afan
/
gitea
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
gitea源码
3 İşlemeler
2 Dallar
Dal: master
Dallar Biçim İmleri
${ item.name }
Branş ${ searchTerm } oluştur
'master'den
${ noResults }
gitea/routers/api/v1/user/app.go

app.go 11KB
Kalıcı Bağlantı Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2018 The Gitea Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package user

  6. 

  7. import (

  8. 	"errors"

  9. 	"fmt"

  10. 	"net/http"

  11. 	"strconv"

  12. 	"strings"

  13. 

  14. 	auth_model "code.gitea.io/gitea/models/auth"

  15. 	"code.gitea.io/gitea/models/db"

  16. 	api "code.gitea.io/gitea/modules/structs"

  17. 	"code.gitea.io/gitea/modules/web"

  18. 	"code.gitea.io/gitea/routers/api/v1/utils"

  19. 	"code.gitea.io/gitea/services/context"

  20. 	"code.gitea.io/gitea/services/convert"

  21. )

  22. 

  23. // ListAccessTokens list all the access tokens

  24. func ListAccessTokens(ctx *context.APIContext) {

  25. 	// swagger:operation GET /users/{username}/tokens user userGetTokens

  26. 	// ---

  27. 	// summary: List the authenticated user's access tokens

  28. 	// produces:

  29. 	// - application/json

  30. 	// parameters:

  31. 	// - name: username

  32. 	//   in: path

  33. 	//   description: username of to user whose access tokens are to be listed

  34. 	//   type: string

  35. 	//   required: true

  36. 	// - name: page

  37. 	//   in: query

  38. 	//   description: page number of results to return (1-based)

  39. 	//   type: integer

  40. 	// - name: limit

  41. 	//   in: query

  42. 	//   description: page size of results

  43. 	//   type: integer

  44. 	// responses:

  45. 	//   "200":

  46. 	//     "$ref": "#/responses/AccessTokenList"

  47. 	//   "403":

  48. 	//     "$ref": "#/responses/forbidden"

  49. 

  50. 	opts := auth_model.ListAccessTokensOptions{UserID: ctx.ContextUser.ID, ListOptions: utils.GetListOptions(ctx)}

  51. 

  52. 	tokens, count, err := db.FindAndCount[auth_model.AccessToken](ctx, opts)

  53. 	if err != nil {

  54. 		ctx.APIErrorInternal(err)

  55. 		return

  56. 	}

  57. 

  58. 	apiTokens := make([]*api.AccessToken, len(tokens))

  59. 	for i := range tokens {

  60. 		apiTokens[i] = &api.AccessToken{

  61. 			ID:             tokens[i].ID,

  62. 			Name:           tokens[i].Name,

  63. 			TokenLastEight: tokens[i].TokenLastEight,

  64. 			Scopes:         tokens[i].Scope.StringSlice(),

  65. 			Created:        tokens[i].CreatedUnix.AsTime(),

  66. 			Updated:        tokens[i].UpdatedUnix.AsTime(),

  67. 		}

  68. 	}

  69. 

  70. 	ctx.SetTotalCountHeader(count)

  71. 	ctx.JSON(http.StatusOK, &apiTokens)

  72. }

  73. 

  74. // CreateAccessToken create access tokens

  75. func CreateAccessToken(ctx *context.APIContext) {

  76. 	// swagger:operation POST /users/{username}/tokens user userCreateToken

  77. 	// ---

  78. 	// summary: Create an access token

  79. 	// consumes:

  80. 	// - application/json

  81. 	// produces:

  82. 	// - application/json

  83. 	// parameters:

  84. 	// - name: username

  85. 	//   in: path

  86. 	//   description: username of the user whose token is to be created

  87. 	//   required: true

  88. 	//   type: string

  89. 	// - name: body

  90. 	//   in: body

  91. 	//   schema:

  92. 	//     "$ref": "#/definitions/CreateAccessTokenOption"

  93. 	// responses:

  94. 	//   "201":

  95. 	//     "$ref": "#/responses/AccessToken"

  96. 	//   "400":

  97. 	//     "$ref": "#/responses/error"

  98. 	//   "403":

  99. 	//     "$ref": "#/responses/forbidden"

  100. 

  101. 	form := web.GetForm(ctx).(*api.CreateAccessTokenOption)

  102. 

