draft: appview: service layer #800

+1753 -3

29 changed files

Diff round #7

expand all

unified split

appview

oauth

handler.go

session.go

service

issue

errors.go

issue.go

state.go

repo

errors.go

repo.go

repoinfo.go

session

context.go

session.go

state

legacy_bridge.go

web

handler

oauth_client_metadata.go

oauth_jwks.go

user_repo_issues.go

user_repo_issues_issue.go

user_repo_issues_issue_close.go

user_repo_issues_issue_edit.go

user_repo_issues_issue_reopen.go

user_repo_issues_new.go

middleware

auth.go

ensuredidorhandle.go

log.go

middleware.go

normalize.go

paginate.go

resolve.go

request

context.go

routes.go

cmd

appview

main.go

+2 -2

appview/oauth/handler.go

··· 24 24 25 25 r.Get("/oauth/client-metadata.json", o.clientMetadata) 26 26 r.Get("/oauth/jwks.json", o.jwks) 27 - r.Get("/oauth/callback", o.callback) 27 + r.Get("/oauth/callback", o.Callback) 28 28 return r 29 29 } 30 30 ··· 50 50 } 51 51 } 52 52 53 - func (o *OAuth) callback(w http.ResponseWriter, r *http.Request) { 53 + func (o *OAuth) Callback(w http.ResponseWriter, r *http.Request) { 54 54 ctx := r.Context() 55 55 l := o.Logger.With("query", r.URL.Query()) 56 56

+10

appview/oauth/session.go

··· 1 + package oauth 2 + 3 + import ( 4 + "net/http" 5 + 6 + "github.com/bluesky-social/indigo/atproto/auth/oauth" 7 + ) 8 + 9 + func (o *OAuth) SaveSession2(w http.ResponseWriter, r *http.Request, sessData *oauth.ClientSessionData) { 10 + }

+11

appview/service/issue/errors.go

··· 1 + package issue 2 + 3 + import "errors" 4 + 5 + var ( 6 + ErrUnAuthenticated = errors.New("user session missing") 7 + ErrForbidden = errors.New("unauthorized operation") 8 + ErrDatabaseFail = errors.New("db op fail") 9 + ErrPDSFail = errors.New("pds op fail") 10 + ErrValidationFail = errors.New("issue validation fail") 11 + )

+270

appview/service/issue/issue.go

··· 1 + package issue 2 + 3 + import ( 4 + "context" 5 + "log/slog" 6 + "time" 7 + 8 + "github.com/bluesky-social/indigo/api/atproto" 9 + "github.com/bluesky-social/indigo/atproto/syntax" 10 + lexutil "github.com/bluesky-social/indigo/lex/util" 11 + "tangled.org/core/api/tangled" 12 + "tangled.org/core/appview/config" 13 + "tangled.org/core/appview/db" 14 + issues_indexer "tangled.org/core/appview/indexer/issues" 15 + "tangled.org/core/appview/mentions" 16 + "tangled.org/core/appview/models" 17 + "tangled.org/core/appview/notify" 18 + "tangled.org/core/appview/session" 19 + "tangled.org/core/appview/validator" 20 + "tangled.org/core/idresolver" 21 + "tangled.org/core/rbac" 22 + "tangled.org/core/tid" 23 + ) 24 + 25 + type Service struct { 26 + config *config.Config 27 + db *db.DB 28 + enforcer *rbac.Enforcer 29 + indexer *issues_indexer.Indexer 30 + logger *slog.Logger 31 + notifier notify.Notifier 32 + idResolver *idresolver.Resolver 33 + refResolver *mentions.Resolver 34 + validator *validator.Validator 35 + } 36 + 37 + func NewService( 38 + logger *slog.Logger, 39 + config *config.Config, 40 + db *db.DB, 41 + enforcer *rbac.Enforcer, 42 + notifier notify.Notifier, 43 + idResolver *idresolver.Resolver, 44 + refResolver *mentions.Resolver, 45 + indexer *issues_indexer.Indexer, 46 + validator *validator.Validator, 47 + ) Service { 48 + return Service{ 49 + config, 50 + db, 51 + enforcer, 52 + indexer, 53 + logger, 54 + notifier, 55 + idResolver, 56 + refResolver, 57 + validator, 58 + } 59 + } 60 + 61 + func (s *Service) NewIssue(ctx context.Context, repo *models.Repo, title, body string) (*models.Issue, error) { 62 + l := s.logger.With("method", "NewIssue") 63 + sess := session.FromContext(ctx) 64 + if sess == nil { 65 + l.Error("user session is missing in context") 66 + return nil, ErrForbidden 67 + } 68 + authorDid := sess.Data.AccountDID 69 + l = l.With("did", authorDid) 70 + 71 + mentions, references := s.refResolver.Resolve(ctx, body) 72 + 73 + issue := models.Issue{ 74 + RepoAt: repo.RepoAt(), 75 + Rkey: tid.TID(), 76 + Title: title, 77 + Body: body, 78 + Open: true, 79 + Did: authorDid.String(), 80 + Created: time.Now(), 81 + Mentions: mentions, 82 + References: references, 83 + Repo: repo, 84 + } 85 + 86 + if err := s.validator.ValidateIssue(&issue); err != nil { 87 + l.Error("validation error", "err", err) 88 + return nil, ErrValidationFail 89 + } 90 + 91 + tx, err := s.db.BeginTx(ctx, nil) 92 + if err != nil { 93 + l.Error("db.BeginTx failed", "err", err) 94 + return nil, ErrDatabaseFail 95 + } 96 + defer tx.Rollback() 97 + 98 + if err := db.PutIssue(tx, &issue); err != nil { 99 + l.Error("db.PutIssue failed", "err", err) 100 + return nil, ErrDatabaseFail 101 + } 102 + 103 + atpclient := sess.APIClient() 104 + record := issue.AsRecord() 105 + _, err = atproto.RepoPutRecord(ctx, atpclient, &atproto.RepoPutRecord_Input{ 106 + Repo: authorDid.String(), 107 + Collection: tangled.RepoIssueNSID, 108 + Rkey: issue.Rkey, 109 + Record: &lexutil.LexiconTypeDecoder{ 110 + Val: &record, 111 + }, 112 + }) 113 + if err != nil { 114 + l.Error("atproto.RepoPutRecord failed", "err", err) 115 + return nil, ErrPDSFail 116 + } 117 + if err = tx.Commit(); err != nil { 118 + l.Error("tx.Commit failed", "err", err) 119 + return nil, ErrDatabaseFail 120 + } 121 + 122 + s.notifier.NewIssue(ctx, &issue, mentions) 123 + return &issue, nil 124 + } 125 + 126 + func (s *Service) GetIssues(ctx context.Context, repo *models.Repo, searchOpts models.IssueSearchOptions) ([]models.Issue, error) { 127 + l := s.logger.With("method", "EditIssue") 128 + 129 + var issues []models.Issue 130 + var err error 131 + if searchOpts.Keyword != "" { 132 + res, err := s.indexer.Search(ctx, searchOpts) 133 + if err != nil { 134 + l.Error("failed to search for issues", "err", err) 135 + return nil, err 136 + } 137 + l.Debug("searched issues with indexer", "count", len(res.Hits)) 138 + issues, err = db.GetIssues(s.db, db.FilterIn("id", res.Hits)) 139 + if err != nil { 140 + l.Error("failed to get issues", "err", err) 141 + return nil, err 142 + } 143 + } else { 144 + openInt := 0 145 + if searchOpts.IsOpen { 146 + openInt = 1 147 + } 148 + issues, err = db.GetIssuesPaginated( 149 + s.db, 150 + searchOpts.Page, 151 + db.FilterEq("repo_at", repo.RepoAt()), 152 + db.FilterEq("open", openInt), 153 + ) 154 + if err != nil { 155 + l.Error("failed to get issues", "err", err) 156 + return nil, err 157 + } 158 + } 159 + 160 + return issues, nil 161 + } 162 + 163 + func (s *Service) EditIssue(ctx context.Context, issue *models.Issue) error { 164 + l := s.logger.With("method", "EditIssue") 165 + sess := session.FromContext(ctx) 166 + if sess == nil { 167 + l.Error("user session is missing in context") 168 + return ErrForbidden 169 + } 170 + sessDid := sess.Data.AccountDID 171 + l = l.With("did", sessDid) 172 + 173 + if sessDid != syntax.DID(issue.Did) { 174 + l.Error("only author can edit the issue") 175 + return ErrForbidden 176 + } 177 + 178 + if err := s.validator.ValidateIssue(issue); err != nil { 179 + l.Error("validation error", "err", err) 180 + return ErrValidationFail 181 + } 182 + 183 + tx, err := s.db.BeginTx(ctx, nil) 184 + if err != nil { 185 + l.Error("db.BeginTx failed", "err", err) 186 + return ErrDatabaseFail 187 + } 188 + defer tx.Rollback() 189 + 190 + if err := db.PutIssue(tx, issue); err != nil { 191 + l.Error("db.PutIssue failed", "err", err) 192 + return ErrDatabaseFail 193 + } 194 + 195 + atpclient := sess.APIClient() 196 + record := issue.AsRecord() 197 + 198 + ex, err := atproto.RepoGetRecord(ctx, atpclient, "", tangled.RepoIssueNSID, issue.Did, issue.Rkey) 199 + if err != nil { 200 + l.Error("atproto.RepoGetRecord failed", "err", err) 201 + return ErrPDSFail 202 + } 203 + _, err = atproto.RepoPutRecord(ctx, atpclient, &atproto.RepoPutRecord_Input{ 204 + Collection: tangled.RepoIssueNSID, 205 + SwapRecord: ex.Cid, 206 + Record: &lexutil.LexiconTypeDecoder{ 207 + Val: &record, 208 + }, 209 + }) 210 + if err != nil { 211 + l.Error("atproto.RepoPutRecord failed", "err", err) 212 + return ErrPDSFail 213 + } 214 + 215 + if err = tx.Commit(); err != nil { 216 + l.Error("tx.Commit failed", "err", err) 217 + return ErrDatabaseFail 218 + } 219 + 220 + // TODO: notify PutIssue 221 + 222 + return nil 223 + } 224 + 225 + func (s *Service) DeleteIssue(ctx context.Context, issue *models.Issue) error { 226 + l := s.logger.With("method", "DeleteIssue") 227 + sess := session.FromContext(ctx) 228 + if sess == nil { 229 + l.Error("user session is missing in context") 230 + return ErrForbidden 231 + } 232 + sessDid := sess.Data.AccountDID 233 + l = l.With("did", sessDid) 234 + 235 + if sessDid != syntax.DID(issue.Did) { 236 + l.Error("only author can edit the issue") 237 + return ErrForbidden 238 + } 239 + 240 + tx, err := s.db.BeginTx(ctx, nil) 241 + if err != nil { 242 + l.Error("db.BeginTx failed", "err", err) 243 + return ErrDatabaseFail 244 + } 245 + defer tx.Rollback() 246 + 247 + if err := db.DeleteIssues(tx, issue.Did, issue.Rkey); err != nil { 248 + l.Error("db.DeleteIssues failed", "err", err) 249 + return ErrDatabaseFail 250 + } 251 + 252 + atpclient := sess.APIClient() 253 + _, err = atproto.RepoDeleteRecord(ctx, atpclient, &atproto.RepoDeleteRecord_Input{ 254 + Collection: tangled.RepoIssueNSID, 255 + Repo: issue.Did, 256 + Rkey: issue.Rkey, 257 + }) 258 + if err != nil { 259 + l.Error("atproto.RepoDeleteRecord failed", "err", err) 260 + return ErrPDSFail 261 + } 262 + 263 + if err := tx.Commit(); err != nil { 264 + l.Error("tx.Commit failed", "err", err) 265 + return ErrDatabaseFail 266 + } 267 + 268 + s.notifier.DeleteIssue(ctx, issue) 269 + return nil 270 + }

