alexei.dolgolyov
ea55d31177
Build / build (push) Successful in 10m43s
Two-stage feature arc closing the gaps left by the hard legacy cutover.
The static-site creation wizard regains its auto-discovery + connection-test
flow; /apps/[id] grows the runtime/storage/lifecycle surface the legacy
/sites/[id] page used to expose.
Backend (Go)
- internal/api/discovery.go: six admin-gated endpoints wrapping
staticsite.GitProvider — POST /api/discovery/git/{detect-provider,
test-connection,repos,branches,tree} + GET /api/discovery/image/conflicts.
Identifier validation (validateGitIdent / validateGitBranch) at the
boundary so provider URL interpolation cannot be hijacked via `..`.
Upstream errors scrubbed: detailed slog on the server, generic 502 to
the client (mitigates token-reflection-in-error-page).
- internal/api/workload_runtime.go: four endpoints —
GET /api/workloads/{id}/runtime-state decodes containers.extra_json for
static workloads; GET /api/workloads/{id}/storage execs `du -sb /app/data`
with a 30s in-process cache (storageProbeCache) so polling can't turn
into per-request execs; POST /api/workloads/{id}/{stop,start} iterate
ListContainersByWorkload and call docker.StopContainer / StartContainer,
returning 200 / 409 (nothing to act on) / 502 (all failed).
- internal/staticsite/safehttp.go: NewSafeHTTPClient + ValidateBaseURL +
blockReason. DialContext re-resolves hostnames and refuses loopback /
link-local / multicast / unspecified addresses. RFC1918 + ULA explicitly
allowed (self-hosted Gitea on LAN is the dominant deployment).
Replaced four raw &http.Client{} constructions in the provider files.
- internal/staticsite/gitlab_provider.go: url.PathEscape each segment in
the raw-file URL builder for parity with projectPath().
- Test coverage: 26 cases in discovery_test.go (image-tag stripping,
source-config decoding, conflict scenarios, validator boundaries,
scheme rejection), 14 in workload_runtime_test.go (404 / 409 / nil-docker
/ probe-cache), 16 in safehttp_test.go (URL validation + block-reason
policy matrix + live dial against loopback + AWS metadata literals).
Frontend (Svelte 5 + runes)
- web/src/lib/api.ts: typed wrappers for every endpoint, AbortSignal
threaded through post(); ApiError exported so callers can narrow on
e.status; new DetectedGitProvider narrow union.
- web/src/routes/apps/new/+page.svelte: static-form discovery controls
(auto-detect provider, test connection, repo / branch / folder
EntityPickers, Deno auto-detect); image-form conflict panel with
debounced lookup + double-click submit guard ("Forge anyway") + Inspect
button that pre-fills port/healthcheck; English error fallbacks routed
through apps.new.errors.* (en + ru).
- web/src/routes/apps/[id]/+page.svelte: runtime-state panel + storage
panel + Stop / Start / Open-site toolbar; universal live-state badge
in the hero lede for image/compose/static (RUNNING / TRANSITIONING /
STOPPED / NOT DEPLOYED / MIXED · n/m RUNNING); ContainerStats panel
per row (auto-collapsing native <details> when N > 2); read-only
webhook bindings summary card; responsive toolbar overflow with native
<details> at <640px (z-index 100 above sticky nav).
- web/src/app.css: project-wide .forge-btn-ghost:focus-visible outline.
Hardening from go-reviewer + security-reviewer + typescript-reviewer +
frontend-design UI/UX subagents (0 CRITICAL, all HIGH/BLOCKER addressed
inline, IMPORTANT applied before commit):
- AbortController + per-call sequence tokens on every long-running
fetch (loadRuntimeState / loadStorage / loadTriggerMeta / inspectImage /
listImageConflicts) plus onDestroy cleanup so late resolves cannot
mutate dead component state.
- doStop / doStart snapshot and restore `error` across the finally-block
reload so a load()-cleared message doesn't hide a real failure.
- triggersById refreshed after inline trigger creation so the webhook
card doesn't silently exclude the just-created trigger.
- Live-state badge wraps in role=status / aria-live=polite (no redundant
aria-label).
- Webhook row has a single click target (was two pointing at the same URL).
- Empty webhook section hides entirely.
- Dropped role=menu / role=menuitem from the overflow menu (they would
promise arrow-key nav we don't wire; native Tab + ESC carry it).
Doc
- docs/CODEMAPS/INDEX.md + new docs/CODEMAPS/discovery-and-runtime.md
map the endpoint surface, security posture, frontend integration
patterns, and an "add a new probe" recipe.
Verification
- svelte-check: 0 errors, 3 pre-existing a11y warnings.
- go build + go vet + go test ./...: all green.
