mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-01-24 08:08:38 +00:00
304 lines
7.6 KiB
Go
304 lines
7.6 KiB
Go
package gitlab
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"net/url"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"code.google.com/p/goauth2/oauth"
|
|
"github.com/Bugagazavr/go-gitlab-client"
|
|
"github.com/drone/drone/shared/httputil"
|
|
"github.com/drone/drone/shared/model"
|
|
)
|
|
|
|
type Gitlab struct {
|
|
url string
|
|
SkipVerify bool
|
|
Open bool
|
|
Client string
|
|
Secret string
|
|
}
|
|
|
|
func New(url string, skipVerify, open bool, client, secret string) *Gitlab {
|
|
return &Gitlab{
|
|
url: url,
|
|
SkipVerify: skipVerify,
|
|
Open: open,
|
|
Client: client,
|
|
Secret: secret,
|
|
}
|
|
}
|
|
|
|
// Authorize handles authentication with thrid party remote systems,
|
|
// such as github or bitbucket, and returns user data.
|
|
func (r *Gitlab) Authorize(res http.ResponseWriter, req *http.Request) (*model.Login, error) {
|
|
host := httputil.GetURL(req)
|
|
config := NewOauthConfig(r, host)
|
|
|
|
var code = req.FormValue("code")
|
|
var state = req.FormValue("state")
|
|
|
|
if len(code) == 0 {
|
|
var random = GetRandom()
|
|
httputil.SetCookie(res, req, "gitlab_state", random)
|
|
http.Redirect(res, req, config.AuthCodeURL(random), http.StatusSeeOther)
|
|
return nil, nil
|
|
}
|
|
|
|
cookieState := httputil.GetCookie(req, "gitlab_state")
|
|
httputil.DelCookie(res, req, "gitlab_state")
|
|
if cookieState != state {
|
|
return nil, fmt.Errorf("Error matching state in OAuth2 redirect")
|
|
}
|
|
|
|
var trans = &oauth.Transport{
|
|
Config: config,
|
|
Transport: &http.Transport{
|
|
Proxy: http.ProxyFromEnvironment,
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: r.SkipVerify},
|
|
},
|
|
}
|
|
var token, err = trans.Exchange(code)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error exchanging token. %s", err)
|
|
}
|
|
|
|
var client = NewClient(r.url, token.AccessToken, r.SkipVerify)
|
|
|
|
var user, errr = client.CurrentUser()
|
|
if errr != nil {
|
|
return nil, fmt.Errorf("Error retrieving current user. %s", errr)
|
|
}
|
|
|
|
var login = new(model.Login)
|
|
login.ID = int64(user.Id)
|
|
login.Access = token.AccessToken
|
|
login.Secret = token.RefreshToken
|
|
login.Login = user.Username
|
|
login.Email = user.Email
|
|
return login, nil
|
|
}
|
|
|
|
// GetKind returns the identifier of this remote GitHub instane.
|
|
func (r *Gitlab) GetKind() string {
|
|
return model.RemoteGitlab
|
|
}
|
|
|
|
// GetHost returns the hostname of this remote GitHub instance.
|
|
func (r *Gitlab) GetHost() string {
|
|
uri, _ := url.Parse(r.url)
|
|
return uri.Host
|
|
}
|
|
|
|
// GetRepos fetches all repositories that the specified
|
|
// user has access to in the remote system.
|
|
func (r *Gitlab) GetRepos(user *model.User) ([]*model.Repo, error) {
|
|
|
|
var repos []*model.Repo
|
|
var client = NewClient(r.url, user.Access, r.SkipVerify)
|
|
var list, err = client.AllProjects()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var remote = r.GetKind()
|
|
var hostname = r.GetHost()
|
|
|
|
for _, item := range list {
|
|
var repo = model.Repo{
|
|
UserID: user.ID,
|
|
Remote: remote,
|
|
Host: hostname,
|
|
Owner: item.Namespace.Path,
|
|
Name: item.Path,
|
|
Private: !item.Public,
|
|
CloneURL: item.HttpRepoUrl,
|
|
GitURL: item.HttpRepoUrl,
|
|
SSHURL: item.SshRepoUrl,
|
|
URL: item.Url,
|
|
Role: &model.Perm{},
|
|
}
|
|
|
|
if repo.Private {
|
|
repo.CloneURL = repo.SSHURL
|
|
}
|
|
|
|
// if the user is the owner we can assume full access,
|
|
// otherwise check for the permission items.
|
|
if repo.Owner == user.Login {
|
|
repo.Role = new(model.Perm)
|
|
repo.Role.Admin = true
|
|
repo.Role.Write = true
|
|
repo.Role.Read = true
|
|
} else {
|
|
// Fetch current project
|
|
project, err := client.Project(strconv.Itoa(item.Id))
|
|
if err != nil || project.Permissions == nil {
|
|
continue
|
|
}
|
|
repo.Role.Admin = IsAdmin(project)
|
|
repo.Role.Write = IsWrite(project)
|
|
repo.Role.Read = IsRead(project)
|
|
}
|
|
|
|
repos = append(repos, &repo)
|
|
}
|
|
|
|
return repos, err
|
|
}
|
|
|
|
// GetScript fetches the build script (.drone.yml) from the remote
|
|
// repository and returns in string format.
