+79 -20

api/tangled/cbor_gen.go

··· 7934 7934 } 7935 7935 7936 7936 cw := cbg.NewCborWriter(w) 7937 7937 - fieldCount := 9 7937 7937 + fieldCount := 10 7938 7938 7939 7939 if t.Body == nil { 7940 7940 fieldCount-- 7941 7941 } 7942 7942 7943 7943 if t.Mentions == nil { 7944 7944 + fieldCount-- 7945 7945 + } 7946 7946 + 7947 7947 + if t.Patch == nil { 7944 7948 fieldCount-- 7945 7949 } 7946 7950 ··· 8008 8012 } 8009 8013 8010 8014 // t.Patch (string) (string) 8011 8011 - if len("patch") > 1000000 { 8012 8012 - return xerrors.Errorf("Value in field \"patch\" was too long") 8013 8013 - } 8015 8015 + if t.Patch != nil { 8014 8016 8015 8015 - if err := cw.WriteMajorTypeHeader(cbg.MajTextString, uint64(len("patch"))); err != nil { 8016 8016 - return err 8017 8017 - } 8018 8018 - if _, err := cw.WriteString(string("patch")); err != nil { 8019 8019 - return err 8020 8020 - } 8017 8017 + if len("patch") > 1000000 { 8018 8018 + return xerrors.Errorf("Value in field \"patch\" was too long") 8019 8019 + } 8021 8020 8022 8022 - if len(t.Patch) > 1000000 { 8023 8023 - return xerrors.Errorf("Value in field t.Patch was too long") 8024 8024 - } 8021 8021 + if err := cw.WriteMajorTypeHeader(cbg.MajTextString, uint64(len("patch"))); err != nil { 8022 8022 + return err 8023 8023 + } 8024 8024 + if _, err := cw.WriteString(string("patch")); err != nil { 8025 8025 + return err 8026 8026 + } 8027 8027 + 8028 8028 + if t.Patch == nil { 8029 8029 + if _, err := cw.Write(cbg.CborNull); err != nil { 8030 8030 + return err 8031 8031 + } 8032 8032 + } else { 8033 8033 + if len(*t.Patch) > 1000000 { 8034 8034 + return xerrors.Errorf("Value in field t.Patch was too long") 8035 8035 + } 8025 8036 8026 8026 - if err := cw.WriteMajorTypeHeader(cbg.MajTextString, uint64(len(t.Patch))); err != nil { 8027 8027 - return err 8028 8028 - } 8029 8029 - if _, err := cw.WriteString(string(t.Patch)); err != nil { 8030 8030 - return err 8037 8037 + if err := cw.WriteMajorTypeHeader(cbg.MajTextString, uint64(len(*t.Patch))); err != nil { 8038 8038 + return err 8039 8039 + } 8040 8040 + if _, err := cw.WriteString(string(*t.Patch)); err != nil { 8041 8041 + return err 8042 8042 + } 8043 8043 + } 8031 8044 } 8032 8045 8033 8046 // t.Title (string) (string) ··· 8147 8160 return err 8148 8161 } 8149 8162 8163 8163 + // t.PatchBlob (util.LexBlob) (struct) 8164 8164 + if len("patchBlob") > 1000000 { 8165 8165 + return xerrors.Errorf("Value in field \"patchBlob\" was too long") 8166 8166 + } 8167 8167 + 8168 8168 + if err := cw.WriteMajorTypeHeader(cbg.MajTextString, uint64(len("patchBlob"))); err != nil { 8169 8169 + return err 8170 8170 + } 8171 8171 + if _, err := cw.WriteString(string("patchBlob")); err != nil { 8172 8172 + return err 8173 8173 + } 8174 8174 + 8175 8175 + if err := t.PatchBlob.MarshalCBOR(cw); err != nil { 8176 8176 + return err 8177 8177 + } 8178 8178 + 8150 8179 // t.References ([]string) (slice) 8151 8180 if t.References != nil { 8152 8181 ··· 8262 8291 case "patch": 8263 8292 8264 8293 { 8265 8265 - sval, err := cbg.ReadStringWithMax(cr, 1000000) 8294 8294 + b, err := cr.ReadByte() 8266 8295 if err != nil { 8267 8296 return err 8268 8297 } 8298 8298 + if b != cbg.CborNull[0] { 8299 8299 + if err := cr.UnreadByte(); err != nil { 8300 8300 + return err 8301 8301 + } 8269 8302 8270 8270 - t.Patch = string(sval) 8303 8303 + sval, err := cbg.ReadStringWithMax(cr, 1000000) 8304 8304 + if err != nil { 8305 8305 + return err 8306 8306 + } 8307 8307 + 8308 8308 + t.Patch = (*string)(&sval) 8309 8309 + } 8271 8310 } 8272 8311 // t.Title (string) (string) 8273 8312 case "title": ··· 8370 8409 } 8371 8410 8372 8411 t.CreatedAt = string(sval) 8412 8412 + } 8413 8413 + // t.PatchBlob (util.LexBlob) (struct) 8414 8414 + case "patchBlob": 8415 8415 + 8416 8416 + { 8417 8417 + 8418 8418 + b, err := cr.ReadByte() 8419 8419 + if err != nil { 8420 8420 + return err 8421 8421 + } 8422 8422 + if b != cbg.CborNull[0] { 8423 8423 + if err := cr.UnreadByte(); err != nil { 8424 8424 + return err 8425 8425 + } 8426 8426 + t.PatchBlob = new(util.LexBlob) 8427 8427 + if err := t.PatchBlob.UnmarshalCBOR(cr); err != nil { 8428 8428 + return xerrors.Errorf("unmarshaling t.PatchBlob pointer: %w", err) 8429 8429 + } 8430 8430 + } 8431 8431 + 8373 8432 } 8374 8433 // t.References ([]string) (slice) 8375 8434 case "references":

-39

api/tangled/gitkeepCommit.go

··· 1 1 - // Code generated by cmd/lexgen (see Makefile's lexgen); DO NOT EDIT. 2 2 - 3 3 - package tangled 4 4 - 5 5 - // schema: sh.tangled.git.keepCommit 6 6 - 7 7 - import ( 8 8 - "context" 9 9 - 10 10 - "github.com/bluesky-social/indigo/lex/util" 11 11 - ) 12 12 - 13 13 - const ( 14 14 - GitKeepCommitNSID = "sh.tangled.git.keepCommit" 15 15 - ) 16 16 - 17 17 - // GitKeepCommit_Input is the input argument to a sh.tangled.git.keepCommit call. 18 18 - type GitKeepCommit_Input struct { 19 19 - // ref: ref to keep 20 20 - Ref string `json:"ref" cborgen:"ref"` 21 21 - // repo: AT-URI of the repository 22 22 - Repo string `json:"repo" cborgen:"repo"` 23 23 - } 24 24 - 25 25 - // GitKeepCommit_Output is the output of a sh.tangled.git.keepCommit call. 26 26 - type GitKeepCommit_Output struct { 27 27 - // commitId: Keeped commit hash 28 28 - CommitId string `json:"commitId" cborgen:"commitId"` 29 29 - } 30 30 - 31 31 - // GitKeepCommit calls the XRPC method "sh.tangled.git.keepCommit". 32 32 - func GitKeepCommit(ctx context.Context, c util.LexClient, input *GitKeepCommit_Input) (*GitKeepCommit_Output, error) { 33 33 - var out GitKeepCommit_Output 34 34 - if err := c.LexDo(ctx, util.Procedure, "application/json", "sh.tangled.git.keepCommit", nil, input, &out); err != nil { 35 35 - return nil, err 36 36 - } 37 37 - 38 38 - return &out, nil 39 39 - }

+12 -9

api/tangled/repopull.go

··· 17 17 } // 18 18 // RECORDTYPE: RepoPull 19 19 type RepoPull struct { 20 20 - LexiconTypeID string `json:"$type,const=sh.tangled.repo.pull" cborgen:"$type,const=sh.tangled.repo.pull"` 21 21 - Body *string `json:"body,omitempty" cborgen:"body,omitempty"` 22 22 - CreatedAt string `json:"createdAt" cborgen:"createdAt"` 23 23 - Mentions []string `json:"mentions,omitempty" cborgen:"mentions,omitempty"` 24 24 - Patch string `json:"patch" cborgen:"patch"` 25 25 - References []string `json:"references,omitempty" cborgen:"references,omitempty"` 26 26 - Source *RepoPull_Source `json:"source,omitempty" cborgen:"source,omitempty"` 27 27 - Target *RepoPull_Target `json:"target" cborgen:"target"` 28 28 - Title string `json:"title" cborgen:"title"` 20 20 + LexiconTypeID string `json:"$type,const=sh.tangled.repo.pull" cborgen:"$type,const=sh.tangled.repo.pull"` 21 21 + Body *string `json:"body,omitempty" cborgen:"body,omitempty"` 22 22 + CreatedAt string `json:"createdAt" cborgen:"createdAt"` 23 23 + Mentions []string `json:"mentions,omitempty" cborgen:"mentions,omitempty"` 24 24 + // patch: (deprecated) use patchBlob instead 25 25 + Patch *string `json:"patch,omitempty" cborgen:"patch,omitempty"` 26 26 + // patchBlob: patch content 27 27 + PatchBlob *util.LexBlob `json:"patchBlob" cborgen:"patchBlob"` 28 28 + References []string `json:"references,omitempty" cborgen:"references,omitempty"` 29 29 + Source *RepoPull_Source `json:"source,omitempty" cborgen:"source,omitempty"` 30 30 + Target *RepoPull_Target `json:"target" cborgen:"target"` 31 31 + Title string `json:"title" cborgen:"title"` 29 32 } 30 33 31 34 // RepoPull_Source is a "source" in the sh.tangled.repo.pull schema.

+3 -2

appview/db/artifact.go

··· 8 8 "github.com/go-git/go-git/v5/plumbing" 9 9 "github.com/ipfs/go-cid" 10 10 "tangled.org/core/appview/models" 11 11 + "tangled.org/core/orm" 11 12 ) 12 13 13 14 func AddArtifact(e Execer, artifact models.Artifact) error { ··· 37 38 return err 38 39 } 39 40 40 40 - func GetArtifact(e Execer, filters ...filter) ([]models.Artifact, error) { 41 41 + func GetArtifact(e Execer, filters ...orm.Filter) ([]models.Artifact, error) { 41 42 var artifacts []models.Artifact 42 43 43 44 var conditions []string ··· 109 110 return artifacts, nil 110 111 } 111 112 112 112 - func DeleteArtifact(e Execer, filters ...filter) error { 113 113 + func DeleteArtifact(e Execer, filters ...orm.Filter) error { 113 114 var conditions []string 114 115 var args []any 115 116 for _, filter := range filters {

+4 -3

appview/db/collaborators.go

··· 6 6 "time" 7 7 8 8 "tangled.org/core/appview/models" 9 9 + "tangled.org/core/orm" 9 10 ) 10 11 11 12 func AddCollaborator(e Execer, c models.Collaborator) error { ··· 16 17 return err 17 18 } 18 19 19 19 - func DeleteCollaborator(e Execer, filters ...filter) error { 20 20 + func DeleteCollaborator(e Execer, filters ...orm.Filter) error { 20 21 var conditions []string 21 22 var args []any 22 23 for _, filter := range filters { ··· 58 59 return nil, nil 59 60 } 60 61 61 61 - return GetRepos(e, 0, FilterIn("at_uri", repoAts)) 62 62 + return GetRepos(e, 0, orm.FilterIn("at_uri", repoAts)) 62 63 } 63 64 64 64 - func GetCollaborators(e Execer, filters ...filter) ([]models.Collaborator, error) { 65 65 + func GetCollaborators(e Execer, filters ...orm.Filter) ([]models.Collaborator, error) { 65 66 var collaborators []models.Collaborator 66 67 var conditions []string 67 68 var args []any

+24 -137

appview/db/db.go

··· 3 3 import ( 4 4 "context" 5 5 "database/sql" 6 6 - "fmt" 7 6 "log/slog" 8 8 - "reflect" 9 7 "strings" 10 8 11 9 _ "github.com/mattn/go-sqlite3" 12 10 "tangled.org/core/log" 11 11 + "tangled.org/core/orm" 13 12 ) 14 13 15 14 type DB struct { ··· 584 583 } 585 584 586 585 // run migrations 587 587 - runMigration(conn, logger, "add-description-to-repos", func(tx *sql.Tx) error { 586 586 + orm.RunMigration(conn, logger, "add-description-to-repos", func(tx *sql.Tx) error { 588 587 tx.Exec(` 589 588 alter table repos add column description text check (length(description) <= 200); 590 589 `) 591 590 return nil 592 591 }) 593 592 594 594 - runMigration(conn, logger, "add-rkey-to-pubkeys", func(tx *sql.Tx) error { 593 593 + orm.RunMigration(conn, logger, "add-rkey-to-pubkeys", func(tx *sql.Tx) error { 595 594 // add unconstrained column 596 595 _, err := tx.Exec(` 597 596 alter table public_keys ··· 614 613 return nil 615 614 }) 616 615 617 617 - runMigration(conn, logger, "add-rkey-to-comments", func(tx *sql.Tx) error { 616 616 + orm.RunMigration(conn, logger, "add-rkey-to-comments", func(tx *sql.Tx) error { 618 617 _, err := tx.Exec(` 619 618 alter table comments drop column comment_at; 620 619 alter table comments add column rkey text; ··· 622 621 return err 623 622 }) 624 623 625 625 - runMigration(conn, logger, "add-deleted-and-edited-to-issue-comments", func(tx *sql.Tx) error { 624 624 + orm.RunMigration(conn, logger, "add-deleted-and-edited-to-issue-comments", func(tx *sql.Tx) error { 626 625 _, err := tx.Exec(` 627 626 alter table comments add column deleted text; -- timestamp 628 627 alter table comments add column edited text; -- timestamp ··· 630 629 return err 631 630 }) 632 631 633 633 - runMigration(conn, logger, "add-source-info-to-pulls-and-submissions", func(tx *sql.Tx) error { 632 632 + orm.RunMigration(conn, logger, "add-source-info-to-pulls-and-submissions", func(tx *sql.Tx) error { 634 633 _, err := tx.Exec(` 635 634 alter table pulls add column source_branch text; 636 635 alter table pulls add column source_repo_at text; ··· 639 638 return err 640 639 }) 641 640 642 642 - runMigration(conn, logger, "add-source-to-repos", func(tx *sql.Tx) error { 641 641 + orm.RunMigration(conn, logger, "add-source-to-repos", func(tx *sql.Tx) error { 643 642 _, err := tx.Exec(` 644 643 alter table repos add column source text; 645 644 `) ··· 651 650 // 652 651 // [0]: https://sqlite.org/pragma.html#pragma_foreign_keys 653 652 conn.ExecContext(ctx, "pragma foreign_keys = off;") 654 654 - runMigration(conn, logger, "recreate-pulls-column-for-stacking-support", func(tx *sql.Tx) error { 653 653 + orm.RunMigration(conn, logger, "recreate-pulls-column-for-stacking-support", func(tx *sql.Tx) error { 655 654 _, err := tx.Exec(` 656 655 create table pulls_new ( 657 656 -- identifiers ··· 708 707 }) 709 708 conn.ExecContext(ctx, "pragma foreign_keys = on;") 710 709 711 711 - runMigration(conn, logger, "add-spindle-to-repos", func(tx *sql.Tx) error { 710 710 + orm.RunMigration(conn, logger, "add-spindle-to-repos", func(tx *sql.Tx) error { 712 711 tx.Exec(` 713 712 alter table repos add column spindle text; 714 713 `) ··· 718 717 // drop all knot secrets, add unique constraint to knots 719 718 // 720 719 // knots will henceforth use service auth for signed requests 721 721 - runMigration(conn, logger, "no-more-secrets", func(tx *sql.Tx) error { 720 720 + orm.RunMigration(conn, logger, "no-more-secrets", func(tx *sql.Tx) error { 722 721 _, err := tx.Exec(` 723 722 create table registrations_new ( 724 723 id integer primary key autoincrement, ··· 741 740 }) 742 741 743 742 // recreate and add rkey + created columns with default constraint 744 744 - runMigration(conn, logger, "rework-collaborators-table", func(tx *sql.Tx) error { 743 743 + orm.RunMigration(conn, logger, "rework-collaborators-table", func(tx *sql.Tx) error { 745 744 // create new table 746 745 // - repo_at instead of repo integer 747 746 // - rkey field ··· 795 794 return err 796 795 }) 797 796 798 798 - runMigration(conn, logger, "add-rkey-to-issues", func(tx *sql.Tx) error { 797 797 + orm.RunMigration(conn, logger, "add-rkey-to-issues", func(tx *sql.Tx) error { 799 798 _, err := tx.Exec(` 800 799 alter table issues add column rkey text not null default ''; 801 800 ··· 807 806 }) 808 807 809 808 // repurpose the read-only column to "needs-upgrade" 810 810 - runMigration(conn, logger, "rename-registrations-read-only-to-needs-upgrade", func(tx *sql.Tx) error { 809 809 + orm.RunMigration(conn, logger, "rename-registrations-read-only-to-needs-upgrade", func(tx *sql.Tx) error { 811 810 _, err := tx.Exec(` 812 811 alter table registrations rename column read_only to needs_upgrade; 813 812 `) ··· 815 814 }) 816 815 817 816 // require all knots to upgrade after the release of total xrpc 818 818 - runMigration(conn, logger, "migrate-knots-to-total-xrpc", func(tx *sql.Tx) error { 817 817 + orm.RunMigration(conn, logger, "migrate-knots-to-total-xrpc", func(tx *sql.Tx) error { 819 818 _, err := tx.Exec(` 820 819 update registrations set needs_upgrade = 1; 821 820 `) ··· 823 822 }) 824 823 825 824 // require all knots to upgrade after the release of total xrpc 826 826 - runMigration(conn, logger, "migrate-spindles-to-xrpc-owner", func(tx *sql.Tx) error { 825 825 + orm.RunMigration(conn, logger, "migrate-spindles-to-xrpc-owner", func(tx *sql.Tx) error { 827 826 _, err := tx.Exec(` 828 827 alter table spindles add column needs_upgrade integer not null default 0; 829 828 `) ··· 841 840 // 842 841 // disable foreign-keys for the next migration 843 842 conn.ExecContext(ctx, "pragma foreign_keys = off;") 844 844 - runMigration(conn, logger, "remove-issue-at-from-issues", func(tx *sql.Tx) error { 843 843 + orm.RunMigration(conn, logger, "remove-issue-at-from-issues", func(tx *sql.Tx) error { 845 844 _, err := tx.Exec(` 846 845 create table if not exists issues_new ( 847 846 -- identifiers ··· 911 910 // - new columns 912 911 // * column "reply_to" which can be any other comment 913 912 // * column "at-uri" which is a generated column 914 914 - runMigration(conn, logger, "rework-issue-comments", func(tx *sql.Tx) error { 913 913 + orm.RunMigration(conn, logger, "rework-issue-comments", func(tx *sql.Tx) error { 915 914 _, err := tx.Exec(` 916 915 create table if not exists issue_comments ( 917 916 -- identifiers ··· 971 970 // 972 971 // disable foreign-keys for the next migration 973 972 conn.ExecContext(ctx, "pragma foreign_keys = off;") 974 974 - runMigration(conn, logger, "add-at-uri-to-pulls", func(tx *sql.Tx) error { 973 973 + orm.RunMigration(conn, logger, "add-at-uri-to-pulls", func(tx *sql.Tx) error { 975 974 _, err := tx.Exec(` 976 975 create table if not exists pulls_new ( 977 976 -- identifiers ··· 1052 1051 // 1053 1052 // disable foreign-keys for the next migration 1054 1053 conn.ExecContext(ctx, "pragma foreign_keys = off;") 1055 1055 - runMigration(conn, logger, "remove-repo-at-pull-id-from-pull-submissions", func(tx *sql.Tx) error { 1054 1054 + orm.RunMigration(conn, logger, "remove-repo-at-pull-id-from-pull-submissions", func(tx *sql.Tx) error { 1056 1055 _, err := tx.Exec(` 1057 1056 create table if not exists pull_submissions_new ( 1058 1057 -- identifiers ··· 1106 1105 1107 1106 // knots may report the combined patch for a comparison, we can store that on the appview side 1108 1107 // (but not on the pds record), because calculating the combined patch requires a git index 1109 1109 - runMigration(conn, logger, "add-combined-column-submissions", func(tx *sql.Tx) error { 1108 1108 + orm.RunMigration(conn, logger, "add-combined-column-submissions", func(tx *sql.Tx) error { 1110 1109 _, err := tx.Exec(` 1111 1110 alter table pull_submissions add column combined text; 1112 1111 `) 1113 1112 return err 1114 1113 }) 1115 1114 1116 1116 - runMigration(conn, logger, "add-pronouns-profile", func(tx *sql.Tx) error { 1115 1115 + orm.RunMigration(conn, logger, "add-pronouns-profile", func(tx *sql.Tx) error { 1117 1116 _, err := tx.Exec(` 1118 1117 alter table profile add column pronouns text; 1119 1118 `) 1120 1119 return err 1121 1120 }) 1122 1121 1123 1123 - runMigration(conn, logger, "add-meta-column-repos", func(tx *sql.Tx) error { 1122 1122 + orm.RunMigration(conn, logger, "add-meta-column-repos", func(tx *sql.Tx) error { 1124 1123 _, err := tx.Exec(` 1125 1124 alter table repos add column website text; 1126 1125 alter table repos add column topics text; ··· 1128 1127 return err 1129 1128 }) 1130 1129 1131 1131 - runMigration(conn, logger, "add-usermentioned-preference", func(tx *sql.Tx) error { 1130 1130 + orm.RunMigration(conn, logger, "add-usermentioned-preference", func(tx *sql.Tx) error { 1132 1131 _, err := tx.Exec(` 1133 1132 alter table notification_preferences add column user_mentioned integer not null default 1; 1134 1133 `) ··· 1136 1135 }) 1137 1136 1138 1137 // remove the foreign key constraints from stars. 1139 1139 - runMigration(conn, logger, "generalize-stars-subject", func(tx *sql.Tx) error { 1138 1138 + orm.RunMigration(conn, logger, "generalize-stars-subject", func(tx *sql.Tx) error { 1140 1139 _, err := tx.Exec(` 1141 1140 create table stars_new ( 1142 1141 id integer primary key autoincrement, ··· 1180 1179 }, nil 1181 1180 } 1182 1181 1183 1183 - type migrationFn = func(*sql.Tx) error 1184 1184 - 1185 1185 - func runMigration(c *sql.Conn, logger *slog.Logger, name string, migrationFn migrationFn) error { 1186 1186 - logger = logger.With("migration", name) 1187 1187 - 1188 1188 - tx, err := c.BeginTx(context.Background(), nil) 1189 1189 - if err != nil { 1190 1190 - return err 1191 1191 - } 1192 1192 - defer tx.Rollback() 1193 1193 - 1194 1194 - var exists bool 1195 1195 - err = tx.QueryRow("select exists (select 1 from migrations where name = ?)", name).Scan(&exists) 1196 1196 - if err != nil { 1197 1197 - return err 1198 1198 - } 1199 1199 - 1200 1200 - if !exists { 1201 1201 - // run migration 1202 1202 - err = migrationFn(tx) 1203 1203 - if err != nil { 1204 1204 - logger.Error("failed to run migration", "err", err) 1205 1205 - return err 1206 1206 - } 1207 1207 - 1208 1208 - // mark migration as complete 1209 1209 - _, err = tx.Exec("insert into migrations (name) values (?)", name) 1210 1210 - if err != nil { 1211 1211 - logger.Error("failed to mark migration as complete", "err", err) 1212 1212 - return err 1213 1213 - } 1214 1214 - 1215 1215 - // commit the transaction 1216 1216 - if err := tx.Commit(); err != nil { 1217 1217 - return err 1218 1218 - } 1219 1219 - 1220 1220 - logger.Info("migration applied successfully") 1221 1221 - } else { 1222 1222 - logger.Warn("skipped migration, already applied") 1223 1223 - } 1224 1224 - 1225 1225 - return nil 1226 1226 - } 1227 1227 - 1228 1182 func (d *DB) Close() error { 1229 1183 return d.DB.Close() 1230 1184 } 1231 1231 - 1232 1232 - type filter struct { 1233 1233 - key string 1234 1234 - arg any 1235 1235 - cmp string 1236 1236 - } 1237 1237 - 1238 1238 - func newFilter(key, cmp string, arg any) filter { 1239 1239 - return filter{ 1240 1240 - key: key, 1241 1241 - arg: arg, 1242 1242 - cmp: cmp, 1243 1243 - } 1244 1244 - } 1245 1245 - 1246 1246 - func FilterEq(key string, arg any) filter { return newFilter(key, "=", arg) } 1247 1247 - func FilterNotEq(key string, arg any) filter { return newFilter(key, "<>", arg) } 1248 1248 - func FilterGte(key string, arg any) filter { return newFilter(key, ">=", arg) } 1249 1249 - func FilterLte(key string, arg any) filter { return newFilter(key, "<=", arg) } 1250 1250 - func FilterIs(key string, arg any) filter { return newFilter(key, "is", arg) } 1251 1251 - func FilterIsNot(key string, arg any) filter { return newFilter(key, "is not", arg) } 1252 1252 - func FilterIn(key string, arg any) filter { return newFilter(key, "in", arg) } 1253 1253 - func FilterLike(key string, arg any) filter { return newFilter(key, "like", arg) } 1254 1254 - func FilterNotLike(key string, arg any) filter { return newFilter(key, "not like", arg) } 1255 1255 - func FilterContains(key string, arg any) filter { 1256 1256 - return newFilter(key, "like", fmt.Sprintf("%%%v%%", arg)) 1257 1257 - } 1258 1258 - 1259 1259 - func (f filter) Condition() string { 1260 1260 - rv := reflect.ValueOf(f.arg) 1261 1261 - kind := rv.Kind() 1262 1262 - 1263 1263 - // if we have `FilterIn(k, [1, 2, 3])`, compile it down to `k in (?, ?, ?)` 1264 1264 - if (kind == reflect.Slice && rv.Type().Elem().Kind() != reflect.Uint8) || kind == reflect.Array { 1265 1265 - if rv.Len() == 0 { 1266 1266 - // always false 1267 1267 - return "1 = 0" 1268 1268 - } 1269 1269 - 1270 1270 - placeholders := make([]string, rv.Len()) 1271 1271 - for i := range placeholders { 1272 1272 - placeholders[i] = "?" 1273 1273 - } 1274 1274 - 1275 1275 - return fmt.Sprintf("%s %s (%s)", f.key, f.cmp, strings.Join(placeholders, ", ")) 1276 1276 - } 1277 1277 - 1278 1278 - return fmt.Sprintf("%s %s ?", f.key, f.cmp) 1279 1279 - } 1280 1280 - 1281 1281 - func (f filter) Arg() []any { 1282 1282 - rv := reflect.ValueOf(f.arg) 1283 1283 - kind := rv.Kind() 1284 1284 - if (kind == reflect.Slice && rv.Type().Elem().Kind() != reflect.Uint8) || kind == reflect.Array { 1285 1285 - if rv.Len() == 0 { 1286 1286 - return nil 1287 1287 - } 1288 1288 - 1289 1289 - out := make([]any, rv.Len()) 1290 1290 - for i := range rv.Len() { 1291 1291 - out[i] = rv.Index(i).Interface() 1292 1292 - } 1293 1293 - return out 1294 1294 - } 1295 1295 - 1296 1296 - return []any{f.arg} 1297 1297 - }

+6 -3

appview/db/follow.go

··· 7 7 "time" 8 8 9 9 "tangled.org/core/appview/models" 10 10 + "tangled.org/core/orm" 10 11 ) 11 12 12 13 func AddFollow(e Execer, follow *models.Follow) error { ··· 134 135 return result, nil 135 136 } 136 137 137 137 - func GetFollows(e Execer, limit int, filters ...filter) ([]models.Follow, error) { 138 138 + func GetFollows(e Execer, limit int, filters ...orm.Filter) ([]models.Follow, error) { 138 139 var follows []models.Follow 139 140 140 141 var conditions []string ··· 166 167 if err != nil { 167 168 return nil, err 168 169 } 170 170 + defer rows.Close() 171 171 + 169 172 for rows.Next() { 170 173 var follow models.Follow 171 174 var followedAt string ··· 191 194 } 192 195 193 196 func GetFollowers(e Execer, did string) ([]models.Follow, error) { 194 194 - return GetFollows(e, 0, FilterEq("subject_did", did)) 197 197 + return GetFollows(e, 0, orm.FilterEq("subject_did", did)) 195 198 } 196 199 197 200 func GetFollowing(e Execer, did string) ([]models.Follow, error) { 198 198 - return GetFollows(e, 0, FilterEq("user_did", did)) 201 201 + return GetFollows(e, 0, orm.FilterEq("user_did", did)) 199 202 } 200 203 201 204 func getFollowStatuses(e Execer, userDid string, subjectDids []string) (map[string]models.FollowStatus, error) {

+22 -20

appview/db/issues.go

··· 13 13 "tangled.org/core/api/tangled" 14 14 "tangled.org/core/appview/models" 15 15 "tangled.org/core/appview/pagination" 16 16 + "tangled.org/core/orm" 16 17 ) 17 18 18 19 func PutIssue(tx *sql.Tx, issue *models.Issue) error { ··· 27 28 28 29 issues, err := GetIssues( 29 30 tx, 30 30 - FilterEq("did", issue.Did), 31 31 - FilterEq("rkey", issue.Rkey), 31 31 + orm.FilterEq("did", issue.Did), 32 32 + orm.FilterEq("rkey", issue.Rkey), 32 33 ) 33 34 switch { 34 35 case err != nil: ··· 98 99 return nil 99 100 } 100 101 101 101 - func GetIssuesPaginated(e Execer, page pagination.Page, filters ...filter) ([]models.Issue, error) { 102 102 + func GetIssuesPaginated(e Execer, page pagination.Page, filters ...orm.Filter) ([]models.Issue, error) { 102 103 issueMap := make(map[string]*models.Issue) // at-uri -> issue 103 104 104 105 var conditions []string ··· 114 115 whereClause = " where " + strings.Join(conditions, " and ") 115 116 } 116 117 117 117 - pLower := FilterGte("row_num", page.Offset+1) 118 118 - pUpper := FilterLte("row_num", page.Offset+page.Limit) 118 118 + pLower := orm.FilterGte("row_num", page.Offset+1) 119 119 + pUpper := orm.FilterLte("row_num", page.Offset+page.Limit) 119 120 120 121 pageClause := "" 121 122 if page.Limit > 0 { ··· 205 206 repoAts = append(repoAts, string(issue.RepoAt)) 206 207 } 207 208 208 208 - repos, err := GetRepos(e, 0, FilterIn("at_uri", repoAts)) 209 209 + repos, err := GetRepos(e, 0, orm.FilterIn("at_uri", repoAts)) 209 210 if err != nil { 210 211 return nil, fmt.Errorf("failed to build repo mappings: %w", err) 211 212 } ··· 228 229 // collect comments 229 230 issueAts := slices.Collect(maps.Keys(issueMap)) 230 231 231 231 - comments, err := GetIssueComments(e, FilterIn("issue_at", issueAts)) 232 232 + comments, err := GetIssueComments(e, orm.FilterIn("issue_at", issueAts)) 232 233 if err != nil { 233 234 return nil, fmt.Errorf("failed to query comments: %w", err) 234 235 } ··· 240 241 } 241 242 242 243 // collect allLabels for each issue 243 243 - allLabels, err := GetLabels(e, FilterIn("subject", issueAts)) 244 244 + allLabels, err := GetLabels(e, orm.FilterIn("subject", issueAts)) 244 245 if err != nil { 245 246 return nil, fmt.Errorf("failed to query labels: %w", err) 246 247 } ··· 251 252 } 252 253 253 254 // collect references for each issue 254 254 - allReferencs, err := GetReferencesAll(e, FilterIn("from_at", issueAts)) 255 255 + allReferencs, err := GetReferencesAll(e, orm.FilterIn("from_at", issueAts)) 255 256 if err != nil { 256 257 return nil, fmt.Errorf("failed to query reference_links: %w", err) 257 258 } ··· 277 278 issues, err := GetIssuesPaginated( 278 279 e, 279 280 pagination.Page{}, 280 280 - FilterEq("repo_at", repoAt), 281 281 - FilterEq("issue_id", issueId), 281 281 + orm.FilterEq("repo_at", repoAt), 282 282 + orm.FilterEq("issue_id", issueId), 282 283 ) 283 284 if err != nil { 284 285 return nil, err ··· 290 291 return &issues[0], nil 291 292 } 292 293 293 293 - func GetIssues(e Execer, filters ...filter) ([]models.Issue, error) { 294 294 + func GetIssues(e Execer, filters ...orm.Filter) ([]models.Issue, error) { 294 295 return GetIssuesPaginated(e, pagination.Page{}, filters...) 295 296 } 296 297 ··· 298 299 func GetIssueIDs(e Execer, opts models.IssueSearchOptions) ([]int64, error) { 299 300 var ids []int64 300 301 301 301 - var filters []filter 302 302 + var filters []orm.Filter 302 303 openValue := 0 303 304 if opts.IsOpen { 304 305 openValue = 1 305 306 } 306 306 - filters = append(filters, FilterEq("open", openValue)) 307 307 + filters = append(filters, orm.FilterEq("open", openValue)) 307 308 if opts.RepoAt != "" { 308 308 - filters = append(filters, FilterEq("repo_at", opts.RepoAt)) 309 309 + filters = append(filters, orm.FilterEq("repo_at", opts.RepoAt)) 309 310 } 310 311 311 312 var conditions []string ··· 397 398 return id, nil 398 399 } 399 400 400 400 - func DeleteIssueComments(e Execer, filters ...filter) error { 401 401 + func DeleteIssueComments(e Execer, filters ...orm.Filter) error { 401 402 var conditions []string 402 403 var args []any 403 404 for _, filter := range filters { ··· 416 417 return err 417 418 } 418 419 419 419 - func GetIssueComments(e Execer, filters ...filter) ([]models.IssueComment, error) { 420 420 + func GetIssueComments(e Execer, filters ...orm.Filter) ([]models.IssueComment, error) { 420 421 commentMap := make(map[string]*models.IssueComment) 421 422 422 423 var conditions []string ··· 451 452 if err != nil { 452 453 return nil, err 453 454 } 455 455 + defer rows.Close() 454 456 455 457 for rows.Next() { 456 458 var comment models.IssueComment ··· 506 508 507 509 // collect references for each comments 508 510 commentAts := slices.Collect(maps.Keys(commentMap)) 509 509 - allReferencs, err := GetReferencesAll(e, FilterIn("from_at", commentAts)) 511 511 + allReferencs, err := GetReferencesAll(e, orm.FilterIn("from_at", commentAts)) 510 512 if err != nil { 511 513 return nil, fmt.Errorf("failed to query reference_links: %w", err) 512 514 } ··· 548 550 return nil 549 551 } 550 552 551 551 - func CloseIssues(e Execer, filters ...filter) error { 553 553 + func CloseIssues(e Execer, filters ...orm.Filter) error { 552 554 var conditions []string 553 555 var args []any 554 556 for _, filter := range filters { ··· 566 568 return err 567 569 } 568 570 569 569 - func ReopenIssues(e Execer, filters ...filter) error { 571 571 + func ReopenIssues(e Execer, filters ...orm.Filter) error { 570 572 var conditions []string 571 573 var args []any 572 574 for _, filter := range filters {

+8 -7

appview/db/label.go

··· 10 10 11 11 "github.com/bluesky-social/indigo/atproto/syntax" 12 12 "tangled.org/core/appview/models" 13 13 + "tangled.org/core/orm" 13 14 ) 14 15 15 16 // no updating type for now ··· 59 60 return id, nil 60 61 } 61 62 62 62 - func DeleteLabelDefinition(e Execer, filters ...filter) error { 63 63 + func DeleteLabelDefinition(e Execer, filters ...orm.Filter) error { 63 64 var conditions []string 64 65 var args []any 65 66 for _, filter := range filters { ··· 75 76 return err 76 77 } 77 78 78 78 - func GetLabelDefinitions(e Execer, filters ...filter) ([]models.LabelDefinition, error) { 79 79 + func GetLabelDefinitions(e Execer, filters ...orm.Filter) ([]models.LabelDefinition, error) { 79 80 var labelDefinitions []models.LabelDefinition 80 81 var conditions []string 81 82 var args []any ··· 167 168 } 168 169 169 170 // helper to get exactly one label def 170 170 - func GetLabelDefinition(e Execer, filters ...filter) (*models.LabelDefinition, error) { 171 171 + func GetLabelDefinition(e Execer, filters ...orm.Filter) (*models.LabelDefinition, error) { 171 172 labels, err := GetLabelDefinitions(e, filters...) 172 173 if err != nil { 173 174 return nil, err ··· 227 228 return id, nil 228 229 } 229 230 230 230 - func GetLabelOps(e Execer, filters ...filter) ([]models.LabelOp, error) { 231 231 + func GetLabelOps(e Execer, filters ...orm.Filter) ([]models.LabelOp, error) { 231 232 var labelOps []models.LabelOp 232 233 var conditions []string 233 234 var args []any ··· 302 303 } 303 304 304 305 // get labels for a given list of subject URIs 305 305 - func GetLabels(e Execer, filters ...filter) (map[syntax.ATURI]models.LabelState, error) { 306 306 + func GetLabels(e Execer, filters ...orm.Filter) (map[syntax.ATURI]models.LabelState, error) { 306 307 ops, err := GetLabelOps(e, filters...) 307 308 if err != nil { 308 309 return nil, err ··· 322 323 } 323 324 labelAts := slices.Collect(maps.Keys(labelAtSet)) 324 325 325 325 - actx, err := NewLabelApplicationCtx(e, FilterIn("at_uri", labelAts)) 326 326 + actx, err := NewLabelApplicationCtx(e, orm.FilterIn("at_uri", labelAts)) 326 327 if err != nil { 327 328 return nil, err 328 329 } ··· 338 339 return results, nil 339 340 } 340 341 341 341 - func NewLabelApplicationCtx(e Execer, filters ...filter) (*models.LabelApplicationCtx, error) { 342 342 + func NewLabelApplicationCtx(e Execer, filters ...orm.Filter) (*models.LabelApplicationCtx, error) { 342 343 labels, err := GetLabelDefinitions(e, filters...) 343 344 if err != nil { 344 345 return nil, err

+6 -5

appview/db/language.go

··· 7 7 8 8 "github.com/bluesky-social/indigo/atproto/syntax" 9 9 "tangled.org/core/appview/models" 10 10 + "tangled.org/core/orm" 10 11 ) 11 12 12 12 - func GetRepoLanguages(e Execer, filters ...filter) ([]models.RepoLanguage, error) { 13 13 + func GetRepoLanguages(e Execer, filters ...orm.Filter) ([]models.RepoLanguage, error) { 13 14 var conditions []string 14 15 var args []any 15 16 for _, filter := range filters { ··· 27 28 whereClause, 28 29 ) 29 30 rows, err := e.Query(query, args...) 30 30 - 31 31 if err != nil { 32 32 return nil, fmt.Errorf("failed to execute query: %w ", err) 33 33 } 34 34 + defer rows.Close() 34 35 35 36 var langs []models.RepoLanguage 36 37 for rows.Next() { ··· 85 86 return nil 86 87 } 87 88 88 88 - func DeleteRepoLanguages(e Execer, filters ...filter) error { 89 89 + func DeleteRepoLanguages(e Execer, filters ...orm.Filter) error { 89 90 var conditions []string 90 91 var args []any 91 92 for _, filter := range filters { ··· 107 108 func UpdateRepoLanguages(tx *sql.Tx, repoAt syntax.ATURI, ref string, langs []models.RepoLanguage) error { 108 109 err := DeleteRepoLanguages( 109 110 tx, 110 110 - FilterEq("repo_at", repoAt), 111 111 - FilterEq("ref", ref), 111 111 + orm.FilterEq("repo_at", repoAt), 112 112 + orm.FilterEq("ref", ref), 112 113 ) 113 114 if err != nil { 114 115 return fmt.Errorf("failed to delete existing languages: %w", err)

+14 -13

appview/db/notifications.go

··· 11 11 "github.com/bluesky-social/indigo/atproto/syntax" 12 12 "tangled.org/core/appview/models" 13 13 "tangled.org/core/appview/pagination" 14 14 + "tangled.org/core/orm" 14 15 ) 15 16 16 17 func CreateNotification(e Execer, notification *models.Notification) error { ··· 44 45 } 45 46 46 47 // GetNotificationsPaginated retrieves notifications with filters and pagination 47 47 - func GetNotificationsPaginated(e Execer, page pagination.Page, filters ...filter) ([]*models.Notification, error) { 48 48 + func GetNotificationsPaginated(e Execer, page pagination.Page, filters ...orm.Filter) ([]*models.Notification, error) { 48 49 var conditions []string 49 50 var args []any 50 51 ··· 113 114 } 114 115 115 116 // GetNotificationsWithEntities retrieves notifications with their related entities 116 116 - func GetNotificationsWithEntities(e Execer, page pagination.Page, filters ...filter) ([]*models.NotificationWithEntity, error) { 117 117 + func GetNotificationsWithEntities(e Execer, page pagination.Page, filters ...orm.Filter) ([]*models.NotificationWithEntity, error) { 117 118 var conditions []string 118 119 var args []any 119 120 ··· 256 257 } 257 258 258 259 // GetNotifications retrieves notifications with filters 259 259 - func GetNotifications(e Execer, filters ...filter) ([]*models.Notification, error) { 260 260 + func GetNotifications(e Execer, filters ...orm.Filter) ([]*models.Notification, error) { 260 261 return GetNotificationsPaginated(e, pagination.FirstPage(), filters...) 261 262 } 262 263 263 263 - func CountNotifications(e Execer, filters ...filter) (int64, error) { 264 264 + func CountNotifications(e Execer, filters ...orm.Filter) (int64, error) { 264 265 var conditions []string 265 266 var args []any 266 267 for _, filter := range filters { ··· 285 286 } 286 287 287 288 func MarkNotificationRead(e Execer, notificationID int64, userDID string) error { 288 288 - idFilter := FilterEq("id", notificationID) 289 289 - recipientFilter := FilterEq("recipient_did", userDID) 289 289 + idFilter := orm.FilterEq("id", notificationID) 290 290 + recipientFilter := orm.FilterEq("recipient_did", userDID) 290 291 291 292 query := fmt.Sprintf(` 292 293 UPDATE notifications ··· 314 315 } 315 316 316 317 func MarkAllNotificationsRead(e Execer, userDID string) error { 317 317 - recipientFilter := FilterEq("recipient_did", userDID) 318 318 - readFilter := FilterEq("read", 0) 318 318 + recipientFilter := orm.FilterEq("recipient_did", userDID) 319 319 + readFilter := orm.FilterEq("read", 0) 319 320 320 321 query := fmt.Sprintf(` 321 322 UPDATE notifications ··· 334 335 } 335 336 336 337 func DeleteNotification(e Execer, notificationID int64, userDID string) error { 337 337 - idFilter := FilterEq("id", notificationID) 338 338 - recipientFilter := FilterEq("recipient_did", userDID) 338 338 + idFilter := orm.FilterEq("id", notificationID) 339 339 + recipientFilter := orm.FilterEq("recipient_did", userDID) 339 340 340 341 query := fmt.Sprintf(` 341 342 DELETE FROM notifications ··· 362 363 } 363 364 364 365 func GetNotificationPreference(e Execer, userDid string) (*models.NotificationPreferences, error) { 365 365 - prefs, err := GetNotificationPreferences(e, FilterEq("user_did", userDid)) 366 366 + prefs, err := GetNotificationPreferences(e, orm.FilterEq("user_did", userDid)) 366 367 if err != nil { 367 368 return nil, err 368 369 } ··· 375 376 return p, nil 376 377 } 377 378 378 378 - func GetNotificationPreferences(e Execer, filters ...filter) (map[syntax.DID]*models.NotificationPreferences, error) { 379 379 + func GetNotificationPreferences(e Execer, filters ...orm.Filter) (map[syntax.DID]*models.NotificationPreferences, error) { 379 380 prefsMap := make(map[syntax.DID]*models.NotificationPreferences) 380 381 381 382 var conditions []string ··· 483 484 484 485 func (d *DB) ClearOldNotifications(ctx context.Context, olderThan time.Duration) error { 485 486 cutoff := time.Now().Add(-olderThan) 486 486 - createdFilter := FilterLte("created", cutoff) 487 487 + createdFilter := orm.FilterLte("created", cutoff) 487 488 488 489 query := fmt.Sprintf(` 489 490 DELETE FROM notifications

+6 -5

appview/db/pipeline.go

··· 7 7 "time" 8 8 9 9 "tangled.org/core/appview/models" 10 10 + "tangled.org/core/orm" 10 11 ) 11 12 12 12 - func GetPipelines(e Execer, filters ...filter) ([]models.Pipeline, error) { 13 13 + func GetPipelines(e Execer, filters ...orm.Filter) ([]models.Pipeline, error) { 13 14 var pipelines []models.Pipeline 14 15 15 16 var conditions []string ··· 168 169 169 170 // this is a mega query, but the most useful one: 170 171 // get N pipelines, for each one get the latest status of its N workflows 171 171 - func GetPipelineStatuses(e Execer, limit int, filters ...filter) ([]models.Pipeline, error) { 172 172 + func GetPipelineStatuses(e Execer, limit int, filters ...orm.Filter) ([]models.Pipeline, error) { 172 173 var conditions []string 173 174 var args []any 174 175 for _, filter := range filters { 175 175 - filter.key = "p." + filter.key // the table is aliased in the query to `p` 176 176 + filter.Key = "p." + filter.Key // the table is aliased in the query to `p` 176 177 conditions = append(conditions, filter.Condition()) 177 178 args = append(args, filter.Arg()...) 178 179 } ··· 264 265 conditions = nil 265 266 args = nil 266 267 for _, p := range pipelines { 267 267 - knotFilter := FilterEq("pipeline_knot", p.Knot) 268 268 - rkeyFilter := FilterEq("pipeline_rkey", p.Rkey) 268 268 + knotFilter := orm.FilterEq("pipeline_knot", p.Knot) 269 269 + rkeyFilter := orm.FilterEq("pipeline_rkey", p.Rkey) 269 270 conditions = append(conditions, fmt.Sprintf("(%s and %s)", knotFilter.Condition(), rkeyFilter.Condition())) 270 271 args = append(args, p.Knot) 271 272 args = append(args, p.Rkey)

+29 -16

appview/db/profile.go

··· 11 11 12 12 "github.com/bluesky-social/indigo/atproto/syntax" 13 13 "tangled.org/core/appview/models" 14 14 + "tangled.org/core/orm" 14 15 ) 15 16 16 17 const TimeframeMonths = 7 ··· 19 20 timeline := models.ProfileTimeline{ 20 21 ByMonth: make([]models.ByMonth, TimeframeMonths), 21 22 } 22 22 - currentMonth := time.Now().Month() 23 23 + now := time.Now() 23 24 timeframe := fmt.Sprintf("-%d months", TimeframeMonths) 24 25 25 26 pulls, err := GetPullsByOwnerDid(e, forDid, timeframe) ··· 29 30 30 31 // group pulls by month 31 32 for _, pull := range pulls { 32 32 - pullMonth := pull.Created.Month() 33 33 + monthsAgo := monthsBetween(pull.Created, now) 33 34 34 34 - if currentMonth-pullMonth >= TimeframeMonths { 35 35 + if monthsAgo >= TimeframeMonths { 35 36 // shouldn't happen; but times are weird 36 37 continue 37 38 } 38 39 39 39 - idx := currentMonth - pullMonth 40 40 + idx := monthsAgo 40 41 items := &timeline.ByMonth[idx].PullEvents.Items 41 42 42 43 *items = append(*items, &pull) ··· 44 45 45 46 issues, err := GetIssues( 46 47 e, 47 47 - FilterEq("did", forDid), 48 48 - FilterGte("created", time.Now().AddDate(0, -TimeframeMonths, 0)), 48 48 + orm.FilterEq("did", forDid), 49 49 + orm.FilterGte("created", time.Now().AddDate(0, -TimeframeMonths, 0)), 49 50 ) 50 51 if err != nil { 51 52 return nil, fmt.Errorf("error getting issues by owner did: %w", err) 52 53 } 53 54 54 55 for _, issue := range issues { 55 55 - issueMonth := issue.Created.Month() 56 56 + monthsAgo := monthsBetween(issue.Created, now) 56 57 57 57 - if currentMonth-issueMonth >= TimeframeMonths { 58 58 + if monthsAgo >= TimeframeMonths { 58 59 // shouldn't happen; but times are weird 59 60 continue 60 61 } 61 62 62 62 - idx := currentMonth - issueMonth 63 63 + idx := monthsAgo 63 64 items := &timeline.ByMonth[idx].IssueEvents.Items 64 65 65 66 *items = append(*items, &issue) 66 67 } 67 68 68 68 - repos, err := GetRepos(e, 0, FilterEq("did", forDid)) 69 69 + repos, err := GetRepos(e, 0, orm.FilterEq("did", forDid)) 69 70 if err != nil { 70 71 return nil, fmt.Errorf("error getting all repos by did: %w", err) 71 72 } ··· 76 77 if repo.Source != "" { 77 78 sourceRepo, err = GetRepoByAtUri(e, repo.Source) 78 79 if err != nil { 79 79 - return nil, err 80 80 + // the source repo was not found, skip this bit 81 81 + log.Println("profile", "err", err) 80 82 } 81 83 } 82 84 83 83 - repoMonth := repo.Created.Month() 85 85 + monthsAgo := monthsBetween(repo.Created, now) 84 86 85 85 - if currentMonth-repoMonth >= TimeframeMonths { 87 87 + if monthsAgo >= TimeframeMonths { 86 88 // shouldn't happen; but times are weird 87 89 continue 88 90 } 89 91 90 90 - idx := currentMonth - repoMonth 92 92 + idx := monthsAgo 91 93 92 94 items := &timeline.ByMonth[idx].RepoEvents 93 95 *items = append(*items, models.RepoEvent{ ··· 99 101 return &timeline, nil 100 102 } 101 103 104 104 + func monthsBetween(from, to time.Time) int { 105 105 + years := to.Year() - from.Year() 106 106 + months := int(to.Month() - from.Month()) 107 107 + return years*12 + months 108 108 + } 109 109 + 102 110 func UpsertProfile(tx *sql.Tx, profile *models.Profile) error { 103 111 defer tx.Rollback() 104 112 ··· 199 207 return tx.Commit() 200 208 } 201 209 202 202 - func GetProfiles(e Execer, filters ...filter) (map[string]*models.Profile, error) { 210 210 + func GetProfiles(e Execer, filters ...orm.Filter) (map[string]*models.Profile, error) { 203 211 var conditions []string 204 212 var args []any 205 213 for _, filter := range filters { ··· 229 237 if err != nil { 230 238 return nil, err 231 239 } 240 240 + defer rows.Close() 232 241 233 242 profileMap := make(map[string]*models.Profile) 234 243 for rows.Next() { ··· 269 278 if err != nil { 270 279 return nil, err 271 280 } 281 281 + defer rows.Close() 282 282 + 272 283 idxs := make(map[string]int) 273 284 for did := range profileMap { 274 285 idxs[did] = 0 ··· 289 300 if err != nil { 290 301 return nil, err 291 302 } 303 303 + defer rows.Close() 304 304 + 292 305 idxs = make(map[string]int) 293 306 for did := range profileMap { 294 307 idxs[did] = 0 ··· 441 454 } 442 455 443 456 // ensure all pinned repos are either own repos or collaborating repos 444 444 - repos, err := GetRepos(e, 0, FilterEq("did", profile.Did)) 457 457 + repos, err := GetRepos(e, 0, orm.FilterEq("did", profile.Did)) 445 458 if err != nil { 446 459 log.Printf("getting repos for %s: %s", profile.Did, err) 447 460 }

+21 -20

appview/db/pulls.go

··· 13 13 14 14 "github.com/bluesky-social/indigo/atproto/syntax" 15 15 "tangled.org/core/appview/models" 16 16 + "tangled.org/core/orm" 16 17 ) 17 18 18 19 func NewPull(tx *sql.Tx, pull *models.Pull) error { ··· 118 119 return pullId - 1, err 119 120 } 120 121 121 121 - func GetPullsWithLimit(e Execer, limit int, filters ...filter) ([]*models.Pull, error) { 122 122 + func GetPullsWithLimit(e Execer, limit int, filters ...orm.Filter) ([]*models.Pull, error) { 122 123 pulls := make(map[syntax.ATURI]*models.Pull) 123 124 124 125 var conditions []string ··· 229 230 for _, p := range pulls { 230 231 pullAts = append(pullAts, p.AtUri()) 231 232 } 232 232 - submissionsMap, err := GetPullSubmissions(e, FilterIn("pull_at", pullAts)) 233 233 + submissionsMap, err := GetPullSubmissions(e, orm.FilterIn("pull_at", pullAts)) 233 234 if err != nil { 234 235 return nil, fmt.Errorf("failed to get submissions: %w", err) 235 236 } ··· 241 242 } 242 243 243 244 // collect allLabels for each issue 244 244 - allLabels, err := GetLabels(e, FilterIn("subject", pullAts)) 245 245 + allLabels, err := GetLabels(e, orm.FilterIn("subject", pullAts)) 245 246 if err != nil { 246 247 return nil, fmt.Errorf("failed to query labels: %w", err) 247 248 } ··· 258 259 sourceAts = append(sourceAts, *p.PullSource.RepoAt) 259 260 } 260 261 } 261 261 - sourceRepos, err := GetRepos(e, 0, FilterIn("at_uri", sourceAts)) 262 262 + sourceRepos, err := GetRepos(e, 0, orm.FilterIn("at_uri", sourceAts)) 262 263 if err != nil && !errors.Is(err, sql.ErrNoRows) { 263 264 return nil, fmt.Errorf("failed to get source repos: %w", err) 264 265 } ··· 274 275 } 275 276 } 276 277 277 277 - allReferences, err := GetReferencesAll(e, FilterIn("from_at", pullAts)) 278 278 + allReferences, err := GetReferencesAll(e, orm.FilterIn("from_at", pullAts)) 278 279 if err != nil { 279 280 return nil, fmt.Errorf("failed to query reference_links: %w", err) 280 281 } ··· 295 296 return orderedByPullId, nil 296 297 } 297 298 298 298 - func GetPulls(e Execer, filters ...filter) ([]*models.Pull, error) { 299 299 + func GetPulls(e Execer, filters ...orm.Filter) ([]*models.Pull, error) { 299 300 return GetPullsWithLimit(e, 0, filters...) 300 301 } 301 302 302 303 func GetPullIDs(e Execer, opts models.PullSearchOptions) ([]int64, error) { 303 304 var ids []int64 304 305 305 305 - var filters []filter 306 306 - filters = append(filters, FilterEq("state", opts.State)) 306 306 + var filters []orm.Filter 307 307 + filters = append(filters, orm.FilterEq("state", opts.State)) 307 308 if opts.RepoAt != "" { 308 308 - filters = append(filters, FilterEq("repo_at", opts.RepoAt)) 309 309 + filters = append(filters, orm.FilterEq("repo_at", opts.RepoAt)) 309 310 } 310 311 311 312 var conditions []string ··· 361 362 } 362 363 363 364 func GetPull(e Execer, repoAt syntax.ATURI, pullId int) (*models.Pull, error) { 364 364 - pulls, err := GetPullsWithLimit(e, 1, FilterEq("repo_at", repoAt), FilterEq("pull_id", pullId)) 365 365 + pulls, err := GetPullsWithLimit(e, 1, orm.FilterEq("repo_at", repoAt), orm.FilterEq("pull_id", pullId)) 365 366 if err != nil { 366 367 return nil, err 367 368 } ··· 373 374 } 374 375 375 376 // mapping from pull -> pull submissions 376 376 - func GetPullSubmissions(e Execer, filters ...filter) (map[syntax.ATURI][]*models.PullSubmission, error) { 377 377 + func GetPullSubmissions(e Execer, filters ...orm.Filter) (map[syntax.ATURI][]*models.PullSubmission, error) { 377 378 var conditions []string 378 379 var args []any 379 380 for _, filter := range filters { ··· 448 449 449 450 // Get comments for all submissions using GetPullComments 450 451 submissionIds := slices.Collect(maps.Keys(submissionMap)) 451 451 - comments, err := GetPullComments(e, FilterIn("submission_id", submissionIds)) 452 452 + comments, err := GetPullComments(e, orm.FilterIn("submission_id", submissionIds)) 452 453 if err != nil { 453 454 return nil, fmt.Errorf("failed to get pull comments: %w", err) 454 455 } ··· 474 475 return m, nil 475 476 } 476 477 477 477 - func GetPullComments(e Execer, filters ...filter) ([]models.PullComment, error) { 478 478 + func GetPullComments(e Execer, filters ...orm.Filter) ([]models.PullComment, error) { 478 479 var conditions []string 479 480 var args []any 480 481 for _, filter := range filters { ··· 542 543 543 544 // collect references for each comments 544 545 commentAts := slices.Collect(maps.Keys(commentMap)) 545 545 - allReferencs, err := GetReferencesAll(e, FilterIn("from_at", commentAts)) 546 546 + allReferencs, err := GetReferencesAll(e, orm.FilterIn("from_at", commentAts)) 546 547 if err != nil { 547 548 return nil, fmt.Errorf("failed to query reference_links: %w", err) 548 549 } ··· 708 709 return err 709 710 } 710 711 711 711 - func SetPullParentChangeId(e Execer, parentChangeId string, filters ...filter) error { 712 712 + func SetPullParentChangeId(e Execer, parentChangeId string, filters ...orm.Filter) error { 712 713 var conditions []string 713 714 var args []any 714 715 ··· 732 733 733 734 // Only used when stacking to update contents in the event of a rebase (the interdiff should be empty). 734 735 // otherwise submissions are immutable 735 735 - func UpdatePull(e Execer, newPatch, sourceRev string, filters ...filter) error { 736 736 + func UpdatePull(e Execer, newPatch, sourceRev string, filters ...orm.Filter) error { 736 737 var conditions []string 737 738 var args []any 738 739 ··· 790 791 func GetStack(e Execer, stackId string) (models.Stack, error) { 791 792 unorderedPulls, err := GetPulls( 792 793 e, 793 793 - FilterEq("stack_id", stackId), 794 794 - FilterNotEq("state", models.PullDeleted), 794 794 + orm.FilterEq("stack_id", stackId), 795 795 + orm.FilterNotEq("state", models.PullDeleted), 795 796 ) 796 797 if err != nil { 797 798 return nil, err ··· 835 836 func GetAbandonedPulls(e Execer, stackId string) ([]*models.Pull, error) { 836 837 pulls, err := GetPulls( 837 838 e, 838 838 - FilterEq("stack_id", stackId), 839 839 - FilterEq("state", models.PullDeleted), 839 839 + orm.FilterEq("stack_id", stackId), 840 840 + orm.FilterEq("state", models.PullDeleted), 840 841 ) 841 842 if err != nil { 842 843 return nil, err

+3 -2

appview/db/punchcard.go

··· 7 7 "time" 8 8 9 9 "tangled.org/core/appview/models" 10 10 + "tangled.org/core/orm" 10 11 ) 11 12 12 13 // this adds to the existing count ··· 20 21 return err 21 22 } 22 23 23 23 - func MakePunchcard(e Execer, filters ...filter) (*models.Punchcard, error) { 24 24 + func MakePunchcard(e Execer, filters ...orm.Filter) (*models.Punchcard, error) { 24 25 punchcard := &models.Punchcard{} 25 26 now := time.Now() 26 27 startOfYear := time.Date(now.Year(), 1, 1, 0, 0, 0, 0, time.UTC) ··· 77 78 punch.Count = int(count.Int64) 78 79 } 79 80 80 80 - punchcard.Punches[punch.Date.YearDay()] = punch 81 81 + punchcard.Punches[punch.Date.YearDay()-1] = punch 81 82 punchcard.Total += punch.Count 82 83 } 83 84

+4 -3

appview/db/reference.go

··· 8 8 "github.com/bluesky-social/indigo/atproto/syntax" 9 9 "tangled.org/core/api/tangled" 10 10 "tangled.org/core/appview/models" 11 11 + "tangled.org/core/orm" 11 12 ) 12 13 13 14 // ValidateReferenceLinks resolves refLinks to Issue/PR/IssueComment/PullComment ATURIs. ··· 205 206 return err 206 207 } 207 208 208 208 - func GetReferencesAll(e Execer, filters ...filter) (map[syntax.ATURI][]syntax.ATURI, error) { 209 209 + func GetReferencesAll(e Execer, filters ...orm.Filter) (map[syntax.ATURI][]syntax.ATURI, error) { 209 210 var ( 210 211 conditions []string 211 212 args []any ··· 347 348 if len(aturis) == 0 { 348 349 return nil, nil 349 350 } 350 350 - filter := FilterIn("c.at_uri", aturis) 351 351 + filter := orm.FilterIn("c.at_uri", aturis) 351 352 rows, err := e.Query( 352 353 fmt.Sprintf( 353 354 `select r.did, r.name, i.issue_id, c.id, i.title, i.open ··· 427 428 if len(aturis) == 0 { 428 429 return nil, nil 429 430 } 430 430 - filter := FilterIn("c.comment_at", aturis) 431 431 + filter := orm.FilterIn("c.comment_at", aturis) 431 432 rows, err := e.Query( 432 433 fmt.Sprintf( 433 434 `select r.did, r.name, p.pull_id, c.id, p.title, p.state

+5 -3

appview/db/registration.go

··· 7 7 "time" 8 8 9 9 "tangled.org/core/appview/models" 10 10 + "tangled.org/core/orm" 10 11 ) 11 12 12 12 - func GetRegistrations(e Execer, filters ...filter) ([]models.Registration, error) { 13 13 + func GetRegistrations(e Execer, filters ...orm.Filter) ([]models.Registration, error) { 13 14 var registrations []models.Registration 14 15 15 16 var conditions []string ··· 37 38 if err != nil { 38 39 return nil, err 39 40 } 41 41 + defer rows.Close() 40 42 41 43 for rows.Next() { 42 44 var createdAt string ··· 69 71 return registrations, nil 70 72 } 71 73 72 72 - func MarkRegistered(e Execer, filters ...filter) error { 74 74 + func MarkRegistered(e Execer, filters ...orm.Filter) error { 73 75 var conditions []string 74 76 var args []any 75 77 for _, filter := range filters { ··· 94 96 return err 95 97 } 96 98 97 97 - func DeleteKnot(e Execer, filters ...filter) error { 99 99 + func DeleteKnot(e Execer, filters ...orm.Filter) error { 98 100 var conditions []string 99 101 var args []any 100 102 for _, filter := range filters {

+18 -6

appview/db/repos.go

··· 11 11 12 12 "github.com/bluesky-social/indigo/atproto/syntax" 13 13 "tangled.org/core/appview/models" 14 14 + "tangled.org/core/orm" 14 15 ) 15 16 16 16 - func GetRepos(e Execer, limit int, filters ...filter) ([]models.Repo, error) { 17 17 + func GetRepos(e Execer, limit int, filters ...orm.Filter) ([]models.Repo, error) { 17 18 repoMap := make(map[syntax.ATURI]*models.Repo) 18 19 19 20 var conditions []string ··· 55 56 limitClause, 56 57 ) 57 58 rows, err := e.Query(repoQuery, args...) 58 58 - 59 59 if err != nil { 60 60 return nil, fmt.Errorf("failed to execute repo query: %w ", err) 61 61 } 62 62 + defer rows.Close() 62 63 63 64 for rows.Next() { 64 65 var repo models.Repo ··· 127 128 if err != nil { 128 129 return nil, fmt.Errorf("failed to execute labels query: %w ", err) 129 130 } 131 131 + defer rows.Close() 132 132 + 130 133 for rows.Next() { 131 134 var repoat, labelat string 132 135 if err := rows.Scan(&repoat, &labelat); err != nil { ··· 155 158 from repo_languages 156 159 where repo_at in (%s) 157 160 and is_default_ref = 1 161 161 + and language <> '' 158 162 ) 159 163 where rn = 1 160 164 `, ··· 164 168 if err != nil { 165 169 return nil, fmt.Errorf("failed to execute lang query: %w ", err) 166 170 } 171 171 + defer rows.Close() 172 172 + 167 173 for rows.Next() { 168 174 var repoat, lang string 169 175 if err := rows.Scan(&repoat, &lang); err != nil { ··· 190 196 if err != nil { 191 197 return nil, fmt.Errorf("failed to execute star-count query: %w ", err) 192 198 } 199 199 + defer rows.Close() 200 200 + 193 201 for rows.Next() { 194 202 var repoat string 195 203 var count int ··· 219 227 if err != nil { 220 228 return nil, fmt.Errorf("failed to execute issue-count query: %w ", err) 221 229 } 230 230 + defer rows.Close() 231 231 + 222 232 for rows.Next() { 223 233 var repoat string 224 234 var open, closed int ··· 260 270 if err != nil { 261 271 return nil, fmt.Errorf("failed to execute pulls-count query: %w ", err) 262 272 } 273 273 + defer rows.Close() 274 274 + 263 275 for rows.Next() { 264 276 var repoat string 265 277 var open, merged, closed, deleted int ··· 294 306 } 295 307 296 308 // helper to get exactly one repo 297 297 - func GetRepo(e Execer, filters ...filter) (*models.Repo, error) { 309 309 + func GetRepo(e Execer, filters ...orm.Filter) (*models.Repo, error) { 298 310 repos, err := GetRepos(e, 0, filters...) 299 311 if err != nil { 300 312 return nil, err ··· 311 323 return &repos[0], nil 312 324 } 313 325 314 314 - func CountRepos(e Execer, filters ...filter) (int64, error) { 326 326 + func CountRepos(e Execer, filters ...orm.Filter) (int64, error) { 315 327 var conditions []string 316 328 var args []any 317 329 for _, filter := range filters { ··· 542 554 return err 543 555 } 544 556 545 545 - func UnsubscribeLabel(e Execer, filters ...filter) error { 557 557 + func UnsubscribeLabel(e Execer, filters ...orm.Filter) error { 546 558 var conditions []string 547 559 var args []any 548 560 for _, filter := range filters { ··· 560 572 return err 561 573 } 562 574 563 563 - func GetRepoLabels(e Execer, filters ...filter) ([]models.RepoLabel, error) { 575 575 + func GetRepoLabels(e Execer, filters ...orm.Filter) ([]models.RepoLabel, error) { 564 576 var conditions []string 565 577 var args []any 566 578 for _, filter := range filters {

+6 -5

appview/db/spindle.go

··· 7 7 "time" 8 8 9 9 "tangled.org/core/appview/models" 10 10 + "tangled.org/core/orm" 10 11 ) 11 12 12 12 - func GetSpindles(e Execer, filters ...filter) ([]models.Spindle, error) { 13 13 + func GetSpindles(e Execer, filters ...orm.Filter) ([]models.Spindle, error) { 13 14 var spindles []models.Spindle 14 15 15 16 var conditions []string ··· 91 92 return err 92 93 } 93 94 94 94 - func VerifySpindle(e Execer, filters ...filter) (int64, error) { 95 95 + func VerifySpindle(e Execer, filters ...orm.Filter) (int64, error) { 95 96 var conditions []string 96 97 var args []any 97 98 for _, filter := range filters { ··· 114 115 return res.RowsAffected() 115 116 } 116 117 117 117 - func DeleteSpindle(e Execer, filters ...filter) error { 118 118 + func DeleteSpindle(e Execer, filters ...orm.Filter) error { 118 119 var conditions []string 119 120 var args []any 120 121 for _, filter := range filters { ··· 144 145 return err 145 146 } 146 147 147 147 - func RemoveSpindleMember(e Execer, filters ...filter) error { 148 148 + func RemoveSpindleMember(e Execer, filters ...orm.Filter) error { 148 149 var conditions []string 149 150 var args []any 150 151 for _, filter := range filters { ··· 163 164 return err 164 165 } 165 166 166 166 - func GetSpindleMembers(e Execer, filters ...filter) ([]models.SpindleMember, error) { 167 167 + func GetSpindleMembers(e Execer, filters ...orm.Filter) ([]models.SpindleMember, error) { 167 168 var members []models.SpindleMember 168 169 169 170 var conditions []string

+6 -4

appview/db/star.go

··· 11 11 12 12 "github.com/bluesky-social/indigo/atproto/syntax" 13 13 "tangled.org/core/appview/models" 14 14 + "tangled.org/core/orm" 14 15 ) 15 16 16 17 func AddStar(e Execer, star *models.Star) error { ··· 133 134 134 135 // GetRepoStars return a list of stars each holding target repository. 135 136 // If there isn't known repo with starred at-uri, those stars will be ignored. 136 136 - func GetRepoStars(e Execer, limit int, filters ...filter) ([]models.RepoStar, error) { 137 137 + func GetRepoStars(e Execer, limit int, filters ...orm.Filter) ([]models.RepoStar, error) { 137 138 var conditions []string 138 139 var args []any 139 140 for _, filter := range filters { ··· 164 165 if err != nil { 165 166 return nil, err 166 167 } 168 168 + defer rows.Close() 167 169 168 170 starMap := make(map[string][]models.Star) 169 171 for rows.Next() { ··· 195 197 return nil, nil 196 198 } 197 199 198 198 - repos, err := GetRepos(e, 0, FilterIn("at_uri", args)) 200 200 + repos, err := GetRepos(e, 0, orm.FilterIn("at_uri", args)) 199 201 if err != nil { 200 202 return nil, err 201 203 } ··· 225 227 return repoStars, nil 226 228 } 227 229 228 228 - func CountStars(e Execer, filters ...filter) (int64, error) { 230 230 + func CountStars(e Execer, filters ...orm.Filter) (int64, error) { 229 231 var conditions []string 230 232 var args []any 231 233 for _, filter := range filters { ··· 298 300 } 299 301 300 302 // get full repo data 301 301 - repos, err := GetRepos(e, 0, FilterIn("at_uri", repoUris)) 303 303 + repos, err := GetRepos(e, 0, orm.FilterIn("at_uri", repoUris)) 302 304 if err != nil { 303 305 return nil, err 304 306 }

+4 -3

appview/db/strings.go

··· 8 8 "time" 9 9 10 10 "tangled.org/core/appview/models" 11 11 + "tangled.org/core/orm" 11 12 ) 12 13 13 14 func AddString(e Execer, s models.String) error { ··· 44 45 return err 45 46 } 46 47 47 47 - func GetStrings(e Execer, limit int, filters ...filter) ([]models.String, error) { 48 48 + func GetStrings(e Execer, limit int, filters ...orm.Filter) ([]models.String, error) { 48 49 var all []models.String 49 50 50 51 var conditions []string ··· 127 128 return all, nil 128 129 } 129 130 130 130 - func CountStrings(e Execer, filters ...filter) (int64, error) { 131 131 + func CountStrings(e Execer, filters ...orm.Filter) (int64, error) { 131 132 var conditions []string 132 133 var args []any 133 134 for _, filter := range filters { ··· 151 152 return count, nil 152 153 } 153 154 154 154 - func DeleteString(e Execer, filters ...filter) error { 155 155 + func DeleteString(e Execer, filters ...orm.Filter) error { 155 156 var conditions []string 156 157 var args []any 157 158 for _, filter := range filters {

+9 -8

appview/db/timeline.go

··· 5 5 6 6 "github.com/bluesky-social/indigo/atproto/syntax" 7 7 "tangled.org/core/appview/models" 8 8 + "tangled.org/core/orm" 8 9 ) 9 10 10 11 // TODO: this gathers heterogenous events from different sources and aggregates ··· 84 85 } 85 86 86 87 func getTimelineRepos(e Execer, limit int, loggedInUserDid string, userIsFollowing []string) ([]models.TimelineEvent, error) { 87 87 - filters := make([]filter, 0) 88 88 + filters := make([]orm.Filter, 0) 88 89 if userIsFollowing != nil { 89 89 - filters = append(filters, FilterIn("did", userIsFollowing)) 90 90 + filters = append(filters, orm.FilterIn("did", userIsFollowing)) 90 91 } 91 92 92 93 repos, err := GetRepos(e, limit, filters...) ··· 104 105 105 106 var origRepos []models.Repo 106 107 if args != nil { 107 107 - origRepos, err = GetRepos(e, 0, FilterIn("at_uri", args)) 108 108 + origRepos, err = GetRepos(e, 0, orm.FilterIn("at_uri", args)) 108 109 } 109 110 if err != nil { 110 111 return nil, err ··· 144 145 } 145 146 146 147 func getTimelineStars(e Execer, limit int, loggedInUserDid string, userIsFollowing []string) ([]models.TimelineEvent, error) { 147 147 - filters := make([]filter, 0) 148 148 + filters := make([]orm.Filter, 0) 148 149 if userIsFollowing != nil { 149 149 - filters = append(filters, FilterIn("did", userIsFollowing)) 150 150 + filters = append(filters, orm.FilterIn("did", userIsFollowing)) 150 151 } 151 152 152 153 stars, err := GetRepoStars(e, limit, filters...) ··· 180 181 } 181 182 182 183 func getTimelineFollows(e Execer, limit int, loggedInUserDid string, userIsFollowing []string) ([]models.TimelineEvent, error) { 183 183 - filters := make([]filter, 0) 184 184 + filters := make([]orm.Filter, 0) 184 185 if userIsFollowing != nil { 185 185 - filters = append(filters, FilterIn("user_did", userIsFollowing)) 186 186 + filters = append(filters, orm.FilterIn("user_did", userIsFollowing)) 186 187 } 187 188 188 189 follows, err := GetFollows(e, limit, filters...) ··· 199 200 return nil, nil 200 201 } 201 202 202 202 - profiles, err := GetProfiles(e, FilterIn("did", subjects)) 203 203 + profiles, err := GetProfiles(e, orm.FilterIn("did", subjects)) 203 204 if err != nil { 204 205 return nil, err 205 206 }

+25 -24

appview/ingester.go

··· 21 21 "tangled.org/core/appview/serververify" 22 22 "tangled.org/core/appview/validator" 23 23 "tangled.org/core/idresolver" 24 24 + "tangled.org/core/orm" 24 25 "tangled.org/core/rbac" 25 26 ) 26 27 ··· 253 254 254 255 err = db.AddArtifact(i.Db, artifact) 255 256 case jmodels.CommitOperationDelete: 256 256 - err = db.DeleteArtifact(i.Db, db.FilterEq("did", did), db.FilterEq("rkey", e.Commit.RKey)) 257 257 + err = db.DeleteArtifact(i.Db, orm.FilterEq("did", did), orm.FilterEq("rkey", e.Commit.RKey)) 257 258 } 258 259 259 260 if err != nil { ··· 350 351 351 352 err = db.UpsertProfile(tx, &profile) 352 353 case jmodels.CommitOperationDelete: 353 353 - err = db.DeleteArtifact(i.Db, db.FilterEq("did", did), db.FilterEq("rkey", e.Commit.RKey)) 354 354 + err = db.DeleteArtifact(i.Db, orm.FilterEq("did", did), orm.FilterEq("rkey", e.Commit.RKey)) 354 355 } 355 356 356 357 if err != nil { ··· 424 425 // get record from db first 425 426 members, err := db.GetSpindleMembers( 426 427 ddb, 427 427 - db.FilterEq("did", did), 428 428 - db.FilterEq("rkey", rkey), 428 428 + orm.FilterEq("did", did), 429 429 + orm.FilterEq("rkey", rkey), 429 430 ) 430 431 if err != nil || len(members) != 1 { 431 432 return fmt.Errorf("failed to get member: %w, len(members) = %d", err, len(members)) ··· 440 441 // remove record by rkey && update enforcer 441 442 if err = db.RemoveSpindleMember( 442 443 tx, 443 443 - db.FilterEq("did", did), 444 444 - db.FilterEq("rkey", rkey), 444 444 + orm.FilterEq("did", did), 445 445 + orm.FilterEq("rkey", rkey), 445 446 ); err != nil { 446 447 return fmt.Errorf("failed to remove from db: %w", err) 447 448 } ··· 523 524 // get record from db first 524 525 spindles, err := db.GetSpindles( 525 526 ddb, 526 526 - db.FilterEq("owner", did), 527 527 - db.FilterEq("instance", instance), 527 527 + orm.FilterEq("owner", did), 528 528 + orm.FilterEq("instance", instance), 528 529 ) 529 530 if err != nil || len(spindles) != 1 { 530 531 return fmt.Errorf("failed to get spindles: %w, len(spindles) = %d", err, len(spindles)) ··· 543 544 // remove spindle members first 544 545 err = db.RemoveSpindleMember( 545 546 tx, 546 546 - db.FilterEq("owner", did), 547 547 - db.FilterEq("instance", instance), 547 547 + orm.FilterEq("owner", did), 548 548 + orm.FilterEq("instance", instance), 548 549 ) 549 550 if err != nil { 550 551 return err ··· 552 553 553 554 err = db.DeleteSpindle( 554 555 tx, 555 555 - db.FilterEq("owner", did), 556 556 - db.FilterEq("instance", instance), 556 556 + orm.FilterEq("owner", did), 557 557 + orm.FilterEq("instance", instance), 557 558 ) 558 559 if err != nil { 559 560 return err ··· 621 622 case jmodels.CommitOperationDelete: 622 623 if err := db.DeleteString( 623 624 ddb, 624 624 - db.FilterEq("did", did), 625 625 - db.FilterEq("rkey", rkey), 625 625 + orm.FilterEq("did", did), 626 626 + orm.FilterEq("rkey", rkey), 626 627 ); err != nil { 627 628 l.Error("failed to delete", "err", err) 628 629 return fmt.Errorf("failed to delete string record: %w", err) ··· 740 741 // get record from db first 741 742 registrations, err := db.GetRegistrations( 742 743 ddb, 743 743 - db.FilterEq("domain", domain), 744 744 - db.FilterEq("did", did), 744 744 + orm.FilterEq("domain", domain), 745 745 + orm.FilterEq("did", did), 745 746 ) 746 747 if err != nil { 747 748 return fmt.Errorf("failed to get registration: %w", err) ··· 762 763 763 764 err = db.DeleteKnot( 764 765 tx, 765 765 - db.FilterEq("did", did), 766 766 - db.FilterEq("domain", domain), 766 766 + orm.FilterEq("did", did), 767 767 + orm.FilterEq("domain", domain), 767 768 ) 768 769 if err != nil { 769 770 return err ··· 915 916 case jmodels.CommitOperationDelete: 916 917 if err := db.DeleteIssueComments( 917 918 ddb, 918 918 - db.FilterEq("did", did), 919 919 - db.FilterEq("rkey", rkey), 919 919 + orm.FilterEq("did", did), 920 920 + orm.FilterEq("rkey", rkey), 920 921 ); err != nil { 921 922 return fmt.Errorf("failed to delete issue comment record: %w", err) 922 923 } ··· 969 970 case jmodels.CommitOperationDelete: 970 971 if err := db.DeleteLabelDefinition( 971 972 ddb, 972 972 - db.FilterEq("did", did), 973 973 - db.FilterEq("rkey", rkey), 973 973 + orm.FilterEq("did", did), 974 974 + orm.FilterEq("rkey", rkey), 974 975 ); err != nil { 975 976 return fmt.Errorf("failed to delete labeldef record: %w", err) 976 977 } ··· 1010 1011 var repo *models.Repo 1011 1012 switch collection { 1012 1013 case tangled.RepoIssueNSID: 1013 1013 - i, err := db.GetIssues(ddb, db.FilterEq("at_uri", subject)) 1014 1014 + i, err := db.GetIssues(ddb, orm.FilterEq("at_uri", subject)) 1014 1015 if err != nil || len(i) != 1 { 1015 1016 return fmt.Errorf("failed to find subject: %w || subject count %d", err, len(i)) 1016 1017 } ··· 1019 1020 return fmt.Errorf("unsupport label subject: %s", collection) 1020 1021 } 1021 1022 1022 1022 - actx, err := db.NewLabelApplicationCtx(ddb, db.FilterIn("at_uri", repo.Labels)) 1023 1023 + actx, err := db.NewLabelApplicationCtx(ddb, orm.FilterIn("at_uri", repo.Labels)) 1023 1024 if err != nil { 1024 1025 return fmt.Errorf("failed to build label application ctx: %w", err) 1025 1026 }

