forked from
tangled.org/core
Mirror of @tangled.org/core. Running on a Raspberry Pi Zero 2 (Please be gentle).
appview: remove all mentions of SignedClient
Signed-off-by: oppiliappan <me@oppi.li>
+166
-690
+1
-1
appview/config/config.go
+1
-1
appview/config/config.go
+136
-120
appview/oauth/handler/handler.go
+136
-120
appview/oauth/handler/handler.go
···
8
8
"log"
9
9
"net/http"
10
10
"net/url"
11
+
"slices"
11
12
"strings"
12
13
"time"
13
14
···
26
25
"tangled.sh/tangled.sh/core/appview/oauth/client"
27
26
"tangled.sh/tangled.sh/core/appview/pages"
28
27
"tangled.sh/tangled.sh/core/idresolver"
29
-
"tangled.sh/tangled.sh/core/knotclient"
30
28
"tangled.sh/tangled.sh/core/rbac"
31
29
"tangled.sh/tangled.sh/core/tid"
32
30
)
···
353
353
return pubKey, nil
354
354
}
355
355
356
+
var (
357
+
tangledHandle = "tangled.sh"
358
+
tangledDid = "did:plc:wshs7t2adsemcrrd4snkeqli"
359
+
defaultSpindle = "spindle.tangled.sh"
360
+
defaultKnot = "knot1.tangled.sh"
361
+
)
362
+
356
363
func (o *OAuthHandler) addToDefaultSpindle(did string) {
357
364
// use the tangled.sh app password to get an accessJwt
358
365
// and create an sh.tangled.spindle.member record with that
359
-
360
-
defaultSpindle := "spindle.tangled.sh"
361
-
appPassword := o.config.Core.AppPassword
362
-
363
366
spindleMembers, err := db.GetSpindleMembers(
364
367
o.db,
365
368
db.FilterEq("instance", "spindle.tangled.sh"),
···
378
375
return
379
376
}
380
377
381
-
// TODO: hardcoded tangled handle and did for now
382
-
tangledHandle := "tangled.sh"
383
-
tangledDid := "did:plc:wshs7t2adsemcrrd4snkeqli"
384
-
385
-
if appPassword == "" {
386
-
log.Println("no app password configured, skipping spindle member addition")
387
-
return
388
-
}
389
-
390
378
log.Printf("adding %s to default spindle", did)
391
-
392
-
resolved, err := o.idResolver.ResolveIdent(context.Background(), tangledDid)
379
+
session, err := o.createAppPasswordSession()
393
380
if err != nil {
394
-
log.Printf("failed to resolve tangled.sh DID %s: %v", tangledDid, err)
395
-
return
396
-
}
397
-
398
-
pdsEndpoint := resolved.PDSEndpoint()
399
-
if pdsEndpoint == "" {
400
-
log.Printf("no PDS endpoint found for tangled.sh DID %s", tangledDid)
401
-
return
402
-
}
403
-
404
-
sessionPayload := map[string]string{
405
-
"identifier": tangledHandle,
406
-
"password": appPassword,
407
-
}
408
-
sessionBytes, err := json.Marshal(sessionPayload)
409
-
if err != nil {
410
-
log.Printf("failed to marshal session payload: %v", err)
411
-
return
412
-
}
413
-
414
-
sessionURL := pdsEndpoint + "/xrpc/com.atproto.server.createSession"
415
-
sessionReq, err := http.NewRequestWithContext(context.Background(), "POST", sessionURL, bytes.NewBuffer(sessionBytes))
416
-
if err != nil {
417
-
log.Printf("failed to create session request: %v", err)
418
-
return
419
-
}
420
-
sessionReq.Header.Set("Content-Type", "application/json")
421
-
422
-
client := &http.Client{Timeout: 30 * time.Second}
423
-
sessionResp, err := client.Do(sessionReq)
424
-
if err != nil {
425
-
log.Printf("failed to create session: %v", err)
426
-
return
427
-
}
428
-
defer sessionResp.Body.Close()
429
-
430
-
if sessionResp.StatusCode != http.StatusOK {
431
-
log.Printf("failed to create session: HTTP %d", sessionResp.StatusCode)
432
-
return
433
-
}
434
-
435
-
var session struct {
436
-
AccessJwt string `json:"accessJwt"`
437
-
}
438
-
if err := json.NewDecoder(sessionResp.Body).Decode(&session); err != nil {
439
-
log.Printf("failed to decode session response: %v", err)
381
+
log.Printf("failed to create session: %s", err)
440
382
return
441
383
}
442
384
···
392
444
CreatedAt: time.Now().Format(time.RFC3339),
393
445
}
394
446
395
-
