2015-12-04 15:16:42 -07:00
// Copyright 2015 The Gogs Authors. All rights reserved.
2018-11-28 04:26:14 -07:00
// Copyright 2016 The Gitea Authors. All rights reserved.
2022-11-27 11:20:29 -07:00
// SPDX-License-Identifier: MIT
2015-12-04 15:16:42 -07:00
2017-05-02 06:35:59 -07:00
// Package v1 Gitea API.
//
2017-11-13 00:02:25 -07:00
// This documentation describes the Gitea API.
2017-05-02 06:35:59 -07:00
//
2022-08-30 19:15:45 -07:00
// Schemes: http, https
// BasePath: /api/v1
// Version: {{AppVer | JSEscape | Safe}}
// License: MIT http://opensource.org/licenses/MIT
2017-05-02 06:35:59 -07:00
//
2022-08-30 19:15:45 -07:00
// Consumes:
// - application/json
// - text/plain
2017-05-02 06:35:59 -07:00
//
2022-08-30 19:15:45 -07:00
// Produces:
// - application/json
// - text/html
2017-05-02 06:35:59 -07:00
//
2022-08-30 19:15:45 -07:00
// Security:
// - BasicAuth :
// - Token :
// - AccessToken :
// - AuthorizationHeaderToken :
// - SudoParam :
// - SudoHeader :
// - TOTPHeader :
2017-08-21 04:13:47 -07:00
//
2022-08-30 19:15:45 -07:00
// SecurityDefinitions:
// BasicAuth:
// type: basic
// Token:
// type: apiKey
// name: token
// in: query
// AccessToken:
// type: apiKey
// name: access_token
// in: query
// AuthorizationHeaderToken:
// type: apiKey
// name: Authorization
// in: header
// description: API tokens must be prepended with "token" followed by a space.
// SudoParam:
// type: apiKey
// name: sudo
// in: query
// description: Sudo API request as the user provided as the key. Admin privileges are required.
// SudoHeader:
// type: apiKey
// name: Sudo
// in: header
// description: Sudo API request as the user provided as the key. Admin privileges are required.
// TOTPHeader:
// type: apiKey
// name: X-GITEA-OTP
// in: header
// description: Must be used in combination with BasicAuth if two-factor authentication is enabled.
2017-08-21 04:13:47 -07:00
//
2017-05-02 06:35:59 -07:00
// swagger:meta
2015-12-04 15:16:42 -07:00
package v1
import (
2022-08-28 02:43:25 -07:00
gocontext "context"
2021-11-22 06:05:29 -07:00
"fmt"
2019-12-20 10:07:12 -07:00
"net/http"
2015-12-04 15:16:42 -07:00
"strings"
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 18:45:19 -07:00
actions_model "code.gitea.io/gitea/models/actions"
2023-01-17 14:46:03 -07:00
auth_model "code.gitea.io/gitea/models/auth"
2022-03-28 23:29:02 -07:00
"code.gitea.io/gitea/models/organization"
2022-03-30 01:42:47 -07:00
"code.gitea.io/gitea/models/perm"
2022-05-11 03:09:36 -07:00
access_model "code.gitea.io/gitea/models/perm/access"
2021-12-09 18:27:50 -07:00
repo_model "code.gitea.io/gitea/models/repo"
2021-11-09 12:57:58 -07:00
"code.gitea.io/gitea/models/unit"
2021-11-11 00:03:30 -07:00
user_model "code.gitea.io/gitea/models/user"
2016-11-10 09:24:48 -07:00
"code.gitea.io/gitea/modules/context"
2018-09-06 20:31:29 -07:00
"code.gitea.io/gitea/modules/log"
2018-02-13 21:46:00 -07:00
"code.gitea.io/gitea/modules/setting"
2019-05-11 03:21:34 -07:00
api "code.gitea.io/gitea/modules/structs"
2021-01-26 08:36:53 -07:00
"code.gitea.io/gitea/modules/web"
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-18 22:25:12 -07:00
"code.gitea.io/gitea/routers/api/v1/activitypub"
2016-11-10 09:24:48 -07:00
"code.gitea.io/gitea/routers/api/v1/admin"
"code.gitea.io/gitea/routers/api/v1/misc"
2020-01-09 04:56:32 -07:00
"code.gitea.io/gitea/routers/api/v1/notify"
2016-11-10 09:24:48 -07:00
"code.gitea.io/gitea/routers/api/v1/org"
2022-03-30 01:42:47 -07:00
"code.gitea.io/gitea/routers/api/v1/packages"
2016-11-10 09:24:48 -07:00
"code.gitea.io/gitea/routers/api/v1/repo"
2020-06-22 11:21:31 -07:00
"code.gitea.io/gitea/routers/api/v1/settings"
2016-11-10 09:24:48 -07:00
"code.gitea.io/gitea/routers/api/v1/user"
2021-06-09 10:53:16 -07:00
"code.gitea.io/gitea/services/auth"
2022-03-26 02:04:22 -07:00
context_service "code.gitea.io/gitea/services/context"
2021-04-06 12:44:05 -07:00
"code.gitea.io/gitea/services/forms"
2017-11-13 00:02:25 -07:00
2021-11-17 05:34:35 -07:00
_ "code.gitea.io/gitea/routers/api/v1/swagger" // for swagger generation
2021-01-26 08:36:53 -07:00
"gitea.com/go-chi/binding"
"github.com/go-chi/cors"
2015-12-04 15:16:42 -07:00
)
2021-01-26 08:36:53 -07:00
func sudo ( ) func ( ctx * context . APIContext ) {
2018-09-06 20:31:29 -07:00
return func ( ctx * context . APIContext ) {
2021-08-10 17:31:13 -07:00
sudo := ctx . FormString ( "sudo" )
2018-10-20 14:25:14 -07:00
if len ( sudo ) == 0 {
2018-09-06 20:31:29 -07:00
sudo = ctx . Req . Header . Get ( "Sudo" )
}
if len ( sudo ) > 0 {
2022-03-22 00:03:22 -07:00
if ctx . IsSigned && ctx . Doer . IsAdmin {
2022-05-20 07:08:52 -07:00
user , err := user_model . GetUserByName ( ctx , sudo )
2018-09-06 20:31:29 -07:00
if err != nil {
2021-11-24 02:49:20 -07:00
if user_model . IsErrUserNotExist ( err ) {
2019-03-18 19:29:43 -07:00
ctx . NotFound ( )
2018-09-06 20:31:29 -07:00
} else {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "GetUserByName" , err )
2018-09-06 20:31:29 -07:00
}
return
}
2022-03-22 00:03:22 -07:00
log . Trace ( "Sudo from (%s) to: %s" , ctx . Doer . Name , user . Name )
ctx . Doer = user
2018-09-06 20:31:29 -07:00
} else {
2019-12-20 10:07:12 -07:00
ctx . JSON ( http . StatusForbidden , map [ string ] string {
2018-09-06 20:31:29 -07:00
"message" : "Only administrators allowed to sudo." ,
} )
return
}
}
}
}
2021-01-26 08:36:53 -07:00
func repoAssignment ( ) func ( ctx * context . APIContext ) {
2016-03-13 15:49:16 -07:00
return func ( ctx * context . APIContext ) {
2021-01-26 08:36:53 -07:00
userName := ctx . Params ( "username" )
repoName := ctx . Params ( "reponame" )
2015-12-04 15:16:42 -07:00
var (
2021-11-24 02:49:20 -07:00
owner * user_model . User
2015-12-04 15:16:42 -07:00
err error
)
// Check if the user is the same as the repository owner.
2022-03-22 00:03:22 -07:00
if ctx . IsSigned && ctx . Doer . LowerName == strings . ToLower ( userName ) {
owner = ctx . Doer
2015-12-04 15:16:42 -07:00
} else {
2022-05-20 07:08:52 -07:00
owner , err = user_model . GetUserByName ( ctx , userName )
2015-12-04 15:16:42 -07:00
if err != nil {
2021-11-24 02:49:20 -07:00
if user_model . IsErrUserNotExist ( err ) {
2021-11-11 00:03:30 -07:00
if redirectUserID , err := user_model . LookupUserRedirect ( userName ) ; err == nil {
2021-01-24 08:23:05 -07:00
context . RedirectToUser ( ctx . Context , userName , redirectUserID )
2021-11-11 00:03:30 -07:00
} else if user_model . IsErrUserRedirectNotExist ( err ) {
2021-01-24 08:23:05 -07:00
ctx . NotFound ( "GetUserByName" , err )
} else {
ctx . Error ( http . StatusInternalServerError , "LookupUserRedirect" , err )
}
2015-12-04 15:16:42 -07:00
} else {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "GetUserByName" , err )
2015-12-04 15:16:42 -07:00
}
return
}
}
ctx . Repo . Owner = owner
2022-03-26 02:04:22 -07:00
ctx . ContextUser = owner
2015-12-04 15:16:42 -07:00
// Get repository.
2021-12-09 18:27:50 -07:00
repo , err := repo_model . GetRepositoryByName ( owner . ID , repoName )
2015-12-04 15:16:42 -07:00
if err != nil {
2021-12-09 18:27:50 -07:00
if repo_model . IsErrRepoNotExist ( err ) {
2021-12-12 08:48:20 -07:00
redirectRepoID , err := repo_model . LookupRedirect ( owner . ID , repoName )
2017-02-05 07:35:03 -07:00
if err == nil {
context . RedirectToRepo ( ctx . Context , redirectRepoID )
2021-12-12 08:48:20 -07:00
} else if repo_model . IsErrRedirectNotExist ( err ) {
2019-03-18 19:29:43 -07:00
ctx . NotFound ( )
2017-02-05 07:35:03 -07:00
} else {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "LookupRepoRedirect" , err )
2017-02-05 07:35:03 -07:00
}
2015-12-04 15:16:42 -07:00
} else {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "GetRepositoryByName" , err )
2015-12-04 15:16:42 -07:00
}
return
}
2019-04-25 11:59:10 -07:00
2017-02-02 05:33:56 -07:00
repo . Owner = owner
2018-11-28 04:26:14 -07:00
ctx . Repo . Repository = repo
2015-12-04 15:16:42 -07:00
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 18:45:19 -07:00
if ctx . Doer != nil && ctx . Doer . ID == user_model . ActionsUserID {
taskID := ctx . Data [ "ActionsTaskID" ] . ( int64 )
task , err := actions_model . GetTaskByID ( ctx , taskID )
if err != nil {
ctx . Error ( http . StatusInternalServerError , "actions_model.GetTaskByID" , err )
return
}
if task . RepoID != repo . ID {
ctx . NotFound ( )
return
}
if task . IsForkPullRequest {
ctx . Repo . Permission . AccessMode = perm . AccessModeRead
} else {
ctx . Repo . Permission . AccessMode = perm . AccessModeWrite
}
if err := ctx . Repo . Repository . LoadUnits ( ctx ) ; err != nil {
ctx . Error ( http . StatusInternalServerError , "LoadUnits" , err )
return
}
ctx . Repo . Permission . Units = ctx . Repo . Repository . Units
ctx . Repo . Permission . UnitsMode = make ( map [ unit . Type ] perm . AccessMode )
for _ , u := range ctx . Repo . Repository . Units {
ctx . Repo . Permission . UnitsMode [ u . Type ] = ctx . Repo . Permission . AccessMode
}
} else {
ctx . Repo . Permission , err = access_model . GetUserRepoPermission ( ctx , repo , ctx . Doer )
if err != nil {
ctx . Error ( http . StatusInternalServerError , "GetUserRepoPermission" , err )
return
}
2015-12-04 15:16:42 -07:00
}
2016-03-13 20:20:22 -07:00
if ! ctx . Repo . HasAccess ( ) {
2019-03-18 19:29:43 -07:00
ctx . NotFound ( )
2015-12-04 15:16:42 -07:00
return
}
}
}
2022-03-30 01:42:47 -07:00
func reqPackageAccess ( accessMode perm . AccessMode ) func ( ctx * context . APIContext ) {
return func ( ctx * context . APIContext ) {
if ctx . Package . AccessMode < accessMode && ! ctx . IsUserSiteAdmin ( ) {
ctx . Error ( http . StatusForbidden , "reqPackageAccess" , "user should have specific permission or be a site admin" )
return
}
}
}
2015-12-04 15:16:42 -07:00
// Contexter middleware already checks token for user sign in process.
