aboutsummaryrefslogblamecommitdiffstats
path: root/bridge/core/auth/credential.go
blob: 86cf737e81cd2c464ad4dd081a3f14b5bb81067c (plain) (tree) 
b92adfcb



34083de0


b92adfcb













b92adfcb


34083de0

26f01523


bd7b50bc


b92adfcb





4c6d33e4

34083de0

4c6d33e4

b92adfcb










b92adfcb

34083de0

b92adfcb

34083de0

b92adfcb

74e91144

26f01523

74e91144


b92adfcb


34083de0

864d3ed3

b92adfcb















































864d3ed3

b92adfcb











34083de0

b92adfcb

58c0e5aa

b92adfcb

34083de0



b92adfcb

34083de0

b92adfcb




34083de0




b92adfcb



26f01523








74e91144



26f01523



34083de0

















b92adfcb







ae2f942e

b92adfcb















































864d3ed3

b92adfcb









b92adfcb












34083de0










26f01523








b92adfcb


































1
2
3

4
5

6
7
8
9
10
11
12
13
14
15
16
17
18

19
20

21

22
23

24
25

26
27
28
29
30

31

32

33

34
35
36
37
38
39
40
41
42
43

44

45

46

47

48

49

50

51
52

53
54

55

56

57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

104

105
106
107
108
109
110
111
112
113
114
115

116

117

118

119

120
121
122

123

124

125
126
127
128

129
130
131
132

133
134
135

136
137
138
139
140
141
142
143

144
145
146

147
148
149

150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

167
168
169
170
171
172
173

174

175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221

222

223
224
225
226
227
228
229
230
231

232
233
234
235
236
237
238
239
240
241
242
243

244
245
246
247
248
249
250
251
252
253

254
255
256
257
258
259
260
261

262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295



            

                         












                                                   

                                          
                                    

                                     

                                   




                          
                                                  
                                                  
                                                           









                                                                                   
                             
                       
                              
                     
                        
 
                                    

                                              

                                                                                                             
                                                                            
                                    














































                                                                                    
                                                                                   










                                                                                     
                     
 
                                                       
                       


                                                       
                               
                                                               



                                                                                            



                                                                     


                        







                                                                          


                             


                     
















                                                                  






                                                                             
                                                                                            














































                                                                  
                                








                                                                                         











                                                                                               









                                                                            







                                                                                           

































                                                                       
package auth

import (
	"crypto/rand"
	"encoding/base64"
	"errors"
	"fmt"
	"regexp"
	"strings"
	"time"

	"github.com/MichaelMure/git-bug/entity"
	"github.com/MichaelMure/git-bug/repository"
)

const (
	configKeyPrefix     = "git-bug.auth"
	configKeyKind       = "kind"
	configKeyTarget     = "target"
	configKeyCreateTime = "createtime"
	configKeySalt       = "salt"
	configKeyPrefixMeta = "meta."

	MetaKeyLogin   = "login"
	MetaKeyBaseURL = "base-url"
)

type CredentialKind string

const (
	KindToken         CredentialKind = "token"
	KindLogin         CredentialKind = "login"
	KindLoginPassword CredentialKind = "login-password"
)

var ErrCredentialNotExist = errors.New("credential doesn't exist")

func NewErrMultipleMatchCredential(matching []entity.Id) *entity.ErrMultipleMatch {
	return entity.NewErrMultipleMatch("credential", matching)
}

type Credential interface {
	ID() entity.Id
	Kind() CredentialKind
	Target() string
	CreateTime() time.Time
	Salt() []byte
	Validate() error

	Metadata() map[string]string
	GetMetadata(key string) (string, bool)
	SetMetadata(key string, value string)

	// Return all the specific properties of the credential that need to be saved into the configuration.
	// This does not include Target, Kind, CreateTime, Metadata or Salt.
	toConfig() map[string]string
}

// Load loads a credential from the repo config
func LoadWithId(repo repository.RepoConfig, id entity.Id) (Credential, error) {
	keyPrefix := fmt.Sprintf("%s.%s.", configKeyPrefix, id)

	// read token config pairs
	rawconfigs, err := repo.GlobalConfig().ReadAll(keyPrefix)
	if err != nil {
		// Not exactly right due to the limitation of ReadAll()
		return nil, ErrCredentialNotExist
	}

	return loadFromConfig(rawconfigs, id)
}

// LoadWithPrefix load a credential from the repo config with a prefix
func LoadWithPrefix(repo repository.RepoConfig, prefix string) (Credential, error) {
	creds, err := List(repo)
	if err != nil {
		return nil, err
	}

	// preallocate but empty
	matching := make([]Credential, 0, 5)

	for _, cred := range creds {
		if cred.ID().HasPrefix(prefix) {
			matching = append(matching, cred)
		}
	}

	if len(matching) > 1 {
		ids := make([]entity.Id, len(matching))
		for i, cred := range matching {
			ids[i] = cred.ID()
		}
		return nil, NewErrMultipleMatchCredential(ids)
	}

	if len(matching) == 0 {
		return nil, ErrCredentialNotExist
	}

	return matching[0], nil
}

// loadFromConfig is a helper to construct a Credential from the set of git configs
func loadFromConfig(rawConfigs map[string]string, id entity.Id) (Credential, error) {
	keyPrefix := fmt.Sprintf("%s.%s.", configKeyPrefix, id)

	// trim key prefix
	configs := make(map[string]string)
	for key, value := range rawConfigs {
		newKey := strings.TrimPrefix(key, keyPrefix)
		configs[newKey] = value
	}

	var cred Credential
	var err error

	switch CredentialKind(configs[configKeyKind]) {
	case KindToken:
		cred, err = NewTokenFromConfig(configs)
	case KindLogin:
		cred, err = NewLoginFromConfig(configs)
	case KindLoginPassword:
		cred, err = NewLoginPasswordFromConfig(configs)
	default:
		return nil, fmt.Errorf("unknown credential type %s", configs[configKeyKind])
	}

	if err != nil {
		return nil, fmt.Errorf("loading credential: %v", err)
	}

	return cred, nil
}

func metaFromConfig(configs map[string]string) map[string]string {
	result := make(map[string]string)
	for key, val := range configs {
		if strings.HasPrefix(key, configKeyPrefixMeta) {
			key = strings.TrimPrefix(key, configKeyPrefixMeta)
			result[key] = val
		}
	}
	if len(result) == 0 {
		return nil
	}
	return result
}

func makeSalt() []byte {
	result := make([]byte, 16)
	_, err := rand.Read(result)
	if err != nil {
		panic(err)
	}
	return result
}

func saltFromConfig(configs map[string]string) ([]byte, error) {
	val, ok := configs[configKeySalt]
	if !ok {
		return nil, fmt.Errorf("no credential salt found")
	}
	return base64.StdEncoding.DecodeString(val)
}

// List load all existing credentials
func List(repo repository.RepoConfig, opts ...Option) ([]Credential, error) {
	rawConfigs, err := repo.GlobalConfig().ReadAll(configKeyPrefix + ".")
	if err != nil {
		return nil, err
	}

	re, err := regexp.Compile(`^` + configKeyPrefix + `\.([^.]+)\.([^.]+(?:\.[^.]+)*)$`)
	if err != nil {
		panic(err)
	}

	mapped := make(map[string]map[string]string)

	for key, val := range rawConfigs {
		res := re.FindStringSubmatch(key)
		if res == nil {
			continue
		}
		if mapped[res[1]] == nil {
			mapped[res[1]] = make(map[string]string)
		}
		mapped[res[1]][res[2]] = val
	}

	matcher := matcher(opts)

	var credentials []Credential
	for id, kvs := range mapped {
		cred, err := loadFromConfig(kvs, entity.Id(id))
		if err != nil {
			return nil, err
		}
		if matcher.Match(cred) {
			credentials = append(credentials, cred)
		}
	}

	return credentials, nil
}

// IdExist return whether a credential id exist or not
func IdExist(repo repository.RepoConfig, id entity.Id) bool {
	_, err := LoadWithId(repo, id)
	return err == nil
}

// PrefixExist return whether a credential id prefix exist or not
func PrefixExist(repo repository.RepoConfig, prefix string) bool {
	_, err := LoadWithPrefix(repo, prefix)
	return err == nil
}

// Store stores a credential in the global git config
func Store(repo repository.RepoConfig, cred Credential) error {
	confs := cred.toConfig()

	prefix := fmt.Sprintf("%s.%s.", configKeyPrefix, cred.ID())

	// Kind
	err := repo.GlobalConfig().StoreString(prefix+configKeyKind, string(cred.Kind()))
	if err != nil {
		return err
	}

	// Target
	err = repo.GlobalConfig().StoreString(prefix+configKeyTarget, cred.Target())
	if err != nil {
		return err
	}

	// CreateTime
	err = repo.GlobalConfig().StoreTimestamp(prefix+configKeyCreateTime, cred.CreateTime())
	if err != nil {
		return err
	}

	// Salt
	if len(cred.Salt()) != 16 {
		panic("credentials need to be salted")
	}
	encoded := base64.StdEncoding.EncodeToString(cred.Salt())
	err = repo.GlobalConfig().StoreString(prefix+configKeySalt, encoded)
	if err != nil {
		return err
	}

	// Metadata
	for key, val := range cred.Metadata() {
		err := repo.GlobalConfig().StoreString(prefix+configKeyPrefixMeta+key, val)
		if err != nil {
			return err
		}
	}

	// Custom
	for key, val := range confs {
		err := repo.GlobalConfig().StoreString(prefix+key, val)
		if err != nil {
			return err
		}
	}

	return nil
}

// Remove removes a credential from the global git config
func Remove(repo repository.RepoConfig, id entity.Id) error {
	keyPrefix := fmt.Sprintf("%s.%s", configKeyPrefix, id)
	return repo.GlobalConfig().RemoveAll(keyPrefix)
}

/*
 * Sorting
 */

type ById []Credential

func (b ById) Len() int {
	return len(b)
}

func (b ById) Less(i, j int) bool {
	return b[i].ID() < b[j].ID()
}

func (b ById) Swap(i, j int) {
	b[i], b[j] = b[j], b[i]
}
generated by cgit (git 2.34.1) at 2024-10-19 16:28:31 +0000