|
|
|
// Copyright 2015 The Gogs Authors. All rights reserved.
|
|
|
|
// Copyright 2016 The Gitea Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a MIT-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
// Package v1 Gitea API.
|
|
|
|
//
|
|
|
|
// This documentation describes the Gitea API.
|
|
|
|
//
|
|
|
|
// Schemes: http, https
|
|
|
|
// BasePath: /api/v1
|
|
|
|
// Version: {{AppVer | JSEscape | Safe}}
|
|
|
|
// License: MIT http://opensource.org/licenses/MIT
|
|
|
|
//
|
|
|
|
// Consumes:
|
|
|
|
// - application/json
|
|
|
|
// - text/plain
|
|
|
|
//
|
|
|
|
// Produces:
|
|
|
|
// - application/json
|
|
|
|
// - text/html
|
|
|
|
//
|
|
|
|
// Security:
|
|
|
|
// - BasicAuth :
|
|
|
|
// - Token :
|
|
|
|
// - AccessToken :
|
|
|
|
// - AuthorizationHeaderToken :
|
|
|
|
// - SudoParam :
|
|
|
|
// - SudoHeader :
|
|
|
|
// - TOTPHeader :
|
|
|
|
//
|
|
|
|
// SecurityDefinitions:
|
|
|
|
// BasicAuth:
|
|
|
|
// type: basic
|
|
|
|
// Token:
|
|
|
|
// type: apiKey
|
|
|
|
// name: token
|
|
|
|
// in: query
|
|
|
|
// AccessToken:
|
|
|
|
// type: apiKey
|
|
|
|
// name: access_token
|
|
|
|
// in: query
|
|
|
|
// AuthorizationHeaderToken:
|
|
|
|
// type: apiKey
|
|
|
|
// name: Authorization
|
|
|
|
// in: header
|
|
|
|
// description: API tokens must be prepended with "token" followed by a space.
|
|
|
|
// SudoParam:
|
|
|
|
// type: apiKey
|
|
|
|
// name: sudo
|
|
|
|
// in: query
|
|
|
|
// description: Sudo API request as the user provided as the key. Admin privileges are required.
|
|
|
|
// SudoHeader:
|
|
|
|
// type: apiKey
|
|
|
|
// name: Sudo
|
|
|
|
// in: header
|
|
|
|
// description: Sudo API request as the user provided as the key. Admin privileges are required.
|
|
|
|
// TOTPHeader:
|
|
|
|
// type: apiKey
|
|
|
|
// name: X-GITEA-OTP
|
|
|
|
// in: header
|
|
|
|
// description: Must be used in combination with BasicAuth if two-factor authentication is enabled.
|
|
|
|
//
|
|
|
|
// swagger:meta
|
|
|
|
package v1
|
|
|
|
|
|
|
|
import (
|
|
|
|
gocontext "context"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"reflect"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"code.gitea.io/gitea/models/organization"
|
|
|
|
"code.gitea.io/gitea/models/perm"
|
|
|
|
access_model "code.gitea.io/gitea/models/perm/access"
|
|
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
|
|
|
"code.gitea.io/gitea/models/unit"
|
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
|
|
"code.gitea.io/gitea/modules/context"
|
|
|
|
"code.gitea.io/gitea/modules/log"
|
|
|
|
"code.gitea.io/gitea/modules/setting"
|
|
|
|
api "code.gitea.io/gitea/modules/structs"
|
|
|
|
"code.gitea.io/gitea/modules/web"
|
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
3 years ago
|
|
|
"code.gitea.io/gitea/routers/api/v1/activitypub"
|
|
|
|
"code.gitea.io/gitea/routers/api/v1/admin"
|
|
|
|
"code.gitea.io/gitea/routers/api/v1/misc"
|
|
|
|
"code.gitea.io/gitea/routers/api/v1/notify"
|
|
|
|
"code.gitea.io/gitea/routers/api/v1/org"
|
|
|
|
"code.gitea.io/gitea/routers/api/v1/packages"
|
|
|
|
"code.gitea.io/gitea/routers/api/v1/repo"
|
|
|
|
"code.gitea.io/gitea/routers/api/v1/settings"
|
|
|
|
"code.gitea.io/gitea/routers/api/v1/user"
|
|
|
|
"code.gitea.io/gitea/services/auth"
|
|
|
|
context_service "code.gitea.io/gitea/services/context"
|
|
|
|
"code.gitea.io/gitea/services/forms"
|
|
|
|
|
|
|
|
_ "code.gitea.io/gitea/routers/api/v1/swagger" // for swagger generation
|
|
|
|
|
|
|
|
"gitea.com/go-chi/binding"
|
|
|
|
"github.com/go-chi/cors"
|
|
|
|
)
|
|
|
|
|
|
|
|
func sudo() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
sudo := ctx.FormString("sudo")
|
|
|
|
if len(sudo) == 0 {
|
|
|
|
sudo = ctx.Req.Header.Get("Sudo")
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(sudo) > 0 {
|
|
|
|
if ctx.IsSigned && ctx.Doer.IsAdmin {
|
|
|
|
user, err := user_model.GetUserByName(ctx, sudo)
|
|
|
|
if err != nil {
|
|
|
|
if user_model.IsErrUserNotExist(err) {
|
|
|
|
ctx.NotFound()
|
|
|
|
} else {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
log.Trace("Sudo from (%s) to: %s", ctx.Doer.Name, user.Name)
|
|
|
|
ctx.Doer = user
|
|
|
|
} else {
|
|
|
|
ctx.JSON(http.StatusForbidden, map[string]string{
|
|
|
|
"message": "Only administrators allowed to sudo.",
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func repoAssignment() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
userName := ctx.Params("username")
|
|
|
|
repoName := ctx.Params("reponame")
|
|
|
|
|
|
|
|
var (
|
|
|
|
owner *user_model.User
|
|
|
|
err error
|
|
|
|
)
|
|
|
|
|
|
|
|
// Check if the user is the same as the repository owner.
|
|
|
|
if ctx.IsSigned && ctx.Doer.LowerName == strings.ToLower(userName) {
|
|
|
|
owner = ctx.Doer
|
|
|
|
} else {
|
|
|
|
owner, err = user_model.GetUserByName(ctx, userName)
|
|
|
|
if err != nil {
|
|
|
|
if user_model.IsErrUserNotExist(err) {
|
|
|
|
if redirectUserID, err := user_model.LookupUserRedirect(userName); err == nil {
|
|
|
|
context.RedirectToUser(ctx.Context, userName, redirectUserID)
|
|
|
|
} else if user_model.IsErrUserRedirectNotExist(err) {
|
|
|
|
ctx.NotFound("GetUserByName", err)
|
|
|
|
} else {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "LookupUserRedirect", err)
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ctx.Repo.Owner = owner
|
|
|
|
ctx.ContextUser = owner
|
|
|
|
|
|
|
|
// Get repository.
|
|
|
|
repo, err := repo_model.GetRepositoryByName(owner.ID, repoName)
|
|
|
|
if err != nil {
|
|
|
|
if repo_model.IsErrRepoNotExist(err) {
|
|
|
|
redirectRepoID, err := repo_model.LookupRedirect(owner.ID, repoName)
|
|
|
|
if err == nil {
|
|
|
|
context.RedirectToRepo(ctx.Context, redirectRepoID)
|
|
|
|
} else if repo_model.IsErrRedirectNotExist(err) {
|
|
|
|
ctx.NotFound()
|
|
|
|
} else {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "LookupRepoRedirect", err)
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "GetRepositoryByName", err)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
repo.Owner = owner
|
|
|
|
ctx.Repo.Repository = repo
|
|
|
|
|
|
|
|
ctx.Repo.Permission, err = access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
|
|
|
|
if err != nil {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if !ctx.Repo.HasAccess() {
|
|
|
|
ctx.NotFound()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if ctx.Package.AccessMode < accessMode && !ctx.IsUserSiteAdmin() {
|
|
|
|
ctx.Error(http.StatusForbidden, "reqPackageAccess", "user should have specific permission or be a site admin")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Contexter middleware already checks token for user sign in process.
|
|
|
|
func reqToken() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if true == ctx.Data["IsApiToken"] {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if ctx.Context.IsBasicAuth {
|
|
|
|
ctx.CheckForOTP()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if ctx.IsSigned {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Error(http.StatusUnauthorized, "reqToken", "token is required")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func reqExploreSignIn() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if setting.Service.Explore.RequireSigninView && !ctx.IsSigned {
|
|
|
|
ctx.Error(http.StatusUnauthorized, "reqExploreSignIn", "you must be signed in to search for users")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func reqBasicAuth() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if !ctx.Context.IsBasicAuth {
|
|
|
|
ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "auth required")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.CheckForOTP()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqSiteAdmin user should be the site admin
|
|
|
|
func reqSiteAdmin() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if !ctx.IsUserSiteAdmin() {
|
|
|
|
ctx.Error(http.StatusForbidden, "reqSiteAdmin", "user should be the site admin")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqOwner user should be the owner of the repo or site admin.
