mirrors
/
gitea
miroir de https://github.com/go-gitea/gitea.git
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Versions 211 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
5084 Révisions
17 Branches
Aborescence: 447c9b428f
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '447c9b428f'
${ noResults }
gitea/routers/api/v1/api.go

api.go 14KB
Brut Annotations Historique

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479 
  1. // Copyright 2015 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package v1

  6. 

  7. import (

  8. 	"strings"

  9. 

  10. 	"github.com/go-macaron/binding"

  11. 	"gopkg.in/macaron.v1"

  12. 

  13. 	api "code.gitea.io/sdk/gitea"

  14. 

  15. 	"code.gitea.io/gitea/models"

  16. 	"code.gitea.io/gitea/modules/auth"

  17. 	"code.gitea.io/gitea/modules/context"

  18. 	"code.gitea.io/gitea/routers/api/v1/admin"

  19. 	"code.gitea.io/gitea/routers/api/v1/misc"

  20. 	"code.gitea.io/gitea/routers/api/v1/org"

  21. 	"code.gitea.io/gitea/routers/api/v1/repo"

  22. 	"code.gitea.io/gitea/routers/api/v1/user"

  23. )

  24. 

  25. func repoAssignment() macaron.Handler {

  26. 	return func(ctx *context.APIContext) {

  27. 		userName := ctx.Params(":username")

  28. 		repoName := ctx.Params(":reponame")

  29. 

  30. 		var (

  31. 			owner *models.User

  32. 			err   error

  33. 		)

  34. 

  35. 		// Check if the user is the same as the repository owner.

  36. 		if ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) {

  37. 			owner = ctx.User

  38. 		} else {

  39. 			owner, err = models.GetUserByName(userName)

  40. 			if err != nil {

  41. 				if models.IsErrUserNotExist(err) {

  42. 					ctx.Status(404)

  43. 				} else {

  44. 					ctx.Error(500, "GetUserByName", err)

  45. 				}

  46. 				return

  47. 			}

  48. 		}

  49. 		ctx.Repo.Owner = owner

  50. 

  51. 		// Get repository.

  52. 		repo, err := models.GetRepositoryByName(owner.ID, repoName)

  53. 		if err != nil {

  54. 			if models.IsErrRepoNotExist(err) {

  55. 				redirectRepoID, err := models.LookupRepoRedirect(owner.ID, repoName)

  56. 				if err == nil {

  57. 					context.RedirectToRepo(ctx.Context, redirectRepoID)

  58. 				} else if models.IsErrRepoRedirectNotExist(err) {

  59. 					ctx.Status(404)

  60. 				} else {

  61. 					ctx.Error(500, "LookupRepoRedirect", err)

  62. 				}

  63. 			} else {

  64. 				ctx.Error(500, "GetRepositoryByName", err)

  65. 			}

  66. 			return

  67. 		}

  68. 		repo.Owner = owner

  69. 

  70. 		if ctx.IsSigned && ctx.User.IsAdmin {

  71. 			ctx.Repo.AccessMode = models.AccessModeOwner

  72. 		} else {

  73. 			mode, err := models.AccessLevel(ctx.User.ID, repo)

  74. 			if err != nil {

  75. 				ctx.Error(500, "AccessLevel", err)

  76. 				return

  77. 			}

  78. 			ctx.Repo.AccessMode = mode

  79. 		}

  80. 

  81. 		if !ctx.Repo.HasAccess() {

  82. 			ctx.Status(404)

  83. 			return

  84. 		}

  85. 

  86. 		ctx.Repo.Repository = repo

  87. 	}

  88. }

  89. 

  90. // Contexter middleware already checks token for user sign in process.

  91. func reqToken() macaron.Handler {

  92. 	return func(ctx *context.Context) {

  93. 		if !ctx.IsSigned {

  94. 			ctx.Error(401)

  95. 			return

  96. 		}

  97. 	}

  98. }

  99. 

  100. func reqBasicAuth() macaron.Handler {

  101. 	return func(ctx *context.Context) {

  102. 		if !ctx.IsBasicAuth {

  103. 			ctx.Error(401)

  104. 			return

  105. 		}

  106. 	}

  107. }

  108. 

  109. func reqAdmin() macaron.Handler {

  110. 	return func(ctx *context.Context) {

  111. 		if !ctx.IsSigned || !ctx.User.IsAdmin {

  112. 			ctx.Error(403)

  113. 			return

  114. 		}

  115. 	}

  116. }

  117. 

