Merge pull request #4754 from coollabsio/improve-git-and-service-provider

Improves: GitHub handling, AppServiceProvider and 500 error message rendering
2025-01-16 21:09:08 +01:00
parent f997872738 dd897a11fd
commit 3c83c7fd6c
13 changed files with 393 additions and 78 deletions
--- a/app/Jobs/GithubAppPermissionJob.php
+++ b/app/Jobs/GithubAppPermissionJob.php
@@ -27,19 +27,28 @@ class GithubAppPermissionJob implements ShouldBeEncrypted, ShouldQueue
    public function handle()
    {
        try {
-            $github_access_token = generate_github_jwt_token($this->github_app);
+            $github_access_token = generateGithubJwt($this->github_app);
+
            $response = Http::withHeaders([
                'Authorization' => "Bearer $github_access_token",
                'Accept' => 'application/vnd.github+json',
            ])->get("{$this->github_app->api_url}/app");
+
+            if (! $response->successful()) {
+                throw new \RuntimeException('Failed to fetch GitHub app permissions: '.$response->body());
+            }
+
            $response = $response->json();
            $permissions = data_get($response, 'permissions');
+
            $this->github_app->contents = data_get($permissions, 'contents');
            $this->github_app->metadata = data_get($permissions, 'metadata');
            $this->github_app->pull_requests = data_get($permissions, 'pull_requests');
            $this->github_app->administration = data_get($permissions, 'administration');
+
            $this->github_app->save();
            $this->github_app->makeVisible('client_secret')->makeVisible('webhook_secret');
+
        } catch (\Throwable $e) {
            send_internal_notification('GithubAppPermissionJob failed with: '.$e->getMessage());
            throw $e;
--- a/app/Livewire/Project/New/GithubPrivateRepository.php
+++ b/app/Livewire/Project/New/GithubPrivateRepository.php
@@ -105,7 +105,7 @@ class GithubPrivateRepository extends Component
        $this->page = 1;
        $this->selected_github_app_id = $github_app_id;
        $this->github_app = GithubApp::where('id', $github_app_id)->first();
-        $this->token = generate_github_installation_token($this->github_app);
+        $this->token = generateGithubInstallationToken($this->github_app);
        $this->loadRepositoryByPage();
        if ($this->repositories->count() < $this->total_repositories_count) {
            while ($this->repositories->count() < $this->total_repositories_count) {
--- a/app/Livewire/Source/Github/Change.php
+++ b/app/Livewire/Source/Github/Change.php
@@ -76,7 +76,7 @@ class Change extends Component
    // Need administration:read:write permission
    // https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#list-self-hosted-runners-for-a-repository

-    //     $github_access_token = generate_github_installation_token($this->github_app);
+    //     $github_access_token = generateGithubInstallationToken($this->github_app);
    //     $repositories = Http::withToken($github_access_token)->get("{$this->github_app->api_url}/installation/repositories?per_page=100");
    //     $runners_by_repository = collect([]);
    //     $repositories = $repositories->json()['repositories'];
--- a/app/Models/Application.php
+++ b/app/Models/Application.php
@@ -999,7 +999,7 @@ class Application extends BaseModel
                    $fullRepoUrl = "{$this->source->html_url}/{$customRepository}";
                    $base_command = "{$base_command} {$this->source->html_url}/{$customRepository}";
                } else {
-                    $github_access_token = generate_github_installation_token($this->source);
+                    $github_access_token = generateGithubInstallationToken($this->source);

                    if ($exec_in_docker) {
                        $base_command = "{$base_command} $source_html_url_scheme://x-access-token:$github_access_token@$source_html_url_host/{$customRepository}.git";
@@ -1111,7 +1111,7 @@ class Application extends BaseModel
                        $commands->push($git_clone_command);
                    }
                } else {
-                    $github_access_token = generate_github_installation_token($this->source);
+                    $github_access_token = generateGithubInstallationToken($this->source);
                    if ($exec_in_docker) {
                        $git_clone_command = "{$git_clone_command} $source_html_url_scheme://x-access-token:$github_access_token@$source_html_url_host/{$customRepository}.git {$baseDir}";
                        $fullRepoUrl = "$source_html_url_scheme://x-access-token:$github_access_token@$source_html_url_host/{$customRepository}.git";
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -3,37 +3,68 @@
 namespace App\Providers;

 use App\Models\PersonalAccessToken;
-use Illuminate\Support\Facades\Event;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Facades\App;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Http;
 use Illuminate\Support\ServiceProvider;
 use Illuminate\Validation\Rules\Password;
 use Laravel\Sanctum\Sanctum;
+use Laravel\Telescope\TelescopeServiceProvider;

 class AppServiceProvider extends ServiceProvider
 {
    public function register(): void
    {
-        if ($this->app->environment('local')) {
-            $this->app->register(\Laravel\Telescope\TelescopeServiceProvider::class);
+        if (App::isLocal()) {
+            $this->app->register(TelescopeServiceProvider::class);
        }
    }

    public function boot(): void
    {
-        Event::listen(function (\SocialiteProviders\Manager\SocialiteWasCalled $event) {
-            $event->extendSocialite('authentik', \SocialiteProviders\Authentik\Provider::class);
-        });
-        Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class);
+        $this->configureCommands();
+        $this->configureModels();
+        $this->configurePasswords();
+        $this->configureSanctumModel();
+        $this->configureGitHubHttp();
+    }

+    private function configureCommands(): void
+    {
+        if (App::isProduction()) {
+            DB::prohibitDestructiveCommands();
+        }
+    }
+
+    private function configureModels(): void
+    {
+        // Disabled because it's causing issues with the application
+        // Model::shouldBeStrict();
+    }
+
+    private function configurePasswords(): void
+    {
        Password::defaults(function () {
-            $rule = Password::min(8);
-
-            return $this->app->isProduction()
-                ? $rule->mixedCase()->letters()->numbers()->symbols()
-                : $rule;
+            return App::isProduction()
+                ? Password::min(8)
+                    ->mixedCase()
+                    ->letters()
+                    ->numbers()
+                    ->symbols()
+                    ->uncompromised()
+                : Password::min(8)->letters();
        });
+    }

-        Http::macro('github', function (string $api_url, ?string $github_access_token = null) {
+    private function configureSanctumModel(): void
+    {
+        Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class);
+    }
+
+    private function configureGitHubHttp(): void
+    {
+        Http::macro('GitHub', function (string $api_url, ?string $github_access_token = null) {
            if ($github_access_token) {
                return Http::withHeaders([
                    'X-GitHub-Api-Version' => '2022-11-28',