1# frozen_string_literal: true 2require_relative 'boot' 3 4# Based on https://github.com/rails/rails/blob/v6.0.1/railties/lib/rails/all.rb 5# Only load the railties we need instead of loading everything 6require 'rails' 7 8require 'active_record/railtie' 9require 'action_controller/railtie' 10require 'action_view/railtie' 11require 'action_mailer/railtie' 12require 'action_cable/engine' 13require 'rails/test_unit/railtie' 14 15Bundler.require(*Rails.groups) 16 17module Gitlab 18 class Application < Rails::Application 19 config.load_defaults 6.1 20 21 # This section contains configuration from Rails upgrades to override the new defaults so that we 22 # keep existing behavior. 23 # 24 # For boolean values, the new default is the opposite of the value being set in this section. 25 # For other types, the new default is noted in the comments. These are also documented in 26 # https://guides.rubyonrails.org/configuring.html#results-of-config-load-defaults 27 # 28 # To switch a setting to the new default value, we just need to delete the specific line here. 29 30 # Rails 6.1 31 config.action_dispatch.cookies_same_site_protection = nil # New default is :lax 32 ActiveSupport.utc_to_local_returns_utc_offset_times = false 33 config.action_controller.urlsafe_csrf_tokens = false 34 config.action_view.preload_links_header = false 35 36 # Rails 5.2 37 config.action_dispatch.use_authenticated_cookie_encryption = false 38 config.active_support.use_authenticated_message_encryption = false 39 config.active_support.hash_digest_class = ::Digest::MD5 # New default is ::Digest::SHA1 40 config.action_controller.default_protect_from_forgery = false 41 config.action_view.form_with_generates_ids = false 42 43 # Rails 5.1 44 config.assets.unknown_asset_fallback = true 45 46 # Rails 5.0 47 config.action_controller.per_form_csrf_tokens = false 48 config.action_controller.forgery_protection_origin_check = false 49 ActiveSupport.to_time_preserves_timezone = false 50 51 require_dependency Rails.root.join('lib/gitlab') 52 require_dependency Rails.root.join('lib/gitlab/utils') 53 require_dependency Rails.root.join('lib/gitlab/action_cable/config') 54 require_dependency Rails.root.join('lib/gitlab/redis/wrapper') 55 require_dependency Rails.root.join('lib/gitlab/redis/cache') 56 require_dependency Rails.root.join('lib/gitlab/redis/queues') 57 require_dependency Rails.root.join('lib/gitlab/redis/shared_state') 58 require_dependency Rails.root.join('lib/gitlab/redis/trace_chunks') 59 require_dependency Rails.root.join('lib/gitlab/redis/rate_limiting') 60 require_dependency Rails.root.join('lib/gitlab/redis/sessions') 61 require_dependency Rails.root.join('lib/gitlab/current_settings') 62 require_dependency Rails.root.join('lib/gitlab/middleware/read_only') 63 require_dependency Rails.root.join('lib/gitlab/middleware/compressed_json') 64 require_dependency Rails.root.join('lib/gitlab/middleware/basic_health_check') 65 require_dependency Rails.root.join('lib/gitlab/middleware/same_site_cookies') 66 require_dependency Rails.root.join('lib/gitlab/middleware/handle_ip_spoof_attack_error') 67 require_dependency Rails.root.join('lib/gitlab/middleware/handle_malformed_strings') 68 require_dependency Rails.root.join('lib/gitlab/middleware/rack_multipart_tempfile_factory') 69 require_dependency Rails.root.join('lib/gitlab/runtime') 70 require_dependency Rails.root.join('lib/gitlab/patch/legacy_database_config') 71 72 # To be removed in 15.0 73 # This preload is needed to convert legacy `database.yml` 74 # from `production: adapter: postgresql` 75 # into a `production: main: adapter: postgresql` 76 unless Gitlab::Utils.to_boolean(ENV['SKIP_DATABASE_CONFIG_VALIDATION'], default: false) 77 config.class.prepend(::Gitlab::Patch::LegacyDatabaseConfig) 78 end 79 80 # Settings in config/environments/* take precedence over those specified here. 81 # Application configuration should go into files in config/initializers 82 # -- all .rb files in that directory are automatically loaded. 