···
resolver *idresolver.Resolver
31
-
// init is a channel that is closed when the knot has been initailized
32
-
// i.e. when the first user (knot owner) has been added.
34
-
knotInitialized bool
func Setup(ctx context.Context, c *config.Config, db *db.DB, e *rbac.Enforcer, jc *jetstream.JetstreamClient, l *slog.Logger, n *notifier.Notifier) (http.Handler, error) {
···
resolver: idresolver.DefaultResolver(),
48
-
init: make(chan struct{}),
err := e.AddKnot(rbac.ThisServer)
···
return nil, fmt.Errorf("failed to setup enforcer: %w", err)
56
-
// Check if the knot knows about any Dids;
57
-
// if it does, it is already initialized and we can repopulate the
58
-
// Jetstream subscriptions.
59
-
dids, err := db.GetAllDids()
51
+
if err = h.configureOwner(); err != nil {
54
+
h.l.Info("owner set", "did", h.c.Server.Owner)
55
+
h.jc.AddDid(h.c.Server.Owner)
57
+
// configure known-dids in jetstream consumer
58
+
dids, err := h.db.GetAllDids()
61
-
return nil, fmt.Errorf("failed to get all Dids: %w", err)
60
+
return nil, fmt.Errorf("failed to get all dids: %w", err)
65
-
h.knotInitialized = true
67
-
for _, d := range dids {
62
+
for _, d := range dids {
err = h.jc.StartJetstream(ctx, h.processMessages)
···
r.Get("/capabilities", h.Capabilities)
r.Get("/version", h.Version)
74
+
r.Get("/owner", func(w http.ResponseWriter, r *http.Request) {
75
+
w.Write([]byte(h.c.Server.Owner))
r.Route("/{did}", func(r chi.Router) {
r.Route("/{name}", func(r chi.Router) {
···
// Socket that streams git oplogs
r.Get("/events", h.Events)
158
-
// Initialize the knot with an owner and public key.
159
-
r.With(h.VerifySignature).Post("/init", h.Init)
// Health check. Used for two-way verification with appview.
r.With(h.VerifySignature).Get("/health", h.Health)
···
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
fmt.Fprintf(w, "knotserver/%s", version)
210
+
func (h *Handle) configureOwner() error {
211
+
cfgOwner := h.c.Server.Owner
213
+
rbacDomain := "thisserver"
215
+
existing, err := h.e.GetKnotUsersByRole("server:owner", rbacDomain)
220
+
switch len(existing) {
222
+
// no owner configured, continue
224
+
// find existing owner
225
+
existingOwner := existing[0]
227
+
// no ownership change, this is okay
228
+
if existingOwner == h.c.Server.Owner {
232
+
// remove existing owner
233
+
err = h.e.RemoveKnotOwner(rbacDomain, existingOwner)
238
+
l.Error("attempted to serve disallowed file type", "mimetype", mimeType)
239
+
writeError(w, "only image, video, and text files can be accessed directly", http.StatusForbidden)
243
+
w.Header().Set("Content-Type", mimeType)
247
+
func (h *Handle) Blob(w http.ResponseWriter, r *http.Request) {
248
+
treePath := chi.URLParam(r, "*")
249
+
ref := chi.URLParam(r, "ref")
250
+
ref, _ = url.PathUnescape(ref)
252
+
l := h.l.With("handler", "Blob", "ref", ref, "treePath", treePath)
254
+
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
255
+
gr, err := git.Open(path, ref)
261
+
var isBinaryFile bool = false
262
+
contents, err := gr.FileContent(treePath)
263
+
if errors.Is(err, git.ErrBinaryFile) {
264
+
isBinaryFile = true
265
+
} else if errors.Is(err, object.ErrFileNotFound) {
268
+
} else if err != nil {
269
+
writeError(w, err.Error(), http.StatusInternalServerError)
273
+
bytes := []byte(contents)
274
+
// safe := string(sanitize(bytes))
275
+
sizeHint := len(bytes)
277
+
resp := types.RepoBlobResponse{
279
+
Contents: string(bytes),
281
+
IsBinary: isBinaryFile,
282
+
SizeHint: uint64(sizeHint),
285
+
h.showFile(resp, w, l)
288
+
func (h *Handle) Archive(w http.ResponseWriter, r *http.Request) {
289
+
name := chi.URLParam(r, "name")
290
+
file := chi.URLParam(r, "file")
292
+
l := h.l.With("handler", "Archive", "name", name, "file", file)
294
+
// TODO: extend this to add more files compression (e.g.: xz)
295
+
if !strings.HasSuffix(file, ".tar.gz") {
300
+
ref := strings.TrimSuffix(file, ".tar.gz")
302
+
unescapedRef, err := url.PathUnescape(ref)
308
+
safeRefFilename := strings.ReplaceAll(plumbing.ReferenceName(unescapedRef).Short(), "/", "-")
310
+
// This allows the browser to use a proper name for the file when
312
+
filename := fmt.Sprintf("%s-%s.tar.gz", name, safeRefFilename)
313
+
setContentDisposition(w, filename)
316
+
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
317
+
gr, err := git.Open(path, unescapedRef)
323
+
gw := gzip.NewWriter(w)
326
+
prefix := fmt.Sprintf("%s-%s", name, safeRefFilename)
327
+
err = gr.WriteTar(gw, prefix)
329
+
// once we start writing to the body we can't report error anymore
330
+
// so we are only left with printing the error.
