mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-13 03:56:39 +00:00
630 lines
18 KiB
Go
630 lines
18 KiB
Go
// Copyright 2024 Woodpecker Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package bitbucketdatacenter
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
|
|
bb "github.com/neticdk/go-bitbucket/bitbucket"
|
|
"github.com/rs/zerolog/log"
|
|
"golang.org/x/oauth2"
|
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/server"
|
|
"go.woodpecker-ci.org/woodpecker/v2/server/forge"
|
|
"go.woodpecker-ci.org/woodpecker/v2/server/forge/bitbucketdatacenter/internal"
|
|
"go.woodpecker-ci.org/woodpecker/v2/server/forge/common"
|
|
forge_types "go.woodpecker-ci.org/woodpecker/v2/server/forge/types"
|
|
"go.woodpecker-ci.org/woodpecker/v2/server/model"
|
|
"go.woodpecker-ci.org/woodpecker/v2/server/store"
|
|
)
|
|
|
|
const listLimit = 250
|
|
|
|
// Opts defines configuration options.
|
|
type Opts struct {
|
|
URL string // Bitbucket server url for API access.
|
|
Username string // Git machine account username.
|
|
Password string // Git machine account password.
|
|
ClientID string // OAuth 2.0 client id
|
|
ClientSecret string // OAuth 2.0 client secret
|
|
OAuthHost string // OAuth 2.0 host
|
|
}
|
|
|
|
type client struct {
|
|
url string
|
|
urlAPI string
|
|
clientID string
|
|
clientSecret string
|
|
oauthHost string
|
|
username string
|
|
password string
|
|
}
|
|
|
|
// New returns a Forge implementation that integrates with Bitbucket DataCenter/Server,
|
|
// the on-premise edition of Bitbucket Cloud, formerly known as Stash.
|
|
func New(opts Opts) (forge.Forge, error) {
|
|
config := &client{
|
|
url: opts.URL,
|
|
urlAPI: fmt.Sprintf("%s/rest", opts.URL),
|
|
clientID: opts.ClientID,
|
|
clientSecret: opts.ClientSecret,
|
|
oauthHost: opts.OAuthHost,
|
|
username: opts.Username,
|
|
password: opts.Password,
|
|
}
|
|
|
|
switch {
|
|
case opts.Username == "":
|
|
return nil, fmt.Errorf("must have a git machine account username")
|
|
case opts.Password == "":
|
|
return nil, fmt.Errorf("must have a git machine account password")
|
|
case opts.ClientID == "":
|
|
return nil, fmt.Errorf("must have an oauth 2.0 client id")
|
|
case opts.ClientSecret == "":
|
|
return nil, fmt.Errorf("must have an oauth 2.0 client secret")
|
|
}
|
|
|
|
return config, nil
|
|
}
|
|
|
|
// Name returns the string name of this driver.
|
|
func (c *client) Name() string {
|
|
return "bitbucket_dc"
|
|
}
|
|
|
|
// URL returns the root url of a configured forge.
|
|
func (c *client) URL() string {
|
|
return c.url
|
|
}
|
|
|
|
func (c *client) Login(ctx context.Context, req *forge_types.OAuthRequest) (*model.User, string, error) {
|
|
config := c.newOAuth2Config()
|
|
|
|
// TODO: Use pkce flow (https://oauth.net/2/pkce/) ...
