Merge pull request #856 from Bugagazavr/gitlab-ouath

Refresh only expired tokens

plugin/remote/gitlab/gitlab.go

@@ -230,7 +230,11 @@ func (r *Gitlab) OpenRegistration() bool {
 }
 
 func (r *Gitlab) GetToken(user *model.User) (*model.Token, error) {
-	expiry := time.Now().Truncate(7200 * time.Second)
+	expiry := time.Unix(user.TokenExpiry, 0)
+	if expiry.Sub(time.Now()) > (60 * time.Second) {
+		return nil, nil
+	}
+
 	t := &oauth.Transport{
 		Config: NewOauthConfig(r, ""),
 		Token: &oauth.Token{
@@ -247,5 +251,6 @@ func (r *Gitlab) GetToken(user *model.User) (*model.Token, error) {
 	var token = new(model.Token)
 	token.AccessToken = t.Token.AccessToken
 	token.RefreshToken = t.Token.RefreshToken
+	token.Expiry = t.Token.Expiry.Unix()
 	return token, nil
 }

server/datastore/database/database.go

@@ -38,6 +38,7 @@ func Connect(driver, datasource string) (*sql.DB, error) {
 	var migrations = []migration.Migrator{
 		migrate.Setup,
 		migrate.Migrate_20142110,
+		migrate.Migrate_20152701,
 	}
 	return migration.Open(driver, datasource, migrations)
 }

server/datastore/migrate/migrate.go

@@ -39,6 +39,20 @@ func Migrate_20142110(tx migration.LimitedTx) error {
 	return nil
 }
 
+// Migrate_20142110 is a database migration on Oct-10 2014.
+func Migrate_20152701(tx migration.LimitedTx) error {
+	var stmts = []string{
+		addUserTokenExpires, // index the commit table repo_id column
+	}
+	for _, stmt := range stmts {
+		_, err := tx.Exec(transform(stmt))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 var userTable = `
 CREATE TABLE IF NOT EXISTS users (
 	 user_id           INTEGER PRIMARY KEY AUTOINCREMENT
@@ -144,3 +158,7 @@ CREATE TABLE IF NOT EXISTS blobs (
 	,UNIQUE(blob_path)
 );
 `
+
+var addUserTokenExpires = `
+ALTER TABLE users ADD COLUMN user_access_expires INTEGER
+`

server/handler/commit.go

@@ -103,6 +103,7 @@ func PostCommit(c web.C, w http.ResponseWriter, r *http.Request) {
 	if user_token != nil {
 		owner.Access = user_token.AccessToken
 		owner.Secret = user_token.RefreshToken
+		owner.TokenExpiry = user_token.Expiry
 		datastore.PutUser(ctx, owner)
 	} else if err != nil {
 		w.WriteHeader(http.StatusBadRequest)

server/handler/hook.go

@@ -81,6 +81,7 @@ func PostHook(c web.C, w http.ResponseWriter, r *http.Request) {
 	if user_token != nil {
 		user.Access = user_token.AccessToken
 		user.Secret = user_token.RefreshToken
+		user.TokenExpiry = user_token.Expiry
 		datastore.PutUser(ctx, user)
 	} else if err != nil {
 		w.WriteHeader(http.StatusBadRequest)

server/handler/login.go

@@ -90,6 +90,7 @@ func GetLogin(c web.C, w http.ResponseWriter, r *http.Request) {
 	u.Access = login.Access
 	u.Secret = login.Secret
 	u.Name = login.Name
+	u.TokenExpiry = login.Expiry
 	u.SetEmail(login.Email)
 	u.Syncing = u.IsStale()
 

server/handler/repo.go

@@ -109,6 +109,7 @@ func PostRepo(c web.C, w http.ResponseWriter, r *http.Request) {
 	if user_token != nil {
 		user.Access = user_token.AccessToken
 		user.Secret = user_token.RefreshToken
+		user.TokenExpiry = user_token.Expiry
 		datastore.PutUser(ctx, user)
 	} else if err != nil {
 		w.WriteHeader(http.StatusBadRequest)

server/handler/user.go

@@ -163,6 +163,7 @@ func PostUserSync(c web.C, w http.ResponseWriter, r *http.Request) {
 	if user_token != nil {
 		user.Access = user_token.AccessToken
 		user.Secret = user_token.RefreshToken
+		user.TokenExpiry = user_token.Expiry
 	} else if err != nil {
 		w.WriteHeader(http.StatusNotFound)
 		return

shared/model/login.go

@@ -9,4 +9,5 @@ type Login struct {
 	Secret string
 	Name   string
 	Email  string
+	Expiry int64
 }

shared/model/token.go

@@ -1,11 +1,7 @@
 package model
 
-import (
-	"time"
-)
-
 type Token struct {
 	AccessToken  string
 	RefreshToken string
-	Expiry       time.Time
+	Expiry       int64
 }

shared/model/user.go

@@ -5,21 +5,22 @@ import (
 )
 
 type User struct {
-	ID       int64  `meddler:"user_id,pk"     json:"-"`
-	Remote   string `meddler:"user_remote"    json:"remote"`
-	Login    string `meddler:"user_login"     json:"login"`
-	Access   string `meddler:"user_access"    json:"-"`
-	Secret   string `meddler:"user_secret"    json:"-"`
-	Name     string `meddler:"user_name"      json:"name"`
-	Email    string `meddler:"user_email"     json:"email,omitempty"`
-	Gravatar string `meddler:"user_gravatar"  json:"gravatar"`
-	Token    string `meddler:"user_token"     json:"-"`
-	Admin    bool   `meddler:"user_admin"     json:"admin"`
-	Active   bool   `meddler:"user_active"    json:"active"`
-	Syncing  bool   `meddler:"user_syncing"   json:"syncing"`
-	Created  int64  `meddler:"user_created"   json:"created_at"`
-	Updated  int64  `meddler:"user_updated"   json:"updated_at"`
-	Synced   int64  `meddler:"user_synced"    json:"synced_at"`
+	ID          int64  `meddler:"user_id,pk"          json:"-"`
+	Remote      string `meddler:"user_remote"         json:"remote"`
+	Login       string `meddler:"user_login"          json:"login"`
+	Access      string `meddler:"user_access"         json:"-"`
+	Secret      string `meddler:"user_secret"         json:"-"`
+	Name        string `meddler:"user_name"           json:"name"`
+	Email       string `meddler:"user_email"          json:"email,omitempty"`
+	Gravatar    string `meddler:"user_gravatar"       json:"gravatar"`
+	Token       string `meddler:"user_token"          json:"-"`
+	Admin       bool   `meddler:"user_admin"          json:"admin"`
+	Active      bool   `meddler:"user_active"         json:"active"`
+	Syncing     bool   `meddler:"user_syncing"        json:"syncing"`
+	Created     int64  `meddler:"user_created"        json:"created_at"`
+	Updated     int64  `meddler:"user_updated"        json:"updated_at"`
+	Synced      int64  `meddler:"user_synced"         json:"synced_at"`
+	TokenExpiry int64  `meddler:"user_access_expires" json:"-"`
 }
 
 func NewUser(remote, login, email string) *User {