···
-
securejoin "github.com/cyphar/filepath-securejoin"
-
"github.com/gliderlabs/ssh"
"github.com/go-chi/chi/v5"
-
"github.com/go-git/go-git/v5/plumbing"
-
"github.com/go-git/go-git/v5/plumbing/object"
-
"tangled.sh/tangled.sh/core/hook"
"tangled.sh/tangled.sh/core/knotserver/db"
-
"tangled.sh/tangled.sh/core/knotserver/git"
-
"tangled.sh/tangled.sh/core/patchutil"
"tangled.sh/tangled.sh/core/rbac"
-
"tangled.sh/tangled.sh/core/types"
-
func (h *Handle) Index(w http.ResponseWriter, r *http.Request) {
-
w.Write([]byte("This is a knot server. More info at https://tangled.sh"))
-
func (h *Handle) Capabilities(w http.ResponseWriter, r *http.Request) {
-
w.Header().Set("Content-Type", "application/json")
-
capabilities := map[string]any{
-
"pull_requests": map[string]any{
-
"patch_submissions": true,
-
"branch_submissions": true,
-
"fork_submissions": true,
-
jsonData, err := json.Marshal(capabilities)
-
http.Error(w, "Failed to serialize JSON", http.StatusInternalServerError)
-
func (h *Handle) RepoIndex(w http.ResponseWriter, r *http.Request) {
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
l := h.l.With("path", path, "handler", "RepoIndex")
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
gr, err := git.Open(path, ref)
-
plain, err2 := git.PlainOpen(path)
-
l.Error("opening repo", "error", err2.Error())
-
branches, _ := plain.Branches()
-
if errors.Is(err, plumbing.ErrReferenceNotFound) {
-
resp := types.RepoIndexResponse{
-
l.Error("opening repo", "error", err.Error())
-
commits []*object.Commit
-
branches []types.Branch
-
errorsCh := make(chan error, 5)
-
cs, err := gr.Commits(0, 60)
-
errorsCh <- fmt.Errorf("commits: %w", err)
-
t, err := gr.TotalCommits()
-
errorsCh <- fmt.Errorf("calculating total: %w", err)
-
bs, err := gr.Branches()
-
errorsCh <- fmt.Errorf("fetching branches: %w", err)
-
errorsCh <- fmt.Errorf("fetching tags: %w", err)
-
fs, err := gr.FileTree(r.Context(), "")
-
errorsCh <- fmt.Errorf("fetching filetree: %w", err)
-
for err := range errorsCh {
-
l.Error("loading repo", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
rtags := []*types.TagReference{}
-
for _, tag := range tags {
-
if tag.Target != plumbing.ZeroHash {
-
tr := types.TagReference{
-
tr.Reference = types.Reference{
-
Hash: tag.Hash.String(),
-
tr.Message = tag.Message
-
rtags = append(rtags, &tr)
-
var readmeContent string
-
for _, readme := range h.c.Repo.Readme {
-
content, _ := gr.FileContent(readme)
-
readmeContent = string(content)
-
mainBranch, err := gr.FindMainBranch()
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("finding main branch", "error", err.Error())
-
resp := types.RepoIndexResponse{
-
Description: getDescription(path),
-
ReadmeFileName: readmeFile,
-
func (h *Handle) RepoTree(w http.ResponseWriter, r *http.Request) {
-
treePath := chi.URLParam(r, "*")
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
l := h.l.With("handler", "RepoTree", "ref", ref, "treePath", treePath)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, ref)
-
files, err := gr.FileTree(r.Context(), treePath)
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("file tree", "error", err.Error())
-
resp := types.RepoTreeResponse{
-
Description: getDescription(path),
-
DotDot: filepath.Dir(treePath),
-
func (h *Handle) BlobRaw(w http.ResponseWriter, r *http.Request) {
-
treePath := chi.URLParam(r, "*")
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
l := h.l.With("handler", "BlobRaw", "ref", ref, "treePath", treePath)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, ref)
-
contents, err := gr.RawContent(treePath)
-
writeError(w, err.Error(), http.StatusBadRequest)
-
l.Error("file content", "error", err.Error())
-
mimeType := http.DetectContentType(contents)
-
if filepath.Ext(treePath) == ".svg" {
-
mimeType = "image/svg+xml"
-
contentHash := sha256.Sum256(contents)
-
