appview/middleware/middleware.go at master

matmanna.dev / core
forked from tangled.org/core
fork atom
Monorepo for Tangled
fork atom
core / appview / middleware / middleware.go
at master 360 lines 10 kB view raw
wrap content
oyster.cafe appview/profile: save and use preferred user handle 3d ago
d3de6118
  1package middleware
  2
  3import (
  4	"context"
  5	"fmt"
  6	"log"
  7	"net/http"
  8	"net/url"
  9	"slices"
 10	"strconv"
 11	"strings"
 12
 13	"github.com/bluesky-social/indigo/atproto/identity"
 14	"github.com/bluesky-social/indigo/atproto/syntax"
 15	"github.com/go-chi/chi/v5"
 16	"tangled.org/core/appview/db"
 17	"tangled.org/core/appview/oauth"
 18	"tangled.org/core/appview/pages"
 19	"tangled.org/core/appview/pagination"
 20	"tangled.org/core/appview/reporesolver"
 21	"tangled.org/core/idresolver"
 22	"tangled.org/core/orm"
 23	"tangled.org/core/rbac"
 24)
 25
 26type Middleware struct {
 27	oauth        *oauth.OAuth
 28	db           *db.DB
 29	enforcer     *rbac.Enforcer
 30	repoResolver *reporesolver.RepoResolver
 31	idResolver   *idresolver.Resolver
 32	pages        *pages.Pages
 33}
 34
 35func New(oauth *oauth.OAuth, db *db.DB, enforcer *rbac.Enforcer, repoResolver *reporesolver.RepoResolver, idResolver *idresolver.Resolver, pages *pages.Pages) Middleware {
 36	return Middleware{
 37		oauth:        oauth,
 38		db:           db,
 39		enforcer:     enforcer,
 40		repoResolver: repoResolver,
 41		idResolver:   idResolver,
 42		pages:        pages,
 43	}
 44}
 45
 46type middlewareFunc func(http.Handler) http.Handler
 47
 48func AuthMiddleware(o *oauth.OAuth) middlewareFunc {
 49	return func(next http.Handler) http.Handler {
 50		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 51			returnURL := "/"
 52			if u, err := url.Parse(r.Header.Get("Referer")); err == nil {
 53				returnURL = u.RequestURI()
 54			}
 55
 56			loginURL := fmt.Sprintf("/login?return_url=%s", url.QueryEscape(returnURL))
 57
 58			redirectFunc := func(w http.ResponseWriter, r *http.Request) {
 59				http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
 60			}
 61			if r.Header.Get("HX-Request") == "true" {
 62				redirectFunc = func(w http.ResponseWriter, _ *http.Request) {
 63					w.Header().Set("HX-Redirect", loginURL)
 64					w.WriteHeader(http.StatusOK)
 65				}
 66			}
 67
 68			sess, err := o.ResumeSession(r)
 69			if err != nil {
 70				log.Println("failed to resume session, redirecting...", "err", err, "url", r.URL.String())
 71				redirectFunc(w, r)
 72				return
 73			}
 74
 75			if sess == nil {
 76				log.Printf("session is nil, redirecting...")
