appview/state/router.go at v1.3.0-alpha · nel.pet/core

nel.pet / core
this repo has no description
core / appview / state / router.go
at v1.3.0-alpha 8.3 kB view raw
  1package state
  2
  3import (
  4	"net/http"
  5	"strings"
  6
  7	"github.com/go-chi/chi/v5"
  8	"github.com/gorilla/sessions"
  9	"tangled.sh/tangled.sh/core/appview/middleware"
 10	oauthhandler "tangled.sh/tangled.sh/core/appview/oauth/handler"
 11	"tangled.sh/tangled.sh/core/appview/settings"
 12	"tangled.sh/tangled.sh/core/appview/state/userutil"
 13)
 14
 15func (s *State) Router() http.Handler {
 16	router := chi.NewRouter()
 17
 18	router.HandleFunc("/*", func(w http.ResponseWriter, r *http.Request) {
 19		pat := chi.URLParam(r, "*")
 20		if strings.HasPrefix(pat, "did:") || strings.HasPrefix(pat, "@") {
 21			s.UserRouter().ServeHTTP(w, r)
 22		} else {
 23			// Check if the first path element is a valid handle without '@' or a flattened DID
 24			pathParts := strings.SplitN(pat, "/", 2)
 25			if len(pathParts) > 0 {
 26				if userutil.IsHandleNoAt(pathParts[0]) {
 27					// Redirect to the same path but with '@' prefixed to the handle
 28					redirectPath := "@" + pat
 29					http.Redirect(w, r, "/"+redirectPath, http.StatusFound)
 30					return
 31				} else if userutil.IsFlattenedDid(pathParts[0]) {
 32					// Redirect to the unflattened DID version
 33					unflattenedDid := userutil.UnflattenDid(pathParts[0])
 34					var redirectPath string
 35					if len(pathParts) > 1 {
 36						redirectPath = unflattenedDid + "/" + pathParts[1]
 37					} else {
 38						redirectPath = unflattenedDid
 39					}
 40					http.Redirect(w, r, "/"+redirectPath, http.StatusFound)
 41					return
 42				}
 43			}
 44			s.StandardRouter().ServeHTTP(w, r)
 45		}
 46	})
 47
 48	return router
 49}
 50
 51func (s *State) UserRouter() http.Handler {
 52	r := chi.NewRouter()
 53
 54	// strip @ from user
 55	r.Use(StripLeadingAt)
 56
 57	r.With(ResolveIdent(s)).Route("/{user}", func(r chi.Router) {
 58		r.Get("/", s.Profile)
 59
 60		r.With(ResolveRepo(s)).Route("/{repo}", func(r chi.Router) {
 61			r.Use(GoImport(s))
 62
 63			r.Get("/", s.RepoIndex)
 64			r.Get("/commits/{ref}", s.RepoLog)
 65			r.Route("/tree/{ref}", func(r chi.Router) {
 66				r.Get("/", s.RepoIndex)
 67				r.Get("/*", s.RepoTree)
 68			})
 69			r.Get("/commit/{ref}", s.RepoCommit)
 70			r.Get("/branches", s.RepoBranches)
 71			r.Route("/tags", func(r chi.Router) {
 72				r.Get("/", s.RepoTags)
 73				r.Route("/{tag}", func(r chi.Router) {
 74					r.Use(middleware.AuthMiddleware(s.oauth))
 75					// require auth to download for now
 76					r.Get("/download/{file}", s.DownloadArtifact)
 77
 78					// require repo:push to upload or delete artifacts
 79					//
 80					// additionally: only the uploader can truly delete an artifact
 81					// (record+blob will live on their pds)
 82					r.Group(func(r chi.Router) {
 83						r.With(RepoPermissionMiddleware(s, "repo:push"))
 84						r.Post("/upload", s.AttachArtifact)
 85						r.Delete("/{file}", s.DeleteArtifact)
 86					})
 87				})
 88			})
 89			r.Get("/blob/{ref}/*", s.RepoBlob)
 90			r.Get("/raw/{ref}/*", s.RepoBlobRaw)
 91
 92			r.Route("/issues", func(r chi.Router) {
 93				r.With(middleware.Paginate).Get("/", s.RepoIssues)
 94				r.Get("/{issue}", s.RepoSingleIssue)
 95
 96				r.Group(func(r chi.Router) {
 97					r.Use(middleware.AuthMiddleware(s.oauth))
 98					r.Get("/new", s.NewIssue)
 99					r.Post("/new", s.NewIssue)
100					r.Post("/{issue}/comment", s.NewIssueComment)
101					r.Route("/{issue}/comment/{comment_id}/", func(r chi.Router) {
102						r.Get("/", s.IssueComment)
103						r.Delete("/", s.DeleteIssueComment)
104						r.Get("/edit", s.EditIssueComment)
105						r.Post("/edit", s.EditIssueComment)
106					})
107					r.Post("/{issue}/close", s.CloseIssue)
108					r.Post("/{issue}/reopen", s.ReopenIssue)
109				})
110			})
111
112			r.Route("/fork", func(r chi.Router) {
113				r.Use(middleware.AuthMiddleware(s.oauth))
114				r.Get("/", s.ForkRepo)
115				r.Post("/", s.ForkRepo)
116				r.With(RepoPermissionMiddleware(s, "repo:owner")).Route("/sync", func(r chi.Router) {
117					r.Post("/", s.SyncRepoFork)
118				})
119			})
120
121			r.Route("/pulls", func(r chi.Router) {
122				r.Get("/", s.RepoPulls)
123				r.With(middleware.AuthMiddleware(s.oauth)).Route("/new", func(r chi.Router) {
124					r.Get("/", s.NewPull)
125					r.Get("/patch-upload", s.PatchUploadFragment)
126					r.Post("/validate-patch", s.ValidatePatch)
127					r.Get("/compare-branches", s.CompareBranchesFragment)
128					r.Get("/compare-forks", s.CompareForksFragment)
129					r.Get("/fork-branches", s.CompareForksBranchesFragment)
130					r.Post("/", s.NewPull)
131				})
132
133				r.Route("/{pull}", func(r chi.Router) {
134					r.Use(ResolvePull(s))
135					r.Get("/", s.RepoSinglePull)
136
137					r.Route("/round/{round}", func(r chi.Router) {
138						r.Get("/", s.RepoPullPatch)
139						r.Get("/interdiff", s.RepoPullInterdiff)
140						r.Get("/actions", s.PullActions)
141						r.With(middleware.AuthMiddleware(s.oauth)).Route("/comment", func(r chi.Router) {
142							r.Get("/", s.PullComment)
143							r.Post("/", s.PullComment)
144						})
145					})
146
147					r.Route("/round/{round}.patch", func(r chi.Router) {
148						r.Get("/", s.RepoPullPatchRaw)
149					})
150
151					r.Group(func(r chi.Router) {
152						r.Use(middleware.AuthMiddleware(s.oauth))
153						r.Route("/resubmit", func(r chi.Router) {
154							r.Get("/", s.ResubmitPull)
155							r.Post("/", s.ResubmitPull)
156						})
157						r.Post("/close", s.ClosePull)
158						r.Post("/reopen", s.ReopenPull)
159						// collaborators only
160						r.Group(func(r chi.Router) {
161							r.Use(RepoPermissionMiddleware(s, "repo:push"))
162							r.Post("/merge", s.MergePull)
163							// maybe lock, etc.
