diff options
| author | Ash McKenzie <amckenzie@gitlab.com> | 2018-07-26 19:06:20 +1000 |
|---|---|---|
| committer | Ash McKenzie <amckenzie@gitlab.com> | 2018-08-01 00:24:16 +1000 |
| commit | ecba183b60eb0798ecf1736659ed7d0a995d0f01 (patch) | |
| tree | 3606b2d25e914f69f6cc9aab6de7864331b49dbf /lib/gitlab_net.rb | |
| parent | 252a96d61f52d91486f92f980c2f0e4c7a1b9408 (diff) | |
| download | gitlab-shell-ecba183b60eb0798ecf1736659ed7d0a995d0f01.tar.gz | |
Utilise new Actions
* Move gitaly, git-lfs and 2FA logic out from gitlab_shell.rb
* Streamline parsing of origin_cmd in GitlabShell
* Utilise proper HTTP status codes sent from the API
* Also support 200 OK with status of true/false (ideally get rid of this)
* Use HTTP status constants
* Use attr_reader definitions (var over @var)
* Rspec deprecation fixes
Diffstat (limited to 'lib/gitlab_net.rb')
| -rw-r--r-- | lib/gitlab_net.rb | 47 |
1 files changed, 30 insertions, 17 deletions
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb index 191ecf5..3bc8f2d 100644 --- a/lib/gitlab_net.rb +++ b/lib/gitlab_net.rb @@ -1,15 +1,18 @@ require 'json' +require_relative 'errors' require_relative 'gitlab_logger' require_relative 'gitlab_access' require_relative 'gitlab_lfs_authentication' require_relative 'http_helper' +require_relative 'action' -class GitlabNet # rubocop:disable Metrics/ClassLength +class GitlabNet include HTTPHelper CHECK_TIMEOUT = 5 GL_PROTOCOL = 'ssh'.freeze + API_INACCESSIBLE_ERROR = 'API is not accessible'.freeze def check_access(cmd, gl_repository, repo, key_id, changes, protocol = GL_PROTOCOL, env: {}) changes = changes.join("\n") unless changes.is_a?(String) @@ -26,22 +29,15 @@ class GitlabNet # rubocop:disable Metrics/ClassLength resp = post("#{internal_api_endpoint}/allowed", params) - if resp.code == '200' - GitAccessStatus.create_from_json(resp.body) - else - GitAccessStatus.new(false, - 'API is not accessible', - gl_repository: nil, - gl_username: nil, - repository_path: nil, - gitaly: nil) - end + determine_action(key_id, resp) end def discover(key) key_id = key.gsub("key-", "") resp = get("#{internal_api_endpoint}/discover?key_id=#{key_id}") - JSON.parse(resp.body) rescue nil + JSON.parse(resp.body) + rescue JSON::ParserError, ApiUnreachableError + nil end def lfs_authenticate(key, repo) @@ -97,11 +93,7 @@ class GitlabNet # rubocop:disable Metrics/ClassLength end def post_receive(gl_repository, identifier, changes) - params = { - gl_repository: gl_repository, - identifier: identifier, - changes: changes - } + params = { gl_repository: gl_repository, identifier: identifier, changes: changes } resp = post("#{internal_api_endpoint}/post_receive", params) raise NotFound if resp.code == HTTP_NOT_FOUND @@ -120,4 +112,25 @@ class GitlabNet # rubocop:disable Metrics/ClassLength def sanitize_path(repo) repo.delete("'") end + + def determine_action(key_id, resp) + json = JSON.parse(resp.body) + message = json['message'] + + case resp.code + when HTTP_SUCCESS + # TODO: This raise can be removed once internal API can respond with correct + # HTTP status codes, instead of relying upon parsing the body and + # accessing the 'status' key. + raise AccessDeniedError, message unless json['status'] + + Action::Gitaly.create_from_json(key_id, json) + when HTTP_UNAUTHORIZED, HTTP_NOT_FOUND + raise AccessDeniedError, message + else + raise UnknownError, "#{API_INACCESSIBLE_ERROR}: #{message}" + end + rescue JSON::ParserError + raise UnknownError, API_INACCESSIBLE_ERROR + end end |