woodpecker/server/grpc/auth_server.go

// Copyright 2023 Woodpecker Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package grpc

import (
	"context"
	"errors"
	"fmt"

	"github.com/rs/zerolog/log"

	"go.woodpecker-ci.org/woodpecker/v2/pipeline/rpc/proto"
	"go.woodpecker-ci.org/woodpecker/v2/server/model"
	"go.woodpecker-ci.org/woodpecker/v2/server/store"
	"go.woodpecker-ci.org/woodpecker/v2/server/store/types"
)

type WoodpeckerAuthServer struct {
	proto.UnimplementedWoodpeckerAuthServer
	jwtManager       *JWTManager
	agentMasterToken string
	store            store.Store
}

func NewWoodpeckerAuthServer(jwtManager *JWTManager, agentMasterToken string, store store.Store) *WoodpeckerAuthServer {
	return &WoodpeckerAuthServer{jwtManager: jwtManager, agentMasterToken: agentMasterToken, store: store}
}

func (s *WoodpeckerAuthServer) Auth(_ context.Context, req *proto.AuthRequest) (*proto.AuthResponse, error) {
	agent, err := s.getAgent(req.AgentId, req.AgentToken)
	if err != nil {
		return nil, fmt.Errorf("agent could not auth: %w", err)
	}

	accessToken, err := s.jwtManager.Generate(agent.ID)
	if err != nil {
		return nil, err
	}

	return &proto.AuthResponse{
		Status:      "ok",
		AgentId:     agent.ID,
		AccessToken: accessToken,
	}, nil
}

func (s *WoodpeckerAuthServer) getAgent(agentID int64, agentToken string) (*model.Agent, error) {
	// global agent secret auth
	if s.agentMasterToken != "" {
		if agentToken == s.agentMasterToken && agentID == -1 {
			agent := new(model.Agent)
			agent.Name = ""
			agent.OwnerID = -1 // system agent
			agent.Token = s.agentMasterToken
			agent.Backend = ""
			agent.Platform = ""
			agent.Capacity = -1
			err := s.store.AgentCreate(agent)
			if err != nil {
				log.Error().Err(err).Msg("error creating system agent")
				return nil, err
			}
			return agent, nil
		}

		if agentToken == s.agentMasterToken {
			agent, err := s.store.AgentFind(agentID)
			if err != nil && errors.Is(err, types.RecordNotExist) {
				return nil, fmt.Errorf("AgentID not found in database")
			}
			return agent, err
		}
	}

	// individual agent token auth
	agent, err := s.store.AgentFindByToken(agentToken)
	if err != nil && errors.Is(err, types.RecordNotExist) {
		return nil, fmt.Errorf("individual agent not found by token: %w", err)
	}
	return agent, err
}
Agent check gRPC version against server (#1653) close #1114 As long as the `VersionResponse` type is not changed the check will fail/pass gracefully example output: ``` {"level":"error","error":"GRPC version mismatch","time":"2023-03-19T19:49:09+01:00","message":"Server version next-6923e7ab does report grpc version 2 but we only understand 1"} GRPC version mismatch ``` 2023-03-19 21:42:21 +00:00			`// Copyright 2023 Woodpecker Authors`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

Store an agents list and add agent heartbeats (#1189) Co-authored-by: 6543 <6543@obermui.de> 2023-01-28 13:13:04 +00:00			`package grpc`

			`import (`
			`"context"`
Fix agent auth (#1952) if no global agent secret set, disable agent registration via it 2023-07-08 16:09:34 +00:00			`"errors"`
			`"fmt"`
Store an agents list and add agent heartbeats (#1189) Co-authored-by: 6543 <6543@obermui.de> 2023-01-28 13:13:04 +00:00
			`"github.com/rs/zerolog/log"`

Update go module path for major version 2 (#2905) https://go.dev/doc/modules/release-workflow#breaking Fixes https://github.com/woodpecker-ci/woodpecker/issues/2913 fixes #2654 ``` runephilosof@fedora:~/code/platform-woodpecker/woodpecker-repo-configurator (master)$ go get go.woodpecker-ci.org/woodpecker@v2.0.0 go: go.woodpecker-ci.org/woodpecker@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("go.woodpecker-ci.org/woodpecker/v2") ``` --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> 2023-12-08 07:15:08 +00:00			`"go.woodpecker-ci.org/woodpecker/v2/pipeline/rpc/proto"`
			`"go.woodpecker-ci.org/woodpecker/v2/server/model"`
			`"go.woodpecker-ci.org/woodpecker/v2/server/store"`
			`"go.woodpecker-ci.org/woodpecker/v2/server/store/types"`
Store an agents list and add agent heartbeats (#1189) Co-authored-by: 6543 <6543@obermui.de> 2023-01-28 13:13:04 +00:00			`)`

			`type WoodpeckerAuthServer struct {`
			`proto.UnimplementedWoodpeckerAuthServer`
			`jwtManager *JWTManager`
			`agentMasterToken string`
			`store store.Store`
			`}`

			`func NewWoodpeckerAuthServer(jwtManager JWTManager, agentMasterToken string, store store.Store) WoodpeckerAuthServer {`
			`return &WoodpeckerAuthServer{jwtManager: jwtManager, agentMasterToken: agentMasterToken, store: store}`
			`}`

Agent check gRPC version against server (#1653) close #1114 As long as the `VersionResponse` type is not changed the check will fail/pass gracefully example output: ``` {"level":"error","error":"GRPC version mismatch","time":"2023-03-19T19:49:09+01:00","message":"Server version next-6923e7ab does report grpc version 2 but we only understand 1"} GRPC version mismatch ``` 2023-03-19 21:42:21 +00:00			`func (s WoodpeckerAuthServer) Auth(_ context.Context, req proto.AuthRequest) (*proto.AuthResponse, error) {`
Fix linter (#1647) 2023-03-18 19:35:27 +00:00			`agent, err := s.getAgent(req.AgentId, req.AgentToken)`
Store an agents list and add agent heartbeats (#1189) Co-authored-by: 6543 <6543@obermui.de> 2023-01-28 13:13:04 +00:00			`if err != nil {`
Enable golangci linter stylecheck (#3167) This PR only fixes error string formatting, log message strings are still mixed upper/lowercase (see https://github.com/woodpecker-ci/woodpecker/pull/3161#issuecomment-1885140649) and I'm not aware of a linter to enforce it. 2024-01-10 21:56:42 +00:00			`return nil, fmt.Errorf("agent could not auth: %w", err)`
Store an agents list and add agent heartbeats (#1189) Co-authored-by: 6543 <6543@obermui.de> 2023-01-28 13:13:04 +00:00			`}`

			`accessToken, err := s.jwtManager.Generate(agent.ID)`
			`if err != nil {`
			`return nil, err`
			`}`

Agent check gRPC version against server (#1653) close #1114 As long as the `VersionResponse` type is not changed the check will fail/pass gracefully example output: ``` {"level":"error","error":"GRPC version mismatch","time":"2023-03-19T19:49:09+01:00","message":"Server version next-6923e7ab does report grpc version 2 but we only understand 1"} GRPC version mismatch ``` 2023-03-19 21:42:21 +00:00			`return &proto.AuthResponse{`
Store an agents list and add agent heartbeats (#1189) Co-authored-by: 6543 <6543@obermui.de> 2023-01-28 13:13:04 +00:00			`Status: "ok",`
			`AgentId: agent.ID,`
			`AccessToken: accessToken,`
			`}, nil`
			`}`

Fix linter (#1647) 2023-03-18 19:35:27 +00:00			`func (s WoodpeckerAuthServer) getAgent(agentID int64, agentToken string) (model.Agent, error) {`
Fix agent auth (#1952) if no global agent secret set, disable agent registration via it 2023-07-08 16:09:34 +00:00			`// global agent secret auth`
			`if s.agentMasterToken != "" {`
			`if agentToken == s.agentMasterToken && agentID == -1 {`
			`agent := new(model.Agent)`
			`agent.Name = ""`
			`agent.OwnerID = -1 // system agent`
			`agent.Token = s.agentMasterToken`
			`agent.Backend = ""`
			`agent.Platform = ""`
			`agent.Capacity = -1`
			`err := s.store.AgentCreate(agent)`
			`if err != nil {`
Lowercase all log strings (#3173) from #3161 --------- Co-authored-by: 6543 <6543@obermui.de> 2024-01-11 18:17:07 +00:00			`log.Error().Err(err).Msg("error creating system agent")`
Fix agent auth (#1952) if no global agent secret set, disable agent registration via it 2023-07-08 16:09:34 +00:00			`return nil, err`
			`}`
			`return agent, nil`
Store an agents list and add agent heartbeats (#1189) Co-authored-by: 6543 <6543@obermui.de> 2023-01-28 13:13:04 +00:00			`}`

Fix agent auth (#1952) if no global agent secret set, disable agent registration via it 2023-07-08 16:09:34 +00:00			`if agentToken == s.agentMasterToken {`
			`agent, err := s.store.AgentFind(agentID)`
			`if err != nil && errors.Is(err, types.RecordNotExist) {`
			`return nil, fmt.Errorf("AgentID not found in database")`
			`}`
			`return agent, err`
			`}`
Store an agents list and add agent heartbeats (#1189) Co-authored-by: 6543 <6543@obermui.de> 2023-01-28 13:13:04 +00:00			`}`

Fix agent auth (#1952) if no global agent secret set, disable agent registration via it 2023-07-08 16:09:34 +00:00			`// individual agent token auth`
			`agent, err := s.store.AgentFindByToken(agentToken)`
			`if err != nil && errors.Is(err, types.RecordNotExist) {`
			`return nil, fmt.Errorf("individual agent not found by token: %w", err)`
			`}`
			`return agent, err`
Store an agents list and add agent heartbeats (#1189) Co-authored-by: 6543 <6543@obermui.de> 2023-01-28 13:13:04 +00:00			`}`