| 8d8e815 | | | 1 | import type { FastifyInstance, FastifyRequest, FastifyReply } from "fastify"; |
| f0bb192 | | | 2 | import { z } from "zod"; |
| 90d5eb8 | | | 3 | import { spawn, execSync } from "child_process"; |
| 90d5eb8 | | | 4 | import { createWriteStream } from "fs"; |
| 90d5eb8 | | | 5 | import { mkdir, rm } from "fs/promises"; |
| 90d5eb8 | | | 6 | import { pipeline } from "stream/promises"; |
| 791afd4 | | | 7 | import { BridgeService } from "../services/bridge.js"; |
| 966d71f | | | 8 | import type { MononokeProvisioner } from "../services/mononoke-provisioner.js"; |
| 8d8e815 | | | 9 | import { optionalAuth } from "../auth/middleware.js"; |
| 3e3af55 | | | 10 | |
| 791afd4 | | | 11 | const BRIDGE_URL = |
| 791afd4 | | | 12 | process.env.GROVE_BRIDGE_URL ?? "http://localhost:3100"; |
| 59a80f9 | | | 13 | const DATA_DIR = process.env.GROVE_DATA_DIR ?? "/data/grove"; |
| 59a80f9 | | | 14 | const MONONOKE_CONFIG_PATH = |
| 59a80f9 | | | 15 | process.env.MONONOKE_CONFIG_PATH ?? "/data/grove/mononoke-config"; |
| 3e3af55 | | | 16 | |
| 791afd4 | | | 17 | const bridgeService = new BridgeService(BRIDGE_URL); |
| 3e3af55 | | | 18 | |
| 3e3af55 | | | 19 | export async function repoRoutes(app: FastifyInstance) { |
| 5e57b27 | | | 20 | const configuredHubApiUrl = process.env.GROVE_HUB_API_URL; |
| 5e57b27 | | | 21 | const HUB_API_URLS = Array.from( |
| 5e57b27 | | | 22 | new Set( |
| 5e57b27 | | | 23 | [ |
| 5e57b27 | | | 24 | configuredHubApiUrl, |
| 5e57b27 | | | 25 | "http://hub-api:4000", |
| 5e57b27 | | | 26 | "http://grove-hub-api:4000", |
| 5e57b27 | | | 27 | "http://localhost:4001", |
| 5e57b27 | | | 28 | ].filter(Boolean) |
| 5e57b27 | | | 29 | ) |
| 5e57b27 | | | 30 | ) as string[]; |
| 79efd41 | | | 31 | |
| 8d8e815 | | | 32 | /** |
| 8d8e815 | | | 33 | * Check if a user can access a private repo. |
| 8d8e815 | | | 34 | * Public repos are always accessible. Private repos require the user to be: |
| 8d8e815 | | | 35 | * - the repo owner (for user repos), or |
| 8d8e815 | | | 36 | * - a member of the owning org (for org repos) |
| 8d8e815 | | | 37 | */ |
| 8d8e815 | | | 38 | async function canAccessRepo(repoRow: any, userId: number | null): Promise<boolean> { |
| 8d8e815 | | | 39 | if (!repoRow.is_private) return true; |
| 8d8e815 | | | 40 | if (userId == null) return false; |
| 8d8e815 | | | 41 | if (repoRow.owner_type === "user") return repoRow.owner_id === userId; |
| 8d8e815 | | | 42 | // Org repo — check membership via hub API |
| 8d8e815 | | | 43 | for (const hubApiUrl of HUB_API_URLS) { |
| 8d8e815 | | | 44 | const controller = new AbortController(); |
| 8d8e815 | | | 45 | const timeout = setTimeout(() => controller.abort(), 3000); |
| 8d8e815 | | | 46 | try { |
| 8d8e815 | | | 47 | const res = await fetch(`${hubApiUrl}/api/orgs/${repoRow.owner_name}`, { |
| 8d8e815 | | | 48 | signal: controller.signal, |
| 8d8e815 | | | 49 | }); |
| 8d8e815 | | | 50 | if (!res.ok) continue; |
| 8d8e815 | | | 51 | const { members } = await res.json(); |
| 8d8e815 | | | 52 | return Array.isArray(members) && members.some((m: any) => m.user_id === userId); |
| 8d8e815 | | | 53 | } catch { |
| 8d8e815 | | | 54 | // try next |
| 8d8e815 | | | 55 | } finally { |
| 8d8e815 | | | 56 | clearTimeout(timeout); |
| 8d8e815 | | | 57 | } |
| 8d8e815 | | | 58 | } |
| 8d8e815 | | | 59 | return false; |
| 8d8e815 | | | 60 | } |
| 8d8e815 | | | 61 | |
| 8d8e815 | | | 62 | /** Middleware: resolve repo + enforce private access. Attaches repoRow to request. */ |
| 8d8e815 | | | 63 | async function resolveRepo(request: any, reply: any) { |
| 8d8e815 | | | 64 | const { owner, repo: repoName } = request.params; |
| 8d8e815 | | | 65 | const db = (app as any).db; |
| 8d8e815 | | | 66 | const repoRow = db |
| 8d8e815 | | | 67 | .prepare(`SELECT * FROM repos_with_owner WHERE owner_name = ? AND name = ?`) |
| 8d8e815 | | | 68 | .get(owner, repoName) as any; |
| 8d8e815 | | | 69 | |
| 8d8e815 | | | 70 | if (!repoRow) { |
| 8d8e815 | | | 71 | return reply.code(404).send({ error: "Repository not found" }); |
| 8d8e815 | | | 72 | } |
| 8d8e815 | | | 73 | const userId = (request.user as any)?.id ?? null; |
| 8d8e815 | | | 74 | if (!(await canAccessRepo(repoRow, userId))) { |
| 8d8e815 | | | 75 | // Return 404 for private repos to avoid leaking existence |
| 8d8e815 | | | 76 | return reply.code(404).send({ error: "Repository not found" }); |
| 8d8e815 | | | 77 | } |
| 8d8e815 | | | 78 | request.repoRow = repoRow; |
| 8d8e815 | | | 79 | } |
| 8d8e815 | | | 80 | |
| 3e3af55 | | | 81 | // List all repos |
| 8d8e815 | | | 82 | app.get( |
| 8d8e815 | | | 83 | "/", |
| 8d8e815 | | | 84 | { preHandler: [optionalAuth] }, |
| 8d8e815 | | | 85 | async (request: any) => { |
| 3e3af55 | | | 86 | const db = (app as any).db; |
| 8d8e815 | | | 87 | const userId = (request.user as any)?.id ?? null; |
| 8d8e815 | | | 88 | const allRepos = db |
| 79efd41 | | | 89 | .prepare(`SELECT * FROM repos_with_owner ORDER BY updated_at DESC`) |
| bc2f205 | | | 90 | .all() as any[]; |
| bc2f205 | | | 91 | |
| bc1b2ba | | | 92 | // Filter out private repos the user can't access. Org membership is |
| bc1b2ba | | | 93 | // resolved via canAccessRepo (hub API roundtrip per private org repo), |
| bc1b2ba | | | 94 | // not lazily — listing private repo names to non-members leaks |
| bc1b2ba | | | 95 | // existence and is a real auth bug. |
| bc1b2ba | | | 96 | const accessChecks = await Promise.all( |
| bc1b2ba | | | 97 | allRepos.map(async (r) => ({ r, ok: await canAccessRepo(r, userId) })), |
| 8d8e815 | | | 98 | ); |
| bc1b2ba | | | 99 | const repos = accessChecks.filter((x) => x.ok).map((x) => x.r); |
| 8d8e815 | | | 100 | |
| bc2f205 | | | 101 | const reposWithActivity = await Promise.all( |
| bc2f205 | | | 102 | repos.map(async (repo) => { |
| bc2f205 | | | 103 | try { |
| bc2f205 | | | 104 | const commits = await bridgeService.getCommits( |
| bc2f205 | | | 105 | repo.owner_name, |
| bc2f205 | | | 106 | repo.name, |
| bc2f205 | | | 107 | repo.default_branch ?? "main", |
| bc2f205 | | | 108 | { limit: 1 } |
| bc2f205 | | | 109 | ); |
| bc2f205 | | | 110 | const latest = commits[0]; |
| bc2f205 | | | 111 | return { |
| bc2f205 | | | 112 | ...repo, |
| bc2f205 | | | 113 | last_commit_ts: latest?.timestamp ?? null, |
| bc2f205 | | | 114 | }; |
| bc2f205 | | | 115 | } catch { |
| bc2f205 | | | 116 | return { |
| bc2f205 | | | 117 | ...repo, |
| bc2f205 | | | 118 | last_commit_ts: null, |
| bc2f205 | | | 119 | }; |
| bc2f205 | | | 120 | } |
| bc2f205 | | | 121 | }) |
| bc2f205 | | | 122 | ); |
| bc2f205 | | | 123 | |
| bc2f205 | | | 124 | reposWithActivity.sort((a, b) => { |
| bc2f205 | | | 125 | const aUpdatedTs = a.updated_at |
| bc2f205 | | | 126 | ? Math.floor(new Date(a.updated_at).getTime() / 1000) |
| bc2f205 | | | 127 | : 0; |
| bc2f205 | | | 128 | const bUpdatedTs = b.updated_at |
| bc2f205 | | | 129 | ? Math.floor(new Date(b.updated_at).getTime() / 1000) |
| bc2f205 | | | 130 | : 0; |
| bc2f205 | | | 131 | const aTs = a.last_commit_ts ?? aUpdatedTs; |
| bc2f205 | | | 132 | const bTs = b.last_commit_ts ?? bUpdatedTs; |
| bc2f205 | | | 133 | if (aTs !== bTs) return bTs - aTs; |
| bc2f205 | | | 134 | return String(a.name ?? "").localeCompare(String(b.name ?? "")); |
| bc2f205 | | | 135 | }); |
| bc2f205 | | | 136 | |
| bc2f205 | | | 137 | return { repos: reposWithActivity }; |
| 3e3af55 | | | 138 | }); |
| 3e3af55 | | | 139 | |
| f0bb192 | | | 140 | // Create a repo |
| f0bb192 | | | 141 | const createRepoSchema = z.object({ |
| f0bb192 | | | 142 | name: z.string().min(1).max(100), |
| f0bb192 | | | 143 | description: z.string().max(500).optional(), |
| f0bb192 | | | 144 | default_branch: z.string().default("main"), |
| 79efd41 | | | 145 | owner: z.string().optional(), |
| 8d8e815 | | | 146 | is_private: z.boolean().default(false), |
| 59129ad | | | 147 | skip_seed: z.boolean().default(false), |
| 8d8e815 | | | 148 | }); |
| 8d8e815 | | | 149 | |
| 8d8e815 | | | 150 | const updateRepoSchema = z.object({ |
| 8d8e815 | | | 151 | description: z.string().max(500).optional(), |
| 8d8e815 | | | 152 | is_private: z.boolean().optional(), |
| 8d8e815 | | | 153 | require_diffs: z.boolean().optional(), |
| e5b523e | | | 154 | pages_enabled: z.boolean().optional(), |
| e5b523e | | | 155 | pages_domain: z |
| e5b523e | | | 156 | .string() |
| e5b523e | | | 157 | .max(253) |
| e5b523e | | | 158 | .regex(/^[a-z0-9]([a-z0-9.-]*[a-z0-9])?(\.[a-z]{2,})+$/i) |
| e5b523e | | | 159 | .nullable() |
| e5b523e | | | 160 | .optional(), |
| f0bb192 | | | 161 | }); |
| f0bb192 | | | 162 | |
| f0bb192 | | | 163 | app.post( |
| f0bb192 | | | 164 | "/", |
| f0bb192 | | | 165 | { |
| f0bb192 | | | 166 | preHandler: [(app as any).authenticate], |
| f0bb192 | | | 167 | }, |
| f0bb192 | | | 168 | async (request: any, reply: any) => { |
| f0bb192 | | | 169 | const parsed = createRepoSchema.safeParse(request.body); |
| f0bb192 | | | 170 | if (!parsed.success) { |
| f0bb192 | | | 171 | return reply.code(400).send({ error: parsed.error.flatten() }); |
| f0bb192 | | | 172 | } |
| 59129ad | | | 173 | const { name, description, default_branch, owner: ownerName, is_private, skip_seed } = parsed.data; |
| f0bb192 | | | 174 | const userId = request.user.id; |
| 79efd41 | | | 175 | const username = request.user.username; |
| f0bb192 | | | 176 | const db = (app as any).db; |
| f0bb192 | | | 177 | |
| 79efd41 | | | 178 | let ownerId = userId; |
| 79efd41 | | | 179 | let ownerType = "user"; |
| 79efd41 | | | 180 | |
| 79efd41 | | | 181 | // If owner specified and differs from user, treat as org repo |
| 79efd41 | | | 182 | if (ownerName && ownerName !== username) { |
| 5e57b27 | | | 183 | let orgFound = false; |
| 5e57b27 | | | 184 | let sawNotFound = false; |
| 5e57b27 | | | 185 | const errors: Array<{ hubApiUrl: string; status?: number; error?: string }> = []; |
| 5e57b27 | | | 186 | |
| 5e57b27 | | | 187 | for (const hubApiUrl of HUB_API_URLS) { |
| 5e57b27 | | | 188 | const controller = new AbortController(); |
| 5e57b27 | | | 189 | const timeout = setTimeout(() => controller.abort(), 3000); |
| 5e57b27 | | | 190 | try { |
| 5e57b27 | | | 191 | const res = await fetch(`${hubApiUrl}/api/orgs/${ownerName}`, { |
| 5e57b27 | | | 192 | signal: controller.signal, |
| 5e57b27 | | | 193 | }); |
| 5e57b27 | | | 194 | |
| 5e57b27 | | | 195 | if (res.status === 404) { |
| 5e57b27 | | | 196 | sawNotFound = true; |
| 5e57b27 | | | 197 | errors.push({ hubApiUrl, status: 404 }); |
| 5e57b27 | | | 198 | continue; |
| 5e57b27 | | | 199 | } |
| 5e57b27 | | | 200 | if (!res.ok) { |
| 5e57b27 | | | 201 | errors.push({ hubApiUrl, status: res.status }); |
| 5e57b27 | | | 202 | continue; |
| 5e57b27 | | | 203 | } |
| 5e57b27 | | | 204 | |
| 5e57b27 | | | 205 | const { org, members } = await res.json(); |
| 5e57b27 | | | 206 | if (!Array.isArray(members)) { |
| 5e57b27 | | | 207 | errors.push({ hubApiUrl, error: "Invalid org response shape" }); |
| 5e57b27 | | | 208 | continue; |
| 5e57b27 | | | 209 | } |
| 5e57b27 | | | 210 | const isMember = members.some((m: any) => m.user_id === userId); |
| 5e57b27 | | | 211 | if (!isMember) { |
| 5e57b27 | | | 212 | return reply.code(403).send({ error: "Not a member of this organization" }); |
| 5e57b27 | | | 213 | } |
| 5e57b27 | | | 214 | ownerId = org.id; |
| 5e57b27 | | | 215 | ownerType = "org"; |
| 5e57b27 | | | 216 | orgFound = true; |
| 5e57b27 | | | 217 | // Sync org locally |
| 5e57b27 | | | 218 | (app as any).ensureLocalOrg({ id: org.id, name: org.name, display_name: org.display_name }); |
| 5e57b27 | | | 219 | break; |
| 5e57b27 | | | 220 | } catch (err: any) { |
| 5e57b27 | | | 221 | errors.push({ hubApiUrl, error: err?.message ?? "Unknown error" }); |
| 5e57b27 | | | 222 | } finally { |
| 5e57b27 | | | 223 | clearTimeout(timeout); |
| 79efd41 | | | 224 | } |
| 5e57b27 | | | 225 | } |
| 5e57b27 | | | 226 | |
| 5e57b27 | | | 227 | if (!orgFound) { |
| 5130d10 | | | 228 | app.log.error( |
| 5e57b27 | | | 229 | { ownerName, hubApiUrlsTried: HUB_API_URLS, errors }, |
| 5e57b27 | | | 230 | "Failed to validate org owner against hub API candidates" |
| 5130d10 | | | 231 | ); |
| 5e57b27 | | | 232 | |
| 5e57b27 | | | 233 | if (sawNotFound && errors.every((entry) => entry.status === 404)) { |
| 79efd41 | | | 234 | return reply.code(404).send({ error: "Organization not found" }); |
| 79efd41 | | | 235 | } |
| 5e57b27 | | | 236 | |
| 5130d10 | | | 237 | return reply.code(502).send({ error: "Organization service unavailable" }); |
| 79efd41 | | | 238 | } |
| 79efd41 | | | 239 | } |
| 79efd41 | | | 240 | |
| f0bb192 | | | 241 | const existing = db |
| 79efd41 | | | 242 | .prepare(`SELECT id FROM repos WHERE owner_id = ? AND owner_type = ? AND name = ?`) |
| 79efd41 | | | 243 | .get(ownerId, ownerType, name); |
| f0bb192 | | | 244 | |
| f0bb192 | | | 245 | if (existing) { |
| f0bb192 | | | 246 | return reply.code(409).send({ error: "Repository already exists" }); |
| f0bb192 | | | 247 | } |
| f0bb192 | | | 248 | |
| f0bb192 | | | 249 | const result = db |
| f0bb192 | | | 250 | .prepare( |
| 8d8e815 | | | 251 | `INSERT INTO repos (owner_id, owner_type, name, description, default_branch, is_private) |
| 8d8e815 | | | 252 | VALUES (?, ?, ?, ?, ?, ?)` |
| f0bb192 | | | 253 | ) |
| 8d8e815 | | | 254 | .run(ownerId, ownerType, name, description ?? null, default_branch, is_private ? 1 : 0); |
| f0bb192 | | | 255 | |
| 966d71f | | | 256 | // Provision Mononoke config for the new repo |
| 966d71f | | | 257 | const provisioner = (app as any).mononokeProvisioner as MononokeProvisioner; |
| 6c9fcae | | | 258 | let provisioned = false; |
| 966d71f | | | 259 | try { |
| 966d71f | | | 260 | const mononokeRepoId = provisioner.provisionRepo(name); |
| 966d71f | | | 261 | db.prepare("UPDATE repos SET mononoke_repo_id = ? WHERE id = ?") |
| 966d71f | | | 262 | .run(mononokeRepoId, result.lastInsertRowid); |
| 6c9fcae | | | 263 | provisioned = true; |
| 966d71f | | | 264 | } catch (err) { |
| 966d71f | | | 265 | app.log.error({ err, repoName: name }, "Failed to provision Mononoke config"); |
| 966d71f | | | 266 | } |
| 966d71f | | | 267 | |
| 6c9fcae | | | 268 | // Restart Mononoke so it picks up the new repo config |
| 6c9fcae | | | 269 | let restartOk = false; |
| 6c9fcae | | | 270 | if (provisioned) { |
| 6c9fcae | | | 271 | try { |
| 6c9fcae | | | 272 | await provisioner.restartMononoke(); |
| 6c9fcae | | | 273 | restartOk = true; |
| 6c9fcae | | | 274 | } catch (err) { |
| 6c9fcae | | | 275 | app.log.error({ err }, "Failed to restart Mononoke after repo provisioning"); |
| 6c9fcae | | | 276 | } |
| 6c9fcae | | | 277 | } |
| 6c9fcae | | | 278 | |
| c5a8edf | | | 279 | // Seed the repo with an initial commit (README.md with repo name) |
| 59129ad | | | 280 | if (restartOk && !skip_seed) { |
| c5a8edf | | | 281 | try { |
| c5a8edf | | | 282 | const res = await fetch(`${BRIDGE_URL}/repos/${name}/seed`, { |
| c5a8edf | | | 283 | method: "POST", |
| c5a8edf | | | 284 | headers: { "Content-Type": "application/json" }, |
| c5a8edf | | | 285 | body: JSON.stringify({ name, bookmark: default_branch }), |
| c5a8edf | | | 286 | signal: AbortSignal.timeout(10000), |
| c5a8edf | | | 287 | }); |
| c5a8edf | | | 288 | if (!res.ok) { |
| c5a8edf | | | 289 | const body = await res.text(); |
| c5a8edf | | | 290 | app.log.warn({ status: res.status, body, repoName: name }, "Seed endpoint returned non-OK"); |
| c5a8edf | | | 291 | } |
| c5a8edf | | | 292 | } catch (err) { |
| c5a8edf | | | 293 | app.log.warn({ err, repoName: name }, "Failed to seed initial commit (non-fatal)"); |
| c5a8edf | | | 294 | } |
| c5a8edf | | | 295 | } |
| c5a8edf | | | 296 | |
| f0bb192 | | | 297 | const repo = db |
| 79efd41 | | | 298 | .prepare(`SELECT * FROM repos_with_owner WHERE id = ?`) |
| f0bb192 | | | 299 | .get(result.lastInsertRowid); |
| f0bb192 | | | 300 | |
| 6c9fcae | | | 301 | return reply.code(201).send({ |
| 6c9fcae | | | 302 | repo, |
| 6c9fcae | | | 303 | ...(!restartOk && { warning: "Repository created but Mononoke restart failed. Push may not work until services are restarted." }), |
| 6c9fcae | | | 304 | }); |
| f0bb192 | | | 305 | } |
| f0bb192 | | | 306 | ); |
| f0bb192 | | | 307 | |
| ab61b9d | | | 308 | // Delete a repo |
| ab61b9d | | | 309 | app.delete<{ Params: { owner: string; repo: string } }>( |
| ab61b9d | | | 310 | "/:owner/:repo", |
| ab61b9d | | | 311 | { |
| ab61b9d | | | 312 | preHandler: [(app as any).authenticate], |
| ab61b9d | | | 313 | }, |
| ab61b9d | | | 314 | async (request: any, reply: any) => { |
| ab61b9d | | | 315 | const { owner, repo: repoName } = request.params; |
| ab61b9d | | | 316 | const userId = request.user.id; |
| ab61b9d | | | 317 | const db = (app as any).db; |
| ab61b9d | | | 318 | |
| ab61b9d | | | 319 | const repoRow = db |
| ab61b9d | | | 320 | .prepare(`SELECT * FROM repos_with_owner WHERE owner_name = ? AND name = ?`) |
| ab61b9d | | | 321 | .get(owner, repoName) as any; |
| ab61b9d | | | 322 | |
| ab61b9d | | | 323 | if (!repoRow) { |
| ab61b9d | | | 324 | return reply.code(404).send({ error: "Repository not found" }); |
| ab61b9d | | | 325 | } |
| ab61b9d | | | 326 | |
| ab61b9d | | | 327 | // Verify ownership |
| ab61b9d | | | 328 | if (repoRow.owner_type === "user") { |
| ab61b9d | | | 329 | if (repoRow.owner_id !== userId) { |
| ab61b9d | | | 330 | return reply.code(403).send({ error: "Not authorized to delete this repository" }); |
| ab61b9d | | | 331 | } |
| ab61b9d | | | 332 | } else { |
| ab61b9d | | | 333 | // Org repo — verify membership via hub API |
| ab61b9d | | | 334 | let authorized = false; |
| ab61b9d | | | 335 | for (const hubApiUrl of HUB_API_URLS) { |
| ab61b9d | | | 336 | const controller = new AbortController(); |
| ab61b9d | | | 337 | const timeout = setTimeout(() => controller.abort(), 3000); |
| ab61b9d | | | 338 | try { |
| ab61b9d | | | 339 | const res = await fetch(`${hubApiUrl}/api/orgs/${owner}`, { |
| ab61b9d | | | 340 | signal: controller.signal, |
| ab61b9d | | | 341 | }); |
| ab61b9d | | | 342 | if (!res.ok) continue; |
| ab61b9d | | | 343 | const { members } = await res.json(); |
| ab61b9d | | | 344 | if (Array.isArray(members) && members.some((m: any) => m.user_id === userId)) { |
| ab61b9d | | | 345 | authorized = true; |
| ab61b9d | | | 346 | } |
| ab61b9d | | | 347 | break; |
