Browse Source

Fixes 4762 - Content API for Creating, Updating, Deleting Files (#6314)

release/v1.9
Richard Mahn 3 years ago
committed by techknowlogick
parent
commit
2262811e40
  1. 2
      custom/conf/app.ini.sample
  2. 5
      docs/content/doc/advanced/config-cheat-sheet.en-us.md
  3. 3
      docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
  4. 114
      integrations/api_repo_file_content_test.go
  5. 215
      integrations/api_repo_file_create_test.go
  6. 163
      integrations/api_repo_file_delete_test.go
  7. 27
      integrations/api_repo_file_helpers.go
  8. 234
      integrations/api_repo_file_update_test.go
  9. 76
      integrations/api_repo_git_blobs_test.go
  10. 74
      integrations/api_repo_git_trees_test.go
  11. 3
      integrations/integration_test.go
  12. 3
      integrations/migration-test/migration_test.go
  13. 168
      models/error.go
  14. 2
      models/unit_tests.go
  15. 1
      modules/auth/repo_form.go
  16. 25
      modules/base/tool.go
  17. 15
      modules/context/repo.go
  18. 30
      modules/git/blob.go
  19. 5
      modules/git/commit.go
  20. 13
      modules/git/repo_commit.go
  21. 38
      modules/repofiles/blob.go
  22. 38
      modules/repofiles/blob_test.go
  23. 73
      modules/repofiles/content.go
  24. 90
      modules/repofiles/content_test.go
  25. 209
      modules/repofiles/delete.go
  26. 183
      modules/repofiles/delete_test.go
  27. 7
      modules/repofiles/diff.go
  28. 143
      modules/repofiles/diff_test.go
  29. 125
      modules/repofiles/file.go
  30. 90
      modules/repofiles/file_test.go
  31. 23
      modules/repofiles/repofiles.go
  32. 27
      modules/repofiles/repofiles_test.go
  33. 86
      modules/repofiles/temp_repo.go
  34. 92
      modules/repofiles/tree.go
  35. 24
      modules/repofiles/tree_test.go
  36. 331
      modules/repofiles/update.go
  37. 357
      modules/repofiles/update_test.go
  38. 8
      modules/repofiles/upload.go
  39. 29
      modules/repofiles/verification.go
  40. 2
      modules/setting/setting.go
  41. 100
      modules/uploader/delete.go
  42. 159
      modules/uploader/update.go
  43. 5
      options/locale/locale_en-US.ini
  44. 11
      routers/api/v1/api.go
  45. 51
      routers/api/v1/repo/blob.go
  46. 274
      routers/api/v1/repo/file.go
  47. 94
      routers/api/v1/repo/tree.go
  48. 10
      routers/api/v1/swagger/options.go
  49. 28
      routers/api/v1/swagger/repo.go
  50. 290
      routers/repo/editor.go
  51. 1
      routers/repo/editor_test.go
  52. 2
      templates/repo/editor/commit_form.tmpl
  53. 3
      templates/repo/editor/delete.tmpl
  54. 536
      templates/swagger/v1_json.tmpl

2
custom/conf/app.ini.sample

@ -672,6 +672,8 @@ MAX_RESPONSE_ITEMS = 50
DEFAULT_PAGING_NUM = 30
; Default and maximum number of items per page for git trees api
DEFAULT_GIT_TREES_PER_PAGE = 1000
; Default size of a blob returned by the blobs API (default is 10MiB)
DEFAULT_MAX_BLOB_SIZE = 10485760
[oauth2]
; Enables OAuth2 provider

5
docs/content/doc/advanced/config-cheat-sheet.en-us.md

@ -402,8 +402,9 @@ NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false`
- `ENABLE_SWAGGER`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true.
- `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page.
- `DEFAULT_PAGING_NUM`: **30**: Default paging number of api.
- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Default and maximum number of items per page for git trees api.
- `DEFAULT_PAGING_NUM`: **30**: Default paging number of API.
- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Default and maximum number of items per page for git trees API.
- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: Default max size of a blob that can be return by the blobs API.
## OAuth2 (`oauth2`)

3
docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

@ -215,7 +215,8 @@ menu:
- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 /api/swagger, /api/v1/swagger etc. endpoints. True 或 false; 默认是 true.
- `MAX_RESPONSE_ITEMS`: **50**: 一个页面最大的项目数。
- `DEFAULT_PAGING_NUM`: **30**: API中默认分页条数。
- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: GIT TREES API每页的默认和最大项数.
- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: GIT TREES API每页的默认最大项数.
- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: BLOBS API默认最大大小.
## Markup (`markup`)

114
integrations/api_repo_file_content_test.go

@ -0,0 +1,114 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"net/http"
"path/filepath"
"testing"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/sdk/gitea"
"github.com/stretchr/testify/assert"
)
func getExpectedFileContentResponseForFileContents(branch string) *api.FileContentResponse {
treePath := "README.md"
sha := "4b4851ad51df6a7d9f25c979345979eaeb5b349f"
return &api.FileContentResponse{
Name: filepath.Base(treePath),
Path: treePath,
SHA: sha,
Size: 30,
URL: setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath,
HTMLURL: setting.AppURL + "user2/repo1/blob/" + branch + "/" + treePath,
GitURL: setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha,
DownloadURL: setting.AppURL + "user2/repo1/raw/branch/" + branch + "/" + treePath,
Type: "blob",
Links: &api.FileLinksResponse{
Self: setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath,
GitURL: setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha,
HTMLURL: setting.AppURL + "user2/repo1/blob/" + branch + "/" + treePath,
},
}
}
func TestAPIGetFileContents(t *testing.T) {
prepareTestEnv(t)
user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) // owner of the repo1 & repo16
user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) // owner of the repo3, is an org
user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) // owner of neither repos
repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo
repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository) // public repo
repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
treePath := "README.md"
// Get user2's token
session := loginUser(t, user2.Name)
token2 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t)
// Get user4's token
session = loginUser(t, user4.Name)
token4 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t)
// Make a second master branch in repo1
repo1.CreateNewBranch(user2, repo1.DefaultBranch, "master2")
// ref is default branch
branch := repo1.DefaultBranch
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, branch)
resp := session.MakeRequest(t, req, http.StatusOK)
var fileContentResponse api.FileContentResponse
DecodeJSON(t, resp, &fileContentResponse)
assert.NotNil(t, fileContentResponse)
expectedFileContentResponse := getExpectedFileContentResponseForFileContents(branch)
assert.EqualValues(t, *expectedFileContentResponse, fileContentResponse)
// No ref
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s", user2.Name, repo1.Name, treePath)
resp = session.MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &fileContentResponse)
assert.NotNil(t, fileContentResponse)
expectedFileContentResponse = getExpectedFileContentResponseForFileContents(repo1.DefaultBranch)
assert.EqualValues(t, *expectedFileContentResponse, fileContentResponse)
// ref is master2
branch = "master2"
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, branch)
resp = session.MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &fileContentResponse)
assert.NotNil(t, fileContentResponse)
expectedFileContentResponse = getExpectedFileContentResponseForFileContents("master2")
assert.EqualValues(t, *expectedFileContentResponse, fileContentResponse)
// Test file contents a file with the wrong branch
branch = "badbranch"
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, branch)
resp = session.MakeRequest(t, req, http.StatusInternalServerError)
expectedAPIError := context.APIError{
Message: "object does not exist [id: " + branch + ", rel_path: ]",
URL: base.DocURL,
}
var apiError context.APIError
DecodeJSON(t, resp, &apiError)
assert.Equal(t, expectedAPIError, apiError)
// Test accessing private branch with user token that does not have access - should fail
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
session.MakeRequest(t, req, http.StatusNotFound)
// Test access private branch of owner of token
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/readme.md?token=%s", user2.Name, repo16.Name, token2)
session.MakeRequest(t, req, http.StatusOK)
// Test access of org user3 private repo file by owner user2
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
session.MakeRequest(t, req, http.StatusOK)
}

215
integrations/api_repo_file_create_test.go

@ -0,0 +1,215 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"encoding/base64"
"fmt"
"net/http"
"path/filepath"
"testing"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/sdk/gitea"
"github.com/stretchr/testify/assert"
)
func getCreateFileOptions() api.CreateFileOptions {
content := "This is new text"
contentEncoded := base64.StdEncoding.EncodeToString([]byte(content))
return api.CreateFileOptions{
FileOptions: api.FileOptions{
BranchName: "master",
NewBranchName: "master",
Message: "Creates new/file.txt",
Author: api.Identity{
Name: "John Doe",
Email: "johndoe@example.com",
},
Committer: api.Identity{
Name: "Jane Doe",
Email: "janedoe@example.com",
},
},
Content: contentEncoded,
}
}
func getExpectedFileResponseForCreate(commitID, treePath string) *api.FileResponse {
sha := "a635aa942442ddfdba07468cf9661c08fbdf0ebf"
return &api.FileResponse{
Content: &api.FileContentResponse{
Name: filepath.Base(treePath),
Path: treePath,
SHA: sha,
Size: 16,
URL: setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath,
HTMLURL: setting.AppURL + "user2/repo1/blob/master/" + treePath,
GitURL: setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha,
DownloadURL: setting.AppURL + "user2/repo1/raw/branch/master/" + treePath,
Type: "blob",
Links: &api.FileLinksResponse{
Self: setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath,
GitURL: setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha,
HTMLURL: setting.AppURL + "user2/repo1/blob/master/" + treePath,
},
},
Commit: &api.FileCommitResponse{
CommitMeta: api.CommitMeta{
URL: setting.AppURL + "api/v1/repos/user2/repo1/git/commits/" + commitID,
SHA: commitID,
},
HTMLURL: setting.AppURL + "user2/repo1/commit/" + commitID,
Author: &api.CommitUser{
Identity: api.Identity{
Name: "Jane Doe",
Email: "janedoe@example.com",
},
},
Committer: &api.CommitUser{
Identity: api.Identity{
Name: "John Doe",
Email: "johndoe@example.com",
},
},
Message: "Updates README.md\n",
},
Verification: &api.PayloadCommitVerification{
Verified: false,
Reason: "unsigned",
Signature: "",
Payload: "",
},
}
}
func TestAPICreateFile(t *testing.T) {
prepareTestEnv(t)
user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) // owner of the repo1 & repo16
user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) // owner of the repo3, is an org
user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) // owner of neither repos
repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo
repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository) // public repo
repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
fileID := 0
// Get user2's token
session := loginUser(t, user2.Name)
token2 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t)
// Get user4's token
session = loginUser(t, user4.Name)
token4 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t)
// Test creating a file in repo1 which user2 owns, try both with branch and empty branch
for _, branch := range [...]string{
"master", // Branch
"", // Empty branch
} {
createFileOptions := getCreateFileOptions()
createFileOptions.BranchName = branch
fileID++
treePath := fmt.Sprintf("new/file%d.txt", fileID)
url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
req := NewRequestWithJSON(t, "POST", url, &createFileOptions)
resp := session.MakeRequest(t, req, http.StatusCreated)
gitRepo, _ := git.OpenRepository(repo1.RepoPath())
commitID, _ := gitRepo.GetBranchCommitID(createFileOptions.NewBranchName)
expectedFileResponse := getExpectedFileResponseForCreate(commitID, treePath)
var fileResponse api.FileResponse
DecodeJSON(t, resp, &fileResponse)
assert.EqualValues(t, expectedFileResponse.Content, fileResponse.Content)
assert.EqualValues(t, expectedFileResponse.Commit.SHA, fileResponse.Commit.SHA)
assert.EqualValues(t, expectedFileResponse.Commit.HTMLURL, fileResponse.Commit.HTMLURL)
assert.EqualValues(t, expectedFileResponse.Commit.Author.Email, fileResponse.Commit.Author.Email)
assert.EqualValues(t, expectedFileResponse.Commit.Author.Name, fileResponse.Commit.Author.Name)
}
// Test creating a file in a new branch
createFileOptions := getCreateFileOptions()
createFileOptions.BranchName = repo1.DefaultBranch
createFileOptions.NewBranchName = "new_branch"
fileID++
treePath := fmt.Sprintf("new/file%d.txt", fileID)
url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
req := NewRequestWithJSON(t, "POST", url, &createFileOptions)
resp := session.MakeRequest(t, req, http.StatusCreated)
var fileResponse api.FileResponse
DecodeJSON(t, resp, &fileResponse)
expectedSHA := "a635aa942442ddfdba07468cf9661c08fbdf0ebf"
expectedHTMLURL := fmt.Sprintf("http://localhost:"+setting.HTTPPort+"/user2/repo1/blob/new_branch/new/file%d.txt", fileID)
expectedDownloadURL := fmt.Sprintf("http://localhost:"+setting.HTTPPort+"/user2/repo1/raw/branch/new_branch/new/file%d.txt", fileID)
assert.EqualValues(t, expectedSHA, fileResponse.Content.SHA)
assert.EqualValues(t, expectedHTMLURL, fileResponse.Content.HTMLURL)
assert.EqualValues(t, expectedDownloadURL, fileResponse.Content.DownloadURL)
// Test trying to create a file that already exists, should fail
createFileOptions = getCreateFileOptions()
treePath = "README.md"
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
resp = session.MakeRequest(t, req, http.StatusInternalServerError)
expectedAPIError := context.APIError{
Message: "repository file already exists [path: " + treePath + "]",
URL: base.DocURL,
}
var apiError context.APIError
DecodeJSON(t, resp, &apiError)
assert.Equal(t, expectedAPIError, apiError)
// Test creating a file in repo1 by user4 who does not have write access
createFileOptions = getCreateFileOptions()
fileID++
treePath = fmt.Sprintf("new/file%d.txt", fileID)
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
session.MakeRequest(t, req, http.StatusNotFound)
// Tests a repo with no token given so will fail
createFileOptions = getCreateFileOptions()
fileID++
treePath = fmt.Sprintf("new/file%d.txt", fileID)
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user2.Name, repo16.Name, treePath)
req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
session.MakeRequest(t, req, http.StatusNotFound)
// Test using access token for a private repo that the user of the token owns
createFileOptions = getCreateFileOptions()
fileID++
treePath = fmt.Sprintf("new/file%d.txt", fileID)
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token2)
req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
session.MakeRequest(t, req, http.StatusCreated)
// Test using org repo "user3/repo3" where user2 is a collaborator
createFileOptions = getCreateFileOptions()
fileID++
treePath = fmt.Sprintf("new/file%d.txt", fileID)
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
session.MakeRequest(t, req, http.StatusCreated)
// Test using org repo "user3/repo3" with no user token
createFileOptions = getCreateFileOptions()
fileID++
treePath = fmt.Sprintf("new/file%d.txt", fileID)
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user3.Name, repo3.Name, treePath)
req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
session.MakeRequest(t, req, http.StatusNotFound)
// Test using repo "user2/repo1" where user4 is a NOT collaborator
createFileOptions = getCreateFileOptions()
fileID++
treePath = fmt.Sprintf("new/file%d.txt", fileID)
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token4)
req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
session.MakeRequest(t, req, http.StatusForbidden)
}

163
integrations/api_repo_file_delete_test.go

@ -0,0 +1,163 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"fmt"
"net/http"
"testing"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
api "code.gitea.io/sdk/gitea"
"github.com/stretchr/testify/assert"
)
func getDeleteFileOptions() *api.DeleteFileOptions {
return &api.DeleteFileOptions{
FileOptions: api.FileOptions{
BranchName: "master",
NewBranchName: "master",
Message: "Updates new/file.txt",
Author: api.Identity{
Name: "John Doe",
Email: "johndoe@example.com",
},
Committer: api.Identity{
Name: "Jane Doe",
Email: "janedoe@example.com",
},
},
SHA: "103ff9234cefeee5ec5361d22b49fbb04d385885",
}
}
func TestAPIDeleteFile(t *testing.T) {
prepareTestEnv(t)
user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) // owner of the repo1 & repo16
user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) // owner of the repo3, is an org
user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) // owner of neither repos
repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo
repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository) // public repo
repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
fileID := 0
// Get user2's token
session := loginUser(t, user2.Name)
token2 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t)
// Get user4's token
session = loginUser(t, user4.Name)
token4 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t)
// Test deleting a file in repo1 which user2 owns, try both with branch and empty branch
for _, branch := range [...]string{
"master", // Branch
"", // Empty branch
} {
fileID++
treePath := fmt.Sprintf("delete/file%d.txt", fileID)
createFile(user2, repo1, treePath)
deleteFileOptions := getDeleteFileOptions()
deleteFileOptions.BranchName = branch
url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
req := NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
resp := session.MakeRequest(t, req, http.StatusOK)
var fileResponse api.FileResponse
DecodeJSON(t, resp, &fileResponse)
assert.NotNil(t, fileResponse)
assert.Nil(t, fileResponse.Content)
}
// Test deleting file and making the delete in a new branch
fileID++
treePath := fmt.Sprintf("delete/file%d.txt", fileID)
createFile(user2, repo1, treePath)
deleteFileOptions := getDeleteFileOptions()
deleteFileOptions.BranchName = repo1.DefaultBranch
deleteFileOptions.NewBranchName = "new_branch"
url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
req := NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
resp := session.MakeRequest(t, req, http.StatusOK)
var fileResponse api.FileResponse
DecodeJSON(t, resp, &fileResponse)
assert.NotNil(t, fileResponse)
assert.Nil(t, fileResponse.Content)
// Test deleting a file with the wrong SHA
fileID++
treePath = fmt.Sprintf("delete/file%d.txt", fileID)
createFile(user2, repo1, treePath)
deleteFileOptions = getDeleteFileOptions()
correctSHA := deleteFileOptions.SHA
deleteFileOptions.SHA = "badsha"
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
resp = session.MakeRequest(t, req, http.StatusInternalServerError)
expectedAPIError := context.APIError{
Message: "sha does not match [given: " + deleteFileOptions.SHA + ", expected: " + correctSHA + "]",
URL: base.DocURL,
}
var apiError context.APIError
DecodeJSON(t, resp, &apiError)
assert.Equal(t, expectedAPIError, apiError)
// Test creating a file in repo1 by user4 who does not have write access
fileID++
treePath = fmt.Sprintf("delete/file%d.txt", fileID)
createFile(user2, repo16, treePath)
deleteFileOptions = getDeleteFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
session.MakeRequest(t, req, http.StatusNotFound)
// Tests a repo with no token given so will fail
fileID++
treePath = fmt.Sprintf("delete/file%d.txt", fileID)
createFile(user2, repo16, treePath)
deleteFileOptions = getDeleteFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user2.Name, repo16.Name, treePath)
req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
session.MakeRequest(t, req, http.StatusNotFound)
// Test using access token for a private repo that the user of the token owns
fileID++
treePath = fmt.Sprintf("delete/file%d.txt", fileID)
createFile(user2, repo16, treePath)
deleteFileOptions = getDeleteFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token2)
req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
session.MakeRequest(t, req, http.StatusOK)
// Test using org repo "user3/repo3" where user2 is a collaborator
fileID++
treePath = fmt.Sprintf("delete/file%d.txt", fileID)
createFile(user3, repo3, treePath)
deleteFileOptions = getDeleteFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
session.MakeRequest(t, req, http.StatusOK)
// Test using org repo "user3/repo3" with no user token
fileID++
treePath = fmt.Sprintf("delete/file%d.txt", fileID)
createFile(user3, repo3, treePath)
deleteFileOptions = getDeleteFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user3.Name, repo3.Name, treePath)
req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
session.MakeRequest(t, req, http.StatusNotFound)
// Test using repo "user2/repo1" where user4 is a NOT collaborator
fileID++
treePath = fmt.Sprintf("delete/file%d.txt", fileID)
createFile(user2, repo1, treePath)
deleteFileOptions = getDeleteFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token4)
req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
session.MakeRequest(t, req, http.StatusForbidden)
}

