woodpecker/server/router/middleware/session/repo.go

// Copyright 2018 Drone.IO Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package session

import (
	"errors"
	"net/http"
	"time"

	"github.com/gin-gonic/gin"
	"github.com/rs/zerolog/log"
	"github.com/woodpecker-ci/woodpecker/server"

	"github.com/woodpecker-ci/woodpecker/server/model"
	"github.com/woodpecker-ci/woodpecker/server/store"
	"github.com/woodpecker-ci/woodpecker/server/store/types"
)

func Repo(c *gin.Context) *model.Repo {
	v, ok := c.Get("repo")
	if !ok {
		return nil
	}
	r, ok := v.(*model.Repo)
	if !ok {
		return nil
	}
	r.Perm = Perm(c)
	return r
}

func SetRepo() gin.HandlerFunc {
	return func(c *gin.Context) {
		var (
			_store = store.FromContext(c)
			owner  = c.Param("owner")
			name   = c.Param("name")
			user   = User(c)
		)

		repo, err := _store.GetRepoName(owner + "/" + name)
		if err == nil {
			c.Set("repo", repo)
			c.Next()
			return
		}

		// debugging
		log.Debug().Msgf("Cannot find repository %s/%s. %s",
			owner,
			name,
			err.Error(),
		)

		if user != nil {
			if errors.Is(err, types.RecordNotExist) {
				c.AbortWithStatus(http.StatusNotFound)
				return
			}
			_ = c.AbortWithError(http.StatusInternalServerError, err)
		} else {
			c.AbortWithStatus(http.StatusUnauthorized)
		}
	}
}

func Perm(c *gin.Context) *model.Perm {
	v, ok := c.Get("perm")
	if !ok {
		return nil
	}
	u, ok := v.(*model.Perm)
	if !ok {
		return nil
	}
	return u
}

func SetPerm() gin.HandlerFunc {
	return func(c *gin.Context) {
		_store := store.FromContext(c)
		user := User(c)
		repo := Repo(c)
		perm := new(model.Perm)

		if user != nil {
			var err error
			perm, err = _store.PermFind(user, repo)
			if err != nil {
				log.Error().Msgf("Error fetching permission for %s %s. %s",
					user.Login, repo.FullName, err)
			}
			if time.Unix(perm.Synced, 0).Add(time.Hour).Before(time.Now()) {
				_repo, err := server.Config.Services.Forge.Repo(c, user, repo.ForgeRemoteID, repo.Owner, repo.Name)
				if err == nil {
					log.Debug().Msgf("Synced user permission for %s %s", user.Login, repo.FullName)
					perm = _repo.Perm
					perm.Repo = repo
					perm.RepoID = repo.ID
					perm.UserID = user.ID
					perm.Synced = time.Now().Unix()
					if err := _store.PermUpsert(perm); err != nil {
						_ = c.AbortWithError(http.StatusInternalServerError, err)
						return
					}
				}
			}
		}

		if perm == nil {
			perm = new(model.Perm)
		}

		if user != nil && user.Admin {
			perm.Pull = true
			perm.Push = true
			perm.Admin = true
		}

		if repo.Visibility == model.VisibilityPublic || (repo.Visibility == model.VisibilityInternal && user != nil) {
			perm.Pull = true
		}

		if user != nil {
			log.Debug().Msgf("%s granted %+v permission to %s",
				user.Login, perm, repo.FullName)
		} else {
			log.Debug().Msgf("Guest granted %+v to %s", perm, repo.FullName)
		}

		c.Set("perm", perm)
		c.Next()
	}
}

func MustPull(c *gin.Context) {
	user := User(c)
	perm := Perm(c)

	if perm.Pull {
		c.Next()
		return
	}

	// debugging
	if user != nil {
		c.AbortWithStatus(http.StatusNotFound)
		log.Debug().Msgf("User %s denied read access to %s",
			user.Login, c.Request.URL.Path)
	} else {
		c.AbortWithStatus(http.StatusUnauthorized)
		log.Debug().Msgf("Guest denied read access to %s %s",
			c.Request.Method,
			c.Request.URL.Path,
		)
	}
}

func MustPush(c *gin.Context) {
	user := User(c)
	perm := Perm(c)

	// if the user has push access, immediately proceed
	// the middleware execution chain.
	if perm.Push {
		c.Next()
		return
	}

