348 lines
10 KiB
Go
348 lines
10 KiB
Go
// Copyright 2018 Drone.IO Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package coding
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/drone/drone/model"
|
|
"github.com/drone/drone/remote"
|
|
"github.com/drone/drone/remote/coding/internal"
|
|
"github.com/drone/drone/shared/httputil"
|
|
|
|
"golang.org/x/net/context"
|
|
"golang.org/x/oauth2"
|
|
)
|
|
|
|
const (
|
|
defaultURL = "https://coding.net" // Default Coding URL
|
|
)
|
|
|
|
// Opts defines configuration options.
|
|
type Opts struct {
|
|
URL string // Coding server url.
|
|
Client string // Coding oauth client id.
|
|
Secret string // Coding oauth client secret.
|
|
Scopes []string // Coding oauth scopes.
|
|
Machine string // Optional machine name.
|
|
Username string // Optional machine account username.
|
|
Password string // Optional machine account password.
|
|
SkipVerify bool // Skip ssl verification.
|
|
}
|
|
|
|
// New returns a Remote implementation that integrates with a Coding Platform or
|
|
// Coding Enterprise version control hosting provider.
|
|
func New(opts Opts) (remote.Remote, error) {
|
|
remote := &Coding{
|
|
URL: defaultURL,
|
|
Client: opts.Client,
|
|
Secret: opts.Secret,
|
|
Scopes: opts.Scopes,
|
|
Machine: opts.Machine,
|
|
Username: opts.Username,
|
|
Password: opts.Password,
|
|
SkipVerify: opts.SkipVerify,
|
|
}
|
|
if opts.URL != defaultURL {
|
|
remote.URL = strings.TrimSuffix(opts.URL, "/")
|
|
}
|
|
|
|
// Hack to enable oauth2 access in coding's implementation
|
|
oauth2.RegisterBrokenAuthHeaderProvider(remote.URL)
|
|
return remote, nil
|
|
}
|
|
|
|
type Coding struct {
|
|
URL string
|
|
Client string
|
|
Secret string
|
|
Scopes []string
|
|
Machine string
|
|
Username string
|
|
Password string
|
|
SkipVerify bool
|
|
}
|
|
|
|
// Login authenticates the session and returns the
|
|
// remote user details.
|
|
func (c *Coding) Login(res http.ResponseWriter, req *http.Request) (*model.User, error) {
|
|
config := c.newConfig(httputil.GetURL(req))
|
|
|
|
// get the OAuth errors
|
|
if err := req.FormValue("error"); err != "" {
|
|
return nil, &remote.AuthError{
|
|
Err: err,
|
|
Description: req.FormValue("error_description"),
|
|
URI: req.FormValue("error_uri"),
|
|
}
|
|
}
|
|
|
|
// get the OAuth code
|
|
code := req.FormValue("code")
|
|
if len(code) == 0 {
|
|
http.Redirect(res, req, config.AuthCodeURL("drone"), http.StatusSeeOther)
|
|
return nil, nil
|
|
}
|
|
|
|
token, err := config.Exchange(c.newContext(), code)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
user, err := c.newClientToken(token.AccessToken, token.RefreshToken).GetCurrentUser()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &model.User{
|
|
Login: user.GlobalKey,
|
|
Email: user.Email,
|
|
Token: token.AccessToken,
|
|
Secret: token.RefreshToken,
|
|
Expiry: token.Expiry.UTC().Unix(),
|
|
Avatar: c.resourceLink(user.Avatar),
|
|
}, nil
|
|
}
|
|
|
|
// Auth authenticates the session and returns the remote user
|
|
// login for the given token and secret
|
|
func (c *Coding) Auth(token, secret string) (string, error) {
|
|
user, err := c.newClientToken(token, secret).GetCurrentUser()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return user.GlobalKey, nil
|
|
}
|
|
|
|
// Refresh refreshes an oauth token and expiration for the given
|
|
// user. It returns true if the token was refreshed, false if the
|
|
// token was not refreshed, and error if it failed to refersh.
