Fixes 4762 - Content API for Creating, Updating, Deleting Files (#6314)

7 files changed, 374 insertions, 142 deletions

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index f5a1fd6d86..8418ab94a1 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -659,7 +659,16 @@ func RegisterRoutes(m *macaron.Macaron) {
 					})
 					m.Get("/refs", repo.GetGitAllRefs)
 					m.Get("/refs/*", repo.GetGitRefs)
-					m.Combo("/trees/:sha", context.RepoRef()).Get(repo.GetTree)
+					m.Get("/trees/:sha", context.RepoRef(), repo.GetTree)
+					m.Get("/blobs/:sha", context.RepoRef(), repo.GetBlob)
+				}, reqRepoReader(models.UnitTypeCode))
+				m.Group("/contents", func() {
+					m.Get("/*", repo.GetFileContents)
+					m.Group("/*", func() {
+						m.Post("", bind(api.CreateFileOptions{}), repo.CreateFile)
+						m.Put("", bind(api.UpdateFileOptions{}), repo.UpdateFile)
+						m.Delete("", bind(api.DeleteFileOptions{}), repo.DeleteFile)
+					}, reqRepoWriter(models.UnitTypeCode), reqToken())
 				}, reqRepoReader(models.UnitTypeCode))
 			}, repoAssignment())
 		})
diff --git a/routers/api/v1/repo/blob.go b/routers/api/v1/repo/blob.go
new file mode 100644
index 0000000000..d6265e16ce
--- /dev/null
+++ b/routers/api/v1/repo/blob.go
@@ -0,0 +1,51 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/repofiles"
+)
+
+// GetBlob get the blob of a repository file.
+func GetBlob(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/git/blobs/{sha} repository GetBlob
+	// ---
+	// summary: Gets the blob of a repository.
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: sha
+	//   in: path
+	//   description: sha of the commit
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/GitBlobResponse"
+
+	sha := ctx.Params("sha")
+	if len(sha) == 0 {
+		ctx.Error(http.StatusBadRequest, "", "sha not provided")
+		return
+	}
+	if blob, err := repofiles.GetBlobBySHA(ctx.Repo.Repository, sha); err != nil {
+		ctx.Error(http.StatusBadRequest, "", err)
+	} else {
+		ctx.JSON(http.StatusOK, blob)
+	}
+}
diff --git a/routers/api/v1/repo/file.go b/routers/api/v1/repo/file.go
index 3ce80d24f0..10108e11c3 100644
--- a/routers/api/v1/repo/file.go
+++ b/routers/api/v1/repo/file.go
@@ -6,10 +6,15 @@
 package repo
 
 import (
+	"encoding/base64"
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/repofiles"
 	"code.gitea.io/gitea/routers/repo"
+	api "code.gitea.io/sdk/gitea"
 )
 
 // GetRawFile get a file by path on a repository
@@ -48,12 +53,12 @@ func GetRawFile(ctx *context.APIContext) {
 		if git.IsErrNotExist(err) {
 			ctx.NotFound()
 		} else {
-			ctx.Error(500, "GetBlobByPath", err)
+			ctx.Error(http.StatusInternalServerError, "GetBlobByPath", err)
 		}
 		return
 	}
 	if err = repo.ServeBlob(ctx.Context, blob); err != nil {
-		ctx.Error(500, "ServeBlob", err)
+		ctx.Error(http.StatusInternalServerError, "ServeBlob", err)
 	}
 }
 
