Add filepath redirect url for Release assets
What does this MR do?
With this change we will allow receipt of urls made up of the project + tag + arbitrary filepath to the actual url stored for a link.
This is complicated by the fact that tags may have or or 1 embedded slashes, and the filepath may have any number of embedded slashes.
Existing Routes
be rake routes | grep project_release | awk '{ print $1, $2, $3, $4 }'
evidence_namespace_project_release GET /*namespace_id/:project_id/-/releases/:tag/evidence(.:format) projects/releases#evidence
namespace_project_releases GET /*namespace_id/:project_id/-/releases(.:format) projects/releases#index
edit_namespace_project_release GET /*namespace_id/:project_id/-/releases/:tag/edit(.:format) projects/releases#edit
namespace_project_release GET /*namespace_id/:project_id/-/releases/:tag(.:format) projects/releases#show
Example possible combinations
No embedded slashes
- tag:
v11.9.0-rc2
- filepath:
/gitlab-runner-linux-amd64.dmg
- filepath_redirect_url:
https://gitlab.com/namespace/project/releases/v11.9.0-rc2/gitlab-runner-linux-amd64.dmg
Embedded slash in tag
- tag:
v11.9.0/rc2
- filepath:
/gitlab-runner-linux-amd64.dmg
- filepath_redirect_url:
https://gitlab.com/namespace/project/releases/v11.9.0/rc2/gitlab-runner-linux-amd64.dmg
Embedded slashes in filepath
- tag:
v11.9.0-rc2
- filepath:
/binaries/v2/gitlab-runner-linux-amd64.dmg
- filepath_redirect_url:
https://gitlab.com/namespace/project/releases/v11.9.0-rc2/binaries/v2/gitlab-runner-linux-amd64.dmg
Embedded slashes in both
- tag:
v11.9.0/rc2
- filepath:
/binaries/v2/gitlab-runner-linux-amd64.dmg
- filepath_redirect_url:
https://gitlab.com/namespace/project/releases/v11.9.0/rc2/binaries/v2/gitlab-runner-linux-amd64.dmg
Filepath rules
- No embedded double slashes
//
or colons:
allowed - single embedded
/
is allowed - Embedded
-
,_
,.
are allowed as single or multiple - Filepath must begin with a slash
- Filepath much end with a number or letter
- Filepath must be a valid url fragment
- UTF-8 (accented) characters are not allowed
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation - will be handed in it's own MR
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Part of #27300 (closed)
Edited by Sean Carroll