mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7114 Commits
17 Branches
Tree: 01bbf5ea69
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '01bbf5ea69'
${ noResults }
gitea/routers/api/v1/api.go

api.go 22KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713 
  1. // Copyright 2015 The Gogs Authors. All rights reserved.

  2. // Copyright 2016 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. // Package v1 Gitea API.

  7. //

  8. // This documentation describes the Gitea API.

  9. //

  10. //     Schemes: http, https

  11. //     BasePath: /api/v1

  12. //     Version: 1.1.1

  13. //     License: MIT http://opensource.org/licenses/MIT

  14. //

  15. //     Consumes:

  16. //     - application/json

  17. //     - text/plain

  18. //

  19. //     Produces:

  20. //     - application/json

  21. //     - text/html

  22. //

  23. //     Security:

  24. //     - BasicAuth :

  25. //     - Token :

  26. //     - AccessToken :

  27. //     - AuthorizationHeaderToken :

  28. //     - SudoParam :

  29. //     - SudoHeader :

  30. //

  31. //     SecurityDefinitions:

  32. //     BasicAuth:

  33. //          type: basic

  34. //     Token:

  35. //          type: apiKey

  36. //          name: token

  37. //          in: query

  38. //     AccessToken:

  39. //          type: apiKey

  40. //          name: access_token

  41. //          in: query

  42. //     AuthorizationHeaderToken:

  43. //          type: apiKey

  44. //          name: Authorization

  45. //          in: header

  46. //     SudoParam:

  47. //          type: apiKey

  48. //          name: sudo

  49. //          in: query

  50. //          description: Sudo API request as the user provided as the key. Admin privileges are required.

  51. //     SudoHeader:

  52. //          type: apiKey

  53. //          name: Sudo

  54. //          in: header

  55. //          description: Sudo API request as the user provided as the key. Admin privileges are required.

  56. //

  57. // swagger:meta

  58. package v1

  59. 

  60. import (

  61. 	"strings"

  62. 

  63. 	"code.gitea.io/gitea/models"

  64. 	"code.gitea.io/gitea/modules/auth"

  65. 	"code.gitea.io/gitea/modules/context"

  66. 	"code.gitea.io/gitea/modules/log"

  67. 	"code.gitea.io/gitea/modules/setting"

  68. 	"code.gitea.io/gitea/routers/api/v1/admin"

  69. 	"code.gitea.io/gitea/routers/api/v1/misc"

  70. 	"code.gitea.io/gitea/routers/api/v1/org"

  71. 	"code.gitea.io/gitea/routers/api/v1/repo"

  72. 	_ "code.gitea.io/gitea/routers/api/v1/swagger" // for swagger generation

  73. 	"code.gitea.io/gitea/routers/api/v1/user"

  74. 	api "code.gitea.io/sdk/gitea"

  75. 

  76. 	"github.com/go-macaron/binding"

  77. 	macaron "gopkg.in/macaron.v1"

  78. )

  79. 

  80. func sudo() macaron.Handler {

  81. 	return func(ctx *context.APIContext) {

  82. 		sudo := ctx.Query("sudo")

  83. 		if len(sudo) == 0 {

  84. 			sudo = ctx.Req.Header.Get("Sudo")

  85. 		}

  86. 

  87. 		if len(sudo) > 0 {

  88. 			if ctx.IsSigned && ctx.User.IsAdmin {

  89. 				user, err := models.GetUserByName(sudo)

  90. 				if err != nil {

  91. 					if models.IsErrUserNotExist(err) {

  92. 						ctx.Status(404)

  93. 					} else {

  94. 						ctx.Error(500, "GetUserByName", err)

  95. 					}

  96. 					return

  97. 				}

  98. 				log.Trace("Sudo from (%s) to: %s", ctx.User.Name, user.Name)

  99. 				ctx.User = user

  100. 			} else {

  101. 				ctx.JSON(403, map[string]string{

  102. 					"message": "Only administrators allowed to sudo.",

  103. 				})

  104. 				return

  105. 			}

  106. 		}

  107. 	}

  108. }

  109. 

  110. func repoAssignment() macaron.Handler {

  111. 	return func(ctx *context.APIContext) {

  112. 		userName := ctx.Params(":username")

  113. 		repoName := ctx.Params(":reponame")

  114. 

