Access repos by their ids (#1691)

closes #1295 closes #648 # TODO - [x] add new routes with `:repoID` - [x] load repo in middleware using `:repoID` if present - [x] update UI routes `:owner/:name` to `:repoID` - [x] load repos using id in UI - [x] add lookup endpoint `:owner/:name` to `:repoID` - [x] redirect `:owner/:name` to `:repoID` in UI - [x] use badge with `:repoID` route in UI - [x] update `woodpecker-go` - [x] check cli - [x] add migrations / deprecation notes - [x] check if #648 got solved directly - [x] Test - [x] create repo - [x] repo pages - [x] ui redirects - [x] forge status links
2025-09-19 15:47:33 +00:00 · 2023-06-12 16:07:52 -07:00
parent e3593cd9a4
commit ff01a9ff1d
98 changed files with 1402 additions and 1676 deletions
--- a/server/router/api.go
+++ b/server/router/api.go
@@ -61,8 +61,9 @@ func apiRoutes(e *gin.Engine) {
 			}
 		}

-		apiBase.POST("/repos/:owner/:name", session.MustUser(), api.PostRepo)
-		repoBase := apiBase.Group("/repos/:owner/:name")
+		apiBase.GET("/repos/lookup/*repo_full_name", api.LookupRepo) // TODO: check if this public route is a security issue
+		apiBase.POST("/repos", session.MustUser(), api.PostRepo)
+		repoBase := apiBase.Group("/repos/:repo_id")
 		{
 			repoBase.Use(session.SetRepo())
 			repoBase.Use(session.SetPerm())
@@ -125,12 +126,18 @@ func apiRoutes(e *gin.Engine) {
 			}
 		}

-		badges := apiBase.Group("/badges/:owner/:name")
+		badges := apiBase.Group("/badges/:repo_id_or_owner")
 		{
 			badges.GET("/status.svg", api.GetBadge)
 			badges.GET("/cc.xml", api.GetCC)
 		}

+		_badges := apiBase.Group("/badges/:repo_id_or_owner/:repo_name")
+		{
+			_badges.GET("/status.svg", api.GetBadge)
+			_badges.GET("/cc.xml", api.GetCC)
+		}
+
 		pipelines := apiBase.Group("/pipelines")
 		{
 			pipelines.Use(session.MustAdmin())
--- a/server/router/middleware/session/repo.go
+++ b/server/router/middleware/session/repo.go
@@ -17,6 +17,7 @@ package session
 import (
 	"errors"
 	"net/http"
+	"strconv"
 	"time"

 	"github.com/gin-gonic/gin"
@@ -44,14 +45,28 @@ func Repo(c *gin.Context) *model.Repo {
 func SetRepo() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		var (
-			_store = store.FromContext(c)
-			owner  = c.Param("owner")
-			name   = c.Param("name")
-			user   = User(c)
+			_store  = store.FromContext(c)
+			owner   = c.Param("owner")
+			name    = c.Param("name")
+			_repoID = c.Param("repo_id")
+			user    = User(c)
 		)

-		repo, err := _store.GetRepoName(owner + "/" + name)
-		if err == nil {
+		var repo *model.Repo
+		var err error
+		if _repoID != "" {
+			var repoID int64
+			repoID, err = strconv.ParseInt(_repoID, 10, 64)
+			if err != nil {
+				c.AbortWithStatus(http.StatusBadRequest)
+				return
+			}
+			repo, err = _store.GetRepo(repoID)
+		} else {
+			repo, err = _store.GetRepoName(owner + "/" + name)
+		}
+
+		if repo != nil {
 			c.Set("repo", repo)
 			c.Next()
 			return
@@ -64,15 +79,17 @@ func SetRepo() gin.HandlerFunc {
 			err.Error(),
 		)

-		if user != nil {
-			if errors.Is(err, types.RecordNotExist) {
-				c.AbortWithStatus(http.StatusNotFound)
-				return
-			}
-			_ = c.AbortWithError(http.StatusInternalServerError, err)
-		} else {
+		if user == nil {
 			c.AbortWithStatus(http.StatusUnauthorized)
+			return
 		}
+
+		if errors.Is(err, types.RecordNotExist) {
+			c.AbortWithStatus(http.StatusNotFound)
+			return
+		}
+
+		_ = c.AbortWithError(http.StatusInternalServerError, err)
 	}
 }