diff options
| author | Unknwon <u@gogs.io> | 2015-08-06 22:48:11 +0800 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2015-08-06 22:48:11 +0800 |
| commit | 39a3b768bc8b0288cb4aa91d27485f46cfbfeb29 (patch) | |
| tree | bef625e010018151863344d9da3ff22d2dfbc8f9 /cmd/serve.go | |
| parent | 9f12ab0e8847682a686fdb843922a761bbb5c225 (diff) | |
| download | gitea-39a3b768bc8b0288cb4aa91d27485f46cfbfeb29.tar.gz gitea-39a3b768bc8b0288cb4aa91d27485f46cfbfeb29.zip | |
#334: Add Deployment Key Support
Diffstat (limited to 'cmd/serve.go')
| -rw-r--r-- | cmd/serve.go | 71 |
1 files changed, 47 insertions, 24 deletions
diff --git a/cmd/serve.go b/cmd/serve.go index ecf07114f2..9638da8bae 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -71,17 +71,17 @@ var ( } ) +func fail(userMessage, logMessage string, args ...interface{}) { + fmt.Fprintln(os.Stderr, "Gogs:", userMessage) + log.GitLogger.Fatal(3, logMessage, args...) +} + func runServ(c *cli.Context) { if c.IsSet("config") { setting.CustomConf = c.String("config") } setup("serv.log") - fail := func(userMessage, logMessage string, args ...interface{}) { - fmt.Fprintln(os.Stderr, "Gogs:", userMessage) - log.GitLogger.Fatal(3, logMessage, args...) - } - if len(c.Args()) < 1 { fail("Not enough arguments", "Not enough arguments") } @@ -131,30 +131,53 @@ func runServ(c *cli.Context) { if requestedMode == models.ACCESS_MODE_WRITE || repo.IsPrivate { keys := strings.Split(c.Args()[0], "-") if len(keys) != 2 { - fail("key-id format error", "Invalid key id: %s", c.Args()[0]) + fail("Key ID format error", "Invalid key ID: %s", c.Args()[0]) } - keyID, err = com.StrTo(keys[1]).Int64() + key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64()) if err != nil { - fail("key-id format error", "Invalid key id: %s", err) + fail("Key ID format error", "Invalid key ID[%s]: %v", c.Args()[0], err) } + keyID = key.ID - user, err = models.GetUserByKeyId(keyID) - if err != nil { - fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err) - } + // Check deploy key or user key. + if key.Type == models.KEY_TYPE_DEPLOY { + if key.Mode < requestedMode { + fail("Key permission denied", "Cannot push with deployment key: %d", key.ID) + } + // Check if this deploy key belongs to current repository. + if !models.HasDeployKey(key.ID, repo.Id) { + fail("Key access denied", "Key access denied: %d-%d", key.ID, repo.Id) + } - mode, err := models.AccessLevel(user, repo) - if err != nil { - fail("Internal error", "Fail to check access: %v", err) - } else if mode < requestedMode { - clientMessage := _ACCESS_DENIED_MESSAGE - if mode >= models.ACCESS_MODE_READ { - clientMessage = "You do not have sufficient authorization for this action" + // Update deploy key activity. + deployKey, err := models.GetDeployKeyByRepo(key.ID, repo.Id) + if err != nil { + fail("Internal error", "GetDeployKey: %v", err) + } + + deployKey.Updated = time.Now() + if err = models.UpdateDeployKey(deployKey); err != nil { + fail("Internal error", "UpdateDeployKey: %v", err) + } + } else { + user, err = models.GetUserByKeyId(key.ID) + if err != nil { + fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err) + } + + mode, err := models.AccessLevel(user, repo) + if err != nil { + fail("Internal error", "Fail to check access: %v", err) + } else if mode < requestedMode { + clientMessage := _ACCESS_DENIED_MESSAGE + if mode >= models.ACCESS_MODE_READ { + clientMessage = "You do not have sufficient authorization for this action" + } + fail(clientMessage, + "User %s does not have level %v access to repository %s", + user.Name, requestedMode, repoPath) } - fail(clientMessage, - "User %s does not have level %v access to repository %s", - user.Name, requestedMode, repoPath) } } @@ -201,9 +224,9 @@ func runServ(c *cli.Context) { resp.Body.Close() } - // Update key activity. + // Update user key activity. if keyID > 0 { - key, err := models.GetPublicKeyById(keyID) + key, err := models.GetPublicKeyByID(keyID) if err != nil { fail("Internal error", "GetPublicKeyById: %v", err) } |