hailey.at
1package server
2
3import (
4 "bytes"
5 "context"
6 "crypto/ecdsa"
7 "embed"
8 "errors"
9 "fmt"
10 "io"
11 "log/slog"
12 "net/http"
13 "net/smtp"
14 "os"
15 "path/filepath"
16 "sync"
17 "text/template"
18 "time"
19
20 "github.com/aws/aws-sdk-go/aws"
21 "github.com/aws/aws-sdk-go/aws/credentials"
22 "github.com/aws/aws-sdk-go/aws/session"
23 "github.com/aws/aws-sdk-go/service/s3"
24 "github.com/bluesky-social/indigo/api/atproto"
25 "github.com/bluesky-social/indigo/atproto/syntax"
26 "github.com/bluesky-social/indigo/events"
27 "github.com/bluesky-social/indigo/util"
28 "github.com/bluesky-social/indigo/xrpc"
29 "github.com/domodwyer/mailyak/v3"
30 "github.com/go-playground/validator"
31 "github.com/gorilla/sessions"
32 "github.com/haileyok/cocoon/identity"
33 "github.com/haileyok/cocoon/internal/db"
34 "github.com/haileyok/cocoon/internal/helpers"
35 "github.com/haileyok/cocoon/models"
36 "github.com/haileyok/cocoon/oauth/client"
37 "github.com/haileyok/cocoon/oauth/constants"
38 "github.com/haileyok/cocoon/oauth/dpop"
39 "github.com/haileyok/cocoon/oauth/provider"
40 "github.com/haileyok/cocoon/plc"
41 "github.com/ipfs/go-cid"
42 echo_session "github.com/labstack/echo-contrib/session"
43 "github.com/labstack/echo/v4"
44 "github.com/labstack/echo/v4/middleware"
45 slogecho "github.com/samber/slog-echo"
46 "gorm.io/driver/sqlite"
47 "gorm.io/gorm"
48)
49
50const (
51 AccountSessionMaxAge = 30 * 24 * time.Hour // one week
52)
53
54type S3Config struct {
55 BackupsEnabled bool
56 BlobstoreEnabled bool
57 Endpoint string
58 Region string
59 Bucket string
60 AccessKey string
61 SecretKey string
62}
63
64type Server struct {
65 http *http.Client
66 httpd *http.Server
67 mail *mailyak.MailYak
68 mailLk *sync.Mutex
69 echo *echo.Echo
70 db *db.DB
71 plcClient *plc.Client
72 logger *slog.Logger
73 config *config
74 privateKey *ecdsa.PrivateKey
75 repoman *RepoMan
76 oauthProvider *provider.Provider
77 evtman *events.EventManager
78 passport *identity.Passport
79 fallbackProxy string
80
81 lastRequestCrawl time.Time
82 requestCrawlMu sync.Mutex
83
84 dbName string
85 s3Config *S3Config
86}
87
88type Args struct {
89 Addr string
90 DbName string
91 Logger *slog.Logger
92 Version string
93 Did string
94 Hostname string
95 RotationKeyPath string
96 JwkPath string
97 ContactEmail string
98 Relays []string
99 AdminPassword string
100
101 SmtpUser string
102 SmtpPass string
103 SmtpHost string
104 SmtpPort string
105 SmtpEmail string
106 SmtpName string
107
108 S3Config *S3Config
109
110 SessionSecret string
111
112 BlockstoreVariant BlockstoreVariant
113 FallbackProxy string
114}
115
116type config struct {
117 Version string
118 Did string
119 Hostname string
120 ContactEmail string
121 EnforcePeering bool
122 Relays []string
123 AdminPassword string
124 SmtpEmail string
125 SmtpName string
126 BlockstoreVariant BlockstoreVariant
127 FallbackProxy string
128}
129
130type CustomValidator struct {
131 validator *validator.Validate
132}
133
134type ValidationError struct {
135 error
136 Field string
137 Tag string
138}
139
140func (cv *CustomValidator) Validate(i any) error {
141 if err := cv.validator.Struct(i); err != nil {
142 var validateErrors validator.ValidationErrors
143 if errors.As(err, &validateErrors) && len(validateErrors) > 0 {
144 first := validateErrors[0]
145 return ValidationError{
146 error: err,
147 Field: first.Field(),
148 Tag: first.Tag(),
149 }
150 }
151
152 return err
153 }
154
155 return nil
156}
157
158//go:embed templates/*
159var templateFS embed.FS
160
161//go:embed static/*
162var staticFS embed.FS
163
164type TemplateRenderer struct {
165 templates *template.Template
166 isDev bool
167 templatePath string
168}
169
170func (s *Server) loadTemplates() {
171 absPath, _ := filepath.Abs("server/templates/*.html")
172 if s.config.Version == "dev" {
173 tmpl := template.Must(template.ParseGlob(absPath))
174 s.echo.Renderer = &TemplateRenderer{
175 templates: tmpl,
176 isDev: true,
177 templatePath: absPath,
178 }
179 } else {
180 tmpl := template.Must(template.ParseFS(templateFS, "templates/*.html"))
181 s.echo.Renderer = &TemplateRenderer{
182 templates: tmpl,
183 isDev: false,
184 }
185 }
186}
187
188func (t *TemplateRenderer) Render(w io.Writer, name string, data any, c echo.Context) error {
189 if t.isDev {
190 tmpl, err := template.ParseGlob(t.templatePath)
191 if err != nil {
192 return err
193 }
194 t.templates = tmpl
195 }
196
197 if viewContext, isMap := data.(map[string]any); isMap {
198 viewContext["reverse"] = c.Echo().Reverse
199 }
200
201 return t.templates.ExecuteTemplate(w, name, data)
202}
203
204func New(args *Args) (*Server, error) {
205 if args.Addr == "" {
206 return nil, fmt.Errorf("addr must be set")
207 }
208
209 if args.DbName == "" {
210 return nil, fmt.Errorf("db name must be set")
211 }
212
213 if args.Did == "" {
214 return nil, fmt.Errorf("cocoon did must be set")
215 }
216
217 if args.ContactEmail == "" {
218 return nil, fmt.Errorf("cocoon contact email is required")
219 }
220
221 if _, err := syntax.ParseDID(args.Did); err != nil {
222 return nil, fmt.Errorf("error parsing cocoon did: %w", err)
223 }
224
225 if args.Hostname == "" {
226 return nil, fmt.Errorf("cocoon hostname must be set")
227 }
228
229 if args.AdminPassword == "" {
230 return nil, fmt.Errorf("admin password must be set")
231 }
232
233 if args.Logger == nil {
234 args.Logger = slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{}))
235 }
236
237 if args.SessionSecret == "" {
238 panic("SESSION SECRET WAS NOT SET. THIS IS REQUIRED. ")
239 }
240
241 e := echo.New()
242
243 e.Pre(middleware.RemoveTrailingSlash())
244 e.Pre(slogecho.New(args.Logger))
245 e.Use(echo_session.Middleware(sessions.NewCookieStore([]byte(args.SessionSecret))))
246 e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
247 AllowOrigins: []string{"*"},
248 AllowHeaders: []string{"*"},
249 AllowMethods: []string{"*"},
250 AllowCredentials: true,
251 MaxAge: 100_000_000,
252 }))
253
254 vdtor := validator.New()
255 vdtor.RegisterValidation("atproto-handle", func(fl validator.FieldLevel) bool {
256 if _, err := syntax.ParseHandle(fl.Field().String()); err != nil {
257 return false
258 }
259 return true
260 })
261 vdtor.RegisterValidation("atproto-did", func(fl validator.FieldLevel) bool {
262 if _, err := syntax.ParseDID(fl.Field().String()); err != nil {
263 return false
264 }
265 return true
266 })
267 vdtor.RegisterValidation("atproto-rkey", func(fl validator.FieldLevel) bool {
268 if _, err := syntax.ParseRecordKey(fl.Field().String()); err != nil {
269 return false
270 }
271 return true
272 })
273 vdtor.RegisterValidation("atproto-nsid", func(fl validator.FieldLevel) bool {
274 if _, err := syntax.ParseNSID(fl.Field().String()); err != nil {
275 return false
276 }
277 return true
278 })
279
280 e.Validator = &CustomValidator{validator: vdtor}
281
282 httpd := &http.Server{
283 Addr: args.Addr,
284 Handler: e,
285 // shitty defaults but okay for now, needed for import repo
286 ReadTimeout: 5 * time.Minute,
287 WriteTimeout: 5 * time.Minute,
288 IdleTimeout: 5 * time.Minute,
289 }
290
291 gdb, err := gorm.Open(sqlite.Open(args.DbName), &gorm.Config{})
292 if err != nil {
293 return nil, err
294 }
295 dbw := db.NewDB(gdb)
296
297 rkbytes, err := os.ReadFile(args.RotationKeyPath)
298 if err != nil {
299 return nil, err
300 }
301
302 h := util.RobustHTTPClient()
303
304 plcClient, err := plc.NewClient(&plc.ClientArgs{
305 H: h,
306 Service: "https://plc.directory",
307 PdsHostname: args.Hostname,
308 RotationKey: rkbytes,
309 })
310 if err != nil {
311 return nil, err
312 }
313
314 jwkbytes, err := os.ReadFile(args.JwkPath)
315 if err != nil {
316 return nil, err
317 }
318
319 key, err := helpers.ParseJWKFromBytes(jwkbytes)
320 if err != nil {
321 return nil, err
322 }
323
324 var pkey ecdsa.PrivateKey
325 if err := key.Raw(&pkey); err != nil {
326 return nil, err
327 }
328
329 oauthCli := &http.Client{
330 Timeout: 10 * time.Second,
331 }
332
333 var nonceSecret []byte
334 maybeSecret, err := os.ReadFile("nonce.secret")
335 if err != nil && !os.IsNotExist(err) {
336 args.Logger.Error("error attempting to read nonce secret", "error", err)
337 } else {
338 nonceSecret = maybeSecret
339 }
340
341 s := &Server{
342 http: h,
343 httpd: httpd,
344 echo: e,
345 logger: args.Logger,
346 db: dbw,
347 plcClient: plcClient,
348 privateKey: &pkey,
349 config: &config{
350 Version: args.Version,
351 Did: args.Did,
352 Hostname: args.Hostname,
353 ContactEmail: args.ContactEmail,
354 EnforcePeering: false,
355 Relays: args.Relays,
356 AdminPassword: args.AdminPassword,
357 SmtpName: args.SmtpName,
358 SmtpEmail: args.SmtpEmail,
359 BlockstoreVariant: args.BlockstoreVariant,
360 FallbackProxy: args.FallbackProxy,
361 },
362 evtman: events.NewEventManager(events.NewMemPersister()),
363 passport: identity.NewPassport(h, identity.NewMemCache(10_000)),
364
365 dbName: args.DbName,
366 s3Config: args.S3Config,
367
368 oauthProvider: provider.NewProvider(provider.Args{
369 Hostname: args.Hostname,
370 ClientManagerArgs: client.ManagerArgs{
371 Cli: oauthCli,
372 Logger: args.Logger,
373 },
374 DpopManagerArgs: dpop.ManagerArgs{
375 NonceSecret: nonceSecret,
376 NonceRotationInterval: constants.NonceMaxRotationInterval / 3,
377 OnNonceSecretCreated: func(newNonce []byte) {
378 if err := os.WriteFile("nonce.secret", newNonce, 0644); err != nil {
379 args.Logger.Error("error writing new nonce secret", "error", err)
380 }
381 },
382 Logger: args.Logger,
383 Hostname: args.Hostname,
384 },
385 }),
386 }
387
388 s.loadTemplates()
389
390 s.repoman = NewRepoMan(s) // TODO: this is way too lazy, stop it
391
392 // TODO: should validate these args
393 if args.SmtpUser == "" || args.SmtpPass == "" || args.SmtpHost == "" || args.SmtpPort == "" || args.SmtpEmail == "" || args.SmtpName == "" {
394 args.Logger.Warn("not enough smtp args were provided. mailing will not work for your server.")
