mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7782 Commits
17 Branches
Tree: 7156e2a71a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7156e2a71a'
${ noResults }
gitea/routers/api/v1/repo/release_attachment.go

release_attachment.go 8.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337 
  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package repo

  6. 

  7. import (

  8. 	"errors"

  9. 	"net/http"

  10. 	"strings"

  11. 

  12. 	"code.gitea.io/gitea/models"

  13. 	"code.gitea.io/gitea/modules/context"

  14. 	"code.gitea.io/gitea/modules/log"

  15. 	"code.gitea.io/gitea/modules/setting"

  16. 

  17. 	api "code.gitea.io/gitea/modules/structs"

  18. )

  19. 

  20. // GetReleaseAttachment gets a single attachment of the release

  21. func GetReleaseAttachment(ctx *context.APIContext) {

  22. 	// swagger:operation GET /repos/{owner}/{repo}/releases/{id}/assets/{attachment_id} repository repoGetReleaseAttachment

  23. 	// ---

  24. 	// summary: Get a release attachment

  25. 	// produces:

  26. 	// - application/json

  27. 	// parameters:

  28. 	// - name: owner

  29. 	//   in: path

  30. 	//   description: owner of the repo

  31. 	//   type: string

  32. 	//   required: true

  33. 	// - name: repo

  34. 	//   in: path

  35. 	//   description: name of the repo

  36. 	//   type: string

  37. 	//   required: true

  38. 	// - name: id

  39. 	//   in: path

  40. 	//   description: id of the release

  41. 	//   type: integer

  42. 	//   format: int64

  43. 	//   required: true

  44. 	// - name: attachment_id

  45. 	//   in: path

  46. 	//   description: id of the attachment to get

  47. 	//   type: integer

  48. 	//   format: int64

  49. 	//   required: true

  50. 	// responses:

  51. 	//   "200":

  52. 	//     "$ref": "#/responses/Attachment"

  53. 	releaseID := ctx.ParamsInt64(":id")

  54. 	attachID := ctx.ParamsInt64(":asset")

  55. 	attach, err := models.GetAttachmentByID(attachID)

  56. 	if err != nil {

  57. 		ctx.Error(500, "GetAttachmentByID", err)

  58. 		return

  59. 	}

  60. 	if attach.ReleaseID != releaseID {

  61. 		log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID)

  62. 		ctx.NotFound()

  63. 		return

  64. 	}

  65. 	// FIXME Should prove the existence of the given repo, but results in unnecessary database requests

  66. 	ctx.JSON(200, attach.APIFormat())

  67. }

  68. 

  69. // ListReleaseAttachments lists all attachments of the release

  70. func ListReleaseAttachments(ctx *context.APIContext) {

  71. 	// swagger:operation GET /repos/{owner}/{repo}/releases/{id}/assets repository repoListReleaseAttachments

  72. 	// ---

  73. 	// summary: List release's attachments

  74. 	// produces:

  75. 	// - application/json

  76. 	// parameters:

  77. 	// - name: owner

  78. 	//   in: path

  79. 	//   description: owner of the repo

  80. 	//   type: string

  81. 	//   required: true

  82. 	// - name: repo

  83. 	//   in: path

  84. 	//   description: name of the repo

  85. 	//   type: string

  86. 	//   required: true

  87. 	// - name: id

  88. 	//   in: path

  89. 	//   description: id of the release

  90. 	//   type: integer

  91. 	//   format: int64

  92. 	//   required: true

  93. 	// responses:

  94. 	//   "200":

  95. 	//     "$ref": "#/responses/AttachmentList"

  96. 	releaseID := ctx.ParamsInt64(":id")

  97. 	release, err := models.GetReleaseByID(releaseID)

  98. 	if err != nil {

  99. 		ctx.Error(500, "GetReleaseByID", err)

  100. 		return

  101. 	}

  102. 	if release.RepoID != ctx.Repo.Repository.ID {

  103. 		ctx.NotFound()

  104. 		return

  105. 	}

  106. 	if err := release.LoadAttributes(); err != nil {

  107. 		ctx.Error(500, "LoadAttributes", err)

  108. 		return

  109. 	}

  110. 	ctx.JSON(200, release.APIFormat().Attachments)

  111. }

  112. 

