mirror of
				https://github.com/go-gitea/gitea
				synced 2025-09-28 03:28:13 +00:00 
			
		
		
		
	Merge branch 'main' into feature/bots
This commit is contained in:
		| @@ -443,6 +443,8 @@ var migrations = []Migration{ | ||||
| 	// v235 -> v236 | ||||
| 	NewMigration("Add index for access_token", v1_19.AddIndexForAccessToken), | ||||
| 	// v236 -> v237 | ||||
| 	NewMigration("Create secrets table", v1_19.CreateSecretsTable), | ||||
| 	// v237 -> v238 | ||||
| 	NewMigration("Add actions tables", v1_19.AddActionsTables), | ||||
| } | ||||
|  | ||||
|   | ||||
| @@ -4,173 +4,20 @@ | ||||
| package v1_19 //nolint | ||||
|  | ||||
| import ( | ||||
| 	"code.gitea.io/gitea/models/db" | ||||
| 	"code.gitea.io/gitea/modules/timeutil" | ||||
|  | ||||
| 	"xorm.io/xorm" | ||||
| ) | ||||
|  | ||||
| func AddActionsTables(x *xorm.Engine) error { | ||||
| 	type ActionRunner struct { | ||||
| func CreateSecretsTable(x *xorm.Engine) error { | ||||
| 	type Secret struct { | ||||
| 		ID          int64 | ||||
| 		UUID        string `xorm:"CHAR(36) UNIQUE"` | ||||
| 		Name        string `xorm:"VARCHAR(32)"` | ||||
| 		OwnerID     int64  `xorm:"index"` // org level runner, 0 means system | ||||
| 		RepoID      int64  `xorm:"index"` // repo level runner, if orgid also is zero, then it's a global | ||||
| 		Description string `xorm:"TEXT"` | ||||
| 		Base        int    // 0 native 1 docker 2 virtual machine | ||||
| 		RepoRange   string // glob match which repositories could use this runner | ||||
|  | ||||
| 		Token     string `xorm:"-"` | ||||
| 		TokenHash string `xorm:"UNIQUE"` // sha256 of token | ||||
| 		TokenSalt string | ||||
| 		// TokenLastEight string `xorm:"token_last_eight"` // it's unnecessary because we don't find runners by token | ||||
|  | ||||
| 		LastOnline timeutil.TimeStamp `xorm:"index"` | ||||
| 		LastActive timeutil.TimeStamp `xorm:"index"` | ||||
|  | ||||
| 		// Store OS and Artch. | ||||
| 		AgentLabels []string | ||||
| 		// Store custom labes use defined. | ||||
| 		CustomLabels []string | ||||
|  | ||||
| 		Created timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated timeutil.TimeStamp `xorm:"updated"` | ||||
| 		Deleted timeutil.TimeStamp `xorm:"deleted"` | ||||
| 		OwnerID     int64              `xorm:"INDEX UNIQUE(owner_repo_name) NOT NULL"` | ||||
| 		RepoID      int64              `xorm:"INDEX UNIQUE(owner_repo_name) NOT NULL DEFAULT 0"` | ||||
| 		Name        string             `xorm:"UNIQUE(owner_repo_name) NOT NULL"` | ||||
| 		Data        string             `xorm:"LONGTEXT"` | ||||
| 		CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"` | ||||
| 	} | ||||
|  | ||||
| 	type ActionRunnerToken struct { | ||||
| 		ID       int64 | ||||
| 		Token    string `xorm:"UNIQUE"` | ||||
| 		OwnerID  int64  `xorm:"index"` // org level runner, 0 means system | ||||
| 		RepoID   int64  `xorm:"index"` // repo level runner, if orgid also is zero, then it's a global | ||||
| 		IsActive bool | ||||
|  | ||||
| 		Created timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated timeutil.TimeStamp `xorm:"updated"` | ||||
| 		Deleted timeutil.TimeStamp `xorm:"deleted"` | ||||
| 	} | ||||
|  | ||||