  115. 		var (

  116. 			owner *models.User

  117. 			err   error

  118. 		)

  119. 

  120. 		// Check if the user is the same as the repository owner.

  121. 		if ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) {

  122. 			owner = ctx.User

  123. 		} else {

  124. 			owner, err = models.GetUserByName(userName)

  125. 			if err != nil {

  126. 				if models.IsErrUserNotExist(err) {

  127. 					ctx.Status(404)

  128. 				} else {

  129. 					ctx.Error(500, "GetUserByName", err)

  130. 				}

  131. 				return

  132. 			}

  133. 		}

  134. 		ctx.Repo.Owner = owner

  135. 

  136. 		// Get repository.

  137. 		repo, err := models.GetRepositoryByName(owner.ID, repoName)

  138. 		if err != nil {

  139. 			if models.IsErrRepoNotExist(err) {

  140. 				redirectRepoID, err := models.LookupRepoRedirect(owner.ID, repoName)

  141. 				if err == nil {

  142. 					context.RedirectToRepo(ctx.Context, redirectRepoID)

  143. 				} else if models.IsErrRepoRedirectNotExist(err) {

  144. 					ctx.Status(404)

  145. 				} else {

  146. 					ctx.Error(500, "LookupRepoRedirect", err)

  147. 				}

  148. 			} else {

  149. 				ctx.Error(500, "GetRepositoryByName", err)

  150. 			}

  151. 			return

  152. 		}

  153. 		repo.Owner = owner

  154. 		ctx.Repo.Repository = repo

  155. 

  156. 		ctx.Repo.Permission, err = models.GetUserRepoPermission(repo, ctx.User)

  157. 		if err != nil {

  158. 			ctx.Error(500, "GetUserRepoPermission", err)

  159. 			return

  160. 		}

  161. 

  162. 		if !ctx.Repo.HasAccess() {

  163. 			ctx.Status(404)

  164. 			return

  165. 		}

  166. 	}

  167. }

  168. 

  169. // Contexter middleware already checks token for user sign in process.

  170. func reqToken() macaron.Handler {

  171. 	return func(ctx *context.APIContext) {

  172. 		if true == ctx.Data["IsApiToken"] {

  173. 			return

  174. 		}

  175. 		if ctx.IsSigned {

  176. 			ctx.RequireCSRF()

  177. 			return

  178. 		}

  179. 		ctx.Context.Error(401)

  180. 	}

  181. }

  182. 

  183. func reqBasicAuth() macaron.Handler {

  184. 	return func(ctx *context.Context) {

  185. 		if !ctx.IsBasicAuth {

  186. 			ctx.Error(401)

  187. 			return

  188. 		}

  189. 	}

  190. }

  191. 

  192. // reqSiteAdmin user should be the site admin

  193. func reqSiteAdmin() macaron.Handler {

  194. 	return func(ctx *context.Context) {

  195. 		if !ctx.IsSigned || !ctx.User.IsAdmin {

  196. 			ctx.Error(403)

  197. 			return

  198. 		}

  199. 	}

  200. }

  201. 

  202. // reqOwner user should be the owner of the repo.

  203. func reqOwner() macaron.Handler {

  204. 	return func(ctx *context.Context) {

  205. 		if !ctx.Repo.IsOwner() {

  206. 			ctx.Error(403)

  207. 			return

  208. 		}

  209. 	}

  210. }

  211. 

  212. // reqAdmin user should be an owner or a collaborator with admin write of a repository

  213. func reqAdmin() macaron.Handler {

  214. 	return func(ctx *context.Context) {

  215. 		if !ctx.Repo.IsAdmin() {

  216. 			ctx.Error(403)

  217. 			return

  218. 		}

  219. 	}

  220. }

  221. 

  222. func reqRepoReader(unitType models.UnitType) macaron.Handler {

  223. 	return func(ctx *context.Context) {

  224. 		if !ctx.Repo.CanRead(unitType) {

  225. 			ctx.Error(403)

  226. 			return

  227. 		}

  228. 	}

  229. }

  230. 

  231. func reqAnyRepoReader() macaron.Handler {

  232. 	return func(ctx *context.Context) {

  233. 		if !ctx.Repo.HasAccess() {

  234. 			ctx.Error(403)

  235. 			return

  236. 		}

  237. 	}

  238. }

  239. 

