mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-30 12:47:42 +01:00
03508b33a8
- Continuation of https://github.com/go-gitea/gitea/pull/18835 (by @Gusted, so it's fine to change copyright holder to Forgejo). - Add the option to use SSH for push mirrors, this would allow for the deploy keys feature to be used and not require tokens to be used which cannot be limited to a specific repository. The private key is stored encrypted (via the `keying` module) on the database and NEVER given to the user, to avoid accidental exposure and misuse. - CAVEAT: This does require the `ssh` binary to be present, which may not be available in containerized environments, this could be solved by adding a SSH client into forgejo itself and use the forgejo binary as SSH command, but should be done in another PR. - CAVEAT: Mirroring of LFS content is not supported, this would require the previous stated problem to be solved due to LFS authentication (an attempt was made at forgejo/forgejo#2544). - Integration test added. - Resolves #4416
255 lines
6.2 KiB
Go
255 lines
6.2 KiB
Go
// Copyright 2017 The Gitea Authors. All rights reserved.
|
|
// Copyright 2024 The Forgejo Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package util
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/ed25519"
|
|
"crypto/rand"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"math/big"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"code.gitea.io/gitea/modules/optional"
|
|
|
|
"golang.org/x/crypto/ssh"
|
|
"golang.org/x/text/cases"
|
|
"golang.org/x/text/language"
|
|
)
|
|
|
|
// OptionalBoolParse get the corresponding optional.Option[bool] of a string using strconv.ParseBool
|
|
func OptionalBoolParse(s string) optional.Option[bool] {
|
|
v, e := strconv.ParseBool(s)
|
|
if e != nil {
|
|
return optional.None[bool]()
|
|
}
|
|
return optional.Some(v)
|
|
}
|
|
|
|
// IsEmptyString checks if the provided string is empty
|
|
func IsEmptyString(s string) bool {
|
|
return len(strings.TrimSpace(s)) == 0
|
|
}
|
|
|
|
// NormalizeEOL will convert Windows (CRLF) and Mac (CR) EOLs to UNIX (LF)
|
|
func NormalizeEOL(input []byte) []byte {
|
|
var right, left, pos int
|
|
if right = bytes.IndexByte(input, '\r'); right == -1 {
|
|
return input
|
|
}
|
|
length := len(input)
|
|
tmp := make([]byte, length)
|
|
|
|
// We know that left < length because otherwise right would be -1 from IndexByte.
|
|
copy(tmp[pos:pos+right], input[left:left+right])
|
|
pos += right
|
|
tmp[pos] = '\n'
|
|
left += right + 1
|
|
pos++
|
|
|
|
for left < length {
|
|
if input[left] == '\n' {
|
|
left++
|
|
}
|
|
|
|
right = bytes.IndexByte(input[left:], '\r')
|
|
if right == -1 {
|
|
copy(tmp[pos:], input[left:])
|
|
pos += length - left
|
|
break
|
|
}
|
|
copy(tmp[pos:pos+right], input[left:left+right])
|
|
pos += right
|
|
tmp[pos] = '\n'
|
|
left += right + 1
|
|
pos++
|
|
}
|
|
return tmp[:pos]
|
|
}
|
|
|
|
// CryptoRandomInt returns a crypto random integer between 0 and limit, inclusive
|
|
func CryptoRandomInt(limit int64) (int64, error) {
|
|
rInt, err := rand.Int(rand.Reader, big.NewInt(limit))
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
return rInt.Int64(), nil
|
|
}
|
|
|
|
const alphanumericalChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
|
|
|
|
// CryptoRandomString generates a crypto random alphanumerical string, each byte is generated by [0,61] range
|
|
func CryptoRandomString(length int64) (string, error) {
|
|
buf := make([]byte, length)
|
|
limit := int64(len(alphanumericalChars))
|
|
for i := range buf {
|
|
num, err := CryptoRandomInt(limit)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
buf[i] = alphanumericalChars[num]
|
|
}
|
|
return string(buf), nil
|
|
}
|
|
|
|
// CryptoRandomBytes generates `length` crypto bytes
|
|
// This differs from CryptoRandomString, as each byte in CryptoRandomString is generated by [0,61] range
|
|
// This function generates totally random bytes, each byte is generated by [0,255] range
|
|
func CryptoRandomBytes(length int64) ([]byte, error) {
|
|
buf := make([]byte, length)
|
|
_, err := rand.Read(buf)
|
|
return buf, err
|
|
}
|
|
|
|
// ToUpperASCII returns s with all ASCII letters mapped to their upper case.
