Web Terminal Ci Build

1 files changed, 20 insertions, 2 deletions

diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb
index 02cac862c3d..e69faae754a 100644
--- a/app/controllers/projects/jobs_controller.rb
+++ b/app/controllers/projects/jobs_controller.rb
@@ -2,11 +2,12 @@ class Projects::JobsController < Projects::ApplicationController
   include SendFileUpload
 
   before_action :build, except: [:index, :cancel_all]
-  before_action :authorize_read_build!,
-    only: [:index, :show, :status, :raw, :trace]
+  before_action :authorize_read_build!
   before_action :authorize_update_build!,
     except: [:index, :show, :status, :raw, :trace, :cancel_all, :erase]
   before_action :authorize_erase_build!, only: [:erase]
+  before_action :authorize_use_build_terminal!, only: [:terminal, :terminal_workhorse_authorize]
+  before_action :verify_api_request!, only: :terminal_websocket_authorize
 
   layout 'project'
 
@@ -134,6 +135,15 @@ class Projects::JobsController < Projects::ApplicationController
     end
   end
 
+  def terminal
+  end
+
+  # GET .../terminal.ws : implemented in gitlab-workhorse
+  def terminal_websocket_authorize
+    set_workhorse_internal_api_content_type
+    render json: Gitlab::Workhorse.terminal_websocket(@build.terminal_specification)
+  end
+
   private
 
   def authorize_update_build!
@@ -144,6 +154,14 @@ class Projects::JobsController < Projects::ApplicationController
     return access_denied! unless can?(current_user, :erase_build, build)
   end
 
+  def authorize_use_build_terminal!
+    return access_denied! unless can?(current_user, :create_build_terminal, build)
+  end
+
+  def verify_api_request!
+    Gitlab::Workhorse.verify_api_request!(request.headers)
+  end
+
   def raw_send_params
     { type: 'text/plain; charset=utf-8', disposition: 'inline' }
   end