commit 0808c86a40328b76989100af88e681289b03f416 · veryroundbird.house/core

-37

knotclient/signer.go

···

       7
       7
        
       	"encoding/hex"

     

       8
       8
        
       	"encoding/json"

     

       9
       9
        
       	"fmt"

     

       10
       10
       -
       	"io"

     

       11
       11
       -
       	"log"

     

       12
       10
        
       	"net/http"

     

       13
       11
        
       	"net/url"

     

       14
       12
        
       	"time"

     
···

       103
       101
        
       	}

     

       104
       102
        
       

     

       105
       103
        
       	return s.client.Do(req)

     

       106
       106
       -
       }

     

       107
       107
       -
       

     

       108
       108
       -
       func (s *SignedClient) RepoLanguages(ownerDid, repoName, ref string) (*types.RepoLanguageResponse, error) {

     

       109
       109
       -
       	const (

     

       110
       110
       -
       		Method = "GET"

     

       111
       111
       -
       	)

     

       112
       112
       -
       	endpoint := fmt.Sprintf("/%s/%s/languages/%s", ownerDid, repoName, url.PathEscape(ref))

     

       113
       113
       -
       

     

       114
       114
       -
       	req, err := s.newRequest(Method, endpoint, nil)

     

       115
       115
       -
       	if err != nil {

     

       116
       116
       -
       		return nil, err

     

       117
       117
       -
       	}

     

       118
       118
       -
       

     

       119
       119
       -
       	resp, err := s.client.Do(req)

     

       120
       120
       -
       	if err != nil {

     

       121
       121
       -
       		return nil, err

     

       122
       122
       -
       	}

     

       123
       123
       -
       

     

       124
       124
       -
       	var result types.RepoLanguageResponse

     

       125
       125
       -
       	if resp.StatusCode != http.StatusOK {

     

       126
       126
       -
       		log.Println("failed to calculate languages", resp.Status)

     

       127
       127
       -
       		return &types.RepoLanguageResponse{}, nil

     

       128
       128
       -
       	}

     

       129
       129
       -
       

     

       130
       130
       -
       	body, err := io.ReadAll(resp.Body)

     

       131
       131
       -
       	if err != nil {

     

       132
       132
       -
       		return nil, err

     

       133
       133
       -
       	}

     

       134
       134
       -
       

     

       135
       135
       -
       	err = json.Unmarshal(body, &result)

     

       136
       136
       -
       	if err != nil {

     

       137
       137
       -
       		return nil, err

     

       138
       138
       -
       	}

     

       139
       139
       -
       

     

       140
       140
       -
       	return &result, nil

     

       141
       104
        
       }

     

       142
       105
        
       

     

       143
       106
        
       func (s *SignedClient) RepoForkAheadBehind(ownerDid, source, name, branch, hiddenRef string) (*http.Response, error) {

+35

knotclient/unsigned.go

···

       248
       248
        
       

     

       249
       249
        
       	return &formatPatchResponse, nil

     

       250
       250
        
       }

     

       251
       251
       +
       

     

       252
       252
       +
       func (s *UnsignedClient) RepoLanguages(ownerDid, repoName, ref string) (*types.RepoLanguageResponse, error) {

     

       253
       253
       +
       	const (

     

       254
       254
       +
       		Method = "GET"

     

       255
       255
       +
       	)

     

       256
       256
       +
       	endpoint := fmt.Sprintf("/%s/%s/languages/%s", ownerDid, repoName, url.PathEscape(ref))

     

       257
       257
       +
       

     

       258
       258
       +
       	req, err := s.newRequest(Method, endpoint, nil, nil)

     

       259
       259
       +
       	if err != nil {

     

       260
       260
       +
       		return nil, err

     

       261
       261
       +
       	}

     

       262
       262
       +
       

     

       263
       263
       +
       	resp, err := s.client.Do(req)

     

       264
       264
       +
       	if err != nil {

     

       265
       265
       +
       		return nil, err

     

       266
       266
       +
       	}

     

       267
       267
       +
       

     

       268
       268
       +
       	var result types.RepoLanguageResponse

     

       269
       269
       +
       	if resp.StatusCode != http.StatusOK {

     

       270
       270
       +
       		log.Println("failed to calculate languages", resp.Status)

     

       271
       271
       +
       		return &types.RepoLanguageResponse{}, nil

     

       272
       272
       +
       	}

     

       273
       273
       +
       

     

       274
       274
       +
       	body, err := io.ReadAll(resp.Body)

     

       275
       275
       +
       	if err != nil {

     

       276
       276
       +
       		return nil, err

     

       277
       277
       +
       	}

     

       278
       278
       +
       

     

       279
       279
       +
       	err = json.Unmarshal(body, &result)

     

       280
       280
       +
       	if err != nil {

     

       281
       281
       +
       		return nil, err

     

       282
       282
       +
       	}

     

       283
       283
       +
       

     

       284
       284
       +
       	return &result, nil

     

       285
       285
       +
       }

+236 -177

knotserver/handler.go

···

       1
       1
        
       package knotserver

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"compress/gzip"

     

       4
       5
        
       	"context"

     

       6
       6
       +
       	"crypto/sha256"

     

       7
       7
       +
       	"encoding/json"

     

       8
       8
       +
       	"errors"

     

       5
       9
        
       	"fmt"

     

       6
       6
       -
       	"log/slog"

     

       10
       10
       +
       	"log"

     

       7
       11
        
       	"net/http"

     

       8
       8
       -
       	"runtime/debug"

     

       12
       12
       +
       	"net/url"

     

       13
       13
       +
       	"path/filepath"

     

       14
       14
       +
       	"strconv"

     

       15
       15
       +
       	"strings"

     

       16
       16
       +
       	"sync"

     

       17
       17
       +
       	"time"

     

       9
       18
        
       

     

       19
       19
       +
       	securejoin "github.com/cyphar/filepath-securejoin"

     

       20
       20
       +
       	"github.com/gliderlabs/ssh"

     

       10
       21
        
       	"github.com/go-chi/chi/v5"

     

       11
       11
       -
       	"tangled.sh/tangled.sh/core/idresolver"

     

       12
       12
       -
       	"tangled.sh/tangled.sh/core/jetstream"

     

       13
       13
       -
       	"tangled.sh/tangled.sh/core/knotserver/config"

     

       22
       22
       +
       	"github.com/go-git/go-git/v5/plumbing"

     

       23
       23
       +
       	"github.com/go-git/go-git/v5/plumbing/object"

     

       14
       24
        
       	"tangled.sh/tangled.sh/core/knotserver/db"

     

       15
       15
       -
       	"tangled.sh/tangled.sh/core/knotserver/xrpc"

     

       16
       16
       -
       	tlog "tangled.sh/tangled.sh/core/log"

     

       17
       17
       -
       	"tangled.sh/tangled.sh/core/notifier"

     

       18
       18
       -
       	"tangled.sh/tangled.sh/core/rbac"

     

       25
       25
       +
       	"tangled.sh/tangled.sh/core/knotserver/git"

     

       19
       26
        
       	"tangled.sh/tangled.sh/core/types"

     

       20
       27
        
       )

     

       21
       28
        
       

     

       22
       22
       -
       type Handle struct {

     

       23
       23
       -
       	c        *config.Config

     

       24
       24
       -
       	db       *db.DB

     

       25
       25
       -
       	jc       *jetstream.JetstreamClient

     

       26
       26
       -
       	e        *rbac.Enforcer

     

       27
       27
       -
       	l        *slog.Logger

     

       28
       28
       -
       	n        *notifier.Notifier

     

       29
       29
       -
       	resolver *idresolver.Resolver

     

       29
       29
       +
       func (h *Handle) Index(w http.ResponseWriter, r *http.Request) {

     

       30
       30
       +
       	w.Write([]byte("This is a knot server. More info at https://tangled.sh"))

     

       30
       31
        
       }

     

       31
       32
        
       

     

       32
       32
       -
       func Setup(ctx context.Context, c *config.Config, db *db.DB, e *rbac.Enforcer, jc *jetstream.JetstreamClient, l *slog.Logger, n *notifier.Notifier) (http.Handler, error) {

     

       33
       33
       -
       	r := chi.NewRouter()

     

       33
       33
       +
       func (h *Handle) Capabilities(w http.ResponseWriter, r *http.Request) {

     

       34
       34
       +
       	w.Header().Set("Content-Type", "application/json")

     

       34
       35
        
       

     

       35
       35
       -
       	h := Handle{

     

       36
       36
       -
       		c:        c,

     

       37
       37
       -
       		db:       db,

     

       38
       38
       -
       		e:        e,

     

       39
       39
       -
       		l:        l,

     

       40
       40
       -
       		jc:       jc,

     

       41
       41
       -
       		n:        n,

     

       42
       42
       -
       		resolver: idresolver.DefaultResolver(),

     

       36
       36
       +
       	capabilities := map[string]any{

     

       37
       37
       +
       		"pull_requests": map[string]any{

     

       38
       38
       +
       			"format_patch":       true,

     

       39
       39
       +
       			"patch_submissions":  true,

     

       40
       40
       +
       			"branch_submissions": true,

     

       41
       41
       +
       			"fork_submissions":   true,

     

       42
       42
       +
       		},

     

       43
       43
       +
       		"xrpc": true,

     

       43
       44
        
       	}

     

       44
       45
        
       

     

       45
       45
       -
       	err := e.AddKnot(rbac.ThisServer)

     

       46
       46
       +
       	jsonData, err := json.Marshal(capabilities)

     

       46
       47
        
       	if err != nil {

     

       47
       47
       -
       		return nil, fmt.Errorf("failed to setup enforcer: %w", err)

     

       48
       48
       +
       		http.Error(w, "Failed to serialize JSON", http.StatusInternalServerError)

     

       49
       49
       +
       		return

     

       48
       50
        
       	}

     

       49
       51
        
       

     

       50
       50
       -
       	// configure owner

     

       51
       51
       -
       	if err = h.configureOwner(); err != nil {

     

       52
       52
       -
       		return nil, err

     

       53
       53
       -
       	}

     

       54
       54
       -
       	h.l.Info("owner set", "did", h.c.Server.Owner)

     

       55
       55
       -
       	h.jc.AddDid(h.c.Server.Owner)

     

       52
       52
       +
       	w.Write(jsonData)

     

       53
       53
       +
       }

     

       54
       54
       +
       

     

       55
       55
       +
       func (h *Handle) RepoIndex(w http.ResponseWriter, r *http.Request) {

     

       56
       56
       +
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       57
       57
       +
       	l := h.l.With("path", path, "handler", "RepoIndex")

     

       58
       58
       +
       	ref := chi.URLParam(r, "ref")

     

       59
       59
       +
       	ref, _ = url.PathUnescape(ref)

     

       56
       60
        
       

     

       57
       57
       -
       	// configure known-dids in jetstream consumer

     

       58
       58
       -
       	dids, err := h.db.GetAllDids()

     

       61
       61
       +
       	gr, err := git.Open(path, ref)

     

       59
       62
        
       	if err != nil {

     

       60
       60
       -
       		return nil, fmt.Errorf("failed to get all dids: %w", err)

     

       61
       61
       -
       	}

     

       62
       62
       -
       	for _, d := range dids {

     

       63
       63
       -
       		jc.AddDid(d)

     

       63
       63
       +
       		plain, err2 := git.PlainOpen(path)

     

       64
       64
       +
       		if err2 != nil {

     

       65
       65
       +
       			l.Error("opening repo", "error", err2.Error())

     

       66
       66
       +
       			notFound(w)

     

       67
       67
       +
       			return

     

       68
       68
       +
       		}

     

       69
       69
       +
       		branches, _ := plain.Branches()

     

       70
       70
       +
       

     

       71
       71
       +
       		log.Println(err)

     

       72
       72
       +
       

     

       73
       73
       +
       		if errors.Is(err, plumbing.ErrReferenceNotFound) {

     

       74
       74
       +
       			resp := types.RepoIndexResponse{

     

       75
       75
       +
       				IsEmpty:  true,

     

       76
       76
       +
       				Branches: branches,

     

       77
       77
       +
       			}

     

       78
       78
       +
       			writeJSON(w, resp)

     

       79
       79
       +
       			return

     

       80
       80
       +
       		} else {

     

       81
       81
       +
       			l.Error("opening repo", "error", err.Error())

     

       82
       82
       +
       			notFound(w)

     

       83
       83
       +
       			return

     

       84
       84
       +
       		}

     

       64
       85
        
       	}

     

       65
       86
        
       

     

       66
       66
       -
       	err = h.jc.StartJetstream(ctx, h.processMessages)

     

       67
       67
       -
       	if err != nil {

     

       68
       68
       -
       		return nil, fmt.Errorf("failed to start jetstream: %w", err)

     

       69
       69
       -
       	}

     

       87
       87
       +
       	var (

     

       88
       88
       +
       		commits  []*object.Commit

     

       89
       89
       +
       		total    int

     

       90
       90
       +
       		branches []types.Branch

     

       91
       91
       +
       		files    []types.NiceTree

     

       92
       92
       +
       		tags     []object.Tag

     

       93
       93
       +
       	)

     

       70
       94
        
       

     

       71
       71
       -
       	r.Get("/", h.Index)

     

       72
       72
       -
       	r.Get("/capabilities", h.Capabilities)

     

       73
       73
       -
       	r.Get("/version", h.Version)

     

       74
       74
       -
       	r.Get("/owner", func(w http.ResponseWriter, r *http.Request) {

     

       75
       75
       -
       		w.Write([]byte(h.c.Server.Owner))

     

       76
       76
       -
       	})

     

       77
       77
       -
       	r.Route("/{did}", func(r chi.Router) {

     

       78
       78
       -
       		// Repo routes

     

       79
       79
       -
       		r.Route("/{name}", func(r chi.Router) {

     

       80
       80
       -
       			r.Route("/collaborator", func(r chi.Router) {

     

       81
       81
       -
       				r.Use(h.VerifySignature)

     

       82
       82
       -
       				r.Post("/add", h.AddRepoCollaborator)

     

       83
       83
       -
       			})

     

       95
       95
       +
       	var wg sync.WaitGroup

     

       96
       96
       +
       	errorsCh := make(chan error, 5)

     

       84
       97
        
       

     

       85
       85
       -
       			r.Route("/languages", func(r chi.Router) {

     

       86
       86
       -
       				r.With(h.VerifySignature)

     

       87
       87
       -
       				r.Get("/", h.RepoLanguages)

     

       88
       88
       -
       				r.Get("/{ref}", h.RepoLanguages)

     

       89
       89
       -
       			})

     

       98
       98
       +
       	wg.Add(1)

     

       99
       99
       +
       	go func() {

     

       100
       100
       +
       		defer wg.Done()

     

       101
       101
       +
       		cs, err := gr.Commits(0, 60)

     

       102
       102
       +
       		if err != nil {

     

       103
       103
       +
       			errorsCh <- fmt.Errorf("commits: %w", err)

     

       104
       104
       +
       			return

     

       105
       105
       +
       		}

     

       106
       106
       +
       		commits = cs

     

       107
       107
       +
       	}()

     

       90
       108
        
       

     

       91
       91
       -
       			r.Get("/", h.RepoIndex)

