baladiwei
/
forgeplus
forked from Gitlink/forgeplus
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request '【devops】trustie提供服务器后台代码' (#8) from trustie_server into develop 

Reviewed-on: https://git.trustie.net/jasder/forgeplus/pulls/8
This commit is contained in:
jasder 2021-01-06 15:38:29 +08:00
parent 8f846ae29b cbe5b3afde
commit 2abf1f0665
6 changed files with 80 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/ci/base_controller.rb
View File

@ -11,6 +11,11 @@ class Ci::BaseController < ApplicationController
@ci_user, @repo = Ci::Repo.find_with_namespace(namespace, id)
end
def load_all_repo
namespace = current_user.login
@repos = Ci::Repo.find_all_with_namespace(namespace)
end
private
def authorize_access_project!
unless @project.manager?(current_user)

6
app/controllers/ci/cloud_accounts_controller.rb
View File

@ -5,6 +5,7 @@ class Ci::CloudAccountsController < Ci::BaseController
before_action :load_project, only: %i[create activate]
before_action :authorize_owner!, only: %i[create activate]
before_action :load_repo, only: %i[activate]
before_action :load_all_repo, only: %i[unbind]
before_action :find_cloud_account, only: %i[show oauth_grant]
before_action :validate_params!, only: %i[create bind]
before_action only: %i[create bind] do
@ -96,6 +97,11 @@ class Ci::CloudAccountsController < Ci::BaseController
def unbind
ActiveRecord::Base.transaction do
unbind_account!
if @repos
@repos.each do |repo|
repo.deactivate!
end
end
render_ok
end
rescue Exception => ex

50
app/controllers/concerns/ci/cloud_account_manageable.rb
View File

@ -16,6 +16,9 @@ module Ci::CloudAccountManageable
# 2. 生成oauth2应用程序的client_id和client_secrete
gitea_oauth = Gitea::Oauth2::CreateService.call(current_user.gitea_token, {name: "pipeline-#{SecureRandom.hex(8)}", redirect_uris: ["#{cloud_account.drone_url}/login"]})
logger.info "######### gitea_oauth: #{gitea_oauth}"
raise 'Gitea接口异常' if gitea_oauth['client_id'].blank?
oauth = Oauth.new(client_id: gitea_oauth['client_id'],
client_secret: gitea_oauth['client_secret'],
redirect_uri: gitea_oauth['redirect_uris'],
@ -54,12 +57,16 @@ module Ci::CloudAccountManageable
result && !result.blank? ? cloud_account : nil
end
# trustie提供服务器,绑定流程
def trustie_bind_account!
def trustie_drone_server_config
# 读取drone配置信息
config = Rails.application.config_for(:configuration).symbolize_keys!
trustie_drone_config = config[:trustie_drone].symbolize_keys!
return trustie_drone_config
end
# trustie提供服务器,绑定流程
def trustie_bind_account!
trustie_drone_config = trustie_drone_server_config
raise 'trustie_drone config missing' if trustie_drone_config.blank?
# 创建云账号
@ -71,6 +78,9 @@ module Ci::CloudAccountManageable
#生成oauth2应用程序的client_id和client_secrete
gitea_oauth = Gitea::Oauth2::CreateService.call(current_user.gitea_token, {name: "pipeline-#{SecureRandom.hex(8)}", redirect_uris: ["#{cloud_account.drone_url}/login"]})
logger.info "######### gitea_oauth: #{gitea_oauth}"
raise 'Gitea接口异常' if gitea_oauth['client_id'].blank?
oauth = Oauth.new(client_id: gitea_oauth['client_id'],
client_secret: gitea_oauth['client_secret'],
redirect_uri: gitea_oauth['redirect_uris'],
@ -91,7 +101,11 @@ module Ci::CloudAccountManageable
if cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_SELF
@connection.execute("DROP DATABASE IF EXISTS #{current_user.login}_drone") # TOTO drop drone database
else
#删除drone用户
@trustie_db_connection.execute("DELETE FROM users WHERE user_login = '#{cloud_account.account}'")
end
cloud_account.destroy! unless cloud_account.blank?
current_user.unbind_account!
end
@ -114,7 +128,12 @@ module Ci::CloudAccountManageable
return [true, "你已经绑定了云帐号."] unless current_user.ci_cloud_account.blank?
ip_num = IPAddr.new(devops_params[:ip_num]).to_i
Ci::CloudAccount.exists?(ip_num: ip_num) ? [true, "#{devops_params[:ip_num]}服务器已被使用."] : [false, nil]
#自有服务器进行判断
cloud_account = current_user.ci_cloud_account
if cloud_account && cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_SELF
Ci::CloudAccount.exists?(ip_num: ip_num) ? [true, "#{devops_params[:ip_num]}服务器已被使用."] : [false, nil]
end
end
def check_trustie_bind_cloud_account!
@ -126,8 +145,16 @@ module Ci::CloudAccountManageable
unix_time = Time.now.to_i
# 目前直接操作db可以建立对应的model进行操作
sql = "INSERT INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{gitea_oauth_id}, 0, #{unix_time}, #{unix_time} );"
sql = "REPLACE INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{gitea_oauth_id}, 0, #{unix_time}, #{unix_time} );"
connection.execute(sql)
#如果使用trustie提供的服务器需要多增加一条授权信息
if current_user.ci_cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_TRUSTIE
trustie_drone_config = trustie_drone_server_config
admin_application_id = trustie_drone_config[:admin_application_id]
sql = "REPLACE INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{admin_application_id}, 0, #{unix_time}, #{unix_time} );"
connection.execute(sql)
end
end
def gitea_oauth_grant!(password, oauth)
@ -137,7 +164,8 @@ module Ci::CloudAccountManageable
# redirect_uri eg:
# https://localhost:3000/login/oauth/authorize?client_id=94976481-ad0e-4ed4-9247-7eef106007a2&redirect_uri=http%3A%2F%2F121.69.81.11%3A80%2Flogin&response_type=code&state=9cab990b9cfb1805
redirect_uri = CGI.escape("#{@cloud_account.drone_url}/login")
grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{oauth&.client_id}&redirect_uri=#{redirect_uri}&response_type=code&state=#{state}"
clientId = client_id(oauth)
grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{clientId}&redirect_uri=#{redirect_uri}&response_type=code&state=#{state}"
logger.info "[gitea] grant_url: #{grant_url}"
conn = Faraday.new(url: grant_url) do |req|
@ -171,4 +199,14 @@ module Ci::CloudAccountManageable
params.permit(:account, :secret, :ip_num)
end
def client_id(oauth)
#如果是使用trustie服务器使用管理员用户的clientId
if current_user.ci_cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_TRUSTIE
trustie_drone_config = trustie_drone_server_config
return trustie_drone_config[:client_id]
else
return oauth&.client_id
end
end
end

14
app/controllers/users_controller.rb
View File

@ -4,10 +4,20 @@ class UsersController < ApplicationController
before_action :load_user, only: [:show, :homepage_info, :sync_token, :sync_gitea_pwd, :projects, :watch_users, :fan_users]
before_action :check_user_exist, only: [:show, :homepage_info,:projects, :watch_users, :fan_users]
before_action :require_login, only: %i[me list]
before_action :connect_to_ci_database, only: :get_user_info, if: -> { current_user && !current_user.is_a?(AnonymousUser) && current_user.devops_certification? }
before_action :connect_to_ci_db, only: [:get_user_info]
skip_before_action :check_sign, only: [:attachment_show]
def connect_to_ci_db(options={})
if !(current_user && !current_user.is_a?(AnonymousUser) && current_user.devops_certification?)
return
end
if current_user.ci_cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_TRUSTIE
connect_to_trustie_ci_database(options)
else
connect_to_ci_database(options)
end
end
def list
scope = User.active.recent.like(params[:search]).includes(:user_extension)
@total_count = scope.size

8
app/libs/ci/drone/api.rb
View File

@ -78,5 +78,11 @@ class Ci::Drone::API < Ci::Drone::Request
def sync_repos
post(endpoint, "/api/users/repos", drone_token: drone_token)
end
# Creates a user.
# POST /api/users
def create_user
post(endpoint, "/api/users", {login: options[:login], email: options[:email], avatar_url:options[:avatar_url],active:true, drone_token: options[:token]})
end
end

6
app/models/ci/repo.rb
View File

@ -14,6 +14,12 @@ class Ci::Repo < Ci::RemoteBase
[user, repo]
end
def self.find_all_with_namespace(namespace_path)
logger.info "########namespace_path: #{namespace_path}"
repos = Ci::Repo.where(repo_namespace: namespace_path)
return repos
end
def activate!(ci_user_id)
update(repo_active: 1,
repo_signer: generate_code,