osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Beobachten 15
Favorisieren 7
Wiki 捐赠
本站源代码
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
Struktur: 4f0cac5ea6
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „4f0cac5ea6“
${ noResults }
com/routers/private/hook.go

251 Zeilen
8.7KB
Originalformat Blame Verlauf 

  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // Package private includes all internal routes. The package name internal is ideal but Golang is not allowed, so we use private as package name instead.

  6. package private

  7. 

  8. import (

  9. 	"fmt"

  10. 	"net/http"

  11. 	"os"

  12. 	"strings"

  13. 

  14. 	"code.gitea.io/gitea/models"

  15. 	"code.gitea.io/gitea/modules/git"

  16. 	"code.gitea.io/gitea/modules/log"

  17. 	"code.gitea.io/gitea/modules/private"

  18. 	"code.gitea.io/gitea/modules/repofiles"

  19. 	"code.gitea.io/gitea/modules/util"

  20. 

  21. 	"gitea.com/macaron/macaron"

  22. )

  23. 

  24. // HookPreReceive checks whether a individual commit is acceptable

  25. func HookPreReceive(ctx *macaron.Context) {

  26. 	ownerName := ctx.Params(":owner")

  27. 	repoName := ctx.Params(":repo")

  28. 	oldCommitID := ctx.QueryTrim("old")

  29. 	newCommitID := ctx.QueryTrim("new")

  30. 	refFullName := ctx.QueryTrim("ref")

  31. 	userID := ctx.QueryInt64("userID")

  32. 	gitObjectDirectory := ctx.QueryTrim("gitObjectDirectory")

  33. 	gitAlternativeObjectDirectories := ctx.QueryTrim("gitAlternativeObjectDirectories")

  34. 	gitQuarantinePath := ctx.QueryTrim("gitQuarantinePath")

  35. 	prID := ctx.QueryInt64("prID")

  36. 	isDeployKey := ctx.QueryBool("isDeployKey")

  37. 

  38. 	branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)

  39. 	repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)

  40. 	if err != nil {

  41. 		log.Error("Unable to get repository: %s/%s Error: %v", ownerName, repoName, err)

  42. 		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  43. 			"err": err.Error(),

  44. 		})

  45. 		return

  46. 	}

  47. 	repo.OwnerName = ownerName

  48. 	protectBranch, err := models.GetProtectedBranchBy(repo.ID, branchName)

  49. 	if err != nil {

  50. 		log.Error("Unable to get protected branch: %s in %-v Error: %v", branchName, repo, err)

  51. 		ctx.JSON(500, map[string]interface{}{

  52. 			"err": err.Error(),

  53. 		})

  54. 		return

  55. 	}

  56. 	if protectBranch != nil && protectBranch.IsProtected() {

  57. 		// check and deletion

  58. 		if newCommitID == git.EmptySHA {

  59. 			log.Warn("Forbidden: Branch: %s in %-v is protected from deletion", branchName, repo)

  60. 			ctx.JSON(http.StatusForbidden, map[string]interface{}{

  61. 				"err": fmt.Sprintf("branch %s is protected from deletion", branchName),

  62. 			})

  63. 			return

  64. 		}

  65. 

  66. 		// detect force push

  67. 		if git.EmptySHA != oldCommitID {

  68. 			env := os.Environ()

  69. 			if gitAlternativeObjectDirectories != "" {

  70. 				env = append(env,

  71. 					private.GitAlternativeObjectDirectories+"="+gitAlternativeObjectDirectories)

  72. 			}

  73. 			if gitObjectDirectory != "" {

  74. 				env = append(env,

  75. 					private.GitObjectDirectory+"="+gitObjectDirectory)

  76. 			}

  77. 			if gitQuarantinePath != "" {

  78. 				env = append(env,

  79. 					private.GitQuarantinePath+"="+gitQuarantinePath)

  80. 			}

  81. 

