diff options
| author | Ahmad Sherif <me@ahmadsherif.com> | 2019-07-22 16:56:40 +0200 |
|---|---|---|
| committer | Ahmad Sherif <me@ahmadsherif.com> | 2019-09-10 13:43:11 +0200 |
| commit | 3c2b4a1cede956d5160ccf08d0a561bf31248161 (patch) | |
| tree | 9462f59d477ffe7ac1eee0fe56cf9f343b568d1f /app/controllers/concerns | |
| parent | f7e7ee713aa21874bf6810d01976c2b5342c0995 (diff) | |
| download | gitlab-ce-static-objects-external-storage.tar.gz | |
Enable serving static objects from an external storagestatic-objects-external-storage
It consists of two parts:
1. Redirecting users to the configured external storage
1. Allowing the external storage to request the static object(s)
on behalf of the user by means of specific tokens
Part of https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829
Diffstat (limited to 'app/controllers/concerns')
| -rw-r--r-- | app/controllers/concerns/sessionless_authentication.rb | 4 | ||||
| -rw-r--r-- | app/controllers/concerns/static_object_external_storage.rb | 24 |
2 files changed, 26 insertions, 2 deletions
diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb index 4304b8565ce..ba06384a37a 100644 --- a/app/controllers/concerns/sessionless_authentication.rb +++ b/app/controllers/concerns/sessionless_authentication.rb @@ -2,10 +2,10 @@ # == SessionlessAuthentication # -# Controller concern to handle PAT and RSS token authentication methods +# Controller concern to handle PAT, RSS, and static objects token authentication methods # module SessionlessAuthentication - # This filter handles personal access tokens, and atom requests with rss tokens + # This filter handles personal access tokens, atom requests with rss tokens, and static object tokens def authenticate_sessionless_user!(request_format) user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user(request_format) diff --git a/app/controllers/concerns/static_object_external_storage.rb b/app/controllers/concerns/static_object_external_storage.rb new file mode 100644 index 00000000000..dbfe0ed3adf --- /dev/null +++ b/app/controllers/concerns/static_object_external_storage.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +module StaticObjectExternalStorage + extend ActiveSupport::Concern + + included do + include ApplicationHelper + end + + def redirect_to_external_storage + return if external_storage_request? + + redirect_to external_storage_url_or_path(request.fullpath, project) + end + + def external_storage_request? + header_token = request.headers['X-Gitlab-External-Storage-Token'] + return false unless header_token.present? + + external_storage_token = Gitlab::CurrentSettings.static_objects_external_storage_auth_token + ActiveSupport::SecurityUtils.secure_compare(header_token, external_storage_token) || + raise(Gitlab::Access::AccessDeniedError) + end +end |