recordBytes, err := json.Marshal(record)
396
-
if err != nil {
397
-
log.Printf("failed to marshal spindle member record: %v", err)
398
-
return
399
-
}
400
-
401
-
payload := map[string]interface{}{
402
-
"repo": tangledDid,
403
-
"collection": tangled.SpindleMemberNSID,
404
-
"rkey": tid.TID(),
405
-
"record": json.RawMessage(recordBytes),
406
-
}
407
-
408
-
payloadBytes, err := json.Marshal(payload)
409
-
if err != nil {
410
-
log.Printf("failed to marshal request payload: %v", err)
411
-
return
412
-
}
413
-
414
-
url := pdsEndpoint + "/xrpc/com.atproto.repo.putRecord"
415
-
req, err := http.NewRequestWithContext(context.Background(), "POST", url, bytes.NewBuffer(payloadBytes))
416
-
if err != nil {
417
-
log.Printf("failed to create HTTP request: %v", err)
418
-
return
419
-
}
420
-
421
-
req.Header.Set("Content-Type", "application/json")
422
-
req.Header.Set("Authorization", "Bearer "+session.AccessJwt)
423
-
424
-
resp, err := client.Do(req)
425
-
if err != nil {
426
-
log.Printf("failed to add user to default spindle: %v", err)
427
-
return
428
-
}
429
-
defer resp.Body.Close()
430
-
431
-
if resp.StatusCode != http.StatusOK {
432
-
log.Printf("failed to add user to default spindle: HTTP %d", resp.StatusCode)
447
+
if err := session.putRecord(record); err != nil {
448
+
log.Printf("failed to add member to default knot: %s", err)
433
449
return
434
450
}
435
451
···
401
489
}
402
490
403
491
func (o *OAuthHandler) addToDefaultKnot(did string) {
404
-
defaultKnot := "knot1.tangled.sh"
492
+
// use the tangled.sh app password to get an accessJwt
493
+
// and create an sh.tangled.spindle.member record with that
405
494
406
-
log.Printf("adding %s to default knot", did)
407
-
err := o.enforcer.AddKnotMember(defaultKnot, did)
495
+
allKnots, err := o.enforcer.GetKnotsForUser(did)
408
496
if err != nil {
409
-
log.Println("failed to add user to knot1.tangled.sh: ", err)
410
-
return
411
-
}
412
-
err = o.enforcer.E.SavePolicy()
413
-
if err != nil {
414
-
log.Println("failed to add user to knot1.tangled.sh: ", err)
497
+
log.Printf("failed to get knot members for did %s: %v", did, err)
415
498
return
416
499
}
417
500
418
-
secret, err := db.GetRegistrationKey(o.db, defaultKnot)
419
-
if err != nil {
420
-
log.Println("failed to get registration key for knot1.tangled.sh")
421
-
return
422
-
}
423
-
signedClient, err := knotclient.NewSignedClient(defaultKnot, secret, o.config.Core.Dev)
424
-
resp, err := signedClient.AddMember(did)
425
-
if err != nil {
426
-
log.Println("failed to add user to knot1.tangled.sh: ", err)
501
+
if slices.Contains(allKnots, defaultKnot) {
502
+
log.Printf("did %s is already a member of the default knot", did)
427
503
return
428
504
}
429
505
430
-
if resp.StatusCode != http.StatusNoContent {
431
-
log.Println("failed to add user to knot1.tangled.sh: ", resp.StatusCode)
506
+
log.Printf("adding %s to default knot", did)
507
+
session, err := o.createAppPasswordSession()
508
+
if err != nil {
509
+
log.Printf("failed to create session: %s", err)
432
510
return
433
511
}
512
+
513
+
record := tangled.KnotMember{
514
+
LexiconTypeID: "sh.tangled.knot.member",
515
+
Subject: did,
516
+
Domain: defaultKnot,
517
+
CreatedAt: time.Now().Format(time.RFC3339),
518
+
}
519
+
520
+
if err := session.putRecord(record); err != nil {
521
+
log.Printf("failed to add member to default knot: %s", err)
522
+
return
523
+
}
524
+
525
+
log.Printf("successfully added %s to default Knot", did)
526
+
}
527
+
528
+
// create a session using apppasswords
529
+
type session struct {
530
+
AccessJwt string `json:"accessJwt"`
531
+
PdsEndpoint string
532
+
}
533
+
534
+
func (o *OAuthHandler) createAppPasswordSession() (*session, error) {
