|
| 1 | +/** |
| 2 | + * Copyright (c) 2023 Gitpod GmbH. All rights reserved. |
| 3 | + * Licensed under the GNU Affero General Public License (AGPL). |
| 4 | + * See License.AGPL.txt in the project root for license information. |
| 5 | + */ |
| 6 | + |
| 7 | +import { AuthProviderType } from "@gitpod/public-api/lib/gitpod/v1/authprovider_pb"; |
| 8 | + |
| 9 | +export namespace GitLabScope { |
| 10 | + export const READ_USER = "read_user"; |
| 11 | + export const API = "api"; |
| 12 | + export const READ_REPO = "read_repository"; |
| 13 | + |
| 14 | + export const All = [READ_USER, API, READ_REPO]; |
| 15 | + export const Requirements = { |
| 16 | + /** |
| 17 | + * Minimal required permission. |
| 18 | + * GitLab API usage requires the permission of a user. |
| 19 | + */ |
| 20 | + DEFAULT: [READ_USER, API], |
| 21 | + |
| 22 | + REPO: [API, READ_REPO], |
| 23 | + }; |
| 24 | +} |
| 25 | + |
| 26 | +export namespace GitHubScope { |
| 27 | + export const EMAIL = "user:email"; |
| 28 | + export const READ_USER = "read:user"; |
| 29 | + export const PUBLIC = "public_repo"; |
| 30 | + export const PRIVATE = "repo"; |
| 31 | + export const ORGS = "read:org"; |
| 32 | + export const WORKFLOW = "workflow"; |
| 33 | + |
| 34 | + export const All = [EMAIL, READ_USER, PUBLIC, PRIVATE, ORGS, WORKFLOW]; |
| 35 | + export const Requirements = { |
| 36 | + /** |
| 37 | + * Minimal required permission. |
| 38 | + * GitHub's API is not restricted any further. |
| 39 | + */ |
| 40 | + DEFAULT: [EMAIL], |
| 41 | + |
| 42 | + PUBLIC_REPO: [PUBLIC], |
| 43 | + PRIVATE_REPO: [PRIVATE], |
| 44 | + }; |
| 45 | +} |
| 46 | + |
| 47 | +export namespace BitbucketOAuthScopes { |
| 48 | + // https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html |
| 49 | + |
| 50 | + /** Read user info like name, e-mail adresses etc. */ |
| 51 | + export const ACCOUNT_READ = "account"; |
| 52 | + /** Access repo info, clone repo over https, read and write issues */ |
| 53 | + export const REPOSITORY_READ = "repository"; |
| 54 | + /** Push over https, fork repo */ |
| 55 | + export const REPOSITORY_WRITE = "repository:write"; |
| 56 | + /** Lists and read pull requests */ |
| 57 | + export const PULL_REQUEST_READ = "pullrequest"; |
| 58 | + /** Create, comment and merge pull requests */ |
| 59 | + export const PULL_REQUEST_WRITE = "pullrequest:write"; |
| 60 | + /** Create, list web hooks */ |
| 61 | + export const WEBHOOK = "webhook"; |
| 62 | + |
| 63 | + export const ALL = [ |
| 64 | + ACCOUNT_READ, |
| 65 | + REPOSITORY_READ, |
| 66 | + REPOSITORY_WRITE, |
| 67 | + PULL_REQUEST_READ, |
| 68 | + PULL_REQUEST_WRITE, |
| 69 | + WEBHOOK, |
| 70 | + ]; |
| 71 | + |
| 72 | + export const Requirements = { |
| 73 | + /** |
| 74 | + * Minimal required permission. |
| 75 | + */ |
| 76 | + DEFAULT: ALL, |
| 77 | + }; |
| 78 | +} |
| 79 | + |
| 80 | +export namespace BitbucketServerOAuthScopes { |
| 81 | + // https://confluence.atlassian.com/bitbucketserver/bitbucket-oauth-2-0-provider-api-1108483661.html#BitbucketOAuth2.0providerAPI-scopesScopes |
| 82 | + |
| 83 | + /** View projects and repositories that are publicly accessible, including pulling code and cloning repositories. */ |
| 84 | + export const PUBLIC_REPOS = "PUBLIC_REPOS"; |
| 85 | + /** View projects and repositories the user account can view, including pulling code, cloning, and forking repositories. Create and comment on pull requests. */ |
| 86 | + export const REPO_READ = "REPO_READ"; |
| 87 | + /** Push over https, fork repo */ |
| 88 | + export const REPO_WRITE = "REPO_WRITE"; |
| 89 | + |
| 90 | + export const REPO_ADMIN = "REPO_ADMIN"; |
| 91 | + export const PROJECT_ADMIN = "PROJECT_ADMIN"; |
| 92 | + |
| 93 | + export const ALL = [PUBLIC_REPOS, REPO_READ, REPO_WRITE, REPO_ADMIN, PROJECT_ADMIN]; |
| 94 | + |
| 95 | + export const Requirements = { |
| 96 | + /** |
| 97 | + * Minimal required permission. |
| 98 | + */ |
| 99 | + DEFAULT: ALL, |
| 100 | + }; |
| 101 | +} |
| 102 | + |
| 103 | +export function getScopesForAuthProviderType(type: AuthProviderType | string) { |
| 104 | + switch (type) { |
| 105 | + case AuthProviderType.GITHUB: |
| 106 | + case "GitHub": |
| 107 | + return GitHubScope.All; |
| 108 | + case AuthProviderType.GITLAB: |
| 109 | + case "GitLab": |
| 110 | + return GitLabScope.All; |
| 111 | + case AuthProviderType.BITBUCKET: |
| 112 | + case "Bitbucket": |
| 113 | + return BitbucketOAuthScopes.ALL; |
| 114 | + case AuthProviderType.BITBUCKET_SERVER: |
| 115 | + case "BitbucketServer": |
| 116 | + return BitbucketServerOAuthScopes.ALL; |
| 117 | + } |
| 118 | +} |
| 119 | + |
| 120 | +export function getRequiredScopes(type: AuthProviderType | string) { |
| 121 | + switch (type) { |
| 122 | + case AuthProviderType.GITHUB: |
| 123 | + case "GitHub": |
| 124 | + return { |
| 125 | + default: GitHubScope.Requirements.DEFAULT, |
| 126 | + publicRepo: GitHubScope.Requirements.PUBLIC_REPO, |
| 127 | + privateRepo: GitHubScope.Requirements.PRIVATE_REPO, |
| 128 | + }; |
| 129 | + case AuthProviderType.GITLAB: |
| 130 | + case "GitLab": |
| 131 | + return { |
| 132 | + default: GitLabScope.Requirements.DEFAULT, |
| 133 | + publicRepo: GitLabScope.Requirements.DEFAULT, |
| 134 | + privateRepo: GitLabScope.Requirements.REPO, |
| 135 | + }; |
| 136 | + case AuthProviderType.BITBUCKET: |
| 137 | + case "Bitbucket": |
| 138 | + return { |
| 139 | + default: BitbucketOAuthScopes.Requirements.DEFAULT, |
| 140 | + publicRepo: BitbucketOAuthScopes.Requirements.DEFAULT, |
| 141 | + privateRepo: BitbucketOAuthScopes.Requirements.DEFAULT, |
| 142 | + }; |
| 143 | + case AuthProviderType.BITBUCKET_SERVER: |
| 144 | + case "BitbucketServer": |
| 145 | + return { |
| 146 | + default: BitbucketServerOAuthScopes.Requirements.DEFAULT, |
| 147 | + publicRepo: BitbucketServerOAuthScopes.Requirements.DEFAULT, |
| 148 | + privateRepo: BitbucketServerOAuthScopes.Requirements.DEFAULT, |
| 149 | + }; |
| 150 | + } |
| 151 | +} |
0 commit comments