eTag := fmt.Sprintf("\"%x\"", contentHash)
-
// allow image, video, and text/plain files to be served directly
-
case strings.HasPrefix(mimeType, "image/"), strings.HasPrefix(mimeType, "video/"):
-
if clientETag := r.Header.Get("If-None-Match"); clientETag == eTag {
-
w.WriteHeader(http.StatusNotModified)
-
w.Header().Set("ETag", eTag)
-
case strings.HasPrefix(mimeType, "text/plain"):
-
w.Header().Set("Cache-Control", "public, no-cache")
-
l.Error("attempted to serve disallowed file type", "mimetype", mimeType)
-
writeError(w, "only image, video, and text files can be accessed directly", http.StatusForbidden)
-
w.Header().Set("Content-Type", mimeType)
-
func (h *Handle) Blob(w http.ResponseWriter, r *http.Request) {
-
treePath := chi.URLParam(r, "*")
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
l := h.l.With("handler", "Blob", "ref", ref, "treePath", treePath)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, ref)
-
var isBinaryFile bool = false
-
contents, err := gr.FileContent(treePath)
-
if errors.Is(err, git.ErrBinaryFile) {
-
} else if errors.Is(err, object.ErrFileNotFound) {
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
bytes := []byte(contents)
-
// safe := string(sanitize(bytes))
-
resp := types.RepoBlobResponse{
-
Contents: string(bytes),
-
IsBinary: isBinaryFile,
-
SizeHint: uint64(sizeHint),
-
func (h *Handle) Archive(w http.ResponseWriter, r *http.Request) {
-
name := chi.URLParam(r, "name")
-
file := chi.URLParam(r, "file")
-
l := h.l.With("handler", "Archive", "name", name, "file", file)
-
// TODO: extend this to add more files compression (e.g.: xz)
-
if !strings.HasSuffix(file, ".tar.gz") {
-
ref := strings.TrimSuffix(file, ".tar.gz")
-
unescapedRef, err := url.PathUnescape(ref)
-
safeRefFilename := strings.ReplaceAll(plumbing.ReferenceName(unescapedRef).Short(), "/", "-")
-
// This allows the browser to use a proper name for the file when
-
filename := fmt.Sprintf("%s-%s.tar.gz", name, safeRefFilename)
-
setContentDisposition(w, filename)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, unescapedRef)
-
gw := gzip.NewWriter(w)
-
prefix := fmt.Sprintf("%s-%s", name, safeRefFilename)
-
err = gr.WriteTar(gw, prefix)
-
// once we start writing to the body we can't report error anymore
-
// so we are only left with printing the error.
-
l.Error("writing tar file", "error", err.Error())
-
// once we start writing to the body we can't report error anymore
-
// so we are only left with printing the error.
-
l.Error("flushing?", "error", err.Error())
-
func (h *Handle) Log(w http.ResponseWriter, r *http.Request) {
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
l := h.l.With("handler", "Log", "ref", ref, "path", path)
-
gr, err := git.Open(path, ref)
-
if pageParam := r.URL.Query().Get("page"); pageParam != "" {
-
if p, err := strconv.Atoi(pageParam); err == nil && p > 0 {
-
if pageSizeParam := r.URL.Query().Get("per_page"); pageSizeParam != "" {
-
if ps, err := strconv.Atoi(pageSizeParam); err == nil && ps > 0 {
-
// convert to offset/limit
-
offset := (page - 1) * pageSize
-
commits, err := gr.Commits(offset, limit)
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("fetching commits", "error", err.Error())
-
resp := types.RepoLogResponse{
-
Description: getDescription(path),
-
func (h *Handle) Diff(w http.ResponseWriter, r *http.Request) {
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
l := h.l.With("handler", "Diff", "ref", ref)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, ref)
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("getting diff", "error", err.Error())
-
resp := types.RepoCommitResponse{
-
func (h *Handle) Tags(w http.ResponseWriter, r *http.Request) {
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
l := h.l.With("handler", "Refs")
-
gr, err := git.Open(path, "")
-
// Non-fatal, we *should* have at least one branch to show.
