Skip to content
Snippets Groups Projects
Commit 44c2afbd authored by Hahn Axel (hahn)'s avatar Hahn Axel (hahn)
Browse files

Merge branch '7821-improve-api-error-messages' into 'master' 

7821 improve api error messages

See merge request !82
parents 3050dadd b6357621
No related branches found
No related tags found
1 merge request!827821 improve api error messages
Pipeline #4759 passed
Stage: deploy
Show whitespace changes
Inline Side-by-side
public_html/api/index.php
+ 11
6
View file @ 44c2afbd
...@@ -68,6 +68,7 @@ function _quit(string $s, int $iStatus = 400): void ...@@ -68,6 +68,7 @@ function _quit(string $s, int $iStatus = 400): void
{ {
$aStatus = [ $aStatus = [
400 => 'HTTP/1.0 400 Bad Request', 400 => 'HTTP/1.0 400 Bad Request',
401 => 'HTTP/1.0 401 Unauthorized',
403 => 'HTTP/1.0 403 Access denied', 403 => 'HTTP/1.0 403 Access denied',
404 => 'HTTP/1.0 404 Not found', 404 => 'HTTP/1.0 404 Not found',
]; ];
...@@ -105,7 +106,7 @@ function _checkAuth(string $sProjectSecret): bool ...@@ -105,7 +106,7 @@ function _checkAuth(string $sProjectSecret): bool
$aReqHeaders = apache_request_headers(); $aReqHeaders = apache_request_headers();
_wd('<pre>' . print_r($aReqHeaders, 1) . '</pre>'); _wd('<pre>' . print_r($aReqHeaders, 1) . '</pre>');
if (!isset($aReqHeaders['Authorization'])) { if (!isset($aReqHeaders['Authorization'])) {
_quit('Access denied. Missing authorization.', 403); _quit('Access denied. Missing authorization.', 401);
} }
if (!isset($aReqHeaders['Date'])) { if (!isset($aReqHeaders['Date'])) {
_quit('Access denied. Missing field "Date:" in the request header.', 403); _quit('Access denied. Missing field "Date:" in the request header.', 403);
...@@ -123,7 +124,7 @@ function _checkAuth(string $sProjectSecret): bool ...@@ -123,7 +124,7 @@ function _checkAuth(string $sProjectSecret): bool
_wd('Hash: ' . $sGotHash . ' -- from header'); _wd('Hash: ' . $sGotHash . ' -- from header');
_wd('Hash: ' . $sMyHash . ' -- rebuilt'); _wd('Hash: ' . $sMyHash . ' -- rebuilt');
if ($sGotHash !== $sMyHash) { if ($sGotHash !== $sMyHash) {
_quit('Access denied. Invalid hash.', 403); _quit('Access denied. Invalid hash.', 401);
} }
$iAge = date('U') - date('U', strtotime($sGotDate)); $iAge = date('U') - date('U', strtotime($sGotDate));
...@@ -216,14 +217,18 @@ switch ($sApiVersion) { ...@@ -216,14 +217,18 @@ switch ($sApiVersion) {
ob_end_clean(); ob_end_clean();
} catch (Exception $exc) { } catch (Exception $exc) {
_quit('ERROR: project with id [' . $sPrjId . '] does not exist.', 404); _quit('ERROR: project with id [' . $sPrjId . '] cannot be initialized.', 400); // never reached
} }
// get secret // get secret
$aPrjCfg = $oProject->getConfig(); $aPrjCfg = $oProject->getConfig();
$sProjectSecret = isset($aPrjCfg['api']['secret']) ? $aPrjCfg['api']['secret'] : false; if(!count($aPrjCfg)){
_quit('ERROR: project with id [' . $sPrjId . '] does not exist.', 404);
}
$sProjectSecret = $aPrjCfg['api']['secret'] ?? false;
if (!$sProjectSecret) { if (!$sProjectSecret) {
_quit('Access denied. API access is disabled.'); _quit('Access denied. API access is disabled.', 403);
} }
// check authorization // check authorization
......
