386 lines
14 KiB
PHP
386 lines
14 KiB
PHP
<?php
|
|
|
|
namespace App\Livewire\Source\Github;
|
|
|
|
use App\Jobs\GithubAppPermissionJob;
|
|
use App\Models\GithubApp;
|
|
use App\Models\PrivateKey;
|
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
|
use Illuminate\Support\Facades\Http;
|
|
use Lcobucci\JWT\Configuration;
|
|
use Lcobucci\JWT\Signer\Key\InMemory;
|
|
use Lcobucci\JWT\Signer\Rsa\Sha256;
|
|
use Livewire\Component;
|
|
|
|
class Change extends Component
|
|
{
|
|
use AuthorizesRequests;
|
|
|
|
public string $webhook_endpoint = '';
|
|
|
|
public ?string $ipv4 = null;
|
|
|
|
public ?string $ipv6 = null;
|
|
|
|
public ?string $fqdn = null;
|
|
|
|
public ?bool $default_permissions = true;
|
|
|
|
public ?bool $preview_deployment_permissions = true;
|
|
|
|
public ?bool $administration = false;
|
|
|
|
public $parameters;
|
|
|
|
public ?GithubApp $github_app = null;
|
|
|
|
// Explicit properties
|
|
public string $name;
|
|
|
|
public ?string $organization = null;
|
|
|
|
public string $apiUrl;
|
|
|
|
public string $htmlUrl;
|
|
|
|
public string $customUser;
|
|
|
|
public int $customPort;
|
|
|
|
public ?int $appId = null;
|
|
|
|
public ?int $installationId = null;
|
|
|
|
public ?string $clientId = null;
|
|
|
|
public ?string $clientSecret = null;
|
|
|
|
public ?string $webhookSecret = null;
|
|
|
|
public bool $isSystemWide;
|
|
|
|
public ?int $privateKeyId = null;
|
|
|
|
public ?string $contents = null;
|
|
|
|
public ?string $metadata = null;
|
|
|
|
public ?string $pullRequests = null;
|
|
|
|
public $applications;
|
|
|
|
public $privateKeys;
|
|
|
|
protected $rules = [
|
|
'name' => 'required|string',
|
|
'organization' => 'nullable|string',
|
|
'apiUrl' => 'required|string',
|
|
'htmlUrl' => 'required|string',
|
|
'customUser' => 'required|string',
|
|
'customPort' => 'required|int',
|
|
'appId' => 'nullable|int',
|
|
'installationId' => 'nullable|int',
|
|
'clientId' => 'nullable|string',
|
|
'clientSecret' => 'nullable|string',
|
|
'webhookSecret' => 'nullable|string',
|
|
'isSystemWide' => 'required|bool',
|
|
'contents' => 'nullable|string',
|
|
'metadata' => 'nullable|string',
|
|
'pullRequests' => 'nullable|string',
|
|
'privateKeyId' => 'nullable|int',
|
|
];
|
|
|
|
public function boot()
|
|
{
|
|
if ($this->github_app) {
|
|
$this->github_app->makeVisible(['client_secret', 'webhook_secret']);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Sync data between component properties and model
|
|
*
|
|
* @param bool $toModel If true, sync FROM properties TO model. If false, sync FROM model TO properties.
|
|
*/
|
|
private function syncData(bool $toModel = false): void
|
|
{
|
|
if ($toModel) {
|
|
// Sync TO model (before save)
|
|
$this->github_app->name = $this->name;
|
|
$this->github_app->organization = $this->organization;
|
|
$this->github_app->api_url = $this->apiUrl;
|
|
$this->github_app->html_url = $this->htmlUrl;
|
|
$this->github_app->custom_user = $this->customUser;
|
|
$this->github_app->custom_port = $this->customPort;
|
|
$this->github_app->app_id = $this->appId;
|
|
$this->github_app->installation_id = $this->installationId;
|
|
$this->github_app->client_id = $this->clientId;
|
|
$this->github_app->client_secret = $this->clientSecret;
|
|
$this->github_app->webhook_secret = $this->webhookSecret;
|
|
$this->github_app->is_system_wide = $this->isSystemWide;
|
|
$this->github_app->private_key_id = $this->privateKeyId;
|
|
$this->github_app->contents = $this->contents;
|
|
$this->github_app->metadata = $this->metadata;
|
|
$this->github_app->pull_requests = $this->pullRequests;
|
|
} else {
|
|
// Sync FROM model (on load/refresh)
|
|
$this->name = $this->github_app->name;
|
|
$this->organization = $this->github_app->organization;
|
|
$this->apiUrl = $this->github_app->api_url;
|
|
$this->htmlUrl = $this->github_app->html_url;
|
|
$this->customUser = $this->github_app->custom_user;
|
|
$this->customPort = $this->github_app->custom_port;
|
|
$this->appId = $this->github_app->app_id;
|
|
$this->installationId = $this->github_app->installation_id;
|
|
$this->clientId = $this->github_app->client_id;
|
|
$this->clientSecret = $this->github_app->client_secret;
|
|
$this->webhookSecret = $this->github_app->webhook_secret;
|
|
$this->isSystemWide = $this->github_app->is_system_wide;
|
|
$this->privateKeyId = $this->github_app->private_key_id;
|
|
$this->contents = $this->github_app->contents;
|
|
$this->metadata = $this->github_app->metadata;
|
|
$this->pullRequests = $this->github_app->pull_requests;
|
|
}
|
|
}
|
|
|
|
public function checkPermissions()
|
|
{
|
|
try {
|
|
$this->authorize('view', $this->github_app);
|
|
|
|
// Validate required fields before attempting to fetch permissions
|
|
$missingFields = [];
|
|
|
|
if (! $this->github_app->app_id) {
|
|
$missingFields[] = 'App ID';
|
|
}
|
|
|
|
if (! $this->github_app->private_key_id) {
|
|
$missingFields[] = 'Private Key';
|
|
}
|
|
|
|
if (! empty($missingFields)) {
|
|
$fieldsList = implode(', ', $missingFields);
|
|
$this->dispatch('error', "Cannot fetch permissions. Please set the following required fields first: {$fieldsList}");
|
|
|
|
return;
|
|
}
|
|
|
|
// Verify the private key exists and is accessible
|
|
if (! $this->github_app->privateKey) {
|
|
$this->dispatch('error', 'Private Key not found. Please select a valid private key.');
|
|
|
|
return;
|
|
}
|
|
|
|
GithubAppPermissionJob::dispatchSync($this->github_app);
|
|
$this->github_app->refresh()->makeVisible('client_secret')->makeVisible('webhook_secret');
|
|
$this->dispatch('success', 'Github App permissions updated.');
|
|
} catch (\Throwable $e) {
|
|
// Provide better error message for unsupported key formats
|
|
$errorMessage = $e->getMessage();
|
|
if (str_contains($errorMessage, 'DECODER routines::unsupported') ||
|
|
str_contains($errorMessage, 'parse your key')) {
|
|
$this->dispatch('error', 'The selected private key format is not supported for GitHub Apps. <br><br>Please use an RSA private key in PEM format (BEGIN RSA PRIVATE KEY). <br><br>OpenSSH format keys (BEGIN OPENSSH PRIVATE KEY) are not supported.');
|
|
|
|
return;
|
|
}
|
|
|
|
return handleError($e, $this);
|
|
}
|
|
}
|
|
|
|
public function mount()
|
|
{
|
|
try {
|
|
$github_app_uuid = request()->github_app_uuid;
|
|
$this->github_app = GithubApp::ownedByCurrentTeam()->whereUuid($github_app_uuid)->firstOrFail();
|
|
$this->github_app->makeVisible(['client_secret', 'webhook_secret']);
|
|
$this->privateKeys = PrivateKey::ownedByCurrentTeamCached();
|
|
|
|
$this->applications = $this->github_app->applications;
|
|
$settings = instanceSettings();
|
|
|
|
// Sync data from model to properties
|
|
$this->syncData(false);
|
|
|
|
// Override name with kebab case for display
|
|
$this->name = str($this->github_app->name)->kebab();
|
|
$this->fqdn = $settings->fqdn;
|
|
|
|
if ($settings->public_ipv4) {
|
|
$this->ipv4 = 'http://'.$settings->public_ipv4.':'.config('app.port');
|
|
}
|
|
if ($settings->public_ipv6) {
|
|
$this->ipv6 = 'http://'.$settings->public_ipv6.':'.config('app.port');
|
|
}
|
|
if ($this->github_app->installation_id && session('from')) {
|
|
$source_id = data_get(session('from'), 'source_id');
|
|
if (! $source_id || $this->github_app->id !== $source_id) {
|
|
session()->forget('from');
|
|
} else {
|
|
$parameters = data_get(session('from'), 'parameters');
|
|
$back = data_get(session('from'), 'back');
|
|
$environment_uuid = data_get($parameters, 'environment_uuid');
|
|
$project_uuid = data_get($parameters, 'project_uuid');
|
|
$type = data_get($parameters, 'type');
|
|
$destination = data_get($parameters, 'destination');
|
|
session()->forget('from');
|
|
|
|
return redirect()->route($back, [
|
|
'environment_uuid' => $environment_uuid,
|
|
'project_uuid' => $project_uuid,
|
|
'type' => $type,
|
|
'destination' => $destination,
|
|
]);
|
|
}
|
|
}
|
|
$this->parameters = get_route_parameters();
|
|
if (isCloud() && ! isDev()) {
|
|
$this->webhook_endpoint = config('app.url');
|
|
} else {
|
|
$this->webhook_endpoint = $this->ipv4 ?? '';
|
|
$this->is_system_wide = $this->github_app->is_system_wide;
|
|
}
|
|
} catch (\Throwable $e) {
|
|
return handleError($e, $this);
|
|
}
|
|
}
|
|
|
|
public function getGithubAppNameUpdatePath()
|
|
{
|
|
if (str($this->github_app->organization)->isNotEmpty()) {
|
|
return "{$this->github_app->html_url}/organizations/{$this->github_app->organization}/settings/apps/{$this->github_app->name}";
|
|
}
|
|
|
|
return "{$this->github_app->html_url}/settings/apps/{$this->github_app->name}";
|
|
}
|
|
|
|
private function generateGithubJwt($private_key, $app_id): string
|
|
{
|
|
$configuration = Configuration::forAsymmetricSigner(
|
|
new Sha256,
|
|
InMemory::plainText($private_key),
|
|
InMemory::plainText($private_key)
|
|
);
|
|
|
|
$now = time();
|
|
|
|
return $configuration->builder()
|
|
->issuedBy((string) $app_id)
|
|
->permittedFor('https://api.github.com')
|
|
->identifiedBy((string) $now)
|
|
->issuedAt(new \DateTimeImmutable("@{$now}"))
|
|
->expiresAt(new \DateTimeImmutable('@'.($now + 600)))
|
|
->getToken($configuration->signer(), $configuration->signingKey())
|
|
->toString();
|
|
}
|
|
|
|
public function updateGithubAppName()
|
|
{
|
|
try {
|
|
$this->authorize('update', $this->github_app);
|
|
|
|
$privateKey = PrivateKey::ownedByCurrentTeam()->find($this->github_app->private_key_id);
|
|
|
|
if (! $privateKey) {
|
|
$this->dispatch('error', 'No private key found for this GitHub App.');
|
|
|
|
return;
|
|
}
|
|
|
|
$jwt = $this->generateGithubJwt($privateKey->private_key, $this->github_app->app_id);
|
|
|
|
$response = Http::withHeaders([
|
|
'Accept' => 'application/vnd.github+json',
|
|
'X-GitHub-Api-Version' => '2022-11-28',
|
|
'Authorization' => "Bearer {$jwt}",
|
|
])->get("{$this->github_app->api_url}/app");
|
|
|
|
if ($response->successful()) {
|
|
$app_data = $response->json();
|
|
$app_slug = $app_data['slug'] ?? null;
|
|
|
|
if ($app_slug) {
|
|
$this->github_app->name = $app_slug;
|
|
$this->name = str($app_slug)->kebab();
|
|
$privateKey->name = "github-app-{$app_slug}";
|
|
$privateKey->save();
|
|
$this->github_app->save();
|
|
$this->dispatch('success', 'GitHub App name and SSH key name synchronized successfully.');
|
|
} else {
|
|
$this->dispatch('info', 'Could not find App Name (slug) in GitHub response.');
|
|
}
|
|
} else {
|
|
$error_message = $response->json()['message'] ?? 'Unknown error';
|
|
$this->dispatch('error', "Failed to fetch GitHub App information: {$error_message}");
|
|
}
|
|
} catch (\Throwable $e) {
|
|
return handleError($e, $this);
|
|
}
|
|
}
|
|
|
|
public function submit()
|
|
{
|
|
try {
|
|
$this->authorize('update', $this->github_app);
|
|
|
|
$this->github_app->makeVisible('client_secret')->makeVisible('webhook_secret');
|
|
$this->validate();
|
|
|
|
$this->syncData(true);
|
|
$this->github_app->save();
|
|
$this->dispatch('success', 'Github App updated.');
|
|
} catch (\Throwable $e) {
|
|
return handleError($e, $this);
|
|
}
|
|
}
|
|
|
|
public function createGithubAppManually()
|
|
{
|
|
$this->authorize('update', $this->github_app);
|
|
|
|
$this->github_app->makeVisible('client_secret')->makeVisible('webhook_secret');
|
|
$this->github_app->app_id = 1234567890;
|
|
$this->github_app->installation_id = 1234567890;
|
|
$this->github_app->save();
|
|
|
|
// Redirect to avoid Livewire morphing issues when view structure changes
|
|
return redirect()->route('source.github.show', ['github_app_uuid' => $this->github_app->uuid])
|
|
->with('success', 'Github App updated. You can now configure the details.');
|
|
}
|
|
|
|
public function instantSave()
|
|
{
|
|
try {
|
|
$this->authorize('update', $this->github_app);
|
|
|
|
$this->github_app->makeVisible('client_secret')->makeVisible('webhook_secret');
|
|
|
|
$this->syncData(true);
|
|
$this->github_app->save();
|
|
$this->dispatch('success', 'Github App updated.');
|
|
} catch (\Throwable $e) {
|
|
return handleError($e, $this);
|
|
}
|
|
}
|
|
|
|
public function delete()
|
|
{
|
|
try {
|
|
$this->authorize('delete', $this->github_app);
|
|
|
|
if ($this->github_app->applications->isNotEmpty()) {
|
|
$this->dispatch('error', 'This source is being used by an application. Please delete all applications first.');
|
|
$this->github_app->makeVisible('client_secret')->makeVisible('webhook_secret');
|
|
|
|
return;
|
|
}
|
|
$this->github_app->delete();
|
|
|
|
return redirect()->route('source.all');
|
|
} catch (\Throwable $e) {
|
|
return handleError($e, $this);
|
|
}
|
|
}
|
|
}
|