gitea/routers/private/internal.go

// Copyright 2017 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

// Package private includes all internal routes. The package name internal is ideal but Golang is not allowed, so we use private as package name instead.
package private

import (
	"strings"

	"code.gitea.io/gitea/modules/log"
	"code.gitea.io/gitea/modules/private"
	"code.gitea.io/gitea/modules/setting"

	"gitea.com/macaron/binding"
	"gitea.com/macaron/macaron"
)

// CheckInternalToken check internal token is set
func CheckInternalToken(ctx *macaron.Context) {
	tokens := ctx.Req.Header.Get("Authorization")
	fields := strings.Fields(tokens)
	if len(fields) != 2 || fields[0] != "Bearer" || fields[1] != setting.InternalToken {
		log.Debug("Forbidden attempt to access internal url: Authorization header: %s", tokens)
		ctx.Error(403)
	}
}

// RegisterRoutes registers all internal APIs routes to web application.
// These APIs will be invoked by internal commands for example `gitea serv` and etc.
func RegisterRoutes(m *macaron.Macaron) {
	bind := binding.Bind

	m.Group("/", func() {
		m.Post("/ssh/authorized_keys", AuthorizedPublicKeyByContent)
		m.Post("/ssh/:id/update/:repoid", UpdatePublicKeyInRepo)
		m.Post("/hook/pre-receive/:owner/:repo", bind(private.HookOptions{}), HookPreReceive)
		m.Post("/hook/post-receive/:owner/:repo", bind(private.HookOptions{}), HookPostReceive)
		m.Post("/hook/set-default-branch/:owner/:repo/:branch", SetDefaultBranch)
		m.Get("/serv/none/:keyid", ServNoCommand)
		m.Get("/serv/command/:keyid/:owner/:repo", ServCommand)
		m.Post("/manager/shutdown", Shutdown)
		m.Post("/manager/restart", Restart)
		m.Post("/manager/flush-queues", bind(private.FlushOptions{}), FlushQueues)

	}, CheckInternalToken)
}
Add internal routes for ssh hook comands (#1471) * add internal routes for ssh hook comands * fix lint * add comment on why package named private not internal but the route name is internal * add comment above package private why package named private not internal but the route name is internal * remove exp time on internal access * move routes from /internal to /api/internal * add comment and defer on UpdatePublicKeyUpdated 2017-04-19 03:45:01 +00:00			`// Copyright 2017 The Gitea Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`// Package private includes all internal routes. The package name internal is ideal but Golang is not allowed, so we use private as package name instead.`
			`package private`

			`import (`
			`"strings"`

Use Req.URL.RequestURI() to cope with FCGI urls (#9473) * Use Req.URL.RequestURI() to cope with FCGI urls * Add debug logging statement when forbidden in internal API. 2019-12-24 00:11:12 +00:00			`"code.gitea.io/gitea/modules/log"`
Batch hook pre- and post-receive calls (#8602) * make notifyWatchers work on multiple actions * more efficient multiple notifyWatchers * Make CommitRepoAction take advantage of multiple actions * Batch post and pre-receive results * Set batch to 30 * Auto adjust timeout & add logging * adjust processing message * Add some messages to pre-receive * Make any non-200 status code from pre-receive an error * Add missing hookPrintResults * Remove shortcut for single action * mistaken merge fix * oops * Move master branch to the front * If repo was empty and the master branch is pushed ensure that that is set as the default branch * fixup * fixup * Missed HookOptions in setdefaultbranch * Batch PushUpdateAddTag and PushUpdateDelTag Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2019-12-26 11:29:45 +00:00			`"code.gitea.io/gitea/modules/private"`
Add internal routes for ssh hook comands (#1471) * add internal routes for ssh hook comands * fix lint * add comment on why package named private not internal but the route name is internal * add comment above package private why package named private not internal but the route name is internal * remove exp time on internal access * move routes from /internal to /api/internal * add comment and defer on UpdatePublicKeyUpdated 2017-04-19 03:45:01 +00:00			`"code.gitea.io/gitea/modules/setting"`
Drop db operations from hook commands (#1514) * move all database operations from hook command to web command and instead of internal routes * bug fixed * adjust the import path sequences * remove unused return value on hookSetup 2017-05-04 05:42:02 +00:00
Batch hook pre- and post-receive calls (#8602) * make notifyWatchers work on multiple actions * more efficient multiple notifyWatchers * Make CommitRepoAction take advantage of multiple actions * Batch post and pre-receive results * Set batch to 30 * Auto adjust timeout & add logging * adjust processing message * Add some messages to pre-receive * Make any non-200 status code from pre-receive an error * Add missing hookPrintResults * Remove shortcut for single action * mistaken merge fix * oops * Move master branch to the front * If repo was empty and the master branch is pushed ensure that that is set as the default branch * fixup * fixup * Missed HookOptions in setdefaultbranch * Batch PushUpdateAddTag and PushUpdateDelTag Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2019-12-26 11:29:45 +00:00			`"gitea.com/macaron/binding"`
Use gitea forked macaron (#7933) Signed-off-by: Tamal Saha <tamal@appscode.com> 2019-08-23 16:40:30 +00:00			`"gitea.com/macaron/macaron"`
Add internal routes for ssh hook comands (#1471) * add internal routes for ssh hook comands * fix lint * add comment on why package named private not internal but the route name is internal * add comment above package private why package named private not internal but the route name is internal * remove exp time on internal access * move routes from /internal to /api/internal * add comment and defer on UpdatePublicKeyUpdated 2017-04-19 03:45:01 +00:00			`)`

