Merge remote-tracking branch 'origin/main' into forgejo-federation
This commit is contained in:
commit
a86a11f874
|
@ -230,6 +230,10 @@ services:
|
|||
MINIO_ACCESS_KEY: 123456
|
||||
MINIO_SECRET_KEY: 12345678
|
||||
|
||||
- name: smtpimap
|
||||
image: tabascoterrier/docker-imap-devel:latest
|
||||
pull: always
|
||||
|
||||
steps:
|
||||
- name: fetch-tags
|
||||
image: docker:git
|
||||
|
|
|
@ -76,13 +76,14 @@ linters-settings:
|
|||
extra-rules: true
|
||||
lang-version: "1.19"
|
||||
depguard:
|
||||
# TODO: use depguard to replace import checks in gitea-vet
|
||||
list-type: denylist
|
||||
# Check the list against standard lib.
|
||||
include-go-root: true
|
||||
packages-with-error-message:
|
||||
- encoding/json: "use gitea's modules/json instead of encoding/json"
|
||||
- github.com/unknwon/com: "use gitea's util and replacements"
|
||||
- io/ioutil: "use os or io instead"
|
||||
- golang.org/x/exp: "it's experimental and unreliable."
|
||||
|
||||
issues:
|
||||
max-issues-per-linter: 0
|
||||
|
|
13
Makefile
13
Makefile
|
@ -751,16 +751,16 @@ $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
|
|||
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
|
||||
|
||||
.PHONY: release
|
||||
release: frontend generate release-windows release-linux release-darwin release-copy release-compress vendor release-sources release-docs release-check
|
||||
release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check
|
||||
|
||||
$(DIST_DIRS):
|
||||
mkdir -p $(DIST_DIRS)
|
||||
|
||||
.PHONY: release-windows
|
||||
release-windows: | $(DIST_DIRS)
|
||||
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
|
||||
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
|
||||
ifeq (,$(findstring gogit,$(TAGS)))
|
||||
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
|
||||
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
|
||||
endif
|
||||
ifeq ($(CI),true)
|
||||
cp /build/* $(DIST)/binaries
|
||||
|
@ -780,6 +780,13 @@ ifeq ($(CI),true)
|
|||
cp /build/* $(DIST)/binaries
|
||||
endif
|
||||
|
||||
.PHONY: release-freebsd
|
||||
release-freebsd: | $(DIST_DIRS)
|
||||
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
|
||||
ifeq ($(CI),true)
|
||||
cp /build/* $(DIST)/binaries
|
||||
endif
|
||||
|
||||
.PHONY: release-copy
|
||||
release-copy: | $(DIST_DIRS)
|
||||
cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done;
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -32,11 +32,15 @@ func needsUpdate(dir, filename string) (bool, []byte) {
|
|||
|
||||
hasher := sha1.New()
|
||||
|
||||
err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
|
||||
err = filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, _ = hasher.Write([]byte(info.Name()))
|
||||
info, err := d.Info()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, _ = hasher.Write([]byte(d.Name()))
|
||||
_, _ = hasher.Write([]byte(info.ModTime().String()))
|
||||
_, _ = hasher.Write([]byte(strconv.FormatInt(info.Size(), 16)))
|
||||
return nil
|
||||
|
|
|
@ -950,7 +950,7 @@ func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
|
|||
if c.IsSet("auth-type") {
|
||||
conf.Auth = c.String("auth-type")
|
||||
validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
|
||||
if !contains(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
|
||||
if !util.SliceContainsString(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
|
||||
return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")
|
||||
}
|
||||
conf.Auth = c.String("auth-type")
|
||||
|
|
11
cmd/dump.go
11
cmd/dump.go
|
@ -409,15 +409,6 @@ func runDump(ctx *cli.Context) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func contains(slice []string, s string) bool {
|
||||
for _, v := range slice {
|
||||
if v == s {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// addRecursiveExclude zips absPath to specified insidePath inside writer excluding excludeAbsPath
|
||||
func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeAbsPath []string, verbose bool) error {
|
||||
absPath, err := filepath.Abs(absPath)
|
||||
|
@ -438,7 +429,7 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
|
|||
currentAbsPath := path.Join(absPath, file.Name())
|
||||
currentInsidePath := path.Join(insidePath, file.Name())
|
||||
if file.IsDir() {
|
||||
if !contains(excludeAbsPath, currentAbsPath) {
|
||||
if !util.SliceContainsString(excludeAbsPath, currentAbsPath) {
|
||||
if err := addFile(w, currentInsidePath, currentAbsPath, false); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -1664,6 +1664,47 @@ ROUTER = console
|
|||
;; convert \r\n to \n for Sendmail
|
||||
;SENDMAIL_CONVERT_CRLF = true
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;[email.incoming]
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;;
|
||||
;; Enable handling of incoming emails.
|
||||
;ENABLED = false
|
||||
;;
|
||||
;; The email address including the %{token} placeholder that will be replaced per user/action.
|
||||
;; Example: incoming+%{token}@example.com
|
||||
;; The placeholder must appear in the user part of the address (before the @).
|
||||
;REPLY_TO_ADDRESS =
|
||||
;;
|
||||
;; IMAP server host
|
||||
;HOST =
|
||||
;;
|
||||
;; IMAP server port
|
||||
;PORT =
|
||||
;;
|
||||
;; Username of the receiving account
|
||||
;USERNAME =
|
||||
;;
|
||||
;; Password of the receiving account
|
||||
;PASSWORD =
|
||||
;;
|
||||
;; Whether the IMAP server uses TLS.
|
||||
;USE_TLS = false
|
||||
;;
|
||||
;; If set to true, completely ignores server certificate validation errors. This option is unsafe.
|
||||
;SKIP_TLS_VERIFY = true
|
||||
;;
|
||||
;; The mailbox name where incoming mail will end up.
|
||||
;MAILBOX = INBOX
|
||||
;;
|
||||
;; Whether handled messages should be deleted from the mailbox.
|
||||
;DELETE_HANDLED_MESSAGE = true
|
||||
;;
|
||||
;; Maximum size of a message to handle. Bigger messages are ignored. Set to 0 to allow every size.
|
||||
;MAXIMUM_MESSAGE_SIZE = 10485760
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;[cache]
|
||||
|
@ -2172,6 +2213,28 @@ ROUTER = console
|
|||
;SCHEDULE = @every 168h
|
||||
;OLDER_THAN = 8760h
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;; Garbage collect LFS pointers in repositories
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;[cron.gc_lfs]
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;ENABLED = false
|
||||
;; Garbage collect LFS pointers in repositories (default false)
|
||||
;RUN_AT_START = false
|
||||
;; Interval as a duration between each gc run (default every 24h)
|
||||
;SCHEDULE = @every 24h
|
||||
;; Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
|
||||
;OLDER_THAN = 168h
|
||||
;; Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
|
||||
;LAST_UPDATED_MORE_THAN_AGO = 72h
|
||||
; Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
|
||||
;NUMBER_TO_CHECK_PER_REPO = 100
|
||||
;Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
|
||||
;PROPORTION_TO_CHECK_PER_REPO = 0.6
|
||||
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;; Git Operation timeout in seconds
|
||||
|
|
|
@ -750,6 +750,20 @@ and
|
|||
- `SEND_BUFFER_LEN`: **100**: Buffer length of mailing queue. **DEPRECATED** use `LENGTH` in `[queue.mailer]`
|
||||
- `SEND_AS_PLAIN_TEXT`: **false**: Send mails only in plain text, without HTML alternative.
|
||||
|
||||
## Incoming Email (`email.incoming`)
|
||||
|
||||
- `ENABLED`: **false**: Enable handling of incoming emails.
|
||||
- `REPLY_TO_ADDRESS`: **\<empty\>**: The email address including the `%{token}` placeholder that will be replaced per user/action. Example: `incoming+%{token}@example.com`. The placeholder must appear in the user part of the address (before the `@`).
|
||||
- `HOST`: **\<empty\>**: IMAP server host.
|
||||
- `PORT`: **\<empty\>**: IMAP server port.
|
||||
- `USERNAME`: **\<empty\>**: Username of the receiving account.
|
||||
- `PASSWORD`: **\<empty\>**: Password of the receiving account.
|
||||
- `USE_TLS`: **false**: Whether the IMAP server uses TLS.
|
||||
- `SKIP_TLS_VERIFY`: **false**: If set to `true`, completely ignores server certificate validation errors. This option is unsafe.
|
||||
- `MAILBOX`: **INBOX**: The mailbox name where incoming mail will end up.
|
||||
- `DELETE_HANDLED_MESSAGE`: **true**: Whether handled messages should be deleted from the mailbox.
|
||||
- `MAXIMUM_MESSAGE_SIZE`: **10485760**: Maximum size of a message to handle. Bigger messages are ignored. Set to 0 to allow every size.
|
||||
|
||||
## Cache (`cache`)
|
||||
|
||||
- `ENABLED`: **true**: Enable the cache.
|
||||
|
@ -1025,6 +1039,16 @@ Default templates for project boards:
|
|||
- `SCHEDULE`: **@every 168h**: Cron syntax to set how often to check.
|
||||
- `OLDER_THAN`: **@every 8760h**: any system notice older than this expression will be deleted from database.
|
||||
|
||||
#### Cron - Garbage collect LFS pointers in repositories ('cron.gc_lfs')
|
||||
|
||||
- `ENABLED`: **false**: Enable service.
|
||||
- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
|
||||
- `SCHEDULE`: **@every 24h**: Cron syntax to set how often to check.
|
||||
- `OLDER_THAN`: **168h**: Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
|
||||
- `LAST_UPDATED_MORE_THAN_AGO`: **72h**: Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
|
||||
- `NUMBER_TO_CHECK_PER_REPO`: **100**: Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
|
||||
- `PROPORTION_TO_CHECK_PER_REPO`: **0.6**: Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
|
||||
|
||||
## Git (`git`)
|
||||
|
||||
- `PATH`: **""**: The path of Git executable. If empty, Gitea searches through the PATH environment.
|
||||
|
@ -1048,7 +1072,7 @@ Default templates for project boards:
|
|||
|
||||
## Git - Timeout settings (`git.timeout`)
|
||||
|
||||
- `DEFAUlT`: **360**: Git operations default timeout seconds.
|
||||
- `DEFAULT`: **360**: Git operations default timeout seconds.
|
||||
- `MIGRATE`: **600**: Migrate external repositories timeout seconds.
|
||||
- `MIRROR`: **300**: Mirror external repositories timeout seconds.
|
||||
- `CLONE`: **300**: Git clone from internal repositories timeout seconds.
|
||||
|
|
|
@ -192,5 +192,5 @@ And so you could write some CSS:
|
|||
Add your stylesheet to your custom directory e.g `custom/public/css/my-style-XXXXX.css` and import it using a custom header file `custom/templates/custom/header.tmpl`:
|
||||
|
||||
```html
|
||||
<link type="text/css" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
|
||||
<link rel="stylesheet" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
|
||||
```
|
||||
|
|
|
@ -106,7 +106,7 @@ _Symbols used in table:_
|
|||
| Issue search | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
|
||||
| Global issue search | [/](https://github.com/go-gitea/gitea/issues/2434) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
|
||||
| Issue dependency | ✓ | ✘ | ✘ | ✘ | ✘ | ✘ | ✘ |
|
||||
| Create issue via email | [✘](https://github.com/go-gitea/gitea/issues/6226) | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ |
|
||||
| Create issue via email | [✘](https://github.com/go-gitea/gitea/issues/6226) | ✘ | ✘ | ✓ | ✓ | ✓ | ✘ |
|
||||
| Service Desk | [✘](https://github.com/go-gitea/gitea/issues/6219) | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
|
||||
|
||||
## Pull/Merge requests
|
||||
|
|
|
@ -92,7 +92,7 @@ _表格中的符号含义:_
|
|||
| 工单搜索 | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
|
||||
| 工单全局搜索 | [✘](https://github.com/go-gitea/gitea/issues/2434) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
|
||||
| 工单依赖关系 | ✓ | ✘ | ✘ | ✘ | ✘ | ✘ | ✘ |
|
||||
| 通过 Email 创建工单 | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘ | ✘ | ✓ | ✓ | ✘ |
|
||||
| 通过 Email 创建工单 | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘ | ✓ | ✓ | ✓ | ✘ |
|
||||
| 服务台 | [✘](https://github.com/go-gitea/gitea/issues/6219) | ✘ | ✘ | [✓](https://gitlab.com/groups/gitlab-org/-/epics/3103) | ✓ | ✘ | ✘ |
|
||||
|
||||
#### Pull/Merge requests
|
||||
|
|
|
@ -93,7 +93,7 @@ menu:
|
|||
| 問題搜尋 | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
|
||||
| 全域問題搜尋 | [✘](https://github.com/go-gitea/gitea/issues/2434) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
|
||||
| 問題相依 | ✓ | ✘ | ✘ | ✘ | ✘ | ✘ | ✘ |
|
||||
| 從電子郵件建立問題 | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘ | ✘ | ✓ | ✓ | ✘ |
|
||||
| 從電子郵件建立問題 | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘ | ✓ | ✓ | ✓ | ✘ |
|
||||
| 服務台 | [✘](https://github.com/go-gitea/gitea/issues/6219) | ✘ | ✘ | [✓](https://gitlab.com/groups/gitlab-org/-/epics/3103) | ✓ | ✘ | ✘ |
|
||||
|
||||
## 拉取/合併請求
|
||||
|
|
|
@ -55,7 +55,7 @@ and shows a link to the repository on the package site (as well as a link to the
|
|||
|
||||
| Package owner type | User | Organization |
|
||||
|--------------------|------|--------------|
|
||||
| **read** access | public, if user is public too; otherwise for this user only | public, if org is public, otherwise org members only |
|
||||
| **read** access | public, if user is public too; otherwise for this user only | public, if org is public, otherwise for org members only |
|
||||
| **write** access | owner only | org members with admin or write access to the org |
|
||||
|
||||
N.B.: These access restrictions are [subject to change](https://github.com/go-gitea/gitea/issues/19270), where more finegrained control will be added via a dedicated organization team permission.
|
||||
|
@ -83,7 +83,7 @@ To download a package from your repository:
|
|||
|
||||
## Delete a package
|
||||
|
||||
You cannot edit a package after you published it in the Package Registry. Instead, you
|
||||
You cannot edit a package after you have published it in the Package Registry. Instead, you
|
||||
must delete and recreate it.
|
||||
|
||||
To delete a package from your repository:
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
date: "2022-12-01T00:00:00+00:00"
|
||||
title: "Incoming Email"
|
||||
slug: "incoming-email"
|
||||
draft: false
|
||||
toc: false
|
||||
menu:
|
||||
sidebar:
|
||||
parent: "usage"
|
||||
name: "Incoming Email"
|
||||
weight: 13
|
||||
identifier: "incoming-email"
|
||||
---
|
||||
|
||||
# Incoming Email
|
||||
|
||||
Gitea supports the execution of several actions through incoming mails. This page describes how to set this up.
|
||||
|
||||
**Table of Contents**
|
||||
|
||||
{{< toc >}}
|
||||
|
||||
## Requirements
|
||||
|
||||
Handling incoming email messages requires an IMAP-enabled email account.
|
||||
The recommended strategy is to use [email sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) but a catch-all mailbox does work too.
|
||||
The receiving email address contains a user/action specific token which tells Gitea which action should be performed.
|
||||
This token is expected in the `To` and `Delivered-To` header fields.
|
||||
|
||||
Gitea tries to detect automatic responses to skip and the email server should be configured to reduce the incoming noise too (spam, newsletter).
|
||||
|
||||
## Configuration
|
||||
|
||||
To activate the handling of incoming email messages you have to configure the `email.incoming` section in the configuration file.
|
||||
|
||||
The `REPLY_TO_ADDRESS` contains the address an email client will respond to.
|
||||
This address needs to contain the `%{token}` placeholder which will be replaced with a token describing the user/action.
|
||||
This placeholder must only appear once in the address and must be in the user part of the address (before the `@`).
|
||||
|
||||
An example using email sub-addressing may look like this: `incoming+%{token}@example.com`
|
||||
|
||||
If a catch-all mailbox is used, the placeholder may be used anywhere in the user part of the address: `incoming+%{token}@example.com`, `incoming_%{token}@example.com`, `%{token}@example.com`
|
||||
|
||||
## Security
|
||||
|
||||
Be careful when choosing the domain used for receiving incoming email.
|
||||
It's recommended receiving incoming email on a subdomain, such as `incoming.example.com` to prevent potential security problems with other services running on `example.com`.
|
162
go.mod
162
go.mod
|
@ -9,98 +9,101 @@ require (
|
|||
gitea.com/go-chi/binding v0.0.0-20221013104517-b29891619681
|
||||
gitea.com/go-chi/cache v0.2.0
|
||||
gitea.com/go-chi/captcha v0.0.0-20211013065431-70641c1a35d5
|
||||
gitea.com/go-chi/session v0.0.0-20211218221615-e3605d8b28b8
|
||||
gitea.com/go-chi/session v0.0.0-20221220005550-e056dc379164
|
||||
gitea.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
|
||||
gitea.com/lunny/levelqueue v0.4.2-0.20220729054728-f020868cc2f7
|
||||
github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
|
||||
github.com/NYTimes/gziphandler v1.1.1
|
||||
github.com/PuerkitoBio/goquery v1.8.0
|
||||
github.com/alecthomas/chroma/v2 v2.4.0
|
||||
github.com/blevesearch/bleve/v2 v2.3.5
|
||||
github.com/blevesearch/bleve/v2 v2.3.6
|
||||
github.com/buildkite/terminal-to-html/v3 v3.7.0
|
||||
github.com/caddyserver/certmagic v0.17.2
|
||||
github.com/chi-middleware/proxy v1.1.1
|
||||
github.com/denisenkom/go-mssqldb v0.12.2
|
||||
github.com/dimiro1/reply v0.0.0-20200315094148-d0136a4c9e21
|
||||
github.com/djherbis/buffer v1.2.0
|
||||
github.com/djherbis/nio/v3 v3.0.1
|
||||
github.com/duo-labs/webauthn v0.0.0-20220815211337-00c9fb5711f5
|
||||
github.com/dustin/go-humanize v1.0.0
|
||||
github.com/editorconfig/editorconfig-core-go/v2 v2.4.5
|
||||
github.com/editorconfig/editorconfig-core-go/v2 v2.5.1
|
||||
github.com/emersion/go-imap v1.2.1
|
||||
github.com/emirpasic/gods v1.18.1
|
||||
github.com/ethantkoenig/rupture v1.0.1
|
||||
github.com/felixge/fgprof v0.9.3
|
||||
github.com/fsnotify/fsnotify v1.5.4
|
||||
github.com/fsnotify/fsnotify v1.6.0
|
||||
github.com/gliderlabs/ssh v0.3.5
|
||||
github.com/go-ap/activitypub v0.0.0-20220917143152-e4e7018838c0
|
||||
github.com/go-ap/activitypub v0.0.0-20221209114049-1ceafda50f9f
|
||||
github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73
|
||||
github.com/go-chi/chi/v5 v5.0.8
|
||||
github.com/go-chi/cors v1.2.1
|
||||
github.com/go-enry/go-enry/v2 v2.8.3
|
||||
github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e
|
||||
github.com/go-git/go-billy/v5 v5.3.1
|
||||
github.com/go-git/go-git/v5 v5.4.3-0.20220529141257-bc1f419cebcf
|
||||
github.com/go-git/go-billy/v5 v5.4.0
|
||||
github.com/go-git/go-git/v5 v5.5.2
|
||||
github.com/go-ldap/ldap/v3 v3.4.4
|
||||
github.com/go-redis/redis/v8 v8.11.5
|
||||
github.com/go-sql-driver/mysql v1.6.0
|
||||
github.com/go-sql-driver/mysql v1.7.0
|
||||
github.com/go-swagger/go-swagger v0.30.3
|
||||
github.com/go-testfixtures/testfixtures/v3 v3.8.1
|
||||
github.com/go-webauthn/webauthn v0.6.0
|
||||
github.com/gobwas/glob v0.2.3
|
||||
github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
|
||||
github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14
|
||||
github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
|
||||
github.com/golang-jwt/jwt/v4 v4.4.2
|
||||
github.com/golang-jwt/jwt/v4 v4.4.3
|
||||
github.com/google/go-github/v45 v45.2.0
|
||||
github.com/google/pprof v0.0.0-20220829040838-70bd9ae97f40
|
||||
github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b
|
||||
github.com/google/uuid v1.3.0
|
||||
github.com/gorilla/feeds v1.1.1
|
||||
github.com/gorilla/sessions v1.2.1
|
||||
github.com/hashicorp/go-version v1.6.0
|
||||
github.com/hashicorp/golang-lru v0.5.4
|
||||
github.com/huandu/xstrings v1.3.2
|
||||
github.com/hashicorp/golang-lru v0.6.0
|
||||
github.com/huandu/xstrings v1.4.0
|
||||
github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba
|
||||
github.com/jhillyerd/enmime v0.10.1
|
||||
github.com/json-iterator/go v1.1.12
|
||||
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
|
||||
github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
|
||||
github.com/klauspost/compress v1.15.11
|
||||
github.com/klauspost/cpuid/v2 v2.1.1
|
||||
github.com/klauspost/compress v1.15.14
|
||||
github.com/klauspost/cpuid/v2 v2.2.3
|
||||
github.com/lib/pq v1.10.7
|
||||
github.com/markbates/goth v1.73.0
|
||||
github.com/mattn/go-isatty v0.0.16
|
||||
github.com/mattn/go-sqlite3 v1.14.15
|
||||
github.com/markbates/goth v1.76.0
|
||||
github.com/mattn/go-isatty v0.0.17
|
||||
github.com/mattn/go-sqlite3 v1.14.16
|
||||
github.com/mholt/archiver/v3 v3.5.1
|
||||
github.com/microcosm-cc/bluemonday v1.0.20
|
||||
github.com/minio/minio-go/v7 v7.0.39
|
||||
github.com/microcosm-cc/bluemonday v1.0.21
|
||||
github.com/minio/minio-go/v7 v7.0.46
|
||||
github.com/msteinert/pam v1.1.0
|
||||
github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
|
||||
github.com/niklasfasching/go-org v1.6.5
|
||||
github.com/oliamb/cutter v0.2.2
|
||||
github.com/olivere/elastic/v7 v7.0.32
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/pquerna/otp v1.3.0
|
||||
github.com/prometheus/client_golang v1.13.0
|
||||
github.com/pquerna/otp v1.4.0
|
||||
github.com/prometheus/client_golang v1.14.0
|
||||
github.com/quasoft/websspi v1.1.2
|
||||
github.com/santhosh-tekuri/jsonschema/v5 v5.0.1
|
||||
github.com/santhosh-tekuri/jsonschema/v5 v5.1.1
|
||||
github.com/sergi/go-diff v1.2.0
|
||||
github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546
|
||||
github.com/stretchr/testify v1.8.0
|
||||
github.com/stretchr/testify v1.8.1
|
||||
github.com/syndtr/goleveldb v1.0.0
|
||||
github.com/tstranex/u2f v1.0.0
|
||||
github.com/unrolled/render v1.5.0
|
||||
github.com/urfave/cli v1.22.10
|
||||
github.com/valyala/fastjson v1.6.3
|
||||
github.com/xanzy/go-gitlab v0.73.1
|
||||
github.com/valyala/fastjson v1.6.4
|
||||
github.com/xanzy/go-gitlab v0.78.0
|
||||
github.com/xeipuuv/gojsonschema v1.2.0
|
||||
github.com/yohcop/openid-go v1.0.0
|
||||
github.com/yuin/goldmark v1.5.2
|
||||
github.com/yuin/goldmark v1.5.3
|
||||
github.com/yuin/goldmark-highlighting/v2 v2.0.0-20220924101305-151362477c87
|
||||
github.com/yuin/goldmark-meta v1.1.0
|
||||
go.jolheiser.com/hcaptcha v0.0.4
|
||||
go.jolheiser.com/pwn v0.0.3
|
||||
golang.org/x/crypto v0.2.1-0.20221112162523-6fad3dfc1891
|
||||
golang.org/x/net v0.2.0
|
||||
golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1
|
||||
golang.org/x/sys v0.2.0
|
||||
golang.org/x/text v0.4.0
|
||||
golang.org/x/crypto v0.4.0
|
||||
golang.org/x/net v0.4.0
|
||||
golang.org/x/oauth2 v0.3.0
|
||||
golang.org/x/sys v0.3.0
|
||||
golang.org/x/text v0.5.0
|
||||
golang.org/x/tools v0.1.12
|
||||
gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
|
||||
gopkg.in/ini.v1 v1.67.0
|
||||
|
@ -114,12 +117,12 @@ require (
|
|||
require (
|
||||
cloud.google.com/go/compute v1.7.0 // indirect
|
||||
git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
|
||||
github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect
|
||||
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
|
||||
github.com/Masterminds/goutils v1.1.1 // indirect
|
||||
github.com/Masterminds/semver/v3 v3.1.1 // indirect
|
||||
github.com/Masterminds/sprig/v3 v3.2.2 // indirect
|
||||
github.com/Microsoft/go-winio v0.6.0 // indirect
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad // indirect
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20230109192245-7efeeb08f296 // indirect
|
||||
github.com/RoaringBitmap/roaring v1.2.1 // indirect
|
||||
github.com/acomagu/bufpipe v1.0.3 // indirect
|
||||
github.com/andybalholm/brotli v1.0.4 // indirect
|
||||
|
@ -128,33 +131,27 @@ require (
|
|||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
|
||||
github.com/aymerick/douceur v0.2.0 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/bgentry/speakeasy v0.1.0 // indirect
|
||||
github.com/bits-and-blooms/bitset v1.3.3 // indirect
|
||||
github.com/blevesearch/bleve_index_api v1.0.4 // indirect
|
||||
github.com/blevesearch/geo v0.1.15 // indirect
|
||||
github.com/blevesearch/bleve_index_api v1.0.5 // indirect
|
||||
github.com/blevesearch/geo v0.1.16 // indirect
|
||||
github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
|
||||
github.com/blevesearch/gtreap v0.1.1 // indirect
|
||||
github.com/blevesearch/mmap-go v1.0.4 // indirect
|
||||
github.com/blevesearch/scorch_segment_api/v2 v2.1.3 // indirect
|
||||
github.com/blevesearch/segment v0.9.0 // indirect
|
||||
github.com/blevesearch/scorch_segment_api/v2 v2.1.4 // indirect
|
||||
github.com/blevesearch/segment v0.9.1 // indirect
|
||||
github.com/blevesearch/snowballstem v0.9.0 // indirect
|
||||
github.com/blevesearch/upsidedown_store_api v1.0.1 // indirect
|
||||
github.com/blevesearch/upsidedown_store_api v1.0.2 // indirect
|
||||
github.com/blevesearch/vellum v1.0.9 // indirect
|
||||
github.com/blevesearch/zapx/v11 v11.3.6 // indirect
|
||||
github.com/blevesearch/zapx/v12 v12.3.6 // indirect
|
||||
github.com/blevesearch/zapx/v13 v13.3.6 // indirect
|
||||
github.com/blevesearch/zapx/v14 v14.3.6 // indirect
|
||||
github.com/blevesearch/zapx/v15 v15.3.6 // indirect
|
||||
github.com/blevesearch/zapx/v11 v11.3.7 // indirect
|
||||
github.com/blevesearch/zapx/v12 v12.3.7 // indirect
|
||||
github.com/blevesearch/zapx/v13 v13.3.7 // indirect
|
||||
github.com/blevesearch/zapx/v14 v14.3.7 // indirect
|
||||
github.com/blevesearch/zapx/v15 v15.3.8 // indirect
|
||||
github.com/boombuler/barcode v1.0.1 // indirect
|
||||
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b // indirect
|
||||
github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect
|
||||
github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
|
||||
github.com/cespare/xxhash/v2 v2.1.2 // indirect
|
||||
github.com/cloudflare/cfssl v1.6.1 // indirect
|
||||
github.com/cloudflare/circl v1.2.0 // indirect
|
||||
github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect
|
||||
github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 // indirect
|
||||
github.com/coreos/go-semver v0.3.0 // indirect
|
||||
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
|
||||
github.com/couchbase/go-couchbase v0.0.0-20210224140812-5740cd35f448 // indirect
|
||||
github.com/couchbase/gomemcached v0.1.2 // indirect
|
||||
github.com/couchbase/goutils v0.0.0-20210118111533-e33d3ffb5401 // indirect
|
||||
|
@ -163,13 +160,10 @@ require (
|
|||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
||||
github.com/dlclark/regexp2 v1.7.0 // indirect
|
||||
github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
|
||||
github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 // indirect
|
||||
github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect
|
||||
github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21 // indirect
|
||||
github.com/felixge/httpsnoop v1.0.3 // indirect
|
||||
github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
|
||||
github.com/fullstorydev/grpcurl v1.8.1 // indirect
|
||||
github.com/fxamacker/cbor/v2 v2.4.0 // indirect
|
||||
github.com/go-ap/errors v0.0.0-20221115052505-8aaa26f930b4 // indirect
|
||||
github.com/go-ap/errors v0.0.0-20221205040414-01c1adfc98ea // indirect
|
||||
github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
|
||||
github.com/go-enry/go-oniguruma v1.2.1 // indirect
|
||||
github.com/go-git/gcfg v1.5.0 // indirect
|
||||
|
@ -184,35 +178,27 @@ require (
|
|||
github.com/go-openapi/strfmt v0.21.3 // indirect
|
||||
github.com/go-openapi/swag v0.22.3 // indirect
|
||||
github.com/go-openapi/validate v0.22.0 // indirect
|
||||
github.com/go-webauthn/revoke v0.1.6 // indirect
|
||||
github.com/goccy/go-json v0.10.0 // indirect
|
||||
github.com/gogo/protobuf v1.3.2 // indirect
|
||||
github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
|
||||
github.com/golang-sql/sqlexp v0.1.0 // indirect
|
||||
github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||
github.com/golang/mock v1.6.0 // indirect
|
||||
github.com/golang/protobuf v1.5.2 // indirect
|
||||
github.com/golang/snappy v0.0.4 // indirect
|
||||
github.com/google/btree v1.0.1 // indirect
|
||||
github.com/google/certificate-transparency-go v1.1.2-0.20210511102531-373a877eec92 // indirect
|
||||
github.com/google/go-querystring v1.1.0 // indirect
|
||||
github.com/google/go-tpm v0.3.3 // indirect
|
||||
github.com/gorilla/css v1.0.0 // indirect
|
||||
github.com/gorilla/handlers v1.5.1 // indirect
|
||||
github.com/gorilla/mux v1.8.0 // indirect
|
||||
github.com/gorilla/securecookie v1.1.1 // indirect
|
||||
github.com/gorilla/websocket v1.4.2 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
|
||||
github.com/hashicorp/errwrap v1.0.0 // indirect
|
||||
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
|
||||
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
|
||||
github.com/hashicorp/go-multierror v1.1.1 // indirect
|
||||
github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
|
||||
github.com/hashicorp/hcl v1.0.0 // indirect
|
||||
github.com/imdario/mergo v0.3.13 // indirect
|
||||
github.com/inconshreveable/mousetrap v1.0.0 // indirect
|
||||
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
|
||||
github.com/jessevdk/go-flags v1.5.0 // indirect
|
||||
github.com/jhump/protoreflect v1.8.2 // indirect
|
||||
github.com/jonboulle/clockwork v0.2.2 // indirect
|
||||
github.com/josharian/intern v1.0.0 // indirect
|
||||
github.com/kevinburke/ssh_config v1.2.0 // indirect
|
||||
github.com/klauspost/pgzip v1.2.5 // indirect
|
||||
|
@ -241,62 +227,46 @@ require (
|
|||
github.com/pelletier/go-toml v1.9.5 // indirect
|
||||
github.com/pelletier/go-toml/v2 v2.0.1 // indirect
|
||||
github.com/pierrec/lz4/v4 v4.1.17 // indirect
|
||||
github.com/pjbgf/sha1cd v0.2.3 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/prometheus/client_model v0.2.0 // indirect
|
||||
github.com/prometheus/client_model v0.3.0 // indirect
|
||||
github.com/prometheus/common v0.37.0 // indirect
|
||||
github.com/prometheus/procfs v0.8.0 // indirect
|
||||
github.com/rivo/uniseg v0.4.2 // indirect
|
||||
github.com/rivo/uniseg v0.4.3 // indirect
|
||||
github.com/rogpeppe/go-internal v1.9.0 // indirect
|
||||
github.com/rs/xid v1.4.0 // indirect
|
||||
github.com/russross/blackfriday/v2 v2.1.0 // indirect
|
||||
github.com/shopspring/decimal v1.2.0 // indirect
|
||||
github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749 // indirect
|
||||
github.com/sirupsen/logrus v1.9.0 // indirect
|
||||
github.com/soheilhy/cmux v0.1.5 // indirect
|
||||
github.com/skeema/knownhosts v1.1.0 // indirect
|
||||
github.com/spf13/afero v1.8.2 // indirect
|
||||
github.com/spf13/cast v1.5.0 // indirect
|
||||
github.com/spf13/cobra v1.5.0 // indirect
|
||||
github.com/spf13/jwalterweatherman v1.1.0 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
github.com/spf13/viper v1.12.0 // indirect
|
||||
github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
|
||||
github.com/subosito/gotenv v1.3.0 // indirect
|
||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
|
||||
github.com/toqueteos/webbrowser v1.2.0 // indirect
|
||||
github.com/ulikunitz/xz v0.5.10 // indirect
|
||||
github.com/ulikunitz/xz v0.5.11 // indirect
|
||||
github.com/unknwon/com v1.0.1 // indirect
|
||||
github.com/x448/float16 v0.8.4 // indirect
|
||||
github.com/xanzy/ssh-agent v0.3.2 // indirect
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
|
||||
github.com/xanzy/ssh-agent v0.3.3 // indirect
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
|
||||
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
|
||||
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
|
||||
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
|
||||
go.etcd.io/bbolt v1.3.6 // indirect
|
||||
go.etcd.io/etcd/api/v3 v3.5.4 // indirect
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.4 // indirect
|
||||
go.etcd.io/etcd/client/v2 v2.305.4 // indirect
|
||||
go.etcd.io/etcd/client/v3 v3.5.4 // indirect
|
||||
go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 // indirect
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0 // indirect
|
||||
go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0 // indirect
|
||||
go.etcd.io/etcd/server/v3 v3.5.0-alpha.0 // indirect
|
||||
go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0 // indirect
|
||||
go.etcd.io/etcd/v3 v3.5.0-alpha.0 // indirect
|
||||
go.mongodb.org/mongo-driver v1.10.1 // indirect
|
||||
go.uber.org/atomic v1.10.0 // indirect
|
||||
go.uber.org/multierr v1.8.0 // indirect
|
||||
go.uber.org/zap v1.23.0 // indirect
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
|
||||
golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
|
||||
go.uber.org/multierr v1.9.0 // indirect
|
||||
go.uber.org/zap v1.24.0 // indirect
|
||||
golang.org/x/mod v0.7.0 // indirect
|
||||
golang.org/x/time v0.3.0 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 // indirect
|
||||
google.golang.org/grpc v1.47.0 // indirect
|
||||
google.golang.org/protobuf v1.28.1 // indirect
|
||||
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
|
||||
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
|
||||
gopkg.in/warnings.v0 v0.1.2 // indirect
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
sigs.k8s.io/yaml v1.2.0 // indirect
|
||||
)
|
||||
|
||||
replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1
|
||||
|
|
|
@ -409,14 +409,14 @@ func SynchronizePublicKeys(usr *user_model.User, s *auth.Source, sshPublicKeys [
|
|||
sshKeySplit := strings.Split(v, " ")
|
||||
if len(sshKeySplit) > 1 {
|
||||
key := strings.Join(sshKeySplit[:2], " ")
|
||||
if !util.ExistsInSlice(key, providedKeys) {
|
||||
if !util.SliceContainsString(providedKeys, key) {
|
||||
providedKeys = append(providedKeys, key)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Check if Public Key sync is needed
|
||||
if util.IsEqualSlice(giteaKeys, providedKeys) {
|
||||
if util.SliceSortedEqual(giteaKeys, providedKeys) {
|
||||
log.Trace("synchronizePublicKeys[%s]: Public Keys are already in sync for %s (Source:%v/DB:%v)", s.Name, usr.Name, len(providedKeys), len(giteaKeys))
|
||||
return false
|
||||
}
|
||||
|
@ -425,7 +425,7 @@ func SynchronizePublicKeys(usr *user_model.User, s *auth.Source, sshPublicKeys [
|
|||
// Add new Public SSH Keys that doesn't already exist in DB
|
||||
var newKeys []string
|
||||
for _, key := range providedKeys {
|
||||
if !util.ExistsInSlice(key, giteaKeys) {
|
||||
if !util.SliceContainsString(giteaKeys, key) {
|
||||
newKeys = append(newKeys, key)
|
||||
}
|
||||
}
|
||||
|
@ -436,7 +436,7 @@ func SynchronizePublicKeys(usr *user_model.User, s *auth.Source, sshPublicKeys [
|
|||
// Mark keys from DB that no longer exist in the source for deletion
|
||||
var giteaKeysToDelete []string
|
||||
for _, giteaKey := range giteaKeys {
|
||||
if !util.ExistsInSlice(giteaKey, providedKeys) {
|
||||
if !util.SliceContainsString(providedKeys, giteaKey) {
|
||||
log.Trace("synchronizePublicKeys[%s]: Marking Public SSH Key for deletion for user %s: %v", s.Name, usr.Name, giteaKey)
|
||||
giteaKeysToDelete = append(giteaKeysToDelete, giteaKey)
|
||||
}
|
||||
|
|
|
@ -69,13 +69,13 @@ func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
|
|||
if ip != nil && ip.IsLoopback() {
|
||||
// strip port
|
||||
uri.Host = uri.Hostname()
|
||||
if util.IsStringInSlice(uri.String(), app.RedirectURIs, true) {
|
||||
if util.SliceContainsString(app.RedirectURIs, uri.String(), true) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return util.IsStringInSlice(redirectURI, app.RedirectURIs, true)
|
||||
return util.SliceContainsString(app.RedirectURIs, redirectURI, true)
|
||||
}
|
||||
|
||||
// Base32 characters, but lowercased.
