Add access token table and manage ui.

2025-11-09 15:05:50 +01:00 · 2015-01-28 14:44:45 +09:00
parent 20217058fe
commit d6946b93c3
8 changed files with 180 additions and 2 deletions
--- a/src/main/resources/update/2_9.sql
+++ b/src/main/resources/update/2_9.sql
@@ -0,0 +1,13 @@
+DROP TABLE IF EXISTS ACCESS_TOKEN;
+
+CREATE TABLE ACCESS_TOKEN (
+   ACCESS_TOKEN_ID INT NOT NULL AUTO_INCREMENT,
+   TOKEN_HASH VARCHAR(40) NOT NULL,
+   USER_NAME VARCHAR(100) NOT NULL,
+   NOTE TEXT NOT NULL
+);
+
+ALTER TABLE ACCESS_TOKEN ADD CONSTRAINT IDX_ACCESS_TOKEN_PK PRIMARY KEY (ACCESS_TOKEN_ID);
+ALTER TABLE ACCESS_TOKEN ADD CONSTRAINT IDX_ACCESS_TOKEN_FK0 FOREIGN KEY (USER_NAME) REFERENCES ACCOUNT (USER_NAME)
+  ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE ACCESS_TOKEN ADD CONSTRAINT IDX_ACCESS_TOKEN_TOKEN_HASH UNIQUE(TOKEN_HASH);
--- a/src/main/scala/app/AccountController.scala
+++ b/src/main/scala/app/AccountController.scala
@@ -18,10 +18,12 @@ import model.GroupMember
 class AccountController extends AccountControllerBase
  with AccountService with RepositoryService with ActivityService with WikiService with LabelsService with SshKeyService
  with OneselfAuthenticator with UsersAuthenticator with GroupManagerAuthenticator with ReadableUsersAuthenticator
+  with AccessTokenService

 trait AccountControllerBase extends AccountManagementControllerBase {
  self: AccountService with RepositoryService with ActivityService with WikiService with LabelsService with SshKeyService
-    with OneselfAuthenticator with UsersAuthenticator with GroupManagerAuthenticator with ReadableUsersAuthenticator =>
+    with OneselfAuthenticator with UsersAuthenticator with GroupManagerAuthenticator with ReadableUsersAuthenticator
+    with AccessTokenService =>

  case class AccountNewForm(userName: String, password: String, fullName: String, mailAddress: String,
                            url: Option[String], fileId: Option[String])
@@ -31,6 +33,8 @@ trait AccountControllerBase extends AccountManagementControllerBase {

  case class SshKeyForm(title: String, publicKey: String)

+  case class PersonalTokenForm(note: String)
+
  val newForm = mapping(
    "userName"    -> trim(label("User name"    , text(required, maxlength(100), identifier, uniqueUserName))),
    "password"    -> trim(label("Password"     , text(required, maxlength(20)))),
@@ -54,6 +58,10 @@ trait AccountControllerBase extends AccountManagementControllerBase {
    "publicKey" -> trim(label("Key"  , text(required, validPublicKey)))
  )(SshKeyForm.apply)

+  val personalTokenForm = mapping(
+    "note"     -> trim(label("Token", text(required, maxlength(100))))
+  )(PersonalTokenForm.apply)
+
  case class NewGroupForm(groupName: String, url: Option[String], fileId: Option[String], members: String)
  case class EditGroupForm(groupName: String, url: Option[String], fileId: Option[String], members: String, clearImage: Boolean)

@@ -206,6 +214,40 @@ trait AccountControllerBase extends AccountManagementControllerBase {
    redirect(s"/${userName}/_ssh")
  })

+  get("/:userName/_application")(oneselfOnly {
+    val userName = params("userName")
+    getAccountByUserName(userName).map { x =>
+      var tokens = getAccessTokens(x.userName)
+      val generatedToken = flash.get("generatedToken") match {
+        case Some((tokenId:Int, token:String)) => {
+          val gt = tokens.find(_.accessTokenId == tokenId)
+          gt.map{ t =>
+            tokens = tokens.filterNot(_ == t)
+            (t, token)
+          }
+        }
+        case _ => None
+      }
+      account.html.application(x, tokens, generatedToken)
+    } getOrElse NotFound
+  })
+
+  post("/:userName/_personalToken", personalTokenForm)(oneselfOnly { form =>
+    val userName = params("userName")
+    getAccountByUserName(userName).map { x =>
+      val (tokenId, token) = generateAccessToken(userName, form.note)
+      flash += "generatedToken" -> (tokenId, token)
+    }
+    redirect(s"/${userName}/_application")
+  })
+
+  get("/:userName/_personalToken/delete/:id")(oneselfOnly {
+    val userName = params("userName")
+    val tokenId = params("id").toInt
+    deleteAccessToken(userName, tokenId)
+    redirect(s"/${userName}/_application")
+  })
+
  get("/register"){
    if(context.settings.allowAccountRegistration){
      if(context.loginAccount.isDefined){
--- a/src/main/scala/model/AccessToken.scala
+++ b/src/main/scala/model/AccessToken.scala
@@ -0,0 +1,20 @@
+package model
+
+trait AccessTokenComponent { self: Profile =>
+  import profile.simple._
+  lazy val AccessTokens = TableQuery[AccessTokens]
+
+  class AccessTokens(tag: Tag) extends Table[AccessToken](tag, "ACCESS_TOKEN") {
+    val accessTokenId = column[Int]("ACCESS_TOKEN_ID", O AutoInc)
+    val userName = column[String]("USER_NAME")
+    val tokenHash = column[String]("TOKEN_HASH")
+    val note = column[String]("NOTE")
+    def * = (accessTokenId, userName, tokenHash, note) <> (AccessToken.tupled, AccessToken.unapply)
+  }
+}
+case class AccessToken(
+  accessTokenId: Int = 0,
+  userName: String,
+  tokenHash: String,
+  note: String
+)
--- a/src/main/scala/model/Profile.scala
+++ b/src/main/scala/model/Profile.scala
@@ -19,7 +19,8 @@ trait Profile {
 object Profile extends {
  val profile = slick.driver.H2Driver

-} with AccountComponent
+} with AccessTokenComponent
+  with AccountComponent
  with ActivityComponent
  with CollaboratorComponent
  with CommitCommentComponent
--- a/src/main/scala/service/AccesTokenService.scala
+++ b/src/main/scala/service/AccesTokenService.scala
@@ -0,0 +1,43 @@
+package service
+
+import model.Profile._
+import profile.simple._
+import model.AccessToken
+import util.StringUtil
+import scala.util.Random
+
+trait AccessTokenService {
+
+  def makeAccessTokenString: String = {
+    val bytes = new Array[Byte](20)
+    Random.nextBytes(bytes)
+    bytes.map("%02x".format(_)).mkString
+  }
+
+  def tokenToHash(token: String): String = StringUtil.sha1(token)
+
+  /**
+   * @retuen (TokenId, Token)
+   */
+  def generateAccessToken(userName: String, note: String)(implicit s: Session): (Int, String) = {
+    var token: String = null
+    var hash: String = null
+    do{
+      token = makeAccessTokenString
+      hash = tokenToHash(token)
+    }while(AccessTokens.filter(_.tokenHash === hash.bind).exists.run)
+    val newToken = AccessToken(
+        userName = userName,
+        note = note,
+        tokenHash = hash)
+    val tokenId = (AccessTokens returning AccessTokens.map(_.accessTokenId)) += newToken
+    (tokenId, token)
+  }
+
+  def getAccessTokens(userName: String)(implicit s: Session): List[AccessToken] =
+    AccessTokens.filter(_.userName === userName.bind).sortBy(_.accessTokenId.desc).list
+
+  def deleteAccessToken(userName: String, accessTokenId: Int)(implicit s: Session): Unit =
+    AccessTokens filter (t => t.userName === userName.bind && t.accessTokenId === accessTokenId) delete
+
+}
--- a/src/main/scala/servlet/InitializeListener.scala
+++ b/src/main/scala/servlet/InitializeListener.scala
@@ -19,6 +19,7 @@ object AutoUpdate {
   * The history of versions. A head of this sequence is the current BitBucket version.
   */
  val versions = Seq(
+    new Version(2, 9),
    new Version(2, 8),
    new Version(2, 7) {
      override def update(conn: Connection, cl: ClassLoader): Unit = {
--- a/src/main/twirl/account/application.scala.html
+++ b/src/main/twirl/account/application.scala.html
@@ -0,0 +1,55 @@
+@(account: model.Account, personalTokens: List[model.AccessToken], gneratedToken:Option[(model.AccessToken, String)])(implicit context: app.Context)
+@import context._
+@import view.helpers._
+@html.main("Applications"){
+<div class="container">
+  <div class="row-fluid">
+    <div class="span3">
+      @menu("applications", settings.ssh)
+    </div>
+    <div class="span9">
+      <div class="box">
+        <div class="box-header">Personal access tokens</div>
+        <div class="box-content">
+          @if(personalTokens.isEmpty && gneratedToken.isEmpty){
+            No tokens.
+          }else{
+            Tokens you have generated that can be used to access the GitBucket API.<hr>
+          }
+          @gneratedToken.map{ case (token, tokenString) =>
+            <div class="alert alert-info">
+              Make sure to copy your new personal access token now. You won't be able to see it again!
+            </div>
+            @helper.html.copy("generated-token-copy", tokenString){
+              <input type="text" value="@tokenString" style="width:21em" readonly>
+            }
+            <a href="@path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-mini btn-danger pull-right">Delete</a>
+            <hr>
+          }
+          @personalTokens.zipWithIndex.map { case (token, i) =>
+            @if(i != 0){
+              <hr>
+            }
+            <strong>@token.note</strong>
+            <a href="@path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-mini btn-danger pull-right">Delete</a>
+          }
+        </div>
+      </div>
+      <form method="POST" action="@path/@account.userName/_personalToken" validate="true">
+        <div class="box">
+          <div class="box-header">Generate new token</div>
+          <div class="box-content">
+            <fieldset>
+              <label for="note" class="strong">Token description</label>
+              <div><span id="error-note" class="error"></span></div>
+              <input type="text" name="note" id="note" style="width: 400px;"/>
+              <p class="muted">What's this token for?</p>
+            </fieldset>
+            <input type="submit" class="btn btn-success" value="Generate token"/>
+          </div>
+        </div>
+      </form>
+    </div>
+  </div>
+</div>
+}
--- a/src/main/twirl/account/menu.scala.html
+++ b/src/main/twirl/account/menu.scala.html
@@ -10,5 +10,8 @@
      <a href="@path/@loginAccount.get.userName/_ssh">SSH Keys</a>
    </li>
    }
+    <li@if(active=="application"){ class="active"}>
+      <a href="@path/@loginAccount.get.userName/_application">Applications</a>
+    </li>
  </ul>
 </div>