Add migration to sanitize repository original_url (#9423)

* Add migration to sanitize repository original_url

During a large code move in #6200 the OriginalURL field was
accidentially changed to be populated with the CloneAddr field which
will contain the username and/or password provided during a migration.

This behavior was fixed in previous PR #9097 and this migration will
remove any authentication details that were stored in the database
between those two.

* use net/url to rebuild URL instead of strings.Replace

* Update models/migrations/migrations.go

* changes per lunny

* make fmt
This commit is contained in:
mrsdizzie 2019-12-19 04:49:48 -05:00 committed by Lunny Xiao
parent 4147cc91ed
commit e57f763937
2 changed files with 54 additions and 0 deletions

@ -282,6 +282,8 @@ var migrations = []Migration{
NewMigration("remove release attachments which repository deleted", removeAttachmentMissedRepo),
// v113 -> v114
NewMigration("new feature: change target branch of pull requests", featureChangeTargetBranch),
// v114 -> v115
NewMigration("Remove authentication credentials from stored URL", sanitizeOriginalURL),
}
// Migrate database to current version

52
models/migrations/v114.go Normal file

@ -0,0 +1,52 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package migrations
import (
"net/url"
"xorm.io/xorm"
)
func sanitizeOriginalURL(x *xorm.Engine) error {
type Repository struct {
ID int64
OriginalURL string `xorm:"VARCHAR(2048)"`
}
var last int
const batchSize = 50
for {
var results = make([]Repository, 0, batchSize)
err := x.Where("original_url <> '' AND original_url IS NOT NULL").
And("original_service_type = 0 OR original_service_type IS NULL").
OrderBy("id").
Limit(batchSize, last).
Find(&results)
if err != nil {
return err
}
if len(results) == 0 {
break
}
last += len(results)
for _, res := range results {
u, err := url.Parse(res.OriginalURL)
if err != nil {
// it is ok to continue here, we only care about fixing URLs that we can read
continue
}
u.User = nil
originalURL := u.String()
_, err = x.Exec("UPDATE repository SET original_url = ? WHERE id = ?", originalURL, res.ID)
if err != nil {
return err
}
}
}
return nil
}