535
+
appPassword := o.config.Core.AppPassword
536
+
if appPassword == "" {
537
+
return nil, fmt.Errorf("no app password configured, skipping member addition")
538
+
}
539
+
540
+
resolved, err := o.idResolver.ResolveIdent(context.Background(), tangledDid)
541
+
if err != nil {
542
+
return nil, fmt.Errorf("failed to resolve tangled.sh DID %s: %v", tangledDid, err)
543
+
}
544
+
545
+
pdsEndpoint := resolved.PDSEndpoint()
546
+
if pdsEndpoint == "" {
547
+
return nil, fmt.Errorf("no PDS endpoint found for tangled.sh DID %s", tangledDid)
548
+
}
549
+
550
+
sessionPayload := map[string]string{
551
+
"identifier": tangledHandle,
552
+
"password": appPassword,
553
+
}
554
+
sessionBytes, err := json.Marshal(sessionPayload)
555
+
if err != nil {
556
+
return nil, fmt.Errorf("failed to marshal session payload: %v", err)
557
+
}
558
+
559
+
sessionURL := pdsEndpoint + "/xrpc/com.atproto.server.createSession"
560
+
sessionReq, err := http.NewRequestWithContext(context.Background(), "POST", sessionURL, bytes.NewBuffer(sessionBytes))
561
+
if err != nil {
562
+
return nil, fmt.Errorf("failed to create session request: %v", err)
563
+
}
564
+
sessionReq.Header.Set("Content-Type", "application/json")
565
+
566
+
client := &http.Client{Timeout: 30 * time.Second}
567
+
sessionResp, err := client.Do(sessionReq)
568
+
if err != nil {
569
+
return nil, fmt.Errorf("failed to create session: %v", err)
570
+
}
571
+
defer sessionResp.Body.Close()
572
+
573
+
if sessionResp.StatusCode != http.StatusOK {
574
+
return nil, fmt.Errorf("failed to create session: HTTP %d", sessionResp.StatusCode)
575
+
}
576
+
577
+
var session session
578
+
if err := json.NewDecoder(sessionResp.Body).Decode(&session); err != nil {
579
+
return nil, fmt.Errorf("failed to decode session response: %v", err)
580
+
}
581
+
582
+
session.PdsEndpoint = pdsEndpoint
583
+
584
+
return &session, nil
585
+
}
586
+
587
+
func (s *session) putRecord(record any) error {
588
+
recordBytes, err := json.Marshal(record)
589
+
if err != nil {
590
+
return fmt.Errorf("failed to marshal knot member record: %w", err)
591
+
}
592
+
593
+
payload := map[string]any{
594
+
"repo": tangledDid,
595
+
"collection": tangled.KnotMemberNSID,
596
+
"rkey": tid.TID(),
597
+
"record": json.RawMessage(recordBytes),
598
+
}
599
+
600
+
payloadBytes, err := json.Marshal(payload)
601
+
if err != nil {
602
+
return fmt.Errorf("failed to marshal request payload: %w", err)
603
+
}
604
+
605
+
url := s.PdsEndpoint + "/xrpc/com.atproto.repo.putRecord"
606
+
req, err := http.NewRequestWithContext(context.Background(), "POST", url, bytes.NewBuffer(payloadBytes))
607
+
if err != nil {
608
+
return fmt.Errorf("failed to create HTTP request: %w", err)
609
+
}
610
+
611
+
req.Header.Set("Content-Type", "application/json")
612
+
req.Header.Set("Authorization", "Bearer "+s.AccessJwt)
613
+
614
+
client := &http.Client{Timeout: 30 * time.Second}
615
+
resp, err := client.Do(req)
616
+
if err != nil {
617
+
return fmt.Errorf("failed to add user to default Knot: %w", err)
618
+
}
619
+
defer resp.Body.Close()
620
+
621
+
if resp.StatusCode != http.StatusOK {
622
+
return fmt.Errorf("failed to add user to default Knot: HTTP %d", resp.StatusCode)
623
+
}
624
+
625
+
return nil
434
626
}
-157
appview/repo/index.go
-157
appview/repo/index.go
···
101
101
user := rp.oauth.GetUser(r)
102
102
repoInfo := f.RepoInfo(user)
103
103
104
-
// secret, err := db.GetRegistrationKey(rp.db, f.Knot)
105
-
// if err != nil {
106
-
// log.Printf("failed to get registration key for %s: %s", f.Knot, err)
107
-
// rp.pages.Notice(w, "resubmit-error", "Failed to create pull request. Try again later.")
