diff --git a/docs/content/doc/secrets/overview.en-us.md b/docs/content/doc/secrets/overview.en-us.md index 1a88d6cfbcc6b..21fb65f98d3d2 100644 --- a/docs/content/doc/secrets/overview.en-us.md +++ b/docs/content/doc/secrets/overview.en-us.md @@ -1,6 +1,6 @@ --- date: "2022-12-19T21:26:00+08:00" -title: "Encrypted secrets" +title: "Secrets" slug: "secrets/overview" draft: false toc: false @@ -12,24 +12,24 @@ menu: identifier: "overview" --- -# Encrypted secrets +# Secrets -Encrypted secrets allow you to store sensitive information in your organization or repository. +Secrets allow you to store sensitive information in your user, organization or repository. Secrets are available on Gitea 1.19+. # Naming your secrets The following rules apply to secret names: -Secret names can only contain alphanumeric characters (`[a-z]`, `[A-Z]`, `[0-9]`) or underscores (`_`). Spaces are not allowed. +- Secret names can only contain alphanumeric characters (`[a-z]`, `[A-Z]`, `[0-9]`) or underscores (`_`). Spaces are not allowed. -Secret names must not start with the `GITHUB_` and `GITEA_` prefix. +- Secret names must not start with the `GITHUB_` and `GITEA_` prefix. -Secret names must not start with a number. +- Secret names must not start with a number. -Secret names are not case-sensitive. +- Secret names are not case-sensitive. -Secret names must be unique at the level they are created at. +- Secret names must be unique at the level they are created at. For example, a secret created at the repository level must have a unique name in that repository, and a secret created at the organization level must have a unique name at that level. diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 24809c55495ed..8a48a68b171c1 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -3254,7 +3254,7 @@ creation.value_placeholder = Input any content. Whitespace at the start and end creation.success = The secret '%s' has been added. creation.failed = Failed to add secret. deletion = Remove secret -deletion.description = Removing a secret will revoke its access to repositories. Continue? +deletion.description = Removing a secret is permanent and cannot be undone. Continue? deletion.success = The secret has been removed. deletion.failed = Failed to remove secret. diff --git a/routers/web/org/setting.go b/routers/web/org/setting.go index 80f57072455b6..5c9b7967c3dc2 100644 --- a/routers/web/org/setting.go +++ b/routers/web/org/setting.go @@ -12,7 +12,6 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/models/db" repo_model "code.gitea.io/gitea/models/repo" - secret_model "code.gitea.io/gitea/models/secret" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/models/webhook" "code.gitea.io/gitea/modules/base" @@ -38,8 +37,6 @@ const ( tplSettingsHooks base.TplName = "org/settings/hooks" // tplSettingsLabels template path for render labels settings tplSettingsLabels base.TplName = "org/settings/labels" - // tplSettingsSecrets template path for render secrets settings - tplSettingsSecrets base.TplName = "org/settings/secrets" // tplSettingsRunners template path for render runners settings tplSettingsRunners base.TplName = "org/settings/runners" // tplSettingsRunnersEdit template path for render runners edit settings @@ -253,51 +250,3 @@ func Labels(ctx *context.Context) { ctx.Data["LabelTemplates"] = repo_module.LabelTemplates ctx.HTML(http.StatusOK, tplSettingsLabels) } - -// Secrets render organization secrets page -func Secrets(ctx *context.Context) { - ctx.Data["Title"] = ctx.Tr("repo.secrets") - ctx.Data["PageIsOrgSettings"] = true - ctx.Data["PageIsOrgSettingsSecrets"] = true - - secrets, err := secret_model.FindSecrets(ctx, secret_model.FindSecretsOptions{OwnerID: ctx.Org.Organization.ID}) - if err != nil { - ctx.ServerError("FindSecrets", err) - return - } - ctx.Data["Secrets"] = secrets - - ctx.HTML(http.StatusOK, tplSettingsSecrets) -} - -// SecretsPost add secrets -func SecretsPost(ctx *context.Context) { - form := web.GetForm(ctx).