Add Library Registry access control system

Background
----------

The Arduino Library Registry repository receives thousands of pull requests from a large number of community
contributors. The great majority of these contributors behave in a responsible manner. Unfortunately this repository is
regularly the subject of irresponsible behavior. The small number of people who behave irresponsibly consume a
significant amount of the finite maintenance resources available for maintenance of Arduino's repositories.

Communication is always the first measure taken in these cases. This is done automatically by the bot, and then by the
registry maintainer when it becomes clear that the user has disregarded the comments from the bot. Unfortunately it is
regularly the case that the user simply disregards all communication and continues their pattern of irresponsible
behavior unchecked.

Alternatives
------------

GitHub provides tools for dealing with harmful behavior:

- Report user
- Block user

Reporting a user is the appropriate measure in cases of malicious behavior, and the account is usually banned from the
site relatively quickly after a legitimate report is made. However, the irresponsible behavior in the registry
repository is not overtly malicious and so reporting the user in these cases would not be appropriate or effective.

At first glance, the block feature seems ideal. However, it can only be done at an organization-wide level, and by an
organization administrator. The repository maintainer is not an organization administrator, so this makes the feature
inconvenient to use. There is no sign of these users interacting with other repositories in the `arduino` organization,
and so there is no benefit to blocking them at organization scope. In addition, in order to make it more difficult to
circumvent the access restriction, we need the ability to block requests for libraries owned by an entity who has
established a pattern of irresponsible behavior, regardless of which user submits the request.

So the tools provided by GitHub are not suitable and a bespoke system must be implemented.

Access Levels
-------------

Allow: the user may submit requests for any library, even if registry privileges have been revoked for the owner of the
library's repository. This access level will only be granted to registry maintainers, in order to allow them to make
exceptions for specific libraries owned by an entity whose privileges have been revoked.

Default: the user may submit requests for any library, unless registry privileges have been revoked for the owner of the
library's repository.

Deny: the user may not submit requests. Requests from users with "default" access level for any library repository owned
by the entity (user or organization) are denied.

Author: per1234

go.mod

@@ -7,10 +7,10 @@ require (
 	github.com/arduino/go-properties-orderedmap v1.8.1
 	github.com/sourcegraph/go-diff v0.7.0
 	github.com/stretchr/testify v1.10.0
+	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

main.go

@@ -34,6 +34,7 @@ import (
 	"strings"
 
 	"github.com/sourcegraph/go-diff/diff"
+	"gopkg.in/yaml.v3"
 
 	"github.com/arduino/go-paths-helper"
 	properties "github.com/arduino/go-properties-orderedmap"
@@ -67,6 +68,29 @@ var recommendedOrganizations []string = []string{
 	"github.com/adafruit",
 }
 
+// accessType is the type of the access control level.
+type accessType string
+
+const (
+	// Allow allows unrestricted access. The entity can make requests even for library repositories whose owner is denied
+	// access.
+	Allow accessType = "allow"
+	// Default gives default access. The entity can make requests as long as the owner of the library's repository is not
+	// denied access.
+	Default = "default"
+	// Deny denies all access. The entity is not permitted to make requests, and registration of libraries from
+	// repositories they own is not permitted.
+	Deny = "deny"
+)
+
+// accessDataType is the type of the access control data.
+type accessDataType struct {
+	Access    accessType `yaml:"access"`    // Access level.
+	Host      string     `yaml:"host"`      // Account host (e.g., `github.com`).
+	Name      string     `yaml:"name"`      // User or organization account name.
+	Reference string     `yaml:"reference"` // URL that provides additional information about the access control entry.
+}
+
 // request is the type of the request data.
 type request struct {
 	Type                             string           `json:"type"`                             // Request type.
@@ -89,14 +113,23 @@ type submissionType struct {
 }
 
 // Command line flags.
+// Path of the access control file, relative to repopath.
+var accesslistArgument = flag.String("accesslist", "", "")
 var diffPathArgument = flag.String("diffpath", "", "")
 var repoPathArgument = flag.String("repopath", "", "")
 var listNameArgument = flag.String("listname", "", "")
 
+// GitHub username of the user making the submission.
+var submitterArgument = flag.String("submitter", "", "")
+
 func main() {
 	// Validate flag input.
 	flag.Parse()
 
+	if *accesslistArgument == "" {
+		errorExit("--accesslist flag is required")
+	}
+
 	if *diffPathArgument == "" {
 		errorExit("--diffpath flag is required")
 	}
@@ -109,8 +142,18 @@ func main() {
 		errorExit("--listname flag is required")
 	}
 
+	if *submitterArgument == "" {
+		errorExit("--submitter flag is required")
+	}
+
+	accesslistPath := paths.New(*repoPathArgument, *accesslistArgument)
+	exist, err := accesslistPath.ExistCheck()
+	if !exist {
+		errorExit("Access control file not found")
+	}
+
 	diffPath := paths.New(*diffPathArgument)
-	exist, err := diffPath.ExistCheck()
+	exist, err = diffPath.ExistCheck()
 	if !exist {
 		errorExit("diff file not found")
 	}
@@ -121,23 +164,59 @@ func main() {
 		errorExit(fmt.Sprintf("list file %s not found", listPath))
 	}
 
-	// Parse the PR diff.
-	rawDiff, err := diffPath.ReadFile()
+	rawAccessList, err := accesslistPath.ReadFile()
 	if err != nil {
 		panic(err)
 	}
+
+	// Unmarshal access control file.
+	var accessList []accessDataType
+	err = yaml.Unmarshal(rawAccessList, &accessList)
+	if err != nil {
+		errorExit(fmt.Sprintf("Access control file has invalid format:\n\n%s", err))
+	}
+
 	var req request
 	var submissionURLs []string
-	req.Type, req.Error, req.ArduinoLintLibraryManagerSetting, submissionURLs = parseDiff(rawDiff, *listNameArgument)
+
+	// Determine access level of submitter.
+	var submitterAccess accessType = Default
+	for _, accessData := range accessList {
+		if accessData.Host == "github.com" && *submitterArgument == accessData.Name {
+			submitterAccess = accessData.Access
+			if submitterAccess == Deny {
+				req.Type = "declined"
+				req.Error = fmt.Sprintf("Library registry privileges for @%s have been revoked.%%0ASee: %s", *submitterArgument, accessData.Reference)
+			}
+			break
+		}
+	}
+
+	if req.Error == "" {
+		// Parse the PR diff.
+		rawDiff, err := diffPath.ReadFile()
+		if err != nil {
+			panic(err)
+		}
+		req.Type, req.Error, req.ArduinoLintLibraryManagerSetting, submissionURLs = parseDiff(rawDiff, *listNameArgument)
+	}
 
 	// Process the submissions.
 	var indexEntries []string
 	var indexerLogsURLs []string
+	allowedSubmissions := false
 	for _, submissionURL := range submissionURLs {
-		submission, indexEntry := populateSubmission(submissionURL, listPath)
+		submission, indexEntry, allowed := populateSubmission(submissionURL, listPath, accessList, submitterAccess)
 		req.Submissions = append(req.Submissions, submission)
 		indexEntries = append(indexEntries, indexEntry)
 		indexerLogsURLs = append(indexerLogsURLs, indexerLogsURL(submission.NormalizedURL))
+		if allowed {
+			allowedSubmissions = true
+		}
+	}
+	if len(submissionURLs) > 0 && !allowedSubmissions {
+		// If none of the submissions are allowed, decline the request.
+		req.Type = "declined"
 	}
 
 	// Check for duplicates within the submission itself.
@@ -240,7 +319,7 @@ func parseDiff(rawDiff []byte, listName string) (string, string, string, []strin
 }
 
 // populateSubmission does the checks on the submission that aren't provided by Arduino Lint and gathers the necessary data on it.
-func populateSubmission(submissionURL string, listPath *paths.Path) (submissionType, string) {
+func populateSubmission(submissionURL string, listPath *paths.Path, accessList []accessDataType, submitterAccess accessType) (submissionType, string, bool) {
 	indexSourceSeparator := "|"
 	var submission submissionType
 
@@ -250,37 +329,48 @@ func populateSubmission(submissionURL string, listPath *paths.Path) (submissionT
 	submissionURLObject, err := url.Parse(submission.SubmissionURL)
 	if err != nil {
 		submission.Error = fmt.Sprintf("Invalid submission URL (%s)", err)
-		return submission, ""
+		return submission, "", true
 	}
 
 	// Check if URL is accessible.
 	httpResponse, err := http.Get(submissionURLObject.String())
 	if err != nil {
 		submission.Error = fmt.Sprintf("Unable to load submission URL: %s", err)
-		return submission, ""
+		return submission, "", true
 	}
 	if httpResponse.StatusCode != http.StatusOK {
 		submission.Error = "Unable to load submission URL. Is the repository public?"
-		return submission, ""
+		return submission, "", true
 	}
 
