besaid.zone / core
forked from tangled.org/core
Monorepo for Tangled
fork atom

appview: ingester: gate artifact ingestion to repo:push

thanks @cinny.bun.how on bluesky.

oppi.li a2c07c89 0ed610f1

options
unified split
Changed files
+21 -4
appview
db
repos.go
ingester.go
state
state.go
+6
appview/db/repos.go
··· 6 6 "time" 7 7 8 8 "github.com/bluesky-social/indigo/atproto/syntax" 9 + securejoin "github.com/cyphar/filepath-securejoin" 9 10 "tangled.sh/tangled.sh/core/api/tangled" 10 11 ) 11 12 ··· 27 28 28 29 func (r Repo) RepoAt() syntax.ATURI { 29 30 return syntax.ATURI(fmt.Sprintf("at://%s/%s/%s", r.Did, tangled.RepoNSID, r.Rkey)) 31 + } 32 + 33 + func (r Repo) DidSlashRepo() string { 34 + p, _ := securejoin.SecureJoin(r.Did, r.Name) 35 + return p 30 36 } 31 37 32 38 func GetAllRepos(e Execer, limit int) ([]Repo, error) {
+14 -3
appview/ingester.go
··· 13 13 "github.com/ipfs/go-cid" 14 14 "tangled.sh/tangled.sh/core/api/tangled" 15 15 "tangled.sh/tangled.sh/core/appview/db" 16 + "tangled.sh/tangled.sh/core/rbac" 16 17 ) 17 18 18 19 type Ingester func(ctx context.Context, e *models.Event) error 19 20 20 - func Ingest(d db.DbWrapper) Ingester { 21 + func Ingest(d db.DbWrapper, enforcer *rbac.Enforcer) Ingester { 21 22 return func(ctx context.Context, e *models.Event) error { 22 23 var err error 23 24 defer func() { ··· 40 41 case tangled.PublicKeyNSID: 41 42 ingestPublicKey(&d, e) 42 43 case tangled.RepoArtifactNSID: 43 - ingestArtifact(&d, e) 44 + ingestArtifact(&d, e, enforcer) 44 45 case tangled.ActorProfileNSID: 45 46 ingestProfile(&d, e) 46 47 } ··· 139 140 return nil 140 141 } 141 142 142 - func ingestArtifact(d *db.DbWrapper, e *models.Event) error { 143 + func ingestArtifact(d *db.DbWrapper, e *models.Event, enforcer *rbac.Enforcer) error { 143 144 did := e.Did 144 145 var err error 145 146 ··· 155 156 156 157 repoAt, err := syntax.ParseATURI(record.Repo) 157 158 if err != nil { 159 + return err 160 + } 161 + 162 + repo, err := db.GetRepoByAtUri(d, repoAt.String()) 163 + if err != nil { 164 + return err 165 + } 166 + 167 + ok, err := enforcer.E.Enforce(did, repo.Knot, repo.DidSlashRepo(), "repo:push") 168 + if err != nil || !ok { 158 169 return err 159 170 } 160 171
+1 -1
appview/state/state.go
··· 76 76 if err != nil { 77 77 return nil, fmt.Errorf("failed to create jetstream client: %w", err) 78 78 } 79 - err = jc.StartJetstream(context.Background(), appview.Ingest(wrapper)) 79 + err = jc.StartJetstream(context.Background(), appview.Ingest(wrapper, enforcer)) 80 80 if err != nil { 81 81 return nil, fmt.Errorf("failed to start jetstream watcher: %w", err) 82 82 }