diff options
Diffstat (limited to 'lib/gitlab_net.rb')
| -rw-r--r-- | lib/gitlab_net.rb | 78 |
1 files changed, 59 insertions, 19 deletions
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb index 99d0044..e6478ef 100644 --- a/lib/gitlab_net.rb +++ b/lib/gitlab_net.rb @@ -6,15 +6,25 @@ require_relative 'gitlab_config' require_relative 'gitlab_logger' class GitlabNet - def allowed?(cmd, repo, key, ref) + def allowed?(cmd, repo, actor, changes) project_name = repo.gsub("'", "") project_name = project_name.gsub(/\.git\Z/, "") project_name = project_name.gsub(/\A\//, "") - key_id = key.gsub("key-", "") + params = { + action: cmd, + changes: changes, + project: project_name, + } + + if actor =~ /\Akey\-\d+\Z/ + params.merge!(key_id: actor.gsub("key-", "")) + elsif actor =~ /\Auser\-\d+\Z/ + params.merge!(user_id: actor.gsub("user-", "")) + end - url = "#{host}/allowed?key_id=#{key_id}&action=#{cmd}&ref=#{ref}&project=#{project_name}" - resp = get(url) + url = "#{host}/allowed" + resp = post(url, params) !!(resp.code == '200' && resp.body == 'true') end @@ -39,37 +49,63 @@ class GitlabNet "#{config.gitlab_url}/api/v3/internal" end + def http_client_for(url) + Net::HTTP.new(url.host, url.port).tap do |http| + if URI::HTTPS === url + http.use_ssl = true + http.cert_store = cert_store + http.verify_mode = OpenSSL::SSL::VERIFY_NONE if config.http_settings['self_signed_cert'] + end + end + end + + def http_request_for(url, method = :get) + user = config.http_settings['user'] + password = config.http_settings['password'] + + if method == :get + Net::HTTP::Get.new(url.request_uri).tap { |r| r.basic_auth(user, password) if user && password } + else + Net::HTTP::Post.new(url.request_uri).tap { |r| r.basic_auth(user, password) if user && password } + end + end + def get(url) $logger.debug "Performing GET #{url}" url = URI.parse(url) - http = Net::HTTP.new(url.host, url.port) - - if URI::HTTPS === url - http.use_ssl = true - http.cert_store = cert_store + http = http_client_for url + request = http_request_for url + request.set_form_data(secret_token: secret_token) - if config.http_settings['self_signed_cert'] - http.verify_mode = OpenSSL::SSL::VERIFY_NONE + http.start { |http| http.request(request) }.tap do |resp| + if resp.code == "200" + $logger.debug { "Received response #{resp.code} => <#{resp.body}>." } + else + $logger.error { "API call <GET #{url}> failed: #{resp.code} => <#{resp.body}>." } end end + end - request = Net::HTTP::Get.new(url.request_uri) - if config.http_settings['user'] && config.http_settings['password'] - request.basic_auth config.http_settings['user'], config.http_settings['password'] - end + def post(url, params) + $logger.debug "Performing POST #{url}" - http.start {|http| http.request(request) }.tap do |resp| + url = URI.parse(url) + http = http_client_for(url) + request = http_request_for(url, :post) + request.set_form_data(params.merge(secret_token: secret_token)) + + http.start { |http| http.request(request) }.tap do |resp| if resp.code == "200" $logger.debug { "Received response #{resp.code} => <#{resp.body}>." } else - $logger.error { "API call <GET #{url}> failed: #{resp.code} => <#{resp.body}>." } + $logger.error { "API call <POST #{url}> failed: #{resp.code} => <#{resp.body}>." } end end end def cert_store - @cert_store ||= OpenSSL::X509::Store.new.tap { |store| + @cert_store ||= OpenSSL::X509::Store.new.tap do |store| store.set_default_paths if ca_file = config.http_settings['ca_file'] @@ -79,6 +115,10 @@ class GitlabNet if ca_path = config.http_settings['ca_path'] store.add_path(ca_path) end - } + end + end + + def secret_token + @secret_token ||= File.read File.join(ROOT_PATH, '.gitlab_shell_secret') end end |