     

       92
       92
       -
       			r.Get("/info/refs", h.InfoRefs)

     

       93
       93
       -
       			r.Post("/git-upload-pack", h.UploadPack)

     

       94
       94
       -
       			r.Post("/git-receive-pack", h.ReceivePack)

     

       95
       95
       -
       			r.Get("/compare/{rev1}/{rev2}", h.Compare) // git diff-tree compare of two objects

     

       109
       109
       +
       	wg.Add(1)

     

       110
       110
       +
       	go func() {

     

       111
       111
       +
       		defer wg.Done()

     

       112
       112
       +
       		t, err := gr.TotalCommits()

     

       113
       113
       +
       		if err != nil {

     

       114
       114
       +
       			errorsCh <- fmt.Errorf("calculating total: %w", err)

     

       115
       115
       +
       			return

     

       116
       116
       +
       		}

     

       117
       117
       +
       		total = t

     

       118
       118
       +
       	}()

     

       96
       119
        
       

     

       97
       97
       -
       			r.With(h.VerifySignature).Post("/hidden-ref/{forkRef}/{remoteRef}", h.NewHiddenRef)

     

       120
       120
       +
       	wg.Add(1)

     

       121
       121
       +
       	go func() {

     

       122
       122
       +
       		defer wg.Done()

     

       123
       123
       +
       		bs, err := gr.Branches()

     

       124
       124
       +
       		if err != nil {

     

       125
       125
       +
       			errorsCh <- fmt.Errorf("fetching branches: %w", err)

     

       126
       126
       +
       			return

     

       127
       127
       +
       		}

     

       128
       128
       +
       		branches = bs

     

       129
       129
       +
       	}()

     

       98
       130
        
       

     

       99
       99
       -
       			r.Route("/merge", func(r chi.Router) {

     

       100
       100
       -
       				r.With(h.VerifySignature)

     

       101
       101
       -
       				r.Post("/", h.Merge)

     

       102
       102
       -
       				r.Post("/check", h.MergeCheck)

     

       103
       103
       -
       			})

     

       131
       131
       +
       	wg.Add(1)

     

       132
       132
       +
       	go func() {

     

       133
       133
       +
       		defer wg.Done()

     

       134
       134
       +
       		ts, err := gr.Tags()

     

       135
       135
       +
       		if err != nil {

     

       136
       136
       +
       			errorsCh <- fmt.Errorf("fetching tags: %w", err)

     

       137
       137
       +
       			return

     

       138
       138
       +
       		}

     

       139
       139
       +
       		tags = ts

     

       140
       140
       +
       	}()

     

       104
       141
        
       

     

       105
       105
       -
       			r.Route("/tree/{ref}", func(r chi.Router) {

     

       106
       106
       -
       				r.Get("/", h.RepoIndex)

     

       107
       107
       -
       				r.Get("/*", h.RepoTree)

     

       108
       108
       -
       			})

     

       142
       142
       +
       	wg.Add(1)

     

       143
       143
       +
       	go func() {

     

       144
       144
       +
       		defer wg.Done()

     

       145
       145
       +
       		fs, err := gr.FileTree(r.Context(), "")

     

       146
       146
       +
       		if err != nil {

     

       147
       147
       +
       			errorsCh <- fmt.Errorf("fetching filetree: %w", err)

     

       148
       148
       +
       			return

     

       149
       149
       +
       		}

     

       150
       150
       +
       		files = fs

     

       151
       151
       +
       	}()

     

       109
       152
        
       

     

       110
       110
       -
       			r.Route("/blob/{ref}", func(r chi.Router) {

     

       111
       111
       -
       				r.Get("/*", h.Blob)

     

       112
       112
       -
       			})

     

       153
       153
       +
       	wg.Wait()

     

       154
       154
       +
       	close(errorsCh)

     

       113
       155
        
       

     

       114
       114
       -
       			r.Route("/raw/{ref}", func(r chi.Router) {

     

       115
       115
       -
       				r.Get("/*", h.BlobRaw)

     

       116
       116
       -
       			})

     

       156
       156
       +
       	// show any errors

     

       157
       157
       +
       	for err := range errorsCh {

     

       158
       158
       +
       		l.Error("loading repo", "error", err.Error())

     

       159
       159
       +
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       160
       160
       +
       		return

     

       161
       161
       +
       	}

     

       117
       162
        
       

     

       118
       118
       -
       			r.Get("/log/{ref}", h.Log)

     

       119
       119
       -
       			r.Get("/archive/{file}", h.Archive)

     

       120
       120
       -
       			r.Get("/commit/{ref}", h.Diff)

     

       121
       121
       -
       			r.Get("/tags", h.Tags)

     

       122
       122
       -
       			r.Route("/branches", func(r chi.Router) {

     

       123
       123
       -
       				r.Get("/", h.Branches)

     

       124
       124
       -
       				r.Get("/{branch}", h.Branch)

     

       125
       125
       -
       				r.Route("/default", func(r chi.Router) {

     

       126
       126
       -
       					r.Get("/", h.DefaultBranch)

     

       127
       127
       -
       					r.With(h.VerifySignature).Put("/", h.SetDefaultBranch)

     

       128
       128
       -
       				})

     

       129
       129
       -
       			})

     

       130
       130
       -
       		})

     

       131
       131
       -
       	})

     

       163
       163
       +
       	rtags := []*types.TagReference{}

     

       164
       164
       +
       	for _, tag := range tags {

     

       165
       165
       +
       		var target *object.Tag

     

       166
       166
       +
       		if tag.Target != plumbing.ZeroHash {

     

       167
       167
       +
       			target = &tag

     

       168
       168
       +
       		}

     

       169
       169
       +
       		tr := types.TagReference{

     

       170
       170
       +
       			Tag: target,

     

       171
       171
       +
       		}

     

       132
       172
        
       

     

       133
       133
       -
       	// xrpc apis

     

       134
       134
       -
       	r.Mount("/xrpc", h.XrpcRouter())

     

       173
       173
       +
       		tr.Reference = types.Reference{

     

       174
       174
       +
       			Name: tag.Name,

     

       175
       175
       +
       			Hash: tag.Hash.String(),

     

       176
       176
       +
       		}

     

       135
       177
        
       

     

       136
       136
       -
       	// Create a new repository.

     

       137
       137
       -
       	r.Route("/repo", func(r chi.Router) {

     

       138
       138
       -
       		r.Use(h.VerifySignature)

     

       139
       139
       -
       		r.Delete("/", h.RemoveRepo)

     

       140
       140
       -
       		r.Route("/fork", func(r chi.Router) {

     

       141
       141
       -
       			r.Post("/", h.RepoFork)

     

       142
       142
       -
       			r.Post("/sync/*", h.RepoForkSync)

     

       143
       143
       -
       			r.Get("/sync/*", h.RepoForkAheadBehind)

     

       144
       144
       -
       		})

     

       145
       145
       -
       	})

     

       178
       178
       +
       		if tag.Message != "" {

     

       179
       179
       +
       			tr.Message = tag.Message

     

       180
       180
       +
       		}

     

       146
       181
        
       

     

       147
       147
       -
       	r.Route("/member", func(r chi.Router) {

     

       148
       148
       -
       		r.Use(h.VerifySignature)

     

       149
       149
       -
       		r.Put("/add", h.AddMember)

     

       150
       150
       -
       	})

     

       182
       182
       +
       		rtags = append(rtags, &tr)

     

       183
       183
       +
       	}

     

       151
       184
        
       

     

       152
       152
       -
       	// Socket that streams git oplogs

     

       153
       153
       -
       	r.Get("/events", h.Events)

     

       185
       185
       +
       	var readmeContent string

     

       186
       186
       +
       	var readmeFile string

     

       187
       187
       +
       	for _, readme := range h.c.Repo.Readme {

     

       188
       188
       +
       		content, _ := gr.FileContent(readme)

     

       189
       189
       +
       		if len(content) > 0 {

     

       190
       190
       +
       			readmeContent = string(content)

     

       191
       191
       +
       			readmeFile = readme

     

       192
       192
       +
       		}

     

       193
       193
       +
       	}

     

       154
       194
        
       

     

       155
       155
       -
       	// Health check. Used for two-way verification with appview.

     

       156
       156
       -
       	r.With(h.VerifySignature).Get("/health", h.Health)

     

       195
       195
       +
       	if ref == "" {

     

       196
       196
       +
       		mainBranch, err := gr.FindMainBranch()

     

       197
       197
       +
       		if err != nil {

     

       198
       198
       +
       			writeError(w, err.Error(), http.StatusInternalServerError)

     

       199
       199
       +
       			l.Error("finding main branch", "error", err.Error())

     

       200
       200
       +
       			return

     

       201
       201
       +
       		}

     

       202
       202
       +
       		ref = mainBranch

     

       203
       203
       +
       	}

     

       157
       204
        
       

     

       158
       158
       -
       	// All public keys on the knot.

     

       159
       159
       -
       	r.Get("/keys", h.Keys)

     

       205
       205
       +
       	resp := types.RepoIndexResponse{

     

       206
       206
       +
       		IsEmpty:        false,

     

       207
       207
       +
       		Ref:            ref,

     

       208
       208
       +
       		Commits:        commits,

     

       209
       209
       +
       		Description:    getDescription(path),

     

       210
       210
       +
       		Readme:         readmeContent,

     

       211
       211
       +
       		ReadmeFileName: readmeFile,

     

       212
       212
       +
       		Files:          files,

     

       213
       213
       +
       		Branches:       branches,

     

       214
       214
       +
       		Tags:           rtags,

     

       215
       215
       +
       		TotalCommits:   total,

     

       216
       216
       +
       	}

     

       160
       217
        
       

     

       161
       161
       -
       	return r, nil

     

       218
       218
       +
       	writeJSON(w, resp)

     

       162
       219
        
       }

     

       163
       220
        
       

     

       164
       164
       -
       func (h *Handle) XrpcRouter() http.Handler {

     

       165
       165
       -
       	logger := tlog.New("knots")

     

       221
       221
       +
       func (h *Handle) RepoTree(w http.ResponseWriter, r *http.Request) {

     

       222
       222
       +
       	treePath := chi.URLParam(r, "*")

     

       223
       223
       +
       	ref := chi.URLParam(r, "ref")

     

       224
       224
       +
       	ref, _ = url.PathUnescape(ref)

     

       166
       225
        
       

     

       167
       167
       -
       	serviceAuth := serviceauth.NewServiceAuth(h.l, h.resolver, h.c.Server.Did().String())

     

       226
       226
       +
       	l := h.l.With("handler", "RepoTree", "ref", ref, "treePath", treePath)

     

       168
       227
        
       

     

       169
       169
       -
       	xrpc := &xrpc.Xrpc{

     

       170
       170
       -
       		Config:      h.c,

     

       171
       171
       -
       		Db:          h.db,

     

       172
       172
       -
       		Ingester:    h.jc,

     

       173
       173
       -
       		Enforcer:    h.e,

     

       174
       174
       -
       		Logger:      logger,

     

       175
       175
       -
       		Notifier:    h.n,

     

       176
       176
       -
       		Resolver:    h.resolver,

     

       177
       177
       -
       		ServiceAuth: serviceAuth,

     

       228
       228
       +
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       229
       229
       +
       	gr, err := git.Open(path, ref)

     

       230
       230
       +
       	if err != nil {

     

       231
       231
       +
       		notFound(w)

     

       232
       232
       +
       		return

     

       178
       233
        
       	}

     

       179
       179
       -
       	return xrpc.Router()

     

       180
       180
       -
       }

     

       181
       234
        
       

     

       182
       182
       -
       // version is set during build time.

     

       183
       183
       -
       var version string

     

       184
       184
       -
       

     

       185
       185
       -
       func (h *Handle) Version(w http.ResponseWriter, r *http.Request) {

     

       186
       186
       -
       	if version == "" {

     

       187
       187
       -
       		info, ok := debug.ReadBuildInfo()

     

       188
       188
       -
       		if !ok {

     

       189
       189
       -
       			http.Error(w, "failed to read build info", http.StatusInternalServerError)

     

       190
       190
       -
       			return

     

       191
       191
       -
       		}

     

       192
       192
       -
       

     

       193
       193
       -
       		var modVer string

     

       194
       194
       -
       		for _, mod := range info.Deps {

     

       195
       195
       -
       			if mod.Path == "tangled.sh/tangled.sh/knotserver" {

     

       196
       196
       -
       				version = mod.Version

     

       197
       197
       -
       				break

     

       198
       198
       -
       			}

     

       199
       199
       -
       		}

     

       235
       235
       +
       	files, err := gr.FileTree(r.Context(), treePath)

     

       236
       236
       +
       	if err != nil {

     

       237
       237
       +
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       238
       238
       +
       		l.Error("file tree", "error", err.Error())

     

       239
       239
       +
       		return

     

       240
       240
       +
       	}

     

       200
       241
        
       

     

       201
       201
       -
       		if modVer == "" {

     

       202
       202
       -
       			version = "unknown"

     

       203
       203
       -
       		}

     

       242
       242
       +
       	resp := types.RepoTreeResponse{

     

       243
       243
       +
       		Ref:         ref,

     

       244
       244
       +
       		Parent:      treePath,

     

       245
       245
       +
       		Description: getDescription(path),

     

       246
       246
       +
       		DotDot:      filepath.Dir(treePath),

     

       247
       247
       +
       		Files:       files,

     

       204
       248
        
       	}

     

       205
       249
        
       

     

       206
       206
       -
       	w.Header().Set("Content-Type", "text/plain; charset=utf-8")

     

       207
       207
       -
       	fmt.Fprintf(w, "knotserver/%s", version)

     

       250
       250
       +
       	writeJSON(w, resp)

     

       208
       251
        
       }

     

       209
       252
        
       

     

       210
       210
       -
       func (h *Handle) configureOwner() error {

     

       211
       211
       -
       	cfgOwner := h.c.Server.Owner

     

       253
       253
       +
       func (h *Handle) BlobRaw(w http.ResponseWriter, r *http.Request) {

     

       254
       254
       +
       	treePath := chi.URLParam(r, "*")

     

       255
       255
       +
       	ref := chi.URLParam(r, "ref")

     

       256
       256
       +
       	ref, _ = url.PathUnescape(ref)

     

       212
       257
        
       

     

       213
       213
       -
       	rbacDomain := "thisserver"

     

       258
       258
       +
       	l := h.l.With("handler", "BlobRaw", "ref", ref, "treePath", treePath)

     

       214
       259
        
       

     

       215
       215
       -
       	existing, err := h.e.GetKnotUsersByRole("server:owner", rbacDomain)

     

       260
       260
       +
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       261
       261
       +
       	gr, err := git.Open(path, ref)

     

       216
       262
        
       	if err != nil {

     

       217
       217
       -
       		return err

     

       263
       263
       +
       		notFound(w)

     

       264
       264
       +
       		return

     

       218
       265
        
       	}

     

       219
       266
        
       

     

       220
       220
       -
       	switch len(existing) {

     

       221
       221
       -
       	case 0:

     

       222
       222
       -
       		// no owner configured, continue

     

       223
       223
       -
       	case 1:

     

       224
       224
       -
       		// find existing owner

     

