appview/state/router.go at c83c2259e21b4853cc28e6c96f58b377651152f8 · tangled.org/core

tangled.org / core
this repo has no description
core / appview / state / router.go
at c83c2259e21b4853cc28e6c96f58b377651152f8 8.8 kB view raw
  1package state
  2
  3import (
  4	"net/http"
  5	"strings"
  6
  7	"github.com/go-chi/chi/v5"
  8	"github.com/gorilla/sessions"
  9	"tangled.sh/tangled.sh/core/appview/middleware"
 10	oauthhandler "tangled.sh/tangled.sh/core/appview/oauth/handler"
 11	"tangled.sh/tangled.sh/core/appview/settings"
 12	"tangled.sh/tangled.sh/core/appview/state/userutil"
 13)
 14
 15func (s *State) Router() http.Handler {
 16	router := chi.NewRouter()
 17
 18	router.HandleFunc("/*", func(w http.ResponseWriter, r *http.Request) {
 19		pat := chi.URLParam(r, "*")
 20		if strings.HasPrefix(pat, "did:") || strings.HasPrefix(pat, "@") {
 21			s.UserRouter().ServeHTTP(w, r)
 22		} else {
 23			// Check if the first path element is a valid handle without '@' or a flattened DID
 24			pathParts := strings.SplitN(pat, "/", 2)
 25			if len(pathParts) > 0 {
 26				if userutil.IsHandleNoAt(pathParts[0]) {
 27					// Redirect to the same path but with '@' prefixed to the handle
 28					redirectPath := "@" + pat
 29					http.Redirect(w, r, "/"+redirectPath, http.StatusFound)
 30					return
 31				} else if userutil.IsFlattenedDid(pathParts[0]) {
 32					// Redirect to the unflattened DID version
 33					unflattenedDid := userutil.UnflattenDid(pathParts[0])
 34					var redirectPath string
 35					if len(pathParts) > 1 {
 36						redirectPath = unflattenedDid + "/" + pathParts[1]
 37					} else {
 38						redirectPath = unflattenedDid
 39					}
 40					http.Redirect(w, r, "/"+redirectPath, http.StatusFound)
 41					return
 42				}
 43			}
 44			s.StandardRouter().ServeHTTP(w, r)
 45		}
 46	})
 47
 48	return router
 49}
 50
 51func (s *State) UserRouter() http.Handler {
 52	r := chi.NewRouter()
 53
 54	// strip @ from user
 55	r.Use(StripLeadingAt)
 56
 57	r.With(ResolveIdent(s)).Route("/{user}", func(r chi.Router) {
 58		r.Get("/", s.Profile)
 59
 60		r.With(ResolveRepo(s)).Route("/{repo}", func(r chi.Router) {
 61			r.Use(GoImport(s))
 62
 63			r.Get("/", s.RepoIndex)
 64			r.Get("/commits/{ref}", s.RepoLog)
 65			r.Route("/tree/{ref}", func(r chi.Router) {
 66				r.Get("/", s.RepoIndex)
 67				r.Get("/*", s.RepoTree)
 68			})
 69			r.Get("/commit/{ref}", s.RepoCommit)
 70			r.Get("/branches", s.RepoBranches)
 71			r.Route("/tags", func(r chi.Router) {
 72				r.Get("/", s.RepoTags)
 73				r.Route("/{tag}", func(r chi.Router) {
 74					r.Use(middleware.AuthMiddleware(s.oauth))
 75					// require auth to download for now
 76					r.Get("/download/{file}", s.DownloadArtifact)
 77
 78					// require repo:push to upload or delete artifacts
 79					//
 80					// additionally: only the uploader can truly delete an artifact
 81					// (record+blob will live on their pds)
 82					r.Group(func(r chi.Router) {
 83						r.With(RepoPermissionMiddleware(s, "repo:push"))
 84						r.Post("/upload", s.AttachArtifact)
 85						r.Delete("/{file}", s.DeleteArtifact)
 86					})
 87				})
 88			})
 89			r.Get("/blob/{ref}/*", s.RepoBlob)
 90			r.Get("/raw/{ref}/*", s.RepoBlobRaw)
 91
 92			r.Route("/issues", func(r chi.Router) {
 93				r.With(middleware.Paginate).Get("/", s.RepoIssues)
 94				r.Get("/{issue}", s.RepoSingleIssue)
 95
 96				r.Group(func(r chi.Router) {
 97					r.Use(middleware.AuthMiddleware(s.oauth))
 98					r.Get("/new", s.NewIssue)
 99					r.Post("/new", s.NewIssue)
100					r.Post("/{issue}/comment", s.NewIssueComment)
101					r.Route("/{issue}/comment/{comment_id}/", func(r chi.Router) {
102						r.Get("/", s.IssueComment)
103						r.Delete("/", s.DeleteIssueComment)
104						r.Get("/edit", s.EditIssueComment)
105						r.Post("/edit", s.EditIssueComment)
106					})
107					r.Post("/{issue}/close", s.CloseIssue)
108					r.Post("/{issue}/reopen", s.ReopenIssue)
109				})
110			})
111
112			r.Route("/fork", func(r chi.Router) {
113				r.Use(middleware.AuthMiddleware(s.oauth))
114				r.Get("/", s.ForkRepo)
115				r.Post("/", s.ForkRepo)
116				r.With(RepoPermissionMiddleware(s, "repo:owner")).Route("/sync", func(r chi.Router) {
117					r.Post("/", s.SyncRepoFork)
118				})
119			})
120
121			r.Route("/compare", func(r chi.Router) {
122				r.Get("/", s.RepoCompare)
123
124				// we have to wildcard here since we want to support GitHub's compare syntax
125				//   /compare/{ref1}...{ref2}
126				// for example:
127				//   /compare/master...some/feature
128				//   /compare/master...example.com:another/feature <- this is a fork
129				r.Get("/{base}/{head}", s.RepoCompare)
130				r.Get("/*", s.RepoCompare)
131				r.Get("/diff/{base}/{head}", s.RepoCompareDiffFragment)
132			})
133
134			r.Route("/pulls", func(r chi.Router) {
135				r.Get("/", s.RepoPulls)
136				r.With(middleware.AuthMiddleware(s.oauth)).Route("/new", func(r chi.Router) {
137					r.Get("/", s.NewPull)
138					r.Get("/patch-upload", s.PatchUploadFragment)
139					r.Post("/validate-patch", s.ValidatePatch)
140					r.Get("/compare-branches", s.CompareBranchesFragment)
141					r.Get("/compare-forks", s.CompareForksFragment)
142					r.Get("/fork-branches", s.CompareForksBranchesFragment)
143					r.Post("/", s.NewPull)
144				})
145
146				r.Route("/{pull}", func(r chi.Router) {
147					r.Use(ResolvePull(s))
148					r.Get("/", s.RepoSinglePull)
149
150					r.Route("/round/{round}", func(r chi.Router) {
151						r.Get("/", s.RepoPullPatch)
152						r.Get("/interdiff", s.RepoPullInterdiff)
153						r.Get("/actions", s.PullActions)
154						r.With(middleware.AuthMiddleware(s.oauth)).Route("/comment", func(r chi.Router) {
155							r.Get("/", s.PullComment)
156							r.Post("/", s.PullComment)
157						})
158					})
159
160					r.Route("/round/{round}.patch", func(r chi.Router) {
161						r.Get("/", s.RepoPullPatchRaw)
162					})
163
164					r.Group(func(r chi.Router) {
165						r.Use(middleware.AuthMiddleware(s.oauth))
166						r.Route("/resubmit", func(r chi.Router) {
167							r.Get("/", s.ResubmitPull)
168							r.Post("/", s.ResubmitPull)
169						})
170						r.Post("/close", s.ClosePull)
171						r.Post("/reopen", s.ReopenPull)
172						// collaborators only
173						r.Group(func(r chi.Router) {
174							r.Use(RepoPermissionMiddleware(s, "repo:push"))
175							r.Post("/merge", s.MergePull)
176							// maybe lock, etc.
