TencentBlueKing · bkci-bot · Dec 26, 2024 · Sep 23, 2024 · Sep 27, 2024 · Sep 18, 2024
@@ -0,0 +1,43 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.common.api.enums
+
+/**
+ * 代码库类型
+ */
+enum class ScmCode {
+    TGIT, // 内部工蜂
+    GITHUB; // github
+
+    fun convertScmType(): ScmType {
+        return when (this) {
+            TGIT -> ScmType.CODE_GIT
+            GITHUB -> ScmType.GITHUB
+        }
+    }
+}
diff --git a/...i-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwOauthResourceV4.kt b/...i-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwOauthResourceV4.kt
@@ -0,0 +1,72 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+package com.tencent.devops.openapi.api.apigw.v4
+
+import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_APP_CODE
+import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_APP_CODE_DEFAULT_VALUE
+import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID
+import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID_DEFAULT_VALUE
+import com.tencent.devops.common.api.pojo.Result
+import io.swagger.v3.oas.annotations.Operation
+import io.swagger.v3.oas.annotations.Parameter
+import io.swagger.v3.oas.annotations.tags.Tag
+import javax.ws.rs.Consumes
+import javax.ws.rs.HeaderParam
+import javax.ws.rs.PUT
+import javax.ws.rs.Path
+import javax.ws.rs.PathParam
+import javax.ws.rs.Produces
+import javax.ws.rs.QueryParam
+import javax.ws.rs.core.MediaType
+
+@Tag(name = "OPEN_API_REPOSITORY_V4", description = "OPEN-API-OAUTH授权资源")
+@Path("/{apigwType:apigw-user|apigw-app|apigw}/v4/oauth")
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+@SuppressWarnings("All")
+interface ApigwOauthResourceV4 {
+    @Operation(
+        summary = "校验用户是否已经OAUTH授权",
+        tags = ["v4_app_oauth_isOauth", "v4_user_oauth_isOauth"]
+    )
+    @PUT
+    @Path("/isOauth")
+    fun isOauth(
+        @Parameter(description = "appCode", required = true, example = AUTH_HEADER_DEVOPS_APP_CODE_DEFAULT_VALUE)
+        @HeaderParam(AUTH_HEADER_DEVOPS_APP_CODE)
+        appCode: String?,
+        @Parameter(description = "apigw Type", required = true)
+        @PathParam("apigwType")
+        apigwType: String?,
+        @Parameter(description = "用户ID", required = true, example = AUTH_HEADER_DEVOPS_USER_ID_DEFAULT_VALUE)
+        @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+        userId: String,
+        @Parameter(description = "代码库类型", required = true)
+        @QueryParam("scmCode")
+        scmCode: String
+    ): Result<Boolean>
+}
@@ -0,0 +1,73 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+package com.tencent.devops.openapi.resources.apigw.v4
+
+import com.tencent.devops.common.api.enums.ScmCode
+import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.client.Client
+import com.tencent.devops.common.web.RestResource
+import com.tencent.devops.openapi.api.apigw.v4.ApigwOauthResourceV4
+import com.tencent.devops.repository.api.ServiceOauthResource
+import org.slf4j.LoggerFactory
+import org.springframework.beans.factory.annotation.Autowired
+
+@RestResource
+class ApigwOauthResourceV4Impl @Autowired constructor(private val client: Client) : ApigwOauthResourceV4 {
+    override fun isOauth(
+        appCode: String?,
+        apigwType: String?,
+        userId: String,
+        scmCode: String
+    ): Result<Boolean> {
+        logger.info("OPENAPI_OAUTH_V4|$userId|verify if $scmCode oauth authorization has been performed")
+        val result = when (scmCode) {
+            ScmCode.TGIT.name -> {
+                client.get(ServiceOauthResource::class).isOAuth(
+                    userId = userId,
+                    redirectUrl = null,
+                    redirectUrlType = null
+                ).data?.status
+            }
+
+            ScmCode.GITHUB.name -> {
+                client.get(ServiceOauthResource::class).githubOAuth(
+                    userId = userId
+                ).data?.status
+            }
+
+            else -> {
+                null
+            }
+        }
+        return Result(result == AUTHORIZED_STATUS)
+    }
+
+    companion object {
+        private val logger = LoggerFactory.getLogger(ApigwOauthResourceV4Impl::class.java)
+        private const val AUTHORIZED_STATUS = 200
+    }
+}
@@ -123,4 +123,13 @@ interface ServiceOauthResource {
         @QueryParam("refreshToken")
         refreshToken: Boolean? = false
     ): Result<AuthorizeResult>
+
+    @Operation(summary = "根据用户ID判断用户是否已经github oauth认证")
+    @GET
+    @Path("/github_oauth")
+    fun githubOAuth(
+        @Parameter(description = "用户ID", required = true, example = AUTH_HEADER_USER_ID_DEFAULT_VALUE)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String
+    ): Result<AuthorizeResult>
 }
@@ -0,0 +1,108 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ */
+
+package com.tencent.devops.repository.api
+
+import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
+import com.tencent.devops.common.api.pojo.Page
+import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.repository.pojo.OauthResetUrl
+import com.tencent.devops.repository.pojo.RepoOauthRefVo
+import com.tencent.devops.repository.pojo.UserOauthRepositoryInfo
+import io.swagger.v3.oas.annotations.Operation
+import io.swagger.v3.oas.annotations.Parameter
+import io.swagger.v3.oas.annotations.tags.Tag
+import javax.ws.rs.Consumes
+import javax.ws.rs.DELETE
+import javax.ws.rs.GET
+import javax.ws.rs.HeaderParam
+import javax.ws.rs.POST
+import javax.ws.rs.Path
+import javax.ws.rs.Produces
+import javax.ws.rs.QueryParam
+import javax.ws.rs.core.MediaType
+
+@Tag(name = "AUTH_RESOURCE", description = "用户态-iam资源映射")
+@Path("/user/repositories/oauth/")
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+interface UserOauthResource {
+    @GET
+    @Path("/")
+    @Operation(summary = "获取用户OAuth授权列表")
+    fun list(
+        @Parameter(description = "用户名", required = true)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String
+    ): Result<List<UserOauthRepositoryInfo>>
+
+    @GET
+    @Path("/relSource")
+    @Operation(summary = "获取授权关联的资源列表")
+    fun relSource(
+        @Parameter(description = "用户名", required = true)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String,
+        @Parameter(description = "授权类型", required = true)
+        @QueryParam("scmCode")
+        scmCode: String,
+        @Parameter(description = "第几页", required = false, example = "1")
+        @QueryParam("page")
+        page: Int? = null,
+        @Parameter(description = "每页多少条", required = false, example = "20")
+        @QueryParam("pageSize")
+        pageSize: Int? = null
+    ): Result<Page<RepoOauthRefVo>>
+
+    @DELETE
+    @Path("/delete")
+    @Operation(summary = "删除oauth授权")
+    fun delete(
+        @Parameter(description = "用户名", required = true)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String,
+        @Parameter(description = "授权类型", required = true)
+        @QueryParam("scmCode")
+        scmCode: String
+    ): Result<Boolean>
+
+    @POST
+    @Path("/reset")
+    @Operation(summary = "重置授权")
+    fun reset(
+        @Parameter(description = "用户名", required = true)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String,
+        @Parameter(description = "授权类型", required = true)
+        @QueryParam("scmCode")
+        scmCode: String,
+        @Parameter(description = "回调链接(授权完以后的链接地址)", required = true)
+        @QueryParam("redirectUrl")
+        redirectUrl: String
+    ): Result<OauthResetUrl>
+}
@@ -47,7 +47,7 @@ import javax.ws.rs.core.MediaType
 @Consumes(MediaType.APPLICATION_JSON)
 interface ServiceGithubUserResource {
 
-    @Operation(summary = "创建或者更新文件内容")
+    @Operation(summary = "获取用户信息")
     @GET
     @Path("/getUser")
     fun getUser(

@@ -94,6 +94,7 @@ object RepositoryMessageCode {
     const val ERROR_USER_HAVE_NOT_DOWNLOAD_PEM = "2115043" // 用户（{0}）无（{1}）项目下载权限
     const val NOT_GITHUB_AUTHORIZED_BY_OAUTH = "2115044" // 用户[{0}]尚未进行GITHUB OAUTH授权，请先授权。
     const val REPOSITORY_NO_SUPPORT_OAUTH = "2115045" // （{0}）类型代码库暂不支持OAUTH授权
+    const val OAUTH_INFO_OCCUPIED_CANNOT_DELETE = "2115049" // OAUTH授权信息被占用，无法删除
 
     const val USER_NOT_PERMISSIONS_OPERATE_REPOSITORY = "2115046" // 用户({0})无权限在工程({1})下{2}流水线{3}
     const val FAIL_TO_GET_OPEN_COPILOT_TOKEN = "2115048" // 获取open copilot token 失败, 失败详情: {0}

@@ -61,6 +61,8 @@ data class CodeGitRepository(
 ) : Repository {
     companion object {
         const val classType = "codeGit"
+        // 内部工蜂
+        const val SCM_CODE = "TGIT"
     }
 
     override fun getStartPrefix(): String {

@@ -56,6 +56,7 @@ data class GithubRepository(
 ) : Repository {
     companion object {
         const val classType = "github"
+        const val SCM_CODE = "GITHUB"
     }
 
     override fun getStartPrefix() = "https://github.com/"

@@ -0,0 +1,8 @@
+package com.tencent.devops.repository.pojo
+
+import io.swagger.v3.oas.annotations.media.Schema
+
+@Schema(title = "重置Oauth授权信息")
+data class OauthResetUrl(
+    val url: String
+)
@@ -0,0 +1,15 @@
+package com.tencent.devops.repository.pojo
+
+import io.swagger.v3.oas.annotations.media.Schema
+
+@Schema(title = "用户关联的仓库")
+data class RepoOauthRefVo(
+    @get:Schema(title = "仓库别名", required = true)
+    val aliasName: String,
+    @get:Schema(title = "仓库源URL", required = true)
+    val url: String,
+    @get:Schema(title = "蓝盾项目ID", required = true)
+    val projectId: String,
+    @get:Schema(title = "代码库HashId", required = true)
+    val hashId: String
+)
@@ -0,0 +1,20 @@
+package com.tencent.devops.repository.pojo
+
+import com.tencent.devops.common.api.enums.ScmCode
+import io.swagger.v3.oas.annotations.media.Schema
+
+@Schema(title = "用户代码库Oauth授权信息")
+data class UserOauthRepositoryInfo(
+    @get:Schema(title = "授权账号")
+    val username: String,
+    @get:Schema(title = "授权代码库数量")
+    val repoCount: Long,
+    @get:Schema(title = "创建时间")
+    val createTime: Long? = null,
+    @get:Schema(title = "授权类型")
+    val type: ScmCode,
+    @get:Schema(title = "是否过期")
+    val expired: Boolean = false,
+    @get:Schema(title = "是否已授权")
+    val authorized: Boolean = true
+)