Clarify path param naming (#32969)

In history (from some legacy frameworks), both `:name` and `name` are supported as path path name, `:name` is an alias to `name`. To make code consistent, now we should only use `name` but not `:name`. Also added panic check in related functions to make sure the name won't be abused in case some downstreams still use them.
2025-07-22 18:28:37 +00:00 · 2024-12-24 21:47:45 +08:00
parent b8b690feb9
commit 2a828e2798
102 changed files with 461 additions and 429 deletions
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -165,7 +165,7 @@ func DeleteAccessToken(ctx *context.APIContext) {
 	//   "422":
 	//     "$ref": "#/responses/error"

-	token := ctx.PathParam(":id")
+	token := ctx.PathParam("id")
 	tokenID, _ := strconv.ParseInt(token, 0, 64)

 	if tokenID == 0 {
@@ -306,7 +306,7 @@ func DeleteOauth2Application(ctx *context.APIContext) {
 	//     "$ref": "#/responses/empty"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
-	appID := ctx.PathParamInt64(":id")
+	appID := ctx.PathParamInt64("id")
 	if err := auth_model.DeleteOAuth2Application(ctx, appID, ctx.Doer.ID); err != nil {
 		if auth_model.IsErrOAuthApplicationNotFound(err) {
 			ctx.NotFound()
@@ -338,7 +338,7 @@ func GetOauth2Application(ctx *context.APIContext) {
 	//     "$ref": "#/responses/OAuth2Application"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
-	appID := ctx.PathParamInt64(":id")
+	appID := ctx.PathParamInt64("id")
 	app, err := auth_model.GetOAuth2ApplicationByID(ctx, appID)
 	if err != nil {
 		if auth_model.IsErrOauthClientIDInvalid(err) || auth_model.IsErrOAuthApplicationNotFound(err) {
@@ -382,7 +382,7 @@ func UpdateOauth2Application(ctx *context.APIContext) {
 	//     "$ref": "#/responses/OAuth2Application"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
-	appID := ctx.PathParamInt64(":id")
+	appID := ctx.PathParamInt64("id")

 	data := web.GetForm(ctx).(*api.CreateOAuth2ApplicationOptions)

--- a/routers/api/v1/user/follower.go
+++ b/routers/api/v1/user/follower.go
@@ -201,7 +201,7 @@ func CheckFollowing(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"

-	target := GetUserByParamsName(ctx, ":target")
+	target := GetUserByPathParam(ctx, "target") // FIXME: it is not right to call this function, it should load the "target" directly
 	if ctx.Written() {
 		return
 	}
--- a/routers/api/v1/user/gpg_key.go
+++ b/routers/api/v1/user/gpg_key.go
@@ -116,7 +116,7 @@ func GetGPGKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"

-	key, err := asymkey_model.GetGPGKeyForUserByID(ctx, ctx.Doer.ID, ctx.PathParamInt64(":id"))
+	key, err := asymkey_model.GetGPGKeyForUserByID(ctx, ctx.Doer.ID, ctx.PathParamInt64("id"))
 	if err != nil {
 		if asymkey_model.IsErrGPGKeyNotExist(err) {
 			ctx.NotFound()
@@ -280,7 +280,7 @@ func DeleteGPGKey(ctx *context.APIContext) {
 		return
 	}

-	if err := asymkey_model.DeleteGPGKey(ctx, ctx.Doer, ctx.PathParamInt64(":id")); err != nil {
+	if err := asymkey_model.DeleteGPGKey(ctx, ctx.Doer, ctx.PathParamInt64("id")); err != nil {
 		if asymkey_model.IsErrGPGKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
--- a/routers/api/v1/user/helper.go
+++ b/routers/api/v1/user/helper.go
@@ -10,8 +10,9 @@ import (
 	"code.gitea.io/gitea/services/context"
 )

-// GetUserByParamsName get user by name
-func GetUserByParamsName(ctx *context.APIContext, name string) *user_model.User {
+// GetUserByPathParam get user by the path param name
+// it will redirect to the user's new name if the user's name has been changed
+func GetUserByPathParam(ctx *context.APIContext, name string) *user_model.User {
 	username := ctx.PathParam(name)
 	user, err := user_model.GetUserByName(ctx, username)
 	if err != nil {
@@ -29,7 +30,7 @@ func GetUserByParamsName(ctx *context.APIContext, name string) *user_model.User
 	return user
 }

-// GetUserByParams returns user whose name is presented in URL (":username").
-func GetUserByParams(ctx *context.APIContext) *user_model.User {
-	return GetUserByParamsName(ctx, ":username")
+// GetContextUserByPathParam returns user whose name is presented in URL (path param "username").
+func GetContextUserByPathParam(ctx *context.APIContext) *user_model.User {
+	return GetUserByPathParam(ctx, "username")
 }
--- a/routers/api/v1/user/key.go
+++ b/routers/api/v1/user/key.go
@@ -179,7 +179,7 @@ func GetPublicKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"

-	key, err := asymkey_model.GetPublicKeyByID(ctx, ctx.PathParamInt64(":id"))
+	key, err := asymkey_model.GetPublicKeyByID(ctx, ctx.PathParamInt64("id"))
 	if err != nil {
 		if asymkey_model.IsErrKeyNotExist(err) {
 			ctx.NotFound()
@@ -274,7 +274,7 @@ func DeletePublicKey(ctx *context.APIContext) {
 		return
 	}

-	id := ctx.PathParamInt64(":id")
+	id := ctx.PathParamInt64("id")
 	externallyManaged, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, id)
 	if err != nil {
 		if asymkey_model.IsErrKeyNotExist(err) {
--- a/routers/api/v1/user/user.go
+++ b/routers/api/v1/user/user.go
@@ -121,7 +121,7 @@ func GetInfo(ctx *context.APIContext) {

 	if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
 		// fake ErrUserNotExist error message to not leak information about existence
-		ctx.NotFound("GetUserByName", user_model.ErrUserNotExist{Name: ctx.PathParam(":username")})
+		ctx.NotFound("GetUserByName", user_model.ErrUserNotExist{Name: ctx.PathParam("username")})
 		return
 	}
 	ctx.JSON(http.StatusOK, convert.ToUser(ctx, ctx.ContextUser, ctx.Doer))