diff --git a/cmd/serve.go b/cmd/serve.go index 06ef89bfe..559d6df13 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -62,19 +62,6 @@ func parseCmd(cmd string) (string, string) { return ss[0], strings.Replace(ss[1], "'/", "'", 1) } -func getKey(cmdKey string) *models.PublicKey { - keys := strings.Split(cmdKey, "-") - if len(keys) != 2 { - fail("Key ID format error", "Invalid key argument: %s", cmdKey) - } - - key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64()) - if err != nil { - fail("Invalid key ID", "Invalid key ID[%s]: %v", cmdKey, err) - } - return key -} - func checkDeployKey(key *models.PublicKey, repo *models.Repository) { // Check if this deploy key belongs to current repository. if !models.HasDeployKey(key.ID, repo.ID) { @@ -226,16 +213,17 @@ func runServ(c *cli.Context) error { fail("mirror repository is read-only", "") } - // Allow anonymous clone for public repositories. - var ( - keyID int64 - user *models.User - ) - key := getKey(c.Args()[0]) - keyID = key.ID + // Allow anonymous (user is nil) clone for public repositories. + var user *models.User + + key, err := models.GetPublicKeyByID(com.StrTo(strings.TrimPrefix(c.Args()[0], "key-")).MustInt64()) + if err != nil { + fail("Invalid key ID", "Invalid key ID [%s]: %v", c.Args()[0], err) + } + if requestedMode == models.ACCESS_MODE_WRITE || repo.IsPrivate { // Check deploy key or user key. - if key.Type == models.KEY_TYPE_DEPLOY { + if key.IsDeployKey() { if key.Mode < requestedMode { fail("Key permission denied", "Cannot push with deployment key: %d", key.ID) } @@ -243,7 +231,7 @@ func runServ(c *cli.Context) error { } else { user, err = models.GetUserByKeyID(key.ID) if err != nil { - fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err) + fail("internal error", "Failed to get user by key ID(%d): %v", key.ID, err) } mode, err := models.AccessLevel(user, repo) @@ -259,13 +247,12 @@ func runServ(c *cli.Context) error { user.Name, requestedMode, repoPath) } } - } else { - // if public and read ... + } else { // Check if the key can access to the repository in case of it is a deploy key (a deploy keys != user key). // A deploy key doesn't represent a signed in user, so in a site with Service.RequireSignInView activated // we should give read access only in repositories where this deploy key is in use. In other case, a server - // or system using an active deploy key can get read access to all the repositories in a Gogs service. - if key.Type == models.KEY_TYPE_DEPLOY && setting.Service.RequireSignInView { + // or system using an active deploy key can get read access to all the repositories in a Gogs service. + if key.IsDeployKey() && setting.Service.RequireSignInView { checkDeployKey(key, repo) } } @@ -298,10 +285,10 @@ func runServ(c *cli.Context) error { } // Update user key activity. - if keyID > 0 { - key, err := models.GetPublicKeyByID(keyID) + if key.ID > 0 { + key, err := models.GetPublicKeyByID(key.ID) if err != nil { - fail("Internal error", "GetPublicKeyById: %v", err) + fail("Internal error", "GetPublicKeyByID: %v", err) } key.Updated = time.Now() diff --git a/gogs.go b/gogs.go index 1f4f93594..3ab40d5ac 100644 --- a/gogs.go +++ b/gogs.go @@ -16,7 +16,7 @@ import ( "github.com/gogits/gogs/modules/setting" ) -const APP_VER = "0.9.131.0201" +const APP_VER = "0.9.132.0201" func init() { setting.AppVer = APP_VER diff --git a/models/ssh_key.go b/models/ssh_key.go index e2c3431d3..94d1bcf26 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -88,6 +88,11 @@ func (key *PublicKey) AuthorizedString() string { return fmt.Sprintf(_TPL_PUBLICK_KEY, setting.AppPath, key.ID, setting.CustomConf, key.Content) } +// IsDeployKey returns true if the public key is used as deploy key. +func (key *PublicKey) IsDeployKey() bool { + return key.Type == KEY_TYPE_DEPLOY +} + func extractTypeFromBase64Key(key string) (string, error) { b, err := base64.StdEncoding.DecodeString(key) if err != nil || len(b) < 4 { diff --git a/templates/.VERSION b/templates/.VERSION index 19f82a0d5..5e623f212 100644 --- a/templates/.VERSION +++ b/templates/.VERSION @@ -1 +1 @@ -0.9.131.0201 \ No newline at end of file +0.9.132.0201 \ No newline at end of file