diff options
Diffstat (limited to 'lib/constraints/repository_redirect_url_constrainer.rb')
-rw-r--r-- | lib/constraints/repository_redirect_url_constrainer.rb | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/lib/constraints/repository_redirect_url_constrainer.rb b/lib/constraints/repository_redirect_url_constrainer.rb new file mode 100644 index 00000000000..44df670d8d3 --- /dev/null +++ b/lib/constraints/repository_redirect_url_constrainer.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +module Constraints + class RepositoryRedirectUrlConstrainer + def matches?(request) + path = request.params[:repository_path].delete_suffix('.git') + query = request.query_string + + git_request?(query) && container_path?(path) + end + + # Allow /info/refs, /info/refs?service=git-upload-pack, and + # /info/refs?service=git-receive-pack, but nothing else. + def git_request?(query) + query.blank? || + query == 'service=git-upload-pack' || + query == 'service=git-receive-pack' + end + + # Check if the path matches any known repository containers. + # These also cover wikis, since a `.wiki` suffix is valid in project/group paths too. + def container_path?(path) + NamespacePathValidator.valid_path?(path) || + ProjectPathValidator.valid_path?(path) || + path =~ Gitlab::PathRegex.full_snippets_repository_path_regex + end + end +end |