After the moving, all models will not depend on `util.Rename` so that I can do next step refactoring.tags/v1.22.0-rc0
package cmd | package cmd | ||||
import ( | import ( | ||||
asymkey_model "code.gitea.io/gitea/models/asymkey" | |||||
"code.gitea.io/gitea/modules/graceful" | "code.gitea.io/gitea/modules/graceful" | ||||
asymkey_service "code.gitea.io/gitea/services/asymkey" | |||||
repo_service "code.gitea.io/gitea/services/repository" | repo_service "code.gitea.io/gitea/services/repository" | ||||
"github.com/urfave/cli/v2" | "github.com/urfave/cli/v2" | ||||
if err := initDB(ctx); err != nil { | if err := initDB(ctx); err != nil { | ||||
return err | return err | ||||
} | } | ||||
return asymkey_model.RewriteAllPublicKeys(ctx) | |||||
return asymkey_service.RewriteAllPublicKeys(ctx) | |||||
} | } |
"path/filepath" | "path/filepath" | ||||
"strings" | "strings" | ||||
"sync" | "sync" | ||||
"time" | |||||
"code.gitea.io/gitea/models/db" | "code.gitea.io/gitea/models/db" | ||||
"code.gitea.io/gitea/modules/log" | "code.gitea.io/gitea/modules/log" | ||||
var sshOpLocker sync.Mutex | var sshOpLocker sync.Mutex | ||||
func WithSSHOpLocker(f func() error) error { | |||||
sshOpLocker.Lock() | |||||
defer sshOpLocker.Unlock() | |||||
return f() | |||||
} | |||||
// AuthorizedStringForKey creates the authorized keys string appropriate for the provided key | // AuthorizedStringForKey creates the authorized keys string appropriate for the provided key | ||||
func AuthorizedStringForKey(key *PublicKey) string { | func AuthorizedStringForKey(key *PublicKey) string { | ||||
sb := &strings.Builder{} | sb := &strings.Builder{} | ||||
return nil | return nil | ||||
} | } | ||||
// RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again. | |||||
// Note: db.GetEngine(ctx).Iterate does not get latest data after insert/delete, so we have to call this function | |||||
// outside any session scope independently. | |||||
func RewriteAllPublicKeys(ctx context.Context) error { | |||||
// Don't rewrite key if internal server | |||||
if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedKeysFile { | |||||
return nil | |||||
} | |||||
sshOpLocker.Lock() | |||||
defer sshOpLocker.Unlock() | |||||
if setting.SSH.RootPath != "" { | |||||
// First of ensure that the RootPath is present, and if not make it with 0700 permissions | |||||
// This of course doesn't guarantee that this is the right directory for authorized_keys | |||||
// but at least if it's supposed to be this directory and it doesn't exist and we're the | |||||
// right user it will at least be created properly. | |||||
err := os.MkdirAll(setting.SSH.RootPath, 0o700) | |||||
if err != nil { | |||||
log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err) | |||||
return err | |||||
} | |||||
} | |||||
fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys") | |||||
tmpPath := fPath + ".tmp" | |||||
t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600) | |||||
if err != nil { | |||||
return err | |||||
} | |||||
defer func() { | |||||
t.Close() | |||||
if err := util.Remove(tmpPath); err != nil { | |||||
log.Warn("Unable to remove temporary authorized keys file: %s: Error: %v", tmpPath, err) | |||||
} | |||||
}() | |||||
if setting.SSH.AuthorizedKeysBackup { | |||||
isExist, err := util.IsExist(fPath) | |||||
if err != nil { | |||||
log.Error("Unable to check if %s exists. Error: %v", fPath, err) | |||||