331
+
l.Error("writing tar file", "error", err.Error())
337
+
// once we start writing to the body we can't report error anymore
338
+
// so we are only left with printing the error.
339
+
l.Error("flushing?", "error", err.Error())
344
+
func (h *Handle) Log(w http.ResponseWriter, r *http.Request) {
345
+
ref := chi.URLParam(r, "ref")
346
+
ref, _ = url.PathUnescape(ref)
348
+
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
350
+
l := h.l.With("handler", "Log", "ref", ref, "path", path)
352
+
gr, err := git.Open(path, ref)
358
+
// Get page parameters
362
+
if pageParam := r.URL.Query().Get("page"); pageParam != "" {
363
+
if p, err := strconv.Atoi(pageParam); err == nil && p > 0 {
368
+
if pageSizeParam := r.URL.Query().Get("per_page"); pageSizeParam != "" {
369
+
if ps, err := strconv.Atoi(pageSizeParam); err == nil && ps > 0 {
374
+
// convert to offset/limit
375
+
offset := (page - 1) * pageSize
378
+
commits, err := gr.Commits(offset, limit)
380
+
writeError(w, err.Error(), http.StatusInternalServerError)
381
+
l.Error("fetching commits", "error", err.Error())
385
+
total := len(commits)
387
+
resp := types.RepoLogResponse{
390
+
Description: getDescription(path),
400
+
func (h *Handle) Diff(w http.ResponseWriter, r *http.Request) {
401
+
ref := chi.URLParam(r, "ref")
402
+
ref, _ = url.PathUnescape(ref)
404
+
l := h.l.With("handler", "Diff", "ref", ref)
406
+
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
407
+
gr, err := git.Open(path, ref)
413
+
diff, err := gr.Diff()
415
+
writeError(w, err.Error(), http.StatusInternalServerError)
416
+
l.Error("getting diff", "error", err.Error())
420
+
resp := types.RepoCommitResponse{
428
+
func (h *Handle) Tags(w http.ResponseWriter, r *http.Request) {
429
+
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
430
+
l := h.l.With("handler", "Refs")
432
+
gr, err := git.Open(path, "")
438
+
tags, err := gr.Tags()
440
+
// Non-fatal, we *should* have at least one branch to show.
441
+
l.Warn("getting tags", "error", err.Error())
444
+
rtags := []*types.TagReference{}
445
+
for _, tag := range tags {
446
+
var target *object.Tag
447
+
if tag.Target != plumbing.ZeroHash {
450
+
tr := types.TagReference{
454
+
tr.Reference = types.Reference{
456
+
Hash: tag.Hash.String(),
459
+
if tag.Message != "" {
460
+
tr.Message = tag.Message
463
+
rtags = append(rtags, &tr)
466
+
resp := types.RepoTagsResponse{
473
+
func (h *Handle) Branches(w http.ResponseWriter, r *http.Request) {
474
+
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
476
+
gr, err := git.PlainOpen(path)
482
+
branches, _ := gr.Branches()
484
+
resp := types.RepoBranchesResponse{
485
+
Branches: branches,
491
+
func (h *Handle) Branch(w http.ResponseWriter, r *http.Request) {
492
+
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
493
+
branchName := chi.URLParam(r, "branch")
494
+
branchName, _ = url.PathUnescape(branchName)
496
+
l := h.l.With("handler", "Branch")
498
+
gr, err := git.PlainOpen(path)
504
+
ref, err := gr.Branch(branchName)
506
+
l.Error("getting branch", "error", err.Error())
507
+
writeError(w, err.Error(), http.StatusInternalServerError)
511
+
commit, err := gr.Commit(ref.Hash())
513
+
l.Error("getting commit object", "error", err.Error())
514
+
writeError(w, err.Error(), http.StatusInternalServerError)
518
+
defaultBranch, err := gr.FindMainBranch()
521
+
l.Error("getting default branch", "error", err.Error())
522
+
// do not quit though
523
+
} else if defaultBranch == branchName {
527
+
resp := types.RepoBranchResponse{
528
+
Branch: types.Branch{
529
+
Reference: types.Reference{
530
+
Name: ref.Name().Short(),
531
+
Hash: ref.Hash().String(),
534
+
IsDefault: isDefault,
541
+
func (h *Handle) Keys(w http.ResponseWriter, r *http.Request) {
542
+
l := h.l.With("handler", "Keys")
545
+
case http.MethodGet:
546
+
keys, err := h.db.GetAllPublicKeys()
548
+
writeError(w, err.Error(), http.StatusInternalServerError)
549
+
l.Error("getting public keys", "error", err.Error())
553
+
data := make([]map[string]any, 0)
554
+
for _, key := range keys {
556
+
data = append(data, j)
561
+
case http.MethodPut:
562
+
pk := db.PublicKey{}
563
+
if err := json.NewDecoder(r.Body).Decode(&pk); err != nil {
564
+
writeError(w, "invalid request body", http.StatusBadRequest)
568
+
_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(pk.Key))
570
+
writeError(w, "invalid pubkey", http.StatusBadRequest)
573
+
if err := h.db.AddPublicKey(pk); err != nil {
574
+
writeError(w, err.Error(), http.StatusInternalServerError)
575
+
l.Error("adding public key", "error", err.Error())
579
+
w.WriteHeader(http.StatusNoContent)
584
+
// func (h *Handle) RepoForkAheadBehind(w http.ResponseWriter, r *http.Request) {
585
+
// l := h.l.With("handler", "RepoForkSync")
587
+
// data := struct {
588
+
// Did string `json:"did"`
589
+
// Source string `json:"source"`
590
+
// Name string `json:"name,omitempty"`
591
+
// HiddenRef string `json:"hiddenref"`
594
+
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
595
+
// writeError(w, "invalid request body", http.StatusBadRequest)
600
+
// source := data.Source
602
+
// if did == "" || source == "" {
603
+
// l.Error("invalid request body, empty did or name")
604
+
// w.WriteHeader(http.StatusBadRequest)
609
+
// if data.Name != "" {
610
+
// name = data.Name
612
+
// name = filepath.Base(source)
615
+
// branch := chi.URLParam(r, "branch")
616
+
// branch, _ = url.PathUnescape(branch)
618
+
// relativeRepoPath := filepath.Join(did, name)
619
+
// repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
621
+
// gr, err := git.PlainOpen(repoPath)
623
+
// log.Println(err)
628
+
// forkCommit, err := gr.ResolveRevision(branch)
630
+
// l.Error("error resolving ref revision", "msg", err.Error())
631
+
// writeError(w, fmt.Sprintf("error resolving revision %s", branch), http.StatusBadRequest)
635
+
// sourceCommit, err := gr.ResolveRevision(data.HiddenRef)
637
+
// l.Error("error resolving hidden ref revision", "msg", err.Error())
638
+
// writeError(w, fmt.Sprintf("error resolving revision %s", data.HiddenRef), http.StatusBadRequest)
642
+
// status := types.UpToDate
643
+
// if forkCommit.Hash.String() != sourceCommit.Hash.String() {
644
+
// isAncestor, err := forkCommit.IsAncestor(sourceCommit)
646
+
// log.Printf("error resolving whether %s is ancestor of %s: %s", branch, data.HiddenRef, err)
651
+
// status = types.FastForwardable
653
+
// status = types.Conflict
657
+
// w.Header().Set("Content-Type", "application/json")
658
+
// json.NewEncoder(w).Encode(types.AncestorCheckResponse{Status: status})
661
+
func (h *Handle) RepoLanguages(w http.ResponseWriter, r *http.Request) {
662
+
repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
663
+
ref := chi.URLParam(r, "ref")
664
+
ref, _ = url.PathUnescape(ref)
666
+
l := h.l.With("handler", "RepoLanguages")
668
+
gr, err := git.Open(repoPath, ref)
670
+
l.Error("opening repo", "error", err.Error())
675
+
ctx, cancel := context.WithTimeout(r.Context(), 1*time.Second)
678
+
sizes, err := gr.AnalyzeLanguages(ctx)
680
+
l.Error("failed to analyze languages", "error", err.Error())
681
+
writeError(w, err.Error(), http.StatusNoContent)
685
+
resp := types.RepoLanguageResponse{Languages: sizes}
690
+
// func (h *Handle) RepoForkSync(w http.ResponseWriter, r *http.Request) {
691
+
// l := h.l.With("handler", "RepoForkSync")
693
+
// data := struct {
694
+
// Did string `json:"did"`
695
+
// Source string `json:"source"`
696
+
// Name string `json:"name,omitempty"`
699
+
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
700
+
// writeError(w, "invalid request body", http.StatusBadRequest)
