appview/state/state.go at 1dcc4fac2ea332180014cbc87e4c22821699e66d · tangled.org/core

tangled.org / core
this repo has no description
core / appview / state / state.go
at 1dcc4fac2ea332180014cbc87e4c22821699e66d 14 kB view raw
  1package state
  2
  3import (
  4	"context"
  5	"database/sql"
  6	"errors"
  7	"fmt"
  8	"log"
  9	"log/slog"
 10	"net/http"
 11	"strings"
 12	"time"
 13
 14	comatproto "github.com/bluesky-social/indigo/api/atproto"
 15	"github.com/bluesky-social/indigo/atproto/syntax"
 16	lexutil "github.com/bluesky-social/indigo/lex/util"
 17	securejoin "github.com/cyphar/filepath-securejoin"
 18	"github.com/go-chi/chi/v5"
 19	"github.com/posthog/posthog-go"
 20	"tangled.sh/tangled.sh/core/api/tangled"
 21	"tangled.sh/tangled.sh/core/appview"
 22	"tangled.sh/tangled.sh/core/appview/cache"
 23	"tangled.sh/tangled.sh/core/appview/cache/session"
 24	"tangled.sh/tangled.sh/core/appview/config"
 25	"tangled.sh/tangled.sh/core/appview/db"
 26	"tangled.sh/tangled.sh/core/appview/notify"
 27	"tangled.sh/tangled.sh/core/appview/oauth"
 28	"tangled.sh/tangled.sh/core/appview/pages"
 29	posthogService "tangled.sh/tangled.sh/core/appview/posthog"
 30	"tangled.sh/tangled.sh/core/appview/reporesolver"
 31	xrpcclient "tangled.sh/tangled.sh/core/appview/xrpcclient"
 32	"tangled.sh/tangled.sh/core/eventconsumer"
 33	"tangled.sh/tangled.sh/core/idresolver"
 34	"tangled.sh/tangled.sh/core/jetstream"
 35	tlog "tangled.sh/tangled.sh/core/log"
 36	"tangled.sh/tangled.sh/core/rbac"
 37	"tangled.sh/tangled.sh/core/tid"
 38	// xrpcerr "tangled.sh/tangled.sh/core/xrpc/errors"
 39)
 40
 41type State struct {
 42	db            *db.DB
 43	notifier      notify.Notifier
 44	oauth         *oauth.OAuth
 45	enforcer      *rbac.Enforcer
 46	pages         *pages.Pages
 47	sess          *session.SessionStore
 48	idResolver    *idresolver.Resolver
 49	posthog       posthog.Client
 50	jc            *jetstream.JetstreamClient
 51	config        *config.Config
 52	repoResolver  *reporesolver.RepoResolver
 53	knotstream    *eventconsumer.Consumer
 54	spindlestream *eventconsumer.Consumer
 55	logger        *slog.Logger
 56}
 57
 58func Make(ctx context.Context, config *config.Config) (*State, error) {
 59	d, err := db.Make(config.Core.DbPath)
 60	if err != nil {
 61		return nil, fmt.Errorf("failed to create db: %w", err)
 62	}
 63
 64	enforcer, err := rbac.NewEnforcer(config.Core.DbPath)
 65	if err != nil {
 66		return nil, fmt.Errorf("failed to create enforcer: %w", err)
 67	}
 68
 69	res, err := idresolver.RedisResolver(config.Redis.ToURL())
 70	if err != nil {
 71		log.Printf("failed to create redis resolver: %v", err)
 72		res = idresolver.DefaultResolver()
 73	}
 74
 75	pgs := pages.NewPages(config, res)
 76
 77	cache := cache.New(config.Redis.Addr)
 78	sess := session.New(cache)
 79
 80	oauth := oauth.NewOAuth(config, sess)
 81
 82	posthog, err := posthog.NewWithConfig(config.Posthog.ApiKey, posthog.Config{Endpoint: config.Posthog.Endpoint})
 83	if err != nil {
 84		return nil, fmt.Errorf("failed to create posthog client: %w", err)
 85	}
 86
 87	repoResolver := reporesolver.New(config, enforcer, res, d)
 88
 89	wrapper := db.DbWrapper{d}
 90	jc, err := jetstream.NewJetstreamClient(
 91		config.Jetstream.Endpoint,
 92		"appview",
 93		[]string{
 94			tangled.GraphFollowNSID,
 95			tangled.FeedStarNSID,
 96			tangled.PublicKeyNSID,
 97			tangled.RepoArtifactNSID,
 98			tangled.ActorProfileNSID,
 99			tangled.SpindleMemberNSID,
100			tangled.SpindleNSID,
101			tangled.StringNSID,
102			tangled.RepoIssueNSID,
103			tangled.RepoIssueCommentNSID,
104		},
105		nil,
106		slog.Default(),
107		wrapper,
108		false,
109
110		// in-memory filter is inapplicalble to appview so
111		// we'll never log dids anyway.
112		false,
113	)
114	if err != nil {
115		return nil, fmt.Errorf("failed to create jetstream client: %w", err)
116	}
117
118	ingester := appview.Ingester{
119		Db:         wrapper,
120		Enforcer:   enforcer,
121		IdResolver: res,
122		Config:     config,
123		Logger:     tlog.New("ingester"),
124	}
125	err = jc.StartJetstream(ctx, ingester.Ingest())
126	if err != nil {
127		return nil, fmt.Errorf("failed to start jetstream watcher: %w", err)
128	}
129
130	knotstream, err := Knotstream(ctx, config, d, enforcer, posthog)
131	if err != nil {
132		return nil, fmt.Errorf("failed to start knotstream consumer: %w", err)
133	}
134	knotstream.Start(ctx)
135
136	spindlestream, err := Spindlestream(ctx, config, d, enforcer)
137	if err != nil {
138		return nil, fmt.Errorf("failed to start spindlestream consumer: %w", err)
139	}
140	spindlestream.Start(ctx)
141
142	var notifiers []notify.Notifier
143	if !config.Core.Dev {
144		notifiers = append(notifiers, posthogService.NewPosthogNotifier(posthog))
145	}
146	notifier := notify.NewMergedNotifier(notifiers...)
147
148	state := &State{
149		d,
150		notifier,
151		oauth,
152		enforcer,
153		pgs,
154		sess,
155		res,
156		posthog,
157		jc,
158		config,
159		repoResolver,
160		knotstream,
161		spindlestream,
162		slog.Default(),
163	}
164
165	return state, nil
166}
167
168func (s *State) Favicon(w http.ResponseWriter, r *http.Request) {
169	w.Header().Set("Content-Type", "image/svg+xml")
170	w.Header().Set("Cache-Control", "public, max-age=31536000") // one year
171	w.Header().Set("ETag", `"favicon-svg-v1"`)
172
173	if match := r.Header.Get("If-None-Match"); match == `"favicon-svg-v1"` {
174		w.WriteHeader(http.StatusNotModified)
175		return
176	}
177
178	s.pages.Favicon(w)
179}
180
181func (s *State) TermsOfService(w http.ResponseWriter, r *http.Request) {
182	user := s.oauth.GetUser(r)
183	s.pages.TermsOfService(w, pages.TermsOfServiceParams{
184		LoggedInUser: user,
185	})
186}
187
188func (s *State) PrivacyPolicy(w http.ResponseWriter, r *http.Request) {
189	user := s.oauth.GetUser(r)
190	s.pages.PrivacyPolicy(w, pages.PrivacyPolicyParams{
191		LoggedInUser: user,
192	})
193}
194
195func (s *State) HomeOrTimeline(w http.ResponseWriter, r *http.Request) {
196	if s.oauth.GetUser(r) != nil {
197		s.Timeline(w, r)
198		return
199	}
200	s.Home(w, r)
201}
202
203func (s *State) Timeline(w http.ResponseWriter, r *http.Request) {
204	user := s.oauth.GetUser(r)
205
206	timeline, err := db.MakeTimeline(s.db, 50)
207	if err != nil {
208		log.Println(err)
209		s.pages.Notice(w, "timeline", "Uh oh! Failed to load timeline.")
210	}
211
212	repos, err := db.GetTopStarredReposLastWeek(s.db)
213	if err != nil {
214		log.Println(err)
215		s.pages.Notice(w, "topstarredrepos", "Unable to load.")
216		return
217	}
218
219	s.pages.Timeline(w, pages.TimelineParams{
220		LoggedInUser: user,
221		Timeline:     timeline,
222		Repos:        repos,
223	})
224}
225
226func (s *State) Home(w http.ResponseWriter, r *http.Request) {
227	timeline, err := db.MakeTimeline(s.db, 15)
228	if err != nil {
229		log.Println(err)
230		s.pages.Notice(w, "timeline", "Uh oh! Failed to load timeline.")
231		return
232	}
233
234	repos, err := db.GetTopStarredReposLastWeek(s.db)
235	if err != nil {
236		log.Println(err)
237		s.pages.Notice(w, "topstarredrepos", "Unable to load.")
