git-bug/bridge/github/config.go

package github

import (
	"bufio"
	"bytes"
	"encoding/json"
	"fmt"
	"io"
	"io/ioutil"
	"math/rand"
	"net/http"
	"os"
	"regexp"
	"strings"
	"syscall"
	"time"

	"github.com/MichaelMure/git-bug/bridge/core"
	"github.com/MichaelMure/git-bug/repository"
	"golang.org/x/crypto/ssh/terminal"
)

const (
	githubV3Url = "https://api.github.com"
	keyUser     = "user"
	keyProject  = "project"
	keyToken    = "token"
)

func (*Github) Configure(repo repository.RepoCommon) (core.Configuration, error) {
	conf := make(core.Configuration)

	fmt.Println()
	fmt.Println("git-bug will now generate an access token in your Github profile. Your credential are not stored and are only used to generate the token. The token is stored in the repository git config.")
	fmt.Println()
	fmt.Println("The token will have the following scopes:")
	fmt.Println("  - user:email: to be able to read public-only users email")
	// fmt.Println("The token will have the \"repo\" permission, giving it read/write access to your repositories and issues. There is no narrower scope available, sorry :-|")
	fmt.Println()

	projectUser, projectName, err := promptURL()
	if err != nil {
		return nil, err
	}

	conf[keyUser] = projectUser
	conf[keyProject] = projectName

	username, err := promptUsername()
	if err != nil {
		return nil, err
	}

	password, err := promptPassword()
	if err != nil {
		return nil, err
	}

	// Attempt to authenticate and create a token

	note := fmt.Sprintf("git-bug - %s/%s", projectUser, projectName)

	resp, err := requestToken(note, username, password)
	if err != nil {
		return nil, err
	}

	defer resp.Body.Close()

	// Handle 2FA is needed
	OTPHeader := resp.Header.Get("X-GitHub-OTP")
	if resp.StatusCode == http.StatusUnauthorized && OTPHeader != "" {
		otpCode, err := prompt2FA()
		if err != nil {
			return nil, err
		}

		resp, err = requestTokenWith2FA(note, username, password, otpCode)
		if err != nil {
			return nil, err
		}

		defer resp.Body.Close()
	}

	if resp.StatusCode == http.StatusCreated {
		token, err := decodeBody(resp.Body)
		if err != nil {
			return nil, err
		}
		conf[keyToken] = token
		return conf, nil
	}

	b, _ := ioutil.ReadAll(resp.Body)
	fmt.Printf("Error %v: %v\n", resp.StatusCode, string(b))

	return nil, nil
}

func (*Github) ValidateConfig(conf core.Configuration) error {
	if _, ok := conf[keyToken]; !ok {
		return fmt.Errorf("missing %s key", keyToken)
	}

	if _, ok := conf[keyUser]; !ok {
		return fmt.Errorf("missing %s key", keyUser)
	}

	if _, ok := conf[keyProject]; !ok {
		return fmt.Errorf("missing %s key", keyProject)
	}

	return nil
}

func requestToken(note, username, password string) (*http.Response, error) {
	return requestTokenWith2FA(note, username, password, "")
}

func requestTokenWith2FA(note, username, password, otpCode string) (*http.Response, error) {
	url := fmt.Sprintf("%s/authorizations", githubV3Url)
	params := struct {
		Scopes      []string `json:"scopes"`
		Note        string   `json:"note"`
		Fingerprint string   `json:"fingerprint"`
	}{
		// user:email is requested to be able to read public emails
		//     - a private email will stay private, even with this token
		Scopes:      []string{"user:email"},
		Note:        note,
		Fingerprint: randomFingerprint(),
	}

	data, err := json.Marshal(params)
	if err != nil {
		return nil, err
	}

	req, err := http.NewRequest("POST", url, bytes.NewBuffer(data))
	if err != nil {
		return nil, err
	}

	req.SetBasicAuth(username, password)
	req.Header.Set("Content-Type", "application/json")

	if otpCode != "" {
		req.Header.Set("X-GitHub-OTP", otpCode)
	}

	client := http.Client{}

	return client.Do(req)
}

func decodeBody(body io.ReadCloser) (string, error) {
	data, _ := ioutil.ReadAll(body)