83 84 # Sidekiq uses eager loading, but directories not in the standard Rails 85 # directories must be added to the eager load paths: 86 # https://github.com/mperham/sidekiq/wiki/FAQ#why-doesnt-sidekiq-autoload-my-rails-application-code 87 # Also, there is no need to add `lib` to autoload_paths since autoloading is 88 # configured to check for eager loaded paths: 89 # https://github.com/rails/rails/blob/v4.2.6/railties/lib/rails/engine.rb#L687 90 # This is a nice reference article on autoloading/eager loading: 91 # http://blog.arkency.com/2014/11/dont-forget-about-eager-load-when-extending-autoload 92 config.eager_load_paths.push(*%W[#{config.root}/lib 93 #{config.root}/app/models/badges 94 #{config.root}/app/models/hooks 95 #{config.root}/app/models/members 96 #{config.root}/app/models/project_services 97 #{config.root}/app/graphql/resolvers/concerns 98 #{config.root}/app/graphql/mutations/concerns 99 #{config.root}/app/graphql/types/concerns]) 100 101 config.generators.templates.push("#{config.root}/generator_templates") 102 103 foss_eager_load_paths = config.eager_load_paths.dup.freeze 104 load_paths = lambda do |dir:| 105 ext_paths = foss_eager_load_paths.each_with_object([]) do |path, memo| 106 ext_path = config.root.join(dir, Pathname.new(path).relative_path_from(config.root)) 107 memo << ext_path.to_s 108 end 109 110 ext_paths << "#{config.root}/#{dir}/app/replicators" 111 112 # Eager load should load CE first 113 config.eager_load_paths.push(*ext_paths) 114 config.helpers_paths.push "#{config.root}/#{dir}/app/helpers" 115 116 # Other than Ruby modules we load extensions first 117 config.paths['lib/tasks'].unshift "#{config.root}/#{dir}/lib/tasks" 118 config.paths['app/views'].unshift "#{config.root}/#{dir}/app/views" 119 end 120 121 Gitlab.ee do 122 load_paths.call(dir: 'ee') 123 end 124 125 Gitlab.jh do 126 load_paths.call(dir: 'jh') 127 end 128 129 # Rake tasks ignore the eager loading settings, so we need to set the 130 # autoload paths explicitly 131 config.autoload_paths = config.eager_load_paths.dup 132 133 # These are only used in Rake tasks so we don't need to add these to eager_load_paths 134 config.autoload_paths.push("#{config.root}/lib/generators") 135 Gitlab.ee { config.autoload_paths.push("#{config.root}/ee/lib/generators") } 136 Gitlab.jh { config.autoload_paths.push("#{config.root}/jh/lib/generators") } 137 138 # Only load the plugins named here, in the order given (default is alphabetical). 139 # :all can be used as a placeholder for all plugins not explicitly named. 140 # config.plugins = [ :exception_notification, :ssl_requirement, :all ] 141 142 # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. 143 # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] 144 # config.i18n.default_locale = :de 145 config.i18n.enforce_available_locales = false 146 147 # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 148 # the I18n.default_locale when a translation can not be found). 149 # We have to explicitly set default locale since 1.1.0 - see: 150 # https://github.com/svenfuchs/i18n/pull/415 151 config.i18n.fallbacks = [:en] 152 153 # Translation for AR attrs is not working well for POROs like WikiPage 154 config.gettext_i18n_rails.use_for_active_record_attributes = false 155 156 # Configure the default encoding used in templates for Ruby 1.9. 