+78 -77

appview/issues/issues.go

··· 19 19 "tangled.org/core/appview/config" 20 20 "tangled.org/core/appview/db" 21 21 issues_indexer "tangled.org/core/appview/indexer/issues" 22 22 + "tangled.org/core/appview/mentions" 22 23 "tangled.org/core/appview/models" 23 24 "tangled.org/core/appview/notify" 24 25 "tangled.org/core/appview/oauth" 25 26 "tangled.org/core/appview/pages" 26 27 "tangled.org/core/appview/pages/repoinfo" 27 28 "tangled.org/core/appview/pagination" 28 28 - "tangled.org/core/appview/refresolver" 29 29 "tangled.org/core/appview/reporesolver" 30 30 "tangled.org/core/appview/validator" 31 31 "tangled.org/core/idresolver" 32 32 + "tangled.org/core/orm" 32 33 "tangled.org/core/rbac" 33 34 "tangled.org/core/tid" 34 35 ) 35 36 36 37 type Issues struct { 37 37 - oauth *oauth.OAuth 38 38 - repoResolver *reporesolver.RepoResolver 39 39 - enforcer *rbac.Enforcer 40 40 - pages *pages.Pages 41 41 - idResolver *idresolver.Resolver 42 42 - refResolver *refresolver.Resolver 43 43 - db *db.DB 44 44 - config *config.Config 45 45 - notifier notify.Notifier 46 46 - logger *slog.Logger 47 47 - validator *validator.Validator 48 48 - indexer *issues_indexer.Indexer 38 38 + oauth *oauth.OAuth 39 39 + repoResolver *reporesolver.RepoResolver 40 40 + enforcer *rbac.Enforcer 41 41 + pages *pages.Pages 42 42 + idResolver *idresolver.Resolver 43 43 + mentionsResolver *mentions.Resolver 44 44 + db *db.DB 45 45 + config *config.Config 46 46 + notifier notify.Notifier 47 47 + logger *slog.Logger 48 48 + validator *validator.Validator 49 49 + indexer *issues_indexer.Indexer 49 50 } 50 51 51 52 func New( ··· 54 55 enforcer *rbac.Enforcer, 55 56 pages *pages.Pages, 56 57 idResolver *idresolver.Resolver, 57 57 - refResolver *refresolver.Resolver, 58 58 + mentionsResolver *mentions.Resolver, 58 59 db *db.DB, 59 60 config *config.Config, 60 61 notifier notify.Notifier, ··· 63 64 logger *slog.Logger, 64 65 ) *Issues { 65 66 return &Issues{ 66 66 - oauth: oauth, 67 67 - repoResolver: repoResolver, 68 68 - enforcer: enforcer, 69 69 - pages: pages, 70 70 - idResolver: idResolver, 71 71 - refResolver: refResolver, 72 72 - db: db, 73 73 - config: config, 74 74 - notifier: notifier, 75 75 - logger: logger, 76 76 - validator: validator, 77 77 - indexer: indexer, 67 67 + oauth: oauth, 68 68 + repoResolver: repoResolver, 69 69 + enforcer: enforcer, 70 70 + pages: pages, 71 71 + idResolver: idResolver, 72 72 + mentionsResolver: mentionsResolver, 73 73 + db: db, 74 74 + config: config, 75 75 + notifier: notifier, 76 76 + logger: logger, 77 77 + validator: validator, 78 78 + indexer: indexer, 78 79 } 79 80 } 80 81 81 82 func (rp *Issues) RepoSingleIssue(w http.ResponseWriter, r *http.Request) { 82 83 l := rp.logger.With("handler", "RepoSingleIssue") 83 83 - user := rp.oauth.GetUser(r) 84 84 + user := rp.oauth.GetMultiAccountUser(r) 84 85 f, err := rp.repoResolver.Resolve(r) 85 86 if err != nil { 86 87 l.Error("failed to get repo and knot", "err", err) ··· 101 102 102 103 userReactions := map[models.ReactionKind]bool{} 103 104 if user != nil { 104 104 - userReactions = db.GetReactionStatusMap(rp.db, user.Did, issue.AtUri()) 105 105 + userReactions = db.GetReactionStatusMap(rp.db, user.Active.Did, issue.AtUri()) 105 106 } 106 107 107 108 backlinks, err := db.GetBacklinks(rp.db, issue.AtUri()) ··· 113 114 114 115 labelDefs, err := db.GetLabelDefinitions( 115 116 rp.db, 116 116 - db.FilterIn("at_uri", f.Labels), 117 117 - db.FilterContains("scope", tangled.RepoIssueNSID), 117 117 + orm.FilterIn("at_uri", f.Labels), 118 118 + orm.FilterContains("scope", tangled.RepoIssueNSID), 118 119 ) 119 120 if err != nil { 120 121 l.Error("failed to fetch labels", "err", err) ··· 142 143 143 144 func (rp *Issues) EditIssue(w http.ResponseWriter, r *http.Request) { 144 145 l := rp.logger.With("handler", "EditIssue") 145 145 - user := rp.oauth.GetUser(r) 146 146 + user := rp.oauth.GetMultiAccountUser(r) 146 147 147 148 issue, ok := r.Context().Value("issue").(*models.Issue) 148 149 if !ok { ··· 163 164 newIssue := issue 164 165 newIssue.Title = r.FormValue("title") 165 166 newIssue.Body = r.FormValue("body") 166 166 - newIssue.Mentions, newIssue.References = rp.refResolver.Resolve(r.Context(), newIssue.Body) 167 167 + newIssue.Mentions, newIssue.References = rp.mentionsResolver.Resolve(r.Context(), newIssue.Body) 167 168 168 169 if err := rp.validator.ValidateIssue(newIssue); err != nil { 169 170 l.Error("validation error", "err", err) ··· 181 182 return 182 183 } 183 184 184 184 - ex, err := comatproto.RepoGetRecord(r.Context(), client, "", tangled.RepoIssueNSID, user.Did, newIssue.Rkey) 185 185 + ex, err := comatproto.RepoGetRecord(r.Context(), client, "", tangled.RepoIssueNSID, user.Active.Did, newIssue.Rkey) 185 186 if err != nil { 186 187 l.Error("failed to get record", "err", err) 187 188 rp.pages.Notice(w, noticeId, "Failed to edit issue, no record found on PDS.") ··· 190 191 191 192 _, err = comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 192 193 Collection: tangled.RepoIssueNSID, 193 193 - Repo: user.Did, 194 194 + Repo: user.Active.Did, 194 195 Rkey: newIssue.Rkey, 195 196 SwapRecord: ex.Cid, 196 197 Record: &lexutil.LexiconTypeDecoder{ ··· 291 292 292 293 func (rp *Issues) CloseIssue(w http.ResponseWriter, r *http.Request) { 293 294 l := rp.logger.With("handler", "CloseIssue") 294 294 - user := rp.oauth.GetUser(r) 295 295 + user := rp.oauth.GetMultiAccountUser(r) 295 296 f, err := rp.repoResolver.Resolve(r) 296 297 if err != nil { 297 298 l.Error("failed to get repo and knot", "err", err) ··· 305 306 return 306 307 } 307 308 308 308 - roles := repoinfo.RolesInRepo{Roles: rp.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} 309 309 + roles := repoinfo.RolesInRepo{Roles: rp.enforcer.GetPermissionsInRepo(user.Active.Did, f.Knot, f.DidSlashRepo())} 309 310 isRepoOwner := roles.IsOwner() 310 311 isCollaborator := roles.IsCollaborator() 311 311 - isIssueOwner := user.Did == issue.Did 312 312 + isIssueOwner := user.Active.Did == issue.Did 312 313 313 314 // TODO: make this more granular 314 315 if isIssueOwner || isRepoOwner || isCollaborator { 315 316 err = db.CloseIssues( 316 317 rp.db, 317 317 - db.FilterEq("id", issue.Id), 318 318 + orm.FilterEq("id", issue.Id), 318 319 ) 319 320 if err != nil { 320 321 l.Error("failed to close issue", "err", err) ··· 325 326 issue.Open = false 326 327 327 328 // notify about the issue closure 328 328 - rp.notifier.NewIssueState(r.Context(), syntax.DID(user.Did), issue) 329 329 + rp.notifier.NewIssueState(r.Context(), syntax.DID(user.Active.Did), issue) 329 330 330 331 ownerSlashRepo := reporesolver.GetBaseRepoPath(r, f) 331 332 rp.pages.HxLocation(w, fmt.Sprintf("/%s/issues/%d", ownerSlashRepo, issue.IssueId)) ··· 339 340 340 341 func (rp *Issues) ReopenIssue(w http.ResponseWriter, r *http.Request) { 341 342 l := rp.logger.With("handler", "ReopenIssue") 342 342 - user := rp.oauth.GetUser(r) 343 343 + user := rp.oauth.GetMultiAccountUser(r) 343 344 f, err := rp.repoResolver.Resolve(r) 344 345 if err != nil { 345 346 l.Error("failed to get repo and knot", "err", err) ··· 353 354 return 354 355 } 355 356 356 356 - roles := repoinfo.RolesInRepo{Roles: rp.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} 357 357 + roles := repoinfo.RolesInRepo{Roles: rp.enforcer.GetPermissionsInRepo(user.Active.Did, f.Knot, f.DidSlashRepo())} 357 358 isRepoOwner := roles.IsOwner() 358 359 isCollaborator := roles.IsCollaborator() 359 359 - isIssueOwner := user.Did == issue.Did 360 360 + isIssueOwner := user.Active.Did == issue.Did 360 361 361 362 if isCollaborator || isRepoOwner || isIssueOwner { 362 363 err := db.ReopenIssues( 363 364 rp.db, 364 364 - db.FilterEq("id", issue.Id), 365 365 + orm.FilterEq("id", issue.Id), 365 366 ) 366 367 if err != nil { 367 368 l.Error("failed to reopen issue", "err", err) ··· 372 373 issue.Open = true 373 374 374 375 // notify about the issue reopen 375 375 - rp.notifier.NewIssueState(r.Context(), syntax.DID(user.Did), issue) 376 376 + rp.notifier.NewIssueState(r.Context(), syntax.DID(user.Active.Did), issue) 376 377 377 378 ownerSlashRepo := reporesolver.GetBaseRepoPath(r, f) 378 379 rp.pages.HxLocation(w, fmt.Sprintf("/%s/issues/%d", ownerSlashRepo, issue.IssueId)) ··· 386 387 387 388 func (rp *Issues) NewIssueComment(w http.ResponseWriter, r *http.Request) { 388 389 l := rp.logger.With("handler", "NewIssueComment") 389 389 - user := rp.oauth.GetUser(r) 390 390 + user := rp.oauth.GetMultiAccountUser(r) 390 391 f, err := rp.repoResolver.Resolve(r) 391 392 if err != nil { 392 393 l.Error("failed to get repo and knot", "err", err) ··· 412 413 replyTo = &replyToUri 413 414 } 414 415 415 415 - mentions, references := rp.refResolver.Resolve(r.Context(), body) 416 416 + mentions, references := rp.mentionsResolver.Resolve(r.Context(), body) 416 417 417 418 comment := models.IssueComment{ 418 418 - Did: user.Did, 419 419 + Did: user.Active.Did, 419 420 Rkey: tid.TID(), 420 421 IssueAt: issue.AtUri().String(), 421 422 ReplyTo: replyTo, ··· 494 495 495 496 func (rp *Issues) IssueComment(w http.ResponseWriter, r *http.Request) { 496 497 l := rp.logger.With("handler", "IssueComment") 497 497 - user := rp.oauth.GetUser(r) 498 498 + user := rp.oauth.GetMultiAccountUser(r) 498 499 499 500 issue, ok := r.Context().Value("issue").(*models.Issue) 500 501 if !ok { ··· 506 507 commentId := chi.URLParam(r, "commentId") 507 508 comments, err := db.GetIssueComments( 508 509 rp.db, 509 509 - db.FilterEq("id", commentId), 510 510 + orm.FilterEq("id", commentId), 510 511 ) 511 512 if err != nil { 512 513 l.Error("failed to fetch comment", "id", commentId) ··· 530 531 531 532 func (rp *Issues) EditIssueComment(w http.ResponseWriter, r *http.Request) { 532 533 l := rp.logger.With("handler", "EditIssueComment") 533 533 - user := rp.oauth.GetUser(r) 534 534 + user := rp.oauth.GetMultiAccountUser(r) 534 535 535 536 issue, ok := r.Context().Value("issue").(*models.Issue) 536 537 if !ok { ··· 542 543 commentId := chi.URLParam(r, "commentId") 543 544 comments, err := db.GetIssueComments( 544 545 rp.db, 545 545 - db.FilterEq("id", commentId), 546 546 + orm.FilterEq("id", commentId), 546 547 ) 547 548 if err != nil { 548 549 l.Error("failed to fetch comment", "id", commentId) ··· 556 557 } 557 558 comment := comments[0] 558 559 559 559 - if comment.Did != user.Did { 560 560 - l.Error("unauthorized comment edit", "expectedDid", comment.Did, "gotDid", user.Did) 560 560 + if comment.Did != user.Active.Did { 561 561 + l.Error("unauthorized comment edit", "expectedDid", comment.Did, "gotDid", user.Active.Did) 561 562 http.Error(w, "you are not the author of this comment", http.StatusUnauthorized) 562 563 return 563 564 } ··· 584 585 newComment := comment 585 586 newComment.Body = newBody 586 587 newComment.Edited = &now 587 587 - newComment.Mentions, newComment.References = rp.refResolver.Resolve(r.Context(), newBody) 588 588 + newComment.Mentions, newComment.References = rp.mentionsResolver.Resolve(r.Context(), newBody) 588 589 589 590 record := newComment.AsRecord() 590 591 ··· 607 608 // rkey is optional, it was introduced later 608 609 if newComment.Rkey != "" { 609 610 // update the record on pds 610 610 - ex, err := comatproto.RepoGetRecord(r.Context(), client, "", tangled.RepoIssueCommentNSID, user.Did, comment.Rkey) 611 611 + ex, err := comatproto.RepoGetRecord(r.Context(), client, "", tangled.RepoIssueCommentNSID, user.Active.Did, comment.Rkey) 611 612 if err != nil { 612 613 l.Error("failed to get record", "err", err, "did", newComment.Did, "rkey", newComment.Rkey) 613 614 rp.pages.Notice(w, fmt.Sprintf("comment-%s-status", commentId), "Failed to update description, no record found on PDS.") ··· 616 617 617 618 _, err = comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 618 619 Collection: tangled.RepoIssueCommentNSID, 619 619 - Repo: user.Did, 620 620 + Repo: user.Active.Did, 620 621 Rkey: newComment.Rkey, 621 622 SwapRecord: ex.Cid, 622 623 Record: &lexutil.LexiconTypeDecoder{ ··· 640 641 641 642 func (rp *Issues) ReplyIssueCommentPlaceholder(w http.ResponseWriter, r *http.Request) { 642 643 l := rp.logger.With("handler", "ReplyIssueCommentPlaceholder") 643 643 - user := rp.oauth.GetUser(r) 644 644 + user := rp.oauth.GetMultiAccountUser(r) 644 645 645 646 issue, ok := r.Context().Value("issue").(*models.Issue) 646 647 if !ok { ··· 652 653 commentId := chi.URLParam(r, "commentId") 653 654 comments, err := db.GetIssueComments( 654 655 rp.db, 655 655 - db.FilterEq("id", commentId), 656 656 + orm.FilterEq("id", commentId), 656 657 ) 657 658 if err != nil { 658 659 l.Error("failed to fetch comment", "id", commentId) ··· 676 677 677 678 func (rp *Issues) ReplyIssueComment(w http.ResponseWriter, r *http.Request) { 678 679 l := rp.logger.With("handler", "ReplyIssueComment") 679 679 - user := rp.oauth.GetUser(r) 680 680 + user := rp.oauth.GetMultiAccountUser(r) 680 681 681 682 issue, ok := r.Context().Value("issue").(*models.Issue) 682 683 if !ok { ··· 688 689 commentId := chi.URLParam(r, "commentId") 689 690 comments, err := db.GetIssueComments( 690 691 rp.db, 691 691 - db.FilterEq("id", commentId), 692 692 + orm.FilterEq("id", commentId), 692 693 ) 693 694 if err != nil { 694 695 l.Error("failed to fetch comment", "id", commentId) ··· 712 713 713 714 func (rp *Issues) DeleteIssueComment(w http.ResponseWriter, r *http.Request) { 714 715 l := rp.logger.With("handler", "DeleteIssueComment") 715 715 - user := rp.oauth.GetUser(r) 716 716 + user := rp.oauth.GetMultiAccountUser(r) 716 717 717 718 issue, ok := r.Context().Value("issue").(*models.Issue) 718 719 if !ok { ··· 724 725 commentId := chi.URLParam(r, "commentId") 725 726 comments, err := db.GetIssueComments( 726 727 rp.db, 727 727 - db.FilterEq("id", commentId), 728 728 + orm.FilterEq("id", commentId), 728 729 ) 729 730 if err != nil { 730 731 l.Error("failed to fetch comment", "id", commentId) ··· 738 739 } 739 740 comment := comments[0] 740 741 741 741 - if comment.Did != user.Did { 742 742 - l.Error("unauthorized action", "expectedDid", comment.Did, "gotDid", user.Did) 742 742 + if comment.Did != user.Active.Did { 743 743 + l.Error("unauthorized action", "expectedDid", comment.Did, "gotDid", user.Active.Did) 743 744 http.Error(w, "you are not the author of this comment", http.StatusUnauthorized) 744 745 return 745 746 } ··· 751 752 752 753 // optimistic deletion 753 754 deleted := time.Now() 754 754 - err = db.DeleteIssueComments(rp.db, db.FilterEq("id", comment.Id)) 755 755 + err = db.DeleteIssueComments(rp.db, orm.FilterEq("id", comment.Id)) 755 756 if err != nil { 756 757 l.Error("failed to delete comment", "err", err) 757 758 rp.pages.Notice(w, fmt.Sprintf("comment-%s-status", commentId), "failed to delete comment") ··· 768 769 } 769 770 _, err = comatproto.RepoDeleteRecord(r.Context(), client, &comatproto.RepoDeleteRecord_Input{ 770 771 Collection: tangled.RepoIssueCommentNSID, 771 771 - Repo: user.Did, 772 772 + Repo: user.Active.Did, 772 773 Rkey: comment.Rkey, 773 774 }) 774 775 if err != nil { ··· 806 807 807 808 page := pagination.FromContext(r.Context()) 808 809 809 809 - user := rp.oauth.GetUser(r) 810 810 + user := rp.oauth.GetMultiAccountUser(r) 810 811 f, err := rp.repoResolver.Resolve(r) 811 812 if err != nil { 812 813 l.Error("failed to get repo and knot", "err", err) ··· 840 841 841 842 issues, err = db.GetIssues( 842 843 rp.db, 843 843 - db.FilterIn("id", res.Hits), 844 844 + orm.FilterIn("id", res.Hits), 844 845 ) 845 846 if err != nil { 846 847 l.Error("failed to get issues", "err", err) ··· 856 857 issues, err = db.GetIssuesPaginated( 857 858 rp.db, 858 859 page, 859 859 - db.FilterEq("repo_at", f.RepoAt()), 860 860 - db.FilterEq("open", openInt), 860 860 + orm.FilterEq("repo_at", f.RepoAt()), 861 861 + orm.FilterEq("open", openInt), 861 862 ) 862 863 if err != nil { 863 864 l.Error("failed to get issues", "err", err) ··· 868 869 869 870 labelDefs, err := db.GetLabelDefinitions( 870 871 rp.db, 871 871 - db.FilterIn("at_uri", f.Labels), 872 872 - db.FilterContains("scope", tangled.RepoIssueNSID), 872 872 + orm.FilterIn("at_uri", f.Labels), 873 873 + orm.FilterContains("scope", tangled.RepoIssueNSID), 873 874 ) 874 875 if err != nil { 875 876 l.Error("failed to fetch labels", "err", err) ··· 883 884 } 884 885 885 886 rp.pages.RepoIssues(w, pages.RepoIssuesParams{ 886 886 - LoggedInUser: rp.oauth.GetUser(r), 887 887 + LoggedInUser: rp.oauth.GetMultiAccountUser(r), 887 888 RepoInfo: rp.repoResolver.GetRepoInfo(r, user), 888 889 Issues: issues, 889 890 IssueCount: totalIssues, ··· 896 897 897 898 func (rp *Issues) NewIssue(w http.ResponseWriter, r *http.Request) { 898 899 l := rp.logger.With("handler", "NewIssue") 899 899 - user := rp.oauth.GetUser(r) 900 900 + user := rp.oauth.GetMultiAccountUser(r) 900 901 901 902 f, err := rp.repoResolver.Resolve(r) 902 903 if err != nil { ··· 912 913 }) 913 914 case http.MethodPost: 914 915 body := r.FormValue("body") 915 915 - mentions, references := rp.refResolver.Resolve(r.Context(), body) 916 916 + mentions, references := rp.mentionsResolver.Resolve(r.Context(), body) 916 917 917 918 issue := &models.Issue{ 918 919 RepoAt: f.RepoAt(), ··· 920 921 Title: r.FormValue("title"), 921 922 Body: body, 922 923 Open: true, 923 923 - Did: user.Did, 924 924 + Did: user.Active.Did, 924 925 Created: time.Now(), 925 926 Mentions: mentions, 926 927 References: references, ··· 944 945 } 945 946 resp, err := comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 946 947 Collection: tangled.RepoIssueNSID, 947 947 - Repo: user.Did, 948 948 + Repo: user.Active.Did, 948 949 Rkey: issue.Rkey, 949 950 Record: &lexutil.LexiconTypeDecoder{ 950 951 Val: &record,

+42 -46

appview/knots/knots.go

··· 21 21 "tangled.org/core/appview/xrpcclient" 22 22 "tangled.org/core/eventconsumer" 23 23 "tangled.org/core/idresolver" 24 24 + "tangled.org/core/orm" 24 25 "tangled.org/core/rbac" 25 26 "tangled.org/core/tid" 26 27 ··· 69 70 } 70 71 71 72 func (k *Knots) knots(w http.ResponseWriter, r *http.Request) { 72 72 - user := k.OAuth.GetUser(r) 73 73 + user := k.OAuth.GetMultiAccountUser(r) 73 74 registrations, err := db.GetRegistrations( 74 75 k.Db, 75 75 - db.FilterEq("did", user.Did), 76 76 + orm.FilterEq("did", user.Active.Did), 76 77 ) 77 78 if err != nil { 78 79 k.Logger.Error("failed to fetch knot registrations", "err", err) ··· 91 92 func (k *Knots) dashboard(w http.ResponseWriter, r *http.Request) { 92 93 l := k.Logger.With("handler", "dashboard") 93 94 94 94 - user := k.OAuth.GetUser(r) 95 95 - l = l.With("user", user.Did) 95 95 + user := k.OAuth.GetMultiAccountUser(r) 96 96 + l = l.With("user", user.Active.Did) 96 97 97 98 domain := chi.URLParam(r, "domain") 98 99 if domain == "" { ··· 102 103 103 104 registrations, err := db.GetRegistrations( 104 105 k.Db, 105 105 - db.FilterEq("did", user.Did), 106 106 - db.FilterEq("domain", domain), 106 106 + orm.FilterEq("did", user.Active.Did), 107 107 + orm.FilterEq("domain", domain), 107 108 ) 108 109 if err != nil { 109 110 l.Error("failed to get registrations", "err", err) ··· 127 128 repos, err := db.GetRepos( 128 129 k.Db, 129 130 0, 130 130 - db.FilterEq("knot", domain), 131 131 + orm.FilterEq("knot", domain), 131 132 ) 132 133 if err != nil { 133 134 l.Error("failed to get knot repos", "err", err) ··· 153 154 } 154 155 155 156 func (k *Knots) register(w http.ResponseWriter, r *http.Request) { 156 156 - user := k.OAuth.GetUser(r) 157 157 + user := k.OAuth.GetMultiAccountUser(r) 157 158 l := k.Logger.With("handler", "register") 158 159 159 160 noticeId := "register-error" ··· 174 175 return 175 176 } 176 177 l = l.With("domain", domain) 177 177 - l = l.With("user", user.Did) 178 178 + l = l.With("user", user.Active.Did) 178 179 179 180 tx, err := k.Db.Begin() 180 181 if err != nil { ··· 187 188 k.Enforcer.E.LoadPolicy() 188 189 }() 189 190 190 190 - err = db.AddKnot(tx, domain, user.Did) 191 191 + err = db.AddKnot(tx, domain, user.Active.Did) 191 192 if err != nil { 192 193 l.Error("failed to insert", "err", err) 193 194 fail() ··· 209 210 return 210 211 } 211 212 212 212 - ex, _ := comatproto.RepoGetRecord(r.Context(), client, "", tangled.KnotNSID, user.Did, domain) 213 213 + ex, _ := comatproto.RepoGetRecord(r.Context(), client, "", tangled.KnotNSID, user.Active.Did, domain) 213 214 var exCid *string 214 215 if ex != nil { 215 216 exCid = ex.Cid ··· 218 219 // re-announce by registering under same rkey 219 220 _, err = comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 220 221 Collection: tangled.KnotNSID, 221 221 - Repo: user.Did, 222 222 + Repo: user.Active.Did, 222 223 Rkey: domain, 223 224 Record: &lexutil.LexiconTypeDecoder{ 224 225 Val: &tangled.Knot{ ··· 249 250 } 250 251 251 252 // begin verification 252 252 - err = serververify.RunVerification(r.Context(), domain, user.Did, k.Config.Core.Dev) 253 253 + err = serververify.RunVerification(r.Context(), domain, user.Active.Did, k.Config.Core.Dev) 253 254 if err != nil { 254 255 l.Error("verification failed", "err", err) 255 256 k.Pages.HxRefresh(w) 256 257 return 257 258 } 258 259 259 259 - err = serververify.MarkKnotVerified(k.Db, k.Enforcer, domain, user.Did) 260 260 + err = serververify.MarkKnotVerified(k.Db, k.Enforcer, domain, user.Active.Did) 260 261 if err != nil { 261 262 l.Error("failed to mark verified", "err", err) 262 263 k.Pages.HxRefresh(w) ··· 274 275 } 275 276 276 277 func (k *Knots) delete(w http.ResponseWriter, r *http.Request) { 277 277 - user := k.OAuth.GetUser(r) 278 278 + user := k.OAuth.GetMultiAccountUser(r) 278 279 l := k.Logger.With("handler", "delete") 279 280 280 281 noticeId := "operation-error" ··· 293 294 // get record from db first 294 295 registrations, err := db.GetRegistrations( 295 296 k.Db, 296 296 - db.FilterEq("did", user.Did), 297 297 - db.FilterEq("domain", domain), 297 297 + orm.FilterEq("did", user.Active.Did), 298 298 + orm.FilterEq("domain", domain), 298 299 ) 299 300 if err != nil { 300 301 l.Error("failed to get registration", "err", err) ··· 321 322 322 323 err = db.DeleteKnot( 323 324 tx, 324 324 - db.FilterEq("did", user.Did), 325 325 - db.FilterEq("domain", domain), 325 325 + orm.FilterEq("did", user.Active.Did), 326 326 + orm.FilterEq("domain", domain), 326 327 ) 327 328 if err != nil { 328 329 l.Error("failed to delete registration", "err", err) ··· 349 350 350 351 _, err = comatproto.RepoDeleteRecord(r.Context(), client, &comatproto.RepoDeleteRecord_Input{ 351 352 Collection: tangled.KnotNSID, 352 352 - Repo: user.Did, 353 353 + Repo: user.Active.Did, 353 354 Rkey: domain, 354 355 }) 355 356 if err != nil { ··· 381 382 } 382 383 383 384 func (k *Knots) retry(w http.ResponseWriter, r *http.Request) { 384 384 - user := k.OAuth.GetUser(r) 385 385 + user := k.OAuth.GetMultiAccountUser(r) 385 386 l := k.Logger.With("handler", "retry") 386 387 387 388 noticeId := "operation-error" ··· 397 398 return 398 399 } 399 400 l = l.With("domain", domain) 400 400 - l = l.With("user", user.Did) 401 401 + l = l.With("user", user.Active.Did) 401 402 402 403 // get record from db first 403 404 registrations, err := db.GetRegistrations( 404 405 k.Db, 405 405 - db.FilterEq("did", user.Did), 406 406 - db.FilterEq("domain", domain), 406 406 + orm.FilterEq("did", user.Active.Did), 407 407 + orm.FilterEq("domain", domain), 407 408 ) 408 409 if err != nil { 409 410 l.Error("failed to get registration", "err", err) ··· 418 419 registration := registrations[0] 419 420 420 421 // begin verification 421 421 - err = serververify.RunVerification(r.Context(), domain, user.Did, k.Config.Core.Dev) 422 422 + err = serververify.RunVerification(r.Context(), domain, user.Active.Did, k.Config.Core.Dev) 422 423 if err != nil { 423 424 l.Error("verification failed", "err", err) 424 425 ··· 436 437 return 437 438 } 438 439 439 439 - err = serververify.MarkKnotVerified(k.Db, k.Enforcer, domain, user.Did) 440 440 + err = serververify.MarkKnotVerified(k.Db, k.Enforcer, domain, user.Active.Did) 440 441 if err != nil { 441 442 l.Error("failed to mark verified", "err", err) 442 443 k.Pages.Notice(w, noticeId, err.Error()) ··· 455 456 return 456 457 } 457 458 458 458 - ex, _ := comatproto.RepoGetRecord(r.Context(), client, "", tangled.KnotNSID, user.Did, domain) 459 459 + ex, _ := comatproto.RepoGetRecord(r.Context(), client, "", tangled.KnotNSID, user.Active.Did, domain) 459 460 var exCid *string 460 461 if ex != nil { 461 462 exCid = ex.Cid ··· 464 465 // ignore the error here 465 466 _, err = comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 466 467 Collection: tangled.KnotNSID, 467 467 - Repo: user.Did, 468 468 + Repo: user.Active.Did, 468 469 Rkey: domain, 469 470 Record: &lexutil.LexiconTypeDecoder{ 470 471 Val: &tangled.Knot{ ··· 493 494 // Get updated registration to show 494 495 registrations, err = db.GetRegistrations( 495 496 k.Db, 496 496 - db.FilterEq("did", user.Did), 497 497 - db.FilterEq("domain", domain), 497 497 + orm.FilterEq("did", user.Active.Did), 498 498 + orm.FilterEq("domain", domain), 498 499 ) 499 500 if err != nil { 500 501 l.Error("failed to get registration", "err", err) ··· 515 516 } 516 517 517 518 func (k *Knots) addMember(w http.ResponseWriter, r *http.Request) { 518 518 - user := k.OAuth.GetUser(r) 519 519 + user := k.OAuth.GetMultiAccountUser(r) 519 520 l := k.Logger.With("handler", "addMember") 520 521 521 522 domain := chi.URLParam(r, "domain") ··· 525 526 return 526 527 } 527 528 l = l.With("domain", domain) 528 528 - l = l.With("user", user.Did) 529 529 + l = l.With("user", user.Active.Did) 529 530 530 531 registrations, err := db.GetRegistrations( 531 532 k.Db, 532 532 - db.FilterEq("did", user.Did), 533 533 - db.FilterEq("domain", domain), 534 534 - db.FilterIsNot("registered", "null"), 533 533 + orm.FilterEq("did", user.Active.Did), 534 534 + orm.FilterEq("domain", domain), 535 535 + orm.FilterIsNot("registered", "null"), 535 536 ) 536 537 if err != nil { 537 538 l.Error("failed to get registration", "err", err) ··· 582 583 583 584 _, err = comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 584 585 Collection: tangled.KnotMemberNSID, 585 585 - Repo: user.Did, 586 586 + Repo: user.Active.Did, 586 587 Rkey: rkey, 587 588 Record: &lexutil.LexiconTypeDecoder{ 588 589 Val: &tangled.KnotMember{ ··· 617 618 } 618 619 619 620 func (k *Knots) removeMember(w http.ResponseWriter, r *http.Request) { 620 620 - user := k.OAuth.GetUser(r) 621 621 + user := k.OAuth.GetMultiAccountUser(r) 621 622 l := k.Logger.With("handler", "removeMember") 622 623 623 624 noticeId := "operation-error" ··· 633 634 return 634 635 } 635 636 l = l.With("domain", domain) 636 636 - l = l.With("user", user.Did) 637 637 + l = l.With("user", user.Active.Did) 637 638 638 639 registrations, err := db.GetRegistrations( 639 640 k.Db, 640 640 - db.FilterEq("did", user.Did), 641 641 - db.FilterEq("domain", domain), 642 642 - db.FilterIsNot("registered", "null"), 641 641 + orm.FilterEq("did", user.Active.Did), 642 642 + orm.FilterEq("domain", domain), 643 643 + orm.FilterIsNot("registered", "null"), 643 644 ) 644 645 if err != nil { 645 646 l.Error("failed to get registration", "err", err) ··· 662 663 memberId, err := k.IdResolver.ResolveIdent(r.Context(), member) 663 664 if err != nil { 664 665 l.Error("failed to resolve member identity to handle", "err", err) 665 665 - k.Pages.Notice(w, noticeId, "Failed to remove member, identity resolution failed.") 666 666 - return 667 667 - } 668 668 - if memberId.Handle.IsInvalidHandle() { 669 669 - l.Error("failed to resolve member identity to handle") 670 666 k.Pages.Notice(w, noticeId, "Failed to remove member, identity resolution failed.") 671 667 return 672 668 }

+7 -6

appview/labels/labels.go

··· 16 16 "tangled.org/core/appview/oauth" 17 17 "tangled.org/core/appview/pages" 18 18 "tangled.org/core/appview/validator" 19 19 + "tangled.org/core/orm" 19 20 "tangled.org/core/rbac" 20 21 "tangled.org/core/tid" 21 22 ··· 67 68 // - this handler should calculate the diff in order to create the labelop record 68 69 // - we need the diff in order to maintain a "history" of operations performed by users 69 70 func (l *Labels) PerformLabelOp(w http.ResponseWriter, r *http.Request) { 70 70 - user := l.oauth.GetUser(r) 71 71 + user := l.oauth.GetMultiAccountUser(r) 71 72 72 73 noticeId := "add-label-error" 73 74 ··· 81 82 return 82 83 } 83 84 84 84 - did := user.Did 85 85 + did := user.Active.Did 85 86 rkey := tid.TID() 86 87 performedAt := time.Now() 87 88 indexedAt := time.Now() 88 89 repoAt := r.Form.Get("repo") 89 90 subjectUri := r.Form.Get("subject") 90 91 91 91 - repo, err := db.GetRepo(l.db, db.FilterEq("at_uri", repoAt)) 92 92 + repo, err := db.GetRepo(l.db, orm.FilterEq("at_uri", repoAt)) 92 93 if err != nil { 93 94 fail("Failed to get repository.", err) 94 95 return 95 96 } 96 97 97 98 // find all the labels that this repo subscribes to 98 98 - repoLabels, err := db.GetRepoLabels(l.db, db.FilterEq("repo_at", repoAt)) 99 99 + repoLabels, err := db.GetRepoLabels(l.db, orm.FilterEq("repo_at", repoAt)) 99 100 if err != nil { 100 101 fail("Failed to get labels for this repository.", err) 101 102 return ··· 106 107 labelAts = append(labelAts, rl.LabelAt.String()) 107 108 } 108 109 109 109 - actx, err := db.NewLabelApplicationCtx(l.db, db.FilterIn("at_uri", labelAts)) 110 110 + actx, err := db.NewLabelApplicationCtx(l.db, orm.FilterIn("at_uri", labelAts)) 110 111 if err != nil { 111 112 fail("Invalid form data.", err) 112 113 return 113 114 } 114 115 115 116 // calculate the start state by applying already known labels 116 116 - existingOps, err := db.GetLabelOps(l.db, db.FilterEq("subject", subjectUri)) 117 117 + existingOps, err := db.GetLabelOps(l.db, orm.FilterEq("subject", subjectUri)) 117 118 if err != nil { 118 119 fail("Invalid form data.", err) 119 120 return

+67

appview/mentions/resolver.go

··· 1 1 + package mentions 2 2 + 3 3 + import ( 4 4 + "context" 5 5 + "log/slog" 6 6 + 7 7 + "github.com/bluesky-social/indigo/atproto/syntax" 8 8 + "tangled.org/core/appview/config" 9 9 + "tangled.org/core/appview/db" 10 10 + "tangled.org/core/appview/models" 11 11 + "tangled.org/core/appview/pages/markup" 12 12 + "tangled.org/core/idresolver" 13 13 + ) 14 14 + 15 15 + type Resolver struct { 16 16 + config *config.Config 17 17 + idResolver *idresolver.Resolver 18 18 + execer db.Execer 19 19 + logger *slog.Logger 20 20 + } 21 21 + 22 22 + func New( 23 23 + config *config.Config, 24 24 + idResolver *idresolver.Resolver, 25 25 + execer db.Execer, 26 26 + logger *slog.Logger, 27 27 + ) *Resolver { 28 28 + return &Resolver{ 29 29 + config, 30 30 + idResolver, 31 31 + execer, 32 32 + logger, 33 33 + } 34 34 + } 35 35 + 36 36 + func (r *Resolver) Resolve(ctx context.Context, source string) ([]syntax.DID, []syntax.ATURI) { 37 37 + l := r.logger.With("method", "Resolve") 38 38 + 39 39 + rawMentions, rawRefs := markup.FindReferences(r.config.Core.AppviewHost, source) 40 40 + l.Debug("found possible references", "mentions", rawMentions, "refs", rawRefs) 41 41 + 42 42 + idents := r.idResolver.ResolveIdents(ctx, rawMentions) 43 43 + var mentions []syntax.DID 44 44 + for _, ident := range idents { 45 45 + if ident != nil && !ident.Handle.IsInvalidHandle() { 46 46 + mentions = append(mentions, ident.DID) 47 47 + } 48 48 + } 49 49 + l.Debug("found mentions", "mentions", mentions) 50 50 + 51 51 + var resolvedRefs []models.ReferenceLink 52 52 + for _, rawRef := range rawRefs { 53 53 + ident, err := r.idResolver.ResolveIdent(ctx, rawRef.Handle) 54 54 + if err != nil || ident == nil || ident.Handle.IsInvalidHandle() { 55 55 + continue 56 56 + } 57 57 + rawRef.Handle = string(ident.DID) 58 58 + resolvedRefs = append(resolvedRefs, rawRef) 59 59 + } 60 60 + aturiRefs, err := db.ValidateReferenceLinks(r.execer, resolvedRefs) 61 61 + if err != nil { 62 62 + l.Error("failed running query", "err", err) 63 63 + } 64 64 + l.Debug("found references", "refs", aturiRefs) 65 65 + 66 66 + return mentions, aturiRefs 67 67 + }

+13 -10

appview/middleware/middleware.go

··· 18 18 "tangled.org/core/appview/pagination" 19 19 "tangled.org/core/appview/reporesolver" 20 20 "tangled.org/core/idresolver" 21 21 + "tangled.org/core/orm" 21 22 "tangled.org/core/rbac" 22 23 ) 23 24 ··· 114 115 return func(next http.Handler) http.Handler { 115 116 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 116 117 // requires auth also 117 117 - actor := mw.oauth.GetUser(r) 118 118 + actor := mw.oauth.GetMultiAccountUser(r) 118 119 if actor == nil { 119 120 // we need a logged in user 120 121 log.Printf("not logged in, redirecting") ··· 127 128 return 128 129 } 129 130 130 130 - ok, err := mw.enforcer.E.HasGroupingPolicy(actor.Did, group, domain) 131 131 + ok, err := mw.enforcer.E.HasGroupingPolicy(actor.Active.Did, group, domain) 131 132 if err != nil || !ok { 132 132 - // we need a logged in user 133 133 - log.Printf("%s does not have perms of a %s in domain %s", actor.Did, group, domain) 133 133 + log.Printf("%s does not have perms of a %s in domain %s", actor.Active.Did, group, domain) 134 134 http.Error(w, "Forbiden", http.StatusUnauthorized) 135 135 return 136 136 } ··· 148 148 return func(next http.Handler) http.Handler { 149 149 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 150 150 // requires auth also 151 151 - actor := mw.oauth.GetUser(r) 151 151 + actor := mw.oauth.GetMultiAccountUser(r) 152 152 if actor == nil { 153 153 // we need a logged in user 154 154 log.Printf("not logged in, redirecting") ··· 161 161 return 162 162 } 163 163 164 164 - ok, err := mw.enforcer.E.Enforce(actor.Did, f.Knot, f.DidSlashRepo(), requiredPerm) 164 164 + ok, err := mw.enforcer.E.Enforce(actor.Active.Did, f.Knot, f.DidSlashRepo(), requiredPerm) 165 165 if err != nil || !ok { 166 166 - // we need a logged in user 167 167 - log.Printf("%s does not have perms of a %s in repo %s", actor.Did, requiredPerm, f.DidSlashRepo()) 166 166 + log.Printf("%s does not have perms of a %s in repo %s", actor.Active.Did, requiredPerm, f.DidSlashRepo()) 168 167 http.Error(w, "Forbiden", http.StatusUnauthorized) 169 168 return 170 169 } ··· 217 216 218 217 repo, err := db.GetRepo( 219 218 mw.db, 220 220 - db.FilterEq("did", id.DID.String()), 221 221 - db.FilterEq("name", repoName), 219 219 + orm.FilterEq("did", id.DID.String()), 220 220 + orm.FilterEq("name", repoName), 222 221 ) 223 222 if err != nil { 224 223 log.Println("failed to resolve repo", "err", err) 224 224 + w.WriteHeader(http.StatusNotFound) 225 225 mw.pages.ErrorKnot404(w) 226 226 return 227 227 } ··· 239 239 f, err := mw.repoResolver.Resolve(r) 240 240 if err != nil { 241 241 log.Println("failed to fully resolve repo", err) 242 242 + w.WriteHeader(http.StatusNotFound) 242 243 mw.pages.ErrorKnot404(w) 243 244 return 244 245 } ··· 287 288 f, err := mw.repoResolver.Resolve(r) 288 289 if err != nil { 289 290 log.Println("failed to fully resolve repo", err) 291 291 + w.WriteHeader(http.StatusNotFound) 290 292 mw.pages.ErrorKnot404(w) 291 293 return 292 294 } ··· 323 325 f, err := mw.repoResolver.Resolve(r) 324 326 if err != nil { 325 327 log.Println("failed to fully resolve repo", err) 328 328 + w.WriteHeader(http.StatusNotFound) 326 329 mw.pages.ErrorKnot404(w) 327 330 return 328 331 }

+1 -1

appview/models/pull.go

··· 83 83 Repo *Repo 84 84 } 85 85 86 86 + // NOTE: This method does not include patch blob in returned atproto record 86 87 func (p Pull) AsRecord() tangled.RepoPull { 87 88 var source *tangled.RepoPull_Source 88 89 if p.PullSource != nil { ··· 113 114 Repo: p.RepoAt.String(), 114 115 Branch: p.TargetBranch, 115 116 }, 116 116 - Patch: p.LatestPatch(), 117 117 Source: source, 118 118 } 119 119 return record

+8 -7

appview/notifications/notifications.go

··· 11 11 "tangled.org/core/appview/oauth" 12 12 "tangled.org/core/appview/pages" 13 13 "tangled.org/core/appview/pagination" 14 14 + "tangled.org/core/orm" 14 15 ) 15 16 16 17 type Notifications struct { ··· 47 48 48 49 func (n *Notifications) notificationsPage(w http.ResponseWriter, r *http.Request) { 49 50 l := n.logger.With("handler", "notificationsPage") 50 50 - user := n.oauth.GetUser(r) 51 51 + user := n.oauth.GetMultiAccountUser(r) 51 52 52 53 page := pagination.FromContext(r.Context()) 53 54 54 55 total, err := db.CountNotifications( 55 56 n.db, 56 56 - db.FilterEq("recipient_did", user.Did), 57 57 + orm.FilterEq("recipient_did", user.Active.Did), 57 58 ) 58 59 if err != nil { 59 60 l.Error("failed to get total notifications", "err", err) ··· 64 65 notifications, err := db.GetNotificationsWithEntities( 65 66 n.db, 66 67 page, 67 67 - db.FilterEq("recipient_did", user.Did), 68 68 + orm.FilterEq("recipient_did", user.Active.Did), 68 69 ) 69 70 if err != nil { 70 71 l.Error("failed to get notifications", "err", err) ··· 72 73 return 73 74 } 74 75 75 75 - err = db.MarkAllNotificationsRead(n.db, user.Did) 76 76 + err = db.MarkAllNotificationsRead(n.db, user.Active.Did) 76 77 if err != nil { 77 78 l.Error("failed to mark notifications as read", "err", err) 78 79 } ··· 89 90 } 90 91 91 92 func (n *Notifications) getUnreadCount(w http.ResponseWriter, r *http.Request) { 92 92 - user := n.oauth.GetUser(r) 93 93 + user := n.oauth.GetMultiAccountUser(r) 93 94 if user == nil { 94 95 return 95 96 } 96 97 97 98 count, err := db.CountNotifications( 98 99 n.db, 99 99 - db.FilterEq("recipient_did", user.Did), 100 100 - db.FilterEq("read", 0), 100 100 + orm.FilterEq("recipient_did", user.Active.Did), 101 101 + orm.FilterEq("read", 0), 101 102 ) 102 103 if err != nil { 103 104 http.Error(w, "Failed to get unread count", http.StatusInternalServerError)

+77 -66

appview/notify/db/db.go

··· 3 3 import ( 4 4 "context" 5 5 "log" 6 6 - "maps" 7 6 "slices" 8 7 9 8 "github.com/bluesky-social/indigo/atproto/syntax" ··· 12 11 "tangled.org/core/appview/models" 13 12 "tangled.org/core/appview/notify" 14 13 "tangled.org/core/idresolver" 14 14 + "tangled.org/core/orm" 15 15 + "tangled.org/core/sets" 15 16 ) 16 17 17 18 const ( 18 18 - maxMentions = 5 19 19 + maxMentions = 8 19 20 ) 20 21 21 22 type databaseNotifier struct { ··· 42 43 return 43 44 } 44 45 var err error 45 45 - repo, err := db.GetRepo(n.db, db.FilterEq("at_uri", string(star.RepoAt))) 46 46 + repo, err := db.GetRepo(n.db, orm.FilterEq("at_uri", string(star.RepoAt))) 46 47 if err != nil { 47 48 log.Printf("NewStar: failed to get repos: %v", err) 48 49 return 49 50 } 50 51 51 52 actorDid := syntax.DID(star.Did) 52 52 - recipients := []syntax.DID{syntax.DID(repo.Did)} 53 53 + recipients := sets.Singleton(syntax.DID(repo.Did)) 53 54 eventType := models.NotificationTypeRepoStarred 54 55 entityType := "repo" 55 56 entityId := star.RepoAt.String() ··· 74 75 } 75 76 76 77 func (n *databaseNotifier) NewIssue(ctx context.Context, issue *models.Issue, mentions []syntax.DID) { 77 77 - 78 78 - // build the recipients list 79 79 - // - owner of the repo 80 80 - // - collaborators in the repo 81 81 - var recipients []syntax.DID 82 82 - recipients = append(recipients, syntax.DID(issue.Repo.Did)) 83 83 - collaborators, err := db.GetCollaborators(n.db, db.FilterEq("repo_at", issue.Repo.RepoAt())) 78 78 + collaborators, err := db.GetCollaborators(n.db, orm.FilterEq("repo_at", issue.Repo.RepoAt())) 84 79 if err != nil { 85 80 log.Printf("failed to fetch collaborators: %v", err) 86 81 return 87 82 } 83 83 + 84 84 + // build the recipients list 85 85 + // - owner of the repo 86 86 + // - collaborators in the repo 87 87 + // - remove users already mentioned 88 88 + recipients := sets.Singleton(syntax.DID(issue.Repo.Did)) 88 89 for _, c := range collaborators { 89 89 - recipients = append(recipients, c.SubjectDid) 90 90 + recipients.Insert(c.SubjectDid) 91 91 + } 92 92 + for _, m := range mentions { 93 93 + recipients.Remove(m) 90 94 } 91 95 92 96 actorDid := syntax.DID(issue.Did) ··· 108 112 ) 109 113 n.notifyEvent( 110 114 actorDid, 111 111 - mentions, 115 115 + sets.Collect(slices.Values(mentions)), 112 116 models.NotificationTypeUserMentioned, 113 117 entityType, 114 118 entityId, ··· 119 123 } 120 124 121 125 func (n *databaseNotifier) NewIssueComment(ctx context.Context, comment *models.IssueComment, mentions []syntax.DID) { 122 122 - issues, err := db.GetIssues(n.db, db.FilterEq("at_uri", comment.IssueAt)) 126 126 + issues, err := db.GetIssues(n.db, orm.FilterEq("at_uri", comment.IssueAt)) 123 127 if err != nil { 124 128 log.Printf("NewIssueComment: failed to get issues: %v", err) 125 129 return ··· 130 134 } 131 135 issue := issues[0] 132 136 133 133 - var recipients []syntax.DID 134 134 - recipients = append(recipients, syntax.DID(issue.Repo.Did)) 137 137 + // built the recipients list: 138 138 + // - the owner of the repo 139 139 + // - | if the comment is a reply -> everybody on that thread 140 140 + // | if the comment is a top level -> just the issue owner 141 141 + // - remove mentioned users from the recipients list 142 142 + recipients := sets.Singleton(syntax.DID(issue.Repo.Did)) 135 143 136 144 if comment.IsReply() { 137 145 // if this comment is a reply, then notify everybody in that thread 138 146 parentAtUri := *comment.ReplyTo 139 139 - allThreads := issue.CommentList() 140 147 141 148 // find the parent thread, and add all DIDs from here to the recipient list 142 142 - for _, t := range allThreads { 149 149 + for _, t := range issue.CommentList() { 143 150 if t.Self.AtUri().String() == parentAtUri { 144 144 - recipients = append(recipients, t.Participants()...) 151 151 + for _, p := range t.Participants() { 152 152 + recipients.Insert(p) 153 153 + } 145 154 } 146 155 } 147 156 } else { 148 157 // not a reply, notify just the issue author 149 149 - recipients = append(recipients, syntax.DID(issue.Did)) 158 158 + recipients.Insert(syntax.DID(issue.Did)) 159 159 + } 160 160 + 161 161 + for _, m := range mentions { 162 162 + recipients.Remove(m) 150 163 } 151 164 152 165 actorDid := syntax.DID(comment.Did) ··· 168 181 ) 169 182 n.notifyEvent( 170 183 actorDid, 171 171 - mentions, 184 184 + sets.Collect(slices.Values(mentions)), 172 185 models.NotificationTypeUserMentioned, 173 186 entityType, 174 187 entityId, ··· 184 197 185 198 func (n *databaseNotifier) NewFollow(ctx context.Context, follow *models.Follow) { 186 199 actorDid := syntax.DID(follow.UserDid) 187 187 - recipients := []syntax.DID{syntax.DID(follow.SubjectDid)} 200 200 + recipients := sets.Singleton(syntax.DID(follow.SubjectDid)) 188 201 eventType := models.NotificationTypeFollowed 189 202 entityType := "follow" 190 203 entityId := follow.UserDid ··· 207 220 } 208 221 209 222 func (n *databaseNotifier) NewPull(ctx context.Context, pull *models.Pull) { 210 210 - repo, err := db.GetRepo(n.db, db.FilterEq("at_uri", string(pull.RepoAt))) 223 223 + repo, err := db.GetRepo(n.db, orm.FilterEq("at_uri", string(pull.RepoAt))) 211 224 if err != nil { 212 225 log.Printf("NewPull: failed to get repos: %v", err) 213 226 return 214 227 } 215 215 - 216 216 - // build the recipients list 217 217 - // - owner of the repo 218 218 - // - collaborators in the repo 219 219 - var recipients []syntax.DID 220 220 - recipients = append(recipients, syntax.DID(repo.Did)) 221 221 - collaborators, err := db.GetCollaborators(n.db, db.FilterEq("repo_at", repo.RepoAt())) 228 228 + collaborators, err := db.GetCollaborators(n.db, orm.FilterEq("repo_at", repo.RepoAt())) 222 229 if err != nil { 223 230 log.Printf("failed to fetch collaborators: %v", err) 224 231 return 225 232 } 233 233 + 234 234 + // build the recipients list 235 235 + // - owner of the repo 236 236 + // - collaborators in the repo 237 237 + recipients := sets.Singleton(syntax.DID(repo.Did)) 226 238 for _, c := range collaborators { 227 227 - recipients = append(recipients, c.SubjectDid) 239 239 + recipients.Insert(c.SubjectDid) 228 240 } 229 241 230 242 actorDid := syntax.DID(pull.OwnerDid) ··· 258 270 return 259 271 } 260 272 261 261 - repo, err := db.GetRepo(n.db, db.FilterEq("at_uri", comment.RepoAt)) 273 273 + repo, err := db.GetRepo(n.db, orm.FilterEq("at_uri", comment.RepoAt)) 262 274 if err != nil { 263 275 log.Printf("NewPullComment: failed to get repos: %v", err) 264 276 return ··· 267 279 // build up the recipients list: 268 280 // - repo owner 269 281 // - all pull participants 270 270 - var recipients []syntax.DID 271 271 - recipients = append(recipients, syntax.DID(repo.Did)) 282 282 + // - remove those already mentioned 283 283 + recipients := sets.Singleton(syntax.DID(repo.Did)) 272 284 for _, p := range pull.Participants() { 273 273 - recipients = append(recipients, syntax.DID(p)) 285 285 + recipients.Insert(syntax.DID(p)) 286 286 + } 287 287 + for _, m := range mentions { 288 288 + recipients.Remove(m) 274 289 } 275 290 276 291 actorDid := syntax.DID(comment.OwnerDid) ··· 294 309 ) 295 310 n.notifyEvent( 296 311 actorDid, 297 297 - mentions, 312 312 + sets.Collect(slices.Values(mentions)), 298 313 models.NotificationTypeUserMentioned, 299 314 entityType, 300 315 entityId, ··· 321 336 } 322 337 323 338 func (n *databaseNotifier) NewIssueState(ctx context.Context, actor syntax.DID, issue *models.Issue) { 324 324 - // build up the recipients list: 325 325 - // - repo owner 326 326 - // - repo collaborators 327 327 - // - all issue participants 328 328 - var recipients []syntax.DID 329 329 - recipients = append(recipients, syntax.DID(issue.Repo.Did)) 330 330 - collaborators, err := db.GetCollaborators(n.db, db.FilterEq("repo_at", issue.Repo.RepoAt())) 339 339 + collaborators, err := db.GetCollaborators(n.db, orm.FilterEq("repo_at", issue.Repo.RepoAt())) 331 340 if err != nil { 332 341 log.Printf("failed to fetch collaborators: %v", err) 333 342 return 334 343 } 344 344 + 345 345 + // build up the recipients list: 346 346 + // - repo owner 347 347 + // - repo collaborators 348 348 + // - all issue participants 349 349 + recipients := sets.Singleton(syntax.DID(issue.Repo.Did)) 335 350 for _, c := range collaborators { 336 336 - recipients = append(recipients, c.SubjectDid) 351 351 + recipients.Insert(c.SubjectDid) 337 352 } 338 353 for _, p := range issue.Participants() { 339 339 - recipients = append(recipients, syntax.DID(p)) 354 354 + recipients.Insert(syntax.DID(p)) 340 355 } 341 356 342 357 entityType := "pull" ··· 366 381 367 382 func (n *databaseNotifier) NewPullState(ctx context.Context, actor syntax.DID, pull *models.Pull) { 368 383 // Get repo details 369 369 - repo, err := db.GetRepo(n.db, db.FilterEq("at_uri", string(pull.RepoAt))) 384 384 + repo, err := db.GetRepo(n.db, orm.FilterEq("at_uri", string(pull.RepoAt))) 370 385 if err != nil { 371 386 log.Printf("NewPullState: failed to get repos: %v", err) 372 387 return 373 388 } 374 389 375 375 - // build up the recipients list: 376 376 - // - repo owner 377 377 - // - all pull participants 378 378 - var recipients []syntax.DID 379 379 - recipients = append(recipients, syntax.DID(repo.Did)) 380 380 - collaborators, err := db.GetCollaborators(n.db, db.FilterEq("repo_at", repo.RepoAt())) 390 390 + collaborators, err := db.GetCollaborators(n.db, orm.FilterEq("repo_at", repo.RepoAt())) 381 391 if err != nil { 382 392 log.Printf("failed to fetch collaborators: %v", err) 383 393 return 384 394 } 395 395 + 396 396 + // build up the recipients list: 397 397 + // - repo owner 398 398 + // - all pull participants 399 399 + recipients := sets.Singleton(syntax.DID(repo.Did)) 385 400 for _, c := range collaborators { 386 386 - recipients = append(recipients, c.SubjectDid) 401 401 + recipients.Insert(c.SubjectDid) 387 402 } 388 403 for _, p := range pull.Participants() { 389 389 - recipients = append(recipients, syntax.DID(p)) 404 404 + recipients.Insert(syntax.DID(p)) 390 405 } 391 406 392 407 entityType := "pull" ··· 422 437 423 438 func (n *databaseNotifier) notifyEvent( 424 439 actorDid syntax.DID, 425 425 - recipients []syntax.DID, 440 440 + recipients sets.Set[syntax.DID], 426 441 eventType models.NotificationType, 427 442 entityType string, 428 443 entityId string, ··· 430 445 issueId *int64, 431 446 pullId *int64, 432 447 ) { 433 433 - if eventType == models.NotificationTypeUserMentioned && len(recipients) > maxMentions { 434 434 - recipients = recipients[:maxMentions] 448 448 + // if the user is attempting to mention >maxMentions users, this is probably spam, do not mention anybody 449 449 + if eventType == models.NotificationTypeUserMentioned && recipients.Len() > maxMentions { 450 450 + return 435 451 } 436 436 - recipientSet := make(map[syntax.DID]struct{}) 437 437 - for _, did := range recipients { 438 438 - // everybody except actor themselves 439 439 - if did != actorDid { 440 440 - recipientSet[did] = struct{}{} 441 441 - } 442 442 - } 452 452 + 453 453 + recipients.Remove(actorDid) 443 454 444 455 prefMap, err := db.GetNotificationPreferences( 445 456 n.db, 446 446 - db.FilterIn("user_did", slices.Collect(maps.Keys(recipientSet))), 457 457 + orm.FilterIn("user_did", slices.Collect(recipients.All())), 447 458 ) 448 459 if err != nil { 449 460 // failed to get prefs for users ··· 459 470 defer tx.Rollback() 460 471 461 472 // filter based on preferences 462 462 - for recipientDid := range recipientSet { 473 473 + for recipientDid := range recipients.All() { 463 474 prefs, ok := prefMap[recipientDid] 464 475 if !ok { 465 476 prefs = models.DefaultNotificationPreferences(recipientDid)

-1

appview/notify/merged_notifier.go

··· 39 39 v.Call(in) 40 40 }(n) 41 41 } 42 42 - wg.Wait() 43 42 } 44 43 45 44 func (m *mergedNotifier) NewRepo(ctx context.Context, repo *models.Repo) {

+191

appview/oauth/accounts.go

··· 1 1 + package oauth 2 2 + 3 3 + import ( 4 4 + "encoding/json" 5 5 + "errors" 6 6 + "net/http" 7 7 + "time" 8 8 + ) 9 9 + 10 10 + const MaxAccounts = 20 11 11 + 12 12 + var ErrMaxAccountsReached = errors.New("maximum number of linked accounts reached") 13 13 + 14 14 + type AccountInfo struct { 15 15 + Did string `json:"did"` 16 16 + Handle string `json:"handle"` 17 17 + SessionId string `json:"session_id"` 18 18 + AddedAt int64 `json:"added_at"` 19 19 + } 20 20 + 21 21 + type AccountRegistry struct { 22 22 + Accounts []AccountInfo `json:"accounts"` 23 23 + } 24 24 + 25 25 + type MultiAccountUser struct { 26 26 + Active *User 27 27 + Accounts []AccountInfo 28 28 + } 29 29 + 30 30 + func (m *MultiAccountUser) Did() string { 31 31 + if m.Active == nil { 32 32 + return "" 33 33 + } 34 34 + return m.Active.Did 35 35 + } 36 36 + 37 37 + func (m *MultiAccountUser) Pds() string { 38 38 + if m.Active == nil { 39 39 + return "" 40 40 + } 41 41 + return m.Active.Pds 42 42 + } 43 43 + 44 44 + func (o *OAuth) GetAccounts(r *http.Request) *AccountRegistry { 45 45 + session, err := o.SessStore.Get(r, AccountsName) 46 46 + if err != nil || session.IsNew { 47 47 + return &AccountRegistry{Accounts: []AccountInfo{}} 48 48 + } 49 49 + 50 50 + data, ok := session.Values["accounts"].(string) 51 51 + if !ok { 52 52 + return &AccountRegistry{Accounts: []AccountInfo{}} 53 53 + } 54 54 + 55 55 + var registry AccountRegistry 56 56 + if err := json.Unmarshal([]byte(data), &registry); err != nil { 57 57 + return &AccountRegistry{Accounts: []AccountInfo{}} 58 58 + } 59 59 + 60 60 + return &registry 61 61 + } 62 62 + 63 63 + func (o *OAuth) SaveAccounts(w http.ResponseWriter, r *http.Request, registry *AccountRegistry) error { 64 64 + session, err := o.SessStore.Get(r, AccountsName) 65 65 + if err != nil { 66 66 + return err 67 67 + } 68 68 + 69 69 + data, err := json.Marshal(registry) 70 70 + if err != nil { 71 71 + return err 72 72 + } 73 73 + 74 74 + session.Values["accounts"] = string(data) 75 75 + session.Options.MaxAge = 60 * 60 * 24 * 365 76 76 + session.Options.HttpOnly = true 77 77 + session.Options.Secure = !o.Config.Core.Dev 78 78 + session.Options.SameSite = http.SameSiteLaxMode 79 79 + 80 80 + return session.Save(r, w) 81 81 + } 82 82 + 83 83 + func (r *AccountRegistry) AddAccount(did, handle, sessionId string) error { 84 84 + for i, acc := range r.Accounts { 85 85 + if acc.Did == did { 86 86 + r.Accounts[i].SessionId = sessionId 87 87 + r.Accounts[i].Handle = handle 88 88 + return nil 89 89 + } 90 90 + } 91 91 + 92 92 + if len(r.Accounts) >= MaxAccounts { 93 93 + return ErrMaxAccountsReached 94 94 + } 95 95 + 96 96 + r.Accounts = append(r.Accounts, AccountInfo{ 97 97 + Did: did, 98 98 + Handle: handle, 99 99 + SessionId: sessionId, 100 100 + AddedAt: time.Now().Unix(), 101 101 + }) 102 102 + return nil 103 103 + } 104 104 + 105 105 + func (r *AccountRegistry) RemoveAccount(did string) { 106 106 + filtered := make([]AccountInfo, 0, len(r.Accounts)) 107 107 + for _, acc := range r.Accounts { 108 108 + if acc.Did != did { 109 109 + filtered = append(filtered, acc) 110 110 + } 111 111 + } 112 112 + r.Accounts = filtered 113 113 + } 114 114 + 115 115 + func (r *AccountRegistry) FindAccount(did string) *AccountInfo { 116 116 + for i := range r.Accounts { 117 117 + if r.Accounts[i].Did == did { 118 118 + return &r.Accounts[i] 119 119 + } 120 120 + } 121 121 + return nil 122 122 + } 123 123 + 124 124 + func (r *AccountRegistry) OtherAccounts(activeDid string) []AccountInfo { 125 125 + result := make([]AccountInfo, 0, len(r.Accounts)) 126 126 + for _, acc := range r.Accounts { 127 127 + if acc.Did != activeDid { 128 128 + result = append(result, acc) 129 129 + } 130 130 + } 131 131 + return result 132 132 + } 133 133 + 134 134 + func (o *OAuth) GetMultiAccountUser(r *http.Request) *MultiAccountUser { 135 135 + user := o.GetUser(r) 136 136 + if user == nil { 137 137 + return nil 138 138 + } 139 139 + 140 140 + registry := o.GetAccounts(r) 141 141 + return &MultiAccountUser{ 142 142 + Active: user, 143 143 + Accounts: registry.Accounts, 144 144 + } 145 145 + } 146 146 + 147 147 + type AuthReturnInfo struct { 148 148 + ReturnURL string 149 149 + AddAccount bool 150 150 + } 151 151 + 152 152 + func (o *OAuth) SetAuthReturn(w http.ResponseWriter, r *http.Request, returnURL string, addAccount bool) error { 153 153 + session, err := o.SessStore.Get(r, AuthReturnName) 154 154 + if err != nil { 155 155 + return err 156 156 + } 157 157 + 158 158 + session.Values[AuthReturnURL] = returnURL 159 159 + session.Values[AuthAddAccount] = addAccount 160 160 + session.Options.MaxAge = 60 * 30 161 161 + session.Options.HttpOnly = true 162 162 + session.Options.Secure = !o.Config.Core.Dev 163 163 + session.Options.SameSite = http.SameSiteLaxMode 164 164 + 165 165 + return session.Save(r, w) 166 166 + } 167 167 + 168 168 + func (o *OAuth) GetAuthReturn(r *http.Request) *AuthReturnInfo { 169 169 + session, err := o.SessStore.Get(r, AuthReturnName) 170 170 + if err != nil || session.IsNew { 171 171 + return &AuthReturnInfo{} 172 172 + } 173 173 + 174 174 + returnURL, _ := session.Values[AuthReturnURL].(string) 175 175 + addAccount, _ := session.Values[AuthAddAccount].(bool) 176 176 + 177 177 + return &AuthReturnInfo{ 178 178 + ReturnURL: returnURL, 179 179 + AddAccount: addAccount, 180 180 + } 181 181 + } 182 182 + 183 183 + func (o *OAuth) ClearAuthReturn(w http.ResponseWriter, r *http.Request) error { 184 184 + session, err := o.SessStore.Get(r, AuthReturnName) 185 185 + if err != nil { 186 186 + return err 187 187 + } 188 188 + 189 189 + session.Options.MaxAge = -1 190 190 + return session.Save(r, w) 191 191 + }

+265

appview/oauth/accounts_test.go

··· 1 1 + package oauth 2 2 + 3 3 + import ( 4 4 + "testing" 5 5 + ) 6 6 + 7 7 + func TestAccountRegistry_AddAccount(t *testing.T) { 8 8 + tests := []struct { 9 9 + name string 10 10 + initial []AccountInfo 11 11 + addDid string 12 12 + addHandle string 13 13 + addSessionId string 14 14 + wantErr error 15 15 + wantLen int 16 16 + wantSessionId string 17 17 + }{ 18 18 + { 19 19 + name: "add first account", 20 20 + initial: []AccountInfo{}, 21 21 + addDid: "did:plc:abc123", 22 22 + addHandle: "alice.bsky.social", 23 23 + addSessionId: "session-1", 24 24 + wantErr: nil, 25 25 + wantLen: 1, 26 26 + wantSessionId: "session-1", 27 27 + }, 28 28 + { 29 29 + name: "add second account", 30 30 + initial: []AccountInfo{ 31 31 + {Did: "did:plc:abc123", Handle: "alice.bsky.social", SessionId: "session-1", AddedAt: 1000}, 32 32 + }, 33 33 + addDid: "did:plc:def456", 34 34 + addHandle: "bob.bsky.social", 35 35 + addSessionId: "session-2", 36 36 + wantErr: nil, 37 37 + wantLen: 2, 38 38 + wantSessionId: "session-2", 39 39 + }, 40 40 + { 41 41 + name: "update existing account session", 42 42 + initial: []AccountInfo{ 43 43 + {Did: "did:plc:abc123", Handle: "alice.bsky.social", SessionId: "old-session", AddedAt: 1000}, 44 44 + }, 45 45 + addDid: "did:plc:abc123", 46 46 + addHandle: "alice.bsky.social", 47 47 + addSessionId: "new-session", 48 48 + wantErr: nil, 49 49 + wantLen: 1, 50 50 + wantSessionId: "new-session", 51 51 + }, 52 52 + } 53 53 + 54 54 + for _, tt := range tests { 55 55 + t.Run(tt.name, func(t *testing.T) { 56 56 + registry := &AccountRegistry{Accounts: tt.initial} 57 57 + err := registry.AddAccount(tt.addDid, tt.addHandle, tt.addSessionId) 58 58 + 59 59 + if err != tt.wantErr { 60 60 + t.Errorf("AddAccount() error = %v, want %v", err, tt.wantErr) 61 61 + } 62 62 + 63 63 + if len(registry.Accounts) != tt.wantLen { 64 64 + t.Errorf("AddAccount() len = %d, want %d", len(registry.Accounts), tt.wantLen) 65 65 + } 66 66 + 67 67 + found := registry.FindAccount(tt.addDid) 68 68 + if found == nil { 69 69 + t.Errorf("AddAccount() account not found after add") 70 70 + return 71 71 + } 72 72 + 73 73 + if found.SessionId != tt.wantSessionId { 74 74 + t.Errorf("AddAccount() sessionId = %s, want %s", found.SessionId, tt.wantSessionId) 75 75 + } 76 76 + }) 77 77 + } 78 78 + } 79 79 + 80 80 + func TestAccountRegistry_AddAccount_MaxLimit(t *testing.T) { 81 81 + registry := &AccountRegistry{Accounts: make([]AccountInfo, 0, MaxAccounts)} 82 82 + 83 83 + for i := range MaxAccounts { 84 84 + err := registry.AddAccount("did:plc:user"+string(rune('a'+i)), "handle", "session") 85 85 + if err != nil { 86 86 + t.Fatalf("AddAccount() unexpected error on account %d: %v", i, err) 87 87 + } 88 88 + } 89 89 + 90 90 + if len(registry.Accounts) != MaxAccounts { 91 91 + t.Errorf("expected %d accounts, got %d", MaxAccounts, len(registry.Accounts)) 92 92 + } 93 93 + 94 94 + err := registry.AddAccount("did:plc:overflow", "overflow", "session-overflow") 95 95 + if err != ErrMaxAccountsReached { 96 96 + t.Errorf("AddAccount() error = %v, want %v", err, ErrMaxAccountsReached) 97 97 + } 98 98 + 99 99 + if len(registry.Accounts) != MaxAccounts { 100 100 + t.Errorf("account added despite max limit, got %d", len(registry.Accounts)) 101 101 + } 102 102 + } 103 103 + 104 104 + func TestAccountRegistry_RemoveAccount(t *testing.T) { 105 105 + tests := []struct { 106 106 + name string 107 107 + initial []AccountInfo 108 108 + removeDid string 109 109 + wantLen int 110 110 + wantDids []string 111 111 + }{ 112 112 + { 113 113 + name: "remove existing account", 114 114 + initial: []AccountInfo{ 115 115 + {Did: "did:plc:abc123", Handle: "alice", SessionId: "s1"}, 116 116 + {Did: "did:plc:def456", Handle: "bob", SessionId: "s2"}, 117 117 + }, 118 118 + removeDid: "did:plc:abc123", 119 119 + wantLen: 1, 120 120 + wantDids: []string{"did:plc:def456"}, 121 121 + }, 122 122 + { 123 123 + name: "remove non-existing account", 124 124 + initial: []AccountInfo{ 125 125 + {Did: "did:plc:abc123", Handle: "alice", SessionId: "s1"}, 126 126 + }, 127 127 + removeDid: "did:plc:notfound", 128 128 + wantLen: 1, 129 129 + wantDids: []string{"did:plc:abc123"}, 130 130 + }, 131 131 + { 132 132 + name: "remove last account", 133 133 + initial: []AccountInfo{ 134 134 + {Did: "did:plc:abc123", Handle: "alice", SessionId: "s1"}, 135 135 + }, 136 136 + removeDid: "did:plc:abc123", 137 137 + wantLen: 0, 138 138 + wantDids: []string{}, 139 139 + }, 140 140 + { 141 141 + name: "remove from empty registry", 142 142 + initial: []AccountInfo{}, 143 143 + removeDid: "did:plc:abc123", 144 144 + wantLen: 0, 145 145 + wantDids: []string{}, 146 146 + }, 147 147 + } 148 148 + 149 149 + for _, tt := range tests { 150 150 + t.Run(tt.name, func(t *testing.T) { 151 151 + registry := &AccountRegistry{Accounts: tt.initial} 152 152 + registry.RemoveAccount(tt.removeDid) 153 153 + 154 154 + if len(registry.Accounts) != tt.wantLen { 155 155 + t.Errorf("RemoveAccount() len = %d, want %d", len(registry.Accounts), tt.wantLen) 156 156 + } 157 157 + 158 158 + for _, wantDid := range tt.wantDids { 159 159 + if registry.FindAccount(wantDid) == nil { 160 160 + t.Errorf("RemoveAccount() expected %s to remain", wantDid) 161 161 + } 162 162 + } 163 163 + 164 164 + if registry.FindAccount(tt.removeDid) != nil && tt.wantLen < len(tt.initial) { 165 165 + t.Errorf("RemoveAccount() %s should have been removed", tt.removeDid) 166 166 + } 167 167 + }) 168 168 + } 169 169 + } 170 170 + 171 171 + func TestAccountRegistry_FindAccount(t *testing.T) { 172 172 + registry := &AccountRegistry{ 173 173 + Accounts: []AccountInfo{ 174 174 + {Did: "did:plc:first", Handle: "first", SessionId: "s1", AddedAt: 1000}, 175 175 + {Did: "did:plc:second", Handle: "second", SessionId: "s2", AddedAt: 2000}, 176 176 + {Did: "did:plc:third", Handle: "third", SessionId: "s3", AddedAt: 3000}, 177 177 + }, 178 178 + } 179 179 + 180 180 + t.Run("find existing account", func(t *testing.T) { 181 181 + found := registry.FindAccount("did:plc:second") 182 182 + if found == nil { 183 183 + t.Fatal("FindAccount() returned nil for existing account") 184 184 + } 185 185 + if found.Handle != "second" { 186 186 + t.Errorf("FindAccount() handle = %s, want second", found.Handle) 187 187 + } 188 188 + if found.SessionId != "s2" { 189 189 + t.Errorf("FindAccount() sessionId = %s, want s2", found.SessionId) 190 190 + } 191 191 + }) 192 192 + 193 193 + t.Run("find non-existing account", func(t *testing.T) { 194 194 + found := registry.FindAccount("did:plc:notfound") 195 195 + if found != nil { 196 196 + t.Errorf("FindAccount() = %v, want nil", found) 197 197 + } 198 198 + }) 199 199 + 200 200 + t.Run("returned pointer is mutable", func(t *testing.T) { 201 201 + found := registry.FindAccount("did:plc:first") 202 202 + if found == nil { 203 203 + t.Fatal("FindAccount() returned nil") 204 204 + } 205 205 + found.SessionId = "modified" 206 206 + 207 207 + refetch := registry.FindAccount("did:plc:first") 208 208 + if refetch.SessionId != "modified" { 209 209 + t.Errorf("FindAccount() pointer not referencing original, got %s", refetch.SessionId) 210 210 + } 211 211 + }) 212 212 + } 213 213 + 214 214 + func TestAccountRegistry_OtherAccounts(t *testing.T) { 215 215 + registry := &AccountRegistry{ 216 216 + Accounts: []AccountInfo{ 217 217 + {Did: "did:plc:active", Handle: "active", SessionId: "s1"}, 218 218 + {Did: "did:plc:other1", Handle: "other1", SessionId: "s2"}, 219 219 + {Did: "did:plc:other2", Handle: "other2", SessionId: "s3"}, 220 220 + }, 221 221 + } 222 222 + 223 223 + others := registry.OtherAccounts("did:plc:active") 224 224 + 225 225 + if len(others) != 2 { 226 226 + t.Errorf("OtherAccounts() len = %d, want 2", len(others)) 227 227 + } 228 228 + 229 229 + for _, acc := range others { 230 230 + if acc.Did == "did:plc:active" { 231 231 + t.Errorf("OtherAccounts() should not include active account") 232 232 + } 233 233 + } 234 234 + 235 235 + hasDid := func(did string) bool { 236 236 + for _, acc := range others { 237 237 + if acc.Did == did { 238 238 + return true 239 239 + } 240 240 + } 241 241 + return false 242 242 + } 243 243 + 244 244 + if !hasDid("did:plc:other1") || !hasDid("did:plc:other2") { 245 245 + t.Errorf("OtherAccounts() missing expected accounts") 246 246 + } 247 247 + } 248 248 + 249 249 + func TestMultiAccountUser_Did(t *testing.T) { 250 250 + t.Run("with active user", func(t *testing.T) { 251 251 + user := &MultiAccountUser{ 252 252 + Active: &User{Did: "did:plc:test", Pds: "https://bsky.social"}, 253 253 + } 254 254 + if user.Did() != "did:plc:test" { 255 255 + t.Errorf("Did() = %s, want did:plc:test", user.Did()) 256 256 + } 257 257 + }) 258 258 + 259 259 + t.Run("with nil active", func(t *testing.T) { 260 260 + user := &MultiAccountUser{Active: nil} 261 261 + if user.Did() != "" { 262 262 + t.Errorf("Did() = %s, want empty string", user.Did()) 263 263 + } 264 264 + }) 265 265 + }