  113. // CreateReleaseAttachment creates an attachment and saves the given file

  114. func CreateReleaseAttachment(ctx *context.APIContext) {

  115. 	// swagger:operation POST /repos/{owner}/{repo}/releases/{id}/assets repository repoCreateReleaseAttachment

  116. 	// ---

  117. 	// summary: Create a release attachment

  118. 	// produces:

  119. 	// - application/json

  120. 	// consumes:

  121. 	// - multipart/form-data

  122. 	// parameters:

  123. 	// - name: owner

  124. 	//   in: path

  125. 	//   description: owner of the repo

  126. 	//   type: string

  127. 	//   required: true

  128. 	// - name: repo

  129. 	//   in: path

  130. 	//   description: name of the repo

  131. 	//   type: string

  132. 	//   required: true

  133. 	// - name: id

  134. 	//   in: path

  135. 	//   description: id of the release

  136. 	//   type: integer

  137. 	//   format: int64

  138. 	//   required: true

  139. 	// - name: name

  140. 	//   in: query

  141. 	//   description: name of the attachment

  142. 	//   type: string

  143. 	//   required: false

  144. 	// - name: attachment

  145. 	//   in: formData

  146. 	//   description: attachment to upload

  147. 	//   type: file

  148. 	//   required: true

  149. 	// responses:

  150. 	//   "201":

  151. 	//     "$ref": "#/responses/Attachment"

  152. 

  153. 	// Check if attachments are enabled

  154. 	if !setting.AttachmentEnabled {

  155. 		ctx.NotFound("Attachment is not enabled")

  156. 		return

  157. 	}

  158. 

  159. 	// Check if release exists an load release

  160. 	releaseID := ctx.ParamsInt64(":id")

  161. 	release, err := models.GetReleaseByID(releaseID)

  162. 	if err != nil {

  163. 		ctx.Error(500, "GetReleaseByID", err)

  164. 		return

  165. 	}

  166. 

  167. 	// Get uploaded file from request

  168. 	file, header, err := ctx.GetFile("attachment")

  169. 	if err != nil {

  170. 		ctx.Error(500, "GetFile", err)

  171. 		return

  172. 	}

  173. 	defer file.Close()

  174. 

  175. 	buf := make([]byte, 1024)

  176. 	n, _ := file.Read(buf)

  177. 	if n > 0 {

  178. 		buf = buf[:n]

  179. 	}

  180. 

  181. 	// Check if the filetype is allowed by the settings

  182. 	fileType := http.DetectContentType(buf)

  183. 

  184. 	allowedTypes := strings.Split(setting.AttachmentAllowedTypes, ",")

  185. 	allowed := false

  186. 	for _, t := range allowedTypes {

  187. 		t := strings.Trim(t, " ")

  188. 		if t == "*/*" || t == fileType ||

  189. 			strings.HasPrefix(fileType, t+";") {

  190. 			allowed = true

  191. 			break

  192. 		}

  193. 	}

  194. 

  195. 	if !allowed {

  196. 		ctx.Error(400, "DetectContentType", errors.New("File type is not allowed"))

  197. 		return

  198. 	}

  199. 

  200. 	var filename = header.Filename

  201. 	if query := ctx.Query("name"); query != "" {

  202. 		filename = query

  203. 	}

  204. 

  205. 	// Create a new attachment and save the file

  206. 	attach, err := models.NewAttachment(&models.Attachment{

  207. 		UploaderID: ctx.User.ID,

  208. 		Name:       filename,

  209. 		ReleaseID:  release.ID,

  210. 	}, buf, file)

  211. 	if err != nil {

  212. 		ctx.Error(500, "NewAttachment", err)

  213. 		return

  214. 	}

  215. 

  216. 	ctx.JSON(201, attach.APIFormat())

  217. }

  218. 

  219. // EditReleaseAttachment updates the given attachment

  220. func EditReleaseAttachment(ctx *context.APIContext, form api.EditAttachmentOptions) {

  221. 	// swagger:operation PATCH /repos/{owner}/{repo}/releases/{id}/assets/{attachment_id} repository repoEditReleaseAttachment

  222. 	// ---

  223. 	// summary: Edit a release attachment

  224. 	// produces:

  225. 	// - application/json

  226. 	// consumes:

  227. 	// - application/json

  228. 	// parameters:

  229. 	// - name: owner

  230. 	//   in: path

  231. 	//   description: owner of the repo

  232. 	//   type: string

  233. 	//   required: true

  234. 	// - name: repo

  235. 	//   in: path

  236. 	//   description: name of the repo

  237. 	//   type: string

  238. 	//   required: true

  239. 	// - name: id

  240. 	//   in: path

  241. 	//   description: id of the release

  242. 	//   type: integer

  243. 	//   format: int64

  244. 	//   required: true

  245. 	// - name: attachment_id

  246. 	//   in: path

  247. 	//   description: id of the attachment to edit

  248. 	//   type: integer

  249. 	//   format: int64

  250. 	//   required: true

  251. 	// - name: body

  252. 	//   in: body

  253. 	//   schema:

  254. 	//     "$ref": "#/definitions/EditAttachmentOptions"

  255. 	// responses:

  256. 	//   "201":

  257. 	//     "$ref": "#/responses/Attachment"

  258. 

  259. 	// Check if release exists an load release

  260. 	releaseID := ctx.ParamsInt64(":id")

  261. 	attachID := ctx.ParamsInt64(":asset")

  262. 	attach, err := models.GetAttachmentByID(attachID)

  263. 	if err != nil {

  264. 		ctx.Error(500, "GetAttachmentByID", err)

  265. 		return

  266. 	}

  267. 	if attach.ReleaseID != releaseID {

  268. 		log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID)

  269. 		ctx.NotFound()

  270. 		return

  271. 	}

  272. 	// FIXME Should prove the existence of the given repo, but results in unnecessary database requests

  273. 	if form.Name != "" {

  274. 		attach.Name = form.Name

  275. 	}

  276. 

  277. 	if err := models.UpdateAttachment(attach); err != nil {

  278. 		ctx.Error(500, "UpdateAttachment", attach)

  279. 	}

  280. 	ctx.JSON(201, attach.APIFormat())

  281. }

  282. 

  283. // DeleteReleaseAttachment delete a given attachment

  284. func DeleteReleaseAttachment(ctx *context.APIContext) {

  285. 	// swagger:operation DELETE /repos/{owner}/{repo}/releases/{id}/assets/{attachment_id} repository repoDeleteReleaseAttachment

  286. 	// ---

  287. 	// summary: Delete a release attachment

  288. 	// produces:

  289. 	// - application/json

  290. 	// parameters:

  291. 	// - name: owner

  292. 	//   in: path

  293. 	//   description: owner of the repo

  294. 	//   type: string

  295. 	//   required: true

  296. 	// - name: repo

  297. 	//   in: path

  298. 	//   description: name of the repo

  299. 	//   type: string

  300. 	//   required: true

  301. 	// - name: id

  302. 	//   in: path

  303. 	//   description: id of the release

  304. 	//   type: integer

  305. 	//   format: int64

  306. 	//   required: true

  307. 	// - name: attachment_id

  308. 	//   in: path

  309. 	//   description: id of the attachment to delete

  310. 	//   type: integer

  311. 	//   format: int64

  312. 	//   required: true

  313. 	// responses:

  314. 	//   "204":

  315. 	//     "$ref": "#/responses/empty"

  316. 

  317. 	// Check if release exists an load release

  318. 	releaseID := ctx.ParamsInt64(":id")

  319. 	attachID := ctx.ParamsInt64(":asset")

  320. 	attach, err := models.GetAttachmentByID(attachID)

  321. 	if err != nil {

  322. 		ctx.Error(500, "GetAttachmentByID", err)

  323. 		return

  324. 	}

  325. 	if attach.ReleaseID != releaseID {

  326. 		log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID)

  327. 		ctx.NotFound()

  328. 		return

  329. 	}

  330. 	// FIXME Should prove the existence of the given repo, but results in unnecessary database requests

  331. 

  332. 	if err := models.DeleteAttachment(attach, true); err != nil {

  333. 		ctx.Error(500, "DeleteAttachment", err)

  334. 		return

  335. 	}

  336. 	ctx.Status(204)

  337. }