|
|
func (r *Gitlab) GetScript(user *model.User, repo *model.Repo, hook *model.Hook) ([]byte, error) {
|
|
var client = NewClient(r.url, user.Access, r.SkipVerify)
|
|
var path = ns(repo.Owner, repo.Name)
|
|
return client.RepoRawFile(path, hook.Sha, ".drone.yml")
|
|
}
|
|
|
|
// Activate activates a repository by adding a Post-commit hook and
|
|
// a Public Deploy key, if applicable.
|
|
func (r *Gitlab) Activate(user *model.User, repo *model.Repo, link string) error {
|
|
var client = NewClient(r.url, user.Access, r.SkipVerify)
|
|
var path = ns(repo.Owner, repo.Name)
|
|
var title, err = GetKeyTitle(link)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// if the repository is private we'll need
|
|
// to upload a github key to the repository
|
|
if repo.Private {
|
|
var err = client.AddProjectDeployKey(path, title, repo.PublicKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
// append the repo owner / name to the hook url since gitlab
|
|
// doesn't send this detail in the post-commit hook
|
|
link += "?owner=" + repo.Owner + "&name=" + repo.Name
|
|
|
|
// add the hook
|
|
return client.AddProjectHook(path, link, true, false, true, false)
|
|
}
|
|
|
|
// Deactivate removes a repository by removing all the post-commit hooks
|
|
// which are equal to link and removing the SSH deploy key.
|
|
func (r *Gitlab) Deactivate(user *model.User, repo *model.Repo, link string) error {
|
|
var client = NewClient(r.url, user.Access, r.SkipVerify)
|
|
var path = ns(repo.Owner, repo.Name)
|
|
|
|
keys, err := client.ProjectDeployKeys(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
var pubkey = strings.TrimSpace(repo.PublicKey)
|
|
for _, k := range keys {
|
|
if pubkey == strings.TrimSpace(k.Key) {
|
|
if err := client.RemoveProjectDeployKey(path, strconv.Itoa(k.Id)); err != nil {
|
|
return err
|
|
}
|
|
break
|
|
}
|
|
}
|
|
hooks, err := client.ProjectHooks(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
link += "?owner=" + repo.Owner + "&name=" + repo.Name
|
|
for _, h := range hooks {
|
|
if link == h.Url {
|
|
if err := client.RemoveProjectHook(path, strconv.Itoa(h.Id)); err != nil {
|
|
return err
|
|
}
|
|
break
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ParseHook parses the post-commit hook from the Request body
|
|
// and returns the required data in a standard format.
|
|
func (r *Gitlab) ParseHook(req *http.Request) (*model.Hook, error) {
|
|
|
|
defer req.Body.Close()
|
|
var payload, _ = ioutil.ReadAll(req.Body)
|
|
var parsed, err = gogitlab.ParseHook(payload)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(parsed.After) == 0 || parsed.TotalCommitsCount == 0 {
|
|
return nil, nil
|
|
}
|
|
|
|
if parsed.ObjectKind == "merge_request" {
|
|
// TODO (bradrydzewski) figure out how to handle merge requests
|
|
return nil, nil
|
|
}
|
|
|
|
if len(parsed.After) == 0 {
|
|
return nil, nil
|
|
}
|
|
|
|
var hook = new(model.Hook)
|
|
hook.Owner = req.FormValue("owner")
|
|
hook.Repo = req.FormValue("name")
|
|
hook.Sha = parsed.After
|
|
hook.Branch = parsed.Branch()
|
|
|
|
var head = parsed.Head()
|
|
hook.Message = head.Message
|
|
hook.Timestamp = head.Timestamp
|
|
|
|
// extracts the commit author (ideally email)
|
|
// from the post-commit hook
|
|
switch {
|
|
case head.Author != nil:
|
|
hook.Author = head.Author.Email
|
|
case head.Author == nil:
|
|
hook.Author = parsed.UserName
|
|
}
|
|
|
|
return hook, nil
|
|
}
|
|
|
|
func (r *Gitlab) OpenRegistration() bool {
|
|
return r.Open
|
|
}
|
|
|
|
func (r *Gitlab) GetToken(user *model.User) (*model.Token, error) {
|
|
expiry := time.Unix(user.TokenExpiry, 0)
|
|
if user.TokenExpiry == 0 && len(user.Access) != 0 ||
|
|
expiry.Sub(time.Now()) > (60*time.Second) {
|
|
return nil, nil
|
|
}
|
|
|
|
t := &oauth.Transport{
|
|
Config: NewOauthConfig(r, ""),
|
|
Token: &oauth.Token{
|
|
AccessToken: user.Access,
|
|
RefreshToken: user.Secret,
|
|
Expiry: expiry,
|
|
},
|
|
Transport: &http.Transport{
|
|
Proxy: http.ProxyFromEnvironment,
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: r.SkipVerify},
|
|
},
|
|
}
|
|
|
|
if err := t.Refresh(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var token = new(model.Token)
|
|
token.AccessToken = t.Token.AccessToken
|
|
token.RefreshToken = t.Token.RefreshToken
|
|
token.Expiry = t.Token.Expiry.Unix()
|
|
return token, nil
|
|
}
|