+5 -1

appview/oauth/consts.go

··· 1 1 package oauth 2 2 3 3 const ( 4 4 - SessionName = "appview-session-v2" 4 4 + SessionName = "appview-session-v2" 5 5 + AccountsName = "appview-accounts-v2" 6 6 + AuthReturnName = "appview-auth-return" 7 7 + AuthReturnURL = "return_url" 8 8 + AuthAddAccount = "add_account" 5 9 SessionHandle = "handle" 6 10 SessionDid = "did" 7 11 SessionId = "id"

+17 -4

appview/oauth/handler.go

··· 16 16 "tangled.org/core/api/tangled" 17 17 "tangled.org/core/appview/db" 18 18 "tangled.org/core/consts" 19 19 + "tangled.org/core/orm" 19 20 "tangled.org/core/tid" 20 21 ) 21 22 ··· 54 55 ctx := r.Context() 55 56 l := o.Logger.With("query", r.URL.Query()) 56 57 58 58 + authReturn := o.GetAuthReturn(r) 59 59 + _ = o.ClearAuthReturn(w, r) 60 60 + 57 61 sessData, err := o.ClientApp.ProcessCallback(ctx, r.URL.Query()) 58 62 if err != nil { 59 63 var callbackErr *oauth.AuthRequestCallbackError ··· 69 73 70 74 if err := o.SaveSession(w, r, sessData); err != nil { 71 75 l.Error("failed to save session", "data", sessData, "err", err) 72 72 - http.Redirect(w, r, "/login?error=session", http.StatusFound) 76 76 + errorCode := "session" 77 77 + if errors.Is(err, ErrMaxAccountsReached) { 78 78 + errorCode = "max_accounts" 79 79 + } 80 80 + http.Redirect(w, r, fmt.Sprintf("/login?error=%s", errorCode), http.StatusFound) 73 81 return 74 82 } 75 83 ··· 87 95 } 88 96 } 89 97 90 90 - http.Redirect(w, r, "/", http.StatusFound) 98 98 + redirectURL := "/" 99 99 + if authReturn.ReturnURL != "" { 100 100 + redirectURL = authReturn.ReturnURL 101 101 + } 102 102 + 103 103 + http.Redirect(w, r, redirectURL, http.StatusFound) 91 104 } 92 105 93 106 func (o *OAuth) addToDefaultSpindle(did string) { ··· 97 110 // and create an sh.tangled.spindle.member record with that 98 111 spindleMembers, err := db.GetSpindleMembers( 99 112 o.Db, 100 100 - db.FilterEq("instance", "spindle.tangled.sh"), 101 101 - db.FilterEq("subject", did), 113 113 + orm.FilterEq("instance", "spindle.tangled.sh"), 114 114 + orm.FilterEq("subject", did), 102 115 ) 103 116 if err != nil { 104 117 l.Error("failed to get spindle members", "err", err)

+66 -4

appview/oauth/oauth.go

··· 98 98 } 99 99 100 100 func (o *OAuth) SaveSession(w http.ResponseWriter, r *http.Request, sessData *oauth.ClientSessionData) error { 101 101 - // first we save the did in the user session 102 101 userSession, err := o.SessStore.Get(r, SessionName) 103 102 if err != nil { 104 103 return err ··· 108 107 userSession.Values[SessionPds] = sessData.HostURL 109 108 userSession.Values[SessionId] = sessData.SessionID 110 109 userSession.Values[SessionAuthenticated] = true 111 111 - return userSession.Save(r, w) 110 110 + 111 111 + if err := userSession.Save(r, w); err != nil { 112 112 + return err 113 113 + } 114 114 + 115 115 + handle := "" 116 116 + resolved, err := o.IdResolver.ResolveIdent(r.Context(), sessData.AccountDID.String()) 117 117 + if err == nil && resolved.Handle.String() != "" { 118 118 + handle = resolved.Handle.String() 119 119 + } 120 120 + 121 121 + registry := o.GetAccounts(r) 122 122 + if err := registry.AddAccount(sessData.AccountDID.String(), handle, sessData.SessionID); err != nil { 123 123 + return err 124 124 + } 125 125 + return o.SaveAccounts(w, r, registry) 112 126 } 113 127 114 128 func (o *OAuth) ResumeSession(r *http.Request) (*oauth.ClientSession, error) { ··· 163 177 return errors.Join(err1, err2) 164 178 } 165 179 180 180 + func (o *OAuth) SwitchAccount(w http.ResponseWriter, r *http.Request, targetDid string) error { 181 181 + registry := o.GetAccounts(r) 182 182 + account := registry.FindAccount(targetDid) 183 183 + if account == nil { 184 184 + return fmt.Errorf("account not found in registry: %s", targetDid) 185 185 + } 186 186 + 187 187 + did, err := syntax.ParseDID(targetDid) 188 188 + if err != nil { 189 189 + return fmt.Errorf("invalid DID: %w", err) 190 190 + } 191 191 + 192 192 + sess, err := o.ClientApp.ResumeSession(r.Context(), did, account.SessionId) 193 193 + if err != nil { 194 194 + registry.RemoveAccount(targetDid) 195 195 + _ = o.SaveAccounts(w, r, registry) 196 196 + return fmt.Errorf("session expired for account: %w", err) 197 197 + } 198 198 + 199 199 + userSession, err := o.SessStore.Get(r, SessionName) 200 200 + if err != nil { 201 201 + return err 202 202 + } 203 203 + 204 204 + userSession.Values[SessionDid] = sess.Data.AccountDID.String() 205 205 + userSession.Values[SessionPds] = sess.Data.HostURL 206 206 + userSession.Values[SessionId] = sess.Data.SessionID 207 207 + userSession.Values[SessionAuthenticated] = true 208 208 + 209 209 + return userSession.Save(r, w) 210 210 + } 211 211 + 212 212 + func (o *OAuth) RemoveAccount(w http.ResponseWriter, r *http.Request, targetDid string) error { 213 213 + registry := o.GetAccounts(r) 214 214 + account := registry.FindAccount(targetDid) 215 215 + if account == nil { 216 216 + return nil 217 217 + } 218 218 + 219 219 + did, err := syntax.ParseDID(targetDid) 220 220 + if err == nil { 221 221 + _ = o.ClientApp.Logout(r.Context(), did, account.SessionId) 222 222 + } 223 223 + 224 224 + registry.RemoveAccount(targetDid) 225 225 + return o.SaveAccounts(w, r, registry) 226 226 + } 227 227 + 166 228 type User struct { 167 229 Did string 168 230 Pds string ··· 181 243 } 182 244 183 245 func (o *OAuth) GetDid(r *http.Request) string { 184 184 - if u := o.GetUser(r); u != nil { 185 185 - return u.Did 246 246 + if u := o.GetMultiAccountUser(r); u != nil { 247 247 + return u.Did() 186 248 } 187 249 188 250 return ""

+16 -1

appview/pages/funcmap.go

··· 25 25 "github.com/dustin/go-humanize" 26 26 "github.com/go-enry/go-enry/v2" 27 27 "github.com/yuin/goldmark" 28 28 + emoji "github.com/yuin/goldmark-emoji" 28 29 "tangled.org/core/appview/filetree" 29 30 "tangled.org/core/appview/models" 31 31 + "tangled.org/core/appview/oauth" 30 32 "tangled.org/core/appview/pages/markup" 31 33 "tangled.org/core/crypto" 32 34 ) ··· 261 263 }, 262 264 "description": func(text string) template.HTML { 263 265 p.rctx.RendererType = markup.RendererTypeDefault 264 264 - htmlString := p.rctx.RenderMarkdownWith(text, goldmark.New()) 266 266 + htmlString := p.rctx.RenderMarkdownWith(text, goldmark.New( 267 267 + goldmark.WithExtensions( 268 268 + emoji.Emoji, 269 269 + ), 270 270 + )) 265 271 sanitized := p.rctx.SanitizeDescription(htmlString) 266 272 return template.HTML(sanitized) 267 273 }, ··· 379 385 return "error" 380 386 } 381 387 return fp 388 388 + }, 389 389 + "otherAccounts": func(activeDid string, accounts []oauth.AccountInfo) []oauth.AccountInfo { 390 390 + result := make([]oauth.AccountInfo, 0, len(accounts)) 391 391 + for _, acc := range accounts { 392 392 + if acc.Did != activeDid { 393 393 + result = append(result, acc) 394 394 + } 395 395 + } 396 396 + return result 382 397 }, 383 398 } 384 399 }

+13 -3

appview/pages/markup/extension/atlink.go

··· 35 35 return KindAt 36 36 } 37 37 38 38 - var atRegexp = regexp.MustCompile(`(^|\s|\()(@)([a-zA-Z0-9.-]+)(\b)`) 38 38 + var atRegexp = regexp.MustCompile(`(^|\s|\()(@)([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\b)`) 39 39 + var markdownLinkRegexp = regexp.MustCompile(`(?ms)\[.*\]\(.*\)`) 39 40 40 41 type atParser struct{} 41 42 ··· 55 56 if m == nil { 56 57 return nil 57 58 } 59 59 + 60 60 + // Check for all links in the markdown to see if the handle found is inside one 61 61 + linksIndexes := markdownLinkRegexp.FindAllIndex(block.Source(), -1) 62 62 + for _, linkMatch := range linksIndexes { 63 63 + if linkMatch[0] < segment.Start && segment.Start < linkMatch[1] { 64 64 + return nil 65 65 + } 66 66 + } 67 67 + 58 68 atSegment := text.NewSegment(segment.Start, segment.Start+m[1]) 59 69 block.Advance(m[1]) 60 70 node := &AtNode{} ··· 87 97 88 98 func (r *atHtmlRenderer) renderAt(w util.BufWriter, source []byte, n ast.Node, entering bool) (ast.WalkStatus, error) { 89 99 if entering { 90 90 - w.WriteString(`<a href="/@`) 100 100 + w.WriteString(`<a href="/`) 91 101 w.WriteString(n.(*AtNode).Handle) 92 92 - w.WriteString(`" class="mention font-bold">`) 102 102 + w.WriteString(`" class="mention">`) 93 103 } else { 94 104 w.WriteString("</a>") 95 105 }

+2

appview/pages/markup/markdown.go

··· 13 13 chromahtml "github.com/alecthomas/chroma/v2/formatters/html" 14 14 "github.com/alecthomas/chroma/v2/styles" 15 15 "github.com/yuin/goldmark" 16 16 + "github.com/yuin/goldmark-emoji" 16 17 highlighting "github.com/yuin/goldmark-highlighting/v2" 17 18 "github.com/yuin/goldmark/ast" 18 19 "github.com/yuin/goldmark/extension" ··· 66 67 ), 67 68 callout.CalloutExtention, 68 69 textension.AtExt, 70 70 + emoji.Emoji, 69 71 ), 70 72 goldmark.WithParserOptions( 71 73 parser.WithAutoHeadingID(),

+121

appview/pages/markup/markdown_test.go

··· 1 1 + package markup 2 2 + 3 3 + import ( 4 4 + "bytes" 5 5 + "testing" 6 6 + ) 7 7 + 8 8 + func TestAtExtension_Rendering(t *testing.T) { 9 9 + tests := []struct { 10 10 + name string 11 11 + markdown string 12 12 + expected string 13 13 + }{ 14 14 + { 15 15 + name: "renders simple at mention", 16 16 + markdown: "Hello @user.tngl.sh!", 17 17 + expected: `<p>Hello <a href="/user.tngl.sh" class="mention">@user.tngl.sh</a>!</p>`, 18 18 + }, 19 19 + { 20 20 + name: "renders multiple at mentions", 21 21 + markdown: "Hi @alice.tngl.sh and @bob.example.com", 22 22 + expected: `<p>Hi <a href="/alice.tngl.sh" class="mention">@alice.tngl.sh</a> and <a href="/bob.example.com" class="mention">@bob.example.com</a></p>`, 23 23 + }, 24 24 + { 25 25 + name: "renders at mention in parentheses", 26 26 + markdown: "Check this out (@user.tngl.sh)", 27 27 + expected: `<p>Check this out (<a href="/user.tngl.sh" class="mention">@user.tngl.sh</a>)</p>`, 28 28 + }, 29 29 + { 30 30 + name: "does not render email", 31 31 + markdown: "Contact me at test@example.com", 32 32 + expected: `<p>Contact me at <a href="mailto:test@example.com">test@example.com</a></p>`, 33 33 + }, 34 34 + { 35 35 + name: "renders at mention with hyphen", 36 36 + markdown: "Follow @user-name.tngl.sh", 37 37 + expected: `<p>Follow <a href="/user-name.tngl.sh" class="mention">@user-name.tngl.sh</a></p>`, 38 38 + }, 39 39 + { 40 40 + name: "renders at mention with numbers", 41 41 + markdown: "@user123.test456.social", 42 42 + expected: `<p><a href="/user123.test456.social" class="mention">@user123.test456.social</a></p>`, 43 43 + }, 44 44 + { 45 45 + name: "at mention at start of line", 46 46 + markdown: "@user.tngl.sh is cool", 47 47 + expected: `<p><a href="/user.tngl.sh" class="mention">@user.tngl.sh</a> is cool</p>`, 48 48 + }, 49 49 + } 50 50 + 51 51 + for _, tt := range tests { 52 52 + t.Run(tt.name, func(t *testing.T) { 53 53 + md := NewMarkdown() 54 54 + 55 55 + var buf bytes.Buffer 56 56 + if err := md.Convert([]byte(tt.markdown), &buf); err != nil { 57 57 + t.Fatalf("failed to convert markdown: %v", err) 58 58 + } 59 59 + 60 60 + result := buf.String() 61 61 + if result != tt.expected+"\n" { 62 62 + t.Errorf("expected:\n%s\ngot:\n%s", tt.expected, result) 63 63 + } 64 64 + }) 65 65 + } 66 66 + } 67 67 + 68 68 + func TestAtExtension_WithOtherMarkdown(t *testing.T) { 69 69 + tests := []struct { 70 70 + name string 71 71 + markdown string 72 72 + contains string 73 73 + }{ 74 74 + { 75 75 + name: "at mention with bold", 76 76 + markdown: "**Hello @user.tngl.sh**", 77 77 + contains: `<strong>Hello <a href="/user.tngl.sh" class="mention">@user.tngl.sh</a></strong>`, 78 78 + }, 79 79 + { 80 80 + name: "at mention with italic", 81 81 + markdown: "*Check @user.tngl.sh*", 82 82 + contains: `<em>Check <a href="/user.tngl.sh" class="mention">@user.tngl.sh</a></em>`, 83 83 + }, 84 84 + { 85 85 + name: "at mention in list", 86 86 + markdown: "- Item 1\n- @user.tngl.sh\n- Item 3", 87 87 + contains: `<a href="/user.tngl.sh" class="mention">@user.tngl.sh</a>`, 88 88 + }, 89 89 + { 90 90 + name: "at mention in link", 91 91 + markdown: "[@regnault.dev](https://regnault.dev)", 92 92 + contains: `<a href="https://regnault.dev">@regnault.dev</a>`, 93 93 + }, 94 94 + { 95 95 + name: "at mention in link again", 96 96 + markdown: "[check out @regnault.dev](https://regnault.dev)", 97 97 + contains: `<a href="https://regnault.dev">check out @regnault.dev</a>`, 98 98 + }, 99 99 + { 100 100 + name: "at mention in link again, multiline", 101 101 + markdown: "[\ncheck out @regnault.dev](https://regnault.dev)", 102 102 + contains: "<a href=\"https://regnault.dev\">\ncheck out @regnault.dev</a>", 103 103 + }, 104 104 + } 105 105 + 106 106 + for _, tt := range tests { 107 107 + t.Run(tt.name, func(t *testing.T) { 108 108 + md := NewMarkdown() 109 109 + 110 110 + var buf bytes.Buffer 111 111 + if err := md.Convert([]byte(tt.markdown), &buf); err != nil { 112 112 + t.Fatalf("failed to convert markdown: %v", err) 113 113 + } 114 114 + 115 115 + result := buf.String() 116 116 + if !bytes.Contains([]byte(result), []byte(tt.contains)) { 117 117 + t.Errorf("expected output to contain:\n%s\ngot:\n%s", tt.contains, result) 118 118 + } 119 119 + }) 120 120 + } 121 121 + }

+69 -67

appview/pages/pages.go

··· 215 215 } 216 216 217 217 type LoginParams struct { 218 218 - ReturnUrl string 219 219 - ErrorCode string 218 218 + ReturnUrl string 219 219 + ErrorCode string 220 220 + AddAccount bool 221 221 + LoggedInUser *oauth.MultiAccountUser 220 222 } 221 223 222 224 func (p *Pages) Login(w io.Writer, params LoginParams) error { ··· 236 238 } 237 239 238 240 type TermsOfServiceParams struct { 239 239 - LoggedInUser *oauth.User 241 241 + LoggedInUser *oauth.MultiAccountUser 240 242 Content template.HTML 241 243 } 242 244 ··· 264 266 } 265 267 266 268 type PrivacyPolicyParams struct { 267 267 - LoggedInUser *oauth.User 269 269 + LoggedInUser *oauth.MultiAccountUser 268 270 Content template.HTML 269 271 } 270 272 ··· 292 294 } 293 295 294 296 type BrandParams struct { 295 295 - LoggedInUser *oauth.User 297 297 + LoggedInUser *oauth.MultiAccountUser 296 298 } 297 299 298 300 func (p *Pages) Brand(w io.Writer, params BrandParams) error { ··· 300 302 } 301 303 302 304 type TimelineParams struct { 303 303 - LoggedInUser *oauth.User 305 305 + LoggedInUser *oauth.MultiAccountUser 304 306 Timeline []models.TimelineEvent 305 307 Repos []models.Repo 306 308 GfiLabel *models.LabelDefinition ··· 311 313 } 312 314 313 315 type GoodFirstIssuesParams struct { 314 314 - LoggedInUser *oauth.User 316 316 + LoggedInUser *oauth.MultiAccountUser 315 317 Issues []models.Issue 316 318 RepoGroups []*models.RepoGroup 317 319 LabelDefs map[string]*models.LabelDefinition ··· 324 326 } 325 327 326 328 type UserProfileSettingsParams struct { 327 327 - LoggedInUser *oauth.User 329 329 + LoggedInUser *oauth.MultiAccountUser 328 330 Tabs []map[string]any 329 331 Tab string 330 332 } ··· 334 336 } 335 337 336 338 type NotificationsParams struct { 337 337 - LoggedInUser *oauth.User 339 339 + LoggedInUser *oauth.MultiAccountUser 338 340 Notifications []*models.NotificationWithEntity 339 341 UnreadCount int 340 342 Page pagination.Page ··· 362 364 } 363 365 364 366 type UserKeysSettingsParams struct { 365 365 - LoggedInUser *oauth.User 367 367 + LoggedInUser *oauth.MultiAccountUser 366 368 PubKeys []models.PublicKey 367 369 Tabs []map[string]any 368 370 Tab string ··· 373 375 } 374 376 375 377 type UserEmailsSettingsParams struct { 376 376 - LoggedInUser *oauth.User 378 378 + LoggedInUser *oauth.MultiAccountUser 377 379 Emails []models.Email 378 380 Tabs []map[string]any 379 381 Tab string ··· 384 386 } 385 387 386 388 type UserNotificationSettingsParams struct { 387 387 - LoggedInUser *oauth.User 389 389 + LoggedInUser *oauth.MultiAccountUser 388 390 Preferences *models.NotificationPreferences 389 391 Tabs []map[string]any 390 392 Tab string ··· 404 406 } 405 407 406 408 type KnotsParams struct { 407 407 - LoggedInUser *oauth.User 409 409 + LoggedInUser *oauth.MultiAccountUser 408 410 Registrations []models.Registration 409 411 Tabs []map[string]any 410 412 Tab string ··· 415 417 } 416 418 417 419 type KnotParams struct { 418 418 - LoggedInUser *oauth.User 420 420 + LoggedInUser *oauth.MultiAccountUser 419 421 Registration *models.Registration 420 422 Members []string 421 423 Repos map[string][]models.Repo ··· 437 439 } 438 440 439 441 type SpindlesParams struct { 440 440 - LoggedInUser *oauth.User 442 442 + LoggedInUser *oauth.MultiAccountUser 441 443 Spindles []models.Spindle 442 444 Tabs []map[string]any 443 445 Tab string ··· 458 460 } 459 461 460 462 type SpindleDashboardParams struct { 461 461 - LoggedInUser *oauth.User 463 463 + LoggedInUser *oauth.MultiAccountUser 462 464 Spindle models.Spindle 463 465 Members []string 464 466 Repos map[string][]models.Repo ··· 471 473 } 472 474 473 475 type NewRepoParams struct { 474 474 - LoggedInUser *oauth.User 476 476 + LoggedInUser *oauth.MultiAccountUser 475 477 Knots []string 476 478 } 477 479 ··· 480 482 } 481 483 482 484 type ForkRepoParams struct { 483 483 - LoggedInUser *oauth.User 485 485 + LoggedInUser *oauth.MultiAccountUser 484 486 Knots []string 485 487 RepoInfo repoinfo.RepoInfo 486 488 } ··· 518 520 } 519 521 520 522 type ProfileOverviewParams struct { 521 521 - LoggedInUser *oauth.User 523 523 + LoggedInUser *oauth.MultiAccountUser 522 524 Repos []models.Repo 523 525 CollaboratingRepos []models.Repo 524 526 ProfileTimeline *models.ProfileTimeline ··· 532 534 } 533 535 534 536 type ProfileReposParams struct { 535 535 - LoggedInUser *oauth.User 537 537 + LoggedInUser *oauth.MultiAccountUser 536 538 Repos []models.Repo 537 539 Card *ProfileCard 538 540 Active string ··· 544 546 } 545 547 546 548 type ProfileStarredParams struct { 547 547 - LoggedInUser *oauth.User 549 549 + LoggedInUser *oauth.MultiAccountUser 548 550 Repos []models.Repo 549 551 Card *ProfileCard 550 552 Active string ··· 556 558 } 557 559 558 560 type ProfileStringsParams struct { 559 559 - LoggedInUser *oauth.User 561 561 + LoggedInUser *oauth.MultiAccountUser 560 562 Strings []models.String 561 563 Card *ProfileCard 562 564 Active string ··· 569 571 570 572 type FollowCard struct { 571 573 UserDid string 572 572 - LoggedInUser *oauth.User 574 574 + LoggedInUser *oauth.MultiAccountUser 573 575 FollowStatus models.FollowStatus 574 576 FollowersCount int64 575 577 FollowingCount int64 ··· 577 579 } 578 580 579 581 type ProfileFollowersParams struct { 580 580 - LoggedInUser *oauth.User 582 582 + LoggedInUser *oauth.MultiAccountUser 581 583 Followers []FollowCard 582 584 Card *ProfileCard 583 585 Active string ··· 589 591 } 590 592 591 593 type ProfileFollowingParams struct { 592 592 - LoggedInUser *oauth.User 594 594 + LoggedInUser *oauth.MultiAccountUser 593 595 Following []FollowCard 594 596 Card *ProfileCard 595 597 Active string ··· 610 612 } 611 613 612 614 type EditBioParams struct { 613 613 - LoggedInUser *oauth.User 615 615 + LoggedInUser *oauth.MultiAccountUser 614 616 Profile *models.Profile 615 617 } 616 618 ··· 619 621 } 620 622 621 623 type EditPinsParams struct { 622 622 - LoggedInUser *oauth.User 624 624 + LoggedInUser *oauth.MultiAccountUser 623 625 Profile *models.Profile 624 626 AllRepos []PinnedRepo 625 627 } ··· 640 642 } 641 643 642 644 func (p *Pages) StarBtnFragment(w io.Writer, params StarBtnFragmentParams) error { 643 643 - return p.executePlain("fragments/starBtn", w, params) 645 645 + return p.executePlain("fragments/starBtn-oob", w, params) 644 646 } 645 647 646 648 type RepoIndexParams struct { 647 647 - LoggedInUser *oauth.User 649 649 + LoggedInUser *oauth.MultiAccountUser 648 650 RepoInfo repoinfo.RepoInfo 649 651 Active string 650 652 TagMap map[string][]string ··· 693 695 } 694 696 695 697 type RepoLogParams struct { 696 696 - LoggedInUser *oauth.User 698 698 + LoggedInUser *oauth.MultiAccountUser 697 699 RepoInfo repoinfo.RepoInfo 698 700 TagMap map[string][]string 699 701 Active string ··· 710 712 } 711 713 712 714 type RepoCommitParams struct { 713 713 - LoggedInUser *oauth.User 715 715 + LoggedInUser *oauth.MultiAccountUser 714 716 RepoInfo repoinfo.RepoInfo 715 717 Active string 716 718 EmailToDid map[string]string ··· 729 731 } 730 732 731 733 type RepoTreeParams struct { 732 732 - LoggedInUser *oauth.User 734 734 + LoggedInUser *oauth.MultiAccountUser 733 735 RepoInfo repoinfo.RepoInfo 734 736 Active string 735 737 BreadCrumbs [][]string ··· 784 786 } 785 787 786 788 type RepoBranchesParams struct { 787 787 - LoggedInUser *oauth.User 789 789 + LoggedInUser *oauth.MultiAccountUser 788 790 RepoInfo repoinfo.RepoInfo 789 791 Active string 790 792 types.RepoBranchesResponse ··· 796 798 } 797 799 798 800 type RepoTagsParams struct { 799 799 - LoggedInUser *oauth.User 801 801 + LoggedInUser *oauth.MultiAccountUser 800 802 RepoInfo repoinfo.RepoInfo 801 803 Active string 802 804 types.RepoTagsResponse ··· 810 812 } 811 813 812 814 type RepoArtifactParams struct { 813 813 - LoggedInUser *oauth.User 815 815 + LoggedInUser *oauth.MultiAccountUser 814 816 RepoInfo repoinfo.RepoInfo 815 817 Artifact models.Artifact 816 818 } ··· 820 822 } 821 823 822 824 type RepoBlobParams struct { 823 823 - LoggedInUser *oauth.User 825 825 + LoggedInUser *oauth.MultiAccountUser 824 826 RepoInfo repoinfo.RepoInfo 825 827 Active string 826 828 BreadCrumbs [][]string ··· 844 846 } 845 847 846 848 type RepoSettingsParams struct { 847 847 - LoggedInUser *oauth.User 849 849 + LoggedInUser *oauth.MultiAccountUser 848 850 RepoInfo repoinfo.RepoInfo 849 851 Collaborators []Collaborator 850 852 Active string ··· 863 865 } 864 866 865 867 type RepoGeneralSettingsParams struct { 866 866 - LoggedInUser *oauth.User 868 868 + LoggedInUser *oauth.MultiAccountUser 867 869 RepoInfo repoinfo.RepoInfo 868 870 Labels []models.LabelDefinition 869 871 DefaultLabels []models.LabelDefinition ··· 881 883 } 882 884 883 885 type RepoAccessSettingsParams struct { 884 884 - LoggedInUser *oauth.User 886 886 + LoggedInUser *oauth.MultiAccountUser 885 887 RepoInfo repoinfo.RepoInfo 886 888 Active string 887 889 Tabs []map[string]any ··· 895 897 } 896 898 897 899 type RepoPipelineSettingsParams struct { 898 898 - LoggedInUser *oauth.User 900 900 + LoggedInUser *oauth.MultiAccountUser 899 901 RepoInfo repoinfo.RepoInfo 900 902 Active string 901 903 Tabs []map[string]any ··· 911 913 } 912 914 913 915 type RepoIssuesParams struct { 914 914 - LoggedInUser *oauth.User 916 916 + LoggedInUser *oauth.MultiAccountUser 915 917 RepoInfo repoinfo.RepoInfo 916 918 Active string 917 919 Issues []models.Issue ··· 928 930 } 929 931 930 932 type RepoSingleIssueParams struct { 931 931 - LoggedInUser *oauth.User 933 933 + LoggedInUser *oauth.MultiAccountUser 932 934 RepoInfo repoinfo.RepoInfo 933 935 Active string 934 936 Issue *models.Issue ··· 947 949 } 948 950 949 951 type EditIssueParams struct { 950 950 - LoggedInUser *oauth.User 952 952 + LoggedInUser *oauth.MultiAccountUser 951 953 RepoInfo repoinfo.RepoInfo 952 954 Issue *models.Issue 953 955 Action string ··· 971 973 } 972 974 973 975 type RepoNewIssueParams struct { 974 974 - LoggedInUser *oauth.User 976 976 + LoggedInUser *oauth.MultiAccountUser 975 977 RepoInfo repoinfo.RepoInfo 976 978 Issue *models.Issue // existing issue if any -- passed when editing 977 979 Active string ··· 985 987 } 986 988 987 989 type EditIssueCommentParams struct { 988 988 - LoggedInUser *oauth.User 990 990 + LoggedInUser *oauth.MultiAccountUser 989 991 RepoInfo repoinfo.RepoInfo 990 992 Issue *models.Issue 991 993 Comment *models.IssueComment ··· 996 998 } 997 999 998 1000 type ReplyIssueCommentPlaceholderParams struct { 999 999 - LoggedInUser *oauth.User 1001 1001 + LoggedInUser *oauth.MultiAccountUser 1000 1002 RepoInfo repoinfo.RepoInfo 1001 1003 Issue *models.Issue 1002 1004 Comment *models.IssueComment ··· 1007 1009 } 1008 1010 1009 1011 type ReplyIssueCommentParams struct { 1010 1010 - LoggedInUser *oauth.User 1012 1012 + LoggedInUser *oauth.MultiAccountUser 1011 1013 RepoInfo repoinfo.RepoInfo 1012 1014 Issue *models.Issue 1013 1015 Comment *models.IssueComment ··· 1018 1020 } 1019 1021 1020 1022 type IssueCommentBodyParams struct { 1021 1021 - LoggedInUser *oauth.User 1023 1023 + LoggedInUser *oauth.MultiAccountUser 1022 1024 RepoInfo repoinfo.RepoInfo 1023 1025 Issue *models.Issue 1024 1026 Comment *models.IssueComment ··· 1029 1031 } 1030 1032 1031 1033 type RepoNewPullParams struct { 1032 1032 - LoggedInUser *oauth.User 1034 1034 + LoggedInUser *oauth.MultiAccountUser 1033 1035 RepoInfo repoinfo.RepoInfo 1034 1036 Branches []types.Branch 1035 1037 Strategy string ··· 1046 1048 } 1047 1049 1048 1050 type RepoPullsParams struct { 1049 1049 - LoggedInUser *oauth.User 1051 1051 + LoggedInUser *oauth.MultiAccountUser 1050 1052 RepoInfo repoinfo.RepoInfo 1051 1053 Pulls []*models.Pull 1052 1054 Active string ··· 1081 1083 } 1082 1084 1083 1085 type RepoSinglePullParams struct { 1084 1084 - LoggedInUser *oauth.User 1086 1086 + LoggedInUser *oauth.MultiAccountUser 1085 1087 RepoInfo repoinfo.RepoInfo 1086 1088 Active string 1087 1089 Pull *models.Pull ··· 1106 1108 } 1107 1109 1108 1110 type RepoPullPatchParams struct { 1109 1109 - LoggedInUser *oauth.User 1111 1111 + LoggedInUser *oauth.MultiAccountUser 1110 1112 RepoInfo repoinfo.RepoInfo 1111 1113 Pull *models.Pull 1112 1114 Stack models.Stack ··· 1123 1125 } 1124 1126 1125 1127 type RepoPullInterdiffParams struct { 1126 1126 - LoggedInUser *oauth.User 1128 1128 + LoggedInUser *oauth.MultiAccountUser 1127 1129 RepoInfo repoinfo.RepoInfo 1128 1130 Pull *models.Pull 1129 1131 Round int ··· 1176 1178 } 1177 1179 1178 1180 type PullResubmitParams struct { 1179 1179 - LoggedInUser *oauth.User 1181 1181 + LoggedInUser *oauth.MultiAccountUser 1180 1182 RepoInfo repoinfo.RepoInfo 1181 1183 Pull *models.Pull 1182 1184 SubmissionId int ··· 1187 1189 } 1188 1190 1189 1191 type PullActionsParams struct { 1190 1190 - LoggedInUser *oauth.User 1192 1192 + LoggedInUser *oauth.MultiAccountUser 1191 1193 RepoInfo repoinfo.RepoInfo 1192 1194 Pull *models.Pull 1193 1195 RoundNumber int ··· 1202 1204 } 1203 1205 1204 1206 type PullNewCommentParams struct { 1205 1205 - LoggedInUser *oauth.User 1207 1207 + LoggedInUser *oauth.MultiAccountUser 1206 1208 RepoInfo repoinfo.RepoInfo 1207 1209 Pull *models.Pull 1208 1210 RoundNumber int ··· 1213 1215 } 1214 1216 1215 1217 type RepoCompareParams struct { 1216 1216 - LoggedInUser *oauth.User 1218 1218 + LoggedInUser *oauth.MultiAccountUser 1217 1219 RepoInfo repoinfo.RepoInfo 1218 1220 Forks []models.Repo 1219 1221 Branches []types.Branch ··· 1232 1234 } 1233 1235 1234 1236 type RepoCompareNewParams struct { 1235 1235 - LoggedInUser *oauth.User 1237 1237 + LoggedInUser *oauth.MultiAccountUser 1236 1238 RepoInfo repoinfo.RepoInfo 1237 1239 Forks []models.Repo 1238 1240 Branches []types.Branch ··· 1249 1251 } 1250 1252 1251 1253 type RepoCompareAllowPullParams struct { 1252 1252 - LoggedInUser *oauth.User 1254 1254 + LoggedInUser *oauth.MultiAccountUser 1253 1255 RepoInfo repoinfo.RepoInfo 1254 1256 Base string 1255 1257 Head string ··· 1269 1271 } 1270 1272 1271 1273 type LabelPanelParams struct { 1272 1272 - LoggedInUser *oauth.User 1274 1274 + LoggedInUser *oauth.MultiAccountUser 1273 1275 RepoInfo repoinfo.RepoInfo 1274 1276 Defs map[string]*models.LabelDefinition 1275 1277 Subject string ··· 1281 1283 } 1282 1284 1283 1285 type EditLabelPanelParams struct { 1284 1284 - LoggedInUser *oauth.User 1286 1286 + LoggedInUser *oauth.MultiAccountUser 1285 1287 RepoInfo repoinfo.RepoInfo 1286 1288 Defs map[string]*models.LabelDefinition 1287 1289 Subject string ··· 1293 1295 } 1294 1296 1295 1297 type PipelinesParams struct { 1296 1296 - LoggedInUser *oauth.User 1298 1298 + LoggedInUser *oauth.MultiAccountUser 1297 1299 RepoInfo repoinfo.RepoInfo 1298 1300 Pipelines []models.Pipeline 1299 1301 Active string ··· 1336 1338 } 1337 1339 1338 1340 type WorkflowParams struct { 1339 1339 - LoggedInUser *oauth.User 1341 1341 + LoggedInUser *oauth.MultiAccountUser 1340 1342 RepoInfo repoinfo.RepoInfo 1341 1343 Pipeline models.Pipeline 1342 1344 Workflow string ··· 1350 1352 } 1351 1353 1352 1354 type PutStringParams struct { 1353 1353 - LoggedInUser *oauth.User 1355 1355 + LoggedInUser *oauth.MultiAccountUser 1354 1356 Action string 1355 1357 1356 1358 // this is supplied in the case of editing an existing string ··· 1362 1364 } 1363 1365 1364 1366 type StringsDashboardParams struct { 1365 1365 - LoggedInUser *oauth.User 1367 1367 + LoggedInUser *oauth.MultiAccountUser 1366 1368 Card ProfileCard 1367 1369 Strings []models.String 1368 1370 } ··· 1372 1374 } 1373 1375 1374 1376 type StringTimelineParams struct { 1375 1375 - LoggedInUser *oauth.User 1377 1377 + LoggedInUser *oauth.MultiAccountUser 1376 1378 Strings []models.String 1377 1379 } 1378 1380 ··· 1381 1383 } 1382 1384 1383 1385 type SingleStringParams struct { 1384 1384 - LoggedInUser *oauth.User 1386 1386 + LoggedInUser *oauth.MultiAccountUser 1385 1387 ShowRendered bool 1386 1388 RenderToggle bool 1387 1389 RenderedContents template.HTML

+1 -1

appview/pages/templates/banner.html

··· 30 30 <div class="mx-6"> 31 31 These services may not be fully accessible until upgraded. 32 32 <a class="underline text-red-800 dark:text-red-200" 33 33 - href="https://tangled.org/@tangled.org/core/tree/master/docs/migrations.md"> 33 33 + href="https://docs.tangled.org/migrating-knots-spindles.html#migrating-knots-spindles"> 34 34 Click to read the upgrade guide</a>. 35 35 </div> 36 36 </details>

+5

appview/pages/templates/fragments/starBtn-oob.html

··· 1 1 + {{ define "fragments/starBtn-oob" }} 2 2 + <div hx-swap-oob='outerHTML:#starBtn[data-star-subject-at="{{ .SubjectAt }}"]'> 3 3 + {{ template "fragments/starBtn" . }} 4 4 + </div> 5 5 + {{ end }}

+1 -3

appview/pages/templates/fragments/starBtn.html

··· 1 1 {{ define "fragments/starBtn" }} 2 2 + {{/* NOTE: this fragment is always replaced with hx-swap-oob */}} 2 3 <button 3 4 id="starBtn" 4 5 class="btn disabled:opacity-50 disabled:cursor-not-allowed flex gap-2 items-center group" ··· 10 11 {{ end }} 11 12 12 13 hx-trigger="click" 13 13 - hx-target="this" 14 14 - hx-swap="outerHTML" 15 15 - hx-swap-oob='outerHTML:#starBtn[data-star-subject-at="{{ .SubjectAt }}"]' 16 14 hx-disabled-elt="#starBtn" 17 15 > 18 16 {{ if .IsStarred }}

+1 -1

appview/pages/templates/knots/index.html

··· 105 105 {{ define "docsButton" }} 106 106 <a 107 107 class="btn flex items-center gap-2" 108 108 - href="https://tangled.org/@tangled.org/core/blob/master/docs/spindle/hosting.md"> 108 108 + href="https://docs.tangled.org/knot-self-hosting-guide.html#knot-self-hosting-guide"> 109 109 {{ i "book" "size-4" }} 110 110 docs 111 111 </a>

+2 -2

appview/pages/templates/layouts/fragments/footer.html

··· 26 26 <div class="flex flex-col gap-1"> 27 27 <div class="{{ $headerStyle }}">resources</div> 28 28 <a href="https://blog.tangled.org" class="{{ $linkStyle }}" target="_blank" rel="noopener noreferrer">{{ i "book-open" $iconStyle }} blog</a> 29 29 - <a href="https://tangled.org/@tangled.org/core/tree/master/docs" class="{{ $linkStyle }}">{{ i "book" $iconStyle }} docs</a> 29 29 + <a href="https://docs.tangled.org" class="{{ $linkStyle }}">{{ i "book" $iconStyle }} docs</a> 30 30 <a href="https://tangled.org/@tangled.org/core" class="{{ $linkStyle }}">{{ i "code" $iconStyle }} source</a> 31 31 <a href="https://tangled.org/brand" class="{{ $linkStyle }}">{{ i "paintbrush" $iconStyle }} brand</a> 32 32 </div> ··· 73 73 <div class="flex flex-col gap-1"> 74 74 <div class="{{ $headerStyle }}">resources</div> 75 75 <a href="https://blog.tangled.org" class="{{ $linkStyle }}" target="_blank" rel="noopener noreferrer">{{ i "book-open" $iconStyle }} blog</a> 76 76 - <a href="https://tangled.org/@tangled.org/core/tree/master/docs" class="{{ $linkStyle }}">{{ i "book" $iconStyle }} docs</a> 76 76 + <a href="https://docs.tangled.org" class="{{ $linkStyle }}">{{ i "book" $iconStyle }} docs</a> 77 77 <a href="https://tangled.org/@tangled.org/core" class="{{ $linkStyle }}">{{ i "code" $iconStyle }} source</a> 78 78 <a href="https://tangled.org/brand" class="{{ $linkStyle }}">{{ i "paintbrush" $iconStyle }} brand</a> 79 79 </div>

+49 -11

appview/pages/templates/layouts/fragments/topbar.html

··· 49 49 {{ define "profileDropdown" }} 50 50 <details class="relative inline-block text-left nav-dropdown"> 51 51 <summary class="cursor-pointer list-none flex items-center gap-1"> 52 52 - {{ $user := .Did }} 52 52 + {{ $user := .Active.Did }} 53 53 <img 54 54 src="{{ tinyAvatar $user }}" 55 55 alt="" ··· 57 57 /> 58 58 <span class="hidden md:inline">{{ $user | resolve | truncateAt30 }}</span> 59 59 </summary> 60 60 - <div class="absolute flex flex-col right-0 mt-4 p-4 rounded w-48 bg-white dark:bg-gray-800 dark:text-white border border-gray-200 dark:border-gray-700"> 61 61 - <a href="/{{ $user }}">profile</a> 62 62 - <a href="/{{ $user }}?tab=repos">repositories</a> 63 63 - <a href="/{{ $user }}?tab=strings">strings</a> 64 64 - <a href="/settings">settings</a> 65 65 - <a href="#" 66 66 - hx-post="/logout" 67 67 - hx-swap="none" 68 68 - class="text-red-400 hover:text-red-700 dark:text-red-400 dark:hover:text-red-300"> 69 69 - logout 60 60 + <div class="absolute right-0 mt-4 p-4 rounded bg-white dark:bg-gray-800 dark:text-white border border-gray-200 dark:border-gray-700 shadow-lg z-50" style="width: 14rem;"> 61 61 + {{ $active := .Active.Did }} 62 62 + 63 63 + <div class="pb-2 mb-2 border-b border-gray-200 dark:border-gray-700"> 64 64 + <div class="flex items-center gap-2"> 65 65 + <img src="{{ tinyAvatar $active }}" alt="" class="rounded-full h-8 w-8 flex-shrink-0 border border-gray-300 dark:border-gray-700" /> 66 66 + <div class="flex-1 overflow-hidden"> 67 67 + <p class="font-medium text-sm truncate">{{ $active | resolve }}</p> 68 68 + <p class="text-xs text-green-600 dark:text-green-400">active</p> 69 69 + </div> 70 70 + </div> 71 71 + </div> 72 72 + 73 73 + {{ $others := .Accounts | otherAccounts $active }} 74 74 + {{ if $others }} 75 75 + <div class="pb-2 mb-2 border-b border-gray-200 dark:border-gray-700"> 76 76 + <p class="text-xs text-gray-500 dark:text-gray-400 uppercase tracking-wide mb-1">Switch Account</p> 77 77 + {{ range $others }} 78 78 + <button 79 79 + type="button" 80 80 + hx-post="/account/switch" 81 81 + hx-vals='{"did": "{{ .Did }}"}' 82 82 + hx-swap="none" 83 83 + class="flex items-center gap-2 w-full py-1.5 rounded hover:bg-gray-100 dark:hover:bg-gray-700 text-left" 84 84 + > 85 85 + <img src="{{ tinyAvatar .Did }}" alt="" class="rounded-full h-6 w-6 flex-shrink-0 border border-gray-300 dark:border-gray-700" /> 86 86 + <span class="text-sm truncate flex-1">{{ .Did | resolve }}</span> 87 87 + </button> 88 88 + {{ end }} 89 89 + </div> 90 90 + {{ end }} 91 91 + 92 92 + <a href="/login?mode=add_account" class="flex items-center gap-2 py-1 text-sm"> 93 93 + {{ i "plus" "w-4 h-4 flex-shrink-0" }} 94 94 + <span>Add another account</span> 70 95 </a> 96 96 + 97 97 + <div class="pt-2 mt-2 border-t border-gray-200 dark:border-gray-700 space-y-1"> 98 98 + <a href="/{{ $active }}" class="block py-1 text-sm">profile</a> 99 99 + <a href="/{{ $active }}?tab=repos" class="block py-1 text-sm">repositories</a> 100 100 + <a href="/{{ $active }}?tab=strings" class="block py-1 text-sm">strings</a> 101 101 + <a href="/settings" class="block py-1 text-sm">settings</a> 102 102 + <a href="#" 103 103 + hx-post="/logout" 104 104 + hx-swap="none" 105 105 + class="block py-1 text-sm text-red-400 hover:text-red-700 dark:text-red-400 dark:hover:text-red-300"> 106 106 + logout 107 107 + </a> 108 108 + </div> 71 109 </div> 72 110 </details> 73 111

+1 -1

appview/pages/templates/repo/empty.html

··· 26 26 {{ else if (and .LoggedInUser (eq .LoggedInUser.Did .RepoInfo.OwnerDid)) }} 27 27 {{ $knot := .RepoInfo.Knot }} 28 28 {{ if eq $knot "knot1.tangled.sh" }} 29 29 - {{ $knot = "tangled.sh" }} 29 29 + {{ $knot = "tangled.org" }} 30 30 {{ end }} 31 31 <div class="w-full flex place-content-center"> 32 32 <div class="py-6 w-fit flex flex-col gap-4">

+6 -6

appview/pages/templates/repo/fragments/backlinks.html

··· 14 14 <div class="flex gap-2 items-center"> 15 15 {{ if .State.IsClosed }} 16 16 <span class="text-gray-500 dark:text-gray-400"> 17 17 - {{ i "ban" "w-4 h-4" }} 17 17 + {{ i "ban" "size-3" }} 18 18 </span> 19 19 {{ else if eq .Kind.String "issues" }} 20 20 <span class="text-green-600 dark:text-green-500"> 21 21 - {{ i "circle-dot" "w-4 h-4" }} 21 21 + {{ i "circle-dot" "size-3" }} 22 22 </span> 23 23 {{ else if .State.IsOpen }} 24 24 <span class="text-green-600 dark:text-green-500"> 25 25 - {{ i "git-pull-request" "w-4 h-4" }} 25 25 + {{ i "git-pull-request" "size-3" }} 26 26 </span> 27 27 {{ else if .State.IsMerged }} 28 28 <span class="text-purple-600 dark:text-purple-500"> 29 29 - {{ i "git-merge" "w-4 h-4" }} 29 29 + {{ i "git-merge" "size-3" }} 30 30 </span> 31 31 {{ else }} 32 32 <span class="text-gray-600 dark:text-gray-300"> 33 33 - {{ i "git-pull-request-closed" "w-4 h-4" }} 33 33 + {{ i "git-pull-request-closed" "size-3" }} 34 34 </span> 35 35 {{ end }} 36 36 - <a href="{{ . }}"><span class="text-gray-500 dark:text-gray-400">#{{ .SubjectId }}</span> {{ .Title }}</a> 36 36 + <a href="{{ . }}" class="line-clamp-1 text-sm"><span class="text-gray-500 dark:text-gray-400">#{{ .SubjectId }}</span> {{ .Title }}</a> 37 37 </div> 38 38 {{ if not (eq $.RepoInfo.FullName $repoUrl) }} 39 39 <div>

+1 -1

appview/pages/templates/repo/fragments/diff.html

··· 17 17 {{ else }} 18 18 {{ range $idx, $hunk := $diff }} 19 19 {{ with $hunk }} 20 20 - <details open id="file-{{ .Name.New }}" class="group border border-gray-200 dark:border-gray-700 w-full mx-auto rounded bg-white dark:bg-gray-800 drop-shadow-sm" tabindex="{{ add $idx 1 }}"> 20 20 + <details open id="file-{{ .Id }}" class="group border border-gray-200 dark:border-gray-700 w-full mx-auto rounded bg-white dark:bg-gray-800 drop-shadow-sm" tabindex="{{ add $idx 1 }}"> 21 21 <summary class="list-none cursor-pointer sticky top-0"> 22 22 <div id="diff-file-header" class="rounded cursor-pointer bg-white dark:bg-gray-800 flex justify-between"> 23 23 <div id="left-side-items" class="p-2 flex gap-2 items-center overflow-x-auto">

+35 -35

appview/pages/templates/repo/fragments/splitDiff.html

··· 3 3 {{- $lineNrStyle := "min-w-[3.5rem] flex-shrink-0 select-none text-right bg-white dark:bg-gray-800" -}} 4 4 {{- $linkStyle := "text-gray-400 dark:text-gray-500 hover:underline" -}} 5 5 {{- $lineNrSepStyle := "pr-2 border-r border-gray-200 dark:border-gray-700" -}} 6 6 - {{- $containerStyle := "flex min-w-full items-center target:border target:rounded-sm target:border-yellow-200 target:dark:border-yellow-700 scroll-mt-20" -}} 6 6 + {{- $containerStyle := "inline-flex w-full items-center target:border target:rounded-sm target:border-yellow-200 target:dark:border-yellow-700 scroll-mt-20" -}} 7 7 {{- $emptyStyle := "bg-gray-200/30 dark:bg-gray-700/30" -}} 8 8 {{- $addStyle := "bg-green-100 dark:bg-green-800/30 text-green-700 dark:text-green-400" -}} 9 9 {{- $delStyle := "bg-red-100 dark:bg-red-800/30 text-red-700 dark:text-red-400 " -}} 10 10 {{- $ctxStyle := "bg-white dark:bg-gray-800 text-gray-500 dark:text-gray-400" -}} 11 11 {{- $opStyle := "w-5 flex-shrink-0 select-none text-center" -}} 12 12 <div class="grid grid-cols-2 divide-x divide-gray-200 dark:divide-gray-700"> 13 13 - <pre class="overflow-x-auto col-span-1"><div class="overflow-x-auto"><div class="min-w-full inline-block">{{- range .TextFragments -}}<div class="bg-gray-100 dark:bg-gray-700 text-gray-500 dark:text-gray-400 select-none text-center">&middot;&middot;&middot;</div> 13 13 + <div class="overflow-x-auto col-span-1 font-mono leading-normal"><div class="overflow-x-auto"><div class="inline-flex flex-col min-w-full">{{- range .TextFragments -}}<span class="block bg-gray-100 dark:bg-gray-700 text-gray-500 dark:text-gray-400 select-none text-center">&middot;&middot;&middot;</span> 14 14 {{- range .LeftLines -}} 15 15 {{- if .IsEmpty -}} 16 16 - <div class="{{ $emptyStyle }} {{ $containerStyle }}"> 17 17 - <div class="{{$lineNrStyle}} {{$lineNrSepStyle}}"><span aria-hidden="true" class="invisible">{{.LineNumber}}</span></div> 18 18 - <div class="{{ $opStyle }}"><span aria-hidden="true" class="invisible">{{ .Op.String }}</span></div> 19 19 - <div class="px-2 invisible" aria-hidden="true">{{ .Content }}</div> 20 20 - </div> 16 16 + <span class="{{ $emptyStyle }} {{ $containerStyle }}"> 17 17 + <span class="{{$lineNrStyle}} {{$lineNrSepStyle}}"><span aria-hidden="true" class="invisible">{{.LineNumber}}</span></span> 18 18 + <span class="{{ $opStyle }}"><span aria-hidden="true" class="invisible">{{ .Op.String }}</span></span> 19 19 + <span class="px-2 invisible" aria-hidden="true">{{ .Content }}</span> 20 20 + </span> 21 21 {{- else if eq .Op.String "-" -}} 22 22 - <div class="{{ $delStyle }} {{ $containerStyle }}" id="{{$name}}-O{{.LineNumber}}"> 23 23 - <div class="{{ $lineNrStyle }} {{ $lineNrSepStyle }}"><a class="{{$linkStyle}}" href="#{{$name}}-O{{.LineNumber}}">{{ .LineNumber }}</a></div> 24 24 - <div class="{{ $opStyle }}">{{ .Op.String }}</div> 25 25 - <div class="px-2">{{ .Content }}</div> 26 26 - </div> 22 22 + <span class="{{ $delStyle }} {{ $containerStyle }}" id="{{$name}}-O{{.LineNumber}}"> 23 23 + <span class="{{ $lineNrStyle }} {{ $lineNrSepStyle }}"><a class="{{$linkStyle}}" href="#{{$name}}-O{{.LineNumber}}">{{ .LineNumber }}</a></span> 24 24 + <span class="{{ $opStyle }}">{{ .Op.String }}</span> 25 25 + <span class="px-2 whitespace-pre">{{ .Content }}</span> 26 26 + </span> 27 27 {{- else if eq .Op.String " " -}} 28 28 - <div class="{{ $ctxStyle }} {{ $containerStyle }}" id="{{$name}}-O{{.LineNumber}}"> 29 29 - <div class="{{ $lineNrStyle }} {{ $lineNrSepStyle }}"><a class="{{$linkStyle}}" href="#{{$name}}-O{{.LineNumber}}">{{ .LineNumber }}</a></div> 30 30 - <div class="{{ $opStyle }}">{{ .Op.String }}</div> 31 31 - <div class="px-2">{{ .Content }}</div> 32 32 - </div> 28 28 + <span class="{{ $ctxStyle }} {{ $containerStyle }}" id="{{$name}}-O{{.LineNumber}}"> 29 29 + <span class="{{ $lineNrStyle }} {{ $lineNrSepStyle }}"><a class="{{$linkStyle}}" href="#{{$name}}-O{{.LineNumber}}">{{ .LineNumber }}</a></span> 30 30 + <span class="{{ $opStyle }}">{{ .Op.String }}</span> 31 31 + <span class="px-2 whitespace-pre">{{ .Content }}</span> 32 32 + </span> 33 33 {{- end -}} 34 34 {{- end -}} 35 35 - {{- end -}}</div></div></pre> 35 35 + {{- end -}}</div></div></div> 36 36 37 37 - <pre class="overflow-x-auto col-span-1"><div class="overflow-x-auto"><div class="min-w-full inline-block">{{- range .TextFragments -}}<div class="bg-gray-100 dark:bg-gray-700 text-gray-500 dark:text-gray-400 select-none text-center">&middot;&middot;&middot;</div> 37 37 + <div class="overflow-x-auto col-span-1 font-mono leading-normal"><div class="overflow-x-auto"><div class="inline-flex flex-col min-w-full">{{- range .TextFragments -}}<span class="block bg-gray-100 dark:bg-gray-700 text-gray-500 dark:text-gray-400 select-none text-center">&middot;&middot;&middot;</span> 38 38 {{- range .RightLines -}} 39 39 {{- if .IsEmpty -}} 40 40 - <div class="{{ $emptyStyle }} {{ $containerStyle }}"> 41 41 - <div class="{{$lineNrStyle}} {{$lineNrSepStyle}}"><span aria-hidden="true" class="invisible">{{.LineNumber}}</span></div> 42 42 - <div class="{{ $opStyle }}"><span aria-hidden="true" class="invisible">{{ .Op.String }}</span></div> 43 43 - <div class="px-2 invisible" aria-hidden="true">{{ .Content }}</div> 44 44 - </div> 40 40 + <span class="{{ $emptyStyle }} {{ $containerStyle }}"> 41 41 + <span class="{{$lineNrStyle}} {{$lineNrSepStyle}}"><span aria-hidden="true" class="invisible">{{.LineNumber}}</span></span> 42 42 + <span class="{{ $opStyle }}"><span aria-hidden="true" class="invisible">{{ .Op.String }}</span></span> 43 43 + <span class="px-2 invisible" aria-hidden="true">{{ .Content }}</span> 44 44 + </span> 45 45 {{- else if eq .Op.String "+" -}} 46 46 - <div class="{{ $addStyle }} {{ $containerStyle }}" id="{{$name}}-N{{.LineNumber}}"> 47 47 - <div class="{{$lineNrStyle}} {{$lineNrSepStyle}}"><a class="{{$linkStyle}}" href="#{{$name}}-N{{.LineNumber}}">{{ .LineNumber }}</a></div> 48 48 - <div class="{{ $opStyle }}">{{ .Op.String }}</div> 49 49 - <div class="px-2" >{{ .Content }}</div> 50 50 - </div> 46 46 + <span class="{{ $addStyle }} {{ $containerStyle }}" id="{{$name}}-N{{.LineNumber}}"> 47 47 + <span class="{{$lineNrStyle}} {{$lineNrSepStyle}}"><a class="{{$linkStyle}}" href="#{{$name}}-N{{.LineNumber}}">{{ .LineNumber }}</a></span> 48 48 + <span class="{{ $opStyle }}">{{ .Op.String }}</span> 49 49 + <span class="px-2 whitespace-pre">{{ .Content }}</span> 50 50 + </span> 51 51 {{- else if eq .Op.String " " -}} 52 52 - <div class="{{ $ctxStyle }} {{ $containerStyle }}" id="{{$name}}-N{{.LineNumber}}"> 53 53 - <div class="{{$lineNrStyle}} {{$lineNrSepStyle}}"><a class="{{$linkStyle}}" href="#{{$name}}-N{{.LineNumber}}">{{ .LineNumber }}</a></div> 54 54 - <div class="{{ $opStyle }}">{{ .Op.String }}</div> 55 55 - <div class="px-2">{{ .Content }}</div> 56 56 - </div> 52 52 + <span class="{{ $ctxStyle }} {{ $containerStyle }}" id="{{$name}}-N{{.LineNumber}}"> 53 53 + <span class="{{$lineNrStyle}} {{$lineNrSepStyle}}"><a class="{{$linkStyle}}" href="#{{$name}}-N{{.LineNumber}}">{{ .LineNumber }}</a> </span> 54 54 + <span class="{{ $opStyle }}">{{ .Op.String }}</span> 55 55 + <span class="px-2 whitespace-pre">{{ .Content }}</span> 56 56 + </span> 57 57 {{- end -}} 58 58 {{- end -}} 59 59 - {{- end -}}</div></div></pre> 59 59 + {{- end -}}</div></div></div> 60 60 </div> 61 61 {{ end }}

+21 -22

appview/pages/templates/repo/fragments/unifiedDiff.html

··· 1 1 {{ define "repo/fragments/unifiedDiff" }} 2 2 {{ $name := .Id }} 3 3 - <pre class="overflow-x-auto"><div class="overflow-x-auto"><div class="min-w-full inline-block">{{- range .TextFragments -}}<div class="bg-gray-100 dark:bg-gray-700 text-gray-500 dark:text-gray-400 select-none text-center">&middot;&middot;&middot;</div> 3 3 + <div class="overflow-x-auto font-mono leading-normal"><div class="overflow-x-auto"><div class="inline-flex flex-col min-w-full">{{- range .TextFragments -}}<span class="block bg-gray-100 dark:bg-gray-700 text-gray-500 dark:text-gray-400 select-none text-center">&middot;&middot;&middot;</span> 4 4 {{- $oldStart := .OldPosition -}} 5 5 {{- $newStart := .NewPosition -}} 6 6 {{- $lineNrStyle := "min-w-[3.5rem] flex-shrink-0 select-none text-right bg-white dark:bg-gray-800 target:bg-yellow-200 target:dark:bg-yellow-600" -}} 7 7 {{- $linkStyle := "text-gray-400 dark:text-gray-500 hover:underline" -}} 8 8 {{- $lineNrSepStyle1 := "" -}} 9 9 {{- $lineNrSepStyle2 := "pr-2 border-r border-gray-200 dark:border-gray-700" -}} 10 10 - {{- $containerStyle := "flex min-w-full items-center target:border target:rounded-sm target:border-yellow-200 target:dark:border-yellow-700 scroll-mt-20" -}} 10 10 + {{- $containerStyle := "inline-flex w-full items-center target:border target:rounded-sm target:border-yellow-200 target:dark:border-yellow-700 scroll-mt-20" -}} 11 11 {{- $addStyle := "bg-green-100 dark:bg-green-800/30 text-green-700 dark:text-green-400 " -}} 12 12 {{- $delStyle := "bg-red-100 dark:bg-red-800/30 text-red-700 dark:text-red-400 " -}} 13 13 {{- $ctxStyle := "bg-white dark:bg-gray-800 text-gray-500 dark:text-gray-400" -}} 14 14 {{- $opStyle := "w-5 flex-shrink-0 select-none text-center" -}} 15 15 {{- range .Lines -}} 16 16 {{- if eq .Op.String "+" -}} 17 17 - <div class="{{ $addStyle }} {{ $containerStyle }}" id="{{$name}}-N{{$newStart}}"> 18 18 - <div class="{{$lineNrStyle}} {{$lineNrSepStyle1}}"><span aria-hidden="true" class="invisible">{{$newStart}}</span></div> 19 19 - <div class="{{$lineNrStyle}} {{$lineNrSepStyle2}}"><a class="{{$linkStyle}}" href="#{{$name}}-N{{$newStart}}">{{ $newStart }}</a></div> 20 20 - <div class="{{ $opStyle }}">{{ .Op.String }}</div> 21 21 - <div class="px-2">{{ .Line }}</div> 22 22 - </div> 17 17 + <span class="{{ $addStyle }} {{ $containerStyle }}" id="{{$name}}-N{{$newStart}}"> 18 18 + <span class="{{$lineNrStyle}} {{$lineNrSepStyle1}}"><span aria-hidden="true" class="invisible">{{$newStart}}</span></span> 19 19 + <span class="{{$lineNrStyle}} {{$lineNrSepStyle2}}"><a class="{{$linkStyle}}" href="#{{$name}}-N{{$newStart}}">{{ $newStart }}</a></span> 20 20 + <span class="{{ $opStyle }}">{{ .Op.String }}</span> 21 21 + <span class="px-2 whitespace-pre">{{ .Line }}</span> 22 22 + </span> 23 23 {{- $newStart = add64 $newStart 1 -}} 24 24 {{- end -}} 25 25 {{- if eq .Op.String "-" -}} 26 26 - <div class="{{ $delStyle }} {{ $containerStyle }}" id="{{$name}}-O{{$oldStart}}"> 27 27 - <div class="{{$lineNrStyle}} {{$lineNrSepStyle1}}"><a class="{{$linkStyle}}" href="#{{$name}}-O{{$oldStart}}">{{ $oldStart }}</a></div> 28 28 - <div class="{{$lineNrStyle}} {{$lineNrSepStyle2}}"><span aria-hidden="true" class="invisible">{{$oldStart}}</span></div> 29 29 - <div class="{{ $opStyle }}">{{ .Op.String }}</div> 30 30 - <div class="px-2">{{ .Line }}</div> 31 31 - </div> 26 26 + <span class="{{ $delStyle }} {{ $containerStyle }}" id="{{$name}}-O{{$oldStart}}"> 27 27 + <span class="{{$lineNrStyle}} {{$lineNrSepStyle1}}"><a class="{{$linkStyle}}" href="#{{$name}}-O{{$oldStart}}">{{ $oldStart }}</a></span> 28 28 + <span class="{{$lineNrStyle}} {{$lineNrSepStyle2}}"><span aria-hidden="true" class="invisible">{{$oldStart}}</span></span> 29 29 + <span class="{{ $opStyle }}">{{ .Op.String }}</span> 30 30 + <span class="px-2 whitespace-pre">{{ .Line }}</span> 31 31 + </span> 32 32 {{- $oldStart = add64 $oldStart 1 -}} 33 33 {{- end -}} 34 34 {{- if eq .Op.String " " -}} 35 35 - <div class="{{ $ctxStyle }} {{ $containerStyle }}" id="{{$name}}-O{{$oldStart}}-N{{$newStart}}"> 36 36 - <div class="{{$lineNrStyle}} {{$lineNrSepStyle1}}"><a class="{{$linkStyle}}" href="#{{$name}}-O{{$oldStart}}-N{{$newStart}}">{{ $oldStart }}</a></div> 37 37 - <div class="{{$lineNrStyle}} {{$lineNrSepStyle2}}"><a class="{{$linkStyle}}" href="#{{$name}}-O{{$oldStart}}-N{{$newStart}}">{{ $newStart }}</a></div> 38 38 - <div class="{{ $opStyle }}">{{ .Op.String }}</div> 39 39 - <div class="px-2">{{ .Line }}</div> 40 40 - </div> 35 35 + <span class="{{ $ctxStyle }} {{ $containerStyle }}" id="{{$name}}-O{{$oldStart}}-N{{$newStart}}"> 36 36 + <span class="{{$lineNrStyle}} {{$lineNrSepStyle1}}"><a class="{{$linkStyle}}" href="#{{$name}}-O{{$oldStart}}-N{{$newStart}}">{{ $oldStart }}</a></span> 37 37 + <span class="{{$lineNrStyle}} {{$lineNrSepStyle2}}"><a class="{{$linkStyle}}" href="#{{$name}}-O{{$oldStart}}-N{{$newStart}}">{{ $newStart }}</a></span> 38 38 + <span class="{{ $opStyle }}">{{ .Op.String }}</span> 39 39 + <span class="px-2 whitespace-pre">{{ .Line }}</span> 40 40 + </span> 41 41 {{- $newStart = add64 $newStart 1 -}} 42 42 {{- $oldStart = add64 $oldStart 1 -}} 43 43 {{- end -}} 44 44 {{- end -}} 45 45 - {{- end -}}</div></div></pre> 45 45 + {{- end -}}</div></div></div> 46 46 {{ end }} 47 47 -

+1 -1

appview/pages/templates/repo/pipelines/pipelines.html

··· 23 23 </p> 24 24 <p> 25 25 <span class="{{ $bullet }}">2</span>Configure your CI/CD 26 26 - <a href="https://tangled.org/@tangled.org/core/blob/master/docs/spindle/pipeline.md" class="underline">pipeline</a>. 26 26 + <a href="https://docs.tangled.org/spindles.html#pipelines" class="underline">pipeline</a>. 27 27 </p> 28 28 <p><span class="{{ $bullet }}">3</span>Trigger a workflow with a push or a pull-request!</p> 29 29 </div>

+1 -1

appview/pages/templates/repo/settings/pipelines.html

··· 22 22 <p class="text-gray-500 dark:text-gray-400"> 23 23 Choose a spindle to execute your workflows on. Only repository owners 24 24 can configure spindles. Spindles can be selfhosted, 25 25 - <a class="text-gray-500 dark:text-gray-400 underline" href="https://tangled.org/@tangled.org/core/blob/master/docs/spindle/hosting.md"> 25 25 + <a class="text-gray-500 dark:text-gray-400 underline" href="https://docs.tangled.org/spindles.html#self-hosting-guide"> 26 26 click to learn more. 27 27 </a> 28 28 </p>

+1 -1

appview/pages/templates/spindles/index.html

··· 102 102 {{ define "docsButton" }} 103 103 <a 104 104 class="btn flex items-center gap-2" 105 105 - href="https://tangled.org/@tangled.org/core/blob/master/docs/spindle/hosting.md"> 105 105 + href="https://docs.tangled.org/spindles.html#self-hosting-guide"> 106 106 {{ i "book" "size-4" }} 107 107 docs 108 108 </a>

+1 -1

appview/pages/templates/strings/string.html

··· 17 17 <span class="select-none">/</span> 18 18 <a href="/strings/{{ $ownerId }}/{{ .String.Rkey }}" class="font-bold">{{ .String.Filename }}</a> 19 19 </div> 20 20 - <div class="flex gap-2 text-base"> 20 20 + <div class="flex gap-2 items-stretch text-base"> 21 21 {{ if and .LoggedInUser (eq .LoggedInUser.Did .String.Did) }} 22 22 <a class="btn flex items-center gap-2 no-underline hover:no-underline p-2 group" 23 23 hx-boost="true"

+2 -2

appview/pages/templates/user/fragments/followCard.html

··· 6 6 <img class="object-cover rounded-full p-2" src="{{ fullAvatar $userIdent }}" alt="{{ $userIdent }}" /> 7 7 </div> 8 8 9 9 - <div class="flex flex-col md:flex-row md:items-center md:justify-between gap-2 w-full"> 9 9 + <div class="flex flex-col md:flex-row md:items-center md:justify-between gap-2 w-full min-w-0"> 10 10 <div class="flex-1 min-h-0 justify-around flex flex-col"> 11 11 <a href="/{{ $userIdent }}"> 12 12 <span class="font-bold dark:text-white overflow-hidden text-ellipsis whitespace-nowrap max-w-full">{{ $userIdent | truncateAt30 }}</span> 13 13 </a> 14 14 {{ with .Profile }} 15 15 - <p class="text-sm pb-2 md:pb-2">{{.Description}}</p> 15 15 + <p class="text-sm pb-2 md:pb-2 break-words">{{.Description}}</p> 16 16 {{ end }} 17 17 <div class="text-sm flex items-center gap-2 my-2 overflow-hidden text-ellipsis whitespace-nowrap max-w-full"> 18 18 <span class="flex-shrink-0">{{ i "users" "size-4" }}</span>

+53

appview/pages/templates/user/login.html

··· 20 20 <h2 class="text-center text-xl italic dark:text-white"> 21 21 tightly-knit social coding. 22 22 </h2> 23 23 + 24 24 + {{ if .AddAccount }} 25 25 + <div class="flex gap-2 my-4 bg-blue-50 dark:bg-blue-900/30 border border-blue-300 dark:border-sky-800 rounded px-3 py-2 text-blue-600 dark:text-blue-300"> 26 26 + <span class="py-1">{{ i "user-plus" "w-4 h-4" }}</span> 27 27 + <div> 28 28 + <h5 class="font-medium">Add another account</h5> 29 29 + <p class="text-sm">Sign in with a different account to add it to your account list.</p> 30 30 + </div> 31 31 + </div> 32 32 + {{ end }} 33 33 + 34 34 + {{ if and .LoggedInUser .LoggedInUser.Accounts }} 35 35 + {{ $accounts := .LoggedInUser.Accounts }} 36 36 + {{ if $accounts }} 37 37 + <div class="my-4 border border-gray-200 dark:border-gray-700 rounded overflow-hidden"> 38 38 + <div class="px-3 py-2 bg-gray-50 dark:bg-gray-800 border-b border-gray-200 dark:border-gray-700"> 39 39 + <span class="text-xs text-gray-500 dark:text-gray-400 uppercase tracking-wide font-medium">Saved accounts</span> 40 40 + </div> 41 41 + <div class="divide-y divide-gray-200 dark:divide-gray-700"> 42 42 + {{ range $accounts }} 43 43 + <div class="flex items-center justify-between px-3 py-2 hover:bg-gray-100 dark:hover:bg-gray-700"> 44 44 + <button 45 45 + type="button" 46 46 + hx-post="/account/switch" 47 47 + hx-vals='{"did": "{{ .Did }}"}' 48 48 + hx-swap="none" 49 49 + class="flex items-center gap-2 flex-1 text-left min-w-0" 50 50 + > 51 51 + <img src="{{ tinyAvatar .Did }}" alt="" class="rounded-full h-8 w-8 flex-shrink-0 border border-gray-300 dark:border-gray-700" /> 52 52 + <div class="flex flex-col min-w-0"> 53 53 + <span class="text-sm font-medium dark:text-white truncate">{{ .Did | resolve | truncateAt30 }}</span> 54 54 + <span class="text-xs text-gray-500 dark:text-gray-400">Click to switch</span> 55 55 + </div> 56 56 + </button> 57 57 + <button 58 58 + type="button" 59 59 + hx-delete="/account/{{ .Did }}" 60 60 + hx-swap="none" 61 61 + class="p-1 text-gray-400 hover:text-red-500 dark:hover:text-red-400 flex-shrink-0" 62 62 + title="Remove account" 63 63 + > 64 64 + {{ i "x" "w-4 h-4" }} 65 65 + </button> 66 66 + </div> 67 67 + {{ end }} 68 68 + </div> 69 69 + </div> 70 70 + {{ end }} 71 71 + {{ end }} 72 72 + 23 73 <form 24 74 class="mt-4" 25 75 hx-post="/login" ··· 46 96 </span> 47 97 </div> 48 98 <input type="hidden" name="return_url" value="{{ .ReturnUrl }}"> 99 99 + <input type="hidden" name="add_account" value="{{ if .AddAccount }}true{{ end }}"> 49 100 50 101 <button 51 102 class="btn w-full my-2 mt-6 text-base " ··· 66 117 You have not authorized the app. 67 118 {{ else if eq .ErrorCode "session" }} 68 119 Server failed to create user session. 120 120 + {{ else if eq .ErrorCode "max_accounts" }} 121 121 + You have reached the maximum of 20 linked accounts. Please remove an account before adding a new one. 69 122 {{ else }} 70 123 Internal Server error. 71 124 {{ end }}

+9 -6

appview/pages/templates/user/signup.html

··· 43 43 page to complete your registration. 44 44 </span> 45 45 <div class="w-full mt-4 text-center"> 46 46 - <div class="cf-turnstile" data-sitekey="{{ .CloudflareSiteKey }}"></div> 46 46 + <div class="cf-turnstile" data-sitekey="{{ .CloudflareSiteKey }}" data-size="flexible"></div> 47 47 </div> 48 48 <button class="btn text-base w-full my-2 mt-6" type="submit" id="signup-button" tabindex="7" > 49 49 <span>join now</span> 50 50 </button> 51 51 + <p class="text-sm text-gray-500"> 52 52 + Already have an AT Protocol account? <a href="/login" class="underline">Login to Tangled</a>. 53 53 + </p> 54 54 + 55 55 + <p id="signup-msg" class="error w-full"></p> 56 56 + <p class="text-sm text-gray-500 pt-4"> 57 57 + By signing up, you agree to our <a href="/terms" class="underline">Terms of Service</a> and <a href="/privacy" class="underline">Privacy Policy</a>. 58 58 + </p> 51 59 </form> 52 52 - <p class="text-sm text-gray-500"> 53 53 - Already have an AT Protocol account? <a href="/login" class="underline">Login to Tangled</a>. 54 54 - </p> 55 55 - 56 56 - <p id="signup-msg" class="error w-full"></p> 57 60 </main> 58 61 </body> 59 62 </html>

+14 -13

appview/pipelines/pipelines.go

··· 16 16 "tangled.org/core/appview/reporesolver" 17 17 "tangled.org/core/eventconsumer" 18 18 "tangled.org/core/idresolver" 19 19 + "tangled.org/core/orm" 19 20 "tangled.org/core/rbac" 20 21 spindlemodel "tangled.org/core/spindle/models" 21 22 ··· 69 70 } 70 71 71 72 func (p *Pipelines) Index(w http.ResponseWriter, r *http.Request) { 72 72 - user := p.oauth.GetUser(r) 73 73 + user := p.oauth.GetMultiAccountUser(r) 73 74 l := p.logger.With("handler", "Index") 74 75 75 76 f, err := p.repoResolver.Resolve(r) ··· 81 82 ps, err := db.GetPipelineStatuses( 82 83 p.db, 83 84 30, 84 84 - db.FilterEq("repo_owner", f.Did), 85 85 - db.FilterEq("repo_name", f.Name), 86 86 - db.FilterEq("knot", f.Knot), 85 85 + orm.FilterEq("repo_owner", f.Did), 86 86 + orm.FilterEq("repo_name", f.Name), 87 87 + orm.FilterEq("knot", f.Knot), 87 88 ) 88 89 if err != nil { 89 90 l.Error("failed to query db", "err", err) ··· 98 99 } 99 100 100 101 func (p *Pipelines) Workflow(w http.ResponseWriter, r *http.Request) { 101 101 - user := p.oauth.GetUser(r) 102 102 + user := p.oauth.GetMultiAccountUser(r) 102 103 l := p.logger.With("handler", "Workflow") 103 104 104 105 f, err := p.repoResolver.Resolve(r) ··· 122 123 ps, err := db.GetPipelineStatuses( 123 124 p.db, 124 125 1, 125 125 - db.FilterEq("repo_owner", f.Did), 126 126 - db.FilterEq("repo_name", f.Name), 127 127 - db.FilterEq("knot", f.Knot), 128 128 - db.FilterEq("id", pipelineId), 126 126 + orm.FilterEq("repo_owner", f.Did), 127 127 + orm.FilterEq("repo_name", f.Name), 128 128 + orm.FilterEq("knot", f.Knot), 129 129 + orm.FilterEq("id", pipelineId), 129 130 ) 130 131 if err != nil { 131 132 l.Error("failed to query db", "err", err) ··· 189 190 ps, err := db.GetPipelineStatuses( 190 191 p.db, 191 192 1, 192 192 - db.FilterEq("repo_owner", f.Did), 193 193 - db.FilterEq("repo_name", f.Name), 194 194 - db.FilterEq("knot", f.Knot), 195 195 - db.FilterEq("id", pipelineId), 193 193 + orm.FilterEq("repo_owner", f.Did), 194 194 + orm.FilterEq("repo_name", f.Name), 195 195 + orm.FilterEq("knot", f.Knot), 196 196 + orm.FilterEq("id", pipelineId), 196 197 ) 197 198 if err != nil || len(ps) != 1 { 198 199 l.Error("pipeline query failed", "err", err, "count", len(ps))

+2 -1

appview/pulls/opengraph.go

··· 13 13 "tangled.org/core/appview/db" 14 14 "tangled.org/core/appview/models" 15 15 "tangled.org/core/appview/ogcard" 16 16 + "tangled.org/core/orm" 16 17 "tangled.org/core/patchutil" 17 18 "tangled.org/core/types" 18 19 ) ··· 276 277 } 277 278 278 279 // Get comment count from database 279 279 - comments, err := db.GetPullComments(s.db, db.FilterEq("pull_id", pull.ID)) 280 280 + comments, err := db.GetPullComments(s.db, orm.FilterEq("pull_id", pull.ID)) 280 281 if err != nil { 281 282 log.Printf("failed to get pull comments: %v", err) 282 283 }

