alexei.dolgolyov/tiny-forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
410a131cec63e1071aa0bbbf4b091ebf8a71a5c0
tiny-forge/internal/staticsite/gitlab_provider.go
T
alexei.dolgolyov ea55d31177
Build / build (push) Successful in 10m43s
Details
feat(discovery+runtime): restore static-site wizard discovery + close /sites/[id] feature parity 
Two-stage feature arc closing the gaps left by the hard legacy cutover.
The static-site creation wizard regains its auto-discovery + connection-test
flow; /apps/[id] grows the runtime/storage/lifecycle surface the legacy
/sites/[id] page used to expose.

Backend (Go)
- internal/api/discovery.go: six admin-gated endpoints wrapping
  staticsite.GitProvider — POST /api/discovery/git/{detect-provider,
  test-connection,repos,branches,tree} + GET /api/discovery/image/conflicts.
  Identifier validation (validateGitIdent / validateGitBranch) at the
  boundary so provider URL interpolation cannot be hijacked via `..`.
  Upstream errors scrubbed: detailed slog on the server, generic 502 to
  the client (mitigates token-reflection-in-error-page).
- internal/api/workload_runtime.go: four endpoints —
  GET /api/workloads/{id}/runtime-state decodes containers.extra_json for
  static workloads; GET /api/workloads/{id}/storage execs `du -sb /app/data`
  with a 30s in-process cache (storageProbeCache) so polling can't turn
  into per-request execs; POST /api/workloads/{id}/{stop,start} iterate
  ListContainersByWorkload and call docker.StopContainer / StartContainer,
  returning 200 / 409 (nothing to act on) / 502 (all failed).
- internal/staticsite/safehttp.go: NewSafeHTTPClient + ValidateBaseURL +
  blockReason. DialContext re-resolves hostnames and refuses loopback /
  link-local / multicast / unspecified addresses. RFC1918 + ULA explicitly
  allowed (self-hosted Gitea on LAN is the dominant deployment).
  Replaced four raw &http.Client{} constructions in the provider files.
- internal/staticsite/gitlab_provider.go: url.PathEscape each segment in
  the raw-file URL builder for parity with projectPath().
- Test coverage: 26 cases in discovery_test.go (image-tag stripping,
  source-config decoding, conflict scenarios, validator boundaries,
  scheme rejection), 14 in workload_runtime_test.go (404 / 409 / nil-docker
  / probe-cache), 16 in safehttp_test.go (URL validation + block-reason
  policy matrix + live dial against loopback + AWS metadata literals).

Frontend (Svelte 5 + runes)
- web/src/lib/api.ts: typed wrappers for every endpoint, AbortSignal
  threaded through post(); ApiError exported so callers can narrow on
  e.status; new DetectedGitProvider narrow union.
- web/src/routes/apps/new/+page.svelte: static-form discovery controls
  (auto-detect provider, test connection, repo / branch / folder
  EntityPickers, Deno auto-detect); image-form conflict panel with
  debounced lookup + double-click submit guard ("Forge anyway") + Inspect
  button that pre-fills port/healthcheck; English error fallbacks routed
  through apps.new.errors.* (en + ru).
- web/src/routes/apps/[id]/+page.svelte: runtime-state panel + storage
  panel + Stop / Start / Open-site toolbar; universal live-state badge
  in the hero lede for image/compose/static (RUNNING / TRANSITIONING /
  STOPPED / NOT DEPLOYED / MIXED · n/m RUNNING); ContainerStats panel
  per row (auto-collapsing native <details> when N > 2); read-only
  webhook bindings summary card; responsive toolbar overflow with native
  <details> at <640px (z-index 100 above sticky nav).
- web/src/app.css: project-wide .forge-btn-ghost:focus-visible outline.

Hardening from go-reviewer + security-reviewer + typescript-reviewer +
frontend-design UI/UX subagents (0 CRITICAL, all HIGH/BLOCKER addressed
inline, IMPORTANT applied before commit):
- AbortController + per-call sequence tokens on every long-running
  fetch (loadRuntimeState / loadStorage / loadTriggerMeta / inspectImage /
  listImageConflicts) plus onDestroy cleanup so late resolves cannot
  mutate dead component state.
- doStop / doStart snapshot and restore `error` across the finally-block
  reload so a load()-cleared message doesn't hide a real failure.
- triggersById refreshed after inline trigger creation so the webhook
  card doesn't silently exclude the just-created trigger.
- Live-state badge wraps in role=status / aria-live=polite (no redundant
  aria-label).
- Webhook row has a single click target (was two pointing at the same URL).
- Empty webhook section hides entirely.
- Dropped role=menu / role=menuitem from the overflow menu (they would
  promise arrow-key nav we don't wire; native Tab + ESC carry it).

