forked from gitea/gitea
Add migration to sanitize repository original_url (#9423)
* Add migration to sanitize repository original_url During a large code move in #6200 the OriginalURL field was accidentially changed to be populated with the CloneAddr field which will contain the username and/or password provided during a migration. This behavior was fixed in previous PR #9097 and this migration will remove any authentication details that were stored in the database between those two. * use net/url to rebuild URL instead of strings.Replace * Update models/migrations/migrations.go * changes per lunny * make fmt
This commit is contained in:
parent
4147cc91ed
commit
e57f763937
|
@ -282,6 +282,8 @@ var migrations = []Migration{
|
|||
NewMigration("remove release attachments which repository deleted", removeAttachmentMissedRepo),
|
||||
// v113 -> v114
|
||||
NewMigration("new feature: change target branch of pull requests", featureChangeTargetBranch),
|
||||
// v114 -> v115
|
||||
NewMigration("Remove authentication credentials from stored URL", sanitizeOriginalURL),
|
||||
}
|
||||
|
||||
// Migrate database to current version
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
// Copyright 2019 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package migrations
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
func sanitizeOriginalURL(x *xorm.Engine) error {
|
||||
|
||||
type Repository struct {
|
||||
ID int64
|
||||
OriginalURL string `xorm:"VARCHAR(2048)"`
|
||||
}
|
||||
|
||||
var last int
|
||||
const batchSize = 50
|
||||
for {
|
||||
var results = make([]Repository, 0, batchSize)
|
||||
err := x.Where("original_url <> '' AND original_url IS NOT NULL").
|
||||
And("original_service_type = 0 OR original_service_type IS NULL").
|
||||
OrderBy("id").
|
||||
Limit(batchSize, last).
|
||||
Find(&results)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(results) == 0 {
|
||||
break
|
||||
}
|
||||
last += len(results)
|
||||
|
||||
for _, res := range results {
|
||||
u, err := url.Parse(res.OriginalURL)
|
||||
if err != nil {
|
||||
// it is ok to continue here, we only care about fixing URLs that we can read
|
||||
continue
|
||||
}
|
||||
u.User = nil
|
||||
originalURL := u.String()
|
||||
_, err = x.Exec("UPDATE repository SET original_url = ? WHERE id = ?", originalURL, res.ID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
Loading…
Reference in New Issue