cuducos.me / at-container-registry
forked from evan.jarrett.net/at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

use chi for routes in appview. refactor routes outside of serve.go

Evan Jarrett d75a2755 c79d0ac3

+73 -253
+47 -217
cmd/appview/serve.go
··· 34 34 "atcr.io/pkg/appview/holdhealth" 35 35 "atcr.io/pkg/appview/jetstream" 36 36 "atcr.io/pkg/appview/readme" 37 - "github.com/gorilla/mux" 37 + "atcr.io/pkg/appview/routes" 38 + "github.com/go-chi/chi/v5" 39 + chimiddleware "github.com/go-chi/chi/v5/middleware" 38 40 ) 39 41 40 42 var serveCmd = &cobra.Command{ ··· 165 167 // Initialize Jetstream workers (background services before HTTP routes) 166 168 initializeJetstream(uiDatabase, &cfg.Jetstream, defaultHoldDID, testMode) 167 169 168 - // Initialize UI routes with OAuth app, refresher, device store, health checker, and readme cache 169 - uiTemplates, uiRouter := initializeUIRoutes(cfg.UI.Enabled, uiDatabase, uiReadOnlyDB, uiSessionStore, oauthApp, oauthStore, refresher, baseURL, deviceStore, healthChecker, readmeCache) 170 + // Create main chi router 171 + mainRouter := chi.NewRouter() 172 + 173 + // Add core middleware 174 + mainRouter.Use(chimiddleware.Logger) 175 + mainRouter.Use(chimiddleware.Recoverer) 176 + mainRouter.Use(chimiddleware.GetHead) // Automatically handle HEAD requests for GET routes 177 + mainRouter.Use(routes.CORSMiddleware()) 178 + 179 + // Load templates if UI is enabled 180 + var uiTemplates *template.Template 181 + if cfg.UI.Enabled { 182 + var err error 183 + uiTemplates, err = appview.Templates() 184 + if err != nil { 185 + slog.Warn("Failed to load UI templates", "error", err) 186 + } else { 187 + // Register UI routes with dependencies 188 + routes.RegisterUIRoutes(mainRouter, routes.UIDependencies{ 189 + Database: uiDatabase, 190 + ReadOnlyDB: uiReadOnlyDB, 191 + SessionStore: uiSessionStore, 192 + OAuthApp: oauthApp, 193 + OAuthStore: oauthStore, 194 + Refresher: refresher, 195 + BaseURL: baseURL, 196 + DeviceStore: deviceStore, 197 + HealthChecker: healthChecker, 198 + ReadmeCache: readmeCache, 199 + Templates: uiTemplates, 200 + }) 201 + } 202 + } 170 203 171 204 // Create OAuth server 172 205 oauthServer := oauth.NewServer(oauthApp) ··· 307 340 ctx := context.Background() 308 341 app := handlers.NewApp(ctx, cfg.Distribution) 309 342 310 - // Create main HTTP mux 311 - mux := http.NewServeMux() 312 - 313 343 // Mount registry at /v2/ 314 - mux.Handle("/v2/", app) 344 + mainRouter.Handle("/v2/*", app) 315 345 316 - // Mount UI routes if enabled 317 - if uiSessionStore != nil && uiTemplates != nil && uiRouter != nil { 346 + // Mount static files if UI is enabled 347 + if uiSessionStore != nil && uiTemplates != nil { 318 348 // Mount static files 319 - mux.Handle("/static/", http.StripPrefix("/static/", appview.StaticHandler())) 320 - 321 - // Mount UI routes directly at root level 322 - mux.Handle("/", uiRouter) 349 + mainRouter.Handle("/static/*", http.StripPrefix("/static/", appview.StaticHandler())) 323 350 324 351 slog.Info("UI enabled", "home", "/", "settings", "/settings") 325 352 } 326 353 327 354 // Mount OAuth endpoints 328 - mux.HandleFunc("/auth/oauth/authorize", oauthServer.ServeAuthorize) 329 - mux.HandleFunc("/auth/oauth/callback", oauthServer.ServeCallback) 355 + mainRouter.Get("/auth/oauth/authorize", oauthServer.ServeAuthorize) 356 + mainRouter.Get("/auth/oauth/callback", oauthServer.ServeCallback) 330 357 331 358 // OAuth client metadata endpoint 332 - mux.HandleFunc("/client-metadata.json", func(w http.ResponseWriter, r *http.Request) { 359 + mainRouter.Get("/client-metadata.json", func(w