164						})
165					})
166				})
167			})
168
169			// These routes get proxied to the knot
170			r.Get("/info/refs", s.InfoRefs)
171			r.Post("/git-upload-pack", s.UploadPack)
172			r.Post("/git-receive-pack", s.ReceivePack)
173
174			// settings routes, needs auth
175			r.Group(func(r chi.Router) {
176				r.Use(middleware.AuthMiddleware(s.oauth))
177				// repo description can only be edited by owner
178				r.With(RepoPermissionMiddleware(s, "repo:owner")).Route("/description", func(r chi.Router) {
179					r.Put("/", s.RepoDescription)
180					r.Get("/", s.RepoDescription)
181					r.Get("/edit", s.RepoDescriptionEdit)
182				})
183				r.With(RepoPermissionMiddleware(s, "repo:settings")).Route("/settings", func(r chi.Router) {
184					r.Get("/", s.RepoSettings)
185					r.With(RepoPermissionMiddleware(s, "repo:invite")).Put("/collaborator", s.AddCollaborator)
186					r.With(RepoPermissionMiddleware(s, "repo:delete")).Delete("/delete", s.DeleteRepo)
187					r.Put("/branches/default", s.SetDefaultBranch)
188				})
189			})
190		})
191	})
192
193	r.NotFound(func(w http.ResponseWriter, r *http.Request) {
194		s.pages.Error404(w)
195	})
196
197	return r
198}
199
200func (s *State) StandardRouter() http.Handler {
201	r := chi.NewRouter()
202
203	r.Handle("/static/*", s.pages.Static())
204
205	r.Get("/", s.Timeline)
206
207	r.With(middleware.AuthMiddleware(s.oauth)).Post("/logout", s.Logout)
208
209	r.Route("/knots", func(r chi.Router) {
210		r.Use(middleware.AuthMiddleware(s.oauth))
211		r.Get("/", s.Knots)
212		r.Post("/key", s.RegistrationKey)
213
214		r.Route("/{domain}", func(r chi.Router) {
215			r.Post("/init", s.InitKnotServer)
216			r.Get("/", s.KnotServerInfo)
217			r.Route("/member", func(r chi.Router) {
218				r.Use(KnotOwner(s))
219				r.Get("/", s.ListMembers)
220				r.Put("/", s.AddMember)
221				r.Delete("/", s.RemoveMember)
222			})
223		})
224	})
225
226	r.Route("/repo", func(r chi.Router) {
227		r.Route("/new", func(r chi.Router) {
228			r.Use(middleware.AuthMiddleware(s.oauth))
229			r.Get("/", s.NewRepo)
230			r.Post("/", s.NewRepo)
231		})
232		// r.Post("/import", s.ImportRepo)
233	})
234
235	r.With(middleware.AuthMiddleware(s.oauth)).Route("/follow", func(r chi.Router) {
236		r.Post("/", s.Follow)
237		r.Delete("/", s.Follow)
238	})
239
240	r.With(middleware.AuthMiddleware(s.oauth)).Route("/star", func(r chi.Router) {
241		r.Post("/", s.Star)
242		r.Delete("/", s.Star)
243	})
244
245	r.Route("/profile", func(r chi.Router) {
246		r.Use(middleware.AuthMiddleware(s.oauth))
247		r.Get("/edit-bio", s.EditBioFragment)
248		r.Get("/edit-pins", s.EditPinsFragment)
249		r.Post("/bio", s.UpdateProfileBio)
250		r.Post("/pins", s.UpdateProfilePins)
251	})
252
253	r.Mount("/settings", s.SettingsRouter())
254	r.Mount("/", s.OAuthRouter())
255	r.Get("/keys/{user}", s.Keys)
256
257	r.NotFound(func(w http.ResponseWriter, r *http.Request) {
258		s.pages.Error404(w)
259	})
260	return r
261}
262
263func (s *State) OAuthRouter() http.Handler {
264	oauth := &oauthhandler.OAuthHandler{
265		Config:   s.config,
266		Pages:    s.pages,
267		Resolver: s.resolver,
268		Db:       s.db,
269		Store:    sessions.NewCookieStore([]byte(s.config.Core.CookieSecret)),
270		OAuth:    s.oauth,
271		Enforcer: s.enforcer,
272	}
273
274	return oauth.Router()
275}
276
277func (s *State) SettingsRouter() http.Handler {
278	settings := &settings.Settings{
279		Db:     s.db,
280		OAuth:  s.oauth,
281		Pages:  s.pages,
282		Config: s.config,
283	}
284
285	return settings.Router()
286}