108
-
// }
109
-
110
-
// signedClient, err := knotclient.NewSignedClient(f.Knot, secret, rp.config.Core.Dev)
111
-
// if err != nil {
112
-
// log.Printf("failed to create signed client for %s: %s", f.Knot, err)
113
-
// return
114
-
// }
115
-
116
-
// var forkInfo *types.ForkInfo
117
-
// if user != nil && (repoInfo.Roles.IsOwner() || repoInfo.Roles.IsCollaborator()) {
118
-
// forkInfo, err = getForkInfo(r, repoInfo, rp, f, result.Ref, user, signedClient)
119
-
// if err != nil {
120
-
// log.Printf("Failed to fetch fork information: %v", err)
121
-
// return
122
-
// }
123
-
// }
124
-
125
104
// TODO: a bit dirty
126
105
languageInfo, err := rp.getLanguageInfo(f, us, result.Ref, ref == "")
127
106
if err != nil {
···
206
227
207
228
return languageStats, nil
208
229
}
209
-
210
-
// func getForkInfo(
211
-
// r *http.Request,
212
-
// repoInfo repoinfo.RepoInfo,
213
-
// rp *Repo,
214
-
// f *reporesolver.ResolvedRepo,
215
-
// currentRef string,
216
-
// user *oauth.User,
217
-
// signedClient *knotclient.SignedClient,
218
-
// ) (*types.ForkInfo, error) {
219
-
// if user == nil {
220
-
// return nil, nil
221
-
// }
222
-
//
223
-
// forkInfo := types.ForkInfo{
224
-
// IsFork: repoInfo.Source != nil,
225
-
// Status: types.UpToDate,
226
-
// }
227
-
//
228
-
// if !forkInfo.IsFork {
229
-
// forkInfo.IsFork = false
230
-
// return &forkInfo, nil
231
-
// }
232
-
//
233
-
// us, err := knotclient.NewUnsignedClient(repoInfo.Source.Knot, rp.config.Core.Dev)
234
-
// if err != nil {
235
-
// log.Printf("failed to create unsigned client for %s", repoInfo.Source.Knot)
236
-
// return nil, err
237
-
// }
238
-
//
239
-
// result, err := us.Branches(repoInfo.Source.Did, repoInfo.Source.Name)
240
-
// if err != nil {
241
-
// log.Println("failed to reach knotserver", err)
242
-
// return nil, err
243
-
// }
244
-
//
245
-
// if !slices.ContainsFunc(result.Branches, func(branch types.Branch) bool {
246
-
// return branch.Name == currentRef
247
-
// }) {
248
-
// forkInfo.Status = types.MissingBranch
249
-
// return &forkInfo, nil
250
-
// }
251
-
//
252
-
// <<<<<<< Conflict 1 of 2
253
-
// %%%%%%% Changes from base #1 to side #1
254
-
// client, err := rp.oauth.ServiceClient(
255
-
// r,
256
-
// oauth.WithService(f.Knot),
257
-
// oauth.WithLxm(tangled.RepoHiddenRefNSID),
258
-
// oauth.WithDev(rp.config.Core.Dev),
259
-
// )
260
-
// if err != nil {
261
-
// log.Printf("failed to connect to knot server: %v", err)
262
-
// %%%%%%% Changes from base #2 to side #2
263
-
// - newHiddenRefResp, err := signedClient.NewHiddenRef(user.Did, repoInfo.Name, currentRef, currentRef)
264
-
// + newHiddenRefResp, err := signedClient.NewHiddenRef(user.Did, repoInfo.Name, f.Ref, f.Ref)
265
-
// if err != nil || newHiddenRefResp.StatusCode != http.StatusNoContent {
266
-
// log.Printf("failed to update tracking branch: %s", err)
267
-
// +++++++ Contents of side #3
268
-
// client, err := rp.oauth.ServiceClient(
269
-
// r,
270
-
// oauth.WithService(f.Knot),
271
-
// oauth.WithLxm(tangled.RepoHiddenRefNSID),
272
-
// oauth.WithDev(rp.config.Core.Dev),
273
-
// )
274
-
// if err != nil {
275
-
// log.Printf("failed to connect to knot server: %v", err)
276
-
// >>>>>>> Conflict 1 of 2 ends
277
-
// return nil, err
278
-
// }
279
-
//
280
-
// <<<<<<< Conflict 2 of 2
281
-
// %%%%%%% Changes from base #1 to side #1
282
-
// resp, err := tangled.RepoHiddenRef(
283
-
// r.Context(),
284
-
// client,
285
-
// &tangled.RepoHiddenRef_Input{
286
-
// - ForkRef: f.Ref,
287
-
// - RemoteRef: f.Ref,
288
-
// + ForkRef: currentRef,
289
-
// + RemoteRef: currentRef,
290
-
// Repo: f.RepoAt().String(),
291
-
// },
292
-
// )
293
-
// if err != nil || !resp.Success {
294
-
// if err != nil {
295
-
// log.Printf("failed to update tracking branch: %s", err)
296
-
// } else {
297
-
// log.Printf("failed to update tracking branch: success=false")
298
-
// }
299
-
// return nil, fmt.Errorf("failed to update tracking branch")
300
-
// }
301
-
