Move keys to models/asymkey (#17917)

* Move keys to models/keys * Rename models/keys -> models/asymkey * change the missed package name * Fix package alias * Fix test * Fix docs * Fix test * Fix test * merge
2025-05-25 11:22:16 +00:00 · 2021-12-10 16:14:24 +08:00 · 2021-12-10 16:14:24 +08:00 · 3ca5dc7e32
commit 3ca5dc7e32
parent 0a9fcf63a4
75 changed files with 1001 additions and 887 deletions
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@ -12,6 +12,7 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/login"
 	user_model "code.gitea.io/gitea/models/user"
@ -23,6 +24,7 @@ import (
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/user"
 	"code.gitea.io/gitea/routers/api/v1/utils"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/mailer"
 	user_service "code.gitea.io/gitea/services/user"
 )
@ -381,10 +383,10 @@ func DeleteUserPublicKey(ctx *context.APIContext) {
 		return
 	}

-	if err := models.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil {
-		if models.IsErrKeyNotExist(err) {
+	if err := asymkey_service.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil {
+		if asymkey_model.IsErrKeyNotExist(err) {
 			ctx.NotFound()
-		} else if models.IsErrKeyAccessDenied(err) {
+		} else if asymkey_model.IsErrKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteUserPublicKey", err)
--- a/routers/api/v1/misc/signing.go
+++ b/routers/api/v1/misc/signing.go
@ -8,8 +8,8 @@ import (
 	"fmt"
 	"net/http"

-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 )

 // SigningKey returns the public key of the default signing key if it exists
@ -52,7 +52,7 @@ func SigningKey(ctx *context.APIContext) {
 		path = ctx.Repo.Repository.RepoPath()
 	}

-	content, err := models.PublicSigningKey(path)
+	content, err := asymkey_service.PublicSigningKey(path)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "gpg export", err)
 		return
--- a/routers/api/v1/repo/key.go
+++ b/routers/api/v1/repo/key.go
@ -10,7 +10,8 @@ import (
 	"net/http"
 	"net/url"

-	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
+	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/context"
@ -19,10 +20,11 @@ import (
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/utils"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 )

 // appendPrivateInformation appends the owner and key type information to api.PublicKey
-func appendPrivateInformation(apiKey *api.DeployKey, key *models.DeployKey, repository *repo_model.Repository) (*api.DeployKey, error) {
+func appendPrivateInformation(apiKey *api.DeployKey, key *asymkey_model.DeployKey, repository *repo_model.Repository) (*api.DeployKey, error) {
 	apiKey.ReadOnly = key.Mode == perm.AccessModeRead
 	if repository.ID == key.RepoID {
 		apiKey.Repository = convert.ToRepo(repository, key.Mode)
@ -78,20 +80,20 @@ func ListDeployKeys(ctx *context.APIContext) {
 	//   "200":
 	//     "$ref": "#/responses/DeployKeyList"

-	opts := &models.ListDeployKeysOptions{
+	opts := &asymkey_model.ListDeployKeysOptions{
 		ListOptions: utils.GetListOptions(ctx),
 		RepoID:      ctx.Repo.Repository.ID,
 		KeyID:       ctx.FormInt64("key_id"),
 		Fingerprint: ctx.FormString("fingerprint"),
 	}

-	keys, err := models.ListDeployKeys(opts)
+	keys, err := asymkey_model.ListDeployKeys(db.DefaultContext, opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
 	}

-	count, err := models.CountDeployKeys(opts)
+	count, err := asymkey_model.CountDeployKeys(opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
@ -142,9 +144,9 @@ func GetDeployKey(ctx *context.APIContext) {
 	//   "200":
 	//     "$ref": "#/responses/DeployKey"

-	key, err := models.GetDeployKeyByID(ctx.ParamsInt64(":id"))
+	key, err := asymkey_model.GetDeployKeyByID(db.DefaultContext, ctx.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrDeployKeyNotExist(err) {
+		if asymkey_model.IsErrDeployKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetDeployKeyByID", err)
@ -167,9 +169,9 @@ func GetDeployKey(ctx *context.APIContext) {

