tangled.org / core
this repo has no description
fork atom
core / appview / state / router.go
at abf6b940ee5aee5c033d9d189aa901711122ce23 8.7 kB view raw
1package state 2 3import ( 4 "net/http" 5 "strings" 6 7 "github.com/go-chi/chi/v5" 8 "github.com/gorilla/sessions" 9 "tangled.sh/tangled.sh/core/appview/middleware" 10 oauthhandler "tangled.sh/tangled.sh/core/appview/oauth/handler" 11 "tangled.sh/tangled.sh/core/appview/settings" 12 "tangled.sh/tangled.sh/core/appview/state/userutil" 13) 14 15func (s *State) Router() http.Handler { 16 router := chi.NewRouter() 17 18 router.HandleFunc("/*", func(w http.ResponseWriter, r *http.Request) { 19 pat := chi.URLParam(r, "*") 20 if strings.HasPrefix(pat, "did:") || strings.HasPrefix(pat, "@") { 21 s.UserRouter().ServeHTTP(w, r) 22 } else { 23 // Check if the first path element is a valid handle without '@' or a flattened DID 24 pathParts := strings.SplitN(pat, "/", 2) 25 if len(pathParts) > 0 { 26 if userutil.IsHandleNoAt(pathParts[0]) { 27 // Redirect to the same path but with '@' prefixed to the handle 28 redirectPath := "@" + pat 29 http.Redirect(w, r, "/"+redirectPath, http.StatusFound) 30 return 31 } else if userutil.IsFlattenedDid(pathParts[0]) { 32 // Redirect to the unflattened DID version 33 unflattenedDid := userutil.UnflattenDid(pathParts[0]) 34 var redirectPath string 35 if len(pathParts) > 1 { 36 redirectPath = unflattenedDid + "/" + pathParts[1] 37 } else { 38 redirectPath = unflattenedDid 39 } 40 http.Redirect(w, r, "/"+redirectPath, http.StatusFound) 41 return 42 } 43 } 44 s.StandardRouter().ServeHTTP(w, r) 45 } 46 }) 47 48 return router 49} 50 51func (s *State) UserRouter() http.Handler { 52 r := chi.NewRouter() 53 54 // strip @ from user 55 r.Use(StripLeadingAt) 56 57 r.With(ResolveIdent(s)).Route("/{user}", func(r chi.Router) { 58 r.Get("/", s.Profile) 59 60 r.With(ResolveRepo(s)).Route("/{repo}", func(r chi.Router) { 61 r.Use(GoImport(s)) 62 63 r.Get("/", s.RepoIndex) 64 r.Get("/commits/{ref}", s.RepoLog) 65 r.Route("/tree/{ref}", func(r chi.Router) { 66 r.Get("/", s.RepoIndex) 67 r.Get("/*", s.RepoTree) 68 }) 69 r.Get("/commit/{ref}", s.RepoCommit) 70 r.Get("/branches", s.RepoBranches) 71 r.Route("/tags", func(r chi.Router) { 72 r.Get("/", s.RepoTags) 73 r.Route("/{tag}", func(r chi.Router) { 74 r.Use(middleware.AuthMiddleware(s.oauth)) 75 // require auth to download for now 76 r.Get("/download/{file}", s.DownloadArtifact) 77 78 // require repo:push to upload or delete artifacts 79 // 80 // additionally: only the uploader can truly delete an artifact 81 // (record+blob will live on their pds) 82 r.Group(func(r chi.Router) { 83 r.With(RepoPermissionMiddleware(s, "repo:push")) 84 r.Post("/upload", s.AttachArtifact) 85 r.Delete("/{file}", s.DeleteArtifact) 86 }) 87 }) 88 }) 89 r.Get("/blob/{ref}/*", s.RepoBlob) 90 r.Get("/raw/{ref}/*", s.RepoBlobRaw) 91 92 r.Route("/issues", func(r chi.Router) { 93 r.With(middleware.Paginate).Get("/", s.RepoIssues) 94 r.Get("/{issue}", s.RepoSingleIssue) 95 96 