From 77d800eab2419b334cafd94b2e986351919def77 Mon Sep 17 00:00:00 2001
From: Levente Polyak <anthraxx@archlinux.org>
Date: Sun, 23 Oct 2022 20:42:34 +0200
Subject: auth: implemented module to authenticate against our GitLab

This helps to have a convenient way to manage and test our personal
GitLab tokens. Those are used for certain API calls like creating new
repositories.

prefill the access token web view as per
https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#prefill-personal-access-token-name-and-scopes

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
---
 contrib/completion/zsh/_devtools.in   | 17 +++++++
 doc/man/pkgctl-auth-login.1.asciidoc  | 33 +++++++++++++
 doc/man/pkgctl-auth-status.1.asciidoc | 32 ++++++++++++
 doc/man/pkgctl-auth.1.asciidoc        | 38 ++++++++++++++
 doc/man/pkgctl.1.asciidoc             |  4 ++
 src/lib/auth.sh                       | 72 +++++++++++++++++++++++++++
 src/lib/auth/login.sh                 | 93 +++++++++++++++++++++++++++++++++++
 src/lib/auth/status.sh                | 69 ++++++++++++++++++++++++++
 src/pkgctl.in                         |  9 ++++
 9 files changed, 367 insertions(+)
 create mode 100644 doc/man/pkgctl-auth-login.1.asciidoc
 create mode 100644 doc/man/pkgctl-auth-status.1.asciidoc
 create mode 100644 doc/man/pkgctl-auth.1.asciidoc
 create mode 100644 src/lib/auth.sh
 create mode 100644 src/lib/auth/login.sh
 create mode 100644 src/lib/auth/status.sh

diff --git a/contrib/completion/zsh/_devtools.in b/contrib/completion/zsh/_devtools.in
index b210378..6ff6cad 100644
--- a/contrib/completion/zsh/_devtools.in
+++ b/contrib/completion/zsh/_devtools.in
@@ -18,6 +18,22 @@ _archbuild_args=(
 	'--[Introduce makechrootpkg options]:*::makechrootpkg options:=  _dispatch makechrootpkg makechrootpkg'
 )
 
+_pkgctl_auth_cmds=(
+	"pkgctl auth command"
+	"login[Authenticate with the GitLab instance]"
+	"status[View authentication status]"
+)
+
+_pkgctl_auth_login_args=(
+	'(-g --gen-access-token)'{-g,--gen-access-token}'[Open the URL to generate a new personal access token]'
+	'(-h --help)'{-h,--help}'[Display usage]'
+)
+
+_pkgctl_auth_status_args=(
+	'(-t --show-token)'{-t,--show-token}'[Display the auth token]'
+	'(-h --help)'{-h,--help}'[Display usage]'
+)
+
 _pkgctl_repo_cmds=(
 	"pkgctl repo command"
 	"clone[Clone a package repository]"
@@ -154,6 +170,7 @@ _devtools_completions_all_packages() {
 
 _pkgctl_cmds=(
 	"pkgctl command"
+	"auth[Authenticate with services like GitLab]"
 	"diff[Compare package files using different modes]"
 	"repo[Manage Git packaging repositories and their configuration]"
 )
diff --git a/doc/man/pkgctl-auth-login.1.asciidoc b/doc/man/pkgctl-auth-login.1.asciidoc
new file mode 100644
index 0000000..9c32ab2
--- /dev/null
+++ b/doc/man/pkgctl-auth-login.1.asciidoc
@@ -0,0 +1,33 @@
+pkgctl-auth-login(1)
+====================
+
+Name
+----
+pkgctl-auth-login - Authenticate with the GitLab instance
+
+Synopsis
+--------
+pkgctl auth login [OPTIONS]
+
+Description
+-----------
+
+Interactively authenticate with the GitLab instance.
+
+The minimum required scopes for the token are: 'api', 'write_repository'.
+
+Options
+-------
+
+*-g, --gen-access-token*::
+	Open the URL to generate a new personal access token
+
+*-h, --help*::
+	Show a help text
+
+See Also
+--------
+
+linkman:pkgctl-auth-status[1]
+
+include::include/footer.asciidoc[]
diff --git a/doc/man/pkgctl-auth-status.1.asciidoc b/doc/man/pkgctl-auth-status.1.asciidoc
new file mode 100644
index 0000000..e23ee2e
--- /dev/null
+++ b/doc/man/pkgctl-auth-status.1.asciidoc
@@ -0,0 +1,32 @@
+pkgctl-auth-status(1)
+=====================
+
+Name
+----
+pkgctl-auth-status - View authentication status
+
+Synopsis
+--------
+pkgctl auth status [OPTIONS]
+
+Description
+-----------
+
+Verifies and displays information about your authentication state of
+services like the GitLab instance and reports issues if any.
+
+Options
+-------
+
+*-t, --show-token*::
+	Display the auth token
+
+*-h, --help*::
+	Show a help text
+
+See Also
+--------
+
+linkman:pkgctl-auth-login[1]
+
+include::include/footer.asciidoc[]
diff --git a/doc/man/pkgctl-auth.1.asciidoc b/doc/man/pkgctl-auth.1.asciidoc
new file mode 100644
index 0000000..4912b02
--- /dev/null
+++ b/doc/man/pkgctl-auth.1.asciidoc
@@ -0,0 +1,38 @@
+pkgctl-auth(1)
+==============
+
+Name
+----
+pkgctl-auth - Authenticate with serivces like GitLab.
+
+Synopsis
+--------
+pkgctl auth [OPTIONS] [SUBCOMMAND]
+
+Description
+-----------
+
+Manage the authorization for the GitLab instance and show its current status.
+
+Options
+-------
+
+*-h, --help*::
+	Show a help text
+
+Subcommands
+-----------
+
+pkgctl auth login::
+	Authenticate with the GitLab instance
+
+pkgctl auth status::
+	View authentication status
+
+See Also
+--------
+
+linkman:pkgctl-auth-login[1]
+linkman:pkgctl-auth-status[1]
+
+include::include/footer.asciidoc[]
diff --git a/doc/man/pkgctl.1.asciidoc b/doc/man/pkgctl.1.asciidoc
index 0455074..45d5187 100644
--- a/doc/man/pkgctl.1.asciidoc
+++ b/doc/man/pkgctl.1.asciidoc
@@ -17,6 +17,9 @@ TODO
 Subcommands
 -----------
 
+pkgctl auth::
+	Authenticate with services like GitLab
+
 pkgctl diff::
 	Compare package files using different modes
 
@@ -26,6 +29,7 @@ pkgctl repo::
 See Also
 --------
 
+linkman:pkgctl-auth[1]
 linkman:pkgctl-diff[1]
 linkman:pkgctl-repo[1]
 
