fix: lock table for refreshing Gitlab token

Author: dhruvit-r

constants.js

@@ -19,7 +19,8 @@ const USER_TYPES = {
 
 // The user roles
 const USER_ROLES = {
-  OWNER: 'owner'
+  OWNER: 'owner',
+  GUEST: 'guest'
 };
 
 // The challenge status

models/User.js

@@ -49,7 +49,9 @@ const schema = new Schema({
   // gitlab token data
   accessToken: {type: String, required: false},
   accessTokenExpiration: {type: Date, required: false},
-  refreshToken: {type: String, required: false}
+  refreshToken: {type: String, required: false},
+  lockId: {type: String, required: false},
+  lockExpiration: {type: Date, required: false}
 });
 
 module.exports = schema;

package-lock.json

@@ -13,7 +13,8 @@
     "direct-connect-migration": "node scripts/direct-connect-migration.js"
   },
   "engines": {
-    "node": "~8.6.0"
+    "node": ">=20",
+    "npm": ">=9"
   },
   "repository": {
     "type": "git",
@@ -26,7 +27,7 @@
   },
   "homepage": "https://gitlab.com/luettich/processor#README",
   "dependencies": {
-    "@gitbeaker/rest": "^39.12.0",
+    "@gitbeaker/rest": "^39.13.0",
     "@octokit/rest": "^18.9.0",
     "axios": "^0.19.0",
     "circular-json": "^0.5.7",

package.json

@@ -8,8 +8,8 @@
  * @author TCSCODER
  * @version 1.0
  */
-
 const config = require('config');
+const uuid = require('uuid').v4;
 const _ = require('lodash');
 const Joi = require('joi');
 const {Gitlab} = require('@gitbeaker/rest');
@@ -26,11 +26,11 @@ const request = superagentPromise(superagent, Promise);
 // milliseconds per second
 const MS_PER_SECOND = 1000;
 
+const LOCK_TTL_SECONDS = 20;
+
+const MAX_RETRY_COUNT = 30;
 
-const USER_ROLE_TO_REDIRECT_URI_MAP = {
-  owner: config.GITLAB_OWNER_USER_CALLBACK_URL,
-  guest: config.GITLAB_GUEST_USER_CALLBACK_URL
-};
+const COOLDOWN_TIME = 1000;
 
 /**
  * A schema for a Gitlab user, as stored in the TCX database.
@@ -55,7 +55,9 @@ const USER_SCHEMA = Joi.object().keys({
   username: Joi.string().optional(),
   type: Joi.string().valid('gitlab').required(),
   id: Joi.string().optional(),
-  role: Joi.string().valid('owner', 'guest').required()
+  role: Joi.string().valid('owner', 'guest').required(),
+  lockId: Joi.string().optional(),
+  lockExpiration: Joi.date().optional()
 }).required();
 
 /**
@@ -107,31 +109,51 @@ class GitlabService {
    * Refresh the user access token if needed
    */
   async refreshAccessToken() {
-    const user = this.#user;
-    if (user.accessTokenExpiration && new Date().getTime() > user.accessTokenExpiration.getTime() -
-      (config.GITLAB_REFRESH_TOKEN_BEFORE_EXPIRATION * MS_PER_SECOND)) {
-      const query = {
-        client_id: config.GITLAB_CLIENT_ID,
-        client_secret: config.GITLAB_CLIENT_SECRET,
-        refresh_token: user.refreshToken,
-        grant_type: 'refresh_token',
-        redirect_uri: USER_ROLE_TO_REDIRECT_URI_MAP[user.role]
-      };
-      const refreshTokenResult = await request
-        .post(`${config.GITLAB_API_BASE_URL}/oauth/token`)
-        .query(query)
-        .end();
-      // save user token data
-      const expiresIn = refreshTokenResult.body.expires_in || config.GITLAB_ACCESS_TOKEN_DEFAULT_EXPIRATION;
-      const updates = {
-        accessToken: refreshTokenResult.body.access_token,
-        accessTokenExpiration: new Date(new Date().getTime() + expiresIn * MS_PER_SECOND),
-        refreshToken: refreshTokenResult.body.refresh_token
-      };
-      _.assign(user, updates);
-      await dbHelper.update(models.User, user.id, updates);
+    const lockId = uuid().replace(/-/g, '');
+    let lockedUser;
+    let tries = 0;
+    try {
+      // eslint-disable-next-line no-constant-condition, no-restricted-syntax
+      while ((tries < MAX_RETRY_COUNT) && !(lockedUser && lockedUser.lockId === lockId)) {
+        logger.debug(`[Lock ID: ${lockId}][Attempt #${tries + 1}] Acquiring lock on user ${this.#user.username}.`);
+        lockedUser = await dbHelper.acquireLockOnUser(this.#user.id, lockId, LOCK_TTL_SECONDS * MS_PER_SECOND);
+        await new Promise((resolve) => setTimeout(resolve, COOLDOWN_TIME));
+        tries += 1;
+      }
+      if (!lockedUser) {
+        throw new Error(`Failed to acquire lock on user ${this.#user.id} after ${tries} attempts.`);
+      }
+      logger.debug(`[Lock ID: ${lockId}] Acquired lock on user ${this.#user.id}.`);
+      if (lockedUser.accessTokenExpiration && new Date().getTime() > lockedUser.accessTokenExpiration.getTime() -
+        (config.GITLAB_REFRESH_TOKEN_BEFORE_EXPIRATION * MS_PER_SECOND)) {
+        logger.debug(`[Lock ID: ${lockId}] Refreshing access token for user ${this.#user.id}.`);
+        const query = {
+          client_id: config.GITLAB_CLIENT_ID,
+          client_secret: config.GITLAB_CLIENT_SECRET,
+          refresh_token: lockedUser.refreshToken,
+          grant_type: 'refresh_token'
+        };
+        const refreshTokenResult = await request
+          .post(`${config.GITLAB_API_BASE_URL}/oauth/token`)
+          .query(query)
+          .end();
+        // save user token data
+        const expiresIn = refreshTokenResult.body.expires_in || config.GITLAB_ACCESS_TOKEN_DEFAULT_EXPIRATION;
+        const updates = {
+          accessToken: refreshTokenResult.body.access_token,
+          accessTokenExpiration: new Date(new Date().getTime() + expiresIn * MS_PER_SECOND),
+          refreshToken: refreshTokenResult.body.refresh_token
+        };
+        _.assign(lockedUser, updates);
+        await dbHelper.update(models.User, lockedUser.id, updates);
+      }
+      return lockedUser;
+    } finally {
+      if (lockedUser) {
+        logger.debug(`[Lock ID: ${lockId}] Releasing lock on user ${this.#user.id}.`);
+        await dbHelper.releaseLockOnUser(this.#user.id, lockId);
+      }
     }
-    return user;
   }
 
   /**
@@ -433,6 +455,60 @@ class GitlabService {
     Joi.attempt({repository}, {repository: Joi.object().required()});
     await this.#gitlab.Projects.fork(repository.id);
   }
+
+  /**
+   * Get the diff patch for a gitlab merge request
+   * @param {import('@gitbeaker/rest').MergeRequestSchemaWithBasicLabels} mergeRequest The merge request
+   * @returns {Promise<String>} The diff patch
+   */
+  async getMergeRequestDiffPatches(mergeRequest) {
+    Joi.attempt({mergeRequest}, {
+      mergeRequest: Joi.object().keys({
+        web_url: Joi.string().required()
+      }).unknown(true).required()
+    });
+    const diff = await this.#gitlab.MergeRequests.allDiffs(mergeRequest.target_project_id, mergeRequest.iid);
+    const patchFile = diff.reduce((acc, file) => {
+      // Header
+      acc += `diff --git a/${file.old_path} b/${file.new_path}\n`;
+      // Index
+      if (file.new_file) {
+        acc += `new file mode ${file.b_mode}\n`;
+      }
+      if (file.deleted_file) {
+        acc += `deleted file mode ${file.a_mode}\n`;
+      }
+      if (file.diff && file.diff !== '') {
+        acc += `--- a/${file.new_file ? '/dev/null' : file.old_path}\n`;
+        acc += `+++ b/${file.deleted_file ? '/dev/null' : file.new_path}\n`;
+        acc += file.diff;
+      } else if (file.renamed_file) {
+        acc += 'similarity index 100%\n';
+        acc += `rename from ${file.old_path}\n`;
+        acc += `rename to ${file.new_path}\n`;
+      }
+      return acc;
+    }, '');
+    console.log(patchFile);
+    return patchFile;
+  }
+
+  /**
+   * Get a list of all merge requests for a gitlab repository
+   * @param {ProjectSchema} repository The repository
+   * @param {Number} userId
+   */
+  async getOpenMergeRequestsByUser(repository, userId) {
+    Joi.attempt({repository, userId}, {
+      repository: Joi.object().required(),
+      userId: Joi.number().required()
+    });
+    return this.#gitlab.MergeRequests.all({
+      projectId: repository.id,
+      state: 'opened',
+      authorId: userId
+    });
+  }
 }
 
 module.exports = GitlabService;

services/GitlabService.js

@@ -6,12 +6,12 @@ const uuid = require('uuid').v4;
 const models = require('../models');
 const dbHelper = require('../utils/db-helper');
 const logger = require('../utils/logger');
+const errors = require('../utils/errors');
 const GitlabService = require('../services/GitlabService');
-const {GITLAB_ACCESS_LEVELS} = require('../constants');
+const {GITLAB_ACCESS_LEVELS, USER_ROLES, USER_TYPES} = require('../constants');
 
 const ProjectChallengeMapping = models.ProjectChallengeMapping;
 const Project = models.Project;
-const Repository = models.Repository;
 const User = models.User;
 const GitlabUserMapping = models.GitlabUserMapping;
 
@@ -25,7 +25,7 @@ const GitlabUserMapping = models.GitlabUserMapping;
 async function process(payload) {
   const {challengeId, memberId, memberHandle} = payload;
   const correlationId = uuid();
-  const logPrefix = `[${correlationId}][PullRequestService#process]`;
+  const logPrefix = `[Correlation ID: ${correlationId}][PullRequestService#process]`;
   logger.debug(`${logPrefix}: Challenge ID: ${challengeId}`);
   logger.debug(`${logPrefix}: Member ID: ${memberId}`);
   logger.debug(`${logPrefix}: Member Handle: ${memberHandle}`);
@@ -55,7 +55,7 @@ async function process(payload) {
   }
   logger.debug(`${logPrefix} Project: ${JSON.stringify(project)}`);
   // Get Repositories
-  const repositories = await dbHelper.queryAllRepositoriesByProjectId(Repository, project.id);
+  const repositories = await dbHelper.queryAllRepositoriesByProjectId(project.id);
   if (!repositories || repositories.length === 0) {
     logger.info(`${logPrefix} Repository not found for projectId: ${project.id}`);
     return;
@@ -69,9 +69,9 @@ async function process(payload) {
   }
   logger.debug(`${logPrefix} GitlabUserMapping[Copilot]: ${JSON.stringify(copilotGitlabUserMapping)}`);
   // Get Gitlab User
-  const copilotGitlabUser = await dbHelper.queryOneUserByType(User, copilotGitlabUserMapping.gitlabUsername, 'gitlab');
+  const copilotGitlabUser = await dbHelper.queryOneUserByTypeAndRole(User, copilotGitlabUserMapping.gitlabUsername, USER_TYPES.GITLAB, USER_ROLES.OWNER);
   if (!copilotGitlabUser) {
-    logger.info(`${logPrefix} GitlabUser not found for copilot: ${project.copilot}`);
+    logger.info(`${logPrefix} User[Type=${USER_TYPES.GITLAB}, Role=${USER_ROLES.OWNER}] not found for copilot: ${project.copilot}`);
     return;
   }
   logger.debug(`${logPrefix} GitlabUser[Copilot]: ${JSON.stringify(copilotGitlabUser)}`);
@@ -85,7 +85,7 @@ async function process(payload) {
   }
   logger.debug(`${logPrefix} GitlabUserMapping[Member]: ${JSON.stringify(memberGitlabUserMapping)}`);
   // Get Gitlab User
-  const memberGitlabUser = await dbHelper.queryOneUserByType(User, memberGitlabUserMapping.gitlabUsername, 'gitlab');
+  const memberGitlabUser = await dbHelper.queryOneUserByTypeAndRole(User, memberGitlabUserMapping.gitlabUsername, USER_TYPES.GITLAB, USER_ROLES.GUEST);
   if (!memberGitlabUser) {
     logger.info(`${logPrefix} GitlabUser not found for memberHandle: ${memberHandle}`);
     return;
@@ -102,10 +102,12 @@ async function process(payload) {
       }
       // Add user as a guest to the repo
       await copilotGitlabService.addUserToRepository(repository, memberGitlabUser, GITLAB_ACCESS_LEVELS.DEVELOPER);
+      logger.debug(`${logPrefix} User (${memberGitlabUser.username}) added to repository (${repo.url})`);
       // Fork the repository
       await memberGitlabService.forkRepository(repository);
+      logger.debug(`${logPrefix} Repository (${repo.url}) forked for user: ${memberGitlabUser.username}`);
     } catch (err) {
-      logger.error(`${logPrefix} Error: ${err.message}`, err);
+      throw errors.handleGitLabError(err, 'Error occurred while forking repository to user\'s namespace in GitLab');
     }
   }));
 }