2023-01-17 14:46:03 -07:00
func reqToken ( requiredScope auth_model . AccessTokenScope ) func ( ctx * context . APIContext ) {
2018-11-03 18:15:55 -07:00
return func ( ctx * context . APIContext ) {
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 18:45:19 -07:00
// If actions token is present
if true == ctx . Data [ "IsActionsToken" ] {
return
}
2023-01-17 14:46:03 -07:00
// If OAuth2 token is present
if _ , ok := ctx . Data [ "ApiTokenScope" ] ; ctx . Data [ "IsApiToken" ] == true && ok {
// no scope required
if requiredScope == "" {
return
}
// check scope
scope := ctx . Data [ "ApiTokenScope" ] . ( auth_model . AccessTokenScope )
allow , err := scope . HasScope ( requiredScope )
if err != nil {
ctx . Error ( http . StatusForbidden , "reqToken" , "parsing token failed: " + err . Error ( ) )
return
}
if allow {
return
}
// if requires 'repo' scope, but only has 'public_repo' scope, allow it only if the repo is public
if requiredScope == auth_model . AccessTokenScopeRepo {
if allowPublicRepo , err := scope . HasScope ( auth_model . AccessTokenScopePublicRepo ) ; err == nil && allowPublicRepo {
if ctx . Repo . Repository != nil && ! ctx . Repo . Repository . IsPrivate {
return
}
}
}
ctx . Error ( http . StatusForbidden , "reqToken" , "token does not have required scope: " + requiredScope )
2018-11-03 18:15:55 -07:00
return
}
2019-04-19 01:59:26 -07:00
if ctx . Context . IsBasicAuth {
ctx . CheckForOTP ( )
return
}
2018-11-03 18:15:55 -07:00
if ctx . IsSigned {
2015-12-04 15:16:42 -07:00
return
}
2020-11-14 09:13:55 -07:00
ctx . Error ( http . StatusUnauthorized , "reqToken" , "token is required" )
2015-12-04 15:16:42 -07:00
}
}
2021-03-11 06:40:54 -07:00
func reqExploreSignIn ( ) func ( ctx * context . APIContext ) {
return func ( ctx * context . APIContext ) {
if setting . Service . Explore . RequireSigninView && ! ctx . IsSigned {
ctx . Error ( http . StatusUnauthorized , "reqExploreSignIn" , "you must be signed in to search for users" )
}
}
}
2022-12-26 17:34:05 -07:00
func reqBasicAuth ( ) func ( ctx * context . APIContext ) {
2019-04-19 01:59:26 -07:00
return func ( ctx * context . APIContext ) {
if ! ctx . Context . IsBasicAuth {
2022-12-26 17:34:05 -07:00
ctx . Error ( http . StatusUnauthorized , "reqBasicAuth" , "auth required" )
2015-12-04 15:16:42 -07:00
return
}
2019-04-19 01:59:26 -07:00
ctx . CheckForOTP ( )
2015-12-04 15:16:42 -07:00
}
}
2018-11-28 04:26:14 -07:00
// reqSiteAdmin user should be the site admin
2021-01-26 08:36:53 -07:00
func reqSiteAdmin ( ) func ( ctx * context . APIContext ) {
2020-11-14 09:13:55 -07:00
return func ( ctx * context . APIContext ) {
2019-04-07 15:49:34 -07:00
if ! ctx . IsUserSiteAdmin ( ) {
2020-11-14 09:13:55 -07:00
ctx . Error ( http . StatusForbidden , "reqSiteAdmin" , "user should be the site admin" )
2015-12-04 15:16:42 -07:00
return
}
}
}
2019-04-07 15:49:34 -07:00
// reqOwner user should be the owner of the repo or site admin.
2021-01-26 08:36:53 -07:00
func reqOwner ( ) func ( ctx * context . APIContext ) {
2020-11-14 09:13:55 -07:00
return func ( ctx * context . APIContext ) {
2019-04-07 15:49:34 -07:00
if ! ctx . IsUserRepoOwner ( ) && ! ctx . IsUserSiteAdmin ( ) {
2020-11-14 09:13:55 -07:00
ctx . Error ( http . StatusForbidden , "reqOwner" , "user should be the owner of the repo" )
2018-11-28 04:26:14 -07:00
return
}
}
}
2019-04-07 15:49:34 -07:00
// reqAdmin user should be an owner or a collaborator with admin write of a repository, or site admin
2021-01-26 08:36:53 -07:00
func reqAdmin ( ) func ( ctx * context . APIContext ) {
2020-11-14 09:13:55 -07:00
return func ( ctx * context . APIContext ) {
2019-04-07 15:49:34 -07:00
if ! ctx . IsUserRepoAdmin ( ) && ! ctx . IsUserSiteAdmin ( ) {
2020-11-14 09:13:55 -07:00
ctx . Error ( http . StatusForbidden , "reqAdmin" , "user should be an owner or a collaborator with admin write of a repository" )
2018-11-28 04:26:14 -07:00
return
}
}
}
2019-04-07 15:49:34 -07:00
// reqRepoWriter user should have a permission to write to a repo, or be a site admin
2021-11-09 12:57:58 -07:00
func reqRepoWriter ( unitTypes ... unit . Type ) func ( ctx * context . APIContext ) {
2020-11-14 09:13:55 -07:00
return func ( ctx * context . APIContext ) {
2019-04-07 15:49:34 -07:00
if ! ctx . IsUserRepoWriter ( unitTypes ) && ! ctx . IsUserRepoAdmin ( ) && ! ctx . IsUserSiteAdmin ( ) {
2020-11-14 09:13:55 -07:00
ctx . Error ( http . StatusForbidden , "reqRepoWriter" , "user should have a permission to write to a repo" )
2018-11-28 04:26:14 -07:00
return
}
}
}
2022-04-28 08:45:33 -07:00
// reqRepoBranchWriter user should have a permission to write to a branch, or be a site admin
func reqRepoBranchWriter ( ctx * context . APIContext ) {
options , ok := web . GetForm ( ctx ) . ( api . FileOptionInterface )
if ! ok || ( ! ctx . Repo . CanWriteToBranch ( ctx . Doer , options . Branch ( ) ) && ! ctx . IsUserSiteAdmin ( ) ) {
ctx . Error ( http . StatusForbidden , "reqRepoBranchWriter" , "user should have a permission to write to this branch" )
return
}
}
2019-04-07 15:49:34 -07:00
// reqRepoReader user should have specific read permission or be a repo admin or a site admin
2021-11-09 12:57:58 -07:00
func reqRepoReader ( unitType unit . Type ) func ( ctx * context . APIContext ) {
2020-11-14 09:13:55 -07:00
return func ( ctx * context . APIContext ) {
2019-04-07 15:49:34 -07:00
if ! ctx . IsUserRepoReaderSpecific ( unitType ) && ! ctx . IsUserRepoAdmin ( ) && ! ctx . IsUserSiteAdmin ( ) {
2020-11-14 09:13:55 -07:00
ctx . Error ( http . StatusForbidden , "reqRepoReader" , "user should have specific read permission or be a repo admin or a site admin" )
2016-08-24 16:05:56 -07:00
return
}
}
}
2019-04-07 15:49:34 -07:00
// reqAnyRepoReader user should have any permission to read repository or permissions of site admin
2021-01-26 08:36:53 -07:00
func reqAnyRepoReader ( ) func ( ctx * context . APIContext ) {
2020-11-14 09:13:55 -07:00
return func ( ctx * context . APIContext ) {
2019-04-07 15:49:34 -07:00
if ! ctx . IsUserRepoReaderAny ( ) && ! ctx . IsUserSiteAdmin ( ) {
2020-11-14 09:13:55 -07:00
ctx . Error ( http . StatusForbidden , "reqAnyRepoReader" , "user should have any permission to read repository or permissions of site admin" )
2019-04-07 15:49:34 -07:00
return
2018-11-28 04:26:14 -07:00
}
}
}
2019-04-07 15:49:34 -07:00
// reqOrgOwnership user should be an organization owner, or a site admin
2021-01-26 08:36:53 -07:00
func reqOrgOwnership ( ) func ( ctx * context . APIContext ) {
2017-01-13 19:14:48 -07:00
return func ( ctx * context . APIContext ) {
2019-04-07 15:49:34 -07:00
if ctx . Context . IsUserSiteAdmin ( ) {
return
}
2017-01-13 19:14:48 -07:00
var orgID int64
if ctx . Org . Organization != nil {
orgID = ctx . Org . Organization . ID
} else if ctx . Org . Team != nil {
orgID = ctx . Org . Team . OrgID
} else {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "" , "reqOrgOwnership: unprepared context" )
2017-01-13 19:14:48 -07:00
return
}
2022-03-28 23:29:02 -07:00
isOwner , err := organization . IsOrganizationOwner ( ctx , orgID , ctx . Doer . ID )
2019-04-07 15:49:34 -07:00
if err != nil {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "IsOrganizationOwner" , err )
2017-12-21 00:43:26 -07:00
return
2019-04-07 15:49:34 -07:00
} else if ! isOwner {
2017-01-26 04:54:04 -07:00
if ctx . Org . Organization != nil {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusForbidden , "" , "Must be an organization owner" )
2017-01-26 04:54:04 -07:00
} else {
2019-03-18 19:29:43 -07:00
ctx . NotFound ( )
2017-01-26 04:54:04 -07:00
}
2017-01-13 19:14:48 -07:00
return
}
}
}
2019-04-23 22:32:35 -07:00
// reqTeamMembership user should be an team member, or a site admin
2021-01-26 08:36:53 -07:00
func reqTeamMembership ( ) func ( ctx * context . APIContext ) {
2019-04-23 22:32:35 -07:00
return func ( ctx * context . APIContext ) {
if ctx . Context . IsUserSiteAdmin ( ) {
return
}
if ctx . Org . Team == nil {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "" , "reqTeamMembership: unprepared context" )
2019-04-23 22:32:35 -07:00
return
}
2022-01-20 10:46:10 -07:00
orgID := ctx . Org . Team . OrgID
2022-03-28 23:29:02 -07:00
isOwner , err := organization . IsOrganizationOwner ( ctx , orgID , ctx . Doer . ID )
2019-04-23 22:32:35 -07:00
if err != nil {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "IsOrganizationOwner" , err )
2019-04-23 22:32:35 -07:00
return
} else if isOwner {
return
}
2022-03-28 23:29:02 -07:00
if isTeamMember , err := organization . IsTeamMember ( ctx , orgID , ctx . Org . Team . ID , ctx . Doer . ID ) ; err != nil {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "IsTeamMember" , err )
2019-04-23 22:32:35 -07:00
return
} else if ! isTeamMember {
2022-03-28 23:29:02 -07:00
isOrgMember , err := organization . IsOrganizationMember ( ctx , orgID , ctx . Doer . ID )
2019-04-23 22:32:35 -07:00
if err != nil {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "IsOrganizationMember" , err )
2019-04-23 22:32:35 -07:00
} else if isOrgMember {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusForbidden , "" , "Must be a team member" )
2019-04-23 22:32:35 -07:00
} else {
ctx . NotFound ( )
}
return
}
}
}
2019-04-07 15:49:34 -07:00
// reqOrgMembership user should be an organization member, or a site admin
2021-01-26 08:36:53 -07:00
func reqOrgMembership ( ) func ( ctx * context . APIContext ) {
2017-01-13 19:14:48 -07:00
return func ( ctx * context . APIContext ) {
2019-04-07 15:49:34 -07:00
if ctx . Context . IsUserSiteAdmin ( ) {
return
}
2017-01-13 19:14:48 -07:00
var orgID int64
if ctx . Org . Organization != nil {
orgID = ctx . Org . Organization . ID
} else if ctx . Org . Team != nil {
orgID = ctx . Org . Team . OrgID
} else {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "" , "reqOrgMembership: unprepared context" )
2017-01-13 19:14:48 -07:00
return
}
2022-03-28 23:29:02 -07:00
if isMember , err := organization . IsOrganizationMember ( ctx , orgID , ctx . Doer . ID ) ; err != nil {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "IsOrganizationMember" , err )
2019-04-07 15:49:34 -07:00
return
} else if ! isMember {
2017-01-26 04:54:04 -07:00
if ctx . Org . Organization != nil {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusForbidden , "" , "Must be an organization member" )
2017-01-26 04:54:04 -07:00
} else {
2019-03-18 19:29:43 -07:00
ctx . NotFound ( )
2017-01-26 04:54:04 -07:00
}
2017-01-13 19:14:48 -07:00
return
}
}
}
2021-01-26 08:36:53 -07:00
func reqGitHook ( ) func ( ctx * context . APIContext ) {
2019-04-16 22:31:08 -07:00
return func ( ctx * context . APIContext ) {
2022-03-22 00:03:22 -07:00
if ! ctx . Doer . CanEditGitHook ( ) {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusForbidden , "" , "must be allowed to edit Git hooks" )
2019-04-16 22:31:08 -07:00
return
}
}
}
2021-02-11 10:34:34 -07:00
// reqWebhooksEnabled requires webhooks to be enabled by admin.
