list-projs: use SSH+MySQL instead of HTTP API, fix visibility and can-write logic

git-hangman-lab/scripts/list-projs

@@ -1,20 +1,47 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-GIT_BASE="https://git.hangman-lab.top/api/v1"
+MYSQL_CONTAINER="git-kc-mysql"
+MYSQL_USER="root"
+MYSQL_DB="giteadb"
+MYSQL_ROOT_PASS="K0DprNKJ^vAu3Mx32hMZ%LCzWKElFRfA"
 
-USER="$(secret-mgr get-username --key git)"
+GIT_HOST="root@vps.git"
-TOKEN="$(secret-mgr get-secret --key git)"
 
-if [[ -z "$USER" || -z "$TOKEN" ]]; then
+USERNAME=$(ego-mgr get default-username)
-  echo "Error: missing git credentials from secret-mgr" >&2
+if [[ -z "$USERNAME" ]]; then
+  echo "Error: cannot get username from ego-mgr" >&2
   exit 1
 fi
 
-# Fetch all visible repos (owned + collaborated + public)
+QUERY="
-repos=$(curl -s -u "$USER:$TOKEN" "$GIT_BASE/user/repos?type=all&per_page=100" 2>/dev/null)
+SELECT r.name, u.name as owner, r.is_private,
+  (r.owner_id = u.id AND r.owner_id = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci) as is_owner,
+  (r.owner_id = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci
+   OR r.is_private = 0
+   OR a.user_id = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci
+   OR EXISTS (SELECT 1 FROM team_user tu WHERE tu.uid = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci)) as can_see,
+  (r.owner_id = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci
+   OR a.user_id = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci
+   OR EXISTS (SELECT 1 FROM team_user tu JOIN team t ON t.id = tu.team_id
+              WHERE tu.uid = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci
+                AND (t.includes_all_repositories = 1
+                     OR EXISTS (SELECT 1 FROM team_repo tr WHERE tr.team_id = t.id AND tr.repo_id = r.id)))) as can_write
+FROM repository r
+JOIN user u ON r.owner_id = u.id
+LEFT JOIN access a ON a.repo_id = r.id AND a.user_id = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci
+WHERE r.is_archived = 0
+  AND (r.owner_id = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci
+       OR r.is_private = 0
+       OR a.user_id = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci
+       OR EXISTS (SELECT 1 FROM team_user tu WHERE tu.uid = (SELECT id FROM user WHERE lower_name = LOWER('$USERNAME')) COLLATE utf8mb4_unicode_ci))
+ORDER BY r.name
+"
 
-if [[ -z "$repos" ]]; then
+RESULT=$(ssh -o StrictHostKeyChecking=no "$GIT_HOST" \
+  "docker exec $MYSQL_CONTAINER mysql -u $MYSQL_USER -p'$MYSQL_ROOT_PASS' -N -e \"$QUERY\" $MYSQL_DB" 2>/dev/null)
+
+if [[ -z "$RESULT" ]]; then
   echo "| proj-name | owner | url | can-write |"
   echo "|------------|-------|-----|-----------|"
   exit 0
@@ -23,21 +50,7 @@ fi
 echo "| proj-name | owner | url | can-write |"
 echo "|------------|-------|-----|-----------|"
 
-echo "$repos" | python3 -c "
+echo "$RESULT" | while IFS=$'\t' read -r name owner is_private can_write; do
-import sys, json
+  can_write_val=$([[ "$can_write" == "1" ]] && echo "yes" || echo "no")
-
+  echo "| $name | $owner | https://git.hangman-lab.top/$owner/$name | $can_write_val |"
-try:
+done
-    data = json.load(sys.stdin)
-    if not isinstance(data, list):
-        data = [data]
-except:
-    print('Error parsing response')
-    sys.exit(1)
-
-for r in data:
-    name = r.get('name', '')
-    owner = r.get('owner', {}).get('login', '')
-    url = r.get('html_url', '')
-    can_write = 'yes' if r.get('permissions', {}).get('push', False) else 'no'
-    print(f'| {name} | {owner} | {url} | {can_write} |')
-" 2>/dev/null || echo "| (error parsing repos) | | | |"