123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455 |
- // Copyright 2023 The Gitea Authors. All rights reserved.
- // SPDX-License-Identifier: MIT
-
- package repository
-
- import (
- "context"
- "fmt"
-
- "code.gitea.io/gitea/models"
- actions_model "code.gitea.io/gitea/models/actions"
- activities_model "code.gitea.io/gitea/models/activities"
- admin_model "code.gitea.io/gitea/models/admin"
- asymkey_model "code.gitea.io/gitea/models/asymkey"
- "code.gitea.io/gitea/models/db"
- git_model "code.gitea.io/gitea/models/git"
- issues_model "code.gitea.io/gitea/models/issues"
- "code.gitea.io/gitea/models/organization"
- access_model "code.gitea.io/gitea/models/perm/access"
- project_model "code.gitea.io/gitea/models/project"
- repo_model "code.gitea.io/gitea/models/repo"
- secret_model "code.gitea.io/gitea/models/secret"
- system_model "code.gitea.io/gitea/models/system"
- user_model "code.gitea.io/gitea/models/user"
- "code.gitea.io/gitea/models/webhook"
- actions_module "code.gitea.io/gitea/modules/actions"
- "code.gitea.io/gitea/modules/lfs"
- "code.gitea.io/gitea/modules/log"
- "code.gitea.io/gitea/modules/storage"
- asymkey_service "code.gitea.io/gitea/services/asymkey"
-
- "xorm.io/builder"
- )
-
- // DeleteRepository deletes a repository for a user or organization.
- // make sure if you call this func to close open sessions (sqlite will otherwise get a deadlock)
- func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID int64, ignoreOrgTeams ...bool) error {
- ctx, committer, err := db.TxContext(ctx)
- if err != nil {
- return err
- }
- defer committer.Close()
- sess := db.GetEngine(ctx)
-
- repo := &repo_model.Repository{}
- has, err := sess.ID(repoID).Get(repo)
- if err != nil {
- return err
- } else if !has {
- return repo_model.ErrRepoNotExist{
- ID: repoID,
- OwnerName: "",
- Name: "",
- }
- }
-
- // Query the action tasks of this repo, they will be needed after they have been deleted to remove the logs
- tasks, err := db.Find[actions_model.ActionTask](ctx, actions_model.FindTaskOptions{RepoID: repoID})
- if err != nil {
- return fmt.Errorf("find actions tasks of repo %v: %w", repoID, err)
- }
-
- // Query the artifacts of this repo, they will be needed after they have been deleted to remove artifacts files in ObjectStorage
- artifacts, err := db.Find[actions_model.ActionArtifact](ctx, actions_model.FindArtifactsOptions{RepoID: repoID})
- if err != nil {
- return fmt.Errorf("list actions artifacts of repo %v: %w", repoID, err)
- }
-
- // In case owner is a organization, we have to change repo specific teams
- // if ignoreOrgTeams is not true
- var org *user_model.User
- if len(ignoreOrgTeams) == 0 || !ignoreOrgTeams[0] {
- if org, err = user_model.GetUserByID(ctx, repo.OwnerID); err != nil {
- return err
- }
- }
-
- // Delete Deploy Keys
- deployKeys, err := db.Find[asymkey_model.DeployKey](ctx, asymkey_model.ListDeployKeysOptions{RepoID: repoID})
- if err != nil {
- return fmt.Errorf("listDeployKeys: %w", err)
- }
- needRewriteKeysFile := len(deployKeys) > 0
- for _, dKey := range deployKeys {
- if err := models.DeleteDeployKey(ctx, doer, dKey.ID); err != nil {
- return fmt.Errorf("deleteDeployKeys: %w", err)
- }
- }
-
- if cnt, err := sess.ID(repoID).Delete(&repo_model.Repository{}); err != nil {
- return err
- } else if cnt != 1 {
- return repo_model.ErrRepoNotExist{
- ID: repoID,
- OwnerName: "",
- Name: "",
- }
- }
-
- if org != nil && org.IsOrganization() {
- teams, err := organization.FindOrgTeams(ctx, org.ID)
- if err != nil {
- return err
- }
- for _, t := range teams {
- if !organization.HasTeamRepo(ctx, t.OrgID, t.ID, repoID) {
- continue
- } else if err = removeRepositoryFromTeam(ctx, t, repo, false); err != nil {
- return err
- }
- }
- }
-
- attachments := make([]*repo_model.Attachment, 0, 20)
- if err = sess.Join("INNER", "`release`", "`release`.id = `attachment`.release_id").