  240. func reqRepoWriter(unitTypes ...models.UnitType) macaron.Handler {

  241. 	return func(ctx *context.Context) {

  242. 		for _, unitType := range unitTypes {

  243. 			if ctx.Repo.CanWrite(unitType) {

  244. 				return

  245. 			}

  246. 		}

  247. 

  248. 		ctx.Error(403)

  249. 	}

  250. }

  251. 

  252. func reqOrgMembership() macaron.Handler {

  253. 	return func(ctx *context.APIContext) {

  254. 		var orgID int64

  255. 		if ctx.Org.Organization != nil {

  256. 			orgID = ctx.Org.Organization.ID

  257. 		} else if ctx.Org.Team != nil {

  258. 			orgID = ctx.Org.Team.OrgID

  259. 		} else {

  260. 			ctx.Error(500, "", "reqOrgMembership: unprepared context")

  261. 			return

  262. 		}

  263. 

  264. 		if isMember, err := models.IsOrganizationMember(orgID, ctx.User.ID); err != nil {

  265. 			ctx.Error(500, "IsOrganizationMember", err)

  266. 			return

  267. 		} else if !isMember {

  268. 			if ctx.Org.Organization != nil {

  269. 				ctx.Error(403, "", "Must be an organization member")

  270. 			} else {

  271. 				ctx.Status(404)

  272. 			}

  273. 			return

  274. 		}

  275. 	}

  276. }

  277. 

  278. func reqOrgOwnership() macaron.Handler {

  279. 	return func(ctx *context.APIContext) {

  280. 		var orgID int64

  281. 		if ctx.Org.Organization != nil {

  282. 			orgID = ctx.Org.Organization.ID

  283. 		} else if ctx.Org.Team != nil {

  284. 			orgID = ctx.Org.Team.OrgID

  285. 		} else {

  286. 			ctx.Error(500, "", "reqOrgOwnership: unprepared context")

  287. 			return

  288. 		}

  289. 

  290. 		isOwner, err := models.IsOrganizationOwner(orgID, ctx.User.ID)

  291. 		if err != nil {

  292. 			ctx.Error(500, "IsOrganizationOwner", err)

  293. 		} else if !isOwner {

  294. 			if ctx.Org.Organization != nil {

  295. 				ctx.Error(403, "", "Must be an organization owner")

  296. 			} else {

  297. 				ctx.Status(404)

  298. 			}

  299. 			return

  300. 		}

  301. 	}

  302. }

  303. 

  304. func orgAssignment(args ...bool) macaron.Handler {

  305. 	var (

  306. 		assignOrg  bool

  307. 		assignTeam bool

  308. 	)

  309. 	if len(args) > 0 {

  310. 		assignOrg = args[0]

  311. 	}

  312. 	if len(args) > 1 {

  313. 		assignTeam = args[1]

  314. 	}

  315. 	return func(ctx *context.APIContext) {

  316. 		ctx.Org = new(context.APIOrganization)

  317. 

  318. 		var err error

  319. 		if assignOrg {

  320. 			ctx.Org.Organization, err = models.GetOrgByName(ctx.Params(":orgname"))

  321. 			if err != nil {

  322. 				if models.IsErrOrgNotExist(err) {

  323. 					ctx.Status(404)

  324. 				} else {

  325. 					ctx.Error(500, "GetOrgByName", err)

  326. 				}

  327. 				return

  328. 			}

  329. 		}

  330. 

  331. 		if assignTeam {

  332. 			ctx.Org.Team, err = models.GetTeamByID(ctx.ParamsInt64(":teamid"))

  333. 			if err != nil {

  334. 				if models.IsErrUserNotExist(err) {

  335. 					ctx.Status(404)

  336. 				} else {

  337. 					ctx.Error(500, "GetTeamById", err)

  338. 				}

  339. 				return

  340. 			}

  341. 		}

  342. 	}

  343. }

  344. 

  345. func mustEnableIssues(ctx *context.APIContext) {

  346. 	if !ctx.Repo.CanRead(models.UnitTypeIssues) {

  347. 		ctx.Status(404)

  348. 		return

  349. 	}

  350. }

  351. 

  352. func mustAllowPulls(ctx *context.Context) {

  353. 	if !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(models.UnitTypePullRequests)) {

  354. 		ctx.Status(404)

  355. 		return

  356. 	}

  357. }

  358. 

  359. func mustEnableIssuesOrPulls(ctx *context.Context) {

  360. 	if !ctx.Repo.CanRead(models.UnitTypeIssues) &&

  361. 		!(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(models.UnitTypePullRequests)) {

  362. 		ctx.Status(404)

  363. 		return

  364. 	}

  365. }

  366. 

  367. func mustEnableUserHeatmap(ctx *context.Context) {

  368. 	if !setting.Service.EnableUserHeatmap {

  369. 		ctx.Status(404)

  370. 		return

  371. 	}

  372. }

  373. 

  374. func mustNotBeArchived(ctx *context.Context) {

  375. 	if ctx.Repo.Repository.IsArchived {

  376. 		ctx.Status(404)

  377. 		return

  378. 	}

  379. }

  380. 

  381. // RegisterRoutes registers all v1 APIs routes to web application.

  382. // FIXME: custom form error response

  383. func RegisterRoutes(m *macaron.Macaron) {

  384. 	bind := binding.Bind

  385. 

  386. 	if setting.API.EnableSwagger {

  387. 		m.Get("/swagger", misc.Swagger) //Render V1 by default

  388. 	}

  389. 

  390. 	m.Group("/v1", func() {

  391. 		// Miscellaneous

  392. 		if setting.API.EnableSwagger {

  393. 			m.Get("/swagger", misc.Swagger)

  394. 		}

  395. 		m.Get("/version", misc.Version)

  396. 		m.Post("/markdown", bind(api.MarkdownOption{}), misc.Markdown)

  397. 		m.Post("/markdown/raw", misc.MarkdownRaw)

  398. 

  399. 		// Users

  400. 		m.Group("/users", func() {

  401. 			m.Get("/search", user.Search)

  402. 

  403. 			m.Group("/:username", func() {

  404. 				m.Get("", user.GetInfo)

  405. 				m.Get("/heatmap", mustEnableUserHeatmap, user.GetUserHeatmapData)

  406. 

  407. 				m.Get("/repos", user.ListUserRepos)

  408. 				m.Group("/tokens", func() {

  409. 					m.Combo("").Get(user.ListAccessTokens).

  410. 						Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)

  411. 					m.Combo("/:id").Delete(user.DeleteAccessToken)

  412. 				}, reqBasicAuth())

  413. 			})

  414. 		})

  415. 

  416. 		m.Group("/users", func() {

  417. 			m.Group("/:username", func() {

  418. 				m.Get("/keys", user.ListPublicKeys)

  419. 				m.Get("/gpg_keys", user.ListGPGKeys)

  420. 

  421. 				m.Get("/followers", user.ListFollowers)

  422. 				m.Group("/following", func() {

  423. 					m.Get("", user.ListFollowing)

  424. 					m.Get("/:target", user.CheckFollowing)

  425. 				})

  426. 

  427. 				m.Get("/starred", user.GetStarredRepos)

  428. 

  429. 				m.Get("/subscriptions", user.GetWatchedRepos)

  430. 			})

  431. 		}, reqToken())

  432. 

  433. 		m.Group("/user", func() {

  434. 			m.Get("", user.GetAuthenticatedUser)

  435. 			m.Combo("/emails").Get(user.ListEmails).

  436. 				Post(bind(api.CreateEmailOption{}), user.AddEmail).

  437. 				Delete(bind(api.DeleteEmailOption{}), user.DeleteEmail)

  438. 

  439. 			m.Get("/followers", user.ListMyFollowers)

  440. 			m.Group("/following", func() {

  441. 				m.Get("", user.ListMyFollowing)

  442. 				m.Combo("/:username").Get(user.CheckMyFollowing).Put(user.Follow).Delete(user.Unfollow)

  443. 			})

  444. 

  445. 			m.Group("/keys", func() {

  446. 				m.Combo("").Get(user.ListMyPublicKeys).

  447. 					Post(bind(api.CreateKeyOption{}), user.CreatePublicKey)

  448. 				m.Combo("/:id").Get(user.GetPublicKey).