| 	type ActionRun struct { | ||||
| 		ID                int64 | ||||
| 		Title             string | ||||
| 		RepoID            int64  `xorm:"index unique(repo_index)"` | ||||
| 		OwnerID           int64  `xorm:"index"` | ||||
| 		WorkflowID        string `xorm:"index"`                    // the name of workflow file | ||||
| 		Index             int64  `xorm:"index unique(repo_index)"` // a unique number for each run of a repository | ||||
| 		TriggerUserID     int64 | ||||
| 		Ref               string | ||||
| 		CommitSHA         string | ||||
| 		Event             string | ||||
| 		IsForkPullRequest bool | ||||
| 		EventPayload      string `xorm:"LONGTEXT"` | ||||
| 		Status            int    `xorm:"index"` | ||||
| 		Started           timeutil.TimeStamp | ||||
| 		Stopped           timeutil.TimeStamp | ||||
| 		Created           timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated           timeutil.TimeStamp `xorm:"updated"` | ||||
| 	} | ||||
|  | ||||
| 	type ActionRunJob struct { | ||||
| 		ID                int64 | ||||
| 		RunID             int64  `xorm:"index"` | ||||
| 		RepoID            int64  `xorm:"index"` | ||||
| 		OwnerID           int64  `xorm:"index"` | ||||
| 		CommitSHA         string `xorm:"index"` | ||||
| 		IsForkPullRequest bool | ||||
| 		Name              string | ||||
| 		Attempt           int64 | ||||
| 		WorkflowPayload   []byte | ||||
| 		JobID             string   // job id in workflow, not job's id | ||||
| 		Needs             []string `xorm:"JSON TEXT"` | ||||
| 		RunsOn            []string `xorm:"JSON TEXT"` | ||||
| 		TaskID            int64    // the latest task of the job | ||||
| 		Status            int      `xorm:"index"` | ||||
| 		Started           timeutil.TimeStamp | ||||
| 		Stopped           timeutil.TimeStamp | ||||
| 		Created           timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated           timeutil.TimeStamp `xorm:"updated index"` | ||||
| 	} | ||||
|  | ||||
| 	type Repository struct { | ||||
| 		NumRuns       int `xorm:"NOT NULL DEFAULT 0"` | ||||
| 		NumClosedRuns int `xorm:"NOT NULL DEFAULT 0"` | ||||
| 	} | ||||
|  | ||||
| 	type ActionRunIndex db.ResourceIndex | ||||
|  | ||||
| 	type ActionTask struct { | ||||
| 		ID       int64 | ||||
| 		JobID    int64 | ||||
| 		Attempt  int64 | ||||
| 		RunnerID int64              `xorm:"index"` | ||||
| 		Status   int                `xorm:"index"` | ||||
| 		Started  timeutil.TimeStamp `xorm:"index"` | ||||
| 		Stopped  timeutil.TimeStamp | ||||
|  | ||||
| 		RepoID            int64  `xorm:"index"` | ||||
| 		OwnerID           int64  `xorm:"index"` | ||||
| 		CommitSHA         string `xorm:"index"` | ||||
| 		IsForkPullRequest bool | ||||
|  | ||||
| 		TokenHash      string `xorm:"UNIQUE"` // sha256 of token | ||||
| 		TokenSalt      string | ||||
| 		TokenLastEight string `xorm:"index token_last_eight"` | ||||
|  | ||||
| 		LogFilename  string   // file name of log | ||||
| 		LogInStorage bool     // read log from database or from storage | ||||
| 		LogLength    int64    // lines count | ||||
| 		LogSize      int64    // blob size | ||||
| 		LogIndexes   *[]int64 `xorm:"LONGBLOB"` // line number to offset | ||||
