Commit 5cb7d9a0 authored by David Fernandez's avatar David Fernandez

Refactor package storage support in multipart middleware

Package storage support should only happen with a EE instance
parent 346c493e
# frozen_string_literal: true
module EE
module Gitlab
module Middleware
module Multipart
module Handler
extend ::Gitlab::Utils::Override
private
override :allowed_paths
def allowed_paths
paths = super
packages_config = ::Gitlab.config.packages
if allow_packages_storage_path?(packages_config)
paths << ::Packages::PackageFileUploader.workhorse_upload_path
end
paths
end
def allow_packages_storage_path?(packages_config)
return unless packages_config.enabled
return unless packages_config['storage_path']
return if packages_config.object_store.enabled && packages_config.object_store.direct_upload
true
end
end
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
require 'tempfile'
describe Gitlab::Middleware::Multipart do
include_context 'multipart middleware context'
describe '#call' do
context 'with packages storage' do
using RSpec::Parameterized::TableSyntax
let(:storage_path) { 'shared/packages' }
RSpec.shared_examples 'allowing the multipart upload' do
it 'allows files to be uploaded' do
with_tmp_dir('tmp/uploads', storage_path) do |dir, env|
allow(Packages::PackageFileUploader).to receive(:root).and_return(File.join(dir, storage_path))
expect(app).to receive(:call) do |env|
expect(get_params(env)['file']).to be_a(::UploadedFile)
end
middleware.call(env)
end
end
end
RSpec.shared_examples 'not allowing the multipart upload' do
it 'does not allow files to be uploaded' do
with_tmp_dir('tmp/uploads', storage_path) do |dir, env|
allow(Packages::PackageFileUploader).to receive(:root).and_return(File.join(dir, storage_path))
expect { middleware.call(env) }.to raise_error(UploadedFile::InvalidPathError)
end
end
end
RSpec.shared_examples 'adding package storage to multipart allowed paths' do
before do
expect(::Packages::PackageFileUploader).to receive(:workhorse_upload_path).and_call_original
end
it_behaves_like 'allowing the multipart upload'
end
RSpec.shared_examples 'not adding package storage to multipart allowed paths' do
before do
expect(::Packages::PackageFileUploader).not_to receive(:workhorse_upload_path)
end
it_behaves_like 'not allowing the multipart upload'
end
where(:object_storage_enabled, :direct_upload_enabled, :example_name) do
false | true | 'adding package storage to multipart allowed paths'
false | false | 'adding package storage to multipart allowed paths'
true | true | 'not adding package storage to multipart allowed paths'
true | false | 'adding package storage to multipart allowed paths'
end
with_them do
before do
stub_config(packages: {
enabled: true,
object_store: {
enabled: object_storage_enabled,
direct_upload: direct_upload_enabled
},
storage_path: storage_path
})
end
it_behaves_like params[:example_name]
end
end
end
end
# frozen_string_literal: true
RSpec.shared_context 'multipart middleware context' do
let(:app) { double(:app) }
let(:middleware) { described_class.new(app) }
let(:original_filename) { 'filename' }
# Rails 5 doesn't combine the GET/POST parameters in
# ActionDispatch::HTTP::Parameters if action_dispatch.request.parameters is set:
# https://github.com/rails/rails/blob/aea6423f013ca48f7704c70deadf2cd6ac7d70a1/actionpack/lib/action_dispatch/http/parameters.rb#L41
def get_params(env)
req = ActionDispatch::Request.new(env)
req.GET.merge(req.POST)
end
def post_env(rewritten_fields, params, secret, issuer)
token = JWT.encode({ 'iss' => issuer, 'rewritten_fields' => rewritten_fields }, secret, 'HS256')
Rack::MockRequest.env_for(
'/',
method: 'post',
params: params,
described_class::RACK_ENV_KEY => token
)
end
def with_tmp_dir(uploads_sub_dir, storage_path = '')
Dir.mktmpdir do |dir|
upload_dir = File.join(dir, storage_path, uploads_sub_dir)
FileUtils.mkdir_p(upload_dir)
allow(Rails).to receive(:root).and_return(dir)
allow(Dir).to receive(:tmpdir).and_return(File.join(Dir.tmpdir, 'tmpsubdir'))
allow(GitlabUploader).to receive(:root).and_return(File.join(dir, storage_path))
Tempfile.open('top-level', upload_dir) do |tempfile|
env = post_env({ 'file' => tempfile.path }, { 'file.name' => original_filename, 'file.path' => tempfile.path }, Gitlab::Workhorse.secret, 'gitlab-workhorse')
yield dir, env
end
end
end
end
......@@ -84,17 +84,6 @@ module Gitlab
end
def open_file(params, key)
allowed_paths = [
::FileUploader.root,