return err | |||||
} | |||||
if isExist { | |||||
bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix()) | |||||
if err = util.CopyFile(fPath, bakPath); err != nil { | |||||
return err | |||||
} | |||||
} | |||||
} | |||||
if err := RegeneratePublicKeys(ctx, t); err != nil { | |||||
return err | |||||
} | |||||
t.Close() | |||||
return util.Rename(tmpPath, fPath) | |||||
} | |||||
// RegeneratePublicKeys regenerates the authorized_keys file | // RegeneratePublicKeys regenerates the authorized_keys file | ||||
func RegeneratePublicKeys(ctx context.Context, t io.StringWriter) error { | func RegeneratePublicKeys(ctx context.Context, t io.StringWriter) error { | ||||
if err := db.GetEngine(ctx).Where("type != ?", KeyTypePrincipal).Iterate(new(PublicKey), func(idx int, bean any) (err error) { | if err := db.GetEngine(ctx).Where("type != ?", KeyTypePrincipal).Iterate(new(PublicKey), func(idx int, bean any) (err error) { |
"strings" | "strings" | ||||
"code.gitea.io/gitea/models/db" | "code.gitea.io/gitea/models/db" | ||||
"code.gitea.io/gitea/models/perm" | |||||
user_model "code.gitea.io/gitea/models/user" | user_model "code.gitea.io/gitea/models/user" | ||||
"code.gitea.io/gitea/modules/setting" | "code.gitea.io/gitea/modules/setting" | ||||
"code.gitea.io/gitea/modules/util" | "code.gitea.io/gitea/modules/util" | ||||
) | ) | ||||
// AddPrincipalKey adds new principal to database and authorized_principals file. | |||||
func AddPrincipalKey(ctx context.Context, ownerID int64, content string, authSourceID int64) (*PublicKey, error) { | |||||
dbCtx, committer, err := db.TxContext(ctx) | |||||
if err != nil { | |||||
return nil, err | |||||
} | |||||
defer committer.Close() | |||||
// Principals cannot be duplicated. | |||||
has, err := db.GetEngine(dbCtx). | |||||
Where("content = ? AND type = ?", content, KeyTypePrincipal). | |||||
Get(new(PublicKey)) | |||||
if err != nil { | |||||
return nil, err | |||||
} else if has { | |||||
return nil, ErrKeyAlreadyExist{0, "", content} | |||||
} | |||||
key := &PublicKey{ | |||||
OwnerID: ownerID, | |||||
Name: content, | |||||
Content: content, | |||||
Mode: perm.AccessModeWrite, | |||||
Type: KeyTypePrincipal, | |||||
LoginSourceID: authSourceID, | |||||
} | |||||
if err = db.Insert(dbCtx, key); err != nil { | |||||
return nil, fmt.Errorf("addKey: %w", err) | |||||
} | |||||
if err = committer.Commit(); err != nil { | |||||
return nil, err | |||||
} | |||||
committer.Close() | |||||
return key, RewriteAllPrincipalKeys(ctx) | |||||
} | |||||
// CheckPrincipalKeyString strips spaces and returns an error if the given principal contains newlines | // CheckPrincipalKeyString strips spaces and returns an error if the given principal contains newlines | ||||
func CheckPrincipalKeyString(ctx context.Context, user *user_model.User, content string) (_ string, err error) { | func CheckPrincipalKeyString(ctx context.Context, user *user_model.User, content string) (_ string, err error) { | ||||
if setting.SSH.Disabled { | if setting.SSH.Disabled { |
"runtime" | "runtime" | ||||
"code.gitea.io/gitea/models" | "code.gitea.io/gitea/models" | ||||
asymkey_model "code.gitea.io/gitea/models/asymkey" | |||||
authmodel "code.gitea.io/gitea/models/auth" | authmodel "code.gitea.io/gitea/models/auth" | ||||
"code.gitea.io/gitea/modules/cache" | "code.gitea.io/gitea/modules/cache" | ||||
"code.gitea.io/gitea/modules/eventsource" | "code.gitea.io/gitea/modules/eventsource" | ||||
"code.gitea.io/gitea/routers/private" | "code.gitea.io/gitea/routers/private" | ||||
web_routers "code.gitea.io/gitea/routers/web" | web_routers "code.gitea.io/gitea/routers/web" | ||||
actions_service "code.gitea.io/gitea/services/actions" | actions_service "code.gitea.io/gitea/services/actions" | ||||
asymkey_service "code.gitea.io/gitea/services/asymkey" | |||||
"code.gitea.io/gitea/services/auth" | "code.gitea.io/gitea/services/auth" | ||||
"code.gitea.io/gitea/services/auth/source/oauth2" | "code.gitea.io/gitea/services/auth/source/oauth2" | ||||
"code.gitea.io/gitea/services/automerge" | "code.gitea.io/gitea/services/automerge" | ||||
mustInitCtx(ctx, repo_service.SyncRepositoryHooks) | mustInitCtx(ctx, repo_service.SyncRepositoryHooks) | ||||
log.Info("re-write ssh public keys ...") | log.Info("re-write ssh public keys ...") | ||||
mustInitCtx(ctx, asymkey_model.RewriteAllPublicKeys) | |||||
mustInitCtx(ctx, asymkey_service.RewriteAllPublicKeys) | |||||
return system.AppState.Set(ctx, runtimeState) | return system.AppState.Set(ctx, runtimeState) | ||||
} | } |
ctx.Redirect(setting.AppSubURL + "/user/settings/keys") | ctx.Redirect(setting.AppSubURL + "/user/settings/keys") | ||||
return | return | ||||
} | } | ||||
if _, err = asymkey_model.AddPrincipalKey(ctx, ctx.Doer.ID, content, 0); err != nil { | |||||
if _, err = asymkey_service.AddPrincipalKey(ctx, ctx.Doer.ID, content, 0); err != nil { | |||||
ctx.Data["HasPrincipalError"] = true | ctx.Data["HasPrincipalError"] = true | ||||
switch { | switch { | ||||
case asymkey_model.IsErrKeyAlreadyExist(err), asymkey_model.IsErrKeyNameAlreadyUsed(err): | case asymkey_model.IsErrKeyAlreadyExist(err), asymkey_model.IsErrKeyNameAlreadyUsed(err): |
"context" | "context" | ||||
"code.gitea.io/gitea/models" | "code.gitea.io/gitea/models" | ||||
asymkey_model "code.gitea.io/gitea/models/asymkey" | |||||
"code.gitea.io/gitea/models/db" | "code.gitea.io/gitea/models/db" | ||||
user_model "code.gitea.io/gitea/models/user" | user_model "code.gitea.io/gitea/models/user" | ||||
) | ) | ||||
return err | return err | ||||
} | } | ||||
return asymkey_model.RewriteAllPublicKeys(ctx) | |||||
return RewriteAllPublicKeys(ctx) | |||||
} | } |
committer.Close() | committer.Close() | ||||
if key.Type == asymkey_model.KeyTypePrincipal { | if key.Type == asymkey_model.KeyTypePrincipal { | ||||
return asymkey_model.RewriteAllPrincipalKeys(ctx) | |||||
return RewriteAllPrincipalKeys(ctx) | |||||
} | } | ||||
return asymkey_model.RewriteAllPublicKeys(ctx) | |||||
return RewriteAllPublicKeys(ctx) | |||||
} | } |
// Copyright 2024 The Gitea Authors. All rights reserved. | |||||
// SPDX-License-Identifier: MIT | |||||
package asymkey | |||||
import ( | |||||
"context" | |||||
"fmt" | |||||
"os" | |||||
"path/filepath" | |||||
"time" | |||||
asymkey_model "code.gitea.io/gitea/models/asymkey" | |||||
"code.gitea.io/gitea/modules/log" | |||||
"code.gitea.io/gitea/modules/setting" | |||||
"code.gitea.io/gitea/modules/util" | |||||
) | |||||
// RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again. | |||||
// Note: db.GetEngine(ctx).Iterate does not get latest data after insert/delete, so we have to call this function | |||||
// outside any session scope independently. | |||||
func RewriteAllPublicKeys(ctx context.Context) error { | |||||
// Don't rewrite key if internal server | |||||
if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedKeysFile { | |||||
return nil | |||||
} | |||||
return asymkey_model.WithSSHOpLocker(func() error { | |||||
return rewriteAllPublicKeys(ctx) | |||||
}) | |||||
} | |||||
func rewriteAllPublicKeys(ctx context.Context) error { | |||||
if setting.SSH.RootPath != "" { | |||||
// First of ensure that the RootPath is present, and if not make it with 0700 permissions | |||||
// This of course doesn't guarantee that this is the right directory for authorized_keys | |||||
// but at least if it's supposed to be this directory and it doesn't exist and we're the | |||||
// right user it will at least be created properly. | |||||
err := os.MkdirAll(setting.SSH.RootPath, 0o700) | |||||
if err != nil { | |||||
log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err) | |||||
return err | |||||
} | |||||
} | |||||
fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys") | |||||
tmpPath := fPath + ".tmp" | |||||
t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600) | |||||
if err != nil { | |||||
return err | |||||
} | |||||
defer func() { | |||||
t.Close() | |||||
if err := util.Remove(tmpPath); err != nil { | |||||
log.Warn("Unable to remove temporary authorized keys file: %s: Error: %v", tmpPath, err) | |||||
} | |||||
}() | |||||
if setting.SSH.AuthorizedKeysBackup { | |||||
isExist, err := util.IsExist(fPath) | |||||
if err != nil { | |||||
log.Error("Unable to check if %s exists. Error: %v", fPath, err) | |||||
return err | |||||
} | |||||
if isExist { | |||||
bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix()) | |||||
if err = util.CopyFile(fPath, bakPath); err != nil { | |||||
return err | |||||
} | |||||
} | |||||
} | |||||
if err := asymkey_model.RegeneratePublicKeys(ctx, t); err != nil { | |||||
return err | |||||
} | |||||
t.Close() | |||||
return util.Rename(tmpPath, fPath) | |||||
} |
"strings" | "strings" | ||||
"time" | "time" | ||||
asymkey_model "code.gitea.io/gitea/models/asymkey" | |||||
"code.gitea.io/gitea/models/db" | "code.gitea.io/gitea/models/db" | ||||
"code.gitea.io/gitea/modules/log" | "code.gitea.io/gitea/modules/log" | ||||
"code.gitea.io/gitea/modules/setting" | "code.gitea.io/gitea/modules/setting" | ||||
"code.gitea.io/gitea/modules/util" | "code.gitea.io/gitea/modules/util" | ||||
) | ) | ||||
// _____ __ .__ .__ .___ | |||||
// / _ \ __ ___/ |_| |__ ___________|__|_______ ____ __| _/ | |||||
// / /_\ \| | \ __\ | \ / _ \_ __ \ \___ // __ \ / __ | | |||||
// / | \ | /| | | Y ( <_> ) | \/ |/ /\ ___// /_/ | | |||||
// \____|__ /____/ |__| |___| /\____/|__| |__/_____ \\___ >____ | | |||||
// \/ \/ \/ \/ \/ | |||||
// __________ .__ .__ .__ | |||||
// \______ _______|__| ____ ____ |_____________ | | ______ | |||||
// | ___\_ __ | |/ \_/ ___\| \____ \__ \ | | / ___/ | |||||
// | | | | \| | | \ \___| | |_> / __ \| |__\___ \ | |||||
// |____| |__| |__|___| /\___ |__| __(____ |____/____ > | |||||
// \/ \/ |__| \/ \/ | |||||
// | |||||
// This file contains functions for creating authorized_principals files | // This file contains functions for creating authorized_principals files | ||||
// | // | ||||
// There is a dependence on the database within RewriteAllPrincipalKeys & RegeneratePrincipalKeys | // There is a dependence on the database within RewriteAllPrincipalKeys & RegeneratePrincipalKeys | ||||
// The sshOpLocker is used from ssh_key_authorized_keys.go | // The sshOpLocker is used from ssh_key_authorized_keys.go | ||||
