From 2d6555cd2696e0a3785272a1e75ed06cbf205fb6 Mon Sep 17 00:00:00 2001
From: davidvader <davelvader@gmail.com>
Date: Thu, 2 Jan 2025 11:25:39 -0600
Subject: [PATCH 1/7] feat: unauthenticated status endpoints

---
 api/build/status.go | 65 +++++++++++++++++++++++++++++++++++++++++++++
 api/repo/status.go  | 61 ++++++++++++++++++++++++++++++++++++++++++
 router/router.go    | 10 +++++++
 3 files changed, 136 insertions(+)
 create mode 100644 api/build/status.go
 create mode 100644 api/repo/status.go

diff --git a/api/build/status.go b/api/build/status.go
new file mode 100644
index 000000000..efc1370a3
--- /dev/null
+++ b/api/build/status.go
@@ -0,0 +1,65 @@
+// SPDX-License-Identifier: Apache-2.0
+
+package build
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-vela/server/router/middleware/build"
+	"github.com/sirupsen/logrus"
+)
+
+// swagger:operation GET /status/{org}/{repo}/{build} builds GetStatus
+//
+// Get a build status
+//
+// ---
+// produces:
+// - application/json
+// parameters:
+// - in: path
+//   name: org
+//   description: Name of the organization
+//   required: true
+//   type: string
+// - in: path
+//   name: repo
+//   description: Name of the repository
+//   required: true
+//   type: string
+// - in: path
+//   name: build
+//   description: Build number
+//   required: true
+//   type: integer
+// security:
+//   - ApiKeyAuth: []
+// responses:
+//   '200':
+//     description: Successfully retrieved the build
+//     schema:
+//       "$ref": "#/definitions/Build"
+//   '400':
+//     description: Invalid request payload or path
+//     schema:
+//       "$ref": "#/definitions/Build"
+//   '401':
+//     description: Unauthorized
+//     schema:
+//       "$ref": "#/definitions/Build"
+//   '404':
+//     description: Not found
+//     schema:
+//       "$ref": "#/definitions/Build"
+
+// GetStatus represents the API handler to return "status", a lite representation of the resource with limited fields for unauthenticated access.
+func GetStatus(c *gin.Context) {
+	// capture middleware values
+	l := c.MustGet("logger").(*logrus.Entry)
+	b := build.Retrieve(c)
+
+	l.Debug("reading status for build")
+
+	c.JSON(http.StatusOK, b)
+}
diff --git a/api/repo/status.go b/api/repo/status.go
new file mode 100644
index 000000000..f20f2d6ef
--- /dev/null
+++ b/api/repo/status.go
@@ -0,0 +1,61 @@
+// SPDX-License-Identifier: Apache-2.0
+
+package repo
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/sirupsen/logrus"
+
+	"github.com/go-vela/server/router/middleware/repo"
+)
+
+// swagger:operation GET /status/{org}/{repo} repos GetStatus
+//
+// Get a repository status
+//
+// ---
+// produces:
+// - application/json
+// parameters:
+// - in: path
+//   name: org
+//   description: Name of the organization
+//   required: true
+//   type: string
+// - in: path
+//   name: repo
+//   description: Name of the repository
+//   required: true
+//   type: string
+// security:
+//   - ApiKeyAuth: []
+// responses:
+//   '200':
+//     description: Successfully retrieved the repo
+//     schema:
+//       "$ref": "#/definitions/Repo"
+//   '400':
+//     description: Invalid request payload or path
+//     schema:
+//       "$ref": "#/definitions/Repo"
+//   '401':
+//     description: Unauthorized
+//     schema:
+//       "$ref": "#/definitions/Repo"
+//   '404':
+//     description: Not found
+//     schema:
+//       "$ref": "#/definitions/Repo"
+
+// GetStatus represents the API handler to return "status", a lite representation of the resource with limited fields for unauthenticated access.
+func GetStatus(c *gin.Context) {
+	// capture middleware values
+	l := c.MustGet("logger").(*logrus.Entry)
+	r := repo.Retrieve(c)
+
+	l.Debug("reading status for repo")
+
+	c.JSON(http.StatusOK, r)
+}
diff --git a/router/router.go b/router/router.go
index 2e7aebbb2..81bbe2208 100644
--- a/router/router.go
+++ b/router/router.go
@@ -34,8 +34,11 @@ import (
 
 	"github.com/go-vela/server/api"
 	"github.com/go-vela/server/api/auth"
+	apiBuild "github.com/go-vela/server/api/build"
+	apiRepo "github.com/go-vela/server/api/repo"
 	"github.com/go-vela/server/api/webhook"
 	"github.com/go-vela/server/router/middleware"
+	"github.com/go-vela/server/router/middleware/build"
 	"github.com/go-vela/server/router/middleware/claims"
 	"github.com/go-vela/server/router/middleware/org"
 	"github.com/go-vela/server/router/middleware/repo"
@@ -62,6 +65,13 @@ func Load(options ...gin.HandlerFunc) *gin.Engine {
 	// Badge endpoint
 	r.GET("/badge/:org/:repo/status.svg", org.Establish(), repo.Establish(), api.GetBadge)
 
+	// Status endpoints
+	status := r.Group("/status/:org/:repo", org.Establish(), repo.Establish())
+	{
+		status.GET("", org.Establish(), repo.Establish(), apiRepo.GetStatus)
+		status.GET("/:build", org.Establish(), repo.Establish(), build.Establish(), apiBuild.GetStatus)
+	}
+
 	// Health endpoint
 	r.GET("/health", api.Health)
 

From a08ac8bf16f40e8efa10628853b74a00d837e1ae Mon Sep 17 00:00:00 2001
From: davidvader <davelvader@gmail.com>
Date: Thu, 2 Jan 2025 11:35:13 -0600
Subject: [PATCH 2/7] enhance: sanitize events from response

---
 api/build/status.go | 5 +++++
 api/repo/status.go  | 3 +++
 api/types/repo.go   | 6 ++++++
 3 files changed, 14 insertions(+)

diff --git a/api/build/status.go b/api/build/status.go
index efc1370a3..c7bf024fc 100644
--- a/api/build/status.go
+++ b/api/build/status.go
@@ -61,5 +61,10 @@ func GetStatus(c *gin.Context) {
 
 	l.Debug("reading status for build")
 
+	// sanitize fields for the unauthenticated response
+	if b.Repo != nil {
+		b.Repo.StatusSanitize()
+	}
+
 	c.JSON(http.StatusOK, b)
 }
diff --git a/api/repo/status.go b/api/repo/status.go
index f20f2d6ef..a90c861ac 100644
--- a/api/repo/status.go
+++ b/api/repo/status.go
@@ -57,5 +57,8 @@ func GetStatus(c *gin.Context) {
 
 	l.Debug("reading status for repo")
 
+	// sanitize fields for the unauthenticated response
+	r.StatusSanitize()
+
 	c.JSON(http.StatusOK, r)
 }
diff --git a/api/types/repo.go b/api/types/repo.go
index 0d84b2417..bf9438fa0 100644
--- a/api/types/repo.go
+++ b/api/types/repo.go
@@ -723,3 +723,9 @@ func (r *Repo) String() string {
 		r.GetInstallID(),
 	)
 }
+
+// StatusSanitize removes sensitive information before producing a "status".
+func (r *Repo) StatusSanitize() {
+	// remove allowed events
+	r.AllowEvents = nil
+}

From eb1ebfd9a74c5cfeb842dece57695446b2778948 Mon Sep 17 00:00:00 2001
From: davidvader <davelvader@gmail.com>
Date: Thu, 2 Jan 2025 11:41:34 -0600
Subject: [PATCH 3/7] enhance: add sanitize functions

---
 api/build/status.go | 4 +---
 api/types/build.go  | 8 ++++++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/api/build/status.go b/api/build/status.go
index c7bf024fc..5866280e4 100644
--- a/api/build/status.go
+++ b/api/build/status.go
@@ -62,9 +62,7 @@ func GetStatus(c *gin.Context) {
 	l.Debug("reading status for build")
 
 	// sanitize fields for the unauthenticated response
-	if b.Repo != nil {
-		b.Repo.StatusSanitize()
-	}
+	b.StatusSanitize()
 
 	c.JSON(http.StatusOK, b)
 }
diff --git a/api/types/build.go b/api/types/build.go
index 2d6fa7041..c4d1cd57f 100644
--- a/api/types/build.go
+++ b/api/types/build.go
@@ -1233,3 +1233,11 @@ func (b *Build) String() string {
 		b.GetTitle(),
 	)
 }
+
+// StatusSanitize removes sensitive information before producing a "status".
+func (b *Build) StatusSanitize() {
+	// sanitize repo
+	if b.Repo != nil {
+		b.Repo.StatusSanitize()
+	}
+}

From 261a3bb6fa353a9f840951748ce679e145498870 Mon Sep 17 00:00:00 2001
From: davidvader <davelvader@gmail.com>
Date: Thu, 2 Jan 2025 11:42:10 -0600
Subject: [PATCH 4/7] fix: gci

---
 api/build/status.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/build/status.go b/api/build/status.go
index 5866280e4..49948b109 100644
--- a/api/build/status.go
+++ b/api/build/status.go
@@ -6,8 +6,9 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	"github.com/go-vela/server/router/middleware/build"
 	"github.com/sirupsen/logrus"
+
+	"github.com/go-vela/server/router/middleware/build"
 )
 
 // swagger:operation GET /status/{org}/{repo}/{build} builds GetStatus

From 34b2df37323df3ba16b291a051032c34d256770d Mon Sep 17 00:00:00 2001
From: davidvader <davelvader@gmail.com>
Date: Fri, 3 Jan 2025 10:48:29 -0600
Subject: [PATCH 5/7] fix: reused swagger definition

---
 api/build/status.go | 6 +++---
 api/repo/status.go  | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/api/build/status.go b/api/build/status.go
index 49948b109..20d36c1d8 100644
--- a/api/build/status.go
+++ b/api/build/status.go
@@ -11,7 +11,7 @@ import (
 	"github.com/go-vela/server/router/middleware/build"
 )
 
-// swagger:operation GET /status/{org}/{repo}/{build} builds GetStatus
+// swagger:operation GET /status/{org}/{repo}/{build} builds GetBuildStatus
 //
 // Get a build status
 //
@@ -54,8 +54,8 @@ import (
 //     schema:
 //       "$ref": "#/definitions/Build"
 
-// GetStatus represents the API handler to return "status", a lite representation of the resource with limited fields for unauthenticated access.
-func GetStatus(c *gin.Context) {
+// GetBuildStatus represents the API handler to return "status", a lite representation of the resource with limited fields for unauthenticated access.
+func GetBuildStatus(c *gin.Context) {
 	// capture middleware values
 	l := c.MustGet("logger").(*logrus.Entry)
 	b := build.Retrieve(c)
diff --git a/api/repo/status.go b/api/repo/status.go
index a90c861ac..c1b59a5b1 100644
--- a/api/repo/status.go
+++ b/api/repo/status.go
@@ -11,7 +11,7 @@ import (
 	"github.com/go-vela/server/router/middleware/repo"
 )
 
-// swagger:operation GET /status/{org}/{repo} repos GetStatus
+// swagger:operation GET /status/{org}/{repo} repos GetRepoStatus
 //
 // Get a repository status
 //
@@ -49,8 +49,8 @@ import (
 //     schema:
 //       "$ref": "#/definitions/Repo"
 
-// GetStatus represents the API handler to return "status", a lite representation of the resource with limited fields for unauthenticated access.
-func GetStatus(c *gin.Context) {
+// GetRepoStatus represents the API handler to return "status", a lite representation of the resource with limited fields for unauthenticated access.
+func GetRepoStatus(c *gin.Context) {
 	// capture middleware values
 	l := c.MustGet("logger").(*logrus.Entry)
 	r := repo.Retrieve(c)

From e8e675e5d0cbf02108e23fe017b9b70bbd9e3ce2 Mon Sep 17 00:00:00 2001
From: davidvader <davelvader@gmail.com>
Date: Fri, 3 Jan 2025 11:04:38 -0600
Subject: [PATCH 6/7] fix: reused swagger definition

---
 router/router.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/router/router.go b/router/router.go
index 81bbe2208..ca131ae63 100644
--- a/router/router.go
+++ b/router/router.go
@@ -68,8 +68,8 @@ func Load(options ...gin.HandlerFunc) *gin.Engine {
 	// Status endpoints
 	status := r.Group("/status/:org/:repo", org.Establish(), repo.Establish())
 	{
-		status.GET("", org.Establish(), repo.Establish(), apiRepo.GetStatus)
-		status.GET("/:build", org.Establish(), repo.Establish(), build.Establish(), apiBuild.GetStatus)
+		status.GET("", org.Establish(), repo.Establish(), apiRepo.GetRepoStatus)
+		status.GET("/:build", org.Establish(), repo.Establish(), build.Establish(), apiBuild.GetBuildStatus)
 	}
 
 	// Health endpoint

From e42c37808b80715c5b2889aa17a1c8b6f4e03b04 Mon Sep 17 00:00:00 2001
From: davidvader <davelvader@gmail.com>
Date: Tue, 7 Jan 2025 09:57:22 -0600
Subject: [PATCH 7/7] tweak: sanitize email and deploy

---
 api/types/build.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/types/build.go b/api/types/build.go
index c4d1cd57f..9051b4cc1 100644
--- a/api/types/build.go
+++ b/api/types/build.go
@@ -1240,4 +1240,7 @@ func (b *Build) StatusSanitize() {
 	if b.Repo != nil {
 		b.Repo.StatusSanitize()
 	}
+
+	b.Email = nil
+	b.DeployPayload = nil
 }