Merge remote-tracking branch 'finos/main' into 946-associate-commits-by-email-rebase

kriswest · kriswest · commit d2a17c918b40 · 2025-07-14T17:28:11.000+01:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@finos/git-proxy",
-  "version": "1.19.0",
+  "version": "1.19.1",
   "description": "Deploy custom push protections and policies on top of Git.",
   "scripts": {
     "cli": "node ./packages/git-proxy-cli/index.js",
diff --git a/src/db/file/pushes.ts b/src/db/file/pushes.ts
@@ -2,7 +2,7 @@ import fs from 'fs';
 import _ from 'lodash';
 import Datastore from '@seald-io/nedb';
 import { Action } from '../../proxy/actions/Action';
-import { toClass } from '../helper';
+import { toClass, trimTrailingDotGit } from '../helper';
 import * as repo from './repo';
 import { PushQuery } from '../types';
 
@@ -138,7 +138,7 @@ export const canUserCancelPush = async (id: string, user: string) => {
       return;
     }
 
-    const repoName = pushDetail.repoName.replace('.git', '');
+    const repoName = trimTrailingDotGit(pushDetail.repoName);
     const isAllowed = await repo.isUserPushAllowed(repoName, user);
 
     if (isAllowed) {
@@ -156,7 +156,8 @@ export const canUserApproveRejectPush = async (id: string, user: string) => {
       resolve(false);
       return;
     }
-    const repoName = action.repoName.replace('.git', '');
+
+    const repoName = trimTrailingDotGit(action.repoName);
     const isAllowed = await repo.canUserApproveRejectPushRepo(repoName, user);
 
     resolve(isAllowed);
diff --git a/src/db/helper.ts b/src/db/helper.ts
@@ -3,3 +3,21 @@ export const toClass = function (obj: any, proto: any) {
   obj.__proto__ = proto;
   return obj;
 };
+
+export const trimTrailingDotGit = (str: string): string => {
+  const target = '.git';
+  if (str.endsWith(target)) {
+    // extract string from 0 to the end minus the length of target
+    return str.slice(0, -target.length);
+  }
+  return str;
+};
+
+export const trimPrefixRefsHeads = (str: string): string => {
+  const target = 'refs/heads/';
+  if (str.startsWith(target)) {
+    // extract string from the end of the target to the end of str
+    return str.slice(target.length);
+  }
+  return str;
+};
diff --git a/src/db/mongo/pushes.ts b/src/db/mongo/pushes.ts
@@ -1,6 +1,6 @@
 import { connect, findDocuments, findOneDocument } from './helper';
 import { Action } from '../../proxy/actions';
-import { toClass } from '../helper';
+import { toClass, trimTrailingDotGit } from '../helper';
 import * as repo from './repo';
 import { Push, PushQuery } from '../types';
 
@@ -108,7 +108,7 @@ export const canUserApproveRejectPush = async (id: string, user: string) => {
       return;
     }
 
-    const repoName = action.repoName.replace('.git', '');
+    const repoName = trimTrailingDotGit(action.repoName);
     const isAllowed = await repo.canUserApproveRejectPushRepo(repoName, user);
 
     resolve(isAllowed);
@@ -123,7 +123,7 @@ export const canUserCancelPush = async (id: string, user: string) => {
       return;
     }
 
-    const repoName = pushDetail.repoName.replace('.git', '');
+    const repoName = trimTrailingDotGit(pushDetail.repoName);
     const isAllowed = await repo.isUserPushAllowed(repoName, user);
 
     if (isAllowed) {
diff --git a/src/proxy/processors/push-action/checkRepoInAuthorisedList.ts b/src/proxy/processors/push-action/checkRepoInAuthorisedList.ts
@@ -1,6 +1,7 @@
 import { Action, Step } from '../../actions';
 import { getRepos } from '../../../db';
 import { Repo } from '../../../db/types';
+import { trimTrailingDotGit } from '../../../db/helper';
 
 // Execute if the repo is approved
 const exec = async (
@@ -14,8 +15,8 @@ const exec = async (
   console.log(list);
 
   const found = list.find((x: Repo) => {
-    const targetName = action.repo.replace('.git', '').toLowerCase();
-    const allowedName = `${x.project}/${x.name}`.replace('.git', '').toLowerCase();
+    const targetName = trimTrailingDotGit(action.repo.toLowerCase());
+    const allowedName = trimTrailingDotGit(`${x.project}/${x.name}`.toLowerCase());
     console.log(`${targetName} = ${allowedName}`);
     return targetName === allowedName;
   });
diff --git a/src/proxy/processors/push-action/checkUserPushPermission.ts b/src/proxy/processors/push-action/checkUserPushPermission.ts
@@ -1,11 +1,20 @@
 import { Action, Step } from '../../actions';
 import { getUsers, isUserPushAllowed } from '../../../db';
+import { trimTrailingDotGit } from '../../../db/helper';
 
