mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-08-14 15:16:49 +02:00
022ab86988
Speaking from personal experience, when exploring the API I find myself trying to parse the exact meaning of many descriptions for a while, and I also have to get used to many different kinds of inconsistencies and grammar issues. This PR improves a few of these. Some I tried to reword to make them easier to understand, for others I just improved consistency a little, like capitalization. This area needs more work, this PR just makes some progress. Anything that is improved in this one can be improved further in later PRs, so in review please focus on regressions if you find any. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8728 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: 0ko <0ko@noreply.codeberg.org> Co-committed-by: 0ko <0ko@noreply.codeberg.org>
328 lines
9.6 KiB
Go
328 lines
9.6 KiB
Go
// Copyright 2017 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package user
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
|
|
asymkey_model "forgejo.org/models/asymkey"
|
|
"forgejo.org/models/db"
|
|
user_model "forgejo.org/models/user"
|
|
"forgejo.org/modules/setting"
|
|
api "forgejo.org/modules/structs"
|
|
"forgejo.org/modules/web"
|
|
"forgejo.org/routers/api/v1/utils"
|
|
"forgejo.org/services/context"
|
|
"forgejo.org/services/convert"
|
|
)
|
|
|
|
func listGPGKeys(ctx *context.APIContext, uid int64, listOptions db.ListOptions) {
|
|
keys, total, err := db.FindAndCount[asymkey_model.GPGKey](ctx, asymkey_model.FindGPGKeyOptions{
|
|
ListOptions: listOptions,
|
|
OwnerID: uid,
|
|
})
|
|
if err != nil {
|
|
ctx.Error(http.StatusInternalServerError, "ListGPGKeys", err)
|
|
return
|
|
}
|
|
|
|
if err := asymkey_model.GPGKeyList(keys).LoadSubKeys(ctx); err != nil {
|
|
ctx.Error(http.StatusInternalServerError, "ListGPGKeys", err)
|
|
return
|
|
}
|
|
|
|
apiKeys := make([]*api.GPGKey, len(keys))
|
|
for i := range keys {
|
|
apiKeys[i] = convert.ToGPGKey(keys[i])
|
|
}
|
|
|
|
ctx.SetTotalCountHeader(total)
|
|
ctx.JSON(http.StatusOK, &apiKeys)
|
|
}
|
|
|
|
// ListGPGKeys get the GPG key list of a user
|
|
func ListGPGKeys(ctx *context.APIContext) {
|
|
// swagger:operation GET /users/{username}/gpg_keys user userListGPGKeys
|
|
// ---
|
|
// summary: List the given user's GPG keys
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: username
|
|
// in: path
|
|
// description: username of user
|
|
// type: string
|
|
// required: true
|
|
// - name: page
|
|
// in: query
|
|
// description: page number of results to return (1-based)
|
|
// type: integer
|
|
// - name: limit
|
|
// in: query
|
|
// description: page size of results
|
|
// type: integer
|
|
// responses:
|
|
// "200":
|
|
// "$ref": "#/responses/GPGKeyList"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
|
|
listGPGKeys(ctx, ctx.ContextUser.ID, utils.GetListOptions(ctx))
|
|
}
|
|
|
|
// ListMyGPGKeys get the GPG key list of the authenticated user
|
|
func ListMyGPGKeys(ctx *context.APIContext) {
|
|
// swagger:operation GET /user/gpg_keys user userCurrentListGPGKeys
|
|
// ---
|
|
// summary: List the authenticated user's GPG keys
|
|
// parameters:
|
|
// - name: page
|
|
// in: query
|
|
// description: page number of results to return (1-based)
|
|
// type: integer
|
|
// - name: limit
|
|
// in: query
|
|
// description: page size of results
|
|
// type: integer
|
|
// produces:
|
|
// - application/json
|
|
// responses:
|
|
// "200":
|
|
// "$ref": "#/responses/GPGKeyList"
|
|
// "401":
|
|
// "$ref": "#/responses/unauthorized"
|
|
// "403":
|
|
// "$ref": "#/responses/forbidden"
|
|
|
|
