mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-09-23 04:00:12 +00:00
Code Issues Projects Releases Wiki Activity
woodpecker/server/router/middleware/session/repo.go

209 lines
4.5 KiB
Go
Raw Normal View History

add apache license header to files
2018-02-19 22:24:10 +00:00
// Copyright 2018 Drone.IO Inc.
Just fixed format with go fmt ./...
2018-03-21 13:02:17 +00:00
//
add apache license header to files
2018-02-19 22:24:10 +00:00
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
Just fixed format with go fmt ./...
2018-03-21 13:02:17 +00:00
//
add apache license header to files
2018-02-19 22:24:10 +00:00
// http://www.apache.org/licenses/LICENSE-2.0
Just fixed format with go fmt ./...
2018-03-21 13:02:17 +00:00
//
add apache license header to files
2018-02-19 22:24:10 +00:00
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
updated vendor files and paths
2015-09-30 01:21:17 +00:00
package session
import (
Various fixes and improvements (#1643) - allow repo names to be case-insensitive - improve backend error handling on DB get errors (record not found -> 404, else -> 500) - replace magic numbers of http response codes - unify the look and feel of cancel / save buttons on forms and view them in one line --------- Co-authored-by: Lauris BH <lauris@nix.lv>
2023-03-19 12:52:58 +00:00
"errors"
updated vendor files and paths
2015-09-30 01:21:17 +00:00
"net/http"
Access repos by their ids (#1691) closes #1295 closes #648 # TODO - [x] add new routes with `:repoID` - [x] load repo in middleware using `:repoID` if present - [x] update UI routes `:owner/:name` to `:repoID` - [x] load repos using id in UI - [x] add lookup endpoint `:owner/:name` to `:repoID` - [x] redirect `:owner/:name` to `:repoID` in UI - [x] use badge with `:repoID` route in UI - [x] update `woodpecker-go` - [x] check cli - [x] add migrations / deprecation notes - [x] check if #648 got solved directly - [x] Test - [x] create repo - [x] repo pages - [x] ui redirects - [x] forge status links
2023-06-12 23:07:52 +00:00
"strconv"
Check permissions on repo lookup (#2357) There was no permission check when looking up repos so you were able to get basic repo information even if you're not allowed to. This uses `session.MustPull` (and set repo/perms before) to fix this.
2023-08-30 14:35:34 +00:00
"strings"
implement sync logic
2017-07-14 19:58:38 +00:00
"time"
updated vendor files and paths
2015-09-30 01:21:17 +00:00
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
2021-10-12 07:25:13 +00:00
"github.com/gin-gonic/gin"
Server obtain remote from glob config not from context (#540)
2021-11-26 12:01:54 +00:00
"github.com/rs/zerolog/log"
Clean up logging (#3161) - use `Err` method instead of format strings - use `Msg` if no format string is used
2024-01-10 19:57:12 +00:00
Update go module path for major version 2 (#2905) https://go.dev/doc/modules/release-workflow#breaking Fixes https://github.com/woodpecker-ci/woodpecker/issues/2913 fixes #2654 ``` runephilosof@fedora:~/code/platform-woodpecker/woodpecker-repo-configurator (master)$ go get go.woodpecker-ci.org/woodpecker@v2.0.0 go: go.woodpecker-ci.org/woodpecker@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("go.woodpecker-ci.org/woodpecker/v2") ``` --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2023-12-08 07:15:08 +00:00
"go.woodpecker-ci.org/woodpecker/v2/server"
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de>
2023-03-21 22:01:59 +00:00
Update go module path for major version 2 (#2905) https://go.dev/doc/modules/release-workflow#breaking Fixes https://github.com/woodpecker-ci/woodpecker/issues/2913 fixes #2654 ``` runephilosof@fedora:~/code/platform-woodpecker/woodpecker-repo-configurator (master)$ go get go.woodpecker-ci.org/woodpecker@v2.0.0 go: go.woodpecker-ci.org/woodpecker@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("go.woodpecker-ci.org/woodpecker/v2") ``` --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2023-12-08 07:15:08 +00:00
"go.woodpecker-ci.org/woodpecker/v2/server/model"
"go.woodpecker-ci.org/woodpecker/v2/server/store"
"go.woodpecker-ci.org/woodpecker/v2/server/store/types"
updated vendor files and paths
2015-09-30 01:21:17 +00:00
)
cleaning up the middleware and adding caching with TTL
2015-10-13 09:08:08 +00:00
func Repo(c *gin.Context) *model.Repo {
v, ok := c.Get("repo")
if !ok {
return nil
updated vendor files and paths
2015-09-30 01:21:17 +00:00
}
cleaning up the middleware and adding caching with TTL
2015-10-13 09:08:08 +00:00
r, ok := v.(*model.Repo)
if !ok {
return nil
}
Fix nil pointer in repo repair (#1804) Address **Bug 2** from the following issue https://github.com/woodpecker-ci/woodpecker/issues/1712
2023-06-02 10:25:09 +00:00
r.Perm = Perm(c)
cleaning up the middleware and adding caching with TTL
2015-10-13 09:08:08 +00:00
return r
updated vendor files and paths
2015-09-30 01:21:17 +00:00
}
func SetRepo() gin.HandlerFunc {
return func(c *gin.Context) {
var (
Check permissions on repo lookup (#2357) There was no permission check when looking up repos so you were able to get basic repo information even if you're not allowed to. This uses `session.MustPull` (and set repo/perms before) to fix this.
2023-08-30 14:35:34 +00:00
_store = store.FromContext(c)
fullName = strings.TrimLeft(c.Param("repo_full_name"), "/")
_repoID = c.Param("repo_id")
user = User(c)
updated vendor files and paths
2015-09-30 01:21:17 +00:00
)
Access repos by their ids (#1691) closes #1295 closes #648 # TODO - [x] add new routes with `:repoID` - [x] load repo in middleware using `:repoID` if present - [x] update UI routes `:owner/:name` to `:repoID` - [x] load repos using id in UI - [x] add lookup endpoint `:owner/:name` to `:repoID` - [x] redirect `:owner/:name` to `:repoID` in UI - [x] use badge with `:repoID` route in UI - [x] update `woodpecker-go` - [x] check cli - [x] add migrations / deprecation notes - [x] check if #648 got solved directly - [x] Test - [x] create repo - [x] repo pages - [x] ui redirects - [x] forge status links
2023-06-12 23:07:52 +00:00
var repo *model.Repo
var err error
if _repoID != "" {
var repoID int64
repoID, err = strconv.ParseInt(_repoID, 10, 64)
if err != nil {
c.AbortWithStatus(http.StatusBadRequest)
return
}
repo, err = _store.GetRepo(repoID)
} else {
Check permissions on repo lookup (#2357) There was no permission check when looking up repos so you were able to get basic repo information even if you're not allowed to. This uses `session.MustPull` (and set repo/perms before) to fix this.
2023-08-30 14:35:34 +00:00
repo, err = _store.GetRepoName(fullName)
Access repos by their ids (#1691) closes #1295 closes #648 # TODO - [x] add new routes with `:repoID` - [x] load repo in middleware using `:repoID` if present - [x] update UI routes `:owner/:name` to `:repoID` - [x] load repos using id in UI - [x] add lookup endpoint `:owner/:name` to `:repoID` - [x] redirect `:owner/:name` to `:repoID` in UI - [x] use badge with `:repoID` route in UI - [x] update `woodpecker-go` - [x] check cli - [x] add migrations / deprecation notes - [x] check if #648 got solved directly - [x] Test - [x] create repo - [x] repo pages - [x] ui redirects - [x] forge status links
2023-06-12 23:07:52 +00:00
}
if repo != nil {
updated vendor files and paths
2015-09-30 01:21:17 +00:00
c.Set("repo", repo)
c.Next()
return
}
fixed router and removed unused HTML pages
2016-07-11 02:08:52 +00:00
// debugging
Clean up logging (#3161) - use `Err` method instead of format strings - use `Msg` if no format string is used
2024-01-10 19:57:12 +00:00
log.Debug().Err(err).Msgf("Cannot find repository %s", fullName)
updated vendor files and paths
2015-09-30 01:21:17 +00:00
Access repos by their ids (#1691) closes #1295 closes #648 # TODO - [x] add new routes with `:repoID` - [x] load repo in middleware using `:repoID` if present - [x] update UI routes `:owner/:name` to `:repoID` - [x] load repos using id in UI - [x] add lookup endpoint `:owner/:name` to `:repoID` - [x] redirect `:owner/:name` to `:repoID` in UI - [x] use badge with `:repoID` route in UI - [x] update `woodpecker-go` - [x] check cli - [x] add migrations / deprecation notes - [x] check if #648 got solved directly - [x] Test - [x] create repo - [x] repo pages - [x] ui redirects - [x] forge status links
2023-06-12 23:07:52 +00:00
if user == nil {
fixed router and removed unused HTML pages
2016-07-11 02:08:52 +00:00
c.AbortWithStatus(http.StatusUnauthorized)
Access repos by their ids (#1691) closes #1295 closes #648 # TODO - [x] add new routes with `:repoID` - [x] load repo in middleware using `:repoID` if present - [x] update UI routes `:owner/:name` to `:repoID` - [x] load repos using id in UI - [x] add lookup endpoint `:owner/:name` to `:repoID` - [x] redirect `:owner/:name` to `:repoID` in UI - [x] use badge with `:repoID` route in UI - [x] update `woodpecker-go` - [x] check cli - [x] add migrations / deprecation notes - [x] check if #648 got solved directly - [x] Test - [x] create repo - [x] repo pages - [x] ui redirects - [x] forge status links
2023-06-12 23:07:52 +00:00
return
updated vendor files and paths
2015-09-30 01:21:17 +00:00
}
