diff options
| author | Jon Cairns <jon@joncairns.com> | 2015-11-12 12:06:19 +0000 |
|---|---|---|
| committer | Jon Cairns <jon@joncairns.com> | 2015-11-12 12:06:19 +0000 |
| commit | 1c89db5e395cb3e5c90bab5d3587dbd07229a248 (patch) | |
| tree | 9f040e0194dcc21aa455e859049f14919090e640 /lib/api/helpers.rb | |
| parent | e073b09f1f0d7b37ece6ecb3e7e485eb3f5e2e6f (diff) | |
| parent | 63144cd062f6d259f1f30b6e06eb92a16caa8dec (diff) | |
| download | gitlab-ce-1c89db5e395cb3e5c90bab5d3587dbd07229a248.tar.gz | |
Merge remote-tracking branch 'gitlab/master' into omniauth-doc-fix
Diffstat (limited to 'lib/api/helpers.rb')
| -rw-r--r-- | lib/api/helpers.rb | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 652bdf9b278..92540ccf2b1 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -133,6 +133,12 @@ module API authorize! :admin_project, user_project end + def require_gitlab_workhorse! + unless env['HTTP_GITLAB_WORKHORSE'].present? + forbidden!('Request should be executed via GitLab Workhorse') + end + end + def can?(object, action, subject) abilities.allowed?(object, action, subject) end @@ -234,6 +240,10 @@ module API render_api_error!(message || '409 Conflict', 409) end + def file_to_large! + render_api_error!('413 Request Entity Too Large', 413) + end + def render_validation_error!(model) if model.errors.any? render_api_error!(model.errors.messages || '400 Bad Request', 400) @@ -282,6 +292,44 @@ module API end end + # file helpers + + def uploaded_file!(field, uploads_path) + if params[field] + bad_request!("#{field} is not a file") unless params[field].respond_to?(:filename) + return params[field] + end + + # sanitize file paths + # this requires all paths to exist + required_attributes! %W(#{field}.path) + uploads_path = File.realpath(uploads_path) + file_path = File.realpath(params["#{field}.path"]) + bad_request!('Bad file path') unless file_path.start_with?(uploads_path) + + UploadedFile.new( + file_path, + params["#{field}.name"], + params["#{field}.type"] || 'application/octet-stream', + ) + end + + def present_file!(path, filename, content_type = 'application/octet-stream') + filename ||= File.basename(path) + header['Content-Disposition'] = "attachment; filename=#{filename}" + header['Content-Transfer-Encoding'] = 'binary' + content_type content_type + + # Support download acceleration + case headers['X-Sendfile-Type'] + when 'X-Sendfile' + header['X-Sendfile'] = path + body + else + file FileStreamer.new(path) + end + end + private def add_pagination_headers(paginated, per_page) |