|
|
func ToUpperASCII(s string) string {
|
|
b := []byte(s)
|
|
for i, c := range b {
|
|
if 'a' <= c && c <= 'z' {
|
|
b[i] -= 'a' - 'A'
|
|
}
|
|
}
|
|
return string(b)
|
|
}
|
|
|
|
// ToTitleCase returns s with all english words capitalized
|
|
func ToTitleCase(s string) string {
|
|
// `cases.Title` is not thread-safe, do not use global shared variable for it
|
|
return cases.Title(language.English).String(s)
|
|
}
|
|
|
|
// ToTitleCaseNoLower returns s with all english words capitalized without lower-casing
|
|
func ToTitleCaseNoLower(s string) string {
|
|
// `cases.Title` is not thread-safe, do not use global shared variable for it
|
|
return cases.Title(language.English, cases.NoLower).String(s)
|
|
}
|
|
|
|
// ToInt64 transform a given int into int64.
|
|
func ToInt64(number any) (int64, error) {
|
|
var value int64
|
|
switch v := number.(type) {
|
|
case int:
|
|
value = int64(v)
|
|
case int8:
|
|
value = int64(v)
|
|
case int16:
|
|
value = int64(v)
|
|
case int32:
|
|
value = int64(v)
|
|
case int64:
|
|
value = v
|
|
|
|
case uint:
|
|
value = int64(v)
|
|
case uint8:
|
|
value = int64(v)
|
|
case uint16:
|
|
value = int64(v)
|
|
case uint32:
|
|
value = int64(v)
|
|
case uint64:
|
|
value = int64(v)
|
|
|
|
case float32:
|
|
value = int64(v)
|
|
case float64:
|
|
value = int64(v)
|
|
|
|
case string:
|
|
var err error
|
|
if value, err = strconv.ParseInt(v, 10, 64); err != nil {
|
|
return 0, err
|
|
}
|
|
default:
|
|
return 0, fmt.Errorf("unable to convert %v to int64", number)
|
|
}
|
|
return value, nil
|
|
}
|
|
|
|
// ToFloat64 transform a given int into float64.
|
|
func ToFloat64(number any) (float64, error) {
|
|
var value float64
|
|
switch v := number.(type) {
|
|
case int:
|
|
value = float64(v)
|
|
case int8:
|
|
value = float64(v)
|
|
case int16:
|
|
value = float64(v)
|
|
case int32:
|
|
value = float64(v)
|
|
case int64:
|
|
value = float64(v)
|
|
|
|
case uint:
|
|
value = float64(v)
|
|
case uint8:
|
|
value = float64(v)
|
|
case uint16:
|
|
value = float64(v)
|
|
case uint32:
|
|
value = float64(v)
|
|
case uint64:
|
|
value = float64(v)
|
|
|
|
case float32:
|
|
value = float64(v)
|
|
case float64:
|
|
value = v
|
|
|
|
case string:
|
|
var err error
|
|
if value, err = strconv.ParseFloat(v, 64); err != nil {
|
|
return 0, err
|
|
}
|
|
default:
|
|
return 0, fmt.Errorf("unable to convert %v to float64", number)
|
|
}
|
|
return value, nil
|
|
}
|
|
|
|
// ToPointer returns the pointer of a copy of any given value
|
|
func ToPointer[T any](val T) *T {
|
|
return &val
|
|
}
|
|
|
|
// Iif is an "inline-if", it returns "trueVal" if "condition" is true, otherwise "falseVal"
|
|
func Iif[T any](condition bool, trueVal, falseVal T) T {
|
|
if condition {
|
|
return trueVal
|
|
}
|
|
return falseVal
|
|
}
|
|
|
|
func ReserveLineBreakForTextarea(input string) string {
|
|
// Since the content is from a form which is a textarea, the line endings are \r\n.
|
|
// It's a standard behavior of HTML.
|
|
// But we want to store them as \n like what GitHub does.
|
|
// And users are unlikely to really need to keep the \r.
|
|
// Other than this, we should respect the original content, even leading or trailing spaces.
|
|
return strings.ReplaceAll(input, "\r\n", "\n")
|
|
}
|
|
|
|
// GenerateSSHKeypair generates a ed25519 SSH-compatible keypair.
|
|
func GenerateSSHKeypair() (publicKey, privateKey []byte, err error) {
|
|
public, private, err := ed25519.GenerateKey(nil)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("ed25519.GenerateKey: %w", err)
|
|
}
|
|
|
|
privPEM, err := ssh.MarshalPrivateKey(private, "")
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("ssh.MarshalPrivateKey: %w", err)
|
|
}
|
|
|
|
sshPublicKey, err := ssh.NewPublicKey(public)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("ssh.NewPublicKey: %w", err)
|
|
}
|
|
|
|
return ssh.MarshalAuthorizedKey(sshPublicKey), pem.EncodeToMemory(privPEM), nil
|
|
}
|