afan
/
gitea
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
gitea源码
3 Commits
2 Branches
Tree: 6d2efddf43
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d2efddf43'
${ noResults }
gitea/models/asymkey/ssh_key_deploy.go

ssh_key_deploy.go 6.0KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package asymkey

  5. 

  6. import (

  7. 	"context"

  8. 	"fmt"

  9. 	"time"

  10. 

  11. 	"code.gitea.io/gitea/models/db"

  12. 	"code.gitea.io/gitea/models/perm"

  13. 	"code.gitea.io/gitea/modules/timeutil"

  14. 

  15. 	"xorm.io/builder"

  16. )

  17. 

  18. // ________                .__                 ____  __.

  19. // \______ \   ____ ______ |  |   ____ ___.__.|    |/ _|____ ___.__.

  20. //  |    |  \_/ __ \\____ \|  |  /  _ <   |  ||      <_/ __ <   |  |

  21. //  |    `   \  ___/|  |_> >  |_(  <_> )___  ||    |  \  ___/\___  |

  22. // /_______  /\___  >   __/|____/\____// ____||____|__ \___  > ____|

  23. //         \/     \/|__|               \/             \/   \/\/

  24. //

  25. // This file contains functions specific to DeployKeys

  26. 

  27. // DeployKey represents deploy key information and its relation with repository.

  28. type DeployKey struct {

  29. 	ID          int64 `xorm:"pk autoincr"`

  30. 	KeyID       int64 `xorm:"UNIQUE(s) INDEX"`

  31. 	RepoID      int64 `xorm:"UNIQUE(s) INDEX"`

  32. 	Name        string

  33. 	Fingerprint string

  34. 	Content     string `xorm:"-"`

  35. 

  36. 	Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 1"`

  37. 

  38. 	CreatedUnix       timeutil.TimeStamp `xorm:"created"`

  39. 	UpdatedUnix       timeutil.TimeStamp `xorm:"updated"`

  40. 	HasRecentActivity bool               `xorm:"-"`

  41. 	HasUsed           bool               `xorm:"-"`

  42. }

  43. 

  44. // AfterLoad is invoked from XORM after setting the values of all fields of this object.

  45. func (key *DeployKey) AfterLoad() {

  46. 	key.HasUsed = key.UpdatedUnix > key.CreatedUnix

  47. 	key.HasRecentActivity = key.UpdatedUnix.AddDuration(7*24*time.Hour) > timeutil.TimeStampNow()

  48. }

  49. 

  50. // GetContent gets associated public key content.

  51. func (key *DeployKey) GetContent(ctx context.Context) error {

  52. 	pkey, err := GetPublicKeyByID(ctx, key.KeyID)

  53. 	if err != nil {

  54. 		return err

  55. 	}

  56. 	key.Content = pkey.Content

  57. 	return nil

  58. }

  59. 

  60. // IsReadOnly checks if the key can only be used for read operations, used by template

  61. func (key *DeployKey) IsReadOnly() bool {

  62. 	return key.Mode == perm.AccessModeRead

  63. }

  64. 

  65. func init() {

  66. 	db.RegisterModel(new(DeployKey))

  67. }

  68. 

  69. func checkDeployKey(ctx context.Context, keyID, repoID int64, name string) error {

  70. 	// Note: We want error detail, not just true or false here.

  71. 	has, err := db.GetEngine(ctx).

  72. 		Where("key_id = ? AND repo_id = ?", keyID, repoID).

  73. 		Get(new(DeployKey))

  74. 	if err != nil {

  75. 		return err

  76. 	} else if has {

  77. 		return ErrDeployKeyAlreadyExist{keyID, repoID}

  78. 	}

  79. 

  80. 	has, err = db.GetEngine(ctx).

  81. 		Where("repo_id = ? AND name = ?", repoID, name).

  82. 		Get(new(DeployKey))

  83. 	if err != nil {

  84. 		return err

  85. 	} else if has {

  86. 		return ErrDeployKeyNameAlreadyUsed{repoID, name}

  87. 	}

  88. 

  89. 	return nil

  90. }

  91. 

  92. // addDeployKey adds new key-repo relation.

  93. func addDeployKey(ctx context.Context, keyID, repoID int64, name, fingerprint string, mode perm.AccessMode) (*DeployKey, error) {

  94. 	if err := checkDeployKey(ctx, keyID, repoID, name); err != nil {

  95. 		return nil, err

  96. 	}

  97. 

  98. 	key := &DeployKey{

  99. 		KeyID:       keyID,

  100. 		RepoID:      repoID,

  101. 		Name:        name,

  102. 		Fingerprint: fingerprint,

  103. 		Mode:        mode,

  104. 	}

  105. 	return key, db.Insert(ctx, key)

  106. }

  107. 

