mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-24 13:53:42 +09:00 
			
		
		
		
	* Signed SSH commits can look in the UI like on GitHub, just like gpg keys today in Gitea * SSH format can be added in gitea config * SSH Signing worked before with DEFAULT_TRUST_MODEL=committer `TRUSTED_SSH_KEYS` can be a list of additional ssh public key contents to trust for every user of this instance Closes #34329 Related #31392 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
		
			
				
	
	
		
			399 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			399 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2015 The Gogs Authors. All rights reserved.
 | |
| // Copyright 2019 The Gitea Authors. All rights reserved.
 | |
| // SPDX-License-Identifier: MIT
 | |
| 
 | |
| package wiki
 | |
| 
 | |
| import (
 | |
| 	"context"
 | |
| 	"errors"
 | |
| 	"fmt"
 | |
| 	"os"
 | |
| 	"strings"
 | |
| 
 | |
| 	"code.gitea.io/gitea/models/db"
 | |
| 	repo_model "code.gitea.io/gitea/models/repo"
 | |
| 	system_model "code.gitea.io/gitea/models/system"
 | |
| 	"code.gitea.io/gitea/models/unit"
 | |
| 	user_model "code.gitea.io/gitea/models/user"
 | |
| 	"code.gitea.io/gitea/modules/git"
 | |
| 	"code.gitea.io/gitea/modules/gitrepo"
 | |
| 	"code.gitea.io/gitea/modules/globallock"
 | |
| 	"code.gitea.io/gitea/modules/log"
 | |
| 	repo_module "code.gitea.io/gitea/modules/repository"
 | |
| 	"code.gitea.io/gitea/modules/util"
 | |
| 	asymkey_service "code.gitea.io/gitea/services/asymkey"
 | |
| 	repo_service "code.gitea.io/gitea/services/repository"
 | |
| )
 | |
| 
 | |
| const DefaultRemote = "origin"
 | |
| 
 | |
| func getWikiWorkingLockKey(repoID int64) string {
 | |
| 	return fmt.Sprintf("wiki_working_%d", repoID)
 | |
| }
 | |
| 
 | |
| // InitWiki initializes a wiki for repository,
 | |
| // it does nothing when repository already has wiki.
 | |
| func InitWiki(ctx context.Context, repo *repo_model.Repository) error {
 | |
| 	if repo.HasWiki() {
 | |
| 		return nil
 | |
| 	}
 | |
| 
 | |
| 	if err := git.InitRepository(ctx, repo.WikiPath(), true, repo.ObjectFormatName); err != nil {
 | |
| 		return fmt.Errorf("InitRepository: %w", err)
 | |
| 	} else if err = gitrepo.CreateDelegateHooks(ctx, repo.WikiStorageRepo()); err != nil {
 | |
| 		return fmt.Errorf("createDelegateHooks: %w", err)
 | |
| 	} else if _, _, err = git.NewCommand("symbolic-ref", "HEAD").AddDynamicArguments(git.BranchPrefix+repo.DefaultWikiBranch).RunStdString(ctx, &git.RunOpts{Dir: repo.WikiPath()}); err != nil {
 | |
| 		return fmt.Errorf("unable to set default wiki branch to %q: %w", repo.DefaultWikiBranch, err)
 | |
| 	}
 | |
| 	return nil
 | |
| }
 | |
| 
 | |
| // prepareGitPath try to find a suitable file path with file name by the given raw wiki name.
 | |
| // return: existence, prepared file path with name, error
 | |
| func prepareGitPath(gitRepo *git.Repository, defaultWikiBranch string, wikiPath WebPath) (bool, string, error) {
 | |
| 	unescaped := string(wikiPath) + ".md"
 | |
| 	gitPath := WebPathToGitPath(wikiPath)
 | |
| 
 | |
| 	// Look for both files
 | |
| 	filesInIndex, err := gitRepo.LsTree(defaultWikiBranch, unescaped, gitPath)
 | |
| 	if err != nil {
 | |
| 		if strings.Contains(err.Error(), "Not a valid object name") {
 | |
| 			return false, gitPath, nil // branch doesn't exist
 | |
| 		}
 | |
| 		log.Error("Wiki LsTree failed, err: %v", err)
 | |
| 		return false, gitPath, err
 | |
| 	}
 | |
| 
 | |
| 	foundEscaped := false
 | |
| 	for _, filename := range filesInIndex {
 | |
| 		switch filename {
 | |
| 		case unescaped:
 | |
| 			// if we find the unescaped file return it
 | |
| 			return true, unescaped, nil
 | |
| 		case gitPath:
 | |
| 			foundEscaped = true
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	// If not return whether the escaped file exists, and the escaped filename to keep backwards compatibility.
