Add tag protection (#15629)

* Added tag protection in hook.

* Prevent UI tag creation if protected.

* Added settings page.

* Added tests.

* Added suggestions.

* Moved tests.

* Use individual errors.

* Removed unneeded methods.

* Switched delete selector.

* Changed method names.

* No reason to be unique.

* Allow editing of protected tags.

* Removed unique key from migration.

* Added docs page.

* Changed date.

* Respond with 404 to not found tags.

* Replaced glob with regex pattern.

* Added support for glob and regex pattern.

* Updated documentation.

* Changed white* to allow*.

* Fixed edit button link.

* Added cancel button.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

4 files changed, 117 insertions, 11 deletions

diff --git a/modules/validation/binding.go b/modules/validation/binding.go
index 5cfd994d2d..4cef48daf3 100644
--- a/modules/validation/binding.go
+++ b/modules/validation/binding.go
@@ -19,6 +19,9 @@ const (
 
 	// ErrGlobPattern is returned when glob pattern is invalid
 	ErrGlobPattern = "GlobPattern"
+
+	// ErrRegexPattern is returned when a regex pattern is invalid
+	ErrRegexPattern = "RegexPattern"
 )
 
 var (
@@ -53,6 +56,8 @@ func AddBindingRules() {
 	addGitRefNameBindingRule()
 	addValidURLBindingRule()
 	addGlobPatternRule()
+	addRegexPatternRule()
+	addGlobOrRegexPatternRule()
 }
 
 func addGitRefNameBindingRule() {
@@ -102,17 +107,55 @@ func addGlobPatternRule() {
 		IsMatch: func(rule string) bool {
 			return rule == "GlobPattern"
 		},
+		IsValid: globPatternValidator,
+	})
+}
+
+func globPatternValidator(errs binding.Errors, name string, val interface{}) (bool, binding.Errors) {
+	str := fmt.Sprintf("%v", val)
+
+	if len(str) != 0 {
+		if _, err := glob.Compile(str); err != nil {
+			errs.Add([]string{name}, ErrGlobPattern, err.Error())
+			return false, errs
+		}
+	}
+
+	return true, errs
+}
+
+func addRegexPatternRule() {
+	binding.AddRule(&binding.Rule{
+		IsMatch: func(rule string) bool {
+			return rule == "RegexPattern"
+		},
+		IsValid: regexPatternValidator,
+	})
+}
+
+func regexPatternValidator(errs binding.Errors, name string, val interface{}) (bool, binding.Errors) {
+	str := fmt.Sprintf("%v", val)
+
+	if _, err := regexp.Compile(str); err != nil {
+		errs.Add([]string{name}, ErrRegexPattern, err.Error())
+		return false, errs
+	}
+
+	return true, errs
+}
+
+func addGlobOrRegexPatternRule() {
+	binding.AddRule(&binding.Rule{
+		IsMatch: func(rule string) bool {
+			return rule == "GlobOrRegexPattern"
+		},
 		IsValid: func(errs binding.Errors, name string, val interface{}) (bool, binding.Errors) {
-			str := fmt.Sprintf("%v", val)
+			str := strings.TrimSpace(fmt.Sprintf("%v", val))
 
-			if len(str) != 0 {
-				if _, err := glob.Compile(str); err != nil {
-					errs.Add([]string{name}, ErrGlobPattern, err.Error())
-					return false, errs
-				}
+			if len(str) >= 2 && strings.HasPrefix(str, "/") && strings.HasSuffix(str, "/") {
+				return regexPatternValidator(errs, name, str[1:len(str)-1])
 			}
-
-			return true, errs
+			return globPatternValidator(errs, name, val)
 		},
 	})
 }
diff --git a/modules/validation/binding_test.go b/modules/validation/binding_test.go
index e0daba89e5..d3b4e686ae 100644
--- a/modules/validation/binding_test.go
+++ b/modules/validation/binding_test.go
@@ -26,9 +26,10 @@ type (
 	}
 
 	TestForm struct {
-		BranchName  string `form:"BranchName" binding:"GitRefName"`
-		URL         string `form:"ValidUrl" binding:"ValidUrl"`
-		GlobPattern string `form:"GlobPattern" binding:"GlobPattern"`
+		BranchName   string `form:"BranchName" binding:"GitRefName"`
+		URL          string `form:"ValidUrl" binding:"ValidUrl"`
+		GlobPattern  string `form:"GlobPattern" binding:"GlobPattern"`
+		RegexPattern string `form:"RegexPattern" binding:"RegexPattern"`
 	}
 )
 
diff --git a/modules/validation/regex_pattern_test.go b/modules/validation/regex_pattern_test.go
new file mode 100644
index 0000000000..afe1bcf425
--- /dev/null
+++ b/modules/validation/regex_pattern_test.go
@@ -0,0 +1,60 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"regexp"
+	"testing"
+
+	"gitea.com/go-chi/binding"
+)
+
+func getRegexPatternErrorString(pattern string) string {
+	if _, err := regexp.Compile(pattern); err != nil {
+		return err.Error()
+	}
+	return ""
+}
+
+var regexValidationTestCases = []validationTestCase{
+	{
+		description: "Empty regex pattern",
+		data: TestForm{
+			RegexPattern: "",
+		},
+		expectedErrors: binding.Errors{},
+	},
+	{
+		description: "Valid regex",
+		data: TestForm{
+			RegexPattern: `(\d{1,3})+`,
+		},
+		expectedErrors: binding.Errors{},
+	},
+
+	{
+		description: "Invalid regex",
+		data: TestForm{
+			RegexPattern: "[a-",
+		},
+		expectedErrors: binding.Errors{
+			binding.Error{
+				FieldNames:     []string{"RegexPattern"},
+				Classification: ErrRegexPattern,
+				Message:        getRegexPatternErrorString("[a-"),
+			},
+		},
+	},
+}
+
+func Test_RegexPatternValidation(t *testing.T) {
+	AddBindingRules()
+
+	for _, testCase := range regexValidationTestCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			performValidationTest(t, testCase)
+		})
+	}
+}
diff --git a/modules/web/middleware/binding.go b/modules/web/middleware/binding.go
index cd418c9792..cbdb29b812 100644
--- a/modules/web/middleware/binding.go
+++ b/modules/web/middleware/binding.go
@@ -135,6 +135,8 @@ func Validate(errs binding.Errors, data map[string]interface{}, f Form, l transl
 				data["ErrorMsg"] = trName + l.Tr("form.include_error", GetInclude(field))
 			case validation.ErrGlobPattern:
 				data["ErrorMsg"] = trName + l.Tr("form.glob_pattern_error", errs[0].Message)
+			case validation.ErrRegexPattern:
+				data["ErrorMsg"] = trName + l.Tr("form.regex_pattern_error", errs[0].Message)
 			default:
 				data["ErrorMsg"] = l.Tr("form.unknown_error") + " " + errs[0].Classification
 			}