feat: add endpoint to generate a long-lived token to use inside ci actions

This commit is contained in:
Derrick Hammer 2024-02-12 15:48:31 -05:00
parent 340240575f
commit a1bc451d3e
Signed by: pcfreak30
GPG Key ID: C997C339BE476FF2
1 changed files with 84 additions and 3 deletions

View File

@ -1,18 +1,27 @@
package api package api
import ( import (
"crypto/x509"
"encoding/json"
"encoding/pem"
"git.lumeweb.com/LumeWeb/gitea-github-proxy/config" "git.lumeweb.com/LumeWeb/gitea-github-proxy/config"
"git.lumeweb.com/LumeWeb/gitea-github-proxy/db/model"
"github.com/golang-jwt/jwt"
"github.com/gorilla/mux"
"go.uber.org/zap" "go.uber.org/zap"
"gorm.io/gorm"
"net/http" "net/http"
"time"
) )
type appApi struct { type appApi struct {
config *config.Config config *config.Config
db *gorm.DB
logger *zap.Logger logger *zap.Logger
} }
func newAppApi(cfg *config.Config, logger *zap.Logger) *appApi { func newAppApi(cfg *config.Config, db *gorm.DB, logger *zap.Logger) *appApi {
return &appApi{config: cfg, logger: logger} return &appApi{config: cfg, db: db, logger: logger}
} }
func (a *appApi) handlerNewAppInstall(w http.ResponseWriter, r *http.Request) { func (a *appApi) handlerNewAppInstall(w http.ResponseWriter, r *http.Request) {
@ -21,16 +30,88 @@ func (a *appApi) handlerNewAppInstall(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain") w.Header().Set("Content-Type", "text/plain")
} }
func (a *appApi) handlerAppGetAccessToken(w http.ResponseWriter, r *http.Request) {
now := time.Now().Add(-30 * time.Second)
expirationTime := now.Add(100 * 365 * 24 * time.Hour)
appName := mux.Vars(r)["app"]
appRecord := &model.Apps{}
appRecord.Name = appName
if err := a.db.First(appRecord).Error; err != nil {
http.Error(w, "Failed to find app", http.StatusNotFound)
a.logger.Error("Failed to find app", zap.Error(err))
return
}
block, _ := pem.Decode([]byte(appRecord.PrivateKey))
if block == nil {
http.Error(w, "Failed to parse PEM block containing the key", http.StatusInternalServerError)
a.logger.Error("Failed to parse PEM block containing the key")
return
}
privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
http.Error(w, "Failed to parse DER encoded private key", http.StatusInternalServerError)
a.logger.Error("Failed to parse DER encoded private key", zap.Error(err))
}
claims := jwt.MapClaims{
"iss": appRecord.ID,
"iat": now.Unix(),
"exp": expirationTime,
}
token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
signedToken, err := token.SignedString(privateKey)
if err != nil {
http.Error(w, "Failed to sign token", http.StatusInternalServerError)
a.logger.Error("Failed to sign token", zap.Error(err))
return
}
out := struct {
Token string `json:"token"`
ExpiresAt time.Time `json:"expires_at"`
}{
Token: signedToken,
ExpiresAt: expirationTime,
}
a.respond(w, http.StatusCreated, out)
}
func (r appApi) respond(w http.ResponseWriter, status int, data interface{}) {
jsonData, err := json.Marshal(data)
if err != nil {
http.Error(w, "Failed to marshal response", http.StatusInternalServerError)
r.logger.Error("Failed to marshal response", zap.Error(err))
return
}
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(status)
if data != nil {
_, _ = w.Write(jsonData)
}
}
func setupAppRoutes(params RouteParams) { func setupAppRoutes(params RouteParams) {
logger := params.Logger logger := params.Logger
cfg := params.Config cfg := params.Config
db := params.Db
r := params.R r := params.R
appApi := newAppApi(cfg, logger) appApi := newAppApi(cfg, db, logger)
appRouter := r.PathPrefix("/apps").Subrouter() appRouter := r.PathPrefix("/apps").Subrouter()
appRouter.Use(giteaOauthVerifyMiddleware(cfg)) appRouter.Use(giteaOauthVerifyMiddleware(cfg))
appRouter.Use(requireAuthMiddleware(cfg)) appRouter.Use(requireAuthMiddleware(cfg))
appRouter.HandleFunc("/{app}/installations/new", appApi.handlerNewAppInstall).Methods("GET") appRouter.HandleFunc("/{app}/installations/new", appApi.handlerNewAppInstall).Methods("GET")
appRouter.HandleFunc("/{app}/access_token", appApi.handlerAppGetAccessToken).Methods("GET")
} }