From 01805df059890315a1a11f642bc604fc51cfd7fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Minelli?= <michael@minelli.me>
Date: Thu, 29 Jun 2023 18:03:20 +0200
Subject: [PATCH] EnonceRoutes => Add template checking on enonce creation

---
 ExpressAPI/src/routes/EnonceRoutes.ts | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/ExpressAPI/src/routes/EnonceRoutes.ts b/ExpressAPI/src/routes/EnonceRoutes.ts
index 0df2c54..0abb9dc 100644
--- a/ExpressAPI/src/routes/EnonceRoutes.ts
+++ b/ExpressAPI/src/routes/EnonceRoutes.ts
@@ -33,11 +33,16 @@ class EnonceRoutes implements RoutesManager {
     }
 
     private readonly enonceValidator: ExpressValidator.Schema = {
-        name   : {
+        name    : {
             trim    : true,
             notEmpty: true
         },
-        members: {
+        members : {
+            trim    : true,
+            notEmpty: true
+        },
+        template: {
+            optional: true,
             trim    : true,
             notEmpty: true
         }
@@ -48,10 +53,22 @@ class EnonceRoutes implements RoutesManager {
     }
 
     private async createEnonce(req: ApiRequest, res: express.Response) {
-        const params: { name: string, members: string } = req.body;
+        const params: { name: string, members: string, template: string | null } = req.body;
         const gitlabMembers: Array<GitlabUser> = JSON.parse(params.members) as Array<GitlabUser>;
 
-        const repository: GitlabRepository = await GitlabHelper.createRepository(params.name, Config.enonce.default.description.replace('{{ENONCE_NAME}}', params.name), Config.enonce.default.visibility, Config.enonce.default.initReadme, Config.gitlab.group.enonces, Config.enonce.default.sharedRunnersEnabled, Config.enonce.default.wikiEnabled, Config.enonce.default.template);
+        let template: string = Config.enonce.default.template;
+        if ( params.template ) {
+            template = params.template;
+            const templateAccess = await GitlabHelper.checkTemplateAccess(template, req);
+
+            if ( templateAccess !== StatusCodes.OK ) {
+                return res.status(templateAccess).send();
+            } else {
+                template = `${ Config.gitlab.urls[0].replace(/^([a-z]{3,5}:\/{2})?(.*)/, `$1${ Config.gitlab.account.username }:${ Config.gitlab.account.token }@$2`) }${ template }.git`;
+            }
+        }
+
+        const repository: GitlabRepository = await GitlabHelper.createRepository(params.name, Config.enonce.default.description.replace('{{ENONCE_NAME}}', params.name), Config.enonce.default.visibility, Config.enonce.default.initReadme, Config.gitlab.group.enonces, Config.enonce.default.sharedRunnersEnabled, Config.enonce.default.wikiEnabled, template);
         const members: Array<GitlabMember | false> = await Promise.all([ req.session.profile.userGitlabId, ...gitlabMembers.map(member => member.id) ].map(async (memberId: number): Promise<GitlabMember | false> => {
             try {
                 return await GitlabHelper.addRepositoryMember(repository.id, memberId, GitlabAccessLevel.Maintainer);
@@ -79,7 +96,7 @@ class EnonceRoutes implements RoutesManager {
                                              });
         }));
 
-        req.session.sendResponse(res, StatusCodes.OK, enonce);
+        req.session.sendResponse(res, StatusCodes.OK, enonce.toJsonObject());
     }
 }
 
-- 
GitLab