afan
/
gitea
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
gitea源码
2 提交
2 分支
目錄樹: f5d5e77162
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
from 'f5d5e77162'
${ noResults }
gitea/models/secret/secret.go

secret.go 6.5KB
歷史記錄 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203 
  1. // Copyright 2022 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package secret

  5. 

  6. import (

  7. 	"context"

  8. 	"fmt"

  9. 	"strings"

  10. 

  11. 	actions_model "code.gitea.io/gitea/models/actions"

  12. 	"code.gitea.io/gitea/models/db"

  13. 	actions_module "code.gitea.io/gitea/modules/actions"

  14. 	"code.gitea.io/gitea/modules/log"

  15. 	secret_module "code.gitea.io/gitea/modules/secret"

  16. 	"code.gitea.io/gitea/modules/setting"

  17. 	"code.gitea.io/gitea/modules/timeutil"

  18. 	"code.gitea.io/gitea/modules/util"

  19. 

  20. 	"xorm.io/builder"

  21. )

  22. 

  23. // Secret represents a secret

  24. //

  25. // It can be:

  26. //  1. org/user level secret, OwnerID is org/user ID and RepoID is 0

  27. //  2. repo level secret, OwnerID is 0 and RepoID is repo ID

  28. //

  29. // Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,

  30. // or it will be complicated to find secrets belonging to a specific owner.

  31. // For example, conditions like `OwnerID = 1` will also return secret {OwnerID: 1, RepoID: 1},

  32. // but it's a repo level secret, not an org/user level secret.

  33. // To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level secrets.

  34. //

  35. // Please note that it's not acceptable to have both OwnerID and RepoID to zero, global secrets are not supported.

  36. // It's for security reasons, admin may be not aware of that the secrets could be stolen by any user when setting them as global.

  37. type Secret struct {

  38. 	ID          int64

  39. 	OwnerID     int64              `xorm:"INDEX UNIQUE(owner_repo_name) NOT NULL"`

  40. 	RepoID      int64              `xorm:"INDEX UNIQUE(owner_repo_name) NOT NULL DEFAULT 0"`

  41. 	Name        string             `xorm:"UNIQUE(owner_repo_name) NOT NULL"`

  42. 	Data        string             `xorm:"LONGTEXT"` // encrypted data

  43. 	Description string             `xorm:"TEXT"`

  44. 	CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"`

  45. }

  46. 

  47. const (

  48. 	SecretDataMaxLength        = 65536

  49. 	SecretDescriptionMaxLength = 4096

  50. )

  51. 

  52. // ErrSecretNotFound represents a "secret not found" error.

  53. type ErrSecretNotFound struct {

  54. 	Name string

  55. }

  56. 

  57. func (err ErrSecretNotFound) Error() string {

  58. 	return fmt.Sprintf("secret was not found [name: %s]", err.Name)

  59. }

  60. 

  61. func (err ErrSecretNotFound) Unwrap() error {

  62. 	return util.ErrNotExist

  63. }

  64. 

  65. // InsertEncryptedSecret Creates, encrypts, and validates a new secret with yet unencrypted data and insert into database

  66. func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, data, description string) (*Secret, error) {

  67. 	if ownerID != 0 && repoID != 0 {

  68. 		// It's trying to create a secret that belongs to a repository, but OwnerID has been set accidentally.

  69. 		// Remove OwnerID to avoid confusion; it's not worth returning an error here.

  70. 		ownerID = 0

  71. 	}

  72. 	if ownerID == 0 && repoID == 0 {

  73. 		return nil, fmt.Errorf("%w: ownerID and repoID cannot be both zero, global secrets are not supported", util.ErrInvalidArgument)

  74. 	}

  75. 

  76. 	if len(data) > SecretDataMaxLength {

  77. 		return nil, util.NewInvalidArgumentErrorf("data too long")

  78. 	}

  79. 

  80. 	description = util.TruncateRunes(description, SecretDescriptionMaxLength)

  81. 

  82. 	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)

  83. 	if err != nil {

  84. 		return nil, err

  85. 	}

  86. 

  87. 	secret := &Secret{

  88. 		OwnerID:     ownerID,

  89. 		RepoID:      repoID,

  90. 		Name:        strings.ToUpper(name),

  91. 		Data:        encrypted,

  92. 		Description: description,

  93. 	}

  94. 	return secret, db.Insert(ctx, secret)

  95. }

  96. 

  97. func init() {

  98. 	db.RegisterModel(new(Secret))

  99. }

  100. 

