From d688121844cf7541b2c677bd5584c4a2a807fbff Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Tue, 11 Aug 2015 01:36:07 -0700 Subject: [PATCH] use sha of per-repo secret key for hook validation --- pkg/server/hooks.go | 16 +- pkg/server/login.go | 7 +- pkg/server/repos.go | 31 ++-- pkg/store/builtin/build_sql.go | 258 +++++++++++++++++---------- pkg/store/builtin/migrate/migrate.go | 5 + pkg/store/builtin/repo.go | 1 + pkg/store/builtin/repo_sql.go | 119 +++++++----- pkg/store/builtin/user_sql.go | 31 +++- pkg/types/build.go | 2 + pkg/types/repo.go | 64 +++---- pkg/types/user.go | 4 + 11 files changed, 324 insertions(+), 214 deletions(-) diff --git a/pkg/server/hooks.go b/pkg/server/hooks.go index 4d68299a7..3263ac6c6 100644 --- a/pkg/server/hooks.go +++ b/pkg/server/hooks.go @@ -21,7 +21,6 @@ func PostHook(c *gin.Context) { remote := ToRemote(c) store := ToDatastore(c) queue_ := ToQueue(c) - sess := ToSession(c) conf := ToSettings(c) hook, err := remote.Hook(c.Request) @@ -40,14 +39,6 @@ func PostHook(c *gin.Context) { return } - // get the token and verify the hook is authorized - token := sess.GetLogin(c.Request) - if token == nil || token.Label != hook.Repo.FullName { - log.Errorf("invalid token sent with hook.") - c.AbortWithStatus(403) - return - } - // a build may be skipped if the text [CI SKIP] // is found inside the commit message if hook.Commit != nil && strings.Contains(hook.Commit.Message, "[CI SKIP]") { @@ -63,6 +54,13 @@ func PostHook(c *gin.Context) { return } + // get the token and verify the hook is authorized + if c.Request.FormValue("access_token") != hash(repo.FullName, repo.Hash) { + log.Errorf("invalid token sent with hook.") + c.AbortWithStatus(403) + return + } + switch { case repo.UserID == 0: log.Warnf("ignoring hook. repo %s has no owner.", repo.FullName) diff --git a/pkg/server/login.go b/pkg/server/login.go index a85a668c3..e8e56bd90 100644 --- a/pkg/server/login.go +++ b/pkg/server/login.go @@ -82,12 +82,7 @@ func GetLogin(c *gin.Context) { u.Secret = login.Secret u.Email = login.Email u.Avatar = login.Avatar - - // TODO: remove this once gitlab implements setting - // avatar in the remote package, similar to github - if len(u.Avatar) == 0 { - u.Avatar = gravatar.Hash(u.Email) - } + u.Hash = common.GenerateToken() // insert the user into the database if err := store.AddUser(u); err != nil { diff --git a/pkg/server/repos.go b/pkg/server/repos.go index 9051a1dc8..a27c342dc 100644 --- a/pkg/server/repos.go +++ b/pkg/server/repos.go @@ -1,6 +1,8 @@ package server import ( + "crypto/sha256" + "encoding/hex" "fmt" "github.com/drone/drone/Godeps/_workspace/src/github.com/gin-gonic/gin" @@ -160,7 +162,6 @@ func DeleteRepo(c *gin.Context) { // func PostRepo(c *gin.Context) { user := ToUser(c) - sess := ToSession(c) store := ToDatastore(c) owner := c.Params.ByName("owner") name := c.Params.ByName("name") @@ -189,21 +190,6 @@ func PostRepo(c *gin.Context) { return } - token := &common.Token{} - token.Kind = common.TokenHook - token.Label = r.FullName - tokenstr, err := sess.GenerateToken(token) - if err != nil { - c.Fail(500, err) - return - } - - link := fmt.Sprintf( - "%s/api/hook?access_token=%s", - httputil.GetURL(c.Request), - tokenstr, - ) - // set the repository owner to the // currently authenticated user. r.UserID = user.ID @@ -211,12 +197,19 @@ func PostRepo(c *gin.Context) { r.Hooks.Push = true r.Hooks.PullRequest = true r.Timeout = 60 // 1 hour default build time + r.Hash = common.GenerateToken() r.Self = fmt.Sprintf( "%s/%s", httputil.GetURL(c.Request), r.FullName, ) + link := fmt.Sprintf( + "%s/api/hook?access_token=%s", + httputil.GetURL(c.Request), + hash(r.FullName, r.Hash), + ) + // generate an RSA key and add to the repo key, err := sshutil.GeneratePrivateKey() if err != nil { @@ -301,3 +294,9 @@ func perms(remote remote.Remote, u *common.User, r *common.Repo) *common.Perm { } return p } + +func hash(text, salt string) string { + hasher := sha256.New() + hasher.Write([]byte(text + salt)) + return hex.EncodeToString(hasher.Sum(nil)) +} diff --git a/pkg/store/builtin/build_sql.go b/pkg/store/builtin/build_sql.go index 169d1ec25..eabc37285 100644 --- a/pkg/store/builtin/build_sql.go +++ b/pkg/store/builtin/build_sql.go @@ -47,8 +47,8 @@ func createBuild(db buildDB, query string, v *Build) error { var v10 string var v11 string var v12 string - var v13 int - var v14 string + var v13 string + var v14 int var v15 string var v16 string var v17 string @@ -57,6 +57,9 @@ func createBuild(db buildDB, query string, v *Build) error { var v20 string var v21 string var v22 string + var v23 string + var v24 string + var v25 string v0 = v.RepoID v1 = v.Number v2 = v.Status @@ -65,32 +68,34 @@ func createBuild(db buildDB, query string, v *Build) error { if v.Commit != nil { v5 = v.Commit.Sha v6 = v.Commit.Ref - v7 = v.Commit.Branch - v8 = v.Commit.Message - v9 = v.Commit.Timestamp - v10 = v.Commit.Remote + v7 = v.Commit.Link + v8 = v.Commit.Branch + v9 = v.Commit.Message + v10 = v.Commit.Timestamp + v11 = v.Commit.Remote if v.Commit.Author != nil { - v11 = v.Commit.Author.Login - v12 = v.Commit.Author.Email + v12 = v.Commit.Author.Login + v13 = v.Commit.Author.Email } } if v.PullRequest != nil { - v13 = v.PullRequest.Number - v14 = v.PullRequest.Title + v14 = v.PullRequest.Number + v15 = v.PullRequest.Title + v16 = v.PullRequest.Link if v.PullRequest.Base != nil { - v15 = v.PullRequest.Base.Sha - v16 = v.PullRequest.Base.Ref - v17 = v.PullRequest.Base.Branch - v18 = v.PullRequest.Base.Message - v19 = v.PullRequest.Base.Timestamp - v20 = v.PullRequest.Base.Remote + v17 = v.PullRequest.Base.Sha + v18 = v.PullRequest.Base.Ref + v19 = v.PullRequest.Base.Link + v20 = v.PullRequest.Base.Branch + v21 = v.PullRequest.Base.Message + v22 = v.PullRequest.Base.Timestamp + v23 = v.PullRequest.Base.Remote if v.PullRequest.Base.Author != nil { - v21 = v.PullRequest.Base.Author.Login - v22 = v.PullRequest.Base.Author.Email + v24 = v.PullRequest.Base.Author.Login + v25 = v.PullRequest.Base.Author.Email } } } - res, err := db.Exec(query, &v0, &v1, @@ -115,6 +120,9 @@ func createBuild(db buildDB, query string, v *Build) error { &v20, &v21, &v22, + &v23, + &v24, + &v25, ) if err != nil { return err @@ -139,8 +147,8 @@ func updateBuild(db buildDB, query string, v *Build) error { var v11 string var v12 string var v13 string - var v14 int - var v15 string + var v14 string + var v15 int var v16 string var v17 string var v18 string @@ -149,6 +157,9 @@ func updateBuild(db buildDB, query string, v *Build) error { var v21 string var v22 string var v23 string + var v24 string + var v25 string + var v26 string v0 = v.ID v1 = v.RepoID v2 = v.Number @@ -158,28 +169,31 @@ func updateBuild(db buildDB, query string, v *Build) error { if v.Commit != nil { v6 = v.Commit.Sha v7 = v.Commit.Ref - v8 = v.Commit.Branch - v9 = v.Commit.Message - v10 = v.Commit.Timestamp - v11 = v.Commit.Remote + v8 = v.Commit.Link + v9 = v.Commit.Branch + v10 = v.Commit.Message + v11 = v.Commit.Timestamp + v12 = v.Commit.Remote if v.Commit.Author != nil { - v12 = v.Commit.Author.Login - v13 = v.Commit.Author.Email + v13 = v.Commit.Author.Login + v14 = v.Commit.Author.Email } } if v.PullRequest != nil { - v14 = v.PullRequest.Number - v15 = v.PullRequest.Title + v15 = v.PullRequest.Number + v16 = v.PullRequest.Title + v17 = v.PullRequest.Link if v.PullRequest.Base != nil { - v16 = v.PullRequest.Base.Sha - v17 = v.PullRequest.Base.Ref - v18 = v.PullRequest.Base.Branch - v19 = v.PullRequest.Base.Message - v20 = v.PullRequest.Base.Timestamp - v21 = v.PullRequest.Base.Remote + v18 = v.PullRequest.Base.Sha + v19 = v.PullRequest.Base.Ref + v20 = v.PullRequest.Base.Link + v21 = v.PullRequest.Base.Branch + v22 = v.PullRequest.Base.Message + v23 = v.PullRequest.Base.Timestamp + v24 = v.PullRequest.Base.Remote if v.PullRequest.Base.Author != nil { - v22 = v.PullRequest.Base.Author.Login - v23 = v.PullRequest.Base.Author.Email + v25 = v.PullRequest.Base.Author.Login + v26 = v.PullRequest.Base.Author.Email } } } @@ -208,6 +222,9 @@ func updateBuild(db buildDB, query string, v *Build) error { &v21, &v22, &v23, + &v24, + &v25, + &v26, &v0, ) return err @@ -228,8 +245,8 @@ func scanBuild(row *sql.Row) (*Build, error) { var v11 string var v12 string var v13 string - var v14 int - var v15 string + var v14 string + var v15 int var v16 string var v17 string var v18 string @@ -238,6 +255,9 @@ func scanBuild(row *sql.Row) (*Build, error) { var v21 string var v22 string var v23 string + var v24 string + var v25 string + var v26 string err := row.Scan( &v0, @@ -264,6 +284,9 @@ func scanBuild(row *sql.Row) (*Build, error) { &v21, &v22, &v23, + &v24, + &v25, + &v26, ) if err != nil { return nil, err @@ -279,26 +302,29 @@ func scanBuild(row *sql.Row) (*Build, error) { v.Commit = &Commit{} v.Commit.Sha = v6 v.Commit.Ref = v7 - v.Commit.Branch = v8 - v.Commit.Message = v9 - v.Commit.Timestamp = v10 - v.Commit.Remote = v11 + v.Commit.Link = v8 + v.Commit.Branch = v9 + v.Commit.Message = v10 + v.Commit.Timestamp = v11 + v.Commit.Remote = v12 v.Commit.Author = &Author{} - v.Commit.Author.Login = v12 - v.Commit.Author.Email = v13 + v.Commit.Author.Login = v13 + v.Commit.Author.Email = v14 v.PullRequest = &PullRequest{} - v.PullRequest.Number = v14 - v.PullRequest.Title = v15 + v.PullRequest.Number = v15 + v.PullRequest.Title = v16 + v.PullRequest.Link = v17 v.PullRequest.Base = &Commit{} - v.PullRequest.Base.Sha = v16 - v.PullRequest.Base.Ref = v17 - v.PullRequest.Base.Branch = v18 - v.PullRequest.Base.Message = v19 - v.PullRequest.Base.Timestamp = v20 - v.PullRequest.Base.Remote = v21 + v.PullRequest.Base.Sha = v18 + v.PullRequest.Base.Ref = v19 + v.PullRequest.Base.Link = v20 + v.PullRequest.Base.Branch = v21 + v.PullRequest.Base.Message = v22 + v.PullRequest.Base.Timestamp = v23 + v.PullRequest.Base.Remote = v24 v.PullRequest.Base.Author = &Author{} - v.PullRequest.Base.Author.Login = v22 - v.PullRequest.Base.Author.Email = v23 + v.PullRequest.Base.Author.Login = v25 + v.PullRequest.Base.Author.Email = v26 return v, nil } @@ -321,8 +347,8 @@ func scanBuilds(rows *sql.Rows) ([]*Build, error) { var v11 string var v12 string var v13 string - var v14 int - var v15 string + var v14 string + var v15 int var v16 string var v17 string var v18 string @@ -331,6 +357,9 @@ func scanBuilds(rows *sql.Rows) ([]*Build, error) { var v21 string var v22 string var v23 string + var v24 string + var v25 string + var v26 string err = rows.Scan( &v0, &v1, @@ -356,6 +385,9 @@ func scanBuilds(rows *sql.Rows) ([]*Build, error) { &v21, &v22, &v23, + &v24, + &v25, + &v26, ) if err != nil { return vv, err @@ -371,26 +403,29 @@ func scanBuilds(rows *sql.Rows) ([]*Build, error) { v.Commit = &Commit{} v.Commit.Sha = v6 v.Commit.Ref = v7 - v.Commit.Branch = v8 - v.Commit.Message = v9 - v.Commit.Timestamp = v10 - v.Commit.Remote = v11 + v.Commit.Link = v8 + v.Commit.Branch = v9 + v.Commit.Message = v10 + v.Commit.Timestamp = v11 + v.Commit.Remote = v12 v.Commit.Author = &Author{} - v.Commit.Author.Login = v12 - v.Commit.Author.Email = v13 + v.Commit.Author.Login = v13 + v.Commit.Author.Email = v14 v.PullRequest = &PullRequest{} - v.PullRequest.Number = v14 - v.PullRequest.Title = v15 + v.PullRequest.Number = v15 + v.PullRequest.Title = v16 + v.PullRequest.Link = v17 v.PullRequest.Base = &Commit{} - v.PullRequest.Base.Sha = v16 - v.PullRequest.Base.Ref = v17 - v.PullRequest.Base.Branch = v18 - v.PullRequest.Base.Message = v19 - v.PullRequest.Base.Timestamp = v20 - v.PullRequest.Base.Remote = v21 + v.PullRequest.Base.Sha = v18 + v.PullRequest.Base.Ref = v19 + v.PullRequest.Base.Link = v20 + v.PullRequest.Base.Branch = v21 + v.PullRequest.Base.Message = v22 + v.PullRequest.Base.Timestamp = v23 + v.PullRequest.Base.Remote = v24 v.PullRequest.Base.Author = &Author{} - v.PullRequest.Base.Author.Login = v22 - v.PullRequest.Base.Author.Email = v23 + v.PullRequest.Base.Author.Login = v25 + v.PullRequest.Base.Author.Email = v26 vv = append(vv, v) } return vv, rows.Err() @@ -406,6 +441,7 @@ SELECT ,build_finished ,build_commit_sha ,build_commit_ref +,build_commit_link ,build_commit_branch ,build_commit_message ,build_commit_timestamp @@ -414,8 +450,10 @@ SELECT ,build_commit_author_email ,build_pull_request_number ,build_pull_request_title +,build_pull_request_link ,build_pull_request_base_sha ,build_pull_request_base_ref +,build_pull_request_base_link ,build_pull_request_base_branch ,build_pull_request_base_message ,build_pull_request_base_timestamp @@ -435,6 +473,7 @@ SELECT ,build_finished ,build_commit_sha ,build_commit_ref +,build_commit_link ,build_commit_branch ,build_commit_message ,build_commit_timestamp @@ -443,8 +482,10 @@ SELECT ,build_commit_author_email ,build_pull_request_number ,build_pull_request_title +,build_pull_request_link ,build_pull_request_base_sha ,build_pull_request_base_ref +,build_pull_request_base_link ,build_pull_request_base_branch ,build_pull_request_base_message ,build_pull_request_base_timestamp @@ -465,6 +506,7 @@ SELECT ,build_finished ,build_commit_sha ,build_commit_ref +,build_commit_link ,build_commit_branch ,build_commit_message ,build_commit_timestamp @@ -473,8 +515,10 @@ SELECT ,build_commit_author_email ,build_pull_request_number ,build_pull_request_title +,build_pull_request_link ,build_pull_request_base_sha ,build_pull_request_base_ref +,build_pull_request_base_link ,build_pull_request_base_branch ,build_pull_request_base_message ,build_pull_request_base_timestamp @@ -495,6 +539,7 @@ SELECT ,build_finished ,build_commit_sha ,build_commit_ref +,build_commit_link ,build_commit_branch ,build_commit_message ,build_commit_timestamp @@ -503,8 +548,10 @@ SELECT ,build_commit_author_email ,build_pull_request_number ,build_pull_request_title +,build_pull_request_link ,build_pull_request_base_sha ,build_pull_request_base_ref +,build_pull_request_base_link ,build_pull_request_base_branch ,build_pull_request_base_message ,build_pull_request_base_timestamp @@ -525,6 +572,7 @@ SELECT ,build_finished ,build_commit_sha ,build_commit_ref +,build_commit_link ,build_commit_branch ,build_commit_message ,build_commit_timestamp @@ -533,8 +581,10 @@ SELECT ,build_commit_author_email ,build_pull_request_number ,build_pull_request_title +,build_pull_request_link ,build_pull_request_base_sha ,build_pull_request_base_ref +,build_pull_request_base_link ,build_pull_request_base_branch ,build_pull_request_base_message ,build_pull_request_base_timestamp @@ -556,6 +606,7 @@ SELECT ,build_finished ,build_commit_sha ,build_commit_ref +,build_commit_link ,build_commit_branch ,build_commit_message ,build_commit_timestamp @@ -564,8 +615,10 @@ SELECT ,build_commit_author_email ,build_pull_request_number ,build_pull_request_title +,build_pull_request_link ,build_pull_request_base_sha ,build_pull_request_base_ref +,build_pull_request_base_link ,build_pull_request_base_branch ,build_pull_request_base_message ,build_pull_request_base_timestamp @@ -591,6 +644,7 @@ INSERT INTO builds ( ,build_finished ,build_commit_sha ,build_commit_ref +,build_commit_link ,build_commit_branch ,build_commit_message ,build_commit_timestamp @@ -599,15 +653,17 @@ INSERT INTO builds ( ,build_commit_author_email ,build_pull_request_number ,build_pull_request_title +,build_pull_request_link ,build_pull_request_base_sha ,build_pull_request_base_ref +,build_pull_request_base_link ,build_pull_request_base_branch ,build_pull_request_base_message ,build_pull_request_base_timestamp ,build_pull_request_base_remote ,build_pull_request_base_author_login ,build_pull_request_base_author_email -) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?); +) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?); ` const stmtBuildUpdate = ` @@ -619,6 +675,7 @@ UPDATE builds SET ,build_finished = ? ,build_commit_sha = ? ,build_commit_ref = ? +,build_commit_link = ? ,build_commit_branch = ? ,build_commit_message = ? ,build_commit_timestamp = ? @@ -627,8 +684,10 @@ UPDATE builds SET ,build_commit_author_email = ? ,build_pull_request_number = ? ,build_pull_request_title = ? +,build_pull_request_link = ? ,build_pull_request_base_sha = ? ,build_pull_request_base_ref = ? +,build_pull_request_base_link = ? ,build_pull_request_base_branch = ? ,build_pull_request_base_message = ? ,build_pull_request_base_timestamp = ? @@ -645,30 +704,33 @@ WHERE build_id = ? const stmtBuildTable = ` CREATE TABLE IF NOT EXISTS builds ( - build_id INTEGER PRIMARY KEY AUTOINCREMENT -,build_repo_id INTEGER -,build_number INTEGER -,build_status VARCHAR(512) -,build_started INTEGER -,build_finished INTEGER -,build_commit_sha VARCHAR(512) -,build_commit_ref VARCHAR(512) -,build_commit_branch VARCHAR(512) -,build_commit_message VARCHAR(512) -,build_commit_timestamp VARCHAR(512) -,build_commit_remote VARCHAR(512) -,build_commit_author_login VARCHAR(512) -,build_commit_author_email VARCHAR(512) -,build_pull_request_number INTEGER -,build_pull_request_title VARCHAR(512) -,build_pull_request_base_sha VARCHAR(512) -,build_pull_request_base_ref VARCHAR(512) -,build_pull_request_base_branch VARCHAR(512) -,build_pull_request_base_message VARCHAR(512) -,build_pull_request_base_timestamp VARCHAR(512) -,build_pull_request_base_remote VARCHAR(512) -,build_pull_request_base_author_login VARCHAR(512) -,build_pull_request_base_author_email VARCHAR(512) + build_id INTEGER PRIMARY KEY AUTOINCREMENT +,build_repo_id INTEGER +,build_number INTEGER +,build_status VARCHAR +,build_started INTEGER +,build_finished INTEGER +,build_commit_sha VARCHAR +,build_commit_ref VARCHAR +,build_commit_link VARCHAR +,build_commit_branch VARCHAR +,build_commit_message VARCHAR +,build_commit_timestamp VARCHAR +,build_commit_remote VARCHAR +,build_commit_author_login VARCHAR +,build_commit_author_email VARCHAR +,build_pull_request_number INTEGER +,build_pull_request_title VARCHAR +,build_pull_request_link VARCHAR +,build_pull_request_base_sha VARCHAR +,build_pull_request_base_ref VARCHAR +,build_pull_request_base_link VARCHAR +,build_pull_request_base_branch VARCHAR +,build_pull_request_base_message VARCHAR +,build_pull_request_base_timestamp VARCHAR +,build_pull_request_base_remote VARCHAR +,build_pull_request_base_author_login VARCHAR +,build_pull_request_base_author_email VARCHAR ); ` diff --git a/pkg/store/builtin/migrate/migrate.go b/pkg/store/builtin/migrate/migrate.go index 708301de3..35e40544b 100644 --- a/pkg/store/builtin/migrate/migrate.go +++ b/pkg/store/builtin/migrate/migrate.go @@ -42,6 +42,7 @@ CREATE TABLE IF NOT EXISTS users ( ,user_avatar VARCHAR(255) ,user_admin BOOLEAN ,user_active BOOLEAN + ,user_hash VARCHAR(255) ,UNIQUE(user_login) ); ` @@ -67,6 +68,7 @@ CREATE TABLE IF NOT EXISTS repos ( ,repo_hooks_push BOOLEAN ,repo_hooks_tags BOOLEAN ,repo_params BLOB + ,repo_hash VARCHAR(255) ,UNIQUE(repo_owner, repo_name) ,UNIQUE(repo_full_name) @@ -96,6 +98,7 @@ CREATE TABLE IF NOT EXISTS builds ( ,build_finished INTEGER ,build_commit_sha VARCHAR(512) ,build_commit_ref VARCHAR(512) + ,build_commit_link VARCHAR(2048) ,build_commit_branch VARCHAR(512) ,build_commit_message VARCHAR(2048) ,build_commit_timestamp VARCHAR(512) @@ -104,8 +107,10 @@ CREATE TABLE IF NOT EXISTS builds ( ,build_commit_author_email VARCHAR(512) ,build_pull_request_number INTEGER ,build_pull_request_title VARCHAR(512) + ,build_pull_request_link VARCHAR(2048) ,build_pull_request_base_sha VARCHAR(512) ,build_pull_request_base_ref VARCHAR(512) + ,build_pull_request_base_link VARCHAR(2048) ,build_pull_request_base_branch VARCHAR(512) ,build_pull_request_base_message VARCHAR(2048) ,build_pull_request_base_timestamp VARCHAR(512) diff --git a/pkg/store/builtin/repo.go b/pkg/store/builtin/repo.go index 6c201e985..19f264e21 100644 --- a/pkg/store/builtin/repo.go +++ b/pkg/store/builtin/repo.go @@ -71,6 +71,7 @@ SELECT ,repo_hooks_push ,repo_hooks_tags ,repo_params +,repo_hash FROM repos r ,stars s diff --git a/pkg/store/builtin/repo_sql.go b/pkg/store/builtin/repo_sql.go index 7723c9a76..3f83a2758 100644 --- a/pkg/store/builtin/repo_sql.go +++ b/pkg/store/builtin/repo_sql.go @@ -52,6 +52,7 @@ func createRepo(db repoDB, query string, v *Repo) error { var v15 bool var v16 bool var v17 []byte + var v18 string v0 = v.UserID v1 = v.Owner v2 = v.Name @@ -74,6 +75,7 @@ func createRepo(db repoDB, query string, v *Repo) error { v16 = v.Hooks.Tags } v17, _ = json.Marshal(v.Params) + v18 = v.Hash res, err := db.Exec(query, &v0, @@ -94,6 +96,7 @@ func createRepo(db repoDB, query string, v *Repo) error { &v15, &v16, &v17, + &v18, ) if err != nil { return err @@ -123,6 +126,7 @@ func updateRepo(db