2022-07-30 13:39:48 +00:00
|
|
|
package request
|
2021-04-27 16:14:15 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
|
|
|
"math/rand"
|
|
|
|
"net/http"
|
|
|
|
"os"
|
2022-07-21 18:11:41 +00:00
|
|
|
"os/user"
|
2021-04-27 16:14:15 +00:00
|
|
|
"path/filepath"
|
2022-07-21 18:11:41 +00:00
|
|
|
"syscall"
|
2021-04-27 16:14:15 +00:00
|
|
|
"time"
|
|
|
|
|
|
|
|
email "git.tilde.town/tildetown/town/email"
|
|
|
|
)
|
|
|
|
|
2023-03-14 17:53:26 +00:00
|
|
|
const pwLetters = "!@#$%^&*()[]{}:;,.<>/?abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890"
|
2021-04-27 16:14:15 +00:00
|
|
|
|
2022-07-30 13:39:48 +00:00
|
|
|
func ProcessGitea(rp string) error {
|
2021-04-27 16:14:15 +00:00
|
|
|
apiToken := os.Getenv("GITEA_TOKEN")
|
|
|
|
if apiToken == "" {
|
|
|
|
return errors.New("need GITEA_TOKEN")
|
|
|
|
}
|
|
|
|
|
2022-07-30 13:42:33 +00:00
|
|
|
gtPath := filepath.Join(RequestPath, "gitea")
|
2021-04-27 16:14:15 +00:00
|
|
|
|
|
|
|
files, err := ioutil.ReadDir(gtPath)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
usernames := []string{}
|
|
|
|
|
|
|
|
for _, file := range files {
|
2022-07-21 18:11:41 +00:00
|
|
|
sysInfo := file.Sys()
|
|
|
|
uid := sysInfo.(*syscall.Stat_t).Uid
|
|
|
|
user, err := user.LookupId(fmt.Sprintf("%d", uid))
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "failed to get owner of file named '%s': %s", file.Name(), err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
usernames = append(usernames, user.Username)
|
2021-04-27 16:14:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if len(usernames) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, username := range usernames {
|
|
|
|
exists, err := giteaUserExists(apiToken, username)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "unable to check for existing account for %s: %s\n", username, err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if !exists {
|
|
|
|
password, err := createGiteaUser(apiToken, username)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "unable to create account for %s: %s\n", username, err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
err = sendGiteaEmail(username, password)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "failed to send email to %s; reach out manually: %s\n", username, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
os.Remove(filepath.Join(gtPath, username))
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func createGiteaUser(apiToken, username string) (string, error) {
|
|
|
|
client := &http.Client{}
|
|
|
|
password := genGiteaPassword()
|
|
|
|
|
|
|
|
// TODO using local email sucks for obvious reasons but it'll have to do for now. ideally password
|
|
|
|
// resets can be set local to the server, so the thing to change is not the local email but the
|
|
|
|
// ability for gitea to send mail internally.
|
|
|
|
createPayload := struct {
|
|
|
|
Email string
|
|
|
|
FullName string `json:"full_name"`
|
|
|
|
Login string `json:"login_name"`
|
|
|
|
MustChangePassword bool `json:"must_change_password"`
|
|
|
|
Password string
|
|
|
|
SendNotify bool `json:"send_notify"`
|
|
|
|
Username string
|
|
|
|
SourceId int `json:"source_id"`
|
|
|
|
}{
|
|
|
|
Email: fmt.Sprintf("%s@tilde.town", username),
|
|
|
|
FullName: username,
|
|
|
|
Login: username,
|
|
|
|
MustChangePassword: true,
|
|
|
|
Password: password,
|
|
|
|
SendNotify: false,
|
|
|
|
Username: username,
|
|
|
|
SourceId: 0,
|
|
|
|
}
|
|
|
|
|
|
|
|
body, err := json.Marshal(createPayload)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
req, err := giteaAPIReq(apiToken, "POST", "admin/users", bytes.NewBuffer(body))
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
resp, err := client.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
if resp.StatusCode != 201 {
|
|
|
|
lol, _ := ioutil.ReadAll(resp.Body)
|
|
|
|
fmt.Printf("DBG %#v\n", string(lol))
|
|
|
|
return "", fmt.Errorf("failed to create user for %s; error code %d", username, resp.StatusCode)
|
|
|
|
}
|
|
|
|
|
|
|
|
return password, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func giteaUserExists(apiToken, username string) (bool, error) {
|
|
|
|
client := &http.Client{}
|
|
|
|
req, err := giteaAPIReq(apiToken, "GET", "users/"+username, nil)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
resp, err := client.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if resp.StatusCode == 200 {
|
|
|
|
return true, nil
|
|
|
|
} else if resp.StatusCode == 404 {
|
|
|
|
return false, nil
|
|
|
|
} else {
|
|
|
|
return false, fmt.Errorf("unexpected response code: %d", resp.StatusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func giteaAPIReq(apiToken, method, path string, body *bytes.Buffer) (*http.Request, error) {
|
|
|
|
if body == nil {
|
|
|
|
body = bytes.NewBufferString("")
|
|
|
|
}
|
|
|
|
basePath := "https://git.tilde.town/api/v1/"
|
|
|
|
req, err := http.NewRequest(method, basePath+path, body)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
req.Header.Add("Authorization", fmt.Sprintf("token %s", apiToken))
|
|
|
|
req.Header.Add("Content-Type", "application/json")
|
|
|
|
|
|
|
|
return req, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func sendGiteaEmail(username, password string) error {
|
|
|
|
body := fmt.Sprintf(`hi %s!
|
|
|
|
|
|
|
|
you requested a git.tilde.town account and now you have one~
|
|
|
|
|
|
|
|
please log in with username %s and password %s
|
|
|
|
|
|
|
|
you'll be prompted to change the password.
|
|
|
|
|
|
|
|
if you did _not_ request this, please let an admin know.
|
|
|
|
`, username, username, password)
|
|
|
|
|
|
|
|
return email.SendLocalEmail(username, "gitea", body)
|
|
|
|
}
|
|
|
|
|
|
|
|
func genGiteaPassword() string {
|
|
|
|
rand.Seed(time.Now().UnixNano())
|
|
|
|
b := make([]byte, 20)
|
|
|
|
for i := range b {
|
|
|
|
b[i] = pwLetters[rand.Intn(len(pwLetters))]
|
|
|
|
}
|
|
|
|
// Bootleg, but hack to ensure we meet complexity requirement
|
|
|
|
return string(b) + "!" + "1" + "A"
|
|
|
|
}
|