githubConnect starts an installation flow of the Github App. It's implemented as a non-gRPC endpoint mounted directly on /github/connect. It redirects the user to Github to authorize Rill to access one or more repositories. After the Github flow completes, the user is redirected back to githubConnec
(w http.ResponseWriter, r *http.Request)
| 529 | // It redirects the user to Github to authorize Rill to access one or more repositories. |
| 530 | // After the Github flow completes, the user is redirected back to githubConnectCallback. |
| 531 | func (s *Server) githubConnect(w http.ResponseWriter, r *http.Request) { |
| 532 | // Check the request is made by an authenticated user |
| 533 | claims := auth.GetClaims(r.Context()) |
| 534 | if claims.OwnerType() != auth.OwnerTypeUser { |
| 535 | // redirect to the auth site, with a redirect back to here after successful auth. |
| 536 | s.redirectLogin(w, r) |
| 537 | return |
| 538 | } |
| 539 | |
| 540 | query := r.URL.Query() |
| 541 | |
| 542 | remote := query.Get("remote") // May not be set |
| 543 | redirect, err := url.QueryUnescape(query.Get("redirect")) |
| 544 | if err != nil { |
| 545 | http.Error(w, fmt.Sprintf("failed to unescape redirect param: %s", err.Error()), http.StatusInternalServerError) |
| 546 | return |
| 547 | } |
| 548 | // Ignore escape error, param will be omitted. |
| 549 | |
| 550 | // Redirect to Github App for installation |
| 551 | redirectURL, err := s.githubAppInstallationURL(githubConnectState{ |
| 552 | Remote: remote, |
| 553 | Redirect: redirect, |
| 554 | }) |
| 555 | if err != nil { |
| 556 | http.Error(w, fmt.Sprintf("failed to create redirect url: %s", err.Error()), http.StatusInternalServerError) |
| 557 | return |
| 558 | } |
| 559 | |
| 560 | http.Redirect(w, r, redirectURL, http.StatusTemporaryRedirect) |
| 561 | } |
| 562 | |
| 563 | // githubConnectCallback is called after a Github App authorization flow initiated by githubConnect has completed. |
| 564 | // This call can originate from users who are not logged in in cases like admin user accepting installation request, removing existing installation etc. |
nothing calls this directly
no test coverage detected