const authorizedPrincipalsFile = "authorized_principals" | |||||
const ( | |||||
authorizedPrincipalsFile = "authorized_principals" | |||||
tplCommentPrefix = `# gitea public key` | |||||
) | |||||
// RewriteAllPrincipalKeys removes any authorized principal and rewrite all keys from database again. | // RewriteAllPrincipalKeys removes any authorized principal and rewrite all keys from database again. | ||||
// Note: db.GetEngine(ctx).Iterate does not get latest data after insert/delete, so we have to call this function | // Note: db.GetEngine(ctx).Iterate does not get latest data after insert/delete, so we have to call this function | ||||
return nil | return nil | ||||
} | } | ||||
sshOpLocker.Lock() | |||||
defer sshOpLocker.Unlock() | |||||
return asymkey_model.WithSSHOpLocker(func() error { | |||||
return rewriteAllPrincipalKeys(ctx) | |||||
}) | |||||
} | |||||
func rewriteAllPrincipalKeys(ctx context.Context) error { | |||||
if setting.SSH.RootPath != "" { | if setting.SSH.RootPath != "" { | ||||
// First of ensure that the RootPath is present, and if not make it with 0700 permissions | // First of ensure that the RootPath is present, and if not make it with 0700 permissions | ||||
// This of course doesn't guarantee that this is the right directory for authorized_keys | // This of course doesn't guarantee that this is the right directory for authorized_keys | ||||
} | } | ||||
func regeneratePrincipalKeys(ctx context.Context, t io.StringWriter) error { | func regeneratePrincipalKeys(ctx context.Context, t io.StringWriter) error { | ||||
if err := db.GetEngine(ctx).Where("type = ?", KeyTypePrincipal).Iterate(new(PublicKey), func(idx int, bean any) (err error) { | |||||
_, err = t.WriteString((bean.(*PublicKey)).AuthorizedString()) | |||||
if err := db.GetEngine(ctx).Where("type = ?", asymkey_model.KeyTypePrincipal).Iterate(new(asymkey_model.PublicKey), func(idx int, bean any) (err error) { | |||||
_, err = t.WriteString((bean.(*asymkey_model.PublicKey)).AuthorizedString()) | |||||
return err | return err | ||||
}); err != nil { | }); err != nil { | ||||
return err | return err |
// Copyright 2024 The Gitea Authors. All rights reserved. | |||||
// SPDX-License-Identifier: MIT | |||||
package asymkey | |||||
import ( | |||||
"context" | |||||
"fmt" | |||||
asymkey_model "code.gitea.io/gitea/models/asymkey" | |||||
"code.gitea.io/gitea/models/db" | |||||
"code.gitea.io/gitea/models/perm" | |||||
) | |||||
// AddPrincipalKey adds new principal to database and authorized_principals file. | |||||
func AddPrincipalKey(ctx context.Context, ownerID int64, content string, authSourceID int64) (*asymkey_model.PublicKey, error) { | |||||
dbCtx, committer, err := db.TxContext(ctx) | |||||
if err != nil { | |||||
return nil, err | |||||
} | |||||
defer committer.Close() | |||||
// Principals cannot be duplicated. | |||||
has, err := db.GetEngine(dbCtx). | |||||
Where("content = ? AND type = ?", content, asymkey_model.KeyTypePrincipal). | |||||
Get(new(asymkey_model.PublicKey)) | |||||
if err != nil { | |||||
return nil, err | |||||
} else if has { | |||||
return nil, asymkey_model.ErrKeyAlreadyExist{ | |||||
Content: content, | |||||
} | |||||
} | |||||
key := &asymkey_model.PublicKey{ | |||||
OwnerID: ownerID, | |||||
Name: content, | |||||
Content: content, | |||||
Mode: perm.AccessModeWrite, | |||||
