mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-09-30 19:22:08 +00:00
43664f79b9
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/9064 It is no longer possible to specify the user and password when providing a URL for migrating a repository, the fields dedicated to that purpose on the form must be used instead. This is to prevent that those credentials are displayed in the repository settings that are visible by the repository admins, in the case where the migration is a mirror. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Security bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/9064): <!--number 9064 --><!--line 0 --><!--description ZG9uJ3QgYWxsb3cgY3JlZGVudGlhbHMgaW4gbWlncmF0ZS9wdXNoIG1pcnJvciBVUkw=-->don't allow credentials in migrate/push mirror URL<!--description--> <!--end release-notes-assistant--> Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: Earl Warren <contact@earl-warren.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9078 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
294 lines
9.5 KiB
Go
294 lines
9.5 KiB
Go
// Copyright 2020 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package repo
|
|
|
|
import (
|
|
"bytes"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"forgejo.org/models"
|
|
"forgejo.org/models/db"
|
|
"forgejo.org/models/organization"
|
|
"forgejo.org/models/perm"
|
|
access_model "forgejo.org/models/perm/access"
|
|
quota_model "forgejo.org/models/quota"
|
|
repo_model "forgejo.org/models/repo"
|
|
user_model "forgejo.org/models/user"
|
|
"forgejo.org/modules/graceful"
|
|
"forgejo.org/modules/lfs"
|
|
"forgejo.org/modules/log"
|
|
base "forgejo.org/modules/migration"
|
|
"forgejo.org/modules/setting"
|
|
api "forgejo.org/modules/structs"
|
|
"forgejo.org/modules/util"
|
|
"forgejo.org/modules/web"
|
|
"forgejo.org/services/context"
|
|
"forgejo.org/services/convert"
|
|
"forgejo.org/services/forms"
|
|
"forgejo.org/services/migrations"
|
|
notify_service "forgejo.org/services/notify"
|
|
repo_service "forgejo.org/services/repository"
|
|
)
|
|
|
|
// Migrate migrate remote git repository to gitea
|
|
func Migrate(ctx *context.APIContext) {
|
|
// swagger:operation POST /repos/migrate repository repoMigrate
|
|
// ---
|
|
// summary: Migrate a remote git repository
|
|
// consumes:
|
|
// - application/json
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: body
|
|
// in: body
|
|
// schema:
|
|
// "$ref": "#/definitions/MigrateRepoOptions"
|
|
// responses:
|
|
// "201":
|
|
// "$ref": "#/responses/Repository"
|
|
// "403":
|
|
// "$ref": "#/responses/forbidden"
|
|
// "409":
|
|
// description: The repository with the same name already exists.
|
|
// "413":
|
|
// "$ref": "#/responses/quotaExceeded"
|
|
// "422":
|
|
// "$ref": "#/responses/validationError"
|
|
|
|
form := web.GetForm(ctx).(*api.MigrateRepoOptions)
|
|
|
|
// get repoOwner
|
|
var (
|
|
repoOwner *user_model.User
|
|
err error
|
|
)
|
|
if len(form.RepoOwner) != 0 {
|
|
repoOwner, err = user_model.GetUserByName(ctx, form.RepoOwner)
|
|
} else if form.RepoOwnerID != 0 {
|
|
repoOwner, err = user_model.GetUserByID(ctx, form.RepoOwnerID)
|
|
} else {
|
|
repoOwner = ctx.Doer
|
|
}
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
|
} else {
|
|
ctx.Error(http.StatusInternalServerError, "GetUser", err)
|
|
}
|
|
return
|
|
}
|
|
|
|
if ctx.HasAPIError() {
|
|
ctx.Error(http.StatusUnprocessableEntity, "", ctx.GetErrMsg())
|
|
return
|
|
}
|
|
|
|
if !ctx.CheckQuota(quota_model.LimitSubjectSizeReposAll, repoOwner.ID, repoOwner.Name) {
|
|
return
|
|
}
|
|
|
|
if !ctx.Doer.IsAdmin {
|
|
if !repoOwner.IsOrganization() && ctx.Doer.ID != repoOwner.ID {
|
|
ctx.Error(http.StatusForbidden, "", "Given user is not an organization.")
|
|
return
|
|
}
|
|
|
|
if repoOwner.IsOrganization() {
|
|
// Check ownership of organization.
|
|
isOwner, err := organization.OrgFromUser(repoOwner).IsOwnedBy(ctx, ctx.Doer.ID)
|
|
if err != nil {
|
|
ctx.Error(http.StatusInternalServerError, "IsOwnedBy", err)
|
|
return
|
|
} else if !isOwner {
|
|
ctx.Error(http.StatusForbidden, "", "Given user is not owner of organization.")
