Skip to content

Commit b580691

Browse files
hunjixinhunjixin
authored
Feat/support rbac (#129)
* feat: init * add rbac_role.drawio * feat: add basic design * 更新rbac_role.drawio * feat: add permission check * feat: support api and integration test * chore: make lint happy * docs: add rbac and auth docs * chore: make lint happy * 更新rbac_role.drawio
1 parent e574542 commit b580691

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

79 files changed

+9363
-3875
lines changed

api/api_impl/impl.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,4 +20,7 @@ type APIController struct {
2020
controller.BranchController
2121
controller.MergeRequestController
2222
controller.AkSkController
23+
24+
controller.GroupController
25+
controller.MemberController
2326
}

api/jiaozifs.gen.go

Lines changed: 4351 additions & 3310 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/swagger.yml

Lines changed: 223 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -144,6 +144,59 @@ components:
144144
description: true if the comm prefs are missing.
145145
login_config:
146146
$ref: "#/components/schemas/LoginConfig"
147+
Group:
148+
type: object
149+
required:
150+
- id
151+
- name
152+
- policies
153+
- created_at
154+
- updated_at
155+
properties:
156+
id:
157+
type: string
158+
format: uuid
159+
name:
160+
type: string
161+
policies:
162+
type: array
163+
items:
164+
type: string
165+
format: uuid
166+
created_at:
167+
type: integer
168+
format: int64
169+
updated_at:
170+
type: integer
171+
format: int64
172+
Member:
173+
type: object
174+
required:
175+
- id
176+
- user_id
177+
- group_id
178+
- repo_id
179+
- created_at
180+
- updated_at
181+
properties:
182+
id:
183+
type: string
184+
format: uuid
185+
user_id:
186+
type: string
187+
format: uuid
188+
repo_id:
189+
type: string
190+
format: uuid
191+
group_id:
192+
type: string
193+
format: uuid
194+
created_at:
195+
type: integer
196+
format: int64
197+
updated_at:
198+
type: integer
199+
format: int64
147200
AkskList:
148201
type: object
149202
required:
@@ -1702,7 +1755,7 @@ paths:
17021755
403:
17031756
description: Forbidden
17041757

1705-
/mergerequest/{owner}/{repository}:
1758+
/repos/{owner}/{repository}/mergerequest:
17061759
parameters:
17071760
- in: path
17081761
name: owner
@@ -1770,7 +1823,7 @@ paths:
17701823
500:
17711824
description: Internal Server Error
17721825

1773-
/mergerequest/{owner}/{repository}/{mrSeq}/merge:
1826+
/repos/{owner}/{repository}/mergerequest/{mrSeq}/merge:
17741827
parameters:
17751828
- in: path
17761829
name: owner
@@ -1816,7 +1869,8 @@ paths:
18161869
description: Too many requests
18171870
500:
18181871
description: Internal Server Error
1819-
/mergequest/{owner}/{repository}/{mrSeq}:
1872+
1873+
/repos/{owner}/{repository}/mergerequest/{mrSeq}:
18201874
parameters:
18211875
- in: path
18221876
name: owner
@@ -1877,6 +1931,147 @@ paths:
18771931
500:
18781932
description: Internal Server Error
18791933

1934+
/repos/{owner}/{repository}/members:
1935+
parameters:
1936+
- in: path
1937+
name: owner
1938+
required: true
1939+
schema:
1940+
type: string
1941+
- in: path
1942+
name: repository
1943+
required: true
1944+
schema:
1945+
type: string
1946+
get:
1947+
tags:
1948+
- listMembers
1949+
operationId: listMembers
1950+
summary: get list of members in repository
1951+
responses:
1952+
200:
1953+
description: array of member
1954+
content:
1955+
application/json:
1956+
schema:
1957+
type: array
1958+
items:
1959+
$ref: "#/components/schemas/Member"
1960+
401:
1961+
description: Unauthorized
1962+
404:
1963+
description: Resource Not Found
1964+
420:
1965+
description: Too many requests
1966+
500:
1967+
description: Internal Server Error
1968+
1969+
/repos/{owner}/{repository}/member:
1970+
parameters:
1971+
- in: path
1972+
name: owner
1973+
required: true
1974+
schema:
1975+
type: string
1976+
- in: path
1977+
name: repository
1978+
required: true
1979+
schema:
1980+
type: string
1981+
post:
1982+
tags:
1983+
- member
1984+
operationId: updateMemberGroup
1985+
summary: update member by user id and change group role
1986+
parameters:
1987+
- in: query
1988+
name: user_id
1989+
required: true
1990+
schema:
1991+
type: string
1992+
format: uuid
1993+
- in: query
1994+
name: group_id
1995+
required: true
1996+
schema:
1997+
type: string
1998+
format: uuid
1999+
responses:
2000+
200:
2001+
description: Update member group success
2002+
401:
2003+
description: Unauthorized
2004+
404:
2005+
description: Resource Not Found
2006+
420:
2007+
description: Too many requests
2008+
500:
2009+
description: Internal Server Error
2010+
delete:
2011+
tags:
2012+
- member
2013+
operationId: revokeMember
2014+
summary: Revoke member in repository
2015+
parameters:
2016+
- in: query
2017+
name: user_id
2018+
required: true
2019+
schema:
2020+
type: string
2021+
format: uuid
2022+
responses:
2023+
200:
2024+
description: revoke member success
2025+
401:
2026+
description: Unauthorized
2027+
404:
2028+
description: Resource Not Found
2029+
420:
2030+
description: Too many requests
2031+
500:
2032+
description: Internal Server Error
2033+
/repos/{owner}/{repository}/member/invite:
2034+
parameters:
2035+
- in: path
2036+
name: owner
2037+
required: true
2038+
schema:
2039+
type: string
2040+
- in: path
2041+
name: repository
2042+
required: true
2043+
schema:
2044+
type: string
2045+
post:
2046+
tags:
2047+
- member
2048+
operationId: inviteMember
2049+
summary: invite member
2050+
parameters:
2051+
- in: query
2052+
name: user_id
2053+
required: true
2054+
schema:
2055+
type: string
2056+
format: uuid
2057+
- in: query
2058+
name: group_id
2059+
required: true
2060+
schema:
2061+
type: string
2062+
format: uuid
2063+
responses:
2064+
200:
2065+
description: Invite member success
2066+
401:
2067+
description: Unauthorized
2068+
404:
2069+
description: Resource Not Found
2070+
420:
2071+
description: Too many requests
2072+
500:
2073+
description: Internal Server Error
2074+
18802075
/users/{owner}/repos:
18812076
parameters:
18822077
- in: path
@@ -1907,6 +2102,27 @@ paths:
19072102
403:
19082103
description: Forbidden
19092104

2105+
/groups/repo:
2106+
get:
2107+
tags:
2108+
- group
2109+
operationId: listRepoGroup
2110+
summary: list groups for repo
2111+
responses:
2112+
200:
2113+
description: list repo's group
2114+
content:
2115+
application/json:
2116+
schema:
2117+
type: array
2118+
items:
2119+
$ref: "#/components/schemas/Group"
2120+
400:
2121+
description: ValidationError
2122+
401:
2123+
description: Unauthorized
2124+
403:
2125+
description: Forbidden
19102126
/users/repos: # 必须授权
19112127
get:
19122128
tags:
@@ -2154,6 +2370,10 @@ paths:
21542370
responses:
21552371
201:
21562372
description: registration success
2373+
content:
2374+
application/json:
2375+
schema:
2376+
$ref: "#/components/schemas/UserInfo"
21572377
400:
21582378
description: Bad Request - Validation Error
21592379
420:

auth/auth_middleware.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ import (
77
"net/http"
88
"strings"
99

10+
logging "github.com/ipfs/go-log/v2"
11+
1012
"github.com/jiaozifs/jiaozifs/utils"
1113

1214
"github.com/jiaozifs/jiaozifs/auth/aksk"
@@ -27,6 +29,7 @@ const (
2729
IDTokenClaimsSessionKey = "id_token_claims"
2830
)
2931

32+
var log = logging.Logger("auth")
3033
var (
3134
ErrFailedToAccessStorage = errors.New("failed to access storage")
3235
ErrAuthenticatingRequest = errors.New("error authenticating request")

auth/basic_auth.go

Lines changed: 0 additions & 61 deletions
This file was deleted.

0 commit comments

Comments
 (0)