knotserver/xrpc/hidden_ref.go at d7caef6af6441f13ffb1901d1c2c68bcebfd4d33 · veryroundbird.house/core

veryroundbird.house / core
this repo has no description
core / knotserver / xrpc / hidden_ref.go
at d7caef6af6441f13ffb1901d1c2c68bcebfd4d33 2.9 kB view raw
  1package xrpc
  2
  3import (
  4	"encoding/json"
  5	"fmt"
  6	"net/http"
  7
  8	comatproto "github.com/bluesky-social/indigo/api/atproto"
  9	"github.com/bluesky-social/indigo/atproto/syntax"
 10	"github.com/bluesky-social/indigo/xrpc"
 11	securejoin "github.com/cyphar/filepath-securejoin"
 12	"tangled.sh/tangled.sh/core/api/tangled"
 13	"tangled.sh/tangled.sh/core/knotserver/git"
 14	"tangled.sh/tangled.sh/core/rbac"
 15	xrpcerr "tangled.sh/tangled.sh/core/xrpc/errors"
 16)
 17
 18func (x *Xrpc) HiddenRef(w http.ResponseWriter, r *http.Request) {
 19	l := x.Logger.With("handler", "HiddenRef")
 20	fail := func(e xrpcerr.XrpcError) {
 21		l.Error("failed", "kind", e.Tag, "error", e.Message)
 22		writeError(w, e, http.StatusBadRequest)
 23	}
 24
 25	actorDid, ok := r.Context().Value(ActorDid).(syntax.DID)
 26	if !ok {
 27		fail(xrpcerr.MissingActorDidError)
 28		return
 29	}
 30
 31	var data tangled.RepoHiddenRef_Input
 32	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
 33		fail(xrpcerr.GenericError(err))
 34		return
 35	}
 36
 37	forkRef := data.ForkRef
 38	remoteRef := data.RemoteRef
 39	repoAtUri := data.Repo
 40
 41	if forkRef == "" || remoteRef == "" || repoAtUri == "" {
 42		fail(xrpcerr.GenericError(fmt.Errorf("forkRef, remoteRef, and repo are required")))
 43		return
 44	}
 45
 46	repoAt, err := syntax.ParseATURI(repoAtUri)
 47	if err != nil {
 48		fail(xrpcerr.InvalidRepoError(repoAtUri))
 49		return
 50	}
 51
 52	ident, err := x.Resolver.ResolveIdent(r.Context(), repoAt.Authority().String())
 53	if err != nil || ident.Handle.IsInvalidHandle() {
 54		fail(xrpcerr.GenericError(fmt.Errorf("failed to resolve handle: %w", err)))
 55		return
 56	}
 57
 58	xrpcc := xrpc.Client{Host: ident.PDSEndpoint()}
 59	resp, err := comatproto.RepoGetRecord(r.Context(), &xrpcc, "", tangled.RepoNSID, repoAt.Authority().String(), repoAt.RecordKey().String())
 60	if err != nil {
 61		fail(xrpcerr.GenericError(err))
 62		return
 63	}
 64
 65	repo := resp.Value.Val.(*tangled.Repo)
 66	didPath, err := securejoin.SecureJoin(actorDid.String(), repo.Name)
 67	if err != nil {
 68		fail(xrpcerr.GenericError(err))
 69		return
 70	}
 71
 72	if ok, err := x.Enforcer.IsPushAllowed(actorDid.String(), rbac.ThisServer, didPath); !ok || err != nil {
 73		l.Error("insufficient permissions", "did", actorDid.String(), "repo", didPath)
 74		writeError(w, xrpcerr.AccessControlError(actorDid.String()), http.StatusUnauthorized)
 75		return
 76	}
 77
 78	repoPath, err := securejoin.SecureJoin(x.Config.Repo.ScanPath, didPath)
 79	if err != nil {
 80		fail(xrpcerr.GenericError(err))
 81		return
 82	}
 83
 84	gr, err := git.PlainOpen(repoPath)
 85	if err != nil {
 86		fail(xrpcerr.GenericError(fmt.Errorf("failed to open repository: %w", err)))
 87		return
 88	}
 89
 90	err = gr.TrackHiddenRemoteRef(forkRef, remoteRef)
 91	if err != nil {
 92		l.Error("error tracking hidden remote ref", "error", err.Error())
 93		writeError(w, xrpcerr.GitError(err), http.StatusInternalServerError)
 94		return
 95	}
 96
 97	response := tangled.RepoHiddenRef_Output{
 98		Success: true,
 99	}
100
101	w.Header().Set("Content-Type", "application/json")
102	w.WriteHeader(http.StatusOK)
103	json.NewEncoder(w).Encode(response)
104}