third_party
/
gitea
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make gitea serv use api/internal (#4886)

Browse Source 
* Start to move to internal/private

* Add GetPublicKeyByID

* Add HasDeployKey

* Add private.UpdateDeployKeyUpdated

* Add private.GetUserByKeyID

* Add private.AccessLevel

* Add private.CheckUnitUser

* Fix mistakes I made

* Some cleaning + moving code to separate files

* Fix error handling

* Remove useless error handling for setup

* lint: fix comment on exported func

* fix copyright header

* Fix order of args
tokarchuk/v1.17
Antoine GIRARD 6 years ago committed by Lunny Xiao
parent aefeb8c465
commit 617a2433a3
6 changed files with 331 additions and 51 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 55
      cmd/serv.go
  2. 2
      modules/private/branch.go
  3. 67
      modules/private/internal.go
  4. 116
      modules/private/key.go
  5. 56
      routers/private/internal.go
  6. 84
      routers/private/key.go

55
cmd/serv.go
Unescape View File

@ -19,7 +19,6 @@ import (
"code.gitea.io/gitea/modules/pprof" "code.gitea.io/gitea/modules/pprof"
"code.gitea.io/gitea/modules/private" "code.gitea.io/gitea/modules/private"
"code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"github.com/Unknwon/com" "github.com/Unknwon/com"
"github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go"
@ -49,20 +48,9 @@ var CmdServ = cli.Command{
}, },
} }
func setup(logPath string) error { func setup(logPath string) {
setting.NewContext() setting.NewContext()
log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath)) log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
models.LoadConfigs()
if setting.UseSQLite3 || setting.UseTiDB {
workPath := setting.AppWorkPath
if err := os.Chdir(workPath); err != nil {
log.GitLogger.Fatal(4, "Failed to change directory %s: %v", workPath, err)
}
}
setting.NewXORMLogService(true)
return models.SetEngine()
} }
func parseCmd(cmd string) (string, string) { func parseCmd(cmd string) (string, string) {
@ -101,10 +89,7 @@ func runServ(c *cli.Context) error {
if c.IsSet("config") { if c.IsSet("config") {
setting.CustomConf = c.String("config") setting.CustomConf = c.String("config")
} }
setup("serv.log")
if err := setup("serv.log"); err != nil {
fail("System init failed", fmt.Sprintf("setup: %v", err))
}
if setting.SSH.Disabled { if setting.SSH.Disabled {
println("Gitea: SSH has been disabled") println("Gitea: SSH has been disabled")
@ -175,9 +160,9 @@ func runServ(c *cli.Context) error {
} }
os.Setenv(models.EnvRepoName, reponame) os.Setenv(models.EnvRepoName, reponame)
repo, err := models.GetRepositoryByOwnerAndName(username, reponame) repo, err := private.GetRepositoryByOwnerAndName(username, reponame)
if err != nil { if err != nil {
if models.IsErrRepoNotExist(err) { if strings.Contains(err.Error(), "Failed to get repository: repository does not exist") {
fail(accessDenied, "Repository does not exist: %s/%s", username, reponame) fail(accessDenied, "Repository does not exist: %s/%s", username, reponame)
} }
fail("Internal error", "Failed to get repository: %v", err) fail("Internal error", "Failed to get repository: %v", err)
@ -214,7 +199,7 @@ func runServ(c *cli.Context) error {
fail("Key ID format error", "Invalid key argument: %s", c.Args()[0]) fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
} }
key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64()) key, err := private.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64())
if err != nil { if err != nil {
fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err) fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err)
} }
@ -225,23 +210,22 @@ func runServ(c *cli.Context) error {
if key.Mode < requestedMode { if key.Mode < requestedMode {
