woodpecker/server/api/user.go

// Copyright 2018 Drone.IO Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package api

import (
	"encoding/base32"
	"net/http"
	"strconv"
	"time"

	"github.com/gin-gonic/gin"
	"github.com/gorilla/securecookie"
	"github.com/rs/zerolog/log"

	"github.com/woodpecker-ci/woodpecker/server/model"
	"github.com/woodpecker-ci/woodpecker/server/remote"
	"github.com/woodpecker-ci/woodpecker/server/router/middleware/session"
	"github.com/woodpecker-ci/woodpecker/server/shared"
	"github.com/woodpecker-ci/woodpecker/server/store"
	"github.com/woodpecker-ci/woodpecker/shared/token"
)

func GetSelf(c *gin.Context) {
	c.JSON(200, session.User(c))
}

func GetFeed(c *gin.Context) {
	store_ := store.FromContext(c)
	remote_ := remote.FromContext(c)

	user := session.User(c)
	latest, _ := strconv.ParseBool(c.Query("latest"))

	if time.Unix(user.Synced, 0).Add(time.Hour * 72).Before(time.Now()) {
		log.Debug().Msgf("sync begin: %s", user.Login)

		user.Synced = time.Now().Unix()
		if err := store_.UpdateUser(user); err != nil {
			log.Error().Err(err).Msg("UpdateUser")
			return
		}

		config := ToConfig(c)

		sync := shared.Syncer{
			Remote: remote_,
			Store:  store_,
			Perms:  store_,
			Match:  shared.NamespaceFilter(config.OwnersWhitelist),
		}
		if err := sync.Sync(c, user); err != nil {
			log.Debug().Msgf("sync error: %s: %s", user.Login, err)
		} else {
			log.Debug().Msgf("sync complete: %s", user.Login)
		}
	}

	if latest {
		feed, err := store_.RepoListLatest(user)
		if err != nil {
			c.String(500, "Error fetching feed. %s", err)
		} else {
			c.JSON(200, feed)
		}
		return
	}

	feed, err := store_.UserFeed(user)
	if err != nil {
		c.String(500, "Error fetching user feed. %s", err)
		return
	}
	c.JSON(200, feed)
}

func GetRepos(c *gin.Context) {
	store_ := store.FromContext(c)
	remote_ := remote.FromContext(c)

	user := session.User(c)
	all, _ := strconv.ParseBool(c.Query("all"))
	flush, _ := strconv.ParseBool(c.Query("flush"))

	if flush || time.Unix(user.Synced, 0).Add(time.Hour*72).Before(time.Now()) {
		log.Debug().Msgf("sync begin: %s", user.Login)
		user.Synced = time.Now().Unix()
		if err := store_.UpdateUser(user); err != nil {
			log.Err(err).Msgf("update user '%s'", user.Login)
			return
		}

		config := ToConfig(c)

		sync := shared.Syncer{
			Remote: remote_,
			Store:  store_,
			Perms:  store_,
			Match:  shared.NamespaceFilter(config.OwnersWhitelist),
		}

		if err := sync.Sync(c, user); err != nil {
			log.Debug().Msgf("sync error: %s: %s", user.Login, err)
		} else {
			log.Debug().Msgf("sync complete: %s", user.Login)
		}
	}

	repos, err := store_.RepoList(user, true)
	if err != nil {
		c.String(500, "Error fetching repository list. %s", err)
		return
	}

	if all {
		c.JSON(http.StatusOK, repos)
		return
	}

	var active []*model.Repo
	for _, repo := range repos {
		if repo.IsActive {
			active = append(active, repo)
		}
	}
	c.JSON(http.StatusOK, active)
}

func PostToken(c *gin.Context) {
	user := session.User(c)
	tokenString, err := token.New(token.UserToken, user.Login).Sign(user.Hash)
	if err != nil {
		_ = c.AbortWithError(http.StatusInternalServerError, err)
		return
	}
	c.String(http.StatusOK, tokenString)
}

func DeleteToken(c *gin.Context) {
	store_ := store.FromContext(c)

	user := session.User(c)
	user.Hash = base32.StdEncoding.EncodeToString(
		securecookie.GenerateRandomKey(32),
	)
	if err := store_.UpdateUser(user); err != nil {
		c.String(500, "Error revoking tokens. %s", err)
		return
	}