//
302
-
// - hiddenRef := fmt.Sprintf("hidden/%s/%s", f.Ref, f.Ref)
303
-
// + hiddenRef := fmt.Sprintf("hidden/%s/%s", currentRef, currentRef)
304
-
//
305
-
// %%%%%%% Changes from base #2 to side #2
306
-
// - hiddenRef := fmt.Sprintf("hidden/%s/%s", currentRef, currentRef)
307
-
// + hiddenRef := fmt.Sprintf("hidden/%s/%s", f.Ref, f.Ref)
308
-
//
309
-
// +++++++ Contents of side #3
310
-
// resp, err := tangled.RepoHiddenRef(
311
-
// r.Context(),
312
-
// client,
313
-
// &tangled.RepoHiddenRef_Input{
314
-
// ForkRef: currentRef,
315
-
// RemoteRef: currentRef,
316
-
// Repo: f.RepoAt().String(),
317
-
// },
318
-
// )
319
-
// if err != nil || !resp.Success {
320
-
// if err != nil {
321
-
// log.Printf("failed to update tracking branch: %s", err)
322
-
// } else {
323
-
// log.Printf("failed to update tracking branch: success=false")
324
-
// }
325
-
// return nil, fmt.Errorf("failed to update tracking branch")
326
-
// }
327
-
//
328
-
// hiddenRef := fmt.Sprintf("hidden/%s/%s", currentRef, currentRef)
329
-
// >>>>>>> Conflict 2 of 2 ends
330
-
// var status types.AncestorCheckResponse
331
-
// forkSyncableResp, err := signedClient.RepoForkAheadBehind(user.Did, string(f.RepoAt()), repoInfo.Name, currentRef, hiddenRef)
332
-
// if err != nil {
333
-
// log.Printf("failed to check if fork is ahead/behind: %s", err)
334
-
// return nil, err
335
-
// }
336
-
//
337
-
// if err := json.NewDecoder(forkSyncableResp.Body).Decode(&status); err != nil {
338
-
// log.Printf("failed to decode fork status: %s", err)
339
-
// return nil, err
340
-
// }
341
-
//
342
-
// forkInfo.Status = status.Status
343
-
// return &forkInfo, nil
344
-
// }
+22
-91
appview/repo/repo.go
+22
-91
appview/repo/repo.go
···
863
863
fail("Failed to write record to PDS.", err)
864
864
return
865
865
}
866
-
l = l.With("at-uri", resp.Uri)
866
+
867
+
aturi := resp.Uri
868
+
l = l.With("at-uri", aturi)
867
869
l.Info("wrote record to PDS")
868
-
869
-
l.Info("adding to knot")
870
-
secret, err := db.GetRegistrationKey(rp.db, f.Knot)
871
-
if err != nil {
872
-
fail("Failed to add to knot.", err)
873
-
return
874
-
}
875
-
876
-
ksClient, err := knotclient.NewSignedClient(f.Knot, secret, rp.config.Core.Dev)
877
-
if err != nil {
878
-
fail("Failed to add to knot.", err)
879
-
return
880
-
}
881
-
882
-
ksResp, err := ksClient.AddCollaborator(f.OwnerDid(), f.Name, collaboratorIdent.DID.String())
883
-
if err != nil {
884
-
fail("Knot was unreachable.", err)
885
-
return
886
-
}
887
-
888
-
if ksResp.StatusCode != http.StatusNoContent {
889
-
fail(fmt.Sprintf("Knot returned unexpected status code: %d.", ksResp.StatusCode), nil)
890
-
return
891
-
}
892
870
893
871
tx, err := rp.db.BeginTx(r.Context(), nil)
894
872
if err != nil {
895
873
fail("Failed to add collaborator.", err)
896
874
return
897
875
}
898
-
defer func() {
899
-
tx.Rollback()
900
-
err = rp.enforcer.E.LoadPolicy()
901
-
if err != nil {
902
-
fail("Failed to add collaborator.", err)
876
+
877
+
rollback := func() {
878
+
err1 := tx.Rollback()
879
+
err2 := rp.enforcer.E.LoadPolicy()
880
+
err3 := rollbackRecord(context.Background(), aturi, client)
881
+
882
+
// ignore txn complete errors, this is okay
883
+
if errors.Is(err1, sql.ErrTxDone) {
884
+
err1 = nil
903
885
}
904
-
}()
886
+
887
+
if errs := errors.Join(err1, err2, err3); errs != nil {
888
+
l.Error("failed to rollback changes", "errs", errs)
889
+
return
890
+
}
891
+
}
892
+
defer rollback()
905
893
906
894
err = rp.enforcer.AddCollaborator(collaboratorIdent.DID.String(), f.Knot, f.DidSlashRepo())
907
895
if err != nil {
···
920
932
fail("Failed to update collaborator permissions.", err)
921
933
return
922
934
}
935
+
936
+
// clear aturi to when everything is successful
937
+
aturi = ""
923
938
924
939
rp.pages.HxRefresh(w)
925
940
}
···
1198
1207
case "pipelines":
1199
1208
rp.pipelineSettings(w, r)
1200
1209
}
1201
-
1202
-
// user := rp.oauth.GetUser(r)
1203
-
// repoCollaborators, err := f.Collaborators(r.Context())
