Skip to content

Reduce impact of malformed project lookups through API

Extracted from: https://gitlab.com/gitlab-org/gitlab-ce/issues/45193#note_67677321

How "cheap" are 404s? Lots of invalid requests to /api/v4/projects/:id ala https://gitlab.com/gitlab-com/infrastructure/issues/4006 seem to be putting more pressure on the database than they should?

If I'm reading the documentation right, we allow two formats:

  1. Integer ID
  2. URL-encoded path of the project: namespace/project

Per https://gitlab.com/gitlab-com/infrastructure/issues/4006#note_67666426, an example for a 404 is a call to /api/v4/projects/undefined where undefined is neither an integer nor matches the required format.

The proposal here is to detect situations where we won't find a corresponding project for the given :id. Specifically, if the value doesn't match the required format, we can shortcut and return 404.

The aim is to reduce the load on the database by not looking up values that we know are not correct (and thus do not exist).