afan
/
gitea
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
gitea源码
3 提交
2 分支
目錄樹: 6d2efddf43
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
from '6d2efddf43'
${ noResults }
gitea/routers/web/user/setting/keys.go

keys.go 12KB
歷史記錄 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2018 The Gitea Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package setting

  6. 

  7. import (

  8. 	"errors"

  9. 	"net/http"

  10. 

  11. 	asymkey_model "code.gitea.io/gitea/models/asymkey"

  12. 	"code.gitea.io/gitea/models/db"

  13. 	user_model "code.gitea.io/gitea/models/user"

  14. 	"code.gitea.io/gitea/modules/setting"

  15. 	"code.gitea.io/gitea/modules/templates"

  16. 	"code.gitea.io/gitea/modules/web"

  17. 	asymkey_service "code.gitea.io/gitea/services/asymkey"

  18. 	"code.gitea.io/gitea/services/context"

  19. 	"code.gitea.io/gitea/services/forms"

  20. )

  21. 

  22. const (

  23. 	tplSettingsKeys templates.TplName = "user/settings/keys"

  24. )

  25. 

  26. // Keys render user's SSH/GPG public keys page

  27. func Keys(ctx *context.Context) {

  28. 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys, setting.UserFeatureManageGPGKeys) {

  29. 		ctx.NotFound(errors.New("keys setting is not allowed to be changed"))

  30. 		return

  31. 	}

  32. 

  33. 	ctx.Data["Title"] = ctx.Tr("settings.ssh_gpg_keys")

  34. 	ctx.Data["PageIsSettingsKeys"] = true

  35. 	ctx.Data["DisableSSH"] = setting.SSH.Disabled

  36. 	ctx.Data["BuiltinSSH"] = setting.SSH.StartBuiltinServer

  37. 	ctx.Data["AllowPrincipals"] = setting.SSH.AuthorizedPrincipalsEnabled

  38. 	ctx.Data["UserDisabledFeatures"] = user_model.DisabledFeaturesWithLoginType(ctx.Doer)

  39. 

  40. 	loadKeysData(ctx)

  41. 

  42. 	ctx.HTML(http.StatusOK, tplSettingsKeys)

  43. }

  44. 

  45. // KeysPost response for change user's SSH/GPG keys

  46. func KeysPost(ctx *context.Context) {

  47. 	form := web.GetForm(ctx).(*forms.AddKeyForm)

  48. 	ctx.Data["Title"] = ctx.Tr("settings")

  49. 	ctx.Data["PageIsSettingsKeys"] = true

  50. 	ctx.Data["DisableSSH"] = setting.SSH.Disabled

  51. 	ctx.Data["BuiltinSSH"] = setting.SSH.StartBuiltinServer

  52. 	ctx.Data["AllowPrincipals"] = setting.SSH.AuthorizedPrincipalsEnabled

  53. 	ctx.Data["UserDisabledFeatures"] = user_model.DisabledFeaturesWithLoginType(ctx.Doer)

  54. 

  55. 	if ctx.HasError() {

  56. 		loadKeysData(ctx)

  57. 

  58. 		ctx.HTML(http.StatusOK, tplSettingsKeys)

  59. 		return

  60. 	}

  61. 	switch form.Type {

  62. 	case "principal":

  63. 		content, err := asymkey_model.CheckPrincipalKeyString(ctx, ctx.Doer, form.Content)

  64. 		if err != nil {

  65. 			if db.IsErrSSHDisabled(err) {

  66. 				ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))

  67. 			} else {

  68. 				ctx.Flash.Error(ctx.Tr("form.invalid_ssh_principal", err.Error()))

  69. 			}

  70. 			ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  71. 			return

  72. 		}

  73. 		if _, err = asymkey_service.AddPrincipalKey(ctx, ctx.Doer.ID, content, 0); err != nil {

  74. 			ctx.Data["HasPrincipalError"] = true

  75. 			switch {

  76. 			case asymkey_model.IsErrKeyAlreadyExist(err), asymkey_model.IsErrKeyNameAlreadyUsed(err):

  77. 				loadKeysData(ctx)

  78. 

  79. 				ctx.Data["Err_Content"] = true

  80. 				ctx.RenderWithErr(ctx.Tr("settings.ssh_principal_been_used"), tplSettingsKeys, &form)

  81. 			default:

  82. 				ctx.ServerError("AddPrincipalKey", err)

  83. 			}

  84. 			return

  85. 		}

  86. 		ctx.Flash.Success(ctx.Tr("settings.add_principal_success", form.Content))

  87. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  88. 	case "gpg":

  89. 		if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {

  90. 			ctx.NotFound(errors.New("gpg keys setting is not allowed to be visited"))

  91. 			return

  92. 		}

  93. 

