You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

293 lines
9.8 KiB

  1. // Copyright 2019 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. // Package private includes all internal routes. The package name internal is ideal but Golang is not allowed, so we use private as package name instead.
  5. package private
  6. import (
  7. "fmt"
  8. "net/http"
  9. "strings"
  10. "code.gitea.io/gitea/models"
  11. "code.gitea.io/gitea/modules/log"
  12. "code.gitea.io/gitea/modules/private"
  13. "code.gitea.io/gitea/modules/setting"
  14. "gitea.com/macaron/macaron"
  15. )
  16. // ServNoCommand returns information about the provided keyid
  17. func ServNoCommand(ctx *macaron.Context) {
  18. keyID := ctx.ParamsInt64(":keyid")
  19. if keyID <= 0 {
  20. ctx.JSON(http.StatusBadRequest, map[string]interface{}{
  21. "err": fmt.Sprintf("Bad key id: %d", keyID),
  22. })
  23. }
  24. results := private.KeyAndOwner{}
  25. key, err := models.GetPublicKeyByID(keyID)
  26. if err != nil {
  27. if models.IsErrKeyNotExist(err) {
  28. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  29. "err": fmt.Sprintf("Cannot find key: %d", keyID),
  30. })
  31. return
  32. }
  33. log.Error("Unable to get public key: %d Error: %v", keyID, err)
  34. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  35. "err": err.Error(),
  36. })
  37. return
  38. }
  39. results.Key = key
  40. if key.Type == models.KeyTypeUser {
  41. user, err := models.GetUserByID(key.OwnerID)
  42. if err != nil {
  43. if models.IsErrUserNotExist(err) {
  44. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  45. "err": fmt.Sprintf("Cannot find owner with id: %d for key: %d", key.OwnerID, keyID),
  46. })
  47. return
  48. }
  49. log.Error("Unable to get owner with id: %d for public key: %d Error: %v", key.OwnerID, keyID, err)
  50. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  51. "err": err.Error(),
  52. })
  53. return
  54. }
  55. results.Owner = user
  56. }
  57. ctx.JSON(http.StatusOK, &results)
  58. }
  59. // ServCommand returns information about the provided keyid
  60. func ServCommand(ctx *macaron.Context) {
  61. // Although we provide the verbs we don't need them at present they're just for logging purposes
  62. keyID := ctx.ParamsInt64(":keyid")
  63. ownerName := ctx.Params(":owner")
  64. repoName := ctx.Params(":repo")
  65. mode := models.AccessMode(ctx.QueryInt("mode"))
  66. // Set the basic parts of the results to return
  67. results := private.ServCommandResults{
  68. RepoName: repoName,
  69. OwnerName: ownerName,
  70. KeyID: keyID,
  71. }
  72. // Now because we're not translating things properly let's just default some Engish strings here
  73. modeString := "read"
  74. if mode > models.AccessModeRead {
  75. modeString = "write to"
  76. }
  77. // The default unit we're trying to look at is code
  78. unitType := models.UnitTypeCode
  79. // Unless we're a wiki...
  80. if strings.HasSuffix(repoName, ".wiki") {
  81. // in which case we need to look at the wiki
  82. unitType = models.UnitTypeWiki
  83. // And we'd better munge the reponame and tell downstream we're looking at a wiki
  84. results.IsWiki = true
  85. results.RepoName = repoName[:len(repoName)-5]
  86. }
  87. // Now get the Repository and set the results section
  88. repo, err := models.GetRepositoryByOwnerAndName(results.OwnerName, results.RepoName)
  89. if err != nil {
  90. if models.IsErrRepoNotExist(err) {
  91. ctx.JSON(http.StatusNotFound, map[string]interface{}{
  92. "results": results,
  93. "type": "ErrRepoNotExist",
  94. "err": fmt.Sprintf("Cannot find repository %s/%s", results.OwnerName, results.RepoName),
  95. })
  96. return
  97. }
  98. log.Error("Unable to get repository: %s/%s Error: %v", results.OwnerName, results.RepoName, err)
  99. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  100. "results": results,
  101. "type": "InternalServerError",
  102. "err": fmt.Sprintf("Unable to get repository: %s/%s %v", results.OwnerName, results.RepoName, err),
  103. })
  104. return
  105. }
  106. repo.OwnerName = ownerName
  107. results.RepoID = repo.ID
  108. if repo.IsBeingCreated() {
  109. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  110. "results": results,
  111. "type": "InternalServerError",
  112. "err": "Repository is being created, you could retry after it finished",
  113. })
  114. return
  115. }
  116. // We can shortcut at this point if the repo is a mirror
  117. if mode > models.AccessModeRead && repo.IsMirror {
  118. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  119. "results": results,
  120. "type": "ErrMirrorReadOnly",
  121. "err": fmt.Sprintf("Mirror Repository %s/%s is read-only", results.OwnerName, results.RepoName),
  122. })
  123. return
  124. }
  125. // Get the Public Key represented by the keyID
  126. key, err := models.GetPublicKeyByID(keyID)
  127. if err != nil {
  128. if models.IsErrKeyNotExist(err) {
  129. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  130. "results": results,
  131. "type": "ErrKeyNotExist",
  132. "err": fmt.Sprintf("Cannot find key: %d", keyID),
  133. })
  134. return
  135. }
  136. log.Error("Unable to get public key: %d Error: %v", keyID, err)
  137. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  138. "results": results,
  139. "type": "InternalServerError",
  140. "err": fmt.Sprintf("Unable to get key: %d Error: %v", keyID, err),