  449. 					Delete(user.DeletePublicKey)

  450. 			})

  451. 

  452. 			m.Group("/gpg_keys", func() {

  453. 				m.Combo("").Get(user.ListMyGPGKeys).

  454. 					Post(bind(api.CreateGPGKeyOption{}), user.CreateGPGKey)

  455. 				m.Combo("/:id").Get(user.GetGPGKey).

  456. 					Delete(user.DeleteGPGKey)

  457. 			})

  458. 

  459. 			m.Combo("/repos").Get(user.ListMyRepos).

  460. 				Post(bind(api.CreateRepoOption{}), repo.Create)

  461. 

  462. 			m.Group("/starred", func() {

  463. 				m.Get("", user.GetMyStarredRepos)

  464. 				m.Group("/:username/:reponame", func() {

  465. 					m.Get("", user.IsStarring)

  466. 					m.Put("", user.Star)

  467. 					m.Delete("", user.Unstar)

  468. 				}, repoAssignment())

  469. 			})

  470. 			m.Get("/times", repo.ListMyTrackedTimes)

  471. 

  472. 			m.Get("/subscriptions", user.GetMyWatchedRepos)

  473. 

  474. 			m.Get("/teams", org.ListUserTeams)

  475. 		}, reqToken())

  476. 

  477. 		// Repositories

  478. 		m.Post("/org/:org/repos", reqToken(), bind(api.CreateRepoOption{}), repo.CreateOrgRepo)

  479. 

  480. 		m.Group("/repos", func() {

  481. 			m.Get("/search", repo.Search)

  482. 		})

  483. 

  484. 		m.Combo("/repositories/:id", reqToken()).Get(repo.GetByID)

  485. 

  486. 		m.Group("/repos", func() {

  487. 			m.Post("/migrate", reqToken(), bind(auth.MigrateRepoForm{}), repo.Migrate)

  488. 

  489. 			m.Group("/:username/:reponame", func() {

  490. 				m.Combo("").Get(reqAnyRepoReader(), repo.Get).

  491. 					Delete(reqToken(), reqOwner(), repo.Delete)

  492. 				m.Group("/hooks", func() {

  493. 					m.Combo("").Get(repo.ListHooks).

  494. 						Post(bind(api.CreateHookOption{}), repo.CreateHook)

  495. 					m.Group("/:id", func() {

  496. 						m.Combo("").Get(repo.GetHook).

  497. 							Patch(bind(api.EditHookOption{}), repo.EditHook).

  498. 							Delete(repo.DeleteHook)

  499. 						m.Post("/tests", context.RepoRef(), repo.TestHook)

  500. 					})

  501. 				}, reqToken(), reqAdmin())

  502. 				m.Group("/collaborators", func() {

  503. 					m.Get("", repo.ListCollaborators)

  504. 					m.Combo("/:collaborator").Get(repo.IsCollaborator).

  505. 						Put(bind(api.AddCollaboratorOption{}), repo.AddCollaborator).

  506. 						Delete(repo.DeleteCollaborator)

  507. 				}, reqToken(), reqAdmin())

  508. 				m.Get("/raw/*", context.RepoRefByType(context.RepoRefAny), reqRepoReader(models.UnitTypeCode), repo.GetRawFile)

  509. 				m.Get("/archive/*", reqRepoReader(models.UnitTypeCode), repo.GetArchive)

  510. 				m.Combo("/forks").Get(repo.ListForks).

  511. 					Post(reqToken(), reqRepoReader(models.UnitTypeCode), bind(api.CreateForkOption{}), repo.CreateFork)

  512. 				m.Group("/branches", func() {

  513. 					m.Get("", repo.ListBranches)

  514. 					m.Get("/*", context.RepoRefByType(context.RepoRefBranch), repo.GetBranch)

  515. 				}, reqRepoReader(models.UnitTypeCode))

  516. 				m.Group("/tags", func() {

  517. 					m.Get("", repo.ListTags)

  518. 				}, reqRepoReader(models.UnitTypeCode))

  519. 				m.Group("/keys", func() {

  520. 					m.Combo("").Get(repo.ListDeployKeys).

  521. 						Post(bind(api.CreateKeyOption{}), repo.CreateDeployKey)

  522. 					m.Combo("/:id").Get(repo.GetDeployKey).

