mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14920 Commits
17 Branches
Tree: 73ae6b21d1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '73ae6b21d1'
${ noResults }
gitea/routers/web/repo/attachment.go

attachment.go 4.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package repo

  5. 

  6. import (

  7. 	"fmt"

  8. 	"net/http"

  9. 

  10. 	access_model "code.gitea.io/gitea/models/perm/access"

  11. 	repo_model "code.gitea.io/gitea/models/repo"

  12. 	"code.gitea.io/gitea/modules/context"

  13. 	"code.gitea.io/gitea/modules/httpcache"

  14. 	"code.gitea.io/gitea/modules/log"

  15. 	"code.gitea.io/gitea/modules/setting"

  16. 	"code.gitea.io/gitea/modules/storage"

  17. 	"code.gitea.io/gitea/modules/upload"

  18. 	"code.gitea.io/gitea/routers/common"

  19. 	"code.gitea.io/gitea/services/attachment"

  20. 	repo_service "code.gitea.io/gitea/services/repository"

  21. )

  22. 

  23. // UploadIssueAttachment response for Issue/PR attachments

  24. func UploadIssueAttachment(ctx *context.Context) {

  25. 	uploadAttachment(ctx, ctx.Repo.Repository.ID, setting.Attachment.AllowedTypes)

  26. }

  27. 

  28. // UploadReleaseAttachment response for uploading release attachments

  29. func UploadReleaseAttachment(ctx *context.Context) {

  30. 	uploadAttachment(ctx, ctx.Repo.Repository.ID, setting.Repository.Release.AllowedTypes)

  31. }

  32. 

  33. // UploadAttachment response for uploading attachments

  34. func uploadAttachment(ctx *context.Context, repoID int64, allowedTypes string) {

  35. 	if !setting.Attachment.Enabled {

  36. 		ctx.Error(http.StatusNotFound, "attachment is not enabled")

  37. 		return

  38. 	}

  39. 

  40. 	file, header, err := ctx.Req.FormFile("file")

  41. 	if err != nil {

  42. 		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("FormFile: %v", err))

  43. 		return

  44. 	}

  45. 	defer file.Close()

  46. 

  47. 	attach, err := attachment.UploadAttachment(file, allowedTypes, header.Size, &repo_model.Attachment{

  48. 		Name:       header.Filename,

  49. 		UploaderID: ctx.Doer.ID,

  50. 		RepoID:     repoID,

  51. 	})

  52. 	if err != nil {

  53. 		if upload.IsErrFileTypeForbidden(err) {

  54. 			ctx.Error(http.StatusBadRequest, err.Error())

  55. 			return

  56. 		}

  57. 		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("NewAttachment: %v", err))

  58. 		return

  59. 	}

  60. 

  61. 	log.Trace("New attachment uploaded: %s", attach.UUID)

  62. 	ctx.JSON(http.StatusOK, map[string]string{

  63. 		"uuid": attach.UUID,

  64. 	})

  65. }

  66. 

  67. // DeleteAttachment response for deleting issue's attachment

  68. func DeleteAttachment(ctx *context.Context) {

  69. 	file := ctx.FormString("file")

  70. 	attach, err := repo_model.GetAttachmentByUUID(ctx, file)

  71. 	if err != nil {

  72. 		ctx.Error(http.StatusBadRequest, err.Error())

  73. 		return

  74. 	}

  75. 	if !ctx.IsSigned || (ctx.Doer.ID != attach.UploaderID) {

  76. 		ctx.Error(http.StatusForbidden)

  77. 		return

  78. 	}

  79. 	err = repo_model.DeleteAttachment(attach, true)

  80. 	if err != nil {

  81. 		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("DeleteAttachment: %v", err))

  82. 		return

  83. 	}

  84. 	ctx.JSON(http.StatusOK, map[string]string{

  85. 		"uuid": attach.UUID,

  86. 	})

  87. }

  88. 

  89. // GetAttachment serve attachments

  90. func GetAttachment(ctx *context.Context) {

  91. 	attach, err := repo_model.GetAttachmentByUUID(ctx, ctx.Params(":uuid"))

  92. 	if err != nil {

  93. 		if repo_model.IsErrAttachmentNotExist(err) {

  94. 			ctx.Error(http.StatusNotFound)

  95. 		} else {

  96. 			ctx.ServerError("GetAttachmentByUUID", err)

  97. 		}

  98. 		return

  99. 	}

  100. 

  101. 	repository, unitType, err := repo_service.LinkedRepository(ctx, attach)

  102. 	if err != nil {

  103. 		ctx.ServerError("LinkedRepository", err)

  104. 		return

  105. 	}

  106. 

  107. 	if repository == nil { // If not linked

  108. 		if !(ctx.IsSigned && attach.UploaderID == ctx.Doer.ID) { // We block if not the uploader

  109. 			ctx.Error(http.StatusNotFound)

  110. 			return

  111. 		}

  112. 	} else { // If we have the repository we check access

  113. 		perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer)

  114. 		if err != nil {

  115. 			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error())

  116. 			return

  117. 		}

  118. 		if !perm.CanRead(unitType) {

  119. 			ctx.Error(http.StatusNotFound)

  120. 			return

  121. 		}

  122. 	}

  123. 

  124. 	if err := attach.IncreaseDownloadCount(); err != nil {

  125. 		ctx.ServerError("IncreaseDownloadCount", err)

  126. 		return

  127. 	}

  128. 

  129. 	if setting.Attachment.ServeDirect {

  130. 		// If we have a signed url (S3, object storage), redirect to this directly.

  131. 		u, err := storage.Attachments.URL(attach.RelativePath(), attach.Name)

  132. 

  133. 		if u != nil && err == nil {

  134. 			ctx.Redirect(u.String())

  135. 			return

  136. 		}

  137. 	}

  138. 

  139. 	if httpcache.HandleGenericETagCache(ctx.Req, ctx.Resp, `"`+attach.UUID+`"`) {

  140. 		return

  141. 	}

  142. 

  143. 	// If we have matched and access to release or issue

  144. 	fr, err := storage.Attachments.Open(attach.RelativePath())

  145. 	if err != nil {

  146. 		ctx.ServerError("Open", err)

  147. 		return

  148. 	}

  149. 	defer fr.Close()

  150. 

  151. 	if err = common.ServeData(ctx, attach.Name, attach.Size, fr); err != nil {

  152. 		ctx.ServerError("ServeData", err)

  153. 		return

  154. 	}

  155. }