Phase 3C — Commit Summary
feat: workspaces — collaborative repo namespaces Backend - internal/models/workspace.go — Workspace (handle, displayName, description, createdBy) + WorkspaceMember (workspaceId, userId, username, role: owner/admin/member) - internal/models/repo.go — added nullable workspace_id column; existing user repos unaffected - internal/models/migrations/011_workspaces.go — syncs both tables + adds column to repository - internal/api/handlers/workspace.go — ListWorkspaces, CreateWorkspace, GetWorkspace, UpdateWorkspace, DeleteWorkspace (blocks if repos remain), ListRepos, ListMembers, AddMember, UpdateMember, RemoveMember - internal/api/handlers/repos.go — lookupRepo resolves workspace handles; Create accepts workspace field; List includes workspace member repos; withOwnerName uses workspace handle for workspace-owned repos - internal/api/handlers/dashboard.go — recentRuns + repo list include workspace repos the user is a member of - internal/api/router.go — /workspaces, /workspaces/:handle/* routes Workspace rules enforced: - Handle globally unique across usernames + workspace handles (409 on collision) - Creator auto-assigned owner role - Delete blocked if repos exist - Last owner cannot be demoted/removed --- feat: secret management hierarchy (Global → Workspace → Repo → Env) Backend - internal/models/secret.go — Secret struct + EncryptSecret/DecryptSecret with AES-256-GCM (key = SHA-256 of SESSION_SECRET); values never serialised to JSON - internal/models/migrations/012_secrets.go — syncs secret table - internal/api/handlers/secret.go — List/Upsert/Delete for all four scopes; ResolveSecretsForRun builds merged env map for CI - internal/domain/ci/executor.go — JobContext.Secrets field; secrets injected as --env KEY=VALUE into docker run; buildJobContext calls resolveSecrets(Global < Workspace < Repo < Env) - internal/domain/ci/runner_manager.go — passes cfg.SessionSecret to buildJobContext - internal/api/router.go — /repos/:owner/:repo/secrets, /environments/:envName/secrets, /workspaces/:handle/secrets, /admin/secrets --- feat: workspace + secret management UI Frontend - types/api.ts — Workspace, WorkspaceWithMeta, WorkspaceMember, SecretListItem types - api/queries/workspaces.ts — full CRUD hooks + WorkspaceRepo type - api/queries/secrets.ts — repo/env/workspace secret hooks - pages/WorkspacesPage.tsx — list + create modal - pages/WorkspacePage.tsx — workspace dashboard with repo list - pages/WorkspaceSettingsPage.tsx — general settings, members CRUD, workspace secrets, danger zone - pages/RepoSecretsPage.tsx — repo secrets + per-environment secret sections with priority hierarchy callout - pages/CreateRepoPage.tsx — ?workspace= query param pre-fills owner selector; only admin/owner workspaces shown - components/layout/Sidebar.tsx — "Workspaces" global nav item + workspace quick-links; "Secrets" in RepoSubNav; new SecretsIcon, WorkspaceIcon - App.tsx — routes for /workspaces, /workspaces/:handle, /workspaces/:handle/settings, /repos/:owner/:repo/secrets
This commit is contained in:
@@ -89,9 +89,21 @@ type dashboardResponse struct {
|
||||
func (h *DashboardHandler) Get(w http.ResponseWriter, r *http.Request) {
|
||||
userID, _ := middleware.UserIDFromContext(r.Context())
|
||||
|
||||
// 1. Repos owned by this user.
|
||||
// 1. Repos owned by this user (user-level) + workspace repos where user is a member.
|
||||
var repos []models.Repository
|
||||
h.db.Where("owner_id = ?", userID).Desc("updated_at").Find(&repos)
|
||||
h.db.Where("owner_id = ? AND workspace_id IS NULL", userID).Desc("updated_at").Find(&repos)
|
||||
|
||||
var memberships []models.WorkspaceMember
|
||||
h.db.Where("user_id = ?", userID).Find(&memberships)
|
||||
if len(memberships) > 0 {
|
||||
wsIDs := make([]int64, len(memberships))
|
||||
for i, m := range memberships {
|
||||
wsIDs[i] = m.WorkspaceID
|
||||
}
|
||||
var wsRepos []models.Repository
|
||||
h.db.In("workspace_id", wsIDs).Desc("updated_at").Find(&wsRepos)
|
||||
repos = append(repos, wsRepos...)
|
||||
}
|
||||
|
||||
repoIDs := make([]int64, len(repos))
|
||||
repoByID := make(map[int64]models.Repository, len(repos))
|
||||
@@ -184,8 +196,22 @@ func (h *DashboardHandler) Get(w http.ResponseWriter, r *http.Request) {
|
||||
return dp
|
||||
}
|
||||
|
||||
// Cache workspace handles to avoid N+1.
|
||||
wsHandleByID := map[int64]string{}
|
||||
|
||||
dashRepos := make([]dashRepo, 0, len(repos))
|
||||
for _, rp := range repos {
|
||||
ownerName := owner.Username
|
||||
if rp.WorkspaceID != nil && *rp.WorkspaceID != 0 {
|
||||
if wsHandle, ok := wsHandleByID[*rp.WorkspaceID]; ok {
|
||||
ownerName = wsHandle
|
||||
} else {
|
||||
var ws models.Workspace
|
||||
h.db.ID(*rp.WorkspaceID).Cols("handle").Get(&ws)
|
||||
wsHandleByID[*rp.WorkspaceID] = ws.Handle
|
||||
ownerName = ws.Handle
|
||||
}
|
||||
}
|
||||
dashRepos = append(dashRepos, dashRepo{
|
||||
ID: rp.ID,
|
||||
Name: rp.Name,
|
||||
@@ -193,8 +219,8 @@ func (h *DashboardHandler) Get(w http.ResponseWriter, r *http.Request) {
|
||||
IsPrivate: rp.IsPrivate,
|
||||
DefaultBranch: rp.DefaultBranch,
|
||||
UpdatedAt: rp.UpdatedAt.Format("2006-01-02T15:04:05Z"),
|
||||
OwnerName: owner.Username,
|
||||
AvatarURL: "/api/v1/repos/" + owner.Username + "/" + rp.Name + "/avatar",
|
||||
OwnerName: ownerName,
|
||||
AvatarURL: "/api/v1/repos/" + ownerName + "/" + rp.Name + "/avatar",
|
||||
OpenPRCount: prCountByRepo[rp.ID],
|
||||
OpenIssueCount: issueCountByRepo[rp.ID],
|
||||
})
|
||||
|
||||
@@ -46,19 +46,28 @@ func isValidRepoName(name string) bool {
|
||||
}
|
||||
|
||||
func (h *RepoHandler) withOwnerName(repo *models.Repository) repoResponse {
|
||||
var owner models.User
|
||||
h.db.ID(repo.OwnerID).Get(&owner)
|
||||
gitdomain.SetRepoRoot(h.cfg.RepoRoot)
|
||||
|
||||
ownerName := ""
|
||||
if repo.WorkspaceID != nil && *repo.WorkspaceID != 0 {
|
||||
var ws models.Workspace
|
||||
h.db.ID(*repo.WorkspaceID).Cols("handle").Get(&ws)
|
||||
ownerName = ws.Handle
|
||||
} else {
|
||||
var owner models.User
|
||||
h.db.ID(repo.OwnerID).Cols("username").Get(&owner)
|
||||
ownerName = owner.Username
|
||||
}
|
||||
|
||||
avURL := ""
|
||||
if _, err := os.Stat(avatarPath(h.cfg.RepoRoot, repo.ID)); err == nil {
|
||||
avURL = "/api/v1/repos/" + owner.Username + "/" + repo.Name + "/avatar"
|
||||
avURL = "/api/v1/repos/" + ownerName + "/" + repo.Name + "/avatar"
|
||||
}
|
||||
|
||||
return repoResponse{
|
||||
Repository: *repo,
|
||||
AvatarURL: avURL,
|
||||
OwnerName: owner.Username,
|
||||
OwnerName: ownerName,
|
||||
IsEmpty: gitdomain.IsEmpty(repo.DiskPath),
|
||||
}
|
||||
}
|
||||
@@ -75,10 +84,21 @@ func NewRepoHandler(db *xorm.Engine, cfg *config.Config) *RepoHandler {
|
||||
func (h *RepoHandler) List(w http.ResponseWriter, r *http.Request) {
|
||||
userID, _ := middleware.UserIDFromContext(r.Context())
|
||||
|
||||
// User-owned repos.
|
||||
var repos []models.Repository
|
||||
if err := h.db.Where("owner_id = ?", userID).Find(&repos); err != nil {
|
||||
jsonError(w, "could not list repositories", http.StatusInternalServerError)
|
||||
return
|
||||
h.db.Where("owner_id = ? AND workspace_id IS NULL", userID).Find(&repos)
|
||||
|
||||
// Workspace repos where user is a member.
|
||||
var memberships []models.WorkspaceMember
|
||||
h.db.Where("user_id = ?", userID).Find(&memberships)
|
||||
if len(memberships) > 0 {
|
||||
wsIDs := make([]int64, len(memberships))
|
||||
for i, m := range memberships {
|
||||
wsIDs[i] = m.WorkspaceID
|
||||
}
|
||||
var wsRepos []models.Repository
|
||||
h.db.In("workspace_id", wsIDs).Find(&wsRepos)
|
||||
repos = append(repos, wsRepos...)
|
||||
}
|
||||
|
||||
result := make([]repoResponse, len(repos))
|
||||
@@ -98,6 +118,7 @@ func (h *RepoHandler) Create(w http.ResponseWriter, r *http.Request) {
|
||||
DefaultBranch string `json:"defaultBranch"`
|
||||
InitReadme string `json:"initReadme"` // "none" | "blank" | "tutorial"
|
||||
InitGitignore bool `json:"initGitignore"` // true → add .gitignore
|
||||
Workspace string `json:"workspace"` // optional workspace handle
|
||||
}
|
||||
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
||||
jsonError(w, "invalid request body", http.StatusBadRequest)
|
||||
@@ -112,10 +133,35 @@ func (h *RepoHandler) Create(w http.ResponseWriter, r *http.Request) {
|
||||
branch = "main"
|
||||
}
|
||||
|
||||
diskPath := filepath.Join(h.cfg.RepoRoot, strconv.FormatInt(userID, 10), body.Name+".git")
|
||||
// Determine owner: workspace or user.
|
||||
var workspaceID *int64
|
||||
var diskPath string
|
||||
if body.Workspace != "" {
|
||||
var ws models.Workspace
|
||||
if found, _ := h.db.Where("handle = ?", body.Workspace).Get(&ws); !found {
|
||||
jsonError(w, "workspace not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
// Caller must be a member with write access.
|
||||
var member models.WorkspaceMember
|
||||
if found, _ := h.db.Where("workspace_id = ? AND user_id = ?", ws.ID, userID).Get(&member); !found {
|
||||
jsonError(w, "not a member of this workspace", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
if member.Role == models.WorkspaceRoleMember {
|
||||
jsonError(w, "admin or owner required to create repos in a workspace", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
wsID := ws.ID
|
||||
workspaceID = &wsID
|
||||
diskPath = diskPathForWorkspaceRepo(h.cfg.RepoRoot, ws.ID, body.Name)
|
||||
} else {
|
||||
diskPath = filepath.Join(h.cfg.RepoRoot, strconv.FormatInt(userID, 10), body.Name+".git")
|
||||
}
|
||||
|
||||
repo := &models.Repository{
|
||||
OwnerID: userID,
|
||||
WorkspaceID: workspaceID,
|
||||
Name: body.Name,
|
||||
Description: body.Description,
|
||||
IsPrivate: body.IsPrivate,
|
||||
@@ -559,33 +605,48 @@ func (h *RepoHandler) Diff(w http.ResponseWriter, r *http.Request) {
|
||||
jsonOK(w, diffs)
|
||||
}
|
||||
|
||||
// lookupRepo resolves {owner}/{repo} URL params to a DB row, enforcing access.
|
||||
// lookupRepo resolves {owner}/{repo} URL params to a DB row.
|
||||
// The owner segment can be either a username (user-owned repo) or a
|
||||
// workspace handle (workspace-owned repo).
|
||||
func (h *RepoHandler) lookupRepo(w http.ResponseWriter, r *http.Request) (*models.Repository, bool) {
|
||||
ownerName := chi.URLParam(r, "owner")
|
||||
repoName := chi.URLParam(r, "repo")
|
||||
callerID, _ := middleware.UserIDFromContext(r.Context())
|
||||
|
||||
var owner models.User
|
||||
found, err := h.db.Where("username = ?", ownerName).Get(&owner)
|
||||
if err != nil || !found {
|
||||
jsonError(w, "repository not found", http.StatusNotFound)
|
||||
return nil, false
|
||||
}
|
||||
|
||||
var repo models.Repository
|
||||
found, err = h.db.Where("owner_id = ? AND name = ?", owner.ID, repoName).Get(&repo)
|
||||
if err != nil || !found {
|
||||
jsonError(w, "repository not found", http.StatusNotFound)
|
||||
return nil, false
|
||||
}
|
||||
|
||||
// Private repo: only the owner may access (RBAC will be expanded in Phase 3)
|
||||
if repo.IsPrivate {
|
||||
callerID, _ := middleware.UserIDFromContext(r.Context())
|
||||
if callerID != repo.OwnerID {
|
||||
jsonError(w, "repository not found", http.StatusNotFound)
|
||||
return nil, false
|
||||
// 1. Try user namespace first.
|
||||
var user models.User
|
||||
if found, _ := h.db.Where("username = ?", ownerName).Get(&user); found {
|
||||
var repo models.Repository
|
||||
if found2, _ := h.db.Where("owner_id = ? AND name = ? AND workspace_id IS NULL", user.ID, repoName).Get(&repo); found2 {
|
||||
if repo.IsPrivate && callerID != repo.OwnerID {
|
||||
// Check repo membership for private user repos.
|
||||
var m models.RepoMember
|
||||
if mfound, _ := h.db.Where("repo_id = ? AND user_id = ?", repo.ID, callerID).Get(&m); !mfound {
|
||||
jsonError(w, "repository not found", http.StatusNotFound)
|
||||
return nil, false
|
||||
}
|
||||
}
|
||||
return &repo, true
|
||||
}
|
||||
}
|
||||
|
||||
return &repo, true
|
||||
// 2. Try workspace namespace.
|
||||
var ws models.Workspace
|
||||
if found, _ := h.db.Where("handle = ?", ownerName).Get(&ws); found {
|
||||
var repo models.Repository
|
||||
if found2, _ := h.db.Where("workspace_id = ? AND name = ?", ws.ID, repoName).Get(&repo); found2 {
|
||||
if repo.IsPrivate {
|
||||
// Private workspace repo: caller must be a workspace member.
|
||||
var m models.WorkspaceMember
|
||||
if mfound, _ := h.db.Where("workspace_id = ? AND user_id = ?", ws.ID, callerID).Get(&m); !mfound {
|
||||
jsonError(w, "repository not found", http.StatusNotFound)
|
||||
return nil, false
|
||||
}
|
||||
}
|
||||
return &repo, true
|
||||
}
|
||||
}
|
||||
|
||||
jsonError(w, "repository not found", http.StatusNotFound)
|
||||
return nil, false
|
||||
}
|
||||
|
||||
@@ -0,0 +1,309 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
"xorm.io/xorm"
|
||||
|
||||
"github.com/forgeo/forgebucket/internal/api/middleware"
|
||||
"github.com/forgeo/forgebucket/internal/models"
|
||||
)
|
||||
|
||||
type SecretHandler struct {
|
||||
db *xorm.Engine
|
||||
sessionSecret string
|
||||
}
|
||||
|
||||
func NewSecretHandler(db *xorm.Engine, sessionSecret string) *SecretHandler {
|
||||
return &SecretHandler{db: db, sessionSecret: sessionSecret}
|
||||
}
|
||||
|
||||
// ── Secret list response (names only — never values) ─────────────────────────
|
||||
|
||||
type secretListItem struct {
|
||||
ID int64 `json:"id"`
|
||||
Name string `json:"name"`
|
||||
CreatedAt string `json:"createdAt"`
|
||||
UpdatedAt string `json:"updatedAt"`
|
||||
}
|
||||
|
||||
func toListItem(s models.Secret) secretListItem {
|
||||
return secretListItem{
|
||||
ID: s.ID,
|
||||
Name: s.Name,
|
||||
CreatedAt: s.CreatedAt.Format("2006-01-02T15:04:05Z"),
|
||||
UpdatedAt: s.UpdatedAt.Format("2006-01-02T15:04:05Z"),
|
||||
}
|
||||
}
|
||||
|
||||
// ── Repo secrets ──────────────────────────────────────────────────────────────
|
||||
|
||||
func (h *SecretHandler) ListRepoSecrets(w http.ResponseWriter, r *http.Request) {
|
||||
repoID, ok := h.resolveRepoID(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
h.listSecrets(w, models.SecretScopeRepo, repoID)
|
||||
}
|
||||
|
||||
func (h *SecretHandler) UpsertRepoSecret(w http.ResponseWriter, r *http.Request) {
|
||||
repoID, ok := h.resolveRepoID(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
h.upsertSecret(w, r, models.SecretScopeRepo, repoID)
|
||||
}
|
||||
|
||||
func (h *SecretHandler) DeleteRepoSecret(w http.ResponseWriter, r *http.Request) {
|
||||
repoID, ok := h.resolveRepoID(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
h.deleteSecret(w, r, models.SecretScopeRepo, repoID)
|
||||
}
|
||||
|
||||
// ── Env secrets ───────────────────────────────────────────────────────────────
|
||||
|
||||
func (h *SecretHandler) ListEnvSecrets(w http.ResponseWriter, r *http.Request) {
|
||||
envID, ok := h.resolveEnvID(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
h.listSecrets(w, models.SecretScopeEnv, envID)
|
||||
}
|
||||
|
||||
func (h *SecretHandler) UpsertEnvSecret(w http.ResponseWriter, r *http.Request) {
|
||||
envID, ok := h.resolveEnvID(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
h.upsertSecret(w, r, models.SecretScopeEnv, envID)
|
||||
}
|
||||
|
||||
func (h *SecretHandler) DeleteEnvSecret(w http.ResponseWriter, r *http.Request) {
|
||||
envID, ok := h.resolveEnvID(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
h.deleteSecret(w, r, models.SecretScopeEnv, envID)
|
||||
}
|
||||
|
||||
// ── Workspace secrets ─────────────────────────────────────────────────────────
|
||||
|
||||
func (h *SecretHandler) ListWorkspaceSecrets(w http.ResponseWriter, r *http.Request) {
|
||||
wsID, ok := h.resolveWorkspaceID(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
h.listSecrets(w, models.SecretScopeWorkspace, wsID)
|
||||
}
|
||||
|
||||
func (h *SecretHandler) UpsertWorkspaceSecret(w http.ResponseWriter, r *http.Request) {
|
||||
wsID, ok := h.resolveWorkspaceID(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
h.upsertSecret(w, r, models.SecretScopeWorkspace, wsID)
|
||||
}
|
||||
|
||||
func (h *SecretHandler) DeleteWorkspaceSecret(w http.ResponseWriter, r *http.Request) {
|
||||
wsID, ok := h.resolveWorkspaceID(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
h.deleteSecret(w, r, models.SecretScopeWorkspace, wsID)
|
||||
}
|
||||
|
||||
// ── Global secrets (admin only) ───────────────────────────────────────────────
|
||||
|
||||
func (h *SecretHandler) ListGlobalSecrets(w http.ResponseWriter, r *http.Request) {
|
||||
if !h.requireAdmin(w, r) {
|
||||
return
|
||||
}
|
||||
h.listSecrets(w, models.SecretScopeGlobal, 0)
|
||||
}
|
||||
|
||||
func (h *SecretHandler) UpsertGlobalSecret(w http.ResponseWriter, r *http.Request) {
|
||||
if !h.requireAdmin(w, r) {
|
||||
return
|
||||
}
|
||||
h.upsertSecret(w, r, models.SecretScopeGlobal, 0)
|
||||
}
|
||||
|
||||
func (h *SecretHandler) DeleteGlobalSecret(w http.ResponseWriter, r *http.Request) {
|
||||
if !h.requireAdmin(w, r) {
|
||||
return
|
||||
}
|
||||
h.deleteSecret(w, r, models.SecretScopeGlobal, 0)
|
||||
}
|
||||
|
||||
// ── Shared CRUD primitives ────────────────────────────────────────────────────
|
||||
|
||||
func (h *SecretHandler) listSecrets(w http.ResponseWriter, scope models.SecretScope, scopeID int64) {
|
||||
var secrets []models.Secret
|
||||
h.db.Where("scope = ? AND scope_id = ?", scope, scopeID).Asc("name").Find(&secrets)
|
||||
items := make([]secretListItem, len(secrets))
|
||||
for i, s := range secrets {
|
||||
items[i] = toListItem(s)
|
||||
}
|
||||
jsonOK(w, items)
|
||||
}
|
||||
|
||||
func (h *SecretHandler) upsertSecret(w http.ResponseWriter, r *http.Request, scope models.SecretScope, scopeID int64) {
|
||||
var body struct {
|
||||
Name string `json:"name"`
|
||||
Value string `json:"value"`
|
||||
}
|
||||
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
||||
jsonError(w, "invalid request body", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if body.Name == "" || body.Value == "" {
|
||||
jsonError(w, "name and value are required", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
encrypted, err := models.EncryptSecret(body.Value, h.sessionSecret)
|
||||
if err != nil {
|
||||
jsonError(w, "encryption failed", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
// Upsert: update if the name already exists for this scope.
|
||||
var existing models.Secret
|
||||
found, _ := h.db.Where("scope = ? AND scope_id = ? AND name = ?", scope, scopeID, body.Name).Get(&existing)
|
||||
if found {
|
||||
existing.EncryptedValue = encrypted
|
||||
h.db.ID(existing.ID).Cols("encrypted_value", "updated_at").Update(&existing) //nolint:errcheck
|
||||
jsonOK(w, toListItem(existing))
|
||||
return
|
||||
}
|
||||
|
||||
secret := &models.Secret{
|
||||
Scope: scope,
|
||||
ScopeID: scopeID,
|
||||
Name: body.Name,
|
||||
EncryptedValue: encrypted,
|
||||
}
|
||||
if _, err := h.db.Insert(secret); err != nil {
|
||||
jsonError(w, "could not save secret", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.WriteHeader(http.StatusCreated)
|
||||
json.NewEncoder(w).Encode(toListItem(*secret)) //nolint:errcheck
|
||||
}
|
||||
|
||||
func (h *SecretHandler) deleteSecret(w http.ResponseWriter, r *http.Request, scope models.SecretScope, scopeID int64) {
|
||||
name := chi.URLParam(r, "name")
|
||||
res, err := h.db.Where("scope = ? AND scope_id = ? AND name = ?", scope, scopeID, name).
|
||||
Delete(&models.Secret{})
|
||||
if err != nil || res == 0 {
|
||||
jsonError(w, "secret not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
// ── ResolveSecretsForRun ──────────────────────────────────────────────────────
|
||||
// Used by the CI executor to build the env var map for a pipeline job.
|
||||
// Priority order (highest wins): Env > Repo > Workspace > Global.
|
||||
|
||||
func ResolveSecretsForRun(db *xorm.Engine, repoID, workspaceID, envID int64, sessionSecret string) map[string]string {
|
||||
out := map[string]string{}
|
||||
|
||||
loadScope := func(scope models.SecretScope, scopeID int64) {
|
||||
var secrets []models.Secret
|
||||
db.Where("scope = ? AND scope_id = ?", scope, scopeID).Find(&secrets)
|
||||
for _, s := range secrets {
|
||||
if _, already := out[s.Name]; !already {
|
||||
pt, err := models.DecryptSecret(s.EncryptedValue, sessionSecret)
|
||||
if err == nil {
|
||||
out[s.Name] = pt
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Load in reverse priority so higher-priority scopes overwrite.
|
||||
loadScope(models.SecretScopeGlobal, 0)
|
||||
if workspaceID != 0 {
|
||||
loadScope(models.SecretScopeWorkspace, workspaceID)
|
||||
}
|
||||
loadScope(models.SecretScopeRepo, repoID)
|
||||
if envID != 0 {
|
||||
loadScope(models.SecretScopeEnv, envID)
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
// ── Helpers ───────────────────────────────────────────────────────────────────
|
||||
|
||||
func (h *SecretHandler) resolveRepoID(w http.ResponseWriter, r *http.Request) (int64, bool) {
|
||||
owner := chi.URLParam(r, "owner")
|
||||
repoName := chi.URLParam(r, "repo")
|
||||
var u models.User
|
||||
if found, _ := h.db.Where("username = ?", owner).Get(&u); !found {
|
||||
// Try workspace
|
||||
var ws models.Workspace
|
||||
if found2, _ := h.db.Where("handle = ?", owner).Get(&ws); !found2 {
|
||||
jsonError(w, "repository not found", http.StatusNotFound)
|
||||
return 0, false
|
||||
}
|
||||
var repo models.Repository
|
||||
if found3, _ := h.db.Where("workspace_id = ? AND name = ?", ws.ID, repoName).Get(&repo); !found3 {
|
||||
jsonError(w, "repository not found", http.StatusNotFound)
|
||||
return 0, false
|
||||
}
|
||||
return repo.ID, true
|
||||
}
|
||||
var repo models.Repository
|
||||
if found, _ := h.db.Where("owner_id = ? AND name = ?", u.ID, repoName).Get(&repo); !found {
|
||||
jsonError(w, "repository not found", http.StatusNotFound)
|
||||
return 0, false
|
||||
}
|
||||
return repo.ID, true
|
||||
}
|
||||
|
||||
func (h *SecretHandler) resolveEnvID(w http.ResponseWriter, r *http.Request) (int64, bool) {
|
||||
repoID, ok := h.resolveRepoID(w, r)
|
||||
if !ok {
|
||||
return 0, false
|
||||
}
|
||||
envName := chi.URLParam(r, "envName")
|
||||
var env models.Environment
|
||||
if found, _ := h.db.Where("repo_id = ? AND name = ?", repoID, envName).Get(&env); !found {
|
||||
jsonError(w, "environment not found", http.StatusNotFound)
|
||||
return 0, false
|
||||
}
|
||||
return env.ID, true
|
||||
}
|
||||
|
||||
func (h *SecretHandler) resolveWorkspaceID(w http.ResponseWriter, r *http.Request) (int64, bool) {
|
||||
handle := chi.URLParam(r, "handle")
|
||||
var ws models.Workspace
|
||||
if found, _ := h.db.Where("handle = ?", handle).Get(&ws); !found {
|
||||
jsonError(w, "workspace not found", http.StatusNotFound)
|
||||
return 0, false
|
||||
}
|
||||
// Require membership.
|
||||
userID, _ := middleware.UserIDFromContext(r.Context())
|
||||
var member models.WorkspaceMember
|
||||
if found, _ := h.db.Where("workspace_id = ? AND user_id = ?", ws.ID, userID).Get(&member); !found {
|
||||
jsonError(w, "workspace not found", http.StatusNotFound)
|
||||
return 0, false
|
||||
}
|
||||
return ws.ID, true
|
||||
}
|
||||
|
||||
func (h *SecretHandler) requireAdmin(w http.ResponseWriter, r *http.Request) bool {
|
||||
userID, _ := middleware.UserIDFromContext(r.Context())
|
||||
var u models.User
|
||||
if found, _ := h.db.ID(userID).Get(&u); !found || !u.IsAdmin {
|
||||
jsonError(w, "admin required", http.StatusForbidden)
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
@@ -0,0 +1,409 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
"xorm.io/xorm"
|
||||
|
||||
"github.com/forgeo/forgebucket/internal/api/middleware"
|
||||
"github.com/forgeo/forgebucket/internal/config"
|
||||
"github.com/forgeo/forgebucket/internal/models"
|
||||
)
|
||||
|
||||
type WorkspaceHandler struct {
|
||||
db *xorm.Engine
|
||||
cfg *config.Config
|
||||
}
|
||||
|
||||
func NewWorkspaceHandler(db *xorm.Engine, cfg *config.Config) *WorkspaceHandler {
|
||||
return &WorkspaceHandler{db: db, cfg: cfg}
|
||||
}
|
||||
|
||||
// ── Response shapes ───────────────────────────────────────────────────────────
|
||||
|
||||
type workspaceResponse struct {
|
||||
models.Workspace
|
||||
MemberCount int `json:"memberCount"`
|
||||
RepoCount int `json:"repoCount"`
|
||||
MyRole string `json:"myRole"` // caller's role, empty if not a member
|
||||
}
|
||||
|
||||
// ── List ──────────────────────────────────────────────────────────────────────
|
||||
|
||||
// ListWorkspaces returns all workspaces the current user belongs to.
|
||||
func (h *WorkspaceHandler) ListWorkspaces(w http.ResponseWriter, r *http.Request) {
|
||||
userID, _ := middleware.UserIDFromContext(r.Context())
|
||||
|
||||
var memberships []models.WorkspaceMember
|
||||
h.db.Where("user_id = ?", userID).Find(&memberships)
|
||||
|
||||
if len(memberships) == 0 {
|
||||
jsonOK(w, []workspaceResponse{})
|
||||
return
|
||||
}
|
||||
|
||||
wsIDs := make([]int64, len(memberships))
|
||||
roleByWS := map[int64]string{}
|
||||
for i, m := range memberships {
|
||||
wsIDs[i] = m.WorkspaceID
|
||||
roleByWS[m.WorkspaceID] = string(m.Role)
|
||||
}
|
||||
|
||||
var workspaces []models.Workspace
|
||||
h.db.In("id", wsIDs).Find(&workspaces)
|
||||
|
||||
result := make([]workspaceResponse, len(workspaces))
|
||||
for i, ws := range workspaces {
|
||||
memberCount, _ := h.db.Where("workspace_id = ?", ws.ID).Count(&models.WorkspaceMember{})
|
||||
repoCount, _ := h.db.Where("workspace_id = ?", ws.ID).Count(&models.Repository{})
|
||||
result[i] = workspaceResponse{
|
||||
Workspace: ws,
|
||||
MemberCount: int(memberCount),
|
||||
RepoCount: int(repoCount),
|
||||
MyRole: roleByWS[ws.ID],
|
||||
}
|
||||
}
|
||||
jsonOK(w, result)
|
||||
}
|
||||
|
||||
// ── Create ────────────────────────────────────────────────────────────────────
|
||||
|
||||
func (h *WorkspaceHandler) CreateWorkspace(w http.ResponseWriter, r *http.Request) {
|
||||
userID, _ := middleware.UserIDFromContext(r.Context())
|
||||
|
||||
var body struct {
|
||||
Handle string `json:"handle"`
|
||||
DisplayName string `json:"displayName"`
|
||||
Description string `json:"description"`
|
||||
}
|
||||
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
||||
jsonError(w, "invalid request body", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if body.Handle == "" {
|
||||
jsonError(w, "handle is required", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if !isValidHandle(body.Handle) {
|
||||
jsonError(w, "handle may only contain letters, numbers, hyphens, and underscores", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// Handle must not collide with any username or existing workspace handle.
|
||||
var existingUser models.User
|
||||
if found, _ := h.db.Where("username = ?", body.Handle).Get(&existingUser); found {
|
||||
jsonError(w, "handle is already taken by a user", http.StatusConflict)
|
||||
return
|
||||
}
|
||||
var existingWS models.Workspace
|
||||
if found, _ := h.db.Where("handle = ?", body.Handle).Get(&existingWS); found {
|
||||
jsonError(w, "handle is already taken by a workspace", http.StatusConflict)
|
||||
return
|
||||
}
|
||||
|
||||
ws := &models.Workspace{
|
||||
Handle: body.Handle,
|
||||
DisplayName: body.DisplayName,
|
||||
Description: body.Description,
|
||||
CreatedBy: userID,
|
||||
}
|
||||
if _, err := h.db.Insert(ws); err != nil {
|
||||
jsonError(w, "could not create workspace", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
// Creator becomes owner automatically.
|
||||
var creator models.User
|
||||
h.db.ID(userID).Cols("username").Get(&creator)
|
||||
member := &models.WorkspaceMember{
|
||||
WorkspaceID: ws.ID,
|
||||
UserID: userID,
|
||||
Username: creator.Username,
|
||||
Role: models.WorkspaceRoleOwner,
|
||||
}
|
||||
h.db.Insert(member) //nolint:errcheck
|
||||
|
||||
resp := workspaceResponse{Workspace: *ws, MemberCount: 1, MyRole: string(models.WorkspaceRoleOwner)}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.WriteHeader(http.StatusCreated)
|
||||
json.NewEncoder(w).Encode(resp) //nolint:errcheck
|
||||
}
|
||||
|
||||
// ── Get ───────────────────────────────────────────────────────────────────────
|
||||
|
||||
func (h *WorkspaceHandler) GetWorkspace(w http.ResponseWriter, r *http.Request) {
|
||||
ws, myRole, ok := h.resolveWorkspace(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
memberCount, _ := h.db.Where("workspace_id = ?", ws.ID).Count(&models.WorkspaceMember{})
|
||||
repoCount, _ := h.db.Where("workspace_id = ?", ws.ID).Count(&models.Repository{})
|
||||
jsonOK(w, workspaceResponse{Workspace: *ws, MemberCount: int(memberCount), RepoCount: int(repoCount), MyRole: myRole})
|
||||
}
|
||||
|
||||
// ── Update ────────────────────────────────────────────────────────────────────
|
||||
|
||||
func (h *WorkspaceHandler) UpdateWorkspace(w http.ResponseWriter, r *http.Request) {
|
||||
ws, myRole, ok := h.resolveWorkspace(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if myRole != string(models.WorkspaceRoleOwner) && myRole != string(models.WorkspaceRoleAdmin) {
|
||||
jsonError(w, "admin or owner required", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
var body struct {
|
||||
DisplayName *string `json:"displayName"`
|
||||
Description *string `json:"description"`
|
||||
}
|
||||
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
||||
jsonError(w, "invalid request body", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
cols := []string{}
|
||||
if body.DisplayName != nil {
|
||||
ws.DisplayName = *body.DisplayName
|
||||
cols = append(cols, "display_name")
|
||||
}
|
||||
if body.Description != nil {
|
||||
ws.Description = *body.Description
|
||||
cols = append(cols, "description")
|
||||
}
|
||||
if len(cols) > 0 {
|
||||
h.db.ID(ws.ID).Cols(cols...).Update(ws) //nolint:errcheck
|
||||
}
|
||||
jsonOK(w, ws)
|
||||
}
|
||||
|
||||
// ── Delete ────────────────────────────────────────────────────────────────────
|
||||
|
||||
func (h *WorkspaceHandler) DeleteWorkspace(w http.ResponseWriter, r *http.Request) {
|
||||
ws, myRole, ok := h.resolveWorkspace(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if myRole != string(models.WorkspaceRoleOwner) {
|
||||
jsonError(w, "only the workspace owner can delete it", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
// Refuse if the workspace still has repos.
|
||||
count, _ := h.db.Where("workspace_id = ?", ws.ID).Count(&models.Repository{})
|
||||
if count > 0 {
|
||||
jsonError(w, "delete or transfer all repositories before deleting the workspace", http.StatusConflict)
|
||||
return
|
||||
}
|
||||
h.db.Where("workspace_id = ?", ws.ID).Delete(&models.WorkspaceMember{}) //nolint:errcheck
|
||||
h.db.ID(ws.ID).Delete(&models.Workspace{}) //nolint:errcheck
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
// ── Repos in workspace ────────────────────────────────────────────────────────
|
||||
|
||||
func (h *WorkspaceHandler) ListRepos(w http.ResponseWriter, r *http.Request) {
|
||||
ws, _, ok := h.resolveWorkspace(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
var repos []models.Repository
|
||||
h.db.Where("workspace_id = ?", ws.ID).Find(&repos)
|
||||
if repos == nil {
|
||||
repos = []models.Repository{}
|
||||
}
|
||||
// Return the same enriched shape that the repo list uses.
|
||||
type wsRepoResponse struct {
|
||||
models.Repository
|
||||
OwnerName string `json:"ownerName"`
|
||||
}
|
||||
result := make([]wsRepoResponse, len(repos))
|
||||
for i, r := range repos {
|
||||
result[i] = wsRepoResponse{Repository: r, OwnerName: ws.Handle}
|
||||
}
|
||||
jsonOK(w, result)
|
||||
}
|
||||
|
||||
// ── Members ───────────────────────────────────────────────────────────────────
|
||||
|
||||
func (h *WorkspaceHandler) ListMembers(w http.ResponseWriter, r *http.Request) {
|
||||
ws, _, ok := h.resolveWorkspace(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
var members []models.WorkspaceMember
|
||||
h.db.Where("workspace_id = ?", ws.ID).Find(&members)
|
||||
if members == nil {
|
||||
members = []models.WorkspaceMember{}
|
||||
}
|
||||
jsonOK(w, members)
|
||||
}
|
||||
|
||||
func (h *WorkspaceHandler) AddMember(w http.ResponseWriter, r *http.Request) {
|
||||
ws, myRole, ok := h.resolveWorkspace(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if myRole != string(models.WorkspaceRoleOwner) && myRole != string(models.WorkspaceRoleAdmin) {
|
||||
jsonError(w, "admin or owner required", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
var body struct {
|
||||
Username string `json:"username"`
|
||||
Role string `json:"role"` // "admin" | "member"
|
||||
}
|
||||
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
||||
jsonError(w, "invalid request body", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
role := models.WorkspaceRole(body.Role)
|
||||
if role != models.WorkspaceRoleAdmin && role != models.WorkspaceRoleMember {
|
||||
role = models.WorkspaceRoleMember
|
||||
}
|
||||
|
||||
var user models.User
|
||||
if found, _ := h.db.Where("username = ?", body.Username).Get(&user); !found {
|
||||
jsonError(w, "user not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
// Idempotent: update role if already a member.
|
||||
var existing models.WorkspaceMember
|
||||
if found, _ := h.db.Where("workspace_id = ? AND user_id = ?", ws.ID, user.ID).Get(&existing); found {
|
||||
existing.Role = role
|
||||
h.db.ID(existing.ID).Cols("role").Update(&existing) //nolint:errcheck
|
||||
jsonOK(w, existing)
|
||||
return
|
||||
}
|
||||
|
||||
member := &models.WorkspaceMember{
|
||||
WorkspaceID: ws.ID,
|
||||
UserID: user.ID,
|
||||
Username: user.Username,
|
||||
Role: role,
|
||||
}
|
||||
if _, err := h.db.Insert(member); err != nil {
|
||||
jsonError(w, "could not add member", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.WriteHeader(http.StatusCreated)
|
||||
json.NewEncoder(w).Encode(member) //nolint:errcheck
|
||||
}
|
||||
|
||||
func (h *WorkspaceHandler) UpdateMember(w http.ResponseWriter, r *http.Request) {
|
||||
ws, myRole, ok := h.resolveWorkspace(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if myRole != string(models.WorkspaceRoleOwner) && myRole != string(models.WorkspaceRoleAdmin) {
|
||||
jsonError(w, "admin or owner required", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
targetUsername := chi.URLParam(r, "username")
|
||||
var body struct{ Role string `json:"role"` }
|
||||
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
||||
jsonError(w, "invalid request body", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
var target models.User
|
||||
if found, _ := h.db.Where("username = ?", targetUsername).Get(&target); !found {
|
||||
jsonError(w, "user not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
var member models.WorkspaceMember
|
||||
if found, _ := h.db.Where("workspace_id = ? AND user_id = ?", ws.ID, target.ID).Get(&member); !found {
|
||||
jsonError(w, "member not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
// Cannot demote the last owner.
|
||||
if member.Role == models.WorkspaceRoleOwner && models.WorkspaceRole(body.Role) != models.WorkspaceRoleOwner {
|
||||
count, _ := h.db.Where("workspace_id = ? AND role = 'owner'", ws.ID).Count(&models.WorkspaceMember{})
|
||||
if count <= 1 {
|
||||
jsonError(w, "workspace must have at least one owner", http.StatusConflict)
|
||||
return
|
||||
}
|
||||
}
|
||||
member.Role = models.WorkspaceRole(body.Role)
|
||||
h.db.ID(member.ID).Cols("role").Update(&member) //nolint:errcheck
|
||||
jsonOK(w, member)
|
||||
}
|
||||
|
||||
func (h *WorkspaceHandler) RemoveMember(w http.ResponseWriter, r *http.Request) {
|
||||
ws, myRole, ok := h.resolveWorkspace(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
callerID, _ := middleware.UserIDFromContext(r.Context())
|
||||
targetUsername := chi.URLParam(r, "username")
|
||||
|
||||
var target models.User
|
||||
if found, _ := h.db.Where("username = ?", targetUsername).Get(&target); !found {
|
||||
jsonError(w, "user not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
// Members can remove themselves; admins/owners can remove others.
|
||||
if target.ID != callerID {
|
||||
if myRole != string(models.WorkspaceRoleOwner) && myRole != string(models.WorkspaceRoleAdmin) {
|
||||
jsonError(w, "admin or owner required", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
var member models.WorkspaceMember
|
||||
if found, _ := h.db.Where("workspace_id = ? AND user_id = ?", ws.ID, target.ID).Get(&member); !found {
|
||||
jsonError(w, "member not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
if member.Role == models.WorkspaceRoleOwner {
|
||||
count, _ := h.db.Where("workspace_id = ? AND role = 'owner'", ws.ID).Count(&models.WorkspaceMember{})
|
||||
if count <= 1 {
|
||||
jsonError(w, "cannot remove the last owner", http.StatusConflict)
|
||||
return
|
||||
}
|
||||
}
|
||||
h.db.ID(member.ID).Delete(&models.WorkspaceMember{}) //nolint:errcheck
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
// ── Helpers ───────────────────────────────────────────────────────────────────
|
||||
|
||||
func (h *WorkspaceHandler) resolveWorkspace(w http.ResponseWriter, r *http.Request) (*models.Workspace, string, bool) {
|
||||
handle := chi.URLParam(r, "handle")
|
||||
var ws models.Workspace
|
||||
if found, _ := h.db.Where("handle = ?", handle).Get(&ws); !found {
|
||||
jsonError(w, "workspace not found", http.StatusNotFound)
|
||||
return nil, "", false
|
||||
}
|
||||
userID, _ := middleware.UserIDFromContext(r.Context())
|
||||
var member models.WorkspaceMember
|
||||
myRole := ""
|
||||
if found, _ := h.db.Where("workspace_id = ? AND user_id = ?", ws.ID, userID).Get(&member); found {
|
||||
myRole = string(member.Role)
|
||||
}
|
||||
return &ws, myRole, true
|
||||
}
|
||||
|
||||
// diskPathForWorkspaceRepo returns the on-disk bare repo path for workspace-owned repos.
|
||||
func diskPathForWorkspaceRepo(repoRoot string, workspaceID int64, repoName string) string {
|
||||
return filepath.Join(repoRoot, "ws_"+strconv.FormatInt(workspaceID, 10), repoName+".git")
|
||||
}
|
||||
|
||||
func isValidHandle(h string) bool {
|
||||
if len(h) == 0 || len(h) > 64 {
|
||||
return false
|
||||
}
|
||||
for _, c := range h {
|
||||
if !((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') ||
|
||||
(c >= '0' && c <= '9') || c == '-' || c == '_') {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
@@ -60,6 +60,8 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, bus even
|
||||
runnerH := handlers.NewRunnerHandler(engine)
|
||||
envH := handlers.NewEnvironmentHandler(engine, bus)
|
||||
timelineH := handlers.NewTimelineHandler(engine, cfg.RepoRoot)
|
||||
workspaceH := handlers.NewWorkspaceHandler(engine, cfg)
|
||||
secretH := handlers.NewSecretHandler(engine, cfg.SessionSecret)
|
||||
|
||||
// ── Git smart-HTTP transport ───────────────────────────────────────────────
|
||||
// Regex constraint ensures only *.git paths match, so asset/SPA URLs
|
||||
@@ -108,6 +110,30 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, bus even
|
||||
r.Get("/audit", auditH.List)
|
||||
r.Get("/pipelines/runs", pipeH.ListRecentRuns)
|
||||
|
||||
// Workspace routes
|
||||
r.Get("/workspaces", workspaceH.ListWorkspaces)
|
||||
r.With(csrf).Post("/workspaces", workspaceH.CreateWorkspace)
|
||||
r.Route("/workspaces/{handle}", func(r chi.Router) {
|
||||
r.Get("/", workspaceH.GetWorkspace)
|
||||
r.With(csrf).Patch("/", workspaceH.UpdateWorkspace)
|
||||
r.With(csrf).Delete("/", workspaceH.DeleteWorkspace)
|
||||
r.Get("/repos", workspaceH.ListRepos)
|
||||
r.Route("/members", func(r chi.Router) {
|
||||
r.Get("/", workspaceH.ListMembers)
|
||||
r.With(csrf).Post("/", workspaceH.AddMember)
|
||||
r.With(csrf).Patch("/{username}", workspaceH.UpdateMember)
|
||||
r.With(csrf).Delete("/{username}", workspaceH.RemoveMember)
|
||||
})
|
||||
r.Get("/secrets", secretH.ListWorkspaceSecrets)
|
||||
r.With(csrf).Post("/secrets", secretH.UpsertWorkspaceSecret)
|
||||
r.With(csrf).Delete("/secrets/{name}", secretH.DeleteWorkspaceSecret)
|
||||
})
|
||||
|
||||
// Global secrets (admin)
|
||||
r.Get("/admin/secrets", secretH.ListGlobalSecrets)
|
||||
r.With(csrf).Post("/admin/secrets", secretH.UpsertGlobalSecret)
|
||||
r.With(csrf).Delete("/admin/secrets/{name}", secretH.DeleteGlobalSecret)
|
||||
|
||||
r.Route("/admin", func(r chi.Router) {
|
||||
r.Get("/runners", runnerH.List)
|
||||
r.With(csrf).Post("/runners/register", runnerH.Register)
|
||||
@@ -208,6 +234,9 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, bus even
|
||||
r.Get("/excluded-files", prSettingsH.GetExcludedFiles)
|
||||
r.With(csrf).Put("/excluded-files", prSettingsH.UpdateExcludedFiles)
|
||||
r.Get("/timeline", timelineH.GetTimeline)
|
||||
r.Get("/secrets", secretH.ListRepoSecrets)
|
||||
r.With(csrf).Post("/secrets", secretH.UpsertRepoSecret)
|
||||
r.With(csrf).Delete("/secrets/{name}", secretH.DeleteRepoSecret)
|
||||
r.Get("/lfs-settings", lfsH.Get)
|
||||
r.With(csrf).Put("/lfs-settings", lfsH.Update)
|
||||
r.Route("/environments", func(r chi.Router) {
|
||||
@@ -222,6 +251,9 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, bus even
|
||||
r.With(csrf).Post("/", envH.CreateDeployment)
|
||||
r.With(csrf).Patch("/{deployID}/status", envH.UpdateDeploymentStatus)
|
||||
})
|
||||
r.Get("/secrets", secretH.ListEnvSecrets)
|
||||
r.With(csrf).Post("/secrets", secretH.UpsertEnvSecret)
|
||||
r.With(csrf).Delete("/secrets/{name}", secretH.DeleteEnvSecret)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
@@ -18,10 +18,11 @@ import (
|
||||
|
||||
// JobContext holds everything needed to execute a single pipeline job.
|
||||
type JobContext struct {
|
||||
Run models.PipelineRun
|
||||
Job models.PipelineJob
|
||||
Steps []models.PipelineStep
|
||||
Repo models.Repository
|
||||
Run models.PipelineRun
|
||||
Job models.PipelineJob
|
||||
Steps []models.PipelineStep
|
||||
Repo models.Repository
|
||||
Secrets map[string]string // resolved secret key→value map (Env > Repo > Workspace > Global)
|
||||
}
|
||||
|
||||
// ExecuteJob runs all steps of a job inside isolated Docker containers,
|
||||
@@ -60,7 +61,7 @@ func ExecuteJob(ctx context.Context, db *xorm.Engine, bus events.EventBus, jc Jo
|
||||
markStep(db, step, "skipped", 0)
|
||||
continue
|
||||
}
|
||||
exitCode, err := runStep(ctx, db, bus, jc.Run.ID, jc.Job.ID, step, image, workDir)
|
||||
exitCode, err := runStep(ctx, db, bus, jc.Run.ID, jc.Job.ID, step, image, workDir, jc.Secrets)
|
||||
if err != nil || exitCode != 0 {
|
||||
if exitCode == 0 {
|
||||
exitCode = 1
|
||||
@@ -83,20 +84,26 @@ func ExecuteJob(ctx context.Context, db *xorm.Engine, bus events.EventBus, jc Jo
|
||||
|
||||
// runStep runs a single shell-command step inside a Docker container.
|
||||
func runStep(ctx context.Context, db *xorm.Engine, bus events.EventBus,
|
||||
runID, jobID int64, step *models.PipelineStep, image, workDir string) (int, error) {
|
||||
runID, jobID int64, step *models.PipelineStep, image, workDir string,
|
||||
secrets map[string]string) (int, error) {
|
||||
|
||||
now := time.Now().UTC()
|
||||
step.Status = "running"
|
||||
step.StartedAt = &now
|
||||
db.ID(step.ID).Cols("status", "started_at").Update(step) //nolint:errcheck
|
||||
|
||||
cmd := exec.CommandContext(ctx, "docker", "run", "--rm",
|
||||
"-v", workDir+":/workspace",
|
||||
// Build docker args: base flags + one --env per secret.
|
||||
args := []string{"run", "--rm",
|
||||
"-v", workDir + ":/workspace",
|
||||
"-w", "/workspace",
|
||||
"--network=none", // no network by default; Phase 2C will add network scopes
|
||||
image,
|
||||
"/bin/sh", "-ec", step.RunCmd,
|
||||
)
|
||||
"--network=none",
|
||||
}
|
||||
for k, v := range secrets {
|
||||
args = append(args, "--env", k+"="+v)
|
||||
}
|
||||
args = append(args, image, "/bin/sh", "-ec", step.RunCmd)
|
||||
|
||||
cmd := exec.CommandContext(ctx, "docker", args...)
|
||||
|
||||
stdout, err := cmd.StdoutPipe()
|
||||
if err != nil {
|
||||
@@ -235,8 +242,9 @@ func repoForRun(db *xorm.Engine, runID int64) (models.Repository, models.Pipelin
|
||||
return repo, run, true
|
||||
}
|
||||
|
||||
// buildJobContext assembles a JobContext from DB rows.
|
||||
func buildJobContext(db *xorm.Engine, jobID int64) (JobContext, bool) {
|
||||
// buildJobContext assembles a JobContext from DB rows and resolves the secret
|
||||
// hierarchy (Env > Repo > Workspace > Global) for injection into docker run.
|
||||
func buildJobContext(db *xorm.Engine, jobID int64, sessionSecret string) (JobContext, bool) {
|
||||
var job models.PipelineJob
|
||||
if found, _ := db.ID(jobID).Get(&job); !found {
|
||||
return JobContext{}, false
|
||||
@@ -249,7 +257,42 @@ func buildJobContext(db *xorm.Engine, jobID int64) (JobContext, bool) {
|
||||
if err != nil {
|
||||
return JobContext{}, false
|
||||
}
|
||||
return JobContext{Run: run, Job: job, Steps: steps, Repo: repo}, true
|
||||
|
||||
// Determine workspace ID (0 if user-owned repo).
|
||||
var wsID int64
|
||||
if repo.WorkspaceID != nil {
|
||||
wsID = *repo.WorkspaceID
|
||||
}
|
||||
|
||||
secrets := resolveSecrets(db, repo.ID, wsID, 0, sessionSecret)
|
||||
return JobContext{Run: run, Job: job, Steps: steps, Repo: repo, Secrets: secrets}, true
|
||||
}
|
||||
|
||||
// resolveSecrets builds a merged key→plaintext map respecting hierarchy:
|
||||
// Global < Workspace < Repo < Env (last writer wins per key).
|
||||
func resolveSecrets(db *xorm.Engine, repoID, workspaceID, envID int64, sessionSecret string) map[string]string {
|
||||
out := map[string]string{}
|
||||
|
||||
load := func(scope models.SecretScope, scopeID int64) {
|
||||
var secrets []models.Secret
|
||||
db.Where("scope = ? AND scope_id = ?", scope, scopeID).Find(&secrets)
|
||||
for _, s := range secrets {
|
||||
// Higher-priority scopes loaded later — simply overwrite.
|
||||
if pt, err := models.DecryptSecret(s.EncryptedValue, sessionSecret); err == nil {
|
||||
out[s.Name] = pt
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
load(models.SecretScopeGlobal, 0)
|
||||
if workspaceID != 0 {
|
||||
load(models.SecretScopeWorkspace, workspaceID)
|
||||
}
|
||||
load(models.SecretScopeRepo, repoID)
|
||||
if envID != 0 {
|
||||
load(models.SecretScopeEnv, envID)
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
// pipeForRun returns the longest-matching step label for an image.
|
||||
|
||||
@@ -50,7 +50,7 @@ func (m *RunnerManager) Start(ctx context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
jc, ok := buildJobContext(m.db, evt.JobID)
|
||||
jc, ok := buildJobContext(m.db, evt.JobID, m.cfg.SessionSecret)
|
||||
if !ok {
|
||||
log.Printf("runner: could not build job context for job %d", evt.JobID)
|
||||
return
|
||||
|
||||
@@ -40,5 +40,11 @@ func Run(engine *xorm.Engine) error {
|
||||
if err := Run009(engine); err != nil {
|
||||
return err
|
||||
}
|
||||
return Run010(engine)
|
||||
if err := Run010(engine); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := Run011(engine); err != nil {
|
||||
return err
|
||||
}
|
||||
return Run012(engine)
|
||||
}
|
||||
|
||||
@@ -0,0 +1,20 @@
|
||||
package migrations
|
||||
|
||||
import (
|
||||
"github.com/forgeo/forgebucket/internal/models"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
// Run011 adds the workspace and workspace_member tables and adds the nullable
|
||||
// workspace_id column to the repository table to support workspace-owned repos.
|
||||
func Run011(engine *xorm.Engine) error {
|
||||
if err := engine.Sync2(
|
||||
&models.Workspace{},
|
||||
&models.WorkspaceMember{},
|
||||
); err != nil {
|
||||
return err
|
||||
}
|
||||
// Sync2 on Repository will add the new workspace_id column to existing rows
|
||||
// (default NULL, meaning existing repos remain user-owned).