  94. 		token := asymkey_model.VerificationToken(ctx.Doer, 1)

  95. 		lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)

  96. 

  97. 		keys, err := asymkey_model.AddGPGKey(ctx, ctx.Doer.ID, form.Content, token, form.Signature)

  98. 		if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {

  99. 			keys, err = asymkey_model.AddGPGKey(ctx, ctx.Doer.ID, form.Content, lastToken, form.Signature)

  100. 		}

  101. 		if err != nil {

  102. 			ctx.Data["HasGPGError"] = true

  103. 			switch {

  104. 			case asymkey_model.IsErrGPGKeyParsing(err):

  105. 				ctx.Flash.Error(ctx.Tr("form.invalid_gpg_key", err.Error()))

  106. 				ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  107. 			case asymkey_model.IsErrGPGKeyIDAlreadyUsed(err):

  108. 				loadKeysData(ctx)

  109. 

  110. 				ctx.Data["Err_Content"] = true

  111. 				ctx.RenderWithErr(ctx.Tr("settings.gpg_key_id_used"), tplSettingsKeys, &form)

  112. 			case asymkey_model.IsErrGPGInvalidTokenSignature(err):

  113. 				loadKeysData(ctx)

  114. 				ctx.Data["Err_Content"] = true

  115. 				ctx.Data["Err_Signature"] = true

  116. 				keyID := err.(asymkey_model.ErrGPGInvalidTokenSignature).ID

  117. 				ctx.Data["KeyID"] = keyID

  118. 				ctx.Data["PaddedKeyID"] = asymkey_model.PaddedKeyID(keyID)

  119. 				ctx.RenderWithErr(ctx.Tr("settings.gpg_invalid_token_signature"), tplSettingsKeys, &form)

  120. 			case asymkey_model.IsErrGPGNoEmailFound(err):

  121. 				loadKeysData(ctx)

  122. 

  123. 				ctx.Data["Err_Content"] = true

  124. 				ctx.Data["Err_Signature"] = true

  125. 				keyID := err.(asymkey_model.ErrGPGNoEmailFound).ID

  126. 				ctx.Data["KeyID"] = keyID

  127. 				ctx.Data["PaddedKeyID"] = asymkey_model.PaddedKeyID(keyID)

  128. 				ctx.RenderWithErr(ctx.Tr("settings.gpg_no_key_email_found"), tplSettingsKeys, &form)

  129. 			default:

  130. 				ctx.ServerError("AddPublicKey", err)

  131. 			}

  132. 			return

  133. 		}

  134. 		keyIDs := ""

  135. 		for _, key := range keys {

  136. 			keyIDs += key.KeyID

  137. 			keyIDs += ", "

  138. 		}

  139. 		if len(keyIDs) > 0 {

  140. 			keyIDs = keyIDs[:len(keyIDs)-2]

  141. 		}

  142. 		ctx.Flash.Success(ctx.Tr("settings.add_gpg_key_success", keyIDs))

  143. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  144. 	case "verify_gpg":

  145. 		token := asymkey_model.VerificationToken(ctx.Doer, 1)

  146. 		lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)

  147. 

  148. 		keyID, err := asymkey_model.VerifyGPGKey(ctx, ctx.Doer.ID, form.KeyID, token, form.Signature)

  149. 		if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {

  150. 			keyID, err = asymkey_model.VerifyGPGKey(ctx, ctx.Doer.ID, form.KeyID, lastToken, form.Signature)

  151. 		}

  152. 		if err != nil {

  153. 			ctx.Data["HasGPGVerifyError"] = true

  154. 			switch {

  155. 			case asymkey_model.IsErrGPGInvalidTokenSignature(err):

  156. 				loadKeysData(ctx)

  157. 				ctx.Data["VerifyingID"] = form.KeyID

  158. 				ctx.Data["Err_Signature"] = true

  159. 				keyID := err.(asymkey_model.ErrGPGInvalidTokenSignature).ID

  160. 				ctx.Data["KeyID"] = keyID

  161. 				ctx.Data["PaddedKeyID"] = asymkey_model.PaddedKeyID(keyID)

  162. 				ctx.RenderWithErr(ctx.Tr("settings.gpg_invalid_token_signature"), tplSettingsKeys, &form)

  163. 			default:

  164. 				ctx.ServerError("VerifyGPG", err)

  165. 			}

  166. 		}

  167. 		ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID))

  168. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  169. 	case "ssh":

  170. 		if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) {

  171. 			ctx.NotFound(errors.New("ssh keys setting is not allowed to be visited"))

  172. 			return

  173. 		}

  174. 