Gitlab.config.uploads.storage_path,
File.join(Rails.root, 'public/uploads/tmp')
]
packages_config = Gitlab.config.packages
if allow_packages_storage_path?(packages_config)
allowed_paths << File.join(packages_config.storage_path, 'tmp/uploads')
end
::UploadedFile.from_params(params, key, allowed_paths)
end
......@@ -114,12 +103,12 @@ module Gitlab
private
def allow_packages_storage_path?(packages_config)
return unless packages_config.enabled
return unless packages_config['storage_path']
return if packages_config.object_store.enabled && packages_config.object_store.direct_upload
true
def allowed_paths
[
::FileUploader.root,
Gitlab.config.uploads.storage_path,
File.join(Rails.root, 'public/uploads/tmp')
]
end
end
......@@ -140,3 +129,5 @@ module Gitlab
end
end
end
::Gitlab::Middleware::Multipart::Handler.prepend_if_ee('EE::Gitlab::Middleware::Multipart::Handler')
......@@ -5,9 +5,7 @@ require 'spec_helper'
require 'tempfile'
describe Gitlab::Middleware::Multipart do
let(:app) { double(:app) }
let(:middleware) { described_class.new(app) }
let(:original_filename) { 'filename' }
include_context 'multipart middleware context'
shared_examples_for 'multipart upload files' do
it 'opens top-level files' do
......@@ -82,16 +80,7 @@ describe Gitlab::Middleware::Multipart do
end
it 'allows files in uploads/tmp directory' do
Dir.mktmpdir do |dir|
uploads_dir = File.join(dir, 'public/uploads/tmp')
FileUtils.mkdir_p(uploads_dir)
allow(Rails).to receive(:root).and_return(dir)
allow(Dir).to receive(:tmpdir).and_return(File.join(Dir.tmpdir, 'tmpsubdir'))
Tempfile.open('top-level', uploads_dir) do |tempfile|
env = post_env({ 'file' => tempfile.path }, { 'file.name' => original_filename, 'file.path' => tempfile.path }, Gitlab::Workhorse.secret, 'gitlab-workhorse')
with_tmp_dir('public/uploads/tmp') do |dir, env|
expect(app).to receive(:call) do |env|
expect(get_params(env)['file']).to be_a(::UploadedFile)
end
......@@ -99,87 +88,6 @@ describe Gitlab::Middleware::Multipart do
middleware.call(env)
end
end
end
context 'with packages storage' do
let(:storage_path) { 'shared/packages' }
RSpec.shared_examples 'allowing the upload' do
it 'allows files to be uploaded' do
Dir.mktmpdir do |dir|
packages_upload_dir = File.join(dir, storage_path, 'tmp/uploads')
FileUtils.mkdir_p(packages_upload_dir)
Tempfile.open('top-level', packages_upload_dir) do |tempfile|
env = post_env({ 'file' => tempfile.path }, { 'file.name' => original_filename, 'file.path' => tempfile.path }, Gitlab::Workhorse.secret, 'gitlab-workhorse')
expect(app).to receive(:call) do |env|
expect(get_params(env)['file']).to be_a(::UploadedFile)
end
middleware.call(env)
end
end
end
end
context 'with object storage disabled' do
before do
stub_config(packages: {
enabled: true,
object_store: {
enabled: false
},
storage_path: storage_path
})
end
it_behaves_like 'allowing the upload' do
before do
expect(Gitlab.config.packages).to receive(:storage_path).and_return(storage_path)
end
end
end
context 'with object storage enabled' do
context 'with direct upload enabled' do
before do
stub_config(packages: {
enabled: true,
object_store: {
enabled: true,
direct_upload: true
}
})
end
it_behaves_like 'allowing the upload' do
before do
expect(Gitlab.config.packages).not_to receive(:storage_path)
end
end
end
context 'with direct upload disabled' do
before do
stub_config(packages: {
enabled: true,
object_store: {
enabled: true,
direct_upload: false
},
storage_path: storage_path
})
end
it_behaves_like 'allowing the upload' do
before do
expect(Gitlab.config.packages).to receive(:storage_path).and_return(storage_path)
end
end
end
end
end
it 'allows symlinks for uploads dir' do
Tempfile.open('two-levels') do |tempfile|
......@@ -207,22 +115,4 @@ describe Gitlab::Middleware::Multipart do
middleware.call(env)
end
end
# Rails 5 doesn't combine the GET/POST parameters in
# ActionDispatch::HTTP::Parameters if action_dispatch.request.parameters is set:
# https://github.com/rails/rails/blob/aea6423f013ca48f7704c70deadf2cd6ac7d70a1/actionpack/lib/action_dispatch/http/parameters.rb#L41
def get_params(env)
req = ActionDispatch::Request.new(env)
req.GET.merge(req.POST)
end
def post_env(rewritten_fields, params, secret, issuer)
token = JWT.encode({ 'iss' => issuer, 'rewritten_fields' => rewritten_fields }, secret, 'HS256')
Rack::MockRequest.env_for(
'/',
method: 'post',
params: params,
described_class::RACK_ENV_KEY => token
)
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment