Allow separate gitea oauth URL (#3513)

closes https://github.com/woodpecker-ci/woodpecker/issues/3470 --------- Co-authored-by: Robert Kaussow <xoxys@rknet.org>
2024-11-26 03:41:01 +00:00 · 2024-03-21 11:37:02 +01:00 · 2024-03-21 11:37:02 +01:00 · fbdfa14a00
commit fbdfa14a00
parent 5fb732a734
5 changed files with 32 additions and 17 deletions
--- a/cmd/server/flags.go
+++ b/cmd/server/flags.go
@ -386,6 +386,11 @@ var flags = append([]cli.Flag{
 		Name:    "gitea-skip-verify",
 		Usage:   "gitea skip ssl verification",
 	},
+	&cli.StringFlag{
+		EnvVars: []string{"WOODPECKER_DEV_GITEA_OAUTH_URL"},
+		Name:    "gitea-oauth-server",
+		Usage:   "user-facing gitea server url for oauth",
+	},
 	//
 	// Bitbucket
 	//
--- a/cmd/server/setup.go
+++ b/cmd/server/setup.go
@ -141,14 +141,23 @@ func setupBitbucket(c *cli.Context) (forge.Forge, error) {
 	return bitbucket.New(opts)
 }

-// setupGitea helper function to setup the Gitea forge from the CLI arguments.
+// setupGitea helper function to set up the Gitea forge from the CLI arguments.
 func setupGitea(c *cli.Context) (forge.Forge, error) {
 	server, err := url.Parse(c.String("gitea-server"))
 	if err != nil {
 		return nil, err
 	}
+	oauth2Server := c.String("gitea-oauth-server")
+	if oauth2Server != "" {
+		oauth2URL, err := url.Parse(oauth2Server)
+		if err != nil {
+			return nil, err
+		}
+		oauth2Server = strings.TrimRight(oauth2URL.String(), "/")
+	}
 	opts := gitea.Opts{
 		URL:        strings.TrimRight(server.String(), "/"),
+		OAuth2URL:  oauth2Server,
 		Client:     c.String("gitea-client"),
 		Secret:     c.String("gitea-secret"),
 		SkipVerify: c.Bool("gitea-skip-verify"),
--- a/docs/docs/30-administration/11-forges/30-gitea.md
+++ b/docs/docs/30-administration/11-forges/30-gitea.md
@ -93,3 +93,11 @@ Read the value for `WOODPECKER_GITEA_SECRET` from the specified filepath
 > Default: `false`

 Configure if SSL verification should be skipped.
+
+## Advanced options
+
+### `WOODPECKER_DEV_GITEA_OAUTH_URL`
+
+> Default: value of `WOODPECKER_GITEA_URL`
+
+Configures the user-facing Gitea server address. Should be used if `WOODPECKER_GITEA_URL` points to an internal URL used for API requests.
--- a/server/forge/gitea/gitea.go
+++ b/server/forge/gitea/gitea.go
@ -23,9 +23,7 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
-	"net"
 	"net/http"
-	"net/url"
 	"path"
 	"path/filepath"
 	"strconv"
@ -49,11 +47,12 @@ const (
 	authorizeTokenURL = "%s/login/oauth/authorize"
 	accessTokenURL    = "%s/login/oauth/access_token"
 	defaultPageSize   = 50
-	giteaDevVersion   = "v1.18.0"
+	giteaDevVersion   = "v1.21.0"
 )

 type Gitea struct {
 	url          string
+	oauth2URL    string
 	ClientID     string
 	ClientSecret string
 	SkipVerify   bool
@ -63,6 +62,7 @@ type Gitea struct {
 // Opts defines configuration options.
 type Opts struct {
 	URL        string // Gitea server url.
+	OAuth2URL  string // User-facing Gitea server url for OAuth2.
 	Client     string // OAuth2 Client ID
 	Secret     string // OAuth2 Client Secret
 	SkipVerify bool   // Skip ssl verification.
@ -71,16 +71,13 @@ type Opts struct {
 // New returns a Forge implementation that integrates with Gitea,
 // an open source Git service written in Go. See https://gitea.io/
 func New(opts Opts) (forge.Forge, error) {
-	u, err := url.Parse(opts.URL)
-	if err != nil {
-		return nil, err
-	}
-	host, _, err := net.SplitHostPort(u.Host)
-	if err == nil {
-		u.Host = host
+	if opts.OAuth2URL != "" {
+		opts.OAuth2URL = opts.URL
 	}
+
 	return &Gitea{
 		url:          opts.URL,
+		oauth2URL:    opts.OAuth2URL,
 		ClientID:     opts.Client,
 		ClientSecret: opts.Secret,
 		SkipVerify:   opts.SkipVerify,
@ -102,8 +99,8 @@ func (c *Gitea) oauth2Config(ctx context.Context) (*oauth2.Config, context.Conte
 			ClientID:     c.ClientID,
 			ClientSecret: c.ClientSecret,
 			Endpoint: oauth2.Endpoint{
-				AuthURL:  fmt.Sprintf(authorizeTokenURL, c.url),
-				TokenURL: fmt.Sprintf(accessTokenURL, c.url),
+				AuthURL:  fmt.Sprintf(authorizeTokenURL, c.oauth2URL),
+				TokenURL: fmt.Sprintf(accessTokenURL, c.oauth2URL),
 			},
 			RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
 		},
--- a/server/forge/gitea/gitea_test.go
+++ b/server/forge/gitea/gitea_test.go
@ -62,10 +62,6 @@ func Test_gitea(t *testing.T) {
 				g.Assert(f.url).Equal("http://localhost:8080")
 				g.Assert(f.SkipVerify).Equal(true)
 			})
-			g.It("Should handle malformed url", func() {
-				_, err := New(Opts{URL: "%gh&%ij"})
-				g.Assert(err).IsNotNil()
-			})
 		})

 		g.Describe("Generating a netrc file", func() {