Browse Source
Merge pull request '【devops】trustie提供服务器后台代码' (#8) from trustie_server into develop
Reviewed-on: https://git.trustie.net/jasder/forgeplus/pulls/8tags/v3.0.0
jasder
5 years ago
6 changed files with 80 additions and 9 deletions
Split View
Diff Options
-
+5 -0app/controllers/ci/base_controller.rb
-
+6 -0app/controllers/ci/cloud_accounts_controller.rb
-
+44 -6app/controllers/concerns/ci/cloud_account_manageable.rb
-
+12 -2app/controllers/users_controller.rb
-
+7 -1app/libs/ci/drone/api.rb
-
+6 -0app/models/ci/repo.rb
+ 5
- 0
app/controllers/ci/base_controller.rb
View File
| @@ -11,6 +11,11 @@ class Ci::BaseController < ApplicationController | |||
| @ci_user, @repo = Ci::Repo.find_with_namespace(namespace, id) | |||
| end | |||
| def load_all_repo | |||
| namespace = current_user.login | |||
| @repos = Ci::Repo.find_all_with_namespace(namespace) | |||
| end | |||
| private | |||
| def authorize_access_project! | |||
| unless @project.manager?(current_user) | |||
+ 6
- 0
app/controllers/ci/cloud_accounts_controller.rb
View File
| @@ -5,6 +5,7 @@ class Ci::CloudAccountsController < Ci::BaseController | |||
| before_action :load_project, only: %i[create activate] | |||
| before_action :authorize_owner!, only: %i[create activate] | |||
| before_action :load_repo, only: %i[activate] | |||
| before_action :load_all_repo, only: %i[unbind] | |||
| before_action :find_cloud_account, only: %i[show oauth_grant] | |||
| before_action :validate_params!, only: %i[create bind] | |||
| before_action only: %i[create bind] do | |||
| @@ -96,6 +97,11 @@ class Ci::CloudAccountsController < Ci::BaseController | |||
| def unbind | |||
| ActiveRecord::Base.transaction do | |||
| unbind_account! | |||
| if @repos | |||
| @repos.each do |repo| | |||
| repo.deactivate! | |||
| end | |||
| end | |||
| render_ok | |||
| end | |||
| rescue Exception => ex | |||
+ 44
- 6
app/controllers/concerns/ci/cloud_account_manageable.rb
View File
| @@ -16,6 +16,9 @@ module Ci::CloudAccountManageable | |||
| # 2. 生成oauth2应用程序的client_id和client_secrete | |||
| gitea_oauth = Gitea::Oauth2::CreateService.call(current_user.gitea_token, {name: "pipeline-#{SecureRandom.hex(8)}", redirect_uris: ["#{cloud_account.drone_url}/login"]}) | |||
| logger.info "######### gitea_oauth: #{gitea_oauth}" | |||
| raise 'Gitea接口异常' if gitea_oauth['client_id'].blank? | |||
| oauth = Oauth.new(client_id: gitea_oauth['client_id'], | |||
| client_secret: gitea_oauth['client_secret'], | |||
| redirect_uri: gitea_oauth['redirect_uris'], | |||
| @@ -54,12 +57,16 @@ module Ci::CloudAccountManageable | |||
| result && !result.blank? ? cloud_account : nil | |||
| end | |||
| # trustie提供服务器,绑定流程 | |||
| def trustie_bind_account! | |||
| def trustie_drone_server_config | |||
| # 读取drone配置信息 | |||
| config = Rails.application.config_for(:configuration).symbolize_keys! | |||
| trustie_drone_config = config[:trustie_drone].symbolize_keys! | |||
| return trustie_drone_config | |||
| end | |||
| # trustie提供服务器,绑定流程 | |||
| def trustie_bind_account! | |||
| trustie_drone_config = trustie_drone_server_config | |||
| raise 'trustie_drone config missing' if trustie_drone_config.blank? | |||
| # 创建云账号 | |||
| @@ -71,6 +78,9 @@ module Ci::CloudAccountManageable | |||
| #生成oauth2应用程序的client_id和client_secrete | |||
| gitea_oauth = Gitea::Oauth2::CreateService.call(current_user.gitea_token, {name: "pipeline-#{SecureRandom.hex(8)}", redirect_uris: ["#{cloud_account.drone_url}/login"]}) | |||
| logger.info "######### gitea_oauth: #{gitea_oauth}" | |||
| raise 'Gitea接口异常' if gitea_oauth['client_id'].blank? | |||
| oauth = Oauth.new(client_id: gitea_oauth['client_id'], | |||
| client_secret: gitea_oauth['client_secret'], | |||
| redirect_uri: gitea_oauth['redirect_uris'], | |||
| @@ -91,7 +101,11 @@ module Ci::CloudAccountManageable | |||
| if cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_SELF | |||
| @connection.execute("DROP DATABASE IF EXISTS #{current_user.login}_drone") # TOTO drop drone database | |||
| else | |||
| #删除drone用户 | |||
| @trustie_db_connection.execute("DELETE FROM users WHERE user_login = '#{cloud_account.account}'") | |||
| end | |||
| cloud_account.destroy! unless cloud_account.blank? | |||
| current_user.unbind_account! | |||
| end | |||
| @@ -114,7 +128,12 @@ module Ci::CloudAccountManageable | |||
| return [true, "你已经绑定了云帐号."] unless current_user.ci_cloud_account.blank? | |||
| ip_num = IPAddr.new(devops_params[:ip_num]).to_i | |||
| Ci::CloudAccount.exists?(ip_num: ip_num) ? [true, "#{devops_params[:ip_num]}服务器已被使用."] : [false, nil] | |||
| #自有服务器进行判断 | |||
| cloud_account = current_user.ci_cloud_account | |||
