found.
.gitignore
View file @
4da44a5d
...
...
@@ -65,6 +65,7 @@ eslint-report.html
/vendor/gitaly-ruby
/builds*
/.gitlab_workhorse_secret
/.gitlab_pages_shared_secret
/webpack-report/
/knapsack/
/rspec_flaky/
...
...
config/gitlab.yml.example
View file @
4da44a5d
...
...
@@ -321,6 +321,9 @@ production: &base
# external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages
admin:
address: unix:/home/git/gitlab/tmp/sockets/private/pages-admin.socket # TCP connections are supported too (e.g. tcp://host:port)
# File that contains the shared secret key for verifying access for gitlab-pages.
# Default is '.gitlab_pages_shared_secret' relative to Rails.root (i.e. root of the GitLab app).
# secret_file: /home/git/gitlab/.gitlab_pages_shared_secret
## Mattermost
## For enabling Add to Mattermost button
...
...
config/initializers/1_settings.rb
View file @
4da44a5d
...
...
@@ -292,6 +292,7 @@ Settings.pages['artifacts_server'] ||= Settings.pages['enabled'] if Settings.pa
Settings
.
pages
[
'admin'
]
||=
Settingslogic
.
new
({})
Settings
.
pages
.
admin
[
'certificate'
]
||=
''
Settings
.
pages
[
'secret_file'
]
||=
Rails
.
root
.
join
(
'.gitlab_pages_shared_secret'
)
#
# Geo
...
...
lib/api/api.rb
View file @
4da44a5d
...
...
@@ -119,6 +119,7 @@ module API
mount
::
API
::
GroupVariables
mount
::
API
::
ImportGithub
mount
::
API
::
Internal
::
Base
mount
::
API
::
Internal
::
Pages
mount
::
API
::
Issues
mount
::
API
::
JobArtifacts
mount
::
API
::
Jobs
...
...
lib/api/internal/pages.rb
0 → 100644
View file @
4da44a5d
# frozen_string_literal: true
module
API
# Pages Internal API
module
Internal
class
Pages
<
Grape
::
API
before
do
not_found!
unless
Feature
.
enabled?
(
:pages_internal_api
)
authenticate_gitlab_pages_request!
end
helpers
do
def
authenticate_gitlab_pages_request!
unauthorized!
unless
Gitlab
::
Pages
.
verify_api_request
(
headers
)
end
end
namespace
'internal'
do
namespace
'pages'
do
get
"/"
do
status
:ok
end
end
end
end
end
end
lib/gitlab/pages.rb
View file @
4da44a5d
# frozen_string_literal: true
module
Gitlab
module
Pages
class
Pages
VERSION
=
File
.
read
(
Rails
.
root
.
join
(
"GITLAB_PAGES_VERSION"
)).
strip
.
freeze
INTERNAL_API_REQUEST_HEADER
=
'Gitlab-Pages-Api-Request'
.
freeze
include
JwtAuthenticatable
class
<<
self
def
verify_api_request
(
request_headers
)
decode_jwt_for_issuer
(
'gitlab-pages'
,
request_headers
[
INTERNAL_API_REQUEST_HEADER
])
rescue
JWT
::
DecodeError
false
end
def
secret_path
Gitlab
.
config
.
pages
.
secret_file
end
end
end
end
spec/lib/gitlab/pages_spec.rb
0 → 100644
View file @
4da44a5d
# frozen_string_literal: true
require
'spec_helper'
describe
Gitlab
::
Pages
do
let
(
:pages_shared_secret
)
{
SecureRandom
.
random_bytes
(
Gitlab
::
Pages
::
SECRET_LENGTH
)
}
before
do
allow
(
described_class
).
to
receive
(
:secret
).
and_return
(
pages_shared_secret
)
end
describe
'.verify_api_request'
do
let
(
:payload
)
{
{
'iss'
=>
'gitlab-pages'
}
}
it
'returns false if fails to validate the JWT'
do
encoded_token
=
JWT
.
encode
(
payload
,
'wrongsecret'
,
'HS256'
)
headers
=
{
described_class
::
INTERNAL_API_REQUEST_HEADER
=>
encoded_token
}
expect
(
described_class
.
verify_api_request
(
headers
)).
to
eq
(
false
)
end
it
'returns the decoded JWT'
do
encoded_token
=
JWT
.
encode
(
payload
,
described_class
.
secret
,
'HS256'
)
headers
=
{
described_class
::
INTERNAL_API_REQUEST_HEADER
=>
encoded_token
}
expect
(
described_class
.
verify_api_request
(
headers
)).
to
eq
([{
"iss"
=>
"gitlab-pages"
},
{
"alg"
=>
"HS256"
}])
end
end
end
spec/requests/api/internal/pages_spec.rb
0 → 100644
View file @
4da44a5d
# frozen_string_literal: true
require
'spec_helper'
describe
API
::
Internal
::
Pages
do
describe
"GET /internal/pages"
do
let
(
:pages_shared_secret
)
{
SecureRandom
.
random_bytes
(
Gitlab
::
Pages
::
SECRET_LENGTH
)
}
before
do
allow
(
Gitlab
::
Pages
).
to
receive
(
:secret
).
and_return
(
pages_shared_secret
)
end
def
query_host
(
host
,
headers
=
{})
get
api
(
"/internal/pages"
),
headers:
headers
,
params:
{
host:
host
}
end
context
'feature flag disabled'
do
before
do
stub_feature_flags
(
pages_internal_api:
false
)
end
it
'responds with 404 Not Found'
do
query_host
(
'pages.gitlab.io'
)
expect
(
response
).
to
have_gitlab_http_status
(
404
)
end
end
context
'feature flag enabled'
do
context
'not authenticated'
do
it
'responds with 401 Unauthorized'
do
query_host
(
'pages.gitlab.io'
)
expect
(
response
).
to
have_gitlab_http_status
(
401
)
end
end
context
'authenticated'
do
def
query_host
(
host
)
jwt_token
=
JWT
.
encode
({
'iss'
=>
'gitlab-pages'
},
Gitlab
::
Pages
.
secret
,
'HS256'
)
headers
=
{
Gitlab
::
Pages
::
INTERNAL_API_REQUEST_HEADER
=>
jwt_token
}
super
(
host
,
headers
)
end
it
'responds with 200 OK'
do
query_host
(
'pages.gitlab.io'
)
expect
(
response
).
to
have_gitlab_http_status
(
200
)
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment