forked from
tangled.org/core
Monorepo for Tangled
appview, knotserver: add didAssign event and PDS rewrite on login
Signed-off-by: Lewis <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
+469
-37
+142
-2
appview/db/repos.go
+142
-2
appview/db/repos.go
···
583
583
return GetRepo(e, orm.FilterEq("repo_did", repoDid))
584
584
}
585
585
586
+
func EnqueuePdsRewritesForRepo(tx *sql.Tx, repoDid, repoAtUri string) error {
587
+
type record struct {
588
+
userDidCol string
589
+
table string
590
+
nsid string
591
+
fkCol string
592
+
}
593
+
sources := []record{
594
+
{"did", "repos", "sh.tangled.repo", "at_uri"},
595
+
{"did", "issues", "sh.tangled.repo.issue", "repo_at"},
596
+
{"owner_did", "pulls", "sh.tangled.repo.pull", "repo_at"},
597
+
{"did", "collaborators", "sh.tangled.repo.collaborator", "repo_at"},
598
+
{"did", "artifacts", "sh.tangled.repo.artifact", "repo_at"},
599
+
{"did", "stars", "sh.tangled.feed.star", "subject_at"},
600
+
}
601
+
602
+
for _, src := range sources {
603
+
rows, err := tx.Query(
604
+
fmt.Sprintf(`SELECT %s, rkey FROM %s WHERE %s = ?`, src.userDidCol, src.table, src.fkCol),
605
+
repoAtUri,
606
+
)
607
+
if err != nil {
608
+
return fmt.Errorf("query %s for pds rewrites: %w", src.table, err)
609
+
}
610
+
611
+
var pairs []struct{ did, rkey string }
612
+
for rows.Next() {
613
+
var d, r string
614
+
if scanErr := rows.Scan(&d, &r); scanErr != nil {
615
+
rows.Close()
616
+
return fmt.Errorf("scan %s for pds rewrites: %w", src.table, scanErr)
617
+
}
618
+
pairs = append(pairs, struct{ did, rkey string }{d, r})
619
+
}
620
+
rows.Close()
621
+
if rowsErr := rows.Err(); rowsErr != nil {
622
+
return fmt.Errorf("iterate %s for pds rewrites: %w", src.table, rowsErr)
623
+
}
624
+
625
+
for _, p := range pairs {
626
+
if err := EnqueuePdsRewrite(tx, p.did, repoDid, src.nsid, p.rkey, repoAtUri); err != nil {
627
+
return fmt.Errorf("enqueue pds rewrite for %s/%s: %w", src.table, p.rkey, err)
628
+
}
629
+
}
630
+
}
631
+
632
+
profileRows, err := tx.Query(
633
+
`SELECT DISTINCT did FROM profile_pinned_repositories WHERE at_uri = ?`,
634
+
repoAtUri,
635
+
)
636
+
if err != nil {
637
+
return fmt.Errorf("query profile_pinned_repositories for pds rewrites: %w", err)
638
+
}
639
+
var profileDids []string
640
+
for profileRows.Next() {
641
+
var d string
642
+
if scanErr := profileRows.Scan(&d); scanErr != nil {
643
+
profileRows.Close()
644
+
return fmt.Errorf("scan profile_pinned_repositories for pds rewrites: %w", scanErr)
645
+
}
646
+
profileDids = append(profileDids, d)
647
+
}
648
+
profileRows.Close()
649
+
if profileRowsErr := profileRows.Err(); profileRowsErr != nil {
650
+
return fmt.Errorf("iterate profile_pinned_repositories for pds rewrites: %w", profileRowsErr)
651
+
}
652
+
653
+
for _, d := range profileDids {
654
+
if err := EnqueuePdsRewrite(tx, d, repoDid, "sh.tangled.actor.profile", "self", repoAtUri); err != nil {
655
+
return fmt.Errorf("enqueue pds rewrite for profile/%s: %w", d, err)
656
+
}
657
+
}
658
+
659
+
return nil
660
+
}
661
+
662
+
type PdsRewrite struct {
663
+
Id int
664
+
RepoDid string
665
+
RecordNsid string
666
+
RecordRkey string
667
+
OldRepoAt string
668
+
}
669
+
670
+
func GetPendingPdsRewrites(e Execer, userDid string) ([]PdsRewrite, error) {