func reqWebhooksEnabled ( ) func ( ctx * context . APIContext ) {
return func ( ctx * context . APIContext ) {
if setting . DisableWebhooks {
ctx . Error ( http . StatusForbidden , "" , "webhooks disabled by administrator" )
return
}
}
}
2021-01-26 08:36:53 -07:00
func orgAssignment ( args ... bool ) func ( ctx * context . APIContext ) {
2016-03-25 15:04:02 -07:00
var (
2016-04-04 16:41:34 -07:00
assignOrg bool
2016-03-25 15:04:02 -07:00
assignTeam bool
)
if len ( args ) > 0 {
2016-04-04 16:41:34 -07:00
assignOrg = args [ 0 ]
}
if len ( args ) > 1 {
assignTeam = args [ 1 ]
2016-03-25 15:04:02 -07:00
}
return func ( ctx * context . APIContext ) {
2016-04-04 16:41:34 -07:00
ctx . Org = new ( context . APIOrganization )
var err error
if assignOrg {
2023-02-07 23:44:42 -07:00
ctx . Org . Organization , err = organization . GetOrgByName ( ctx , ctx . Params ( ":org" ) )
2016-04-04 16:41:34 -07:00
if err != nil {
2022-03-28 23:29:02 -07:00
if organization . IsErrOrgNotExist ( err ) {
2021-11-11 00:03:30 -07:00
redirectUserID , err := user_model . LookupUserRedirect ( ctx . Params ( ":org" ) )
2021-01-24 08:23:05 -07:00
if err == nil {
context . RedirectToUser ( ctx . Context , ctx . Params ( ":org" ) , redirectUserID )
2021-11-11 00:03:30 -07:00
} else if user_model . IsErrUserRedirectNotExist ( err ) {
2021-01-24 08:23:05 -07:00
ctx . NotFound ( "GetOrgByName" , err )
} else {
ctx . Error ( http . StatusInternalServerError , "LookupUserRedirect" , err )
}
2016-04-04 16:41:34 -07:00
} else {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "GetOrgByName" , err )
2016-04-04 16:41:34 -07:00
}
return
2016-03-25 15:04:02 -07:00
}
2022-03-26 02:04:22 -07:00
ctx . ContextUser = ctx . Org . Organization . AsUser ( )
2016-03-25 15:04:02 -07:00
}
if assignTeam {
2022-05-20 07:08:52 -07:00
ctx . Org . Team , err = organization . GetTeamByID ( ctx , ctx . ParamsInt64 ( ":teamid" ) )
2016-03-25 15:04:02 -07:00
if err != nil {
2022-03-28 23:29:02 -07:00
if organization . IsErrTeamNotExist ( err ) {
2019-03-18 19:29:43 -07:00
ctx . NotFound ( )
2016-03-25 15:04:02 -07:00
} else {
2019-12-20 10:07:12 -07:00
ctx . Error ( http . StatusInternalServerError , "GetTeamById" , err )
2016-03-25 15:04:02 -07:00
}
return
}
}
}
}
2016-08-04 17:08:01 -07:00
func mustEnableIssues ( ctx * context . APIContext ) {
2021-11-09 12:57:58 -07:00
if ! ctx . Repo . CanRead ( unit . TypeIssues ) {
2019-04-22 13:40:51 -07:00
if log . IsTrace ( ) {
if ctx . IsSigned {
log . Trace ( "Permission Denied: User %-v cannot read %-v in Repo %-v\n" +
"User in Repo has Permissions: %-+v" ,
2022-03-22 00:03:22 -07:00
ctx . Doer ,
2021-11-09 12:57:58 -07:00
unit . TypeIssues ,
2019-04-22 13:40:51 -07:00
ctx . Repo . Repository ,
ctx . Repo . Permission )
} else {
log . Trace ( "Permission Denied: Anonymous user cannot read %-v in Repo %-v\n" +
"Anonymous user in Repo has Permissions: %-+v" ,
2021-11-09 12:57:58 -07:00
unit . TypeIssues ,
2019-04-22 13:40:51 -07:00
ctx . Repo . Repository ,
ctx . Repo . Permission )
}
}
2019-03-18 19:29:43 -07:00
ctx . NotFound ( )
2016-08-04 16:32:02 -07:00
return
}
}
2019-03-18 19:29:43 -07:00
func mustAllowPulls ( ctx * context . APIContext ) {
2021-11-09 12:57:58 -07:00
if ! ( ctx . Repo . Repository . CanEnablePulls ( ) && ctx . Repo . CanRead ( unit . TypePullRequests ) ) {
2019-04-22 13:40:51 -07:00
if ctx . Repo . Repository . CanEnablePulls ( ) && log . IsTrace ( ) {
if ctx . IsSigned {
log . Trace ( "Permission Denied: User %-v cannot read %-v in Repo %-v\n" +
"User in Repo has Permissions: %-+v" ,
2022-03-22 00:03:22 -07:00
ctx . Doer ,
2021-11-09 12:57:58 -07:00
unit . TypePullRequests ,
2019-04-22 13:40:51 -07:00
ctx . Repo . Repository ,
ctx . Repo . Permission )
} else {
log . Trace ( "Permission Denied: Anonymous user cannot read %-v in Repo %-v\n" +
"Anonymous user in Repo has Permissions: %-+v" ,
2021-11-09 12:57:58 -07:00
unit . TypePullRequests ,
2019-04-22 13:40:51 -07:00
ctx . Repo . Repository ,
ctx . Repo . Permission )
}
}
2019-03-18 19:29:43 -07:00
ctx . NotFound ( )
2016-12-02 04:10:39 -07:00
return
}
}
2019-03-18 19:29:43 -07:00
func mustEnableIssuesOrPulls ( ctx * context . APIContext ) {
2021-11-09 12:57:58 -07:00
if ! ctx . Repo . CanRead ( unit . TypeIssues ) &&
! ( ctx . Repo . Repository . CanEnablePulls ( ) && ctx . Repo . CanRead ( unit . TypePullRequests ) ) {
2019-04-22 13:40:51 -07:00
if ctx . Repo . Repository . CanEnablePulls ( ) && log . IsTrace ( ) {
if ctx . IsSigned {
log . Trace ( "Permission Denied: User %-v cannot read %-v and %-v in Repo %-v\n" +
"User in Repo has Permissions: %-+v" ,
2022-03-22 00:03:22 -07:00
ctx . Doer ,
2021-11-09 12:57:58 -07:00
unit . TypeIssues ,
unit . TypePullRequests ,
2019-04-22 13:40:51 -07:00
ctx . Repo . Repository ,
ctx . Repo . Permission )
} else {
log . Trace ( "Permission Denied: Anonymous user cannot read %-v and %-v in Repo %-v\n" +
"Anonymous user in Repo has Permissions: %-+v" ,
2021-11-09 12:57:58 -07:00
unit . TypeIssues ,
unit . TypePullRequests ,
2019-04-22 13:40:51 -07:00
ctx . Repo . Repository ,
ctx . Repo . Permission )
}
}
2019-03-18 19:29:43 -07:00
ctx . NotFound ( )
2018-09-03 10:20:54 -07:00
return
}
}
2021-10-24 20:43:40 -07:00
func mustEnableWiki ( ctx * context . APIContext ) {
2021-11-09 12:57:58 -07:00
if ! ( ctx . Repo . CanRead ( unit . TypeWiki ) ) {
2021-10-24 20:43:40 -07:00
ctx . NotFound ( )
return
}
}
2019-03-18 19:29:43 -07:00
func mustNotBeArchived ( ctx * context . APIContext ) {
2019-01-30 10:20:40 -07:00
if ctx . Repo . Repository . IsArchived {
2019-03-18 19:29:43 -07:00
ctx . NotFound ( )
2019-01-30 10:20:40 -07:00
return
}
}
2022-12-08 23:35:56 -07:00
func mustEnableAttachments ( ctx * context . APIContext ) {
if ! setting . Attachment . Enabled {
ctx . NotFound ( )
return
}
}
2021-01-26 08:36:53 -07:00
// bind binding an obj to a func(ctx *context.APIContext)
2022-12-12 01:09:26 -07:00
func bind [ T any ] ( obj T ) http . HandlerFunc {
2021-01-26 08:36:53 -07:00
return web . Wrap ( func ( ctx * context . APIContext ) {
2022-12-12 01:09:26 -07:00
theObj := new ( T ) // create a new form obj for every request but not use obj directly
2021-01-26 08:36:53 -07:00
errs := binding . Bind ( ctx . Req , theObj )
if len ( errs ) > 0 {
2021-11-22 06:05:29 -07:00
ctx . Error ( http . StatusUnprocessableEntity , "validationError" , fmt . Sprintf ( "%s: %s" , errs [ 0 ] . FieldNames , errs [ 0 ] . Error ( ) ) )
2021-01-26 08:36:53 -07:00
return
}
web . SetForm ( ctx , theObj )
} )
}
2015-12-04 15:16:42 -07:00
2022-03-27 21:46:28 -07:00
// The OAuth2 plugin is expected to be executed first, as it must ignore the user id stored
// in the session (if there is a user id stored in session other plugins might return the user
// object for that id).
//
// The Session plugin is expected to be executed second, in order to skip authentication
// for users that have already signed in.
func buildAuthGroup ( ) * auth . Group {
group := auth . NewGroup (
& auth . OAuth2 { } ,
2022-06-05 00:16:14 -07:00
& auth . HTTPSign { } ,
2022-04-07 21:22:10 -07:00
& auth . Basic { } , // FIXME: this should be removed once we don't allow basic auth in API
2022-03-27 21:46:28 -07:00
)
specialAdd ( group )
return group
}
2021-01-26 08:36:53 -07:00
// Routes registers all v1 APIs routes to web application.
2022-08-28 02:43:25 -07:00
func Routes ( ctx gocontext . Context ) * web . Route {
2022-01-20 10:46:10 -07:00
m := web . NewRoute ( )
2021-01-26 08:36:53 -07:00
m . Use ( securityHeaders ( ) )
if setting . CORSConfig . Enabled {
m . Use ( cors . Handler ( cors . Options {
2022-01-20 10:46:10 -07:00
// Scheme: setting.CORSConfig.Scheme, // FIXME: the cors middleware needs scheme option
2021-01-26 08:36:53 -07:00
AllowedOrigins : setting . CORSConfig . AllowDomain ,
2022-01-20 10:46:10 -07:00
// setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
2021-01-26 08:36:53 -07:00
AllowedMethods : setting . CORSConfig . Methods ,
AllowCredentials : setting . CORSConfig . AllowCredentials ,
2022-11-10 23:39:27 -07:00
AllowedHeaders : append ( [ ] string { "Authorization" , "X-Gitea-OTP" } , setting . CORSConfig . Headers ... ) ,
2021-01-26 08:36:53 -07:00
MaxAge : int ( setting . CORSConfig . MaxAge . Seconds ( ) ) ,
} ) )
2018-02-13 21:46:00 -07:00
}
2021-01-26 08:36:53 -07:00
m . Use ( context . APIContexter ( ) )
2021-01-27 10:46:35 -07:00
2022-03-27 21:46:28 -07:00
group := buildAuthGroup ( )
2022-08-28 02:43:25 -07:00
if err := group . Init ( ctx ) ; err != nil {
2022-03-27 21:46:28 -07:00
log . Error ( "Could not initialize '%s' auth method, error: %s" , group . Name ( ) , err )
}
2021-06-09 10:53:16 -07:00
// Get user from session if logged in.
