diff options
Diffstat (limited to 'app/controllers/ci/application_controller.rb')
-rw-r--r-- | app/controllers/ci/application_controller.rb | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/app/controllers/ci/application_controller.rb b/app/controllers/ci/application_controller.rb new file mode 100644 index 00000000000..726781cb30b --- /dev/null +++ b/app/controllers/ci/application_controller.rb @@ -0,0 +1,133 @@ +module Ci + class ApplicationController < ActionController::Base + def self.railtie_helpers_paths + "app/helpers/ci" + end + + include Ci::UserSessionsHelper + + rescue_from Ci::Network::UnauthorizedError, with: :invalid_token + before_filter :default_headers + before_filter :check_config + + protect_from_forgery + + helper_method :current_user + before_filter :reset_cache + + private + + def current_user + @current_user ||= session[:ci_current_user] + end + + def sign_in(user) + session[:ci_current_user] = user + end + + def sign_out + reset_session + end + + def authenticate_user! + unless current_user + redirect_to new_ci_user_sessions_path + return + end + end + + def authenticate_admin! + unless current_user && current_user.is_admin + redirect_to new_ci_user_sessions_path + return + end + end + + def authenticate_public_page! + unless project.public + unless current_user + redirect_to(new_ci_user_sessions_path(state: generate_oauth_state(request.fullpath))) and return + end + + unless current_user.can_access_project?(project.gitlab_id) + page_404 and return + end + end + end + + def authenticate_token! + unless project.valid_token?(params[:token]) + return head(403) + end + end + + def authorize_access_project! + unless current_user.can_access_project?(@project.gitlab_id) + return page_404 + end + end + + def authorize_project_developer! + unless current_user.has_developer_access?(@project.gitlab_id) + return page_404 + end + end + + def authorize_manage_project! + unless current_user.can_manage_project?(@project.gitlab_id) + return page_404 + end + end + + def page_404 + render file: "#{Rails.root}/public/404.html", status: 404, layout: false + end + + # Reset user cache every day for security purposes + def reset_cache + if current_user && current_user.sync_at < (Time.zone.now - 24.hours) + current_user.reset_cache + end + end + + def default_headers + headers['X-Frame-Options'] = 'DENY' + headers['X-XSS-Protection'] = '1; mode=block' + end + + # JSON for infinite scroll via Pager object + def pager_json(partial, count) + html = render_to_string( + partial, + layout: false, + formats: [:html] + ) + + render json: { + html: html, + count: count + } + end + + def check_config + redirect_to oauth2_ci_help_path unless valid_config? + end + + def valid_config? + server = GitlabCi.config.gitlab_server + + if server.blank? || server.url.blank? || server.app_id.blank? || server.app_secret.blank? + false + else + true + end + rescue Settingslogic::MissingSetting, NoMethodError + false + end + + def invalid_token + reset_session + redirect_to ci_root_path + end + end +end |