gitlab.go

package gitlab

import (
	"crypto/tls"
	"fmt"
	"io/ioutil"
	"net/http"
	"net/url"
	"strconv"
	"strings"
	"time"

	"code.google.com/p/goauth2/oauth"
	"github.com/Bugagazavr/go-gitlab-client"
	"github.com/drone/drone/shared/httputil"
	"github.com/drone/drone/shared/model"
)

type Gitlab struct {
	url        string
	SkipVerify bool
	Open       bool
	Client     string
	Secret     string
}

func New(url string, skipVerify, open bool, client, secret string) *Gitlab {
	return &Gitlab{
		url:        url,
		SkipVerify: skipVerify,
		Open:       open,
		Client:     client,
		Secret:     secret,
	}
}

// Authorize handles authentication with thrid party remote systems,
// such as github or bitbucket, and returns user data.
func (r *Gitlab) Authorize(res http.ResponseWriter, req *http.Request) (*model.Login, error) {
	host := httputil.GetURL(req)
	config := NewOauthConfig(r, host)

	var code = req.FormValue("code")
	var state = req.FormValue("state")

	if len(code) == 0 {
		var random = GetRandom()
		httputil.SetCookie(res, req, "gitlab_state", random)
		http.Redirect(res, req, config.AuthCodeURL(random), http.StatusSeeOther)
		return nil, nil
	}

	cookieState := httputil.GetCookie(req, "gitlab_state")
	httputil.DelCookie(res, req, "gitlab_state")
	if cookieState != state {
		return nil, fmt.Errorf("Error matching state in OAuth2 redirect")
	}

	var trans = &oauth.Transport{
		Config: config,
		Transport: &http.Transport{
			Proxy:           http.ProxyFromEnvironment,
			TLSClientConfig: &tls.Config{InsecureSkipVerify: r.SkipVerify},
		},
	}
	var token, err = trans.Exchange(code)
	if err != nil {
		return nil, fmt.Errorf("Error exchanging token. %s", err)
	}

	var client = NewClient(r.url, token.AccessToken, r.SkipVerify)

	var user, errr = client.CurrentUser()
	if errr != nil {
		return nil, fmt.Errorf("Error retrieving current user. %s", errr)
	}

	var login = new(model.Login)
	login.ID = int64(user.Id)
	login.Access = token.AccessToken
	login.Secret = token.RefreshToken
	login.Login = user.Username
	login.Email = user.Email
	return login, nil
}

// GetKind returns the identifier of this remote GitHub instane.
func (r *Gitlab) GetKind() string {
	return model.RemoteGitlab
}

// GetHost returns the hostname of this remote GitHub instance.
func (r *Gitlab) GetHost() string {
	uri, _ := url.Parse(r.url)
	return uri.Host
}

// GetRepos fetches all repositories that the specified
// user has access to in the remote system.
func (r *Gitlab) GetRepos(user *model.User) ([]*model.Repo, error) {

	var repos []*model.Repo
	var client = NewClient(r.url, user.Access, r.SkipVerify)
	var list, err = client.AllProjects()
	if err != nil {
		return nil, err
	}

	var remote = r.GetKind()
	var hostname = r.GetHost()

	for _, item := range list {
		var repo = model.Repo{
			UserID:   user.ID,
			Remote:   remote,
			Host:     hostname,
			Owner:    item.Namespace.Path,
			Name:     item.Path,
			Private:  !item.Public,
			CloneURL: item.HttpRepoUrl,
			GitURL:   item.HttpRepoUrl,
			SSHURL:   item.SshRepoUrl,
			URL:      item.Url,
			Role:     &model.Perm{},
		}

		if repo.Private {
			repo.CloneURL = repo.SSHURL
		}

		// if the user is the owner we can assume full access,
		// otherwise check for the permission items.
		if repo.Owner == user.Login {
			repo.Role = new(model.Perm)
			repo.Role.Admin = true
			repo.Role.Write = true
			repo.Role.Read = true
		} else {
			// Fetch current project
			project, err := client.Project(strconv.Itoa(item.Id))
			if err != nil || project.Permissions == nil {
				continue
			}
			repo.Role.Admin = IsAdmin(project)
			repo.Role.Write = IsWrite(project)
			repo.Role.Read = IsRead(project)
		}

		repos = append(repos, &repo)
	}

	return repos, err
}

// GetScript fetches the build script (.drone.yml) from the remote
// repository and returns in string format.
func (r *Gitlab) GetScript(user *model.User, repo *model.Repo, hook *model.Hook) ([]byte, error) {
	var client = NewClient(r.url, user.Access, r.SkipVerify)
	var path = ns(repo.Owner, repo.Name)
	return client.RepoRawFile(path, hook.Sha, ".drone.yml")
}

