Add credential method to access GitHub with Personal Access Token

server/src/main/java/com/linecorp/centraldogma/server/internal/mirror/GitWithAuth.java

@@ -58,6 +58,7 @@
 import com.jcraft.jsch.UserInfo;
 
 import com.linecorp.centraldogma.server.MirrorException;
+import com.linecorp.centraldogma.server.internal.mirror.credential.AccessTokenMirrorCredential;
 import com.linecorp.centraldogma.server.internal.mirror.credential.PasswordMirrorCredential;
 import com.linecorp.centraldogma.server.internal.mirror.credential.PublicKeyMirrorCredential;
 import com.linecorp.centraldogma.server.mirror.MirrorCredential;
@@ -155,6 +156,8 @@ public GarbageCollectCommand gc() {
             case SCHEME_GIT_HTTPS:
                 if (c instanceof PasswordMirrorCredential) {
                     configureHttp(command, (PasswordMirrorCredential) c);
+                } else if (c instanceof AccessTokenMirrorCredential) {
+                    configureHttp(command, (AccessTokenMirrorCredential) c);
                 }
                 break;
             case SCHEME_GIT_SSH:
@@ -173,6 +176,11 @@ public GarbageCollectCommand gc() {
         cmd.setCredentialsProvider(new UsernamePasswordCredentialsProvider(cred.username(), cred.password()));
     }
 
+    private static <T extends TransportCommand<?, ?>> void configureHttp(
+            T cmd, AccessTokenMirrorCredential cred) {
+        cmd.setCredentialsProvider(new UsernamePasswordCredentialsProvider("token", cred.accessToken()));
+    }
+
     private <T extends TransportCommand<?, ?>> void configureSsh(T cmd, PublicKeyMirrorCredential cred) {
         cmd.setTransportConfigCallback(transport -> {
             final SshTransport sshTransport = (SshTransport) transport;

server/src/main/java/com/linecorp/centraldogma/server/internal/mirror/credential/AccessTokenMirrorCredential.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright 2023 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.centraldogma.server.internal.mirror.credential;
+
+import static com.linecorp.centraldogma.server.internal.mirror.credential.MirrorCredentialUtil.requireNonEmpty;
+
+import java.util.regex.Pattern;
+
+import javax.annotation.Nullable;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.google.common.base.MoreObjects.ToStringHelper;
+
+public final class AccessTokenMirrorCredential extends AbstractMirrorCredential {
+
+    private final String accessToken;
+
+    @JsonCreator
+    public AccessTokenMirrorCredential(@JsonProperty("id") @Nullable String id,
+                                       @JsonProperty("hostnamePatterns") @Nullable
+                                       @JsonDeserialize(contentAs = Pattern.class)
+                                       Iterable<Pattern> hostnamePatterns,
+                                       @JsonProperty("accessToken") String accessToken) {
+        super(id, hostnamePatterns);
+
+        this.accessToken = requireNonEmpty(accessToken, "accessToken");
+    }
+
+    public String accessToken() {
+        return accessToken;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = super.hashCode();
+        result = 31 * result + accessToken.hashCode();
+        return result;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+
+        if (!(o instanceof AccessTokenMirrorCredential)) {
+            return false;
+        }
+
+        if (!super.equals(o)) {
+            return false;
+        }
+
+        final AccessTokenMirrorCredential that = (AccessTokenMirrorCredential) o;
+        return accessToken.equals(that.accessToken);
+    }
+
+    @Override
+    void addProperties(ToStringHelper helper) {
+        // Access token must be kept secret.
+    }
+}

server/src/main/java/com/linecorp/centraldogma/server/mirror/MirrorCredential.java

@@ -26,6 +26,7 @@
 import com.fasterxml.jackson.annotation.JsonSubTypes.Type;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 
+import com.linecorp.centraldogma.server.internal.mirror.credential.AccessTokenMirrorCredential;
 import com.linecorp.centraldogma.server.internal.mirror.credential.NoneMirrorCredential;
 import com.linecorp.centraldogma.server.internal.mirror.credential.PasswordMirrorCredential;
 import com.linecorp.centraldogma.server.internal.mirror.credential.PublicKeyMirrorCredential;
@@ -37,7 +38,8 @@
 @JsonSubTypes({
         @Type(value = NoneMirrorCredential.class, name = "none"),
         @Type(value = PasswordMirrorCredential.class, name = "password"),
-        @Type(value = PublicKeyMirrorCredential.class, name = "public_key")
+        @Type(value = PublicKeyMirrorCredential.class, name = "public_key"),
+        @Type(value = AccessTokenMirrorCredential.class, name = "access_token")
 })
 public interface MirrorCredential {
 

server/src/test/java/com/linecorp/centraldogma/server/internal/mirror/credential/AccessTokenMirrorCredentialTest.java

@@ -0,0 +1,65 @@
+/*
+ * Copyright 2023 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.centraldogma.server.internal.mirror.credential;
+
+import static com.linecorp.centraldogma.server.internal.mirror.credential.MirrorCredentialTest.HOSTNAME_PATTERNS;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import org.junit.jupiter.api.Test;
+
+import com.linecorp.centraldogma.internal.Jackson;
+import com.linecorp.centraldogma.server.mirror.MirrorCredential;
+
+class AccessTokenMirrorCredentialTest {
+
+    @Test
+    void testConstruction() throws Exception {
+        // null checks
+        assertThatThrownBy(() -> new AccessTokenMirrorCredential(null, null, null))
+                .isInstanceOf(NullPointerException.class);
+
+        // emptiness checks
+        assertThatThrownBy(() -> new AccessTokenMirrorCredential(null, null, ""))
+                .isInstanceOf(IllegalArgumentException.class);
+
+        // successful construction
+        final AccessTokenMirrorCredential c = new AccessTokenMirrorCredential(null, null, "sesame");
+        assertThat(c.accessToken()).isEqualTo("sesame");
+    }
+
+    @Test
+    void testDeserialization() throws Exception {
+        // With hostnamePatterns
+        assertThat(Jackson.readValue('{' +
+                                     "  \"type\": \"access_token\"," +
+                                     "  \"hostnamePatterns\": [" +
+                                     "    \"^foo\\\\.com$\"" +
+                                     "  ]," +
+                                     "  \"accessToken\": \"sesame\"" +
+                                     '}', MirrorCredential.class))
+                .isEqualTo(new AccessTokenMirrorCredential(null, HOSTNAME_PATTERNS,
+                                                           "sesame"));
+        // With ID
+        assertThat(Jackson.readValue('{' +
+                                     "  \"type\": \"access_token\"," +
+                                     "  \"id\": \"foo\"," +
+                                     "  \"accessToken\": \"sesame\"" +
+                                     '}', MirrorCredential.class))
+                .isEqualTo(new AccessTokenMirrorCredential("foo", null, "sesame"));
+    }
+}