| 		LogExpired   bool     // files that are too old will be deleted | ||||
|  | ||||
| 		Created timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated timeutil.TimeStamp `xorm:"updated index"` | ||||
| 	} | ||||
|  | ||||
| 	type ActionTaskStep struct { | ||||
| 		ID        int64 | ||||
| 		Name      string | ||||
| 		TaskID    int64 `xorm:"index unique(task_number)"` | ||||
| 		Number    int64 `xorm:"index unique(task_number)"` | ||||
| 		RepoID    int64 `xorm:"index"` | ||||
| 		Status    int   `xorm:"index"` | ||||
| 		LogIndex  int64 | ||||
| 		LogLength int64 | ||||
| 		Started   timeutil.TimeStamp | ||||
| 		Stopped   timeutil.TimeStamp | ||||
| 		Created   timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated   timeutil.TimeStamp `xorm:"updated"` | ||||
| 	} | ||||
|  | ||||
| 	type dbfsMeta struct { | ||||
| 		ID              int64  `xorm:"pk autoincr"` | ||||
| 		FullPath        string `xorm:"VARCHAR(500) UNIQUE NOT NULL"` | ||||
| 		BlockSize       int64  `xorm:"BIGINT NOT NULL"` | ||||
| 		FileSize        int64  `xorm:"BIGINT NOT NULL"` | ||||
| 		CreateTimestamp int64  `xorm:"BIGINT NOT NULL"` | ||||
| 		ModifyTimestamp int64  `xorm:"BIGINT NOT NULL"` | ||||
| 	} | ||||
|  | ||||
| 	type dbfsData struct { | ||||
| 		ID         int64  `xorm:"pk autoincr"` | ||||
| 		Revision   int64  `xorm:"BIGINT NOT NULL"` | ||||
| 		MetaID     int64  `xorm:"BIGINT index(meta_offset) NOT NULL"` | ||||
| 		BlobOffset int64  `xorm:"BIGINT index(meta_offset) NOT NULL"` | ||||
| 		BlobSize   int64  `xorm:"BIGINT NOT NULL"` | ||||
| 		BlobData   []byte `xorm:"BLOB NOT NULL"` | ||||
| 	} | ||||
|  | ||||
| 	return x.Sync( | ||||
| 		new(ActionRunner), | ||||
| 		new(ActionRunnerToken), | ||||
| 		new(ActionRun), | ||||
| 		new(ActionRunJob), | ||||
| 		new(Repository), | ||||
| 		new(ActionRunIndex), | ||||
| 		new(ActionTask), | ||||
| 		new(ActionTaskStep), | ||||
| 		new(dbfsMeta), | ||||
| 		new(dbfsData), | ||||
| 	) | ||||
| 	return x.Sync(new(Secret)) | ||||
| } | ||||
|   | ||||
							
								
								
									
										177
									
								
								models/migrations/v1_19/v237.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										177
									
								
								models/migrations/v1_19/v237.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,177 @@ | ||||
| // Copyright 2022 The Gitea Authors. All rights reserved. | ||||
| // SPDX-License-Identifier: MIT | ||||
|  | ||||
| package v1_19 //nolint | ||||
|  | ||||
| import ( | ||||
| 	"code.gitea.io/gitea/models/db" | ||||
| 	"code.gitea.io/gitea/modules/timeutil" | ||||
|  | ||||
| 	"xorm.io/xorm" | ||||
| ) | ||||
|  | ||||
| func AddActionsTables(x *xorm.Engine) error { | ||||
| 	type ActionRunner struct { | ||||
| 		ID          int64 | ||||
| 		UUID        string `xorm:"CHAR(36) UNIQUE"` | ||||
| 		Name        string `xorm:"VARCHAR(32)"` | ||||
| 		OwnerID     int64  `xorm:"index"` // org level runner, 0 means system | ||||
| 		RepoID      int64  `xorm:"index"` // repo level runner, if orgid also is zero, then it's a global | ||||
| 		Description string `xorm:"TEXT"` | ||||
| 		Base        int    // 0 native 1 docker 2 virtual machine | ||||
