Getting and updating non existing hook via API results in internal server error 500

[matusf]

Description

Hi, I've been fuzzing Gitea with openapi-fuzzer and found, that sending a GET or PATCH request to api/v1/admin/hooks/{id} endpoint with non existing hook id causes the Gitea to respond with internal server error 500 status code. I'm unable to reproduce it in try.gitea.io because those endpoints require admin privileges.

GET

request & response

curl -X GET -H "Authorization: token $TOKEN" http://127.0.0.1:3000/api/v1/admin/hooks/x
{
  "message": "webhook does not exist [id: 0]",
  "url": "http://localhost:3000/api/swagger"
}

logs

2023/06/27 23:42:05 ...pi/v1/admin/hooks.go:77:GetHook() [E] [649b57ad] GetSystemOrDefaultWebhook: webhook does not exist [id: 0]
2023/06/27 23:42:05 [649b57ad] router: completed GET /api/v1/admin/hooks/x for 127.0.0.1:37898, 500 Internal Server Error in 40.0ms @ admin/hooks.go:57(admin.GetHook)

PATCH

request & response

curl -X PATCH -H "Authorization: token $TOKEN" http://127.0.0.1:3000/api/v1/admin/hooks/x
{
  "message": "webhook does not exist [id: 0]",
  "url": "http://localhost:3000/api/swagger"
}

logs

2023/06/27 23:42:55 ...api/v1/utils/hook.go:217:EditSystemHook() [E] [649b57df] GetSystemOrDefaultWebhook: webhook does not exist [id: 0]
2023/06/27 23:42:55 [649b57df] router: completed PATCH /api/v1/admin/hooks/x for 127.0.0.1:58622, 500 Internal Server Error in 28.9ms @ admin/hooks.go:116(admin.EditHook)

Gitea Version

1.19.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

linux

How are you running Gitea?

• I downloaded Gitea from Github releases
• I run it from command-line.
• I did not use a package or systemd

Database

SQLite

[Zettat123]

should have been fixed by #24823