Signed-off-by: Seongmin Lee <boltlessengineer@proton.me>

- Heavily inspired by gitea
- add `GetAllIssues` which only receives a paginator and gathers all
issues ignoring `repoAt` field

Signed-off-by: Seongmin Lee <boltlessengineer@proton.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

the final addition to my collection of oauth fixes: the session cookie
is not a sufficient indication of a logged-in-ness of a user, we
additionally validate this cookie against the session on redis using
ResumeSession and kick users out if their session is invalid.

previously, a user may have appeared to be logged in (via the profile
picture on the top right), but creating an auth'd request would have
login-prompted them.

Signed-off-by: oppiliappan <me@oppi.li>

if sessions are inactive for too long, tokens will not be refreshed, and
calling authorized xrpc methods will error out with invalid_grant. this
changeset does two things:

- tracks the last time a session was active using a new redis pair:
`oauth:session_meta:<did>:<session>`, this is updated every time
`SaveSession` is called
- checks for session inactivity every time `GetSession` is called, and
deletes the session if so

this way, `GetSession` will never return a session with expired tokens.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

this change makes our tangled appview a "confidential" client.

this change includes breaking changes to the appview service, it now
requires two different environment variables:

- TANGLED_OAUTH_CLIENT_SECRET: the secret component of the old JWKs
object
- TANGLED_OAUTH_CLIENT_KID: the key ID the old JWKs object

both of these can be extracted from the old JWKs object: `obj.d` and
`obj.kid` respectively.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

we invalidate resolutions in our ingester, but the oauth SDK seems to
bring its own directory! this changeset shares them instead.

thanks to nel.pet <did:plc:h5wsnqetncv6lu2weom35lg2> for the hint.

Signed-off-by: oppiliappan <me@oppi.li>

Each methods will check if `page.limit` is higher than 0, and only
applies pagination when limit is higher than 0

Signed-off-by: Seongmin Lee <git@boltless.me>

introduce helper methods: `IntoContext` and `FromContext`
these will help using pagination obj form context easier and make it
less error-prune by using private empty struct as a key instead of raw
string

Signed-off-by: Seongmin Lee <git@boltless.me>

Close: #271
Signed-off-by: Seongmin Lee <git@boltless.me>

kaniko (and other docker build tools) require permission to change file ownership to successfully build containers.

i'm leaving this here for consideration, not sure about this security wise,, the better solution would be to use kvm, i think. in our case docker is running in sysbox without `privileged: true` so it _should_ be fine(??)

Signed-off-by: zenfyr.dev <mail@melontini.me>

this bug prevented following did:web accounts on tangled... because of a
htmx target error.

Signed-off-by: oppiliappan <me@oppi.li>

also uses reflection to unify implementations

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

`autocapitalize` and `autocorrect` will prevent mobile browsers from
autocorrecting the user handle

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: oppiliappan <me@oppi.li>

This reverts commit 55812240c5d183e7195d2762e80074062a8c999f.

Signed-off-by: oppiliappan <me@oppi.li>

additionaly: notifies collaborators on certain events:

- issue: creation, closing
- pull: creation, closing and merging

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

The knotserver can now use alternative PLCs for DID resolution
by setting the env var KNOT_SERVER_PLC_URL. The default identity
directory was copied out of the at proto lib and updated to take
in a target url for the PLC being used to do this.

Same goes for appview with TANGLED_PLC_URL and spindle with
SPINDLE_SERVER_PLC_URL

This allows tangled to run on fully sandboxed atmosphere infra

Co-authored-by: Shail Patel <shailpatel67@gmail.com>
Co-authored-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: oppiliappan <me@oppi.li>

if the upstream was updated, fork based PRs would be unable to resubmit.
this is because the hidden tracking ref was not updated before
performing a comparison, it was performed *after*. the ordering of
events was incorrect.

additionaly, the RepoCompare call was being made against
pull.TargetBranch when it should have been against the hidden ref.

Signed-off-by: oppiliappan <me@oppi.li>

automatically adds a newline to patches that are missing one.

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

PullSource already contains RepoAt, we do not have to access the
optional Repo field.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Ivan Chinenov <hjvt@hjvt.dev>

this is calculated by the knotserver in sh.tangled.repo.compare and
cached by the appview in pull submissions, this cannot be calculated on
the appview side with just the format-patch because this calculation
requires a git-index.

Signed-off-by: oppiliappan <me@oppi.li>

the SHA stored on the sh.tangled.repo.pull record was incorrect, causing
spindles to report the wrong SHA in pipeline statuses.

Signed-off-by: oppiliappan <me@oppi.li>

patch equality is cool, but insufficent to represent the change of a
change. the underlying context could have changed.

Signed-off-by: oppiliappan <me@oppi.li>

workflow accepts list and single item syntax, we don't need a list of
strings for the branch specifier.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

needs a lot more work, but we now inject slog in several places.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

could be a source of zombie processes.

Signed-off-by: oppiliappan <me@oppi.li>

Before this we incorrectly assumed that the git user Did was the same as
the repo Did, this is not the case. We now take the repo Did as an
argument to the replyCompare function

Signed-off-by: Samuel Shuert <me@thecoded.prof>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: saturnvi <did:plc:l7ufwp4ypley2oghdml3ohcm>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: oppiliappan <me@oppi.li>

the DID being used should be the repo-owner's DID and not the actor's
DID.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

we don't need this anymore, the topbar and footer layouts are stable

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>