|
|
func (c *Coding) Refresh(u *model.User) (bool, error) {
|
|
config := c.newConfig("")
|
|
source := config.TokenSource(c.newContext(), &oauth2.Token{RefreshToken: u.Secret})
|
|
token, err := source.Token()
|
|
if err != nil || len(token.AccessToken) == 0 {
|
|
return false, err
|
|
}
|
|
|
|
u.Token = token.AccessToken
|
|
u.Secret = token.RefreshToken
|
|
u.Expiry = token.Expiry.UTC().Unix()
|
|
return true, nil
|
|
}
|
|
|
|
// Teams fetches a list of team memberships from the remote system.
|
|
func (c *Coding) Teams(u *model.User) ([]*model.Team, error) {
|
|
// EMPTY: not implemented in Coding OAuth API
|
|
return nil, nil
|
|
}
|
|
|
|
// TeamPerm fetches the named organization permissions from
|
|
// the remote system for the specified user.
|
|
func (c *Coding) TeamPerm(u *model.User, org string) (*model.Perm, error) {
|
|
// EMPTY: not implemented in Coding OAuth API
|
|
return nil, nil
|
|
}
|
|
|
|
// Repo fetches the named repository from the remote system.
|
|
func (c *Coding) Repo(u *model.User, owner, repo string) (*model.Repo, error) {
|
|
project, err := c.newClient(u).GetProject(owner, repo)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
depot, err := c.newClient(u).GetDepot(owner, repo)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &model.Repo{
|
|
Owner: project.Owner,
|
|
Name: project.Name,
|
|
FullName: projectFullName(project.Owner, project.Name),
|
|
Avatar: c.resourceLink(project.Icon),
|
|
Link: c.resourceLink(project.DepotPath),
|
|
Kind: model.RepoGit,
|
|
Clone: project.HttpsURL,
|
|
Branch: depot.DefaultBranch,
|
|
IsPrivate: !project.IsPublic,
|
|
}, nil
|
|
}
|
|
|
|
// Repos fetches a list of repos from the remote system.
|
|
func (c *Coding) Repos(u *model.User) ([]*model.Repo, error) {
|
|
projectList, err := c.newClient(u).GetProjectList()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
repos := make([]*model.Repo, 0)
|
|
for _, project := range projectList {
|
|
depot, err := c.newClient(u).GetDepot(project.Owner, project.Name)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
repo := &model.Repo{
|
|
Owner: project.Owner,
|
|
Name: project.Name,
|
|
FullName: projectFullName(project.Owner, project.Name),
|
|
Avatar: c.resourceLink(project.Icon),
|
|
Link: c.resourceLink(project.DepotPath),
|
|
Kind: model.RepoGit,
|
|
Clone: project.HttpsURL,
|
|
Branch: depot.DefaultBranch,
|
|
IsPrivate: !project.IsPublic,
|
|
}
|
|
repos = append(repos, repo)
|
|
}
|
|
return repos, nil
|
|
}
|
|
|
|
// Perm fetches the named repository permissions from
|
|
// the remote system for the specified user.
|
|
func (c *Coding) Perm(u *model.User, owner, repo string) (*model.Perm, error) {
|
|
project, err := c.newClient(u).GetProject(owner, repo)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if project.Role == "owner" || project.Role == "admin" {
|
|
return &model.Perm{Pull: true, Push: true, Admin: true}, nil
|
|
}
|
|
if project.Role == "member" {
|
|
return &model.Perm{Pull: true, Push: true, Admin: false}, nil
|
|
}
|
|
return &model.Perm{Pull: false, Push: false, Admin: false}, nil
|
|
}
|
|
|
|
// File fetches a file from the remote repository and returns in string
|
|
// format.
|
|
func (c *Coding) File(u *model.User, r *model.Repo, b *model.Build, f string) ([]byte, error) {
|
|
data, err := c.newClient(u).GetFile(r.Owner, r.Name, b.Commit, f)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return data, nil
|
|
}
|
|
|
|
// FileRef fetches a file from the remote repository for the given ref
|
|
// and returns in string format.
|
|
func (c *Coding) FileRef(u *model.User, r *model.Repo, ref, f string) ([]byte, error) {
|
|
data, err := c.newClient(u).GetFile(r.Owner, r.Name, ref, f)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return data, nil
|
|
}
|
|
|
|
// Status sends the commit status to the remote system.