diff --git a/src/lib/auth.sh b/src/lib/auth.sh
new file mode 100644
index 0000000..77d6a90
--- /dev/null
+++ b/src/lib/auth.sh
@@ -0,0 +1,72 @@
+#!/hint/bash
+#
+# This may be included with or without `set -euE`
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[[ -z ${DEVTOOLS_INCLUDE_AUTH_SH:-} ]] || return 0
+DEVTOOLS_INCLUDE_AUTH_SH=1
+
+_DEVTOOLS_LIBRARY_DIR=${_DEVTOOLS_LIBRARY_DIR:-@pkgdatadir@}
+
+set -e
+
+
+pkgctl_auth_usage() {
+	local -r COMMAND=${_DEVTOOLS_COMMAND:-${BASH_SOURCE[0]##*/}}
+	cat <<- _EOF_
+		Usage: ${COMMAND} [COMMAND] [OPTIONS]
+
+		Authenticate with services like GitLab.
+
+		COMMANDS
+		    login    Authenticate with the GitLab instance
+		    status   View authentication status
+
+		OPTIONS
+		    -h, --help     Show this help text
+
+		EXAMPLES
+		    $ ${COMMAND} login --gen-access-token
+		    $ ${COMMAND} status
+_EOF_
+}
+
+pkgctl_auth() {
+	if (( $# < 1 )); then
+		pkgctl_auth_usage
+		exit 0
+	fi
+
+	# option checking
+	while (( $# )); do
+		case $1 in
+			-h|--help)
+				pkgctl_auth_usage
+				exit 0
+				;;
+			login)
+				_DEVTOOLS_COMMAND+=" $1"
+				shift
+				# shellcheck source=src/lib/auth/login.sh
+				source "${_DEVTOOLS_LIBRARY_DIR}"/lib/auth/login.sh
+				pkgctl_auth_login "$@"
+				exit 0
+				;;
+			status)
+				_DEVTOOLS_COMMAND+=" $1"
+				shift
+				# shellcheck source=src/lib/auth/status.sh
+				source "${_DEVTOOLS_LIBRARY_DIR}"/lib/auth/status.sh
+				pkgctl_auth_status "$@"
+				exit 0
+				;;
+			-*)
+				die "invalid argument: %s" "$1"
+				;;
+			*)
+				die "invalid command: %s" "$1"
+				;;
+		esac
+	done
+}
diff --git a/src/lib/auth/login.sh b/src/lib/auth/login.sh
new file mode 100644
index 0000000..083e80a
--- /dev/null
+++ b/src/lib/auth/login.sh
@@ -0,0 +1,93 @@
+#!/hint/bash
+#
+# This may be included with or without `set -euE`
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[[ -z ${DEVTOOLS_INCLUDE_AUTH_LOGIN_SH:-} ]] || return 0
+DEVTOOLS_INCLUDE_AUTH_LOGIN_SH=1
+
+_DEVTOOLS_LIBRARY_DIR=${_DEVTOOLS_LIBRARY_DIR:-@pkgdatadir@}
+# shellcheck source=src/lib/common.sh
+source "${_DEVTOOLS_LIBRARY_DIR}"/lib/common.sh
+# shellcheck source=src/lib/config.sh
+source "${_DEVTOOLS_LIBRARY_DIR}"/lib/config.sh
+# shellcheck source=src/lib/api/gitlab.sh
+source "${_DEVTOOLS_LIBRARY_DIR}"/lib/api/gitlab.sh
+
+set -e
+
+
+pkgctl_auth_login_usage() {
+	local -r COMMAND=${_DEVTOOLS_COMMAND:-${BASH_SOURCE[0]##*/}}
+	cat <<- _EOF_
+		Usage: ${COMMAND} [OPTIONS]
+
+		Interactively authenticate with the GitLab instance.
+
+		The minimum required scopes for the token are: 'api', 'write_repository'.
+
+		OPTIONS
+		    -g, --gen-access-token   Open the URL to generate a new personal access token
+		    -h, --help               Show this help text
+
+		EXAMPLES
+		    $ ${COMMAND}
+		    $ ${COMMAND} --gen-access-token
+_EOF_
+}
+
+
+pkgctl_auth_login() {
+	local token personal_access_token_url
+	local GEN_ACESS_TOKEN=0
+
+	# option checking
+	while (( $# )); do
+		case $1 in
+			-h|--help)
+				pkgctl_auth_login_usage
+				exit 0
+				;;
+			-g|--gen-access-token)
+				GEN_ACESS_TOKEN=1
+				shift
+				;;
+			*)
+				die "invalid argument: %s" "$1"
+				;;
+		esac
+	done
+
+	personal_access_token_url="https://${GITLAB_HOST}/-/profile/personal_access_tokens?name=pkgctl+token&scopes=api,write_repository"
+
+    cat <<- _EOF_
+	Logging into ${BOLD}${GITLAB_HOST}${ALL_OFF}
+
+	Tip: you can generate a Personal Access Token here ${personal_access_token_url}
+	The minimum required scopes are 'api' and 'write_repository'.
+_EOF_
+
+	if (( GEN_ACESS_TOKEN )); then
+		xdg-open "${personal_access_token_url}" 2>/dev/null
+	fi
+
+	# read token from stdin
+	read -s -r -p "${GREEN}?${ALL_OFF} ${BOLD}Paste your authentication token:${ALL_OFF} " token
+	echo
+
+	if [[ -z ${token} ]]; then
+		msg_error "  No token provided"
+		exit 1
+	fi
+
+	# check if the passed token works
+	GITLAB_TOKEN="${token}"
+	if ! result=$(gitlab_api_get_user); then
+		printf "%s\n" "$result"
+		exit 1
+	fi
+
+	msg_success "  Logged in as ${BOLD}${result}${ALL_OFF}"
+	save_devtools_config
+}
diff --git a/src/lib/auth/status.sh b/src/lib/auth/status.sh
new file mode 100644
index 0000000..6cbaab1
--- /dev/null
+++ b/src/lib/auth/status.sh
@@ -0,0 +1,69 @@
+#!/hint/bash
+#
+# This may be included with or without `set -euE`
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[[ -z ${DEVTOOLS_INCLUDE_AUTH_STATUS_SH:-} ]] || return 0
+DEVTOOLS_INCLUDE_AUTH_STATUS_SH=1
+
+_DEVTOOLS_LIBRARY_DIR=${_DEVTOOLS_LIBRARY_DIR:-@pkgdatadir@}
+# shellcheck source=src/lib/common.sh
+source "${_DEVTOOLS_LIBRARY_DIR}"/lib/common.sh
+# shellcheck source=src/lib/api/gitlab.sh
+source "${_DEVTOOLS_LIBRARY_DIR}"/lib/api/gitlab.sh
+
+set -e
+
+
+pkgctl_auth_status_usage() {
+	local -r COMMAND=${_DEVTOOLS_COMMAND:-${BASH_SOURCE[0]##*/}}
+	cat <<- _EOF_
+		Usage: ${COMMAND} [OPTIONS]
+
+		Verifies and displays information about your authentication state of
+		services like the GitLab instance and reports issues if any.
+
+		OPTIONS
+		    -t, --show-token   Display the auth token
+		    -h, --help         Show this help text
+
+		EXAMPLES
+		    $ ${COMMAND}
+		    $ ${COMMAND} --show-token
+_EOF_
+}
+
+pkgctl_auth_status() {
+	local SHOW_TOKEN=0
+	# option checking
+	while (( $# )); do
+		case $1 in
+			-h|--help)
+				pkgctl_auth_status_usage
+				exit 0
+				;;
+			-t|--show-token)
+				SHOW_TOKEN=1
+				shift
+				;;
+			*)
+				die "invalid argument: %s" "$1"
+				;;
+		esac
+	done
+
+	printf "%s\n" "${BOLD}${GITLAB_HOST}${ALL_OFF}"
+	# shellcheck disable=2119
+	if ! username=$(gitlab_api_get_user); then
+		printf "%s\n" "${username}"
+		exit 1
+	fi
+
+	msg_success "  Logged in as ${BOLD}${username}${ALL_OFF}"
+	if (( SHOW_TOKEN )); then
+		msg_success "  Token: ${GITLAB_TOKEN}"
+	else
+		msg_success "  Token: **************************"
+	fi
+}
diff --git a/src/pkgctl.in b/src/pkgctl.in
index 35305c1..e024d1f 100644
--- a/src/pkgctl.in
+++ b/src/pkgctl.in
@@ -19,6 +19,7 @@ usage() {
 		Unified command-line frontend for devtools.
 
 		COMMANDS
+		    auth    Authenticate with services like GitLab
 		    diff    Compare package files using different modes
 		    repo    Manage Git packaging repositories and their configuration
 
@@ -51,6 +52,14 @@ while (( $# )); do
 			pkgctl_repo "$@"
 			exit 0
 			;;
+		auth)
+			_DEVTOOLS_COMMAND+=" $1"
+			shift
+			# shellcheck source=src/lib/auth.sh
+			source "${_DEVTOOLS_LIBRARY_DIR}"/lib/auth.sh
+			pkgctl_auth "$@"
+			exit 0
+			;;
 		diff)
 			_DEVTOOLS_COMMAND+=" $1"
 			shift
-- 
cgit v1.2.3-70-g09d2