ADD protected branch Features

2026-05-22 20:55:46 +08:00 · 2020-12-03 15:24:40 +08:00
parent a24f0f8b45
commit 6a8ae5234b
40 changed files with 1252 additions and 11 deletions
--- a/app/services/gitea/client_service.rb
+++ b/app/services/gitea/client_service.rb
@@ -21,11 +21,10 @@ class Gitea::ClientService < ApplicationService
  def post(url, params={})
    puts "[gitea] request params: #{params}"
    auth_token = authen_params(params[:token])
-    response = conn(auth_token).post do |req|
+    conn(auth_token).post do |req|
      req.url full_url(url)
      req.body = params[:data].to_json
    end
-    render_status(response)
  end

  def get(url, params={})
@@ -164,4 +163,86 @@ class Gitea::ClientService < ApplicationService
      nil
    end
  end
+
+  def render_response(response)
+    status = response.status
+    body = response&.body
+
+    body, message =
+      if body.present?
+        body = JSON.parse(body)
+        fix_body(body)
+      else
+        nil
+      end
+    puts "[gitea] status:  #{status}"
+    puts "[gitea] message: #{message}"
+    puts "[gitea] body:    #{body}"
+    [status, message, body]
+  end
+
+  def fix_body(body)
+    return [body, nil] if body.is_a? Array
+
+    body['message'].blank? ? [body, nil] : [nil, body['message']]
+  end
+
+  def render_json_data(status, message, body, success=true)
+    if success
+      success(body)
+    else
+      error(message, status)
+    end
+  end
+
+  def error(message, http_status = nil)
+    result = {
+      message: message,
+      status: :error
+    }
+
+    result[:http_status] = http_status if http_status
+    result
+  end
+
+  def success(body=nil)
+    {
+      status: :success,
+      body: body
+    }
+  end
+
+  def render_body(body)
+    success(body)[:body]
+  end
+
+  def render_200_response(response)
+    extract_statuses(response)
+  end
+
+  def render_200_no_body(response)
+    response.status
+    case response.status
+    when 200
+      {status: 200}
+    else
+    end
+  end
+
+  def render_201_response(response)
+    extract_statuses(response)
+  end
+
+  def render_202_response(response)
+    extract_statuses(response)
+  end
+
+  def extract_statuses(response)
+    success_statuses = [200, 201, 202, 204]
+    status, message, body = render_response(response)
+
+    error(message, status) unless success_statuses.include? status
+
+    render_body(body)
+  end
 end
--- a/app/services/gitea/hooks/create_service.rb
+++ b/app/services/gitea/hooks/create_service.rb
@@ -24,7 +24,8 @@ class Gitea::Hooks::CreateService < Gitea::ClientService
  end

  def call
-    post(url, params)
+    response = post(url, params)
+    render_201_response(response)
  end

  private
--- a/app/services/gitea/oauth2/create_service.rb
+++ b/app/services/gitea/oauth2/create_service.rb
@@ -27,7 +27,8 @@ class Gitea::Oauth2::CreateService < Gitea::ClientService
  end

  def call
-    post(url, request_params)
+    response = post(url, request_params)
+    render_201_response(response)
  end

  private
--- a/app/services/gitea/repository/branches/get_service.rb
+++ b/app/services/gitea/repository/branches/get_service.rb
@@ -13,7 +13,7 @@ class Gitea::Repository::Branches::GetService < Gitea::ClientService

  def call
    response = get(url, params)
-    render_data(response)
+    render_200_response(response)
  end

  private
--- a/app/services/gitea/repository/branches/list_service.rb
+++ b/app/services/gitea/repository/branches/list_service.rb
@@ -8,7 +8,7 @@ class Gitea::Repository::Branches::ListService < Gitea::ClientService

  def call
    response = get(url, params)
-    render_data(response)
+    render_200_response(response)
  end

  private
--- a/app/services/gitea/repository/create_service.rb
+++ b/app/services/gitea/repository/create_service.rb
@@ -18,7 +18,8 @@ class Gitea::Repository::CreateService < Gitea::ClientService
  end

