appview/state/state.go at cdb24e2e7c311f9cb37f51e03ba1f4b89ec7ea88 · tangled.org/core

tangled.org / core
this repo has no description
core / appview / state / state.go
at cdb24e2e7c311f9cb37f51e03ba1f4b89ec7ea88 14 kB view raw
  1package state
  2
  3import (
  4	"context"
  5	"database/sql"
  6	"errors"
  7	"fmt"
  8	"log"
  9	"log/slog"
 10	"net/http"
 11	"strings"
 12	"time"
 13
 14	comatproto "github.com/bluesky-social/indigo/api/atproto"
 15	"github.com/bluesky-social/indigo/atproto/syntax"
 16	lexutil "github.com/bluesky-social/indigo/lex/util"
 17	securejoin "github.com/cyphar/filepath-securejoin"
 18	"github.com/go-chi/chi/v5"
 19	"github.com/posthog/posthog-go"
 20	"tangled.sh/tangled.sh/core/api/tangled"
 21	"tangled.sh/tangled.sh/core/appview"
 22	"tangled.sh/tangled.sh/core/appview/cache"
 23	"tangled.sh/tangled.sh/core/appview/cache/session"
 24	"tangled.sh/tangled.sh/core/appview/config"
 25	"tangled.sh/tangled.sh/core/appview/db"
 26	"tangled.sh/tangled.sh/core/appview/notify"
 27	"tangled.sh/tangled.sh/core/appview/oauth"
 28	"tangled.sh/tangled.sh/core/appview/pages"
 29	posthogService "tangled.sh/tangled.sh/core/appview/posthog"
 30	"tangled.sh/tangled.sh/core/appview/reporesolver"
 31	xrpcclient "tangled.sh/tangled.sh/core/appview/xrpcclient"
 32	"tangled.sh/tangled.sh/core/eventconsumer"
 33	"tangled.sh/tangled.sh/core/idresolver"
 34	"tangled.sh/tangled.sh/core/jetstream"
 35	tlog "tangled.sh/tangled.sh/core/log"
 36	"tangled.sh/tangled.sh/core/rbac"
 37	"tangled.sh/tangled.sh/core/tid"
 38	// xrpcerr "tangled.sh/tangled.sh/core/xrpc/errors"
 39)
 40
 41type State struct {
 42	db            *db.DB
 43	notifier      notify.Notifier
 44	oauth         *oauth.OAuth
 45	enforcer      *rbac.Enforcer
 46	pages         *pages.Pages
 47	sess          *session.SessionStore
 48	idResolver    *idresolver.Resolver
 49	posthog       posthog.Client
 50	jc            *jetstream.JetstreamClient
 51	config        *config.Config
 52	repoResolver  *reporesolver.RepoResolver
 53	knotstream    *eventconsumer.Consumer
 54	spindlestream *eventconsumer.Consumer
 55	logger        *slog.Logger
 56}
 57
 58func Make(ctx context.Context, config *config.Config) (*State, error) {
 59	d, err := db.Make(config.Core.DbPath)
 60	if err != nil {
 61		return nil, fmt.Errorf("failed to create db: %w", err)
 62	}
 63
 64	enforcer, err := rbac.NewEnforcer(config.Core.DbPath)
 65	if err != nil {
 66		return nil, fmt.Errorf("failed to create enforcer: %w", err)
 67	}
 68
 69	res, err := idresolver.RedisResolver(config.Redis.ToURL())
 70	if err != nil {
 71		log.Printf("failed to create redis resolver: %v", err)
 72		res = idresolver.DefaultResolver()
 73	}
 74
 75	pgs := pages.NewPages(config, res)
 76
 77	cache := cache.New(config.Redis.Addr)
 78	sess := session.New(cache)
 79
 80	oauth := oauth.NewOAuth(config, sess)
 81
 82	posthog, err := posthog.NewWithConfig(config.Posthog.ApiKey, posthog.Config{Endpoint: config.Posthog.Endpoint})
 83	if err != nil {
 84		return nil, fmt.Errorf("failed to create posthog client: %w", err)
 85	}
 86
 87	repoResolver := reporesolver.New(config, enforcer, res, d)
 88
 89	wrapper := db.DbWrapper{d}
 90	jc, err := jetstream.NewJetstreamClient(
 91		config.Jetstream.Endpoint,
 92		"appview",
 93		[]string{
 94			tangled.GraphFollowNSID,
 95			tangled.FeedStarNSID,
 96			tangled.PublicKeyNSID,
 97			tangled.RepoArtifactNSID,
 98			tangled.ActorProfileNSID,
 99			tangled.SpindleMemberNSID,
100			tangled.SpindleNSID,
101			tangled.StringNSID,
102			tangled.RepoIssueNSID,
103			tangled.RepoIssueCommentNSID,
104		},
105		nil,
106		slog.Default(),
107		wrapper,
108		false,
109
110		// in-memory filter is inapplicalble to appview so
111		// we'll never log dids anyway.
112		false,
113	)
114	if err != nil {
115		return nil, fmt.Errorf("failed to create jetstream client: %w", err)
116	}
117
118	ingester := appview.Ingester{
119		Db:         wrapper,
120		Enforcer:   enforcer,
121		IdResolver: res,
122		Config:     config,
123		Logger:     tlog.New("ingester"),
124	}
125	err = jc.StartJetstream(ctx, ingester.Ingest())
126	if err != nil {
127		return nil, fmt.Errorf("failed to start jetstream watcher: %w", err)
128	}
129
130	knotstream, err := Knotstream(ctx, config, d, enforcer, posthog)
131	if err != nil {
132		return nil, fmt.Errorf("failed to start knotstream consumer: %w", err)
133	}
134	knotstream.Start(ctx)
135
136	spindlestream, err := Spindlestream(ctx, config, d, enforcer)
137	if err != nil {
138		return nil, fmt.Errorf("failed to start spindlestream consumer: %w", err)
139	}
140	spindlestream.Start(ctx)
141
142	var notifiers []notify.Notifier
143	if !config.Core.Dev {
144		notifiers = append(notifiers, posthogService.NewPosthogNotifier(posthog))
145	}
146	notifier := notify.NewMergedNotifier(notifiers...)
147
148	state := &State{
149		d,
150		notifier,
151		oauth,
152		enforcer,
153		pgs,
154		sess,
155		res,
156		posthog,
157		jc,
158		config,
159		repoResolver,
160		knotstream,
161		spindlestream,
162		slog.Default(),
163	}
164
165	return state, nil
166}
167
168func (s *State) Favicon(w http.ResponseWriter, r *http.Request) {
169	w.Header().Set("Content-Type", "image/svg+xml")
170	w.Header().Set("Cache-Control", "public, max-age=31536000") // one year
171	w.Header().Set("ETag", `"favicon-svg-v1"`)
172
173	if match := r.Header.Get("If-None-Match"); match == `"favicon-svg-v1"` {
174		w.WriteHeader(http.StatusNotModified)
175		return
176	}
177
178	s.pages.Favicon(w)
179}
180
181func (s *State) TermsOfService(w http.ResponseWriter, r *http.Request) {
182	user := s.oauth.GetUser(r)
183	s.pages.TermsOfService(w, pages.TermsOfServiceParams{
184		LoggedInUser: user,
185	})
186}
187
188func (s *State) PrivacyPolicy(w http.ResponseWriter, r *http.Request) {
189	user := s.oauth.GetUser(r)
190	s.pages.PrivacyPolicy(w, pages.PrivacyPolicyParams{
191		LoggedInUser: user,
192	})
193}
194
195func (s *State) HomeOrTimeline(w http.ResponseWriter, r *http.Request) {
196	if s.oauth.GetUser(r) != nil {
197		s.Timeline(w, r)
198		return
199	}
200	s.Home(w, r)
201}
202
203func (s *State) Timeline(w http.ResponseWriter, r *http.Request) {
204	user := s.oauth.GetUser(r)
205
206	timeline, err := db.MakeTimeline(s.db, 50)
207	if err != nil {
208		log.Println(err)
209		s.pages.Notice(w, "timeline", "Uh oh! Failed to load timeline.")
210	}
211
212	repos, err := db.GetTopStarredReposLastWeek(s.db)
213	if err != nil {
214		log.Println(err)
215		s.pages.Notice(w, "topstarredrepos", "Unable to load.")
216		return
217	}
218
219	s.pages.Timeline(w, pages.TimelineParams{
220		LoggedInUser: user,
221		Timeline:     timeline,
222		Repos:        repos,
223	})
224}
225
226func (s *State) Home(w http.ResponseWriter, r *http.Request) {
227	timeline, err := db.MakeTimeline(s.db, 5)
228	if err != nil {
229		log.Println(err)
230		s.pages.Notice(w, "timeline", "Uh oh! Failed to load timeline.")
231		return
232	}
233
234	repos, err := db.GetTopStarredReposLastWeek(s.db)
235	if err != nil {
236		log.Println(err)
237		s.pages.Notice(w, "topstarredrepos", "Unable to load.")
