lib/constraints/repository_redirect_url_constrainer.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

# frozen_string_literal: true

module Constraints
  class RepositoryRedirectUrlConstrainer
    def matches?(request)
      path = request.params[:repository_path].delete_suffix('.git')
      query = request.query_string

      git_request?(query) && container_path?(path)
    end

    # Allow /info/refs, /info/refs?service=git-upload-pack, and
    # /info/refs?service=git-receive-pack, but nothing else.
    def git_request?(query)
      query.blank? ||
        query == 'service=git-upload-pack' ||
        query == 'service=git-receive-pack'
    end

    # Check if the path matches any known repository containers.
    # These also cover wikis, since a `.wiki` suffix is valid in project/group paths too.
    def container_path?(path)
      NamespacePathValidator.valid_path?(path) ||
        ProjectPathValidator.valid_path?(path) ||
        path =~ Gitlab::PathRegex.full_snippets_repository_path_regex
    end
  end
end