1f01f53c53
* paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
235 lines
6.1 KiB
Go
235 lines
6.1 KiB
Go
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package models
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"code.gitea.io/gitea/modules/git"
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/modules/process"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
)
|
|
|
|
type signingMode string
|
|
|
|
const (
|
|
never signingMode = "never"
|
|
always signingMode = "always"
|
|
pubkey signingMode = "pubkey"
|
|
twofa signingMode = "twofa"
|
|
parentSigned signingMode = "parentsigned"
|
|
baseSigned signingMode = "basesigned"
|
|
headSigned signingMode = "headsigned"
|
|
commitsSigned signingMode = "commitssigned"
|
|
approved signingMode = "approved"
|
|
noKey signingMode = "nokey"
|
|
)
|
|
|
|
func signingModeFromStrings(modeStrings []string) []signingMode {
|
|
returnable := make([]signingMode, 0, len(modeStrings))
|
|
for _, mode := range modeStrings {
|
|
signMode := signingMode(strings.ToLower(mode))
|
|
switch signMode {
|
|
case never:
|
|
return []signingMode{never}
|
|
case always:
|
|
return []signingMode{always}
|
|
case pubkey:
|
|
fallthrough
|
|
case twofa:
|
|
fallthrough
|
|
case parentSigned:
|
|
fallthrough
|
|
case baseSigned:
|
|
fallthrough
|
|
case headSigned:
|
|
fallthrough
|
|
case approved:
|
|
fallthrough
|
|
case commitsSigned:
|
|
returnable = append(returnable, signMode)
|
|
}
|
|
}
|
|
if len(returnable) == 0 {
|
|
return []signingMode{never}
|
|
}
|
|
return returnable
|
|
}
|
|
|
|
func signingKey(repoPath string) string {
|
|
if setting.Repository.Signing.SigningKey == "none" {
|
|
return ""
|
|
}
|
|
|
|
if setting.Repository.Signing.SigningKey == "default" || setting.Repository.Signing.SigningKey == "" {
|
|
// Can ignore the error here as it means that commit.gpgsign is not set
|
|
value, _ := git.NewCommand("config", "--get", "commit.gpgsign").RunInDir(repoPath)
|
|
sign, valid := git.ParseBool(strings.TrimSpace(value))
|
|
if !sign || !valid {
|
|
return ""
|
|
}
|
|
|
|
signingKey, _ := git.NewCommand("config", "--get", "user.signingkey").RunInDir(repoPath)
|
|
return strings.TrimSpace(signingKey)
|
|
}
|
|
|
|
return setting.Repository.Signing.SigningKey
|
|
}
|
|
|
|
// PublicSigningKey gets the public signing key within a provided repository directory
|
|
func PublicSigningKey(repoPath string) (string, error) {
|
|
signingKey := signingKey(repoPath)
|
|
if signingKey == "" {
|
|
return "", nil
|
|
}
|
|
|
|
content, stderr, err := process.GetManager().ExecDir(-1, repoPath,
|
|
"gpg --export -a", "gpg", "--export", "-a", signingKey)
|
|
if err != nil {
|
|
log.Error("Unable to get default signing key in %s: %s, %s, %v", repoPath, signingKey, stderr, err)
|
|
return "", err
|
|
}
|
|
return content, nil
|
|
}
|
|
|
|
// SignInitialCommit determines if we should sign the initial commit to this repository
|
|
func SignInitialCommit(repoPath string, u *User) (bool, string, error) {
|
|
rules := signingModeFromStrings(setting.Repository.Signing.InitialCommit)
|
|
signingKey := signingKey(repoPath)
|
|
if signingKey == "" {
|
|
return false, "", &ErrWontSign{noKey}
|
|
}
|
|
|
|
for _, rule := range rules {
|
|
switch rule {
|
|
case never:
|
|
return false, "", &ErrWontSign{never}
|
|