  def call
-    post(url, request_params)
+    response = post(url, request_params)
+    render_201_response(response)
  end

  private
--- a/app/services/gitea/repository/entries/create_service.rb
+++ b/app/services/gitea/repository/entries/create_service.rb
@@ -29,7 +29,9 @@ class Gitea::Repository::Entries::CreateService < Gitea::ClientService
  end

  def call
-    post(url, params)
+    response = post(url, params)
+
+    render_201_response(response)
  end

  private
--- a/app/services/gitea/repository/fork_service.rb
+++ b/app/services/gitea/repository/fork_service.rb
@@ -14,7 +14,9 @@ class Gitea::Repository::ForkService < Gitea::ClientService
  end

  def call
-    post(url, request_params)
+    response = post(url, request_params)
+    
+    render_202_response(response)
  end

  private
--- a/app/services/gitea/repository/migrate_service.rb
+++ b/app/services/gitea/repository/migrate_service.rb
@@ -31,7 +31,9 @@ class Gitea::Repository::MigrateService < Gitea::ClientService
  end

  def call
-    post(url, request_params)
+    response = post(url, request_params)
+
+    render_201_response(response)
  end

  private
--- a/app/services/gitea/repository/protected_branches/create_service.rb
+++ b/app/services/gitea/repository/protected_branches/create_service.rb
@@ -0,0 +1,76 @@
+# Create a branch protections for a repository
+
+class Gitea::Repository::ProtectedBranches::CreateService < Gitea::ClientService
+  attr_reader :owner, :repo, :body, :token
+
+  # owner: owner of the repo
+  # repo: name of the repo
+  # body:
+  #   {
+  #   "approvals_whitelist_teams": [
+  #     "string"
+  #   ],
+  #   "approvals_whitelist_username": [
+  #     "string"
+  #   ],
+  #   "block_on_outdated_branch": true,
+  #   "block_on_rejected_reviews": true,
+  #   "branch_name": "string",
+  #   "dismiss_stale_approvals": true,
+  #   "enable_approvals_whitelist": true,
+  #   "enable_merge_whitelist": true,
+  #   "enable_push": true,
+  #   "enable_push_whitelist": true,
+  #   "enable_status_check": true,
+  #   "merge_whitelist_teams": [
+  #     "string"
+  #   ],
+  #   "merge_whitelist_usernames": [
+  #     "string"
+  #   ],
+  #   "protected_file_patterns": "string",
+  #   "push_whitelist_deploy_keys": true,
+  #   "push_whitelist_teams": [
+  #     "string"
+  #   ],
+  #   "push_whitelist_usernames": [
+  #     "string"
+  #   ],
+  #   "require_signed_commits": true,
+  #   "required_approvals": 0,
+  #   "status_check_contexts": [
+  #     "string"
+  #   ]
+  # }
+
+  def initialize(owner, repo, body={}, token=nil)
+    @owner = owner
+    @repo  = repo
+    @body  = body
+    @token = token
+  end
+
+  def call
+    response = post(url, params)
+    status, message, body = render_response(response)
+    json_format(status, message, body)
+  end
+
+  private
+  def params
+    Hash.new.merge(token: token, data: body)
+  end
+
+  def url
+    "/repos/#{owner}/#{repo}/branch_protections".freeze
+  end
+
+  def json_format(status, message, body)
+    case status
+    when 201 then success(body)
+    else
+      error(message, status)
+    end
+  end
+
+end
--- a/app/services/gitea/repository/protected_branches/destroy_service.rb
+++ b/app/services/gitea/repository/protected_branches/destroy_service.rb
@@ -0,0 +1,39 @@
+# Delete a specific branch protection for the repository
+
+class Gitea::Repository::ProtectedBranches::DestroyService < Gitea::ClientService