+159 -138

appview/pulls/pulls.go

··· 19 19 "tangled.org/core/appview/config" 20 20 "tangled.org/core/appview/db" 21 21 pulls_indexer "tangled.org/core/appview/indexer/pulls" 22 22 + "tangled.org/core/appview/mentions" 22 23 "tangled.org/core/appview/models" 23 24 "tangled.org/core/appview/notify" 24 25 "tangled.org/core/appview/oauth" 25 26 "tangled.org/core/appview/pages" 26 27 "tangled.org/core/appview/pages/markup" 27 28 "tangled.org/core/appview/pages/repoinfo" 28 28 - "tangled.org/core/appview/refresolver" 29 29 "tangled.org/core/appview/reporesolver" 30 30 "tangled.org/core/appview/validator" 31 31 "tangled.org/core/appview/xrpcclient" 32 32 "tangled.org/core/idresolver" 33 33 + "tangled.org/core/orm" 33 34 "tangled.org/core/patchutil" 34 35 "tangled.org/core/rbac" 35 36 "tangled.org/core/tid" ··· 44 45 ) 45 46 46 47 type Pulls struct { 47 47 - oauth *oauth.OAuth 48 48 - repoResolver *reporesolver.RepoResolver 49 49 - pages *pages.Pages 50 50 - idResolver *idresolver.Resolver 51 51 - refResolver *refresolver.Resolver 52 52 - db *db.DB 53 53 - config *config.Config 54 54 - notifier notify.Notifier 55 55 - enforcer *rbac.Enforcer 56 56 - logger *slog.Logger 57 57 - validator *validator.Validator 58 58 - indexer *pulls_indexer.Indexer 48 48 + oauth *oauth.OAuth 49 49 + repoResolver *reporesolver.RepoResolver 50 50 + pages *pages.Pages 51 51 + idResolver *idresolver.Resolver 52 52 + mentionsResolver *mentions.Resolver 53 53 + db *db.DB 54 54 + config *config.Config 55 55 + notifier notify.Notifier 56 56 + enforcer *rbac.Enforcer 57 57 + logger *slog.Logger 58 58 + validator *validator.Validator 59 59 + indexer *pulls_indexer.Indexer 59 60 } 60 61 61 62 func New( ··· 63 64 repoResolver *reporesolver.RepoResolver, 64 65 pages *pages.Pages, 65 66 resolver *idresolver.Resolver, 66 66 - refResolver *refresolver.Resolver, 67 67 + mentionsResolver *mentions.Resolver, 67 68 db *db.DB, 68 69 config *config.Config, 69 70 notifier notify.Notifier, ··· 73 74 logger *slog.Logger, 74 75 ) *Pulls { 75 76 return &Pulls{ 76 76 - oauth: oauth, 77 77 - repoResolver: repoResolver, 78 78 - pages: pages, 79 79 - idResolver: resolver, 80 80 - refResolver: refResolver, 81 81 - db: db, 82 82 - config: config, 83 83 - notifier: notifier, 84 84 - enforcer: enforcer, 85 85 - logger: logger, 86 86 - validator: validator, 87 87 - indexer: indexer, 77 77 + oauth: oauth, 78 78 + repoResolver: repoResolver, 79 79 + pages: pages, 80 80 + idResolver: resolver, 81 81 + mentionsResolver: mentionsResolver, 82 82 + db: db, 83 83 + config: config, 84 84 + notifier: notifier, 85 85 + enforcer: enforcer, 86 86 + logger: logger, 87 87 + validator: validator, 88 88 + indexer: indexer, 88 89 } 89 90 } 90 91 ··· 92 93 func (s *Pulls) PullActions(w http.ResponseWriter, r *http.Request) { 93 94 switch r.Method { 94 95 case http.MethodGet: 95 95 - user := s.oauth.GetUser(r) 96 96 + user := s.oauth.GetMultiAccountUser(r) 96 97 f, err := s.repoResolver.Resolve(r) 97 98 if err != nil { 98 99 log.Println("failed to get repo and knot", err) ··· 123 124 mergeCheckResponse := s.mergeCheck(r, f, pull, stack) 124 125 branchDeleteStatus := s.branchDeleteStatus(r, f, pull) 125 126 resubmitResult := pages.Unknown 126 126 - if user.Did == pull.OwnerDid { 127 127 + if user.Active.Did == pull.OwnerDid { 127 128 resubmitResult = s.resubmitCheck(r, f, pull, stack) 128 129 } 129 130 ··· 142 143 } 143 144 144 145 func (s *Pulls) RepoSinglePull(w http.ResponseWriter, r *http.Request) { 145 145 - user := s.oauth.GetUser(r) 146 146 + user := s.oauth.GetMultiAccountUser(r) 146 147 f, err := s.repoResolver.Resolve(r) 147 148 if err != nil { 148 149 log.Println("failed to get repo and knot", err) ··· 170 171 mergeCheckResponse := s.mergeCheck(r, f, pull, stack) 171 172 branchDeleteStatus := s.branchDeleteStatus(r, f, pull) 172 173 resubmitResult := pages.Unknown 173 173 - if user != nil && user.Did == pull.OwnerDid { 174 174 + if user != nil && user.Active != nil && user.Active.Did == pull.OwnerDid { 174 175 resubmitResult = s.resubmitCheck(r, f, pull, stack) 175 176 } 176 177 ··· 190 191 ps, err := db.GetPipelineStatuses( 191 192 s.db, 192 193 len(shas), 193 193 - db.FilterEq("repo_owner", f.Did), 194 194 - db.FilterEq("repo_name", f.Name), 195 195 - db.FilterEq("knot", f.Knot), 196 196 - db.FilterIn("sha", shas), 194 194 + orm.FilterEq("repo_owner", f.Did), 195 195 + orm.FilterEq("repo_name", f.Name), 196 196 + orm.FilterEq("knot", f.Knot), 197 197 + orm.FilterIn("sha", shas), 197 198 ) 198 199 if err != nil { 199 200 log.Printf("failed to fetch pipeline statuses: %s", err) ··· 212 213 213 214 userReactions := map[models.ReactionKind]bool{} 214 215 if user != nil { 215 215 - userReactions = db.GetReactionStatusMap(s.db, user.Did, pull.AtUri()) 216 216 + userReactions = db.GetReactionStatusMap(s.db, user.Active.Did, pull.AtUri()) 216 217 } 217 218 218 219 labelDefs, err := db.GetLabelDefinitions( 219 220 s.db, 220 220 - db.FilterIn("at_uri", f.Labels), 221 221 - db.FilterContains("scope", tangled.RepoPullNSID), 221 221 + orm.FilterIn("at_uri", f.Labels), 222 222 + orm.FilterContains("scope", tangled.RepoPullNSID), 222 223 ) 223 224 if err != nil { 224 225 log.Println("failed to fetch labels", err) ··· 323 324 return nil 324 325 } 325 326 326 326 - user := s.oauth.GetUser(r) 327 327 + user := s.oauth.GetMultiAccountUser(r) 327 328 if user == nil { 328 329 return nil 329 330 } ··· 346 347 } 347 348 348 349 // user can only delete branch if they are a collaborator in the repo that the branch belongs to 349 349 - perms := s.enforcer.GetPermissionsInRepo(user.Did, repo.Knot, repo.DidSlashRepo()) 350 350 + perms := s.enforcer.GetPermissionsInRepo(user.Active.Did, repo.Knot, repo.DidSlashRepo()) 350 351 if !slices.Contains(perms, "repo:push") { 351 352 return nil 352 353 } ··· 433 434 } 434 435 435 436 func (s *Pulls) RepoPullPatch(w http.ResponseWriter, r *http.Request) { 436 436 - user := s.oauth.GetUser(r) 437 437 + user := s.oauth.GetMultiAccountUser(r) 437 438 438 439 var diffOpts types.DiffOpts 439 440 if d := r.URL.Query().Get("diff"); d == "split" { ··· 474 475 } 475 476 476 477 func (s *Pulls) RepoPullInterdiff(w http.ResponseWriter, r *http.Request) { 477 477 - user := s.oauth.GetUser(r) 478 478 + user := s.oauth.GetMultiAccountUser(r) 478 479 479 480 var diffOpts types.DiffOpts 480 481 if d := r.URL.Query().Get("diff"); d == "split" { ··· 519 520 interdiff := patchutil.Interdiff(previousPatch, currentPatch) 520 521 521 522 s.pages.RepoPullInterdiffPage(w, pages.RepoPullInterdiffParams{ 522 522 - LoggedInUser: s.oauth.GetUser(r), 523 523 + LoggedInUser: s.oauth.GetMultiAccountUser(r), 523 524 RepoInfo: s.repoResolver.GetRepoInfo(r, user), 524 525 Pull: pull, 525 526 Round: roundIdInt, ··· 551 552 func (s *Pulls) RepoPulls(w http.ResponseWriter, r *http.Request) { 552 553 l := s.logger.With("handler", "RepoPulls") 553 554 554 554 - user := s.oauth.GetUser(r) 555 555 + user := s.oauth.GetMultiAccountUser(r) 555 556 params := r.URL.Query() 556 557 557 558 state := models.PullOpen ··· 597 598 598 599 pulls, err := db.GetPulls( 599 600 s.db, 600 600 - db.FilterIn("id", ids), 601 601 + orm.FilterIn("id", ids), 601 602 ) 602 603 if err != nil { 603 604 log.Println("failed to get pulls", err) ··· 648 649 ps, err := db.GetPipelineStatuses( 649 650 s.db, 650 651 len(shas), 651 651 - db.FilterEq("repo_owner", f.Did), 652 652 - db.FilterEq("repo_name", f.Name), 653 653 - db.FilterEq("knot", f.Knot), 654 654 - db.FilterIn("sha", shas), 652 652 + orm.FilterEq("repo_owner", f.Did), 653 653 + orm.FilterEq("repo_name", f.Name), 654 654 + orm.FilterEq("knot", f.Knot), 655 655 + orm.FilterIn("sha", shas), 655 656 ) 656 657 if err != nil { 657 658 log.Printf("failed to fetch pipeline statuses: %s", err) ··· 664 665 665 666 labelDefs, err := db.GetLabelDefinitions( 666 667 s.db, 667 667 - db.FilterIn("at_uri", f.Labels), 668 668 - db.FilterContains("scope", tangled.RepoPullNSID), 668 668 + orm.FilterIn("at_uri", f.Labels), 669 669 + orm.FilterContains("scope", tangled.RepoPullNSID), 669 670 ) 670 671 if err != nil { 671 672 log.Println("failed to fetch labels", err) ··· 679 680 } 680 681 681 682 s.pages.RepoPulls(w, pages.RepoPullsParams{ 682 682 - LoggedInUser: s.oauth.GetUser(r), 683 683 + LoggedInUser: s.oauth.GetMultiAccountUser(r), 683 684 RepoInfo: s.repoResolver.GetRepoInfo(r, user), 684 685 Pulls: pulls, 685 686 LabelDefs: defs, ··· 691 692 } 692 693 693 694 func (s *Pulls) PullComment(w http.ResponseWriter, r *http.Request) { 694 694 - user := s.oauth.GetUser(r) 695 695 + user := s.oauth.GetMultiAccountUser(r) 695 696 f, err := s.repoResolver.Resolve(r) 696 697 if err != nil { 697 698 log.Println("failed to get repo and knot", err) ··· 729 730 return 730 731 } 731 732 732 732 - mentions, references := s.refResolver.Resolve(r.Context(), body) 733 733 + mentions, references := s.mentionsResolver.Resolve(r.Context(), body) 733 734 734 735 // Start a transaction 735 736 tx, err := s.db.BeginTx(r.Context(), nil) ··· 750 751 } 751 752 atResp, err := comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 752 753 Collection: tangled.RepoPullCommentNSID, 753 753 - Repo: user.Did, 754 754 + Repo: user.Active.Did, 754 755 Rkey: tid.TID(), 755 756 Record: &lexutil.LexiconTypeDecoder{ 756 757 Val: &tangled.RepoPullComment{ ··· 767 768 } 768 769 769 770 comment := &models.PullComment{ 770 770 - OwnerDid: user.Did, 771 771 + OwnerDid: user.Active.Did, 771 772 RepoAt: f.RepoAt().String(), 772 773 PullId: pull.PullId, 773 774 Body: body, ··· 801 802 } 802 803 803 804 func (s *Pulls) NewPull(w http.ResponseWriter, r *http.Request) { 804 804 - user := s.oauth.GetUser(r) 805 805 + user := s.oauth.GetMultiAccountUser(r) 805 806 f, err := s.repoResolver.Resolve(r) 806 807 if err != nil { 807 808 log.Println("failed to get repo and knot", err) ··· 869 870 } 870 871 871 872 // Determine PR type based on input parameters 872 872 - roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} 873 873 + roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Active.Did, f.Knot, f.DidSlashRepo())} 873 874 isPushAllowed := roles.IsPushAllowed() 874 875 isBranchBased := isPushAllowed && sourceBranch != "" && fromFork == "" 875 876 isForkBased := fromFork != "" && sourceBranch != "" ··· 969 970 w http.ResponseWriter, 970 971 r *http.Request, 971 972 repo *models.Repo, 972 972 - user *oauth.User, 973 973 + user *oauth.MultiAccountUser, 973 974 title, 974 975 body, 975 976 targetBranch, ··· 1026 1027 s.createPullRequest(w, r, repo, user, title, body, targetBranch, patch, combined, sourceRev, pullSource, recordPullSource, isStacked) 1027 1028 } 1028 1029 1029 1029 - func (s *Pulls) handlePatchBasedPull(w http.ResponseWriter, r *http.Request, repo *models.Repo, user *oauth.User, title, body, targetBranch, patch string, isStacked bool) { 1030 1030 + func (s *Pulls) handlePatchBasedPull(w http.ResponseWriter, r *http.Request, repo *models.Repo, user *oauth.MultiAccountUser, title, body, targetBranch, patch string, isStacked bool) { 1030 1031 if err := s.validator.ValidatePatch(&patch); err != nil { 1031 1032 s.logger.Error("patch validation failed", "err", err) 1032 1033 s.pages.Notice(w, "pull", "Invalid patch format. Please provide a valid diff.") ··· 1036 1037 s.createPullRequest(w, r, repo, user, title, body, targetBranch, patch, "", "", nil, nil, isStacked) 1037 1038 } 1038 1039 1039 1039 - func (s *Pulls) handleForkBasedPull(w http.ResponseWriter, r *http.Request, repo *models.Repo, user *oauth.User, forkRepo string, title, body, targetBranch, sourceBranch string, isStacked bool) { 1040 1040 + func (s *Pulls) handleForkBasedPull(w http.ResponseWriter, r *http.Request, repo *models.Repo, user *oauth.MultiAccountUser, forkRepo string, title, body, targetBranch, sourceBranch string, isStacked bool) { 1040 1041 repoString := strings.SplitN(forkRepo, "/", 2) 1041 1042 forkOwnerDid := repoString[0] 1042 1043 repoName := repoString[1] ··· 1145 1146 w http.ResponseWriter, 1146 1147 r *http.Request, 1147 1148 repo *models.Repo, 1148 1148 - user *oauth.User, 1149 1149 + user *oauth.MultiAccountUser, 1149 1150 title, body, targetBranch string, 1150 1151 patch string, 1151 1152 combined string, ··· 1205 1206 } 1206 1207 } 1207 1208 1208 1208 - mentions, references := s.refResolver.Resolve(r.Context(), body) 1209 1209 + mentions, references := s.mentionsResolver.Resolve(r.Context(), body) 1209 1210 1210 1211 rkey := tid.TID() 1211 1212 initialSubmission := models.PullSubmission{ ··· 1217 1218 Title: title, 1218 1219 Body: body, 1219 1220 TargetBranch: targetBranch, 1220 1220 - OwnerDid: user.Did, 1221 1221 + OwnerDid: user.Active.Did, 1221 1222 RepoAt: repo.RepoAt(), 1222 1223 Rkey: rkey, 1223 1224 Mentions: mentions, ··· 1240 1241 return 1241 1242 } 1242 1243 1244 1244 + blob, err := comatproto.RepoUploadBlob(r.Context(), client, strings.NewReader(patch)) 1245 1245 + if err != nil { 1246 1246 + log.Println("failed to upload patch", err) 1247 1247 + s.pages.Notice(w, "pull", "Failed to create pull request. Try again later.") 1248 1248 + return 1249 1249 + } 1250 1250 + 1243 1251 _, err = comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 1244 1252 Collection: tangled.RepoPullNSID, 1245 1245 - Repo: user.Did, 1253 1253 + Repo: user.Active.Did, 1246 1254 Rkey: rkey, 1247 1255 Record: &lexutil.LexiconTypeDecoder{ 1248 1256 Val: &tangled.RepoPull{ ··· 1251 1259 Repo: string(repo.RepoAt()), 1252 1260 Branch: targetBranch, 1253 1261 }, 1254 1254 - Patch: patch, 1262 1262 + PatchBlob: blob.Blob, 1255 1263 Source: recordPullSource, 1256 1264 CreatedAt: time.Now().Format(time.RFC3339), 1257 1265 }, ··· 1279 1287 w http.ResponseWriter, 1280 1288 r *http.Request, 1281 1289 repo *models.Repo, 1282 1282 - user *oauth.User, 1290 1290 + user *oauth.MultiAccountUser, 1283 1291 targetBranch string, 1284 1292 patch string, 1285 1293 sourceRev string, ··· 1327 1335 // apply all record creations at once 1328 1336 var writes []*comatproto.RepoApplyWrites_Input_Writes_Elem 1329 1337 for _, p := range stack { 1338 1338 + blob, err := comatproto.RepoUploadBlob(r.Context(), client, strings.NewReader(p.LatestPatch())) 1339 1339 + if err != nil { 1340 1340 + log.Println("failed to upload patch blob", err) 1341 1341 + s.pages.Notice(w, "pull", "Failed to create pull request. Try again later.") 1342 1342 + return 1343 1343 + } 1344 1344 + 1330 1345 record := p.AsRecord() 1331 1331 - write := comatproto.RepoApplyWrites_Input_Writes_Elem{ 1346 1346 + record.PatchBlob = blob.Blob 1347 1347 + writes = append(writes, &comatproto.RepoApplyWrites_Input_Writes_Elem{ 1332 1348 RepoApplyWrites_Create: &comatproto.RepoApplyWrites_Create{ 1333 1349 Collection: tangled.RepoPullNSID, 1334 1350 Rkey: &p.Rkey, ··· 1336 1352 Val: &record, 1337 1353 }, 1338 1354 }, 1339 1339 - } 1340 1340 - writes = append(writes, &write) 1355 1355 + }) 1341 1356 } 1342 1357 _, err = comatproto.RepoApplyWrites(r.Context(), client, &comatproto.RepoApplyWrites_Input{ 1343 1343 - Repo: user.Did, 1358 1358 + Repo: user.Active.Did, 1344 1359 Writes: writes, 1345 1360 }) 1346 1361 if err != nil { ··· 1365 1380 s.pages.Notice(w, "pull", "Failed to create pull request. Try again later.") 1366 1381 return 1367 1382 } 1383 1383 + 1368 1384 } 1369 1385 1370 1386 if err = tx.Commit(); err != nil { ··· 1373 1389 return 1374 1390 } 1375 1391 1392 1392 + // notify about each pull 1393 1393 + // 1394 1394 + // this is performed after tx.Commit, because it could result in a locked DB otherwise 1395 1395 + for _, p := range stack { 1396 1396 + s.notifier.NewPull(r.Context(), p) 1397 1397 + } 1398 1398 + 1376 1399 ownerSlashRepo := reporesolver.GetBaseRepoPath(r, repo) 1377 1400 s.pages.HxLocation(w, fmt.Sprintf("/%s/pulls", ownerSlashRepo)) 1378 1401 } ··· 1404 1427 } 1405 1428 1406 1429 func (s *Pulls) PatchUploadFragment(w http.ResponseWriter, r *http.Request) { 1407 1407 - user := s.oauth.GetUser(r) 1430 1430 + user := s.oauth.GetMultiAccountUser(r) 1408 1431 1409 1432 s.pages.PullPatchUploadFragment(w, pages.PullPatchUploadParams{ 1410 1433 RepoInfo: s.repoResolver.GetRepoInfo(r, user), ··· 1412 1435 } 1413 1436 1414 1437 func (s *Pulls) CompareBranchesFragment(w http.ResponseWriter, r *http.Request) { 1415 1415 - user := s.oauth.GetUser(r) 1438 1438 + user := s.oauth.GetMultiAccountUser(r) 1416 1439 f, err := s.repoResolver.Resolve(r) 1417 1440 if err != nil { 1418 1441 log.Println("failed to get repo and knot", err) ··· 1467 1490 } 1468 1491 1469 1492 func (s *Pulls) CompareForksFragment(w http.ResponseWriter, r *http.Request) { 1470 1470 - user := s.oauth.GetUser(r) 1493 1493 + user := s.oauth.GetMultiAccountUser(r) 1471 1494 1472 1472 - forks, err := db.GetForksByDid(s.db, user.Did) 1495 1495 + forks, err := db.GetForksByDid(s.db, user.Active.Did) 1473 1496 if err != nil { 1474 1497 log.Println("failed to get forks", err) 1475 1498 return ··· 1483 1506 } 1484 1507 1485 1508 func (s *Pulls) CompareForksBranchesFragment(w http.ResponseWriter, r *http.Request) { 1486 1486 - user := s.oauth.GetUser(r) 1509 1509 + user := s.oauth.GetMultiAccountUser(r) 1487 1510 1488 1511 f, err := s.repoResolver.Resolve(r) 1489 1512 if err != nil { ··· 1498 1521 // fork repo 1499 1522 repo, err := db.GetRepo( 1500 1523 s.db, 1501 1501 - db.FilterEq("did", forkOwnerDid), 1502 1502 - db.FilterEq("name", forkName), 1524 1524 + orm.FilterEq("did", forkOwnerDid), 1525 1525 + orm.FilterEq("name", forkName), 1503 1526 ) 1504 1527 if err != nil { 1505 1528 log.Println("failed to get repo", "did", forkOwnerDid, "name", forkName, "err", err) ··· 1576 1599 } 1577 1600 1578 1601 func (s *Pulls) ResubmitPull(w http.ResponseWriter, r *http.Request) { 1579 1579 - user := s.oauth.GetUser(r) 1602 1602 + user := s.oauth.GetMultiAccountUser(r) 1580 1603 1581 1604 pull, ok := r.Context().Value("pull").(*models.Pull) 1582 1605 if !ok { ··· 1607 1630 } 1608 1631 1609 1632 func (s *Pulls) resubmitPatch(w http.ResponseWriter, r *http.Request) { 1610 1610 - user := s.oauth.GetUser(r) 1633 1633 + user := s.oauth.GetMultiAccountUser(r) 1611 1634 1612 1635 pull, ok := r.Context().Value("pull").(*models.Pull) 1613 1636 if !ok { ··· 1622 1645 return 1623 1646 } 1624 1647 1625 1625 - if user.Did != pull.OwnerDid { 1648 1648 + if user.Active.Did != pull.OwnerDid { 1626 1649 log.Println("unauthorized user") 1627 1650 w.WriteHeader(http.StatusUnauthorized) 1628 1651 return ··· 1634 1657 } 1635 1658 1636 1659 func (s *Pulls) resubmitBranch(w http.ResponseWriter, r *http.Request) { 1637 1637 - user := s.oauth.GetUser(r) 1660 1660 + user := s.oauth.GetMultiAccountUser(r) 1638 1661 1639 1662 pull, ok := r.Context().Value("pull").(*models.Pull) 1640 1663 if !ok { ··· 1649 1672 return 1650 1673 } 1651 1674 1652 1652 - if user.Did != pull.OwnerDid { 1675 1675 + if user.Active.Did != pull.OwnerDid { 1653 1676 log.Println("unauthorized user") 1654 1677 w.WriteHeader(http.StatusUnauthorized) 1655 1678 return 1656 1679 } 1657 1680 1658 1658 - roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} 1681 1681 + roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Active.Did, f.Knot, f.DidSlashRepo())} 1659 1682 if !roles.IsPushAllowed() { 1660 1683 log.Println("unauthorized user") 1661 1684 w.WriteHeader(http.StatusUnauthorized) ··· 1699 1722 } 1700 1723 1701 1724 func (s *Pulls) resubmitFork(w http.ResponseWriter, r *http.Request) { 1702 1702 - user := s.oauth.GetUser(r) 1725 1725 + user := s.oauth.GetMultiAccountUser(r) 1703 1726 1704 1727 pull, ok := r.Context().Value("pull").(*models.Pull) 1705 1728 if !ok { ··· 1714 1737 return 1715 1738 } 1716 1739 1717 1717 - if user.Did != pull.OwnerDid { 1740 1740 + if user.Active.Did != pull.OwnerDid { 1718 1741 log.Println("unauthorized user") 1719 1742 w.WriteHeader(http.StatusUnauthorized) 1720 1743 return ··· 1799 1822 w http.ResponseWriter, 1800 1823 r *http.Request, 1801 1824 repo *models.Repo, 1802 1802 - user *oauth.User, 1825 1825 + user *oauth.MultiAccountUser, 1803 1826 pull *models.Pull, 1804 1827 patch string, 1805 1828 combined string, ··· 1855 1878 return 1856 1879 } 1857 1880 1858 1858 - ex, err := comatproto.RepoGetRecord(r.Context(), client, "", tangled.RepoPullNSID, user.Did, pull.Rkey) 1881 1881 + ex, err := comatproto.RepoGetRecord(r.Context(), client, "", tangled.RepoPullNSID, user.Active.Did, pull.Rkey) 1859 1882 if err != nil { 1860 1883 // failed to get record 1861 1884 s.pages.Notice(w, "resubmit-error", "Failed to update pull, no record found on PDS.") 1862 1885 return 1863 1886 } 1864 1887 1865 1865 - var recordPullSource *tangled.RepoPull_Source 1866 1866 - if pull.IsBranchBased() { 1867 1867 - recordPullSource = &tangled.RepoPull_Source{ 1868 1868 - Branch: pull.PullSource.Branch, 1869 1869 - Sha: sourceRev, 1870 1870 - } 1888 1888 + blob, err := comatproto.RepoUploadBlob(r.Context(), client, strings.NewReader(patch)) 1889 1889 + if err != nil { 1890 1890 + log.Println("failed to upload patch blob", err) 1891 1891 + s.pages.Notice(w, "resubmit-error", "Failed to update pull request on the PDS. Try again later.") 1892 1892 + return 1871 1893 } 1872 1872 - if pull.IsForkBased() { 1873 1873 - repoAt := pull.PullSource.RepoAt.String() 1874 1874 - recordPullSource = &tangled.RepoPull_Source{ 1875 1875 - Branch: pull.PullSource.Branch, 1876 1876 - Repo: &repoAt, 1877 1877 - Sha: sourceRev, 1878 1878 - } 1879 1879 - } 1894 1894 + record := pull.AsRecord() 1895 1895 + record.PatchBlob = blob.Blob 1896 1896 + record.CreatedAt = time.Now().Format(time.RFC3339) 1880 1897 1881 1898 _, err = comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 1882 1899 Collection: tangled.RepoPullNSID, 1883 1883 - Repo: user.Did, 1900 1900 + Repo: user.Active.Did, 1884 1901 Rkey: pull.Rkey, 1885 1902 SwapRecord: ex.Cid, 1886 1903 Record: &lexutil.LexiconTypeDecoder{ 1887 1887 - Val: &tangled.RepoPull{ 1888 1888 - Title: pull.Title, 1889 1889 - Target: &tangled.RepoPull_Target{ 1890 1890 - Repo: string(repo.RepoAt()), 1891 1891 - Branch: pull.TargetBranch, 1892 1892 - }, 1893 1893 - Patch: patch, // new patch 1894 1894 - Source: recordPullSource, 1895 1895 - CreatedAt: time.Now().Format(time.RFC3339), 1896 1896 - }, 1904 1904 + Val: &record, 1897 1905 }, 1898 1906 }) 1899 1907 if err != nil { ··· 1916 1924 w http.ResponseWriter, 1917 1925 r *http.Request, 1918 1926 repo *models.Repo, 1919 1919 - user *oauth.User, 1927 1927 + user *oauth.MultiAccountUser, 1920 1928 pull *models.Pull, 1921 1929 patch string, 1922 1930 stackId string, ··· 1979 1987 } 1980 1988 defer tx.Rollback() 1981 1989 1990 1990 + client, err := s.oauth.AuthorizedClient(r) 1991 1991 + if err != nil { 1992 1992 + log.Println("failed to authorize client") 1993 1993 + s.pages.Notice(w, "resubmit-error", "Failed to create pull request. Try again later.") 1994 1994 + return 1995 1995 + } 1996 1996 + 1982 1997 // pds updates to make 1983 1998 var writes []*comatproto.RepoApplyWrites_Input_Writes_Elem 1984 1999 ··· 2012 2027 return 2013 2028 } 2014 2029 2030 2030 + blob, err := comatproto.RepoUploadBlob(r.Context(), client, strings.NewReader(patch)) 2031 2031 + if err != nil { 2032 2032 + log.Println("failed to upload patch blob", err) 2033 2033 + s.pages.Notice(w, "resubmit-error", "Failed to update pull request on the PDS. Try again later.") 2034 2034 + return 2035 2035 + } 2015 2036 record := p.AsRecord() 2037 2037 + record.PatchBlob = blob.Blob 2016 2038 writes = append(writes, &comatproto.RepoApplyWrites_Input_Writes_Elem{ 2017 2039 RepoApplyWrites_Create: &comatproto.RepoApplyWrites_Create{ 2018 2040 Collection: tangled.RepoPullNSID, ··· 2047 2069 return 2048 2070 } 2049 2071 2072 2072 + blob, err := comatproto.RepoUploadBlob(r.Context(), client, strings.NewReader(patch)) 2073 2073 + if err != nil { 2074 2074 + log.Println("failed to upload patch blob", err) 2075 2075 + s.pages.Notice(w, "resubmit-error", "Failed to update pull request on the PDS. Try again later.") 2076 2076 + return 2077 2077 + } 2050 2078 record := np.AsRecord() 2051 2051 - 2079 2079 + record.PatchBlob = blob.Blob 2052 2080 writes = append(writes, &comatproto.RepoApplyWrites_Input_Writes_Elem{ 2053 2081 RepoApplyWrites_Update: &comatproto.RepoApplyWrites_Update{ 2054 2082 Collection: tangled.RepoPullNSID, ··· 2066 2094 tx, 2067 2095 p.ParentChangeId, 2068 2096 // these should be enough filters to be unique per-stack 2069 2069 - db.FilterEq("repo_at", p.RepoAt.String()), 2070 2070 - db.FilterEq("owner_did", p.OwnerDid), 2071 2071 - db.FilterEq("change_id", p.ChangeId), 2097 2097 + orm.FilterEq("repo_at", p.RepoAt.String()), 2098 2098 + orm.FilterEq("owner_did", p.OwnerDid), 2099 2099 + orm.FilterEq("change_id", p.ChangeId), 2072 2100 ) 2073 2101 2074 2102 if err != nil { ··· 2085 2113 return 2086 2114 } 2087 2115 2088 2088 - client, err := s.oauth.AuthorizedClient(r) 2089 2089 - if err != nil { 2090 2090 - log.Println("failed to authorize client") 2091 2091 - s.pages.Notice(w, "resubmit-error", "Failed to create pull request. Try again later.") 2092 2092 - return 2093 2093 - } 2094 2094 - 2095 2116 _, err = comatproto.RepoApplyWrites(r.Context(), client, &comatproto.RepoApplyWrites_Input{ 2096 2096 - Repo: user.Did, 2117 2117 + Repo: user.Active.Did, 2097 2118 Writes: writes, 2098 2119 }) 2099 2120 if err != nil { ··· 2107 2128 } 2108 2129 2109 2130 func (s *Pulls) MergePull(w http.ResponseWriter, r *http.Request) { 2110 2110 - user := s.oauth.GetUser(r) 2131 2131 + user := s.oauth.GetMultiAccountUser(r) 2111 2132 f, err := s.repoResolver.Resolve(r) 2112 2133 if err != nil { 2113 2134 log.Println("failed to resolve repo:", err) ··· 2218 2239 2219 2240 // notify about the pull merge 2220 2241 for _, p := range pullsToMerge { 2221 2221 - s.notifier.NewPullState(r.Context(), syntax.DID(user.Did), p) 2242 2242 + s.notifier.NewPullState(r.Context(), syntax.DID(user.Active.Did), p) 2222 2243 } 2223 2244 2224 2245 ownerSlashRepo := reporesolver.GetBaseRepoPath(r, f) ··· 2226 2247 } 2227 2248 2228 2249 func (s *Pulls) ClosePull(w http.ResponseWriter, r *http.Request) { 2229 2229 - user := s.oauth.GetUser(r) 2250 2250 + user := s.oauth.GetMultiAccountUser(r) 2230 2251 2231 2252 f, err := s.repoResolver.Resolve(r) 2232 2253 if err != nil { ··· 2242 2263 } 2243 2264 2244 2265 // auth filter: only owner or collaborators can close 2245 2245 - roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} 2266 2266 + roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Active.Did, f.Knot, f.DidSlashRepo())} 2246 2267 isOwner := roles.IsOwner() 2247 2268 isCollaborator := roles.IsCollaborator() 2248 2248 - isPullAuthor := user.Did == pull.OwnerDid 2269 2269 + isPullAuthor := user.Active.Did == pull.OwnerDid 2249 2270 isCloseAllowed := isOwner || isCollaborator || isPullAuthor 2250 2271 if !isCloseAllowed { 2251 2272 log.Println("failed to close pull") ··· 2291 2312 } 2292 2313 2293 2314 for _, p := range pullsToClose { 2294 2294 - s.notifier.NewPullState(r.Context(), syntax.DID(user.Did), p) 2315 2315 + s.notifier.NewPullState(r.Context(), syntax.DID(user.Active.Did), p) 2295 2316 } 2296 2317 2297 2318 ownerSlashRepo := reporesolver.GetBaseRepoPath(r, f) ··· 2299 2320 } 2300 2321 2301 2322 func (s *Pulls) ReopenPull(w http.ResponseWriter, r *http.Request) { 2302 2302 - user := s.oauth.GetUser(r) 2323 2323 + user := s.oauth.GetMultiAccountUser(r) 2303 2324 2304 2325 f, err := s.repoResolver.Resolve(r) 2305 2326 if err != nil { ··· 2316 2337 } 2317 2338 2318 2339 // auth filter: only owner or collaborators can close 2319 2319 - roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} 2340 2340 + roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Active.Did, f.Knot, f.DidSlashRepo())} 2320 2341 isOwner := roles.IsOwner() 2321 2342 isCollaborator := roles.IsCollaborator() 2322 2322 - isPullAuthor := user.Did == pull.OwnerDid 2343 2343 + isPullAuthor := user.Active.Did == pull.OwnerDid 2323 2344 isCloseAllowed := isOwner || isCollaborator || isPullAuthor 2324 2345 if !isCloseAllowed { 2325 2346 log.Println("failed to close pull") ··· 2365 2386 } 2366 2387 2367 2388 for _, p := range pullsToReopen { 2368 2368 - s.notifier.NewPullState(r.Context(), syntax.DID(user.Did), p) 2389 2389 + s.notifier.NewPullState(r.Context(), syntax.DID(user.Active.Did), p) 2369 2390 } 2370 2391 2371 2392 ownerSlashRepo := reporesolver.GetBaseRepoPath(r, f) 2372 2393 s.pages.HxLocation(w, fmt.Sprintf("/%s/pulls/%d", ownerSlashRepo, pull.PullId)) 2373 2394 } 2374 2395 2375 2375 - func (s *Pulls) newStack(ctx context.Context, repo *models.Repo, user *oauth.User, targetBranch, patch string, pullSource *models.PullSource, stackId string) (models.Stack, error) { 2396 2396 + func (s *Pulls) newStack(ctx context.Context, repo *models.Repo, user *oauth.MultiAccountUser, targetBranch, patch string, pullSource *models.PullSource, stackId string) (models.Stack, error) { 2376 2397 formatPatches, err := patchutil.ExtractPatches(patch) 2377 2398 if err != nil { 2378 2399 return nil, fmt.Errorf("Failed to extract patches: %v", err) ··· 2397 2418 body := fp.Body 2398 2419 rkey := tid.TID() 2399 2420 2400 2400 - mentions, references := s.refResolver.Resolve(ctx, body) 2421 2421 + mentions, references := s.mentionsResolver.Resolve(ctx, body) 2401 2422 2402 2423 initialSubmission := models.PullSubmission{ 2403 2424 Patch: fp.Raw, ··· 2408 2429 Title: title, 2409 2430 Body: body, 2410 2431 TargetBranch: targetBranch, 2411 2411 - OwnerDid: user.Did, 2432 2432 + OwnerDid: user.Active.Did, 2412 2433 RepoAt: repo.RepoAt(), 2413 2434 Rkey: rkey, 2414 2435 Mentions: mentions,

-65

appview/refresolver/resolver.go

··· 1 1 - package refresolver 2 2 - 3 3 - import ( 4 4 - "context" 5 5 - "log/slog" 6 6 - 7 7 - "github.com/bluesky-social/indigo/atproto/syntax" 8 8 - "tangled.org/core/appview/config" 9 9 - "tangled.org/core/appview/db" 10 10 - "tangled.org/core/appview/models" 11 11 - "tangled.org/core/appview/pages/markup" 12 12 - "tangled.org/core/idresolver" 13 13 - ) 14 14 - 15 15 - type Resolver struct { 16 16 - config *config.Config 17 17 - idResolver *idresolver.Resolver 18 18 - execer db.Execer 19 19 - logger *slog.Logger 20 20 - } 21 21 - 22 22 - func New( 23 23 - config *config.Config, 24 24 - idResolver *idresolver.Resolver, 25 25 - execer db.Execer, 26 26 - logger *slog.Logger, 27 27 - ) *Resolver { 28 28 - return &Resolver{ 29 29 - config, 30 30 - idResolver, 31 31 - execer, 32 32 - logger, 33 33 - } 34 34 - } 35 35 - 36 36 - func (r *Resolver) Resolve(ctx context.Context, source string) ([]syntax.DID, []syntax.ATURI) { 37 37 - l := r.logger.With("method", "Resolve") 38 38 - rawMentions, rawRefs := markup.FindReferences(r.config.Core.AppviewHost, source) 39 39 - l.Debug("found possible references", "mentions", rawMentions, "refs", rawRefs) 40 40 - idents := r.idResolver.ResolveIdents(ctx, rawMentions) 41 41 - var mentions []syntax.DID 42 42 - for _, ident := range idents { 43 43 - if ident != nil && !ident.Handle.IsInvalidHandle() { 44 44 - mentions = append(mentions, ident.DID) 45 45 - } 46 46 - } 47 47 - l.Debug("found mentions", "mentions", mentions) 48 48 - 49 49 - var resolvedRefs []models.ReferenceLink 50 50 - for _, rawRef := range rawRefs { 51 51 - ident, err := r.idResolver.ResolveIdent(ctx, rawRef.Handle) 52 52 - if err != nil || ident == nil || ident.Handle.IsInvalidHandle() { 53 53 - continue 54 54 - } 55 55 - rawRef.Handle = string(ident.DID) 56 56 - resolvedRefs = append(resolvedRefs, rawRef) 57 57 - } 58 58 - aturiRefs, err := db.ValidateReferenceLinks(r.execer, resolvedRefs) 59 59 - if err != nil { 60 60 - l.Error("failed running query", "err", err) 61 61 - } 62 62 - l.Debug("found references", "refs", aturiRefs) 63 63 - 64 64 - return mentions, aturiRefs 65 65 - }

+1

appview/repo/archive.go

··· 18 18 l := rp.logger.With("handler", "DownloadArchive") 19 19 ref := chi.URLParam(r, "ref") 20 20 ref, _ = url.PathUnescape(ref) 21 21 + ref = strings.TrimSuffix(ref, ".tar.gz") 21 22 f, err := rp.repoResolver.Resolve(r) 22 23 if err != nil { 23 24 l.Error("failed to get repo and knot", "err", err)

+16 -15

appview/repo/artifact.go

··· 15 15 "tangled.org/core/appview/models" 16 16 "tangled.org/core/appview/pages" 17 17 "tangled.org/core/appview/xrpcclient" 18 18 + "tangled.org/core/orm" 18 19 "tangled.org/core/tid" 19 20 "tangled.org/core/types" 20 21 ··· 29 30 30 31 // TODO: proper statuses here on early exit 31 32 func (rp *Repo) AttachArtifact(w http.ResponseWriter, r *http.Request) { 32 32 - user := rp.oauth.GetUser(r) 33 33 + user := rp.oauth.GetMultiAccountUser(r) 33 34 tagParam := chi.URLParam(r, "tag") 34 35 f, err := rp.repoResolver.Resolve(r) 35 36 if err != nil { ··· 74 75 75 76 putRecordResp, err := comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 76 77 Collection: tangled.RepoArtifactNSID, 77 77 - Repo: user.Did, 78 78 + Repo: user.Active.Did, 78 79 Rkey: rkey, 79 80 Record: &lexutil.LexiconTypeDecoder{ 80 81 Val: &tangled.RepoArtifact{ ··· 103 104 defer tx.Rollback() 104 105 105 106 artifact := models.Artifact{ 106 106 - Did: user.Did, 107 107 + Did: user.Active.Did, 107 108 Rkey: rkey, 108 109 RepoAt: f.RepoAt(), 109 110 Tag: tag.Tag.Hash, ··· 155 156 156 157 artifacts, err := db.GetArtifact( 157 158 rp.db, 158 158 - db.FilterEq("repo_at", f.RepoAt()), 159 159 - db.FilterEq("tag", tag.Tag.Hash[:]), 160 160 - db.FilterEq("name", filename), 159 159 + orm.FilterEq("repo_at", f.RepoAt()), 160 160 + orm.FilterEq("tag", tag.Tag.Hash[:]), 161 161 + orm.FilterEq("name", filename), 161 162 ) 162 163 if err != nil { 163 164 log.Println("failed to get artifacts", err) ··· 219 220 220 221 // TODO: proper statuses here on early exit 221 222 func (rp *Repo) DeleteArtifact(w http.ResponseWriter, r *http.Request) { 222 222 - user := rp.oauth.GetUser(r) 223 223 + user := rp.oauth.GetMultiAccountUser(r) 223 224 tagParam := chi.URLParam(r, "tag") 224 225 filename := chi.URLParam(r, "file") 225 226 f, err := rp.repoResolver.Resolve(r) ··· 234 235 235 236 artifacts, err := db.GetArtifact( 236 237 rp.db, 237 237 - db.FilterEq("repo_at", f.RepoAt()), 238 238 - db.FilterEq("tag", tag[:]), 239 239 - db.FilterEq("name", filename), 238 238 + orm.FilterEq("repo_at", f.RepoAt()), 239 239 + orm.FilterEq("tag", tag[:]), 240 240 + orm.FilterEq("name", filename), 240 241 ) 241 242 if err != nil { 242 243 log.Println("failed to get artifacts", err) ··· 250 251 251 252 artifact := artifacts[0] 252 253 253 253 - if user.Did != artifact.Did { 254 254 + if user.Active.Did != artifact.Did { 254 255 log.Println("user not authorized to delete artifact", err) 255 256 rp.pages.Notice(w, "remove", "Unauthorized deletion of artifact.") 256 257 return ··· 258 259 259 260 _, err = comatproto.RepoDeleteRecord(r.Context(), client, &comatproto.RepoDeleteRecord_Input{ 260 261 Collection: tangled.RepoArtifactNSID, 261 261 - Repo: user.Did, 262 262 + Repo: user.Active.Did, 262 263 Rkey: artifact.Rkey, 263 264 }) 264 265 if err != nil { ··· 276 277 defer tx.Rollback() 277 278 278 279 err = db.DeleteArtifact(tx, 279 279 - db.FilterEq("repo_at", f.RepoAt()), 280 280 - db.FilterEq("tag", artifact.Tag[:]), 281 281 - db.FilterEq("name", filename), 280 280 + orm.FilterEq("repo_at", f.RepoAt()), 281 281 + orm.FilterEq("tag", artifact.Tag[:]), 282 282 + orm.FilterEq("name", filename), 282 283 ) 283 284 if err != nil { 284 285 log.Println("failed to remove artifact record from db", err)

+1 -1

appview/repo/blob.go

··· 76 76 // Create the blob view 77 77 blobView := NewBlobView(resp, rp.config, f, ref, filePath, r.URL.Query()) 78 78 79 79 - user := rp.oauth.GetUser(r) 79 79 + user := rp.oauth.GetMultiAccountUser(r) 80 80 81 81 rp.pages.RepoBlob(w, pages.RepoBlobParams{ 82 82 LoggedInUser: user,

+1 -1

appview/repo/branches.go

··· 43 43 return 44 44 } 45 45 sortBranches(result.Branches) 46 46 - user := rp.oauth.GetUser(r) 46 46 + user := rp.oauth.GetMultiAccountUser(r) 47 47 rp.pages.RepoBranches(w, pages.RepoBranchesParams{ 48 48 LoggedInUser: user, 49 49 RepoInfo: rp.repoResolver.GetRepoInfo(r, user),

+2 -2

appview/repo/compare.go

··· 20 20 func (rp *Repo) CompareNew(w http.ResponseWriter, r *http.Request) { 21 21 l := rp.logger.With("handler", "RepoCompareNew") 22 22 23 23 - user := rp.oauth.GetUser(r) 23 23 + user := rp.oauth.GetMultiAccountUser(r) 24 24 f, err := rp.repoResolver.Resolve(r) 25 25 if err != nil { 26 26 l.Error("failed to get repo and knot", "err", err) ··· 101 101 func (rp *Repo) Compare(w http.ResponseWriter, r *http.Request) { 102 102 l := rp.logger.With("handler", "RepoCompare") 103 103 104 104 - user := rp.oauth.GetUser(r) 104 104 + user := rp.oauth.GetMultiAccountUser(r) 105 105 f, err := rp.repoResolver.Resolve(r) 106 106 if err != nil { 107 107 l.Error("failed to get repo and knot", "err", err)

+3 -2

appview/repo/feed.go

··· 11 11 "tangled.org/core/appview/db" 12 12 "tangled.org/core/appview/models" 13 13 "tangled.org/core/appview/pagination" 14 14 + "tangled.org/core/orm" 14 15 15 16 "github.com/bluesky-social/indigo/atproto/identity" 16 17 "github.com/bluesky-social/indigo/atproto/syntax" ··· 20 21 func (rp *Repo) getRepoFeed(ctx context.Context, repo *models.Repo, ownerSlashRepo string) (*feeds.Feed, error) { 21 22 const feedLimitPerType = 100 22 23 23 23 - pulls, err := db.GetPullsWithLimit(rp.db, feedLimitPerType, db.FilterEq("repo_at", repo.RepoAt())) 24 24 + pulls, err := db.GetPullsWithLimit(rp.db, feedLimitPerType, orm.FilterEq("repo_at", repo.RepoAt())) 24 25 if err != nil { 25 26 return nil, err 26 27 } ··· 28 29 issues, err := db.GetIssuesPaginated( 29 30 rp.db, 30 31 pagination.Page{Limit: feedLimitPerType}, 31 31 - db.FilterEq("repo_at", repo.RepoAt()), 32 32 + orm.FilterEq("repo_at", repo.RepoAt()), 32 33 ) 33 34 if err != nil { 34 35 return nil, err

+4 -3

appview/repo/index.go

··· 23 23 "tangled.org/core/appview/models" 24 24 "tangled.org/core/appview/pages" 25 25 "tangled.org/core/appview/xrpcclient" 26 26 + "tangled.org/core/orm" 26 27 "tangled.org/core/types" 27 28 28 29 "github.com/go-chi/chi/v5" ··· 50 51 Host: host, 51 52 } 52 53 53 53 - user := rp.oauth.GetUser(r) 54 54 + user := rp.oauth.GetMultiAccountUser(r) 54 55 55 56 // Build index response from multiple XRPC calls 56 57 result, err := rp.buildIndexResponse(r.Context(), xrpcc, f, ref) ··· 171 172 // first attempt to fetch from db 172 173 langs, err := db.GetRepoLanguages( 173 174 rp.db, 174 174 - db.FilterEq("repo_at", repo.RepoAt()), 175 175 - db.FilterEq("ref", currentRef), 175 175 + orm.FilterEq("repo_at", repo.RepoAt()), 176 176 + orm.FilterEq("ref", currentRef), 176 177 ) 177 178 178 179 if err != nil || langs == nil {

+2 -2

appview/repo/log.go

··· 109 109 } 110 110 } 111 111 112 112 - user := rp.oauth.GetUser(r) 112 112 + user := rp.oauth.GetMultiAccountUser(r) 113 113 114 114 emailToDidMap, err := db.GetEmailToDid(rp.db, uniqueEmails(xrpcResp.Commits), true) 115 115 if err != nil { ··· 197 197 l.Error("failed to GetVerifiedCommits", "err", err) 198 198 } 199 199 200 200 - user := rp.oauth.GetUser(r) 200 200 + user := rp.oauth.GetMultiAccountUser(r) 201 201 pipelines, err := getPipelineStatuses(rp.db, f, []string{result.Diff.Commit.This}) 202 202 if err != nil { 203 203 l.Error("failed to getPipelineStatuses", "err", err)

+3 -2

appview/repo/opengraph.go

··· 16 16 "tangled.org/core/appview/db" 17 17 "tangled.org/core/appview/models" 18 18 "tangled.org/core/appview/ogcard" 19 19 + "tangled.org/core/orm" 19 20 "tangled.org/core/types" 20 21 ) 21 22 ··· 338 339 var languageStats []types.RepoLanguageDetails 339 340 langs, err := db.GetRepoLanguages( 340 341 rp.db, 341 341 - db.FilterEq("repo_at", f.RepoAt()), 342 342 - db.FilterEq("is_default_ref", 1), 342 342 + orm.FilterEq("repo_at", f.RepoAt()), 343 343 + orm.FilterEq("is_default_ref", 1), 343 344 ) 344 345 if err != nil { 345 346 log.Printf("failed to get language stats from db: %v", err)

+50 -49

appview/repo/repo.go

··· 24 24 xrpcclient "tangled.org/core/appview/xrpcclient" 25 25 "tangled.org/core/eventconsumer" 26 26 "tangled.org/core/idresolver" 27 27 + "tangled.org/core/orm" 27 28 "tangled.org/core/rbac" 28 29 "tangled.org/core/tid" 29 30 "tangled.org/core/xrpc/serviceauth" ··· 80 81 81 82 // modify the spindle configured for this repo 82 83 func (rp *Repo) EditSpindle(w http.ResponseWriter, r *http.Request) { 83 83 - user := rp.oauth.GetUser(r) 84 84 + user := rp.oauth.GetMultiAccountUser(r) 84 85 l := rp.logger.With("handler", "EditSpindle") 85 85 - l = l.With("did", user.Did) 86 86 + l = l.With("did", user.Active.Did) 86 87 87 88 errorId := "operation-error" 88 89 fail := func(msg string, err error) { ··· 106 107 107 108 if !removingSpindle { 108 109 // ensure that this is a valid spindle for this user 109 109 - validSpindles, err := rp.enforcer.GetSpindlesForUser(user.Did) 110 110 + validSpindles, err := rp.enforcer.GetSpindlesForUser(user.Active.Did) 110 111 if err != nil { 111 112 fail("Failed to find spindles. Try again later.", err) 112 113 return ··· 167 168 } 168 169 169 170 func (rp *Repo) AddLabelDef(w http.ResponseWriter, r *http.Request) { 170 170 - user := rp.oauth.GetUser(r) 171 171 + user := rp.oauth.GetMultiAccountUser(r) 171 172 l := rp.logger.With("handler", "AddLabel") 172 172 - l = l.With("did", user.Did) 173 173 + l = l.With("did", user.Active.Did) 173 174 174 175 f, err := rp.repoResolver.Resolve(r) 175 176 if err != nil { ··· 215 216 } 216 217 217 218 label := models.LabelDefinition{ 218 218 - Did: user.Did, 219 219 + Did: user.Active.Did, 219 220 Rkey: tid.TID(), 220 221 Name: name, 221 222 ValueType: valueType, ··· 326 327 } 327 328 328 329 func (rp *Repo) DeleteLabelDef(w http.ResponseWriter, r *http.Request) { 329 329 - user := rp.oauth.GetUser(r) 330 330 + user := rp.oauth.GetMultiAccountUser(r) 330 331 l := rp.logger.With("handler", "DeleteLabel") 331 331 - l = l.With("did", user.Did) 332 332 + l = l.With("did", user.Active.Did) 332 333 333 334 f, err := rp.repoResolver.Resolve(r) 334 335 if err != nil { ··· 345 346 // get form values 346 347 labelId := r.FormValue("label-id") 347 348 348 348 - label, err := db.GetLabelDefinition(rp.db, db.FilterEq("id", labelId)) 349 349 + label, err := db.GetLabelDefinition(rp.db, orm.FilterEq("id", labelId)) 349 350 if err != nil { 350 351 fail("Failed to find label definition.", err) 351 352 return ··· 409 410 410 411 err = db.UnsubscribeLabel( 411 412 tx, 412 412 - db.FilterEq("repo_at", f.RepoAt()), 413 413 - db.FilterEq("label_at", removedAt), 413 413 + orm.FilterEq("repo_at", f.RepoAt()), 414 414 + orm.FilterEq("label_at", removedAt), 414 415 ) 415 416 if err != nil { 416 417 fail("Failed to unsubscribe label.", err) 417 418 return 418 419 } 419 420 420 420 - err = db.DeleteLabelDefinition(tx, db.FilterEq("id", label.Id)) 421 421 + err = db.DeleteLabelDefinition(tx, orm.FilterEq("id", label.Id)) 421 422 if err != nil { 422 423 fail("Failed to delete label definition.", err) 423 424 return ··· 434 435 } 435 436 436 437 func (rp *Repo) SubscribeLabel(w http.ResponseWriter, r *http.Request) { 437 437 - user := rp.oauth.GetUser(r) 438 438 + user := rp.oauth.GetMultiAccountUser(r) 438 439 l := rp.logger.With("handler", "SubscribeLabel") 439 439 - l = l.With("did", user.Did) 440 440 + l = l.With("did", user.Active.Did) 440 441 441 442 f, err := rp.repoResolver.Resolve(r) 442 443 if err != nil { ··· 456 457 } 457 458 458 459 labelAts := r.Form["label"] 459 459 - _, err = db.GetLabelDefinitions(rp.db, db.FilterIn("at_uri", labelAts)) 460 460 + _, err = db.GetLabelDefinitions(rp.db, orm.FilterIn("at_uri", labelAts)) 460 461 if err != nil { 461 462 fail("Failed to subscribe to label.", err) 462 463 return ··· 520 521 } 521 522 522 523 func (rp *Repo) UnsubscribeLabel(w http.ResponseWriter, r *http.Request) { 523 523 - user := rp.oauth.GetUser(r) 524 524 + user := rp.oauth.GetMultiAccountUser(r) 524 525 l := rp.logger.With("handler", "UnsubscribeLabel") 525 525 - l = l.With("did", user.Did) 526 526 + l = l.With("did", user.Active.Did) 526 527 527 528 f, err := rp.repoResolver.Resolve(r) 528 529 if err != nil { ··· 542 543 } 543 544 544 545 labelAts := r.Form["label"] 545 545 - _, err = db.GetLabelDefinitions(rp.db, db.FilterIn("at_uri", labelAts)) 546 546 + _, err = db.GetLabelDefinitions(rp.db, orm.FilterIn("at_uri", labelAts)) 546 547 if err != nil { 547 548 fail("Failed to unsubscribe to label.", err) 548 549 return ··· 582 583 583 584 err = db.UnsubscribeLabel( 584 585 rp.db, 585 585 - db.FilterEq("repo_at", f.RepoAt()), 586 586 - db.FilterIn("label_at", labelAts), 586 586 + orm.FilterEq("repo_at", f.RepoAt()), 587 587 + orm.FilterIn("label_at", labelAts), 587 588 ) 588 589 if err != nil { 589 590 fail("Failed to unsubscribe label.", err) ··· 612 613 613 614 labelDefs, err := db.GetLabelDefinitions( 614 615 rp.db, 615 615 - db.FilterIn("at_uri", f.Labels), 616 616 - db.FilterContains("scope", subject.Collection().String()), 616 616 + orm.FilterIn("at_uri", f.Labels), 617 617 + orm.FilterContains("scope", subject.Collection().String()), 617 618 ) 618 619 if err != nil { 619 620 l.Error("failed to fetch label defs", "err", err) ··· 625 626 defs[l.AtUri().String()] = &l 626 627 } 627 628 628 628 - states, err := db.GetLabels(rp.db, db.FilterEq("subject", subject)) 629 629 + states, err := db.GetLabels(rp.db, orm.FilterEq("subject", subject)) 629 630 if err != nil { 630 631 l.Error("failed to build label state", "err", err) 631 632 return 632 633 } 633 634 state := states[subject] 634 635 635 635 - user := rp.oauth.GetUser(r) 636 636 + user := rp.oauth.GetMultiAccountUser(r) 636 637 rp.pages.LabelPanel(w, pages.LabelPanelParams{ 637 638 LoggedInUser: user, 638 639 RepoInfo: rp.repoResolver.GetRepoInfo(r, user), ··· 660 661 661 662 labelDefs, err := db.GetLabelDefinitions( 662 663 rp.db, 663 663 - db.FilterIn("at_uri", f.Labels), 664 664 - db.FilterContains("scope", subject.Collection().String()), 664 664 + orm.FilterIn("at_uri", f.Labels), 665 665 + orm.FilterContains("scope", subject.Collection().String()), 665 666 ) 666 667 if err != nil { 667 668 l.Error("failed to fetch labels", "err", err) ··· 673 674 defs[l.AtUri().String()] = &l 674 675 } 675 676 676 676 - states, err := db.GetLabels(rp.db, db.FilterEq("subject", subject)) 677 677 + states, err := db.GetLabels(rp.db, orm.FilterEq("subject", subject)) 677 678 if err != nil { 678 679 l.Error("failed to build label state", "err", err) 679 680 return 680 681 } 681 682 state := states[subject] 682 683 683 683 - user := rp.oauth.GetUser(r) 684 684 + user := rp.oauth.GetMultiAccountUser(r) 684 685 rp.pages.EditLabelPanel(w, pages.EditLabelPanelParams{ 685 686 LoggedInUser: user, 686 687 RepoInfo: rp.repoResolver.GetRepoInfo(r, user), ··· 691 692 } 692 693 693 694 func (rp *Repo) AddCollaborator(w http.ResponseWriter, r *http.Request) { 694 694 - user := rp.oauth.GetUser(r) 695 695 + user := rp.oauth.GetMultiAccountUser(r) 695 696 l := rp.logger.With("handler", "AddCollaborator") 696 696 - l = l.With("did", user.Did) 697 697 + l = l.With("did", user.Active.Did) 697 698 698 699 f, err := rp.repoResolver.Resolve(r) 699 700 if err != nil { ··· 722 723 return 723 724 } 724 725 725 725 - if collaboratorIdent.DID.String() == user.Did { 726 726 + if collaboratorIdent.DID.String() == user.Active.Did { 726 727 fail("You seem to be adding yourself as a collaborator.", nil) 727 728 return 728 729 } ··· 737 738 } 738 739 739 740 // emit a record 740 740 - currentUser := rp.oauth.GetUser(r) 741 741 + currentUser := rp.oauth.GetMultiAccountUser(r) 741 742 rkey := tid.TID() 742 743 createdAt := time.Now() 743 744 resp, err := comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 744 745 Collection: tangled.RepoCollaboratorNSID, 745 745 - Repo: currentUser.Did, 746 746 + Repo: currentUser.Active.Did, 746 747 Rkey: rkey, 747 748 Record: &lexutil.LexiconTypeDecoder{ 748 749 Val: &tangled.RepoCollaborator{ ··· 791 792 } 792 793 793 794 err = db.AddCollaborator(tx, models.Collaborator{ 794 794 - Did: syntax.DID(currentUser.Did), 795 795 + Did: syntax.DID(currentUser.Active.Did), 795 796 Rkey: rkey, 796 797 SubjectDid: collaboratorIdent.DID, 797 798 RepoAt: f.RepoAt(), ··· 821 822 } 822 823 823 824 func (rp *Repo) DeleteRepo(w http.ResponseWriter, r *http.Request) { 824 824 - user := rp.oauth.GetUser(r) 825 825 + user := rp.oauth.GetMultiAccountUser(r) 825 826 l := rp.logger.With("handler", "DeleteRepo") 826 827 827 828 noticeId := "operation-error" ··· 839 840 } 840 841 _, err = comatproto.RepoDeleteRecord(r.Context(), atpClient, &comatproto.RepoDeleteRecord_Input{ 841 842 Collection: tangled.RepoNSID, 842 842 - Repo: user.Did, 843 843 + Repo: user.Active.Did, 843 844 Rkey: f.Rkey, 844 845 }) 845 846 if err != nil { ··· 939 940 ref := chi.URLParam(r, "ref") 940 941 ref, _ = url.PathUnescape(ref) 941 942 942 942 - user := rp.oauth.GetUser(r) 943 943 + user := rp.oauth.GetMultiAccountUser(r) 943 944 f, err := rp.repoResolver.Resolve(r) 944 945 if err != nil { 945 946 l.Error("failed to resolve source repo", "err", err) ··· 968 969 r.Context(), 969 970 client, 970 971 &tangled.RepoForkSync_Input{ 971 971 - Did: user.Did, 972 972 + Did: user.Active.Did, 972 973 Name: f.Name, 973 974 Source: f.Source, 974 975 Branch: ref, ··· 987 988 func (rp *Repo) ForkRepo(w http.ResponseWriter, r *http.Request) { 988 989 l := rp.logger.With("handler", "ForkRepo") 989 990 990 990 - user := rp.oauth.GetUser(r) 991 991 + user := rp.oauth.GetMultiAccountUser(r) 991 992 f, err := rp.repoResolver.Resolve(r) 992 993 if err != nil { 993 994 l.Error("failed to resolve source repo", "err", err) ··· 996 997 997 998 switch r.Method { 998 999 case http.MethodGet: 999 999 - user := rp.oauth.GetUser(r) 1000 1000 - knots, err := rp.enforcer.GetKnotsForUser(user.Did) 1000 1000 + user := rp.oauth.GetMultiAccountUser(r) 1001 1001 + knots, err := rp.enforcer.GetKnotsForUser(user.Active.Did) 1001 1002 if err != nil { 1002 1003 rp.pages.Notice(w, "repo", "Invalid user account.") 1003 1004 return ··· 1019 1020 } 1020 1021 l = l.With("targetKnot", targetKnot) 1021 1022 1022 1022 - ok, err := rp.enforcer.E.Enforce(user.Did, targetKnot, targetKnot, "repo:create") 1023 1023 + ok, err := rp.enforcer.E.Enforce(user.Active.Did, targetKnot, targetKnot, "repo:create") 1023 1024 if err != nil || !ok { 1024 1025 rp.pages.Notice(w, "repo", "You do not have permission to create a repo in this knot.") 1025 1026 return ··· 1036 1037 // in the user's account. 1037 1038 existingRepo, err := db.GetRepo( 1038 1039 rp.db, 1039 1039 - db.FilterEq("did", user.Did), 1040 1040 - db.FilterEq("name", forkName), 1040 1040 + orm.FilterEq("did", user.Active.Did), 1041 1041 + orm.FilterEq("name", forkName), 1041 1042 ) 1042 1043 if err != nil { 1043 1044 if !errors.Is(err, sql.ErrNoRows) { ··· 1065 1066 // create an atproto record for this fork 1066 1067 rkey := tid.TID() 1067 1068 repo := &models.Repo{ 1068 1068 - Did: user.Did, 1069 1069 + Did: user.Active.Did, 1069 1070 Name: forkName, 1070 1071 Knot: targetKnot, 1071 1072 Rkey: rkey, ··· 1085 1086 1086 1087 atresp, err := comatproto.RepoPutRecord(r.Context(), atpClient, &comatproto.RepoPutRecord_Input{ 1087 1088 Collection: tangled.RepoNSID, 1088 1088 - Repo: user.Did, 1089 1089 + Repo: user.Active.Did, 1089 1090 Rkey: rkey, 1090 1091 Record: &lexutil.LexiconTypeDecoder{ 1091 1092 Val: &record, ··· 1164 1165 } 1165 1166 1166 1167 // acls 1167 1167 - p, _ := securejoin.SecureJoin(user.Did, forkName) 1168 1168 - err = rp.enforcer.AddRepo(user.Did, targetKnot, p) 1168 1168 + p, _ := securejoin.SecureJoin(user.Active.Did, forkName) 1169 1169 + err = rp.enforcer.AddRepo(user.Active.Did, targetKnot, p) 1169 1170 if err != nil { 1170 1171 l.Error("failed to add ACLs", "err", err) 1171 1172 rp.pages.Notice(w, "repo", "Failed to set up repository permissions.") ··· 1190 1191 aturi = "" 1191 1192 1192 1193 rp.notifier.NewRepo(r.Context(), repo) 1193 1193 - rp.pages.HxLocation(w, fmt.Sprintf("/%s/%s", user.Did, forkName)) 1194 1194 + rp.pages.HxLocation(w, fmt.Sprintf("/%s/%s", user.Active.Did, forkName)) 1194 1195 } 1195 1196 } 1196 1197

+5 -4

appview/repo/repo_util.go

··· 8 8 9 9 "tangled.org/core/appview/db" 10 10 "tangled.org/core/appview/models" 11 11 + "tangled.org/core/orm" 11 12 "tangled.org/core/types" 12 13 ) 13 14 ··· 102 103 ps, err := db.GetPipelineStatuses( 103 104 d, 104 105 len(shas), 105 105 - db.FilterEq("repo_owner", repo.Did), 106 106 - db.FilterEq("repo_name", repo.Name), 107 107 - db.FilterEq("knot", repo.Knot), 108 108 - db.FilterIn("sha", shas), 106 106 + orm.FilterEq("repo_owner", repo.Did), 107 107 + orm.FilterEq("repo_name", repo.Name), 108 108 + orm.FilterEq("knot", repo.Knot), 109 109 + orm.FilterIn("sha", shas), 109 110 ) 110 111 if err != nil { 111 112 return nil, err

+8 -7

appview/repo/settings.go

··· 14 14 "tangled.org/core/appview/oauth" 15 15 "tangled.org/core/appview/pages" 16 16 xrpcclient "tangled.org/core/appview/xrpcclient" 17 17 + "tangled.org/core/orm" 17 18 "tangled.org/core/types" 18 19 19 20 comatproto "github.com/bluesky-social/indigo/api/atproto" ··· 78 79 } 79 80 80 81 func (rp *Repo) Secrets(w http.ResponseWriter, r *http.Request) { 81 81 - user := rp.oauth.GetUser(r) 82 82 + user := rp.oauth.GetMultiAccountUser(r) 82 83 l := rp.logger.With("handler", "Secrets") 83 83 - l = l.With("did", user.Did) 84 84 + l = l.With("did", user.Active.Did) 84 85 85 86 f, err := rp.repoResolver.Resolve(r) 86 87 if err != nil { ··· 184 185 l := rp.logger.With("handler", "generalSettings") 185 186 186 187 f, err := rp.repoResolver.Resolve(r) 187 187 - user := rp.oauth.GetUser(r) 188 188 + user := rp.oauth.GetMultiAccountUser(r) 188 189 189 190 scheme := "http" 190 191 if !rp.config.Core.Dev { ··· 210 211 return 211 212 } 212 213 213 213 - defaultLabels, err := db.GetLabelDefinitions(rp.db, db.FilterIn("at_uri", rp.config.Label.DefaultLabelDefs)) 214 214 + defaultLabels, err := db.GetLabelDefinitions(rp.db, orm.FilterIn("at_uri", rp.config.Label.DefaultLabelDefs)) 214 215 if err != nil { 215 216 l.Error("failed to fetch labels", "err", err) 216 217 rp.pages.Error503(w) 217 218 return 218 219 } 219 220 220 220 - labels, err := db.GetLabelDefinitions(rp.db, db.FilterIn("at_uri", f.Labels)) 221 221 + labels, err := db.GetLabelDefinitions(rp.db, orm.FilterIn("at_uri", f.Labels)) 221 222 if err != nil { 222 223 l.Error("failed to fetch labels", "err", err) 223 224 rp.pages.Error503(w) ··· 270 271 l := rp.logger.With("handler", "accessSettings") 271 272 272 273 f, err := rp.repoResolver.Resolve(r) 273 273 - user := rp.oauth.GetUser(r) 274 274 + user := rp.oauth.GetMultiAccountUser(r) 274 275 275 276 collaborators, err := func(repo *models.Repo) ([]pages.Collaborator, error) { 276 277 repoCollaborators, err := rp.enforcer.E.GetImplicitUsersForResourceByDomain(repo.DidSlashRepo(), repo.Knot) ··· 317 318 l := rp.logger.With("handler", "pipelineSettings") 318 319 319 320 f, err := rp.repoResolver.Resolve(r) 320 320 - user := rp.oauth.GetUser(r) 321 321 + user := rp.oauth.GetMultiAccountUser(r) 321 322 322 323 // all spindles that the repo owner is a member of 323 324 spindles, err := rp.enforcer.GetSpindlesForUser(f.Did)

+3 -2

appview/repo/tags.go

··· 10 10 "tangled.org/core/appview/models" 11 11 "tangled.org/core/appview/pages" 12 12 xrpcclient "tangled.org/core/appview/xrpcclient" 13 13 + "tangled.org/core/orm" 13 14 "tangled.org/core/types" 14 15 15 16 indigoxrpc "github.com/bluesky-social/indigo/xrpc" ··· 44 45 rp.pages.Error503(w) 45 46 return 46 47 } 47 47 - artifacts, err := db.GetArtifact(rp.db, db.FilterEq("repo_at", f.RepoAt())) 48 48 + artifacts, err := db.GetArtifact(rp.db, orm.FilterEq("repo_at", f.RepoAt())) 48 49 if err != nil { 49 50 l.Error("failed grab artifacts", "err", err) 50 51 return ··· 68 69 danglingArtifacts = append(danglingArtifacts, a) 69 70 } 70 71 } 71 71 - user := rp.oauth.GetUser(r) 72 72 + user := rp.oauth.GetMultiAccountUser(r) 72 73 rp.pages.RepoTags(w, pages.RepoTagsParams{ 73 74 LoggedInUser: user, 74 75 RepoInfo: rp.repoResolver.GetRepoInfo(r, user),

+1 -1

appview/repo/tree.go

··· 88 88 http.Redirect(w, r, redirectTo, http.StatusFound) 89 89 return 90 90 } 91 91 - user := rp.oauth.GetUser(r) 91 91 + user := rp.oauth.GetMultiAccountUser(r) 92 92 var breadcrumbs [][]string 93 93 breadcrumbs = append(breadcrumbs, []string{f.Name, fmt.Sprintf("/%s/tree/%s", ownerSlashRepo, url.PathEscape(ref))}) 94 94 if treePath != "" {

+30 -5

appview/reporesolver/resolver.go

··· 55 55 // 2. [x] remove `rr`, `CurrentDir`, `Ref` fields from `ResolvedRepo` 56 56 // 3. [x] remove `ResolvedRepo` 57 57 // 4. [ ] replace reporesolver to reposervice 58 58 - func (rr *RepoResolver) GetRepoInfo(r *http.Request, user *oauth.User) repoinfo.RepoInfo { 58 58 + func (rr *RepoResolver) GetRepoInfo(r *http.Request, user *oauth.MultiAccountUser) repoinfo.RepoInfo { 59 59 ownerId, ook := r.Context().Value("resolvedId").(identity.Identity) 60 60 repo, rok := r.Context().Value("repo").(*models.Repo) 61 61 if !ook || !rok { ··· 63 63 } 64 64 65 65 // get dir/ref 66 66 - currentDir := path.Dir(extractPathAfterRef(r.URL.EscapedPath())) 66 66 + currentDir := extractCurrentDir(r.URL.EscapedPath()) 67 67 ref := chi.URLParam(r, "ref") 68 68 69 69 repoAt := repo.RepoAt() 70 70 isStarred := false 71 71 roles := repoinfo.RolesInRepo{} 72 72 - if user != nil { 73 73 - isStarred = db.GetStarStatus(rr.execer, user.Did, repoAt) 74 74 - roles.Roles = rr.enforcer.GetPermissionsInRepo(user.Did, repo.Knot, repo.DidSlashRepo()) 72 72 + if user != nil && user.Active != nil { 73 73 + isStarred = db.GetStarStatus(rr.execer, user.Active.Did, repoAt) 74 74 + roles.Roles = rr.enforcer.GetPermissionsInRepo(user.Active.Did, repo.Knot, repo.DidSlashRepo()) 75 75 } 76 76 77 77 stats := repo.RepoStats ··· 130 130 } 131 131 132 132 return repoInfo 133 133 + } 134 134 + 135 135 + // extractCurrentDir gets the current directory for markdown link resolution. 136 136 + // for blob paths, returns the parent dir. for tree paths, returns the path itself. 137 137 + // 138 138 + // /@user/repo/blob/main/docs/README.md => docs 139 139 + // /@user/repo/tree/main/docs => docs 140 140 + func extractCurrentDir(fullPath string) string { 141 141 + fullPath = strings.TrimPrefix(fullPath, "/") 142 142 + 143 143 + blobPattern := regexp.MustCompile(`blob/[^/]+/(.*)$`) 144 144 + if matches := blobPattern.FindStringSubmatch(fullPath); len(matches) > 1 { 145 145 + return path.Dir(matches[1]) 146 146 + } 147 147 + 148 148 + treePattern := regexp.MustCompile(`tree/[^/]+/(.*)$`) 149 149 + if matches := treePattern.FindStringSubmatch(fullPath); len(matches) > 1 { 150 150 + dir := strings.TrimSuffix(matches[1], "/") 151 151 + if dir == "" { 152 152 + return "." 153 153 + } 154 154 + return dir 155 155 + } 156 156 + 157 157 + return "." 133 158 } 134 159 135 160 // extractPathAfterRef gets the actual repository path

+22

appview/reporesolver/resolver_test.go

··· 1 1 + package reporesolver 2 2 + 3 3 + import "testing" 4 4 + 5 5 + func TestExtractCurrentDir(t *testing.T) { 6 6 + tests := []struct { 7 7 + path string 8 8 + want string 9 9 + }{ 10 10 + {"/@user/repo/blob/main/docs/README.md", "docs"}, 11 11 + {"/@user/repo/blob/main/README.md", "."}, 12 12 + {"/@user/repo/tree/main/docs", "docs"}, 13 13 + {"/@user/repo/tree/main/docs/", "docs"}, 14 14 + {"/@user/repo/tree/main", "."}, 15 15 + } 16 16 + 17 17 + for _, tt := range tests { 18 18 + if got := extractCurrentDir(tt.path); got != tt.want { 19 19 + t.Errorf("extractCurrentDir(%q) = %q, want %q", tt.path, got, tt.want) 20 20 + } 21 21 + } 22 22 + }

+5 -4

appview/serververify/verify.go

··· 9 9 "tangled.org/core/api/tangled" 10 10 "tangled.org/core/appview/db" 11 11 "tangled.org/core/appview/xrpcclient" 12 12 + "tangled.org/core/orm" 12 13 "tangled.org/core/rbac" 13 14 ) 14 15 ··· 76 77 // mark this spindle as verified in the db 77 78 rowId, err := db.VerifySpindle( 78 79 tx, 79 79 - db.FilterEq("owner", owner), 80 80 - db.FilterEq("instance", instance), 80 80 + orm.FilterEq("owner", owner), 81 81 + orm.FilterEq("instance", instance), 81 82 ) 82 83 if err != nil { 83 84 return 0, fmt.Errorf("failed to write to DB: %w", err) ··· 115 116 // mark as registered 116 117 err = db.MarkRegistered( 117 118 tx, 118 118 - db.FilterEq("did", owner), 119 119 - db.FilterEq("domain", domain), 119 119 + orm.FilterEq("did", owner), 120 120 + orm.FilterEq("domain", domain), 120 121 ) 121 122 if err != nil { 122 123 return fmt.Errorf("failed to register domain: %w", err)

+6 -6

appview/settings/settings.go

··· 81 81 } 82 82 83 83 func (s *Settings) profileSettings(w http.ResponseWriter, r *http.Request) { 84 84 - user := s.OAuth.GetUser(r) 84 84 + user := s.OAuth.GetMultiAccountUser(r) 85 85 86 86 s.Pages.UserProfileSettings(w, pages.UserProfileSettingsParams{ 87 87 LoggedInUser: user, ··· 91 91 } 92 92 93 93 func (s *Settings) notificationsSettings(w http.ResponseWriter, r *http.Request) { 94 94 - user := s.OAuth.GetUser(r) 94 94 + user := s.OAuth.GetMultiAccountUser(r) 95 95 did := s.OAuth.GetDid(r) 96 96 97 97 prefs, err := db.GetNotificationPreference(s.Db, did) ··· 137 137 } 138 138 139 139 func (s *Settings) keysSettings(w http.ResponseWriter, r *http.Request) { 140 140 - user := s.OAuth.GetUser(r) 141 141 - pubKeys, err := db.GetPublicKeysForDid(s.Db, user.Did) 140 140 + user := s.OAuth.GetMultiAccountUser(r) 141 141 + pubKeys, err := db.GetPublicKeysForDid(s.Db, user.Active.Did) 142 142 if err != nil { 143 143 log.Println(err) 144 144 } ··· 152 152 } 153 153 154 154 func (s *Settings) emailsSettings(w http.ResponseWriter, r *http.Request) { 155 155 - user := s.OAuth.GetUser(r) 156 156 - emails, err := db.GetAllEmails(s.Db, user.Did) 155 155 + user := s.OAuth.GetMultiAccountUser(r) 156 156 + emails, err := db.GetAllEmails(s.Db, user.Active.Did) 157 157 if err != nil { 158 158 log.Println(err) 159 159 }

