Merge pull request '【devops】trustie提供服务器后台代码' (#8) from trustie_server into develop

Reviewed-on: https://git.trustie.net/jasder/forgeplus/pulls/8

app/controllers/ci/base_controller.rb

@@ -11,6 +11,11 @@ class Ci::BaseController < ApplicationController
     @ci_user, @repo = Ci::Repo.find_with_namespace(namespace, id)
   end
 
+  def load_all_repo
+    namespace = current_user.login
+    @repos = Ci::Repo.find_all_with_namespace(namespace)
+  end
+
   private
     def authorize_access_project!
       unless @project.manager?(current_user)

app/controllers/ci/cloud_accounts_controller.rb

@@ -5,6 +5,7 @@ class Ci::CloudAccountsController < Ci::BaseController
   before_action :load_project, only: %i[create activate]
   before_action :authorize_owner!, only: %i[create activate]
   before_action :load_repo, only: %i[activate]
+  before_action :load_all_repo, only: %i[unbind]
   before_action :find_cloud_account, only: %i[show oauth_grant]
   before_action :validate_params!, only: %i[create bind]
   before_action only: %i[create bind] do
@@ -96,6 +97,11 @@ class Ci::CloudAccountsController < Ci::BaseController
   def unbind
     ActiveRecord::Base.transaction do
       unbind_account!
+      if @repos
+        @repos.each do |repo|
+          repo.deactivate!
+        end
+      end
       render_ok
     end
   rescue Exception => ex

app/controllers/concerns/ci/cloud_account_manageable.rb

@@ -16,6 +16,9 @@ module Ci::CloudAccountManageable
     # 2. 生成oauth2应用程序的client_id和client_secrete
     gitea_oauth = Gitea::Oauth2::CreateService.call(current_user.gitea_token, {name: "pipeline-#{SecureRandom.hex(8)}", redirect_uris: ["#{cloud_account.drone_url}/login"]})
     logger.info "######### gitea_oauth: #{gitea_oauth}"
+
+    raise 'Gitea接口异常' if gitea_oauth['client_id'].blank?
+
     oauth = Oauth.new(client_id: gitea_oauth['client_id'],
       client_secret: gitea_oauth['client_secret'],
       redirect_uri: gitea_oauth['redirect_uris'],
@@ -54,12 +57,16 @@ module Ci::CloudAccountManageable
     result && !result.blank? ? cloud_account : nil
   end
 
-  # trustie提供服务器,绑定流程
+  def trustie_drone_server_config
-  def trustie_bind_account!
-
     # 读取drone配置信息
     config = Rails.application.config_for(:configuration).symbolize_keys!
     trustie_drone_config = config[:trustie_drone].symbolize_keys!
+    return trustie_drone_config
+  end
+
+  # trustie提供服务器,绑定流程
+  def trustie_bind_account!
+    trustie_drone_config = trustie_drone_server_config
     raise 'trustie_drone config missing' if trustie_drone_config.blank?
 
     # 创建云账号
@@ -71,6 +78,9 @@ module Ci::CloudAccountManageable
     #生成oauth2应用程序的client_id和client_secrete
     gitea_oauth = Gitea::Oauth2::CreateService.call(current_user.gitea_token, {name: "pipeline-#{SecureRandom.hex(8)}", redirect_uris: ["#{cloud_account.drone_url}/login"]})
     logger.info "######### gitea_oauth: #{gitea_oauth}"
+
+    raise 'Gitea接口异常' if gitea_oauth['client_id'].blank?
+
     oauth = Oauth.new(client_id: gitea_oauth['client_id'],
                       client_secret: gitea_oauth['client_secret'],
                       redirect_uri: gitea_oauth['redirect_uris'],
@@ -91,7 +101,11 @@ module Ci::CloudAccountManageable
 
     if cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_SELF
       @connection.execute("DROP DATABASE IF EXISTS #{current_user.login}_drone") # TOTO drop drone database
+    else
+      #删除drone用户
+      @trustie_db_connection.execute("DELETE FROM users WHERE user_login = '#{cloud_account.account}'")
     end
+
     cloud_account.destroy! unless cloud_account.blank?
     current_user.unbind_account!
   end
@@ -114,7 +128,12 @@ module Ci::CloudAccountManageable
     return [true, "你已经绑定了云帐号."] unless current_user.ci_cloud_account.blank?
 
     ip_num = IPAddr.new(devops_params[:ip_num]).to_i
-    Ci::CloudAccount.exists?(ip_num: ip_num) ? [true, "#{devops_params[:ip_num]}服务器已被使用."] : [false, nil]
+
+    #自有服务器进行判断
+    cloud_account = current_user.ci_cloud_account
+    if cloud_account && cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_SELF
+      Ci::CloudAccount.exists?(ip_num: ip_num) ? [true, "#{devops_params[:ip_num]}服务器已被使用."] : [false, nil]
+    end
   end
 
   def check_trustie_bind_cloud_account!
@@ -126,8 +145,16 @@ module Ci::CloudAccountManageable
     unix_time = Time.now.to_i
 
     # 目前直接操作db，可以建立对应的model进行操作
-    sql = "INSERT INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{gitea_oauth_id}, 0, #{unix_time}, #{unix_time} );"
+    sql = "REPLACE INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{gitea_oauth_id}, 0, #{unix_time}, #{unix_time} );"
     connection.execute(sql)
+
+    #如果使用trustie提供的服务器，需要多增加一条授权信息
+    if current_user.ci_cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_TRUSTIE
+      trustie_drone_config = trustie_drone_server_config
+      admin_application_id = trustie_drone_config[:admin_application_id]
+      sql = "REPLACE INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{admin_application_id}, 0, #{unix_time}, #{unix_time} );"
+      connection.execute(sql)
+    end
   end
 
   def gitea_oauth_grant!(password, oauth)
@@ -137,7 +164,8 @@ module Ci::CloudAccountManageable
     # redirect_uri eg:
     #  https://localhost:3000/login/oauth/authorize?client_id=94976481-ad0e-4ed4-9247-7eef106007a2&redirect_uri=http%3A%2F%2F121.69.81.11%3A80%2Flogin&response_type=code&state=9cab990b9cfb1805
     redirect_uri = CGI.escape("#{@cloud_account.drone_url}/login")
-    grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{oauth&.client_id}&redirect_uri=#{redirect_uri}&response_type=code&state=#{state}"
+    clientId = client_id(oauth)
+    grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{clientId}&redirect_uri=#{redirect_uri}&response_type=code&state=#{state}"
     logger.info "[gitea] grant_url: #{grant_url}"
 
     conn = Faraday.new(url: grant_url) do |req|
@@ -171,4 +199,14 @@ module Ci::CloudAccountManageable
       params.permit(:account, :secret, :ip_num)
     end
 
+  def client_id(oauth)
+    #如果是使用trustie服务器使用管理员用户的clientId
+    if current_user.ci_cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_TRUSTIE
+      trustie_drone_config = trustie_drone_server_config
+      return trustie_drone_config[:client_id]
+    else
+      return oauth&.client_id
+    end
+  end
+
 end

app/controllers/users_controller.rb

@@ -4,10 +4,20 @@ class UsersController < ApplicationController
   before_action :load_user, only: [:show, :homepage_info, :sync_token, :sync_gitea_pwd, :projects, :watch_users, :fan_users]
   before_action :check_user_exist, only: [:show, :homepage_info,:projects, :watch_users, :fan_users]
   before_action :require_login, only: %i[me list]
-  before_action :connect_to_ci_database, only: :get_user_info, if: -> { current_user && !current_user.is_a?(AnonymousUser) && current_user.devops_certification? }
+  before_action :connect_to_ci_db, only: [:get_user_info]
-
   skip_before_action :check_sign, only: [:attachment_show]
 
+  def connect_to_ci_db(options={})
+    if !(current_user && !current_user.is_a?(AnonymousUser) && current_user.devops_certification?)
+      return
+    end
+    if current_user.ci_cloud_account.server_type == Ci::CloudAccount::SERVER_TYPE_TRUSTIE
+      connect_to_trustie_ci_database(options)
+    else
+      connect_to_ci_database(options)
+    end
+  end
+
   def list
     scope = User.active.recent.like(params[:search]).includes(:user_extension)
     @total_count = scope.size

app/libs/ci/drone/api.rb

@@ -78,5 +78,11 @@ class Ci::Drone::API < Ci::Drone::Request
   def sync_repos
     post(endpoint, "/api/users/repos", drone_token: drone_token)
   end
-  
+
+  # Creates a user.
+  # POST /api/users
+  def create_user
+    post(endpoint, "/api/users", {login: options[:login], email: options[:email], avatar_url:options[:avatar_url],active:true, drone_token: options[:token]})
+  end
+
 end

app/models/ci/repo.rb

@@ -14,6 +14,12 @@ class Ci::Repo < Ci::RemoteBase
     [user, repo]
   end
 
+  def self.find_all_with_namespace(namespace_path)
+    logger.info "########namespace_path: #{namespace_path}"
+    repos = Ci::Repo.where(repo_namespace: namespace_path)
+    return repos
+  end
+
   def activate!(ci_user_id)
     update(repo_active: 1,
       repo_signer: generate_code,