appview/spindles/spindles.go at push-nozqtwvsrvkx · tangled.org/core

tangled.org / core
this repo has no description
core / appview / spindles / spindles.go
at push-nozqtwvsrvkx 17 kB view raw
  1package spindles
  2
  3import (
  4	"errors"
  5	"fmt"
  6	"log/slog"
  7	"net/http"
  8	"slices"
  9	"time"
 10
 11	"github.com/go-chi/chi/v5"
 12	"tangled.sh/tangled.sh/core/api/tangled"
 13	"tangled.sh/tangled.sh/core/appview/config"
 14	"tangled.sh/tangled.sh/core/appview/db"
 15	"tangled.sh/tangled.sh/core/appview/middleware"
 16	"tangled.sh/tangled.sh/core/appview/oauth"
 17	"tangled.sh/tangled.sh/core/appview/pages"
 18	verify "tangled.sh/tangled.sh/core/appview/spindleverify"
 19	"tangled.sh/tangled.sh/core/idresolver"
 20	"tangled.sh/tangled.sh/core/rbac"
 21	"tangled.sh/tangled.sh/core/tid"
 22
 23	comatproto "github.com/bluesky-social/indigo/api/atproto"
 24	"github.com/bluesky-social/indigo/atproto/syntax"
 25	lexutil "github.com/bluesky-social/indigo/lex/util"
 26)
 27
 28type Spindles struct {
 29	Db         *db.DB
 30	OAuth      *oauth.OAuth
 31	Pages      *pages.Pages
 32	Config     *config.Config
 33	Enforcer   *rbac.Enforcer
 34	IdResolver *idresolver.Resolver
 35	Logger     *slog.Logger
 36}
 37
 38func (s *Spindles) Router() http.Handler {
 39	r := chi.NewRouter()
 40
 41	r.With(middleware.AuthMiddleware(s.OAuth)).Get("/", s.spindles)
 42	r.With(middleware.AuthMiddleware(s.OAuth)).Post("/register", s.register)
 43
 44	r.With(middleware.AuthMiddleware(s.OAuth)).Get("/{instance}", s.dashboard)
 45	r.With(middleware.AuthMiddleware(s.OAuth)).Delete("/{instance}", s.delete)
 46
 47	r.With(middleware.AuthMiddleware(s.OAuth)).Post("/{instance}/retry", s.retry)
 48	r.With(middleware.AuthMiddleware(s.OAuth)).Post("/{instance}/add", s.addMember)
 49	r.With(middleware.AuthMiddleware(s.OAuth)).Post("/{instance}/remove", s.removeMember)
 50
 51	return r
 52}
 53
 54func (s *Spindles) spindles(w http.ResponseWriter, r *http.Request) {
 55	user := s.OAuth.GetUser(r)
 56	all, err := db.GetSpindles(
 57		s.Db,
 58		db.FilterEq("owner", user.Did),
 59	)
 60	if err != nil {
 61		s.Logger.Error("failed to fetch spindles", "err", err)
 62		w.WriteHeader(http.StatusInternalServerError)
 63		return
 64	}
 65
 66	s.Pages.Spindles(w, pages.SpindlesParams{
 67		LoggedInUser: user,
 68		Spindles:     all,
 69	})
 70}
 71
 72func (s *Spindles) dashboard(w http.ResponseWriter, r *http.Request) {
 73	l := s.Logger.With("handler", "dashboard")
 74
 75	user := s.OAuth.GetUser(r)
 76	l = l.With("user", user.Did)
 77
 78	instance := chi.URLParam(r, "instance")
 79	if instance == "" {
 80		return
 81	}
 82	l = l.With("instance", instance)
 83
 84	spindles, err := db.GetSpindles(
 85		s.Db,
 86		db.FilterEq("instance", instance),
 87		db.FilterEq("owner", user.Did),
 88		db.FilterIsNot("verified", "null"),
 89	)
 90	if err != nil || len(spindles) != 1 {
 91		l.Error("failed to get spindle", "err", err, "len(spindles)", len(spindles))
 92		http.Error(w, "Not found", http.StatusNotFound)
 93		return
 94	}
 95
 96	spindle := spindles[0]
 97	members, err := s.Enforcer.GetSpindleUsersByRole("server:member", spindle.Instance)
 98	if err != nil {
 99		l.Error("failed to get spindle members", "err", err)
100		http.Error(w, "Not found", http.StatusInternalServerError)
101		return
102	}
103	slices.Sort(members)
104
105	repos, err := db.GetRepos(
106		s.Db,
107		0,
108		db.FilterEq("spindle", instance),
109	)
110	if err != nil {
111		l.Error("failed to get spindle repos", "err", err)
112		http.Error(w, "Not found", http.StatusInternalServerError)
113		return
114	}
115
116	identsToResolve := make([]string, len(members))
117	copy(identsToResolve, members)
118	resolvedIds := s.IdResolver.ResolveIdents(r.Context(), identsToResolve)
119	didHandleMap := make(map[string]string)
120	for _, identity := range resolvedIds {
121		if !identity.Handle.IsInvalidHandle() {
122			didHandleMap[identity.DID.String()] = fmt.Sprintf("@%s", identity.Handle.String())
123		} else {
124			didHandleMap[identity.DID.String()] = identity.DID.String()
125		}
126	}
127
128	// organize repos by did
129	repoMap := make(map[string][]db.Repo)
130	for _, r := range repos {
131		repoMap[r.Did] = append(repoMap[r.Did], r)
132	}
133
134	s.Pages.SpindleDashboard(w, pages.SpindleDashboardParams{
135		LoggedInUser: user,
136		Spindle:      spindle,
137		Members:      members,
138		Repos:        repoMap,
139		DidHandleMap: didHandleMap,
140	})
141}
142
143// this endpoint inserts a record on behalf of the user to register that domain
144//
145// when registered, it also makes a request to see if the spindle declares this users as its owner,
146// and if so, marks the spindle as verified.
147//
148// if the spindle is not up yet, the user is free to retry verification at a later point
149func (s *Spindles) register(w http.ResponseWriter, r *http.Request) {
150	user := s.OAuth.GetUser(r)
151	l := s.Logger.With("handler", "register")
152
153	noticeId := "register-error"
154	defaultErr := "Failed to register spindle. Try again later."
155	fail := func() {
156		s.Pages.Notice(w, noticeId, defaultErr)
157	}
158
159	instance := r.FormValue("instance")
160	if instance == "" {
161		s.Pages.Notice(w, noticeId, "Incomplete form.")
162		return
163	}
164	l = l.With("instance", instance)
165	l = l.With("user", user.Did)
166
167	tx, err := s.Db.Begin()
168	if err != nil {
169		l.Error("failed to start transaction", "err", err)
170		fail()
171		return
172	}
173	defer func() {
174		tx.Rollback()
175		s.Enforcer.E.LoadPolicy()
176	}()
177
178	err = db.AddSpindle(tx, db.Spindle{
179		Owner:    syntax.DID(user.Did),
180		Instance: instance,
181	})
182	if err != nil {
183		l.Error("failed to insert", "err", err)
184		fail()
185		return
186	}
187
188	err = s.Enforcer.AddSpindle(instance)
189	if err != nil {
190		l.Error("failed to create spindle", "err", err)
191		fail()
192		return
193	}
194
195	// create record on pds
196	client, err := s.OAuth.AuthorizedClient(r)
197	if err != nil {
198		l.Error("failed to authorize client", "err", err)
199		fail()
200		return
201	}
202
203	ex, _ := client.RepoGetRecord(r.Context(), "", tangled.SpindleNSID, user.Did, instance)
204	var exCid *string
205	if ex != nil {
206		exCid = ex.Cid
207	}
208
209	// re-announce by registering under same rkey
210	_, err = client.RepoPutRecord(r.Context(), &comatproto.RepoPutRecord_Input{
211		Collection: tangled.SpindleNSID,
212		Repo:       user.Did,
213		Rkey:       instance,
214		Record: &lexutil.LexiconTypeDecoder{
215			Val: &tangled.Spindle{
216				CreatedAt: time.Now().Format(time.RFC3339),
217			},
218		},
219		SwapRecord: exCid,
220	})
221
222	if err != nil {
223		l.Error("failed to put record", "err", err)
224		fail()
225		return
226	}
227
228	err = tx.Commit()
229	if err != nil {
230		l.Error("failed to commit transaction", "err", err)
231		fail()