  82. 			output, err := git.NewCommand("rev-list", "--max-count=1", oldCommitID, "^"+newCommitID).RunInDirWithEnv(repo.RepoPath(), env)

  83. 			if err != nil {

  84. 				log.Error("Unable to detect force push between: %s and %s in %-v Error: %v", oldCommitID, newCommitID, repo, err)

  85. 				ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  86. 					"err": fmt.Sprintf("Fail to detect force push: %v", err),

  87. 				})

  88. 				return

  89. 			} else if len(output) > 0 {

  90. 				log.Warn("Forbidden: Branch: %s in %-v is protected from force push", branchName, repo)

  91. 				ctx.JSON(http.StatusForbidden, map[string]interface{}{

  92. 					"err": fmt.Sprintf("branch %s is protected from force push", branchName),

  93. 				})

  94. 				return

  95. 

  96. 			}

  97. 		}

  98. 

  99. 		canPush := false

  100. 		if isDeployKey {

  101. 			canPush = protectBranch.WhitelistDeployKeys

  102. 		} else {

  103. 			canPush = protectBranch.CanUserPush(userID)

  104. 		}

  105. 		if !canPush && prID > 0 {

  106. 			pr, err := models.GetPullRequestByID(prID)

  107. 			if err != nil {

  108. 				log.Error("Unable to get PullRequest %d Error: %v", prID, err)

  109. 				ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  110. 					"err": fmt.Sprintf("Unable to get PullRequest %d Error: %v", prID, err),

  111. 				})

  112. 				return

  113. 			}

  114. 			if !protectBranch.HasEnoughApprovals(pr) {

  115. 				log.Warn("Forbidden: User %d cannot push to protected branch: %s in %-v and pr #%d does not have enough approvals", userID, branchName, repo, pr.Index)

  116. 				ctx.JSON(http.StatusForbidden, map[string]interface{}{

  117. 					"err": fmt.Sprintf("protected branch %s can not be pushed to and pr #%d does not have enough approvals", branchName, prID),

  118. 				})

  119. 				return

  120. 			}

  121. 		} else if !canPush {

  122. 			log.Warn("Forbidden: User %d cannot push to protected branch: %s in %-v", userID, branchName, repo)

  123. 			ctx.JSON(http.StatusForbidden, map[string]interface{}{

  124. 				"err": fmt.Sprintf("protected branch %s can not be pushed to", branchName),

  125. 			})

  126. 			return

  127. 		}

  128. 	}

  129. 	ctx.PlainText(http.StatusOK, []byte("ok"))

  130. }

  131. 

  132. // HookPostReceive updates services and users

  133. func HookPostReceive(ctx *macaron.Context) {

  134. 	ownerName := ctx.Params(":owner")

  135. 	repoName := ctx.Params(":repo")

  136. 	oldCommitID := ctx.Query("old")

  137. 	newCommitID := ctx.Query("new")

  138. 	refFullName := ctx.Query("ref")

  139. 	userID := ctx.QueryInt64("userID")

  140. 	userName := ctx.Query("username")

  141. 

  142. 	branch := refFullName

  143. 	if strings.HasPrefix(refFullName, git.BranchPrefix) {

  144. 		branch = strings.TrimPrefix(refFullName, git.BranchPrefix)

  145. 	} else if strings.HasPrefix(refFullName, git.TagPrefix) {

  146. 		branch = strings.TrimPrefix(refFullName, git.TagPrefix)

  147. 	}

  148. 

  149. 	// Only trigger activity updates for changes to branches or

  150. 	// tags.  Updates to other refs (eg, refs/notes, refs/changes,

  151. 	// or other less-standard refs spaces are ignored since there

  152. 	// may be a very large number of them).