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
remoteAddr, err := forms.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
|
|
if err == nil {
|
|
err = migrations.IsMigrateURLAllowed(remoteAddr, ctx.Doer)
|
|
}
|
|
if err != nil {
|
|
handleRemoteAddrError(ctx, err)
|
|
return
|
|
}
|
|
|
|
gitServiceType := convert.ToGitServiceType(form.Service)
|
|
|
|
if form.Mirror && setting.Mirror.DisableNewPull {
|
|
ctx.Error(http.StatusForbidden, "MirrorsGlobalDisabled", errors.New("the site administrator has disabled the creation of new pull mirrors"))
|
|
return
|
|
}
|
|
|
|
if setting.Repository.DisableMigrations {
|
|
ctx.Error(http.StatusForbidden, "MigrationsGlobalDisabled", errors.New("the site administrator has disabled migrations"))
|
|
return
|
|
}
|
|
|
|
form.LFS = form.LFS && setting.LFS.StartServer
|
|
|
|
if form.LFS && len(form.LFSEndpoint) > 0 {
|
|
ep := lfs.DetermineEndpoint("", form.LFSEndpoint)
|
|
if ep == nil {
|
|
ctx.Error(http.StatusInternalServerError, "", ctx.Tr("repo.migrate.invalid_lfs_endpoint"))
|
|
return
|
|
}
|
|
err = migrations.IsMigrateURLAllowed(ep.String(), ctx.Doer)
|
|
if err != nil {
|
|
handleRemoteAddrError(ctx, err)
|
|
return
|
|
}
|
|
}
|
|
|
|
opts := migrations.MigrateOptions{
|
|
CloneAddr: remoteAddr,
|
|
RepoName: form.RepoName,
|
|
Description: form.Description,
|
|
Private: form.Private || setting.Repository.ForcePrivate,
|
|
Mirror: form.Mirror,
|
|
LFS: form.LFS,
|
|
LFSEndpoint: form.LFSEndpoint,
|
|
AuthUsername: form.AuthUsername,
|
|
AuthPassword: form.AuthPassword,
|
|
AuthToken: form.AuthToken,
|
|
Wiki: form.Wiki,
|
|
Issues: form.Issues,
|
|
Milestones: form.Milestones,
|
|
Labels: form.Labels,
|
|
Comments: form.Issues || form.PullRequests,
|
|
PullRequests: form.PullRequests,
|
|
Releases: form.Releases,
|
|
GitServiceType: gitServiceType,
|
|
MirrorInterval: form.MirrorInterval,
|
|
}
|
|
if opts.Mirror {
|
|
opts.Issues = false
|
|
opts.Milestones = false
|
|
opts.Labels = false
|
|
opts.Comments = false
|
|
opts.PullRequests = false
|
|
opts.Releases = false
|
|
}
|
|
|
|
repo, err := repo_service.CreateRepositoryDirectly(ctx, ctx.Doer, repoOwner, repo_service.CreateRepoOptions{
|
|
Name: opts.RepoName,
|
|
Description: opts.Description,
|
|
OriginalURL: form.CloneAddr,
|
|
GitServiceType: gitServiceType,
|
|
IsPrivate: opts.Private || setting.Repository.ForcePrivate,
|
|
IsMirror: opts.Mirror,
|
|
Status: repo_model.RepositoryBeingMigrated,
|
|
})
|
|
if err != nil {
|
|
handleMigrateError(ctx, repoOwner, err)
|
|
return
|
|
}
|
|
|
|
opts.MigrateToRepoID = repo.ID
|
|
|
|
defer func() {
|
|
if e := recover(); e != nil {
|
|
var buf bytes.Buffer
|
|
fmt.Fprintf(&buf, "Handler crashed with error: %v", log.Stack(2))
|
|
|
|
err = errors.New(buf.String())
|
|
}
|
|
|
|
if err == nil {
|
|
notify_service.MigrateRepository(ctx, ctx.Doer, repoOwner, repo)
|
|
return
|
|
}
|
|
|
|
if repo != nil {
|
|
if errDelete := repo_service.DeleteRepositoryDirectly(ctx, ctx.Doer, repo.ID); errDelete != nil {
|
|
log.Error("DeleteRepository: %v", errDelete)
|
|
}
|
|
}
|
|
}()
|
|
|
|
if repo, err = migrations.MigrateRepository(graceful.GetManager().HammerContext(), ctx.Doer, repoOwner.Name, opts, nil); err != nil {
|
|
handleMigrateError(ctx, repoOwner, err)
|
|
return
|
|
}
|
|
|
|
if opts.Releases || opts.Wiki {
|
|
repoOpt := api.EditRepoOption{
|
|
HasReleases: &opts.Releases,
|
|
HasWiki: &opts.Wiki,
|
|
}
|
|
|
|
if err = updateRepoUnits(ctx, repoOwner.Name, repo, repoOpt); err != nil {