  118. func reqRepoWriter() macaron.Handler {

  119. 	return func(ctx *context.Context) {

  120. 		if !ctx.Repo.IsWriter() {

  121. 			ctx.Error(403)

  122. 			return

  123. 		}

  124. 	}

  125. }

  126. 

  127. func reqOrgMembership() macaron.Handler {

  128. 	return func(ctx *context.APIContext) {

  129. 		var orgID int64

  130. 		if ctx.Org.Organization != nil {

  131. 			orgID = ctx.Org.Organization.ID

  132. 		} else if ctx.Org.Team != nil {

  133. 			orgID = ctx.Org.Team.OrgID

  134. 		} else {

  135. 			ctx.Error(500, "", "reqOrgMembership: unprepared context")

  136. 			return

  137. 		}

  138. 

  139. 		if !models.IsOrganizationMember(orgID, ctx.User.ID) {

  140. 			if ctx.Org.Organization != nil {

  141. 				ctx.Error(403, "", "Must be an organization member")

  142. 			} else {

  143. 				ctx.Status(404)

  144. 			}

  145. 			return

  146. 		}

  147. 	}

  148. }

  149. 

  150. func reqOrgOwnership() macaron.Handler {

  151. 	return func(ctx *context.APIContext) {

  152. 		var orgID int64

  153. 		if ctx.Org.Organization != nil {

  154. 			orgID = ctx.Org.Organization.ID

  155. 		} else if ctx.Org.Team != nil {

  156. 			orgID = ctx.Org.Team.OrgID

  157. 		} else {

  158. 			ctx.Error(500, "", "reqOrgOwnership: unprepared context")

  159. 			return

  160. 		}

  161. 

  162. 		if !models.IsOrganizationOwner(orgID, ctx.User.ID) {

  163. 			if ctx.Org.Organization != nil {

  164. 				ctx.Error(403, "", "Must be an organization owner")

  165. 			} else {

  166. 				ctx.Status(404)

  167. 			}

  168. 			return

  169. 		}

  170. 	}

  171. }

  172. 

  173. func orgAssignment(args ...bool) macaron.Handler {

  174. 	var (

  175. 		assignOrg  bool

  176. 		assignTeam bool

  177. 	)

  178. 	if len(args) > 0 {

  179. 		assignOrg = args[0]

  180. 	}

  181. 	if len(args) > 1 {

  182. 		assignTeam = args[1]

  183. 	}

  184. 	return func(ctx *context.APIContext) {

  185. 		ctx.Org = new(context.APIOrganization)

  186. 

  187. 		var err error

  188. 		if assignOrg {

  189. 			ctx.Org.Organization, err = models.GetUserByName(ctx.Params(":orgname"))

  190. 			if err != nil {

  191. 				if models.IsErrUserNotExist(err) {

  192. 					ctx.Status(404)

  193. 				} else {

  194. 					ctx.Error(500, "GetUserByName", err)

  195. 				}

  196. 				return

  197. 			}

  198. 		}

  199. 

  200. 		if assignTeam {

  201. 			ctx.Org.Team, err = models.GetTeamByID(ctx.ParamsInt64(":teamid"))

  202. 			if err != nil {

  203. 				if models.IsErrUserNotExist(err) {

  204. 					ctx.Status(404)

  205. 				} else {

  206. 					ctx.Error(500, "GetTeamById", err)

  207. 				}

  208. 				return

  209. 			}

  210. 		}

  211. 	}

  212. }

  213. 

  214. func mustEnableIssues(ctx *context.APIContext) {

  215. 	if !ctx.Repo.Repository.EnableUnit(models.UnitTypeIssues) {

  216. 		ctx.Status(404)

  217. 		return

  218. 	}

  219. }

  220. 

  221. func mustAllowPulls(ctx *context.Context) {

  222. 	if !ctx.Repo.Repository.AllowsPulls() {

  223. 		ctx.Status(404)

  224. 		return

  225. 	}

  226. }

  227. 

  228. // RegisterRoutes registers all v1 APIs routes to web application.

  229. // FIXME: custom form error response

  230. func RegisterRoutes(m *macaron.Macaron) {

  231. 	bind := binding.Bind

  232. 

  233. 	m.Group("/v1", func() {

  234. 		// Miscellaneous

  235. 		m.Get("/version", misc.Version)

  236. 		m.Post("/markdown", bind(api.MarkdownOption{}), misc.Markdown)

  237. 		m.Post("/markdown/raw", misc.MarkdownRaw)

  238. 