	// debugging
	if user != nil {
		c.AbortWithStatus(http.StatusNotFound)
		log.Debug().Msgf("User %s denied write access to %s",
			user.Login, c.Request.URL.Path)
	} else {
		c.AbortWithStatus(http.StatusUnauthorized)
		log.Debug().Msgf("Guest denied write access to %s %s",
			c.Request.Method,
			c.Request.URL.Path,
		)
	}
}
add apache license header to files 2018-02-19 22:24:10 +00:00			`// Copyright 2018 Drone.IO Inc.`
Just fixed format with go fmt ./... 2018-03-21 13:02:17 +00:00			`//`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
Just fixed format with go fmt ./... 2018-03-21 13:02:17 +00:00			`//`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// http://www.apache.org/licenses/LICENSE-2.0`
Just fixed format with go fmt ./... 2018-03-21 13:02:17 +00:00			`//`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

updated vendor files and paths 2015-09-30 01:21:17 +00:00			`package session`

			`import (`
Various fixes and improvements (#1643) - allow repo names to be case-insensitive - improve backend error handling on DB get errors (record not found -> 404, else -> 500) - replace magic numbers of http response codes - unify the look and feel of cancel / save buttons on forms and view them in one line --------- Co-authored-by: Lauris BH <lauris@nix.lv> 2023-03-19 12:52:58 +00:00			`"errors"`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`"net/http"`
implement sync logic 2017-07-14 19:58:38 +00:00			`"time"`
updated vendor files and paths 2015-09-30 01:21:17 +00:00
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 07:25:13 +00:00			`"github.com/gin-gonic/gin"`
Server obtain remote from glob config not from context (#540) 2021-11-26 12:01:54 +00:00			`"github.com/rs/zerolog/log"`
			`"github.com/woodpecker-ci/woodpecker/server"`
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de> 2023-03-21 22:01:59 +00:00
Refactor: move model/ to server/model/ (#366) 2021-09-27 17:51:55 +00:00			`"github.com/woodpecker-ci/woodpecker/server/model"`
Move package store/ to server/store/ (#341) * Refactor: move store/ to server/store/ * fix pipeline for moved tests Co-authored-by: 6543 <6543@obermui.de> 2021-09-23 11:33:59 +00:00			`"github.com/woodpecker-ci/woodpecker/server/store"`
Refactor nits (#1652) - https://github.com/woodpecker-ci/woodpecker/pull/1641/files#r1141405630 - https://github.com/woodpecker-ci/woodpecker/commit/ade8e6d010d2a1bebe08c17dfebca021c61b626d#r105091268 - https://github.com/woodpecker-ci/woodpecker/pull/1647/files#r1141410010 --------- Co-authored-by: Anbraten <anton@ju60.de> 2023-03-19 17:32:19 +00:00			`"github.com/woodpecker-ci/woodpecker/server/store/types"`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`)`

cleaning up the middleware and adding caching with TTL 2015-10-13 09:08:08 +00:00			`func Repo(c gin.Context) model.Repo {`
			`v, ok := c.Get("repo")`
			`if !ok {`
			`return nil`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`}`
cleaning up the middleware and adding caching with TTL 2015-10-13 09:08:08 +00:00			`r, ok := v.(*model.Repo)`
			`if !ok {`
			`return nil`
			`}`
Fix nil pointer in repo repair (#1804) Address Bug 2 from the following issue https://github.com/woodpecker-ci/woodpecker/issues/1712 2023-06-02 10:25:09 +00:00			`r.Perm = Perm(c)`
cleaning up the middleware and adding caching with TTL 2015-10-13 09:08:08 +00:00			`return r`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`}`

			`func SetRepo() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`var (`
Add linter revive (#554) * Add linter revive * Add underscore to variable name to prevent shadowing * Remove unnecessary leading underscore * Revert changes to vendor file * export ConfigFetcher as interface * no 'yoda conditions' * rename envsubst Co-authored-by: 6543 <6543@obermui.de> 2021-12-01 13:22:06 +00:00			`_store = store.FromContext(c)`
Remove some wrapper and make code more redable (#478) * meaningful var names * no context wrapper, use store directly * retrieve store from context once * rm store.GetRepoOwnerName 2021-10-28 09:12:58 +00:00			`owner = c.Param("owner")`
			`name = c.Param("name")`
			`user = User(c)`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`)`

