woodpecker/remote/bitbucketserver/bitbucketserver.go

383 lines
10 KiB
Go

package bitbucketserver
// WARNING! This is an work-in-progress patch and does not yet conform to the coding,
// quality or security standards expected of this project. Please use with caution.
import (
"crypto/rsa"
"crypto/x509"
"encoding/json"
"encoding/pem"
"fmt"
"io/ioutil"
"net/http"
"net/url"
log "github.com/Sirupsen/logrus"
"github.com/drone/drone/model"
"github.com/drone/drone/remote"
"github.com/mrjones/oauth"
"strings"
)
// Opts defines configuration options.
type Opts struct {
URL string // Stash server url.
Username string // Git machine account username.
Password string // Git machine account password.
ConsumerKey string // Oauth1 consumer key.
ConsumerRSA string // Oauth1 consumer key file.
SkipVerify bool // Skip ssl verification.
}
// New returns a Remote implementation that integrates with Bitbucket Server,
// the on-premise edition of Bitbucket Cloud, formerly known as Stash.
func New(opts Opts) (remote.Remote, error) {
bb := &client{
URL: opts.URL,
ConsumerKey: opts.ConsumerKey,
ConsumerRSA: opts.ConsumerRSA,
GitUserName: opts.Username,
GitPassword: opts.Password,
}
switch {
case bb.GitUserName == "":
return nil, fmt.Errorf("Must have a git machine account username")
case bb.GitPassword == "":
return nil, fmt.Errorf("Must have a git machine account password")
case bb.ConsumerKey == "":
return nil, fmt.Errorf("Must have a oauth1 consumer key")
case bb.ConsumerRSA == "":
return nil, fmt.Errorf("Must have a oauth1 consumer key file")
}
keyfile, err := ioutil.ReadFile(bb.ConsumerRSA)
if err != nil {
return nil, err
}
block, _ := pem.Decode(keyfile)
bb.PrivateKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
// TODO de-referencing is a bit weird and may not behave as expected, and could
// have race conditions. Instead store the parsed key (I already did this above)
// and then pass the parsed private key when creating the Bitbucket client.
bb.Consumer = *NewClient(bb.ConsumerRSA, bb.ConsumerKey, bb.URL)
return bb, nil
}
type client struct {
URL string
ConsumerKey string
GitUserName string
GitPassword string
ConsumerRSA string
PrivateKey *rsa.PrivateKey
Consumer oauth.Consumer
}
func (c *client) Login(res http.ResponseWriter, req *http.Request) (*model.User, error) {
requestToken, url, err := c.Consumer.GetRequestTokenAndUrl("oob")
if err != nil {
return nil, err
}
var code = req.FormValue("oauth_verifier")
if len(code) == 0 {
http.Redirect(res, req, url, http.StatusSeeOther)
return nil, nil
}
requestToken.Token = req.FormValue("oauth_token")
accessToken, err := c.Consumer.AuthorizeToken(requestToken, code)
if err != nil {
return nil, err
}
client, err := c.Consumer.MakeHttpClient(accessToken)
if err != nil {
return nil, err
}
response, err := client.Get(fmt.Sprintf("%s/plugins/servlet/applinks/whoami", c.URL))
if err != nil {
return nil, err
}
defer response.Body.Close()
bits, err := ioutil.ReadAll(response.Body)
if err != nil {
return nil, err
}
login := string(bits)
// TODO errors should never be ignored like this
response1, err := client.Get(fmt.Sprintf("%s/rest/api/1.0/users/%s", c.URL, login))
if err != nil {
return nil, err
}
defer response1.Body.Close()
contents, err := ioutil.ReadAll(response1.Body)
if err !=nil {
return nil, err
}
var user User
err = json.Unmarshal(contents, &user)
if err != nil {
return nil, err
}
return &model.User{
Login: login,
Email: user.EmailAddress,
Token: accessToken.Token,
Avatar: avatarLink(user.EmailAddress),
}, nil
}
// Auth is not supported by the Stash driver.
func (*client) Auth(token, secret string) (string, error) {
return "", fmt.Errorf("Not Implemented")
}
// Teams is not supported by the Stash driver.
func (*client) Teams(u *model.User) ([]*model.Team, error) {
var teams []*model.Team
return teams, nil
}
func (c *client) Repo(u *model.User, owner, name string) (*model.Repo, error) {
client := NewClientWithToken(&c.Consumer, u.Token)
repo , err := c.FindRepo(client,owner,name)
if err != nil {
return nil, err
}
return repo, nil
}
func (c *client) Repos(u *model.User) ([]*model.RepoLite, error) {
var repos = []*model.RepoLite{}
client := NewClientWithToken(&c.Consumer, u.Token)
response, err := client.Get(fmt.Sprintf("%s/rest/api/1.0/repos?limit=10000", c.URL))
if err != nil {
log.Error(err)
}
defer response.Body.Close()
contents, err := ioutil.ReadAll(response.Body)
if err != nil {
return nil, err
}
var repoResponse Repos
err = json.Unmarshal(contents, &repoResponse)
if err != nil {
return nil, err
}
for _, repo := range repoResponse.Values {
repos = append(repos, &model.RepoLite{
Name: repo.Slug,
FullName: repo.Project.Key + "/" + repo.Slug,
Owner: repo.Project.Key,
})
}
return repos, nil
}
func (c *client) Perm(u *model.User, owner, repo string) (*model.Perm, error) {
client := NewClientWithToken(&c.Consumer, u.Token)
perms := new(model.Perm)
// If you don't have access return none right away
_, err := c.FindRepo(client, owner, repo)
if err != nil {
return perms, err
}
// Must have admin to be able to list hooks. If have access the enable perms
_, err = client.Get(fmt.Sprintf("%s/rest/api/1.0/projects/%s/repos/%s/settings/hooks/%s", c.URL, owner, repo,"com.atlassian.stash.plugin.stash-web-post-receive-hooks-plugin:postReceiveHook"))
if err == nil {
perms.Push = true
perms.Admin = true
}
perms.Pull = true
return perms, nil
}
func (c *client) File(u *model.User, r *model.Repo, b *model.Build, f string) ([]byte, error) {
log.Info(fmt.Sprintf("Staring file for bitbucketServer login: %s repo: %s buildevent: %s string: %s", u.Login, r.Name, b.Event, f))
client := NewClientWithToken(&c.Consumer, u.Token)
fileURL := fmt.Sprintf("%s/projects/%s/repos/%s/browse/%s?raw", c.URL, r.Owner, r.Name, f)
log.Info(fileURL)
response, err := client.Get(fileURL)
if err != nil {
log.Error(err)
}
if response.StatusCode == 404 {
return nil, nil
}
defer response.Body.Close()
responseBytes, err := ioutil.ReadAll(response.Body)
if err != nil {
log.Error(err)
}
return responseBytes, nil
}
// Status is not supported by the Gogs driver.
