package bitbucketserver // WARNING! This is an work-in-progress patch and does not yet conform to the coding, // quality or security standards expected of this project. Please use with caution. import ( "crypto/rsa" "crypto/x509" "encoding/json" "encoding/pem" "fmt" "io/ioutil" "net/http" "net/url" log "github.com/Sirupsen/logrus" "github.com/drone/drone/model" "github.com/drone/drone/remote" "github.com/mrjones/oauth" "strings" ) // Opts defines configuration options. type Opts struct { URL string // Stash server url. Username string // Git machine account username. Password string // Git machine account password. ConsumerKey string // Oauth1 consumer key. ConsumerRSA string // Oauth1 consumer key file. SkipVerify bool // Skip ssl verification. } // New returns a Remote implementation that integrates with Bitbucket Server, // the on-premise edition of Bitbucket Cloud, formerly known as Stash. func New(opts Opts) (remote.Remote, error) { bb := &client{ URL: opts.URL, ConsumerKey: opts.ConsumerKey, ConsumerRSA: opts.ConsumerRSA, GitUserName: opts.Username, GitPassword: opts.Password, } switch { case bb.GitUserName == "": return nil, fmt.Errorf("Must have a git machine account username") case bb.GitPassword == "": return nil, fmt.Errorf("Must have a git machine account password") case bb.ConsumerKey == "": return nil, fmt.Errorf("Must have a oauth1 consumer key") case bb.ConsumerRSA == "": return nil, fmt.Errorf("Must have a oauth1 consumer key file") } keyfile, err := ioutil.ReadFile(bb.ConsumerRSA) if err != nil { return nil, err } block, _ := pem.Decode(keyfile) bb.PrivateKey, err = x509.ParsePKCS1PrivateKey(block.Bytes) if err != nil { return nil, err } // TODO de-referencing is a bit weird and may not behave as expected, and could // have race conditions. Instead store the parsed key (I already did this above) // and then pass the parsed private key when creating the Bitbucket client. bb.Consumer = *NewClient(bb.ConsumerRSA, bb.ConsumerKey, bb.URL) return bb, nil } type client struct { URL string ConsumerKey string GitUserName string GitPassword string ConsumerRSA string PrivateKey *rsa.PrivateKey Consumer oauth.Consumer } func (c *client) Login(res http.ResponseWriter, req *http.Request) (*model.User, error) { requestToken, url, err := c.Consumer.GetRequestTokenAndUrl("oob") if err != nil { return nil, err } var code = req.FormValue("oauth_verifier") if len(code) == 0 { http.Redirect(res, req, url, http.StatusSeeOther) return nil, nil } requestToken.Token = req.FormValue("oauth_token") accessToken, err := c.Consumer.AuthorizeToken(requestToken, code) if err != nil { return nil, err } client, err := c.Consumer.MakeHttpClient(accessToken) if err != nil { return nil, err } response, err := client.Get(fmt.Sprintf("%s/plugins/servlet/applinks/whoami", c.URL)) if err != nil { return nil, err } defer response.Body.Close() bits, err := ioutil.ReadAll(response.Body) if err != nil { return nil, err } login := string(bits) // TODO errors should never be ignored like this response1, err := client.Get(fmt.Sprintf("%s/rest/api/1.0/users/%s", c.URL, login)) if err != nil { return nil, err } defer response1.Body.Close() contents, err := ioutil.ReadAll(response1.Body) if err != nil { return nil, err } var user User err = json.Unmarshal(contents, &user) if err != nil { return nil, err } return &model.User{ Login: login, Email: user.EmailAddress, Token: accessToken.Token, Avatar: avatarLink(user.EmailAddress), }, nil } // Auth is not supported by the Stash driver. func (*client) Auth(token, secret string) (string, error) { return "", fmt.Errorf("Not Implemented") } // Teams is not supported by the Stash driver. func (*client) Teams(u *model.User) ([]*model.Team, error) { var teams []*model.Team return teams, nil } func (c *client) Repo(u *model.User, owner, name string) (*model.Repo, error) { client := NewClientWithToken(&c.Consumer, u.Token) repo, err := c.FindRepo(client, owner, name) if err != nil { return nil, err } return repo, nil } func (c *client) Repos(u *model.User) ([]*model.RepoLite, error) { var repos = []*model.RepoLite{} client := NewClientWithToken(&c.Consumer, u.Token) response, err := client.Get(fmt.Sprintf("%s/rest/api/1.0/repos?limit=10000", c.URL)) if err != nil { log.Error(err) } defer response.Body.Close() contents, err := ioutil.ReadAll(response.Body) if err != nil { return nil, err } var repoResponse Repos err = json.Unmarshal(contents, &repoResponse) if err != nil { return nil, err } for _, repo := range repoResponse.Values { repos = append(repos, &model.RepoLite{ Name: repo.Slug, FullName: repo.Project.Key + "/" + repo.Slug, Owner: repo.Project.Key, }) } return repos, nil } func (c *client) Perm(u *model.User, owner, repo string) (*model.Perm, error) { client := NewClientWithToken(&c.Consumer, u.Token) perms := new(model.Perm) // If you don't have access return none right away _, err := c.FindRepo(client, owner, repo) if