Add endpoints for gitauth

coder · kylecarbs · Oct 25, 2022 · Oct 17, 2022 · Oct 18, 2022 · Oct 18, 2022
commit a10c4d5b2a686ac4df168aba071b207fabbdc20c
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,6 +1,7 @@
 {
   "cSpell.words": [
     "apps",
+    "ASKPASS",
     "awsidentity",
     "bodyclose",
     "buildinfo",
@@ -29,6 +30,7 @@
     "eventsourcemock",
     "fatih",
     "Formik",
+    "gitauth",
     "gitsshkey",
     "goarch",
     "gographviz",

diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -3,6 +3,7 @@ package coderd
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -82,6 +83,7 @@ type Options struct {
 	Telemetry            telemetry.Reporter
 	TracerProvider       trace.TracerProvider
 	AutoImportTemplates  []AutoImportTemplate
+	GitAuthConfigs       []*GitAuthConfig
 
 	// TLSCertificates is used to mesh DERP servers securely.
 	TLSCertificates    []tls.Certificate
@@ -260,6 +262,17 @@ func New(options *Options) *API {
 		})
 	})
 
+	r.Route("/gitauth", func(r chi.Router) {
+		for _, gitAuthConfig := range options.GitAuthConfigs {
+			r.Route(fmt.Sprintf("/%s", gitAuthConfig.ID), func(r chi.Router) {
+				r.Use(
+					httpmw.ExtractOAuth2(gitAuthConfig),
+					apiKeyMiddleware,
+				)
+				r.Get("/callback", api.gitAuthCallback(gitAuthConfig))
+			})
+		}
+	})
 	r.Route("/api/v2", func(r chi.Router) {
 		api.APIHandler = r
 
@@ -465,6 +478,7 @@ func New(options *Options) *API {
 				r.Get("/metadata", api.workspaceAgentMetadata)
 				r.Post("/version", api.postWorkspaceAgentVersion)
 				r.Post("/app-health", api.postWorkspaceAppHealth)
+				r.Get("/gitauth", api.workspaceAgentsGitAuth)
 				r.Get("/gitsshkey", api.agentGitSSHKey)
 				r.Get("/coordinate", api.workspaceAgentCoordinate)
 				r.Get("/report-stats", api.workspaceAgentReportStats)

diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go
@@ -84,6 +84,7 @@ type Options struct {
 	AutobuildStats       chan<- executor.Stats
 	Auditor              audit.Auditor
 	TLSCertificates      []tls.Certificate
+	GitAuthConfigs       []*coderd.GitAuthConfig
 
 	// IncludeProvisionerDaemon when true means to start an in-memory provisionerD
 	IncludeProvisionerDaemon    bool
@@ -231,6 +232,7 @@ func NewOptions(t *testing.T, options *Options) (func(http.Handler), context.Can
 			Database:                       options.Database,
 			Pubsub:                         options.Pubsub,
 			Experimental:                   options.Experimental,
+			GitAuthConfigs:                 options.GitAuthConfigs,
 
 			Auditor:              options.Auditor,
 			AWSCertificates:      options.AWSCertificates,

diff --git a/coderd/database/databasefake/databasefake.go b/coderd/database/databasefake/databasefake.go
@@ -34,6 +34,7 @@ func New() database.Store {
 			organizationMembers:            make([]database.OrganizationMember, 0),
 			organizations:                  make([]database.Organization, 0),
 			users:                          make([]database.User, 0),
+			gitAuthLinks:                   make([]database.GitAuthLink, 0),
 			groups:                         make([]database.Group, 0),
 			groupMembers:                   make([]database.GroupMember, 0),
 			auditLogs:                      make([]database.AuditLog, 0),
@@ -90,6 +91,7 @@ type data struct {
 	agentStats                     []database.AgentStat
 	auditLogs                      []database.AuditLog
 	files                          []database.File
+	gitAuthLinks                   []database.GitAuthLink
 	gitSSHKey                      []database.GitSSHKey
 	groups                         []database.Group
 	groupMembers                   []database.GroupMember
@@ -3286,3 +3288,54 @@ func (q *fakeQuerier) GetReplicasUpdatedAfter(_ context.Context, updatedAt time.
 	}
 	return replicas, nil
 }
+
+func (q *fakeQuerier) GetGitAuthLink(_ context.Context, arg database.GetGitAuthLinkParams) (database.GitAuthLink, error) {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+	for _, gitAuthLink := range q.gitAuthLinks {
+		if arg.UserID != gitAuthLink.UserID {
+			continue
+		}
+		if arg.ProviderID != gitAuthLink.ProviderID {
+			continue
+		}
+		return gitAuthLink, nil
+	}
+	return database.GitAuthLink{}, sql.ErrNoRows
+}
+
+func (q *fakeQuerier) InsertGitAuthLink(_ context.Context, arg database.InsertGitAuthLinkParams) (database.GitAuthLink, error) {
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+	// nolint:gosimple
+	gitAuthLink := database.GitAuthLink{
+		ProviderID:        arg.ProviderID,
+		UserID:            arg.UserID,
+		CreatedAt:         arg.CreatedAt,
+		UpdatedAt:         arg.UpdatedAt,
+		OAuthAccessToken:  arg.OAuthAccessToken,
+		OAuthRefreshToken: arg.OAuthRefreshToken,
+		OAuthExpiry:       arg.OAuthExpiry,
+	}
+	q.gitAuthLinks = append(q.gitAuthLinks, gitAuthLink)
+	return gitAuthLink, nil
+}
+
+func (q *fakeQuerier) UpdateGitAuthLink(_ context.Context, arg database.UpdateGitAuthLinkParams) error {
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+	for index, gitAuthLink := range q.gitAuthLinks {
+		if gitAuthLink.ProviderID != arg.ProviderID {
+			continue
+		}
+		if gitAuthLink.UserID != arg.UserID {
+			continue
+		}
+		gitAuthLink.UpdatedAt = arg.UpdatedAt
+		gitAuthLink.OAuthAccessToken = arg.OAuthAccessToken
+		gitAuthLink.OAuthRefreshToken = arg.OAuthRefreshToken
+		gitAuthLink.OAuthExpiry = arg.OAuthExpiry
+		q.gitAuthLinks[index] = gitAuthLink
+	}
+	return nil
+}
diff --git a/coderd/database/dump.sql b/coderd/database/dump.sql
diff --git a/coderd/database/migrations/000063_gitauth.down.sql b/coderd/database/migrations/000063_gitauth.down.sql
@@ -0,0 +1 @@
+DROP TABLE git_auth_links;
diff --git a/...base/migrations/000063_gitprovider.up.sql → ...database/migrations/000063_gitauth.up.sql b/...base/migrations/000063_gitprovider.up.sql → ...database/migrations/000063_gitauth.up.sql
@@ -1,9 +1,10 @@
-CREATE TABLE IF NOT EXISTS git_provider_links (
+CREATE TABLE IF NOT EXISTS git_auth_links (
+  provider_id text NOT NULL,
   user_id uuid NOT NULL,
-  url text NOT NULL,
   created_at timestamptz NOT NULL,
   updated_at timestamptz NOT NULL,
   oauth_access_token text NOT NULL,
   oauth_refresh_token text NOT NULL,
-  oauth_expiry text NOT NULL
+  oauth_expiry timestamptz NOT NULL,
+  UNIQUE(provider_id, user_id)
 );
diff --git a/coderd/database/migrations/000063_gitprovider.down.sql b/coderd/database/migrations/000063_gitprovider.down.sql
diff --git a/coderd/database/models.go b/coderd/database/models.go
diff --git a/coderd/database/querier.go b/coderd/database/querier.go
diff --git a/coderd/database/queries.sql.go b/coderd/database/queries.sql.go
diff --git a/coderd/database/queries/gitauth.sql b/coderd/database/queries/gitauth.sql
@@ -0,0 +1,29 @@
+-- name: GetGitAuthLink :one
+SELECT * FROM git_auth_links WHERE provider_id = $1 AND user_id = $2;
+
+-- name: InsertGitAuthLink :one
+INSERT INTO git_auth_links (
+    provider_id,
+    user_id,
+    created_at,
+    updated_at,
+    oauth_access_token,
+    oauth_refresh_token,
+    oauth_expiry
+) VALUES (
+    $1,
+    $2,
+    $3,
+    $4,
+    $5,
+    $6,
+    $7
+) RETURNING *;
+
+-- name: UpdateGitAuthLink :exec
+UPDATE git_auth_links SET
+    updated_at = $3,
+    oauth_access_token = $4,
+    oauth_refresh_token = $5,
+    oauth_expiry = $6
+WHERE provider_id = $1 AND user_id = $2;
diff --git a/coderd/database/unique_constraint.go b/coderd/database/unique_constraint.go