初始提交: Gitea 项目代码

2026-05-30 22:47:36 +08:00
commit f288f76350
6116 changed files with 776822 additions and 0 deletions
@@ -0,0 +1,79 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package secrets
+
+import (
+	"context"
+
+	"gitea.dev/models/db"
+	secret_model "gitea.dev/models/secret"
+)
+
+func CreateOrUpdateSecret(ctx context.Context, ownerID, repoID int64, name, data, description string) (*secret_model.Secret, bool, error) {
+	if err := ValidateName(name); err != nil {
+		return nil, false, err
+	}
+
+	s, err := db.Find[secret_model.Secret](ctx, secret_model.FindSecretsOptions{
+		OwnerID: ownerID,
+		RepoID:  repoID,
+		Name:    name,
+	})
+	if err != nil {
+		return nil, false, err
+	}
+
+	if len(s) == 0 {
+		s, err := secret_model.InsertEncryptedSecret(ctx, ownerID, repoID, name, data, description)
+		if err != nil {
+			return nil, false, err
+		}
+		return s, true, nil
+	}
+
+	if err := secret_model.UpdateSecret(ctx, s[0].ID, data, description); err != nil {
+		return nil, false, err
+	}
+
+	return s[0], false, nil
+}
+
+func DeleteSecretByID(ctx context.Context, ownerID, repoID, secretID int64) error {
+	s, err := db.Find[secret_model.Secret](ctx, secret_model.FindSecretsOptions{
+		OwnerID:  ownerID,
+		RepoID:   repoID,
+		SecretID: secretID,
+	})
+	if err != nil {
+		return err
+	}
+	if len(s) != 1 {
+		return secret_model.ErrSecretNotFound{}
+	}
+
+	return deleteSecret(ctx, s[0])
+}
+
+func DeleteSecretByName(ctx context.Context, ownerID, repoID int64, name string) error {
+	s, err := db.Find[secret_model.Secret](ctx, secret_model.FindSecretsOptions{
+		OwnerID: ownerID,
+		RepoID:  repoID,
+		Name:    name,
+	})
+	if err != nil {
+		return err
+	}
+	if len(s) != 1 {
+		return secret_model.ErrSecretNotFound{}
+	}
+
+	return deleteSecret(ctx, s[0])
+}
+
+func deleteSecret(ctx context.Context, s *secret_model.Secret) error {
+	if _, err := db.DeleteByID[secret_model.Secret](ctx, s.ID); err != nil {
+		return err
+	}
+	return nil
+}
@@ -0,0 +1,33 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package secrets
+
+import (
+	"regexp"
+	"strings"
+	"sync"
+
+	"gitea.dev/modules/util"
+)
+
+// https://docs.github.com/en/actions/learn-github-actions/variables#naming-conventions-for-configuration-variables
+// https://docs.github.com/en/actions/security-guides/encrypted-secrets#naming-your-secrets
+var globalVars = sync.OnceValue(func() (ret struct {
+	namePattern, forbiddenPrefixPattern *regexp.Regexp
+},
+) {
+	ret.namePattern = regexp.MustCompile("(?i)^[A-Z_][A-Z0-9_]*$")
+	ret.forbiddenPrefixPattern = regexp.MustCompile("(?i)^GIT(EA|HUB)_")
+	return ret
+})
+
+func ValidateName(name string) error {
+	vars := globalVars()
+	if !vars.namePattern.MatchString(name) ||
+		vars.forbiddenPrefixPattern.MatchString(name) ||
+		strings.EqualFold(name, "CI") /* CI is always set to true in GitHub Actions*/ {
+		return util.NewInvalidArgumentErrorf("invalid variable or secret name")
+	}
+	return nil
+}
@@ -0,0 +1,29 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package secrets
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestValidateName(t *testing.T) {
+	cases := []struct {
+		name  string
+		valid bool
+	}{
+		{"FOO", true},
+		{"FOO1_BAR2", true},
+		{"_FOO", true}, // really? why support this
+		{"1FOO", false},
+		{"giteA_xx", false},
+		{"githuB_xx", false},
+		{"cI", false},
+	}
+	for _, c := range cases {
+		err := ValidateName(c.name)
+		assert.Equal(t, c.valid, err == nil, "ValidateName(%q)", c.name)
+	}
+}