| Age | Commit message (Collapse) | Author |
|---|
|
and fix offences
|
|
refactor: make internal/lru and internal/ratelimiter metrics optional
Closes #647
See merge request gitlab-org/gitlab-pages!606
|
|
|
|
don't expose default values and keep them private.
|
|
Some parts of the application may be vulnerable to very long URIs being passed.
E.g. Auth will try to save URI to session cookie, and it will fails, which will result in 500 error
Changelog: fixed
|
|
|
|
|
|
Changelog: added
|
|
|
|
|
|
It gets the source IP from `r.RemoteAddr` or from the `X-Forwarded-For`
header for proxied requests (when `--listen-proxy` is enabled).
The first iteration will only report logs and metrics when an IP is
being rate limited.
The rate limiter uses a Token Bucket approach using
golang.org/x/time/rate, which can be configured with the newly added
flags `rate-limit-source-ip` and `rate-limit-source-ip-burst`.
To enable the rate limiter, set `rate-limit-source-ip` to value > 1,
which is the number of requests per second to allow. It is enabled by
default in "dry-run" mode so requests won't be dropped until the
environment variable
`FF_ENABLE_RATE_LIMITER` is set to `"true"`.
See metrics.go for the newly added metrics.
Changelog: added
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changelog: removed
|
|
Changelog: changed
|
|
Update the auth package to use the internal server
when fetching access token or checking for authentication.
Changelog: changed
|
|
|
|
|
|
|
|
|
|
|
|
listendAndServe as a function
|
|
|
|
|
|
|
|
Return disk disabled error
Remove useLegacyStorage leftovers
Fix run process
|
|
Add a domain context to domain config retrieval error
Closes #506
See merge request gitlab-org/gitlab-pages!468
|
|
|
|
Uses the `internal/config/` client inside the `internal/source/gitlab/`
package which makes it easier to extend the configuration.
This is an iteration of https://gitlab.com/gitlab-org/gitlab-pages/-/issues/543.
Changelog: other
|
|
|
|
|
|
|
|
Signed-off-by: Balasankar "Balu" C <balasankarc@autistici.org>
|
|
Signed-off-by: Balasankar "Balu" C <balasankarc@autistici.org>
|
|
Changelog: changed
Signed-off-by: Balasankar "Balu" C <balasankarc@autistici.org>
|
|
As discussed within https://gitlab.com/gitlab-org/gitlab-pages/-/issues/510 this
MR adds the usage of labkit's correlationID middleware.
It uses a similar approach to the implemantion in gitlab-workhorse.
Fixes https://gitlab.com/gitlab-org/gitlab-pages/-/issues/510
:tools: with :heart: at Siemens
Changelog: fixed
|
|
This MR makes required authentication permission scope for
Pages configurable.
By default, Pages will use `api` scope to authenticate with
Pages Application registered on GitLab.
With this MR, the scope is configurable and can be set to `read_api`
by providing the `auth-scope` variable in the arguments or in
the `gitlab-pages.conf`
/label ~security
Changelog: added
|
|
Moves the http.Client initialization inside the `httprange` package to
the zip VFS. This makes the type `Resource` depend on an http.Client
that needs to be passed on initialization.
It also makes the zip VFS initialize the client. It's possible to
reconfigure it to register a file protocol by calling vfs.Reconfigure
explicitly.
|
|
Return domain not found
Returns ErrDomainDoesNotExist when the lookup path
cannot be found for a specific project.
Closes https://gitlab.com/gitlab-org/gitlab-pages/issues/353
Return ErrDomainDoesNotExist in group resolver
|
|
Fix imports and enable test
|
|
Define ErrDomainDoesNotExist in the domain package so it can be returned
by the Resolver and handled appropriatley.
|
|
|
|
Add AES GCM encryption/decryption to auth
Add signing key to Auth
Abstract key generation and Auth init to their own funcs.
Cleanup and DRY unit tests.
Use same code parameter in auth redirect
Cleanup auth and add tests for enc/dec oauth code
Add acceptance test for fix
Apply suggestion from review
Add missing test and apply feedback
Fix unit test
Simplify acceptance test
|
|
|
|
Add todo to reconfigure other vfs
|
|
|
