1. 03 Mar, 2017 6 commits
    • Robert Speicher's avatar
      Merge branch 'geo-transfer-support' into 'master' · c601ca55
      Robert Speicher authored
      Basic support for GitLab Geo transfers
      
      See merge request !1237
      c601ca55
    • Sean McGivern's avatar
      Merge branch '27532_api_changes' into 'master' · b77c1ae7
      Sean McGivern authored
      Use iids as filter parameter
      
      See merge request !1216
      b77c1ae7
    • Annabel Dunstone Gray's avatar
      Merge branch 'ee-specific-dev-favicon' into 'master' · 9fa97202
      Annabel Dunstone Gray authored
      Adds a EE specific dev favicon
      
      See merge request !1343
      9fa97202
    • Jarka Kadlecova's avatar
      Use iids as filter parameter · 7150761c
      Jarka Kadlecova authored
      7150761c
    • Stan Hu's avatar
      Add basic support for GitLab Geo file transfers over HTTP · 1aff5fe4
      Stan Hu authored
      A Geo transfer request arrives with a JWT header with the right data (e.g. URL
      `/api/v4/geo/transfers/lfs/1` for LFS object ID 1, with a JWT token that
      includes the corresponding LFS OID).
      
      Workhorse proxies the request and the Rails backend verifies the validity of
      the request.  If the request is valid, the Rails backend uses X-Sendfile
      functionality in Workhorse/nginx to send data back to the client.
      
      Current Geo Nodes use the system hook token for authentication, which is not
      that secure. This implementation creates an access identifier and an secret
      access key for each GeoNode. The GeoNode uses that to create a JWT token in
      the Authorization header. The secret access key is encrypted with the
      db_key_base valid and replicated in PostgreSQL. Since `db_key_base` has to be
      correct to decode this field, we are ultimately relying on the security of
      that key.
      
      The primary GeoNode receives the Authorization header, looks up the proper
      GeoNode with the access identifier, and then validates the JWT token. We
      expect that the times of the nodes are synchronized within 1 minute to prevent
      replay attacks.
      1aff5fe4
    • Alfredo Sumaran's avatar
      Merge branch '28010-mr-merge-button-default-to-danger-ee' into 'master' · a3049e55
      Alfredo Sumaran authored
      Default to dangerous MR merge button - EE merge edition
      
      See merge request !1313
      a3049e55
  2. 02 Mar, 2017 34 commits