http.ResponseWriter, r *http.Request) { 333 360 config := oauthApp.GetConfig() 334 361 metadata := config.ClientMetadata() 335 362 ··· 366 393 return nil // All errors are non-fatal 367 394 }) 368 395 369 - tokenHandler.RegisterRoutes(mux) 396 + mainRouter.Post("/auth/token", tokenHandler.ServeHTTP) 370 397 371 398 // Device authorization endpoints (public) 372 - mux.Handle("/auth/device/code", &uihandlers.DeviceCodeHandler{ 399 + mainRouter.Handle("/auth/device/code", &uihandlers.DeviceCodeHandler{ 373 400 Store: deviceStore, 374 401 AppViewBaseURL: baseURL, 375 402 }) 376 - mux.Handle("/auth/device/token", &uihandlers.DeviceTokenHandler{ 403 + mainRouter.Handle("/auth/device/token", &uihandlers.DeviceTokenHandler{ 377 404 Store: deviceStore, 378 405 }) 379 406 ··· 389 416 // Create HTTP server 390 417 server := &http.Server{ 391 418 Addr: cfg.Server.Addr, 392 - Handler: mux, 419 + Handler: mainRouter, 393 420 } 394 421 395 422 // Handle graceful shutdown ··· 437 464 cfg.Auth.ServiceName, // service 438 465 cfg.Auth.TokenExpiration, 439 466 ) 440 - } 441 - 442 - // initializeUIRoutes initializes the web UI routes 443 - // uiEnabled: whether UI is enabled (from Config.UI.Enabled) 444 - // database: read-write connection for auth and writes 445 - // readOnlyDB: read-only connection for public queries (search, user pages, etc.) 446 - // healthChecker: hold endpoint health checker 447 - // readmeCache: README cache for repository pages 448 - func initializeUIRoutes(uiEnabled bool, database *sql.DB, readOnlyDB *sql.DB, sessionStore *db.SessionStore, oauthApp *oauth.App, oauthStore *db.OAuthStore, refresher *oauth.Refresher, baseURL string, deviceStore *db.DeviceStore, healthChecker *holdhealth.Checker, readmeCache *readme.Cache) (*template.Template, *mux.Router) { 449 - // Check if UI is enabled 450 - if !uiEnabled { 451 - return nil, nil 452 - } 453 - 454 - // Load templates 455 - templates, err := appview.Templates() 456 - if err != nil { 457 - slog.Warn("Failed to load UI templates", "error", err) 458 - return nil, nil 459 - } 460 - 461 - // Create router 462 - router := mux.NewRouter() 463 - 464 - // OAuth login routes (public) 465 - router.Handle("/auth/oauth/login", &uihandlers.LoginHandler{ 466 - Templates: templates, 467 - }).Methods("GET") 468 - 469 - router.Handle("/auth/oauth/login", &uihandlers.LoginSubmitHandler{}).Methods("POST") 470 - 471 - // Public routes (with optional auth for navbar) 472 - // SECURITY: Public pages use read-only DB 473 - router.Handle("/", middleware.OptionalAuth(sessionStore, database)( 474 - &uihandlers.HomeHandler{ 475 - DB: readOnlyDB, 476 - Templates: templates, 477 - RegistryURL: uihandlers.TrimRegistryURL(baseURL), 478 - }, 479 - )).Methods("GET") 480 - 481 - router.Handle("/api/recent-pushes", middleware.OptionalAuth(sessionStore, database)( 482 - &uihandlers.RecentPushesHandler{ 483 - DB: readOnlyDB, 484 - Templates: templates, 485 - RegistryURL: uihandlers.TrimRegistryURL(baseURL), 486 - HealthChecker: healthChecker, 487 - }, 488 - )).Methods("GET") 489 - 490 - // SECURITY: Search uses read-only DB to prevent writes and limit access to sensitive tables 491 - router.Handle("/search", middleware.OptionalAuth(sessionStore, database)( 492 - &uihandlers.SearchHandler{ 493 - DB: readOnlyDB, 494 - Templates: templates, 495 - RegistryURL: uihandlers.TrimRegistryURL(baseURL), 496 - }, 497 - )).Methods("GET") 498 - 499 - router.Handle("/api/search-results", middleware.OptionalAuth(sessionStore, database)( 500 - &uihandlers.SearchResultsHandler{ 501 - DB: readOnlyDB, 502 - Templates: templates, 503 - RegistryURL: uihandlers.TrimRegistryURL(baseURL), 504 - }, 505 - )).Methods("GET") 506 - 507 - // Install page (public) 508 - router.Handle("/install", middleware.OptionalAuth(sessionStore, database)( 509 - &uihandlers.InstallHandler{ 510 - Templates: templates, 511 - RegistryURL: uihandlers.TrimRegistryURL(baseURL), 512 - }, 513 - )).Methods("GET") 514 - 515 - // API route for repository stats (public, read-only) 516 - router.Handle("/api/stats/{handle}/{repository}", middleware.OptionalAuth(sessionStore, database)( 517 - &uihandlers.GetStatsHandler{ 518 - DB: readOnlyDB, 519 - Directory: oauthApp.Directory(), 520 - }, 521 - )).Methods("GET") 522 - 523 - // API routes for stars (require authentication) 524 - router.Handle("/api/stars/{handle}/{repository}", middleware.RequireAuth(sessionStore, database)( 525 - &uihandlers.StarRepositoryHandler{ 526 - DB: database, // Needs write access 527 - Directory: oauthApp.Directory(), 528 - Refresher: refresher, 529 - }, 530 - )).Methods("POST") 531 - 532 - router.Handle("/api/stars/{handle}/{repository}", middleware.RequireAuth(sessionStore, database)( 533 - &uihandlers.UnstarRepositoryHandler{ 534 - DB: database, // Needs write access 535 - Directory: oauthApp.Directory(), 536 - Refresher: refresher, 537 - }, 538 - )).Methods("DELETE") 539 - 540 - router.Handle("/api/stars/{handle}/{repository}", middleware.OptionalAuth(sessionStore, database)( 541 - &uihandlers.CheckStarHandler{ 542 - DB: readOnlyDB, // Read-only check 543 - Directory: oauthApp.Directory(), 544 - Refresher: refresher, 545 - }, 546 - )).Methods("GET") 547 - 548 - // Manifest detail API endpoint 549 - router.Handle("/api/manifests/{handle}/{repository}/{digest}", middleware.OptionalAuth(sessionStore, database)( 550 - &uihandlers.ManifestDetailHandler{ 551 - DB: readOnlyDB, 552 - Directory: oauthApp.Directory(), 553 - }, 554 - )).Methods("GET") 555 - 556 - // Manifest health check API endpoint (HTMX polling) 557 - router.Handle("/api/manifest-health", &uihandlers.ManifestHealthHandler{ 558 - HealthChecker: healthChecker, 559 - }).Methods("GET") 560 - 561 - router.Handle("/u/{handle}", middleware.OptionalAuth(sessionStore, database)( 562 - &uihandlers.UserPageHandler{ 563 - DB: readOnlyDB, 564 - Templates: templates, 565 - RegistryURL: uihandlers.TrimRegistryURL(baseURL), 566 - }, 567 - )).Methods("GET") 568 - 569 - router.Handle("/r/{handle}/{repository}", middleware.OptionalAuth(sessionStore, database)( 570 - &uihandlers.RepositoryPageHandler{ 571 - DB: readOnlyDB, 572 - Templates: templates, 573 - RegistryURL: uihandlers.TrimRegistryURL(baseURL), 574 - Directory: oauthApp.Directory(), 575 - Refresher: refresher, 576 - HealthChecker: healthChecker, 577 - ReadmeCache: readmeCache, 578 - }, 579 - )).Methods("GET") 580 - 581 - // Authenticated routes 582 - authRouter := router.NewRoute().Subrouter() 583 - authRouter.Use(middleware.RequireAuth(sessionStore, database)) 584 - 585 - authRouter.Handle("/settings", &uihandlers.SettingsHandler{ 586 - Templates: templates, 587 - Refresher: refresher, 588 - RegistryURL: uihandlers.TrimRegistryURL(baseURL), 589 - }).Methods("GET") 590 - 591 - authRouter.Handle("/api/profile/default-hold", &uihandlers.UpdateDefaultHoldHandler{ 592 - Refresher: refresher, 593 - }).Methods("POST") 594 - 595 - authRouter.Handle("/api/images/{repository}/tags/{tag}", &uihandlers.DeleteTagHandler{ 596 - DB: database, 597 - Refresher: refresher, 598 - }).Methods("DELETE") 599 - 600 - authRouter.Handle("/api/images/{repository}/manifests/{digest}", &uihandlers.DeleteManifestHandler{ 601 - DB: database, 602 - Refresher: refresher, 603 - }).Methods("DELETE") 604 - 605 - // Device approval page (authenticated) 606 - authRouter.Handle("/device", &uihandlers.DeviceApprovalPageHandler{ 607 - Store: deviceStore, 608 - SessionStore: sessionStore, 609 - }).Methods("GET") 610 - 611 - authRouter.Handle("/device/approve", &uihandlers.DeviceApproveHandler{ 612 - Store: deviceStore, 613 - SessionStore: sessionStore, 614 - }).Methods("POST") 615 - 616 - // Device management routes 617 - authRouter.Handle("/api/devices", &uihandlers.ListDevicesHandler{ 618 - Store: deviceStore, 619 - SessionStore: sessionStore, 620 - }).Methods("GET") 621 - 622 - authRouter.Handle("/api/devices/{id}", &uihandlers.RevokeDeviceHandler{ 623 - Store: deviceStore, 624 - SessionStore: sessionStore, 625 - }).Methods("DELETE") 626 - 627 - // Logout endpoint (supports both GET and POST) 628 - // Properly revokes OAuth tokens on PDS side before clearing local session 629 - router.Handle("/auth/logout", &uihandlers.LogoutHandler{ 630 - OAuthApp: oauthApp, 631 - Refresher: refresher, 632 - SessionStore: sessionStore, 633 - OAuthStore: oauthStore, 634 - }).Methods("GET", "POST") 635 - 636 - return templates, router 637 467 } 638 468 639 469 // initializeJetstream initializes the Jetstream workers for real-time events and backfill
+1 -1
go.mod
··· 10 10 github.com/go-chi/chi/v5 v5.2.3 11 11 github.com/golang-jwt/jwt/v5 v5.2.2 12 12 github.com/google/uuid v1.6.0 13 - github.com/gorilla/mux v1.8.1 14 13 github.com/gorilla/websocket v1.5.3 15 14 github.com/ipfs/go-block-format v0.2.0 16 15 github.com/ipfs/go-cid v0.4.1 ··· 57 56 github.com/google/go-querystring v1.1.0 // indirect 58 57 github.com/gorilla/css v1.0.1 // indirect 59 58 github.com/gorilla/handlers v1.5.2 // indirect 59 + github.com/gorilla/mux v1.8.1 // indirect 60 60 github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect 61 61 github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed // indirect 62 62 github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+12 -17
pkg/appview/handlers/api.go
··· 15 15 "atcr.io/pkg/auth/oauth" 16 16 "github.com/bluesky-social/indigo/atproto/identity" 17 17 "github.com/bluesky-social/indigo/atproto/syntax" 18 - "github.com/gorilla/mux" 18 + "github.com/go-chi/chi/v5" 19 19 ) 20 20 21 21 // StarRepositoryHandler handles starring a repository ··· 34 34 } 35 35 36 36 // Extract parameters 37 - vars := mux.Vars(r) 38 - handle := vars["handle"] 39 - repository := vars["repository"] 37 + handle := chi.URLParam(r, "handle") 38 + repository := chi.URLParam(r, "repository") 40 39 41 40 // Resolve owner's handle to DID 42 41 ownerDID, err := resolveIdentityToDID(r.Context(), h.Directory, handle) ··· 93 92 } 94 93 95 94 // Extract parameters 96 - vars := mux.Vars(r) 97 - handle := vars["handle"] 98 - repository := vars["repository"] 95 + handle := chi.URLParam(r, "handle") 96 + repository := chi.URLParam(r, "repository") 99 97 100 98 // Resolve owner's handle to DID 101 99 ownerDID, err := resolveIdentityToDID(r.Context(), h.Directory, handle) ··· 155 153 } 156 154 157 155 // Extract parameters 158 - vars := mux.Vars(r) 159 - handle := vars["handle"] 160 - repository := vars["repository"] 156 + handle := chi.URLParam(r, "handle") 157 + repository := chi.URLParam(r, "repository") 161 158 162 159 // Resolve owner's handle to DID 163 160 ownerDID, err := resolveIdentityToDID(r.Context(), h.Directory, handle) ··· 200 197 201 198 func (h *GetStatsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 202 199 // Extract parameters 203 - vars := mux.Vars(r) 204 - handle := vars["handle"] 205 - repository := vars["repository"] 