You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

376 lines
12 KiB

  1. // Copyright 2019 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. // Package private includes all internal routes. The package name internal is ideal but Golang is not allowed, so we use private as package name instead.
  5. package private
  6. import (
  7. "fmt"
  8. "net/http"
  9. "strings"
  10. "code.gitea.io/gitea/models"
  11. "code.gitea.io/gitea/modules/log"
  12. "code.gitea.io/gitea/modules/private"
  13. "code.gitea.io/gitea/modules/setting"
  14. repo_service "code.gitea.io/gitea/services/repository"
  15. wiki_service "code.gitea.io/gitea/services/wiki"
  16. "gitea.com/macaron/macaron"
  17. )
  18. // ServNoCommand returns information about the provided keyid
  19. func ServNoCommand(ctx *macaron.Context) {
  20. keyID := ctx.ParamsInt64(":keyid")
  21. if keyID <= 0 {
  22. ctx.JSON(http.StatusBadRequest, map[string]interface{}{
  23. "err": fmt.Sprintf("Bad key id: %d", keyID),
  24. })
  25. }
  26. results := private.KeyAndOwner{}
  27. key, err := models.GetPublicKeyByID(keyID)
  28. if err != nil {
  29. if models.IsErrKeyNotExist(err) {
  30. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  31. "err": fmt.Sprintf("Cannot find key: %d", keyID),
  32. })
  33. return
  34. }
  35. log.Error("Unable to get public key: %d Error: %v", keyID, err)
  36. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  37. "err": err.Error(),
  38. })
  39. return
  40. }
  41. results.Key = key
  42. if key.Type == models.KeyTypeUser {
  43. user, err := models.GetUserByID(key.OwnerID)
  44. if err != nil {
  45. if models.IsErrUserNotExist(err) {
  46. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  47. "err": fmt.Sprintf("Cannot find owner with id: %d for key: %d", key.OwnerID, keyID),
  48. })
  49. return
  50. }
  51. log.Error("Unable to get owner with id: %d for public key: %d Error: %v", key.OwnerID, keyID, err)
  52. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  53. "err": err.Error(),
  54. })
  55. return
  56. }
  57. results.Owner = user
  58. }
  59. ctx.JSON(http.StatusOK, &results)
  60. }
  61. // ServCommand returns information about the provided keyid
  62. func ServCommand(ctx *macaron.Context) {
  63. keyID := ctx.ParamsInt64(":keyid")
  64. ownerName := ctx.Params(":owner")
  65. repoName := ctx.Params(":repo")
  66. mode := models.AccessMode(ctx.QueryInt("mode"))
  67. // Set the basic parts of the results to return
  68. results := private.ServCommandResults{
  69. RepoName: repoName,
  70. OwnerName: ownerName,
  71. KeyID: keyID,
  72. }
  73. // Now because we're not translating things properly let's just default some Engish strings here
  74. modeString := "read"
  75. if mode > models.AccessModeRead {
  76. modeString = "write to"
  77. }
  78. // The default unit we're trying to look at is code
  79. unitType := models.UnitTypeCode
  80. // Unless we're a wiki...
  81. if strings.HasSuffix(repoName, ".wiki") {
  82. // in which case we need to look at the wiki
  83. unitType = models.UnitTypeWiki
  84. // And we'd better munge the reponame and tell downstream we're looking at a wiki
  85. results.IsWiki = true
  86. results.RepoName = repoName[:len(repoName)-5]
  87. }
  88. // Now get the Repository and set the results section
  89. repoExist := true
  90. repo, err := models.GetRepositoryByOwnerAndName(results.OwnerName, results.RepoName)
  91. if err != nil {
  92. if models.IsErrRepoNotExist(err) {
  93. repoExist = false
  94. for _, verb := range ctx.QueryStrings("verb") {
  95. if "git-upload-pack" == verb {
  96. // User is fetching/cloning a non-existent repository
  97. ctx.JSON(http.StatusNotFound, map[string]interface{}{
  98. "results": results,
  99. "type": "ErrRepoNotExist",
  100. "err": fmt.Sprintf("Cannot find repository: %s/%s", results.OwnerName, results.RepoName),
  101. })
  102. return
  103. }
  104. }
  105. } else {
  106. log.Error("Unable to get repository: %s/%s Error: %v", results.OwnerName, results.RepoName, err)
  107. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  108. "results": results,
  109. "type": "InternalServerError",
  110. "err": fmt.Sprintf("Unable to get repository: %s/%s %v", results.OwnerName, results.RepoName, err),
  111. })
  112. return
  113. }
  114. }
  115. if repoExist {
  116. repo.OwnerName = ownerName
  117. results.RepoID = repo.ID
  118. if repo.IsBeingCreated() {
  119. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  120. "results": results,