| if cloud_account && cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_SELF | |||
| Ci::CloudAccount.exists?(ip_num: ip_num) ? [true, "#{devops_params[:ip_num]}服务器已被使用."] : [false, nil] | |||
| end | |||
| end | |||
| def check_trustie_bind_cloud_account! | |||
| @@ -126,8 +145,16 @@ module Ci::CloudAccountManageable | |||
| unix_time = Time.now.to_i | |||
| # 目前直接操作db,可以建立对应的model进行操作 | |||
| sql = "INSERT INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{gitea_oauth_id}, 0, #{unix_time}, #{unix_time} );" | |||
| sql = "REPLACE INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{gitea_oauth_id}, 0, #{unix_time}, #{unix_time} );" | |||
| connection.execute(sql) | |||
| #如果使用trustie提供的服务器,需要多增加一条授权信息 | |||
| if current_user.ci_cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_TRUSTIE | |||
| trustie_drone_config = trustie_drone_server_config | |||
| admin_application_id = trustie_drone_config[:admin_application_id] | |||
| sql = "REPLACE INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{admin_application_id}, 0, #{unix_time}, #{unix_time} );" | |||
| connection.execute(sql) | |||
| end | |||
| end | |||
| def gitea_oauth_grant!(password, oauth) | |||
| @@ -137,7 +164,8 @@ module Ci::CloudAccountManageable | |||
| # redirect_uri eg: | |||
| # https://localhost:3000/login/oauth/authorize?client_id=94976481-ad0e-4ed4-9247-7eef106007a2&redirect_uri=http%3A%2F%2F121.69.81.11%3A80%2Flogin&response_type=code&state=9cab990b9cfb1805 | |||
| redirect_uri = CGI.escape("#{@cloud_account.drone_url}/login") | |||
| grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{oauth&.client_id}&redirect_uri=#{redirect_uri}&response_type=code&state=#{state}" | |||
| clientId = client_id(oauth) | |||
| grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{clientId}&redirect_uri=#{redirect_uri}&response_type=code&state=#{state}" | |||
| logger.info "[gitea] grant_url: #{grant_url}" | |||
| conn = Faraday.new(url: grant_url) do |req| | |||
| @@ -171,4 +199,14 @@ module Ci::CloudAccountManageable | |||
| params.permit(:account, :secret, :ip_num) | |||
| end | |||
| def client_id(oauth) | |||
| #如果是使用trustie服务器使用管理员用户的clientId | |||
| if current_user.ci_cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_TRUSTIE | |||
| trustie_drone_config = trustie_drone_server_config | |||
| return trustie_drone_config[:client_id] | |||
| else | |||
| return oauth&.client_id | |||
| end | |||
| end | |||
| end | |||
+ 12
- 2
app/controllers/users_controller.rb
View File
| @@ -4,10 +4,20 @@ class UsersController < ApplicationController | |||
| before_action :load_user, only: [:show, :homepage_info, :sync_token, :sync_gitea_pwd, :projects, :watch_users, :fan_users] | |||
| before_action :check_user_exist, only: [:show, :homepage_info,:projects, :watch_users, :fan_users] | |||
| before_action :require_login, only: %i[me list] | |||
| before_action :connect_to_ci_database, only: :get_user_info, if: -> { current_user && !current_user.is_a?(AnonymousUser) && current_user.devops_certification? } | |||
| before_action :connect_to_ci_db, only: [:get_user_info] | |||
| skip_before_action :check_sign, only: [:attachment_show] | |||
| def connect_to_ci_db(options={}) | |||
| if !(current_user && !current_user.is_a?(AnonymousUser) && current_user.devops_certification?) | |||
| return | |||
| end | |||
| if current_user.ci_cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_TRUSTIE | |||
| connect_to_trustie_ci_database(options) | |||
| else | |||
| connect_to_ci_database(options) | |||
| end | |||
| end | |||
| def list | |||
| scope = User.active.recent.like(params[:search]).includes(:user_extension) | |||
| @total_count = scope.size | |||
+ 7
- 1
app/libs/ci/drone/api.rb
View File
| @@ -78,5 +78,11 @@ class Ci::Drone::API < Ci::Drone::Request | |||
| def sync_repos | |||
| post(endpoint, "/api/users/repos", drone_token: drone_token) | |||
| end | |||
| # Creates a user. | |||
| # POST /api/users | |||
| def create_user | |||
| post(endpoint, "/api/users", {login: options[:login], email: options[:email], avatar_url:options[:avatar_url],active:true, drone_token: options[:token]}) | |||
| end | |||
| end | |||
+ 6
- 0
app/models/ci/repo.rb
View File
| @@ -14,6 +14,12 @@ class Ci::Repo < Ci::RemoteBase | |||
| [user, repo] | |||
| end | |||
| def self.find_all_with_namespace(namespace_path) | |||
| logger.info "########namespace_path: #{namespace_path}" | |||
| repos = Ci::Repo.where(repo_namespace: namespace_path) | |||
| return repos | |||
| end | |||
| def activate!(ci_user_id) | |||
| update(repo_active: 1, | |||
| repo_signer: generate_code, | |||