1204
-
// if err != nil {
1205
-
// log.Println("failed to get collaborators", err)
1206
-
// }
1207
-
1208
-
// isCollaboratorInviteAllowed := false
1209
-
// if user != nil {
1210
-
// ok, err := rp.enforcer.IsCollaboratorInviteAllowed(user.Did, f.Knot, f.DidSlashRepo())
1211
-
// if err == nil && ok {
1212
-
// isCollaboratorInviteAllowed = true
1213
-
// }
1214
-
// }
1215
-
1216
-
// us, err := knotclient.NewUnsignedClient(f.Knot, rp.config.Core.Dev)
1217
-
// if err != nil {
1218
-
// log.Println("failed to create unsigned client", err)
1219
-
// return
1220
-
// }
1221
-
1222
-
// result, err := us.Branches(f.OwnerDid(), f.Name)
1223
-
// if err != nil {
1224
-
// log.Println("failed to reach knotserver", err)
1225
-
// return
1226
-
// }
1227
-
1228
-
// // all spindles that this user is a member of
1229
-
// spindles, err := rp.enforcer.GetSpindlesForUser(user.Did)
1230
-
// if err != nil {
1231
-
// log.Println("failed to fetch spindles", err)
1232
-
// return
1233
-
// }
1234
-
1235
-
// var secrets []*tangled.RepoListSecrets_Secret
1236
-
// if f.Spindle != "" {
1237
-
// if spindleClient, err := rp.oauth.ServiceClient(
1238
-
// r,
1239
-
// oauth.WithService(f.Spindle),
1240
-
// oauth.WithLxm(tangled.RepoListSecretsNSID),
1241
-
// oauth.WithDev(rp.config.Core.Dev),
1242
-
// ); err != nil {
1243
-
// log.Println("failed to create spindle client", err)
1244
-
// } else if resp, err := tangled.RepoListSecrets(r.Context(), spindleClient, f.RepoAt().String()); err != nil {
1245
-
// log.Println("failed to fetch secrets", err)
1246
-
// } else {
1247
-
// secrets = resp.Secrets
1248
-
// }
1249
-
// }
1250
-
1251
-
// rp.pages.RepoSettings(w, pages.RepoSettingsParams{
1252
-
// LoggedInUser: user,
1253
-
// RepoInfo: f.RepoInfo(user),
1254
-
// Collaborators: repoCollaborators,
1255
-
// IsCollaboratorInviteAllowed: isCollaboratorInviteAllowed,
1256
-
// Branches: result.Branches,
1257
-
// Spindles: spindles,
1258
-
// CurrentSpindle: f.Spindle,
1259
-
// Secrets: secrets,
1260
-
// })
1261
1210
}
1262
1211
1263
1212
func (rp *Repo) generalSettings(w http.ResponseWriter, r *http.Request) {
-299
knotclient/signer.go
-299
knotclient/signer.go
···
1
-
package knotclient
2
-
3
-
import (
4
-
"bytes"
5
-
"crypto/hmac"
6
-
"crypto/sha256"
7
-
"encoding/hex"
8
-
"encoding/json"
9
-
"fmt"
10
-
"net/http"
11
-
"net/url"
12
-
"time"
13
-
14
-
"tangled.sh/tangled.sh/core/types"
15
-
)
16
-
17
-
type SignerTransport struct {
18
-
Secret string
19
-
}
20
-
21
-
func (s SignerTransport) RoundTrip(req *http.Request) (*http.Response, error) {
22
-
timestamp := time.Now().Format(time.RFC3339)
23
-
mac := hmac.New(sha256.New, []byte(s.Secret))
24
-
message := req.Method + req.URL.Path + timestamp
25
-
mac.Write([]byte(message))
26
-
signature := hex.EncodeToString(mac.Sum(nil))
27
-
req.Header.Set("X-Signature", signature)
28
-
req.Header.Set("X-Timestamp", timestamp)
29
-
return http.DefaultTransport.RoundTrip(req)
30
-
}
31
-
32
-
type SignedClient struct {
33
-
Secret string
34
-
Url *url.URL
35
-
client *http.Client
36
-
}
37
-
38
-
func NewSignedClient(domain, secret string, dev bool) (*SignedClient, error) {
39
-
client := &http.Client{
40
-
Timeout: 5 * time.Second,
41
-
Transport: SignerTransport{
42
-
Secret: secret,
43
-
},
44
-
}
45
-
46
-
scheme := "https"
47
-
if dev {
48
-
scheme = "http"
49
-
}
50
-
url, err := url.Parse(fmt.Sprintf("%s://%s", scheme, domain))
51
-
if err != nil {
52
-
return nil, err
53
-
}
54
-
55
-
signedClient := &SignedClient{
56
-
Secret: secret,
57
-
client: client,
58
-
Url: url,
59
-
}
60
-
61
-
return signedClient, nil
62
-
}
63
-
64
-
func (s *SignedClient) newRequest(method, endpoint string, body []byte) (*http.Request, error) {
65
-
return http.NewRequest(method, s.Url.JoinPath(endpoint).String(), bytes.NewReader(body))
66
-
}
67
-
68
-
func (s *SignedClient) Init(did string) (*http.Response, error) {
69
-
const (
70
-
Method = "POST"
71
-
Endpoint = "/init"
