knotserver/xrpc/xrpc.go at master · jcs.org/tangled-core

jcs.org / tangled-core
forked from tangled.org/core
fork
Monorepo for Tangled
fork
tangled-core / knotserver / xrpc / xrpc.go
at master 156 lines 4.5 kB view raw
wrap content
oppiliappan knotserver: limit request size 4d ago
df86f772
  1package xrpc
  2
  3import (
  4	"bytes"
  5	"encoding/json"
  6	"errors"
  7	"log/slog"
  8	"net/http"
  9	"os"
 10	"path/filepath"
 11	"strings"
 12
 13	securejoin "github.com/cyphar/filepath-securejoin"
 14	"github.com/go-chi/chi/v5"
 15	"tangled.org/core/api/tangled"
 16	"tangled.org/core/idresolver"
 17	"tangled.org/core/jetstream"
 18	"tangled.org/core/knotserver/config"
 19	"tangled.org/core/knotserver/db"
 20	"tangled.org/core/notifier"
 21	"tangled.org/core/rbac"
 22	xrpcerr "tangled.org/core/xrpc/errors"
 23	"tangled.org/core/xrpc/serviceauth"
 24)
 25
 26type Xrpc struct {
 27	Config      *config.Config
 28	Db          *db.DB
 29	Ingester    *jetstream.JetstreamClient
 30	Enforcer    *rbac.Enforcer
 31	Logger      *slog.Logger
 32	Notifier    *notifier.Notifier
 33	Resolver    *idresolver.Resolver
 34	ServiceAuth *serviceauth.ServiceAuth
 35}
 36
 37func (x *Xrpc) Router() http.Handler {
 38	r := chi.NewRouter()
 39
 40	r.Group(func(r chi.Router) {
 41		r.Use(x.ServiceAuth.VerifyServiceAuth)
 42
 43		r.Post("/"+tangled.RepoSetDefaultBranchNSID, x.SetDefaultBranch)
 44		r.Post("/"+tangled.RepoDeleteBranchNSID, x.DeleteBranch)
 45		r.Post("/"+tangled.RepoCreateNSID, x.CreateRepo)
 46		r.Post("/"+tangled.RepoDeleteNSID, x.DeleteRepo)
 47		r.Post("/"+tangled.RepoForkStatusNSID, x.ForkStatus)
 48		r.Post("/"+tangled.RepoForkSyncNSID, x.ForkSync)
 49		r.Post("/"+tangled.RepoHiddenRefNSID, x.HiddenRef)
 50		r.Post("/"+tangled.RepoMergeNSID, x.Merge)
 51	})
 52
 53	// merge check is an open endpoint
 54	//
 55	// TODO: should we constrain this more?
 56	// - we can calculate on PR submit/resubmit/gitRefUpdate etc.
 57	// - use ETags on clients to keep requests to a minimum
 58	r.Post("/"+tangled.RepoMergeCheckNSID, x.MergeCheck)
 59
 60	// repo query endpoints (no auth required)
 61	r.Get("/"+tangled.RepoTreeNSID, x.RepoTree)
 62	r.Get("/"+tangled.RepoLogNSID, x.RepoLog)
 63	r.Get("/"+tangled.RepoBranchesNSID, x.RepoBranches)
 64	r.Get("/"+tangled.RepoTagsNSID, x.RepoTags)
 65	r.Get("/"+tangled.RepoTagNSID, x.RepoTag)
 66	r.Get("/"+tangled.RepoBlobNSID, x.RepoBlob)
 67	r.Get("/"+tangled.RepoDiffNSID, x.RepoDiff)
 68	r.Get("/"+tangled.RepoCompareNSID, x.RepoCompare)
 69	r.Get("/"+tangled.RepoGetDefaultBranchNSID, x.RepoGetDefaultBranch)
 70	r.Get("/"+tangled.RepoBranchNSID, x.RepoBranch)
 71	r.Get("/"+tangled.RepoArchiveNSID, x.RepoArchive)
 72	r.Get("/"+tangled.RepoLanguagesNSID, x.RepoLanguages)
 73
 74	// knot query endpoints (no auth required)
 75	r.Get("/"+tangled.KnotListKeysNSID, x.ListKeys)
 76	r.Get("/"+tangled.KnotVersionNSID, x.Version)
 77
 78	// service query endpoints (no auth required)
 79	r.Get("/"+tangled.OwnerNSID, x.Owner)
 80
 81	return r
 82}
 83
 84func (x *Xrpc) parseRepoParam(repo string) (string, error) {
 85	if repo == "" || !strings.HasPrefix(repo, "did:") {
 86		return "", xrpcerr.NewXrpcError(
 87			xrpcerr.WithTag("InvalidRequest"),
 88			xrpcerr.WithMessage("missing or invalid repo parameter, expected a repo DID"),
 89		)
 90	}
 91
 92	if !strings.Contains(repo, "/") {
 93		repoPath, _, _, err := x.Db.ResolveRepoDIDOnDisk(x.Config.Repo.ScanPath, repo)
 94		if err != nil {
 95			return "", xrpcerr.RepoNotFoundError
 96		}
 97		return repoPath, nil
 98	}
 99
100	parts := strings.SplitN(repo, "/", 2)
101	ownerDid, repoName := parts[0], parts[1]
102
103	repoDid, err := x.Db.GetRepoDid(ownerDid, repoName)
104	if err == nil {
105		repoPath, _, _, resolveErr := x.Db.ResolveRepoDIDOnDisk(x.Config.Repo.ScanPath, repoDid)
106		if resolveErr == nil {
107			return repoPath, nil
108		}
109	}
110
111	repoPath, joinErr := securejoin.SecureJoin(x.Config.Repo.ScanPath, filepath.Join(ownerDid, repoName))
112	if joinErr != nil {
113		return "", xrpcerr.RepoNotFoundError
114	}
115	if _, statErr := os.Stat(repoPath); statErr != nil {
116		return "", xrpcerr.RepoNotFoundError
117	}
118	return repoPath, nil
119}
120
121func writeError(w http.ResponseWriter, e xrpcerr.XrpcError, status int) {
122	w.Header().Set("Content-Type", "application/json")
123	w.WriteHeader(status)
124	json.NewEncoder(w).Encode(e)
125}
126
127type limitWriter struct {
128	buf     bytes.Buffer
129	limit   int
130	written int
131}
132
133var errResponseTooLarge = errors.New("response too large")
134
135func (lw *limitWriter) Write(p []byte) (int, error) {
136	if lw.written+len(p) > lw.limit {
137		return 0, errResponseTooLarge
138	}
139	n, err := lw.buf.Write(p)
140	lw.written += n
141	return n, err
142}
143
144func (x *Xrpc) writeJson(w http.ResponseWriter, response any) {
145	lw := &limitWriter{limit: x.Config.Server.MaxResponseKB * 1024}
146	if err := json.NewEncoder(lw).Encode(response); err != nil {
147		if errors.Is(err, errResponseTooLarge) {
148			writeError(w, xrpcerr.RequestTooLargeError, http.StatusRequestEntityTooLarge)
149		} else {
150			writeError(w, xrpcerr.GenericError(err), http.StatusInternalServerError)
151		}
152		return
153	}
154	w.Header().Set("Content-Type", "application/json")
155	w.Write(lw.buf.Bytes())
156}
Configure Feed

Configure Feed