       225
       225
       -
       		existingOwner := existing[0]

     

       267
       267
       +
       	contents, err := gr.RawContent(treePath)

     

       268
       268
       +
       	if err != nil {

     

       269
       269
       +
       		writeError(w, err.Error(), http.StatusBadRequest)

     

       270
       270
       +
       		l.Error("file content", "error", err.Error())

     

       271
       271
       +
       		return

     

       272
       272
       +
       	}

     

       273
       273
       +
       

     

       274
       274
       +
       	mimeType := http.DetectContentType(contents)

     

       275
       275
       +
       

     

       276
       276
       +
       	// exception for svg

     

       277
       277
       +
       	if filepath.Ext(treePath) == ".svg" {

     

       278
       278
       +
       		mimeType = "image/svg+xml"

     

       279
       279
       +
       	}

     

       280
       280
       +
       

     

       281
       281
       +
       	contentHash := sha256.Sum256(contents)

     

       282
       282
       +
       	eTag := fmt.Sprintf("\"%x\"", contentHash)

     

       226
       283
        
       

     

       227
       227
       -
       		// no ownership change, this is okay

     

       228
       228
       -
       		if existingOwner == h.c.Server.Owner {

     

       229
       229
       -
       			break

     

       284
       284
       +
       	// allow image, video, and text/plain files to be served directly

     

       285
       285
       +
       	switch {

     

       286
       286
       +
       	case strings.HasPrefix(mimeType, "image/"), strings.HasPrefix(mimeType, "video/"):

     

       287
       287
       +
       		if clientETag := r.Header.Get("If-None-Match"); clientETag == eTag {

     

       288
       288
       +
       			w.WriteHeader(http.StatusNotModified)

     

       289
       289
       +
       			return

     

       230
       290
        
       		}

     

       291
       291
       +
       		w.Header().Set("ETag", eTag)

     

       231
       292
        
       

     

       232
       232
       -
       		// remove existing owner

     

       233
       233
       -
       		err = h.e.RemoveKnotOwner(rbacDomain, existingOwner)

     

       234
       234
       -
       		if err != nil {

     

       235
       235
       -
       			return nil

     

       236
       236
       -
       		}

     

       293
       293
       +
       	case strings.HasPrefix(mimeType, "text/plain"):

     

       294
       294
       +
       		w.Header().Set("Cache-Control", "public, no-cache")

     

       295
       295
       +
       

     

       237
       296
        
       	default:

     

       238
       297
        
       		l.Error("attempted to serve disallowed file type", "mimetype", mimeType)

     

       239
       298
        
       		writeError(w, "only image, video, and text files can be accessed directly", http.StatusForbidden)

+10 -29

knotserver/ingester.go

···

       8
       8
        
       	"net/http"

     

       9
       9
        
       	"net/url"

     

       10
       10
        
       	"path/filepath"

     

       11
       11
       -
       	"slices"

     

       12
       11
        
       	"strings"

     

       13
       12
        
       

     

       14
       13
        
       	comatproto "github.com/bluesky-social/indigo/api/atproto"

     
···

       103
       102
        
       	l = l.With("target_branch", record.TargetBranch)

     

       104
       103
        
       

     

       105
       104
        
       	if record.Source == nil {

     

       106
       106
       -
       		reason := "not a branch-based pull request"

     

       107
       107
       -
       		l.Info("ignoring pull record", "reason", reason)

     

       108
       108
       -
       		return fmt.Errorf("ignoring pull record: %s", reason)

     

       105
       105
       +
       		return fmt.Errorf("ignoring pull record: not a branch-based pull request")

     

       109
       106
        
       	}

     

       110
       107
        
       

     

       111
       108
        
       	if record.Source.Repo != nil {

     

       112
       112
       -
       		reason := "fork based pull"

     

       113
       113
       -
       		l.Info("ignoring pull record", "reason", reason)

     

       114
       114
       -
       		return fmt.Errorf("ignoring pull record: %s", reason)

     

       115
       115
       -
       	}

     

       116
       116
       -
       

     

       117
       117
       -
       	allDids, err := h.db.GetAllDids()

     

       118
       118
       -
       	if err != nil {

     

       119
       119
       -
       		return err

     

       120
       120
       -
       	}

     

       121
       121
       -
       

     

       122
       122
       -
       	// presently: we only process PRs from collaborators for pipelines

     

       123
       123
       -
       	if !slices.Contains(allDids, did) {

     

       124
       124
       -
       		reason := "not a known did"

     

       125
       125
       -
       		l.Info("rejecting pull record", "reason", reason)

     

       126
       126
       -
       		return fmt.Errorf("rejected pull record: %s, %s", reason, did)

     

       109
       109
       +
       		return fmt.Errorf("ignoring pull record: fork based pull")

     

       127
       110
        
       	}

     

       128
       111
        
       

     

       129
       112
        
       	repoAt, err := syntax.ParseATURI(record.TargetRepo)

     

       130
       113
        
       	if err != nil {

     

       131
       131
       -
       		return err

     

       114
       114
       +
       		return fmt.Errorf("failed to parse ATURI: %w", err)

     

       132
       115
        
       	}

     

       133
       116
        
       

     

       134
       117
        
       	// resolve this aturi to extract the repo record

     
···

       144
       127
        
       

     

       145
       128
        
       	resp, err := comatproto.RepoGetRecord(ctx, &xrpcc, "", tangled.RepoNSID, repoAt.Authority().String(), repoAt.RecordKey().String())

     

       146
       129
        
       	if err != nil {

     

       147
       147
       -
       		return err

     

       130
       130
       +
       		return fmt.Errorf("failed to resolver repo: %w", err)

     

       148
       131
        
       	}

     

       149
       132
        
       

     

       150
       133
        
       	repo := resp.Value.Val.(*tangled.Repo)

     

       151
       134
        
       

     

       152
       135
        
       	if repo.Knot != h.c.Server.Hostname {

     

       153
       153
       -
       		reason := "not this knot"

     

       154
       154
       -
       		l.Info("rejecting pull record", "reason", reason)

     

       155
       155
       -
       		return fmt.Errorf("rejected pull record: %s", reason)

     

       136
       136
       +
       		return fmt.Errorf("rejected pull record: not this knot, %s != %s", repo.Knot, h.c.Server.Hostname)

     

       156
       137
        
       	}

     

       157
       138
        
       

     

       158
       139
        
       	didSlashRepo, err := securejoin.SecureJoin(repo.Owner, repo.Name)

     

       159
       140
        
       	if err != nil {

     

       160
       160
       -
       		return err

     

       141
       141
       +
       		return fmt.Errorf("failed to construct relative repo path: %w", err)

     

       161
       142
        
       	}

     

       162
       143
        
       

     

       163
       144
        
       	repoPath, err := securejoin.SecureJoin(h.c.Repo.ScanPath, didSlashRepo)

     

       164
       145
        
       	if err != nil {

     

       165
       165
       -
       		return err

     

       146
       146
       +
       		return fmt.Errorf("failed to construct absolute repo path: %w", err)

     

       166
       147
        
       	}

     

       167
       148
        
       

     

       168
       149
        
       	gr, err := git.Open(repoPath, record.Source.Branch)

     

       169
       150
        
       	if err != nil {

     

       170
       170
       -
       		return err

     

       151
       151
       +
       		return fmt.Errorf("failed to open git repository: %w", err)

     

       171
       152
        
       	}

     

       172
       153
        
       

     

       173
       154
        
       	workflowDir, err := gr.FileTree(ctx, workflow.WorkflowDir)

     

       174
       155
        
       	if err != nil {

     

       175
       175
       -
       		return err

     

       156
       156
       +
       		return fmt.Errorf("failed to open workflow directory: %w", err)

     

       176
       157
        
       	}

     

       177
       158
        
       

     

       178
       159
        
       	var pipeline workflow.RawPipeline

     
···

       215
       196
        
       	cp := compiler.Compile(compiler.Parse(pipeline))

     

       216
       197
        
       	eventJson, err := json.Marshal(cp)

     

       217
       198
        
       	if err != nil {

     

       218
       218
       -
       		return err

     

       199
       199
       +
       		return fmt.Errorf("failed to marshal pipeline event: %w", err)

     

       219
       200
        
       	}

     

       220
       201
        
       

     

       221
       202
        
       	// do not run empty pipelines

-53

knotserver/middleware.go

···

       1
       1
       -
       package knotserver

     

       2
       2
       -
       

     

       3
       3
       -
       import (

     

       4
       4
       -
       	"crypto/hmac"

     

       5
       5
       -
       	"crypto/sha256"

     

       6
       6
       -
       	"encoding/hex"

     

       7
       7
       -
       	"net/http"

     

       8
       8
       -
       	"time"

     

       9
       9
       -
       )

     

       10
       10
       -
       

     

       11
       11
       -
       func (h *Handle) VerifySignature(next http.Handler) http.Handler {

     

       12
       12
       -
       	if h.c.Server.Dev {

     

       13
       13
       -
       		return next

     

       14
       14
       -
       	}

     

       15
       15
       -
       	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

     

       16
       16
       -
       		signature := r.Header.Get("X-Signature")

     

       17
       17
       -
       		if signature == "" || !h.verifyHMAC(signature, r) {

     

       18
       18
       -
       			writeError(w, "signature verification failed", http.StatusForbidden)

     

       19
       19
       -
       			return

     

       20
       20
       -
       		}

     

       21
       21
       -
       		next.ServeHTTP(w, r)

     

       22
       22
       -
       	})

     

       23
       23
       -
       }

     

       24
       24
       -
       

     

       25
       25
       -
       func (h *Handle) verifyHMAC(signature string, r *http.Request) bool {

     

       26
       26
       -
       	secret := h.c.Server.Secret

     

       27
       27
       -
       	timestamp := r.Header.Get("X-Timestamp")

     

       28
       28
       -
       	if timestamp == "" {

     

       29
       29
       -
       		return false

     

       30
       30
       -
       	}

     

       31
       31
       -
       

     

       32
       32
       -
       	// Verify that the timestamp is not older than a minute

     

       33
       33
       -
       	reqTime, err := time.Parse(time.RFC3339, timestamp)

     

       34
       34
       -
       	if err != nil {

     

       35
       35
       -
       		return false

     

       36
       36
       -
       	}

     

       37
       37
       -
       	if time.Since(reqTime) > time.Minute {

     

       38
       38
       -
       		return false

     

       39
       39
       -
       	}

     

       40
       40
       -
       

     

       41
       41
       -
       	message := r.Method + r.URL.Path + timestamp

     

       42
       42
       -
       

     

       43
       43
       -
       	mac := hmac.New(sha256.New, []byte(secret))

     

       44
       44
       -
       	mac.Write([]byte(message))

     

       45
       45
       -
       	expectedMAC := mac.Sum(nil)

     

       46
       46
       -
       

     

       47
       47
       -
       	signatureBytes, err := hex.DecodeString(signature)

     

       48
       48
       -
       	if err != nil {

     

       49
       49
       -
       		return false

     

       50
       50
       -
       	}

     

       51
       51
       -
       

     

       52
       52
       -
       	return hmac.Equal(signatureBytes, expectedMAC)

     

       53
       53
       -
       }

+138 -1176

knotserver/routes.go

···

       1
       1
        
       package knotserver

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       -
       	"compress/gzip"

     

       5
       4
        
       	"context"

     

       6
       6
       -
       	"crypto/sha256"

     

       7
       7
       -
       	"encoding/json"

     

       8
       8
       -
       	"errors"

     

       9
       5
        
       	"fmt"

     

       10
       10
       -
       	"log"

     

       6
       6
       +
       	"log/slog"

     

       11
       7
        
       	"net/http"

     

       12
       12
       -
       	"net/url"

     

       13
       13
       -
       	"os"

     

       14
       14
       -
       	"path/filepath"

     

       15
       15
       -
       	"strconv"

     

       16
       16
       -
       	"strings"

     

       17
       17
       -
       	"sync"

     

       18
       18
       -
       	"time"

     

       8
       8
       +
       	"runtime/debug"

     

       19
       9
        
       

     

       20
       20
       -
       	securejoin "github.com/cyphar/filepath-securejoin"

     

       21
       21
       -
       	"github.com/gliderlabs/ssh"

     

       22
       10
        
       	"github.com/go-chi/chi/v5"

     

       23
       23
       -
       	"github.com/go-git/go-git/v5/plumbing"

     

       24
       24
       -
       	"github.com/go-git/go-git/v5/plumbing/object"

     

       25
       25
       -
       	"tangled.sh/tangled.sh/core/hook"

     

       11
       11
       +
       	"tangled.sh/tangled.sh/core/idresolver"

     

       12
       12
       +
       	"tangled.sh/tangled.sh/core/jetstream"

     

       13
       13
       +
       	"tangled.sh/tangled.sh/core/knotserver/config"

     

       26
       14
        
       	"tangled.sh/tangled.sh/core/knotserver/db"

     

       27
       27
       -
       	"tangled.sh/tangled.sh/core/knotserver/git"

     

       28
       28
       -
       	"tangled.sh/tangled.sh/core/patchutil"

     

       15
       15
       +
       	"tangled.sh/tangled.sh/core/knotserver/xrpc"

     

       16
       16
       +
       	tlog "tangled.sh/tangled.sh/core/log"

     

       17
       17
       +
       	"tangled.sh/tangled.sh/core/notifier"

     

       29
       18
        
       	"tangled.sh/tangled.sh/core/rbac"

     

       30
       30
       -
       	"tangled.sh/tangled.sh/core/types"

     

       19
       19
       +
       	"tangled.sh/tangled.sh/core/xrpc/serviceauth"

     

       31
       20
        
       )

     

       32
       21
        
       

     

       33
       33
       -
       func (h *Handle) Index(w http.ResponseWriter, r *http.Request) {

     

       34
       34
       -
       	w.Write([]byte("This is a knot server. More info at https://tangled.sh"))

     

       22
       22
       +
       type Handle struct {

     

       23
       23
       +
       	c        *config.Config

     

       24
       24
       +
       	db       *db.DB

     

       25
       25
       +
       	jc       *jetstream.JetstreamClient

     

       26
       26
       +
       	e        *rbac.Enforcer

     

       27
       27
       +
       	l        *slog.Logger

     

       28
       28
       +
       	n        *notifier.Notifier

     

       29
       29
       +
       	resolver *idresolver.Resolver

     

       35
       30
        
       }

     

       36
       31
        
       

     

       37
       37
       -
       func (h *Handle) Capabilities(w http.ResponseWriter, r *http.Request) {

     

       38
       38
       -
       	w.Header().Set("Content-Type", "application/json")

     

       32
       32
       +
       func Setup(ctx context.Context, c *config.Config, db *db.DB, e *rbac.Enforcer, jc *jetstream.JetstreamClient, l *slog.Logger, n *notifier.Notifier) (http.Handler, error) {

     

       33
       33
       +
       	r := chi.NewRouter()

     

       39
       34
        
       

     

       40
       40
       -
       	capabilities := map[string]any{

     

       41
       41
       -
       		"pull_requests": map[string]any{

     

       42
       42
       -
       			"format_patch":       true,

     

       43
       43
       -
       			"patch_submissions":  true,

     