  239. 		// Users

  240. 		m.Group("/users", func() {

  241. 			m.Get("/search", user.Search)

  242. 

  243. 			m.Group("/:username", func() {

  244. 				m.Get("", user.GetInfo)

  245. 

  246. 				m.Get("/repos", user.ListUserRepos)

  247. 				m.Group("/tokens", func() {

  248. 					m.Combo("").Get(user.ListAccessTokens).

  249. 						Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)

  250. 				}, reqBasicAuth())

  251. 			})

  252. 		})

  253. 

  254. 		m.Group("/users", func() {

  255. 			m.Group("/:username", func() {

  256. 				m.Get("/keys", user.ListPublicKeys)

  257. 				m.Get("/gpg_keys", user.ListGPGKeys)

  258. 

  259. 				m.Get("/followers", user.ListFollowers)

  260. 				m.Group("/following", func() {

  261. 					m.Get("", user.ListFollowing)

  262. 					m.Get("/:target", user.CheckFollowing)

  263. 				})

  264. 

  265. 				m.Get("/starred", user.GetStarredRepos)

  266. 

  267. 				m.Get("/subscriptions", user.GetWatchedRepos)

  268. 			})

  269. 		}, reqToken())

  270. 

  271. 		m.Group("/user", func() {

  272. 			m.Get("", user.GetAuthenticatedUser)

  273. 			m.Combo("/emails").Get(user.ListEmails).

  274. 				Post(bind(api.CreateEmailOption{}), user.AddEmail).

  275. 				Delete(bind(api.CreateEmailOption{}), user.DeleteEmail)

  276. 

  277. 			m.Get("/followers", user.ListMyFollowers)

  278. 			m.Group("/following", func() {

  279. 				m.Get("", user.ListMyFollowing)

  280. 				m.Combo("/:username").Get(user.CheckMyFollowing).Put(user.Follow).Delete(user.Unfollow)

  281. 			})

  282. 

  283. 			m.Group("/keys", func() {

  284. 				m.Combo("").Get(user.ListMyPublicKeys).

  285. 					Post(bind(api.CreateKeyOption{}), user.CreatePublicKey)

  286. 				m.Combo("/:id").Get(user.GetPublicKey).

  287. 					Delete(user.DeletePublicKey)

  288. 			})

  289. 

  290. 			m.Group("/gpg_keys", func() {

  291. 				m.Combo("").Get(user.ListMyGPGKeys).

  292. 					Post(bind(api.CreateGPGKeyOption{}), user.CreateGPGKey)

  293. 				m.Combo("/:id").Get(user.GetGPGKey).

  294. 					Delete(user.DeleteGPGKey)

  295. 			})

  296. 

  297. 			m.Combo("/repos").Get(user.ListMyRepos).

  298. 				Post(bind(api.CreateRepoOption{}), repo.Create)

  299. 

  300. 			m.Group("/starred", func() {

  301. 				m.Get("", user.GetMyStarredRepos)

  302. 				m.Group("/:username/:reponame", func() {

  303. 					m.Get("", user.IsStarring)

  304. 					m.Put("", user.Star)

  305. 					m.Delete("", user.Unstar)

  306. 				}, repoAssignment())

  307. 			})

  308. 

  309. 			m.Get("/subscriptions", user.GetMyWatchedRepos)

  310. 		}, reqToken())

  311. 

  312. 		// Repositories

  313. 		m.Post("/org/:org/repos", reqToken(), bind(api.CreateRepoOption{}), repo.CreateOrgRepo)

  314. 

  315. 		m.Group("/repos", func() {

  316. 			m.Get("/search", repo.Search)

  317. 		})

  318. 

  319. 		m.Combo("/repositories/:id", reqToken()).Get(repo.GetByID)

  320. 

  321. 		m.Group("/repos", func() {

  322. 			m.Post("/migrate", bind(auth.MigrateRepoForm{}), repo.Migrate)

  323. 

  324. 			m.Group("/:username/:reponame", func() {

  325. 				m.Combo("").Get(repo.Get).Delete(repo.Delete)

  326. 				m.Group("/hooks", func() {

  327. 					m.Combo("").Get(repo.ListHooks).

  328. 						Post(bind(api.CreateHookOption{}), repo.CreateHook)

  329. 					m.Combo("/:id").Get(repo.GetHook).

