···
-
securejoin "github.com/cyphar/filepath-securejoin"
-
"github.com/gliderlabs/ssh"
-
"github.com/go-chi/chi/v5"
-
"github.com/go-git/go-git/v5/plumbing"
-
"github.com/go-git/go-git/v5/plumbing/object"
-
"tangled.sh/tangled.sh/core/knotserver/db"
-
"tangled.sh/tangled.sh/core/knotserver/git"
-
"tangled.sh/tangled.sh/core/types"
-
func (h *Handle) Index(w http.ResponseWriter, r *http.Request) {
-
w.Write([]byte("This is a knot server. More info at https://tangled.sh"))
-
func (h *Handle) Capabilities(w http.ResponseWriter, r *http.Request) {
-
w.Header().Set("Content-Type", "application/json")
-
capabilities := map[string]any{
-
"pull_requests": map[string]any{
-
"patch_submissions": true,
-
"branch_submissions": true,
-
"fork_submissions": true,
-
jsonData, err := json.Marshal(capabilities)
-
http.Error(w, "Failed to serialize JSON", http.StatusInternalServerError)
-
func (h *Handle) RepoIndex(w http.ResponseWriter, r *http.Request) {
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
l := h.l.With("path", path, "handler", "RepoIndex")
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
gr, err := git.Open(path, ref)
-
plain, err2 := git.PlainOpen(path)
-
l.Error("opening repo", "error", err2.Error())
-
branches, _ := plain.Branches()
-
if errors.Is(err, plumbing.ErrReferenceNotFound) {
-
resp := types.RepoIndexResponse{
-
l.Error("opening repo", "error", err.Error())
-
commits []*object.Commit
-
branches []types.Branch
-
errorsCh := make(chan error, 5)
-
cs, err := gr.Commits(0, 60)
-
errorsCh <- fmt.Errorf("commits: %w", err)
-
t, err := gr.TotalCommits()
-
errorsCh <- fmt.Errorf("calculating total: %w", err)
-
bs, err := gr.Branches()
-
errorsCh <- fmt.Errorf("fetching branches: %w", err)
-
errorsCh <- fmt.Errorf("fetching tags: %w", err)
-
fs, err := gr.FileTree(r.Context(), "")
-
errorsCh <- fmt.Errorf("fetching filetree: %w", err)
-
for err := range errorsCh {
-
l.Error("loading repo", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
rtags := []*types.TagReference{}
-
for _, tag := range tags {
-
if tag.Target != plumbing.ZeroHash {
-
tr := types.TagReference{
-
tr.Reference = types.Reference{
-
Hash: tag.Hash.String(),
-
tr.Message = tag.Message
-
rtags = append(rtags, &tr)
-
var readmeContent string
-
for _, readme := range h.c.Repo.Readme {
-
content, _ := gr.FileContent(readme)
-
readmeContent = string(content)
-
mainBranch, err := gr.FindMainBranch()
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("finding main branch", "error", err.Error())
-
resp := types.RepoIndexResponse{
-
Description: getDescription(path),
-
ReadmeFileName: readmeFile,
-
func (h *Handle) RepoTree(w http.ResponseWriter, r *http.Request) {
-
treePath := chi.URLParam(r, "*")
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
l := h.l.With("handler", "RepoTree", "ref", ref, "treePath", treePath)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, ref)
-
files, err := gr.FileTree(r.Context(), treePath)
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("file tree", "error", err.Error())
-
resp := types.RepoTreeResponse{
-
Description: getDescription(path),
-
DotDot: filepath.Dir(treePath),
-
func (h *Handle) BlobRaw(w http.ResponseWriter, r *http.Request) {
-
treePath := chi.URLParam(r, "*")
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
l := h.l.With("handler", "BlobRaw", "ref", ref, "treePath", treePath)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, ref)
-
contents, err := gr.RawContent(treePath)
-
writeError(w, err.Error(), http.StatusBadRequest)
-
l.Error("file content", "error", err.Error())
-
mimeType := http.DetectContentType(contents)
-
if filepath.Ext(treePath) == ".svg" {
-
mimeType = "image/svg+xml"
-
contentHash := sha256.Sum256(contents)
-
eTag := fmt.Sprintf("\"%x\"", contentHash)
-
// allow image, video, and text/plain files to be served directly
-
case strings.HasPrefix(mimeType, "image/"), strings.HasPrefix(mimeType, "video/"):
-
if clientETag := r.Header.Get("If-None-Match"); clientETag == eTag {
-
w.WriteHeader(http.StatusNotModified)
-
w.Header().Set("ETag", eTag)
-
case strings.HasPrefix(mimeType, "text/plain"):
-
w.Header().Set("Cache-Control", "public, no-cache")
-
l.Error("attempted to serve disallowed file type", "mimetype", mimeType)
-
writeError(w, "only image, video, and text files can be accessed directly", http.StatusForbidden)
-
w.Header().Set("Content-Type", mimeType)
-
func (h *Handle) Blob(w http.ResponseWriter, r *http.Request) {
-
treePath := chi.URLParam(r, "*")
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
l := h.l.With("handler", "Blob", "ref", ref, "treePath", treePath)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, ref)
-
var isBinaryFile bool = false
-
contents, err := gr.FileContent(treePath)
-
if errors.Is(err, git.ErrBinaryFile) {
-
} else if errors.Is(err, object.ErrFileNotFound) {
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
bytes := []byte(contents)
-
// safe := string(sanitize(bytes))
-
resp := types.RepoBlobResponse{
-
Contents: string(bytes),
-
IsBinary: isBinaryFile,
-
SizeHint: uint64(sizeHint),
-
func (h *Handle) Archive(w http.ResponseWriter, r *http.Request) {
-
name := chi.URLParam(r, "name")
-
file := chi.URLParam(r, "file")
-
l := h.l.With("handler", "Archive", "name", name, "file", file)
-
// TODO: extend this to add more files compression (e.g.: xz)
-
if !strings.HasSuffix(file, ".tar.gz") {
-
ref := strings.TrimSuffix(file, ".tar.gz")
-
unescapedRef, err := url.PathUnescape(ref)
-
safeRefFilename := strings.ReplaceAll(plumbing.ReferenceName(unescapedRef).Short(), "/", "-")
-
// This allows the browser to use a proper name for the file when
-
filename := fmt.Sprintf("%s-%s.tar.gz", name, safeRefFilename)
-
setContentDisposition(w, filename)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, unescapedRef)
-
gw := gzip.NewWriter(w)
-
prefix := fmt.Sprintf("%s-%s", name, safeRefFilename)
-
err = gr.WriteTar(gw, prefix)
-
// once we start writing to the body we can't report error anymore
-
// so we are only left with printing the error.
-
l.Error("writing tar file", "error", err.Error())
-
// once we start writing to the body we can't report error anymore
-
// so we are only left with printing the error.
-
l.Error("flushing?", "error", err.Error())
-
func (h *Handle) Log(w http.ResponseWriter, r *http.Request) {
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
l := h.l.With("handler", "Log", "ref", ref, "path", path)
-
gr, err := git.Open(path, ref)
-
if pageParam := r.URL.Query().Get("page"); pageParam != "" {
-
if p, err := strconv.Atoi(pageParam); err == nil && p > 0 {
-
if pageSizeParam := r.URL.Query().Get("per_page"); pageSizeParam != "" {
-
if ps, err := strconv.Atoi(pageSizeParam); err == nil && ps > 0 {
-
// convert to offset/limit
-
offset := (page - 1) * pageSize
-
commits, err := gr.Commits(offset, limit)
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("fetching commits", "error", err.Error())
-
resp := types.RepoLogResponse{
-
Description: getDescription(path),
-
func (h *Handle) Diff(w http.ResponseWriter, r *http.Request) {
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
l := h.l.With("handler", "Diff", "ref", ref)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, ref)
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("getting diff", "error", err.Error())
-
resp := types.RepoCommitResponse{
-
func (h *Handle) Tags(w http.ResponseWriter, r *http.Request) {
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
l := h.l.With("handler", "Refs")
-
gr, err := git.Open(path, "")
-
// Non-fatal, we *should* have at least one branch to show.
