diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-19 10:33:21 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-19 10:33:21 +0300 |
commit | 36a59d088eca61b834191dacea009677a96c052f (patch) | |
tree | e4f33972dab5d8ef79e3944a9f403035fceea43f /app/controllers/repositories | |
parent | a1761f15ec2cae7c7f7bbda39a75494add0dfd6f (diff) |
Add latest changes from gitlab-org/gitlab@15-0-stable-eev15.0.0-rc42
Diffstat (limited to 'app/controllers/repositories')
-rw-r--r-- | app/controllers/repositories/lfs_storage_controller.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/app/controllers/repositories/lfs_storage_controller.rb b/app/controllers/repositories/lfs_storage_controller.rb index 252b604dcb0..d54b51b463a 100644 --- a/app/controllers/repositories/lfs_storage_controller.rb +++ b/app/controllers/repositories/lfs_storage_controller.rb @@ -6,6 +6,8 @@ module Repositories include WorkhorseRequest include SendFileUpload + InvalidUploadedFile = Class.new(StandardError) + skip_before_action :verify_workhorse_api!, only: :download # added here as a part of the refactor, will be removed @@ -44,6 +46,8 @@ module Repositories end def upload_finalize + validate_uploaded_file! + if store_file!(oid, size) head 200, content_type: LfsRequest::CONTENT_TYPE else @@ -55,6 +59,8 @@ module Repositories render_lfs_forbidden rescue ObjectStorage::RemoteStoreError render_lfs_forbidden + rescue InvalidUploadedFile + render plain: 'SHA256 or size mismatch', status: :bad_request end private @@ -117,5 +123,13 @@ module Repositories lfs_object: object ) end + + def validate_uploaded_file! + return unless uploaded_file + + if size != uploaded_file.size || oid != uploaded_file.sha256 + raise InvalidUploadedFile + end + end end end |