appview/state/router.go at c200b4ec00a835f5751dc26e663d7f18f408e619 · tangled.org/core

tangled.org / core
this repo has no description
core / appview / state / router.go
at c200b4ec00a835f5751dc26e663d7f18f408e619 8.9 kB view raw
  1package state
  2
  3import (
  4	"net/http"
  5	"strings"
  6
  7	"github.com/go-chi/chi/v5"
  8	"github.com/gorilla/sessions"
  9	"tangled.sh/tangled.sh/core/appview/middleware"
 10	oauthhandler "tangled.sh/tangled.sh/core/appview/oauth/handler"
 11	"tangled.sh/tangled.sh/core/appview/settings"
 12	"tangled.sh/tangled.sh/core/appview/state/userutil"
 13)
 14
 15func (s *State) Router() http.Handler {
 16	router := chi.NewRouter()
 17
 18	router.HandleFunc("/*", func(w http.ResponseWriter, r *http.Request) {
 19		pat := chi.URLParam(r, "*")
 20		if strings.HasPrefix(pat, "did:") || strings.HasPrefix(pat, "@") {
 21			s.UserRouter().ServeHTTP(w, r)
 22		} else {
 23			// Check if the first path element is a valid handle without '@' or a flattened DID
 24			pathParts := strings.SplitN(pat, "/", 2)
 25			if len(pathParts) > 0 {
 26				if userutil.IsHandleNoAt(pathParts[0]) {
 27					// Redirect to the same path but with '@' prefixed to the handle
 28					redirectPath := "@" + pat
 29					http.Redirect(w, r, "/"+redirectPath, http.StatusFound)
 30					return
 31				} else if userutil.IsFlattenedDid(pathParts[0]) {
 32					// Redirect to the unflattened DID version
 33					unflattenedDid := userutil.UnflattenDid(pathParts[0])
 34					var redirectPath string
 35					if len(pathParts) > 1 {
 36						redirectPath = unflattenedDid + "/" + pathParts[1]
 37					} else {
 38						redirectPath = unflattenedDid
 39					}
 40					http.Redirect(w, r, "/"+redirectPath, http.StatusFound)
 41					return
 42				}
 43			}
 44			s.StandardRouter().ServeHTTP(w, r)
 45		}
 46	})
 47
 48	return router
 49}
 50
 51func (s *State) UserRouter() http.Handler {
 52	r := chi.NewRouter()
 53
 54	// strip @ from user
 55	r.Use(StripLeadingAt)
 56
 57	r.With(ResolveIdent(s)).Route("/{user}", func(r chi.Router) {
 58		r.Get("/", s.Profile)
 59
 60		r.With(ResolveRepo(s)).Route("/{repo}", func(r chi.Router) {
 61			r.Use(GoImport(s))
 62
 63			r.Get("/", s.RepoIndex)
 64			r.Get("/commits/{ref}", s.RepoLog)
 65			r.Route("/tree/{ref}", func(r chi.Router) {
 66				r.Get("/", s.RepoIndex)
 67				r.Get("/*", s.RepoTree)
 68			})
 69			r.Get("/commit/{ref}", s.RepoCommit)
 70			r.Get("/branches", s.RepoBranches)
 71			r.Route("/tags", func(r chi.Router) {
 72				r.Get("/", s.RepoTags)
 73				r.Route("/{tag}", func(r chi.Router) {
 74					r.Use(middleware.AuthMiddleware(s.oauth))
 75					// require auth to download for now
 76					r.Get("/download/{file}", s.DownloadArtifact)
 77
 78					// require repo:push to upload or delete artifacts
 79					//
 80					// additionally: only the uploader can truly delete an artifact
 81					// (record+blob will live on their pds)
 82					r.Group(func(r chi.Router) {
 83						r.With(RepoPermissionMiddleware(s, "repo:push"))
 84						r.Post("/upload", s.AttachArtifact)
 85						r.Delete("/{file}", s.DeleteArtifact)
 86					})
 87				})
 88			})
 89			r.Get("/blob/{ref}/*", s.RepoBlob)
 90			r.Get("/raw/{ref}/*", s.RepoBlobRaw)
 91