|
||||
|
|
|
@ -12,7 +12,7 @@ import (
|
|||
"code.gitea.io/gitea/modules/timeutil"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
|
||||
"github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ import (
|
|||
auth_model "code.gitea.io/gitea/models/auth"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
|
||||
"github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
fork_id: 0
|
||||
is_template: false
|
||||
template_id: 0
|
||||
size: 0
|
||||
size: 6708
|
||||
is_fsck_enabled: true
|
||||
close_issues_via_commit_in_any_branch: false
|
||||
|
||||
|
|
|
@ -6,428 +6,15 @@ package git
|
|||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/organization"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/base"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/timeutil"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
|
||||
"github.com/gobwas/glob"
|
||||
)
|
||||
|
||||
// ProtectedBranch struct
|
||||
type ProtectedBranch struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
RepoID int64 `xorm:"UNIQUE(s)"`
|
||||
BranchName string `xorm:"UNIQUE(s)"`
|
||||
CanPush bool `xorm:"NOT NULL DEFAULT false"`
|
||||
EnableWhitelist bool
|
||||
WhitelistUserIDs []int64 `xorm:"JSON TEXT"`
|
||||
WhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
|
||||
EnableMergeWhitelist bool `xorm:"NOT NULL DEFAULT false"`
|
||||
WhitelistDeployKeys bool `xorm:"NOT NULL DEFAULT false"`
|
||||
MergeWhitelistUserIDs []int64 `xorm:"JSON TEXT"`
|
||||
MergeWhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
|
||||
EnableStatusCheck bool `xorm:"NOT NULL DEFAULT false"`
|
||||
StatusCheckContexts []string `xorm:"JSON TEXT"`
|
||||
EnableApprovalsWhitelist bool `xorm:"NOT NULL DEFAULT false"`
|
||||
ApprovalsWhitelistUserIDs []int64 `xorm:"JSON TEXT"`
|
||||
ApprovalsWhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
|
||||
RequiredApprovals int64 `xorm:"NOT NULL DEFAULT 0"`
|
||||
BlockOnRejectedReviews bool `xorm:"NOT NULL DEFAULT false"`
|
||||
BlockOnOfficialReviewRequests bool `xorm:"NOT NULL DEFAULT false"`
|
||||
BlockOnOutdatedBranch bool `xorm:"NOT NULL DEFAULT false"`
|
||||
DismissStaleApprovals bool `xorm:"NOT NULL DEFAULT false"`
|
||||
RequireSignedCommits bool `xorm:"NOT NULL DEFAULT false"`
|
||||
ProtectedFilePatterns string `xorm:"TEXT"`
|
||||
UnprotectedFilePatterns string `xorm:"TEXT"`
|
||||
|
||||
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
||||
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
|
||||
}
|
||||
|
||||
func init() {
|
||||
db.RegisterModel(new(ProtectedBranch))
|
||||
db.RegisterModel(new(DeletedBranch))
|
||||
db.RegisterModel(new(RenamedBranch))
|
||||
}
|
||||
|
||||
// IsProtected returns if the branch is protected
|
||||
func (protectBranch *ProtectedBranch) IsProtected() bool {
|
||||
return protectBranch.ID > 0
|
||||
}
|
||||
|
||||
// CanUserPush returns if some user could push to this protected branch
|
||||
func (protectBranch *ProtectedBranch) CanUserPush(ctx context.Context, userID int64) bool {
|
||||
if !protectBranch.CanPush {
|
||||
return false
|
||||
}
|
||||
|
||||
if !protectBranch.EnableWhitelist {
|
||||
if user, err := user_model.GetUserByID(ctx, userID); err != nil {
|
||||
log.Error("GetUserByID: %v", err)
|
||||
return false
|
||||
} else if repo, err := repo_model.GetRepositoryByID(ctx, protectBranch.RepoID); err != nil {
|
||||
log.Error("repo_model.GetRepositoryByID: %v", err)
|
||||
return false
|
||||
} else if writeAccess, err := access_model.HasAccessUnit(ctx, user, repo, unit.TypeCode, perm.AccessModeWrite); err != nil {
|
||||
log.Error("HasAccessUnit: %v", err)
|
||||
return false
|
||||
} else {
|
||||
return writeAccess
|
||||
}
|
||||
}
|
||||
|
||||
if base.Int64sContains(protectBranch.WhitelistUserIDs, userID) {
|
||||
return true
|
||||
}
|
||||
|
||||
if len(protectBranch.WhitelistTeamIDs) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
in, err := organization.IsUserInTeams(ctx, userID, protectBranch.WhitelistTeamIDs)
|
||||
if err != nil {
|
||||
log.Error("IsUserInTeams: %v", err)
|
||||
return false
|
||||
}
|
||||
return in
|
||||
}
|
||||
|
||||
// IsUserMergeWhitelisted checks if some user is whitelisted to merge to this branch
|
||||
func IsUserMergeWhitelisted(ctx context.Context, protectBranch *ProtectedBranch, userID int64, permissionInRepo access_model.Permission) bool {
|
||||
if !protectBranch.EnableMergeWhitelist {
|
||||
// Then we need to fall back on whether the user has write permission
|
||||
return permissionInRepo.CanWrite(unit.TypeCode)
|
||||
}
|
||||
|
||||
if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) {
|
||||
return true
|
||||
}
|
||||
|
||||
if len(protectBranch.MergeWhitelistTeamIDs) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
in, err := organization.IsUserInTeams(ctx, userID, protectBranch.MergeWhitelistTeamIDs)
|
||||
if err != nil {
|
||||
log.Error("IsUserInTeams: %v", err)
|
||||
return false
|
||||
}
|
||||
return in
|
||||
}
|
||||
|
||||
// IsUserOfficialReviewer check if user is official reviewer for the branch (counts towards required approvals)
|
||||
func IsUserOfficialReviewer(ctx context.Context, protectBranch *ProtectedBranch, user *user_model.User) (bool, error) {
|
||||
repo, err := repo_model.GetRepositoryByID(ctx, protectBranch.RepoID)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
if !protectBranch.EnableApprovalsWhitelist {
|
||||
// Anyone with write access is considered official reviewer
|
||||
writeAccess, err := access_model.HasAccessUnit(ctx, user, repo, unit.TypeCode, perm.AccessModeWrite)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return writeAccess, nil
|
||||
}
|
||||
|
||||
if base.Int64sContains(protectBranch.ApprovalsWhitelistUserIDs, user.ID) {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
inTeam, err := organization.IsUserInTeams(ctx, user.ID, protectBranch.ApprovalsWhitelistTeamIDs)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
return inTeam, nil
|
||||
}
|
||||
|
||||
// GetProtectedFilePatterns parses a semicolon separated list of protected file patterns and returns a glob.Glob slice
|
||||
func (protectBranch *ProtectedBranch) GetProtectedFilePatterns() []glob.Glob {
|
||||
return getFilePatterns(protectBranch.ProtectedFilePatterns)
|
||||
}
|
||||
|
||||
// GetUnprotectedFilePatterns parses a semicolon separated list of unprotected file patterns and returns a glob.Glob slice
|
||||
func (protectBranch *ProtectedBranch) GetUnprotectedFilePatterns() []glob.Glob {
|
||||
return getFilePatterns(protectBranch.UnprotectedFilePatterns)
|
||||
}
|
||||
|
||||
func getFilePatterns(filePatterns string) []glob.Glob {
|
||||
extarr := make([]glob.Glob, 0, 10)
|
||||
for _, expr := range strings.Split(strings.ToLower(filePatterns), ";") {
|
||||
expr = strings.TrimSpace(expr)
|
||||
if expr != "" {
|
||||
if g, err := glob.Compile(expr, '.', '/'); err != nil {
|
||||
log.Info("Invalid glob expression '%s' (skipped): %v", expr, err)
|
||||
} else {
|
||||
extarr = append(extarr, g)
|
||||
}
|
||||
}
|
||||
}
|
||||
return extarr
|
||||
}
|
||||
|
||||
// MergeBlockedByProtectedFiles returns true if merge is blocked by protected files change
|
||||
func (protectBranch *ProtectedBranch) MergeBlockedByProtectedFiles(changedProtectedFiles []string) bool {
|
||||
glob := protectBranch.GetProtectedFilePatterns()
|
||||
if len(glob) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
return len(changedProtectedFiles) > 0
|
||||
}
|
||||
|
||||
// IsProtectedFile return if path is protected
|
||||
func (protectBranch *ProtectedBranch) IsProtectedFile(patterns []glob.Glob, path string) bool {
|
||||
if len(patterns) == 0 {
|
||||
patterns = protectBranch.GetProtectedFilePatterns()
|
||||
if len(patterns) == 0 {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
lpath := strings.ToLower(strings.TrimSpace(path))
|
||||
|
||||
r := false
|
||||
for _, pat := range patterns {
|
||||
if pat.Match(lpath) {
|
||||
r = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return r
|
||||
}
|
||||
|
||||
// IsUnprotectedFile return if path is unprotected
|
||||
func (protectBranch *ProtectedBranch) IsUnprotectedFile(patterns []glob.Glob, path string) bool {
|
||||
if len(patterns) == 0 {
|
||||
patterns = protectBranch.GetUnprotectedFilePatterns()
|
||||
if len(patterns) == 0 {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
lpath := strings.ToLower(strings.TrimSpace(path))
|
||||
|
||||
r := false
|
||||
for _, pat := range patterns {
|
||||
if pat.Match(lpath) {
|
||||
r = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return r
|
||||
}
|
||||
|
||||
// GetProtectedBranchBy getting protected branch by ID/Name
|
||||
func GetProtectedBranchBy(ctx context.Context, repoID int64, branchName string) (*ProtectedBranch, error) {
|
||||
rel := &ProtectedBranch{RepoID: repoID, BranchName: branchName}
|
||||
has, err := db.GetByBean(ctx, rel)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if !has {
|
||||
return nil, nil
|
||||
}
|
||||
return rel, nil
|
||||
}
|
||||
|
||||
// WhitelistOptions represent all sorts of whitelists used for protected branches
|
||||
type WhitelistOptions struct {
|
||||
UserIDs []int64
|
||||
TeamIDs []int64
|
||||
|
||||
MergeUserIDs []int64
|
||||
MergeTeamIDs []int64
|
||||
|
||||
ApprovalsUserIDs []int64
|
||||
ApprovalsTeamIDs []int64
|
||||
}
|
||||
|
||||
// UpdateProtectBranch saves branch protection options of repository.
|
||||
// If ID is 0, it creates a new record. Otherwise, updates existing record.
|
||||
// This function also performs check if whitelist user and team's IDs have been changed
|
||||
// to avoid unnecessary whitelist delete and regenerate.
|
||||
func UpdateProtectBranch(ctx context.Context, repo *repo_model.Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {
|
||||
if err = repo.GetOwner(ctx); err != nil {
|
||||
return fmt.Errorf("GetOwner: %w", err)
|
||||
}
|
||||
|
||||
whitelist, err := updateUserWhitelist(ctx, repo, protectBranch.WhitelistUserIDs, opts.UserIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.WhitelistUserIDs = whitelist
|
||||
|
||||
whitelist, err = updateUserWhitelist(ctx, repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.MergeWhitelistUserIDs = whitelist
|
||||
|
||||
whitelist, err = updateApprovalWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.ApprovalsWhitelistUserIDs = whitelist
|
||||
|
||||
// if the repo is in an organization
|
||||
whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.WhitelistTeamIDs = whitelist
|
||||
|
||||
whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.MergeWhitelistTeamIDs = whitelist
|
||||
|
||||
whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.ApprovalsWhitelistTeamIDs = whitelist
|
||||
|
||||
// Make sure protectBranch.ID is not 0 for whitelists
|
||||
if protectBranch.ID == 0 {
|
||||
if _, err = db.GetEngine(ctx).Insert(protectBranch); err != nil {
|
||||
return fmt.Errorf("Insert: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
if _, err = db.GetEngine(ctx).ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {
|
||||
return fmt.Errorf("Update: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetProtectedBranches get all protected branches
|
||||
func GetProtectedBranches(ctx context.Context, repoID int64) ([]*ProtectedBranch, error) {
|
||||
protectedBranches := make([]*ProtectedBranch, 0)
|
||||
return protectedBranches, db.GetEngine(ctx).Find(&protectedBranches, &ProtectedBranch{RepoID: repoID})
|
||||
}
|
||||
|
||||
// IsProtectedBranch checks if branch is protected
|
||||
func IsProtectedBranch(ctx context.Context, repoID int64, branchName string) (bool, error) {
|
||||
protectedBranch := &ProtectedBranch{
|
||||
RepoID: repoID,
|
||||
BranchName: branchName,
|
||||
}
|
||||
|
||||
has, err := db.GetEngine(ctx).Exist(protectedBranch)
|
||||
if err != nil {
|
||||
return true, err
|
||||
}
|
||||
return has, nil
|
||||
}
|
||||
|
||||
// updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with
|
||||
// the users from newWhitelist which have explicit read or write access to the repo.
|
||||
func updateApprovalWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
||||
hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
|
||||
if !hasUsersChanged {
|
||||
return currentWhitelist, nil
|
||||
}
|
||||
|
||||
whitelist = make([]int64, 0, len(newWhitelist))
|
||||
for _, userID := range newWhitelist {
|
||||
if reader, err := access_model.IsRepoReader(ctx, repo, userID); err != nil {
|
||||
return nil, err
|
||||
} else if !reader {
|
||||
continue
|
||||
}
|
||||
whitelist = append(whitelist, userID)
|
||||
}
|
||||
|
||||
return whitelist, err
|
||||
}
|
||||
|
||||
// updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with
|
||||
// the users from newWhitelist which have write access to the repo.
|
||||
func updateUserWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
||||
hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
|
||||
if !hasUsersChanged {
|
||||
return currentWhitelist, nil
|
||||
}
|
||||
|
||||
whitelist = make([]int64, 0, len(newWhitelist))
|
||||
for _, userID := range newWhitelist {
|
||||
user, err := user_model.GetUserByID(ctx, userID)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("GetUserByID [user_id: %d, repo_id: %d]: %w", userID, repo.ID, err)
|
||||
}
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, repo, user)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("GetUserRepoPermission [user_id: %d, repo_id: %d]: %w", userID, repo.ID, err)
|
||||
}
|
||||
|
||||
if !perm.CanWrite(unit.TypeCode) {
|
||||
continue // Drop invalid user ID
|
||||
}
|
||||
|
||||
whitelist = append(whitelist, userID)
|
||||
}
|
||||
|
||||
return whitelist, err
|
||||
}
|
||||
|
||||
// updateTeamWhitelist checks whether the team whitelist changed and returns a whitelist with
|
||||
// the teams from newWhitelist which have write access to the repo.
|
||||
func updateTeamWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
||||
hasTeamsChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
|
||||
if !hasTeamsChanged {
|
||||
return currentWhitelist, nil
|
||||
}
|
||||
|
||||
teams, err := organization.GetTeamsWithAccessToRepo(ctx, repo.OwnerID, repo.ID, perm.AccessModeRead)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %w", repo.OwnerID, repo.ID, err)
|
||||
}
|
||||
|
||||
whitelist = make([]int64, 0, len(teams))
|
||||
for i := range teams {
|
||||
if util.IsInt64InSlice(teams[i].ID, newWhitelist) {
|
||||
whitelist = append(whitelist, teams[i].ID)
|
||||
}
|
||||
}
|
||||
|
||||
return whitelist, err
|
||||
}
|
||||
|
||||
// DeleteProtectedBranch removes ProtectedBranch relation between the user and repository.
|
||||
func DeleteProtectedBranch(ctx context.Context, repoID, id int64) (err error) {
|
||||
protectedBranch := &ProtectedBranch{
|
||||
RepoID: repoID,
|
||||
ID: id,
|
||||
}
|
||||
|
||||
if affected, err := db.GetEngine(ctx).Delete(protectedBranch); err != nil {
|
||||
return err
|
||||
} else if affected != 1 {
|
||||
return fmt.Errorf("delete protected branch ID(%v) failed", id)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeletedBranch struct
|
||||
type DeletedBranch struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
|
@ -439,6 +26,11 @@ type DeletedBranch struct {
|
|||
DeletedUnix timeutil.TimeStamp `xorm:"INDEX created"`
|
||||
}
|
||||
|
||||
func init() {
|
||||
db.RegisterModel(new(DeletedBranch))
|
||||
db.RegisterModel(new(RenamedBranch))
|
||||
}
|
||||
|
||||
// AddDeletedBranch adds a deleted branch to the database
|
||||
func AddDeletedBranch(ctx context.Context, repoID int64, branchName, commit string, deletedByID int64) error {
|
||||
deletedBranch := &DeletedBranch{
|
||||
|
@ -556,17 +148,25 @@ func RenameBranch(ctx context.Context, repo *repo_model.Repository, from, to str
|
|||
}
|
||||
|
||||
// 2. Update protected branch if needed
|
||||
protectedBranch, err := GetProtectedBranchBy(ctx, repo.ID, from)
|
||||
protectedBranch, err := GetProtectedBranchRuleByName(ctx, repo.ID, from)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if protectedBranch != nil {
|
||||
protectedBranch.BranchName = to
|
||||
protectedBranch.RuleName = to
|
||||
_, err = sess.ID(protectedBranch.ID).Cols("branch_name").Update(protectedBranch)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
protected, err := IsBranchProtected(ctx, repo.ID, from)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if protected {
|
||||
return ErrBranchIsProtected
|
||||
}
|
||||
}
|
||||
|
||||
// 3. Update all not merged pull request base branch name
|
||||
|
|
|
@ -105,8 +105,8 @@ func TestRenameBranch(t *testing.T) {
|
|||
defer committer.Close()
|
||||
assert.NoError(t, err)
|
||||
assert.NoError(t, git_model.UpdateProtectBranch(ctx, repo1, &git_model.ProtectedBranch{
|
||||
RepoID: repo1.ID,
|
||||
BranchName: "master",
|
||||
RepoID: repo1.ID,
|
||||
RuleName: "master",
|
||||
}, git_model.WhitelistOptions{}))
|
||||
assert.NoError(t, committer.Commit())
|
||||
|
||||
|
@ -131,8 +131,8 @@ func TestRenameBranch(t *testing.T) {
|
|||
assert.Equal(t, int64(1), renamedBranch.RepoID)
|
||||
|
||||
unittest.AssertExistsAndLoadBean(t, &git_model.ProtectedBranch{
|
||||
RepoID: repo1.ID,
|
||||
BranchName: "main",
|
||||
RepoID: repo1.ID,
|
||||
RuleName: "main",
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -115,6 +115,7 @@ type LFSMetaObject struct {
|
|||
RepositoryID int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
|
||||
Existing bool `xorm:"-"`
|
||||
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
||||
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
|
||||
}
|
||||
|
||||
func init() {
|
||||
|
@ -334,8 +335,45 @@ func GetRepoLFSSize(ctx context.Context, repoID int64) (int64, error) {
|
|||
return lfsSize, nil
|
||||
}
|
||||
|
||||
// IterateRepositoryIDsWithLFSMetaObjects iterates across the repositories that have LFSMetaObjects
|
||||
func IterateRepositoryIDsWithLFSMetaObjects(ctx context.Context, f func(ctx context.Context, repoID, count int64) error) error {
|
||||
batchSize := setting.Database.IterateBufferSize
|
||||
sess := db.GetEngine(ctx)
|
||||
id := int64(0)
|
||||
type RepositoryCount struct {
|
||||
RepositoryID int64
|
||||
Count int64
|
||||
}
|
||||
for {
|
||||
counts := make([]*RepositoryCount, 0, batchSize)
|
||||
sess.Select("repository_id, COUNT(id) AS count").
|
||||
Table("lfs_meta_object").
|
||||
Where("repository_id > ?", id).
|
||||
GroupBy("repository_id").
|
||||
OrderBy("repository_id ASC")
|
||||
|
||||
if err := sess.Limit(batchSize, 0).Find(&counts); err != nil {
|
||||
return err
|
||||
}
|
||||
if len(counts) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
for _, count := range counts {
|
||||
if err := f(ctx, count.RepositoryID, count.Count); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
id = counts[len(counts)-1].RepositoryID
|
||||
}
|
||||
}
|
||||
|
||||
// IterateLFSMetaObjectsForRepoOptions provides options for IterateLFSMetaObjectsForRepo
|
||||
type IterateLFSMetaObjectsForRepoOptions struct {
|
||||
OlderThan time.Time
|
||||
OlderThan time.Time
|
||||
UpdatedLessRecentlyThan time.Time
|
||||
OrderByUpdated bool
|
||||
LoopFunctionAlwaysUpdates bool
|
||||
}
|
||||
|
||||
// IterateLFSMetaObjectsForRepo provides a iterator for LFSMetaObjects per Repo
|
||||
|
@ -348,28 +386,53 @@ func IterateLFSMetaObjectsForRepo(ctx context.Context, repoID int64, f func(cont
|
|||
LFSMetaObject
|
||||
}
|
||||
|
||||
id := int64(0)
|
||||
|
||||
for {
|
||||
beans := make([]*CountLFSMetaObject, 0, batchSize)
|
||||
// SELECT `lfs_meta_object`.*, COUNT(`l1`.id) as `count` FROM lfs_meta_object INNER JOIN lfs_meta_object AS l1 ON l1.oid = lfs_meta_object.oid WHERE lfs_meta_object.repository_id = ? GROUP BY lfs_meta_object.id
|
||||
sess := engine.Select("`lfs_meta_object`.*, COUNT(`l1`.oid) AS `count`").
|
||||
Join("INNER", "`lfs_meta_object` AS l1", "`lfs_meta_object`.oid = `l1`.oid").
|
||||
Where("`lfs_meta_object`.repository_id = ?", repoID)
|
||||
if !opts.OlderThan.IsZero() {
|
||||
sess.And("`lfs_meta_object`.created_unix < ?", opts.OlderThan)
|
||||
}
|
||||
if !opts.UpdatedLessRecentlyThan.IsZero() {
|
||||
sess.And("`lfs_meta_object`.updated_unix < ?", opts.UpdatedLessRecentlyThan)
|
||||
}
|
||||
sess.GroupBy("`lfs_meta_object`.id")
|
||||
if opts.OrderByUpdated {
|
||||
sess.OrderBy("`lfs_meta_object`.updated_unix ASC")
|
||||
} else {
|
||||
sess.And("`lfs_meta_object`.id > ?", id)
|
||||
sess.OrderBy("`lfs_meta_object`.id ASC")
|
||||
}
|
||||
if err := sess.Limit(batchSize, start).Find(&beans); err != nil {
|
||||
return err
|
||||
}
|
||||
if len(beans) == 0 {
|
||||
return nil
|
||||
}
|
||||
start += len(beans)
|
||||
if !opts.LoopFunctionAlwaysUpdates {
|
||||
start += len(beans)
|
||||
}
|
||||
|
||||
for _, bean := range beans {
|
||||
if err := f(ctx, &bean.LFSMetaObject, bean.Count); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
id = beans[len(beans)-1].ID
|
||||
}
|
||||
}
|
||||
|
||||
// MarkLFSMetaObject updates the updated time for the provided LFSMetaObject
|
||||
func MarkLFSMetaObject(ctx context.Context, id int64) error {
|
||||
obj := &LFSMetaObject{
|
||||
UpdatedUnix: timeutil.TimeStampNow(),
|
||||
}
|
||||
count, err := db.GetEngine(ctx).ID(id).Update(obj)
|
||||
if count != 1 {
|
||||
log.Error("Unexpectedly updated %d LFSMetaObjects with ID: %d", count, id)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -0,0 +1,501 @@
|
|||
// Copyright 2022 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package git
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/organization"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/base"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/timeutil"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
|
||||
"github.com/gobwas/glob"
|
||||
"github.com/gobwas/glob/syntax"
|
||||
)
|
||||
|
||||
var ErrBranchIsProtected = errors.New("branch is protected")
|
||||
|
||||
// ProtectedBranch struct
|
||||
type ProtectedBranch struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
RepoID int64 `xorm:"UNIQUE(s)"`
|
||||
Repo *repo_model.Repository `xorm:"-"`
|
||||
RuleName string `xorm:"'branch_name' UNIQUE(s)"` // a branch name or a glob match to branch name
|
||||
globRule glob.Glob `xorm:"-"`
|
||||
isPlainName bool `xorm:"-"`
|
||||
CanPush bool `xorm:"NOT NULL DEFAULT false"`
|
||||
EnableWhitelist bool
|
||||
WhitelistUserIDs []int64 `xorm:"JSON TEXT"`
|
||||
WhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
|
||||
EnableMergeWhitelist bool `xorm:"NOT NULL DEFAULT false"`
|
||||
WhitelistDeployKeys bool `xorm:"NOT NULL DEFAULT false"`
|
||||
MergeWhitelistUserIDs []int64 `xorm:"JSON TEXT"`
|
||||
MergeWhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
|
||||
EnableStatusCheck bool `xorm:"NOT NULL DEFAULT false"`
|
||||
StatusCheckContexts []string `xorm:"JSON TEXT"`
|
||||
EnableApprovalsWhitelist bool `xorm:"NOT NULL DEFAULT false"`
|
||||
ApprovalsWhitelistUserIDs []int64 `xorm:"JSON TEXT"`
|
||||
ApprovalsWhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
|
||||
RequiredApprovals int64 `xorm:"NOT NULL DEFAULT 0"`
|
||||
BlockOnRejectedReviews bool `xorm:"NOT NULL DEFAULT false"`
|
||||
BlockOnOfficialReviewRequests bool `xorm:"NOT NULL DEFAULT false"`
|
||||
BlockOnOutdatedBranch bool `xorm:"NOT NULL DEFAULT false"`
|
||||
DismissStaleApprovals bool `xorm:"NOT NULL DEFAULT false"`
|
||||
RequireSignedCommits bool `xorm:"NOT NULL DEFAULT false"`
|
||||
ProtectedFilePatterns string `xorm:"TEXT"`
|
||||
UnprotectedFilePatterns string `xorm:"TEXT"`
|
||||
|
||||
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
||||
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
|
||||
}
|
||||
|
||||
func init() {
|
||||
db.RegisterModel(new(ProtectedBranch))
|
||||
}
|
||||
|
||||
// IsRuleNameSpecial return true if it contains special character
|
||||
func IsRuleNameSpecial(ruleName string) bool {
|
||||
for i := 0; i < len(ruleName); i++ {
|
||||
if syntax.Special(ruleName[i]) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (protectBranch *ProtectedBranch) loadGlob() {
|
||||
if protectBranch.globRule == nil {
|
||||
var err error
|
||||
protectBranch.globRule, err = glob.Compile(protectBranch.RuleName, '/')
|
||||
if err != nil {
|
||||
log.Warn("Invalid glob rule for ProtectedBranch[%d]: %s %v", protectBranch.ID, protectBranch.RuleName, err)
|
||||
protectBranch.globRule = glob.MustCompile(glob.QuoteMeta(protectBranch.RuleName), '/')
|
||||
}
|
||||
protectBranch.isPlainName = !IsRuleNameSpecial(protectBranch.RuleName)
|
||||
}
|
||||
}
|
||||
|
||||
// Match tests if branchName matches the rule
|
||||
func (protectBranch *ProtectedBranch) Match(branchName string) bool {
|
||||
protectBranch.loadGlob()
|
||||
if protectBranch.isPlainName {
|
||||
return strings.EqualFold(protectBranch.RuleName, branchName)
|
||||
}
|
||||
|
||||
return protectBranch.globRule.Match(branchName)
|
||||
}
|
||||
|
||||
func (protectBranch *ProtectedBranch) LoadRepo(ctx context.Context) (err error) {
|
||||
if protectBranch.Repo != nil {
|
||||
return nil
|
||||
}
|
||||
protectBranch.Repo, err = repo_model.GetRepositoryByID(ctx, protectBranch.RepoID)
|
||||
return err
|
||||
}
|
||||
|
||||
// CanUserPush returns if some user could push to this protected branch
|
||||
func (protectBranch *ProtectedBranch) CanUserPush(ctx context.Context, user *user_model.User) bool {
|
||||
if !protectBranch.CanPush {
|
||||
return false
|
||||
}
|
||||
|
||||
if !protectBranch.EnableWhitelist {
|
||||
if err := protectBranch.LoadRepo(ctx); err != nil {
|
||||
log.Error("LoadRepo: %v", err)
|
||||
return false
|
||||
}
|
||||
|
||||
writeAccess, err := access_model.HasAccessUnit(ctx, user, protectBranch.Repo, unit.TypeCode, perm.AccessModeWrite)
|
||||
if err != nil {
|
||||
log.Error("HasAccessUnit: %v", err)
|
||||
return false
|
||||
}
|
||||
return writeAccess
|
||||
}
|
||||
|
||||
if base.Int64sContains(protectBranch.WhitelistUserIDs, user.ID) {
|
||||
return true
|
||||
}
|
||||
|
||||
if len(protectBranch.WhitelistTeamIDs) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
in, err := organization.IsUserInTeams(ctx, user.ID, protectBranch.WhitelistTeamIDs)
|
||||
if err != nil {
|
||||
log.Error("IsUserInTeams: %v", err)
|
||||
return false
|
||||
}
|
||||
return in
|
||||
}
|
||||
|
||||
// IsUserMergeWhitelisted checks if some user is whitelisted to merge to this branch
|
||||
func IsUserMergeWhitelisted(ctx context.Context, protectBranch *ProtectedBranch, userID int64, permissionInRepo access_model.Permission) bool {
|
||||
if !protectBranch.EnableMergeWhitelist {
|
||||
// Then we need to fall back on whether the user has write permission
|
||||
return permissionInRepo.CanWrite(unit.TypeCode)
|
||||
}
|
||||
|
||||
if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) {
|
||||
return true
|
||||
}
|
||||
|
||||
if len(protectBranch.MergeWhitelistTeamIDs) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
in, err := organization.IsUserInTeams(ctx, userID, protectBranch.MergeWhitelistTeamIDs)
|
||||
if err != nil {
|
||||
log.Error("IsUserInTeams: %v", err)
|
||||
return false
|
||||
}
|
||||
return in
|
||||
}
|
||||
|
||||
// IsUserOfficialReviewer check if user is official reviewer for the branch (counts towards required approvals)
|
||||
func IsUserOfficialReviewer(ctx context.Context, protectBranch *ProtectedBranch, user *user_model.User) (bool, error) {
|
||||
repo, err := repo_model.GetRepositoryByID(ctx, protectBranch.RepoID)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
if !protectBranch.EnableApprovalsWhitelist {
|
||||
// Anyone with write access is considered official reviewer
|
||||
writeAccess, err := access_model.HasAccessUnit(ctx, user, repo, unit.TypeCode, perm.AccessModeWrite)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return writeAccess, nil
|
||||
}
|
||||
|
||||
if base.Int64sContains(protectBranch.ApprovalsWhitelistUserIDs, user.ID) {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
inTeam, err := organization.IsUserInTeams(ctx, user.ID, protectBranch.ApprovalsWhitelistTeamIDs)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
return inTeam, nil
|
||||
}
|
||||
|
||||
// GetProtectedFilePatterns parses a semicolon separated list of protected file patterns and returns a glob.Glob slice
|
||||
func (protectBranch *ProtectedBranch) GetProtectedFilePatterns() []glob.Glob {
|
||||
return getFilePatterns(protectBranch.ProtectedFilePatterns)
|
||||
}
|
||||
|
||||
// GetUnprotectedFilePatterns parses a semicolon separated list of unprotected file patterns and returns a glob.Glob slice
|
||||
func (protectBranch *ProtectedBranch) GetUnprotectedFilePatterns() []glob.Glob {
|
||||
return getFilePatterns(protectBranch.UnprotectedFilePatterns)
|
||||
}
|
||||
|
||||
func getFilePatterns(filePatterns string) []glob.Glob {
|
||||
extarr := make([]glob.Glob, 0, 10)
|
||||
for _, expr := range strings.Split(strings.ToLower(filePatterns), ";") {
|
||||
expr = strings.TrimSpace(expr)
|
||||
if expr != "" {
|
||||
if g, err := glob.Compile(expr, '.', '/'); err != nil {
|
||||
log.Info("Invalid glob expression '%s' (skipped): %v", expr, err)
|
||||
} else {
|
||||
extarr = append(extarr, g)
|
||||
}
|
||||
}
|
||||
}
|
||||
return extarr
|
||||
}
|
||||
|
||||
// MergeBlockedByProtectedFiles returns true if merge is blocked by protected files change
|
||||
func (protectBranch *ProtectedBranch) MergeBlockedByProtectedFiles(changedProtectedFiles []string) bool {
|
||||
glob := protectBranch.GetProtectedFilePatterns()
|
||||
if len(glob) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
return len(changedProtectedFiles) > 0
|
||||
}
|
||||
|
||||
// IsProtectedFile return if path is protected
|
||||
func (protectBranch *ProtectedBranch) IsProtectedFile(patterns []glob.Glob, path string) bool {
|
||||
if len(patterns) == 0 {
|
||||
patterns = protectBranch.GetProtectedFilePatterns()
|
||||
if len(patterns) == 0 {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
lpath := strings.ToLower(strings.TrimSpace(path))
|
||||
|
||||
r := false
|
||||
for _, pat := range patterns {
|
||||
if pat.Match(lpath) {
|
||||
r = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return r
|
||||
}
|
||||
|
||||
// IsUnprotectedFile return if path is unprotected
|
||||
func (protectBranch *ProtectedBranch) IsUnprotectedFile(patterns []glob.Glob, path string) bool {
|
||||
if len(patterns) == 0 {
|
||||
patterns = protectBranch.GetUnprotectedFilePatterns()
|
||||
if len(patterns) == 0 {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
lpath := strings.ToLower(strings.TrimSpace(path))
|
||||
|
||||
r := false
|
||||
for _, pat := range patterns {
|
||||
if pat.Match(lpath) {
|
||||
r = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return r
|
||||
}
|
||||
|
||||
// GetProtectedBranchRuleByName getting protected branch rule by name
|
||||
func GetProtectedBranchRuleByName(ctx context.Context, repoID int64, ruleName string) (*ProtectedBranch, error) {
|
||||
rel := &ProtectedBranch{RepoID: repoID, RuleName: ruleName}
|
||||
has, err := db.GetByBean(ctx, rel)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if !has {
|
||||
return nil, nil
|
||||
}
|
||||
return rel, nil
|
||||
}
|
||||
|
||||
// GetProtectedBranchRuleByID getting protected branch rule by rule ID
|
||||
func GetProtectedBranchRuleByID(ctx context.Context, repoID, ruleID int64) (*ProtectedBranch, error) {
|
||||
rel := &ProtectedBranch{ID: ruleID, RepoID: repoID}
|
||||
has, err := db.GetByBean(ctx, rel)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if !has {
|
||||
return nil, nil
|
||||
}
|
||||
return rel, nil
|
||||
}
|
||||
|
||||
// WhitelistOptions represent all sorts of whitelists used for protected branches
|
||||
type WhitelistOptions struct {
|
||||
UserIDs []int64
|
||||
TeamIDs []int64
|
||||
|
||||
MergeUserIDs []int64
|
||||
MergeTeamIDs []int64
|
||||
|
||||
ApprovalsUserIDs []int64
|
||||
ApprovalsTeamIDs []int64
|
||||
}
|
||||
|
||||
// UpdateProtectBranch saves branch protection options of repository.