157 config.encoding = "utf-8" 158 159 # Configure sensitive parameters which will be filtered from the log file. 160 # 161 # Parameters filtered: 162 # - Any parameter ending with `token` 163 # - Any parameter containing `password` 164 # - Any parameter containing `secret` 165 # - Any parameter ending with `key` 166 # - Two-factor tokens (:otp_attempt) 167 # - Repo/Project Import URLs (:import_url) 168 # - Build traces (:trace) 169 # - Build variables (:variables) 170 # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key) 171 # - Webhook URLs (:hook) 172 # - Sentry DSN (:sentry_dsn) 173 # - File content from Web Editor (:content) 174 # - Jira shared secret (:sharedSecret) 175 # - Titles, bodies, and descriptions for notes, issues, etc. 176 # 177 # NOTE: It is **IMPORTANT** to also update labkit's filter when 178 # adding parameters here to not introduce another security 179 # vulnerability: 180 # https://gitlab.com/gitlab-org/labkit/blob/master/mask/matchers.go 181 config.filter_parameters += [ 182 /token$/, 183 /password/, 184 /secret/, 185 /key$/, 186 /^body$/, 187 /^description$/, 188 /^note$/, 189 /^text$/, 190 /^title$/, 191 /^hook$/ 192 ] 193 config.filter_parameters += %i( 194 certificate 195 encrypted_key 196 import_url 197 elasticsearch_url 198 elasticsearch_password 199 search 200 jwt 201 mailgun_signing_key 202 otp_attempt 203 sentry_dsn 204 trace 205 variables 206 content 207 sharedSecret 208 ) 209 210 # Enable escaping HTML in JSON. 211 config.active_support.escape_html_entities_in_json = true 212 213 # Use SQL instead of Active Record's schema dumper when creating the database. 214 # This is necessary if your schema can't be completely dumped by the schema dumper, 215 # like if you have constraints or database-specific column types 216 config.active_record.schema_format = :sql 217 218 # Dump all DB schemas even if schema_search_path is defined, 219 # so that we get the same db/structure.sql 220 # regardless if schema_search_path is set, or not. 221 config.active_record.dump_schemas = :all 222 223 # Override default Active Record settings 224 # We cannot do this in an initializer because some models are already loaded by then 225 config.active_record.cache_versioning = false 226 config.active_record.collection_cache_versioning = false 227 config.active_record.has_many_inversing = false 228 config.active_record.belongs_to_required_by_default = false 229 230 # Enable the asset pipeline 231 config.assets.enabled = true 232 233 # Support legacy unicode file named img emojis, `1F939.png` 234 config.assets.paths << TanukiEmoji.images_path 235 config.assets.paths << "#{config.root}/vendor/assets/fonts" 236 237 config.assets.precompile << "application_utilities.css" 238 config.assets.precompile << "application_utilities_dark.css" 239 config.assets.precompile << "application_dark.css" 240 241 config.assets.precompile << "startup/*.css" 242 243 config.assets.precompile << "print.css" 244 config.assets.precompile << "mailer.css" 245 config.assets.precompile << "mailer_client_specific.css" 246 config.assets.precompile << "notify.css" 247 config.assets.precompile << "mailers/*.css" 248 config.assets.precompile << "page_bundles/_mixins_and_variables_and_functions.css" 249 config.assets.precompile << "page_bundles/admin/application_settings_metrics_and_profiling.css" 250 config.assets.precompile << "page_bundles/admin/jobs_index.css" 251 config.assets.precompile << "page_bundles/alert_management_details.css" 252 config.assets.precompile << "page_bundles/alert_management_settings.css" 253 config.assets.precompile << "page_bundles/boards.css" 254 config.assets.precompile << "page_bundles/build.css" 255 config.assets.precompile << "page_bundles/ci_status.css" 256 config.assets.precompile << "page_bundles/cycle_analytics.css" 257 config.assets.precompile << "page_bundles/dev_ops_reports.css" 258 config.assets.precompile << "page_bundles/environments.css" 259 config.assets.precompile << "page_bundles/epics.css" 260 config.assets.precompile << "page_bundles/error_tracking_details.css" 261 config.assets.precompile << "page_bundles/error_tracking_index.css" 262 config.assets.precompile << "page_bundles/group.css" 263 config.assets.precompile << "page_bundles/ide.css" 264 config.assets.precompile << "page_bundles/import.css" 265 config.assets.precompile << "page_bundles/incident_management_list.css" 266 config.assets.precompile << "page_bundles/issues_list.css" 267 config.assets.precompile << "page_bundles/jira_connect.css" 268 config.assets.precompile << "page_bundles/jira_connect_users.css" 269 config.assets.precompile << "page_bundles/learn_gitlab.css" 270 config.assets.precompile << "page_bundles/marketing_popover.css" 271 config.assets.precompile << "page_bundles/members.css" 272 config.assets.precompile << "page_bundles/merge_conflicts.css" 273 config.assets.precompile << "page_bundles/merge_requests.css" 274 config.assets.precompile << "page_bundles/milestone.css" 275 config.assets.precompile << "page_bundles/new_namespace.css" 276 config.assets.precompile << "page_bundles/oncall_schedules.css" 277 config.assets.precompile << "page_bundles/escalation_policies.css" 278 config.assets.precompile << "page_bundles/pipeline.css" 279 config.assets.precompile << "page_bundles/pipeline_schedules.css" 280 config.assets.precompile << "page_bundles/pipelines.css" 281 config.assets.precompile << "page_bundles/productivity_analytics.css" 282 config.assets.precompile << "page_bundles/profile_two_factor_auth.css" 283 config.assets.precompile << "page_bundles/project.css" 284 config.assets.precompile << "page_bundles/reports.css" 285 config.assets.precompile << "page_bundles/roadmap.css" 286 config.assets.precompile << "page_bundles/security_dashboard.css" 287 config.assets.precompile << "page_bundles/security_discover.css" 288 config.assets.precompile << "page_bundles/signup.css" 289 config.assets.precompile << "page_bundles/terminal.css" 290 config.assets.precompile << "page_bundles/terms.css" 291 config.assets.precompile << "page_bundles/todos.css" 292 config.assets.precompile << "page_bundles/wiki.css" 293 config.assets.precompile << "page_bundles/xterm.css" 294 config.assets.precompile << "lazy_bundles/cropper.css" 295 config.assets.precompile << "lazy_bundles/select2.css" 296 config.assets.precompile << "performance_bar.css" 297 config.assets.precompile << "disable_animations.css" 298 config.assets.precompile << "test_environment.css" 299 config.assets.precompile << "snippets.css" 300 config.assets.precompile << "locale/**/app.js" 301 config.assets.precompile << "emoji_sprites.css" 302 config.assets.precompile << "errors.css" 303 config.assets.precompile << "jira_connect.js" 304 305 config.assets.precompile << "themes/*.css" 306 307 config.assets.precompile << "highlight/themes/*.css" 308 309 # Import gitlab-svgs directly from vendored directory 310 config.assets.paths << "#{config.root}/node_modules/@gitlab/svgs/dist" 311 config.assets.precompile << "icons.svg" 312 config.assets.precompile << "icons.json" 313 config.assets.precompile << "illustrations/*.svg" 314 315 # Import css for xterm 316 config.assets.paths << "#{config.root}/node_modules/xterm/src/" 317 config.assets.precompile << "xterm.css" 318 319 # Import path for EE specific SCSS entry point 320 # In CE it will import a noop file, in EE a functioning file 321 # Order is important, so that the