@@ -86,7 +91,7 @@ func GetArchive(ctx *context.APIContext) {
 	repoPath := models.RepoPath(ctx.Params(":username"), ctx.Params(":reponame"))
 	gitRepo, err := git.OpenRepository(repoPath)
 	if err != nil {
-		ctx.Error(500, "OpenRepository", err)
+		ctx.Error(http.StatusInternalServerError, "OpenRepository", err)
 		return
 	}
 	ctx.Repo.GitRepo = gitRepo
@@ -125,7 +130,7 @@ func GetEditorconfig(ctx *context.APIContext) {
 		if git.IsErrNotExist(err) {
 			ctx.NotFound(err)
 		} else {
-			ctx.Error(500, "GetEditorconfig", err)
+			ctx.Error(http.StatusInternalServerError, "GetEditorconfig", err)
 		}
 		return
 	}
@@ -136,5 +141,264 @@ func GetEditorconfig(ctx *context.APIContext) {
 		ctx.NotFound(err)
 		return
 	}
-	ctx.JSON(200, def)
+	ctx.JSON(http.StatusOK, def)
+}
+
+// CanWriteFiles returns true if repository is editable and user has proper access level.
+func CanWriteFiles(r *context.Repository) bool {
+	return r.Permission.CanWrite(models.UnitTypeCode) && !r.Repository.IsMirror && !r.Repository.IsArchived
+}
+
+// CanReadFiles returns true if repository is readable and user has proper access level.
+func CanReadFiles(r *context.Repository) bool {
+	return r.Permission.CanRead(models.UnitTypeCode)
+}
+
+// CreateFile handles API call for creating a file
+func CreateFile(ctx *context.APIContext, apiOpts api.CreateFileOptions) {
+	// swagger:operation POST /repos/{owner}/{repo}/contents/{filepath} repository repoCreateFile
+	// ---
+	// summary: Create a file in a repository
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: filepath
+	//   in: path
+	//   description: path of the file to create
+	//   type: string
+	//   required: true
+	// - name: body
+	//   in: body
+	//   description: "'content' must be base64 encoded\n\n 'author' and 'committer' are optional (if only one is given, it will be used for the other, otherwise the authenticated user will be used)\n\n If 'branch' is not given, default branch will be used\n\n 'sha' is the SHA for the file that already exists\n\n 'new_branch' (optional) will make a new branch from 'branch' before creating the file"
+	//   schema:
+	//     "$ref": "#/definitions/CreateFileOptions"
+	// responses:
+	//   "201":
+	//     "$ref": "#/responses/FileResponse"
+
+	opts := &repofiles.UpdateRepoFileOptions{
+		Content:   apiOpts.Content,
+		IsNewFile: true,
+		Message:   apiOpts.Message,
+		TreePath:  ctx.Params("*"),
+		OldBranch: apiOpts.BranchName,
+		NewBranch: apiOpts.NewBranchName,
+		Committer: &repofiles.IdentityOptions{
+			Name:  apiOpts.Committer.Name,
+			Email: apiOpts.Committer.Email,
+		},
+		Author: &repofiles.IdentityOptions{
+			Name:  apiOpts.Author.Name,
+			Email: apiOpts.Author.Email,
+		},
+	}
+	if fileResponse, err := createOrUpdateFile(ctx, opts); err != nil {
+		ctx.Error(http.StatusInternalServerError, "CreateFile", err)
+	} else {
+		ctx.JSON(http.StatusCreated, fileResponse)
+	}
+}
+
+// UpdateFile handles API call for updating a file
+func UpdateFile(ctx *context.APIContext, apiOpts api.UpdateFileOptions) {
+	// swagger:operation PUT /repos/{owner}/{repo}/contents/{filepath} repository repoUpdateFile
+	// ---
+	// summary: Update a file in a repository
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: filepath
+	//   in: path
+	//   description: path of the file to update
+	//   type: string
+	//   required: true
+	// - name: body
+	//   in: body
+	//   description: "'content' must be base64 encoded\n\n 'sha' is the SHA for the file that already exists\n\n 'author' and 'committer' are optional (if only one is given, it will be used for the other, otherwise the authenticated user will be used)\n\n If 'branch' is not given, default branch will be used\n\n 'new_branch' (optional) will make a new branch from 'branch' before updating the file"
+	//   schema:
+	//     "$ref": "#/definitions/UpdateFileOptions"
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/FileResponse"
+
+	opts := &repofiles.UpdateRepoFileOptions{
+		Content:      apiOpts.Content,
+		SHA:          apiOpts.SHA,
+		IsNewFile:    false,
+		Message:      apiOpts.Message,
+		FromTreePath: apiOpts.FromPath,
+		TreePath:     ctx.Params("*"),
+		OldBranch:    apiOpts.BranchName,
+		NewBranch:    apiOpts.NewBranchName,
+		Committer: &repofiles.IdentityOptions{