 | |
| 	return foundEscaped, gitPath, nil
 | |
| }
 | |
| 
 | |
| // updateWikiPage adds a new page or edits an existing page in repository wiki.
 | |
| func updateWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, oldWikiName, newWikiName WebPath, content, message string, isNew bool) (err error) {
 | |
| 	err = repo.MustNotBeArchived()
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 
 | |
| 	if err = validateWebPath(newWikiName); err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	releaser, err := globallock.Lock(ctx, getWikiWorkingLockKey(repo.ID))
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	defer releaser()
 | |
| 
 | |
| 	if err = InitWiki(ctx, repo); err != nil {
 | |
| 		return fmt.Errorf("InitWiki: %w", err)
 | |
| 	}
 | |
| 
 | |
| 	hasDefaultBranch := gitrepo.IsBranchExist(ctx, repo.WikiStorageRepo(), repo.DefaultWikiBranch)
 | |
| 
 | |
| 	basePath, cleanup, err := repo_module.CreateTemporaryPath("update-wiki")
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	defer cleanup()
 | |
| 
 | |
| 	cloneOpts := git.CloneRepoOptions{
 | |
| 		Bare:   true,
 | |
| 		Shared: true,
 | |
| 	}
 | |
| 
 | |
| 	if hasDefaultBranch {
 | |
| 		cloneOpts.Branch = repo.DefaultWikiBranch
 | |
| 	}
 | |
| 
 | |
| 	if err := git.Clone(ctx, repo.WikiPath(), basePath, cloneOpts); err != nil {
 | |
| 		log.Error("Failed to clone repository: %s (%v)", repo.FullName(), err)
 | |
| 		return fmt.Errorf("failed to clone repository: %s (%w)", repo.FullName(), err)
 | |
| 	}
 | |
| 
 | |
| 	gitRepo, err := git.OpenRepository(ctx, basePath)
 | |
| 	if err != nil {
 | |
| 		log.Error("Unable to open temporary repository: %s (%v)", basePath, err)
 | |
| 		return fmt.Errorf("failed to open new temporary repository in: %s %w", basePath, err)
 | |
| 	}
 | |
| 	defer gitRepo.Close()
 | |
| 
 | |
| 	if hasDefaultBranch {
 | |
| 		if err := gitRepo.ReadTreeToIndex("HEAD"); err != nil {
 | |
| 			log.Error("Unable to read HEAD tree to index in: %s %v", basePath, err)
 | |
| 			return fmt.Errorf("fnable to read HEAD tree to index in: %s %w", basePath, err)
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	isWikiExist, newWikiPath, err := prepareGitPath(gitRepo, repo.DefaultWikiBranch, newWikiName)
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 
 | |
| 	if isNew {
 | |
| 		if isWikiExist {
 | |
| 			return repo_model.ErrWikiAlreadyExist{
 | |
| 				Title: newWikiPath,
 | |
| 			}
 | |
| 		}
 | |
| 	} else {
 | |
| 		// avoid check existence again if wiki name is not changed since gitRepo.LsFiles(...) is not free.
 | |
| 		isOldWikiExist := true
 | |
| 		oldWikiPath := newWikiPath
 | |
| 		if oldWikiName != newWikiName {
 | |
| 			isOldWikiExist, oldWikiPath, err = prepareGitPath(gitRepo, repo.DefaultWikiBranch, oldWikiName)
 | |
| 			if err != nil {
 | |
| 				return err
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		if isOldWikiExist {
 | |
| 			err := gitRepo.RemoveFilesFromIndex(oldWikiPath)
 | |
| 			if err != nil {
 | |
| 				log.Error("RemoveFilesFromIndex failed: %v", err)
 | |
| 				return err
 | |
| 			}
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	// FIXME: The wiki doesn't have lfs support at present - if this changes need to check attributes here
 | |
| 
 | |
| 	objectHash, err := gitRepo.HashObject(strings.NewReader(content))
 | |
| 	if err != nil {
 | |
| 		log.Error("HashObject failed: %v", err)
 | |
| 		return err
 | |
| 	}
 | |
| 
 | |
| 	if err := gitRepo.AddObjectToIndex("100644", objectHash, newWikiPath); err != nil {
 | |
| 		log.Error("AddObjectToIndex failed: %v", err)
 | |
| 		return err
 | |
| 	}
 | |
| 
 | |
| 	tree, err := gitRepo.WriteTree()
 | |
| 	if err != nil {
 | |
| 		log.Error("WriteTree failed: %v", err)
 | |
| 		return err
 | |
| 	}
 | |
| 
 | |