  330. 						Patch(bind(api.EditHookOption{}), repo.EditHook).

  331. 						Delete(repo.DeleteHook)

  332. 				}, reqRepoWriter())

  333. 				m.Group("/collaborators", func() {

  334. 					m.Get("", repo.ListCollaborators)

  335. 					m.Combo("/:collaborator").Get(repo.IsCollaborator).

  336. 						Put(bind(api.AddCollaboratorOption{}), repo.AddCollaborator).

  337. 						Delete(repo.DeleteCollaborator)

  338. 				})

  339. 				m.Get("/raw/*", context.RepoRef(), repo.GetRawFile)

  340. 				m.Get("/archive/*", repo.GetArchive)

  341. 				m.Combo("/forks").Get(repo.ListForks).

  342. 					Post(bind(api.CreateForkOption{}), repo.CreateFork)

  343. 				m.Group("/branches", func() {

  344. 					m.Get("", repo.ListBranches)

  345. 					m.Get("/:branchname", repo.GetBranch)

  346. 				})

  347. 				m.Group("/keys", func() {

  348. 					m.Combo("").Get(repo.ListDeployKeys).

  349. 						Post(bind(api.CreateKeyOption{}), repo.CreateDeployKey)

  350. 					m.Combo("/:id").Get(repo.GetDeployKey).

  351. 						Delete(repo.DeleteDeploykey)

  352. 				})

  353. 				m.Group("/issues", func() {

  354. 					m.Combo("").Get(repo.ListIssues).Post(bind(api.CreateIssueOption{}), repo.CreateIssue)

  355. 					m.Group("/comments", func() {

  356. 						m.Get("", repo.ListRepoIssueComments)

  357. 						m.Combo("/:id").Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment)

  358. 					})

  359. 					m.Group("/:index", func() {

  360. 						m.Combo("").Get(repo.GetIssue).Patch(bind(api.EditIssueOption{}), repo.EditIssue)

  361. 

  362. 						m.Group("/comments", func() {

  363. 							m.Combo("").Get(repo.ListIssueComments).Post(bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)

  364. 							m.Combo("/:id").Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment).

  365. 								Delete(repo.DeleteIssueComment)

  366. 						})

  367. 

  368. 						m.Group("/labels", func() {

  369. 							m.Combo("").Get(repo.ListIssueLabels).

  370. 								Post(bind(api.IssueLabelsOption{}), repo.AddIssueLabels).

  371. 								Put(bind(api.IssueLabelsOption{}), repo.ReplaceIssueLabels).

  372. 								Delete(repo.ClearIssueLabels)

  373. 							m.Delete("/:id", repo.DeleteIssueLabel)

  374. 						})

  375. 

  376. 					})

  377. 				}, mustEnableIssues)

  378. 				m.Group("/labels", func() {

  379. 					m.Combo("").Get(repo.ListLabels).

  380. 						Post(bind(api.CreateLabelOption{}), repo.CreateLabel)

  381. 					m.Combo("/:id").Get(repo.GetLabel).Patch(bind(api.EditLabelOption{}), repo.EditLabel).

  382. 						Delete(repo.DeleteLabel)

  383. 				})

  384. 				m.Group("/milestones", func() {

  385. 					m.Combo("").Get(repo.ListMilestones).

  386. 						Post(reqRepoWriter(), bind(api.CreateMilestoneOption{}), repo.CreateMilestone)

  387. 					m.Combo("/:id").Get(repo.GetMilestone).

  388. 						Patch(reqRepoWriter(), bind(api.EditMilestoneOption{}), repo.EditMilestone).

  389. 						Delete(reqRepoWriter(), repo.DeleteMilestone)

  390. 				})

  391. 				m.Get("/stargazers", repo.ListStargazers)

  392. 				m.Get("/subscribers", repo.ListSubscribers)

  393. 				m.Group("/subscription", func() {

  394. 					m.Get("", user.IsWatching)

  395. 					m.Put("", user.Watch)

  396. 					m.Delete("", user.Unwatch)

  397. 				})

  398. 				m.Group("/releases", func() {

  399. 					m.Combo("").Get(repo.ListReleases).

  400. 						Post(bind(api.CreateReleaseOption{}), repo.CreateRelease)

  401. 					m.Combo("/:id").Get(repo.GetRelease).

