cleanup & minor refactorings

This commit is contained in:
Michael Jerger 2023-12-09 19:11:38 +01:00
parent 3172eb69d2
commit bad8e04c3c
2 changed files with 16 additions and 20 deletions

View file

@ -237,22 +237,29 @@ func RepositoryInbox(ctx *context.APIContext) {
activity := web.GetForm(ctx).(*forgefed.Star)
log.Info("RepositoryInbox: Activity.Source: %v, Activity.Actor %v, Activity.Actor.Id %v", activity.Source, activity.Actor, activity.Actor.GetID().String())
// parse actorId
// parse actorId (person)
actorId, err := forgefed.NewPersonId(activity.Actor.GetID().String(), string(activity.Source))
if err != nil {
ctx.ServerError("Validate actorId", err)
return
}
log.Info("RepositoryInbox: Actor parsed. %v", actorId)
log.Info("RepositoryInbox: actorId parsed: %v", actorId)
// parse objectId (repository)
objectId, err := forgefed.NewRepositoryId(activity.Object.GetID().String(), string(activity.Source))
if err != nil {
ctx.ServerError("Validate actorId", err)
return
}
log.Info("RepositoryInbox: objectId parsed: %v", objectId)
remoteStargazer := actorId.AsWebfinger() // used as LoginName in newly created user
log.Info("remotStargazer: %v", remoteStargazer)
stargazerLoginName := actorId.AsWebfinger() // used as LoginName in newly created user
log.Info("remotStargazer: %v", stargazerLoginName)
// Check if user already exists
// TODO: If the usesrs-id points to our current host, we've to use an alterantive search ...
// > We might need to discuss this further with the community, because when we execute this bit of code here, the federated api has been called.
// > Thus the searching for non-federated users could facilitate spoofing of already existing user-ids for some (malicious) purposes.
users, err := searchUsersByPerson(remoteStargazer)
users, err := searchUsersByPerson(stargazerLoginName)
if err != nil {
panic(fmt.Errorf("searching for user failed: %v", err))
}
@ -260,7 +267,7 @@ func RepositoryInbox(ctx *context.APIContext) {
switch len(users) {
case 0:
{
body, err := getBody(remoteStargazer, "does not exist yet", ctx) // ToDo: We would need to insert the repo or its owners key here
body, err := getBody(stargazerLoginName, "does not exist yet", ctx) // ToDo: We would need to insert the repo or its owners key here
if err != nil {
panic(fmt.Errorf("http get failed: %v", err))
}
@ -268,7 +275,7 @@ func RepositoryInbox(ctx *context.APIContext) {
if err != nil {
panic(fmt.Errorf("getting user failed: %v", err))
}
user, err = createFederatedUserFromPerson(person, remoteStargazer)
user, err = createFederatedUserFromPerson(person, stargazerLoginName)
if err != nil {
panic(fmt.Errorf("create federated user: %w", err))
}
@ -282,7 +289,7 @@ func RepositoryInbox(ctx *context.APIContext) {
user = users[0]
log.Info("Found user full name was: %v", user.FullName)
log.Info("Found user name was: %v", user.Name)
log.Info("Found user name was: %v", user.LoginName)
log.Info("Found user loginname was: %v", user.LoginName)
log.Info("%v", user)
}
default:
@ -291,6 +298,7 @@ func RepositoryInbox(ctx *context.APIContext) {
}
}
// TODO: why should we search user for a second time from db?
remoteUser, err := user_model.GetUserByEmail(ctx, user.Email)
if err != nil {
ctx.Error(http.StatusInternalServerError, "StarRepo", err)

View file

@ -8,7 +8,6 @@ import (
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
)
// RepositoryIDAssignmentAPI returns a middleware to handle context-repo assignment for api routes
@ -17,20 +16,9 @@ func RepositoryIDAssignmentAPI() func(ctx *context.APIContext) {
// TODO: enough validation for security?
repositoryID := ctx.ParamsInt64(":repository-id")
log.Info("RepositoryIDAssignmentAPI: %v", repositoryID)
//TODO: check auth here ?
//if !ctx.Repo.HasAccess() && !ctx.IsUserSiteAdmin() {
// ctx.Error(http.StatusForbidden, "reqAnyRepoReader", "user should have any permission to read repository or permissions of site admin")
// return
//}
var err error
repository := new(context.Repository)
// TODO: does repository struct need more infos?
repository.Repository, err = repo_model.GetRepositoryByID(ctx, repositoryID)
// TODO: check & convert errors
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetRepositoryByID", err)
}