27
integrations/api_repo_file_helpers.go

@ -0,0 +1,27 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/repofiles"
api "code.gitea.io/sdk/gitea"
)
func createFileInBranch(user *models.User, repo *models.Repository, treePath, branchName string) (*api.FileResponse, error) {
opts := &repofiles.UpdateRepoFileOptions{
OldBranch: branchName,
TreePath: treePath,
Content: "This is a NEW file",
IsNewFile: true,
Author: nil,
Committer: nil,
}
return repofiles.CreateOrUpdateRepoFile(repo, user, opts)
}
func createFile(user *models.User, repo *models.Repository, treePath string) (*api.FileResponse, error) {
return createFileInBranch(user, repo, treePath, repo.DefaultBranch)
}

234
integrations/api_repo_file_update_test.go

@ -0,0 +1,234 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"encoding/base64"
"fmt"
"net/http"
"path/filepath"
"testing"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/sdk/gitea"
"github.com/stretchr/testify/assert"
)
func getUpdateFileOptions() *api.UpdateFileOptions {
content := "This is updated text"
contentEncoded := base64.StdEncoding.EncodeToString([]byte(content))
return &api.UpdateFileOptions{
DeleteFileOptions: *getDeleteFileOptions(),
Content: contentEncoded,
}
}
func getExpectedFileResponseForUpdate(commitID, treePath string) *api.FileResponse {
sha := "08bd14b2e2852529157324de9c226b3364e76136"
return &api.FileResponse{
Content: &api.FileContentResponse{
Name: filepath.Base(treePath),
Path: treePath,
SHA: sha,
Size: 20,
URL: setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath,
HTMLURL: setting.AppURL + "user2/repo1/blob/master/" + treePath,
GitURL: setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha,
DownloadURL: setting.AppURL + "user2/repo1/raw/branch/master/" + treePath,
Type: "blob",
Links: &api.FileLinksResponse{
Self: setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath,
GitURL: setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha,
HTMLURL: setting.AppURL + "user2/repo1/blob/master/" + treePath,
},
},
Commit: &api.FileCommitResponse{
CommitMeta: api.CommitMeta{
URL: setting.AppURL + "api/v1/repos/user2/repo1/git/commits/" + commitID,
SHA: commitID,
},
HTMLURL: setting.AppURL + "user2/repo1/commit/" + commitID,
Author: &api.CommitUser{
Identity: api.Identity{
Name: "Jane Doe",
Email: "janedoe@example.com",
},
},
Committer: &api.CommitUser{
Identity: api.Identity{
Name: "John Doe",
Email: "johndoe@example.com",
},
},
Message: "Updates README.md\n",
},
Verification: &api.PayloadCommitVerification{
Verified: false,
Reason: "unsigned",
Signature: "",
Payload: "",
},
}
}
func TestAPIUpdateFile(t *testing.T) {
prepareTestEnv(t)
user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) // owner of the repo1 & repo16
user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) // owner of the repo3, is an org
user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) // owner of neither repos
repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo
repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository) // public repo
repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
fileID := 0
// Get user2's token
session := loginUser(t, user2.Name)
token2 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t)
// Get user4's token
session = loginUser(t, user4.Name)
token4 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t)
// Test updating a file in repo1 which user2 owns, try both with branch and empty branch
for _, branch := range [...]string{
"master", // Branch
"", // Empty branch
} {
fileID++
treePath := fmt.Sprintf("update/file%d.txt", fileID)
createFile(user2, repo1, treePath)
updateFileOptions := getUpdateFileOptions()
updateFileOptions.BranchName = branch
url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
req := NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
resp := session.MakeRequest(t, req, http.StatusOK)
gitRepo, _ := git.OpenRepository(repo1.RepoPath())
commitID, _ := gitRepo.GetBranchCommitID(updateFileOptions.NewBranchName)
expectedFileResponse := getExpectedFileResponseForUpdate(commitID, treePath)
var fileResponse api.FileResponse
DecodeJSON(t, resp, &fileResponse)
assert.EqualValues(t, expectedFileResponse.Content, fileResponse.Content)
assert.EqualValues(t, expectedFileResponse.Commit.SHA, fileResponse.Commit.SHA)
assert.EqualValues(t, expectedFileResponse.Commit.HTMLURL, fileResponse.Commit.HTMLURL)
assert.EqualValues(t, expectedFileResponse.Commit.Author.Email, fileResponse.Commit.Author.Email)
assert.EqualValues(t, expectedFileResponse.Commit.Author.Name, fileResponse.Commit.Author.Name)
}
// Test updating a file in a new branch
updateFileOptions := getUpdateFileOptions()
updateFileOptions.BranchName = repo1.DefaultBranch
updateFileOptions.NewBranchName = "new_branch"
fileID++
treePath := fmt.Sprintf("update/file%d.txt", fileID)
createFile(user2, repo1, treePath)
url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
req := NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
resp := session.MakeRequest(t, req, http.StatusOK)
var fileResponse api.FileResponse
DecodeJSON(t, resp, &fileResponse)
expectedSHA := "08bd14b2e2852529157324de9c226b3364e76136"
expectedHTMLURL := fmt.Sprintf("http://localhost:"+setting.HTTPPort+"/user2/repo1/blob/new_branch/update/file%d.txt", fileID)
expectedDownloadURL := fmt.Sprintf("http://localhost:"+setting.HTTPPort+"/user2/repo1/raw/branch/new_branch/update/file%d.txt", fileID)
assert.EqualValues(t, expectedSHA, fileResponse.Content.SHA)
assert.EqualValues(t, expectedHTMLURL, fileResponse.Content.HTMLURL)
assert.EqualValues(t, expectedDownloadURL, fileResponse.Content.DownloadURL)
// Test updating a file and renaming it
updateFileOptions = getUpdateFileOptions()
updateFileOptions.BranchName = repo1.DefaultBranch
fileID++
treePath = fmt.Sprintf("update/file%d.txt", fileID)
createFile(user2, repo1, treePath)
updateFileOptions.FromPath = treePath
treePath = "rename/" + treePath
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
resp = session.MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &fileResponse)
expectedSHA = "08bd14b2e2852529157324de9c226b3364e76136"
expectedHTMLURL = fmt.Sprintf("http://localhost:"+setting.HTTPPort+"/user2/repo1/blob/master/rename/update/file%d.txt", fileID)
expectedDownloadURL = fmt.Sprintf("http://localhost:"+setting.HTTPPort+"/user2/repo1/raw/branch/master/rename/update/file%d.txt", fileID)
assert.EqualValues(t, expectedSHA, fileResponse.Content.SHA)
assert.EqualValues(t, expectedHTMLURL, fileResponse.Content.HTMLURL)
assert.EqualValues(t, expectedDownloadURL, fileResponse.Content.DownloadURL)
// Test updating a file with the wrong SHA
fileID++
treePath = fmt.Sprintf("update/file%d.txt", fileID)
createFile(user2, repo1, treePath)
updateFileOptions = getUpdateFileOptions()
correctSHA := updateFileOptions.SHA
updateFileOptions.SHA = "badsha"
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
resp = session.MakeRequest(t, req, http.StatusInternalServerError)
expectedAPIError := context.APIError{
Message: "sha does not match [given: " + updateFileOptions.SHA + ", expected: " + correctSHA + "]",
URL: base.DocURL,
}
var apiError context.APIError
DecodeJSON(t, resp, &apiError)
assert.Equal(t, expectedAPIError, apiError)
// Test creating a file in repo1 by user4 who does not have write access
fileID++
treePath = fmt.Sprintf("update/file%d.txt", fileID)
createFile(user2, repo16, treePath)
updateFileOptions = getUpdateFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
session.MakeRequest(t, req, http.StatusNotFound)
// Tests a repo with no token given so will fail
fileID++
treePath = fmt.Sprintf("update/file%d.txt", fileID)
createFile(user2, repo16, treePath)
updateFileOptions = getUpdateFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user2.Name, repo16.Name, treePath)
req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
session.MakeRequest(t, req, http.StatusNotFound)
// Test using access token for a private repo that the user of the token owns
fileID++
treePath = fmt.Sprintf("update/file%d.txt", fileID)
createFile(user2, repo16, treePath)
updateFileOptions = getUpdateFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token2)
req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
session.MakeRequest(t, req, http.StatusOK)
// Test using org repo "user3/repo3" where user2 is a collaborator
fileID++
treePath = fmt.Sprintf("update/file%d.txt", fileID)
createFile(user3, repo3, treePath)
updateFileOptions = getUpdateFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
session.MakeRequest(t, req, http.StatusOK)
// Test using org repo "user3/repo3" with no user token
fileID++
treePath = fmt.Sprintf("update/file%d.txt", fileID)
createFile(user3, repo3, treePath)
updateFileOptions = getUpdateFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user3.Name, repo3.Name, treePath)
req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
session.MakeRequest(t, req, http.StatusNotFound)
// Test using repo "user2/repo1" where user4 is a NOT collaborator
fileID++
treePath = fmt.Sprintf("update/file%d.txt", fileID)
createFile(user2, repo1, treePath)
updateFileOptions = getUpdateFileOptions()
url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token4)
req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
session.MakeRequest(t, req, http.StatusForbidden)
}

