fix: openEuler迁移到gitCode,lfs服务做迁移

openEuler迁移到gitCode,lfs服务做迁移

Author: Zherphy

auth/gitee.go

@@ -22,11 +22,13 @@ var (
 	clientId              string
 	clientSecret          string
 	defaultToken          string
+	defaultGiteCodeToken  string
+	gitCodeSwitch         bool
 	openEulerAccountParam batch.OpenEulerAccountParam
 )
 
 var (
-	allowedRepos        = []string{"openeuler", "src-openeuler", "lfs-org"}
+	allowedRepos        = []string{"openeuler", "src-openeuler", "lfs-org", "openeuler-test"}
 	uploadPermissions   = []string{"admin", "developer"}
 	downloadPermissions = []string{"admin", "developer", "read"}
 )
@@ -101,7 +103,15 @@ func Init(cfg *config.Config) error {
 			return errors.New("default token required")
 		}
 	}
+	defaultGiteCodeToken = cfg.DefaultGitCodeToken
+	if defaultGiteCodeToken == "" {
+		defaultGiteCodeToken = os.Getenv("GITE_CODE_TOKEN")
+		if defaultGiteCodeToken == "" {
+			return errors.New("defaultGiteCode token required")
+		}
+	}
 
+	gitCodeSwitch = cfg.GitCodeSwitch
 	return nil
 }
 
@@ -133,7 +143,10 @@ func InitOpenEulerParam(cfg *config.Config) error {
 
 func GiteeAuth() func(UserInRepo) error {
 	return func(userInRepo UserInRepo) error {
-		if userInRepo.Password != "" {
+		if gitCodeSwitch {
+			userInRepo.Token = userInRepo.Password
+		}
+		if userInRepo.Password != "" && !gitCodeSwitch {
 			token, err := getToken(userInRepo.Username, userInRepo.Password)
 			if err != nil {
 				userInRepo.Token = userInRepo.Password
@@ -166,10 +179,27 @@ func CheckRepoOwner(userInRepo UserInRepo) (Repo, error) {
 	headers := http.Header{contentType: []string{"application/json;charset=UTF-8"}}
 	repo := new(Repo)
 	err := getParsedResponse("GET", path, headers, nil, &repo)
-	if err != nil {
+	gitCodePath := fmt.Sprintf(
+		"https://api.gitcode.com/api/v5/repos/%s/%s%s",
+		userInRepo.Owner,
+		userInRepo.Repo,
+		appendPathAccessToken,
+	)
+	if userInRepo.Token != "" {
+		gitCodePath += userInRepo.Token
+	} else {
+		gitCodePath += defaultGiteCodeToken
+	}
+	headersGitCode := http.Header{contentType: []string{"application/json;charset=UTF-8"}}
+	gitCodeRepo := new(Repo)
+	gitCodeErr := getParsedResponse("GET", gitCodePath, headersGitCode, nil, &gitCodeRepo)
+	if err != nil && gitCodeErr != nil {
 		msg := err.Error() + ": check repo_id failed"
 		return *repo, errors.New(msg)
 	}
+	if gitCodeErr == nil {
+		repo = gitCodeRepo
+	}
 	for _, allowedRepo := range allowedRepos {
 		if strings.Split(repo.Fullname, "/")[0] == allowedRepo {
 			return *repo, nil
@@ -224,12 +254,29 @@ func VerifyUser(userInRepo UserInRepo) error {
 	} else {
 		path += defaultToken
 	}
+	if gitCodeSwitch {
+		path = fmt.Sprintf(
+			"https://api.gitcode.com/api/v5/repos/%s/%s/collaborators/%s/permission%s",
+			userInRepo.Owner,
+			userInRepo.Repo,
+			userInRepo.Username,
+			appendPathAccessToken,
+		)
+		if userInRepo.Token != "" {
+			path += userInRepo.Token
+		} else {
+			path += defaultGiteCodeToken
+		}
+	}
 	headers := http.Header{contentType: []string{"application/json;charset=UTF-8"}}
 	giteeUser := new(giteeUser)
 	err := getParsedResponse("GET", path, headers, nil, &giteeUser)
 	if err != nil {
 		if userInRepo.Operation == "delete" {
 			msg := err.Error() + ": 删除权限校验失败，用户使用的gitee token错误或已经过期，请重新使用gitee登录"
+			if gitCodeSwitch {
+				msg = err.Error() + ": 删除权限校验失败，用户使用的gitCode token错误或已经过期，请重新使用gitCode登录"
+			}
 			return errors.New(msg)
 		} else {
 			msg := err.Error() + ": verify user permission failed"
@@ -407,6 +454,12 @@ func GetLFSMapping(userInRepo UserInRepo, pythonScriptPath ...string) (map[strin
 	repo := userInRepo.Repo
 	username := userInRepo.Username
 	token := userInRepo.Token
+	platform := "gitee"
+	if gitCodeSwitch {
+		platform = "gitcode"
+	} else {
+		platform = "gitee"
+	}
 
 	// 确定Python脚本路径
 	scriptPath, err := resolveScriptPath(pythonScriptPath...)
@@ -424,6 +477,7 @@ func GetLFSMapping(userInRepo UserInRepo, pythonScriptPath ...string) (map[strin
 	// 构建并执行命令
 	cmd := exec.Command("python3")
 	cmd.Args = append(cmd.Args, scriptPath)
+	cmd.Args = append(cmd.Args, platform)
 	cmd.Args = append(cmd.Args, owner)
 	cmd.Args = append(cmd.Args, repo)
 	cmd.Args = append(cmd.Args, outputFile)

config/config.go

@@ -16,11 +16,13 @@ type Config struct {
 	CdnDomain              string                 `json:"CDN_DOMAIN"`
 	ObsRegion              string                 `json:"OBS_REGION"`
 	DefaultToken           string                 `json:"DEFAULT_TOKEN"`
+	DefaultGitCodeToken    string                 `json:"DEFAULT_GIT_CODE_TOKEN"`
 	ValidateConfig         ValidateConfig         `json:"VALIDATE_REGEXP"`
 	ObsAccessKeyId         string                 `json:"OBS_ACCESS_KEY_ID"`
 	ObsSecretAccessKey     string                 `json:"OBS_SECRET_ACCESS_KEY"`
 	OpenEulerAccountConfig OpenEulerAccountConfig `json:"OPENEULER_ACCOUNT_PARAM"`
 	DBConfig               DBConfig               `json:"DATABASE"`
+	GitCodeSwitch          bool                   `json:"GIT_CODE_SWITCH" default:"false"`
 }
 
 type ValidateConfig struct {

docs/BasicGuide.md

@@ -65,6 +65,7 @@ git config --local lfs.url https://artifacts.openeuler.openatom.cn/{owner}/{repo
 > - 当存在.lfsconfig文件时，使用命令行进行LFS远程地址设置的优先级将高于.lfsconfig文件。  
 > - 在fork一个已经使用第三方LFS服务服务作为LFS远程服务的仓库后，需要需手动使用上述命令设置仓库中LFS远程地址，否则可能会出现权限校验问题，**错误代码401**。  
 > - url中{owner}/{repo}替换为实际的仓库路径，注意仓库路径的大小写。
+> - Artlfs服务在迁移到AtomGit平台后，需要使用账号-token的方式进行身份验证。
 