232		return
233	}
234
235	err = s.Enforcer.E.SavePolicy()
236	if err != nil {
237		l.Error("failed to update ACL", "err", err)
238		s.Pages.HxRefresh(w)
239		return
240	}
241
242	// begin verification
243	err = verify.RunVerification(r.Context(), instance, user.Did, s.Config.Core.Dev)
244	if err != nil {
245		l.Error("verification failed", "err", err)
246		s.Pages.HxRefresh(w)
247		return
248	}
249
250	_, err = verify.MarkVerified(s.Db, s.Enforcer, instance, user.Did)
251	if err != nil {
252		l.Error("failed to mark verified", "err", err)
253		s.Pages.HxRefresh(w)
254		return
255	}
256
257	// ok
258	s.Pages.HxRefresh(w)
259}
260
261func (s *Spindles) delete(w http.ResponseWriter, r *http.Request) {
262	user := s.OAuth.GetUser(r)
263	l := s.Logger.With("handler", "delete")
264
265	noticeId := "operation-error"
266	defaultErr := "Failed to delete spindle. Try again later."
267	fail := func() {
268		s.Pages.Notice(w, noticeId, defaultErr)
269	}
270
271	instance := chi.URLParam(r, "instance")
272	if instance == "" {
273		l.Error("empty instance")
274		fail()
275		return
276	}
277
278	spindles, err := db.GetSpindles(
279		s.Db,
280		db.FilterEq("owner", user.Did),
281		db.FilterEq("instance", instance),
282	)
283	if err != nil || len(spindles) != 1 {
284		l.Error("failed to retrieve instance", "err", err, "len(spindles)", len(spindles))
285		fail()
286		return
287	}
288
289	if string(spindles[0].Owner) != user.Did {
290		l.Error("unauthorized", "user", user.Did, "owner", spindles[0].Owner)
291		s.Pages.Notice(w, noticeId, "Failed to delete spindle, unauthorized deletion attempt.")
292		return
293	}
294
295	tx, err := s.Db.Begin()
296	if err != nil {
297		l.Error("failed to start txn", "err", err)
298		fail()
299		return
300	}
301	defer func() {
302		tx.Rollback()
303		s.Enforcer.E.LoadPolicy()
304	}()
305
306	err = db.DeleteSpindle(
307		tx,
308		db.FilterEq("owner", user.Did),
309		db.FilterEq("instance", instance),
310	)
311	if err != nil {
312		l.Error("failed to delete spindle", "err", err)
313		fail()
314		return
315	}
316
317	// delete from enforcer
318	if spindles[0].Verified != nil {
319		err = s.Enforcer.RemoveSpindle(instance)
320		if err != nil {
321			l.Error("failed to update ACL", "err", err)
322			fail()
323			return
324		}
325	}
326
327	client, err := s.OAuth.AuthorizedClient(r)
328	if err != nil {
329		l.Error("failed to authorize client", "err", err)
330		fail()
331		return
332	}
333
334	_, err = client.RepoDeleteRecord(r.Context(), &comatproto.RepoDeleteRecord_Input{
335		Collection: tangled.SpindleNSID,
336		Repo:       user.Did,
337		Rkey:       instance,
338	})
339	if err != nil {
340		// non-fatal
341		l.Error("failed to delete record", "err", err)
342	}
343
344	err = tx.Commit()
345	if err != nil {
346		l.Error("failed to delete spindle", "err", err)
347		fail()
348		return
349	}
350
351	err = s.Enforcer.E.SavePolicy()
352	if err != nil {
353		l.Error("failed to update ACL", "err", err)
354		s.Pages.HxRefresh(w)
355		return
356	}
357
358	shouldRedirect := r.Header.Get("shouldRedirect")
359	if shouldRedirect == "true" {
360		s.Pages.HxRedirect(w, "/spindles")
361		return
362	}
363
364	w.Write([]byte{})
365}
366
367func (s *Spindles) retry(w http.ResponseWriter, r *http.Request) {
368	user := s.OAuth.GetUser(r)
369	l := s.Logger.With("handler", "retry")
370
371	noticeId := "operation-error"
372	defaultErr := "Failed to verify spindle. Try again later."