err != nil { return perms, err } // Must have admin to be able to list hooks. If have access the enable perms _, err = client.Get(fmt.Sprintf("%s/rest/api/1.0/projects/%s/repos/%s/settings/hooks/%s", c.URL, owner, repo, "com.atlassian.stash.plugin.stash-web-post-receive-hooks-plugin:postReceiveHook")) if err == nil { perms.Push = true perms.Admin = true } perms.Pull = true return perms, nil } func (c *client) File(u *model.User, r *model.Repo, b *model.Build, f string) ([]byte, error) { log.Info(fmt.Sprintf("Staring file for bitbucketServer login: %s repo: %s buildevent: %s string: %s", u.Login, r.Name, b.Event, f)) client := NewClientWithToken(&c.Consumer, u.Token) fileURL := fmt.Sprintf("%s/projects/%s/repos/%s/browse/%s?raw", c.URL, r.Owner, r.Name, f) log.Info(fileURL) response, err := client.Get(fileURL) if err != nil { log.Error(err) } if response.StatusCode == 404 { return nil, nil } defer response.Body.Close() responseBytes, err := ioutil.ReadAll(response.Body) if err != nil { log.Error(err) } return responseBytes, nil } // Status is not supported by the Gogs driver. func (*client) Status(*model.User, *model.Repo, *model.Build, string) error { return nil } func (c *client) Netrc(user *model.User, r *model.Repo) (*model.Netrc, error) { u, err := url.Parse(c.URL) if err != nil { return nil, err } //remove the port tmp := strings.Split(u.Host, ":") var host = tmp[0] if err != nil { return nil, err } return &model.Netrc{ Machine: host, Login: c.GitUserName, Password: c.GitPassword, }, nil } func (c *client) Activate(u *model.User, r *model.Repo, link string) error { client := NewClientWithToken(&c.Consumer, u.Token) hook, err := c.CreateHook(client, r.Owner, r.Name, "com.atlassian.stash.plugin.stash-web-post-receive-hooks-plugin:postReceiveHook", link) if err != nil { return err } log.Info(hook) return nil } func (c *client) Deactivate(u *model.User, r *model.Repo, link string) error { client := NewClientWithToken(&c.Consumer, u.Token) err := c.DeleteHook(client, r.Owner, r.Name, "com.atlassian.stash.plugin.stash-web-post-receive-hooks-plugin:postReceiveHook", link) if err != nil { return err } return nil } func (c *client) Hook(r *http.Request) (*model.Repo, *model.Build, error) { hook := new(postHook) if err := json.NewDecoder(r.Body).Decode(hook); err != nil { return nil, nil, err } build := &model.Build{ Event: model.EventPush, Ref: hook.RefChanges[0].RefID, // TODO check for index Values Author: hook.Changesets.Values[0].ToCommit.Author.EmailAddress, // TODO check for index Values Commit: hook.RefChanges[0].ToHash, // TODO check for index value Avatar: avatarLink(hook.Changesets.Values[0].ToCommit.Author.EmailAddress), } repo := &model.Repo{ Name: hook.Repository.Slug, Owner: hook.Repository.Project.Key, FullName: fmt.Sprintf("%s/%s", hook.Repository.Project.Key, hook.Repository.Slug), Branch: "master", Kind: model.RepoGit, } return repo, build, nil } type HookDetail struct { Key string `json:"key"` Name string `json:"name"` Type string `json:"type"` Description string `json:"description"` Version string `json:"version"` ConfigFormKey string `json:"configFormKey"` } type Hook struct { Enabled bool `json:"enabled"` Details *HookDetail `json:"details"` } // Enable hook for named repository func (bs *client) CreateHook(client *http.Client, project, slug, hook_key, link string) (*Hook, error) { // Set hook hookBytes := []byte(fmt.Sprintf(`{"hook-url-0":"%s"}`, link)) // Enable hook enablePath := fmt.Sprintf("/rest/api/1.0/projects/%s/repos/%s/settings/hooks/%s/enabled", project, slug, hook_key) doPut(client, bs.URL+enablePath, hookBytes) return nil, nil } // Disable hook for named repository func (bs *client) DeleteHook(client *http.Client, project, slug, hook_key, link string) error { enablePath := fmt.Sprintf("/rest/api/1.0/projects/%s/repos/%s/settings/hooks/%s/enabled", project, slug, hook_key) doDelete(client, bs.URL+enablePath) return nil } func (c *client) FindRepo(client *http.Client, owner string, name string) (*model.Repo, error) { urlString := fmt.Sprintf("%s/rest/api/1.0/projects/%s/repos/%s", c.URL, owner, name) response, err := client.Get(urlString) if err != nil { log.Error(err) } defer response.Body.Close() contents, err := ioutil.ReadAll(response.Body) bsRepo := BSRepo{} err = json.Unmarshal(contents, &bsRepo) if err != nil { return nil, err } repo := &model.Repo{ Name: bsRepo.Slug, Owner: bsRepo.Project.Key, Branch: "master", Kind: model.RepoGit, IsPrivate: true, // TODO(josmo) possibly set this as a setting - must always be private to use netrc FullName: fmt.Sprintf("%s/%s", bsRepo.Project.Key, bsRepo.Slug), } for _, item := range bsRepo.Links.Clone { if item.Name == "http" { uri, err := url.Parse(item.Href) if err != nil { return nil, err } uri.User = nil repo.Clone = uri.String() } } for _, item := range bsRepo.Links.Self { if item.Href != "" { repo.Link = item.Href } } return repo, nil }