diff options
| author | John Smith <me@madao.dev> | 2025-03-18 03:24:54 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-17 19:24:54 +0000 |
| commit | 8f051d598cd2c16878a293eaee2aee9891ef74e6 (patch) | |
| tree | d4b886a6aaffc85a27b014bdb091a731b65027cf /models/secret | |
| parent | 9d7c02f9f75d2e7b2131831ed37184f9fe386efc (diff) | |
| download | gitea-8f051d598cd2c16878a293eaee2aee9891ef74e6.tar.gz gitea-8f051d598cd2c16878a293eaee2aee9891ef74e6.zip | |
Added Description Field for Secrets and Variables (#33526)
Fixes #33484
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'models/secret')
| -rw-r--r-- | models/secret/secret.go | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/models/secret/secret.go b/models/secret/secret.go index eab9cf0712..10a0287dfd 100644 --- a/models/secret/secret.go +++ b/models/secret/secret.go @@ -40,9 +40,15 @@ type Secret struct { RepoID int64 `xorm:"INDEX UNIQUE(owner_repo_name) NOT NULL DEFAULT 0"` Name string `xorm:"UNIQUE(owner_repo_name) NOT NULL"` Data string `xorm:"LONGTEXT"` // encrypted data + Description string `xorm:"TEXT"` CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"` } +const ( + SecretDataMaxLength = 65536 + SecretDescriptionMaxLength = 4096 +) + // ErrSecretNotFound represents a "secret not found" error. type ErrSecretNotFound struct { Name string @@ -57,7 +63,7 @@ func (err ErrSecretNotFound) Unwrap() error { } // InsertEncryptedSecret Creates, encrypts, and validates a new secret with yet unencrypted data and insert into database -func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, data string) (*Secret, error) { +func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, data, description string) (*Secret, error) { if ownerID != 0 && repoID != 0 { // It's trying to create a secret that belongs to a repository, but OwnerID has been set accidentally. // Remove OwnerID to avoid confusion; it's not worth returning an error here. @@ -67,15 +73,23 @@ func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, dat return nil, fmt.Errorf("%w: ownerID and repoID cannot be both zero, global secrets are not supported", util.ErrInvalidArgument) } + if len(data) > SecretDataMaxLength { + return nil, util.NewInvalidArgumentErrorf("data too long") + } + + description = util.TruncateRunes(description, SecretDescriptionMaxLength) + encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data) if err != nil { return nil, err } + secret := &Secret{ - OwnerID: ownerID, - RepoID: repoID, - Name: strings.ToUpper(name), - Data: encrypted, + OwnerID: ownerID, + RepoID: repoID, + Name: strings.ToUpper(name), + Data: encrypted, + Description: description, } return secret, db.Insert(ctx, secret) } @@ -114,16 +128,23 @@ func (opts FindSecretsOptions) ToConds() builder.Cond { } // UpdateSecret changes org or user reop secret. -func UpdateSecret(ctx context.Context, secretID int64, data string) error { +func UpdateSecret(ctx context.Context, secretID int64, data, description string) error { + if len(data) > SecretDataMaxLength { + return util.NewInvalidArgumentErrorf("data too long") + } + + description = util.TruncateRunes(description, SecretDescriptionMaxLength) + encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data) if err != nil { return err } s := &Secret{ - Data: encrypted, + Data: encrypted, + Description: description, } - affected, err := db.GetEngine(ctx).ID(secretID).Cols("data").Update(s) + affected, err := db.GetEngine(ctx).ID(secretID).Cols("data", "description").Update(s) if affected != 1 { return ErrSecretNotFound{} } |