legion-tty 0.2.0

data/lib/legion/tty/background/github_probe.rb

@@ -0,0 +1,357 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'json'
+require 'uri'
+
+module Legion
+  module TTY
+    module Background
+      # rubocop:disable Metrics/ClassLength
+      class GitHubProbe
+        API_BASE = 'https://api.github.com'
+        USER_AGENT = 'legion-tty/github-probe'
+
+        def initialize(token: nil, logger: nil)
+          @log = logger
+          @token = token || resolve_token
+        end
+
+        # rubocop:disable Metrics/AbcSize
+        def run_quick_async(queue)
+          Thread.new do
+            unless @token
+              @log&.log('github', 'quick probe skipped (no token)')
+              queue.push({ type: :github_quick_complete, data: nil })
+              return
+            end
+
+            @log&.log('github', 'quick probe: fetching /user + recent commits')
+            t0 = Time.now
+            result = fetch_quick_profile
+            elapsed = ((Time.now - t0) * 1000).round
+            @log&.log('github', "quick probe complete in #{elapsed}ms")
+            queue.push({ type: :github_quick_complete, data: result })
+          rescue StandardError => e
+            @log&.log('github', "quick probe ERROR: #{e.class}: #{e.message}")
+            queue.push({ type: :github_quick_error, error: e.message })
+          end
+        end
+        # rubocop:enable Metrics/AbcSize
+
+        # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+        def run_async(queue, remotes: [], quick_profile: nil)
+          Thread.new do
+            @log&.log('github', "probing with #{remotes.size} remotes: #{remotes.first(5).inspect}")
+            @log&.log('github', "token: #{@token ? 'present' : 'NONE'}")
+            @log&.log('github', "quick_profile: #{quick_profile ? 'reusing' : 'none'}")
+            t0 = Time.now
+            result = if @token
+                       build_authenticated_result(remotes, quick_profile: quick_profile)
+                     else
+                       build_public_result(remotes)
+                     end
+            elapsed = ((Time.now - t0) * 1000).round
+            @log&.log('github', "probe complete in #{elapsed}ms")
+            queue.push({ type: :github_probe_complete, data: result })
+          rescue StandardError => e
+            @log&.log('github', "ERROR: #{e.class}: #{e.message}")
+            queue.push({ type: :github_error, error: e.message })
+          end
+        end
+        # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+        private
+
+        # --- Quick profile: just /user + commit count (runs during rain) ---
+
+        # rubocop:disable Metrics/AbcSize
+        def fetch_quick_profile
+          user_data = api_get('/user')
+          return nil unless user_data.is_a?(Hash) && user_data['login']
+
+          username = user_data['login']
+          @log&.log('github', "quick: authenticated as #{username}")
+
+          week_ago = (Time.now - (7 * 86_400)).strftime('%Y-%m-%d')
+          month_ago = (Time.now - (30 * 86_400)).strftime('%Y-%m-%d')
+
+          commits_week = count_commits(username, since: week_ago)
+          commits_month = count_commits(username, since: month_ago)
+          @log&.log('github', "quick: commits this week=#{commits_week} this month=#{commits_month}")
+
+          {
+            username: username,
+            name: user_data['name'],
+            public_repos: user_data['public_repos'],
+            private_repos: user_data['total_private_repos'],
+            followers: user_data['followers'],
+            created_at: user_data['created_at'],
+            commits_this_week: commits_week,
+            commits_this_month: commits_month
+          }
+        end
+        # rubocop:enable Metrics/AbcSize
+
+        def count_commits(username, since:)
+          query = URI.encode_www_form_component("author:#{username} committer-date:>#{since}")
+          uri = URI("#{API_BASE}/search/commits?q=#{query}&per_page=1")
+          http = build_http(uri)
+          request = build_request(uri)
+          request['Accept'] = 'application/vnd.github.cloak-preview+json'
+          response = http.request(request)
+          data = ::JSON.parse(response.body)
+          return 0 unless data.is_a?(Hash)
+
+          data['total_count'] || 0
+        rescue StandardError
+          0
+        end
+
+        # --- Authenticated path: GET /user tells us who we are ---
+
+        # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        def build_authenticated_result(remotes, quick_profile: nil)
+          if quick_profile
+            username = quick_profile[:username]
+            @log&.log('github', "reusing quick profile for: #{username}")
+            profile = quick_profile
+          else
+            user_data = api_get('/user')
+            unless user_data.is_a?(Hash) && user_data['login']
+              @log&.log('github', 'authenticated /user failed, falling back to public')
+              return build_public_result(remotes)
+            end
+            username = user_data['login']
+            @log&.log('github', "authenticated as: #{username}")
+            profile = extract_profile(user_data)
+          end
+          orgs = fetch_orgs
+          private_repos = fetch_private_repos
+          public_repos = fetch_public_repos(username)
+          recent_prs = fetch_recent_prs(username)
+          events = fetch_recent_events(username)
+          notifications = fetch_notifications
+          starred = fetch_starred
+
+          {
+            username: username,
+            authenticated: true,
+            profile: profile,
+            orgs: orgs,
+            private_repos: private_repos,
+            public_repos: public_repos,
+            recent_prs: recent_prs,
+            events: events,
+            notifications: notifications,
+            starred: starred
+          }
+        end
+        # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
+
+        def extract_profile(data)
+          {
+            login: data['login'],
+            name: data['name'],
+            bio: data['bio'],
+            public_repos: data['public_repos'],
+            private_repos: data['total_private_repos'],
+            company: data['company'],
+            location: data['location'],
+            email: data['email'],
+            created_at: data['created_at'],
+            followers: data['followers'],
+            following: data['following']
+          }
+        end
+
+        def fetch_orgs
+          data = api_get('/user/orgs')
+          return [] unless data.is_a?(Array)
+
+          data.map { |o| { login: o['login'], description: o['description'] } }
+        end
+
+        def fetch_private_repos(limit: 10)
+          data = api_get("/user/repos?visibility=private&sort=updated&per_page=#{limit}")
+          return [] unless data.is_a?(Array)
+
+          data.map { |r| extract_repo(r) }
+        end
+
+        # rubocop:disable Metrics/AbcSize
+        def fetch_recent_prs(username, limit: 10)
+          query = URI.encode_www_form_component("author:#{username} type:pr sort:updated")
+          data = api_get("/search/issues?q=#{query}&per_page=#{limit}")
+          return [] unless data.is_a?(Hash) && data['items'].is_a?(Array)
+
+          data['items'].map do |pr|
+            repo_url = pr['repository_url']
+            repo_name = repo_url ? repo_url.split('/').last(2).join('/') : nil
+            {
+              title: pr['title'],
+              repo: repo_name,
+              state: pr['state'],
+              created_at: pr['created_at'],
+              updated_at: pr['updated_at'],
+              url: pr['html_url']
+            }
+          end
+        end
+        # rubocop:enable Metrics/AbcSize
+
+        def fetch_notifications(limit: 10)
+          data = api_get("/notifications?per_page=#{limit}")
+          return [] unless data.is_a?(Array)
+
+          data.map do |n|
+            {
+              reason: n['reason'],
+              title: n.dig('subject', 'title'),
+              type: n.dig('subject', 'type'),
+              repo: n.dig('repository', 'full_name'),
+              updated_at: n['updated_at']
+            }
+          end
+        end
+
+        def fetch_starred(limit: 10)
+          data = api_get("/user/starred?per_page=#{limit}&sort=created&direction=desc")
+          return [] unless data.is_a?(Array)
+
+          data.map { |r| extract_repo(r) }
+        end
+
+        # --- Public path: infer username from remotes ---
+
+        def build_public_result(remotes)
+          username = remotes.filter_map { |r| infer_username(r) }.first
+          @log&.log('github', "inferred username: #{username || 'none'}")
+          return { username: nil } unless username
+
+          profile_data = api_get("/users/#{username}")
+          profile = profile_data.is_a?(Hash) ? extract_profile(profile_data) : nil
+
+          {
+            username: username,
+            authenticated: false,
+            profile: profile,
+            public_repos: fetch_public_repos(username),
+            events: fetch_recent_events(username)
+          }
+        end
+
+        def infer_username(remote_url)
+          return nil if remote_url.nil? || remote_url.empty?
+
+          match = remote_url.match(%r{github\.com[:/]([^/]+)/})
+          match ? match[1] : nil
+        end
+
+        # --- Shared fetchers ---
+
+        def fetch_public_repos(username, limit: 10)
+          data = api_get("/users/#{username}/repos?sort=updated&per_page=#{limit}")
+          return [] unless data.is_a?(Array)
+
+          data.map { |r| extract_repo(r) }
+        end
+
+        def fetch_recent_events(username, limit: 10)
+          data = api_get("/users/#{username}/events/public?per_page=#{limit}")
+          return [] unless data.is_a?(Array)
+
+          data.first(limit).map do |e|
+            {
+              type: e['type'],
+              repo: e.dig('repo', 'name'),
+              created_at: e['created_at']
+            }
+          end
+        end
+
+        def extract_repo(repo)
+          {
+            full_name: repo['full_name'],
+            language: repo['language'],
+            private: repo['private'],
+            updated_at: repo['updated_at'],
+            description: repo['description']
+          }
+        end
+
+        # --- Token resolution ---
+
+        # rubocop:disable Metrics/CyclomaticComplexity
+        def resolve_token
+          env_token = ENV.fetch('GITHUB_TOKEN', nil) ||
+                      ENV.fetch('GH_TOKEN', nil) ||
+                      ENV.fetch('GITHUB_PERSONAL_ACCESS_TOKEN', nil)
+          if env_token
+            @log&.log('github', 'token source: environment variable')
+            return env_token
+          end
+
+          gh_token = token_from_gh_cli
+          if gh_token
+            @log&.log('github', 'token source: gh CLI')
+            return gh_token
+          end
+
+          @log&.log('github', 'no token found (no env var, no gh CLI)')
+          nil
+        end
+        # rubocop:enable Metrics/CyclomaticComplexity
+
+        # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+        def token_from_gh_cli
+          gh_path = `which gh 2>/dev/null`.strip
+          return nil if gh_path.empty?
