Create gitlab-http gem
What does this MR do and why?
Related to #415686 (closed)
- Copy the contents and requirements of
lib/gitlab/http.rb
into the new gitlab-http gem. - While
lib/gitlab/http.rb
is usingGitlab::HTTP
, thegitlab-http
gem is usingGitlab::HTTP_V2
. So, we can gradually migrate to the gem.
Issue / MR | Link |
---|---|
Main issue | #415686 (closed) |
First MR to initialize the gem | =HERE= !125024 (merged) |
Small fixes | !131612 (merged) |
POC | !131644 (closed) |
Enabling on GitLab | !132238 (merged) |
Gitlab::HTTP
and Gitlab::HTTP_V2
Difference between - While
Gitlab::HTTP
fetches all its requirements from the GitLab config and the application setting,Gitlab::HTTP_V2
needs to be initialized with GitLab config first and passed the application setting in every call.
Details;
Gitlab::HTTP_V2.configure do |config|
config.allowed_internal_uris = [
URI::HTTP.build(
scheme: Gitlab.config.gitlab.protocol,
host: Gitlab.config.gitlab.host,
port: Gitlab.config.gitlab.port
),
URI::Generic.build(
scheme: 'ssh',
host: Gitlab.config.gitlab_shell.ssh_host,
port: Gitlab.config.gitlab_shell.ssh_port
)
]
config.log_exception_proc = ->(exception, extra_info) do
Gitlab::ErrorTracking.log_exception(exception, extra_info)
end
config.silent_mode_log_info_proc = ->(message, http_method) do
Gitlab::SilentMode.log_info(message: message, outbound_http_request_method: http_method)
end
end
module Gitlab
class SafeHTTP # rubocop:disable Naming/ClassAndModuleCamelCase
class << self
::Gitlab::HTTP_V2::SUPPORTED_HTTP_METHODS.each do |method|
define_method(method) do |path, options = {}, &block|
::Gitlab::HTTP_V2.public_send(method, path, default_options.merge(options), &block) # rubocop:disable GitlabSecurity/PublicSend
end
end
def default_options
{
outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist, # rubocop:disable Naming/InclusiveLanguage
deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
dns_rebinding_protection_enabled: Gitlab::CurrentSettings.dns_rebinding_protection_enabled?,
allow_local_requests: Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?,
silent_mode_enabled: Gitlab::SilentMode.enabled?
}
end
end
end
end
- The new
UrlBlocker
has some parameter changes;- Added:
extra_allowed_uris
: This will be used to replaceallow_object_storage
. Instead of passingallow_object_storage
and calculating "enabled_object_storage_endpoints", we will directly passextra_allowed_uris
as an option. - Removed:
allow_object_storage
:☝ - Added:
deny_all_requests_except_allowed
: This is an instance setting;deny_all_requests_except_allowed?
, so we are passing it as an option. - Added:
outbound_local_requests_allowlist
: This is an instance setting;outbound_local_requests_whitelist
, so we are passing it as an option.
- Added:
-
allowed_internal_uris
is passed to the library as a configuration. It replaces theGitlab.config
insideUrlBlocker
.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Furkan Ayhan