|
|
|
|
func reqOwner() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if !ctx.IsUserRepoOwner() && !ctx.IsUserSiteAdmin() {
|
|
|
|
ctx.Error(http.StatusForbidden, "reqOwner", "user should be the owner of the repo")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqAdmin user should be an owner or a collaborator with admin write of a repository, or site admin
|
|
|
|
func reqAdmin() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
|
|
|
|
ctx.Error(http.StatusForbidden, "reqAdmin", "user should be an owner or a collaborator with admin write of a repository")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqRepoWriter user should have a permission to write to a repo, or be a site admin
|
|
|
|
func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if !ctx.IsUserRepoWriter(unitTypes) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
|
|
|
|
ctx.Error(http.StatusForbidden, "reqRepoWriter", "user should have a permission to write to a repo")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqRepoBranchWriter user should have a permission to write to a branch, or be a site admin
|
|
|
|
func reqRepoBranchWriter(ctx *context.APIContext) {
|
|
|
|
options, ok := web.GetForm(ctx).(api.FileOptionInterface)
|
|
|
|
if !ok || (!ctx.Repo.CanWriteToBranch(ctx.Doer, options.Branch()) && !ctx.IsUserSiteAdmin()) {
|
|
|
|
ctx.Error(http.StatusForbidden, "reqRepoBranchWriter", "user should have a permission to write to this branch")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqRepoReader user should have specific read permission or be a repo admin or a site admin
|
|
|
|
func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if !ctx.IsUserRepoReaderSpecific(unitType) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
|
|
|
|
ctx.Error(http.StatusForbidden, "reqRepoReader", "user should have specific read permission or be a repo admin or a site admin")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqAnyRepoReader user should have any permission to read repository or permissions of site admin
|
|
|
|
func reqAnyRepoReader() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if !ctx.IsUserRepoReaderAny() && !ctx.IsUserSiteAdmin() {
|
|
|
|
ctx.Error(http.StatusForbidden, "reqAnyRepoReader", "user should have any permission to read repository or permissions of site admin")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqOrgOwnership user should be an organization owner, or a site admin
|
|
|
|
func reqOrgOwnership() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if ctx.Context.IsUserSiteAdmin() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var orgID int64
|
|
|
|
if ctx.Org.Organization != nil {
|
|
|
|
orgID = ctx.Org.Organization.ID
|
|
|
|
} else if ctx.Org.Team != nil {
|
|
|
|
orgID = ctx.Org.Team.OrgID
|
|
|
|
} else {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "", "reqOrgOwnership: unprepared context")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
isOwner, err := organization.IsOrganizationOwner(ctx, orgID, ctx.Doer.ID)
|
|
|
|
if err != nil {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "IsOrganizationOwner", err)
|
|
|
|
return
|
|
|
|
} else if !isOwner {
|
|
|
|
if ctx.Org.Organization != nil {
|
|
|
|
ctx.Error(http.StatusForbidden, "", "Must be an organization owner")
|
|
|
|
} else {
|
|
|
|
ctx.NotFound()
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqTeamMembership user should be an team member, or a site admin
|
|
|
|
func reqTeamMembership() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if ctx.Context.IsUserSiteAdmin() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if ctx.Org.Team == nil {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "", "reqTeamMembership: unprepared context")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
orgID := ctx.Org.Team.OrgID
|
|
|
|
isOwner, err := organization.IsOrganizationOwner(ctx, orgID, ctx.Doer.ID)
|
|
|
|
if err != nil {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "IsOrganizationOwner", err)
|
|
|
|
return
|
|
|
|
} else if isOwner {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if isTeamMember, err := organization.IsTeamMember(ctx, orgID, ctx.Org.Team.ID, ctx.Doer.ID); err != nil {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "IsTeamMember", err)
|
|
|
|
return
|
|
|
|
} else if !isTeamMember {
|
|
|
|
isOrgMember, err := organization.IsOrganizationMember(ctx, orgID, ctx.Doer.ID)
|
|
|
|
if err != nil {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "IsOrganizationMember", err)
|
|
|
|
} else if isOrgMember {
|
|
|
|
ctx.Error(http.StatusForbidden, "", "Must be a team member")
|
|
|
|
} else {
|
|
|
|
ctx.NotFound()
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqOrgMembership user should be an organization member, or a site admin
|
|
|
|
func reqOrgMembership() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if ctx.Context.IsUserSiteAdmin() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var orgID int64
|
|
|
|
if ctx.Org.Organization != nil {
|
|
|
|
orgID = ctx.Org.Organization.ID
|
|
|
|
} else if ctx.Org.Team != nil {
|
|
|
|
orgID = ctx.Org.Team.OrgID
|
|
|
|
} else {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "", "reqOrgMembership: unprepared context")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if isMember, err := organization.IsOrganizationMember(ctx, orgID, ctx.Doer.ID); err != nil {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "IsOrganizationMember", err)
|
|
|
|
return
|
|
|
|
} else if !isMember {
|
|
|
|
if ctx.Org.Organization != nil {
|
|
|
|
ctx.Error(http.StatusForbidden, "", "Must be an organization member")
|
|
|
|
} else {
|
|
|
|
ctx.NotFound()
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func reqGitHook() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if !ctx.Doer.CanEditGitHook() {
|
|
|
|
ctx.Error(http.StatusForbidden, "", "must be allowed to edit Git hooks")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// reqWebhooksEnabled requires webhooks to be enabled by admin.
|
|
|
|
func reqWebhooksEnabled() func(ctx *context.APIContext) {
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
if setting.DisableWebhooks {
|
|
|
|
ctx.Error(http.StatusForbidden, "", "webhooks disabled by administrator")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func orgAssignment(args ...bool) func(ctx *context.APIContext) {
|
|
|
|
var (
|
|
|
|
assignOrg bool
|
|
|
|
assignTeam bool
|
|
|
|
)
|
|
|
|
if len(args) > 0 {
|
|
|
|
assignOrg = args[0]
|
|
|
|
}
|
|
|
|
if len(args) > 1 {
|
|
|
|
assignTeam = args[1]
|
|
|
|
}
|
|
|
|
return func(ctx *context.APIContext) {
|
|
|
|
ctx.Org = new(context.APIOrganization)
|
|
|
|
|
|
|
|
var err error
|
|
|
|
if assignOrg {
|
|
|
|
ctx.Org.Organization, err = organization.GetOrgByName(ctx.Params(":org"))
|
|
|
|
if err != nil {
|
|
|
|
if organization.IsErrOrgNotExist(err) {
|
|
|
|
redirectUserID, err := user_model.LookupUserRedirect(ctx.Params(":org"))
|
|
|
|
if err == nil {
|
|
|
|
context.RedirectToUser(ctx.Context, ctx.Params(":org"), redirectUserID)
|
|
|
|
} else if user_model.IsErrUserRedirectNotExist(err) {
|
|
|
|
ctx.NotFound("GetOrgByName", err)
|
|
|
|
} else {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "LookupUserRedirect", err)
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "GetOrgByName", err)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.ContextUser = ctx.Org.Organization.AsUser()
|
|
|
|
}
|
|
|
|
|
|
|
|
if assignTeam {
|
|
|
|
ctx.Org.Team, err = organization.GetTeamByID(ctx, ctx.ParamsInt64(":teamid"))
|
|
|
|
if err != nil {
|
|
|
|