2023-02-07 23:44:42 -07:00
m . Use ( auth . APIAuth ( group ) )
2021-06-09 10:53:16 -07:00
2021-01-26 08:36:53 -07:00
m . Use ( context . ToggleAPI ( & context . ToggleOptions {
SignInRequired : setting . Service . RequireSignInView ,
} ) )
2017-10-21 07:05:50 -07:00
2021-01-26 08:36:53 -07:00
m . Group ( "" , func ( ) {
2023-01-17 14:46:03 -07:00
// Miscellaneous (no scope required)
2018-07-27 17:19:01 -07:00
if setting . API . EnableSwagger {
2021-01-26 08:36:53 -07:00
m . Get ( "/swagger" , func ( ctx * context . APIContext ) {
2021-10-15 20:34:07 -07:00
ctx . Redirect ( setting . AppSubURL + "/api/swagger" )
2021-01-26 08:36:53 -07:00
} )
2018-02-13 21:46:00 -07:00
}
2017-03-06 07:13:17 -07:00
m . Get ( "/version" , misc . Version )
2021-09-27 16:38:06 -07:00
if setting . Federation . Enabled {
m . Get ( "/nodeinfo" , misc . NodeInfo )
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-18 22:25:12 -07:00
m . Group ( "/activitypub" , func ( ) {
m . Group ( "/user/{username}" , func ( ) {
m . Get ( "" , activitypub . Person )
m . Post ( "/inbox" , activitypub . ReqHTTPSignature ( ) , activitypub . PersonInbox )
} , context_service . UserAssignmentAPI ( ) )
} )
2021-09-27 16:38:06 -07:00
}
2019-10-16 06:42:42 -07:00
m . Get ( "/signing-key.gpg" , misc . SigningKey )
2015-12-04 15:16:42 -07:00
m . Post ( "/markdown" , bind ( api . MarkdownOption { } ) , misc . Markdown )
m . Post ( "/markdown/raw" , misc . MarkdownRaw )
2020-06-04 02:16:53 -07:00
m . Group ( "/settings" , func ( ) {
2020-06-22 11:21:31 -07:00
m . Get ( "/ui" , settings . GetGeneralUISettings )
2020-09-04 11:10:15 -07:00
m . Get ( "/api" , settings . GetGeneralAPISettings )
2020-09-05 00:43:06 -07:00
m . Get ( "/attachment" , settings . GetGeneralAttachmentSettings )
2020-06-22 11:21:31 -07:00
m . Get ( "/repository" , settings . GetGeneralRepoSettings )
2020-06-04 02:16:53 -07:00
} )
2015-12-04 15:16:42 -07:00
2023-01-17 14:46:03 -07:00
// Notifications (requires 'notification' scope)
2020-01-09 04:56:32 -07:00
m . Group ( "/notifications" , func ( ) {
m . Combo ( "" ) .
Get ( notify . ListNotifications ) .
Put ( notify . ReadNotifications )
2020-01-14 08:37:19 -07:00
m . Get ( "/new" , notify . NewAvailable )
2021-01-26 08:36:53 -07:00
m . Combo ( "/threads/{id}" ) .
2020-01-09 04:56:32 -07:00
Get ( notify . GetThread ) .
Patch ( notify . ReadThread )
2023-01-17 14:46:03 -07:00
} , reqToken ( auth_model . AccessTokenScopeNotification ) )
2020-01-09 04:56:32 -07:00
2023-01-17 14:46:03 -07:00
// Users (no scope required)
2015-12-04 15:16:42 -07:00
m . Group ( "/users" , func ( ) {
2021-03-11 06:40:54 -07:00
m . Get ( "/search" , reqExploreSignIn ( ) , user . Search )
2015-12-04 15:16:42 -07:00
2021-01-26 08:36:53 -07:00
m . Group ( "/{username}" , func ( ) {
2021-03-11 06:40:54 -07:00
m . Get ( "" , reqExploreSignIn ( ) , user . GetInfo )
2021-01-26 08:36:53 -07:00
if setting . Service . EnableUserHeatmap {
m . Get ( "/heatmap" , user . GetUserHeatmapData )
}
2015-12-04 15:16:42 -07:00
2021-03-11 06:40:54 -07:00
m . Get ( "/repos" , reqExploreSignIn ( ) , user . ListUserRepos )
2015-12-04 15:16:42 -07:00
m . Group ( "/tokens" , func ( ) {
m . Combo ( "" ) . Get ( user . ListAccessTokens ) .
Post ( bind ( api . CreateAccessTokenOption { } ) , user . CreateAccessToken )
2021-01-26 08:36:53 -07:00
m . Combo ( "/{id}" ) . Delete ( user . DeleteAccessToken )
2022-12-26 17:34:05 -07:00
} , reqBasicAuth ( ) )
2022-03-26 02:04:22 -07:00
} , context_service . UserAssignmentAPI ( ) )
2015-12-04 15:16:42 -07:00
} )
2023-01-17 14:46:03 -07:00
// (no scope required)
2015-12-04 15:16:42 -07:00
m . Group ( "/users" , func ( ) {
2021-01-26 08:36:53 -07:00
m . Group ( "/{username}" , func ( ) {
2015-12-05 15:13:13 -07:00
m . Get ( "/keys" , user . ListPublicKeys )
2017-03-15 18:27:35 -07:00
m . Get ( "/gpg_keys" , user . ListGPGKeys )
2015-12-21 05:24:11 -07:00
m . Get ( "/followers" , user . ListFollowers )
m . Group ( "/following" , func ( ) {
m . Get ( "" , user . ListFollowing )
2021-01-26 08:36:53 -07:00
m . Get ( "/{target}" , user . CheckFollowing )
2015-12-21 05:24:11 -07:00
} )
2016-11-14 15:33:58 -07:00
m . Get ( "/starred" , user . GetStarredRepos )
2016-12-23 18:53:11 -07:00
m . Get ( "/subscriptions" , user . GetWatchedRepos )
2022-03-26 02:04:22 -07:00
} , context_service . UserAssignmentAPI ( ) )
2023-01-17 14:46:03 -07:00
} , reqToken ( "" ) )
2015-12-04 15:16:42 -07:00
m . Group ( "/user" , func ( ) {
2016-08-11 15:29:39 -07:00
m . Get ( "" , user . GetAuthenticatedUser )
2021-06-23 12:58:44 -07:00
m . Group ( "/settings" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Get ( "" , reqToken ( auth_model . AccessTokenScopeReadUser ) , user . GetUserSettings )
m . Patch ( "" , reqToken ( auth_model . AccessTokenScopeUser ) , bind ( api . UserSettingsOptions { } ) , user . UpdateUserSettings )
} )
m . Combo ( "/emails" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadUser ) , user . ListEmails ) .
Post ( reqToken ( auth_model . AccessTokenScopeUser ) , bind ( api . CreateEmailOption { } ) , user . AddEmail ) .
Delete ( reqToken ( auth_model . AccessTokenScopeUser ) , bind ( api . DeleteEmailOption { } ) , user . DeleteEmail )
2015-12-21 05:24:11 -07:00
m . Get ( "/followers" , user . ListMyFollowers )
m . Group ( "/following" , func ( ) {
m . Get ( "" , user . ListMyFollowing )
2022-03-26 02:04:22 -07:00
m . Group ( "/{username}" , func ( ) {
m . Get ( "" , user . CheckMyFollowing )
2023-01-17 14:46:03 -07:00
m . Put ( "" , reqToken ( auth_model . AccessTokenScopeUserFollow ) , user . Follow ) // requires 'user:follow' scope
m . Delete ( "" , reqToken ( auth_model . AccessTokenScopeUserFollow ) , user . Unfollow ) // requires 'user:follow' scope
2022-03-26 02:04:22 -07:00
} , context_service . UserAssignmentAPI ( ) )
2015-12-21 05:24:11 -07:00
} )
2023-01-17 14:46:03 -07:00
// (admin:public_key scope)
2015-12-04 15:16:42 -07:00
m . Group ( "/keys" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Combo ( "" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadPublicKey ) , user . ListMyPublicKeys ) .
Post ( reqToken ( auth_model . AccessTokenScopeWritePublicKey ) , bind ( api . CreateKeyOption { } ) , user . CreatePublicKey )
m . Combo ( "/{id}" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadPublicKey ) , user . GetPublicKey ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWritePublicKey ) , user . DeletePublicKey )
2015-12-04 15:16:42 -07:00
} )
2023-01-17 14:46:03 -07:00
// (admin:application scope)
2020-02-28 23:19:32 -07:00
m . Group ( "/applications" , func ( ) {
m . Combo ( "/oauth2" ) .
2023-01-17 14:46:03 -07:00
Get ( reqToken ( auth_model . AccessTokenScopeReadApplication ) , user . ListOauth2Applications ) .
Post ( reqToken ( auth_model . AccessTokenScopeWriteApplication ) , bind ( api . CreateOAuth2ApplicationOptions { } ) , user . CreateOauth2Application )
2021-01-26 08:36:53 -07:00
m . Combo ( "/oauth2/{id}" ) .
2023-01-17 14:46:03 -07:00
Delete ( reqToken ( auth_model . AccessTokenScopeWriteApplication ) , user . DeleteOauth2Application ) .
Patch ( reqToken ( auth_model . AccessTokenScopeWriteApplication ) , bind ( api . CreateOAuth2ApplicationOptions { } ) , user . UpdateOauth2Application ) .
Get ( reqToken ( auth_model . AccessTokenScopeReadApplication ) , user . GetOauth2Application )
} )
2016-11-14 15:33:58 -07:00
2023-01-17 14:46:03 -07:00
// (admin:gpg_key scope)
2017-03-15 18:27:35 -07:00
m . Group ( "/gpg_keys" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Combo ( "" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadGPGKey ) , user . ListMyGPGKeys ) .
Post ( reqToken ( auth_model . AccessTokenScopeWriteGPGKey ) , bind ( api . CreateGPGKeyOption { } ) , user . CreateGPGKey )
m . Combo ( "/{id}" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadGPGKey ) , user . GetGPGKey ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWriteGPGKey ) , user . DeleteGPGKey )
2017-03-15 18:27:35 -07:00
} )
2023-01-17 14:46:03 -07:00
m . Get ( "/gpg_key_token" , reqToken ( auth_model . AccessTokenScopeReadGPGKey ) , user . GetVerificationToken )
m . Post ( "/gpg_key_verify" , reqToken ( auth_model . AccessTokenScopeReadGPGKey ) , bind ( api . VerifyGPGKeyOption { } ) , user . VerifyUserGPGKey )
2017-03-15 18:27:35 -07:00
2023-01-17 14:46:03 -07:00
// (repo scope)
m . Combo ( "/repos" , reqToken ( auth_model . AccessTokenScopeRepo ) ) . Get ( user . ListMyRepos ) .
