-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathconnect.go
153 lines (121 loc) · 3.75 KB
/
connect.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
package main
import (
"errors"
"fmt"
"os"
"context"
"net/http"
"github.com/AlecAivazis/survey/v2"
"github.com/cli/oauth/device"
"github.com/safedep/vet/internal/connect"
"github.com/safedep/vet/internal/ui"
"github.com/safedep/vet/pkg/common/logger"
"github.com/spf13/cobra"
)
func newConnectCommand() *cobra.Command {
cmd := &cobra.Command{
Use: "connect",
Short: "Connect with 3rd party apps",
RunE: func(cmd *cobra.Command, args []string) error {
return errors.New("a valid sub-command is required")
},
}
cmd.AddCommand(connectGithubCommand())
return cmd
}
func connectGithubCommand() *cobra.Command {
cmd := &cobra.Command{
Use: "github",
RunE: func(cmd *cobra.Command, args []string) error {
githubAccessToken, err := getAccessTokenFromUser()
if err != nil {
githubAccessToken, err = getAccessTokenViaDeviceFlow()
}
if err != nil {
logger.Fatalf("Failed to connect with Github API: %s", err.Error())
}
err = connect.PersistGithubAccessToken(githubAccessToken)
if err != nil {
logger.Fatalf("Failed to persist Github connection token: %s", err.Error())
}
ui.PrintSuccess("Github Access Token configured and saved at '%s' for your convenience.", connect.GetConfigFileHint())
ui.PrintSuccess("You can use vet to scan your github repositories")
ui.PrintSuccess("Run the command to scan your github repository")
ui.PrintSuccess("\tvet scan --github https://github.com/<Org|User>/<Repo>")
os.Exit(1)
return nil
},
}
return cmd
}
func getAccessTokenFromUser() (string, error) {
var by_github_acces_token string
prompt := &survey.Select{
Message: "Do you have access token ready?",
Options: []string{"Y", "N"},
Default: "Y",
}
err := survey.AskOne(prompt, &by_github_acces_token)
if err != nil {
return "", err
}
if by_github_acces_token != "Y" {
return "", fmt.Errorf("user refused to provide access token")
}
password := &survey.Password{
Message: "Provide your access token: ",
}
var accessToken string
err = survey.AskOne(password, &accessToken)
if err != nil {
return "", err
}
return accessToken, nil
}
func getAccessTokenViaDeviceFlow() (string, error) {
var by_web_flow string
prompt := &survey.Select{
Message: "Do you want to connect with your Github account to continue?",
Options: []string{"Y", "N"},
Default: "Y",
}
err := survey.AskOne(prompt, &by_web_flow)
if err != nil {
return "", err
}
if by_web_flow != "Y" {
return "", fmt.Errorf("user cancelled device flow")
}
ui.PrintMsg("Starting Github authentication using oauth2 device flow")
token, err := connectGithubWithDeviceFlow()
if err != nil {
return "", err
}
return token, nil
}
func connectGithubWithDeviceFlow() (string, error) {
clientID := connect.GetGithubOAuth2ClientId()
scopes := []string{"repo", "read:org"}
httpClient := http.DefaultClient
logger.Debugf("Initiating Github device flow auth using clientId: %s", clientID)
// TODO: We are coupling with Github cloud API here. Self-hosted Github enterprise won't work
code, err := device.RequestCode(httpClient, "https://github.com/login/device/code", clientID, scopes)
if err != nil {
ui.PrintError("Error while requesting code from github: %s", err.Error())
return "", err
}
ui.PrintMsg("Copy the code: %s", code.UserCode)
ui.PrintMsg("Navigate to the URL and paste the code: %s", code.VerificationURI)
// TODO: We are coupling with Github cloud API here. Self-hosted Github enterprise won't work
accessToken, err := device.Wait(context.TODO(), httpClient,
"https://github.com/login/oauth/access_token",
device.WaitOptions{
ClientID: clientID,
DeviceCode: code,
})
if err != nil {
return "", err
}
logger.Debugf("Completed device flow with Github successfully")
return accessToken.Token, nil
}