  402. 						Patch(bind(api.EditReleaseOption{}), repo.EditRelease).

  403. 						Delete(repo.DeleteRelease)

  404. 				})

  405. 				m.Get("/editorconfig/:filename", context.RepoRef(), repo.GetEditorconfig)

  406. 				m.Group("/pulls", func() {

  407. 					m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests).Post(reqRepoWriter(), bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)

  408. 					m.Group("/:index", func() {

  409. 						m.Combo("").Get(repo.GetPullRequest).Patch(reqRepoWriter(), bind(api.EditPullRequestOption{}), repo.EditPullRequest)

  410. 						m.Combo("/merge").Get(repo.IsPullRequestMerged).Post(reqRepoWriter(), repo.MergePullRequest)

  411. 					})

  412. 

  413. 				}, mustAllowPulls, context.ReferencesGitRepo())

  414. 			}, repoAssignment())

  415. 		}, reqToken())

  416. 

  417. 		// Organizations

  418. 		m.Get("/user/orgs", reqToken(), org.ListMyOrgs)

  419. 		m.Get("/users/:username/orgs", org.ListUserOrgs)

  420. 		m.Group("/orgs/:orgname", func() {

  421. 			m.Combo("").Get(org.Get).

  422. 				Patch(reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit)

  423. 			m.Group("/members", func() {

  424. 				m.Get("", org.ListMembers)

  425. 				m.Combo("/:username").Get(org.IsMember).

  426. 					Delete(reqOrgOwnership(), org.DeleteMember)

  427. 			})

  428. 			m.Group("/public_members", func() {

  429. 				m.Get("", org.ListPublicMembers)

  430. 				m.Combo("/:username").Get(org.IsPublicMember).

  431. 					Put(reqOrgMembership(), org.PublicizeMember).

  432. 					Delete(reqOrgMembership(), org.ConcealMember)

  433. 			})

  434. 			m.Combo("/teams", reqOrgMembership()).Get(org.ListTeams).

  435. 				Post(bind(api.CreateTeamOption{}), org.CreateTeam)

  436. 			m.Group("/hooks", func() {

  437. 				m.Combo("").Get(org.ListHooks).

  438. 					Post(bind(api.CreateHookOption{}), org.CreateHook)

  439. 				m.Combo("/:id").Get(org.GetHook).

  440. 					Patch(reqOrgOwnership(), bind(api.EditHookOption{}), org.EditHook).

  441. 					Delete(reqOrgOwnership(), org.DeleteHook)

  442. 			}, reqOrgMembership())

  443. 		}, orgAssignment(true))

  444. 		m.Group("/teams/:teamid", func() {

  445. 			m.Combo("").Get(org.GetTeam).

  446. 				Patch(reqOrgOwnership(), bind(api.EditTeamOption{}), org.EditTeam).

  447. 				Delete(reqOrgOwnership(), org.DeleteTeam)

  448. 			m.Group("/members", func() {

  449. 				m.Get("", org.GetTeamMembers)

  450. 				m.Combo("/:username").

  451. 					Put(reqOrgOwnership(), org.AddTeamMember).

  452. 					Delete(reqOrgOwnership(), org.RemoveTeamMember)

  453. 			})

  454. 			m.Group("/repos", func() {

  455. 				m.Get("", org.GetTeamRepos)

  456. 				m.Combo(":orgname/:reponame").

  457. 					Put(org.AddTeamRepository).

  458. 					Delete(org.RemoveTeamRepository)

  459. 			})

  460. 		}, reqOrgMembership(), orgAssignment(false, true))

  461. 

  462. 		m.Any("/*", func(ctx *context.Context) {

  463. 			ctx.Error(404)

  464. 		})

  465. 

  466. 		m.Group("/admin", func() {

  467. 			m.Group("/users", func() {

  468. 				m.Post("", bind(api.CreateUserOption{}), admin.CreateUser)

  469. 				m.Group("/:username", func() {

  470. 					m.Combo("").Patch(bind(api.EditUserOption{}), admin.EditUser).

  471. 						Delete(admin.DeleteUser)

  472. 					m.Post("/keys", bind(api.CreateKeyOption{}), admin.CreatePublicKey)

  473. 					m.Post("/orgs", bind(api.CreateOrgOption{}), admin.CreateOrg)

  474. 					m.Post("/repos", bind(api.CreateRepoOption{}), admin.CreateRepo)

  475. 				})

  476. 			})

  477. 		}, reqAdmin())

  478. 	}, context.APIContexter())

  479. }