disable public resource on repo purge

2024-05-02 15:41:43 -07:00 · 2024-05-02 15:41:43 -07:00 · 4a825ad4b7
parent 424a2f1964
commit 4a825ad4b7
3 changed files with 45 additions and 13 deletions
--- a/app/api/controller/repo/create.go
+++ b/app/api/controller/repo/create.go
@ -77,6 +77,11 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 		return nil, err
 	}

+	gitResp, isEmpty, err := c.createGitRepository(ctx, session, in)
+	if err != nil {
+		return nil, fmt.Errorf("error creating repository on git: %w", err)
+	}
+
 	var repo *types.Repository
 	err = c.tx.WithTx(ctx, func(ctx context.Context) error {
 		if err := c.resourceLimiter.RepoCount(ctx, parentSpace.ID, 1); err != nil {
@ -89,11 +94,6 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 			return fmt.Errorf("failed to find the parent space: %w", err)
 		}

-		gitResp, isEmpty, err := c.createGitRepository(ctx, session, in)
-		if err != nil {
-			return fmt.Errorf("error creating repository on git: %w", err)
-		}
-
 		now := time.Now().UnixMilli()
 		repo = &types.Repository{
 			Version:       0,
@ -108,6 +108,7 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 			DefaultBranch: in.DefaultBranch,
 			IsEmpty:       isEmpty,
 		}
+
 		err = c.repoStore.Create(ctx, repo)
 		if err != nil {
 			if dErr := c.DeleteGitRepository(ctx, session, repo); dErr != nil {
@ -116,18 +117,21 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 			return fmt.Errorf("failed to create repository in storage: %w", err)
 		}

-		if in.IsPublic && c.publicResourceCreationEnabled {
-			if err = c.SetPublicRepo(ctx, repo); err != nil {
-				return fmt.Errorf("failed to set a public resource: %w", err)
-			}
-		}
-
 		return nil
 	}, sql.TxOptions{Isolation: sql.LevelSerializable})
 	if err != nil {
 		return nil, err
 	}

+	if in.IsPublic && c.publicResourceCreationEnabled {
+		if err = c.SetPublicRepo(ctx, repo); err != nil {
+			if dErr := c.PurgeNoAuth(ctx, session, repo); dErr != nil {
+				log.Ctx(ctx).Warn().Err(dErr).Msg("failed to purge repo for cleanup")
+			}
+			return nil, fmt.Errorf("failed to set a public resource: %w", err)
+		}
+	}
+
 	// backfil GitURL
 	repo.GitURL = c.urlProvider.GenerateGITCloneURL(repo.Path)

--- a/app/api/controller/repo/purge.go
+++ b/app/api/controller/repo/purge.go
@ -23,6 +23,7 @@ import (
 	"github.com/harness/gitness/app/api/usererror"
 	"github.com/harness/gitness/app/auth"
 	repoevents "github.com/harness/gitness/app/events/repo"
+	"github.com/harness/gitness/app/paths"
 	"github.com/harness/gitness/errors"
 	"github.com/harness/gitness/git"
 	"github.com/harness/gitness/types"
@ -72,6 +73,17 @@ func (c *Controller) PurgeNoAuth(
 		}
 	}

+	isPublic, err := apiauth.CheckRepoIsPublic(ctx, c.publicAccess, repo)
+	if err != nil {
+		log.Ctx(ctx).Err(err).Msg("failed to check repo public access")
+	}
+
+	if isPublic {
+		if err := c.disablePublicRepo(ctx, repo); err != nil {
+			log.Ctx(ctx).Err(err).Msg("failed to disable repo public access")
+		}
+	}
+
 	if err := c.repoStore.Purge(ctx, repo.ID, repo.Deleted); err != nil {
 		return fmt.Errorf("failed to delete repo from db: %w", err)
 	}
@ -112,3 +124,18 @@ func (c *Controller) DeleteGitRepository(
 	}
 	return nil
 }
+
+func (c *Controller) disablePublicRepo(ctx context.Context, repo *types.Repository) error {
+	parentSpace, name, err := paths.DisectLeaf(repo.Path)
+	if err != nil {
+		return fmt.Errorf("failed to disect path '%s': %w", repo.Path, err)
+	}
+
+	scope := &types.Scope{SpacePath: parentSpace}
+	resource := &types.Resource{
+		Type:       enum.ResourceTypeRepo,
+		Identifier: name,
+	}
+
+	return c.publicAccess.Set(ctx, scope, resource, false)
+}
--- a/app/api/controller/repo/update.go
+++ b/app/api/controller/repo/update.go
@ -72,8 +72,6 @@ func (c *Controller) Update(ctx context.Context,
 		return nil, err
 	}

-	// backfill repo url
-	repo.Repository.GitURL = c.urlProvider.GenerateGITCloneURL(repo.Repository.Path)
 	isPublic, err := apiauth.CheckRepoIsPublic(ctx, c.publicAccess, repoBase)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get resource public access mode: %w", err)
@ -96,6 +94,9 @@ func (c *Controller) Update(ctx context.Context,
 		log.Ctx(ctx).Warn().Msgf("failed to insert audit log for update repository operation: %s", err)
 	}

+	// backfill repo url
+	repo.Repository.GitURL = c.urlProvider.GenerateGITCloneURL(repo.Repository.Path)
+
 	return repo, nil
 }