238		return
239	}
240
241	s.pages.Home(w, pages.TimelineParams{
242		LoggedInUser: nil,
243		Timeline:     timeline,
244		Repos:        repos,
245	})
246}
247
248func (s *State) Keys(w http.ResponseWriter, r *http.Request) {
249	user := chi.URLParam(r, "user")
250	user = strings.TrimPrefix(user, "@")
251
252	if user == "" {
253		w.WriteHeader(http.StatusBadRequest)
254		return
255	}
256
257	id, err := s.idResolver.ResolveIdent(r.Context(), user)
258	if err != nil {
259		w.WriteHeader(http.StatusInternalServerError)
260		return
261	}
262
263	pubKeys, err := db.GetPublicKeysForDid(s.db, id.DID.String())
264	if err != nil {
265		w.WriteHeader(http.StatusNotFound)
266		return
267	}
268
269	if len(pubKeys) == 0 {
270		w.WriteHeader(http.StatusNotFound)
271		return
272	}
273
274	for _, k := range pubKeys {
275		key := strings.TrimRight(k.Key, "\n")
276		w.Write([]byte(fmt.Sprintln(key)))
277	}
278}
279
280func validateRepoName(name string) error {
281	// check for path traversal attempts
282	if name == "." || name == ".." ||
283		strings.Contains(name, "/") || strings.Contains(name, "\\") {
284		return fmt.Errorf("Repository name contains invalid path characters")
285	}
286
287	// check for sequences that could be used for traversal when normalized
288	if strings.Contains(name, "./") || strings.Contains(name, "../") ||
289		strings.HasPrefix(name, ".") || strings.HasSuffix(name, ".") {
290		return fmt.Errorf("Repository name contains invalid path sequence")
291	}
292
293	// then continue with character validation
294	for _, char := range name {
295		if !((char >= 'a' && char <= 'z') ||
296			(char >= 'A' && char <= 'Z') ||
297			(char >= '0' && char <= '9') ||
298			char == '-' || char == '_' || char == '.') {
299			return fmt.Errorf("Repository name can only contain alphanumeric characters, periods, hyphens, and underscores")
300		}
301	}
302
303	// additional check to prevent multiple sequential dots
304	if strings.Contains(name, "..") {
305		return fmt.Errorf("Repository name cannot contain sequential dots")
306	}
307
308	// if all checks pass
309	return nil
310}
311
312func stripGitExt(name string) string {
313	return strings.TrimSuffix(name, ".git")
314}
315
316func (s *State) NewRepo(w http.ResponseWriter, r *http.Request) {
317	switch r.Method {
318	case http.MethodGet:
319		user := s.oauth.GetUser(r)
320		knots, err := s.enforcer.GetKnotsForUser(user.Did)
321		if err != nil {
322			s.pages.Notice(w, "repo", "Invalid user account.")
323			return
324		}
325
326		s.pages.NewRepo(w, pages.NewRepoParams{
327			LoggedInUser: user,
328			Knots:        knots,
329		})
330
331	case http.MethodPost:
332		l := s.logger.With("handler", "NewRepo")
333
334		user := s.oauth.GetUser(r)
335		l = l.With("did", user.Did)
336		l = l.With("handle", user.Handle)
337
338		// form validation
339		domain := r.FormValue("domain")
340		if domain == "" {
341			s.pages.Notice(w, "repo", "Invalid form submission&mdash;missing knot domain.")
342			return
343		}
344		l = l.With("knot", domain)
345
346		repoName := r.FormValue("name")
347		if repoName == "" {
348			s.pages.Notice(w, "repo", "Repository name cannot be empty.")
349			return
350		}
351
352		if err := validateRepoName(repoName); err != nil {
353			s.pages.Notice(w, "repo", err.Error())
354			return
355		}
356		repoName = stripGitExt(repoName)
357		l = l.With("repoName", repoName)
358
359		defaultBranch := r.FormValue("branch")
360		if defaultBranch == "" {
361			defaultBranch = "main"
362		}
363		l = l.With("defaultBranch", defaultBranch)
364
365		description := r.FormValue("description")
366
367		// ACL validation
368		ok, err := s.enforcer.E.Enforce(user.Did, domain, domain, "repo:create")
369		if err != nil || !ok {
370			l.Info("unauthorized")
371			s.pages.Notice(w, "repo", "You do not have permission to create a repo in this knot.")
372			return
373		}
374
375		// Check for existing repos
376		existingRepo, err := db.GetRepo(s.db, user.Did, repoName)
377		if err == nil && existingRepo != nil {
378			l.Info("repo exists")
379			s.pages.Notice(w, "repo", fmt.Sprintf("You already have a repository by this name on %s", existingRepo.Knot))
380			return
381		}
382
383		// create atproto record for this repo
384		rkey := tid.TID()
385		repo := &db.Repo{
386			Did:         user.Did,
387			Name:        repoName,
388			Knot:        domain,
389			Rkey:        rkey,
390			Description: description,
391		}
392
393		xrpcClient, err := s.oauth.AuthorizedClient(r)
394		if err != nil {
395			l.Info("PDS write failed", "err", err)
396			s.pages.Notice(w, "repo", "Failed to write record to PDS.")