671
+
rows, err := e.Query(
672
+
`SELECT id, repo_did, record_nsid, record_rkey, old_repo_at
673
+
FROM pds_rewrite_status
674
+
WHERE user_did = ? AND status = 'pending'`,
675
+
userDid,
676
+
)
677
+
if err != nil {
678
+
return nil, err
679
+
}
680
+
defer rows.Close()
681
+
682
+
var rewrites []PdsRewrite
683
+
for rows.Next() {
684
+
var r PdsRewrite
685
+
if err := rows.Scan(&r.Id, &r.RepoDid, &r.RecordNsid, &r.RecordRkey, &r.OldRepoAt); err != nil {
686
+
return nil, err
687
+
}
688
+
rewrites = append(rewrites, r)
689
+
}
690
+
return rewrites, rows.Err()
691
+
}
692
+
693
+
func CompletePdsRewrite(e Execer, id int) error {
694
+
_, err := e.Exec(
695
+
`UPDATE pds_rewrite_status SET status = 'done', updated_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now') WHERE id = ?`,
696
+
id,
697
+
)
698
+
return err
699
+
}
700
+
586
701
func EnqueuePdsRewrite(e Execer, userDid, repoDid, recordNsid, recordRkey, oldRepoAt string) error {
587
702
_, err := e.Exec(
588
-
`INSERT OR IGNORE INTO pds_rewrite_status
703
+
`INSERT INTO pds_rewrite_status
589
704
(user_did, repo_did, record_nsid, record_rkey, old_repo_at, status)
590
-
VALUES (?, ?, ?, ?, ?, 'pending')`,
705
+
VALUES (?, ?, ?, ?, ?, 'pending')
706
+
ON CONFLICT(user_did, record_nsid, record_rkey) DO UPDATE SET
707
+
status = 'pending',
708
+
repo_did = excluded.repo_did,
709
+
old_repo_at = excluded.old_repo_at,
710
+
updated_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now')`,
591
711
userDid, repoDid, recordNsid, recordRkey, oldRepoAt,
592
712
)
593
713
return err
714
+
}
715
+
716
+
func CascadeRepoDid(tx *sql.Tx, repoAtUri, repoDid string) error {
717
+
_, err := tx.Exec(
718
+
`UPDATE repos SET repo_did = ? WHERE at_uri = ?`,
719
+
repoDid, repoAtUri,
720
+
)
721
+
if err != nil {
722
+
return fmt.Errorf("cascade repo_did to repos: %w", err)
723
+
}
724
+
725
+
_, err = tx.Exec(
726
+
`UPDATE repos SET source = ? WHERE source = ?`,
727
+
repoDid, repoAtUri,
728
+
)
729
+
if err != nil {
730
+
return fmt.Errorf("cascade repo_did to repos.source: %w", err)
731
+
}
732
+
733
+
return nil
594
734
}
595
735
596
736
func UpdateDescription(e Execer, repoAt, newDescription string) error {
+134
appview/oauth/handler.go
+134
appview/oauth/handler.go
···
13
13
"time"
14
14
15
15
comatproto "github.com/bluesky-social/indigo/api/atproto"
16
+
atpclient "github.com/bluesky-social/indigo/atproto/atclient"
16
17
"github.com/bluesky-social/indigo/atproto/auth/oauth"
17
18
lexutil "github.com/bluesky-social/indigo/lex/util"
18
19
xrpc "github.com/bluesky-social/indigo/xrpc"
···
95
96
go o.addToDefaultSpindle(sessData.AccountDID.String())
96
97
go o.ensureTangledProfile(sessData)
97
98
go o.autoClaimTnglShDomain(sessData.AccountDID.String())
99
+
go o.drainPdsRewrites(sessData)
98
100
99
101
if !o.Config.Core.Dev {
100
102
err = o.Posthog.Enqueue(posthog.Capture{
···
271
273
}
272
274
273
275
l.Debug("successfully created empty Tangled profile on PDS and DB")
276
+
}
277
+
278
+
func (o *OAuth) drainPdsRewrites(sessData *oauth.ClientSessionData) {
279
+
ctx := context.Background()
280
+
did := sessData.AccountDID.String()
281
+
l := o.Logger.With("did", did, "handler", "drainPdsRewrites")
282
+
283
+
rewrites, err := db.GetPendingPdsRewrites(o.Db, did)
