diff options
author | Daniel Baumann <daniel@debian.org> | 2024-10-18 20:33:49 +0200 |
---|---|---|
committer | Daniel Baumann <daniel@debian.org> | 2024-12-12 23:57:56 +0100 |
commit | e68b9d00a6e05b3a941f63ffb696f91e554ac5ec (patch) | |
tree | 97775d6c13b0f416af55314eb6a89ef792474615 /services/secrets | |
parent | Initial commit. (diff) | |
download | forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.tar.xz forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.zip |
Adding upstream version 9.0.3.
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to '')
-rw-r--r-- | services/secrets/secrets.go | 83 | ||||
-rw-r--r-- | services/secrets/validation.go | 25 |
2 files changed, 108 insertions, 0 deletions
diff --git a/services/secrets/secrets.go b/services/secrets/secrets.go new file mode 100644 index 0000000..031c474 --- /dev/null +++ b/services/secrets/secrets.go @@ -0,0 +1,83 @@ +// Copyright 2023 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package secrets + +import ( + "context" + + "code.gitea.io/gitea/models/db" + secret_model "code.gitea.io/gitea/models/secret" +) + +func CreateOrUpdateSecret(ctx context.Context, ownerID, repoID int64, name, data string) (*secret_model.Secret, bool, error) { + if err := ValidateName(name); err != nil { + return nil, false, err + } + + s, err := db.Find[secret_model.Secret](ctx, secret_model.FindSecretsOptions{ + OwnerID: ownerID, + RepoID: repoID, + Name: name, + }) + if err != nil { + return nil, false, err + } + + if len(s) == 0 { + s, err := secret_model.InsertEncryptedSecret(ctx, ownerID, repoID, name, data) + if err != nil { + return nil, false, err + } + return s, true, nil + } + + if err := secret_model.UpdateSecret(ctx, s[0].ID, data); err != nil { + return nil, false, err + } + + return s[0], false, nil +} + +func DeleteSecretByID(ctx context.Context, ownerID, repoID, secretID int64) error { + s, err := db.Find[secret_model.Secret](ctx, secret_model.FindSecretsOptions{ + OwnerID: ownerID, + RepoID: repoID, + SecretID: secretID, + }) + if err != nil { + return err + } + if len(s) != 1 { + return secret_model.ErrSecretNotFound{} + } + + return deleteSecret(ctx, s[0]) +} + +func DeleteSecretByName(ctx context.Context, ownerID, repoID int64, name string) error { + if err := ValidateName(name); err != nil { + return err + } + + s, err := db.Find[secret_model.Secret](ctx, secret_model.FindSecretsOptions{ + OwnerID: ownerID, + RepoID: repoID, + Name: name, + }) + if err != nil { + return err + } + if len(s) != 1 { + return secret_model.ErrSecretNotFound{} + } + + return deleteSecret(ctx, s[0]) +} + +func deleteSecret(ctx context.Context, s *secret_model.Secret) error { + if _, err := db.DeleteByID[secret_model.Secret](ctx, s.ID); err != nil { + return err + } + return nil +} diff --git a/services/secrets/validation.go b/services/secrets/validation.go new file mode 100644 index 0000000..3db5b96 --- /dev/null +++ b/services/secrets/validation.go @@ -0,0 +1,25 @@ +// Copyright 2023 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package secrets + +import ( + "regexp" + + "code.gitea.io/gitea/modules/util" +) + +// https://docs.github.com/en/actions/security-guides/encrypted-secrets#naming-your-secrets +var ( + namePattern = regexp.MustCompile("(?i)^[A-Z_][A-Z0-9_]*$") + forbiddenPrefixPattern = regexp.MustCompile("(?i)^GIT(EA|HUB)_") + + ErrInvalidName = util.NewInvalidArgumentErrorf("invalid secret name") +) + +func ValidateName(name string) error { + if !namePattern.MatchString(name) || forbiddenPrefixPattern.MatchString(name) { + return ErrInvalidName + } + return nil +} |