Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42

1 files changed, 28 insertions, 0 deletions

diff --git a/lib/constraints/repository_redirect_url_constrainer.rb b/lib/constraints/repository_redirect_url_constrainer.rb
new file mode 100644
index 00000000000..44df670d8d3
--- /dev/null
+++ b/lib/constraints/repository_redirect_url_constrainer.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Constraints
+  class RepositoryRedirectUrlConstrainer
+    def matches?(request)
+      path = request.params[:repository_path].delete_suffix('.git')
+      query = request.query_string
+
+      git_request?(query) && container_path?(path)
+    end
+
+    # Allow /info/refs, /info/refs?service=git-upload-pack, and
+    # /info/refs?service=git-receive-pack, but nothing else.
+    def git_request?(query)
+      query.blank? ||
+        query == 'service=git-upload-pack' ||
+        query == 'service=git-receive-pack'
+    end
+
+    # Check if the path matches any known repository containers.
+    # These also cover wikis, since a `.wiki` suffix is valid in project/group paths too.
+    def container_path?(path)
+      NamespacePathValidator.valid_path?(path) ||
+        ProjectPathValidator.valid_path?(path) ||
+        path =~ Gitlab::PathRegex.full_snippets_repository_path_regex
+    end
+  end
+end