| 	commitTreeOpts := git.CommitTreeOpts{
 | |
| 		Message: message,
 | |
| 	}
 | |
| 
 | |
| 	committer := doer.NewGitSig()
 | |
| 
 | |
| 	sign, signingKey, signer, _ := asymkey_service.SignWikiCommit(ctx, repo, doer)
 | |
| 	if sign {
 | |
| 		commitTreeOpts.Key = signingKey
 | |
| 		if repo.GetTrustModel() == repo_model.CommitterTrustModel || repo.GetTrustModel() == repo_model.CollaboratorCommitterTrustModel {
 | |
| 			committer = signer
 | |
| 		}
 | |
| 	} else {
 | |
| 		commitTreeOpts.NoGPGSign = true
 | |
| 	}
 | |
| 	if hasDefaultBranch {
 | |
| 		commitTreeOpts.Parents = []string{"HEAD"}
 | |
| 	}
 | |
| 
 | |
| 	commitHash, err := gitRepo.CommitTree(doer.NewGitSig(), committer, tree, commitTreeOpts)
 | |
| 	if err != nil {
 | |
| 		log.Error("CommitTree failed: %v", err)
 | |
| 		return err
 | |
| 	}
 | |
| 
 | |
| 	if err := git.Push(gitRepo.Ctx, basePath, git.PushOptions{
 | |
| 		Remote: DefaultRemote,
 | |
| 		Branch: fmt.Sprintf("%s:%s%s", commitHash.String(), git.BranchPrefix, repo.DefaultWikiBranch),
 | |
| 		Env: repo_module.FullPushingEnvironment(
 | |
| 			doer,
 | |
| 			doer,
 | |
| 			repo,
 | |
| 			repo.Name+".wiki",
 | |
| 			0,
 | |
| 		),
 | |
| 	}); err != nil {
 | |
| 		log.Error("Push failed: %v", err)
 | |
| 		if git.IsErrPushOutOfDate(err) || git.IsErrPushRejected(err) {
 | |
| 			return err
 | |
| 		}
 | |
| 		return fmt.Errorf("failed to push: %w", err)
 | |
| 	}
 | |
| 
 | |
| 	return nil
 | |
| }
 | |
| 
 | |
| // AddWikiPage adds a new wiki page with a given wikiPath.
 | |
| func AddWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, wikiName WebPath, content, message string) error {
 | |
| 	return updateWikiPage(ctx, doer, repo, "", wikiName, content, message, true)
 | |
| }
 | |
| 
 | |
| // EditWikiPage updates a wiki page identified by its wikiPath,
 | |
| // optionally also changing wikiPath.
 | |
| func EditWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, oldWikiName, newWikiName WebPath, content, message string) error {
 | |
| 	return updateWikiPage(ctx, doer, repo, oldWikiName, newWikiName, content, message, false)
 | |
| }
 | |
| 
 | |
| // DeleteWikiPage deletes a wiki page identified by its path.
 | |
| func DeleteWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, wikiName WebPath) (err error) {
 | |
| 	err = repo.MustNotBeArchived()
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 
 | |
| 	releaser, err := globallock.Lock(ctx, getWikiWorkingLockKey(repo.ID))
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	defer releaser()
 | |
| 
 | |
| 	if err = InitWiki(ctx, repo); err != nil {
 | |
| 		return fmt.Errorf("InitWiki: %w", err)
 | |
| 	}
 | |
| 
 | |
| 	basePath, cleanup, err := repo_module.CreateTemporaryPath("update-wiki")
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	defer cleanup()
 | |
| 
 | |
| 	if err := git.Clone(ctx, repo.WikiPath(), basePath, git.CloneRepoOptions{
 | |
| 		Bare:   true,
 | |
| 		Shared: true,
 | |
| 		Branch: repo.DefaultWikiBranch,
 | |
| 	}); err != nil {
 | |
| 		log.Error("Failed to clone repository: %s (%v)", repo.FullName(), err)
 | |
| 		return fmt.Errorf("failed to clone repository: %s (%w)", repo.FullName(), err)
 | |
| 	}
 | |
| 
 | |
| 	gitRepo, err := git.OpenRepository(ctx, basePath)
 | |
| 	if err != nil {
 | |
| 		log.Error("Unable to open temporary repository: %s (%v)", basePath, err)
 | |
| 		return fmt.Errorf("failed to open new temporary repository in: %s %w", basePath, err)
 | |
| 	}
 | |
| 	defer gitRepo.Close()
 | |
| 
 | |
| 	if err := gitRepo.ReadTreeToIndex("HEAD"); err != nil {
 | |
| 		log.Error("Unable to read HEAD tree to index in: %s %v", basePath, err)
 | |
| 		return fmt.Errorf("unable to read HEAD tree to index in: %s %w", basePath, err)
 | |
| 	}
 | |
| 
 | |
| 	found, wikiPath, err := prepareGitPath(gitRepo, repo.DefaultWikiBranch, wikiName)
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	if found {
 | |
| 		err := gitRepo.RemoveFilesFromIndex(wikiPath)
 | |
| 		if err != nil {
 | |
| 			return err
 | |
| 		}
 | |
| 	} else {
 | |
| 		return os.ErrNotExist
 | |
| 	}
 | |
| 
 | |
| 	// FIXME: The wiki doesn't have lfs support at present - if this changes need to check attributes here
 | |
| 
 | |
| 	tree, err := gitRepo.WriteTree()
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	message := fmt.Sprintf("Delete page %q", wikiName)
 | |
| 	commitTreeOpts := git.CommitTreeOpts{
 | |
| 		Message: message,
 | |
| 		Parents: []string{"HEAD"},
 | |
| 	}
 | |
| 
 | |
| 	committer := doer.NewGitSig()
 | |
| 
 | |
| 	sign, signingKey, signer, _ := asymkey_service.SignWikiCommit(ctx, repo, doer)
 | |
| 	if sign {
 | |
| 		commitTreeOpts.Key = signingKey
 | |
| 		if repo.GetTrustModel() == repo_model.CommitterTrustModel || repo.GetTrustModel() == repo_model.CollaboratorCommitterTrustModel {
 | |
| 			committer = signer
 | |
| 		}
 | |
| 	} else {
 | |
| 		commitTreeOpts.NoGPGSign = true
 | |
| 	}
 | |
| 
 | |
| 	commitHash, err := gitRepo.CommitTree(doer.NewGitSig(), committer, tree, commitTreeOpts)
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 
 | |
| 	if err := git.Push(gitRepo.Ctx, basePath, git.PushOptions{
 | |
| 		Remote: DefaultRemote,
 | |
| 		Branch: fmt.Sprintf("%s:%s%s", commitHash.String(), git.BranchPrefix, repo.DefaultWikiBranch),
 | |
| 		Env: repo_module.FullPushingEnvironment(
 | |
| 			doer,
 | |
| 			doer,
 | |
| 			repo,
 | |
| 			repo.Name+".wiki",
 | |
| 			0,
 | |
| 		),
 | |
| 	}); err != nil {
 | |
| 		if git.IsErrPushOutOfDate(err) || git.IsErrPushRejected(err) {
 | |
| 			return err
 | |
| 		}
 | |
| 		return fmt.Errorf("Push: %w", err)
 | |
| 	}
 | |
| 
 | |
| 	return nil
 | |
| }
 | |
| 
 | |
| // DeleteWiki removes the actual and local copy of repository wiki.
 | |
| func DeleteWiki(ctx context.Context, repo *repo_model.Repository) error {
 | |
| 	if err := repo_service.UpdateRepositoryUnits(ctx, repo, nil, []unit.Type{unit.TypeWiki}); err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 
 | |
| 	system_model.RemoveAllWithNotice(ctx, "Delete repository wiki", repo.WikiPath())
 | |
| 	return nil
 | |
| }
 | |
| 
 | |
| func ChangeDefaultWikiBranch(ctx context.Context, repo *repo_model.Repository, newBranch string) error {
 | |
| 	if !git.IsValidRefPattern(newBranch) {
 | |
| 		return fmt.Errorf("invalid branch name: %s", newBranch)
 | |
| 	}
 | |
| 	return db.WithTx(ctx, func(ctx context.Context) error {
 | |
| 		repo.DefaultWikiBranch = newBranch
 | |
| 		if err := repo_model.UpdateRepositoryColsNoAutoTime(ctx, repo, "default_wiki_branch"); err != nil {
 | |
| 			return fmt.Errorf("unable to update database: %w", err)
 | |
| 		}
 | |
| 
 | |
| 		if !repo.HasWiki() {
 | |
| 			return nil
 | |
| 		}
 | |
| 
 | |
| 		oldDefBranch, err := gitrepo.GetDefaultBranch(ctx, repo.WikiStorageRepo())
 | |
| 		if err != nil {
 | |
| 			return fmt.Errorf("unable to get default branch: %w", err)
 | |
| 		}
 | |
| 		if oldDefBranch == newBranch {
 | |
| 			return nil
 | |
| 		}
 | |
| 
 | |
| 		gitRepo, err := gitrepo.OpenRepository(ctx, repo.WikiStorageRepo())
 | |
| 		if errors.Is(err, util.ErrNotExist) {
 | |
| 			return nil // no git repo on storage, no need to do anything else
 | |
| 		} else if err != nil {
 | |
| 			return fmt.Errorf("unable to open repository: %w", err)
 | |
| 		}
 | |
| 		defer gitRepo.Close()
 | |
| 
 | |
| 		err = gitRepo.RenameBranch(oldDefBranch, newBranch)
 | |
| 		if err != nil {
 | |
| 			return fmt.Errorf("unable to rename default branch: %w", err)
 | |
| 		}
 | |
| 		return nil
 | |
| 	})
 | |
| }
 |