+56 -60

appview/spindles/spindles.go

··· 20 20 "tangled.org/core/appview/serververify" 21 21 "tangled.org/core/appview/xrpcclient" 22 22 "tangled.org/core/idresolver" 23 23 + "tangled.org/core/orm" 23 24 "tangled.org/core/rbac" 24 25 "tangled.org/core/tid" 25 26 ··· 68 69 } 69 70 70 71 func (s *Spindles) spindles(w http.ResponseWriter, r *http.Request) { 71 71 - user := s.OAuth.GetUser(r) 72 72 + user := s.OAuth.GetMultiAccountUser(r) 72 73 all, err := db.GetSpindles( 73 74 s.Db, 74 74 - db.FilterEq("owner", user.Did), 75 75 + orm.FilterEq("owner", user.Active.Did), 75 76 ) 76 77 if err != nil { 77 78 s.Logger.Error("failed to fetch spindles", "err", err) ··· 90 91 func (s *Spindles) dashboard(w http.ResponseWriter, r *http.Request) { 91 92 l := s.Logger.With("handler", "dashboard") 92 93 93 93 - user := s.OAuth.GetUser(r) 94 94 - l = l.With("user", user.Did) 94 94 + user := s.OAuth.GetMultiAccountUser(r) 95 95 + l = l.With("user", user.Active.Did) 95 96 96 97 instance := chi.URLParam(r, "instance") 97 98 if instance == "" { ··· 101 102 102 103 spindles, err := db.GetSpindles( 103 104 s.Db, 104 104 - db.FilterEq("instance", instance), 105 105 - db.FilterEq("owner", user.Did), 106 106 - db.FilterIsNot("verified", "null"), 105 105 + orm.FilterEq("instance", instance), 106 106 + orm.FilterEq("owner", user.Active.Did), 107 107 + orm.FilterIsNot("verified", "null"), 107 108 ) 108 109 if err != nil || len(spindles) != 1 { 109 110 l.Error("failed to get spindle", "err", err, "len(spindles)", len(spindles)) ··· 123 124 repos, err := db.GetRepos( 124 125 s.Db, 125 126 0, 126 126 - db.FilterEq("spindle", instance), 127 127 + orm.FilterEq("spindle", instance), 127 128 ) 128 129 if err != nil { 129 130 l.Error("failed to get spindle repos", "err", err) ··· 154 155 // 155 156 // if the spindle is not up yet, the user is free to retry verification at a later point 156 157 func (s *Spindles) register(w http.ResponseWriter, r *http.Request) { 157 157 - user := s.OAuth.GetUser(r) 158 158 + user := s.OAuth.GetMultiAccountUser(r) 158 159 l := s.Logger.With("handler", "register") 159 160 160 161 noticeId := "register-error" ··· 175 176 return 176 177 } 177 178 l = l.With("instance", instance) 178 178 - l = l.With("user", user.Did) 179 179 + l = l.With("user", user.Active.Did) 179 180 180 181 tx, err := s.Db.Begin() 181 182 if err != nil { ··· 189 190 }() 190 191 191 192 err = db.AddSpindle(tx, models.Spindle{ 192 192 - Owner: syntax.DID(user.Did), 193 193 + Owner: syntax.DID(user.Active.Did), 193 194 Instance: instance, 194 195 }) 195 196 if err != nil { ··· 213 214 return 214 215 } 215 216 216 216 - ex, _ := comatproto.RepoGetRecord(r.Context(), client, "", tangled.SpindleNSID, user.Did, instance) 217 217 + ex, _ := comatproto.RepoGetRecord(r.Context(), client, "", tangled.SpindleNSID, user.Active.Did, instance) 217 218 var exCid *string 218 219 if ex != nil { 219 220 exCid = ex.Cid ··· 222 223 // re-announce by registering under same rkey 223 224 _, err = comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 224 225 Collection: tangled.SpindleNSID, 225 225 - Repo: user.Did, 226 226 + Repo: user.Active.Did, 226 227 Rkey: instance, 227 228 Record: &lexutil.LexiconTypeDecoder{ 228 229 Val: &tangled.Spindle{ ··· 253 254 } 254 255 255 256 // begin verification 256 256 - err = serververify.RunVerification(r.Context(), instance, user.Did, s.Config.Core.Dev) 257 257 + err = serververify.RunVerification(r.Context(), instance, user.Active.Did, s.Config.Core.Dev) 257 258 if err != nil { 258 259 l.Error("verification failed", "err", err) 259 260 s.Pages.HxRefresh(w) 260 261 return 261 262 } 262 263 263 263 - _, err = serververify.MarkSpindleVerified(s.Db, s.Enforcer, instance, user.Did) 264 264 + _, err = serververify.MarkSpindleVerified(s.Db, s.Enforcer, instance, user.Active.Did) 264 265 if err != nil { 265 266 l.Error("failed to mark verified", "err", err) 266 267 s.Pages.HxRefresh(w) ··· 272 273 } 273 274 274 275 func (s *Spindles) delete(w http.ResponseWriter, r *http.Request) { 275 275 - user := s.OAuth.GetUser(r) 276 276 + user := s.OAuth.GetMultiAccountUser(r) 276 277 l := s.Logger.With("handler", "delete") 277 278 278 279 noticeId := "operation-error" ··· 290 291 291 292 spindles, err := db.GetSpindles( 292 293 s.Db, 293 293 - db.FilterEq("owner", user.Did), 294 294 - db.FilterEq("instance", instance), 294 294 + orm.FilterEq("owner", user.Active.Did), 295 295 + orm.FilterEq("instance", instance), 295 296 ) 296 297 if err != nil || len(spindles) != 1 { 297 298 l.Error("failed to retrieve instance", "err", err, "len(spindles)", len(spindles)) ··· 299 300 return 300 301 } 301 302 302 302 - if string(spindles[0].Owner) != user.Did { 303 303 - l.Error("unauthorized", "user", user.Did, "owner", spindles[0].Owner) 303 303 + if string(spindles[0].Owner) != user.Active.Did { 304 304 + l.Error("unauthorized", "user", user.Active.Did, "owner", spindles[0].Owner) 304 305 s.Pages.Notice(w, noticeId, "Failed to delete spindle, unauthorized deletion attempt.") 305 306 return 306 307 } ··· 319 320 // remove spindle members first 320 321 err = db.RemoveSpindleMember( 321 322 tx, 322 322 - db.FilterEq("did", user.Did), 323 323 - db.FilterEq("instance", instance), 323 323 + orm.FilterEq("did", user.Active.Did), 324 324 + orm.FilterEq("instance", instance), 324 325 ) 325 326 if err != nil { 326 327 l.Error("failed to remove spindle members", "err", err) ··· 330 331 331 332 err = db.DeleteSpindle( 332 333 tx, 333 333 - db.FilterEq("owner", user.Did), 334 334 - db.FilterEq("instance", instance), 334 334 + orm.FilterEq("owner", user.Active.Did), 335 335 + orm.FilterEq("instance", instance), 335 336 ) 336 337 if err != nil { 337 338 l.Error("failed to delete spindle", "err", err) ··· 358 359 359 360 _, err = comatproto.RepoDeleteRecord(r.Context(), client, &comatproto.RepoDeleteRecord_Input{ 360 361 Collection: tangled.SpindleNSID, 361 361 - Repo: user.Did, 362 362 + Repo: user.Active.Did, 362 363 Rkey: instance, 363 364 }) 364 365 if err != nil { ··· 390 391 } 391 392 392 393 func (s *Spindles) retry(w http.ResponseWriter, r *http.Request) { 393 393 - user := s.OAuth.GetUser(r) 394 394 + user := s.OAuth.GetMultiAccountUser(r) 394 395 l := s.Logger.With("handler", "retry") 395 396 396 397 noticeId := "operation-error" ··· 406 407 return 407 408 } 408 409 l = l.With("instance", instance) 409 409 - l = l.With("user", user.Did) 410 410 + l = l.With("user", user.Active.Did) 410 411 411 412 spindles, err := db.GetSpindles( 412 413 s.Db, 413 413 - db.FilterEq("owner", user.Did), 414 414 - db.FilterEq("instance", instance), 414 414 + orm.FilterEq("owner", user.Active.Did), 415 415 + orm.FilterEq("instance", instance), 415 416 ) 416 417 if err != nil || len(spindles) != 1 { 417 418 l.Error("failed to retrieve instance", "err", err, "len(spindles)", len(spindles)) ··· 419 420 return 420 421 } 421 422 422 422 - if string(spindles[0].Owner) != user.Did { 423 423 - l.Error("unauthorized", "user", user.Did, "owner", spindles[0].Owner) 423 423 + if string(spindles[0].Owner) != user.Active.Did { 424 424 + l.Error("unauthorized", "user", user.Active.Did, "owner", spindles[0].Owner) 424 425 s.Pages.Notice(w, noticeId, "Failed to verify spindle, unauthorized verification attempt.") 425 426 return 426 427 } 427 428 428 429 // begin verification 429 429 - err = serververify.RunVerification(r.Context(), instance, user.Did, s.Config.Core.Dev) 430 430 + err = serververify.RunVerification(r.Context(), instance, user.Active.Did, s.Config.Core.Dev) 430 431 if err != nil { 431 432 l.Error("verification failed", "err", err) 432 433 ··· 444 445 return 445 446 } 446 447 447 447 - rowId, err := serververify.MarkSpindleVerified(s.Db, s.Enforcer, instance, user.Did) 448 448 + rowId, err := serververify.MarkSpindleVerified(s.Db, s.Enforcer, instance, user.Active.Did) 448 449 if err != nil { 449 450 l.Error("failed to mark verified", "err", err) 450 451 s.Pages.Notice(w, noticeId, err.Error()) ··· 453 454 454 455 verifiedSpindle, err := db.GetSpindles( 455 456 s.Db, 456 456 - db.FilterEq("id", rowId), 457 457 + orm.FilterEq("id", rowId), 457 458 ) 458 459 if err != nil || len(verifiedSpindle) != 1 { 459 460 l.Error("failed get new spindle", "err", err) ··· 472 473 } 473 474 474 475 func (s *Spindles) addMember(w http.ResponseWriter, r *http.Request) { 475 475 - user := s.OAuth.GetUser(r) 476 476 + user := s.OAuth.GetMultiAccountUser(r) 476 477 l := s.Logger.With("handler", "addMember") 477 478 478 479 instance := chi.URLParam(r, "instance") ··· 482 483 return 483 484 } 484 485 l = l.With("instance", instance) 485 485 - l = l.With("user", user.Did) 486 486 + l = l.With("user", user.Active.Did) 486 487 487 488 spindles, err := db.GetSpindles( 488 489 s.Db, 489 489 - db.FilterEq("owner", user.Did), 490 490 - db.FilterEq("instance", instance), 490 490 + orm.FilterEq("owner", user.Active.Did), 491 491 + orm.FilterEq("instance", instance), 491 492 ) 492 493 if err != nil || len(spindles) != 1 { 493 494 l.Error("failed to retrieve instance", "err", err, "len(spindles)", len(spindles)) ··· 501 502 s.Pages.Notice(w, noticeId, defaultErr) 502 503 } 503 504 504 504 - if string(spindles[0].Owner) != user.Did { 505 505 - l.Error("unauthorized", "user", user.Did, "owner", spindles[0].Owner) 505 505 + if string(spindles[0].Owner) != user.Active.Did { 506 506 + l.Error("unauthorized", "user", user.Active.Did, "owner", spindles[0].Owner) 506 507 s.Pages.Notice(w, noticeId, "Failed to add member, unauthorized attempt.") 507 508 return 508 509 } ··· 551 552 552 553 // add member to db 553 554 if err = db.AddSpindleMember(tx, models.SpindleMember{ 554 554 - Did: syntax.DID(user.Did), 555 555 + Did: syntax.DID(user.Active.Did), 555 556 Rkey: rkey, 556 557 Instance: instance, 557 558 Subject: memberId.DID, ··· 569 570 570 571 _, err = comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 571 572 Collection: tangled.SpindleMemberNSID, 572 572 - Repo: user.Did, 573 573 + Repo: user.Active.Did, 573 574 Rkey: rkey, 574 575 Record: &lexutil.LexiconTypeDecoder{ 575 576 Val: &tangled.SpindleMember{ ··· 602 603 } 603 604 604 605 func (s *Spindles) removeMember(w http.ResponseWriter, r *http.Request) { 605 605 - user := s.OAuth.GetUser(r) 606 606 + user := s.OAuth.GetMultiAccountUser(r) 606 607 l := s.Logger.With("handler", "removeMember") 607 608 608 609 noticeId := "operation-error" ··· 618 619 return 619 620 } 620 621 l = l.With("instance", instance) 621 621 - l = l.With("user", user.Did) 622 622 + l = l.With("user", user.Active.Did) 622 623 623 624 spindles, err := db.GetSpindles( 624 625 s.Db, 625 625 - db.FilterEq("owner", user.Did), 626 626 - db.FilterEq("instance", instance), 626 626 + orm.FilterEq("owner", user.Active.Did), 627 627 + orm.FilterEq("instance", instance), 627 628 ) 628 629 if err != nil || len(spindles) != 1 { 629 630 l.Error("failed to retrieve instance", "err", err, "len(spindles)", len(spindles)) ··· 631 632 return 632 633 } 633 634 634 634 - if string(spindles[0].Owner) != user.Did { 635 635 - l.Error("unauthorized", "user", user.Did, "owner", spindles[0].Owner) 635 635 + if string(spindles[0].Owner) != user.Active.Did { 636 636 + l.Error("unauthorized", "user", user.Active.Did, "owner", spindles[0].Owner) 636 637 s.Pages.Notice(w, noticeId, "Failed to remove member, unauthorized attempt.") 637 638 return 638 639 } ··· 649 650 memberId, err := s.IdResolver.ResolveIdent(r.Context(), member) 650 651 if err != nil { 651 652 l.Error("failed to resolve member identity to handle", "err", err) 652 652 - s.Pages.Notice(w, noticeId, "Failed to remove member, identity resolution failed.") 653 653 - return 654 654 - } 655 655 - if memberId.Handle.IsInvalidHandle() { 656 656 - l.Error("failed to resolve member identity to handle") 657 653 s.Pages.Notice(w, noticeId, "Failed to remove member, identity resolution failed.") 658 654 return 659 655 } ··· 672 668 // get the record from the DB first: 673 669 members, err := db.GetSpindleMembers( 674 670 s.Db, 675 675 - db.FilterEq("did", user.Did), 676 676 - db.FilterEq("instance", instance), 677 677 - db.FilterEq("subject", memberId.DID), 671 671 + orm.FilterEq("did", user.Active.Did), 672 672 + orm.FilterEq("instance", instance), 673 673 + orm.FilterEq("subject", memberId.DID), 678 674 ) 679 675 if err != nil || len(members) != 1 { 680 676 l.Error("failed to get member", "err", err) ··· 685 681 // remove from db 686 682 if err = db.RemoveSpindleMember( 687 683 tx, 688 688 - db.FilterEq("did", user.Did), 689 689 - db.FilterEq("instance", instance), 690 690 - db.FilterEq("subject", memberId.DID), 684 684 + orm.FilterEq("did", user.Active.Did), 685 685 + orm.FilterEq("instance", instance), 686 686 + orm.FilterEq("subject", memberId.DID), 691 687 ); err != nil { 692 688 l.Error("failed to remove spindle member", "err", err) 693 689 fail() ··· 711 707 // remove from pds 712 708 _, err = comatproto.RepoDeleteRecord(r.Context(), client, &comatproto.RepoDeleteRecord_Input{ 713 709 Collection: tangled.SpindleMemberNSID, 714 714 - Repo: user.Did, 710 710 + Repo: user.Active.Did, 715 711 Rkey: members[0].Rkey, 716 712 }) 717 713 if err != nil {

+83

appview/state/accounts.go

··· 1 1 + package state 2 2 + 3 3 + import ( 4 4 + "net/http" 5 5 + 6 6 + "github.com/go-chi/chi/v5" 7 7 + ) 8 8 + 9 9 + func (s *State) SwitchAccount(w http.ResponseWriter, r *http.Request) { 10 10 + l := s.logger.With("handler", "SwitchAccount") 11 11 + 12 12 + if err := r.ParseForm(); err != nil { 13 13 + l.Error("failed to parse form", "err", err) 14 14 + http.Error(w, "invalid request", http.StatusBadRequest) 15 15 + return 16 16 + } 17 17 + 18 18 + did := r.FormValue("did") 19 19 + if did == "" { 20 20 + http.Error(w, "missing did", http.StatusBadRequest) 21 21 + return 22 22 + } 23 23 + 24 24 + if err := s.oauth.SwitchAccount(w, r, did); err != nil { 25 25 + l.Error("failed to switch account", "err", err) 26 26 + s.pages.HxRedirect(w, "/login?error=session") 27 27 + return 28 28 + } 29 29 + 30 30 + l.Info("switched account", "did", did) 31 31 + s.pages.HxRedirect(w, "/") 32 32 + } 33 33 + 34 34 + func (s *State) RemoveAccount(w http.ResponseWriter, r *http.Request) { 35 35 + l := s.logger.With("handler", "RemoveAccount") 36 36 + 37 37 + did := chi.URLParam(r, "did") 38 38 + if did == "" { 39 39 + http.Error(w, "missing did", http.StatusBadRequest) 40 40 + return 41 41 + } 42 42 + 43 43 + currentUser := s.oauth.GetMultiAccountUser(r) 44 44 + isCurrentAccount := currentUser != nil && currentUser.Active.Did == did 45 45 + 46 46 + var remainingAccounts []string 47 47 + if currentUser != nil { 48 48 + for _, acc := range currentUser.Accounts { 49 49 + if acc.Did != did { 50 50 + remainingAccounts = append(remainingAccounts, acc.Did) 51 51 + } 52 52 + } 53 53 + } 54 54 + 55 55 + if err := s.oauth.RemoveAccount(w, r, did); err != nil { 56 56 + l.Error("failed to remove account", "err", err) 57 57 + http.Error(w, "failed to remove account", http.StatusInternalServerError) 58 58 + return 59 59 + } 60 60 + 61 61 + l.Info("removed account", "did", did) 62 62 + 63 63 + if isCurrentAccount { 64 64 + if len(remainingAccounts) > 0 { 65 65 + nextDid := remainingAccounts[0] 66 66 + if err := s.oauth.SwitchAccount(w, r, nextDid); err != nil { 67 67 + l.Error("failed to switch to next account", "err", err) 68 68 + s.pages.HxRedirect(w, "/login") 69 69 + return 70 70 + } 71 71 + s.pages.HxRefresh(w) 72 72 + return 73 73 + } 74 74 + 75 75 + if err := s.oauth.DeleteSession(w, r); err != nil { 76 76 + l.Error("failed to delete session", "err", err) 77 77 + } 78 78 + s.pages.HxRedirect(w, "/login") 79 79 + return 80 80 + } 81 81 + 82 82 + s.pages.HxRefresh(w) 83 83 + }

+7 -7

appview/state/follow.go

··· 15 15 ) 16 16 17 17 func (s *State) Follow(w http.ResponseWriter, r *http.Request) { 18 18 - currentUser := s.oauth.GetUser(r) 18 18 + currentUser := s.oauth.GetMultiAccountUser(r) 19 19 20 20 subject := r.URL.Query().Get("subject") 21 21 if subject == "" { ··· 29 29 return 30 30 } 31 31 32 32 - if currentUser.Did == subjectIdent.DID.String() { 32 32 + if currentUser.Active.Did == subjectIdent.DID.String() { 33 33 log.Println("cant follow or unfollow yourself") 34 34 return 35 35 } ··· 46 46 rkey := tid.TID() 47 47 resp, err := comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 48 48 Collection: tangled.GraphFollowNSID, 49 49 - Repo: currentUser.Did, 49 49 + Repo: currentUser.Active.Did, 50 50 Rkey: rkey, 51 51 Record: &lexutil.LexiconTypeDecoder{ 52 52 Val: &tangled.GraphFollow{ ··· 62 62 log.Println("created atproto record: ", resp.Uri) 63 63 64 64 follow := &models.Follow{ 65 65 - UserDid: currentUser.Did, 65 65 + UserDid: currentUser.Active.Did, 66 66 SubjectDid: subjectIdent.DID.String(), 67 67 Rkey: rkey, 68 68 } ··· 83 83 return 84 84 case http.MethodDelete: 85 85 // find the record in the db 86 86 - follow, err := db.GetFollow(s.db, currentUser.Did, subjectIdent.DID.String()) 86 86 + follow, err := db.GetFollow(s.db, currentUser.Active.Did, subjectIdent.DID.String()) 87 87 if err != nil { 88 88 log.Println("failed to get follow relationship") 89 89 return ··· 91 91 92 92 _, err = comatproto.RepoDeleteRecord(r.Context(), client, &comatproto.RepoDeleteRecord_Input{ 93 93 Collection: tangled.GraphFollowNSID, 94 94 - Repo: currentUser.Did, 94 94 + Repo: currentUser.Active.Did, 95 95 Rkey: follow.Rkey, 96 96 }) 97 97 ··· 100 100 return 101 101 } 102 102 103 103 - err = db.DeleteFollowByRkey(s.db, currentUser.Did, follow.Rkey) 103 103 + err = db.DeleteFollowByRkey(s.db, currentUser.Active.Did, follow.Rkey) 104 104 if err != nil { 105 105 log.Println("failed to delete follow from DB") 106 106 // this is not an issue, the firehose event might have already done this

+7 -6

appview/state/gfi.go

··· 11 11 "tangled.org/core/appview/pages" 12 12 "tangled.org/core/appview/pagination" 13 13 "tangled.org/core/consts" 14 14 + "tangled.org/core/orm" 14 15 ) 15 16 16 17 func (s *State) GoodFirstIssues(w http.ResponseWriter, r *http.Request) { 17 17 - user := s.oauth.GetUser(r) 18 18 + user := s.oauth.GetMultiAccountUser(r) 18 19 19 20 page := pagination.FromContext(r.Context()) 20 21 21 22 goodFirstIssueLabel := s.config.Label.GoodFirstIssue 22 23 23 23 - gfiLabelDef, err := db.GetLabelDefinition(s.db, db.FilterEq("at_uri", goodFirstIssueLabel)) 24 24 + gfiLabelDef, err := db.GetLabelDefinition(s.db, orm.FilterEq("at_uri", goodFirstIssueLabel)) 24 25 if err != nil { 25 26 log.Println("failed to get gfi label def", err) 26 27 s.pages.Error500(w) 27 28 return 28 29 } 29 30 30 30 - repoLabels, err := db.GetRepoLabels(s.db, db.FilterEq("label_at", goodFirstIssueLabel)) 31 31 + repoLabels, err := db.GetRepoLabels(s.db, orm.FilterEq("label_at", goodFirstIssueLabel)) 31 32 if err != nil { 32 33 log.Println("failed to get repo labels", err) 33 34 s.pages.Error503(w) ··· 55 56 pagination.Page{ 56 57 Limit: 500, 57 58 }, 58 58 - db.FilterIn("repo_at", repoUris), 59 59 - db.FilterEq("open", 1), 59 59 + orm.FilterIn("repo_at", repoUris), 60 60 + orm.FilterEq("open", 1), 60 61 ) 61 62 if err != nil { 62 63 log.Println("failed to get issues", err) ··· 132 133 } 133 134 134 135 if len(uriList) > 0 { 135 135 - allLabelDefs, err = db.GetLabelDefinitions(s.db, db.FilterIn("at_uri", uriList)) 136 136 + allLabelDefs, err = db.GetLabelDefinitions(s.db, orm.FilterIn("at_uri", uriList)) 136 137 if err != nil { 137 138 log.Println("failed to fetch labels", err) 138 139 }

+17

appview/state/git_http.go

··· 25 25 26 26 } 27 27 28 28 + func (s *State) UploadArchive(w http.ResponseWriter, r *http.Request) { 29 29 + user, ok := r.Context().Value("resolvedId").(identity.Identity) 30 30 + if !ok { 31 31 + http.Error(w, "failed to resolve user", http.StatusInternalServerError) 32 32 + return 33 33 + } 34 34 + repo := r.Context().Value("repo").(*models.Repo) 35 35 + 36 36 + scheme := "https" 37 37 + if s.config.Core.Dev { 38 38 + scheme = "http" 39 39 + } 40 40 + 41 41 + targetURL := fmt.Sprintf("%s://%s/%s/%s/git-upload-archive?%s", scheme, repo.Knot, user.DID, repo.Name, r.URL.RawQuery) 42 42 + s.proxyRequest(w, r, targetURL) 43 43 + } 44 44 + 28 45 func (s *State) UploadPack(w http.ResponseWriter, r *http.Request) { 29 46 user, ok := r.Context().Value("resolvedId").(identity.Identity) 30 47 if !ok {

+6 -5

appview/state/knotstream.go

··· 16 16 ec "tangled.org/core/eventconsumer" 17 17 "tangled.org/core/eventconsumer/cursor" 18 18 "tangled.org/core/log" 19 19 + "tangled.org/core/orm" 19 20 "tangled.org/core/rbac" 20 21 "tangled.org/core/workflow" 21 22 ··· 30 31 31 32 knots, err := db.GetRegistrations( 32 33 d, 33 33 - db.FilterIsNot("registered", "null"), 34 34 + orm.FilterIsNot("registered", "null"), 34 35 ) 35 36 if err != nil { 36 37 return nil, err ··· 143 144 repos, err := db.GetRepos( 144 145 d, 145 146 0, 146 146 - db.FilterEq("did", record.RepoDid), 147 147 - db.FilterEq("name", record.RepoName), 147 147 + orm.FilterEq("did", record.RepoDid), 148 148 + orm.FilterEq("name", record.RepoName), 148 149 ) 149 150 if err != nil { 150 151 return fmt.Errorf("failed to look for repo in DB (%s/%s): %w", record.RepoDid, record.RepoName, err) ··· 209 210 repos, err := db.GetRepos( 210 211 d, 211 212 0, 212 212 - db.FilterEq("did", record.TriggerMetadata.Repo.Did), 213 213 - db.FilterEq("name", record.TriggerMetadata.Repo.Repo), 213 213 + orm.FilterEq("did", record.TriggerMetadata.Repo.Did), 214 214 + orm.FilterEq("name", record.TriggerMetadata.Repo.Repo), 214 215 ) 215 216 if err != nil { 216 217 return fmt.Errorf("failed to look for repo in DB: nsid %s, rkey %s, %w", msg.Nsid, msg.Rkey, err)

+57 -7

appview/state/login.go

··· 5 5 "net/http" 6 6 "strings" 7 7 8 8 + "tangled.org/core/appview/oauth" 8 9 "tangled.org/core/appview/pages" 9 10 ) 10 11 ··· 15 16 case http.MethodGet: 16 17 returnURL := r.URL.Query().Get("return_url") 17 18 errorCode := r.URL.Query().Get("error") 19 19 + addAccount := r.URL.Query().Get("mode") == "add_account" 20 20 + 21 21 + user := s.oauth.GetMultiAccountUser(r) 22 22 + if user == nil { 23 23 + registry := s.oauth.GetAccounts(r) 24 24 + if len(registry.Accounts) > 0 { 25 25 + user = &oauth.MultiAccountUser{ 26 26 + Active: nil, 27 27 + Accounts: registry.Accounts, 28 28 + } 29 29 + } 30 30 + } 18 31 s.pages.Login(w, pages.LoginParams{ 19 19 - ReturnUrl: returnURL, 20 20 - ErrorCode: errorCode, 32 32 + ReturnUrl: returnURL, 33 33 + ErrorCode: errorCode, 34 34 + AddAccount: addAccount, 35 35 + LoggedInUser: user, 21 36 }) 22 37 case http.MethodPost: 23 38 handle := r.FormValue("handle") 39 39 + returnURL := r.FormValue("return_url") 40 40 + addAccount := r.FormValue("add_account") == "true" 24 41 25 42 // when users copy their handle from bsky.app, it tends to have these characters around it: 26 43 // ··· 44 61 return 45 62 } 46 63 64 64 + if err := s.oauth.SetAuthReturn(w, r, returnURL, addAccount); err != nil { 65 65 + l.Error("failed to set auth return", "err", err) 66 66 + } 67 67 + 47 68 redirectURL, err := s.oauth.ClientApp.StartAuthFlow(r.Context(), handle) 48 69 if err != nil { 49 70 l.Error("failed to start auth", "err", err) ··· 58 79 func (s *State) Logout(w http.ResponseWriter, r *http.Request) { 59 80 l := s.logger.With("handler", "Logout") 60 81 61 61 - err := s.oauth.DeleteSession(w, r) 62 62 - if err != nil { 63 63 - l.Error("failed to logout", "err", err) 64 64 - } else { 65 65 - l.Info("logged out successfully") 82 82 + currentUser := s.oauth.GetMultiAccountUser(r) 83 83 + if currentUser == nil || currentUser.Active == nil { 84 84 + s.pages.HxRedirect(w, "/login") 85 85 + return 66 86 } 67 87 88 88 + currentDid := currentUser.Active.Did 89 89 + 90 90 + var remainingAccounts []string 91 91 + for _, acc := range currentUser.Accounts { 92 92 + if acc.Did != currentDid { 93 93 + remainingAccounts = append(remainingAccounts, acc.Did) 94 94 + } 95 95 + } 96 96 + 97 97 + if err := s.oauth.RemoveAccount(w, r, currentDid); err != nil { 98 98 + l.Error("failed to remove account from registry", "err", err) 99 99 + } 100 100 + 101 101 + if err := s.oauth.DeleteSession(w, r); err != nil { 102 102 + l.Error("failed to delete session", "err", err) 103 103 + } 104 104 + 105 105 + if len(remainingAccounts) > 0 { 106 106 + nextDid := remainingAccounts[0] 107 107 + if err := s.oauth.SwitchAccount(w, r, nextDid); err != nil { 108 108 + l.Error("failed to switch to next account", "err", err) 109 109 + s.pages.HxRedirect(w, "/login") 110 110 + return 111 111 + } 112 112 + l.Info("switched to next account after logout", "did", nextDid) 113 113 + s.pages.HxRefresh(w) 114 114 + return 115 115 + } 116 116 + 117 117 + l.Info("logged out last account") 68 118 s.pages.HxRedirect(w, "/login") 69 119 }

+50 -47

appview/state/profile.go

··· 19 19 "tangled.org/core/appview/db" 20 20 "tangled.org/core/appview/models" 21 21 "tangled.org/core/appview/pages" 22 22 + "tangled.org/core/orm" 22 23 ) 23 24 24 25 func (s *State) Profile(w http.ResponseWriter, r *http.Request) { ··· 56 57 return nil, fmt.Errorf("failed to get profile: %w", err) 57 58 } 58 59 59 59 - repoCount, err := db.CountRepos(s.db, db.FilterEq("did", did)) 60 60 + repoCount, err := db.CountRepos(s.db, orm.FilterEq("did", did)) 60 61 if err != nil { 61 62 return nil, fmt.Errorf("failed to get repo count: %w", err) 62 63 } 63 64 64 64 - stringCount, err := db.CountStrings(s.db, db.FilterEq("did", did)) 65 65 + stringCount, err := db.CountStrings(s.db, orm.FilterEq("did", did)) 65 66 if err != nil { 66 67 return nil, fmt.Errorf("failed to get string count: %w", err) 67 68 } 68 69 69 69 - starredCount, err := db.CountStars(s.db, db.FilterEq("did", did)) 70 70 + starredCount, err := db.CountStars(s.db, orm.FilterEq("did", did)) 70 71 if err != nil { 71 72 return nil, fmt.Errorf("failed to get starred repo count: %w", err) 72 73 } ··· 76 77 return nil, fmt.Errorf("failed to get follower stats: %w", err) 77 78 } 78 79 79 79 - loggedInUser := s.oauth.GetUser(r) 80 80 + loggedInUser := s.oauth.GetMultiAccountUser(r) 80 81 followStatus := models.IsNotFollowing 81 82 if loggedInUser != nil { 82 82 - followStatus = db.GetFollowStatus(s.db, loggedInUser.Did, did) 83 83 + followStatus = db.GetFollowStatus(s.db, loggedInUser.Active.Did, did) 83 84 } 84 85 85 86 now := time.Now() 86 87 startOfYear := time.Date(now.Year(), 1, 1, 0, 0, 0, 0, time.UTC) 87 88 punchcard, err := db.MakePunchcard( 88 89 s.db, 89 89 - db.FilterEq("did", did), 90 90 - db.FilterGte("date", startOfYear.Format(time.DateOnly)), 91 91 - db.FilterLte("date", now.Format(time.DateOnly)), 90 90 + orm.FilterEq("did", did), 91 91 + orm.FilterGte("date", startOfYear.Format(time.DateOnly)), 92 92 + orm.FilterLte("date", now.Format(time.DateOnly)), 92 93 ) 93 94 if err != nil { 94 95 return nil, fmt.Errorf("failed to get punchcard for %s: %w", did, err) ··· 123 124 repos, err := db.GetRepos( 124 125 s.db, 125 126 0, 126 126 - db.FilterEq("did", profile.UserDid), 127 127 + orm.FilterEq("did", profile.UserDid), 127 128 ) 128 129 if err != nil { 129 130 l.Error("failed to fetch repos", "err", err) ··· 162 163 } 163 164 164 165 // populate commit counts in the timeline, using the punchcard 165 165 - currentMonth := time.Now().Month() 166 166 + now := time.Now() 166 167 for _, p := range profile.Punchcard.Punches { 167 167 - idx := currentMonth - p.Date.Month() 168 168 - if int(idx) < len(timeline.ByMonth) { 169 169 - timeline.ByMonth[idx].Commits += p.Count 168 168 + years := now.Year() - p.Date.Year() 169 169 + months := int(now.Month() - p.Date.Month()) 170 170 + monthsAgo := years*12 + months 171 171 + if monthsAgo >= 0 && monthsAgo < len(timeline.ByMonth) { 172 172 + timeline.ByMonth[monthsAgo].Commits += p.Count 170 173 } 171 174 } 172 175 173 176 s.pages.ProfileOverview(w, pages.ProfileOverviewParams{ 174 174 - LoggedInUser: s.oauth.GetUser(r), 177 177 + LoggedInUser: s.oauth.GetMultiAccountUser(r), 175 178 Card: profile, 176 179 Repos: pinnedRepos, 177 180 CollaboratingRepos: pinnedCollaboratingRepos, ··· 193 196 repos, err := db.GetRepos( 194 197 s.db, 195 198 0, 196 196 - db.FilterEq("did", profile.UserDid), 199 199 + orm.FilterEq("did", profile.UserDid), 197 200 ) 198 201 if err != nil { 199 202 l.Error("failed to get repos", "err", err) ··· 202 205 } 203 206 204 207 err = s.pages.ProfileRepos(w, pages.ProfileReposParams{ 205 205 - LoggedInUser: s.oauth.GetUser(r), 208 208 + LoggedInUser: s.oauth.GetMultiAccountUser(r), 206 209 Repos: repos, 207 210 Card: profile, 208 211 }) ··· 219 222 } 220 223 l = l.With("profileDid", profile.UserDid) 221 224 222 222 - stars, err := db.GetRepoStars(s.db, 0, db.FilterEq("did", profile.UserDid)) 225 225 + stars, err := db.GetRepoStars(s.db, 0, orm.FilterEq("did", profile.UserDid)) 223 226 if err != nil { 224 227 l.Error("failed to get stars", "err", err) 225 228 s.pages.Error500(w) ··· 231 234 } 232 235 233 236 err = s.pages.ProfileStarred(w, pages.ProfileStarredParams{ 234 234 - LoggedInUser: s.oauth.GetUser(r), 237 237 + LoggedInUser: s.oauth.GetMultiAccountUser(r), 235 238 Repos: repos, 236 239 Card: profile, 237 240 }) ··· 248 251 } 249 252 l = l.With("profileDid", profile.UserDid) 250 253 251 251 - strings, err := db.GetStrings(s.db, 0, db.FilterEq("did", profile.UserDid)) 254 254 + strings, err := db.GetStrings(s.db, 0, orm.FilterEq("did", profile.UserDid)) 252 255 if err != nil { 253 256 l.Error("failed to get strings", "err", err) 254 257 s.pages.Error500(w) ··· 256 259 } 257 260 258 261 err = s.pages.ProfileStrings(w, pages.ProfileStringsParams{ 259 259 - LoggedInUser: s.oauth.GetUser(r), 262 262 + LoggedInUser: s.oauth.GetMultiAccountUser(r), 260 263 Strings: strings, 261 264 Card: profile, 262 265 }) ··· 280 283 } 281 284 l = l.With("profileDid", profile.UserDid) 282 285 283 283 - loggedInUser := s.oauth.GetUser(r) 286 286 + loggedInUser := s.oauth.GetMultiAccountUser(r) 284 287 params := FollowsPageParams{ 285 288 Card: profile, 286 289 } ··· 300 303 followDids = append(followDids, extractDid(follow)) 301 304 } 302 305 303 303 - profiles, err := db.GetProfiles(s.db, db.FilterIn("did", followDids)) 306 306 + profiles, err := db.GetProfiles(s.db, orm.FilterIn("did", followDids)) 304 307 if err != nil { 305 308 l.Error("failed to get profiles", "followDids", followDids, "err", err) 306 309 return &params, err ··· 313 316 314 317 loggedInUserFollowing := make(map[string]struct{}) 315 318 if loggedInUser != nil { 316 316 - following, err := db.GetFollowing(s.db, loggedInUser.Did) 319 319 + following, err := db.GetFollowing(s.db, loggedInUser.Active.Did) 317 320 if err != nil { 318 318 - l.Error("failed to get follow list", "err", err, "loggedInUser", loggedInUser.Did) 321 321 + l.Error("failed to get follow list", "err", err, "loggedInUser", loggedInUser.Active.Did) 319 322 return &params, err 320 323 } 321 324 loggedInUserFollowing = make(map[string]struct{}, len(following)) ··· 330 333 followStatus := models.IsNotFollowing 331 334 if _, exists := loggedInUserFollowing[did]; exists { 332 335 followStatus = models.IsFollowing 333 333 - } else if loggedInUser != nil && loggedInUser.Did == did { 336 336 + } else if loggedInUser != nil && loggedInUser.Active.Did == did { 334 337 followStatus = models.IsSelf 335 338 } 336 339 ··· 364 367 } 365 368 366 369 s.pages.ProfileFollowers(w, pages.ProfileFollowersParams{ 367 367 - LoggedInUser: s.oauth.GetUser(r), 370 370 + LoggedInUser: s.oauth.GetMultiAccountUser(r), 368 371 Followers: followPage.Follows, 369 372 Card: followPage.Card, 370 373 }) ··· 378 381 } 379 382 380 383 s.pages.ProfileFollowing(w, pages.ProfileFollowingParams{ 381 381 - LoggedInUser: s.oauth.GetUser(r), 384 384 + LoggedInUser: s.oauth.GetMultiAccountUser(r), 382 385 Following: followPage.Follows, 383 386 Card: followPage.Card, 384 387 }) ··· 527 530 } 528 531 529 532 func (s *State) UpdateProfileBio(w http.ResponseWriter, r *http.Request) { 530 530 - user := s.oauth.GetUser(r) 533 533 + user := s.oauth.GetMultiAccountUser(r) 531 534 532 535 err := r.ParseForm() 533 536 if err != nil { ··· 536 539 return 537 540 } 538 541 539 539 - profile, err := db.GetProfile(s.db, user.Did) 542 542 + profile, err := db.GetProfile(s.db, user.Active.Did) 540 543 if err != nil { 541 541 - log.Printf("getting profile data for %s: %s", user.Did, err) 544 544 + log.Printf("getting profile data for %s: %s", user.Active.Did, err) 542 545 } 543 546 544 547 profile.Description = r.FormValue("description") ··· 575 578 } 576 579 577 580 func (s *State) UpdateProfilePins(w http.ResponseWriter, r *http.Request) { 578 578 - user := s.oauth.GetUser(r) 581 581 + user := s.oauth.GetMultiAccountUser(r) 579 582 580 583 err := r.ParseForm() 581 584 if err != nil { ··· 584 587 return 585 588 } 586 589 587 587 - profile, err := db.GetProfile(s.db, user.Did) 590 590 + profile, err := db.GetProfile(s.db, user.Active.Did) 588 591 if err != nil { 589 589 - log.Printf("getting profile data for %s: %s", user.Did, err) 592 592 + log.Printf("getting profile data for %s: %s", user.Active.Did, err) 590 593 } 591 594 592 595 i := 0 ··· 614 617 } 615 618 616 619 func (s *State) updateProfile(profile *models.Profile, w http.ResponseWriter, r *http.Request) { 617 617 - user := s.oauth.GetUser(r) 620 620 + user := s.oauth.GetMultiAccountUser(r) 618 621 tx, err := s.db.BeginTx(r.Context(), nil) 619 622 if err != nil { 620 623 log.Println("failed to start transaction", err) ··· 641 644 vanityStats = append(vanityStats, string(v.Kind)) 642 645 } 643 646 644 644 - ex, _ := comatproto.RepoGetRecord(r.Context(), client, "", tangled.ActorProfileNSID, user.Did, "self") 647 647 + ex, _ := comatproto.RepoGetRecord(r.Context(), client, "", tangled.ActorProfileNSID, user.Active.Did, "self") 645 648 var cid *string 646 649 if ex != nil { 647 650 cid = ex.Cid ··· 649 652 650 653 _, err = comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 651 654 Collection: tangled.ActorProfileNSID, 652 652 - Repo: user.Did, 655 655 + Repo: user.Active.Did, 653 656 Rkey: "self", 654 657 Record: &lexutil.LexiconTypeDecoder{ 655 658 Val: &tangled.ActorProfile{ ··· 678 681 679 682 s.notifier.UpdateProfile(r.Context(), profile) 680 683 681 681 - s.pages.HxRedirect(w, "/"+user.Did) 684 684 + s.pages.HxRedirect(w, "/"+user.Active.Did) 682 685 } 683 686 684 687 func (s *State) EditBioFragment(w http.ResponseWriter, r *http.Request) { 685 685 - user := s.oauth.GetUser(r) 688 688 + user := s.oauth.GetMultiAccountUser(r) 686 689 687 687 - profile, err := db.GetProfile(s.db, user.Did) 690 690 + profile, err := db.GetProfile(s.db, user.Active.Did) 688 691 if err != nil { 689 689 - log.Printf("getting profile data for %s: %s", user.Did, err) 692 692 + log.Printf("getting profile data for %s: %s", user.Active.Did, err) 690 693 } 691 694 692 695 s.pages.EditBioFragment(w, pages.EditBioParams{ ··· 696 699 } 697 700 698 701 func (s *State) EditPinsFragment(w http.ResponseWriter, r *http.Request) { 699 699 - user := s.oauth.GetUser(r) 702 702 + user := s.oauth.GetMultiAccountUser(r) 700 703 701 701 - profile, err := db.GetProfile(s.db, user.Did) 704 704 + profile, err := db.GetProfile(s.db, user.Active.Did) 702 705 if err != nil { 703 703 - log.Printf("getting profile data for %s: %s", user.Did, err) 706 706 + log.Printf("getting profile data for %s: %s", user.Active.Did, err) 704 707 } 705 708 706 706 - repos, err := db.GetRepos(s.db, 0, db.FilterEq("did", user.Did)) 709 709 + repos, err := db.GetRepos(s.db, 0, orm.FilterEq("did", user.Active.Did)) 707 710 if err != nil { 708 708 - log.Printf("getting repos for %s: %s", user.Did, err) 711 711 + log.Printf("getting repos for %s: %s", user.Active.Did, err) 709 712 } 710 713 711 711 - collaboratingRepos, err := db.CollaboratingIn(s.db, user.Did) 714 714 + collaboratingRepos, err := db.CollaboratingIn(s.db, user.Active.Did) 712 715 if err != nil { 713 713 - log.Printf("getting collaborating repos for %s: %s", user.Did, err) 716 716 + log.Printf("getting collaborating repos for %s: %s", user.Active.Did, err) 714 717 } 715 718 716 719 allRepos := []pages.PinnedRepo{}

+7 -7

appview/state/reaction.go

··· 17 17 ) 18 18 19 19 func (s *State) React(w http.ResponseWriter, r *http.Request) { 20 20 - currentUser := s.oauth.GetUser(r) 20 20 + currentUser := s.oauth.GetMultiAccountUser(r) 21 21 22 22 subject := r.URL.Query().Get("subject") 23 23 if subject == "" { ··· 49 49 rkey := tid.TID() 50 50 resp, err := comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 51 51 Collection: tangled.FeedReactionNSID, 52 52 - Repo: currentUser.Did, 52 52 + Repo: currentUser.Active.Did, 53 53 Rkey: rkey, 54 54 Record: &lexutil.LexiconTypeDecoder{ 55 55 Val: &tangled.FeedReaction{ ··· 64 64 return 65 65 } 66 66 67 67 - err = db.AddReaction(s.db, currentUser.Did, subjectUri, reactionKind, rkey) 67 67 + err = db.AddReaction(s.db, currentUser.Active.Did, subjectUri, reactionKind, rkey) 68 68 if err != nil { 69 69 log.Println("failed to react", err) 70 70 return ··· 87 87 88 88 return 89 89 case http.MethodDelete: 90 90 - reaction, err := db.GetReaction(s.db, currentUser.Did, subjectUri, reactionKind) 90 90 + reaction, err := db.GetReaction(s.db, currentUser.Active.Did, subjectUri, reactionKind) 91 91 if err != nil { 92 92 - log.Println("failed to get reaction relationship for", currentUser.Did, subjectUri) 92 92 + log.Println("failed to get reaction relationship for", currentUser.Active.Did, subjectUri) 93 93 return 94 94 } 95 95 96 96 _, err = comatproto.RepoDeleteRecord(r.Context(), client, &comatproto.RepoDeleteRecord_Input{ 97 97 Collection: tangled.FeedReactionNSID, 98 98 - Repo: currentUser.Did, 98 98 + Repo: currentUser.Active.Did, 99 99 Rkey: reaction.Rkey, 100 100 }) 101 101 ··· 104 104 return 105 105 } 106 106 107 107 - err = db.DeleteReactionByRkey(s.db, currentUser.Did, reaction.Rkey) 107 107 + err = db.DeleteReactionByRkey(s.db, currentUser.Active.Did, reaction.Rkey) 108 108 if err != nil { 109 109 log.Println("failed to delete reaction from DB") 110 110 // this is not an issue, the firehose event might have already done this

+10 -2

appview/state/router.go

··· 101 101 102 102 // These routes get proxied to the knot 103 103 r.Get("/info/refs", s.InfoRefs) 104 104 + r.Post("/git-upload-archive", s.UploadArchive) 104 105 r.Post("/git-upload-pack", s.UploadPack) 105 106 r.Post("/git-receive-pack", s.ReceivePack) 106 107 ··· 108 109 }) 109 110 110 111 r.NotFound(func(w http.ResponseWriter, r *http.Request) { 112 112 + w.WriteHeader(http.StatusNotFound) 111 113 s.pages.Error404(w) 112 114 }) 113 115 ··· 130 132 r.Post("/login", s.Login) 131 133 r.Post("/logout", s.Logout) 132 134 135 135 + r.With(middleware.AuthMiddleware(s.oauth)).Route("/account", func(r chi.Router) { 136 136 + r.Post("/switch", s.SwitchAccount) 137 137 + r.Delete("/{did}", s.RemoveAccount) 138 138 + }) 139 139 + 133 140 r.Route("/repo", func(r chi.Router) { 134 141 r.Route("/new", func(r chi.Router) { 135 142 r.Use(middleware.AuthMiddleware(s.oauth)) ··· 181 188 r.Get("/brand", s.Brand) 182 189 183 190 r.NotFound(func(w http.ResponseWriter, r *http.Request) { 191 191 + w.WriteHeader(http.StatusNotFound) 184 192 s.pages.Error404(w) 185 193 }) 186 194 return r ··· 266 274 s.enforcer, 267 275 s.pages, 268 276 s.idResolver, 269 269 - s.refResolver, 277 277 + s.mentionsResolver, 270 278 s.db, 271 279 s.config, 272 280 s.notifier, ··· 283 291 s.repoResolver, 284 292 s.pages, 285 293 s.idResolver, 286 286 - s.refResolver, 294 294 + s.mentionsResolver, 287 295 s.db, 288 296 s.config, 289 297 s.notifier,

+2 -1

appview/state/spindlestream.go

··· 17 17 ec "tangled.org/core/eventconsumer" 18 18 "tangled.org/core/eventconsumer/cursor" 19 19 "tangled.org/core/log" 20 20 + "tangled.org/core/orm" 20 21 "tangled.org/core/rbac" 21 22 spindle "tangled.org/core/spindle/models" 22 23 ) ··· 27 28 28 29 spindles, err := db.GetSpindles( 29 30 d, 30 30 - db.FilterIsNot("verified", "null"), 31 31 + orm.FilterIsNot("verified", "null"), 31 32 ) 32 33 if err != nil { 33 34 return nil, err

+6 -6

appview/state/star.go

··· 16 16 ) 17 17 18 18 func (s *State) Star(w http.ResponseWriter, r *http.Request) { 19 19 - currentUser := s.oauth.GetUser(r) 19 19 + currentUser := s.oauth.GetMultiAccountUser(r) 20 20 21 21 subject := r.URL.Query().Get("subject") 22 22 if subject == "" { ··· 42 42 rkey := tid.TID() 43 43 resp, err := comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 44 44 Collection: tangled.FeedStarNSID, 45 45 - Repo: currentUser.Did, 45 45 + Repo: currentUser.Active.Did, 46 46 Rkey: rkey, 47 47 Record: &lexutil.LexiconTypeDecoder{ 48 48 Val: &tangled.FeedStar{ ··· 57 57 log.Println("created atproto record: ", resp.Uri) 58 58 59 59 star := &models.Star{ 60 60 - Did: currentUser.Did, 60 60 + Did: currentUser.Active.Did, 61 61 RepoAt: subjectUri, 62 62 Rkey: rkey, 63 63 } ··· 84 84 return 85 85 case http.MethodDelete: 86 86 // find the record in the db 87 87 - star, err := db.GetStar(s.db, currentUser.Did, subjectUri) 87 87 + star, err := db.GetStar(s.db, currentUser.Active.Did, subjectUri) 88 88 if err != nil { 89 89 log.Println("failed to get star relationship") 90 90 return ··· 92 92 93 93 _, err = comatproto.RepoDeleteRecord(r.Context(), client, &comatproto.RepoDeleteRecord_Input{ 94 94 Collection: tangled.FeedStarNSID, 95 95 - Repo: currentUser.Did, 95 95 + Repo: currentUser.Active.Did, 96 96 Rkey: star.Rkey, 97 97 }) 98 98 ··· 101 101 return 102 102 } 103 103 104 104 - err = db.DeleteStarByRkey(s.db, currentUser.Did, star.Rkey) 104 104 + err = db.DeleteStarByRkey(s.db, currentUser.Active.Did, star.Rkey) 105 105 if err != nil { 106 106 log.Println("failed to delete star from DB") 107 107 // this is not an issue, the firehose event might have already done this

+47 -46

appview/state/state.go

··· 15 15 "tangled.org/core/appview/config" 16 16 "tangled.org/core/appview/db" 17 17 "tangled.org/core/appview/indexer" 18 18 + "tangled.org/core/appview/mentions" 18 19 "tangled.org/core/appview/models" 19 20 "tangled.org/core/appview/notify" 20 21 dbnotify "tangled.org/core/appview/notify/db" 21 22 phnotify "tangled.org/core/appview/notify/posthog" 22 23 "tangled.org/core/appview/oauth" 23 24 "tangled.org/core/appview/pages" 24 24 - "tangled.org/core/appview/refresolver" 25 25 "tangled.org/core/appview/reporesolver" 26 26 "tangled.org/core/appview/validator" 27 27 xrpcclient "tangled.org/core/appview/xrpcclient" ··· 30 30 "tangled.org/core/jetstream" 31 31 "tangled.org/core/log" 32 32 tlog "tangled.org/core/log" 33 33 + "tangled.org/core/orm" 33 34 "tangled.org/core/rbac" 34 35 "tangled.org/core/tid" 35 36 ··· 43 44 ) 44 45 45 46 type State struct { 46 46 - db *db.DB 47 47 - notifier notify.Notifier 48 48 - indexer *indexer.Indexer 49 49 - oauth *oauth.OAuth 50 50 - enforcer *rbac.Enforcer 51 51 - pages *pages.Pages 52 52 - idResolver *idresolver.Resolver 53 53 - refResolver *refresolver.Resolver 54 54 - posthog posthog.Client 55 55 - jc *jetstream.JetstreamClient 56 56 - config *config.Config 57 57 - repoResolver *reporesolver.RepoResolver 58 58 - knotstream *eventconsumer.Consumer 59 59 - spindlestream *eventconsumer.Consumer 60 60 - logger *slog.Logger 61 61 - validator *validator.Validator 47 47 + db *db.DB 48 48 + notifier notify.Notifier 49 49 + indexer *indexer.Indexer 50 50 + oauth *oauth.OAuth 51 51 + enforcer *rbac.Enforcer 52 52 + pages *pages.Pages 53 53 + idResolver *idresolver.Resolver 54 54 + mentionsResolver *mentions.Resolver 55 55 + posthog posthog.Client 56 56 + jc *jetstream.JetstreamClient 57 57 + config *config.Config 58 58 + repoResolver *reporesolver.RepoResolver 59 59 + knotstream *eventconsumer.Consumer 60 60 + spindlestream *eventconsumer.Consumer 61 61 + logger *slog.Logger 62 62 + validator *validator.Validator 62 63 } 63 64 64 65 func Make(ctx context.Context, config *config.Config) (*State, error) { ··· 100 101 101 102 repoResolver := reporesolver.New(config, enforcer, d) 102 103 103 103 - refResolver := refresolver.New(config, res, d, log.SubLogger(logger, "refResolver")) 104 104 + mentionsResolver := mentions.New(config, res, d, log.SubLogger(logger, "mentionsResolver")) 104 105 105 106 wrapper := db.DbWrapper{Execer: d} 106 107 jc, err := jetstream.NewJetstreamClient( ··· 182 183 enforcer, 183 184 pages, 184 185 res, 185 185 - refResolver, 186 186 + mentionsResolver, 186 187 posthog, 187 188 jc, 188 189 config, ··· 248 249 } 249 250 250 251 func (s *State) TermsOfService(w http.ResponseWriter, r *http.Request) { 251 251 - user := s.oauth.GetUser(r) 252 252 + user := s.oauth.GetMultiAccountUser(r) 252 253 s.pages.TermsOfService(w, pages.TermsOfServiceParams{ 253 254 LoggedInUser: user, 254 255 }) 255 256 } 256 257 257 258 func (s *State) PrivacyPolicy(w http.ResponseWriter, r *http.Request) { 258 258 - user := s.oauth.GetUser(r) 259 259 + user := s.oauth.GetMultiAccountUser(r) 259 260 s.pages.PrivacyPolicy(w, pages.PrivacyPolicyParams{ 260 261 LoggedInUser: user, 261 262 }) 262 263 } 263 264 264 265 func (s *State) Brand(w http.ResponseWriter, r *http.Request) { 265 265 - user := s.oauth.GetUser(r) 266 266 + user := s.oauth.GetMultiAccountUser(r) 266 267 s.pages.Brand(w, pages.BrandParams{ 267 268 LoggedInUser: user, 268 269 }) 269 270 } 270 271 271 272 func (s *State) HomeOrTimeline(w http.ResponseWriter, r *http.Request) { 272 272 - if s.oauth.GetUser(r) != nil { 273 273 + if s.oauth.GetMultiAccountUser(r) != nil { 273 274 s.Timeline(w, r) 274 275 return 275 276 } ··· 277 278 } 278 279 279 280 func (s *State) Timeline(w http.ResponseWriter, r *http.Request) { 280 280 - user := s.oauth.GetUser(r) 281 281 + user := s.oauth.GetMultiAccountUser(r) 281 282 282 283 // TODO: set this flag based on the UI 283 284 filtered := false 284 285 285 286 var userDid string 286 286 - if user != nil { 287 287 - userDid = user.Did 287 287 + if user != nil && user.Active != nil { 288 288 + userDid = user.Active.Did 288 289 } 289 290 timeline, err := db.MakeTimeline(s.db, 50, userDid, filtered) 290 291 if err != nil { ··· 299 300 return 300 301 } 301 302 302 302 - gfiLabel, err := db.GetLabelDefinition(s.db, db.FilterEq("at_uri", s.config.Label.GoodFirstIssue)) 303 303 + gfiLabel, err := db.GetLabelDefinition(s.db, orm.FilterEq("at_uri", s.config.Label.GoodFirstIssue)) 303 304 if err != nil { 304 305 // non-fatal 305 306 } ··· 313 314 } 314 315 315 316 func (s *State) UpgradeBanner(w http.ResponseWriter, r *http.Request) { 316 316 - user := s.oauth.GetUser(r) 317 317 + user := s.oauth.GetMultiAccountUser(r) 317 318 if user == nil { 318 319 return 319 320 } 320 321 321 322 l := s.logger.With("handler", "UpgradeBanner") 322 322 - l = l.With("did", user.Did) 323 323 + l = l.With("did", user.Active.Did) 323 324 324 325 regs, err := db.GetRegistrations( 325 326 s.db, 326 326 - db.FilterEq("did", user.Did), 327 327 - db.FilterEq("needs_upgrade", 1), 327 327 + orm.FilterEq("did", user.Active.Did), 328 328 + orm.FilterEq("needs_upgrade", 1), 328 329 ) 329 330 if err != nil { 330 331 l.Error("non-fatal: failed to get registrations", "err", err) ··· 332 333 333 334 spindles, err := db.GetSpindles( 334 335 s.db, 335 335 - db.FilterEq("owner", user.Did), 336 336 - db.FilterEq("needs_upgrade", 1), 336 336 + orm.FilterEq("owner", user.Active.Did), 337 337 + orm.FilterEq("needs_upgrade", 1), 337 338 ) 338 339 if err != nil { 339 340 l.Error("non-fatal: failed to get spindles", "err", err) ··· 446 447 func (s *State) NewRepo(w http.ResponseWriter, r *http.Request) { 447 448 switch r.Method { 448 449 case http.MethodGet: 449 449 - user := s.oauth.GetUser(r) 450 450 - knots, err := s.enforcer.GetKnotsForUser(user.Did) 450 450 + user := s.oauth.GetMultiAccountUser(r) 451 451 + knots, err := s.enforcer.GetKnotsForUser(user.Active.Did) 451 452 if err != nil { 452 453 s.pages.Notice(w, "repo", "Invalid user account.") 453 454 return ··· 461 462 case http.MethodPost: 462 463 l := s.logger.With("handler", "NewRepo") 463 464 464 464 - user := s.oauth.GetUser(r) 465 465 - l = l.With("did", user.Did) 465 465 + user := s.oauth.GetMultiAccountUser(r) 466 466 + l = l.With("did", user.Active.Did) 466 467 467 468 // form validation 468 469 domain := r.FormValue("domain") ··· 494 495 description := r.FormValue("description") 495 496 496 497 // ACL validation 497 497 - ok, err := s.enforcer.E.Enforce(user.Did, domain, domain, "repo:create") 498 498 + ok, err := s.enforcer.E.Enforce(user.Active.Did, domain, domain, "repo:create") 498 499 if err != nil || !ok { 499 500 l.Info("unauthorized") 500 501 s.pages.Notice(w, "repo", "You do not have permission to create a repo in this knot.") ··· 504 505 // Check for existing repos 505 506 existingRepo, err := db.GetRepo( 506 507 s.db, 507 507 - db.FilterEq("did", user.Did), 508 508 - db.FilterEq("name", repoName), 508 508 + orm.FilterEq("did", user.Active.Did), 509 509 + orm.FilterEq("name", repoName), 509 510 ) 510 511 if err == nil && existingRepo != nil { 511 512 l.Info("repo exists") ··· 516 517 // create atproto record for this repo 517 518 rkey := tid.TID() 518 519 repo := &models.Repo{ 519 519 - Did: user.Did, 520 520 + Did: user.Active.Did, 520 521 Name: repoName, 521 522 Knot: domain, 522 523 Rkey: rkey, ··· 535 536 536 537 atresp, err := comatproto.RepoPutRecord(r.Context(), atpClient, &comatproto.RepoPutRecord_Input{ 537 538 Collection: tangled.RepoNSID, 538 538 - Repo: user.Did, 539 539 + Repo: user.Active.Did, 539 540 Rkey: rkey, 540 541 Record: &lexutil.LexiconTypeDecoder{ 541 542 Val: &record, ··· 612 613 } 613 614 614 615 // acls 615 615 - p, _ := securejoin.SecureJoin(user.Did, repoName) 616 616 - err = s.enforcer.AddRepo(user.Did, domain, p) 616 616 + p, _ := securejoin.SecureJoin(user.Active.Did, repoName) 617 617 + err = s.enforcer.AddRepo(user.Active.Did, domain, p) 617 618 if err != nil { 618 619 l.Error("acl setup failed", "err", err) 619 620 s.pages.Notice(w, "repo", "Failed to set up repository permissions.") ··· 638 639 aturi = "" 639 640 640 641 s.notifier.NewRepo(r.Context(), repo) 641 641 - s.pages.HxLocation(w, fmt.Sprintf("/%s/%s", user.Did, repoName)) 642 642 + s.pages.HxLocation(w, fmt.Sprintf("/%s/%s", user.Active.Did, repoName)) 642 643 } 643 644 } 644 645 ··· 665 666 } 666 667 667 668 func BackfillDefaultDefs(e db.Execer, r *idresolver.Resolver, defaults []string) error { 668 668 - defaultLabels, err := db.GetLabelDefinitions(e, db.FilterIn("at_uri", defaults)) 669 669 + defaultLabels, err := db.GetLabelDefinitions(e, orm.FilterIn("at_uri", defaults)) 669 670 if err != nil { 670 671 return err 671 672 }

+25 -24

appview/strings/strings.go

··· 17 17 "tangled.org/core/appview/pages" 18 18 "tangled.org/core/appview/pages/markup" 19 19 "tangled.org/core/idresolver" 20 20 + "tangled.org/core/orm" 20 21 "tangled.org/core/tid" 21 22 22 23 "github.com/bluesky-social/indigo/api/atproto" ··· 81 82 } 82 83 83 84 s.Pages.StringsTimeline(w, pages.StringTimelineParams{ 84 84 - LoggedInUser: s.OAuth.GetUser(r), 85 85 + LoggedInUser: s.OAuth.GetMultiAccountUser(r), 85 86 Strings: strings, 86 87 }) 87 88 } ··· 108 109 strings, err := db.GetStrings( 109 110 s.Db, 110 111 0, 111 111 - db.FilterEq("did", id.DID), 112 112 - db.FilterEq("rkey", rkey), 112 112 + orm.FilterEq("did", id.DID), 113 113 + orm.FilterEq("rkey", rkey), 113 114 ) 114 115 if err != nil { 115 116 l.Error("failed to fetch string", "err", err) ··· 152 153 if err != nil { 153 154 l.Error("failed to get star count", "err", err) 154 155 } 155 155 - user := s.OAuth.GetUser(r) 156 156 + user := s.OAuth.GetMultiAccountUser(r) 156 157 isStarred := false 157 158 if user != nil { 158 158 - isStarred = db.GetStarStatus(s.Db, user.Did, string.AtUri()) 159 159 + isStarred = db.GetStarStatus(s.Db, user.Active.Did, string.AtUri()) 159 160 } 160 161 161 162 s.Pages.SingleString(w, pages.SingleStringParams{ ··· 177 178 func (s *Strings) edit(w http.ResponseWriter, r *http.Request) { 178 179 l := s.Logger.With("handler", "edit") 179 180 180 180 - user := s.OAuth.GetUser(r) 181 181 + user := s.OAuth.GetMultiAccountUser(r) 181 182 182 183 id, ok := r.Context().Value("resolvedId").(identity.Identity) 183 184 if !ok { ··· 199 200 all, err := db.GetStrings( 200 201 s.Db, 201 202 0, 202 202 - db.FilterEq("did", id.DID), 203 203 - db.FilterEq("rkey", rkey), 203 203 + orm.FilterEq("did", id.DID), 204 204 + orm.FilterEq("rkey", rkey), 204 205 ) 205 206 if err != nil { 206 207 l.Error("failed to fetch string", "err", err) ··· 215 216 first := all[0] 216 217 217 218 // verify that the logged in user owns this string 218 218 - if user.Did != id.DID.String() { 219 219 - l.Error("unauthorized request", "expected", id.DID, "got", user.Did) 219 219 + if user.Active.Did != id.DID.String() { 220 220 + l.Error("unauthorized request", "expected", id.DID, "got", user.Active.Did) 220 221 w.WriteHeader(http.StatusUnauthorized) 221 222 return 222 223 } ··· 225 226 case http.MethodGet: 226 227 // return the form with prefilled fields 227 228 s.Pages.PutString(w, pages.PutStringParams{ 228 228 - LoggedInUser: s.OAuth.GetUser(r), 229 229 + LoggedInUser: s.OAuth.GetMultiAccountUser(r), 229 230 Action: "edit", 230 231 String: first, 231 232 }) ··· 298 299 s.Notifier.EditString(r.Context(), &entry) 299 300 300 301 // if that went okay, redir to the string 301 301 - s.Pages.HxRedirect(w, "/strings/"+user.Did+"/"+entry.Rkey) 302 302 + s.Pages.HxRedirect(w, "/strings/"+user.Active.Did+"/"+entry.Rkey) 302 303 } 303 304 304 305 } 305 306 306 307 func (s *Strings) create(w http.ResponseWriter, r *http.Request) { 307 308 l := s.Logger.With("handler", "create") 308 308 - user := s.OAuth.GetUser(r) 309 309 + user := s.OAuth.GetMultiAccountUser(r) 309 310 310 311 switch r.Method { 311 312 case http.MethodGet: 312 313 s.Pages.PutString(w, pages.PutStringParams{ 313 313 - LoggedInUser: s.OAuth.GetUser(r), 314 314 + LoggedInUser: s.OAuth.GetMultiAccountUser(r), 314 315 Action: "new", 315 316 }) 316 317 case http.MethodPost: ··· 334 335 description := r.FormValue("description") 335 336 336 337 string := models.String{ 337 337 - Did: syntax.DID(user.Did), 338 338 + Did: syntax.DID(user.Active.Did), 338 339 Rkey: tid.TID(), 339 340 Filename: filename, 340 341 Description: description, ··· 352 353 353 354 resp, err := comatproto.RepoPutRecord(r.Context(), client, &atproto.RepoPutRecord_Input{ 354 355 Collection: tangled.StringNSID, 355 355 - Repo: user.Did, 356 356 + Repo: user.Active.Did, 356 357 Rkey: string.Rkey, 357 358 Record: &lexutil.LexiconTypeDecoder{ 358 359 Val: &record, ··· 374 375 s.Notifier.NewString(r.Context(), &string) 375 376 376 377 // successful 377 377 - s.Pages.HxRedirect(w, "/strings/"+user.Did+"/"+string.Rkey) 378 378 + s.Pages.HxRedirect(w, "/strings/"+user.Active.Did+"/"+string.Rkey) 378 379 } 379 380 } 380 381 381 382 func (s *Strings) delete(w http.ResponseWriter, r *http.Request) { 382 383 l := s.Logger.With("handler", "create") 383 383 - user := s.OAuth.GetUser(r) 384 384 + user := s.OAuth.GetMultiAccountUser(r) 384 385 fail := func(msg string, err error) { 385 386 l.Error(msg, "err", err) 386 387 s.Pages.Notice(w, "error", msg) ··· 401 402 return 402 403 } 403 404 404 404 - if user.Did != id.DID.String() { 405 405 - fail("You cannot delete this string", fmt.Errorf("unauthorized deletion, %s != %s", user.Did, id.DID.String())) 405 405 + if user.Active.Did != id.DID.String() { 406 406 + fail("You cannot delete this string", fmt.Errorf("unauthorized deletion, %s != %s", user.Active.Did, id.DID.String())) 406 407 return 407 408 } 408 409 409 410 if err := db.DeleteString( 410 411 s.Db, 411 411 - db.FilterEq("did", user.Did), 412 412 - db.FilterEq("rkey", rkey), 412 412 + orm.FilterEq("did", user.Active.Did), 413 413 + orm.FilterEq("rkey", rkey), 413 414 ); err != nil { 414 415 fail("Failed to delete string.", err) 415 416 return 416 417 } 417 418 418 418 - s.Notifier.DeleteString(r.Context(), user.Did, rkey) 419 419 + s.Notifier.DeleteString(r.Context(), user.Active.Did, rkey) 419 420 420 420 - s.Pages.HxRedirect(w, "/strings/"+user.Did) 421 421 + s.Pages.HxRedirect(w, "/strings/"+user.Active.Did) 421 422 } 422 423 423 424 func (s *Strings) comment(w http.ResponseWriter, r *http.Request) {

+2 -1

appview/validator/issue.go

··· 6 6 7 7 "tangled.org/core/appview/db" 8 8 "tangled.org/core/appview/models" 9 9 + "tangled.org/core/orm" 9 10 ) 10 11 11 12 func (v *Validator) ValidateIssueComment(comment *models.IssueComment) error { 12 13 // if comments have parents, only ingest ones that are 1 level deep 13 14 if comment.ReplyTo != nil { 14 14 - parents, err := db.GetIssueComments(v.db, db.FilterEq("at_uri", *comment.ReplyTo)) 15 15 + parents, err := db.GetIssueComments(v.db, orm.FilterEq("at_uri", *comment.ReplyTo)) 15 16 if err != nil { 16 17 return fmt.Errorf("failed to fetch parent comment: %w", err) 17 18 }

+6 -6

cmd/knot/main.go

··· 6 6 "os" 7 7 8 8 "github.com/urfave/cli/v3" 9 9 - "tangled.org/core/knot2/guard" 10 10 - "tangled.org/core/knot2/hook" 11 11 - "tangled.org/core/knot2/keys" 12 12 - "tangled.org/core/knot2/server" 9 9 + "tangled.org/core/guard" 10 10 + "tangled.org/core/hook" 11 11 + "tangled.org/core/keyfetch" 12 12 + "tangled.org/core/knotserver" 13 13 tlog "tangled.org/core/log" 14 14 ) 15 15 ··· 19 19 Usage: "knot administration and operation tool", 20 20 Commands: []*cli.Command{ 21 21 guard.Command(), 22 22 - server.Command(), 23 23 - keys.Command(), 22 22 + knotserver.Command(), 23 23 + keyfetch.Command(), 24 24 hook.Command(), 25 25 }, 26 26 }