|
||||
// If ID is 0, it creates a new record. Otherwise, updates existing record.
|
||||
// This function also performs check if whitelist user and team's IDs have been changed
|
||||
// to avoid unnecessary whitelist delete and regenerate.
|
||||
func UpdateProtectBranch(ctx context.Context, repo *repo_model.Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {
|
||||
if err = repo.GetOwner(ctx); err != nil {
|
||||
return fmt.Errorf("GetOwner: %v", err)
|
||||
}
|
||||
|
||||
whitelist, err := updateUserWhitelist(ctx, repo, protectBranch.WhitelistUserIDs, opts.UserIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.WhitelistUserIDs = whitelist
|
||||
|
||||
whitelist, err = updateUserWhitelist(ctx, repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.MergeWhitelistUserIDs = whitelist
|
||||
|
||||
whitelist, err = updateApprovalWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.ApprovalsWhitelistUserIDs = whitelist
|
||||
|
||||
// if the repo is in an organization
|
||||
whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.WhitelistTeamIDs = whitelist
|
||||
|
||||
whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.MergeWhitelistTeamIDs = whitelist
|
||||
|
||||
whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
protectBranch.ApprovalsWhitelistTeamIDs = whitelist
|
||||
|
||||
// Make sure protectBranch.ID is not 0 for whitelists
|
||||
if protectBranch.ID == 0 {
|
||||
if _, err = db.GetEngine(ctx).Insert(protectBranch); err != nil {
|
||||
return fmt.Errorf("Insert: %v", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
if _, err = db.GetEngine(ctx).ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {
|
||||
return fmt.Errorf("Update: %v", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with
|
||||
// the users from newWhitelist which have explicit read or write access to the repo.
|
||||
func updateApprovalWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
||||
hasUsersChanged := !util.SliceSortedEqual(currentWhitelist, newWhitelist)
|
||||
if !hasUsersChanged {
|
||||
return currentWhitelist, nil
|
||||
}
|
||||
|
||||
whitelist = make([]int64, 0, len(newWhitelist))
|
||||
for _, userID := range newWhitelist {
|
||||
if reader, err := access_model.IsRepoReader(ctx, repo, userID); err != nil {
|
||||
return nil, err
|
||||
} else if !reader {
|
||||
continue
|
||||
}
|
||||
whitelist = append(whitelist, userID)
|
||||
}
|
||||
|
||||
return whitelist, err
|
||||
}
|
||||
|
||||
// updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with
|
||||
// the users from newWhitelist which have write access to the repo.
|
||||
func updateUserWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
||||
hasUsersChanged := !util.SliceSortedEqual(currentWhitelist, newWhitelist)
|
||||
if !hasUsersChanged {
|
||||
return currentWhitelist, nil
|
||||
}
|
||||
|
||||
whitelist = make([]int64, 0, len(newWhitelist))
|
||||
for _, userID := range newWhitelist {
|
||||
user, err := user_model.GetUserByID(ctx, userID)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("GetUserByID [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)
|
||||
}
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, repo, user)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("GetUserRepoPermission [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)
|
||||
}
|
||||
|
||||
if !perm.CanWrite(unit.TypeCode) {
|
||||
continue // Drop invalid user ID
|
||||
}
|
||||
|
||||
whitelist = append(whitelist, userID)
|
||||
}
|
||||
|
||||
return whitelist, err
|
||||
}
|
||||
|
||||
// updateTeamWhitelist checks whether the team whitelist changed and returns a whitelist with
|
||||
// the teams from newWhitelist which have write access to the repo.
|
||||
func updateTeamWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
||||
hasTeamsChanged := !util.SliceSortedEqual(currentWhitelist, newWhitelist)
|
||||
if !hasTeamsChanged {
|
||||
return currentWhitelist, nil
|
||||
}
|
||||
|
||||
teams, err := organization.GetTeamsWithAccessToRepo(ctx, repo.OwnerID, repo.ID, perm.AccessModeRead)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %v", repo.OwnerID, repo.ID, err)
|
||||
}
|
||||
|
||||
whitelist = make([]int64, 0, len(teams))
|
||||
for i := range teams {
|
||||
if util.SliceContains(newWhitelist, teams[i].ID) {
|
||||
whitelist = append(whitelist, teams[i].ID)
|
||||
}
|
||||
}
|
||||
|
||||
return whitelist, err
|
||||
}
|
||||
|
||||
// DeleteProtectedBranch removes ProtectedBranch relation between the user and repository.
|
||||
func DeleteProtectedBranch(ctx context.Context, repoID, id int64) (err error) {
|
||||
protectedBranch := &ProtectedBranch{
|
||||
RepoID: repoID,
|
||||
ID: id,
|
||||
}
|
||||
|
||||
if affected, err := db.GetEngine(ctx).Delete(protectedBranch); err != nil {
|
||||
return err
|
||||
} else if affected != 1 {
|
||||
return fmt.Errorf("delete protected branch ID(%v) failed", id)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// RemoveUserIDFromProtectedBranch remove all user ids from protected branch options
|
||||
func RemoveUserIDFromProtectedBranch(ctx context.Context, p *ProtectedBranch, userID int64) error {
|
||||
lenIDs, lenApprovalIDs, lenMergeIDs := len(p.WhitelistUserIDs), len(p.ApprovalsWhitelistUserIDs), len(p.MergeWhitelistUserIDs)
|
||||
p.WhitelistUserIDs = util.SliceRemoveAll(p.WhitelistUserIDs, userID)
|
||||
p.ApprovalsWhitelistUserIDs = util.SliceRemoveAll(p.ApprovalsWhitelistUserIDs, userID)
|
||||
p.MergeWhitelistUserIDs = util.SliceRemoveAll(p.MergeWhitelistUserIDs, userID)
|
||||
|
||||
if lenIDs != len(p.WhitelistUserIDs) || lenApprovalIDs != len(p.ApprovalsWhitelistUserIDs) ||
|
||||
lenMergeIDs != len(p.MergeWhitelistUserIDs) {
|
||||
if _, err := db.GetEngine(ctx).ID(p.ID).Cols(
|
||||
"whitelist_user_i_ds",
|
||||
"merge_whitelist_user_i_ds",
|
||||
"approvals_whitelist_user_i_ds",
|
||||
).Update(p); err != nil {
|
||||
return fmt.Errorf("updateProtectedBranches: %v", err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// RemoveTeamIDFromProtectedBranch remove all team ids from protected branch options
|
||||
func RemoveTeamIDFromProtectedBranch(ctx context.Context, p *ProtectedBranch, teamID int64) error {
|
||||
lenIDs, lenApprovalIDs, lenMergeIDs := len(p.WhitelistTeamIDs), len(p.ApprovalsWhitelistTeamIDs), len(p.MergeWhitelistTeamIDs)
|
||||
p.WhitelistTeamIDs = util.SliceRemoveAll(p.WhitelistTeamIDs, teamID)
|
||||
p.ApprovalsWhitelistTeamIDs = util.SliceRemoveAll(p.ApprovalsWhitelistTeamIDs, teamID)
|
||||
p.MergeWhitelistTeamIDs = util.SliceRemoveAll(p.MergeWhitelistTeamIDs, teamID)
|
||||
|
||||
if lenIDs != len(p.WhitelistTeamIDs) ||
|
||||
lenApprovalIDs != len(p.ApprovalsWhitelistTeamIDs) ||
|
||||
lenMergeIDs != len(p.MergeWhitelistTeamIDs) {
|
||||
if _, err := db.GetEngine(ctx).ID(p.ID).Cols(
|
||||
"whitelist_team_i_ds",
|
||||
"merge_whitelist_team_i_ds",
|
||||
"approvals_whitelist_team_i_ds",
|
||||
).Update(p); err != nil {
|
||||
return fmt.Errorf("updateProtectedBranches: %v", err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,86 @@
|
|||
// Copyright 2022 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package git
|
||||
|
||||
import (
|
||||
"context"
|
||||
"sort"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/modules/git"
|
||||
|
||||
"github.com/gobwas/glob"
|
||||
)
|
||||
|
||||
type ProtectedBranchRules []*ProtectedBranch
|
||||
|
||||
func (rules ProtectedBranchRules) GetFirstMatched(branchName string) *ProtectedBranch {
|
||||
for _, rule := range rules {
|
||||
if rule.Match(branchName) {
|
||||
return rule
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (rules ProtectedBranchRules) sort() {
|
||||
sort.Slice(rules, func(i, j int) bool {
|
||||
rules[i].loadGlob()
|
||||
rules[j].loadGlob()
|
||||
if rules[i].isPlainName {
|
||||
if !rules[j].isPlainName {
|
||||
return true
|
||||
}
|
||||
} else if rules[j].isPlainName {
|
||||
return true
|
||||
}
|
||||
return rules[i].CreatedUnix < rules[j].CreatedUnix
|
||||
})
|
||||
}
|
||||
|
||||
// FindRepoProtectedBranchRules load all repository's protected rules
|
||||
func FindRepoProtectedBranchRules(ctx context.Context, repoID int64) (ProtectedBranchRules, error) {
|
||||
var rules ProtectedBranchRules
|
||||
err := db.GetEngine(ctx).Where("repo_id = ?", repoID).Asc("created_unix").Find(&rules)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
rules.sort()
|
||||
return rules, nil
|
||||
}
|
||||
|
||||
// FindAllMatchedBranches find all matched branches
|
||||
func FindAllMatchedBranches(ctx context.Context, gitRepo *git.Repository, ruleName string) ([]string, error) {
|
||||
// FIXME: how many should we get?
|
||||
branches, _, err := gitRepo.GetBranchNames(0, 9999999)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
rule := glob.MustCompile(ruleName)
|
||||
results := make([]string, 0, len(branches))
|
||||
for _, branch := range branches {
|
||||
if rule.Match(branch) {
|
||||
results = append(results, branch)
|
||||
}
|
||||
}
|
||||
return results, nil
|
||||
}
|
||||
|
||||
// GetFirstMatchProtectedBranchRule returns the first matched rules
|
||||
func GetFirstMatchProtectedBranchRule(ctx context.Context, repoID int64, branchName string) (*ProtectedBranch, error) {
|
||||
rules, err := FindRepoProtectedBranchRules(ctx, repoID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return rules.GetFirstMatched(branchName), nil
|
||||
}
|
||||
|
||||
// IsBranchProtected checks if branch is protected
|
||||
func IsBranchProtected(ctx context.Context, repoID int64, branchName string) (bool, error) {
|
||||
rule, err := GetFirstMatchProtectedBranchRule(ctx, repoID, branchName)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return rule != nil, nil
|
||||
}
|
|
@ -0,0 +1,78 @@
|
|||
// Copyright 2022 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package git
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestBranchRuleMatch(t *testing.T) {
|
||||
kases := []struct {
|
||||
Rule string
|
||||
BranchName string
|
||||
ExpectedMatch bool
|
||||
}{
|
||||
{
|
||||
Rule: "release/*",
|
||||
BranchName: "release/v1.17",
|
||||
ExpectedMatch: true,
|
||||
},
|
||||
{
|
||||
Rule: "release/**/v1.17",
|
||||
BranchName: "release/test/v1.17",
|
||||
ExpectedMatch: true,
|
||||
},
|
||||
{
|
||||
Rule: "release/**/v1.17",
|
||||
BranchName: "release/test/1/v1.17",
|
||||
ExpectedMatch: true,
|
||||
},
|
||||
{
|
||||
Rule: "release/*/v1.17",
|
||||
BranchName: "release/test/1/v1.17",
|
||||
ExpectedMatch: false,
|
||||
},
|
||||
{
|
||||
Rule: "release/v*",
|
||||
BranchName: "release/v1.16",
|
||||
ExpectedMatch: true,
|
||||
},
|
||||
{
|
||||
Rule: "*",
|
||||
BranchName: "release/v1.16",
|
||||
ExpectedMatch: false,
|
||||
},
|
||||
{
|
||||
Rule: "**",
|
||||
BranchName: "release/v1.16",
|
||||
ExpectedMatch: true,
|
||||
},
|
||||
{
|
||||
Rule: "main",
|
||||
BranchName: "main",
|
||||
ExpectedMatch: true,
|
||||
},
|
||||
{
|
||||
Rule: "master",
|
||||
BranchName: "main",
|
||||
ExpectedMatch: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, kase := range kases {
|
||||
pb := ProtectedBranch{RuleName: kase.Rule}
|
||||
var should, infact string
|
||||
if !kase.ExpectedMatch {
|
||||
should = " not"
|
||||
} else {
|
||||
infact = " not"
|
||||
}
|
||||
assert.EqualValues(t, kase.ExpectedMatch, pb.Match(kase.BranchName),
|
||||
fmt.Sprintf("%s should%s match %s but it is%s", kase.BranchName, should, kase.Rule, infact),
|
||||
)
|
||||
}
|
||||
}
|
|
@ -155,7 +155,7 @@ func MakeIDsFromAPIAssigneesToAdd(ctx context.Context, oneAssignee string, multi
|
|||
var requestAssignees []string
|
||||
|
||||
// Keeping the old assigning method for compatibility reasons
|
||||
if oneAssignee != "" && !util.IsStringInSlice(oneAssignee, multipleAssignees) {
|
||||
if oneAssignee != "" && !util.SliceContainsString(multipleAssignees, oneAssignee) {
|
||||
requestAssignees = append(requestAssignees, oneAssignee)
|
||||
}
|
||||
|
||||
|
|
|
@ -1531,7 +1531,7 @@ func IsUserParticipantsOfIssue(user *user_model.User, issue *Issue) bool {
|
|||
log.Error(err.Error())
|
||||
return false
|
||||
}
|
||||
return util.IsInt64InSlice(user.ID, userIDs)
|
||||
return util.SliceContains(userIDs, user.ID)
|
||||
}
|
||||
|
||||
// UpdateIssueMentions updates issue-user relations for mentioned users.
|
||||
|
@ -2025,7 +2025,7 @@ func (issue *Issue) GetParticipantIDsByIssue(ctx context.Context) ([]int64, erro
|
|||
Find(&userIDs); err != nil {
|
||||
return nil, fmt.Errorf("get poster IDs: %w", err)
|
||||
}
|
||||
if !util.IsInt64InSlice(issue.PosterID, userIDs) {
|
||||
if !util.SliceContains(userIDs, issue.PosterID) {
|
||||
return append(userIDs, issue.PosterID), nil
|
||||
}
|
||||
return userIDs, nil
|
||||
|
|
|
@ -164,9 +164,8 @@ type PullRequest struct {
|
|||
HeadBranch string
|
||||
HeadCommitID string `xorm:"-"`
|
||||
BaseBranch string
|
||||
ProtectedBranch *git_model.ProtectedBranch `xorm:"-"`
|
||||
MergeBase string `xorm:"VARCHAR(40)"`
|
||||
AllowMaintainerEdit bool `xorm:"NOT NULL DEFAULT false"`
|
||||
MergeBase string `xorm:"VARCHAR(40)"`
|
||||
AllowMaintainerEdit bool `xorm:"NOT NULL DEFAULT false"`
|
||||
|
||||
HasMerged bool `xorm:"INDEX"`
|
||||
MergedCommitID string `xorm:"VARCHAR(40)"`
|
||||
|
@ -293,23 +292,6 @@ func (pr *PullRequest) LoadIssue(ctx context.Context) (err error) {
|
|||
return err
|
||||
}
|
||||
|
||||
// LoadProtectedBranch loads the protected branch of the base branch
|
||||
func (pr *PullRequest) LoadProtectedBranch(ctx context.Context) (err error) {
|
||||
if pr.ProtectedBranch == nil {
|
||||
if pr.BaseRepo == nil {
|
||||
if pr.BaseRepoID == 0 {
|
||||
return nil
|
||||
}
|
||||
pr.BaseRepo, err = repo_model.GetRepositoryByID(ctx, pr.BaseRepoID)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
pr.ProtectedBranch, err = git_model.GetProtectedBranchBy(ctx, pr.BaseRepo.ID, pr.BaseBranch)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
// ReviewCount represents a count of Reviews
|
||||
type ReviewCount struct {
|
||||
IssueID int64
|
||||
|
|
|
@ -263,15 +263,17 @@ func IsOfficialReviewer(ctx context.Context, issue *Issue, reviewers ...*user_mo
|
|||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if err = pr.LoadProtectedBranch(ctx); err != nil {
|
||||
|
||||
rule, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pr.BaseRepoID, pr.BaseBranch)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if pr.ProtectedBranch == nil {
|
||||
if rule == nil {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
for _, reviewer := range reviewers {
|
||||
official, err := git_model.IsUserOfficialReviewer(ctx, pr.ProtectedBranch, reviewer)
|
||||
official, err := git_model.IsUserOfficialReviewer(ctx, rule, reviewer)
|
||||
if official || err != nil {
|
||||
return official, err
|
||||
}
|
||||
|
@ -286,18 +288,19 @@ func IsOfficialReviewerTeam(ctx context.Context, issue *Issue, team *organizatio
|
|||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if err = pr.LoadProtectedBranch(ctx); err != nil {
|
||||
pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pr.BaseRepoID, pr.BaseBranch)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if pr.ProtectedBranch == nil {
|
||||
if pb == nil {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
if !pr.ProtectedBranch.EnableApprovalsWhitelist {
|
||||
if !pb.EnableApprovalsWhitelist {
|
||||
return team.UnitAccessMode(ctx, unit.TypeCode) >= perm.AccessModeWrite, nil
|
||||
}
|
||||
|
||||
return base.Int64sContains(pr.ProtectedBranch.ApprovalsWhitelistTeamIDs, team.ID), nil
|
||||
return base.Int64sContains(pb.ApprovalsWhitelistTeamIDs, team.ID), nil
|
||||
}
|
||||
|
||||
// CreateReview creates a new review based on opts
|
||||
|
@ -733,17 +736,9 @@ func RemoveReviewRequest(issue *Issue, reviewer, doer *user_model.User) (*Commen
|
|||
if err != nil {
|
||||
return nil, err
|
||||
} else if official {
|
||||
// recalculate the latest official review for reviewer
|
||||
review, err := GetReviewByIssueIDAndUserID(ctx, issue.ID, reviewer.ID)
|
||||
if err != nil && !IsErrReviewNotExist(err) {
|
||||
if err := restoreLatestOfficialReview(ctx, issue.ID, reviewer.ID); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if review != nil {
|
||||
if _, err := db.Exec(ctx, "UPDATE `review` SET official=? WHERE id=?", true, review.ID); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
comment, err := CreateComment(ctx, &CreateCommentOptions{
|
||||
|
@ -761,6 +756,22 @@ func RemoveReviewRequest(issue *Issue, reviewer, doer *user_model.User) (*Commen
|
|||
return comment, committer.Commit()
|
||||
}
|
||||
|
||||
// Recalculate the latest official review for reviewer
|
||||
func restoreLatestOfficialReview(ctx context.Context, issueID, reviewerID int64) error {
|
||||
review, err := GetReviewByIssueIDAndUserID(ctx, issueID, reviewerID)
|
||||
if err != nil && !IsErrReviewNotExist(err) {
|
||||
return err
|
||||
}
|
||||
|
||||
if review != nil {
|
||||
if _, err := db.Exec(ctx, "UPDATE `review` SET official=? WHERE id=?", true, review.ID); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// AddTeamReviewRequest add a review request from one team
|
||||
func AddTeamReviewRequest(issue *Issue, reviewer *organization.Team, doer *user_model.User) (*Comment, error) {
|
||||
ctx, committer, err := db.TxContext(db.DefaultContext)
|
||||
|
@ -979,6 +990,12 @@ func DeleteReview(r *Review) error {
|
|||
return err
|
||||
}
|
||||
|
||||
if r.Official {
|
||||
if err := restoreLatestOfficialReview(ctx, r.IssueID, r.ReviewerID); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return committer.Commit()
|
||||
}
|
||||
|
||||
|
|
|
@ -200,3 +200,38 @@ func TestDismissReview(t *testing.T) {
|
|||
assert.False(t, requestReviewExample.Dismissed)
|
||||
assert.True(t, approveReviewExample.Dismissed)
|
||||
}
|
||||
|
||||
func TestDeleteReview(t *testing.T) {
|
||||
assert.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 2})
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
|
||||
|
||||
review1, err := issues_model.CreateReview(db.DefaultContext, issues_model.CreateReviewOptions{
|
||||
Content: "Official rejection",
|
||||
Type: issues_model.ReviewTypeReject,
|
||||
Official: false,
|
||||
Issue: issue,
|
||||
Reviewer: user,
|
||||
})
|
||||
assert.NoError(t, err)
|
||||
|
||||
review2, err := issues_model.CreateReview(db.DefaultContext, issues_model.CreateReviewOptions{
|
||||
Content: "Official approval",
|
||||
Type: issues_model.ReviewTypeApprove,
|
||||
Official: true,
|
||||
Issue: issue,
|
||||
Reviewer: user,
|
||||
})
|
||||
assert.NoError(t, err)
|
||||
|
||||
assert.NoError(t, issues_model.DeleteReview(review2))
|
||||
|
||||
_, err = issues_model.GetReviewByID(db.DefaultContext, review2.ID)
|
||||
assert.Error(t, err)
|
||||
assert.True(t, issues_model.IsErrReviewNotExist(err), "IsErrReviewNotExist")
|
||||
|
||||
review1, err = issues_model.GetReviewByID(db.DefaultContext, review1.ID)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, review1.Official)
|
||||
}
|
||||
|
|
|
@ -432,6 +432,9 @@ var migrations = []Migration{
|
|||
NewMigration("Update counts of all open milestones", v1_18.UpdateOpenMilestoneCounts),
|
||||
// v230 -> v231
|
||||
NewMigration("Add ConfidentialClient column (default true) to OAuth2Application table", v1_18.AddConfidentialClientColumnToOAuth2ApplicationTable),
|
||||
|
||||
// Gitea 1.18.0 ends at v231
|
||||
|
||||
// v231 -> v232
|
||||
NewMigration("Add index for hook_task", v1_19.AddIndexForHookTask),
|
||||
// v232 -> v233
|
||||
|
@ -446,6 +449,8 @@ var migrations = []Migration{
|
|||
NewMigration("Create secrets table", v1_19.CreateSecretsTable),
|
||||
// v237 -> v238
|
||||
NewMigration("Drop ForeignReference table", v1_19.DropForeignReferenceTable),
|
||||
// v238 -> v239
|
||||
NewMigration("Add updated unix to LFSMetaObject", v1_19.AddUpdatedUnixToLFSMetaObject),
|
||||
}
|
||||
|
||||
// GetCurrentDBVersion returns the current db version
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
// Copyright 2022 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package v1_19 //nolint
|
||||
|
||||
import (
|
||||
"code.gitea.io/gitea/modules/timeutil"
|
||||
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
// AddUpdatedUnixToLFSMetaObject adds an updated column to the LFSMetaObject to allow for garbage collection
|
||||
func AddUpdatedUnixToLFSMetaObject(x *xorm.Engine) error {
|
||||
// Drop the table introduced in `v211`, it's considered badly designed and doesn't look like to be used.
|
||||
// See: https://github.com/go-gitea/gitea/issues/21086#issuecomment-1318217453
|
||||
// LFSMetaObject stores metadata for LFS tracked files.
|
||||
type LFSMetaObject struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
Oid string `json:"oid" xorm:"UNIQUE(s) INDEX NOT NULL"`
|
||||
Size int64 `json:"size" xorm:"NOT NULL"`
|
||||
RepositoryID int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
|
||||
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
||||
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
|
||||
}
|
||||
|
||||
return x.Sync(new(LFSMetaObject))
|
||||
}
|
|
@ -378,7 +378,6 @@ func DeleteTeam(t *organization.Team) error {
|
|||
return err
|
||||
}
|
||||
defer committer.Close()
|
||||
sess := db.GetEngine(ctx)
|
||||
|
||||
if err := t.LoadRepositories(ctx); err != nil {
|
||||
return err
|
||||
|
@ -391,34 +390,15 @@ func DeleteTeam(t *organization.Team) error {
|
|||
// update branch protections
|
||||
{
|
||||
protections := make([]*git_model.ProtectedBranch, 0, 10)
|
||||
err := sess.In("repo_id",
|
||||
err := db.GetEngine(ctx).In("repo_id",
|
||||
builder.Select("id").From("repository").Where(builder.Eq{"owner_id": t.OrgID})).
|
||||
Find(&protections)
|
||||
if err != nil {
|
||||
return fmt.Errorf("findProtectedBranches: %w", err)
|
||||
}
|
||||
for _, p := range protections {
|
||||
var matched1, matched2, matched3 bool
|
||||
if len(p.WhitelistTeamIDs) != 0 {
|
||||
p.WhitelistTeamIDs, matched1 = util.RemoveIDFromList(
|
||||
p.WhitelistTeamIDs, t.ID)
|
||||
}
|
||||
if len(p.ApprovalsWhitelistTeamIDs) != 0 {
|
||||
p.ApprovalsWhitelistTeamIDs, matched2 = util.RemoveIDFromList(
|
||||
p.ApprovalsWhitelistTeamIDs, t.ID)
|
||||
}
|
||||
if len(p.MergeWhitelistTeamIDs) != 0 {
|
||||
p.MergeWhitelistTeamIDs, matched3 = util.RemoveIDFromList(
|
||||
p.MergeWhitelistTeamIDs, t.ID)
|
||||
}
|
||||
if matched1 || matched2 || matched3 {
|
||||
if _, err = sess.ID(p.ID).Cols(
|
||||
"whitelist_team_i_ds",
|
||||
"merge_whitelist_team_i_ds",
|
||||
"approvals_whitelist_team_i_ds",
|
||||
).Update(p); err != nil {
|
||||
return fmt.Errorf("updateProtectedBranches: %w", err)
|
||||
}
|
||||
if err := git_model.RemoveTeamIDFromProtectedBranch(ctx, p, t.ID); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -439,7 +419,7 @@ func DeleteTeam(t *organization.Team) error {
|
|||
}
|
||||
|
||||
// Update organization number of teams.
|
||||
if _, err := sess.Exec("UPDATE `user` SET num_teams=num_teams-1 WHERE id=?", t.OrgID); err != nil {
|
||||
if _, err := db.Exec(ctx, "UPDATE `user` SET num_teams=num_teams-1 WHERE id=?", t.OrgID); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
@ -25,6 +25,7 @@ type BlobSearchOptions struct {
|
|||
Digest string
|
||||
Tag string
|
||||
IsManifest bool
|
||||
Repository string
|
||||
}
|
||||
|
||||
func (opts *BlobSearchOptions) toConds() builder.Cond {
|
||||
|
@ -53,6 +54,15 @@ func (opts *BlobSearchOptions) toConds() builder.Cond {
|
|||
|
||||
cond = cond.And(builder.In("package_file.id", builder.Select("package_property.ref_id").Where(propsCond).From("package_property")))
|
||||
}
|
||||
if opts.Repository != "" {
|
||||
var propsCond builder.Cond = builder.Eq{
|
||||
"package_property.ref_type": packages.PropertyTypePackage,
|
||||
"package_property.name": container_module.PropertyRepository,
|
||||
"package_property.value": opts.Repository,
|
||||
}
|
||||
|
||||
cond = cond.And(builder.In("package.id", builder.Select("package_property.ref_id").Where(propsCond).From("package_property")))
|
||||
}
|
||||
|
||||
return cond
|
||||
}
|
||||
|
|
|
@ -13,6 +13,7 @@ import (
|
|||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/container"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/structs"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
|
||||
|
@ -496,8 +497,12 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
|
|||
// Only show a repo that either has a topic or description.
|
||||
subQueryCond := builder.NewCond()
|
||||
|
||||
// Topic checking. Topics is non-null.
|
||||
subQueryCond = subQueryCond.Or(builder.And(builder.Neq{"topics": "null"}, builder.Neq{"topics": "[]"}))
|
||||
// Topic checking. Topics are present.