  141. })
  142. return
  143. }
  144. results.KeyName = key.Name
  145. results.KeyID = key.ID
  146. results.UserID = key.OwnerID
  147. // Deploy Keys have ownerID set to 0 therefore we can't use the owner
  148. // So now we need to check if the key is a deploy key
  149. // We'll keep hold of the deploy key here for permissions checking
  150. var deployKey *models.DeployKey
  151. var user *models.User
  152. if key.Type == models.KeyTypeDeploy {
  153. results.IsDeployKey = true
  154. var err error
  155. deployKey, err = models.GetDeployKeyByRepo(key.ID, repo.ID)
  156. if err != nil {
  157. if models.IsErrDeployKeyNotExist(err) {
  158. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  159. "results": results,
  160. "type": "ErrDeployKeyNotExist",
  161. "err": fmt.Sprintf("Public (Deploy) Key: %d:%s is not authorized to %s %s/%s.", key.ID, key.Name, modeString, results.OwnerName, results.RepoName),
  162. })
  163. return
  164. }
  165. log.Error("Unable to get deploy for public (deploy) key: %d in %-v Error: %v", key.ID, repo, err)
  166. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  167. "results": results,
  168. "type": "InternalServerError",
  169. "err": fmt.Sprintf("Unable to get Deploy Key for Public Key: %d:%s in %s/%s.", key.ID, key.Name, results.OwnerName, results.RepoName),
  170. })
  171. return
  172. }
  173. results.KeyName = deployKey.Name
  174. // FIXME: Deploy keys aren't really the owner of the repo pushing changes
  175. // however we don't have good way of representing deploy keys in hook.go
  176. // so for now use the owner of the repository
  177. results.UserName = results.OwnerName
  178. results.UserID = repo.OwnerID
  179. } else {
  180. // Get the user represented by the Key
  181. var err error
  182. user, err = models.GetUserByID(key.OwnerID)
  183. if err != nil {
  184. if models.IsErrUserNotExist(err) {
  185. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  186. "results": results,
  187. "type": "ErrUserNotExist",
  188. "err": fmt.Sprintf("Public Key: %d:%s owner %d does not exist.", key.ID, key.Name, key.OwnerID),
  189. })
  190. return
  191. }
  192. log.Error("Unable to get owner: %d for public key: %d:%s Error: %v", key.OwnerID, key.ID, key.Name, err)
  193. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  194. "results": results,
  195. "type": "InternalServerError",
  196. "err": fmt.Sprintf("Unable to get Owner: %d for Deploy Key: %d:%s in %s/%s.", key.OwnerID, key.ID, key.Name, ownerName, repoName),
  197. })
  198. return
  199. }
  200. results.UserName = user.Name
  201. }
  202. // Don't allow pushing if the repo is archived
  203. if mode > models.AccessModeRead && repo.IsArchived {
  204. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  205. "results": results,
  206. "type": "ErrRepoIsArchived",
  207. "err": fmt.Sprintf("Repo: %s/%s is archived.", results.OwnerName, results.RepoName),
  208. })
  209. return
  210. }
  211. // Permissions checking:
  212. if mode > models.AccessModeRead || repo.IsPrivate || setting.Service.RequireSignInView {
  213. if key.Type == models.KeyTypeDeploy {
  214. if deployKey.Mode < mode {
  215. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  216. "results": results,
  217. "type": "ErrUnauthorized",
  218. "err": fmt.Sprintf("Deploy Key: %d:%s is not authorized to %s %s/%s.", key.ID, key.Name, modeString, results.OwnerName, results.RepoName),
  219. })
  220. return
  221. }
  222. } else {
  223. perm, err := models.GetUserRepoPermission(repo, user)
  224. if err != nil {
  225. log.Error("Unable to get permissions for %-v with key %d in %-v Error: %v", user, key.ID, repo, err)
  226. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  227. "results": results,
  228. "type": "InternalServerError",
  229. "err": fmt.Sprintf("Unable to get permissions for user %d:%s with key %d in %s/%s Error: %v", user.ID, user.Name, key.ID, results.OwnerName, results.RepoName, err),
  230. })
  231. return
  232. }
  233. userMode := perm.UnitAccessMode(unitType)
  234. if userMode < mode {
  235. ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
  236. "results": results,
  237. "type": "ErrUnauthorized",
  238. "err": fmt.Sprintf("User: %d:%s with Key: %d:%s is not authorized to %s %s/%s.", user.ID, user.Name, key.ID, key.Name, modeString, ownerName, repoName),
  239. })
  240. return
  241. }
  242. }
  243. }
  244. // Finally if we're trying to touch the wiki we should init it
  245. if results.IsWiki {
  246. if err = repo.InitWiki(); err != nil {
  247. log.Error("Failed to initialize the wiki in %-v Error: %v", repo, err)
  248. ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
  249. "results": results,
  250. "type": "InternalServerError",
  251. "err": fmt.Sprintf("Failed to initialize the wiki in %s/%s Error: %v", ownerName, repoName, err),
  252. })
  253. return
  254. }
  255. }
  256. log.Debug("Serv Results:\nIsWiki: %t\nIsDeployKey: %t\nKeyID: %d\tKeyName: %s\nUserName: %s\nUserID: %d\nOwnerName: %s\nRepoName: %s\nRepoID: %d",
  257. results.IsWiki,
  258. results.IsDeployKey,
  259. results.KeyID,
  260. results.KeyName,
  261. results.UserName,
  262. results.UserID,
  263. results.OwnerName,
  264. results.RepoName,
  265. results.RepoID)
  266. ctx.JSON(http.StatusOK, results)
  267. // We will update the keys in a different call.
  268. }