Type: asymkey_model.KeyTypePrincipal, | |||||
LoginSourceID: authSourceID, | |||||
} | |||||
if err = db.Insert(dbCtx, key); err != nil { | |||||
return nil, fmt.Errorf("addKey: %w", err) | |||||
} | |||||
if err = committer.Commit(); err != nil { | |||||
return nil, err | |||||
} | |||||
committer.Close() | |||||
return key, RewriteAllPrincipalKeys(ctx) | |||||
} |
user_model "code.gitea.io/gitea/models/user" | user_model "code.gitea.io/gitea/models/user" | ||||
auth_module "code.gitea.io/gitea/modules/auth" | auth_module "code.gitea.io/gitea/modules/auth" | ||||
"code.gitea.io/gitea/modules/optional" | "code.gitea.io/gitea/modules/optional" | ||||
asymkey_service "code.gitea.io/gitea/services/asymkey" | |||||
source_service "code.gitea.io/gitea/services/auth/source" | source_service "code.gitea.io/gitea/services/auth/source" | ||||
user_service "code.gitea.io/gitea/services/user" | user_service "code.gitea.io/gitea/services/user" | ||||
) | ) | ||||
if user != nil { | if user != nil { | ||||
if isAttributeSSHPublicKeySet && asymkey_model.SynchronizePublicKeys(ctx, user, source.authSource, sr.SSHPublicKey) { | if isAttributeSSHPublicKeySet && asymkey_model.SynchronizePublicKeys(ctx, user, source.authSource, sr.SSHPublicKey) { | ||||
if err := asymkey_model.RewriteAllPublicKeys(ctx); err != nil { | |||||
if err := asymkey_service.RewriteAllPublicKeys(ctx); err != nil { | |||||
return user, err | return user, err | ||||
} | } | ||||
} | } | ||||
} | } | ||||
if isAttributeSSHPublicKeySet && asymkey_model.AddPublicKeysBySource(ctx, user, source.authSource, sr.SSHPublicKey) { | if isAttributeSSHPublicKeySet && asymkey_model.AddPublicKeysBySource(ctx, user, source.authSource, sr.SSHPublicKey) { | ||||
if err := asymkey_model.RewriteAllPublicKeys(ctx); err != nil { | |||||
if err := asymkey_service.RewriteAllPublicKeys(ctx); err != nil { | |||||
return user, err | return user, err | ||||
} | } | ||||
} | } |
"code.gitea.io/gitea/modules/container" | "code.gitea.io/gitea/modules/container" | ||||
"code.gitea.io/gitea/modules/log" | "code.gitea.io/gitea/modules/log" | ||||
"code.gitea.io/gitea/modules/optional" | "code.gitea.io/gitea/modules/optional" | ||||
asymkey_service "code.gitea.io/gitea/services/asymkey" | |||||
source_service "code.gitea.io/gitea/services/auth/source" | source_service "code.gitea.io/gitea/services/auth/source" | ||||
user_service "code.gitea.io/gitea/services/user" | user_service "code.gitea.io/gitea/services/user" | ||||
) | ) | ||||
log.Warn("SyncExternalUsers: Cancelled at update of %s before completed update of users", source.authSource.Name) | log.Warn("SyncExternalUsers: Cancelled at update of %s before completed update of users", source.authSource.Name) | ||||
// Rewrite authorized_keys file if LDAP Public SSH Key attribute is set and any key was added or removed | // Rewrite authorized_keys file if LDAP Public SSH Key attribute is set and any key was added or removed | ||||
if sshKeysNeedUpdate { | if sshKeysNeedUpdate { | ||||
err = asymkey_model.RewriteAllPublicKeys(ctx) | |||||
err = asymkey_service.RewriteAllPublicKeys(ctx) | |||||
if err != nil { | if err != nil { | ||||
log.Error("RewriteAllPublicKeys: %v", err) | log.Error("RewriteAllPublicKeys: %v", err) | ||||
} | } | ||||
// Rewrite authorized_keys file if LDAP Public SSH Key attribute is set and any key was added or removed | // Rewrite authorized_keys file if LDAP Public SSH Key attribute is set and any key was added or removed | ||||