Doc
- docs/CODEMAPS/INDEX.md + new docs/CODEMAPS/discovery-and-runtime.md
  map the endpoint surface, security posture, frontend integration
  patterns, and an "add a new probe" recipe.

Verification
- svelte-check: 0 errors, 3 pre-existing a11y warnings.
- go build + go vet + go test ./...: all green.
- i18n parity: en + ru at 1413 keys each.
- Live smoke against :8090: 404 / 409 / 502 envelopes correct, discovery
  sanity passes, ProbeError surfaces on no-container path.
2026-05-16 21:35:51 +03:00

269 lines
6.9 KiB
Go
Raw Blame History

package staticsite
import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"os"
"path/filepath"
"strings"
"time"
)
// GitLabProvider implements GitProvider for GitLab repositories.
type GitLabProvider struct {
apiBase string // e.g., "https://gitlab.com/api/v4"
rawBase string // e.g., "https://gitlab.com"
token string
httpClient *http.Client
}
// NewGitLabProvider creates a new GitLab provider.
// baseURL should be "https://gitlab.com" or a self-hosted GitLab URL.
func NewGitLabProvider(baseURL, token string) *GitLabProvider {
base := strings.TrimRight(baseURL, "/")
return &GitLabProvider{
apiBase: base + "/api/v4",
rawBase: base,
token: token,
httpClient: NewSafeHTTPClient(60 * time.Second),
}
}
func (g *GitLabProvider) Name() string { return "gitlab" }
// projectPath returns the URL-encoded project path (owner/repo → owner%2Frepo).
func projectPath(owner, repo string) string {
return url.PathEscape(owner + "/" + repo)
}
func (g *GitLabProvider) ListRepos(ctx context.Context, query string) ([]RepoInfo, error) {
var allRepos []RepoInfo
page := 1
for {
apiURL := fmt.Sprintf("%s/projects?membership=true&per_page=100&page=%d&order_by=last_activity_at", g.apiBase, page)
if query != "" {
apiURL += "&search=" + url.QueryEscape(query)
}
body, err := g.doGet(ctx, apiURL)
if err != nil {
return nil, fmt.Errorf("list repos: %w", err)
}
var projects []struct {
PathWithNamespace string `json:"path_with_namespace"`
Name string `json:"name"`
Description string `json:"description"`
Visibility string `json:"visibility"`
WebURL string `json:"web_url"`
Namespace struct {
Path string `json:"path"`
} `json:"namespace"`
}
if err := json.Unmarshal(body, &projects); err != nil {
return nil, fmt.Errorf("decode repos: %w", err)
}
for _, p := range projects {
allRepos = append(allRepos, RepoInfo{
Owner: p.Namespace.Path,
Name: p.Name,
FullName: p.PathWithNamespace,
Description: p.Description,
Private: p.Visibility != "public",
HTMLURL: p.WebURL,
})
}
if len(projects) < 100 {
break
}
page++
}
return allRepos, nil
}
func (g *GitLabProvider) TestConnection(ctx context.Context, owner, repo string) error {
apiURL := fmt.Sprintf("%s/projects/%s", g.apiBase, projectPath(owner, repo))
_, err := g.doGet(ctx, apiURL)
return err
}
func (g *GitLabProvider) ListBranches(ctx context.Context, owner, repo string) ([]string, error) {
var allBranches []string
page := 1
for {
apiURL := fmt.Sprintf("%s/projects/%s/repository/branches?per_page=100&page=%d",
g.apiBase, projectPath(owner, repo), page)
body, err := g.doGet(ctx, apiURL)
if err != nil {
return nil, fmt.Errorf("list branches: %w", err)
}
var branches []struct {
Name string `json:"name"`
}
if err := json.Unmarshal(body, &branches); err != nil {
return nil, fmt.Errorf("decode branches: %w", err)
}
for _, b := range branches {
allBranches = append(allBranches, b.Name)
}
if len(branches) < 100 {
break
}
page++
}
return allBranches, nil
}
func (g *GitLabProvider) GetLatestCommitSHA(ctx context.Context, owner, repo, branch string) (string, error) {