Add linter revive (#554) * Add linter revive * Add underscore to variable name to prevent shadowing * Remove unnecessary leading underscore * Revert changes to vendor file * export ConfigFetcher as interface * no 'yoda conditions' * rename envsubst Co-authored-by: 6543 <6543@obermui.de> 2021-12-01 13:22:06 +00:00			`repo, err := _store.GetRepoName(owner + "/" + name)`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`if err == nil {`
			`c.Set("repo", repo)`
			`c.Next()`
			`return`
			`}`

fixed router and removed unused HTML pages 2016-07-11 02:08:52 +00:00			`// debugging`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 07:25:13 +00:00			`log.Debug().Msgf("Cannot find repository %s/%s. %s",`
fixed router and removed unused HTML pages 2016-07-11 02:08:52 +00:00			`owner,`
			`name,`
			`err.Error(),`
			`)`
updated vendor files and paths 2015-09-30 01:21:17 +00:00
fixed router and removed unused HTML pages 2016-07-11 02:08:52 +00:00			`if user != nil {`
Various fixes and improvements (#1643) - allow repo names to be case-insensitive - improve backend error handling on DB get errors (record not found -> 404, else -> 500) - replace magic numbers of http response codes - unify the look and feel of cancel / save buttons on forms and view them in one line --------- Co-authored-by: Lauris BH <lauris@nix.lv> 2023-03-19 12:52:58 +00:00			`if errors.Is(err, types.RecordNotExist) {`
			`c.AbortWithStatus(http.StatusNotFound)`
			`return`
			`}`
			`_ = c.AbortWithError(http.StatusInternalServerError, err)`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`} else {`
fixed router and removed unused HTML pages 2016-07-11 02:08:52 +00:00			`c.AbortWithStatus(http.StatusUnauthorized)`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`}`
			`}`
			`}`

			`func Perm(c gin.Context) model.Perm {`
			`v, ok := c.Get("perm")`
			`if !ok {`
			`return nil`
			`}`
			`u, ok := v.(*model.Perm)`
			`if !ok {`
			`return nil`
			`}`
			`return u`
			`}`

			`func SetPerm() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
Add linter revive (#554) * Add linter revive * Add underscore to variable name to prevent shadowing * Remove unnecessary leading underscore * Revert changes to vendor file * export ConfigFetcher as interface * no 'yoda conditions' * rename envsubst Co-authored-by: 6543 <6543@obermui.de> 2021-12-01 13:22:06 +00:00			`_store := store.FromContext(c)`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`user := User(c)`
			`repo := Repo(c)`
fix nil perm issue 2017-09-14 22:20:20 +00:00			`perm := new(model.Perm)`
updated vendor files and paths 2015-09-30 01:21:17 +00:00
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de> 2023-03-21 22:01:59 +00:00			`if user != nil {`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`var err error`
Add linter revive (#554) * Add linter revive * Add underscore to variable name to prevent shadowing * Remove unnecessary leading underscore * Revert changes to vendor file * export ConfigFetcher as interface * no 'yoda conditions' * rename envsubst Co-authored-by: 6543 <6543@obermui.de> 2021-12-01 13:22:06 +00:00			`perm, err = _store.PermFind(user, repo)`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`if err != nil {`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 07:25:13 +00:00			`log.Error().Msgf("Error fetching permission for %s %s. %s",`
implement sync logic 2017-07-14 19:58:38 +00:00			`user.Login, repo.FullName, err)`
			`}`
			`if time.Unix(perm.Synced, 0).Add(time.Hour).Before(time.Now()) {`
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de> 2023-03-21 22:01:59 +00:00			`_repo, err := server.Config.Services.Forge.Repo(c, user, repo.ForgeRemoteID, repo.Owner, repo.Name)`
implement sync logic 2017-07-14 19:58:38 +00:00			`if err == nil {`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 07:25:13 +00:00			`log.Debug().Msgf("Synced user permission for %s %s", user.Login, repo.FullName)`
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de> 2023-03-21 22:01:59 +00:00			`perm = _repo.Perm`
Fetch repositories with remote ID if possible (#1078) Use IDs of the forge to fetch repositories instead of their names and owner names. This improves handling of renamed and transferred repos. TODO - [ ] try to support as many forges as possible - [x] Gogs (no API) - [ ] Bitbucket Server - [x] Coding (no API?) - [x] update repo every time it is fetched or received from the forge - [x] if repo remote IDs are not available, use owner / name to get it - [x] handle redirections (redirect a renamed repo to its new path) - [x] ~~pull all repos once during migration to update ID (?)~~ issue fixed by on-demand loading of remote IDs - [x] handle redirections in web UI - [ ] improve handling of hooks after a repo was renamed (currently it checks for a redirection to the repo) - [x] tests - [x] `UNIQUE` constraint for remote IDs after migration shouldn't work (all repos have an empty string as remote ID) close #854 close #648 partial close https://codeberg.org/Codeberg-CI/feedback/issues/46 Possible follow-up PRs - apply the same scheme on everything fetched from the remote (currently only users) Co-authored-by: 6543 <6543@obermui.de> 2022-09-05 15:08:51 +00:00			`perm.Repo = repo`
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de> 2023-03-21 22:01:59 +00:00			`perm.RepoID = repo.ID`
implement sync logic 2017-07-14 19:58:38 +00:00			`perm.UserID = user.ID`
			`perm.Synced = time.Now().Unix()`
Add linter revive (#554) * Add linter revive * Add underscore to variable name to prevent shadowing * Remove unnecessary leading underscore * Revert changes to vendor file * export ConfigFetcher as interface * no 'yoda conditions' * rename envsubst Co-authored-by: 6543 <6543@obermui.de> 2021-12-01 13:22:06 +00:00			`if err := _store.PermUpsert(perm); err != nil {`
Drop error only on purpose or else report back or log (#514) - Remove Deadcode - Simplify Code - Drop error only on purpose 2021-11-23 14:36:52 +00:00			`_ = c.AbortWithError(http.StatusInternalServerError, err)`
			`return`
			`}`
implement sync logic 2017-07-14 19:58:38 +00:00			`}`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`}`
			`}`

