/// <inheritdoc/>
protected override async Task HandleRequirementAsync(
AuthorizationHandlerContext context,
GiteaPushPermissionRequirement requirement)
{
if (_httpContext == null)
{
return;
}
string org = _httpContext.GetRouteValue("org")?.ToString();
string app = _httpContext.GetRouteValue("app")?.ToString();
if (string.IsNullOrWhiteSpace(org) ||
string.IsNullOrWhiteSpace(app))
{
_httpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return;
}
RepositoryClient.Model.Repository repository = await _giteaApiWrapper.GetRepository(org, app);
if (repository?.Permissions?.Push == true ||
repository?.Permissions?.Admin == true)
{
context.Succeed(requirement);
}
else
{
_httpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
/// <inheritdoc />
public async Task <RepositoryClient.Model.Repository> CreateRepository(string org, CreateRepoOption options)
{
var repository = new RepositoryClient.Model.Repository();
string developerUserName = AuthenticationHelper.GetDeveloperUserName(_httpContextAccessor.HttpContext);
string urlEnd = developerUserName == org ? "user/repos" : $"org/{org}/repos";
HttpResponseMessage response = await _httpClient.PostAsJsonAsync(urlEnd, options);
if (response.StatusCode == HttpStatusCode.Created)
{
repository = await response.Content.ReadAsAsync <RepositoryClient.Model.Repository>();
repository.RepositoryCreatedStatus = HttpStatusCode.Created;
}
else if (response.StatusCode == HttpStatusCode.Conflict)
{
// The repository with the same name already exists, 409 from Gitea API
repository.RepositoryCreatedStatus = HttpStatusCode.Conflict;
}
else
{
_logger.LogError("User " + AuthenticationHelper.GetDeveloperUserName(_httpContextAccessor.HttpContext) +
" Create repository failed with statuscode " + response.StatusCode + " for " +
org + " and repo-name " + options.Name);
}
return(repository);
}
/// <inheritdoc/>
public async Task <RepositoryClient.Model.Repository> GetRepository(string org, string repository)
{
RepositoryClient.Model.Repository returnRepository = null;
string giteaUrl = $"repos/{org}/{repository}";
HttpResponseMessage response = await _httpClient.GetAsync(giteaUrl);
if (response.StatusCode == HttpStatusCode.OK)
{
returnRepository = await response.Content.ReadAsAsync <RepositoryClient.Model.Repository>();
}
else
{
_logger.LogWarning($"User {AuthenticationHelper.GetDeveloperUserName(_httpContextAccessor.HttpContext)} fetching app {org}/{repository} failed with reponsecode {response.StatusCode}");
}
if (!string.IsNullOrEmpty(returnRepository?.Owner?.Login))
{
returnRepository.IsClonedToLocal = IsLocalRepo(returnRepository.Owner.Login, returnRepository.Name);
Organization organisation = await GetCachedOrg(returnRepository.Owner.Login);
if (organisation.Id != -1)
{
returnRepository.Owner.UserType = UserType.Org;
}
}
return(returnRepository);
}
/// <inheritdoc/>
protected override async Task HandleRequirementAsync(
AuthorizationHandlerContext context,
GiteaDeployPermissionRequirement requirement)
{
if (_httpContext == null)
{
return;
}
string org = _httpContext.GetRouteValue("org")?.ToString();
string app = _httpContext.GetRouteValue("app")?.ToString();
if (string.IsNullOrWhiteSpace(org) ||
string.IsNullOrWhiteSpace(app))
{
_httpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return;
}
if (!_settings.CheckTeamMembershipForDeploy)
{
RepositoryClient.Model.Repository repository = await _giteaApiWrapper.GetRepository(org, app);
if (repository?.Permissions?.Push == true ||
repository?.Permissions?.Admin == true)
{
context.Succeed(requirement);
}
else
{
_httpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
return;
}
string environment = _httpContext.GetRouteValue("environment")?.ToString();
if (string.IsNullOrEmpty(environment))
{
_httpContext.Request.EnableBuffering();
using (var reader = new StreamReader(
_httpContext.Request.Body,
encoding: Encoding.UTF8,
detectEncodingFromByteOrderMarks: false,
bufferSize: 1024,
leaveOpen: true))
{
string body = await reader.ReadToEndAsync();
try
{
CreateDeploymentRequestViewModel model = JsonConvert.DeserializeObject <CreateDeploymentRequestViewModel>(body);
environment = model.Environment.Name;
}
catch
{
reader.Close();
_httpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return;
}
// Reset the request body stream position so the next middleware can read it
_httpContext.Request.Body.Position = 0;
}
}
string matchTeam = $"Deploy-{environment}";
List <Team> teams = await _giteaApiWrapper.GetTeams();
bool any = teams.Any(t => t.Organization.Username.Equals(
org, System.StringComparison.OrdinalIgnoreCase) &&
t.Name.Equals(matchTeam, System.StringComparison.OrdinalIgnoreCase));
if (any)
{
context.Succeed(requirement);
}
else
{
_httpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
