mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35953 Commits
59 Branches
Tree: 29994d2a4f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '29994d2a4f'
${ noResults }
sonarqube/server/sonar-alm-client/src/main/java/org/sonar/alm/client/gitlab/GitlabApplicationClient.java

GitlabApplicationClient.java 16KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2024 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.alm.client.gitlab;

  21. 

  22. import com.google.gson.Gson;

  23. import com.google.gson.GsonBuilder;

  24. import com.google.gson.JsonParseException;

  25. import com.google.gson.JsonSyntaxException;

  26. import com.google.gson.reflect.TypeToken;

  27. import java.io.IOException;

  28. import java.io.UnsupportedEncodingException;

  29. import java.lang.reflect.Type;

  30. import java.net.URLEncoder;

  31. import java.util.Arrays;

  32. import java.util.List;

  33. import java.util.Optional;

  34. import java.util.Set;

  35. import java.util.function.Function;

  36. import javax.annotation.Nullable;

  37. import okhttp3.Headers;

  38. import okhttp3.OkHttpClient;

  39. import okhttp3.Request;

  40. import okhttp3.RequestBody;

  41. import okhttp3.Response;

  42. import org.apache.logging.log4j.util.Strings;

  43. import org.slf4j.Logger;

  44. import org.slf4j.LoggerFactory;

  45. import org.sonar.alm.client.TimeoutConfiguration;

  46. import org.sonar.api.server.ServerSide;

  47. import org.sonar.auth.gitlab.GsonGroup;

  48. import org.sonar.auth.gitlab.GsonUser;

  49. import org.sonarqube.ws.MediaTypes;

  50. import org.sonarqube.ws.client.OkHttpClientBuilder;

  51. 

  52. import static java.lang.String.format;

  53. import static java.net.HttpURLConnection.HTTP_FORBIDDEN;

  54. import static java.net.HttpURLConnection.HTTP_UNAUTHORIZED;

  55. import static java.nio.charset.StandardCharsets.UTF_8;

  56. 

  57. @ServerSide

  58. public class GitlabApplicationClient {

  59.   private static final Logger LOG = LoggerFactory.getLogger(GitlabApplicationClient.class);

  60.   private static final Gson GSON = new Gson();

  61.   private static final TypeToken<List<GsonGroup>> GITLAB_GROUP = new TypeToken<>() {

  62.   };

  63.   private static final TypeToken<List<GsonUser>> GITLAB_USER = new TypeToken<>() {

  64.   };

  65. 

  66.   protected static final String PRIVATE_TOKEN = "Private-Token";

  67.   private static final String GITLAB_GROUPS_MEMBERS_ENDPOINT = "/groups/%s/members";

  68.   protected final OkHttpClient client;

  69. 

  70.   private final GitlabPaginatedHttpClient gitlabPaginatedHttpClient;

  71. 

  72.   public GitlabApplicationClient(GitlabPaginatedHttpClient gitlabPaginatedHttpClient, TimeoutConfiguration timeoutConfiguration) {

  73.     this.gitlabPaginatedHttpClient = gitlabPaginatedHttpClient;

  74.     client = new OkHttpClientBuilder()

  75.       .setConnectTimeoutMs(timeoutConfiguration.getConnectTimeout())

  76.       .setReadTimeoutMs(timeoutConfiguration.getReadTimeout())

  77.       .setFollowRedirects(false)

  78.       .build();

  79.   }

  80. 

  81.   public void checkReadPermission(@Nullable String gitlabUrl, @Nullable String personalAccessToken) {

  82.     checkProjectAccess(gitlabUrl, personalAccessToken, "Could not validate GitLab read permission. Got an unexpected answer.");

  83.   }

  84. 

  85.   public void checkUrl(@Nullable String gitlabUrl) {

  86.     checkProjectAccess(gitlabUrl, null, "Could not validate GitLab url. Got an unexpected answer.");

  87.   }

  88. 

  89.   private void checkProjectAccess(@Nullable String gitlabUrl, @Nullable String personalAccessToken, String errorMessage) {

  90.     String url = format("%s/projects", gitlabUrl);

  91. 

  92.     LOG.debug("get projects : [{}]", url);

  93.     Request.Builder builder = new Request.Builder()

  94.       .url(url)

  95.       .get();

  96. 

  97.     if (personalAccessToken != null) {

  98.       builder.addHeader(PRIVATE_TOKEN, personalAccessToken);

  99.     }

  100. 

  101.     Request request = builder.build();

  102. 

  103.     try (Response response = client.newCall(request).execute()) {

  104.       checkResponseIsSuccessful(response, errorMessage);

  105.       Project.parseJsonArray(response.body().string());

  106.     } catch (JsonSyntaxException e) {

  107.       throw new IllegalArgumentException("Could not parse GitLab answer to verify read permission. Got a non-json payload as result.");

  108.     } catch (IOException e) {

  109.       logException(url, e);

  110.       throw new IllegalArgumentException(errorMessage);

  111.     }

  112.   }

  113. 

  114.   private static void logException(String url, IOException e) {

  115.     String errorMessage = format("Gitlab API call to [%s] failed with error message : [%s]", url, e.getMessage());

  116.     LOG.info(errorMessage, e);

  117.   }

  118. 

  119.   public void checkToken(String gitlabUrl, String personalAccessToken) {

  120.     String url = format("%s/user", gitlabUrl);

  121. 

  122.     LOG.debug("get current user : [{}]", url);

  123.     Request.Builder builder = new Request.Builder()

  124.       .addHeader(PRIVATE_TOKEN, personalAccessToken)

  125.       .url(url)

  126.       .get();

  127. 

  128.     Request request = builder.build();

  129. 

  130.     String errorMessage = "Could not validate GitLab token. Got an unexpected answer.";

  131.     try (Response response = client.newCall(request).execute()) {

  132.       checkResponseIsSuccessful(response, errorMessage);

  133.       GsonId.parseOne(response.body().string());

  134.     } catch (JsonSyntaxException e) {

  135.       throw new IllegalArgumentException("Could not parse GitLab answer to verify token. Got a non-json payload as result.");

  136.     } catch (IOException e) {

  137.       logException(url, e);

  138.       throw new IllegalArgumentException(errorMessage);

  139.     }

  140.   }

  141. 

  142.   public void checkWritePermission(String gitlabUrl, String personalAccessToken) {

  143.     String url = format("%s/markdown", gitlabUrl);

  144. 

  145.     LOG.debug("verify write permission by formating some markdown : [{}]", url);

  146.     Request.Builder builder = new Request.Builder()

  147.       .url(url)

  148.       .addHeader(PRIVATE_TOKEN, personalAccessToken)

  149.       .addHeader("Content-Type", MediaTypes.JSON)

  150.       .post(RequestBody.create("{\"text\":\"validating write permission\"}".getBytes(UTF_8)));

  151. 

  152.     Request request = builder.build();

  153. 

  154.     String errorMessage = "Could not validate GitLab write permission. Got an unexpected answer.";

  155.     try (Response response = client.newCall(request).execute()) {

  156.       checkResponseIsSuccessful(response, errorMessage);

  157.       GsonMarkdown.parseOne(response.body().string());

  158.     } catch (JsonSyntaxException e) {

  159.       throw new IllegalArgumentException("Could not parse GitLab answer to verify write permission. Got a non-json payload as result.");

  160.     } catch (IOException e) {

  161.       logException(url, e);

  162.       throw new IllegalArgumentException(errorMessage);

  163.     }

  164. 

  165.   }

  166. 

  167.   private static String urlEncode(String value) {

  168.     try {

  169.       return URLEncoder.encode(value, UTF_8.toString());

  170.     } catch (UnsupportedEncodingException ex) {

  171.       throw new IllegalStateException(ex.getCause());

  172.     }

  173.   }

  174. 

  175.   protected static void checkResponseIsSuccessful(Response response) throws IOException {

  176.     checkResponseIsSuccessful(response, "GitLab Merge Request did not happen, please check your configuration");

  177.   }

  178. 

  179.   protected static void checkResponseIsSuccessful(Response response, String errorMessage) throws IOException {

  180.     if (!response.isSuccessful()) {

  181.       String body = response.body().string();

  182.       LOG.error("Gitlab API call to [{}] failed with {} http code. gitlab response content : [{}]", response.request().url(), response.code(), body);

  183.       if (isTokenRevoked(response, body)) {

  184.         throw new GitlabServerException(response.code(), "Your GitLab token was revoked");

  185.       } else if (isTokenExpired(response, body)) {

  186.         throw new GitlabServerException(response.code(), "Your GitLab token is expired");

  187.       } else if (isInsufficientScope(response, body)) {

  188.         throw new GitlabServerException(response.code(), "Your GitLab token has insufficient scope");

  189.       } else if (response.code() == HTTP_UNAUTHORIZED) {

  190.         throw new GitlabServerException(response.code(), "Invalid personal access token");

  191.       } else if (response.isRedirect()) {

  192.         throw new GitlabServerException(response.code(), "Request was redirected, please provide the correct URL");

  193.       } else {

  194.         throw new GitlabServerException(response.code(), errorMessage);

  195.       }

  196.     }

  197.   }

  198. 

  199.   private static boolean isTokenRevoked(Response response, String body) {

  200.     if (response.code() == HTTP_UNAUTHORIZED) {

  201.       try {

  202.         Optional<GsonError> gitlabError = GsonError.parseOne(body);

  203.         return gitlabError.map(GsonError::getErrorDescription).map(description -> description.contains("Token was revoked")).orElse(false);

  204.       } catch (JsonParseException e) {

  205.         // nothing to do

  206.       }

  207.     }

  208.     return false;

  209.   }

  210. 

  211.   private static boolean isTokenExpired(Response response, String body) {

  212.     if (response.code() == HTTP_UNAUTHORIZED) {

  213.       try {

  214.         Optional<GsonError> gitlabError = GsonError.parseOne(body);

  215.         return gitlabError.map(GsonError::getErrorDescription).map(description -> description.contains("Token is expired")).orElse(false);

  216.       } catch (JsonParseException e) {

  217.         // nothing to do

  218.       }

  219.     }

  220.     return false;

  221.   }

  222. 

  223.   private static boolean isInsufficientScope(Response response, String body) {

  224.     if (response.code() == HTTP_FORBIDDEN) {

  225.       try {

  226.         Optional<GsonError> gitlabError = GsonError.parseOne(body);

  227.         return gitlabError.map(GsonError::getError).map("insufficient_scope"::equals).orElse(false);

  228.       } catch (JsonParseException e) {

  229.         // nothing to do

  230.       }

  231.     }

  232.     return false;

  233.   }

  234. 

  235.   public Project getProject(String gitlabUrl, String pat, Long gitlabProjectId) {

  236.     String url = format("%s/projects/%s", gitlabUrl, gitlabProjectId);

  237.     LOG.debug("get project : [{}]", url);

  238.     Request request = new Request.Builder()

  239.       .addHeader(PRIVATE_TOKEN, pat)

  240.       .get()

  241.       .url(url)

  242.       .build();

  243. 

  244.     try (Response response = client.newCall(request).execute()) {

  245.       checkResponseIsSuccessful(response);

  246.       String body = response.body().string();

  247.       LOG.trace("loading project payload result : [{}]", body);

  248.       return new GsonBuilder().create().fromJson(body, Project.class);

  249.     } catch (JsonSyntaxException e) {

  250.       throw new IllegalArgumentException("Could not parse GitLab answer to retrieve a project. Got a non-json payload as result.");

  251.     } catch (IOException e) {

  252.       logException(url, e);

  253.       throw new IllegalStateException(e.getMessage(), e);

  254.     }

  255.   }

  256. 

  257.   //

  258.   // This method is used to check if a user has REPORTER level access to the project, which is a requirement for PR decoration.

  259.   // As of June 9, 2021 there is no better way to do this check and still support GitLab 11.7.

  260.   //

  261.   public Optional<Project> getReporterLevelAccessProject(String gitlabUrl, String pat, Long gitlabProjectId) {

  262.     String url = format("%s/projects?min_access_level=20&id_after=%s&id_before=%s", gitlabUrl, gitlabProjectId - 1,

  263.       gitlabProjectId + 1);

  264.     LOG.debug("get project : [{}]", url);

  265.     Request request = new Request.Builder()

  266.       .addHeader(PRIVATE_TOKEN, pat)

  267.       .get()

  268.       .url(url)

  269.       .build();

  270. 

  271.     try (Response response = client.newCall(request).execute()) {

  272.       checkResponseIsSuccessful(response);

  273.       String body = response.body().string();

  274.       LOG.trace("loading project payload result : [{}]", body);

  275. 

  276.       List<Project> projects = Project.parseJsonArray(body);

  277.       if (projects.isEmpty()) {

  278.         return Optional.empty();

  279.       } else {

  280.         return Optional.of(projects.get(0));

  281.       }

  282.     } catch (JsonSyntaxException e) {

  283.       throw new IllegalArgumentException("Could not parse GitLab answer to retrieve a project. Got a non-json payload as result.");

  284.     } catch (IOException e) {

  285.       logException(url, e);

  286.       throw new IllegalStateException(e.getMessage(), e);

  287.     }

  288.   }

  289. 

  290.   public List<GitLabBranch> getBranches(String gitlabUrl, String pat, Long gitlabProjectId) {

  291.     String url = format("%s/projects/%s/repository/branches", gitlabUrl, gitlabProjectId);

  292.     LOG.debug("get branches : [{}]", url);

  293.     Request request = new Request.Builder()

  294.       .addHeader(PRIVATE_TOKEN, pat)

  295.       .get()

  296.       .url(url)

  297.       .build();

  298. 

  299.     try (Response response = client.newCall(request).execute()) {

  300.       checkResponseIsSuccessful(response);

  301.       String body = response.body().string();

  302.       LOG.trace("loading branches payload result : [{}]", body);

  303.       return Arrays.asList(new GsonBuilder().create().fromJson(body, GitLabBranch[].class));

  304.     } catch (JsonSyntaxException e) {

  305.       throw new IllegalArgumentException("Could not parse GitLab answer to retrieve project branches. Got a non-json payload as result.");

  306.     } catch (IOException e) {

  307.       logException(url, e);

  308.       throw new IllegalStateException(e.getMessage(), e);

  309.     }

  310.   }

  311. 

  312.   public ProjectList searchProjects(String gitlabUrl, String personalAccessToken, @Nullable String projectName,

  313.     @Nullable Integer pageNumber, @Nullable Integer pageSize) {

  314.     String url = format("%s/projects?archived=false&simple=true&membership=true&order_by=name&sort=asc&search=%s%s%s",

  315.       gitlabUrl,

  316.       projectName == null ? "" : urlEncode(projectName),

  317.       pageNumber == null ? "" : format("&page=%d", pageNumber),

  318.       pageSize == null ? "" : format("&per_page=%d", pageSize)

  319.     );

  320. 

  321.     LOG.debug("get projects : [{}]", url);

  322.     Request request = new Request.Builder()

  323.       .addHeader(PRIVATE_TOKEN, personalAccessToken)

  324.       .url(url)

  325.       .get()

  326.       .build();

  327. 

  328.     try (Response response = client.newCall(request).execute()) {

  329.       Headers headers = response.headers();

  330.       checkResponseIsSuccessful(response, "Could not get projects from GitLab instance");

  331.       List<Project> projectList = Project.parseJsonArray(response.body().string());

  332.       int returnedPageNumber = parseAndGetIntegerHeader(headers.get("X-Page"));

  333.       int returnedPageSize = parseAndGetIntegerHeader(headers.get("X-Per-Page"));

  334.       String xtotal = headers.get("X-Total");

  335.       Integer totalProjects = Strings.isEmpty(xtotal) ? null : parseAndGetIntegerHeader(xtotal);

  336.       return new ProjectList(projectList, returnedPageNumber, returnedPageSize, totalProjects);

  337.     } catch (JsonSyntaxException e) {

  338.       throw new IllegalArgumentException("Could not parse GitLab answer to search projects. Got a non-json payload as result.");

  339.     } catch (IOException e) {

  340.       logException(url, e);

  341.       throw new IllegalStateException(e.getMessage(), e);

  342.     }

  343.   }

  344. 

  345.   private static int parseAndGetIntegerHeader(@Nullable String header) {

  346.     if (header == null) {

  347.       throw new IllegalArgumentException("Pagination data from GitLab response is missing");

  348.     } else {

  349.       try {

  350.         return Integer.parseInt(header);

  351.       } catch (NumberFormatException e) {

  352.         throw new IllegalArgumentException("Could not parse pagination number", e);

  353.       }

  354.     }

  355.   }

  356. 

  357.   public Set<GsonGroup> getGroups(String gitlabUrl, String token) {

  358.     return Set.copyOf(executePaginatedQuery(gitlabUrl, token, "/groups", resp -> GSON.fromJson(resp, GITLAB_GROUP)));

  359.   }

  360. 

  361.   public Set<GsonUser> getDirectGroupMembers(String gitlabUrl, String token, String groupId) {

  362.     return getMembers(gitlabUrl, token, format(GITLAB_GROUPS_MEMBERS_ENDPOINT, groupId));

  363.   }

  364. 

  365.   public Set<GsonUser> getAllGroupMembers(String gitlabUrl, String token, String groupId) {

  366.     return getMembers(gitlabUrl, token, format(GITLAB_GROUPS_MEMBERS_ENDPOINT + "/all", groupId));

  367.   }

  368. 

  369.   private Set<GsonUser> getMembers(String gitlabUrl, String token, String endpoint) {

  370.     return Set.copyOf(executePaginatedQuery(gitlabUrl, token, endpoint, resp -> GSON.fromJson(resp, GITLAB_USER)));

  371.   }

  372. 

  373.   private <E> List<E> executePaginatedQuery(String appUrl, String token, String query, Function<String, List<E>> responseDeserializer) {

  374.     GitlabToken gitlabToken = new GitlabToken(token);

  375.     return gitlabPaginatedHttpClient.get(appUrl, gitlabToken, query, responseDeserializer);

  376.   }

  377. 

  378. }