1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
require 'json'
require_relative 'gitlab_logger'
require_relative 'gitlab_access'
require_relative 'gitlab_lfs_authentication'
require_relative 'http_helper'
require_relative 'action'
class GitlabNet
include HTTPHelper
CHECK_TIMEOUT = 5
API_INACCESSIBLE = 'API is not accessible'.freeze
GL_PROTOCOL = 'ssh'.freeze
def check_access(cmd, gl_repository, repo, key_id, changes, protocol = GL_PROTOCOL, env: {})
changes = changes.join("\n") unless changes.is_a?(String)
params = {
action: cmd,
changes: changes,
gl_repository: gl_repository,
key_id: key_id.gsub('key-', ''),
project: sanitize_path(repo),
protocol: protocol,
env: env
}
resp = post("#{internal_api_endpoint}/allowed", params)
case resp.code
when HTTP_SUCCESS
Action::Gitaly.create_from_json(key_id, resp.body)
when HTTP_MULTIPLE_CHOICES
Action::Custom.create_from_json(key_id, resp.body)
else
raise AccessDeniedError, API_INACCESSIBLE
end
end
def discover(key)
key_id = key.gsub("key-", "")
resp = get("#{internal_api_endpoint}/discover?key_id=#{key_id}")
JSON.parse(resp.body) rescue nil
end
def lfs_authenticate(key, repo)
params = { project: sanitize_path(repo), key_id: key.gsub('key-', '') }
resp = post("#{internal_api_endpoint}/lfs_authenticate", params)
if resp.code == HTTP_SUCCESS
GitlabLfsAuthentication.build_from_json(resp.body)
end
end
def broadcast_message
resp = get("#{internal_api_endpoint}/broadcast_message")
JSON.parse(resp.body) rescue {}
end
def merge_request_urls(gl_repository, repo_path, changes)
changes = changes.join("\n") unless changes.is_a?(String)
changes = changes.encode('UTF-8', 'ASCII', invalid: :replace, replace: '')
url = "#{internal_api_endpoint}/merge_request_urls?project=#{URI.escape(repo_path)}&changes=#{URI.escape(changes)}"
url += "&gl_repository=#{URI.escape(gl_repository)}" if gl_repository
resp = get(url)
resp.code == HTTP_SUCCESS ? JSON.parse(resp.body) : []
rescue
[]
end
def check
get("#{internal_api_endpoint}/check", options: { read_timeout: CHECK_TIMEOUT })
end
def authorized_key(key)
resp = get("#{internal_api_endpoint}/authorized_keys?key=#{URI.escape(key, '+/=')}")
JSON.parse(resp.body) if resp.code == HTTP_SUCCESS
rescue
nil
end
def two_factor_recovery_codes(key)
key_id = key.gsub('key-', '')
resp = post("#{internal_api_endpoint}/two_factor_recovery_codes", key_id: key_id)
JSON.parse(resp.body) if resp.code == HTTP_SUCCESS
rescue
{}
end
def notify_post_receive(gl_repository, repo_path)
params = { gl_repository: gl_repository, project: repo_path }
resp = post("#{internal_api_endpoint}/notify_post_receive", params)
resp.code == HTTP_SUCCESS
rescue
false
end
def post_receive(gl_repository, identifier, changes)
params = {
gl_repository: gl_repository,
identifier: identifier,
changes: changes
}
resp = post("#{internal_api_endpoint}/post_receive", params)
raise NotFound if resp.code == HTTP_NOT_FOUND
JSON.parse(resp.body) if resp.code == HTTP_SUCCESS
end
def pre_receive(gl_repository)
resp = post("#{internal_api_endpoint}/pre_receive", gl_repository: gl_repository)
raise NotFound if resp.code == HTTP_NOT_FOUND
JSON.parse(resp.body) if resp.code == HTTP_SUCCESS
end
protected
def sanitize_path(repo)
repo.delete("'")
end
end
|