|
||||
if setting.Database.UsePostgreSQL { // postgres stores the topics as json and not as text
|
||||
subQueryCond = subQueryCond.Or(builder.And(builder.NotNull{"topics"}, builder.Neq{"(topics)::text": "[]"}))
|
||||
} else {
|
||||
subQueryCond = subQueryCond.Or(builder.And(builder.Neq{"topics": "null"}, builder.Neq{"topics": "[]"}))
|
||||
}
|
||||
|
||||
// Description checking. Description not empty.
|
||||
subQueryCond = subQueryCond.Or(builder.Neq{"description": ""})
|
||||
|
|
|
@ -184,7 +184,7 @@ func ChangeRepositoryName(doer *user_model.User, repo *Repository, newRepoName s
|
|||
return committer.Commit()
|
||||
}
|
||||
|
||||
// UpdateRepoSize updates the repository size, calculating it using util.GetDirectorySize
|
||||
// UpdateRepoSize updates the repository size, calculating it using getDirectorySize
|
||||
func UpdateRepoSize(ctx context.Context, repoID, size int64) error {
|
||||
_, err := db.GetEngine(ctx).ID(repoID).Cols("size").NoAutoTime().Update(&Repository{
|
||||
Size: size,
|
||||
|
|
|
@ -106,6 +106,8 @@ func MainTest(m *testing.M, testOpts *TestOptions) {
|
|||
|
||||
setting.Git.HomePath = filepath.Join(setting.AppDataPath, "home")
|
||||
|
||||
setting.IncomingEmail.ReplyToAddress = "incoming+%{token}@localhost"
|
||||
|
||||
if err = storage.Init(); err != nil {
|
||||
fatalTestError("storage.Init: %v\n", err)
|
||||
}
|
||||
|
|
|
@ -23,7 +23,6 @@ import (
|
|||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
)
|
||||
|
||||
// DeleteUser deletes models associated to an user.
|
||||
|
@ -141,27 +140,8 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) (err error)
|
|||
break
|
||||
}
|
||||
for _, p := range protections {
|
||||
var matched1, matched2, matched3 bool
|
||||
if len(p.WhitelistUserIDs) != 0 {
|
||||
p.WhitelistUserIDs, matched1 = util.RemoveIDFromList(
|
||||
p.WhitelistUserIDs, u.ID)
|
||||
}
|
||||
if len(p.ApprovalsWhitelistUserIDs) != 0 {
|
||||
p.ApprovalsWhitelistUserIDs, matched2 = util.RemoveIDFromList(
|
||||
p.ApprovalsWhitelistUserIDs, u.ID)
|
||||
}
|
||||
if len(p.MergeWhitelistUserIDs) != 0 {
|
||||
p.MergeWhitelistUserIDs, matched3 = util.RemoveIDFromList(
|
||||
p.MergeWhitelistUserIDs, u.ID)
|
||||
}
|
||||
if matched1 || matched2 || matched3 {
|
||||
if _, err = e.ID(p.ID).Cols(
|
||||
"whitelist_user_i_ds",
|
||||
"merge_whitelist_user_i_ds",
|
||||
"approvals_whitelist_user_i_ds",
|
||||
).Update(p); err != nil {
|
||||
return fmt.Errorf("updateProtectedBranches: %w", err)
|
||||
}
|
||||
if err := git_model.RemoveUserIDFromProtectedBranch(ctx, p, u.ID); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,14 +6,13 @@ package webauthn
|
|||
import (
|
||||
"encoding/binary"
|
||||
"encoding/gob"
|
||||
"net/url"
|
||||
|
||||
"code.gitea.io/gitea/models/auth"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
)
|
||||
|
||||
// WebAuthn represents the global WebAuthn instance
|
||||
|
@ -23,13 +22,13 @@ var WebAuthn *webauthn.WebAuthn
|
|||
func Init() {
|
||||
gob.Register(&webauthn.SessionData{})
|
||||
|
||||
appURL, _ := url.Parse(setting.AppURL)
|
||||
appURL, _ := protocol.FullyQualifiedOrigin(setting.AppURL)
|
||||
|
||||
WebAuthn = &webauthn.WebAuthn{
|
||||
Config: &webauthn.Config{
|
||||
RPDisplayName: setting.AppName,
|
||||
RPID: setting.Domain,
|
||||
RPOrigin: protocol.FullyQualifiedOrigin(appURL),
|
||||
RPOrigin: appURL,
|
||||
AuthenticatorSelection: protocol.AuthenticatorSelection{
|
||||
UserVerification: "discouraged",
|
||||
},
|
||||
|
|
|
@ -119,14 +119,15 @@ type CanCommitToBranchResults struct {
|
|||
//
|
||||
// and branch is not protected for push
|
||||
func (r *Repository) CanCommitToBranch(ctx context.Context, doer *user_model.User) (CanCommitToBranchResults, error) {
|
||||
protectedBranch, err := git_model.GetProtectedBranchBy(ctx, r.Repository.ID, r.BranchName)
|
||||
protectedBranch, err := git_model.GetFirstMatchProtectedBranchRule(ctx, r.Repository.ID, r.BranchName)
|
||||
if err != nil {
|
||||
return CanCommitToBranchResults{}, err
|
||||
}
|
||||
userCanPush := true
|
||||
requireSigned := false
|
||||
if protectedBranch != nil {
|
||||
userCanPush = protectedBranch.CanUserPush(ctx, doer.ID)
|
||||
protectedBranch.Repo = r.Repository
|
||||
userCanPush = protectedBranch.CanUserPush(ctx, doer)
|
||||
requireSigned = protectedBranch.RequireSignedCommits
|
||||
}
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@ package doctor
|
|||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
|
@ -29,7 +30,20 @@ func garbageCollectLFSCheck(ctx context.Context, logger log.Logger, autofix bool
|
|||
return fmt.Errorf("LFS support is disabled")
|
||||
}
|
||||
|
||||
if err := repository.GarbageCollectLFSMetaObjects(ctx, logger, autofix); err != nil {
|
||||
if err := repository.GarbageCollectLFSMetaObjects(ctx, repository.GarbageCollectLFSMetaObjectsOptions{
|
||||
Logger: logger,
|
||||
AutoFix: autofix,
|
||||
// Only attempt to garbage collect lfs meta objects older than a week as the order of git lfs upload
|
||||
// and git object upload is not necessarily guaranteed. It's possible to imagine a situation whereby
|
||||
// an LFS object is uploaded but the git branch is not uploaded immediately, or there are some rapid
|
||||
// changes in new branches that might lead to lfs objects becoming temporarily unassociated with git
|
||||
// objects.
|
||||
//
|
||||
// It is likely that a week is potentially excessive but it should definitely be enough that any
|
||||
// unassociated LFS object is genuinely unassociated.
|
||||
OlderThan: time.Now().Add(-24 * time.Hour * 7),
|
||||
// We don't set the UpdatedLessRecentlyThan because we want to do a full GC
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
@ -225,14 +225,24 @@ func compressOldLogFile(fname string, compressionLevel int) error {
|
|||
|
||||
func (log *FileLogger) deleteOldLog() {
|
||||
dir := filepath.Dir(log.Filename)
|
||||
_ = filepath.Walk(dir, func(path string, info os.FileInfo, err error) (returnErr error) {
|
||||
_ = filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) (returnErr error) {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
returnErr = fmt.Errorf("Unable to delete old log '%s', error: %+v", path, r)
|
||||
}
|
||||
}()
|
||||
|
||||
if !info.IsDir() && info.ModTime().Unix() < (time.Now().Unix()-60*60*24*log.Maxdays) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if d.IsDir() {
|
||||
return nil
|
||||
}
|
||||
info, err := d.Info()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if info.ModTime().Unix() < (time.Now().Unix() - 60*60*24*log.Maxdays) {
|
||||
if strings.HasPrefix(filepath.Base(path), filepath.Base(log.Filename)) {
|
||||
if err := util.Remove(path); err != nil {
|
||||
returnErr = fmt.Errorf("Failed to remove %s: %w", path, err)
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
package external
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
|
@ -132,11 +133,13 @@ func (p *Renderer) Render(ctx *markup.RenderContext, input io.Reader, output io.
|
|||
if !p.IsInputFile {
|
||||
cmd.Stdin = input
|
||||
}
|
||||
var stderr bytes.Buffer
|
||||
cmd.Stdout = output
|
||||
cmd.Stderr = &stderr
|
||||
process.SetSysProcAttribute(cmd)
|
||||
|
||||
if err := cmd.Run(); err != nil {
|
||||
return fmt.Errorf("%s render run command %s %v failed: %w", p.Name(), commands[0], args, err)
|
||||
return fmt.Errorf("%s render run command %s %v failed: %w\nStderr: %s", p.Name(), commands[0], args, err, stderr.String())
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"fmt"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
|
@ -285,9 +286,36 @@ func CreateRepository(doer, u *user_model.User, opts CreateRepoOptions) (*repo_m
|
|||
return repo, nil
|
||||
}
|
||||
|
||||
// UpdateRepoSize updates the repository size, calculating it using util.GetDirectorySize
|
||||
const notRegularFileMode = os.ModeSymlink | os.ModeNamedPipe | os.ModeSocket | os.ModeDevice | os.ModeCharDevice | os.ModeIrregular
|
||||
|
||||
// getDirectorySize returns the disk consumption for a given path
|
||||
func getDirectorySize(path string) (int64, error) {
|
||||
var size int64
|
||||
err := filepath.WalkDir(path, func(_ string, info os.DirEntry, err error) error {
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) { // ignore the error because the file maybe deleted during traversing.
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
if info.IsDir() {
|
||||
return nil
|
||||
}
|
||||
f, err := info.Info()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if (f.Mode() & notRegularFileMode) == 0 {
|
||||
size += f.Size()
|
||||
}
|
||||
return err
|
||||
})
|
||||
return size, err
|
||||
}
|
||||
|
||||
// UpdateRepoSize updates the repository size, calculating it using getDirectorySize
|
||||
func UpdateRepoSize(ctx context.Context, repo *repo_model.Repository) error {
|
||||
size, err := util.GetDirectorySize(repo.RepoPath())
|
||||
size, err := getDirectorySize(repo.RepoPath())
|
||||
if err != nil {
|
||||
return fmt.Errorf("updateSize: %w", err)
|
||||
}
|
||||
|
|
|
@ -168,3 +168,13 @@ func TestUpdateRepositoryVisibilityChanged(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
assert.True(t, act.IsPrivate)
|
||||
}
|
||||
|
||||
func TestGetDirectorySize(t *testing.T) {
|
||||
assert.NoError(t, unittest.PrepareTestDatabase())
|
||||
repo, err := repo_model.GetRepositoryByID(db.DefaultContext, 1)
|
||||
assert.NoError(t, err)
|
||||
|
||||
size, err := getDirectorySize(repo.RepoPath())
|
||||
assert.NoError(t, err)
|
||||
assert.EqualValues(t, size, repo.Size)
|
||||
}
|
||||
|
|
|
@ -173,12 +173,12 @@ func generateRepoCommit(ctx context.Context, repo, templateRepo, generateRepo *r
|
|||
// Avoid walking tree if there are no globs
|
||||
if len(gt.Globs()) > 0 {
|
||||
tmpDirSlash := strings.TrimSuffix(filepath.ToSlash(tmpDir), "/") + "/"
|
||||
if err := filepath.Walk(tmpDirSlash, func(path string, info os.FileInfo, walkErr error) error {
|
||||
if err := filepath.WalkDir(tmpDirSlash, func(path string, d os.DirEntry, walkErr error) error {
|
||||
if walkErr != nil {
|
||||
return walkErr
|
||||
}
|
||||
|
||||
if info.IsDir() {
|
||||
if d.IsDir() {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -170,7 +170,7 @@ func LoadRepoConfig() {
|
|||
}
|
||||
|
||||
for _, f := range customFiles {
|
||||
if !util.IsStringInSlice(f, files, true) {
|
||||
if !util.SliceContainsString(files, f, true) {
|
||||
files = append(files, f)
|
||||
}
|
||||
}
|
||||
|
@ -200,12 +200,12 @@ func LoadRepoConfig() {
|
|||
// Filter out invalid names and promote preferred licenses.
|
||||
sortedLicenses := make([]string, 0, len(Licenses))
|
||||
for _, name := range setting.Repository.PreferredLicenses {
|
||||
if util.IsStringInSlice(name, Licenses, true) {
|
||||
if util.SliceContainsString(Licenses, name, true) {
|
||||
sortedLicenses = append(sortedLicenses, name)
|
||||
}
|
||||
}
|
||||
for _, name := range Licenses {
|
||||
if !util.IsStringInSlice(name, setting.Repository.PreferredLicenses, true) {
|
||||
if !util.SliceContainsString(setting.Repository.PreferredLicenses, name, true) {
|
||||
sortedLicenses = append(sortedLicenses, name)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,73 @@
|
|||
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package setting
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/mail"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
)
|
||||
|
||||
var IncomingEmail = struct {
|
||||
Enabled bool
|
||||
ReplyToAddress string
|
||||
TokenPlaceholder string `ini:"-"`
|
||||
Host string
|
||||
Port int
|
||||
UseTLS bool `ini:"USE_TLS"`
|
||||
SkipTLSVerify bool `ini:"SKIP_TLS_VERIFY"`
|
||||
Username string
|
||||
Password string
|
||||
Mailbox string
|
||||
DeleteHandledMessage bool
|
||||
MaximumMessageSize uint32
|
||||
}{
|
||||
Mailbox: "INBOX",
|
||||
DeleteHandledMessage: true,
|
||||
TokenPlaceholder: "%{token}",
|
||||
MaximumMessageSize: 10485760,
|
||||
}
|
||||
|
||||
func newIncomingEmail() {
|
||||
if err := Cfg.Section("email.incoming").MapTo(&IncomingEmail); err != nil {
|
||||
log.Fatal("Unable to map [email.incoming] section on to IncomingEmail. Error: %v", err)
|
||||
}
|
||||
|
||||
if !IncomingEmail.Enabled {
|
||||
return
|
||||
}
|
||||
|
||||
if err := checkReplyToAddress(IncomingEmail.ReplyToAddress); err != nil {
|
||||
log.Fatal("Invalid incoming_mail.REPLY_TO_ADDRESS (%s): %v", IncomingEmail.ReplyToAddress, err)
|
||||
}
|
||||
}
|
||||
|
||||
func checkReplyToAddress(address string) error {
|
||||
parsed, err := mail.ParseAddress(IncomingEmail.ReplyToAddress)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if parsed.Name != "" {
|
||||
return fmt.Errorf("name must not be set")
|
||||
}
|
||||
|
||||
c := strings.Count(IncomingEmail.ReplyToAddress, IncomingEmail.TokenPlaceholder)
|
||||
switch c {
|
||||
case 0:
|
||||
return fmt.Errorf("%s must appear in the user part of the address (before the @)", IncomingEmail.TokenPlaceholder)
|
||||
case 1:
|
||||
default:
|
||||
return fmt.Errorf("%s must appear only once", IncomingEmail.TokenPlaceholder)
|
||||
}
|
||||
|
||||
parts := strings.Split(IncomingEmail.ReplyToAddress, "@")
|
||||
if !strings.Contains(parts[0], IncomingEmail.TokenPlaceholder) {
|
||||
return fmt.Errorf("%s must appear in the user part of the address (before the @)", IncomingEmail.TokenPlaceholder)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -12,6 +12,7 @@ import (
|
|||
"code.gitea.io/gitea/modules/log"
|
||||
|
||||
shellquote "github.com/kballard/go-shellquote"
|
||||
ini "gopkg.in/ini.v1"
|
||||
)
|
||||
|
||||
// Mailer represents mail service.
|
||||
|
@ -49,8 +50,8 @@ type Mailer struct {
|
|||
// MailService the global mailer
|
||||
var MailService *Mailer
|
||||
|
||||
func newMailService() {
|
||||
sec := Cfg.Section("mailer")
|
||||
func parseMailerConfig(rootCfg *ini.File) {
|
||||
sec := rootCfg.Section("mailer")
|
||||
// Check mailer setting.
|
||||
if !sec.Key("ENABLED").MustBool() {
|
||||
return
|
||||
|
@ -70,9 +71,14 @@ func newMailService() {
|
|||
if sec.HasKey("HOST") && !sec.HasKey("SMTP_ADDR") {
|
||||
givenHost := sec.Key("HOST").String()
|
||||
addr, port, err := net.SplitHostPort(givenHost)
|
||||
if err != nil {
|
||||
if err != nil && strings.Contains(err.Error(), "missing port in address") {
|
||||
addr = givenHost
|
||||
} else if err != nil {
|
||||
log.Fatal("Invalid mailer.HOST (%s): %v", givenHost, err)
|
||||
}
|
||||
if addr == "" {
|
||||
addr = "127.0.0.1"
|
||||
}
|
||||
sec.Key("SMTP_ADDR").MustString(addr)
|
||||
sec.Key("SMTP_PORT").MustString(port)
|
||||
}
|
||||
|
@ -172,6 +178,9 @@ func newMailService() {
|
|||
default:
|
||||
log.Error("unable to infer unspecified mailer.PROTOCOL from mailer.SMTP_PORT = %q, assume using smtps", MailService.SMTPPort)
|
||||
MailService.Protocol = "smtps"
|
||||
if MailService.SMTPPort == "" {
|
||||
MailService.SMTPPort = "465"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
// Copyright 2022 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package setting
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
ini "gopkg.in/ini.v1"
|
||||
)
|
||||
|
||||
func TestParseMailerConfig(t *testing.T) {
|
||||
iniFile := ini.Empty()
|
||||
kases := map[string]*Mailer{
|
||||
"smtp.mydomain.com": {
|
||||
SMTPAddr: "smtp.mydomain.com",
|
||||
SMTPPort: "465",
|
||||
},
|
||||
"smtp.mydomain.com:123": {
|
||||
SMTPAddr: "smtp.mydomain.com",
|
||||
SMTPPort: "123",
|
||||
},
|
||||
":123": {
|
||||
SMTPAddr: "127.0.0.1",
|
||||
SMTPPort: "123",
|
||||
},
|
||||
}
|
||||
for host, kase := range kases {
|
||||
t.Run(host, func(t *testing.T) {
|
||||
iniFile.DeleteSection("mailer")
|
||||
sec := iniFile.Section("mailer")
|
||||
sec.NewKey("ENABLED", "true")
|
||||
sec.NewKey("HOST", host)
|
||||
|
||||
// Check mailer setting
|
||||
parseMailerConfig(iniFile)
|
||||
|
||||
assert.EqualValues(t, kase.SMTPAddr, MailService.SMTPAddr)
|
||||
assert.EqualValues(t, kase.SMTPPort, MailService.SMTPPort)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -1340,7 +1340,8 @@ func NewServices() {
|
|||
newCacheService()
|
||||
newSessionService()
|
||||
newCORSService()
|
||||
newMailService()
|
||||
parseMailerConfig(Cfg)
|
||||
newIncomingEmail()
|
||||
newRegisterMailService()
|
||||
newNotifyMailService()
|
||||
newProxyService()
|
||||
|
@ -1357,5 +1358,5 @@ func NewServices() {
|
|||
// NewServicesForInstall initializes the services for install
|
||||
func NewServicesForInstall() {
|
||||
newService()
|
||||
newMailService()
|
||||
parseMailerConfig(Cfg)
|
||||
}
|
||||
|
|
|
@ -129,7 +129,7 @@ func (l *LocalStorage) URL(path, name string) (*url.URL, error) {
|
|||
|
||||
// IterateObjects iterates across the objects in the local storage
|
||||
func (l *LocalStorage) IterateObjects(fn func(path string, obj Object) error) error {
|
||||
return filepath.Walk(l.dir, func(path string, info os.FileInfo, err error) error {
|
||||
return filepath.WalkDir(l.dir, func(path string, d os.DirEntry, err error) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -141,7 +141,7 @@ func (l *LocalStorage) IterateObjects(fn func(path string, obj Object) error) er
|
|||
if path == l.dir {
|
||||
return nil
|
||||
}
|
||||
if info.IsDir() {
|
||||
if d.IsDir() {
|
||||
return nil
|
||||
}
|
||||
relPath, err := filepath.Rel(l.dir, path)
|
||||
|
|
|
@ -22,7 +22,9 @@ type Branch struct {
|
|||
|
||||
// BranchProtection represents a branch protection for a repository
|
||||
type BranchProtection struct {
|
||||
// Deprecated: true
|
||||
BranchName string `json:"branch_name"`
|
||||
RuleName string `json:"rule_name"`
|
||||
EnablePush bool `json:"enable_push"`
|
||||
EnablePushWhitelist bool `json:"enable_push_whitelist"`
|
||||
PushWhitelistUsernames []string `json:"push_whitelist_usernames"`
|
||||
|
@ -52,7 +54,9 @@ type BranchProtection struct {
|
|||
|
||||
// CreateBranchProtectionOption options for creating a branch protection
|
||||
type CreateBranchProtectionOption struct {
|
||||
// Deprecated: true
|
||||
BranchName string `json:"branch_name"`
|
||||
RuleName string `json:"rule_name"`
|
||||
EnablePush bool `json:"enable_push"`
|
||||
EnablePushWhitelist bool `json:"enable_push_whitelist"`
|
||||
PushWhitelistUsernames []string `json:"push_whitelist_usernames"`
|
||||
|
|
|
@ -1,92 +0,0 @@
|
|||
// Copyright 2017 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package util
|
||||
|
||||
import (
|
||||
"sort"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// Int64Slice attaches the methods of Interface to []int64, sorting in increasing order.
|
||||
type Int64Slice []int64
|
||||
|
||||
func (p Int64Slice) Len() int { return len(p) }
|
||||
func (p Int64Slice) Less(i, j int) bool { return p[i] < p[j] }
|
||||
func (p Int64Slice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
|
||||
|
||||
// IsSliceInt64Eq returns if the two slice has the same elements but different sequences.
|
||||
func IsSliceInt64Eq(a, b []int64) bool {
|
||||
if len(a) != len(b) {
|
||||
return false
|
||||
}
|
||||
sort.Sort(Int64Slice(a))
|
||||
sort.Sort(Int64Slice(b))
|
||||
for i := 0; i < len(a); i++ {
|
||||
if a[i] != b[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// ExistsInSlice returns true if string exists in slice.
|
||||
func ExistsInSlice(target string, slice []string) bool {
|
||||
i := sort.Search(len(slice),
|
||||
func(i int) bool { return slice[i] == target })
|
||||
return i < len(slice)
|
||||
}
|
||||
|
||||
// IsStringInSlice sequential searches if string exists in slice.
|
||||
func IsStringInSlice(target string, slice []string, insensitive ...bool) bool {
|
||||
caseInsensitive := false
|
||||
if len(insensitive) != 0 && insensitive[0] {
|
||||
caseInsensitive = true
|
||||
target = strings.ToLower(target)
|
||||
}
|
||||
|
||||
for i := 0; i < len(slice); i++ {
|
||||
if caseInsensitive {
|
||||
if strings.ToLower(slice[i]) == target {
|
||||
return true
|
||||
}
|
||||
} else {
|
||||
if slice[i] == target {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// IsInt64InSlice sequential searches if int64 exists in slice.
|
||||
func IsInt64InSlice(target int64, slice []int64) bool {
|
||||
for i := 0; i < len(slice); i++ {
|
||||
if slice[i] == target {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// IsEqualSlice returns true if slices are equal.
|
||||
func IsEqualSlice(target, source []string) bool {
|
||||
if len(target) != len(source) {
|
||||
return false
|
||||
}
|
||||
|
||||
if (target == nil) != (source == nil) {
|
||||
return false
|
||||
}
|
||||
|
||||
sort.Strings(target)
|
||||
sort.Strings(source)
|
||||
|
||||
for i, v := range target {
|
||||
if v != source[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package util
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/gob"
|
||||
)
|
||||
|
||||
// PackData uses gob to encode the given data in sequence
|
||||
func PackData(data ...interface{}) ([]byte, error) {
|
||||
var buf bytes.Buffer
|
||||
enc := gob.NewEncoder(&buf)
|
||||
for _, datum := range data {
|
||||
if err := enc.Encode(datum); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return buf.Bytes(), nil
|
||||
}
|
||||
|
||||
// UnpackData uses gob to decode the given data in sequence
|
||||
func UnpackData(buf []byte, data ...interface{}) error {
|
||||
r := bytes.NewReader(buf)
|
||||
enc := gob.NewDecoder(r)
|
||||
for _, datum := range data {
|
||||
if err := enc.Decode(datum); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,28 @@
|
|||
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package util
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestPackAndUnpackData(t *testing.T) {
|
||||
s := "string"
|
||||
i := int64(4)
|
||||
f := float32(4.1)
|
||||
|
||||
var s2 string
|
||||
var i2 int64
|
||||
var f2 float32
|
||||
|
||||
data, err := PackData(s, i, f)
|
||||
assert.NoError(t, err)
|
||||
|
||||
assert.NoError(t, UnpackData(data, &s2, &i2, &f2))
|
||||
assert.NoError(t, UnpackData(data, &s2))
|
||||
assert.Error(t, UnpackData(data, &i2))
|
||||
assert.Error(t, UnpackData(data, &s2, &f2))
|
||||
}
|
|
@ -22,20 +22,6 @@ func EnsureAbsolutePath(path, absoluteBase string) string {
|
|||
return filepath.Join(absoluteBase, path)
|
||||
}
|
||||
|
||||
const notRegularFileMode os.FileMode = os.ModeSymlink | os.ModeNamedPipe | os.ModeSocket | os.ModeDevice | os.ModeCharDevice | os.ModeIrregular
|
||||
|
||||
// GetDirectorySize returns the disk consumption for a given path
|
||||
func GetDirectorySize(path string) (int64, error) {
|
||||
var size int64
|
||||
err := filepath.Walk(path, func(_ string, info os.FileInfo, err error) error {
|
||||
if info != nil && (info.Mode()¬RegularFileMode) == 0 {
|
||||
size += info.Size()
|
||||
}
|
||||
return err
|
||||
})
|
||||
return size, err
|
||||
}
|
||||
|
||||
// IsDir returns true if given path is a directory,
|
||||
// or returns false when it's a file or does not exist.
|
||||
func IsDir(dir string) (bool, error) {
|
||||
|
|
|
@ -1,17 +1,90 @@
|
|||
// Copyright 2022 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
// Most of the functions in this file can have better implementations with "golang.org/x/exp/slices".
|
||||
// However, "golang.org/x/exp" is experimental and unreliable, we shouldn't use it.
|
||||
// So lets waiting for the "slices" has be promoted to the main repository one day.
|
||||
|
||||
package util
|
||||
|
||||
// RemoveIDFromList removes the given ID from the slice, if found.
|
||||
// It does not preserve order, and assumes the ID is unique.
|
||||
func RemoveIDFromList(list []int64, id int64) ([]int64, bool) {
|
||||
n := len(list) - 1
|
||||
for i, item := range list {
|
||||
if item == id {
|
||||
list[i] = list[n]
|
||||
return list[:n], true
|
||||
import "strings"
|
||||
|
||||
// SliceContains returns true if the target exists in the slice.
|
||||
func SliceContains[T comparable](slice []T, target T) bool {
|
||||
return SliceContainsFunc(slice, func(t T) bool { return t == target })
|
||||
}
|
||||
|
||||
// SliceContainsFunc returns true if any element in the slice satisfies the targetFunc.
|
||||
func SliceContainsFunc[T any](slice []T, targetFunc func(T) bool) bool {
|
||||
for _, v := range slice {
|
||||
if targetFunc(v) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return list, false
|
||||
return false
|
||||
}
|
||||
|
||||
// SliceContainsString sequential searches if string exists in slice.
|
||||
func SliceContainsString(slice []string, target string, insensitive ...bool) bool {
|
||||
if len(insensitive) != 0 && insensitive[0] {
|
||||
target = strings.ToLower(target)
|
||||
return SliceContainsFunc(slice, func(t string) bool { return strings.ToLower(t) == target })
|
||||
}
|
||||
|
||||
return SliceContains(slice, target)
|
||||
}
|
||||
|
||||
// SliceSortedEqual returns true if the two slices will be equal when they get sorted.
|
||||
// It doesn't require that the slices have been sorted, and it doesn't sort them either.
|
||||
func SliceSortedEqual[T comparable](s1, s2 []T) bool {
|
||||
if len(s1) != len(s2) {
|
||||
return false
|
||||
}
|
||||
|
||||
counts := make(map[T]int, len(s1))
|
||||
for _, v := range s1 {
|
||||
counts[v]++
|
||||
}
|
||||
for _, v := range s2 {
|
||||
counts[v]--
|
||||
}
|
||||
|
||||
for _, v := range counts {
|
||||
if v != 0 {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// SliceEqual returns true if the two slices are equal.
|
||||
func SliceEqual[T comparable](s1, s2 []T) bool {
|
||||
if len(s1) != len(s2) {
|
||||
return false
|
||||
}
|
||||
|
||||
for i, v := range s1 {
|
||||
if s2[i] != v {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// SliceRemoveAll removes all the target elements from the slice.
|
||||
func SliceRemoveAll[T comparable](slice []T, target T) []T {
|
||||
return SliceRemoveAllFunc(slice, func(t T) bool { return t == target })
|
||||
}
|
||||
|
||||
// SliceRemoveAllFunc removes all elements which satisfy the targetFunc from the slice.
|
||||
func SliceRemoveAllFunc[T comparable](slice []T, targetFunc func(T) bool) []T {
|
||||
idx := 0
|
||||
for _, v := range slice {
|
||||
if targetFunc(v) {
|
||||
continue
|
||||
}
|
||||
slice[idx] = v
|
||||
idx++
|
||||
}
|
||||
return slice[:idx]
|
||||
}
|
||||
|
|
|
@ -0,0 +1,88 @@
|
|||
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package util
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestSliceContains(t *testing.T) {
|
||||
assert.True(t, SliceContains([]int{2, 0, 2, 3}, 2))
|
||||
assert.True(t, SliceContains([]int{2, 0, 2, 3}, 0))
|
||||
assert.True(t, SliceContains([]int{2, 0, 2, 3}, 3))
|
||||
|
||||
assert.True(t, SliceContains([]string{"2", "0", "2", "3"}, "0"))
|
||||
assert.True(t, SliceContains([]float64{2, 0, 2, 3}, 0))
|
||||
assert.True(t, SliceContains([]bool{false, true, false}, true))
|
||||
|
||||
assert.False(t, SliceContains([]int{2, 0, 2, 3}, 4))
|
||||
assert.False(t, SliceContains([]int{}, 4))
|
||||
assert.False(t, SliceContains(nil, 4))
|
||||
}
|
||||
|
||||
func TestSliceContainsString(t *testing.T) {
|
||||
assert.True(t, SliceContainsString([]string{"c", "b", "a", "b"}, "a"))
|
||||
assert.True(t, SliceContainsString([]string{"c", "b", "a", "b"}, "b"))
|
||||
assert.True(t, SliceContainsString([]string{"c", "b", "a", "b"}, "A", true))
|
||||
assert.True(t, SliceContainsString([]string{"C", "B", "A", "B"}, "a", true))
|
||||
|
||||
assert.False(t, SliceContainsString([]string{"c", "b", "a", "b"}, "z"))
|
||||
assert.False(t, SliceContainsString([]string{"c", "b", "a", "b"}, "A"))
|
||||
assert.False(t, SliceContainsString([]string{}, "a"))
|
||||
assert.False(t, SliceContainsString(nil, "a"))
|
||||
}
|
||||
|
||||
func TestSliceSortedEqual(t *testing.T) {
|
||||
assert.True(t, SliceSortedEqual([]int{2, 0, 2, 3}, []int{2, 0, 2, 3}))
|
||||
assert.True(t, SliceSortedEqual([]int{3, 0, 2, 2}, []int{2, 0, 2, 3}))
|
||||
assert.True(t, SliceSortedEqual([]int{}, []int{}))
|
||||
assert.True(t, SliceSortedEqual([]int(nil), nil))
|
||||
assert.True(t, SliceSortedEqual([]int(nil), []int{}))
|
||||
assert.True(t, SliceSortedEqual([]int{}, []int{}))
|
||||
|
||||
assert.True(t, SliceSortedEqual([]string{"2", "0", "2", "3"}, []string{"2", "0", "2", "3"}))
|
||||
assert.True(t, SliceSortedEqual([]float64{2, 0, 2, 3}, []float64{2, 0, 2, 3}))
|
||||
assert.True(t, SliceSortedEqual([]bool{false, true, false}, []bool{false, true, false}))
|
||||
|
||||
assert.False(t, SliceSortedEqual([]int{2, 0, 2}, []int{2, 0, 2, 3}))
|
||||
assert.False(t, SliceSortedEqual([]int{}, []int{2, 0, 2, 3}))
|
||||
assert.False(t, SliceSortedEqual(nil, []int{2, 0, 2, 3}))
|
||||
assert.False(t, SliceSortedEqual([]int{2, 0, 2, 4}, []int{2, 0, 2, 3}))
|
||||
assert.False(t, SliceSortedEqual([]int{2, 0, 0, 3}, []int{2, 0, 2, 3}))
|
||||
}
|
||||
|
||||
func TestSliceEqual(t *testing.T) {
|
||||
assert.True(t, SliceEqual([]int{2, 0, 2, 3}, []int{2, 0, 2, 3}))
|
||||
assert.True(t, SliceEqual([]int{}, []int{}))
|
||||
assert.True(t, SliceEqual([]int(nil), nil))
|
||||
assert.True(t, SliceEqual([]int(nil), []int{}))
|
||||
assert.True(t, SliceEqual([]int{}, []int{}))
|
||||
|
||||
assert.True(t, SliceEqual([]string{"2", "0", "2", "3"}, []string{"2", "0", "2", "3"}))
|
||||
assert.True(t, SliceEqual([]float64{2, 0, 2, 3}, []float64{2, 0, 2, 3}))
|
||||
assert.True(t, SliceEqual([]bool{false, true, false}, []bool{false, true, false}))
|
||||
|
||||
assert.False(t, SliceEqual([]int{3, 0, 2, 2}, []int{2, 0, 2, 3}))
|
||||
assert.False(t, SliceEqual([]int{2, 0, 2}, []int{2, 0, 2, 3}))
|
||||
assert.False(t, SliceEqual([]int{}, []int{2, 0, 2, 3}))
|
||||
assert.False(t, SliceEqual(nil, []int{2, 0, 2, 3}))
|
||||
assert.False(t, SliceEqual([]int{2, 0, 2, 4}, []int{2, 0, 2, 3}))
|
||||
assert.False(t, SliceEqual([]int{2, 0, 0, 3}, []int{2, 0, 2, 3}))
|
||||
}
|
||||
|
||||
func TestSliceRemoveAll(t *testing.T) {
|
||||
assert.Equal(t, SliceRemoveAll([]int{2, 0, 2, 3}, 0), []int{2, 2, 3})
|
||||
assert.Equal(t, SliceRemoveAll([]int{2, 0, 2, 3}, 2), []int{0, 3})
|
||||
assert.Equal(t, SliceRemoveAll([]int{0, 0, 0, 0}, 0), []int{})
|
||||
assert.Equal(t, SliceRemoveAll([]int{2, 0, 2, 3}, 4), []int{2, 0, 2, 3})
|
||||
assert.Equal(t, SliceRemoveAll([]int{}, 0), []int{})
|
||||
assert.Equal(t, SliceRemoveAll([]int(nil), 0), []int(nil))
|
||||
assert.Equal(t, SliceRemoveAll([]int{}, 0), []int{})
|
||||
|
||||
assert.Equal(t, SliceRemoveAll([]string{"2", "0", "2", "3"}, "0"), []string{"2", "2", "3"})
|
||||
assert.Equal(t, SliceRemoveAll([]float64{2, 0, 2, 3}, 0), []float64{2, 2, 3})
|
||||
assert.Equal(t, SliceRemoveAll([]bool{false, true, false}, true), []bool{false, false})
|
||||
}
|
|
@ -365,6 +365,7 @@ password_pwned_err = Could not complete request to HaveIBeenPwned
|
|||
|
||||
[mail]
|
||||
view_it_on = View it on %s
|
||||
reply = or reply to this email directly
|
||||
link_not_working_do_paste = Not working? Try copying and pasting it to your browser.