 	// Resolve redirects and normalize.
 	normalizedURLObject := normalizeURL(httpResponse.Request.URL)
 
 	submission.NormalizedURL = normalizedURLObject.String()
 
+	if submitterAccess != Allow {
+		// Check library repository owner access.
+		for _, accessData := range accessList {
+			ownerSlug := fmt.Sprintf("%s/%s", accessData.Host, accessData.Name)
+			if accessData.Access == Deny && uRLIsUnder(normalizedURLObject, []string{ownerSlug}) {
+				submission.Error = fmt.Sprintf("Library registry privileges for library repository owner `%s` have been revoked.%%0ASee: %s", ownerSlug, accessData.Reference)
+				return submission, "", false
+			}
+		}
+	}
+
 	// Check if URL is from a supported Git host.
 	if !uRLIsUnder(normalizedURLObject, supportedHosts) {
 		submission.Error = fmt.Sprintf("`%s` is not currently supported as a Git hosting website for Library Manager.%%0A%%0ASee: https://github.com/arduino/library-registry/blob/main/FAQ.md#what-are-the-requirements-for-a-library-to-be-added-to-library-manager", normalizedURLObject.Host)
-		return submission, ""
+		return submission, "", true
 	}
 
 	// Check if URL is a Git repository
 	err = exec.Command("git", "ls-remote", normalizedURLObject.String()).Run()
 	if err != nil {
 		if _, ok := err.(*exec.ExitError); ok {
 			submission.Error = "Submission URL is not a Git clone URL (e.g., `https://github.com/arduino-libraries/Servo`)."
-			return submission, ""
+			return submission, "", true
 		}
 
 		panic(err)
@@ -299,7 +389,7 @@ func populateSubmission(submissionURL string, listPath *paths.Path) (submissionT
 		normalizedListURLObject := normalizeURL(listURLObject)
 		if normalizedListURLObject.String() == normalizedURLObject.String() {
 			submission.Error = "Submission URL is already in the Library Manager index."
-			return submission, ""
+			return submission, "", true
 		}
 	}
 
@@ -344,7 +434,7 @@ func populateSubmission(submissionURL string, listPath *paths.Path) (submissionT
 	}
 	if string(tagList) == "" {
 		submission.Error = "The repository has no tags. You need to create a [release](https://docs.github.com/en/github/administering-a-repository/managing-releases-in-a-repository) or [tag](https://git-scm.com/docs/git-tag) that matches the `version` value in the library's library.properties file."
-		return submission, ""
+		return submission, "", true
 	}
 	latestTag, err := exec.Command("git", "describe", "--tags", strings.TrimSpace(string(tagList))).Output()
 	if err != nil {
@@ -362,18 +452,18 @@ func populateSubmission(submissionURL string, listPath *paths.Path) (submissionT
 	libraryPropertiesPath := submissionClonePath.Join("library.properties")
 	if !libraryPropertiesPath.Exist() {
 		submission.Error = "Library is missing a library.properties metadata file.%0A%0ASee: https://arduino.github.io/arduino-cli/latest/library-specification/#library-metadata"
-		return submission, ""
+		return submission, "", true
 	}
 	libraryProperties, err := properties.LoadFromPath(libraryPropertiesPath)
 	if err != nil {
 		submission.Error = fmt.Sprintf("Invalid library.properties file: %s%%0A%%0ASee: https://arduino.github.io/arduino-cli/latest/library-specification/#library-metadata", err)
-		return submission, ""
+		return submission, "", true
 	}
 	var ok bool
 	submission.Name, ok = libraryProperties.GetOk("name")
 	if !ok {
 		submission.Error = "library.properties is missing a name field.%0A%0ASee: https://arduino.github.io/arduino-cli/latest/library-specification/#library-metadata"
-		return submission, ""
+		return submission, "", true
 	}
 
 	// Assemble Library Manager index source entry string
@@ -386,7 +476,7 @@ func populateSubmission(submissionURL string, listPath *paths.Path) (submissionT
 		indexSourceSeparator,
 	)
 
-	return submission, indexEntry
+	return submission, indexEntry, true
 }
 
 // normalizeURL converts the URL into the standardized format used in the index.