+83

appview/service/issue/state.go

··· 1 + package issue 2 + 3 + import ( 4 + "context" 5 + 6 + "github.com/bluesky-social/indigo/atproto/syntax" 7 + "tangled.org/core/appview/db" 8 + "tangled.org/core/appview/models" 9 + "tangled.org/core/appview/pages/repoinfo" 10 + "tangled.org/core/appview/session" 11 + ) 12 + 13 + func (s *Service) CloseIssue(ctx context.Context, issue *models.Issue) error { 14 + l := s.logger.With("method", "CloseIssue") 15 + sess := session.FromContext(ctx) 16 + if sess == nil { 17 + l.Error("user session is missing in context") 18 + return ErrUnAuthenticated 19 + } 20 + sessDid := sess.Data.AccountDID 21 + l = l.With("did", sessDid) 22 + 23 + // TODO: make this more granular 24 + roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(sessDid.String(), issue.Repo.Knot, issue.Repo.DidSlashRepo())} 25 + isRepoOwner := roles.IsOwner() 26 + isCollaborator := roles.IsCollaborator() 27 + isIssueOwner := sessDid == syntax.DID(issue.Did) 28 + if !(isRepoOwner || isCollaborator || isIssueOwner) { 29 + l.Error("user is not authorized") 30 + return ErrForbidden 31 + } 32 + 33 + err := db.CloseIssues( 34 + s.db, 35 + db.FilterEq("id", issue.Id), 36 + ) 37 + if err != nil { 38 + l.Error("db.CloseIssues failed", "err", err) 39 + return ErrDatabaseFail 40 + } 41 + 42 + // change the issue state (this will pass down to the notifiers) 43 + issue.Open = false 44 + 45 + s.notifier.NewIssueState(ctx, sessDid, issue) 46 + return nil 47 + } 48 + 49 + func (s *Service) ReopenIssue(ctx context.Context, issue *models.Issue) error { 50 + l := s.logger.With("method", "ReopenIssue") 51 + sess := session.FromContext(ctx) 52 + if sess == nil { 53 + l.Error("user session is missing in context") 54 + return ErrUnAuthenticated 55 + } 56 + sessDid := sess.Data.AccountDID 57 + l = l.With("did", sessDid) 58 + 59 + // TODO: make this more granular 60 + roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(sessDid.String(), issue.Repo.Knot, issue.Repo.DidSlashRepo())} 61 + isRepoOwner := roles.IsOwner() 62 + isCollaborator := roles.IsCollaborator() 63 + isIssueOwner := sessDid == syntax.DID(issue.Did) 64 + if !(isRepoOwner || isCollaborator || isIssueOwner) { 65 + l.Error("user is not authorized") 66 + return ErrForbidden 67 + } 68 + 69 + err := db.ReopenIssues( 70 + s.db, 71 + db.FilterEq("id", issue.Id), 72 + ) 73 + if err != nil { 74 + l.Error("db.ReopenIssues failed", "err", err) 75 + return ErrDatabaseFail 76 + } 77 + 78 + // change the issue state (this will pass down to the notifiers) 79 + issue.Open = true 80 + 81 + s.notifier.NewIssueState(ctx, sessDid, issue) 82 + return nil 83 + }

+11

appview/service/repo/errors.go

··· 1 + package repo 2 + 3 + import "errors" 4 + 5 + var ( 6 + ErrUnAuthenticated = errors.New("user session missing") 7 + ErrForbidden = errors.New("unauthorized operation") 8 + ErrDatabaseFail = errors.New("db op fail") 9 + ErrPDSFail = errors.New("pds op fail") 10 + ErrValidationFail = errors.New("repo validation fail") 11 + )