 77				redirectFunc(w, r)
 78				return
 79			}
 80
 81			next.ServeHTTP(w, r)
 82		})
 83	}
 84}
 85
 86func Paginate(next http.Handler) http.Handler {
 87	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 88		page := pagination.FirstPage()
 89
 90		offsetVal := r.URL.Query().Get("offset")
 91		if offsetVal != "" {
 92			offset, err := strconv.Atoi(offsetVal)
 93			if err != nil {
 94				log.Println("invalid offset")
 95			} else {
 96				page.Offset = offset
 97			}
 98		}
 99
100		limitVal := r.URL.Query().Get("limit")
101		if limitVal != "" {
102			limit, err := strconv.Atoi(limitVal)
103			if err != nil {
104				log.Println("invalid limit")
105			} else {
106				page.Limit = limit
107			}
108		}
109
110		ctx := pagination.IntoContext(r.Context(), page)
111		next.ServeHTTP(w, r.WithContext(ctx))
112	})
113}
114
115func (mw Middleware) knotRoleMiddleware(group string) middlewareFunc {
116	return func(next http.Handler) http.Handler {
117		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
118			// requires auth also
119			actor := mw.oauth.GetMultiAccountUser(r)
120			if actor == nil {
121				// we need a logged in user
122				log.Printf("not logged in, redirecting")
123				http.Error(w, "Forbiden", http.StatusUnauthorized)
124				return
125			}
126			domain := chi.URLParam(r, "domain")
127			if domain == "" {
128				http.Error(w, "malformed url", http.StatusBadRequest)
129				return
130			}
131
132			ok, err := mw.enforcer.E.HasGroupingPolicy(actor.Active.Did, group, domain)
133			if err != nil || !ok {
134				log.Printf("%s does not have perms of a %s in domain %s", actor.Active.Did, group, domain)
135				http.Error(w, "Forbiden", http.StatusUnauthorized)
136				return
137			}
138
139			next.ServeHTTP(w, r)
140		})
141	}
142}
143
144func (mw Middleware) KnotOwner() middlewareFunc {
145	return mw.knotRoleMiddleware("server:owner")
146}
147
148func (mw Middleware) RepoPermissionMiddleware(requiredPerm string) middlewareFunc {
149	return func(next http.Handler) http.Handler {
150		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
151			// requires auth also
152			actor := mw.oauth.GetMultiAccountUser(r)
153			if actor == nil {
154				// we need a logged in user
155				log.Printf("not logged in, redirecting")
156				http.Error(w, "Forbiden", http.StatusUnauthorized)
157				return
158			}
159			f, err := mw.repoResolver.Resolve(r)
160			if err != nil {
161				http.Error(w, "malformed url", http.StatusBadRequest)
162				return
163			}
164
165			ok, err := mw.enforcer.E.Enforce(actor.Active.Did, f.Knot, f.DidSlashRepo(), requiredPerm)
166			if err != nil || !ok {
167				log.Printf("%s does not have perms of a %s in repo %s", actor.Active.Did, requiredPerm, f.DidSlashRepo())
168				http.Error(w, "Forbiden", http.StatusUnauthorized)
169				return
170			}
171
172			next.ServeHTTP(w, r)
173		})
174	}
175}
176
177func (mw Middleware) ResolveIdent() middlewareFunc {
178	excluded := []string{"favicon.ico"}
179
180	return func(next http.Handler) http.Handler {
181		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
182			didOrHandle := chi.URLParam(req, "user")
183			didOrHandle = strings.TrimPrefix(didOrHandle, "@")
184
185			if slices.Contains(excluded, didOrHandle) {
186				next.ServeHTTP(w, req)
187				return
188			}
189
190			id, err := mw.idResolver.ResolveIdent(req.Context(), didOrHandle)
191			if err != nil {
192				if h, parseErr := syntax.ParseHandle(didOrHandle); parseErr == nil {
193					if did, lookupErr := db.GetDidByPreferredHandle(mw.db, h); lookupErr == nil {
194						id, err = mw.idResolver.ResolveIdent(req.Context(), string(did))
195					}
196				}
197			}
198			// invalid did or handle
199			if err != nil {
200				log.Printf("failed to resolve did/handle '%s': %s\n", didOrHandle, err)
201				mw.pages.Error404(w)
202				return
203			}
204
205			ctx := context.WithValue(req.Context(), "resolvedId", *id)
206
207			next.ServeHTTP(w, req.WithContext(ctx))
208		})
209	}
210}
211
212func (mw Middleware) ResolveRepo() middlewareFunc {
213	return func(next http.Handler) http.Handler {
214		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
215			repoName := chi.URLParam(req, "repo")
216			repoName = strings.TrimSuffix(repoName, ".git")
217
218			id, ok := req.Context().Value("resolvedId").(identity.Identity)
