Add the runnable Gitea, PostgreSQL, and Hop control-plane foundation
Hop-State: A_06FN3QYA1N56NQYGZ81DWGR Hop-Proposal: R_06FN3QXJRYPPEQZQA6S69QG Hop-Task: T_06FN3MVGY3MT82ESQ89BND0 Hop-Attempt: AT_06FN3MVGY092BFA5MR9C7EG
This commit is contained in:
@@ -0,0 +1,80 @@
|
||||
package gitea
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
var ErrTokenNotConfigured = errors.New("gitea API token is not configured")
|
||||
|
||||
type Repository struct {
|
||||
ID int64 `json:"id"`
|
||||
Owner Owner `json:"owner"`
|
||||
Name string `json:"name"`
|
||||
FullName string `json:"full_name"`
|
||||
CloneURL string `json:"clone_url"`
|
||||
DefaultBranch string `json:"default_branch"`
|
||||
}
|
||||
|
||||
type Owner struct {
|
||||
Login string `json:"login"`
|
||||
Username string `json:"username"`
|
||||
}
|
||||
|
||||
func (r Repository) OwnerName() string {
|
||||
if r.Owner.Login != "" {
|
||||
return r.Owner.Login
|
||||
}
|
||||
return r.Owner.Username
|
||||
}
|
||||
|
||||
type Client struct {
|
||||
baseURL *url.URL
|
||||
token string
|
||||
http *http.Client
|
||||
}
|
||||
|
||||
func NewClient(baseURL, token string) (*Client, error) {
|
||||
u, err := url.Parse(strings.TrimRight(baseURL, "/"))
|
||||
if err != nil || u.Scheme == "" || u.Host == "" {
|
||||
return nil, fmt.Errorf("invalid GITEA_BASE_URL %q", baseURL)
|
||||
}
|
||||
return &Client{baseURL: u, token: token, http: &http.Client{Timeout: 10 * time.Second}}, nil
|
||||
}
|
||||
|
||||
func (c *Client) Repository(ctx context.Context, owner, name string) (Repository, error) {
|
||||
if c.token == "" {
|
||||
return Repository{}, ErrTokenNotConfigured
|
||||
}
|
||||
u := c.baseURL.JoinPath("api", "v1", "repos", owner, name)
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, u.String(), nil)
|
||||
if err != nil {
|
||||
return Repository{}, err
|
||||
}
|
||||
req.Header.Set("Authorization", "token "+c.token)
|
||||
req.Header.Set("Accept", "application/json")
|
||||
|
||||
resp, err := c.http.Do(req)
|
||||
if err != nil {
|
||||
return Repository{}, fmt.Errorf("request repository: %w", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return Repository{}, fmt.Errorf("gitea repository lookup returned %s", resp.Status)
|
||||
}
|
||||
|
||||
var repo Repository
|
||||
if err := json.NewDecoder(resp.Body).Decode(&repo); err != nil {
|
||||
return Repository{}, fmt.Errorf("decode repository: %w", err)
|
||||
}
|
||||
if repo.ID <= 0 || repo.OwnerName() == "" || repo.Name == "" {
|
||||
return Repository{}, errors.New("gitea returned an incomplete repository")
|
||||
}
|
||||
return repo, nil
|
||||
}
|
||||
@@ -0,0 +1,44 @@
|
||||
package gitea
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestRepositoryUsesTokenAndDecodesResponse(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path != "/gitea/api/v1/repos/hop/demo" {
|
||||
t.Fatalf("path = %q", r.URL.Path)
|
||||
}
|
||||
if got := r.Header.Get("Authorization"); got != "token gitea-token" {
|
||||
t.Fatalf("authorization = %q", got)
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
_, _ = w.Write([]byte(`{"id":42,"owner":{"login":"hop"},"name":"demo","full_name":"hop/demo","clone_url":"http://gitea/hop/demo.git","default_branch":"main"}`))
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client, err := NewClient(server.URL+"/gitea", "gitea-token")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
repository, err := client.Repository(context.Background(), "hop", "demo")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if repository.ID != 42 || repository.OwnerName() != "hop" || repository.DefaultBranch != "main" {
|
||||
t.Fatalf("unexpected repository: %#v", repository)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRepositoryRequiresToken(t *testing.T) {
|
||||
client, err := NewClient("http://gitea.test", "")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if _, err := client.Repository(context.Background(), "hop", "demo"); err != ErrTokenNotConfigured {
|
||||
t.Fatalf("error = %v, want %v", err, ErrTokenNotConfigured)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
package gitea
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
)
|
||||
|
||||
func VerifySignature(body []byte, signature, secret string) bool {
|
||||
provided, err := hex.DecodeString(signature)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
mac := hmac.New(sha256.New, []byte(secret))
|
||||
_, _ = mac.Write(body)
|
||||
return hmac.Equal(provided, mac.Sum(nil))
|
||||
}
|
||||
@@ -0,0 +1,25 @@
|
||||
package gitea
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestVerifySignature(t *testing.T) {
|
||||
body := []byte(`{"hello":"hop"}`)
|
||||
mac := hmac.New(sha256.New, []byte("secret"))
|
||||
_, _ = mac.Write(body)
|
||||
signature := hex.EncodeToString(mac.Sum(nil))
|
||||
|
||||
if !VerifySignature(body, signature, "secret") {
|
||||
t.Fatal("expected valid signature")
|
||||
}
|
||||
if VerifySignature(body, signature, "wrong") {
|
||||
t.Fatal("accepted signature with wrong secret")
|
||||
}
|
||||
if VerifySignature(body, "not-hex", "secret") {
|
||||
t.Fatal("accepted malformed signature")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user