mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7857 Commits
17 Branches
Tree: def84840db
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'def84840db'
${ noResults }
gitea/routers/private/hook.go

hook.go 8.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // Package private includes all internal routes. The package name internal is ideal but Golang is not allowed, so we use private as package name instead.

  6. package private

  7. 

  8. import (

  9. 	"fmt"

  10. 	"net/http"

  11. 	"os"

  12. 	"strings"

  13. 

  14. 	"code.gitea.io/gitea/models"

  15. 	"code.gitea.io/gitea/modules/git"

  16. 	"code.gitea.io/gitea/modules/log"

  17. 	"code.gitea.io/gitea/modules/private"

  18. 	"code.gitea.io/gitea/modules/repofiles"

  19. 	"code.gitea.io/gitea/modules/util"

  20. 

  21. 	macaron "gopkg.in/macaron.v1"

  22. )

  23. 

  24. // HookPreReceive checks whether a individual commit is acceptable

  25. func HookPreReceive(ctx *macaron.Context) {

  26. 	ownerName := ctx.Params(":owner")

  27. 	repoName := ctx.Params(":repo")

  28. 	oldCommitID := ctx.QueryTrim("old")

  29. 	newCommitID := ctx.QueryTrim("new")

  30. 	refFullName := ctx.QueryTrim("ref")

  31. 	userID := ctx.QueryInt64("userID")

  32. 	gitObjectDirectory := ctx.QueryTrim("gitObjectDirectory")

  33. 	gitAlternativeObjectDirectories := ctx.QueryTrim("gitAlternativeObjectDirectories")

  34. 	gitQuarantinePath := ctx.QueryTrim("gitQuarantinePath")

  35. 	prID := ctx.QueryInt64("prID")

  36. 

  37. 	branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)

  38. 	repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)

  39. 	if err != nil {

  40. 		log.Error("Unable to get repository: %s/%s Error: %v", ownerName, repoName, err)

  41. 		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  42. 			"err": err.Error(),

  43. 		})

  44. 		return

  45. 	}

  46. 	repo.OwnerName = ownerName

  47. 	protectBranch, err := models.GetProtectedBranchBy(repo.ID, branchName)

  48. 	if err != nil {

  49. 		log.Error("Unable to get protected branch: %s in %-v Error: %v", branchName, repo, err)

  50. 		ctx.JSON(500, map[string]interface{}{

  51. 			"err": err.Error(),

  52. 		})

  53. 		return

  54. 	}

  55. 	if protectBranch != nil && protectBranch.IsProtected() {

  56. 		// check and deletion

  57. 		if newCommitID == git.EmptySHA {

  58. 			log.Warn("Forbidden: Branch: %s in %-v is protected from deletion", branchName, repo)

  59. 			ctx.JSON(http.StatusForbidden, map[string]interface{}{

  60. 				"err": fmt.Sprintf("branch %s is protected from deletion", branchName),

  61. 			})

  62. 			return

  63. 		}

  64. 

  65. 		// detect force push

  66. 		if git.EmptySHA != oldCommitID {

  67. 			env := os.Environ()

  68. 			if gitAlternativeObjectDirectories != "" {

  69. 				env = append(env,

  70. 					private.GitAlternativeObjectDirectories+"="+gitAlternativeObjectDirectories)

  71. 			}

  72. 			if gitObjectDirectory != "" {

  73. 				env = append(env,

  74. 					private.GitObjectDirectory+"="+gitObjectDirectory)

  75. 			}

  76. 			if gitQuarantinePath != "" {

  77. 				env = append(env,

  78. 					private.GitQuarantinePath+"="+gitQuarantinePath)

  79. 			}

  80. 

  81. 			output, err := git.NewCommand("rev-list", "--max-count=1", oldCommitID, "^"+newCommitID).RunInDirWithEnv(repo.RepoPath(), env)

  82. 			if err != nil {

  83. 				log.Error("Unable to detect force push between: %s and %s in %-v Error: %v", oldCommitID, newCommitID, repo, err)

  84. 				ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  85. 					"err": fmt.Sprintf("Fail to detect force push: %v", err),

  86. 				})

  87. 				return

  88. 			} else if len(output) > 0 {

  89. 				log.Warn("Forbidden: Branch: %s in %-v is protected from force push", branchName, repo)

  90. 				ctx.JSON(http.StatusForbidden, map[string]interface{}{

  91. 					"err": fmt.Sprintf("branch %s is protected from force push", branchName),

  92. 				})

  93. 				return

  94. 

  95. 			}

  96. 		}

  97. 

  98. 		canPush := protectBranch.CanUserPush(userID)

  99. 		if !canPush && prID > 0 {

  100. 			pr, err := models.GetPullRequestByID(prID)

  101. 			if err != nil {

  102. 				log.Error("Unable to get PullRequest %d Error: %v", prID, err)

  103. 				ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  104. 					"err": fmt.Sprintf("Unable to get PullRequest %d Error: %v", prID, err),

  105. 				})

  106. 				return

  107. 			}

  108. 			if !protectBranch.HasEnoughApprovals(pr) {

  109. 				log.Warn("Forbidden: User %d cannot push to protected branch: %s in %-v and pr #%d does not have enough approvals", userID, branchName, repo, pr.Index)

  110. 				ctx.JSON(http.StatusForbidden, map[string]interface{}{

  111. 					"err": fmt.Sprintf("protected branch %s can not be pushed to and pr #%d does not have enough approvals", branchName, prID),

  112. 				})

  113. 				return

  114. 			}

  115. 		} else if !canPush {

  116. 			log.Warn("Forbidden: User %d cannot push to protected branch: %s in %-v", userID, branchName, repo)

  117. 			ctx.JSON(http.StatusForbidden, map[string]interface{}{

  118. 				"err": fmt.Sprintf("protected branch %s can not be pushed to", branchName),

  119. 			})

  120. 			return

  121. 		}

  122. 	}

  123. 	ctx.PlainText(http.StatusOK, []byte("ok"))

  124. }

  125. 