|
|
redirectURL := config.AuthCodeURL(req.State)
|
|
|
|
if len(req.Code) == 0 {
|
|
return nil, redirectURL, nil
|
|
}
|
|
|
|
token, err := config.Exchange(ctx, req.Code)
|
|
if err != nil {
|
|
return nil, redirectURL, err
|
|
}
|
|
|
|
client := internal.NewClientWithToken(ctx, config.TokenSource(ctx, &oauth2.Token{
|
|
AccessToken: token.AccessToken,
|
|
}), c.url)
|
|
userSlug, err := client.FindCurrentUser(ctx)
|
|
if err != nil {
|
|
return nil, "", err
|
|
}
|
|
|
|
bc, err := c.newClient(ctx, &model.User{AccessToken: token.AccessToken})
|
|
if err != nil {
|
|
return nil, "", fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
user, _, err := bc.Users.GetUser(ctx, userSlug)
|
|
if err != nil {
|
|
return nil, "", fmt.Errorf("unable to query for user: %w", err)
|
|
}
|
|
|
|
u := convertUser(user, c.url)
|
|
updateUserCredentials(u, token)
|
|
return u, "", nil
|
|
}
|
|
|
|
func (c *client) Auth(ctx context.Context, accessToken, _ string) (string, error) {
|
|
config := c.newOAuth2Config()
|
|
token := &oauth2.Token{
|
|
AccessToken: accessToken,
|
|
}
|
|
client := internal.NewClientWithToken(ctx, config.TokenSource(ctx, token), c.url)
|
|
return client.FindCurrentUser(ctx)
|
|
}
|
|
|
|
func (c *client) Refresh(ctx context.Context, u *model.User) (bool, error) {
|
|
config := c.newOAuth2Config()
|
|
t := &oauth2.Token{
|
|
RefreshToken: u.RefreshToken,
|
|
}
|
|
ts := config.TokenSource(ctx, t)
|
|
|
|
tok, err := ts.Token()
|
|
if err != nil {
|
|
return false, fmt.Errorf("unable to refresh OAuth 2.0 token from bitbucket datacenter: %w", err)
|
|
}
|
|
updateUserCredentials(u, tok)
|
|
return true, nil
|
|
}
|
|
|
|
func (c *client) Repo(ctx context.Context, u *model.User, rID model.ForgeRemoteID, owner, name string) (*model.Repo, error) {
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
var repo *bb.Repository
|
|
if rID.IsValid() {
|
|
opts := &bb.RepositorySearchOptions{Permission: bb.PermissionRepoWrite, ListOptions: bb.ListOptions{Limit: listLimit}}
|
|
for {
|
|
repos, resp, err := bc.Projects.SearchRepositories(ctx, opts)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to search repositories: %w", err)
|
|
}
|
|
for _, r := range repos {
|
|
if rID == convertID(r.ID) {
|
|
repo = r
|
|
break
|
|
}
|
|
}
|
|
if resp.LastPage {
|
|
break
|
|
}
|
|
opts.Start = resp.NextPageStart
|
|
}
|
|
if repo == nil {
|
|
return nil, fmt.Errorf("unable to find repository with id: %s", rID)
|
|
}
|
|
} else {
|
|
repo, _, err = bc.Projects.GetRepository(ctx, owner, name)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to get repository: %w", err)
|
|
}
|
|
}
|
|
|
|
b, _, err := bc.Projects.GetDefaultBranch(ctx, repo.Project.Key, repo.Slug)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to fetch default branch: %w", err)
|
|
}
|
|
|
|
perms := &model.Perm{Pull: true, Push: true}
|
|
_, _, err = bc.Projects.ListWebhooks(ctx, repo.Project.Key, repo.Slug, &bb.ListOptions{})
|
|
if err == nil {
|
|
perms.Admin = true
|
|
}
|
|
|
|
return convertRepo(repo, perms, b.DisplayID), nil
|
|
}
|
|
|
|
func (c *client) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error) {
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
opts := &bb.RepositorySearchOptions{Permission: bb.PermissionRepoWrite, ListOptions: bb.ListOptions{Limit: listLimit}}
|
|
all := make([]*model.Repo, 0)
|
|
for {
|
|
repos, resp, err := bc.Projects.SearchRepositories(ctx, opts)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to search repositories: %w", err)
|
|
}
|
|
for _, r := range repos {
|
|
perms := &model.Perm{Pull: true, Push: true, Admin: false}
|
|
all = append(all, convertRepo(r, perms, ""))
|
|
}
|
|
if resp.LastPage {
|
|
break
|
|
}
|
|
opts.Start = resp.NextPageStart
|
|
}
|
|
|
|
// Add admin permissions to relevant repositories
|
|
opts = &bb.RepositorySearchOptions{Permission: bb.PermissionRepoAdmin, ListOptions: bb.ListOptions{Limit: listLimit}}
|
|
for {
|
|
repos, resp, err := bc.Projects.SearchRepositories(ctx, opts)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to search repositories: %w", err)
|
|
}
|
|
for _, r := range repos {
|
|
for i, c := range all {
|
|
if c.ForgeRemoteID == convertID(r.ID) {
|
|
all[i].Perm = &model.Perm{Pull: true, Push: true, Admin: true}
|
|
break
|
|
}
|
|
}
|
|
}
|
|
if resp.LastPage {
|
|
break
|
|
}
|
|
opts.Start = resp.NextPageStart
|
|
}
|
|
|
|
return all, nil
|
|
}
|
|
|
|
func (c *client) File(ctx context.Context, u *model.User, r *model.Repo, p *model.Pipeline, f string) ([]byte, error) {
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
b, resp, err := bc.Projects.GetTextFileContent(ctx, r.Owner, r.Name, f, p.Commit)
|
|
if err != nil {
|
|
if resp.StatusCode == http.StatusNotFound {
|
|
// requested directory might not exist
|
|
return nil, &forge_types.ErrConfigNotFound{
|
|
Configs: []string{f},
|
|
}
|
|
}
|
|
return nil, err
|
|
}
|
|
return b, nil
|
|
}
|
|
|
|
func (c *client) Dir(ctx context.Context, u *model.User, r *model.Repo, p *model.Pipeline, path string) ([]*forge_types.FileMeta, error) {
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
opts := &bb.FilesListOptions{At: p.Commit}
|
|
all := make([]*forge_types.FileMeta, 0)
|
|
for {
|
|
list, resp, err := bc.Projects.ListFiles(ctx, r.Owner, r.Name, path, opts)
|
|
if err != nil {
|
|
if resp.StatusCode == http.StatusNotFound {
|
|
// requested directory might not exist
|
|
return nil, &forge_types.ErrConfigNotFound{
|
|
Configs: []string{path},
|
|
}
|
|
}
|
|
return nil, err
|
|
}
|
|
for _, f := range list {
|
|
fullPath := fmt.Sprintf("%s/%s", path, f)
|
|
data, err := c.File(ctx, u, r, p, fullPath)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
all = append(all, &forge_types.FileMeta{Name: fullPath, Data: data})
|
|
}
|
|
if resp.LastPage {
|
|
break
|
|
}
|
|
opts.Start = resp.NextPageStart
|
|
}
|
|
return all, nil
|
|
}
|
|
|
|
func (c *client) Status(ctx context.Context, u *model.User, repo *model.Repo, pipeline *model.Pipeline, workflow *model.Workflow) error {
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
status := &bb.BuildStatus{
|
|
State: convertStatus(pipeline.Status),
|
|
URL: common.GetPipelineStatusURL(repo, pipeline, workflow),
|
|
Key: common.GetPipelineStatusContext(repo, pipeline, workflow),
|
|
Description: common.GetPipelineStatusDescription(pipeline.Status),
|
|
}
|
|
_, err = bc.Projects.CreateBuildStatus(ctx, repo.Owner, repo.Name, pipeline.Commit, status)
|
|
return err
|
|
}
|
|
|
|
func (c *client) Netrc(_ *model.User, r *model.Repo) (*model.Netrc, error) {
|
|
host, err := common.ExtractHostFromCloneURL(r.Clone)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
return &model.Netrc{
|
|
Login: c.username,
|
|
Password: c.password,
|
|
Machine: host,
|
|
}, nil
|
|
}
|
|
|
|
// Branches returns the names of all branches for the named repository.
|
|
func (c *client) Branches(ctx context.Context, u *model.User, r *model.Repo, p *model.ListOptions) ([]string, error) {
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
opts := &bb.BranchSearchOptions{ListOptions: convertListOptions(p)}
|
|
all := make([]string, 0)
|
|
for {
|
|
branches, resp, err := bc.Projects.SearchBranches(ctx, r.Owner, r.Name, opts)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to list branches: %w", err)
|
|
}
|
|
for _, b := range branches {
|
|
all = append(all, b.DisplayID)
|
|
}
|
|
if !p.All || resp.LastPage {
|
|
break
|
|
}
|
|
opts.Start = resp.NextPageStart
|
|
}
|
|
|
|
return all, nil
|
|
}
|
|
|
|
func (c *client) BranchHead(ctx context.Context, u *model.User, r *model.Repo, b string) (*model.Commit, error) {