|
||||
hi_user_x = Hi <b>%s</b>,
|
||||
|
||||
|
@ -1379,7 +1380,7 @@ issues.label_title = Label name
|
|||
issues.label_description = Label description
|
||||
issues.label_color = Label color
|
||||
issues.label_count = %d labels
|
||||
issues.label_open_issues = %d open issues
|
||||
issues.label_open_issues = %d open issues/pull requests
|
||||
issues.label_edit = Edit
|
||||
issues.label_delete = Delete
|
||||
issues.label_modify = Edit Label
|
||||
|
@ -1824,6 +1825,7 @@ settings.mirror_sync_in_progress = Mirror synchronization is in progress. Check
|
|||
settings.site = Website
|
||||
settings.update_settings = Update Settings
|
||||
settings.branches.update_default_branch = Update Default Branch
|
||||
settings.branches.add_new_rule = Add New Rule
|
||||
settings.advanced_settings = Advanced Settings
|
||||
settings.wiki_desc = Enable Repository Wiki
|
||||
settings.use_internal_wiki = Use Built-In Wiki
|
||||
|
@ -2069,6 +2071,8 @@ settings.deploy_key_deletion_desc = Removing a deploy key will revoke its access
|
|||
settings.deploy_key_deletion_success = The deploy key has been removed.
|
||||
settings.branches = Branches
|
||||
settings.protected_branch = Branch Protection
|
||||
settings.protected_branch.save_rule = Save Rule
|
||||
settings.protected_branch.delete_rule = Delete Rule
|
||||
settings.protected_branch_can_push = Allow push?
|
||||
settings.protected_branch_can_push_yes = You can push
|
||||
settings.protected_branch_can_push_no = You cannot push
|
||||
|
@ -2103,15 +2107,17 @@ settings.dismiss_stale_approvals = Dismiss stale approvals
|
|||
settings.dismiss_stale_approvals_desc = When new commits that change the content of the pull request are pushed to the branch, old approvals will be dismissed.
|
||||
settings.require_signed_commits = Require Signed Commits
|
||||
settings.require_signed_commits_desc = Reject pushes to this branch if they are unsigned or unverifiable.
|
||||
settings.protect_branch_name_pattern = Protected Branch Name Pattern
|
||||
settings.protect_protected_file_patterns = Protected file patterns (separated using semicolon '\;'):
|
||||
settings.protect_protected_file_patterns_desc = Protected files that are not allowed to be changed directly even if user has rights to add, edit, or delete files in this branch. Multiple patterns can be separated using semicolon ('\;'). See <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> documentation for pattern syntax. Examples: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
|
||||
settings.protect_unprotected_file_patterns = Unprotected file patterns (separated using semicolon '\;'):
|
||||
settings.protect_unprotected_file_patterns_desc = Unprotected files that are allowed to be changed directly if user has write access, bypassing push restriction. Multiple patterns can be separated using semicolon ('\;'). See <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> documentation for pattern syntax. Examples: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
|
||||
settings.add_protected_branch = Enable protection
|
||||
settings.delete_protected_branch = Disable protection
|
||||
settings.update_protect_branch_success = Branch protection for branch '%s' has been updated.
|
||||
settings.remove_protected_branch_success = Branch protection for branch '%s' has been disabled.
|
||||
settings.protected_branch_deletion = Disable Branch Protection
|
||||
settings.update_protect_branch_success = Branch protection for rule '%s' has been updated.
|
||||
settings.remove_protected_branch_success = Branch protection for rule '%s' has been removed.
|
||||
settings.remove_protected_branch_failed = Removing branch protection rule '%s' failed.
|
||||
settings.protected_branch_deletion = Delete Branch Protection
|
||||
settings.protected_branch_deletion_desc = Disabling branch protection allows users with write permission to push to the branch. Continue?
|
||||
settings.block_rejected_reviews = Block merge on rejected reviews
|
||||
settings.block_rejected_reviews_desc = Merging will not be possible when changes are requested by official reviewers, even if there are enough approvals.
|
||||
|
@ -2124,6 +2130,7 @@ settings.default_merge_style_desc = Default merge style for pull requests:
|
|||
settings.choose_branch = Choose a branch…
|
||||
settings.no_protected_branch = There are no protected branches.
|
||||
settings.edit_protected_branch = Edit
|
||||
settings.protected_branch_required_rule_name = Required rule name
|
||||
settings.protected_branch_required_approvals_min = Required approvals cannot be negative.
|
||||
settings.tags = Tags
|
||||
settings.tags.protection = Tag Protection
|
||||
|
@ -2548,6 +2555,7 @@ dashboard.delete_old_actions = Delete all old actions from database
|
|||
dashboard.delete_old_actions.started = Delete all old actions from database started.
|
||||
dashboard.update_checker = Update checker
|
||||
dashboard.delete_old_system_notices = Delete all old system notices from database
|
||||
dashboard.gc_lfs = Garbage collect LFS meta objects
|
||||
|
||||
users.user_manage_panel = User Account Management
|
||||
users.new_account = Create User Account
|
||||
|
|
|
@ -33,6 +33,60 @@ func saveAsPackageBlob(hsr packages_module.HashedSizeReader, pi *packages_servic
|
|||
|
||||
contentStore := packages_module.NewContentStore()
|
||||
|
||||
uploadVersion, err := getOrCreateUploadVersion(pi)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = db.WithTx(db.DefaultContext, func(ctx context.Context) error {
|
||||
pb, exists, err = packages_model.GetOrInsertBlob(ctx, pb)
|
||||
if err != nil {
|
||||
log.Error("Error inserting package blob: %v", err)
|
||||
return err
|
||||
}
|
||||
// FIXME: Workaround to be removed in v1.20
|
||||
// https://github.com/go-gitea/gitea/issues/19586
|
||||
if exists {
|
||||
err = contentStore.Has(packages_module.BlobHash256Key(pb.HashSHA256))
|
||||
if err != nil && (errors.Is(err, util.ErrNotExist) || errors.Is(err, os.ErrNotExist)) {
|
||||
log.Debug("Package registry inconsistent: blob %s does not exist on file system", pb.HashSHA256)
|
||||
exists = false
|
||||
}
|
||||
}
|
||||
if !exists {
|
||||
if err := contentStore.Save(packages_module.BlobHash256Key(pb.HashSHA256), hsr, hsr.Size()); err != nil {
|
||||
log.Error("Error saving package blob in content store: %v", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return createFileForBlob(ctx, uploadVersion, pb)
|
||||
})
|
||||
if err != nil {
|
||||
if !exists {
|
||||
if err := contentStore.Delete(packages_module.BlobHash256Key(pb.HashSHA256)); err != nil {
|
||||
log.Error("Error deleting package blob from content store: %v", err)
|
||||
}
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return pb, nil
|
||||
}
|
||||
|
||||
// mountBlob mounts the specific blob to a different package
|
||||
func mountBlob(pi *packages_service.PackageInfo, pb *packages_model.PackageBlob) error {
|
||||
uploadVersion, err := getOrCreateUploadVersion(pi)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
|
||||
return createFileForBlob(ctx, uploadVersion, pb)
|
||||
})
|
||||
}
|
||||
|
||||
func getOrCreateUploadVersion(pi *packages_service.PackageInfo) (*packages_model.PackageVersion, error) {
|
||||
var uploadVersion *packages_model.PackageVersion
|
||||
|
||||
// FIXME: Replace usage of mutex with database transaction
|
||||
|
@ -83,66 +137,35 @@ func saveAsPackageBlob(hsr packages_module.HashedSizeReader, pi *packages_servic
|
|||
return nil
|
||||
})
|
||||
uploadVersionMutex.Unlock()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
return uploadVersion, err
|
||||
}
|
||||
|
||||
func createFileForBlob(ctx context.Context, pv *packages_model.PackageVersion, pb *packages_model.PackageBlob) error {
|
||||
filename := strings.ToLower(fmt.Sprintf("sha256_%s", pb.HashSHA256))
|
||||
|
||||
pf := &packages_model.PackageFile{
|
||||
VersionID: pv.ID,
|
||||
BlobID: pb.ID,
|
||||
Name: filename,
|
||||
LowerName: filename,
|
||||
CompositeKey: packages_model.EmptyFileKey,
|
||||
}
|
||||
var err error
|
||||
if pf, err = packages_model.TryInsertFile(ctx, pf); err != nil {
|
||||
if err == packages_model.ErrDuplicatePackageFile {
|
||||
return nil
|
||||
}
|
||||
log.Error("Error inserting package file: %v", err)
|
||||
return err
|
||||
}
|
||||
|
||||
err = db.WithTx(db.DefaultContext, func(ctx context.Context) error {
|
||||
pb, exists, err = packages_model.GetOrInsertBlob(ctx, pb)
|
||||
if err != nil {
|
||||
log.Error("Error inserting package blob: %v", err)
|
||||
return err
|
||||
}
|
||||
// FIXME: Workaround to be removed in v1.20
|
||||
// https://github.com/go-gitea/gitea/issues/19586
|
||||
if exists {
|
||||
err = contentStore.Has(packages_module.BlobHash256Key(pb.HashSHA256))
|
||||
if err != nil && (errors.Is(err, util.ErrNotExist) || errors.Is(err, os.ErrNotExist)) {
|
||||
log.Debug("Package registry inconsistent: blob %s does not exist on file system", pb.HashSHA256)
|
||||
exists = false
|
||||
}
|
||||
}
|
||||
if !exists {
|
||||
if err := contentStore.Save(packages_module.BlobHash256Key(pb.HashSHA256), hsr, hsr.Size()); err != nil {
|
||||
log.Error("Error saving package blob in content store: %v", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
filename := strings.ToLower(fmt.Sprintf("sha256_%s", pb.HashSHA256))
|
||||
|
||||
pf := &packages_model.PackageFile{
|
||||
VersionID: uploadVersion.ID,
|
||||
BlobID: pb.ID,
|
||||
Name: filename,
|
||||
LowerName: filename,
|
||||
CompositeKey: packages_model.EmptyFileKey,
|
||||
}
|
||||
if pf, err = packages_model.TryInsertFile(ctx, pf); err != nil {
|
||||
if err == packages_model.ErrDuplicatePackageFile {
|
||||
return nil
|
||||
}
|
||||
log.Error("Error inserting package file: %v", err)
|
||||
return err
|
||||
}
|
||||
|
||||
if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypeFile, pf.ID, container_module.PropertyDigest, digestFromPackageBlob(pb)); err != nil {
|
||||
log.Error("Error setting package file property: %v", err)
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
if !exists {
|
||||
if err := contentStore.Delete(packages_module.BlobHash256Key(pb.HashSHA256)); err != nil {
|
||||
log.Error("Error deleting package blob from content store: %v", err)
|
||||
}
|
||||
}
|
||||
return nil, err
|
||||
if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypeFile, pf.ID, container_module.PropertyDigest, digestFromPackageBlob(pb)); err != nil {
|
||||
log.Error("Error setting package file property: %v", err)
|
||||
return err
|
||||
}
|
||||
|
||||
return pb, nil
|
||||
return nil
|
||||
}
|
||||
|
||||
func deleteBlob(ownerID int64, image, digest string) error {
|
||||
|
|
|
@ -195,10 +195,15 @@ func InitiateUploadBlob(ctx *context.Context) {
|
|||
from := ctx.FormTrim("from")
|
||||
if mount != "" {
|
||||
blob, _ := workaroundGetContainerBlob(ctx, &container_model.BlobSearchOptions{
|
||||
Image: from,
|
||||
Digest: mount,
|
||||
Repository: from,
|
||||
Digest: mount,
|
||||
})
|
||||
if blob != nil {
|
||||
if err := mountBlob(&packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}, blob.Blob); err != nil {
|
||||
apiError(ctx, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
|
||||
setResponseHeaders(ctx.Resp, &containerHeaders{
|
||||
Location: fmt.Sprintf("/v2/%s/%s/blobs/%s", ctx.Package.Owner.LowerName, image, mount),
|
||||
ContentDigest: mount,
|
||||
|
|
|
@ -1074,7 +1074,7 @@ func Routes(ctx gocontext.Context) *web.Route {
|
|||
m.Get("/blobs/{sha}", repo.GetBlob)
|
||||
m.Get("/tags/{sha}", repo.GetAnnotatedTag)
|
||||
m.Get("/notes/{sha}", repo.GetNote)
|
||||
}, context.ReferencesGitRepo(), reqRepoReader(unit.TypeCode))
|
||||
}, context.ReferencesGitRepo(true), reqRepoReader(unit.TypeCode))
|
||||
m.Post("/diffpatch", reqRepoWriter(unit.TypeCode), reqToken(), bind(api.ApplyDiffPatchFileOptions{}), repo.ApplyDiffPatch)
|
||||
m.Group("/contents", func() {
|
||||
m.Get("", repo.GetContentsList)
|
||||
|
|
|
@ -70,7 +70,7 @@ func GetBranch(ctx *context.APIContext) {
|
|||
return
|
||||
}
|
||||
|
||||
branchProtection, err := git_model.GetProtectedBranchBy(ctx, ctx.Repo.Repository.ID, branchName)
|
||||
branchProtection, err := git_model.GetFirstMatchProtectedBranchRule(ctx, ctx.Repo.Repository.ID, branchName)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetBranchProtection", err)
|
||||
return
|
||||
|
@ -124,7 +124,7 @@ func DeleteBranch(ctx *context.APIContext) {
|
|||
ctx.NotFound(err)
|
||||
case errors.Is(err, repo_service.ErrBranchIsDefault):
|
||||
ctx.Error(http.StatusForbidden, "DefaultBranch", fmt.Errorf("can not delete default branch"))
|
||||
case errors.Is(err, repo_service.ErrBranchIsProtected):
|
||||
case errors.Is(err, git_model.ErrBranchIsProtected):
|
||||
ctx.Error(http.StatusForbidden, "IsProtectedBranch", fmt.Errorf("branch protected"))
|
||||
default:
|
||||
ctx.Error(http.StatusInternalServerError, "DeleteBranch", err)
|
||||
|
@ -206,7 +206,7 @@ func CreateBranch(ctx *context.APIContext) {
|
|||
return
|
||||
}
|
||||
|
||||
branchProtection, err := git_model.GetProtectedBranchBy(ctx, ctx.Repo.Repository.ID, branch.Name)
|
||||
branchProtection, err := git_model.GetFirstMatchProtectedBranchRule(ctx, ctx.Repo.Repository.ID, branch.Name)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetBranchProtection", err)
|
||||
return
|
||||
|
@ -257,6 +257,12 @@ func ListBranches(ctx *context.APIContext) {
|
|||
listOptions := utils.GetListOptions(ctx)
|
||||
|
||||
if !ctx.Repo.Repository.IsEmpty && ctx.Repo.GitRepo != nil {
|
||||
rules, err := git_model.FindRepoProtectedBranchRules(ctx, ctx.Repo.Repository.ID)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "FindMatchedProtectedBranchRules", err)
|
||||
return
|
||||
}
|
||||
|
||||
skip, _ := listOptions.GetStartEnd()
|
||||
branches, total, err := ctx.Repo.GitRepo.GetBranches(skip, listOptions.PageSize)
|
||||
if err != nil {
|
||||
|
@ -276,11 +282,8 @@ func ListBranches(ctx *context.APIContext) {
|
|||
ctx.Error(http.StatusInternalServerError, "GetCommit", err)
|
||||
return
|
||||
}
|
||||
branchProtection, err := git_model.GetProtectedBranchBy(ctx, ctx.Repo.Repository.ID, branches[i].Name)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetProtectedBranchBy", err)
|
||||
return
|
||||
}
|
||||
|
||||
branchProtection := rules.GetFirstMatched(branches[i].Name)
|
||||
apiBranch, err := convert.ToBranch(ctx.Repo.Repository, branches[i], c, branchProtection, ctx.Doer, ctx.Repo.IsAdmin())
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "convert.ToBranch", err)
|
||||
|
@ -328,7 +331,7 @@ func GetBranchProtection(ctx *context.APIContext) {
|
|||
|
||||
repo := ctx.Repo.Repository
|
||||
bpName := ctx.Params(":name")
|
||||
bp, err := git_model.GetProtectedBranchBy(ctx, repo.ID, bpName)
|
||||
bp, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetProtectedBranchByID", err)
|
||||
return
|
||||
|
@ -364,7 +367,7 @@ func ListBranchProtections(ctx *context.APIContext) {
|
|||
// "$ref": "#/responses/BranchProtectionList"
|
||||
|
||||
repo := ctx.Repo.Repository
|
||||
bps, err := git_model.GetProtectedBranches(ctx, repo.ID)
|
||||
bps, err := git_model.FindRepoProtectedBranchRules(ctx, repo.ID)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetProtectedBranches", err)
|
||||
return
|
||||
|
@ -414,13 +417,18 @@ func CreateBranchProtection(ctx *context.APIContext) {
|
|||
form := web.GetForm(ctx).(*api.CreateBranchProtectionOption)
|
||||
repo := ctx.Repo.Repository
|
||||
|
||||
// Currently protection must match an actual branch
|
||||
if !git.IsBranchExist(ctx.Req.Context(), ctx.Repo.Repository.RepoPath(), form.BranchName) {
|
||||
ctx.NotFound()
|
||||
return
|
||||
ruleName := form.RuleName
|
||||
if ruleName == "" {
|
||||
ruleName = form.BranchName //nolint
|
||||
}
|
||||
|
||||
protectBranch, err := git_model.GetProtectedBranchBy(ctx, repo.ID, form.BranchName)
|
||||
isPlainRule := !git_model.IsRuleNameSpecial(ruleName)
|
||||
var isBranchExist bool
|
||||
if isPlainRule {
|
||||
isBranchExist = git.IsBranchExist(ctx.Req.Context(), ctx.Repo.Repository.RepoPath(), ruleName)
|
||||
}
|
||||
|
||||
protectBranch, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, ruleName)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetProtectBranchOfRepoByName", err)
|
||||
return
|
||||
|
@ -494,7 +502,7 @@ func CreateBranchProtection(ctx *context.APIContext) {
|
|||
|
||||
protectBranch = &git_model.ProtectedBranch{
|
||||
RepoID: ctx.Repo.Repository.ID,
|
||||
BranchName: form.BranchName,
|
||||
RuleName: form.RuleName,
|
||||
CanPush: form.EnablePush,
|
||||
EnableWhitelist: form.EnablePush && form.EnablePushWhitelist,
|
||||
EnableMergeWhitelist: form.EnableMergeWhitelist,
|
||||
|
@ -525,13 +533,42 @@ func CreateBranchProtection(ctx *context.APIContext) {
|
|||
return
|
||||
}
|
||||
|
||||
if err = pull_service.CheckPrsForBaseBranch(ctx.Repo.Repository, protectBranch.BranchName); err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "CheckPrsForBaseBranch", err)
|
||||
return
|
||||
if isBranchExist {
|
||||
if err = pull_service.CheckPRsForBaseBranch(ctx.Repo.Repository, form.RuleName); err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "CheckPRsForBaseBranch", err)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if !isPlainRule {
|
||||
if ctx.Repo.GitRepo == nil {
|
||||
ctx.Repo.GitRepo, err = git.OpenRepository(ctx, ctx.Repo.Repository.RepoPath())
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "OpenRepository", err)
|
||||
return
|
||||
}
|
||||
defer func() {
|
||||
ctx.Repo.GitRepo.Close()
|
||||
ctx.Repo.GitRepo = nil
|
||||
}()
|
||||
}
|
||||
// FIXME: since we only need to recheck files protected rules, we could improve this
|
||||
matchedBranches, err := git_model.FindAllMatchedBranches(ctx, ctx.Repo.GitRepo, form.RuleName)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "FindAllMatchedBranches", err)
|
||||
return
|
||||
}
|
||||
|
||||
for _, branchName := range matchedBranches {
|
||||
if err = pull_service.CheckPRsForBaseBranch(ctx.Repo.Repository, branchName); err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "CheckPRsForBaseBranch", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Reload from db to get all whitelists
|
||||
bp, err := git_model.GetProtectedBranchBy(ctx, ctx.Repo.Repository.ID, form.BranchName)
|
||||
bp, err := git_model.GetProtectedBranchRuleByName(ctx, ctx.Repo.Repository.ID, form.RuleName)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetProtectedBranchByID", err)
|
||||
return
|
||||
|
@ -583,7 +620,7 @@ func EditBranchProtection(ctx *context.APIContext) {
|
|||
form := web.GetForm(ctx).(*api.EditBranchProtectionOption)
|
||||
repo := ctx.Repo.Repository
|
||||
bpName := ctx.Params(":name")
|
||||
protectBranch, err := git_model.GetProtectedBranchBy(ctx, repo.ID, bpName)
|
||||
protectBranch, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetProtectedBranchByID", err)
|
||||
return
|
||||
|
@ -760,13 +797,49 @@ func EditBranchProtection(ctx *context.APIContext) {
|
|||
return
|
||||
}
|
||||
|
||||
if err = pull_service.CheckPrsForBaseBranch(ctx.Repo.Repository, protectBranch.BranchName); err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "CheckPrsForBaseBranch", err)
|
||||
return
|
||||
isPlainRule := !git_model.IsRuleNameSpecial(bpName)
|
||||
var isBranchExist bool
|
||||
if isPlainRule {
|
||||
isBranchExist = git.IsBranchExist(ctx.Req.Context(), ctx.Repo.Repository.RepoPath(), bpName)
|
||||
}
|
||||
|
||||
if isBranchExist {
|
||||
if err = pull_service.CheckPRsForBaseBranch(ctx.Repo.Repository, bpName); err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "CheckPrsForBaseBranch", err)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if !isPlainRule {
|
||||
if ctx.Repo.GitRepo == nil {
|
||||
ctx.Repo.GitRepo, err = git.OpenRepository(ctx, ctx.Repo.Repository.RepoPath())
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "OpenRepository", err)
|
||||
return
|
||||
}
|
||||
defer func() {
|
||||
ctx.Repo.GitRepo.Close()
|
||||
ctx.Repo.GitRepo = nil
|
||||
}()
|
||||
}
|
||||
|
||||
// FIXME: since we only need to recheck files protected rules, we could improve this
|
||||
matchedBranches, err := git_model.FindAllMatchedBranches(ctx, ctx.Repo.GitRepo, protectBranch.RuleName)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "FindAllMatchedBranches", err)
|
||||
return
|
||||
}
|
||||
|
||||
for _, branchName := range matchedBranches {
|
||||
if err = pull_service.CheckPRsForBaseBranch(ctx.Repo.Repository, branchName); err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "CheckPrsForBaseBranch", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Reload from db to ensure get all whitelists
|
||||
bp, err := git_model.GetProtectedBranchBy(ctx, repo.ID, bpName)
|
||||
bp, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetProtectedBranchBy", err)
|
||||
return
|
||||
|
@ -810,7 +883,7 @@ func DeleteBranchProtection(ctx *context.APIContext) {
|
|||
|
||||
repo := ctx.Repo.Repository
|
||||
bpName := ctx.Params(":name")
|
||||
bp, err := git_model.GetProtectedBranchBy(ctx, repo.ID, bpName)
|
||||
bp, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetProtectedBranchByID", err)
|
||||
return
|
||||
|
|
|
@ -14,6 +14,7 @@ import (
|
|||
|
||||
"code.gitea.io/gitea/models"
|
||||
activities_model "code.gitea.io/gitea/models/activities"
|
||||
git_model "code.gitea.io/gitea/models/git"
|
||||
issues_model "code.gitea.io/gitea/models/issues"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
pull_model "code.gitea.io/gitea/models/pull"
|
||||
|
@ -902,7 +903,7 @@ func MergePullRequest(ctx *context.APIContext) {
|
|||
ctx.NotFound(err)
|
||||
case errors.Is(err, repo_service.ErrBranchIsDefault):
|
||||
ctx.Error(http.StatusForbidden, "DefaultBranch", fmt.Errorf("can not delete default branch"))
|
||||
case errors.Is(err, repo_service.ErrBranchIsProtected):
|
||||
case errors.Is(err, git_model.ErrBranchIsProtected):
|
||||
ctx.Error(http.StatusForbidden, "IsProtectedBranch", fmt.Errorf("branch protected"))
|
||||
default:
|
||||
ctx.Error(http.StatusInternalServerError, "DeleteBranch", err)
|
||||
|
|
|
@ -107,11 +107,11 @@ func toAPIHook(ctx *context.APIContext, repoLink string, hook *webhook.Webhook)
|
|||
}
|
||||
|
||||
func issuesHook(events []string, event string) bool {
|
||||
return util.IsStringInSlice(event, events, true) || util.IsStringInSlice(string(webhook_module.HookEventIssues), events, true)
|
||||
return util.SliceContainsString(events, event, true) || util.SliceContainsString(events, string(webhook_module.HookEventIssues), true)
|
||||
}
|
||||
|
||||
func pullHook(events []string, event string) bool {
|
||||
return util.IsStringInSlice(event, events, true) || util.IsStringInSlice(string(webhook_module.HookEventPullRequest), events, true)
|
||||
return util.SliceContainsString(events, event, true) || util.SliceContainsString(events, string(webhook_module.HookEventPullRequest), true)
|
||||
}
|
||||
|
||||
// addHook add the hook specified by `form`, `orgID` and `repoID`. If there is
|
||||
|
@ -130,15 +130,15 @@ func addHook(ctx *context.APIContext, form *api.CreateHookOption, orgID, repoID
|
|||
HookEvent: &webhook_module.HookEvent{
|
||||
ChooseEvents: true,
|
||||
HookEvents: webhook_module.HookEvents{
|
||||
Create: util.IsStringInSlice(string(webhook_module.HookEventCreate), form.Events, true),
|
||||
Delete: util.IsStringInSlice(string(webhook_module.HookEventDelete), form.Events, true),
|
||||
Fork: util.IsStringInSlice(string(webhook_module.HookEventFork), form.Events, true),
|
||||
Create: util.SliceContainsString(form.Events, string(webhook_module.HookEventCreate), true),
|
||||
Delete: util.SliceContainsString(form.Events, string(webhook_module.HookEventDelete), true),
|
||||
Fork: util.SliceContainsString(form.Events, string(webhook_module.HookEventFork), true),
|
||||
Issues: issuesHook(form.Events, "issues_only"),
|
||||
IssueAssign: issuesHook(form.Events, string(webhook_module.HookEventIssueAssign)),
|
||||
IssueLabel: issuesHook(form.Events, string(webhook_module.HookEventIssueLabel)),
|
||||
IssueMilestone: issuesHook(form.Events, string(webhook_module.HookEventIssueMilestone)),
|
||||
IssueComment: issuesHook(form.Events, string(webhook_module.HookEventIssueComment)),
|
||||
Push: util.IsStringInSlice(string(webhook_module.HookEventPush), form.Events, true),
|
||||
Push: util.SliceContainsString(form.Events, string(webhook_module.HookEventPush), true),
|
||||
PullRequest: pullHook(form.Events, "pull_request_only"),
|
||||
PullRequestAssign: pullHook(form.Events, string(webhook_module.HookEventPullRequestAssign)),
|
||||
PullRequestLabel: pullHook(form.Events, string(webhook_module.HookEventPullRequestLabel)),
|
||||
|
@ -146,9 +146,9 @@ func addHook(ctx *context.APIContext, form *api.CreateHookOption, orgID, repoID
|
|||
PullRequestComment: pullHook(form.Events, string(webhook_module.HookEventPullRequestComment)),
|
||||
PullRequestReview: pullHook(form.Events, "pull_request_review"),
|
||||
PullRequestSync: pullHook(form.Events, string(webhook_module.HookEventPullRequestSync)),
|
||||
Wiki: util.IsStringInSlice(string(webhook_module.HookEventWiki), form.Events, true),
|
||||
Repository: util.IsStringInSlice(string(webhook_module.HookEventRepository), form.Events, true),
|
||||
Release: util.IsStringInSlice(string(webhook_module.HookEventRelease), form.Events, true),
|
||||
Wiki: util.SliceContainsString(form.Events, string(webhook_module.HookEventWiki), true),
|
||||
Repository: util.SliceContainsString(form.Events, string(webhook_module.HookEventRepository), true),
|
||||
Release: util.SliceContainsString(form.Events, string(webhook_module.HookEventRelease), true),
|
||||
},
|
||||
BranchFilter: form.BranchFilter,
|
||||
},
|
||||
|
@ -277,14 +277,14 @@ func editHook(ctx *context.APIContext, form *api.EditHookOption, w *webhook.Webh
|
|||
w.PushOnly = false
|
||||
w.SendEverything = false
|
||||
w.ChooseEvents = true
|
||||
w.Create = util.IsStringInSlice(string(webhook_module.HookEventCreate), form.Events, true)
|
||||
w.Push = util.IsStringInSlice(string(webhook_module.HookEventPush), form.Events, true)
|
||||
w.Create = util.IsStringInSlice(string(webhook_module.HookEventCreate), form.Events, true)
|
||||
w.Delete = util.IsStringInSlice(string(webhook_module.HookEventDelete), form.Events, true)
|
||||
w.Fork = util.IsStringInSlice(string(webhook_module.HookEventFork), form.Events, true)
|
||||
w.Repository = util.IsStringInSlice(string(webhook_module.HookEventRepository), form.Events, true)
|
||||
w.Wiki = util.IsStringInSlice(string(webhook_module.HookEventWiki), form.Events, true)
|
||||
w.Release = util.IsStringInSlice(string(webhook_module.HookEventRelease), form.Events, true)
|
||||
w.Create = util.SliceContainsString(form.Events, string(webhook_module.HookEventCreate), true)
|
||||
w.Push = util.SliceContainsString(form.Events, string(webhook_module.HookEventPush), true)
|
||||
w.Create = util.SliceContainsString(form.Events, string(webhook_module.HookEventCreate), true)
|
||||
w.Delete = util.SliceContainsString(form.Events, string(webhook_module.HookEventDelete), true)
|
||||
w.Fork = util.SliceContainsString(form.Events, string(webhook_module.HookEventFork), true)
|
||||
w.Repository = util.SliceContainsString(form.Events, string(webhook_module.HookEventRepository), true)
|
||||
w.Wiki = util.SliceContainsString(form.Events, string(webhook_module.HookEventWiki), true)
|
||||
w.Release = util.SliceContainsString(form.Events, string(webhook_module.HookEventRelease), true)
|
||||
w.BranchFilter = form.BranchFilter
|
||||
|
||||
err := w.SetHeaderAuthorization(form.AuthorizationHeader)
|
||||
|
|
|
@ -40,6 +40,7 @@ import (
|
|||
"code.gitea.io/gitea/services/automerge"
|
||||
"code.gitea.io/gitea/services/cron"
|
||||
"code.gitea.io/gitea/services/mailer"
|
||||
mailer_incoming "code.gitea.io/gitea/services/mailer/incoming"
|
||||
markup_service "code.gitea.io/gitea/services/markup"
|
||||
repo_migrations "code.gitea.io/gitea/services/migrations"
|
||||
mirror_service "code.gitea.io/gitea/services/mirror"
|
||||
|
@ -162,6 +163,7 @@ func GlobalInitInstalled(ctx context.Context) {
|
|||
mustInit(task.Init)
|
||||
mustInit(repo_migrations.Init)
|
||||
eventsource.GetManager().Init()
|
||||
mustInitCtx(ctx, mailer_incoming.Init)
|
||||
|
||||
mustInitCtx(ctx, syncAppConfForGit)
|
||||
|
||||
|
|
|
@ -156,7 +156,7 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullN
|
|||
return
|
||||
}
|
||||
|
||||
protectBranch, err := git_model.GetProtectedBranchBy(ctx, repo.ID, branchName)
|
||||
protectBranch, err := git_model.GetFirstMatchProtectedBranchRule(ctx, repo.ID, branchName)
|
||||
if err != nil {
|
||||
log.Error("Unable to get protected branch: %s in %-v Error: %v", branchName, repo, err)
|
||||
ctx.JSON(http.StatusInternalServerError, private.Response{
|
||||
|
@ -166,9 +166,10 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullN
|
|||
}
|
||||
|
||||
// Allow pushes to non-protected branches
|
||||
if protectBranch == nil || !protectBranch.IsProtected() {
|
||||
if protectBranch == nil {
|
||||
return
|
||||
}
|
||||
protectBranch.Repo = repo
|
||||
|
||||
// This ref is a protected branch.