listGPGKeys(ctx, ctx.Doer.ID, utils.GetListOptions(ctx))
|
|
}
|
|
|
|
// GetGPGKey get the GPG key based on a id
|
|
func GetGPGKey(ctx *context.APIContext) {
|
|
// swagger:operation GET /user/gpg_keys/{id} user userCurrentGetGPGKey
|
|
// ---
|
|
// summary: Get a GPG key
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: id
|
|
// in: path
|
|
// description: id of key to get
|
|
// type: integer
|
|
// format: int64
|
|
// required: true
|
|
// responses:
|
|
// "200":
|
|
// "$ref": "#/responses/GPGKey"
|
|
// "401":
|
|
// "$ref": "#/responses/unauthorized"
|
|
// "403":
|
|
// "$ref": "#/responses/forbidden"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
|
|
key, err := asymkey_model.GetGPGKeyForUserByID(ctx, ctx.Doer.ID, ctx.ParamsInt64(":id"))
|
|
if err != nil {
|
|
if asymkey_model.IsErrGPGKeyNotExist(err) {
|
|
ctx.NotFound()
|
|
} else {
|
|
ctx.Error(http.StatusInternalServerError, "GetGPGKeyByID", err)
|
|
}
|
|
return
|
|
}
|
|
if err := key.LoadSubKeys(ctx); err != nil {
|
|
ctx.Error(http.StatusInternalServerError, "LoadSubKeys", err)
|
|
return
|
|
}
|
|
ctx.JSON(http.StatusOK, convert.ToGPGKey(key))
|
|
}
|
|
|
|
// CreateUserGPGKey creates new GPG key to given user by ID.
|
|
func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) {
|
|
if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {
|
|
ctx.NotFound("Not Found", errors.New("gpg keys setting is not allowed to be visited"))
|
|
return
|
|
}
|
|
|
|
token := asymkey_model.VerificationToken(ctx.Doer, 1)
|
|
lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)
|
|
|
|
keys, err := asymkey_model.AddGPGKey(ctx, uid, form.ArmoredKey, token, form.Signature)
|
|
if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {
|
|
keys, err = asymkey_model.AddGPGKey(ctx, uid, form.ArmoredKey, lastToken, form.Signature)
|
|
}
|
|
if err != nil {
|
|
HandleAddGPGKeyError(ctx, err, token)
|
|
return
|
|
}
|
|
ctx.JSON(http.StatusCreated, convert.ToGPGKey(keys[0]))
|
|
}
|
|
|
|
// GetVerificationToken returns the current token to be signed for this user
|
|
func GetVerificationToken(ctx *context.APIContext) {
|
|
// swagger:operation GET /user/gpg_key_token user getVerificationToken
|
|
// ---
|
|
// summary: Get a Token to verify
|
|
// produces:
|
|
// - text/plain
|
|
// parameters:
|
|
// responses:
|
|
// "200":
|
|
// "$ref": "#/responses/string"
|
|
// "401":
|
|
// "$ref": "#/responses/unauthorized"
|
|
// "403":
|
|
// "$ref": "#/responses/forbidden"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
|
|
token := asymkey_model.VerificationToken(ctx.Doer, 1)
|
|
ctx.PlainText(http.StatusOK, token)
|
|
}
|
|
|
|
// VerifyUserGPGKey creates new GPG key to given user by ID.
|
|
func VerifyUserGPGKey(ctx *context.APIContext) {
|
|
// swagger:operation POST /user/gpg_key_verify user userVerifyGPGKey
|
|
// ---
|
|
// summary: Verify a GPG key
|
|
// consumes:
|
|
// - application/json
|
|
// produces:
|
|
// - application/json
|
|
// responses:
|
|
// "201":
|
|
// "$ref": "#/responses/GPGKey"
|
|
// "401":
|
|
// "$ref": "#/responses/unauthorized"
|
|
// "403":
|
|
// "$ref": "#/responses/forbidden"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
// "422":
|
|
// "$ref": "#/responses/validationError"
|
|
|
|
form := web.GetForm(ctx).(*api.VerifyGPGKeyOption)
|
|
token := asymkey_model.VerificationToken(ctx.Doer, 1)
|
|
lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)
|
|
|
|
form.KeyID = strings.TrimLeft(form.KeyID, "0")
|
|
if form.KeyID == "" {
|
|
ctx.NotFound()
|
|
return
|
|
}
|
|
|
|
_, err := asymkey_model.VerifyGPGKey(ctx, ctx.Doer.ID, form.KeyID, token, form.Signature)
|
|