+89

appview/service/repo/repo.go

··· 1 + package repo 2 + 3 + import ( 4 + "context" 5 + "log/slog" 6 + "time" 7 + 8 + "github.com/bluesky-social/indigo/api/atproto" 9 + "tangled.org/core/api/tangled" 10 + "tangled.org/core/appview/config" 11 + "tangled.org/core/appview/db" 12 + "tangled.org/core/appview/models" 13 + "tangled.org/core/appview/session" 14 + "tangled.org/core/rbac" 15 + "tangled.org/core/tid" 16 + ) 17 + 18 + type Service struct { 19 + logger *slog.Logger 20 + config *config.Config 21 + db *db.DB 22 + enforcer *rbac.Enforcer 23 + } 24 + 25 + func NewService( 26 + logger *slog.Logger, 27 + config *config.Config, 28 + db *db.DB, 29 + enforcer *rbac.Enforcer, 30 + ) Service { 31 + return Service{ 32 + logger, 33 + config, 34 + db, 35 + enforcer, 36 + } 37 + } 38 + 39 + // NewRepo creates a repository 40 + // It expects atproto session to be passed in `ctx` 41 + func (s *Service) NewRepo(ctx context.Context, name, description, knot string) (*models.Repo, error) { 42 + l := s.logger.With("method", "NewRepo") 43 + sess := session.FromContext(ctx) 44 + if sess == nil { 45 + l.Error("user session is missing in context") 46 + return nil, ErrForbidden 47 + } 48 + 49 + ownerDid := sess.Data.AccountDID 50 + l = l.With("did", ownerDid) 51 + 52 + repo := models.Repo{ 53 + Did: ownerDid.String(), 54 + Name: name, 55 + Knot: knot, 56 + Rkey: tid.TID(), 57 + Description: description, 58 + Created: time.Now(), 59 + Labels: s.config.Label.DefaultLabelDefs, 60 + } 61 + l = l.With("aturi", repo.RepoAt()) 62 + 63 + tx, err := s.db.BeginTx(ctx, nil) 64 + if err != nil { 65 + l.Error("db.BeginTx failed", "err", err) 66 + return nil, ErrDatabaseFail 67 + } 68 + defer tx.Rollback() 69 + 70 + if err = db.AddRepo(tx, &repo); err != nil { 71 + l.Error("db.AddRepo failed", "err", err) 72 + return nil, ErrDatabaseFail 73 + } 74 + 75 + atpclient := sess.APIClient() 76 + _, err = atproto.RepoPutRecord(ctx, atpclient, &atproto.RepoPutRecord_Input{ 77 + Collection: tangled.RepoNSID, 78 + Repo: repo.Did, 79 + }) 80 + if err != nil { 81 + l.Error("atproto.RepoPutRecord failed", "err", err) 82 + return nil, ErrPDSFail 83 + } 84 + l.Info("wrote to PDS") 85 + 86 + // knotclient, err := s.oauth.ServiceClient( 87 + // ) 88 + panic("unimplemented") 89 + }

+90

appview/service/repo/repoinfo.go

··· 1 + package repo 2 + 3 + import ( 4 + "context" 5 + 6 + "github.com/bluesky-social/indigo/atproto/identity" 7 + "tangled.org/core/appview/db" 8 + "tangled.org/core/appview/models" 9 + "tangled.org/core/appview/oauth" 10 + "tangled.org/core/appview/pages/repoinfo" 11 + ) 12 + 13 + // GetRepoInfo converts given `Repo` to `RepoInfo` object. 14 + // The `user` can be nil. 15 + // NOTE: RepoInfo is bad design and should be removed in future. 16 + // avoid using this method if you can. 17 + func (s *Service) GetRepoInfo( 18 + ctx context.Context, 19 + ownerId *identity.Identity, 20 + baseRepo *models.Repo, 21 + currentDir, ref string, 22 + user *oauth.User, 23 + ) (*repoinfo.RepoInfo, error) { 24 + var ( 25 + repoAt = baseRepo.RepoAt() 26 + isStarred = false 27 + roles = repoinfo.RolesInRepo{} 28 + ) 29 + if user != nil { 30 + isStarred = db.GetStarStatus(s.db, user.Did, repoAt) 31 + roles.Roles = s.enforcer.GetPermissionsInRepo(user.Did, baseRepo.Knot, baseRepo.DidSlashRepo()) 32 + } 33 + 34 + stats := baseRepo.RepoStats 35 + if stats == nil { 36 + starCount, err := db.GetStarCount(s.db, repoAt) 37 + if err != nil { 38 + return nil, err 39 + } 40 + issueCount, err := db.GetIssueCount(s.db, repoAt) 41 + if err != nil { 42 + return nil, err 43 + } 44 + pullCount, err := db.GetPullCount(s.db, repoAt) 45 + if err != nil { 46 + return nil, err 47 + } 48 + stats = &models.RepoStats{ 49 + StarCount: starCount, 50 + IssueCount: issueCount, 51 + PullCount: pullCount, 52 + } 53 + } 54 + 55 + var sourceRepo *models.Repo 56 + var err error 57 + if baseRepo.Source != "" { 58 + sourceRepo, err = db.GetRepoByAtUri(s.db, baseRepo.Source) 59 + if err != nil { 60 + return nil, err 61 + } 62 + } 63 + 64 + repoInfo := &repoinfo.RepoInfo{ 65 + // ok this is basically a models.Repo 66 + OwnerDid: baseRepo.Did, 67 + OwnerHandle: ownerId.Handle.String(), // TODO: shouldn't use 68 + Name: baseRepo.Name, 69 + Rkey: baseRepo.Rkey, 70 + Description: baseRepo.Description, 71 + Website: baseRepo.Website, 72 + Topics: baseRepo.Topics, 73 + Knot: baseRepo.Knot, 74 + Spindle: baseRepo.Spindle, 75 + Stats: *stats, 76 + 77 + // fork repo upstream 78 + Source: sourceRepo, 79 + 80 + // repo path (context) 81 + CurrentDir: currentDir, 82 + Ref: ref, 83 + 84 + // info related to the session 85 + IsStarred: isStarred, 86 + Roles: roles, 87 + } 88 + 89 + return repoInfo, nil 90 + }

+29

appview/session/context.go

··· 1 + package session 2 + 3 + import ( 4 + "context" 5 + 6 + toauth "tangled.org/core/appview/oauth" 7 + ) 8 + 9 + type ctxKey struct{} 10 + 11 + func IntoContext(ctx context.Context, sess Session) context.Context { 12 + return context.WithValue(ctx, ctxKey{}, &sess) 13 + } 14 + 15 + func FromContext(ctx context.Context) *Session { 16 + sess, ok := ctx.Value(ctxKey{}).(*Session) 17 + if !ok { 18 + return nil 19 + } 20 + return sess 21 + } 22 + 23 + func UserFromContext(ctx context.Context) *toauth.User { 24 + sess := FromContext(ctx) 25 + if sess == nil { 26 + return nil 27 + } 28 + return sess.User() 29 + }

+24

appview/session/session.go

··· 1 + package session 2 + 3 + import ( 4 + "github.com/bluesky-social/indigo/atproto/auth/oauth" 5 + toauth "tangled.org/core/appview/oauth" 6 + ) 7 + 8 + // Session is a lightweight wrapper over indigo-oauth ClientSession 9 + type Session struct { 10 + *oauth.ClientSession 11 + } 12 + 13 + func New(atSess *oauth.ClientSession) Session { 14 + return Session{ 15 + atSess, 16 + } 17 + } 18 + 19 + func (s *Session) User() *toauth.User { 20 + return &toauth.User{ 21 + Did: string(s.Data.AccountDID), 22 + Pds: s.Data.HostURL, 23 + } 24 + }

+66

appview/state/legacy_bridge.go

··· 1 + package state 2 + 3 + import ( 4 + "log/slog" 5 + 6 + "tangled.org/core/appview/config" 7 + "tangled.org/core/appview/db" 8 + "tangled.org/core/appview/indexer" 9 + "tangled.org/core/appview/issues" 10 + "tangled.org/core/appview/mentions" 11 + "tangled.org/core/appview/middleware" 12 + "tangled.org/core/appview/notify" 13 + "tangled.org/core/appview/oauth" 14 + "tangled.org/core/appview/pages" 15 + "tangled.org/core/appview/validator" 16 + "tangled.org/core/idresolver" 17 + "tangled.org/core/log" 18 + "tangled.org/core/rbac" 19 + ) 20 + 21 + // Expose exposes private fields in `State`. This is used to bridge between 22 + // legacy web routers and new architecture 23 + func (s *State) Expose() ( 24 + *config.Config, 25 + *db.DB, 26 + *rbac.Enforcer, 27 + *idresolver.Resolver, 28 + *mentions.Resolver, 29 + *indexer.Indexer, 30 + *slog.Logger, 31 + notify.Notifier, 32 + *oauth.OAuth, 33 + *pages.Pages, 34 + *validator.Validator, 35 + ) { 36 + return s.config, s.db, s.enforcer, s.idResolver, s.mentionsResolver, s.indexer, s.logger, s.notifier, s.oauth, s.pages, s.validator 37 + } 38 + 39 + func (s *State) ExposeIssue() *issues.Issues { 40 + return issues.New( 41 + s.oauth, 42 + s.repoResolver, 43 + s.enforcer, 44 + s.pages, 45 + s.idResolver, 46 + s.mentionsResolver, 47 + s.db, 48 + s.config, 49 + s.notifier, 50 + s.validator, 51 + s.indexer.Issues, 52 + log.SubLogger(s.logger, "issues"), 53 + ) 54 + } 55 + 56 + func (s *State) Middleware() *middleware.Middleware { 57 + mw := middleware.New( 58 + s.oauth, 59 + s.db, 60 + s.enforcer, 61 + s.repoResolver, 62 + s.idResolver, 63 + s.pages, 64 + ) 65 + return &mw 66 + }

+23

appview/web/handler/oauth_client_metadata.go

··· 1 + package handler 2 + 3 + import ( 4 + "encoding/json" 5 + "net/http" 6 + 7 + "tangled.org/core/appview/oauth" 8 + ) 9 + 10 + func OauthClientMetadata(o *oauth.OAuth) http.HandlerFunc { 11 + return func(w http.ResponseWriter, r *http.Request) { 12 + doc := o.ClientApp.Config.ClientMetadata() 13 + doc.JWKSURI = &o.JwksUri 14 + doc.ClientName = &o.ClientName 15 + doc.ClientURI = &o.ClientUri 16 + 17 + w.Header().Set("Content-Type", "application/json") 18 + if err := json.NewEncoder(w).Encode(doc); err != nil { 19 + http.Error(w, err.Error(), http.StatusInternalServerError) 20 + return 21 + } 22 + } 23 + }

+19

appview/web/handler/oauth_jwks.go

··· 1 + package handler 2 + 3 + import ( 4 + "encoding/json" 5 + "net/http" 6 + 7 + "tangled.org/core/appview/oauth" 8 + ) 9 + 10 + func OauthJwks(o *oauth.OAuth) http.HandlerFunc { 11 + return func(w http.ResponseWriter, r *http.Request) { 12 + w.Header().Set("Content-Type", "application/json") 13 + body := o.ClientApp.Config.PublicJWKS() 14 + if err := json.NewEncoder(w).Encode(body); err != nil { 15 + http.Error(w, err.Error(), http.StatusInternalServerError) 16 + return 17 + } 18 + } 19 + }

+86

appview/web/handler/user_repo_issues.go

··· 1 + package handler 2 + 3 + import ( 4 + "net/http" 5 + 6 + "tangled.org/core/api/tangled" 7 + "tangled.org/core/appview/db" 8 + "tangled.org/core/appview/models" 9 + "tangled.org/core/appview/pages" 10 + "tangled.org/core/appview/pagination" 11 + isvc "tangled.org/core/appview/service/issue" 12 + rsvc "tangled.org/core/appview/service/repo" 13 + "tangled.org/core/appview/session" 14 + "tangled.org/core/appview/web/request" 15 + "tangled.org/core/log" 16 + ) 17 + 18 + func RepoIssues(is isvc.Service, rs rsvc.Service, p *pages.Pages, d *db.DB) http.HandlerFunc { 19 + return func(w http.ResponseWriter, r *http.Request) { 20 + ctx := r.Context() 21 + l := log.FromContext(ctx).With("handler", "RepoIssues") 22 + repo, ok := request.RepoFromContext(ctx) 23 + if !ok { 24 + l.Error("malformed request") 25 + p.Error503(w) 26 + return 27 + } 28 + repoOwnerId, ok := request.OwnerFromContext(ctx) 29 + if !ok { 30 + l.Error("malformed request") 31 + p.Error503(w) 32 + return 33 + } 34 + 35 + query := r.URL.Query() 36 + searchOpts := models.IssueSearchOptions{ 37 + RepoAt: repo.RepoAt().String(), 38 + Keyword: query.Get("q"), 39 + IsOpen: query.Get("state") != "closed", 40 + Page: pagination.FromContext(ctx), 41 + } 42 + 43 + issues, err := is.GetIssues(ctx, repo, searchOpts) 44 + if err != nil { 45 + l.Error("failed to get issues") 46 + p.Error503(w) 47 + return 48 + } 49 + 50 + // render page 51 + err = func() error { 52 + user := session.UserFromContext(ctx) 53 + repoinfo, err := rs.GetRepoInfo(ctx, repoOwnerId, repo, "", "", user) 54 + if err != nil { 55 + return err 56 + } 57 + labelDefs, err := db.GetLabelDefinitions( 58 + d, 59 + db.FilterIn("at_uri", repo.Labels), 60 + db.FilterContains("scope", tangled.RepoIssueNSID), 61 + ) 62 + if err != nil { 63 + return err 64 + } 65 + defs := make(map[string]*models.LabelDefinition) 66 + for _, l := range labelDefs { 67 + defs[l.AtUri().String()] = &l 68 + } 69 + return p.RepoIssues(w, pages.RepoIssuesParams{ 70 + LoggedInUser: user, 71 + RepoInfo: *repoinfo, 72 + 73 + Issues: issues, 74 + LabelDefs: defs, 75 + FilteringByOpen: searchOpts.IsOpen, 76 + FilterQuery: searchOpts.Keyword, 77 + Page: searchOpts.Page, 78 + }) 79 + }() 80 + if err != nil { 81 + l.Error("failed to render", "err", err) 82 + p.Error503(w) 83 + return 84 + } 85 + } 86 + }

+114

appview/web/handler/user_repo_issues_issue.go

··· 1 + package handler 2 + 3 + import ( 4 + "net/http" 5 + 6 + "tangled.org/core/api/tangled" 7 + "tangled.org/core/appview/db" 8 + "tangled.org/core/appview/models" 9 + "tangled.org/core/appview/pages" 10 + isvc "tangled.org/core/appview/service/issue" 11 + rsvc "tangled.org/core/appview/service/repo" 12 + "tangled.org/core/appview/session" 13 + "tangled.org/core/appview/web/request" 14 + "tangled.org/core/log" 15 + ) 16 + 17 + func Issue(s isvc.Service, rs rsvc.Service, p *pages.Pages, d *db.DB) http.HandlerFunc { 18 + return func(w http.ResponseWriter, r *http.Request) { 19 + ctx := r.Context() 20 + l := log.FromContext(ctx).With("handler", "Issue") 21 + issue, ok := request.IssueFromContext(ctx) 22 + if !ok { 23 + l.Error("malformed request, failed to get issue") 24 + p.Error503(w) 25 + return 26 + } 27 + repoOwnerId, ok := request.OwnerFromContext(ctx) 28 + if !ok { 29 + l.Error("malformed request") 30 + p.Error503(w) 31 + return 32 + } 33 + 34 + // render 35 + err := func() error { 36 + user := session.UserFromContext(ctx) 37 + repoinfo, err := rs.GetRepoInfo(ctx, repoOwnerId, issue.Repo, "", "", user) 38 + if err != nil { 39 + l.Error("failed to load repo", "err", err) 40 + return err 41 + } 42 + 43 + reactionMap, err := db.GetReactionMap(d, 20, issue.AtUri()) 44 + if err != nil { 45 + l.Error("failed to get issue reactions", "err", err) 46 + return err 47 + } 48 + 49 + userReactions := map[models.ReactionKind]bool{} 50 + if user != nil { 51 + userReactions = db.GetReactionStatusMap(d, user.Did, issue.AtUri()) 52 + } 53 + 54 + backlinks, err := db.GetBacklinks(d, issue.AtUri()) 55 + if err != nil { 56 + l.Error("failed to fetch backlinks", "err", err) 57 + return err 58 + } 59 + 60 + labelDefs, err := db.GetLabelDefinitions( 61 + d, 62 + db.FilterIn("at_uri", issue.Repo.Labels), 63 + db.FilterContains("scope", tangled.RepoIssueNSID), 64 + ) 65 + if err != nil { 66 + l.Error("failed to fetch label defs", "err", err) 67 + return err 68 + } 69 + 70 + defs := make(map[string]*models.LabelDefinition) 71 + for _, l := range labelDefs { 72 + defs[l.AtUri().String()] = &l 73 + } 74 + 75 + return p.RepoSingleIssue(w, pages.RepoSingleIssueParams{ 76 + LoggedInUser: user, 77 + RepoInfo: *repoinfo, 78 + Issue: issue, 79 + CommentList: issue.CommentList(), 80 + Backlinks: backlinks, 81 + OrderedReactionKinds: models.OrderedReactionKinds, 82 + Reactions: reactionMap, 83 + UserReacted: userReactions, 84 + LabelDefs: defs, 85 + }) 86 + }() 87 + if err != nil { 88 + l.Error("failed to render", "err", err) 89 + p.Error503(w) 90 + return 91 + } 92 + } 93 + } 94 + 95 + func IssueDelete(s isvc.Service, p *pages.Pages) http.HandlerFunc { 96 + noticeId := "issue-actions-error" 97 + return func(w http.ResponseWriter, r *http.Request) { 98 + ctx := r.Context() 99 + l := log.FromContext(ctx).With("handler", "IssueDelete") 100 + issue, ok := request.IssueFromContext(ctx) 101 + if !ok { 102 + l.Error("failed to get issue") 103 + // TODO: 503 error with more detailed messages 104 + p.Error503(w) 105 + return 106 + } 107 + err := s.DeleteIssue(ctx, issue) 108 + if err != nil { 109 + p.Notice(w, noticeId, "failed to delete issue") 110 + return 111 + } 112 + p.HxLocation(w, "/") 113 + } 114 + }

