fix(source-control): detect authenticated self-hosted gitlab remotes

Author: GuilhermeVieiraDev

apps/server/src/sourceControl/GitLabSourceControlProvider.ts

@@ -1,8 +1,18 @@
 import { Effect, Layer, Option } from "effect";
-import { SourceControlProviderError, type ChangeRequest } from "@t3tools/contracts";
+import {
+  SourceControlProviderError,
+  type ChangeRequest,
+  type SourceControlProviderInfo,
+} from "@t3tools/contracts";
 
 import { GitLabCli, type GitLabCliError, type GitLabMergeRequestSummary } from "./GitLabCli.ts";
-import { SourceControlProvider, type SourceControlRefSelector } from "./SourceControlProvider.ts";
+import {
+  SourceControlProvider,
+  type SourceControlProviderRemoteDetector,
+  type SourceControlRefSelector,
+} from "./SourceControlProvider.ts";
+import { parseGitLabAuthStatusHosts } from "./gitLabAuthStatus.ts";
+import { VcsProcess } from "../vcs/VcsProcess.ts";
 
 function providerError(operation: string, cause: GitLabCliError): SourceControlProviderError {
   return new SourceControlProviderError({
@@ -103,4 +113,40 @@ export const make = Effect.fn("makeGitLabSourceControlProvider")(function* () {
   });
 });
 
+export const makeRemoteDetector = Effect.fn("makeGitLabRemoteDetector")(function* () {
+  const process = yield* VcsProcess;
+
+  return ((input) => {
+    if (input.context.provider.kind !== "unknown") {
+      return Effect.succeed(null);
+    }
+
+    const host = input.context.provider.name;
+    return process
+      .run({
+        operation: "source-control.provider-detection.gitlab-auth-status",
+        command: "glab",
+        args: ["auth", "status"],
+        cwd: input.cwd,
+        allowNonZeroExit: true,
+      })
+      .pipe(
+        Effect.map((output) => {
+          const authenticated = parseGitLabAuthStatusHosts(`${output.stdout}\n${output.stderr}`)
+            .filter((entry) => entry.account !== null)
+            .some((entry) => entry.host === host);
+
+          return authenticated
+            ? ({
+                kind: "gitlab",
+                name: host === "gitlab.com" ? "GitLab" : "GitLab Self-Hosted",
+                baseUrl: input.context.provider.baseUrl,
+              } satisfies SourceControlProviderInfo)
+            : null;
+        }),
+        Effect.catch(() => Effect.succeed(null)),
+      );
+  }) satisfies SourceControlProviderRemoteDetector;
+});
+
 export const layer = Layer.effect(SourceControlProvider, make());

apps/server/src/sourceControl/SourceControlDiscovery.test.ts

@@ -212,3 +212,62 @@ Logged in as bitbucket-user
     );
   }).pipe(Effect.provide(testLayer));
 });
+
+it.effect("accepts authenticated GitLab hosts when another configured host fails", () => {
+  const testLayer = layer.pipe(
+    Layer.provide(
+      ServerConfig.layerTest(process.cwd(), { prefix: "t3-source-control-gitlab-auth-" }),
+    ),
+    Layer.provide(
+      Layer.mock(VcsProcess.VcsProcess)({
+        run: (input) => {
+          if (input.args[0] === "--version") {
+            return Effect.succeed(processOutput(`${input.command} version test\n`));
+          }
+          if (input.command === "glab" && input.args.join(" ") === "auth status") {
+            return Effect.succeed(
+              processOutput(
+                `gitlab.com
+  x gitlab.com: API call failed: 401 Unauthorized
+  ! No token found
+self-hosted.example.test
+  ✓ Logged in to self-hosted.example.test as gitlab-user
+  ✓ Token found: ******
+`,
+                { exitCode: ChildProcessSpawner.ExitCode(1) },
+              ),
+            );
+          }
+          return Effect.fail(
+            new VcsProcessSpawnError({
+              operation: input.operation,
+              command: input.command,
+              cwd: input.cwd,
+              cause: new Error(`${input.command} not found`),
+            }),
+          );
+        },
+      }),
+    ),
+    Layer.provideMerge(NodeServices.layer),
+  );
+
+  return Effect.gen(function* () {
+    const discovery = yield* SourceControlDiscovery;
+    const result = yield* discovery.discover;
+    const gitlab = result.sourceControlProviders.find((item) => item.kind === "gitlab");
+
+    assert.deepStrictEqual(
+      {
+        status: gitlab?.auth.status,
+        account: gitlab?.auth.account,
+        host: gitlab?.auth.host,
+      },
+      {
+        status: "authenticated",
+        account: Option.some("gitlab-user"),
+        host: Option.some("self-hosted.example.test"),
+      },
+    );
+  }).pipe(Effect.provide(testLayer));
+});

apps/server/src/sourceControl/SourceControlDiscovery.ts

@@ -10,6 +10,7 @@ import { Context, Effect, Layer, Option } from "effect";
 
 import { ServerConfig } from "../config.ts";
 import * as VcsProcess from "../vcs/VcsProcess.ts";
+import { findAuthenticatedGitLabHost, parseGitLabAuthStatusHosts } from "./gitLabAuthStatus.ts";
 