if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {
|
|
_, err = asymkey_model.VerifyGPGKey(ctx, ctx.Doer.ID, form.KeyID, lastToken, form.Signature)
|
|
}
|
|
|
|
if err != nil {
|
|
if asymkey_model.IsErrGPGInvalidTokenSignature(err) {
|
|
ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
|
|
return
|
|
}
|
|
ctx.Error(http.StatusInternalServerError, "VerifyUserGPGKey", err)
|
|
}
|
|
|
|
keys, err := db.Find[asymkey_model.GPGKey](ctx, asymkey_model.FindGPGKeyOptions{
|
|
KeyID: form.KeyID,
|
|
IncludeSubKeys: true,
|
|
})
|
|
if err != nil {
|
|
if asymkey_model.IsErrGPGKeyNotExist(err) {
|
|
ctx.NotFound()
|
|
} else {
|
|
ctx.Error(http.StatusInternalServerError, "GetGPGKeysByKeyID", err)
|
|
}
|
|
return
|
|
}
|
|
ctx.JSON(http.StatusOK, convert.ToGPGKey(keys[0]))
|
|
}
|
|
|
|
// swagger:parameters userCurrentPostGPGKey
|
|
type swaggerUserCurrentPostGPGKey struct {
|
|
// in:body
|
|
Form api.CreateGPGKeyOption
|
|
}
|
|
|
|
// CreateGPGKey adds a GPG public key doer's account
|
|
func CreateGPGKey(ctx *context.APIContext) {
|
|
// swagger:operation POST /user/gpg_keys user userCurrentPostGPGKey
|
|
// ---
|
|
// summary: Add a GPG public key to current user's account
|
|
// consumes:
|
|
// - application/json
|
|
// produces:
|
|
// - application/json
|
|
// responses:
|
|
// "201":
|
|
// "$ref": "#/responses/GPGKey"
|
|
// "401":
|
|
// "$ref": "#/responses/unauthorized"
|
|
// "403":
|
|
// "$ref": "#/responses/forbidden"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
// "422":
|
|
// "$ref": "#/responses/validationError"
|
|
|
|
form := web.GetForm(ctx).(*api.CreateGPGKeyOption)
|
|
CreateUserGPGKey(ctx, *form, ctx.Doer.ID)
|
|
}
|
|
|
|
// DeleteGPGKey removes a GPG public key from doer's account
|
|
func DeleteGPGKey(ctx *context.APIContext) {
|
|
// swagger:operation DELETE /user/gpg_keys/{id} user userCurrentDeleteGPGKey
|
|
// ---
|
|
// summary: Remove a GPG public key from current user's account
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: id
|
|
// in: path
|
|
// description: id of key to delete
|
|
// type: integer
|
|
// format: int64
|
|
// required: true
|
|
// responses:
|
|
// "204":
|
|
// "$ref": "#/responses/empty"
|
|
// "401":
|
|
// "$ref": "#/responses/unauthorized"
|
|
// "403":
|
|
// "$ref": "#/responses/forbidden"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
|
|
if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {
|
|
ctx.NotFound("Not Found", errors.New("gpg keys setting is not allowed to be visited"))
|
|
return
|
|
}
|
|
|
|
if err := asymkey_model.DeleteGPGKey(ctx, ctx.Doer, ctx.ParamsInt64(":id")); err != nil {
|
|
ctx.Error(http.StatusInternalServerError, "DeleteGPGKey", err)
|
|
return
|
|
}
|
|
|
|
ctx.Status(http.StatusNoContent)
|
|
}
|
|
|
|
// HandleAddGPGKeyError handle add GPGKey error
|
|
func HandleAddGPGKeyError(ctx *context.APIContext, err error, token string) {
|
|
switch {
|
|
case asymkey_model.IsErrGPGKeyIDAlreadyUsed(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "GPGKeyIDAlreadyUsed", "A key with the same id already exists")
|
|
case asymkey_model.IsErrGPGKeyParsing(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "GPGKeyParsing", err)
|
|
case asymkey_model.IsErrGPGNoEmailFound(err):
|
|
ctx.Error(http.StatusNotFound, "GPGNoEmailFound", fmt.Sprintf("None of the emails attached to the GPG key could be found. It may still be added if you provide a valid signature for the token: %s", token))
|
|
case asymkey_model.IsErrGPGInvalidTokenSignature(err):
|
|
ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
|
|
default:
|
|
ctx.Error(http.StatusInternalServerError, "AddGPGKey", err)
|
|
}
|
|
}
|