if sshKeysNeedUpdate { | if sshKeysNeedUpdate { | ||||
err = asymkey_model.RewriteAllPublicKeys(ctx) | |||||
err = asymkey_service.RewriteAllPublicKeys(ctx) | |||||
if err != nil { | if err != nil { | ||||
log.Error("RewriteAllPublicKeys: %v", err) | log.Error("RewriteAllPublicKeys: %v", err) | ||||
} | } |
"time" | "time" | ||||
activities_model "code.gitea.io/gitea/models/activities" | activities_model "code.gitea.io/gitea/models/activities" | ||||
asymkey_model "code.gitea.io/gitea/models/asymkey" | |||||
"code.gitea.io/gitea/models/system" | "code.gitea.io/gitea/models/system" | ||||
user_model "code.gitea.io/gitea/models/user" | user_model "code.gitea.io/gitea/models/user" | ||||
"code.gitea.io/gitea/modules/git" | "code.gitea.io/gitea/modules/git" | ||||
issue_indexer "code.gitea.io/gitea/modules/indexer/issues" | issue_indexer "code.gitea.io/gitea/modules/indexer/issues" | ||||
"code.gitea.io/gitea/modules/setting" | "code.gitea.io/gitea/modules/setting" | ||||
"code.gitea.io/gitea/modules/updatechecker" | "code.gitea.io/gitea/modules/updatechecker" | ||||
asymkey_service "code.gitea.io/gitea/services/asymkey" | |||||
repo_service "code.gitea.io/gitea/services/repository" | repo_service "code.gitea.io/gitea/services/repository" | ||||
archiver_service "code.gitea.io/gitea/services/repository/archiver" | archiver_service "code.gitea.io/gitea/services/repository/archiver" | ||||
user_service "code.gitea.io/gitea/services/user" | user_service "code.gitea.io/gitea/services/user" | ||||
RunAtStart: false, | RunAtStart: false, | ||||
Schedule: "@every 72h", | Schedule: "@every 72h", | ||||
}, func(ctx context.Context, _ *user_model.User, _ Config) error { | }, func(ctx context.Context, _ *user_model.User, _ Config) error { | ||||
return asymkey_model.RewriteAllPublicKeys(ctx) | |||||
return asymkey_service.RewriteAllPublicKeys(ctx) | |||||
}) | }) | ||||
} | } | ||||
RunAtStart: false, | RunAtStart: false, | ||||
Schedule: "@every 72h", | Schedule: "@every 72h", | ||||
}, func(ctx context.Context, _ *user_model.User, _ Config) error { | }, func(ctx context.Context, _ *user_model.User, _ Config) error { | ||||
return asymkey_model.RewriteAllPrincipalKeys(ctx) | |||||
return asymkey_service.RewriteAllPrincipalKeys(ctx) | |||||
}) | }) | ||||
} | } | ||||
"code.gitea.io/gitea/modules/container" | "code.gitea.io/gitea/modules/container" | ||||
"code.gitea.io/gitea/modules/log" | "code.gitea.io/gitea/modules/log" | ||||
"code.gitea.io/gitea/modules/setting" | "code.gitea.io/gitea/modules/setting" | ||||
asymkey_service "code.gitea.io/gitea/services/asymkey" | |||||
) | ) | ||||
const tplCommentPrefix = `# gitea public key` | const tplCommentPrefix = `# gitea public key` | ||||
return fmt.Errorf("Unable to open authorized_keys file. ERROR: %w", err) | return fmt.Errorf("Unable to open authorized_keys file. ERROR: %w", err) | ||||
} | } | ||||
logger.Warn("Unable to open authorized_keys. (ERROR: %v). Attempting to rewrite...", err) | logger.Warn("Unable to open authorized_keys. (ERROR: %v). Attempting to rewrite...", err) | ||||
if err = asymkey_model.RewriteAllPublicKeys(ctx); err != nil { | |||||
if err = asymkey_service.RewriteAllPublicKeys(ctx); err != nil { | |||||
logger.Critical("Unable to rewrite authorized_keys file. ERROR: %v", err) | logger.Critical("Unable to rewrite authorized_keys file. ERROR: %v", err) | ||||
return fmt.Errorf("Unable to rewrite authorized_keys file. ERROR: %w", err) | return fmt.Errorf("Unable to rewrite authorized_keys file. ERROR: %w", err) | ||||
} | } | ||||
return fmt.Errorf(`authorized_keys is out of date and should be regenerated with "gitea admin regenerate keys" or "gitea doctor --run authorized-keys --fix"`) | return fmt.Errorf(`authorized_keys is out of date and should be regenerated with "gitea admin regenerate keys" or "gitea doctor --run authorized-keys --fix"`) | ||||
} | } | ||||
logger.Warn("authorized_keys is out of date. Attempting rewrite...") | logger.Warn("authorized_keys is out of date. Attempting rewrite...") | ||||
err = asymkey_model.RewriteAllPublicKeys(ctx) | |||||
err = asymkey_service.RewriteAllPublicKeys(ctx) | |||||
if err != nil { | if err != nil { | ||||
logger.Critical("Unable to rewrite authorized_keys file. ERROR: %v", err) | logger.Critical("Unable to rewrite authorized_keys file. ERROR: %v", err) | ||||
return fmt.Errorf("Unable to rewrite authorized_keys file. ERROR: %w", err) | return fmt.Errorf("Unable to rewrite authorized_keys file. ERROR: %w", err) |
"code.gitea.io/gitea/modules/lfs" | "code.gitea.io/gitea/modules/lfs" | ||||
"code.gitea.io/gitea/modules/log" | "code.gitea.io/gitea/modules/log" | ||||
"code.gitea.io/gitea/modules/storage" | "code.gitea.io/gitea/modules/storage" | ||||
asymkey_service "code.gitea.io/gitea/services/asymkey" | |||||
"xorm.io/builder" | "xorm.io/builder" | ||||
) | ) | ||||
committer.Close() | committer.Close() | ||||
if needRewriteKeysFile { | if needRewriteKeysFile { | ||||
if err := asymkey_model.RewriteAllPublicKeys(ctx); err != nil { | |||||
if err := asymkey_service.RewriteAllPublicKeys(ctx); err != nil { | |||||
log.Error("RewriteAllPublicKeys failed: %v", err) | log.Error("RewriteAllPublicKeys failed: %v", err) | ||||
} | } | ||||
} | } |
"time" | "time" | ||||
"code.gitea.io/gitea/models" | "code.gitea.io/gitea/models" | ||||
asymkey_model "code.gitea.io/gitea/models/asymkey" | |||||
"code.gitea.io/gitea/models/db" | "code.gitea.io/gitea/models/db" | ||||
"code.gitea.io/gitea/models/organization" | "code.gitea.io/gitea/models/organization" | ||||
packages_model "code.gitea.io/gitea/models/packages" | packages_model "code.gitea.io/gitea/models/packages" | ||||
"code.gitea.io/gitea/modules/storage" | "code.gitea.io/gitea/modules/storage" | ||||
"code.gitea.io/gitea/modules/util" | "code.gitea.io/gitea/modules/util" | ||||
"code.gitea.io/gitea/services/agit" | "code.gitea.io/gitea/services/agit" | ||||
asymkey_service "code.gitea.io/gitea/services/asymkey" | |||||
org_service "code.gitea.io/gitea/services/org" | org_service "code.gitea.io/gitea/services/org" | ||||
"code.gitea.io/gitea/services/packages" | "code.gitea.io/gitea/services/packages" | ||||
container_service "code.gitea.io/gitea/services/packages/container" | container_service "code.gitea.io/gitea/services/packages/container" | ||||
} | } | ||||
committer.Close() | committer.Close() | ||||
if err = asymkey_model.RewriteAllPublicKeys(ctx); err != nil { | |||||
if err = asymkey_service.RewriteAllPublicKeys(ctx); err != nil { | |||||
return err | return err | ||||
} | } | ||||
if err = asymkey_model.RewriteAllPrincipalKeys(ctx); err != nil { | |||||
if err = asymkey_service.RewriteAllPrincipalKeys(ctx); err != nil { | |||||
return err | return err | ||||
} | } | ||||