(*forms.AddSecretForm) - - _, err := secret_model.InsertEncryptedSecret(ctx, ctx.Org.Organization.ID, 0, form.Title, form.Content) - if err != nil { - ctx.Flash.Error(ctx.Tr("secrets.creation.failed")) - log.Error("validate secret: %v", err) - ctx.Redirect(ctx.Org.OrgLink + "/settings/secrets") - return - } - - log.Trace("Org %d: secret added", ctx.Org.Organization.ID) - ctx.Flash.Success(ctx.Tr("secrets.creation.success", form.Title)) - ctx.Redirect(ctx.Org.OrgLink + "/settings/secrets") -} - -// SecretsDelete delete secrets -func SecretsDelete(ctx *context.Context) { - id := ctx.FormInt64("id") - if _, err := db.DeleteByBean(ctx, &secret_model.Secret{ID: id}); err != nil { - ctx.Flash.Error(ctx.Tr("secrets.deletion.failed")) - log.Error("delete secret %d: %v", id, err) - } else { - ctx.Flash.Success(ctx.Tr("secrets.deletion.success")) - } - - ctx.JSON(http.StatusOK, map[string]interface{}{ - "redirect": ctx.Org.OrgLink + "/settings/secrets", - }) -} diff --git a/routers/web/org/setting_secrets.go b/routers/web/org/setting_secrets.go new file mode 100644 index 0000000000000..1cdbe35f32ade --- /dev/null +++ b/routers/web/org/setting_secrets.go @@ -0,0 +1,48 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package org + +import ( + "net/http" + + "code.gitea.io/gitea/modules/base" + "code.gitea.io/gitea/modules/context" + shared "code.gitea.io/gitea/routers/web/shared/secrets" +) + +const ( + tplSettingsSecrets base.TplName = "org/settings/secrets" +) + +// Secrets render organization secrets page +func Secrets(ctx *context.Context) { + ctx.Data["Title"] = ctx.Tr("secrets.secrets") + ctx.Data["PageIsOrgSettings"] = true + ctx.Data["PageIsOrgSettingsSecrets"] = true + + shared.SetSecretsContext(ctx, ctx.ContextUser.ID, 0) + if ctx.Written() { + return + } + + ctx.HTML(http.StatusOK, tplSettingsSecrets) +} + +// SecretsPost add secrets +func SecretsPost(ctx *context.Context) { + shared.PerformSecretsPost( + ctx, + ctx.ContextUser.ID, + 0, + ctx.Org.OrgLink+"/settings/secrets", + ) +} + +// SecretsDelete delete secrets +func SecretsDelete(ctx *context.Context) { + shared.PerformSecretsDelete( + ctx, + ctx.Org.OrgLink+"/settings/secrets", + ) +} diff --git a/routers/web/repo/setting.go b/routers/web/repo/setting.go index 73887195e697b..e970dab3ebee3 100644 --- a/routers/web/repo/setting.go +++ b/routers/web/repo/setting.go @@ -19,7 +19,6 @@ import ( "code.gitea.io/gitea/models/organization" "code.gitea.io/gitea/models/perm" repo_model "code.gitea.io/gitea/models/repo" - secret_model "code.gitea.io/gitea/models/secret" unit_model "code.gitea.io/gitea/models/unit" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/base" @@ -1131,33 +1130,9 @@ func DeployKeys(ctx *context.Context) { } ctx.Data["Deploykeys"] = keys - secrets, err := secret_model.FindSecrets(ctx, secret_model.FindSecretsOptions{RepoID: ctx.Repo.Repository.ID}) - if err != nil { - ctx.ServerError("FindSecrets", err) - return - } - ctx.Data["Secrets"] = secrets - ctx.HTML(http.StatusOK, tplDeployKeys) } -// SecretsPost response for creating a new secret -func SecretsPost(ctx *context.Context) { - form := web.GetForm(ctx).