72
-
)
73
-
74
-
body, _ := json.Marshal(map[string]any{
75
-
"did": did,
76
-
})
77
-
78
-
req, err := s.newRequest(Method, Endpoint, body)
79
-
if err != nil {
80
-
return nil, err
81
-
}
82
-
83
-
return s.client.Do(req)
84
-
}
85
-
86
-
func (s *SignedClient) NewRepo(did, repoName, defaultBranch string) (*http.Response, error) {
87
-
const (
88
-
Method = "PUT"
89
-
Endpoint = "/repo/new"
90
-
)
91
-
92
-
body, _ := json.Marshal(map[string]any{
93
-
"did": did,
94
-
"name": repoName,
95
-
"default_branch": defaultBranch,
96
-
})
97
-
98
-
req, err := s.newRequest(Method, Endpoint, body)
99
-
if err != nil {
100
-
return nil, err
101
-
}
102
-
103
-
return s.client.Do(req)
104
-
}
105
-
106
-
func (s *SignedClient) RepoForkAheadBehind(ownerDid, source, name, branch, hiddenRef string) (*http.Response, error) {
107
-
const (
108
-
Method = "GET"
109
-
)
110
-
endpoint := fmt.Sprintf("/repo/fork/sync/%s", url.PathEscape(branch))
111
-
112
-
body, _ := json.Marshal(map[string]any{
113
-
"did": ownerDid,
114
-
"source": source,
115
-
"name": name,
116
-
"hiddenref": hiddenRef,
117
-
})
118
-
119
-
req, err := s.newRequest(Method, endpoint, body)
120
-
if err != nil {
121
-
return nil, err
122
-
}
123
-
124
-
return s.client.Do(req)
125
-
}
126
-
127
-
func (s *SignedClient) SyncRepoFork(ownerDid, source, name, branch string) (*http.Response, error) {
128
-
const (
129
-
Method = "POST"
130
-
)
131
-
endpoint := fmt.Sprintf("/repo/fork/sync/%s", url.PathEscape(branch))
132
-
133
-
body, _ := json.Marshal(map[string]any{
134
-
"did": ownerDid,
135
-
"source": source,
136
-
"name": name,
137
-
})
138
-
139
-
req, err := s.newRequest(Method, endpoint, body)
140
-
if err != nil {
141
-
return nil, err
142
-
}
143
-
144
-
return s.client.Do(req)
145
-
}
146
-
147
-
func (s *SignedClient) ForkRepo(ownerDid, source, name string) (*http.Response, error) {
148
-
const (
149
-
Method = "POST"
150
-
Endpoint = "/repo/fork"
151
-
)
152
-
153
-
body, _ := json.Marshal(map[string]any{
154
-
"did": ownerDid,
155
-
"source": source,
156
-
"name": name,
157
-
})
158
-
159
-
req, err := s.newRequest(Method, Endpoint, body)
160
-
if err != nil {
161
-
return nil, err
162
-
}
163
-
164
-
return s.client.Do(req)
165
-
}
166
-
167
-
func (s *SignedClient) RemoveRepo(did, repoName string) (*http.Response, error) {
168
-
const (
169
-
Method = "DELETE"
170
-
Endpoint = "/repo"
171
-
)
172
-
173
-
body, _ := json.Marshal(map[string]any{
174
-
"did": did,
175
-
"name": repoName,
176
-
})
177
-
178
-
req, err := s.newRequest(Method, Endpoint, body)
179
-
if err != nil {
180
-
return nil, err
181
-
}
182
-
183
-
return s.client.Do(req)
184
-
}
185
-
186
-
func (s *SignedClient) AddMember(did string) (*http.Response, error) {
187
-
const (
188
-
Method = "PUT"
189
-
Endpoint = "/member/add"
190
-
)
191
-
192
-
body, _ := json.Marshal(map[string]any{
193
-
"did": did,
194
-
})
195
-
196
-
req, err := s.newRequest(Method, Endpoint, body)
197
-
if err != nil {
198
-
return nil, err
199
-
}
200
-
201
-
return s.client.Do(req)
202
-
}
203
-
204
-
func (s *SignedClient) SetDefaultBranch(ownerDid, repoName, branch string) (*http.Response, error) {
205
-
const (
206
-
Method = "PUT"
207
-
)
208
-
endpoint := fmt.Sprintf("/%s/%s/branches/default", ownerDid, repoName)
209
-
210
-
body, _ := json.Marshal(map[string]any{
211
-
"branch": branch,
212
-
})
213
-
214
-
req, err := s.newRequest(Method, endpoint, body)
215
-
if err != nil {
216
-
return nil, err
217
-
}
218
-
219
-
return s.client.Do(req)
220
-
}
221
-
222
-
func (s *SignedClient) AddCollaborator(ownerDid, repoName, memberDid string) (*http.Response, error) {
223
-
const (
224
-
Method = "POST"
225
-
)
226
-
endpoint := fmt.Sprintf("/%s/%s/collaborator/add", ownerDid, repoName)
227
-
228
-
body, _ := json.Marshal(map[string]any{
229
-
"did": memberDid,
230
-
})
231
-
232
-
req, err := s.newRequest(Method, endpoint, body)
233
-
if err != nil {
234
-
return nil, err
235
-
}
236
-
237
-
