mirror of
https://gitea.com/gitea/tea.git
synced 2026-03-13 09:13:30 +01:00
302c946cb8
## Summary - Introduce `github.com/go-authgate/sdk-go/credstore` to store OAuth tokens securely in the OS keyring (macOS Keychain / Linux Secret Service / Windows Credential Manager), with automatic fallback to an encrypted JSON file - Add `AuthMethod` field to `Login` struct; new OAuth logins are marked `auth_method: oauth` and no longer write `token`/`refresh_token`/`token_expiry` to `config.yml` - Add `GetAccessToken()` / `GetRefreshToken()` / `GetTokenExpiry()` accessors that transparently read from credstore for OAuth logins, with fallback to YAML fields for legacy logins - Update all token reference sites across the codebase to use the new accessors - Non-OAuth logins (token, SSH) are completely unaffected; no migration of existing tokens ## Key files | File | Role | |------|------| | `modules/config/credstore.go` | **New** — credstore wrapper (Load/Save/Delete) | | `modules/config/login.go` | Login struct, token accessors, refresh logic | | `modules/auth/oauth.go` | OAuth flow, token creation / re-authentication | | `modules/api/client.go`, `cmd/login/helper.go`, `cmd/login/oauth_refresh.go` | Token reference updates | | `modules/task/pull_*.go`, `modules/task/repo_clone.go` | Git operation token reference updates | ## Test plan - [x] `go build ./...` compiles successfully - [x] `go test ./...` all tests pass - [x] `tea login add --oauth` completes OAuth flow; verify config.yml has `auth_method: oauth` but no token/refresh_token/token_expiry - [x] `tea repos ls` API calls work (token read from credstore) - [x] `tea login delete <name>` credstore token is also removed - [x] Existing non-OAuth logins continue to work unchanged 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://gitea.com/gitea/tea/pulls/926 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com>
107 lines
3.1 KiB
Go
107 lines
3.1 KiB
Go
// Copyright 2020 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package task
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"code.gitea.io/tea/modules/config"
|
|
local_git "code.gitea.io/tea/modules/git"
|
|
|
|
"code.gitea.io/sdk/gitea"
|
|
git_config "github.com/go-git/go-git/v5/config"
|
|
git_plumbing "github.com/go-git/go-git/v5/plumbing"
|
|
)
|
|
|
|
// PullClean deletes local & remote feature-branches for a closed pull
|
|
func PullClean(login *config.Login, repoOwner, repoName string, index int64, ignoreSHA bool, callback func(string) (string, error)) error {
|
|
client := login.Client()
|
|
|
|
repo, _, err := client.GetRepo(repoOwner, repoName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defaultBranch := repo.DefaultBranch
|
|
if len(defaultBranch) == 0 {
|
|
defaultBranch = "master"
|
|
}
|
|
|
|
// fetch PR source-repo & -branch from gitea
|
|
pr, _, err := client.GetPullRequest(repoOwner, repoName, index)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if pr.State == gitea.StateOpen {
|
|
return fmt.Errorf("PR is still open, won't delete branches")
|
|
}
|
|
|
|
// if remote head branch is already deleted, pr.Head.Ref points to "pulls/<idx>/head"
|
|
remoteBranch := pr.Head.Ref
|
|
remoteDeleted := remoteBranch == fmt.Sprintf("refs/pull/%d/head", pr.Index)
|
|
if remoteDeleted {
|
|
remoteBranch = pr.Head.Name // this still holds the original branch name
|
|
fmt.Printf("Remote branch '%s' already deleted.\n", remoteBranch)
|
|
}
|
|
|
|
r, err := local_git.RepoForWorkdir()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// find a branch with matching sha or name, that has a remote matching the repo url
|
|
var branch *git_config.Branch
|
|
if ignoreSHA {
|
|
branch, err = r.TeaFindBranchByName(remoteBranch, pr.Head.Repository.CloneURL)
|
|
} else {
|
|
branch, err = r.TeaFindBranchBySha(pr.Head.Sha, pr.Head.Repository.CloneURL)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if branch == nil {
|
|
if ignoreSHA {
|
|
return fmt.Errorf("Remote branch %s not found in local repo", remoteBranch)
|
|
}
|
|
return fmt.Errorf(`Remote branch %s not found in local repo.
|
|
Either you don't track this PR, or the local branch has diverged from the remote.
|
|
If you still want to continue & are sure you don't loose any important commits,
|
|
call me again with the --ignore-sha flag`, remoteBranch)
|
|
}
|
|
|
|
// prepare deletion of local branch:
|
|
headRef, err := r.Head()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if headRef.Name().Short() == branch.Name {
|
|
fmt.Printf("Checking out '%s' to delete local branch '%s'\n", defaultBranch, branch.Name)
|
|
ref := git_plumbing.NewBranchReferenceName(defaultBranch)
|
|
if err = r.TeaCheckout(ref); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
// remove local & remote branch
|
|
fmt.Printf("Deleting local branch %s\n", branch.Name)
|
|
err = r.TeaDeleteLocalBranch(branch)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if !remoteDeleted && pr.Head.Repository.Permissions.Push {
|
|
fmt.Printf("Deleting remote branch %s\n", remoteBranch)
|
|
url, urlErr := r.TeaRemoteURL(branch.Remote)
|
|
if urlErr != nil {
|
|
return urlErr
|
|
}
|
|
auth, authErr := local_git.GetAuthForURL(url, login.GetAccessToken(), login.SSHKey, callback)
|
|
if authErr != nil {
|
|
return authErr
|
|
}
|
|
return r.TeaDeleteRemoteBranch(branch.Remote, remoteBranch, auth)
|
|
}
|
|
return nil
|
|
}
|