+  attr_reader :owner, :repo, :name, :token
+
+  # owner: owner of the repo
+  # repo: name of the repo
+  # name: name of protected branch
+  # eg:
+  # Gitea::Repository::ProtectedBranches::DestroyService.call(user.login, repo.identifier, branch_name, user.gitea_token)
+  def initialize(owner, repo, name, token=nil)
+    @owner = owner
+    @repo  = repo
+    @name  = name
+    @token = token
+  end
+
+  def call
+    response = delete(url, params)
+    status, message = render_response(response)
+    json_format(status, message)
+  end
+
+  private
+  def params
+    Hash.new.merge(token: token, data: name)
+  end
+
+  def url
+    "/repos/#{owner}/#{repo}/branch_protections/#{name}".freeze
+  end
+
+  def json_format(status, message)
+    case status
+    when 204 then success
+    when 404 then error(message, 404)
+    end
+  end
+end
--- a/app/services/gitea/repository/protected_branches/update_service.rb
+++ b/app/services/gitea/repository/protected_branches/update_service.rb
@@ -0,0 +1,78 @@
+# Edit a branch protections for a repository. Only fields that are set will be changed
+
+class Gitea::Repository::ProtectedBranches::UpdateService < Gitea::ClientService
+  attr_reader :owner, :repo, :name, :body, :token
+
+  # owner: owner of the repo
+  # repo: name of the repo
+  # nmae: name of protected branch
+  # body:
+  #   {
+  #   "approvals_whitelist_teams": [
+  #     "string"
+  #   ],
+  #   "approvals_whitelist_username": [
+  #     "string"
+  #   ],
+  #   "block_on_outdated_branch": true,
+  #   "block_on_rejected_reviews": true,
+  #   "branch_name": "string",
+  #   "dismiss_stale_approvals": true,
+  #   "enable_approvals_whitelist": true,
+  #   "enable_merge_whitelist": true,
+  #   "enable_push": true,
+  #   "enable_push_whitelist": true,
+  #   "enable_status_check": true,
+  #   "merge_whitelist_teams": [
+  #     "string"
+  #   ],
+  #   "merge_whitelist_usernames": [
+  #     "string"
+  #   ],
+  #   "protected_file_patterns": "string",
+  #   "push_whitelist_deploy_keys": true,
+  #   "push_whitelist_teams": [
+  #     "string"
+  #   ],
+  #   "push_whitelist_usernames": [
+  #     "string"
+  #   ],
+  #   "require_signed_commits": true,
+  #   "required_approvals": 0,
+  #   "status_check_contexts": [
+  #     "string"
+  #   ]
+  # }
+  # eq:
+  # Gitea::Repository::ProtectedBranches::UpdateService.call(user.login, repo.identifier, branch_name, body, user.gitea_token)
+  def initialize(owner, repo, name, body, token=nil)
+    @owner = owner
+    @repo  = repo
+    @name  = name
+    @body  = body
+    @token = token
+  end
+
+  def call
+    response = patch(url, params)
+    status, message, body = render_response(response)
+    json_format(status, message, body)
+  end
+
+  private
+  def params
+    Hash.new.merge(token: token, data: body)
+  end
+
+  def url
+    "/repos/#{owner}/#{repo}/branch_protections/#{name}".freeze
+  end
+
+  def json_format(status, message, body)
+    case status
+    when 200 then success(body)
+    else
+      error(message, status)
+    end
+  end
+end
--- a/app/services/gitea/repository/sync_mirrored_service.rb
+++ b/app/services/gitea/repository/sync_mirrored_service.rb
@@ -15,7 +15,9 @@ class Gitea::Repository::SyncMirroredService < Gitea::ClientService
  end

  def call
-    post(url, request_params)
+    response = post(url, request_params)
+
+    render_200_no_body(response)
  end

  private
--- a/app/services/protected_branches/base_service.rb
+++ b/app/services/protected_branches/base_service.rb
@@ -0,0 +1,266 @@
+module ProtectedBranches
+  class BaseService < ApplicationService
+    attr_accessor :repository, :owner, :params
+
+    def initialize(repository, user = nil, params = {})
+      @repository, @owner, @params = repository, user, params.dup
+    end
+
+    # delegate :repository, to: :project
+
+    def protected_branch_params
+      # {
+      #   "approvals_whitelist_teams": [
+      #     "string"
+      #   ], //批准团队(或审查团队)白名单
+      #   "approvals_whitelist_username": [
+      #     "string"
+      #   ], // 批准用户(或审查者)白名单
+      #   "block_on_outdated_branch": true, // 如果拉取过时，阻止合并
+      #   "block_on_rejected_reviews": true, // 拒绝审核，阻止合并请求
+        # "branch_name": "string",  //分支名称
+      #   "dismiss_stale_approvals": true, // 取消过时的批准
+      #   "enable_approvals_whitelist": true, //是否批准仅限列入白名单的用户或者团队， 主要用户pr的审核批准计数功能
+      #   "enable_merge_whitelist": true, // 是否启用合并请求白名单
+      #   "enable_push": true, //启用、禁止推送
+      #   "enable_push_whitelist": true, // 是否启动推送白名单
+      #   "enable_status_check": true, //是否启用状态检查
+      #   "merge_whitelist_teams": [
+      #     "string"
+      #   ], // 合并请求团队白名单
+      #   "merge_whitelist_usernames": [
+      #     "string"
+      #   ], // 合并请求用户白名单
+      #   "protected_file_patterns": "string", //保护文件模式
+      #   "push_whitelist_deploy_keys": true, // 具有推送权限的部署密钥白名单
+      #   "push_whitelist_teams": [
+      #     "string"
+      #   ], //推送团队白名单
+      #   "push_whitelist_usernames": [
+      #     "string"
+      #   ], //推送用户白名单
+      #   "require_signed_commits": true, //是否需要签名提交
+      #   "required_approvals": 0, // 所需批准数
+      #   "status_check_contexts": [
+      #     "string"
+      #   ] // 状态检查规则
+      # }
+
+
+      #  branch_name                   :string(255)      default("")
+      #  can_push                      :boolean          default("0"), not null
+      #  enable_whitelist              :boolean          default("0")
+      #  whitelist_user_i_ds           :text(65535)
+      #  whitelist_team_i_ds           :text(65535)
+      #  enable_merge_whitelist        :boolean          default("0"), not null
+      #  whitelist_deploy_keys         :boolean          default("0"), not null
+      #  merge_whitelist_user_i_ds     :text(65535)
+      #  merge_whitelist_team_i_ds     :text(65535)
+      #  enable_status_check           :boolean          default("0"), not null
+      #  status_check_contexts         :text(65535)
+      #  approvals_whitelist_user_i_ds :text(65535)
+      #  approvals_whitelist_team_i_ds :text(65535)
+      #  required_approvals            :integer          default("0")
+      #  enable_approvals_whitelist    :boolean          default("0"), not null
+      #  block_on_rejected_reviews     :boolean          default("0"), not null
+      #  dismiss_stale_approvals       :boolean          default("0"), not null
+      #  require_signed_commits        :boolean          default("0"), not null
+      #  protected_file_patterns       :text(65535)
+      #  block_on_outdated_branch      :boolean          default("0"), not null
+
+      {
+        branch_name: params[:branch_name],
+        can_push: can_push_params,
+        enable_whitelist: enable_whitelist_params,
+        whitelist_user_i_ds: whitelist_user_i_ds_params,
+        # whitelist_team_i_ds: whitelist_team_i_ds_params,
+        enable_merge_whitelist: enable_merge_whitelist_params,
+        merge_whitelist_user_i_ds: merge_whitelist_user_i_ds_params,
+        # merge_whitelist_team_i_ds: merge_whitelist_team_i_ds_params,
+        enable_status_check: enable_status_check_params,
+        required_approvals: params[:required_approvals] || 0,
+        enable_approvals_whitelist: enable_approvals_whitelist_params,
+        approvals_whitelist_user_i_ds: approvals_whitelist_user_i_ds_params,
+        # approvals_whitelist_team_i_ds: approvals_whitelist_team_i_ds_params,