	aux := struct {
		Token string `json:"token"`
	}{}

	err := json.Unmarshal(data, &aux)
	if err != nil {
		return "", err
	}

	if aux.Token == "" {
		return "", fmt.Errorf("no token found in response: %s", string(data))
	}

	return aux.Token, nil
}

func randomFingerprint() string {
	// Doesn't have to be crypto secure, it's just to avoid token collision
	rand.Seed(time.Now().UnixNano())
	var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
	b := make([]rune, 32)
	for i := range b {
		b[i] = letterRunes[rand.Intn(len(letterRunes))]
	}
	return string(b)
}

func promptUsername() (string, error) {
	for {
		fmt.Print("username: ")

		line, err := bufio.NewReader(os.Stdin).ReadString('\n')
		if err != nil {
			return "", err
		}

		line = strings.TrimRight(line, "\n")

		ok, err := validateUsername(line)
		if err != nil {
			return "", err
		}
		if ok {
			return line, nil
		}

		fmt.Println("invalid username")
	}
}

func promptURL() (string, string, error) {
	for {
		fmt.Print("Github project URL: ")

		line, err := bufio.NewReader(os.Stdin).ReadString('\n')
		if err != nil {
			return "", "", err
		}

		line = strings.TrimRight(line, "\n")

		if line == "" {
			fmt.Println("URL is empty")
			continue
		}

		projectUser, projectName, err := splitURL(line)

		if err != nil {
			fmt.Println(err)
			continue
		}

		return projectUser, projectName, nil
	}
}

func splitURL(url string) (string, string, error) {
	re, err := regexp.Compile(`github\.com\/([^\/]*)\/([^\/]*)`)
	if err != nil {
		panic(err)
	}

	res := re.FindStringSubmatch(url)

	if res == nil {
		return "", "", fmt.Errorf("bad github project url")
	}

	return res[1], res[2], nil
}

func validateUsername(username string) (bool, error) {
	url := fmt.Sprintf("%s/users/%s", githubV3Url, username)

	resp, err := http.Get(url)
	if err != nil {
		return false, err
	}

	err = resp.Body.Close()
	if err != nil {
		return false, err
	}

	return resp.StatusCode == http.StatusOK, nil
}

func promptPassword() (string, error) {
	for {
		fmt.Print("password: ")

		bytePassword, err := terminal.ReadPassword(int(syscall.Stdin))
		// new line for coherent formatting, ReadPassword clip the normal new line
		// entered by the user
		fmt.Println()

		if err != nil {
			return "", err
		}

		if len(bytePassword) > 0 {
			return string(bytePassword), nil
		}

		fmt.Println("password is empty")
	}
}

func prompt2FA() (string, error) {
	for {
		fmt.Print("two-factor authentication code: ")

		byte2fa, err := terminal.ReadPassword(int(syscall.Stdin))
		if err != nil {
			return "", err
		}

		if len(byte2fa) > 0 {
			return string(byte2fa), nil
		}

		fmt.Println("code is empty")
	}
}
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`package github`

			`import (`
			`"bufio"`
			`"bytes"`
			`"encoding/json"`
			`"fmt"`
			`"io"`
			`"io/ioutil"`
			`"math/rand"`
			`"net/http"`
			`"os"`
bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`"regexp"`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`"strings"`
			`"syscall"`
			`"time"`

bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`"github.com/MichaelMure/git-bug/bridge/core"`
			`"github.com/MichaelMure/git-bug/repository"`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`"golang.org/x/crypto/ssh/terminal"`
			`)`

Integrate iterator with importer 2019-04-27 02:15:02 +03:00			`const (`
			`githubV3Url = "https://api.github.com"`
			`keyUser = "user"`
			`keyProject = "project"`
			`keyToken = "token"`
			`)`
bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00
			`func (*Github) Configure(repo repository.RepoCommon) (core.Configuration, error) {`
			`conf := make(core.Configuration)`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00
bridge: big refactor and cleanup 2018-09-24 16:25:15 +03:00			`fmt.Println()`
github: also pull users email 2018-10-07 19:27:23 +03:00			`fmt.Println("git-bug will now generate an access token in your Github profile. Your credential are not stored and are only used to generate the token. The token is stored in the repository git config.")`
			`fmt.Println()`
			`fmt.Println("The token will have the following scopes:")`
			`fmt.Println(" - user:email: to be able to read public-only users email")`
bridge: make github 2FA work 2018-09-21 15:38:44 +03:00			`// fmt.Println("The token will have the \"repo\" permission, giving it read/write access to your repositories and issues. There is no narrower scope available, sorry :-\|")`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`fmt.Println()`

bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`projectUser, projectName, err := promptURL()`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`if err != nil {`
			`return nil, err`
			`}`

bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`conf[keyUser] = projectUser`
			`conf[keyProject] = projectName`

bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`username, err := promptUsername()`
			`if err != nil {`
			`return nil, err`
			`}`

			`password, err := promptPassword()`
			`if err != nil {`
			`return nil, err`
			`}`

			`// Attempt to authenticate and create a token`

bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`note := fmt.Sprintf("git-bug - %s/%s", projectUser, projectName)`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00
bridge: make github 2FA work 2018-09-21 15:38:44 +03:00			`resp, err := requestToken(note, username, password)`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`if err != nil {`
			`return nil, err`
			`}`

			`defer resp.Body.Close()`

			`// Handle 2FA is needed`
			`OTPHeader := resp.Header.Get("X-GitHub-OTP")`
			`if resp.StatusCode == http.StatusUnauthorized && OTPHeader != "" {`
			`otpCode, err := prompt2FA()`
			`if err != nil {`
			`return nil, err`
			`}`

bridge: make github 2FA work 2018-09-21 15:38:44 +03:00			`resp, err = requestTokenWith2FA(note, username, password, otpCode)`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`if err != nil {`
			`return nil, err`
			`}`

bridge: make github 2FA work 2018-09-21 15:38:44 +03:00			`defer resp.Body.Close()`
bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`}`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00
bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`if resp.StatusCode == http.StatusCreated {`
			`token, err := decodeBody(resp.Body)`
			`if err != nil {`
			`return nil, err`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`}`
bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`conf[keyToken] = token`
			`return conf, nil`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`}`

			`b, _ := ioutil.ReadAll(resp.Body)`
			`fmt.Printf("Error %v: %v\n", resp.StatusCode, string(b))`

			`return nil, nil`
			`}`

bridge: validate config before use 2018-09-24 18:21:24 +03:00			`func (*Github) ValidateConfig(conf core.Configuration) error {`
			`if _, ok := conf[keyToken]; !ok {`
			`return fmt.Errorf("missing %s key", keyToken)`
			`}`

			`if _, ok := conf[keyUser]; !ok {`
			`return fmt.Errorf("missing %s key", keyUser)`
			`}`

			`if _, ok := conf[keyProject]; !ok {`
			`return fmt.Errorf("missing %s key", keyProject)`
			`}`

			`return nil`
			`}`

bridge: make github 2FA work 2018-09-21 15:38:44 +03:00			`func requestToken(note, username, password string) (*http.Response, error) {`
			`return requestTokenWith2FA(note, username, password, "")`
			`}`

			`func requestTokenWith2FA(note, username, password, otpCode string) (*http.Response, error) {`
			`url := fmt.Sprintf("%s/authorizations", githubV3Url)`
			`params := struct {`
			Scopes []string `json:"scopes"`
			Note string `json:"note"`
			Fingerprint string `json:"fingerprint"`
			`}{`
github: also pull users email 2018-10-07 19:27:23 +03:00			`// user:email is requested to be able to read public emails`
			`// - a private email will stay private, even with this token`
			`Scopes: []string{"user:email"},`
bridge: make github 2FA work 2018-09-21 15:38:44 +03:00			`Note: note,`
			`Fingerprint: randomFingerprint(),`
			`}`

			`data, err := json.Marshal(params)`
			`if err != nil {`
			`return nil, err`
			`}`

			`req, err := http.NewRequest("POST", url, bytes.NewBuffer(data))`
			`if err != nil {`
			`return nil, err`
			`}`

			`req.SetBasicAuth(username, password)`
			`req.Header.Set("Content-Type", "application/json")`

			`if otpCode != "" {`
			`req.Header.Set("X-GitHub-OTP", otpCode)`
			`}`

			`client := http.Client{}`

			`return client.Do(req)`
			`}`

bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`func decodeBody(body io.ReadCloser) (string, error) {`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`data, _ := ioutil.ReadAll(body)`