76
integrations/api_repo_git_blobs_test.go

@ -0,0 +1,76 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"net/http"
"testing"
"code.gitea.io/gitea/models"
api "code.gitea.io/sdk/gitea"
"github.com/stretchr/testify/assert"
)
func TestAPIReposGitBlobs(t *testing.T) {
prepareTestEnv(t)
user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) // owner of the repo1 & repo16
user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) // owner of the repo3
user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) // owner of neither repos
repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo
repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository) // public repo
repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
repo1ReadmeSHA := "65f1bf27bc3bf70f64657658635e66094edbcb4d"
repo3ReadmeSHA := "d56a3073c1dbb7b15963110a049d50cdb5db99fc"
repo16ReadmeSHA := "f90451c72ef61a7645293d17b47be7a8e983da57"
badSHA := "0000000000000000000000000000000000000000"
// Login as User2.
session := loginUser(t, user2.Name)
token := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t) // don't want anyone logged in for this
// Test a public repo that anyone can GET the blob of
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo1.Name, repo1ReadmeSHA)
resp := session.MakeRequest(t, req, http.StatusOK)
var gitBlobResponse api.GitBlobResponse
DecodeJSON(t, resp, &gitBlobResponse)
assert.NotNil(t, gitBlobResponse)
expectedContent := "Y29tbWl0IDY1ZjFiZjI3YmMzYmY3MGY2NDY1NzY1ODYzNWU2NjA5NGVkYmNiNGQKQXV0aG9yOiB1c2VyMSA8YWRkcmVzczFAZXhhbXBsZS5jb20+CkRhdGU6ICAgU3VuIE1hciAxOSAxNjo0Nzo1OSAyMDE3IC0wNDAwCgogICAgSW5pdGlhbCBjb21taXQKCmRpZmYgLS1naXQgYS9SRUFETUUubWQgYi9SRUFETUUubWQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMC4uNGI0ODUxYQotLS0gL2Rldi9udWxsCisrKyBiL1JFQURNRS5tZApAQCAtMCwwICsxLDMgQEAKKyMgcmVwbzEKKworRGVzY3JpcHRpb24gZm9yIHJlcG8xClwgTm8gbmV3bGluZSBhdCBlbmQgb2YgZmlsZQo="
assert.Equal(t, expectedContent, gitBlobResponse.Content)
// Tests a private repo with no token so will fail
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo16.Name, repo16ReadmeSHA)
session.MakeRequest(t, req, http.StatusNotFound)
// Test using access token for a private repo that the user of the token owns
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s?token=%s", user2.Name, repo16.Name, repo16ReadmeSHA, token)
session.MakeRequest(t, req, http.StatusOK)
// Test using bad sha
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo1.Name, badSHA)
session.MakeRequest(t, req, http.StatusBadRequest)
// Test using org repo "user3/repo3" where user2 is a collaborator
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s?token=%s", user3.Name, repo3.Name, repo3ReadmeSHA, token)
session.MakeRequest(t, req, http.StatusOK)
// Test using org repo "user3/repo3" where user2 is a collaborator
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s?token=%s", user3.Name, repo3.Name, repo3ReadmeSHA, token)
session.MakeRequest(t, req, http.StatusOK)
// Test using org repo "user3/repo3" with no user token
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user3.Name, repo3ReadmeSHA, repo3.Name)
session.MakeRequest(t, req, http.StatusNotFound)
// Login as User4.
session = loginUser(t, user4.Name)
token4 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t) // don't want anyone logged in for this
// Test using org repo "user3/repo3" where user4 is a NOT collaborator
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/d56a3073c1dbb7b15963110a049d50cdb5db99fc?access=%s", user3.Name, repo3.Name, token4)
session.MakeRequest(t, req, http.StatusNotFound)
}