| 		RepoRange   string // glob match which repositories could use this runner | ||||
|  | ||||
| 		Token     string `xorm:"-"` | ||||
| 		TokenHash string `xorm:"UNIQUE"` // sha256 of token | ||||
| 		TokenSalt string | ||||
| 		// TokenLastEight string `xorm:"token_last_eight"` // it's unnecessary because we don't find runners by token | ||||
|  | ||||
| 		LastOnline timeutil.TimeStamp `xorm:"index"` | ||||
| 		LastActive timeutil.TimeStamp `xorm:"index"` | ||||
|  | ||||
| 		// Store OS and Artch. | ||||
| 		AgentLabels []string | ||||
| 		// Store custom labes use defined. | ||||
| 		CustomLabels []string | ||||
|  | ||||
| 		Created timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated timeutil.TimeStamp `xorm:"updated"` | ||||
| 		Deleted timeutil.TimeStamp `xorm:"deleted"` | ||||
| 	} | ||||
|  | ||||
| 	type ActionRunnerToken struct { | ||||
| 		ID       int64 | ||||
| 		Token    string `xorm:"UNIQUE"` | ||||
| 		OwnerID  int64  `xorm:"index"` // org level runner, 0 means system | ||||
| 		RepoID   int64  `xorm:"index"` // repo level runner, if orgid also is zero, then it's a global | ||||
| 		IsActive bool | ||||
|  | ||||
| 		Created timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated timeutil.TimeStamp `xorm:"updated"` | ||||
| 		Deleted timeutil.TimeStamp `xorm:"deleted"` | ||||
| 	} | ||||
|  | ||||
| 	type ActionRun struct { | ||||
| 		ID                int64 | ||||
| 		Title             string | ||||
| 		RepoID            int64  `xorm:"index unique(repo_index)"` | ||||
| 		OwnerID           int64  `xorm:"index"` | ||||
| 		WorkflowID        string `xorm:"index"`                    // the name of workflow file | ||||
| 		Index             int64  `xorm:"index unique(repo_index)"` // a unique number for each run of a repository | ||||
| 		TriggerUserID     int64 | ||||
| 		Ref               string | ||||
| 		CommitSHA         string | ||||
| 		Event             string | ||||
| 		IsForkPullRequest bool | ||||
| 		EventPayload      string `xorm:"LONGTEXT"` | ||||
| 		Status            int    `xorm:"index"` | ||||
| 		Started           timeutil.TimeStamp | ||||
| 		Stopped           timeutil.TimeStamp | ||||
| 		Created           timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated           timeutil.TimeStamp `xorm:"updated"` | ||||
| 	} | ||||
|  | ||||
| 	type ActionRunJob struct { | ||||
| 		ID                int64 | ||||
| 		RunID             int64  `xorm:"index"` | ||||
| 		RepoID            int64  `xorm:"index"` | ||||
| 		OwnerID           int64  `xorm:"index"` | ||||
| 		CommitSHA         string `xorm:"index"` | ||||
| 		IsForkPullRequest bool | ||||
| 		Name              string | ||||
| 		Attempt           int64 | ||||
| 		WorkflowPayload   []byte | ||||
| 		JobID             string   // job id in workflow, not job's id | ||||
| 		Needs             []string `xorm:"JSON TEXT"` | ||||
| 		RunsOn            []string `xorm:"JSON TEXT"` | ||||
| 		TaskID            int64    // the latest task of the job | ||||
| 		Status            int      `xorm:"index"` | ||||
| 		Started           timeutil.TimeStamp | ||||
| 		Stopped           timeutil.TimeStamp | ||||
