Skip to content

Fix redirect loop in Gitea rate limit

James Nuttrequested to merge
jnutt/569047-gitea-infinite-redirect into master

What does this MR do and why?

Fix redirect loop in Gitea rate limit

The current implementation applies a rate limit to the status endpoint, to limit the number of times per minute we can fetch the repository list from Gitea.

This MR complements the rate limit by caching the response from Gitea and only applying the rate limit when no stored value is found in the cache.

This fixes the infinite redirect issue and provides a better experience for the end user.

Changelog: fixed

References

#569047

How to set up and validate locally

Initial setup

  1. Set up a local Gitea instance with a cloneable project.
  2. Apply the following diff to make it easier to see when the cache is hit/miss, and when the rate limit applies.
diff 
diff --git a/app/controllers/import/gitea_controller.rb b/app/controllers/import/gitea_controller.rb
index 6bd72add7e0f..0fef87493dae 100644
--- a/app/controllers/import/gitea_controller.rb
+++ b/app/controllers/import/gitea_controller.rb
@@ -4,7 +4,15 @@ class Import::GiteaController < Import::GithubController
   extend ::Gitlab::Utils::Override
 
   before_action -> { check_rate_limit!(:gitea_import, scope: current_user) },
-    only: :status, if: -> { cached_provider_repos.nil? }
+    only: :status, if: -> do
+      no_cache = cached_provider_repos.nil?
+      if no_cache
+        Rails.logger.warn "GITEA: no cached data, applying rate limit"
+      else
+        Rails.logger.warn "GITEA: found cached data, skipping rate limit"
+      end
+      no_cache
+    end
   before_action :verify_blocked_uri, only: :status
 
   def new
@@ -128,6 +136,7 @@ def serialized_provider_repos
     # We convert the resulting object to JSON to make it safe to cache, but
     # return the parsed object from this method.
     cached_json = Rails.cache.fetch(provider_repos_cache_key, expires_in: 1.minute) do
+      Rails.logger.warn "GITEA: cache miss, hitting gitea"
       super.to_json
     end
     Gitlab::Json.parse(cached_json)

Testing imports

  1. Perform some Gitea imports.
  2. Verify that the real-time status updates work.
  3. Verify that project is successfully imported.

Testing the cache

  1. Visit http://gdk.test:3000/import/gitea/status.
  2. Enter your URL and Gitea access token.
  3. Your Gitea projects should be visible.
  4. Create a new repository in Gitea and immediately refresh http://gdk.test:3000/import/gitea/status.
  5. Your new Gitea projects should NOT be visible.
  6. Refresh http://gdk.test:3000/import/gitea/status again a minute later.
  7. Your new Gitea projects should be visible.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by James Nutt

Merge request reports