(*forms.AddSecretForm) - - _, err := secret_model.InsertEncryptedSecret(ctx, 0, ctx.Repo.Repository.ID, form.Title, form.Content) - if err != nil { - ctx.Flash.Error(ctx.Tr("secrets.creation.failed")) - log.Error("validate secret: %v", err) - ctx.Redirect(ctx.Repo.RepoLink + "/settings/keys") - return - } - - log.Trace("Secret added: %d", ctx.Repo.Repository.ID) - ctx.Flash.Success(ctx.Tr("secrets.creation.success", form.Title)) - ctx.Redirect(ctx.Repo.RepoLink + "/settings/keys") -} - // DeployKeysPost response for adding a deploy key of a repository func DeployKeysPost(ctx *context.Context) { form := web.GetForm(ctx).(*forms.AddKeyForm) @@ -1219,20 +1194,6 @@ func DeployKeysPost(ctx *context.Context) { ctx.Redirect(ctx.Repo.RepoLink + "/settings/keys") } -func DeleteSecret(ctx *context.Context) { - id := ctx.FormInt64("id") - if _, err := db.DeleteByBean(ctx, &secret_model.Secret{ID: id}); err != nil { - ctx.Flash.Error(ctx.Tr("secrets.deletion.failed")) - log.Error("delete secret %d: %v", id, err) - } else { - ctx.Flash.Success(ctx.Tr("secrets.deletion.success")) - } - - ctx.JSON(http.StatusOK, map[string]interface{}{ - "redirect": ctx.Repo.RepoLink + "/settings/keys", - }) -} - // DeleteDeployKey response for deleting a deploy key func DeleteDeployKey(ctx *context.Context) { if err := asymkey_service.DeleteDeployKey(ctx.Doer, ctx.FormInt64("id")); err != nil { diff --git a/routers/web/repo/setting_secrets.go b/routers/web/repo/setting_secrets.go new file mode 100644 index 0000000000000..c42dee583b923 --- /dev/null +++ b/routers/web/repo/setting_secrets.go @@ -0,0 +1,46 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package repo + +import ( + "net/http" + + "code.gitea.io/gitea/modules/base" + "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/modules/setting" + shared "code.gitea.io/gitea/routers/web/shared/secrets" +) + +const ( + tplSecrets base.TplName = "repo/settings/secrets" +) + +func Secrets(ctx *context.Context) { + ctx.Data["Title"] = ctx.Tr("secrets.secrets") + ctx.Data["PageIsSettingsSecrets"] = true + ctx.Data["DisableSSH"] = setting.SSH.Disabled + + shared.SetSecretsContext(ctx, 0, ctx.Repo.Repository.ID) + if ctx.Written() { + return + } + + ctx.HTML(http.StatusOK, tplSecrets) +} + +func SecretsPost(ctx *context.Context) { + shared.PerformSecretsPost( + ctx, + 0, + ctx.Repo.Repository.ID, + ctx.Repo.RepoLink+"/settings/secrets", + ) +} + +func DeleteSecret(ctx *context.Context) { + shared.PerformSecretsDelete( + ctx, + ctx.Repo.RepoLink+"/settings/secrets", + ) +} diff --git a/routers/web/shared/secrets/secrets.go b/routers/web/shared/secrets/secrets.go new file mode 100644 index 0000000000000..e242c5e81611d --- /dev/null +++ b/routers/web/shared/secrets/secrets.go @@ -0,0 +1,54 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package secrets + +import ( + "net/http" + + "code.gitea.io/gitea/models/db" + secret_model "code.gitea.io/gitea/models/secret" + "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/web" + "code.gitea.io/gitea/services/forms" +) + +func SetSecretsContext(ctx *context.Context, ownerID, repoID int64) { + secrets, err := secret_model.FindSecrets(ctx, secret_model.FindSecretsOptions{OwnerID: ownerID, RepoID: repoID}) + if err != nil { + ctx.ServerError("FindSecrets", err) + return + } + + ctx.Data["Secrets"] = secrets +} + +func PerformSecretsPost(ctx *context.Context, ownerID, repoID int64, redirectURL string) { + form := web.GetForm(ctx).