return s.client.Do(req)
238
-
}
239
-
240
-
func (s *SignedClient) Merge(
241
-
patch []byte,
242
-
ownerDid, targetRepo, branch, commitMessage, commitBody, authorName, authorEmail string,
243
-
) (*http.Response, error) {
244
-
const (
245
-
Method = "POST"
246
-
)
247
-
endpoint := fmt.Sprintf("/%s/%s/merge", ownerDid, targetRepo)
248
-
249
-
mr := types.MergeRequest{
250
-
Branch: branch,
251
-
CommitMessage: commitMessage,
252
-
CommitBody: commitBody,
253
-
AuthorName: authorName,
254
-
AuthorEmail: authorEmail,
255
-
Patch: string(patch),
256
-
}
257
-
258
-
body, _ := json.Marshal(mr)
259
-
260
-
req, err := s.newRequest(Method, endpoint, body)
261
-
if err != nil {
262
-
return nil, err
263
-
}
264
-
265
-
return s.client.Do(req)
266
-
}
267
-
268
-
func (s *SignedClient) MergeCheck(patch []byte, ownerDid, targetRepo, branch string) (*http.Response, error) {
269
-
const (
270
-
Method = "POST"
271
-
)
272
-
endpoint := fmt.Sprintf("/%s/%s/merge/check", ownerDid, targetRepo)
273
-
274
-
body, _ := json.Marshal(map[string]any{
275
-
"patch": string(patch),
276
-
"branch": branch,
277
-
})
278
-
279
-
req, err := s.newRequest(Method, endpoint, body)
280
-
if err != nil {
281
-
return nil, err
282
-
}
283
-
284
-
return s.client.Do(req)
285
-
}
286
-
287
-
func (s *SignedClient) NewHiddenRef(ownerDid, targetRepo, forkBranch, remoteBranch string) (*http.Response, error) {
288
-
const (
289
-
Method = "POST"
290
-
)
291
-
endpoint := fmt.Sprintf("/%s/%s/hidden-ref/%s/%s", ownerDid, targetRepo, url.PathEscape(forkBranch), url.PathEscape(remoteBranch))
292
-
293
-
req, err := s.newRequest(Method, endpoint, nil)
294
-
if err != nil {
295
-
return nil, err
296
-
}
297
-
298
-
return s.client.Do(req)
299
-
}
-10
knotserver/http_util.go
-10
knotserver/http_util.go
···
20
20
func notFound(w http.ResponseWriter) {
21
21
writeError(w, "not found", http.StatusNotFound)
22
22
}
23
-
24
-
func writeMsg(w http.ResponseWriter, msg string) {
25
-
writeJSON(w, map[string]string{"msg": msg})
26
-
}
27
-
28
-
func writeConflict(w http.ResponseWriter, data interface{}) {
29
-
w.Header().Set("Content-Type", "application/json")
30
-
w.WriteHeader(http.StatusConflict)
31
-
json.NewEncoder(w).Encode(data)
32
-
}
+7
-3
knotserver/ingester.go
+7
-3
knotserver/ingester.go
···
255
255
didSlashRepo, _ := securejoin.SecureJoin(owner.DID.String(), repo.Name)
256
256
257
257
// check perms for this user
258
-
if ok, err := h.e.IsCollaboratorInviteAllowed(did, rbac.ThisServer, didSlashRepo); !ok || err != nil {
259
-
return fmt.Errorf("insufficient permissions: %w", err)
258
+
ok, err := h.e.IsCollaboratorInviteAllowed(did, rbac.ThisServer, didSlashRepo)
259
+
if err != nil {
260
+
return fmt.Errorf("failed to check permissions: %w", err)
261
+
}
262
+
if !ok {
263
+
return fmt.Errorf("insufficient permissions: %s, %s, %s", did, "IsCollaboratorInviteAllowed", didSlashRepo)
260
264
}
261
265
262
266
if err := h.db.AddDid(subjectId.DID.String()); err != nil {
···
302
298
return fmt.Errorf("error reading response body: %w", err)
303
299
}
304
300
305
-
for _, key := range strings.Split(string(plaintext), "\n") {
301
+
for key := range strings.SplitSeq(string(plaintext), "\n") {
306
302
if key == "" {
307
303
continue
308
304
}
-2
knotserver/internal.go
-2
knotserver/internal.go
-7
nix/modules/knot.nix
-7
nix/modules/knot.nix
···
99
99
description = "DID of owner (required)";
100
100
};
101
101
102
-
secretFile = mkOption {
103
-
type = lib.types.path;
104
-
example = "KNOT_SERVER_SECRET=<hash>";
105
-
description = "File containing secret key provided by appview (required)";
106
-
};
107
-
108
102
dbPath = mkOption {
109
103
type = types.path;
110
104
default = "${cfg.stateDir}/knotserver.db";
···
201
207
"KNOT_SERVER_HOSTNAME=${cfg.server.hostname}"
202
208
"KNOT_SERVER_OWNER=${cfg.server.owner}"
203
209
];
204
-
EnvironmentFile = cfg.server.secretFile;
205
210
ExecStart = "${cfg.package}/bin/knot server";
206
211
Restart = "always";
207
212
};