mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-05-12 22:10:25 +00:00
f7873ba393
Forgejo's UI claims that whitespace is removed from the beginning and the end of the values of Forgejo Actions variables and secrets. However, that is not correct. The entered values are stored as-is. Only CRLF is replaced with LF, which is also the desired behaviour. This PR changes the incorrect text which is also no longer displayed as placeholder but as a proper help text below the input fields. Furthermore, tests were added to verify the behaviour. While adding tests, I discovered and fixed another inconsistency. Depending on whether secrets were managed using the UI or the HTTP API, they were treated differently. CRLF in secrets entered in the UI was correctly replaced with LF while secrets created using the HTTP API kept CRLF. Fixes #11003. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11052 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
78 lines
2.3 KiB
Go
78 lines
2.3 KiB
Go
// Copyright 2025 The Forgejo Authors. All rights reserved.
|
|
// SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
package forgejo_migrations_legacy
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"forgejo.org/models/db"
|
|
secret_model "forgejo.org/models/secret"
|
|
"forgejo.org/modules/log"
|
|
"forgejo.org/modules/secret"
|
|
"forgejo.org/modules/setting"
|
|
|
|
"xorm.io/xorm"
|
|
"xorm.io/xorm/schemas"
|
|
)
|
|
|
|
func MigrateActionSecretsToKeying(x *xorm.Engine) error {
|
|
return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
|
|
sess := db.GetEngine(ctx)
|
|
|
|
switch x.Dialect().URI().DBType {
|
|
case schemas.MYSQL:
|
|
if _, err := sess.Exec("ALTER TABLE `secret` MODIFY `data` BLOB"); err != nil {
|
|
return err
|
|
}
|
|
case schemas.SQLITE:
|
|
if _, err := sess.Exec("ALTER TABLE `secret` RENAME COLUMN `data` TO `data_backup`"); err != nil {
|
|
return err
|
|
}
|
|
if _, err := sess.Exec("ALTER TABLE `secret` ADD COLUMN `data` BLOB"); err != nil {
|
|
return err
|
|
}
|
|
if _, err := sess.Exec("UPDATE `secret` SET `data` = `data_backup`"); err != nil {
|
|
return err
|
|
}
|
|
if _, err := sess.Exec("ALTER TABLE `secret` DROP COLUMN `data_backup`"); err != nil {
|
|
return err
|
|
}
|
|
case schemas.POSTGRES:
|
|
if _, err := sess.Exec("ALTER TABLE `secret` ALTER COLUMN `data` SET DATA TYPE bytea USING data::text::bytea"); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
oldEncryptionKey := setting.SecretKey
|
|
|
|
messages := make([]string, 0, 100)
|
|
ids := make([]int64, 0, 100)
|
|
|
|
err := db.Iterate(ctx, nil, func(ctx context.Context, bean *secret_model.Secret) error {
|
|
secretBytes, err := secret.DecryptSecret(oldEncryptionKey, string(bean.Data))
|
|
if err != nil {
|
|
messages = append(messages, fmt.Sprintf("secret.id=%d, secret.name=%q, secret.repo_id=%d, secret.owner_id=%d: secret.DecryptSecret(): %v", bean.ID, bean.Name, bean.RepoID, bean.OwnerID, err))
|
|
ids = append(ids, bean.ID)
|
|
return nil
|
|
}
|
|
|
|
bean.SetData(secretBytes)
|
|
_, err = sess.Cols("data").ID(bean.ID).Update(bean)
|
|
return err
|
|
})
|
|
|
|
if err == nil {
|
|
if len(ids) > 0 {
|
|
log.Error("Forgejo migration[37]: The following action secrets were found to be corrupted and removed from the database.")
|
|
for _, message := range messages {
|
|
log.Error("Forgejo migration[37]: %s", message)
|
|
}
|
|
|
|
_, err = sess.In("id", ids).NoAutoCondition().NoAutoTime().Delete(&secret_model.Secret{})
|
|
}
|
|
}
|
|
return err
|
|
})
|
|
}
|