(*forms.AddSecretForm) + + s, err := secret_model.InsertEncryptedSecret(ctx, ownerID, repoID, form.Title, form.Content) + if err != nil { + log.Error("InsertEncryptedSecret: %v", err) + ctx.Flash.Error(ctx.Tr("secrets.creation.failed")) + } else { + ctx.Flash.Success(ctx.Tr("secrets.creation.success", s.Name)) + } + + ctx.Redirect(redirectURL) +} + +func PerformSecretsDelete(ctx *context.Context, redirectURL string) { + id := ctx.FormInt64("id") + + if _, err := db.DeleteByBean(ctx, &secret_model.Secret{ID: id}); err != nil { + log.Error("Delete secret %d failed: %v", id, err) + ctx.Flash.Error(ctx.Tr("secrets.deletion.failed")) + } else { + ctx.Flash.Success(ctx.Tr("secrets.deletion.success")) + } + + ctx.JSON(http.StatusOK, map[string]interface{}{ + "redirect": redirectURL, + }) +} diff --git a/routers/web/user/setting/secrets.go b/routers/web/user/setting/secrets.go new file mode 100644 index 0000000000000..3a57897d8f607 --- /dev/null +++ b/routers/web/user/setting/secrets.go @@ -0,0 +1,45 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package setting + +import ( + "net/http" + + "code.gitea.io/gitea/modules/base" + "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/modules/setting" + shared "code.gitea.io/gitea/routers/web/shared/secrets" +) + +const ( + tplSettingsSecrets base.TplName = "user/settings/secrets" +) + +func Secrets(ctx *context.Context) { + ctx.Data["Title"] = ctx.Tr("secrets.secrets") + ctx.Data["PageIsSettingsSecrets"] = true + + shared.SetSecretsContext(ctx, ctx.Doer.ID, 0) + if ctx.Written() { + return + } + + ctx.HTML(http.StatusOK, tplSettingsSecrets) +} + +func SecretsPost(ctx *context.Context) { + shared.PerformSecretsPost( + ctx, + ctx.Doer.ID, + 0, + setting.AppSubURL+"/user/settings/secrets", + ) +} + +func SecretsDelete(ctx *context.Context) { + shared.PerformSecretsDelete( + ctx, + setting.AppSubURL+"/user/settings/secrets", + ) +} diff --git a/routers/web/web.go b/routers/web/web.go index 88a12df19da21..b7128fc3a9fcc 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -469,6 +469,11 @@ func RegisterRoutes(m *web.Route) { }) }) }, packagesEnabled) + m.Group("/secrets", func() { + m.Get("", user_setting.Secrets) + m.Post("", web.Bind(forms.AddSecretForm{}), user_setting.SecretsPost) + m.Post("/delete", user_setting.SecretsDelete) + }) m.Get("/organization", user_setting.Organization) m.Get("/repos", user_setting.Repos) m.Post("/repos/unadopted", user_setting.AdoptOrDeleteRepository) @@ -982,10 +987,12 @@ func RegisterRoutes(m *web.Route) { m.Combo("").Get(repo.DeployKeys). Post(web.Bind(forms.AddKeyForm{}), repo.DeployKeysPost) m.Post("/delete", repo.DeleteDeployKey) - m.Group("/secrets", func() { - m.Post("", web.Bind(forms.AddSecretForm{}), repo.SecretsPost) - m.Post("/delete", repo.DeleteSecret) - }) + }) + + m.Group("/secrets", func() { + m.Get("", repo.Secrets) + m.Post("", web.Bind(forms.AddSecretForm{}), repo.SecretsPost) + m.Post("/delete", repo.DeleteSecret) }) m.Group("/lfs", func() { diff --git a/templates/org/settings/secrets.tmpl b/templates/org/settings/secrets.tmpl index dd2a437b75253..70add15f50fb6 100644 --- a/templates/org/settings/secrets.tmpl +++ b/templates/org/settings/secrets.tmpl @@ -6,78 +6,10 @@ {{template "org/settings/navbar" .}}
{{template "base/alert" .}} -

- {{.locale.Tr "secrets.secrets"}} -
-
{{.locale.Tr "secrets.creation"}}
-
-

-
-
-
- {{.CsrfTokenHtml}} -
- {{.locale.Tr "secrets.description"}} -
-
- - -
-
- - -
- - -
-
- {{if .Secrets}} -
- {{range .Secrets}} -
-
- -
-
- {{svg "octicon-key" 32}} -
-
- {{.Name}} -
******
-
- - {{$.locale.Tr "settings.add_on"}} - {{.CreatedUnix.FormatShort}} - -
-
-
- {{end}} -
- {{else}} - {{.locale.Tr "secrets.none"}} - {{end}} -
+ {{template "shared/secrets/add_list" .}}
- - {{template "base/footer" .}} diff --git a/templates/repo/settings/deploy_keys.tmpl b/templates/repo/settings/deploy_keys.tmpl index 32a1258b3a9a9..44c916eefbdb1 100644 --- a/templates/repo/settings/deploy_keys.tmpl +++ b/templates/repo/settings/deploy_keys.tmpl @@ -51,7 +51,7 @@ {{range .Deploykeys}}
-
@@ -75,11 +75,9 @@ {{end}}
-
- {{template "repo/settings/secrets" .}} -