Merge branch 'master' into '42880-loss-of-input-text-on-comments-after-preview'42880-loss-of-input-text-on-comments-after-preview

# Conflicts:
#   app/assets/javascripts/lib/utils/text_markdown.js

1 files changed, 86 insertions, 0 deletions

diff --git a/lib/gitlab/middleware/read_only/controller.rb b/lib/gitlab/middleware/read_only/controller.rb
new file mode 100644
index 00000000000..45b644e6510
--- /dev/null
+++ b/lib/gitlab/middleware/read_only/controller.rb
@@ -0,0 +1,86 @@
+module Gitlab
+  module Middleware
+    class ReadOnly
+      class Controller
+        DISALLOWED_METHODS = %w(POST PATCH PUT DELETE).freeze
+        APPLICATION_JSON = 'application/json'.freeze
+        ERROR_MESSAGE = 'You cannot perform write operations on a read-only instance'.freeze
+
+        def initialize(app, env)
+          @app = app
+          @env = env
+        end
+
+        def call
+          if disallowed_request? && Gitlab::Database.read_only?
+            Rails.logger.debug('GitLab ReadOnly: preventing possible non read-only operation')
+
+            if json_request?
+              return [403, { 'Content-Type' => APPLICATION_JSON }, [{ 'message' => ERROR_MESSAGE }.to_json]]
+            else
+              rack_flash.alert = ERROR_MESSAGE
+              rack_session['flash'] = rack_flash.to_session_value
+
+              return [301, { 'Location' => last_visited_url }, []]
+            end
+          end
+
+          @app.call(@env)
+        end
+
+        private
+
+        def disallowed_request?
+          DISALLOWED_METHODS.include?(@env['REQUEST_METHOD']) &&
+            !whitelisted_routes
+        end
+
+        def json_request?
+          request.media_type == APPLICATION_JSON
+        end
+
+        def rack_flash
+          @rack_flash ||= ActionDispatch::Flash::FlashHash.from_session_value(rack_session)
+        end
+
+        def rack_session
+          @env['rack.session']
+        end
+
+        def request
+          @env['rack.request'] ||= Rack::Request.new(@env)
+        end
+
+        def last_visited_url
+          @env['HTTP_REFERER'] || rack_session['user_return_to'] || Gitlab::Routing.url_helpers.root_url
+        end
+
+        def route_hash
+          @route_hash ||= Rails.application.routes.recognize_path(request.url, { method: request.request_method }) rescue {}
+        end
+
+        def whitelisted_routes
+          grack_route || ReadOnly.internal_routes.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route
+        end
+
+        def sidekiq_route
+          request.path.start_with?('/admin/sidekiq')
+        end
+
+        def grack_route
+          # Calling route_hash may be expensive. Only do it if we think there's a possible match
+          return false unless request.path.end_with?('.git/git-upload-pack')
+
+          route_hash[:controller] == 'projects/git_http' && route_hash[:action] == 'git_upload_pack'
+        end
+
+        def lfs_route
+          # Calling route_hash may be expensive. Only do it if we think there's a possible match
+          return false unless request.path.end_with?('/info/lfs/objects/batch')
+
+          route_hash[:controller] == 'projects/lfs_api' && route_hash[:action] == 'batch'
+        end
+      end
+    end
+  end
+end