+40

appview/web/handler/user_repo_issues_issue_close.go

··· 1 + package handler 2 + 3 + import ( 4 + "errors" 5 + "fmt" 6 + "net/http" 7 + 8 + "tangled.org/core/appview/pages" 9 + "tangled.org/core/appview/reporesolver" 10 + isvc "tangled.org/core/appview/service/issue" 11 + "tangled.org/core/appview/web/request" 12 + "tangled.org/core/log" 13 + ) 14 + 15 + func CloseIssue(is isvc.Service, p *pages.Pages) http.HandlerFunc { 16 + noticeId := "issue-action" 17 + return func(w http.ResponseWriter, r *http.Request) { 18 + ctx := r.Context() 19 + l := log.FromContext(ctx).With("handler", "CloseIssue") 20 + issue, ok := request.IssueFromContext(ctx) 21 + if !ok { 22 + l.Error("malformed request, failed to get issue") 23 + p.Error503(w) 24 + return 25 + } 26 + 27 + err := is.CloseIssue(ctx, issue) 28 + if err != nil { 29 + if errors.Is(err, isvc.ErrForbidden) { 30 + http.Error(w, "forbidden", http.StatusUnauthorized) 31 + } else { 32 + p.Notice(w, noticeId, "Failed to close issue. Try again later.") 33 + } 34 + return 35 + } 36 + 37 + ownerSlashRepo := reporesolver.GetBaseRepoPath(r, issue.Repo) 38 + p.HxLocation(w, fmt.Sprintf("/%s/issues/%d", ownerSlashRepo, issue.IssueId)) 39 + } 40 + }

+84

appview/web/handler/user_repo_issues_issue_edit.go

··· 1 + package handler 2 + 3 + import ( 4 + "errors" 5 + "net/http" 6 + 7 + "tangled.org/core/appview/pages" 8 + isvc "tangled.org/core/appview/service/issue" 9 + rsvc "tangled.org/core/appview/service/repo" 10 + "tangled.org/core/appview/session" 11 + "tangled.org/core/appview/web/request" 12 + "tangled.org/core/log" 13 + ) 14 + 15 + func IssueEdit(is isvc.Service, rs rsvc.Service, p *pages.Pages) http.HandlerFunc { 16 + return func(w http.ResponseWriter, r *http.Request) { 17 + ctx := r.Context() 18 + l := log.FromContext(ctx).With("handler", "IssueEdit") 19 + issue, ok := request.IssueFromContext(ctx) 20 + if !ok { 21 + l.Error("malformed request, failed to get issue") 22 + p.Error503(w) 23 + return 24 + } 25 + repoOwnerId, ok := request.OwnerFromContext(ctx) 26 + if !ok { 27 + l.Error("malformed request") 28 + p.Error503(w) 29 + return 30 + } 31 + 32 + // render 33 + err := func() error { 34 + user := session.UserFromContext(ctx) 35 + repoinfo, err := rs.GetRepoInfo(ctx, repoOwnerId, issue.Repo, "", "", user) 36 + if err != nil { 37 + return err 38 + } 39 + return p.EditIssueFragment(w, pages.EditIssueParams{ 40 + LoggedInUser: user, 41 + RepoInfo: *repoinfo, 42 + 43 + Issue: issue, 44 + }) 45 + }() 46 + if err != nil { 47 + l.Error("failed to render", "err", err) 48 + p.Error503(w) 49 + return 50 + } 51 + } 52 + } 53 + 54 + func IssueEditPost(is isvc.Service, p *pages.Pages) http.HandlerFunc { 55 + noticeId := "issues" 56 + return func(w http.ResponseWriter, r *http.Request) { 57 + ctx := r.Context() 58 + l := log.FromContext(ctx).With("handler", "IssueEdit") 59 + issue, ok := request.IssueFromContext(ctx) 60 + if !ok { 61 + l.Error("malformed request, failed to get issue") 62 + p.Error503(w) 63 + return 64 + } 65 + 66 + newIssue := *issue 67 + newIssue.Title = r.FormValue("title") 68 + newIssue.Body = r.FormValue("body") 69 + 70 + err := is.EditIssue(ctx, &newIssue) 71 + if err != nil { 72 + if errors.Is(err, isvc.ErrDatabaseFail) { 73 + p.Notice(w, noticeId, "Failed to edit issue.") 74 + } else if errors.Is(err, isvc.ErrPDSFail) { 75 + p.Notice(w, noticeId, "Failed to edit issue.") 76 + } else { 77 + p.Notice(w, noticeId, "Failed to edit issue.") 78 + } 79 + return 80 + } 81 + 82 + p.HxRefresh(w) 83 + } 84 + }

+40

appview/web/handler/user_repo_issues_issue_reopen.go

··· 1 + package handler 2 + 3 + import ( 4 + "errors" 5 + "fmt" 6 + "net/http" 7 + 8 + "tangled.org/core/appview/pages" 9 + "tangled.org/core/appview/reporesolver" 10 + isvc "tangled.org/core/appview/service/issue" 11 + "tangled.org/core/appview/web/request" 12 + "tangled.org/core/log" 13 + ) 14 + 15 + func ReopenIssue(is isvc.Service, p *pages.Pages) http.HandlerFunc { 16 + noticeId := "issue-action" 17 + return func(w http.ResponseWriter, r *http.Request) { 18 + ctx := r.Context() 19 + l := log.FromContext(ctx).With("handler", "ReopenIssue") 20 + issue, ok := request.IssueFromContext(ctx) 21 + if !ok { 22 + l.Error("malformed request, failed to get issue") 23 + p.Error503(w) 24 + return 25 + } 26 + 27 + err := is.ReopenIssue(ctx, issue) 28 + if err != nil { 29 + if errors.Is(err, isvc.ErrForbidden) { 30 + http.Error(w, "forbidden", http.StatusUnauthorized) 31 + } else { 32 + p.Notice(w, noticeId, "Failed to reopen issue. Try again later.") 33 + } 34 + return 35 + } 36 + 37 + ownerSlashRepo := reporesolver.GetBaseRepoPath(r, issue.Repo) 38 + p.HxLocation(w, fmt.Sprintf("/%s/issues/%d", ownerSlashRepo, issue.IssueId)) 39 + } 40 + }