200 + handle := chi.URLParam(r, "handle") 201 + repository := chi.URLParam(r, "repository") 206 202 207 203 // Resolve owner's handle to DID 208 204 ownerDID, err := resolveIdentityToDID(r.Context(), h.Directory, handle) ··· 231 227 232 228 func (h *ManifestDetailHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 233 229 // Extract parameters 234 - vars := mux.Vars(r) 235 - handle := vars["handle"] 236 - repository := vars["repository"] 237 - digest := vars["digest"] 230 + handle := chi.URLParam(r, "handle") 231 + repository := chi.URLParam(r, "repository") 232 + digest := chi.URLParam(r, "digest") 238 233 239 234 // Resolve owner's handle to DID 240 235 ownerDID, err := resolveIdentityToDID(r.Context(), h.Directory, handle)
+2 -3
pkg/appview/handlers/device.go
··· 9 9 "net/url" 10 10 "strings" 11 11 12 - "github.com/gorilla/mux" 12 + "github.com/go-chi/chi/v5" 13 13 14 14 "atcr.io/pkg/appview/db" 15 15 ) ··· 338 338 } 339 339 340 340 // Get device ID from URL 341 - vars := mux.Vars(r) 342 - deviceID := vars["id"] 341 + deviceID := chi.URLParam(r, "id") 343 342 if deviceID == "" { 344 343 http.Error(w, "device ID required", http.StatusBadRequest) 345 344 return
+5 -7
pkg/appview/handlers/images.go
··· 10 10 "atcr.io/pkg/appview/middleware" 11 11 "atcr.io/pkg/atproto" 12 12 "atcr.io/pkg/auth/oauth" 13 - "github.com/gorilla/mux" 13 + "github.com/go-chi/chi/v5" 14 14 ) 15 15 16 16 // DeleteTagHandler handles deleting a tag ··· 26 26 return 27 27 } 28 28 29 - vars := mux.Vars(r) 30 - repo := vars["repository"] 31 - tag := vars["tag"] 29 + repo := chi.URLParam(r, "repository") 30 + tag := chi.URLParam(r, "tag") 32 31 33 32 // Get OAuth session for the authenticated user 34 33 session, err := h.Refresher.GetSession(r.Context(), user.DID) ··· 74 73 return 75 74 } 76 75 77 - vars := mux.Vars(r) 78 - repo := vars["repository"] 79 - digest := vars["digest"] 76 + repo := chi.URLParam(r, "repository") 77 + digest := chi.URLParam(r, "digest") 80 78 81 79 // Check if manifest is tagged 82 80 tagged, err := db.IsManifestTagged(h.DB, user.DID, repo, digest)
+3 -4
pkg/appview/handlers/repository.go
··· 16 16 "atcr.io/pkg/atproto" 17 17 "atcr.io/pkg/auth/oauth" 18 18 "github.com/bluesky-social/indigo/atproto/identity" 19 - "github.com/gorilla/mux" 19 + "github.com/go-chi/chi/v5" 20 20 ) 21 21 22 22 // RepositoryPageHandler handles the public repository page ··· 31 31 } 32 32 33 33 func (h *RepositoryPageHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 34 - vars := mux.Vars(r) 35 - handle := vars["handle"] 36 - repository := vars["repository"] 34 + handle := chi.URLParam(r, "handle") 35 + repository := chi.URLParam(r, "repository") 37 36 38 37 // Look up user by handle 39 38 owner, err := db.GetUserByHandle(h.DB, handle)
+2 -3
pkg/appview/handlers/user.go
··· 6 6 "net/http" 7 7 8 8 "atcr.io/pkg/appview/db" 9 - "github.com/gorilla/mux" 9 + "github.com/go-chi/chi/v5" 10 10 ) 11 11 12 12 // UserPageHandler handles the public user page showing all images for a user ··· 17 17 } 18 18 19 19 func (h *UserPageHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 20 - vars := mux.Vars(r) 21 - handle := vars["handle"] 20 + handle := chi.URLParam(r, "handle") 22 21 23 22 // Look up user by handle 24 23 viewedUser, err := db.GetUserByHandle(h.DB, handle)
+1 -1
pkg/atproto/lexicon.go
··· 433 433 return "did:web:" + hostname 434 434 } 435 435 436 - // isDID checks if a string is a DID (starts with "did:") 436 + // IsDID checks if a string is a DID (starts with "did:") 437 437 func IsDID(s string) bool { 438 438 return len(s) > 4 && s[:4] == "did:" 439 439 }