 // HandleCheckKeyStringError handle check key error
 func HandleCheckKeyStringError(ctx *context.APIContext, err error) {
-	if models.IsErrSSHDisabled(err) {
+	if db.IsErrSSHDisabled(err) {
 		ctx.Error(http.StatusUnprocessableEntity, "", "SSH is disabled")
-	} else if models.IsErrKeyUnableVerify(err) {
+	} else if asymkey_model.IsErrKeyUnableVerify(err) {
 		ctx.Error(http.StatusUnprocessableEntity, "", "Unable to verify key content")
 	} else {
 		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("Invalid key content: %v", err))
@ -179,13 +181,13 @@ func HandleCheckKeyStringError(ctx *context.APIContext, err error) {
 // HandleAddKeyError handle add key error
 func HandleAddKeyError(ctx *context.APIContext, err error) {
 	switch {
-	case models.IsErrDeployKeyAlreadyExist(err):
+	case asymkey_model.IsErrDeployKeyAlreadyExist(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "This key has already been added to this repository")
-	case models.IsErrKeyAlreadyExist(err):
+	case asymkey_model.IsErrKeyAlreadyExist(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "Key content has been used as non-deploy key")
-	case models.IsErrKeyNameAlreadyUsed(err):
+	case asymkey_model.IsErrKeyNameAlreadyUsed(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "Key title has been used")
-	case models.IsErrDeployKeyNameAlreadyUsed(err):
+	case asymkey_model.IsErrDeployKeyNameAlreadyUsed(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "A key with the same name already exists")
 	default:
 		ctx.Error(http.StatusInternalServerError, "AddKey", err)
@ -223,13 +225,13 @@ func CreateDeployKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/validationError"

 	form := web.GetForm(ctx).(*api.CreateKeyOption)
-	content, err := models.CheckPublicKeyString(form.Key)
+	content, err := asymkey_model.CheckPublicKeyString(form.Key)
 	if err != nil {
 		HandleCheckKeyStringError(ctx, err)
 		return
 	}

-	key, err := models.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, form.ReadOnly)
+	key, err := asymkey_model.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, form.ReadOnly)
 	if err != nil {
 		HandleAddKeyError(ctx, err)
 		return
@ -268,8 +270,8 @@ func DeleteDeploykey(ctx *context.APIContext) {
 	//   "403":
 	//     "$ref": "#/responses/forbidden"

-	if err := models.DeleteDeployKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
-		if models.IsErrKeyAccessDenied(err) {
+	if err := asymkey_service.DeleteDeployKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
+		if asymkey_model.IsErrKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteDeployKey", err)
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@ -26,6 +26,7 @@ import (
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/utils"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/forms"
 	issue_service "code.gitea.io/gitea/services/issue"
 	pull_service "code.gitea.io/gitea/services/pull"
@ -810,7 +811,7 @@ func MergePullRequest(ctx *context.APIContext) {
 	}

 	if _, err := pull_service.IsSignedIfRequired(pr, ctx.User); err != nil {
-		if !models.IsErrWontSign(err) {
+		if !asymkey_service.IsErrWontSign(err) {
 			ctx.Error(http.StatusInternalServerError, "IsSignedIfRequired", err)
 			return
 		}
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@ -1023,7 +1023,7 @@ func Delete(ctx *context.APIContext) {
 		ctx.Repo.GitRepo.Close()
 	}

-	if err := repo_service.DeleteRepository(ctx.User, repo); err != nil {
+	if err := repo_service.DeleteRepository(ctx.User, repo, true); err != nil {
 		ctx.Error(http.StatusInternalServerError, "DeleteRepository", err)
 		return
 	}
--- a/routers/api/v1/user/gpg_key.go
+++ b/routers/api/v1/user/gpg_key.go
@ -8,7 +8,7 @@ import (
 	"fmt"
 	"net/http"

-	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/convert"
@ -18,7 +18,7 @@ import (
 )

 func listGPGKeys(ctx *context.APIContext, uid int64, listOptions db.ListOptions) {
-	keys, err := models.ListGPGKeys(uid, listOptions)
+	keys, err := asymkey_model.ListGPGKeys(db.DefaultContext, uid, listOptions)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "ListGPGKeys", err)
 		return
@ -29,7 +29,7 @@ func listGPGKeys(ctx *context.APIContext, uid int64, listOptions db.ListOptions)
 		apiKeys[i] = convert.ToGPGKey(keys[i])
 	}

-	total, err := models.CountUserGPGKeys(uid)
+	total, err := asymkey_model.CountUserGPGKeys(uid)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
@ -114,9 +114,9 @@ func GetGPGKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"