shellscripts/api-imlciserver.sh
+ 64
60
View file @ 44c2afbd
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
# 2020-07-23 v1.0 <axel.hahn@iml.unibe.ch> first lines # 2020-07-23 v1.0 <axel.hahn@iml.unibe.ch> first lines
# 2020-07-29 v1.1 <axel.hahn@iml.unibe.ch> check "/" in branch; check http status 200 # 2020-07-29 v1.1 <axel.hahn@iml.unibe.ch> check "/" in branch; check http status 200
# 2021-03-29 v1.2 <axel.hahn@iml.unibe.ch> support slashes in branch names # 2021-03-29 v1.2 <axel.hahn@iml.unibe.ch> support slashes in branch names
# 2025-02-19 v1.3 <axel.hahn@iml.unibe.ch> shell fixes; long cli parameters
# ====================================================================== # ======================================================================
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
...@@ -22,30 +23,35 @@ line="----------------------------------------------------------------------" ...@@ -22,30 +23,35 @@ line="----------------------------------------------------------------------"
# FUNCTIONS # FUNCTIONS
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Show help with parameters
function showhelp(){ function showhelp(){
local _self; _self="$( basename "$0" )"
echo " echo "
SYNTAX: SYNTAX:
-a ACTION set name of an action -a, --action ACTION
-b BRANCH set custom branch to access, i.e. origin/feature-123 set name of an action
-p PROJECT project name in the ci server; overrides env variable IMLCI_PROJECT
-s SECRET API secret for the given project; overrides env variable IMLCI_API_SECRET
-u URL URL of iml ci server without trailing /; overrides env variable IMLCI_URL
ACTION:
... without given project and secret ... without given project and secret
projects show projects projects show projects
... with project and secret ... with project and secret
buildinfo [branch] buildinfo BRANCH
show infos about what happens on build show infos about what happens on build
build [branch] build BRANCH
execute build execute build
phases show status of phases phases show status of phases
-b, --branch BRANCH
set custom branch to access, i.e. origin/feature-123
-p, --project PROJECT
project name in the ci server; overrides env variable IMLCI_PROJECT
-s, --secret SECRET
API secret for the given project; overrides env variable IMLCI_API_SECRET
-u. --url URL
URL of iml ci server without trailing /; overrides env variable IMLCI_URL
EXAMPLES: EXAMPLES:
`basename $0` -u https://ci.example.com -a projects $_self -u https://ci.example.com -a projects
`basename $0` -u https://ci.example.com -p myproject -s 12345678 -a buildinfo $_self -u https://ci.example.com -p myproject -s 12345678 -a buildinfo
`basename $0` -u https://ci.example.com -p myproject -s 12345678 -a build $_self -u https://ci.example.com -p myproject -s 12345678 -a build
" "
} }
...@@ -59,7 +65,7 @@ function makeRequest(){ ...@@ -59,7 +65,7 @@ function makeRequest(){
local outfile=$( mktemp ) local outfile=$( mktemp )
echo $line echo $line
echo $apiMethod ${apiHost}${apiRequest} echo "$apiMethod ${IMLCI_URL}${apiRequest}"
echo $line echo $line
if [ ! -z "$secret" ]; then if [ ! -z "$secret" ]; then
...@@ -67,7 +73,7 @@ function makeRequest(){ ...@@ -67,7 +73,7 @@ function makeRequest(){
# --- date in http format # --- date in http format
LANG=en_EN LANG=en_EN
# export TZ=GMT # export TZ=GMT
apiTS=`date "+%a, %d %b %Y %H:%M:%S %Z"` apiTS=$( date "+%a, %d %b %Y %H:%M:%S %Z" )
# --- generate data to hash: method + uri + timestamp; delimited with line break # --- generate data to hash: method + uri + timestamp; delimited with line break
...@@ -77,30 +83,32 @@ ${apiTS} ...@@ -77,30 +83,32 @@ ${apiTS}
" "
# generate hash - split in 2 commands (piping "cut" sends additional line break) # generate hash - split in 2 commands (piping "cut" sends additional line break)
myHash=`echo -n "$data" | openssl sha1 -hmac "${secret}" | cut -f 2 -d" "` myHash=$( echo -n "$data" | openssl sha1 -hmac "${secret}" | cut -f 2 -d" ")
myHash=`echo -n "$myHash" | base64` myHash=$( echo -n "$myHash" | base64 )
curl -i \ curl -i \
-H "Accept: application/json" -H "Content-Type: application/json" \ -H "Accept: application/json" -H "Content-Type: application/json" \
-H "Date: ${apiTS}" \ -H "Date: ${apiTS}" \
-H "Authorization: demo-bash-client:${myHash}" \ -H "Authorization: demo-bash-client:${myHash}" \
-X $apiMethod \ -X "$apiMethod" \
${IMLCI_URL}${apiRequest} | tee -a $outfile -s \
"${IMLCI_URL}${apiRequest}" | tee -a "$outfile"
else else
curl -i \ curl -i \
-H "Accept: application/json" -H "Content-Type: application/json" \ -H "Accept: application/json" -H "Content-Type: application/json" \
-X $apiMethod \ -X "$apiMethod" \
${IMLCI_URL}${apiRequest} | tee -a $outfile -s \
"${IMLCI_URL}${apiRequest}" | tee -a "$outfile"
fi fi
grep "^HTTP/" $outfile | head -1 | grep " 200 " >/dev/null grep "^HTTP/" "$outfile" | head -1 | grep " 200 " >/dev/null
local rccurl=$? local rccurl=$?
rm -f $outfile rm -f "$outfile"
if [ $rccurl -ne 0 ]; then if [ $rccurl -ne 0 ]; then
echo echo
echo "ERROR: API request failed. CURL request did not get respond status code 200." echo "ERROR: API request failed. CURL request did not get respond status code 200."
exit 4 exit 5
fi fi
} }
...@@ -110,38 +118,34 @@ ${apiTS} ...@@ -110,38 +118,34 @@ ${apiTS}
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
echo echo
echo ===== API CALL TO IML CI SERVER :: `date` ===== echo "===== API CALL TO IML CI SERVER :: $( date ) ====="
echo echo
if [ $# -lt 1 ]; then if [ $# -eq 0 ]; then
showhelp showhelp
exit 1 exit 1
fi fi
while getopts "a:b:u:p:s:" option; do while [[ "$#" -gt 0 ]]; do case $1 in
case ${option} in -a|--action) apiAction="$2";shift; shift;;
a) -b|--branch) branch="$2";shift; shift;;
apiAction=$OPTARG -h|--help) showhelp; exit 0;;
;; -u|--url) IMLCI_URL="$2";shift; shift;;
b) -p|--project) IMLCI_PROJECT="$2";shift; shift;;
branch=$OPTARG -s|--secret) IMLCI_API_SECRET="$2";shift; shift;;
;; *) if grep "^-" <<< "$1" >/dev/null ; then
u) echo; echo "ERROR: Unknown parameter: $1"; echo; showhelp; exit 2
export IMLCI_URL=$OPTARG fi
;; break;
p)
export IMLCI_PROJECT=$OPTARG
;;
s)
export IMLCI_API_SECRET=$OPTARG
;; ;;
*) esac; done
echo ERROR: invalid option [${option}] if [ $# -gt 0 ]; then
exit 2 showhelp
esac exit 3
done fi
echo Params: $*
echo "Params: $*"
echo "IMLCI_URL = $IMLCI_URL" echo "IMLCI_URL = $IMLCI_URL"
echo "IMLCI_PROJECT = $IMLCI_PROJECT" echo "IMLCI_PROJECT = $IMLCI_PROJECT"
echo "IMLCI_API_SECRET = $IMLCI_API_SECRET" echo "IMLCI_API_SECRET = $IMLCI_API_SECRET"
...@@ -151,7 +155,7 @@ echo ...@@ -151,7 +155,7 @@ echo
# echo $branch | grep '/.*/.*' >/dev/null && ( echo "WARNING: Do NOT use a branch containing a slash [/] in the name"; echo ) # echo $branch | grep '/.*/.*' >/dev/null && ( echo "WARNING: Do NOT use a branch containing a slash [/] in the name"; echo )
echo ACTION: $apiAction echo "ACTION: $apiAction"
case $apiAction in case $apiAction in
# --- projects is an access without autorization # --- projects is an access without autorization
...@@ -161,17 +165,17 @@ case $apiAction in ...@@ -161,17 +165,17 @@ case $apiAction in
# --- access WITH autorization only # --- access WITH autorization only
"build") "build")
makeRequest POST /api/v1/project/$IMLCI_PROJECT/build/$branch "$IMLCI_API_SECRET" makeRequest POST "/api/v1/project/$IMLCI_PROJECT/build/$branch" "$IMLCI_API_SECRET"
;; ;;
"buildinfo") "buildinfo")
makeRequest GET /api/v1/project/$IMLCI_PROJECT/build/$branch "$IMLCI_API_SECRET" makeRequest GET "/api/v1/project/$IMLCI_PROJECT/build/$branch" "$IMLCI_API_SECRET"
;; ;;
"phases") "phases")
makeRequest GET /api/v1/project/$IMLCI_PROJECT/phases "$IMLCI_API_SECRET" makeRequest GET "/api/v1/project/$IMLCI_PROJECT/phases" "$IMLCI_API_SECRET"
;; ;;
*) *)
echo "ERROR: unknown action [$apiAction]" echo "ERROR: unknown action [$apiAction]"
exit 3 exit 4
esac esac
rc=$? rc=$?
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment