Add latest changes from gitlab-org/gitlab@14-5-stable-eev14.5.0-rc42

1 files changed, 70 insertions, 18 deletions

diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
index e19b8ae35f8..fc930ffebbd 100644
--- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb
+++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
@@ -11,8 +11,8 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
   before_action :ensure_token_granted!, only: [:blob, :manifest]
   before_action :ensure_feature_enabled!
 
-  before_action :verify_workhorse_api!, only: [:authorize_upload_blob, :upload_blob]
-  skip_before_action :verify_authenticity_token, only: [:authorize_upload_blob, :upload_blob]
+  before_action :verify_workhorse_api!, only: [:authorize_upload_blob, :upload_blob, :authorize_upload_manifest, :upload_manifest]
+  skip_before_action :verify_authenticity_token, only: [:authorize_upload_blob, :upload_blob, :authorize_upload_manifest, :upload_manifest]
 
   attr_reader :token
 
@@ -22,20 +22,11 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
     result = DependencyProxy::FindOrCreateManifestService.new(group, image, tag, token).execute
 
     if result[:status] == :success
-      response.headers['Docker-Content-Digest'] = result[:manifest].digest
-      response.headers['Content-Length'] = result[:manifest].size
-      response.headers['Docker-Distribution-Api-Version'] = DependencyProxy::DISTRIBUTION_API_VERSION
-      response.headers['Etag'] = "\"#{result[:manifest].digest}\""
-      content_type = result[:manifest].content_type
-
-      event_name = tracking_event_name(object_type: :manifest, from_cache: result[:from_cache])
-      track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
-      send_upload(
-        result[:manifest].file,
-        proxy: true,
-        redirect_params: { query: { 'response-content-type' => content_type } },
-        send_params: { type: content_type }
-      )
+      if result[:manifest]
+        send_manifest(result[:manifest], from_cache: result[:from_cache])
+      else
+        send_dependency(manifest_header, DependencyProxy::Registry.manifest_url(image, tag), manifest_file_name)
+      end
     else
       render status: result[:http_status], json: result[:message]
     end
@@ -59,7 +50,7 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
   def authorize_upload_blob
     set_workhorse_internal_api_content_type
 
-    render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false)
+    render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false, maximum_size: DependencyProxy::Blob::MAX_FILE_SIZE)
   end
 
   def upload_blob
@@ -75,6 +66,37 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
     head :ok
   end
 
+  def authorize_upload_manifest
+    set_workhorse_internal_api_content_type
+
+    render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false, maximum_size: DependencyProxy::Manifest::MAX_FILE_SIZE)
+  end
+
+  def upload_manifest
+    attrs = {
+      file_name: manifest_file_name,
+      content_type: request.headers[Gitlab::Workhorse::SEND_DEPENDENCY_CONTENT_TYPE_HEADER],
+      digest: request.headers[DependencyProxy::Manifest::DIGEST_HEADER],
+      file: params[:file],
+      size: params[:file].size
+    }
+
+    manifest = @group.dependency_proxy_manifests
+                     .active
+                     .find_by_file_name(manifest_file_name)
+
+    if manifest
+      manifest.update!(attrs)
+    else
+      @group.dependency_proxy_manifests.create!(attrs)
+    end
+
+    event_name = tracking_event_name(object_type: :manifest, from_cache: false)
+    track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
+
+    head :ok
+  end
+
   private
 
   def blob_via_workhorse
@@ -86,14 +108,36 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
 
       send_upload(blob.file)
     else
-      send_dependency(token, DependencyProxy::Registry.blob_url(image, params[:sha]), blob_file_name)
+      send_dependency(token_header, DependencyProxy::Registry.blob_url(image, params[:sha]), blob_file_name)
     end
   end
 
+  def send_manifest(manifest, from_cache:)
+    response.headers[DependencyProxy::Manifest::DIGEST_HEADER] = manifest.digest
+    response.headers['Content-Length'] = manifest.size
+    response.headers['Docker-Distribution-Api-Version'] = DependencyProxy::DISTRIBUTION_API_VERSION
+    response.headers['Etag'] = "\"#{manifest.digest}\""
+    content_type = manifest.content_type
+
+    event_name = tracking_event_name(object_type: :manifest, from_cache: from_cache)
+    track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
+
+    send_upload(
+      manifest.file,
+      proxy: true,
+      redirect_params: { query: { 'response-content-type' => content_type } },
+      send_params: { type: content_type }
+    )
+  end
+
   def blob_file_name
     @blob_file_name ||= params[:sha].sub('sha256:', '') + '.gz'
   end
 
+  def manifest_file_name
+    @manifest_file_name ||= "#{image}:#{tag}.json"
+  end
+
   def group
     strong_memoize(:group) do
       Group.find_by_full_path(params[:group_id], follow_redirects: true)
@@ -137,4 +181,12 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
       render status: result[:http_status], json: result[:message]
     end
   end
+
+  def token_header
+    { Authorization: ["Bearer #{token}"] }
+  end
+
+  def manifest_header
+    token_header.merge(Accept: ::ContainerRegistry::Client::ACCEPTED_TYPES)
+  end
 end