-
l.Warn("getting tags", "error", err.Error())
-
rtags := []*types.TagReference{}
-
for _, tag := range tags {
-
if tag.Target != plumbing.ZeroHash {
-
tr := types.TagReference{
-
tr.Reference = types.Reference{
-
Hash: tag.Hash.String(),
-
tr.Message = tag.Message
-
rtags = append(rtags, &tr)
-
resp := types.RepoTagsResponse{
-
func (h *Handle) Branches(w http.ResponseWriter, r *http.Request) {
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.PlainOpen(path)
-
branches, _ := gr.Branches()
-
resp := types.RepoBranchesResponse{
-
func (h *Handle) Branch(w http.ResponseWriter, r *http.Request) {
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
branchName := chi.URLParam(r, "branch")
-
branchName, _ = url.PathUnescape(branchName)
-
l := h.l.With("handler", "Branch")
-
gr, err := git.PlainOpen(path)
-
ref, err := gr.Branch(branchName)
-
l.Error("getting branch", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
commit, err := gr.Commit(ref.Hash())
-
l.Error("getting commit object", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
defaultBranch, err := gr.FindMainBranch()
-
l.Error("getting default branch", "error", err.Error())
-
} else if defaultBranch == branchName {
-
resp := types.RepoBranchResponse{
-
Reference: types.Reference{
-
Name: ref.Name().Short(),
-
Hash: ref.Hash().String(),
-
func (h *Handle) Keys(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "Keys")
-
keys, err := h.db.GetAllPublicKeys()
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("getting public keys", "error", err.Error())
-
data := make([]map[string]any, 0)
-
for _, key := range keys {
-
if err := json.NewDecoder(r.Body).Decode(&pk); err != nil {
-
writeError(w, "invalid request body", http.StatusBadRequest)
-
_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(pk.Key))
-
writeError(w, "invalid pubkey", http.StatusBadRequest)
-
if err := h.db.AddPublicKey(pk); err != nil {
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("adding public key", "error", err.Error())
-
w.WriteHeader(http.StatusNoContent)
-
func (h *Handle) RepoForkAheadBehind(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "RepoForkAheadBehind")
-
Did string `json:"did"`
-
Source string `json:"source"`
-
Name string `json:"name,omitempty"`
-
HiddenRef string `json:"hiddenref"`
-
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
writeError(w, "invalid request body", http.StatusBadRequest)
-
if did == "" || source == "" {
-
l.Error("invalid request body, empty did or name")
-
w.WriteHeader(http.StatusBadRequest)
-
name = filepath.Base(source)
-
branch := chi.URLParam(r, "branch")
-
branch, _ = url.PathUnescape(branch)
-
relativeRepoPath := filepath.Join(did, name)
-
repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
-
gr, err := git.PlainOpen(repoPath)
-
forkCommit, err := gr.ResolveRevision(branch)
-
l.Error("error resolving ref revision", "msg", err.Error())
-
writeError(w, fmt.Sprintf("error resolving revision %s", branch), http.StatusBadRequest)
-
sourceCommit, err := gr.ResolveRevision(data.HiddenRef)
-
l.Error("error resolving hidden ref revision", "msg", err.Error())
-
writeError(w, fmt.Sprintf("error resolving revision %s", data.HiddenRef), http.StatusBadRequest)
-
status := types.UpToDate
-
if forkCommit.Hash.String() != sourceCommit.Hash.String() {
-
isAncestor, err := forkCommit.IsAncestor(sourceCommit)
-
log.Printf("error resolving whether %s is ancestor of %s: %s", branch, data.HiddenRef, err)
-
status = types.FastForwardable
-
status = types.Conflict
-
w.Header().Set("Content-Type", "application/json")
-
json.NewEncoder(w).Encode(types.AncestorCheckResponse{Status: status})
-
func (h *Handle) RepoLanguages(w http.ResponseWriter, r *http.Request) {
-
repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
ref := chi.URLParam(r, "ref")
-
ref, _ = url.PathUnescape(ref)
-
l := h.l.With("handler", "RepoLanguages")
-
gr, err := git.Open(repoPath, ref)
-
l.Error("opening repo", "error", err.Error())
-
ctx, cancel := context.WithTimeout(r.Context(), 1*time.Second)
-
sizes, err := gr.AnalyzeLanguages(ctx)
-
l.Error("failed to analyze languages", "error", err.Error())
-
writeError(w, err.Error(), http.StatusNoContent)
-
resp := types.RepoLanguageResponse{Languages: sizes}
-
func (h *Handle) RepoForkSync(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "RepoForkSync")
-
Did string `json:"did"`
-
Source string `json:"source"`
-
Name string `json:"name,omitempty"`
-
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
writeError(w, "invalid request body", http.StatusBadRequest)
-
if did == "" || source == "" {
-
l.Error("invalid request body, empty did or name")
-
w.WriteHeader(http.StatusBadRequest)
-
name = filepath.Base(source)
-
branch := chi.URLParam(r, "*")
-
branch, _ = url.PathUnescape(branch)
-
relativeRepoPath := filepath.Join(did, name)
-
repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
-
gr, err := git.Open(repoPath, branch)
-
l.Error("error syncing repo fork", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
w.WriteHeader(http.StatusNoContent)
-
func (h *Handle) RepoFork(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "RepoFork")
-
Did string `json:"did"`
-
Source string `json:"source"`
-
Name string `json:"name,omitempty"`
-
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
writeError(w, "invalid request body", http.StatusBadRequest)
-
if did == "" || source == "" {
-
l.Error("invalid request body, empty did or name")
-
w.WriteHeader(http.StatusBadRequest)
-
name = filepath.Base(source)
-
relativeRepoPath := filepath.Join(did, name)
-
repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
-
err := git.Fork(repoPath, source)
-
l.Error("forking repo", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
// add perms for this user to access the repo
-
err = h.e.AddRepo(did, rbac.ThisServer, relativeRepoPath)
-
l.Error("adding repo permissions", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
hook.WithScanPath(h.c.Repo.ScanPath),
-
hook.WithInternalApi(h.c.Server.InternalListenAddr),
-
w.WriteHeader(http.StatusNoContent)
-
func (h *Handle) RemoveRepo(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "RemoveRepo")
-
Did string `json:"did"`
-
Name string `json:"name"`
-
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
writeError(w, "invalid request body", http.StatusBadRequest)
-
if did == "" || name == "" {
-
l.Error("invalid request body, empty did or name")
-
w.WriteHeader(http.StatusBadRequest)
-
relativeRepoPath := filepath.Join(did, name)
-
repoPath, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, relativeRepoPath)
-
err := os.RemoveAll(repoPath)
-
l.Error("removing repo", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
w.WriteHeader(http.StatusNoContent)
-
func (h *Handle) Merge(w http.ResponseWriter, r *http.Request) {
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
data := types.MergeRequest{}
-
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
writeError(w, err.Error(), http.StatusBadRequest)
-
h.l.Error("git: failed to unmarshal json patch", "handler", "Merge", "error", err)
-
mo := &git.MergeOptions{
-
AuthorName: data.AuthorName,
-
AuthorEmail: data.AuthorEmail,
-
CommitBody: data.CommitBody,