 92			r.Route("/issues", func(r chi.Router) {
 93				r.With(middleware.Paginate).Get("/", s.RepoIssues)
 94				r.Get("/{issue}", s.RepoSingleIssue)
 95
 96				r.Group(func(r chi.Router) {
 97					r.Use(middleware.AuthMiddleware(s.oauth))
 98					r.Get("/new", s.NewIssue)
 99					r.Post("/new", s.NewIssue)
100					r.Post("/{issue}/comment", s.NewIssueComment)
101					r.Route("/{issue}/comment/{comment_id}/", func(r chi.Router) {
102						r.Get("/", s.IssueComment)
103						r.Delete("/", s.DeleteIssueComment)
104						r.Get("/edit", s.EditIssueComment)
105						r.Post("/edit", s.EditIssueComment)
106					})
107					r.Post("/{issue}/close", s.CloseIssue)
108					r.Post("/{issue}/reopen", s.ReopenIssue)
109				})
110			})
111
112			r.Route("/fork", func(r chi.Router) {
113				r.Use(middleware.AuthMiddleware(s.oauth))
114				r.Get("/", s.ForkRepo)
115				r.Post("/", s.ForkRepo)
116				r.With(RepoPermissionMiddleware(s, "repo:owner")).Route("/sync", func(r chi.Router) {
117					r.Post("/", s.SyncRepoFork)
118				})
119			})
120
121			r.Route("/compare", func(r chi.Router) {
122				r.Get("/", s.RepoCompare)
123
124				// we have to wildcard here since we want to support GitHub's compare syntax
125				//   /compare/{ref1}...{ref2}
126				// for example:
127				//   /compare/master...some/feature
128				//   /compare/master...example.com:another/feature <- this is a fork
129				r.Get("/{base}/{head}", s.RepoCompare)
130				r.Get("/diff/{base}/{head}", s.RepoCompareDiffFragment)
131				r.Get("/allow-pull/{base}/{head}", s.RepoCompareAllowPullFragment)
132				r.Get("/*", s.RepoCompare)
133			})
134
135			r.Route("/pulls", func(r chi.Router) {
136				r.Get("/", s.RepoPulls)
137				r.With(middleware.AuthMiddleware(s.oauth)).Route("/new", func(r chi.Router) {
138					r.Get("/", s.NewPull)
139					r.Get("/patch-upload", s.PatchUploadFragment)
140					r.Post("/validate-patch", s.ValidatePatch)
141					r.Get("/compare-branches", s.CompareBranchesFragment)
142					r.Get("/compare-forks", s.CompareForksFragment)
143					r.Get("/fork-branches", s.CompareForksBranchesFragment)
144					r.Post("/", s.NewPull)
145				})
146
147				r.Route("/{pull}", func(r chi.Router) {
148					r.Use(ResolvePull(s))
149					r.Get("/", s.RepoSinglePull)
150
151					r.Route("/round/{round}", func(r chi.Router) {
152						r.Get("/", s.RepoPullPatch)
153						r.Get("/interdiff", s.RepoPullInterdiff)
154						r.Get("/actions", s.PullActions)
155						r.With(middleware.AuthMiddleware(s.oauth)).Route("/comment", func(r chi.Router) {
156							r.Get("/", s.PullComment)
157							r.Post("/", s.PullComment)
158						})
159					})
160
161					r.Route("/round/{round}.patch", func(r chi.Router) {
162						r.Get("/", s.RepoPullPatchRaw)
163					})
164
165					r.Group(func(r chi.Router) {
166						r.Use(middleware.AuthMiddleware(s.oauth))
167						r.Route("/resubmit", func(r chi.Router) {
168							r.Get("/", s.ResubmitPull)
169							r.Post("/", s.ResubmitPull)
170						})
171						r.Post("/close", s.ClosePull)
172						r.Post("/reopen", s.ReopenPull)
173						// collaborators only
174						r.Group(func(r chi.Router) {
175							r.Use(RepoPermissionMiddleware(s, "repo:push"))
176							r.Post("/merge", s.MergePull)
177							// maybe lock, etc.