r.Group(func(r chi.Router) { 97 r.Use(middleware.AuthMiddleware(s.oauth)) 98 r.Get("/new", s.NewIssue) 99 r.Post("/new", s.NewIssue) 100 r.Post("/{issue}/comment", s.NewIssueComment) 101 r.Route("/{issue}/comment/{comment_id}/", func(r chi.Router) { 102 r.Get("/", s.IssueComment) 103 r.Delete("/", s.DeleteIssueComment) 104 r.Get("/edit", s.EditIssueComment) 105 r.Post("/edit", s.EditIssueComment) 106 }) 107 r.Post("/{issue}/close", s.CloseIssue) 108 r.Post("/{issue}/reopen", s.ReopenIssue) 109 }) 110 }) 111 112 r.Route("/fork", func(r chi.Router) { 113 r.Use(middleware.AuthMiddleware(s.oauth)) 114 r.Get("/", s.ForkRepo) 115 r.Post("/", s.ForkRepo) 116 r.With(RepoPermissionMiddleware(s, "repo:owner")).Route("/sync", func(r chi.Router) { 117 r.Post("/", s.SyncRepoFork) 118 }) 119 }) 120 121 r.Route("/compare", func(r chi.Router) { 122 r.Get("/", s.RepoCompare) 123 124 // we have to wildcard here since we want to support GitHub's compare syntax 125 // /compare/{ref1}...{ref2} 126 // for example: 127 // /compare/master...some/feature 128 // /compare/master...example.com:another/feature <- this is a fork 129 r.Get("/*", s.RepoCompareDiff) 130 }) 131 132 r.Route("/pulls", func(r chi.Router) { 133 r.Get("/", s.RepoPulls) 134 r.With(middleware.AuthMiddleware(s.oauth)).Route("/new", func(r chi.Router) { 135 r.Get("/", s.NewPull) 136 r.Get("/patch-upload", s.PatchUploadFragment) 137 r.Post("/validate-patch", s.ValidatePatch) 138 r.Get("/compare-branches", s.CompareBranchesFragment) 139 r.Get("/compare-forks", s.CompareForksFragment) 140 r.Get("/fork-branches", s.CompareForksBranchesFragment) 141 r.Post("/", s.NewPull) 142 }) 143 144 r.Route("/{pull}", func(r chi.Router) { 145 r.Use(ResolvePull(s)) 146 r.Get("/", s.RepoSinglePull) 147 148 r.Route("/round/{round}", func(r chi.Router) { 149 r.Get("/", s.RepoPullPatch) 150 r.Get("/interdiff", s.RepoPullInterdiff) 151 r.Get("/actions", s.PullActions) 152 r.With(middleware.AuthMiddleware(s.oauth)).Route("/comment", func(r chi.Router) { 153 r.Get("/", s.PullComment) 154 r.Post("/", s.PullComment) 155 }) 156 }) 157 158 r.Route("/round/{round}.patch", func(r chi.Router) { 159 r.Get("/", s.RepoPullPatchRaw) 160 }) 161 162 r.Group(func(r chi.Router) { 163 r.Use(middleware.AuthMiddleware(s.oauth)) 164 r.Route("/resubmit", func(r chi.Router) { 165 r.Get("/", s.ResubmitPull) 166 r.Post("/", s.ResubmitPull) 167 }) 168 r.Post("/close", s.ClosePull) 169 r.Post("/reopen", s.ReopenPull) 170 // collaborators only 171 r.Group(func(r chi.Router) { 172 r.Use(RepoPermissionMiddleware(s, "repo:push")) 173 r.Post("/merge", s.MergePull) 174 // maybe lock, etc. 175 }) 176 }) 177 }) 178 }) 179 180 // These routes get proxied to the knot 181 r.Get("/info/refs", s.InfoRefs) 182 r.Post("/git-upload-pack", s.UploadPack) 183 r.Post("/git-receive-pack", s.ReceivePack) 184 185 // settings routes, needs auth 186 r.Group(func(r chi.Router) { 187 r.Use(middleware.AuthMiddleware(s.oauth)) 188 // repo description can only be edited by owner 189 