diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index cbea5a95dd5f..b05d2a484081 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -282,6 +282,8 @@ var migrations = []Migration{ NewMigration("remove release attachments which repository deleted", removeAttachmentMissedRepo), // v113 -> v114 NewMigration("new feature: change target branch of pull requests", featureChangeTargetBranch), + // v113 -> v114 + NewMigration("Remove authentication credentials from stored URL", sanitizeOriginalURL), } // Migrate database to current version diff --git a/models/migrations/v114.go b/models/migrations/v114.go new file mode 100644 index 000000000000..f4bf2f99da83 --- /dev/null +++ b/models/migrations/v114.go @@ -0,0 +1,60 @@ +// Copyright 2019 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "net/url" + "strings" + + "xorm.io/xorm" +) + +func sanitizeOriginalURL(x *xorm.Engine) error { + + type Repository struct { + ID int64 + OriginalURL string `xorm:"VARCHAR(2048)"` + } + + sess := x.NewSession() + defer sess.Close() + var last int + const batchSize = 50 + for { + var results = make([]Repository, 0, batchSize) + err := x.Where("original_url <> '' AND original_url IS NOT NULL"). + And("original_service_type = 0 OR original_service_type IS NULL"). + OrderBy("id"). + Limit(batchSize, last). + Find(&results) + if err != nil { + return err + } + if len(results) == 0 { + break + } + last += len(results) + + for _, res := range results { + u, err := url.Parse(res.OriginalURL) + if err != nil { + // it is ok to continue here, we only care about fixing URLs that we can read + continue + } + + if len(u.User.Username()) > 0 { + pass, _ := u.User.Password() + userAuth := u.User.Username() + ":" + pass + "@" + OriginalURL := strings.Replace(res.OriginalURL, userAuth, "", -1) + + _, err = x.Exec("UPDATE repository SET original_url = ? WHERE id = ?", OriginalURL, res.ID) + if err != nil { + return err + } + } + } + } + return nil +}