diff options
author | Brett Walker <bwalker@gitlab.com> | 2019-02-20 17:51:55 -0600 |
---|---|---|
committer | Brett Walker <bwalker@gitlab.com> | 2019-08-23 23:44:53 -0500 |
commit | ad05e488636ebe05b4985dbf3c7d912fd8d56f49 (patch) | |
tree | 427b631b34fa8ed7511f3ed789185cd82a1a6da9 /app/models/application_setting.rb | |
parent | 892e4c0da818006159cc26bc79f1fa48b76c9b3f (diff) | |
download | gitlab-ce-ad05e488636ebe05b4985dbf3c7d912fd8d56f49.tar.gz |
Add support for using a Camo proxy server
User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.
Diffstat (limited to 'app/models/application_setting.rb')
-rw-r--r-- | app/models/application_setting.rb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index 2a99c6e5c59..92004b92647 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -18,12 +18,19 @@ class ApplicationSetting < ApplicationRecord # fix a lot of tests using allow_any_instance_of include ApplicationSettingImplementation + attr_encrypted :asset_proxy_secret_key, + mode: :per_attribute_iv, + insecure_mode: true, + key: Settings.attr_encrypted_db_key_base_truncated, + algorithm: 'aes-256-cbc' + serialize :restricted_visibility_levels # rubocop:disable Cop/ActiveRecordSerialize serialize :import_sources # rubocop:disable Cop/ActiveRecordSerialize serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiveRecordSerialize serialize :domain_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize serialize :domain_blacklist, Array # rubocop:disable Cop/ActiveRecordSerialize serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize + serialize :asset_proxy_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize ignore_column :koding_url ignore_column :koding_enabled @@ -192,6 +199,17 @@ class ApplicationSetting < ApplicationRecord allow_nil: true, numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than: 65536 } + validates :asset_proxy_url, + presence: true, + allow_blank: false, + url: true, + if: :asset_proxy_enabled? + + validates :asset_proxy_secret_key, + presence: true, + allow_blank: false, + if: :asset_proxy_enabled? + SUPPORTED_KEY_TYPES.each do |type| validates :"#{type}_key_restriction", presence: true, key_restriction: { type: type } end |