  175. 		content, err := asymkey_model.CheckPublicKeyString(form.Content)

  176. 		if err != nil {

  177. 			if db.IsErrSSHDisabled(err) {

  178. 				ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))

  179. 			} else if asymkey_model.IsErrKeyUnableVerify(err) {

  180. 				ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))

  181. 			} else if err == asymkey_model.ErrKeyIsPrivate {

  182. 				ctx.Flash.Error(ctx.Tr("form.must_use_public_key"))

  183. 			} else {

  184. 				ctx.Flash.Error(ctx.Tr("form.invalid_ssh_key", err.Error()))

  185. 			}

  186. 			ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  187. 			return

  188. 		}

  189. 

  190. 		if _, err = asymkey_model.AddPublicKey(ctx, ctx.Doer.ID, form.Title, content, 0); err != nil {

  191. 			ctx.Data["HasSSHError"] = true

  192. 			switch {

  193. 			case asymkey_model.IsErrKeyAlreadyExist(err):

  194. 				loadKeysData(ctx)

  195. 

  196. 				ctx.Data["Err_Content"] = true

  197. 				ctx.RenderWithErr(ctx.Tr("settings.ssh_key_been_used"), tplSettingsKeys, &form)

  198. 			case asymkey_model.IsErrKeyNameAlreadyUsed(err):

  199. 				loadKeysData(ctx)

  200. 

  201. 				ctx.Data["Err_Title"] = true

  202. 				ctx.RenderWithErr(ctx.Tr("settings.ssh_key_name_used"), tplSettingsKeys, &form)

  203. 			case asymkey_model.IsErrKeyUnableVerify(err):

  204. 				ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))

  205. 				ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  206. 			default:

  207. 				ctx.ServerError("AddPublicKey", err)

  208. 			}

  209. 			return

  210. 		}

  211. 		ctx.Flash.Success(ctx.Tr("settings.add_key_success", form.Title))

  212. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  213. 	case "verify_ssh":

  214. 		if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) {

  215. 			ctx.NotFound(errors.New("ssh keys setting is not allowed to be visited"))

  216. 			return

  217. 		}

  218. 

  219. 		token := asymkey_model.VerificationToken(ctx.Doer, 1)

  220. 		lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)

  221. 

  222. 		fingerprint, err := asymkey_model.VerifySSHKey(ctx, ctx.Doer.ID, form.Fingerprint, token, form.Signature)

  223. 		if err != nil && asymkey_model.IsErrSSHInvalidTokenSignature(err) {

  224. 			fingerprint, err = asymkey_model.VerifySSHKey(ctx, ctx.Doer.ID, form.Fingerprint, lastToken, form.Signature)

  225. 		}

  226. 		if err != nil {

  227. 			ctx.Data["HasSSHVerifyError"] = true

  228. 			switch {

  229. 			case asymkey_model.IsErrSSHInvalidTokenSignature(err):

  230. 				loadKeysData(ctx)

  231. 				ctx.Data["Err_Signature"] = true

  232. 				ctx.Data["Fingerprint"] = err.(asymkey_model.ErrSSHInvalidTokenSignature).Fingerprint

  233. 				ctx.RenderWithErr(ctx.Tr("settings.ssh_invalid_token_signature"), tplSettingsKeys, &form)

  234. 			default:

  235. 				ctx.ServerError("VerifySSH", err)

  236. 			}

  237. 		}

  238. 		ctx.Flash.Success(ctx.Tr("settings.verify_ssh_key_success", fingerprint))

  239. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  240. 

  241. 	default:

  242. 		ctx.Flash.Warning("Function not implemented")

  243. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  244. 	}

  245. }

  246. 

  247. // DeleteKey response for delete user's SSH/GPG key

  248. func DeleteKey(ctx *context.Context) {

  249. 	switch ctx.FormString("type") {

  250. 	case "gpg":

  251. 		if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {

  252. 			ctx.NotFound(errors.New("gpg keys setting is not allowed to be visited"))

  253. 			return

  254. 		}

  255. 		if err := asymkey_model.DeleteGPGKey(ctx, ctx.Doer, ctx.FormInt64("id")); err != nil {

  256. 			ctx.Flash.Error("DeleteGPGKey: " + err.Error())

  257. 		} else {

  258. 			ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success"))

  259. 		}

  260. 	case "ssh":

  261. 		if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) {

  262. 			ctx.NotFound(errors.New("ssh keys setting is not allowed to be visited"))

  263. 			return

  264. 		}

  265. 