Access repos by their ids (#1691) closes #1295 closes #648 # TODO - [x] add new routes with `:repoID` - [x] load repo in middleware using `:repoID` if present - [x] update UI routes `:owner/:name` to `:repoID` - [x] load repos using id in UI - [x] add lookup endpoint `:owner/:name` to `:repoID` - [x] redirect `:owner/:name` to `:repoID` in UI - [x] use badge with `:repoID` route in UI - [x] update `woodpecker-go` - [x] check cli - [x] add migrations / deprecation notes - [x] check if #648 got solved directly - [x] Test - [x] create repo - [x] repo pages - [x] ui redirects - [x] forge status links
2023-06-12 23:07:52 +00:00
if errors.Is(err, types.RecordNotExist) {
c.AbortWithStatus(http.StatusNotFound)
return
}
_ = c.AbortWithError(http.StatusInternalServerError, err)
updated vendor files and paths
2015-09-30 01:21:17 +00:00
}
}
func Perm(c *gin.Context) *model.Perm {
v, ok := c.Get("perm")
if !ok {
return nil
}
u, ok := v.(*model.Perm)
if !ok {
return nil
}
return u
}
func SetPerm() gin.HandlerFunc {
return func(c *gin.Context) {
Add linter revive (#554) * Add linter revive * Add underscore to variable name to prevent shadowing * Remove unnecessary leading underscore * Revert changes to vendor file * export ConfigFetcher as interface * no 'yoda conditions' * rename envsubst Co-authored-by: 6543 <6543@obermui.de>
2021-12-01 13:22:06 +00:00
_store := store.FromContext(c)
updated vendor files and paths
2015-09-30 01:21:17 +00:00
user := User(c)
repo := Repo(c)
fix nil perm issue
2017-09-14 22:20:20 +00:00
perm := new(model.Perm)
updated vendor files and paths
2015-09-30 01:21:17 +00:00
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de>
2023-03-21 22:01:59 +00:00
if user != nil {
updated vendor files and paths
2015-09-30 01:21:17 +00:00
var err error
Add linter revive (#554) * Add linter revive * Add underscore to variable name to prevent shadowing * Remove unnecessary leading underscore * Revert changes to vendor file * export ConfigFetcher as interface * no 'yoda conditions' * rename envsubst Co-authored-by: 6543 <6543@obermui.de>
2021-12-01 13:22:06 +00:00
perm, err = _store.PermFind(user, repo)
updated vendor files and paths
2015-09-30 01:21:17 +00:00
if err != nil {
Clean up logging (#3161) - use `Err` method instead of format strings - use `Msg` if no format string is used
2024-01-10 19:57:12 +00:00
log.Error().Err(err).Msgf("Error fetching permission for %s %s",
user.Login, repo.FullName)
implement sync logic
2017-07-14 19:58:38 +00:00
}
if time.Unix(perm.Synced, 0).Add(time.Hour).Before(time.Now()) {
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de>
2023-03-21 22:01:59 +00:00
_repo, err := server.Config.Services.Forge.Repo(c, user, repo.ForgeRemoteID, repo.Owner, repo.Name)
implement sync logic
2017-07-14 19:58:38 +00:00
if err == nil {
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
2021-10-12 07:25:13 +00:00
log.Debug().Msgf("Synced user permission for %s %s", user.Login, repo.FullName)
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de>
2023-03-21 22:01:59 +00:00
perm = _repo.Perm
Fetch repositories with remote ID if possible (#1078) Use IDs of the forge to fetch repositories instead of their names and owner names. This improves handling of renamed and transferred repos. TODO - [ ] try to support as many forges as possible - [x] Gogs (no API) - [ ] Bitbucket Server - [x] Coding (no API?) - [x] update repo every time it is fetched or received from the forge - [x] if repo remote IDs are not available, use owner / name to get it - [x] handle redirections (redirect a renamed repo to its new path) - [x] ~~pull all repos once during migration to update ID (?)~~ issue fixed by on-demand loading of remote IDs - [x] handle redirections in web UI - [ ] improve handling of hooks after a repo was renamed (currently it checks for a redirection to the repo) - [x] tests - [x] `UNIQUE` constraint for remote IDs after migration shouldn't work (all repos have an empty string as remote ID) close #854 close #648 partial close https://codeberg.org/Codeberg-CI/feedback/issues/46 Possible follow-up PRs - apply the same scheme on everything fetched from the remote (currently only users) Co-authored-by: 6543 <6543@obermui.de>
