diff options
| author | Jacob Vosmaer <jacob@gitlab.com> | 2016-08-19 19:10:41 +0200 |
|---|---|---|
| committer | Jacob Vosmaer <jacob@gitlab.com> | 2016-09-05 15:05:31 +0200 |
| commit | c87540ed46ba8756154f767be99f80be75c27a43 (patch) | |
| tree | 750f6f104743d49f93df191b656264211dba103e /app | |
| parent | 89af76edc5e44ad1a0a55a65337bb992355911a6 (diff) | |
| download | gitlab-ce-c87540ed46ba8756154f767be99f80be75c27a43.tar.gz | |
Verify JWT messages from gitlab-workhorse
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/projects/git_http_client_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/projects/git_http_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/projects/lfs_storage_controller.rb | 11 | ||||
| -rw-r--r-- | app/helpers/workhorse_helper.rb | 4 |
4 files changed, 14 insertions, 8 deletions
diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb index a5b4031c30f..f5ce63fdfed 100644 --- a/app/controllers/projects/git_http_client_controller.rb +++ b/app/controllers/projects/git_http_client_controller.rb @@ -117,4 +117,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController def ci? @ci.present? end + + def verify_workhorse_api! + Gitlab::Workhorse.verify_api_request!(request.headers) + end end diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb index b4373ef89ef..9805705c4e3 100644 --- a/app/controllers/projects/git_http_controller.rb +++ b/app/controllers/projects/git_http_controller.rb @@ -1,6 +1,8 @@ # This file should be identical in GitLab Community Edition and Enterprise Edition class Projects::GitHttpController < Projects::GitHttpClientController + before_action :verify_workhorse_api! + # GET /foo/bar.git/info/refs?service=git-upload-pack (git pull) # GET /foo/bar.git/info/refs?service=git-receive-pack (git push) def info_refs @@ -56,6 +58,7 @@ class Projects::GitHttpController < Projects::GitHttpClientController end def render_ok + set_workhorse_internal_api_content_type render json: Gitlab::Workhorse.git_http_ok(repository, user) end diff --git a/app/controllers/projects/lfs_storage_controller.rb b/app/controllers/projects/lfs_storage_controller.rb index 69066cb40e6..9005b104e90 100644 --- a/app/controllers/projects/lfs_storage_controller.rb +++ b/app/controllers/projects/lfs_storage_controller.rb @@ -3,6 +3,7 @@ class Projects::LfsStorageController < Projects::GitHttpClientController before_action :require_lfs_enabled! before_action :lfs_check_access! + before_action :verify_workhorse_api!, only: [:upload_authorize] def download lfs_object = LfsObject.find_by_oid(oid) @@ -15,14 +16,8 @@ class Projects::LfsStorageController < Projects::GitHttpClientController end def upload_authorize - render( - json: { - StoreLFSPath: "#{Gitlab.config.lfs.storage_path}/tmp/upload", - LfsOid: oid, - LfsSize: size, - }, - content_type: 'application/json; charset=utf-8' - ) + set_workhorse_internal_api_content_type + render json: Gitlab::Workhorse.lfs_upload_ok(oid, size) end def upload_finalize diff --git a/app/helpers/workhorse_helper.rb b/app/helpers/workhorse_helper.rb index d887cdadc34..88f374be1e5 100644 --- a/app/helpers/workhorse_helper.rb +++ b/app/helpers/workhorse_helper.rb @@ -34,4 +34,8 @@ module WorkhorseHelper headers.store(*Gitlab::Workhorse.send_artifacts_entry(build, entry)) head :ok end + + def set_workhorse_internal_api_content_type + headers['Content-Type'] = Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE + end end |