Maven packages upload: read parameters from UploadedFile

🔥 Problem

File uploads are processed by Workhorse which will then send them to the rails backend.

When sending the request to the Rails backend, it will send the set of parameters of the uploaded file(s) twice:

As body params
As a JWT Token

In gitlab-workhorse!490 (merged), the rails backend has been modified to build the UploadedFile solely out of (2.).

#324873 has been opened to remove (1.).

The problem is that we can still have endpoints that read some parameters from (1.). It is the case for the maven packages (here): the rails backend reads the fingerprints out of (1.).

🚒 Solution

Update UploadedFile to host all fingerprints when reading (2.).
Update the Maven packages API to read the fingerprints out of the UploadedFile.

Depending on the complexity of the change, a feature flag might be needed.

🔮 Other considerations

This change should have 0 impact on user facing features (eg. the maven uploads will work as they work today).

However, this change will unlock the path for #324873: stop setting (1.) in workhorse.

Edited Jun 23, 2022 by David Fernandez