gitea status proxy

2025-05-28 11:20:09 +05:30
parent af096af507
commit df9478a920
5 changed files with 238 additions and 0 deletions
--- a/gitea_status_proxy/config.go
+++ b/gitea_status_proxy/config.go
@@ -0,0 +1,47 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/tailscale/hujson"
+)
+
+type Config struct {
+	ForgeEndpoint string   `json:"forge_url"`
+	ForgeToken    string   `json:"token"`
+	Keys          []string `json:"keys"`
+}
+
+type contextKey string
+
+const configKey contextKey = "config"
+
+func ReadConfig(reader io.Reader) (*Config, error) {
+	data, err := io.ReadAll(reader)
+	if err != nil {
+		return nil, fmt.Errorf("error reading config data: %w", err)
+	}
+	config := Config{}
+	data, err = hujson.Standardize(data)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse json: %w", err)
+	}
+	if err := json.Unmarshal(data, &config); err != nil {
+		return nil, fmt.Errorf("error parsing json to api keys and target url: %w", err)
+	}
+
+	return &config, nil
+}
+
+func ReadConfigFile(filename string) (*Config, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, fmt.Errorf("cannot open config file for reading. err: %w", err)
+	}
+	defer file.Close()
+
+	return ReadConfig(file)
+}
--- a/gitea_status_proxy/handlers.go
+++ b/gitea_status_proxy/handlers.go
@@ -0,0 +1,54 @@
+package main
+
+import (
+	"context"
+	"net/http"
+	"slices"
+	"strings"
+
+	"src.opensuse.org/autogits/common"
+)
+
+func ConfigMiddleWare(cfg *Config) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			ctx := context.WithValue(r.Context(), configKey, cfg)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}
+
+func ProxyAuthMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		header := r.Header.Get("Authorization")
+		if header == "" {
+			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+			return
+		}
+		token_arr := strings.Split(header, " ")
+		if len(token_arr) != 2 {
+			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+			return
+		}
+
+		if !strings.EqualFold(token_arr[0], "Bearer") {
+			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+			return
+		}
+
+		token := token_arr[1]
+		config, ok := r.Context().Value(configKey).(*Config)
+
+		if !ok {
+			common.LogError("Config missing from context")
+			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+			return
+		}
+
+		if !slices.Contains(config.Keys, token) {
+			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}
--- a/gitea_status_proxy/main.go
+++ b/gitea_status_proxy/main.go
@@ -0,0 +1,134 @@
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+
+	"src.opensuse.org/autogits/common"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5/middleware"
+)
+
+type Status struct {
+	Context     string `json:"context"`
+	Description string `json:"description"`
+	State       string `json:"state"`
+	TargetUrl   string `json:"target_url"`
+}
+
+func main() {
+	configFile := flag.String("config", "", "status proxy config file")
+	flag.Parse()
+
+	if *configFile == "" {
+		common.LogError("missing required argument config")
+		return
+	}
+
+	config, err := ReadConfigFile(*configFile)
+
+	if err != nil {
+		common.LogError("Failed to read config file", err)
+		return
+	}
+
+	r := chi.NewRouter()
+
+	r.Use(ConfigMiddleWare(config))
+
+	r.Use(middleware.RequestID)
+	r.Use(middleware.RealIP)
+	r.Use(middleware.Logger)
+	r.Use(middleware.Recoverer)
+
+	r.Use(middleware.Timeout(60 * time.Second))
+
+	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("hi"))
+	})
+
+	r.Route("/repos/{owner}/{repo}/statuses/{sha}", func(r chi.Router) {
+		r.Use(ProxyAuthMiddleware)
+		r.Post("/", StatusProxy)
+	})
+
+	common.LogInfo("server up and listening on :3000")
+	err = http.ListenAndServe(":3000", r)
+
+	if err != nil {
+		common.LogError("Server failed to start up", err)
+	}
+
+}
+
+func StatusProxy(w http.ResponseWriter, r *http.Request) {
+	owner := chi.URLParam(r, "owner")
+	repo := chi.URLParam(r, "repo")
+	sha := chi.URLParam(r, "sha")
+
+	config, ok := r.Context().Value(configKey).(*Config)
+	if !ok {
+		common.LogError("Failed to get config from context, is it set?")
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+	}
+
+	posturl := fmt.Sprintf("%s/repos/%s/%s/statuses/%s", config.ForgeEndpoint, owner, repo, sha)
+	decoder := json.NewDecoder(r.Body)
+	var status Status
+	err := decoder.Decode(&status)
+	if err != nil {
+		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+		return
+	}
+	status_payload, err := json.Marshal(status)
+
+	if err != nil {
+		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+		return
+	}
+	client := &http.Client{}
+	req, err := http.NewRequest("POST", posturl, bytes.NewBuffer(status_payload))
+
+	if err != nil {
+		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+		return
+	}
+
+	req.Header.Add("Content-Type", "Content-Type")
+	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", config.ForgeToken))
+
+	resp, err := client.Do(req)
+
+	if err != nil {
+		common.LogError(fmt.Sprintf("Request to forge endpoint failed: %v", err))
+		http.Error(w, http.StatusText(http.StatusBadGateway), http.StatusBadGateway)
+		return
+	}
+	defer resp.Body.Close()
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(resp.StatusCode)
+
+	/*
+		the commented out section sets every key 
+		value from the headers, unsure if this 
+		leaks information from gitea
+		
+		for k, v := range resp.Header {
+			for _, vv := range v {
+				w.Header().Add(k, vv)
+			}
+		}
+	*/
+
+	_, err = io.Copy(w, resp.Body)
+	if err != nil {
+		common.LogError("Error copying response body: %v", err)
+	}
+}
--- a/go.mod
+++ b/go.mod
@@ -16,6 +16,7 @@ require (

 require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/go-chi/chi/v5 v5.2.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -3,6 +3,8 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
+github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=