package gitlab
import (
"fmt"
"net/url"
"regexp"
"strconv"
"strings"
"github.com/pkg/errors"
"github.com/xanzy/go-gitlab"
"github.com/MichaelMure/git-bug/bridge/core"
"github.com/MichaelMure/git-bug/bridge/core/auth"
"github.com/MichaelMure/git-bug/cache"
"github.com/MichaelMure/git-bug/input"
"github.com/MichaelMure/git-bug/repository"
)
var (
ErrBadProjectURL = errors.New("bad project url")
)
func (g *Gitlab) ValidParams() map[string]interface{} {
return map[string]interface{}{
"URL": nil,
"BaseURL": nil,
"Login": nil,
"CredPrefix": nil,
"TokenRaw": nil,
}
}
func (g *Gitlab) Configure(repo *cache.RepoCache, params core.BridgeParams, interactive bool) (core.Configuration, error) {
var err error
var baseUrl string
switch {
case params.BaseURL != "":
baseUrl = params.BaseURL
default:
if !interactive {
return nil, fmt.Errorf("Non-interactive-mode is active. Please specify the gitlab instance URL via the --base-url option.")
}
baseUrl, err = input.PromptDefault("Gitlab server URL", "URL", defaultBaseURL, input.Required, input.IsURL)
if err != nil {
return nil, errors.Wrap(err, "base url prompt")
}
}
var projectURL string
// get project url
switch {
case params.URL != "":
projectURL = params.URL
default:
// terminal prompt
if !interactive {
return nil, fmt.Errorf("Non-interactive-mode is active. Please specify the gitlab project URL via the --url option.")
}
projectURL, err = promptProjectURL(repo, baseUrl)
if err != nil {
return nil, errors.Wrap(err, "url prompt")
}
}
if !strings.HasPrefix(projectURL, params.BaseURL) {
return nil, fmt.Errorf("base URL (%s) doesn't match the project URL (%s)", params.BaseURL, projectURL)
}
var login string
var cred auth.Credential
switch {
case params.CredPrefix != "":
cred, err = auth.LoadWithPrefix(repo, params.CredPrefix)
if err != nil {
return nil, err
}
l, ok := cred.GetMetadata(auth.MetaKeyLogin)
if !ok {
return nil, fmt.Errorf("credential doesn't have a login")
}
login = l
case params.TokenRaw != "":
token := auth.NewToken(target, params.TokenRaw)
login, err = getLoginFromToken(baseUrl, token)
if err != nil {
return nil, err
}
token.SetMetadata(auth.MetaKeyLogin, login)
token.SetMetadata(auth.MetaKeyBaseURL, baseUrl)
cred = token
default:
if params.Login == "" {
if !interactive {
return nil, fmt.Errorf("Non-interactive-mode is active. Please specify the login name via the --login option.")
}
// TODO: validate username
login, err = input.Prompt("Gitlab login", "login", input.Required)
} else {
// TODO: validate username
login = params.Login
}
if err != nil {
return nil, err
}
if !interactive {
return nil, fmt.Errorf("Non-interactive-mode is active. Please specify the access token via the --token option.")
}
cred, err = promptTokenOptions(repo, login, baseUrl)
if err != nil {
return nil, err
}
}
token, ok := cred.(*auth.Token)
if !ok {
return nil, fmt.Errorf("the Gitlab bridge only handle token credentials")
}
// validate project url and get its ID
id, err := validateProjectURL(baseUrl, projectURL, token)
if err != nil {
return nil, errors.Wrap(err, "project validation")
}
conf := make(core.Configuration)
conf[core.ConfigKeyTarget] = target
conf[confKeyProjectID] = strconv.Itoa(id)
conf[confKeyGitlabBaseUrl] = baseUrl
conf[confKeyDefaultLogin] = login
err = g.ValidateConfig(conf)
if err != nil {
return nil, err
}
// don't forget to store the now known valid token
if !auth.IdExist(repo, cred.ID()) {
err = auth.Store(repo, cred)
if err != nil {
return nil, err
}
}
return conf, core.FinishConfig(repo, metaKeyGitlabLogin, login)
}
func (g *Gitlab) ValidateConfig(conf core.Configuration) error {
if v, ok := conf[core.ConfigKeyTarget]; !ok {
return fmt.Errorf("missing %s key", core.ConfigKeyTarget)
} else if v != target {
return fmt.Errorf("unexpected target name: %v", v)
}
if _, ok := conf[confKeyGitlabBaseUrl]; !ok {
