Add documentation, secure routes, etc

author: Andrew Newdigate <andrew@gitlab.com> 2018-11-01 20:20:34 +0300
committer: Andrew Newdigate <andrew@gitlab.com> 2018-11-01 20:20:34 +0300
commit: 847c81b755b6b4146eb3fa3d5912f3d573739bd1 (patch)
tree: c9e2ee76ea0fc3d383b4649e855cb4b39c760731 /app/controllers
parent: 83dc8f1c666419434a23e467508061b6897fdfb6 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/app/controllers/chaos_controller.rb b/app/controllers/chaos_controller.rb
index bdb99995532..6593b748130 100644
--- a/app/controllers/chaos_controller.rb
+++ b/app/controllers/chaos_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class ChaosController < ActionController::Base
+  before_action :validate_request
+
   def leakmem
     memory_mb = params[:memory_mb] ? params[:memory_mb].to_i : 100
     retainer = []
@@ -29,4 +31,15 @@ class ChaosController < ActionController::Base
     Process.kill("KILL", Process.pid)
   end
 
+  private
+
+  def validate_request
+    secret = ENV['GITLAB_CHAOS_SECRET']
+    return unless secret
+
+    unless request.headers["HTTP_X_CHAOS_SECRET"] == secret
+      render text: "To experience chaos, please set X-Chaos-Secret header", content_type: 'text/plain', status: 401
+    end
+  end
+
 end
author	Andrew Newdigate <andrew@gitlab.com>	2018-11-01 20:20:34 +0300
committer	Andrew Newdigate <andrew@gitlab.com>	2018-11-01 20:20:34 +0300
commit	847c81b755b6b4146eb3fa3d5912f3d573739bd1 (patch)
tree	c9e2ee76ea0fc3d383b4649e855cb4b39c760731 /app/controllers
parent	83dc8f1c666419434a23e467508061b6897fdfb6 (diff)