74
integrations/api_repo_git_trees_test.go

@ -0,0 +1,74 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"net/http"
"testing"
"code.gitea.io/gitea/models"
)
func TestAPIReposGitTrees(t *testing.T) {
prepareTestEnv(t)
user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) // owner of the repo1 & repo16
user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) // owner of the repo3
user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) // owner of neither repos
repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo
repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository) // public repo
repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
repo1TreeSHA := "65f1bf27bc3bf70f64657658635e66094edbcb4d"
repo3TreeSHA := "2a47ca4b614a9f5a43abbd5ad851a54a616ffee6"
repo16TreeSHA := "69554a64c1e6030f051e5c3f94bfbd773cd6a324"
badSHA := "0000000000000000000000000000000000000000"
// Login as User2.
session := loginUser(t, user2.Name)
token := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t) // don't want anyone logged in for this
// Test a public repo that anyone can GET the tree of
for _, ref := range [...]string{
"master", // Branch
repo1TreeSHA, // Tree SHA
} {
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s", user2.Name, repo1.Name, ref)
session.MakeRequest(t, req, http.StatusOK)
}
// Tests a private repo with no token so will fail
for _, ref := range [...]string{
"master", // Branch
repo1TreeSHA, // Tag
} {
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s", user2.Name, repo16.Name, ref)
session.MakeRequest(t, req, http.StatusNotFound)
}
// Test using access token for a private repo that the user of the token owns
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s?token=%s", user2.Name, repo16.Name, repo16TreeSHA, token)
session.MakeRequest(t, req, http.StatusOK)
// Test using bad sha
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s", user2.Name, repo1.Name, badSHA)
session.MakeRequest(t, req, http.StatusBadRequest)
// Test using org repo "user3/repo3" where user2 is a collaborator
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s?token=%s", user3.Name, repo3.Name, repo3TreeSHA, token)
session.MakeRequest(t, req, http.StatusOK)
// Test using org repo "user3/repo3" with no user token
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s", user3.Name, repo3TreeSHA, repo3.Name)
session.MakeRequest(t, req, http.StatusNotFound)
// Login as User4.
session = loginUser(t, user4.Name)
token4 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t) // don't want anyone logged in for this
// Test using org repo "user3/repo3" where user4 is a NOT collaborator
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/d56a3073c1dbb7b15963110a049d50cdb5db99fc?access=%s", user3.Name, repo3.Name, token4)
session.MakeRequest(t, req, http.StatusNotFound)
}

3
integrations/integration_test.go

@ -22,6 +22,7 @@ import (
"testing"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/routers"
"code.gitea.io/gitea/routers/routes"
@ -96,7 +97,7 @@ func TestMain(m *testing.M) {
}
func initIntegrationTest() {
giteaRoot := os.Getenv("GITEA_ROOT")
giteaRoot := base.SetupGiteaRoot()
if giteaRoot == "" {
fmt.Println("Environment variable $GITEA_ROOT not set")
os.Exit(1)

3
integrations/migration-test/migration_test.go

@ -18,6 +18,7 @@ import (
"code.gitea.io/gitea/integrations"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/migrations"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/setting"
"github.com/go-xorm/xorm"
@ -28,7 +29,7 @@ var currentEngine *xorm.Engine
func initMigrationTest(t *testing.T) {
integrations.PrintCurrentTest(t, 2)
giteaRoot := os.Getenv("GITEA_ROOT")
giteaRoot := base.SetupGiteaRoot()
if giteaRoot == "" {
integrations.Printf("Environment variable $GITEA_ROOT not set\n")
os.Exit(1)

168
models/error.go

@ -1,10 +1,15 @@
// Copyright 2015 The Gogs Authors. All rights reserved.
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package models
import "fmt"
import (
"fmt"
"code.gitea.io/gitea/modules/git"
)
// ErrNameReserved represents a "reserved name" error.
type ErrNameReserved struct {
@ -26,8 +31,7 @@ type ErrNamePatternNotAllowed struct {
Pattern string
}
// IsErrNamePatternNotAllowed checks if an error is an
// ErrNamePatternNotAllowed.
// IsErrNamePatternNotAllowed checks if an error is an ErrNamePatternNotAllowed.
func IsErrNamePatternNotAllowed(err error) bool {
_, ok := err.(ErrNamePatternNotAllowed)
return ok
@ -676,7 +680,7 @@ type ErrRepoRedirectNotExist struct {
RepoName string
}
// IsErrRepoRedirectNotExist check if an error is an ErrRepoRedirectNotExist
// IsErrRepoRedirectNotExist check if an error is an ErrRepoRedirectNotExist.
func IsErrRepoRedirectNotExist(err error) bool {
_, ok := err.(ErrRepoRedirectNotExist)
return ok
@ -765,28 +769,95 @@ func (err ErrInvalidTagName) Error() string {
return fmt.Sprintf("release tag name is not valid [tag_name: %s]", err.TagName)
}
// ErrRepoFileAlreadyExist represents a "RepoFileAlreadyExist" kind of error.
type ErrRepoFileAlreadyExist struct {
FileName string
// ErrRepoFileAlreadyExists represents a "RepoFileAlreadyExist" kind of error.
type ErrRepoFileAlreadyExists struct {
Path string
}
// IsErrRepoFileAlreadyExists checks if an error is a ErrRepoFileAlreadyExists.
func IsErrRepoFileAlreadyExists(err error) bool {
_, ok := err.(ErrRepoFileAlreadyExists)
return ok
}
func (err ErrRepoFileAlreadyExists) Error() string {
return fmt.Sprintf("repository file already exists [path: %s]", err.Path)
}
// ErrRepoFileDoesNotExist represents a "RepoFileDoesNotExist" kind of error.
type ErrRepoFileDoesNotExist struct {
Path string
Name string
}
// IsErrRepoFileDoesNotExist checks if an error is a ErrRepoDoesNotExist.
func IsErrRepoFileDoesNotExist(err error) bool {
_, ok := err.(ErrRepoFileDoesNotExist)
return ok
}
func (err ErrRepoFileDoesNotExist) Error() string {
return fmt.Sprintf("repository file does not exist [path: %s]", err.Path)
}
// ErrFilenameInvalid represents a "FilenameInvalid" kind of error.
type ErrFilenameInvalid struct {
Path string
}
// IsErrFilenameInvalid checks if an error is an ErrFilenameInvalid.
func IsErrFilenameInvalid(err error) bool {
_, ok := err.(ErrFilenameInvalid)
return ok
}
func (err ErrFilenameInvalid) Error() string {
return fmt.Sprintf("path contains a malformed path component [path: %s]", err.Path)
}
// ErrUserCannotCommit represents "UserCannotCommit" kind of error.
type ErrUserCannotCommit struct {
UserName string
}
// IsErrUserCannotCommit checks if an error is an ErrUserCannotCommit.
func IsErrUserCannotCommit(err error) bool {
_, ok := err.(ErrUserCannotCommit)
return ok
}
func (err ErrUserCannotCommit) Error() string {
return fmt.Sprintf("user cannot commit to repo [user: %s]", err.UserName)
}
// ErrFilePathInvalid represents a "FilePathInvalid" kind of error.
type ErrFilePathInvalid struct {
Message string
Path string
Name string
Type git.EntryMode
}
// IsErrRepoFileAlreadyExist checks if an error is a ErrRepoFileAlreadyExist.
func IsErrRepoFileAlreadyExist(err error) bool {
_, ok := err.(ErrRepoFileAlreadyExist)
// IsErrFilePathInvalid checks if an error is an ErrFilePathInvalid.
func IsErrFilePathInvalid(err error) bool {
_, ok := err.(ErrFilePathInvalid)
return ok
}
func (err ErrRepoFileAlreadyExist) Error() string {
return fmt.Sprintf("repository file already exists [file_name: %s]", err.FileName)
func (err ErrFilePathInvalid) Error() string {
if err.Message != "" {
return err.Message
}
return fmt.Sprintf("path is invalid [path: %s]", err.Path)
}
// ErrUserDoesNotHaveAccessToRepo represets an error where the user doesn't has access to a given repo
// ErrUserDoesNotHaveAccessToRepo represets an error where the user doesn't has access to a given repo.
type ErrUserDoesNotHaveAccessToRepo struct {
UserID int64
RepoName string
}
// IsErrUserDoesNotHaveAccessToRepo checks if an error is a ErrRepoFileAlreadyExist.
// IsErrUserDoesNotHaveAccessToRepo checks if an error is a ErrRepoFileAlreadyExists.
func IsErrUserDoesNotHaveAccessToRepo(err error) bool {
_, ok := err.(ErrUserDoesNotHaveAccessToRepo)
return ok
@ -818,7 +889,7 @@ func (err ErrBranchNotExist) Error() string {
return fmt.Sprintf("branch does not exist [name: %s]", err.Name)
}
// ErrBranchAlreadyExists represents an error that branch with such name already exists
// ErrBranchAlreadyExists represents an error that branch with such name already exists.
type ErrBranchAlreadyExists struct {
BranchName string
}
@ -833,7 +904,7 @@ func (err ErrBranchAlreadyExists) Error() string {
return fmt.Sprintf("branch already exists [name: %s]", err.BranchName)
}
// ErrBranchNameConflict represents an error that branch name conflicts with other branch
// ErrBranchNameConflict represents an error that branch name conflicts with other branch.
type ErrBranchNameConflict struct {
BranchName string
}
@ -848,7 +919,7 @@ func (err ErrBranchNameConflict) Error() string {
return fmt.Sprintf("branch conflicts with existing branch [name: %s]", err.BranchName)
}
// ErrNotAllowedToMerge represents an error that a branch is protected and the current user is not allowed to modify it
// ErrNotAllowedToMerge represents an error that a branch is protected and the current user is not allowed to modify it.
type ErrNotAllowedToMerge struct {
Reason string
}
@ -863,7 +934,7 @@ func (err ErrNotAllowedToMerge) Error() string {
return fmt.Sprintf("not allowed to merge [reason: %s]", err.Reason)
}
// ErrTagAlreadyExists represents an error that tag with such name already exists
// ErrTagAlreadyExists represents an error that tag with such name already exists.
type ErrTagAlreadyExists struct {
TagName string
}
@ -878,6 +949,67 @@ func (err ErrTagAlreadyExists) Error() string {
return fmt.Sprintf("tag already exists [name: %s]", err.TagName)
}
// ErrSHADoesNotMatch represents a "SHADoesNotMatch" kind of error.
type ErrSHADoesNotMatch struct {
Path string
GivenSHA string
CurrentSHA string
}
// IsErrSHADoesNotMatch checks if an error is a ErrSHADoesNotMatch.
func IsErrSHADoesNotMatch(err error) bool {
_, ok := err.(ErrSHADoesNotMatch)
return ok
}
func (err ErrSHADoesNotMatch) Error() string {
return fmt.Sprintf("sha does not match [given: %s, expected: %s]", err.GivenSHA, err.CurrentSHA)
}
// ErrSHANotFound represents a "SHADoesNotMatch" kind of error.
type ErrSHANotFound struct {
SHA string
}
// IsErrSHANotFound checks if an error is a ErrSHANotFound.
func IsErrSHANotFound(err error) bool {
_, ok := err.(ErrSHANotFound)
return ok
}
func (err ErrSHANotFound) Error() string {
return fmt.Sprintf("sha not found [%s]", err.SHA)
}
// ErrCommitIDDoesNotMatch represents a "CommitIDDoesNotMatch" kind of error.
type ErrCommitIDDoesNotMatch struct {
GivenCommitID string
CurrentCommitID string
}
// IsErrCommitIDDoesNotMatch checks if an error is a ErrCommitIDDoesNotMatch.
func IsErrCommitIDDoesNotMatch(err error) bool {
_, ok := err.(ErrCommitIDDoesNotMatch)
return ok
}
func (err ErrCommitIDDoesNotMatch) Error() string {
return fmt.Sprintf("file CommitID does not match [given: %s, expected: %s]", err.GivenCommitID, err.CurrentCommitID)
}
// ErrSHAOrCommitIDNotProvided represents a "SHAOrCommitIDNotProvided" kind of error.
type ErrSHAOrCommitIDNotProvided struct{}
// IsErrSHAOrCommitIDNotProvided checks if an error is a ErrSHAOrCommitIDNotProvided.
func IsErrSHAOrCommitIDNotProvided(err error) bool {
_, ok := err.(ErrSHAOrCommitIDNotProvided)
return ok
}
func (err ErrSHAOrCommitIDNotProvided) Error() string {
return fmt.Sprintf("a SHA or commmit ID must be proved when updating a file")
}
// __ __ ___. .__ __
// / \ / \ ____\_ |__ | |__ ____ ____ | | __
// \ \/\/ // __ \| __ \| | \ / _ \ / _ \| |/ /

