[public api] Use tokens feature flag

Author: Laurie T. Malau

components/common-go/experiments/flags.go

@@ -10,3 +10,7 @@ import "context"
 func IsMyFirstFeatureFlagEnabled(ctx context.Context, client Client, attributes Attributes) bool {
 	return client.GetBoolValue(ctx, "isMyFirstFeatureEnabled", false, attributes)
 }
+
+func IsPersonalAccessTokensEnabled(ctx context.Context, client Client, attributes Attributes) bool {
+	return client.GetBoolValue(ctx, "personalAccessTokensEnabled", false, attributes)
+}

components/public-api-server/go.mod

@@ -6,8 +6,8 @@ require (
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20220708163326-82d177caec6e
 	github.com/bufbuild/connect-go v1.0.0
 	github.com/gitpod-io/gitpod/common-go v0.0.0-00010101000000-000000000000
-	github.com/gitpod-io/gitpod/gitpod-protocol v0.0.0-00010101000000-000000000000
 	github.com/gitpod-io/gitpod/components/public-api/go v0.0.0-00010101000000-000000000000
+	github.com/gitpod-io/gitpod/gitpod-protocol v0.0.0-00010101000000-000000000000
 	github.com/gitpod-io/gitpod/usage-api v0.0.0-00010101000000-000000000000
 	github.com/golang/mock v1.6.0
 	github.com/google/go-cmp v0.5.9
@@ -18,6 +18,7 @@ require (
 	github.com/prometheus/client_golang v1.13.0
 	github.com/relvacode/iso8601 v1.1.0
 	github.com/sirupsen/logrus v1.8.1
+	github.com/sourcegraph/jsonrpc2 v0.0.0-20200429184054-15c2290dcb37
 	github.com/spf13/cobra v1.4.0
 	github.com/stretchr/testify v1.7.0
 	github.com/stripe/stripe-go/v72 v72.122.0
@@ -27,8 +28,10 @@ require (
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/configcat/go-sdk/v7 v7.6.0 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/felixge/httpsnoop v1.0.1 // indirect
@@ -44,7 +47,6 @@ require (
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/slok/go-http-metrics v0.10.0 // indirect
-	github.com/sourcegraph/jsonrpc2 v0.0.0-20200429184054-15c2290dcb37 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
 	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect

components/public-api-server/go.sum

@@ -4,12 +4,68 @@
 
 package apiv1
 
-import "github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1/v1connect"
+import (
+	"context"
+	"errors"
+	"fmt"
 
-func NewTokensService() *TokensService {
-	return &TokensService{}
+	"github.com/bufbuild/connect-go"
+	"github.com/gitpod-io/gitpod/common-go/experiments"
+	"github.com/gitpod-io/gitpod/common-go/log"
+	v1 "github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1"
+	"github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1/v1connect"
+	protocol "github.com/gitpod-io/gitpod/gitpod-protocol"
+	"github.com/gitpod-io/gitpod/public-api-server/pkg/auth"
+	"github.com/gitpod-io/gitpod/public-api-server/pkg/proxy"
+)
+
+func NewTokensService(connPool proxy.ServerConnectionPool, expClient experiments.Client) *TokensService {
+	return &TokensService{
+		connectionPool: connPool,
+		expClient:      expClient,
+	}
 }
 