       44
       44
       -
       			"branch_submissions": true,

     

       45
       45
       -
       			"fork_submissions":   true,

     

       46
       46
       -
       		},

     

       35
       35
       +
       	h := Handle{

     

       36
       36
       +
       		c:        c,

     

       37
       37
       +
       		db:       db,

     

       38
       38
       +
       		e:        e,

     

       39
       39
       +
       		l:        l,

     

       40
       40
       +
       		jc:       jc,

     

       41
       41
       +
       		n:        n,

     

       42
       42
       +
       		resolver: idresolver.DefaultResolver(),

     

       47
       43
        
       	}

     

       48
       44
        
       

     

       49
       49
       -
       	jsonData, err := json.Marshal(capabilities)

     

       45
       45
       +
       	err := e.AddKnot(rbac.ThisServer)

     

       50
       46
        
       	if err != nil {

     

       51
       51
       -
       		http.Error(w, "Failed to serialize JSON", http.StatusInternalServerError)

     

       52
       52
       -
       		return

     

       47
       47
       +
       		return nil, fmt.Errorf("failed to setup enforcer: %w", err)

     

       53
       48
        
       	}

     

       54
       49
        
       

     

       55
       55
       -
       	w.Write(jsonData)

     

       56
       56
       -
       }

     

       57
       57
       -
       

     

       58
       58
       -
       func (h *Handle) RepoIndex(w http.ResponseWriter, r *http.Request) {

     

       59
       59
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       60
       60
       -
       	l := h.l.With("path", path, "handler", "RepoIndex")

     

       61
       61
       -
       	ref := chi.URLParam(r, "ref")

     

       62
       62
       -
       	ref, _ = url.PathUnescape(ref)

     

       63
       63
       -
       

     

       64
       64
       -
       	gr, err := git.Open(path, ref)

     

       65
       65
       -
       	if err != nil {

     

       66
       66
       -
       		plain, err2 := git.PlainOpen(path)

     

       67
       67
       -
       		if err2 != nil {

     

       68
       68
       -
       			l.Error("opening repo", "error", err2.Error())

     

       69
       69
       -
       			notFound(w)

     

       70
       70
       -
       			return

     

       71
       71
       -
       		}

     

       72
       72
       -
       		branches, _ := plain.Branches()

     

       73
       73
       -
       

     

       74
       74
       -
       		log.Println(err)

     

       75
       75
       -
       

     

       76
       76
       -
       		if errors.Is(err, plumbing.ErrReferenceNotFound) {

     

       77
       77
       -
       			resp := types.RepoIndexResponse{

     

       78
       78
       -
       				IsEmpty:  true,

     

       79
       79
       -
       				Branches: branches,

     

       80
       80
       -
       			}

     

       81
       81
       -
       			writeJSON(w, resp)

     

       82
       82
       -
       			return

     

       83
       83
       -
       		} else {

     

       84
       84
       -
       			l.Error("opening repo", "error", err.Error())

     

       85
       85
       -
       			notFound(w)

     

       86
       86
       -
       			return

     

       87
       87
       -
       		}

     

       50
       50
       +
       	// configure owner

     

       51
       51
       +
       	if err = h.configureOwner(); err != nil {

     

       52
       52
       +
       		return nil, err

     

       88
       53
        
       	}

     

       89
       89
       -
       

     

       90
       90
       -
       	var (

     

       91
       91
       -
       		commits  []*object.Commit

     

       92
       92
       -
       		total    int

     

       93
       93
       -
       		branches []types.Branch

     

       94
       94
       -
       		files    []types.NiceTree

     

       95
       95
       -
       		tags     []object.Tag

     

       96
       96
       -
       	)

     

       97
       97
       -
       

     

       98
       98
       -
       	var wg sync.WaitGroup

     

       99
       99
       -
       	errorsCh := make(chan error, 5)

     

       100
       100
       -
       

     

       101
       101
       -
       	wg.Add(1)

     

       102
       102
       -
       	go func() {

     

       103
       103
       -
       		defer wg.Done()

     

       104
       104
       -
       		cs, err := gr.Commits(0, 60)

     

       105
       105
       -
       		if err != nil {

     

       106
       106
       -
       			errorsCh <- fmt.Errorf("commits: %w", err)

     

       107
       107
       -
       			return

     

       108
       108
       -
       		}

     

       109
       109
       -
       		commits = cs

     

       110
       110
       -
       	}()

     

       111
       111
       -
       

     

       112
       112
       -
       	wg.Add(1)

     

       113
       113
       -
       	go func() {

     

       114
       114
       -
       		defer wg.Done()

     

       115
       115
       -
       		t, err := gr.TotalCommits()

     

       116
       116
       -
       		if err != nil {

     

       117
       117
       -
       			errorsCh <- fmt.Errorf("calculating total: %w", err)

     

       118
       118
       -
       			return

     

       119
       119
       -
       		}

     

       120
       120
       -
       		total = t

     

       121
       121
       -
       	}()

     

       54
       54
       +
       	h.l.Info("owner set", "did", h.c.Server.Owner)

     

       55
       55
       +
       	h.jc.AddDid(h.c.Server.Owner)

     

       122
       56
        
       

     

       123
       123
       -
       	wg.Add(1)

     

       124
       124
       -
       	go func() {

     

       125
       125
       -
       		defer wg.Done()

     

       126
       126
       -
       		bs, err := gr.Branches()

     

       127
       127
       -
       		if err != nil {

     

       128
       128
       -
       			errorsCh <- fmt.Errorf("fetching branches: %w", err)

     

       129
       129
       -
       			return

     

       130
       130
       -
       		}

     

       131
       131
       -
       		branches = bs

     

       132
       132
       -
       	}()

     

       133
       133
       -
       

     

       134
       134
       -
       	wg.Add(1)

     

       135
       135
       -
       	go func() {

     

       136
       136
       -
       		defer wg.Done()

     

       137
       137
       -
       		ts, err := gr.Tags()

     

       138
       138
       -
       		if err != nil {

     

       139
       139
       -
       			errorsCh <- fmt.Errorf("fetching tags: %w", err)

     

       140
       140
       -
       			return

     

       141
       141
       -
       		}

     

       142
       142
       -
       		tags = ts

     

       143
       143
       -
       	}()

     

       144
       144
       -
       

     

       145
       145
       -
       	wg.Add(1)

     

       146
       146
       -
       	go func() {

     

       147
       147
       -
       		defer wg.Done()

     

       148
       148
       -
       		fs, err := gr.FileTree(r.Context(), "")

     

       149
       149
       -
       		if err != nil {

     

       150
       150
       -
       			errorsCh <- fmt.Errorf("fetching filetree: %w", err)

     

       151
       151
       -
       			return

     

       152
       152
       -
       		}

     

       153
       153
       -
       		files = fs

     

       154
       154
       -
       	}()

     

       155
       155
       -
       

     

       156
       156
       -
       	wg.Wait()

     

       157
       157
       -
       	close(errorsCh)

     

       158
       158
       -
       

     

       159
       159
       -
       	// show any errors

     

       160
       160
       -
       	for err := range errorsCh {

     

       161
       161
       -
       		l.Error("loading repo", "error", err.Error())

     

       162
       162
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       163
       163
       -
       		return

     

       164
       164
       -
       	}

     

       165
       165
       -
       

     

       166
       166
       -
       	rtags := []*types.TagReference{}

     

       167
       167
       -
       	for _, tag := range tags {

     

       168
       168
       -
       		var target *object.Tag

     

       169
       169
       -
       		if tag.Target != plumbing.ZeroHash {

     

       170
       170
       -
       			target = &tag

     

       171
       171
       -
       		}

     

       172
       172
       -
       		tr := types.TagReference{

     

       173
       173
       -
       			Tag: target,

     

       174
       174
       -
       		}

     

       175
       175
       -
       

     

       176
       176
       -
       		tr.Reference = types.Reference{

     

       177
       177
       -
       			Name: tag.Name,

     

       178
       178
       -
       			Hash: tag.Hash.String(),

     

       179
       179
       -
       		}

     

       180
       180
       -
       

     

       181
       181
       -
       		if tag.Message != "" {

     

       182
       182
       -
       			tr.Message = tag.Message

     

       183
       183
       -
       		}

     

       184
       184
       -
       

     

       185
       185
       -
       		rtags = append(rtags, &tr)

     

       186
       186
       -
       	}

     

       187
       187
       -
       

     

       188
       188
       -
       	var readmeContent string

     

       189
       189
       -
       	var readmeFile string

     

       190
       190
       -
       	for _, readme := range h.c.Repo.Readme {

     

       191
       191
       -
       		content, _ := gr.FileContent(readme)

     

       192
       192
       -
       		if len(content) > 0 {

     

       193
       193
       -
       			readmeContent = string(content)

     

       194
       194
       -
       			readmeFile = readme

     

       195
       195
       -
       		}

     

       196
       196
       -
       	}

     

       197
       197
       -
       

     

       198
       198
       -
       	if ref == "" {

     

       199
       199
       -
       		mainBranch, err := gr.FindMainBranch()

     

       200
       200
       -
       		if err != nil {

     

       201
       201
       -
       			writeError(w, err.Error(), http.StatusInternalServerError)

     

       202
       202
       -
       			l.Error("finding main branch", "error", err.Error())

     

       203
       203
       -
       			return

     

       204
       204
       -
       		}

     

       205
       205
       -
       		ref = mainBranch

     

       206
       206
       -
       	}

     

       207
       207
       -
       

     

       208
       208
       -
       	resp := types.RepoIndexResponse{

     

       209
       209
       -
       		IsEmpty:        false,

     

       210
       210
       -
       		Ref:            ref,

     

       211
       211
       -
       		Commits:        commits,

     

       212
       212
       -
       		Description:    getDescription(path),

     

       213
       213
       -
       		Readme:         readmeContent,

     

       214
       214
       -
       		ReadmeFileName: readmeFile,

     

       215
       215
       -
       		Files:          files,

     

       216
       216
       -
       		Branches:       branches,

     

       217
       217
       -
       		Tags:           rtags,

     

       218
       218
       -
       		TotalCommits:   total,

     

       219
       219
       -
       	}

     

       220
       220
       -
       

     

       221
       221
       -
       	writeJSON(w, resp)

     

       222
       222
       -
       	return

     

       223
       223
       -
       }

     

       224
       224
       -
       

     

       225
       225
       -
       func (h *Handle) RepoTree(w http.ResponseWriter, r *http.Request) {

     

       226
       226
       -
       	treePath := chi.URLParam(r, "*")

     

       227
       227
       -
       	ref := chi.URLParam(r, "ref")

     

       228
       228
       -
       	ref, _ = url.PathUnescape(ref)

     

       229
       229
       -
       

     

       230
       230
       -
       	l := h.l.With("handler", "RepoTree", "ref", ref, "treePath", treePath)

     

       231
       231
       -
       

     

       232
       232
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       233
       233
       -
       	gr, err := git.Open(path, ref)

     

       57
       57
       +
       	// configure known-dids in jetstream consumer

     

       58
       58
       +
       	dids, err := h.db.GetAllDids()

     

       234
       59
        
       	if err != nil {

     

       235
       235
       -
       		notFound(w)

     

       236
       236
       -
       		return

     

       60
       60
       +
       		return nil, fmt.Errorf("failed to get all dids: %w", err)

     

       237
       61
        
       	}

     

       238
       238
       -
       

     

       239
       239
       -
       	files, err := gr.FileTree(r.Context(), treePath)

     

       240
       240
       -
       	if err != nil {

     

       241
       241
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       242
       242
       -
       		l.Error("file tree", "error", err.Error())

     

       243
       243
       -
       		return

     

       62
       62
       +
       	for _, d := range dids {

     

       63
       63
       +
       		jc.AddDid(d)

     

       244
       64
        
       	}

     

       245
       65
        
       

     

       246
       246
       -
       	resp := types.RepoTreeResponse{

     

       247
       247
       -
       		Ref:         ref,

     

       248
       248
       -
       		Parent:      treePath,

     

       249
       249
       -
       		Description: getDescription(path),

     

       250
       250
       -
       		DotDot:      filepath.Dir(treePath),

     

       251
       251
       -
       		Files:       files,

     

       252
       252
       -
       	}

     

       253
       253
       -
       

     

       254
       254
       -
       	writeJSON(w, resp)

     

       255
       255
       -
       	return

     

       256
       256
       -
       }

     

       257
       257
       -
       

     

       258
       258
       -
       func (h *Handle) BlobRaw(w http.ResponseWriter, r *http.Request) {

     

       259
       259
       -
       	treePath := chi.URLParam(r, "*")

     

       260
       260
       -
       	ref := chi.URLParam(r, "ref")

     

       261
       261
       -
       	ref, _ = url.PathUnescape(ref)

     

       262
       262
       -
       

     

       263
       263
       -
       	l := h.l.With("handler", "BlobRaw", "ref", ref, "treePath", treePath)

     

       264
       264
       -
       

     

       265
       265
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       266
       266
       -
       	gr, err := git.Open(path, ref)

     

       66
       66
       +
       	err = h.jc.StartJetstream(ctx, h.processMessages)

     

       267
       67
        
       	if err != nil {

     

       268
       268
       -
       		notFound(w)

     

       269
       269
       -
       		return

     

       68
       68
       +
       		return nil, fmt.Errorf("failed to start jetstream: %w", err)

     

       270
       69
        
       	}

     

       271
       70
        
       

     

       272
       272
       -
       	contents, err := gr.RawContent(treePath)

     

       273
       273
       -
       	if err != nil {

     

       274
       274
       -
       		writeError(w, err.Error(), http.StatusBadRequest)

     

       275
       275
       -
       		l.Error("file content", "error", err.Error())

     

       276
       276
       -
       		return

     

       277
       277
       -
       	}

     

       71
       71
       +
       	r.Get("/", h.Index)

     

       72
       72
       +
       	r.Get("/capabilities", h.Capabilities)

     

       73
       73
       +
       	r.Get("/version", h.Version)

     

       74
       74
       +
       	r.Get("/owner", func(w http.ResponseWriter, r *http.Request) {

     

       75
       75
       +
       		w.Write([]byte(h.c.Server.Owner))

     

       76
       76
       +
       	})

     

       77
       77
       +
       	r.Route("/{did}", func(r chi.Router) {

     

       78
       78
       +
       		// Repo routes

     

       79
       79
       +
       		r.Route("/{name}", func(r chi.Router) {

     

       278
       80
        
       

     

       279
       279
       -
       	mimeType := http.DetectContentType(contents)

     

       81
       81
       +
       			r.Route("/languages", func(r chi.Router) {

     

       82
       82
       +
       				r.Get("/", h.RepoLanguages)

     

       83
       83
       +
       				r.Get("/{ref}", h.RepoLanguages)

     

       84
       84
       +
       			})

     

       280
       85
        
       

     

       281
       281
       -
       	// exception for svg

     

       282
       282
       -
       	if filepath.Ext(treePath) == ".svg" {

     

       283
       283
       -
       		mimeType = "image/svg+xml"

     

       284
       284
       -
       	}

     

       86
       86
       +
       			r.Get("/", h.RepoIndex)

     

       87
       87
       +
       			r.Get("/info/refs", h.InfoRefs)

     

       88
       88
       +
       			r.Post("/git-upload-pack", h.UploadPack)

     

       89
       89
       +
       			r.Post("/git-receive-pack", h.ReceivePack)

     

       90
       90
       +
       			r.Get("/compare/{rev1}/{rev2}", h.Compare) // git diff-tree compare of two objects

     

       285
       91
        
       

     

       286
       286
       -
       	contentHash := sha256.Sum256(contents)

     

       287
       287
       -
       	eTag := fmt.Sprintf("\"%x\"", contentHash)

     

       92
       92
       +
       			r.Route("/tree/{ref}", func(r chi.Router) {

     

       93
       93
       +
       				r.Get("/", h.RepoIndex)

     

       94
       94
       +
       				r.Get("/*", h.RepoTree)

     

       95
       95
       +
       			})

     

       288
       96
        
       

     

       289
       289
       -
       	// allow image, video, and text/plain files to be served directly

     

       290
       290
       -
       	switch {

     

       291
       291
       -
       	case strings.HasPrefix(mimeType, "image/"), strings.HasPrefix(mimeType, "video/"):

     

       292
       292
       -
       		if clientETag := r.Header.Get("If-None-Match"); clientETag == eTag {

     

       293
       293
       -
       			w.WriteHeader(http.StatusNotModified)

     

       294
       294
       -
       			return

     

       295
       295
       -
       		}

     

       296
       296
       -
       		w.Header().Set("ETag", eTag)

     

       97
       97
       +
       			r.Route("/blob/{ref}", func(r chi.Router) {

     

       98
       98
       +
       				r.Get("/*", h.Blob)

     

       99
       99
       +
       			})

     

       297
       100
        
       

     

       298
       298
       -
       	case strings.HasPrefix(mimeType, "text/plain"):

     

       299
       299
       -
       		w.Header().Set("Cache-Control", "public, no-cache")

     

       300
       300
       -
       

     

       301
       301
       -
       	default:

     

       302
       302
       -
       		l.Error("attempted to serve disallowed file type", "mimetype", mimeType)

     

       303
       303
       -
       		writeError(w, "only image, video, and text files can be accessed directly", http.StatusForbidden)

     

       304
       304
       -
       		return

     

       305
       305
       -
       	}

     

       306
       306
       -
       

     

       307
       307
       -
       	w.Header().Set("Content-Type", mimeType)

     

       308
       308
       -
       	w.Write(contents)

     

       309
       309
       -
       }

     

       310
       310
       -
       

     

       311
       311
       -
       func (h *Handle) Blob(w http.ResponseWriter, r *http.Request) {

     

       312
       312
       -
       	treePath := chi.URLParam(r, "*")

     

       313
       313
       -
       	ref := chi.URLParam(r, "ref")

     

       314
       314
       -
       	ref, _ = url.PathUnescape(ref)

     

       315
       315
       -
       

     

       316
       316
       -
       	l := h.l.With("handler", "Blob", "ref", ref, "treePath", treePath)

     

       317
       317
       -
       

     

       318
       318
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       319
       319
       -
       	gr, err := git.Open(path, ref)

     

       320
       320
       -
       	if err != nil {

     

       321
       321
       -
       		notFound(w)

     

       322
       322
       -
       		return

     

       323
       323
       -
       	}

     

       324
       324
       -
       

     

       325
       325
       -
       	var isBinaryFile bool = false

     

       326
       326
       -
       	contents, err := gr.FileContent(treePath)

     

       327
       327
       -
       	if errors.Is(err, git.ErrBinaryFile) {

     

       328
       328
       -
       		isBinaryFile = true

     

       329
       329
       -
       	} else if errors.Is(err, object.ErrFileNotFound) {

     

       330
       330
       -
       		notFound(w)

     

       331
       331
       -
       		return

     

       332
       332
       -
       	} else if err != nil {

     

       333
       333
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       334
       334
       -
       		return

     

       335
       335
       -
       	}

     

       336
       336
       -
       

     

       337
       337
       -
       	bytes := []byte(contents)

     

       338
       338
       -
       	// safe := string(sanitize(bytes))

     

       339
       339
       -
       	sizeHint := len(bytes)

     

       340
       340
       -
       

     

       341
       341
       -
       	resp := types.RepoBlobResponse{

     

       342
       342
       -
       		Ref:      ref,

     

       343
       343
       -
       		Contents: string(bytes),

     

       344
       344
       -
       		Path:     treePath,

     

       345
       345
       -
       		IsBinary: isBinaryFile,

     

       346
       346
       -
       		SizeHint: uint64(sizeHint),

     

       347
       347
       -
       	}

     

       348
       348
       -
       

     

       349
       349
       -
       	h.showFile(resp, w, l)

     

       350
       350
       -
       }

     

       351
       351
       -
       

     

       352
       352
       -
       func (h *Handle) Archive(w http.ResponseWriter, r *http.Request) {

     

       353
       353
       -
       	name := chi.URLParam(r, "name")

     

       354
       354
       -
       	file := chi.URLParam(r, "file")

     

       355
       355
       -
       

     

       356
       356
       -
       	l := h.l.With("handler", "Archive", "name", name, "file", file)

     

       357
       357
       -
       

     

       358
       358
       -
       	// TODO: extend this to add more files compression (e.g.: xz)

     

       359
       359
       -
       	if !strings.HasSuffix(file, ".tar.gz") {

     

       360
       360
       -
       		notFound(w)

     

       361
       361
       -
       		return

     

       362
       362
       -
       	}

     

       363
       363
       -
       

     

       364
       364
       -
       	ref := strings.TrimSuffix(file, ".tar.gz")

     

       365
       365
       -
       

     

       366
       366
       -
       	unescapedRef, err := url.PathUnescape(ref)

     

       367
       367
       -
       	if err != nil {

     

       368
       368
       -
       		notFound(w)

     

       369
       369
       -
       		return

     

       370
       370
       -
       	}

     

       371
       371
       -
       

     

       372
       372
       -
       	safeRefFilename := strings.ReplaceAll(plumbing.ReferenceName(unescapedRef).Short(), "/", "-")

     

       373
       373
       -
       

     

       374
       374
       -
       	// This allows the browser to use a proper name for the file when

     

       375
       375
       -
       	// downloading

     

       376
       376
       -
       	filename := fmt.Sprintf("%s-%s.tar.gz", name, safeRefFilename)

     

       377
       377
       -
       	setContentDisposition(w, filename)

     

       378
       378
       -
       	setGZipMIME(w)

     

       379
       379
       -
       

     

       380
       380
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       381
       381
       -
       	gr, err := git.Open(path, unescapedRef)

     

       382
       382
       -
       	if err != nil {

     

       383
       383
       -
       		notFound(w)

     

       384
       384
       -
       		return

     

       385
       385
       -
       	}

     

       386
       386
       -
       

     

       387
       387
       -
       	gw := gzip.NewWriter(w)

     

       388
       388
       -
       	defer gw.Close()

     

       389
       389
       -
       

     

       390
       390
       -
       	prefix := fmt.Sprintf("%s-%s", name, safeRefFilename)

     

       391
       391
       -
       	err = gr.WriteTar(gw, prefix)

     

       392
       392
       -
       	if err != nil {

     

       393
       393
       -
       		// once we start writing to the body we can't report error anymore

     

       394
       394
       -
       		// so we are only left with printing the error.

     

       395
       395
       -
       		l.Error("writing tar file", "error", err.Error())

     

       396
       396
       -
       		return

     

       397
       397
       -
       	}

     

       398
       398
       -
       

     

       399
       399
       -
       	err = gw.Flush()

     

       400
       400
       -
       	if err != nil {

     

       401
       401
       -
       		// once we start writing to the body we can't report error anymore

     

       402
       402
       -
       		// so we are only left with printing the error.

     

       403
       403
       -
       		l.Error("flushing?", "error", err.Error())

     

       404
       404
       -
       		return

     

       405
       405
       -
       	}

     

       406
       406
       -
       }

     

       407
       407
       -
       

     

       408
       408
       -
       func (h *Handle) Log(w http.ResponseWriter, r *http.Request) {

     

       409
       409
       -
       	ref := chi.URLParam(r, "ref")

     

       410
       410
       -
       	ref, _ = url.PathUnescape(ref)

     

       411
       411
       -
       

     

       412
       412
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       413
       413
       -
       

     

       414
       414
       -
       	l := h.l.With("handler", "Log", "ref", ref, "path", path)

     

       415
       415
       -
       

     

       416
       416
       -
       	gr, err := git.Open(path, ref)

     

       417
       417
       -
       	if err != nil {

     

       418
       418
       -
       		notFound(w)

     

       419
       419
       -
       		return

     

       420
       420
       -
       	}

     

       421
       421
       -
       

     

       422
       422
       -
       	// Get page parameters

     

       423
       423
       -
       	page := 1

     

       424
       424
       -
       	pageSize := 30

     

       425
       425
       -
       

     

       426
       426
       -
       	if pageParam := r.URL.Query().Get("page"); pageParam != "" {

     

       427
       427
       -
       		if p, err := strconv.Atoi(pageParam); err == nil && p > 0 {

     

       428
       428
       -
       			page = p

     

       429
       429
       -
       		}

     

       430
       430
       -
       	}

     

       431
       431
       -
       

     

       432
       432
       -
       	if pageSizeParam := r.URL.Query().Get("per_page"); pageSizeParam != "" {

     

       433
       433
       -
       		if ps, err := strconv.Atoi(pageSizeParam); err == nil && ps > 0 {

     

       434
       434
       -
       			pageSize = ps

     

       435
       435
       -
       		}

     

       436
       436
       -
       	}

     

       437
       437
       -
       

     

       438
       438
       -
       	// convert to offset/limit

     

       439
       439
       -
       	offset := (page - 1) * pageSize

     

       440
       440
       -
       	limit := pageSize

     

       441
       441
       -
       

     

       442
       442
       -
       	commits, err := gr.Commits(offset, limit)

     

       443
       443
       -
       	if err != nil {

     

       444
       444
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       445
       445
       -
       		l.Error("fetching commits", "error", err.Error())

     

       446
       446
       -
       		return

     

       447
       447
       -
       	}

     

       448
       448
       -
       

     

       449
       449
       -
       	total := len(commits)

     

       450
       450
       -
       

     

       451
       451
       -
       	resp := types.RepoLogResponse{

     

       452
       452
       -
       		Commits:     commits,

     

       453
       453
       -
       		Ref:         ref,

     

       454
       454
       -
       		Description: getDescription(path),

     

       455
       455
       -
       		Log:         true,

     

       456
       456
       -
       		Total:       total,

     

       457
       457
       -
       		Page:        page,

     

       458
       458
       -
       		PerPage:     pageSize,

     

       459
       459
       -
       	}

     

       460
       460
       -
       

     

       461
       461
       -
       	writeJSON(w, resp)

     

       462
       462
       -
       	return

     

       463
       463
       -
       }

     

       464
       464
       -
       

     

       465
       465
       -
       func (h *Handle) Diff(w http.ResponseWriter, r *http.Request) {

     

       466
       466
       -
       	ref := chi.URLParam(r, "ref")

     

       467
       467
       -
       	ref, _ = url.PathUnescape(ref)

     

       468
       468
       -
       

     

       469
       469
       -
       	l := h.l.With("handler", "Diff", "ref", ref)

     

       470
       470
       -
       

     

       471
       471
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       472
       472
       -
       	gr, err := git.Open(path, ref)

     

       473
       473
       -
       	if err != nil {

     

       474
       474
       -
       		notFound(w)

     

       475
       475
       -
       		return

     

       476
       476
       -
       	}

     

       477
       477
       -
       

     

       478
       478
       -
       	diff, err := gr.Diff()

     

       479
       479
       -
       	if err != nil {

     

       480
       480
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       481
       481
       -
       		l.Error("getting diff", "error", err.Error())

     

       482
       482
       -
       		return

     

       483
       483
       -
       	}

     

       484
       484
       -
       

     

       485
       485
       -
       	resp := types.RepoCommitResponse{

     

       486
       486
       -
       		Ref:  ref,

     

       487
       487
       -
       		Diff: diff,

     

       488
       488
       -
       	}

     

       489
       489
       -
       

     

       490
       490
       -
       	writeJSON(w, resp)

     

       491
       491
       -
       	return

     

       492
       492
       -
       }

     

       493
       493
       -
       

     

       494
       494
       -
       func (h *Handle) Tags(w http.ResponseWriter, r *http.Request) {

     

       495
       495
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       496
       496
       -
       	l := h.l.With("handler", "Refs")

     

       497
       497
       -
       

     

       498
       498
       -
       	gr, err := git.Open(path, "")

     

       499
       499
       -
       	if err != nil {

     

       500
       500
       -
       		notFound(w)

     

       501
       501
       -
       		return

     

       502
       502
       -
       	}

     

       503
       503
       -
       

     

       504
       504
       -
       	tags, err := gr.Tags()

     

       505
       505
       -
       	if err != nil {

     

       506
       506
       -
       		// Non-fatal, we *should* have at least one branch to show.

     

       507
       507
       -
       		l.Warn("getting tags", "error", err.Error())

     

       508
       508
       -
       	}

     

       509
       509
       -
       

     

       510
       510
       -
       	rtags := []*types.TagReference{}

     

       511
       511
       -
       	for _, tag := range tags {

     

       512
       512
       -
       		var target *object.Tag

     

       513
       513
       -
       		if tag.Target != plumbing.ZeroHash {

     

       514
       514
       -
       			target = &tag

     

       515
       515
       -
       		}

     

       516
       516
       -
       		tr := types.TagReference{

     

       517
       517
       -
       			Tag: target,

     

       518
       518
       -
       		}

     

       519
       519
       -
       

     

       520
       520
       -
       		tr.Reference = types.Reference{

     

       521
       521
       -
       			Name: tag.Name,

     

       522
       522
       -
       			Hash: tag.Hash.String(),

     

       523
       523
       -
       		}

     

       524
       524
       -
       

     

       525
       525
       -
       		if tag.Message != "" {

     

       526
       526
       -
       			tr.Message = tag.Message

     

       527
       527
       -
       		}

     

       528
       528
       -
       

     

       529
       529
       -
       		rtags = append(rtags, &tr)

     

       530
       530
       -
       	}

     

       531
       531
       -
       

     

       532
       532
       -
       	resp := types.RepoTagsResponse{

     

       533
       533
       -
       		Tags: rtags,

     

       534
       534
       -
       	}

     

       535
       535
       -
       

     

       536
       536
       -
       	writeJSON(w, resp)

     

       537
       537
       -
       	return

     

       538
       538
       -
       }

     

       539
       539
       -
       

     

       540
       540
       -
       func (h *Handle) Branches(w http.ResponseWriter, r *http.Request) {

     

       541
       541
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       542
       542
       -
       

     

       543
       543
       -
       	gr, err := git.PlainOpen(path)

     

       544
       544
       -
       	if err != nil {

     

       545
       545
       -
       		notFound(w)

     

       546
       546
       -
       		return

     

       547
       547
       -
       	}

     

       101
       101
       +
       			r.Route("/raw/{ref}", func(r chi.Router) {

     

       102
       102
       +
       				r.Get("/*", h.BlobRaw)

     

       103
       103
       +
       			})

     

       548
       104
        
       

     

       549
       549
       -
       	branches, _ := gr.Branches()

     

       550
       550
       -
       

     

       551
       551
       -
       	resp := types.RepoBranchesResponse{

     

       552
       552
       -
       		Branches: branches,

     

       553
       553
       -
       	}

     

       554
       554
       -
       

     

       555
       555
       -
       	writeJSON(w, resp)

     

       556
       556
       -
       	return

     

       557
       557
       -
       }

     

       558
       558
       -
       

     

       559
       559
       -
       func (h *Handle) Branch(w http.ResponseWriter, r *http.Request) {

     

       560
       560
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       561
       561
       -
       	branchName := chi.URLParam(r, "branch")

     

       562
       562
       -
       	branchName, _ = url.PathUnescape(branchName)

     

       563
       563
       -
       

     

       564
       564
       -
       	l := h.l.With("handler", "Branch")

     

       565
       565
       -
       

     

       566
       566
       -
       	gr, err := git.PlainOpen(path)

     

       567
       567
       -
       	if err != nil {

     

       568
       568
       -
       		notFound(w)

     

       569
       569
       -
       		return

     

       570
       570
       -
       	}

     

       571
       571
       -
       

     

       572
       572
       -
       	ref, err := gr.Branch(branchName)

     

       573
       573
       -
       	if err != nil {

     

       574
       574
       -
       		l.Error("getting branch", "error", err.Error())

     

       575
       575
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       576
       576
       -
       		return

     

       577
       577
       -
       	}

     

       105
       105
       +
       			r.Get("/log/{ref}", h.Log)

     

       106
       106
       +
       			r.Get("/archive/{file}", h.Archive)

     

       107
       107
       +
       			r.Get("/commit/{ref}", h.Diff)

     

       108
       108
       +
       			r.Get("/tags", h.Tags)

     

       109
       109
       +
       			r.Route("/branches", func(r chi.Router) {

     

       110
       110
       +
       				r.Get("/", h.Branches)

     

       111
       111
       +
       				r.Get("/{branch}", h.Branch)

     

       112
       112
       +
       				r.Get("/default", h.DefaultBranch)

     

       113
       113
       +
       			})

     

       114
       114
       +
       		})

     

       115
       115
       +
       	})

     

       578
       116
        
       

     

       579
       579
       -
       	commit, err := gr.Commit(ref.Hash())

     

       580
       580
       -
       	if err != nil {

     

       581
       581
       -
       		l.Error("getting commit object", "error", err.Error())

     

       582
       582
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       583
       583
       -
       		return

     

       584
       584
       -
       	}

     

       117
       117
       +
       	// xrpc apis

     

       118
       118
       +
       	r.Mount("/xrpc", h.XrpcRouter())

     

       585
       119
        
       

     

       586
       586
       -
       	defaultBranch, err := gr.FindMainBranch()

     

       587
       587
       -
       	isDefault := false

     

       588
       588
       -
       	if err != nil {

     

       589
       589
       -
       		l.Error("getting default branch", "error", err.Error())

     

       590
       590
       -
       		// do not quit though

     

       591
       591
       -
       	} else if defaultBranch == branchName {

     

       592
       592
       -
       		isDefault = true

     

       593
       593
       -
       	}

     

       120
       120
       +
       	// Socket that streams git oplogs

     

       121
       121
       +
       	r.Get("/events", h.Events)

     

       594
       122
        
       

     

       595
       595
       -
       	resp := types.RepoBranchResponse{

     

       596
       596
       -
       		Branch: types.Branch{

     

       597
       597
       -
       			Reference: types.Reference{

     

       598
       598
       -
       				Name: ref.Name().Short(),

     

       599
       599
       -
       				Hash: ref.Hash().String(),

     

       600
       600
       -
       			},

     

       601
       601
       -
       			Commit:    commit,

     

       602
       602
       -
       			IsDefault: isDefault,

     

       603
       603
       -
       		},

     

       604
       604
       -
       	}

     

       123
       123
       +
       	// All public keys on the knot.

     

       124
       124
       +
       	r.Get("/keys", h.Keys)

     

       605
       125
        
       

     

       606
       606
       -
       	writeJSON(w, resp)

     

       607
       607
       -
       	return

     

       126
       126
       +
       	return r, nil

     

       608
       127
        
       }

     

       609
       128
        
       

     

       610
       610
       -
       func (h *Handle) Keys(w http.ResponseWriter, r *http.Request) {

     

       611
       611
       -
       	l := h.l.With("handler", "Keys")

     

       612
       612
       -
       

     

       613
       613
       -
       	switch r.Method {

     

       614
       614
       -
       	case http.MethodGet:

     

       615
       615
       -
       		keys, err := h.db.GetAllPublicKeys()

     

       616
       616
       -
       		if err != nil {

     

       617
       617
       -
       			writeError(w, err.Error(), http.StatusInternalServerError)

     

       618
       618
       -
       			l.Error("getting public keys", "error", err.Error())

     

       619
       619
       -
       			return

     

       620
       620
       -
       		}

     

       621
       621
       -
       

     

       622
       622
       -
       		data := make([]map[string]any, 0)

     

       623
       623
       -
       		for _, key := range keys {

     

       624
       624
       -
       			j := key.JSON()

     

       625
       625
       -
       			data = append(data, j)

     

       626
       626
       -
       		}

     

       627
       627
       -
       		writeJSON(w, data)

     

       628
       628
       -
       		return

     

       629
       629
       -
       

     

       630
       630
       -
       	case http.MethodPut:

     

       631
       631
       -
       		pk := db.PublicKey{}

     

       632
       632
       -
       		if err := json.NewDecoder(r.Body).Decode(&pk); err != nil {

     

       633
       633
       -
       			writeError(w, "invalid request body", http.StatusBadRequest)

     

       634
       634
       -
       			return

     

       635
       635
       -
       		}

     

       129
       129
       +
       func (h *Handle) XrpcRouter() http.Handler {

     

       130
       130
       +
       	logger := tlog.New("knots")

     

       636
       131
        
       

     

       637
       637
       -
       		_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(pk.Key))

     

       638
       638
       -
       		if err != nil {

     

       639
       639
       -
       			writeError(w, "invalid pubkey", http.StatusBadRequest)

     

       640
       640
       -
       		}

     

       132
       132
       +
       	serviceAuth := serviceauth.NewServiceAuth(h.l, h.resolver, h.c.Server.Did().String())

     

       641
       133
        
       

     

       642
       642
       -
       		if err := h.db.AddPublicKey(pk); err != nil {

     

       643
       643
       -
       			writeError(w, err.Error(), http.StatusInternalServerError)

     

       644
       644
       -
       			l.Error("adding public key", "error", err.Error())

     

       645
       645
       -
       			return

     

       646
       646
       -
       		}

     

       647
       647
       -
       

     

       648
       648
       -
       		w.WriteHeader(http.StatusNoContent)

     

       649
       649
       -
       		return

     

       134
       134
       +
       	xrpc := &xrpc.Xrpc{

     

       135
       135
       +
       		Config:      h.c,

     

       136
       136
       +
       		Db:          h.db,

     

       137
       137
       +
       		Ingester:    h.jc,

     

       138
       138
       +
       		Enforcer:    h.e,

     

       139
       139
       +
       		Logger:      logger,

     

       140
       140
       +
       		Notifier:    h.n,

     

       141
       141
       +
       		Resolver:    h.resolver,

     

       142
       142
       +
       		ServiceAuth: serviceAuth,

     

       650
       143
        
       	}

     

       144
       144
       +
       	return xrpc.Router()

     

       651
       145
        
       }

     

       652
       146
        
       

     

       653
       653
       -
       func (h *Handle) RepoForkAheadBehind(w http.ResponseWriter, r *http.Request) {

     

       654
       654
       -
       	l := h.l.With("handler", "RepoForkAheadBehind")

     

       147
       147
       +
       // version is set during build time.

     

       148
       148
       +
       var version string

     

       655
       149
        
       

     

       656
       656
       -
       	data := struct {

     

       657
       657
       -
       		Did       string `json:"did"`

     

       658
       658
       -
       		Source    string `json:"source"`

     

       659
       659
       -
       		Name      string `json:"name,omitempty"`

     

       660
       660
       -
       		HiddenRef string `json:"hiddenref"`

     

       661
       661
       -
       	}{}

     

       662
       662
       -
       

     

       663
       663
       -
       	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {

     

       664
       664
       -
       		writeError(w, "invalid request body", http.StatusBadRequest)

     

       665
       665
       -
       		return

     

       666
       666
       -
       	}

     

       667
       667
       -
       

     

       668
       668
       -
       	did := data.Did

     

       669
       669
       -
       	source := data.Source

     

       670
       670
       -
       

     

       671
       671
       -
       	if did == "" || source == "" {

     

       672
       672
       -
       		l.Error("invalid request body, empty did or name")

     

       673
       673
       -
       		w.WriteHeader(http.StatusBadRequest)

     

       674
       674
       -
       		return

     

       675
       675
       -
       	}

     

       676
       676
       -
       

     

       677
       677
       -
       	var name string

     

       678
       678
       -
       	if data.Name != "" {

     

       679
       679
       -
       		name = data.Name

     

       680
       680
       -
       	} else {

     

       681
       681
       -
       		name = filepath.Base(source)

     

       682
       682
       -
       	}

     

       683
       683
       -
       

     

       684
       684
       -
       	branch := chi.URLParam(r, "branch")

     

       685
       685
       -
       	branch, _ = url.PathUnescape(branch)

     

       686
       686
       -
       

     

       687
       687
       -
       	relativeRepoPath := filepath.Join(did, name)

     

       688
       688
       -
       	repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)

     

       689
       689
       -
       

     

       690
       690
       -
       	gr, err := git.PlainOpen(repoPath)

     

       691
       691
       -
       	if err != nil {

     

       692
       692
       -
       		log.Println(err)

     

       693
       693
       -
       		notFound(w)

     

       694
       694
       -
       		return

     

       695
       695
       -
       	}

     

       696
       696
       -
       

     

       697
       697
       -
       	forkCommit, err := gr.ResolveRevision(branch)

     

       698
       698
       -
       	if err != nil {

     

       699
       699
       -
       		l.Error("error resolving ref revision", "msg", err.Error())

     

       700
       700
       -
       		writeError(w, fmt.Sprintf("error resolving revision %s", branch), http.StatusBadRequest)

     

       701
       701
       -
       		return

     

       702
       702
       -
       	}

     

       703
       703
       -
       

     

       704
       704
       -
       	sourceCommit, err := gr.ResolveRevision(data.HiddenRef)

     

       705
       705
       -
       	if err != nil {

     

       706
       706
       -
       		l.Error("error resolving hidden ref revision", "msg", err.Error())

     

       707
       707
       -
       		writeError(w, fmt.Sprintf("error resolving revision %s", data.HiddenRef), http.StatusBadRequest)

     

       708
       708
       -
       		return

     

       709
       709
       -
       	}

     

       710
       710
       -
       

     

       711
       711
       -
       	status := types.UpToDate

     

       712
       712
       -
       	if forkCommit.Hash.String() != sourceCommit.Hash.String() {

     

       713
       713
       -
       		isAncestor, err := forkCommit.IsAncestor(sourceCommit)

     

       714
       714
       -
       		if err != nil {

     

       715
       715
       -
       			log.Printf("error resolving whether %s is ancestor of %s: %s", branch, data.HiddenRef, err)

     

       150
       150
       +
       func (h *Handle) Version(w http.ResponseWriter, r *http.Request) {

     

       151
       151
       +
       	if version == "" {

     

       152
       152
       +
       		info, ok := debug.ReadBuildInfo()

     

       153
       153
       +
       		if !ok {

     

       154
       154
       +
       			http.Error(w, "failed to read build info", http.StatusInternalServerError)

     

       716
       155
        
       			return

     

       717
       156
        
       		}

     

       718
       157
        
       

     

       719
       719
       -
       		if isAncestor {

     

       720
       720
       -
       			status = types.FastForwardable

     

       721
       721
       -
       		} else {

     

       722
       722
       -
       			status = types.Conflict

     

       158
       158
       +
       		var modVer string

     

       159
       159
       +
       		for _, mod := range info.Deps {

     

       160
       160
       +
       			if mod.Path == "tangled.sh/tangled.sh/knotserver" {

     

       161
       161
       +
       				version = mod.Version

     

       162
       162
       +
       				break

     

       163
       163
       +
       			}

     

       723
       164
        
       		}

     

       724
       724
       -
       	}

     

       725
       165
        
       

     

       726
       726
       -
       	w.Header().Set("Content-Type", "application/json")

     

       727
       727
       -
       	json.NewEncoder(w).Encode(types.AncestorCheckResponse{Status: status})

     

       728
       728
       -
       }

     

       729
       729
       -
       

     

       730
       730
       -
       func (h *Handle) RepoLanguages(w http.ResponseWriter, r *http.Request) {

     

       731
       731
       -
       	repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       732
       732
       -
       	ref := chi.URLParam(r, "ref")

     

       733
       733
       -
       	ref, _ = url.PathUnescape(ref)

     

       734
       734
       -
       

     

       735
       735
       -
       	l := h.l.With("handler", "RepoLanguages")

     

       736
       736
       -
       

     

       737
       737
       -
       	gr, err := git.Open(repoPath, ref)

     

       738
       738
       -
       	if err != nil {

     

       739
       739
       -
       		l.Error("opening repo", "error", err.Error())

     

       740
       740
       -
       		notFound(w)

     

       741
       741
       -
       		return

     

       742
       742
       -
       	}

     

       743
       743
       -
       

     

       744
       744
       -
       	ctx, cancel := context.WithTimeout(r.Context(), 1*time.Second)

     

       745
       745
       -
       	defer cancel()

     

       746
       746
       -
       

     

       747
       747
       -
       	sizes, err := gr.AnalyzeLanguages(ctx)

     

       748
       748
       -
       	if err != nil {

     

       749
       749
       -
       		l.Error("failed to analyze languages", "error", err.Error())

     

       750
       750
       -
       		writeError(w, err.Error(), http.StatusNoContent)

     

       751
       751
       -
       		return

     

       752
       752
       -
       	}

     

       753
       753
       -
       

     

       754
       754
       -
       	resp := types.RepoLanguageResponse{Languages: sizes}

     

       755
       755
       -
       

     

       756
       756
       -
       	writeJSON(w, resp)

     

       757
       757
       -
       }

     

       758
       758
       -
       

     

       759
       759
       -
       func (h *Handle) RepoForkSync(w http.ResponseWriter, r *http.Request) {

     

       760
       760
       -
       	l := h.l.With("handler", "RepoForkSync")

     

       761
       761
       -
       

     

       762
       762
       -
       	data := struct {

     

       763
       763
       -
       		Did    string `json:"did"`

     

       764
       764
       -
       		Source string `json:"source"`

     

       765
       765
       -
       		Name   string `json:"name,omitempty"`

     

       766
       766
       -
       	}{}

     

       767
       767
       -
       

     

       768
       768
       -
       	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {

     