705
+
// source := data.Source
707
+
// if did == "" || source == "" {
708
+
// l.Error("invalid request body, empty did or name")
709
+
// w.WriteHeader(http.StatusBadRequest)
714
+
// if data.Name != "" {
715
+
// name = data.Name
717
+
// name = filepath.Base(source)
720
+
// branch := chi.URLParam(r, "branch")
721
+
// branch, _ = url.PathUnescape(branch)
723
+
// relativeRepoPath := filepath.Join(did, name)
724
+
// repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
726
+
// gr, err := git.Open(repoPath, branch)
728
+
// log.Println(err)
735
+
// l.Error("error syncing repo fork", "error", err.Error())
736
+
// writeError(w, err.Error(), http.StatusInternalServerError)
740
+
// w.WriteHeader(http.StatusNoContent)
743
+
// func (h *Handle) RepoFork(w http.ResponseWriter, r *http.Request) {
744
+
// l := h.l.With("handler", "RepoFork")
746
+
// data := struct {
747
+
// Did string `json:"did"`
748
+
// Source string `json:"source"`
749
+
// Name string `json:"name,omitempty"`
752
+
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
753
+
// writeError(w, "invalid request body", http.StatusBadRequest)
758
+
// source := data.Source
760
+
// if did == "" || source == "" {
761
+
// l.Error("invalid request body, empty did or name")
762
+
// w.WriteHeader(http.StatusBadRequest)
767
+
// if data.Name != "" {
768
+
// name = data.Name
770
+
// name = filepath.Base(source)
773
+
// relativeRepoPath := filepath.Join(did, name)
774
+
// repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
776
+
// err := git.Fork(repoPath, source)
778
+
// l.Error("forking repo", "error", err.Error())
779
+
// writeError(w, err.Error(), http.StatusInternalServerError)
783
+
// // add perms for this user to access the repo
784
+
// err = h.e.AddRepo(did, rbac.ThisServer, relativeRepoPath)
786
+
// l.Error("adding repo permissions", "error", err.Error())
787
+
// writeError(w, err.Error(), http.StatusInternalServerError)
793
+
// hook.WithScanPath(h.c.Repo.ScanPath),
794
+
// hook.WithInternalApi(h.c.Server.InternalListenAddr),
799
+
// w.WriteHeader(http.StatusNoContent)
802
+
// func (h *Handle) RemoveRepo(w http.ResponseWriter, r *http.Request) {
803
+
// l := h.l.With("handler", "RemoveRepo")
805
+
// data := struct {
806
+
// Did string `json:"did"`
807
+
// Name string `json:"name"`
810
+
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
811
+
// writeError(w, "invalid request body", http.StatusBadRequest)
816
+
// name := data.Name
818
+
// if did == "" || name == "" {
819
+
// l.Error("invalid request body, empty did or name")
820
+
// w.WriteHeader(http.StatusBadRequest)
824
+
// relativeRepoPath := filepath.Join(did, name)
825
+
// repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
826
+
// err := os.RemoveAll(repoPath)
828
+
// l.Error("removing repo", "error", err.Error())
829
+
// writeError(w, err.Error(), http.StatusInternalServerError)
833
+
// w.WriteHeader(http.StatusNoContent)
837
+
// func (h *Handle) Merge(w http.ResponseWriter, r *http.Request) {
838
+
// path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
840
+
// data := types.MergeRequest{}
842
+
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
843
+
// writeError(w, err.Error(), http.StatusBadRequest)
844
+
// h.l.Error("git: failed to unmarshal json patch", "handler", "Merge", "error", err)
848
+
// mo := &git.MergeOptions{
849
+
// AuthorName: data.AuthorName,
850
+
// AuthorEmail: data.AuthorEmail,
851
+
// CommitBody: data.CommitBody,
852
+
// CommitMessage: data.CommitMessage,
855
+
// patch := data.Patch
856
+
// branch := data.Branch
857
+
// gr, err := git.Open(path, branch)
863
+
// mo.FormatPatch = patchutil.IsFormatPatch(patch)
865
+
// if err := gr.MergeWithOptions([]byte(patch), branch, mo); err != nil {
866
+
// var mergeErr *git.ErrMerge
867
+