+        block_on_rejected_reviews: block_on_rejected_reviews_params,
+        dismiss_stale_approvals: dismiss_stale_approvals_params,
+        require_signed_commits: require_signed_commits_params,
+        block_on_outdated_branch: block_on_outdated_branch_params
+      }
+    end
+
+    def enable_status_check_params
+      params[:enable_status_check] || false
+    end
+
+    def enable_approvals_whitelist_params
+      params[:enable_approvals_whitelist] || false
+    end
+    def block_on_rejected_reviews_params
+      params[:block_on_rejected_reviews] || false
+    end
+
+    def dismiss_stale_approvals_params
+      params[:dismiss_stale_approvals] || false
+    end
+
+    def require_signed_commits_params
+      params[:require_signed_commits] || false
+    end
+
+    def block_on_outdated_branch_params
+      params[:block_on_outdated_branch] || false
+    end
+
+    def can_push_params
+      return false if !can_push?
+      return true if enable_whitelist?
+      params[:enable_push]
+    end
+
+    def enable_whitelist_params
+      return false if !can_push?
+      params[:enable_push_whitelist]
+    end
+
+    def whitelist_user_i_ds_params
+      return [] if !can_push?
+      user_ids(get_push_whitelist_usernames)
+    end
+
+    def whitelist_team_i_ds_params
+      # params[:push_whitelist_usernames]
+    end
+
+    def enable_merge_whitelist_params
+      params[:enable_merge_whitelist] || false
+    end
+
+    def merge_whitelist_user_i_ds_params
+      returtn [] if !enable_merge_whitelist?
+      user_ids(get_merge_whitelist_usernames)
+    end
+
+    def merge_whitelist_team_i_ds_params
+      params[:merge_whitelist_teams]
+    end
+
+    def approvals_whitelist_user_i_ds_params
+      return [] if !enable_approvals_whitelist?
+      user_ids(get_approvals_whitelist_username)
+    end
+
+    def approvals_whitelist_team_i_ds_params
+      params[:approvals_whitelist_teams]
+    end
+
+    def user_ids(names)
+      member_ids & names_by_params(names)
+    end
+
+    def member_ids
+      @repository.project.writable_members.map(&:user_id)
+    end
+
+    def names_by_params(names)
+      User.where(login: names.to_a).ids
+    end
+
+    def get_push_whitelist_usernames
+      return [] if !can_push? || !enable_whitelist?
+      filter_empty_element Array(params[:push_whitelist_usernames])
+    end
+
+    def get_merge_whitelist_usernames
+      return [] if !enable_merge_whitelist?
+      filter_empty_element Array(params[:merge_whitelist_usernames])
+    end
+
+    def get_approvals_whitelist_username
+      return [] if !enable_approvals_whitelist?
+      filter_empty_element Array(params[:approvals_whitelist_username])
+    end
+
+    def check_users!(names)
+      names.each {|name|
+        check_user!(name)
+        break
+      }
+    end
+
+    def check_user!(name)
+      user_exist = User.exists?(login: name)
+      raise Error, "user '#{name}' does not exist" if !user_exist
+    end
+
+    def can_push?
+      params[:enable_push] === true
+    end
+
+    def enable_whitelist?
+      params[:enable_push_whitelist] === true
+    end
+
+    def enable_merge_whitelist?
+      params[:enable_merge_whitelist] === true
+    end
+
+    def enable_approvals_whitelist?
+      params[:enable_approvals_whitelist] === true
+    end
+
+    def filter_empty_element(array)
+      array.reject { |e| e.to_s.empty? }
+    end
+
+    def save_gitea_protected_branch!
+      @gitea_protected_branch ||= Gitea::Repository::ProtectedBranches::CreateService.call(@owner.login,
+        @repository.identifier,gitea_protected_branch_params, @owner.gitea_token)
+
+      raise Error, @gitea_protected_branch[:message] if @gitea_protected_branch[:status] != :success
+    end
+
+    def gitea_protected_branch_saved?
+      @gitea_protected_branch[:status] === success
+    end
+
+    def gitea_protected_branch
+      @gitea_protected_branch[:body]
+    end
+
+    def gitea_protected_branch_params
+      {