fail("Key permission denied", "Cannot push with deployment key: %d", key.ID) fail("Key permission denied", "Cannot push with deployment key: %d", key.ID)
} }
// Check if this deploy key belongs to current repository. // Check if this deploy key belongs to current repository.
if !models.HasDeployKey(key.ID, repo.ID) { has, err := private.HasDeployKey(key.ID, repo.ID)
if err != nil {
fail("Key access denied", "Failed to access internal api: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
}
if !has {
fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID) fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
} }
// Update deploy key activity. // Update deploy key activity.
deployKey, err := models.GetDeployKeyByRepo(key.ID, repo.ID) if err = private.UpdateDeployKeyUpdated(key.ID, repo.ID); err != nil {
if err != nil {
fail("Internal error", "GetDeployKey: %v", err)
}
deployKey.UpdatedUnix = util.TimeStampNow()
if err = models.UpdateDeployKeyCols(deployKey, "updated_unix"); err != nil {
fail("Internal error", "UpdateDeployKey: %v", err) fail("Internal error", "UpdateDeployKey: %v", err)
} }
} else { } else {
user, err = models.GetUserByKeyID(key.ID) user, err = private.GetUserByKeyID(key.ID)
if err != nil { if err != nil {
fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err) fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
} }
@ -252,12 +236,12 @@ func runServ(c *cli.Context) error {
user.Name, repoPath) user.Name, repoPath)
} }
mode, err := models.AccessLevel(user.ID, repo) mode, err := private.AccessLevel(user.ID, repo.ID)
if err != nil { if err != nil {
fail("Internal error", "Failed to check access: %v", err) fail("Internal error", "Failed to check access: %v", err)
} else if mode < requestedMode { } else if *mode < requestedMode {
clientMessage := accessDenied clientMessage := accessDenied
if mode >= models.AccessModeRead { if *mode >= models.AccessModeRead {
clientMessage = "You do not have sufficient authorization for this action" clientMessage = "You do not have sufficient authorization for this action"
} }
fail(clientMessage, fail(clientMessage,
@ -265,7 +249,11 @@ func runServ(c *cli.Context) error {
user.Name, requestedMode, repoPath) user.Name, requestedMode, repoPath)
} }
if !repo.CheckUnitUser(user.ID, user.IsAdmin, unitType) { check, err := private.CheckUnitUser(user.ID, repo.ID, user.IsAdmin, unitType)
if err != nil {
fail("You do not have allowed for this action", "Failed to access internal api: [user.Name: %s, repoPath: %s]", user.Name, repoPath)
}
if !check {
fail("You do not have allowed for this action", fail("You do not have allowed for this action",
"User %s does not have allowed access to repository %s 's code", "User %s does not have allowed access to repository %s 's code",
user.Name, repoPath) user.Name, repoPath)
@ -325,7 +313,6 @@ func runServ(c *cli.Context) error {
} else { } else {
gitcmd = exec.Command(verb, repoPath) gitcmd = exec.Command(verb, repoPath)
} }
if isWiki { if isWiki {
if err = repo.InitWiki(); err != nil { if err = repo.InitWiki(); err != nil {
fail("Internal error", "Failed to init wiki repo: %v", err) fail("Internal error", "Failed to init wiki repo: %v", err)

2
modules/private/branch.go
Unescape View File

@ -33,7 +33,7 @@ func GetProtectedBranchBy(repoID int64, branchName string) (*models.ProtectedBra
// All 2XX status codes are accepted and others will return an error // All 2XX status codes are accepted and others will return an error
if resp.StatusCode/100 != 2 { if resp.StatusCode/100 != 2 {
return nil, fmt.Errorf("Failed to update public key: %s", decodeJSONError(resp).Err) return nil, fmt.Errorf("Failed to get protected branch: %s", decodeJSONError(resp).Err)
} }
return &branch, nil return &branch, nil

