hystericca.dev / core
forked from tangled.org/core
Monorepo for Tangled
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

core / knotserver / xrpc / create_repo.go
at 5b01f9975e7ec4e828e57202bd7cb87ff4e137df 287 lines 9.3 kB view raw
Lewis knotserver/xrpc: use repo DID resolution in all handlers
e406a5a0
1package xrpc 2 3import ( 4 "context" 5 "encoding/json" 6 "errors" 7 "fmt" 8 "net/http" 9 "os" 10 "strings" 11 "time" 12 13 "github.com/bluesky-social/indigo/atproto/syntax" 14 indigoxrpc "github.com/bluesky-social/indigo/xrpc" 15 securejoin "github.com/cyphar/filepath-securejoin" 16 gogit "github.com/go-git/go-git/v5" 17 "tangled.org/core/api/tangled" 18 "tangled.org/core/hook" 19 "tangled.org/core/knotserver/git" 20 "tangled.org/core/knotserver/repodid" 21 "tangled.org/core/rbac" 22 xrpcerr "tangled.org/core/xrpc/errors" 23) 24 25func (h *Xrpc) CreateRepo(w http.ResponseWriter, r *http.Request) { 26 l := h.Logger.With("handler", "NewRepo") 27 fail := func(e xrpcerr.XrpcError) { 28 l.Error("failed", "kind", e.Tag, "error", e.Message) 29 writeError(w, e, http.StatusBadRequest) 30 } 31 32 actorDid, ok := r.Context().Value(ActorDid).(syntax.DID) 33 if !ok { 34 fail(xrpcerr.MissingActorDidError) 35 return 36 } 37 38 isMember, err := h.Enforcer.IsRepoCreateAllowed(actorDid.String(), rbac.ThisServer) 39 if err != nil { 40 fail(xrpcerr.GenericError(err)) 41 return 42 } 43 if !isMember { 44 fail(xrpcerr.AccessControlError(actorDid.String())) 45 return 46 } 47 48 var data tangled.RepoCreate_Input 49 if err := json.NewDecoder(r.Body).Decode(&data); err != nil { 50 fail(xrpcerr.GenericError(err)) 51 return 52 } 53 54 repoName := data.Name 55 56 if repoName == "" { 57 fail(xrpcerr.GenericError(fmt.Errorf("repository name is required"))) 58 return 59 } 60 61 defaultBranch := h.Config.Repo.MainBranch 62 if data.DefaultBranch != nil && *data.DefaultBranch != "" { 63 defaultBranch = *data.DefaultBranch 64 } 65 66 if err := validateRepoName(repoName); err != nil { 67 l.Error("creating repo", "error", err.Error()) 68 fail(xrpcerr.GenericError(err)) 69 return 70 } 71 72 var repoDid string 73 var prepared *repodid.PreparedDID 74 75 knotServiceUrl := "https://" + h.Config.Server.Hostname 76 if h.Config.Server.Dev { 77 knotServiceUrl = "http://" + h.Config.Server.Hostname 78 } 79 80 switch { 81 case data.RepoDid != nil && strings.HasPrefix(*data.RepoDid, "did:web:"): 82 if err := repodid.VerifyRepoDIDWeb(r.Context(), h.Resolver, *data.RepoDid, knotServiceUrl); err != nil { 83 l.Error("verifying did:web", "error", err.Error()) 84 writeError(w, xrpcerr.GenericError(err), http.StatusBadRequest) 85 return 86 } 87 88 exists, err := h.Db.RepoDidExists(*data.RepoDid) 89 if err != nil { 90 l.Error("checking did:web uniqueness", "error", err.Error()) 91 writeError(w, xrpcerr.GenericError(err), http.StatusInternalServerError) 92 return 93 } 94 if exists { 95 writeError(w, xrpcerr.GenericError(fmt.Errorf("did:web %s is already in use on this knot", *data.RepoDid)), http.StatusConflict) 96 return 97 } 98 99 repoDid = *data.RepoDid 100 101 case data.RepoDid != nil && *data.RepoDid != "": 102 writeError(w, xrpcerr.GenericError(fmt.Errorf("only did:web is accepted as a user-provided repo DID; did:plc is auto-generated")), http.StatusBadRequest) 103 return 104 105 default: 106 existingDid, dbErr := h.Db.GetRepoDid(actorDid.String(), repoName) 107 