  266. 		keyID := ctx.FormInt64("id")

  267. 		external, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, keyID)

  268. 		if err != nil {

  269. 			ctx.ServerError("sshKeysExternalManaged", err)

  270. 			return

  271. 		}

  272. 		if external {

  273. 			ctx.Flash.Error(ctx.Tr("settings.ssh_externally_managed"))

  274. 			ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  275. 			return

  276. 		}

  277. 		if err := asymkey_service.DeletePublicKey(ctx, ctx.Doer, keyID); err != nil {

  278. 			ctx.Flash.Error("DeletePublicKey: " + err.Error())

  279. 		} else {

  280. 			ctx.Flash.Success(ctx.Tr("settings.ssh_key_deletion_success"))

  281. 		}

  282. 	case "principal":

  283. 		if err := asymkey_service.DeletePublicKey(ctx, ctx.Doer, ctx.FormInt64("id")); err != nil {

  284. 			ctx.Flash.Error("DeletePublicKey: " + err.Error())

  285. 		} else {

  286. 			ctx.Flash.Success(ctx.Tr("settings.ssh_principal_deletion_success"))

  287. 		}

  288. 	default:

  289. 		ctx.Flash.Warning("Function not implemented")

  290. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  291. 	}

  292. 	ctx.JSONRedirect(setting.AppSubURL + "/user/settings/keys")

  293. }

  294. 

  295. func loadKeysData(ctx *context.Context) {

  296. 	keys, err := db.Find[asymkey_model.PublicKey](ctx, asymkey_model.FindPublicKeyOptions{

  297. 		OwnerID:    ctx.Doer.ID,

  298. 		NotKeytype: asymkey_model.KeyTypePrincipal,

  299. 	})

  300. 	if err != nil {

  301. 		ctx.ServerError("ListPublicKeys", err)

  302. 		return

  303. 	}

  304. 	ctx.Data["Keys"] = keys

  305. 

  306. 	externalKeys, err := asymkey_model.PublicKeysAreExternallyManaged(ctx, keys)

  307. 	if err != nil {

  308. 		ctx.ServerError("ListPublicKeys", err)

  309. 		return

  310. 	}

  311. 	ctx.Data["ExternalKeys"] = externalKeys

  312. 

  313. 	gpgkeys, err := db.Find[asymkey_model.GPGKey](ctx, asymkey_model.FindGPGKeyOptions{

  314. 		ListOptions: db.ListOptionsAll,

  315. 		OwnerID:     ctx.Doer.ID,

  316. 	})

  317. 	if err != nil {

  318. 		ctx.ServerError("ListGPGKeys", err)

  319. 		return

  320. 	}

  321. 	if err := asymkey_model.GPGKeyList(gpgkeys).LoadSubKeys(ctx); err != nil {

  322. 		ctx.ServerError("LoadSubKeys", err)

  323. 		return

  324. 	}

  325. 	ctx.Data["GPGKeys"] = gpgkeys

  326. 	tokenToSign := asymkey_model.VerificationToken(ctx.Doer, 1)

  327. 

  328. 	// generate a new aes cipher using the csrfToken

  329. 	ctx.Data["TokenToSign"] = tokenToSign

  330. 

  331. 	principals, err := db.Find[asymkey_model.PublicKey](ctx, asymkey_model.FindPublicKeyOptions{

  332. 		ListOptions: db.ListOptionsAll,

  333. 		OwnerID:     ctx.Doer.ID,

  334. 		KeyTypes:    []asymkey_model.KeyType{asymkey_model.KeyTypePrincipal},

  335. 	})

  336. 	if err != nil {

  337. 		ctx.ServerError("ListPrincipalKeys", err)

  338. 		return

  339. 	}

  340. 	ctx.Data["Principals"] = principals

  341. 

  342. 	ctx.Data["VerifyingID"] = ctx.FormString("verify_gpg")

  343. 	ctx.Data["VerifyingFingerprint"] = ctx.FormString("verify_ssh")

  344. 	ctx.Data["UserDisabledFeatures"] = user_model.DisabledFeaturesWithLoginType(ctx.Doer)

  345. }