|
||||
//
|
||||
|
@ -238,7 +239,6 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullN
|
|||
Err: fmt.Sprintf("Unable to check file protection for commits from %s to %s: %v", oldCommitID, newCommitID, err),
|
||||
})
|
||||
return
|
||||
|
||||
}
|
||||
|
||||
changedProtectedfiles = true
|
||||
|
@ -251,7 +251,15 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullN
|
|||
if ctx.opts.DeployKeyID != 0 {
|
||||
canPush = !changedProtectedfiles && protectBranch.CanPush && (!protectBranch.EnableWhitelist || protectBranch.WhitelistDeployKeys)
|
||||
} else {
|
||||
canPush = !changedProtectedfiles && protectBranch.CanUserPush(ctx, ctx.opts.UserID)
|
||||
user, err := user_model.GetUserByID(ctx, ctx.opts.UserID)
|
||||
if err != nil {
|
||||
log.Error("Unable to GetUserByID for commits from %s to %s in %-v: %v", oldCommitID, newCommitID, repo, err)
|
||||
ctx.JSON(http.StatusInternalServerError, private.Response{
|
||||
Err: fmt.Sprintf("Unable to GetUserByID for commits from %s to %s: %v", oldCommitID, newCommitID, err),
|
||||
})
|
||||
return
|
||||
}
|
||||
canPush = !changedProtectedfiles && protectBranch.CanUserPush(ctx, user)
|
||||
}
|
||||
|
||||
// 6. If we're not allowed to push directly
|
||||
|
|
|
@ -16,8 +16,8 @@ import (
|
|||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/services/externalaccount"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
)
|
||||
|
||||
var tplWebAuthn base.TplName = "user/auth/webauthn"
|
||||
|
|
|
@ -99,7 +99,7 @@ func DeleteBranchPost(ctx *context.Context) {
|
|||
case errors.Is(err, repo_service.ErrBranchIsDefault):
|
||||
log.Debug("DeleteBranch: Can't delete default branch '%s'", branchName)
|
||||
ctx.Flash.Error(ctx.Tr("repo.branch.default_deletion_failed", branchName))
|
||||
case errors.Is(err, repo_service.ErrBranchIsProtected):
|
||||
case errors.Is(err, git_model.ErrBranchIsProtected):
|
||||
log.Debug("DeleteBranch: Can't delete protected branch '%s'", branchName)
|
||||
ctx.Flash.Error(ctx.Tr("repo.branch.protected_deletion_failed", branchName))
|
||||
default:
|
||||
|
@ -189,9 +189,9 @@ func loadBranches(ctx *context.Context, skip, limit int) (*Branch, []*Branch, in
|
|||
return nil, nil, 0
|
||||
}
|
||||
|
||||
protectedBranches, err := git_model.GetProtectedBranches(ctx, ctx.Repo.Repository.ID)
|
||||
rules, err := git_model.FindRepoProtectedBranchRules(ctx, ctx.Repo.Repository.ID)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetProtectedBranches", err)
|
||||
ctx.ServerError("FindRepoProtectedBranchRules", err)
|
||||
return nil, nil, 0
|
||||
}
|
||||
|
||||
|
@ -208,7 +208,7 @@ func loadBranches(ctx *context.Context, skip, limit int) (*Branch, []*Branch, in
|
|||
continue
|
||||
}
|
||||
|
||||
branch := loadOneBranch(ctx, rawBranches[i], defaultBranch, protectedBranches, repoIDToRepo, repoIDToGitRepo)
|
||||
branch := loadOneBranch(ctx, rawBranches[i], defaultBranch, &rules, repoIDToRepo, repoIDToGitRepo)
|
||||
if branch == nil {
|
||||
return nil, nil, 0
|
||||
}
|
||||
|
@ -220,7 +220,7 @@ func loadBranches(ctx *context.Context, skip, limit int) (*Branch, []*Branch, in
|
|||
if defaultBranch != nil {
|
||||
// Always add the default branch
|
||||
log.Debug("loadOneBranch: load default: '%s'", defaultBranch.Name)
|
||||
defaultBranchBranch = loadOneBranch(ctx, defaultBranch, defaultBranch, protectedBranches, repoIDToRepo, repoIDToGitRepo)
|
||||
defaultBranchBranch = loadOneBranch(ctx, defaultBranch, defaultBranch, &rules, repoIDToRepo, repoIDToGitRepo)
|
||||
branches = append(branches, defaultBranchBranch)
|
||||
}
|
||||
|
||||
|
@ -236,7 +236,7 @@ func loadBranches(ctx *context.Context, skip, limit int) (*Branch, []*Branch, in
|
|||
return defaultBranchBranch, branches, totalNumOfBranches
|
||||
}
|
||||
|
||||
func loadOneBranch(ctx *context.Context, rawBranch, defaultBranch *git.Branch, protectedBranches []*git_model.ProtectedBranch,
|
||||
func loadOneBranch(ctx *context.Context, rawBranch, defaultBranch *git.Branch, protectedBranches *git_model.ProtectedBranchRules,
|
||||
repoIDToRepo map[int64]*repo_model.Repository,
|
||||
repoIDToGitRepo map[int64]*git.Repository,
|
||||
) *Branch {
|
||||
|
@ -249,13 +249,8 @@ func loadOneBranch(ctx *context.Context, rawBranch, defaultBranch *git.Branch, p
|
|||
}
|
||||
|
||||
branchName := rawBranch.Name
|
||||
var isProtected bool
|
||||
for _, b := range protectedBranches {
|
||||
if b.BranchName == branchName {
|
||||
isProtected = true
|
||||
break
|
||||
}
|
||||
}
|
||||
p := protectedBranches.GetFirstMatched(branchName)
|
||||
isProtected := p != nil
|
||||
|
||||
divergence := &git.DivergeObject{
|
||||
Ahead: -1,
|
||||
|
|
|
@ -139,7 +139,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption uti
|
|||
viewType := ctx.FormString("type")
|
||||
sortType := ctx.FormString("sort")
|
||||
types := []string{"all", "your_repositories", "assigned", "created_by", "mentioned", "review_requested"}
|
||||
if !util.IsStringInSlice(viewType, types, true) {
|
||||
if !util.SliceContainsString(types, viewType, true) {
|
||||
viewType = "all"
|
||||
}
|
||||
|
||||
|
@ -1604,7 +1604,7 @@ func ViewIssue(ctx *context.Context) {
|
|||
if perm.CanWrite(unit.TypeCode) {
|
||||
// Check if branch is not protected
|
||||
if pull.HeadBranch != pull.HeadRepo.DefaultBranch {
|
||||
if protected, err := git_model.IsProtectedBranch(ctx, pull.HeadRepo.ID, pull.HeadBranch); err != nil {
|
||||
if protected, err := git_model.IsBranchProtected(ctx, pull.HeadRepo.ID, pull.HeadBranch); err != nil {
|
||||
log.Error("IsProtectedBranch: %v", err)
|
||||
} else if !protected {
|
||||
canDelete = true
|
||||
|
@ -1680,22 +1680,25 @@ func ViewIssue(ctx *context.Context) {
|
|||
ctx.Data["DefaultSquashMergeMessage"] = defaultSquashMergeMessage
|
||||
ctx.Data["DefaultSquashMergeBody"] = defaultSquashMergeBody
|
||||
|
||||
if err = pull.LoadProtectedBranch(ctx); err != nil {
|
||||
pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pull.BaseRepoID, pull.BaseBranch)
|
||||
if err != nil {
|
||||
ctx.ServerError("LoadProtectedBranch", err)
|
||||
return
|
||||
}
|
||||
ctx.Data["ShowMergeInstructions"] = true
|
||||
if pull.ProtectedBranch != nil {
|
||||
if pb != nil {
|
||||
pb.Repo = pull.BaseRepo
|
||||
var showMergeInstructions bool
|
||||
if ctx.Doer != nil {
|
||||
showMergeInstructions = pull.ProtectedBranch.CanUserPush(ctx, ctx.Doer.ID)
|
||||
showMergeInstructions = pb.CanUserPush(ctx, ctx.Doer)
|
||||
}
|
||||
ctx.Data["IsBlockedByApprovals"] = !issues_model.HasEnoughApprovals(ctx, pull.ProtectedBranch, pull)
|
||||
ctx.Data["IsBlockedByRejection"] = issues_model.MergeBlockedByRejectedReview(ctx, pull.ProtectedBranch, pull)
|
||||
ctx.Data["IsBlockedByOfficialReviewRequests"] = issues_model.MergeBlockedByOfficialReviewRequests(ctx, pull.ProtectedBranch, pull)
|
||||
ctx.Data["IsBlockedByOutdatedBranch"] = issues_model.MergeBlockedByOutdatedBranch(pull.ProtectedBranch, pull)
|
||||
ctx.Data["GrantedApprovals"] = issues_model.GetGrantedApprovalsCount(ctx, pull.ProtectedBranch, pull)
|
||||
ctx.Data["RequireSigned"] = pull.ProtectedBranch.RequireSignedCommits
|
||||
ctx.Data["ProtectedBranch"] = pb
|
||||
ctx.Data["IsBlockedByApprovals"] = !issues_model.HasEnoughApprovals(ctx, pb, pull)
|
||||
ctx.Data["IsBlockedByRejection"] = issues_model.MergeBlockedByRejectedReview(ctx, pb, pull)
|
||||
ctx.Data["IsBlockedByOfficialReviewRequests"] = issues_model.MergeBlockedByOfficialReviewRequests(ctx, pb, pull)
|
||||
ctx.Data["IsBlockedByOutdatedBranch"] = issues_model.MergeBlockedByOutdatedBranch(pb, pull)
|
||||
ctx.Data["GrantedApprovals"] = issues_model.GetGrantedApprovalsCount(ctx, pb, pull)
|
||||
ctx.Data["RequireSigned"] = pb.RequireSignedCommits
|
||||
ctx.Data["ChangedProtectedFiles"] = pull.ChangedProtectedFiles
|
||||
ctx.Data["IsBlockedByChangedProtectedFiles"] = len(pull.ChangedProtectedFiles) != 0
|
||||
ctx.Data["ChangedProtectedFilesNum"] = len(pull.ChangedProtectedFiles)
|
||||
|
@ -3087,7 +3090,7 @@ func updateAttachments(ctx *context.Context, item interface{}, files []string) e
|
|||
return fmt.Errorf("unknown Type: %T", content)
|
||||
}
|
||||
for i := 0; i < len(attachments); i++ {
|
||||
if util.IsStringInSlice(attachments[i].UUID, files) {
|
||||
if util.SliceContainsString(files, attachments[i].UUID) {
|
||||
continue
|
||||
}
|
||||
if err := repo_model.DeleteAttachment(attachments[i], true); err != nil {
|
||||
|
|
|
@ -440,11 +440,12 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C
|
|||
|
||||
setMergeTarget(ctx, pull)
|
||||
|
||||
if err := pull.LoadProtectedBranch(ctx); err != nil {
|
||||
pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, repo.ID, pull.BaseBranch)
|
||||
if err != nil {
|
||||
ctx.ServerError("LoadProtectedBranch", err)
|
||||
return nil
|
||||
}
|
||||
ctx.Data["EnableStatusCheck"] = pull.ProtectedBranch != nil && pull.ProtectedBranch.EnableStatusCheck
|
||||
ctx.Data["EnableStatusCheck"] = pb != nil && pb.EnableStatusCheck
|
||||
|
||||
var baseGitRepo *git.Repository
|
||||
if pull.BaseRepoID == ctx.Repo.Repository.ID && ctx.Repo.GitRepo != nil {
|
||||
|
@ -570,16 +571,16 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C
|
|||
ctx.Data["LatestCommitStatus"] = git_model.CalcCommitStatus(commitStatuses)
|
||||
}
|
||||
|
||||
if pull.ProtectedBranch != nil && pull.ProtectedBranch.EnableStatusCheck {
|
||||
if pb != nil && pb.EnableStatusCheck {
|
||||
ctx.Data["is_context_required"] = func(context string) bool {
|
||||
for _, c := range pull.ProtectedBranch.StatusCheckContexts {
|
||||
for _, c := range pb.StatusCheckContexts {
|
||||
if c == context {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
ctx.Data["RequiredStatusCheckState"] = pull_service.MergeRequiredContextsCommitStatus(commitStatuses, pull.ProtectedBranch.StatusCheckContexts)
|
||||
ctx.Data["RequiredStatusCheckState"] = pull_service.MergeRequiredContextsCommitStatus(commitStatuses, pb.StatusCheckContexts)
|
||||
}
|
||||
|
||||
ctx.Data["HeadBranchMovedOn"] = headBranchSha != sha
|
||||
|
@ -752,16 +753,17 @@ func ViewPullFiles(ctx *context.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
if err = pull.LoadProtectedBranch(ctx); err != nil {
|
||||
pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pull.BaseRepoID, pull.BaseBranch)
|
||||
if err != nil {
|
||||
ctx.ServerError("LoadProtectedBranch", err)
|
||||
return
|
||||
}
|
||||
|
||||
if pull.ProtectedBranch != nil {
|
||||
glob := pull.ProtectedBranch.GetProtectedFilePatterns()
|
||||
if pb != nil {
|
||||
glob := pb.GetProtectedFilePatterns()
|
||||
if len(glob) != 0 {
|
||||
for _, file := range diff.Files {
|
||||
file.IsProtected = pull.ProtectedBranch.IsProtectedFile(glob, file.Name)
|
||||
file.IsProtected = pb.IsProtectedFile(glob, file.Name)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1400,7 +1402,7 @@ func deleteBranch(ctx *context.Context, pr *issues_model.PullRequest, gitRepo *g
|
|||
ctx.Flash.Error(ctx.Tr("repo.branch.deletion_failed", fullBranchName))
|
||||
case errors.Is(err, repo_service.ErrBranchIsDefault):
|
||||
ctx.Flash.Error(ctx.Tr("repo.branch.deletion_failed", fullBranchName))
|
||||
case errors.Is(err, repo_service.ErrBranchIsProtected):
|
||||
case errors.Is(err, git_model.ErrBranchIsProtected):
|
||||
ctx.Flash.Error(ctx.Tr("repo.branch.deletion_failed", fullBranchName))
|
||||
default:
|
||||
log.Error("DeleteBranch: %v", err)
|
||||
|
|
|
@ -56,7 +56,6 @@ const (
|
|||
tplGithooks base.TplName = "repo/settings/githooks"
|
||||
tplGithookEdit base.TplName = "repo/settings/githook_edit"
|
||||
tplDeployKeys base.TplName = "repo/settings/deploy_keys"
|
||||
tplProtectedBranch base.TplName = "repo/settings/protected_branch"
|
||||
)
|
||||
|
||||
// SettingsCtxData is a middleware that sets all the general context data for the
|
||||
|
|
|
@ -19,47 +19,33 @@ import (
|
|||
"code.gitea.io/gitea/modules/git"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
"code.gitea.io/gitea/modules/web"
|
||||
"code.gitea.io/gitea/services/forms"
|
||||
pull_service "code.gitea.io/gitea/services/pull"
|
||||
"code.gitea.io/gitea/services/repository"
|
||||
)
|
||||
|
||||
// ProtectedBranch render the page to protect the repository
|
||||
func ProtectedBranch(ctx *context.Context) {
|
||||
const (
|
||||
tplProtectedBranch base.TplName = "repo/settings/protected_branch"
|
||||
)
|
||||
|
||||
// ProtectedBranchRules render the page to protect the repository
|
||||
func ProtectedBranchRules(ctx *context.Context) {
|
||||
ctx.Data["Title"] = ctx.Tr("repo.settings")
|
||||
ctx.Data["PageIsSettingsBranches"] = true
|
||||
|
||||
protectedBranches, err := git_model.GetProtectedBranches(ctx, ctx.Repo.Repository.ID)
|
||||
rules, err := git_model.FindRepoProtectedBranchRules(ctx, ctx.Repo.Repository.ID)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetProtectedBranches", err)
|
||||
return
|
||||
}
|
||||
ctx.Data["ProtectedBranches"] = protectedBranches
|
||||
|
||||
branches := ctx.Data["Branches"].([]string)
|
||||
leftBranches := make([]string, 0, len(branches)-len(protectedBranches))
|
||||
for _, b := range branches {
|
||||
var protected bool
|
||||
for _, pb := range protectedBranches {
|
||||
if b == pb.BranchName {
|
||||
protected = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !protected {
|
||||
leftBranches = append(leftBranches, b)
|
||||
}
|
||||
}
|
||||
|
||||
ctx.Data["LeftBranches"] = leftBranches
|
||||
ctx.Data["ProtectedBranches"] = rules
|
||||
|
||||
ctx.HTML(http.StatusOK, tplBranches)
|
||||
}
|
||||
|
||||
// ProtectedBranchPost response for protect for a branch of a repository
|
||||
func ProtectedBranchPost(ctx *context.Context) {
|
||||
// SetDefaultBranchPost set default branch
|
||||
func SetDefaultBranchPost(ctx *context.Context) {
|
||||
ctx.Data["Title"] = ctx.Tr("repo.settings")
|
||||
ctx.Data["PageIsSettingsBranches"] = true
|
||||
|
||||
|
@ -101,41 +87,36 @@ func ProtectedBranchPost(ctx *context.Context) {
|
|||
|
||||
// SettingsProtectedBranch renders the protected branch setting page
|
||||
func SettingsProtectedBranch(c *context.Context) {
|
||||
branch := c.Params("*")
|
||||
if !c.Repo.GitRepo.IsBranchExist(branch) {
|
||||
c.NotFound("IsBranchExist", nil)
|
||||
return
|
||||
}
|
||||
|
||||
c.Data["Title"] = c.Tr("repo.settings.protected_branch") + " - " + branch
|
||||
c.Data["PageIsSettingsBranches"] = true
|
||||
|
||||
protectBranch, err := git_model.GetProtectedBranchBy(c, c.Repo.Repository.ID, branch)
|
||||
if err != nil {
|
||||
if !git.IsErrBranchNotExist(err) {
|
||||
ruleName := c.FormString("rule_name")
|
||||
var rule *git_model.ProtectedBranch
|
||||
if ruleName != "" {
|
||||
var err error
|
||||
rule, err = git_model.GetProtectedBranchRuleByName(c, c.Repo.Repository.ID, ruleName)
|
||||
if err != nil {
|
||||
c.ServerError("GetProtectBranchOfRepoByName", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if protectBranch == nil {
|
||||
if rule == nil {
|
||||
// No options found, create defaults.
|
||||
protectBranch = &git_model.ProtectedBranch{
|
||||
BranchName: branch,
|
||||
}
|
||||
rule = &git_model.ProtectedBranch{}
|
||||
}
|
||||
|
||||
c.Data["PageIsSettingsBranches"] = true
|
||||
c.Data["Title"] = c.Tr("repo.settings.protected_branch") + " - " + rule.RuleName
|
||||
|
||||
users, err := access_model.GetRepoReaders(c.Repo.Repository)
|
||||
if err != nil {
|
||||
c.ServerError("Repo.Repository.GetReaders", err)
|
||||
return
|
||||
}
|
||||
c.Data["Users"] = users
|
||||
c.Data["whitelist_users"] = strings.Join(base.Int64sToStrings(protectBranch.WhitelistUserIDs), ",")
|
||||
c.Data["merge_whitelist_users"] = strings.Join(base.Int64sToStrings(protectBranch.MergeWhitelistUserIDs), ",")
|
||||
c.Data["approvals_whitelist_users"] = strings.Join(base.Int64sToStrings(protectBranch.ApprovalsWhitelistUserIDs), ",")
|
||||
c.Data["whitelist_users"] = strings.Join(base.Int64sToStrings(rule.WhitelistUserIDs), ",")
|
||||
c.Data["merge_whitelist_users"] = strings.Join(base.Int64sToStrings(rule.MergeWhitelistUserIDs), ",")
|
||||
c.Data["approvals_whitelist_users"] = strings.Join(base.Int64sToStrings(rule.ApprovalsWhitelistUserIDs), ",")
|
||||
contexts, _ := git_model.FindRepoRecentCommitStatusContexts(c, c.Repo.Repository.ID, 7*24*time.Hour) // Find last week status check contexts
|
||||
for _, ctx := range protectBranch.StatusCheckContexts {
|
||||
for _, ctx := range rule.StatusCheckContexts {
|
||||
var found bool
|
||||
for i := range contexts {
|
||||
if contexts[i] == ctx {
|
||||
|
@ -150,7 +131,7 @@ func SettingsProtectedBranch(c *context.Context) {
|
|||
|
||||
c.Data["branch_status_check_contexts"] = contexts
|
||||
c.Data["is_context_required"] = func(context string) bool {
|
||||
for _, c := range protectBranch.StatusCheckContexts {
|
||||
for _, c := range rule.StatusCheckContexts {
|
||||
if c == context {
|
||||
return true
|
||||
}
|
||||
|
@ -165,130 +146,173 @@ func SettingsProtectedBranch(c *context.Context) {
|
|||
return
|
||||
}
|
||||
c.Data["Teams"] = teams
|
||||
c.Data["whitelist_teams"] = strings.Join(base.Int64sToStrings(protectBranch.WhitelistTeamIDs), ",")
|
||||
c.Data["merge_whitelist_teams"] = strings.Join(base.Int64sToStrings(protectBranch.MergeWhitelistTeamIDs), ",")
|
||||
c.Data["approvals_whitelist_teams"] = strings.Join(base.Int64sToStrings(protectBranch.ApprovalsWhitelistTeamIDs), ",")
|
||||
c.Data["whitelist_teams"] = strings.Join(base.Int64sToStrings(rule.WhitelistTeamIDs), ",")
|
||||
c.Data["merge_whitelist_teams"] = strings.Join(base.Int64sToStrings(rule.MergeWhitelistTeamIDs), ",")
|
||||
c.Data["approvals_whitelist_teams"] = strings.Join(base.Int64sToStrings(rule.ApprovalsWhitelistTeamIDs), ",")
|
||||
}
|
||||
|
||||
c.Data["Branch"] = protectBranch
|
||||
c.Data["Rule"] = rule
|
||||
c.HTML(http.StatusOK, tplProtectedBranch)
|
||||
}
|
||||
|
||||
// SettingsProtectedBranchPost updates the protected branch settings
|
||||
func SettingsProtectedBranchPost(ctx *context.Context) {
|
||||
f := web.GetForm(ctx).(*forms.ProtectBranchForm)
|
||||
branch := ctx.Params("*")
|
||||
if !ctx.Repo.GitRepo.IsBranchExist(branch) {
|
||||
ctx.NotFound("IsBranchExist", nil)
|
||||
var protectBranch *git_model.ProtectedBranch
|
||||
if f.RuleName == "" {
|
||||
ctx.Flash.Error(ctx.Tr("repo.settings.protected_branch_required_rule_name"))
|
||||
ctx.Redirect(fmt.Sprintf("%s/settings/branches/edit", ctx.Repo.RepoLink))
|
||||
return
|
||||
}
|
||||
|
||||
protectBranch, err := git_model.GetProtectedBranchBy(ctx, ctx.Repo.Repository.ID, branch)
|
||||
var err error
|
||||
protectBranch, err = git_model.GetProtectedBranchRuleByName(ctx, ctx.Repo.Repository.ID, f.RuleName)
|
||||
if err != nil {
|
||||
if !git.IsErrBranchNotExist(err) {
|
||||
ctx.ServerError("GetProtectBranchOfRepoByName", err)
|
||||
return
|
||||
ctx.ServerError("GetProtectBranchOfRepoByName", err)
|
||||
return
|
||||
}
|
||||
if protectBranch == nil {
|
||||
// No options found, create defaults.
|
||||
protectBranch = &git_model.ProtectedBranch{
|
||||
RepoID: ctx.Repo.Repository.ID,
|
||||
RuleName: f.RuleName,
|
||||
}
|
||||
}
|
||||
|
||||
if f.Protected {
|
||||
if protectBranch == nil {
|
||||
// No options found, create defaults.
|
||||
protectBranch = &git_model.ProtectedBranch{
|
||||
RepoID: ctx.Repo.Repository.ID,
|
||||
BranchName: branch,
|
||||
}
|
||||
}
|
||||
if f.RequiredApprovals < 0 {
|
||||
ctx.Flash.Error(ctx.Tr("repo.settings.protected_branch_required_approvals_min"))
|
||||
ctx.Redirect(fmt.Sprintf("%s/settings/branches/%s", ctx.Repo.RepoLink, util.PathEscapeSegments(branch)))
|
||||
}
|
||||
var whitelistUsers, whitelistTeams, mergeWhitelistUsers, mergeWhitelistTeams, approvalsWhitelistUsers, approvalsWhitelistTeams []int64
|
||||
protectBranch.RuleName = f.RuleName
|
||||
if f.RequiredApprovals < 0 {
|
||||
ctx.Flash.Error(ctx.Tr("repo.settings.protected_branch_required_approvals_min"))
|
||||
ctx.Redirect(fmt.Sprintf("%s/settings/branches/edit?rule_name=%s", ctx.Repo.RepoLink, f.RuleName))
|
||||
return
|
||||
}
|
||||
|
||||
var whitelistUsers, whitelistTeams, mergeWhitelistUsers, mergeWhitelistTeams, approvalsWhitelistUsers, approvalsWhitelistTeams []int64
|
||||
switch f.EnablePush {
|
||||
case "all":
|
||||
protectBranch.CanPush = true
|
||||
protectBranch.EnableWhitelist = false
|
||||
protectBranch.WhitelistDeployKeys = false
|
||||
case "whitelist":
|
||||
protectBranch.CanPush = true
|
||||
protectBranch.EnableWhitelist = true
|
||||
protectBranch.WhitelistDeployKeys = f.WhitelistDeployKeys
|
||||
if strings.TrimSpace(f.WhitelistUsers) != "" {
|
||||
whitelistUsers, _ = base.StringsToInt64s(strings.Split(f.WhitelistUsers, ","))
|
||||
}
|
||||
if strings.TrimSpace(f.WhitelistTeams) != "" {
|
||||
whitelistTeams, _ = base.StringsToInt64s(strings.Split(f.WhitelistTeams, ","))
|
||||
}
|
||||
default:
|
||||
protectBranch.CanPush = false
|
||||
protectBranch.EnableWhitelist = false
|
||||
protectBranch.WhitelistDeployKeys = false
|
||||
switch f.EnablePush {
|
||||
case "all":
|
||||
protectBranch.CanPush = true
|
||||
protectBranch.EnableWhitelist = false
|
||||
protectBranch.WhitelistDeployKeys = false
|
||||
case "whitelist":
|
||||
protectBranch.CanPush = true
|
||||
protectBranch.EnableWhitelist = true
|
||||
protectBranch.WhitelistDeployKeys = f.WhitelistDeployKeys
|
||||
if strings.TrimSpace(f.WhitelistUsers) != "" {
|
||||
whitelistUsers, _ = base.StringsToInt64s(strings.Split(f.WhitelistUsers, ","))
|
||||
}
|
||||
if strings.TrimSpace(f.WhitelistTeams) != "" {
|
||||
whitelistTeams, _ = base.StringsToInt64s(strings.Split(f.WhitelistTeams, ","))
|
||||
}
|
||||
default:
|
||||
protectBranch.CanPush = false
|
||||
protectBranch.EnableWhitelist = false
|
||||
protectBranch.WhitelistDeployKeys = false
|
||||
}
|
||||
|
||||
protectBranch.EnableMergeWhitelist = f.EnableMergeWhitelist
|
||||
if f.EnableMergeWhitelist {
|
||||
if strings.TrimSpace(f.MergeWhitelistUsers) != "" {
|
||||
mergeWhitelistUsers, _ = base.StringsToInt64s(strings.Split(f.MergeWhitelistUsers, ","))
|
||||
}
|
||||
if strings.TrimSpace(f.MergeWhitelistTeams) != "" {
|
||||
mergeWhitelistTeams, _ = base.StringsToInt64s(strings.Split(f.MergeWhitelistTeams, ","))
|
||||
}
|
||||
protectBranch.EnableMergeWhitelist = f.EnableMergeWhitelist
|
||||
if f.EnableMergeWhitelist {
|
||||
if strings.TrimSpace(f.MergeWhitelistUsers) != "" {
|
||||
mergeWhitelistUsers, _ = base.StringsToInt64s(strings.Split(f.MergeWhitelistUsers, ","))
|
||||
}
|
||||
if strings.TrimSpace(f.MergeWhitelistTeams) != "" {
|
||||
mergeWhitelistTeams, _ = base.StringsToInt64s(strings.Split(f.MergeWhitelistTeams, ","))
|
||||
}
|
||||
}
|
||||
|
||||
protectBranch.EnableStatusCheck = f.EnableStatusCheck
|
||||
if f.EnableStatusCheck {
|
||||
protectBranch.StatusCheckContexts = f.StatusCheckContexts
|
||||
} else {
|
||||
protectBranch.StatusCheckContexts = nil
|
||||
}
|
||||
|
||||
protectBranch.RequiredApprovals = f.RequiredApprovals
|
||||
protectBranch.EnableApprovalsWhitelist = f.EnableApprovalsWhitelist
|
||||
if f.EnableApprovalsWhitelist {
|
||||
if strings.TrimSpace(f.ApprovalsWhitelistUsers) != "" {
|
||||
approvalsWhitelistUsers, _ = base.StringsToInt64s(strings.Split(f.ApprovalsWhitelistUsers, ","))
|
||||
}
|
||||
if strings.TrimSpace(f.ApprovalsWhitelistTeams) != "" {
|
||||
approvalsWhitelistTeams, _ = base.StringsToInt64s(strings.Split(f.ApprovalsWhitelistTeams, ","))
|
||||
}
|
||||
}
|
||||
protectBranch.BlockOnRejectedReviews = f.BlockOnRejectedReviews
|
||||
protectBranch.BlockOnOfficialReviewRequests = f.BlockOnOfficialReviewRequests
|
||||
protectBranch.DismissStaleApprovals = f.DismissStaleApprovals
|
||||
protectBranch.RequireSignedCommits = f.RequireSignedCommits
|
||||
protectBranch.ProtectedFilePatterns = f.ProtectedFilePatterns
|
||||
protectBranch.UnprotectedFilePatterns = f.UnprotectedFilePatterns
|
||||
protectBranch.BlockOnOutdatedBranch = f.BlockOnOutdatedBranch
|
||||
|
||||
err = git_model.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, git_model.WhitelistOptions{
|
||||
UserIDs: whitelistUsers,
|
||||
TeamIDs: whitelistTeams,
|
||||
MergeUserIDs: mergeWhitelistUsers,
|
||||
MergeTeamIDs: mergeWhitelistTeams,
|
||||
ApprovalsUserIDs: approvalsWhitelistUsers,
|
||||
ApprovalsTeamIDs: approvalsWhitelistTeams,
|
||||
})
|
||||
if err != nil {
|
||||
ctx.ServerError("UpdateProtectBranch", err)
|
||||
return
|
||||
}
|
||||
if err = pull_service.CheckPrsForBaseBranch(ctx.Repo.Repository, protectBranch.BranchName); err != nil {
|
||||
ctx.ServerError("CheckPrsForBaseBranch", err)
|
||||
return
|
||||
}
|
||||
ctx.Flash.Success(ctx.Tr("repo.settings.update_protect_branch_success", branch))
|
||||
ctx.Redirect(fmt.Sprintf("%s/settings/branches/%s", ctx.Repo.RepoLink, util.PathEscapeSegments(branch)))
|
||||
protectBranch.EnableStatusCheck = f.EnableStatusCheck
|
||||
if f.EnableStatusCheck {
|
||||
protectBranch.StatusCheckContexts = f.StatusCheckContexts
|
||||
} else {
|
||||
if protectBranch != nil {
|
||||
if err := git_model.DeleteProtectedBranch(ctx, ctx.Repo.Repository.ID, protectBranch.ID); err != nil {
|
||||
ctx.ServerError("DeleteProtectedBranch", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
ctx.Flash.Success(ctx.Tr("repo.settings.remove_protected_branch_success", branch))
|
||||
ctx.Redirect(fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink))
|
||||
protectBranch.StatusCheckContexts = nil
|
||||
}
|
||||
|
||||
protectBranch.RequiredApprovals = f.RequiredApprovals
|
||||
protectBranch.EnableApprovalsWhitelist = f.EnableApprovalsWhitelist
|
||||
if f.EnableApprovalsWhitelist {
|
||||
if strings.TrimSpace(f.ApprovalsWhitelistUsers) != "" {
|
||||
approvalsWhitelistUsers, _ = base.StringsToInt64s(strings.Split(f.ApprovalsWhitelistUsers, ","))
|
||||
}
|
||||
if strings.TrimSpace(f.ApprovalsWhitelistTeams) != "" {
|
||||
approvalsWhitelistTeams, _ = base.StringsToInt64s(strings.Split(f.ApprovalsWhitelistTeams, ","))
|
||||
}
|
||||
}
|
||||
protectBranch.BlockOnRejectedReviews = f.BlockOnRejectedReviews
|
||||
protectBranch.BlockOnOfficialReviewRequests = f.BlockOnOfficialReviewRequests
|
||||
protectBranch.DismissStaleApprovals = f.DismissStaleApprovals
|
||||
protectBranch.RequireSignedCommits = f.RequireSignedCommits
|
||||
protectBranch.ProtectedFilePatterns = f.ProtectedFilePatterns
|
||||
protectBranch.UnprotectedFilePatterns = f.UnprotectedFilePatterns
|
||||
protectBranch.BlockOnOutdatedBranch = f.BlockOnOutdatedBranch
|
||||
|
||||
err = git_model.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, git_model.WhitelistOptions{
|
||||
UserIDs: whitelistUsers,
|
||||
TeamIDs: whitelistTeams,
|
||||
MergeUserIDs: mergeWhitelistUsers,
|
||||
MergeTeamIDs: mergeWhitelistTeams,
|
||||
ApprovalsUserIDs: approvalsWhitelistUsers,
|
||||
ApprovalsTeamIDs: approvalsWhitelistTeams,
|
||||
})
|
||||
if err != nil {
|
||||
ctx.ServerError("UpdateProtectBranch", err)
|
||||
return
|
||||
}
|
||||
|
||||
// FIXME: since we only need to recheck files protected rules, we could improve this
|
||||
matchedBranches, err := git_model.FindAllMatchedBranches(ctx, ctx.Repo.GitRepo, protectBranch.RuleName)
|
||||
if err != nil {
|
||||
ctx.ServerError("FindAllMatchedBranches", err)
|
||||
return
|
||||
}
|
||||
for _, branchName := range matchedBranches {
|
||||
if err = pull_service.CheckPRsForBaseBranch(ctx.Repo.Repository, branchName); err != nil {
|
||||
ctx.ServerError("CheckPRsForBaseBranch", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
ctx.Flash.Success(ctx.Tr("repo.settings.update_protect_branch_success", protectBranch.RuleName))
|
||||
ctx.Redirect(fmt.Sprintf("%s/settings/branches?rule_name=%s", ctx.Repo.RepoLink, protectBranch.RuleName))
|
||||
}
|
||||
|
||||
// DeleteProtectedBranchRulePost delete protected branch rule by id
|
||||
func DeleteProtectedBranchRulePost(ctx *context.Context) {
|
||||
ruleID := ctx.ParamsInt64("id")
|
||||
if ruleID <= 0 {
|
||||
ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", fmt.Sprintf("%d", ruleID)))
|
||||
ctx.JSON(http.StatusOK, map[string]interface{}{
|
||||
"redirect": fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink),
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
rule, err := git_model.GetProtectedBranchRuleByID(ctx, ctx.Repo.Repository.ID, ruleID)
|
||||
if err != nil {
|
||||
ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", fmt.Sprintf("%d", ruleID)))
|
||||
ctx.JSON(http.StatusOK, map[string]interface{}{
|
||||
"redirect": fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink),
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
if rule == nil {
|
||||
ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", fmt.Sprintf("%d", ruleID)))
|
||||
ctx.JSON(http.StatusOK, map[string]interface{}{
|
||||
"redirect": fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink),
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
if err := git_model.DeleteProtectedBranch(ctx, ctx.Repo.Repository.ID, ruleID); err != nil {
|
||||
ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", rule.RuleName))
|
||||
ctx.JSON(http.StatusOK, map[string]interface{}{
|
||||
"redirect": fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink),
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
ctx.Flash.Success(ctx.Tr("repo.settings.remove_protected_branch_success", rule.RuleName))
|
||||
ctx.JSON(http.StatusOK, map[string]interface{}{
|
||||
"redirect": fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink),
|
||||
})
|
||||
}
|
||||
|
||||
// RenameBranchPost responses for rename a branch
|
||||
|
|
|
@ -110,7 +110,7 @@ func getOrgRepoCtx(ctx *context.Context) (*orgRepoCtx, error) {
|
|||
|
||||
func checkHookType(ctx *context.Context) string {
|
||||
hookType := strings.ToLower(ctx.Params(":type"))
|
||||
if !util.IsStringInSlice(hookType, setting.Webhook.Types, true) {
|
||||
if !util.SliceContainsString(setting.Webhook.Types, hookType, true) {
|
||||
ctx.NotFound("checkHookType", nil)
|
||||
return ""
|
||||
}
|
||||
|
|
|
@ -214,7 +214,7 @@ func NotificationSubscriptions(ctx *context.Context) {
|
|||
ctx.Data["SortType"] = sortType
|
||||
|
||||
state := ctx.FormString("state")
|
||||
if !util.IsStringInSlice(state, []string{"all", "open", "closed"}, true) {
|
||||
if !util.SliceContainsString([]string{"all", "open", "closed"}, state, true) {
|
||||
state = "all"
|
||||
}
|
||||
ctx.Data["State"] = state
|
||||
|
|
|
@ -280,17 +280,17 @@ func Repos(ctx *context.Context) {
|
|||
repos := map[string]*repo_model.Repository{}
|
||||
// We're going to iterate by pagesize.