  523. 						Delete(repo.DeleteDeploykey)

  524. 				}, reqToken(), reqAdmin())

  525. 				m.Group("/times", func() {

  526. 					m.Combo("").Get(repo.ListTrackedTimesByRepository)

  527. 					m.Combo("/:timetrackingusername").Get(repo.ListTrackedTimesByUser)

  528. 				}, mustEnableIssues)

  529. 				m.Group("/issues", func() {

  530. 					m.Combo("").Get(repo.ListIssues).

  531. 						Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueOption{}), repo.CreateIssue)

  532. 					m.Group("/comments", func() {

  533. 						m.Get("", repo.ListRepoIssueComments)

  534. 						m.Combo("/:id", reqToken()).

  535. 							Patch(mustNotBeArchived, bind(api.EditIssueCommentOption{}), repo.EditIssueComment).

  536. 							Delete(repo.DeleteIssueComment)

  537. 					})

  538. 					m.Group("/:index", func() {

  539. 						m.Combo("").Get(repo.GetIssue).

  540. 							Patch(reqToken(), bind(api.EditIssueOption{}), repo.EditIssue)

  541. 

  542. 						m.Group("/comments", func() {

  543. 							m.Combo("").Get(repo.ListIssueComments).

  544. 								Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)

  545. 							m.Combo("/:id", reqToken()).Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueCommentDeprecated).

  546. 								Delete(repo.DeleteIssueCommentDeprecated)

  547. 						})

  548. 

  549. 						m.Group("/labels", func() {

  550. 							m.Combo("").Get(repo.ListIssueLabels).

  551. 								Post(reqToken(), bind(api.IssueLabelsOption{}), repo.AddIssueLabels).

  552. 								Put(reqToken(), bind(api.IssueLabelsOption{}), repo.ReplaceIssueLabels).

  553. 								Delete(reqToken(), repo.ClearIssueLabels)

  554. 							m.Delete("/:id", reqToken(), repo.DeleteIssueLabel)

  555. 						})

  556. 

  557. 						m.Group("/times", func() {

  558. 							m.Combo("").Get(repo.ListTrackedTimes).

  559. 								Post(reqToken(), bind(api.AddTimeOption{}), repo.AddTime)

  560. 						})

  561. 

  562. 						m.Combo("/deadline").Post(reqToken(), bind(api.EditDeadlineOption{}), repo.UpdateIssueDeadline)

  563. 						m.Group("/stopwatch", func() {

  564. 							m.Post("/start", reqToken(), repo.StartIssueStopwatch)

  565. 							m.Post("/stop", reqToken(), repo.StopIssueStopwatch)

  566. 						})

  567. 					})

  568. 				}, mustEnableIssuesOrPulls)

  569. 				m.Group("/labels", func() {

  570. 					m.Combo("").Get(repo.ListLabels).

  571. 						Post(reqToken(), reqRepoWriter(models.UnitTypeIssues, models.UnitTypePullRequests), bind(api.CreateLabelOption{}), repo.CreateLabel)

  572. 					m.Combo("/:id").Get(repo.GetLabel).

  573. 						Patch(reqToken(), reqRepoWriter(models.UnitTypeIssues, models.UnitTypePullRequests), bind(api.EditLabelOption{}), repo.EditLabel).

  574. 						Delete(reqToken(), reqRepoWriter(models.UnitTypeIssues, models.UnitTypePullRequests), repo.DeleteLabel)

  575. 				})

  576. 				m.Group("/milestones", func() {

  577. 					m.Combo("").Get(repo.ListMilestones).

  578. 						Post(reqToken(), reqRepoWriter(models.UnitTypeIssues, models.UnitTypePullRequests), bind(api.CreateMilestoneOption{}), repo.CreateMilestone)

  579. 					m.Combo("/:id").Get(repo.GetMilestone).

  580. 						Patch(reqToken(), reqRepoWriter(models.UnitTypeIssues, models.UnitTypePullRequests), bind(api.EditMilestoneOption{}), repo.EditMilestone).

