mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-09-03 12:43:48 +00:00
Code Issues Projects Releases Wiki Activity

Use forge IDs for hook tokens (#4897)

Browse source 
Co-authored-by: Robert Kaussow <xoxys@rknet.org>
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com>
This commit is contained in:
qwerty287 2025-02-25 17:07:37 +02:00 committed by GitHub
parent f47165ff9f
commit 64578bff46
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 19 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
server/api/hook.go
View file

@ -248,7 +248,18 @@ func PostHook(c *gin.Context) {
}
func getRepoFromToken(store store.Store, t *token.Token) (*model.Repo, error) {
// try to get the repo by the repo-id
if t.Get("repo-forge-remote-id") != "" {
// TODO: use both the forge ID and repo forge remote ID
/*forgeID, err := strconv.ParseInt(t.Get("forge-id"), 10, 64)
if err != nil {
return nil, err
}*/
return store.GetRepoForgeID(model.ForgeRemoteID(t.Get("repo-forge-remote-id")))
}
// get the repo by the repo-id
// TODO: remove in next major
repoID, err := strconv.ParseInt(t.Get("repo-id"), 10, 64)
if err != nil {
return nil, err

11
server/api/repo.go
View file

@ -95,6 +95,7 @@ func PostRepo(c *gin.Context) {
repo.AllowPull = server.Config.Pipeline.DefaultAllowPullRequests
repo.AllowDeploy = false
repo.CancelPreviousPipelineEvents = server.Config.Pipeline.DefaultCancelPreviousPipelineEvents
repo.ForgeID = user.ForgeID // TODO: allow to use other connected forges of the user
}
repo.IsActive = true
repo.UserID = user.ID
@ -150,7 +151,8 @@ func PostRepo(c *gin.Context) {
// creates the jwt token used to verify the repository
t := token.New(token.HookToken)
t.Set("repo-id", strconv.FormatInt(repo.ID, 10))
t.Set("repo-forge-remote-id", string(forgeRemoteID))
t.Set("forge-id", strconv.FormatInt(repo.ForgeID, 10))
sig, err := t.Sign(repo.Hash)
if err != nil {
msg := "could not generate new jwt token."
@ -176,7 +178,6 @@ func PostRepo(c *gin.Context) {
if enabledOnce {
err = _store.UpdateRepo(repo)
} else {
repo.ForgeID = user.ForgeID // TODO: allow to use other connected forges of the user
err = _store.CreateRepo(repo)
}
if err != nil {
@ -561,7 +562,8 @@ func MoveRepo(c *gin.Context) {
// creates the jwt token used to verify the repository
t := token.New(token.HookToken)
t.Set("repo-id", strconv.FormatInt(repo.ID, 10))
t.Set("repo-forge-remote-id", string(repo.ForgeRemoteID))
t.Set("forge-id", strconv.FormatInt(repo.ForgeID, 10))
sig, err := t.Sign(repo.Hash)
if err != nil {
c.String(http.StatusInternalServerError, err.Error())
@ -668,7 +670,8 @@ func repairRepo(c *gin.Context, repo *model.Repo, withPerms, skipOnErr bool) {
// creates the jwt token used to verify the repository
t := token.New(token.HookToken)
t.Set("repo-id", strconv.FormatInt(repo.ID, 10))
t.Set("repo-forge-remote-id", string(repo.ForgeRemoteID))
t.Set("forge-id", strconv.FormatInt(repo.ForgeID, 10))
sig, err := t.Sign(repo.Hash)
if err != nil {
c.String(http.StatusInternalServerError, err.Error())