|
||||
root := user_model.UserPath(ctxUser.Name)
|
||||
if err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
|
||||
if err := filepath.WalkDir(root, func(path string, d os.DirEntry, err error) error {
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
if !info.IsDir() || path == root {
|
||||
if !d.IsDir() || path == root {
|
||||
return nil
|
||||
}
|
||||
name := info.Name()
|
||||
name := d.Name()
|
||||
if !strings.HasSuffix(name, ".git") {
|
||||
return filepath.SkipDir
|
||||
}
|
||||
|
@ -304,7 +304,7 @@ func Repos(ctx *context.Context) {
|
|||
count++
|
||||
return filepath.SkipDir
|
||||
}); err != nil {
|
||||
ctx.ServerError("filepath.Walk", err)
|
||||
ctx.ServerError("filepath.WalkDir", err)
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -413,7 +413,7 @@ func UpdateUserLang(ctx *context.Context) {
|
|||
ctx.Data["PageIsSettingsAppearance"] = true
|
||||
|
||||
if len(form.Language) != 0 {
|
||||
if !util.IsStringInSlice(form.Language, setting.Langs) {
|
||||
if !util.SliceContainsString(setting.Langs, form.Language) {
|
||||
ctx.Flash.Error(ctx.Tr("settings.update_language_not_found", form.Language))
|
||||
ctx.Redirect(setting.AppSubURL + "/user/settings/appearance")
|
||||
return
|
||||
|
|
|
@ -15,8 +15,8 @@ import (
|
|||
"code.gitea.io/gitea/modules/web"
|
||||
"code.gitea.io/gitea/services/forms"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
)
|
||||
|
||||
// WebAuthnRegister initializes the webauthn registration procedure
|
||||
|
|
|
@ -861,10 +861,16 @@ func RegisterRoutes(m *web.Route) {
|
|||
})
|
||||
|
||||
m.Group("/branches", func() {
|
||||
m.Combo("").Get(repo.ProtectedBranch).Post(repo.ProtectedBranchPost)
|
||||
m.Combo("/*").Get(repo.SettingsProtectedBranch).
|
||||
Post(web.Bind(forms.ProtectBranchForm{}), context.RepoMustNotBeArchived(), repo.SettingsProtectedBranchPost)
|
||||
m.Post("/", repo.SetDefaultBranchPost)
|
||||
}, repo.MustBeNotEmpty)
|
||||
|
||||
m.Group("/branches", func() {
|
||||
m.Get("/", repo.ProtectedBranchRules)
|
||||
m.Combo("/edit").Get(repo.SettingsProtectedBranch).
|
||||
Post(web.Bind(forms.ProtectBranchForm{}), context.RepoMustNotBeArchived(), repo.SettingsProtectedBranchPost)
|
||||
m.Post("/{id}/delete", repo.DeleteProtectedBranchRulePost)
|
||||
}, repo.MustBeNotEmpty)
|
||||
|
||||
m.Post("/rename_branch", web.Bind(forms.RenameBranchForm{}), context.RepoMustNotBeArchived(), repo.RenameBranchPost)
|
||||
|
||||
m.Group("/tags", func() {
|
||||
|
|
|
@ -310,7 +310,7 @@ Loop:
|
|||
return false, "", nil, &ErrWontSign{twofa}
|
||||
}
|
||||
case approved:
|
||||
protectedBranch, err := git_model.GetProtectedBranchBy(ctx, repo.ID, pr.BaseBranch)
|
||||
protectedBranch, err := git_model.GetFirstMatchProtectedBranchRule(ctx, repo.ID, pr.BaseBranch)
|
||||
if err != nil {
|
||||
return false, "", nil, err
|
||||
}
|
||||
|
|
|
@ -246,7 +246,7 @@ func (source *Source) getMappedMemberships(l *ldap.Conn, uid string) (map[string
|
|||
membershipsToAdd := map[string][]string{}
|
||||
membershipsToRemove := map[string][]string{}
|
||||
for group, memberships := range ldapGroupsToTeams {
|
||||
isUserInGroup := util.IsStringInSlice(group, usersLdapGroups)
|
||||
isUserInGroup := util.SliceContainsString(usersLdapGroups, group)
|
||||
if isUserInGroup {
|
||||
for org, teams := range memberships {
|
||||
membershipsToAdd[org] = teams
|
||||
|
|
|
@ -23,7 +23,7 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
|
|||
idx := strings.Index(userName, "@")
|
||||
if idx == -1 {
|
||||
return nil, user_model.ErrUserNotExist{Name: userName}
|
||||
} else if !util.IsStringInSlice(userName[idx+1:], strings.Split(source.AllowedDomains, ","), true) {
|
||||
} else if !util.SliceContainsString(strings.Split(source.AllowedDomains, ","), userName[idx+1:], true) {
|
||||
return nil, user_model.ErrUserNotExist{Name: userName}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -79,7 +79,7 @@ func ToBranch(repo *repo_model.Repository, b *git.Branch, c *git.Commit, bp *git
|
|||
}
|
||||
|
||||
if isRepoAdmin {
|
||||
branch.EffectiveBranchProtectionName = bp.BranchName
|
||||
branch.EffectiveBranchProtectionName = bp.RuleName
|
||||
}
|
||||
|
||||
if user != nil {
|
||||
|
@ -87,7 +87,8 @@ func ToBranch(repo *repo_model.Repository, b *git.Branch, c *git.Commit, bp *git
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
branch.UserCanPush = bp.CanUserPush(db.DefaultContext, user.ID)
|
||||
bp.Repo = repo
|
||||
branch.UserCanPush = bp.CanUserPush(db.DefaultContext, user)
|
||||
branch.UserCanMerge = git_model.IsUserMergeWhitelisted(db.DefaultContext, bp, user.ID, permission)
|
||||
}
|
||||
|
||||
|
@ -121,8 +122,14 @@ func ToBranchProtection(bp *git_model.ProtectedBranch) *api.BranchProtection {
|
|||
log.Error("GetTeamNamesByID (ApprovalsWhitelistTeamIDs): %v", err)
|
||||
}
|
||||
|
||||
branchName := ""
|
||||
if !git_model.IsRuleNameSpecial(bp.RuleName) {
|
||||
branchName = bp.RuleName
|
||||
}
|
||||
|
||||
return &api.BranchProtection{
|
||||
BranchName: bp.BranchName,
|
||||
BranchName: branchName,
|
||||
RuleName: bp.RuleName,
|
||||
EnablePush: bp.CanPush,
|
||||
EnablePushWhitelist: bp.EnableWhitelist,
|
||||
PushWhitelistUsernames: pushWhitelistUsernames,
|
||||
|
|
|
@ -175,6 +175,48 @@ func registerDeleteOldSystemNotices() {
|
|||
})
|
||||
}
|
||||
|
||||
func registerGCLFS() {
|
||||
if !setting.LFS.StartServer {
|
||||
return
|
||||
}
|
||||
type GCLFSConfig struct {
|
||||
OlderThanConfig
|
||||
LastUpdatedMoreThanAgo time.Duration
|
||||
NumberToCheckPerRepo int64
|
||||
ProportionToCheckPerRepo float64
|
||||
}
|
||||
|
||||
RegisterTaskFatal("gc_lfs", &GCLFSConfig{
|
||||
OlderThanConfig: OlderThanConfig{
|
||||
BaseConfig: BaseConfig{
|
||||
Enabled: false,
|
||||
RunAtStart: false,
|
||||
Schedule: "@every 24h",
|
||||
},
|
||||
// Only attempt to garbage collect lfs meta objects older than a week as the order of git lfs upload
|
||||
// and git object upload is not necessarily guaranteed. It's possible to imagine a situation whereby
|
||||
// an LFS object is uploaded but the git branch is not uploaded immediately, or there are some rapid
|
||||
// changes in new branches that might lead to lfs objects becoming temporarily unassociated with git
|
||||
// objects.
|
||||
//
|
||||
// It is likely that a week is potentially excessive but it should definitely be enough that any
|
||||
// unassociated LFS object is genuinely unassociated.
|
||||
OlderThan: 24 * time.Hour * 7,
|
||||
},
|
||||
// Only GC things that haven't been looked at in the past 3 days
|
||||
LastUpdatedMoreThanAgo: 24 * time.Hour * 3,
|
||||
NumberToCheckPerRepo: 100,
|
||||
ProportionToCheckPerRepo: 0.6,
|
||||
}, func(ctx context.Context, _ *user_model.User, config Config) error {
|
||||
gcLFSConfig := config.(*GCLFSConfig)
|
||||
return repo_service.GarbageCollectLFSMetaObjects(ctx, repo_service.GarbageCollectLFSMetaObjectsOptions{
|
||||
AutoFix: true,
|
||||
OlderThan: time.Now().Add(-gcLFSConfig.OlderThan),
|
||||
UpdatedLessRecentlyThan: time.Now().Add(-gcLFSConfig.LastUpdatedMoreThanAgo),
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
func initExtendedTasks() {
|
||||
registerDeleteInactiveUsers()
|
||||
registerDeleteRepositoryArchives()
|
||||
|
@ -188,4 +230,5 @@ func initExtendedTasks() {
|
|||
registerDeleteOldActions()
|
||||
registerUpdateGiteaChecker()
|
||||
registerDeleteOldSystemNotices()
|
||||
registerGCLFS()
|
||||
}
|
||||
|
|
|
@ -186,7 +186,7 @@ func (f *RepoSettingForm) Validate(req *http.Request, errs binding.Errors) bindi
|
|||
|
||||
// ProtectBranchForm form for changing protected branch settings
|
||||
type ProtectBranchForm struct {
|
||||
Protected bool
|
||||
RuleName string `binding:"Required"`
|
||||
EnablePush string
|
||||
WhitelistUsers string
|
||||
WhitelistTeams string
|
||||
|
|
|
@ -0,0 +1,375 @@
|
|||
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package incoming
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
net_mail "net/mail"
|
||||
"regexp"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/process"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/services/mailer/token"
|
||||
|
||||
"github.com/dimiro1/reply"
|
||||
"github.com/emersion/go-imap"
|
||||
"github.com/emersion/go-imap/client"
|
||||
"github.com/jhillyerd/enmime"
|
||||
)
|
||||
|
||||
var (
|
||||
addressTokenRegex *regexp.Regexp
|
||||
referenceTokenRegex *regexp.Regexp
|
||||
)
|
||||
|
||||
func Init(ctx context.Context) error {
|
||||
if !setting.IncomingEmail.Enabled {
|
||||
return nil
|
||||
}
|
||||
|
||||
var err error
|
||||
addressTokenRegex, err = regexp.Compile(
|
||||
fmt.Sprintf(
|
||||
`\A%s\z`,
|
||||
strings.Replace(regexp.QuoteMeta(setting.IncomingEmail.ReplyToAddress), regexp.QuoteMeta(setting.IncomingEmail.TokenPlaceholder), "(.+)", 1),
|
||||
),
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
referenceTokenRegex, err = regexp.Compile(fmt.Sprintf(`\Areply-(.+)@%s\z`, regexp.QuoteMeta(setting.Domain)))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
go func() {
|
||||
ctx, _, finished := process.GetManager().AddTypedContext(ctx, "Incoming Email", process.SystemProcessType, true)
|
||||
defer finished()
|
||||
|
||||
// This background job processes incoming emails. It uses the IMAP IDLE command to get notified about incoming emails.
|
||||
// The following loop restarts the processing logic after errors until ctx indicates to stop.
|
||||
|
||||
for {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return
|
||||
default:
|
||||
if err := processIncomingEmails(ctx); err != nil {
|
||||
log.Error("Error while processing incoming emails: %v", err)
|
||||
}
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return
|
||||
case <-time.NewTimer(10 * time.Second).C:
|
||||
}
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// processIncomingEmails is the "main" method with the wait/process loop
|
||||
func processIncomingEmails(ctx context.Context) error {
|
||||
server := fmt.Sprintf("%s:%d", setting.IncomingEmail.Host, setting.IncomingEmail.Port)
|
||||
|
||||
var c *client.Client
|
||||
var err error
|
||||
if setting.IncomingEmail.UseTLS {
|
||||
c, err = client.DialTLS(server, &tls.Config{InsecureSkipVerify: setting.IncomingEmail.SkipTLSVerify})
|
||||
} else {
|
||||
c, err = client.Dial(server)
|
||||
}
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not connect to server '%s': %w", server, err)
|
||||
}
|
||||
|
||||
if err := c.Login(setting.IncomingEmail.Username, setting.IncomingEmail.Password); err != nil {
|
||||
return fmt.Errorf("could not login: %w", err)
|
||||
}
|
||||
defer func() {
|
||||
if err := c.Logout(); err != nil {
|
||||
log.Error("Logout from incoming email server failed: %v", err)
|
||||
}
|
||||
}()
|
||||
|
||||
if _, err := c.Select(setting.IncomingEmail.Mailbox, false); err != nil {
|
||||
return fmt.Errorf("selecting box '%s' failed: %w", setting.IncomingEmail.Mailbox, err)
|
||||
}
|
||||
|
||||
// The following loop processes messages. If there are no messages available, IMAP IDLE is used to wait for new messages.
|
||||
// This process is repeated until an IMAP error occurs or ctx indicates to stop.
|
||||
|
||||
for {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return nil
|
||||
default:
|
||||
if err := processMessages(ctx, c); err != nil {
|
||||
return fmt.Errorf("could not process messages: %w", err)
|
||||
}
|
||||
if err := waitForUpdates(ctx, c); err != nil {
|
||||
return fmt.Errorf("wait for updates failed: %w", err)
|
||||
}
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return nil
|
||||
case <-time.NewTimer(time.Second).C:
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// waitForUpdates uses IMAP IDLE to wait for new emails
|
||||
func waitForUpdates(ctx context.Context, c *client.Client) error {
|
||||
updates := make(chan client.Update, 1)
|
||||
|
||||
c.Updates = updates
|
||||
defer func() {
|
||||
c.Updates = nil
|
||||
}()
|
||||
|
||||
errs := make(chan error, 1)
|
||||
stop := make(chan struct{})
|
||||
go func() {
|
||||
errs <- c.Idle(stop, nil)
|
||||
}()
|
||||
|
||||
stopped := false
|
||||
for {
|
||||
select {
|
||||
case update := <-updates:
|
||||
switch update.(type) {
|
||||
case *client.MailboxUpdate:
|
||||
if !stopped {
|
||||
close(stop)
|
||||
stopped = true
|
||||
}
|
||||
default:
|
||||
}
|
||||
case err := <-errs:
|
||||
if err != nil {
|
||||
return fmt.Errorf("imap idle failed: %w", err)
|
||||
}
|
||||
return nil
|
||||
case <-ctx.Done():
|
||||
return nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// processMessages searches unread mails and processes them.
|
||||
func processMessages(ctx context.Context, c *client.Client) error {
|
||||
criteria := imap.NewSearchCriteria()
|
||||
criteria.WithoutFlags = []string{imap.SeenFlag}
|
||||
criteria.Smaller = setting.IncomingEmail.MaximumMessageSize
|
||||
ids, err := c.Search(criteria)
|
||||
if err != nil {
|
||||
return fmt.Errorf("imap search failed: %w", err)
|
||||
}
|
||||
|
||||
if len(ids) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
seqset := new(imap.SeqSet)
|
||||
seqset.AddNum(ids...)
|
||||
messages := make(chan *imap.Message, 10)
|
||||
|
||||
section := &imap.BodySectionName{}
|
||||
|
||||
errs := make(chan error, 1)
|
||||
go func() {
|
||||
errs <- c.Fetch(
|
||||
seqset,
|
||||
[]imap.FetchItem{section.FetchItem()},
|
||||
messages,
|
||||
)
|
||||
}()
|
||||
|
||||
handledSet := new(imap.SeqSet)
|
||||
loop:
|
||||
for {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
break loop
|
||||
case msg, ok := <-messages:
|
||||
if !ok {
|
||||
if setting.IncomingEmail.DeleteHandledMessage && !handledSet.Empty() {
|
||||
if err := c.Store(
|
||||
handledSet,
|
||||
imap.FormatFlagsOp(imap.AddFlags, true),
|
||||
[]interface{}{imap.DeletedFlag},
|
||||
nil,
|
||||
); err != nil {
|
||||
return fmt.Errorf("imap store failed: %w", err)
|
||||
}
|
||||
|
||||
if err := c.Expunge(nil); err != nil {
|
||||
return fmt.Errorf("imap expunge failed: %w", err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
err := func() error {
|
||||
r := msg.GetBody(section)
|
||||
if r == nil {
|
||||
return fmt.Errorf("could not get body from message: %w", err)
|
||||
}
|
||||
|
||||
env, err := enmime.ReadEnvelope(r)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not read envelope: %w", err)
|
||||
}
|
||||
|
||||
if isAutomaticReply(env) {
|
||||
log.Debug("Skipping automatic email reply")
|
||||
return nil
|
||||
}
|
||||
|
||||
t := searchTokenInHeaders(env)
|
||||
if t == "" {
|
||||
log.Debug("Incoming email token not found in headers")
|
||||
return nil
|
||||
}
|
||||
|
||||
handlerType, user, payload, err := token.ExtractToken(ctx, t)
|
||||
if err != nil {
|
||||
if _, ok := err.(*token.ErrToken); ok {
|
||||
log.Info("Invalid incoming email token: %v", err)
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
handler, ok := handlers[handlerType]
|
||||
if !ok {
|
||||
return fmt.Errorf("unexpected handler type: %v", handlerType)
|
||||
}
|
||||
|
||||
content := getContentFromMailReader(env)
|
||||
|
||||
if err := handler.Handle(ctx, content, user, payload); err != nil {
|
||||
return fmt.Errorf("could not handle message: %w", err)
|
||||
}
|
||||
|
||||
handledSet.AddNum(msg.SeqNum)
|
||||
|
||||
return nil
|
||||
}()
|
||||
if err != nil {
|
||||
log.Error("Error while processing incoming email[%v]: %v", msg.Uid, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if err := <-errs; err != nil {
|
||||
return fmt.Errorf("imap fetch failed: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// isAutomaticReply tests if the headers indicate an automatic reply
|
||||
func isAutomaticReply(env *enmime.Envelope) bool {
|
||||
autoSubmitted := env.GetHeader("Auto-Submitted")
|
||||
if autoSubmitted != "" && autoSubmitted != "no" {
|
||||
return true
|
||||
}
|
||||
autoReply := env.GetHeader("X-Autoreply")
|
||||
if autoReply == "yes" {
|
||||
return true
|
||||
}
|
||||
autoRespond := env.GetHeader("X-Autorespond")
|
||||
return autoRespond != ""
|
||||
}
|
||||
|
||||
// searchTokenInHeaders looks for the token in To, Delivered-To and References
|
||||
func searchTokenInHeaders(env *enmime.Envelope) string {
|
||||
if addressTokenRegex != nil {
|
||||
to, _ := env.AddressList("To")
|
||||
|
||||
token := searchTokenInAddresses(to)
|
||||
if token != "" {
|
||||
return token
|
||||
}
|
||||
|
||||
deliveredTo, _ := env.AddressList("Delivered-To")
|
||||
|
||||
token = searchTokenInAddresses(deliveredTo)
|
||||
if token != "" {
|
||||
return token
|
||||
}
|
||||
}
|
||||
|
||||
references := env.GetHeader("References")
|
||||
for {
|
||||
begin := strings.IndexByte(references, '<')
|
||||
if begin == -1 {
|
||||
break
|
||||
}
|
||||
begin++
|
||||
|
||||
end := strings.IndexByte(references, '>')
|
||||
if end == -1 || begin > end {
|
||||
break
|
||||
}
|
||||
|
||||
match := referenceTokenRegex.FindStringSubmatch(references[begin:end])
|
||||
if len(match) == 2 {
|
||||
return match[1]
|
||||
}
|
||||
|
||||
references = references[end+1:]
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
// searchTokenInAddresses looks for the token in an address
|
||||
func searchTokenInAddresses(addresses []*net_mail.Address) string {
|
||||
for _, address := range addresses {
|
||||
match := addressTokenRegex.FindStringSubmatch(address.Address)
|
||||
if len(match) != 2 {
|
||||
continue
|
||||
}
|
||||
|
||||
return match[1]
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
type MailContent struct {
|
||||
Content string
|
||||
Attachments []*Attachment
|
||||
}
|
||||
|
||||
type Attachment struct {
|
||||
Name string
|
||||
Content []byte
|
||||
}
|
||||
|
||||
// getContentFromMailReader grabs the plain content and the attachments from the mail.
|
||||
// A potential reply/signature gets stripped from the content.
|
||||
func getContentFromMailReader(env *enmime.Envelope) *MailContent {
|
||||
attachments := make([]*Attachment, 0, len(env.Attachments))
|
||||
for _, attachment := range env.Attachments {
|
||||
attachments = append(attachments, &Attachment{
|
||||
Name: attachment.FileName,
|
||||
Content: attachment.Content,
|
||||
})
|
||||
}
|
||||
|
||||
return &MailContent{
|
||||
Content: reply.FromText(env.Text),
|
||||
Attachments: attachments,
|
||||
}
|
||||
}
|
|
@ -0,0 +1,171 @@
|
|||
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package incoming
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
issues_model "code.gitea.io/gitea/models/issues"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/upload"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
attachment_service "code.gitea.io/gitea/services/attachment"
|
||||
issue_service "code.gitea.io/gitea/services/issue"
|
||||
incoming_payload "code.gitea.io/gitea/services/mailer/incoming/payload"
|
||||
"code.gitea.io/gitea/services/mailer/token"
|
||||
pull_service "code.gitea.io/gitea/services/pull"
|
||||
)
|
||||
|
||||
type MailHandler interface {
|
||||
Handle(ctx context.Context, content *MailContent, doer *user_model.User, payload []byte) error
|
||||
}
|
||||
|
||||
var handlers = map[token.HandlerType]MailHandler{
|
||||
token.ReplyHandlerType: &ReplyHandler{},
|
||||
token.UnsubscribeHandlerType: &UnsubscribeHandler{},
|
||||
}
|
||||
|
||||
// ReplyHandler handles incoming emails to create a reply from them
|
||||
type ReplyHandler struct{}
|
||||
|
||||
func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *user_model.User, payload []byte) error {
|
||||
if doer == nil {
|
||||
return util.NewInvalidArgumentErrorf("doer can't be nil")
|
||||
}
|
||||
|
||||
ref, err := incoming_payload.GetReferenceFromPayload(ctx, payload)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var issue *issues_model.Issue
|
||||
|
||||
switch r := ref.(type) {
|
||||
case *issues_model.Issue:
|
||||
issue = r
|
||||
case *issues_model.Comment:
|
||||
comment := r
|
||||
|
||||
if err := comment.LoadIssue(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
issue = comment.Issue
|
||||
default:
|
||||
return util.NewInvalidArgumentErrorf("unsupported reply reference: %v", ref)
|
||||
}
|
||||
|
||||
if err := issue.LoadRepo(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !perm.CanWriteIssuesOrPulls(issue.IsPull) || issue.IsLocked && !doer.IsAdmin {
|
||||
log.Debug("can't write issue or pull")
|
||||
return nil
|
||||
}
|
||||
|
||||
switch r := ref.(type) {
|
||||
case *issues_model.Issue:
|
||||
attachmentIDs := make([]string, 0, len(content.Attachments))
|
||||
if setting.Attachment.Enabled {
|
||||
for _, attachment := range content.Attachments {
|
||||
a, err := attachment_service.UploadAttachment(bytes.NewReader(attachment.Content), setting.Attachment.AllowedTypes, &repo_model.Attachment{
|
||||
Name: attachment.Name,
|
||||
UploaderID: doer.ID,
|
||||
RepoID: issue.Repo.ID,
|
||||
})
|
||||
if err != nil {
|
||||
if upload.IsErrFileTypeForbidden(err) {
|
||||
log.Info("Skipping disallowed attachment type: %s", attachment.Name)
|
||||
continue
|
||||
}
|
||||
return err
|
||||
}
|
||||
attachmentIDs = append(attachmentIDs, a.UUID)
|
||||
}
|
||||
}
|
||||
|
||||
if content.Content == "" && len(attachmentIDs) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
_, err = issue_service.CreateIssueComment(ctx, doer, issue.Repo, issue, content.Content, attachmentIDs)
|
||||
if err != nil {
|
||||
return fmt.Errorf("CreateIssueComment failed: %w", err)
|
||||
}
|
||||
case *issues_model.Comment:
|
||||
comment := r
|
||||
|
||||
if content.Content == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
if comment.Type == issues_model.CommentTypeCode {
|
||||
_, err := pull_service.CreateCodeComment(
|
||||
ctx,
|
||||
doer,
|
||||
nil,
|
||||
issue,
|
||||
comment.Line,
|
||||
content.Content,
|
||||
comment.TreePath,
|
||||
false,
|
||||
comment.ReviewID,
|
||||
"",
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("CreateCodeComment failed: %w", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// UnsubscribeHandler handles unwatching issues/pulls
|
||||
type UnsubscribeHandler struct{}
|
||||
|
||||
func (h *UnsubscribeHandler) Handle(ctx context.Context, _ *MailContent, doer *user_model.User, payload []byte) error {
|
||||
if doer == nil {
|
||||
return util.NewInvalidArgumentErrorf("doer can't be nil")
|
||||
}
|
||||
|
||||
ref, err := incoming_payload.GetReferenceFromPayload(ctx, payload)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
switch r := ref.(type) {
|
||||
case *issues_model.Issue:
|
||||
issue := r
|
||||
|
||||
if err := issue.LoadRepo(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !perm.CanReadIssuesOrPulls(issue.IsPull) {
|
||||
log.Debug("can't read issue or pull")
|
||||
return nil
|
||||
}
|
||||
|
||||
return issues_model.CreateOrUpdateIssueWatch(doer.ID, issue.ID, false)
|
||||
}
|
||||
|
||||
return fmt.Errorf("unsupported unsubscribe reference: %v", ref)
|
||||
}
|
|
@ -0,0 +1,138 @@
|
|||
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package incoming
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/jhillyerd/enmime"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestIsAutomaticReply(t *testing.T) {
|
||||
cases := []struct {
|
||||
Headers map[string]string
|
||||
Expected bool
|
||||
}{
|
||||
{
|
||||
Headers: map[string]string{},
|
||||
Expected: false,
|
||||
},
|
||||
{
|
||||
Headers: map[string]string{
|
||||
"Auto-Submitted": "no",
|
||||
},
|
||||
Expected: false,
|
||||
},
|
||||
{
|
||||
Headers: map[string]string{
|
||||
"Auto-Submitted": "yes",
|
||||
},
|
||||
Expected: true,
|
||||
},
|
||||
{
|
||||
Headers: map[string]string{
|
||||
"X-Autoreply": "no",
|
||||
},
|
||||
Expected: false,
|
||||
},
|
||||
{
|
||||
Headers: map[string]string{
|
||||
"X-Autoreply": "yes",
|
||||
},
|
||||
Expected: true,
|
||||
},
|
||||
{
|
||||
Headers: map[string]string{
|
||||
"X-Autorespond": "yes",
|
||||
},
|
||||
Expected: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, c := range cases {
|
||||
b := enmime.Builder().
|
||||
From("Dummy", "dummy@gitea.io").