-
l.Warn("getting tags", "error", err.Error())
-
rtags := []*types.TagReference{}
-
for _, tag := range tags {
-
if tag.Target != plumbing.ZeroHash {
-
tr := types.TagReference{
-
tr.Reference = types.Reference{
-
Hash: tag.Hash.String(),
-
tr.Message = tag.Message
-
rtags = append(rtags, &tr)
-
resp := types.RepoTagsResponse{
-
func (h *Handle) Branches(w http.ResponseWriter, r *http.Request) {
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.PlainOpen(path)
-
branches, _ := gr.Branches()
-
resp := types.RepoBranchesResponse{
-
func (h *Handle) Branch(w http.ResponseWriter, r *http.Request) {
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
branchName := chi.URLParam(r, "branch")
-
branchName, _ = url.PathUnescape(branchName)
-
l := h.l.With("handler", "Branch")
-
gr, err := git.PlainOpen(path)
-
ref, err := gr.Branch(branchName)
-
l.Error("getting branch", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
commit, err := gr.Commit(ref.Hash())
-
l.Error("getting commit object", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
defaultBranch, err := gr.FindMainBranch()
-
l.Error("getting default branch", "error", err.Error())
-
} else if defaultBranch == branchName {
-
resp := types.RepoBranchResponse{
-
Reference: types.Reference{
-
Name: ref.Name().Short(),
-
Hash: ref.Hash().String(),
-
func (h *Handle) Keys(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "Keys")
-
keys, err := h.db.GetAllPublicKeys()
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("getting public keys", "error", err.Error())
-
data := make([]map[string]any, 0)
-
for _, key := range keys {
-
if err := json.NewDecoder(r.Body).Decode(&pk); err != nil {
-
writeError(w, "invalid request body", http.StatusBadRequest)
-
_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(pk.Key))
-
writeError(w, "invalid pubkey", http.StatusBadRequest)
-
if err := h.db.AddPublicKey(pk); err != nil {
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("adding public key", "error", err.Error())
-
w.WriteHeader(http.StatusNoContent)
-
// func (h *Handle) RepoForkAheadBehind(w http.ResponseWriter, r *http.Request) {
-
// l := h.l.With("handler", "RepoForkSync")
-
// Did string `json:"did"`
-
// Source string `json:"source"`
-
// Name string `json:"name,omitempty"`
-
// HiddenRef string `json:"hiddenref"`
-
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
// writeError(w, "invalid request body", http.StatusBadRequest)
-
// source := data.Source
-
// if did == "" || source == "" {
-
// l.Error("invalid request body, empty did or name")
-
// w.WriteHeader(http.StatusBadRequest)
-
// if data.Name != "" {
-
// name = filepath.Base(source)
-
// branch := chi.URLParam(r, "branch")
-
// branch, _ = url.PathUnescape(branch)
-
// relativeRepoPath := filepath.Join(did, name)
-
// repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
-
// gr, err := git.PlainOpen(repoPath)
-
// forkCommit, err := gr.ResolveRevision(branch)
-
// l.Error("error resolving ref revision", "msg", err.Error())
-
// writeError(w, fmt.Sprintf("error resolving revision %s", branch), http.StatusBadRequest)
-
// sourceCommit, err := gr.ResolveRevision(data.HiddenRef)
-
// l.Error("error resolving hidden ref revision", "msg", err.Error())
-
// writeError(w, fmt.Sprintf("error resolving revision %s", data.HiddenRef), http.StatusBadRequest)
-
// status := types.UpToDate
-
// if forkCommit.Hash.String() != sourceCommit.Hash.String() {
-
// isAncestor, err := forkCommit.IsAncestor(sourceCommit)
-
// log.Printf("error resolving whether %s is ancestor of %s: %s", branch, data.HiddenRef, err)
-
// status = types.FastForwardable
-
// status = types.Conflict
-
// w.Header().Set("Content-Type", "application/json")
-
// json.NewEncoder(w).Encode(types.AncestorCheckResponse{Status: status})