+			Name:  apiOpts.Committer.Name,
+			Email: apiOpts.Committer.Email,
+		},
+		Author: &repofiles.IdentityOptions{
+			Name:  apiOpts.Author.Name,
+			Email: apiOpts.Author.Email,
+		},
+	}
+
+	if fileResponse, err := createOrUpdateFile(ctx, opts); err != nil {
+		ctx.Error(http.StatusInternalServerError, "UpdateFile", err)
+	} else {
+		ctx.JSON(http.StatusOK, fileResponse)
+	}
+}
+
+// Called from both CreateFile or UpdateFile to handle both
+func createOrUpdateFile(ctx *context.APIContext, opts *repofiles.UpdateRepoFileOptions) (*api.FileResponse, error) {
+	if !CanWriteFiles(ctx.Repo) {
+		return nil, models.ErrUserDoesNotHaveAccessToRepo{
+			UserID:   ctx.User.ID,
+			RepoName: ctx.Repo.Repository.LowerName,
+		}
+	}
+
+	content, err := base64.StdEncoding.DecodeString(opts.Content)
+	if err != nil {
+		return nil, err
+	}
+	opts.Content = string(content)
+
+	return repofiles.CreateOrUpdateRepoFile(ctx.Repo.Repository, ctx.User, opts)
+}
+
+// DeleteFile Delete a fle in a repository
+func DeleteFile(ctx *context.APIContext, apiOpts api.DeleteFileOptions) {
+	// swagger:operation DELETE /repos/{owner}/{repo}/contents/{filepath} repository repoDeleteFile
+	// ---
+	// summary: Delete a file in a repository
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: filepath
+	//   in: path
+	//   description: path of the file to delete
+	//   type: string
+	//   required: true
+	// - name: body
+	//   in: body
+	//   description: "'sha' is the SHA for the file to be deleted\n\n 'author' and 'committer' are optional (if only one is given, it will be used for the other, otherwise the authenticated user will be used)\n\n If 'branch' is not given, default branch will be used\n\n 'new_branch' (optional) will make a new branch from 'branch' before deleting the file"
+	//   schema:
+	//     "$ref": "#/definitions/DeleteFileOptions"
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/FileDeleteResponse"
+	if !CanWriteFiles(ctx.Repo) {
+		ctx.Error(http.StatusInternalServerError, "DeleteFile", models.ErrUserDoesNotHaveAccessToRepo{
+			UserID:   ctx.User.ID,
+			RepoName: ctx.Repo.Repository.LowerName,
+		})
+		return
+	}
+
+	opts := &repofiles.DeleteRepoFileOptions{
+		Message:   apiOpts.Message,
+		OldBranch: apiOpts.BranchName,
+		NewBranch: apiOpts.NewBranchName,
+		SHA:       apiOpts.SHA,
+		TreePath:  ctx.Params("*"),
+		Committer: &repofiles.IdentityOptions{
+			Name:  apiOpts.Committer.Name,
+			Email: apiOpts.Committer.Email,
+		},
+		Author: &repofiles.IdentityOptions{
+			Name:  apiOpts.Author.Name,
+			Email: apiOpts.Author.Email,
+		},
+	}
+
+	if fileResponse, err := repofiles.DeleteRepoFile(ctx.Repo.Repository, ctx.User, opts); err != nil {
+		ctx.Error(http.StatusInternalServerError, "DeleteFile", err)
+	} else {
+		ctx.JSON(http.StatusOK, fileResponse)
+	}
+}
+
+// GetFileContents Get the contents of a fle in a repository
+func GetFileContents(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/contents/{filepath} repository repoGetFileContents
+	// ---
+	// summary: Gets the contents of a file or directory in a repository
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: filepath
+	//   in: path
+	//   description: path of the file to delete
+	//   type: string
+	//   required: true
+	// - name: ref
+	//   in: query
+	//   description: "The name of the commit/branch/tag. Default the repository’s default branch (usually master)"
+	//   required: false
+	//   type: string
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/FileContentResponse"
+
+	if !CanReadFiles(ctx.Repo) {
+		ctx.Error(http.StatusInternalServerError, "GetFileContents", models.ErrUserDoesNotHaveAccessToRepo{
+			UserID:   ctx.User.ID,
+			RepoName: ctx.Repo.Repository.LowerName,
+		})
+		return
+	}
+
+	treePath := ctx.Params("*")
+	ref := ctx.QueryTrim("ref")
+
+	if fileContents, err := repofiles.GetFileContents(ctx.Repo.Repository, treePath, ref); err != nil {
+		ctx.Error(http.StatusInternalServerError, "GetFileContents", err)
+	} else {
+		ctx.JSON(http.StatusOK, fileContents)
+	}
 }
diff --git a/routers/api/v1/repo/tree.go b/routers/api/v1/repo/tree.go
index 012eba673e..066ca662f8 100644
--- a/routers/api/v1/repo/tree.go
+++ b/routers/api/v1/repo/tree.go
@@ -5,13 +5,8 @@
 package repo
 