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
branches, _, err := bc.Projects.SearchBranches(ctx, r.Owner, r.Name, &bb.BranchSearchOptions{Filter: b})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if len(branches) == 0 {
|
|
return nil, fmt.Errorf("no matching branches returned")
|
|
}
|
|
for _, branch := range branches {
|
|
if branch.DisplayID == b {
|
|
return &model.Commit{
|
|
SHA: branch.LatestCommit,
|
|
ForgeURL: fmt.Sprintf("%s/commits/%s", r.ForgeURL, branch.LatestCommit),
|
|
}, nil
|
|
}
|
|
}
|
|
return nil, fmt.Errorf("no matching branches found")
|
|
}
|
|
|
|
func (c *client) PullRequests(ctx context.Context, u *model.User, r *model.Repo, p *model.ListOptions) ([]*model.PullRequest, error) {
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
opts := &bb.PullRequestSearchOptions{ListOptions: convertListOptions(p)}
|
|
all := make([]*model.PullRequest, 0)
|
|
for {
|
|
prs, resp, err := bc.Projects.SearchPullRequests(ctx, r.Owner, r.Name, opts)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to list pull-requests: %w", err)
|
|
}
|
|
for _, pr := range prs {
|
|
all = append(all, &model.PullRequest{Index: convertID(pr.ID), Title: pr.Title})
|
|
}
|
|
if !p.All || resp.LastPage {
|
|
break
|
|
}
|
|
opts.Start = resp.NextPageStart
|
|
}
|
|
|
|
return all, nil
|
|
}
|
|
|
|
func (c *client) Activate(ctx context.Context, u *model.User, r *model.Repo, link string) error {
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
err = c.Deactivate(ctx, u, r, link)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to deactivate old webhooks: %w", err)
|
|
}
|
|
|
|
webhook := &bb.Webhook{
|
|
Name: "Woodpecker",
|
|
URL: link,
|
|
Events: []bb.EventKey{bb.EventKeyRepoRefsChanged, bb.EventKeyPullRequestFrom, bb.EventKeyPullRequestMerged, bb.EventKeyPullRequestDeclined, bb.EventKeyPullRequestDeleted},
|
|
Active: true,
|
|
Config: &bb.WebhookConfiguration{
|
|
Secret: r.Hash,
|
|
},
|
|
}
|
|
_, _, err = bc.Projects.CreateWebhook(ctx, r.Owner, r.Name, webhook)
|
|
return err
|
|
}
|
|
|
|
func (c *client) Deactivate(ctx context.Context, u *model.User, r *model.Repo, link string) error {
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
lu, err := url.Parse(link)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
opts := &bb.ListOptions{}
|
|
var ids []uint64
|
|
for {
|
|
hooks, resp, err := bc.Projects.ListWebhooks(ctx, r.Owner, r.Name, opts)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for _, h := range hooks {
|
|
hu, err := url.Parse(h.URL)
|
|
if err == nil && hu.Host == lu.Host {
|
|
ids = append(ids, h.ID)
|
|
}
|
|
}
|
|
if resp.LastPage {
|
|
break
|
|
}
|
|
opts.Start = resp.NextPageStart
|
|
}
|
|
|
|
for _, id := range ids {
|
|
_, err = bc.Projects.DeleteWebhook(ctx, r.Owner, r.Name, id)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c *client) Hook(ctx context.Context, r *http.Request) (*model.Repo, *model.Pipeline, error) {
|
|
ev, payload, err := bb.ParsePayloadWithoutSignature(r)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("unable to parse payload from webhook invocation: %w", err)
|
|
}
|
|
|
|
var repo *model.Repo
|
|
var pipe *model.Pipeline
|
|
switch e := ev.(type) {
|
|
case *bb.RepositoryPushEvent:
|
|
repo = convertRepo(&e.Repository, nil, "")
|
|
pipe = convertRepositoryPushEvent(e, c.url)
|
|
case *bb.PullRequestEvent:
|
|
repo = convertRepo(&e.PullRequest.Source.Repository, nil, "")
|
|
pipe = convertPullRequestEvent(e, c.url)
|
|
default:
|
|
return nil, nil, nil
|
|
}
|
|
|
|
user, repo, err := c.getUserAndRepo(ctx, repo)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
err = bb.ValidateSignature(r, payload, []byte(repo.Hash))
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("unable to validate signature on incoming webhook payload: %w", err)
|
|
}
|
|
|
|