  126. // HookPostReceive updates services and users

  127. func HookPostReceive(ctx *macaron.Context) {

  128. 	ownerName := ctx.Params(":owner")

  129. 	repoName := ctx.Params(":repo")

  130. 	oldCommitID := ctx.Query("old")

  131. 	newCommitID := ctx.Query("new")

  132. 	refFullName := ctx.Query("ref")

  133. 	userID := ctx.QueryInt64("userID")

  134. 	userName := ctx.Query("username")

  135. 

  136. 	branch := refFullName

  137. 	if strings.HasPrefix(refFullName, git.BranchPrefix) {

  138. 		branch = strings.TrimPrefix(refFullName, git.BranchPrefix)

  139. 	} else if strings.HasPrefix(refFullName, git.TagPrefix) {

  140. 		branch = strings.TrimPrefix(refFullName, git.TagPrefix)

  141. 	}

  142. 

  143. 	// Only trigger activity updates for changes to branches or

  144. 	// tags.  Updates to other refs (eg, refs/notes, refs/changes,

  145. 	// or other less-standard refs spaces are ignored since there

  146. 	// may be a very large number of them).

  147. 	if strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {

  148. 		repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)

  149. 		if err != nil {

  150. 			log.Error("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err)

  151. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  152. 				"err": fmt.Sprintf("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err),

  153. 			})

  154. 			return

  155. 		}

  156. 		if err := repofiles.PushUpdate(repo, branch, models.PushUpdateOptions{

  157. 			RefFullName:  refFullName,

  158. 			OldCommitID:  oldCommitID,

  159. 			NewCommitID:  newCommitID,

  160. 			PusherID:     userID,

  161. 			PusherName:   userName,

  162. 			RepoUserName: ownerName,

  163. 			RepoName:     repoName,

  164. 		}); err != nil {

  165. 			log.Error("Failed to Update: %s/%s Branch: %s Error: %v", ownerName, repoName, branch, err)

  166. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  167. 				"err": fmt.Sprintf("Failed to Update: %s/%s Branch: %s Error: %v", ownerName, repoName, branch, err),

  168. 			})

  169. 			return

  170. 		}

  171. 	}

  172. 

  173. 	if newCommitID != git.EmptySHA && strings.HasPrefix(refFullName, git.BranchPrefix) {

  174. 		repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)

  175. 		if err != nil {

  176. 			log.Error("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err)

  177. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  178. 				"err": fmt.Sprintf("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err),

  179. 			})

  180. 			return

  181. 		}

  182. 		repo.OwnerName = ownerName

  183. 

  184. 		pullRequestAllowed := repo.AllowsPulls()

  185. 		if !pullRequestAllowed {

  186. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  187. 				"message": false,

  188. 			})

  189. 			return

  190. 		}

  191. 

  192. 		baseRepo := repo

  193. 		if repo.IsFork {

  194. 			if err := repo.GetBaseRepo(); err != nil {

  195. 				log.Error("Failed to get Base Repository of Forked repository: %-v Error: %v", repo, err)

  196. 				ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  197. 					"err": fmt.Sprintf("Failed to get Base Repository of Forked repository: %-v Error: %v", repo, err),

  198. 				})

  199. 				return

  200. 			}

  201. 			baseRepo = repo.BaseRepo

  202. 		}

  203. 

  204. 		if !repo.IsFork && branch == baseRepo.DefaultBranch {

  205. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  206. 				"message": false,

  207. 			})

  208. 			return

  209. 		}

  210. 

  211. 		pr, err := models.GetUnmergedPullRequest(repo.ID, baseRepo.ID, branch, baseRepo.DefaultBranch)

  212. 		if err != nil && !models.IsErrPullRequestNotExist(err) {

  213. 			log.Error("Failed to get active PR in: %-v Branch: %s to: %-v Branch: %s Error: %v", repo, branch, baseRepo, baseRepo.DefaultBranch, err)

  214. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  215. 				"err": fmt.Sprintf(

  216. 					"Failed to get active PR in: %-v Branch: %s to: %-v Branch: %s Error: %v", repo, branch, baseRepo, baseRepo.DefaultBranch, err),

  217. 			})

  218. 			return

  219. 		}

  220. 

  221. 		if pr == nil {

  222. 			if repo.IsFork {

  223. 				branch = fmt.Sprintf("%s:%s", repo.OwnerName, branch)

  224. 			}

  225. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  226. 				"message": true,

  227. 				"create":  true,

  228. 				"branch":  branch,

  229. 				"url":     fmt.Sprintf("%s/compare/%s...%s", baseRepo.HTMLURL(), util.PathEscapeSegments(baseRepo.DefaultBranch), util.PathEscapeSegments(branch)),

  230. 			})

  231. 		} else {

  232. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  233. 				"message": true,

  234. 				"create":  false,

  235. 				"branch":  branch,

  236. 				"url":     fmt.Sprintf("%s/pulls/%d", baseRepo.HTMLURL(), pr.Index),

  237. 			})

  238. 		}

  239. 		return

  240. 	}

  241. 	ctx.JSON(http.StatusOK, map[string]interface{}{

  242. 		"message": false,

  243. 	})

  244. }