GitCaddy/GitCaddy Vault
Limited
2
0
Fork 0
Code Issues Releases 9
Files
6790c1ea7c0818bbf0e6d97d3b87a2ad2b5c724d
gitcaddy-vault/plugin.go
logikonline 6790c1ea7c feat(license): enforce tier limits for secrets and tokens 
Add license limit enforcement when creating secrets and tokens. Pass license limits to service layer and return appropriate errors when tier limits are exceeded. Handle limit errors in both API and web routes with proper error messages prompting users to upgrade.
2026-01-21 15:55:29 -05:00

159 lines
4.4 KiB
Go
Raw Blame History

// Copyright 2026 MarketAlly. All rights reserved.
// Business Source License 1.1 - See LICENSE file for details.
package vault
import (
"context"
"git.marketally.com/gitcaddy/gitcaddy-vault/crypto"
"git.marketally.com/gitcaddy/gitcaddy-vault/license"
"git.marketally.com/gitcaddy/gitcaddy-vault/models"
"git.marketally.com/gitcaddy/gitcaddy-vault/routes"
"code.gitcaddy.com/server/v3/modules/log"
"code.gitcaddy.com/server/v3/modules/plugins"
"xorm.io/xorm"
)
const PluginName = "vault"
// Version can be set at build time via ldflags:
// -ldflags "-X git.marketally.com/gitcaddy/gitcaddy-vault.Version=v1.0.30"
var Version = "dev"
// init automatically registers the vault when this package is imported
func init() {
// Set version in routes package
routes.Version = Version
Register()
}
// VaultPlugin is the main entry point for the GitCaddy Vault plugin
type VaultPlugin struct {
license *license.Manager
}
// New creates a new VaultPlugin instance
func New() *VaultPlugin {
return &VaultPlugin{
license: license.NewManager(),
}
}
// Name returns the plugin name
func (p *VaultPlugin) Name() string {
return PluginName
}
// Version returns the plugin version
func (p *VaultPlugin) Version() string {
return Version
}
// Description returns the plugin description
func (p *VaultPlugin) Description() string {
return "Secure secrets management for GitCaddy repositories"
}
// Init initializes the plugin
func (p *VaultPlugin) Init(ctx context.Context) error {
log.Info("Initializing GitCaddy Vault plugin v%s", Version)
// Load master encryption key
if err := crypto.LoadMasterKey(); err != nil {
log.Warn("Vault master key not configured: %v", err)
log.Warn("Vault encryption will not work. Set MASTER_KEY in [vault] section of app.ini or GITCADDY_VAULT_KEY environment variable.")
}
// Load and validate license
if err := p.license.Load(); err != nil {
log.Warn("Vault license not found or invalid: %v", err)
log.Warn("Vault features will be disabled. Visit https://gitcaddy.com/vault to purchase a license.")
} else {
info := p.license.Info()
log.Info("Vault licensed: tier=%s, expires=%v", info.Tier, info.ExpiresAt)
}
return nil
}
// Shutdown cleans up the plugin
func (p *VaultPlugin) Shutdown(ctx context.Context) error {
log.Info("Shutting down GitCaddy Vault plugin")
return nil
}
// RegisterModels returns the database models for this plugin
func (p *VaultPlugin) RegisterModels() []any {
return []any{
new(models.VaultSecret),
new(models.VaultSecretVersion),
new(models.VaultAuditEntry),
new(models.VaultToken),
new(models.VaultRepoKey),
}
}
// Migrate runs database migrations for this plugin
func (p *VaultPlugin) Migrate(ctx context.Context, x *xorm.Engine) error {
return x.Sync(p.RegisterModels()...)
}
// RegisterRepoWebRoutes adds vault routes under /{owner}/{repo}/vault
func (p *VaultPlugin) RegisterRepoWebRoutes(r plugins.PluginRouter) {
routes.RegisterRepoWebRoutes(r, p.license)
}
// RegisterRepoAPIRoutes adds vault API routes under /api/v1/repos/{owner}/{repo}/vault
func (p *VaultPlugin) RegisterRepoAPIRoutes(r plugins.PluginRouter) {
routes.RegisterRepoAPIRoutes(r, p.license)
}
// ValidateLicense validates the plugin license
func (p *VaultPlugin) ValidateLicense(ctx context.Context) error {
return p.license.Validate()
}
// LicenseInfo returns current license information
func (p *VaultPlugin) LicenseInfo() *plugins.LicenseInfo {
info := p.license.Info()
if info == nil {
return nil
}
return &plugins.LicenseInfo{
Valid: info.Valid,
Tier: info.Tier,
CustomerID: info.CustomerEmail,
ExpiresAt: info.ExpiresAt,
GracePeriod: info.GracePeriod,
}
}
// IsConfigured returns true if the vault has a master key configured
func (p *VaultPlugin) IsConfigured() bool {
return crypto.HasMasterKey()
}
// ConfigurationError returns the configuration error message if vault is not properly configured
func (p *VaultPlugin) ConfigurationError() string {
if !crypto.HasMasterKey() {
return "no master key configured - add MASTER_KEY to [vault] section in app.ini"
}
return ""
}
// Ensure VaultPlugin implements all required interfaces
var (
_ plugins.Plugin = (*VaultPlugin)(nil)
_ plugins.DatabasePlugin = (*VaultPlugin)(nil)
_ plugins.RepoRoutesPlugin = (*VaultPlugin)(nil)
_ plugins.LicensedPlugin = (*VaultPlugin)(nil)
)
// Register registers the vault plugin with GitCaddy
func Register() {
plugins.Register(New())
}
Reference in New Issue View Git Blame Copy Permalink