  103. 	t := &auth_model.AccessToken{

  104. 		UID:  ctx.ContextUser.ID,

  105. 		Name: form.Name,

  106. 	}

  107. 

  108. 	exist, err := auth_model.AccessTokenByNameExists(ctx, t)

  109. 	if err != nil {

  110. 		ctx.APIErrorInternal(err)

  111. 		return

  112. 	}

  113. 	if exist {

  114. 		ctx.APIError(http.StatusBadRequest, errors.New("access token name has been used already"))

  115. 		return

  116. 	}

  117. 

  118. 	scope, err := auth_model.AccessTokenScope(strings.Join(form.Scopes, ",")).Normalize()

  119. 	if err != nil {

  120. 		ctx.APIError(http.StatusBadRequest, fmt.Errorf("invalid access token scope provided: %w", err))

  121. 		return

  122. 	}

  123. 	if scope == "" {

  124. 		ctx.APIError(http.StatusBadRequest, "access token must have a scope")

  125. 		return

  126. 	}

  127. 	t.Scope = scope

  128. 

  129. 	if err := auth_model.NewAccessToken(ctx, t); err != nil {

  130. 		ctx.APIErrorInternal(err)

  131. 		return

  132. 	}

  133. 	ctx.JSON(http.StatusCreated, &api.AccessToken{

  134. 		Name:           t.Name,

  135. 		Token:          t.Token,

  136. 		ID:             t.ID,

  137. 		TokenLastEight: t.TokenLastEight,

  138. 		Scopes:         t.Scope.StringSlice(),

  139. 	})

  140. }

  141. 

  142. // DeleteAccessToken delete access tokens

  143. func DeleteAccessToken(ctx *context.APIContext) {

  144. 	// swagger:operation DELETE /users/{username}/tokens/{token} user userDeleteAccessToken

  145. 	// ---

  146. 	// summary: delete an access token

  147. 	// produces:

  148. 	// - application/json

  149. 	// parameters:

  150. 	// - name: username

  151. 	//   in: path

  152. 	//   description: username of the user whose token is to be deleted

  153. 	//   type: string

  154. 	//   required: true

  155. 	// - name: token

  156. 	//   in: path

  157. 	//   description: token to be deleted, identified by ID and if not available by name

  158. 	//   type: string

  159. 	//   required: true

  160. 	// responses:

  161. 	//   "204":

  162. 	//     "$ref": "#/responses/empty"

  163. 	//   "403":

  164. 	//     "$ref": "#/responses/forbidden"

  165. 	//   "404":

  166. 	//     "$ref": "#/responses/notFound"

  167. 	//   "422":

  168. 	//     "$ref": "#/responses/error"

  169. 

  170. 	token := ctx.PathParam("id")

  171. 	tokenID, _ := strconv.ParseInt(token, 0, 64)

  172. 

  173. 	if tokenID == 0 {

  174. 		tokens, err := db.Find[auth_model.AccessToken](ctx, auth_model.ListAccessTokensOptions{

  175. 			Name:   token,

  176. 			UserID: ctx.ContextUser.ID,

  177. 		})

  178. 		if err != nil {

  179. 			ctx.APIErrorInternal(err)

  180. 			return

  181. 		}

  182. 

  183. 		switch len(tokens) {

  184. 		case 0:

  185. 			ctx.APIErrorNotFound()

  186. 			return

  187. 		case 1:

  188. 			tokenID = tokens[0].ID

  189. 		default:

  190. 			ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("multiple matches for token name '%s'", token))

  191. 			return

  192. 		}

  193. 	}

  194. 	if tokenID == 0 {

  195. 		ctx.APIErrorInternal(nil)

  196. 		return

  197. 	}

  198. 

  199. 	if err := auth_model.DeleteAccessTokenByID(ctx, tokenID, ctx.ContextUser.ID); err != nil {

  200. 		if auth_model.IsErrAccessTokenNotExist(err) {

  201. 			ctx.APIErrorNotFound()

  202. 		} else {

  203. 			ctx.APIErrorInternal(err)

  204. 		}

  205. 		return

  206. 	}

  207. 

  208. 	ctx.Status(http.StatusNoContent)

  209. }

  210. 

