gitcaddy-server/routers/web/shared/secrets/secrets.go

// Copyright 2022 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package secrets

import (
	"errors"

	"code.gitcaddy.com/server/v3/models/db"
	secret_model "code.gitcaddy.com/server/v3/models/secret"
	"code.gitcaddy.com/server/v3/modules/log"
	"code.gitcaddy.com/server/v3/modules/util"
	"code.gitcaddy.com/server/v3/modules/web"
	"code.gitcaddy.com/server/v3/services/context"
	"code.gitcaddy.com/server/v3/services/forms"
	secret_service "code.gitcaddy.com/server/v3/services/secrets"
)

func SetSecretsContext(ctx *context.Context, ownerID, repoID int64) {
	SetSecretsContextWithGlobal(ctx, ownerID, repoID, false)
}

func SetSecretsContextWithGlobal(ctx *context.Context, ownerID, repoID int64, global bool) {
	opts := secret_model.FindSecretsOptions{OwnerID: ownerID, RepoID: repoID, Global: global}
	secrets, err := db.Find[secret_model.Secret](ctx, opts)
	if err != nil {
		ctx.ServerError("FindSecrets", err)
		return
	}

	ctx.Data["Secrets"] = secrets
	ctx.Data["DataMaxLength"] = secret_model.SecretDataMaxLength
	ctx.Data["DescriptionMaxLength"] = secret_model.SecretDescriptionMaxLength

	// For non-global contexts, also fetch global secrets to show as read-only
	if !global {
		globalSecrets, err := db.Find[secret_model.Secret](ctx, secret_model.FindSecretsOptions{Global: true})
		if err != nil {
			log.Error("FindGlobalSecrets failed: %v", err)
			// Don't fail the request, just don't show global secrets
			return
		}
		ctx.Data["GlobalSecrets"] = globalSecrets
	}
}

func PerformSecretsPost(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
	PerformSecretsPostWithGlobal(ctx, ownerID, repoID, false, redirectURL)
}

func PerformSecretsPostWithGlobal(ctx *context.Context, ownerID, repoID int64, global bool, redirectURL string) {
	form := web.GetForm(ctx).(*forms.AddSecretForm)

	var s *secret_model.Secret
	var err error
	if global {
		s, _, err = secret_service.CreateOrUpdateGlobalSecret(ctx, form.Name, util.ReserveLineBreakForTextarea(form.Data), form.Description)
	} else {
		s, _, err = secret_service.CreateOrUpdateSecret(ctx, ownerID, repoID, form.Name, util.ReserveLineBreakForTextarea(form.Data), form.Description)
	}
	if err != nil {
		log.Error("CreateOrUpdateSecret failed: %v", err)
		ctx.JSONError(ctx.Tr("secrets.save_failed"))
		return
	}

	ctx.Flash.Success(ctx.Tr("secrets.save_success", s.Name))
	ctx.JSONRedirect(redirectURL)
}

func PerformSecretsDelete(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
	PerformSecretsDeleteWithGlobal(ctx, ownerID, repoID, false, redirectURL)
}

func PerformSecretsPromote(ctx *context.Context, newOwnerID, newRepoID int64, redirectURL string) {
	id := ctx.FormInt64("id")

	err := secret_service.PromoteSecret(ctx, id, newOwnerID, newRepoID)
	if err != nil {
		var conflictErr secret_model.ErrSecretConflict
		if errors.As(err, &conflictErr) {
			ctx.Flash.Error(ctx.Tr("secrets.promote.conflict", conflictErr.Name))
			ctx.JSONRedirect(redirectURL)
			return
		}
		log.Error("PromoteSecret(%d) failed: %v", id, err)
		ctx.JSONError(ctx.Tr("secrets.promote.failed"))
		return
	}

	ctx.Flash.Success(ctx.Tr("secrets.promote.success"))
	ctx.JSONRedirect(redirectURL)
}

func PerformSecretsDeleteWithGlobal(ctx *context.Context, ownerID, repoID int64, global bool, redirectURL string) {
	id := ctx.FormInt64("id")

	var err error
	if global {
		err = secret_service.DeleteGlobalSecretByID(ctx, id)
	} else {
		err = secret_service.DeleteSecretByID(ctx, ownerID, repoID, id)
	}
	if err != nil {
		log.Error("DeleteSecretByID(%d) failed: %v", id, err)
		ctx.JSONError(ctx.Tr("secrets.deletion.failed"))
		return
	}

	ctx.Flash.Success(ctx.Tr("secrets.deletion.success"))
	ctx.JSONRedirect(redirectURL)
}