207 lines
5.4 KiB
Go
207 lines
5.4 KiB
Go
// Copyright 2022 Cloudbase Solutions SRL
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
// not use this file except in compliance with the License. You may obtain
|
|
// a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
// License for the specific language governing permissions and limitations
|
|
// under the License.
|
|
|
|
package controllers
|
|
|
|
import (
|
|
"encoding/json"
|
|
"io/ioutil"
|
|
"log"
|
|
"net/http"
|
|
|
|
"garm/apiserver/params"
|
|
"garm/auth"
|
|
gErrors "garm/errors"
|
|
runnerParams "garm/params"
|
|
"garm/runner"
|
|
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
func NewAPIController(r *runner.Runner, auth *auth.Authenticator) (*APIController, error) {
|
|
return &APIController{
|
|
r: r,
|
|
auth: auth,
|
|
}, nil
|
|
}
|
|
|
|
type APIController struct {
|
|
r *runner.Runner
|
|
auth *auth.Authenticator
|
|
}
|
|
|
|
func handleError(w http.ResponseWriter, err error) {
|
|
w.Header().Add("Content-Type", "application/json")
|
|
origErr := errors.Cause(err)
|
|
apiErr := params.APIErrorResponse{
|
|
Details: origErr.Error(),
|
|
}
|
|
|
|
switch origErr.(type) {
|
|
case *gErrors.NotFoundError:
|
|
w.WriteHeader(http.StatusNotFound)
|
|
apiErr.Error = "Not Found"
|
|
case *gErrors.UnauthorizedError:
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
apiErr.Error = "Not Authorized"
|
|
case *gErrors.BadRequestError:
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
apiErr.Error = "Bad Request"
|
|
case *gErrors.DuplicateUserError, *gErrors.ConflictError:
|
|
w.WriteHeader(http.StatusConflict)
|
|
apiErr.Error = "Conflict"
|
|
default:
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
apiErr.Error = "Server error"
|
|
}
|
|
|
|
json.NewEncoder(w).Encode(apiErr)
|
|
}
|
|
|
|
func (a *APIController) authenticateHook(body []byte, headers http.Header) error {
|
|
// signature := headers.Get("X-Hub-Signature-256")
|
|
hookType := headers.Get("X-Github-Hook-Installation-Target-Type")
|
|
var workflowJob runnerParams.WorkflowJob
|
|
if err := json.Unmarshal(body, &workflowJob); err != nil {
|
|
return gErrors.NewBadRequestError("invalid post body: %s", err)
|
|
}
|
|
|
|
switch hookType {
|
|
case "repository":
|
|
case "organization":
|
|
default:
|
|
return gErrors.NewBadRequestError("invalid hook type: %s", hookType)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (a *APIController) handleWorkflowJobEvent(w http.ResponseWriter, r *http.Request) {
|
|
defer r.Body.Close()
|
|
body, err := ioutil.ReadAll(r.Body)
|
|
if err != nil {
|
|
handleError(w, gErrors.NewBadRequestError("invalid post body: %s", err))
|
|
return
|
|
}
|
|
|
|
signature := r.Header.Get("X-Hub-Signature-256")
|
|
hookType := r.Header.Get("X-Github-Hook-Installation-Target-Type")
|
|
|
|
if err := a.r.DispatchWorkflowJob(hookType, signature, body); err != nil {
|
|
log.Printf("failed to dispatch work: %s", err)
|
|
handleError(w, err)
|
|
return
|
|
}
|
|
}
|
|
|
|
func (a *APIController) CatchAll(w http.ResponseWriter, r *http.Request) {
|
|
headers := r.Header.Clone()
|
|
|
|
event := runnerParams.Event(headers.Get("X-Github-Event"))
|
|
switch event {
|
|
case runnerParams.WorkflowJobEvent:
|
|
a.handleWorkflowJobEvent(w, r)
|
|
default:
|
|
log.Printf("ignoring unknown event %s", event)
|
|
return
|
|
}
|
|
}
|
|
|
|
// NotFoundHandler is returned when an invalid URL is acccessed
|
|
func (a *APIController) NotFoundHandler(w http.ResponseWriter, r *http.Request) {
|
|
apiErr := params.APIErrorResponse{
|
|
Details: "Resource not found",
|
|
Error: "Not found",
|
|
}
|
|
w.WriteHeader(http.StatusNotFound)
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(apiErr)
|
|
}
|
|
|
|
// LoginHandler returns a jwt token
|
|
func (a *APIController) LoginHandler(w http.ResponseWriter, r *http.Request) {
|
|
var loginInfo runnerParams.PasswordLoginParams
|
|
if err := json.NewDecoder(r.Body).Decode(&loginInfo); err != nil {
|
|
handleError(w, gErrors.ErrBadRequest)
|
|
return
|
|
}
|
|
|
|
if err := loginInfo.Validate(); err != nil {
|
|
handleError(w, err)
|
|
return
|
|
}
|
|
|
|
ctx := r.Context()
|
|
ctx, err := a.auth.AuthenticateUser(ctx, loginInfo)
|
|
if err != nil {
|
|
handleError(w, err)
|
|
return
|
|
}
|
|
|
|
tokenString, err := a.auth.GetJWTToken(ctx)
|
|
if err != nil {
|
|
handleError(w, err)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(runnerParams.JWTResponse{Token: tokenString})
|
|
}
|
|
|
|
func (a *APIController) FirstRunHandler(w http.ResponseWriter, r *http.Request) {
|
|
if a.auth.IsInitialized() {
|
|
err := gErrors.NewConflictError("already initialized")
|
|
handleError(w, err)
|
|
return
|
|
}
|
|
|
|
ctx := r.Context()
|
|
|
|
var newUserParams runnerParams.NewUserParams
|
|
if err := json.NewDecoder(r.Body).Decode(&newUserParams); err != nil {
|
|
handleError(w, gErrors.ErrBadRequest)
|
|
return
|
|
}
|
|
|
|
newUser, err := a.auth.InitController(ctx, newUserParams)
|
|
if err != nil {
|
|
handleError(w, err)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(newUser)
|
|
|
|
}
|
|
|
|
func (a *APIController) ListCredentials(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
creds, err := a.r.ListCredentials(ctx)
|
|
if err != nil {
|
|
handleError(w, err)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(creds)
|
|
}
|
|
|
|
func (a *APIController) ListProviders(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
providers, err := a.r.ListProviders(ctx)
|
|
if err != nil {
|
|
handleError(w, err)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(providers)
|
|
}
|