Skip to content

Allow snippets to be publically accessible in a secure way

Matthias Käppler requested to merge github/fork/gtmtechltd/master into master

Created by: gtmtech

Even though snippets have a "raw" button/function, they do not function quite as well as gists, because requesting a snippet via the raw URL, still requires authentication.

To solve this, and add gist-like access functionality to snippets, on creation (and rake:migrate) a unique md5 hashcode is assigned to a snippet, which lasts throughout its lifetime. Any user who happens to know the md5 hashcode can view the snippet at any time without authentication through the URL /public/snippets/HASHCODE. This is the mechanism that gists implement, whereby any public user by knowing the hashcode may access an otherwise private gist. This is very useful to keep something basically secure and private, but allow external mechanisms to interface with the snippet.

EXAMPLE OF USE:

Using this new functionality, it is now possible to have scripts in snippets, which update overtime and can be referenced by external mechanisms. For example:

curl http://gitlabserver/public/snippets/HASHCODE | bash -s arg1 arg2 arg3

as part of an install process.

Merge request reports

Loading