 import (
-	"fmt"
-	"strings"
-
 	"code.gitea.io/gitea/modules/context"
-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/sdk/gitea"
+	"code.gitea.io/gitea/modules/repofiles"
 )
 
 // GetTree get the tree of a repository.
@@ -55,92 +50,15 @@ func GetTree(ctx *context.APIContext) {
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/GitTreeResponse"
-	sha := ctx.Params("sha")
+
+	sha := ctx.Params(":sha")
 	if len(sha) == 0 {
 		ctx.Error(400, "", "sha not provided")
 		return
 	}
-	tree := GetTreeBySHA(ctx, sha)
-	if tree != nil {
-		ctx.JSON(200, tree)
-	} else {
-		ctx.Error(400, "", "sha invalid")
-	}
-}
-
-// GetTreeBySHA get the GitTreeResponse of a repository using a sha hash.
-func GetTreeBySHA(ctx *context.APIContext, sha string) *gitea.GitTreeResponse {
-	gitTree, err := ctx.Repo.GitRepo.GetTree(sha)
-	if err != nil || gitTree == nil {
-		return nil
-	}
-	tree := new(gitea.GitTreeResponse)
-	repoID := strings.TrimRight(setting.AppURL, "/") + "/api/v1/repos/" + ctx.Repo.Repository.Owner.Name + "/" + ctx.Repo.Repository.Name
-	tree.SHA = gitTree.ID.String()
-	tree.URL = repoID + "/git/trees/" + tree.SHA
-	var entries git.Entries
-	if ctx.QueryBool("recursive") {
-		entries, err = gitTree.ListEntriesRecursive()
-	} else {
-		entries, err = gitTree.ListEntries()
-	}
-	if err != nil {
-		return tree
-	}
-	repoIDLen := len(repoID)
-
-	// 51 is len(sha1) + len("/git/blobs/"). 40 + 11.
-	blobURL := make([]byte, repoIDLen+51)
-	copy(blobURL[:], repoID)
-	copy(blobURL[repoIDLen:], "/git/blobs/")
-
-	// 51 is len(sha1) + len("/git/trees/"). 40 + 11.
-	treeURL := make([]byte, repoIDLen+51)
-	copy(treeURL[:], repoID)
-	copy(treeURL[repoIDLen:], "/git/trees/")
-
-	// 40 is the size of the sha1 hash in hexadecimal format.
-	copyPos := len(treeURL) - 40
-
-	page := ctx.QueryInt("page")
-	perPage := ctx.QueryInt("per_page")
-	if perPage <= 0 || perPage > setting.API.DefaultGitTreesPerPage {
-		perPage = setting.API.DefaultGitTreesPerPage
-	}
-	if page <= 0 {
-		page = 1
-	}
-	tree.Page = page
-	tree.TotalCount = len(entries)
-	rangeStart := perPage * (page - 1)
-	if rangeStart >= len(entries) {
-		return tree
-	}
-	var rangeEnd int
-	if len(entries) > perPage {
-		tree.Truncated = true
-	}
-	if rangeStart+perPage < len(entries) {
-		rangeEnd = rangeStart + perPage
+	if tree, err := repofiles.GetTreeBySHA(ctx.Repo.Repository, sha, ctx.QueryInt("page"), ctx.QueryInt("per_page"), ctx.QueryBool("recursive")); err != nil {
+		ctx.Error(400, "", err.Error())
 	} else {
-		rangeEnd = len(entries)
-	}
-	tree.Entries = make([]gitea.GitEntry, rangeEnd-rangeStart)
-	for e := rangeStart; e < rangeEnd; e++ {
-		i := e - rangeStart
-		tree.Entries[i].Path = entries[e].Name()
-		tree.Entries[i].Mode = fmt.Sprintf("%06x", entries[e].Mode())
-		tree.Entries[i].Type = string(entries[e].Type)
-		tree.Entries[i].Size = entries[e].Size()
-		tree.Entries[i].SHA = entries[e].ID.String()
-
-		if entries[e].IsDir() {
-			copy(treeURL[copyPos:], entries[e].ID.String())
-			tree.Entries[i].URL = string(treeURL[:])
-		} else {
-			copy(blobURL[copyPos:], entries[e].ID.String())
-			tree.Entries[i].URL = string(blobURL[:])
-		}
+		ctx.JSON(200, tree)
 	}
-	return tree
 }
diff --git a/routers/api/v1/repo/tree_test.go b/routers/api/v1/repo/tree_test.go
deleted file mode 100644
index 708516e979..0000000000
--- a/routers/api/v1/repo/tree_test.go
+++ /dev/null
@@ -1,48 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package repo
-
-import (
-	"github.com/stretchr/testify/assert"
-	"testing"
-
-	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/context"
-	"code.gitea.io/gitea/modules/test"
-	"code.gitea.io/sdk/gitea"
-)
-
-func TestGetTreeBySHA(t *testing.T) {
-	models.PrepareTestEnv(t)
-	sha := "master"
-	ctx := test.MockContext(t, "user2/repo1")
-	ctx.SetParams(":id", "1")
-	ctx.SetParams(":sha", sha)
-	test.LoadRepo(t, ctx, 1)
-	test.LoadRepoCommit(t, ctx)
-	test.LoadUser(t, ctx, 2)
-	test.LoadGitRepo(t, ctx)
-
-	tree := GetTreeBySHA(&context.APIContext{Context: ctx, Org: nil}, ctx.Params("sha"))
-	expectedTree := &gitea.GitTreeResponse{
-		SHA: "65f1bf27bc3bf70f64657658635e66094edbcb4d",
-		URL: "https://try.gitea.io/api/v1/repos/user2/repo1/git/trees/65f1bf27bc3bf70f64657658635e66094edbcb4d",
-		Entries: []gitea.GitEntry{
-			{
-				Path: "README.md",
-				Mode: "100644",
-				Type: "blob",
-				Size: 30,
-				SHA:  "4b4851ad51df6a7d9f25c979345979eaeb5b349f",
-				URL:  "https://try.gitea.io/api/v1/repos/user2/repo1/git/blobs/4b4851ad51df6a7d9f25c979345979eaeb5b349f",
-			},
-		},
-		Truncated:  false,
-		Page:       1,
-		TotalCount: 1,
-	}
-
-	assert.EqualValues(t, tree, expectedTree)
-}
diff --git a/routers/api/v1/swagger/options.go b/routers/api/v1/swagger/options.go
index 038f79005f..83f7cfec8d 100644
--- a/routers/api/v1/swagger/options.go
+++ b/routers/api/v1/swagger/options.go
@@ -97,6 +97,7 @@ type swaggerParameterBodies struct {
 