| ab61b9d | | | 348 | } catch { |
| ab61b9d | | | 349 | // try next |
| ab61b9d | | | 350 | } finally { |
| ab61b9d | | | 351 | clearTimeout(timeout); |
| ab61b9d | | | 352 | } |
| ab61b9d | | | 353 | } |
| ab61b9d | | | 354 | if (!authorized) { |
| ab61b9d | | | 355 | return reply.code(403).send({ error: "Not authorized to delete this repository" }); |
| ab61b9d | | | 356 | } |
| ab61b9d | | | 357 | } |
| ab61b9d | | | 358 | |
| ab61b9d | | | 359 | // Delete related data (respect FK constraints) |
| ab61b9d | | | 360 | db.prepare("DELETE FROM canopy_secrets WHERE repo_id = ?").run(repoRow.id); |
| ab61b9d | | | 361 | db.prepare("DELETE FROM pipeline_runs WHERE repo_id = ?").run(repoRow.id); |
| ab61b9d | | | 362 | db.prepare("DELETE FROM diffs WHERE repo_id = ?").run(repoRow.id); |
| ab61b9d | | | 363 | db.prepare("DELETE FROM repos WHERE id = ?").run(repoRow.id); |
| ab61b9d | | | 364 | |
| e5b523e | | | 365 | // Clean up pages if configured |
| e5b523e | | | 366 | if (repoRow.pages_domain) { |
| e5b523e | | | 367 | const pagesDeployer = (app as any).pagesDeployer; |
| e5b523e | | | 368 | if (pagesDeployer) { |
| e5b523e | | | 369 | pagesDeployer.undeploy(repoRow.pages_domain); |
| e5b523e | | | 370 | } |
| e5b523e | | | 371 | } |
| e5b523e | | | 372 | |
| 8d0dc12 | | | 373 | // Respond immediately — Mononoke cleanup happens in the background |
| 8d0dc12 | | | 374 | reply.code(204).send(); |
| 8d0dc12 | | | 375 | |
| 8d0dc12 | | | 376 | // Remove Mononoke config and restart (fire-and-forget) |
| ab61b9d | | | 377 | const provisioner = (app as any).mononokeProvisioner as MononokeProvisioner; |
| ab61b9d | | | 378 | try { |
| ab61b9d | | | 379 | provisioner.deprovisionRepo(repoName); |
| 8d0dc12 | | | 380 | provisioner.restartMononoke().catch((err) => { |
| 8d0dc12 | | | 381 | app.log.error({ err, repoName }, "Failed to restart Mononoke after repo deletion"); |
| 8d0dc12 | | | 382 | }); |
| ab61b9d | | | 383 | } catch (err) { |
| 8d0dc12 | | | 384 | app.log.error({ err, repoName }, "Failed to deprovision Mononoke after repo deletion"); |
| ab61b9d | | | 385 | } |
| ab61b9d | | | 386 | } |
| ab61b9d | | | 387 | ); |
| ab61b9d | | | 388 | |
| 8d8e815 | | | 389 | // Update repo settings |
| 8d8e815 | | | 390 | app.patch<{ Params: { owner: string; repo: string } }>( |
| 3e3af55 | | | 391 | "/:owner/:repo", |
| 8d8e815 | | | 392 | { |
| 8d8e815 | | | 393 | preHandler: [(app as any).authenticate], |
| 8d8e815 | | | 394 | }, |
| 8d8e815 | | | 395 | async (request: any, reply: any) => { |
| 8d8e815 | | | 396 | const { owner, repo: repoName } = request.params; |
| 8d8e815 | | | 397 | const userId = request.user.id; |
| 3e3af55 | | | 398 | const db = (app as any).db; |
| 3e3af55 | | | 399 | |
| 8d8e815 | | | 400 | const parsed = updateRepoSchema.safeParse(request.body); |
| 8d8e815 | | | 401 | if (!parsed.success) { |
| 8d8e815 | | | 402 | return reply.code(400).send({ error: parsed.error.flatten() }); |
| 8d8e815 | | | 403 | } |
| 8d8e815 | | | 404 | |
| 3e3af55 | | | 405 | const repoRow = db |
| 79efd41 | | | 406 | .prepare(`SELECT * FROM repos_with_owner WHERE owner_name = ? AND name = ?`) |
| 8d8e815 | | | 407 | .get(owner, repoName) as any; |
| 3e3af55 | | | 408 | |
| 3e3af55 | | | 409 | if (!repoRow) { |
| 3e3af55 | | | 410 | return reply.code(404).send({ error: "Repository not found" }); |
| 3e3af55 | | | 411 | } |
| 3e3af55 | | | 412 | |
| 8d8e815 | | | 413 | // Verify ownership |
| 8d8e815 | | | 414 | if (repoRow.owner_type === "user") { |
| 8d8e815 | | | 415 | if (repoRow.owner_id !== userId) { |
| 8d8e815 | | | 416 | return reply.code(403).send({ error: "Not authorized to update this repository" }); |
| 8d8e815 | | | 417 | } |
| 8d8e815 | | | 418 | } else { |
| 8d8e815 | | | 419 | // Org repo — verify membership via hub API |
| 8d8e815 | | | 420 | let authorized = false; |
| 8d8e815 | | | 421 | for (const hubApiUrl of HUB_API_URLS) { |
| 8d8e815 | | | 422 | const controller = new AbortController(); |
| 8d8e815 | | | 423 | const timeout = setTimeout(() => controller.abort(), 3000); |
| 8d8e815 | | | 424 | try { |
| 8d8e815 | | | 425 | const res = await fetch(`${hubApiUrl}/api/orgs/${owner}`, { |
| 8d8e815 | | | 426 | signal: controller.signal, |
| 8d8e815 | | | 427 | }); |
| 8d8e815 | | | 428 | if (!res.ok) continue; |
| 8d8e815 | | | 429 | const { members } = await res.json(); |
| 8d8e815 | | | 430 | if (Array.isArray(members) && members.some((m: any) => m.user_id === userId)) { |
| 8d8e815 | | | 431 | authorized = true; |
| 8d8e815 | | | 432 | } |
| 8d8e815 | | | 433 | break; |
| 8d8e815 | | | 434 | } catch { |
| 8d8e815 | | | 435 | // try next |
| 8d8e815 | | | 436 | } finally { |
| 8d8e815 | | | 437 | clearTimeout(timeout); |
| 8d8e815 | | | 438 | } |
| 8d8e815 | | | 439 | } |
| 8d8e815 | | | 440 | if (!authorized) { |
| 8d8e815 | | | 441 | return reply.code(403).send({ error: "Not authorized to update this repository" }); |
| 8d8e815 | | | 442 | } |
| 8d8e815 | | | 443 | } |
| 8d8e815 | | | 444 | |
| 8d8e815 | | | 445 | const updates = parsed.data; |
| 8d8e815 | | | 446 | const setClauses: string[] = []; |
| 8d8e815 | | | 447 | const values: any[] = []; |
| 8d8e815 | | | 448 | |
| 8d8e815 | | | 449 | if (updates.description !== undefined) { |
| 8d8e815 | | | 450 | setClauses.push("description = ?"); |
| 8d8e815 | | | 451 | values.push(updates.description); |
| 8d8e815 | | | 452 | } |
| 8d8e815 | | | 453 | if (updates.is_private !== undefined) { |
| 8d8e815 | | | 454 | setClauses.push("is_private = ?"); |
| 8d8e815 | | | 455 | values.push(updates.is_private ? 1 : 0); |
| 8d8e815 | | | 456 | } |
| 8d8e815 | | | 457 | if (updates.require_diffs !== undefined) { |
| 8d8e815 | | | 458 | setClauses.push("require_diffs = ?"); |
| 8d8e815 | | | 459 | values.push(updates.require_diffs ? 1 : 0); |
| 8d8e815 | | | 460 | } |
| e5b523e | | | 461 | if (updates.pages_enabled !== undefined) { |
| e5b523e | | | 462 | setClauses.push("pages_enabled = ?"); |
| e5b523e | | | 463 | values.push(updates.pages_enabled ? 1 : 0); |
| e5b523e | | | 464 | } |
| e5b523e | | | 465 | if (updates.pages_domain !== undefined) { |
