[server] createProject should not query all repositories

except for github.com when using the GitHub App.

Author: AlexTugarev

components/server/src/projects/projects-service.ts

@@ -26,6 +26,7 @@ import { ErrorCodes, ApplicationError } from "@gitpod/gitpod-protocol/lib/messag
 import { URL } from "url";
 import { Authorizer } from "../authorization/authorizer";
 import { TransactionalContext } from "@gitpod/gitpod-db/lib/typeorm/transactional-db-impl";
+import { GitHubAppSupport } from "../github/github-app-support";
 
 @injectable()
 export class ProjectsService {
@@ -37,6 +38,7 @@ export class ProjectsService {
         @inject(IAnalyticsWriter) private readonly analytics: IAnalyticsWriter,
         @inject(WebhookEventDB) private readonly webhookEventDB: WebhookEventDB,
         @inject(Authorizer) private readonly auth: Authorizer,
+        @inject(GitHubAppSupport) private readonly githubAppSupport: GitHubAppSupport,
     ) {}
 
     async getProject(userId: string, projectId: string): Promise<Project> {
@@ -194,6 +196,40 @@ export class ProjectsService {
         return result;
     }
 
+    async canCreateProject(currentUser: User, cloneURL: string) {
+        try {
+            const parsedUrl = RepoURL.parseRepoUrl(cloneURL);
+            const hostContext = parsedUrl?.host ? this.hostContextProvider.get(parsedUrl?.host) : undefined;
+            const authProvider = hostContext && hostContext.authProvider.info;
+            const type = authProvider && authProvider.authProviderType;
+            const host = authProvider?.host;
+            if (!type || !host) {
+                throw Error("Unknown host: " + parsedUrl?.host);
+            }
+            if (
+                type === "GitLab" ||
+                type === "Bitbucket" ||
+                type === "BitbucketServer" ||
+                (type === "GitHub" && (host !== "github.com" || !this.config.githubApp?.enabled))
+            ) {
+                const repositoryService = hostContext?.services?.repositoryService;
+                if (repositoryService) {
+                    return await repositoryService.canInstallAutomatedPrebuilds(currentUser, cloneURL);
+                }
+            }
+            if (host === "github.com" && this.config.githubApp?.enabled) {
+                const availableRepositories = await this.githubAppSupport.getProviderRepositoriesForUser({
+                    user: currentUser,
+                    provider: "github.com",
+                });
+                return availableRepositories.some((r) => r.cloneUrl === cloneURL);
+            }
+        } catch (error) {
+            log.error("Failed to check precondition for creating a project.");
+        }
+        return false;
+    }
+
     async createProject(
         { name, slug, cloneUrl, teamId, appInstallationId }: CreateProjectParams,
         installer: User,

components/server/src/workspace/gitpod-server-impl.ts

@@ -2788,16 +2788,13 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         await this.auth.checkPermissionOnOrganization(user.id, "create_project", params.teamId);
 
         // Check if provided clone URL is accessible for the current user, and user has admin permissions.
-        let url;
         try {
-            url = new URL(params.cloneUrl);
+            new URL(params.cloneUrl);
         } catch (err) {
             throw new ApplicationError(ErrorCodes.BAD_REQUEST, "Clone URL must be a valid URL.");
         }
-        const availableRepositories = await this.getProviderRepositoriesForUser(ctx, { provider: url.host });
-        if (!availableRepositories.some((r) => r.cloneUrl === params.cloneUrl)) {
-            // The error message is derived from internals of `getProviderRepositoriesForUser` and
-            // `getRepositoriesForAutomatedPrebuilds`, which require admin permissions to be present.
+        const canCreateProject = await this.projectsService.canCreateProject(user, params.cloneUrl);
+        if (!canCreateProject) {
             throw new ApplicationError(
                 ErrorCodes.BAD_REQUEST,
                 "Repository URL seems to be inaccessible, or admin permissions are missing.",