+1527

docs/DOCS.md

··· 1 1 + --- 2 2 + title: Tangled docs 3 3 + author: The Tangled Contributors 4 4 + date: 21 Sun, Dec 2025 5 5 + abstract: | 6 6 + Tangled is a decentralized code hosting and collaboration 7 7 + platform. Every component of Tangled is open-source and 8 8 + self-hostable. [tangled.org](https://tangled.org) also 9 9 + provides hosting and CI services that are free to use. 10 10 + 11 11 + There are several models for decentralized code 12 12 + collaboration platforms, ranging from ActivityPub’s 13 13 + (Forgejo) federated model, to Radicle’s entirely P2P model. 14 14 + Our approach attempts to be the best of both worlds by 15 15 + adopting the AT Protocol—a protocol for building decentralized 16 16 + social applications with a central identity 17 17 + 18 18 + Our approach to this is the idea of “knots”. Knots are 19 19 + lightweight, headless servers that enable users to host Git 20 20 + repositories with ease. Knots are designed for either single 21 21 + or multi-tenant use which is perfect for self-hosting on a 22 22 + Raspberry Pi at home, or larger “community” servers. By 23 23 + default, Tangled provides managed knots where you can host 24 24 + your repositories for free. 25 25 + 26 26 + The appview at tangled.org acts as a consolidated "view" 27 27 + into the whole network, allowing users to access, clone and 28 28 + contribute to repositories hosted across different knots 29 29 + seamlessly. 30 30 + --- 31 31 + 32 32 + # Quick start guide 33 33 + 34 34 + ## Login or sign up 35 35 + 36 36 + You can [login](https://tangled.org) by using your AT Protocol 37 37 + account. If you are unclear on what that means, simply head 38 38 + to the [signup](https://tangled.org/signup) page and create 39 39 + an account. By doing so, you will be choosing Tangled as 40 40 + your account provider (you will be granted a handle of the 41 41 + form `user.tngl.sh`). 42 42 + 43 43 + In the AT Protocol network, users are free to choose their account 44 44 + provider (known as a "Personal Data Service", or PDS), and 45 45 + login to applications that support AT accounts. 46 46 + 47 47 + You can think of it as "one account for all of the atmosphere"! 48 48 + 49 49 + If you already have an AT account (you may have one if you 50 50 + signed up to Bluesky, for example), you can login with the 51 51 + same handle on Tangled (so just use `user.bsky.social` on 52 52 + the login page). 53 53 + 54 54 + ## Add an SSH key 55 55 + 56 56 + Once you are logged in, you can start creating repositories 57 57 + and pushing code. Tangled supports pushing git repositories 58 58 + over SSH. 59 59 + 60 60 + First, you'll need to generate an SSH key if you don't 61 61 + already have one: 62 62 + 63 63 + ```bash 64 64 + ssh-keygen -t ed25519 -C "foo@bar.com" 65 65 + ``` 66 66 + 67 67 + When prompted, save the key to the default location 68 68 + (`~/.ssh/id_ed25519`) and optionally set a passphrase. 69 69 + 70 70 + Copy your public key to your clipboard: 71 71 + 72 72 + ```bash 73 73 + # on X11 74 74 + cat ~/.ssh/id_ed25519.pub | xclip -sel c 75 75 + 76 76 + # on wayland 77 77 + cat ~/.ssh/id_ed25519.pub | wl-copy 78 78 + 79 79 + # on macos 80 80 + cat ~/.ssh/id_ed25519.pub | pbcopy 81 81 + ``` 82 82 + 83 83 + Now, navigate to 'Settings' -> 'Keys' and hit 'Add Key', 84 84 + paste your public key, give it a descriptive name, and hit 85 85 + save. 86 86 + 87 87 + ## Create a repository 88 88 + 89 89 + Once your SSH key is added, create your first repository: 90 90 + 91 91 + 1. Hit the green `+` icon on the topbar, and select 92 92 + repository 93 93 + 2. Enter a repository name 94 94 + 3. Add a description 95 95 + 4. Choose a knotserver to host this repository on 96 96 + 5. Hit create 97 97 + 98 98 + Knots are self-hostable, lightweight Git servers that can 99 99 + host your repository. Unlike traditional code forges, your 100 100 + code can live on any server. Read the [Knots](TODO) section 101 101 + for more. 102 102 + 103 103 + ## Configure SSH 104 104 + 105 105 + To ensure Git uses the correct SSH key and connects smoothly 106 106 + to Tangled, add this configuration to your `~/.ssh/config` 107 107 + file: 108 108 + 109 109 + ``` 110 110 + Host tangled.org 111 111 + Hostname tangled.org 112 112 + User git 113 113 + IdentityFile ~/.ssh/id_ed25519 114 114 + AddressFamily inet 115 115 + ``` 116 116 + 117 117 + This tells SSH to use your specific key when connecting to 118 118 + Tangled and prevents authentication issues if you have 119 119 + multiple SSH keys. 120 120 + 121 121 + Note that this configuration only works for knotservers that 122 122 + are hosted by tangled.org. If you use a custom knot, refer 123 123 + to the [Knots](TODO) section. 124 124 + 125 125 + ## Push your first repository 126 126 + 127 127 + Initialize a new Git repository: 128 128 + 129 129 + ```bash 130 130 + mkdir my-project 131 131 + cd my-project 132 132 + 133 133 + git init 134 134 + echo "# My Project" > README.md 135 135 + ``` 136 136 + 137 137 + Add some content and push! 138 138 + 139 139 + ```bash 140 140 + git add README.md 141 141 + git commit -m "Initial commit" 142 142 + git remote add origin git@tangled.org:user.tngl.sh/my-project 143 143 + git push -u origin main 144 144 + ``` 145 145 + 146 146 + That's it! Your code is now hosted on Tangled. 147 147 + 148 148 + ## Migrating an existing repository 149 149 + 150 150 + Moving your repositories from GitHub, GitLab, Bitbucket, or 151 151 + any other Git forge to Tangled is straightforward. You'll 152 152 + simply change your repository's remote URL. At the moment, 153 153 + Tangled does not have any tooling to migrate data such as 154 154 + GitHub issues or pull requests. 155 155 + 156 156 + First, create a new repository on tangled.org as described 157 157 + in the [Quick Start Guide](#create-a-repository). 158 158 + 159 159 + Navigate to your existing local repository: 160 160 + 161 161 + ```bash 162 162 + cd /path/to/your/existing/repo 163 163 + ``` 164 164 + 165 165 + You can inspect your existing Git remote like so: 166 166 + 167 167 + ```bash 168 168 + git remote -v 169 169 + ``` 170 170 + 171 171 + You'll see something like: 172 172 + 173 173 + ``` 174 174 + origin git@github.com:username/my-project (fetch) 175 175 + origin git@github.com:username/my-project (push) 176 176 + ``` 177 177 + 178 178 + Update the remote URL to point to tangled: 179 179 + 180 180 + ```bash 181 181 + git remote set-url origin git@tangled.org:user.tngl.sh/my-project 182 182 + ``` 183 183 + 184 184 + Verify the change: 185 185 + 186 186 + ```bash 187 187 + git remote -v 188 188 + ``` 189 189 + 190 190 + You should now see: 191 191 + 192 192 + ``` 193 193 + origin git@tangled.org:user.tngl.sh/my-project (fetch) 194 194 + origin git@tangled.org:user.tngl.sh/my-project (push) 195 195 + ``` 196 196 + 197 197 + Push all your branches and tags to Tangled: 198 198 + 199 199 + ```bash 200 200 + git push -u origin --all 201 201 + git push -u origin --tags 202 202 + ``` 203 203 + 204 204 + Your repository is now migrated to Tangled! All commit 205 205 + history, branches, and tags have been preserved. 206 206 + 207 207 + ## Mirroring a repository to Tangled 208 208 + 209 209 + If you want to maintain your repository on multiple forges 210 210 + simultaneously, for example, keeping your primary repository 211 211 + on GitHub while mirroring to Tangled for backup or 212 212 + redundancy, you can do so by adding multiple remotes. 213 213 + 214 214 + You can configure your local repository to push to both 215 215 + Tangled and, say, GitHub. You may already have the following 216 216 + setup: 217 217 + 218 218 + ``` 219 219 + $ git remote -v 220 220 + origin git@github.com:username/my-project (fetch) 221 221 + origin git@github.com:username/my-project (push) 222 222 + ``` 223 223 + 224 224 + Now add Tangled as an additional push URL to the same 225 225 + remote: 226 226 + 227 227 + ```bash 228 228 + git remote set-url --add --push origin git@tangled.org:user.tngl.sh/my-project 229 229 + ``` 230 230 + 231 231 + You also need to re-add the original URL as a push 232 232 + destination (Git replaces the push URL when you use `--add` 233 233 + the first time): 234 234 + 235 235 + ```bash 236 236 + git remote set-url --add --push origin git@github.com:username/my-project 237 237 + ``` 238 238 + 239 239 + Verify your configuration: 240 240 + 241 241 + ``` 242 242 + $ git remote -v 243 243 + origin git@github.com:username/repo (fetch) 244 244 + origin git@tangled.org:username/my-project (push) 245 245 + origin git@github.com:username/repo (push) 246 246 + ``` 247 247 + 248 248 + Notice that there's one fetch URL (the primary remote) and 249 249 + two push URLs. Now, whenever you push, Git will 250 250 + automatically push to both remotes: 251 251 + 252 252 + ```bash 253 253 + git push origin main 254 254 + ``` 255 255 + 256 256 + This single command pushes your `main` branch to both GitHub 257 257 + and Tangled simultaneously. 258 258 + 259 259 + To push all branches and tags: 260 260 + 261 261 + ```bash 262 262 + git push origin --all 263 263 + git push origin --tags 264 264 + ``` 265 265 + 266 266 + If you prefer more control over which remote you push to, 267 267 + you can maintain separate remotes: 268 268 + 269 269 + ```bash 270 270 + git remote add github git@github.com:username/my-project 271 271 + git remote add tangled git@tangled.org:username/my-project 272 272 + ``` 273 273 + 274 274 + Then push to each explicitly: 275 275 + 276 276 + ```bash 277 277 + git push github main 278 278 + git push tangled main 279 279 + ``` 280 280 + 281 281 + # Knot self-hosting guide 282 282 + 283 283 + So you want to run your own knot server? Great! Here are a few prerequisites: 284 284 + 285 285 + 1. A server of some kind (a VPS, a Raspberry Pi, etc.). Preferably running a Linux distribution of some kind. 286 286 + 2. A (sub)domain name. People generally use `knot.example.com`. 287 287 + 3. A valid SSL certificate for your domain. 288 288 + 289 289 + ## NixOS 290 290 + 291 291 + Refer to the [knot 292 292 + module](https://tangled.org/tangled.org/core/blob/master/nix/modules/knot.nix) 293 293 + for a full list of options. Sample configurations: 294 294 + 295 295 + - [The test VM](https://tangled.org/tangled.org/core/blob/master/nix/vm.nix#L85) 296 296 + - [@pyrox.dev/nix](https://tangled.org/pyrox.dev/nix/blob/d19571cc1b5fe01035e1e6951ec8cf8a476b4dee/hosts/marvin/services/tangled.nix#L15-25) 297 297 + 298 298 + ## Docker 299 299 + 300 300 + Refer to 301 301 + [@tangled.org/knot-docker](https://tangled.org/@tangled.org/knot-docker). 302 302 + Note that this is community maintained. 303 303 + 304 304 + ## Manual setup 305 305 + 306 306 + First, clone this repository: 307 307 + 308 308 + ``` 309 309 + git clone https://tangled.org/@tangled.org/core 310 310 + ``` 311 311 + 312 312 + Then, build the `knot` CLI. This is the knot administration 313 313 + and operation tool. For the purpose of this guide, we're 314 314 + only concerned with these subcommands: 315 315 + 316 316 + * `knot server`: the main knot server process, typically 317 317 + run as a supervised service 318 318 + * `knot guard`: handles role-based access control for git 319 319 + over SSH (you'll never have to run this yourself) 320 320 + * `knot keys`: fetches SSH keys associated with your knot; 321 321 + we'll use this to generate the SSH 322 322 + `AuthorizedKeysCommand` 323 323 + 324 324 + ``` 325 325 + cd core 326 326 + export CGO_ENABLED=1 327 327 + go build -o knot ./cmd/knot 328 328 + ``` 329 329 + 330 330 + Next, move the `knot` binary to a location owned by `root` -- 331 331 + `/usr/local/bin/` is a good choice. Make sure the binary itself is also owned by `root`: 332 332 + 333 333 + ``` 334 334 + sudo mv knot /usr/local/bin/knot 335 335 + sudo chown root:root /usr/local/bin/knot 336 336 + ``` 337 337 + 338 338 + This is necessary because SSH `AuthorizedKeysCommand` requires [really 339 339 + specific permissions](https://stackoverflow.com/a/27638306). The 340 340 + `AuthorizedKeysCommand` specifies a command that is run by `sshd` to 341 341 + retrieve a user's public SSH keys dynamically for authentication. Let's 342 342 + set that up. 343 343 + 344 344 + ``` 345 345 + sudo tee /etc/ssh/sshd_config.d/authorized_keys_command.conf <<EOF 346 346 + Match User git 347 347 + AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys 348 348 + AuthorizedKeysCommandUser nobody 349 349 + EOF 350 350 + ``` 351 351 + 352 352 + Then, reload `sshd`: 353 353 + 354 354 + ``` 355 355 + sudo systemctl reload ssh 356 356 + ``` 357 357 + 358 358 + Next, create the `git` user. We'll use the `git` user's home directory 359 359 + to store repositories: 360 360 + 361 361 + ``` 362 362 + sudo adduser git 363 363 + ``` 364 364 + 365 365 + Create `/home/git/.knot.env` with the following, updating the values as 366 366 + necessary. The `KNOT_SERVER_OWNER` should be set to your 367 367 + DID, you can find your DID in the [Settings](https://tangled.sh/settings) page. 368 368 + 369 369 + ``` 370 370 + KNOT_REPO_SCAN_PATH=/home/git 371 371 + KNOT_SERVER_HOSTNAME=knot.example.com 372 372 + APPVIEW_ENDPOINT=https://tangled.org 373 373 + KNOT_SERVER_OWNER=did:plc:foobar 374 374 + KNOT_SERVER_INTERNAL_LISTEN_ADDR=127.0.0.1:5444 375 375 + KNOT_SERVER_LISTEN_ADDR=127.0.0.1:5555 376 376 + ``` 377 377 + 378 378 + If you run a Linux distribution that uses systemd, you can use the provided 379 379 + service file to run the server. Copy 380 380 + [`knotserver.service`](/systemd/knotserver.service) 381 381 + to `/etc/systemd/system/`. Then, run: 382 382 + 383 383 + ``` 384 384 + systemctl enable knotserver 385 385 + systemctl start knotserver 386 386 + ``` 387 387 + 388 388 + The last step is to configure a reverse proxy like Nginx or Caddy to front your 389 389 + knot. Here's an example configuration for Nginx: 390 390 + 391 391 + ``` 392 392 + server { 393 393 + listen 80; 394 394 + listen [::]:80; 395 395 + server_name knot.example.com; 396 396 + 397 397 + location / { 398 398 + proxy_pass http://localhost:5555; 399 399 + proxy_set_header Host $host; 400 400 + proxy_set_header X-Real-IP $remote_addr; 401 401 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 402 402 + proxy_set_header X-Forwarded-Proto $scheme; 403 403 + } 404 404 + 405 405 + # wss endpoint for git events 406 406 + location /events { 407 407 + proxy_set_header X-Forwarded-For $remote_addr; 408 408 + proxy_set_header Host $http_host; 409 409 + proxy_set_header Upgrade websocket; 410 410 + proxy_set_header Connection Upgrade; 411 411 + proxy_pass http://localhost:5555; 412 412 + } 413 413 + # additional config for SSL/TLS go here. 414 414 + } 415 415 + 416 416 + ``` 417 417 + 418 418 + Remember to use Let's Encrypt or similar to procure a certificate for your 419 419 + knot domain. 420 420 + 421 421 + You should now have a running knot server! You can finalize 422 422 + your registration by hitting the `verify` button on the 423 423 + [/settings/knots](https://tangled.org/settings/knots) page. This simply creates 424 424 + a record on your PDS to announce the existence of the knot. 425 425 + 426 426 + ### Custom paths 427 427 + 428 428 + (This section applies to manual setup only. Docker users should edit the mounts 429 429 + in `docker-compose.yml` instead.) 430 430 + 431 431 + Right now, the database and repositories of your knot lives in `/home/git`. You 432 432 + can move these paths if you'd like to store them in another folder. Be careful 433 433 + when adjusting these paths: 434 434 + 435 435 + * Stop your knot when moving data (e.g. `systemctl stop knotserver`) to prevent 436 436 + any possible side effects. Remember to restart it once you're done. 437 437 + * Make backups before moving in case something goes wrong. 438 438 + * Make sure the `git` user can read and write from the new paths. 439 439 + 440 440 + #### Database 441 441 + 442 442 + As an example, let's say the current database is at `/home/git/knotserver.db`, 443 443 + and we want to move it to `/home/git/database/knotserver.db`. 444 444 + 445 445 + Copy the current database to the new location. Make sure to copy the `.db-shm` 446 446 + and `.db-wal` files if they exist. 447 447 + 448 448 + ``` 449 449 + mkdir /home/git/database 450 450 + cp /home/git/knotserver.db* /home/git/database 451 451 + ``` 452 452 + 453 453 + In the environment (e.g. `/home/git/.knot.env`), set `KNOT_SERVER_DB_PATH` to 454 454 + the new file path (_not_ the directory): 455 455 + 456 456 + ``` 457 457 + KNOT_SERVER_DB_PATH=/home/git/database/knotserver.db 458 458 + ``` 459 459 + 460 460 + #### Repositories 461 461 + 462 462 + As an example, let's say the repositories are currently in `/home/git`, and we 463 463 + want to move them into `/home/git/repositories`. 464 464 + 465 465 + Create the new folder, then move the existing repositories (if there are any): 466 466 + 467 467 + ``` 468 468 + mkdir /home/git/repositories 469 469 + # move all DIDs into the new folder; these will vary for you! 470 470 + mv /home/git/did:plc:wshs7t2adsemcrrd4snkeqli /home/git/repositories 471 471 + ``` 472 472 + 473 473 + In the environment (e.g. `/home/git/.knot.env`), update `KNOT_REPO_SCAN_PATH` 474 474 + to the new directory: 475 475 + 476 476 + ``` 477 477 + KNOT_REPO_SCAN_PATH=/home/git/repositories 478 478 + ``` 479 479 + 480 480 + Similarly, update your `sshd` `AuthorizedKeysCommand` to use the updated 481 481 + repository path: 482 482 + 483 483 + ``` 484 484 + sudo tee /etc/ssh/sshd_config.d/authorized_keys_command.conf <<EOF 485 485 + Match User git 486 486 + AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys -git-dir /home/git/repositories 487 487 + AuthorizedKeysCommandUser nobody 488 488 + EOF 489 489 + ``` 490 490 + 491 491 + Make sure to restart your SSH server! 492 492 + 493 493 + #### MOTD (message of the day) 494 494 + 495 495 + To configure the MOTD used ("Welcome to this knot!" by default), edit the 496 496 + `/home/git/motd` file: 497 497 + 498 498 + ``` 499 499 + printf "Hi from this knot!\n" > /home/git/motd 500 500 + ``` 501 501 + 502 502 + Note that you should add a newline at the end if setting a non-empty message 503 503 + since the knot won't do this for you. 504 504 + 505 505 + # Spindles 506 506 + 507 507 + ## Pipelines 508 508 + 509 509 + Spindle workflows allow you to write CI/CD pipelines in a 510 510 + simple format. They're located in the `.tangled/workflows` 511 511 + directory at the root of your repository, and are defined 512 512 + using YAML. 513 513 + 514 514 + The fields are: 515 515 + 516 516 + - [Trigger](#trigger): A **required** field that defines 517 517 + when a workflow should be triggered. 518 518 + - [Engine](#engine): A **required** field that defines which 519 519 + engine a workflow should run on. 520 520 + - [Clone options](#clone-options): An **optional** field 521 521 + that defines how the repository should be cloned. 522 522 + - [Dependencies](#dependencies): An **optional** field that 523 523 + allows you to list dependencies you may need. 524 524 + - [Environment](#environment): An **optional** field that 525 525 + allows you to define environment variables. 526 526 + - [Steps](#steps): An **optional** field that allows you to 527 527 + define what steps should run in the workflow. 528 528 + 529 529 + ### Trigger 530 530 + 531 531 + The first thing to add to a workflow is the trigger, which 532 532 + defines when a workflow runs. This is defined using a `when` 533 533 + field, which takes in a list of conditions. Each condition 534 534 + has the following fields: 535 535 + 536 536 + - `event`: This is a **required** field that defines when 537 537 + your workflow should run. It's a list that can take one or 538 538 + more of the following values: 539 539 + - `push`: The workflow should run every time a commit is 540 540 + pushed to the repository. 541 541 + - `pull_request`: The workflow should run every time a 542 542 + pull request is made or updated. 543 543 + - `manual`: The workflow can be triggered manually. 544 544 + - `branch`: Defines which branches the workflow should run 545 545 + for. If used with the `push` event, commits to the 546 546 + branch(es) listed here will trigger the workflow. If used 547 547 + with the `pull_request` event, updates to pull requests 548 548 + targeting the branch(es) listed here will trigger the 549 549 + workflow. This field has no effect with the `manual` 550 550 + event. Supports glob patterns using `*` and `**` (e.g., 551 551 + `main`, `develop`, `release-*`). Either `branch` or `tag` 552 552 + (or both) must be specified for `push` events. 553 553 + - `tag`: Defines which tags the workflow should run for. 554 554 + Only used with the `push` event - when tags matching the 555 555 + pattern(s) listed here are pushed, the workflow will 556 556 + trigger. This field has no effect with `pull_request` or 557 557 + `manual` events. Supports glob patterns using `*` and `**` 558 558 + (e.g., `v*`, `v1.*`, `release-**`). Either `branch` or 559 559 + `tag` (or both) must be specified for `push` events. 560 560 + 561 561 + For example, if you'd like to define a workflow that runs 562 562 + when commits are pushed to the `main` and `develop` 563 563 + branches, or when pull requests that target the `main` 564 564 + branch are updated, or manually, you can do so with: 565 565 + 566 566 + ```yaml 567 567 + when: 568 568 + - event: ["push", "manual"] 569 569 + branch: ["main", "develop"] 570 570 + - event: ["pull_request"] 571 571 + branch: ["main"] 572 572 + ``` 573 573 + 574 574 + You can also trigger workflows on tag pushes. For instance, 575 575 + to run a deployment workflow when tags matching `v*` are 576 576 + pushed: 577 577 + 578 578 + ```yaml 579 579 + when: 580 580 + - event: ["push"] 581 581 + tag: ["v*"] 582 582 + ``` 583 583 + 584 584 + You can even combine branch and tag patterns in a single 585 585 + constraint (the workflow triggers if either matches): 586 586 + 587 587 + ```yaml 588 588 + when: 589 589 + - event: ["push"] 590 590 + branch: ["main", "release-*"] 591 591 + tag: ["v*", "stable"] 592 592 + ``` 593 593 + 594 594 + ### Engine 595 595 + 596 596 + Next is the engine on which the workflow should run, defined 597 597 + using the **required** `engine` field. The currently 598 598 + supported engines are: 599 599 + 600 600 + - `nixery`: This uses an instance of 601 601 + [Nixery](https://nixery.dev) to run steps, which allows 602 602 + you to add [dependencies](#dependencies) from 603 603 + Nixpkgs (https://github.com/NixOS/nixpkgs). You can 604 604 + search for packages on https://search.nixos.org, and 605 605 + there's a pretty good chance the package(s) you're looking 606 606 + for will be there. 607 607 + 608 608 + Example: 609 609 + 610 610 + ```yaml 611 611 + engine: "nixery" 612 612 + ``` 613 613 + 614 614 + ### Clone options 615 615 + 616 616 + When a workflow starts, the first step is to clone the 617 617 + repository. You can customize this behavior using the 618 618 + **optional** `clone` field. It has the following fields: 619 619 + 620 620 + - `skip`: Setting this to `true` will skip cloning the 621 621 + repository. This can be useful if your workflow is doing 622 622 + something that doesn't require anything from the 623 623 + repository itself. This is `false` by default. 624 624 + - `depth`: This sets the number of commits, or the "clone 625 625 + depth", to fetch from the repository. For example, if you 626 626 + set this to 2, the last 2 commits will be fetched. By 627 627 + default, the depth is set to 1, meaning only the most 628 628 + recent commit will be fetched, which is the commit that 629 629 + triggered the workflow. 630 630 + - `submodules`: If you use Git submodules 631 631 + (https://git-scm.com/book/en/v2/Git-Tools-Submodules) 632 632 + in your repository, setting this field to `true` will 633 633 + recursively fetch all submodules. This is `false` by 634 634 + default. 635 635 + 636 636 + The default settings are: 637 637 + 638 638 + ```yaml 639 639 + clone: 640 640 + skip: false 641 641 + depth: 1 642 642 + submodules: false 643 643 + ``` 644 644 + 645 645 + ### Dependencies 646 646 + 647 647 + Usually when you're running a workflow, you'll need 648 648 + additional dependencies. The `dependencies` field lets you 649 649 + define which dependencies to get, and from where. It's a 650 650 + key-value map, with the key being the registry to fetch 651 651 + dependencies from, and the value being the list of 652 652 + dependencies to fetch. 653 653 + 654 654 + Say you want to fetch Node.js and Go from `nixpkgs`, and a 655 655 + package called `my_pkg` you've made from your own registry 656 656 + at your repository at 657 657 + `https://tangled.org/@example.com/my_pkg`. You can define 658 658 + those dependencies like so: 659 659 + 660 660 + ```yaml 661 661 + dependencies: 662 662 + # nixpkgs 663 663 + nixpkgs: 664 664 + - nodejs 665 665 + - go 666 666 + # custom registry 667 667 + git+https://tangled.org/@example.com/my_pkg: 668 668 + - my_pkg 669 669 + ``` 670 670 + 671 671 + Now these dependencies are available to use in your 672 672 + workflow! 673 673 + 674 674 + ### Environment 675 675 + 676 676 + The `environment` field allows you define environment 677 677 + variables that will be available throughout the entire 678 678 + workflow. **Do not put secrets here, these environment 679 679 + variables are visible to anyone viewing the repository. You 680 680 + can add secrets for pipelines in your repository's 681 681 + settings.** 682 682 + 683 683 + Example: 684 684 + 685 685 + ```yaml 686 686 + environment: 687 687 + GOOS: "linux" 688 688 + GOARCH: "arm64" 689 689 + NODE_ENV: "production" 690 690 + MY_ENV_VAR: "MY_ENV_VALUE" 691 691 + ``` 692 692 + 693 693 + ### Steps 694 694 + 695 695 + The `steps` field allows you to define what steps should run 696 696 + in the workflow. It's a list of step objects, each with the 697 697 + following fields: 698 698 + 699 699 + - `name`: This field allows you to give your step a name. 700 700 + This name is visible in your workflow runs, and is used to 701 701 + describe what the step is doing. 702 702 + - `command`: This field allows you to define a command to 703 703 + run in that step. The step is run in a Bash shell, and the 704 704 + logs from the command will be visible in the pipelines 705 705 + page on the Tangled website. The 706 706 + [dependencies](#dependencies) you added will be available 707 707 + to use here. 708 708 + - `environment`: Similar to the global 709 709 + [environment](#environment) config, this **optional** 710 710 + field is a key-value map that allows you to set 711 711 + environment variables for the step. **Do not put secrets 712 712 + here, these environment variables are visible to anyone 713 713 + viewing the repository. You can add secrets for pipelines 714 714 + in your repository's settings.** 715 715 + 716 716 + Example: 717 717 + 718 718 + ```yaml 719 719 + steps: 720 720 + - name: "Build backend" 721 721 + command: "go build" 722 722 + environment: 723 723 + GOOS: "darwin" 724 724 + GOARCH: "arm64" 725 725 + - name: "Build frontend" 726 726 + command: "npm run build" 727 727 + environment: 728 728 + NODE_ENV: "production" 729 729 + ``` 730 730 + 731 731 + ### Complete workflow 732 732 + 733 733 + ```yaml 734 734 + # .tangled/workflows/build.yml 735 735 + 736 736 + when: 737 737 + - event: ["push", "manual"] 738 738 + branch: ["main", "develop"] 739 739 + - event: ["pull_request"] 740 740 + branch: ["main"] 741 741 + 742 742 + engine: "nixery" 743 743 + 744 744 + # using the default values 745 745 + clone: 746 746 + skip: false 747 747 + depth: 1 748 748 + submodules: false 749 749 + 750 750 + dependencies: 751 751 + # nixpkgs 752 752 + nixpkgs: 753 753 + - nodejs 754 754 + - go 755 755 + # custom registry 756 756 + git+https://tangled.org/@example.com/my_pkg: 757 757 + - my_pkg 758 758 + 759 759 + environment: 760 760 + GOOS: "linux" 761 761 + GOARCH: "arm64" 762 762 + NODE_ENV: "production" 763 763 + MY_ENV_VAR: "MY_ENV_VALUE" 764 764 + 765 765 + steps: 766 766 + - name: "Build backend" 767 767 + command: "go build" 768 768 + environment: 769 769 + GOOS: "darwin" 770 770 + GOARCH: "arm64" 771 771 + - name: "Build frontend" 772 772 + command: "npm run build" 773 773 + environment: 774 774 + NODE_ENV: "production" 775 775 + ``` 776 776 + 777 777 + If you want another example of a workflow, you can look at 778 778 + the one [Tangled uses to build the 779 779 + project](https://tangled.org/@tangled.org/core/blob/master/.tangled/workflows/build.yml). 780 780 + 781 781 + ## Self-hosting guide 782 782 + 783 783 + ### Prerequisites 784 784 + 785 785 + * Go 786 786 + * Docker (the only supported backend currently) 787 787 + 788 788 + ### Configuration 789 789 + 790 790 + Spindle is configured using environment variables. The following environment variables are available: 791 791 + 792 792 + * `SPINDLE_SERVER_LISTEN_ADDR`: The address the server listens on (default: `"0.0.0.0:6555"`). 793 793 + * `SPINDLE_SERVER_DB_PATH`: The path to the SQLite database file (default: `"spindle.db"`). 794 794 + * `SPINDLE_SERVER_HOSTNAME`: The hostname of the server (required). 795 795 + * `SPINDLE_SERVER_JETSTREAM_ENDPOINT`: The endpoint of the Jetstream server (default: `"wss://jetstream1.us-west.bsky.network/subscribe"`). 796 796 + * `SPINDLE_SERVER_DEV`: A boolean indicating whether the server is running in development mode (default: `false`). 797 797 + * `SPINDLE_SERVER_OWNER`: The DID of the owner (required). 798 798 + * `SPINDLE_PIPELINES_NIXERY`: The Nixery URL (default: `"nixery.tangled.sh"`). 799 799 + * `SPINDLE_PIPELINES_WORKFLOW_TIMEOUT`: The default workflow timeout (default: `"5m"`). 800 800 + * `SPINDLE_PIPELINES_LOG_DIR`: The directory to store workflow logs (default: `"/var/log/spindle"`). 801 801 + 802 802 + ### Running spindle 803 803 + 804 804 + 1. **Set the environment variables.** For example: 805 805 + 806 806 + ```shell 807 807 + export SPINDLE_SERVER_HOSTNAME="your-hostname" 808 808 + export SPINDLE_SERVER_OWNER="your-did" 809 809 + ``` 810 810 + 811 811 + 2. **Build the Spindle binary.** 812 812 + 813 813 + ```shell 814 814 + cd core 815 815 + go mod download 816 816 + go build -o cmd/spindle/spindle cmd/spindle/main.go 817 817 + ``` 818 818 + 819 819 + 3. **Create the log directory.** 820 820 + 821 821 + ```shell 822 822 + sudo mkdir -p /var/log/spindle 823 823 + sudo chown $USER:$USER -R /var/log/spindle 824 824 + ``` 825 825 + 826 826 + 4. **Run the Spindle binary.** 827 827 + 828 828 + ```shell 829 829 + ./cmd/spindle/spindle 830 830 + ``` 831 831 + 832 832 + Spindle will now start, connect to the Jetstream server, and begin processing pipelines. 833 833 + 834 834 + ## Architecture 835 835 + 836 836 + Spindle is a small CI runner service. Here's a high-level overview of how it operates: 837 837 + 838 838 + * Listens for [`sh.tangled.spindle.member`](/lexicons/spindle/member.json) and 839 839 + [`sh.tangled.repo`](/lexicons/repo.json) records on the Jetstream. 840 840 + * When a new repo record comes through (typically when you add a spindle to a 841 841 + repo from the settings), spindle then resolves the underlying knot and 842 842 + subscribes to repo events (see: 843 843 + [`sh.tangled.pipeline`](/lexicons/pipeline.json)). 844 844 + * The spindle engine then handles execution of the pipeline, with results and 845 845 + logs beamed on the spindle event stream over WebSocket 846 846 + 847 847 + ### The engine 848 848 + 849 849 + At present, the only supported backend is Docker (and Podman, if Docker 850 850 + compatibility is enabled, so that `/run/docker.sock` is created). spindle 851 851 + executes each step in the pipeline in a fresh container, with state persisted 852 852 + across steps within the `/tangled/workspace` directory. 853 853 + 854 854 + The base image for the container is constructed on the fly using 855 855 + [Nixery](https://nixery.dev), which is handy for caching layers for frequently 856 856 + used packages. 857 857 + 858 858 + The pipeline manifest is [specified here](https://docs.tangled.org/spindles.html#pipelines). 859 859 + 860 860 + ## Secrets with openbao 861 861 + 862 862 + This document covers setting up spindle to use OpenBao for secrets 863 863 + management via OpenBao Proxy instead of the default SQLite backend. 864 864 + 865 865 + ### Overview 866 866 + 867 867 + Spindle now uses OpenBao Proxy for secrets management. The proxy handles 868 868 + authentication automatically using AppRole credentials, while spindle 869 869 + connects to the local proxy instead of directly to the OpenBao server. 870 870 + 871 871 + This approach provides better security, automatic token renewal, and 872 872 + simplified application code. 873 873 + 874 874 + ### Installation 875 875 + 876 876 + Install OpenBao from Nixpkgs: 877 877 + 878 878 + ```bash 879 879 + nix shell nixpkgs#openbao # for a local server 880 880 + ``` 881 881 + 882 882 + ### Setup 883 883 + 884 884 + The setup process can is documented for both local development and production. 885 885 + 886 886 + #### Local development 887 887 + 888 888 + Start OpenBao in dev mode: 889 889 + 890 890 + ```bash 891 891 + bao server -dev -dev-root-token-id="root" -dev-listen-address=127.0.0.1:8201 892 892 + ``` 893 893 + 894 894 + This starts OpenBao on `http://localhost:8201` with a root token. 895 895 + 896 896 + Set up environment for bao CLI: 897 897 + 898 898 + ```bash 899 899 + export BAO_ADDR=http://localhost:8200 900 900 + export BAO_TOKEN=root 901 901 + ``` 902 902 + 903 903 + #### Production 904 904 + 905 905 + You would typically use a systemd service with a 906 906 + configuration file. Refer to 907 907 + [@tangled.org/infra](https://tangled.org/@tangled.org/infra) 908 908 + for how this can be achieved using Nix. 909 909 + 910 910 + Then, initialize the bao server: 911 911 + 912 912 + ```bash 913 913 + bao operator init -key-shares=1 -key-threshold=1 914 914 + ``` 915 915 + 916 916 + This will print out an unseal key and a root key. Save them 917 917 + somewhere (like a password manager). Then unseal the vault 918 918 + to begin setting it up: 919 919 + 920 920 + ```bash 921 921 + bao operator unseal <unseal_key> 922 922 + ``` 923 923 + 924 924 + All steps below remain the same across both dev and 925 925 + production setups. 926 926 + 927 927 + #### Configure openbao server 928 928 + 929 929 + Create the spindle KV mount: 930 930 + 931 931 + ```bash 932 932 + bao secrets enable -path=spindle -version=2 kv 933 933 + ``` 934 934 + 935 935 + Set up AppRole authentication and policy: 936 936 + 937 937 + Create a policy file `spindle-policy.hcl`: 938 938 + 939 939 + ```hcl 940 940 + # Full access to spindle KV v2 data 941 941 + path "spindle/data/*" { 942 942 + capabilities = ["create", "read", "update", "delete"] 943 943 + } 944 944 + 945 945 + # Access to metadata for listing and management 946 946 + path "spindle/metadata/*" { 947 947 + capabilities = ["list", "read", "delete", "update"] 948 948 + } 949 949 + 950 950 + # Allow listing at root level 951 951 + path "spindle/" { 952 952 + capabilities = ["list"] 953 953 + } 954 954 + 955 955 + # Required for connection testing and health checks 956 956 + path "auth/token/lookup-self" { 957 957 + capabilities = ["read"] 958 958 + } 959 959 + ``` 960 960 + 961 961 + Apply the policy and create an AppRole: 962 962 + 963 963 + ```bash 964 964 + bao policy write spindle-policy spindle-policy.hcl 965 965 + bao auth enable approle 966 966 + bao write auth/approle/role/spindle \ 967 967 + token_policies="spindle-policy" \ 968 968 + token_ttl=1h \ 969 969 + token_max_ttl=4h \ 970 970 + bind_secret_id=true \ 971 971 + secret_id_ttl=0 \ 972 972 + secret_id_num_uses=0 973 973 + ``` 974 974 + 975 975 + Get the credentials: 976 976 + 977 977 + ```bash 978 978 + # Get role ID (static) 979 979 + ROLE_ID=$(bao read -field=role_id auth/approle/role/spindle/role-id) 980 980 + 981 981 + # Generate secret ID 982 982 + SECRET_ID=$(bao write -f -field=secret_id auth/approle/role/spindle/secret-id) 983 983 + 984 984 + echo "Role ID: $ROLE_ID" 985 985 + echo "Secret ID: $SECRET_ID" 986 986 + ``` 987 987 + 988 988 + #### Create proxy configuration 989 989 + 990 990 + Create the credential files: 991 991 + 992 992 + ```bash 993 993 + # Create directory for OpenBao files 994 994 + mkdir -p /tmp/openbao 995 995 + 996 996 + # Save credentials 997 997 + echo "$ROLE_ID" > /tmp/openbao/role-id 998 998 + echo "$SECRET_ID" > /tmp/openbao/secret-id 999 999 + chmod 600 /tmp/openbao/role-id /tmp/openbao/secret-id 1000 1000 + ``` 1001 1001 + 1002 1002 + Create a proxy configuration file `/tmp/openbao/proxy.hcl`: 1003 1003 + 1004 1004 + ```hcl 1005 1005 + # OpenBao server connection 1006 1006 + vault { 1007 1007 + address = "http://localhost:8200" 1008 1008 + } 1009 1009 + 1010 1010 + # Auto-Auth using AppRole 1011 1011 + auto_auth { 1012 1012 + method "approle" { 1013 1013 + mount_path = "auth/approle" 1014 1014 + config = { 1015 1015 + role_id_file_path = "/tmp/openbao/role-id" 1016 1016 + secret_id_file_path = "/tmp/openbao/secret-id" 1017 1017 + } 1018 1018 + } 1019 1019 + 1020 1020 + # Optional: write token to file for debugging 1021 1021 + sink "file" { 1022 1022 + config = { 1023 1023 + path = "/tmp/openbao/token" 1024 1024 + mode = 0640 1025 1025 + } 1026 1026 + } 1027 1027 + } 1028 1028 + 1029 1029 + # Proxy listener for spindle 1030 1030 + listener "tcp" { 1031 1031 + address = "127.0.0.1:8201" 1032 1032 + tls_disable = true 1033 1033 + } 1034 1034 + 1035 1035 + # Enable API proxy with auto-auth token 1036 1036 + api_proxy { 1037 1037 + use_auto_auth_token = true 1038 1038 + } 1039 1039 + 1040 1040 + # Enable response caching 1041 1041 + cache { 1042 1042 + use_auto_auth_token = true 1043 1043 + } 1044 1044 + 1045 1045 + # Logging 1046 1046 + log_level = "info" 1047 1047 + ``` 1048 1048 + 1049 1049 + #### Start the proxy 1050 1050 + 1051 1051 + Start OpenBao Proxy: 1052 1052 + 1053 1053 + ```bash 1054 1054 + bao proxy -config=/tmp/openbao/proxy.hcl 1055 1055 + ``` 1056 1056 + 1057 1057 + The proxy will authenticate with OpenBao and start listening on 1058 1058 + `127.0.0.1:8201`. 1059 1059 + 1060 1060 + #### Configure spindle 1061 1061 + 1062 1062 + Set these environment variables for spindle: 1063 1063 + 1064 1064 + ```bash 1065 1065 + export SPINDLE_SERVER_SECRETS_PROVIDER=openbao 1066 1066 + export SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR=http://127.0.0.1:8201 1067 1067 + export SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT=spindle 1068 1068 + ``` 1069 1069 + 1070 1070 + On startup, spindle will now connect to the local proxy, 1071 1071 + which handles all authentication automatically. 1072 1072 + 1073 1073 + ### Production setup for proxy 1074 1074 + 1075 1075 + For production, you'll want to run the proxy as a service: 1076 1076 + 1077 1077 + Place your production configuration in 1078 1078 + `/etc/openbao/proxy.hcl` with proper TLS settings for the 1079 1079 + vault connection. 1080 1080 + 1081 1081 + ### Verifying setup 1082 1082 + 1083 1083 + Test the proxy directly: 1084 1084 + 1085 1085 + ```bash 1086 1086 + # Check proxy health 1087 1087 + curl -H "X-Vault-Request: true" http://127.0.0.1:8201/v1/sys/health 1088 1088 + 1089 1089 + # Test token lookup through proxy 1090 1090 + curl -H "X-Vault-Request: true" http://127.0.0.1:8201/v1/auth/token/lookup-self 1091 1091 + ``` 1092 1092 + 1093 1093 + Test OpenBao operations through the server: 1094 1094 + 1095 1095 + ```bash 1096 1096 + # List all secrets 1097 1097 + bao kv list spindle/ 1098 1098 + 1099 1099 + # Add a test secret via the spindle API, then check it exists 1100 1100 + bao kv list spindle/repos/ 1101 1101 + 1102 1102 + # Get a specific secret 1103 1103 + bao kv get spindle/repos/your_repo_path/SECRET_NAME 1104 1104 + ``` 1105 1105 + 1106 1106 + ### How it works 1107 1107 + 1108 1108 + - Spindle connects to OpenBao Proxy on localhost (typically 1109 1109 + port 8200 or 8201) 1110 1110 + - The proxy authenticates with OpenBao using AppRole 1111 1111 + credentials 1112 1112 + - All spindle requests go through the proxy, which injects 1113 1113 + authentication tokens 1114 1114 + - Secrets are stored at 1115 1115 + `spindle/repos/{sanitized_repo_path}/{secret_key}` 1116 1116 + - Repository paths like `did:plc:alice/myrepo` become 1117 1117 + `did_plc_alice_myrepo` 1118 1118 + - The proxy handles all token renewal automatically 1119 1119 + - Spindle no longer manages tokens or authentication 1120 1120 + directly 1121 1121 + 1122 1122 + ### Troubleshooting 1123 1123 + 1124 1124 + **Connection refused**: Check that the OpenBao Proxy is 1125 1125 + running and listening on the configured address. 1126 1126 + 1127 1127 + **403 errors**: Verify the AppRole credentials are correct 1128 1128 + and the policy has the necessary permissions. 1129 1129 + 1130 1130 + **404 route errors**: The spindle KV mount probably doesn't 1131 1131 + exist—run the mount creation step again. 1132 1132 + 1133 1133 + **Proxy authentication failures**: Check the proxy logs and 1134 1134 + verify the role-id and secret-id files are readable and 1135 1135 + contain valid credentials. 1136 1136 + 1137 1137 + **Secret not found after writing**: This can indicate policy 1138 1138 + permission issues. Verify the policy includes both 1139 1139 + `spindle/data/*` and `spindle/metadata/*` paths with 1140 1140 + appropriate capabilities. 1141 1141 + 1142 1142 + Check proxy logs: 1143 1143 + 1144 1144 + ```bash 1145 1145 + # If running as systemd service 1146 1146 + journalctl -u openbao-proxy -f 1147 1147 + 1148 1148 + # If running directly, check the console output 1149 1149 + ``` 1150 1150 + 1151 1151 + Test AppRole authentication manually: 1152 1152 + 1153 1153 + ```bash 1154 1154 + bao write auth/approle/login \ 1155 1155 + role_id="$(cat /tmp/openbao/role-id)" \ 1156 1156 + secret_id="$(cat /tmp/openbao/secret-id)" 1157 1157 + ``` 1158 1158 + 1159 1159 + # Migrating knots and spindles 1160 1160 + 1161 1161 + Sometimes, non-backwards compatible changes are made to the 1162 1162 + knot/spindle XRPC APIs. If you host a knot or a spindle, you 1163 1163 + will need to follow this guide to upgrade. Typically, this 1164 1164 + only requires you to deploy the newest version. 1165 1165 + 1166 1166 + This document is laid out in reverse-chronological order. 1167 1167 + Newer migration guides are listed first, and older guides 1168 1168 + are further down the page. 1169 1169 + 1170 1170 + ## Upgrading from v1.8.x 1171 1171 + 1172 1172 + After v1.8.2, the HTTP API for knots and spindles has been 1173 1173 + deprecated and replaced with XRPC. Repositories on outdated 1174 1174 + knots will not be viewable from the appview. Upgrading is 1175 1175 + straightforward however. 1176 1176 + 1177 1177 + For knots: 1178 1178 + 1179 1179 + - Upgrade to the latest tag (v1.9.0 or above) 1180 1180 + - Head to the [knot dashboard](https://tangled.org/settings/knots) and 1181 1181 + hit the "retry" button to verify your knot 1182 1182 + 1183 1183 + For spindles: 1184 1184 + 1185 1185 + - Upgrade to the latest tag (v1.9.0 or above) 1186 1186 + - Head to the [spindle 1187 1187 + dashboard](https://tangled.org/settings/spindles) and hit the 1188 1188 + "retry" button to verify your spindle 1189 1189 + 1190 1190 + ## Upgrading from v1.7.x 1191 1191 + 1192 1192 + After v1.7.0, knot secrets have been deprecated. You no 1193 1193 + longer need a secret from the appview to run a knot. All 1194 1194 + authorized commands to knots are managed via [Inter-Service 1195 1195 + Authentication](https://atproto.com/specs/xrpc#inter-service-authentication-jwt). 1196 1196 + Knots will be read-only until upgraded. 1197 1197 + 1198 1198 + Upgrading is quite easy, in essence: 1199 1199 + 1200 1200 + - `KNOT_SERVER_SECRET` is no more, you can remove this 1201 1201 + environment variable entirely 1202 1202 + - `KNOT_SERVER_OWNER` is now required on boot, set this to 1203 1203 + your DID. You can find your DID in the 1204 1204 + [settings](https://tangled.org/settings) page. 1205 1205 + - Restart your knot once you have replaced the environment 1206 1206 + variable 1207 1207 + - Head to the [knot dashboard](https://tangled.org/settings/knots) and 1208 1208 + hit the "retry" button to verify your knot. This simply 1209 1209 + writes a `sh.tangled.knot` record to your PDS. 1210 1210 + 1211 1211 + If you use the nix module, simply bump the flake to the 1212 1212 + latest revision, and change your config block like so: 1213 1213 + 1214 1214 + ```diff 1215 1215 + services.tangled.knot = { 1216 1216 + enable = true; 1217 1217 + server = { 1218 1218 + - secretFile = /path/to/secret; 1219 1219 + + owner = "did:plc:foo"; 1220 1220 + }; 1221 1221 + }; 1222 1222 + ``` 1223 1223 + 1224 1224 + # Hacking on Tangled 1225 1225 + 1226 1226 + We highly recommend [installing 1227 1227 + Nix](https://nixos.org/download/) (the package manager) 1228 1228 + before working on the codebase. The Nix flake provides a lot 1229 1229 + of helpers to get started and most importantly, builds and 1230 1230 + dev shells are entirely deterministic. 1231 1231 + 1232 1232 + To set up your dev environment: 1233 1233 + 1234 1234 + ```bash 1235 1235 + nix develop 1236 1236 + ``` 1237 1237 + 1238 1238 + Non-Nix users can look at the `devShell` attribute in the 1239 1239 + `flake.nix` file to determine necessary dependencies. 1240 1240 + 1241 1241 + ## Running the appview 1242 1242 + 1243 1243 + The Nix flake also exposes a few `app` attributes (run `nix 1244 1244 + flake show` to see a full list of what the flake provides), 1245 1245 + one of the apps runs the appview with the `air` 1246 1246 + live-reloader: 1247 1247 + 1248 1248 + ```bash 1249 1249 + TANGLED_DEV=true nix run .#watch-appview 1250 1250 + 1251 1251 + # TANGLED_DB_PATH might be of interest to point to 1252 1252 + # different sqlite DBs 1253 1253 + 1254 1254 + # in a separate shell, you can live-reload tailwind 1255 1255 + nix run .#watch-tailwind 1256 1256 + ``` 1257 1257 + 1258 1258 + To authenticate with the appview, you will need Redis and 1259 1259 + OAuth JWKs to be set up: 1260 1260 + 1261 1261 + ``` 1262 1262 + # OAuth JWKs should already be set up by the Nix devshell: 1263 1263 + echo $TANGLED_OAUTH_CLIENT_SECRET 1264 1264 + z42ty4RT1ovnTopY8B8ekz9NuziF2CuMkZ7rbRFpAR9jBqMc 1265 1265 + 1266 1266 + echo $TANGLED_OAUTH_CLIENT_KID 1267 1267 + 1761667908 1268 1268 + 1269 1269 + # if not, you can set it up yourself: 1270 1270 + goat key generate -t P-256 1271 1271 + Key Type: P-256 / secp256r1 / ES256 private key 1272 1272 + Secret Key (Multibase Syntax): save this securely (eg, add to password manager) 1273 1273 + z42tuPDKRfM2mz2Kv953ARen2jmrPA8S9LX9tRq4RVcUMwwL 1274 1274 + Public Key (DID Key Syntax): share or publish this (eg, in DID document) 1275 1275 + did:key:zDnaeUBxtG6Xuv3ATJE4GaWeyXM3jyamJsZw3bSPpxx4bNXDR 1276 1276 + 1277 1277 + # the secret key from above 1278 1278 + export TANGLED_OAUTH_CLIENT_SECRET="z42tuP..." 1279 1279 + 1280 1280 + # Run Redis in a new shell to store OAuth sessions 1281 1281 + redis-server 1282 1282 + ``` 1283 1283 + 1284 1284 + ## Running knots and spindles 1285 1285 + 1286 1286 + An end-to-end knot setup requires setting up a machine with 1287 1287 + `sshd`, `AuthorizedKeysCommand`, and a Git user, which is 1288 1288 + quite cumbersome. So the Nix flake provides a 1289 1289 + `nixosConfiguration` to do so. 1290 1290 + 1291 1291 + <details> 1292 1292 + <summary><strong>macOS users will have to set up a Nix Builder first</strong></summary> 1293 1293 + 1294 1294 + In order to build Tangled's dev VM on macOS, you will 1295 1295 + first need to set up a Linux Nix builder. The recommended 1296 1296 + way to do so is to run a [`darwin.linux-builder` 1297 1297 + VM](https://nixos.org/manual/nixpkgs/unstable/#sec-darwin-builder) 1298 1298 + and to register it in `nix.conf` as a builder for Linux 1299 1299 + with the same architecture as your Mac (`linux-aarch64` if 1300 1300 + you are using Apple Silicon). 1301 1301 + 1302 1302 + > IMPORTANT: You must build `darwin.linux-builder` somewhere other than inside 1303 1303 + > the Tangled repo so that it doesn't conflict with the other VM. For example, 1304 1304 + > you can do 1305 1305 + > 1306 1306 + > ```shell 1307 1307 + > cd $(mktemp -d buildervm.XXXXX) && nix run nixpkgs#darwin.linux-builder 1308 1308 + > ``` 1309 1309 + > 1310 1310 + > to store the builder VM in a temporary dir. 1311 1311 + > 1312 1312 + > You should read and follow [all the other intructions][darwin builder vm] to 1313 1313 + > avoid subtle problems. 1314 1314 + 1315 1315 + Alternatively, you can use any other method to set up a 1316 1316 + Linux machine with Nix installed that you can `sudo ssh` 1317 1317 + into (in other words, root user on your Mac has to be able 1318 1318 + to ssh into the Linux machine without entering a password) 1319 1319 + and that has the same architecture as your Mac. See 1320 1320 + [remote builder 1321 1321 + instructions](https://nix.dev/manual/nix/2.28/advanced-topics/distributed-builds.html#requirements) 1322 1322 + for how to register such a builder in `nix.conf`. 1323 1323 + 1324 1324 + > WARNING: If you'd like to use 1325 1325 + > [`nixos-lima`](https://github.com/nixos-lima/nixos-lima) or 1326 1326 + > [Orbstack](https://orbstack.dev/), note that setting them up so that `sudo 1327 1327 + > ssh` works can be tricky. It seems to be [possible with 1328 1328 + > Orbstack](https://github.com/orgs/orbstack/discussions/1669). 1329 1329 + 1330 1330 + </details> 1331 1331 + 1332 1332 + To begin, grab your DID from http://localhost:3000/settings. 1333 1333 + Then, set `TANGLED_VM_KNOT_OWNER` and 1334 1334 + `TANGLED_VM_SPINDLE_OWNER` to your DID. You can now start a 1335 1335 + lightweight NixOS VM like so: 1336 1336 + 1337 1337 + ```bash 1338 1338 + nix run --impure .#vm 1339 1339 + 1340 1340 + # type `poweroff` at the shell to exit the VM 1341 1341 + ``` 1342 1342 + 1343 1343 + This starts a knot on port 6444, a spindle on port 6555 1344 1344 + with `ssh` exposed on port 2222. 1345 1345 + 1346 1346 + Once the services are running, head to 1347 1347 + http://localhost:3000/settings/knots and hit "Verify". It should 1348 1348 + verify the ownership of the services instantly if everything 1349 1349 + went smoothly. 1350 1350 + 1351 1351 + You can push repositories to this VM with this ssh config 1352 1352 + block on your main machine: 1353 1353 + 1354 1354 + ```bash 1355 1355 + Host nixos-shell 1356 1356 + Hostname localhost 1357 1357 + Port 2222 1358 1358 + User git 1359 1359 + IdentityFile ~/.ssh/my_tangled_key 1360 1360 + ``` 1361 1361 + 1362 1362 + Set up a remote called `local-dev` on a git repo: 1363 1363 + 1364 1364 + ```bash 1365 1365 + git remote add local-dev git@nixos-shell:user/repo 1366 1366 + git push local-dev main 1367 1367 + ``` 1368 1368 + 1369 1369 + The above VM should already be running a spindle on 1370 1370 + `localhost:6555`. Head to http://localhost:3000/settings/spindles and 1371 1371 + hit "Verify". You can then configure each repository to use 1372 1372 + this spindle and run CI jobs. 1373 1373 + 1374 1374 + Of interest when debugging spindles: 1375 1375 + 1376 1376 + ``` 1377 1377 + # Service logs from journald: 1378 1378 + journalctl -xeu spindle 1379 1379 + 1380 1380 + # CI job logs from disk: 1381 1381 + ls /var/log/spindle 1382 1382 + 1383 1383 + # Debugging spindle database: 1384 1384 + sqlite3 /var/lib/spindle/spindle.db 1385 1385 + 1386 1386 + # litecli has a nicer REPL interface: 1387 1387 + litecli /var/lib/spindle/spindle.db 1388 1388 + ``` 1389 1389 + 1390 1390 + If for any reason you wish to disable either one of the 1391 1391 + services in the VM, modify [nix/vm.nix](/nix/vm.nix) and set 1392 1392 + `services.tangled.spindle.enable` (or 1393 1393 + `services.tangled.knot.enable`) to `false`. 1394 1394 + 1395 1395 + # Contribution guide 1396 1396 + 1397 1397 + ## Commit guidelines 1398 1398 + 1399 1399 + We follow a commit style similar to the Go project. Please keep commits: 1400 1400 + 1401 1401 + * **atomic**: each commit should represent one logical change 1402 1402 + * **descriptive**: the commit message should clearly describe what the 1403 1403 + change does and why it's needed 1404 1404 + 1405 1405 + ### Message format 1406 1406 + 1407 1407 + ``` 1408 1408 + <service/top-level directory>/<affected package/directory>: <short summary of change> 1409 1409 + 1410 1410 + Optional longer description can go here, if necessary. Explain what the 1411 1411 + change does and why, especially if not obvious. Reference relevant 1412 1412 + issues or PRs when applicable. These can be links for now since we don't 1413 1413 + auto-link issues/PRs yet. 1414 1414 + ``` 1415 1415 + 1416 1416 + Here are some examples: 1417 1417 + 1418 1418 + ``` 1419 1419 + appview/state: fix token expiry check in middleware 1420 1420 + 1421 1421 + The previous check did not account for clock drift, leading to premature 1422 1422 + token invalidation. 1423 1423 + ``` 1424 1424 + 1425 1425 + ``` 1426 1426 + knotserver/git/service: improve error checking in upload-pack 1427 1427 + ``` 1428 1428 + 1429 1429 + 1430 1430 + ### General notes 1431 1431 + 1432 1432 + - PRs get merged "as-is" (fast-forward)—like applying a patch-series 1433 1433 + using `git am`. At present, there is no squashing—so please author 1434 1434 + your commits as they would appear on `master`, following the above 1435 1435 + guidelines. 1436 1436 + - If there is a lot of nesting, for example "appview: 1437 1437 + pages/templates/repo/fragments: ...", these can be truncated down to 1438 1438 + just "appview: repo/fragments: ...". If the change affects a lot of 1439 1439 + subdirectories, you may abbreviate to just the top-level names, e.g. 1440 1440 + "appview: ..." or "knotserver: ...". 1441 1441 + - Keep commits lowercased with no trailing period. 1442 1442 + - Use the imperative mood in the summary line (e.g., "fix bug" not 1443 1443 + "fixed bug" or "fixes bug"). 1444 1444 + - Try to keep the summary line under 72 characters, but we aren't too 1445 1445 + fussed about this. 1446 1446 + - Follow the same formatting for PR titles if filled manually. 1447 1447 + - Don't include unrelated changes in the same commit. 1448 1448 + - Avoid noisy commit messages like "wip" or "final fix"—rewrite history 1449 1449 + before submitting if necessary. 1450 1450 + 1451 1451 + ## Code formatting 1452 1452 + 1453 1453 + We use a variety of tools to format our code, and multiplex them with 1454 1454 + [`treefmt`](https://treefmt.com). All you need to do to format your changes 1455 1455 + is run `nix run .#fmt` (or just `treefmt` if you're in the devshell). 1456 1456 + 1457 1457 + ## Proposals for bigger changes 1458 1458 + 1459 1459 + Small fixes like typos, minor bugs, or trivial refactors can be 1460 1460 + submitted directly as PRs. 1461 1461 + 1462 1462 + For larger changes—especially those introducing new features, significant 1463 1463 + refactoring, or altering system behavior—please open a proposal first. This 1464 1464 + helps us evaluate the scope, design, and potential impact before implementation. 1465 1465 + 1466 1466 + Create a new issue titled: 1467 1467 + 1468 1468 + ``` 1469 1469 + proposal: <affected scope>: <summary of change> 1470 1470 + ``` 1471 1471 + 1472 1472 + In the description, explain: 1473 1473 + 1474 1474 + - What the change is 1475 1475 + - Why it's needed 1476 1476 + - How you plan to implement it (roughly) 1477 1477 + - Any open questions or tradeoffs 1478 1478 + 1479 1479 + We'll use the issue thread to discuss and refine the idea before moving 1480 1480 + forward. 1481 1481 + 1482 1482 + ## Developer Certificate of Origin (DCO) 1483 1483 + 1484 1484 + We require all contributors to certify that they have the right to 1485 1485 + submit the code they're contributing. To do this, we follow the 1486 1486 + [Developer Certificate of Origin 1487 1487 + (DCO)](https://developercertificate.org/). 1488 1488 + 1489 1489 + By signing your commits, you're stating that the contribution is your 1490 1490 + own work, or that you have the right to submit it under the project's 1491 1491 + license. This helps us keep things clean and legally sound. 1492 1492 + 1493 1493 + To sign your commit, just add the `-s` flag when committing: 1494 1494 + 1495 1495 + ```sh 1496 1496 + git commit -s -m "your commit message" 1497 1497 + ``` 1498 1498 + 1499 1499 + This appends a line like: 1500 1500 + 1501 1501 + ``` 1502 1502 + Signed-off-by: Your Name <your.email@example.com> 1503 1503 + ``` 1504 1504 + 1505 1505 + We won't merge commits if they aren't signed off. If you forget, you can 1506 1506 + amend the last commit like this: 1507 1507 + 1508 1508 + ```sh 1509 1509 + git commit --amend -s 1510 1510 + ``` 1511 1511 + 1512 1512 + If you're submitting a PR with multiple commits, make sure each one is 1513 1513 + signed. 1514 1514 + 1515 1515 + For [jj](https://jj-vcs.github.io/jj/latest/) users, you can run the following command 1516 1516 + to make it sign off commits in the tangled repo: 1517 1517 + 1518 1518 + ```shell 1519 1519 + # Safety check, should say "No matching config key..." 1520 1520 + jj config list templates.commit_trailers 1521 1521 + # The command below may need to be adjusted if the command above returned something. 1522 1522 + jj config set --repo templates.commit_trailers "format_signed_off_by_trailer(self)" 1523 1523 + ``` 1524 1524 + 1525 1525 + Refer to the [jujutsu 1526 1526 + documentation](https://jj-vcs.github.io/jj/latest/config/#commit-trailers) 1527 1527 + for more information.

-136

docs/contributing.md

··· 1 1 - # tangled contributing guide 2 2 - 3 3 - ## commit guidelines 4 4 - 5 5 - We follow a commit style similar to the Go project. Please keep commits: 6 6 - 7 7 - * **atomic**: each commit should represent one logical change 8 8 - * **descriptive**: the commit message should clearly describe what the 9 9 - change does and why it's needed 10 10 - 11 11 - ### message format 12 12 - 13 13 - ``` 14 14 - <service/top-level directory>/<affected package/directory>: <short summary of change> 15 15 - 16 16 - 17 17 - Optional longer description can go here, if necessary. Explain what the 18 18 - change does and why, especially if not obvious. Reference relevant 19 19 - issues or PRs when applicable. These can be links for now since we don't 20 20 - auto-link issues/PRs yet. 21 21 - ``` 22 22 - 23 23 - Here are some examples: 24 24 - 25 25 - ``` 26 26 - appview/state: fix token expiry check in middleware 27 27 - 28 28 - The previous check did not account for clock drift, leading to premature 29 29 - token invalidation. 30 30 - ``` 31 31 - 32 32 - ``` 33 33 - knotserver/git/service: improve error checking in upload-pack 34 34 - ``` 35 35 - 36 36 - 37 37 - ### general notes 38 38 - 39 39 - - PRs get merged "as-is" (fast-forward) -- like applying a patch-series 40 40 - using `git am`. At present, there is no squashing -- so please author 41 41 - your commits as they would appear on `master`, following the above 42 42 - guidelines. 43 43 - - If there is a lot of nesting, for example "appview: 44 44 - pages/templates/repo/fragments: ...", these can be truncated down to 45 45 - just "appview: repo/fragments: ...". If the change affects a lot of 46 46 - subdirectories, you may abbreviate to just the top-level names, e.g. 47 47 - "appview: ..." or "knotserver: ...". 48 48 - - Keep commits lowercased with no trailing period. 49 49 - - Use the imperative mood in the summary line (e.g., "fix bug" not 50 50 - "fixed bug" or "fixes bug"). 51 51 - - Try to keep the summary line under 72 characters, but we aren't too 52 52 - fussed about this. 53 53 - - Follow the same formatting for PR titles if filled manually. 54 54 - - Don't include unrelated changes in the same commit. 55 55 - - Avoid noisy commit messages like "wip" or "final fix"—rewrite history 56 56 - before submitting if necessary. 57 57 - 58 58 - ## code formatting 59 59 - 60 60 - We use a variety of tools to format our code, and multiplex them with 61 61 - [`treefmt`](https://treefmt.com): all you need to do to format your changes 62 62 - is run `nix run .#fmt` (or just `treefmt` if you're in the devshell). 63 63 - 64 64 - ## proposals for bigger changes 65 65 - 66 66 - Small fixes like typos, minor bugs, or trivial refactors can be 67 67 - submitted directly as PRs. 68 68 - 69 69 - For larger changes—especially those introducing new features, significant 70 70 - refactoring, or altering system behavior—please open a proposal first. This 71 71 - helps us evaluate the scope, design, and potential impact before implementation. 72 72 - 73 73 - ### proposal format 74 74 - 75 75 - Create a new issue titled: 76 76 - 77 77 - ``` 78 78 - proposal: <affected scope>: <summary of change> 79 79 - ``` 80 80 - 81 81 - In the description, explain: 82 82 - 83 83 - - What the change is 84 84 - - Why it's needed 85 85 - - How you plan to implement it (roughly) 86 86 - - Any open questions or tradeoffs 87 87 - 88 88 - We'll use the issue thread to discuss and refine the idea before moving 89 89 - forward. 90 90 - 91 91 - ## developer certificate of origin (DCO) 92 92 - 93 93 - We require all contributors to certify that they have the right to 94 94 - submit the code they're contributing. To do this, we follow the 95 95 - [Developer Certificate of Origin 96 96 - (DCO)](https://developercertificate.org/). 97 97 - 98 98 - By signing your commits, you're stating that the contribution is your 99 99 - own work, or that you have the right to submit it under the project's 100 100 - license. This helps us keep things clean and legally sound. 101 101 - 102 102 - To sign your commit, just add the `-s` flag when committing: 103 103 - 104 104 - ```sh 105 105 - git commit -s -m "your commit message" 106 106 - ``` 107 107 - 108 108 - This appends a line like: 109 109 - 110 110 - ``` 111 111 - Signed-off-by: Your Name <your.email@example.com> 112 112 - ``` 113 113 - 114 114 - We won't merge commits if they aren't signed off. If you forget, you can 115 115 - amend the last commit like this: 116 116 - 117 117 - ```sh 118 118 - git commit --amend -s 119 119 - ``` 120 120 - 121 121 - If you're submitting a PR with multiple commits, make sure each one is 122 122 - signed. 123 123 - 124 124 - For [jj](https://jj-vcs.github.io/jj/latest/) users, you can run the following command 125 125 - to make it sign off commits in the tangled repo: 126 126 - 127 127 - ```shell 128 128 - # Safety check, should say "No matching config key..." 129 129 - jj config list templates.commit_trailers 130 130 - # The command below may need to be adjusted if the command above returned something. 131 131 - jj config set --repo templates.commit_trailers "format_signed_off_by_trailer(self)" 132 132 - ``` 133 133 - 134 134 - Refer to the [jj 135 135 - documentation](https://jj-vcs.github.io/jj/latest/config/#commit-trailers) 136 136 - for more information.

-172

docs/hacking.md

··· 1 1 - # hacking on tangled 2 2 - 3 3 - We highly recommend [installing 4 4 - nix](https://nixos.org/download/) (the package manager) 5 5 - before working on the codebase. The nix flake provides a lot 6 6 - of helpers to get started and most importantly, builds and 7 7 - dev shells are entirely deterministic. 8 8 - 9 9 - To set up your dev environment: 10 10 - 11 11 - ```bash 12 12 - nix develop 13 13 - ``` 14 14 - 15 15 - Non-nix users can look at the `devShell` attribute in the 16 16 - `flake.nix` file to determine necessary dependencies. 17 17 - 18 18 - ## running the appview 19 19 - 20 20 - The nix flake also exposes a few `app` attributes (run `nix 21 21 - flake show` to see a full list of what the flake provides), 22 22 - one of the apps runs the appview with the `air` 23 23 - live-reloader: 24 24 - 25 25 - ```bash 26 26 - TANGLED_DEV=true nix run .#watch-appview 27 27 - 28 28 - # TANGLED_DB_PATH might be of interest to point to 29 29 - # different sqlite DBs 30 30 - 31 31 - # in a separate shell, you can live-reload tailwind 32 32 - nix run .#watch-tailwind 33 33 - ``` 34 34 - 35 35 - To authenticate with the appview, you will need redis and 36 36 - OAUTH JWKs to be setup: 37 37 - 38 38 - ``` 39 39 - # oauth jwks should already be setup by the nix devshell: 40 40 - echo $TANGLED_OAUTH_CLIENT_SECRET 41 41 - z42ty4RT1ovnTopY8B8ekz9NuziF2CuMkZ7rbRFpAR9jBqMc 42 42 - 43 43 - echo $TANGLED_OAUTH_CLIENT_KID 44 44 - 1761667908 45 45 - 46 46 - # if not, you can set it up yourself: 47 47 - goat key generate -t P-256 48 48 - Key Type: P-256 / secp256r1 / ES256 private key 49 49 - Secret Key (Multibase Syntax): save this securely (eg, add to password manager) 50 50 - z42tuPDKRfM2mz2Kv953ARen2jmrPA8S9LX9tRq4RVcUMwwL 51 51 - Public Key (DID Key Syntax): share or publish this (eg, in DID document) 52 52 - did:key:zDnaeUBxtG6Xuv3ATJE4GaWeyXM3jyamJsZw3bSPpxx4bNXDR 53 53 - 54 54 - # the secret key from above 55 55 - export TANGLED_OAUTH_CLIENT_SECRET="z42tuP..." 56 56 - 57 57 - # run redis in at a new shell to store oauth sessions 58 58 - redis-server 59 59 - ``` 60 60 - 61 61 - ## running knots and spindles 62 62 - 63 63 - An end-to-end knot setup requires setting up a machine with 64 64 - `sshd`, `AuthorizedKeysCommand`, and git user, which is 65 65 - quite cumbersome. So the nix flake provides a 66 66 - `nixosConfiguration` to do so. 67 67 - 68 68 - <details> 69 69 - <summary><strong>MacOS users will have to setup a Nix Builder first</strong></summary> 70 70 - 71 71 - In order to build Tangled's dev VM on macOS, you will 72 72 - first need to set up a Linux Nix builder. The recommended 73 73 - way to do so is to run a [`darwin.linux-builder` 74 74 - VM](https://nixos.org/manual/nixpkgs/unstable/#sec-darwin-builder) 75 75 - and to register it in `nix.conf` as a builder for Linux 76 76 - with the same architecture as your Mac (`linux-aarch64` if 77 77 - you are using Apple Silicon). 78 78 - 79 79 - > IMPORTANT: You must build `darwin.linux-builder` somewhere other than inside 80 80 - > the tangled repo so that it doesn't conflict with the other VM. For example, 81 81 - > you can do 82 82 - > 83 83 - > ```shell 84 84 - > cd $(mktemp -d buildervm.XXXXX) && nix run nixpkgs#darwin.linux-builder 85 85 - > ``` 86 86 - > 87 87 - > to store the builder VM in a temporary dir. 88 88 - > 89 89 - > You should read and follow [all the other intructions][darwin builder vm] to 90 90 - > avoid subtle problems. 91 91 - 92 92 - Alternatively, you can use any other method to set up a 93 93 - Linux machine with `nix` installed that you can `sudo ssh` 94 94 - into (in other words, root user on your Mac has to be able 95 95 - to ssh into the Linux machine without entering a password) 96 96 - and that has the same architecture as your Mac. See 97 97 - [remote builder 98 98 - instructions](https://nix.dev/manual/nix/2.28/advanced-topics/distributed-builds.html#requirements) 99 99 - for how to register such a builder in `nix.conf`. 100 100 - 101 101 - > WARNING: If you'd like to use 102 102 - > [`nixos-lima`](https://github.com/nixos-lima/nixos-lima) or 103 103 - > [Orbstack](https://orbstack.dev/), note that setting them up so that `sudo 104 104 - > ssh` works can be tricky. It seems to be [possible with 105 105 - > Orbstack](https://github.com/orgs/orbstack/discussions/1669). 106 106 - 107 107 - </details> 108 108 - 109 109 - To begin, grab your DID from http://localhost:3000/settings. 110 110 - Then, set `TANGLED_VM_KNOT_OWNER` and 111 111 - `TANGLED_VM_SPINDLE_OWNER` to your DID. You can now start a 112 112 - lightweight NixOS VM like so: 113 113 - 114 114 - ```bash 115 115 - nix run --impure .#vm 116 116 - 117 117 - # type `poweroff` at the shell to exit the VM 118 118 - ``` 119 119 - 120 120 - This starts a knot on port 6444, a spindle on port 6555 121 121 - with `ssh` exposed on port 2222. 122 122 - 123 123 - Once the services are running, head to 124 124 - http://localhost:3000/settings/knots and hit verify. It should 125 125 - verify the ownership of the services instantly if everything 126 126 - went smoothly. 127 127 - 128 128 - You can push repositories to this VM with this ssh config 129 129 - block on your main machine: 130 130 - 131 131 - ```bash 132 132 - Host nixos-shell 133 133 - Hostname localhost 134 134 - Port 2222 135 135 - User git 136 136 - IdentityFile ~/.ssh/my_tangled_key 137 137 - ``` 138 138 - 139 139 - Set up a remote called `local-dev` on a git repo: 140 140 - 141 141 - ```bash 142 142 - git remote add local-dev git@nixos-shell:user/repo 143 143 - git push local-dev main 144 144 - ``` 145 145 - 146 146 - ### running a spindle 147 147 - 148 148 - The above VM should already be running a spindle on 149 149 - `localhost:6555`. Head to http://localhost:3000/settings/spindles and 150 150 - hit verify. You can then configure each repository to use 151 151 - this spindle and run CI jobs. 152 152 - 153 153 - Of interest when debugging spindles: 154 154 - 155 155 - ``` 156 156 - # service logs from journald: 157 157 - journalctl -xeu spindle 158 158 - 159 159 - # CI job logs from disk: 160 160 - ls /var/log/spindle 161 161 - 162 162 - # debugging spindle db: 163 163 - sqlite3 /var/lib/spindle/spindle.db 164 164 - 165 165 - # litecli has a nicer REPL interface: 166 166 - litecli /var/lib/spindle/spindle.db 167 167 - ``` 168 168 - 169 169 - If for any reason you wish to disable either one of the 170 170 - services in the VM, modify [nix/vm.nix](/nix/vm.nix) and set 171 171 - `services.tangled.spindle.enable` (or 172 172 - `services.tangled.knot.enable`) to `false`.

+93

docs/highlight.theme

··· 1 1 + { 2 2 + "text-color": null, 3 3 + "background-color": null, 4 4 + "line-number-color": null, 5 5 + "line-number-background-color": null, 6 6 + "text-styles": { 7 7 + "Annotation": { 8 8 + "text-color": null, 9 9 + "background-color": null, 10 10 + "bold": false, 11 11 + "italic": true, 12 12 + "underline": false 13 13 + }, 14 14 + "ControlFlow": { 15 15 + "text-color": null, 16 16 + "background-color": null, 17 17 + "bold": true, 18 18 + "italic": false, 19 19 + "underline": false 20 20 + }, 21 21 + "Error": { 22 22 + "text-color": null, 23 23 + "background-color": null, 24 24 + "bold": true, 25 25 + "italic": false, 26 26 + "underline": false 27 27 + }, 28 28 + "Alert": { 29 29 + "text-color": null, 30 30 + "background-color": null, 31 31 + "bold": true, 32 32 + "italic": false, 33 33 + "underline": false 34 34 + }, 35 35 + "Preprocessor": { 36 36 + "text-color": null, 37 37 + "background-color": null, 38 38 + "bold": true, 39 39 + "italic": false, 40 40 + "underline": false 41 41 + }, 42 42 + "Information": { 43 43 + "text-color": null, 44 44 + "background-color": null, 45 45 + "bold": false, 46 46 + "italic": true, 47 47 + "underline": false 48 48 + }, 49 49 + "Warning": { 50 50 + "text-color": null, 51 51 + "background-color": null, 52 52 + "bold": false, 53 53 + "italic": true, 54 54 + "underline": false 55 55 + }, 56 56 + "Documentation": { 57 57 + "text-color": null, 58 58 + "background-color": null, 59 59 + "bold": false, 60 60 + "italic": true, 61 61 + "underline": false 62 62 + }, 63 63 + "DataType": { 64 64 + "text-color": "#8f4e8b", 65 65 + "background-color": null, 66 66 + "bold": false, 67 67 + "italic": false, 68 68 + "underline": false 69 69 + }, 70 70 + "Comment": { 71 71 + "text-color": null, 72 72 + "background-color": null, 73 73 + "bold": false, 74 74 + "italic": true, 75 75 + "underline": false 76 76 + }, 77 77 + "CommentVar": { 78 78 + "text-color": null, 79 79 + "background-color": null, 80 80 + "bold": false, 81 81 + "italic": true, 82 82 + "underline": false 83 83 + }, 84 84 + "Keyword": { 85 85 + "text-color": null, 86 86 + "background-color": null, 87 87 + "bold": true, 88 88 + "italic": false, 89 89 + "underline": false 90 90 + } 91 91 + } 92 92 + } 93 93 +

-214

docs/knot-hosting.md

··· 1 1 - # knot self-hosting guide 2 2 - 3 3 - So you want to run your own knot server? Great! Here are a few prerequisites: 4 4 - 5 5 - 1. A server of some kind (a VPS, a Raspberry Pi, etc.). Preferably running a Linux distribution of some kind. 6 6 - 2. A (sub)domain name. People generally use `knot.example.com`. 7 7 - 3. A valid SSL certificate for your domain. 8 8 - 9 9 - There's a couple of ways to get started: 10 10 - * NixOS: refer to 11 11 - [flake.nix](https://tangled.sh/@tangled.sh/core/blob/master/flake.nix) 12 12 - * Docker: Documented at 13 13 - [@tangled.sh/knot-docker](https://tangled.sh/@tangled.sh/knot-docker) 14 14 - (community maintained: support is not guaranteed!) 15 15 - * Manual: Documented below. 16 16 - 17 17 - ## manual setup 18 18 - 19 19 - First, clone this repository: 20 20 - 21 21 - ``` 22 22 - git clone https://tangled.org/@tangled.org/core 23 23 - ``` 24 24 - 25 25 - Then, build the `knot` CLI. This is the knot administration and operation tool. 26 26 - For the purpose of this guide, we're only concerned with these subcommands: 27 27 - 28 28 - * `knot server`: the main knot server process, typically run as a 29 29 - supervised service 30 30 - * `knot guard`: handles role-based access control for git over SSH 31 31 - (you'll never have to run this yourself) 32 32 - * `knot keys`: fetches SSH keys associated with your knot; we'll use 33 33 - this to generate the SSH `AuthorizedKeysCommand` 34 34 - 35 35 - ``` 36 36 - cd core 37 37 - export CGO_ENABLED=1 38 38 - go build -o knot ./cmd/knot 39 39 - ``` 40 40 - 41 41 - Next, move the `knot` binary to a location owned by `root` -- 42 42 - `/usr/local/bin/` is a good choice. Make sure the binary itself is also owned by `root`: 43 43 - 44 44 - ``` 45 45 - sudo mv knot /usr/local/bin/knot 46 46 - sudo chown root:root /usr/local/bin/knot 47 47 - ``` 48 48 - 49 49 - This is necessary because SSH `AuthorizedKeysCommand` requires [really 50 50 - specific permissions](https://stackoverflow.com/a/27638306). The 51 51 - `AuthorizedKeysCommand` specifies a command that is run by `sshd` to 52 52 - retrieve a user's public SSH keys dynamically for authentication. Let's 53 53 - set that up. 54 54 - 55 55 - ``` 56 56 - sudo tee /etc/ssh/sshd_config.d/authorized_keys_command.conf <<EOF 57 57 - Match User git 58 58 - AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys 59 59 - AuthorizedKeysCommandUser nobody 60 60 - EOF 61 61 - ``` 62 62 - 63 63 - Then, reload `sshd`: 64 64 - 65 65 - ``` 66 66 - sudo systemctl reload ssh 67 67 - ``` 68 68 - 69 69 - Next, create the `git` user. We'll use the `git` user's home directory 70 70 - to store repositories: 71 71 - 72 72 - ``` 73 73 - sudo adduser git 74 74 - ``` 75 75 - 76 76 - Create `/home/git/.knot.env` with the following, updating the values as 77 77 - necessary. The `KNOT_SERVER_OWNER` should be set to your 78 78 - DID, you can find your DID in the [Settings](https://tangled.sh/settings) page. 79 79 - 80 80 - ``` 81 81 - KNOT_REPO_SCAN_PATH=/home/git 82 82 - KNOT_SERVER_HOSTNAME=knot.example.com 83 83 - APPVIEW_ENDPOINT=https://tangled.sh 84 84 - KNOT_SERVER_OWNER=did:plc:foobar 85 85 - KNOT_SERVER_INTERNAL_LISTEN_ADDR=127.0.0.1:5444 86 86 - KNOT_SERVER_LISTEN_ADDR=127.0.0.1:5555 87 87 - ``` 88 88 - 89 89 - If you run a Linux distribution that uses systemd, you can use the provided 90 90 - service file to run the server. Copy 91 91 - [`knotserver.service`](/systemd/knotserver.service) 92 92 - to `/etc/systemd/system/`. Then, run: 93 93 - 94 94 - ``` 95 95 - systemctl enable knotserver 96 96 - systemctl start knotserver 97 97 - ``` 98 98 - 99 99 - The last step is to configure a reverse proxy like Nginx or Caddy to front your 100 100 - knot. Here's an example configuration for Nginx: 101 101 - 102 102 - ``` 103 103 - server { 104 104 - listen 80; 105 105 - listen [::]:80; 106 106 - server_name knot.example.com; 107 107 - 108 108 - location / { 109 109 - proxy_pass http://localhost:5555; 110 110 - proxy_set_header Host $host; 111 111 - proxy_set_header X-Real-IP $remote_addr; 112 112 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 113 113 - proxy_set_header X-Forwarded-Proto $scheme; 114 114 - } 115 115 - 116 116 - # wss endpoint for git events 117 117 - location /events { 118 118 - proxy_set_header X-Forwarded-For $remote_addr; 119 119 - proxy_set_header Host $http_host; 120 120 - proxy_set_header Upgrade websocket; 121 121 - proxy_set_header Connection Upgrade; 122 122 - proxy_pass http://localhost:5555; 123 123 - } 124 124 - # additional config for SSL/TLS go here. 125 125 - } 126 126 - 127 127 - ``` 128 128 - 129 129 - Remember to use Let's Encrypt or similar to procure a certificate for your 130 130 - knot domain. 131 131 - 132 132 - You should now have a running knot server! You can finalize 133 133 - your registration by hitting the `verify` button on the 134 134 - [/settings/knots](https://tangled.org/settings/knots) page. This simply creates 135 135 - a record on your PDS to announce the existence of the knot. 136 136 - 137 137 - ### custom paths 138 138 - 139 139 - (This section applies to manual setup only. Docker users should edit the mounts 140 140 - in `docker-compose.yml` instead.) 141 141 - 142 142 - Right now, the database and repositories of your knot lives in `/home/git`. You 143 143 - can move these paths if you'd like to store them in another folder. Be careful 144 144 - when adjusting these paths: 145 145 - 146 146 - * Stop your knot when moving data (e.g. `systemctl stop knotserver`) to prevent 147 147 - any possible side effects. Remember to restart it once you're done. 148 148 - * Make backups before moving in case something goes wrong. 149 149 - * Make sure the `git` user can read and write from the new paths. 150 150 - 151 151 - #### database 152 152 - 153 153 - As an example, let's say the current database is at `/home/git/knotserver.db`, 154 154 - and we want to move it to `/home/git/database/knotserver.db`. 155 155 - 156 156 - Copy the current database to the new location. Make sure to copy the `.db-shm` 157 157 - and `.db-wal` files if they exist. 158 158 - 159 159 - ``` 160 160 - mkdir /home/git/database 161 161 - cp /home/git/knotserver.db* /home/git/database 162 162 - ``` 163 163 - 164 164 - In the environment (e.g. `/home/git/.knot.env`), set `KNOT_SERVER_DB_PATH` to 165 165 - the new file path (_not_ the directory): 166 166 - 167 167 - ``` 168 168 - KNOT_SERVER_DB_PATH=/home/git/database/knotserver.db 169 169 - ``` 170 170 - 171 171 - #### repositories 172 172 - 173 173 - As an example, let's say the repositories are currently in `/home/git`, and we 174 174 - want to move them into `/home/git/repositories`. 175 175 - 176 176 - Create the new folder, then move the existing repositories (if there are any): 177 177 - 178 178 - ``` 179 179 - mkdir /home/git/repositories 180 180 - # move all DIDs into the new folder; these will vary for you! 181 181 - mv /home/git/did:plc:wshs7t2adsemcrrd4snkeqli /home/git/repositories 182 182 - ``` 183 183 - 184 184 - In the environment (e.g. `/home/git/.knot.env`), update `KNOT_REPO_SCAN_PATH` 185 185 - to the new directory: 186 186 - 187 187 - ``` 188 188 - KNOT_REPO_SCAN_PATH=/home/git/repositories 189 189 - ``` 190 190 - 191 191 - Similarly, update your `sshd` `AuthorizedKeysCommand` to use the updated 192 192 - repository path: 193 193 - 194 194 - ``` 195 195 - sudo tee /etc/ssh/sshd_config.d/authorized_keys_command.conf <<EOF 196 196 - Match User git 197 197 - AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys -git-dir /home/git/repositories 198 198 - AuthorizedKeysCommandUser nobody 199 199 - EOF 200 200 - ``` 201 201 - 202 202 - Make sure to restart your SSH server! 203 203 - 204 204 - #### MOTD (message of the day) 205 205 - 206 206 - To configure the MOTD used ("Welcome to this knot!" by default), edit the 207 207 - `/home/git/motd` file: 208 208 - 209 209 - ``` 210 210 - printf "Hi from this knot!\n" > /home/git/motd 211 211 - ``` 212 212 - 213 213 - Note that you should add a newline at the end if setting a non-empty message 214 214 - since the knot won't do this for you.