if organization.IsErrTeamNotExist(err) {
|
|
|
|
ctx.NotFound()
|
|
|
|
} else {
|
|
|
|
ctx.Error(http.StatusInternalServerError, "GetTeamById", err)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustEnableIssues(ctx *context.APIContext) {
|
|
|
|
if !ctx.Repo.CanRead(unit.TypeIssues) {
|
|
|
|
if log.IsTrace() {
|
|
|
|
if ctx.IsSigned {
|
|
|
|
log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+
|
|
|
|
"User in Repo has Permissions: %-+v",
|
|
|
|
ctx.Doer,
|
|
|
|
unit.TypeIssues,
|
|
|
|
ctx.Repo.Repository,
|
|
|
|
ctx.Repo.Permission)
|
|
|
|
} else {
|
|
|
|
log.Trace("Permission Denied: Anonymous user cannot read %-v in Repo %-v\n"+
|
|
|
|
"Anonymous user in Repo has Permissions: %-+v",
|
|
|
|
unit.TypeIssues,
|
|
|
|
ctx.Repo.Repository,
|
|
|
|
ctx.Repo.Permission)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ctx.NotFound()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustAllowPulls(ctx *context.APIContext) {
|
|
|
|
if !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(unit.TypePullRequests)) {
|
|
|
|
if ctx.Repo.Repository.CanEnablePulls() && log.IsTrace() {
|
|
|
|
if ctx.IsSigned {
|
|
|
|
log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+
|
|
|
|
"User in Repo has Permissions: %-+v",
|
|
|
|
ctx.Doer,
|
|
|
|
unit.TypePullRequests,
|
|
|
|
ctx.Repo.Repository,
|
|
|
|
ctx.Repo.Permission)
|
|
|
|
} else {
|
|
|
|
log.Trace("Permission Denied: Anonymous user cannot read %-v in Repo %-v\n"+
|
|
|
|
"Anonymous user in Repo has Permissions: %-+v",
|
|
|
|
unit.TypePullRequests,
|
|
|
|
ctx.Repo.Repository,
|
|
|
|
ctx.Repo.Permission)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ctx.NotFound()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustEnableIssuesOrPulls(ctx *context.APIContext) {
|
|
|
|
if !ctx.Repo.CanRead(unit.TypeIssues) &&
|
|
|
|
!(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(unit.TypePullRequests)) {
|
|
|
|
if ctx.Repo.Repository.CanEnablePulls() && log.IsTrace() {
|
|
|
|
if ctx.IsSigned {
|
|
|
|
log.Trace("Permission Denied: User %-v cannot read %-v and %-v in Repo %-v\n"+
|
|
|
|
"User in Repo has Permissions: %-+v",
|
|
|
|
ctx.Doer,
|
|
|
|
unit.TypeIssues,
|
|
|
|
unit.TypePullRequests,
|
|
|
|
ctx.Repo.Repository,
|
|
|
|
ctx.Repo.Permission)
|
|
|
|
} else {
|
|
|
|
log.Trace("Permission Denied: Anonymous user cannot read %-v and %-v in Repo %-v\n"+
|
|
|
|
"Anonymous user in Repo has Permissions: %-+v",
|
|
|
|
unit.TypeIssues,
|
|
|
|
unit.TypePullRequests,
|
|
|
|
ctx.Repo.Repository,
|
|
|
|
ctx.Repo.Permission)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ctx.NotFound()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustEnableWiki(ctx *context.APIContext) {
|
|
|
|
if !(ctx.Repo.CanRead(unit.TypeWiki)) {
|
|
|
|
ctx.NotFound()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustNotBeArchived(ctx *context.APIContext) {
|
|
|
|
if ctx.Repo.Repository.IsArchived {
|
|
|
|
ctx.NotFound()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// bind binding an obj to a func(ctx *context.APIContext)
|
|
|
|
func bind(obj interface{}) http.HandlerFunc {
|
|
|
|
tp := reflect.TypeOf(obj)
|
|
|
|
for tp.Kind() == reflect.Ptr {
|
|
|
|
tp = tp.Elem()
|
|
|
|
}
|
|
|
|
return web.Wrap(func(ctx *context.APIContext) {
|
|
|
|
theObj := reflect.New(tp).Interface() // create a new form obj for every request but not use obj directly
|
|
|
|
errs := binding.Bind(ctx.Req, theObj)
|
|
|
|
if len(errs) > 0 {
|
|
|
|
ctx.Error(http.StatusUnprocessableEntity, "validationError", fmt.Sprintf("%s: %s", errs[0].FieldNames, errs[0].Error()))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
web.SetForm(ctx, theObj)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// The OAuth2 plugin is expected to be executed first, as it must ignore the user id stored
|
|
|
|
// in the session (if there is a user id stored in session other plugins might return the user
|
|
|
|
// object for that id).
|
|
|
|
//
|
|
|
|
// The Session plugin is expected to be executed second, in order to skip authentication
|
|
|
|
// for users that have already signed in.
|
|
|
|
func buildAuthGroup() *auth.Group {
|
|
|
|
group := auth.NewGroup(
|
|
|
|
&auth.OAuth2{},
|
|
|
|
&auth.HTTPSign{},
|
|
|
|
&auth.Basic{}, // FIXME: this should be removed once we don't allow basic auth in API
|
|
|
|
)
|
|
|
|
specialAdd(group)
|
|
|
|
|
|
|
|
return group
|
|
|
|
}
|
|
|
|
|
|
|
|
// Routes registers all v1 APIs routes to web application.
|
|
|
|
func Routes(ctx gocontext.Context) *web.Route {
|
|
|
|
m := web.NewRoute()
|
|
|
|
|
|
|
|
m.Use(securityHeaders())
|
|
|
|
if setting.CORSConfig.Enabled {
|
|
|
|
m.Use(cors.Handler(cors.Options{
|
|
|
|
// Scheme: setting.CORSConfig.Scheme, // FIXME: the cors middleware needs scheme option
|
|
|
|
AllowedOrigins: setting.CORSConfig.AllowDomain,
|
|
|
|
// setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
|
|
|
|
AllowedMethods: setting.CORSConfig.Methods,
|
|
|
|
AllowCredentials: setting.CORSConfig.AllowCredentials,
|
|
|
|
AllowedHeaders: []string{"Authorization", "X-Gitea-OTP"},
|
|
|
|
MaxAge: int(setting.CORSConfig.MaxAge.Seconds()),
|
|
|
|
}))
|
|
|
|
}
|
|
|
|
m.Use(context.APIContexter())
|
|
|
|
|
|
|
|
group := buildAuthGroup()
|
|
|
|
if err := group.Init(ctx); err != nil {
|
|
|
|
log.Error("Could not initialize '%s' auth method, error: %s", group.Name(), err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get user from session if logged in.
|
|
|
|
m.Use(context.APIAuth(group))
|
|
|
|
|
|
|
|
m.Use(context.ToggleAPI(&context.ToggleOptions{
|
|
|
|
SignInRequired: setting.Service.RequireSignInView,
|
|
|
|
}))
|
|
|
|
|
|
|
|
m.Group("", func() {
|
|
|
|
// Miscellaneous
|
|
|
|
if setting.API.EnableSwagger {
|
|
|
|
m.Get("/swagger", func(ctx *context.APIContext) {
|
|
|
|
ctx.Redirect(setting.AppSubURL + "/api/swagger")
|
|
|
|
})
|
|
|
|
}
|
|
|
|
m.Get("/version", misc.Version)
|
|
|
|
if setting.Federation.Enabled {
|
|
|
|
m.Get("/nodeinfo", misc.NodeInfo)
|
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
3 years ago
|
|
|
m.Group("/activitypub", func() {
|
|
|
|
m.Group("/user/{username}", func() {
|
|
|
|
m.Get("", activitypub.Person)
|
|
|
|
m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.PersonInbox)
|
|
|
|
}, context_service.UserAssignmentAPI())
|
|
|
|
})
|
|
|
|
}
|
|
|
|
m.Get("/signing-key.gpg", misc.SigningKey)
|
|
|
|
m.Post("/markdown", bind(api.MarkdownOption{}), misc.Markdown)
|
|
|
|
m.Post("/markdown/raw", misc.MarkdownRaw)
|
|
|
|
m.Group("/settings", func() {
|
|
|
|
m.Get("/ui", settings.GetGeneralUISettings)
|
|
|
|
m.Get("/api", settings.GetGeneralAPISettings)
|
|
|
|
m.Get("/attachment", settings.GetGeneralAttachmentSettings)
|
|
|
|
m.Get("/repository", settings.GetGeneralRepoSettings)
|
|
|
|
})
|
|
|
|
|
|
|
|
// Notifications
|
|
|
|
m.Group("/notifications", func() {
|
|
|
|
m.Combo("").
|
|
|
|
Get(notify.ListNotifications).
|
|
|
|
Put(notify.ReadNotifications)
|
|
|
|
m.Get("/new", notify.NewAvailable)
|
|
|
|
m.Combo("/threads/{id}").
|
|
|
|
Get(notify.GetThread).
|
|
|
|
Patch(notify.ReadThread)
|
|
|
|
}, reqToken())
|
|
|
|
|
|
|
|
// Users
|
|
|
|
m.Group("/users", func() {
|
|
|
|
m.Get("/search", reqExploreSignIn(), user.Search)
|
|
|
|
|
|
|
|
m.Group("/{username}", func() {
|
|
|
|
m.Get("", reqExploreSignIn(), user.GetInfo)
|
|
|
|
|
|
|
|
if setting.Service.EnableUserHeatmap {
|
|
|
|
m.Get("/heatmap", user.GetUserHeatmapData)
|
|
|
|
}
|
|
|
|
|
|
|
|
m.Get("/repos", reqExploreSignIn(), user.ListUserRepos)
|
|
|
|
m.Group("/tokens", func() {
|
|
|
|
m.Combo("").Get(user.ListAccessTokens).
|
|
|
|
Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)
|
|
|
|
m.Combo("/{id}").Delete(user.DeleteAccessToken)
|
|
|
|
}, reqBasicAuth())
|
|
|
|
}, context_service.UserAssignmentAPI())
|
|
|
|
})
|
|
|
|
|
|
|
|
m.Group("/users", func() {
|
|
|
|
m.Group("/{username}", func() {
|
|
|
|
m.Get("/keys", user.ListPublicKeys)
|
|
|
|
m.Get("/gpg_keys", user.ListGPGKeys)
|
|
|
|
|
|
|
|
m.Get("/followers", user.ListFollowers)
|
|
|
|
m.Group("/following", func() {
|
|
|
|
m.Get("", user.ListFollowing)
|
|
|
|
m.Get("/{target}", user.CheckFollowing)
|
|
|
|
})
|
|
|
|
|
|
|
|
m.Get("/starred", user.GetStarredRepos)
|
|
|
|
|
|
|
|
m.Get("/subscriptions", user.GetWatchedRepos)
|
|
|
|
}, context_service.UserAssignmentAPI())
|
|
|
|
}, reqToken())
|
|
|
|
|
|
|
|
m.Group("/user", func() {
|
|
|
|
m.Get("", user.GetAuthenticatedUser)
|
|
|
|
m.Group("/settings", func() {
|
|
|
|
m.Get("", user.GetUserSettings)
|
|
|
|
m.Patch("", bind(api.UserSettingsOptions{}), user.UpdateUserSettings)
|
|
|
|
}, reqToken())
|
|
|
|
m.Combo("/emails").Get(user.ListEmails).
|
|
|
|
Post(bind(api.CreateEmailOption{}), user.AddEmail).
|
|
|
|
Delete(bind(api.DeleteEmailOption{}), user.DeleteEmail)
|
|
|
|
|
|
|
|
m.Get("/followers", user.ListMyFollowers)
|
|
|
|
m.Group("/following", func() {
|
|
|
|
m.Get("", user.ListMyFollowing)
|
|
|
|
m.Group("/{username}", func() {
|
|
|
|
m.Get("", user.CheckMyFollowing)
|
|
|
|
m.Put("", user.Follow)
|
|
|
|
m.Delete("", user.Unfollow)
|
|
|
|
}, context_service.UserAssignmentAPI())
|
|
|
|
})
|
|
|
|
|
|
|
|
m.Group("/keys", func() {
|
|
|
|
m.Combo("").Get(user.ListMyPublicKeys).
|
|
|
|
Post(bind(api.CreateKeyOption{}), user.CreatePublicKey)
|
|
|
|
m.Combo("/{id}").Get(user.GetPublicKey).
|
|
|
|
Delete(user.DeletePublicKey)
|
|
|
|
})
|
|
|
|
m.Group("/applications", func() {
|
|
|
|
m.Combo("/oauth2").
|
|
|
|
Get(user.ListOauth2Applications).
|
|
|
|
Post(bind(api.CreateOAuth2ApplicationOptions{}), user.CreateOauth2Application)
|
|
|
|
m.Combo("/oauth2/{id}").
|
|
|
|
Delete(user.DeleteOauth2Application).
|
|
|
|
Patch(bind(api.CreateOAuth2ApplicationOptions{}), user.UpdateOauth2Application).
|
|
|
|
Get(user.GetOauth2Application)
|
|
|
|
}, reqToken())
|
|
|
|
|
|
|
|
m.Group("/gpg_keys", func() {
|
|
|
|
m.Combo("").Get(user.ListMyGPGKeys).
|
|
|
|
Post(bind(api.CreateGPGKeyOption{}), user.CreateGPGKey)
|
|
|
|
m.Combo("/{id}").Get(user.GetGPGKey).
|
|
|
|
Delete(user.DeleteGPGKey)
|
|
|
|
})
|
|
|
|
|
|
|
|
m.Get("/gpg_key_token", user.GetVerificationToken)
|
|
|
|
m.Post("/gpg_key_verify", bind(api.VerifyGPGKeyOption{}), user.VerifyUserGPGKey)
|
|
|
|
|
|
|
|
m.Combo("/repos").Get(user.ListMyRepos).
|
|
|
|
Post(bind(api.CreateRepoOption{}), repo.Create)
|
|
|
|
|
|
|
|
m.Group("/starred", func() {
|
|
|
|
m.Get("", user.GetMyStarredRepos)
|
|
|
|
m.Group("/{username}/{reponame}", func() {
|
|
|
|
m.Get("", user.IsStarring)
|
|
|
|
m.Put("", user.Star)
|
|
|
|
m.Delete("", user.Unstar)
|
|
|
|
}, repoAssignment())
|
|
|
|
})
|
|
|
|
m.Get("/times", repo.ListMyTrackedTimes)
|
|
|
|
|
|
|
|
m.Get("/stopwatches", repo.GetStopwatches)
|
|
|
|
|
|
|
|
m.Get("/subscriptions", user.GetMyWatchedRepos)
|
|
|
|
|
|
|
|
m.Get("/teams", org.ListUserTeams)
|
|
|
|
}, reqToken())
|
|
|
|
|
|
|
|
// Repositories
|
|
|
|
m.Post("/org/{org}/repos", reqToken(), bind(api.CreateRepoOption{}), repo.CreateOrgRepoDeprecated)
|
|
|
|
|
|
|
|
m.Combo("/repositories/{id}", reqToken()).Get(repo.GetByID)
|
|
|
|
|
|
|
|
m.Group("/repos", func() {
|
|
|
|
m.Get("/search", repo.Search)
|
|
|
|
|
|
|
|
m.Get("/issues/search", repo.SearchIssues)
|
Allow cross-repository dependencies on issues (#7901)
* in progress changes for #7405, added ability to add cross-repo dependencies
* removed unused repolink var
* fixed query that was breaking ci tests; fixed check in issue dependency add so that the id of the issue and dependency is checked rather than the indexes
* reverted removal of string in local files becasue these are done via crowdin, not updated manually
* removed 'Select("issue.*")' from getBlockedByDependencies and getBlockingDependencies based on comments in PR review
* changed getBlockedByDependencies and getBlockingDependencies to use a more xorm-like query, also updated the sidebar as a result
* simplified the getBlockingDependencies and getBlockedByDependencies methods; changed the sidebar to show the dependencies in a different format where you can see the name of the repository
* made some changes to the issue view in the dependencies (issue name on top, repo full name on separate line). Change view of issue in the dependency search results (also showing the full repo name on separate line)
* replace call to FindUserAccessibleRepoIDs with SearchRepositoryByName. The former was hardcoded to use isPrivate = false on the repo search, but this code needed it to be true. The SearchRepositoryByName method is used more in the code including on the user's dashboard
* some more tweaks to the layout of the issues when showing dependencies and in the search box when you add new dependencies
* added Name to the RepositoryMeta struct
* updated swagger doc
* fixed total count for link header on SearchIssues
* fixed indentation
* fixed aligment of remove icon on dependencies in issue sidebar
* removed unnecessary nil check (unnecessary because issue.loadRepo is called prior to this block)
* reverting .css change, somehow missed or forgot that less is used
* updated less file and generated css; updated sidebar template with styles to line up delete and issue index
* added ordering to the blocked by/depends on queries
* fixed sorting in issue dependency search and the depends on/blocks views to show issues from the current repo first, then by created date descending; added a "all cross repository dependencies" setting to allow this feature to be turned off, if turned off, the issue dependency search will work the way it did before (restricted to the current repository)
* re-applied my swagger changes after merge
* fixed split string condition in issue search
* changed ALLOW_CROSS_REPOSITORY_DEPENDENCIES description to sound more global than just the issue dependency search; returning 400 in the cross repo issue search api method if not enabled; fixed bug where the issue count did not respect the state parameter
* when adding a dependency to an issue, added a check to make sure the issue and dependency are in the same repo if cross repo dependencies is not enabled
* updated sortIssuesSession call in PullRequests, another commit moved this method from pull.go to pull_list.go so I had to re-apply my change here
* fixed incorrect setting of user id parameter in search repos call
5 years ago
|
|
|
|
|
|
|
m.Post("/migrate", reqToken(), bind(api.MigrateRepoOptions{}), repo.Migrate)
|
|
|
|
|
|
|
|
m.Group("/{username}/{reponame}", func() {
|
|
|
|
m.Combo("").Get(reqAnyRepoReader(), repo.Get).
|
|
|
|
Delete(reqToken(), reqOwner(), repo.Delete).
|
|
|
|
Patch(reqToken(), reqAdmin(), bind(api.EditRepoOption{}), repo.Edit)
|
|
|
|
m.Post("/generate", reqToken(), reqRepoReader(unit.TypeCode), bind(api.GenerateRepoOption{}), repo.Generate)
|
|
|
|
m.Post("/transfer", reqOwner(), bind(api.TransferRepoOption{}), repo.Transfer)
|
|
|
|
m.Post("/transfer/accept", reqToken(), repo.AcceptTransfer)
|
|
|
|
m.Post("/transfer/reject", reqToken(), repo.RejectTransfer)
|
|
|
|
m.Combo("/notifications").
|
|
|
|
Get(reqToken(), notify.ListRepoNotifications).
|
|
|
|
Put(reqToken(), notify.ReadRepoNotifications)
|
|
|
|
m.Group("/hooks/git", func() {
|
|
|
|
m.Combo("").Get(repo.ListGitHooks)
|
|
|
|
m.Group("/{id}", func() {
|
|
|
|
m.Combo("").Get(repo.GetGitHook).
|
|
|
|
Patch(bind(api.EditGitHookOption{}), repo.EditGitHook).
|
|
|
|
Delete(repo.DeleteGitHook)
|
|
|
|
})
|
|
|
|
}, reqToken(), reqAdmin(), reqGitHook(), context.ReferencesGitRepo(true))
|
|
|
|
m.Group("/hooks", func() {
|
|
|
|
m.Combo("").Get(repo.ListHooks).
|
|
|
|
Post(bind(api.CreateHookOption{}), repo.CreateHook)
|
|
|
|
m.Group("/{id}", func() {
|
|
|
|
m.Combo("").Get(repo.GetHook).
|
|
|
|
Patch(bind(api.EditHookOption{}), repo.EditHook).
|
|
|
|
Delete(repo.DeleteHook)
|
|
|
|
m.Post("/tests", context.ReferencesGitRepo(), context.RepoRefForAPI, repo.TestHook)
|
|
|
|
})
|
|
|
|
}, reqToken(), reqAdmin(), reqWebhooksEnabled())
|
|
|
|
m.Group("/collaborators", func() {
|
|
|
|
m.Get("", reqAnyRepoReader(), repo.ListCollaborators)
|
|
|
|
m.Group("/{collaborator}", func() {
|
|
|
|
m.Combo("").Get(reqAnyRepoReader(), repo.IsCollaborator).
|
|
|
|
Put(reqAdmin(), bind(api.AddCollaboratorOption{}), repo.AddCollaborator).
|
|
|
|
Delete(reqAdmin(), repo.DeleteCollaborator)
|
|
|
|
m.Get("/permission", repo.GetRepoPermissions)
|
|
|
|
}, reqToken())
|
|
|
|
}, reqToken())
|
|
|
|
m.Get("/assignees", reqToken(), reqAnyRepoReader(), repo.GetAssignees)
|
|
|
|
m.Get("/reviewers", reqToken(), reqAnyRepoReader(), repo.GetReviewers)
|
|
|
|
m.Group("/teams", func() {
|
|
|
|
m.Get("", reqAnyRepoReader(), repo.ListTeams)
|
|
|
|
m.Combo("/{team}").Get(reqAnyRepoReader(), repo.IsTeam).
|
|
|
|
Put(reqAdmin(), repo.AddTeam).
|
|
|
|
Delete(reqAdmin(), repo.DeleteTeam)
|
|
|
|
}, reqToken())
|
|
|
|
m.Get("/raw/*", context.ReferencesGitRepo(), context.RepoRefForAPI, reqRepoReader(unit.TypeCode), repo.GetRawFile)
|
|
|
|
m.Get("/media/*", context.ReferencesGitRepo(), context.RepoRefForAPI, reqRepoReader(unit.TypeCode), repo.GetRawFileOrLFS)
|
|
|
|
m.Get("/archive/*", reqRepoReader(unit.TypeCode), repo.GetArchive)
|
|
|
|
m.Combo("/forks").Get(repo.ListForks).
|
|
|
|
Post(reqToken(), reqRepoReader(unit.TypeCode), bind(api.CreateForkOption{}), repo.CreateFork)
|
|
|
|
m.Group("/branches", func() {
|
|
|
|
m.Get("", repo.ListBranches)
|
|
|
|
m.Get("/*", repo.GetBranch)
|
|
|
|
m.Delete("/*", reqRepoWriter(unit.TypeCode), repo.DeleteBranch)
|
|
|
|
m.Post("", reqRepoWriter(unit.TypeCode), bind(api.CreateBranchRepoOption{}), repo.CreateBranch)
|
|
|
|
}, context.ReferencesGitRepo(), reqRepoReader(unit.TypeCode))
|
|
|
|
m.Group("/branch_protections", func() {
|
|
|
|
m.Get("", repo.ListBranchProtections)
|
|
|
|
m.Post("", bind(api.CreateBranchProtectionOption{}), repo.CreateBranchProtection)
|
|
|
|
m.Group("/{name}", func() {
|
|
|
|
m.Get("", repo.GetBranchProtection)
|
|
|
|
m.Patch("", bind(api.EditBranchProtectionOption{}), repo.EditBranchProtection)
|
|
|
|
m.Delete("", repo.DeleteBranchProtection)
|
|
|
|
})
|
|
|
|
}, reqToken(), reqAdmin())
|
|
|
|
m.Group("/tags", func() {
|
|
|
|
m.Get("", repo.ListTags)
|
|
|
|
m.Get("/*", repo.GetTag)
|
|
|
|
m.Post("", reqRepoWriter(unit.TypeCode), bind(api.CreateTagOption{}), repo.CreateTag)
|
|
|
|
m.Delete("/*", repo.DeleteTag)
|
|
|
|
}, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo(true))
|
|
|
|
m.Group("/keys", func() {
|
|
|
|
m.Combo("").Get(repo.ListDeployKeys).
|
|
|
|
Post(bind(api.CreateKeyOption{}), repo.CreateDeployKey)
|
|
|
|
m.Combo("/{id}").Get(repo.GetDeployKey).
|
|
|
|
Delete(repo.DeleteDeploykey)
|
|
|
|
}, reqToken(), reqAdmin())
|
|
|
|
m.Group("/times", func() {
|
|
|
|
m.Combo("").Get(repo.ListTrackedTimesByRepository)
|
|
|
|
m.Combo("/{timetrackingusername}").Get(repo.ListTrackedTimesByUser)
|
|
|
|
}, mustEnableIssues, reqToken())
|
|
|
|
m.Group("/wiki", func() {
|
|
|
|
m.Combo("/page/{pageName}").
|
|
|
|
Get(repo.GetWikiPage).
|
|
|
|
Patch(mustNotBeArchived, reqRepoWriter(unit.TypeWiki), bind(api.CreateWikiPageOptions{}), repo.EditWikiPage).
|
|
|
|
Delete(mustNotBeArchived, reqRepoWriter(unit.TypeWiki), repo.DeleteWikiPage)
|
|
|
|
m.Get("/revisions/{pageName}", repo.ListPageRevisions)
|
|
|
|
m.Post("/new", mustNotBeArchived, reqRepoWriter(unit.TypeWiki), bind(api.CreateWikiPageOptions{}), repo.NewWikiPage)
|
|
|
|
m.Get("/pages", repo.ListWikiPages)
|
|
|
|
}, mustEnableWiki)
|
|
|
|
m.Group("/issues", func() {
|
|
|
|
m.Combo("").Get(repo.ListIssues).
|
|
|
|
Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueOption{}), repo.CreateIssue)
|
|
|
|
m.Group("/comments", func() {
|
|
|
|
m.Get("", repo.ListRepoIssueComments)
|
|
|
|
m.Group("/{id}", func() {
|
|
|
|
m.Combo("").
|
|
|
|
Get(repo.GetIssueComment).
|
|
|
|
Patch(mustNotBeArchived, reqToken(), bind(api.EditIssueCommentOption{}), repo.EditIssueComment).
|
|
|
|
Delete(reqToken(), repo.DeleteIssueComment)
|
|
|
|
m.Combo("/reactions").
|
|
|
|
Get(repo.GetIssueCommentReactions).
|
|
|
|
Post(reqToken(), bind(api.EditReactionOption{}), repo.PostIssueCommentReaction).
|
|
|
|
Delete(reqToken(), bind(api.EditReactionOption{}), repo.DeleteIssueCommentReaction)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
m.Group("/{index}", func() {
|
|
|
|
m.Combo("").Get(repo.GetIssue).
|
|
|
|
Patch(reqToken(), bind(api.EditIssueOption{}), repo.EditIssue).
|
|
|
|
Delete(reqToken(), reqAdmin(), context.ReferencesGitRepo(), repo.DeleteIssue)
|
|
|
|
m.Group("/comments", func() {
|
|
|
|
m.Combo("").Get(repo.ListIssueComments).