| e5b523e | | | 466 | setClauses.push("pages_domain = ?"); |
| e5b523e | | | 467 | values.push(updates.pages_domain); |
| e5b523e | | | 468 | } |
| 8d8e815 | | | 469 | |
| 8d8e815 | | | 470 | if (setClauses.length === 0) { |
| 8d8e815 | | | 471 | return reply.code(400).send({ error: "No fields to update" }); |
| 8d8e815 | | | 472 | } |
| 8d8e815 | | | 473 | |
| 8d8e815 | | | 474 | setClauses.push("updated_at = datetime('now')"); |
| 8d8e815 | | | 475 | values.push(repoRow.id); |
| 8d8e815 | | | 476 | |
| ff50d03 | | | 477 | // Undeploy old deploy path if pages disabled or domain changed |
| e5b523e | | | 478 | const pagesDeployer = (app as any).pagesDeployer; |
| b5baf6d | | | 479 | const oldDeployInfo = pagesDeployer?.getDeployPath(repoRow.owner_name, repoRow.name); |
| ff50d03 | | | 480 | if (pagesDeployer && oldDeployInfo) { |
| e5b523e | | | 481 | if (updates.pages_enabled === false || |
| e5b523e | | | 482 | (updates.pages_domain !== undefined && updates.pages_domain !== repoRow.pages_domain)) { |
| ff50d03 | | | 483 | pagesDeployer.undeploy(oldDeployInfo.path); |
| e5b523e | | | 484 | } |
| e5b523e | | | 485 | } |
| e5b523e | | | 486 | |
| 8d8e815 | | | 487 | db.prepare(`UPDATE repos SET ${setClauses.join(", ")} WHERE id = ?`).run(...values); |
| 8d8e815 | | | 488 | |
| ff50d03 | | | 489 | // Trigger pages deploy if enabled |
| e5b523e | | | 490 | if (pagesDeployer && (updates.pages_enabled === true || updates.pages_domain !== undefined)) { |
| b5baf6d | | | 491 | void pagesDeployer.deploy(repoRow.owner_name, repoRow.name, repoRow.default_branch ?? "main").catch( |
| e5b523e | | | 492 | (err: any) => app.log.error({ err, repo: repoRow.name }, "Initial pages deploy failed") |
| e5b523e | | | 493 | ); |
| e5b523e | | | 494 | } |
| e5b523e | | | 495 | |
| 8d8e815 | | | 496 | const updated = db |
| 8d8e815 | | | 497 | .prepare(`SELECT * FROM repos_with_owner WHERE id = ?`) |
| 8d8e815 | | | 498 | .get(repoRow.id); |
| 8d8e815 | | | 499 | |
| 8d8e815 | | | 500 | return { repo: updated }; |
| 8d8e815 | | | 501 | } |
| 8d8e815 | | | 502 | ); |
| 8d8e815 | | | 503 | |
| 8d8e815 | | | 504 | // Get single repo |
| 8d8e815 | | | 505 | app.get<{ Params: { owner: string; repo: string } }>( |
| 8d8e815 | | | 506 | "/:owner/:repo", |
| 8d8e815 | | | 507 | { preHandler: [optionalAuth, resolveRepo] }, |
| 8d8e815 | | | 508 | async (request: any) => { |
| 8d8e815 | | | 509 | const { owner, repo } = request.params; |
| 8d8e815 | | | 510 | const repoRow = request.repoRow; |
| 8d8e815 | | | 511 | |
| 3e3af55 | | | 512 | const ref = repoRow.default_branch ?? "main"; |
| 791afd4 | | | 513 | const readme = await bridgeService.getReadme(owner, repo, ref); |
| 791afd4 | | | 514 | const branches = await bridgeService.getBranches(owner, repo); |
| 3e3af55 | | | 515 | |
| 3e3af55 | | | 516 | return { |
| 3e3af55 | | | 517 | repo: repoRow, |
| 3e3af55 | | | 518 | readme, |
| 3e3af55 | | | 519 | branches, |
| 3e3af55 | | | 520 | }; |
| 3e3af55 | | | 521 | } |
| 3e3af55 | | | 522 | ); |
| 3e3af55 | | | 523 | |
| 3e3af55 | | | 524 | // List directory tree |
| 3e3af55 | | | 525 | app.get<{ Params: { owner: string; repo: string; ref: string; "*": string } }>( |
| 3e3af55 | | | 526 | "/:owner/:repo/tree/:ref/*", |
| 8d8e815 | | | 527 | { preHandler: [optionalAuth, resolveRepo] }, |
| 8d8e815 | | | 528 | async (request: any, reply: any) => { |
| 3e3af55 | | | 529 | const { owner, repo, ref } = request.params; |
| 3e3af55 | | | 530 | const path = (request.params as any)["*"] ?? ""; |
| 3e3af55 | | | 531 | |
| 791afd4 | | | 532 | const entries = await bridgeService.listTree(owner, repo, ref, path); |
| 3e3af55 | | | 533 | if (!entries.length && path) { |
| 3e3af55 | | | 534 | return reply.code(404).send({ error: "Path not found" }); |
| 3e3af55 | | | 535 | } |
| 3e3af55 | | | 536 | |
| 3e3af55 | | | 537 | return { |
| 3e3af55 | | | 538 | path, |
| 3e3af55 | | | 539 | ref, |
| 8d8e815 | | | 540 | entries: entries.sort((a: any, b: any) => { |
| 3e3af55 | | | 541 | // Directories first, then files |
| 3e3af55 | | | 542 | if (a.type !== b.type) return a.type === "tree" ? -1 : 1; |
| 3e3af55 | | | 543 | return a.name.localeCompare(b.name); |
| 3e3af55 | | | 544 | }), |
| 3e3af55 | | | 545 | }; |
| 3e3af55 | | | 546 | } |
| 3e3af55 | | | 547 | ); |
| 3e3af55 | | | 548 | |
| 3e3af55 | | | 549 | // Also handle tree root (no path) |
| 3e3af55 | | | 550 | app.get<{ Params: { owner: string; repo: string; ref: string } }>( |
| 3e3af55 | | | 551 | "/:owner/:repo/tree/:ref", |
| 8d8e815 | | | 552 | { preHandler: [optionalAuth, resolveRepo] }, |
| 8d8e815 | | | 553 | async (request: any) => { |
| 3e3af55 | | | 554 | const { owner, repo, ref } = request.params; |
| 791afd4 | | | 555 | const entries = await bridgeService.listTree(owner, repo, ref, ""); |
| 3e3af55 | | | 556 | |
| 3e3af55 | | | 557 | return { |
| 3e3af55 | | | 558 | path: "", |
| 3e3af55 | | | 559 | ref, |
| 8d8e815 | | | 560 | entries: entries.sort((a: any, b: any) => { |
| 3e3af55 | | | 561 | if (a.type !== b.type) return a.type === "tree" ? -1 : 1; |
| 3e3af55 | | | 562 | return a.name.localeCompare(b.name); |
| 3e3af55 | | | 563 | }), |
| 3e3af55 | | | 564 | }; |
| 3e3af55 | | | 565 | } |
| 3e3af55 | | | 566 | ); |
| 3e3af55 | | | 567 | |
| 3e3af55 | | | 568 | // Get file content |
| 3e3af55 | | | 569 | app.get<{ Params: { owner: string; repo: string; ref: string; "*": string } }>( |
| 3e3af55 | | | 570 | "/:owner/:repo/blob/:ref/*", |
| 8d8e815 | | | 571 | { preHandler: [optionalAuth, resolveRepo] }, |
| 8d8e815 | | | 572 | async (request: any, reply: any) => { |
| 3e3af55 | | | 573 | const { owner, repo, ref } = request.params; |
| 3e3af55 | | | 574 | const path = (request.params as any)["*"]; |
| 3e3af55 | | | 575 | |
| 3e3af55 | | | 576 | if (!path) { |
| 3e3af55 | | | 577 | return reply.code(400).send({ error: "File path required" }); |
| 3e3af55 | | | 578 | } |
| 3e3af55 | | | 579 | |
| 791afd4 | | | 580 | const blob = await bridgeService.getBlob(owner, repo, ref, path); |
| 3e3af55 | | | 581 | if (!blob) { |
| 3e3af55 | | | 582 | return reply.code(404).send({ error: "File not found" }); |
| 3e3af55 | | | 583 | } |
| 3e3af55 | | | 584 | |
| 3e3af55 | | | 585 | return { |
| 3e3af55 | | | 586 | path, |
| 3e3af55 | | | 587 | ref, |
| 3e3af55 | | | 588 | content: blob.content, |
| 3e3af55 | | | 589 | size: blob.size, |
| 3e3af55 | | | 590 | }; |
| 3e3af55 | | | 591 | } |
| 3e3af55 | | | 592 | ); |
| 3e3af55 | | | 593 | |
| 3e3af55 | | | 594 | // Get commit history |
| 3e3af55 | | | 595 | app.get<{ |
| 3e3af55 | | | 596 | Params: { owner: string; repo: string; ref: string }; |
| 3e3af55 | | | 597 | Querystring: { path?: string; limit?: string; offset?: string }; |
| 3e3af55 | | | 598 | }>( |
| 3e3af55 | | | 599 | "/:owner/:repo/commits/:ref", |
| 8d8e815 | | | 600 | { preHandler: [optionalAuth, resolveRepo] }, |
| 8d8e815 | | | 601 | async (request: any) => { |
| 3e3af55 | | | 602 | const { owner, repo, ref } = request.params; |
| 3e3af55 | | | 603 | const { path, limit, offset } = request.query; |
| 3e3af55 | | | 604 | |
| 791afd4 | | | 605 | const commits = await bridgeService.getCommits(owner, repo, ref, { |
| 3e3af55 | | | 606 | path, |
| 3e3af55 | | | 607 | limit: limit ? parseInt(limit) : 30, |
| 3e3af55 | | | 608 | offset: offset ? parseInt(offset) : 0, |
| 3e3af55 | | | 609 | }); |
| 3e3af55 | | | 610 | |
| 3e3af55 | | | 611 | return { ref, commits }; |
| 3e3af55 | | | 612 | } |
| 3e3af55 | | | 613 | ); |
| 3e3af55 | | | 614 | |
| 3e3af55 | | | 615 | // Get blame |
| 3e3af55 | | | 616 | app.get<{ Params: { owner: string; repo: string; ref: string; "*": string } }>( |
| 3e3af55 | | | 617 | "/:owner/:repo/blame/:ref/*", |
| 8d8e815 | | | 618 | { preHandler: [optionalAuth, resolveRepo] }, |
| 8d8e815 | | | 619 | async (request: any, reply: any) => { |
| 3e3af55 | | | 620 | const { owner, repo, ref } = request.params; |
| 3e3af55 | | | 621 | const path = (request.params as any)["*"]; |
| 3e3af55 | | | 622 | |
| 3e3af55 | | | 623 | if (!path) { |
| 3e3af55 | | | 624 | return reply.code(400).send({ error: "File path required" }); |
| 3e3af55 | | | 625 | } |
| 3e3af55 | | | 626 | |
| 791afd4 | | | 627 | const blame = await bridgeService.getBlame(owner, repo, ref, path); |
| 3e3af55 | | | 628 | if (!blame.length) { |
| 3e3af55 | | | 629 | return reply.code(404).send({ error: "File not found" }); |
| 3e3af55 | | | 630 | } |
| 3e3af55 | | | 631 | |
| 3e3af55 | | | 632 | return { path, ref, blame }; |
| 3e3af55 | | | 633 | } |
| 3e3af55 | | | 634 | ); |
| 3e3af55 | | | 635 | |
| 3e3af55 | | | 636 | // Get diff between refs |
| 3e3af55 | | | 637 | app.get<{ |
| 3e3af55 | | | 638 | Params: { owner: string; repo: string }; |
| 3e3af55 | | | 639 | Querystring: { base: string; head: string }; |
| 3e3af55 | | | 640 | }>( |
| 3e3af55 | | | 641 | "/:owner/:repo/diff", |
| 8d8e815 | | | 642 | { preHandler: [optionalAuth, resolveRepo] }, |
| 8d8e815 | | | 643 | async (request: any) => { |
| 3e3af55 | | | 644 | const { owner, repo } = request.params; |
| 3e3af55 | | | 645 | const { base, head } = request.query; |
| 3e3af55 | | | 646 | |
| 99f1a2e | | | 647 | return await bridgeService.getDiff(owner, repo, base, head); |
| 3e3af55 | | | 648 | } |
| 3e3af55 | | | 649 | ); |
| 3e3af55 | | | 650 | |
| 3e3af55 | | | 651 | // List branches |
| 3e3af55 | | | 652 | app.get<{ Params: { owner: string; repo: string } }>( |
| 3e3af55 | | | 653 | "/:owner/:repo/branches", |
| 8d8e815 | | | 654 | { preHandler: [optionalAuth, resolveRepo] }, |
| 8d8e815 | | | 655 | async (request: any) => { |
| 3e3af55 | | | 656 | const { owner, repo } = request.params; |
| 791afd4 | | | 657 | const branches = await bridgeService.getBranches(owner, repo); |
| 3e3af55 | | | 658 | return { branches }; |
| 3e3af55 | | | 659 | } |
| 3e3af55 | | | 660 | ); |
| 59a80f9 | | | 661 | |
| 59a80f9 | | | 662 | // Import a Git repository (SSE progress stream) |
| 59a80f9 | | | 663 | const importSchema = z.object({ |
| 59a80f9 | | | 664 | url: z.string().url(), |
| 59a80f9 | | | 665 | }); |
| 59a80f9 | | | 666 | |
| 59a80f9 | | | 667 | app.post<{ Params: { owner: string; repo: string } }>( |
| 59a80f9 | | | 668 | "/:owner/:repo/import", |
| 59a80f9 | | | 669 | { |
| 59a80f9 | | | 670 | preHandler: [(app as any).authenticate], |
| 59a80f9 | | | 671 | }, |
| 59a80f9 | | | 672 | async (request, reply) => { |
| 59a80f9 | | | 673 | const { owner, repo: repoName } = request.params; |
| 59a80f9 | | | 674 | const parsed = importSchema.safeParse(request.body); |
| 59a80f9 | | | 675 | if (!parsed.success) { |
| 59a80f9 | | | 676 | return reply.code(400).send({ error: parsed.error.flatten() }); |
| 59a80f9 | | | 677 | } |
| 59a80f9 | | | 678 | const { url } = parsed.data; |
| 59a80f9 | | | 679 | const db = (app as any).db; |
| 59a80f9 | | | 680 | |
| 59a80f9 | | | 681 | // Verify repo exists |
| 59a80f9 | | | 682 | const repoRow = db |
| 59a80f9 | | | 683 | .prepare(`SELECT * FROM repos_with_owner WHERE owner_name = ? AND name = ?`) |
| 59a80f9 | | | 684 | .get(owner, repoName) as any; |
| 59a80f9 | | | 685 | if (!repoRow) { |
| 59a80f9 | | | 686 | return reply.code(404).send({ error: "Repository not found" }); |
| 59a80f9 | | | 687 | } |
| 59a80f9 | | | 688 | |
| 59a80f9 | | | 689 | // SSE stream |
| 59a80f9 | | | 690 | reply.raw.writeHead(200, { |
| 59a80f9 | | | 691 | "Content-Type": "text/event-stream", |
| 59a80f9 | | | 692 | "Cache-Control": "no-cache", |
| 59a80f9 | | | 693 | Connection: "keep-alive", |
| 59a80f9 | | | 694 | }); |
| 59a80f9 | | | 695 | |
| 59a80f9 | | | 696 | const send = (event: string, data: any) => { |
| 59a80f9 | | | 697 | reply.raw.write(`event: ${event}\ndata: ${JSON.stringify(data)}\n\n`); |
| 59a80f9 | | | 698 | }; |
| 59a80f9 | | | 699 | |
| 59a80f9 | | | 700 | try { |
| 59a80f9 | | | 701 | // Step 1: git clone --bare via docker (grove/mononoke image has git) |
| 59a80f9 | | | 702 | const bareRepo = `${DATA_DIR}/${repoName}-bare.git`; |
| 59a80f9 | | | 703 | send("progress", { step: "clone", message: `Cloning ${url}...` }); |
| 59a80f9 | | | 704 | |
| 59a80f9 | | | 705 | await runDocker([ |
| 59a80f9 | | | 706 | "run", "--rm", |