ee file takes precedence: 322 config.assets.paths << "#{config.root}/jh/app/assets/stylesheets/_jh" if Gitlab.jh? 323 config.assets.paths << "#{config.root}/ee/app/assets/stylesheets/_ee" if Gitlab.ee? 324 config.assets.paths << "#{config.root}/app/assets/stylesheets/_jh" 325 config.assets.paths << "#{config.root}/app/assets/stylesheets/_ee" 326 327 config.assets.paths << "#{config.root}/vendor/assets/javascripts/" 328 config.assets.precompile << "snowplow/sp.js" 329 330 # This path must come last to avoid confusing sprockets 331 # See https://gitlab.com/gitlab-org/gitlab-foss/issues/64091#note_194512508 332 config.assets.paths << "#{config.root}/node_modules" 333 334 # Version of your assets, change this if you want to expire all your assets 335 config.assets.version = '1.0' 336 337 # Nokogiri is significantly faster and uses less memory than REXML 338 ActiveSupport::XmlMini.backend = 'Nokogiri' 339 340 # This middleware needs to precede ActiveRecord::QueryCache and other middlewares that 341 # connect to the database. 342 config.middleware.insert_after Rails::Rack::Logger, ::Gitlab::Middleware::BasicHealthCheck 343 344 config.middleware.insert_after Warden::Manager, Rack::Attack 345 346 config.middleware.insert_before ActionDispatch::Cookies, ::Gitlab::Middleware::SameSiteCookies 347 348 config.middleware.insert_before ActionDispatch::RemoteIp, ::Gitlab::Middleware::HandleIpSpoofAttackError 349 350 config.middleware.insert_after ActionDispatch::ActionableExceptions, ::Gitlab::Middleware::HandleMalformedStrings 351 352 config.middleware.insert_after Rack::Sendfile, ::Gitlab::Middleware::RackMultipartTempfileFactory 353 354 config.middleware.insert_before Rack::Runtime, ::Gitlab::Middleware::CompressedJson 355 356 # Allow access to GitLab API from other domains 357 config.middleware.insert_before Warden::Manager, Rack::Cors do 358 headers_to_expose = %w[Link X-Total X-Total-Pages X-Per-Page X-Page X-Next-Page X-Prev-Page X-Gitlab-Blob-Id X-Gitlab-Commit-Id X-Gitlab-Content-Sha256 X-Gitlab-Encoding X-Gitlab-File-Name X-Gitlab-File-Path X-Gitlab-Last-Commit-Id X-Gitlab-Ref X-Gitlab-Size] 359 360 allow do 361 origins Gitlab.config.gitlab.url 362 resource '/api/*', 363 credentials: true, 364 headers: :any, 365 methods: :any, 366 expose: headers_to_expose 367 end 368 369 # Cross-origin requests must not have the session cookie available 370 allow do 371 origins '*' 372 resource '/api/*', 373 credentials: false, 374 headers: :any, 375 methods: :any, 376 expose: headers_to_expose 377 end 378 379 # Cross-origin requests must be enabled for the Authorization code with PKCE OAuth flow when used from a browser. 380 %w(/oauth/token /oauth/revoke).each do |oauth_path| 381 allow do 382 origins '*' 383 resource oauth_path, 384 headers: %w(Authorization), 385 credentials: false, 386 methods: %i(post) 387 end 388 end 389 390 # These are routes from doorkeeper-openid_connect: 391 # https://github.com/doorkeeper-gem/doorkeeper-openid_connect#routes 392 allow do 393 origins '*' 394 resource '/oauth/userinfo', 395 headers: %w(Authorization), 396 credentials: false, 397 methods: %i(get head post) 398 end 399 400 %w(/oauth/discovery/keys /.well-known/openid-configuration /.well-known/webfinger).each do |openid_path| 401 allow do 402 origins '*' 403 resource openid_path, 404 credentials: false, 405 methods: %i(get head) 406 end 407 end 408 end 409 410 # Use caching across all environments 411 config.cache_store = :redis_cache_store, Gitlab::Redis::Cache.active_support_config 412 413 config.active_job.queue_adapter = :sidekiq 414 config.active_job.logger = nil 415 config.action_mailer.deliver_later_queue_name = :mailers 416 417 # This is needed for gitlab-shell 418 ENV['GITLAB_PATH_OUTSIDE_HOOK'] = ENV['PATH'] 419 ENV['GIT_TERMINAL_PROMPT'] = '0' 420 421 # GitLab Read-only middleware support 422 config.middleware.insert_after ActionDispatch::Flash, ::Gitlab::Middleware::ReadOnly 423 424 config.generators do |g| 425 g.factory_bot false 426 end 427 428 # sprocket-rails adds some precompile assets we actually do not need. 429 # 430 # It copies all _non_ js and CSS files from the app/assets/ older. 