-	key, err := models.GetGPGKeyByID(ctx.ParamsInt64(":id"))
+	key, err := asymkey_model.GetGPGKeyByID(ctx.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrGPGKeyNotExist(err) {
+		if asymkey_model.IsErrGPGKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetGPGKeyByID", err)
@ -128,12 +128,12 @@ func GetGPGKey(ctx *context.APIContext) {

 // CreateUserGPGKey creates new GPG key to given user by ID.
 func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) {
-	token := models.VerificationToken(ctx.User, 1)
-	lastToken := models.VerificationToken(ctx.User, 0)
+	token := asymkey_model.VerificationToken(ctx.User, 1)
+	lastToken := asymkey_model.VerificationToken(ctx.User, 0)

-	keys, err := models.AddGPGKey(uid, form.ArmoredKey, token, form.Signature)
-	if err != nil && models.IsErrGPGInvalidTokenSignature(err) {
-		keys, err = models.AddGPGKey(uid, form.ArmoredKey, lastToken, form.Signature)
+	keys, err := asymkey_model.AddGPGKey(uid, form.ArmoredKey, token, form.Signature)
+	if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {
+		keys, err = asymkey_model.AddGPGKey(uid, form.ArmoredKey, lastToken, form.Signature)
 	}
 	if err != nil {
 		HandleAddGPGKeyError(ctx, err, token)
@ -156,7 +156,7 @@ func GetVerificationToken(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"

-	token := models.VerificationToken(ctx.User, 1)
+	token := asymkey_model.VerificationToken(ctx.User, 1)
 	ctx.PlainText(http.StatusOK, []byte(token))
 }

@ -178,25 +178,25 @@ func VerifyUserGPGKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/validationError"

 	form := web.GetForm(ctx).(*api.VerifyGPGKeyOption)
-	token := models.VerificationToken(ctx.User, 1)
-	lastToken := models.VerificationToken(ctx.User, 0)
+	token := asymkey_model.VerificationToken(ctx.User, 1)
+	lastToken := asymkey_model.VerificationToken(ctx.User, 0)

-	_, err := models.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
-	if err != nil && models.IsErrGPGInvalidTokenSignature(err) {
-		_, err = models.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
+	_, err := asymkey_model.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
+	if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {
+		_, err = asymkey_model.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
 	}

 	if err != nil {
-		if models.IsErrGPGInvalidTokenSignature(err) {
+		if asymkey_model.IsErrGPGInvalidTokenSignature(err) {
 			ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
 			return
 		}
 		ctx.Error(http.StatusInternalServerError, "VerifyUserGPGKey", err)
 	}

-	key, err := models.GetGPGKeysByKeyID(form.KeyID)
+	key, err := asymkey_model.GetGPGKeysByKeyID(form.KeyID)
 	if err != nil {
-		if models.IsErrGPGKeyNotExist(err) {
+		if asymkey_model.IsErrGPGKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetGPGKeysByKeyID", err)
@ -255,8 +255,8 @@ func DeleteGPGKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"

-	if err := models.DeleteGPGKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
-		if models.IsErrGPGKeyAccessDenied(err) {
+	if err := asymkey_model.DeleteGPGKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
+		if asymkey_model.IsErrGPGKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteGPGKey", err)
@ -270,15 +270,15 @@ func DeleteGPGKey(ctx *context.APIContext) {
 // HandleAddGPGKeyError handle add GPGKey error
 func HandleAddGPGKeyError(ctx *context.APIContext, err error, token string) {
 	switch {
-	case models.IsErrGPGKeyAccessDenied(err):
+	case asymkey_model.IsErrGPGKeyAccessDenied(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyAccessDenied", "You do not have access to this GPG key")
-	case models.IsErrGPGKeyIDAlreadyUsed(err):
+	case asymkey_model.IsErrGPGKeyIDAlreadyUsed(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyIDAlreadyUsed", "A key with the same id already exists")
-	case models.IsErrGPGKeyParsing(err):
+	case asymkey_model.IsErrGPGKeyParsing(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyParsing", err)
-	case models.IsErrGPGNoEmailFound(err):
+	case asymkey_model.IsErrGPGNoEmailFound(err):
 		ctx.Error(http.StatusNotFound, "GPGNoEmailFound", fmt.Sprintf("None of the emails attached to the GPG key could be found. It may still be added if you provide a valid signature for the token: %s", token))
-	case models.IsErrGPGInvalidTokenSignature(err):
+	case asymkey_model.IsErrGPGInvalidTokenSignature(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
 	default:
 		ctx.Error(http.StatusInternalServerError, "AddGPGKey", err)
--- a/routers/api/v1/user/key.go
+++ b/routers/api/v1/user/key.go
@ -7,7 +7,7 @@ package user
 import (
 	"net/http"

