regnault.dev / core
forked from tangled.org/core
Monorepo for Tangled
fork atom

spindle: rework ownership state

ownership is reset upon boot based on config.


Signed-off-by: oppiliappan <me@oppi.li>

oppi.li fce55b57 2975e4bd

verified
options
unified split
Changed files
+28 -10
appview
state
spindlestream.go
nix
vm.nix
spindle
server.go
+4 -1
appview/state/spindlestream.go
··· 20 ) 21 22 func Spindlestream(ctx context.Context, c *config.Config, d *db.DB, enforcer *rbac.Enforcer) (*ec.Consumer, error) { 23 - spindles, err := db.GetSpindles(d) 24 if err != nil { 25 return nil, err 26 }
··· 20 ) 21 22 func Spindlestream(ctx context.Context, c *config.Config, d *db.DB, enforcer *rbac.Enforcer) (*ec.Consumer, error) { 23 + spindles, err := db.GetSpindles( 24 + d, 25 + db.FilterIsNot("verified", "null"), 26 + ) 27 if err != nil { 28 return nil, err 29 }
+1 -1
nix/vm.nix
··· 21 g = config.services.tangled-knot.gitUser; 22 in [ 23 "d /var/lib/knot 0770 ${u} ${g} - -" # Create the directory first 24 - "f+ /var/lib/knot/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=7387221d57e64499b179a9dff19c5f1abf436470e2976d3585badddad5282970" 25 ]; 26 services.tangled-knot = { 27 enable = true;
··· 21 g = config.services.tangled-knot.gitUser; 22 in [ 23 "d /var/lib/knot 0770 ${u} ${g} - -" # Create the directory first 24 + "f+ /var/lib/knot/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=168c426fa6d9829fcbe85c96bdf144e800fb9737d6ca87f21acc543b1aa3e440" 25 ]; 26 services.tangled-knot = { 27 enable = true;
+23 -8
spindle/server.go
··· 218 219 func (s *Spindle) configureOwner() error { 220 cfgOwner := s.cfg.Server.Owner 221 - serverOwner, err := s.e.GetUserByRole("server:owner", rbacDomain) 222 if err != nil { 223 - return fmt.Errorf("failed to fetch server:owner: %w", err) 224 } 225 226 - if len(serverOwner) == 0 { 227 - s.e.AddKnotOwner(rbacDomain, cfgOwner) 228 - } else { 229 - if serverOwner[0] != cfgOwner { 230 - return fmt.Errorf("server owner mismatch: %s != %s", cfgOwner, serverOwner[0]) 231 } 232 } 233 - return nil 234 }
··· 218 219 func (s *Spindle) configureOwner() error { 220 cfgOwner := s.cfg.Server.Owner 221 + 222 + existing, err := s.e.GetSpindleUsersByRole("server:owner", rbacDomain) 223 if err != nil { 224 + return err 225 } 226 227 + switch len(existing) { 228 + case 0: 229 + // no owner configured, continue 230 + case 1: 231 + // find existing owner 232 + existingOwner := existing[0] 233 + 234 + // no ownership change, this is okay 235 + if existingOwner == s.cfg.Server.Owner { 236 + break 237 + } 238 + 239 + // remove existing owner 240 + err = s.e.RemoveSpindleOwner(rbacDomain, existingOwner) 241 + if err != nil { 242 + return nil 243 } 244 + default: 245 + return fmt.Errorf("more than one owner in DB, try deleting %q and starting over", s.cfg.Server.DBPath) 246 } 247 + 248 + return s.e.AddSpindleOwner(rbacDomain, cfgOwner) 249 }