2017-02-24 14:39:49 -07:00
Post ( bind ( api . CreateRepoOption { } ) , repo . Create )
2023-01-17 14:46:03 -07:00
// (repo scope)
2016-11-14 15:33:58 -07:00
m . Group ( "/starred" , func ( ) {
m . Get ( "" , user . GetMyStarredRepos )
2021-01-26 08:36:53 -07:00
m . Group ( "/{username}/{reponame}" , func ( ) {
2016-11-14 15:33:58 -07:00
m . Get ( "" , user . IsStarring )
m . Put ( "" , user . Star )
m . Delete ( "" , user . Unstar )
2016-12-29 06:17:32 -07:00
} , repoAssignment ( ) )
2023-01-17 14:46:03 -07:00
} , reqToken ( auth_model . AccessTokenScopeRepo ) )
m . Get ( "/times" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . ListMyTrackedTimes )
m . Get ( "/stopwatches" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . GetStopwatches )
m . Get ( "/subscriptions" , reqToken ( auth_model . AccessTokenScopeRepo ) , user . GetMyWatchedRepos )
m . Get ( "/teams" , reqToken ( auth_model . AccessTokenScopeRepo ) , org . ListUserTeams )
} , reqToken ( "" ) )
2015-12-04 15:16:42 -07:00
// Repositories
2023-01-17 14:46:03 -07:00
m . Post ( "/org/{org}/repos" , reqToken ( auth_model . AccessTokenScopeAdminOrg ) , bind ( api . CreateRepoOption { } ) , repo . CreateOrgRepoDeprecated )
2020-01-09 09:40:01 -07:00
2023-01-17 14:46:03 -07:00
m . Combo ( "/repositories/{id}" , reqToken ( auth_model . AccessTokenScopeRepo ) ) . Get ( repo . GetByID )
2015-12-04 15:16:42 -07:00
m . Group ( "/repos" , func ( ) {
m . Get ( "/search" , repo . Search )
2020-01-09 09:40:01 -07:00
m . Get ( "/issues/search" , repo . SearchIssues )
Allow cross-repository dependencies on issues (#7901)
* in progress changes for #7405, added ability to add cross-repo dependencies
* removed unused repolink var
* fixed query that was breaking ci tests; fixed check in issue dependency add so that the id of the issue and dependency is checked rather than the indexes
* reverted removal of string in local files becasue these are done via crowdin, not updated manually
* removed 'Select("issue.*")' from getBlockedByDependencies and getBlockingDependencies based on comments in PR review
* changed getBlockedByDependencies and getBlockingDependencies to use a more xorm-like query, also updated the sidebar as a result
* simplified the getBlockingDependencies and getBlockedByDependencies methods; changed the sidebar to show the dependencies in a different format where you can see the name of the repository
* made some changes to the issue view in the dependencies (issue name on top, repo full name on separate line). Change view of issue in the dependency search results (also showing the full repo name on separate line)
* replace call to FindUserAccessibleRepoIDs with SearchRepositoryByName. The former was hardcoded to use isPrivate = false on the repo search, but this code needed it to be true. The SearchRepositoryByName method is used more in the code including on the user's dashboard
* some more tweaks to the layout of the issues when showing dependencies and in the search box when you add new dependencies
* added Name to the RepositoryMeta struct
* updated swagger doc
* fixed total count for link header on SearchIssues
* fixed indentation
* fixed aligment of remove icon on dependencies in issue sidebar
* removed unnecessary nil check (unnecessary because issue.loadRepo is called prior to this block)
* reverting .css change, somehow missed or forgot that less is used
* updated less file and generated css; updated sidebar template with styles to line up delete and issue index
* added ordering to the blocked by/depends on queries
* fixed sorting in issue dependency search and the depends on/blocks views to show issues from the current repo first, then by created date descending; added a "all cross repository dependencies" setting to allow this feature to be turned off, if turned off, the issue dependency search will work the way it did before (restricted to the current repository)
* re-applied my swagger changes after merge
* fixed split string condition in issue search
* changed ALLOW_CROSS_REPOSITORY_DEPENDENCIES description to sound more global than just the issue dependency search; returning 400 in the cross repo issue search api method if not enabled; fixed bug where the issue count did not respect the state parameter
* when adding a dependency to an issue, added a check to make sure the issue and dependency are in the same repo if cross repo dependencies is not enabled
* updated sortIssuesSession call in PullRequests, another commit moved this method from pull.go to pull_list.go so I had to re-apply my change here
* fixed incorrect setting of user id parameter in search repos call
2019-10-30 22:06:10 -07:00
2023-01-17 14:46:03 -07:00
// (repo scope)
m . Post ( "/migrate" , reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . MigrateRepoOptions { } ) , repo . Migrate )
2015-12-04 15:16:42 -07:00
2021-01-26 08:36:53 -07:00
m . Group ( "/{username}/{reponame}" , func ( ) {
2018-11-28 04:26:14 -07:00
m . Combo ( "" ) . Get ( reqAnyRepoReader ( ) , repo . Get ) .
2023-01-17 14:46:03 -07:00
Delete ( reqToken ( auth_model . AccessTokenScopeDeleteRepo ) , reqOwner ( ) , repo . Delete ) .
Patch ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqAdmin ( ) , bind ( api . EditRepoOption { } ) , repo . Edit )
m . Post ( "/generate" , reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoReader ( unit . TypeCode ) , bind ( api . GenerateRepoOption { } ) , repo . Generate )
m . Group ( "/transfer" , func ( ) {
m . Post ( "" , reqOwner ( ) , bind ( api . TransferRepoOption { } ) , repo . Transfer )
m . Post ( "/accept" , repo . AcceptTransfer )
m . Post ( "/reject" , repo . RejectTransfer )
} , reqToken ( auth_model . AccessTokenScopeRepo ) )
m . Combo ( "/notifications" , reqToken ( auth_model . AccessTokenScopeNotification ) ) .
Get ( notify . ListRepoNotifications ) .
Put ( notify . ReadRepoNotifications )
2021-02-11 10:34:34 -07:00
m . Group ( "/hooks/git" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Combo ( "" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadRepoHook ) , repo . ListGitHooks )
2021-02-11 10:34:34 -07:00
m . Group ( "/{id}" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Combo ( "" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadRepoHook ) , repo . GetGitHook ) .
Patch ( reqToken ( auth_model . AccessTokenScopeWriteRepoHook ) , bind ( api . EditGitHookOption { } ) , repo . EditGitHook ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWriteRepoHook ) , repo . DeleteGitHook )
2021-02-11 10:34:34 -07:00
} )
2023-01-17 14:46:03 -07:00
} , reqAdmin ( ) , reqGitHook ( ) , context . ReferencesGitRepo ( true ) )
2016-07-16 17:08:38 -07:00
m . Group ( "/hooks" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Combo ( "" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadRepoHook ) , repo . ListHooks ) .
Post ( reqToken ( auth_model . AccessTokenScopeWriteRepoHook ) , bind ( api . CreateHookOption { } ) , repo . CreateHook )
2021-01-26 08:36:53 -07:00
m . Group ( "/{id}" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Combo ( "" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadRepoHook ) , repo . GetHook ) .
Patch ( reqToken ( auth_model . AccessTokenScopeWriteRepoHook ) , bind ( api . EditHookOption { } ) , repo . EditHook ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWriteRepoHook ) , repo . DeleteHook )
m . Post ( "/tests" , reqToken ( auth_model . AccessTokenScopeReadRepoHook ) , context . ReferencesGitRepo ( ) , context . RepoRefForAPI , repo . TestHook )
2018-04-28 23:21:33 -07:00
} )
2023-01-17 14:46:03 -07:00
} , reqAdmin ( ) , reqWebhooksEnabled ( ) )
2016-12-26 00:37:01 -07:00
m . Group ( "/collaborators" , func ( ) {
2020-04-21 08:22:04 -07:00
m . Get ( "" , reqAnyRepoReader ( ) , repo . ListCollaborators )
2022-04-29 05:24:38 -07:00
m . Group ( "/{collaborator}" , func ( ) {
m . Combo ( "" ) . Get ( reqAnyRepoReader ( ) , repo . IsCollaborator ) .
Put ( reqAdmin ( ) , bind ( api . AddCollaboratorOption { } ) , repo . AddCollaborator ) .
Delete ( reqAdmin ( ) , repo . DeleteCollaborator )
m . Get ( "/permission" , repo . GetRepoPermissions )
2023-01-17 14:46:03 -07:00
} )
} , reqToken ( auth_model . AccessTokenScopeRepo ) )
m . Get ( "/assignees" , reqToken ( auth_model . AccessTokenScopeRepo ) , reqAnyRepoReader ( ) , repo . GetAssignees )
m . Get ( "/reviewers" , reqToken ( auth_model . AccessTokenScopeRepo ) , reqAnyRepoReader ( ) , repo . GetReviewers )
2021-02-01 14:57:12 -07:00
m . Group ( "/teams" , func ( ) {
m . Get ( "" , reqAnyRepoReader ( ) , repo . ListTeams )
m . Combo ( "/{team}" ) . Get ( reqAnyRepoReader ( ) , repo . IsTeam ) .
Put ( reqAdmin ( ) , repo . AddTeam ) .
Delete ( reqAdmin ( ) , repo . DeleteTeam )
2023-01-17 14:46:03 -07:00
} , reqToken ( auth_model . AccessTokenScopeRepo ) )
2022-04-21 08:17:57 -07:00
m . Get ( "/raw/*" , context . ReferencesGitRepo ( ) , context . RepoRefForAPI , reqRepoReader ( unit . TypeCode ) , repo . GetRawFile )
2022-06-04 06:17:53 -07:00
m . Get ( "/media/*" , context . ReferencesGitRepo ( ) , context . RepoRefForAPI , reqRepoReader ( unit . TypeCode ) , repo . GetRawFileOrLFS )
2021-11-09 12:57:58 -07:00
m . Get ( "/archive/*" , reqRepoReader ( unit . TypeCode ) , repo . GetArchive )
2016-12-30 18:15:45 -07:00
m . Combo ( "/forks" ) . Get ( repo . ListForks ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoReader ( unit . TypeCode ) , bind ( api . CreateForkOption { } ) , repo . CreateFork )
2016-01-15 11:24:03 -07:00
m . Group ( "/branches" , func ( ) {
2022-04-21 08:17:57 -07:00
m . Get ( "" , repo . ListBranches )
m . Get ( "/*" , repo . GetBranch )
2023-01-17 14:46:03 -07:00
m . Delete ( "/*" , reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeCode ) , repo . DeleteBranch )
m . Post ( "" , reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeCode ) , bind ( api . CreateBranchRepoOption { } ) , repo . CreateBranch )
2022-04-21 08:17:57 -07:00
} , context . ReferencesGitRepo ( ) , reqRepoReader ( unit . TypeCode ) )
2020-02-12 16:19:35 -07:00
m . Group ( "/branch_protections" , func ( ) {
m . Get ( "" , repo . ListBranchProtections )
m . Post ( "" , bind ( api . CreateBranchProtectionOption { } ) , repo . CreateBranchProtection )
2021-01-26 08:36:53 -07:00
m . Group ( "/{name}" , func ( ) {
2020-02-12 16:19:35 -07:00
m . Get ( "" , repo . GetBranchProtection )
m . Patch ( "" , bind ( api . EditBranchProtectionOption { } ) , repo . EditBranchProtection )
m . Delete ( "" , repo . DeleteBranchProtection )
} )
2023-01-17 14:46:03 -07:00
} , reqToken ( auth_model . AccessTokenScopeRepo ) , reqAdmin ( ) )
2019-02-07 05:00:52 -07:00
m . Group ( "/tags" , func ( ) {
m . Get ( "" , repo . ListTags )
2021-06-23 14:08:47 -07:00
m . Get ( "/*" , repo . GetTag )
2023-01-17 14:46:03 -07:00
m . Post ( "" , reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeCode ) , bind ( api . CreateTagOption { } ) , repo . CreateTag )
m . Delete ( "/*" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . DeleteTag )
2021-11-09 12:57:58 -07:00
} , reqRepoReader ( unit . TypeCode ) , context . ReferencesGitRepo ( true ) )
2015-12-04 15:16:42 -07:00
m . Group ( "/keys" , func ( ) {
m . Combo ( "" ) . Get ( repo . ListDeployKeys ) .
Post ( bind ( api . CreateKeyOption { } ) , repo . CreateDeployKey )
2021-01-26 08:36:53 -07:00
m . Combo ( "/{id}" ) . Get ( repo . GetDeployKey ) .
