summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2019-08-29 17:17:37 -0500
committerRobert Speicher <rspeicher@gmail.com>2019-08-29 17:17:37 -0500
commit7698d405506bc10dfd7fb2e6e02b419dd5925725 (patch)
treeb2c188fd3bc588f15d04d8ce6137f9447f7a72c7 /config
parentfa160c26b14d233eb2e3b861a0742766d1ac734b (diff)
parent090956259c47d839b136f9391c3f74255764da81 (diff)
downloadgitlab-ce-7698d405506bc10dfd7fb2e6e02b419dd5925725.tar.gz
Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq
Diffstat (limited to 'config')
-rw-r--r--config/initializers/asset_proxy_settings.rb6
-rw-r--r--config/initializers/fill_shards.rb4
-rw-r--r--config/initializers/rest-client-hostname_override.rb49
-rw-r--r--config/initializers/warden.rb1
-rw-r--r--config/routes/uploads.rb4
5 files changed, 63 insertions, 1 deletions
diff --git a/config/initializers/asset_proxy_settings.rb b/config/initializers/asset_proxy_settings.rb
new file mode 100644
index 00000000000..92247aba1b8
--- /dev/null
+++ b/config/initializers/asset_proxy_settings.rb
@@ -0,0 +1,6 @@
+#
+# Asset proxy settings
+#
+ActiveSupport.on_load(:active_record) do
+ Banzai::Filter::AssetProxyFilter.initialize_settings
+end
diff --git a/config/initializers/fill_shards.rb b/config/initializers/fill_shards.rb
index 18e067c8854..cad662e12f3 100644
--- a/config/initializers/fill_shards.rb
+++ b/config/initializers/fill_shards.rb
@@ -1,3 +1,5 @@
-if Shard.connected? && !Gitlab::Database.read_only?
+# The `table_exists?` check is needed because during our migration rollback testing,
+# `Shard.connected?` could be cached and return true even though the table doesn't exist
+if Shard.connected? && Shard.table_exists? && !Gitlab::Database.read_only?
Shard.populate!
end
diff --git a/config/initializers/rest-client-hostname_override.rb b/config/initializers/rest-client-hostname_override.rb
new file mode 100644
index 00000000000..80b123ebe61
--- /dev/null
+++ b/config/initializers/rest-client-hostname_override.rb
@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module RestClient
+ class Request
+ attr_accessor :hostname_override
+
+ module UrlBlocker
+ def transmit(uri, req, payload, &block)
+ begin
+ ip, hostname_override = Gitlab::UrlBlocker.validate!(uri, allow_local_network: allow_settings_local_requests?,
+ allow_localhost: allow_settings_local_requests?,
+ dns_rebind_protection: dns_rebind_protection?)
+
+ self.hostname_override = hostname_override
+ rescue Gitlab::UrlBlocker::BlockedUrlError => e
+ raise ArgumentError, "URL '#{uri}' is blocked: #{e.message}"
+ end
+
+ # Gitlab::UrlBlocker returns a Addressable::URI which we need to coerce
+ # to URI so that rest-client can use it to determine if it's a
+ # URI::HTTPS or not. It uses it to set `net.use_ssl` to true or not:
+ #
+ # https://github.com/rest-client/rest-client/blob/f450a0f086f1cd1049abbef2a2c66166a1a9ba71/lib/restclient/request.rb#L656
+ ip_as_uri = URI.parse(ip)
+ super(ip_as_uri, req, payload, &block)
+ end
+
+ def net_http_object(hostname, port)
+ super.tap do |http|
+ http.hostname_override = hostname_override if hostname_override
+ end
+ end
+
+ private
+
+ def dns_rebind_protection?
+ return false if Gitlab.http_proxy_env?
+
+ Gitlab::CurrentSettings.dns_rebinding_protection_enabled?
+ end
+
+ def allow_settings_local_requests?
+ Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
+ end
+ end
+
+ prepend UrlBlocker
+ end
+end
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index 1d2bb2bce0a..d8a4da8cdf9 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -19,6 +19,7 @@ Rails.application.configure do |config|
Warden::Manager.after_authentication(scope: :user) do |user, auth, opts|
ActiveSession.cleanup(user)
+ Gitlab::AnonymousSession.new(auth.request.remote_ip, session_id: auth.request.session.id).cleanup_session_per_ip_entries
end
Warden::Manager.after_set_user(scope: :user, only: :fetch) do |user, auth, opts|
diff --git a/config/routes/uploads.rb b/config/routes/uploads.rb
index 920f8454ce2..096ef146e07 100644
--- a/config/routes/uploads.rb
+++ b/config/routes/uploads.rb
@@ -30,6 +30,10 @@ scope path: :uploads do
to: 'uploads#create',
constraints: { model: /personal_snippet|user/, id: /\d+/ },
as: 'upload'
+
+ post ':model/authorize',
+ to: 'uploads#authorize',
+ constraints: { model: /personal_snippet|user/ }
end
# Redirect old note attachments path to new uploads path.