+79

appview/web/handler/user_repo_issues_new.go

··· 1 + package handler 2 + 3 + import ( 4 + "errors" 5 + "fmt" 6 + "net/http" 7 + 8 + "tangled.org/core/appview/pages" 9 + isvc "tangled.org/core/appview/service/issue" 10 + rsvc "tangled.org/core/appview/service/repo" 11 + "tangled.org/core/appview/session" 12 + "tangled.org/core/appview/web/request" 13 + "tangled.org/core/log" 14 + ) 15 + 16 + func NewIssue(rs rsvc.Service, p *pages.Pages) http.HandlerFunc { 17 + return func(w http.ResponseWriter, r *http.Request) { 18 + ctx := r.Context() 19 + l := log.FromContext(ctx).With("handler", "NewIssue") 20 + 21 + // render 22 + err := func() error { 23 + user := session.UserFromContext(ctx) 24 + repo, ok := request.RepoFromContext(ctx) 25 + if !ok { 26 + return fmt.Errorf("malformed request") 27 + } 28 + repoOwnerId, ok := request.OwnerFromContext(ctx) 29 + if !ok { 30 + return fmt.Errorf("malformed request") 31 + } 32 + repoinfo, err := rs.GetRepoInfo(ctx, repoOwnerId, repo, "", "", user) 33 + if err != nil { 34 + return err 35 + } 36 + return p.RepoNewIssue(w, pages.RepoNewIssueParams{ 37 + LoggedInUser: user, 38 + RepoInfo: *repoinfo, 39 + }) 40 + }() 41 + if err != nil { 42 + l.Error("failed to render", "err", err) 43 + p.Error503(w) 44 + return 45 + } 46 + } 47 + } 48 + 49 + func NewIssuePost(is isvc.Service, p *pages.Pages) http.HandlerFunc { 50 + noticeId := "issues" 51 + return func(w http.ResponseWriter, r *http.Request) { 52 + ctx := r.Context() 53 + l := log.FromContext(ctx).With("handler", "NewIssuePost") 54 + repo, ok := request.RepoFromContext(ctx) 55 + if !ok { 56 + l.Error("malformed request, failed to get repo") 57 + // TODO: 503 error with more detailed messages 58 + p.Error503(w) 59 + return 60 + } 61 + var ( 62 + title = r.FormValue("title") 63 + body = r.FormValue("body") 64 + ) 65 + 66 + _, err := is.NewIssue(ctx, repo, title, body) 67 + if err != nil { 68 + if errors.Is(err, isvc.ErrDatabaseFail) { 69 + p.Notice(w, noticeId, "Failed to create issue.") 70 + } else if errors.Is(err, isvc.ErrPDSFail) { 71 + p.Notice(w, noticeId, "Failed to create issue.") 72 + } else { 73 + p.Notice(w, noticeId, "Failed to create issue.") 74 + } 75 + return 76 + } 77 + p.HxLocation(w, "/") 78 + } 79 + }

+67

appview/web/middleware/auth.go

··· 1 + package middleware 2 + 3 + import ( 4 + "fmt" 5 + "net/http" 6 + "net/url" 7 + 8 + "tangled.org/core/appview/oauth" 9 + "tangled.org/core/appview/session" 10 + "tangled.org/core/log" 11 + ) 12 + 13 + // WithSession resumes atp session from cookie, ensure it's not malformed and 14 + // pass the session through context 15 + func WithSession(o *oauth.OAuth) middlewareFunc { 16 + return func(next http.Handler) http.Handler { 17 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 18 + atSess, err := o.ResumeSession(r) 19 + if err != nil { 20 + next.ServeHTTP(w, r) 21 + return 22 + } 23 + 24 + sess := session.New(atSess) 25 + 26 + ctx := session.IntoContext(r.Context(), sess) 27 + next.ServeHTTP(w, r.WithContext(ctx)) 28 + }) 29 + } 30 + } 31 + 32 + // AuthMiddleware ensures the request is authorized and redirect to login page 33 + // when unauthorized 34 + func AuthMiddleware() middlewareFunc { 35 + return func(next http.Handler) http.Handler { 36 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 37 + ctx := r.Context() 38 + l := log.FromContext(ctx) 39 + 40 + returnURL := "/" 41 + if u, err := url.Parse(r.Header.Get("Referer")); err == nil { 42 + returnURL = u.RequestURI() 43 + } 44 + 45 + loginURL := fmt.Sprintf("/login?return_url=%s", url.QueryEscape(returnURL)) 46 + 47 + redirectFunc := func(w http.ResponseWriter, r *http.Request) { 48 + http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect) 49 + } 50 + if r.Header.Get("HX-Request") == "true" { 51 + redirectFunc = func(w http.ResponseWriter, _ *http.Request) { 52 + w.Header().Set("HX-Redirect", loginURL) 53 + w.WriteHeader(http.StatusOK) 54 + } 55 + } 56 + 57 + sess := session.FromContext(ctx) 58 + if sess == nil { 59 + l.Debug("no session, redirecting...") 60 + redirectFunc(w, r) 61 + return 62 + } 63 + 64 + next.ServeHTTP(w, r) 65 + }) 66 + } 67 + }

+27

appview/web/middleware/ensuredidorhandle.go

··· 1 + package middleware 2 + 3 + import ( 4 + "net/http" 5 + 6 + "github.com/go-chi/chi/v5" 7 + "tangled.org/core/appview/pages" 8 + "tangled.org/core/appview/state/userutil" 9 + ) 10 + 11 + // EnsureDidOrHandle ensures the "user" url param is valid did/handle format. 12 + // If not, respond with 404 13 + func EnsureDidOrHandle(p *pages.Pages) middlewareFunc { 14 + return func(next http.Handler) http.Handler { 15 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 16 + user := chi.URLParam(r, "user") 17 + 18 + // if using a DID or handle, just continue as per usual 19 + if userutil.IsDid(user) || userutil.IsHandle(user) { 20 + next.ServeHTTP(w, r) 21 + return 22 + } 23 + 24 + p.Error404(w) 25 + }) 26 + } 27 + }

+18

appview/web/middleware/log.go

··· 1 + package middleware 2 + 3 + import ( 4 + "log/slog" 5 + "net/http" 6 + 7 + "tangled.org/core/log" 8 + ) 9 + 10 + func WithLogger(l *slog.Logger) middlewareFunc { 11 + return func(next http.Handler) http.Handler { 12 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 13 + // NOTE: can add some metadata here 14 + ctx := log.IntoContext(r.Context(), l) 15 + next.ServeHTTP(w, r.WithContext(ctx)) 16 + }) 17 + } 18 + }

appview/web/middleware/middleware.go

··· 1 + package middleware 2 + 3 + import ( 4 + "net/http" 5 + ) 6 + 7 + type middlewareFunc func(http.Handler) http.Handler

+50

appview/web/middleware/normalize.go

··· 1 + package middleware 2 + 3 + import ( 4 + "net/http" 5 + "strings" 6 + 7 + "github.com/go-chi/chi/v5" 8 + "tangled.org/core/appview/state/userutil" 9 + ) 10 + 11 + func Normalize() middlewareFunc { 12 + return func(next http.Handler) http.Handler { 13 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 14 + pat := chi.URLParam(r, "*") 15 + pathParts := strings.SplitN(pat, "/", 2) 16 + if len(pathParts) == 0 { 17 + next.ServeHTTP(w, r) 18 + return 19 + } 20 + 21 + firstPart := pathParts[0] 22 + 23 + // if using a flattened DID (like you would in go modules), unflatten 24 + if userutil.IsFlattenedDid(firstPart) { 25 + unflattenedDid := userutil.UnflattenDid(firstPart) 26 + redirectPath := strings.Join(append([]string{unflattenedDid}, pathParts[1:]...), "/") 27 + 28 + redirectURL := *r.URL 29 + redirectURL.Path = "/" + redirectPath 30 + 31 + http.Redirect(w, r, redirectURL.String(), http.StatusFound) 32 + return 33 + } 34 + 35 + // if using a handle with @, rewrite to work without @ 36 + if normalized := strings.TrimPrefix(firstPart, "@"); userutil.IsHandle(normalized) { 37 + redirectPath := strings.Join(append([]string{normalized}, pathParts[1:]...), "/") 38 + 39 + redirectURL := *r.URL 40 + redirectURL.Path = "/" + redirectPath 41 + 42 + http.Redirect(w, r, redirectURL.String(), http.StatusFound) 43 + return 44 + } 45 + 46 + next.ServeHTTP(w, r) 47 + return 48 + }) 49 + } 50 + }