 - 选择要用LFS追踪的文件
 

docs/QuickStart.md

@@ -22,7 +22,8 @@ $ git config --local lfs.url https://artifacts.openeuler.openatom.cn/{owner}/{re
 ```
 
 > 当存在.lfsconfig文件时，使用命令行进行LFS远程地址设置的优先级将高于.lfsconfig文件。  
-> url中{owner}/{repo}替换为实际的仓库路径，如：openeuler/lfs。由于Gitee默认会将仓库路径中的大写转化为小写，请确认仓库路径的大小写。
+> url中{owner}/{repo}替换为实际的仓库路径，如：openeuler/lfs。由于Gitee默认会将仓库路径中的大写转化为小写，请确认仓库路径的大小写。  
+> Artlfs服务在迁移到AtomGit平台后，需要使用账号-token的方式进行身份验证。
 
 ## 第三方LFS服务与Gitee的使用差异
 

main.go

@@ -61,7 +61,7 @@ func gatherOptions(fs *flag.FlagSet, args ...string) (options, error) {
 }
 
 func initConfig(cfg *config.Config) {
-	if err := server.Init(cfg.ValidateConfig); err != nil {
+	if err := server.Init(cfg); err != nil {
 		logrus.Errorf("load ValidateConfig, err:%s", err.Error())
 		return
 	}

scripts/lfsNameQuery.py

@@ -5,15 +5,39 @@
 import shutil
 from urllib.parse import quote_plus
 
+# 平台配置映射
+PLATFORM_CONFIGS = {
+    "gitee": {
+        "domain": "gitee.com",
+        "auth_method": "token"  # 或 "username_password"
+    },
+    "gitcode": {
+        "domain": "gitcode.com",
+        "auth_method": "token"  # GitCode必须使用Token认证[6](@ref)
+    }
+}
+
+def clone_repo_skip_lfs(platform, owner, repo, username=None, token=None, target_dir="temp_repo"):
+    """克隆仓库并强制跳过LFS文件下载，支持多平台"""
+    if platform not in PLATFORM_CONFIGS:
+        raise ValueError(f"不支持的平台: {platform}，支持的平台: {list(PLATFORM_CONFIGS.keys())}")
+
+    config = PLATFORM_CONFIGS[platform]
+    domain = config["domain"]
 
-def clone_repo_skip_lfs(gitee_owner, gitee_repo, username=None, token=None, target_dir="temp_repo"):
-    """克隆仓库并强制跳过LFS文件下载"""
+    # 构建认证URL
     if username and token:
         encoded_username = quote_plus(username)
         encoded_token = quote_plus(token)
-        repo_url = f"https://{encoded_username}:{encoded_token}@gitee.com/{gitee_owner}/{gitee_repo}.git"
+        repo_url = f"https://{encoded_username}:{encoded_token}@{domain}/{owner}/{repo}.git"
+    elif token and config["auth_method"] == "token":
+        # GitCode推荐方式：使用用户名+Token[6](@ref)
+        encoded_token = quote_plus(token)
+        # 假设username作为GitCode用户名
+        username = username or "gitcode_user"
+        repo_url = f"https://{username}:{encoded_token}@{domain}/{owner}/{repo}.git"
     else:
-        repo_url = f"https://gitee.com/{gitee_owner}/{gitee_repo}.git"
+        repo_url = f"https://{domain}/{owner}/{repo}.git"
 
     force_remove(target_dir)
 
@@ -24,6 +48,8 @@ def clone_repo_skip_lfs(gitee_owner, gitee_repo, username=None, token=None, targ
             "GIT_CLONE_PROTECTION_ACTIVE": "false"
         })
 
+        print(f"正在克隆 {platform} 仓库: {repo_url.replace(encoded_token, '***') if token else repo_url}")
+
         subprocess.run(
             ["git", "clone", repo_url, target_dir],
             env=env,
@@ -34,10 +60,15 @@ def clone_repo_skip_lfs(gitee_owner, gitee_repo, username=None, token=None, targ
         )
         return target_dir
     except subprocess.CalledProcessError as e:
-        error_msg = "克隆失败: "
+        error_msg = f"{platform}克隆失败: "
         if username and token:
             error_msg += "认证失败或"
         error_msg += e.stderr.strip() if e.stderr else '未知错误'
+
+        # 平台特定的错误提示
+        if platform == "gitcode":
+            error_msg += "\nGitCode提示: 请确认使用Token认证而非密码[6](@ref)"
+
         force_remove(target_dir)
         raise RuntimeError(error_msg)
 
@@ -123,15 +154,19 @@ def force_remove(path):
         os.system(f'rm -rf "{path}"' if os.name != 'nt' else f'rd /s /q "{path}"')
 
 
-def main(owner, repo, output_file="lfs_mapping.json", username=None, token=None):
+def main(platform, owner, repo, output_file="lfs_mapping.json", username=None, token=None):
+    """主函数，支持平台参数"""
     try:
-        repo_dir = clone_repo_skip_lfs(owner, repo, username, token)
+        if platform == "gitcode" and not token:
+            print("警告: GitCode强烈建议使用Token认证而非密码[6](@ref)")
+
+        repo_dir = clone_repo_skip_lfs(platform, owner, repo, username, token)
         mapping = get_all_branches_lfs_mapping(repo_dir)
 
         with open(output_file, "w", encoding="utf-8") as f:
             json.dump(mapping, f, indent=2, ensure_ascii=False)
 
-        print(f"结果已保存到 {output_file}")
+        print(f"{platform}平台结果已保存到 {output_file}")
         return True
     except Exception as e:
         print(f"错误: {str(e)}", file=sys.stderr)
@@ -140,18 +175,19 @@ def main(owner, repo, output_file="lfs_mapping.json", username=None, token=None)
         if 'repo_dir' in locals():
             force_remove(repo_dir)
 
-
 if __name__ == "__main__":
-    if len(sys.argv) < 3:
-        print("用法: python lfsNameQuery.py <owner> <repo> [output_file] [username] [token]")
+    if len(sys.argv) < 4:
+        print("用法: python lfsNameQuery.py <platform> <owner> <repo> [output_file] [username] [token]")
+        print("平台支持: gitee, gitcode")
         sys.exit(1)
 
     args = {
-        "owner": sys.argv[1],
-        "repo": sys.argv[2],
-        "output_file": sys.argv[3] if len(sys.argv) > 3 else "lfs_mapping.json",
-        "username": sys.argv[4] if len(sys.argv) > 4 else None,
-        "token": sys.argv[5] if len(sys.argv) > 5 else None
+        "platform": sys.argv[1],  # 新增平台参数
+        "owner": sys.argv[2],
+        "repo": sys.argv[3],
+        "output_file": sys.argv[4] if len(sys.argv) > 4 else "lfs_mapping.json",
+        "username": sys.argv[5] if len(sys.argv) > 5 else None,
+        "token": sys.argv[6] if len(sys.argv) > 6 else None
     }
 
-    sys.exit(0 if main( ** args) else 1)
+    sys.exit(0 if main(**args) else 1)

server/server.go

@@ -170,6 +170,10 @@ func (s *server) handleBatch(w http.ResponseWriter, r *http.Request) {
 }
 
 func addMetaData(req batch.Request, w http.ResponseWriter, userInRepo auth.UserInRepo) {
+	platform := "gitee"
+	if gitCodeSwitch {
+		platform = "atomGit"
+	}
 	// 添加元数据
 	if req.Operation == "upload" {
 		for _, object := range req.Objects {
@@ -179,7 +183,7 @@ func addMetaData(req batch.Request, w http.ResponseWriter, userInRepo auth.UserI
 				Oid:      object.OID,
 				Size:     object.Size,
 				Exist:    2,                   // 默认设置为2
-				Platform: "gitee",             // 默认平台
+				Platform: platform,            // 默认平台
 				Operator: userInRepo.Username, // 操作人
 			}
 
@@ -500,8 +504,13 @@ func (s *server) getLfsFiles(owner, repo, platform string, page, limit int) ([]d
 	var files []db.LfsObj
 
 	query := db.Db.Model(&db.LfsObj{}).
-		Where("owner = ? AND repo = ? AND platform = ? AND exist = 1", owner, repo, platform).
-		Order("create_time DESC").
+		Where("owner = ? AND repo = ? AND exist = 1", owner, repo)
+
+	if platform != "" {
+		query = query.Where("platform = ?", platform)
+	}
+
+	query = query.Order("create_time DESC").
 		Limit(limit).
 		Offset((page - 1) * limit)
 
@@ -583,10 +592,15 @@ func checkOidFileName() {
 		logrus.Errorf("fetch repo list failed: %v", err)
 		return
 	}
+	token := giteeDefaultToken
+	if gitCodeSwitch {
+		token = atomGiteDefaultToken
+	}
 	for _, repo := range repoList {
 		userInRepo := auth.UserInRepo{
 			Repo:  repo.Repo,
-			Owner: repo.Owner}
+			Owner: repo.Owner,
+			Token: token}
 		logrus.Infof("checkOidFileName owner:%v repo:%v", repo.Owner, repo.Repo)
 		checkRepoOidName(userInRepo)
 

server/validate.go

@@ -15,27 +15,34 @@ type validateConfig struct {
 
 var validatecfg validateConfig
 var Webhook_key string
-
-func Init(cfg config.ValidateConfig) error {
+var gitCodeSwitch bool
+var giteeDefaultToken string
+var atomGiteDefaultToken string
+
+func Init(cfg *config.Config) error {
+	validateConfig := cfg.ValidateConfig
+	gitCodeSwitch = cfg.GitCodeSwitch
+	giteeDefaultToken = cfg.DefaultToken
+	atomGiteDefaultToken = cfg.DefaultGitCodeToken
 	var err error
-	Webhook_key = cfg.WebhookKey
+	Webhook_key = validateConfig.WebhookKey
 
-	validatecfg.ownerRegexp, err = regexp.Compile(cfg.OwnerRegexp)
+	validatecfg.ownerRegexp, err = regexp.Compile(validateConfig.OwnerRegexp)
 	if err != nil {
 		return fmt.Errorf("failed to compile owner regexp: %w", err)
 	}
 
-	validatecfg.reponameRegexp, err = regexp.Compile(cfg.RepoNameRegexp)
+	validatecfg.reponameRegexp, err = regexp.Compile(validateConfig.RepoNameRegexp)
 	if err != nil {
 		return fmt.Errorf("failed to compile repo name regexp: %w", err)
 	}
 
-	validatecfg.usernameRegexp, err = regexp.Compile(cfg.UsernameRegexp)
+	validatecfg.usernameRegexp, err = regexp.Compile(validateConfig.UsernameRegexp)
 	if err != nil {
 		return fmt.Errorf("failed to compile username regexp: %w", err)
 	}
 
-	validatecfg.passwordRegexp, err = regexp.Compile(cfg.PasswordRegexp)
+	validatecfg.passwordRegexp, err = regexp.Compile(validateConfig.PasswordRegexp)
 	if err != nil {
 		return fmt.Errorf("failed to compile password regexp: %w", err)
 	}