  108. // HasDeployKey returns true if public key is a deploy key of given repository.

  109. func HasDeployKey(ctx context.Context, keyID, repoID int64) bool {

  110. 	has, _ := db.GetEngine(ctx).

  111. 		Where("key_id = ? AND repo_id = ?", keyID, repoID).

  112. 		Get(new(DeployKey))

  113. 	return has

  114. }

  115. 

  116. // AddDeployKey add new deploy key to database and authorized_keys file.

  117. func AddDeployKey(ctx context.Context, repoID int64, name, content string, readOnly bool) (*DeployKey, error) {

  118. 	fingerprint, err := CalcFingerprint(content)

  119. 	if err != nil {

  120. 		return nil, err

  121. 	}

  122. 

  123. 	accessMode := perm.AccessModeRead

  124. 	if !readOnly {

  125. 		accessMode = perm.AccessModeWrite

  126. 	}

  127. 

  128. 	return db.WithTx2(ctx, func(ctx context.Context) (*DeployKey, error) {

  129. 		pkey, exist, err := db.Get[PublicKey](ctx, builder.Eq{"fingerprint": fingerprint})

  130. 		if err != nil {

  131. 			return nil, err

  132. 		} else if exist {

  133. 			if pkey.Type != KeyTypeDeploy {

  134. 				return nil, ErrKeyAlreadyExist{0, fingerprint, ""}

  135. 			}

  136. 		} else {

  137. 			// First time use this deploy key.

  138. 			pkey = &PublicKey{

  139. 				Fingerprint: fingerprint,

  140. 				Mode:        accessMode,

  141. 				Type:        KeyTypeDeploy,

  142. 				Content:     content,

  143. 				Name:        name,

  144. 			}

  145. 			if err = addKey(ctx, pkey); err != nil {

  146. 				return nil, fmt.Errorf("addKey: %w", err)

  147. 			}

  148. 		}

  149. 

  150. 		key, err := addDeployKey(ctx, pkey.ID, repoID, name, pkey.Fingerprint, accessMode)

  151. 		if err != nil {

  152. 			return nil, err

  153. 		}

  154. 

  155. 		return key, nil

  156. 	})

  157. }

  158. 

  159. // GetDeployKeyByID returns deploy key by given ID.

  160. func GetDeployKeyByID(ctx context.Context, id int64) (*DeployKey, error) {

  161. 	key, exist, err := db.GetByID[DeployKey](ctx, id)

  162. 	if err != nil {

  163. 		return nil, err

  164. 	} else if !exist {

  165. 		return nil, ErrDeployKeyNotExist{id, 0, 0}

  166. 	}

  167. 	return key, nil

  168. }

  169. 

  170. // GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.

  171. func GetDeployKeyByRepo(ctx context.Context, keyID, repoID int64) (*DeployKey, error) {

  172. 	key, exist, err := db.Get[DeployKey](ctx, builder.Eq{"key_id": keyID, "repo_id": repoID})

  173. 	if err != nil {

  174. 		return nil, err

  175. 	} else if !exist {

  176. 		return nil, ErrDeployKeyNotExist{0, keyID, repoID}

  177. 	}

  178. 	return key, nil

  179. }

  180. 

  181. // IsDeployKeyExistByKeyID return true if there is at least one deploykey with the key id

  182. func IsDeployKeyExistByKeyID(ctx context.Context, keyID int64) (bool, error) {

  183. 	return db.GetEngine(ctx).

  184. 		Where("key_id = ?", keyID).

  185. 		Get(new(DeployKey))

  186. }

  187. 

  188. // UpdateDeployKeyCols updates deploy key information in the specified columns.

  189. func UpdateDeployKeyCols(ctx context.Context, key *DeployKey, cols ...string) error {

  190. 	_, err := db.GetEngine(ctx).ID(key.ID).Cols(cols...).Update(key)

  191. 	return err

  192. }

  193. 

  194. // ListDeployKeysOptions are options for ListDeployKeys

  195. type ListDeployKeysOptions struct {

  196. 	db.ListOptions

  197. 	RepoID      int64

  198. 	KeyID       int64

  199. 	Fingerprint string

  200. }

  201. 

  202. func (opt ListDeployKeysOptions) ToConds() builder.Cond {

  203. 	cond := builder.NewCond()

  204. 	if opt.RepoID != 0 {

  205. 		cond = cond.And(builder.Eq{"repo_id": opt.RepoID})

  206. 	}

  207. 	if opt.KeyID != 0 {

  208. 		cond = cond.And(builder.Eq{"key_id": opt.KeyID})

  209. 	}

  210. 	if opt.Fingerprint != "" {

  211. 		cond = cond.And(builder.Eq{"fingerprint": opt.Fingerprint})

  212. 	}

  213. 	return cond

  214. }