-
CommitMessage: data.CommitMessage,
-
gr, err := git.Open(path, branch)
-
mo.FormatPatch = patchutil.IsFormatPatch(patch)
-
if err := gr.MergeWithOptions([]byte(patch), branch, mo); err != nil {
-
var mergeErr *git.ErrMerge
-
if errors.As(err, &mergeErr) {
-
conflicts := make([]types.ConflictInfo, len(mergeErr.Conflicts))
-
for i, conflict := range mergeErr.Conflicts {
-
conflicts[i] = types.ConflictInfo{
-
Filename: conflict.Filename,
-
Reason: conflict.Reason,
-
response := types.MergeCheckResponse{
-
Message: mergeErr.Message,
-
writeConflict(w, response)
-
h.l.Error("git: merge conflict", "handler", "Merge", "error", mergeErr)
-
writeError(w, err.Error(), http.StatusBadRequest)
-
h.l.Error("git: failed to merge", "handler", "Merge", "error", err.Error())
-
w.WriteHeader(http.StatusOK)
-
func (h *Handle) MergeCheck(w http.ResponseWriter, r *http.Request) {
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
Patch string `json:"patch"`
-
Branch string `json:"branch"`
-
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
writeError(w, err.Error(), http.StatusBadRequest)
-
h.l.Error("git: failed to unmarshal json patch", "handler", "MergeCheck", "error", err)
-
gr, err := git.Open(path, branch)
-
err = gr.MergeCheck([]byte(patch), branch)
-
response := types.MergeCheckResponse{
-
var mergeErr *git.ErrMerge
-
if errors.As(err, &mergeErr) {
-
conflicts := make([]types.ConflictInfo, len(mergeErr.Conflicts))
-
for i, conflict := range mergeErr.Conflicts {
-
conflicts[i] = types.ConflictInfo{
-
Filename: conflict.Filename,
-
Reason: conflict.Reason,
-
response := types.MergeCheckResponse{
-
Message: mergeErr.Message,
-
writeConflict(w, response)
-
h.l.Error("git: merge conflict", "handler", "MergeCheck", "error", mergeErr.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
h.l.Error("git: failed to check merge", "handler", "MergeCheck", "error", err.Error())
-
func (h *Handle) Compare(w http.ResponseWriter, r *http.Request) {
-
rev1 := chi.URLParam(r, "rev1")
-
rev1, _ = url.PathUnescape(rev1)
-
rev2 := chi.URLParam(r, "rev2")
-
rev2, _ = url.PathUnescape(rev2)
-
l := h.l.With("handler", "Compare", "r1", rev1, "r2", rev2)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.PlainOpen(path)
-
commit1, err := gr.ResolveRevision(rev1)
-
l.Error("error resolving revision 1", "msg", err.Error())
-
writeError(w, fmt.Sprintf("error resolving revision %s", rev1), http.StatusBadRequest)
-
commit2, err := gr.ResolveRevision(rev2)
-
l.Error("error resolving revision 2", "msg", err.Error())
-
writeError(w, fmt.Sprintf("error resolving revision %s", rev2), http.StatusBadRequest)
-
rawPatch, formatPatch, err := gr.FormatPatch(commit1, commit2)
-
l.Error("error comparing revisions", "msg", err.Error())
-
writeError(w, "error comparing revisions", http.StatusBadRequest)
-
writeJSON(w, types.RepoFormatPatchResponse{
-
Rev1: commit1.Hash.String(),
-
Rev2: commit2.Hash.String(),
-
FormatPatch: formatPatch,
-
func (h *Handle) NewHiddenRef(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "NewHiddenRef")
-
forkRef := chi.URLParam(r, "forkRef")
-
forkRef, _ = url.PathUnescape(forkRef)
-
remoteRef := chi.URLParam(r, "remoteRef")
-
remoteRef, _ = url.PathUnescape(remoteRef)
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.PlainOpen(path)
-
err = gr.TrackHiddenRemoteRef(forkRef, remoteRef)
-
l.Error("error tracking hidden remote ref", "msg", err.Error())
-
writeError(w, "error tracking hidden remote ref", http.StatusBadRequest)
-
w.WriteHeader(http.StatusNoContent)
-
func (h *Handle) AddMember(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "AddMember")