       769
       769
       -
       		writeError(w, "invalid request body", http.StatusBadRequest)

     

       770
       770
       -
       		return

     

       771
       771
       -
       	}

     

       772
       772
       -
       

     

       773
       773
       -
       	did := data.Did

     

       774
       774
       -
       	source := data.Source

     

       775
       775
       -
       

     

       776
       776
       -
       	if did == "" || source == "" {

     

       777
       777
       -
       		l.Error("invalid request body, empty did or name")

     

       778
       778
       -
       		w.WriteHeader(http.StatusBadRequest)

     

       779
       779
       -
       		return

     

       780
       780
       -
       	}

     

       781
       781
       -
       

     

       782
       782
       -
       	var name string

     

       783
       783
       -
       	if data.Name != "" {

     

       784
       784
       -
       		name = data.Name

     

       785
       785
       -
       	} else {

     

       786
       786
       -
       		name = filepath.Base(source)

     

       787
       787
       -
       	}

     

       788
       788
       -
       

     

       789
       789
       -
       	branch := chi.URLParam(r, "*")

     

       790
       790
       -
       	branch, _ = url.PathUnescape(branch)

     

       791
       791
       -
       

     

       792
       792
       -
       	relativeRepoPath := filepath.Join(did, name)

     

       793
       793
       -
       	repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)

     

       794
       794
       -
       

     

       795
       795
       -
       	gr, err := git.Open(repoPath, branch)

     

       796
       796
       -
       	if err != nil {

     

       797
       797
       -
       		log.Println(err)

     

       798
       798
       -
       		notFound(w)

     

       799
       799
       -
       		return

     

       800
       800
       -
       	}

     

       801
       801
       -
       

     

       802
       802
       -
       	err = gr.Sync()

     

       803
       803
       -
       	if err != nil {

     

       804
       804
       -
       		l.Error("error syncing repo fork", "error", err.Error())

     

       805
       805
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       806
       806
       -
       		return

     

       807
       807
       -
       	}

     

       808
       808
       -
       

     

       809
       809
       -
       	w.WriteHeader(http.StatusNoContent)

     

       810
       810
       -
       }

     

       811
       811
       -
       

     

       812
       812
       -
       func (h *Handle) RepoFork(w http.ResponseWriter, r *http.Request) {

     

       813
       813
       -
       	l := h.l.With("handler", "RepoFork")

     

       814
       814
       -
       

     

       815
       815
       -
       	data := struct {

     

       816
       816
       -
       		Did    string `json:"did"`

     

       817
       817
       -
       		Source string `json:"source"`

     

       818
       818
       -
       		Name   string `json:"name,omitempty"`

     

       819
       819
       -
       	}{}

     

       820
       820
       -
       

     

       821
       821
       -
       	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {

     

       822
       822
       -
       		writeError(w, "invalid request body", http.StatusBadRequest)

     

       823
       823
       -
       		return

     

       824
       824
       -
       	}

     

       825
       825
       -
       

     

       826
       826
       -
       	did := data.Did

     

       827
       827
       -
       	source := data.Source

     

       828
       828
       -
       

     

       829
       829
       -
       	if did == "" || source == "" {

     

       830
       830
       -
       		l.Error("invalid request body, empty did or name")

     

       831
       831
       -
       		w.WriteHeader(http.StatusBadRequest)

     

       832
       832
       -
       		return

     

       833
       833
       -
       	}

     

       834
       834
       -
       

     

       835
       835
       -
       	var name string

     

       836
       836
       -
       	if data.Name != "" {

     

       837
       837
       -
       		name = data.Name

     

       838
       838
       -
       	} else {

     

       839
       839
       -
       		name = filepath.Base(source)

     

       840
       840
       -
       	}

     

       841
       841
       -
       

     

       842
       842
       -
       	relativeRepoPath := filepath.Join(did, name)

     

       843
       843
       -
       	repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)

     

       844
       844
       -
       

     

       845
       845
       -
       	err := git.Fork(repoPath, source)

     

       846
       846
       -
       	if err != nil {

     

       847
       847
       -
       		l.Error("forking repo", "error", err.Error())

     

       848
       848
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       849
       849
       -
       		return

     

       850
       850
       -
       	}

     

       851
       851
       -
       

     

       852
       852
       -
       	// add perms for this user to access the repo

     

       853
       853
       -
       	err = h.e.AddRepo(did, rbac.ThisServer, relativeRepoPath)

     

       854
       854
       -
       	if err != nil {

     

       855
       855
       -
       		l.Error("adding repo permissions", "error", err.Error())

     

       856
       856
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       857
       857
       -
       		return

     

       858
       858
       -
       	}

     

       859
       859
       -
       

     

       860
       860
       -
       	hook.SetupRepo(

     

       861
       861
       -
       		hook.Config(

     

       862
       862
       -
       			hook.WithScanPath(h.c.Repo.ScanPath),

     

       863
       863
       -
       			hook.WithInternalApi(h.c.Server.InternalListenAddr),

     

       864
       864
       -
       		),

     

       865
       865
       -
       		repoPath,

     

       866
       866
       -
       	)

     

       867
       867
       -
       

     

       868
       868
       -
       	w.WriteHeader(http.StatusNoContent)

     

       869
       869
       -
       }

     

       870
       870
       -
       

     

       871
       871
       -
       func (h *Handle) RemoveRepo(w http.ResponseWriter, r *http.Request) {

     

       872
       872
       -
       	l := h.l.With("handler", "RemoveRepo")

     

       873
       873
       -
       

     

       874
       874
       -
       	data := struct {

     

       875
       875
       -
       		Did  string `json:"did"`

     

       876
       876
       -
       		Name string `json:"name"`

     

       877
       877
       -
       	}{}

     

       878
       878
       -
       

     

       879
       879
       -
       	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {

     

       880
       880
       -
       		writeError(w, "invalid request body", http.StatusBadRequest)

     

       881
       881
       -
       		return

     

       882
       882
       -
       	}

     

       883
       883
       -
       

     

       884
       884
       -
       	did := data.Did

     

       885
       885
       -
       	name := data.Name

     

       886
       886
       -
       

     

       887
       887
       -
       	if did == "" || name == "" {

     

       888
       888
       -
       		l.Error("invalid request body, empty did or name")

     

       889
       889
       -
       		w.WriteHeader(http.StatusBadRequest)

     

       890
       890
       -
       		return

     

       891
       891
       -
       	}

     

       892
       892
       -
       

     

       893
       893
       -
       	relativeRepoPath := filepath.Join(did, name)

     

       894
       894
       -
       	repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)

     

       895
       895
       -
       	err := os.RemoveAll(repoPath)

     

       896
       896
       -
       	if err != nil {

     

       897
       897
       -
       		l.Error("removing repo", "error", err.Error())

     

       898
       898
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       899
       899
       -
       		return

     

       900
       900
       -
       	}

     

       901
       901
       -
       

     

       902
       902
       -
       	w.WriteHeader(http.StatusNoContent)

     

       903
       903
       -
       

     

       904
       904
       -
       }

     

       905
       905
       -
       func (h *Handle) Merge(w http.ResponseWriter, r *http.Request) {

     

       906
       906
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       907
       907
       -
       

     

       908
       908
       -
       	data := types.MergeRequest{}

     

       909
       909
       -
       

     

       910
       910
       -
       	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {

     

       911
       911
       -
       		writeError(w, err.Error(), http.StatusBadRequest)

     

       912
       912
       -
       		h.l.Error("git: failed to unmarshal json patch", "handler", "Merge", "error", err)

     

       913
       913
       -
       		return

     

       914
       914
       -
       	}

     

       915
       915
       -
       

     

       916
       916
       -
       	mo := &git.MergeOptions{

     

       917
       917
       -
       		AuthorName:    data.AuthorName,

     

       918
       918
       -
       		AuthorEmail:   data.AuthorEmail,

     

       919
       919
       -
       		CommitBody:    data.CommitBody,

     

       920
       920
       -
       		CommitMessage: data.CommitMessage,

     

       921
       921
       -
       	}

     

       922
       922
       -
       

     

       923
       923
       -
       	patch := data.Patch

     

       924
       924
       -
       	branch := data.Branch

     

       925
       925
       -
       	gr, err := git.Open(path, branch)

     

       926
       926
       -
       	if err != nil {

     

       927
       927
       -
       		notFound(w)

     

       928
       928
       -
       		return

     

       929
       929
       -
       	}

     

       930
       930
       -
       

     

       931
       931
       -
       	mo.FormatPatch = patchutil.IsFormatPatch(patch)

     

       932
       932
       -
       

     

       933
       933
       -
       	if err := gr.MergeWithOptions([]byte(patch), branch, mo); err != nil {

     

       934
       934
       -
       		var mergeErr *git.ErrMerge

     

       935
       935
       -
       		if errors.As(err, &mergeErr) {

     

       936
       936
       -
       			conflicts := make([]types.ConflictInfo, len(mergeErr.Conflicts))

     

       937
       937
       -
       			for i, conflict := range mergeErr.Conflicts {

     

       938
       938
       -
       				conflicts[i] = types.ConflictInfo{

     

       939
       939
       -
       					Filename: conflict.Filename,

     

       940
       940
       -
       					Reason:   conflict.Reason,

     

       941
       941
       -
       				}

     

       942
       942
       -
       			}

     

       943
       943
       -
       			response := types.MergeCheckResponse{

     

       944
       944
       -
       				IsConflicted: true,

     

       945
       945
       -
       				Conflicts:    conflicts,

     

       946
       946
       -
       				Message:      mergeErr.Message,

     

       947
       947
       -
       			}

     

       948
       948
       -
       			writeConflict(w, response)

     

       949
       949
       -
       			h.l.Error("git: merge conflict", "handler", "Merge", "error", mergeErr)

     

       950
       950
       -
       		} else {

     

       951
       951
       -
       			writeError(w, err.Error(), http.StatusBadRequest)

     

       952
       952
       -
       			h.l.Error("git: failed to merge", "handler", "Merge", "error", err.Error())

     

       166
       166
       +
       		if modVer == "" {

     

       167
       167
       +
       			version = "unknown"

     

       953
       168
        
       		}

     

       954
       954
       -
       		return

     

       955
       169
        
       	}

     

       956
       170
        
       

     

       957
       957
       -
       	w.WriteHeader(http.StatusOK)

     

       171
       171
       +
       	w.Header().Set("Content-Type", "text/plain; charset=utf-8")

     

       172
       172
       +
       	fmt.Fprintf(w, "knotserver/%s", version)

     

       958
       173
        
       }

     

       959
       174
        
       

     

       960
       960
       -
       func (h *Handle) MergeCheck(w http.ResponseWriter, r *http.Request) {

     

       961
       961
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       962
       962
       -
       

     

       963
       963
       -
       	var data struct {

     

       964
       964
       -
       		Patch  string `json:"patch"`

     

       965
       965
       -
       		Branch string `json:"branch"`

     

       966
       966
       -
       	}

     

       175
       175
       +
       func (h *Handle) configureOwner() error {

     

       176
       176
       +
       	cfgOwner := h.c.Server.Owner

     

       967
       177
        
       

     

       968
       968
       -
       	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {

     

       969
       969
       -
       		writeError(w, err.Error(), http.StatusBadRequest)

     

       970
       970
       -
       		h.l.Error("git: failed to unmarshal json patch", "handler", "MergeCheck", "error", err)

     

       971
       971
       -
       		return

     

       972
       972
       -
       	}

     

       178
       178
       +
       	rbacDomain := "thisserver"

     

       973
       179
        
       

     

       974
       974
       -
       	patch := data.Patch

     

       975
       975
       -
       	branch := data.Branch

     

       976
       976
       -
       	gr, err := git.Open(path, branch)

     

       180
       180
       +
       	existing, err := h.e.GetKnotUsersByRole("server:owner", rbacDomain)

     

       977
       181
        
       	if err != nil {

     

       978
       978
       -
       		notFound(w)

     

       979
       979
       -
       		return

     

       182
       182
       +
       		return err

     

       980
       183
        
       	}

     

       981
       184
        
       

     

       982
       982
       -
       	err = gr.MergeCheck([]byte(patch), branch)

     

       983
       983
       -
       	if err == nil {

     

       984
       984
       -
       		response := types.MergeCheckResponse{

     

       985
       985
       -
       			IsConflicted: false,

     

       986
       986
       -
       		}

     

       987
       987
       -
       		writeJSON(w, response)

     

       988
       988
       -
       		return

     

       989
       989
       -
       	}

     

       185
       185
       +
       	switch len(existing) {

     

       186
       186
       +
       	case 0:

     

       187
       187
       +
       		// no owner configured, continue

     

       188
       188
       +
       	case 1:

     

       189
       189
       +
       		// find existing owner

     

       190
       190
       +
       		existingOwner := existing[0]

     

       990
       191
        
       

     

       991
       991
       -
       	var mergeErr *git.ErrMerge

     

       992
       992
       -
       	if errors.As(err, &mergeErr) {

     

       993
       993
       -
       		conflicts := make([]types.ConflictInfo, len(mergeErr.Conflicts))

     

       994
       994
       -
       		for i, conflict := range mergeErr.Conflicts {

     

       995
       995
       -
       			conflicts[i] = types.ConflictInfo{

     

       996
       996
       -
       				Filename: conflict.Filename,

     

       997
       997
       -
       				Reason:   conflict.Reason,

     

       998
       998
       -
       			}

     

       999
       999
       -
       		}

     

       1000
       1000
       -
       		response := types.MergeCheckResponse{

     

       1001
       1001
       -
       			IsConflicted: true,

     

       1002
       1002
       -
       			Conflicts:    conflicts,

     

       1003
       1003
       -
       			Message:      mergeErr.Message,

     

       192
       192
       +
       		// no ownership change, this is okay

     

       193
       193
       +
       		if existingOwner == h.c.Server.Owner {

     

       194
       194
       +
       			break

     

       1004
       195
        
       		}

     

       1005
       1005
       -
       		writeConflict(w, response)

     

       1006
       1006
       -
       		h.l.Error("git: merge conflict", "handler", "MergeCheck", "error", mergeErr.Error())

     

       1007
       1007
       -
       		return

     

       1008
       1008
       -
       	}

     

       1009
       1009
       -
       	writeError(w, err.Error(), http.StatusInternalServerError)

     

       1010
       1010
       -
       	h.l.Error("git: failed to check merge", "handler", "MergeCheck", "error", err.Error())

     

       1011
       1011
       -
       }

     

       1012
       196
        
       

     

       1013
       1013
       -
       func (h *Handle) Compare(w http.ResponseWriter, r *http.Request) {

     

       1014
       1014
       -
       	rev1 := chi.URLParam(r, "rev1")

     

       1015
       1015
       -
       	rev1, _ = url.PathUnescape(rev1)

     

       1016
       1016
       -
       

     

       1017
       1017
       -
       	rev2 := chi.URLParam(r, "rev2")

     

       1018
       1018
       -
       	rev2, _ = url.PathUnescape(rev2)

     

       1019
       1019
       -
       

     

       1020
       1020
       -
       	l := h.l.With("handler", "Compare", "r1", rev1, "r2", rev2)

     

       1021
       1021
       -
       

     