|
||||
return engine.Sync2(&models.Repository{})
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
package migrations
|
||||
|
||||
import (
|
||||
"github.com/forgeo/forgebucket/internal/models"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
func Run012(engine *xorm.Engine) error {
|
||||
return engine.Sync2(&models.Secret{})
|
||||
}
|
||||
@@ -3,13 +3,14 @@ package models
|
||||
import "time"
|
||||
|
||||
type Repository struct {
|
||||
ID int64 `xorm:"'id' pk autoincr" json:"id"`
|
||||
OwnerID int64 `xorm:"'owner_id' notnull index" json:"ownerId"`
|
||||
Name string `xorm:"'name' notnull varchar(100)" json:"name"`
|
||||
Description string `xorm:"'description' varchar(500)" json:"description"`
|
||||
IsPrivate bool `xorm:"'is_private' default false" json:"isPrivate"`
|
||||
ID int64 `xorm:"'id' pk autoincr" json:"id"`
|
||||
OwnerID int64 `xorm:"'owner_id' index" json:"ownerId"` // user ID; 0 when workspace-owned
|
||||
WorkspaceID *int64 `xorm:"'workspace_id' index" json:"workspaceId"` // set when workspace-owned
|
||||
Name string `xorm:"'name' notnull varchar(100)" json:"name"`
|
||||
Description string `xorm:"'description' varchar(500)" json:"description"`
|
||||
IsPrivate bool `xorm:"'is_private' default false" json:"isPrivate"`
|
||||
DefaultBranch string `xorm:"'default_branch' default 'main' varchar(255)" json:"defaultBranch"`
|
||||
DiskPath string `xorm:"'disk_path' notnull" json:"-"`
|
||||
CreatedAt time.Time `xorm:"'created_at' created" json:"createdAt"`
|
||||
UpdatedAt time.Time `xorm:"'updated_at' updated" json:"updatedAt"`
|
||||
DiskPath string `xorm:"'disk_path' notnull" json:"-"`
|
||||
CreatedAt time.Time `xorm:"'created_at' created" json:"createdAt"`
|
||||
UpdatedAt time.Time `xorm:"'updated_at' updated" json:"updatedAt"`
|
||||
}
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
package models
|
||||
|
||||
import (
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"time"
|
||||
)
|
||||
|
||||
// SecretScope controls which resources a secret is visible to.
|
||||
type SecretScope string
|
||||
|
||||
const (
|
||||
SecretScopeGlobal SecretScope = "global" // admin-only; available to all repos
|
||||
SecretScopeWorkspace SecretScope = "workspace" // available to all repos in a workspace
|
||||
SecretScopeRepo SecretScope = "repo" // specific repository
|
||||
SecretScopeEnv SecretScope = "env" // specific environment (highest priority)
|
||||
)
|
||||
|
||||
// Secret stores an AES-256-GCM encrypted key/value pair.
|
||||
// Values are write-only: the API never returns the plaintext after creation.
|
||||
// Uniqueness: (scope, scope_id, name) must be unique.
|
||||
type Secret struct {
|
||||
ID int64 `xorm:"'id' pk autoincr" json:"id"`
|
||||
Scope SecretScope `xorm:"'scope' varchar(20) notnull" json:"scope"`
|
||||
ScopeID int64 `xorm:"'scope_id'" json:"scopeId"` // 0 for global
|
||||
Name string `xorm:"'name' varchar(255) notnull" json:"name"`
|
||||
EncryptedValue string `xorm:"'encrypted_value' text notnull" json:"-"` // never serialised
|
||||
CreatedAt time.Time `xorm:"'created_at' created" json:"createdAt"`
|
||||
UpdatedAt time.Time `xorm:"'updated_at' updated" json:"updatedAt"`
|
||||
}
|
||||
|
||||
// ── Encryption helpers ────────────────────────────────────────────────────────
|
||||
|
||||
// deriveKey produces a 32-byte AES key from the session secret via SHA-256.
|
||||
func deriveKey(sessionSecret string) []byte {
|
||||
h := sha256.Sum256([]byte(sessionSecret))
|
||||
return h[:]
|
||||
}
|
||||
|
||||
// EncryptSecret encrypts plaintext with AES-256-GCM and returns a base64 string
|
||||
// of the form: base64(nonce || ciphertext).
|
||||
func EncryptSecret(plaintext, sessionSecret string) (string, error) {
|
||||
key := deriveKey(sessionSecret)
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("aes cipher: %w", err)
|
||||
}
|
||||
gcm, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("gcm: %w", err)
|
||||
}
|
||||
nonce := make([]byte, gcm.NonceSize())
|
||||
if _, err := rand.Read(nonce); err != nil {
|
||||
return "", fmt.Errorf("nonce: %w", err)
|
||||
}
|
||||
sealed := gcm.Seal(nonce, nonce, []byte(plaintext), nil)
|
||||
return base64.StdEncoding.EncodeToString(sealed), nil
|
||||
}
|
||||
|
||||
// DecryptSecret reverses EncryptSecret.
|
||||
func DecryptSecret(encrypted, sessionSecret string) (string, error) {
|
||||
data, err := base64.StdEncoding.DecodeString(encrypted)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("base64: %w", err)
|
||||
}
|
||||
key := deriveKey(sessionSecret)
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("aes cipher: %w", err)
|
||||
}
|
||||
gcm, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("gcm: %w", err)
|
||||
}
|
||||
if len(data) < gcm.NonceSize() {
|
||||
return "", fmt.Errorf("ciphertext too short")
|
||||
}
|
||||
nonce, ct := data[:gcm.NonceSize()], data[gcm.NonceSize():]
|
||||
pt, err := gcm.Open(nil, nonce, ct, nil)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("decrypt: %w", err)
|
||||
}
|
||||
return string(pt), nil
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
package models
|
||||
|
||||
import "time"
|
||||
|
||||
// WorkspaceRole controls what a member can do inside a workspace.
|
||||
type WorkspaceRole string
|
||||
|
||||
const (
|
||||
WorkspaceRoleOwner WorkspaceRole = "owner"
|
||||
WorkspaceRoleAdmin WorkspaceRole = "admin"
|
||||
WorkspaceRoleMember WorkspaceRole = "member"
|
||||
)
|
||||
|
||||
// Workspace is a named collaborative namespace that can own repositories.
|
||||
// Its handle must be globally unique across all usernames and workspace handles
|
||||
// so that /{owner}/{repo} URLs remain unambiguous.
|
||||
type Workspace struct {
|
||||
ID int64 `xorm:"'id' pk autoincr" json:"id"`
|
||||
Handle string `xorm:"'handle' unique notnull varchar(64)" json:"handle"`
|
||||
DisplayName string `xorm:"'display_name' varchar(255)" json:"displayName"`
|
||||
Description string `xorm:"'description' text" json:"description"`
|
||||
AvatarURL string `xorm:"'avatar_url' varchar(500)" json:"avatarUrl"`
|
||||
CreatedBy int64 `xorm:"'created_by' notnull" json:"createdBy"`
|
||||
CreatedAt time.Time `xorm:"'created_at' created" json:"createdAt"`
|
||||
UpdatedAt time.Time `xorm:"'updated_at' updated" json:"updatedAt"`
|
||||
}
|
||||
|
||||
// WorkspaceMember links a User to a Workspace with a role.
|
||||
type WorkspaceMember struct {
|
||||
ID int64 `xorm:"'id' pk autoincr" json:"id"`
|
||||
WorkspaceID int64 `xorm:"'workspace_id' notnull index" json:"workspaceId"`
|
||||
UserID int64 `xorm:"'user_id' notnull index" json:"userId"`
|
||||
Username string `xorm:"'username' varchar(64)" json:"username"`
|
||||
Role WorkspaceRole `xorm:"'role' varchar(20)" json:"role"`
|
||||
AddedAt time.Time `xorm:"'added_at' created" json:"addedAt"`
|
||||
}
|
||||
Reference in New Issue
Block a user