case always:
|
|
break
|
|
case pubkey:
|
|
keys, err := ListGPGKeys(u.ID, ListOptions{})
|
|
if err != nil {
|
|
return false, "", err
|
|
}
|
|
if len(keys) == 0 {
|
|
return false, "", &ErrWontSign{pubkey}
|
|
}
|
|
case twofa:
|
|
twofaModel, err := GetTwoFactorByUID(u.ID)
|
|
if err != nil {
|
|
return false, "", err
|
|
}
|
|
if twofaModel == nil {
|
|
return false, "", &ErrWontSign{twofa}
|
|
}
|
|
}
|
|
}
|
|
return true, signingKey, nil
|
|
}
|
|
|
|
// SignWikiCommit determines if we should sign the commits to this repository wiki
|
|
func (repo *Repository) SignWikiCommit(u *User) (bool, string, error) {
|
|
rules := signingModeFromStrings(setting.Repository.Signing.Wiki)
|
|
signingKey := signingKey(repo.WikiPath())
|
|
if signingKey == "" {
|
|
return false, "", &ErrWontSign{noKey}
|
|
}
|
|
|
|
for _, rule := range rules {
|
|
switch rule {
|
|
case never:
|
|
return false, "", &ErrWontSign{never}
|
|
case always:
|
|
break
|
|
case pubkey:
|
|
keys, err := ListGPGKeys(u.ID, ListOptions{})
|
|
if err != nil {
|
|
return false, "", err
|
|
}
|
|
if len(keys) == 0 {
|
|
return false, "", &ErrWontSign{pubkey}
|
|
}
|
|
case twofa:
|
|
twofaModel, err := GetTwoFactorByUID(u.ID)
|
|
if err != nil {
|
|
return false, "", err
|
|
}
|
|
if twofaModel == nil {
|
|
return false, "", &ErrWontSign{twofa}
|
|
}
|
|
case parentSigned:
|
|
gitRepo, err := git.OpenRepository(repo.WikiPath())
|
|
if err != nil {
|
|
return false, "", err
|
|
}
|
|
defer gitRepo.Close()
|
|
commit, err := gitRepo.GetCommit("HEAD")
|
|
if err != nil {
|
|
return false, "", err
|
|
}
|
|
if commit.Signature == nil {
|
|
return false, "", &ErrWontSign{parentSigned}
|
|
}
|
|
verification := ParseCommitWithSignature(commit)
|
|
if !verification.Verified {
|
|
return false, "", &ErrWontSign{parentSigned}
|
|
}
|
|
}
|
|
}
|
|
return true, signingKey, nil
|
|
}
|
|
|
|
// SignCRUDAction determines if we should sign a CRUD commit to this repository
|
|
func (repo *Repository) SignCRUDAction(u *User, tmpBasePath, parentCommit string) (bool, string, error) {
|
|
rules := signingModeFromStrings(setting.Repository.Signing.CRUDActions)
|
|
signingKey := signingKey(repo.RepoPath())
|
|
if signingKey == "" {
|
|
return false, "", &ErrWontSign{noKey}
|
|
}
|
|
|
|
for _, rule := range rules {
|
|
switch rule {
|
|
case never:
|
|
return false, "", &ErrWontSign{never}
|
|
case always:
|
|
break
|
|
case pubkey:
|
|
keys, err := ListGPGKeys(u.ID, ListOptions{})
|
|
if err != nil {
|
|
return false, "", err
|
|
}
|
|
if len(keys) == 0 {
|
|
return false, "", &ErrWontSign{pubkey}
|
|
}
|
|
case twofa:
|
|
twofaModel, err := GetTwoFactorByUID(u.ID)
|
|
if err != nil {
|
|
return false, "", err
|
|
}
|
|
if twofaModel == nil {
|
|
return false, "", &ErrWontSign{twofa}
|
|
}
|
|
case parentSigned:
|
|
gitRepo, err := git.OpenRepository(tmpBasePath)
|
|
if err != nil {
|
|
return false, "", err
|
|
}
|
|
defer gitRepo.Close()
|
|
commit, err := gitRepo.GetCommit(parentCommit)
|
|
if err != nil {
|
|
return false, "", err
|
|
}
|
|
if commit.Signature == nil {
|
|
return false, "", &ErrWontSign{parentSigned}
|
|
}
|
|
verification := ParseCommitWithSignature(commit)
|
|
if !verification.Verified {
|
|
return false, "", &ErrWontSign{parentSigned}
|
|
}
|
|
}
|
|
}
|
|
return true, signingKey, nil
|
|
}
|