  211. // CreateOauth2Application is the handler to create a new OAuth2 Application for the authenticated user

  212. func CreateOauth2Application(ctx *context.APIContext) {

  213. 	// swagger:operation POST /user/applications/oauth2 user userCreateOAuth2Application

  214. 	// ---

  215. 	// summary: creates a new OAuth2 application

  216. 	// produces:

  217. 	// - application/json

  218. 	// parameters:

  219. 	// - name: body

  220. 	//   in: body

  221. 	//   required: true

  222. 	//   schema:

  223. 	//     "$ref": "#/definitions/CreateOAuth2ApplicationOptions"

  224. 	// responses:

  225. 	//   "201":

  226. 	//     "$ref": "#/responses/OAuth2Application"

  227. 	//   "400":

  228. 	//     "$ref": "#/responses/error"

  229. 

  230. 	data := web.GetForm(ctx).(*api.CreateOAuth2ApplicationOptions)

  231. 

  232. 	app, err := auth_model.CreateOAuth2Application(ctx, auth_model.CreateOAuth2ApplicationOptions{

  233. 		Name:                       data.Name,

  234. 		UserID:                     ctx.Doer.ID,

  235. 		RedirectURIs:               data.RedirectURIs,

  236. 		ConfidentialClient:         data.ConfidentialClient,

  237. 		SkipSecondaryAuthorization: data.SkipSecondaryAuthorization,

  238. 	})

  239. 	if err != nil {

  240. 		ctx.APIError(http.StatusBadRequest, "error creating oauth2 application")

  241. 		return

  242. 	}

  243. 	secret, err := app.GenerateClientSecret(ctx)

  244. 	if err != nil {

  245. 		ctx.APIError(http.StatusBadRequest, "error creating application secret")

  246. 		return

  247. 	}

  248. 	app.ClientSecret = secret

  249. 

  250. 	ctx.JSON(http.StatusCreated, convert.ToOAuth2Application(app))

  251. }

  252. 

  253. // ListOauth2Applications list all the Oauth2 application

  254. func ListOauth2Applications(ctx *context.APIContext) {

  255. 	// swagger:operation GET /user/applications/oauth2 user userGetOauth2Application

  256. 	// ---

  257. 	// summary: List the authenticated user's oauth2 applications

  258. 	// produces:

  259. 	// - application/json

  260. 	// parameters:

  261. 	// - name: page

  262. 	//   in: query

  263. 	//   description: page number of results to return (1-based)

  264. 	//   type: integer

  265. 	// - name: limit

  266. 	//   in: query

  267. 	//   description: page size of results

  268. 	//   type: integer

  269. 	// responses:

  270. 	//   "200":

  271. 	//     "$ref": "#/responses/OAuth2ApplicationList"

  272. 

  273. 	apps, total, err := db.FindAndCount[auth_model.OAuth2Application](ctx, auth_model.FindOAuth2ApplicationsOptions{

  274. 		ListOptions: utils.GetListOptions(ctx),

  275. 		OwnerID:     ctx.Doer.ID,

  276. 	})

  277. 	if err != nil {

  278. 		ctx.APIErrorInternal(err)

  279. 		return

  280. 	}

  281. 

  282. 	apiApps := make([]*api.OAuth2Application, len(apps))

  283. 	for i := range apps {

  284. 		apiApps[i] = convert.ToOAuth2Application(apps[i])

  285. 		apiApps[i].ClientSecret = "" // Hide secret on application list

  286. 	}

  287. 

  288. 	ctx.SetTotalCountHeader(total)

  289. 	ctx.JSON(http.StatusOK, &apiApps)

  290. }

  291. 

  292. // DeleteOauth2Application delete OAuth2 Application

  293. func DeleteOauth2Application(ctx *context.APIContext) {

  294. 	// swagger:operation DELETE /user/applications/oauth2/{id} user userDeleteOAuth2Application

  295. 	// ---

  296. 	// summary: delete an OAuth2 Application

  297. 	// produces:

  298. 	// - application/json

  299. 	// parameters:

  300. 	// - name: id

  301. 	//   in: path

  302. 	//   description: token to be deleted

  303. 	//   type: integer

  304. 	//   format: int64

  305. 	//   required: true

  306. 	// responses:

  307. 	//   "204":

  308. 	//     "$ref": "#/responses/empty"

  309. 	//   "404":

  310. 	//     "$ref": "#/responses/notFound"

  311. 	appID := ctx.PathParamInt64("id")

  312. 	if err := auth_model.DeleteOAuth2Application(ctx, appID, ctx.Doer.ID); err != nil {

  313. 		if auth_model.IsErrOAuthApplicationNotFound(err) {

  314. 			ctx.APIErrorNotFound()

  315. 		} else {

  316. 			ctx.APIErrorInternal(err)

  317. 		}

  318. 		return

  319. 	}

  320. 