- Where("`release`.repo_id = ?", repoID).
- Find(&attachments); err != nil {
- return err
- }
- releaseAttachments := make([]string, 0, len(attachments))
- for i := 0; i < len(attachments); i++ {
- releaseAttachments = append(releaseAttachments, attachments[i].RelativePath())
- }
-
- if _, err := db.Exec(ctx, "UPDATE `user` SET num_stars=num_stars-1 WHERE id IN (SELECT `uid` FROM `star` WHERE repo_id = ?)", repo.ID); err != nil {
- return err
- }
-
- if _, err := db.GetEngine(ctx).In("hook_id", builder.Select("id").From("webhook").Where(builder.Eq{"webhook.repo_id": repo.ID})).
- Delete(&webhook.HookTask{}); err != nil {
- return err
- }
-
- if err := db.DeleteBeans(ctx,
- &access_model.Access{RepoID: repo.ID},
- &activities_model.Action{RepoID: repo.ID},
- &repo_model.Collaboration{RepoID: repoID},
- &issues_model.Comment{RefRepoID: repoID},
- &git_model.CommitStatus{RepoID: repoID},
- &git_model.Branch{RepoID: repoID},
- &git_model.LFSLock{RepoID: repoID},
- &repo_model.LanguageStat{RepoID: repoID},
- &issues_model.Milestone{RepoID: repoID},
- &repo_model.Mirror{RepoID: repoID},
- &activities_model.Notification{RepoID: repoID},
- &git_model.ProtectedBranch{RepoID: repoID},
- &git_model.ProtectedTag{RepoID: repoID},
- &repo_model.PushMirror{RepoID: repoID},
- &repo_model.Release{RepoID: repoID},
- &repo_model.RepoIndexerStatus{RepoID: repoID},
- &repo_model.Redirect{RedirectRepoID: repoID},
- &repo_model.RepoUnit{RepoID: repoID},
- &repo_model.Star{RepoID: repoID},
- &admin_model.Task{RepoID: repoID},
- &repo_model.Watch{RepoID: repoID},
- &webhook.Webhook{RepoID: repoID},
- &secret_model.Secret{RepoID: repoID},
- &actions_model.ActionTaskStep{RepoID: repoID},
- &actions_model.ActionTask{RepoID: repoID},
- &actions_model.ActionRunJob{RepoID: repoID},
- &actions_model.ActionRun{RepoID: repoID},
- &actions_model.ActionRunner{RepoID: repoID},
- &actions_model.ActionScheduleSpec{RepoID: repoID},
- &actions_model.ActionSchedule{RepoID: repoID},
- &actions_model.ActionArtifact{RepoID: repoID},
- ); err != nil {
- return fmt.Errorf("deleteBeans: %w", err)
- }
-
- // Delete Labels and related objects
- if err := issues_model.DeleteLabelsByRepoID(ctx, repoID); err != nil {
- return err
- }
-
- // Delete Pulls and related objects
- if err := issues_model.DeletePullsByBaseRepoID(ctx, repoID); err != nil {
- return err
- }
-
- // Delete Issues and related objects
- var attachmentPaths []string
- if attachmentPaths, err = issues_model.DeleteIssuesByRepoID(ctx, repoID); err != nil {
- return err
- }
-
- // Delete issue index
- if err := db.DeleteResourceIndex(ctx, "issue_index", repoID); err != nil {
- return err
- }
-
- if repo.IsFork {
- if _, err := db.Exec(ctx, "UPDATE `repository` SET num_forks=num_forks-1 WHERE id=?", repo.ForkID); err != nil {
- return fmt.Errorf("decrease fork count: %w", err)
- }
- }
-
- if _, err := db.Exec(ctx, "UPDATE `user` SET num_repos=num_repos-1 WHERE id=?", repo.OwnerID); err != nil {
- return err
- }
-
- if len(repo.Topics) > 0 {
- if err := repo_model.RemoveTopicsFromRepo(ctx, repo.ID); err != nil {
- return err
- }
- }
-
- if err := project_model.DeleteProjectByRepoID(ctx, repoID); err != nil {
- return fmt.Errorf("unable to delete projects for repo[%d]: %w", repoID, err)