397			return
398		}
399
400		createdAt := time.Now().Format(time.RFC3339)
401		atresp, err := xrpcClient.RepoPutRecord(r.Context(), &comatproto.RepoPutRecord_Input{
402			Collection: tangled.RepoNSID,
403			Repo:       user.Did,
404			Rkey:       rkey,
405			Record: &lexutil.LexiconTypeDecoder{
406				Val: &tangled.Repo{
407					Knot:      repo.Knot,
408					Name:      repoName,
409					CreatedAt: createdAt,
410					Owner:     user.Did,
411				}},
412		})
413		if err != nil {
414			l.Info("PDS write failed", "err", err)
415			s.pages.Notice(w, "repo", "Failed to announce repository creation.")
416			return
417		}
418
419		aturi := atresp.Uri
420		l = l.With("aturi", aturi)
421		l.Info("wrote to PDS")
422
423		tx, err := s.db.BeginTx(r.Context(), nil)
424		if err != nil {
425			l.Info("txn failed", "err", err)
426			s.pages.Notice(w, "repo", "Failed to save repository information.")
427			return
428		}
429
430		// The rollback function reverts a few things on failure:
431		// - the pending txn
432		// - the ACLs
433		// - the atproto record created
434		rollback := func() {
435			err1 := tx.Rollback()
436			err2 := s.enforcer.E.LoadPolicy()
437			err3 := rollbackRecord(context.Background(), aturi, xrpcClient)
438
439			// ignore txn complete errors, this is okay
440			if errors.Is(err1, sql.ErrTxDone) {
441				err1 = nil
442			}
443
444			if errs := errors.Join(err1, err2, err3); errs != nil {
445				l.Error("failed to rollback changes", "errs", errs)
446				return
447			}
448		}
449		defer rollback()
450
451		client, err := s.oauth.ServiceClient(
452			r,
453			oauth.WithService(domain),
454			oauth.WithLxm(tangled.RepoCreateNSID),
455			oauth.WithDev(s.config.Core.Dev),
456		)
457		if err != nil {
458			l.Error("service auth failed", "err", err)
459			s.pages.Notice(w, "repo", "Failed to reach PDS.")
460			return
461		}
462
463		xe := tangled.RepoCreate(
464			r.Context(),
465			client,
466			&tangled.RepoCreate_Input{
467				Rkey: rkey,
468			},
469		)
470		if err := xrpcclient.HandleXrpcErr(xe); err != nil {
471			l.Error("xrpc error", "xe", xe)
472			s.pages.Notice(w, "repo", err.Error())
473			return
474		}
475
476		err = db.AddRepo(tx, repo)
477		if err != nil {
478			l.Error("db write failed", "err", err)
479			s.pages.Notice(w, "repo", "Failed to save repository information.")
480			return
481		}
482
483		// acls
484		p, _ := securejoin.SecureJoin(user.Did, repoName)
485		err = s.enforcer.AddRepo(user.Did, domain, p)
486		if err != nil {
487			l.Error("acl setup failed", "err", err)
488			s.pages.Notice(w, "repo", "Failed to set up repository permissions.")
489			return
490		}
491
492		err = tx.Commit()
493		if err != nil {
494			l.Error("txn commit failed", "err", err)
495			http.Error(w, err.Error(), http.StatusInternalServerError)
496			return
497		}
498
499		err = s.enforcer.E.SavePolicy()
500		if err != nil {
501			l.Error("acl save failed", "err", err)
502			http.Error(w, err.Error(), http.StatusInternalServerError)
503			return
504		}
505
506		// reset the ATURI because the transaction completed successfully
507		aturi = ""
508
509		s.notifier.NewRepo(r.Context(), repo)
510		s.pages.HxLocation(w, fmt.Sprintf("/@%s/%s", user.Handle, repoName))
511	}
512}
513
514// this is used to rollback changes made to the PDS
515//
516// it is a no-op if the provided ATURI is empty
517func rollbackRecord(ctx context.Context, aturi string, xrpcc *xrpcclient.Client) error {
518	if aturi == "" {
519		return nil
520	}
521
522	parsed := syntax.ATURI(aturi)
523
524	collection := parsed.Collection().String()
525	repo := parsed.Authority().String()
526	rkey := parsed.RecordKey().String()
527
528	_, err := xrpcc.RepoDeleteRecord(ctx, &comatproto.RepoDeleteRecord_Input{
529		Collection: collection,
530		Repo:       repo,
531		Rkey:       rkey,
532	})
533	return err
534}