// Copyright 2015 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package repo
import (
"fmt"
"net/http"
"net/url"
"strings"
"github.com/gogs/git-module"
api "github.com/gogs/go-gogs-client"
jsoniter "github.com/json-iterator/go"
"gopkg.in/macaron.v1"
"gogs.io/gogs/internal/conf"
"gogs.io/gogs/internal/context"
"gogs.io/gogs/internal/db"
"gogs.io/gogs/internal/db/errors"
"gogs.io/gogs/internal/form"
)
const (
tmplRepoSettingsWebhooks = "repo/settings/webhook/base"
tmplRepoSettingsWebhookNew = "repo/settings/webhook/new"
tmplOrgSettingsWebhooks = "org/settings/webhooks"
tmplOrgSettingsWebhookNew = "org/settings/webhook_new"
)
func InjectOrgRepoContext() macaron.Handler {
return func(c *context.Context) {
orCtx, err := getOrgRepoContext(c)
if err != nil {
c.Error(err, "get organization or repository context")
return
}
c.Map(orCtx)
}
}
type orgRepoContext struct {
OrgID int64
RepoID int64
Link string
TmplList string
TmplNew string
}
// getOrgRepoContext determines whether this is a repo context or organization context.
func getOrgRepoContext(c *context.Context) (*orgRepoContext, error) {
if len(c.Repo.RepoLink) > 0 {
c.PageIs("RepositoryContext")
return &orgRepoContext{
RepoID: c.Repo.Repository.ID,
Link: c.Repo.RepoLink,
TmplList: tmplRepoSettingsWebhooks,
TmplNew: tmplRepoSettingsWebhookNew,
}, nil
}
if len(c.Org.OrgLink) > 0 {
c.PageIs("OrganizationContext")
return &orgRepoContext{
OrgID: c.Org.Organization.ID,
Link: c.Org.OrgLink,
TmplList: tmplOrgSettingsWebhooks,
TmplNew: tmplOrgSettingsWebhookNew,
}, nil
}
return nil, errors.New("unable to determine context")
}
func Webhooks(c *context.Context, orCtx *orgRepoContext) {
c.Title("repo.settings.hooks")
c.PageIs("SettingsHooks")
c.Data["Types"] = conf.Webhook.Types
var err error
var ws []*db.Webhook
if orCtx.RepoID > 0 {
c.Data["Description"] = c.Tr("repo.settings.hooks_desc")
ws, err = db.GetWebhooksByRepoID(orCtx.RepoID)
} else {
c.Data["Description"] = c.Tr("org.settings.hooks_desc")
ws, err = db.GetWebhooksByOrgID(orCtx.OrgID)
}
if err != nil {
c.Error(err, "get webhooks")
return
}
c.Data["Webhooks"] = ws
c.Success(orCtx.TmplList)
}
func WebhooksNew(c *context.Context, orCtx *orgRepoContext) {
c.Title("repo.settings.add_webhook")
c.PageIs("SettingsHooks")
c.PageIs("SettingsHooksNew")
allowed := false
hookType := strings.ToLower(c.Params(":type"))
for _, typ := range conf.Webhook.Types {
if hookType == typ {
allowed = true
c.Data["HookType"] = typ
break
}
}
if !allowed {
c.NotFound()
return
}
c.Success(orCtx.TmplNew)
}
var localHostnames = []string{
"localhost",
"127.0.0.1",
"::1",
"0:0:0:0:0:0:0:1",
}
// isLocalHostname returns true if given hostname is a known local address.
func isLocalHostname(hostname string) bool {
for _, local := range localHostnames {
if hostname == local {
return true
}
}
return false
}
func validateWebhook(actor *db.User, l macaron.Locale, w *db.Webhook) (field string, msg string, ok bool) {
if !actor.IsAdmin {
// 🚨 SECURITY: Local addresses must not be allowed by non-admins to prevent SSRF,
// see https://github.com/gogs/gogs/issues/5366 for details.