284
+
if err != nil {
285
+
l.Error("failed to get pending rewrites", "err", err)
286
+
return
287
+
}
288
+
if len(rewrites) == 0 {
289
+
return
290
+
}
291
+
292
+
l.Info("draining pending PDS rewrites", "count", len(rewrites))
293
+
294
+
sess, err := o.ClientApp.ResumeSession(ctx, sessData.AccountDID, sessData.SessionID)
295
+
if err != nil {
296
+
l.Error("failed to resume session for PDS rewrites", "err", err)
297
+
return
298
+
}
299
+
client := sess.APIClient()
300
+
301
+
for _, rw := range rewrites {
302
+
if err := o.rewritePdsRecord(ctx, client, did, rw); err != nil {
303
+
l.Error("failed to rewrite PDS record",
304
+
"nsid", rw.RecordNsid,
305
+
"rkey", rw.RecordRkey,
306
+
"repo_did", rw.RepoDid,
307
+
"err", err)
308
+
continue
309
+
}
310
+
311
+
if err := db.CompletePdsRewrite(o.Db, rw.Id); err != nil {
312
+
l.Error("failed to mark rewrite complete", "id", rw.Id, "err", err)
313
+
}
314
+
}
315
+
}
316
+
317
+
func (o *OAuth) rewritePdsRecord(ctx context.Context, client *atpclient.APIClient, userDid string, rw db.PdsRewrite) error {
318
+
ex, err := comatproto.RepoGetRecord(ctx, client, "", rw.RecordNsid, userDid, rw.RecordRkey)
319
+
if err != nil {
320
+
return fmt.Errorf("get record: %w", err)
321
+
}
322
+
323
+
val := ex.Value.Val
324
+
repoDid := rw.RepoDid
325
+
326
+
switch rw.RecordNsid {
327
+
case tangled.RepoNSID:
328
+
rec, ok := val.(*tangled.Repo)
329
+
if !ok {
330
+
return fmt.Errorf("unexpected type for repo record")
331
+
}
332
+
rec.RepoDid = &repoDid
333
+
334
+
case tangled.RepoIssueNSID:
335
+
rec, ok := val.(*tangled.RepoIssue)
336
+
if !ok {
337
+
return fmt.Errorf("unexpected type for issue record")
338
+
}
339
+
rec.RepoDid = &repoDid
340
+
341
+
case tangled.RepoPullNSID:
342
+
rec, ok := val.(*tangled.RepoPull)
343
+
if !ok {
344
+
return fmt.Errorf("unexpected type for pull record")
345
+
}
346
+
if rec.Target != nil {
347
+
rec.Target.RepoDid = &repoDid
348
+
}
349
+
if rec.Source != nil && rec.Source.Repo != nil && *rec.Source.Repo == rw.OldRepoAt {
350
+
rec.Source.RepoDid = &repoDid
351
+
}
352
+
353
+
case tangled.RepoCollaboratorNSID:
354
+
rec, ok := val.(*tangled.RepoCollaborator)
355
+
if !ok {
356
+
return fmt.Errorf("unexpected type for collaborator record")
357
+
}
358
+
rec.RepoDid = &repoDid
359
+
360
+
case tangled.RepoArtifactNSID:
361
+
rec, ok := val.(*tangled.RepoArtifact)
362
+
if !ok {
363
+
return fmt.Errorf("unexpected type for artifact record")
364
+
}
365
+
rec.RepoDid = &repoDid
366
+
367
+
case tangled.FeedStarNSID:
368
+
rec, ok := val.(*tangled.FeedStar)
369
+
if !ok {
370
+
return fmt.Errorf("unexpected type for star record")
371
+
}
372
+
rec.SubjectDid = &repoDid
373
+
374
+
case tangled.ActorProfileNSID:
375
+
rec, ok := val.(*tangled.ActorProfile)
376
+
if !ok {
377
+
return fmt.Errorf("unexpected type for profile record")
378
+
}
379
+
var dids []string
380
+
var remaining []string
381
+
for _, pinUri := range rec.PinnedRepositories {
382
+
repo, repoErr := db.GetRepoByAtUri(o.Db, pinUri)
383
+
if repoErr != nil || repo.RepoDid == "" {
384
+
remaining = append(remaining, pinUri)
385
+
continue
386
+
}
387
+
dids = append(dids, repo.RepoDid)
388
+
}
389
+
rec.PinnedRepositoryDids = append(rec.PinnedRepositoryDids, dids...)