func (*client) Status(*model.User, *model.Repo, *model.Build, string) error {
return nil
}
func (c *client) Netrc(user *model.User, r *model.Repo) (*model.Netrc, error) {
u, err := url.Parse(c.URL)
if err != nil {
return nil, err
}
//remove the port
tmp := strings.Split(u.Host, ":")
var host = tmp[0]
if err != nil {
return nil, err
}
return &model.Netrc{
Machine: host,
Login: c.GitUserName,
Password: c.GitPassword,
}, nil
}
func (c *client) Activate(u *model.User, r *model.Repo, link string) error {
client := NewClientWithToken(&c.Consumer, u.Token)
hook, err := c.CreateHook(client, r.Owner, r.Name, "com.atlassian.stash.plugin.stash-web-post-receive-hooks-plugin:postReceiveHook", link)
if err != nil {
return err
}
log.Info(hook)
return nil
}
func (c *client) Deactivate(u *model.User, r *model.Repo, link string) error {
client := NewClientWithToken(&c.Consumer, u.Token)
err := c.DeleteHook(client, r.Owner, r.Name, "com.atlassian.stash.plugin.stash-web-post-receive-hooks-plugin:postReceiveHook", link)
if err != nil {
return err
}
return nil
}
func (c *client) Hook(r *http.Request) (*model.Repo, *model.Build, error) {
hook := new(postHook)
if err := json.NewDecoder(r.Body).Decode(hook); err != nil {
return nil, nil, err
}
build := &model.Build{
Event: model.EventPush,
Ref: hook.RefChanges[0].RefID, // TODO check for index Values
Author: hook.Changesets.Values[0].ToCommit.Author.EmailAddress, // TODO check for index Values
Commit: hook.RefChanges[0].ToHash, // TODO check for index value
Avatar: avatarLink(hook.Changesets.Values[0].ToCommit.Author.EmailAddress),
}
repo := &model.Repo{
Name: hook.Repository.Slug,
Owner: hook.Repository.Project.Key,
FullName: fmt.Sprintf("%s/%s", hook.Repository.Project.Key, hook.Repository.Slug),
Branch: "master",
Kind: model.RepoGit,
}
return repo, build, nil
}
type HookDetail struct {
Key string `json:"key"`
Name string `json:"name"`
Type string `json:"type"`
Description string `json:"description"`
Version string `json:"version"`
ConfigFormKey string `json:"configFormKey"`
}
type Hook struct {
Enabled bool `json:"enabled"`
Details *HookDetail `json:"details"`
}
// Enable hook for named repository
func (bs *client) CreateHook(client *http.Client, project, slug, hook_key, link string) (*Hook, error) {
// Set hook
hookBytes := []byte(fmt.Sprintf(`{"hook-url-0":"%s"}`, link))
// Enable hook
enablePath := fmt.Sprintf("/rest/api/1.0/projects/%s/repos/%s/settings/hooks/%s/enabled",
project, slug, hook_key)
doPut(client, bs.URL+enablePath, hookBytes)
return nil, nil
}
// Disable hook for named repository
func (bs *client) DeleteHook(client *http.Client, project, slug, hook_key, link string) error {
enablePath := fmt.Sprintf("/rest/api/1.0/projects/%s/repos/%s/settings/hooks/%s/enabled",
project, slug, hook_key)
doDelete(client, bs.URL+enablePath)
return nil
}
func (c *client) FindRepo(client *http.Client, owner string, name string) (*model.Repo, error){
urlString := fmt.Sprintf("%s/rest/api/1.0/projects/%s/repos/%s", c.URL, owner, name)
response, err := client.Get(urlString)
if err != nil {
log.Error(err)
}
defer response.Body.Close()
contents, err := ioutil.ReadAll(response.Body)
bsRepo := BSRepo{}
err = json.Unmarshal(contents, &bsRepo)
if err !=nil {
return nil, err
}
repo := &model.Repo{
Name: bsRepo.Slug,
Owner: bsRepo.Project.Key,
Branch: "master",
Kind: model.RepoGit,
IsPrivate: true, // TODO(josmo) possibly set this as a setting - must always be private to use netrc
FullName: fmt.Sprintf("%s/%s", bsRepo.Project.Key, bsRepo.Slug),
}
for _, item := range bsRepo.Links.Clone {
if item.Name == "http" {
uri, err := url.Parse(item.Href)
if err != nil {
return nil, err
}
uri.User = nil
repo.Clone = uri.String()
}
}
for _, item := range bsRepo.Links.Self {
if item.Href != "" {
repo.Link = item.Href
}
}
return repo, nil
}