  581. 						Delete(reqToken(), reqRepoWriter(models.UnitTypeIssues, models.UnitTypePullRequests), repo.DeleteMilestone)

  582. 				})

  583. 				m.Get("/stargazers", repo.ListStargazers)

  584. 				m.Get("/subscribers", repo.ListSubscribers)

  585. 				m.Group("/subscription", func() {

  586. 					m.Get("", user.IsWatching)

  587. 					m.Put("", reqToken(), user.Watch)

  588. 					m.Delete("", reqToken(), user.Unwatch)

  589. 				})

  590. 				m.Group("/releases", func() {

  591. 					m.Combo("").Get(repo.ListReleases).

  592. 						Post(reqToken(), reqRepoWriter(models.UnitTypeReleases), context.ReferencesGitRepo(), bind(api.CreateReleaseOption{}), repo.CreateRelease)

  593. 					m.Group("/:id", func() {

  594. 						m.Combo("").Get(repo.GetRelease).

  595. 							Patch(reqToken(), reqRepoWriter(models.UnitTypeReleases), context.ReferencesGitRepo(), bind(api.EditReleaseOption{}), repo.EditRelease).

  596. 							Delete(reqToken(), reqRepoWriter(models.UnitTypeReleases), repo.DeleteRelease)

  597. 						m.Group("/assets", func() {

  598. 							m.Combo("").Get(repo.ListReleaseAttachments).

  599. 								Post(reqToken(), reqRepoWriter(models.UnitTypeReleases), repo.CreateReleaseAttachment)

  600. 							m.Combo("/:asset").Get(repo.GetReleaseAttachment).

  601. 								Patch(reqToken(), reqRepoWriter(models.UnitTypeReleases), bind(api.EditAttachmentOptions{}), repo.EditReleaseAttachment).

  602. 								Delete(reqToken(), reqRepoWriter(models.UnitTypeReleases), repo.DeleteReleaseAttachment)

  603. 						})

  604. 					})

  605. 				}, reqRepoReader(models.UnitTypeReleases))

  606. 				m.Post("/mirror-sync", reqToken(), reqRepoWriter(models.UnitTypeCode), repo.MirrorSync)

  607. 				m.Get("/editorconfig/:filename", context.RepoRef(), reqRepoReader(models.UnitTypeCode), repo.GetEditorconfig)

  608. 				m.Group("/pulls", func() {

  609. 					m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests).

  610. 						Post(reqToken(), mustNotBeArchived, bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)

  611. 					m.Group("/:index", func() {

  612. 						m.Combo("").Get(repo.GetPullRequest).

  613. 							Patch(reqToken(), reqRepoWriter(models.UnitTypePullRequests), bind(api.EditPullRequestOption{}), repo.EditPullRequest)

  614. 						m.Combo("/merge").Get(repo.IsPullRequestMerged).

  615. 							Post(reqToken(), mustNotBeArchived, reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest)

  616. 					})

  617. 				}, mustAllowPulls, reqRepoReader(models.UnitTypeCode), context.ReferencesGitRepo())

  618. 				m.Group("/statuses", func() {

  619. 					m.Combo("/:sha").Get(repo.GetCommitStatuses).

  620. 						Post(reqToken(), bind(api.CreateStatusOption{}), repo.NewCommitStatus)

  621. 				}, reqRepoReader(models.UnitTypeCode))

  622. 				m.Group("/commits/:ref", func() {

  623. 					m.Get("/status", repo.GetCombinedCommitStatusByRef)

  624. 					m.Get("/statuses", repo.GetCommitStatusesByRef)

  625. 				}, reqRepoReader(models.UnitTypeCode))

  626. 				m.Group("/git", func() {

  627. 					m.Group("/commits", func() {

  628. 						m.Get("/:sha", repo.GetSingleCommit)

  629. 					})

  630. 					m.Get("/refs", repo.GetGitAllRefs)

  631. 					m.Get("/refs/*", repo.GetGitRefs)

  632. 					m.Combo("/trees/:sha", context.RepoRef()).Get(repo.GetTree)

  633. 				}, reqRepoReader(models.UnitTypeCode))

  634. 			}, repoAssignment())

  635. 		})

  636. 

  637. 		// Organizations

  638. 		m.Get("/user/orgs", reqToken(), org.ListMyOrgs)

  639. 		m.Get("/users/:username/orgs", org.ListUserOrgs)

  640. 		m.Post("/orgs", reqToken(), bind(api.CreateOrgOption{}), org.Create)

  641. 		m.Group("/orgs/:orgname", func() {

  642. 			m.Get("/repos", user.ListOrgRepos)

  643. 			m.Combo("").Get(org.Get).