238		return
239	}
240
241	timeline = timeline[:5]
242
243	s.pages.Home(w, pages.TimelineParams{
244		LoggedInUser: nil,
245		Timeline:     timeline,
246		Repos:        repos,
247	})
248}
249
250func (s *State) Keys(w http.ResponseWriter, r *http.Request) {
251	user := chi.URLParam(r, "user")
252	user = strings.TrimPrefix(user, "@")
253
254	if user == "" {
255		w.WriteHeader(http.StatusBadRequest)
256		return
257	}
258
259	id, err := s.idResolver.ResolveIdent(r.Context(), user)
260	if err != nil {
261		w.WriteHeader(http.StatusInternalServerError)
262		return
263	}
264
265	pubKeys, err := db.GetPublicKeysForDid(s.db, id.DID.String())
266	if err != nil {
267		w.WriteHeader(http.StatusNotFound)
268		return
269	}
270
271	if len(pubKeys) == 0 {
272		w.WriteHeader(http.StatusNotFound)
273		return
274	}
275
276	for _, k := range pubKeys {
277		key := strings.TrimRight(k.Key, "\n")
278		w.Write([]byte(fmt.Sprintln(key)))
279	}
280}
281
282func validateRepoName(name string) error {
283	// check for path traversal attempts
284	if name == "." || name == ".." ||
285		strings.Contains(name, "/") || strings.Contains(name, "\\") {
286		return fmt.Errorf("Repository name contains invalid path characters")
287	}
288
289	// check for sequences that could be used for traversal when normalized
290	if strings.Contains(name, "./") || strings.Contains(name, "../") ||
291		strings.HasPrefix(name, ".") || strings.HasSuffix(name, ".") {
292		return fmt.Errorf("Repository name contains invalid path sequence")
293	}
294
295	// then continue with character validation
296	for _, char := range name {
297		if !((char >= 'a' && char <= 'z') ||
298			(char >= 'A' && char <= 'Z') ||
299			(char >= '0' && char <= '9') ||
300			char == '-' || char == '_' || char == '.') {
301			return fmt.Errorf("Repository name can only contain alphanumeric characters, periods, hyphens, and underscores")
302		}
303	}
304
305	// additional check to prevent multiple sequential dots
306	if strings.Contains(name, "..") {
307		return fmt.Errorf("Repository name cannot contain sequential dots")
308	}
309
310	// if all checks pass
311	return nil
312}
313
314func stripGitExt(name string) string {
315	return strings.TrimSuffix(name, ".git")
316}
317
318func (s *State) NewRepo(w http.ResponseWriter, r *http.Request) {
319	switch r.Method {
320	case http.MethodGet:
321		user := s.oauth.GetUser(r)
322		knots, err := s.enforcer.GetKnotsForUser(user.Did)
323		if err != nil {
324			s.pages.Notice(w, "repo", "Invalid user account.")
325			return
326		}
327
328		s.pages.NewRepo(w, pages.NewRepoParams{
329			LoggedInUser: user,
330			Knots:        knots,
331		})
332
333	case http.MethodPost:
334		l := s.logger.With("handler", "NewRepo")
335
336		user := s.oauth.GetUser(r)
337		l = l.With("did", user.Did)
338		l = l.With("handle", user.Handle)
339
340		// form validation
341		domain := r.FormValue("domain")
342		if domain == "" {
343			s.pages.Notice(w, "repo", "Invalid form submission&mdash;missing knot domain.")
344			return
345		}
346		l = l.With("knot", domain)
347
348		repoName := r.FormValue("name")
349		if repoName == "" {
350			s.pages.Notice(w, "repo", "Repository name cannot be empty.")
351			return
352		}
353
354		if err := validateRepoName(repoName); err != nil {
355			s.pages.Notice(w, "repo", err.Error())
356			return
357		}
358		repoName = stripGitExt(repoName)
359		l = l.With("repoName", repoName)
360
361		defaultBranch := r.FormValue("branch")
362		if defaultBranch == "" {
363			defaultBranch = "main"
364		}
365		l = l.With("defaultBranch", defaultBranch)
366
367		description := r.FormValue("description")
368
369		// ACL validation
370		ok, err := s.enforcer.E.Enforce(user.Did, domain, domain, "repo:create")
371		if err != nil || !ok {
372			l.Info("unauthorized")
373			s.pages.Notice(w, "repo", "You do not have permission to create a repo in this knot.")
374			return
375		}
376
377		// Check for existing repos
378		existingRepo, err := db.GetRepo(s.db, user.Did, repoName)
379		if err == nil && existingRepo != nil {
380			l.Info("repo exists")
381			s.pages.Notice(w, "repo", fmt.Sprintf("You already have a repository by this name on %s", existingRepo.Knot))
382			return
383		}
384
385		// create atproto record for this repo
386		rkey := tid.TID()
387		repo := &db.Repo{
388			Did:         user.Did,
389			Name:        repoName,
390			Knot:        domain,
391			Rkey:        rkey,
392			Description: description,
393		}
394
395		xrpcClient, err := s.oauth.AuthorizedClient(r)
396		if err != nil {
397			l.Info("PDS write failed", "err", err)
398			s.pages.Notice(w, "repo", "Failed to write record to PDS.")