  153. 	if strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {

  154. 		repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)

  155. 		if err != nil {

  156. 			log.Error("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err)

  157. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  158. 				"err": fmt.Sprintf("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err),

  159. 			})

  160. 			return

  161. 		}

  162. 		if err := repofiles.PushUpdate(repo, branch, models.PushUpdateOptions{

  163. 			RefFullName:  refFullName,

  164. 			OldCommitID:  oldCommitID,

  165. 			NewCommitID:  newCommitID,

  166. 			PusherID:     userID,

  167. 			PusherName:   userName,

  168. 			RepoUserName: ownerName,

  169. 			RepoName:     repoName,

  170. 		}); err != nil {

  171. 			log.Error("Failed to Update: %s/%s Branch: %s Error: %v", ownerName, repoName, branch, err)

  172. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  173. 				"err": fmt.Sprintf("Failed to Update: %s/%s Branch: %s Error: %v", ownerName, repoName, branch, err),

  174. 			})

  175. 			return

  176. 		}

  177. 	}

  178. 

  179. 	if newCommitID != git.EmptySHA && strings.HasPrefix(refFullName, git.BranchPrefix) {

  180. 		repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)

  181. 		if err != nil {

  182. 			log.Error("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err)

  183. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  184. 				"err": fmt.Sprintf("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err),

  185. 			})

  186. 			return

  187. 		}

  188. 		repo.OwnerName = ownerName

  189. 

  190. 		pullRequestAllowed := repo.AllowsPulls()

  191. 		if !pullRequestAllowed {

  192. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  193. 				"message": false,

  194. 			})

  195. 			return

  196. 		}

  197. 

  198. 		baseRepo := repo

  199. 		if repo.IsFork {

  200. 			if err := repo.GetBaseRepo(); err != nil {

  201. 				log.Error("Failed to get Base Repository of Forked repository: %-v Error: %v", repo, err)

  202. 				ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  203. 					"err": fmt.Sprintf("Failed to get Base Repository of Forked repository: %-v Error: %v", repo, err),

  204. 				})

  205. 				return

  206. 			}

  207. 			baseRepo = repo.BaseRepo

  208. 		}

  209. 

  210. 		if !repo.IsFork && branch == baseRepo.DefaultBranch {

  211. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  212. 				"message": false,

  213. 			})

  214. 			return

  215. 		}

  216. 

  217. 		pr, err := models.GetUnmergedPullRequest(repo.ID, baseRepo.ID, branch, baseRepo.DefaultBranch)

  218. 		if err != nil && !models.IsErrPullRequestNotExist(err) {

  219. 			log.Error("Failed to get active PR in: %-v Branch: %s to: %-v Branch: %s Error: %v", repo, branch, baseRepo, baseRepo.DefaultBranch, err)

  220. 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

  221. 				"err": fmt.Sprintf(

  222. 					"Failed to get active PR in: %-v Branch: %s to: %-v Branch: %s Error: %v", repo, branch, baseRepo, baseRepo.DefaultBranch, err),

  223. 			})

  224. 			return

  225. 		}

  226. 

  227. 		if pr == nil {

  228. 			if repo.IsFork {

  229. 				branch = fmt.Sprintf("%s:%s", repo.OwnerName, branch)

  230. 			}

  231. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  232. 				"message": true,

  233. 				"create":  true,

  234. 				"branch":  branch,

  235. 				"url":     fmt.Sprintf("%s/compare/%s...%s", baseRepo.HTMLURL(), util.PathEscapeSegments(baseRepo.DefaultBranch), util.PathEscapeSegments(branch)),

  236. 			})

  237. 		} else {

  238. 			ctx.JSON(http.StatusOK, map[string]interface{}{

  239. 				"message": true,

  240. 				"create":  false,

  241. 				"branch":  branch,

  242. 				"url":     fmt.Sprintf("%s/pulls/%d", baseRepo.HTMLURL(), pr.Index),

  243. 			})

  244. 		}

  245. 		return

  246. 	}

  247. 	ctx.JSON(http.StatusOK, map[string]interface{}{

  248. 		"message": false,

  249. 	})

  250. }
上海开阖软件有限公司 沪ICP备12045867号-1