 interface DiscoveryProbe {
   readonly label: string;
@@ -218,12 +219,19 @@ function parseGitHubAuth(input: AuthProbeInput): SourceControlProviderAuth {
 
 function parseGitLabAuth(input: AuthProbeInput): SourceControlProviderAuth {
   const output = combinedAuthOutput(input);
-  const account = matchFirst(output, [
-    /Logged in to .* as\s+([^\s(]+)/iu,
-    /Logged in to .* account\s+([^\s(]+)/iu,
-    /account:\s*([^\s(]+)/iu,
-  ]);
-  const host = parseCliHost(output);
+  const authenticatedHost = findAuthenticatedGitLabHost(parseGitLabAuthStatusHosts(output));
+  const account =
+    authenticatedHost?.account ??
+    matchFirst(output, [
+      /Logged in to .* as\s+([^\s(]+)/iu,
+      /Logged in to .* account\s+([^\s(]+)/iu,
+      /account:\s*([^\s(]+)/iu,
+    ]);
+  const host = authenticatedHost?.host ?? parseCliHost(output);
+
+  if (account) {
+    return providerAuth({ status: "authenticated", account, host });
+  }
 
   if (input.exitCode !== 0) {
     return providerAuth({
@@ -233,10 +241,6 @@ function parseGitLabAuth(input: AuthProbeInput): SourceControlProviderAuth {
     });
   }
 
-  if (account) {
-    return providerAuth({ status: "authenticated", account, host });
-  }
-
   return providerAuth({
     status: "unknown",
     host,

apps/server/src/sourceControl/SourceControlProvider.ts

@@ -14,6 +14,11 @@ export interface SourceControlProviderContext {
   readonly remoteUrl: string;
 }
 
+export type SourceControlProviderRemoteDetector = (input: {
+  readonly cwd: string;
+  readonly context: SourceControlProviderContext;
+}) => Effect.Effect<SourceControlProviderInfo | null, SourceControlProviderError>;
+
 export interface SourceControlRefSelector {
   readonly refName: string;
   readonly owner?: string;

apps/server/src/sourceControl/SourceControlProviderRegistry.test.ts

@@ -1,11 +1,13 @@
 import { assert, it } from "@effect/vitest";
 import { DateTime, Effect, Layer, Option } from "effect";
+import { ChildProcessSpawner } from "effect/unstable/process";
 
 import { GitHubCli } from "./GitHubCli.ts";
 import { GitLabCli } from "./GitLabCli.ts";
 import * as SourceControlProviderRegistry from "./SourceControlProviderRegistry.ts";
 import { VcsDriverRegistry } from "../vcs/VcsDriverRegistry.ts";
 import type { VcsDriverShape } from "../vcs/VcsDriver.ts";
+import * as VcsProcess from "../vcs/VcsProcess.ts";
 
 const TEST_EPOCH = DateTime.makeUnsafe("1970-01-01T00:00:00.000Z");
 
@@ -14,6 +16,7 @@ function makeRegistry(input: {
     readonly name: string;
     readonly url: string;
   }>;
+  readonly gitLabAuthStatus?: string;
 }) {
   const driver = {
     listRemotes: () =>
@@ -49,10 +52,25 @@ function makeRegistry(input: {
         driver: driver as unknown as VcsDriverShape,
       }),
   });
+  const processLayer = Layer.mock(VcsProcess.VcsProcess)({
+    run: () =>
+      Effect.succeed({
+        exitCode: ChildProcessSpawner.ExitCode(input.gitLabAuthStatus ? 1 : 0),
+        stdout: input.gitLabAuthStatus ?? "",
+        stderr: "",
+        stdoutTruncated: false,
+        stderrTruncated: false,
+      }),
+  });
 
   return SourceControlProviderRegistry.make().pipe(
     Effect.provide(
-      Layer.mergeAll(registryLayer, Layer.mock(GitHubCli)({}), Layer.mock(GitLabCli)({})),
+      Layer.mergeAll(
+        registryLayer,
+        processLayer,
+        Layer.mock(GitHubCli)({}),
+        Layer.mock(GitLabCli)({}),
+      ),
     ),
   );
 }
@@ -93,6 +111,25 @@ it.effect("routes GitLab remotes to the GitLab provider", () =>
   }),
 );
 
+it.effect("routes authenticated self-hosted GitLab remotes without relying on host naming", () =>
+  Effect.gen(function* () {
+    const registry = yield* makeRegistry({
+      remotes: [{ name: "origin", url: "https://self-hosted.example.test/group/project.git" }],
+      gitLabAuthStatus: `gitlab.com
+  x gitlab.com: API call failed: 401 Unauthorized
+  ! No token found
+self-hosted.example.test
+  ✓ Logged in to self-hosted.example.test as gitlab-user
+  ✓ Token found: ******
+`,
+    });
+
+    const provider = yield* registry.resolve({ cwd: "/repo" });
+
+    assert.strictEqual(provider.kind, "gitlab");
+  }),
+);
+
 it.effect("falls back to a non-origin remote when origin is not configured", () =>
   Effect.gen(function* () {
     const registry = yield* makeRegistry({

apps/server/src/sourceControl/SourceControlProviderRegistry.ts

@@ -6,6 +6,7 @@ import { detectSourceControlProviderFromRemoteUrl } from "@t3tools/shared/source
 import {
   SourceControlProvider,
   type SourceControlProviderContext,
+  type SourceControlProviderRemoteDetector,
   type SourceControlProviderShape,
 } from "./SourceControlProvider.ts";
 import * as GitHubSourceControlProvider from "./GitHubSourceControlProvider.ts";
@@ -18,6 +19,7 @@ const PROVIDER_DETECTION_CACHE_TTL = Duration.seconds(5);
 export interface SourceControlProviderRegistration {
   readonly kind: SourceControlProviderKind;
   readonly provider: SourceControlProviderShape;
+  readonly detectRemote?: SourceControlProviderRemoteDetector;
 }
 
 export interface SourceControlProviderHandle {
@@ -99,6 +101,30 @@ function selectProviderContext(
   );
 }
 
+const resolveUnknownProviderContext = Effect.fn(
+  "SourceControlProviderRegistry.resolveUnknownProviderContext",
+)(function* (
+  registrations: ReadonlyArray<SourceControlProviderRegistration>,
+  context: SourceControlProviderContext | null,
+  cwd: string,
+) {
+  if (context === null || context.provider.kind !== "unknown") {
+    return context;
+  }
+
+  for (const registration of registrations) {
+    if (!registration.detectRemote) continue;
+    const provider = yield* registration
+      .detectRemote({ cwd, context })
+      .pipe(Effect.catch(() => Effect.succeed(null)));
+    if (provider) {
+      return { ...context, provider };
+    }
+  }
+
+  return context;
+});
+
 export const makeWithProviders = Effect.fn("makeSourceControlProviderRegistryWithProviders")(
   function* (registrations: ReadonlyArray<SourceControlProviderRegistration>) {
     const vcsRegistry = yield* VcsDriverRegistry;
@@ -117,8 +143,9 @@ export const makeWithProviders = Effect.fn("makeSourceControlProviderRegistryWit
         const remotes = yield* handle.driver
           .listRemotes(cwd)
           .pipe(Effect.mapError((error) => providerDetectionError("detectProvider", cwd, error)));
+        const context = selectProviderContext(remotes.remotes);
 
-        return selectProviderContext(remotes.remotes);
+        return yield* resolveUnknownProviderContext(registrations, context, cwd);
       },
     );
 
@@ -153,6 +180,7 @@ export const makeWithProviders = Effect.fn("makeSourceControlProviderRegistryWit
 export const make = Effect.fn("makeSourceControlProviderRegistry")(function* () {
   const github = yield* GitHubSourceControlProvider.make();
   const gitlab = yield* GitLabSourceControlProvider.make();
+  const gitlabDetector = yield* GitLabSourceControlProvider.makeRemoteDetector();
   return yield* makeWithProviders([
     {
       kind: "github",
@@ -161,6 +189,7 @@ export const make = Effect.fn("makeSourceControlProviderRegistry")(function* ()
     {
       kind: "gitlab",
       provider: gitlab,
+      detectRemote: gitlabDetector,
     },
   ]);
 });

apps/server/src/sourceControl/gitLabAuthStatus.ts

@@ -0,0 +1,48 @@
+const HOST_LINE_PATTERN = /^([a-z0-9][a-z0-9-]*(?:\.[a-z0-9-]+)+(?::\d+)?)$/iu;
+const LOGGED_IN_PATTERN = /Logged in to .+? as\s+([^\s(]+)/iu;
+
+export interface GitLabAuthStatusHost {
+  readonly host: string;
+  readonly account: string | null;
+}
+
+export function parseGitLabAuthStatusHosts(text: string): ReadonlyArray<GitLabAuthStatusHost> {
+  const hosts: GitLabAuthStatusHost[] = [];
+  let currentHost: string | null = null;
+  let currentLines: string[] = [];
+
+  const flush = () => {
+    if (currentHost === null) return;
+
+    const account = LOGGED_IN_PATTERN.exec(currentLines.join("\n"))?.[1]?.trim() || null;
+    hosts.push({ host: currentHost, account });
+    currentHost = null;
+    currentLines = [];
+  };
+
+  for (const rawLine of text.split(/\r?\n/)) {
+    const line = rawLine.trim();
+    if (line.length === 0) continue;
+
+    const isHostLine =
+      rawLine.length === rawLine.trimStart().length && HOST_LINE_PATTERN.test(line);
+    if (isHostLine) {
+      flush();
+      currentHost = line.toLowerCase();
+      continue;
+    }
+
+    if (currentHost !== null) {
+      currentLines.push(line);
+    }
+  }
+
+  flush();
+  return hosts;
+}
+
+export function findAuthenticatedGitLabHost(
+  hosts: ReadonlyArray<GitLabAuthStatusHost>,
+): GitLabAuthStatusHost | undefined {
+  return hosts.find((host) => host.account !== null);
+}