From dd136858f1ea40ad3c94191d647487fa4f31926c Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 18 Oct 2024 20:33:49 +0200 Subject: Adding upstream version 9.0.0. Signed-off-by: Daniel Baumann --- routers/api/actions/runner/interceptor.go | 80 +++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 routers/api/actions/runner/interceptor.go (limited to 'routers/api/actions/runner/interceptor.go') diff --git a/routers/api/actions/runner/interceptor.go b/routers/api/actions/runner/interceptor.go new file mode 100644 index 0000000..521ba91 --- /dev/null +++ b/routers/api/actions/runner/interceptor.go @@ -0,0 +1,80 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package runner + +import ( + "context" + "crypto/subtle" + "errors" + "strings" + + actions_model "code.gitea.io/gitea/models/actions" + auth_model "code.gitea.io/gitea/models/auth" + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/timeutil" + "code.gitea.io/gitea/modules/util" + + "connectrpc.com/connect" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" +) + +const ( + uuidHeaderKey = "x-runner-uuid" + tokenHeaderKey = "x-runner-token" +) + +var withRunner = connect.WithInterceptors(connect.UnaryInterceptorFunc(func(unaryFunc connect.UnaryFunc) connect.UnaryFunc { + return func(ctx context.Context, request connect.AnyRequest) (connect.AnyResponse, error) { + methodName := getMethodName(request) + if methodName == "Register" { + return unaryFunc(ctx, request) + } + uuid := request.Header().Get(uuidHeaderKey) + token := request.Header().Get(tokenHeaderKey) + + runner, err := actions_model.GetRunnerByUUID(ctx, uuid) + if err != nil { + if errors.Is(err, util.ErrNotExist) { + return nil, status.Error(codes.Unauthenticated, "unregistered runner") + } + return nil, status.Error(codes.Internal, err.Error()) + } + if subtle.ConstantTimeCompare([]byte(runner.TokenHash), []byte(auth_model.HashToken(token, runner.TokenSalt))) != 1 { + return nil, status.Error(codes.Unauthenticated, "unregistered runner") + } + + cols := []string{"last_online"} + runner.LastOnline = timeutil.TimeStampNow() + if methodName == "UpdateTask" || methodName == "UpdateLog" { + runner.LastActive = timeutil.TimeStampNow() + cols = append(cols, "last_active") + } + if err := actions_model.UpdateRunner(ctx, runner, cols...); err != nil { + log.Error("can't update runner status: %v", err) + } + + ctx = context.WithValue(ctx, runnerCtxKey{}, runner) + return unaryFunc(ctx, request) + } +})) + +func getMethodName(req connect.AnyRequest) string { + splits := strings.Split(req.Spec().Procedure, "/") + if len(splits) > 0 { + return splits[len(splits)-1] + } + return "" +} + +type runnerCtxKey struct{} + +func GetRunner(ctx context.Context) *actions_model.ActionRunner { + if v := ctx.Value(runnerCtxKey{}); v != nil { + if r, ok := v.(*actions_model.ActionRunner); ok { + return r + } + } + return nil +} -- cgit v1.2.3