390
+
rec.PinnedRepositories = remaining
391
+
392
+
default:
393
+
return fmt.Errorf("unsupported NSID for PDS rewrite: %s", rw.RecordNsid)
394
+
}
395
+
396
+
_, err = comatproto.RepoPutRecord(ctx, client, &comatproto.RepoPutRecord_Input{
397
+
Collection: rw.RecordNsid,
398
+
Repo: userDid,
399
+
Rkey: rw.RecordRkey,
400
+
SwapRecord: ex.Cid,
401
+
Record: &lexutil.LexiconTypeDecoder{Val: val},
402
+
})
403
+
if err != nil {
404
+
return fmt.Errorf("put record: %w", err)
405
+
}
406
+
407
+
return nil
274
408
}
275
409
276
410
// create a AppPasswordSession using apppasswords
+90
appview/state/knotstream.go
+90
appview/state/knotstream.go
···
20
20
"tangled.org/core/appview/sites"
21
21
ec "tangled.org/core/eventconsumer"
22
22
"tangled.org/core/eventconsumer/cursor"
23
+
knotdb "tangled.org/core/knotserver/db"
23
24
"tangled.org/core/log"
24
25
"tangled.org/core/orm"
25
26
"tangled.org/core/rbac"
···
88
89
return ingestRefUpdate(ctx, d, enforcer, posthog, notifier, dev, c, cfClient, source, msg)
89
90
case tangled.PipelineNSID:
90
91
return ingestPipeline(d, source, msg)
92
+
case knotdb.RepoDIDAssignNSID:
93
+
return ingestDIDAssign(d, enforcer, source, msg, ctx)
91
94
}
92
95
93
96
return nil
···
375
378
376
379
return nil
377
380
}
381
+
382
+
func ingestDIDAssign(d *db.DB, enforcer *rbac.Enforcer, source ec.Source, msg ec.Message, ctx context.Context) error {
383
+
logger := log.FromContext(ctx)
384
+
385
+
var record knotdb.RepoDIDAssign
386
+
if err := json.Unmarshal(msg.EventJson, &record); err != nil {
387
+
return fmt.Errorf("unmarshal didAssign: %w", err)
388
+
}
389
+
390
+
if record.RepoDid == "" || record.OwnerDid == "" || record.RepoName == "" {
391
+
return fmt.Errorf("didAssign missing required fields: repoDid=%q ownerDid=%q repoName=%q",
392
+
record.RepoDid, record.OwnerDid, record.RepoName)
393
+
}
394
+
395
+
logger.Info("processing didAssign event",
396
+
"repo_did", record.RepoDid,
397
+
"owner_did", record.OwnerDid,
398
+
"repo_name", record.RepoName)
399
+
400
+
repos, err := db.GetRepos(d,
401
+
orm.FilterEq("did", record.OwnerDid),
402
+
orm.FilterEq("name", record.RepoName),
403
+
)
404
+
if err != nil || len(repos) == 0 {
405
+
logger.Warn("didAssign for unknown repo, skipping",
406
+
"owner_did", record.OwnerDid,
407
+
"repo_name", record.RepoName)
408
+
return nil
409
+
}
410
+
repo := repos[0]
411
+
knot := source.Key()
412
+
413
+
if repo.Knot != knot {
414
+
return fmt.Errorf("didAssign from %s for repo hosted on %s, rejecting", knot, repo.Knot)
415
+
}
416
+
417
+
repoAtUri := repo.RepoAt().String()
418
+
legacyResource := record.OwnerDid + "/" + record.RepoName
419
+
420
+
if repo.RepoDid != record.RepoDid {
421
+
tx, err := d.Begin()
422
+
if err != nil {
423
+
return fmt.Errorf("begin didAssign txn: %w", err)
424
+
}
425
+
defer tx.Rollback()
426
+
427
+
if err := db.CascadeRepoDid(tx, repoAtUri, record.RepoDid); err != nil {
428
+
return fmt.Errorf("cascade repo_did: %w", err)
429
+
}
430
+
431
+
if err := db.EnqueuePdsRewritesForRepo(tx, record.RepoDid, repoAtUri); err != nil {
432
+
return fmt.Errorf("enqueue pds rewrites: %w", err)
433
+
}
434
+
435
+
if err := tx.Commit(); err != nil {
436
+
return fmt.Errorf("commit didAssign txn: %w", err)
437
+
}
438
+
}
439
+
440
+
if err := enforcer.RemoveRepo(record.OwnerDid, knot, legacyResource); err != nil {
441
+
return fmt.Errorf("remove legacy RBAC policies for %s: %w", legacyResource, err)
442
+
}
443
+
if err := enforcer.AddRepo(record.OwnerDid, knot, record.RepoDid); err != nil {
444
+
return fmt.Errorf("add RBAC policies for %s: %w", record.RepoDid, err)
445
+
}
446
+
447
+
collabs, collabErr := db.GetCollaborators(d, orm.FilterEq("repo_at", repoAtUri))
448
+
if collabErr != nil {
449
+
return fmt.Errorf("get collaborators for RBAC update: %w", collabErr)
450
+
}
451
+
for _, c := range collabs {
452
+
collabDid := c.SubjectDid.String()
453
+
if err := enforcer.RemoveCollaborator(collabDid, knot, legacyResource); err != nil {
454
+
return fmt.Errorf("remove collaborator RBAC for %s: %w", collabDid, err)
455
+
}
456
+
if err := enforcer.AddCollaborator(collabDid, knot, record.RepoDid); err != nil {
457
+
return fmt.Errorf("add collaborator RBAC for %s: %w", collabDid, err)
458
+
}
459
+
}
460
+
461
+
logger.Info("didAssign processed successfully",
462
+
"repo_did", record.RepoDid,
463
+
"owner_did", record.OwnerDid,
464
+
"repo_name", record.RepoName)
465
+
466
+
return nil
467
+
}
+10
knotserver/db/didassign.go
+10
knotserver/db/didassign.go
+22
knotserver/db/events.go
+22
knotserver/db/events.go
···
1
1
package db
2
2
3
3
import (
4
+
"encoding/json"
4
5
"fmt"
5
6
"time"
6
7
7
8
"tangled.org/core/notifier"
9
+
"tangled.org/core/tid"
8
10
)
9
11
10
12
type Event struct {
···
27
29
notifier.NotifyAll()
28
30
29
31
return err
32
+
}
33
+
34
+
func (d *DB) EmitDIDAssign(n *notifier.Notifier, ownerDid, repoName, repoDid, oldRepoAt string) error {
35
+
payload := RepoDIDAssign{
36
+
OwnerDid: ownerDid,
37
+
RepoName: repoName,
38
+
RepoDid: repoDid,
39
+
OldRepoAt: oldRepoAt,
40
+
}
41
+
42
+
eventJson, err := json.Marshal(payload)
43
+
if err != nil {
44
+
return fmt.Errorf("marshal didAssign event: %w", err)
45
+
}
46
+
47
+
return d.InsertEvent(Event{
48
+
Rkey: tid.TID(),
49
+
Nsid: RepoDIDAssignNSID,
50
+
EventJson: string(eventJson),
51
+
}, n)
30
52
}
31
53
32
54
func (d *DB) GetEvents(cursor int64) ([]Event, error) {
+26
-14
knotserver/events.go
+26
-14
knotserver/events.go
···
56
56
cursor = defaultCursor
57
57
}
58
58
59
-
// complete backfill first before going to live data
60
59
l.Debug("going through backfill", "cursor", cursor)
61
-
if err := h.streamOps(conn, &cursor); err != nil {
60
+
if err := h.drainBackfill(conn, &cursor, 10_000); err != nil {
62
61
l.Error("failed to backfill", "err", err)
63
62
return
64
63
}
···
81
80
