Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/application_controller.rb12
-rw-r--r--app/controllers/graphql_controller.rb14
2 files changed, 19 insertions, 7 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5f14d95ffed..379da90827a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -29,7 +29,6 @@ class ApplicationController < ActionController::Base
before_action :validate_user_service_ticket!
before_action :check_password_expiration, if: :html_request?
before_action :ldap_security_check
- around_action :sentry_context
before_action :default_headers
before_action :default_cache_headers
before_action :add_gon_variables, if: :html_request?
@@ -171,7 +170,12 @@ class ApplicationController < ActionController::Base
end
def log_exception(exception)
- Gitlab::ErrorTracking.track_exception(exception)
+ # At this point, the controller already exits set_current_context around
+ # block. To maintain the context while handling error exception, we need to
+ # set the context again
+ set_current_context do
+ Gitlab::ErrorTracking.track_exception(exception)
+ end
backtrace_cleaner = request.env["action_dispatch.backtrace_cleaner"]
application_trace = ActionDispatch::ExceptionWrapper.new(backtrace_cleaner, exception).application_trace
@@ -528,10 +532,6 @@ class ApplicationController < ActionController::Base
.execute
end
- def sentry_context(&block)
- Gitlab::ErrorTracking.with_context(current_user, &block)
- end
-
def allow_gitaly_ref_name_caching
::Gitlab::GitalyClient.allow_ref_name_caching do
yield
diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb
index 152f07b4c16..53064041ab8 100644
--- a/app/controllers/graphql_controller.rb
+++ b/app/controllers/graphql_controller.rb
@@ -4,6 +4,8 @@ class GraphqlController < ApplicationController
# Unauthenticated users have access to the API for public data
skip_before_action :authenticate_user!
+ WHITELIST_HEADER = 'HTTP_X_GITLAB_QUERY_WHITELIST_ISSUE'
+
# If a user is using their session to access GraphQL, we need to have session
# storage, since the admin-mode check is session wide.
# We can't enable this for anonymous users because that would cause users using
@@ -21,6 +23,7 @@ class GraphqlController < ApplicationController
before_action(only: [:execute]) { authenticate_sessionless_user!(:api) }
before_action :set_user_last_activity
before_action :track_vs_code_usage
+ before_action :whitelist_query!
# Since we deactivate authentication from the main ApplicationController and
# defer it to :authorize_access_api!, we need to override the bypass session
@@ -59,6 +62,14 @@ class GraphqlController < ApplicationController
private
+ # Tests may mark some queries as exempt from query limits
+ def whitelist_query!
+ whitelist_issue = request.headers[WHITELIST_HEADER]
+ return unless whitelist_issue
+
+ Gitlab::QueryLimiting.whitelist(whitelist_issue)
+ end
+
def set_user_last_activity
return unless current_user
@@ -66,7 +77,8 @@ class GraphqlController < ApplicationController
end
def track_vs_code_usage
- Gitlab::UsageDataCounters::VSCodeExtensionActivityUniqueCounter.track_api_request_when_trackable(user_agent: request.user_agent, user: current_user)
+ Gitlab::UsageDataCounters::VSCodeExtensionActivityUniqueCounter
+ .track_api_request_when_trackable(user_agent: request.user_agent, user: current_user)
end
def execute_multiplex
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-06 22:41:02 +0300