- }
-
- // Remove LFS objects
- var lfsObjects []*git_model.LFSMetaObject
- if err = sess.Where("repository_id=?", repoID).Find(&lfsObjects); err != nil {
- return err
- }
-
- lfsPaths := make([]string, 0, len(lfsObjects))
- for _, v := range lfsObjects {
- count, err := db.CountByBean(ctx, &git_model.LFSMetaObject{Pointer: lfs.Pointer{Oid: v.Oid}})
- if err != nil {
- return err
- }
- if count > 1 {
- continue
- }
-
- lfsPaths = append(lfsPaths, v.RelativePath())
- }
-
- if _, err := db.DeleteByBean(ctx, &git_model.LFSMetaObject{RepositoryID: repoID}); err != nil {
- return err
- }
-
- // Remove archives
- var archives []*repo_model.RepoArchiver
- if err = sess.Where("repo_id=?", repoID).Find(&archives); err != nil {
- return err
- }
-
- archivePaths := make([]string, 0, len(archives))
- for _, v := range archives {
- archivePaths = append(archivePaths, v.RelativePath())
- }
-
- if _, err := db.DeleteByBean(ctx, &repo_model.RepoArchiver{RepoID: repoID}); err != nil {
- return err
- }
-
- if repo.NumForks > 0 {
- if _, err = sess.Exec("UPDATE `repository` SET fork_id=0,is_fork=? WHERE fork_id=?", false, repo.ID); err != nil {
- log.Error("reset 'fork_id' and 'is_fork': %v", err)
- }
- }
-
- // Get all attachments with both issue_id and release_id are zero
- var newAttachments []*repo_model.Attachment
- if err := sess.Where(builder.Eq{
- "repo_id": repo.ID,
- "issue_id": 0,
- "release_id": 0,
- }).Find(&newAttachments); err != nil {
- return err
- }
-
- newAttachmentPaths := make([]string, 0, len(newAttachments))
- for _, attach := range newAttachments {
- newAttachmentPaths = append(newAttachmentPaths, attach.RelativePath())
- }
-
- if _, err := sess.Where("repo_id=?", repo.ID).Delete(new(repo_model.Attachment)); err != nil {
- return err
- }
-
- if err = committer.Commit(); err != nil {
- return err
- }
-
- committer.Close()
-
- if needRewriteKeysFile {
- if err := asymkey_service.RewriteAllPublicKeys(ctx); err != nil {
- log.Error("RewriteAllPublicKeys failed: %v", err)
- }
- }
-
- // We should always delete the files after the database transaction succeed. If
- // we delete the file but the database rollback, the repository will be broken.
-
- // Remove repository files.
- repoPath := repo.RepoPath()
- system_model.RemoveAllWithNotice(ctx, "Delete repository files", repoPath)
-
- // Remove wiki files
- if repo.HasWiki() {
- system_model.RemoveAllWithNotice(ctx, "Delete repository wiki", repo.WikiPath())
- }
-
- // Remove archives
- for _, archive := range archivePaths {
- system_model.RemoveStorageWithNotice(ctx, storage.RepoArchives, "Delete repo archive file", archive)
- }
-
- // Remove lfs objects
- for _, lfsObj := range lfsPaths {
- system_model.RemoveStorageWithNotice(ctx, storage.LFS, "Delete orphaned LFS file", lfsObj)
- }
-
- // Remove issue attachment files.
- for _, attachment := range attachmentPaths {
- system_model.RemoveStorageWithNotice(ctx, storage.Attachments, "Delete issue attachment", attachment)
- }
-
- // Remove release attachment files.
- for _, releaseAttachment := range releaseAttachments {
- system_model.RemoveStorageWithNotice(ctx, storage.Attachments, "Delete release attachment", releaseAttachment)
- }
-
- // Remove attachment with no issue_id and release_id.
- for _, newAttachment := range newAttachmentPaths {
- system_model.RemoveStorageWithNotice(ctx, storage.Attachments, "Delete issue attachment", newAttachment)
- }
-
- if len(repo.Avatar) > 0 {
- if err := storage.RepoAvatars.Delete(repo.CustomAvatarRelativePath()); err != nil {
- return fmt.Errorf("Failed to remove %s: %w", repo.Avatar, err)
- }
- }
-
- // Finally, delete action logs after the actions have already been deleted to avoid new log files
- for _, task := range tasks {
- err := actions_module.RemoveLogs(ctx, task.LogInStorage, task.LogFilename)
- if err != nil {
- log.Error("remove log file %q: %v", task.LogFilename, err)
- // go on
- }
- }
-
- // delete actions artifacts in ObjectStorage after the repo have already been deleted
- for _, art := range artifacts {
- if err := storage.ActionsArtifacts.Delete(art.StoragePath); err != nil {
- log.Error("remove artifact file %q: %v", art.StoragePath, err)
- // go on
- }
- }
-
- return nil
- }
-
- // removeRepositoryFromTeam removes a repository from a team and recalculates access
- // Note: Repository shall not be removed from team if it includes all repositories (unless the repository is deleted)
- func removeRepositoryFromTeam(ctx context.Context, t *organization.Team, repo *repo_model.Repository, recalculate bool) (err error) {
- e := db.GetEngine(ctx)
- if err = organization.RemoveTeamRepo(ctx, t.ID, repo.ID); err != nil {
- return err
- }
-
- t.NumRepos--
- if _, err = e.ID(t.ID).Cols("num_repos").Update(t); err != nil {
- return err
- }
-
- // Don't need to recalculate when delete a repository from organization.
- if recalculate {
- if err = access_model.RecalculateTeamAccesses(ctx, repo, t.ID); err != nil {
- return err
- }
- }
-
- teamMembers, err := organization.GetTeamMembers(ctx, &organization.SearchMembersOptions{
- TeamID: t.ID,
- })
- if err != nil {
- return fmt.Errorf("GetTeamMembers: %w", err)
- }
- for _, member := range teamMembers {
- has, err := access_model.HasAccess(ctx, member.ID, repo)
- if err != nil {
- return err
- } else if has {
- continue
- }
-
- if err = repo_model.WatchRepo(ctx, member, repo, false); err != nil {
- return err
- }
-
- // Remove all IssueWatches a user has subscribed to in the repositories
- if err := issues_model.RemoveIssueWatchersByRepoID(ctx, member.ID, repo.ID); err != nil {
- return err
- }
- }
-
- return nil
- }
-
- // HasRepository returns true if given repository belong to team.
- func HasRepository(ctx context.Context, t *organization.Team, repoID int64) bool {
- return organization.HasTeamRepo(ctx, t.OrgID, t.ID, repoID)
- }
-
- // RemoveRepositoryFromTeam removes repository from team of organization.
- // If the team shall include all repositories the request is ignored.
- func RemoveRepositoryFromTeam(ctx context.Context, t *organization.Team, repoID int64) error {
- if !HasRepository(ctx, t, repoID) {
- return nil
- }
-
- if t.IncludesAllRepositories {
- return nil
- }
-
- repo, err := repo_model.GetRepositoryByID(ctx, repoID)
- if err != nil {
- return err
- }
-
- ctx, committer, err := db.TxContext(ctx)
- if err != nil {
- return err
- }
- defer committer.Close()
-
- if err = removeRepositoryFromTeam(ctx, t, repo, true); err != nil {
- return err
- }
-
- return committer.Commit()
- }
-
- // DeleteOwnerRepositoriesDirectly calls DeleteRepositoryDirectly for all repos of the given owner
- func DeleteOwnerRepositoriesDirectly(ctx context.Context, owner *user_model.User) error {
- for {
- repos, _, err := repo_model.GetUserRepositories(ctx, &repo_model.SearchRepoOptions{
- ListOptions: db.ListOptions{
- PageSize: repo_model.RepositoryListDefaultPageSize,
- Page: 1,
- },
- Private: true,
- OwnerID: owner.ID,
- Actor: owner,
- })
- if err != nil {
- return fmt.Errorf("GetUserRepositories: %w", err)
- }
- if len(repos) == 0 {
- break
- }
- for _, repo := range repos {
- if err := DeleteRepositoryDirectly(ctx, owner, repo.ID); err != nil {
- return fmt.Errorf("unable to delete repository %s for %s[%d]. Error: %w", repo.Name, owner.Name, owner.ID, err)
- }
- }
- }
- return nil
- }
|