From 477ba2b3465736cdccfb6cb6a36f78447942e310 Mon Sep 17 00:00:00 2001
From: Krasimir Angelov <kangelov@gitlab.com>
Date: Fri, 6 Sep 2019 16:06:25 +1200
Subject: Add skeleton Pages internal API

Basic `/internal/pages` endpoint that will be used for Pages virtual
domains internal API. The endpoint is currently behind feature flag and
provides authetication similar to how Workhorse is authenticating with
the GitLab.
---
 lib/api/api.rb            |  1 +
 lib/api/internal/pages.rb | 27 +++++++++++++++++++++++++++
 lib/gitlab/pages.rb       | 17 ++++++++++++++++-
 3 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 lib/api/internal/pages.rb

(limited to 'lib')

diff --git a/lib/api/api.rb b/lib/api/api.rb
index aa6a67d817a..de6e528ed09 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -119,6 +119,7 @@ module API
     mount ::API::GroupVariables
     mount ::API::ImportGithub
     mount ::API::Internal::Base
+    mount ::API::Internal::Pages
     mount ::API::Issues
     mount ::API::JobArtifacts
     mount ::API::Jobs
diff --git a/lib/api/internal/pages.rb b/lib/api/internal/pages.rb
new file mode 100644
index 00000000000..6ea048bde03
--- /dev/null
+++ b/lib/api/internal/pages.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module API
+  # Pages Internal API
+  module Internal
+    class Pages < Grape::API
+      before do
+        not_found! unless Feature.enabled?(:pages_internal_api)
+        authenticate_gitlab_pages_request!
+      end
+
+      helpers do
+        def authenticate_gitlab_pages_request!
+          unauthorized! unless Gitlab::Pages.verify_api_request(headers)
+        end
+      end
+
+      namespace 'internal' do
+        namespace 'pages' do
+          get "/" do
+            status :ok
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/pages.rb b/lib/gitlab/pages.rb
index 16df0700b08..4899b1d3234 100644
--- a/lib/gitlab/pages.rb
+++ b/lib/gitlab/pages.rb
@@ -1,7 +1,22 @@
 # frozen_string_literal: true
 
 module Gitlab
-  module Pages
+  class Pages
     VERSION = File.read(Rails.root.join("GITLAB_PAGES_VERSION")).strip.freeze
+    INTERNAL_API_REQUEST_HEADER = 'Gitlab-Pages-Api-Request'.freeze
+
+    include JwtAuthenticatable
+
+    class << self
+      def verify_api_request(request_headers)
+        decode_jwt_for_issuer('gitlab-pages', request_headers[INTERNAL_API_REQUEST_HEADER])
+      rescue JWT::DecodeError
+        false
+      end
+
+      def secret_path
+        Gitlab.config.pages.secret_file
+      end
+    end
   end
 end
-- 
cgit v1.2.1