use gitlab app client id and secret

internal/models/integrations/gitlab.go

@@ -13,11 +13,11 @@ type GitlabIntegration struct {
 	ProjectID uint `json:"project_id"`
 
 	// URL of the Gitlab instance to talk to
-	ServerURL string `json:"server_url"`
+	InstanceURL string `json:"instance_url"`
 
-	// Personal access token from Gitlab for a sudo user
-	SudoAccessToken string `json:"sudo_access_token,omitempty"`
+	// Gitlab instance-wide app's client ID
+	AppClientID []byte `json:"app_client_id"`
 
-	// Username of the sudo admin account holder
-	SudoUsername string `json:"sudo_username,omitempty"`
+	// Gitlab instance-wide app's client secret
+	AppClientSecret []byte `json:"app_client_secret"`
 }

internal/repository/credentials/credentials.go

@@ -55,8 +55,8 @@ type AzureCredential struct {
 }
 
 type GitlabCredential struct {
-	SudoAccessToken string `json:"sudo_access_token"`
-	SudoUsername    string `json:"sudo_username"`
+	AppClientID     []byte `json:"app_client_id"`
+	AppClientSecret []byte `json:"app_client_secret"`
 }
 
 type CredentialStorage interface {

internal/repository/gorm/auth.go

@@ -1601,11 +1601,11 @@ func (repo *GitlabIntegrationRepository) CreateGitlabIntegration(gi *ints.Gitlab
 	var credentialData = &credentials.GitlabCredential{}
 
 	if repo.storageBackend != nil {
-		credentialData.SudoAccessToken = gi.SudoAccessToken
-		credentialData.SudoUsername = gi.SudoUsername
+		credentialData.AppClientID = gi.AppClientID
+		credentialData.AppClientSecret = gi.AppClientSecret
 
-		gi.SudoAccessToken = ""
-		gi.SudoUsername = ""
+		gi.AppClientID = []byte{}
+		gi.AppClientSecret = []byte{}
 	}
 
 	project := &models.Project{}
@@ -1649,9 +1649,9 @@ func (repo *GitlabIntegrationRepository) ReadGitlabIntegration(projectID, id uin
 			return nil, err
 		}
 
-		gi.SudoAccessToken = credentialData.SudoAccessToken
+		gi.AppClientID = credentialData.AppClientID
 
-		gi.SudoUsername = credentialData.SudoUsername
+		gi.AppClientSecret = credentialData.AppClientSecret
 	}
 
 	err := repo.DecryptGitlabIntegrationData(gi, repo.key)
@@ -1679,14 +1679,24 @@ func (repo *GitlabIntegrationRepository) EncryptGitlabIntegrationData(
 	gi *ints.GitlabIntegration,
 	key *[32]byte,
 ) error {
-	if len(gi.SudoAccessToken) > 0 {
-		cipherData, err := encryption.Encrypt([]byte(gi.SudoAccessToken), key)
+	if len(gi.AppClientID) > 0 {
+		cipherData, err := encryption.Encrypt(gi.AppClientID, key)
 
 		if err != nil {
 			return err
 		}
 
-		gi.SudoAccessToken = string(cipherData)
+		gi.AppClientID = cipherData
+	}
+
+	if len(gi.AppClientSecret) > 0 {
+		cipherData, err := encryption.Encrypt(gi.AppClientSecret, key)
+
+		if err != nil {
+			return err
+		}
+
+		gi.AppClientSecret = cipherData
 	}
 
 	return nil
@@ -1698,14 +1708,24 @@ func (repo *GitlabIntegrationRepository) DecryptGitlabIntegrationData(
 	gi *ints.GitlabIntegration,
 	key *[32]byte,
 ) error {
-	if len(gi.SudoAccessToken) > 0 {
-		plaintext, err := encryption.Decrypt([]byte(gi.SudoAccessToken), key)
+	if len(gi.AppClientID) > 0 {
+		plaintext, err := encryption.Decrypt(gi.AppClientID, key)
+
+		if err != nil {
+			return err
+		}
+
+		gi.AppClientID = plaintext
+	}
+
+	if len(gi.AppClientSecret) > 0 {
+		plaintext, err := encryption.Decrypt(gi.AppClientSecret, key)
 
 		if err != nil {
 			return err
 		}
 
-		gi.SudoAccessToken = string(plaintext)
+		gi.AppClientSecret = plaintext
 	}
 
 	return nil