-	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/perm"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/context"
@ -17,13 +17,14 @@ import (
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/repo"
 	"code.gitea.io/gitea/routers/api/v1/utils"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 )

 // appendPrivateInformation appends the owner and key type information to api.PublicKey
-func appendPrivateInformation(apiKey *api.PublicKey, key *models.PublicKey, defaultUser *user_model.User) (*api.PublicKey, error) {
-	if key.Type == models.KeyTypeDeploy {
+func appendPrivateInformation(apiKey *api.PublicKey, key *asymkey_model.PublicKey, defaultUser *user_model.User) (*api.PublicKey, error) {
+	if key.Type == asymkey_model.KeyTypeDeploy {
 		apiKey.KeyType = "deploy"
-	} else if key.Type == models.KeyTypeUser {
+	} else if key.Type == asymkey_model.KeyTypeUser {
 		apiKey.KeyType = "user"

 		if defaultUser.ID == key.OwnerID {
@ -47,7 +48,7 @@ func composePublicKeysAPILink() string {
 }

 func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
-	var keys []*models.PublicKey
+	var keys []*asymkey_model.PublicKey
 	var err error
 	var count int

@ -58,14 +59,14 @@ func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
 		// Querying not just listing
 		if username != "" {
 			// Restrict to provided uid
-			keys, err = models.SearchPublicKey(user.ID, fingerprint)
+			keys, err = asymkey_model.SearchPublicKey(user.ID, fingerprint)
 		} else {
 			// Unrestricted
-			keys, err = models.SearchPublicKey(0, fingerprint)
+			keys, err = asymkey_model.SearchPublicKey(0, fingerprint)
 		}
 		count = len(keys)
 	} else {
-		total, err2 := models.CountPublicKeys(user.ID)
+		total, err2 := asymkey_model.CountPublicKeys(user.ID)
 		if err2 != nil {
 			ctx.InternalServerError(err)
 			return
@ -73,7 +74,7 @@ func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
 		count = int(total)

 		// Use ListPublicKeys
-		keys, err = models.ListPublicKeys(user.ID, utils.GetListOptions(ctx))
+		keys, err = asymkey_model.ListPublicKeys(user.ID, utils.GetListOptions(ctx))
 	}

 	if err != nil {
@ -177,9 +178,9 @@ func GetPublicKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"

-	key, err := models.GetPublicKeyByID(ctx.ParamsInt64(":id"))
+	key, err := asymkey_model.GetPublicKeyByID(ctx.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrKeyNotExist(err) {
+		if asymkey_model.IsErrKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetPublicKeyByID", err)
@ -197,13 +198,13 @@ func GetPublicKey(ctx *context.APIContext) {

 // CreateUserPublicKey creates new public key to given user by ID.
 func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) {
-	content, err := models.CheckPublicKeyString(form.Key)
+	content, err := asymkey_model.CheckPublicKeyString(form.Key)
 	if err != nil {
 		repo.HandleCheckKeyStringError(ctx, err)
 		return
 	}

-	key, err := models.AddPublicKey(uid, form.Title, content, 0)
+	key, err := asymkey_model.AddPublicKey(uid, form.Title, content, 0)
 	if err != nil {
 		repo.HandleAddKeyError(ctx, err)
 		return
@ -263,7 +264,7 @@ func DeletePublicKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"

 	id := ctx.ParamsInt64(":id")
-	externallyManaged, err := models.PublicKeyIsExternallyManaged(id)
+	externallyManaged, err := asymkey_model.PublicKeyIsExternallyManaged(id)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "PublicKeyIsExternallyManaged", err)
 	}
@ -271,10 +272,10 @@ func DeletePublicKey(ctx *context.APIContext) {
 		ctx.Error(http.StatusForbidden, "", "SSH Key is externally managed for this user")
 	}

-	if err := models.DeletePublicKey(ctx.User, id); err != nil {
-		if models.IsErrKeyNotExist(err) {
+	if err := asymkey_service.DeletePublicKey(ctx.User, id); err != nil {
+		if asymkey_model.IsErrKeyNotExist(err) {
 			ctx.NotFound()
-		} else if models.IsErrKeyAccessDenied(err) {
+		} else if asymkey_model.IsErrKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeletePublicKey", err)