2015-12-04 15:16:42 -07:00
Delete ( repo . DeleteDeploykey )
2023-01-17 14:46:03 -07:00
} , reqToken ( auth_model . AccessTokenScopeRepo ) , reqAdmin ( ) )
2017-09-11 23:48:13 -07:00
m . Group ( "/times" , func ( ) {
m . Combo ( "" ) . Get ( repo . ListTrackedTimesByRepository )
2021-01-26 08:36:53 -07:00
m . Combo ( "/{timetrackingusername}" ) . Get ( repo . ListTrackedTimesByUser )
2023-01-17 14:46:03 -07:00
} , mustEnableIssues , reqToken ( auth_model . AccessTokenScopeRepo ) )
2021-10-24 20:43:40 -07:00
m . Group ( "/wiki" , func ( ) {
m . Combo ( "/page/{pageName}" ) .
Get ( repo . GetWikiPage ) .
2023-01-17 14:46:03 -07:00
Patch ( mustNotBeArchived , reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeWiki ) , bind ( api . CreateWikiPageOptions { } ) , repo . EditWikiPage ) .
Delete ( mustNotBeArchived , reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeWiki ) , repo . DeleteWikiPage )
2021-10-24 20:43:40 -07:00
m . Get ( "/revisions/{pageName}" , repo . ListPageRevisions )
2023-01-17 14:46:03 -07:00
m . Post ( "/new" , mustNotBeArchived , reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeWiki ) , bind ( api . CreateWikiPageOptions { } ) , repo . NewWikiPage )
2021-10-24 20:43:40 -07:00
m . Get ( "/pages" , repo . ListWikiPages )
} , mustEnableWiki )
2016-03-13 20:20:22 -07:00
m . Group ( "/issues" , func ( ) {
2017-07-11 18:23:41 -07:00
m . Combo ( "" ) . Get ( repo . ListIssues ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , bind ( api . CreateIssueOption { } ) , repo . CreateIssue )
2016-12-22 01:29:26 -07:00
m . Group ( "/comments" , func ( ) {
m . Get ( "" , repo . ListRepoIssueComments )
2021-01-26 08:36:53 -07:00
m . Group ( "/{id}" , func ( ) {
2020-01-08 00:00:59 -07:00
m . Combo ( "" ) .
Get ( repo . GetIssueComment ) .
2023-01-17 14:46:03 -07:00
Patch ( mustNotBeArchived , reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . EditIssueCommentOption { } ) , repo . EditIssueComment ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , repo . DeleteIssueComment )
2020-01-02 14:27:31 -07:00
m . Combo ( "/reactions" ) .
2019-12-07 15:04:19 -07:00
Get ( repo . GetIssueCommentReactions ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . EditReactionOption { } ) , repo . PostIssueCommentReaction ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . EditReactionOption { } ) , repo . DeleteIssueCommentReaction )
2022-12-08 23:35:56 -07:00
m . Group ( "/assets" , func ( ) {
m . Combo ( "" ) .
Get ( repo . ListIssueCommentAttachments ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , repo . CreateIssueCommentAttachment )
2022-12-08 23:35:56 -07:00
m . Combo ( "/{asset}" ) .
Get ( repo . GetIssueCommentAttachment ) .
2023-01-17 14:46:03 -07:00
Patch ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , bind ( api . EditAttachmentOptions { } ) , repo . EditIssueCommentAttachment ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , repo . DeleteIssueCommentAttachment )
2022-12-08 23:35:56 -07:00
} , mustEnableAttachments )
2019-12-07 15:04:19 -07:00
} )
2016-12-22 01:29:26 -07:00
} )
2021-01-26 08:36:53 -07:00
m . Group ( "/{index}" , func ( ) {
2017-07-11 18:23:41 -07:00
m . Combo ( "" ) . Get ( repo . GetIssue ) .
2023-01-17 14:46:03 -07:00
Patch ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . EditIssueOption { } ) , repo . EditIssue ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqAdmin ( ) , context . ReferencesGitRepo ( ) , repo . DeleteIssue )
2016-08-26 11:23:21 -07:00
m . Group ( "/comments" , func ( ) {
2017-07-11 18:23:41 -07:00
m . Combo ( "" ) . Get ( repo . ListIssueComments ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , bind ( api . CreateIssueCommentOption { } ) , repo . CreateIssueComment )
m . Combo ( "/{id}" , reqToken ( auth_model . AccessTokenScopeRepo ) ) . Patch ( bind ( api . EditIssueCommentOption { } ) , repo . EditIssueCommentDeprecated ) .
2017-11-20 00:24:07 -07:00
Delete ( repo . DeleteIssueCommentDeprecated )
2016-08-26 11:23:21 -07:00
} )
2022-01-01 07:12:25 -07:00
m . Get ( "/timeline" , repo . ListIssueCommentsAndTimeline )
2016-08-03 09:24:16 -07:00
m . Group ( "/labels" , func ( ) {
2016-08-03 11:51:22 -07:00
m . Combo ( "" ) . Get ( repo . ListIssueLabels ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . IssueLabelsOption { } ) , repo . AddIssueLabels ) .
Put ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . IssueLabelsOption { } ) , repo . ReplaceIssueLabels ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , repo . ClearIssueLabels )
m . Delete ( "/{id}" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . DeleteIssueLabel )
2016-08-03 09:24:16 -07:00
} )
2017-09-11 23:48:13 -07:00
m . Group ( "/times" , func ( ) {
2020-01-08 14:14:00 -07:00
m . Combo ( "" ) .
2019-12-27 13:30:58 -07:00
Get ( repo . ListTrackedTimes ) .
Post ( bind ( api . AddTimeOption { } ) , repo . AddTime ) .
Delete ( repo . ResetIssueTime )
2021-01-26 08:36:53 -07:00
m . Delete ( "/{id}" , repo . DeleteTime )
2023-01-17 14:46:03 -07:00
} , reqToken ( auth_model . AccessTokenScopeRepo ) )
m . Combo ( "/deadline" ) . Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . EditDeadlineOption { } ) , repo . UpdateIssueDeadline )
2019-02-06 19:57:25 -07:00
m . Group ( "/stopwatch" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Post ( "/start" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . StartIssueStopwatch )
m . Post ( "/stop" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . StopIssueStopwatch )
m . Delete ( "/delete" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . DeleteIssueStopwatch )
2019-02-06 19:57:25 -07:00
} )
2019-11-02 08:27:49 -07:00
m . Group ( "/subscriptions" , func ( ) {
2019-11-20 07:50:54 -07:00
m . Get ( "" , repo . GetIssueSubscribers )
2023-01-17 14:46:03 -07:00
m . Get ( "/check" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . CheckIssueSubscription )
m . Put ( "/{user}" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . AddIssueSubscription )
m . Delete ( "/{user}" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . DelIssueSubscription )
2019-11-02 08:27:49 -07:00
} )
2020-01-02 14:27:31 -07:00
m . Combo ( "/reactions" ) .
2019-12-07 15:04:19 -07:00
Get ( repo . GetIssueReactions ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . EditReactionOption { } ) , repo . PostIssueReaction ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . EditReactionOption { } ) , repo . DeleteIssueReaction )
2022-12-08 23:35:56 -07:00
m . Group ( "/assets" , func ( ) {
m . Combo ( "" ) .
Get ( repo . ListIssueAttachments ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , repo . CreateIssueAttachment )
2022-12-08 23:35:56 -07:00
m . Combo ( "/{asset}" ) .
Get ( repo . GetIssueAttachment ) .
2023-01-17 14:46:03 -07:00
Patch ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , bind ( api . EditAttachmentOptions { } ) , repo . EditIssueAttachment ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , repo . DeleteIssueAttachment )
2022-12-08 23:35:56 -07:00
} , mustEnableAttachments )
2016-08-03 09:24:16 -07:00
} )
2018-09-03 10:20:54 -07:00
} , mustEnableIssuesOrPulls )
2016-08-03 09:24:16 -07:00
m . Group ( "/labels" , func ( ) {
m . Combo ( "" ) . Get ( repo . ListLabels ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeIssues , unit . TypePullRequests ) , bind ( api . CreateLabelOption { } ) , repo . CreateLabel )
2021-01-26 08:36:53 -07:00
m . Combo ( "/{id}" ) . Get ( repo . GetLabel ) .
2023-01-17 14:46:03 -07:00
Patch ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeIssues , unit . TypePullRequests ) , bind ( api . EditLabelOption { } ) , repo . EditLabel ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeIssues , unit . TypePullRequests ) , repo . DeleteLabel )
2016-03-13 15:49:16 -07:00
} )
2023-01-17 14:46:03 -07:00
m . Post ( "/markdown" , reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . MarkdownOption { } ) , misc . Markdown )
m . Post ( "/markdown/raw" , reqToken ( auth_model . AccessTokenScopeRepo ) , misc . MarkdownRaw )
2016-08-24 15:18:56 -07:00
m . Group ( "/milestones" , func ( ) {
m . Combo ( "" ) . Get ( repo . ListMilestones ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeIssues , unit . TypePullRequests ) , bind ( api . CreateMilestoneOption { } ) , repo . CreateMilestone )
2021-01-26 08:36:53 -07:00
m . Combo ( "/{id}" ) . Get ( repo . GetMilestone ) .
2023-01-17 14:46:03 -07:00
Patch ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeIssues , unit . TypePullRequests ) , bind ( api . EditMilestoneOption { } ) , repo . EditMilestone ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeIssues , unit . TypePullRequests ) , repo . DeleteMilestone )
2016-08-24 15:18:56 -07:00
} )
2017-01-06 00:05:09 -07:00
m . Get ( "/stargazers" , repo . ListStargazers )
2017-01-06 20:13:02 -07:00
m . Get ( "/subscribers" , repo . ListSubscribers )
2016-12-23 18:53:11 -07:00
m . Group ( "/subscription" , func ( ) {
m . Get ( "" , user . IsWatching )
2023-01-17 14:46:03 -07:00
m . Put ( "" , reqToken ( auth_model . AccessTokenScopeRepo ) , user . Watch )
m . Delete ( "" , reqToken ( auth_model . AccessTokenScopeRepo ) , user . Unwatch )
2016-12-29 06:17:32 -07:00
} )
2016-12-31 09:51:22 -07:00
m . Group ( "/releases" , func ( ) {
m . Combo ( "" ) . Get ( repo . ListReleases ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeReleases ) , context . ReferencesGitRepo ( ) , bind ( api . CreateReleaseOption { } ) , repo . CreateRelease )
2023-01-26 09:33:47 -07:00
m . Combo ( "/latest" ) . Get ( repo . GetLatestRelease )
2021-01-26 08:36:53 -07:00
m . Group ( "/{id}" , func ( ) {
2018-03-05 18:22:16 -07:00
m . Combo ( "" ) . Get ( repo . GetRelease ) .
2023-01-17 14:46:03 -07:00
Patch ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeReleases ) , context . ReferencesGitRepo ( ) , bind ( api . EditReleaseOption { } ) , repo . EditRelease ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeReleases ) , repo . DeleteRelease )
2018-03-05 18:22:16 -07:00
m . Group ( "/assets" , func ( ) {
m . Combo ( "" ) . Get ( repo . ListReleaseAttachments ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeReleases ) , repo . CreateReleaseAttachment )
2021-01-26 08:36:53 -07:00
m . Combo ( "/{asset}" ) . Get ( repo . GetReleaseAttachment ) .
2023-01-17 14:46:03 -07:00
Patch ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeReleases ) , bind ( api . EditAttachmentOptions { } ) , repo . EditReleaseAttachment ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeReleases ) , repo . DeleteReleaseAttachment )
2018-03-05 18:22:16 -07:00
} )
} )
2020-09-25 12:11:43 -07:00
m . Group ( "/tags" , func ( ) {
2021-01-26 08:36:53 -07:00
m . Combo ( "/{tag}" ) .
2021-02-07 11:32:18 -07:00
Get ( repo . GetReleaseByTag ) .
