woodpecker/server/handler/login.go

174 lines
4.6 KiB
Go
Raw Normal View History

2014-06-04 21:25:38 +00:00
package handler
import (
2014-09-30 07:43:50 +00:00
"encoding/json"
2014-06-04 21:25:38 +00:00
"log"
"net/http"
"time"
2014-07-13 02:01:58 +00:00
"github.com/drone/drone/plugin/remote"
2014-09-29 01:36:24 +00:00
"github.com/drone/drone/server/capability"
"github.com/drone/drone/server/datastore"
2014-06-04 21:25:38 +00:00
"github.com/drone/drone/server/session"
"github.com/drone/drone/shared/model"
2014-09-29 01:36:24 +00:00
"github.com/goji/context"
"github.com/zenazn/goji/web"
2014-06-04 21:25:38 +00:00
)
2014-09-29 01:36:24 +00:00
// GetLogin accepts a request to authorize the user and to
// return a valid OAuth2 access token. The access token is
// returned as url segment #access_token
//
// GET /login/:host
//
func GetLogin(c web.C, w http.ResponseWriter, r *http.Request) {
var ctx = context.FromC(c)
var host = c.URLParams["host"]
var redirect = "/"
var remote = remote.Lookup(host)
if remote == nil {
2014-09-29 01:36:24 +00:00
w.WriteHeader(http.StatusNotFound)
return
2014-06-04 21:25:38 +00:00
}
// authenticate the user
login, err := remote.Authorize(w, r)
2014-06-04 21:25:38 +00:00
if err != nil {
2014-09-29 01:36:24 +00:00
w.WriteHeader(http.StatusBadRequest)
return
2014-06-04 21:25:38 +00:00
} else if login == nil {
// in this case we probably just redirected
// the user, so we can exit with no error
2014-09-29 01:36:24 +00:00
return
2014-06-04 21:25:38 +00:00
}
// get the user from the database
2014-09-29 01:36:24 +00:00
u, err := datastore.GetUserLogin(ctx, host, login.Login)
2014-06-04 21:25:38 +00:00
if err != nil {
// if self-registration is disabled we should
// return a notAuthorized error. the only exception
// is if no users exist yet in the system we'll proceed.
2014-09-29 01:36:24 +00:00
if capability.Enabled(ctx, capability.Registration) == false {
users, err := datastore.GetUserList(ctx)
if err != nil || len(users) != 0 {
w.WriteHeader(http.StatusForbidden)
return
}
}
2014-06-04 21:25:38 +00:00
// create the user account
u = model.NewUser(remote.GetKind(), login.Login, login.Email)
2014-06-04 21:25:38 +00:00
u.Name = login.Name
u.SetEmail(login.Email)
// insert the user into the database
2014-09-29 01:36:24 +00:00
if err := datastore.PostUser(ctx, u); err != nil {
w.WriteHeader(http.StatusBadRequest)
return
2014-06-04 21:25:38 +00:00
}
// if this is the first user, they
// should be an admin.
if u.ID == 1 {
u.Admin = true
}
}
// update the user access token
// in case it changed in GitHub
u.Access = login.Access
u.Secret = login.Secret
u.Name = login.Name
u.SetEmail(login.Email)
u.Syncing = true //u.IsStale() // todo (badrydzewski) should not always sync
2014-09-29 01:36:24 +00:00
if err := datastore.PutUser(ctx, u); err != nil {
w.WriteHeader(http.StatusBadRequest)
return
2014-06-04 21:25:38 +00:00
}
// look at the last synchronized date to determine if
// we need to re-sync the account.
//
// todo(bradrydzewski) this should move to a server/sync package and
// should be injected into this struct, just like the database code.
//
// todo(bradrydzewski) this login should be a bit more intelligent
// than the current implementation.
if u.Syncing {
2014-07-10 05:24:06 +00:00
redirect = "/sync"
2014-06-04 21:25:38 +00:00
log.Println("sync user account.", u.Login)
// sync inside a goroutine. This should eventually be moved to
// its own package / sync utility.
go func() {
repos, err := remote.GetRepos(u)
2014-06-04 21:25:38 +00:00
if err != nil {
log.Println("Error syncing user account, listing repositories", u.Login, err)
return
}
// insert all repositories
for _, repo := range repos {
var role = repo.Role
2014-09-29 01:36:24 +00:00
if err := datastore.PostRepo(ctx, repo); err != nil {
// typically we see a failure because the repository already exists
// in which case, we can retrieve the existing record to get the ID.
2014-09-29 01:36:24 +00:00
repo, err = datastore.GetRepoName(ctx, repo.Host, repo.Owner, repo.Name)
if err != nil {
log.Println("Error adding repo.", u.Login, repo.Name, err)
continue
}
2014-06-04 21:25:38 +00:00
}
// add user permissions
2014-09-29 01:36:24 +00:00
perm := model.Perm{
UserID: u.ID,
RepoID: repo.ID,
Read: role.Read,
Write: role.Write,
Admin: role.Admin,
}
if err := datastore.PostPerm(ctx, &perm); err != nil {
log.Println("Error adding permissions.", u.Login, repo.Name, err)
2014-06-04 21:25:38 +00:00
continue
}
log.Println("Successfully syced repo.", u.Login+"/"+repo.Name)
2014-07-13 02:01:58 +00:00
}
2014-07-13 02:01:58 +00:00
u.Synced = time.Now().UTC().Unix()
u.Syncing = false
2014-09-29 01:36:24 +00:00
if err := datastore.PutUser(ctx, u); err != nil {
2014-07-13 02:01:58 +00:00
log.Println("Error syncing user account, updating sync date", u.Login, err)
return
2014-06-04 21:25:38 +00:00
}
}()
}
2014-09-29 01:36:24 +00:00
token, err := session.GenerateToken(ctx, r, u)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
redirect = redirect + "#access_token=" + token
2014-06-04 21:25:38 +00:00
2014-07-10 05:24:06 +00:00
http.Redirect(w, r, redirect, http.StatusSeeOther)
2014-06-04 21:25:38 +00:00
}
2014-09-30 07:43:50 +00:00
// GetLoginList accepts a request to retrive a list of
// all OAuth login options.
//
// GET /api/remotes/login
//
func GetLoginList(c web.C, w http.ResponseWriter, r *http.Request) {
var list = remote.Registered()
var logins []interface{}
for _, item := range list {
logins = append(logins, struct {
Type string `json:"type"`
Host string `json:"host"`
}{item.GetKind(), item.GetHost()})
}
json.NewEncoder(w).Encode(&logins)
}