+38

appview/web/middleware/paginate.go

··· 1 + package middleware 2 + 3 + import ( 4 + "log" 5 + "net/http" 6 + "strconv" 7 + 8 + "tangled.org/core/appview/pagination" 9 + ) 10 + 11 + func Paginate(next http.Handler) http.Handler { 12 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 13 + page := pagination.FirstPage() 14 + 15 + offsetVal := r.URL.Query().Get("offset") 16 + if offsetVal != "" { 17 + offset, err := strconv.Atoi(offsetVal) 18 + if err != nil { 19 + log.Println("invalid offset") 20 + } else { 21 + page.Offset = offset 22 + } 23 + } 24 + 25 + limitVal := r.URL.Query().Get("limit") 26 + if limitVal != "" { 27 + limit, err := strconv.Atoi(limitVal) 28 + if err != nil { 29 + log.Println("invalid limit") 30 + } else { 31 + page.Limit = limit 32 + } 33 + } 34 + 35 + ctx := pagination.IntoContext(r.Context(), page) 36 + next.ServeHTTP(w, r.WithContext(ctx)) 37 + }) 38 + }

+120

appview/web/middleware/resolve.go

··· 1 + package middleware 2 + 3 + import ( 4 + "context" 5 + "net/http" 6 + "strconv" 7 + "strings" 8 + 9 + "github.com/go-chi/chi/v5" 10 + "tangled.org/core/appview/db" 11 + "tangled.org/core/appview/pages" 12 + "tangled.org/core/appview/web/request" 13 + "tangled.org/core/idresolver" 14 + "tangled.org/core/log" 15 + ) 16 + 17 + func ResolveIdent( 18 + idResolver *idresolver.Resolver, 19 + pages *pages.Pages, 20 + ) middlewareFunc { 21 + return func(next http.Handler) http.Handler { 22 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 23 + ctx := r.Context() 24 + l := log.FromContext(ctx) 25 + didOrHandle := chi.URLParam(r, "user") 26 + didOrHandle = strings.TrimPrefix(didOrHandle, "@") 27 + 28 + id, err := idResolver.ResolveIdent(ctx, didOrHandle) 29 + if err != nil { 30 + // invalid did or handle 31 + l.Warn("failed to resolve did/handle", "handle", didOrHandle, "err", err) 32 + pages.Error404(w) 33 + return 34 + } 35 + 36 + ctx = request.WithOwner(ctx, id) 37 + // TODO: reomove this later 38 + ctx = context.WithValue(ctx, "resolvedId", *id) 39 + 40 + next.ServeHTTP(w, r.WithContext(ctx)) 41 + }) 42 + } 43 + } 44 + 45 + func ResolveRepo( 46 + e *db.DB, 47 + pages *pages.Pages, 48 + ) middlewareFunc { 49 + return func(next http.Handler) http.Handler { 50 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 51 + ctx := r.Context() 52 + l := log.FromContext(ctx) 53 + repoName := chi.URLParam(r, "repo") 54 + repoOwner, ok := request.OwnerFromContext(ctx) 55 + if !ok { 56 + l.Error("malformed middleware") 57 + w.WriteHeader(http.StatusInternalServerError) 58 + return 59 + } 60 + 61 + repo, err := db.GetRepo( 62 + e, 63 + db.FilterEq("did", repoOwner.DID.String()), 64 + db.FilterEq("name", repoName), 65 + ) 66 + if err != nil { 67 + l.Warn("failed to resolve repo", "err", err) 68 + pages.ErrorKnot404(w) 69 + return 70 + } 71 + 72 + // TODO: pass owner id into repository object 73 + 74 + ctx = request.WithRepo(ctx, repo) 75 + // TODO: reomove this later 76 + ctx = context.WithValue(ctx, "repo", repo) 77 + 78 + next.ServeHTTP(w, r.WithContext(ctx)) 79 + }) 80 + } 81 + } 82 + 83 + func ResolveIssue( 84 + e *db.DB, 85 + pages *pages.Pages, 86 + ) middlewareFunc { 87 + return func(next http.Handler) http.Handler { 88 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 89 + ctx := r.Context() 90 + l := log.FromContext(ctx) 91 + issueIdStr := chi.URLParam(r, "issue") 92 + issueId, err := strconv.Atoi(issueIdStr) 93 + if err != nil { 94 + l.Warn("failed to fully resolve issue ID", "err", err) 95 + pages.Error404(w) 96 + return 97 + } 98 + repo, ok := request.RepoFromContext(ctx) 99 + if !ok { 100 + l.Error("malformed middleware") 101 + w.WriteHeader(http.StatusInternalServerError) 102 + return 103 + } 104 + 105 + issue, err := db.GetIssue(e, repo.RepoAt(), issueId) 106 + if err != nil { 107 + l.Warn("failed to resolve issue", "err", err) 108 + pages.ErrorKnot404(w) 109 + return 110 + } 111 + issue.Repo = repo 112 + 113 + ctx = request.WithIssue(ctx, issue) 114 + // TODO: reomove this later 115 + ctx = context.WithValue(ctx, "issue", issue) 116 + 117 + next.ServeHTTP(w, r.WithContext(ctx)) 118 + }) 119 + } 120 + }

+39

appview/web/request/context.go

··· 1 + package request 2 + 3 + import ( 4 + "context" 5 + 6 + "github.com/bluesky-social/indigo/atproto/identity" 7 + "tangled.org/core/appview/models" 8 + ) 9 + 10 + type ctxKeyOwner struct{} 11 + type ctxKeyRepo struct{} 12 + type ctxKeyIssue struct{} 13 + 14 + func WithOwner(ctx context.Context, owner *identity.Identity) context.Context { 15 + return context.WithValue(ctx, ctxKeyOwner{}, owner) 16 + } 17 + 18 + func OwnerFromContext(ctx context.Context) (*identity.Identity, bool) { 19 + owner, ok := ctx.Value(ctxKeyOwner{}).(*identity.Identity) 20 + return owner, ok 21 + } 22 + 23 + func WithRepo(ctx context.Context, repo *models.Repo) context.Context { 24 + return context.WithValue(ctx, ctxKeyRepo{}, repo) 25 + } 26 + 27 + func RepoFromContext(ctx context.Context) (*models.Repo, bool) { 28 + repo, ok := ctx.Value(ctxKeyRepo{}).(*models.Repo) 29 + return repo, ok 30 + } 31 + 32 + func WithIssue(ctx context.Context, issue *models.Issue) context.Context { 33 + return context.WithValue(ctx, ctxKeyIssue{}, issue) 34 + } 35 + 36 + func IssueFromContext(ctx context.Context) (*models.Issue, bool) { 37 + issue, ok := ctx.Value(ctxKeyIssue{}).(*models.Issue) 38 + return issue, ok 39 + }