| 		Created           timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated           timeutil.TimeStamp `xorm:"updated index"` | ||||
| 	} | ||||
|  | ||||
| 	type Repository struct { | ||||
| 		NumRuns       int `xorm:"NOT NULL DEFAULT 0"` | ||||
| 		NumClosedRuns int `xorm:"NOT NULL DEFAULT 0"` | ||||
| 	} | ||||
|  | ||||
| 	type ActionRunIndex db.ResourceIndex | ||||
|  | ||||
| 	type ActionTask struct { | ||||
| 		ID       int64 | ||||
| 		JobID    int64 | ||||
| 		Attempt  int64 | ||||
| 		RunnerID int64              `xorm:"index"` | ||||
| 		Status   int                `xorm:"index"` | ||||
| 		Started  timeutil.TimeStamp `xorm:"index"` | ||||
| 		Stopped  timeutil.TimeStamp | ||||
|  | ||||
| 		RepoID            int64  `xorm:"index"` | ||||
| 		OwnerID           int64  `xorm:"index"` | ||||
| 		CommitSHA         string `xorm:"index"` | ||||
| 		IsForkPullRequest bool | ||||
|  | ||||
| 		TokenHash      string `xorm:"UNIQUE"` // sha256 of token | ||||
| 		TokenSalt      string | ||||
| 		TokenLastEight string `xorm:"index token_last_eight"` | ||||
|  | ||||
| 		LogFilename  string   // file name of log | ||||
| 		LogInStorage bool     // read log from database or from storage | ||||
| 		LogLength    int64    // lines count | ||||
| 		LogSize      int64    // blob size | ||||
| 		LogIndexes   *[]int64 `xorm:"LONGBLOB"` // line number to offset | ||||
| 		LogExpired   bool     // files that are too old will be deleted | ||||
|  | ||||
| 		Created timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated timeutil.TimeStamp `xorm:"updated index"` | ||||
| 	} | ||||
|  | ||||
| 	type ActionTaskStep struct { | ||||
| 		ID        int64 | ||||
| 		Name      string | ||||
| 		TaskID    int64 `xorm:"index unique(task_number)"` | ||||
| 		Number    int64 `xorm:"index unique(task_number)"` | ||||
| 		RepoID    int64 `xorm:"index"` | ||||
| 		Status    int   `xorm:"index"` | ||||
| 		LogIndex  int64 | ||||
| 		LogLength int64 | ||||
| 		Started   timeutil.TimeStamp | ||||
| 		Stopped   timeutil.TimeStamp | ||||
| 		Created   timeutil.TimeStamp `xorm:"created"` | ||||
| 		Updated   timeutil.TimeStamp `xorm:"updated"` | ||||
| 	} | ||||
|  | ||||
| 	type dbfsMeta struct { | ||||
| 		ID              int64  `xorm:"pk autoincr"` | ||||
| 		FullPath        string `xorm:"VARCHAR(500) UNIQUE NOT NULL"` | ||||
| 		BlockSize       int64  `xorm:"BIGINT NOT NULL"` | ||||
| 		FileSize        int64  `xorm:"BIGINT NOT NULL"` | ||||
| 		CreateTimestamp int64  `xorm:"BIGINT NOT NULL"` | ||||
| 		ModifyTimestamp int64  `xorm:"BIGINT NOT NULL"` | ||||
| 	} | ||||
|  | ||||
| 	type dbfsData struct { | ||||
| 		ID         int64  `xorm:"pk autoincr"` | ||||
| 		Revision   int64  `xorm:"BIGINT NOT NULL"` | ||||
| 		MetaID     int64  `xorm:"BIGINT index(meta_offset) NOT NULL"` | ||||
| 		BlobOffset int64  `xorm:"BIGINT index(meta_offset) NOT NULL"` | ||||
| 		BlobSize   int64  `xorm:"BIGINT NOT NULL"` | ||||
| 		BlobData   []byte `xorm:"BLOB NOT NULL"` | ||||
| 	} | ||||
|  | ||||
| 	return x.Sync( | ||||
| 		new(ActionRunner), | ||||
| 		new(ActionRunnerToken), | ||||
| 		new(ActionRun), | ||||
| 		new(ActionRunJob), | ||||
| 		new(Repository), | ||||