payloadURL, err := url.Parse(w.URL)
if err != nil {
return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_parse_payload_url", err), false
}
if isLocalHostname(payloadURL.Hostname()) {
return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_use_local_addresses"), false
}
}
return "", "", true
}
func validateAndCreateWebhook(c *context.Context, orCtx *orgRepoContext, w *db.Webhook) {
c.Data["Webhook"] = w
if c.HasError() {
c.Success(orCtx.TmplNew)
return
}
field, msg, ok := validateWebhook(c.User, c.Locale, w)
if !ok {
c.FormErr(field)
c.RenderWithErr(msg, orCtx.TmplNew, nil)
return
}
if err := w.UpdateEvent(); err != nil {
c.Error(err, "update event")
return
} else if err := db.CreateWebhook(w); err != nil {
c.Error(err, "create webhook")
return
}
c.Flash.Success(c.Tr("repo.settings.add_hook_success"))
c.Redirect(orCtx.Link + "/settings/hooks")
}
func toHookEvent(f form.Webhook) *db.HookEvent {
return &db.HookEvent{
PushOnly: f.PushOnly(),
SendEverything: f.SendEverything(),
ChooseEvents: f.ChooseEvents(),
HookEvents: db.HookEvents{
Create: f.Create,
Delete: f.Delete,
Fork: f.Fork,
Push: f.Push,
Issues: f.Issues,
IssueComment: f.IssueComment,
PullRequest: f.PullRequest,
Release: f.Release,
},
}
}
func WebhooksNewPost(c *context.Context, orCtx *orgRepoContext, f form.NewWebhook) {
c.Title("repo.settings.add_webhook")
c.PageIs("SettingsHooks")
c.PageIs("SettingsHooksNew")
c.Data["HookType"] = "gogs"
contentType := db.JSON
if db.HookContentType(f.ContentType) == db.FORM {
contentType = db.FORM
}
w := &db.Webhook{
RepoID: orCtx.RepoID,
OrgID: orCtx.OrgID,
URL: f.PayloadURL,
ContentType: contentType,
Secret: f.Secret,
HookEvent: toHookEvent(f.Webhook),
IsActive: f.Active,
HookTaskType: db.GOGS,
}
validateAndCreateWebhook(c, orCtx, w)
}
func WebhooksSlackNewPost(c *context.Context, orCtx *orgRepoContext, f form.NewSlackHook) {
c.Title("repo.settings.add_webhook")
c.PageIs("SettingsHooks")
c.PageIs("SettingsHooksNew")
c.Data["HookType"] = "slack"
meta := &db.SlackMeta{
Channel: f.Channel,
Username: f.Username,
IconURL: f.IconURL,
Color: f.Color,
}
c.Data["SlackMeta"] = meta
p, err := jsoniter.Marshal(meta)
if err != nil {
c.Error(err, "marshal JSON")
return
}
w := &db.Webhook{
RepoID: orCtx.RepoID,
URL: f.PayloadURL,
ContentType: db.JSON,
HookEvent: toHookEvent(f.Webhook),
IsActive: f.Active,
HookTaskType: db.SLACK,
Meta: string(p),
OrgID: orCtx.OrgID,
}
validateAndCreateWebhook(c, orCtx, w)
}
func WebhooksDiscordNewPost(c *context.Context, orCtx *orgRepoContext, f form.NewDiscordHook) {
c.Title("repo.settings.add_webhook")
c.PageIs("SettingsHooks")
c.PageIs("SettingsHooksNew")
c.Data["HookType"] = "discord"
meta := &db.SlackMeta{
Username: f.Username,
IconURL: f.IconURL,
Color: f.Color,
}
c.Data["SlackMeta"] = meta
p, err := jsoniter.Marshal(meta)
if err != nil {
c.Error(err, "marshal JSON")
return
}
w := &db.Webhook{
RepoID: orCtx.RepoID,
URL: f.PayloadURL,
ContentType: db.JSON,
HookEvent: toHookEvent(f.Webhook),
IsActive: f.Active,
HookTaskType: db.DISCORD,
Meta: string(p),
OrgID: orCtx.OrgID,
}
validateAndCreateWebhook(c, orCtx, w)
}
func WebhooksDingtalkNewPost(c *context.Context, orCtx *orgRepoContext, f form.NewDingtalkHook) {
c.Title("repo.settings.add_webhook")
c.PageIs("SettingsHooks")
c.PageIs("SettingsHooksNew")
c.Data["HookType"] = "dingtalk"
w := &db.Webhook{
RepoID: orCtx.RepoID,
URL: f.PayloadURL,
ContentType: db.JSON,
HookEvent: toHookEvent(f.Webhook),
IsActive: f.Active,
HookTaskType: db.DINGTALK,
OrgID: orCtx.OrgID,
}
validateAndCreateWebhook(c, orCtx, w)
}
func loadWebhook(c *context.Context, orCtx *orgRepoContext) *db.Webhook {
c.RequireHighlightJS()
var err error
var w *db.Webhook
if orCtx.RepoID > 0 {
w, err = db.GetWebhookOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
} else {