	tokenString, err := token.New(token.UserToken, user.Login).Sign(user.Hash)
	if err != nil {
		_ = c.AbortWithError(http.StatusInternalServerError, err)
		return
	}
	c.String(http.StatusOK, tokenString)
}
add apache license header to files 2018-02-20 00:24:10 +02:00			`// Copyright 2018 Drone.IO Inc.`
Just fixed format with go fmt ./... 2018-03-21 15:02:17 +02:00			`//`
add apache license header to files 2018-02-20 00:24:10 +02:00			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
Just fixed format with go fmt ./... 2018-03-21 15:02:17 +02:00			`//`
add apache license header to files 2018-02-20 00:24:10 +02:00			`// http://www.apache.org/licenses/LICENSE-2.0`
Just fixed format with go fmt ./... 2018-03-21 15:02:17 +02:00			`//`
add apache license header to files 2018-02-20 00:24:10 +02:00			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

Reorganize code into server/{api,grpc,shared} packages (#337) * move api code to server/api * move grpc server for agent communication to server/grpc * move server.Config to server/config.go as it is used by both server/api and server/grpc * move shared code used by server/api and server/grpc to server/shared 2021-09-22 20:48:01 +02:00			`package api`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00
			`import (`
removed import that was mistakenly auto-added 2016-05-03 02:52:34 +02:00			`"encoding/base32"`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`"net/http"`
ability to flush user repo cache 2016-06-14 22:07:05 +02:00			`"strconv"`
implement sync logic 2017-07-14 21:58:38 +02:00			`"time"`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00
			`"github.com/gin-gonic/gin"`
removed import that was mistakenly auto-added 2016-05-03 02:52:34 +02:00			`"github.com/gorilla/securecookie"`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 09:25:13 +02:00			`"github.com/rs/zerolog/log"`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00
Refactor: move model/ to server/model/ (#366) 2021-09-27 19:51:55 +02:00			`"github.com/woodpecker-ci/woodpecker/server/model"`
Refactor: move remote/ to server/remote/ (#344) 2021-09-23 18:25:51 +02:00			`"github.com/woodpecker-ci/woodpecker/server/remote"`
Move router package to server/router/ (#339) 2021-09-22 22:41:32 +02:00			`"github.com/woodpecker-ci/woodpecker/server/router/middleware/session"`
Reorganize code into server/{api,grpc,shared} packages (#337) * move api code to server/api * move grpc server for agent communication to server/grpc * move server.Config to server/config.go as it is used by both server/api and server/grpc * move shared code used by server/api and server/grpc to server/shared 2021-09-22 20:48:01 +02:00			`"github.com/woodpecker-ci/woodpecker/server/shared"`
Move package store/ to server/store/ (#341) * Refactor: move store/ to server/store/ * fix pipeline for moved tests Co-authored-by: 6543 <6543@obermui.de> 2021-09-23 13:33:59 +02:00			`"github.com/woodpecker-ci/woodpecker/server/store"`
Relaced laszlocph/woodpecker with woodpecker-ci/woodpecker 2021-05-25 14:08:27 +02:00			`"github.com/woodpecker-ci/woodpecker/shared/token"`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`)`

			`func GetSelf(c *gin.Context) {`
			`c.JSON(200, session.User(c))`
			`}`

			`func GetFeed(c *gin.Context) {`
Remove some wrapper and make code more redable (#478) * meaningful var names * no context wrapper, use store directly * retrieve store from context once * rm store.GetRepoOwnerName 2021-10-28 11:12:58 +02:00			`store_ := store.FromContext(c)`
			`remote_ := remote.FromContext(c)`

implement sync logic 2017-07-14 21:58:38 +02:00			`user := session.User(c)`
repo feed for latest build only 2016-06-15 02:34:47 +02:00			`latest, _ := strconv.ParseBool(c.Query("latest"))`

implement sync logic 2017-07-14 21:58:38 +02:00			`if time.Unix(user.Synced, 0).Add(time.Hour * 72).Before(time.Now()) {`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 09:25:13 +02:00			`log.Debug().Msgf("sync begin: %s", user.Login)`
prevent per-user concurrent sync 2017-09-29 20:21:06 +02:00
			`user.Synced = time.Now().Unix()`
Drop error only on purpose or else report back or log (#514) - Remove Deadcode - Simplify Code - Drop error only on purpose 2021-11-23 16:36:52 +02:00			`if err := store_.UpdateUser(user); err != nil {`
			`log.Error().Err(err).Msg("UpdateUser")`
			`return`
			`}`
prevent per-user concurrent sync 2017-09-29 20:21:06 +02:00
Add whitelist for syncable owners 2020-05-18 17:58:04 +02:00			`config := ToConfig(c)`

Reorganize code into server/{api,grpc,shared} packages (#337) * move api code to server/api * move grpc server for agent communication to server/grpc * move server.Config to server/config.go as it is used by both server/api and server/grpc * move shared code used by server/api and server/grpc to server/shared 2021-09-22 20:48:01 +02:00			`sync := shared.Syncer{`
Remove some wrapper and make code more redable (#478) * meaningful var names * no context wrapper, use store directly * retrieve store from context once * rm store.GetRepoOwnerName 2021-10-28 11:12:58 +02:00			`Remote: remote_,`
			`Store: store_,`
			`Perms: store_,`
Reorganize code into server/{api,grpc,shared} packages (#337) * move api code to server/api * move grpc server for agent communication to server/grpc * move server.Config to server/config.go as it is used by both server/api and server/grpc * move shared code used by server/api and server/grpc to server/shared 2021-09-22 20:48:01 +02:00			`Match: shared.NamespaceFilter(config.OwnersWhitelist),`
implement sync logic 2017-07-14 21:58:38 +02:00			`}`
Pass down context.Context (#371) * pass context down to remote clients * make tests work * add ctx to Refresh() and use it * bitbucketserver * code format * plugin interface: add todo context * solve todo * RM TODO by using context.WithTimeout * refactor & fix * Apply suggestions from code review Co-authored-by: Anbraten <anton@ju60.de> * go fmt * Update server/remote/coding/coding.go Co-authored-by: Anbraten <anton@ju60.de> Co-authored-by: Anbraten <anton@ju60.de> 2021-09-28 12:56:59 +02:00			`if err := sync.Sync(c, user); err != nil {`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 09:25:13 +02:00			`log.Debug().Msgf("sync error: %s: %s", user.Login, err)`
implement sync logic 2017-07-14 21:58:38 +02:00			`} else {`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 09:25:13 +02:00			`log.Debug().Msgf("sync complete: %s", user.Login)`
implement sync logic 2017-07-14 21:58:38 +02:00			`}`
			`}`

			`if latest {`
Remove some wrapper and make code more redable (#478) * meaningful var names * no context wrapper, use store directly * retrieve store from context once * rm store.GetRepoOwnerName 2021-10-28 11:12:58 +02:00			`feed, err := store_.RepoListLatest(user)`
implement sync logic 2017-07-14 21:58:38 +02:00			`if err != nil {`
			`c.String(500, "Error fetching feed. %s", err)`
			`} else {`
			`c.JSON(200, feed)`
			`}`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`return`
			`}`

Remove some wrapper and make code more redable (#478) * meaningful var names * no context wrapper, use store directly * retrieve store from context once * rm store.GetRepoOwnerName 2021-10-28 11:12:58 +02:00			`feed, err := store_.UserFeed(user)`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`if err != nil {`
implement sync logic 2017-07-14 21:58:38 +02:00			`c.String(500, "Error fetching user feed. %s", err)`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`return`
			`}`
			`c.JSON(200, feed)`
			`}`

			`func GetRepos(c *gin.Context) {`
Remove some wrapper and make code more redable (#478) * meaningful var names * no context wrapper, use store directly * retrieve store from context once * rm store.GetRepoOwnerName 2021-10-28 11:12:58 +02:00			`store_ := store.FromContext(c)`
			`remote_ := remote.FromContext(c)`

