woodpecker/server/model/user.go

// Copyright 2021 Woodpecker Authors
// Copyright 2018 Drone.IO Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package model

import (
	"errors"
	"regexp"
)

// validate a username (e.g. from github)
var reUsername = regexp.MustCompile("^[a-zA-Z0-9-_.]+$")

var errUserLoginInvalid = errors.New("invalid user login")

const maxLoginLen = 250

// User represents a registered user.
type User struct {
	// the id for this user.
	//
	// required: true
	ID int64 `json:"id" xorm:"pk autoincr 'user_id'"`

	ForgeRemoteID ForgeRemoteID `json:"-" xorm:"forge_remote_id"`

	// Login is the username for this user.
	//
	// required: true
	Login string `json:"login"  xorm:"UNIQUE 'user_login'"`

	// Token is the oauth2 token.
	Token string `json:"-"  xorm:"TEXT 'user_token'"`

	// Secret is the oauth2 token secret.
	Secret string `json:"-" xorm:"TEXT 'user_secret'"`

	// Expiry is the token and secret expiration timestamp.
	Expiry int64 `json:"-" xorm:"user_expiry"`

	// Email is the email address for this user.
	//
	// required: true
	Email string `json:"email" xorm:" varchar(500) 'user_email'"`

	// the avatar url for this user.
	Avatar string `json:"avatar_url" xorm:" varchar(500) 'user_avatar'"`

	// Admin indicates the user is a system administrator.
	//
	// NOTE: If the username is part of the WOODPECKER_ADMIN
	// environment variable, this value will be set to true on login.
	Admin bool `json:"admin,omitempty" xorm:"user_admin"`

	// Hash is a unique token used to sign tokens.
	Hash string `json:"-" xorm:"UNIQUE varchar(500) 'user_hash'"`

	// OrgID is the of the user as model.Org.
	OrgID int64 `json:"org_id" xorm:"user_org_id"`
} //	@name User

// TableName return database table name for xorm
func (User) TableName() string {
	return "users"
}

// Validate validates the required fields and formats.
func (u *User) Validate() error {
	switch {
	case len(u.Login) == 0:
		return errUserLoginInvalid
	case len(u.Login) > maxLoginLen:
		return errUserLoginInvalid
	case !reUsername.MatchString(u.Login):
		return errUserLoginInvalid
	default:
		return nil
	}
}
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			`// Copyright 2021 Woodpecker Authors`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// Copyright 2018 Drone.IO Inc.`
Just fixed format with go fmt ./... 2018-03-21 13:02:17 +00:00			`//`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
Just fixed format with go fmt ./... 2018-03-21 13:02:17 +00:00			`//`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// http://www.apache.org/licenses/LICENSE-2.0`
Just fixed format with go fmt ./... 2018-03-21 13:02:17 +00:00			`//`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

updated vendor files and paths 2015-09-30 01:21:17 +00:00			`package model`

username validation fixes #1418 2017-07-17 04:01:35 +00:00			`import (`
			`"errors"`
			`"regexp"`
			`)`

			`// validate a username (e.g. from github)`
enable dot(.) in usernames 2017-10-05 21:02:23 +00:00			`var reUsername = regexp.MustCompile("^[a-zA-Z0-9-_.]+$")`
username validation fixes #1418 2017-07-17 04:01:35 +00:00
Refactor pipeline parsing and forge refreshing (#2527) - refactor pipeline parsing - do not parse the pipeline multiple times to perform filter checks, do this once and perform checks on the result directly - code deduplication - refactor forge token refreshing - move refreshing to a helper func to reduce code --------- Co-authored-by: Anbraten <anton@ju60.de> 2023-10-08 12:05:06 +00:00			`var errUserLoginInvalid = errors.New("invalid user login")`
username validation fixes #1418 2017-07-17 04:01:35 +00:00
Enable golangci linter gomnd (#3171) 2024-03-15 17:00:25 +00:00			`const maxLoginLen = 250`

moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00			`// User represents a registered user.`
experimental branch. playing around with boltdb 2015-04-07 08:20:55 +00:00			`type User struct {`
moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00			`// the id for this user.`
			`//`
			`// required: true`
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			ID int64 `json:"id" xorm:"pk autoincr 'user_id'"`
moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00
Identify users using their remote ID (#1732) 2023-05-11 03:19:35 +00:00			ForgeRemoteID ForgeRemoteID `json:"-" xorm:"forge_remote_id"`

moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00			`// Login is the username for this user.`
			`//`
			`// required: true`
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			Login string `json:"login" xorm:"UNIQUE 'user_login'"`
moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00
			`// Token is the oauth2 token.`
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			Token string `json:"-" xorm:"TEXT 'user_token'"`
moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00
			`// Secret is the oauth2 token secret.`
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			Secret string `json:"-" xorm:"TEXT 'user_secret'"`
moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00
Fix typos 2018-02-15 08:39:59 +00:00			`// Expiry is the token and secret expiration timestamp.`
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			Expiry int64 `json:"-" xorm:"user_expiry"`
moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00
			`// Email is the email address for this user.`
			`//`
			`// required: true`
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			Email string `json:"email" xorm:" varchar(500) 'user_email'"`
moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00
			`// the avatar url for this user.`
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			Avatar string `json:"avatar_url" xorm:" varchar(500) 'user_avatar'"`
moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00
			`// Admin indicates the user is a system administrator.`
bump to 0.5 in master 2016-05-02 19:21:25 +00:00			`//`
Docs: The WOODPECKER_ADMIN environment variable is singular. (#1699) 2023-04-07 23:34:36 +00:00			`// NOTE: If the username is part of the WOODPECKER_ADMIN`
Refactor pipeline parsing and forge refreshing (#2527) - refactor pipeline parsing - do not parse the pipeline multiple times to perform filter checks, do this once and perform checks on the result directly - code deduplication - refactor forge token refreshing - move refreshing to a helper func to reduce code --------- Co-authored-by: Anbraten <anton@ju60.de> 2023-10-08 12:05:06 +00:00			`// environment variable, this value will be set to true on login.`
Add users UI for admins (#1634) Co-authored-by: Lauris BH <lauris@nix.lv> 2023-03-18 20:21:20 +00:00			Admin bool `json:"admin,omitempty" xorm:"user_admin"`
moving API to api package, swagger annotatoins 2016-03-30 20:15:28 +00:00
			`// Hash is a unique token used to sign tokens.`
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			Hash string `json:"-" xorm:"UNIQUE varchar(500) 'user_hash'"`
Support user secrets (#2126) 2023-08-21 13:04:12 +00:00
			`// OrgID is the of the user as model.Org.`
			OrgID int64 `json:"org_id" xorm:"user_org_id"`
Update swagger API specification (#1782) # Summary This PR drops the outdated former swagger.yaml/json and introduced automatic API document generation from Go code. The generated code is also used to generate documentation/markdown for the community page, as well as enable the Woodpecker server to serve a Swagger Web UI for manual tinkering. I did opt-in for gin-swagger, a middleware for the Gin framework, to ease implementation and have a sophisticated output. This middleware only produces Swagger v2 specs. AFAIK the newer OpenApi 3x tooling is not yet that mature, so I guess that's fine for now. ## Implemenation notes - former swagger.json files removed - former // swagger godocs removed - introduced new dependency gin-swagger, which uses godoc annotations on top of Gin Handler functions. - reworked Makefile to automatically generate Go code for the server - introduce new dependency go-swagger, to generate Markdown for documentation purposes - add a Swagger Web UI, incl. capabilities for manual API exploration - consider relative root paths in the implementation - write documentation for all exposed API endpoints - incl. API docs in the community website (auto-generated) - provide developer documentation, for the Woodpecker authors - no other existing logic/code was intentionally changed --------- close #292 --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> Co-authored-by: 6543 <6543@obermui.de> 2023-06-03 19:38:36 +00:00			`} // @name User`
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00
			`// TableName return database table name for xorm`
			`func (User) TableName() string {`
			`return "users"`
updated vendor files and paths 2015-09-30 01:21:17 +00:00			`}`
username validation fixes #1418 2017-07-17 04:01:35 +00:00
			`// Validate validates the required fields and formats.`
			`func (u *User) Validate() error {`
			`switch {`
			`case len(u.Login) == 0:`
			`return errUserLoginInvalid`
Enable golangci linter gomnd (#3171) 2024-03-15 17:00:25 +00:00			`case len(u.Login) > maxLoginLen:`
username validation fixes #1418 2017-07-17 04:01:35 +00:00			`return errUserLoginInvalid`
			`case !reUsername.MatchString(u.Login):`
			`return errUserLoginInvalid`
			`default:`
			`return nil`
			`}`
			`}`