+
+          @log&.log('github', "found gh CLI at #{gh_path}")
+
+          status = `gh auth status 2>&1`
+          @log&.log('github', "gh auth status: #{status.lines.first&.strip}")
+          return nil unless $CHILD_STATUS&.success?
+
+          token = `gh auth token 2>/dev/null`.strip
+          return nil if token.empty?
+
+          token
+        rescue StandardError => e
+          @log&.log('github', "gh CLI error: #{e.message}")
+          nil
+        end
+        # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+        # --- HTTP ---
+
+        def api_get(path)
+          uri = URI("#{API_BASE}#{path}")
+          http = build_http(uri)
+          response = http.request(build_request(uri))
+          ::JSON.parse(response.body)
+        rescue StandardError
+          nil
+        end
+
+        def build_http(uri)
+          http = ::Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true
+          http.open_timeout = 3
+          http.read_timeout = 5
+          http
+        end
+
+        def build_request(uri)
+          request = ::Net::HTTP::Get.new(uri)
+          request['User-Agent'] = USER_AGENT
+          request['Accept'] = 'application/vnd.github+json'
+          request['Authorization'] = "Bearer #{@token}" if @token
+          request
+        end
+      end
+      # rubocop:enable Metrics/ClassLength
+    end
+  end
+end

data/lib/legion/tty/background/kerberos_probe.rb

@@ -0,0 +1,205 @@
+# frozen_string_literal: true
+
+require 'resolv'
+require 'shellwords'
+
+module Legion
+  module TTY
+    module Background
+      # rubocop:disable Metrics/ClassLength
+      class KerberosProbe
+        def initialize(logger: nil)
+          @log = logger
+        end
+
+        def probe
+          principal = read_principal
+          return nil unless principal
+
+          username = principal.split('@', 2).first
+          realm = principal.include?('@') ? principal.split('@', 2).last : nil
+          profile = ldap_profile(username, realm)
+
+          build_result(principal: principal, username: username, realm: realm, profile: profile)
+        end
+
+        def run_async(queue)
+          Thread.new do
+            @log&.log('kerberos', 'running klist...')
+            t0 = Time.now
+            result = probe
+            elapsed = ((Time.now - t0) * 1000).round
+            log_result(result, elapsed)
+            queue.push(type: :kerberos_complete, data: result)
+          rescue StandardError => e
+            @log&.log('kerberos', "ERROR: #{e.class}: #{e.message}")
+            queue.push(type: :kerberos_error, error: e.message)
+          end
+        end
+
+        private
+
+        def read_principal
+          output = `klist 2>/dev/null`
+          return nil unless $CHILD_STATUS&.success?
+
+          match = output.match(/Principal:\s+(\S+)/i)
+          match&.[](1)&.strip
+        end
+
+        def ldap_profile(username, realm)
+          @log&.log('kerberos', "ldap_profile called: username=#{username} realm=#{realm.inspect}")
+          return {} unless realm
+
+          dc_host = discover_dc(realm)
+          unless dc_host
+            @log&.log('kerberos', "no domain controller found for #{realm}")
+            return {}
+          end
+
+          base_dn = realm_to_base_dn(realm)
+          @log&.log('kerberos', "LDAP lookup: #{username} via #{dc_host} base=#{base_dn}")
+          query_ldap(username: username, host: dc_host, base_dn: base_dn)
+        end
+
+        # rubocop:disable Metrics/CyclomaticComplexity
+        def discover_dc(realm)
+          domain = realm.downcase
+          srv_name = "_ldap._tcp.#{domain}"
+          records = Resolv::DNS.open { |dns| dns.getresources(srv_name, Resolv::DNS::Resource::IN::SRV) }
+          host = records.min_by(&:priority)&.target&.to_s
+          @log&.log('kerberos', "SRV #{srv_name} -> #{host || 'none'} (#{records.size} records)")
+          host
+        rescue StandardError => e
+          @log&.log('kerberos', "SRV lookup failed: #{e.message}")
+          nil
+        end
+        # rubocop:enable Metrics/CyclomaticComplexity
+
+        def realm_to_base_dn(realm)
+          realm.downcase.split('.').map { |part| "DC=#{part}" }.join(',')
+        end
+
+        def query_ldap(username:, host:, base_dn:)
+          output = run_ldapsearch(username: username, host: host, base_dn: base_dn)
+          return {} unless output
+
+          profile = parse_ldif(output)
+          @log&.log('kerberos', "LDAP profile: #{profile.inspect}")
+          profile
+        rescue StandardError => e
+          @log&.log('kerberos', "LDAP error: #{e.class}: #{e.message}")
+          {}
+        end
+
+        def run_ldapsearch(username:, host:, base_dn:)
+          cmd = "ldapsearch -H ldap://#{host} -b #{base_dn.shellescape} " \
+                "\"(sAMAccountName=#{username.shellescape})\" " \
+                'givenName sn mail displayName title department company ' \
+                'l st co whenCreated 2>/dev/null'
+          output = `#{cmd}`
+          return nil unless $CHILD_STATUS&.success?
+
+          output
+        end
+
+        # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity
+        def parse_ldif(output)
+          attrs = {}
+          output.each_line do |line|
+            line = line.chomp
+            case line
+            when /\AgivenName:\s*(.+)/   then attrs[:first_name] = Regexp.last_match(1).strip
+            when /\Asn:\s*(.+)/          then attrs[:last_name] = Regexp.last_match(1).strip
+            when /\Amail:\s*(.+)/        then attrs[:email] = Regexp.last_match(1).strip
+            when /\AdisplayName:\s*(.+)/ then attrs[:display_name] = Regexp.last_match(1).strip
+            when /\Atitle:\s*(.+)/       then attrs[:title] = Regexp.last_match(1).strip
+            when /\Adepartment:\s*(.+)/  then attrs[:department] = Regexp.last_match(1).strip
+            when /\Acompany:\s*(.+)/     then attrs[:company] = Regexp.last_match(1).strip
+            when /\Al:\s*(.+)/           then attrs[:city] = Regexp.last_match(1).strip
+            when /\Ast:\s*(.+)/          then attrs[:state] = Regexp.last_match(1).strip
+            when /\Aco:\s*(.+)/          then attrs[:country] = Regexp.last_match(1).strip
+            when /\AwhenCreated:\s*(.+)/ then attrs[:when_created] = Regexp.last_match(1).strip
+            end
+          end
+          attrs
+        end
+        # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity
+
+        def build_result(principal:, username:, realm:, profile:)
+          first = profile[:first_name] || username.capitalize
+          last = profile[:last_name]
+          display = profile[:display_name] || [first, last].compact.join(' ')
+
+          {
+            principal: principal,
+            username: username,
+            realm: realm,
+            first_name: first,
+            last_name: last,
+            email: profile[:email],
+            display_name: display,
+            title: profile[:title],
+            department: profile[:department],
+            company: profile[:company],
+            city: profile[:city],
+            state: profile[:state],
+            country: profile[:country],
+            tenure_years: calculate_tenure(profile[:when_created])
+          }.compact
+        end
+
+        # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+        def calculate_tenure(when_created)
+          return nil unless when_created&.length&.>=(8)
+
+          # AD generalized time: 20170505044456.0Z
+          start_year = when_created[0, 4].to_i
+          start_month = when_created[4, 2].to_i
+          start_day = when_created[6, 2].to_i
+          return nil if start_year.zero?
+
+          now = Time.now
+          days = now.day - start_day
+          months = now.month - start_month
+          years = now.year - start_year
+
+          if days.negative?
+            months -= 1
+            prev_month = now.month - 1
+            prev_year = now.year
+            if prev_month.zero?
+              prev_month = 12
+              prev_year -= 1
+            end
+            days += days_in_month(prev_month, prev_year)
+          end
+
+          if months.negative?
+            years -= 1
+            months += 12
+          end
+
+          return nil if years.negative?
+
+          { years: years, months: months, days: days }
+        end
+        # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+
+        def days_in_month(month, year)
+          Time.new(year, month, -1).day
+        end
+
+        def log_result(result, elapsed)
+          if result
+            @log&.log('kerberos', "found principal: #{result[:principal]} (#{elapsed}ms)")
+            @log&.log('kerberos', "name=#{result[:display_name]} email=#{result[:email]}")
+          else
+            @log&.log('kerberos', "no kerberos ticket found (#{elapsed}ms)")
+          end
+        end
+      end
+      # rubocop:enable Metrics/ClassLength
+    end
+  end
+end