1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 |
- // Copyright 2020 The Gogs Authors. All rights reserved.
- // Use of this source code is governed by a MIT-style
- // license that can be found in the LICENSE file.
- package repo
- import (
- "net/http"
- "gopkg.in/macaron.v1"
- log "unknwon.dev/clog/v2"
- "gogs.io/gogs/internal/db"
- "gogs.io/gogs/internal/tool"
- )
- func TriggerTask(c *macaron.Context) {
- branch := c.Query("branch")
- pusherID := c.QueryInt64("pusher")
- secret := c.Query("secret")
- if branch == "" || pusherID <= 0 || secret == "" {
- c.Error(http.StatusBadRequest, "Incomplete branch, pusher or secret")
- return
- }
- username := c.Params(":username")
- reponame := c.Params(":reponame")
- owner, err := db.Users.GetByUsername(username)
- if err != nil {
- if db.IsErrUserNotExist(err) {
- c.Error(http.StatusBadRequest, "Owner does not exist")
- } else {
- c.Status(http.StatusInternalServerError)
- log.Error("Failed to get user [name: %s]: %v", username, err)
- }
- return
- }
- // 🚨 SECURITY: No need to check existence of the repository if the client
- // can't even get the valid secret. Mostly likely not a legitimate request.
- if secret != tool.MD5(owner.Salt) {
- c.Error(http.StatusBadRequest, "Invalid secret")
- return
- }
- repo, err := db.Repos.GetByName(owner.ID, reponame)
- if err != nil {
- if db.IsErrRepoNotExist(err) {
- c.Error(http.StatusBadRequest, "Repository does not exist")
- } else {
- c.Status(http.StatusInternalServerError)
- log.Error("Failed to get repository [owner_id: %d, name: %s]: %v", owner.ID, reponame, err)
- }
- return
- }
- pusher, err := db.Users.GetByID(pusherID)
- if err != nil {
- if db.IsErrUserNotExist(err) {
- c.Error(http.StatusBadRequest, "Pusher does not exist")
- } else {
- c.Status(http.StatusInternalServerError)
- log.Error("Failed to get user [id: %d]: %v", pusherID, err)
- }
- return
- }
- log.Trace("TriggerTask: %s/%s@%s by %q", owner.Name, repo.Name, branch, pusher.Name)
- go db.HookQueue.Add(repo.ID)
- go db.AddTestPullRequestTask(pusher, repo.ID, branch, true)
- c.Status(http.StatusAccepted)
- }
|