Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
b5763e91
Commit
b5763e91
authored
Oct 15, 2014
by
Valery Sizov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add gitlab-shell identification
parent
f7342ce5
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
42 additions
and
6 deletions
+42
-6
.gitignore
.gitignore
+1
-0
GITLAB_SHELL_VERSION
GITLAB_SHELL_VERSION
+1
-1
config/initializers/gitlab_shell_secret_token.rb
config/initializers/gitlab_shell_secret_token.rb
+19
-0
lib/api/helpers.rb
lib/api/helpers.rb
+8
-0
lib/api/internal.rb
lib/api/internal.rb
+4
-0
spec/requests/api/internal_spec.rb
spec/requests/api/internal_spec.rb
+9
-5
No files found.
.gitignore
View file @
b5763e91
...
@@ -39,3 +39,4 @@ public/assets/
...
@@ -39,3 +39,4 @@ public/assets/
.envrc
.envrc
dump.rdb
dump.rdb
tags
tags
.gitlab_shell_secret
GITLAB_SHELL_VERSION
View file @
b5763e91
2.0.
1
2.0.
2
config/initializers/gitlab_shell_secret_token.rb
0 → 100644
View file @
b5763e91
# Be sure to restart your server when you modify this file.
require
'securerandom'
# Your secret key for verifying the gitlab_shell.
secret_file
=
Rails
.
root
.
join
(
'.gitlab_shell_secret'
)
gitlab_shell_symlink
=
File
.
join
(
Gitlab
.
config
.
gitlab_shell
.
path
,
'.gitlab_shell_secret'
)
unless
File
.
exist?
secret_file
# Generate a new token of 16 random hexadecimal characters and store it in secret_file.
token
=
SecureRandom
.
hex
(
16
)
File
.
write
(
secret_file
,
token
)
end
if
File
.
exist?
(
Gitlab
.
config
.
gitlab_shell
.
path
)
&&
!
File
.
exist?
(
gitlab_shell_symlink
)
FileUtils
.
symlink
(
secret_file
,
gitlab_shell_symlink
)
end
\ No newline at end of file
lib/api/helpers.rb
View file @
b5763e91
...
@@ -67,6 +67,10 @@ module API
...
@@ -67,6 +67,10 @@ module API
unauthorized!
unless
current_user
unauthorized!
unless
current_user
end
end
def
authenticate_by_gitlab_shell_token!
unauthorized!
unless
secret_token
==
params
[
'secret_token'
]
end
def
authenticated_as_admin!
def
authenticated_as_admin!
forbidden!
unless
current_user
.
is_admin?
forbidden!
unless
current_user
.
is_admin?
end
end
...
@@ -193,5 +197,9 @@ module API
...
@@ -193,5 +197,9 @@ module API
abilities
abilities
end
end
end
end
def
secret_token
File
.
read
(
Rails
.
root
.
join
(
'.gitlab_shell_secret'
))
end
end
end
end
end
lib/api/internal.rb
View file @
b5763e91
module
API
module
API
# Internal access API
# Internal access API
class
Internal
<
Grape
::
API
class
Internal
<
Grape
::
API
before
{
authenticate_by_gitlab_shell_token!
}
namespace
'internal'
do
namespace
'internal'
do
# Check if git command is allowed to project
# Check if git command is allowed to project
#
#
...
...
spec/requests/api/internal_spec.rb
View file @
b5763e91
...
@@ -5,10 +5,11 @@ describe API::API, api: true do
...
@@ -5,10 +5,11 @@ describe API::API, api: true do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:key
)
{
create
(
:key
,
user:
user
)
}
let
(
:key
)
{
create
(
:key
,
user:
user
)
}
let
(
:project
)
{
create
(
:project
)
}
let
(
:project
)
{
create
(
:project
)
}
let
(
:secret_token
)
{
File
.
read
Rails
.
root
.
join
(
'.gitlab_shell_secret'
)
}
describe
"GET /internal/check"
,
no_db:
true
do
describe
"GET /internal/check"
,
no_db:
true
do
it
do
it
do
get
api
(
"/internal/check"
)
get
api
(
"/internal/check"
)
,
secret_token:
secret_token
response
.
status
.
should
==
200
response
.
status
.
should
==
200
json_response
[
'api_version'
].
should
==
API
::
API
.
version
json_response
[
'api_version'
].
should
==
API
::
API
.
version
...
@@ -17,7 +18,7 @@ describe API::API, api: true do
...
@@ -17,7 +18,7 @@ describe API::API, api: true do
describe
"GET /internal/discover"
do
describe
"GET /internal/discover"
do
it
do
it
do
get
(
api
(
"/internal/discover"
),
key_id:
key
.
id
)
get
(
api
(
"/internal/discover"
),
key_id:
key
.
id
,
secret_token:
secret_token
)
response
.
status
.
should
==
200
response
.
status
.
should
==
200
...
@@ -159,7 +160,8 @@ describe API::API, api: true do
...
@@ -159,7 +160,8 @@ describe API::API, api: true do
api
(
"/internal/allowed"
),
api
(
"/internal/allowed"
),
key_id:
key
.
id
,
key_id:
key
.
id
,
project:
project
.
path_with_namespace
,
project:
project
.
path_with_namespace
,
action:
'git-upload-pack'
action:
'git-upload-pack'
,
secret_token:
secret_token
)
)
end
end
...
@@ -169,7 +171,8 @@ describe API::API, api: true do
...
@@ -169,7 +171,8 @@ describe API::API, api: true do
changes:
'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master'
,
changes:
'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master'
,
key_id:
key
.
id
,
key_id:
key
.
id
,
project:
project
.
path_with_namespace
,
project:
project
.
path_with_namespace
,
action:
'git-receive-pack'
action:
'git-receive-pack'
,
secret_token:
secret_token
)
)
end
end
...
@@ -179,7 +182,8 @@ describe API::API, api: true do
...
@@ -179,7 +182,8 @@ describe API::API, api: true do
ref:
'master'
,
ref:
'master'
,
key_id:
key
.
id
,
key_id:
key
.
id
,
project:
project
.
path_with_namespace
,
project:
project
.
path_with_namespace
,
action:
'git-upload-archive'
action:
'git-upload-archive'
,
secret_token:
secret_token
)
)
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment