From 9e7441e098c0344b0411b0573f6536b92f397ce5 Mon Sep 17 00:00:00 2001 From: Xavier-Do Date: Mon, 3 Jul 2023 14:57:41 +0200 Subject: [PATCH] [IMP] runbot: make access to build customizable --- runbot/controllers/frontend.py | 7 ++++++- runbot/models/build.py | 8 ++++++++ runbot/models/res_users.py | 5 ----- runbot/templates/nginx.xml | 16 ++++++++++++++++ 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/runbot/controllers/frontend.py b/runbot/controllers/frontend.py index aa3b71dd..707e1fe5 100644 --- a/runbot/controllers/frontend.py +++ b/runbot/controllers/frontend.py @@ -605,4 +605,9 @@ class Runbot(Controller): build = request.env['runbot.build'].browse(int(build_id)).exists() if db_suffix is None: db_suffix = build.mapped('database_ids')[0].db_suffix - return werkzeug.utils.redirect(f'http://{build.dest}-{db_suffix}.{build.host}') + if request.env.user._is_internal(): + token, token_info = build._get_run_token() + db_suffix = f'{db_suffix}-{token}-{token_info}' + redirect = f'http://{build.dest}-{db_suffix}.{build.host}' + _logger.info('Redirecting to %s', redirect) + return werkzeug.utils.redirect(redirect) diff --git a/runbot/models/build.py b/runbot/models/build.py index fd4f0e47..f86fb2ba 100644 --- a/runbot/models/build.py +++ b/runbot/models/build.py @@ -21,6 +21,7 @@ from pathlib import Path from psycopg2 import sql from psycopg2.extensions import TransactionRollbackError import getpass +import uuid _logger = logging.getLogger(__name__) @@ -236,6 +237,8 @@ class BuildResult(models.Model): static_run = fields.Char('Static run URL') + token = fields.Char('Token', default=lambda self: uuid.uuid4().hex) + @api.depends('description', 'params_id.config_id') def _compute_display_name(self): for build in self: @@ -324,6 +327,11 @@ class BuildResult(models.Model): def _get_result_score(self, result): return result_order.index(result) + def _get_run_token(self): + token = self.token or self.params_id.fingerprint + token_info = hex(hash(token or '' + str(self.env.user.id)))[-4:] + return (token[:6], token_info[:4]) + @api.depends('active_step') def _compute_job(self): for build in self: diff --git a/runbot/models/res_users.py b/runbot/models/res_users.py index c04aa380..a74e2b62 100644 --- a/runbot/models/res_users.py +++ b/runbot/models/res_users.py @@ -26,8 +26,3 @@ class ResUsers(models.Model): if list(values.keys()) == ['github_login'] and self.env.user.has_group('runbot.group_runbot_team_manager'): return super(ResUsers, self.sudo()).write(values) return super().write(values) - - # backport of 16.0 feature TODO remove after migration - def _is_internal(self): - self.ensure_one() - return not self.sudo().share diff --git a/runbot/templates/nginx.xml b/runbot/templates/nginx.xml index aff41ba9..c4044622 100644 --- a/runbot/templates/nginx.xml +++ b/runbot/templates/nginx.xml @@ -70,6 +70,22 @@ server { } } + +server { + listen 8080; + server_name ~^(-[a-z0-9_]+)?-(-[a-z0-9_]{4})\.$; + location / { proxy_pass http://127.0.0.1:; } + location /longpolling { proxy_pass http://127.0.0.1:; } + location /websocket { + proxy_pass http://127.0.0.1:; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $real_scheme; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } + +} server { listen 8080;