if dbErr == nil && existingDid != "" { 108 didRepoPath, _ := securejoin.SecureJoin(h.Config.Repo.ScanPath, existingDid) 109 if _, statErr := os.Stat(didRepoPath); statErr == nil { 110 l.Info("repo already exists from previous attempt", "repoDid", existingDid) 111 output := tangled.RepoCreate_Output{RepoDid: &existingDid} 112 writeJson(w, &output) 113 return 114 } 115 l.Warn("stale repo key found without directory, cleaning up", "repoDid", existingDid) 116 if delErr := h.Db.DeleteRepoKey(existingDid); delErr != nil { 117 l.Error("failed to clean up stale repo key", "repoDid", existingDid, "error", delErr.Error()) 118 writeError(w, xrpcerr.GenericError(fmt.Errorf("failed to clean up stale state, retry later")), http.StatusInternalServerError) 119 return 120 } 121 } 122 123 var prepErr error 124 prepared, prepErr = repodid.PrepareRepoDID(h.Config.Server.PlcUrl, knotServiceUrl) 125 if prepErr != nil { 126 l.Error("preparing repo DID", "error", prepErr.Error()) 127 writeError(w, xrpcerr.GenericError(prepErr), http.StatusInternalServerError) 128 return 129 } 130 repoDid = prepared.RepoDid 131 132 atUri := fmt.Sprintf("at://%s/%s/%s", actorDid, tangled.RepoNSID, data.Rkey) 133 if err := h.Db.StoreRepoKey(repoDid, prepared.SigningKeyRaw, actorDid.String(), repoName, atUri); err != nil { 134 if strings.Contains(err.Error(), "UNIQUE constraint failed") { 135 writeError(w, xrpcerr.GenericError(fmt.Errorf("repository %s already being created", repoName)), http.StatusConflict) 136 return 137 } 138 l.Error("claiming repo key slot", "error", err.Error()) 139 writeError(w, xrpcerr.GenericError(err), http.StatusInternalServerError) 140 return 141 } 142 } 143 144 l = l.With("repoDid", repoDid) 145 146 repoPath, _ := securejoin.SecureJoin(h.Config.Repo.ScanPath, repoDid) 147 rbacPath := repoDid 148 149 cleanup := func() { 150 if rmErr := os.RemoveAll(repoPath); rmErr != nil { 151 l.Error("failed to clean up repo directory", "path", repoPath, "error", rmErr.Error()) 152 } 153 } 154 155 cleanupAll := func() { 156 cleanup() 157 if delErr := h.Db.DeleteRepoKey(repoDid); delErr != nil { 158 l.Error("failed to clean up repo key", "error", delErr.Error()) 159 } 160 } 161 162 if data.Source != nil && *data.Source != "" { 163 err = git.Fork(repoPath, *data.Source, h.Config) 164 if err != nil { 165 l.Error("forking repo", "error", err.Error()) 166 cleanupAll() 167 writeError(w, xrpcerr.GenericError(err), http.StatusInternalServerError) 168 return 169 } 170 } else { 171 err = git.InitBare(repoPath, defaultBranch) 172 if err != nil { 173 l.Error("initializing bare repo", "error", err.Error()) 174 cleanupAll() 175 if errors.Is(err, gogit.ErrRepositoryAlreadyExists) { 176 fail(xrpcerr.RepoExistsError("repository already exists")) 177 return 178 } 179 writeError(w, xrpcerr.GenericError(err), http.StatusInternalServerError) 180 return 181 } 182 } 183 184 if data.RepoDid != nil && strings.HasPrefix(*data.RepoDid, "did:web:") { 185 webAtUri := fmt.Sprintf("at://%s/%s/%s", actorDid, tangled.RepoNSID, data.Rkey) 186 if err := h.Db.StoreRepoDidWeb(repoDid, actorDid.String(), repoName, webAtUri); err != nil { 187 cleanupAll() 188 if strings.Contains(err.Error(), "UNIQUE constraint failed") { 189 writeError(w, xrpcerr.GenericError(fmt.Errorf("did:web %s is already in use", repoDid)), http.StatusConflict) 190 return 191 } 192 l.Error("storing did:web repo