r.With(RepoPermissionMiddleware(s, "repo:owner")).Route("/description", func(r chi.Router) { 190 r.Put("/", s.RepoDescription) 191 r.Get("/", s.RepoDescription) 192 r.Get("/edit", s.RepoDescriptionEdit) 193 }) 194 r.With(RepoPermissionMiddleware(s, "repo:settings")).Route("/settings", func(r chi.Router) { 195 r.Get("/", s.RepoSettings) 196 r.With(RepoPermissionMiddleware(s, "repo:invite")).Put("/collaborator", s.AddCollaborator) 197 r.With(RepoPermissionMiddleware(s, "repo:delete")).Delete("/delete", s.DeleteRepo) 198 r.Put("/branches/default", s.SetDefaultBranch) 199 }) 200 }) 201 }) 202 }) 203 204 r.NotFound(func(w http.ResponseWriter, r *http.Request) { 205 s.pages.Error404(w) 206 }) 207 208 return r 209} 210 211func (s *State) StandardRouter() http.Handler { 212 r := chi.NewRouter() 213 214 r.Handle("/static/*", s.pages.Static()) 215 216 r.Get("/", s.Timeline) 217 218 r.With(middleware.AuthMiddleware(s.oauth)).Post("/logout", s.Logout) 219 220 r.Route("/knots", func(r chi.Router) { 221 r.Use(middleware.AuthMiddleware(s.oauth)) 222 r.Get("/", s.Knots) 223 r.Post("/key", s.RegistrationKey) 224 225 r.Route("/{domain}", func(r chi.Router) { 226 r.Post("/init", s.InitKnotServer) 227 r.Get("/", s.KnotServerInfo) 228 r.Route("/member", func(r chi.Router) { 229 r.Use(KnotOwner(s)) 230 r.Get("/", s.ListMembers) 231 r.Put("/", s.AddMember) 232 r.Delete("/", s.RemoveMember) 233 }) 234 }) 235 }) 236 237 r.Route("/repo", func(r chi.Router) { 238 r.Route("/new", func(r chi.Router) { 239 r.Use(middleware.AuthMiddleware(s.oauth)) 240 r.Get("/", s.NewRepo) 241 r.Post("/", s.NewRepo) 242 }) 243 // r.Post("/import", s.ImportRepo) 244 }) 245 246 r.With(middleware.AuthMiddleware(s.oauth)).Route("/follow", func(r chi.Router) { 247 r.Post("/", s.Follow) 248 r.Delete("/", s.Follow) 249 }) 250 251 r.With(middleware.AuthMiddleware(s.oauth)).Route("/star", func(r chi.Router) { 252 r.Post("/", s.Star) 253 r.Delete("/", s.Star) 254 }) 255 256 r.Route("/profile", func(r chi.Router) { 257 r.Use(middleware.AuthMiddleware(s.oauth)) 258 r.Get("/edit-bio", s.EditBioFragment) 259 r.Get("/edit-pins", s.EditPinsFragment) 260 r.Post("/bio", s.UpdateProfileBio) 261 r.Post("/pins", s.UpdateProfilePins) 262 }) 263 264 r.Mount("/settings", s.SettingsRouter()) 265 r.Mount("/", s.OAuthRouter()) 266 r.Get("/keys/{user}", s.Keys) 267 268 r.NotFound(func(w http.ResponseWriter, r *http.Request) { 269 s.pages.Error404(w) 270 }) 271 return r 272} 273 274func (s *State) OAuthRouter() http.Handler { 275 oauth := &oauthhandler.OAuthHandler{ 276 Config: s.config, 277 Pages: s.pages, 278 Resolver: s.resolver, 279 Db: s.db, 280 Store: sessions.NewCookieStore([]byte(s.config.Core.CookieSecret)), 281 OAuth: s.oauth, 282 Enforcer: s.enforcer, 283 Posthog: s.posthog, 284 } 285 286 return oauth.Router() 287} 288 289func (s *State) SettingsRouter() http.Handler { 290 settings := &settings.Settings{ 291 Db: s.db, 292 OAuth: s.oauth, 293 Pages: s.pages, 294 Config: s.config, 295 } 296 297 return settings.Router() 298}