mirror of
https://github.com/go-gitea/gitea.git
synced 2026-05-07 01:43:24 +02:00
02b1b8a549
## Summary
This PR adds support for updating pull mirror authentication via the
repository edit API and UI.
It introduces new mirror authentication fields in _EditRepoOption_,
updates the API logic to safely handle partial credential updates, and
fixes the web settings flow so that the existing remote username is
preserved when only the password is changed.
### What changed
- added _auth_username_, _auth_password_, and _auth_token_ to
EditRepoOption
- updated the repository edit API to apply mirror auth changes via
_updateMirror_
- preserved existing username/password when only part of the auth
payload is provided
- used oauth2 as the default username when _auth_token_ is provided
- kept stored mirror URLs sanitized in DB and API responses
- updated Swagger schema for the new API fields
- added API integration tests for password-only and token-only updates
- added a web settings test to ensure username preservation on partial
updates
## Why
Some use cases require automated synchronization of pull mirrors, for
example in CI/CD pipelines or integrations with external systems.
At the same time, many organizations enforce security policies that
require periodic token rotation (e.g., monthly).
Currently, mirror credentials can only be updated via the UI, which
makes automation difficult.
## This change enables:
- automated token rotation
- avoiding manual updates via the UI
- easier integration with secret management systems
## Testing
- added integration coverage for mirror auth updates via _PATCH
/api/v1/repos/{owner}/{repo}_
- added web settings tests for password-only updates preserving the
existing username
## Result
Ability to automate auth update
<img width="2400" height="1245" alt="1"
src="https://github.com/user-attachments/assets/67fd5cca-9cb3-4536-b0e2-4d09b8ebff0f"
/>
<img width="962" height="932" alt="image"
src="https://github.com/user-attachments/assets/5d548f5d-aadf-4807-ba52-9c29df93a4cc"
/>
Generative AI was used to help with making this PR.
##
276 lines
9.4 KiB
Go
276 lines
9.4 KiB
Go
// Copyright 2020 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package repo
|
|
|
|
import (
|
|
gocontext "context"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"code.gitea.io/gitea/models/db"
|
|
"code.gitea.io/gitea/models/organization"
|
|
"code.gitea.io/gitea/models/perm"
|
|
access_model "code.gitea.io/gitea/models/perm/access"
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/git"
|
|
"code.gitea.io/gitea/modules/graceful"
|
|
"code.gitea.io/gitea/modules/lfs"
|
|
"code.gitea.io/gitea/modules/log"
|
|
base "code.gitea.io/gitea/modules/migration"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
api "code.gitea.io/gitea/modules/structs"
|
|
"code.gitea.io/gitea/modules/util"
|
|
"code.gitea.io/gitea/modules/web"
|
|
"code.gitea.io/gitea/services/context"
|
|
"code.gitea.io/gitea/services/convert"
|
|
"code.gitea.io/gitea/services/migrations"
|
|
notify_service "code.gitea.io/gitea/services/notify"
|
|
repo_service "code.gitea.io/gitea/services/repository"
|
|
)
|
|
|
|
// Migrate migrate remote git repository to gitea
|
|
func Migrate(ctx *context.APIContext) {
|
|
// swagger:operation POST /repos/migrate repository repoMigrate
|
|
// ---
|
|
// summary: Migrate a remote git repository
|
|
// consumes:
|
|
// - application/json
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: body
|
|
// in: body
|
|
// schema:
|
|
// "$ref": "#/definitions/MigrateRepoOptions"
|
|
// responses:
|
|
// "201":
|
|
// "$ref": "#/responses/Repository"
|
|
// "403":
|
|
// "$ref": "#/responses/forbidden"
|
|
// "409":
|
|
// description: The repository with the same name already exists.
|
|
// "422":
|
|
// "$ref": "#/responses/validationError"
|
|
|
|
form := web.GetForm(ctx).(*api.MigrateRepoOptions)
|
|
|
|
// get repoOwner
|
|
var (
|
|
repoOwner *user_model.User
|
|
err error
|
|
)
|
|
if len(form.RepoOwner) != 0 {
|
|
repoOwner, err = user_model.GetUserByName(ctx, form.RepoOwner)
|
|
} else if form.RepoOwnerID != 0 {
|
|
repoOwner, err = user_model.GetUserByID(ctx, form.RepoOwnerID)
|
|
} else {
|
|
repoOwner = ctx.Doer
|
|
}
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
} else {
|
|
ctx.APIErrorInternal(err)
|
|
}
|
|
return
|
|
}
|
|
|
|
if !ctx.Doer.IsAdmin {
|
|
if !repoOwner.IsOrganization() && ctx.Doer.ID != repoOwner.ID {
|
|
ctx.APIError(http.StatusForbidden, "Given user is not an organization.")
|
|
return
|
|
}
|
|
|
|
if repoOwner.IsOrganization() {
|
|
// Check ownership of organization.
|
|
isOwner, err := organization.OrgFromUser(repoOwner).IsOwnedBy(ctx, ctx.Doer.ID)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
} else if !isOwner {
|
|
ctx.APIError(http.StatusForbidden, "Given user is not owner of organization.")