  101. type FindSecretsOptions struct {

  102. 	db.ListOptions

  103. 	RepoID   int64

  104. 	OwnerID  int64 // it will be ignored if RepoID is set

  105. 	SecretID int64

  106. 	Name     string

  107. }

  108. 

  109. func (opts FindSecretsOptions) ToConds() builder.Cond {

  110. 	cond := builder.NewCond()

  111. 

  112. 	cond = cond.And(builder.Eq{"repo_id": opts.RepoID})

  113. 	if opts.RepoID != 0 { // if RepoID is set

  114. 		// ignore OwnerID and treat it as 0

  115. 		cond = cond.And(builder.Eq{"owner_id": 0})

  116. 	} else {

  117. 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})

  118. 	}

  119. 

  120. 	if opts.SecretID != 0 {

  121. 		cond = cond.And(builder.Eq{"id": opts.SecretID})

  122. 	}

  123. 	if opts.Name != "" {

  124. 		cond = cond.And(builder.Eq{"name": strings.ToUpper(opts.Name)})

  125. 	}

  126. 

  127. 	return cond

  128. }

  129. 

  130. // UpdateSecret changes org or user reop secret.

  131. func UpdateSecret(ctx context.Context, secretID int64, data, description string) error {

  132. 	if len(data) > SecretDataMaxLength {

  133. 		return util.NewInvalidArgumentErrorf("data too long")

  134. 	}

  135. 

  136. 	description = util.TruncateRunes(description, SecretDescriptionMaxLength)

  137. 

  138. 	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)

  139. 	if err != nil {

  140. 		return err

  141. 	}

  142. 

  143. 	s := &Secret{

  144. 		Data:        encrypted,

  145. 		Description: description,

  146. 	}

  147. 	affected, err := db.GetEngine(ctx).ID(secretID).Cols("data", "description").Update(s)

  148. 	if affected != 1 {

  149. 		return ErrSecretNotFound{}

  150. 	}

  151. 	return err

  152. }

  153. 

  154. func GetSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) (map[string]string, error) {

  155. 	secrets := map[string]string{}

  156. 

  157. 	secrets["GITHUB_TOKEN"] = task.Token

  158. 	secrets["GITEA_TOKEN"] = task.Token

  159. 

  160. 	if task.Job.Run.IsForkPullRequest && task.Job.Run.TriggerEvent != actions_module.GithubEventPullRequestTarget {

  161. 		// ignore secrets for fork pull request, except GITHUB_TOKEN and GITEA_TOKEN which are automatically generated.

  162. 		// for the tasks triggered by pull_request_target event, they could access the secrets because they will run in the context of the base branch

  163. 		// see the documentation: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target

  164. 		return secrets, nil

  165. 	}

  166. 

  167. 	ownerSecrets, err := db.Find[Secret](ctx, FindSecretsOptions{OwnerID: task.Job.Run.Repo.OwnerID})

  168. 	if err != nil {

  169. 		log.Error("find secrets of owner %v: %v", task.Job.Run.Repo.OwnerID, err)

  170. 		return nil, err

  171. 	}

  172. 	repoSecrets, err := db.Find[Secret](ctx, FindSecretsOptions{RepoID: task.Job.Run.RepoID})

  173. 	if err != nil {

  174. 		log.Error("find secrets of repo %v: %v", task.Job.Run.RepoID, err)

  175. 		return nil, err

  176. 	}

  177. 

  178. 	for _, secret := range append(ownerSecrets, repoSecrets...) {

  179. 		v, err := secret_module.DecryptSecret(setting.SecretKey, secret.Data)

  180. 		if err != nil {

  181. 			log.Error("decrypt secret %v %q: %v", secret.ID, secret.Name, err)

  182. 			return nil, err

  183. 		}

  184. 		secrets[secret.Name] = v

  185. 	}

  186. 

  187. 	return secrets, nil

  188. }

  189. 

  190. func CountWrongRepoLevelSecrets(ctx context.Context) (int64, error) {

  191. 	var result int64

  192. 	_, err := db.GetEngine(ctx).SQL("SELECT count(`id`) FROM `secret` WHERE `repo_id` > 0 AND `owner_id` > 0").Get(&result)

  193. 	return result, err

  194. }

  195. 

  196. func UpdateWrongRepoLevelSecrets(ctx context.Context) (int64, error) {

  197. 	result, err := db.GetEngine(ctx).Exec("UPDATE `secret` SET `owner_id` = 0 WHERE `repo_id` > 0 AND `owner_id` > 0")

  198. 	if err != nil {

  199. 		return 0, err

  200. 	}

  201. 	return result.RowsAffected()

  202. }