2023-01-17 14:46:03 -07:00
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeReleases ) , repo . DeleteReleaseByTag )
2020-09-25 12:11:43 -07:00
} )
2021-11-09 12:57:58 -07:00
} , reqRepoReader ( unit . TypeReleases ) )
2023-01-17 14:46:03 -07:00
m . Post ( "/mirror-sync" , reqToken ( auth_model . AccessTokenScopeRepo ) , reqRepoWriter ( unit . TypeCode ) , repo . MirrorSync )
m . Post ( "/push_mirrors-sync" , reqAdmin ( ) , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . PushMirrorSync )
2022-07-30 09:45:59 -07:00
m . Group ( "/push_mirrors" , func ( ) {
m . Combo ( "" ) . Get ( repo . ListPushMirrors ) .
Post ( bind ( api . CreatePushMirrorOption { } ) , repo . AddPushMirror )
m . Combo ( "/{name}" ) .
Delete ( repo . DeletePushMirrorByRemoteName ) .
Get ( repo . GetPushMirrorByName )
2023-01-17 14:46:03 -07:00
} , reqAdmin ( ) , reqToken ( auth_model . AccessTokenScopeRepo ) )
2022-07-30 09:45:59 -07:00
2022-04-21 08:17:57 -07:00
m . Get ( "/editorconfig/{filename}" , context . ReferencesGitRepo ( ) , context . RepoRefForAPI , reqRepoReader ( unit . TypeCode ) , repo . GetEditorconfig )
2016-12-02 04:10:39 -07:00
m . Group ( "/pulls" , func ( ) {
2021-01-26 08:36:53 -07:00
m . Combo ( "" ) . Get ( repo . ListPullRequests ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , bind ( api . CreatePullRequestOption { } ) , repo . CreatePullRequest )
2021-01-26 08:36:53 -07:00
m . Group ( "/{index}" , func ( ) {
2017-07-11 18:23:41 -07:00
m . Combo ( "" ) . Get ( repo . GetPullRequest ) .
2023-01-17 14:46:03 -07:00
Patch ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . EditPullRequestOption { } ) , repo . EditPullRequest )
2021-09-21 16:04:53 -07:00
m . Get ( ".{diffType:diff|patch}" , repo . DownloadPullDiffOrPatch )
2023-01-17 14:46:03 -07:00
m . Post ( "/update" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . UpdatePullRequest )
2021-07-02 05:19:57 -07:00
m . Get ( "/commits" , repo . GetPullRequestCommits )
2022-09-28 19:27:20 -07:00
m . Get ( "/files" , repo . GetPullRequestFiles )
2017-07-11 18:23:41 -07:00
m . Combo ( "/merge" ) . Get ( repo . IsPullRequestMerged ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , bind ( forms . MergePullRequestForm { } ) , repo . MergePullRequest ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , mustNotBeArchived , repo . CancelScheduledAutoMerge )
2020-05-01 17:20:51 -07:00
m . Group ( "/reviews" , func ( ) {
m . Combo ( "" ) .
Get ( repo . ListPullReviews ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . CreatePullReviewOptions { } ) , repo . CreatePullReview )
2021-01-26 08:36:53 -07:00
m . Group ( "/{id}" , func ( ) {
2020-05-01 17:20:51 -07:00
m . Combo ( "" ) .
Get ( repo . GetPullReview ) .
2023-01-17 14:46:03 -07:00
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , repo . DeletePullReview ) .
Post ( reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . SubmitPullReviewOptions { } ) , repo . SubmitPullReview )
2020-05-01 17:20:51 -07:00
m . Combo ( "/comments" ) .
Get ( repo . GetPullReviewComments )
2023-01-17 14:46:03 -07:00
m . Post ( "/dismissals" , reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . DismissPullReviewOptions { } ) , repo . DismissPullReview )
m . Post ( "/undismissals" , reqToken ( auth_model . AccessTokenScopeRepo ) , repo . UnDismissPullReview )
2020-05-01 17:20:51 -07:00
} )
} )
2023-01-17 14:46:03 -07:00
m . Combo ( "/requested_reviewers" , reqToken ( auth_model . AccessTokenScopeRepo ) ) .
Delete ( bind ( api . PullReviewRequestOptions { } ) , repo . DeleteReviewRequests ) .
Post ( bind ( api . PullReviewRequestOptions { } ) , repo . CreateReviewRequests )
2016-12-02 04:10:39 -07:00
} )
2022-04-21 08:17:57 -07:00
} , mustAllowPulls , reqRepoReader ( unit . TypeCode ) , context . ReferencesGitRepo ( ) )
2017-04-21 04:32:31 -07:00
m . Group ( "/statuses" , func ( ) {
2021-01-26 08:36:53 -07:00
m . Combo ( "/{sha}" ) . Get ( repo . GetCommitStatuses ) .
2023-01-17 14:46:03 -07:00
Post ( reqToken ( auth_model . AccessTokenScopeRepoStatus ) , reqRepoWriter ( unit . TypeCode ) , bind ( api . CreateStatusOption { } ) , repo . NewCommitStatus )
2021-11-09 12:57:58 -07:00
} , reqRepoReader ( unit . TypeCode ) )
2019-08-26 07:09:10 -07:00
m . Group ( "/commits" , func ( ) {
2022-04-21 08:17:57 -07:00
m . Get ( "" , context . ReferencesGitRepo ( ) , repo . GetAllCommits )
2021-01-26 08:36:53 -07:00
m . Group ( "/{ref}" , func ( ) {
2019-08-26 07:09:10 -07:00
m . Get ( "/status" , repo . GetCombinedCommitStatusByRef )
m . Get ( "/statuses" , repo . GetCommitStatusesByRef )
2022-04-30 07:32:01 -07:00
} , context . ReferencesGitRepo ( ) )
2021-11-09 12:57:58 -07:00
} , reqRepoReader ( unit . TypeCode ) )
2018-11-27 14:52:20 -07:00
m . Group ( "/git" , func ( ) {
2019-02-02 20:35:17 -07:00
m . Group ( "/commits" , func ( ) {
2022-04-21 08:17:57 -07:00
m . Get ( "/{sha}" , repo . GetSingleCommit )
2021-09-20 09:14:29 -07:00
m . Get ( "/{sha}.{diffType:diff|patch}" , repo . DownloadCommitDiffOrPatch )
2019-02-02 20:35:17 -07:00
} )
2018-11-27 14:52:20 -07:00
m . Get ( "/refs" , repo . GetGitAllRefs )
m . Get ( "/refs/*" , repo . GetGitRefs )
2022-04-21 08:17:57 -07:00
m . Get ( "/trees/{sha}" , repo . GetTree )
m . Get ( "/blobs/{sha}" , repo . GetBlob )
m . Get ( "/tags/{sha}" , repo . GetAnnotatedTag )
2021-08-10 18:01:40 -07:00
m . Get ( "/notes/{sha}" , repo . GetNote )
2023-01-15 07:33:25 -07:00
} , context . ReferencesGitRepo ( true ) , reqRepoReader ( unit . TypeCode ) )
2023-01-17 14:46:03 -07:00
m . Post ( "/diffpatch" , reqRepoWriter ( unit . TypeCode ) , reqToken ( auth_model . AccessTokenScopeRepo ) , bind ( api . ApplyDiffPatchFileOptions { } ) , repo . ApplyDiffPatch )
2019-04-17 09:06:35 -07:00
m . Group ( "/contents" , func ( ) {
2019-06-29 13:51:10 -07:00
m . Get ( "" , repo . GetContentsList )
m . Get ( "/*" , repo . GetContents )
2019-04-17 09:06:35 -07:00
m . Group ( "/*" , func ( ) {
2022-04-28 08:45:33 -07:00
m . Post ( "" , bind ( api . CreateFileOptions { } ) , reqRepoBranchWriter , repo . CreateFile )
m . Put ( "" , bind ( api . UpdateFileOptions { } ) , reqRepoBranchWriter , repo . UpdateFile )
m . Delete ( "" , bind ( api . DeleteFileOptions { } ) , reqRepoBranchWriter , repo . DeleteFile )
2023-01-17 14:46:03 -07:00
} , reqToken ( auth_model . AccessTokenScopeRepo ) )
2021-11-09 12:57:58 -07:00
} , reqRepoReader ( unit . TypeCode ) )
2019-10-16 06:42:42 -07:00
m . Get ( "/signing-key.gpg" , misc . SigningKey )
2019-09-03 08:46:24 -07:00
m . Group ( "/topics" , func ( ) {
m . Combo ( "" ) . Get ( repo . ListTopics ) .
2023-01-17 14:46:03 -07:00
Put ( reqToken ( auth_model . AccessTokenScopeRepo ) , reqAdmin ( ) , bind ( api . RepoTopicOptions { } ) , repo . UpdateTopics )
2021-01-26 08:36:53 -07:00
m . Group ( "/{topic}" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Combo ( "" ) . Put ( reqToken ( auth_model . AccessTokenScopeRepo ) , repo . AddTopic ) .
Delete ( reqToken ( auth_model . AccessTokenScopeRepo ) , repo . DeleteTopic )
2019-09-03 08:46:24 -07:00
} , reqAdmin ( ) )
} , reqAnyRepoReader ( ) )
2022-04-21 08:17:57 -07:00
m . Get ( "/issue_templates" , context . ReferencesGitRepo ( ) , repo . GetIssueTemplates )
2021-11-09 12:57:58 -07:00
m . Get ( "/languages" , reqRepoReader ( unit . TypeCode ) , repo . GetLanguages )
2016-08-04 17:08:01 -07:00
} , repoAssignment ( ) )
2017-07-11 18:23:41 -07:00
} )
2015-12-04 15:16:42 -07:00
2022-11-12 11:59:15 -07:00
// NOTE: these are Gitea package management API - see packages.CommonRoutes and packages.DockerContainerRoutes for endpoints that implement package manager APIs
2022-03-30 01:42:47 -07:00
m . Group ( "/packages/{username}" , func ( ) {
m . Group ( "/{type}/{name}/{version}" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Get ( "" , reqToken ( auth_model . AccessTokenScopeReadPackage ) , packages . GetPackage )
m . Delete ( "" , reqToken ( auth_model . AccessTokenScopeDeletePackage ) , reqPackageAccess ( perm . AccessModeWrite ) , packages . DeletePackage )
m . Get ( "/files" , reqToken ( auth_model . AccessTokenScopeReadPackage ) , packages . ListPackageFiles )
2022-03-30 01:42:47 -07:00
} )
2023-01-17 14:46:03 -07:00
m . Get ( "/" , reqToken ( auth_model . AccessTokenScopeReadPackage ) , packages . ListPackages )
2022-03-30 01:42:47 -07:00
} , context_service . UserAssignmentAPI ( ) , context . PackageAssignmentAPI ( ) , reqPackageAccess ( perm . AccessModeRead ) )
2015-12-17 00:28:47 -07:00
// Organizations
2023-01-17 14:46:03 -07:00
m . Get ( "/user/orgs" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . ListMyOrgs )
2021-10-12 03:47:19 -07:00
m . Group ( "/users/{username}/orgs" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Get ( "" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . ListUserOrgs )
m . Get ( "/{org}/permissions" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . GetUserOrgsPermissions )
2022-03-26 02:04:22 -07:00
} , context_service . UserAssignmentAPI ( ) )
2023-01-17 14:46:03 -07:00
m . Post ( "/orgs" , reqToken ( auth_model . AccessTokenScopeWriteOrg ) , bind ( api . CreateOrgOption { } ) , org . Create )
m . Get ( "/orgs" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . GetAll )
2021-01-26 08:36:53 -07:00
m . Group ( "/orgs/{org}" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Combo ( "" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . Get ) .
Patch ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , bind ( api . EditOrgOption { } ) , org . Edit ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , org . Delete )
m . Combo ( "/repos" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadOrg ) , user . ListOrgRepos ) .
Post ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , bind ( api . CreateRepoOption { } ) , repo . CreateOrgRepo )
2017-01-19 19:31:46 -07:00
m . Group ( "/members" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Get ( "" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . ListMembers )
m . Combo ( "/{username}" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . IsMember ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , org . DeleteMember )
2017-01-19 19:31:46 -07:00
} )
m . Group ( "/public_members" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Get ( "" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . ListPublicMembers )
m . Combo ( "/{username}" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . IsPublicMember ) .
