Backport #15895
Storing these credentials is a liability.
* Encrypt credentials with SECRET_KEY before persisting to task queue table (they need to be persisted due to the nature of the task queue)
- security in depth: helps when attacker has access to DB only, but not app.ini
* Delete all credentials (even encrypted) from the task table, once the migration is done, for safety
- security in depth: minimizes leaked data if attacker gains access to snapshot of both DB and app.ini
* Store task errors following migrations and display them
When migrate tasks fail store the error in the task table
and ensure that they show on the status page.
Fix#13242
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update web_src/js/index.js
* Hide the failed first
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
If there is a panic during runMigrateTask we should capture and log the underlying
panic error.
This PR ensures that the panic is logged and captured as part of the task message.
Fix#13095
Signed-off-by: Andrew Thornton <art27@cantab.net>
* use different structs for MigrateRepoOptions on UI and API
* Fix TokenAuth and rename UID to an understandable Name
* fix swagger doc
* simplify & mk redable
* R E F A C T O R:
migration has now internal 3 structs to store its options:
* the Options for WebUI: modules/auth/repo_form.go
* the Options for API: modules/structs/repo.go
* the option struct with after validation for internal prossessing: modules/migrations/base/options.go
* Copyright Header
* Deprecate UID - add RepoOwner
* adopt repo.go -> migrate.go
* add comment about each struct purpose
* lint
* Sleep longer if request speed is over github limitation
* improve code
* remove unused code
* fix lint
* Use github's rate limit remain value to determine how long to sleep
* Save reset time when finished github api request
* fix bug
* fix lint
* Add context.Context for sleep
* fix test
* improve code
* fix bug and lint
* fix import order