			`user := session.User(c)`
			`all, _ := strconv.ParseBool(c.Query("all"))`
			`flush, _ := strconv.ParseBool(c.Query("flush"))`
ability to flush user repo cache 2016-06-14 22:07:05 +02:00
implement sync logic 2017-07-14 21:58:38 +02:00			`if flush \|\| time.Unix(user.Synced, 0).Add(time.Hour*72).Before(time.Now()) {`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 09:25:13 +02:00			`log.Debug().Msgf("sync begin: %s", user.Login)`
prevent per-user concurrent sync 2017-09-29 20:21:06 +02:00			`user.Synced = time.Now().Unix()`
Fix reggression, save not activated repos to database on sync again (#510) * Fix #508 * Add testcase Unrelated nits: * Rm one index (unique will already create an index) * Do not drop on UpdateUser 2021-11-14 23:13:59 +02:00			`if err := store_.UpdateUser(user); err != nil {`
			`log.Err(err).Msgf("update user '%s'", user.Login)`
			`return`
			`}`
prevent per-user concurrent sync 2017-09-29 20:21:06 +02:00
Add whitelist for syncable owners 2020-05-18 17:58:04 +02:00			`config := ToConfig(c)`

Reorganize code into server/{api,grpc,shared} packages (#337) * move api code to server/api * move grpc server for agent communication to server/grpc * move server.Config to server/config.go as it is used by both server/api and server/grpc * move shared code used by server/api and server/grpc to server/shared 2021-09-22 20:48:01 +02:00			`sync := shared.Syncer{`
Remove some wrapper and make code more redable (#478) * meaningful var names * no context wrapper, use store directly * retrieve store from context once * rm store.GetRepoOwnerName 2021-10-28 11:12:58 +02:00			`Remote: remote_,`
			`Store: store_,`
			`Perms: store_,`
Reorganize code into server/{api,grpc,shared} packages (#337) * move api code to server/api * move grpc server for agent communication to server/grpc * move server.Config to server/config.go as it is used by both server/api and server/grpc * move shared code used by server/api and server/grpc to server/shared 2021-09-22 20:48:01 +02:00			`Match: shared.NamespaceFilter(config.OwnersWhitelist),`
implement sync logic 2017-07-14 21:58:38 +02:00			`}`
Add whitelist for syncable owners 2020-05-18 17:58:04 +02:00
Pass down context.Context (#371) * pass context down to remote clients * make tests work * add ctx to Refresh() and use it * bitbucketserver * code format * plugin interface: add todo context * solve todo * RM TODO by using context.WithTimeout * refactor & fix * Apply suggestions from code review Co-authored-by: Anbraten <anton@ju60.de> * go fmt * Update server/remote/coding/coding.go Co-authored-by: Anbraten <anton@ju60.de> Co-authored-by: Anbraten <anton@ju60.de> 2021-09-28 12:56:59 +02:00			`if err := sync.Sync(c, user); err != nil {`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 09:25:13 +02:00			`log.Debug().Msgf("sync error: %s: %s", user.Login, err)`
implement sync logic 2017-07-14 21:58:38 +02:00			`} else {`
Move entirely to zerolog (#426) Completely switch to zerolog (Remove usage of logrus and std logger) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> 2021-10-12 09:25:13 +02:00			`log.Debug().Msgf("sync complete: %s", user.Login)`
implement sync logic 2017-07-14 21:58:38 +02:00			`}`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`}`

Remove some wrapper and make code more redable (#478) * meaningful var names * no context wrapper, use store directly * retrieve store from context once * rm store.GetRepoOwnerName 2021-10-28 11:12:58 +02:00			`repos, err := store_.RepoList(user, true)`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`if err != nil {`
			`c.String(500, "Error fetching repository list. %s", err)`
			`return`
			`}`
ability to pull full vs partial list 2016-06-15 00:20:17 +02:00
implement sync logic 2017-07-14 21:58:38 +02:00			`if all {`
ability to pull full vs partial list 2016-06-15 00:20:17 +02:00			`c.JSON(http.StatusOK, repos)`
			`return`
			`}`

Cleanup Code (#348) * Fix "Empty slice declaration using a literal" * Fix "collides with imported package name" * Remove unused code in pipeline * Remove unused oauth2.providerAuthHeaderWorks() * Add TODOs * Format Code * Cleanup doublestar import * Migrate deprecated functions Co-authored-by: Anbraten <anton@ju60.de> 2021-09-24 16:29:26 +02:00			`var active []*model.Repo`
ability to pull full vs partial list 2016-06-15 00:20:17 +02:00			`for _, repo := range repos {`
implement sync logic 2017-07-14 21:58:38 +02:00			`if repo.IsActive {`
			`active = append(active, repo)`
ability to pull full vs partial list 2016-06-15 00:20:17 +02:00			`}`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`}`
implement sync logic 2017-07-14 21:58:38 +02:00			`c.JSON(http.StatusOK, active)`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`}`

