Don't redact Markdown documents that don't contain private information

Currently our Markdown pipeline more or less works as follows:

1. Render the Markdown to HTML, store the result in a database column
2. The next time we want to get this data, just get the HTML instead of the Markdown
3. Parse the HTML string into an HTML document
4. Redact the document
5. Serialize the document back to a String

In most cases a document won't contain any information that has to be redacted (e.g. a link to a private issue). If we were to store some kind of boolean (e.g. has_private_references) for every field we could change the setup to the following:

1. Render Markdown to HTML, cache it
2. On the next request, if has_private_references is false we just display the HTML string as-is, without parsing
3. If it's true, parse and redact

This could cut down response timings of most issues/merge requests by quite a bit. One caveat is that if you refer to a public resource (e.g. an issue), which is then made private, the link will stay visible. However, since the resource was public to begin with I don't think this is a very big issue.

cc @DouweM @rspeicher

Is the problem parsing the HTML, processing that document, or both? I don't see parsing times in https://performance.gitlab.net/dashboard/db/rails-controllers?from=now-3h&to=now&orgId=1&var-action=Projects::IssuesController%23show&var-database=Production but maybe that's not instrumented?

From http://profiler.gitlap.com/20170322/db710a0d-f501-47d5-a398-a1d64db74349.html.gz (loading GitLab CE issue 1), we see:

• 9.4% time spent redacting the HTML
• 7.9% time spent rendering the notes (5% of this spent loading ActiveRecord models, 2% converting this to HTML)

Most of the redaction time (7%) is due to loading ActiveRecord models just to filter objects to which the user doesn't have access. I wonder if we can skip that and filter by IDs.

mentioned in issue #30852 (moved)

@stanhu thanks, that's useful. However, it's only for one issue. I'm curious about how this looks on aggregate. Issue #1 (closed) is not like most issues, and I'm not even sure what most issues look like

moved to gitlab#9258

Hey!

GitLab is moving all development for both GitLab Community Edition and Enterprise Edition into a single codebase. The current gitlab-ce repository will become a read-only mirror, without any proprietary code. All development is moved to the current gitlab-ee repository, which we will rename to just gitlab in the coming weeks. As part of this migration, issues will be moved to the current gitlab-ee project.

If you have any questions about all of this, please ask them in our dedicated FAQ issue.

https://gitlab.com/gitlab-org/gitlab-ee/issues/13855

You can also find more information here:

• https://gitlab.com/gitlab-org/gitlab-ee/issues/13304
• https://about.gitlab.com/2019/08/23/a-single-codebase-for-gitlab-community-and-enterprise-edition/

Frequently Asked Questions

For an up to date list of questions and answers, please take a look at https://gitlab.com/gitlab-org/gitlab-ee/issues/13855

What will we do with the repository names?

https://gitlab.com/gitlab-org/gitlab-ee/ will become https://gitlab.com/gitlab-org/gitlab, and https://gitlab.com/gitlab-org/gitlab-ce will become https://gitlab.com/gitlab-org/gitlab-foss.

Why rename gitlab-ce to gitlab-foss?

Using "gitlab" and "gitlab-ce" would be confusing, so we decided to rename gitlab-ce to gitlab-foss to make the purpose of this FOSS repository more clear

I created a merge requests for CE, and this got closed. What do I need to do?

You will need to create a merge request at https://gitlab.com/gitlab-org/gitlab-ee/. This link will eventually redirect to https://gitlab.com/gitlab-org/gitlab.

How does the licensing work in this new setup?

Everything in the ee/ directory is proprietary. Everything else is free and open source software. If your merge request does not change anything in the ee/ directory, the process of contributing changes is the same as when using the gitlab-ce repository.

Will you accept merge requests on the gitlab-ce/gitlab-foss project after it has been renamed?

No. Merge requests submitted to this project will be closed automatically.

Will I still be able to view old issues and merge requests in gitlab-ce/gitlab-foss?

Yes.

How will this affect users of GitLab CE using Omnibus?

No changes will be necessary, as the packages built remain the same.

How will this affect users of GitLab CE that build from source?

Once the project has been renamed, you will need to change your Git remotes to use this new URL. GitLab will take care of redirecting Git operations so there is no hard deadline, but we recommend doing this as soon as the projects have been renamed.

Where can I see a timeline of the remaining steps?

https://gitlab.com/gitlab-org/gitlab-ee/issues/13304

Will community contributions submitted to the new "gitlab" repository be available in the new gitlab-foss repository?

Yes, these changes will be synced to gitlab-foss automatically, several times per day.

locked this issue