diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-17 14:33:21 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-17 14:33:21 +0300 |
| commit | 7021455bd1ed7b125c55eb1b33c5a01f2bc55ee0 (patch) | |
| tree | 5bdc2229f5198d516781f8d24eace62fc7e589e9 /app/uploaders | |
| parent | 185b095e93520f96e9cfc31d9c3e69b498cdab7c (diff) | |
Add latest changes from gitlab-org/gitlab@15-6-stable-eev15.6.0-rc42
Diffstat (limited to 'app/uploaders')
| -rw-r--r-- | app/uploaders/object_storage/cdn.rb | 10 | ||||
| -rw-r--r-- | app/uploaders/object_storage/cdn/google_cdn.rb | 18 |
2 files changed, 17 insertions, 11 deletions
diff --git a/app/uploaders/object_storage/cdn.rb b/app/uploaders/object_storage/cdn.rb index e49e2780147..8c9ee8682f4 100644 --- a/app/uploaders/object_storage/cdn.rb +++ b/app/uploaders/object_storage/cdn.rb @@ -12,9 +12,9 @@ module ObjectStorage UrlResult = Struct.new(:url, :used_cdn) - def cdn_enabled_url(project, ip_address) - if Feature.enabled?(:ci_job_artifacts_cdn, project) && use_cdn?(ip_address) - UrlResult.new(cdn_signed_url, true) + def cdn_enabled_url(ip_address, params = {}) + if use_cdn?(ip_address) + UrlResult.new(cdn_signed_url(params), true) else UrlResult.new(url, false) end @@ -27,8 +27,8 @@ module ObjectStorage cdn_provider.use_cdn?(request_ip) end - def cdn_signed_url - cdn_provider&.signed_url(path) + def cdn_signed_url(params = {}) + cdn_provider&.signed_url(path, params: params) end private diff --git a/app/uploaders/object_storage/cdn/google_cdn.rb b/app/uploaders/object_storage/cdn/google_cdn.rb index 91bad1f8d6b..f1fe62e9db3 100644 --- a/app/uploaders/object_storage/cdn/google_cdn.rb +++ b/app/uploaders/object_storage/cdn/google_cdn.rb @@ -24,18 +24,24 @@ module ObjectStorage !GoogleIpCache.google_ip?(request_ip) end - def signed_url(path, expiry: 10.minutes) + def signed_url(path, expiry: 10.minutes, params: {}) expiration = (Time.current + expiry).utc.to_i uri = Addressable::URI.parse(cdn_url) uri.path = path - uri.query = "Expires=#{expiration}&KeyName=#{key_name}" - - signature = OpenSSL::HMAC.digest('SHA1', decoded_key, uri.to_s) + # Use an Array to preserve order: Google CDN needs to have + # Expires, KeyName, and Signature in that order or it will return a 403 error: + # https://cloud.google.com/cdn/docs/troubleshooting-steps#signing + query_params = params.to_a + query_params << ['Expires', expiration] + query_params << ['KeyName', key_name] + uri.query_values = query_params + + unsigned_url = uri.to_s + signature = OpenSSL::HMAC.digest('SHA1', decoded_key, unsigned_url) encoded_signature = Base64.urlsafe_encode64(signature) - uri.query += "&Signature=#{encoded_signature}" - uri.to_s + "#{unsigned_url}&Signature=#{encoded_signature}" end private |