			`func PostToken(c *gin.Context) {`
			`user := session.User(c)`
Cleanup Code (#348) * Fix "Empty slice declaration using a literal" * Fix "collides with imported package name" * Remove unused code in pipeline * Remove unused oauth2.providerAuthHeaderWorks() * Add TODOs * Format Code * Cleanup doublestar import * Migrate deprecated functions Co-authored-by: Anbraten <anton@ju60.de> 2021-09-24 16:29:26 +02:00			`tokenString, err := token.New(token.UserToken, user.Login).Sign(user.Hash)`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`if err != nil {`
Drop error only on purpose or else report back or log (#514) - Remove Deadcode - Simplify Code - Drop error only on purpose 2021-11-23 16:36:52 +02:00			`_ = c.AbortWithError(http.StatusInternalServerError, err)`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`return`
			`}`
Cleanup Code (#348) * Fix "Empty slice declaration using a literal" * Fix "collides with imported package name" * Remove unused code in pipeline * Remove unused oauth2.providerAuthHeaderWorks() * Add TODOs * Format Code * Cleanup doublestar import * Migrate deprecated functions Co-authored-by: Anbraten <anton@ju60.de> 2021-09-24 16:29:26 +02:00			`c.String(http.StatusOK, tokenString)`
moving API to api package, swagger annotatoins 2016-03-30 22:15:28 +02:00			`}`

ability to revoke user tokens 2016-04-09 02:16:45 +02:00			`func DeleteToken(c *gin.Context) {`
Remove some wrapper and make code more redable (#478) * meaningful var names * no context wrapper, use store directly * retrieve store from context once * rm store.GetRepoOwnerName 2021-10-28 11:12:58 +02:00			`store_ := store.FromContext(c)`

ability to revoke user tokens 2016-04-09 02:16:45 +02:00			`user := session.User(c)`
removed import that was mistakenly auto-added 2016-05-03 02:52:34 +02:00			`user.Hash = base32.StdEncoding.EncodeToString(`
			`securecookie.GenerateRandomKey(32),`
			`)`
Remove some wrapper and make code more redable (#478) * meaningful var names * no context wrapper, use store directly * retrieve store from context once * rm store.GetRepoOwnerName 2021-10-28 11:12:58 +02:00			`if err := store_.UpdateUser(user); err != nil {`
ability to revoke user tokens 2016-04-09 02:16:45 +02:00			`c.String(500, "Error revoking tokens. %s", err)`
			`return`
			`}`

Cleanup Code (#348) * Fix "Empty slice declaration using a literal" * Fix "collides with imported package name" * Remove unused code in pipeline * Remove unused oauth2.providerAuthHeaderWorks() * Add TODOs * Format Code * Cleanup doublestar import * Migrate deprecated functions Co-authored-by: Anbraten <anton@ju60.de> 2021-09-24 16:29:26 +02:00			`tokenString, err := token.New(token.UserToken, user.Login).Sign(user.Hash)`
ability to revoke user tokens 2016-04-09 02:16:45 +02:00			`if err != nil {`
Drop error only on purpose or else report back or log (#514) - Remove Deadcode - Simplify Code - Drop error only on purpose 2021-11-23 16:36:52 +02:00			`_ = c.AbortWithError(http.StatusInternalServerError, err)`
ability to revoke user tokens 2016-04-09 02:16:45 +02:00			`return`
			`}`
Cleanup Code (#348) * Fix "Empty slice declaration using a literal" * Fix "collides with imported package name" * Remove unused code in pipeline * Remove unused oauth2.providerAuthHeaderWorks() * Add TODOs * Format Code * Cleanup doublestar import * Migrate deprecated functions Co-authored-by: Anbraten <anton@ju60.de> 2021-09-24 16:29:26 +02:00			`c.String(http.StatusOK, tokenString)`
ability to revoke user tokens 2016-04-09 02:16:45 +02:00			`}`