diff options
Diffstat (limited to 'lib/api/internal')
-rw-r--r-- | lib/api/internal/base.rb | 4 | ||||
-rw-r--r-- | lib/api/internal/kubernetes.rb | 2 | ||||
-rw-r--r-- | lib/api/internal/mail_room.rb | 51 |
3 files changed, 56 insertions, 1 deletions
diff --git a/lib/api/internal/base.rb b/lib/api/internal/base.rb index d8e39d089e4..48157a91477 100644 --- a/lib/api/internal/base.rb +++ b/lib/api/internal/base.rb @@ -43,6 +43,10 @@ module API # This is a separate method so that EE can alter its behaviour more # easily. + if Feature.enabled?(:rate_limit_gitlab_shell, default_enabled: :yaml) + check_rate_limit!(:gitlab_shell_operation, scope: [params[:action], params[:project], actor.key_or_user]) + end + # Stores some Git-specific env thread-safely env = parse_env Gitlab::Git::HookEnv.set(gl_repository, env) if container diff --git a/lib/api/internal/kubernetes.rb b/lib/api/internal/kubernetes.rb index f3974236fe3..3977da4bda4 100644 --- a/lib/api/internal/kubernetes.rb +++ b/lib/api/internal/kubernetes.rb @@ -53,7 +53,7 @@ module API def check_agent_token unauthorized! unless agent_token - agent_token.track_usage + Clusters::AgentTokens::TrackUsageService.new(agent_token).execute end end diff --git a/lib/api/internal/mail_room.rb b/lib/api/internal/mail_room.rb new file mode 100644 index 00000000000..6e24cf6e7c5 --- /dev/null +++ b/lib/api/internal/mail_room.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: true + +module API + # This internal endpoint receives webhooks sent from the MailRoom component. + # This component constantly listens to configured email accounts. When it + # finds any incoming email or service desk email, it makes a POST request to + # this endpoint. The target mailbox type is indicated in the request path. + # The email raw content is attached to the request body. + # + # For more information, please visit https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/644 + module Internal + class MailRoom < ::API::Base + feature_category :service_desk + + before do + authenticate_gitlab_mailroom_request! + end + + helpers do + def authenticate_gitlab_mailroom_request! + unauthorized! unless Gitlab::MailRoom::Authenticator.verify_api_request(headers, params[:mailbox_type]) + end + end + + namespace 'internal' do + namespace 'mail_room' do + params do + requires :mailbox_type, type: String, + desc: 'The destination mailbox type configuration. Must either be incoming_email or service_desk_email' + end + post "/*mailbox_type" do + worker = Gitlab::MailRoom.worker_for(params[:mailbox_type]) + raw = request.body.read + begin + worker.perform_async(raw) + rescue Gitlab::SidekiqMiddleware::SizeLimiter::ExceedLimitError + receiver = Gitlab::Email::Receiver.new(raw) + reason = Gitlab::Email::FailureHandler.handle(receiver, Gitlab::Email::EmailTooLarge.new) + + status 400 + break { success: false, message: reason } + end + + status 200 + { success: true } + end + end + end + end + end +end |