			`// CheckInternalToken check internal token is set`
			`func CheckInternalToken(ctx *macaron.Context) {`
			`tokens := ctx.Req.Header.Get("Authorization")`
			`fields := strings.Fields(tokens)`
			`if len(fields) != 2 \|\| fields[0] != "Bearer" \|\| fields[1] != setting.InternalToken {`
Use Req.URL.RequestURI() to cope with FCGI urls (#9473) * Use Req.URL.RequestURI() to cope with FCGI urls * Add debug logging statement when forbidden in internal API. 2019-12-24 00:11:12 +00:00			`log.Debug("Forbidden attempt to access internal url: Authorization header: %s", tokens)`
Add internal routes for ssh hook comands (#1471) * add internal routes for ssh hook comands * fix lint * add comment on why package named private not internal but the route name is internal * add comment above package private why package named private not internal but the route name is internal * remove exp time on internal access * move routes from /internal to /api/internal * add comment and defer on UpdatePublicKeyUpdated 2017-04-19 03:45:01 +00:00			`ctx.Error(403)`
			`}`
			`}`

			`// RegisterRoutes registers all internal APIs routes to web application.`
			// These APIs will be invoked by internal commands for example `gitea serv` and etc.
			`func RegisterRoutes(m *macaron.Macaron) {`
Batch hook pre- and post-receive calls (#8602) * make notifyWatchers work on multiple actions * more efficient multiple notifyWatchers * Make CommitRepoAction take advantage of multiple actions * Batch post and pre-receive results * Set batch to 30 * Auto adjust timeout & add logging * adjust processing message * Add some messages to pre-receive * Make any non-200 status code from pre-receive an error * Add missing hookPrintResults * Remove shortcut for single action * mistaken merge fix * oops * Move master branch to the front * If repo was empty and the master branch is pushed ensure that that is set as the default branch * fixup * fixup * Missed HookOptions in setdefaultbranch * Batch PushUpdateAddTag and PushUpdateDelTag Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2019-12-26 11:29:45 +00:00			`bind := binding.Bind`