67
modules/private/internal.go
Unescape View File

@ -11,6 +11,7 @@ import (
"net" "net"
"net/http" "net/http"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/httplib" "code.gitea.io/gitea/modules/httplib"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/setting"
@ -49,22 +50,66 @@ func newInternalRequest(url, method string) *httplib.Request {
return req return req
} }
// UpdatePublicKeyUpdated update publick key updates // CheckUnitUser check whether user could visit the unit of this repository
func UpdatePublicKeyUpdated(keyID int64) error { func CheckUnitUser(userID, repoID int64, isAdmin bool, unitType models.UnitType) (bool, error) {
// Ask for running deliver hook and test pull request tasks. reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/user/%d/checkunituser?isAdmin=%t&unitType=%d", repoID, userID, isAdmin, unitType)
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/ssh/%d/update", keyID) log.GitLogger.Trace("AccessLevel: %s", reqURL)
log.GitLogger.Trace("UpdatePublicKeyUpdated: %s", reqURL)
resp, err := newInternalRequest(reqURL, "POST").Response() resp, err := newInternalRequest(reqURL, "GET").Response()
if err != nil { if err != nil {
return err return false, err
} }
defer resp.Body.Close()
if resp.StatusCode == 200 {
return true, nil
}
return false, nil
}
// AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
// user does not have access.
func AccessLevel(userID, repoID int64) (*models.AccessMode, error) {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/user/%d/accesslevel", repoID, userID)
log.GitLogger.Trace("AccessLevel: %s", reqURL)
resp, err := newInternalRequest(reqURL, "GET").Response()
if err != nil {
return nil, err
}
defer resp.Body.Close() defer resp.Body.Close()
// All 2XX status codes are accepted and others will return an error if resp.StatusCode != 200 {
if resp.StatusCode/100 != 2 { return nil, fmt.Errorf("Failed to get user access level: %s", decodeJSONError(resp).Err)
return fmt.Errorf("Failed to update public key: %s", decodeJSONError(resp).Err) }
var a models.AccessMode
if err := json.NewDecoder(resp.Body).Decode(&a); err != nil {
return nil, err
} }
return nil
return &a, nil
}
// GetRepositoryByOwnerAndName returns the repository by given ownername and reponame.
func GetRepositoryByOwnerAndName(ownerName, repoName string) (*models.Repository, error) {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repo/%s/%s", ownerName, repoName)
log.GitLogger.Trace("GetRepositoryByOwnerAndName: %s", reqURL)
resp, err := newInternalRequest(reqURL, "GET").Response()
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
return nil, fmt.Errorf("Failed to get repository: %s", decodeJSONError(resp).Err)
}
var repo models.Repository
if err := json.NewDecoder(resp.Body).Decode(&repo); err != nil {
return nil, err
}
return &repo, nil
} }

