4f01015132
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Fix no-op RequireProjectAccess middleware to enforce project_ids
- Apply project access middleware to all project-scoped routes
- Filter GET /projects by allowed project IDs for restricted keys
- Add GET /me endpoint with key identity, scopes, and project access info
- Add PATCH /keys/{id} for partial key updates (name, scopes, project_ids, allowed_ips, expires_in)
- Add GET/POST/DELETE /projects/{id}/access for project-centric access management
- Auto-grant creating key access when using POST /project/create-and-build
- Accept grant_to_key_ids in create-and-build to grant multiple keys on project creation
- Move newProvisionerWithDeps test helper from production code to test file
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
81 lines
2.3 KiB
Go
81 lines
2.3 KiB
Go
// Package domain contains core business entities.
|
|
package domain
|
|
|
|
import "time"
|
|
|
|
// Credential represents a stored secret/credential for infrastructure adapters.
|
|
// Credentials are encrypted at rest and accessed by key name.
|
|
type Credential struct {
|
|
// Key is the unique identifier (e.g., "GITEA_TOKEN", "CLOUDFLARE_API_TOKEN")
|
|
Key string
|
|
|
|
// Value is the credential value (stored encrypted in database)
|
|
Value string
|
|
|
|
// Description explains what this credential is for
|
|
Description string
|
|
|
|
// Category groups related credentials (e.g., "gitea", "cloudflare", "woodpecker")
|
|
Category string
|
|
|
|
// CreatedAt is when the credential was first stored
|
|
CreatedAt time.Time
|
|
|
|
// UpdatedAt is when the credential was last modified
|
|
UpdatedAt time.Time
|
|
|
|
// UpdatedBy tracks who last modified the credential
|
|
UpdatedBy string
|
|
}
|
|
|
|
// CredentialCategories for grouping.
|
|
const (
|
|
CredentialCategoryGitea = "gitea"
|
|
CredentialCategoryCloudflare = "cloudflare"
|
|
CredentialCategoryWoodpecker = "woodpecker"
|
|
CredentialCategoryDatabase = "database"
|
|
CredentialCategoryRegistry = "registry"
|
|
CredentialCategoryWorker = "worker"
|
|
CredentialCategoryStorage = "storage"
|
|
CredentialCategoryAI = "ai"
|
|
CredentialCategoryNotify = "notify"
|
|
)
|
|
|
|
// Known credential keys.
|
|
const (
|
|
// Gitea
|
|
CredKeyGiteaToken = "GITEA_TOKEN"
|
|
CredKeyGiteaURL = "GITEA_URL"
|
|
|
|
// Cloudflare
|
|
CredKeyCloudflareAPIToken = "CLOUDFLARE_API_TOKEN"
|
|
CredKeyCloudflareZoneID = "CLOUDFLARE_ZONE_ID"
|
|
|
|
// Woodpecker
|
|
CredKeyWoodpeckerURL = "WOODPECKER_URL"
|
|
CredKeyWoodpeckerAPIToken = "WOODPECKER_API_TOKEN"
|
|
CredKeyWoodpeckerWebhookSecret = "WOODPECKER_WEBHOOK_SECRET"
|
|
|
|
// Registry
|
|
CredKeyRegistryURL = "REGISTRY_URL"
|
|
|
|
// GCS
|
|
CredKeyGCSBucket = "GCS_BUCKET"
|
|
CredKeyGCSServiceAccountJSON = "GCS_SERVICE_ACCOUNT_JSON"
|
|
|
|
// AI Providers
|
|
CredKeyLaozhangAPIKey = "LAOZHANG_API_KEY"
|
|
CredKeyGeminiAPIKey = "GEMINI_API_KEY"
|
|
|
|
// Notify service (email delivery)
|
|
CredKeyNotifyURL = "NOTIFY_URL"
|
|
CredKeyNotifyAdminKey = "NOTIFY_ADMIN_KEY"
|
|
CredKeyNotifyAPIKey = "NOTIFY_API_KEY"
|
|
CredKeyNotifyHost = "NOTIFY_HOST"
|
|
CredKeyNotifyFrom = "NOTIFY_FROM"
|
|
CredKeyNotifyResendDomainID = "NOTIFY_RESEND_DOMAIN_ID"
|
|
|
|
// Resend (email provider for per-project domain provisioning)
|
|
CredKeyResendAPIKey = "RESEND_API_KEY"
|
|
)
|