bdb5393835
Critical: - CORS: replace allow_any_origin + credentials with env-configured origins - XSS: escape HTML before dangerouslySetInnerHTML in search results - Path traversal: sanitize storage keys to reject ".." components - Auth missing: add Session requirement to git init/open/is-repo endpoints - Transaction: wrap issue cascade delete in DB transaction High: - Mutex poisoning: replace unwrap() with poison-recovering guards - Drop tokio::spawn: use runtime handle or fallback thread for lock release - Redis KEYS: replace with non-blocking SCAN for typing events - SSH panic: handle missing stdin/stdout/stderr gracefully - LFS auth: remove x-user-uid header injection vector, generate per-request tokens Medium: - Memory leak: remove Box::leak in provider normalization - Race conditions: query closed count directly instead of subtraction - Silent failures: add tracing::warn for AI tasks, room events, activity logs - Frontend nav: sync activeRoomId when initialRoomId prop changes - Duplicate nav: remove redundant setActiveRoom in delete handler - Callback conflict: skip undefined values in updateCallbacks merge - Stale closure: use wsClient state instead of wsClientRef.current in useMemo Low: - Captcha: validate captcha not empty before login submission - Broadcast capacity: reduce from 100K to 1000 - Error handling: add try/catch for removeMember and updateMemberRole - Loading state: show placeholder instead of null in RepositoryContextProvider - WebSocket: add heartbeat ping and jitter to reconnect backoff
118 lines
4.1 KiB
Rust
118 lines
4.1 KiB
Rust
use crate::{ApiResponse, error::ApiError};
|
|
use actix_web::{HttpResponse, Result, web};
|
|
use service::AppService;
|
|
use service::git::init::GitInitRequest;
|
|
use session::Session;
|
|
|
|
#[utoipa::path(
|
|
post,
|
|
path = "/api/git/init",
|
|
request_body = GitInitRequest,
|
|
responses(
|
|
(status = 200, description = "Bare repository initialized", body = ApiResponse<service::git::init::GitInitResponse>),
|
|
(status = 401, description = "Unauthorized", body = ApiResponse<crate::error::ApiError>),
|
|
(status = 404, description = "Not found", body = ApiResponse<crate::error::ApiError>),
|
|
),
|
|
tag = "Git"
|
|
)]
|
|
pub async fn git_init_bare(
|
|
service: web::Data<AppService>,
|
|
session: Session,
|
|
body: web::Json<GitInitRequest>,
|
|
) -> Result<HttpResponse, ApiError> {
|
|
let resp = service.git_init_bare(body.into_inner(), &session).await?;
|
|
Ok(ApiResponse::ok(resp).to_response())
|
|
}
|
|
|
|
#[utoipa::path(
|
|
get,
|
|
path = "/api/git/open/{path}",
|
|
params(
|
|
("path" = String, Path, description = "Repository path"),
|
|
),
|
|
responses(
|
|
(status = 200, description = "Open repository", body = ApiResponse<service::git::init::GitInitResponse>),
|
|
(status = 401, description = "Unauthorized", body = ApiResponse<crate::error::ApiError>),
|
|
(status = 404, description = "Not found", body = ApiResponse<crate::error::ApiError>),
|
|
),
|
|
tag = "Git"
|
|
)]
|
|
pub async fn git_open(
|
|
service: web::Data<AppService>,
|
|
session: Session,
|
|
path: web::Path<String>,
|
|
) -> Result<HttpResponse, ApiError> {
|
|
let resp = service.git_open(path.into_inner(), &session).await?;
|
|
Ok(ApiResponse::ok(resp).to_response())
|
|
}
|
|
|
|
#[utoipa::path(
|
|
get,
|
|
path = "/api/git/open/{path}/workdir",
|
|
params(
|
|
("path" = String, Path, description = "Repository path"),
|
|
),
|
|
responses(
|
|
(status = 200, description = "Open repository working directory", body = ApiResponse<service::git::init::GitInitResponse>),
|
|
(status = 401, description = "Unauthorized", body = ApiResponse<crate::error::ApiError>),
|
|
(status = 404, description = "Not found", body = ApiResponse<crate::error::ApiError>),
|
|
),
|
|
tag = "Git"
|
|
)]
|
|
pub async fn git_open_workdir(
|
|
service: web::Data<AppService>,
|
|
session: Session,
|
|
path: web::Path<String>,
|
|
) -> Result<HttpResponse, ApiError> {
|
|
let resp = service.git_open_workdir(path.into_inner(), &session).await?;
|
|
Ok(ApiResponse::ok(resp).to_response())
|
|
}
|
|
|
|
#[utoipa::path(
|
|
get,
|
|
path = "/api/git/is-repo/{path}",
|
|
params(
|
|
("path" = String, Path, description = "Repository path"),
|
|
),
|
|
responses(
|
|
(status = 200, description = "Check if path is a repository", body = ApiResponse<bool>),
|
|
(status = 401, description = "Unauthorized", body = ApiResponse<crate::error::ApiError>),
|
|
(status = 404, description = "Not found", body = ApiResponse<crate::error::ApiError>),
|
|
),
|
|
tag = "Git"
|
|
)]
|
|
pub async fn git_is_repo(
|
|
service: web::Data<AppService>,
|
|
session: Session,
|
|
path: web::Path<String>,
|
|
) -> Result<HttpResponse, ApiError> {
|
|
let resp = service.git_is_repo(path.into_inner(), &session).await?;
|
|
Ok(ApiResponse::ok(resp).to_response())
|
|
}
|
|
|
|
#[utoipa::path(
|
|
get,
|
|
path = "/api/repos/{namespace}/{repo}/git/path",
|
|
params(
|
|
("namespace" = String, Path, description = "Repository namespace"),
|
|
("repo" = String, Path, description = "Repository name"),
|
|
),
|
|
responses(
|
|
(status = 200, description = "Repository path", body = ApiResponse<String>),
|
|
(status = 401, description = "Unauthorized", body = ApiResponse<crate::error::ApiError>),
|
|
(status = 404, description = "Not found", body = ApiResponse<crate::error::ApiError>),
|
|
),
|
|
tag = "Git"
|
|
)]
|
|
pub async fn git_repo_path(
|
|
service: web::Data<AppService>,
|
|
session: Session,
|
|
path: web::Path<(String, String)>,
|
|
) -> Result<HttpResponse, ApiError> {
|
|
let (namespace, repo_name) = path.into_inner();
|
|
let resp = service
|
|
.git_repo_path(namespace, repo_name, &session)
|
|
.await?;
|
|
Ok(HttpResponse::Ok().json(serde_json::json!({ "path": resp })))
|
|
}
|