diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-16 21:11:53 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-16 21:11:53 +0300 |
commit | 889bf7a0eea1f4ac7c2ec28cdfded399c0ca8fb9 (patch) | |
tree | bc2f4d2b049c6bcf4d57cef67c43599c8a6ec888 /app/controllers/graphql_controller.rb | |
parent | dad48b4af20204db430a6c62c4641283e24dd89a (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/graphql_controller.rb')
-rw-r--r-- | app/controllers/graphql_controller.rb | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb index 53064041ab8..f24750243fc 100644 --- a/app/controllers/graphql_controller.rb +++ b/app/controllers/graphql_controller.rb @@ -4,7 +4,8 @@ class GraphqlController < ApplicationController # Unauthenticated users have access to the API for public data skip_before_action :authenticate_user! - WHITELIST_HEADER = 'HTTP_X_GITLAB_QUERY_WHITELIST_ISSUE' + # Header can be passed by tests to disable SQL query limits. + DISABLE_SQL_QUERY_LIMIT_HEADER = 'HTTP_X_GITLAB_DISABLE_SQL_QUERY_LIMIT' # If a user is using their session to access GraphQL, we need to have session # storage, since the admin-mode check is session wide. @@ -23,7 +24,7 @@ class GraphqlController < ApplicationController before_action(only: [:execute]) { authenticate_sessionless_user!(:api) } before_action :set_user_last_activity before_action :track_vs_code_usage - before_action :whitelist_query! + before_action :disable_query_limiting # Since we deactivate authentication from the main ApplicationController and # defer it to :authorize_access_api!, we need to override the bypass session @@ -62,12 +63,14 @@ class GraphqlController < ApplicationController private - # Tests may mark some queries as exempt from query limits - def whitelist_query! - whitelist_issue = request.headers[WHITELIST_HEADER] - return unless whitelist_issue + # Tests may mark some GraphQL queries as exempt from SQL query limits + def disable_query_limiting + return unless Gitlab::QueryLimiting.enabled_for_env? - Gitlab::QueryLimiting.whitelist(whitelist_issue) + disable_issue = request.headers[DISABLE_SQL_QUERY_LIMIT_HEADER] + return unless disable_issue + + Gitlab::QueryLimiting.disable!(disable_issue) end def set_user_last_activity |