Put ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgMembership ( ) , org . PublicizeMember ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgMembership ( ) , org . ConcealMember )
2017-01-19 19:31:46 -07:00
} )
2019-09-30 22:32:28 -07:00
m . Group ( "/teams" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Get ( "" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . ListTeams )
m . Post ( "" , reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , bind ( api . CreateTeamOption { } ) , org . CreateTeam )
m . Get ( "/search" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . SearchTeam )
} , reqOrgMembership ( ) )
Add Organization Wide Labels (#10814)
* Add organization wide labels
Implement organization wide labels similar to organization wide
webhooks. This lets you create individual labels for organizations that can be used
for all repos under that organization (so being able to reuse the same
label across multiple repos).
This makes it possible for small organizations with many repos to use
labels effectively.
Fixes #7406
* Add migration
* remove comments
* fix tests
* Update options/locale/locale_en-US.ini
Removed unused translation string
* show org labels in issue search label filter
* Use more clear var name
* rename migration after merge from master
* comment typo
* update migration again after rebase with master
* check for orgID <=0 per guillep2k review
* fmt
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* remove unused code
* Make sure RepoID is 0 when searching orgID per code review
* more changes/code review requests
* More descriptive translation var per code review
* func description/delete comment when issue label deleted instead of hiding it
* remove comment
* only use issues in that repo when calculating number of open issues for org label on repo label page
* Add integration test for IssuesSearch API with labels
* remove unused function
* Update models/issue_label.go
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Use subquery in GetLabelIDsInReposByNames
* Fix tests to use correct orgID
* fix more tests
* IssuesSearch api now uses new BuildLabelNamesIssueIDsCondition. Add a few more tests as well
* update comment for clarity
* Revert previous code change now that we can use the new BuildLabelNamesIssueIDsCondition
* Don't sort repos by date in IssuesSearch API
After much debugging I've found a strange issue where in some cases MySQL will return a different result than other enigines if a query is sorted by a null collumn. For example with our integration test data where we don't set updated_unix in repository fixtures:
SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `avatar`, `created_unix`, `updated_unix` FROM `repository` ORDER BY updated_unix DESC LIMIT 15 OFFSET 45
Returns different results for MySQL than other engines. However, the similar query:
SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `avatar`, `created_unix`, `updated_unix` FROM `repository` ORDER BY updated_unix DESC LIMIT 15 OFFSET 30
Returns the same results.
This causes integration tests to fail on MySQL in certain cases but would never show up in a real installation. Since this API call always returns issues based on the optionally provided repo_priority_id or the issueID itself, there is no change to results by changing the repo sorting method used to get ids earlier in the function.
* linter is back!
* code review
* remove now unused option
* Fix newline at end of files
* more unused code
* update to master
* check for matching ids before query
* Update models/issue_label.go
Co-Authored-By: 6543 <6543@obermui.de>
* Update models/issue_label.go
* update comments
* Update routers/org/setting.go
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
2020-03-31 21:14:46 -07:00
m . Group ( "/labels" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Get ( "" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . ListLabels )
m . Post ( "" , reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , bind ( api . CreateLabelOption { } ) , org . CreateLabel )
m . Combo ( "/{id}" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . GetLabel ) .
Patch ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , bind ( api . EditLabelOption { } ) , org . EditLabel ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , org . DeleteLabel )
Add Organization Wide Labels (#10814)
* Add organization wide labels
Implement organization wide labels similar to organization wide
webhooks. This lets you create individual labels for organizations that can be used
for all repos under that organization (so being able to reuse the same
label across multiple repos).
This makes it possible for small organizations with many repos to use
labels effectively.
Fixes #7406
* Add migration
* remove comments
* fix tests
* Update options/locale/locale_en-US.ini
Removed unused translation string
* show org labels in issue search label filter
* Use more clear var name
* rename migration after merge from master
* comment typo
* update migration again after rebase with master
* check for orgID <=0 per guillep2k review
* fmt
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* remove unused code
* Make sure RepoID is 0 when searching orgID per code review
* more changes/code review requests
* More descriptive translation var per code review
* func description/delete comment when issue label deleted instead of hiding it
* remove comment
* only use issues in that repo when calculating number of open issues for org label on repo label page
* Add integration test for IssuesSearch API with labels
* remove unused function
* Update models/issue_label.go
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Use subquery in GetLabelIDsInReposByNames
* Fix tests to use correct orgID
* fix more tests
* IssuesSearch api now uses new BuildLabelNamesIssueIDsCondition. Add a few more tests as well
* update comment for clarity
* Revert previous code change now that we can use the new BuildLabelNamesIssueIDsCondition
* Don't sort repos by date in IssuesSearch API
After much debugging I've found a strange issue where in some cases MySQL will return a different result than other enigines if a query is sorted by a null collumn. For example with our integration test data where we don't set updated_unix in repository fixtures:
SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `avatar`, `created_unix`, `updated_unix` FROM `repository` ORDER BY updated_unix DESC LIMIT 15 OFFSET 45
Returns different results for MySQL than other engines. However, the similar query:
SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `avatar`, `created_unix`, `updated_unix` FROM `repository` ORDER BY updated_unix DESC LIMIT 15 OFFSET 30
Returns the same results.
This causes integration tests to fail on MySQL in certain cases but would never show up in a real installation. Since this API call always returns issues based on the optionally provided repo_priority_id or the issueID itself, there is no change to results by changing the repo sorting method used to get ids earlier in the function.
* linter is back!
* code review
* remove now unused option
* Fix newline at end of files
* more unused code
* update to master
* check for matching ids before query
* Update models/issue_label.go
Co-Authored-By: 6543 <6543@obermui.de>
* Update models/issue_label.go
* update comments
* Update routers/org/setting.go
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
2020-03-31 21:14:46 -07:00
} )
2016-12-06 21:36:28 -07:00
m . Group ( "/hooks" , func ( ) {
m . Combo ( "" ) . Get ( org . ListHooks ) .
Post ( bind ( api . CreateHookOption { } ) , org . CreateHook )
2021-01-26 08:36:53 -07:00
m . Combo ( "/{id}" ) . Get ( org . GetHook ) .
2019-07-02 22:31:29 -07:00
Patch ( bind ( api . EditHookOption { } ) , org . EditHook ) .
Delete ( org . DeleteHook )
2023-01-17 14:46:03 -07:00
} , reqToken ( auth_model . AccessTokenScopeAdminOrgHook ) , reqOrgOwnership ( ) , reqWebhooksEnabled ( ) )
2016-08-04 17:08:01 -07:00
} , orgAssignment ( true ) )
2021-01-26 08:36:53 -07:00
m . Group ( "/teams/{teamid}" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Combo ( "" ) . Get ( reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . GetTeam ) .
Patch ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , bind ( api . EditTeamOption { } ) , org . EditTeam ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , org . DeleteTeam )
2017-01-19 22:16:10 -07:00
m . Group ( "/members" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Get ( "" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . GetTeamMembers )
2021-01-26 08:36:53 -07:00
m . Combo ( "/{username}" ) .
2023-01-17 14:46:03 -07:00
Get ( reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . GetTeamMember ) .
Put ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , org . AddTeamMember ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , reqOrgOwnership ( ) , org . RemoveTeamMember )
2017-01-19 22:16:10 -07:00
} )
m . Group ( "/repos" , func ( ) {
2023-01-17 14:46:03 -07:00
m . Get ( "" , reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . GetTeamRepos )
2021-01-26 08:36:53 -07:00
m . Combo ( "/{org}/{reponame}" ) .
2023-01-17 14:46:03 -07:00
Put ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , org . AddTeamRepository ) .
Delete ( reqToken ( auth_model . AccessTokenScopeWriteOrg ) , org . RemoveTeamRepository ) .
Get ( reqToken ( auth_model . AccessTokenScopeReadOrg ) , org . GetTeamRepo )
2017-01-19 22:16:10 -07:00
} )
2023-01-17 14:46:03 -07:00
} , orgAssignment ( false , true ) , reqToken ( "" ) , reqTeamMembership ( ) )
2015-12-17 00:28:47 -07:00
2015-12-05 15:13:13 -07:00
m . Group ( "/admin" , func ( ) {
2020-08-24 08:48:15 -07:00
m . Group ( "/cron" , func ( ) {
m . Get ( "" , admin . ListCronTasks )
2021-01-26 08:36:53 -07:00
m . Post ( "/{task}" , admin . PostCronTask )
2020-08-24 08:48:15 -07:00
} )
2019-01-23 15:30:19 -07:00
m . Get ( "/orgs" , admin . GetAllOrgs )
2015-12-05 15:13:13 -07:00
m . Group ( "/users" , func ( ) {
2019-01-23 15:30:19 -07:00
m . Get ( "" , admin . GetAllUsers )
2015-12-05 15:13:13 -07:00
m . Post ( "" , bind ( api . CreateUserOption { } ) , admin . CreateUser )
2021-01-26 08:36:53 -07:00
m . Group ( "/{username}" , func ( ) {
2015-12-05 15:13:13 -07:00
m . Combo ( "" ) . Patch ( bind ( api . EditUserOption { } ) , admin . EditUser ) .
Delete ( admin . DeleteUser )
2017-12-06 03:27:10 -07:00
m . Group ( "/keys" , func ( ) {
m . Post ( "" , bind ( api . CreateKeyOption { } ) , admin . CreatePublicKey )
2021-01-26 08:36:53 -07:00
m . Delete ( "/{id}" , admin . DeleteUserPublicKey )
2017-12-06 03:27:10 -07:00
} )
2019-01-23 15:30:19 -07:00
m . Get ( "/orgs" , org . ListUserOrgs )
2015-12-17 00:28:47 -07:00
m . Post ( "/orgs" , bind ( api . CreateOrgOption { } ) , admin . CreateOrg )
2015-12-17 20:57:41 -07:00
m . Post ( "/repos" , bind ( api . CreateRepoOption { } ) , admin . CreateRepo )
2022-03-26 02:04:22 -07:00
} , context_service . UserAssignmentAPI ( ) )
2015-12-05 15:13:13 -07:00
} )
2020-09-24 21:09:23 -07:00
m . Group ( "/unadopted" , func ( ) {
m . Get ( "" , admin . ListUnadoptedRepositories )
2021-01-26 08:36:53 -07:00
m . Post ( "/{username}/{reponame}" , admin . AdoptRepository )
m . Delete ( "/{username}/{reponame}" , admin . DeleteUnadoptedRepository )
2020-09-24 21:09:23 -07:00
} )
2023-01-28 11:12:10 -07:00
m . Group ( "/hooks" , func ( ) {
m . Combo ( "" ) . Get ( admin . ListHooks ) .
Post ( bind ( api . CreateHookOption { } ) , admin . CreateHook )
m . Combo ( "/{id}" ) . Get ( admin . GetHook ) .
Patch ( bind ( api . EditHookOption { } ) , admin . EditHook ) .
Delete ( admin . DeleteHook )
} )
2023-01-17 14:46:03 -07:00
} , reqToken ( auth_model . AccessTokenScopeSudo ) , reqSiteAdmin ( ) )
2018-04-10 19:51:44 -07:00
m . Group ( "/topics" , func ( ) {
m . Get ( "/search" , repo . TopicSearch )
} )
2021-01-26 08:36:53 -07:00
} , sudo ( ) )
return m
2019-05-13 08:38:53 -07:00
}
2021-01-26 08:36:53 -07:00
func securityHeaders ( ) func ( http . Handler ) http . Handler {
return func ( next http . Handler ) http . Handler {
return http . HandlerFunc ( func ( resp http . ResponseWriter , req * http . Request ) {
2019-05-13 08:38:53 -07:00
// CORB: https://www.chromium.org/Home/chromium-security/corb-for-developers
// http://stackoverflow.com/a/3146618/244009
2021-01-26 08:36:53 -07:00
resp . Header ( ) . Set ( "x-content-type-options" , "nosniff" )
next . ServeHTTP ( resp , req )
2019-05-13 08:38:53 -07:00
} )
}
2015-12-04 15:16:42 -07:00
}