// if errors.As(err, &mergeErr) {
868
+
// conflicts := make([]types.ConflictInfo, len(mergeErr.Conflicts))
869
+
// for i, conflict := range mergeErr.Conflicts {
870
+
// conflicts[i] = types.ConflictInfo{
871
+
// Filename: conflict.Filename,
872
+
// Reason: conflict.Reason,
875
+
// response := types.MergeCheckResponse{
876
+
// IsConflicted: true,
877
+
// Conflicts: conflicts,
878
+
// Message: mergeErr.Message,
880
+
// writeConflict(w, response)
881
+
// h.l.Error("git: merge conflict", "handler", "Merge", "error", mergeErr)
883
+
// writeError(w, err.Error(), http.StatusBadRequest)
884
+
// h.l.Error("git: failed to merge", "handler", "Merge", "error", err.Error())
889
+
// w.WriteHeader(http.StatusOK)
892
+
// func (h *Handle) MergeCheck(w http.ResponseWriter, r *http.Request) {
893
+
// path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
895
+
// var data struct {
896
+
// Patch string `json:"patch"`
897
+
// Branch string `json:"branch"`
900
+
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
901
+
// writeError(w, err.Error(), http.StatusBadRequest)
902
+
// h.l.Error("git: failed to unmarshal json patch", "handler", "MergeCheck", "error", err)
906
+
// patch := data.Patch
907
+
// branch := data.Branch
908
+
// gr, err := git.Open(path, branch)
914
+
// err = gr.MergeCheck([]byte(patch), branch)
916
+
// response := types.MergeCheckResponse{
917
+
// IsConflicted: false,
919
+
// writeJSON(w, response)
923
+
// var mergeErr *git.ErrMerge
924
+
// if errors.As(err, &mergeErr) {
925
+
// conflicts := make([]types.ConflictInfo, len(mergeErr.Conflicts))
926
+
// for i, conflict := range mergeErr.Conflicts {
927
+
// conflicts[i] = types.ConflictInfo{
928
+
// Filename: conflict.Filename,
929
+
// Reason: conflict.Reason,
932
+
// response := types.MergeCheckResponse{
933
+
// IsConflicted: true,
934
+
// Conflicts: conflicts,
935
+
// Message: mergeErr.Message,
937
+
// writeConflict(w, response)
938
+
// h.l.Error("git: merge conflict", "handler", "MergeCheck", "error", mergeErr.Error())
941
+
// writeError(w, err.Error(), http.StatusInternalServerError)
942
+
// h.l.Error("git: failed to check merge", "handler", "MergeCheck", "error", err.Error())
945
+
func (h *Handle) Compare(w http.ResponseWriter, r *http.Request) {
946
+
rev1 := chi.URLParam(r, "rev1")
947
+
rev1, _ = url.PathUnescape(rev1)
949
+
rev2 := chi.URLParam(r, "rev2")
950
+
rev2, _ = url.PathUnescape(rev2)
952
+
l := h.l.With("handler", "Compare", "r1", rev1, "r2", rev2)
954
+
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
955
+
gr, err := git.PlainOpen(path)
961
+
commit1, err := gr.ResolveRevision(rev1)
963
+
l.Error("error resolving revision 1", "msg", err.Error())
964
+
writeError(w, fmt.Sprintf("error resolving revision %s", rev1), http.StatusBadRequest)
968
+
commit2, err := gr.ResolveRevision(rev2)
970
+
l.Error("error resolving revision 2", "msg", err.Error())
971
+
writeError(w, fmt.Sprintf("error resolving revision %s", rev2), http.StatusBadRequest)
975
+
rawPatch, formatPatch, err := gr.FormatPatch(commit1, commit2)
977
+
l.Error("error comparing revisions", "msg", err.Error())
978
+
writeError(w, "error comparing revisions", http.StatusBadRequest)
982
+
writeJSON(w, types.RepoFormatPatchResponse{
983
+
Rev1: commit1.Hash.String(),
984
+
Rev2: commit2.Hash.String(),
985
+
FormatPatch: formatPatch,
990
+
func (h *Handle) DefaultBranch(w http.ResponseWriter, r *http.Request) {
991
+
l := h.l.With("handler", "DefaultBranch")
992
+
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
994
+
gr, err := git.Open(path, "")
1000
+
branch, err := gr.FindMainBranch()
1002
+
writeError(w, err.Error(), http.StatusInternalServerError)
1003
+
l.Error("getting default branch", "error", err.Error())
1007
+
writeJSON(w, types.RepoDefaultBranchResponse{
kot.pink
anirudh.fi