// Activate activates a repository by adding a Post-commit hook and
// a Public Deploy key, if applicable.
func (r *Gitlab) Activate(user *model.User, repo *model.Repo, link string) error {
	var client = NewClient(r.url, user.Access, r.SkipVerify)
	var path = ns(repo.Owner, repo.Name)
	var title, err = GetKeyTitle(link)
	if err != nil {
		return err
	}

	// if the repository is private we'll need
	// to upload a github key to the repository
	if repo.Private {
		var err = client.AddProjectDeployKey(path, title, repo.PublicKey)
		if err != nil {
			return err
		}
	}

	// append the repo owner / name to the hook url since gitlab
	// doesn't send this detail in the post-commit hook
	link += "?owner=" + repo.Owner + "&name=" + repo.Name

	// add the hook
	return client.AddProjectHook(path, link, true, false, true, false)
}

// Deactivate removes a repository by removing all the post-commit hooks
// which are equal to link and removing the SSH deploy key.
func (r *Gitlab) Deactivate(user *model.User, repo *model.Repo, link string) error {
	var client = NewClient(r.url, user.Access, r.SkipVerify)
	var path = ns(repo.Owner, repo.Name)

	keys, err := client.ProjectDeployKeys(path)
	if err != nil {
		return err
	}
	var pubkey = strings.TrimSpace(repo.PublicKey)
	for _, k := range keys {
		if pubkey == strings.TrimSpace(k.Key) {
			if err := client.RemoveProjectDeployKey(path, strconv.Itoa(k.Id)); err != nil {
				return err
			}
			break
		}
	}
	hooks, err := client.ProjectHooks(path)
	if err != nil {
		return err
	}
	link += "?owner=" + repo.Owner + "&name=" + repo.Name
	for _, h := range hooks {
		if link == h.Url {
			if err := client.RemoveProjectHook(path, strconv.Itoa(h.Id)); err != nil {
				return err
			}
			break
		}
	}
	return nil
}

// ParseHook parses the post-commit hook from the Request body
// and returns the required data in a standard format.
func (r *Gitlab) ParseHook(req *http.Request) (*model.Hook, error) {

	defer req.Body.Close()
	var payload, _ = ioutil.ReadAll(req.Body)
	var parsed, err = gogitlab.ParseHook(payload)
	if err != nil {
		return nil, err
	}

	if len(parsed.After) == 0 || parsed.TotalCommitsCount == 0 {
		return nil, nil
	}

	if parsed.ObjectKind == "merge_request" {
		// TODO (bradrydzewski) figure out how to handle merge requests
		return nil, nil
	}

	if len(parsed.After) == 0 {
		return nil, nil
	}

	var hook = new(model.Hook)
	hook.Owner = req.FormValue("owner")
	hook.Repo = req.FormValue("name")
	hook.Sha = parsed.After
	hook.Branch = parsed.Branch()

	var head = parsed.Head()
	hook.Message = head.Message
	hook.Timestamp = head.Timestamp

	// extracts the commit author (ideally email)
	// from the post-commit hook
	switch {
	case head.Author != nil:
		hook.Author = head.Author.Email
	case head.Author == nil:
		hook.Author = parsed.UserName
	}

	return hook, nil
}

func (r *Gitlab) OpenRegistration() bool {
	return r.Open
}

func (r *Gitlab) GetToken(user *model.User) (*model.Token, error) {
	expiry := time.Unix(user.TokenExpiry, 0)
	if user.TokenExpiry == 0 && len(user.Access) != 0 ||
		expiry.Sub(time.Now()) > (60*time.Second) {
		return nil, nil
	}

	t := &oauth.Transport{
		Config: NewOauthConfig(r, ""),
		Token: &oauth.Token{
			AccessToken:  user.Access,
			RefreshToken: user.Secret,
			Expiry:       expiry,
		},
		Transport: &http.Transport{
			Proxy:           http.ProxyFromEnvironment,
			TLSClientConfig: &tls.Config{InsecureSkipVerify: r.SkipVerify},
		},
	}

	if err := t.Refresh(); err != nil {
		return nil, err
	}

	var token = new(model.Token)
	token.AccessToken = t.Token.AccessToken
	token.RefreshToken = t.Token.RefreshToken
	token.Expiry = t.Token.Expiry.Unix()
	return token, nil
}