178						})
179					})
180				})
181			})
182
183			// These routes get proxied to the knot
184			r.Get("/info/refs", s.InfoRefs)
185			r.Post("/git-upload-pack", s.UploadPack)
186			r.Post("/git-receive-pack", s.ReceivePack)
187
188			// settings routes, needs auth
189			r.Group(func(r chi.Router) {
190				r.Use(middleware.AuthMiddleware(s.oauth))
191				// repo description can only be edited by owner
192				r.With(RepoPermissionMiddleware(s, "repo:owner")).Route("/description", func(r chi.Router) {
193					r.Put("/", s.RepoDescription)
194					r.Get("/", s.RepoDescription)
195					r.Get("/edit", s.RepoDescriptionEdit)
196				})
197				r.With(RepoPermissionMiddleware(s, "repo:settings")).Route("/settings", func(r chi.Router) {
198					r.Get("/", s.RepoSettings)
199					r.With(RepoPermissionMiddleware(s, "repo:invite")).Put("/collaborator", s.AddCollaborator)
200					r.With(RepoPermissionMiddleware(s, "repo:delete")).Delete("/delete", s.DeleteRepo)
201					r.Put("/branches/default", s.SetDefaultBranch)
202				})
203			})
204		})
205	})
206
207	r.NotFound(func(w http.ResponseWriter, r *http.Request) {
208		s.pages.Error404(w)
209	})
210
211	return r
212}
213
214func (s *State) StandardRouter() http.Handler {
215	r := chi.NewRouter()
216
217	r.Handle("/static/*", s.pages.Static())
218
219	r.Get("/", s.Timeline)
220
221	r.With(middleware.AuthMiddleware(s.oauth)).Post("/logout", s.Logout)
222
223	r.Route("/knots", func(r chi.Router) {
224		r.Use(middleware.AuthMiddleware(s.oauth))
225		r.Get("/", s.Knots)
226		r.Post("/key", s.RegistrationKey)
227
228		r.Route("/{domain}", func(r chi.Router) {
229			r.Post("/init", s.InitKnotServer)
230			r.Get("/", s.KnotServerInfo)
231			r.Route("/member", func(r chi.Router) {
232				r.Use(KnotOwner(s))
233				r.Get("/", s.ListMembers)
234				r.Put("/", s.AddMember)
235				r.Delete("/", s.RemoveMember)
236			})
237		})
238	})
239
240	r.Route("/repo", func(r chi.Router) {
241		r.Route("/new", func(r chi.Router) {
242			r.Use(middleware.AuthMiddleware(s.oauth))
243			r.Get("/", s.NewRepo)
244			r.Post("/", s.NewRepo)
245		})
246		// r.Post("/import", s.ImportRepo)
247	})
248
249	r.With(middleware.AuthMiddleware(s.oauth)).Route("/follow", func(r chi.Router) {
250		r.Post("/", s.Follow)
251		r.Delete("/", s.Follow)
252	})
253
254	r.With(middleware.AuthMiddleware(s.oauth)).Route("/star", func(r chi.Router) {
255		r.Post("/", s.Star)
256		r.Delete("/", s.Star)
257	})
258
259	r.Route("/profile", func(r chi.Router) {
260		r.Use(middleware.AuthMiddleware(s.oauth))
261		r.Get("/edit-bio", s.EditBioFragment)
262		r.Get("/edit-pins", s.EditPinsFragment)
263		r.Post("/bio", s.UpdateProfileBio)
264		r.Post("/pins", s.UpdateProfilePins)
265	})
266
267	r.Mount("/settings", s.SettingsRouter())
268	r.Mount("/", s.OAuthRouter())
269	r.Get("/keys/{user}", s.Keys)
270
271	r.NotFound(func(w http.ResponseWriter, r *http.Request) {
272		s.pages.Error404(w)
273	})
274	return r
275}
276
277func (s *State) OAuthRouter() http.Handler {
278	oauth := &oauthhandler.OAuthHandler{
279		Config:   s.config,
280		Pages:    s.pages,
281		Resolver: s.resolver,
282		Db:       s.db,
283		Store:    sessions.NewCookieStore([]byte(s.config.Core.CookieSecret)),
284		OAuth:    s.oauth,
285		Enforcer: s.enforcer,
286		Posthog:  s.posthog,
287	}
288
289	return oauth.Router()
290}
291
292func (s *State) SettingsRouter() http.Handler {
293	settings := &settings.Settings{
294		Db:     s.db,
295		OAuth:  s.oauth,
296		Pages:  s.pages,
297		Config: s.config,
298	}
299
300	return settings.Router()
301}