| 59a80f9 | | | 707 | "-v", "/data/grove:/data/grove", |
| 59a80f9 | | | 708 | "grove/mononoke:latest", |
| 59a80f9 | | | 709 | "/usr/bin/git", "clone", "--bare", url, bareRepo, |
| 59a80f9 | | | 710 | ], (line) => { |
| 59a80f9 | | | 711 | send("log", { step: "clone", line }); |
| 59a80f9 | | | 712 | }); |
| 59a80f9 | | | 713 | |
| 59a80f9 | | | 714 | send("progress", { step: "clone", message: "Clone complete." }); |
| 59a80f9 | | | 715 | |
| 59a80f9 | | | 716 | // Step 2: gitimport into Mononoke |
| 59a80f9 | | | 717 | send("progress", { step: "import", message: "Importing into Mononoke..." }); |
| 59a80f9 | | | 718 | |
| 59a80f9 | | | 719 | await runDocker([ |
| 59a80f9 | | | 720 | "run", "--rm", |
| 59a80f9 | | | 721 | "-v", "/data/grove:/data/grove", |
| 416062b | | | 722 | "--entrypoint", "gitimport", |
| 59a80f9 | | | 723 | "grove/mononoke:latest", |
| 416062b | | | 724 | "--repo-name", repoName, |
| 416062b | | | 725 | "--config-path", MONONOKE_CONFIG_PATH, |
| 416062b | | | 726 | "--local-configerator-path", `${DATA_DIR}/configerator`, |
| 416062b | | | 727 | "--cache-mode", "disabled", |
| 416062b | | | 728 | "--just-knobs-config-path", `${DATA_DIR}/justknobs.json`, |
| 416062b | | | 729 | "--generate-bookmarks", |
| 416062b | | | 730 | "--derive-hg", |
| 416062b | | | 731 | "--git-command-path", "/usr/bin/git", |
| 416062b | | | 732 | "--concurrency", "5", |
| 416062b | | | 733 | bareRepo, |
| 416062b | | | 734 | "full-repo", |
| 59a80f9 | | | 735 | ], (line) => { |
| 59a80f9 | | | 736 | send("log", { step: "import", line }); |
| 59a80f9 | | | 737 | }); |
| 59a80f9 | | | 738 | |
| 59a80f9 | | | 739 | send("progress", { step: "import", message: "Import complete." }); |
| 59a80f9 | | | 740 | |
| 59a80f9 | | | 741 | // Step 3: Restart Mononoke services to pick up the imported data |
| 59a80f9 | | | 742 | send("progress", { step: "restart", message: "Restarting services..." }); |
| 59a80f9 | | | 743 | |
| 59a80f9 | | | 744 | const provisioner = (app as any).mononokeProvisioner as MononokeProvisioner; |
| 59a80f9 | | | 745 | await provisioner.restartMononoke(); |
| 59a80f9 | | | 746 | |
| 59a80f9 | | | 747 | send("progress", { step: "restart", message: "Services restarted." }); |
| 59a80f9 | | | 748 | |
| 59a80f9 | | | 749 | // Clean up the bare clone |
| 59a80f9 | | | 750 | await runDocker([ |
| 59a80f9 | | | 751 | "run", "--rm", |
| 59a80f9 | | | 752 | "-v", "/data/grove:/data/grove", |
| 59a80f9 | | | 753 | "grove/mononoke:latest", |
| 59a80f9 | | | 754 | "rm", "-rf", bareRepo, |
| 59a80f9 | | | 755 | ], () => {}); |
| 59a80f9 | | | 756 | |
| 59a80f9 | | | 757 | send("done", { success: true }); |
| 59a80f9 | | | 758 | } catch (err: any) { |
| 59a80f9 | | | 759 | send("error", { message: err.message ?? "Import failed" }); |
| 59a80f9 | | | 760 | } |
| 59a80f9 | | | 761 | |
| 59a80f9 | | | 762 | reply.raw.end(); |
| 59a80f9 | | | 763 | } |
| 59a80f9 | | | 764 | ); |
| 90d5eb8 | | | 765 | |
| 90d5eb8 | | | 766 | // Import a Git repository from an uploaded bare repo tarball (SSE progress stream) |
| 90d5eb8 | | | 767 | app.post<{ Params: { owner: string; repo: string } }>( |
| 90d5eb8 | | | 768 | "/:owner/:repo/import-bundle", |
| 90d5eb8 | | | 769 | { |
| 90d5eb8 | | | 770 | preHandler: [(app as any).authenticate], |
| 90d5eb8 | | | 771 | }, |
| 90d5eb8 | | | 772 | async (request, reply) => { |
| 90d5eb8 | | | 773 | const { owner, repo: repoName } = request.params; |
| 90d5eb8 | | | 774 | const db = (app as any).db; |
| 90d5eb8 | | | 775 | |
| 90d5eb8 | | | 776 | // Verify repo exists |
| 90d5eb8 | | | 777 | const repoRow = db |
| 90d5eb8 | | | 778 | .prepare(`SELECT * FROM repos_with_owner WHERE owner_name = ? AND name = ?`) |
| 90d5eb8 | | | 779 | .get(owner, repoName) as any; |
| 90d5eb8 | | | 780 | if (!repoRow) { |
| 90d5eb8 | | | 781 | return reply.code(404).send({ error: "Repository not found" }); |
| 90d5eb8 | | | 782 | } |
| 90d5eb8 | | | 783 | |
| 90d5eb8 | | | 784 | // Read the uploaded file |
| 90d5eb8 | | | 785 | const file = await (request as any).file(); |
| 90d5eb8 | | | 786 | if (!file) { |
| 90d5eb8 | | | 787 | return reply.code(400).send({ error: "No file uploaded" }); |
| 90d5eb8 | | | 788 | } |
| 90d5eb8 | | | 789 | |
| 90d5eb8 | | | 790 | // SSE stream |
| 90d5eb8 | | | 791 | reply.raw.writeHead(200, { |
| 90d5eb8 | | | 792 | "Content-Type": "text/event-stream", |
| 90d5eb8 | | | 793 | "Cache-Control": "no-cache", |
| 90d5eb8 | | | 794 | Connection: "keep-alive", |
| 90d5eb8 | | | 795 | }); |
| 90d5eb8 | | | 796 | |
| 90d5eb8 | | | 797 | const send = (event: string, data: any) => { |
| 90d5eb8 | | | 798 | reply.raw.write(`event: ${event}\ndata: ${JSON.stringify(data)}\n\n`); |
| 90d5eb8 | | | 799 | }; |
| 90d5eb8 | | | 800 | |
| 90d5eb8 | | | 801 | const bareRepo = `${DATA_DIR}/${repoName}-bare.git`; |
| 90d5eb8 | | | 802 | const tarPath = `${DATA_DIR}/${repoName}-bare.tar.gz`; |
| 90d5eb8 | | | 803 | |
| 90d5eb8 | | | 804 | try { |
| 90d5eb8 | | | 805 | // Step 1: Save uploaded tarball and extract |
| 90d5eb8 | | | 806 | send("progress", { step: "upload", message: "Receiving bare repo..." }); |
| 90d5eb8 | | | 807 | |
| 90d5eb8 | | | 808 | await pipeline(file.file, createWriteStream(tarPath)); |
| 90d5eb8 | | | 809 | |
| 90d5eb8 | | | 810 | send("progress", { step: "upload", message: "Extracting..." }); |
| 90d5eb8 | | | 811 | |
| 90d5eb8 | | | 812 | await rm(bareRepo, { recursive: true, force: true }); |
| 90d5eb8 | | | 813 | |
| 90d5eb8 | | | 814 | await runDocker([ |
| 90d5eb8 | | | 815 | "run", "--rm", |
| 90d5eb8 | | | 816 | "-v", "/data/grove:/data/grove", |
| ea47cea | | | 817 | "--entrypoint", "tar", |
| 90d5eb8 | | | 818 | "grove/mononoke:latest", |
| ea47cea | | | 819 | "xzf", tarPath, "-C", `${DATA_DIR}`, |
| 90d5eb8 | | | 820 | ], (line) => { |
| 90d5eb8 | | | 821 | send("log", { step: "upload", line }); |
| 90d5eb8 | | | 822 | }); |
| 90d5eb8 | | | 823 | |
| 90d5eb8 | | | 824 | // The tar extracts as bare.git/ — rename to match expected path |
| ea47cea | | | 825 | await runDocker([ |
| ea47cea | | | 826 | "run", "--rm", |
| ea47cea | | | 827 | "-v", "/data/grove:/data/grove", |
