1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-22 08:42:32 -05:00

wip: load repo to ctx

This commit is contained in:
Michael Jerger 2023-10-23 17:16:38 +02:00
parent 643681663f
commit 317b7fac8f
3 changed files with 42 additions and 2 deletions

View file

@ -1,4 +1,4 @@
// Copyright 2022 The Gitea Authors. All rights reserved. // Copyright 2023 The Gitea forgejoAuthors. All rights reserved.
// SPDX-License-Identifier: MIT // SPDX-License-Identifier: MIT
package activitypub package activitypub

View file

@ -894,6 +894,11 @@ func Routes() *web.Route {
m.Get("", activitypub.Person) m.Get("", activitypub.Person)
m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.PersonInbox) m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.PersonInbox)
}, context_service.UserIDAssignmentAPI()) }, context_service.UserIDAssignmentAPI())
// TODO: implement ctx
m.Group("/repository-id/{repsitory-id}", func() {
m.Get("", activitypub.Repository)
m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.RepositoryInbox)
}, context_service.RepositoryAssignmentAPI())
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryActivityPub)) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryActivityPub))
} }
@ -1081,7 +1086,10 @@ func Routes() *web.Route {
repo.CreateOrgRepoDeprecated) repo.CreateOrgRepoDeprecated)
// requires repo scope // requires repo scope
m.Combo("/repositories/{id}", reqToken(), tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository)).Get(repo.GetByID) m.Combo("/repositories/{id}",
reqToken(),
tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository)
).Get(repo.GetByID)
// Repos (requires repo scope) // Repos (requires repo scope)
m.Group("/repos", func() { m.Group("/repos", func() {

View file

@ -0,0 +1,32 @@
// Copyright 2023 The forgejo Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package context
import (
"net/http"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/modules/context"
)
// RepositoryIDAssignmentAPI returns a middleware to handle context-repo assignment for api routes
func RepositoryIDAssignmentAPI() func(ctx *context.APIContext) {
return func(ctx *context.APIContext) {
// TODO: enough validation for security?
repositoryID := ctx.ParamsInt64(":repository-id")
//TODO: check auth here ?
if !ctx.Repo.HasAccess() && !ctx.IsUserSiteAdmin() {
ctx.Error(http.StatusForbidden, "reqAnyRepoReader", "user should have any permission to read repository or permissions of site admin")
return
}
var err error
ctx.Repo, err = repo_model.GetRepositoryByID(ctx, repositoryID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetRepositoryByID", err)
}
}
}