gitpod-io
diff --git a/‎components/gitpod-protocol/src/public-api-converter.ts
Lines changed: 102 additions & 24 deletions b/‎components/gitpod-protocol/src/public-api-converter.ts
Lines changed: 102 additions & 24 deletions
diff --git a/‎components/server/src/api/auth-provider-service-api.ts
Lines changed: 189 additions & 0 deletions b/‎components/server/src/api/auth-provider-service-api.ts
Lines changed: 189 additions & 0 deletions
@@ -4,8 +4,26 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import { Code, ConnectError } from "@connectrpc/connect";
 import { Timestamp } from "@bufbuild/protobuf";
+import { Code, ConnectError } from "@connectrpc/connect";
+import {
+    AuthProvider,
+    AuthProviderDescription,
+    AuthProviderType,
+    OAuth2Config,
+} from "@gitpod/public-api/lib/gitpod/v1/authprovider_pb";
+import {
+    BranchMatchingStrategy,
+    Configuration,
+    PrebuildSettings,
+    WorkspaceSettings,
+} from "@gitpod/public-api/lib/gitpod/v1/configuration_pb";
+import {
+    Organization,
+    OrganizationMember,
+    OrganizationRole,
+    OrganizationSettings,
+} from "@gitpod/public-api/lib/gitpod/v1/organization_pb";
 import {
     AdmissionLevel,
     EditorReference,
@@ -20,45 +38,35 @@ import {
     WorkspacePort_Protocol,
     WorkspaceStatus,
 } from "@gitpod/public-api/lib/gitpod/v1/workspace_pb";
-import {
-    Organization,
-    OrganizationMember,
-    OrganizationRole,
-    OrganizationSettings,
-} from "@gitpod/public-api/lib/gitpod/v1/organization_pb";
-import {
-    BranchMatchingStrategy,
-    Configuration,
-    PrebuildSettings,
-    WorkspaceSettings,
-} from "@gitpod/public-api/lib/gitpod/v1/configuration_pb";
+import { ContextURL } from "./context-url";
 import { ApplicationError, ErrorCode, ErrorCodes } from "./messaging/error";
 import {
+    AuthProviderEntry as AuthProviderProtocol,
+    AuthProviderInfo,
     CommitContext,
     EnvVarWithValue,
+    Workspace as ProtocolWorkspace,
     WithEnvvarsContext,
     WithPrebuild,
     WorkspaceContext,
     WorkspaceInfo,
-    Workspace as ProtocolWorkspace,
 } from "./protocol";
+import {
+    OrgMemberInfo,
+    OrgMemberRole,
+    OrganizationSettings as OrganizationSettingsProtocol,
+    PrebuildSettings as PrebuildSettingsProtocol,
+    Project,
+    Organization as ProtocolOrganization,
+} from "./teams-projects-protocol";
+import { TrustedValue } from "./util/scrubbing";
 import {
     ConfigurationIdeConfig,
     PortProtocol,
     WorkspaceInstance,
     WorkspaceInstanceConditions,
     WorkspaceInstancePort,
 } from "./workspace-instance";
-import { ContextURL } from "./context-url";
-import { TrustedValue } from "./util/scrubbing";
-import {
-    Organization as ProtocolOrganization,
-    OrgMemberInfo,
-    OrgMemberRole,
-    OrganizationSettings as OrganizationSettingsProtocol,
-    Project,
-    PrebuildSettings as PrebuildSettingsProtocol,
-} from "./teams-projects-protocol";
 
 const applicationErrorCode = "application-error-code";
 const applicationErrorData = "application-error-data";
@@ -427,4 +435,74 @@ export class PublicAPIConverter {
         }
         return result;
     }
+
+    toAuthProviderDescription(ap: AuthProviderInfo): AuthProviderDescription {
+        const result = new AuthProviderDescription({
+            id: ap.authProviderId,
+            host: ap.host,
+            type: this.toAuthProviderType(ap.authProviderType),
+        });
+        return result;
+    }
+
+    toAuthProvider(ap: AuthProviderProtocol): AuthProvider {
+        const result = new AuthProvider({
+            id: ap.id,
+            host: ap.host,
+            type: this.toAuthProviderType(ap.type),
+            verified: ap.status === "verified",
+            settingsUrl: ap.oauth?.settingsUrl,
+            scopes: ap.oauth?.scope?.split(ap.oauth?.scopeSeparator || " ") || [],
+        });
+        if (ap.organizationId) {
+            result.owner = {
+                case: "organizationId",
+                value: ap.organizationId,
+            };
+        } else {
+            result.owner = {
+                case: "ownerId",
+                value: ap.ownerId,
+            };
+        }
+        result.oauth2Config = this.toOAuth2Config(ap);
+        return result;
+    }
+
+    toOAuth2Config(ap: AuthProviderProtocol): OAuth2Config {
+        return new OAuth2Config({
+            clientId: ap.oauth?.clientId,
+            clientSecret: ap.oauth?.clientSecret,
+        });
+    }
+
+    toAuthProviderType(type: string): AuthProviderType {
+        switch (type) {
+            case "GitHub":
+                return AuthProviderType.GITHUB;
+            case "GitLab":
+                return AuthProviderType.GITLAB;
+            case "Bitbucket":
+                return AuthProviderType.BITBUCKET;
+            case "BitbucketServer":
+                return AuthProviderType.BITBUCKET_SERVER;
+            default:
+                return AuthProviderType.UNSPECIFIED; // not allowed
+        }
+    }
+
+    fromAuthProviderType(type: AuthProviderType): string {
+        switch (type) {
+            case AuthProviderType.GITHUB:
+                return "GitHub";
+            case AuthProviderType.GITLAB:
+                return "GitLab";
+            case AuthProviderType.BITBUCKET:
+                return "Bitbucket";
+            case AuthProviderType.BITBUCKET_SERVER:
+                return "BitbucketServer";
+            default:
+                return ""; // not allowed
+        }
+    }
 }
@@ -0,0 +1,189 @@
+/**
+ * Copyright (c) 2023 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { Code, ConnectError, HandlerContext, ServiceImpl } from "@connectrpc/connect";
+import { AuthProviderService as AuthProviderServiceInterface } from "@gitpod/public-api/lib/gitpod/v1/authprovider_connect";
+import { inject, injectable } from "inversify";
+import { PublicAPIConverter } from "@gitpod/gitpod-protocol/lib/public-api-converter";
+import {
+    CreateAuthProviderRequest,
+    CreateAuthProviderResponse,
+    GetAuthProviderRequest,
+    GetAuthProviderResponse,
+    ListAuthProvidersRequest,
+    ListAuthProvidersResponse,
+    ListAuthProviderDescriptionsRequest,
+    ListAuthProviderDescriptionsResponse,
+    UpdateAuthProviderRequest,
+    UpdateAuthProviderResponse,
+    DeleteAuthProviderRequest,
+    DeleteAuthProviderResponse,
+} from "@gitpod/public-api/lib/gitpod/v1/authprovider_pb";
+import { AuthProviderService } from "../auth/auth-provider-service";
+import { AuthProviderEntry, AuthProviderInfo } from "@gitpod/gitpod-protocol";
+import { Unauthenticated } from "./unauthenticated";
+
+@injectable()
+export class AuthProviderServiceAPI implements ServiceImpl<typeof AuthProviderServiceInterface> {
+    constructor(
+        @inject(PublicAPIConverter) private readonly apiConverter: PublicAPIConverter,
+        @inject(AuthProviderService) private readonly authProviderService: AuthProviderService,
+    ) {}
+
+    async createAuthProvider(
+        request: CreateAuthProviderRequest,
+        context: HandlerContext,
+    ): Promise<CreateAuthProviderResponse> {
+        const ownerId = request.owner.case === "ownerId" ? request.owner.value : undefined;
+        const organizationId = request.owner.case === "organizationId" ? request.owner.value : undefined;
+
+        if (!organizationId && !ownerId) {
+            throw new ConnectError("organizationId or ownerId is required", Code.InvalidArgument);
+        }
+
+        if (organizationId) {
+            const result = await this.authProviderService.createOrgAuthProvider(context.user.id, {
+                organizationId,
+                host: request.host,
+                ownerId: context.user.id,
+                type: this.apiConverter.fromAuthProviderType(request.type),
+                clientId: request.oauth2Config?.clientId,
+                clientSecret: request.oauth2Config?.clientSecret,
+            });
+
+            return new CreateAuthProviderResponse({ authProvider: this.apiConverter.toAuthProvider(result) });
+        } else {
+            const result = await this.authProviderService.createAuthProviderOfUser(context.user.id, {
+                host: request.host,
+                ownerId: context.user.id,
+                type: this.apiConverter.fromAuthProviderType(request.type),
+                clientId: request.oauth2Config?.clientId,
+                clientSecret: request.oauth2Config?.clientSecret,
+            });
+
+            return new CreateAuthProviderResponse({ authProvider: this.apiConverter.toAuthProvider(result) });
+        }
+    }
+    async getAuthProvider(request: GetAuthProviderRequest, context: HandlerContext): Promise<GetAuthProviderResponse> {
+        if (!request.authProviderId) {
+            throw new ConnectError("authProviderId is required", Code.InvalidArgument);
+        }
+
+        const authProvider = await this.authProviderService.getAuthProvider(context.user.id, request.authProviderId);
+        if (!authProvider) {
+            throw new ConnectError("Provider not found.", Code.NotFound);
+        }
+
+        return new GetAuthProviderResponse({
+            authProvider: this.apiConverter.toAuthProvider(authProvider),
+        });
+    }
+
+    async listAuthProviders(
+        request: ListAuthProvidersRequest,
+        context: HandlerContext,
+    ): Promise<ListAuthProvidersResponse> {
+        const target = request.id;
+        const ownerId = target.case === "userId" ? target.value : undefined;
+        const organizationId = target.case === "organizationId" ? target.value : undefined;
+
+        if (!organizationId && !ownerId) {
+            throw new ConnectError("organizationId or ownerId is required", Code.InvalidArgument);
+        }
+
+        const authProviders = organizationId
+            ? await this.authProviderService.getAuthProvidersOfOrg(context.user.id, organizationId)
+            : await this.authProviderService.getAuthProvidersOfUser(context.user.id);
+
+        const redacted = authProviders.map(AuthProviderEntry.redact.bind(AuthProviderEntry));
+
+        const result = new ListAuthProvidersResponse({
+            authProviders: redacted.map((ap) => this.apiConverter.toAuthProvider(ap)),
+        });
+        return result;
+    }
+
+    /**
+     * Listing descriptions of auth providers doesn't require authentication.
+     */
+    @Unauthenticated()
+    async listAuthProviderDescriptions(
+        _request: ListAuthProviderDescriptionsRequest,
+        context: HandlerContext,
+    ): Promise<ListAuthProviderDescriptionsResponse> {
+        const user = context.user;
+        const aps = user
+            ? await this.authProviderService.getAuthProviderDescriptions(user)
+            : await this.authProviderService.getAuthProviderDescriptionsUnauthenticated();
+
+        return new ListAuthProviderDescriptionsResponse({
+            descriptions: aps.map((ap: AuthProviderInfo) => this.apiConverter.toAuthProviderDescription(ap)),
+        });
+    }
+
+    async updateAuthProvider(
+        request: UpdateAuthProviderRequest,
+        context: HandlerContext,
+    ): Promise<UpdateAuthProviderResponse> {
+        if (!request.authProviderId) {
+            throw new ConnectError("authProviderId is required", Code.InvalidArgument);
+        }
+        const clientId = request.clientId;
+        const clientSecret = request.clientSecret;
+        if (!clientId || typeof clientSecret === "undefined") {
+            throw new ConnectError("clientId or clientSecret are required", Code.InvalidArgument);
+        }
+
+        const authProvider = await this.authProviderService.getAuthProvider(context.user.id, request.authProviderId);
+        if (!authProvider) {
+            throw new ConnectError("Provider not found.", Code.NotFound);
+        }
+
+        if (authProvider.organizationId) {
+            await this.authProviderService.updateOrgAuthProvider(context.user.id, {
+                id: request.authProviderId,
+                organizationId: authProvider.organizationId,
+                clientId: clientId,
+                clientSecret: clientSecret,
+            });
+        } else {
+            await this.authProviderService.updateAuthProviderOfUser(context.user.id, {
+                id: request.authProviderId,
+                ownerId: context.user.id,
+                clientId: clientId,
+                clientSecret: clientSecret,
+            });
+        }
+
+        return new UpdateAuthProviderResponse();
+    }
+
+    async deleteAuthProvider(
+        request: DeleteAuthProviderRequest,
+        context: HandlerContext,
+    ): Promise<DeleteAuthProviderResponse> {
+        if (!request.authProviderId) {
+            throw new ConnectError("authProviderId is required", Code.InvalidArgument);
+        }
+
+        const authProvider = await this.authProviderService.getAuthProvider(context.user.id, request.authProviderId);
+        if (!authProvider) {
+            throw new ConnectError("Provider not found.", Code.NotFound);
+        }
+
+        if (authProvider.organizationId) {
+            await this.authProviderService.deleteAuthProviderOfOrg(
+                context.user.id,
+                authProvider.organizationId,
+                request.authProviderId,
+            );
+        } else {
+            await this.authProviderService.deleteAuthProviderOfUser(context.user.id, request.authProviderId);
+        }
+
+        return new DeleteAuthProviderResponse();
+    }
+}