apiURL := fmt.Sprintf("%s/projects/%s/repository/branches/%s",
g.apiBase, projectPath(owner, repo), url.PathEscape(branch))
body, err := g.doGet(ctx, apiURL)
if err != nil {
return "", fmt.Errorf("get branch: %w", err)
}
var result struct {
Commit struct {
ID string `json:"id"`
} `json:"commit"`
}
if err := json.Unmarshal(body, &result); err != nil {
return "", fmt.Errorf("decode branch: %w", err)
}
return result.Commit.ID, nil
}
func (g *GitLabProvider) ListTree(ctx context.Context, owner, repo, branch string) ([]FolderEntry, error) {
var allEntries []FolderEntry
page := 1
for {
apiURL := fmt.Sprintf("%s/projects/%s/repository/tree?ref=%s&recursive=true&per_page=100&page=%d",
g.apiBase, projectPath(owner, repo), url.QueryEscape(branch), page)
body, err := g.doGet(ctx, apiURL)
if err != nil {
return nil, fmt.Errorf("list tree: %w", err)
}
var entries []struct {
Path string `json:"path"`
Type string `json:"type"` // "blob" or "tree"
}
if err := json.Unmarshal(body, &entries); err != nil {
return nil, fmt.Errorf("decode tree: %w", err)
}
for _, e := range entries {
allEntries = append(allEntries, FolderEntry{
Path: e.Path,
IsDir: e.Type == "tree",
})
}
if len(entries) < 100 {
break
}
page++
}
return allEntries, nil
}
func (g *GitLabProvider) DownloadFolder(ctx context.Context, owner, repo, branch, folderPath, destDir string) error {
entries, err := g.ListTree(ctx, owner, repo, branch)
if err != nil {
return fmt.Errorf("list tree: %w", err)
}
folderPath = strings.TrimPrefix(folderPath, "/")
folderPath = strings.TrimSuffix(folderPath, "/")
prefix := folderPath + "/"
for _, entry := range entries {
if entry.IsDir {
continue
}
if !strings.HasPrefix(entry.Path, prefix) {
continue
}
relativePath := strings.TrimPrefix(entry.Path, prefix)
localPath := filepath.Join(destDir, filepath.FromSlash(relativePath))
// Path-traversal defense: reject tree entries whose resolved
// path escapes destDir (e.g. `../etc/passwd` smuggled through
// a hostile self-hosted GitLab).
cleanDest := filepath.Clean(destDir)
if cleanRel := filepath.Clean(localPath); cleanRel != cleanDest &&
!strings.HasPrefix(cleanRel, cleanDest+string(os.PathSeparator)) {
return fmt.Errorf("rejecting tree entry outside dest: %s", relativePath)
}
// GitLab raw file URL: {base}/{owner}/{repo}/-/raw/{branch}/{path}
// Each segment is path-escaped to match projectPath()'s shape and
// to refuse traversal sequences supplied via the request.
fileURL := fmt.Sprintf("%s/%s/%s/-/raw/%s/%s",
g.rawBase,
url.PathEscape(owner),
url.PathEscape(repo),
url.PathEscape(branch),
entry.Path)
if err := downloadFileHTTP(ctx, g.httpClient, fileURL, localPath, g.setAuth); err != nil {
return fmt.Errorf("download %s: %w", relativePath, err)
}
}
return nil
}
func (g *GitLabProvider) doGet(ctx context.Context, apiURL string) ([]byte, error) {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, apiURL, nil)
if err != nil {
return nil, fmt.Errorf("create request: %w", err)
}
g.setAuth(req)
req.Header.Set("Accept", "application/json")
resp, err := g.httpClient.Do(req)
if err != nil {
return nil, fmt.Errorf("execute request: %w", err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("read response: %w", err)
}
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("unexpected status %d: %s", resp.StatusCode, string(body))
}
return body, nil
}
func (g *GitLabProvider) setAuth(req *http.Request) {
if g.token != "" {
req.Header.Set("PRIVATE-TOKEN", g.token)
}
}
Reference in New Issue View Git Blame Copy Permalink