veryroundbird.house / core
forked from tangled.org/core
this repo has no description
fork atom
core / appview / repo / router.go
at push-yqnqquktxqpx 2.9 kB view raw
1package repo 2 3import ( 4 "net/http" 5 6 "github.com/go-chi/chi/v5" 7 "tangled.sh/tangled.sh/core/appview/middleware" 8) 9 10func (rp *Repo) Router(mw *middleware.Middleware) http.Handler { 11 r := chi.NewRouter() 12 r.Get("/", rp.RepoIndex) 13 r.Get("/feed.atom", rp.RepoAtomFeed) 14 r.Get("/commits/{ref}", rp.RepoLog) 15 r.Route("/tree/{ref}", func(r chi.Router) { 16 r.Get("/", rp.RepoIndex) 17 r.Get("/*", rp.RepoTree) 18 }) 19 r.Get("/commit/{ref}", rp.RepoCommit) 20 r.Get("/branches", rp.RepoBranches) 21 r.Route("/tags", func(r chi.Router) { 22 r.Get("/", rp.RepoTags) 23 r.Route("/{tag}", func(r chi.Router) { 24 r.Use(middleware.AuthMiddleware(rp.oauth)) 25 // require auth to download for now 26 r.Get("/download/{file}", rp.DownloadArtifact) 27 28 // require repo:push to upload or delete artifacts 29 // 30 // additionally: only the uploader can truly delete an artifact 31 // (record+blob will live on their pds) 32 r.Group(func(r chi.Router) { 33 r.With(mw.RepoPermissionMiddleware("repo:push")) 34 r.Post("/upload", rp.AttachArtifact) 35 r.Delete("/{file}", rp.DeleteArtifact) 36 }) 37 }) 38 }) 39 r.Get("/blob/{ref}/*", rp.RepoBlob) 40 r.Get("/raw/{ref}/*", rp.RepoBlobRaw) 41 42 // intentionally doesn't use /* as this isn't 43 // a file path 44 r.Get("/archive/{ref}", rp.DownloadArchive) 45 46 r.Route("/fork", func(r chi.Router) { 47 r.Use(middleware.AuthMiddleware(rp.oauth)) 48 r.Get("/", rp.ForkRepo) 49 r.Post("/", rp.ForkRepo) 50 r.With(mw.RepoPermissionMiddleware("repo:owner")).Route("/sync", func(r chi.Router) { 51 r.Post("/", rp.SyncRepoFork) 52 }) 53 }) 54 55 r.Route("/compare", func(r chi.Router) { 56 r.Get("/", rp.RepoCompareNew) // start an new comparison 57 58 // we have to wildcard here since we want to support GitHub's compare syntax 59 // /compare/{ref1}...{ref2} 60 // for example: 61 // /compare/master...some/feature 62 // /compare/master...example.com:another/feature <- this is a fork 63 r.Get("/{base}/{head}", rp.RepoCompare) 64 r.Get("/*", rp.RepoCompare) 65 }) 66 67 // settings routes, needs auth 68 r.Group(func(r chi.Router) { 69 r.Use(middleware.AuthMiddleware(rp.oauth)) 70 // repo description can only be edited by owner 71 r.With(mw.RepoPermissionMiddleware("repo:owner")).Route("/description", func(r chi.Router) { 72 r.Put("/", rp.RepoDescription) 73 r.Get("/", rp.RepoDescription) 74 r.Get("/edit", rp.RepoDescriptionEdit) 75 }) 76 r.With(mw.RepoPermissionMiddleware("repo:settings")).Route("/settings", func(r chi.Router) { 77 r.Get("/", rp.RepoSettings) 78 r.With(mw.RepoPermissionMiddleware("repo:owner")).Post("/spindle", rp.EditSpindle) 79 r.With(mw.RepoPermissionMiddleware("repo:invite")).Put("/collaborator", rp.AddCollaborator) 80 r.With(mw.RepoPermissionMiddleware("repo:delete")).Delete("/delete", rp.DeleteRepo) 81 r.Put("/branches/default", rp.SetDefaultBranch) 82 r.Put("/secrets", rp.Secrets) 83 r.Delete("/secrets", rp.Secrets) 84 }) 85 }) 86 87 return r 88}