nolith.dev / tangled-core
forked from tangled.org/core
Monorepo for Tangled
fork atom
tangled-core / knotserver / xrpc / set_default_branch.go
at local-dev 86 lines 2.3 kB view raw
nolith.dev idresolver: add PDSClient() helper to reduce duplication
fc5a00ee
1package xrpc 2 3import ( 4 "encoding/json" 5 "net/http" 6 7 comatproto "github.com/bluesky-social/indigo/api/atproto" 8 "github.com/bluesky-social/indigo/atproto/syntax" 9 securejoin "github.com/cyphar/filepath-securejoin" 10 "tangled.org/core/api/tangled" 11 "tangled.org/core/knotserver/git" 12 "tangled.org/core/rbac" 13 14 xrpcerr "tangled.org/core/xrpc/errors" 15) 16 17const ActorDid string = "ActorDid" 18 19func (x *Xrpc) SetDefaultBranch(w http.ResponseWriter, r *http.Request) { 20 l := x.Logger 21 fail := func(e xrpcerr.XrpcError) { 22 l.Error("failed", "kind", e.Tag, "error", e.Message) 23 writeError(w, e, http.StatusBadRequest) 24 } 25 26 actorDid, ok := r.Context().Value(ActorDid).(syntax.DID) 27 if !ok { 28 fail(xrpcerr.MissingActorDidError) 29 return 30 } 31 32 var data tangled.RepoSetDefaultBranch_Input 33 if err := json.NewDecoder(r.Body).Decode(&data); err != nil { 34 fail(xrpcerr.GenericError(err)) 35 return 36 } 37 38 // unfortunately we have to resolve repo-at here 39 repoAt, err := syntax.ParseATURI(data.Repo) 40 if err != nil { 41 fail(xrpcerr.InvalidRepoError(data.Repo)) 42 return 43 } 44 45 // resolve this aturi to extract the repo record 46 _, pdsClient, err := x.Resolver.PDSClient(r.Context(), repoAt.Authority().String()) 47 if err != nil { 48 fail(xrpcerr.GenericError(err)) 49 return 50 } 51 52 resp, err := comatproto.RepoGetRecord(r.Context(), pdsClient, "", tangled.RepoNSID, repoAt.Authority().String(), repoAt.RecordKey().String()) 53 if err != nil { 54 fail(xrpcerr.GenericError(err)) 55 return 56 } 57 58 repo := resp.Value.Val.(*tangled.Repo) 59 didPath, err := securejoin.SecureJoin(actorDid.String(), repo.Name) 60 if err != nil { 61 fail(xrpcerr.GenericError(err)) 62 return 63 } 64 65 if ok, err := x.Enforcer.IsPushAllowed(actorDid.String(), rbac.ThisServer, didPath); !ok || err != nil { 66 l.Error("insufficent permissions", "did", actorDid.String()) 67 writeError(w, xrpcerr.AccessControlError(actorDid.String()), http.StatusUnauthorized) 68 return 69 } 70 71 path, _ := securejoin.SecureJoin(x.Config.Repo.ScanPath, didPath) 72 gr, err := git.PlainOpen(path) 73 if err != nil { 74 fail(xrpcerr.GenericError(err)) 75 return 76 } 77 78 err = gr.SetDefaultBranch(data.DefaultBranch) 79 if err != nil { 80 l.Error("setting default branch", "error", err.Error()) 81 writeError(w, xrpcerr.GitError(err), http.StatusInternalServerError) 82 return 83 } 84 85 w.WriteHeader(http.StatusOK) 86}