Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/uploaders/ci/secure_file_uploader.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/uploaders/ci/secure_file_uploader.rb')
-rw-r--r--app/uploaders/ci/secure_file_uploader.rb46
1 files changed, 46 insertions, 0 deletions
diff --git a/app/uploaders/ci/secure_file_uploader.rb b/app/uploaders/ci/secure_file_uploader.rb
new file mode 100644
index 00000000000..514d88dd177
--- /dev/null
+++ b/app/uploaders/ci/secure_file_uploader.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Ci
+ class SecureFileUploader < GitlabUploader
+ include ObjectStorage::Concern
+
+ storage_options Gitlab.config.ci_secure_files
+
+ # Use Lockbox to encrypt/decrypt the stored file (registers CarrierWave callbacks)
+ encrypt(key: :key)
+
+ def key
+ OpenSSL::HMAC.digest('SHA256', Gitlab::Application.secrets.db_key_base, model.project_id.to_s)
+ end
+
+ def checksum
+ @checksum ||= Digest::SHA256.hexdigest(model.file.read)
+ end
+
+ def store_dir
+ dynamic_segment
+ end
+
+ private
+
+ def dynamic_segment
+ Gitlab::HashedPath.new('secure_files', model.id, root_hash: model.project_id)
+ end
+
+ class << self
+ # direct upload is disabled since the file
+ # must always be encrypted
+ def direct_upload_enabled?
+ false
+ end
+
+ def background_upload_enabled?
+ false
+ end
+
+ def default_store
+ object_store_enabled? ? ObjectStorage::Store::REMOTE : ObjectStorage::Store::LOCAL
+ end
+ end
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 22:42:40 +0300