fix nil perm issue 2017-09-14 22:20:20 +00:00			`if perm == nil {`
			`perm = new(model.Perm)`
			`}`

improve UI loader 2017-09-08 00:43:33 +00:00			`if user != nil && user.Admin {`
			`perm.Pull = true`
			`perm.Push = true`
			`perm.Admin = true`
			`}`

Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de> 2023-03-21 22:01:59 +00:00			`if repo.Visibility == model.VisibilityPublic \|\| (repo.Visibility == model.VisibilityInternal && user != nil) {`
Add public mode 2016-02-05 19:13:34 +00:00			`perm.Pull = true`
			`}`

updated vendor files and paths 2015-09-30 01:21:17 +00:00			`if user != nil {`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 07:25:13 +00:00			`log.Debug().Msgf("%s granted %+v permission to %s",`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`user.Login, perm, repo.FullName)`
			`} else {`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 07:25:13 +00:00			`log.Debug().Msgf("Guest granted %+v to %s", perm, repo.FullName)`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`}`

			`c.Set("perm", perm)`
			`c.Next()`
			`}`
			`}`

			`func MustPull(c *gin.Context) {`
			`user := User(c)`
			`perm := Perm(c)`

			`if perm.Pull {`
			`c.Next()`
			`return`
			`}`

fixed router and removed unused HTML pages 2016-07-11 02:08:52 +00:00			`// debugging`
			`if user != nil {`
			`c.AbortWithStatus(http.StatusNotFound)`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 07:25:13 +00:00			`log.Debug().Msgf("User %s denied read access to %s",`
fixed router and removed unused HTML pages 2016-07-11 02:08:52 +00:00			`user.Login, c.Request.URL.Path)`
			`} else {`
			`c.AbortWithStatus(http.StatusUnauthorized)`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 07:25:13 +00:00			`log.Debug().Msgf("Guest denied read access to %s %s",`
fixed router and removed unused HTML pages 2016-07-11 02:08:52 +00:00			`c.Request.Method,`
			`c.Request.URL.Path,`
			`)`
			`}`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`}`

			`func MustPush(c *gin.Context) {`
			`user := User(c)`
			`perm := Perm(c)`

			`// if the user has push access, immediately proceed`
			`// the middleware execution chain.`
			`if perm.Push {`
			`c.Next()`
			`return`
			`}`

			`// debugging`
			`if user != nil {`
fixed router and removed unused HTML pages 2016-07-11 02:08:52 +00:00			`c.AbortWithStatus(http.StatusNotFound)`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 07:25:13 +00:00			`log.Debug().Msgf("User %s denied write access to %s",`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`user.Login, c.Request.URL.Path)`
			`} else {`
fixed router and removed unused HTML pages 2016-07-11 02:08:52 +00:00			`c.AbortWithStatus(http.StatusUnauthorized)`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 07:25:13 +00:00			`log.Debug().Msgf("Guest denied write access to %s %s",`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`c.Request.Method,`
			`c.Request.URL.Path,`
			`)`
			`}`
			`}`