219			if !ok {
220				log.Println("malformed middleware")
221				w.WriteHeader(http.StatusInternalServerError)
222				return
223			}
224
225			repo, err := db.GetRepo(
226				mw.db,
227				orm.FilterEq("did", id.DID.String()),
228				orm.FilterEq("name", repoName),
229			)
230			if err != nil {
231				log.Println("failed to resolve repo", "err", err)
232				w.WriteHeader(http.StatusNotFound)
233				mw.pages.ErrorKnot404(w)
234				return
235			}
236
237			ctx := context.WithValue(req.Context(), "repo", repo)
238			next.ServeHTTP(w, req.WithContext(ctx))
239		})
240	}
241}
242
243// middleware that is tacked on top of /{user}/{repo}/pulls/{pull}
244func (mw Middleware) ResolvePull() middlewareFunc {
245	return func(next http.Handler) http.Handler {
246		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
247			f, err := mw.repoResolver.Resolve(r)
248			if err != nil {
249				log.Println("failed to fully resolve repo", err)
250				w.WriteHeader(http.StatusNotFound)
251				mw.pages.ErrorKnot404(w)
252				return
253			}
254
255			prId := chi.URLParam(r, "pull")
256			prIdInt, err := strconv.Atoi(prId)
257			if err != nil {
258				log.Println("failed to parse pr id", err)
259				mw.pages.Error404(w)
260				return
261			}
262
263			pr, err := db.GetPull(mw.db, f.RepoAt(), prIdInt)
264			if err != nil {
265				log.Println("failed to get pull and comments", err)
266				mw.pages.Error404(w)
267				return
268			}
269
270			ctx := context.WithValue(r.Context(), "pull", pr)
271
272			if pr.IsStacked() {
273				stack, err := db.GetStack(mw.db, pr.StackId)
274				if err != nil {
275					log.Println("failed to get stack", err)
276					return
277				}
278				abandonedPulls, err := db.GetAbandonedPulls(mw.db, pr.StackId)
279				if err != nil {
280					log.Println("failed to get abandoned pulls", err)
281					return
282				}
283
284				ctx = context.WithValue(ctx, "stack", stack)
285				ctx = context.WithValue(ctx, "abandonedPulls", abandonedPulls)
286			}
287
288			next.ServeHTTP(w, r.WithContext(ctx))
289		})
290	}
291}
292
293// middleware that is tacked on top of /{user}/{repo}/issues/{issue}
294func (mw Middleware) ResolveIssue(next http.Handler) http.Handler {
295	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
296		f, err := mw.repoResolver.Resolve(r)
297		if err != nil {
298			log.Println("failed to fully resolve repo", err)
299			w.WriteHeader(http.StatusNotFound)
300			mw.pages.ErrorKnot404(w)
301			return
302		}
303
304		issueIdStr := chi.URLParam(r, "issue")
305		issueId, err := strconv.Atoi(issueIdStr)
306		if err != nil {
307			log.Println("failed to fully resolve issue ID", err)
308			mw.pages.Error404(w)
309			return
310		}
311
312		issue, err := db.GetIssue(mw.db, f.RepoAt(), issueId)
313		if err != nil {
314			log.Println("failed to get issues", "err", err)
315			mw.pages.Error404(w)
316			return
317		}
318
319		ctx := context.WithValue(r.Context(), "issue", issue)
320		next.ServeHTTP(w, r.WithContext(ctx))
321	})
322}
323
324// this should serve the go-import meta tag even if the path is technically
325// a 404 like tangled.sh/oppi.li/go-git/v5
326//
327// we're keeping the tangled.sh go-import tag too to maintain backward
328// compatiblity for modules that still point there. they will be redirected
329// to fetch source from tangled.org
330func (mw Middleware) GoImport() middlewareFunc {
331	return func(next http.Handler) http.Handler {
332		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
333			f, err := mw.repoResolver.Resolve(r)
334			if err != nil {
335				log.Println("failed to fully resolve repo", err)
336				w.WriteHeader(http.StatusNotFound)
337				mw.pages.ErrorKnot404(w)
338				return
339			}
340
341			fullName := reporesolver.GetBaseRepoPath(r, f)
342
343			if r.Header.Get("User-Agent") == "Go-http-client/1.1" {
344				if r.URL.Query().Get("go-get") == "1" {
345					html := fmt.Sprintf(
346						`<meta name="go-import" content="tangled.sh/%s git https://tangled.sh/%s"/>
347<meta name="go-import" content="tangled.org/%s git https://tangled.org/%s"/>`,
348						fullName, fullName,
349						fullName, fullName,
350					)
351					w.Header().Set("Content-Type", "text/html")
352					w.Write([]byte(html))
353					return
354				}
355			}
356
357			next.ServeHTTP(w, r)
358		})
359	}
360}