diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-01-06 09:10:35 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-01-06 09:10:35 +0300 |
commit | 25ceb3dc1c387950d777b71aabde00849d4c7bf9 (patch) | |
tree | 755188dc8d772ad10fb52f6eaa75a499ee15325a /lib/gitlab/mail_room | |
parent | 0fbe2f816ecef98003377154b479d350f13597d7 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/mail_room')
-rw-r--r-- | lib/gitlab/mail_room/authenticator.rb | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/lib/gitlab/mail_room/authenticator.rb b/lib/gitlab/mail_room/authenticator.rb new file mode 100644 index 00000000000..26ebdca8beb --- /dev/null +++ b/lib/gitlab/mail_room/authenticator.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +module Gitlab + module MailRoom + class Authenticator + include JwtAuthenticatable + + SecretConfigurationError = Class.new(StandardError) + INTERNAL_API_REQUEST_HEADER = 'Gitlab-Mailroom-Api-Request' + INTERNAL_API_REQUEST_JWT_ISSUER = 'gitlab-mailroom' + + # Only allow token generated within the last 5 minutes + EXPIRATION = 5.minutes + + class << self + def verify_api_request(request_headers, mailbox_type) + mailbox_type = mailbox_type.to_sym + return false if enabled_configs[mailbox_type].blank? + + decode_jwt( + request_headers[INTERNAL_API_REQUEST_HEADER], + secret(mailbox_type), + issuer: INTERNAL_API_REQUEST_JWT_ISSUER, iat_after: Time.current - EXPIRATION + ) + rescue JWT::DecodeError => e + ::Gitlab::AppLogger.warn("Fail to decode MailRoom JWT token: #{e.message}") if Rails.env.development? + + false + end + + def secret(mailbox_type) + strong_memoize("jwt_secret_#{mailbox_type}".to_sym) do + secret_path = enabled_configs[mailbox_type][:secret_file] + raise SecretConfigurationError, "#{mailbox_type}'s secret_file configuration is missing" if secret_path.blank? + + begin + read_secret(secret_path) + rescue StandardError => e + raise SecretConfigurationError, "Fail to read #{mailbox_type}'s secret: #{e.message}" + end + end + end + + def enabled_configs + Gitlab::MailRoom.enabled_configs + end + end + end + end +end |