| 		new(ActionRunIndex), | ||||
| 		new(ActionTask), | ||||
| 		new(ActionTaskStep), | ||||
| 		new(dbfsMeta), | ||||
| 		new(dbfsData), | ||||
| 	) | ||||
| } | ||||
|  | ||||
| @@ -12,6 +12,7 @@ import ( | ||||
| 	"code.gitea.io/gitea/models/db" | ||||
| 	"code.gitea.io/gitea/models/perm" | ||||
| 	repo_model "code.gitea.io/gitea/models/repo" | ||||
| 	secret_model "code.gitea.io/gitea/models/secret" | ||||
| 	"code.gitea.io/gitea/models/unit" | ||||
| 	user_model "code.gitea.io/gitea/models/user" | ||||
| 	"code.gitea.io/gitea/modules/log" | ||||
| @@ -370,6 +371,7 @@ func DeleteOrganization(ctx context.Context, org *Organization) error { | ||||
| 		&TeamUser{OrgID: org.ID}, | ||||
| 		&TeamUnit{OrgID: org.ID}, | ||||
| 		&TeamInvite{OrgID: org.ID}, | ||||
| 		&secret_model.Secret{OwnerID: org.ID}, | ||||
| 	); err != nil { | ||||
| 		return fmt.Errorf("DeleteBeans: %w", err) | ||||
| 	} | ||||
|   | ||||
| @@ -21,6 +21,7 @@ import ( | ||||
| 	access_model "code.gitea.io/gitea/models/perm/access" | ||||
| 	project_model "code.gitea.io/gitea/models/project" | ||||
| 	repo_model "code.gitea.io/gitea/models/repo" | ||||
| 	secret_model "code.gitea.io/gitea/models/secret" | ||||
| 	system_model "code.gitea.io/gitea/models/system" | ||||
| 	"code.gitea.io/gitea/models/unit" | ||||
| 	user_model "code.gitea.io/gitea/models/user" | ||||
| @@ -150,6 +151,7 @@ func DeleteRepository(doer *user_model.User, uid, repoID int64) error { | ||||
| 		&admin_model.Task{RepoID: repoID}, | ||||
| 		&repo_model.Watch{RepoID: repoID}, | ||||
| 		&webhook.Webhook{RepoID: repoID}, | ||||
| 		&secret_model.Secret{RepoID: repoID}, | ||||
| 	); err != nil { | ||||
| 		return fmt.Errorf("deleteBeans: %w", err) | ||||
| 	} | ||||
|   | ||||
							
								
								
									
										124
									
								
								models/secret/secret.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										124
									
								
								models/secret/secret.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,124 @@ | ||||
| // Copyright 2022 The Gitea Authors. All rights reserved. | ||||
| // SPDX-License-Identifier: MIT | ||||
|  | ||||
| package secret | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"fmt" | ||||
| 	"regexp" | ||||
| 	"strings" | ||||
|  | ||||
| 	"code.gitea.io/gitea/models/db" | ||||
| 	secret_module "code.gitea.io/gitea/modules/secret" | ||||
| 	"code.gitea.io/gitea/modules/setting" | ||||
| 	"code.gitea.io/gitea/modules/timeutil" | ||||
| 	"code.gitea.io/gitea/modules/util" | ||||
|  | ||||
| 	"xorm.io/builder" | ||||
| ) | ||||
|  | ||||
| type ErrSecretInvalidValue struct { | ||||
| 	Name *string | ||||
| 	Data *string | ||||
| } | ||||
|  | ||||
| func (err ErrSecretInvalidValue) Error() string { | ||||
| 	if err.Name != nil { | ||||
| 		return fmt.Sprintf("secret name %q is invalid", *err.Name) | ||||
| 	} | ||||
| 	if err.Data != nil { | ||||
| 		return fmt.Sprintf("secret data %q is invalid", *err.Data) | ||||
| 	} | ||||
| 	return util.ErrInvalidArgument.Error() | ||||
| } | ||||
|  | ||||
| func (err ErrSecretInvalidValue) Unwrap() error { | ||||
| 	return util.ErrInvalidArgument | ||||
| } | ||||
|  | ||||
| // Secret represents a secret | ||||