+        approvals_whitelist_username: get_approvals_whitelist_username,
+        branch_name: params[:branch_name],
+        enable_approvals_whitelist: enable_approvals_whitelist_params,
+        enable_merge_whitelist: enable_merge_whitelist_params,
+        enable_push: can_push_params,
+        enable_push_whitelist: enable_whitelist_params,
+        enable_status_check: enable_status_check_params,
+        # merge_whitelist_teams: [],
+        merge_whitelist_usernames: get_merge_whitelist_usernames,
+        # protected_file_patterns: string,
+        # push_whitelist_deploy_keys: true,
+        # push_whitelist_teams: [],
+        push_whitelist_usernames: get_push_whitelist_usernames,
+        block_on_rejected_reviews: block_on_rejected_reviews_params,
+        dismiss_stale_approvals: dismiss_stale_approvals_params,
+        require_signed_commits: require_signed_commits_params,
+        block_on_outdated_branch: block_on_outdated_branch_params
+
+      }
+    end
+    
+    def validate!
+      protected_branch_exists = repository.protected_branches.exists?(params[:branch_name])
+      raise Error, "Protected branch '#{branch_name}' already exists" if protected_branch_exists
+
+      check_users!(get_push_whitelist_usernames)  if get_push_whitelist_usernames.any?
+      check_users!(get_merge_whitelist_usernames)  if get_merge_whitelist_usernames.any?
+      check_users!(get_approvals_whitelist_username)  if get_approvals_whitelist_username.any?
+
+      raise Error, '分支名称不能为空' if params[:branch_name].blank?
+
+    end
+  end
+end
--- a/app/services/protected_branches/create_service.rb
+++ b/app/services/protected_branches/create_service.rb
@@ -0,0 +1,22 @@
+module ProtectedBranches
+  class CreateService < ProtectedBranches::BaseService
+    def call
+      validate!
+
+      save_gitea_protected_branch!
+
+      save_protected_branch!
+
+      protected_branch
+    end
+
+    private
+      def protected_branch
+        @protected_branch ||= repository.protected_branches.new(protected_branch_params)
+      end
+
+      def save_protected_branch!
+        protected_branch.save
+      end
+  end
+end
--- a/app/services/protected_branches/destroy_service.rb
+++ b/app/services/protected_branches/destroy_service.rb
@@ -0,0 +1,26 @@
+module ProtectedBranches
+  class DestroyService < ProtectedBranches::BaseService
+    def call
+      protected_branch.destroy! if success?
+		rescue ActiveRecord::RecordNotFound
+      raise Error, '404'
+    rescue => ex
+      Rails.logger.info ex
+      raise Error, ex
+    end
+
+    private
+      def protected_branch
+        @protected_branch ||= @repository.protected_branches.find_by!(branch_name: @params)
+      end
+
+      def success?
+        result = Gitea::Repository::ProtectedBranches::DestroyService.call(@owner.login,
+          @repository.identifier, protected_branch.branch_name, @owner.gitea_token)
+
+        return true if result[:status] === :success
+        raise Error, result[:message]
+      end
+
+  end
+end
--- a/app/services/protected_branches/update_service.rb
+++ b/app/services/protected_branches/update_service.rb
@@ -0,0 +1,31 @@
+module ProtectedBranches
+  class UpdateService < ProtectedBranches::BaseService
+    def call
+      validate!
+      protected_branch.update(protected_branch_params) if success?
+
+      protected_branch
+
+		rescue ActiveRecord::RecordNotFound
+      raise Error, '404'
+    rescue => ex
+      Rails.logger.info ex
+      raise Error, ex
+    end
+
+    private
+      def protected_branch
+        @protected_branch ||= @repository.protected_branches.find_by!(branch_name: params[:branch_name])
+      end
+
+      def success?
+        result = Gitea::Repository::ProtectedBranches::UpdateService.call(@owner.login, @repository.identifier,
+          protected_branch.branch_name, gitea_protected_branch_params, @owner.gitea_token)
+
+
+        return true if result[:status] === :success
+        raise Error, result[:message]
+      end
+
+  end
+end