373	fail := func() {
374		s.Pages.Notice(w, noticeId, defaultErr)
375	}
376
377	instance := chi.URLParam(r, "instance")
378	if instance == "" {
379		l.Error("empty instance")
380		fail()
381		return
382	}
383	l = l.With("instance", instance)
384	l = l.With("user", user.Did)
385
386	spindles, err := db.GetSpindles(
387		s.Db,
388		db.FilterEq("owner", user.Did),
389		db.FilterEq("instance", instance),
390	)
391	if err != nil || len(spindles) != 1 {
392		l.Error("failed to retrieve instance", "err", err, "len(spindles)", len(spindles))
393		fail()
394		return
395	}
396
397	if string(spindles[0].Owner) != user.Did {
398		l.Error("unauthorized", "user", user.Did, "owner", spindles[0].Owner)
399		s.Pages.Notice(w, noticeId, "Failed to verify spindle, unauthorized verification attempt.")
400		return
401	}
402
403	// begin verification
404	err = verify.RunVerification(r.Context(), instance, user.Did, s.Config.Core.Dev)
405	if err != nil {
406		l.Error("verification failed", "err", err)
407
408		if errors.Is(err, verify.FetchError) {
409			s.Pages.Notice(w, noticeId, err.Error())
410			return
411		}
412
413		if e, ok := err.(*verify.OwnerMismatch); ok {
414			s.Pages.Notice(w, noticeId, e.Error())
415			return
416		}
417
418		fail()
419		return
420	}
421
422	rowId, err := verify.MarkVerified(s.Db, s.Enforcer, instance, user.Did)
423	if err != nil {
424		l.Error("failed to mark verified", "err", err)
425		s.Pages.Notice(w, noticeId, err.Error())
426		return
427	}
428
429	verifiedSpindle, err := db.GetSpindles(
430		s.Db,
431		db.FilterEq("id", rowId),
432	)
433	if err != nil || len(verifiedSpindle) != 1 {
434		l.Error("failed get new spindle", "err", err)
435		s.Pages.HxRefresh(w)
436		return
437	}
438
439	shouldRefresh := r.Header.Get("shouldRefresh")
440	if shouldRefresh == "true" {
441		s.Pages.HxRefresh(w)
442		return
443	}
444
445	w.Header().Set("HX-Reswap", "outerHTML")
446	s.Pages.SpindleListing(w, pages.SpindleListingParams{verifiedSpindle[0]})
447}
448
449func (s *Spindles) addMember(w http.ResponseWriter, r *http.Request) {
450	user := s.OAuth.GetUser(r)
451	l := s.Logger.With("handler", "addMember")
452
453	instance := chi.URLParam(r, "instance")
454	if instance == "" {
455		l.Error("empty instance")
456		http.Error(w, "Not found", http.StatusNotFound)
457		return
458	}
459	l = l.With("instance", instance)
460	l = l.With("user", user.Did)
461
462	spindles, err := db.GetSpindles(
463		s.Db,
464		db.FilterEq("owner", user.Did),
465		db.FilterEq("instance", instance),
466	)
467	if err != nil || len(spindles) != 1 {
468		l.Error("failed to retrieve instance", "err", err, "len(spindles)", len(spindles))
469		http.Error(w, "Not found", http.StatusNotFound)
470		return
471	}
472
473	noticeId := fmt.Sprintf("add-member-error-%d", spindles[0].Id)
474	defaultErr := "Failed to add member. Try again later."