  321. 	ctx.Status(http.StatusNoContent)

  322. }

  323. 

  324. // GetOauth2Application get OAuth2 Application

  325. func GetOauth2Application(ctx *context.APIContext) {

  326. 	// swagger:operation GET /user/applications/oauth2/{id} user userGetOAuth2Application

  327. 	// ---

  328. 	// summary: get an OAuth2 Application

  329. 	// produces:

  330. 	// - application/json

  331. 	// parameters:

  332. 	// - name: id

  333. 	//   in: path

  334. 	//   description: Application ID to be found

  335. 	//   type: integer

  336. 	//   format: int64

  337. 	//   required: true

  338. 	// responses:

  339. 	//   "200":

  340. 	//     "$ref": "#/responses/OAuth2Application"

  341. 	//   "404":

  342. 	//     "$ref": "#/responses/notFound"

  343. 	appID := ctx.PathParamInt64("id")

  344. 	app, err := auth_model.GetOAuth2ApplicationByID(ctx, appID)

  345. 	if err != nil {

  346. 		if auth_model.IsErrOauthClientIDInvalid(err) || auth_model.IsErrOAuthApplicationNotFound(err) {

  347. 			ctx.APIErrorNotFound()

  348. 		} else {

  349. 			ctx.APIErrorInternal(err)

  350. 		}

  351. 		return

  352. 	}

  353. 	if app.UID != ctx.Doer.ID {

  354. 		ctx.APIErrorNotFound()

  355. 		return

  356. 	}

  357. 

  358. 	app.ClientSecret = ""

  359. 

  360. 	ctx.JSON(http.StatusOK, convert.ToOAuth2Application(app))

  361. }

  362. 

  363. // UpdateOauth2Application update OAuth2 Application

  364. func UpdateOauth2Application(ctx *context.APIContext) {

  365. 	// swagger:operation PATCH /user/applications/oauth2/{id} user userUpdateOAuth2Application

  366. 	// ---

  367. 	// summary: update an OAuth2 Application, this includes regenerating the client secret

  368. 	// produces:

  369. 	// - application/json

  370. 	// parameters:

  371. 	// - name: id

  372. 	//   in: path

  373. 	//   description: application to be updated

  374. 	//   type: integer

  375. 	//   format: int64

  376. 	//   required: true

  377. 	// - name: body

  378. 	//   in: body

  379. 	//   required: true

  380. 	//   schema:

  381. 	//     "$ref": "#/definitions/CreateOAuth2ApplicationOptions"

  382. 	// responses:

  383. 	//   "200":

  384. 	//     "$ref": "#/responses/OAuth2Application"

  385. 	//   "404":

  386. 	//     "$ref": "#/responses/notFound"

  387. 	appID := ctx.PathParamInt64("id")

  388. 

  389. 	data := web.GetForm(ctx).(*api.CreateOAuth2ApplicationOptions)

  390. 

  391. 	app, err := auth_model.UpdateOAuth2Application(ctx, auth_model.UpdateOAuth2ApplicationOptions{

  392. 		Name:                       data.Name,

  393. 		UserID:                     ctx.Doer.ID,

  394. 		ID:                         appID,

  395. 		RedirectURIs:               data.RedirectURIs,

  396. 		ConfidentialClient:         data.ConfidentialClient,

  397. 		SkipSecondaryAuthorization: data.SkipSecondaryAuthorization,

  398. 	})

  399. 	if err != nil {

  400. 		if auth_model.IsErrOauthClientIDInvalid(err) || auth_model.IsErrOAuthApplicationNotFound(err) {

  401. 			ctx.APIErrorNotFound()

  402. 		} else {

  403. 			ctx.APIErrorInternal(err)

  404. 		}

  405. 		return

  406. 	}

  407. 	app.ClientSecret, err = app.GenerateClientSecret(ctx)

  408. 	if err != nil {

  409. 		ctx.APIError(http.StatusBadRequest, "error updating application secret")

  410. 		return

  411. 	}

  412. 

  413. 	ctx.JSON(http.StatusOK, convert.ToOAuth2Application(app))

  414. }