diff --git a/server/api/repo.go b/server/api/repo.go index e29aa3b37..23b060bf1 100644 --- a/server/api/repo.go +++ b/server/api/repo.go @@ -31,6 +31,10 @@ import ( "github.com/woodpecker-ci/woodpecker/shared/token" ) +// TODO: make it set system wide via environment variables +const defaultTimeout = 60 // 1 hour default build time +const maxTimeout = defaultTimeout * 2 + func PostRepo(c *gin.Context) { remote_ := server.Config.Services.Remote store_ := store.FromContext(c) @@ -38,7 +42,7 @@ func PostRepo(c *gin.Context) { repo := session.Repo(c) if repo.IsActive { - c.String(409, "Repository is already active.") + c.String(http.StatusConflict, "Repository is already active.") return } @@ -54,7 +58,9 @@ func PostRepo(c *gin.Context) { } if repo.Timeout == 0 { - repo.Timeout = 60 // 1 hour default build time + repo.Timeout = defaultTimeout + } else if repo.Timeout > maxTimeout { + repo.Timeout = maxTimeout } if repo.Hash == "" { @@ -67,7 +73,7 @@ func PostRepo(c *gin.Context) { t := token.New(token.HookToken, repo.FullName) sig, err := t.Sign(repo.Hash) if err != nil { - c.String(500, err.Error()) + c.String(http.StatusInternalServerError, err.Error()) return } @@ -79,7 +85,7 @@ func PostRepo(c *gin.Context) { err = remote_.Activate(c, user, repo, link) if err != nil { - c.String(500, err.Error()) + c.String(http.StatusInternalServerError, err.Error()) return } @@ -90,11 +96,11 @@ func PostRepo(c *gin.Context) { err = store_.UpdateRepo(repo) if err != nil { - c.String(500, err.Error()) + c.String(http.StatusInternalServerError, err.Error()) return } - c.JSON(200, repo) + c.JSON(http.StatusOK, repo) } func PatchRepo(c *gin.Context) { @@ -108,8 +114,12 @@ func PatchRepo(c *gin.Context) { return } - if (in.IsTrusted != nil || in.Timeout != nil) && !user.Admin { - c.String(403, "Insufficient privileges") + if in.Timeout != nil && *in.Timeout > maxTimeout && !user.Admin { + c.String(http.StatusForbidden, fmt.Sprintf("Timeout is not allowed to be higher than max timeout (%dmin)", maxTimeout)) + } + if in.IsTrusted != nil && *in.IsTrusted != repo.IsTrusted && !user.Admin { + log.Trace().Msgf("user '%s' wants to make repo trusted without being an instance admin ", user.Login) + c.String(http.StatusForbidden, "Insufficient privileges") return } @@ -133,7 +143,7 @@ func PatchRepo(c *gin.Context) { case string(model.VisibilityInternal), string(model.VisibilityPrivate), string(model.VisibilityPublic): repo.Visibility = model.RepoVisibly(*in.Visibility) default: - c.String(400, "Invalid visibility type") + c.String(http.StatusBadRequest, "Invalid visibility type") return } }