Add Gitea secrets storage and management

models/auth/secret.go

@@ -1,6 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package auth
 
@@ -10,34 +9,37 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"
 )
 
-type ErrSecretNameInvalid struct {
-	Name string
+type ErrSecretInvalidValue struct {
+	Name *string
+	Data *string
 }
 
-func (err ErrSecretNameInvalid) Error() string {
-	return fmt.Sprintf("secret name %s is invalid", err.Name)
-}
-
-type ErrSecretDataInvalid struct {
-	Data string
+func (err ErrSecretInvalidValue) Error() string {
+	if err.Name != nil {
+		return fmt.Sprintf("secret name %q is invalid", *err.Name)
+	}
+	if err.Data != nil {
+		return fmt.Sprintf("secret data %q is invalid", *err.Data)
+	}
+	return util.ErrInvalidArgument.Error()
 }
 
-func (err ErrSecretDataInvalid) Error() string {
-	return fmt.Sprintf("secret data %s is invalid", err.Data)
+func (err ErrSecretInvalidValue) Unwrap() error {
+	return util.ErrInvalidArgument
 }
 
-var nameRE = regexp.MustCompile("[^a-zA-Z0-9-_.]+")
+var nameRE = regexp.MustCompile("^[a-zA-Z_][a-zA-Z0-9-_.]*$")
 
 // Secret represents a secret
 type Secret struct {
 	ID          int64
 	UserID      int64              `xorm:"index NOTNULL"`
 	RepoID      int64              `xorm:"index NOTNULL"`
 	Name        string             `xorm:"NOTNULL"`
-	Data        string             `xorm:"TEXT"`
-	PullRequest bool               `xorm:"NOTNULL"`
+	Data        string             `xorm:"LONGTEXT"` // encrypted data, or plaintext data if there's no master key
 	CreatedUnix timeutil.TimeStamp `xorm:"created NOTNULL"`
 }
 
@@ -49,11 +51,11 @@ func init() {
 func (s *Secret) Validate() error {
 	switch {
 	case len(s.Name) == 0:
-		return ErrSecretNameInvalid{Name: s.Name}
+		return ErrSecretInvalidValue{Name: &s.Name}
 	case len(s.Data) == 0:
-		return ErrSecretDataInvalid{Data: s.Data}
+		return ErrSecretInvalidValue{Data: &s.Data}
 	case nameRE.MatchString(s.Name):
-		return ErrSecretNameInvalid{Name: s.Name}
+		return ErrSecretInvalidValue{Name: &s.Name}
 	default:
 		return nil
 	}

models/migrations/v1_19/v236.go

@@ -1,6 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package v1_19 //nolint
 
@@ -16,8 +15,7 @@ func CreateSecretsTable(x *xorm.Engine) error {
 		UserID      int64              `xorm:"index NOTNULL"`
 		RepoID      int64              `xorm:"index NOTNULL"`
 		Name        string             `xorm:"NOTNULL"`
-		Data        string             `xorm:"TEXT"`
-		PullRequest bool               `xorm:"NOTNULL"`
+		Data        string             `xorm:"LONGTEXT"`
 		CreatedUnix timeutil.TimeStamp `xorm:"created NOTNULL"`
 	}
 

options/locale/locale_en-US.ini

@@ -473,7 +473,7 @@ max_size_error = ` must contain at most %s characters.`
 email_error = ` is not a valid email address.`
 url_error = `'%s' is not a valid URL.`
 include_error = ` must contain substring '%s'.`
-in_error = ` can contain only specific values: %s.`
+in_error = ` can only contain specific values: %s.`
 glob_pattern_error = ` glob pattern is invalid: %s.`
 regex_pattern_error = ` regex pattern is invalid: %s.`
 username_error = ` can only contain alphanumeric chars ('0-9','a-z','A-Z'), dash ('-'), underscore ('_') and dot ('.'). It cannot begin or end with non-alphanumeric chars, and consecutive non-alphanumeric chars are also forbidden.`
@@ -2068,19 +2068,17 @@ settings.is_writable = Enable Write Access
 settings.is_writable_info = Allow this deploy key to <strong>push</strong> to the repository.
 settings.no_deploy_keys = There are no deploy keys yet.
 settings.secrets = Secrets
-settings.pull_request_read = Pull Request Read
-settings.pull_request_read_info = "If allow pull request read the secret, it's security related."
-settings.pull_request_read_hint = Allow pull request read the secret
 settings.add_secret = Add Secret
 settings.add_secret_success = The secret '%s' has been added.
 settings.secret_value_content_placeholder = Input any content
-settings.secret_desc = Secrets could be visited by repository events
+settings.secret_desc = Secrets will be passed to certain actions and cannot be read otherwise. 
 settings.secret_content = Value
-settings.secret_key = Key
+settings.secret_name = Name
 settings.no_secret = There are no secrets yet.
 settings.secret_deletion = Remove secret
 settings.secret_deletion_desc = Removing a secret will revoke its access to this repository. Continue?
 settings.secret_deletion_success = The secret has been removed.
+settings.secret_deletion_failed = Failed to remove secret.
 settings.title = Title
 settings.deploy_key_content = Content
 settings.key_been_used = A deploy key with identical content is already in use.

