// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package migrations
import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/migrations/base"
"code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/util"
jsoniter "github.com/json-iterator/go"
"xorm.io/builder"
"xorm.io/xorm"
)
func deleteMigrationCredentials(x *xorm.Engine) (err error) {
const batchSize = 100
// only match migration tasks, that are not pending or running
cond := builder.Eq{
"type": structs.TaskTypeMigrateRepo,
}.And(builder.Gte{
"status": structs.TaskStatusStopped,
})
sess := x.NewSession()
defer sess.Close()
for start := 0; ; start += batchSize {
tasks := make([]*models.Task, 0, batchSize)
if err = sess.Limit(batchSize, start).Where(cond, 0).Find(&tasks); err != nil {
return
}
if len(tasks) == 0 {
break
if err = sess.Begin(); err != nil {
for _, t := range tasks {
if t.PayloadContent, err = removeCredentials(t.PayloadContent); err != nil {
if _, err = sess.ID(t.ID).Cols("payload_content").Update(t); err != nil {
if err = sess.Commit(); err != nil {
func removeCredentials(payload string) (string, error) {
var opts base.MigrateOptions
json := jsoniter.ConfigCompatibleWithStandardLibrary
err := json.Unmarshal([]byte(payload), &opts)
if err != nil {
return "", err
opts.AuthPassword = ""
opts.AuthToken = ""
opts.CloneAddr = util.NewStringURLSanitizer(opts.CloneAddr, true).Replace(opts.CloneAddr)
confBytes, err := json.Marshal(opts)
return string(confBytes), nil