| 1 | # frozen_string_literal: true |
| 2 | |
| 3 | module Api |
| 4 | module V1 |
| 5 | # Mints a short-lived, read-scoped git credential for the authenticated user. |
| 6 | # |
| 7 | # The desktop uses its smbCloud access token only to mint this; the git |
| 8 | # credential it actually clones with is a separate, signed, 1-hour token that |
| 9 | # encodes just the user id. Leaking it cannot touch the account (no remove, |
| 10 | # no me) — it only grants git read access to that user's repos for an hour. |
| 11 | class GitCredentialsController < Api::BaseController |
| 12 | GIT_TOKEN_TTL = 1.hour |
| 13 | |
| 14 | before_action :authenticate_token! |
| 15 | |
| 16 | # POST /api/v1/git_credentials |
| 17 | # Header: Authorization: Bearer <access_token> |
| 18 | def create |
| 19 | git_token = Rails.application |
| 20 | .message_verifier("git_access") |
| 21 | .generate(current_user.id, expires_in: GIT_TOKEN_TTL) |
| 22 | |
| 23 | render json: { |
| 24 | git_token: git_token, |
| 25 | username: "x-access-token", |
| 26 | expires_at: GIT_TOKEN_TTL.from_now |
| 27 | }, status: :ok |
| 28 | end |
| 29 | end |
| 30 | end |
| 31 | end |