			`aux := struct {`
			Token string `json:"token"`
			`}{}`

			`err := json.Unmarshal(data, &aux)`
			`if err != nil {`
bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`return "", err`
			`}`

			`if aux.Token == "" {`
			`return "", fmt.Errorf("no token found in response: %s", string(data))`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`}`

bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`return aux.Token, nil`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`}`

			`func randomFingerprint() string {`
			`// Doesn't have to be crypto secure, it's just to avoid token collision`
			`rand.Seed(time.Now().UnixNano())`
			`var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")`
			`b := make([]rune, 32)`
			`for i := range b {`
			`b[i] = letterRunes[rand.Intn(len(letterRunes))]`
			`}`
			`return string(b)`
			`}`

			`func promptUsername() (string, error) {`
			`for {`
bridge: big refactor and cleanup 2018-09-24 16:25:15 +03:00			`fmt.Print("username: ")`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00
			`line, err := bufio.NewReader(os.Stdin).ReadString('\n')`
			`if err != nil {`
			`return "", err`
			`}`

			`line = strings.TrimRight(line, "\n")`

			`ok, err := validateUsername(line)`
			`if err != nil {`
			`return "", err`
			`}`
			`if ok {`
			`return line, nil`
			`}`

			`fmt.Println("invalid username")`
			`}`
			`}`

bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`func promptURL() (string, string, error) {`
			`for {`
bridge: big refactor and cleanup 2018-09-24 16:25:15 +03:00			`fmt.Print("Github project URL: ")`
bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00
			`line, err := bufio.NewReader(os.Stdin).ReadString('\n')`
			`if err != nil {`
			`return "", "", err`
			`}`

			`line = strings.TrimRight(line, "\n")`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00
bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`if line == "" {`
			`fmt.Println("URL is empty")`
			`continue`
			`}`

			`projectUser, projectName, err := splitURL(line)`

			`if err != nil {`
			`fmt.Println(err)`
			`continue`
			`}`

			`return projectUser, projectName, nil`
			`}`
			`}`

			`func splitURL(url string) (string, string, error) {`
			re, err := regexp.Compile(`github\.com\/([^\/])\/([^\/])`)
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`if err != nil {`
commands: add "bridge rm" 2018-09-24 17:24:38 +03:00			`panic(err)`
bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`}`

			`res := re.FindStringSubmatch(url)`

			`if res == nil {`
			`return "", "", fmt.Errorf("bad github project url")`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`}`

bridge: better interfaces, working github configurator 2018-09-21 19:23:46 +03:00			`return res[1], res[2], nil`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`}`

			`func validateUsername(username string) (bool, error) {`
			`url := fmt.Sprintf("%s/users/%s", githubV3Url, username)`

			`resp, err := http.Get(url)`
			`if err != nil {`
			`return false, err`
			`}`

			`err = resp.Body.Close()`
			`if err != nil {`
			`return false, err`
			`}`

			`return resp.StatusCode == http.StatusOK, nil`
			`}`

			`func promptPassword() (string, error) {`
			`for {`
bridge: big refactor and cleanup 2018-09-24 16:25:15 +03:00			`fmt.Print("password: ")`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00
			`bytePassword, err := terminal.ReadPassword(int(syscall.Stdin))`
bridge: big refactor and cleanup 2018-09-24 16:25:15 +03:00			`// new line for coherent formatting, ReadPassword clip the normal new line`
			`// entered by the user`
			`fmt.Println()`

bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00			`if err != nil {`
			`return "", err`
			`}`

			`if len(bytePassword) > 0 {`
			`return string(bytePassword), nil`
			`}`

			`fmt.Println("password is empty")`
			`}`
			`}`

			`func prompt2FA() (string, error) {`
			`for {`
bridge: big refactor and cleanup 2018-09-24 16:25:15 +03:00			`fmt.Print("two-factor authentication code: ")`
bridge: add the beginning of a github importer 2018-09-21 13:54:48 +03:00
			`byte2fa, err := terminal.ReadPassword(int(syscall.Stdin))`
			`if err != nil {`
			`return "", err`
			`}`

			`if len(byte2fa) > 0 {`
			`return string(byte2fa), nil`
			`}`

			`fmt.Println("code is empty")`
			`}`
			`}`