399			return
400		}
401
402		createdAt := time.Now().Format(time.RFC3339)
403		atresp, err := xrpcClient.RepoPutRecord(r.Context(), &comatproto.RepoPutRecord_Input{
404			Collection: tangled.RepoNSID,
405			Repo:       user.Did,
406			Rkey:       rkey,
407			Record: &lexutil.LexiconTypeDecoder{
408				Val: &tangled.Repo{
409					Knot:      repo.Knot,
410					Name:      repoName,
411					CreatedAt: createdAt,
412					Owner:     user.Did,
413				}},
414		})
415		if err != nil {
416			l.Info("PDS write failed", "err", err)
417			s.pages.Notice(w, "repo", "Failed to announce repository creation.")
418			return
419		}
420
421		aturi := atresp.Uri
422		l = l.With("aturi", aturi)
423		l.Info("wrote to PDS")
424
425		tx, err := s.db.BeginTx(r.Context(), nil)
426		if err != nil {
427			l.Info("txn failed", "err", err)
428			s.pages.Notice(w, "repo", "Failed to save repository information.")
429			return
430		}
431
432		// The rollback function reverts a few things on failure:
433		// - the pending txn
434		// - the ACLs
435		// - the atproto record created
436		rollback := func() {
437			err1 := tx.Rollback()
438			err2 := s.enforcer.E.LoadPolicy()
439			err3 := rollbackRecord(context.Background(), aturi, xrpcClient)
440
441			// ignore txn complete errors, this is okay
442			if errors.Is(err1, sql.ErrTxDone) {
443				err1 = nil
444			}
445
446			if errs := errors.Join(err1, err2, err3); errs != nil {
447				l.Error("failed to rollback changes", "errs", errs)
448				return
449			}
450		}
451		defer rollback()
452
453		client, err := s.oauth.ServiceClient(
454			r,
455			oauth.WithService(domain),
456			oauth.WithLxm(tangled.RepoCreateNSID),
457			oauth.WithDev(s.config.Core.Dev),
458		)
459		if err != nil {
460			l.Error("service auth failed", "err", err)
461			s.pages.Notice(w, "repo", "Failed to reach PDS.")
462			return
463		}
464
465		xe := tangled.RepoCreate(
466			r.Context(),
467			client,
468			&tangled.RepoCreate_Input{
469				Rkey: rkey,
470			},
471		)
472		if err := xrpcclient.HandleXrpcErr(xe); err != nil {
473			l.Error("xrpc error", "xe", xe)
474			s.pages.Notice(w, "repo", err.Error())
475			return
476		}
477
478		err = db.AddRepo(tx, repo)
479		if err != nil {
480			l.Error("db write failed", "err", err)
481			s.pages.Notice(w, "repo", "Failed to save repository information.")
482			return
483		}
484
485		// acls
486		p, _ := securejoin.SecureJoin(user.Did, repoName)
487		err = s.enforcer.AddRepo(user.Did, domain, p)
488		if err != nil {
489			l.Error("acl setup failed", "err", err)
490			s.pages.Notice(w, "repo", "Failed to set up repository permissions.")
491			return
492		}
493
494		err = tx.Commit()
495		if err != nil {
496			l.Error("txn commit failed", "err", err)
497			http.Error(w, err.Error(), http.StatusInternalServerError)
498			return
499		}
500
501		err = s.enforcer.E.SavePolicy()
502		if err != nil {
503			l.Error("acl save failed", "err", err)
504			http.Error(w, err.Error(), http.StatusInternalServerError)
505			return
506		}
507
508		// reset the ATURI because the transaction completed successfully
509		aturi = ""
510
511		s.notifier.NewRepo(r.Context(), repo)
512		s.pages.HxLocation(w, fmt.Sprintf("/@%s/%s", user.Handle, repoName))
513	}
514}
515
516// this is used to rollback changes made to the PDS
517//
518// it is a no-op if the provided ATURI is empty
519func rollbackRecord(ctx context.Context, aturi string, xrpcc *xrpcclient.Client) error {
520	if aturi == "" {
521		return nil
522	}
523
524	parsed := syntax.ATURI(aturi)
525
526	collection := parsed.Collection().String()
527	repo := parsed.Authority().String()
528	rkey := parsed.RecordKey().String()
529
530	_, err := xrpcc.RepoDeleteRecord(ctx, &comatproto.RepoDeleteRecord_Input{
531		Collection: collection,
532		Repo:       repo,
533		Rkey:       rkey,
534	})
535	return err
536}