cleanup & minor refactorings
This commit is contained in:
parent
3172eb69d2
commit
bad8e04c3c
2 changed files with 16 additions and 20 deletions
|
@ -237,22 +237,29 @@ func RepositoryInbox(ctx *context.APIContext) {
|
|||
activity := web.GetForm(ctx).(*forgefed.Star)
|
||||
log.Info("RepositoryInbox: Activity.Source: %v, Activity.Actor %v, Activity.Actor.Id %v", activity.Source, activity.Actor, activity.Actor.GetID().String())
|
||||
|
||||
// parse actorId
|
||||
// parse actorId (person)
|
||||
actorId, err := forgefed.NewPersonId(activity.Actor.GetID().String(), string(activity.Source))
|
||||
if err != nil {
|
||||
ctx.ServerError("Validate actorId", err)
|
||||
return
|
||||
}
|
||||
log.Info("RepositoryInbox: Actor parsed. %v", actorId)
|
||||
log.Info("RepositoryInbox: actorId parsed: %v", actorId)
|
||||
// parse objectId (repository)
|
||||
objectId, err := forgefed.NewRepositoryId(activity.Object.GetID().String(), string(activity.Source))
|
||||
if err != nil {
|
||||
ctx.ServerError("Validate actorId", err)
|
||||
return
|
||||
}
|
||||
log.Info("RepositoryInbox: objectId parsed: %v", objectId)
|
||||
|
||||
remoteStargazer := actorId.AsWebfinger() // used as LoginName in newly created user
|
||||
log.Info("remotStargazer: %v", remoteStargazer)
|
||||
stargazerLoginName := actorId.AsWebfinger() // used as LoginName in newly created user
|
||||
log.Info("remotStargazer: %v", stargazerLoginName)
|
||||
|
||||
// Check if user already exists
|
||||
// TODO: If the usesrs-id points to our current host, we've to use an alterantive search ...
|
||||
// > We might need to discuss this further with the community, because when we execute this bit of code here, the federated api has been called.
|
||||
// > Thus the searching for non-federated users could facilitate spoofing of already existing user-ids for some (malicious) purposes.
|
||||
users, err := searchUsersByPerson(remoteStargazer)
|
||||
users, err := searchUsersByPerson(stargazerLoginName)
|
||||
if err != nil {
|
||||
panic(fmt.Errorf("searching for user failed: %v", err))
|
||||
}
|
||||
|
@ -260,7 +267,7 @@ func RepositoryInbox(ctx *context.APIContext) {
|
|||
switch len(users) {
|
||||
case 0:
|
||||
{
|
||||
body, err := getBody(remoteStargazer, "does not exist yet", ctx) // ToDo: We would need to insert the repo or its owners key here
|
||||
body, err := getBody(stargazerLoginName, "does not exist yet", ctx) // ToDo: We would need to insert the repo or its owners key here
|
||||
if err != nil {
|
||||
panic(fmt.Errorf("http get failed: %v", err))
|
||||
}
|
||||
|
@ -268,7 +275,7 @@ func RepositoryInbox(ctx *context.APIContext) {
|
|||
if err != nil {
|
||||
panic(fmt.Errorf("getting user failed: %v", err))
|
||||
}
|
||||
user, err = createFederatedUserFromPerson(person, remoteStargazer)
|
||||
user, err = createFederatedUserFromPerson(person, stargazerLoginName)
|
||||
if err != nil {
|
||||
panic(fmt.Errorf("create federated user: %w", err))
|
||||
}
|
||||
|
@ -282,7 +289,7 @@ func RepositoryInbox(ctx *context.APIContext) {
|
|||
user = users[0]
|
||||
log.Info("Found user full name was: %v", user.FullName)
|
||||
log.Info("Found user name was: %v", user.Name)
|
||||
log.Info("Found user name was: %v", user.LoginName)
|
||||
log.Info("Found user loginname was: %v", user.LoginName)
|
||||
log.Info("%v", user)
|
||||
}
|
||||
default:
|
||||
|
@ -291,6 +298,7 @@ func RepositoryInbox(ctx *context.APIContext) {
|
|||
}
|
||||
}
|
||||
|
||||
// TODO: why should we search user for a second time from db?
|
||||
remoteUser, err := user_model.GetUserByEmail(ctx, user.Email)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "StarRepo", err)
|
||||
|
|
|
@ -8,7 +8,6 @@ import (
|
|||
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/modules/context"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
)
|
||||
|
||||
// RepositoryIDAssignmentAPI returns a middleware to handle context-repo assignment for api routes
|
||||
|
@ -17,20 +16,9 @@ func RepositoryIDAssignmentAPI() func(ctx *context.APIContext) {
|
|||
// TODO: enough validation for security?
|
||||
repositoryID := ctx.ParamsInt64(":repository-id")
|
||||
|
||||
log.Info("RepositoryIDAssignmentAPI: %v", repositoryID)
|
||||
|
||||
//TODO: check auth here ?
|
||||
//if !ctx.Repo.HasAccess() && !ctx.IsUserSiteAdmin() {
|
||||
// ctx.Error(http.StatusForbidden, "reqAnyRepoReader", "user should have any permission to read repository or permissions of site admin")
|
||||
// return
|
||||
//}
|
||||
|
||||
var err error
|
||||
repository := new(context.Repository)
|
||||
// TODO: does repository struct need more infos?
|
||||
repository.Repository, err = repo_model.GetRepositoryByID(ctx, repositoryID)
|
||||
|
||||
// TODO: check & convert errors
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "GetRepositoryByID", err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue