diff options
author | Rubén Dávila <ruben@gitlab.com> | 2018-08-07 18:06:59 -0500 |
---|---|---|
committer | Rubén Dávila <ruben@gitlab.com> | 2018-08-07 18:06:59 -0500 |
commit | 1eb99d8a7bb20d1a62c08c6fdad5f96c204f22d6 (patch) | |
tree | 0f46342e473123e190fd24cdd5de697a0b04d602 | |
parent | 47df270dc32455dc1bdcc16661fbfcc9969d1520 (diff) | |
download | gitlab-ce-rd-26044-new-option-to-prevent-too-big-git-pushes.tar.gz |
Add receive_max_input_size setting to Application settingsrd-26044-new-option-to-prevent-too-big-git-pushes
If user has configure the setting then it will be passed to gitlab-shell
and gitlab-workhorse
-rw-r--r-- | GITALY_SERVER_VERSION | 2 | ||||
-rw-r--r-- | GITLAB_SHELL_VERSION | 2 | ||||
-rw-r--r-- | GITLAB_WORKHORSE_VERSION | 2 | ||||
-rw-r--r-- | app/helpers/application_settings_helper.rb | 1 | ||||
-rw-r--r-- | app/views/admin/application_settings/_account_and_limit.html.haml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml | 5 | ||||
-rw-r--r-- | db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb | 11 | ||||
-rw-r--r-- | db/schema.rb | 1 | ||||
-rw-r--r-- | lib/api/internal.rb | 11 | ||||
-rw-r--r-- | lib/gitlab/workhorse.rb | 11 | ||||
-rw-r--r-- | spec/controllers/admin/application_settings_controller_spec.rb | 7 | ||||
-rw-r--r-- | spec/lib/gitlab/workhorse_spec.rb | 16 | ||||
-rw-r--r-- | spec/requests/api/internal_spec.rb | 20 |
13 files changed, 88 insertions, 6 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index a38b3bd31b1..12f9c914f02 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -0.117.0 +0.118.0 diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index 8104cabd36f..fbb9ea12de3 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -8.1.0 +8.2.0 diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION index 831446cbd27..91ff57278e3 100644 --- a/GITLAB_WORKHORSE_VERSION +++ b/GITLAB_WORKHORSE_VERSION @@ -1 +1 @@ -5.1.0 +5.2.0 diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb index a9499140f8a..f4c2c9ee23b 100644 --- a/app/helpers/application_settings_helper.rb +++ b/app/helpers/application_settings_helper.rb @@ -220,6 +220,7 @@ module ApplicationSettingsHelper :recaptcha_enabled, :recaptcha_private_key, :recaptcha_site_key, + :receive_max_input_size, :repository_checks_enabled, :repository_storages, :require_two_factor_authentication, diff --git a/app/views/admin/application_settings/_account_and_limit.html.haml b/app/views/admin/application_settings/_account_and_limit.html.haml index 7c8243a7a90..60a0f43d6e8 100644 --- a/app/views/admin/application_settings/_account_and_limit.html.haml +++ b/app/views/admin/application_settings/_account_and_limit.html.haml @@ -14,7 +14,10 @@ = f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'label-bold' = f.number_field :max_attachment_size, class: 'form-control' .form-group - = f.label :session_expire_delay, 'Session duration (minutes)', class: 'label-bold' + = f.label :receive_max_input_size, 'Maximum push size (MB)', class: 'label-light' + = f.number_field :receive_max_input_size, class: 'form-control' + .form-group + = f.label :session_expire_delay, 'Session duration (minutes)', class: 'label-light' = f.number_field :session_expire_delay, class: 'form-control' %span.form-text.text-muted#session_expire_delay_help_block GitLab restart is required to apply changes .form-group diff --git a/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml b/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml new file mode 100644 index 00000000000..f464b6dda5b --- /dev/null +++ b/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml @@ -0,0 +1,5 @@ +--- +title: Allow admins to configure the maximum Git push size +merge_request: 20758 +author: +type: added diff --git a/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb b/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb new file mode 100644 index 00000000000..4ed851a0780 --- /dev/null +++ b/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true +# See http://doc.gitlab.com/ce/development/migration_style_guide.html +# for more information on how to write migrations for GitLab. + +class AddReceiveMaxInputSizeToApplicationSettings < ActiveRecord::Migration + DOWNTIME = false + + def change + add_column :application_settings, :receive_max_input_size, :integer + end +end diff --git a/db/schema.rb b/db/schema.rb index 30b8147a474..afc54d6bd1f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -169,6 +169,7 @@ ActiveRecord::Schema.define(version: 20180726172057) do t.boolean "mirror_available", default: true, null: false t.boolean "hide_third_party_offers", default: false, null: false t.boolean "instance_statistics_visibility_private", default: false, null: false + t.integer "receive_max_input_size" end create_table "audit_events", force: :cascade do |t| diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 516f25db15b..2c8fd6ef565 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -58,11 +58,12 @@ module API log_user_activity(actor) - { + attrs = { status: true, gl_repository: gl_repository, gl_id: Gitlab::GlId.gl_id(user), gl_username: user&.username, + git_config_options: [], # This repository_path is a bogus value but gitlab-shell still requires # its presence. https://gitlab.com/gitlab-org/gitlab-shell/issues/135 @@ -70,6 +71,14 @@ module API gitaly: gitaly_payload(params[:action]) } + + # Custom option for git-receive-pack command + receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i + if receive_max_input_size > 0 + attrs[:git_config_options] << "receive.maxInputSize=#{receive_max_input_size.megabytes}" + end + + attrs end post "/lfs_authenticate" do diff --git a/lib/gitlab/workhorse.rb b/lib/gitlab/workhorse.rb index a9629a92a50..30a8c3578d8 100644 --- a/lib/gitlab/workhorse.rb +++ b/lib/gitlab/workhorse.rb @@ -22,18 +22,27 @@ module Gitlab project = repository.project - { + attrs = { GL_ID: Gitlab::GlId.gl_id(user), GL_REPOSITORY: Gitlab::GlRepository.gl_repository(project, is_wiki), GL_USERNAME: user&.username, ShowAllRefs: show_all_refs, Repository: repository.gitaly_repository.to_h, RepoPath: 'ignored but not allowed to be empty in gitlab-workhorse', + GitConfigOptions: [], GitalyServer: { address: Gitlab::GitalyClient.address(project.repository_storage), token: Gitlab::GitalyClient.token(project.repository_storage) } } + + # Custom option for git-receive-pack command + receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i + if receive_max_input_size > 0 + attrs[:GitConfigOptions] << "receive.maxInputSize=#{receive_max_input_size.megabytes}" + end + + attrs end def send_git_blob(repository, blob) diff --git a/spec/controllers/admin/application_settings_controller_spec.rb b/spec/controllers/admin/application_settings_controller_spec.rb index 9d10d725ff3..10e1bfc30f9 100644 --- a/spec/controllers/admin/application_settings_controller_spec.rb +++ b/spec/controllers/admin/application_settings_controller_spec.rb @@ -78,5 +78,12 @@ describe Admin::ApplicationSettingsController do expect(response).to redirect_to(admin_application_settings_path) expect(ApplicationSetting.current.restricted_visibility_levels).to be_empty end + + it 'updates the receive_max_input_size setting' do + put :update, application_setting: { receive_max_input_size: "1024" } + + expect(response).to redirect_to(admin_application_settings_path) + expect(ApplicationSetting.current.receive_max_input_size).to eq(1024) + end end end diff --git a/spec/lib/gitlab/workhorse_spec.rb b/spec/lib/gitlab/workhorse_spec.rb index 23869f3d2da..b3f55a2e1bd 100644 --- a/spec/lib/gitlab/workhorse_spec.rb +++ b/spec/lib/gitlab/workhorse_spec.rb @@ -336,6 +336,22 @@ describe Gitlab::Workhorse do it { expect { subject }.to raise_exception('Unsupported action: download') } end end + + context 'when receive_max_input_size has been updated' do + it 'returns custom git config' do + allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 } + + expect(subject[:GitConfigOptions]).to be_present + end + end + + context 'when receive_max_input_size is empty' do + it 'returns an empty git config' do + allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil } + + expect(subject[:GitConfigOptions]).to be_empty + end + end end describe '.set_key_and_notify' do diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb index 85c93f35c20..e72ef6a500a 100644 --- a/spec/requests/api/internal_spec.rb +++ b/spec/requests/api/internal_spec.rb @@ -369,6 +369,26 @@ describe API::Internal do expect(user.reload.last_activity_on).to be_nil end end + + context 'when receive_max_input_size has been updated' do + it 'returns custom git config' do + allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 } + + push(key, project) + + expect(json_response["git_config_options"]).to be_present + end + end + + context 'when receive_max_input_size is empty' do + it 'returns an empty git config' do + allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil } + + push(key, project) + + expect(json_response["git_config_options"]).to be_empty + end + end end end |