2
models/unit_tests.go

@ -14,6 +14,7 @@ import (
"testing"
"time"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/setting"
"github.com/Unknwon/com"
@ -116,6 +117,7 @@ func PrepareTestEnv(t testing.TB) {
assert.NoError(t, removeAllWithRetry(setting.RepoRootPath))
metaPath := filepath.Join(giteaRoot, "integrations", "gitea-repositories-meta")
assert.NoError(t, com.CopyDir(metaPath, setting.RepoRootPath))
base.SetupGiteaRoot() // Makes sure GITEA_ROOT is set
}
type testCond struct {

1
modules/auth/repo_form.go

@ -590,6 +590,7 @@ type DeleteRepoFileForm struct {
CommitMessage string
CommitChoice string `binding:"Required;MaxSize(50)"`
NewBranchName string `binding:"GitRefName;MaxSize(100)"`
LastCommit string
}
// Validate validates the fields

25
modules/base/tool.go

@ -16,7 +16,10 @@ import (
"math"
"net/http"
"net/url"
"os"
"path"
"path/filepath"
"runtime"
"strconv"
"strings"
"time"
@ -603,3 +606,25 @@ func EntryIcon(entry *git.TreeEntry) string {
return "file-text"
}
// SetupGiteaRoot Sets GITEA_ROOT if it is not already set and returns the value
func SetupGiteaRoot() string {
giteaRoot := os.Getenv("GITEA_ROOT")
if giteaRoot == "" {
_, filename, _, _ := runtime.Caller(0)
giteaRoot = strings.TrimSuffix(filename, "modules/base/tool.go")
wd, err := os.Getwd()
if err != nil {
rel, err := filepath.Rel(giteaRoot, wd)
if err != nil && strings.HasPrefix(filepath.ToSlash(rel), "../") {
giteaRoot = wd
}
}
if _, err := os.Stat(filepath.Join(giteaRoot, "gitea")); os.IsNotExist(err) {
giteaRoot = ""
} else if err := os.Setenv("GITEA_ROOT", giteaRoot); err != nil {
giteaRoot = ""
}
}
return giteaRoot
}

15
modules/context/repo.go

@ -128,6 +128,21 @@ func (r *Repository) BranchNameSubURL() string {
return ""
}
// FileExists returns true if a file exists in the given repo branch
func (r *Repository) FileExists(path string, branch string) (bool, error) {
if branch == "" {
branch = r.Repository.DefaultBranch
}
commit, err := r.GitRepo.GetBranchCommit(branch)
if err != nil {
return false, err
}
if _, err := commit.GetTreeEntryByPath(path); err != nil {
return false, err
}
return true, nil
}
// GetEditorconfig returns the .editorconfig definition if found in the
// HEAD of the default repo branch.
func (r *Repository) GetEditorconfig() (*editorconfig.Editorconfig, error) {

30
modules/git/blob.go

@ -6,6 +6,7 @@ package git
import (
"bytes"
"encoding/base64"
"fmt"
"io"
"io/ioutil"
@ -71,3 +72,32 @@ func (b *Blob) DataAsync() (io.ReadCloser, error) {
return cmdReadCloser{stdout: stdout, cmd: cmd}, nil
}
// GetBlobContentBase64 Reads the content of the blob with a base64 encode and returns the encoded string
func (b *Blob) GetBlobContentBase64() (string, error) {
dataRc, err := b.DataAsync()
if err != nil {
return "", err
}
defer dataRc.Close()
pr, pw := io.Pipe()
encoder := base64.NewEncoder(base64.StdEncoding, pw)
go func() {
_, err := io.Copy(encoder, dataRc)
encoder.Close()
if err != nil {
pw.CloseWithError(err)
} else {
pw.Close()
}
}()
out, err := ioutil.ReadAll(pr)
if err != nil {
return "", err
}
return string(out), nil
}

5
modules/git/commit.go

@ -263,6 +263,11 @@ func (c *Commit) GetFilesChangedSinceCommit(pastCommit string) ([]string, error)
return c.repo.getFilesChanged(pastCommit, c.ID.String())
}
// FileChangedSinceCommit Returns true if the file given has changed since the the past commit
func (c *Commit) FileChangedSinceCommit(filename, pastCommit string) (bool, error) {
return c.repo.FileChangedBetweenCommits(filename, pastCommit, c.ID.String())
}
// GetSubModules get all the sub modules of current revision git tree
func (c *Commit) GetSubModules() (*ObjectCache, error) {
if c.submoduleCache != nil {

13
modules/git/repo_commit.go

@ -10,7 +10,7 @@ import (
"strconv"
"strings"
version "github.com/mcuadros/go-version"
"github.com/mcuadros/go-version"
)
// GetRefCommitID returns the last commit ID string of given reference (branch or tag).
@ -270,7 +270,7 @@ func (repo *Repository) searchCommits(id SHA1, opts SearchCommitsOptions) (*list
return repo.parsePrettyFormatLogToList(stdout)
}
func (repo *Repository) getFilesChanged(id1 string, id2 string) ([]string, error) {
func (repo *Repository) getFilesChanged(id1, id2 string) ([]string, error) {
stdout, err := NewCommand("diff", "--name-only", id1, id2).RunInDirBytes(repo.Path)
if err != nil {
return nil, err
@ -278,6 +278,15 @@ func (repo *Repository) getFilesChanged(id1 string, id2 string) ([]string, error
return strings.Split(string(stdout), "\n"), nil
}
// FileChangedBetweenCommits Returns true if the file changed between commit IDs id1 and id2
func (repo *Repository) FileChangedBetweenCommits(filename, id1, id2 string) (bool, error) {
stdout, err := NewCommand("diff", "--name-only", "-z", id1, id2, "--", filename).RunInDirBytes(repo.Path)
if err != nil {
return false, err
}
return len(strings.TrimSpace(string(stdout))) > 0, nil
}
// FileCommitsCount return the number of files at a revison
func (repo *Repository) FileCommitsCount(revision, file string) (int64, error) {
return commitsCount(repo.Path, revision, file)

38
modules/repofiles/blob.go