From 21910a1718dafb6cbf21c93d744e16dcc6f9d224 Mon Sep 17 00:00:00 2001
From: Michael Jerger <michael.jerger@meissa-gmbh.de>
Date: Mon, 23 Oct 2023 17:16:38 +0200
Subject: [PATCH] wip: load repo to ctx

---
 routers/api/v1/activitypub/repository.go |  2 +-
 routers/api/v1/api.go                    | 10 +++++++-
 services/context/repository.go           | 32 ++++++++++++++++++++++++
 3 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 services/context/repository.go

diff --git a/routers/api/v1/activitypub/repository.go b/routers/api/v1/activitypub/repository.go
index 9dc84c2ec0..1f2599f0de 100644
--- a/routers/api/v1/activitypub/repository.go
+++ b/routers/api/v1/activitypub/repository.go
@@ -1,4 +1,4 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
+// Copyright 2023 The Gitea forgejoAuthors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package activitypub
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 0df9787f24..8796ae52f7 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -833,6 +833,11 @@ func Routes() *web.Route {
 					m.Get("", activitypub.Person)
 					m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.PersonInbox)
 				}, context_service.UserIDAssignmentAPI())
+				// TODO: implement ctx
+				m.Group("/repository-id/{repsitory-id}", func() {
+					m.Get("", activitypub.Repository)
+					m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.RepositoryInbox)
+				}, context_service.RepositoryAssignmentAPI())
 			}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryActivityPub))
 		}
 
@@ -1006,7 +1011,10 @@ func Routes() *web.Route {
 			repo.CreateOrgRepoDeprecated)
 
 		// requires repo scope
-		m.Combo("/repositories/{id}", reqToken(), tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository)).Get(repo.GetByID)
+		m.Combo("/repositories/{id}", 
+			reqToken(), 
+			tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository)
+		).Get(repo.GetByID)
 
 		// Repos (requires repo scope)
 		m.Group("/repos", func() {
diff --git a/services/context/repository.go b/services/context/repository.go
new file mode 100644
index 0000000000..74c60f4715
--- /dev/null
+++ b/services/context/repository.go
@@ -0,0 +1,32 @@
+// Copyright 2023 The forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package context
+
+import (
+	"net/http"
+
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/modules/context"
+)
+
+// RepositoryIDAssignmentAPI returns a middleware to handle context-repo assignment for api routes
+func RepositoryIDAssignmentAPI() func(ctx *context.APIContext) {
+	return func(ctx *context.APIContext) {
+		// TODO: enough validation for security?
+		repositoryID := ctx.ParamsInt64(":repository-id")
+
+		//TODO: check auth here ?
+		if !ctx.Repo.HasAccess() && !ctx.IsUserSiteAdmin() {
+			ctx.Error(http.StatusForbidden, "reqAnyRepoReader", "user should have any permission to read repository or permissions of site admin")
+			return
+		}
+
+		var err error
+		ctx.Repo, err = repo_model.GetRepositoryByID(ctx, repositoryID)
+
+		if err != nil {
+			ctx.Error(http.StatusInternalServerError, "GetRepositoryByID", err)
+		}
+	}
+}