+215

appview/web/routes.go

··· 1 + package web 2 + 3 + import ( 4 + "log/slog" 5 + "net/http" 6 + 7 + "github.com/go-chi/chi/v5" 8 + "tangled.org/core/appview/config" 9 + "tangled.org/core/appview/db" 10 + "tangled.org/core/appview/indexer" 11 + "tangled.org/core/appview/mentions" 12 + "tangled.org/core/appview/notify" 13 + "tangled.org/core/appview/oauth" 14 + "tangled.org/core/appview/pages" 15 + isvc "tangled.org/core/appview/service/issue" 16 + rsvc "tangled.org/core/appview/service/repo" 17 + "tangled.org/core/appview/state" 18 + "tangled.org/core/appview/validator" 19 + "tangled.org/core/appview/web/handler" 20 + "tangled.org/core/appview/web/middleware" 21 + "tangled.org/core/idresolver" 22 + "tangled.org/core/rbac" 23 + ) 24 + 25 + // Rules 26 + // - Use single function for each endpoints (unless it doesn't make sense.) 27 + // - Name handler files following the related path (ancestor paths can be 28 + // trimmed.) 29 + // - Pass dependencies to each handlers, don't create structs with shared 30 + // dependencies unless it serves some domain-specific roles like 31 + // service/issue. Same rule goes to middlewares. 32 + 33 + // RouterFromState creates a web router from `state.State`. This exist to 34 + // bridge between legacy web routers under `State` and new architecture 35 + func RouterFromState(s *state.State) http.Handler { 36 + config, db, enforcer, idResolver, refResolver, indexer, logger, notifier, oauth, pages, validator := s.Expose() 37 + 38 + return Router( 39 + logger, 40 + config, 41 + db, 42 + enforcer, 43 + idResolver, 44 + refResolver, 45 + indexer, 46 + notifier, 47 + oauth, 48 + pages, 49 + validator, 50 + s, 51 + ) 52 + } 53 + 54 + func Router( 55 + // NOTE: put base dependencies (db, idResolver, oauth etc) 56 + logger *slog.Logger, 57 + config *config.Config, 58 + db *db.DB, 59 + enforcer *rbac.Enforcer, 60 + idResolver *idresolver.Resolver, 61 + mentionsResolver *mentions.Resolver, 62 + indexer *indexer.Indexer, 63 + notifier notify.Notifier, 64 + oauth *oauth.OAuth, 65 + pages *pages.Pages, 66 + validator *validator.Validator, 67 + // to use legacy web handlers. will be removed later 68 + s *state.State, 69 + ) http.Handler { 70 + repo := rsvc.NewService( 71 + logger, 72 + config, 73 + db, 74 + enforcer, 75 + ) 76 + issue := isvc.NewService( 77 + logger, 78 + config, 79 + db, 80 + enforcer, 81 + notifier, 82 + idResolver, 83 + mentionsResolver, 84 + indexer.Issues, 85 + validator, 86 + ) 87 + 88 + i := s.ExposeIssue() 89 + 90 + r := chi.NewRouter() 91 + 92 + mw := s.Middleware() 93 + auth := middleware.AuthMiddleware() 94 + 95 + r.Use(middleware.WithLogger(logger)) 96 + r.Use(middleware.WithSession(oauth)) 97 + 98 + r.Use(middleware.Normalize()) 99 + 100 + r.Get("/favicon.svg", s.Favicon) 101 + r.Get("/favicon.ico", s.Favicon) 102 + r.Get("/pwa-manifest.json", s.PWAManifest) 103 + r.Get("/robots.txt", s.RobotsTxt) 104 + 105 + r.Handle("/static/*", pages.Static()) 106 + 107 + r.Get("/", s.HomeOrTimeline) 108 + r.Get("/timeline", s.Timeline) 109 + r.Get("/upgradeBanner", s.UpgradeBanner) 110 + 111 + r.Get("/terms", s.TermsOfService) 112 + r.Get("/privacy", s.PrivacyPolicy) 113 + r.Get("/brand", s.Brand) 114 + // special-case handler for serving tangled.org/core 115 + r.Get("/core", s.Core()) 116 + 117 + r.Get("/login", s.Login) 118 + r.Post("/login", s.Login) 119 + r.Post("/logout", s.Logout) 120 + 121 + r.Get("/goodfirstissues", s.GoodFirstIssues) 122 + 123 + r.With(auth).Get("/repo/new", s.NewRepo) 124 + r.With(auth).Post("/repo/new", s.NewRepo) 125 + 126 + r.With(auth).Post("/follow", s.Follow) 127 + r.With(auth).Delete("/follow", s.Follow) 128 + 129 + r.With(auth).Post("/star", s.Star) 130 + r.With(auth).Delete("/star", s.Star) 131 + 132 + r.With(auth).Post("/react", s.React) 133 + r.With(auth).Delete("/react", s.React) 134 + 135 + r.With(auth).Get("/profile/edit-bio", s.EditBioFragment) 136 + r.With(auth).Get("/profile/edit-pins", s.EditPinsFragment) 137 + r.With(auth).Post("/profile/bio", s.UpdateProfileBio) 138 + r.With(auth).Post("/profile/pins", s.UpdateProfilePins) 139 + 140 + r.Mount("/settings", s.SettingsRouter()) 141 + r.Mount("/strings", s.StringsRouter(mw)) 142 + r.Mount("/settings/knots", s.KnotsRouter()) 143 + r.Mount("/settings/spindles", s.SpindlesRouter()) 144 + r.Mount("/notifications", s.NotificationsRouter(mw)) 145 + 146 + r.Mount("/signup", s.SignupRouter()) 147 + r.Get("/oauth/client-metadata.json", handler.OauthClientMetadata(oauth)) 148 + r.Get("/oauth/jwks.json", handler.OauthJwks(oauth)) 149 + r.Get("/oauth/callback", oauth.Callback) 150 + 151 + // special-case handler. should replace with xrpc later 152 + r.Get("/keys/{user}", s.Keys) 153 + 154 + r.HandleFunc("/@*", func(w http.ResponseWriter, r *http.Request) { 155 + http.Redirect(w, r, "/"+chi.URLParam(r, "*"), http.StatusFound) 156 + }) 157 + 158 + r.Route("/{user}", func(r chi.Router) { 159 + r.Use(middleware.EnsureDidOrHandle(pages)) 160 + r.Use(middleware.ResolveIdent(idResolver, pages)) 161 + 162 + r.Get("/", s.Profile) 163 + r.Get("/feed.atom", s.AtomFeedPage) 164 + 165 + r.Route("/{repo}", func(r chi.Router) { 166 + r.Use(middleware.ResolveRepo(db, pages)) 167 + 168 + r.Mount("/", s.RepoRouter(mw)) 169 + 170 + // /{user}/{repo}/issues/* 171 + r.With(middleware.Paginate).Get("/issues", handler.RepoIssues(issue, repo, pages, db)) 172 + r.With(auth).Get("/issues/new", handler.NewIssue(repo, pages)) 173 + r.With(auth).Post("/issues/new", handler.NewIssuePost(issue, pages)) 174 + r.Route("/issues/{issue}", func(r chi.Router) { 175 + r.Use(middleware.ResolveIssue(db, pages)) 176 + 177 + r.Get("/", handler.Issue(issue, repo, pages, db)) 178 + r.Get("/opengraph", i.IssueOpenGraphSummary) 179 + 180 + r.With(auth).Delete("/", handler.IssueDelete(issue, pages)) 181 + 182 + r.With(auth).Get("/edit", handler.IssueEdit(issue, repo, pages)) 183 + r.With(auth).Post("/edit", handler.IssueEditPost(issue, pages)) 184 + 185 + r.With(auth).Post("/close", handler.CloseIssue(issue, pages)) 186 + r.With(auth).Post("/reopen", handler.ReopenIssue(issue, pages)) 187 + 188 + r.With(auth).Post("/comment", i.NewIssueComment) 189 + r.With(auth).Route("/comment/{commentId}/", func(r chi.Router) { 190 + r.Get("/", i.IssueComment) 191 + r.Delete("/", i.DeleteIssueComment) 192 + r.Get("/edit", i.EditIssueComment) 193 + r.Post("/edit", i.EditIssueComment) 194 + r.Get("/reply", i.ReplyIssueComment) 195 + r.Get("/replyPlaceholder", i.ReplyIssueCommentPlaceholder) 196 + }) 197 + }) 198 + 199 + r.Mount("/pulls", s.PullsRouter(mw)) 200 + r.Mount("/pipelines", s.PipelinesRouter()) 201 + r.Mount("/labels", s.LabelsRouter()) 202 + 203 + // These routes get proxied to the knot 204 + r.Get("/info/refs", s.InfoRefs) 205 + r.Post("/git-upload-pack", s.UploadPack) 206 + r.Post("/git-receive-pack", s.ReceivePack) 207 + }) 208 + }) 209 + 210 + r.NotFound(func(w http.ResponseWriter, r *http.Request) { 211 + pages.Error404(w) 212 + }) 213 + 214 + return r 215 + }

+2 -1

cmd/appview/main.go

··· 7 7 8 8 "tangled.org/core/appview/config" 9 9 "tangled.org/core/appview/state" 10 + "tangled.org/core/appview/web" 10 11 tlog "tangled.org/core/log" 11 12 ) 12 13 ··· 35 36 36 37 logger.Info("starting server", "address", c.Core.ListenAddr) 37 38 38 - if err := http.ListenAndServe(c.Core.ListenAddr, state.Router()); err != nil { 39 + if err := http.ListenAndServe(c.Core.ListenAddr, web.RouterFromState(state)); err != nil { 39 40 logger.Error("failed to start appview", "err", err) 40 41 } 41 42 }