git-bug/bridge/gitlab/config.go
2019-07-23 17:18:04 +02:00

519 lines
11 KiB
Go

package gitlab
import (
"bufio"
"bytes"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"math/rand"
"net/http"
neturl "net/url"
"os"
"regexp"
"strconv"
"strings"
"syscall"
"time"
"github.com/pkg/errors"
"github.com/xanzy/go-gitlab"
"golang.org/x/crypto/ssh/terminal"
"github.com/MichaelMure/git-bug/bridge/core"
"github.com/MichaelMure/git-bug/repository"
)
const (
target = "gitlab"
gitlabV4Url = "https://gitlab.com/api/v4"
keyID = "id"
keyTarget = "target"
keyToken = "token"
defaultTimeout = 60 * time.Second
)
//note to my self: bridge configure --target=gitlab --url=$URL
var (
ErrBadProjectURL = errors.New("bad project url")
)
func (*Gitlab) Configure(repo repository.RepoCommon, params core.BridgeParams) (core.Configuration, error) {
if params.Project != "" {
fmt.Println("warning: --project is ineffective for a gitlab bridge")
}
if params.Owner != "" {
fmt.Println("warning: --owner is ineffective for a gitlab bridge")
}
conf := make(core.Configuration)
var err error
var url string
var token string
var projectID string
// get project url
if params.URL != "" {
url = params.URL
} else {
// remote suggestions
remotes, err := repo.GetRemotes()
if err != nil {
return nil, err
}
// terminal prompt
url, err = promptURL(remotes)
if err != nil {
return nil, err
}
}
// get user token
if params.Token != "" {
token = params.Token
} else {
token, err = promptTokenOptions(url)
if err != nil {
return nil, err
}
}
var ok bool
// validate project url and get it ID
ok, projectID, err = validateProjectURL(url, token)
if err != nil {
return nil, err
}
if !ok {
return nil, fmt.Errorf("invalid project id or wrong token scope")
}
conf[keyID] = projectID
conf[keyToken] = token
conf[keyTarget] = target
return conf, nil
}
func (*Gitlab) ValidateConfig(conf core.Configuration) error {
if v, ok := conf[keyTarget]; !ok {
return fmt.Errorf("missing %s key", keyTarget)
} else if v != target {
return fmt.Errorf("unexpected target name: %v", v)
}
if _, ok := conf[keyToken]; !ok {
return fmt.Errorf("missing %s key", keyToken)
}
if _, ok := conf[keyID]; !ok {
return fmt.Errorf("missing %s key", keyID)
}
return nil
}
func requestToken(note, username, password string, scope string) (*http.Response, error) {
return requestTokenWith2FA(note, username, password, "", scope)
}
//TODO: FIX THIS ONE
func requestTokenWith2FA(note, username, password, otpCode string, scope string) (*http.Response, error) {
url := fmt.Sprintf("%s/authorizations", gitlabV4Url)
params := struct {
Scopes []string `json:"scopes"`
Note string `json:"note"`
Fingerprint string `json:"fingerprint"`
}{
Scopes: []string{scope},
Note: note,
Fingerprint: randomFingerprint(),
}
data, err := json.Marshal(params)
if err != nil {
return nil, err
}
req, err := http.NewRequest("POST", url, bytes.NewBuffer(data))
if err != nil {
return nil, err
}
req.SetBasicAuth(username, password)
req.Header.Set("Content-Type", "application/json")
if otpCode != "" {
req.Header.Set("X-GitHub-OTP", otpCode)
}
client := &http.Client{
Timeout: defaultTimeout,
}
return client.Do(req)
}
func decodeBody(body io.ReadCloser) (string, error) {
data, _ := ioutil.ReadAll(body)
aux := struct {
Token string `json:"token"`
}{}
err := json.Unmarshal(data, &aux)
if err != nil {
return "", err
}
if aux.Token == "" {
return "", fmt.Errorf("no token found in response: %s", string(data))
}
return aux.Token, nil
}
func randomFingerprint() string {
// Doesn't have to be crypto secure, it's just to avoid token collision
rand.Seed(time.Now().UnixNano())
var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
b := make([]rune, 32)
for i := range b {
b[i] = letterRunes[rand.Intn(len(letterRunes))]
}
return string(b)
}
func promptTokenOptions(url string) (string, error) {
for {
fmt.Println()
fmt.Println("[1]: user provided token")
fmt.Println("[2]: interactive token creation")
fmt.Print("Select option: ")
line, err := bufio.NewReader(os.Stdin).ReadString('\n')
fmt.Println()
if err != nil {
return "", err
}
line = strings.TrimRight(line, "\n")
index, err := strconv.Atoi(line)
if err != nil || (index != 1 && index != 2) {
fmt.Println("invalid input")
continue
}
if index == 1 {
return promptToken()
}
return loginAndRequestToken(url)
}
}
func promptToken() (string, error) {
fmt.Println("You can generate a new token by visiting https://gitlab.com/settings/tokens.")
fmt.Println("Choose 'Generate new token' and set the necessary access scope for your repository.")
fmt.Println()
fmt.Println("The access scope depend on the type of repository.")
fmt.Println("Public:")
fmt.Println(" - 'public_repo': to be able to read public repositories")
fmt.Println("Private:")
fmt.Println(" - 'repo' : to be able to read private repositories")
fmt.Println()
re, err := regexp.Compile(`^[a-zA-Z0-9\-]{20}`)
if err != nil {
panic("regexp compile:" + err.Error())
}
for {
fmt.Print("Enter token: ")
line, err := bufio.NewReader(os.Stdin).ReadString('\n')
if err != nil {
return "", err
}
token := strings.TrimRight(line, "\n")
if re.MatchString(token) {
return token, nil
}
fmt.Println("token is invalid")
}
}
// TODO: FIX THIS ONE TOO
func loginAndRequestToken(url string) (string, error) {
// prompt project visibility to know the token scope needed for the repository
isPublic, err := promptProjectVisibility()
if err != nil {
return "", err
}
username, err := promptUsername()
if err != nil {
return "", err
}
password, err := promptPassword()
if err != nil {
return "", err
}
var scope string
//TODO: Gitlab scopes
if isPublic {
// public_repo is requested to be able to read public repositories
scope = "public_repo"
} else {
// 'repo' is request to be able to read private repositories
// /!\ token will have read/write rights on every private repository you have access to
scope = "repo"
}
// Attempt to authenticate and create a token
note := fmt.Sprintf("git-bug - %s/%s", url)
resp, err := requestToken(note, username, password, scope)
if err != nil {
return "", err
}
defer resp.Body.Close()
// Handle 2FA is needed
OTPHeader := resp.Header.Get("X-GitHub-OTP")
if resp.StatusCode == http.StatusUnauthorized && OTPHeader != "" {
otpCode, err := prompt2FA()
if err != nil {
return "", err
}
resp, err = requestTokenWith2FA(note, username, password, otpCode, scope)
if err != nil {
return "", err
}
defer resp.Body.Close()
}
if resp.StatusCode == http.StatusCreated {
return decodeBody(resp.Body)
}
b, _ := ioutil.ReadAll(resp.Body)
return "", fmt.Errorf("error creating token %v: %v", resp.StatusCode, string(b))
}
func promptUsername() (string, error) {
for {
fmt.Print("username: ")
line, err := bufio.NewReader(os.Stdin).ReadString('\n')
if err != nil {
return "", err
}
line = strings.TrimRight(line, "\n")
ok, err := validateUsername(line)
if err != nil {
return "", err
}
if ok {
return line, nil
}
fmt.Println("invalid username")
}
}
func promptURL(remotes map[string]string) (string, error) {
validRemotes := getValidGitlabRemoteURLs(remotes)
if len(validRemotes) > 0 {
for {
fmt.Println("\nDetected projects:")
// print valid remote gitlab urls
for i, remote := range validRemotes {
fmt.Printf("[%d]: %v\n", i+1, remote)
}
fmt.Printf("\n[0]: Another project\n\n")
fmt.Printf("Select option: ")
line, err := bufio.NewReader(os.Stdin).ReadString('\n')
if err != nil {
return "", err
}
line = strings.TrimRight(line, "\n")
index, err := strconv.Atoi(line)
if err != nil || (index < 0 && index >= len(validRemotes)) {
fmt.Println("invalid input")
continue
}
// if user want to enter another project url break this loop
if index == 0 {
break
}
return validRemotes[index-1], nil
}
}
// manually enter gitlab url
for {
fmt.Print("Gitlab project URL: ")
line, err := bufio.NewReader(os.Stdin).ReadString('\n')
if err != nil {
return "", err
}
url := strings.TrimRight(line, "\n")
if line == "" {
fmt.Println("URL is empty")
continue
}
return url, nil
}
}
func splitURL(url string) (string, string, error) {
cleanUrl := strings.TrimSuffix(url, ".git")
objectUrl, err := neturl.Parse(cleanUrl)
if err != nil {
return "", "", nil
}
return fmt.Sprintf("%s%s", objectUrl.Host, objectUrl.Path), objectUrl.Path, nil
}
func getValidGitlabRemoteURLs(remotes map[string]string) []string {
urls := make([]string, 0, len(remotes))
for _, u := range remotes {
url, _, err := splitURL(u)
if err != nil {
continue
}
urls = append(urls, url)
}
return urls
}
func validateUsername(username string) (bool, error) {
// no need for a token for this action
client := buildClient("")
users, _, err := client.Users.ListUsers(&gitlab.ListUsersOptions{Username: &username})
if err != nil {
return false, err
}
if len(users) == 0 {
return false, fmt.Errorf("username not found")
} else if len(users) > 1 {
return false, fmt.Errorf("found multiple matches")
}
return users[0].Username == username, nil
}
func validateProjectURL(url, token string) (bool, string, error) {
client := buildClient(token)
_, projectPath, err := splitURL(url)
if err != nil {
return false, "", err
}
project, _, err := client.Projects.GetProject(projectPath[1:], &gitlab.GetProjectOptions{})
if err != nil {
return false, "", err
}
projectID := strconv.Itoa(project.ID)
return true, projectID, nil
}
func promptPassword() (string, error) {
for {
fmt.Print("password: ")
bytePassword, err := terminal.ReadPassword(int(syscall.Stdin))
// new line for coherent formatting, ReadPassword clip the normal new line
// entered by the user
fmt.Println()
if err != nil {
return "", err
}
if len(bytePassword) > 0 {
return string(bytePassword), nil
}
fmt.Println("password is empty")
}
}
func prompt2FA() (string, error) {
for {
fmt.Print("two-factor authentication code: ")
byte2fa, err := terminal.ReadPassword(int(syscall.Stdin))
fmt.Println()
if err != nil {
return "", err
}
if len(byte2fa) > 0 {
return string(byte2fa), nil
}
fmt.Println("code is empty")
}
}
func promptProjectVisibility() (bool, error) {
for {
fmt.Println("[1]: public")
fmt.Println("[2]: private")
fmt.Print("repository visibility: ")
line, err := bufio.NewReader(os.Stdin).ReadString('\n')
fmt.Println()
if err != nil {
return false, err
}
line = strings.TrimRight(line, "\n")
index, err := strconv.Atoi(line)
if err != nil || (index != 0 && index != 1) {
fmt.Println("invalid input")
continue
}
// return true for public repositories, false for private
return index == 0, nil
}
}