w, err = db.GetWebhookByOrgID(c.Org.Organization.ID, c.ParamsInt64(":id"))
}
if err != nil {
c.NotFoundOrError(err, "get webhook")
return nil
}
c.Data["Webhook"] = w
switch w.HookTaskType {
case db.SLACK:
c.Data["SlackMeta"] = w.SlackMeta()
c.Data["HookType"] = "slack"
case db.DISCORD:
c.Data["SlackMeta"] = w.SlackMeta()
c.Data["HookType"] = "discord"
case db.DINGTALK:
c.Data["HookType"] = "dingtalk"
default:
c.Data["HookType"] = "gogs"
}
c.Data["FormURL"] = fmt.Sprintf("%s/settings/hooks/%s/%d", orCtx.Link, c.Data["HookType"], w.ID)
c.Data["DeleteURL"] = fmt.Sprintf("%s/settings/hooks/delete", orCtx.Link)
c.Data["History"], err = w.History(1)
if err != nil {
c.Error(err, "get history")
return nil
}
return w
}
func WebhooksEdit(c *context.Context, orCtx *orgRepoContext) {
c.Title("repo.settings.update_webhook")
c.PageIs("SettingsHooks")
c.PageIs("SettingsHooksEdit")
loadWebhook(c, orCtx)
if c.Written() {
return
}
c.Success(orCtx.TmplNew)
}
func validateAndUpdateWebhook(c *context.Context, orCtx *orgRepoContext, w *db.Webhook) {
c.Data["Webhook"] = w
if c.HasError() {
c.Success(orCtx.TmplNew)
return
}
field, msg, ok := validateWebhook(c.User, c.Locale, w)
if !ok {
c.FormErr(field)
c.RenderWithErr(msg, orCtx.TmplNew, nil)
return
}
if err := w.UpdateEvent(); err != nil {
c.Error(err, "update event")
return
} else if err := db.UpdateWebhook(w); err != nil {
c.Error(err, "update webhook")
return
}
c.Flash.Success(c.Tr("repo.settings.update_hook_success"))
c.Redirect(fmt.Sprintf("%s/settings/hooks/%d", orCtx.Link, w.ID))
}
func WebhooksEditPost(c *context.Context, orCtx *orgRepoContext, f form.NewWebhook) {
c.Title("repo.settings.update_webhook")
c.PageIs("SettingsHooks")
c.PageIs("SettingsHooksEdit")
w := loadWebhook(c, orCtx)
if c.Written() {
return
}
contentType := db.JSON
if db.HookContentType(f.ContentType) == db.FORM {
contentType = db.FORM
}
w.URL = f.PayloadURL
w.ContentType = contentType
w.Secret = f.Secret
w.HookEvent = toHookEvent(f.Webhook)
w.IsActive = f.Active
validateAndUpdateWebhook(c, orCtx, w)
}
func WebhooksSlackEditPost(c *context.Context, orCtx *orgRepoContext, f form.NewSlackHook) {
c.Title("repo.settings.update_webhook")
c.PageIs("SettingsHooks")
c.PageIs("SettingsHooksEdit")
w := loadWebhook(c, orCtx)
if c.Written() {
return
}
meta, err := jsoniter.Marshal(&db.SlackMeta{
Channel: f.Channel,
Username: f.Username,
IconURL: f.IconURL,
Color: f.Color,
})
if err != nil {
c.Error(err, "marshal JSON")
return
}
w.URL = f.PayloadURL
w.Meta = string(meta)
w.HookEvent = toHookEvent(f.Webhook)
w.IsActive = f.Active
validateAndUpdateWebhook(c, orCtx, w)
}
func WebhooksDiscordEditPost(c *context.Context, orCtx *orgRepoContext, f form.NewDiscordHook) {
c.Title("repo.settings.update_webhook")
c.PageIs("SettingsHooks")
c.PageIs("SettingsHooksEdit")
w := loadWebhook(c, orCtx)
if c.Written() {
return
}
meta, err := jsoniter.Marshal(&db.SlackMeta{
Username: f.Username,
IconURL: f.IconURL,
Color: f.Color,
})
if err != nil {
c.Error(err, "marshal JSON")
return
}
w.URL = f.PayloadURL
w.Meta = string(meta)
w.HookEvent = toHookEvent(f.Webhook)
w.IsActive = f.Active
validateAndUpdateWebhook(c, orCtx, w)
}
func WebhooksDingtalkEditPost(c *context.Context, orCtx *orgRepoContext, f form.NewDingtalkHook) {
c.Title("repo.settings.update_webhook")
c.PageIs("SettingsHooks")
c.PageIs("SettingsHooksEdit")
w := loadWebhook(c, orCtx)
if c.Written() {
return
}
w.URL = f.PayloadURL
w.HookEvent = toHookEvent(f.Webhook)
w.IsActive = f.Active
validateAndUpdateWebhook(c, orCtx, w)
}
func TestWebhook(c *context.Context) {
var (
commitID string
commitMessage string
author *git.Signature
committer *git.Signature
authorUsername string
committerUsername string
nameStatus *git.NameStatus
)
// Grab latest commit or fake one if it's empty repository.
if c.Repo.Commit == nil {
commitID = git.EmptyID
commitMessage = "This is a fake commit"
ghost := db.NewGhostUser()
author = ghost.NewGitSig()
committer = ghost.NewGitSig()
authorUsername = ghost.Name
committerUsername = ghost.Name
nameStatus = &git.NameStatus{}
} else {
commitID = c.Repo.Commit.ID.String()
commitMessage = c.Repo.Commit.Message
author = c.Repo.Commit.Author
committer = c.Repo.Commit.Committer
// Try to match email with a real user.
author, err := db.GetUserByEmail(c.Repo.Commit.Author.Email)
if err == nil {
authorUsername = author.Name
} else if !db.IsErrUserNotExist(err) {
c.Error(err, "get user by email")
return
}
user, err := db.GetUserByEmail(c.Repo.Commit.Committer.Email)
if err == nil {
committerUsername = user.Name
} else if !db.IsErrUserNotExist(err) {
c.Error(err, "get user by email")
return
}
nameStatus, err = c.Repo.Commit.ShowNameStatus()
if err != nil {
c.Error(err, "get changed files")
return
}
}
apiUser := c.User.APIFormat()
p := &api.PushPayload{
Ref: git.RefsHeads + c.Repo.Repository.DefaultBranch,
Before: commitID,
After: commitID,
Commits: []*api.PayloadCommit{
{
ID: commitID,
Message: commitMessage,
URL: c.Repo.Repository.HTMLURL() + "/commit/" + commitID,
Author: &api.PayloadUser{
Name: author.Name,
Email: author.Email,
UserName: authorUsername,
},
Committer: &api.PayloadUser{
Name: committer.Name,
Email: committer.Email,
UserName: committerUsername,
},
Added: nameStatus.Added,
Removed: nameStatus.Removed,
Modified: nameStatus.Modified,
},
},
Repo: c.Repo.Repository.APIFormat(nil),
Pusher: apiUser,
Sender: apiUser,
}
if err := db.TestWebhook(c.Repo.Repository, db.HOOK_EVENT_PUSH, p, c.ParamsInt64("id")); err != nil {
c.Error(err, "test webhook")
return
}
c.Flash.Info(c.Tr("repo.settings.webhook.test_delivery_success"))
c.Status(http.StatusOK)
}
func RedeliveryWebhook(c *context.Context) {
webhook, err := db.GetWebhookOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
if err != nil {
c.NotFoundOrError(err, "get webhook")
return
}
hookTask, err := db.GetHookTaskOfWebhookByUUID(webhook.ID, c.Query("uuid"))
if err != nil {
c.NotFoundOrError(err, "get hook task by UUID")
return
}
hookTask.IsDelivered = false
if err = db.UpdateHookTask(hookTask); err != nil {
c.Error(err, "update hook task")
return
}
go db.HookQueue.Add(c.Repo.Repository.ID)
c.Flash.Info(c.Tr("repo.settings.webhook.redelivery_success", hookTask.UUID))
c.Status(http.StatusOK)
}
func DeleteWebhook(c *context.Context, orCtx *orgRepoContext) {
var err error
if orCtx.RepoID > 0 {
err = db.DeleteWebhookOfRepoByID(orCtx.RepoID, c.QueryInt64("id"))
} else {
err = db.DeleteWebhookOfOrgByID(orCtx.OrgID, c.QueryInt64("id"))
}
if err != nil {
c.Error(err, "delete webhook")
return
}
c.Flash.Success(c.Tr("repo.settings.webhook_deletion_success"))
c.JSONSuccess(map[string]interface{}{
"redirect": orCtx.Link + "/settings/hooks",
})
}