Merge pull request #317 from sgotti/gateway_use_dedicated_auth_contex…

…t_keys_type gateway: use dedicated auth context keys type
agola-io · Feb 24, 2022 · 0e8f1c8 · 0e8f1c8
2 parents a199749 + b7c797b
commit 0e8f1c8
Show file tree

Hide file tree

Showing 12 changed files with 132 additions and 127 deletions.
diff --git a/internal/services/gateway/action/auth.go b/internal/services/gateway/action/auth.go
@@ -17,44 +17,20 @@ package action
 import (
 	"context"
 
-	"agola.io/agola/internal/services/common"
+	scommon "agola.io/agola/internal/services/common"
+	"agola.io/agola/internal/services/gateway/common"
 	cstypes "agola.io/agola/services/configstore/types"
 
 	errors "golang.org/x/xerrors"
 )
 
-func (h *ActionHandler) CurrentUserID(ctx context.Context) string {
-	userIDVal := ctx.Value("userid")
-	if userIDVal == nil {
-		return ""
-	}
-	return userIDVal.(string)
-}
-
-func (h *ActionHandler) IsUserLogged(ctx context.Context) bool {
-	return ctx.Value("userid") != nil
-}
-
-func (h *ActionHandler) IsUserAdmin(ctx context.Context) bool {
-	isAdmin := false
-	isAdminVal := ctx.Value("admin")
-	if isAdminVal != nil {
-		isAdmin = isAdminVal.(bool)
-	}
-	return isAdmin
-}
-
-func (h *ActionHandler) IsUserLoggedOrAdmin(ctx context.Context) bool {
-	return h.IsUserLogged(ctx) || h.IsUserAdmin(ctx)
-}
-
 func (h *ActionHandler) IsOrgOwner(ctx context.Context, orgID string) (bool, error) {
-	isAdmin := h.IsUserAdmin(ctx)
+	isAdmin := common.IsUserAdmin(ctx)
 	if isAdmin {
 		return true, nil
 	}
 
-	userID := h.CurrentUserID(ctx)
+	userID := common.CurrentUserID(ctx)
 	if userID == "" {
 		return false, nil
 	}
@@ -77,12 +53,12 @@ func (h *ActionHandler) IsOrgOwner(ctx context.Context, orgID string) (bool, err
 }
 
 func (h *ActionHandler) IsProjectOwner(ctx context.Context, ownerType cstypes.ConfigType, ownerID string) (bool, error) {
-	isAdmin := h.IsUserAdmin(ctx)
+	isAdmin := common.IsUserAdmin(ctx)
 	if isAdmin {
 		return true, nil
 	}
 
-	userID := h.CurrentUserID(ctx)
+	userID := common.CurrentUserID(ctx)
 	if userID == "" {
 		return false, nil
 	}
@@ -113,12 +89,12 @@ func (h *ActionHandler) IsProjectOwner(ctx context.Context, ownerType cstypes.Co
 }
 
 func (h *ActionHandler) IsProjectMember(ctx context.Context, ownerType cstypes.ConfigType, ownerID string) (bool, error) {
-	isAdmin := h.IsUserAdmin(ctx)
+	isAdmin := common.IsUserAdmin(ctx)
 	if isAdmin {
 		return true, nil
 	}
 
-	userID := h.CurrentUserID(ctx)
+	userID := common.CurrentUserID(ctx)
 	if userID == "" {
 		return false, nil
 	}
@@ -170,7 +146,7 @@ func (h *ActionHandler) IsVariableOwner(ctx context.Context, parentType cstypes.
 }
 
 func (h *ActionHandler) CanGetRun(ctx context.Context, runGroup string) (bool, error) {
-	groupType, groupID, err := common.GroupTypeIDFromRunGroup(runGroup)
+	groupType, groupID, err := scommon.GroupTypeIDFromRunGroup(runGroup)
 	if err != nil {
 		return false, err
 	}
@@ -179,15 +155,15 @@ func (h *ActionHandler) CanGetRun(ctx context.Context, runGroup string) (bool, e
 	var ownerType cstypes.ConfigType
 	var ownerID string
 	switch groupType {
-	case common.GroupTypeProject:
+	case scommon.GroupTypeProject:
 		p, resp, err := h.configstoreClient.GetProject(ctx, groupID)
 		if err != nil {
 			return false, ErrFromRemote(resp, err)
 		}
 		ownerType = p.OwnerType
 		ownerID = p.OwnerID
 		visibility = p.GlobalVisibility
-	case common.GroupTypeUser:
+	case scommon.GroupTypeUser:
 		// user direct runs
 		ownerType = cstypes.ConfigTypeUser
 		ownerID = groupID
@@ -208,22 +184,22 @@ func (h *ActionHandler) CanGetRun(ctx context.Context, runGroup string) (bool, e
 }
 
 func (h *ActionHandler) CanDoRunActions(ctx context.Context, runGroup string) (bool, error) {
-	groupType, groupID, err := common.GroupTypeIDFromRunGroup(runGroup)
+	groupType, groupID, err := scommon.GroupTypeIDFromRunGroup(runGroup)
 	if err != nil {
 		return false, err
 	}
 
 	var ownerType cstypes.ConfigType
 	var ownerID string
 	switch groupType {
-	case common.GroupTypeProject:
+	case scommon.GroupTypeProject:
 		p, resp, err := h.configstoreClient.GetProject(ctx, groupID)
 		if err != nil {
 			return false, ErrFromRemote(resp, err)
 		}
 		ownerType = p.OwnerType
 		ownerID = p.OwnerID
-	case common.GroupTypeUser:
+	case scommon.GroupTypeUser:
 		// user direct runs
 		ownerType = cstypes.ConfigTypeUser
 		ownerID = groupID

diff --git a/internal/services/gateway/action/org.go b/internal/services/gateway/action/org.go
@@ -17,6 +17,7 @@ package action
 import (
 	"context"
 
+	"agola.io/agola/internal/services/gateway/common"
 	"agola.io/agola/internal/util"
 	cstypes "agola.io/agola/services/configstore/types"
 
@@ -87,7 +88,7 @@ type CreateOrgRequest struct {
 }
 
 func (h *ActionHandler) CreateOrg(ctx context.Context, req *CreateOrgRequest) (*cstypes.Organization, error) {
-	if !h.IsUserLoggedOrAdmin(ctx) {
+	if !common.IsUserLoggedOrAdmin(ctx) {
 		return nil, errors.Errorf("user not logged in")
 	}
 

diff --git a/internal/services/gateway/action/project.go b/internal/services/gateway/action/project.go
@@ -22,6 +22,7 @@ import (
 	"path"
 
 	gitsource "agola.io/agola/internal/gitsources"
+	"agola.io/agola/internal/services/gateway/common"
 	"agola.io/agola/internal/services/types"
 	"agola.io/agola/internal/util"
 	csapitypes "agola.io/agola/services/configstore/api/types"
@@ -61,7 +62,7 @@ type CreateProjectRequest struct {
 }
 
 func (h *ActionHandler) CreateProject(ctx context.Context, req *CreateProjectRequest) (*csapitypes.Project, error) {
-	curUserID := h.CurrentUserID(ctx)
+	curUserID := common.CurrentUserID(ctx)
 
 	user, resp, err := h.configstoreClient.GetUser(ctx, curUserID)
 	if err != nil {
@@ -227,7 +228,7 @@ func (h *ActionHandler) UpdateProject(ctx context.Context, projectRef string, re
 }
 
 func (h *ActionHandler) ProjectUpdateRepoLinkedAccount(ctx context.Context, projectRef string) (*csapitypes.Project, error) {
-	curUserID := h.CurrentUserID(ctx)
+	curUserID := common.CurrentUserID(ctx)
 
 	user, resp, err := h.configstoreClient.GetUser(ctx, curUserID)
 	if err != nil {
@@ -428,7 +429,7 @@ func (h *ActionHandler) DeleteProject(ctx context.Context, projectRef string) er
 }
 
 func (h *ActionHandler) ProjectCreateRun(ctx context.Context, projectRef, branch, tag, refName, commitSHA string) error {
-	curUserID := h.CurrentUserID(ctx)
+	curUserID := common.CurrentUserID(ctx)
 
 	user, resp, err := h.configstoreClient.GetUser(ctx, curUserID)
 	if err != nil {

diff --git a/internal/services/gateway/action/remotesource.go b/internal/services/gateway/action/remotesource.go
@@ -17,6 +17,7 @@ package action
 import (
 	"context"
 
+	"agola.io/agola/internal/services/gateway/common"
 	"agola.io/agola/internal/util"
 	cstypes "agola.io/agola/services/configstore/types"
 
@@ -60,7 +61,7 @@ type CreateRemoteSourceRequest struct {
 }
 
 func (h *ActionHandler) CreateRemoteSource(ctx context.Context, req *CreateRemoteSourceRequest) (*cstypes.RemoteSource, error) {
-	if !h.IsUserAdmin(ctx) {
+	if !common.IsUserAdmin(ctx) {
 		return nil, errors.Errorf("user not admin")
 	}
 
@@ -134,7 +135,7 @@ type UpdateRemoteSourceRequest struct {
 }
 
 func (h *ActionHandler) UpdateRemoteSource(ctx context.Context, req *UpdateRemoteSourceRequest) (*cstypes.RemoteSource, error) {
-	if !h.IsUserAdmin(ctx) {
+	if !common.IsUserAdmin(ctx) {
 		return nil, errors.Errorf("user not admin")
 	}
 
@@ -182,7 +183,7 @@ func (h *ActionHandler) UpdateRemoteSource(ctx context.Context, req *UpdateRemot
 }
 
 func (h *ActionHandler) DeleteRemoteSource(ctx context.Context, rsRef string) error {
-	if !h.IsUserAdmin(ctx) {
+	if !common.IsUserAdmin(ctx) {
 		return errors.Errorf("user not admin")
 	}
 

diff --git a/internal/services/gateway/action/run.go b/internal/services/gateway/action/run.go
@@ -24,7 +24,8 @@ import (
 	"agola.io/agola/internal/config"
 	gitsource "agola.io/agola/internal/gitsources"
 	"agola.io/agola/internal/runconfig"
-	"agola.io/agola/internal/services/common"
+	scommon "agola.io/agola/internal/services/common"
+	"agola.io/agola/internal/services/gateway/common"
 	itypes "agola.io/agola/internal/services/types"
 	"agola.io/agola/internal/util"
 	cstypes "agola.io/agola/services/configstore/types"
@@ -268,7 +269,7 @@ func (h *ActionHandler) RunTaskAction(ctx context.Context, req *RunTaskActionsRe
 	if !canDoRunAction {
 		return util.NewErrForbidden(errors.Errorf("user not authorized"))
 	}
-	curUserID := h.CurrentUserID(ctx)
+	curUserID := common.CurrentUserID(ctx)
 	if curUserID == "" {
 		return util.NewErrBadRequest(errors.Errorf("no logged in user"))
 	}
@@ -285,7 +286,7 @@ func (h *ActionHandler) RunTaskAction(ctx context.Context, req *RunTaskActionsRe
 		if rt.Annotations != nil {
 			annotations = rt.Annotations
 		}
-		approversAnnotation, ok := annotations[common.ApproversAnnotation]
+		approversAnnotation, ok := annotations[scommon.ApproversAnnotation]
 		if ok {
 			if err := json.Unmarshal([]byte(approversAnnotation), &approvers); err != nil {
 				return errors.Errorf("failed to unmarshal run task approvers annotation: %w", err)
@@ -304,7 +305,7 @@ func (h *ActionHandler) RunTaskAction(ctx context.Context, req *RunTaskActionsRe
 			return errors.Errorf("failed to marshal run task approvers annotation: %w", err)
 		}
 
-		annotations[common.ApproversAnnotation] = string(approversj)
+		annotations[scommon.ApproversAnnotation] = string(approversj)
 
 		rsreq := &rsapitypes.RunTaskActionsRequest{
 			ActionType:              rsapitypes.RunTaskActionTypeSetAnnotations,
@@ -372,32 +373,32 @@ func (h *ActionHandler) CreateRuns(ctx context.Context, req *CreateRunRequest) e
 		return util.NewErrBadRequest(errors.Errorf("empty message"))
 	}
 
-	var baseGroupType common.GroupType
+	var baseGroupType scommon.GroupType
 	var baseGroupID string
-	var groupType common.GroupType
+	var groupType scommon.GroupType
 	var group string
 
 	if req.RunType == itypes.RunTypeProject {
-		baseGroupType = common.GroupTypeProject
+		baseGroupType = scommon.GroupTypeProject
 		baseGroupID = req.Project.ID
 	} else {
-		baseGroupType = common.GroupTypeUser
+		baseGroupType = scommon.GroupTypeUser
 		baseGroupID = req.User.ID
 	}
 
 	switch req.RefType {
 	case itypes.RunRefTypeBranch:
-		groupType = common.GroupTypeBranch
+		groupType = scommon.GroupTypeBranch
 		group = req.Branch
 	case itypes.RunRefTypeTag:
-		groupType = common.GroupTypeTag
+		groupType = scommon.GroupTypeTag
 		group = req.Tag
 	case itypes.RunRefTypePullRequest:
-		groupType = common.GroupTypePullRequest
+		groupType = scommon.GroupTypePullRequest
 		group = req.PullRequestID
 	}
 
-	runGroup := common.GenRunGroup(baseGroupType, baseGroupID, groupType, group)
+	runGroup := scommon.GenRunGroup(baseGroupType, baseGroupID, groupType, group)
 
 	gitURL, err := util.ParseGitURL(req.CloneURL)
 	if err != nil {
@@ -595,7 +596,7 @@ func (h *ActionHandler) genRunVariables(ctx context.Context, req *CreateRunReque
 	}
 
 	// remove overriden variables
-	pvars = common.FilterOverriddenVariables(pvars)
+	pvars = scommon.FilterOverriddenVariables(pvars)
 
 	// get project secrets
 	secrets, _, err := h.configstoreClient.GetProjectSecrets(ctx, req.Project.ID, true)
@@ -611,7 +612,7 @@ func (h *ActionHandler) genRunVariables(ctx context.Context, req *CreateRunReque
 				continue
 			}
 			// get the secret value referenced by the variable, it must be a secret at the same level or a lower level
-			secret := common.GetVarValueMatchingSecret(varval, pvar.ParentPath, secrets)
+			secret := scommon.GetVarValueMatchingSecret(varval, pvar.ParentPath, secrets)
 			if secret != nil {
 				varValue, ok := secret.Data[varval.SecretVar]
 				if ok {