FIX Adjust call gitea api for security

2020-11-27 10:18:31 +08:00 · 2020-11-27 10:18:31 +08:00 · 1daf8591ca
parent a8cbe566cb
commit 1daf8591ca
4 changed files with 15 additions and 16 deletions
--- a/app/interactors/gitea/register_interactor.rb
+++ b/app/interactors/gitea/register_interactor.rb
@ -22,7 +22,7 @@ module Gitea

    def run
      Gitea::UserForm.new(params).validate!
-      response = Gitea::User::RegisterService.new(params).call
+      response = Gitea::User::RegisterService.call(params.merge(token: token))
      render_result(response)
    rescue Exception => exception
      Rails.logger.info "Exception ===========> #{exception.message}"
@ -41,5 +41,12 @@ module Gitea
    def render_result(response)
      @result = response
    end
+
+    def token
+      {
+        username: Gitea.gitea_config[:access_key_id],
+        password: Gitea.gitea_config[:access_key_secret]
+      }
+    end
  end
 end
--- a/app/services/gitea/client_service.rb
+++ b/app/services/gitea/client_service.rb
@ -69,9 +69,10 @@ class Gitea::ClientService < ApplicationService

  private
  def conn(auth={})
-    username = auth[:username] || access_key_id
-    secret = auth[:password] || access_key_secret
+    username = auth[:username]
+    secret = auth[:password]
    token = auth[:token]
+
    puts "[gitea] username: #{username}"
    puts "[gitea]   secret: #{secret}"
    puts "[gitea]    token: #{token}"
@ -101,14 +102,6 @@ class Gitea::ClientService < ApplicationService
    Gitea.gitea_config[:domain]
  end

-  def access_key_id
-    Gitea.gitea_config[:access_key_id]
-  end
-
-  def access_key_secret
-    Gitea.gitea_config[:access_key_secret]
-  end
-
  def api_url
    [domain, base_url].join('')
  end
@ -134,9 +127,9 @@ class Gitea::ClientService < ApplicationService
      raise Error, mark + "401"
    when 422
      result = JSON.parse(response&.body)
-      puts "[gitea] parse body: #{result}"
+      puts "[gitea] parse body: #{result['message']}"
      # return {status: -1, message: result[0]}
-      raise Error, result[0]
+      raise Error, result['message']
    when 204

      puts "[gitea] "
--- a/app/services/gitea/user/register_service.rb
+++ b/app/services/gitea/user/register_service.rb
@ -7,8 +7,7 @@ class Gitea::User::RegisterService < Gitea::ClientService
  end

  def call
-    params = {}
-    params = params.merge(data: user_params)
+    params = Hash.new.merge(data: user_params, token: @token)
    post(API_REST, params)
  end

--- a/app/services/gitea/user/update_service.rb
+++ b/app/services/gitea/user/update_service.rb
@ -17,7 +17,7 @@ class Gitea::User::UpdateService < Gitea::ClientService
  # source_id	integer($int64)
  # website	string

-  def initialize(edit_username, params={}, token=nil)
+  def initialize(edit_username, params={}, token={username: Gitea.gitea_config[:access_key_id], password: Gitea.gitea_config[:access_key_secret]})
    @token         = token
    @params        = params
    @edit_username = edit_username