       1022
       1022
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       1023
       1023
       -
       	gr, err := git.PlainOpen(path)

     

       1024
       1024
       -
       	if err != nil {

     

       1025
       1025
       -
       		notFound(w)

     

       1026
       1026
       -
       		return

     

       1027
       1027
       -
       	}

     

       1028
       1028
       -
       

     

       1029
       1029
       -
       	commit1, err := gr.ResolveRevision(rev1)

     

       1030
       1030
       -
       	if err != nil {

     

       1031
       1031
       -
       		l.Error("error resolving revision 1", "msg", err.Error())

     

       1032
       1032
       -
       		writeError(w, fmt.Sprintf("error resolving revision %s", rev1), http.StatusBadRequest)

     

       1033
       1033
       -
       		return

     

       1034
       1034
       -
       	}

     

       1035
       1035
       -
       

     

       1036
       1036
       -
       	commit2, err := gr.ResolveRevision(rev2)

     

       1037
       1037
       -
       	if err != nil {

     

       1038
       1038
       -
       		l.Error("error resolving revision 2", "msg", err.Error())

     

       1039
       1039
       -
       		writeError(w, fmt.Sprintf("error resolving revision %s", rev2), http.StatusBadRequest)

     

       1040
       1040
       -
       		return

     

       1041
       1041
       -
       	}

     

       1042
       1042
       -
       

     

       1043
       1043
       -
       	rawPatch, formatPatch, err := gr.FormatPatch(commit1, commit2)

     

       1044
       1044
       -
       	if err != nil {

     

       1045
       1045
       -
       		l.Error("error comparing revisions", "msg", err.Error())

     

       1046
       1046
       -
       		writeError(w, "error comparing revisions", http.StatusBadRequest)

     

       1047
       1047
       -
       		return

     

       1048
       1048
       -
       	}

     

       1049
       1049
       -
       

     

       1050
       1050
       -
       	writeJSON(w, types.RepoFormatPatchResponse{

     

       1051
       1051
       -
       		Rev1:        commit1.Hash.String(),

     

       1052
       1052
       -
       		Rev2:        commit2.Hash.String(),

     

       1053
       1053
       -
       		FormatPatch: formatPatch,

     

       1054
       1054
       -
       		Patch:       rawPatch,

     

       1055
       1055
       -
       	})

     

       1056
       1056
       -
       	return

     

       1057
       1057
       -
       }

     

       1058
       1058
       -
       

     

       1059
       1059
       -
       func (h *Handle) NewHiddenRef(w http.ResponseWriter, r *http.Request) {

     

       1060
       1060
       -
       	l := h.l.With("handler", "NewHiddenRef")

     

       1061
       1061
       -
       

     

       1062
       1062
       -
       	forkRef := chi.URLParam(r, "forkRef")

     

       1063
       1063
       -
       	forkRef, _ = url.PathUnescape(forkRef)

     

       1064
       1064
       -
       

     

       1065
       1065
       -
       	remoteRef := chi.URLParam(r, "remoteRef")

     

       1066
       1066
       -
       	remoteRef, _ = url.PathUnescape(remoteRef)

     

       1067
       1067
       -
       

     

       1068
       1068
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       1069
       1069
       -
       	gr, err := git.PlainOpen(path)

     

       1070
       1070
       -
       	if err != nil {

     

       1071
       1071
       -
       		notFound(w)

     

       1072
       1072
       -
       		return

     

       1073
       1073
       -
       	}

     

       1074
       1074
       -
       

     

       1075
       1075
       -
       	err = gr.TrackHiddenRemoteRef(forkRef, remoteRef)

     

       1076
       1076
       -
       	if err != nil {

     

       1077
       1077
       -
       		l.Error("error tracking hidden remote ref", "msg", err.Error())

     

       1078
       1078
       -
       		writeError(w, "error tracking hidden remote ref", http.StatusBadRequest)

     

       1079
       1079
       -
       		return

     

       1080
       1080
       -
       	}

     

       1081
       1081
       -
       

     

       1082
       1082
       -
       	w.WriteHeader(http.StatusNoContent)

     

       1083
       1083
       -
       	return

     

       1084
       1084
       -
       }

     

       1085
       1085
       -
       

     

       1086
       1086
       -
       func (h *Handle) AddMember(w http.ResponseWriter, r *http.Request) {

     

       1087
       1087
       -
       	l := h.l.With("handler", "AddMember")

     

       1088
       1088
       -
       

     

       1089
       1089
       -
       	data := struct {

     

       1090
       1090
       -
       		Did string `json:"did"`

     

       1091
       1091
       -
       	}{}

     

       1092
       1092
       -
       

     

       1093
       1093
       -
       	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {

     

       1094
       1094
       -
       		writeError(w, "invalid request body", http.StatusBadRequest)

     

       1095
       1095
       -
       		return

     

       1096
       1096
       -
       	}

     

       1097
       1097
       -
       

     

       1098
       1098
       -
       	did := data.Did

     

       1099
       1099
       -
       

     

       1100
       1100
       -
       	if err := h.db.AddDid(did); err != nil {

     

       1101
       1101
       -
       		l.Error("adding did", "error", err.Error())

     

       1102
       1102
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       1103
       1103
       -
       		return

     

       1104
       1104
       -
       	}

     

       1105
       1105
       -
       	h.jc.AddDid(did)

     

       1106
       1106
       -
       

     

       1107
       1107
       -
       	if err := h.e.AddKnotMember(rbac.ThisServer, did); err != nil {

     

       1108
       1108
       -
       		l.Error("adding member", "error", err.Error())

     

       1109
       1109
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       1110
       1110
       -
       		return

     

       1111
       1111
       -
       	}

     

       1112
       1112
       -
       

     

       1113
       1113
       -
       	if err := h.fetchAndAddKeys(r.Context(), did); err != nil {

     

       1114
       1114
       -
       		l.Error("fetching and adding keys", "error", err.Error())

     

       1115
       1115
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       1116
       1116
       -
       		return

     

       1117
       1117
       -
       	}

     

       1118
       1118
       -
       

     

       1119
       1119
       -
       	w.WriteHeader(http.StatusNoContent)

     

       1120
       1120
       -
       }

     

       1121
       1121
       -
       

     

       1122
       1122
       -
       func (h *Handle) AddRepoCollaborator(w http.ResponseWriter, r *http.Request) {

     

       1123
       1123
       -
       	l := h.l.With("handler", "AddRepoCollaborator")

     

       1124
       1124
       -
       

     

       1125
       1125
       -
       	data := struct {

     

       1126
       1126
       -
       		Did string `json:"did"`

     

       1127
       1127
       -
       	}{}

     

       1128
       1128
       -
       

     

       1129
       1129
       -
       	ownerDid := chi.URLParam(r, "did")

     

       1130
       1130
       -
       	repo := chi.URLParam(r, "name")

     

       1131
       1131
       -
       

     

       1132
       1132
       -
       	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {

     

       1133
       1133
       -
       		writeError(w, "invalid request body", http.StatusBadRequest)

     

       1134
       1134
       -
       		return

     

       1135
       1135
       -
       	}

     

       1136
       1136
       -
       

     

       1137
       1137
       -
       	if err := h.db.AddDid(data.Did); err != nil {

     

       1138
       1138
       -
       		l.Error("adding did", "error", err.Error())

     

       1139
       1139
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       1140
       1140
       -
       		return

     

       1141
       1141
       -
       	}

     

       1142
       1142
       -
       	h.jc.AddDid(data.Did)

     

       1143
       1143
       -
       

     

       1144
       1144
       -
       	repoName, _ := securejoin.SecureJoin(ownerDid, repo)

     

       1145
       1145
       -
       	if err := h.e.AddCollaborator(data.Did, rbac.ThisServer, repoName); err != nil {

     

       1146
       1146
       -
       		l.Error("adding repo collaborator", "error", err.Error())

     

       1147
       1147
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       1148
       1148
       -
       		return

     

       1149
       1149
       -
       	}

     

       1150
       1150
       -
       

     

       1151
       1151
       -
       	if err := h.fetchAndAddKeys(r.Context(), data.Did); err != nil {

     

       1152
       1152
       -
       		l.Error("fetching and adding keys", "error", err.Error())

     

       1153
       1153
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       1154
       1154
       -
       		return

     

       1155
       1155
       -
       	}

     

       1156
       1156
       -
       

     

       1157
       1157
       -
       	w.WriteHeader(http.StatusNoContent)

     

       1158
       1158
       -
       }

     

       1159
       1159
       -
       

     

       1160
       1160
       -
       func (h *Handle) DefaultBranch(w http.ResponseWriter, r *http.Request) {

     

       1161
       1161
       -
       	l := h.l.With("handler", "DefaultBranch")

     

       1162
       1162
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       1163
       1163
       -
       

     

       1164
       1164
       -
       	gr, err := git.Open(path, "")

     

       1165
       1165
       -
       	if err != nil {

     

       1166
       1166
       -
       		notFound(w)

     

       1167
       1167
       -
       		return

     

       1168
       1168
       -
       	}

     

       1169
       1169
       -
       

     

       1170
       1170
       -
       	branch, err := gr.FindMainBranch()

     

       1171
       1171
       -
       	if err != nil {

     

       1172
       1172
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       1173
       1173
       -
       		l.Error("getting default branch", "error", err.Error())

     

       1174
       1174
       -
       		return

     

       1175
       1175
       -
       	}

     

       1176
       1176
       -
       

     

       1177
       1177
       -
       	writeJSON(w, types.RepoDefaultBranchResponse{

     

       1178
       1178
       -
       		Branch: branch,

     

       1179
       1179
       -
       	})

     

       1180
       1180
       -
       }

     

       1181
       1181
       -
       

     

       1182
       1182
       -
       func (h *Handle) SetDefaultBranch(w http.ResponseWriter, r *http.Request) {

     

       1183
       1183
       -
       	l := h.l.With("handler", "SetDefaultBranch")

     

       1184
       1184
       -
       	path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))

     

       1185
       1185
       -
       

     

       1186
       1186
       -
       	data := struct {

     

       1187
       1187
       -
       		Branch string `json:"branch"`

     

       1188
       1188
       -
       	}{}

     

       1189
       1189
       -
       

     

       1190
       1190
       -
       	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {

     

       1191
       1191
       -
       		writeError(w, err.Error(), http.StatusBadRequest)

     

       1192
       1192
       -
       		return

     

       1193
       1193
       -
       	}

     

       1194
       1194
       -
       

     

       1195
       1195
       -
       	gr, err := git.PlainOpen(path)

     

       1196
       1196
       -
       	if err != nil {

     

       1197
       1197
       -
       		notFound(w)

     

       1198
       1198
       -
       		return

     

       1199
       1199
       -
       	}

     

       1200
       1200
       -
       

     

       1201
       1201
       -
       	err = gr.SetDefaultBranch(data.Branch)

     

       1202
       1202
       -
       	if err != nil {

     

       1203
       1203
       -
       		writeError(w, err.Error(), http.StatusInternalServerError)

     

       1204
       1204
       -
       		l.Error("setting default branch", "error", err.Error())

     

       1205
       1205
       -
       		return

     

       1206
       1206
       -
       	}

     

       1207
       1207
       -
       

     

       1208
       1208
       -
       	w.WriteHeader(http.StatusNoContent)

     

       1209
       1209
       -
       }

     

       1210
       1210
       -
       

     

       1211
       1211
       -
       func (h *Handle) Health(w http.ResponseWriter, r *http.Request) {

     

       1212
       1212
       -
       	w.Write([]byte("ok"))

     

       1213
       1213
       -
       }

     

       1214
       1214
       -
       

     

       1215
       1215
       -
       func validateRepoName(name string) error {

     

       1216
       1216
       -
       	// check for path traversal attempts

     

       1217
       1217
       -
       	if name == "." || name == ".." ||

     

       1218
       1218
       -
       		strings.Contains(name, "/") || strings.Contains(name, "\\") {

     

       1219
       1219
       -
       		return fmt.Errorf("Repository name contains invalid path characters")

     

       1220
       1220
       -
       	}

     

       1221
       1221
       -
       

     

       1222
       1222
       -
       	// check for sequences that could be used for traversal when normalized

     

       1223
       1223
       -
       	if strings.Contains(name, "./") || strings.Contains(name, "../") ||

     

       1224
       1224
       -
       		strings.HasPrefix(name, ".") || strings.HasSuffix(name, ".") {

     

       1225
       1225
       -
       		return fmt.Errorf("Repository name contains invalid path sequence")

     

       1226
       1226
       -
       	}

     

       1227
       1227
       -
       

     

       1228
       1228
       -
       	// then continue with character validation

     

       1229
       1229
       -
       	for _, char := range name {

     

       1230
       1230
       -
       		if !((char >= 'a' && char <= 'z') ||

     

       1231
       1231
       -
       			(char >= 'A' && char <= 'Z') ||

     

       1232
       1232
       -
       			(char >= '0' && char <= '9') ||

     

       1233
       1233
       -
       			char == '-' || char == '_' || char == '.') {

     

       1234
       1234
       -
       			return fmt.Errorf("Repository name can only contain alphanumeric characters, periods, hyphens, and underscores")

     

       197
       197
       +
       		// remove existing owner

     

       198
       198
       +
       		err = h.e.RemoveKnotOwner(rbacDomain, existingOwner)

     

       199
       199
       +
       		if err != nil {

     

       200
       200
       +
       			return nil

     

       1235
       201
        
       		}

     

       1236
       1236
       -
       	}

     

       1237
       1237
       -
       

     

       1238
       1238
       -
       	// additional check to prevent multiple sequential dots

     

       1239
       1239
       -
       	if strings.Contains(name, "..") {

     

       1240
       1240
       -
       		return fmt.Errorf("Repository name cannot contain sequential dots")

     

       202
       202
       +
       	default:

     

       203
       203
       +
       		return fmt.Errorf("more than one owner in DB, try deleting %q and starting over", h.c.Server.DBPath)

     

       1241
       204
        
       	}

     

       1242
       205
        
       

     

       1243
       1243
       -
       	// if all checks pass

     

       1244
       1244
       -
       	return nil

     

       206
       206
       +
       	return h.e.AddKnotOwner(rbacDomain, cfgOwner)

     

       1245
       207
        
       }

rbac/rbac.go

···

       277
       277
        
       	return e.isInviteAllowed(user, intoSpindle(domain))

     

       278
       278
        
       }

     

       279
       279
        
       

     

       280
       280
       +
       func (e *Enforcer) IsRepoCreateAllowed(user, domain string) (bool, error) {

     

       281
       281
       +
       	return e.E.Enforce(user, domain, domain, "repo:create")

     

       282
       282
       +
       }

     

       283
       283
       +
       

     

       284
       284
       +
       func (e *Enforcer) IsRepoDeleteAllowed(user, domain string) (bool, error) {

     

       285
       285
       +
       	return e.E.Enforce(user, domain, domain, "repo:delete")

     

       286
       286
       +
       }

     

       287
       287
       +
       

     

       280
       288
        
       func (e *Enforcer) IsPushAllowed(user, domain, repo string) (bool, error) {

     

       281
       289
        
       	return e.E.Enforce(user, domain, repo, "repo:push")

     

       282
       290
        
       }