entry", "error", err.Error()) 193 writeError(w, xrpcerr.GenericError(err), http.StatusInternalServerError) 194 return 195 } 196 } 197 198 if prepared != nil { 199 plcCtx, plcCancel := context.WithTimeout(context.Background(), 30*time.Second) 200 defer plcCancel() 201 if err := prepared.Submit(plcCtx); err != nil { 202 l.Error("submitting to PLC directory", "error", err.Error()) 203 cleanupAll() 204 writeError(w, xrpcerr.GenericError(fmt.Errorf("PLC directory submission failed: %w", err)), http.StatusInternalServerError) 205 return 206 } 207 } 208 209 // add perms for this user to access the repo 210 err = h.Enforcer.AddRepo(actorDid.String(), rbac.ThisServer, rbacPath) 211 if err != nil { 212 l.Error("adding repo permissions", "error", err.Error()) 213 cleanupAll() 214 writeError(w, xrpcerr.GenericError(err), http.StatusInternalServerError) 215 return 216 } 217 218 hook.SetupRepo( 219 hook.Config( 220 hook.WithScanPath(h.Config.Repo.ScanPath), 221 hook.WithInternalApi(h.Config.Server.InternalListenAddr), 222 ), 223 repoPath, 224 ) 225 226 // HACK: request crawl for this repository 227 // Users won't want to sync entire network from their local knotmirror. 228 // Therefore, to bypass the local tap, requestCrawl directly to the knotmirror. 229 go func() { 230 if h.Config.Server.Dev { 231 repoAt := fmt.Sprintf("at://%s/%s/%s", actorDid, tangled.RepoNSID, data.Rkey) 232 rCtx, rCancel := context.WithTimeout(context.Background(), 10*time.Second) 233 defer rCancel() 234 h.requestCrawl(rCtx, &tangled.SyncRequestCrawl_Input{ 235 Hostname: h.Config.Server.Hostname, 236 EnsureRepo: &repoAt, 237 }) 238 } 239 }() 240 241 writeJson(w, &tangled.RepoCreate_Output{RepoDid: &repoDid}) 242} 243 244func (h *Xrpc) requestCrawl(ctx context.Context, input *tangled.SyncRequestCrawl_Input) error { 245 h.Logger.Info("requesting crawl", "mirrors", h.Config.KnotMirrors) 246 for _, knotmirror := range h.Config.KnotMirrors { 247 xrpcc := indigoxrpc.Client{Host: knotmirror} 248 if err := tangled.SyncRequestCrawl(ctx, &xrpcc, input); err != nil { 249 h.Logger.Error("error requesting crawl", "err", err) 250 } else { 251 h.Logger.Info("crawl requested successfully") 252 } 253 } 254 return nil 255} 256 257func validateRepoName(name string) error { 258 // check for path traversal attempts 259 if name == "." || name == ".." || 260 strings.Contains(name, "/") || strings.Contains(name, "\\") { 261 return fmt.Errorf("Repository name contains invalid path characters") 262 } 263 264 // check for sequences that could be used for traversal when normalized 265 if strings.Contains(name, "./") || strings.Contains(name, "../") || 266 strings.HasPrefix(name, ".") || strings.HasSuffix(name, ".") { 267 return fmt.Errorf("Repository name contains invalid path sequence") 268 } 269 270 // then continue with character validation 271 for _, char := range name { 272 if !((char >= 'a' && char <= 'z') || 273 (char >= 'A' && char <= 'Z') || 274 (char >= '0' && char <= '9') || 275 char == '-' || char == '_' || char == '.') { 276 return fmt.Errorf("Repository name can only contain alphanumeric characters, periods, hyphens, and underscores") 277 } 278 } 279 280 // additional check to prevent multiple sequential dots 281 if strings.Contains(name, "..") { 282 return fmt.Errorf("Repository name cannot contain sequential dots") 283 } 284 285 // if all checks pass 286 return nil 287}