Branch: refs/heads/master
Home: https://github.com/openSUSE/open-build-service
Commit: 690d68231d1f5fddb1c702861d23d2e2b59044cb
https://github.com/openSUSE/open-build-service/commit/690d68231d1f5fddb1c702...
Author: Henne Vogelsang
Date: 2020-07-06 (Mon, 06 Jul 2020)
Changed paths:
M src/api/app/controllers/webui/package_controller.rb
Log Message:
-----------
Require auth for binary action
Displaying information about a binary is a rather expensive backend
action that we should not allow for anonymous users.
We just had a case of a (bad) spider taking too many resources by
querying all binaries of a distribution. If someone needs this
information they can get it from the repository/binary data on the
mirrors.
Commit: b8938ed058342e5360c30bec9e088e70e7e3d81b
https://github.com/openSUSE/open-build-service/commit/b8938ed058342e5360c30b...
Author: Henne Vogelsang
Date: 2020-07-06 (Mon, 06 Jul 2020)
Changed paths:
M src/api/app/controllers/webui/package_controller.rb
Log Message:
-----------
Remove superflous action
There is no commit action
Commit: 182b360cbfdc5d0e87d844499137df9801c0c933
https://github.com/openSUSE/open-build-service/commit/182b360cbfdc5d0e87d844...
Author: Henne Vogelsang
Date: 2020-07-06 (Mon, 06 Jul 2020)
Changed paths:
M src/api/app/controllers/webui/package_controller.rb
M src/api/app/views/webui/package/revisions.html.haml
Log Message:
-----------
Require auth to look at unpaginated revisions
To show all revisions of a package can be a very expensive operation.
We just had a case of a (bad) spider taking too many resources by
querying all revisions of all packages of a distribution. If someone
needs this information they can get it from the paginated views.
Commit: 68046d76f33297893469430d681a3552ca5a7058
https://github.com/openSUSE/open-build-service/commit/68046d76f3329789346943...
Author: Henne Vogelsang
Date: 2020-07-06 (Mon, 06 Jul 2020)
Changed paths:
M src/api/app/controllers/webui/package_controller.rb
M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_an_empty_revision_is_provided/1_9_2_1.yml
M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_an_empty_revision_is_provided/1_9_2_2.yml
M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_no_difference_in_sources_diff_is_empty/1_9_1_1.yml
M src/api/spec/controllers/webui/package_controller_spec.rb
Log Message:
-----------
Require auth to generate/look at diffs
The rdiff action is basically a frontend to get the backend to generate
diffs between arbitrary packages.
We just had a case of a (bad) spider taking too many resources by
querying all diffs for all revisions of large packages.
Co-authored-by: Victor Pereira
Commit: fe21bb8b545708feb86d9766070533a76b3e85f5
https://github.com/openSUSE/open-build-service/commit/fe21bb8b545708feb86d97...
Author: Victor Pereira
Date: 2020-07-06 (Mon, 06 Jul 2020)
Changed paths:
M src/api/app/controllers/webui/package_controller.rb
M src/api/app/views/webui/package/revisions.html.haml
M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_an_empty_revision_is_provided/1_9_2_1.yml
M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_an_empty_revision_is_provided/1_9_2_2.yml
M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_no_difference_in_sources_diff_is_empty/1_9_1_1.yml
M src/api/spec/controllers/webui/package_controller_spec.rb
Log Message:
-----------
Merge pull request #9881 from hennevogel/bugfix/9876
Auth changes for expensive package actions
Compare: https://github.com/openSUSE/open-build-service/compare/c3fc0b313e6b...fe21bb...