-59

docs/migrations.md

··· 1 1 - # Migrations 2 2 - 3 3 - This document is laid out in reverse-chronological order. 4 4 - Newer migration guides are listed first, and older guides 5 5 - are further down the page. 6 6 - 7 7 - ## Upgrading from v1.8.x 8 8 - 9 9 - After v1.8.2, the HTTP API for knot and spindles have been 10 10 - deprecated and replaced with XRPC. Repositories on outdated 11 11 - knots will not be viewable from the appview. Upgrading is 12 12 - straightforward however. 13 13 - 14 14 - For knots: 15 15 - 16 16 - - Upgrade to latest tag (v1.9.0 or above) 17 17 - - Head to the [knot dashboard](https://tangled.org/settings/knots) and 18 18 - hit the "retry" button to verify your knot 19 19 - 20 20 - For spindles: 21 21 - 22 22 - - Upgrade to latest tag (v1.9.0 or above) 23 23 - - Head to the [spindle 24 24 - dashboard](https://tangled.org/settings/spindles) and hit the 25 25 - "retry" button to verify your spindle 26 26 - 27 27 - ## Upgrading from v1.7.x 28 28 - 29 29 - After v1.7.0, knot secrets have been deprecated. You no 30 30 - longer need a secret from the appview to run a knot. All 31 31 - authorized commands to knots are managed via [Inter-Service 32 32 - Authentication](https://atproto.com/specs/xrpc#inter-service-authentication-jwt). 33 33 - Knots will be read-only until upgraded. 34 34 - 35 35 - Upgrading is quite easy, in essence: 36 36 - 37 37 - - `KNOT_SERVER_SECRET` is no more, you can remove this 38 38 - environment variable entirely 39 39 - - `KNOT_SERVER_OWNER` is now required on boot, set this to 40 40 - your DID. You can find your DID in the 41 41 - [settings](https://tangled.org/settings) page. 42 42 - - Restart your knot once you have replaced the environment 43 43 - variable 44 44 - - Head to the [knot dashboard](https://tangled.org/settings/knots) and 45 45 - hit the "retry" button to verify your knot. This simply 46 46 - writes a `sh.tangled.knot` record to your PDS. 47 47 - 48 48 - If you use the nix module, simply bump the flake to the 49 49 - latest revision, and change your config block like so: 50 50 - 51 51 - ```diff 52 52 - services.tangled.knot = { 53 53 - enable = true; 54 54 - server = { 55 55 - - secretFile = /path/to/secret; 56 56 - + owner = "did:plc:foo"; 57 57 - }; 58 58 - }; 59 59 - ```

+3

docs/mode.html

··· 1 1 + <a class="px-4 py-2 mt-8 block text-center w-full rounded-sm shadow-sm border border-gray-200 dark:border-gray-700 no-underline hover:no-underline" href="$if(single-page)$/$else$/single-page.html$endif$"> 2 2 + $if(single-page)$View as multi-page$else$View as single-page$endif$ 3 3 + </a>

+7

docs/search.html

··· 1 1 + <form action="https://google.com/search" role="search" aria-label="Sitewide" class="w-full"> 2 2 + <input type="hidden" name="q" value="+[inurl:https://docs.tangled.org]"> 3 3 + <label> 4 4 + <span style="display:none;">Search</span> 5 5 + <input type="text" name="q" placeholder="Search docs ..." class="w-full font-normal"> 6 6 + </label> 7 7 + </form>

-25

docs/spindle/architecture.md

··· 1 1 - # spindle architecture 2 2 - 3 3 - Spindle is a small CI runner service. Here's a high level overview of how it operates: 4 4 - 5 5 - * listens for [`sh.tangled.spindle.member`](/lexicons/spindle/member.json) and 6 6 - [`sh.tangled.repo`](/lexicons/repo.json) records on the Jetstream. 7 7 - * when a new repo record comes through (typically when you add a spindle to a 8 8 - repo from the settings), spindle then resolves the underlying knot and 9 9 - subscribes to repo events (see: 10 10 - [`sh.tangled.pipeline`](/lexicons/pipeline.json)). 11 11 - * the spindle engine then handles execution of the pipeline, with results and 12 12 - logs beamed on the spindle event stream over wss 13 13 - 14 14 - ### the engine 15 15 - 16 16 - At present, the only supported backend is Docker (and Podman, if Docker 17 17 - compatibility is enabled, so that `/run/docker.sock` is created). Spindle 18 18 - executes each step in the pipeline in a fresh container, with state persisted 19 19 - across steps within the `/tangled/workspace` directory. 20 20 - 21 21 - The base image for the container is constructed on the fly using 22 22 - [Nixery](https://nixery.dev), which is handy for caching layers for frequently 23 23 - used packages. 24 24 - 25 25 - The pipeline manifest is [specified here](/docs/spindle/pipeline.md).

-52

docs/spindle/hosting.md

··· 1 1 - # spindle self-hosting guide 2 2 - 3 3 - ## prerequisites 4 4 - 5 5 - * Go 6 6 - * Docker (the only supported backend currently) 7 7 - 8 8 - ## configuration 9 9 - 10 10 - Spindle is configured using environment variables. The following environment variables are available: 11 11 - 12 12 - * `SPINDLE_SERVER_LISTEN_ADDR`: The address the server listens on (default: `"0.0.0.0:6555"`). 13 13 - * `SPINDLE_SERVER_DB_PATH`: The path to the SQLite database file (default: `"spindle.db"`). 14 14 - * `SPINDLE_SERVER_HOSTNAME`: The hostname of the server (required). 15 15 - * `SPINDLE_SERVER_JETSTREAM_ENDPOINT`: The endpoint of the Jetstream server (default: `"wss://jetstream1.us-west.bsky.network/subscribe"`). 16 16 - * `SPINDLE_SERVER_DEV`: A boolean indicating whether the server is running in development mode (default: `false`). 17 17 - * `SPINDLE_SERVER_OWNER`: The DID of the owner (required). 18 18 - * `SPINDLE_PIPELINES_NIXERY`: The Nixery URL (default: `"nixery.tangled.sh"`). 19 19 - * `SPINDLE_PIPELINES_WORKFLOW_TIMEOUT`: The default workflow timeout (default: `"5m"`). 20 20 - * `SPINDLE_PIPELINES_LOG_DIR`: The directory to store workflow logs (default: `"/var/log/spindle"`). 21 21 - 22 22 - ## running spindle 23 23 - 24 24 - 1. **Set the environment variables.** For example: 25 25 - 26 26 - ```shell 27 27 - export SPINDLE_SERVER_HOSTNAME="your-hostname" 28 28 - export SPINDLE_SERVER_OWNER="your-did" 29 29 - ``` 30 30 - 31 31 - 2. **Build the Spindle binary.** 32 32 - 33 33 - ```shell 34 34 - cd core 35 35 - go mod download 36 36 - go build -o cmd/spindle/spindle cmd/spindle/main.go 37 37 - ``` 38 38 - 39 39 - 3. **Create the log directory.** 40 40 - 41 41 - ```shell 42 42 - sudo mkdir -p /var/log/spindle 43 43 - sudo chown $USER:$USER -R /var/log/spindle 44 44 - ``` 45 45 - 46 46 - 4. **Run the Spindle binary.** 47 47 - 48 48 - ```shell 49 49 - ./cmd/spindle/spindle 50 50 - ``` 51 51 - 52 52 - Spindle will now start, connect to the Jetstream server, and begin processing pipelines.

-285

docs/spindle/openbao.md

··· 1 1 - # spindle secrets with openbao 2 2 - 3 3 - This document covers setting up Spindle to use OpenBao for secrets 4 4 - management via OpenBao Proxy instead of the default SQLite backend. 5 5 - 6 6 - ## overview 7 7 - 8 8 - Spindle now uses OpenBao Proxy for secrets management. The proxy handles 9 9 - authentication automatically using AppRole credentials, while Spindle 10 10 - connects to the local proxy instead of directly to the OpenBao server. 11 11 - 12 12 - This approach provides better security, automatic token renewal, and 13 13 - simplified application code. 14 14 - 15 15 - ## installation 16 16 - 17 17 - Install OpenBao from nixpkgs: 18 18 - 19 19 - ```bash 20 20 - nix shell nixpkgs#openbao # for a local server 21 21 - ``` 22 22 - 23 23 - ## setup 24 24 - 25 25 - The setup process can is documented for both local development and production. 26 26 - 27 27 - ### local development 28 28 - 29 29 - Start OpenBao in dev mode: 30 30 - 31 31 - ```bash 32 32 - bao server -dev -dev-root-token-id="root" -dev-listen-address=127.0.0.1:8201 33 33 - ``` 34 34 - 35 35 - This starts OpenBao on `http://localhost:8201` with a root token. 36 36 - 37 37 - Set up environment for bao CLI: 38 38 - 39 39 - ```bash 40 40 - export BAO_ADDR=http://localhost:8200 41 41 - export BAO_TOKEN=root 42 42 - ``` 43 43 - 44 44 - ### production 45 45 - 46 46 - You would typically use a systemd service with a configuration file. Refer to 47 47 - [@tangled.org/infra](https://tangled.org/@tangled.org/infra) for how this can be 48 48 - achieved using Nix. 49 49 - 50 50 - Then, initialize the bao server: 51 51 - ```bash 52 52 - bao operator init -key-shares=1 -key-threshold=1 53 53 - ``` 54 54 - 55 55 - This will print out an unseal key and a root key. Save them somewhere (like a password manager). Then unseal the vault to begin setting it up: 56 56 - ```bash 57 57 - bao operator unseal <unseal_key> 58 58 - ``` 59 59 - 60 60 - All steps below remain the same across both dev and production setups. 61 61 - 62 62 - ### configure openbao server 63 63 - 64 64 - Create the spindle KV mount: 65 65 - 66 66 - ```bash 67 67 - bao secrets enable -path=spindle -version=2 kv 68 68 - ``` 69 69 - 70 70 - Set up AppRole authentication and policy: 71 71 - 72 72 - Create a policy file `spindle-policy.hcl`: 73 73 - 74 74 - ```hcl 75 75 - # Full access to spindle KV v2 data 76 76 - path "spindle/data/*" { 77 77 - capabilities = ["create", "read", "update", "delete"] 78 78 - } 79 79 - 80 80 - # Access to metadata for listing and management 81 81 - path "spindle/metadata/*" { 82 82 - capabilities = ["list", "read", "delete", "update"] 83 83 - } 84 84 - 85 85 - # Allow listing at root level 86 86 - path "spindle/" { 87 87 - capabilities = ["list"] 88 88 - } 89 89 - 90 90 - # Required for connection testing and health checks 91 91 - path "auth/token/lookup-self" { 92 92 - capabilities = ["read"] 93 93 - } 94 94 - ``` 95 95 - 96 96 - Apply the policy and create an AppRole: 97 97 - 98 98 - ```bash 99 99 - bao policy write spindle-policy spindle-policy.hcl 100 100 - bao auth enable approle 101 101 - bao write auth/approle/role/spindle \ 102 102 - token_policies="spindle-policy" \ 103 103 - token_ttl=1h \ 104 104 - token_max_ttl=4h \ 105 105 - bind_secret_id=true \ 106 106 - secret_id_ttl=0 \ 107 107 - secret_id_num_uses=0 108 108 - ``` 109 109 - 110 110 - Get the credentials: 111 111 - 112 112 - ```bash 113 113 - # Get role ID (static) 114 114 - ROLE_ID=$(bao read -field=role_id auth/approle/role/spindle/role-id) 115 115 - 116 116 - # Generate secret ID 117 117 - SECRET_ID=$(bao write -f -field=secret_id auth/approle/role/spindle/secret-id) 118 118 - 119 119 - echo "Role ID: $ROLE_ID" 120 120 - echo "Secret ID: $SECRET_ID" 121 121 - ``` 122 122 - 123 123 - ### create proxy configuration 124 124 - 125 125 - Create the credential files: 126 126 - 127 127 - ```bash 128 128 - # Create directory for OpenBao files 129 129 - mkdir -p /tmp/openbao 130 130 - 131 131 - # Save credentials 132 132 - echo "$ROLE_ID" > /tmp/openbao/role-id 133 133 - echo "$SECRET_ID" > /tmp/openbao/secret-id 134 134 - chmod 600 /tmp/openbao/role-id /tmp/openbao/secret-id 135 135 - ``` 136 136 - 137 137 - Create a proxy configuration file `/tmp/openbao/proxy.hcl`: 138 138 - 139 139 - ```hcl 140 140 - # OpenBao server connection 141 141 - vault { 142 142 - address = "http://localhost:8200" 143 143 - } 144 144 - 145 145 - # Auto-Auth using AppRole 146 146 - auto_auth { 147 147 - method "approle" { 148 148 - mount_path = "auth/approle" 149 149 - config = { 150 150 - role_id_file_path = "/tmp/openbao/role-id" 151 151 - secret_id_file_path = "/tmp/openbao/secret-id" 152 152 - } 153 153 - } 154 154 - 155 155 - # Optional: write token to file for debugging 156 156 - sink "file" { 157 157 - config = { 158 158 - path = "/tmp/openbao/token" 159 159 - mode = 0640 160 160 - } 161 161 - } 162 162 - } 163 163 - 164 164 - # Proxy listener for Spindle 165 165 - listener "tcp" { 166 166 - address = "127.0.0.1:8201" 167 167 - tls_disable = true 168 168 - } 169 169 - 170 170 - # Enable API proxy with auto-auth token 171 171 - api_proxy { 172 172 - use_auto_auth_token = true 173 173 - } 174 174 - 175 175 - # Enable response caching 176 176 - cache { 177 177 - use_auto_auth_token = true 178 178 - } 179 179 - 180 180 - # Logging 181 181 - log_level = "info" 182 182 - ``` 183 183 - 184 184 - ### start the proxy 185 185 - 186 186 - Start OpenBao Proxy: 187 187 - 188 188 - ```bash 189 189 - bao proxy -config=/tmp/openbao/proxy.hcl 190 190 - ``` 191 191 - 192 192 - The proxy will authenticate with OpenBao and start listening on 193 193 - `127.0.0.1:8201`. 194 194 - 195 195 - ### configure spindle 196 196 - 197 197 - Set these environment variables for Spindle: 198 198 - 199 199 - ```bash 200 200 - export SPINDLE_SERVER_SECRETS_PROVIDER=openbao 201 201 - export SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR=http://127.0.0.1:8201 202 202 - export SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT=spindle 203 203 - ``` 204 204 - 205 205 - Start Spindle: 206 206 - 207 207 - Spindle will now connect to the local proxy, which handles all 208 208 - authentication automatically. 209 209 - 210 210 - ## production setup for proxy 211 211 - 212 212 - For production, you'll want to run the proxy as a service: 213 213 - 214 214 - Place your production configuration in `/etc/openbao/proxy.hcl` with 215 215 - proper TLS settings for the vault connection. 216 216 - 217 217 - ## verifying setup 218 218 - 219 219 - Test the proxy directly: 220 220 - 221 221 - ```bash 222 222 - # Check proxy health 223 223 - curl -H "X-Vault-Request: true" http://127.0.0.1:8201/v1/sys/health 224 224 - 225 225 - # Test token lookup through proxy 226 226 - curl -H "X-Vault-Request: true" http://127.0.0.1:8201/v1/auth/token/lookup-self 227 227 - ``` 228 228 - 229 229 - Test OpenBao operations through the server: 230 230 - 231 231 - ```bash 232 232 - # List all secrets 233 233 - bao kv list spindle/ 234 234 - 235 235 - # Add a test secret via Spindle API, then check it exists 236 236 - bao kv list spindle/repos/ 237 237 - 238 238 - # Get a specific secret 239 239 - bao kv get spindle/repos/your_repo_path/SECRET_NAME 240 240 - ``` 241 241 - 242 242 - ## how it works 243 243 - 244 244 - - Spindle connects to OpenBao Proxy on localhost (typically port 8200 or 8201) 245 245 - - The proxy authenticates with OpenBao using AppRole credentials 246 246 - - All Spindle requests go through the proxy, which injects authentication tokens 247 247 - - Secrets are stored at `spindle/repos/{sanitized_repo_path}/{secret_key}` 248 248 - - Repository paths like `did:plc:alice/myrepo` become `did_plc_alice_myrepo` 249 249 - - The proxy handles all token renewal automatically 250 250 - - Spindle no longer manages tokens or authentication directly 251 251 - 252 252 - ## troubleshooting 253 253 - 254 254 - **Connection refused**: Check that the OpenBao Proxy is running and 255 255 - listening on the configured address. 256 256 - 257 257 - **403 errors**: Verify the AppRole credentials are correct and the policy 258 258 - has the necessary permissions. 259 259 - 260 260 - **404 route errors**: The spindle KV mount probably doesn't exist - run 261 261 - the mount creation step again. 262 262 - 263 263 - **Proxy authentication failures**: Check the proxy logs and verify the 264 264 - role-id and secret-id files are readable and contain valid credentials. 265 265 - 266 266 - **Secret not found after writing**: This can indicate policy permission 267 267 - issues. Verify the policy includes both `spindle/data/*` and 268 268 - `spindle/metadata/*` paths with appropriate capabilities. 269 269 - 270 270 - Check proxy logs: 271 271 - 272 272 - ```bash 273 273 - # If running as systemd service 274 274 - journalctl -u openbao-proxy -f 275 275 - 276 276 - # If running directly, check the console output 277 277 - ``` 278 278 - 279 279 - Test AppRole authentication manually: 280 280 - 281 281 - ```bash 282 282 - bao write auth/approle/login \ 283 283 - role_id="$(cat /tmp/openbao/role-id)" \ 284 284 - secret_id="$(cat /tmp/openbao/secret-id)" 285 285 - ```

-183

docs/spindle/pipeline.md

··· 1 1 - # spindle pipelines 2 2 - 3 3 - Spindle workflows allow you to write CI/CD pipelines in a simple format. They're located in the `.tangled/workflows` directory at the root of your repository, and are defined using YAML. 4 4 - 5 5 - The fields are: 6 6 - 7 7 - - [Trigger](#trigger): A **required** field that defines when a workflow should be triggered. 8 8 - - [Engine](#engine): A **required** field that defines which engine a workflow should run on. 9 9 - - [Clone options](#clone-options): An **optional** field that defines how the repository should be cloned. 10 10 - - [Dependencies](#dependencies): An **optional** field that allows you to list dependencies you may need. 11 11 - - [Environment](#environment): An **optional** field that allows you to define environment variables. 12 12 - - [Steps](#steps): An **optional** field that allows you to define what steps should run in the workflow. 13 13 - 14 14 - ## Trigger 15 15 - 16 16 - The first thing to add to a workflow is the trigger, which defines when a workflow runs. This is defined using a `when` field, which takes in a list of conditions. Each condition has the following fields: 17 17 - 18 18 - - `event`: This is a **required** field that defines when your workflow should run. It's a list that can take one or more of the following values: 19 19 - - `push`: The workflow should run every time a commit is pushed to the repository. 20 20 - - `pull_request`: The workflow should run every time a pull request is made or updated. 21 21 - - `manual`: The workflow can be triggered manually. 22 22 - - `branch`: Defines which branches the workflow should run for. If used with the `push` event, commits to the branch(es) listed here will trigger the workflow. If used with the `pull_request` event, updates to pull requests targeting the branch(es) listed here will trigger the workflow. This field has no effect with the `manual` event. Supports glob patterns using `*` and `**` (e.g., `main`, `develop`, `release-*`). Either `branch` or `tag` (or both) must be specified for `push` events. 23 23 - - `tag`: Defines which tags the workflow should run for. Only used with the `push` event - when tags matching the pattern(s) listed here are pushed, the workflow will trigger. This field has no effect with `pull_request` or `manual` events. Supports glob patterns using `*` and `**` (e.g., `v*`, `v1.*`, `release-**`). Either `branch` or `tag` (or both) must be specified for `push` events. 24 24 - 25 25 - For example, if you'd like to define a workflow that runs when commits are pushed to the `main` and `develop` branches, or when pull requests that target the `main` branch are updated, or manually, you can do so with: 26 26 - 27 27 - ```yaml 28 28 - when: 29 29 - - event: ["push", "manual"] 30 30 - branch: ["main", "develop"] 31 31 - - event: ["pull_request"] 32 32 - branch: ["main"] 33 33 - ``` 34 34 - 35 35 - You can also trigger workflows on tag pushes. For instance, to run a deployment workflow when tags matching `v*` are pushed: 36 36 - 37 37 - ```yaml 38 38 - when: 39 39 - - event: ["push"] 40 40 - tag: ["v*"] 41 41 - ``` 42 42 - 43 43 - You can even combine branch and tag patterns in a single constraint (the workflow triggers if either matches): 44 44 - 45 45 - ```yaml 46 46 - when: 47 47 - - event: ["push"] 48 48 - branch: ["main", "release-*"] 49 49 - tag: ["v*", "stable"] 50 50 - ``` 51 51 - 52 52 - ## Engine 53 53 - 54 54 - Next is the engine on which the workflow should run, defined using the **required** `engine` field. The currently supported engines are: 55 55 - 56 56 - - `nixery`: This uses an instance of [Nixery](https://nixery.dev) to run steps, which allows you to add [dependencies](#dependencies) from [Nixpkgs](https://github.com/NixOS/nixpkgs). You can search for packages on https://search.nixos.org, and there's a pretty good chance the package(s) you're looking for will be there. 57 57 - 58 58 - Example: 59 59 - 60 60 - ```yaml 61 61 - engine: "nixery" 62 62 - ``` 63 63 - 64 64 - ## Clone options 65 65 - 66 66 - When a workflow starts, the first step is to clone the repository. You can customize this behavior using the **optional** `clone` field. It has the following fields: 67 67 - 68 68 - - `skip`: Setting this to `true` will skip cloning the repository. This can be useful if your workflow is doing something that doesn't require anything from the repository itself. This is `false` by default. 69 69 - - `depth`: This sets the number of commits, or the "clone depth", to fetch from the repository. For example, if you set this to 2, the last 2 commits will be fetched. By default, the depth is set to 1, meaning only the most recent commit will be fetched, which is the commit that triggered the workflow. 70 70 - - `submodules`: If you use [git submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules) in your repository, setting this field to `true` will recursively fetch all submodules. This is `false` by default. 71 71 - 72 72 - The default settings are: 73 73 - 74 74 - ```yaml 75 75 - clone: 76 76 - skip: false 77 77 - depth: 1 78 78 - submodules: false 79 79 - ``` 80 80 - 81 81 - ## Dependencies 82 82 - 83 83 - Usually when you're running a workflow, you'll need additional dependencies. The `dependencies` field lets you define which dependencies to get, and from where. It's a key-value map, with the key being the registry to fetch dependencies from, and the value being the list of dependencies to fetch. 84 84 - 85 85 - Say you want to fetch Node.js and Go from `nixpkgs`, and a package called `my_pkg` you've made from your own registry at your repository at `https://tangled.sh/@example.com/my_pkg`. You can define those dependencies like so: 86 86 - 87 87 - ```yaml 88 88 - dependencies: 89 89 - # nixpkgs 90 90 - nixpkgs: 91 91 - - nodejs 92 92 - - go 93 93 - # custom registry 94 94 - git+https://tangled.org/@example.com/my_pkg: 95 95 - - my_pkg 96 96 - ``` 97 97 - 98 98 - Now these dependencies are available to use in your workflow! 99 99 - 100 100 - ## Environment 101 101 - 102 102 - The `environment` field allows you define environment variables that will be available throughout the entire workflow. **Do not put secrets here, these environment variables are visible to anyone viewing the repository. You can add secrets for pipelines in your repository's settings.** 103 103 - 104 104 - Example: 105 105 - 106 106 - ```yaml 107 107 - environment: 108 108 - GOOS: "linux" 109 109 - GOARCH: "arm64" 110 110 - NODE_ENV: "production" 111 111 - MY_ENV_VAR: "MY_ENV_VALUE" 112 112 - ``` 113 113 - 114 114 - ## Steps 115 115 - 116 116 - The `steps` field allows you to define what steps should run in the workflow. It's a list of step objects, each with the following fields: 117 117 - 118 118 - - `name`: This field allows you to give your step a name. This name is visible in your workflow runs, and is used to describe what the step is doing. 119 119 - - `command`: This field allows you to define a command to run in that step. The step is run in a Bash shell, and the logs from the command will be visible in the pipelines page on the Tangled website. The [dependencies](#dependencies) you added will be available to use here. 120 120 - - `environment`: Similar to the global [environment](#environment) config, this **optional** field is a key-value map that allows you to set environment variables for the step. **Do not put secrets here, these environment variables are visible to anyone viewing the repository. You can add secrets for pipelines in your repository's settings.** 121 121 - 122 122 - Example: 123 123 - 124 124 - ```yaml 125 125 - steps: 126 126 - - name: "Build backend" 127 127 - command: "go build" 128 128 - environment: 129 129 - GOOS: "darwin" 130 130 - GOARCH: "arm64" 131 131 - - name: "Build frontend" 132 132 - command: "npm run build" 133 133 - environment: 134 134 - NODE_ENV: "production" 135 135 - ``` 136 136 - 137 137 - ## Complete workflow 138 138 - 139 139 - ```yaml 140 140 - # .tangled/workflows/build.yml 141 141 - 142 142 - when: 143 143 - - event: ["push", "manual"] 144 144 - branch: ["main", "develop"] 145 145 - - event: ["pull_request"] 146 146 - branch: ["main"] 147 147 - 148 148 - engine: "nixery" 149 149 - 150 150 - # using the default values 151 151 - clone: 152 152 - skip: false 153 153 - depth: 1 154 154 - submodules: false 155 155 - 156 156 - dependencies: 157 157 - # nixpkgs 158 158 - nixpkgs: 159 159 - - nodejs 160 160 - - go 161 161 - # custom registry 162 162 - git+https://tangled.org/@example.com/my_pkg: 163 163 - - my_pkg 164 164 - 165 165 - environment: 166 166 - GOOS: "linux" 167 167 - GOARCH: "arm64" 168 168 - NODE_ENV: "production" 169 169 - MY_ENV_VAR: "MY_ENV_VALUE" 170 170 - 171 171 - steps: 172 172 - - name: "Build backend" 173 173 - command: "go build" 174 174 - environment: 175 175 - GOOS: "darwin" 176 176 - GOARCH: "arm64" 177 177 - - name: "Build frontend" 178 178 - command: "npm run build" 179 179 - environment: 180 180 - NODE_ENV: "production" 181 181 - ``` 182 182 - 183 183 - If you want another example of a workflow, you can look at the one [Tangled uses to build the project](https://tangled.sh/@tangled.sh/core/blob/master/.tangled/workflows/build.yml).

+101

docs/styles.css

··· 1 1 + svg { 2 2 + width: 16px; 3 3 + height: 16px; 4 4 + } 5 5 + 6 6 + :root { 7 7 + --syntax-alert: #d20f39; 8 8 + --syntax-annotation: #fe640b; 9 9 + --syntax-attribute: #df8e1d; 10 10 + --syntax-basen: #40a02b; 11 11 + --syntax-builtin: #1e66f5; 12 12 + --syntax-controlflow: #8839ef; 13 13 + --syntax-char: #04a5e5; 14 14 + --syntax-constant: #fe640b; 15 15 + --syntax-comment: #9ca0b0; 16 16 + --syntax-commentvar: #7c7f93; 17 17 + --syntax-documentation: #9ca0b0; 18 18 + --syntax-datatype: #df8e1d; 19 19 + --syntax-decval: #40a02b; 20 20 + --syntax-error: #d20f39; 21 21 + --syntax-extension: #4c4f69; 22 22 + --syntax-float: #40a02b; 23 23 + --syntax-function: #1e66f5; 24 24 + --syntax-import: #40a02b; 25 25 + --syntax-information: #04a5e5; 26 26 + --syntax-keyword: #8839ef; 27 27 + --syntax-operator: #179299; 28 28 + --syntax-other: #8839ef; 29 29 + --syntax-preprocessor: #ea76cb; 30 30 + --syntax-specialchar: #04a5e5; 31 31 + --syntax-specialstring: #ea76cb; 32 32 + --syntax-string: #40a02b; 33 33 + --syntax-variable: #8839ef; 34 34 + --syntax-verbatimstring: #40a02b; 35 35 + --syntax-warning: #df8e1d; 36 36 + } 37 37 + 38 38 + @media (prefers-color-scheme: dark) { 39 39 + :root { 40 40 + --syntax-alert: #f38ba8; 41 41 + --syntax-annotation: #fab387; 42 42 + --syntax-attribute: #f9e2af; 43 43 + --syntax-basen: #a6e3a1; 44 44 + --syntax-builtin: #89b4fa; 45 45 + --syntax-controlflow: #cba6f7; 46 46 + --syntax-char: #89dceb; 47 47 + --syntax-constant: #fab387; 48 48 + --syntax-comment: #6c7086; 49 49 + --syntax-commentvar: #585b70; 50 50 + --syntax-documentation: #6c7086; 51 51 + --syntax-datatype: #f9e2af; 52 52 + --syntax-decval: #a6e3a1; 53 53 + --syntax-error: #f38ba8; 54 54 + --syntax-extension: #cdd6f4; 55 55 + --syntax-float: #a6e3a1; 56 56 + --syntax-function: #89b4fa; 57 57 + --syntax-import: #a6e3a1; 58 58 + --syntax-information: #89dceb; 59 59 + --syntax-keyword: #cba6f7; 60 60 + --syntax-operator: #94e2d5; 61 61 + --syntax-other: #cba6f7; 62 62 + --syntax-preprocessor: #f5c2e7; 63 63 + --syntax-specialchar: #89dceb; 64 64 + --syntax-specialstring: #f5c2e7; 65 65 + --syntax-string: #a6e3a1; 66 66 + --syntax-variable: #cba6f7; 67 67 + --syntax-verbatimstring: #a6e3a1; 68 68 + --syntax-warning: #f9e2af; 69 69 + } 70 70 + } 71 71 + 72 72 + /* pandoc syntax highlighting classes */ 73 73 + code span.al { color: var(--syntax-alert); font-weight: bold; } /* alert */ 74 74 + code span.an { color: var(--syntax-annotation); font-weight: bold; font-style: italic; } /* annotation */ 75 75 + code span.at { color: var(--syntax-attribute); } /* attribute */ 76 76 + code span.bn { color: var(--syntax-basen); } /* basen */ 77 77 + code span.bu { color: var(--syntax-builtin); } /* builtin */ 78 78 + code span.cf { color: var(--syntax-controlflow); font-weight: bold; } /* controlflow */ 79 79 + code span.ch { color: var(--syntax-char); } /* char */ 80 80 + code span.cn { color: var(--syntax-constant); } /* constant */ 81 81 + code span.co { color: var(--syntax-comment); font-style: italic; } /* comment */ 82 82 + code span.cv { color: var(--syntax-commentvar); font-weight: bold; font-style: italic; } /* commentvar */ 83 83 + code span.do { color: var(--syntax-documentation); font-style: italic; } /* documentation */ 84 84 + code span.dt { color: var(--syntax-datatype); } /* datatype */ 85 85 + code span.dv { color: var(--syntax-decval); } /* decval */ 86 86 + code span.er { color: var(--syntax-error); font-weight: bold; } /* error */ 87 87 + code span.ex { color: var(--syntax-extension); } /* extension */ 88 88 + code span.fl { color: var(--syntax-float); } /* float */ 89 89 + code span.fu { color: var(--syntax-function); } /* function */ 90 90 + code span.im { color: var(--syntax-import); font-weight: bold; } /* import */ 91 91 + code span.in { color: var(--syntax-information); font-weight: bold; font-style: italic; } /* information */ 92 92 + code span.kw { color: var(--syntax-keyword); font-weight: bold; } /* keyword */ 93 93 + code span.op { color: var(--syntax-operator); } /* operator */ 94 94 + code span.ot { color: var(--syntax-other); } /* other */ 95 95 + code span.pp { color: var(--syntax-preprocessor); } /* preprocessor */ 96 96 + code span.sc { color: var(--syntax-specialchar); } /* specialchar */ 97 97 + code span.ss { color: var(--syntax-specialstring); } /* specialstring */ 98 98 + code span.st { color: var(--syntax-string); } /* string */ 99 99 + code span.va { color: var(--syntax-variable); } /* variable */ 100 100 + code span.vs { color: var(--syntax-verbatimstring); } /* verbatimstring */ 101 101 + code span.wa { color: var(--syntax-warning); font-weight: bold; font-style: italic; } /* warning */

+156

docs/template.html

··· 1 1 + <!DOCTYPE html> 2 2 + <html xmlns="http://www.w3.org/1999/xhtml" lang="$lang$" xml:lang="$lang$"$if(dir)$ dir="$dir$"$endif$> 3 3 + <head> 4 4 + <meta charset="utf-8" /> 5 5 + <meta name="generator" content="pandoc" /> 6 6 + <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" /> 7 7 + $for(author-meta)$ 8 8 + <meta name="author" content="$author-meta$" /> 9 9 + $endfor$ 10 10 + 11 11 + $if(date-meta)$ 12 12 + <meta name="dcterms.date" content="$date-meta$" /> 13 13 + $endif$ 14 14 + 15 15 + $if(keywords)$ 16 16 + <meta name="keywords" content="$for(keywords)$$keywords$$sep$, $endfor$" /> 17 17 + $endif$ 18 18 + 19 19 + $if(description-meta)$ 20 20 + <meta name="description" content="$description-meta$" /> 21 21 + $endif$ 22 22 + 23 23 + <title>$pagetitle$</title> 24 24 + 25 25 + <style> 26 26 + $styles.css()$ 27 27 + </style> 28 28 + 29 29 + $for(css)$ 30 30 + <link rel="stylesheet" href="$css$" /> 31 31 + $endfor$ 32 32 + 33 33 + $for(header-includes)$ 34 34 + $header-includes$ 35 35 + $endfor$ 36 36 + 37 37 + <link rel="preload" href="/static/fonts/InterVariable.woff2" as="font" type="font/woff2" crossorigin /> 38 38 + 39 39 + </head> 40 40 + <body class="bg-white dark:bg-gray-900 flex flex-col min-h-svh"> 41 41 + $for(include-before)$ 42 42 + $include-before$ 43 43 + $endfor$ 44 44 + 45 45 + $if(toc)$ 46 46 + <!-- mobile TOC trigger --> 47 47 + <div class="md:hidden px-6 py-4 border-b border-gray-200 dark:border-gray-700"> 48 48 + <button 49 49 + type="button" 50 50 + popovertarget="mobile-toc-popover" 51 51 + popovertargetaction="toggle" 52 52 + class="w-full flex gap-2 items-center text-sm font-semibold dark:text-white" 53 53 + > 54 54 + ${ menu.svg() } 55 55 + $if(toc-title)$$toc-title$$else$Table of Contents$endif$ 56 56 + </button> 57 57 + </div> 58 58 + 59 59 + <div 60 60 + id="mobile-toc-popover" 61 61 + popover 62 62 + class="mobile-toc-popover 63 63 + bg-gray-50 dark:bg-gray-800 border-r border-gray-200 dark:border-gray-700 64 64 + h-full overflow-y-auto shadow-sm 65 65 + px-6 py-4 fixed inset-x-0 top-0 w-fit max-w-4/5 m-0" 66 66 + > 67 67 + <div class="flex flex-col min-h-full"> 68 68 + <div class="flex-1 space-y-4"> 69 69 + <button 70 70 + type="button" 71 71 + popovertarget="mobile-toc-popover" 72 72 + popovertargetaction="toggle" 73 73 + class="w-full flex gap-2 items-center text-sm font-semibold dark:text-white mb-4"> 74 74 + ${ x.svg() } 75 75 + $if(toc-title)$$toc-title$$else$Table of Contents$endif$ 76 76 + </button> 77 77 + ${ search.html() } 78 78 + ${ table-of-contents:toc.html() } 79 79 + </div> 80 80 + ${ single-page:mode.html() } 81 81 + </div> 82 82 + </div> 83 83 + 84 84 + <!-- desktop sidebar toc --> 85 85 + <nav 86 86 + id="$idprefix$TOC" 87 87 + role="doc-toc" 88 88 + class="hidden md:flex md:flex-col gap-4 fixed left-0 top-0 w-80 h-screen 89 89 + bg-gray-50 dark:bg-gray-800 border-r border-gray-200 dark:border-gray-700 90 90 + p-4 z-50 overflow-y-auto"> 91 91 + ${ search.html() } 92 92 + <div class="flex-1"> 93 93 + $if(toc-title)$ 94 94 + <h2 id="$idprefix$toc-title" class="text-lg font-semibold mb-4 text-gray-900">$toc-title$</h2> 95 95 + $endif$ 96 96 + ${ table-of-contents:toc.html() } 97 97 + </div> 98 98 + ${ single-page:mode.html() } 99 99 + </nav> 100 100 + $endif$ 101 101 + 102 102 + <div class="$if(toc)$md:ml-80$endif$ flex-1 flex flex-col"> 103 103 + <main class="max-w-4xl w-full mx-auto p-6 flex-1"> 104 104 + $if(top)$ 105 105 + $-- only print title block if this is NOT the top page 106 106 + $else$ 107 107 + $if(title)$ 108 108 + <header id="title-block-header" class="mb-8 pb-8 border-b border-gray-200 dark:border-gray-700"> 109 109 + <h1 class="text-4xl font-bold mb-2 text-black dark:text-white">$title$</h1> 110 110 + $if(subtitle)$ 111 111 + <p class="text-xl text-gray-500 dark:text-gray-400 mb-2">$subtitle$</p> 112 112 + $endif$ 113 113 + $for(author)$ 114 114 + <p class="text-sm text-gray-500 dark:text-gray-400">$author$</p> 115 115 + $endfor$ 116 116 + $if(date)$ 117 117 + <p class="text-sm text-gray-500 dark:text-gray-400">Updated on $date$</p> 118 118 + $endif$ 119 119 + $endif$ 120 120 + </header> 121 121 + $endif$ 122 122 + 123 123 + $if(abstract)$ 124 124 + <article class="prose dark:prose-invert max-w-none"> 125 125 + $abstract$ 126 126 + </article> 127 127 + $endif$ 128 128 + 129 129 + <article class="prose dark:prose-invert max-w-none"> 130 130 + $body$ 131 131 + </article> 132 132 + </main> 133 133 + <nav id="sitenav" class="border-t border-gray-200 dark:border-gray-700 bg-gray-50 dark:bg-gray-800"> 134 134 + <div class="max-w-4xl mx-auto px-8 py-4"> 135 135 + <div class="flex justify-between gap-4"> 136 136 + <span class="flex-1"> 137 137 + $if(previous.url)$ 138 138 + <span class="text-xs text-gray-500 dark:text-gray-400 uppercase block mb-1">Previous</span> 139 139 + <a href="$previous.url$" accesskey="p" rel="previous">$previous.title$</a> 140 140 + $endif$ 141 141 + </span> 142 142 + <span class="flex-1 text-right"> 143 143 + $if(next.url)$ 144 144 + <span class="text-xs text-gray-500 dark:text-gray-400 uppercase block mb-1">Next</span> 145 145 + <a href="$next.url$" accesskey="n" rel="next">$next.title$</a> 146 146 + $endif$ 147 147 + </span> 148 148 + </div> 149 149 + </div> 150 150 + </nav> 151 151 + </div> 152 152 + $for(include-after)$ 153 153 + $include-after$ 154 154 + $endfor$ 155 155 + </body> 156 156 + </html>

+4

docs/toc.html

··· 1 1 + <div class="[&_ul]:space-y-6 [&_ul]:pl-0 [&_ul]:font-bold [&_ul_ul]:pl-4 [&_ul_ul]:font-normal [&_ul_ul]:space-y-2 [&_li]:space-y-2"> 2 2 + $table-of-contents$ 3 3 + </div> 4 4 +

+9 -9

flake.lock

··· 35 35 "systems": "systems" 36 36 }, 37 37 "locked": { 38 38 - "lastModified": 1694529238, 39 39 - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", 38 38 + "lastModified": 1731533236, 39 39 + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", 40 40 "owner": "numtide", 41 41 "repo": "flake-utils", 42 42 - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", 42 42 + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", 43 43 "type": "github" 44 44 }, 45 45 "original": { ··· 56 56 ] 57 57 }, 58 58 "locked": { 59 59 - "lastModified": 1754078208, 60 60 - "narHash": "sha256-YVoIFDCDpYuU3riaDEJ3xiGdPOtsx4sR5eTzHTytPV8=", 59 59 + "lastModified": 1763982521, 60 60 + "narHash": "sha256-ur4QIAHwgFc0vXiaxn5No/FuZicxBr2p0gmT54xZkUQ=", 61 61 "owner": "nix-community", 62 62 "repo": "gomod2nix", 63 63 - "rev": "7f963246a71626c7fc70b431a315c4388a0c95cf", 63 63 + "rev": "02e63a239d6eabd595db56852535992c898eba72", 64 64 "type": "github" 65 65 }, 66 66 "original": { ··· 150 150 }, 151 151 "nixpkgs": { 152 152 "locked": { 153 153 - "lastModified": 1751984180, 154 154 - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", 153 153 + "lastModified": 1766070988, 154 154 + "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", 155 155 "owner": "nixos", 156 156 "repo": "nixpkgs", 157 157 - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", 157 157 + "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", 158 158 "type": "github" 159 159 }, 160 160 "original": {

+6 -5

flake.nix

··· 76 76 }; 77 77 buildGoApplication = 78 78 (self.callPackage "${gomod2nix}/builder" { 79 79 - gomod2nix = gomod2nix.legacyPackages.${pkgs.system}.gomod2nix; 79 79 + gomod2nix = gomod2nix.legacyPackages.${pkgs.stdenv.hostPlatform.system}.gomod2nix; 80 80 }).buildGoApplication; 81 81 modules = ./nix/gomod2nix.toml; 82 82 sqlite-lib = self.callPackage ./nix/pkgs/sqlite-lib.nix { 83 83 - inherit (pkgs) gcc; 84 83 inherit sqlite-lib-src; 85 84 }; 86 85 lexgen = self.callPackage ./nix/pkgs/lexgen.nix {inherit indigo;}; ··· 89 88 inherit htmx-src htmx-ws-src lucide-src inter-fonts-src ibm-plex-mono-src actor-typeahead-src; 90 89 }; 91 90 appview = self.callPackage ./nix/pkgs/appview.nix {}; 91 91 + docs = self.callPackage ./nix/pkgs/docs.nix { 92 92 + inherit inter-fonts-src ibm-plex-mono-src lucide-src; 93 93 + }; 92 94 spindle = self.callPackage ./nix/pkgs/spindle.nix {}; 93 95 knot-unwrapped = self.callPackage ./nix/pkgs/knot-unwrapped.nix {}; 94 96 knot = self.callPackage ./nix/pkgs/knot.nix {}; 95 97 }); 96 98 in { 97 99 overlays.default = final: prev: { 98 98 - inherit (mkPackageSet final) lexgen goat sqlite-lib spindle knot-unwrapped knot appview; 100 100 + inherit (mkPackageSet final) lexgen goat sqlite-lib spindle knot-unwrapped knot appview docs; 99 101 }; 100 102 101 103 packages = forAllSystems (system: let ··· 104 106 staticPackages = mkPackageSet pkgs.pkgsStatic; 105 107 crossPackages = mkPackageSet pkgs.pkgsCross.gnu64.pkgsStatic; 106 108 in { 107 107 - inherit (packages) appview appview-static-files lexgen goat spindle knot knot-unwrapped sqlite-lib; 109 109 + inherit (packages) appview appview-static-files lexgen goat spindle knot knot-unwrapped sqlite-lib docs; 108 110 109 111 pkgsStatic-appview = staticPackages.appview; 110 112 pkgsStatic-knot = staticPackages.knot; ··· 156 158 nativeBuildInputs = [ 157 159 pkgs.go 158 160 pkgs.air 159 159 - pkgs.tilt 160 161 pkgs.gopls 161 162 pkgs.httpie 162 163 pkgs.litecli

+3 -3

go.mod

··· 1 1 module tangled.org/core 2 2 3 3 - go 1.24.4 3 3 + go 1.25.0 4 4 5 5 require ( 6 6 github.com/Blank-Xu/sql-adapter v1.1.1 ··· 18 18 github.com/cloudflare/cloudflare-go v0.115.0 19 19 github.com/cyphar/filepath-securejoin v0.4.1 20 20 github.com/dgraph-io/ristretto v0.2.0 21 21 - github.com/did-method-plc/go-didplc v0.0.0-20250716171643-635da8b4e038 22 21 github.com/docker/docker v28.2.2+incompatible 23 22 github.com/dustin/go-humanize v1.0.1 24 23 github.com/gliderlabs/ssh v0.3.8 ··· 46 45 github.com/urfave/cli/v3 v3.3.3 47 46 github.com/whyrusleeping/cbor-gen v0.3.1 48 47 github.com/yuin/goldmark v1.7.13 48 48 + github.com/yuin/goldmark-emoji v1.0.6 49 49 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc 50 50 gitlab.com/staticnoise/goldmark-callout v0.0.0-20240609120641-6366b799e4ab 51 51 golang.org/x/crypto v0.40.0 52 52 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b 53 53 golang.org/x/image v0.31.0 54 54 golang.org/x/net v0.42.0 55 55 - golang.org/x/sync v0.17.0 56 55 golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da 57 56 gopkg.in/yaml.v3 v3.0.1 58 57 ) ··· 204 203 go.uber.org/atomic v1.11.0 // indirect 205 204 go.uber.org/multierr v1.11.0 // indirect 206 205 go.uber.org/zap v1.27.0 // indirect 206 206 + golang.org/x/sync v0.17.0 // indirect 207 207 golang.org/x/sys v0.34.0 // indirect 208 208 golang.org/x/text v0.29.0 // indirect 209 209 golang.org/x/time v0.12.0 // indirect

+2 -2

go.sum

··· 131 131 github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= 132 132 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= 133 133 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= 134 134 - github.com/did-method-plc/go-didplc v0.0.0-20250716171643-635da8b4e038 h1:AGh+Vn9fXhf9eo8erG1CK4+LACduPo64P1OICQLDv88= 135 135 - github.com/did-method-plc/go-didplc v0.0.0-20250716171643-635da8b4e038/go.mod h1:ddIXqTTSXWtj5kMsHAPj8SvbIx2GZdAkBFgFa6e6+CM= 136 134 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= 137 135 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= 138 136 github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= ··· 507 505 github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= 508 506 github.com/yuin/goldmark v1.7.13 h1:GPddIs617DnBLFFVJFgpo1aBfe/4xcvMc3SB5t/D0pA= 509 507 github.com/yuin/goldmark v1.7.13/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg= 508 508 + github.com/yuin/goldmark-emoji v1.0.6 h1:QWfF2FYaXwL74tfGOW5izeiZepUDroDJfWubQI9HTHs= 509 509 + github.com/yuin/goldmark-emoji v1.0.6/go.mod h1:ukxJDKFpdFb5x0a5HqbdlcKtebh086iJpI31LTKmWuA= 510 510 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc h1:+IAOyRda+RLrxa1WC7umKOZRsGq4QrFFMYApOeHzQwQ= 511 511 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I= 512 512 gitlab.com/staticnoise/goldmark-callout v0.0.0-20240609120641-6366b799e4ab h1:gK9tS6QJw5F0SIhYJnGG2P83kuabOdmWBbSmZhJkz2A=

+4 -4

hook/hook.go

··· 48 48 }, 49 49 Commands: []*cli.Command{ 50 50 { 51 51 - Name: "post-recieve", 52 52 - Usage: "sends a post-recieve hook to the knot (waits for stdin)", 53 53 - Action: postRecieve, 51 51 + Name: "post-receive", 52 52 + Usage: "sends a post-receive hook to the knot (waits for stdin)", 53 53 + Action: postReceive, 54 54 }, 55 55 }, 56 56 } 57 57 } 58 58 59 59 - func postRecieve(ctx context.Context, cmd *cli.Command) error { 59 59 + func postReceive(ctx context.Context, cmd *cli.Command) error { 60 60 gitDir := cmd.String("git-dir") 61 61 userDid := cmd.String("user-did") 62 62 userHandle := cmd.String("user-handle")

+1 -1

hook/setup.go

··· 138 138 option_var="GIT_PUSH_OPTION_$i" 139 139 push_options+=(-push-option "${!option_var}") 140 140 done 141 141 - %s hook -git-dir "$GIT_DIR" -user-did "$GIT_USER_DID" -user-handle "$GIT_USER_HANDLE" -internal-api "%s" "${push_options[@]}" post-recieve 141 141 + %s hook -git-dir "$GIT_DIR" -user-did "$GIT_USER_DID" -user-handle "$GIT_USER_HANDLE" -internal-api "%s" "${push_options[@]}" post-receive 142 142 `, executablePath, config.internalApi) 143 143 144 144 return os.WriteFile(hookPath, []byte(hookContent), 0755)

+2 -1

input.css

··· 162 162 } 163 163 164 164 .prose a.mention { 165 165 - @apply no-underline hover:underline; 165 165 + @apply no-underline hover:underline font-bold; 166 166 } 167 167 168 168 .prose li { ··· 255 255 @apply py-1 text-gray-900 dark:text-gray-100; 256 256 } 257 257 } 258 258 + 258 259 } 259 260 260 261 /* Background */

-101

knot2/config/config.go

··· 1 1 - package config 2 2 - 3 3 - import ( 4 4 - "context" 5 5 - "fmt" 6 6 - "net" 7 7 - "os" 8 8 - "path" 9 9 - 10 10 - "github.com/bluesky-social/indigo/atproto/syntax" 11 11 - "github.com/sethvargo/go-envconfig" 12 12 - "gopkg.in/yaml.v3" 13 13 - ) 14 14 - 15 15 - type Config struct { 16 16 - Dev bool `yaml:"dev"` 17 17 - HostName string `yaml:"hostname"` 18 18 - OwnerDid syntax.DID `yaml:"owner_did"` 19 19 - ListenHost string `yaml:"listen_host"` 20 20 - ListenPort string `yaml:"listen_port"` 21 21 - DataDir string `yaml:"data_dir"` 22 22 - RepoDir string `yaml:"repo_dir"` 23 23 - PlcUrl string `yaml:"plc_url"` 24 24 - JetstreamEndpoint string `yaml:"jetstream_endpoint"` 25 25 - AppviewEndpoint string `yaml:"appview_endpoint"` 26 26 - GitUserName string `yaml:"git_user_name"` 27 27 - GitUserEmail string `yaml:"git_user_email"` 28 28 - OAuth OAuthConfig 29 29 - } 30 30 - 31 31 - type OAuthConfig struct { 32 32 - CookieSecret string `env:"KNOT2_COOKIE_SECRET, default=00000000000000000000000000000000"` 33 33 - ClientSecret string `env:"KNOT2_OAUTH_CLIENT_SECRET"` 34 34 - ClientKid string `env:"KNOT2_OAUTH_CLIENT_KID"` 35 35 - } 36 36 - 37 37 - func (c *Config) Uri() string { 38 38 - // TODO: make port configurable 39 39 - if c.Dev { 40 40 - return "http://127.0.0.1:6444" 41 41 - } 42 42 - return "https://" + c.HostName 43 43 - } 44 44 - 45 45 - func (c *Config) ListenAddr() string { 46 46 - return net.JoinHostPort(c.ListenHost, c.ListenPort) 47 47 - } 48 48 - 49 49 - func (c *Config) DbPath() string { 50 50 - return path.Join(c.DataDir, "knot.db") 51 51 - } 52 52 - 53 53 - func (c *Config) GitMotdFilePath() string { 54 54 - return path.Join(c.DataDir, "motd") 55 55 - } 56 56 - 57 57 - func (c *Config) Validate() error { 58 58 - if c.HostName == "" { 59 59 - return fmt.Errorf("knot hostname cannot be empty") 60 60 - } 61 61 - if c.OwnerDid == "" { 62 62 - return fmt.Errorf("knot owner did cannot be empty") 63 63 - } 64 64 - return nil 65 65 - } 66 66 - 67 67 - func Load(ctx context.Context, path string) (Config, error) { 68 68 - // NOTE: yaml.v3 package doesn't support "default" struct tag 69 69 - cfg := Config{ 70 70 - Dev: true, 71 71 - ListenHost: "0.0.0.0", 72 72 - ListenPort: "5555", 73 73 - DataDir: "/home/git", 74 74 - RepoDir: "/home/git", 75 75 - PlcUrl: "https://plc.directory", 76 76 - JetstreamEndpoint: "wss://jetstream1.us-west.bsky.network/subscribe", 77 77 - AppviewEndpoint: "https://tangled.org", 78 78 - GitUserName: "Tangled", 79 79 - GitUserEmail: "noreply@tangled.org", 80 80 - } 81 81 - // load config from env vars 82 82 - err := envconfig.Process(ctx, &cfg.OAuth) 83 83 - if err != nil { 84 84 - return cfg, err 85 85 - } 86 86 - 87 87 - // load config from toml config file 88 88 - bytes, err := os.ReadFile(path) 89 89 - if err != nil { 90 90 - return cfg, err 91 91 - } 92 92 - if err := yaml.Unmarshal(bytes, &cfg); err != nil { 93 93 - return cfg, err 94 94 - } 95 95 - 96 96 - // validate the config 97 97 - if err = cfg.Validate(); err != nil { 98 98 - return cfg, err 99 99 - } 100 100 - return cfg, nil 101 101 - }

-52

knot2/db/db.go

··· 1 1 - package db 2 2 - 3 3 - import ( 4 4 - "database/sql" 5 5 - "strings" 6 6 - 7 7 - _ "github.com/mattn/go-sqlite3" 8 8 - ) 9 9 - 10 10 - func New(dbPath string) (*sql.DB, error) { 11 11 - // https://github.com/mattn/go-sqlite3#connection-string 12 12 - opts := []string{ 13 13 - "_foreign_keys=1", 14 14 - "_journal_mode=WAL", 15 15 - "_synchronous=NORMAL", 16 16 - "_auto_vacuum=incremental", 17 17 - } 18 18 - 19 19 - return sql.Open("sqlite3", dbPath+"?"+strings.Join(opts, "&")) 20 20 - } 21 21 - 22 22 - func Init(d *sql.DB) error { 23 23 - _, err := d.Exec(` 24 24 - create table if not exists _jetstream ( 25 25 - id integer primary key autoincrement, 26 26 - last_time_us integer not null 27 27 - ); 28 28 - 29 29 - create table if not exists events ( 30 30 - rkey text not null, 31 31 - nsid text not null, 32 32 - event text not null, -- json 33 33 - created integer not null -- unix nanos 34 34 - ); 35 35 - 36 36 - create table if not exists users ( 37 37 - id integer primary key autoincrement, 38 38 - did text not null unique, 39 39 - created text not null default (strftime('%Y-%m-%dT%H:%M:%SZ', 'now')) 40 40 - ); 41 41 - 42 42 - create table if not exists public_keys ( 43 43 - id integer primary key autoincrement, 44 44 - did text not null, 45 45 - key text not null, 46 46 - created text not null default (strftime('%Y-%m-%dT%H:%M:%SZ', 'now')), 47 47 - unique(did, key) 48 48 - ); 49 49 - `) 50 50 - 51 51 - return err 52 52 - }

-10

knot2/db/pubkeys.go

··· 1 1 - package db 2 2 - 3 3 - import ( 4 4 - "database/sql" 5 5 - ) 6 6 - 7 7 - // GetPubkeyDidListMap returns a PubKey->[]DID map 8 8 - func GetPubkeyDidListMap(d *sql.DB) (map[string][]string, error) { 9 9 - return nil, nil 10 10 - }

-12

knot2/db/users.go

··· 1 1 - package db 2 2 - 3 3 - import ( 4 4 - "database/sql" 5 5 - 6 6 - "github.com/bluesky-social/indigo/atproto/syntax" 7 7 - ) 8 8 - 9 9 - func AddUser(tx *sql.Tx, did syntax.DID) error { 10 10 - _, err := tx.Exec(`insert into users (did) values (?)`, did) 11 11 - return err 12 12 - }

-31

knot2/guard/guard.go

··· 1 1 - package guard 2 2 - 3 3 - import ( 4 4 - "context" 5 5 - 6 6 - "github.com/urfave/cli/v3" 7 7 - "tangled.org/core/log" 8 8 - ) 9 9 - 10 10 - func Command() *cli.Command { 11 11 - return &cli.Command{ 12 12 - Name: "guard", 13 13 - Usage: "role-based access control for git over ssh (not for manual use)", 14 14 - Action: Run, 15 15 - Flags: []cli.Flag{ 16 16 - &cli.StringFlag{ 17 17 - Name: "user", 18 18 - Usage: "allowed git user", 19 19 - Required: true, 20 20 - }, 21 21 - }, 22 22 - } 23 23 - } 24 24 - 25 25 - func Run(ctx context.Context, cmd *cli.Command) error { 26 26 - l := log.FromContext(ctx) 27 27 - l = log.SubLogger(l, cmd.Name) 28 28 - ctx = log.IntoContext(ctx, l) 29 29 - 30 30 - panic("unimplemented") 31 31 - }

-27

knot2/hook/hook.go

··· 1 1 - package hook 2 2 - 3 3 - import ( 4 4 - "context" 5 5 - 6 6 - "github.com/urfave/cli/v3" 7 7 - "tangled.org/core/log" 8 8 - ) 9 9 - 10 10 - func Command() *cli.Command { 11 11 - return &cli.Command{ 12 12 - Name: "hook", 13 13 - Usage: "run git hooks", 14 14 - Action: Run, 15 15 - Flags: []cli.Flag{ 16 16 - // TODO: 17 17 - }, 18 18 - } 19 19 - } 20 20 - 21 21 - func Run(ctx context.Context, cmd *cli.Command) error { 22 22 - l := log.FromContext(ctx) 23 23 - l = log.SubLogger(l, cmd.Name) 24 24 - ctx = log.IntoContext(ctx, l) 25 25 - 26 26 - panic("unimplemented") 27 27 - }

-103

knot2/keys/keys.go

··· 1 1 - package keys 2 2 - 3 3 - import ( 4 4 - "context" 5 5 - "encoding/json" 6 6 - "fmt" 7 7 - "os" 8 8 - "strings" 9 9 - 10 10 - "github.com/urfave/cli/v3" 11 11 - "tangled.org/core/knot2/config" 12 12 - "tangled.org/core/knot2/db" 13 13 - "tangled.org/core/log" 14 14 - ) 15 15 - 16 16 - func Command() *cli.Command { 17 17 - return &cli.Command{ 18 18 - Name: "keys", 19 19 - Usage: "fetch public keys from the knot server", 20 20 - Action: Run, 21 21 - Flags: []cli.Flag{ 22 22 - &cli.StringFlag{ 23 23 - Name: "config", 24 24 - Aliases: []string{"c"}, 25 25 - Usage: "config path", 26 26 - Required: true, 27 27 - }, 28 28 - &cli.StringFlag{ 29 29 - Name: "output", 30 30 - Aliases: []string{"o"}, 31 31 - Usage: "output format (table, json, authorized-keys)", 32 32 - Value: "table", 33 33 - }, 34 34 - }, 35 35 - } 36 36 - } 37 37 - 38 38 - func Run(ctx context.Context, cmd *cli.Command) error { 39 39 - l := log.FromContext(ctx) 40 40 - l = log.SubLogger(l, cmd.Name) 41 41 - ctx = log.IntoContext(ctx, l) 42 42 - 43 43 - var ( 44 44 - output = cmd.String("output") 45 45 - configPath = cmd.String("config") 46 46 - ) 47 47 - 48 48 - cfg, err := config.Load(ctx, configPath) 49 49 - if err != nil { 50 50 - return fmt.Errorf("failed to load config: %w", err) 51 51 - } 52 52 - 53 53 - d, err := db.New(cfg.DbPath()) 54 54 - if err != nil { 55 55 - return fmt.Errorf("failed to load db: %w", err) 56 56 - } 57 57 - 58 58 - pubkeyDidListMap, err := db.GetPubkeyDidListMap(d) 59 59 - if err != nil { 60 60 - return err 61 61 - } 62 62 - 63 63 - switch output { 64 64 - case "json": 65 65 - prettyJSON, err := json.MarshalIndent(pubkeyDidListMap, "", " ") 66 66 - if err != nil { 67 67 - return err 68 68 - } 69 69 - if _, err := os.Stdout.Write(prettyJSON); err != nil { 70 70 - return err 71 71 - } 72 72 - case "table": 73 73 - fmt.Printf("%-40s %-40s\n", "KEY", "DID") 74 74 - fmt.Println(strings.Repeat("-", 80)) 75 75 - 76 76 - for key, didList := range pubkeyDidListMap { 77 77 - fmt.Printf("%-40s %-40s\n", key, strings.Join(didList, ",")) 78 78 - } 79 79 - case "authorized-keys": 80 80 - for key, didList := range pubkeyDidListMap { 81 81 - executablePath, err := os.Executable() 82 82 - if err != nil { 83 83 - l.Error("error getting path of executable", "error", err) 84 84 - return err 85 85 - } 86 86 - command := fmt.Sprintf("%s guard", executablePath) 87 87 - for _, did := range didList { 88 88 - command += fmt.Sprintf(" -user %s", did) 89 89 - } 90 90 - fmt.Printf( 91 91 - `command="%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s`+"\n", 92 92 - command, 93 93 - key, 94 94 - ) 95 95 - } 96 96 - if err != nil { 97 97 - l.Error("error writing to stdout", "error", err) 98 98 - return err 99 99 - } 100 100 - } 101 101 - 102 102 - return nil 103 103 - }

-8

knot2/models/pubkeys.go

··· 1 1 - package models 2 2 - 3 3 - import "tangled.org/core/api/tangled" 4 4 - 5 5 - type PublicKey struct { 6 6 - Did string 7 7 - tangled.PublicKey 8 8 - }

-18

knot2/server/handler/events.go

··· 1 1 - package handler 2 2 - 3 3 - import ( 4 4 - "net/http" 5 5 - 6 6 - "github.com/gorilla/websocket" 7 7 - ) 8 8 - 9 9 - var upgrader = websocket.Upgrader{ 10 10 - ReadBufferSize: 1024, 11 11 - WriteBufferSize: 1024, 12 12 - } 13 13 - 14 14 - func Events() http.HandlerFunc { 15 15 - return func(w http.ResponseWriter, r *http.Request) { 16 16 - panic("unimplemented") 17 17 - } 18 18 - }

-9

knot2/server/handler/git_receive_pack.go

··· 1 1 - package handler 2 2 - 3 3 - import "net/http" 4 4 - 5 5 - func GitReceivePack() http.HandlerFunc { 6 6 - return func(w http.ResponseWriter, r *http.Request) { 7 7 - panic("unimplemented") 8 8 - } 9 9 - }

-9

knot2/server/handler/git_upload_pack.go

··· 1 1 - package handler 2 2 - 3 3 - import "net/http" 4 4 - 5 5 - func GitUploadPack() http.HandlerFunc { 6 6 - return func(w http.ResponseWriter, r *http.Request) { 7 7 - panic("unimplemented") 8 8 - } 9 9 - }

-9

knot2/server/handler/info_refs.go

··· 1 1 - package handler 2 2 - 3 3 - import "net/http" 4 4 - 5 5 - func InfoRefs() http.HandlerFunc { 6 6 - return func(w http.ResponseWriter, r *http.Request) { 7 7 - panic("unimplemented") 8 8 - } 9 9 - }

-241

knot2/server/handler/register.go

··· 1 1 - package handler 2 2 - 3 3 - import ( 4 4 - "context" 5 5 - "database/sql" 6 6 - _ "embed" 7 7 - "encoding/json" 8 8 - "fmt" 9 9 - "html/template" 10 10 - "net/http" 11 11 - "strings" 12 12 - 13 13 - "github.com/bluesky-social/indigo/api/agnostic" 14 14 - "github.com/bluesky-social/indigo/api/atproto" 15 15 - "github.com/bluesky-social/indigo/atproto/auth/oauth" 16 16 - "github.com/bluesky-social/indigo/atproto/syntax" 17 17 - "github.com/did-method-plc/go-didplc" 18 18 - "github.com/gorilla/sessions" 19 19 - "tangled.org/core/knot2/config" 20 20 - "tangled.org/core/knot2/db" 21 21 - "tangled.org/core/log" 22 22 - ) 23 23 - 24 24 - const ( 25 25 - // atproto 26 26 - serviceId = "tangled_knot" 27 27 - serviceType = "TangledKnot" 28 28 - // cookies 29 29 - sessionName = "oauth-demo" 30 30 - sessionId = "sessionId" 31 31 - sessionDid = "sessionDID" 32 32 - ) 33 33 - 34 34 - //go:embed "templates/register.html" 35 35 - var tmplRegisgerText string 36 36 - var tmplRegister = template.Must(template.New("register.html").Parse(tmplRegisgerText)) 37 37 - 38 38 - func Register(jar *sessions.CookieStore) http.HandlerFunc { 39 39 - return func(w http.ResponseWriter, r *http.Request) { 40 40 - ctx := r.Context() 41 41 - l := log.FromContext(ctx).With("handler", "Register") 42 42 - 43 43 - sess, _ := jar.Get(r, sessionName) 44 44 - var data map[string]any 45 45 - 46 46 - if !sess.IsNew { 47 47 - // render Register { Handle, Web: true } 48 48 - did := syntax.DID(sess.Values[sessionDid].(string)) 49 49 - plcop := did.Method() == "plc" && r.URL.Query().Get("method") != "web" 50 50 - data = map[string]any{ 51 51 - "Did": did, 52 52 - "PlcOp": plcop, 53 53 - } 54 54 - } 55 55 - 56 56 - err := tmplRegister.Execute(w, data) 57 57 - if err != nil { 58 58 - l.Error("failed to render", "err", err) 59 59 - } 60 60 - } 61 61 - } 62 62 - 63 63 - func OauthClientMetadata(cfg *config.Config, clientApp *oauth.ClientApp) http.HandlerFunc { 64 64 - return func(w http.ResponseWriter, r *http.Request) { 65 65 - doc := clientApp.Config.ClientMetadata() 66 66 - var ( 67 67 - clientName = cfg.HostName 68 68 - clientUri = cfg.Uri() 69 69 - jwksUri = clientUri + "/oauth/jwks.json" 70 70 - ) 71 71 - doc.ClientName = &clientName 72 72 - doc.ClientURI = &clientUri 73 73 - doc.JWKSURI = &jwksUri 74 74 - 75 75 - w.Header().Set("Content-Type", "application/json") 76 76 - if err := json.NewEncoder(w).Encode(doc); err != nil { 77 77 - http.Error(w, err.Error(), http.StatusInternalServerError) 78 78 - return 79 79 - } 80 80 - } 81 81 - } 82 82 - 83 83 - func OauthJwks(clientApp *oauth.ClientApp) http.HandlerFunc { 84 84 - return func(w http.ResponseWriter, r *http.Request) { 85 85 - w.Header().Set("Content-Type", "application/json") 86 86 - body := clientApp.Config.PublicJWKS() 87 87 - if err := json.NewEncoder(w).Encode(body); err != nil { 88 88 - http.Error(w, err.Error(), http.StatusInternalServerError) 89 89 - return 90 90 - } 91 91 - } 92 92 - } 93 93 - 94 94 - func OauthLoginPost(clientApp *oauth.ClientApp) http.HandlerFunc { 95 95 - return func(w http.ResponseWriter, r *http.Request) { 96 96 - ctx := r.Context() 97 97 - l := log.FromContext(ctx).With("handler", "OauthLoginPost") 98 98 - 99 99 - handle := r.FormValue("handle") 100 100 - 101 101 - handle = strings.TrimPrefix(handle, "\u202a") 102 102 - handle = strings.TrimSuffix(handle, "\u202c") 103 103 - // `@` is harmless 104 104 - handle = strings.TrimPrefix(handle, "@") 105 105 - 106 106 - redirectURL, err := clientApp.StartAuthFlow(ctx, handle) 107 107 - if err != nil { 108 108 - l.Error("failed to start auth flow", "err", err) 109 109 - panic(err) 110 110 - } 111 111 - 112 112 - w.Header().Set("HX-Redirect", redirectURL) 113 113 - w.WriteHeader(http.StatusOK) 114 114 - } 115 115 - } 116 116 - 117 117 - func OauthCallback(oauth *oauth.ClientApp, jar *sessions.CookieStore) http.HandlerFunc { 118 118 - return func(w http.ResponseWriter, r *http.Request) { 119 119 - ctx := r.Context() 120 120 - l := log.FromContext(ctx).With("handler", "OauthCallback") 121 121 - 122 122 - data, err := oauth.ProcessCallback(ctx, r.URL.Query()) 123 123 - if err != nil { 124 124 - l.Error("failed to process oauth callback", "err", err) 125 125 - panic(err) 126 126 - } 127 127 - 128 128 - // store session data to cookie jar 129 129 - sess, _ := jar.Get(r, sessionName) 130 130 - sess.Values[sessionDid] = data.AccountDID.String() 131 131 - sess.Values[sessionId] = data.SessionID 132 132 - if err = sess.Save(r, w); err != nil { 133 133 - l.Error("failed to save session", "err", err) 134 134 - panic(err) 135 135 - } 136 136 - 137 137 - if data.AccountDID.Method() == "plc" { 138 138 - sess, err := oauth.ResumeSession(ctx, data.AccountDID, data.SessionID) 139 139 - if err != nil { 140 140 - l.Error("failed to resume atproto session", "err", err) 141 141 - panic(err) 142 142 - } 143 143 - client := sess.APIClient() 144 144 - err = atproto.IdentityRequestPlcOperationSignature(ctx, client) 145 145 - if err != nil { 146 146 - l.Error("failed to request plc operation signature", "err", err) 147 147 - panic(err) 148 148 - } 149 149 - } 150 150 - 151 151 - http.Redirect(w, r, "/register", http.StatusSeeOther) 152 152 - } 153 153 - } 154 154 - 155 155 - func RegisterPost(cfg *config.Config, d *sql.DB, clientApp *oauth.ClientApp, jar *sessions.CookieStore) http.HandlerFunc { 156 156 - plcop := func(ctx context.Context, did syntax.DID, sessId, token string) error { 157 157 - sess, err := clientApp.ResumeSession(ctx, did, sessId) 158 158 - if err != nil { 159 159 - return fmt.Errorf("failed to resume atproto session: %w", err) 160 160 - } 161 161 - client := sess.APIClient() 162 162 - 163 163 - identity, err := clientApp.Dir.LookupDID(ctx, did) 164 164 - services := make(map[string]didplc.OpService) 165 165 - for id, service := range identity.Services { 166 166 - services[id] = didplc.OpService{ 167 167 - Type: service.Type, 168 168 - Endpoint: service.URL, 169 169 - } 170 170 - } 171 171 - services[serviceId] = didplc.OpService{ 172 172 - Type: serviceType, 173 173 - Endpoint: cfg.Uri(), 174 174 - } 175 175 - 176 176 - rawServices, err := json.Marshal(services) 177 177 - if err != nil { 178 178 - return fmt.Errorf("failed to marshal services map: %w", err) 179 179 - } 180 180 - raw := json.RawMessage(rawServices) 181 181 - 182 182 - signed, err := agnostic.IdentitySignPlcOperation(ctx, client, &agnostic.IdentitySignPlcOperation_Input{ 183 183 - Services: &raw, 184 184 - Token: &token, 185 185 - }) 186 186 - if err != nil { 187 187 - return fmt.Errorf("failed to sign plc operatino: %w", err) 188 188 - } 189 189 - 190 190 - err = agnostic.IdentitySubmitPlcOperation(ctx, client, &agnostic.IdentitySubmitPlcOperation_Input{ 191 191 - Operation: signed.Operation, 192 192 - }) 193 193 - if err != nil { 194 194 - return fmt.Errorf("failed to submit plc operatino: %w", err) 195 195 - } 196 196 - 197 197 - return nil 198 198 - } 199 199 - return func(w http.ResponseWriter, r *http.Request) { 200 200 - ctx := r.Context() 201 201 - l := log.FromContext(ctx).With("handler", "RegisterPost") 202 202 - 203 203 - sess, _ := jar.Get(r, sessionName) 204 204 - 205 205 - var ( 206 206 - did = syntax.DID(sess.Values[sessionDid].(string)) 207 207 - sessId = sess.Values[sessionId].(string) 208 208 - token = r.FormValue("token") 209 209 - doPlcOp = r.FormValue("plcop") == "on" 210 210 - ) 211 211 - 212 212 - tx, err := d.BeginTx(ctx, nil) 213 213 - if err != nil { 214 214 - l.Error("failed to begin db tx", "err", err) 215 215 - panic(err) 216 216 - } 217 217 - defer tx.Rollback() 218 218 - 219 219 - if err := db.AddUser(tx, did); err != nil { 220 220 - l.Error("failed to add user", "err", err) 221 221 - http.Error(w, err.Error(), http.StatusInternalServerError) 222 222 - return 223 223 - } 224 224 - 225 225 - if doPlcOp { 226 226 - l.Debug("performing plc op", "did", did, "token", token) 227 227 - if err := plcop(ctx, did, sessId, token); err != nil { 228 228 - l.Error("failed to perform plc op", "err", err) 229 229 - http.Error(w, err.Error(), http.StatusInternalServerError) 230 230 - } 231 231 - } else { 232 232 - // TODO: check if did doc already include the knot service 233 233 - tx.Rollback() 234 234 - panic("unimplemented") 235 235 - } 236 236 - if err := tx.Commit(); err != nil { 237 237 - l.Error("failed to commit tx", "err", err) 238 238 - http.Error(w, err.Error(), http.StatusInternalServerError) 239 239 - } 240 240 - } 241 241 - }

-41

knot2/server/handler/templates/register.html

··· 1 1 - <!doctype html> 2 2 - <html lang="en" class="dark:bg-gray-900"> 3 3 - <head> 4 4 - <meta charset="UTF-8" /> 5 5 - <meta name="viewport" content="width=device-width, initial-scale=1.0"/> 6 6 - <meta name="description" content="knot server"/> 7 7 - <title>Register to Knot</title> 8 8 - <script src="https://cdn.jsdelivr.net/npm/htmx.org@2.0.8/dist/htmx.min.js" integrity="sha384-/TgkGk7p307TH7EXJDuUlgG3Ce1UVolAOFopFekQkkXihi5u/6OCvVKyz1W+idaz" crossorigin="anonymous"></script> 9 9 - </head> 10 10 - <body> 11 11 - {{ if (not .) }} 12 12 - {{/* step 1. login */}} 13 13 - <form hx-post="/oauth/login" hx-swap="none"> 14 14 - <input type="text" name="handle"> 15 15 - <button type="submit">Login</button> 16 16 - </form> 17 17 - {{ else }} 18 18 - {{/* step 2. register user with plc operation */}} 19 19 - <form hx-post="/register" hx-swap="none"> 20 20 - <input type="hidden" name="plcop" value="{{ if .PlcOp }}on{{ end }}"> 21 21 - 22 22 - <div> 23 23 - <label for="handle">User Handle:</label> 24 24 - <input type="text" name="handle" value="{{ .Did }}" readonly> 25 25 - </div> 26 26 - 27 27 - {{ if (not .Web) }} 28 28 - <h2>Please enter your PLC Token you received in an email</h2> 29 29 - <div> 30 30 - <label for="token">PLC Token:</label> 31 31 - <input type="text" name="token" required placeholder="XXXXX-XXXXX"> 32 32 - </div> 33 33 - 34 34 - <button type="submit">add Knot to identity</button> 35 35 - {{ else }} 36 36 - <button type="submit">register to Knot</button> 37 37 - {{ end }} 38 38 - </form> 39 39 - {{ end }} 40 40 - </body> 41 41 - </html>

-87

knot2/server/handler/xrpc_git_keep_commit.go

··· 1 1 - package handler 2 2 - 3 3 - import ( 4 4 - "encoding/json" 5 5 - "fmt" 6 6 - "net/http" 7 7 - "os/exec" 8 8 - "path" 9 9 - 10 10 - "github.com/bluesky-social/indigo/atproto/syntax" 11 11 - "github.com/go-git/go-git/v5" 12 12 - "github.com/go-git/go-git/v5/plumbing" 13 13 - "tangled.org/core/api/tangled" 14 14 - "tangled.org/core/knot2/config" 15 15 - "tangled.org/core/log" 16 16 - xrpcerr "tangled.org/core/xrpc/errors" 17 17 - ) 18 18 - 19 19 - func XrpcGitKeepCommit(cfg *config.Config) http.HandlerFunc { 20 20 - return func(w http.ResponseWriter, r *http.Request) { 21 21 - ctx := r.Context() 22 22 - l := log.FromContext(ctx).With("handler", "XrpcGitKeepCommit") 23 23 - 24 24 - // TODO: get session did 25 25 - actorDid := syntax.DID("") 26 26 - 27 27 - var input tangled.GitKeepCommit_Input 28 28 - if err := json.NewDecoder(r.Body).Decode(&input); err != nil { 29 29 - l.Error("failed to decode body", "err", err) 30 30 - panic("unimplemented") 31 31 - } 32 32 - 33 33 - repoAt, err := syntax.ParseATURI(input.Repo) 34 34 - if err != nil { 35 35 - l.Error("failed to decode body", "err", err) 36 36 - panic("unimplemented") 37 37 - } 38 38 - repoPath := repoPathFromAtUri(cfg, repoAt) 39 39 - 40 40 - // ensure repo exist (if not, clone it) 41 41 - repo, err := git.PlainOpen(repoPath) 42 42 - if err != nil { 43 43 - // TODO: clone the ref from source repo if repo doesn't exist in this knot yet 44 44 - l.Info("repo missing in knot", "err", err) 45 45 - panic("unimplemented") 46 46 - } 47 47 - 48 48 - commitId, err := repo.ResolveRevision(plumbing.Revision(input.Ref)) 49 49 - if err != nil { 50 50 - l.Error("failed to resolve revision", "ref", input.Ref, "err", err) 51 51 - panic("unimplemented") 52 52 - } 53 53 - 54 54 - // set keep-ref for given commit 55 55 - refspec := fmt.Sprintf("refs/knot/%s/keep/%s", actorDid, commitId) 56 56 - updateRefCmd := exec.Command("git", "-C", repoPath, "update-ref", refspec, commitId.String()) 57 57 - if err := updateRefCmd.Run(); err != nil { 58 58 - writeError(w, xrpcerr.GenericError(err), http.StatusBadRequest) 59 59 - return 60 60 - } 61 61 - 62 62 - output := tangled.GitKeepCommit_Output{ 63 63 - CommitId: commitId.String(), 64 64 - } 65 65 - 66 66 - w.WriteHeader(http.StatusOK) 67 67 - writeJson(w, output) 68 68 - } 69 69 - } 70 70 - 71 71 - func repoPathFromAtUri(cfg *config.Config, repoAt syntax.ATURI) string { 72 72 - return path.Join(cfg.RepoDir, repoAt.Authority().String(), repoAt.RecordKey().String()) 73 73 - } 74 74 - 75 75 - func writeError(w http.ResponseWriter, e xrpcerr.XrpcError, status int) { 76 76 - w.Header().Set("Content-Type", "application/json") 77 77 - w.WriteHeader(status) 78 78 - json.NewEncoder(w).Encode(e) 79 79 - } 80 80 - 81 81 - func writeJson(w http.ResponseWriter, response any) { 82 82 - w.Header().Set("Content-Type", "application/json") 83 83 - if err := json.NewEncoder(w).Encode(response); err != nil { 84 84 - writeError(w, xrpcerr.GenericError(err), http.StatusInternalServerError) 85 85 - return 86 86 - } 87 87 - }