|
|
func (c *Coding) Status(u *model.User, r *model.Repo, b *model.Build, link string) error {
|
|
// EMPTY: not implemented in Coding OAuth API
|
|
return nil
|
|
}
|
|
|
|
// Netrc returns a .netrc file that can be used to clone
|
|
// private repositories from a remote system.
|
|
func (c *Coding) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) {
|
|
if c.Password != "" {
|
|
return &model.Netrc{
|
|
Login: c.Username,
|
|
Password: c.Password,
|
|
Machine: c.Machine,
|
|
}, nil
|
|
}
|
|
return &model.Netrc{
|
|
Login: u.Token,
|
|
Password: "x-oauth-basic",
|
|
Machine: c.Machine,
|
|
}, nil
|
|
}
|
|
|
|
// Activate activates a repository by creating the post-commit hook.
|
|
func (c *Coding) Activate(u *model.User, r *model.Repo, link string) error {
|
|
return c.newClient(u).AddWebhook(r.Owner, r.Name, link)
|
|
}
|
|
|
|
// Deactivate deactivates a repository by removing all previously created
|
|
// post-commit hooks matching the given link.
|
|
func (c *Coding) Deactivate(u *model.User, r *model.Repo, link string) error {
|
|
return c.newClient(u).RemoveWebhook(r.Owner, r.Name, link)
|
|
}
|
|
|
|
// Hook parses the post-commit hook from the Request body and returns the
|
|
// required data in a standard format.
|
|
func (c *Coding) Hook(r *http.Request) (*model.Repo, *model.Build, error) {
|
|
repo, build, err := parseHook(r)
|
|
if build != nil {
|
|
build.Avatar = c.resourceLink(build.Avatar)
|
|
}
|
|
return repo, build, err
|
|
}
|
|
|
|
// helper function to return the Coding oauth2 context using an HTTPClient that
|
|
// disables TLS verification if disabled in the remote settings.
|
|
func (c *Coding) newContext() context.Context {
|
|
if !c.SkipVerify {
|
|
return oauth2.NoContext
|
|
}
|
|
return context.WithValue(nil, oauth2.HTTPClient, &http.Client{
|
|
Transport: &http.Transport{
|
|
Proxy: http.ProxyFromEnvironment,
|
|
TLSClientConfig: &tls.Config{
|
|
InsecureSkipVerify: true,
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
// helper function to return the Coding oauth2 config
|
|
func (c *Coding) newConfig(redirect string) *oauth2.Config {
|
|
return &oauth2.Config{
|
|
ClientID: c.Client,
|
|
ClientSecret: c.Secret,
|
|
Scopes: []string{strings.Join(c.Scopes, ",")},
|
|
Endpoint: oauth2.Endpoint{
|
|
AuthURL: fmt.Sprintf("%s/oauth_authorize.html", c.URL),
|
|
TokenURL: fmt.Sprintf("%s/api/oauth/access_token_v2", c.URL),
|
|
},
|
|
RedirectURL: fmt.Sprintf("%s/authorize", redirect),
|
|
}
|
|
}
|
|
|
|
// helper function to return the Coding oauth2 client
|
|
func (c *Coding) newClient(u *model.User) *internal.Client {
|
|
return c.newClientToken(u.Token, u.Secret)
|
|
}
|
|
|
|
// helper function to return the Coding oauth2 client
|
|
func (c *Coding) newClientToken(token, secret string) *internal.Client {
|
|
client := &http.Client{
|
|
Transport: &http.Transport{
|
|
Proxy: http.ProxyFromEnvironment,
|
|
TLSClientConfig: &tls.Config{
|
|
InsecureSkipVerify: c.SkipVerify,
|
|
},
|
|
},
|
|
}
|
|
return internal.NewClient(c.URL, "/api", token, "drone", client)
|
|
}
|
|
|
|
func (c *Coding) resourceLink(resourcePath string) string {
|
|
if strings.HasPrefix(resourcePath, "http") {
|
|
return resourcePath
|
|
}
|
|
return c.URL + resourcePath
|
|
}
|