diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/application.rb | 4 | ||||
-rw-r--r-- | config/initializers/rbtrace.rb | 3 | ||||
-rw-r--r-- | config/initializers/sidekiq.rb | 2 | ||||
-rw-r--r-- | config/initializers/warden.rb | 30 | ||||
-rw-r--r-- | config/routes.rb | 1 | ||||
-rw-r--r-- | config/sidekiq_queues.yml | 1 | ||||
-rw-r--r-- | config/unicorn.rb.example | 4 |
7 files changed, 37 insertions, 8 deletions
diff --git a/config/application.rb b/config/application.rb index b9d4f6765e3..a086e860e16 100644 --- a/config/application.rb +++ b/config/application.rb @@ -154,6 +154,10 @@ module Gitlab config.action_view.sanitized_allowed_protocols = %w(smb) + # This middleware needs to precede ActiveRecord::QueryCache and other middlewares that + # connect to the database. + config.middleware.insert_after "Rails::Rack::Logger", "Gitlab::Middleware::BasicHealthCheck" + config.middleware.insert_after Warden::Manager, Rack::Attack # Allow access to GitLab API from other domains diff --git a/config/initializers/rbtrace.rb b/config/initializers/rbtrace.rb deleted file mode 100644 index 3a076c99ad0..00000000000 --- a/config/initializers/rbtrace.rb +++ /dev/null @@ -1,3 +0,0 @@ -# frozen_string_literal: true - -require 'rbtrace' if ENV['ENABLE_RBTRACE'] diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb index f6803eb0b5a..6f54bee4713 100644 --- a/config/initializers/sidekiq.rb +++ b/config/initializers/sidekiq.rb @@ -8,6 +8,8 @@ Sidekiq.default_worker_options = { retry: 3 } enable_json_logs = Gitlab.config.sidekiq.log_format == 'json' Sidekiq.configure_server do |config| + require 'rbtrace' if ENV['ENABLE_RBTRACE'] + config.redis = queues_config_hash config.server_middleware do |chain| diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index 8cc36820d3c..d64b659c6d7 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -1,10 +1,20 @@ Rails.application.configure do |config| Warden::Manager.after_set_user(scope: :user) do |user, auth, opts| Gitlab::Auth::UniqueIpsLimiter.limit_user!(user) - end - Warden::Manager.before_failure(scope: :user) do |env, opts| - Gitlab::Auth::BlockedUserTracker.log_if_user_blocked(env) + activity = Gitlab::Auth::Activity.new(user, opts) + + case opts[:event] + when :authentication + activity.user_authenticated! + when :set_user + activity.user_authenticated! + activity.user_session_override! + when :fetch # rubocop:disable Lint/EmptyWhen + # We ignore session fetch events + else + activity.user_session_override! + end end Warden::Manager.after_authentication(scope: :user) do |user, auth, opts| @@ -15,7 +25,17 @@ Rails.application.configure do |config| ActiveSession.set(user, auth.request) end - Warden::Manager.before_logout(scope: :user) do |user, auth, opts| - ActiveSession.destroy(user || auth.user, auth.request.session.id) + Warden::Manager.before_failure(scope: :user) do |env, opts| + tracker = Gitlab::Auth::BlockedUserTracker.new(env) + tracker.log_blocked_user_activity! if tracker.user_blocked? + + Gitlab::Auth::Activity.new(tracker.user, opts).user_authentication_failed! + end + + Warden::Manager.before_logout(scope: :user) do |user_warden, auth, opts| + user = user_warden || auth.user + + ActiveSession.destroy(user, auth.request.session.id) + Gitlab::Auth::Activity.new(user, opts).user_session_destroyed! end end diff --git a/config/routes.rb b/config/routes.rb index 63e40a31b76..d16a587c5ee 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -46,6 +46,7 @@ Rails.application.routes.draw do get 'health_check(/:checks)' => 'health_check#index', as: :health_check scope path: '-' do + # '/-/health' implemented by BasicHealthMiddleware get 'liveness' => 'health#liveness' get 'readiness' => 'health#readiness' post 'storage_check' => 'health#storage_check' diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml index 70b584ff9e9..3c85cd07d46 100644 --- a/config/sidekiq_queues.yml +++ b/config/sidekiq_queues.yml @@ -45,6 +45,7 @@ - [github_import_advance_stage, 1] - [project_service, 1] - [delete_user, 1] + - [todos_destroyer, 1] - [delete_merged_branches, 1] - [authorized_projects, 1] - [expire_build_instance_artifacts, 1] diff --git a/config/unicorn.rb.example b/config/unicorn.rb.example index 220a0191160..8f2d842e5b6 100644 --- a/config/unicorn.rb.example +++ b/config/unicorn.rb.example @@ -124,6 +124,10 @@ before_fork do |server, worker| end after_fork do |server, worker| + # Unicorn clears out signals before it forks, so rbtrace won't work + # unless it is enabled after the fork. + require 'rbtrace' if ENV['ENABLE_RBTRACE'] + # per-process listener ports for debugging/admin/migrations # addr = "127.0.0.1:#{9293 + worker.nr}" # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) |