| type Secret struct { | ||||
| 	ID          int64 | ||||
| 	OwnerID     int64              `xorm:"INDEX UNIQUE(owner_repo_name) NOT NULL"` | ||||
| 	RepoID      int64              `xorm:"INDEX UNIQUE(owner_repo_name) NOT NULL DEFAULT 0"` | ||||
| 	Name        string             `xorm:"UNIQUE(owner_repo_name) NOT NULL"` | ||||
| 	Data        string             `xorm:"LONGTEXT"` // encrypted data | ||||
| 	CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"` | ||||
| } | ||||
|  | ||||
| // newSecret Creates a new already encrypted secret | ||||
| func newSecret(ownerID, repoID int64, name, data string) *Secret { | ||||
| 	return &Secret{ | ||||
| 		OwnerID: ownerID, | ||||
| 		RepoID:  repoID, | ||||
| 		Name:    strings.ToUpper(name), | ||||
| 		Data:    data, | ||||
| 	} | ||||
| } | ||||
|  | ||||
| // InsertEncryptedSecret Creates, encrypts, and validates a new secret with yet unencrypted data and insert into database | ||||
| func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, data string) (*Secret, error) { | ||||
| 	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, strings.TrimSpace(data)) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	secret := newSecret(ownerID, repoID, name, encrypted) | ||||
| 	if err := secret.Validate(); err != nil { | ||||
| 		return secret, err | ||||
| 	} | ||||
| 	return secret, db.Insert(ctx, secret) | ||||
| } | ||||
|  | ||||
| func init() { | ||||
| 	db.RegisterModel(new(Secret)) | ||||
| } | ||||
|  | ||||
| var ( | ||||
| 	secretNameReg            = regexp.MustCompile("^[A-Z_][A-Z0-9_]*$") | ||||
| 	forbiddenSecretPrefixReg = regexp.MustCompile("^GIT(EA|HUB)_") | ||||
| ) | ||||
|  | ||||
| // Validate validates the required fields and formats. | ||||
| func (s *Secret) Validate() error { | ||||
| 	switch { | ||||
| 	case len(s.Name) == 0 || len(s.Name) > 50: | ||||
| 		return ErrSecretInvalidValue{Name: &s.Name} | ||||
| 	case len(s.Data) == 0: | ||||
| 		return ErrSecretInvalidValue{Data: &s.Data} | ||||
| 	case !secretNameReg.MatchString(s.Name) || | ||||
| 		forbiddenSecretPrefixReg.MatchString(s.Name): | ||||
| 		return ErrSecretInvalidValue{Name: &s.Name} | ||||
| 	default: | ||||
| 		return nil | ||||
| 	} | ||||
| } | ||||
|  | ||||
| type FindSecretsOptions struct { | ||||
| 	db.ListOptions | ||||
| 	OwnerID int64 | ||||
| 	RepoID  int64 | ||||
| } | ||||
|  | ||||
| func (opts *FindSecretsOptions) toConds() builder.Cond { | ||||
| 	cond := builder.NewCond() | ||||
| 	if opts.OwnerID > 0 { | ||||
| 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID}) | ||||
| 	} | ||||
| 	if opts.RepoID > 0 { | ||||
| 		cond = cond.And(builder.Eq{"repo_id": opts.RepoID}) | ||||
| 	} | ||||
|  | ||||
| 	return cond | ||||
| } | ||||
|  | ||||
| func FindSecrets(ctx context.Context, opts FindSecretsOptions) ([]*Secret, error) { | ||||
| 	var secrets []*Secret | ||||
| 	sess := db.GetEngine(ctx) | ||||
| 	if opts.PageSize != 0 { | ||||
| 		sess = db.SetSessionPagination(sess, &opts.ListOptions) | ||||
| 	} | ||||
| 	return secrets, sess. | ||||
| 		Where(opts.toConds()). | ||||
| 		Find(&secrets) | ||||
| } | ||||
		Reference in New Issue
	
	Block a user