395 } else {
396 mail := mailyak.New(args.SmtpHost+":"+args.SmtpPort, smtp.PlainAuth("", args.SmtpUser, args.SmtpPass, args.SmtpHost))
397 mail.From(s.config.SmtpEmail)
398 mail.FromName(s.config.SmtpName)
399
400 s.mail = mail
401 s.mailLk = &sync.Mutex{}
402 }
403
404 return s, nil
405}
406
407func (s *Server) addRoutes() {
408 // static
409 if s.config.Version == "dev" {
410 s.echo.Static("/static", "server/static")
411 } else {
412 s.echo.GET("/static/*", echo.WrapHandler(http.FileServer(http.FS(staticFS))))
413 }
414
415 // random stuff
416 s.echo.GET("/", s.handleRoot)
417 s.echo.GET("/xrpc/_health", s.handleHealth)
418 s.echo.GET("/.well-known/did.json", s.handleWellKnown)
419 s.echo.GET("/.well-known/oauth-protected-resource", s.handleOauthProtectedResource)
420 s.echo.GET("/.well-known/oauth-authorization-server", s.handleOauthAuthorizationServer)
421 s.echo.GET("/robots.txt", s.handleRobots)
422
423 // public
424 s.echo.GET("/xrpc/com.atproto.identity.resolveHandle", s.handleResolveHandle)
425 s.echo.POST("/xrpc/com.atproto.server.createAccount", s.handleCreateAccount)
426 s.echo.POST("/xrpc/com.atproto.server.createAccount", s.handleCreateAccount)
427 s.echo.POST("/xrpc/com.atproto.server.createSession", s.handleCreateSession)
428 s.echo.GET("/xrpc/com.atproto.server.describeServer", s.handleDescribeServer)
429
430 s.echo.GET("/xrpc/com.atproto.repo.describeRepo", s.handleDescribeRepo)
431 s.echo.GET("/xrpc/com.atproto.sync.listRepos", s.handleListRepos)
432 s.echo.GET("/xrpc/com.atproto.repo.listRecords", s.handleListRecords)
433 s.echo.GET("/xrpc/com.atproto.repo.getRecord", s.handleRepoGetRecord)
434 s.echo.GET("/xrpc/com.atproto.sync.getRecord", s.handleSyncGetRecord)
435 s.echo.GET("/xrpc/com.atproto.sync.getBlocks", s.handleGetBlocks)
436 s.echo.GET("/xrpc/com.atproto.sync.getLatestCommit", s.handleSyncGetLatestCommit)
437 s.echo.GET("/xrpc/com.atproto.sync.getRepoStatus", s.handleSyncGetRepoStatus)
438 s.echo.GET("/xrpc/com.atproto.sync.getRepo", s.handleSyncGetRepo)
439 s.echo.GET("/xrpc/com.atproto.sync.subscribeRepos", s.handleSyncSubscribeRepos)
440 s.echo.GET("/xrpc/com.atproto.sync.listBlobs", s.handleSyncListBlobs)
441 s.echo.GET("/xrpc/com.atproto.sync.getBlob", s.handleSyncGetBlob)
442
443 // account
444 s.echo.GET("/account", s.handleAccount)
445 s.echo.POST("/account/revoke", s.handleAccountRevoke)
446 s.echo.GET("/account/signin", s.handleAccountSigninGet)
447 s.echo.POST("/account/signin", s.handleAccountSigninPost)
448 s.echo.GET("/account/signout", s.handleAccountSignout)
449
450 // oauth account
451 s.echo.GET("/oauth/jwks", s.handleOauthJwks)
452 s.echo.GET("/oauth/authorize", s.handleOauthAuthorizeGet)
453 s.echo.POST("/oauth/authorize", s.handleOauthAuthorizePost)
454
455 // oauth authorization
456 s.echo.POST("/oauth/par", s.handleOauthPar, s.oauthProvider.BaseMiddleware)
457 s.echo.POST("/oauth/token", s.handleOauthToken, s.oauthProvider.BaseMiddleware)
458
459 // authed
460 s.echo.GET("/xrpc/com.atproto.server.getSession", s.handleGetSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
461 s.echo.POST("/xrpc/com.atproto.server.refreshSession", s.handleRefreshSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
462 s.echo.POST("/xrpc/com.atproto.server.deleteSession", s.handleDeleteSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
463 s.echo.POST("/xrpc/com.atproto.identity.updateHandle", s.handleIdentityUpdateHandle, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
464 s.echo.POST("/xrpc/com.atproto.server.confirmEmail", s.handleServerConfirmEmail, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
465 s.echo.POST("/xrpc/com.atproto.server.requestEmailConfirmation", s.handleServerRequestEmailConfirmation, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
466 s.echo.POST("/xrpc/com.atproto.server.requestPasswordReset", s.handleServerRequestPasswordReset) // AUTH NOT REQUIRED FOR THIS ONE
467 s.echo.POST("/xrpc/com.atproto.server.requestEmailUpdate", s.handleServerRequestEmailUpdate, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
468 s.echo.POST("/xrpc/com.atproto.server.resetPassword", s.handleServerResetPassword, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
469 s.echo.POST("/xrpc/com.atproto.server.updateEmail", s.handleServerUpdateEmail, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
470 s.echo.GET("/xrpc/com.atproto.server.getServiceAuth", s.handleServerGetServiceAuth, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
471 s.echo.GET("/xrpc/com.atproto.server.checkAccountStatus", s.handleServerCheckAccountStatus, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
472 s.echo.POST("/xrpc/com.atproto.server.deactivateAccount", s.handleServerDeactivateAccount, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
473 s.echo.POST("/xrpc/com.atproto.server.activateAccount", s.handleServerActivateAccount, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
474
475 // repo
476 s.echo.POST("/xrpc/com.atproto.repo.createRecord", s.handleCreateRecord, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
477 s.echo.POST("/xrpc/com.atproto.repo.putRecord", s.handlePutRecord, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
478 s.echo.POST("/xrpc/com.atproto.repo.deleteRecord", s.handleDeleteRecord, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
479 s.echo.POST("/xrpc/com.atproto.repo.applyWrites", s.handleApplyWrites, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
480 s.echo.POST("/xrpc/com.atproto.repo.uploadBlob", s.handleRepoUploadBlob, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
481 s.echo.POST("/xrpc/com.atproto.repo.importRepo", s.handleRepoImportRepo, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
482
483 // stupid silly endpoints
484 s.echo.GET("/xrpc/app.bsky.actor.getPreferences", s.handleActorGetPreferences, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
485 s.echo.POST("/xrpc/app.bsky.actor.putPreferences", s.handleActorPutPreferences, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
486
487 // admin routes
488 s.echo.POST("/xrpc/com.atproto.server.createInviteCode", s.handleCreateInviteCode, s.handleAdminMiddleware)
489 s.echo.POST("/xrpc/com.atproto.server.createInviteCodes", s.handleCreateInviteCodes, s.handleAdminMiddleware)
490
491 // are there any routes that we should be allowing without auth? i dont think so but idk
492 s.echo.GET("/xrpc/*", s.handleProxy, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
493 s.echo.POST("/xrpc/*", s.handleProxy, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)
494}
495
496func (s *Server) Serve(ctx context.Context) error {
497 s.addRoutes()
498
499 s.logger.Info("migrating...")
500
501 s.db.AutoMigrate(
502 &models.Actor{},
503 &models.Repo{},
504 &models.InviteCode{},
505 &models.Token{},
506 &models.RefreshToken{},
507 &models.Block{},
508 &models.Record{},
509 &models.Blob{},
510 &models.BlobPart{},
511 &provider.OauthToken{},
512 &provider.OauthAuthorizationRequest{},
513 )
514
515 s.logger.Info("starting cocoon")
516
517 go func() {
518 if err := s.httpd.ListenAndServe(); err != nil {
519 panic(err)
520 }
521 }()
522
523 go s.backupRoutine()
524
525 go func() {
526 if err := s.requestCrawl(ctx); err != nil {
527 s.logger.Error("error requesting crawls", "err", err)
528 }
529 }()
530
531 <-ctx.Done()
532
533 fmt.Println("shut down")
534
535 return nil
536}
537
538func (s *Server) requestCrawl(ctx context.Context) error {
539 logger := s.logger.With("component", "request-crawl")
540 s.requestCrawlMu.Lock()
541 defer s.requestCrawlMu.Unlock()
542
543 logger.Info("requesting crawl with configured relays")
544
545 if time.Now().Sub(s.lastRequestCrawl) <= 1*time.Minute {
546 return fmt.Errorf("a crawl request has already been made within the last minute")
547 }
548
549 for _, relay := range s.config.Relays {
550 logger := logger.With("relay", relay)
551 logger.Info("requesting crawl from relay")
552 cli := xrpc.Client{Host: relay}
553 if err := atproto.SyncRequestCrawl(ctx, &cli, &atproto.SyncRequestCrawl_Input{
554 Hostname: s.config.Hostname,
555 }); err != nil {
556 logger.Error("error requesting crawl", "err", err)
557 } else {
558 logger.Info("crawl requested successfully")
559 }
560 }
561
562 s.lastRequestCrawl = time.Now()
563
564 return nil
565}
566
567func (s *Server) doBackup() {
568 start := time.Now()
569
570 s.logger.Info("beginning backup to s3...")
571
572 var buf bytes.Buffer
573 if err := func() error {
574 s.logger.Info("reading database bytes...")
575 s.db.Lock()
576 defer s.db.Unlock()
577
578 sf, err := os.Open(s.dbName)
579 if err != nil {
580 return fmt.Errorf("error opening database for backup: %w", err)
581 }
582 defer sf.Close()
583
584 if _, err := io.Copy(&buf, sf); err != nil {
585 return fmt.Errorf("error reading bytes of backup db: %w", err)
586 }
587
588 return nil
589 }(); err != nil {
590 s.logger.Error("error backing up database", "error", err)
591 return
592 }
593
594 if err := func() error {
595 s.logger.Info("sending to s3...")
596
597 currTime := time.Now().Format("2006-01-02_15-04-05")
598 key := "cocoon-backup-" + currTime + ".db"
599
600 config := &aws.Config{
601 Region: aws.String(s.s3Config.Region),
602 Credentials: credentials.NewStaticCredentials(s.s3Config.AccessKey, s.s3Config.SecretKey, ""),
603 }
604
605 if s.s3Config.Endpoint != "" {
606 config.Endpoint = aws.String(s.s3Config.Endpoint)
607 config.S3ForcePathStyle = aws.Bool(true)
608 }
609
610 sess, err := session.NewSession(config)
611 if err != nil {
612 return err
613 }
614
615 svc := s3.New(sess)
616
617 if _, err := svc.PutObject(&s3.PutObjectInput{
618 Bucket: aws.String(s.s3Config.Bucket),
619 Key: aws.String(key),
620 Body: bytes.NewReader(buf.Bytes()),
621 }); err != nil {
622 return fmt.Errorf("error uploading file to s3: %w", err)
623 }
624
625 s.logger.Info("finished uploading backup to s3", "key", key, "duration", time.Now().Sub(start).Seconds())
626
627 return nil
628 }(); err != nil {
629 s.logger.Error("error uploading database backup", "error", err)
630 return
631 }
632
633 os.WriteFile("last-backup.txt", []byte(time.Now().String()), 0644)
634}
635
636func (s *Server) backupRoutine() {
637 if s.s3Config == nil || !s.s3Config.BackupsEnabled {
638 return
639 }
640
641 if s.s3Config.Region == "" {
642 s.logger.Warn("no s3 region configured but backups are enabled. backups will not run.")
643 return
644 }
645
646 if s.s3Config.Bucket == "" {
647 s.logger.Warn("no s3 bucket configured but backups are enabled. backups will not run.")
648 return
649 }
650
651 if s.s3Config.AccessKey == "" {
652 s.logger.Warn("no s3 access key configured but backups are enabled. backups will not run.")
653 return
654 }
655
656 if s.s3Config.SecretKey == "" {
657 s.logger.Warn("no s3 secret key configured but backups are enabled. backups will not run.")
658 return
659 }
660
661 shouldBackupNow := false
662 lastBackupStr, err := os.ReadFile("last-backup.txt")
663 if err != nil {
664 shouldBackupNow = true
665 } else {
666 lastBackup, err := time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", string(lastBackupStr))
667 if err != nil {
668 shouldBackupNow = true
669 } else if time.Now().Sub(lastBackup).Seconds() > 3600 {
670 shouldBackupNow = true
671 }
672 }
673
674 if shouldBackupNow {
675 go s.doBackup()
676 }
677
678 ticker := time.NewTicker(time.Hour)
679 for range ticker.C {
680 go s.doBackup()
681 }
682}
683
684func (s *Server) UpdateRepo(ctx context.Context, did string, root cid.Cid, rev string) error {
685 if err := s.db.Exec("UPDATE repos SET root = ?, rev = ? WHERE did = ?", nil, root.Bytes(), rev, did).Error; err != nil {
686 return err
687 }
688
689 return nil
690}