tasks.go 2.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374
  1. // Copyright 2020 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package repo
  5. import (
  6. "net/http"
  7. "gopkg.in/macaron.v1"
  8. log "unknwon.dev/clog/v2"
  9. "gogs.io/gogs/internal/cryptoutil"
  10. "gogs.io/gogs/internal/db"
  11. )
  12. func TriggerTask(c *macaron.Context) {
  13. branch := c.Query("branch")
  14. pusherID := c.QueryInt64("pusher")
  15. secret := c.Query("secret")
  16. if branch == "" || pusherID <= 0 || secret == "" {
  17. c.Error(http.StatusBadRequest, "Incomplete branch, pusher or secret")
  18. return
  19. }
  20. username := c.Params(":username")
  21. reponame := c.Params(":reponame")
  22. owner, err := db.Users.GetByUsername(username)
  23. if err != nil {
  24. if db.IsErrUserNotExist(err) {
  25. c.Error(http.StatusBadRequest, "Owner does not exist")
  26. } else {
  27. c.Status(http.StatusInternalServerError)
  28. log.Error("Failed to get user [name: %s]: %v", username, err)
  29. }
  30. return
  31. }
  32. // 🚨 SECURITY: No need to check existence of the repository if the client
  33. // can't even get the valid secret. Mostly likely not a legitimate request.
  34. if secret != cryptoutil.MD5(owner.Salt) {
  35. c.Error(http.StatusBadRequest, "Invalid secret")
  36. return
  37. }
  38. repo, err := db.Repos.GetByName(owner.ID, reponame)
  39. if err != nil {
  40. if db.IsErrRepoNotExist(err) {
  41. c.Error(http.StatusBadRequest, "Repository does not exist")
  42. } else {
  43. c.Status(http.StatusInternalServerError)
  44. log.Error("Failed to get repository [owner_id: %d, name: %s]: %v", owner.ID, reponame, err)
  45. }
  46. return
  47. }
  48. pusher, err := db.Users.GetByID(pusherID)
  49. if err != nil {
  50. if db.IsErrUserNotExist(err) {
  51. c.Error(http.StatusBadRequest, "Pusher does not exist")
  52. } else {
  53. c.Status(http.StatusInternalServerError)
  54. log.Error("Failed to get user [id: %d]: %v", pusherID, err)
  55. }
  56. return
  57. }
  58. log.Trace("TriggerTask: %s/%s@%s by %q", owner.Name, repo.Name, branch, pusher.Name)
  59. go db.HookQueue.Add(repo.ID)
  60. go db.AddTestPullRequestTask(pusher, repo.ID, branch, true)
  61. c.Status(http.StatusAccepted)
  62. }