lewis.moe / tangled-core
forked from tangled.org/core
Monorepo for Tangled
fork atom
tangled-core / knotserver / xrpc / set_default_branch.go
at push-pmqotzqwskqq 92 lines 2.6 kB view raw
lewis.moe appview, knotserver: all new git repos are created with DIDs
fa214210
1package xrpc 2 3import ( 4 "encoding/json" 5 "fmt" 6 "net/http" 7 8 comatproto "github.com/bluesky-social/indigo/api/atproto" 9 "github.com/bluesky-social/indigo/atproto/syntax" 10 "github.com/bluesky-social/indigo/xrpc" 11 securejoin "github.com/cyphar/filepath-securejoin" 12 "tangled.org/core/api/tangled" 13 "tangled.org/core/knotserver/git" 14 "tangled.org/core/rbac" 15 16 xrpcerr "tangled.org/core/xrpc/errors" 17) 18 19const ActorDid string = "ActorDid" 20 21func (x *Xrpc) SetDefaultBranch(w http.ResponseWriter, r *http.Request) { 22 l := x.Logger 23 fail := func(e xrpcerr.XrpcError) { 24 l.Error("failed", "kind", e.Tag, "error", e.Message) 25 writeError(w, e, http.StatusBadRequest) 26 } 27 28 actorDid, ok := r.Context().Value(ActorDid).(syntax.DID) 29 if !ok { 30 fail(xrpcerr.MissingActorDidError) 31 return 32 } 33 34 var data tangled.RepoSetDefaultBranch_Input 35 if err := json.NewDecoder(r.Body).Decode(&data); err != nil { 36 fail(xrpcerr.GenericError(err)) 37 return 38 } 39 40 // unfortunately we have to resolve repo-at here 41 repoAt, err := syntax.ParseATURI(data.Repo) 42 if err != nil { 43 fail(xrpcerr.InvalidRepoError(data.Repo)) 44 return 45 } 46 47 // resolve this aturi to extract the repo record 48 ident, err := x.Resolver.ResolveIdent(r.Context(), repoAt.Authority().String()) 49 if err != nil || ident.Handle.IsInvalidHandle() { 50 fail(xrpcerr.GenericError(fmt.Errorf("failed to resolve handle: %w", err))) 51 return 52 } 53 54 xrpcc := xrpc.Client{Host: ident.PDSEndpoint()} 55 resp, err := comatproto.RepoGetRecord(r.Context(), &xrpcc, "", tangled.RepoNSID, repoAt.Authority().String(), repoAt.RecordKey().String()) 56 if err != nil { 57 fail(xrpcerr.GenericError(err)) 58 return 59 } 60 61 repo := resp.Value.Val.(*tangled.Repo) 62 repoPath, repoDid, err := x.Db.ResolveRepoOnDisk(x.Config.Repo.ScanPath, actorDid.String(), repo.Name) 63 if err != nil { 64 fail(xrpcerr.GenericError(err)) 65 return 66 } 67 68 rbacResource := repoDid 69 if rbacResource == "" { 70 rbacResource, _ = securejoin.SecureJoin(actorDid.String(), repo.Name) 71 } 72 if ok, err := x.Enforcer.IsPushAllowed(actorDid.String(), rbac.ThisServer, rbacResource); !ok || err != nil { 73 l.Error("insufficent permissions", "did", actorDid.String()) 74 writeError(w, xrpcerr.AccessControlError(actorDid.String()), http.StatusUnauthorized) 75 return 76 } 77 78 gr, err := git.PlainOpen(repoPath) 79 if err != nil { 80 fail(xrpcerr.GenericError(err)) 81 return 82 } 83 84 err = gr.SetDefaultBranch(data.DefaultBranch) 85 if err != nil { 86 l.Error("setting default branch", "error", err.Error()) 87 writeError(w, xrpcerr.GitError(err), http.StatusInternalServerError) 88 return 89 } 90 91 w.WriteHeader(http.StatusOK) 92}