the default slog logger caused indigo/identity to emit logs when
resolving identities. using a bespoke logger in the guard subcommand
fixes this.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Shalabh Agarwal <me@serendipty01.dev>

fixes: https://tangled.org/@tangled.org/core/issues/224

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

we no longer resolve handles from DIDs at the handlers, we do this
dynamically when rendering the templates. EmailToDidOrHandle did not
follow this pattern.

there were a few negative side effects from this: the `tinyAvatar`
helper requires that the input be a DID; and not a handle. when a handle
is passed, it results in a different default color for users without
profile pictures; resulting in different colors in repo-log versus, say,
the topbar.

Signed-off-by: oppiliappan <me@oppi.li>

Close: #277
Signed-off-by: Seongmin Lee <git@boltless.me>

empty slice/array with 0 length can not be nil, check with length
instead

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: @nekomimi.pet <ana@nekoimimi.pet>

Signed-off-by: @nekomimi.pet <ana@nekoimimi.pet>

there was slightly more padding above the new-button dropdown vs the
profile dropdown in the topbar.

Signed-off-by: oppiliappan <me@oppi.li>

Labels and Pipeline routers do not use middleware, this has been removed
from their respective routers.

Signed-off-by: oppiliappan <me@oppi.li>

this will bump `treeblood` version to `v0.1.16` which doesn't have
invalid checksum issue

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Evan Jarrett <evan@evanjarrett.com>

Signed-off-by: oppiliappan <me@oppi.li>

same to `NewIssueState`, we can determine the detailed event type from
latest pull state

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

both issue close and reopen are handled by `NewIssueState` handler.
this works because passed `issue` obj is already holding the newest
issue state.

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Doesn't suport issue reopen yet

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <boltlessengineer@proton.me>

Signed-off-by: Seongmin Lee <boltlessengineer@proton.me>

- Heavily inspired by gitea
- add `GetAllIssues` which only receives a paginator and gathers all
issues ignoring `repoAt` field

Signed-off-by: Seongmin Lee <boltlessengineer@proton.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

the final addition to my collection of oauth fixes: the session cookie
is not a sufficient indication of a logged-in-ness of a user, we
additionally validate this cookie against the session on redis using
ResumeSession and kick users out if their session is invalid.

previously, a user may have appeared to be logged in (via the profile
picture on the top right), but creating an auth'd request would have
login-prompted them.

Signed-off-by: oppiliappan <me@oppi.li>

if sessions are inactive for too long, tokens will not be refreshed, and
calling authorized xrpc methods will error out with invalid_grant. this
changeset does two things:

- tracks the last time a session was active using a new redis pair:
`oauth:session_meta:<did>:<session>`, this is updated every time
`SaveSession` is called
- checks for session inactivity every time `GetSession` is called, and
deletes the session if so

this way, `GetSession` will never return a session with expired tokens.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

this change makes our tangled appview a "confidential" client.

this change includes breaking changes to the appview service, it now
requires two different environment variables:

- TANGLED_OAUTH_CLIENT_SECRET: the secret component of the old JWKs
object
- TANGLED_OAUTH_CLIENT_KID: the key ID the old JWKs object

both of these can be extracted from the old JWKs object: `obj.d` and
`obj.kid` respectively.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

we invalidate resolutions in our ingester, but the oauth SDK seems to
bring its own directory! this changeset shares them instead.

thanks to nel.pet <did:plc:h5wsnqetncv6lu2weom35lg2> for the hint.

Signed-off-by: oppiliappan <me@oppi.li>

Each methods will check if `page.limit` is higher than 0, and only
applies pagination when limit is higher than 0

Signed-off-by: Seongmin Lee <git@boltless.me>

introduce helper methods: `IntoContext` and `FromContext`
these will help using pagination obj form context easier and make it
less error-prune by using private empty struct as a key instead of raw
string

Signed-off-by: Seongmin Lee <git@boltless.me>

Close: #271
Signed-off-by: Seongmin Lee <git@boltless.me>

kaniko (and other docker build tools) require permission to change file ownership to successfully build containers.

i'm leaving this here for consideration, not sure about this security wise,, the better solution would be to use kvm, i think. in our case docker is running in sysbox without `privileged: true` so it _should_ be fine(??)

Signed-off-by: zenfyr.dev <mail@melontini.me>

this bug prevented following did:web accounts on tangled... because of a
htmx target error.

Signed-off-by: oppiliappan <me@oppi.li>

also uses reflection to unify implementations

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

`autocapitalize` and `autocorrect` will prevent mobile browsers from
autocorrecting the user handle

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: oppiliappan <me@oppi.li>

This reverts commit 55812240c5d183e7195d2762e80074062a8c999f.

Signed-off-by: oppiliappan <me@oppi.li>

additionaly: notifies collaborators on certain events:

- issue: creation, closing
- pull: creation, closing and merging

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

The knotserver can now use alternative PLCs for DID resolution
by setting the env var KNOT_SERVER_PLC_URL. The default identity
directory was copied out of the at proto lib and updated to take
in a target url for the PLC being used to do this.

Same goes for appview with TANGLED_PLC_URL and spindle with
SPINDLE_SERVER_PLC_URL

This allows tangled to run on fully sandboxed atmosphere infra

Co-authored-by: Shail Patel <shailpatel67@gmail.com>
Co-authored-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: oppiliappan <me@oppi.li>

if the upstream was updated, fork based PRs would be unable to resubmit.
this is because the hidden tracking ref was not updated before
performing a comparison, it was performed *after*. the ordering of
events was incorrect.

additionaly, the RepoCompare call was being made against
pull.TargetBranch when it should have been against the hidden ref.

Signed-off-by: oppiliappan <me@oppi.li>

automatically adds a newline to patches that are missing one.

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

PullSource already contains RepoAt, we do not have to access the
optional Repo field.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Ivan Chinenov <hjvt@hjvt.dev>