|
|
|
|
Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)
|
|
|
|
m.Combo("/{id}", reqToken()).Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueCommentDeprecated).
|
|
|
|
Delete(repo.DeleteIssueCommentDeprecated)
|
|
|
|
})
|
|
|
|
m.Get("/timeline", repo.ListIssueCommentsAndTimeline)
|
|
|
|
m.Group("/labels", func() {
|
|
|
|
m.Combo("").Get(repo.ListIssueLabels).
|
|
|
|
Post(reqToken(), bind(api.IssueLabelsOption{}), repo.AddIssueLabels).
|
|
|
|
Put(reqToken(), bind(api.IssueLabelsOption{}), repo.ReplaceIssueLabels).
|
|
|
|
Delete(reqToken(), repo.ClearIssueLabels)
|
|
|
|
m.Delete("/{id}", reqToken(), repo.DeleteIssueLabel)
|
|
|
|
})
|
|
|
|
m.Group("/times", func() {
|
|
|
|
m.Combo("").
|
|
|
|
Get(repo.ListTrackedTimes).
|
|
|
|
Post(bind(api.AddTimeOption{}), repo.AddTime).
|
|
|
|
Delete(repo.ResetIssueTime)
|
|
|
|
m.Delete("/{id}", repo.DeleteTime)
|
|
|
|
}, reqToken())
|
|
|
|
m.Combo("/deadline").Post(reqToken(), bind(api.EditDeadlineOption{}), repo.UpdateIssueDeadline)
|
|
|
|
m.Group("/stopwatch", func() {
|
|
|
|
m.Post("/start", reqToken(), repo.StartIssueStopwatch)
|
|
|
|
m.Post("/stop", reqToken(), repo.StopIssueStopwatch)
|
|
|
|
m.Delete("/delete", reqToken(), repo.DeleteIssueStopwatch)
|
|
|
|
})
|
|
|
|
m.Group("/subscriptions", func() {
|
|
|
|
m.Get("", repo.GetIssueSubscribers)
|
|
|
|
m.Get("/check", reqToken(), repo.CheckIssueSubscription)
|
|
|
|
m.Put("/{user}", reqToken(), repo.AddIssueSubscription)
|
|
|
|
m.Delete("/{user}", reqToken(), repo.DelIssueSubscription)
|
|
|
|
})
|
|
|
|
m.Combo("/reactions").
|
|
|
|
Get(repo.GetIssueReactions).
|
|
|
|
Post(reqToken(), bind(api.EditReactionOption{}), repo.PostIssueReaction).
|
|
|
|
Delete(reqToken(), bind(api.EditReactionOption{}), repo.DeleteIssueReaction)
|
|
|
|
})
|
|
|
|
}, mustEnableIssuesOrPulls)
|
|
|
|
m.Group("/labels", func() {
|
|
|
|
m.Combo("").Get(repo.ListLabels).
|
|
|
|
Post(reqToken(), reqRepoWriter(unit.TypeIssues, unit.TypePullRequests), bind(api.CreateLabelOption{}), repo.CreateLabel)
|
|
|
|
m.Combo("/{id}").Get(repo.GetLabel).
|
|
|
|
Patch(reqToken(), reqRepoWriter(unit.TypeIssues, unit.TypePullRequests), bind(api.EditLabelOption{}), repo.EditLabel).
|
|
|
|
Delete(reqToken(), reqRepoWriter(unit.TypeIssues, unit.TypePullRequests), repo.DeleteLabel)
|
|
|
|
})
|
|
|
|
m.Post("/markdown", bind(api.MarkdownOption{}), misc.Markdown)
|
|
|
|
m.Post("/markdown/raw", misc.MarkdownRaw)
|
|
|
|
m.Group("/milestones", func() {
|
|
|
|
m.Combo("").Get(repo.ListMilestones).
|
|
|
|
Post(reqToken(), reqRepoWriter(unit.TypeIssues, unit.TypePullRequests), bind(api.CreateMilestoneOption{}), repo.CreateMilestone)
|
|
|
|
m.Combo("/{id}").Get(repo.GetMilestone).
|
|
|
|
Patch(reqToken(), reqRepoWriter(unit.TypeIssues, unit.TypePullRequests), bind(api.EditMilestoneOption{}), repo.EditMilestone).
|
|
|
|
Delete(reqToken(), reqRepoWriter(unit.TypeIssues, unit.TypePullRequests), repo.DeleteMilestone)
|
|
|
|
})
|
|
|
|
m.Get("/stargazers", repo.ListStargazers)
|
|
|
|
m.Get("/subscribers", repo.ListSubscribers)
|
|
|
|
m.Group("/subscription", func() {
|
|
|
|
m.Get("", user.IsWatching)
|
|
|
|
m.Put("", reqToken(), user.Watch)
|
|
|
|
m.Delete("", reqToken(), user.Unwatch)
|
|
|
|
})
|
|
|
|
m.Group("/releases", func() {
|
|
|
|
m.Combo("").Get(repo.ListReleases).
|
|
|
|
Post(reqToken(), reqRepoWriter(unit.TypeReleases), context.ReferencesGitRepo(), bind(api.CreateReleaseOption{}), repo.CreateRelease)
|
|
|
|
m.Group("/{id}", func() {
|
|
|
|
m.Combo("").Get(repo.GetRelease).
|
|
|
|
Patch(reqToken(), reqRepoWriter(unit.TypeReleases), context.ReferencesGitRepo(), bind(api.EditReleaseOption{}), repo.EditRelease).
|
|
|
|
Delete(reqToken(), reqRepoWriter(unit.TypeReleases), repo.DeleteRelease)
|
|
|
|
m.Group("/assets", func() {
|
|
|
|
m.Combo("").Get(repo.ListReleaseAttachments).
|
|
|
|
Post(reqToken(), reqRepoWriter(unit.TypeReleases), repo.CreateReleaseAttachment)
|
|
|
|
m.Combo("/{asset}").Get(repo.GetReleaseAttachment).
|
|
|
|
Patch(reqToken(), reqRepoWriter(unit.TypeReleases), bind(api.EditAttachmentOptions{}), repo.EditReleaseAttachment).
|
|
|
|
Delete(reqToken(), reqRepoWriter(unit.TypeReleases), repo.DeleteReleaseAttachment)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
m.Group("/tags", func() {
|
|
|
|
m.Combo("/{tag}").
|
|
|
|
Get(repo.GetReleaseByTag).
|
|
|
|
Delete(reqToken(), reqRepoWriter(unit.TypeReleases), repo.DeleteReleaseByTag)
|
|
|
|
})
|
|
|
|
}, reqRepoReader(unit.TypeReleases))
|
|
|
|
m.Post("/mirror-sync", reqToken(), reqRepoWriter(unit.TypeCode), repo.MirrorSync)
|
|
|
|
m.Post("/push_mirrors-sync", reqAdmin(), repo.PushMirrorSync)
|
|
|
|
m.Group("/push_mirrors", func() {
|
|
|
|
m.Combo("").Get(repo.ListPushMirrors).
|
|
|
|
Post(bind(api.CreatePushMirrorOption{}), repo.AddPushMirror)
|
|
|
|
m.Combo("/{name}").
|
|
|
|
Delete(repo.DeletePushMirrorByRemoteName).
|
|
|
|
Get(repo.GetPushMirrorByName)
|
|
|
|
}, reqAdmin())
|
|
|
|
|
|
|
|
m.Get("/editorconfig/{filename}", context.ReferencesGitRepo(), context.RepoRefForAPI, reqRepoReader(unit.TypeCode), repo.GetEditorconfig)
|
|
|
|
m.Group("/pulls", func() {
|
|
|
|
m.Combo("").Get(repo.ListPullRequests).
|
|
|
|
Post(reqToken(), mustNotBeArchived, bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)
|
|
|
|
m.Group("/{index}", func() {
|
|
|
|
m.Combo("").Get(repo.GetPullRequest).
|
|
|
|
Patch(reqToken(), bind(api.EditPullRequestOption{}), repo.EditPullRequest)
|
|
|
|
m.Get(".{diffType:diff|patch}", repo.DownloadPullDiffOrPatch)
|
|
|
|
m.Post("/update", reqToken(), repo.UpdatePullRequest)
|
|
|
|
m.Get("/commits", repo.GetPullRequestCommits)
|
|
|
|
m.Get("/files", repo.GetPullRequestFiles)
|
|
|
|
m.Combo("/merge").Get(repo.IsPullRequestMerged).
|
|
|
|
Post(reqToken(), mustNotBeArchived, bind(forms.MergePullRequestForm{}), repo.MergePullRequest).
|
|
|
|
Delete(reqToken(), mustNotBeArchived, repo.CancelScheduledAutoMerge)
|
|
|
|
m.Group("/reviews", func() {
|
|
|
|
m.Combo("").