-
func (h *Handle) RepoLanguages(w http.ResponseWriter, r *http.Request) {
-
repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
l := h.l.With("handler", "RepoLanguages")
-
gr, err := git.Open(repoPath, ref)
-
l.Error("opening repo", "error", err.Error())
-
ctx, cancel := context.WithTimeout(r.Context(), 1*time.Second)
-
sizes, err := gr.AnalyzeLanguages(ctx)
-
l.Error("failed to analyze languages", "error", err.Error())
-
writeError(w, err.Error(), http.StatusNoContent)
-
resp := types.RepoLanguageResponse{Languages: sizes}
-
// func (h *Handle) RepoForkSync(w http.ResponseWriter, r *http.Request) {
-
// l := h.l.With("handler", "RepoForkSync")
-
// Did string `json:"did"`
-
// Source string `json:"source"`
-
// Name string `json:"name,omitempty"`
-
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
// writeError(w, "invalid request body", http.StatusBadRequest)
-
// source := data.Source
-
// if did == "" || source == "" {
-
// l.Error("invalid request body, empty did or name")
-
// w.WriteHeader(http.StatusBadRequest)
-
// if data.Name != "" {
-
// name = filepath.Base(source)
-
// branch := chi.URLParam(r, "branch")
-
// branch, _ = url.PathUnescape(branch)
-
// relativeRepoPath := filepath.Join(did, name)
-
// repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
-
// gr, err := git.Open(repoPath, branch)
-
// l.Error("error syncing repo fork", "error", err.Error())
-
// writeError(w, err.Error(), http.StatusInternalServerError)
-
// w.WriteHeader(http.StatusNoContent)
-
// func (h *Handle) RepoFork(w http.ResponseWriter, r *http.Request) {
-
// l := h.l.With("handler", "RepoFork")
-
// Did string `json:"did"`
-
// Source string `json:"source"`
-
// Name string `json:"name,omitempty"`
-
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
// writeError(w, "invalid request body", http.StatusBadRequest)
-
// source := data.Source
-
// if did == "" || source == "" {
-
// l.Error("invalid request body, empty did or name")
-
// w.WriteHeader(http.StatusBadRequest)
-
// if data.Name != "" {
-
// name = filepath.Base(source)
-
// relativeRepoPath := filepath.Join(did, name)
-
// repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
-
// err := git.Fork(repoPath, source)
-
// l.Error("forking repo", "error", err.Error())
-
// writeError(w, err.Error(), http.StatusInternalServerError)
-
// // add perms for this user to access the repo
-
// err = h.e.AddRepo(did, rbac.ThisServer, relativeRepoPath)
-
// l.Error("adding repo permissions", "error", err.Error())
-
// writeError(w, err.Error(), http.StatusInternalServerError)
-
// hook.WithScanPath(h.c.Repo.ScanPath),
-
// hook.WithInternalApi(h.c.Server.InternalListenAddr),
-
// w.WriteHeader(http.StatusNoContent)
-
// func (h *Handle) RemoveRepo(w http.ResponseWriter, r *http.Request) {
-
// l := h.l.With("handler", "RemoveRepo")
-
// Did string `json:"did"`
-
// Name string `json:"name"`
-
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
// writeError(w, "invalid request body", http.StatusBadRequest)
-
// if did == "" || name == "" {
-
// l.Error("invalid request body, empty did or name")
-
// w.WriteHeader(http.StatusBadRequest)
-
// relativeRepoPath := filepath.Join(did, name)
-
// repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
-
// err := os.RemoveAll(repoPath)
-
// l.Error("removing repo", "error", err.Error())
-
// writeError(w, err.Error(), http.StatusInternalServerError)
-
// w.WriteHeader(http.StatusNoContent)
-
// func (h *Handle) Merge(w http.ResponseWriter, r *http.Request) {
-
// path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
// data := types.MergeRequest{}
-
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
// writeError(w, err.Error(), http.StatusBadRequest)
-
// h.l.Error("git: failed to unmarshal json patch", "handler", "Merge", "error", err)