116
modules/private/key.go
Unescape View File

@ -0,0 +1,116 @@
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package private
import (
"encoding/json"
"fmt"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
)
// UpdateDeployKeyUpdated update deploy key updates
func UpdateDeployKeyUpdated(keyID int64, repoID int64) error {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/keys/%d/update", repoID, keyID)
log.GitLogger.Trace("UpdateDeployKeyUpdated: %s", reqURL)
resp, err := newInternalRequest(reqURL, "POST").Response()
if err != nil {
return err
}
defer resp.Body.Close()
// All 2XX status codes are accepted and others will return an error
if resp.StatusCode/100 != 2 {
return fmt.Errorf("Failed to update deploy key: %s", decodeJSONError(resp).Err)
}
return nil
}
// HasDeployKey check if repo has deploy key
func HasDeployKey(keyID, repoID int64) (bool, error) {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/has-keys/%d", repoID, keyID)
log.GitLogger.Trace("HasDeployKey: %s", reqURL)
resp, err := newInternalRequest(reqURL, "GET").Response()
if err != nil {
return false, err
}
defer resp.Body.Close()
if resp.StatusCode == 200 {
return true, nil
}
return false, nil
}
// GetPublicKeyByID get public ssh key by his ID
func GetPublicKeyByID(keyID int64) (*models.PublicKey, error) {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/ssh/%d", keyID)
log.GitLogger.Trace("GetPublicKeyByID: %s", reqURL)
resp, err := newInternalRequest(reqURL, "GET").Response()
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
return nil, fmt.Errorf("Failed to get repository: %s", decodeJSONError(resp).Err)
}
var pKey models.PublicKey
if err := json.NewDecoder(resp.Body).Decode(&pKey); err != nil {
return nil, err
}
return &pKey, nil
}
// GetUserByKeyID get user attached to key
func GetUserByKeyID(keyID int64) (*models.User, error) {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/ssh/%d/user", keyID)
log.GitLogger.Trace("GetUserByKeyID: %s", reqURL)
resp, err := newInternalRequest(reqURL, "GET").Response()
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
return nil, fmt.Errorf("Failed to get user: %s", decodeJSONError(resp).Err)
}
var user models.User
if err := json.NewDecoder(resp.Body).Decode(&user); err != nil {
return nil, err
}
return &user, nil
}
// UpdatePublicKeyUpdated update public key updates
func UpdatePublicKeyUpdated(keyID int64) error {
// Ask for running deliver hook and test pull request tasks.
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/ssh/%d/update", keyID)
log.GitLogger.Trace("UpdatePublicKeyUpdated: %s", reqURL)
resp, err := newInternalRequest(reqURL, "POST").Response()
if err != nil {
return err
}
defer resp.Body.Close()
// All 2XX status codes are accepted and others will return an error
if resp.StatusCode/100 != 2 {
return fmt.Errorf("Failed to update public key: %s", decodeJSONError(resp).Err)
}
return nil
}

56
routers/private/internal.go
Unescape View File

@ -23,26 +23,74 @@ func CheckInternalToken(ctx *macaron.Context) {
} }
} }
// UpdatePublicKey update publick key updates //GetRepositoryByOwnerAndName chainload to models.GetRepositoryByOwnerAndName
func UpdatePublicKey(ctx *macaron.Context) { func GetRepositoryByOwnerAndName(ctx *macaron.Context) {
keyID := ctx.ParamsInt64(":id") //TODO use repo.Get(ctx *context.APIContext) ?
if err := models.UpdatePublicKeyUpdated(keyID); err != nil { ownerName := ctx.Params(":owner")
repoName := ctx.Params(":repo")
repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)
if err != nil {
ctx.JSON(500, map[string]interface{}{ ctx.JSON(500, map[string]interface{}{
"err": err.Error(), "err": err.Error(),
}) })
return return
} }
ctx.JSON(200, repo)
}
//AccessLevel chainload to models.AccessLevel
func AccessLevel(ctx *macaron.Context) {
repoID := ctx.ParamsInt64(":repoid")
userID := ctx.ParamsInt64(":userid")
repo, err := models.GetRepositoryByID(repoID)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"err": err.Error(),
})
return
}
al, err := models.AccessLevel(userID, repo)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"err": err.Error(),
})
return
}
ctx.JSON(200, al)
}
//CheckUnitUser chainload to models.CheckUnitUser
func CheckUnitUser(ctx *macaron.Context) {
repoID := ctx.ParamsInt64(":repoid")
userID := ctx.ParamsInt64(":userid")
repo, err := models.GetRepositoryByID(repoID)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"err": err.Error(),
})
return
}
if repo.CheckUnitUser(userID, ctx.QueryBool("isAdmin"), models.UnitType(ctx.QueryInt("unitType"))) {
ctx.PlainText(200, []byte("success")) ctx.PlainText(200, []byte("success"))
return
}
ctx.PlainText(404, []byte("no access"))
} }
// RegisterRoutes registers all internal APIs routes to web application. // RegisterRoutes registers all internal APIs routes to web application.
// These APIs will be invoked by internal commands for example `gitea serv` and etc. // These APIs will be invoked by internal commands for example `gitea serv` and etc.
func RegisterRoutes(m *macaron.Macaron) { func RegisterRoutes(m *macaron.Macaron) {
m.Group("/", func() { m.Group("/", func() {
m.Get("/ssh/:id", GetPublicKeyByID)
m.Get("/ssh/:id/user", GetUserByKeyID)
m.Post("/ssh/:id/update", UpdatePublicKey) m.Post("/ssh/:id/update", UpdatePublicKey)
m.Post("/repositories/:repoid/keys/:keyid/update", UpdateDeployKey)
m.Get("/repositories/:repoid/user/:userid/accesslevel", AccessLevel)
m.Get("/repositories/:repoid/user/:userid/checkunituser", CheckUnitUser)
m.Get("/repositories/:repoid/has-keys/:keyid", HasDeployKey)
m.Post("/push/update", PushUpdate) m.Post("/push/update", PushUpdate)
m.Get("/protectedbranch/:pbid/:userid", CanUserPush) m.Get("/protectedbranch/:pbid/:userid", CanUserPush)
m.Get("/repo/:owner/:repo", GetRepositoryByOwnerAndName)
m.Get("/branch/:id/*", GetProtectedBranchBy) m.Get("/branch/:id/*", GetProtectedBranchBy)
m.Get("/repository/:rid", GetRepository) m.Get("/repository/:rid", GetRepository)
m.Get("/active-pull-request", GetActivePullRequest) m.Get("/active-pull-request", GetActivePullRequest)