  121. "type": "InternalServerError",
  122. "err": "Repository is being created, you could retry after it finished",
  123. })
  124. return
  125. }
  126. // We can shortcut at this point if the repo is a mirror
  127. if mode > models.AccessModeRead && repo.IsMirror {
  128. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  129. "results": results,
  130. "type": "ErrMirrorReadOnly",
  131. "err": fmt.Sprintf("Mirror Repository %s/%s is read-only", results.OwnerName, results.RepoName),
  132. })
  133. return
  134. }
  135. }
  136. // Get the Public Key represented by the keyID
  137. key, err := models.GetPublicKeyByID(keyID)
  138. if err != nil {
  139. if models.IsErrKeyNotExist(err) {
  140. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  141. "results": results,
  142. "type": "ErrKeyNotExist",
  143. "err": fmt.Sprintf("Cannot find key: %d", keyID),
  144. })
  145. return
  146. }
  147. log.Error("Unable to get public key: %d Error: %v", keyID, err)
  148. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  149. "results": results,
  150. "type": "InternalServerError",
  151. "err": fmt.Sprintf("Unable to get key: %d Error: %v", keyID, err),
  152. })
  153. return
  154. }
  155. results.KeyName = key.Name
  156. results.KeyID = key.ID
  157. results.UserID = key.OwnerID
  158. // If repo doesn't exist, deploy key doesn't make sense
  159. if !repoExist && key.Type == models.KeyTypeDeploy {
  160. ctx.JSON(http.StatusNotFound, map[string]interface{}{
  161. "results": results,
  162. "type": "ErrRepoNotExist",
  163. "err": fmt.Sprintf("Cannot find repository %s/%s", results.OwnerName, results.RepoName),
  164. })
  165. return
  166. }
  167. // Deploy Keys have ownerID set to 0 therefore we can't use the owner
  168. // So now we need to check if the key is a deploy key
  169. // We'll keep hold of the deploy key here for permissions checking
  170. var deployKey *models.DeployKey
  171. var user *models.User
  172. if key.Type == models.KeyTypeDeploy {
  173. results.IsDeployKey = true
  174. var err error
  175. deployKey, err = models.GetDeployKeyByRepo(key.ID, repo.ID)
  176. if err != nil {
  177. if models.IsErrDeployKeyNotExist(err) {
  178. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  179. "results": results,
  180. "type": "ErrDeployKeyNotExist",
  181. "err": fmt.Sprintf("Public (Deploy) Key: %d:%s is not authorized to %s %s/%s.", key.ID, key.Name, modeString, results.OwnerName, results.RepoName),
  182. })
  183. return
  184. }
  185. log.Error("Unable to get deploy for public (deploy) key: %d in %-v Error: %v", key.ID, repo, err)
  186. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  187. "results": results,
  188. "type": "InternalServerError",
  189. "err": fmt.Sprintf("Unable to get Deploy Key for Public Key: %d:%s in %s/%s.", key.ID, key.Name, results.OwnerName, results.RepoName),
  190. })
  191. return
  192. }
  193. results.KeyName = deployKey.Name
  194. // FIXME: Deploy keys aren't really the owner of the repo pushing changes
  195. // however we don't have good way of representing deploy keys in hook.go
  196. // so for now use the owner of the repository
  197. results.UserName = results.OwnerName
  198. results.UserID = repo.OwnerID
  199. } else {
  200. // Get the user represented by the Key
  201. var err error
  202. user, err = models.GetUserByID(key.OwnerID)
  203. if err != nil {
  204. if models.IsErrUserNotExist(err) {
  205. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  206. "results": results,
  207. "type": "ErrUserNotExist",
  208. "err": fmt.Sprintf("Public Key: %d:%s owner %d does not exist.", key.ID, key.Name, key.OwnerID),
  209. })
  210. return
  211. }
  212. log.Error("Unable to get owner: %d for public key: %d:%s Error: %v", key.OwnerID, key.ID, key.Name, err)
  213. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  214. "results": results,
  215. "type": "InternalServerError",
  216. "err": fmt.Sprintf("Unable to get Owner: %d for Deploy Key: %d:%s in %s/%s.", key.OwnerID, key.ID, key.Name, ownerName, repoName),
  217. })
  218. return
  219. }
  220. results.UserName = user.Name
  221. }
  222. // Don't allow pushing if the repo is archived
  223. if repoExist && mode > models.AccessModeRead && repo.IsArchived {
  224. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  225. "results": results,
  226. "type": "ErrRepoIsArchived",
  227. "err": fmt.Sprintf("Repo: %s/%s is archived.", results.OwnerName, results.RepoName),
  228. })
  229. return
  230. }
  231. // Permissions checking:
  232. if repoExist && (mode > models.AccessModeRead || repo.IsPrivate || setting.Service.RequireSignInView) {
  233. if key.Type == models.KeyTypeDeploy {
  234. if deployKey.Mode < mode {
  235. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  236. "results": results,
  237. "type": "ErrUnauthorized",
  238. "err": fmt.Sprintf("Deploy Key: %d:%s is not authorized to %s %s/%s.", key.ID, key.Name, modeString, results.OwnerName, results.RepoName),
  239. })
  240. return
  241. }
  242. } else {
  243. perm, err := models.GetUserRepoPermission(repo, user)
  244. if err != nil {
  245. log.Error("Unable to get permissions for %-v with key %d in %-v Error: %v", user, key.ID, repo, err)
  246. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  247. "results": results,
  248. "type": "InternalServerError",
  249. "err": fmt.Sprintf("Unable to get permissions for user %d:%s with key %d in %s/%s Error: %v", user.ID, user.Name, key.ID, results.OwnerName, results.RepoName, err),
  250. })
  251. return
  252. }
  253. userMode := perm.UnitAccessMode(unitType)
  254. if userMode < mode {
  255. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  256. "results": results,
  257. "type": "ErrUnauthorized",
  258. "err": fmt.Sprintf("User: %d:%s with Key: %d:%s is not authorized to %s %s/%s.", user.ID, user.Name, key.ID, key.Name, modeString, ownerName, repoName),
  259. })
  260. return
  261. }
  262. }
  263. }
  264. // We already know we aren't using a deploy key
  265. if !repoExist {
  266. owner, err := models.GetUserByName(ownerName)
  267. if err != nil {
  268. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  269. "results": results,
  270. "type": "InternalServerError",
  271. "err": fmt.Sprintf("Unable to get owner: %s %v", results.OwnerName, err),
  272. })
  273. return
  274. }
  275. if owner.IsOrganization() && !setting.Repository.EnablePushCreateOrg {
  276. ctx.JSON(http.StatusForbidden, map[string]interface{}{
  277. "results": results,
  278. "type": "ErrForbidden",
  279. "err": "Push to create is not enabled for organizations.",
  280. })
  281. return
  282. }
  283. if !owner.IsOrganization() && !setting.Repository.EnablePushCreateUser {
  284. ctx.JSON(http.StatusForbidden, map[string]interface{}{
  285. "results": results,
  286. "type": "ErrForbidden",
  287. "err": "Push to create is not enabled for users.",
  288. })
  289. return
  290. }
  291. repo, err = repo_service.PushCreateRepo(user, owner, results.RepoName)
  292. if err != nil {
  293. log.Error("pushCreateRepo: %v", err)
  294. ctx.JSON(http.StatusNotFound, map[string]interface{}{
  295. "results": results,
  296. "type": "ErrRepoNotExist",
  297. "err": fmt.Sprintf("Cannot find repository: %s/%s", results.OwnerName, results.RepoName),
  298. })
  299. return
  300. }
  301. results.RepoID = repo.ID
  302. }
  303. if results.IsWiki {
  304. // Ensure the wiki is enabled before we allow access to it
  305. if _, err := repo.GetUnit(models.UnitTypeWiki); err != nil {
  306. if models.IsErrUnitTypeNotExist(err) {
  307. ctx.JSON(http.StatusForbidden, map[string]interface{}{
  308. "results": results,
  309. "type": "ErrForbidden",
  310. "err": "repository wiki is disabled",
  311. })
  312. return
  313. }
  314. log.Error("Failed to get the wiki unit in %-v Error: %v", repo, err)
  315. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  316. "results": results,
  317. "type": "InternalServerError",
  318. "err": fmt.Sprintf("Failed to get the wiki unit in %s/%s Error: %v", ownerName, repoName, err),
  319. })
  320. return
  321. }
  322. // Finally if we're trying to touch the wiki we should init it
  323. if err = wiki_service.InitWiki(repo); err != nil {
  324. log.Error("Failed to initialize the wiki in %-v Error: %v", repo, err)
  325. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  326. "results": results,
  327. "type": "InternalServerError",
  328. "err": fmt.Sprintf("Failed to initialize the wiki in %s/%s Error: %v", ownerName, repoName, err),
  329. })
  330. return
  331. }
  332. }
  333. log.Debug("Serv Results:\nIsWiki: %t\nIsDeployKey: %t\nKeyID: %d\tKeyName: %s\nUserName: %s\nUserID: %d\nOwnerName: %s\nRepoName: %s\nRepoID: %d",
  334. results.IsWiki,
  335. results.IsDeployKey,
  336. results.KeyID,
  337. results.KeyName,
  338. results.UserName,
  339. results.UserID,
  340. results.OwnerName,
  341. results.RepoName,
  342. results.RepoID)
  343. ctx.JSON(http.StatusOK, results)
  344. // We will update the keys in a different call.
  345. }