repoDB, query string, v *Repo) error { var v16 bool var v17 bool var v18 []byte + var v19 string v0 = v.ID v1 = v.UserID v2 = v.Owner @@ -146,6 +150,7 @@ func updateRepo(db repoDB, query string, v *Repo) error { v17 = v.Hooks.Tags } v18, _ = json.Marshal(v.Params) + v19 = v.Hash _, err := db.Exec(query, &v1, @@ -166,6 +171,7 @@ func updateRepo(db repoDB, query string, v *Repo) error { &v16, &v17, &v18, + &v19, &v0, ) return err @@ -191,6 +197,7 @@ func scanRepo(row *sql.Row) (*Repo, error) { var v16 bool var v17 bool var v18 []byte + var v19 string err := row.Scan( &v0, @@ -212,6 +219,7 @@ func scanRepo(row *sql.Row) (*Repo, error) { &v16, &v17, &v18, + &v19, ) if err != nil { return nil, err @@ -239,6 +247,7 @@ func scanRepo(row *sql.Row) (*Repo, error) { v.Hooks.Push = v16 v.Hooks.Tags = v17 json.Unmarshal(v18, &v.Params) + v.Hash = v19 return v, nil } @@ -266,6 +275,7 @@ func scanRepos(rows *sql.Rows) ([]*Repo, error) { var v16 bool var v17 bool var v18 []byte + var v19 string err = rows.Scan( &v0, &v1, @@ -286,6 +296,7 @@ func scanRepos(rows *sql.Rows) ([]*Repo, error) { &v16, &v17, &v18, + &v19, ) if err != nil { return vv, err @@ -313,6 +324,7 @@ func scanRepos(rows *sql.Rows) ([]*Repo, error) { v.Hooks.Push = v16 v.Hooks.Tags = v17 json.Unmarshal(v18, &v.Params) + v.Hash = v19 vv = append(vv, v) } return vv, rows.Err() @@ -339,6 +351,7 @@ SELECT ,repo_hooks_push ,repo_hooks_tags ,repo_params +,repo_hash FROM repos ` @@ -363,6 +376,7 @@ SELECT ,repo_hooks_push ,repo_hooks_tags ,repo_params +,repo_hash FROM repos LIMIT ? OFFSET ? ` @@ -388,10 +402,37 @@ SELECT ,repo_hooks_push ,repo_hooks_tags ,repo_params +,repo_hash FROM repos WHERE repo_id = ? ` +const stmtRepoSelectRepoFullName = ` +SELECT + repo_id +,repo_user_id +,repo_owner +,repo_name +,repo_full_name +,repo_avatar +,repo_self +,repo_link +,repo_clone +,repo_branch +,repo_private +,repo_trusted +,repo_timeout +,repo_keys_public +,repo_keys_private +,repo_hooks_pull_request +,repo_hooks_push +,repo_hooks_tags +,repo_params +,repo_hash +FROM repos +WHERE repo_full_name = ? +` + const stmtRepoSelectRepoUserId = ` SELECT repo_id @@ -413,6 +454,7 @@ SELECT ,repo_hooks_push ,repo_hooks_tags ,repo_params +,repo_hash FROM repos WHERE repo_user_id = ? ` @@ -438,36 +480,12 @@ SELECT ,repo_hooks_push ,repo_hooks_tags ,repo_params +,repo_hash FROM repos WHERE repo_owner = ? AND repo_name = ? ` -const stmtRepoSelectRepoFullName = ` -SELECT - repo_id -,repo_user_id -,repo_owner -,repo_name -,repo_full_name -,repo_avatar -,repo_self -,repo_link -,repo_clone -,repo_branch -,repo_private -,repo_trusted -,repo_timeout -,repo_keys_public -,repo_keys_private -,repo_hooks_pull_request -,repo_hooks_push -,repo_hooks_tags -,repo_params -FROM repos -WHERE repo_full_name = ? -` - const stmtRepoSelectCount = ` SELECT count(1) FROM repos @@ -493,7 +511,8 @@ INSERT INTO repos ( ,repo_hooks_push ,repo_hooks_tags ,repo_params -) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?); +,repo_hash +) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?); ` const stmtRepoUpdate = ` @@ -516,6 +535,7 @@ UPDATE repos SET ,repo_hooks_push = ? ,repo_hooks_tags = ? ,repo_params = ? +,repo_hash = ? WHERE repo_id = ? ` @@ -526,28 +546,33 @@ WHERE repo_id = ? const stmtRepoTable = ` CREATE TABLE IF NOT EXISTS repos ( - repo_id INTEGER PRIMARY KEY AUTOINCREMENT -,repo_user_id INTEGER -,repo_owner VARCHAR -,repo_name VARCHAR -,repo_full_name VARCHAR -,repo_avatar VARCHAR -,repo_self VARCHAR -,repo_link VARCHAR -,repo_clone VARCHAR -,repo_branch VARCHAR -,repo_private BOOLEAN -,repo_trusted BOOLEAN -,repo_timeout INTEGER -,repo_keys_public VARCHAR -,repo_keys_private VARCHAR -,repo_hooks_pull_request BOOLEAN -,repo_hooks_push BOOLEAN -,repo_hooks_tags BOOLEAN -,repo_params BLOB + repo_id INTEGER PRIMARY KEY AUTOINCREMENT +,repo_user_id INTEGER +,repo_owner VARCHAR +,repo_name VARCHAR +,repo_full_name VARCHAR +,repo_avatar VARCHAR +,repo_self VARCHAR +,repo_link VARCHAR +,repo_clone VARCHAR +,repo_branch VARCHAR +,repo_private BOOLEAN +,repo_trusted BOOLEAN +,repo_timeout INTEGER +,repo_keys_public VARCHAR +,repo_keys_private VARCHAR +,repo_hooks_pull_request BOOLEAN +,repo_hooks_push BOOLEAN +,repo_hooks_tags BOOLEAN +,repo_params BLOB +,repo_hash VARCHAR ); ` +const stmtRepoRepoFullNameIndex = ` +CREATE UNIQUE INDEX IF NOT EXISTS ux_repo_full_name ON repos (repo_full_name); +` + const stmtRepoRepoUserIdIndex = ` CREATE INDEX IF NOT EXISTS ix_repo_user_id ON repos (repo_user_id); ` @@ -555,7 +580,3 @@ CREATE INDEX IF NOT EXISTS ix_repo_user_id ON repos (repo_user_id); const stmtRepoRepoOwnerNameIndex = ` CREATE UNIQUE INDEX IF NOT EXISTS ux_repo_owner_name ON repos (repo_owner,repo_name); ` - -const stmtRepoRepoFullNameIndex = ` -CREATE UNIQUE INDEX IF NOT EXISTS ux_repo_full_name ON repos (repo_full_name); -` diff --git a/pkg/store/builtin/user_sql.go b/pkg/store/builtin/user_sql.go index a77260a8b..2f0bbf594 100644 --- a/pkg/store/builtin/user_sql.go +++ b/pkg/store/builtin/user_sql.go @@ -41,6 +41,7 @@ func createUser(db userDB, query string, v *User) error { var v4 string var v5 bool var v6 bool + var v7 string v0 = v.Login v1 = v.Token v2 = v.Secret @@ -48,6 +49,7 @@ func createUser(db userDB, query string, v *User) error { v4 = v.Avatar v5 = v.Active v6 = v.Admin + v7 = v.Hash res, err := db.Exec(query, &v0, @@ -57,6 +59,7 @@ func createUser(db userDB, query string, v *User) error { &v4, &v5, &v6, + &v7, ) if err != nil { return err @@ -75,6 +78,7 @@ func updateUser(db userDB, query string, v *User) error { var v5 string var v6 bool var v7 bool + var v8 string v0 = v.ID v1 = v.Login v2 = v.Token @@ -83,6 +87,7 @@ func updateUser(db userDB, query string, v *User) error { v5 = v.Avatar v6 = v.Active v7 = v.Admin + v8 = v.Hash _, err := db.Exec(query, &v1, @@ -92,6 +97,7 @@ func updateUser(db userDB, query string, v *User) error { &v5, &v6, &v7, + &v8, &v0, ) return err @@ -106,6 +112,7 @@ func scanUser(row *sql.Row) (*User, error) { var v5 string var v6 bool var v7 bool + var v8 string err := row.Scan( &v0, @@ -116,6 +123,7 @@ func scanUser(row *sql.Row) (*User, error) { &v5, &v6, &v7, + &v8, ) if err != nil { return nil, err @@ -130,6 +138,7 @@ func scanUser(row *sql.Row) (*User, error) { v.Avatar = v5 v.Active = v6 v.Admin = v7 + v.Hash = v8 return v, nil } @@ -146,6 +155,7 @@ func scanUsers(rows *sql.Rows) ([]*User, error) { var v5 string var v6 bool var v7 bool + var v8 string err = rows.Scan( &v0, &v1, @@ -155,6 +165,7 @@ func scanUsers(rows *sql.Rows) ([]*User, error) { &v5, &v6, &v7, + &v8, ) if err != nil { return vv, err @@ -169,6 +180,7 @@ func scanUsers(rows *sql.Rows) ([]*User, error) { v.Avatar = v5 v.Active = v6 v.Admin = v7 + v.Hash = v8 vv = append(vv, v) } return vv, rows.Err() @@ -184,6 +196,7 @@ SELECT ,user_avatar ,user_active ,user_admin +,user_hash FROM users ` @@ -197,6 +210,7 @@ SELECT ,user_avatar ,user_active ,user_admin +,user_hash FROM users LIMIT ? OFFSET ? ` @@ -211,6 +225,7 @@ SELECT ,user_avatar ,user_active ,user_admin +,user_hash FROM users WHERE user_id = ? ` @@ -225,6 +240,7 @@ SELECT ,user_avatar ,user_active ,user_admin +,user_hash FROM users WHERE user_login = ? ` @@ -243,7 +259,8 @@ INSERT INTO users ( ,user_avatar ,user_active ,user_admin -) VALUES (?,?,?,?,?,?,?); +,user_hash +) VALUES (?,?,?,?,?,?,?,?); ` const stmtUserUpdate = ` @@ -255,6 +272,7 @@ UPDATE users SET ,user_avatar = ? ,user_active = ? ,user_admin = ? +,user_hash = ? WHERE user_id = ? ` @@ -265,14 +283,15 @@ WHERE user_id = ? const stmtUserTable = ` CREATE TABLE IF NOT EXISTS users ( - user_id INTEGER PRIMARY KEY AUTOINCREMENT -,user_login VARCHAR -,user_token VARCHAR + user_id INTEGER PRIMARY KEY AUTOINCREMENT +,user_login VARCHAR +,user_token VARCHAR ,user_secret VARCHAR -,user_email VARCHAR +,user_email VARCHAR ,user_avatar VARCHAR ,user_active BOOLEAN -,user_admin BOOLEAN +,user_admin BOOLEAN +,user_hash VARCHAR ); ` diff --git a/pkg/types/build.go b/pkg/types/build.go index e82336a0a..18882fc41 100644 --- a/pkg/types/build.go +++ b/pkg/types/build.go @@ -26,12 +26,14 @@ type Build struct { type PullRequest struct { Number int `json:"number,omitempty"` Title string `json:"title,omitempty"` + Link string `json:"link,omitempty"` Base *Commit `json:"base_commit,omitempty"` } type Commit struct { Sha string `json:"sha"` Ref string `json:"ref"` + Link string `json:"link,omitempty"` Branch string `json:"branch" sql:"index:ix_commit_branch"` Message string `json:"message"` Timestamp string `json:"timestamp,omitempty"` diff --git a/pkg/types/repo.go b/pkg/types/repo.go index c2468c403..001a2ebfc 100644 --- a/pkg/types/repo.go +++ b/pkg/types/repo.go @@ -1,19 +1,19 @@ package types type Repo struct { - ID int64 `meddler:"repo_id,pk" json:"id"` - UserID int64 `meddler:"repo_user_id" json:"-" sql:"index:ix_repo_user_id"` - Owner string `meddler:"repo_owner" json:"owner" sql:"unique:ux_repo_owner_name"` - Name string `meddler:"repo_name" json:"name" sql:"unique:ux_repo_owner_name"` - FullName string `meddler:"repo_full_name" json:"full_name" sql:"unique:ux_repo_full_name"` - Avatar string `meddler:"repo_avatar" json:"avatar"` - Self string `meddler:"repo_self" json:"self_url"` - Link string `meddler:"repo_link" json:"link_url"` - Clone string `meddler:"repo_clone" json:"clone_url"` - Branch string `meddler:"repo_branch" json:"default_branch"` - Private bool `meddler:"repo_private" json:"private"` - Trusted bool `meddler:"repo_trusted" json:"trusted"` - Timeout int64 `meddler:"repo_timeout" json:"timeout"` + ID int64 `json:"id"` + UserID int64 `json:"-" sql:"index:ix_repo_user_id"` + Owner string `json:"owner" sql:"unique:ux_repo_owner_name"` + Name string `json:"name" sql:"unique:ux_repo_owner_name"` + FullName string `json:"full_name" sql:"unique:ux_repo_full_name"` + Avatar string `json:"avatar"` + Self string `json:"self_url"` + Link string `json:"link_url"` + Clone string `json:"clone_url"` + Branch string `json:"default_branch"` + Private bool `json:"private"` + Trusted bool `json:"trusted"` + Timeout int64 `json:"timeout"` Keys *Keypair `json:"-"` Hooks *Hooks `json:"hooks"` @@ -27,29 +27,33 @@ type Repo struct { // considered secret and are therefore stored external // to the source code repository inside Drone. Params map[string]string `json:"-"` + + // randomly generated hash used to sign repository + // tokens and encrypt and decrypt private variables. + Hash string `json:"-"` } type RepoLite struct { - ID int64 `meddler:"repo_id,pk" json:"id"` - UserID int64 `meddler:"user_id" json:"-"` - Owner string `meddler:"repo_owner" json:"owner"` - Name string `meddler:"repo_name" json:"name"` - FullName string `meddler:"repo_slug" json:"full_name"` - Language string `meddler:"repo_lang" json:"language"` - Private bool `meddler:"repo_private" json:"private"` - Created int64 `meddler:"repo_created" json:"created_at"` - Updated int64 `meddler:"repo_updated" json:"updated_at"` + ID int64 `json:"id"` + UserID int64 `json:"-"` + Owner string `json:"owner"` + Name string `json:"name"` + FullName string `json:"full_name"` + Language string `json:"language"` + Private bool `json:"private"` + Created int64 `json:"created_at"` + Updated int64 `json:"updated_at"` } type RepoCommit struct { - ID int64 `meddler:"repo_id,pk" json:"id"` - Owner string `meddler:"repo_owner" json:"owner"` - Name string `meddler:"repo_name" json:"name"` - FullName string `meddler:"repo_full_name" json:"full_name"` - Number int `meddler:"commit_sequence" json:"number"` - State string `meddler:"commit_state" json:"state"` - Started int64 `meddler:"commit_started" json:"started_at"` - Finished int64 `meddler:"commit_finished" json:"finished_at"` + ID int64 `json:"id"` + Owner string `json:"owner"` + Name string `json:"name"` + FullName string `json:"full_name"` + Number int `json:"number"` + State string `json:"state"` + Started int64 `json:"started_at"` + Finished int64 `json:"finished_at"` } type Perm struct { diff --git a/pkg/types/user.go b/pkg/types/user.go index 4ba79597c..9c043dbc5 100644 --- a/pkg/types/user.go +++ b/pkg/types/user.go @@ -9,4 +9,8 @@ type User struct { Avatar string `json:"avatar,omitempty"` Active bool `json:"active,omitempty"` Admin bool `json:"admin,omitempty"` + + // randomly generated hash used to sign user + // session and application tokens. + Hash string `json:"-"` }