l.Debug("stopping stream: client closed connection")
82
81
return
83
82
case <-ch:
84
-
// we have been notified of new data
85
83
l.Debug("going through live data", "cursor", cursor)
86
-
if err := h.streamOps(conn, &cursor); err != nil {
84
+
if _, err := h.streamOps(conn, &cursor); err != nil {
87
85
l.Error("failed to stream", "err", err)
88
86
return
89
87
}
···
96
94
}
97
95
}
98
96
99
-
func (h *Knot) streamOps(conn *websocket.Conn, cursor *int64) error {
97
+
func (h *Knot) drainBackfill(conn *websocket.Conn, cursor *int64, maxBatches int) error {
98
+
for range maxBatches {
99
+
n, err := h.streamOps(conn, cursor)
100
+
if err != nil {
101
+
return err
102
+
}
103
+
if n < 100 {
104
+
return nil
105
+
}
106
+
}
107
+
h.l.Warn("backfill hit batch limit", "maxBatches", maxBatches, "cursor", *cursor)
108
+
return nil
109
+
}
110
+
111
+
func (h *Knot) streamOps(conn *websocket.Conn, cursor *int64) (int, error) {
100
112
events, err := h.db.GetEvents(*cursor)
101
113
if err != nil {
102
114
h.l.Error("failed to fetch events from db", "err", err, "cursor", cursor)
103
-
return err
115
+
return 0, err
104
116
}
105
117
106
118
for _, event := range events {
107
-
// first extract the inner json into a map
108
119
var eventJson map[string]any
109
120
err := json.Unmarshal([]byte(event.EventJson), &eventJson)
110
121
if err != nil {
111
122
h.l.Error("failed to unmarshal event", "err", err)
112
-
return err
123
+
return 0, err
113
124
}
114
125
115
126
jsonMsg, err := json.Marshal(map[string]any{
116
-
"rkey": event.Rkey,
117
-
"nsid": event.Nsid,
118
-
"event": eventJson,
127
+
"rkey": event.Rkey,
128
+
"nsid": event.Nsid,
129
+
"event": eventJson,
130
+
"created": event.Created,
119
131
})
120
132
if err != nil {
121
133
h.l.Error("failed to marshal record", "err", err)
122
-
return err
134
+
return 0, err
123
135
}
124
136
125
137
if err := conn.WriteMessage(websocket.TextMessage, jsonMsg); err != nil {
126
138
h.l.Debug("err", "err", err)
127
-
return err
139
+
return 0, err
128
140
}
129
141
*cursor = event.Created
130
142
}
131
143
132
-
return nil
144
+
return len(events), nil
133
145
}
134
146
135
147
func (h *Knot) requestCrawl(ctx context.Context) error {
+14
-5
knotserver/git.go
+14
-5
knotserver/git.go
···
6
6
"io"
7
7
"net/http"
8
8
"os"
9
+
"path/filepath"
9
10
"strings"
10
11
12
+
securejoin "github.com/cyphar/filepath-securejoin"
11
13
"github.com/go-chi/chi/v5"
12
14
"tangled.org/core/knotserver/git/service"
13
15
)
···
25
27
}
26
28
27
29
repoDid, err := h.db.GetRepoDid(did, name)
28
-
if err != nil {
29
-
return "", "", fmt.Errorf("repo not found: %w", err)
30
+
if err == nil {
31
+
repoPath, _, _, resolveErr := h.db.ResolveRepoDIDOnDisk(h.c.Repo.ScanPath, repoDid)
32
+
if resolveErr == nil {
33
+
return repoPath, name, nil
34
+
}
35
+
}
36
+
37
+
repoPath, joinErr := securejoin.SecureJoin(h.c.Repo.ScanPath, filepath.Join(did, name))
38
+
if joinErr != nil {
39
+