-
Did string `json:"did"`
-
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
writeError(w, "invalid request body", http.StatusBadRequest)
-
if err := h.db.AddDid(did); err != nil {
-
l.Error("adding did", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
if err := h.e.AddKnotMember(rbac.ThisServer, did); err != nil {
-
l.Error("adding member", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
if err := h.fetchAndAddKeys(r.Context(), did); err != nil {
-
l.Error("fetching and adding keys", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
w.WriteHeader(http.StatusNoContent)
-
func (h *Handle) AddRepoCollaborator(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "AddRepoCollaborator")
-
Did string `json:"did"`
-
ownerDid := chi.URLParam(r, "did")
-
repo := chi.URLParam(r, "name")
-
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
writeError(w, "invalid request body", http.StatusBadRequest)
-
if err := h.db.AddDid(data.Did); err != nil {
-
l.Error("adding did", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
repoName, _ := securejoin.SecureJoin(ownerDid, repo)
-
if err := h.e.AddCollaborator(data.Did, rbac.ThisServer, repoName); err != nil {
-
l.Error("adding repo collaborator", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
if err := h.fetchAndAddKeys(r.Context(), data.Did); err != nil {
-
l.Error("fetching and adding keys", "error", err.Error())
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
w.WriteHeader(http.StatusNoContent)
-
func (h *Handle) DefaultBranch(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "DefaultBranch")
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
gr, err := git.Open(path, "")
-
branch, err := gr.FindMainBranch()
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("getting default branch", "error", err.Error())
-
writeJSON(w, types.RepoDefaultBranchResponse{
-
func (h *Handle) SetDefaultBranch(w http.ResponseWriter, r *http.Request) {
-
l := h.l.With("handler", "SetDefaultBranch")
-
path, _ := securejoin.SecureJoin(h.c.Repo.ScanPath, didPath(r))
-
Branch string `json:"branch"`
-
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
-
writeError(w, err.Error(), http.StatusBadRequest)
-
gr, err := git.PlainOpen(path)
-
err = gr.SetDefaultBranch(data.Branch)
-
writeError(w, err.Error(), http.StatusInternalServerError)
-
l.Error("setting default branch", "error", err.Error())
-
w.WriteHeader(http.StatusNoContent)
-
func (h *Handle) Health(w http.ResponseWriter, r *http.Request) {
-
func validateRepoName(name string) error {
-
// check for path traversal attempts
-
if name == "." || name == ".." ||
-
strings.Contains(name, "/") || strings.Contains(name, "\\") {
-
return fmt.Errorf("Repository name contains invalid path characters")
-
// check for sequences that could be used for traversal when normalized
-
if strings.Contains(name, "./") || strings.Contains(name, "../") ||
-
strings.HasPrefix(name, ".") || strings.HasSuffix(name, ".") {
-
return fmt.Errorf("Repository name contains invalid path sequence")
-
// then continue with character validation
-
for _, char := range name {
-
if !((char >= 'a' && char <= 'z') ||
-
(char >= 'A' && char <= 'Z') ||
-
(char >= '0' && char <= '9') ||
-
char == '-' || char == '_' || char == '.') {
-
return fmt.Errorf("Repository name can only contain alphanumeric characters, periods, hyphens, and underscores")
-
// additional check to prevent multiple sequential dots
-
if strings.Contains(name, "..") {
-
return fmt.Errorf("Repository name cannot contain sequential dots")
veryroundbird.house
oppi.li