  644. 				Patch(reqToken(), reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit).

  645. 				Delete(reqToken(), reqOrgOwnership(), org.Delete)

  646. 			m.Group("/members", func() {

  647. 				m.Get("", org.ListMembers)

  648. 				m.Combo("/:username").Get(org.IsMember).

  649. 					Delete(reqToken(), reqOrgOwnership(), org.DeleteMember)

  650. 			})

  651. 			m.Group("/public_members", func() {

  652. 				m.Get("", org.ListPublicMembers)

  653. 				m.Combo("/:username").Get(org.IsPublicMember).

  654. 					Put(reqToken(), reqOrgMembership(), org.PublicizeMember).

  655. 					Delete(reqToken(), reqOrgMembership(), org.ConcealMember)

  656. 			})

  657. 			m.Combo("/teams", reqToken(), reqOrgMembership()).Get(org.ListTeams).

  658. 				Post(bind(api.CreateTeamOption{}), org.CreateTeam)

  659. 			m.Group("/hooks", func() {

  660. 				m.Combo("").Get(org.ListHooks).

  661. 					Post(bind(api.CreateHookOption{}), org.CreateHook)

  662. 				m.Combo("/:id").Get(org.GetHook).

  663. 					Patch(reqOrgOwnership(), bind(api.EditHookOption{}), org.EditHook).

  664. 					Delete(reqOrgOwnership(), org.DeleteHook)

  665. 			}, reqToken(), reqOrgMembership())

  666. 		}, orgAssignment(true))

  667. 		m.Group("/teams/:teamid", func() {

  668. 			m.Combo("").Get(org.GetTeam).

  669. 				Patch(reqOrgOwnership(), bind(api.EditTeamOption{}), org.EditTeam).

  670. 				Delete(reqOrgOwnership(), org.DeleteTeam)

  671. 			m.Group("/members", func() {

  672. 				m.Get("", org.GetTeamMembers)

  673. 				m.Combo("/:username").

  674. 					Get(org.GetTeamMember).

  675. 					Put(reqOrgOwnership(), org.AddTeamMember).

  676. 					Delete(reqOrgOwnership(), org.RemoveTeamMember)

  677. 			})

  678. 			m.Group("/repos", func() {

  679. 				m.Get("", org.GetTeamRepos)

  680. 				m.Combo("/:orgname/:reponame").

  681. 					Put(org.AddTeamRepository).

  682. 					Delete(org.RemoveTeamRepository)

  683. 			})

  684. 		}, orgAssignment(false, true), reqToken(), reqOrgMembership())

  685. 

  686. 		m.Any("/*", func(ctx *context.Context) {

  687. 			ctx.Error(404)

  688. 		})

  689. 

  690. 		m.Group("/admin", func() {

  691. 			m.Get("/orgs", admin.GetAllOrgs)

  692. 			m.Group("/users", func() {

  693. 				m.Get("", admin.GetAllUsers)

  694. 				m.Post("", bind(api.CreateUserOption{}), admin.CreateUser)

  695. 				m.Group("/:username", func() {

  696. 					m.Combo("").Patch(bind(api.EditUserOption{}), admin.EditUser).

  697. 						Delete(admin.DeleteUser)

  698. 					m.Group("/keys", func() {

  699. 						m.Post("", bind(api.CreateKeyOption{}), admin.CreatePublicKey)

  700. 						m.Delete("/:id", admin.DeleteUserPublicKey)

  701. 					})

  702. 					m.Get("/orgs", org.ListUserOrgs)

  703. 					m.Post("/orgs", bind(api.CreateOrgOption{}), admin.CreateOrg)

  704. 					m.Post("/repos", bind(api.CreateRepoOption{}), admin.CreateRepo)

  705. 				})

  706. 			})

  707. 		}, reqToken(), reqSiteAdmin())

  708. 

  709. 		m.Group("/topics", func() {

  710. 			m.Get("/search", repo.TopicSearch)

  711. 		})

  712. 	}, context.APIContexter(), sudo())

  713. }