 	// in:body
 	CreateUserOption api.CreateUserOption
+
 	// in:body
 	EditUserOption api.EditUserOption
 
@@ -105,4 +106,13 @@ type swaggerParameterBodies struct {
 
 	// in:body
 	EditAttachmentOptions api.EditAttachmentOptions
+
+	// in:body
+	CreateFileOptions api.CreateFileOptions
+
+	// in:body
+	UpdateFileOptions api.UpdateFileOptions
+
+	// in:body
+	DeleteFileOptions api.DeleteFileOptions
 }
diff --git a/routers/api/v1/swagger/repo.go b/routers/api/v1/swagger/repo.go
index f671037795..a23e670dac 100644
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@@ -162,9 +162,37 @@ type swaggerGitTreeResponse struct {
 	Body api.GitTreeResponse `json:"body"`
 }
 
+// GitBlobResponse
+// swagger:response GitBlobResponse
+type swaggerGitBlobResponse struct {
+	//in: body
+	Body api.GitBlobResponse `json:"body"`
+}
+
 // Commit
 // swagger:response Commit
 type swaggerCommit struct {
 	//in: body
 	Body api.Commit `json:"body"`
 }
+
+// FileResponse
+// swagger:response FileResponse
+type swaggerFileResponse struct {
+	//in: body
+	Body api.FileResponse `json:"body"`
+}
+
+// FileContentResponse
+// swagger:response FileContentResponse
+type swaggerFileContentResponse struct {
+	//in: body
+	Body api.FileContentResponse `json:"body"`
+}
+
+// FileDeleteResponse
+// swagger:response FileDeleteResponse
+type swaggerFileDeleteResponse struct {
+	//in: body
+	Body api.FileDeleteResponse `json:"body"`
+}