2022-09-05 15:08:51 +00:00
perm.Repo = repo
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de>
2023-03-21 22:01:59 +00:00
perm.RepoID = repo.ID
implement sync logic
2017-07-14 19:58:38 +00:00
perm.UserID = user.ID
perm.Synced = time.Now().Unix()
Add linter revive (#554) * Add linter revive * Add underscore to variable name to prevent shadowing * Remove unnecessary leading underscore * Revert changes to vendor file * export ConfigFetcher as interface * no 'yoda conditions' * rename envsubst Co-authored-by: 6543 <6543@obermui.de>
2021-12-01 13:22:06 +00:00
if err := _store.PermUpsert(perm); err != nil {
Drop error only on purpose or else report back or log (#514) - Remove Deadcode - Simplify Code - Drop error only on purpose
2021-11-23 14:36:52 +00:00
_ = c.AbortWithError(http.StatusInternalServerError, err)
return
}
implement sync logic
2017-07-14 19:58:38 +00:00
}
updated vendor files and paths
2015-09-30 01:21:17 +00:00
}
}
fix nil perm issue
2017-09-14 22:20:20 +00:00
if perm == nil {
perm = new(model.Perm)
}
improve UI loader
2017-09-08 00:43:33 +00:00
if user != nil && user.Admin {
perm.Pull = true
perm.Push = true
perm.Admin = true
}
Do not store inactive repos (#1658) Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de>
2023-03-21 22:01:59 +00:00
if repo.Visibility == model.VisibilityPublic || (repo.Visibility == model.VisibilityInternal && user != nil) {
Add public mode
2016-02-05 19:13:34 +00:00
perm.Pull = true
}
updated vendor files and paths
2015-09-30 01:21:17 +00:00
if user != nil {
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
2021-10-12 07:25:13 +00:00
log.Debug().Msgf("%s granted %+v permission to %s",
updated vendor files and paths
2015-09-30 01:21:17 +00:00
user.Login, perm, repo.FullName)
} else {
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
2021-10-12 07:25:13 +00:00
log.Debug().Msgf("Guest granted %+v to %s", perm, repo.FullName)
updated vendor files and paths
2015-09-30 01:21:17 +00:00
}
c.Set("perm", perm)
c.Next()
}
}
func MustPull(c *gin.Context) {
user := User(c)
perm := Perm(c)
if perm.Pull {
c.Next()
return
}
fixed router and removed unused HTML pages
2016-07-11 02:08:52 +00:00
// debugging
if user != nil {
c.AbortWithStatus(http.StatusNotFound)
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
2021-10-12 07:25:13 +00:00
log.Debug().Msgf("User %s denied read access to %s",
fixed router and removed unused HTML pages
2016-07-11 02:08:52 +00:00
user.Login, c.Request.URL.Path)
} else {
c.AbortWithStatus(http.StatusUnauthorized)
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
2021-10-12 07:25:13 +00:00
log.Debug().Msgf("Guest denied read access to %s %s",
fixed router and removed unused HTML pages
2016-07-11 02:08:52 +00:00
c.Request.Method,
c.Request.URL.Path,
)
}
updated vendor files and paths
2015-09-30 01:21:17 +00:00
}
func MustPush(c *gin.Context) {
user := User(c)
perm := Perm(c)
// if the user has push access, immediately proceed
// the middleware execution chain.
if perm.Push {
c.Next()
return
}
// debugging
if user != nil {
fixed router and removed unused HTML pages
2016-07-11 02:08:52 +00:00
c.AbortWithStatus(http.StatusNotFound)
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
2021-10-12 07:25:13 +00:00
log.Debug().Msgf("User %s denied write access to %s",
updated vendor files and paths
2015-09-30 01:21:17 +00:00
user.Login, c.Request.URL.Path)
} else {
fixed router and removed unused HTML pages
2016-07-11 02:08:52 +00:00
c.AbortWithStatus(http.StatusUnauthorized)
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
2021-10-12 07:25:13 +00:00
log.Debug().Msgf("Guest denied write access to %s %s",
updated vendor files and paths
2015-09-30 01:21:17 +00:00
c.Request.Method,
c.Request.URL.Path,
)
}
}
Reference in a new issue Copy permalink