|
|
|
|
Get(repo.ListPullReviews).
|
|
|
|
Post(reqToken(), bind(api.CreatePullReviewOptions{}), repo.CreatePullReview)
|
|
|
|
m.Group("/{id}", func() {
|
|
|
|
m.Combo("").
|
|
|
|
Get(repo.GetPullReview).
|
|
|
|
Delete(reqToken(), repo.DeletePullReview).
|
|
|
|
Post(reqToken(), bind(api.SubmitPullReviewOptions{}), repo.SubmitPullReview)
|
|
|
|
m.Combo("/comments").
|
|
|
|
Get(repo.GetPullReviewComments)
|
|
|
|
m.Post("/dismissals", reqToken(), bind(api.DismissPullReviewOptions{}), repo.DismissPullReview)
|
|
|
|
m.Post("/undismissals", reqToken(), repo.UnDismissPullReview)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
m.Combo("/requested_reviewers").
|
|
|
|
Delete(reqToken(), bind(api.PullReviewRequestOptions{}), repo.DeleteReviewRequests).
|
|
|
|
Post(reqToken(), bind(api.PullReviewRequestOptions{}), repo.CreateReviewRequests)
|
|
|
|
})
|
|
|
|
}, mustAllowPulls, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo())
|
|
|
|
m.Group("/statuses", func() {
|
|
|
|
m.Combo("/{sha}").Get(repo.GetCommitStatuses).
|
|
|
|
Post(reqToken(), reqRepoWriter(unit.TypeCode), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
|
|
|
|
}, reqRepoReader(unit.TypeCode))
|
|
|
|
m.Group("/commits", func() {
|
|
|
|
m.Get("", context.ReferencesGitRepo(), repo.GetAllCommits)
|
|
|
|
m.Group("/{ref}", func() {
|
|
|
|
m.Get("/status", repo.GetCombinedCommitStatusByRef)
|
|
|
|
m.Get("/statuses", repo.GetCommitStatusesByRef)
|
|
|
|
}, context.ReferencesGitRepo())
|
|
|
|
}, reqRepoReader(unit.TypeCode))
|
|
|
|
m.Group("/git", func() {
|
|
|
|
m.Group("/commits", func() {
|
|
|
|
m.Get("/{sha}", repo.GetSingleCommit)
|
|
|
|
m.Get("/{sha}.{diffType:diff|patch}", repo.DownloadCommitDiffOrPatch)
|
|
|
|
})
|
|
|
|
m.Get("/refs", repo.GetGitAllRefs)
|
|
|
|
m.Get("/refs/*", repo.GetGitRefs)
|
|
|
|
m.Get("/trees/{sha}", repo.GetTree)
|
|
|
|
m.Get("/blobs/{sha}", repo.GetBlob)
|
|
|
|
m.Get("/tags/{sha}", repo.GetAnnotatedTag)
|
|
|
|
m.Get("/notes/{sha}", repo.GetNote)
|
|
|
|
}, context.ReferencesGitRepo(true), reqRepoReader(unit.TypeCode))
|
|
|
|
m.Post("/diffpatch", reqRepoWriter(unit.TypeCode), reqToken(), bind(api.ApplyDiffPatchFileOptions{}), repo.ApplyDiffPatch)
|
|
|
|
m.Group("/contents", func() {
|
|
|
|
m.Get("", repo.GetContentsList)
|
|
|
|
m.Get("/*", repo.GetContents)
|
|
|
|
m.Group("/*", func() {
|
|
|
|
m.Post("", bind(api.CreateFileOptions{}), reqRepoBranchWriter, repo.CreateFile)
|
|
|
|
m.Put("", bind(api.UpdateFileOptions{}), reqRepoBranchWriter, repo.UpdateFile)
|
|
|
|
m.Delete("", bind(api.DeleteFileOptions{}), reqRepoBranchWriter, repo.DeleteFile)
|
|
|
|
}, reqToken())
|
|
|
|
}, reqRepoReader(unit.TypeCode))
|
|
|
|
m.Get("/signing-key.gpg", misc.SigningKey)
|
|
|
|
m.Group("/topics", func() {
|
|
|
|
m.Combo("").Get(repo.ListTopics).
|
|
|
|
Put(reqToken(), reqAdmin(), bind(api.RepoTopicOptions{}), repo.UpdateTopics)
|
|
|
|
m.Group("/{topic}", func() {
|
|
|
|
m.Combo("").Put(reqToken(), repo.AddTopic).
|
|
|
|
Delete(reqToken(), repo.DeleteTopic)
|
|
|
|
}, reqAdmin())
|
|
|
|
}, reqAnyRepoReader())
|
|
|
|
m.Get("/issue_templates", context.ReferencesGitRepo(), repo.GetIssueTemplates)
|
|
|
|
m.Get("/languages", reqRepoReader(unit.TypeCode), repo.GetLanguages)
|
|
|
|
}, repoAssignment())
|
|
|
|
})
|
|
|
|
|
|
|
|
m.Group("/packages/{username}", func() {
|
|
|
|
m.Group("/{type}/{name}/{version}", func() {
|
|
|
|
m.Get("", packages.GetPackage)
|
|
|
|
m.Delete("", reqPackageAccess(perm.AccessModeWrite), packages.DeletePackage)
|
|
|
|
m.Get("/files", packages.ListPackageFiles)
|
|
|
|
})
|
|
|
|
m.Get("/", packages.ListPackages)
|
|
|
|
}, context_service.UserAssignmentAPI(), context.PackageAssignmentAPI(), reqPackageAccess(perm.AccessModeRead))
|
|
|
|
|
|
|
|
// Organizations
|
|
|
|
m.Get("/user/orgs", reqToken(), org.ListMyOrgs)
|
|
|
|
m.Group("/users/{username}/orgs", func() {
|
|
|
|
m.Get("", org.ListUserOrgs)
|
|
|
|
m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
|
|
|
|
}, context_service.UserAssignmentAPI())
|
|
|
|
m.Post("/orgs", reqToken(), bind(api.CreateOrgOption{}), org.Create)
|
|
|
|
m.Get("/orgs", org.GetAll)
|
|
|
|
m.Group("/orgs/{org}", func() {
|
|
|
|
m.Combo("").Get(org.Get).
|
|
|
|
Patch(reqToken(), reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit).
|
|
|
|
Delete(reqToken(), reqOrgOwnership(), org.Delete)
|
|
|
|
m.Combo("/repos").Get(user.ListOrgRepos).
|
|
|
|
Post(reqToken(), bind(api.CreateRepoOption{}), repo.CreateOrgRepo)
|
|
|
|
m.Group("/members", func() {
|
|
|
|
m.Get("", org.ListMembers)
|
|
|
|
m.Combo("/{username}").Get(org.IsMember).
|
|
|
|
Delete(reqToken(), reqOrgOwnership(), org.DeleteMember)
|
|
|
|
})
|
|
|
|
m.Group("/public_members", func() {
|
|
|
|
m.Get("", org.ListPublicMembers)
|
|
|
|
m.Combo("/{username}").Get(org.IsPublicMember).
|
|
|
|
Put(reqToken(), reqOrgMembership(), org.PublicizeMember).
|
|
|
|
Delete(reqToken(), reqOrgMembership(), org.ConcealMember)
|
|
|
|
})
|
|
|
|
m.Group("/teams", func() {
|
|
|
|
m.Get("", org.ListTeams)
|
|
|
|
m.Post("", reqOrgOwnership(), bind(api.CreateTeamOption{}), org.CreateTeam)
|
|
|
|
m.Get("/search", org.SearchTeam)
|
|
|
|
}, reqToken(), reqOrgMembership())
|
Add Organization Wide Labels (#10814)
* Add organization wide labels
Implement organization wide labels similar to organization wide
webhooks. This lets you create individual labels for organizations that can be used
for all repos under that organization (so being able to reuse the same
label across multiple repos).
This makes it possible for small organizations with many repos to use
labels effectively.
