chore(update-contributors): do not skip ci (#3556)

grafana · Sep 19, 2024 · a8509a9 · a8509a9
1 parent fcc3dfd
commit a8509a9
Show file tree

Hide file tree

Showing 8 changed files with 363 additions and 106 deletions.
diff --git a/.github/workflows/update-contributors.yml b/.github/workflows/update-contributors.yml
@@ -24,7 +24,7 @@ jobs:
           git config --local user.email '[email protected]'
           if ! git diff --exit-code README.md; then
               git add README.md
-              git commit -m 'docs: updates the list of contributors in README [skip ci]'
+              git commit -m 'docs: updates the list of contributors in README'
               gh auth status
               git push --force https://x-access-token:${{ secrets.BOT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git HEAD:main
           fi

diff --git a/api/gen/proto/go/vcs/v1/vcs.pb.go b/api/gen/proto/go/vcs/v1/vcs.pb.go
diff --git a/api/gen/proto/go/vcs/v1/vcs_vtproto.pb.go b/api/gen/proto/go/vcs/v1/vcs_vtproto.pb.go
diff --git a/api/openapiv2/gen/phlare.swagger.json b/api/openapiv2/gen/phlare.swagger.json
@@ -1089,15 +1089,35 @@
       "type": "object",
       "properties": {
         "cookie": {
-          "type": "string"
+          "type": "string",
+          "title": "Deprecated"
+        },
+        "token": {
+          "type": "string",
+          "title": "base64 encoded encrypted token"
+        },
+        "expiresAt": {
+          "type": "string",
+          "format": "int64",
+          "description": "Unix ms timestamp of when the token expires."
         }
       }
     },
     "v1GithubRefreshResponse": {
       "type": "object",
       "properties": {
         "cookie": {
-          "type": "string"
+          "type": "string",
+          "title": "Deprecated"
+        },
+        "token": {
+          "type": "string",
+          "title": "base64 encoded encrypted token"
+        },
+        "expiresAt": {
+          "type": "string",
+          "format": "int64",
+          "description": "Unix ms timestamp of when the token expires."
         }
       }
     },

diff --git a/api/vcs/v1/vcs.proto b/api/vcs/v1/vcs.proto
@@ -21,13 +21,25 @@ message GithubLoginRequest {
 }
 
 message GithubLoginResponse {
+  // Deprecated
   string cookie = 1;
+
+  // base64 encoded encrypted token
+  string token = 2;
+  // Unix ms timestamp of when the token expires.
+  int64 expires_at = 3;
 }
 
 message GithubRefreshRequest {}
 
 message GithubRefreshResponse {
+  // Deprecated
   string cookie = 1;
+
+  // base64 encoded encrypted token
+  string token = 2;
+  // Unix ms timestamp of when the token expires.
+  int64 expires_at = 3;
 }
 
 message GetFileRequest {

diff --git a/pkg/querier/vcs/service.go b/pkg/querier/vcs/service.go
@@ -67,14 +67,21 @@ func (q *Service) GithubLogin(ctx context.Context, req *connect.Request[vcsv1.Gi
 		return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("failed to authorize with GitHub"))
 	}
 
-	cookie, err := encodeToken(token, encryptionKey)
+	cookie, err := encodeTokenInCookie(token, encryptionKey)
+	if err != nil {
+		q.logger.Log("err", err, "msg", "failed to encode legacy GitHub OAuth token")
+		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to refresh token"))
+	}
+
+	encoded, err := encodeToken(token, encryptionKey)
 	if err != nil {
 		q.logger.Log("err", err, "msg", "failed to encode GitHub OAuth token")
-		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to authorize with GitHub"))
 	}
 
 	res := &vcsv1.GithubLoginResponse{
-		Cookie: cookie.String(),
+		Cookie:    cookie.String(),
+		Token:     encoded,
+		ExpiresAt: token.Expiry.UnixMilli(),
 	}
 	return connect.NewResponse(res), nil
 }
@@ -106,14 +113,21 @@ func (q *Service) GithubRefresh(ctx context.Context, req *connect.Request[vcsv1.
 		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to process token"))
 	}
 
-	cookie, err := encodeToken(newToken, derivedKey)
+	cookie, err := encodeTokenInCookie(newToken, derivedKey)
 	if err != nil {
-		q.logger.Log("err", err, "msg", "failed to encode GitHub OAuth token")
+		q.logger.Log("err", err, "msg", "failed to encode legacy GitHub OAuth token")
 		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to refresh token"))
 	}
 
+	encoded, err := encodeToken(newToken, derivedKey)
+	if err != nil {
+		q.logger.Log("err", err, "msg", "failed to encode GitHub OAuth token")
+	}
+
 	res := &vcsv1.GithubRefreshResponse{
-		Cookie: cookie.String(),
+		Cookie:    cookie.String(),
+		Token:     encoded,
+		ExpiresAt: token.Expiry.UnixMilli(),
 	}
 	return connect.NewResponse(res), nil
 }

diff --git a/pkg/querier/vcs/token.go b/pkg/querier/vcs/token.go
@@ -102,8 +102,8 @@ func tokenFromRequest(ctx context.Context, req connect.AnyRequest) (*oauth2.Toke
 	return token, nil
 }
 
-// encodeToken encrypts then base64 encodes an OAuth token.
-func encodeToken(token *oauth2.Token, key []byte) (*http.Cookie, error) {
+// encodeTokenInCookie creates a cookie by encrypting then base64 encoding an OAuth token.
+func encodeTokenInCookie(token *oauth2.Token, key []byte) (*http.Cookie, error) {
 	encrypted, err := encryptToken(token, key)
 	if err != nil {
 		return nil, err
@@ -129,6 +129,17 @@ func encodeToken(token *oauth2.Token, key []byte) (*http.Cookie, error) {
 	return cookie, nil
 }
 
+// encodeToken encrypts then base64 encodes an OAuth token.
+func encodeToken(token *oauth2.Token, key []byte) (string, error) {
+	encrypted, err := encryptToken(token, key)
+	if err != nil {
+		return "", err
+	}
+
+	encoded := base64.StdEncoding.EncodeToString([]byte(encrypted))
+	return encoded, nil
+}
+
 // decodeToken base64 decodes and decrypts a OAuth token.
 func decodeToken(value string, key []byte) (*oauth2.Token, error) {
 	var token *oauth2.Token