| 416062b | | | 828 | "--entrypoint", "sh", |
| ea47cea | | | 829 | "grove/mononoke:latest", |
| 416062b | | | 830 | "-c", `mv ${DATA_DIR}/bare.git ${bareRepo} 2>/dev/null; chown -R root:root ${bareRepo}`, |
| 416062b | | | 831 | ], () => {}); |
| 90d5eb8 | | | 832 | |
| 90d5eb8 | | | 833 | send("progress", { step: "upload", message: "Extracted." }); |
| 90d5eb8 | | | 834 | |
| 90d5eb8 | | | 835 | // Step 2: gitimport into Mononoke |
| 90d5eb8 | | | 836 | send("progress", { step: "import", message: "Importing into Mononoke..." }); |
| 90d5eb8 | | | 837 | |
| 90d5eb8 | | | 838 | await runDocker([ |
| 90d5eb8 | | | 839 | "run", "--rm", |
| 90d5eb8 | | | 840 | "-v", "/data/grove:/data/grove", |
| 416062b | | | 841 | "--entrypoint", "gitimport", |
| 90d5eb8 | | | 842 | "grove/mononoke:latest", |
| 416062b | | | 843 | "--repo-name", repoName, |
| 416062b | | | 844 | "--config-path", MONONOKE_CONFIG_PATH, |
| 416062b | | | 845 | "--local-configerator-path", `${DATA_DIR}/configerator`, |
| 416062b | | | 846 | "--cache-mode", "disabled", |
| 416062b | | | 847 | "--just-knobs-config-path", `${DATA_DIR}/justknobs.json`, |
| 416062b | | | 848 | "--generate-bookmarks", |
| 416062b | | | 849 | "--derive-hg", |
| 416062b | | | 850 | "--git-command-path", "/usr/bin/git", |
| 416062b | | | 851 | "--concurrency", "5", |
| 416062b | | | 852 | bareRepo, |
| 416062b | | | 853 | "full-repo", |
| 90d5eb8 | | | 854 | ], (line) => { |
| 90d5eb8 | | | 855 | send("log", { step: "import", line }); |
| 90d5eb8 | | | 856 | }); |
| 90d5eb8 | | | 857 | |
| 6d52207 | | | 858 | // Create Sapling-style bookmark (gitimport creates "heads/main", Sapling needs "main") |
| 6d52207 | | | 859 | send("progress", { step: "import", message: "Creating bookmarks..." }); |
| 6d52207 | | | 860 | |
| 6d52207 | | | 861 | await runDocker([ |
| 6d52207 | | | 862 | "run", "--rm", |
| 6d52207 | | | 863 | "-v", "/data/grove:/data/grove", |
| 6d52207 | | | 864 | "--entrypoint", "sh", |
| 6d52207 | | | 865 | "grove/mononoke:latest", |
| 6d52207 | | | 866 | "-c", |
| 6d52207 | | | 867 | `CSID=$(admin --config-path ${MONONOKE_CONFIG_PATH} --local-configerator-path ${DATA_DIR}/configerator --cache-mode disabled --just-knobs-config-path ${DATA_DIR}/justknobs.json bookmarks --repo-name ${repoName} list 2>/dev/null | grep 'heads/main' | awk '{print $1}') && admin --config-path ${MONONOKE_CONFIG_PATH} --local-configerator-path ${DATA_DIR}/configerator --cache-mode disabled --just-knobs-config-path ${DATA_DIR}/justknobs.json bookmarks --repo-name ${repoName} set main $CSID`, |
| 6d52207 | | | 868 | ], (line) => { |
| 6d52207 | | | 869 | send("log", { step: "import", line }); |
| 6d52207 | | | 870 | }); |
| 6d52207 | | | 871 | |
| 90d5eb8 | | | 872 | send("progress", { step: "import", message: "Import complete." }); |
| 90d5eb8 | | | 873 | |
| 90d5eb8 | | | 874 | // Step 3: Restart Mononoke services |
| 90d5eb8 | | | 875 | send("progress", { step: "restart", message: "Restarting services..." }); |
| 90d5eb8 | | | 876 | |
| 90d5eb8 | | | 877 | const provisioner = (app as any).mononokeProvisioner as MononokeProvisioner; |
| 90d5eb8 | | | 878 | await provisioner.restartMononoke(); |
| 90d5eb8 | | | 879 | |
| 90d5eb8 | | | 880 | send("progress", { step: "restart", message: "Services restarted." }); |
| 90d5eb8 | | | 881 | |
| 90d5eb8 | | | 882 | // Clean up |
| 90d5eb8 | | | 883 | await runDocker([ |
| 90d5eb8 | | | 884 | "run", "--rm", |
| 90d5eb8 | | | 885 | "-v", "/data/grove:/data/grove", |
| ea47cea | | | 886 | "--entrypoint", "rm", |
| 90d5eb8 | | | 887 | "grove/mononoke:latest", |
| ea47cea | | | 888 | "-rf", bareRepo, tarPath, |
| 90d5eb8 | | | 889 | ], () => {}); |
| 90d5eb8 | | | 890 | |
| 90d5eb8 | | | 891 | send("done", { success: true }); |
| 90d5eb8 | | | 892 | } catch (err: any) { |
| 90d5eb8 | | | 893 | // Clean up on error |
| 90d5eb8 | | | 894 | await runDocker([ |
| 90d5eb8 | | | 895 | "run", "--rm", |
| 90d5eb8 | | | 896 | "-v", "/data/grove:/data/grove", |
| ea47cea | | | 897 | "--entrypoint", "rm", |
| 90d5eb8 | | | 898 | "grove/mononoke:latest", |
| ea47cea | | | 899 | "-rf", bareRepo, tarPath, |
| 90d5eb8 | | | 900 | ], () => {}).catch(() => {}); |
| 90d5eb8 | | | 901 | |
| 90d5eb8 | | | 902 | send("error", { message: err.message ?? "Import failed" }); |
| 90d5eb8 | | | 903 | } |
| 90d5eb8 | | | 904 | |
| 90d5eb8 | | | 905 | reply.raw.end(); |
| 90d5eb8 | | | 906 | } |
| 90d5eb8 | | | 907 | ); |
| 59a80f9 | | | 908 | } |
| 59a80f9 | | | 909 | |
| 59a80f9 | | | 910 | /** |
| 59a80f9 | | | 911 | * Run a docker command, streaming stdout/stderr line-by-line to a callback. |
| 59a80f9 | | | 912 | * Rejects on non-zero exit code. |
| 59a80f9 | | | 913 | */ |
| 59a80f9 | | | 914 | function runDocker( |
| 59a80f9 | | | 915 | args: string[], |
| 59a80f9 | | | 916 | onLine: (line: string) => void |
| 59a80f9 | | | 917 | ): Promise<void> { |
| 59a80f9 | | | 918 | return new Promise((resolve, reject) => { |
| 59a80f9 | | | 919 | const proc = spawn("docker", args); |
| 59a80f9 | | | 920 | let stderr = ""; |
| 59a80f9 | | | 921 | |
| 59a80f9 | | | 922 | const handleData = (data: Buffer) => { |
| 59a80f9 | | | 923 | const text = data.toString(); |
| 59a80f9 | | | 924 | for (const line of text.split("\n")) { |
| 59a80f9 | | | 925 | const trimmed = line.trimEnd(); |
| 59a80f9 | | | 926 | if (trimmed) onLine(trimmed); |
| 59a80f9 | | | 927 | } |
| 59a80f9 | | | 928 | }; |
| 59a80f9 | | | 929 | |
| 59a80f9 | | | 930 | proc.stdout.on("data", handleData); |
| 59a80f9 | | | 931 | proc.stderr.on("data", (data: Buffer) => { |
| 59a80f9 | | | 932 | stderr += data.toString(); |
| 59a80f9 | | | 933 | handleData(data); |
| 59a80f9 | | | 934 | }); |
| 59a80f9 | | | 935 | |
| 59a80f9 | | | 936 | proc.on("close", (code) => { |
| 59a80f9 | | | 937 | if (code === 0) resolve(); |
| 59a80f9 | | | 938 | else reject(new Error(stderr.trim() || `docker exited with code ${code}`)); |
| 59a80f9 | | | 939 | }); |
| 59a80f9 | | | 940 | |
| 59a80f9 | | | 941 | proc.on("error", reject); |
| 59a80f9 | | | 942 | }); |
| 3e3af55 | | | 943 | } |