Browse Source

ADD drone user oauth

tags/v1.0.0
Jasder 5 years ago
parent
commit
28d6aa2dda
5 changed files with 76 additions and 12 deletions
  1. +30
    -0
      README.md
  2. +7
    -1
      app/controllers/ci/cloud_accounts_controller.rb
  3. +32
    -11
      app/controllers/concerns/ci/cloud_account_manageable.rb
  4. +1
    -0
      app/models/user.rb
  5. +6
    -0
      config/routes.rb

+ 30
- 0
README.md View File

@@ -2633,6 +2633,36 @@ https://localhost:3000/api/jasder/forgeplus/cloud_accounts.json | jq
```
---

#### devops用户认证授权
```
GET /api/users/ci/oauth_grant
```
*示例*
```
curl -X GET \
-d "password=123456"
http://localhost:3000/api/users/ci/oauth_grant.json | jq
```
*请求参数说明:*

|参数名|必选|类型|说明|
|-|-|-|-|
|password |是|string |用户密码 |

*返回参数说明:*

|参数名|类型|说明|
|-|-|-|
|status |int|0:成功, -1: 失败|

```
{
"status": 0,
"message": "success"
}
```
---

#### 激活项目
```
POST /api/:owner/:repo/activate


+ 7
- 1
app/controllers/ci/cloud_accounts_controller.rb View File

@@ -5,7 +5,7 @@ class Ci::CloudAccountsController < Ci::BaseController
before_action :load_project, only: %i[create activate]
before_action :authorize_owner_project!, only: %i[create activate]
before_action :load_repo, only: %i[activate]
before_action :find_cloud_account, only: %i[show]
before_action :find_cloud_account, only: %i[show oauth_grant]
before_action :validate_params!, only: %i[create bind]
before_action only: %i[create bind] do
connect_to_ci_database(master_db: true)
@@ -83,6 +83,12 @@ class Ci::CloudAccountsController < Ci::BaseController
render_error(ex.message)
end

def oauth_grant
return render_error('你输入的密码不正确.') unless current_user.check_password?(params[:password].to_s)

result = gitea_oauth_grant!(current_user.login, password, @cloud_account.drone_url, current_user.oauths.last&.client_id)
result === true ? render_ok : render_error('授权失败.')
end

private
def validate_params!


+ 32
- 11
app/controllers/concerns/ci/cloud_account_manageable.rb View File

@@ -50,10 +50,7 @@ module Ci::CloudAccountManageable
logger.info "######### redirect_url: #{redirect_url}"

return nil unless result.present?

gitea_oauth_grant!(current_user.gitea_uid, oauth.gitea_oauth_id)
return cloud_account
# result && !result.blank? ? cloud_account : nil
result && !result.blank? ? cloud_account : nil
end

def unbind_account!
@@ -92,15 +89,39 @@ module Ci::CloudAccountManageable
Ci::CloudAccount.exists?(ip_num: ip_num) ? [true, "#{devops_params[:ip_num]}服务器已被使用."] : [false, nil]
end

def gitea_oauth_grant!(gitea_uid, application_id)
connection = Gitea::Database.set_connection.connection
def gitea_oauth_grant!(username, password, drone_url, client_id)
state = SecureRandom.hex(8)

# redirect_uri eg:
# https://localhost:3000/login/oauth/authorize?client_id=94976481-ad0e-4ed4-9247-7eef106007a2&redirect_uri=http%3A%2F%2F121.69.81.11%3A80%2Flogin&response_type=code&state=9cab990b9cfb1805
redirect_uri = CGI.escape("#{drone_url}/login&response_type=code&state=#{state}")
grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{client_id}&redirect_uri=#{redirect_uri}"
logger.info "[gitea] grant_url: #{grant_url}"

conn = Faraday.new(url: grant_url) do |req|
req.request :url_encoded
req.adapter Faraday.default_adapter
req.basic_auth(username, password)
end

response = conn.get
logger.info "[gitea] response headers: #{response.headers}"

drone_oauth_user!(response.headers.to_h['location'], state)
end

def drone_oauth_user!(url, state)
logger.info "[drone] drone_oauth_user url: #{url}"
conn = Faraday.new(url: url) do |req|
req.request :url_encoded
req.adapter Faraday.default_adapter
req.headers["cookie"] = "_session_=#{SecureRandom.hex(32)}; _oauth_state_=#{state}"
end

unix_time = Time.now.to_i
# TODO
# 目前直接操作db,可以建立对应的model进行操作
sql = "INSERT INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{gitea_uid}, #{application_id}, 0, #{unix_time}, #{unix_time} );"
response = conn.get
logger.info "[drone] response headers: #{response.headers}"

connection.execute(sql)
response.headers['location'].include?('error') ? false : true
end

private


+ 1
- 0
app/models/user.rb View File

@@ -100,6 +100,7 @@ class User < ApplicationRecord
# 教学案例
# has_many :libraries, dependent: :destroy
has_many :project_trends, dependent: :destroy
has_many :oauths , dependent: :destroy

# Groups and active users
scope :active, lambda { where(status: STATUS_ACTIVE) }


+ 6
- 0
config/routes.rb View File

@@ -173,6 +173,12 @@ Rails.application.routes.draw do
to: 'cloud_accounts#unbind',
as: :unbind_cloud_acclount
)
get(
'oauth_grant',
to: 'cloud_accounts#oauth_grant',
as: :ci_oauth_grant
)
end
end
end


Loading…
Cancel
Save