knotserver/xrpc/xrpc.go at 6adfb3a92d7116d0ffd30a51e1ca606d04bc4b62 · tangled.org/core

tangled.org / core
this repo has no description
core / knotserver / xrpc / xrpc.go
at 6adfb3a92d7116d0ffd30a51e1ca606d04bc4b62 4.4 kB view raw
  1package xrpc
  2
  3import (
  4	"encoding/json"
  5	"log/slog"
  6	"net/http"
  7	"net/url"
  8	"strings"
  9
 10	securejoin "github.com/cyphar/filepath-securejoin"
 11	"tangled.sh/tangled.sh/core/api/tangled"
 12	"tangled.sh/tangled.sh/core/idresolver"
 13	"tangled.sh/tangled.sh/core/jetstream"
 14	"tangled.sh/tangled.sh/core/knotserver/config"
 15	"tangled.sh/tangled.sh/core/knotserver/db"
 16	"tangled.sh/tangled.sh/core/notifier"
 17	"tangled.sh/tangled.sh/core/rbac"
 18	xrpcerr "tangled.sh/tangled.sh/core/xrpc/errors"
 19	"tangled.sh/tangled.sh/core/xrpc/serviceauth"
 20
 21	"github.com/go-chi/chi/v5"
 22)
 23
 24type Xrpc struct {
 25	Config      *config.Config
 26	Db          *db.DB
 27	Ingester    *jetstream.JetstreamClient
 28	Enforcer    *rbac.Enforcer
 29	Logger      *slog.Logger
 30	Notifier    *notifier.Notifier
 31	Resolver    *idresolver.Resolver
 32	ServiceAuth *serviceauth.ServiceAuth
 33}
 34
 35func (x *Xrpc) Router() http.Handler {
 36	r := chi.NewRouter()
 37
 38	r.Group(func(r chi.Router) {
 39		r.Use(x.ServiceAuth.VerifyServiceAuth)
 40
 41		r.Post("/"+tangled.RepoSetDefaultBranchNSID, x.SetDefaultBranch)
 42		r.Post("/"+tangled.RepoCreateNSID, x.CreateRepo)
 43		r.Post("/"+tangled.RepoDeleteNSID, x.DeleteRepo)
 44		r.Post("/"+tangled.RepoForkStatusNSID, x.ForkStatus)
 45		r.Post("/"+tangled.RepoForkSyncNSID, x.ForkSync)
 46		r.Post("/"+tangled.RepoHiddenRefNSID, x.HiddenRef)
 47		r.Post("/"+tangled.RepoMergeNSID, x.Merge)
 48	})
 49
 50	// merge check is an open endpoint
 51	//
 52	// TODO: should we constrain this more?
 53	// - we can calculate on PR submit/resubmit/gitRefUpdate etc.
 54	// - use ETags on clients to keep requests to a minimum
 55	r.Post("/"+tangled.RepoMergeCheckNSID, x.MergeCheck)
 56
 57	// repo query endpoints (no auth required)
 58	r.Get("/"+tangled.RepoTreeNSID, x.RepoTree)
 59	r.Get("/"+tangled.RepoLogNSID, x.RepoLog)
 60	r.Get("/"+tangled.RepoBranchesNSID, x.RepoBranches)
 61	r.Get("/"+tangled.RepoTagsNSID, x.RepoTags)
 62	r.Get("/"+tangled.RepoBlobNSID, x.RepoBlob)
 63	r.Get("/"+tangled.RepoDiffNSID, x.RepoDiff)
 64	r.Get("/"+tangled.RepoCompareNSID, x.RepoCompare)
 65	r.Get("/"+tangled.RepoGetDefaultBranchNSID, x.RepoGetDefaultBranch)
 66	r.Get("/"+tangled.RepoBranchNSID, x.RepoBranch)
 67	r.Get("/"+tangled.RepoArchiveNSID, x.RepoArchive)
 68	r.Get("/"+tangled.RepoLanguagesNSID, x.RepoLanguages)
 69
 70	// knot query endpoints (no auth required)
 71	r.Get("/"+tangled.KnotListKeysNSID, x.ListKeys)
 72
 73	// service query endpoints (no auth required)
 74	r.Get("/"+tangled.OwnerNSID, x.Owner)
 75
 76	return r
 77}
 78
 79// parseRepoParam parses a repo parameter in 'did/repoName' format and returns
 80// the full repository path on disk
 81func (x *Xrpc) parseRepoParam(repo string) (string, error) {
 82	if repo == "" {
 83		return "", xrpcerr.NewXrpcError(
 84			xrpcerr.WithTag("InvalidRequest"),
 85			xrpcerr.WithMessage("missing repo parameter"),
 86		)
 87	}
 88
 89	// Parse repo string (did/repoName format)
 90	parts := strings.Split(repo, "/")
 91	if len(parts) < 2 {
 92		return "", xrpcerr.NewXrpcError(
 93			xrpcerr.WithTag("InvalidRequest"),
 94			xrpcerr.WithMessage("invalid repo format, expected 'did/repoName'"),
 95		)
 96	}
 97
 98	did := strings.Join(parts[:len(parts)-1], "/")
 99	repoName := parts[len(parts)-1]
100
101	// Construct repository path using the same logic as didPath
102	didRepoPath, err := securejoin.SecureJoin(did, repoName)
103	if err != nil {
104		return "", xrpcerr.NewXrpcError(
105			xrpcerr.WithTag("RepoNotFound"),
106			xrpcerr.WithMessage("failed to access repository"),
107		)
108	}
109
110	repoPath, err := securejoin.SecureJoin(x.Config.Repo.ScanPath, didRepoPath)
111	if err != nil {
112		return "", xrpcerr.NewXrpcError(
113			xrpcerr.WithTag("RepoNotFound"),
114			xrpcerr.WithMessage("failed to access repository"),
115		)
116	}
117
118	return repoPath, nil
119}
120
121// parseStandardParams parses common query parameters used by most handlers
122func (x *Xrpc) parseStandardParams(r *http.Request) (repo, repoPath, ref string, err error) {
123	// Parse repo parameter
124	repo = r.URL.Query().Get("repo")
125	repoPath, err = x.parseRepoParam(repo)
126	if err != nil {
127		return "", "", "", err
128	}
129
130	// Parse and unescape ref parameter
131	refParam := r.URL.Query().Get("ref")
132	if refParam == "" {
133		return "", "", "", xrpcerr.NewXrpcError(
134			xrpcerr.WithTag("InvalidRequest"),
135			xrpcerr.WithMessage("missing ref parameter"),
136		)
137	}
138
139	ref, _ = url.QueryUnescape(refParam)
140	return repo, repoPath, ref, nil
141}
142
143func writeError(w http.ResponseWriter, e xrpcerr.XrpcError, status int) {
144	w.Header().Set("Content-Type", "application/json")
145	w.WriteHeader(status)
146	json.NewEncoder(w).Encode(e)
147}