Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d3541da4
Commit
d3541da4
authored
Apr 15, 2016
by
Jacob Vosmaer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Comment and whitespace
parent
e7cea8cd
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
20 additions
and
9 deletions
+20
-9
app/controllers/projects/git_http_controller.rb
app/controllers/projects/git_http_controller.rb
+20
-9
No files found.
app/controllers/projects/git_http_controller.rb
View file @
d3541da4
...
...
@@ -2,7 +2,18 @@ class Projects::GitHttpController < Projects::ApplicationController
skip_before_action
:repository
before_action
:authenticate_user
before_action
:project_found?
# We support two actions (git push and git pull) which use four
# different HTTP requests:
#
# - GET /foo/bar.git/info/refs?service=git-upload-pack (pull)
# - GET /foo/bar.git/info/refs?service=git-receive-pack (push)
# - POST /foo/bar.git/git-upload-pack (pull)
# - POST /foo/bar.git/git-receive-pack" (push)
#
# The Rails routes divide these four requests over three methods:
# info_refs, git_upload_pack, and git_receive_pack.
def
git_rpc
if
upload_pack?
&&
upload_pack_allowed?
render_ok
...
...
@@ -12,7 +23,7 @@ class Projects::GitHttpController < Projects::ApplicationController
render_not_found
end
end
%i{info_refs git_receive_pack git_upload_pack}
.
each
do
|
method
|
alias_method
method
,
:git_rpc
end
...
...
@@ -60,7 +71,7 @@ class Projects::GitHttpController < Projects::ApplicationController
token
&&
token
.
accessible?
&&
User
.
find_by
(
id:
token
.
resource_owner_id
)
end
end
def
rate_limit_ip!
(
login
,
user
)
# If the user authenticated successfully, we reset the auth failure count
# from Rack::Attack for that IP. A client may attempt to authenticate
...
...
@@ -95,7 +106,7 @@ class Projects::GitHttpController < Projects::ApplicationController
"as
#{
login
}
but has been temporarily banned from Git auth"
end
end
user
end
...
...
@@ -107,7 +118,7 @@ class Projects::GitHttpController < Projects::ApplicationController
def
id
id
=
params
[
:project_id
]
return
if
id
.
nil?
%w{.wiki.git .git}
.
each
do
|
suffix
|
# Be careful to only remove the suffix from the end of 'id'.
# Accidentally removing it from the middle is how security
...
...
@@ -143,11 +154,11 @@ class Projects::GitHttpController < Projects::ApplicationController
action_name
.
gsub
(
'_'
,
'-'
)
end
end
def
render_ok
render
json:
Gitlab
::
Workhorse
.
git_http_ok
(
repository
,
user
)
end
def
render_not_found
render
text:
'Not Found'
,
status: :not_found
end
...
...
@@ -155,11 +166,11 @@ class Projects::GitHttpController < Projects::ApplicationController
def
ci?
!!
@ci
end
def
user
@user
end
def
upload_pack_allowed?
if
!
Gitlab
.
config
.
gitlab_shell
.
upload_pack
false
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment