appview/state/router.go at push-twlxnytrpyuk · kot.pink/core

kot.pink / core
Monorepo for Tangled — https://tangled.org
core / appview / state / router.go
at push-twlxnytrpyuk 8.8 kB view raw
  1package state
  2
  3import (
  4	"net/http"
  5	"strings"
  6
  7	"github.com/go-chi/chi/v5"
  8	"github.com/gorilla/sessions"
  9	"tangled.sh/tangled.sh/core/appview/middleware"
 10	oauthhandler "tangled.sh/tangled.sh/core/appview/oauth/handler"
 11	"tangled.sh/tangled.sh/core/appview/settings"
 12	"tangled.sh/tangled.sh/core/appview/state/userutil"
 13)
 14
 15func (s *State) Router() http.Handler {
 16	router := chi.NewRouter()
 17
 18	router.HandleFunc("/*", func(w http.ResponseWriter, r *http.Request) {
 19		pat := chi.URLParam(r, "*")
 20		if strings.HasPrefix(pat, "did:") || strings.HasPrefix(pat, "@") {
 21			s.UserRouter().ServeHTTP(w, r)
 22		} else {
 23			// Check if the first path element is a valid handle without '@' or a flattened DID
 24			pathParts := strings.SplitN(pat, "/", 2)
 25			if len(pathParts) > 0 {
 26				if userutil.IsHandleNoAt(pathParts[0]) {
 27					// Redirect to the same path but with '@' prefixed to the handle
 28					redirectPath := "@" + pat
 29					http.Redirect(w, r, "/"+redirectPath, http.StatusFound)
 30					return
 31				} else if userutil.IsFlattenedDid(pathParts[0]) {
 32					// Redirect to the unflattened DID version
 33					unflattenedDid := userutil.UnflattenDid(pathParts[0])
 34					var redirectPath string
 35					if len(pathParts) > 1 {
 36						redirectPath = unflattenedDid + "/" + pathParts[1]
 37					} else {
 38						redirectPath = unflattenedDid
 39					}
 40					http.Redirect(w, r, "/"+redirectPath, http.StatusFound)
 41					return
 42				}
 43			}
 44			s.StandardRouter().ServeHTTP(w, r)
 45		}
 46	})
 47
 48	return router
 49}
 50
 51func (s *State) UserRouter() http.Handler {
 52	r := chi.NewRouter()
 53
 54	// strip @ from user
 55	r.Use(StripLeadingAt)
 56
 57	r.With(ResolveIdent(s)).Route("/{user}", func(r chi.Router) {
 58		r.Get("/", s.Profile)
 59
 60		r.With(ResolveRepo(s)).Route("/{repo}", func(r chi.Router) {
 61			r.Use(GoImport(s))
 62
 63			r.Get("/", s.RepoIndex)
 64			r.Get("/commits/{ref}", s.RepoLog)
 65			r.Route("/tree/{ref}", func(r chi.Router) {
 66				r.Get("/", s.RepoIndex)
 67				r.Get("/*", s.RepoTree)
 68			})
 69			r.Get("/commit/{ref}", s.RepoCommit)
 70			r.Get("/branches", s.RepoBranches)
 71			r.Route("/tags", func(r chi.Router) {
 72				r.Get("/", s.RepoTags)
 73				r.Route("/{tag}", func(r chi.Router) {
 74					r.Use(middleware.AuthMiddleware(s.oauth))
 75					// require auth to download for now
 76					r.Get("/download/{file}", s.DownloadArtifact)
 77
 78					// require repo:push to upload or delete artifacts
 79					//
 80					// additionally: only the uploader can truly delete an artifact
 81					// (record+blob will live on their pds)
 82					r.Group(func(r chi.Router) {
 83						r.With(RepoPermissionMiddleware(s, "repo:push"))
 84						r.Post("/upload", s.AttachArtifact)
 85						r.Delete("/{file}", s.DeleteArtifact)
 86					})
 87				})
 88			})
 89			r.Get("/blob/{ref}/*", s.RepoBlob)
 90			r.Get("/raw/{ref}/*", s.RepoBlobRaw)
 91
 92			r.Route("/issues", func(r chi.Router) {
 93				r.With(middleware.Paginate).Get("/", s.RepoIssues)
 94				r.Get("/{issue}", s.RepoSingleIssue)
 95
 96				r.Group(func(r chi.Router) {
 97					r.Use(middleware.AuthMiddleware(s.oauth))
 98					r.Get("/new", s.NewIssue)
 99					r.Post("/new", s.NewIssue)
100					r.Post("/{issue}/comment", s.NewIssueComment)
101					r.Route("/{issue}/comment/{comment_id}/", func(r chi.Router) {
102						r.Get("/", s.IssueComment)
103						r.Delete("/", s.DeleteIssueComment)
104						r.Get("/edit", s.EditIssueComment)
105						r.Post("/edit", s.EditIssueComment)
106					})
107					r.Post("/{issue}/close", s.CloseIssue)
108					r.Post("/{issue}/reopen", s.ReopenIssue)
109				})
110			})
111
112			r.Route("/fork", func(r chi.Router) {
113				r.Use(middleware.AuthMiddleware(s.oauth))
114				r.Get("/", s.ForkRepo)
115				r.Post("/", s.ForkRepo)
116				r.With(RepoPermissionMiddleware(s, "repo:owner")).Route("/sync", func(r chi.Router) {
117					r.Post("/", s.SyncRepoFork)
118				})
119			})
120
121			r.Route("/compare", func(r chi.Router) {
122				r.Get("/", s.RepoCompareNew) // start an new comparison
123
124				// we have to wildcard here since we want to support GitHub's compare syntax
125				//   /compare/{ref1}...{ref2}
126				// for example:
127				//   /compare/master...some/feature
128				//   /compare/master...example.com:another/feature <- this is a fork
129				r.Get("/{base}/{head}", s.RepoCompare)
130				r.Get("/*", s.RepoCompare)
131			})
132
133			r.Route("/pulls", func(r chi.Router) {
134				r.Get("/", s.RepoPulls)
135				r.With(middleware.AuthMiddleware(s.oauth)).Route("/new", func(r chi.Router) {
136					r.Get("/", s.NewPull)
137					r.Get("/patch-upload", s.PatchUploadFragment)
138					r.Post("/validate-patch", s.ValidatePatch)
139					r.Get("/compare-branches", s.CompareBranchesFragment)
140					r.Get("/compare-forks", s.CompareForksFragment)
141					r.Get("/fork-branches", s.CompareForksBranchesFragment)
142					r.Post("/", s.NewPull)
143				})
144
145				r.Route("/{pull}", func(r chi.Router) {
146					r.Use(ResolvePull(s))
147					r.Get("/", s.RepoSinglePull)
148
149					r.Route("/round/{round}", func(r chi.Router) {
150						r.Get("/", s.RepoPullPatch)
151						r.Get("/interdiff", s.RepoPullInterdiff)
152						r.Get("/actions", s.PullActions)
153						r.With(middleware.AuthMiddleware(s.oauth)).Route("/comment", func(r chi.Router) {
154							r.Get("/", s.PullComment)
155							r.Post("/", s.PullComment)
156						})
157					})
158
159					r.Route("/round/{round}.patch", func(r chi.Router) {
160						r.Get("/", s.RepoPullPatchRaw)
161					})
162
163					r.Group(func(r chi.Router) {
164						r.Use(middleware.AuthMiddleware(s.oauth))
165						r.Route("/resubmit", func(r chi.Router) {
166							r.Get("/", s.ResubmitPull)
167							r.Post("/", s.ResubmitPull)
168						})
169						r.Post("/close", s.ClosePull)
170						r.Post("/reopen", s.ReopenPull)
171						// collaborators only
172						r.Group(func(r chi.Router) {
173							r.Use(RepoPermissionMiddleware(s, "repo:push"))
174							r.Post("/merge", s.MergePull)
175							// maybe lock, etc.
176						})
177					})
178				})
179			})
180
181			// These routes get proxied to the knot
182			r.Get("/info/refs", s.InfoRefs)
183			r.Post("/git-upload-pack", s.UploadPack)
184			r.Post("/git-receive-pack", s.ReceivePack)
185
186			// settings routes, needs auth
187			r.Group(func(r chi.Router) {
188				r.Use(middleware.AuthMiddleware(s.oauth))
189				// repo description can only be edited by owner
190				r.With(RepoPermissionMiddleware(s, "repo:owner")).Route("/description", func(r chi.Router) {
191					r.Put("/", s.RepoDescription)
192					r.Get("/", s.RepoDescription)
193					r.Get("/edit", s.RepoDescriptionEdit)
194				})
195				r.With(RepoPermissionMiddleware(s, "repo:settings")).Route("/settings", func(r chi.Router) {
196					r.Get("/", s.RepoSettings)
197					r.With(RepoPermissionMiddleware(s, "repo:invite")).Put("/collaborator", s.AddCollaborator)
198					r.With(RepoPermissionMiddleware(s, "repo:delete")).Delete("/delete", s.DeleteRepo)
199					r.Put("/branches/default", s.SetDefaultBranch)
200				})
201			})
202		})
203	})
204
205	r.NotFound(func(w http.ResponseWriter, r *http.Request) {
206		s.pages.Error404(w)
207	})
208
209	return r
210}
211
212func (s *State) StandardRouter() http.Handler {
213	r := chi.NewRouter()
214
215	r.Handle("/static/*", s.pages.Static())
216
217	r.Get("/", s.Timeline)
218
219	r.With(middleware.AuthMiddleware(s.oauth)).Post("/logout", s.Logout)
220
221	r.Route("/knots", func(r chi.Router) {
222		r.Use(middleware.AuthMiddleware(s.oauth))
223		r.Get("/", s.Knots)
224		r.Post("/key", s.RegistrationKey)
225
226		r.Route("/{domain}", func(r chi.Router) {
227			r.Post("/init", s.InitKnotServer)
228			r.Get("/", s.KnotServerInfo)
229			r.Route("/member", func(r chi.Router) {
230				r.Use(KnotOwner(s))
231				r.Get("/", s.ListMembers)
232				r.Put("/", s.AddMember)
233				r.Delete("/", s.RemoveMember)
234			})
235		})
236	})
237
238	r.Route("/repo", func(r chi.Router) {
239		r.Route("/new", func(r chi.Router) {
240			r.Use(middleware.AuthMiddleware(s.oauth))
241			r.Get("/", s.NewRepo)
242			r.Post("/", s.NewRepo)
243		})
244		// r.Post("/import", s.ImportRepo)
245	})
246
247	r.With(middleware.AuthMiddleware(s.oauth)).Route("/follow", func(r chi.Router) {
248		r.Post("/", s.Follow)
249		r.Delete("/", s.Follow)
250	})
251
252	r.With(middleware.AuthMiddleware(s.oauth)).Route("/star", func(r chi.Router) {
253		r.Post("/", s.Star)
254		r.Delete("/", s.Star)
255	})
256
257	r.Route("/profile", func(r chi.Router) {
258		r.Use(middleware.AuthMiddleware(s.oauth))
259		r.Get("/edit-bio", s.EditBioFragment)
260		r.Get("/edit-pins", s.EditPinsFragment)
261		r.Post("/bio", s.UpdateProfileBio)
262		r.Post("/pins", s.UpdateProfilePins)
263	})
264
265	r.Mount("/settings", s.SettingsRouter())
266	r.Mount("/", s.OAuthRouter())
267	r.Get("/keys/{user}", s.Keys)
268
269	r.NotFound(func(w http.ResponseWriter, r *http.Request) {
270		s.pages.Error404(w)
271	})
272	return r
273}
274
275func (s *State) OAuthRouter() http.Handler {
276	oauth := &oauthhandler.OAuthHandler{
277		Config:   s.config,
278		Pages:    s.pages,
279		Resolver: s.resolver,
280		Db:       s.db,
281		Store:    sessions.NewCookieStore([]byte(s.config.Core.CookieSecret)),
282		OAuth:    s.oauth,
283		Enforcer: s.enforcer,
284		Posthog:  s.posthog,
285	}
286
287	return oauth.Router()
288}
289
290func (s *State) SettingsRouter() http.Handler {
291	settings := &settings.Settings{
292		Db:     s.db,
293		OAuth:  s.oauth,
294		Pages:  s.pages,
295		Config: s.config,
296	}
297
298	return settings.Router()
299}