pipe, err = c.updatePipelineFromCommit(ctx, user, repo, pipe)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
if pipe == nil {
|
|
return nil, nil, nil
|
|
}
|
|
|
|
return repo, pipe, nil
|
|
}
|
|
|
|
func (c *client) getUserAndRepo(ctx context.Context, r *model.Repo) (*model.User, *model.Repo, error) {
|
|
_store, ok := store.TryFromContext(ctx)
|
|
if !ok {
|
|
log.Error().Msg("could not get store from context")
|
|
return nil, nil, fmt.Errorf("unable to get store from context")
|
|
}
|
|
|
|
repo, err := _store.GetRepoForgeID(r.ForgeRemoteID)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("unable to get repo: %w", err)
|
|
}
|
|
log.Trace().Any("repo", repo).Msg("got repo")
|
|
|
|
user, err := _store.GetUser(repo.UserID)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("unable to get user: %w", err)
|
|
}
|
|
log.Trace().Any("user", user).Msg("got user")
|
|
|
|
forge.Refresh(ctx, c, _store, user)
|
|
|
|
return user, repo, nil
|
|
}
|
|
|
|
func (c *client) updatePipelineFromCommit(ctx context.Context, u *model.User, r *model.Repo, p *model.Pipeline) (*model.Pipeline, error) {
|
|
if p == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
bc, err := c.newClient(ctx, u)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to create bitbucket client: %w", err)
|
|
}
|
|
|
|
commit, _, err := bc.Projects.GetCommit(ctx, r.Owner, r.Name, p.Commit)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to read commit: %w", err)
|
|
}
|
|
p.Message = commit.Message
|
|
|
|
opts := &bb.ListOptions{}
|
|
for {
|
|
changes, resp, err := bc.Projects.ListChanges(ctx, r.Owner, r.Name, p.Commit, opts)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to list commit changes: %w", err)
|
|
}
|
|
for _, ch := range changes {
|
|
p.ChangedFiles = append(p.ChangedFiles, ch.Path.Title)
|
|
}
|
|
if resp.LastPage {
|
|
break
|
|
}
|
|
opts.Start = resp.NextPageStart
|
|
}
|
|
|
|
return p, nil
|
|
}
|
|
|
|
// Teams is not supported.
|
|
func (*client) Teams(_ context.Context, _ *model.User) ([]*model.Team, error) {
|
|
var teams []*model.Team
|
|
return teams, nil
|
|
}
|
|
|
|
// TeamPerm is not supported.
|
|
func (*client) TeamPerm(_ *model.User, _ string) (*model.Perm, error) {
|
|
return nil, nil
|
|
}
|
|
|
|
// OrgMembership returns if user is member of organization and if user
|
|
// is admin/owner in this organization.
|
|
func (c *client) OrgMembership(_ context.Context, _ *model.User, _ string) (*model.OrgPerm, error) {
|
|
// TODO: Not implemented currently
|
|
return nil, nil
|
|
}
|
|
|
|
// Org fetches the organization from the forge by name. If the name is a user an org with type user is returned.
|
|
func (c *client) Org(_ context.Context, _ *model.User, owner string) (*model.Org, error) {
|
|
if strings.HasPrefix(owner, "~") {
|
|
return &model.Org{
|
|
Name: owner,
|
|
IsUser: true,
|
|
}, nil
|
|
}
|
|
return &model.Org{
|
|
Name: owner,
|
|
IsUser: false,
|
|
}, nil
|
|
}
|
|
|
|
func (c *client) newOAuth2Config() *oauth2.Config {
|
|
publicOAuthURL := c.oauthHost
|
|
if publicOAuthURL == "" {
|
|
publicOAuthURL = c.urlAPI
|
|
}
|
|
|
|
return &oauth2.Config{
|
|
ClientID: c.clientID,
|
|
ClientSecret: c.clientSecret,
|
|
Endpoint: oauth2.Endpoint{
|
|
AuthURL: fmt.Sprintf("%s/oauth2/latest/authorize", publicOAuthURL),
|
|
TokenURL: fmt.Sprintf("%s/oauth2/latest/token", c.urlAPI),
|
|
},
|
|
Scopes: []string{string(bb.PermissionRepoRead), string(bb.PermissionRepoWrite), string(bb.PermissionRepoAdmin)},
|
|
RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
|
|
}
|
|
}
|
|
|
|
func (c *client) newClient(ctx context.Context, u *model.User) (*bb.Client, error) {
|
|
config := c.newOAuth2Config()
|
|
t := &oauth2.Token{
|
|
AccessToken: u.AccessToken,
|
|
}
|
|
client := config.Client(ctx, t)
|
|
return bb.NewClient(c.urlAPI, client)
|
|
}
|