177						})
178					})
179				})
180			})
181
182			// These routes get proxied to the knot
183			r.Get("/info/refs", s.InfoRefs)
184			r.Post("/git-upload-pack", s.UploadPack)
185			r.Post("/git-receive-pack", s.ReceivePack)
186
187			// settings routes, needs auth
188			r.Group(func(r chi.Router) {
189				r.Use(middleware.AuthMiddleware(s.oauth))
190				// repo description can only be edited by owner
191				r.With(RepoPermissionMiddleware(s, "repo:owner")).Route("/description", func(r chi.Router) {
192					r.Put("/", s.RepoDescription)
193					r.Get("/", s.RepoDescription)
194					r.Get("/edit", s.RepoDescriptionEdit)
195				})
196				r.With(RepoPermissionMiddleware(s, "repo:settings")).Route("/settings", func(r chi.Router) {
197					r.Get("/", s.RepoSettings)
198					r.With(RepoPermissionMiddleware(s, "repo:invite")).Put("/collaborator", s.AddCollaborator)
199					r.With(RepoPermissionMiddleware(s, "repo:delete")).Delete("/delete", s.DeleteRepo)
200					r.Put("/branches/default", s.SetDefaultBranch)
201				})
202			})
203		})
204	})
205
206	r.NotFound(func(w http.ResponseWriter, r *http.Request) {
207		s.pages.Error404(w)
208	})
209
210	return r
211}
212
213func (s *State) StandardRouter() http.Handler {
214	r := chi.NewRouter()
215
216	r.Handle("/static/*", s.pages.Static())
217
218	r.Get("/", s.Timeline)
219
220	r.With(middleware.AuthMiddleware(s.oauth)).Post("/logout", s.Logout)
221
222	r.Route("/knots", func(r chi.Router) {
223		r.Use(middleware.AuthMiddleware(s.oauth))
224		r.Get("/", s.Knots)
225		r.Post("/key", s.RegistrationKey)
226
227		r.Route("/{domain}", func(r chi.Router) {
228			r.Post("/init", s.InitKnotServer)
229			r.Get("/", s.KnotServerInfo)
230			r.Route("/member", func(r chi.Router) {
231				r.Use(KnotOwner(s))
232				r.Get("/", s.ListMembers)
233				r.Put("/", s.AddMember)
234				r.Delete("/", s.RemoveMember)
235			})
236		})
237	})
238
239	r.Route("/repo", func(r chi.Router) {
240		r.Route("/new", func(r chi.Router) {
241			r.Use(middleware.AuthMiddleware(s.oauth))
242			r.Get("/", s.NewRepo)
243			r.Post("/", s.NewRepo)
244		})
245		// r.Post("/import", s.ImportRepo)
246	})
247
248	r.With(middleware.AuthMiddleware(s.oauth)).Route("/follow", func(r chi.Router) {
249		r.Post("/", s.Follow)
250		r.Delete("/", s.Follow)
251	})
252
253	r.With(middleware.AuthMiddleware(s.oauth)).Route("/star", func(r chi.Router) {
254		r.Post("/", s.Star)
255		r.Delete("/", s.Star)
256	})
257
258	r.Route("/profile", func(r chi.Router) {
259		r.Use(middleware.AuthMiddleware(s.oauth))
260		r.Get("/edit-bio", s.EditBioFragment)
261		r.Get("/edit-pins", s.EditPinsFragment)
262		r.Post("/bio", s.UpdateProfileBio)
263		r.Post("/pins", s.UpdateProfilePins)
264	})
265
266	r.Mount("/settings", s.SettingsRouter())
267	r.Mount("/", s.OAuthRouter())
268	r.Get("/keys/{user}", s.Keys)
269
270	r.NotFound(func(w http.ResponseWriter, r *http.Request) {
271		s.pages.Error404(w)
272	})
273	return r
274}
275
276func (s *State) OAuthRouter() http.Handler {
277	oauth := &oauthhandler.OAuthHandler{
278		Config:   s.config,
279		Pages:    s.pages,
280		Resolver: s.resolver,
281		Db:       s.db,
282		Store:    sessions.NewCookieStore([]byte(s.config.Core.CookieSecret)),
283		OAuth:    s.oauth,
284		Enforcer: s.enforcer,
285		Posthog:  s.posthog,
286	}
287
288	return oauth.Router()
289}
290
291func (s *State) SettingsRouter() http.Handler {
292	settings := &settings.Settings{
293		Db:     s.db,
294		OAuth:  s.oauth,
295		Pages:  s.pages,
296		Config: s.config,
297	}
298
299	return settings.Router()
300}