return "", "", fmt.Errorf("repo not found: %w", joinErr)
30
40
}
31
-
repoPath, _, _, err := h.db.ResolveRepoDIDOnDisk(h.c.Repo.ScanPath, repoDid)
32
-
if err != nil {
33
-
return "", "", fmt.Errorf("repo not found: %w", err)
41
+
if _, statErr := os.Stat(repoPath); statErr != nil {
42
+
return "", "", fmt.Errorf("repo not found: %w", statErr)
34
43
}
35
44
return repoPath, name, nil
36
45
}
+28
-13
knotserver/internal.go
+28
-13
knotserver/internal.go
···
6
6
"fmt"
7
7
"log/slog"
8
8
"net/http"
9
+
"os"
9
10
"path/filepath"
10
11
"strings"
11
12
13
+
securejoin "github.com/cyphar/filepath-securejoin"
12
14
"github.com/go-chi/chi/v5"
13
15
"github.com/go-chi/chi/v5/middleware"
14
16
"github.com/go-git/go-git/v5/plumbing"
···
124
126
ownerDid := repoOwnerIdent.DID.String()
125
127
repoName := components[1]
126
128
repoDid, didErr := h.db.GetRepoDid(ownerDid, repoName)
127
-
if didErr != nil {
128
-
w.WriteHeader(http.StatusNotFound)
129
-
l.Error("repo DID not found", "owner", ownerDid, "name", repoName, "err", didErr)
130
-
fmt.Fprintln(w, "repo not found")
131
-
return
129
+
var repoPath string
130
+
if didErr == nil {
131
+
var lookupErr error
132
+
repoPath, _, _, lookupErr = h.db.ResolveRepoDIDOnDisk(h.c.Repo.ScanPath, repoDid)
133
+
if lookupErr != nil {
134
+
w.WriteHeader(http.StatusNotFound)
135
+
l.Error("repo not found on disk", "repoDid", repoDid, "err", lookupErr)
136
+
fmt.Fprintln(w, "repo not found")
137
+
return
138
+
}
139
+
rbacResource = repoDid
140
+
} else {
141
+
legacyPath, joinErr := securejoin.SecureJoin(h.c.Repo.ScanPath, filepath.Join(ownerDid, repoName))
142
+
if joinErr != nil {
143
+
w.WriteHeader(http.StatusNotFound)
144
+
fmt.Fprintln(w, "repo not found")
145
+
return
146
+
}
147
+
if _, statErr := os.Stat(legacyPath); statErr != nil {
148
+
w.WriteHeader(http.StatusNotFound)
149
+
l.Error("repo not found on disk (legacy)", "owner", ownerDid, "name", repoName)
150
+
fmt.Fprintln(w, "repo not found")
151
+
return
152
+
}
153
+
repoPath = legacyPath
154
+
rbacResource = ownerDid + "/" + repoName
132
155
}
133
-
repoPath, _, _, lookupErr := h.db.ResolveRepoDIDOnDisk(h.c.Repo.ScanPath, repoDid)
134
-
if lookupErr != nil {
135
-
w.WriteHeader(http.StatusNotFound)
136
-
l.Error("repo not found on disk", "repoDid", repoDid, "err", lookupErr)
137
-
fmt.Fprintln(w, "repo not found")
138
-
return
139
-
}
140
-
rbacResource = repoDid
141
156
rel, relErr := filepath.Rel(h.c.Repo.ScanPath, repoPath)
142
157
if relErr != nil {
143
158
w.WriteHeader(http.StatusInternalServerError)
+2
-2
rbac/rbac.go
+2
-2
rbac/rbac.go
···
34
34
)
35
35
36
36
type Enforcer struct {
37
-
E *casbin.Enforcer
37
+
E *casbin.SyncedEnforcer
38
38
}
39
39
40
40
func NewEnforcer(path string) (*Enforcer, error) {
···
53
53
return nil, err
54
54
}
55
55
56
-
e, err := casbin.NewEnforcer(m, a)
56
+
e, err := casbin.NewSyncedEnforcer(m, a)
57
57
if err != nil {
58
58
return nil, err
59
59
}