|
|
log.Error("Failed to update units on %s/%s repo. %w", repoOwner.Name, form.RepoName, err)
|
|
}
|
|
}
|
|
|
|
log.Trace("Repository migrated: %s/%s", repoOwner.Name, form.RepoName)
|
|
ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeAdmin}))
|
|
}
|
|
|
|
func handleMigrateError(ctx *context.APIContext, repoOwner *user_model.User, err error) {
|
|
switch {
|
|
case repo_model.IsErrRepoAlreadyExist(err):
|
|
ctx.Error(http.StatusConflict, "", "The repository with the same name already exists.")
|
|
case repo_model.IsErrRepoFilesAlreadyExist(err):
|
|
ctx.Error(http.StatusConflict, "", "Files already exist for this repository. Adopt them or delete them.")
|
|
case migrations.IsRateLimitError(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "", "Remote visit addressed rate limitation.")
|
|
case migrations.IsTwoFactorAuthError(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "", "Remote visit required two factors authentication.")
|
|
case repo_model.IsErrReachLimitOfRepo(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("You have already reached your limit of %d repositories.", repoOwner.MaxCreationLimit()))
|
|
case db.IsErrNameReserved(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("The username '%s' is reserved.", err.(db.ErrNameReserved).Name))
|
|
case db.IsErrNameCharsNotAllowed(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("The username '%s' contains invalid characters.", err.(db.ErrNameCharsNotAllowed).Name))
|
|
case db.IsErrNamePatternNotAllowed(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("The pattern '%s' is not allowed in a username.", err.(db.ErrNamePatternNotAllowed).Pattern))
|
|
case models.IsErrInvalidCloneAddr(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
|
case base.IsErrNotSupported(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
|
default:
|
|
err = util.SanitizeErrorCredentialURLs(err)
|
|
if strings.Contains(err.Error(), "Authentication failed") ||
|
|
strings.Contains(err.Error(), "Bad credentials") ||
|
|
strings.Contains(err.Error(), "could not read Username") {
|
|
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("Authentication failed: %v.", err))
|
|
} else if strings.Contains(err.Error(), "fatal:") {
|
|
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("Migration failed: %v.", err))
|
|
} else {
|
|
ctx.Error(http.StatusInternalServerError, "MigrateRepository", err)
|
|
}
|
|
}
|
|
}
|
|
|
|
func handleRemoteAddrError(ctx *context.APIContext, err error) {
|
|
if models.IsErrInvalidCloneAddr(err) {
|
|
addrErr := err.(*models.ErrInvalidCloneAddr)
|
|
switch {
|
|
case addrErr.IsURLError:
|
|
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
|
case addrErr.IsPermissionDenied:
|
|
if addrErr.LocalPath {
|
|
ctx.Error(http.StatusUnprocessableEntity, "", "You are not allowed to import local repositories.")
|
|
} else {
|
|
ctx.Error(http.StatusUnprocessableEntity, "", "You can not import from disallowed hosts.")
|
|
}
|
|
case addrErr.IsInvalidPath:
|
|
ctx.Error(http.StatusUnprocessableEntity, "", "Invalid local path, it does not exist or not a directory.")
|
|
case addrErr.HasCredentials:
|
|
ctx.Error(http.StatusUnprocessableEntity, "", "The URL contains credentials.")
|
|
default:
|
|
ctx.Error(http.StatusInternalServerError, "ParseRemoteAddr", "Unknown error type (ErrInvalidCloneAddr): "+err.Error())
|
|
}
|
|
} else {
|
|
ctx.Error(http.StatusInternalServerError, "ParseRemoteAddr", err)
|
|
}
|
|
}
|