mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8488 Commits
17 Branches
Tree: bac4b78e09
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bac4b78e09'
${ noResults }
gitea/routers/private/hook.go

hook.go 8.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // Package private includes all internal routes. The package name internal is ideal but Golang is not allowed, so we use private as package name instead.

  6. package private

  7. 

  8. import (

  9. 	"fmt"

  10. 	"net/http"

  11. 	"os"

  12. 	"strings"

  13. 

  14. 	"code.gitea.io/gitea/models"

  15. 	"code.gitea.io/gitea/modules/git"

  16. 	"code.gitea.io/gitea/modules/log"

  17. 	"code.gitea.io/gitea/modules/private"

  18. 	"code.gitea.io/gitea/modules/repofiles"

  19. 	"code.gitea.io/gitea/modules/util"

  20. 

  21. 	"gitea.com/macaron/macaron"

  22. )

  23. 

  24. // HookPreReceive checks whether a individual commit is acceptable

  25. func HookPreReceive(ctx *macaron.Context) {

  26. 	ownerName := ctx.Params(":owner")

  27. 	repoName := ctx.Params(":repo")

  28. 	oldCommitID := ctx.QueryTrim("old")

  29. 	newCommitID := ctx.QueryTrim("new")

  30. 	refFullName := ctx.QueryTrim("ref")

  31. 	userID := ctx.QueryInt64("userID")

  32. 	gitObjectDirectory := ctx.QueryTrim("gitObjectDirectory")

  33. 	gitAlternativeObjectDirectories := ctx.QueryTrim("gitAlternativeObjectDirectories")

  34. 	gitQuarantinePath := ctx.QueryTrim("gitQuarantinePath")

  35. 	prID := ctx.QueryInt64("prID")

  36. 	isDeployKey := ctx.QueryBool("isDeployKey")

  37. 

  38. 	branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)

  39. 	repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)

  40. 	if err != nil {

  41. 		log.Error("Unable to get repository: %s/%s Error: %v", ownerName, repoName, err)

  42. 		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  43. 			"err": err.Error(),

  44. 		})

  45. 		return

  46. 	}

  47. 	repo.OwnerName = ownerName

  48. 	protectBranch, err := models.GetProtectedBranchBy(repo.ID, branchName)

  49. 	if err != nil {

  50. 		log.Error("Unable to get protected branch: %s in %-v Error: %v", branchName, repo, err)

  51. 		ctx.JSON(500, map[string]interface{}{

  52. 			"err": err.Error(),

  53. 		})

  54. 		return

  55. 	}

  56. 	if protectBranch != nil && protectBranch.IsProtected() {

  57. 		// check and deletion

  58. 		if newCommitID == git.EmptySHA {

  59. 			log.Warn("Forbidden: Branch: %s in %-v is protected from deletion", branchName, repo)

  60. 			ctx.JSON(http.StatusForbidden, map[string]interface{}{

  61. 				"err": fmt.Sprintf("branch %s is protected from deletion", branchName),

  62. 			})

  63. 			return

  64. 		}

  65. 

  66. 		// detect force push

  67. 		if git.EmptySHA != oldCommitID {

  68. 			env := os.Environ()

  69. 			if gitAlternativeObjectDirectories != "" {

  70. 				env = append(env,

  71. 					private.GitAlternativeObjectDirectories+"="+gitAlternativeObjectDirectories)

  72. 			}

  73. 			if gitObjectDirectory != "" {

  74. 				env = append(env,

  75. 					private.GitObjectDirectory+"="+gitObjectDirectory)

  76. 			}

  77. 			if gitQuarantinePath != "" {

  78. 				env = append(env,

  79. 					private.GitQuarantinePath+"="+gitQuarantinePath)

  80. 			}

  81. 

  82. 			output, err := git.NewCommand("rev-list", "--max-count=1", oldCommitID, "^"+newCommitID).RunInDirWithEnv(repo.RepoPath(), env)

  83. 			if err != nil {

  84. 				log.Error("Unable to detect force push between: %s and %s in %-v Error: %v", oldCommitID, newCommitID, repo, err)

  85. 				ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  86. 					"err": fmt.Sprintf("Fail to detect force push: %v", err),

  87. 				})

  88. 				return

  89. 			} else if len(output) > 0 {

  90. 				log.Warn("Forbidden: Branch: %s in %-v is protected from force push", branchName, repo)

  91. 				ctx.JSON(http.StatusForbidden, map[string]interface{}{

  92. 					"err": fmt.Sprintf("branch %s is protected from force push", branchName),

  93. 				})

  94. 				return

  95. 

  96. 			}

  97. 		}

  98. 

  99. 		canPush := false

  100. 		if isDeployKey {

  101. 			canPush = protectBranch.CanPush && (!protectBranch.EnableWhitelist || protectBranch.WhitelistDeployKeys)

  102. 		} else {

  103. 			canPush = protectBranch.CanUserPush(userID)

  104. 		}

  105. 		if !canPush && prID > 0 {

  106. 			pr, err := models.GetPullRequestByID(prID)

  107. 			if err != nil {

  108. 				log.Error("Unable to get PullRequest %d Error: %v", prID, err)

  109. 				ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  110. 					"err": fmt.Sprintf("Unable to get PullRequest %d Error: %v", prID, err),

  111. 				})

  112. 				return

  113. 			}

  114. 			if !protectBranch.HasEnoughApprovals(pr) {

  115. 				log.Warn("Forbidden: User %d cannot push to protected branch: %s in %-v and pr #%d does not have enough approvals", userID, branchName, repo, pr.Index)

  116. 				ctx.JSON(http.StatusForbidden, map[string]interface{}{

  117. 					"err": fmt.Sprintf("protected branch %s can not be pushed to and pr #%d does not have enough approvals", branchName, prID),

  118. 				})

  119. 				return

  120. 			}

  121. 		} else if !canPush {

  122. 			log.Warn("Forbidden: User %d cannot push to protected branch: %s in %-v", userID, branchName, repo)

  123. 			ctx.JSON(http.StatusForbidden, map[string]interface{}{

  124. 				"err": fmt.Sprintf("protected branch %s can not be pushed to", branchName),

  125. 			})

  126. 			return

  127. 		}

  128. 	}

  129. 	ctx.PlainText(http.StatusOK, []byte("ok"))

  130. }

  131. 

  132. // HookPostReceive updates services and users

  133. func HookPostReceive(ctx *macaron.Context) {

  134. 	ownerName := ctx.Params(":owner")

  135. 	repoName := ctx.Params(":repo")

  136. 	oldCommitID := ctx.Query("old")

  137. 	newCommitID := ctx.Query("new")

  138. 	refFullName := ctx.Query("ref")

  139. 	userID := ctx.QueryInt64("userID")

  140. 	userName := ctx.Query("username")

  141. 

  142. 	branch := refFullName

  143. 	if strings.HasPrefix(refFullName, git.BranchPrefix) {

  144. 		branch = strings.TrimPrefix(refFullName, git.BranchPrefix)

  145. 	} else if strings.HasPrefix(refFullName, git.TagPrefix) {

  146. 		branch = strings.TrimPrefix(refFullName, git.TagPrefix)

  147. 	}

  148. 

  149. 	// Only trigger activity updates for changes to branches or

  150. 	// tags.  Updates to other refs (eg, refs/notes, refs/changes,

  151. 	// or other less-standard refs spaces are ignored since there

  152. 	// may be a very large number of them).

  153. 	if strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {

  154. 		repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)

  155. 		if err != nil {

  156. 			log.Error("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err)

  157. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  158. 				"err": fmt.Sprintf("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err),

  159. 			})

  160. 			return

  161. 		}

  162. 		if err := repofiles.PushUpdate(repo, branch, repofiles.PushUpdateOptions{

  163. 			RefFullName:  refFullName,

  164. 			OldCommitID:  oldCommitID,

  165. 			NewCommitID:  newCommitID,

  166. 			PusherID:     userID,

  167. 			PusherName:   userName,

  168. 			RepoUserName: ownerName,

  169. 			RepoName:     repoName,

  170. 		}); err != nil {

  171. 			log.Error("Failed to Update: %s/%s Branch: %s Error: %v", ownerName, repoName, branch, err)

  172. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  173. 				"err": fmt.Sprintf("Failed to Update: %s/%s Branch: %s Error: %v", ownerName, repoName, branch, err),

  174. 			})

  175. 			return

  176. 		}

  177. 	}

  178. 

  179. 	if newCommitID != git.EmptySHA && strings.HasPrefix(refFullName, git.BranchPrefix) {

  180. 		repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)

  181. 		if err != nil {

  182. 			log.Error("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err)

  183. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  184. 				"err": fmt.Sprintf("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err),

  185. 			})

  186. 			return

  187. 		}

  188. 		repo.OwnerName = ownerName

  189. 

  190. 		pullRequestAllowed := repo.AllowsPulls()

  191. 		if !pullRequestAllowed {

  192. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  193. 				"message": false,

  194. 			})

  195. 			return

  196. 		}

  197. 

  198. 		baseRepo := repo

  199. 		if repo.IsFork {

  200. 			if err := repo.GetBaseRepo(); err != nil {

  201. 				log.Error("Failed to get Base Repository of Forked repository: %-v Error: %v", repo, err)

  202. 				ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  203. 					"err": fmt.Sprintf("Failed to get Base Repository of Forked repository: %-v Error: %v", repo, err),

  204. 				})

  205. 				return

  206. 			}

  207. 			baseRepo = repo.BaseRepo

  208. 		}

  209. 

  210. 		if !repo.IsFork && branch == baseRepo.DefaultBranch {

  211. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  212. 				"message": false,

  213. 			})

  214. 			return

  215. 		}

  216. 

  217. 		pr, err := models.GetUnmergedPullRequest(repo.ID, baseRepo.ID, branch, baseRepo.DefaultBranch)

  218. 		if err != nil && !models.IsErrPullRequestNotExist(err) {

  219. 			log.Error("Failed to get active PR in: %-v Branch: %s to: %-v Branch: %s Error: %v", repo, branch, baseRepo, baseRepo.DefaultBranch, err)

  220. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  221. 				"err": fmt.Sprintf(

  222. 					"Failed to get active PR in: %-v Branch: %s to: %-v Branch: %s Error: %v", repo, branch, baseRepo, baseRepo.DefaultBranch, err),

  223. 			})

  224. 			return

  225. 		}

  226. 

  227. 		if pr == nil {

  228. 			if repo.IsFork {

  229. 				branch = fmt.Sprintf("%s:%s", repo.OwnerName, branch)

  230. 			}

  231. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  232. 				"message": true,

  233. 				"create":  true,

  234. 				"branch":  branch,

  235. 				"url":     fmt.Sprintf("%s/compare/%s...%s", baseRepo.HTMLURL(), util.PathEscapeSegments(baseRepo.DefaultBranch), util.PathEscapeSegments(branch)),

  236. 			})

  237. 		} else {

  238. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  239. 				"message": true,

  240. 				"create":  false,

  241. 				"branch":  branch,

  242. 				"url":     fmt.Sprintf("%s/pulls/%d", baseRepo.HTMLURL(), pr.Index),

  243. 			})

  244. 		}

  245. 		return

  246. 	}

  247. 	ctx.JSON(http.StatusOK, map[string]interface{}{

  248. 		"message": false,

  249. 	})

  250. }