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
remoteAddr, err := git.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
|
|
if err == nil {
|
|
err = migrations.IsMigrateURLAllowed(remoteAddr, ctx.Doer)
|
|
}
|
|
if err != nil {
|
|
handleRemoteAddrError(ctx, err)
|
|
return
|
|
}
|
|
|
|
gitServiceType := convert.ToGitServiceType(form.Service)
|
|
|
|
if form.Mirror && setting.Mirror.DisableNewPull {
|
|
ctx.APIError(http.StatusForbidden, errors.New("the site administrator has disabled the creation of new pull mirrors"))
|
|
return
|
|
}
|
|
|
|
if setting.Repository.DisableMigrations {
|
|
ctx.APIError(http.StatusForbidden, errors.New("the site administrator has disabled migrations"))
|
|
return
|
|
}
|
|
|
|
form.LFS = form.LFS && setting.LFS.StartServer
|
|
|
|
if form.LFS && len(form.LFSEndpoint) > 0 {
|
|
ep := lfs.DetermineEndpoint("", form.LFSEndpoint)
|
|
if ep == nil {
|
|
ctx.APIErrorInternal(errors.New("the LFS endpoint is not valid"))
|
|
return
|
|
}
|
|
err = migrations.IsMigrateURLAllowed(ep.String(), ctx.Doer)
|
|
if err != nil {
|
|
handleRemoteAddrError(ctx, err)
|
|
return
|
|
}
|
|
}
|
|
|
|
opts := migrations.MigrateOptions{
|
|
OriginalURL: form.CloneAddr,
|
|
CloneAddr: remoteAddr,
|
|
RepoName: form.RepoName,
|
|
Description: form.Description,
|
|
Private: form.Private || setting.Repository.ForcePrivate,
|
|
Mirror: form.Mirror,
|
|
LFS: form.LFS,
|
|
LFSEndpoint: form.LFSEndpoint,
|
|
AuthUsername: form.AuthUsername,
|
|
AuthPassword: form.AuthPassword,
|
|
AuthToken: form.AuthToken,
|
|
Wiki: form.Wiki,
|
|
Issues: form.Issues,
|
|
Milestones: form.Milestones,
|
|
Labels: form.Labels,
|
|
Comments: form.Issues || form.PullRequests,
|
|
PullRequests: form.PullRequests,
|
|
Releases: form.Releases,
|
|
GitServiceType: gitServiceType,
|
|
MirrorInterval: form.MirrorInterval,
|
|
}
|
|
if opts.Mirror {
|
|
opts.Issues = false
|
|
opts.Milestones = false
|
|
opts.Labels = false
|
|
opts.Comments = false
|
|
opts.PullRequests = false
|
|
opts.Releases = false
|
|
}
|
|
if gitServiceType == api.CodeCommitService {
|
|
opts.AWSAccessKeyID = form.AWSAccessKeyID
|
|
opts.AWSSecretAccessKey = form.AWSSecretAccessKey
|
|
}
|
|
|
|
createdRepo, err := repo_service.CreateRepositoryDirectly(ctx, ctx.Doer, repoOwner, repo_service.CreateRepoOptions{
|
|
Name: opts.RepoName,
|
|
Description: opts.Description,
|
|
OriginalURL: form.CloneAddr,
|
|
GitServiceType: gitServiceType,
|
|
IsPrivate: opts.Private || setting.Repository.ForcePrivate,
|
|
IsMirror: opts.Mirror,
|
|
Status: repo_model.RepositoryBeingMigrated,
|
|
}, false)
|
|
if err != nil {
|
|
handleMigrateError(ctx, repoOwner, err)
|
|
return
|
|
}
|
|
|
|
opts.MigrateToRepoID = createdRepo.ID
|
|
|
|
doLongTimeMigrate := func(ctx gocontext.Context, doer *user_model.User) (migratedRepo *repo_model.Repository, retErr error) {
|
|
defer func() {
|
|
if e := recover(); e != nil {
|
|
log.Error("MigrateRepository panic: %v\n%s", e, log.Stack(2))
|
|
if errDelete := repo_service.DeleteRepositoryDirectly(ctx, createdRepo.ID); errDelete != nil {
|
|
log.Error("Unable to delete repo after MigrateRepository panic: %v", errDelete)
|
|
}
|
|
retErr = errors.New("MigrateRepository panic") // no idea why it would happen, just legacy code
|
|
}
|
|
}()
|
|
|
|
migratedRepo, err := migrations.MigrateRepository(ctx, doer, repoOwner.Name, opts, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
notify_service.MigrateRepository(ctx, doer, repoOwner, migratedRepo)
|
|
return migratedRepo, nil
|
|
}
|
|
|
|
// use a background context, don't cancel the migration even if the client goes away
|
|
// HammerContext doesn't seem right (from https://github.com/go-gitea/gitea/pull/9335/files)
|
|
// There are other abuses, maybe most HammerContext abuses should be fixed together in the future.
|
|
migratedRepo, err := doLongTimeMigrate(graceful.GetManager().HammerContext(), ctx.Doer)
|
|
if err != nil {
|
|
handleMigrateError(ctx, repoOwner, err)
|
|
return
|
|
}
|
|
|
|
ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, migratedRepo, access_model.Permission{AccessMode: perm.AccessModeAdmin}))
|
|
}
|
|
|
|
func handleMigrateError(ctx *context.APIContext, repoOwner *user_model.User, err error) {
|
|
switch {
|
|
case repo_model.IsErrRepoAlreadyExist(err):
|
|
ctx.APIError(http.StatusConflict, "The repository with the same name already exists.")
|
|
case repo_model.IsErrRepoFilesAlreadyExist(err):
|
|
ctx.APIError(http.StatusConflict, "Files already exist for this repository. Adopt them or delete them.")
|
|
case migrations.IsRateLimitError(err):
|
|
ctx.APIError(http.StatusUnprocessableEntity, "Remote visit addressed rate limitation.")
|
|
case migrations.IsTwoFactorAuthError(err):
|
|
ctx.APIError(http.StatusUnprocessableEntity, "Remote visit required two factors authentication.")
|
|
case repo_model.IsErrReachLimitOfRepo(err):
|
|
ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("You have already reached your limit of %d repositories.", repoOwner.MaxCreationLimit()))
|
|
case db.IsErrNameReserved(err):
|
|
ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("The username '%s' is reserved.", err.(db.ErrNameReserved).Name))
|
|
case db.IsErrNameCharsNotAllowed(err):
|
|
ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("The username '%s' contains invalid characters.", err.(db.ErrNameCharsNotAllowed).Name))
|
|
case db.IsErrNamePatternNotAllowed(err):
|
|
ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("The pattern '%s' is not allowed in a username.", err.(db.ErrNamePatternNotAllowed).Pattern))
|
|
case git.IsErrInvalidCloneAddr(err):
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
case base.IsErrNotSupported(err):
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
default:
|
|
err = util.SanitizeErrorCredentialURLs(err)
|
|
if strings.Contains(err.Error(), "Authentication failed") ||
|
|
strings.Contains(err.Error(), "Bad credentials") ||
|
|
strings.Contains(err.Error(), "could not read Username") {
|
|
ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("Authentication failed: %v.", err))
|
|
} else if strings.Contains(err.Error(), "fatal:") {
|
|
ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("Migration failed: %v.", err))
|
|
} else {
|
|
ctx.APIErrorInternal(err)
|
|
}
|
|
}
|
|
}
|
|
|
|
func handleRemoteAddrError(ctx *context.APIContext, err error) {
|
|
if git.IsErrInvalidCloneAddr(err) {
|
|
addrErr := err.(*git.ErrInvalidCloneAddr)
|
|
switch {
|
|
case addrErr.IsURLError:
|
|
ctx.APIError(http.StatusUnprocessableEntity, "The provided URL is invalid.")
|
|
case addrErr.IsPermissionDenied:
|
|
if addrErr.LocalPath {
|
|
ctx.APIError(http.StatusUnprocessableEntity, "You are not allowed to import local repositories.")
|
|
} else {
|
|
ctx.APIError(http.StatusUnprocessableEntity, "You can not import from disallowed hosts.")
|
|
}
|
|
case addrErr.IsInvalidPath:
|
|
ctx.APIError(http.StatusUnprocessableEntity, "Invalid local path, it does not exist or not a directory.")
|
|
default:
|
|
ctx.APIErrorInternal(fmt.Errorf("unknown error type (ErrInvalidCloneAddr): %w", err))
|
|
}
|
|
} else {
|
|
ctx.APIErrorInternal(err)
|
|
}
|
|
}
|