aboutsummaryrefslogtreecommitdiff
path: root/internal/route/repo/tasks.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/route/repo/tasks.go')
-rw-r--r--internal/route/repo/tasks.go74
1 files changed, 74 insertions, 0 deletions
diff --git a/internal/route/repo/tasks.go b/internal/route/repo/tasks.go
new file mode 100644
index 00000000..e06d3ee7
--- /dev/null
+++ b/internal/route/repo/tasks.go
@@ -0,0 +1,74 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+ "net/http"
+
+ "gopkg.in/macaron.v1"
+ log "unknwon.dev/clog/v2"
+
+ "gogs.io/gogs/internal/db"
+ "gogs.io/gogs/internal/tool"
+)
+
+func TriggerTask(c *macaron.Context) {
+ branch := c.Query("branch")
+ pusherID := c.QueryInt64("pusher")
+ secret := c.Query("secret")
+ if branch == "" || pusherID <= 0 || secret == "" {
+ c.Error(http.StatusBadRequest, "Incomplete branch, pusher or secret")
+ return
+ }
+
+ username := c.Params(":username")
+ reponame := c.Params(":reponame")
+
+ owner, err := db.Users.GetByUsername(username)
+ if err != nil {
+ if db.IsErrUserNotExist(err) {
+ c.Error(http.StatusBadRequest, "Owner does not exist")
+ } else {
+ c.Status(http.StatusInternalServerError)
+ log.Error("Failed to get user [name: %s]: %v", username, err)
+ }
+ return
+ }
+
+ // 🚨 SECURITY: No need to check existence of the repository if the client
+ // can't even get the valid secret. Mostly likely not a legitimate request.
+ if secret != tool.MD5(owner.Salt) {
+ c.Error(http.StatusBadRequest, "Invalid secret")
+ return
+ }
+
+ repo, err := db.Repos.GetByName(owner.ID, reponame)
+ if err != nil {
+ if db.IsErrRepoNotExist(err) {
+ c.Error(http.StatusBadRequest, "Repository does not exist")
+ } else {
+ c.Status(http.StatusInternalServerError)
+ log.Error("Failed to get repository [owner_id: %d, name: %s]: %v", owner.ID, reponame, err)
+ }
+ return
+ }
+
+ pusher, err := db.Users.GetByID(pusherID)
+ if err != nil {
+ if db.IsErrUserNotExist(err) {
+ c.Error(http.StatusBadRequest, "Pusher does not exist")
+ } else {
+ c.Status(http.StatusInternalServerError)
+ log.Error("Failed to get user [id: %d]: %v", pusherID, err)
+ }
+ return
+ }
+
+ log.Trace("TriggerTask: %s/%s@%s by %q", owner.Name, repo.Name, branch, pusher.Name)
+
+ go db.HookQueue.Add(repo.ID)
+ go db.AddTestPullRequestTask(pusher, repo.ID, branch, true)
+ c.Status(http.StatusAccepted)
+}
Powered by cgit, Themed by Ted Yin.