475	fail := func() {
476		s.Pages.Notice(w, noticeId, defaultErr)
477	}
478
479	if string(spindles[0].Owner) != user.Did {
480		l.Error("unauthorized", "user", user.Did, "owner", spindles[0].Owner)
481		s.Pages.Notice(w, noticeId, "Failed to add member, unauthorized attempt.")
482		return
483	}
484
485	member := r.FormValue("member")
486	if member == "" {
487		l.Error("empty member")
488		s.Pages.Notice(w, noticeId, "Failed to add member, empty form.")
489		return
490	}
491	l = l.With("member", member)
492
493	memberId, err := s.IdResolver.ResolveIdent(r.Context(), member)
494	if err != nil {
495		l.Error("failed to resolve member identity to handle", "err", err)
496		s.Pages.Notice(w, noticeId, "Failed to add member, identity resolution failed.")
497		return
498	}
499	if memberId.Handle.IsInvalidHandle() {
500		l.Error("failed to resolve member identity to handle")
501		s.Pages.Notice(w, noticeId, "Failed to add member, identity resolution failed.")
502		return
503	}
504
505	// write to pds
506	client, err := s.OAuth.AuthorizedClient(r)
507	if err != nil {
508		l.Error("failed to authorize client", "err", err)
509		fail()
510		return
511	}
512
513	tx, err := s.Db.Begin()
514	if err != nil {
515		l.Error("failed to start txn", "err", err)
516		fail()
517		return
518	}
519	defer func() {
520		tx.Rollback()
521		s.Enforcer.E.LoadPolicy()
522	}()
523
524	rkey := tid.TID()
525
526	// add member to db
527	if err = db.AddSpindleMember(tx, db.SpindleMember{
528		Did:      syntax.DID(user.Did),
529		Rkey:     rkey,
530		Instance: instance,
531		Subject:  memberId.DID,
532	}); err != nil {
533		l.Error("failed to add spindle member", "err", err)
534		fail()
535		return
536	}
537
538	if err = s.Enforcer.AddSpindleMember(instance, memberId.DID.String()); err != nil {
539		l.Error("failed to add member to ACLs")
540		fail()
541		return
542	}
543
544	_, err = client.RepoPutRecord(r.Context(), &comatproto.RepoPutRecord_Input{
545		Collection: tangled.SpindleMemberNSID,
546		Repo:       user.Did,
547		Rkey:       rkey,
548		Record: &lexutil.LexiconTypeDecoder{
549			Val: &tangled.SpindleMember{
550				CreatedAt: time.Now().Format(time.RFC3339),
551				Instance:  instance,
552				Subject:   memberId.DID.String(),
553			},
554		},
555	})
556	if err != nil {
557		l.Error("failed to add record to PDS", "err", err)
558		s.Pages.Notice(w, noticeId, "Failed to add record to PDS, try again later.")
559		return
560	}
561
562	if err = tx.Commit(); err != nil {
563		l.Error("failed to commit txn", "err", err)
564		fail()
565		return
566	}
567
568	if err = s.Enforcer.E.SavePolicy(); err != nil {
569		l.Error("failed to add member to ACLs", "err", err)
570		fail()
571		return
572	}
573
574	// success
575	s.Pages.HxRedirect(w, fmt.Sprintf("/spindles/%s", instance))
576}
577
578func (s *Spindles) removeMember(w http.ResponseWriter, r *http.Request) {
579	user := s.OAuth.GetUser(r)
580	l := s.Logger.With("handler", "removeMember")
581
582	noticeId := "operation-error"
583	defaultErr := "Failed to remove member. Try again later."
