···
"github.com/bluesky-social/indigo/atproto/syntax"
···
"github.com/go-git/go-git/v5/plumbing"
"tangled.sh/tangled.sh/core/api/tangled"
15
+
"tangled.sh/tangled.sh/core/appview/config"
"tangled.sh/tangled.sh/core/appview/db"
17
+
"tangled.sh/tangled.sh/core/appview/idresolver"
18
+
"tangled.sh/tangled.sh/core/appview/spindleverify"
"tangled.sh/tangled.sh/core/rbac"
23
-
type Ingester func(ctx context.Context, e *models.Event) error
22
+
type Ingester struct {
24
+
Enforcer *rbac.Enforcer
25
+
IdResolver *idresolver.Resolver
26
+
Config *config.Config
30
+
type processFunc func(ctx context.Context, e *models.Event) error
25
-
func Ingest(d db.DbWrapper, enforcer *rbac.Enforcer) Ingester {
32
+
func (i *Ingester) Ingest() processFunc {
return func(ctx context.Context, e *models.Event) error {
lastTimeUs := eventTime + 1
31
-
if err := d.SaveLastTimeUs(lastTimeUs); err != nil {
38
+
if err := i.Db.SaveLastTimeUs(lastTimeUs); err != nil {
err = fmt.Errorf("(deferred) failed to save last time us: %w", err)
···
switch e.Commit.Collection {
case tangled.GraphFollowNSID:
49
+
err = i.ingestFollow(e)
case tangled.FeedStarNSID:
51
+
err = i.ingestStar(e)
case tangled.PublicKeyNSID:
46
-
ingestPublicKey(&d, e)
53
+
err = i.ingestPublicKey(e)
case tangled.RepoArtifactNSID:
48
-
ingestArtifact(&d, e, enforcer)
55
+
err = i.ingestArtifact(e)
case tangled.ActorProfileNSID:
50
-
ingestProfile(&d, e)
57
+
err = i.ingestProfile(e)
case tangled.SpindleMemberNSID:
52
-
ingestSpindleMember(&d, e, enforcer)
59
+
err = i.ingestSpindleMember(e)
case tangled.SpindleNSID:
54
-
ingestSpindle(&d, e, true) // TODO: change this to dynamic
61
+
err = i.ingestSpindle(e)
65
+
l := i.Logger.With("nsid", e.Commit.Collection)
66
+
l.Error("error ingesting record", "err", err)
61
-
func ingestStar(d *db.DbWrapper, e *models.Event) error {
73
+
func (i *Ingester) ingestStar(e *models.Event) error {
77
+
l := i.Logger.With("handler", "ingestStar")
78
+
l = l.With("nsid", e.Commit.Collection)
switch e.Commit.Operation {
case models.CommitOperationCreate, models.CommitOperationUpdate:
var subjectUri syntax.ATURI
···
record := tangled.FeedStar{}
err := json.Unmarshal(raw, &record)
73
-
log.Println("invalid record")
88
+
l.Error("invalid record", "err", err)
subjectUri, err = syntax.ParseATURI(record.Subject)
79
-
log.Println("invalid record")
94
+
l.Error("invalid record", "err", err)
82
-
err = db.AddStar(d, did, subjectUri, e.Commit.RKey)
97
+
err = db.AddStar(i.Db, did, subjectUri, e.Commit.RKey)
case models.CommitOperationDelete:
84
-
err = db.DeleteStarByRkey(d, did, e.Commit.RKey)
99
+
err = db.DeleteStarByRkey(i.Db, did, e.Commit.RKey)
···
94
-
func ingestFollow(d *db.DbWrapper, e *models.Event) error {
109
+
func (i *Ingester) ingestFollow(e *models.Event) error {
113
+
l := i.Logger.With("handler", "ingestFollow")
114
+
l = l.With("nsid", e.Commit.Collection)
switch e.Commit.Operation {
case models.CommitOperationCreate, models.CommitOperationUpdate:
···
record := tangled.GraphFollow{}
err = json.Unmarshal(raw, &record)
104
-
log.Println("invalid record")
122
+
l.Error("invalid record", "err", err)
subjectDid := record.Subject
109
-
err = db.AddFollow(d, did, subjectDid, e.Commit.RKey)
127
+
err = db.AddFollow(i.Db, did, subjectDid, e.Commit.RKey)
case models.CommitOperationDelete:
111
-
err = db.DeleteFollowByRkey(d, did, e.Commit.RKey)
129
+
err = db.DeleteFollowByRkey(i.Db, did, e.Commit.RKey)
···
121
-
func ingestPublicKey(d *db.DbWrapper, e *models.Event) error {
139
+
func (i *Ingester) ingestPublicKey(e *models.Event) error {
143
+
l := i.Logger.With("handler", "ingestPublicKey")
144
+
l = l.With("nsid", e.Commit.Collection)
switch e.Commit.Operation {
case models.CommitOperationCreate, models.CommitOperationUpdate:
127
-
log.Println("processing add of pubkey")
148
+
l.Debug("processing add of pubkey")
raw := json.RawMessage(e.Commit.Record)
record := tangled.PublicKey{}
err = json.Unmarshal(raw, &record)
132
-
log.Printf("invalid record: %s", err)
153
+
l.Error("invalid record", "err", err)
138
-
err = db.AddPublicKey(d, did, name, key, e.Commit.RKey)
159
+
err = db.AddPublicKey(i.Db, did, name, key, e.Commit.RKey)
case models.CommitOperationDelete:
140
-
log.Println("processing delete of pubkey")
141
-
err = db.DeletePublicKeyByRkey(d, did, e.Commit.RKey)
161
+
l.Debug("processing delete of pubkey")
162
+
err = db.DeletePublicKeyByRkey(i.Db, did, e.Commit.RKey)
···
151
-
func ingestArtifact(d *db.DbWrapper, e *models.Event, enforcer *rbac.Enforcer) error {
172
+
func (i *Ingester) ingestArtifact(e *models.Event) error {
176
+
l := i.Logger.With("handler", "ingestArtifact")
177
+
l = l.With("nsid", e.Commit.Collection)
switch e.Commit.Operation {
case models.CommitOperationCreate, models.CommitOperationUpdate:
raw := json.RawMessage(e.Commit.Record)
record := tangled.RepoArtifact{}
err = json.Unmarshal(raw, &record)
161
-
log.Printf("invalid record: %s", err)
185
+
l.Error("invalid record", "err", err)
···
170
-
repo, err := db.GetRepoByAtUri(d, repoAt.String())
194
+
repo, err := db.GetRepoByAtUri(i.Db, repoAt.String())
175
-
ok, err := enforcer.E.Enforce(did, repo.Knot, repo.DidSlashRepo(), "repo:push")
199
+
ok, err := i.Enforcer.E.Enforce(did, repo.Knot, repo.DidSlashRepo(), "repo:push")
···
MimeType: record.Artifact.MimeType,
197
-
err = db.AddArtifact(d, artifact)
221
+
err = db.AddArtifact(i.Db, artifact)
case models.CommitOperationDelete:
199
-
err = db.DeleteArtifact(d, db.FilterEq("did", did), db.FilterEq("rkey", e.Commit.RKey))
223
+
err = db.DeleteArtifact(i.Db, db.FilterEq("did", did), db.FilterEq("rkey", e.Commit.RKey))
···
209
-
func ingestProfile(d *db.DbWrapper, e *models.Event) error {
233
+
func (i *Ingester) ingestProfile(e *models.Event) error {
237
+
l := i.Logger.With("handler", "ingestProfile")
238
+
l = l.With("nsid", e.Commit.Collection)
if e.Commit.RKey != "self" {
return fmt.Errorf("ingestProfile only ingests `self` record")
···
record := tangled.ActorProfile{}
err = json.Unmarshal(raw, &record)
223
-
log.Printf("invalid record: %s", err)
250
+
l.Error("invalid record", "err", err)
···
270
-
ddb, ok := d.Execer.(*db.DB)
297
+
ddb, ok := i.Db.Execer.(*db.DB)
return fmt.Errorf("failed to index profile record, invalid db cast")
···
err = db.UpsertProfile(tx, &profile)
case models.CommitOperationDelete:
287
-
err = db.DeleteArtifact(d, db.FilterEq("did", did), db.FilterEq("rkey", e.Commit.RKey))
314
+
err = db.DeleteArtifact(i.Db, db.FilterEq("did", did), db.FilterEq("rkey", e.Commit.RKey))
···
297
-
func ingestSpindleMember(_ *db.DbWrapper, e *models.Event, enforcer *rbac.Enforcer) error {
324
+
func (i *Ingester) ingestSpindleMember(e *models.Event) error {
328
+
l := i.Logger.With("handler", "ingestSpindleMember")
329
+
l = l.With("nsid", e.Commit.Collection)
switch e.Commit.Operation {
case models.CommitOperationCreate:
raw := json.RawMessage(e.Commit.Record)
record := tangled.SpindleMember{}
err = json.Unmarshal(raw, &record)
307
-
log.Printf("invalid record: %s", err)
337
+
l.Error("invalid record", "err", err)
// only spindle owner can invite to spindles
312
-
ok, err := enforcer.IsSpindleInviteAllowed(did, record.Instance)
342
+
ok, err := i.Enforcer.IsSpindleInviteAllowed(did, record.Instance)
return fmt.Errorf("failed to enforce permissions: %w", err)
317
-
err = enforcer.AddSpindleMember(record.Instance, record.Subject)
347
+
memberId, err := i.IdResolver.ResolveIdent(context.Background(), record.Subject)
319
-
return fmt.Errorf("failed to add member: %w", err)
352
+
if memberId.Handle.IsInvalidHandle() {
356
+
ddb, ok := i.Db.Execer.(*db.DB)
358
+
return fmt.Errorf("failed to index profile record, invalid db cast")
361
+
err = db.AddSpindleMember(ddb, db.SpindleMember{
362
+
Did: syntax.DID(did),
363
+
Rkey: e.Commit.RKey,
364
+
Instance: record.Instance,
365
+
Subject: memberId.DID,
368
+
return fmt.Errorf("failed to add to db: %w", err)
371
+
err = i.Enforcer.AddSpindleMember(record.Instance, memberId.DID.String())
373
+
return fmt.Errorf("failed to update ACLs: %w", err)
375
+
case models.CommitOperationDelete:
376
+
rkey := e.Commit.RKey
378
+
ddb, ok := i.Db.Execer.(*db.DB)
380
+
return fmt.Errorf("failed to index profile record, invalid db cast")
383
+
// get record from db first
384
+
members, err := db.GetSpindleMembers(
386
+
db.FilterEq("did", did),
387
+
db.FilterEq("rkey", rkey),
389
+
if err != nil || len(members) != 1 {
390
+
return fmt.Errorf("failed to get member: %w, len(members) = %d", err, len(members))
392
+
member := members[0]
394
+
tx, err := ddb.Begin()
396
+
return fmt.Errorf("failed to start txn: %w", err)
399
+
// remove record by rkey && update enforcer
400
+
if err = db.RemoveSpindleMember(
402
+
db.FilterEq("did", did),
403
+
db.FilterEq("rkey", rkey),
405
+
return fmt.Errorf("failed to remove from db: %w", err)
409
+
err = i.Enforcer.RemoveSpindleMember(member.Instance, member.Subject.String())
411
+
return fmt.Errorf("failed to update ACLs: %w", err)
414
+
if err = tx.Commit(); err != nil {
415
+
return fmt.Errorf("failed to commit txn: %w", err)
418
+
if err = i.Enforcer.E.SavePolicy(); err != nil {
419
+
return fmt.Errorf("failed to save ACLs: %w", err)
326
-
func ingestSpindle(d *db.DbWrapper, e *models.Event, dev bool) error {
426
+
func (i *Ingester) ingestSpindle(e *models.Event) error {
430
+
l := i.Logger.With("handler", "ingestSpindle")
431
+
l = l.With("nsid", e.Commit.Collection)
switch e.Commit.Operation {
case models.CommitOperationCreate:
raw := json.RawMessage(e.Commit.Record)
record := tangled.Spindle{}
err = json.Unmarshal(raw, &record)
336
-
log.Printf("invalid record: %s", err)
439
+
l.Error("invalid record", "err", err)
340
-
// this is a special record whose rkey is the instance of the spindle itself
instance := e.Commit.RKey
343
-
owner, err := fetchOwner(context.TODO(), instance, dev)
445
+
ddb, ok := i.Db.Execer.(*db.DB)
447
+
return fmt.Errorf("failed to index profile record, invalid db cast")
450
+
err := db.AddSpindle(ddb, db.Spindle{
451
+
Owner: syntax.DID(did),
452
+
Instance: instance,
345
-
log.Printf("failed to verify owner of %s: %s", instance, err)
455
+
l.Error("failed to add spindle to db", "err", err, "instance", instance)
349
-
// verify that the spindle owner points back to this did
351
-
log.Printf("incorrect owner for domain: %s, %s != %s", instance, owner, did)
459
+
err = spindleverify.RunVerification(context.Background(), instance, did, i.Config.Core.Dev)
461
+
l.Error("failed to add spindle to db", "err", err, "instance", instance)
355
-
// mark this spindle as registered
356
-
ddb, ok := d.Execer.(*db.DB)
465
+
_, err = spindleverify.MarkVerified(ddb, i.Enforcer, instance, did)
467
+
return fmt.Errorf("failed to mark verified: %w", err)
472
+
case models.CommitOperationDelete:
473
+
instance := e.Commit.RKey
475
+
ddb, ok := i.Db.Execer.(*db.DB)
return fmt.Errorf("failed to index profile record, invalid db cast")
361
-
_, err = db.VerifySpindle(
480
+
tx, err := ddb.Begin()
486
+
i.Enforcer.E.LoadPolicy()
489
+
err = db.DeleteSpindle(
db.FilterEq("owner", did),
db.FilterEq("instance", instance),
498
+
err = i.Enforcer.RemoveSpindle(instance)
373
-
func fetchOwner(ctx context.Context, domain string, dev bool) (string, error) {
379
-
url := fmt.Sprintf("%s://%s/owner", scheme, domain)
380
-
req, err := http.NewRequest("GET", url, nil)
385
-
client := &http.Client{
386
-
Timeout: 1 * time.Second,
389
-
resp, err := client.Do(req.WithContext(ctx))
390
-
if err != nil || resp.StatusCode != 200 {
391
-
return "", errors.New("failed to fetch /owner")
394
-
body, err := io.ReadAll(io.LimitReader(resp.Body, 1024)) // read atmost 1kb of data
396
-
return "", fmt.Errorf("failed to read /owner response: %w", err)
399
-
did := strings.TrimSpace(string(body))
401
-
return "", errors.New("empty DID in /owner response")
508
+
err = i.Enforcer.E.SavePolicy()
julien.rbrt.fr
oppi.li