routers/web/org/setting.go

@@ -259,7 +259,7 @@ func Secrets(ctx *context.Context) {
 
 	secrets, err := secret_service.FindUserSecrets(ctx, ctx.Org.Organization.ID)
 	if err != nil {
-		ctx.ServerError("FindRepoSecrets", err)
+		ctx.ServerError("FindUserSecrets", err)
 		return
 	}
 	ctx.Data["Secrets"] = secrets
@@ -270,20 +270,21 @@ func Secrets(ctx *context.Context) {
 // SecretsPost add secrets
 func SecretsPost(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.AddSecretForm)
-	if err := secret_service.InsertOrgSecret(ctx, ctx.Org.Organization.ID, form.Title, form.Content, form.PullRequestRead); err != nil {
-		ctx.ServerError("InsertRepoSecret", err)
+	if err := secret_service.InsertOrgSecret(ctx, ctx.Org.Organization.ID, form.Title, form.Content); err != nil {
+		ctx.ServerError("InsertOrgSecret", err)
 		return
 	}
 
-	log.Trace("Secret added: %d", ctx.Org.Organization.ID)
+	log.Trace("Org %d: secret added", ctx.Org.Organization.ID)
 	ctx.Flash.Success(ctx.Tr("repo.settings.add_secret_success", form.Title))
 	ctx.Redirect(ctx.Org.OrgLink + "/settings/secrets")
 }
 
 // SecretsDelete delete secrets
 func SecretsDelete(ctx *context.Context) {
 	if err := secret_service.DeleteSecretByID(ctx, ctx.FormInt64("id")); err != nil {
-		ctx.Flash.Error("DeleteSecretByID: " + err.Error())
+		ctx.Flash.Error(ctx.Tr("repo.settings.secret_deletion_failed"))
+		log.Error("delete secret %d: %v", ctx.FormInt64("id"), err)
 	} else {
 		ctx.Flash.Success(ctx.Tr("repo.settings.secret_deletion_success"))
 	}

routers/web/repo/setting.go

@@ -1127,7 +1127,7 @@ func DeployKeys(ctx *context.Context) {
 // SecretsPost response for creating a new secret
 func SecretsPost(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.AddKeyForm)
-	if err := secret_service.InsertRepoSecret(ctx, ctx.Repo.Repository.ID, form.Title, form.Content, form.PullRequestRead); err != nil {
+	if err := secret_service.InsertRepoSecret(ctx, ctx.Repo.Repository.ID, form.Title, form.Content); err != nil {
 		ctx.ServerError("InsertRepoSecret", err)
 		return
 	}
@@ -1206,7 +1206,8 @@ func DeployKeysPost(ctx *context.Context) {
 
 func DeleteSecret(ctx *context.Context) {
 	if err := secret_service.DeleteSecretByID(ctx, ctx.FormInt64("id")); err != nil {
-		ctx.Flash.Error("DeleteSecretByID: " + err.Error())
+		ctx.Flash.Error(ctx.Tr("repo.settings.secret_deletion_failed"))
+		log.Error("delete secret %d: %v", ctx.FormInt64("id"), err)
 	} else {
 		ctx.Flash.Success(ctx.Tr("repo.settings.secret_deletion_success"))
 	}

routers/web/web.go

@@ -776,7 +776,7 @@ func RegisterRoutes(m *web.Route) {
 
 				m.Group("/secrets", func() {
 					m.Get("", org.Secrets)
-					m.Post("", bindIgnErr(forms.AddSecretForm{}), org.SecretsPost)
+					m.Post("", web.Bind(forms.AddSecretForm{}), org.SecretsPost)
 					m.Post("/delete", org.SecretsDelete)
 				})
 

services/forms/user_form.go

@@ -350,14 +350,13 @@ func (f *AddOpenIDForm) Validate(req *http.Request, errs binding.Errors) binding
 
 // AddKeyForm form for adding SSH/GPG key
 type AddKeyForm struct {
-	Type            string `binding:"OmitEmpty"`
-	Title           string `binding:"Required;MaxSize(50)"`
-	Content         string `binding:"Required"`
-	Signature       string `binding:"OmitEmpty"`
-	KeyID           string `binding:"OmitEmpty"`
-	Fingerprint     string `binding:"OmitEmpty"`
-	IsWritable      bool
-	PullRequestRead bool
+	Type        string `binding:"OmitEmpty"`
+	Title       string `binding:"Required;MaxSize(50)"`
+	Content     string `binding:"Required"`
+	Signature   string `binding:"OmitEmpty"`
+	KeyID       string `binding:"OmitEmpty"`
+	Fingerprint string `binding:"OmitEmpty"`
+	IsWritable  bool
 }
 
 // Validate validates the fields
@@ -368,9 +367,8 @@ func (f *AddKeyForm) Validate(req *http.Request, errs binding.Errors) binding.Er
 
 // AddSecretForm for adding secrets
 type AddSecretForm struct {
-	Title           string `binding:"Required;MaxSize(50)"`
-	Content         string `binding:"Required"`
-	PullRequestRead bool
+	Title   string `binding:"Required;MaxSize(50)"`
+	Content string `binding:"Required"`
 }
 
 // Validate validates the fields

services/secrets/encryption.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package secrets
 

services/secrets/encryption_aes.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package secrets
 
@@ -59,7 +58,7 @@ func (e *aesEncryptionProvider) Decrypt(enc, key []byte) ([]byte, error) {
 	}
 
 	if len(enc) < c.NonceSize() {
-		return nil, fmt.Errorf("encrypted value too short")
+		return nil, fmt.Errorf("encrypted value has length %d, which is too short for expected %d", len(enc), c.NonceSize())
 	}
 
 	nonce := enc[:c.NonceSize()]

services/secrets/encryption_aes_test.go

@@ -1,6 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package secrets
 

services/secrets/masterkey.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package secrets
 

services/secrets/masterkey_nop.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package secrets
 

services/secrets/masterkey_nop_test.go

@@ -1,6 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package secrets
 

services/secrets/masterkey_plain.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package secrets
 

services/secrets/secrets.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package secrets
 
@@ -106,29 +105,27 @@ func DecryptString(enc string) (string, error) {
 	return encProvider.DecryptString(enc, key)
 }
 
-func InsertRepoSecret(ctx context.Context, repoID int64, key, data string, pullRequest bool) error {
+func InsertRepoSecret(ctx context.Context, repoID int64, key, data string) error {
 	v, err := EncryptString(data)
 	if err != nil {
 		return err
 	}
 	return db.Insert(ctx, &auth_model.Secret{
-		RepoID:      repoID,
-		Name:        key,
-		Data:        v,
-		PullRequest: pullRequest,
+		RepoID: repoID,
+		Name:   key,
+		Data:   v,
 	})
 }
 
-func InsertOrgSecret(ctx context.Context, userID int64, key, data string, pullRequest bool) error {
+func InsertOrgSecret(ctx context.Context, userID int64, key, data string) error {
 	v, err := EncryptString(data)
 	if err != nil {
 		return err
 	}
 	return db.Insert(ctx, &auth_model.Secret{
-		UserID:      userID,
-		Name:        key,
-		Data:        v,
-		PullRequest: pullRequest,
+		UserID: userID,
+		Name:   key,
+		Data:   v,
 	})
 }
 

templates/install.tmpl

@@ -170,21 +170,21 @@
 						<span class="help">{{.locale.Tr "install.enable_update_checker_helper"}}</span>
 					</div>
 
-					<!-- Security Settings -->
-					<h4 class="ui dividing header">{{.i18n.Tr "install.security_title"}}</h4>
+					<!-- Security Settings, especially MASTER_KEY -->
+					<h4 class="ui dividing header">{{.locale.Tr "install.security_title"}}</h4>
 
 					<div class="inline required field">
-						<label>{{.i18n.Tr "install.master_key_provider"}}</label>
+						<label>{{.locale.Tr "install.master_key_provider"}}</label>
 						<div class="ui selection master-key-provider dropdown">
 							<input type="hidden" name="master_key_provider" value="{{if .master_key_provider}}{{.master_key_provider}}{{else}}plain{{end}}">
-							<div class="text">{{.i18n.Tr "install.master_key_provider_plain"}}</div>
+							<div class="text">{{.locale.Tr "install.master_key_provider_plain"}}</div>
 							{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 							<div class="menu">
-								<div class="item" data-value="none">{{.i18n.Tr "install.master_key_provider_none"}}</div>
-								<div class="item" data-value="plain">{{.i18n.Tr "install.master_key_provider_plain"}}</div>
+								<div class="item" data-value="none">{{.locale.Tr "install.master_key_provider_none"}}</div>
+								<div class="item" data-value="plain">{{.locale.Tr "install.master_key_provider_plain"}}</div>
 							</div>
 						</div>
-						<span class="help">{{.i18n.Tr "install.master_key_provider_helper"}}</span>
+						<span class="help">{{.locale.Tr "install.master_key_provider_helper"}}</span>
 					</div>
 
 					<!-- Optional Settings -->

templates/org/settings/navbar.tmpl

@@ -12,7 +12,7 @@
 		<a class="{{if .PageIsOrgSettingsLabels}}active {{end}}item" href="{{.OrgLink}}/settings/labels">
 			{{.locale.Tr "repo.labels"}}
 		</a>
-		<a class="{{if .PageIsOrgSettingsSecrets}}active{{end}} item" href="{{.OrgLink}}/settings/secrets">
+		<a class="{{if .PageIsOrgSettingsSecrets}}active {{end}}item" href="{{.OrgLink}}/settings/secrets">
 			{{.locale.Tr "org.settings.secrets"}}
 		</a>
 		{{if .EnableOAuth2}}