584	fail := func() {
585		s.Pages.Notice(w, noticeId, defaultErr)
586	}
587
588	instance := chi.URLParam(r, "instance")
589	if instance == "" {
590		l.Error("empty instance")
591		fail()
592		return
593	}
594	l = l.With("instance", instance)
595	l = l.With("user", user.Did)
596
597	spindles, err := db.GetSpindles(
598		s.Db,
599		db.FilterEq("owner", user.Did),
600		db.FilterEq("instance", instance),
601	)
602	if err != nil || len(spindles) != 1 {
603		l.Error("failed to retrieve instance", "err", err, "len(spindles)", len(spindles))
604		fail()
605		return
606	}
607
608	if string(spindles[0].Owner) != user.Did {
609		l.Error("unauthorized", "user", user.Did, "owner", spindles[0].Owner)
610		s.Pages.Notice(w, noticeId, "Failed to add member, unauthorized attempt.")
611		return
612	}
613
614	member := r.FormValue("member")
615	if member == "" {
616		l.Error("empty member")
617		s.Pages.Notice(w, noticeId, "Failed to add member, empty form.")
618		return
619	}
620	l = l.With("member", member)
621
622	memberId, err := s.IdResolver.ResolveIdent(r.Context(), member)
623	if err != nil {
624		l.Error("failed to resolve member identity to handle", "err", err)
625		s.Pages.Notice(w, noticeId, "Failed to add member, identity resolution failed.")
626		return
627	}
628	if memberId.Handle.IsInvalidHandle() {
629		l.Error("failed to resolve member identity to handle")
630		s.Pages.Notice(w, noticeId, "Failed to add member, identity resolution failed.")
631		return
632	}
633
634	tx, err := s.Db.Begin()
635	if err != nil {
636		l.Error("failed to start txn", "err", err)
637		fail()
638		return
639	}
640	defer func() {
641		tx.Rollback()
642		s.Enforcer.E.LoadPolicy()
643	}()
644
645	// get the record from the DB first:
646	members, err := db.GetSpindleMembers(
647		s.Db,
648		db.FilterEq("did", user.Did),
649		db.FilterEq("instance", instance),
650		db.FilterEq("subject", memberId.DID),
651	)
652	if err != nil || len(members) != 1 {
653		l.Error("failed to get member", "err", err)
654		fail()
655		return
656	}
657
658	// remove from db
659	if err = db.RemoveSpindleMember(
660		tx,
661		db.FilterEq("did", user.Did),
662		db.FilterEq("instance", instance),
663		db.FilterEq("subject", memberId.DID),
664	); err != nil {
665		l.Error("failed to remove spindle member", "err", err)
666		fail()
667		return
668	}
669
670	// remove from enforcer
671	if err = s.Enforcer.RemoveSpindleMember(instance, memberId.DID.String()); err != nil {
672		l.Error("failed to update ACLs", "err", err)
673		fail()
674		return
675	}
676
677	client, err := s.OAuth.AuthorizedClient(r)
678	if err != nil {
679		l.Error("failed to authorize client", "err", err)
680		fail()
681		return
682	}
683
684	// remove from pds
685	_, err = client.RepoDeleteRecord(r.Context(), &comatproto.RepoDeleteRecord_Input{
686		Collection: tangled.SpindleMemberNSID,
687		Repo:       user.Did,
688		Rkey:       members[0].Rkey,
689	})
690	if err != nil {
691		// non-fatal
692		l.Error("failed to delete record", "err", err)
693	}
694
695	// commit everything
696	if err = tx.Commit(); err != nil {
697		l.Error("failed to commit txn", "err", err)
698		fail()
699		return
700	}
701
702	// commit everything
703	if err = s.Enforcer.E.SavePolicy(); err != nil {
704		l.Error("failed to save ACLs", "err", err)
705		fail()
706		return
707	}
708
709	// ok
710	s.Pages.HxRefresh(w)
711}