-21

knot2/server/middleware/cors.go

··· 1 1 - package middleware 2 2 - 3 3 - import "net/http" 4 4 - 5 5 - func CORS(next http.Handler) http.Handler { 6 6 - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 7 7 - // Set CORS headers 8 8 - w.Header().Set("Access-Control-Allow-Origin", "*") 9 9 - w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS") 10 10 - w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization") 11 11 - w.Header().Set("Access-Control-Max-Age", "86400") 12 12 - 13 13 - // Handle preflight requests 14 14 - if r.Method == "OPTIONS" { 15 15 - w.WriteHeader(http.StatusOK) 16 16 - return 17 17 - } 18 18 - 19 19 - next.ServeHTTP(w, r) 20 20 - }) 21 21 - }

-40

knot2/server/middleware/requestlogger.go

··· 1 1 - package middleware 2 2 - 3 3 - import ( 4 4 - "log/slog" 5 5 - "net/http" 6 6 - "time" 7 7 - 8 8 - "tangled.org/core/log" 9 9 - ) 10 10 - 11 11 - func RequestLogger(next http.Handler) http.Handler { 12 12 - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 13 13 - ctx := r.Context() 14 14 - l := log.FromContext(ctx) 15 15 - 16 16 - start := time.Now() 17 17 - 18 18 - next.ServeHTTP(w, r) 19 19 - 20 20 - // Build query params as slog.Attrs for the group 21 21 - queryParams := r.URL.Query() 22 22 - queryAttrs := make([]any, 0, len(queryParams)) 23 23 - for key, values := range queryParams { 24 24 - if len(values) == 1 { 25 25 - queryAttrs = append(queryAttrs, slog.String(key, values[0])) 26 26 - } else { 27 27 - queryAttrs = append(queryAttrs, slog.Any(key, values)) 28 28 - } 29 29 - } 30 30 - 31 31 - l.LogAttrs(ctx, slog.LevelInfo, "", 32 32 - slog.Group("request", 33 33 - slog.String("method", r.Method), 34 34 - slog.String("path", r.URL.Path), 35 35 - slog.Group("query", queryAttrs...), 36 36 - slog.Duration("duration", time.Since(start)), 37 37 - ), 38 38 - ) 39 39 - }) 40 40 - }

-40

knot2/server/oauth.go

··· 1 1 - package server 2 2 - 3 3 - import ( 4 4 - "net/http" 5 5 - 6 6 - atcrypto "github.com/bluesky-social/indigo/atproto/crypto" 7 7 - "github.com/bluesky-social/indigo/atproto/auth/oauth" 8 8 - "tangled.org/core/idresolver" 9 9 - "tangled.org/core/knot2/config" 10 10 - ) 11 11 - 12 12 - func newAtClientApp(cfg *config.Config) *oauth.ClientApp { 13 13 - idResolver := idresolver.DefaultResolver(cfg.PlcUrl) 14 14 - scopes := []string{"atproto", "identity:*"} 15 15 - var oauthConfig oauth.ClientConfig 16 16 - if cfg.Dev { 17 17 - oauthConfig = oauth.NewLocalhostConfig( 18 18 - cfg.Uri()+"/oauth/callback", 19 19 - scopes, 20 20 - ) 21 21 - } else { 22 22 - oauthConfig = oauth.NewPublicConfig( 23 23 - cfg.Uri()+"/oauth/client-metadata.json", 24 24 - cfg.Uri()+"/oauth/callback", 25 25 - scopes, 26 26 - ) 27 27 - } 28 28 - priv, err := atcrypto.ParsePrivateMultibase(cfg.OAuth.ClientSecret) 29 29 - if err != nil { 30 30 - panic(err) 31 31 - } 32 32 - if err := oauthConfig.SetClientSecret(priv, cfg.OAuth.ClientKid); err != nil { 33 33 - panic(err) 34 34 - } 35 35 - // we can just use in-memory auth store 36 36 - clientApp := oauth.NewClientApp(&oauthConfig, oauth.NewMemStore()) 37 37 - clientApp.Dir = idResolver.Directory() 38 38 - clientApp.Resolver.Client.Transport = http.DefaultTransport 39 39 - return clientApp 40 40 - }

-52

knot2/server/routes.go

··· 1 1 - package server 2 2 - 3 3 - import ( 4 4 - "database/sql" 5 5 - "net/http" 6 6 - 7 7 - "github.com/bluesky-social/indigo/atproto/auth/oauth" 8 8 - "github.com/go-chi/chi/v5" 9 9 - "github.com/gorilla/sessions" 10 10 - "tangled.org/core/api/tangled" 11 11 - "tangled.org/core/knot2/config" 12 12 - "tangled.org/core/knot2/server/handler" 13 13 - "tangled.org/core/knot2/server/middleware" 14 14 - ) 15 15 - 16 16 - func Routes( 17 17 - cfg *config.Config, 18 18 - d *sql.DB, 19 19 - clientApp *oauth.ClientApp, 20 20 - ) http.Handler { 21 21 - r := chi.NewRouter() 22 22 - 23 23 - r.Use(middleware.CORS) 24 24 - r.Use(middleware.RequestLogger) 25 25 - 26 26 - r.Get("/", func(w http.ResponseWriter, r *http.Request) { 27 27 - w.Write([]byte("This is a knot server. More info at https://tangled.sh")) 28 28 - }) 29 29 - 30 30 - jar := sessions.NewCookieStore([]byte(cfg.OAuth.CookieSecret)) 31 31 - 32 32 - r.Get("/register", handler.Register(jar)) 33 33 - r.Post("/register", handler.RegisterPost(cfg, d, clientApp, jar)) 34 34 - r.Post("/oauth/login", handler.OauthLoginPost(clientApp)) 35 35 - r.Get("/oauth/client-metadata.json", handler.OauthClientMetadata(cfg, clientApp)) 36 36 - r.Get("/oauth/jwks.json", handler.OauthJwks(clientApp)) 37 37 - r.Get("/oauth/callback", handler.OauthCallback(clientApp, jar)) 38 38 - 39 39 - r.Route("/{did}/{name}", func(r chi.Router) { 40 40 - r.Get("/info/refs", handler.InfoRefs()) 41 41 - r.Post("/git-upload-pack", handler.GitUploadPack()) 42 42 - r.Post("/git-receive-pack", handler.GitReceivePack()) 43 43 - }) 44 44 - 45 45 - r.Get("/events", handler.Events()) 46 46 - 47 47 - r.Route("/xrpc", func(r chi.Router) { 48 48 - r.Post("/"+tangled.GitKeepCommitNSID, handler.XrpcGitKeepCommit(cfg)) 49 49 - }) 50 50 - 51 51 - return r 52 52 - }

-65

knot2/server/server.go

··· 1 1 - package server 2 2 - 3 3 - import ( 4 4 - "context" 5 5 - "fmt" 6 6 - "net/http" 7 7 - 8 8 - "github.com/urfave/cli/v3" 9 9 - "tangled.org/core/knot2/config" 10 10 - "tangled.org/core/knot2/db" 11 11 - "tangled.org/core/log" 12 12 - ) 13 13 - 14 14 - func Command() *cli.Command { 15 15 - return &cli.Command{ 16 16 - Name: "server", 17 17 - Usage: "run a knot server", 18 18 - Action: Run, 19 19 - Flags: []cli.Flag{ 20 20 - &cli.StringFlag{ 21 21 - Name: "config", 22 22 - Aliases: []string{"c"}, 23 23 - Usage: "config path", 24 24 - Required: true, 25 25 - }, 26 26 - }, 27 27 - } 28 28 - } 29 29 - 30 30 - func Run(ctx context.Context, cmd *cli.Command) error { 31 31 - l := log.FromContext(ctx) 32 32 - l = log.SubLogger(l, cmd.Name) 33 33 - ctx = log.IntoContext(ctx, l) 34 34 - 35 35 - configPath := cmd.String("config") 36 36 - 37 37 - cfg, err := config.Load(ctx, configPath) 38 38 - if err != nil { 39 39 - return fmt.Errorf("failed to load config: %w", err) 40 40 - } 41 41 - fmt.Println("config:", cfg) 42 42 - 43 43 - // TODO: start listening to jetstream 44 44 - 45 45 - d, err := db.New(cfg.DbPath()) 46 46 - if err != nil { 47 47 - panic(err) 48 48 - } 49 49 - err = db.Init(d) 50 50 - if err != nil { 51 51 - panic(err) 52 52 - } 53 53 - 54 54 - clientApp := newAtClientApp(&cfg) 55 55 - 56 56 - mux := Routes(&cfg, d, clientApp) 57 57 - 58 58 - l.Info("starting knot server", "address", cfg.ListenAddr()) 59 59 - err = http.ListenAndServe(cfg.ListenAddr(), mux) 60 60 - if err != nil { 61 61 - l.Error("server error", "err", err) 62 62 - } 63 63 - 64 64 - return nil 65 65 - }

+81

knotserver/db/db.go

··· 1 1 + package db 2 2 + 3 3 + import ( 4 4 + "context" 5 5 + "database/sql" 6 6 + "log/slog" 7 7 + "strings" 8 8 + 9 9 + _ "github.com/mattn/go-sqlite3" 10 10 + "tangled.org/core/log" 11 11 + ) 12 12 + 13 13 + type DB struct { 14 14 + db *sql.DB 15 15 + logger *slog.Logger 16 16 + } 17 17 + 18 18 + func Setup(ctx context.Context, dbPath string) (*DB, error) { 19 19 + // https://github.com/mattn/go-sqlite3#connection-string 20 20 + opts := []string{ 21 21 + "_foreign_keys=1", 22 22 + "_journal_mode=WAL", 23 23 + "_synchronous=NORMAL", 24 24 + "_auto_vacuum=incremental", 25 25 + } 26 26 + 27 27 + logger := log.FromContext(ctx) 28 28 + logger = log.SubLogger(logger, "db") 29 29 + 30 30 + db, err := sql.Open("sqlite3", dbPath+"?"+strings.Join(opts, "&")) 31 31 + if err != nil { 32 32 + return nil, err 33 33 + } 34 34 + 35 35 + conn, err := db.Conn(ctx) 36 36 + if err != nil { 37 37 + return nil, err 38 38 + } 39 39 + defer conn.Close() 40 40 + 41 41 + _, err = conn.ExecContext(ctx, ` 42 42 + create table if not exists known_dids ( 43 43 + did text primary key 44 44 + ); 45 45 + 46 46 + create table if not exists public_keys ( 47 47 + id integer primary key autoincrement, 48 48 + did text not null, 49 49 + key text not null, 50 50 + created text not null default (strftime('%Y-%m-%dT%H:%M:%SZ', 'now')), 51 51 + unique(did, key), 52 52 + foreign key (did) references known_dids(did) on delete cascade 53 53 + ); 54 54 + 55 55 + create table if not exists _jetstream ( 56 56 + id integer primary key autoincrement, 57 57 + last_time_us integer not null 58 58 + ); 59 59 + 60 60 + create table if not exists events ( 61 61 + rkey text not null, 62 62 + nsid text not null, 63 63 + event text not null, -- json 64 64 + created integer not null default (strftime('%s', 'now')), 65 65 + primary key (rkey, nsid) 66 66 + ); 67 67 + 68 68 + create table if not exists migrations ( 69 69 + id integer primary key autoincrement, 70 70 + name text unique 71 71 + ); 72 72 + `) 73 73 + if err != nil { 74 74 + return nil, err 75 75 + } 76 76 + 77 77 + return &DB{ 78 78 + db: db, 79 79 + logger: logger, 80 80 + }, nil 81 81 + }

-64

knotserver/db/init.go

··· 1 1 - package db 2 2 - 3 3 - import ( 4 4 - "database/sql" 5 5 - "strings" 6 6 - 7 7 - _ "github.com/mattn/go-sqlite3" 8 8 - ) 9 9 - 10 10 - type DB struct { 11 11 - db *sql.DB 12 12 - } 13 13 - 14 14 - func Setup(dbPath string) (*DB, error) { 15 15 - // https://github.com/mattn/go-sqlite3#connection-string 16 16 - opts := []string{ 17 17 - "_foreign_keys=1", 18 18 - "_journal_mode=WAL", 19 19 - "_synchronous=NORMAL", 20 20 - "_auto_vacuum=incremental", 21 21 - } 22 22 - 23 23 - db, err := sql.Open("sqlite3", dbPath+"?"+strings.Join(opts, "&")) 24 24 - if err != nil { 25 25 - return nil, err 26 26 - } 27 27 - 28 28 - // NOTE: If any other migration is added here, you MUST 29 29 - // copy the pattern in appview: use a single sql.Conn 30 30 - // for every migration. 31 31 - 32 32 - _, err = db.Exec(` 33 33 - create table if not exists known_dids ( 34 34 - did text primary key 35 35 - ); 36 36 - 37 37 - create table if not exists public_keys ( 38 38 - id integer primary key autoincrement, 39 39 - did text not null, 40 40 - key text not null, 41 41 - created text not null default (strftime('%Y-%m-%dT%H:%M:%SZ', 'now')), 42 42 - unique(did, key), 43 43 - foreign key (did) references known_dids(did) on delete cascade 44 44 - ); 45 45 - 46 46 - create table if not exists _jetstream ( 47 47 - id integer primary key autoincrement, 48 48 - last_time_us integer not null 49 49 - ); 50 50 - 51 51 - create table if not exists events ( 52 52 - rkey text not null, 53 53 - nsid text not null, 54 54 - event text not null, -- json 55 55 - created integer not null default (strftime('%s', 'now')), 56 56 - primary key (rkey, nsid) 57 57 - ); 58 58 - `) 59 59 - if err != nil { 60 60 - return nil, err 61 61 - } 62 62 - 63 63 - return &DB{db: db}, nil 64 64 - }

+13 -1

knotserver/git/service/service.go

··· 95 95 return c.RunService(cmd) 96 96 } 97 97 98 98 + func (c *ServiceCommand) UploadArchive() error { 99 99 + cmd := exec.Command("git", []string{ 100 100 + "upload-archive", 101 101 + ".", 102 102 + }...) 103 103 + 104 104 + cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} 105 105 + cmd.Env = append(cmd.Env, fmt.Sprintf("GIT_PROTOCOL=%s", c.GitProtocol)) 106 106 + cmd.Dir = c.Dir 107 107 + 108 108 + return c.RunService(cmd) 109 109 + } 110 110 + 98 111 func (c *ServiceCommand) UploadPack() error { 99 112 cmd := exec.Command("git", []string{ 100 100 - "-c", "uploadpack.allowFilter=true", 101 113 "upload-pack", 102 114 "--stateless-rpc", 103 115 ".",

+47

knotserver/git.go

··· 56 56 } 57 57 } 58 58 59 59 + func (h *Knot) UploadArchive(w http.ResponseWriter, r *http.Request) { 60 60 + did := chi.URLParam(r, "did") 61 61 + name := chi.URLParam(r, "name") 62 62 + repo, err := securejoin.SecureJoin(h.c.Repo.ScanPath, filepath.Join(did, name)) 63 63 + if err != nil { 64 64 + gitError(w, err.Error(), http.StatusInternalServerError) 65 65 + h.l.Error("git: failed to secure join repo path", "handler", "UploadPack", "error", err) 66 66 + return 67 67 + } 68 68 + 69 69 + const expectedContentType = "application/x-git-upload-archive-request" 70 70 + contentType := r.Header.Get("Content-Type") 71 71 + if contentType != expectedContentType { 72 72 + gitError(w, fmt.Sprintf("Expected Content-Type: '%s', but received '%s'.", expectedContentType, contentType), http.StatusUnsupportedMediaType) 73 73 + } 74 74 + 75 75 + var bodyReader io.ReadCloser = r.Body 76 76 + if r.Header.Get("Content-Encoding") == "gzip" { 77 77 + gzipReader, err := gzip.NewReader(r.Body) 78 78 + if err != nil { 79 79 + gitError(w, err.Error(), http.StatusInternalServerError) 80 80 + h.l.Error("git: failed to create gzip reader", "handler", "UploadArchive", "error", err) 81 81 + return 82 82 + } 83 83 + defer gzipReader.Close() 84 84 + bodyReader = gzipReader 85 85 + } 86 86 + 87 87 + w.Header().Set("Content-Type", "application/x-git-upload-archive-result") 88 88 + 89 89 + h.l.Info("git: executing git-upload-archive", "handler", "UploadArchive", "repo", repo) 90 90 + 91 91 + cmd := service.ServiceCommand{ 92 92 + GitProtocol: r.Header.Get("Git-Protocol"), 93 93 + Dir: repo, 94 94 + Stdout: w, 95 95 + Stdin: bodyReader, 96 96 + } 97 97 + 98 98 + w.WriteHeader(http.StatusOK) 99 99 + 100 100 + if err := cmd.UploadArchive(); err != nil { 101 101 + h.l.Error("git: failed to execute git-upload-pack", "handler", "UploadPack", "error", err) 102 102 + return 103 103 + } 104 104 + } 105 105 + 59 106 func (h *Knot) UploadPack(w http.ResponseWriter, r *http.Request) { 60 107 did := chi.URLParam(r, "did") 61 108 name := chi.URLParam(r, "name")

+1

knotserver/router.go

··· 82 82 r.Route("/{name}", func(r chi.Router) { 83 83 // routes for git operations 84 84 r.Get("/info/refs", h.InfoRefs) 85 85 + r.Post("/git-upload-archive", h.UploadArchive) 85 86 r.Post("/git-upload-pack", h.UploadPack) 86 87 r.Post("/git-receive-pack", h.ReceivePack) 87 88 })

+1 -1

knotserver/server.go

··· 64 64 logger.Info("running in dev mode, signature verification is disabled") 65 65 } 66 66 67 67 - db, err := db.Setup(c.Server.DBPath) 67 67 + db, err := db.Setup(ctx, c.Server.DBPath) 68 68 if err != nil { 69 69 return fmt.Errorf("failed to load db: %w", err) 70 70 }

-46

lexicons/git/keepCommit.json

··· 1 1 - { 2 2 - "lexicon": 1, 3 3 - "id": "sh.tangled.git.keepCommit", 4 4 - "defs": { 5 5 - "main": { 6 6 - "type": "procedure", 7 7 - "input": { 8 8 - "encoding": "application/json", 9 9 - "schema": { 10 10 - "type": "object", 11 11 - "required": ["repo", "ref"], 12 12 - "properties": { 13 13 - "repo": { 14 14 - "type": "string", 15 15 - "format": "at-uri", 16 16 - "description": "AT-URI of the repository" 17 17 - }, 18 18 - "ref": { 19 19 - "type": "string", 20 20 - "description": "ref to keep" 21 21 - } 22 22 - } 23 23 - } 24 24 - }, 25 25 - "output": { 26 26 - "encoding": "application/json", 27 27 - "schema": { 28 28 - "type": "object", 29 29 - "required": ["commitId"], 30 30 - "properties": { 31 31 - "commitId": { 32 32 - "type": "string", 33 33 - "description": "Keeped commit hash" 34 34 - } 35 35 - } 36 36 - } 37 37 - }, 38 38 - "errors": [ 39 39 - { 40 40 - "name": "InternalServerError", 41 41 - "description": "Failed to keep commit" 42 42 - } 43 43 - ] 44 44 - } 45 45 - } 46 46 - }

+10 -2

lexicons/pulls/pull.json

··· 12 12 "required": [ 13 13 "target", 14 14 "title", 15 15 - "patch", 15 15 + "patchBlob", 16 16 "createdAt" 17 17 ], 18 18 "properties": { ··· 27 27 "type": "string" 28 28 }, 29 29 "patch": { 30 30 - "type": "string" 30 30 + "type": "string", 31 31 + "description": "(deprecated) use patchBlob instead" 32 32 + }, 33 33 + "patchBlob": { 34 34 + "type": "blob", 35 35 + "accept": [ 36 36 + "text/x-patch" 37 37 + ], 38 38 + "description": "patch content" 31 39 }, 32 40 "source": { 33 41 "type": "ref",

+3 -3

nix/gomod2nix.toml

··· 171 171 [mod."github.com/dgryski/go-rendezvous"] 172 172 version = "v0.0.0-20200823014737-9f7001d12a5f" 173 173 hash = "sha256-n/7xo5CQqo4yLaWMSzSN1Muk/oqK6O5dgDOFWapeDUI=" 174 174 - [mod."github.com/did-method-plc/go-didplc"] 175 175 - version = "v0.0.0-20250716171643-635da8b4e038" 176 176 - hash = "sha256-o0uB/5tryjdB44ssALFr49PtfY3nRJnEENmE187md1w=" 177 174 [mod."github.com/distribution/reference"] 178 175 version = "v0.6.0" 179 176 hash = "sha256-gr4tL+qz4jKyAtl8LINcxMSanztdt+pybj1T+2ulQv4=" ··· 533 530 [mod."github.com/yuin/goldmark"] 534 531 version = "v1.7.13" 535 532 hash = "sha256-vBCxZrPYPc8x/nvAAv3Au59dCCyfS80Vw3/a9EXK7TE=" 533 533 + [mod."github.com/yuin/goldmark-emoji"] 534 534 + version = "v1.0.6" 535 535 + hash = "sha256-+d6bZzOPE+JSFsZbQNZMCWE+n3jgcQnkPETVk47mxSY=" 536 536 [mod."github.com/yuin/goldmark-highlighting/v2"] 537 537 version = "v2.0.0-20230729083705-37449abec8cc" 538 538 hash = "sha256-HpiwU7jIeDUAg2zOpTIiviQir8dpRPuXYh2nqFFccpg="

+5 -18

nix/modules/knot.nix

··· 170 170 description = "Enable development mode (disables signature verification)"; 171 171 }; 172 172 }; 173 173 - 174 174 - environmentFile = mkOption { 175 175 - type = with types; nullOr path; 176 176 - default = null; 177 177 - example = "/etc/appview.env"; 178 178 - description = '' 179 179 - Additional environment file as defined in {manpage}`systemd.exec(5)`. 180 180 - 181 181 - Sensitive secrets such as {env}`KNOT_COOKIE_SECRET`, 182 182 - {env}`KNOT_OAUTH_CLIENT_SECRET`, and {env}`KNOT_OAUTH_CLIENT_KID` 183 183 - may be passed to the service without making them world readable in the nix store. 184 184 - ''; 185 185 - }; 186 173 }; 187 174 }; 188 175 ··· 218 205 text = '' 219 206 #!${pkgs.stdenv.shell} 220 207 ${cfg.package}/bin/knot keys \ 221 221 - -config ${cfg.stateDir}/config.yml \ 222 222 - -output authorized-keys 208 208 + -output authorized-keys \ 209 209 + -internal-api "http://${cfg.server.internalListenAddr}" \ 210 210 + -git-dir "${cfg.repo.scanPath}" \ 211 211 + -log-path /tmp/knotguard.log 223 212 ''; 224 213 }; 225 214 ··· 284 273 else "false" 285 274 }" 286 275 ]; 287 287 - EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile; 288 288 - ExecStart = "${cfg.package}/bin/knot server -config ${cfg.stateDir}/config.yml"; 276 276 + ExecStart = "${cfg.package}/bin/knot server"; 289 277 Restart = "always"; 290 290 - RestartSec = 5; 291 278 }; 292 279 }; 293 280

+53

nix/pkgs/docs.nix

··· 1 1 + { 2 2 + pandoc, 3 3 + tailwindcss, 4 4 + runCommandLocal, 5 5 + inter-fonts-src, 6 6 + ibm-plex-mono-src, 7 7 + lucide-src, 8 8 + src, 9 9 + }: 10 10 + runCommandLocal "docs" {} '' 11 11 + mkdir -p working 12 12 + 13 13 + # copy templates, themes, styles, filters to working directory 14 14 + cp ${src}/docs/*.html working/ 15 15 + cp ${src}/docs/*.theme working/ 16 16 + cp ${src}/docs/*.css working/ 17 17 + 18 18 + # icons 19 19 + cp -rf ${lucide-src}/*.svg working/ 20 20 + 21 21 + # content - chunked 22 22 + ${pandoc}/bin/pandoc ${src}/docs/DOCS.md \ 23 23 + -o $out/ \ 24 24 + -t chunkedhtml \ 25 25 + --variable toc \ 26 26 + --variable-json single-page=false \ 27 27 + --toc-depth=2 \ 28 28 + --css=stylesheet.css \ 29 29 + --chunk-template="%i.html" \ 30 30 + --highlight-style=working/highlight.theme \ 31 31 + --template=working/template.html 32 32 + 33 33 + # content - single page 34 34 + ${pandoc}/bin/pandoc ${src}/docs/DOCS.md \ 35 35 + -o $out/single-page.html \ 36 36 + --toc \ 37 37 + --variable toc \ 38 38 + --variable single-page \ 39 39 + --toc-depth=2 \ 40 40 + --css=stylesheet.css \ 41 41 + --highlight-style=working/highlight.theme \ 42 42 + --template=working/template.html 43 43 + 44 44 + # fonts 45 45 + mkdir -p $out/static/fonts 46 46 + cp -f ${inter-fonts-src}/web/InterVariable*.woff2 $out/static/fonts/ 47 47 + cp -f ${inter-fonts-src}/web/InterDisplay*.woff2 $out/static/fonts/ 48 48 + cp -f ${inter-fonts-src}/InterVariable*.ttf $out/static/fonts/ 49 49 + cp -f ${ibm-plex-mono-src}/fonts/complete/woff2/IBMPlexMono*.woff2 $out/static/fonts/ 50 50 + 51 51 + # styles 52 52 + cd ${src} && ${tailwindcss}/bin/tailwindcss -i input.css -o $out/stylesheet.css 53 53 + ''

+7 -5

nix/pkgs/sqlite-lib.nix

··· 1 1 { 2 2 - gcc, 3 2 stdenv, 4 3 sqlite-lib-src, 5 4 }: 6 5 stdenv.mkDerivation { 7 6 name = "sqlite-lib"; 8 7 src = sqlite-lib-src; 9 9 - nativeBuildInputs = [gcc]; 8 8 + 10 9 buildPhase = '' 11 11 - gcc -c sqlite3.c 12 12 - ar rcs libsqlite3.a sqlite3.o 13 13 - ranlib libsqlite3.a 10 10 + $CC -c sqlite3.c 11 11 + $AR rcs libsqlite3.a sqlite3.o 12 12 + $RANLIB libsqlite3.a 13 13 + ''; 14 14 + 15 15 + installPhase = '' 14 16 mkdir -p $out/include $out/lib 15 17 cp *.h $out/include 16 18 cp libsqlite3.a $out/lib

+1 -2

nix/vm.nix

··· 8 8 var = builtins.getEnv name; 9 9 in 10 10 if var == "" 11 11 - then throw "\$${name} must be defined, see docs/hacking.md for more details" 11 11 + then throw "\$${name} must be defined, see https://docs.tangled.org/hacking-on-tangled.html#hacking-on-tangled for more details" 12 12 else var; 13 13 envVarOr = name: default: let 14 14 var = builtins.getEnv name; ··· 92 92 jetstreamEndpoint = jetstream; 93 93 listenAddr = "0.0.0.0:6444"; 94 94 }; 95 95 - environmentFile = "${config.services.tangled.knot.stateDir}/.env"; 96 95 }; 97 96 services.tangled.spindle = { 98 97 enable = true;

+122

orm/orm.go

··· 1 1 + package orm 2 2 + 3 3 + import ( 4 4 + "context" 5 5 + "database/sql" 6 6 + "fmt" 7 7 + "log/slog" 8 8 + "reflect" 9 9 + "strings" 10 10 + ) 11 11 + 12 12 + type migrationFn = func(*sql.Tx) error 13 13 + 14 14 + func RunMigration(c *sql.Conn, logger *slog.Logger, name string, migrationFn migrationFn) error { 15 15 + logger = logger.With("migration", name) 16 16 + 17 17 + tx, err := c.BeginTx(context.Background(), nil) 18 18 + if err != nil { 19 19 + return err 20 20 + } 21 21 + defer tx.Rollback() 22 22 + 23 23 + var exists bool 24 24 + err = tx.QueryRow("select exists (select 1 from migrations where name = ?)", name).Scan(&exists) 25 25 + if err != nil { 26 26 + return err 27 27 + } 28 28 + 29 29 + if !exists { 30 30 + // run migration 31 31 + err = migrationFn(tx) 32 32 + if err != nil { 33 33 + logger.Error("failed to run migration", "err", err) 34 34 + return err 35 35 + } 36 36 + 37 37 + // mark migration as complete 38 38 + _, err = tx.Exec("insert into migrations (name) values (?)", name) 39 39 + if err != nil { 40 40 + logger.Error("failed to mark migration as complete", "err", err) 41 41 + return err 42 42 + } 43 43 + 44 44 + // commit the transaction 45 45 + if err := tx.Commit(); err != nil { 46 46 + return err 47 47 + } 48 48 + 49 49 + logger.Info("migration applied successfully") 50 50 + } else { 51 51 + logger.Warn("skipped migration, already applied") 52 52 + } 53 53 + 54 54 + return nil 55 55 + } 56 56 + 57 57 + type Filter struct { 58 58 + Key string 59 59 + arg any 60 60 + Cmp string 61 61 + } 62 62 + 63 63 + func newFilter(key, cmp string, arg any) Filter { 64 64 + return Filter{ 65 65 + Key: key, 66 66 + arg: arg, 67 67 + Cmp: cmp, 68 68 + } 69 69 + } 70 70 + 71 71 + func FilterEq(key string, arg any) Filter { return newFilter(key, "=", arg) } 72 72 + func FilterNotEq(key string, arg any) Filter { return newFilter(key, "<>", arg) } 73 73 + func FilterGte(key string, arg any) Filter { return newFilter(key, ">=", arg) } 74 74 + func FilterLte(key string, arg any) Filter { return newFilter(key, "<=", arg) } 75 75 + func FilterIs(key string, arg any) Filter { return newFilter(key, "is", arg) } 76 76 + func FilterIsNot(key string, arg any) Filter { return newFilter(key, "is not", arg) } 77 77 + func FilterIn(key string, arg any) Filter { return newFilter(key, "in", arg) } 78 78 + func FilterLike(key string, arg any) Filter { return newFilter(key, "like", arg) } 79 79 + func FilterNotLike(key string, arg any) Filter { return newFilter(key, "not like", arg) } 80 80 + func FilterContains(key string, arg any) Filter { 81 81 + return newFilter(key, "like", fmt.Sprintf("%%%v%%", arg)) 82 82 + } 83 83 + 84 84 + func (f Filter) Condition() string { 85 85 + rv := reflect.ValueOf(f.arg) 86 86 + kind := rv.Kind() 87 87 + 88 88 + // if we have `FilterIn(k, [1, 2, 3])`, compile it down to `k in (?, ?, ?)` 89 89 + if (kind == reflect.Slice && rv.Type().Elem().Kind() != reflect.Uint8) || kind == reflect.Array { 90 90 + if rv.Len() == 0 { 91 91 + // always false 92 92 + return "1 = 0" 93 93 + } 94 94 + 95 95 + placeholders := make([]string, rv.Len()) 96 96 + for i := range placeholders { 97 97 + placeholders[i] = "?" 98 98 + } 99 99 + 100 100 + return fmt.Sprintf("%s %s (%s)", f.Key, f.Cmp, strings.Join(placeholders, ", ")) 101 101 + } 102 102 + 103 103 + return fmt.Sprintf("%s %s ?", f.Key, f.Cmp) 104 104 + } 105 105 + 106 106 + func (f Filter) Arg() []any { 107 107 + rv := reflect.ValueOf(f.arg) 108 108 + kind := rv.Kind() 109 109 + if (kind == reflect.Slice && rv.Type().Elem().Kind() != reflect.Uint8) || kind == reflect.Array { 110 110 + if rv.Len() == 0 { 111 111 + return nil 112 112 + } 113 113 + 114 114 + out := make([]any, rv.Len()) 115 115 + for i := range rv.Len() { 116 116 + out[i] = rv.Index(i).Interface() 117 117 + } 118 118 + return out 119 119 + } 120 120 + 121 121 + return []any{f.arg} 122 122 + }

+3 -3

readme.md

··· 10 10 11 11 ## docs 12 12 13 13 - * [knot hosting guide](/docs/knot-hosting.md) 14 14 - * [contributing guide](/docs/contributing.md) **please read before opening a PR!** 15 15 - * [hacking on tangled](/docs/hacking.md) 13 13 + - [knot hosting guide](https://docs.tangled.org/knot-self-hosting-guide.html#knot-self-hosting-guide) 14 14 + - [contributing guide](https://docs.tangled.org/contribution-guide.html#contribution-guide) **please read before opening a PR!** 15 15 + - [hacking on tangled](https://docs.tangled.org/hacking-on-tangled.html#hacking-on-tangled) 16 16 17 17 ## security 18 18

+31

sets/gen.go

··· 1 1 + package sets 2 2 + 3 3 + import ( 4 4 + "math/rand" 5 5 + "reflect" 6 6 + "testing/quick" 7 7 + ) 8 8 + 9 9 + func (_ Set[T]) Generate(rand *rand.Rand, size int) reflect.Value { 10 10 + s := New[T]() 11 11 + 12 12 + var zero T 13 13 + itemType := reflect.TypeOf(zero) 14 14 + 15 15 + for { 16 16 + if s.Len() >= size { 17 17 + break 18 18 + } 19 19 + 20 20 + item, ok := quick.Value(itemType, rand) 21 21 + if !ok { 22 22 + continue 23 23 + } 24 24 + 25 25 + if val, ok := item.Interface().(T); ok { 26 26 + s.Insert(val) 27 27 + } 28 28 + } 29 29 + 30 30 + return reflect.ValueOf(s) 31 31 + }

+35

sets/readme.txt

··· 1 1 + sets 2 2 + ---- 3 3 + set datastructure for go with generics and iterators. the 4 4 + api is supposed to mimic rust's std::collections::HashSet api. 5 5 + 6 6 + s1 := sets.Collect(slices.Values([]int{1, 2, 3, 4})) 7 7 + s2 := sets.Collect(slices.Values([]int{1, 2, 3, 4, 5, 6})) 8 8 + 9 9 + union := sets.Collect(s1.Union(s2)) 10 10 + intersect := sets.Collect(s1.Intersection(s2)) 11 11 + diff := sets.Collect(s1.Difference(s2)) 12 12 + symdiff := sets.Collect(s1.SymmetricDifference(s2)) 13 13 + 14 14 + s1.Len() // 4 15 15 + s1.Contains(1) // true 16 16 + s1.IsEmpty() // false 17 17 + s1.IsSubset(s2) // true 18 18 + s1.IsSuperset(s2) // false 19 19 + s1.IsDisjoint(s2) // false 20 20 + 21 21 + if exists := s1.Insert(1); exists { 22 22 + // already existed in set 23 23 + } 24 24 + 25 25 + if existed := s1.Remove(1); existed { 26 26 + // existed in set, now removed 27 27 + } 28 28 + 29 29 + 30 30 + testing 31 31 + ------- 32 32 + includes property-based tests using the wonderful 33 33 + testing/quick module! 34 34 + 35 35 + go test -v

+174

sets/set.go

··· 1 1 + package sets 2 2 + 3 3 + import ( 4 4 + "iter" 5 5 + "maps" 6 6 + ) 7 7 + 8 8 + type Set[T comparable] struct { 9 9 + data map[T]struct{} 10 10 + } 11 11 + 12 12 + func New[T comparable]() Set[T] { 13 13 + return Set[T]{ 14 14 + data: make(map[T]struct{}), 15 15 + } 16 16 + } 17 17 + 18 18 + func (s *Set[T]) Insert(item T) bool { 19 19 + _, exists := s.data[item] 20 20 + s.data[item] = struct{}{} 21 21 + return !exists 22 22 + } 23 23 + 24 24 + func Singleton[T comparable](item T) Set[T] { 25 25 + n := New[T]() 26 26 + _ = n.Insert(item) 27 27 + return n 28 28 + } 29 29 + 30 30 + func (s *Set[T]) Remove(item T) bool { 31 31 + _, exists := s.data[item] 32 32 + if exists { 33 33 + delete(s.data, item) 34 34 + } 35 35 + return exists 36 36 + } 37 37 + 38 38 + func (s Set[T]) Contains(item T) bool { 39 39 + _, exists := s.data[item] 40 40 + return exists 41 41 + } 42 42 + 43 43 + func (s Set[T]) Len() int { 44 44 + return len(s.data) 45 45 + } 46 46 + 47 47 + func (s Set[T]) IsEmpty() bool { 48 48 + return len(s.data) == 0 49 49 + } 50 50 + 51 51 + func (s *Set[T]) Clear() { 52 52 + s.data = make(map[T]struct{}) 53 53 + } 54 54 + 55 55 + func (s Set[T]) All() iter.Seq[T] { 56 56 + return func(yield func(T) bool) { 57 57 + for item := range s.data { 58 58 + if !yield(item) { 59 59 + return 60 60 + } 61 61 + } 62 62 + } 63 63 + } 64 64 + 65 65 + func (s Set[T]) Clone() Set[T] { 66 66 + return Set[T]{ 67 67 + data: maps.Clone(s.data), 68 68 + } 69 69 + } 70 70 + 71 71 + func (s Set[T]) Union(other Set[T]) iter.Seq[T] { 72 72 + if s.Len() >= other.Len() { 73 73 + return chain(s.All(), other.Difference(s)) 74 74 + } else { 75 75 + return chain(other.All(), s.Difference(other)) 76 76 + } 77 77 + } 78 78 + 79 79 + func chain[T any](seqs ...iter.Seq[T]) iter.Seq[T] { 80 80 + return func(yield func(T) bool) { 81 81 + for _, seq := range seqs { 82 82 + for item := range seq { 83 83 + if !yield(item) { 84 84 + return 85 85 + } 86 86 + } 87 87 + } 88 88 + } 89 89 + } 90 90 + 91 91 + func (s Set[T]) Intersection(other Set[T]) iter.Seq[T] { 92 92 + return func(yield func(T) bool) { 93 93 + for item := range s.data { 94 94 + if other.Contains(item) { 95 95 + if !yield(item) { 96 96 + return 97 97 + } 98 98 + } 99 99 + } 100 100 + } 101 101 + } 102 102 + 103 103 + func (s Set[T]) Difference(other Set[T]) iter.Seq[T] { 104 104 + return func(yield func(T) bool) { 105 105 + for item := range s.data { 106 106 + if !other.Contains(item) { 107 107 + if !yield(item) { 108 108 + return 109 109 + } 110 110 + } 111 111 + } 112 112 + } 113 113 + } 114 114 + 115 115 + func (s Set[T]) SymmetricDifference(other Set[T]) iter.Seq[T] { 116 116 + return func(yield func(T) bool) { 117 117 + for item := range s.data { 118 118 + if !other.Contains(item) { 119 119 + if !yield(item) { 120 120 + return 121 121 + } 122 122 + } 123 123 + } 124 124 + for item := range other.data { 125 125 + if !s.Contains(item) { 126 126 + if !yield(item) { 127 127 + return 128 128 + } 129 129 + } 130 130 + } 131 131 + } 132 132 + } 133 133 + 134 134 + func (s Set[T]) IsSubset(other Set[T]) bool { 135 135 + for item := range s.data { 136 136 + if !other.Contains(item) { 137 137 + return false 138 138 + } 139 139 + } 140 140 + return true 141 141 + } 142 142 + 143 143 + func (s Set[T]) IsSuperset(other Set[T]) bool { 144 144 + return other.IsSubset(s) 145 145 + } 146 146 + 147 147 + func (s Set[T]) IsDisjoint(other Set[T]) bool { 148 148 + for item := range s.data { 149 149 + if other.Contains(item) { 150 150 + return false 151 151 + } 152 152 + } 153 153 + return true 154 154 + } 155 155 + 156 156 + func (s Set[T]) Equal(other Set[T]) bool { 157 157 + if s.Len() != other.Len() { 158 158 + return false 159 159 + } 160 160 + for item := range s.data { 161 161 + if !other.Contains(item) { 162 162 + return false 163 163 + } 164 164 + } 165 165 + return true 166 166 + } 167 167 + 168 168 + func Collect[T comparable](seq iter.Seq[T]) Set[T] { 169 169 + result := New[T]() 170 170 + for item := range seq { 171 171 + result.Insert(item) 172 172 + } 173 173 + return result 174 174 + }

+411

sets/set_test.go

··· 1 1 + package sets 2 2 + 3 3 + import ( 4 4 + "slices" 5 5 + "testing" 6 6 + "testing/quick" 7 7 + ) 8 8 + 9 9 + func TestNew(t *testing.T) { 10 10 + s := New[int]() 11 11 + if s.Len() != 0 { 12 12 + t.Errorf("New set should be empty, got length %d", s.Len()) 13 13 + } 14 14 + if !s.IsEmpty() { 15 15 + t.Error("New set should be empty") 16 16 + } 17 17 + } 18 18 + 19 19 + func TestFromSlice(t *testing.T) { 20 20 + s := Collect(slices.Values([]int{1, 2, 3, 2, 1})) 21 21 + if s.Len() != 3 { 22 22 + t.Errorf("Expected length 3, got %d", s.Len()) 23 23 + } 24 24 + if !s.Contains(1) || !s.Contains(2) || !s.Contains(3) { 25 25 + t.Error("Set should contain all unique elements from slice") 26 26 + } 27 27 + } 28 28 + 29 29 + func TestInsert(t *testing.T) { 30 30 + s := New[string]() 31 31 + 32 32 + if !s.Insert("hello") { 33 33 + t.Error("First insert should return true") 34 34 + } 35 35 + if s.Insert("hello") { 36 36 + t.Error("Duplicate insert should return false") 37 37 + } 38 38 + if s.Len() != 1 { 39 39 + t.Errorf("Expected length 1, got %d", s.Len()) 40 40 + } 41 41 + } 42 42 + 43 43 + func TestRemove(t *testing.T) { 44 44 + s := Collect(slices.Values([]int{1, 2, 3})) 45 45 + 46 46 + if !s.Remove(2) { 47 47 + t.Error("Remove existing element should return true") 48 48 + } 49 49 + if s.Remove(2) { 50 50 + t.Error("Remove non-existing element should return false") 51 51 + } 52 52 + if s.Contains(2) { 53 53 + t.Error("Element should be removed") 54 54 + } 55 55 + if s.Len() != 2 { 56 56 + t.Errorf("Expected length 2, got %d", s.Len()) 57 57 + } 58 58 + } 59 59 + 60 60 + func TestContains(t *testing.T) { 61 61 + s := Collect(slices.Values([]int{1, 2, 3})) 62 62 + 63 63 + if !s.Contains(1) { 64 64 + t.Error("Should contain 1") 65 65 + } 66 66 + if s.Contains(4) { 67 67 + t.Error("Should not contain 4") 68 68 + } 69 69 + } 70 70 + 71 71 + func TestClear(t *testing.T) { 72 72 + s := Collect(slices.Values([]int{1, 2, 3})) 73 73 + s.Clear() 74 74 + 75 75 + if !s.IsEmpty() { 76 76 + t.Error("Set should be empty after clear") 77 77 + } 78 78 + if s.Len() != 0 { 79 79 + t.Errorf("Expected length 0, got %d", s.Len()) 80 80 + } 81 81 + } 82 82 + 83 83 + func TestIterator(t *testing.T) { 84 84 + s := Collect(slices.Values([]int{1, 2, 3})) 85 85 + var items []int 86 86 + 87 87 + for item := range s.All() { 88 88 + items = append(items, item) 89 89 + } 90 90 + 91 91 + slices.Sort(items) 92 92 + expected := []int{1, 2, 3} 93 93 + if !slices.Equal(items, expected) { 94 94 + t.Errorf("Expected %v, got %v", expected, items) 95 95 + } 96 96 + } 97 97 + 98 98 + func TestClone(t *testing.T) { 99 99 + s1 := Collect(slices.Values([]int{1, 2, 3})) 100 100 + s2 := s1.Clone() 101 101 + 102 102 + if !s1.Equal(s2) { 103 103 + t.Error("Cloned set should be equal to original") 104 104 + } 105 105 + 106 106 + s2.Insert(4) 107 107 + if s1.Contains(4) { 108 108 + t.Error("Modifying clone should not affect original") 109 109 + } 110 110 + } 111 111 + 112 112 + func TestUnion(t *testing.T) { 113 113 + s1 := Collect(slices.Values([]int{1, 2})) 114 114 + s2 := Collect(slices.Values([]int{2, 3})) 115 115 + 116 116 + result := Collect(s1.Union(s2)) 117 117 + expected := Collect(slices.Values([]int{1, 2, 3})) 118 118 + 119 119 + if !result.Equal(expected) { 120 120 + t.Errorf("Expected %v, got %v", expected, result) 121 121 + } 122 122 + } 123 123 + 124 124 + func TestIntersection(t *testing.T) { 125 125 + s1 := Collect(slices.Values([]int{1, 2, 3})) 126 126 + s2 := Collect(slices.Values([]int{2, 3, 4})) 127 127 + 128 128 + expected := Collect(slices.Values([]int{2, 3})) 129 129 + result := Collect(s1.Intersection(s2)) 130 130 + 131 131 + if !result.Equal(expected) { 132 132 + t.Errorf("Expected %v, got %v", expected, result) 133 133 + } 134 134 + } 135 135 + 136 136 + func TestDifference(t *testing.T) { 137 137 + s1 := Collect(slices.Values([]int{1, 2, 3})) 138 138 + s2 := Collect(slices.Values([]int{2, 3, 4})) 139 139 + 140 140 + expected := Collect(slices.Values([]int{1})) 141 141 + result := Collect(s1.Difference(s2)) 142 142 + 143 143 + if !result.Equal(expected) { 144 144 + t.Errorf("Expected %v, got %v", expected, result) 145 145 + } 146 146 + } 147 147 + 148 148 + func TestSymmetricDifference(t *testing.T) { 149 149 + s1 := Collect(slices.Values([]int{1, 2, 3})) 150 150 + s2 := Collect(slices.Values([]int{2, 3, 4})) 151 151 + 152 152 + expected := Collect(slices.Values([]int{1, 4})) 153 153 + result := Collect(s1.SymmetricDifference(s2)) 154 154 + 155 155 + if !result.Equal(expected) { 156 156 + t.Errorf("Expected %v, got %v", expected, result) 157 157 + } 158 158 + } 159 159 + 160 160 + func TestSymmetricDifferenceCommutativeProperty(t *testing.T) { 161 161 + s1 := Collect(slices.Values([]int{1, 2, 3})) 162 162 + s2 := Collect(slices.Values([]int{2, 3, 4})) 163 163 + 164 164 + result1 := Collect(s1.SymmetricDifference(s2)) 165 165 + result2 := Collect(s2.SymmetricDifference(s1)) 166 166 + 167 167 + if !result1.Equal(result2) { 168 168 + t.Errorf("Expected %v, got %v", result1, result2) 169 169 + } 170 170 + } 171 171 + 172 172 + func TestIsSubset(t *testing.T) { 173 173 + s1 := Collect(slices.Values([]int{1, 2})) 174 174 + s2 := Collect(slices.Values([]int{1, 2, 3})) 175 175 + 176 176 + if !s1.IsSubset(s2) { 177 177 + t.Error("s1 should be subset of s2") 178 178 + } 179 179 + if s2.IsSubset(s1) { 180 180 + t.Error("s2 should not be subset of s1") 181 181 + } 182 182 + } 183 183 + 184 184 + func TestIsSuperset(t *testing.T) { 185 185 + s1 := Collect(slices.Values([]int{1, 2, 3})) 186 186 + s2 := Collect(slices.Values([]int{1, 2})) 187 187 + 188 188 + if !s1.IsSuperset(s2) { 189 189 + t.Error("s1 should be superset of s2") 190 190 + } 191 191 + if s2.IsSuperset(s1) { 192 192 + t.Error("s2 should not be superset of s1") 193 193 + } 194 194 + } 195 195 + 196 196 + func TestIsDisjoint(t *testing.T) { 197 197 + s1 := Collect(slices.Values([]int{1, 2})) 198 198 + s2 := Collect(slices.Values([]int{3, 4})) 199 199 + s3 := Collect(slices.Values([]int{2, 3})) 200 200 + 201 201 + if !s1.IsDisjoint(s2) { 202 202 + t.Error("s1 and s2 should be disjoint") 203 203 + } 204 204 + if s1.IsDisjoint(s3) { 205 205 + t.Error("s1 and s3 should not be disjoint") 206 206 + } 207 207 + } 208 208 + 209 209 + func TestEqual(t *testing.T) { 210 210 + s1 := Collect(slices.Values([]int{1, 2, 3})) 211 211 + s2 := Collect(slices.Values([]int{3, 2, 1})) 212 212 + s3 := Collect(slices.Values([]int{1, 2})) 213 213 + 214 214 + if !s1.Equal(s2) { 215 215 + t.Error("s1 and s2 should be equal") 216 216 + } 217 217 + if s1.Equal(s3) { 218 218 + t.Error("s1 and s3 should not be equal") 219 219 + } 220 220 + } 221 221 + 222 222 + func TestCollect(t *testing.T) { 223 223 + s1 := Collect(slices.Values([]int{1, 2})) 224 224 + s2 := Collect(slices.Values([]int{2, 3})) 225 225 + 226 226 + unionSet := Collect(s1.Union(s2)) 227 227 + if unionSet.Len() != 3 { 228 228 + t.Errorf("Expected union set length 3, got %d", unionSet.Len()) 229 229 + } 230 230 + if !unionSet.Contains(1) || !unionSet.Contains(2) || !unionSet.Contains(3) { 231 231 + t.Error("Union set should contain 1, 2, and 3") 232 232 + } 233 233 + 234 234 + diffSet := Collect(s1.Difference(s2)) 235 235 + if diffSet.Len() != 1 { 236 236 + t.Errorf("Expected difference set length 1, got %d", diffSet.Len()) 237 237 + } 238 238 + if !diffSet.Contains(1) { 239 239 + t.Error("Difference set should contain 1") 240 240 + } 241 241 + } 242 242 + 243 243 + func TestPropertySingleonLen(t *testing.T) { 244 244 + f := func(item int) bool { 245 245 + single := Singleton(item) 246 246 + return single.Len() == 1 247 247 + } 248 248 + 249 249 + if err := quick.Check(f, nil); err != nil { 250 250 + t.Error(err) 251 251 + } 252 252 + } 253 253 + 254 254 + func TestPropertyInsertIdempotent(t *testing.T) { 255 255 + f := func(s Set[int], item int) bool { 256 256 + clone := s.Clone() 257 257 + 258 258 + clone.Insert(item) 259 259 + firstLen := clone.Len() 260 260 + 261 261 + clone.Insert(item) 262 262 + secondLen := clone.Len() 263 263 + 264 264 + return firstLen == secondLen 265 265 + } 266 266 + 267 267 + if err := quick.Check(f, nil); err != nil { 268 268 + t.Error(err) 269 269 + } 270 270 + } 271 271 + 272 272 + func TestPropertyUnionCommutative(t *testing.T) { 273 273 + f := func(s1 Set[int], s2 Set[int]) bool { 274 274 + union1 := Collect(s1.Union(s2)) 275 275 + union2 := Collect(s2.Union(s1)) 276 276 + return union1.Equal(union2) 277 277 + } 278 278 + 279 279 + if err := quick.Check(f, nil); err != nil { 280 280 + t.Error(err) 281 281 + } 282 282 + } 283 283 + 284 284 + func TestPropertyIntersectionCommutative(t *testing.T) { 285 285 + f := func(s1 Set[int], s2 Set[int]) bool { 286 286 + inter1 := Collect(s1.Intersection(s2)) 287 287 + inter2 := Collect(s2.Intersection(s1)) 288 288 + return inter1.Equal(inter2) 289 289 + } 290 290 + 291 291 + if err := quick.Check(f, nil); err != nil { 292 292 + t.Error(err) 293 293 + } 294 294 + } 295 295 + 296 296 + func TestPropertyCloneEquals(t *testing.T) { 297 297 + f := func(s Set[int]) bool { 298 298 + clone := s.Clone() 299 299 + return s.Equal(clone) 300 300 + } 301 301 + 302 302 + if err := quick.Check(f, nil); err != nil { 303 303 + t.Error(err) 304 304 + } 305 305 + } 306 306 + 307 307 + func TestPropertyIntersectionIsSubset(t *testing.T) { 308 308 + f := func(s1 Set[int], s2 Set[int]) bool { 309 309 + inter := Collect(s1.Intersection(s2)) 310 310 + return inter.IsSubset(s1) && inter.IsSubset(s2) 311 311 + } 312 312 + 313 313 + if err := quick.Check(f, nil); err != nil { 314 314 + t.Error(err) 315 315 + } 316 316 + } 317 317 + 318 318 + func TestPropertyUnionIsSuperset(t *testing.T) { 319 319 + f := func(s1 Set[int], s2 Set[int]) bool { 320 320 + union := Collect(s1.Union(s2)) 321 321 + return union.IsSuperset(s1) && union.IsSuperset(s2) 322 322 + } 323 323 + 324 324 + if err := quick.Check(f, nil); err != nil { 325 325 + t.Error(err) 326 326 + } 327 327 + } 328 328 + 329 329 + func TestPropertyDifferenceDisjoint(t *testing.T) { 330 330 + f := func(s1 Set[int], s2 Set[int]) bool { 331 331 + diff := Collect(s1.Difference(s2)) 332 332 + return diff.IsDisjoint(s2) 333 333 + } 334 334 + 335 335 + if err := quick.Check(f, nil); err != nil { 336 336 + t.Error(err) 337 337 + } 338 338 + } 339 339 + 340 340 + func TestPropertySymmetricDifferenceCommutative(t *testing.T) { 341 341 + f := func(s1 Set[int], s2 Set[int]) bool { 342 342 + symDiff1 := Collect(s1.SymmetricDifference(s2)) 343 343 + symDiff2 := Collect(s2.SymmetricDifference(s1)) 344 344 + return symDiff1.Equal(symDiff2) 345 345 + } 346 346 + 347 347 + if err := quick.Check(f, nil); err != nil { 348 348 + t.Error(err) 349 349 + } 350 350 + } 351 351 + 352 352 + func TestPropertyRemoveWorks(t *testing.T) { 353 353 + f := func(s Set[int], item int) bool { 354 354 + clone := s.Clone() 355 355 + clone.Insert(item) 356 356 + clone.Remove(item) 357 357 + return !clone.Contains(item) 358 358 + } 359 359 + 360 360 + if err := quick.Check(f, nil); err != nil { 361 361 + t.Error(err) 362 362 + } 363 363 + } 364 364 + 365 365 + func TestPropertyClearEmpty(t *testing.T) { 366 366 + f := func(s Set[int]) bool { 367 367 + s.Clear() 368 368 + return s.IsEmpty() && s.Len() == 0 369 369 + } 370 370 + 371 371 + if err := quick.Check(f, nil); err != nil { 372 372 + t.Error(err) 373 373 + } 374 374 + } 375 375 + 376 376 + func TestPropertyIsSubsetReflexive(t *testing.T) { 377 377 + f := func(s Set[int]) bool { 378 378 + return s.IsSubset(s) 379 379 + } 380 380 + 381 381 + if err := quick.Check(f, nil); err != nil { 382 382 + t.Error(err) 383 383 + } 384 384 + } 385 385 + 386 386 + func TestPropertyDeMorganUnion(t *testing.T) { 387 387 + f := func(s1 Set[int], s2 Set[int], universe Set[int]) bool { 388 388 + // create a universe that contains both sets 389 389 + u := universe.Clone() 390 390 + for item := range s1.All() { 391 391 + u.Insert(item) 392 392 + } 393 393 + for item := range s2.All() { 394 394 + u.Insert(item) 395 395 + } 396 396 + 397 397 + // (A u B)' = A' n B' 398 398 + union := Collect(s1.Union(s2)) 399 399 + complementUnion := Collect(u.Difference(union)) 400 400 + 401 401 + complementS1 := Collect(u.Difference(s1)) 402 402 + complementS2 := Collect(u.Difference(s2)) 403 403 + intersectionComplements := Collect(complementS1.Intersection(complementS2)) 404 404 + 405 405 + return complementUnion.Equal(intersectionComplements) 406 406 + } 407 407 + 408 408 + if err := quick.Check(f, nil); err != nil { 409 409 + t.Error(err) 410 410 + } 411 411 + }

+1

spindle/db/repos.go

··· 16 16 if err != nil { 17 17 return nil, err 18 18 } 19 19 + defer rows.Close() 19 20 20 21 var knots []string 21 22 for rows.Next() {

+22 -21

spindle/engine/engine.go

··· 3 3 import ( 4 4 "context" 5 5 "errors" 6 6 - "fmt" 7 6 "log/slog" 7 7 + "sync" 8 8 9 9 securejoin "github.com/cyphar/filepath-securejoin" 10 10 - "golang.org/x/sync/errgroup" 11 10 "tangled.org/core/notifier" 12 11 "tangled.org/core/spindle/config" 13 12 "tangled.org/core/spindle/db" ··· 31 30 } 32 31 } 33 32 34 34 - eg, ctx := errgroup.WithContext(ctx) 33 33 + var wg sync.WaitGroup 35 34 for eng, wfs := range pipeline.Workflows { 36 35 workflowTimeout := eng.WorkflowTimeout() 37 36 l.Info("using workflow timeout", "timeout", workflowTimeout) 38 37 39 38 for _, w := range wfs { 40 40 - eg.Go(func() error { 39 39 + wg.Add(1) 40 40 + go func() { 41 41 + defer wg.Done() 42 42 + 41 43 wid := models.WorkflowId{ 42 44 PipelineId: pipelineId, 43 45 Name: w.Name, ··· 45 47 46 48 err := db.StatusRunning(wid, n) 47 49 if err != nil { 48 48 - return err 50 50 + l.Error("failed to set workflow status to running", "wid", wid, "err", err) 51 51 + return 49 52 } 50 53 51 54 err = eng.SetupWorkflow(ctx, wid, &w) ··· 61 64 62 65 dbErr := db.StatusFailed(wid, err.Error(), -1, n) 63 66 if dbErr != nil { 64 64 - return dbErr 67 67 + l.Error("failed to set workflow status to failed", "wid", wid, "err", dbErr) 65 68 } 66 66 - return err 69 69 + return 67 70 } 68 71 defer eng.DestroyWorkflow(ctx, wid) 69 72 70 70 - wfLogger, err := models.NewWorkflowLogger(cfg.Server.LogDir, wid) 73 73 + secretValues := make([]string, len(allSecrets)) 74 74 + for i, s := range allSecrets { 75 75 + secretValues[i] = s.Value 76 76 + } 77 77 + wfLogger, err := models.NewWorkflowLogger(cfg.Server.LogDir, wid, secretValues) 71 78 if err != nil { 72 79 l.Warn("failed to setup step logger; logs will not be persisted", "error", err) 73 80 wfLogger = nil ··· 99 106 if errors.Is(err, ErrTimedOut) { 100 107 dbErr := db.StatusTimeout(wid, n) 101 108 if dbErr != nil { 102 102 - return dbErr 109 109 + l.Error("failed to set workflow status to timeout", "wid", wid, "err", dbErr) 103 110 } 104 111 } else { 105 112 dbErr := db.StatusFailed(wid, err.Error(), -1, n) 106 113 if dbErr != nil { 107 107 - return dbErr 114 114 + l.Error("failed to set workflow status to failed", "wid", wid, "err", dbErr) 108 115 } 109 116 } 110 110 - 111 111 - return fmt.Errorf("starting steps image: %w", err) 117 117 + return 112 118 } 113 119 } 114 120 115 121 err = db.StatusSuccess(wid, n) 116 122 if err != nil { 117 117 - return err 123 123 + l.Error("failed to set workflow status to success", "wid", wid, "err", err) 118 124 } 119 119 - 120 120 - return nil 121 121 - }) 125 125 + }() 122 126 } 123 127 } 124 128 125 125 - if err := eg.Wait(); err != nil { 126 126 - l.Error("failed to run one or more workflows", "err", err) 127 127 - } else { 128 128 - l.Info("successfully ran full pipeline") 129 129 - } 129 129 + wg.Wait() 130 130 + l.Info("all workflows completed") 130 131 }

+5 -3

spindle/engines/nixery/engine.go

··· 294 294 workflowEnvs.AddEnv(s.Key, s.Value) 295 295 } 296 296 297 297 - step := w.Steps[idx].(Step) 297 297 + step := w.Steps[idx] 298 298 299 299 select { 300 300 case <-ctx.Done(): ··· 303 303 } 304 304 305 305 envs := append(EnvVars(nil), workflowEnvs...) 306 306 - for k, v := range step.environment { 307 307 - envs.AddEnv(k, v) 306 306 + if nixStep, ok := step.(Step); ok { 307 307 + for k, v := range nixStep.environment { 308 308 + envs.AddEnv(k, v) 309 309 + } 308 310 } 309 311 envs.AddEnv("HOME", homeDir) 310 312

+6 -1

spindle/models/logger.go

··· 12 12 type WorkflowLogger struct { 13 13 file *os.File 14 14 encoder *json.Encoder 15 15 + mask *SecretMask 15 16 } 16 17 17 17 - func NewWorkflowLogger(baseDir string, wid WorkflowId) (*WorkflowLogger, error) { 18 18 + func NewWorkflowLogger(baseDir string, wid WorkflowId, secretValues []string) (*WorkflowLogger, error) { 18 19 path := LogFilePath(baseDir, wid) 19 20 20 21 file, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) ··· 25 26 return &WorkflowLogger{ 26 27 file: file, 27 28 encoder: json.NewEncoder(file), 29 29 + mask: NewSecretMask(secretValues), 28 30 }, nil 29 31 } 30 32 ··· 62 64 63 65 func (w *dataWriter) Write(p []byte) (int, error) { 64 66 line := strings.TrimRight(string(p), "\r\n") 67 67 + if w.logger.mask != nil { 68 68 + line = w.logger.mask.Mask(line) 69 69 + } 65 70 entry := NewDataLogLine(w.idx, line, w.stream) 66 71 if err := w.logger.encoder.Encode(entry); err != nil { 67 72 return 0, err

+51

spindle/models/secret_mask.go

··· 1 1 + package models 2 2 + 3 3 + import ( 4 4 + "encoding/base64" 5 5 + "strings" 6 6 + ) 7 7 + 8 8 + // SecretMask replaces secret values in strings with "***". 9 9 + type SecretMask struct { 10 10 + replacer *strings.Replacer 11 11 + } 12 12 + 13 13 + // NewSecretMask creates a mask for the given secret values. 14 14 + // Also registers base64-encoded variants of each secret. 15 15 + func NewSecretMask(values []string) *SecretMask { 16 16 + var pairs []string 17 17 + 18 18 + for _, value := range values { 19 19 + if value == "" { 20 20 + continue 21 21 + } 22 22 + 23 23 + pairs = append(pairs, value, "***") 24 24 + 25 25 + b64 := base64.StdEncoding.EncodeToString([]byte(value)) 26 26 + if b64 != value { 27 27 + pairs = append(pairs, b64, "***") 28 28 + } 29 29 + 30 30 + b64NoPad := strings.TrimRight(b64, "=") 31 31 + if b64NoPad != b64 && b64NoPad != value { 32 32 + pairs = append(pairs, b64NoPad, "***") 33 33 + } 34 34 + } 35 35 + 36 36 + if len(pairs) == 0 { 37 37 + return nil 38 38 + } 39 39 + 40 40 + return &SecretMask{ 41 41 + replacer: strings.NewReplacer(pairs...), 42 42 + } 43 43 + } 44 44 + 45 45 + // Mask replaces all registered secret values with "***". 46 46 + func (m *SecretMask) Mask(input string) string { 47 47 + if m == nil || m.replacer == nil { 48 48 + return input 49 49 + } 50 50 + return m.replacer.Replace(input) 51 51 + }

+135

spindle/models/secret_mask_test.go

··· 1 1 + package models 2 2 + 3 3 + import ( 4 4 + "encoding/base64" 5 5 + "testing" 6 6 + ) 7 7 + 8 8 + func TestSecretMask_BasicMasking(t *testing.T) { 9 9 + mask := NewSecretMask([]string{"mysecret123"}) 10 10 + 11 11 + input := "The password is mysecret123 in this log" 12 12 + expected := "The password is *** in this log" 13 13 + 14 14 + result := mask.Mask(input) 15 15 + if result != expected { 16 16 + t.Errorf("expected %q, got %q", expected, result) 17 17 + } 18 18 + } 19 19 + 20 20 + func TestSecretMask_Base64Encoded(t *testing.T) { 21 21 + secret := "mysecret123" 22 22 + mask := NewSecretMask([]string{secret}) 23 23 + 24 24 + b64 := base64.StdEncoding.EncodeToString([]byte(secret)) 25 25 + input := "Encoded: " + b64 26 26 + expected := "Encoded: ***" 27 27 + 28 28 + result := mask.Mask(input) 29 29 + if result != expected { 30 30 + t.Errorf("expected %q, got %q", expected, result) 31 31 + } 32 32 + } 33 33 + 34 34 + func TestSecretMask_Base64NoPadding(t *testing.T) { 35 35 + // "test" encodes to "dGVzdA==" with padding 36 36 + secret := "test" 37 37 + mask := NewSecretMask([]string{secret}) 38 38 + 39 39 + b64NoPad := "dGVzdA" // base64 without padding 40 40 + input := "Token: " + b64NoPad 41 41 + expected := "Token: ***" 42 42 + 43 43 + result := mask.Mask(input) 44 44 + if result != expected { 45 45 + t.Errorf("expected %q, got %q", expected, result) 46 46 + } 47 47 + } 48 48 + 49 49 + func TestSecretMask_MultipleSecrets(t *testing.T) { 50 50 + mask := NewSecretMask([]string{"password1", "apikey123"}) 51 51 + 52 52 + input := "Using password1 and apikey123 for auth" 53 53 + expected := "Using *** and *** for auth" 54 54 + 55 55 + result := mask.Mask(input) 56 56 + if result != expected { 57 57 + t.Errorf("expected %q, got %q", expected, result) 58 58 + } 59 59 + } 60 60 + 61 61 + func TestSecretMask_MultipleOccurrences(t *testing.T) { 62 62 + mask := NewSecretMask([]string{"secret"}) 63 63 + 64 64 + input := "secret appears twice: secret" 65 65 + expected := "*** appears twice: ***" 66 66 + 67 67 + result := mask.Mask(input) 68 68 + if result != expected { 69 69 + t.Errorf("expected %q, got %q", expected, result) 70 70 + } 71 71 + } 72 72 + 73 73 + func TestSecretMask_ShortValues(t *testing.T) { 74 74 + mask := NewSecretMask([]string{"abc", "xy", ""}) 75 75 + 76 76 + if mask == nil { 77 77 + t.Fatal("expected non-nil mask") 78 78 + } 79 79 + 80 80 + input := "abc xy test" 81 81 + expected := "*** *** test" 82 82 + result := mask.Mask(input) 83 83 + if result != expected { 84 84 + t.Errorf("expected %q, got %q", expected, result) 85 85 + } 86 86 + } 87 87 + 88 88 + func TestSecretMask_NilMask(t *testing.T) { 89 89 + var mask *SecretMask 90 90 + 91 91 + input := "some input text" 92 92 + result := mask.Mask(input) 93 93 + if result != input { 94 94 + t.Errorf("expected %q, got %q", input, result) 95 95 + } 96 96 + } 97 97 + 98 98 + func TestSecretMask_EmptyInput(t *testing.T) { 99 99 + mask := NewSecretMask([]string{"secret"}) 100 100 + 101 101 + result := mask.Mask("") 102 102 + if result != "" { 103 103 + t.Errorf("expected empty string, got %q", result) 104 104 + } 105 105 + } 106 106 + 107 107 + func TestSecretMask_NoMatch(t *testing.T) { 108 108 + mask := NewSecretMask([]string{"secretvalue"}) 109 109 + 110 110 + input := "nothing to mask here" 111 111 + result := mask.Mask(input) 112 112 + if result != input { 113 113 + t.Errorf("expected %q, got %q", input, result) 114 114 + } 115 115 + } 116 116 + 117 117 + func TestSecretMask_EmptySecretsList(t *testing.T) { 118 118 + mask := NewSecretMask([]string{}) 119 119 + 120 120 + if mask != nil { 121 121 + t.Error("expected nil mask for empty secrets list") 122 122 + } 123 123 + } 124 124 + 125 125 + func TestSecretMask_EmptySecretsFiltered(t *testing.T) { 126 126 + mask := NewSecretMask([]string{"ab", "validpassword", "", "xyz"}) 127 127 + 128 128 + input := "Using validpassword here" 129 129 + expected := "Using *** here" 130 130 + 131 131 + result := mask.Mask(input) 132 132 + if result != expected { 133 133 + t.Errorf("expected %q, got %q", expected, result) 134 134 + } 135 135 + }

+1 -1

spindle/motd

··· 20 20 ** 21 21 ******** 22 22 23 23 - This is a spindle server. More info at https://tangled.sh/@tangled.sh/core/tree/master/docs/spindle 23 23 + This is a spindle server. More info at https://docs.tangled.org/spindles.html#spindles 24 24 25 25 Most API routes are under /xrpc/

+31 -13

spindle/server.go

··· 8 8 "log/slog" 9 9 "maps" 10 10 "net/http" 11 11 + "sync" 11 12 12 13 "github.com/go-chi/chi/v5" 13 14 "tangled.org/core/api/tangled" ··· 30 31 ) 31 32 32 33 //go:embed motd 33 33 - var motd []byte 34 34 + var defaultMotd []byte 34 35 35 36 const ( 36 37 rbacDomain = "thisserver" 37 38 ) 38 39 39 40 type Spindle struct { 40 40 - jc *jetstream.JetstreamClient 41 41 - db *db.DB 42 42 - e *rbac.Enforcer 43 43 - l *slog.Logger 44 44 - n *notifier.Notifier 45 45 - engs map[string]models.Engine 46 46 - jq *queue.Queue 47 47 - cfg *config.Config 48 48 - ks *eventconsumer.Consumer 49 49 - res *idresolver.Resolver 50 50 - vault secrets.Manager 41 41 + jc *jetstream.JetstreamClient 42 42 + db *db.DB 43 43 + e *rbac.Enforcer 44 44 + l *slog.Logger 45 45 + n *notifier.Notifier 46 46 + engs map[string]models.Engine 47 47 + jq *queue.Queue 48 48 + cfg *config.Config 49 49 + ks *eventconsumer.Consumer 50 50 + res *idresolver.Resolver 51 51 + vault secrets.Manager 52 52 + motd []byte 53 53 + motdMu sync.RWMutex 51 54 } 52 55 53 56 // New creates a new Spindle server with the provided configuration and engines. ··· 128 131 cfg: cfg, 129 132 res: resolver, 130 133 vault: vault, 134 134 + motd: defaultMotd, 131 135 } 132 136 133 137 err = e.AddSpindle(rbacDomain) ··· 201 205 return s.e 202 206 } 203 207 208 208 + // SetMotdContent sets custom MOTD content, replacing the embedded default. 209 209 + func (s *Spindle) SetMotdContent(content []byte) { 210 210 + s.motdMu.Lock() 211 211 + defer s.motdMu.Unlock() 212 212 + s.motd = content 213 213 + } 214 214 + 215 215 + // GetMotdContent returns the current MOTD content. 216 216 + func (s *Spindle) GetMotdContent() []byte { 217 217 + s.motdMu.RLock() 218 218 + defer s.motdMu.RUnlock() 219 219 + return s.motd 220 220 + } 221 221 + 204 222 // Start starts the Spindle server (blocking). 205 223 func (s *Spindle) Start(ctx context.Context) error { 206 224 // starts a job queue runner in the background ··· 246 264 mux := chi.NewRouter() 247 265 248 266 mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { 249 249 - w.Write(motd) 267 267 + w.Write(s.GetMotdContent()) 250 268 }) 251 269 mux.HandleFunc("/events", s.Events) 252 270 mux.HandleFunc("/logs/{knot}/{rkey}/{name}", s.Logs)

+1 -1

tailwind.config.js

··· 2 2 const colors = require("tailwindcss/colors"); 3 3 4 4 module.exports = { 5 5 - content: ["./appview/pages/templates/**/*.html", "./appview/pages/chroma.go"], 5 5 + content: ["./appview/pages/templates/**/*.html", "./appview/pages/chroma.go", "./docs/*.html"], 6 6 darkMode: "media", 7 7 theme: { 8 8 container: {

+6 -1

types/commit.go

··· 174 174 175 175 func (commit Commit) CoAuthors() []object.Signature { 176 176 var coAuthors []object.Signature 177 177 - 177 177 + seen := make(map[string]bool) 178 178 matches := coAuthorRegex.FindAllStringSubmatch(commit.Message, -1) 179 179 180 180 for _, match := range matches { 181 181 if len(match) >= 3 { 182 182 name := strings.TrimSpace(match[1]) 183 183 email := strings.TrimSpace(match[2]) 184 184 + 185 185 + if seen[email] { 186 186 + continue 187 187 + } 188 188 + seen[email] = true 184 189 185 190 coAuthors = append(coAuthors, object.Signature{ 186 191 Name: name,

+3

types/diff.go

··· 74 74 75 75 // used by html elements as a unique ID for hrefs 76 76 func (d *Diff) Id() string { 77 77 + if d.IsDelete { 78 78 + return d.Name.Old 79 79 + } 77 80 return d.Name.New 78 81 } 79 82

+112

types/diff_test.go

··· 1 1 + package types 2 2 + 3 3 + import "testing" 4 4 + 5 5 + func TestDiffId(t *testing.T) { 6 6 + tests := []struct { 7 7 + name string 8 8 + diff Diff 9 9 + expected string 10 10 + }{ 11 11 + { 12 12 + name: "regular file uses new name", 13 13 + diff: Diff{ 14 14 + Name: struct { 15 15 + Old string `json:"old"` 16 16 + New string `json:"new"` 17 17 + }{Old: "", New: "src/main.go"}, 18 18 + }, 19 19 + expected: "src/main.go", 20 20 + }, 21 21 + { 22 22 + name: "new file uses new name", 23 23 + diff: Diff{ 24 24 + Name: struct { 25 25 + Old string `json:"old"` 26 26 + New string `json:"new"` 27 27 + }{Old: "", New: "src/new.go"}, 28 28 + IsNew: true, 29 29 + }, 30 30 + expected: "src/new.go", 31 31 + }, 32 32 + { 33 33 + name: "deleted file uses old name", 34 34 + diff: Diff{ 35 35 + Name: struct { 36 36 + Old string `json:"old"` 37 37 + New string `json:"new"` 38 38 + }{Old: "src/deleted.go", New: ""}, 39 39 + IsDelete: true, 40 40 + }, 41 41 + expected: "src/deleted.go", 42 42 + }, 43 43 + { 44 44 + name: "renamed file uses new name", 45 45 + diff: Diff{ 46 46 + Name: struct { 47 47 + Old string `json:"old"` 48 48 + New string `json:"new"` 49 49 + }{Old: "src/old.go", New: "src/renamed.go"}, 50 50 + IsRename: true, 51 51 + }, 52 52 + expected: "src/renamed.go", 53 53 + }, 54 54 + } 55 55 + 56 56 + for _, tt := range tests { 57 57 + t.Run(tt.name, func(t *testing.T) { 58 58 + if got := tt.diff.Id(); got != tt.expected { 59 59 + t.Errorf("Diff.Id() = %q, want %q", got, tt.expected) 60 60 + } 61 61 + }) 62 62 + } 63 63 + } 64 64 + 65 65 + func TestChangedFilesMatchesDiffId(t *testing.T) { 66 66 + // ChangedFiles() must return values matching each Diff's Id() 67 67 + // so that sidebar links point to the correct anchors. 68 68 + // Tests existing, deleted, new, and renamed files. 69 69 + nd := NiceDiff{ 70 70 + Diff: []Diff{ 71 71 + { 72 72 + Name: struct { 73 73 + Old string `json:"old"` 74 74 + New string `json:"new"` 75 75 + }{Old: "", New: "src/modified.go"}, 76 76 + }, 77 77 + { 78 78 + Name: struct { 79 79 + Old string `json:"old"` 80 80 + New string `json:"new"` 81 81 + }{Old: "src/deleted.go", New: ""}, 82 82 + IsDelete: true, 83 83 + }, 84 84 + { 85 85 + Name: struct { 86 86 + Old string `json:"old"` 87 87 + New string `json:"new"` 88 88 + }{Old: "", New: "src/new.go"}, 89 89 + IsNew: true, 90 90 + }, 91 91 + { 92 92 + Name: struct { 93 93 + Old string `json:"old"` 94 94 + New string `json:"new"` 95 95 + }{Old: "src/old.go", New: "src/renamed.go"}, 96 96 + IsRename: true, 97 97 + }, 98 98 + }, 99 99 + } 100 100 + 101 101 + changedFiles := nd.ChangedFiles() 102 102 + 103 103 + if len(changedFiles) != len(nd.Diff) { 104 104 + t.Fatalf("ChangedFiles() returned %d items, want %d", len(changedFiles), len(nd.Diff)) 105 105 + } 106 106 + 107 107 + for i, diff := range nd.Diff { 108 108 + if changedFiles[i] != diff.Id() { 109 109 + t.Errorf("ChangedFiles()[%d] = %q, but Diff.Id() = %q", i, changedFiles[i], diff.Id()) 110 110 + } 111 111 + } 112 112 + }