Fixes #7406
* Add migration
* remove comments
* fix tests
* Update options/locale/locale_en-US.ini
Removed unused translation string
* show org labels in issue search label filter
* Use more clear var name
* rename migration after merge from master
* comment typo
* update migration again after rebase with master
* check for orgID <=0 per guillep2k review
* fmt
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* remove unused code
* Make sure RepoID is 0 when searching orgID per code review
* more changes/code review requests
* More descriptive translation var per code review
* func description/delete comment when issue label deleted instead of hiding it
* remove comment
* only use issues in that repo when calculating number of open issues for org label on repo label page
* Add integration test for IssuesSearch API with labels
* remove unused function
* Update models/issue_label.go
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Use subquery in GetLabelIDsInReposByNames
* Fix tests to use correct orgID
* fix more tests
* IssuesSearch api now uses new BuildLabelNamesIssueIDsCondition. Add a few more tests as well
* update comment for clarity
* Revert previous code change now that we can use the new BuildLabelNamesIssueIDsCondition
* Don't sort repos by date in IssuesSearch API
After much debugging I've found a strange issue where in some cases MySQL will return a different result than other enigines if a query is sorted by a null collumn. For example with our integration test data where we don't set updated_unix in repository fixtures:
SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `avatar`, `created_unix`, `updated_unix` FROM `repository` ORDER BY updated_unix DESC LIMIT 15 OFFSET 45
Returns different results for MySQL than other engines. However, the similar query:
SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `avatar`, `created_unix`, `updated_unix` FROM `repository` ORDER BY updated_unix DESC LIMIT 15 OFFSET 30
Returns the same results.
This causes integration tests to fail on MySQL in certain cases but would never show up in a real installation. Since this API call always returns issues based on the optionally provided repo_priority_id or the issueID itself, there is no change to results by changing the repo sorting method used to get ids earlier in the function.
* linter is back!
* code review
* remove now unused option
* Fix newline at end of files
* more unused code
* update to master
* check for matching ids before query
* Update models/issue_label.go
Co-Authored-By: 6543 <6543@obermui.de>
* Update models/issue_label.go
* update comments
* Update routers/org/setting.go
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
5 years ago
|
|
|
m.Group("/labels", func() {
|
|
|
|
m.Get("", org.ListLabels)
|
|
|
|
m.Post("", reqToken(), reqOrgOwnership(), bind(api.CreateLabelOption{}), org.CreateLabel)
|
|
|
|
m.Combo("/{id}").Get(org.GetLabel).
|
Add Organization Wide Labels (#10814)
* Add organization wide labels
Implement organization wide labels similar to organization wide
webhooks. This lets you create individual labels for organizations that can be used
for all repos under that organization (so being able to reuse the same
label across multiple repos).
This makes it possible for small organizations with many repos to use
labels effectively.
Fixes #7406
* Add migration
* remove comments
* fix tests
* Update options/locale/locale_en-US.ini
Removed unused translation string
* show org labels in issue search label filter
* Use more clear var name
* rename migration after merge from master
* comment typo
* update migration again after rebase with master
* check for orgID <=0 per guillep2k review
* fmt
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* remove unused code
* Make sure RepoID is 0 when searching orgID per code review
* more changes/code review requests
* More descriptive translation var per code review
* func description/delete comment when issue label deleted instead of hiding it
* remove comment
* only use issues in that repo when calculating number of open issues for org label on repo label page
* Add integration test for IssuesSearch API with labels
* remove unused function
* Update models/issue_label.go
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Use subquery in GetLabelIDsInReposByNames
* Fix tests to use correct orgID
* fix more tests
* IssuesSearch api now uses new BuildLabelNamesIssueIDsCondition. Add a few more tests as well
* update comment for clarity
* Revert previous code change now that we can use the new BuildLabelNamesIssueIDsCondition
* Don't sort repos by date in IssuesSearch API
After much debugging I've found a strange issue where in some cases MySQL will return a different result than other enigines if a query is sorted by a null collumn. For example with our integration test data where we don't set updated_unix in repository fixtures:
SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `avatar`, `created_unix`, `updated_unix` FROM `repository` ORDER BY updated_unix DESC LIMIT 15 OFFSET 45
Returns different results for MySQL than other engines. However, the similar query:
SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `avatar`, `created_unix`, `updated_unix` FROM `repository` ORDER BY updated_unix DESC LIMIT 15 OFFSET 30
Returns the same results.
This causes integration tests to fail on MySQL in certain cases but would never show up in a real installation. Since this API call always returns issues based on the optionally provided repo_priority_id or the issueID itself, there is no change to results by changing the repo sorting method used to get ids earlier in the function.
* linter is back!
* code review
* remove now unused option
* Fix newline at end of files
* more unused code
* update to master
* check for matching ids before query
* Update models/issue_label.go
Co-Authored-By: 6543 <6543@obermui.de>
* Update models/issue_label.go
* update comments
* Update routers/org/setting.go
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
5 years ago
|
|
|
Patch(reqToken(), reqOrgOwnership(), bind(api.EditLabelOption{}), org.EditLabel).
|
|
|
|
Delete(reqToken(), reqOrgOwnership(), org.DeleteLabel)
|
|
|
|
})
|
|
|
|
m.Group("/hooks", func() {
|
|
|
|
m.Combo("").Get(org.ListHooks).
|
|
|
|
Post(bind(api.CreateHookOption{}), org.CreateHook)
|
|
|
|
m.Combo("/{id}").Get(org.GetHook).
|
|
|
|
Patch(bind(api.EditHookOption{}), org.EditHook).
|
|
|
|
Delete(org.DeleteHook)
|
|
|
|
}, reqToken(), reqOrgOwnership(), reqWebhooksEnabled())
|
|
|
|
}, orgAssignment(true))
|
|
|
|
m.Group("/teams/{teamid}", func() {
|
|
|
|
m.Combo("").Get(org.GetTeam).
|
|
|
|
Patch(reqOrgOwnership(), bind(api.EditTeamOption{}), org.EditTeam).
|
|
|
|
Delete(reqOrgOwnership(), org.DeleteTeam)
|
|
|
|
m.Group("/members", func() {
|
|
|
|
m.Get("", org.GetTeamMembers)
|
|
|
|
m.Combo("/{username}").
|
|
|
|
Get(org.GetTeamMember).
|
|
|
|
Put(reqOrgOwnership(), org.AddTeamMember).
|
|
|
|
Delete(reqOrgOwnership(), org.RemoveTeamMember)
|
|
|
|
})
|
|
|
|
m.Group("/repos", func() {
|
|
|
|
m.Get("", org.GetTeamRepos)
|
|
|
|
m.Combo("/{org}/{reponame}").
|
|
|
|
Put(org.AddTeamRepository).
|
|
|
|
Delete(org.RemoveTeamRepository).
|
|
|
|
Get(org.GetTeamRepo)
|
|
|
|
})
|
|
|
|
}, orgAssignment(false, true), reqToken(), reqTeamMembership())
|
|
|
|
|
|
|
|
m.Group("/admin", func() {
|
|
|
|
m.Group("/cron", func() {
|
|
|
|
m.Get("", admin.ListCronTasks)
|
|
|
|
m.Post("/{task}", admin.PostCronTask)
|
|
|
|
})
|
|
|
|
m.Get("/orgs", admin.GetAllOrgs)
|
|
|
|
m.Group("/users", func() {
|
|
|
|
m.Get("", admin.GetAllUsers)
|
|
|
|
m.Post("", bind(api.CreateUserOption{}), admin.CreateUser)
|
|
|
|
m.Group("/{username}", func() {
|
|
|
|
m.Combo("").Patch(bind(api.EditUserOption{}), admin.EditUser).
|
|
|
|
Delete(admin.DeleteUser)
|
|
|
|
m.Group("/keys", func() {
|
|
|
|
m.Post("", bind(api.CreateKeyOption{}), admin.CreatePublicKey)
|
|
|
|
m.Delete("/{id}", admin.DeleteUserPublicKey)
|
|
|
|
})
|
|
|
|
m.Get("/orgs", org.ListUserOrgs)
|
|
|
|
m.Post("/orgs", bind(api.CreateOrgOption{}), admin.CreateOrg)
|
|
|
|
m.Post("/repos", bind(api.CreateRepoOption{}), admin.CreateRepo)
|
|
|
|
}, context_service.UserAssignmentAPI())
|
|
|
|
})
|
|
|
|
m.Group("/unadopted", func() {
|
|
|
|
m.Get("", admin.ListUnadoptedRepositories)
|
|
|
|
m.Post("/{username}/{reponame}", admin.AdoptRepository)
|
|
|
|
m.Delete("/{username}/{reponame}", admin.DeleteUnadoptedRepository)
|
|
|
|
})
|
|
|
|
}, reqToken(), reqSiteAdmin())
|
|
|
|
|
|
|
|
m.Group("/topics", func() {
|
|
|
|
m.Get("/search", repo.TopicSearch)
|
|
|
|
})
|
|
|
|
}, sudo())
|
|
|
|
|
|
|
|
return m
|
|
|
|
}
|
|
|
|
|
|
|
|
func securityHeaders() func(http.Handler) http.Handler {
|
|
|
|
return func(next http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
|
|
|
|
// CORB: https://www.chromium.org/Home/chromium-security/corb-for-developers
|
|
|
|
// http://stackoverflow.com/a/3146618/244009
|
|
|
|
resp.Header().Set("x-content-type-options", "nosniff")
|
|
|
|
next.ServeHTTP(resp, req)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|