diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-15 15:42:17 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-15 15:42:17 +0000 |
commit | 44fdf983bd35328dd577d3d3650d14163ef3e2b6 (patch) | |
tree | 84ff300d056cfbabb5a0fe2a9cbaa80aaeab1cc5 /lib | |
parent | bc9fa07b26184b5c94808f704db6ea1ac81bf4de (diff) | |
download | gitlab-ce-44fdf983bd35328dd577d3d3650d14163ef3e2b6.tar.gz |
Add latest changes from gitlab-org/gitlab@12-10-stable-ee
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/helpers/rate_limiter.rb | 28 | ||||
-rw-r--r-- | lib/api/issues.rb | 3 | ||||
-rw-r--r-- | lib/api/project_export.rb | 17 | ||||
-rw-r--r-- | lib/api/project_import.rb | 17 | ||||
-rw-r--r-- | lib/constraints/admin_constrainer.rb | 25 | ||||
-rw-r--r-- | lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb | 27 | ||||
-rw-r--r-- | lib/gitlab/import_export/group/legacy_tree_saver.rb (renamed from lib/gitlab/import_export/group/tree_saver.rb) | 2 |
7 files changed, 89 insertions, 30 deletions
diff --git a/lib/api/helpers/rate_limiter.rb b/lib/api/helpers/rate_limiter.rb new file mode 100644 index 00000000000..5a531b5324a --- /dev/null +++ b/lib/api/helpers/rate_limiter.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +module API + module Helpers + module RateLimiter + def check_rate_limit!(key, scope) + if rate_limiter.throttled?(key, scope: scope) + log_request(key) + render_exceeded_limit_error! + end + end + + private + + def rate_limiter + ::Gitlab::ApplicationRateLimiter + end + + def render_exceeded_limit_error! + render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429) + end + + def log_request(key) + rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user) + end + end + end +end diff --git a/lib/api/issues.rb b/lib/api/issues.rb index a78202877fb..f27afd0055f 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -4,6 +4,7 @@ module API class Issues < Grape::API include PaginationParams helpers Helpers::IssuesHelpers + helpers Helpers::RateLimiter helpers ::Gitlab::IssuableMetadata before { authenticate_non_get! } @@ -211,6 +212,8 @@ module API post ':id/issues' do Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42320') + check_rate_limit! :issues_create, [current_user, :issues_create] + authorize! :create_issue, user_project params.delete(:created_at) unless current_user.can?(:set_issue_created_at, user_project) diff --git a/lib/api/project_export.rb b/lib/api/project_export.rb index ef6a8f1a396..9fd9d13a20c 100644 --- a/lib/api/project_export.rb +++ b/lib/api/project_export.rb @@ -2,15 +2,8 @@ module API class ProjectExport < Grape::API - helpers do - def throttled?(action) - rate_limiter.throttled?(action, scope: [current_user, action, user_project]) - end + helpers Helpers::RateLimiter - def rate_limiter - ::Gitlab::ApplicationRateLimiter - end - end before do not_found! unless Gitlab::CurrentSettings.project_export_enabled? authorize_admin_project @@ -32,9 +25,7 @@ module API detail 'This feature was introduced in GitLab 10.6.' end get ':id/export/download' do - if throttled?(:project_download_export) - render_api_error!({ error: 'This endpoint has been requested too many times. Try again later.' }, 429) - end + check_rate_limit! :project_download_export, [current_user, :project_download_export, user_project] if user_project.export_file_exists? present_carrierwave_file!(user_project.export_file) @@ -54,9 +45,7 @@ module API end end post ':id/export' do - if throttled?(:project_export) - render_api_error!({ error: 'This endpoint has been requested too many times. Try again later.' }, 429) - end + check_rate_limit! :project_export, [current_user, :project_export, user_project] project_export_params = declared_params(include_missing: false) after_export_params = project_export_params.delete(:upload) || {} diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb index ffa9dd13754..0e83686cab2 100644 --- a/lib/api/project_import.rb +++ b/lib/api/project_import.rb @@ -8,19 +8,12 @@ module API helpers Helpers::ProjectsHelpers helpers Helpers::FileUploadHelpers + helpers Helpers::RateLimiter helpers do def import_params declared_params(include_missing: false) end - - def throttled?(key, scope) - rate_limiter.throttled?(key, scope: scope) - end - - def rate_limiter - ::Gitlab::ApplicationRateLimiter - end end before do @@ -69,13 +62,7 @@ module API post 'import' do require_gitlab_workhorse! - key = "project_import".to_sym - - if throttled?(key, [current_user, key]) - rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user) - - render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429) - end + check_rate_limit! :project_import, [current_user, :project_import] Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42437') diff --git a/lib/constraints/admin_constrainer.rb b/lib/constraints/admin_constrainer.rb new file mode 100644 index 00000000000..59c855a1b73 --- /dev/null +++ b/lib/constraints/admin_constrainer.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +module Constraints + class AdminConstrainer + def matches?(request) + if Feature.enabled?(:user_mode_in_session) + admin_mode_enabled?(request) + else + user_is_admin?(request) + end + end + + private + + def user_is_admin?(request) + request.env['warden'].authenticate? && request.env['warden'].user.admin? + end + + def admin_mode_enabled?(request) + Gitlab::Session.with_session(request.session) do + request.env['warden'].authenticate? && Gitlab::Auth::CurrentUserMode.new(request.env['warden'].user).admin_mode? + end + end + end +end diff --git a/lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb b/lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb new file mode 100644 index 00000000000..9b9ef70424a --- /dev/null +++ b/lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +module Gitlab + module BackgroundMigration + # Class that will insert record into project_push_rules + # for each existing push_rule + class BackfillPushRulesIdInProjects + # Temporary AR table for push rules + class ProjectSetting < ActiveRecord::Base + self.table_name = 'project_settings' + end + + def perform(start_id, stop_id) + ProjectSetting.connection.execute(<<~SQL) + UPDATE project_settings ps1 + SET push_rule_id = pr.id + FROM project_settings ps2 + INNER JOIN push_rules pr + ON ps2.project_id = pr.project_id + WHERE pr.is_sample = false + AND pr.id BETWEEN #{start_id} AND #{stop_id} + AND ps1.project_id = ps2.project_id + SQL + end + end + end +end diff --git a/lib/gitlab/import_export/group/tree_saver.rb b/lib/gitlab/import_export/group/legacy_tree_saver.rb index fd1eb329ad2..3776ef0d8f5 100644 --- a/lib/gitlab/import_export/group/tree_saver.rb +++ b/lib/gitlab/import_export/group/legacy_tree_saver.rb @@ -3,7 +3,7 @@ module Gitlab module ImportExport module Group - class TreeSaver + class LegacyTreeSaver attr_reader :full_path, :shared def initialize(group:, current_user:, shared:, params: {}) |