|
||||
To("Dummy", "dummy@gitea.io")
|
||||
for k, v := range c.Headers {
|
||||
b = b.Header(k, v)
|
||||
}
|
||||
root, err := b.Build()
|
||||
assert.NoError(t, err)
|
||||
env, err := enmime.EnvelopeFromPart(root)
|
||||
assert.NoError(t, err)
|
||||
|
||||
assert.Equal(t, c.Expected, isAutomaticReply(env))
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetContentFromMailReader(t *testing.T) {
|
||||
mailString := "Content-Type: multipart/mixed; boundary=message-boundary\r\n" +
|
||||
"\r\n" +
|
||||
"--message-boundary\r\n" +
|
||||
"Content-Type: multipart/alternative; boundary=text-boundary\r\n" +
|
||||
"\r\n" +
|
||||
"--text-boundary\r\n" +
|
||||
"Content-Type: text/plain\r\n" +
|
||||
"Content-Disposition: inline\r\n" +
|
||||
"\r\n" +
|
||||
"mail content\r\n" +
|
||||
"--text-boundary--\r\n" +
|
||||
"--message-boundary\r\n" +
|
||||
"Content-Type: text/plain\r\n" +
|
||||
"Content-Disposition: attachment; filename=attachment.txt\r\n" +
|
||||
"\r\n" +
|
||||
"attachment content\r\n" +
|
||||
"--message-boundary--\r\n"
|
||||
|
||||
env, err := enmime.ReadEnvelope(strings.NewReader(mailString))
|
||||
assert.NoError(t, err)
|
||||
content := getContentFromMailReader(env)
|
||||
assert.Equal(t, "mail content", content.Content)
|
||||
assert.Len(t, content.Attachments, 1)
|
||||
assert.Equal(t, "attachment.txt", content.Attachments[0].Name)
|
||||
assert.Equal(t, []byte("attachment content"), content.Attachments[0].Content)
|
||||
|
||||
mailString = "Content-Type: multipart/mixed; boundary=message-boundary\r\n" +
|
||||
"\r\n" +
|
||||
"--message-boundary\r\n" +
|
||||
"Content-Type: multipart/alternative; boundary=text-boundary\r\n" +
|
||||
"\r\n" +
|
||||
"--text-boundary\r\n" +
|
||||
"Content-Type: text/html\r\n" +
|
||||
"Content-Disposition: inline\r\n" +
|
||||
"\r\n" +
|
||||
"<p>mail content</p>\r\n" +
|
||||
"--text-boundary--\r\n" +
|
||||
"--message-boundary--\r\n"
|
||||
|
||||
env, err = enmime.ReadEnvelope(strings.NewReader(mailString))
|
||||
assert.NoError(t, err)
|
||||
content = getContentFromMailReader(env)
|
||||
assert.Equal(t, "mail content", content.Content)
|
||||
assert.Empty(t, content.Attachments)
|
||||
|
||||
mailString = "Content-Type: multipart/mixed; boundary=message-boundary\r\n" +
|
||||
"\r\n" +
|
||||
"--message-boundary\r\n" +
|
||||
"Content-Type: multipart/alternative; boundary=text-boundary\r\n" +
|
||||
"\r\n" +
|
||||
"--text-boundary\r\n" +
|
||||
"Content-Type: text/plain\r\n" +
|
||||
"Content-Disposition: inline\r\n" +
|
||||
"\r\n" +
|
||||
"mail content without signature\r\n" +
|
||||
"--\r\n" +
|
||||
"signature\r\n" +
|
||||
"--text-boundary--\r\n" +
|
||||
"--message-boundary--\r\n"
|
||||
|
||||
env, err = enmime.ReadEnvelope(strings.NewReader(mailString))
|
||||
assert.NoError(t, err)
|
||||
content = getContentFromMailReader(env)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, "mail content without signature", content.Content)
|
||||
assert.Empty(t, content.Attachments)
|
||||
}
|
|
@ -0,0 +1,70 @@
|
|||
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package payload
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
issues_model "code.gitea.io/gitea/models/issues"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
)
|
||||
|
||||
const replyPayloadVersion1 byte = 1
|
||||
|
||||
type payloadReferenceType byte
|
||||
|
||||
const (
|
||||
payloadReferenceIssue payloadReferenceType = iota
|
||||
payloadReferenceComment
|
||||
)
|
||||
|
||||
// CreateReferencePayload creates data which GetReferenceFromPayload resolves to the reference again.
|
||||
func CreateReferencePayload(reference interface{}) ([]byte, error) {
|
||||
var refType payloadReferenceType
|
||||
var refID int64
|
||||
|
||||
switch r := reference.(type) {
|
||||
case *issues_model.Issue:
|
||||
refType = payloadReferenceIssue
|
||||
refID = r.ID
|
||||
case *issues_model.Comment:
|
||||
refType = payloadReferenceComment
|
||||
refID = r.ID
|
||||
default:
|
||||
return nil, util.NewInvalidArgumentErrorf("unsupported reference type: %T", r)
|
||||
}
|
||||
|
||||
payload, err := util.PackData(refType, refID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return append([]byte{replyPayloadVersion1}, payload...), nil
|
||||
}
|
||||
|
||||
// GetReferenceFromPayload resolves the reference from the payload
|
||||
func GetReferenceFromPayload(ctx context.Context, payload []byte) (interface{}, error) {
|
||||
if len(payload) < 1 {
|
||||
return nil, util.NewInvalidArgumentErrorf("payload to small")
|
||||
}
|
||||
|
||||
if payload[0] != replyPayloadVersion1 {
|
||||
return nil, util.NewInvalidArgumentErrorf("unsupported payload version")
|
||||
}
|
||||
|
||||
var ref payloadReferenceType
|
||||
var id int64
|
||||
if err := util.UnpackData(payload[1:], &ref, &id); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
switch ref {
|
||||
case payloadReferenceIssue:
|
||||
return issues_model.GetIssueByID(ctx, id)
|
||||
case payloadReferenceComment:
|
||||
return issues_model.GetCommentByID(ctx, id)
|
||||
default:
|
||||
return nil, util.NewInvalidArgumentErrorf("unsupported reference type: %T", ref)
|
||||
}
|
||||
}
|
|
@ -29,6 +29,8 @@ import (
|
|||
"code.gitea.io/gitea/modules/templates"
|
||||
"code.gitea.io/gitea/modules/timeutil"
|
||||
"code.gitea.io/gitea/modules/translation"
|
||||
incoming_payload "code.gitea.io/gitea/services/mailer/incoming/payload"
|
||||
"code.gitea.io/gitea/services/mailer/token"
|
||||
|
||||
"gopkg.in/gomail.v2"
|
||||
)
|
||||
|
@ -272,6 +274,7 @@ func composeIssueCommentMessages(ctx *mailCommentContext, lang string, recipient
|
|||
"ActionName": actName,
|
||||
"ReviewComments": reviewComments,
|
||||
"Language": locale.Language(),
|
||||
"CanReply": setting.IncomingEmail.Enabled && commentType != issues_model.CommentTypePullRequestPush,
|
||||
// helper
|
||||
"locale": locale,
|
||||
"Str2html": templates.Str2html,
|
||||
|
@ -302,14 +305,57 @@ func composeIssueCommentMessages(ctx *mailCommentContext, lang string, recipient
|
|||
msgID := createReference(ctx.Issue, ctx.Comment, ctx.ActionType)
|
||||
reference := createReference(ctx.Issue, nil, activities_model.ActionType(0))
|
||||
|
||||
var replyPayload []byte
|
||||
if ctx.Comment != nil && ctx.Comment.Type == issues_model.CommentTypeCode {
|
||||
replyPayload, err = incoming_payload.CreateReferencePayload(ctx.Comment)
|
||||
} else {
|
||||
replyPayload, err = incoming_payload.CreateReferencePayload(ctx.Issue)
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
unsubscribePayload, err := incoming_payload.CreateReferencePayload(ctx.Issue)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
msgs := make([]*Message, 0, len(recipients))
|
||||
for _, recipient := range recipients {
|
||||
msg := NewMessageFrom([]string{recipient.Email}, ctx.Doer.DisplayName(), setting.MailService.FromEmail, subject, mailBody.String())
|
||||
msg.Info = fmt.Sprintf("Subject: %s, %s", subject, info)
|
||||
|
||||
msg.SetHeader("Message-ID", "<"+msgID+">")
|
||||
msg.SetHeader("In-Reply-To", "<"+reference+">")
|
||||
msg.SetHeader("References", "<"+reference+">")
|
||||
msg.SetHeader("Message-ID", msgID)
|
||||
msg.SetHeader("In-Reply-To", reference)
|
||||
|
||||
references := []string{reference}
|
||||
listUnsubscribe := []string{"<" + ctx.Issue.HTMLURL() + ">"}
|
||||
|
||||
if setting.IncomingEmail.Enabled {
|
||||
if ctx.Comment != nil {
|
||||
token, err := token.CreateToken(token.ReplyHandlerType, recipient, replyPayload)
|
||||
if err != nil {
|
||||
log.Error("CreateToken failed: %v", err)
|
||||
} else {
|
||||
replyAddress := strings.Replace(setting.IncomingEmail.ReplyToAddress, setting.IncomingEmail.TokenPlaceholder, token, 1)
|
||||
msg.ReplyTo = replyAddress
|
||||
msg.SetHeader("List-Post", fmt.Sprintf("<mailto:%s>", replyAddress))
|
||||
|
||||
references = append(references, fmt.Sprintf("<reply-%s@%s>", token, setting.Domain))
|
||||
}
|
||||
}
|
||||
|
||||
token, err := token.CreateToken(token.UnsubscribeHandlerType, recipient, unsubscribePayload)
|
||||
if err != nil {
|
||||
log.Error("CreateToken failed: %v", err)
|
||||
} else {
|
||||
unsubAddress := strings.Replace(setting.IncomingEmail.ReplyToAddress, setting.IncomingEmail.TokenPlaceholder, token, 1)
|
||||
listUnsubscribe = append(listUnsubscribe, "<mailto:"+unsubAddress+">")
|
||||
}
|
||||
}
|
||||
|
||||
msg.SetHeader("References", references...)
|
||||
msg.SetHeader("List-Unsubscribe", listUnsubscribe...)
|
||||
|
||||
for key, value := range generateAdditionalHeaders(ctx, actType, recipient) {
|
||||
msg.SetHeader(key, value)
|
||||
|
@ -345,7 +391,7 @@ func createReference(issue *issues_model.Issue, comment *issues_model.Comment, a
|
|||
}
|
||||
}
|
||||
|
||||
return fmt.Sprintf("%s/%s/%d%s@%s", issue.Repo.FullName(), path, issue.Index, extra, setting.Domain)
|
||||
return fmt.Sprintf("<%s/%s/%d%s@%s>", issue.Repo.FullName(), path, issue.Index, extra, setting.Domain)
|
||||
}
|
||||
|
||||
func generateAdditionalHeaders(ctx *mailCommentContext, reason string, recipient *user_model.User) map[string]string {
|
||||
|
@ -357,8 +403,6 @@ func generateAdditionalHeaders(ctx *mailCommentContext, reason string, recipient
|
|||
|
||||
// https://datatracker.ietf.org/doc/html/rfc2369
|
||||
"List-Archive": fmt.Sprintf("<%s>", repo.HTMLURL()),
|
||||
//"List-Post": https://github.com/go-gitea/gitea/pull/13585
|
||||
"List-Unsubscribe": ctx.Issue.HTMLURL(),
|
||||
|
||||
"X-Mailer": "Gitea",
|
||||
"X-Gitea-Reason": reason,
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"context"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"regexp"
|
||||
"strings"
|
||||
"testing"
|
||||
texttmpl "text/template"
|
||||
|
@ -66,6 +67,9 @@ func prepareMailerTest(t *testing.T) (doer *user_model.User, repo *repo_model.Re
|
|||
func TestComposeIssueCommentMessage(t *testing.T) {
|
||||
doer, _, issue, comment := prepareMailerTest(t)
|
||||
|
||||
setting.IncomingEmail.Enabled = true
|
||||
defer func() { setting.IncomingEmail.Enabled = false }()
|
||||
|
||||
subjectTemplates = texttmpl.Must(texttmpl.New("issue/comment").Parse(subjectTpl))
|
||||
bodyTemplates = template.Must(template.New("issue/comment").Parse(bodyTpl))
|
||||
|
||||
|
@ -78,18 +82,20 @@ func TestComposeIssueCommentMessage(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
assert.Len(t, msgs, 2)
|
||||
gomailMsg := msgs[0].ToMessage()
|
||||
mailto := gomailMsg.GetHeader("To")
|
||||
subject := gomailMsg.GetHeader("Subject")
|
||||
messageID := gomailMsg.GetHeader("Message-ID")
|
||||
inReplyTo := gomailMsg.GetHeader("In-Reply-To")
|
||||
references := gomailMsg.GetHeader("References")
|
||||
replyTo := gomailMsg.GetHeader("Reply-To")[0]
|
||||
subject := gomailMsg.GetHeader("Subject")[0]
|
||||
|
||||
assert.Len(t, mailto, 1, "exactly one recipient is expected in the To field")
|
||||
assert.Equal(t, "Re: ", subject[0][:4], "Comment reply subject should contain Re:")
|
||||
assert.Equal(t, "Re: [user2/repo1] @user2 #1 - issue1", subject[0])
|
||||
assert.Equal(t, "<user2/repo1/issues/1@localhost>", inReplyTo[0], "In-Reply-To header doesn't match")
|
||||
assert.Equal(t, "<user2/repo1/issues/1@localhost>", references[0], "References header doesn't match")
|
||||
assert.Equal(t, "<user2/repo1/issues/1/comment/2@localhost>", messageID[0], "Message-ID header doesn't match")
|
||||
assert.Len(t, gomailMsg.GetHeader("To"), 1, "exactly one recipient is expected in the To field")
|
||||
tokenRegex := regexp.MustCompile(`\Aincoming\+(.+)@localhost\z`)
|
||||
assert.Regexp(t, tokenRegex, replyTo)
|
||||
token := tokenRegex.FindAllStringSubmatch(replyTo, 1)[0][1]
|
||||
assert.Equal(t, "Re: ", subject[:4], "Comment reply subject should contain Re:")
|
||||
assert.Equal(t, "Re: [user2/repo1] @user2 #1 - issue1", subject)
|
||||
assert.Equal(t, "<user2/repo1/issues/1@localhost>", gomailMsg.GetHeader("In-Reply-To")[0], "In-Reply-To header doesn't match")
|
||||
assert.ElementsMatch(t, []string{"<user2/repo1/issues/1@localhost>", "<reply-" + token + "@localhost>"}, gomailMsg.GetHeader("References"), "References header doesn't match")
|
||||
assert.Equal(t, "<user2/repo1/issues/1/comment/2@localhost>", gomailMsg.GetHeader("Message-ID")[0], "Message-ID header doesn't match")
|
||||
assert.Equal(t, "<mailto:"+replyTo+">", gomailMsg.GetHeader("List-Post")[0])
|
||||
assert.Len(t, gomailMsg.GetHeader("List-Unsubscribe"), 2) // url + mailto
|
||||
}
|
||||
|
||||
func TestComposeIssueMessage(t *testing.T) {
|
||||
|
@ -119,6 +125,8 @@ func TestComposeIssueMessage(t *testing.T) {
|
|||
assert.Equal(t, "<user2/repo1/issues/1@localhost>", inReplyTo[0], "In-Reply-To header doesn't match")
|
||||
assert.Equal(t, "<user2/repo1/issues/1@localhost>", references[0], "References header doesn't match")
|
||||
assert.Equal(t, "<user2/repo1/issues/1@localhost>", messageID[0], "Message-ID header doesn't match")
|
||||
assert.Empty(t, gomailMsg.GetHeader("List-Post")) // incoming mail feature disabled
|
||||
assert.Len(t, gomailMsg.GetHeader("List-Unsubscribe"), 1) // url without mailto
|
||||
}
|
||||
|
||||
func TestTemplateSelection(t *testing.T) {
|
||||
|
@ -238,7 +246,6 @@ func TestGenerateAdditionalHeaders(t *testing.T) {
|
|||
expected := map[string]string{
|
||||
"List-ID": "user2/repo1 <repo1.user2.localhost>",
|
||||
"List-Archive": "<https://try.gitea.io/user2/repo1>",
|
||||
"List-Unsubscribe": "https://try.gitea.io/user2/repo1/issues/1",
|
||||
"X-Gitea-Reason": "dummy-reason",
|
||||
"X-Gitea-Sender": "< U<se>r Tw<o > ><",
|
||||
"X-Gitea-Recipient": "Test",
|
||||
|
@ -271,7 +278,6 @@ func Test_createReference(t *testing.T) {
|
|||
name string
|
||||
args args
|
||||
prefix string
|
||||
suffix string
|
||||
}{
|
||||
{
|
||||
name: "Open Issue",
|
||||
|
@ -279,7 +285,7 @@ func Test_createReference(t *testing.T) {
|
|||
issue: issue,
|
||||
actionType: activities_model.ActionCreateIssue,
|
||||
},
|
||||
prefix: fmt.Sprintf("%s/issues/%d@%s", issue.Repo.FullName(), issue.Index, setting.Domain),
|
||||
prefix: fmt.Sprintf("<%s/issues/%d@%s>", issue.Repo.FullName(), issue.Index, setting.Domain),
|
||||
},
|
||||
{
|
||||
name: "Open Pull",
|
||||
|
@ -287,7 +293,7 @@ func Test_createReference(t *testing.T) {
|
|||
issue: pullIssue,
|
||||
actionType: activities_model.ActionCreatePullRequest,
|
||||
},
|
||||
prefix: fmt.Sprintf("%s/pulls/%d@%s", issue.Repo.FullName(), issue.Index, setting.Domain),
|
||||
prefix: fmt.Sprintf("<%s/pulls/%d@%s>", issue.Repo.FullName(), issue.Index, setting.Domain),
|
||||
},
|
||||
{
|
||||
name: "Comment Issue",
|
||||
|
@ -296,7 +302,7 @@ func Test_createReference(t *testing.T) {
|
|||
comment: comment,
|
||||
actionType: activities_model.ActionCommentIssue,
|
||||
},
|
||||
prefix: fmt.Sprintf("%s/issues/%d/comment/%d@%s", issue.Repo.FullName(), issue.Index, comment.ID, setting.Domain),
|
||||
prefix: fmt.Sprintf("<%s/issues/%d/comment/%d@%s>", issue.Repo.FullName(), issue.Index, comment.ID, setting.Domain),
|
||||
},
|
||||
{
|
||||
name: "Comment Pull",
|
||||
|
@ -305,7 +311,7 @@ func Test_createReference(t *testing.T) {
|
|||
comment: comment,
|
||||
actionType: activities_model.ActionCommentPull,
|
||||
},
|
||||
prefix: fmt.Sprintf("%s/pulls/%d/comment/%d@%s", issue.Repo.FullName(), issue.Index, comment.ID, setting.Domain),
|
||||
prefix: fmt.Sprintf("<%s/pulls/%d/comment/%d@%s>", issue.Repo.FullName(), issue.Index, comment.ID, setting.Domain),
|
||||
},
|
||||
{
|
||||
name: "Close Issue",
|
||||
|
@ -313,7 +319,7 @@ func Test_createReference(t *testing.T) {
|
|||
issue: issue,
|
||||
actionType: activities_model.ActionCloseIssue,
|
||||
},
|
||||
prefix: fmt.Sprintf("%s/issues/%d/close/", issue.Repo.FullName(), issue.Index),
|
||||
prefix: fmt.Sprintf("<%s/issues/%d/close/", issue.Repo.FullName(), issue.Index),
|
||||
},
|
||||
{
|
||||
name: "Close Pull",
|
||||
|
@ -321,7 +327,7 @@ func Test_createReference(t *testing.T) {
|
|||
issue: pullIssue,
|
||||
actionType: activities_model.ActionClosePullRequest,
|
||||
},
|
||||
prefix: fmt.Sprintf("%s/pulls/%d/close/", issue.Repo.FullName(), issue.Index),
|
||||
prefix: fmt.Sprintf("<%s/pulls/%d/close/", issue.Repo.FullName(), issue.Index),
|
||||
},
|
||||
{
|
||||
name: "Reopen Issue",
|
||||
|
@ -329,7 +335,7 @@ func Test_createReference(t *testing.T) {
|
|||
issue: issue,
|
||||
actionType: activities_model.ActionReopenIssue,
|
||||
},
|
||||
prefix: fmt.Sprintf("%s/issues/%d/reopen/", issue.Repo.FullName(), issue.Index),
|
||||
prefix: fmt.Sprintf("<%s/issues/%d/reopen/", issue.Repo.FullName(), issue.Index),
|
||||
},
|
||||
{
|
||||
name: "Reopen Pull",
|
||||
|
@ -337,7 +343,7 @@ func Test_createReference(t *testing.T) {
|
|||
issue: pullIssue,
|
||||
actionType: activities_model.ActionReopenPullRequest,
|
||||
},
|
||||
prefix: fmt.Sprintf("%s/pulls/%d/reopen/", issue.Repo.FullName(), issue.Index),
|
||||
prefix: fmt.Sprintf("<%s/pulls/%d/reopen/", issue.Repo.FullName(), issue.Index),
|
||||
},
|
||||
{
|
||||
name: "Merge Pull",
|
||||
|
@ -345,7 +351,7 @@ func Test_createReference(t *testing.T) {
|
|||
issue: pullIssue,
|
||||
actionType: activities_model.ActionMergePullRequest,
|
||||
},
|
||||
prefix: fmt.Sprintf("%s/pulls/%d/merge/", issue.Repo.FullName(), issue.Index),
|
||||
prefix: fmt.Sprintf("<%s/pulls/%d/merge/", issue.Repo.FullName(), issue.Index),
|
||||
},
|
||||
{
|
||||
name: "Ready Pull",
|
||||
|
@ -353,7 +359,7 @@ func Test_createReference(t *testing.T) {
|
|||
issue: pullIssue,
|
||||
actionType: activities_model.ActionPullRequestReadyForReview,
|
||||
},
|
||||
prefix: fmt.Sprintf("%s/pulls/%d/ready/", issue.Repo.FullName(), issue.Index),
|
||||
prefix: fmt.Sprintf("<%s/pulls/%d/ready/", issue.Repo.FullName(), issue.Index),
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
|
@ -362,9 +368,6 @@ func Test_createReference(t *testing.T) {
|
|||
if !strings.HasPrefix(got, tt.prefix) {
|
||||
t.Errorf("createReference() = %v, want %v", got, tt.prefix)
|
||||
}
|
||||
if !strings.HasSuffix(got, tt.suffix) {
|
||||
t.Errorf("createReference() = %v, want %v", got, tt.prefix)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,6 +36,7 @@ type Message struct {
|
|||
FromAddress string
|
||||
FromDisplayName string
|
||||
To []string
|
||||
ReplyTo string
|
||||
Subject string
|
||||
Date time.Time
|
||||
Body string
|
||||
|
@ -47,6 +48,9 @@ func (m *Message) ToMessage() *gomail.Message {
|
|||
msg := gomail.NewMessage()
|
||||
msg.SetAddressHeader("From", m.FromAddress, m.FromDisplayName)
|
||||
msg.SetHeader("To", m.To...)
|
||||
if m.ReplyTo != "" {
|
||||
msg.SetHeader("Reply-To", m.ReplyTo)
|
||||
}
|
||||
for header := range m.Headers {
|
||||
msg.SetHeader(header, m.Headers[header]...)
|
||||
}
|
||||
|
|
|
@ -0,0 +1,128 @@
|
|||
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package token
|
||||
|
||||
import (
|
||||
"context"
|
||||
crypto_hmac "crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"encoding/base32"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
)
|
||||
|
||||
// A token is a verifiable container describing an action.
|
||||
//
|
||||
// A token has a dynamic length depending on the contained data and has the following structure:
|
||||
// | Token Version | User ID | HMAC | Payload |
|
||||
//
|
||||
// The payload is verifiable by the generated HMAC using the user secret. It contains:
|
||||
// | Timestamp | Action/Handler Type | Action/Handler Data |
|
||||
|
||||
const (
|
||||
tokenVersion1 byte = 1
|
||||
tokenLifetimeInYears int = 1
|
||||
)
|
||||
|
||||
type HandlerType byte
|
||||
|
||||
const (
|
||||
UnknownHandlerType HandlerType = iota
|
||||
ReplyHandlerType
|
||||
UnsubscribeHandlerType
|
||||
)
|
||||
|
||||
var encodingWithoutPadding = base32.StdEncoding.WithPadding(base32.NoPadding)
|
||||
|
||||
type ErrToken struct {
|
||||
context string
|
||||
}
|
||||
|
||||
func (err *ErrToken) Error() string {
|
||||
return "invalid email token: " + err.context
|
||||
}
|
||||
|
||||
func (err *ErrToken) Unwrap() error {
|
||||
return util.ErrInvalidArgument
|
||||
}
|
||||
|
||||
// CreateToken creates a token for the action/user tuple
|
||||
func CreateToken(ht HandlerType, user *user_model.User, data []byte) (string, error) {
|
||||
payload, err := util.PackData(
|
||||
time.Now().AddDate(tokenLifetimeInYears, 0, 0).Unix(),
|
||||
ht,
|
||||
data,
|
||||
)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
packagedData, err := util.PackData(
|
||||
user.ID,
|
||||
generateHmac([]byte(user.Rands), payload),
|
||||
payload,
|
||||
)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return encodingWithoutPadding.EncodeToString(append([]byte{tokenVersion1}, packagedData...)), nil
|
||||
}
|
||||
|
||||
// ExtractToken extracts the action/user tuple from the token and verifies the content
|
||||
func ExtractToken(ctx context.Context, token string) (HandlerType, *user_model.User, []byte, error) {
|
||||
data, err := encodingWithoutPadding.DecodeString(token)
|
||||
if err != nil {
|
||||
return UnknownHandlerType, nil, nil, err
|
||||
}
|
||||
|
||||
if len(data) < 1 {
|
||||
return UnknownHandlerType, nil, nil, &ErrToken{"no data"}
|
||||
}
|
||||
|
||||
if data[0] != tokenVersion1 {
|
||||
return UnknownHandlerType, nil, nil, &ErrToken{fmt.Sprintf("unsupported token version: %v", data[0])}
|
||||
}
|
||||
|
||||
var userID int64
|
||||
var hmac []byte
|
||||
var payload []byte
|
||||
if err := util.UnpackData(data[1:], &userID, &hmac, &payload); err != nil {
|
||||
return UnknownHandlerType, nil, nil, err
|
||||
}
|
||||
|
||||
user, err := user_model.GetUserByID(ctx, userID)
|
||||
if err != nil {
|
||||
return UnknownHandlerType, nil, nil, err
|
||||
}
|
||||
|
||||
if !crypto_hmac.Equal(hmac, generateHmac([]byte(user.Rands), payload)) {
|
||||
return UnknownHandlerType, nil, nil, &ErrToken{"verification failed"}
|
||||
}
|
||||
|
||||
var expiresUnix int64
|
||||
var handlerType HandlerType
|
||||
var innerPayload []byte
|
||||
if err := util.UnpackData(payload, &expiresUnix, &handlerType, &innerPayload); err != nil {
|
||||
return UnknownHandlerType, nil, nil, err
|
||||
}
|
||||
|
||||
if time.Unix(expiresUnix, 0).Before(time.Now()) {
|
||||
return UnknownHandlerType, nil, nil, &ErrToken{"token expired"}
|
||||
}
|
||||
|
||||
return handlerType, user, innerPayload, nil
|
||||
}
|
||||
|
||||
// generateHmac creates a trunkated HMAC for the given payload
|
||||
func generateHmac(secret, payload []byte) []byte {
|
||||
mac := crypto_hmac.New(sha256.New, secret)
|
||||
mac.Write(payload)
|
||||
hmac := mac.Sum(nil)
|
||||
|
||||
return hmac[:10] // RFC2104 recommends not using less then 80 bits
|
||||
}
|
|
@ -352,8 +352,10 @@ func (g *GitlabDownloader) GetReleases() ([]*base.Release, error) {
|
|||
releases := make([]*base.Release, 0, perPage)
|
||||
for i := 1; ; i++ {
|
||||
ls, _, err := g.client.Releases.ListReleases(g.repoID, &gitlab.ListReleasesOptions{
|
||||
Page: i,
|
||||
PerPage: perPage,
|
||||
ListOptions: gitlab.ListOptions{
|
||||
Page: i,
|
||||
PerPage: perPage,
|
||||
},
|
||||
}, nil, gitlab.WithContext(g.ctx))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
|
@ -14,6 +14,7 @@ import (
|
|||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
git_model "code.gitea.io/gitea/models/git"
|
||||
issues_model "code.gitea.io/gitea/models/issues"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
|
@ -126,11 +127,12 @@ func CheckPullMergable(stdCtx context.Context, doer *user_model.User, perm *acce
|
|||
|
||||
// isSignedIfRequired check if merge will be signed if required
|
||||
func isSignedIfRequired(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.User) (bool, error) {
|
||||
if err := pr.LoadProtectedBranch(ctx); err != nil {
|
||||
pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pr.BaseRepoID, pr.BaseBranch)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
if pr.ProtectedBranch == nil || !pr.ProtectedBranch.RequireSignedCommits {
|
||||
if pb == nil || !pb.RequireSignedCommits {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
|
@ -348,8 +350,8 @@ func testPR(id int64) {
|
|||
checkAndUpdateStatus(ctx, pr)
|
||||
}
|
||||
|
||||
// CheckPrsForBaseBranch check all pulls with bseBrannch
|
||||
func CheckPrsForBaseBranch(baseRepo *repo_model.Repository, baseBranchName string) error {
|
||||
// CheckPRsForBaseBranch check all pulls with baseBrannch
|
||||
func CheckPRsForBaseBranch(baseRepo *repo_model.Repository, baseBranchName string) error {
|
||||
prs, err := issues_model.GetUnmergedPullRequestsByBaseInfo(baseRepo.ID, baseBranchName)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
@ -83,10 +83,11 @@ func IsCommitStatusContextSuccess(commitStatuses []*git_model.CommitStatus, requ
|
|||
|
||||
// IsPullCommitStatusPass returns if all required status checks PASS
|
||||
func IsPullCommitStatusPass(ctx context.Context, pr *issues_model.PullRequest) (bool, error) {
|
||||
if err := pr.LoadProtectedBranch(ctx); err != nil {
|
||||
pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pr.BaseRepoID, pr.BaseBranch)
|
||||
if err != nil {
|
||||
return false, errors.Wrap(err, "GetLatestCommitStatus")
|
||||
}
|
||||
if pr.ProtectedBranch == nil || !pr.ProtectedBranch.EnableStatusCheck {
|
||||
if pb == nil || !pb.EnableStatusCheck {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
|
@ -137,12 +138,13 @@ func GetPullRequestCommitStatusState(ctx context.Context, pr *issues_model.PullR
|
|||
return "", errors.Wrap(err, "GetLatestCommitStatus")
|
||||
}
|
||||
|
||||
if err := pr.LoadProtectedBranch(ctx); err != nil {
|
||||
pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pr.BaseRepoID, pr.BaseBranch)
|
||||
if err != nil {
|
||||
return "", errors.Wrap(err, "LoadProtectedBranch")
|
||||
}
|
||||
var requiredContexts []string
|
||||
if pr.ProtectedBranch != nil {
|
||||
requiredContexts = pr.ProtectedBranch.StatusCheckContexts
|
||||
if pb != nil {
|
||||
requiredContexts = pb.StatusCheckContexts
|
||||
}
|
||||
|
||||
return MergeRequiredContextsCommitStatus(commitStatuses, requiredContexts), nil
|
||||
|
|
|
@ -760,12 +760,12 @@ func IsUserAllowedToMerge(ctx context.Context, pr *issues_model.PullRequest, p a
|
|||
return false, nil
|
||||
}
|
||||
|
||||
err := pr.LoadProtectedBranch(ctx)
|
||||
pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pr.BaseRepoID, pr.BaseBranch)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
if (p.CanWrite(unit.TypeCode) && pr.ProtectedBranch == nil) || (pr.ProtectedBranch != nil && git_model.IsUserMergeWhitelisted(ctx, pr.ProtectedBranch, user.ID, p)) {
|
||||
if (p.CanWrite(unit.TypeCode) && pb == nil) || (pb != nil && git_model.IsUserMergeWhitelisted(ctx, pb, user.ID, p)) {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
|
@ -778,10 +778,11 @@ func CheckPullBranchProtections(ctx context.Context, pr *issues_model.PullReques
|
|||
return fmt.Errorf("LoadBaseRepo: %w", err)
|
||||
}
|
||||
|
||||
if err = pr.LoadProtectedBranch(ctx); err != nil {
|
||||
return fmt.Errorf("LoadProtectedBranch: %w", err)
|
||||
pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pr.BaseRepoID, pr.BaseBranch)
|
||||
if err != nil {
|
||||
return fmt.Errorf("LoadProtectedBranch: %v", err)
|
||||
}
|
||||
if pr.ProtectedBranch == nil {
|
||||
if pb == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -795,23 +796,23 @@ func CheckPullBranchProtections(ctx context.Context, pr *issues_model.PullReques
|
|||
}
|
||||
}
|
||||
|
||||
if !issues_model.HasEnoughApprovals(ctx, pr.ProtectedBranch, pr) {
|
||||
if !issues_model.HasEnoughApprovals(ctx, pb, pr) {
|
||||
return models.ErrDisallowedToMerge{
|
||||
Reason: "Does not have enough approvals",
|
||||
}
|
||||
}
|
||||
if issues_model.MergeBlockedByRejectedReview(ctx, pr.ProtectedBranch, pr) {
|
||||
if issues_model.MergeBlockedByRejectedReview(ctx, pb, pr) {
|
||||
return models.ErrDisallowedToMerge{
|
||||
Reason: "There are requested changes",
|
||||
}
|
||||
}
|
||||
if issues_model.MergeBlockedByOfficialReviewRequests(ctx, pr.ProtectedBranch, pr) {
|
||||
if issues_model.MergeBlockedByOfficialReviewRequests(ctx, pb, pr) {
|
||||
return models.ErrDisallowedToMerge{
|
||||
Reason: "There are official review requests",
|
||||
}
|
||||
}
|
||||
|
||||
if issues_model.MergeBlockedByOutdatedBranch(pr.ProtectedBranch, pr) {
|
||||
if issues_model.MergeBlockedByOutdatedBranch(pb, pr) {
|
||||
return models.ErrDisallowedToMerge{
|
||||
Reason: "The head branch is behind the base branch",
|
||||
}
|
||||
|
@ -821,7 +822,7 @@ func CheckPullBranchProtections(ctx context.Context, pr *issues_model.PullReques
|
|||
return nil
|
||||
}
|
||||
|
||||
if pr.ProtectedBranch.MergeBlockedByProtectedFiles(pr.ChangedProtectedFiles) {
|
||||
if pb.MergeBlockedByProtectedFiles(pr.ChangedProtectedFiles) {
|
||||
return models.ErrDisallowedToMerge{
|
||||
Reason: "Changed protected files",
|
||||
}
|
||||
|
@ -836,6 +837,9 @@ func MergedManually(pr *issues_model.PullRequest, doer *user_model.User, baseGit
|
|||
defer pullWorkingPool.CheckOut(fmt.Sprint(pr.ID))
|
||||
|
||||
if err := db.WithTx(db.DefaultContext, func(ctx context.Context) error {
|
||||
if err := pr.LoadBaseRepo(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
prUnit, err := pr.BaseRepo.GetUnit(ctx, unit.TypePullRequests)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue