feat(db, webserver): Implement GitHubRepositoryProvider connect flow

ee/tabby-db/migrations/0022_github-provider.down.sql

@@ -0,0 +1 @@
+DROP TABLE github_repository_provider;

ee/tabby-db/migrations/0022_github-provider.up.sql

@@ -0,0 +1,8 @@
+CREATE TABLE github_repository_provider(
+    id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    display_name TEXT NOT NULL,
+    application_id TEXT NOT NULL,
+    secret TEXT NOT NULL,
+    access_token TEXT,
+    CONSTRAINT `idx_application_id` UNIQUE (`application_id`)
+);

ee/tabby-db/src/github_repository_provider.rs

@@ -0,0 +1,98 @@
+use anyhow::{anyhow, Result};
+use sqlx::{prelude::FromRow, query, query_as};
+use tabby_db_macros::query_paged_as;
+
+use crate::{DbConn, SQLXResultExt};
+
+#[derive(FromRow)]
+pub struct GithubRepositoryProviderDAO {
+    pub id: i64,
+    pub display_name: String,
+    pub application_id: String,
+    pub secret: String,
+    pub access_token: Option<String>,
+}
+
+impl DbConn {
+    pub async fn create_github_provider(
+        &self,
+        name: String,
+        application_id: String,
+        secret: String,
+    ) -> Result<i64> {
+        let res = query!("INSERT INTO github_repository_provider (display_name, application_id, secret) VALUES ($1, $2, $3);",
+            name,
+            application_id,
+            secret
+        ).execute(&self.pool).await.unique_error("GitHub Application ID already exists")?;
+        Ok(res.last_insert_rowid())
+    }
+
+    pub async fn get_github_provider(&self, id: i64) -> Result<GithubRepositoryProviderDAO> {
+        let provider = query_as!(
+            GithubRepositoryProviderDAO,
+            "SELECT id, display_name, application_id, secret, access_token FROM github_repository_provider WHERE id = ?;",
+            id
+        )
+        .fetch_one(&self.pool)
+        .await?;
+        Ok(provider)
+    }
+
+    pub async fn delete_github_provider(&self, id: i64) -> Result<()> {
+        let res = query!("DELETE FROM github_repository_provider WHERE id = ?;", id)
+            .execute(&self.pool)
+            .await?;
+        if res.rows_affected() != 1 {
+            return Err(anyhow!("No github provider details to delete"));
+        }
+        Ok(())
+    }
+
+    pub async fn update_github_provider_access_token(
+        &self,
+        id: i64,
+        access_token: String,
+    ) -> Result<()> {
+        let res = query!(
+            "UPDATE github_repository_provider SET access_token = ? WHERE id = ?",
+            access_token,
+            id
+        )
+        .execute(&self.pool)
+        .await?;
+
+        if res.rows_affected() != 1 {
+            return Err(anyhow!(
+                "The specified Github repository provider does not exist"
+            ));
+        }
+
+        Ok(())
+    }
+
+    pub async fn list_github_repository_providers(
+        &self,
+        limit: Option<usize>,
+        skip_id: Option<i32>,
+        backwards: bool,
+    ) -> Result<Vec<GithubRepositoryProviderDAO>> {
+        let providers = query_paged_as!(
+            GithubRepositoryProviderDAO,
+            "github_repository_provider",
+            [
+                "id",
+                "display_name",
+                "application_id",
+                "secret",
+                "access_token"
+            ],
+            limit,
+            skip_id,
+            backwards
+        )
+        .fetch_all(&self.pool)
+        .await?;
+        Ok(providers)
+    }
+}

ee/tabby-db/src/lib.rs

@@ -4,6 +4,7 @@ use anyhow::anyhow;
 use cache::Cache;
 use chrono::{DateTime, NaiveDateTime, Utc};
 pub use email_setting::EmailSettingDAO;
+pub use github_repository_provider::GithubRepositoryProviderDAO;
 pub use invitations::InvitationDAO;
 pub use job_runs::JobRunDAO;
 pub use oauth_credential::OAuthCredentialDAO;
@@ -17,6 +18,7 @@ pub use users::UserDAO;
 
 pub mod cache;
 mod email_setting;
+mod github_repository_provider;
 mod invitations;
 mod job_runs;
 mod oauth_credential;

ee/tabby-webserver/src/handler.rs

@@ -19,7 +19,7 @@
 use tracing::{error, warn};
 
 use crate::{
-    cron, hub, oauth,
+    cron, hub, integrations, oauth,
     repositories::{self, RepositoryCache},
     schema::{auth::AuthenticationService, create_schema, Schema, ServiceLocator},
     service::{create_service_locator, event_logger::create_event_logger},
@@ -84,6 +84,10 @@
                 "/repositories",
                 repositories::routes(rs.clone(), ctx.auth()),
             )
+            .nest(
+                "/integrations/github",
+                integrations::github::routes(ctx.setting(), ctx.github_repository_provider()),
+            )
             .route(
                 "/avatar/:id",
                 routing::get(avatar)

ee/tabby-webserver/src/integrations.rs

@@ -0,0 +1 @@
+pub mod github;

ee/tabby-webserver/src/integrations/github.rs

@@ -0,0 +1,144 @@
+use std::sync::Arc;
+
+use anyhow::Result;
+use axum::{
+    extract::{Path, Query, State},
+    response::Redirect,
+    routing, Router,
+};
+use hyper::StatusCode;
+use juniper::ID;
+use serde::Deserialize;
+use tracing::error;
+
+use crate::{
+    oauth::github::GithubOAuthResponse,
+    schema::{
+        github_repository_provider::GithubRepositoryProviderService, setting::SettingService,
+    },
+};
+
+#[derive(Deserialize)]
+struct CallbackParams {
+    state: ID,
+    code: String,
+}
+
+#[derive(Clone)]
+struct IntegrationState {
+    pub settings: Arc<dyn SettingService>,
+    pub github_repository_provider: Arc<dyn GithubRepositoryProviderService>,
+}
+
+pub fn routes(
+    settings: Arc<dyn SettingService>,
+    github_repository_provider: Arc<dyn GithubRepositoryProviderService>,
+) -> Router {
+    let state = IntegrationState {
+        settings,
+        github_repository_provider,
+    };
+    Router::new()
+        .route("/connect/:id", routing::get(connect))
+        .route("/callback", routing::get(callback))
+        .with_state(state)
+}
+
+fn github_redirect_url(client_id: &str, redirect_uri: &str, id: &ID) -> String {
+    format!("https://github.com/login/oauth/authorize?client_id={client_id}&response_type=code&scope=repo&redirect_uri={redirect_uri}/integrations/github/callback&state={id}")
+}
+
+async fn exchange_access_token(
+    state: &IntegrationState,
+    params: &CallbackParams,
+) -> Result<GithubOAuthResponse> {
+    let client = reqwest::Client::new();
+
+    let client_id = state
+        .github_repository_provider
+        .get_github_repository_provider(params.state.clone())
+        .await?
+        .application_id;
+
+    let secret = state
+        .github_repository_provider
+        .read_github_repository_provider_secret(params.state.clone())
+        .await?;
+
+    Ok(client
+        .post("https://github.com/login/oauth/access_token")
+        .header(reqwest::header::ACCEPT, "application/json")
+        .form(&[
+            ("client_id", &client_id),
+            ("client_secret", &secret),
+            ("code", &params.code),
+        ])
+        .send()
+        .await?
+        .json()
+        .await?)
+}
+
+async fn callback(
+    State(state): State<IntegrationState>,
+    Query(params): Query<CallbackParams>,
+) -> Result<Redirect, StatusCode> {
+    let network_setting = match state.settings.read_network_setting().await {
+        Ok(setting) => setting,
+        Err(e) => {
+            error!("Failed to read network setting: {e}");
+            return Err(StatusCode::INTERNAL_SERVER_ERROR);
+        }
+    };
+    let external_url = network_setting.external_url;
+
+    let response = match exchange_access_token(&state, &params).await {
+        Ok(response) => response,
+        Err(e) => {
+            error!("Failed to exchange access token: {e}");
+            return Err(StatusCode::INTERNAL_SERVER_ERROR);
+        }
+    };
+
+    if let Err(e) = state
+        .github_repository_provider
+        .update_github_repository_provider_access_token(params.state, response.access_token)
+        .await
+    {
+        error!("Failed to update github access token: {e}");
+        return Err(StatusCode::INTERNAL_SERVER_ERROR);
+    }
+
+    Ok(Redirect::permanent(&external_url))
+}
+
+async fn connect(
+    State(state): State<IntegrationState>,
+    Path(id): Path<ID>,
+) -> Result<Redirect, StatusCode> {
+    let network_setting = match state.settings.read_network_setting().await {
+        Ok(setting) => setting,
+        Err(e) => {
+            error!("Failed to read network setting: {e}");
+            return Err(StatusCode::INTERNAL_SERVER_ERROR);
+        }
+    };
+    let external_url = network_setting.external_url;
+    let provider = match state
+        .github_repository_provider
+        .get_github_repository_provider(id.clone())
+        .await
+    {
+        Ok(provider) => provider,
+        Err(e) => {
+            error!("Github repository provider not found: {e}");
+            return Err(StatusCode::NOT_FOUND);
+        }
+    };
+
+    Ok(Redirect::temporary(&github_redirect_url(
+        &provider.application_id,
+        &external_url,
+        &id,
+    )))
+}

ee/tabby-webserver/src/lib.rs

@@ -3,6 +3,7 @@
 mod cron;
 mod handler;
 mod hub;
+mod integrations;
 mod oauth;
 mod repositories;
 mod schema;

ee/tabby-webserver/src/oauth/github.rs

@@ -9,20 +9,20 @@ use crate::schema::auth::{AuthenticationService, OAuthCredential, OAuthProvider}
 
 #[derive(Debug, Deserialize)]
 #[allow(dead_code)]
-struct GithubOAuthResponse {
+pub struct GithubOAuthResponse {
     #[serde(default)]
-    access_token: String,
+    pub access_token: String,
     #[serde(default)]
-    scope: String,
+    pub scope: String,
     #[serde(default)]
-    token_type: String,
+    pub token_type: String,
 
     #[serde(default)]
-    error: String,
+    pub error: String,
     #[serde(default)]
-    error_description: String,
+    pub error_description: String,
     #[serde(default)]
-    error_uri: String,
+    pub error_uri: String,
 }
 
 #[derive(Debug, Deserialize)]

ee/tabby-webserver/src/schema/github_repository_provider.rs

@@ -0,0 +1,49 @@
+use crate::schema::Result;
+use async_trait::async_trait;
+use juniper::{GraphQLObject, ID};
+use juniper_axum::relay::NodeType;
+
+use super::Context;
+
+#[derive(GraphQLObject, Debug)]
+#[graphql(context = Context)]
+pub struct GithubRepositoryProvider {
+    pub id: ID,
+    pub display_name: String,
+    pub application_id: String,
+}
+
+impl NodeType for GithubRepositoryProvider {
+    type Cursor = String;
+
+    fn cursor(&self) -> Self::Cursor {
+        self.id.to_string()
+    }
+
+    fn connection_type_name() -> &'static str {
+        "GithubRepositoryProviderConnection"
+    }
+
+    fn edge_type_name() -> &'static str {
+        "GithubRepositoryProviderEdge"
+    }
+}
+
+#[async_trait]
+pub trait GithubRepositoryProviderService: Send + Sync {
+    async fn get_github_repository_provider(&self, id: ID) -> Result<GithubRepositoryProvider>;
+    async fn read_github_repository_provider_secret(&self, id: ID) -> Result<String>;
+    async fn update_github_repository_provider_access_token(
+        &self,
+        id: ID,
+        access_token: String,
+    ) -> Result<()>;
+
+    async fn list_github_repository_providers(
+        &self,
+        after: Option<String>,
+        before: Option<String>,
+        first: Option<usize>,
+        last: Option<usize>,
+    ) -> Result<Vec<GithubRepositoryProvider>>;
+}