 // Execute if the repo is approved
 const exec = async (req: any, action: Action): Promise<Action> => {
   const step = new Step('checkUserPushPermission');
 
-  const repoName = action.repo.split('/')[1].replace('.git', '');
+  const repoSplit = trimTrailingDotGit(action.repo.toLowerCase()).split('/');
+  // we expect there to be exactly one / separating org/repoName
+  if (repoSplit.length != 2) {
+    step.setError('Server-side issue extracting repoName');
+    action.addStep(step);
+    return action;
+  }
+  // pull the 2nd value of the split for repoName
+  const repoName = repoSplit[1];
   let isUserAllowed = false;
 
   // n.b. action.user will be set to whatever the user had set in their user.name config in their git client.
diff --git a/src/service/routes/auth.js b/src/service/routes/auth.js
@@ -6,6 +6,7 @@ const passportLocal = require('../passport/local');
 const passportAD = require('../passport/activeDirectory');
 const authStrategies = require('../passport').authStrategies;
 const db = require('../../db');
+const { toPublicUser } = require('./publicApi');
 const { GIT_PROXY_UI_HOST: uiHost = 'http://localhost', GIT_PROXY_UI_PORT: uiPort = 3000 } =
   process.env;
 
@@ -46,6 +47,25 @@ const getLoginStrategy = () => {
   return enabledAppropriateLoginStrategies[0].type.toLowerCase();
 };
 
+const loginSuccessHandler = () => async (req, res) => {
+  try {
+    const currentUser = { ...req.user };
+    delete currentUser.password;
+    console.log(
+      `serivce.routes.auth.login: user logged in, username=${
+        currentUser.username
+      } profile=${JSON.stringify(currentUser)}`,
+    );
+    res.send({
+      message: 'success',
+      user: toPublicUser(currentUser),
+    });
+  } catch (e) {
+    console.log(`service.routes.auth.login: Error logging user in ${JSON.stringify(e)}`);
+    res.status(500).send('Failed to login').end();
+  }
+};
+
 // TODO: provide separate auth endpoints for each auth strategy or chain compatibile auth strategies
 // TODO: if providing separate auth methods, inform the frontend so it has relevant UI elements and appropriate client-side behavior
 router.post(
@@ -59,25 +79,7 @@ router.post(
     console.log('going to auth with', authType);
     return passport.authenticate(authType)(req, res, next);
   },
-  async (req, res) => {
-    try {
-      const currentUser = { ...req.user };
-      delete currentUser.password;
-      console.log(
-        `serivce.routes.auth.login: user logged in, username=${
-          currentUser.username
-        } profile=${JSON.stringify(currentUser)}`,
-      );
-      res.send({
-        message: 'success',
-        user: currentUser,
-      });
-    } catch (e) {
-      console.log(`service.routes.auth.login: Error logging user in ${JSON.stringify(e)}`);
-      res.status(500).send('Failed to login').end();
-      return;
-    }
-  },
+  loginSuccessHandler(),
 );
 
 router.get('/oidc', passport.authenticate(authStrategies['openidconnect'].type));
@@ -114,8 +116,7 @@ router.post('/logout', (req, res, next) => {
 router.get('/profile', async (req, res) => {
   if (req.user) {
     const userVal = await db.findUser(req.user.username);
-    delete userVal.password;
-    res.send(userVal);
+    res.send(toPublicUser(userVal));
   } else {
     res.status(401).end();
   }
@@ -160,14 +161,14 @@ router.post('/gitAccount', async (req, res) => {
 
 router.get('/me', async (req, res) => {
   if (req.user) {
-    const user = JSON.parse(JSON.stringify(req.user));
-    if (user && user.password) delete user.password;
-    const login = user.username;
-    const userVal = await db.findUser(login);
-    if (userVal && userVal.password) delete userVal.password;
-    res.send(userVal);
+    const userVal = await db.findUser(req.user.username);
+    res.send(toPublicUser(userVal));
   } else {
     res.status(401).end();
   }
 });
-module.exports = router;
+
+module.exports = {
+  router,
+  loginSuccessHandler
+};
diff --git a/src/service/routes/index.js b/src/service/routes/index.js
@@ -10,7 +10,7 @@ const jwtAuthHandler = require('../passport/jwtAuthHandler');
 const router = new express.Router();
 
 router.use('/api', home);
-router.use('/api/auth', auth);
+router.use('/api/auth', auth.router);
 router.use('/api/v1/healthcheck', healthcheck);
 router.use('/api/v1/push', jwtAuthHandler(), push);
 router.use('/api/v1/repo', jwtAuthHandler(), repo);
diff --git a/src/service/routes/publicApi.js b/src/service/routes/publicApi.js
@@ -0,0 +1,10 @@
+export const toPublicUser = (user) => {
+  return {
+    username: user.username || '',
+    displayName: user.displayName || '',
+    email: user.email || '',
+    title: user.title || '',
+    gitAccount: user.gitAccount || '',
+    admin: user.admin || false,
+  }
+}
diff --git a/src/service/routes/users.js b/src/service/routes/users.js
@@ -1,17 +1,7 @@
 const express = require('express');
 const router = new express.Router();
 const db = require('../../db');
-
-const toPublicUser = (user) => {
-  return {
-    username: user.username || '',
-    displayName: user.displayName || '',
-    email: user.email || '',
-    title: user.title || '',
-    gitAccount: user.gitAccount || '',
-    admin: user.admin || false,
-  }
-}
+const { toPublicUser } = require('./publicApi');
 
 router.get('/', async (req, res) => {
   const query = {};
@@ -35,8 +25,7 @@ router.get('/', async (req, res) => {
 router.get('/:id', async (req, res) => {
   const username = req.params.id.toLowerCase();
   console.log(`Retrieving details for user: ${username}`);
-  const data = await db.findUser(username);
-  const user = JSON.parse(JSON.stringify(data));
+  const user = await db.findUser(username);
   res.send(toPublicUser(user));
 });
 
diff --git a/src/ui/views/OpenPushRequests/components/PushesTable.tsx b/src/ui/views/OpenPushRequests/components/PushesTable.tsx
@@ -16,6 +16,7 @@ import { KeyboardArrowRight } from '@material-ui/icons';
 import Search from '../../../components/Search/Search';
 import Pagination from '../../../components/Pagination/Pagination';
 import { PushData } from '../../../../types/models';
+import { trimPrefixRefsHeads, trimTrailingDotGit } from '../../../../db/helper';
 
 interface PushesTableProps {
   [key: string]: any;
@@ -100,8 +101,8 @@ const PushesTable: React.FC<PushesTableProps> = (props) => {
           </TableHead>
           <TableBody>
             {[...currentItems].reverse().map((row) => {
-              const repoFullName = row.repo.replace('.git', '');
-              const repoBranch = row.branch.replace('refs/heads/', '');
+              const repoFullName = trimTrailingDotGit(row.repo);
+              const repoBranch = trimPrefixRefsHeads(row.branch);
               const commitTimestamp =
                 row.commitData[0]?.commitTs || row.commitData[0]?.commitTimestamp;
 
diff --git a/src/ui/views/PushDetails/PushDetails.tsx b/src/ui/views/PushDetails/PushDetails.tsx
@@ -23,6 +23,7 @@ import { CheckCircle, Visibility, Cancel, Block } from '@material-ui/icons';
 import Snackbar from '@material-ui/core/Snackbar';
 import Tooltip from '@material-ui/core/Tooltip';
 import { PushData } from '../../../types/models';
+import { trimPrefixRefsHeads, trimTrailingDotGit } from '../../../db/helper';
 
 const Dashboard: React.FC = () => {
   const { id } = useParams<{ id: string }>();
@@ -105,8 +106,8 @@ const Dashboard: React.FC = () => {
     };
   }
 
-  const repoFullName = data.repo.replace('.git', '');
-  const repoBranch = data.branch.replace('refs/heads/', '');
+  const repoFullName = trimTrailingDotGit(data.repo);
+  const repoBranch = trimPrefixRefsHeads(data.branch);
 
   const generateIcon = (title: string) => {
     switch (title) {
diff --git a/src/ui/views/RepoDetails/RepoDetails.tsx b/src/ui/views/RepoDetails/RepoDetails.tsx
@@ -20,6 +20,7 @@ import { useNavigate, useParams } from 'react-router-dom';
 import { UserContext } from '../../../context';
 import CodeActionButton from '../../components/CustomButtons/CodeActionButton';
 import { Box } from '@material-ui/core';
+import { trimTrailingDotGit } from '../../../db/helper';
 
 interface RepoData {
   project: string;
@@ -148,7 +149,7 @@ const RepoDetails: React.FC = () => {
                   <FormLabel component='legend'>URL</FormLabel>
                   <h4>
                     <a href={data.url} target='_blank' rel='noopener noreferrer'>
-                      {data.url.replace('.git', '')}
+                      {trimTrailingDotGit(data.url)}
                     </a>
                   </h4>
                 </GridItem>
diff --git a/test/db-helper.test.js b/test/db-helper.test.js
diff --git a/test/services/routes/auth.test.js b/test/services/routes/auth.test.js
diff --git a/test/testDb.test.js b/test/testDb.test.js

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@finos/git-proxy",`
`3`		`- "version": "1.19.0",`
	`3`	`+ "version": "1.19.1",`
`4`	`4`	`"description": "Deploy custom push protections and policies on top of Git.",`
`5`	`5`	`"scripts": {`
`6`	`6`	`"cli": "node ./packages/git-proxy-cli/index.js",`