379 lines
10 KiB
Go
379 lines
10 KiB
Go
package status
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"path/filepath"
|
|
"slices"
|
|
"strings"
|
|
|
|
"github.com/MakeNowJust/heredoc"
|
|
"github.com/cli/cli/v2/api"
|
|
"github.com/cli/cli/v2/internal/config"
|
|
"github.com/cli/cli/v2/internal/gh"
|
|
"github.com/cli/cli/v2/pkg/cmd/auth/shared"
|
|
"github.com/cli/cli/v2/pkg/cmdutil"
|
|
"github.com/cli/cli/v2/pkg/iostreams"
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
type validEntry struct {
|
|
active bool
|
|
host string
|
|
user string
|
|
token string
|
|
tokenSource string
|
|
gitProtocol string
|
|
scopes string
|
|
}
|
|
|
|
func (e validEntry) String(cs *iostreams.ColorScheme) string {
|
|
var sb strings.Builder
|
|
|
|
sb.WriteString(
|
|
fmt.Sprintf(" %s Logged in to %s account %s (%s)\n", cs.SuccessIcon(), e.host, cs.Bold(e.user), e.tokenSource),
|
|
)
|
|
activeStr := fmt.Sprintf("%v", e.active)
|
|
sb.WriteString(fmt.Sprintf(" - Active account: %s\n", cs.Bold(activeStr)))
|
|
sb.WriteString(fmt.Sprintf(" - Git operations protocol: %s\n", cs.Bold(e.gitProtocol)))
|
|
sb.WriteString(fmt.Sprintf(" - Token: %s\n", cs.Bold(e.token)))
|
|
|
|
if expectScopes(e.token) {
|
|
sb.WriteString(fmt.Sprintf(" - Token scopes: %s\n", cs.Bold(displayScopes(e.scopes))))
|
|
if err := shared.HeaderHasMinimumScopes(e.scopes); err != nil {
|
|
var missingScopesError *shared.MissingScopesError
|
|
if errors.As(err, &missingScopesError) {
|
|
missingScopes := strings.Join(missingScopesError.MissingScopes, ",")
|
|
sb.WriteString(fmt.Sprintf(" %s Missing required token scopes: %s\n",
|
|
cs.WarningIcon(),
|
|
cs.Bold(displayScopes(missingScopes))))
|
|
refreshInstructions := fmt.Sprintf("gh auth refresh -h %s", e.host)
|
|
sb.WriteString(fmt.Sprintf(" - To request missing scopes, run: %s\n", cs.Bold(refreshInstructions)))
|
|
}
|
|
}
|
|
}
|
|
|
|
return sb.String()
|
|
}
|
|
|
|
type invalidTokenEntry struct {
|
|
active bool
|
|
host string
|
|
user string
|
|
tokenSource string
|
|
tokenIsWriteable bool
|
|
}
|
|
|
|
func (e invalidTokenEntry) String(cs *iostreams.ColorScheme) string {
|
|
var sb strings.Builder
|
|
|
|
if e.user != "" {
|
|
sb.WriteString(fmt.Sprintf(" %s Failed to log in to %s account %s (%s)\n", cs.Red("X"), e.host, cs.Bold(e.user), e.tokenSource))
|
|
} else {
|
|
sb.WriteString(fmt.Sprintf(" %s Failed to log in to %s using token (%s)\n", cs.Red("X"), e.host, e.tokenSource))
|
|
}
|
|
activeStr := fmt.Sprintf("%v", e.active)
|
|
sb.WriteString(fmt.Sprintf(" - Active account: %s\n", cs.Bold(activeStr)))
|
|
sb.WriteString(fmt.Sprintf(" - The token in %s is invalid.\n", e.tokenSource))
|
|
if e.tokenIsWriteable {
|
|
loginInstructions := fmt.Sprintf("gh auth login -h %s", e.host)
|
|
logoutInstructions := fmt.Sprintf("gh auth logout -h %s -u %s", e.host, e.user)
|
|
sb.WriteString(fmt.Sprintf(" - To re-authenticate, run: %s\n", cs.Bold(loginInstructions)))
|
|
sb.WriteString(fmt.Sprintf(" - To forget about this account, run: %s\n", cs.Bold(logoutInstructions)))
|
|
}
|
|
|
|
return sb.String()
|
|
}
|
|
|
|
type timeoutErrorEntry struct {
|
|
active bool
|
|
host string
|
|
user string
|
|
tokenSource string
|
|
}
|
|
|
|
func (e timeoutErrorEntry) String(cs *iostreams.ColorScheme) string {
|
|
var sb strings.Builder
|
|
|
|
if e.user != "" {
|
|
sb.WriteString(fmt.Sprintf(" %s Timeout trying to log in to %s account %s (%s)\n", cs.Red("X"), e.host, cs.Bold(e.user), e.tokenSource))
|
|
} else {
|
|
sb.WriteString(fmt.Sprintf(" %s Timeout trying to log in to %s using token (%s)\n", cs.Red("X"), e.host, e.tokenSource))
|
|
}
|
|
activeStr := fmt.Sprintf("%v", e.active)
|
|
sb.WriteString(fmt.Sprintf(" - Active account: %s\n", cs.Bold(activeStr)))
|
|
|
|
return sb.String()
|
|
}
|
|
|
|
type Entry interface {
|
|
String(cs *iostreams.ColorScheme) string
|
|
}
|
|
|
|
type Entries []Entry
|
|
|
|
func (e Entries) Strings(cs *iostreams.ColorScheme) []string {
|
|
var out []string
|
|
for _, entry := range e {
|
|
out = append(out, entry.String(cs))
|
|
}
|
|
return out
|
|
}
|
|
|
|
type StatusOptions struct {
|
|
HttpClient func() (*http.Client, error)
|
|
IO *iostreams.IOStreams
|
|
Config func() (gh.Config, error)
|
|
|
|
Hostname string
|
|
ShowToken bool
|
|
}
|
|
|
|
func NewCmdStatus(f *cmdutil.Factory, runF func(*StatusOptions) error) *cobra.Command {
|
|
opts := &StatusOptions{
|
|
HttpClient: f.HttpClient,
|
|
IO: f.IOStreams,
|
|
Config: f.Config,
|
|
}
|
|
|
|
cmd := &cobra.Command{
|
|
Use: "status",
|
|
Args: cobra.ExactArgs(0),
|
|
Short: "Display active account and authentication state on each known GitHub host",
|
|
Long: heredoc.Docf(`
|
|
Display active account and authentication state on each known GitHub host.
|
|
|
|
For each host, the authentication state of each known account is tested and any issues are included in the output.
|
|
Each host section will indicate the active account, which will be used when targeting that host.
|
|
If an account on any host (or only the one given via %[1]s--hostname%[1]s) has authentication issues,
|
|
the command will exit with 1 and output to stderr.
|
|
|
|
To change the active account for a host, see %[1]sgh auth switch%[1]s.
|
|
`, "`"),
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
if runF != nil {
|
|
return runF(opts)
|
|
}
|
|
|
|
return statusRun(opts)
|
|
},
|
|
}
|
|
|
|
cmd.Flags().StringVarP(&opts.Hostname, "hostname", "h", "", "Check only a specific hostname's auth status")
|
|
cmd.Flags().BoolVarP(&opts.ShowToken, "show-token", "t", false, "Display the auth token")
|
|
|
|
return cmd
|
|
}
|
|
|
|
func statusRun(opts *StatusOptions) error {
|
|
cfg, err := opts.Config()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
authCfg := cfg.Authentication()
|
|
|
|
stderr := opts.IO.ErrOut
|
|
stdout := opts.IO.Out
|
|
cs := opts.IO.ColorScheme()
|
|
|
|
statuses := make(map[string]Entries)
|
|
|
|
hostnames := authCfg.Hosts()
|
|
if len(hostnames) == 0 {
|
|
fmt.Fprintf(stderr,
|
|
"You are not logged into any GitHub hosts. To log in, run: %s\n", cs.Bold("gh auth login"))
|
|
return cmdutil.SilentError
|
|
}
|
|
|
|
if opts.Hostname != "" && !slices.Contains(hostnames, opts.Hostname) {
|
|
fmt.Fprintf(stderr,
|
|
"You are not logged into any accounts on %s\n", opts.Hostname)
|
|
return cmdutil.SilentError
|
|
}
|
|
|
|
httpClient, err := opts.HttpClient()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, hostname := range hostnames {
|
|
if opts.Hostname != "" && opts.Hostname != hostname {
|
|
continue
|
|
}
|
|
|
|
var activeUser string
|
|
gitProtocol := cfg.GitProtocol(hostname).Value
|
|
activeUserToken, activeUserTokenSource := authCfg.ActiveToken(hostname)
|
|
if authTokenWriteable(activeUserTokenSource) {
|
|
activeUser, _ = authCfg.ActiveUser(hostname)
|
|
}
|
|
entry := buildEntry(httpClient, buildEntryOptions{
|
|
active: true,
|
|
gitProtocol: gitProtocol,
|
|
hostname: hostname,
|
|
showToken: opts.ShowToken,
|
|
token: activeUserToken,
|
|
tokenSource: activeUserTokenSource,
|
|
username: activeUser,
|
|
})
|
|
statuses[hostname] = append(statuses[hostname], entry)
|
|
|
|
if err == nil && !isValidEntry(entry) {
|
|
err = cmdutil.SilentError
|
|
}
|
|
|
|
users := authCfg.UsersForHost(hostname)
|
|
for _, username := range users {
|
|
if username == activeUser {
|
|
continue
|
|
}
|
|
token, tokenSource, _ := authCfg.TokenForUser(hostname, username)
|
|
entry := buildEntry(httpClient, buildEntryOptions{
|
|
active: false,
|
|
gitProtocol: gitProtocol,
|
|
hostname: hostname,
|
|
showToken: opts.ShowToken,
|
|
token: token,
|
|
tokenSource: tokenSource,
|
|
username: username,
|
|
})
|
|
statuses[hostname] = append(statuses[hostname], entry)
|
|
|
|
if err == nil && !isValidEntry(entry) {
|
|
err = cmdutil.SilentError
|
|
}
|
|
}
|
|
}
|
|
|
|
prevEntry := false
|
|
for _, hostname := range hostnames {
|
|
entries, ok := statuses[hostname]
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
stream := stdout
|
|
if err != nil {
|
|
stream = stderr
|
|
}
|
|
|
|
if prevEntry {
|
|
fmt.Fprint(stream, "\n")
|
|
}
|
|
prevEntry = true
|
|
fmt.Fprintf(stream, "%s\n", cs.Bold(hostname))
|
|
fmt.Fprintf(stream, "%s", strings.Join(entries.Strings(cs), "\n"))
|
|
}
|
|
|
|
return err
|
|
}
|
|
|
|
func displayToken(token string, printRaw bool) string {
|
|
if printRaw {
|
|
return token
|
|
}
|
|
|
|
if idx := strings.LastIndexByte(token, '_'); idx > -1 {
|
|
prefix := token[0 : idx+1]
|
|
return prefix + strings.Repeat("*", len(token)-len(prefix))
|
|
}
|
|
|
|
return strings.Repeat("*", len(token))
|
|
}
|
|
|
|
func displayScopes(scopes string) string {
|
|
if scopes == "" {
|
|
return "none"
|
|
}
|
|
list := strings.Split(scopes, ",")
|
|
for i, s := range list {
|
|
list[i] = fmt.Sprintf("'%s'", strings.TrimSpace(s))
|
|
}
|
|
return strings.Join(list, ", ")
|
|
}
|
|
|
|
func expectScopes(token string) bool {
|
|
return strings.HasPrefix(token, "ghp_") || strings.HasPrefix(token, "gho_")
|
|
}
|
|
|
|
type buildEntryOptions struct {
|
|
active bool
|
|
gitProtocol string
|
|
hostname string
|
|
showToken bool
|
|
token string
|
|
tokenSource string
|
|
username string
|
|
}
|
|
|
|
func buildEntry(httpClient *http.Client, opts buildEntryOptions) Entry {
|
|
tokenIsWriteable := authTokenWriteable(opts.tokenSource)
|
|
|
|
if opts.tokenSource == "oauth_token" {
|
|
// The go-gh function TokenForHost returns this value as source for tokens read from the
|
|
// config file, but we want the file path instead. This attempts to reconstruct it.
|
|
opts.tokenSource = filepath.Join(config.ConfigDir(), "hosts.yml")
|
|
}
|
|
|
|
// If token is not writeable, then it came from an environment variable and
|
|
// we need to fetch the username as it won't be stored in the config.
|
|
if !tokenIsWriteable {
|
|
// The httpClient will automatically use the correct token here as
|
|
// the token from the environment variable take highest precedence.
|
|
apiClient := api.NewClientFromHTTP(httpClient)
|
|
var err error
|
|
opts.username, err = api.CurrentLoginName(apiClient, opts.hostname)
|
|
if err != nil {
|
|
return invalidTokenEntry{
|
|
active: opts.active,
|
|
host: opts.hostname,
|
|
user: opts.username,
|
|
tokenIsWriteable: tokenIsWriteable,
|
|
tokenSource: opts.tokenSource,
|
|
}
|
|
}
|
|
}
|
|
|
|
// Get scopes for token.
|
|
scopesHeader, err := shared.GetScopes(httpClient, opts.hostname, opts.token)
|
|
if err != nil {
|
|
var networkError net.Error
|
|
if errors.As(err, &networkError) && networkError.Timeout() {
|
|
return timeoutErrorEntry{
|
|
active: opts.active,
|
|
host: opts.hostname,
|
|
user: opts.username,
|
|
tokenSource: opts.tokenSource,
|
|
}
|
|
}
|
|
|
|
return invalidTokenEntry{
|
|
active: opts.active,
|
|
host: opts.hostname,
|
|
user: opts.username,
|
|
tokenIsWriteable: tokenIsWriteable,
|
|
tokenSource: opts.tokenSource,
|
|
}
|
|
}
|
|
|
|
return validEntry{
|
|
active: opts.active,
|
|
gitProtocol: opts.gitProtocol,
|
|
host: opts.hostname,
|
|
scopes: scopesHeader,
|
|
token: displayToken(opts.token, opts.showToken),
|
|
tokenSource: opts.tokenSource,
|
|
user: opts.username,
|
|
}
|
|
}
|
|
|
|
func authTokenWriteable(src string) bool {
|
|
return !strings.HasSuffix(src, "_TOKEN")
|
|
}
|
|
|
|
func isValidEntry(entry Entry) bool {
|
|
_, ok := entry.(validEntry)
|
|
return ok
|
|
}
|