431 # 432 # In our case this copies for example: Vue, Markdown and Graphql, which we do not need 433 # for production. 434 # 435 # We remove this default behavior and then reimplement it in order to consider ee/ as well 436 # and remove those other files we do not need. 437 # 438 # For reference: https://github.com/rails/sprockets-rails/blob/v3.2.1/lib/sprockets/railtie.rb#L84-L87 439 initializer :correct_precompile_targets, after: :set_default_precompile do |app| 440 app.config.assets.precompile.reject! { |entry| entry == Sprockets::Railtie::LOOSE_APP_ASSETS } 441 442 # if two files in assets are named the same, it'll likely resolve to the normal app/assets version. 443 # See https://gitlab.com/gitlab-jh/gitlab/-/merge_requests/27#note_609101582 for more details 444 asset_roots = [] 445 446 if Gitlab.jh? 447 asset_roots << config.root.join("jh/app/assets").to_s 448 end 449 450 asset_roots << config.root.join("app/assets").to_s 451 452 if Gitlab.ee? 453 asset_roots << config.root.join("ee/app/assets").to_s 454 end 455 456 LOOSE_APP_ASSETS = lambda do |logical_path, filename| 457 filename.start_with?(*asset_roots) && 458 !['.js', '.css', '.md', '.vue', '.graphql', ''].include?(File.extname(logical_path)) 459 end 460 461 app.config.assets.precompile << LOOSE_APP_ASSETS 462 end 463 464 # This empty initializer forces the :let_zeitwerk_take_over initializer to run before we load 465 # initializers in config/initializers. This is done because autoloading before Zeitwerk takes 466 # over is deprecated but our initializers do a lot of autoloading. 467 # See https://gitlab.com/gitlab-org/gitlab/issues/197346 for more details 468 initializer :move_initializers, before: :load_config_initializers, after: :let_zeitwerk_take_over do 469 end 470 471 # We need this for initializers that need to be run before Zeitwerk is loaded 472 initializer :before_zeitwerk, before: :let_zeitwerk_take_over, after: :prepend_helpers_path do 473 Dir[Rails.root.join('config/initializers_before_autoloader/*.rb')].sort.each do |initializer| 474 load_config_initializer(initializer) 475 end 476 end 477 478 # Load JH initializers under JH. Load ordering is: 479 # 1. prepend_helpers_path 480 # 2. before_zeitwerk 481 # 3. let_zeitwerk_take_over 482 # 4. move_initializers 483 # 5. load_config_initializers 484 # 6. load_jh_config_initializers 485 Gitlab.jh do 486 initializer :load_jh_config_initializers, after: :load_config_initializers do 487 Dir[Rails.root.join('jh/config/initializers/*.rb')].sort.each do |initializer| 488 load_config_initializer(initializer) 489 end 490 end 491 end 492 493 # Add assets for variants of GitLab. They should take precedence over CE. 494 # This means if multiple files exist, e.g.: 495 # 496 # jh/app/assets/stylesheets/example.scss 497 # ee/app/assets/stylesheets/example.scss 498 # app/assets/stylesheets/example.scss 499 # 500 # The jh/ version will be preferred. 501 initializer :prefer_specialized_assets, after: :append_assets_path do |app| 502 Gitlab.extensions.each do |extension| 503 %w[images javascripts stylesheets].each do |path| 504 app.config.assets.paths.unshift("#{config.root}/#{extension}/app/assets/#{path}") 505 end 506 end 507 end 508 end 509end 510