diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 13:16:36 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 13:16:36 +0000 |
commit | 311b0269b4eb9839fa63f80c8d7a58f32b8138a0 (patch) | |
tree | 07e7870bca8aed6d61fdcc810731c50d2c40af47 /app/controllers/groups/dependency_proxy_for_containers_controller.rb | |
parent | 27909cef6c4170ed9205afa7426b8d3de47cbb0c (diff) | |
download | gitlab-ce-311b0269b4eb9839fa63f80c8d7a58f32b8138a0.tar.gz |
Add latest changes from gitlab-org/gitlab@14-5-stable-eev14.5.0-rc42
Diffstat (limited to 'app/controllers/groups/dependency_proxy_for_containers_controller.rb')
-rw-r--r-- | app/controllers/groups/dependency_proxy_for_containers_controller.rb | 88 |
1 files changed, 70 insertions, 18 deletions
diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb index e19b8ae35f8..fc930ffebbd 100644 --- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb +++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb @@ -11,8 +11,8 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy before_action :ensure_token_granted!, only: [:blob, :manifest] before_action :ensure_feature_enabled! - before_action :verify_workhorse_api!, only: [:authorize_upload_blob, :upload_blob] - skip_before_action :verify_authenticity_token, only: [:authorize_upload_blob, :upload_blob] + before_action :verify_workhorse_api!, only: [:authorize_upload_blob, :upload_blob, :authorize_upload_manifest, :upload_manifest] + skip_before_action :verify_authenticity_token, only: [:authorize_upload_blob, :upload_blob, :authorize_upload_manifest, :upload_manifest] attr_reader :token @@ -22,20 +22,11 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy result = DependencyProxy::FindOrCreateManifestService.new(group, image, tag, token).execute if result[:status] == :success - response.headers['Docker-Content-Digest'] = result[:manifest].digest - response.headers['Content-Length'] = result[:manifest].size - response.headers['Docker-Distribution-Api-Version'] = DependencyProxy::DISTRIBUTION_API_VERSION - response.headers['Etag'] = "\"#{result[:manifest].digest}\"" - content_type = result[:manifest].content_type - - event_name = tracking_event_name(object_type: :manifest, from_cache: result[:from_cache]) - track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user) - send_upload( - result[:manifest].file, - proxy: true, - redirect_params: { query: { 'response-content-type' => content_type } }, - send_params: { type: content_type } - ) + if result[:manifest] + send_manifest(result[:manifest], from_cache: result[:from_cache]) + else + send_dependency(manifest_header, DependencyProxy::Registry.manifest_url(image, tag), manifest_file_name) + end else render status: result[:http_status], json: result[:message] end @@ -59,7 +50,7 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy def authorize_upload_blob set_workhorse_internal_api_content_type - render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false) + render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false, maximum_size: DependencyProxy::Blob::MAX_FILE_SIZE) end def upload_blob @@ -75,6 +66,37 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy head :ok end + def authorize_upload_manifest + set_workhorse_internal_api_content_type + + render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false, maximum_size: DependencyProxy::Manifest::MAX_FILE_SIZE) + end + + def upload_manifest + attrs = { + file_name: manifest_file_name, + content_type: request.headers[Gitlab::Workhorse::SEND_DEPENDENCY_CONTENT_TYPE_HEADER], + digest: request.headers[DependencyProxy::Manifest::DIGEST_HEADER], + file: params[:file], + size: params[:file].size + } + + manifest = @group.dependency_proxy_manifests + .active + .find_by_file_name(manifest_file_name) + + if manifest + manifest.update!(attrs) + else + @group.dependency_proxy_manifests.create!(attrs) + end + + event_name = tracking_event_name(object_type: :manifest, from_cache: false) + track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user) + + head :ok + end + private def blob_via_workhorse @@ -86,14 +108,36 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy send_upload(blob.file) else - send_dependency(token, DependencyProxy::Registry.blob_url(image, params[:sha]), blob_file_name) + send_dependency(token_header, DependencyProxy::Registry.blob_url(image, params[:sha]), blob_file_name) end end + def send_manifest(manifest, from_cache:) + response.headers[DependencyProxy::Manifest::DIGEST_HEADER] = manifest.digest + response.headers['Content-Length'] = manifest.size + response.headers['Docker-Distribution-Api-Version'] = DependencyProxy::DISTRIBUTION_API_VERSION + response.headers['Etag'] = "\"#{manifest.digest}\"" + content_type = manifest.content_type + + event_name = tracking_event_name(object_type: :manifest, from_cache: from_cache) + track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user) + + send_upload( + manifest.file, + proxy: true, + redirect_params: { query: { 'response-content-type' => content_type } }, + send_params: { type: content_type } + ) + end + def blob_file_name @blob_file_name ||= params[:sha].sub('sha256:', '') + '.gz' end + def manifest_file_name + @manifest_file_name ||= "#{image}:#{tag}.json" + end + def group strong_memoize(:group) do Group.find_by_full_path(params[:group_id], follow_redirects: true) @@ -137,4 +181,12 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy render status: result[:http_status], json: result[:message] end end + + def token_header + { Authorization: ["Bearer #{token}"] } + end + + def manifest_header + token_header.merge(Accept: ::ContainerRegistry::Client::ACCEPTED_TYPES) + end end |