84
routers/private/key.go
Unescape View File

@ -0,0 +1,84 @@
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
// Package private includes all internal routes. The package name internal is ideal but Golang is not allowed, so we use private as package name instead.
package private
import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/util"
macaron "gopkg.in/macaron.v1"
)
// UpdateDeployKey update deploy key updates
func UpdateDeployKey(ctx *macaron.Context) {
repoID := ctx.ParamsInt64(":repoid")
keyID := ctx.ParamsInt64(":keyid")
deployKey, err := models.GetDeployKeyByRepo(keyID, repoID)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"err": err.Error(),
})
return
}
deployKey.UpdatedUnix = util.TimeStampNow()
if err = models.UpdateDeployKeyCols(deployKey, "updated_unix"); err != nil {
ctx.JSON(500, map[string]interface{}{
"err": err.Error(),
})
return
}
ctx.PlainText(200, []byte("success"))
}
// UpdatePublicKey update publick key updates
func UpdatePublicKey(ctx *macaron.Context) {
keyID := ctx.ParamsInt64(":id")
if err := models.UpdatePublicKeyUpdated(keyID); err != nil {
ctx.JSON(500, map[string]interface{}{
"err": err.Error(),
})
return
}
ctx.PlainText(200, []byte("success"))
}
//GetPublicKeyByID chainload to models.GetPublicKeyByID
func GetPublicKeyByID(ctx *macaron.Context) {
keyID := ctx.ParamsInt64(":id")
key, err := models.GetPublicKeyByID(keyID)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"err": err.Error(),
})
return
}
ctx.JSON(200, key)
}
//GetUserByKeyID chainload to models.GetUserByKeyID
func GetUserByKeyID(ctx *macaron.Context) {
keyID := ctx.ParamsInt64(":id")
user, err := models.GetUserByKeyID(keyID)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"err": err.Error(),
})
return
}
ctx.JSON(200, user)
}
//HasDeployKey chainload to models.HasDeployKey
func HasDeployKey(ctx *macaron.Context) {
repoID := ctx.ParamsInt64(":repoid")
keyID := ctx.ParamsInt64(":keyid")
if models.HasDeployKey(keyID, repoID) {
ctx.PlainText(200, []byte("success"))
return
}
ctx.PlainText(404, []byte("not found"))
}
Write Preview
Loading…
Cancel
Save