 type TokensService struct {
+	connectionPool proxy.ServerConnectionPool
+
+	expClient experiments.Client
+
 	v1connect.UnimplementedTokensServiceHandler
 }
+
+func (s *TokensService) CreatePersonalAccessToken(ctx context.Context, req *connect.Request[v1.CreatePersonalAccessTokenRequest]) (*connect.Response[v1.CreatePersonalAccessTokenResponse], error) {
+
+	conn, err := s.getConnection(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	user, err := conn.GetLoggedInUser(ctx)
+	if err != nil {
+		return nil, proxy.ConvertError(err)
+	}
+
+	isEnabled := experiments.IsPersonalAccessTokensEnabled(ctx, s.expClient, experiments.Attributes{UserID: user.ID})
+
+	if !isEnabled {
+		return nil, connect.NewError(connect.CodePermissionDenied, errors.New("This feature is currently in beta. If you would like to be part of the beta, please contact us."))
+	}
+
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("gitpod.experimental.v1.TokensService.CreatePersonalAccessToken is not implemented"))
+}
+
+func (s *TokensService) getConnection(ctx context.Context) (protocol.APIInterface, error) {
+	token, err := auth.TokenFromContext(ctx)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("No credentials present on request."))
+	}
+
+	conn, err := s.connectionPool.Get(ctx, token)
+	if err != nil {
+		log.Log.WithError(err).Error("Failed to get connection to server.")
+		return nil, connect.NewError(connect.CodeInternal, errors.New("Failed to establish connection to downstream services. If this issue persists, please contact Gitpod Support."))
+	}
+
+	return conn, nil
+}

components/public-api-server/pkg/apiv1/tokens.go

@@ -0,0 +1,63 @@
+// Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+// Licensed under the GNU Affero General Public License (AGPL).
+// See License-AGPL.txt in the project root for license information.
+
+package apiv1
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	connect "github.com/bufbuild/connect-go"
+	"github.com/gitpod-io/gitpod/common-go/experiments"
+	v1 "github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1"
+	"github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1/v1connect"
+	protocol "github.com/gitpod-io/gitpod/gitpod-protocol"
+	"github.com/gitpod-io/gitpod/public-api-server/pkg/auth"
+	"github.com/golang/mock/gomock"
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+)
+
+func TestTokensService_CreatePersonalAccessTokenWithoutFeatureFlag(t *testing.T) {
+	t.Run("returns a personal access token", func(t *testing.T) {
+		serverMock, client := setupTokensService(t)
+
+		user := &protocol.User{
+			ID:           uuid.New().String(),
+			Name:         "Someone",
+			CreationDate: "2022-11-15T10:10:10.000Z",
+		}
+
+		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
+
+		_, err := client.CreatePersonalAccessToken(context.Background(), &connect.Request[v1.CreatePersonalAccessTokenRequest]{})
+
+		require.Error(t, err, "This feature is currently in beta. If you would like to be part of the beta, please contact us.")
+		require.Equal(t, connect.CodePermissionDenied, connect.CodeOf(err))
+	})
+}
+
+func setupTokensService(t *testing.T) (*protocol.MockAPIInterface, v1connect.TokensServiceClient) {
+	t.Helper()
+
+	ctrl := gomock.NewController(t)
+	t.Cleanup(ctrl.Finish)
+
+	serverMock := protocol.NewMockAPIInterface(ctrl)
+
+	svc := NewTokensService(&FakeServerConnPool{api: serverMock}, experiments.NewAlwaysReturningDefaultValueClient())
+
+	_, handler := v1connect.NewTokensServiceHandler(svc, connect.WithInterceptors(auth.NewServerInterceptor()))
+
+	srv := httptest.NewServer(handler)
+	t.Cleanup(srv.Close)
+
+	client := v1connect.NewTokensServiceClient(http.DefaultClient, srv.URL, connect.WithInterceptors(
+		auth.NewClientInterceptor("auth-token"),
+	))
+
+	return serverMock, client
+}

components/public-api-server/pkg/apiv1/tokens_test.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/bufbuild/connect-go"
 	"github.com/gitpod-io/gitpod/common-go/baseserver"
+	"github.com/gitpod-io/gitpod/common-go/experiments"
 	v1 "github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1"
 	"github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1/v1connect"
 	"github.com/gitpod-io/gitpod/public-api-server/pkg/auth"
@@ -28,9 +29,9 @@ func TestPublicAPIServer_v1_WorkspaceService(t *testing.T) {
 	gitpodAPI, err := url.Parse("wss://main.preview.gitpod-dev.com/api/v1")
 	require.NoError(t, err)
 
-	connPool := &proxy.NoConnectionPool{ServerAPI: gitpodAPI}
+	connPool := proxy.ServerConnectionPool(&proxy.NoConnectionPool{ServerAPI: gitpodAPI})
 
-	require.NoError(t, register(srv, connPool))
+	require.NoError(t, register(srv, connPool, experiments.NewAlwaysReturningDefaultValueClient()))
 	baseserver.StartServerForTests(t, srv)
 
 	workspaceClient := v1connect.NewWorkspacesServiceClient(http.DefaultClient, srv.HTTPAddress(), connect.WithInterceptors(auth.NewClientInterceptor("some-token")))
@@ -57,9 +58,9 @@ func TestConnectWorkspaceService_RequiresAuth(t *testing.T) {
 	gitpodAPI, err := url.Parse("wss://main.preview.gitpod-dev.com/api/v1")
 	require.NoError(t, err)
 
-	connPool := &proxy.NoConnectionPool{ServerAPI: gitpodAPI}
+	connPool := proxy.ServerConnectionPool(&proxy.NoConnectionPool{ServerAPI: gitpodAPI})
 
-	require.NoError(t, register(srv, connPool))
+	require.NoError(t, register(srv, connPool, experiments.NewAlwaysReturningDefaultValueClient()))
 
 	baseserver.StartServerForTests(t, srv)
 

components/public-api-server/pkg/server/integration_test.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 
 	"github.com/bufbuild/connect-go"
+	"github.com/gitpod-io/gitpod/common-go/experiments"
 	"github.com/gitpod-io/gitpod/common-go/log"
 
 	"github.com/gitpod-io/gitpod/components/public-api/go/config"
@@ -40,6 +41,8 @@ func Start(logger *logrus.Entry, version string, cfg *config.Configuration) erro
 		return fmt.Errorf("failed to setup connection pool: %w", err)
 	}
 
+	expClient := experiments.NewClient()
+
 	srv, err := baseserver.New("public_api_server",
 		baseserver.WithLogger(logger),
 		baseserver.WithConfig(cfg.Server),
@@ -70,7 +73,7 @@ func Start(logger *logrus.Entry, version string, cfg *config.Configuration) erro
 
 	srv.HTTPMux().Handle("/stripe/invoices/webhook", handlers.ContentTypeHandler(stripeWebhookHandler, "application/json"))
 
-	if registerErr := register(srv, connPool); registerErr != nil {
+	if registerErr := register(srv, connPool, expClient); registerErr != nil {
 		return fmt.Errorf("failed to register services: %w", registerErr)
 	}
 
@@ -81,7 +84,7 @@ func Start(logger *logrus.Entry, version string, cfg *config.Configuration) erro
 	return nil
 }
 
-func register(srv *baseserver.Server, connPool proxy.ServerConnectionPool) error {
+func register(srv *baseserver.Server, connPool proxy.ServerConnectionPool, expClient experiments.Client) error {
 	proxy.RegisterMetrics(srv.MetricsRegistry())
 
 	connectMetrics := NewConnectMetrics()
@@ -104,7 +107,7 @@ func register(srv *baseserver.Server, connPool proxy.ServerConnectionPool) error
 	teamsRoute, teamsServiceHandler := v1connect.NewTeamsServiceHandler(apiv1.NewTeamsService(connPool), handlerOptions...)
 	srv.HTTPMux().Handle(teamsRoute, teamsServiceHandler)
 
-	tokensRoute, tokensServiceHandler := v1connect.NewTokensServiceHandler(apiv1.NewTokensService(), handlerOptions...)
+	tokensRoute, tokensServiceHandler := v1connect.NewTokensServiceHandler(apiv1.NewTokensService(connPool, expClient), handlerOptions...)
 	srv.HTTPMux().Handle(tokensRoute, tokensServiceHandler)
 
 	userRoute, userServiceHandler := v1connect.NewUserServiceHandler(apiv1.NewUserService(connPool), handlerOptions...)