Add internal routes for ssh hook comands (#1471) * add internal routes for ssh hook comands * fix lint * add comment on why package named private not internal but the route name is internal * add comment above package private why package named private not internal but the route name is internal * remove exp time on internal access * move routes from /internal to /api/internal * add comment and defer on UpdatePublicKeyUpdated 2017-04-19 03:45:01 +00:00			`m.Group("/", func() {`
AuthorizedKeysCommand should not query db directly (#9371) * AuthorizedKeysCommand should not query db directly * Update routers/private/internal.go * Fix import order 2019-12-17 01:49:07 +00:00			`m.Post("/ssh/authorized_keys", AuthorizedPublicKeyByContent)`
Move serv hook functionality & drop GitLogger (#6993) * Move hook functionality internally * Internalise serv logic * Remove old internal paths * finally remove the gitlogger * Disallow push on archived repositories * fix lint error * Update modules/private/key.go * Update routers/private/hook.go * Update routers/private/hook.go * Update routers/private/hook.go * Updated routers/private/serv.go * Fix LFS Locks over SSH * rev-list needs to be run by the hook process * fixup * Improve git test * Ensure that the lfs files are created with a different prefix * Reduce the replication in git_test.go * slight refactor * Remove unnecessary "/" * Restore ensureAnonymousClone * Restore ensureAnonymousClone * Run rev-list on server side * Try passing in the alternative directories instead * Mark test as skipped * Improve git test * Ensure that the lfs files are created with a different prefix * Reduce the replication in git_test.go * Remove unnecessary "/" 2019-06-01 15:00:21 +00:00			`m.Post("/ssh/:id/update/:repoid", UpdatePublicKeyInRepo)`
Batch hook pre- and post-receive calls (#8602) * make notifyWatchers work on multiple actions * more efficient multiple notifyWatchers * Make CommitRepoAction take advantage of multiple actions * Batch post and pre-receive results * Set batch to 30 * Auto adjust timeout & add logging * adjust processing message * Add some messages to pre-receive * Make any non-200 status code from pre-receive an error * Add missing hookPrintResults * Remove shortcut for single action * mistaken merge fix * oops * Move master branch to the front * If repo was empty and the master branch is pushed ensure that that is set as the default branch * fixup * fixup * Missed HookOptions in setdefaultbranch * Batch PushUpdateAddTag and PushUpdateDelTag Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2019-12-26 11:29:45 +00:00			`m.Post("/hook/pre-receive/:owner/:repo", bind(private.HookOptions{}), HookPreReceive)`
			`m.Post("/hook/post-receive/:owner/:repo", bind(private.HookOptions{}), HookPostReceive)`
			`m.Post("/hook/set-default-branch/:owner/:repo/:branch", SetDefaultBranch)`
Move serv hook functionality & drop GitLogger (#6993) * Move hook functionality internally * Internalise serv logic * Remove old internal paths * finally remove the gitlogger * Disallow push on archived repositories * fix lint error * Update modules/private/key.go * Update routers/private/hook.go * Update routers/private/hook.go * Update routers/private/hook.go * Updated routers/private/serv.go * Fix LFS Locks over SSH * rev-list needs to be run by the hook process * fixup * Improve git test * Ensure that the lfs files are created with a different prefix * Reduce the replication in git_test.go * slight refactor * Remove unnecessary "/" * Restore ensureAnonymousClone * Restore ensureAnonymousClone * Run rev-list on server side * Try passing in the alternative directories instead * Mark test as skipped * Improve git test * Ensure that the lfs files are created with a different prefix * Reduce the replication in git_test.go * Remove unnecessary "/" 2019-06-01 15:00:21 +00:00			`m.Get("/serv/none/:keyid", ServNoCommand)`
			`m.Get("/serv/command/:keyid/:owner/:repo", ServCommand)`
Queue: Make WorkerPools and Queues flushable (#10001) * Make WorkerPools and Queues flushable Adds Flush methods to Queues and the WorkerPool Further abstracts the WorkerPool Adds a final step to Flush the queues in the defer from PrintCurrentTest Fixes an issue with Settings inheritance in queues Signed-off-by: Andrew Thornton <art27@cantab.net> * Change to for loop * Add IsEmpty and begin just making the queues composed WorkerPools * subsume workerpool into the queues and create a flushable interface * Add manager command * Move flushall to queue.Manager and add to testlogger * As per @guillep2k * as per @guillep2k * Just make queues all implement flushable and clean up the wrapped queue flushes * cope with no timeout Co-authored-by: Lauris BH <lauris@nix.lv> 2020-01-29 01:01:06 +00:00			`m.Post("/manager/shutdown", Shutdown)`
			`m.Post("/manager/restart", Restart)`
			`m.Post("/manager/flush-queues", bind(private.FlushOptions{}), FlushQueues)`

Add internal routes for ssh hook comands (#1471) * add internal routes for ssh hook comands * fix lint * add comment on why package named private not internal but the route name is internal * add comment above package private why package named private not internal but the route name is internal * remove exp time on internal access * move routes from /internal to /api/internal * add comment and defer on UpdatePublicKeyUpdated 2017-04-19 03:45:01 +00:00			`}, CheckInternalToken)`
			`}`