-
// mo := &git.MergeOptions{
-
// AuthorName: data.AuthorName,
-
// AuthorEmail: data.AuthorEmail,
-
// CommitBody: data.CommitBody,
-
// CommitMessage: data.CommitMessage,
-
// branch := data.Branch
-
// gr, err := git.Open(path, branch)
-
// mo.FormatPatch = patchutil.IsFormatPatch(patch)
-
// if err := gr.MergeWithOptions([]byte(patch), branch, mo); err != nil {
-
// var mergeErr *git.ErrMerge
-
// if errors.As(err, &mergeErr) {
-
// conflicts := make([]types.ConflictInfo, len(mergeErr.Conflicts))
-
// for i, conflict := range mergeErr.Conflicts {
-
// conflicts[i] = types.ConflictInfo{
-
// Filename: conflict.Filename,
-
// Reason: conflict.Reason,
-
// response := types.MergeCheckResponse{
-
// Conflicts: conflicts,
-
// Message: mergeErr.Message,
-
// writeConflict(w, response)
-
// h.l.Error("git: merge conflict", "handler", "Merge", "error", mergeErr)
-
// writeError(w, err.Error(), http.StatusBadRequest)
-
// h.l.Error("git: failed to merge", "handler", "Merge", "error", err.Error())
-
// w.WriteHeader(http.StatusOK)
-
// func (h *Handle) MergeCheck(w http.ResponseWriter, r *http.Request) {
-
// path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
// Patch string `json:"patch"`
-
// Branch string `json:"branch"`
-
// if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
// writeError(w, err.Error(), http.StatusBadRequest)
-
// h.l.Error("git: failed to unmarshal json patch", "handler", "MergeCheck", "error", err)
-
// branch := data.Branch
-
// gr, err := git.Open(path, branch)
-
// err = gr.MergeCheck([]byte(patch), branch)
-
// response := types.MergeCheckResponse{
-
// IsConflicted: false,
-
// writeJSON(w, response)
-
// var mergeErr *git.ErrMerge
-
// if errors.As(err, &mergeErr) {
-
// conflicts := make([]types.ConflictInfo, len(mergeErr.Conflicts))
-
// for i, conflict := range mergeErr.Conflicts {
-
// conflicts[i] = types.ConflictInfo{
-
// Filename: conflict.Filename,
-
// Reason: conflict.Reason,
-
// response := types.MergeCheckResponse{
-
// Conflicts: conflicts,
-
// Message: mergeErr.Message,
-
// writeConflict(w, response)
-
// h.l.Error("git: merge conflict", "handler", "MergeCheck", "error", mergeErr.Error())
-
// writeError(w, err.Error(), http.StatusInternalServerError)
-
// h.l.Error("git: failed to check merge", "handler", "MergeCheck", "error", err.Error())
-
func (h *Handle) Compare(w http.ResponseWriter, r *http.Request) {
-
rev1 := chi.URLParam(r, "rev1")
-
rev1, _ = url.PathUnescape(rev1)
-
rev2 := chi.URLParam(r, "rev2")
-
rev2, _ = url.PathUnescape(rev2)
-
l := h.l.With("handler", "Compare", "r1", rev1, "r2", rev2)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.PlainOpen(path)
-
commit1, err := gr.ResolveRevision(rev1)
-
l.Error("error resolving revision 1", "msg", err.Error())
-
writeError(w, fmt.Sprintf("error resolving revision %s", rev1), http.StatusBadRequest)
-
commit2, err := gr.ResolveRevision(rev2)
-
l.Error("error resolving revision 2", "msg", err.Error())
-
writeError(w, fmt.Sprintf("error resolving revision %s", rev2), http.StatusBadRequest)
-
rawPatch, formatPatch, err := gr.FormatPatch(commit1, commit2)
-
l.Error("error comparing revisions", "msg", err.Error())
-
writeError(w, "error comparing revisions", http.StatusBadRequest)
-
writeJSON(w, types.RepoFormatPatchResponse{
-
Rev1: commit1.Hash.String(),
-
Rev2: commit2.Hash.String(),
-
FormatPatch: formatPatch,
-
func (h *Handle) DefaultBranch(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "DefaultBranch")
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, "")
-
branch, err := gr.FindMainBranch()
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("getting default branch", "error", err.Error())
-
writeJSON(w, types.RepoDefaultBranchResponse{
nel.pet
anirudh.fi