return fmt.Errorf("missing %s key", confKeyGitlabBaseUrl)
}
if _, ok := conf[confKeyProjectID]; !ok {
return fmt.Errorf("missing %s key", confKeyProjectID)
}
if _, ok := conf[confKeyDefaultLogin]; !ok {
return fmt.Errorf("missing %s key", confKeyDefaultLogin)
}
return nil
}
func promptTokenOptions(repo repository.RepoKeyring, login, baseUrl string) (auth.Credential, error) {
creds, err := auth.List(repo,
auth.WithTarget(target),
auth.WithKind(auth.KindToken),
auth.WithMeta(auth.MetaKeyLogin, login),
auth.WithMeta(auth.MetaKeyBaseURL, baseUrl),
)
if err != nil {
return nil, err
}
cred, index, err := input.PromptCredential(target, "token", creds, []string{
"enter my token",
})
switch {
case err != nil:
return nil, err
case cred != nil:
return cred, nil
case index == 0:
return promptToken(baseUrl)
default:
panic("missed case")
}
}
func promptToken(baseUrl string) (*auth.Token, error) {
fmt.Printf("You can generate a new token by visiting %s.\n", strings.TrimSuffix(baseUrl, "/")+"/-/profile/personal_access_tokens")
fmt.Println("Choose 'Create personal access token' and set the necessary access scope for your repository.")
fmt.Println()
fmt.Println("'api' access scope: to be able to make api calls")
fmt.Println()
re := regexp.MustCompile(`^(glpat-)?[a-zA-Z0-9\-\_]{20}$`)
var login string
validator := func(name string, value string) (complaint string, err error) {
if !re.MatchString(value) {
return "token has incorrect format", nil
}
login, err = getLoginFromToken(baseUrl, auth.NewToken(target, value))
if err != nil {
return fmt.Sprintf("token is invalid: %v", err), nil
}
return "", nil
}
rawToken, err := input.Prompt("Enter token", "token", input.Required, validator)
if err != nil {
return nil, err
}
token := auth.NewToken(target, rawToken)
token.SetMetadata(auth.MetaKeyLogin, login)
token.SetMetadata(auth.MetaKeyBaseURL, baseUrl)
return token, nil
}
func promptProjectURL(repo repository.RepoCommon, baseUrl string) (string, error) {
validRemotes, err := getValidGitlabRemoteURLs(repo, baseUrl)
if err != nil {
return "", err
}
return input.PromptURLWithRemote("Gitlab project URL", "URL", validRemotes, input.Required)
}
func getProjectPath(baseUrl, projectUrl string) (string, error) {
cleanUrl := strings.TrimSuffix(projectUrl, ".git")
cleanUrl = strings.Replace(cleanUrl, "git@", "https://", 1)
objectUrl, err := url.Parse(cleanUrl)
if err != nil {
return "", ErrBadProjectURL
}
objectBaseUrl, err := url.Parse(baseUrl)
if err != nil {
return "", ErrBadProjectURL
}
if objectUrl.Hostname() != objectBaseUrl.Hostname() {
return "", fmt.Errorf("base url and project url hostnames doesn't match")
}
return objectUrl.Path[1:], nil
}
func getValidGitlabRemoteURLs(repo repository.RepoCommon, baseUrl string) ([]string, error) {
remotes, err := repo.GetRemotes()
if err != nil {
return nil, err
}
urls := make([]string, 0, len(remotes))
for _, u := range remotes {
p, err := getProjectPath(baseUrl, u)
if err != nil {
continue
}
urls = append(urls, fmt.Sprintf("%s/%s", baseUrl, p))
}
return urls, nil
}
func validateProjectURL(baseUrl, url string, token *auth.Token) (int, error) {
projectPath, err := getProjectPath(baseUrl, url)
if err != nil {
return 0, err
}
client, err := buildClient(baseUrl, token)
if err != nil {
return 0, err
}
project, _, err := client.Projects.GetProject(projectPath, &gitlab.GetProjectOptions{})
if err != nil {
return 0, errors.Wrap(err, "wrong token scope ou non-existent project")
}
return project.ID, nil
}
func getLoginFromToken(baseUrl string, token *auth.Token) (string, error) {
client, err := buildClient(baseUrl, token)
if err != nil {
return "", err
}
user, _, err := client.Users.CurrentUser()
if err != nil {
return "", err
}
if user.Username == "" {
return "", fmt.Errorf("gitlab say username is empty")
}
return user.Username, nil
}