- i18n parity: en + ru at 1413 keys each.
- Live smoke against :8090: 404 / 409 / 502 envelopes correct, discovery
sanity passes, ProbeError surfaces on no-container path.
174 lines
5.3 KiB
Go
174 lines
5.3 KiB
Go
package staticsite
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
// RepoInfo represents a repository returned by the provider's list/search API.
|
|
type RepoInfo struct {
|
|
Owner string `json:"owner"`
|
|
Name string `json:"name"`
|
|
FullName string `json:"full_name"` // "owner/name"
|
|
Description string `json:"description"`
|
|
Private bool `json:"private"`
|
|
HTMLURL string `json:"html_url"`
|
|
}
|
|
|
|
// GitProvider abstracts Git hosting API operations.
|
|
// Implementations exist for Gitea/Forgejo/Gogs, GitHub, and GitLab.
|
|
type GitProvider interface {
|
|
// Name returns the provider identifier (e.g., "gitea", "github", "gitlab").
|
|
Name() string
|
|
|
|
// TestConnection verifies that the repository is accessible.
|
|
TestConnection(ctx context.Context, owner, repo string) error
|
|
|
|
// ListRepos returns repositories accessible with the current token.
|
|
// If query is non-empty, results are filtered by name.
|
|
ListRepos(ctx context.Context, query string) ([]RepoInfo, error)
|
|
|
|
// ListBranches returns all branch names for a repository.
|
|
ListBranches(ctx context.Context, owner, repo string) ([]string, error)
|
|
|
|
// GetLatestCommitSHA returns the latest commit SHA for a branch.
|
|
GetLatestCommitSHA(ctx context.Context, owner, repo, branch string) (string, error)
|
|
|
|
// ListTree returns the full directory tree for a branch.
|
|
ListTree(ctx context.Context, owner, repo, branch string) ([]FolderEntry, error)
|
|
|
|
// DownloadFolder downloads all files from a folder path to a local directory.
|
|
DownloadFolder(ctx context.Context, owner, repo, branch, folderPath, destDir string) error
|
|
}
|
|
|
|
// ProviderType identifies a Git hosting provider.
|
|
type ProviderType string
|
|
|
|
const (
|
|
ProviderGitea ProviderType = "gitea" // Also works for Forgejo and Gogs.
|
|
ProviderGitHub ProviderType = "github"
|
|
ProviderGitLab ProviderType = "gitlab"
|
|
)
|
|
|
|
// ValidProviderTypes lists all supported provider types.
|
|
var ValidProviderTypes = []ProviderType{ProviderGitea, ProviderGitHub, ProviderGitLab}
|
|
|
|
// NewGitProvider creates a GitProvider for the given type.
|
|
// If providerType is empty, it attempts autodetection from the baseURL.
|
|
func NewGitProvider(providerType ProviderType, baseURL, token string) (GitProvider, error) {
|
|
if providerType == "" {
|
|
providerType = DetectProvider(baseURL)
|
|
}
|
|
|
|
switch providerType {
|
|
case ProviderGitea:
|
|
return NewGiteaContentFetcher(baseURL, token), nil
|
|
case ProviderGitHub:
|
|
return NewGitHubProvider(baseURL, token), nil
|
|
case ProviderGitLab:
|
|
return NewGitLabProvider(baseURL, token), nil
|
|
default:
|
|
return nil, fmt.Errorf("unsupported git provider: %s", providerType)
|
|
}
|
|
}
|
|
|
|
// DetectProvider guesses the provider type from a base URL.
|
|
func DetectProvider(baseURL string) ProviderType {
|
|
lower := strings.ToLower(baseURL)
|
|
switch {
|
|
case strings.Contains(lower, "github.com"):
|
|
return ProviderGitHub
|
|
case strings.Contains(lower, "gitlab.com"):
|
|
return ProviderGitLab
|
|
default:
|
|
// Default to Gitea for self-hosted instances (Gitea/Forgejo/Gogs all share the same API).
|
|
return ProviderGitea
|
|
}
|
|
}
|
|
|
|
// DetectProviderWithProbe tries to autodetect the provider by probing known API endpoints.
|
|
// Falls back to URL-based detection if probing fails.
|
|
func DetectProviderWithProbe(ctx context.Context, baseURL string) ProviderType {
|
|
// First try URL-based detection for well-known hosts.
|
|
urlBased := DetectProvider(baseURL)
|
|
if urlBased == ProviderGitHub || urlBased == ProviderGitLab {
|
|
return urlBased
|
|
}
|
|
|
|
// For unknown hosts, probe for Gitea/GitLab API signatures using the
|
|
// SSRF-safe client so a probe URL cannot be used to reach loopback
|
|
// or cloud-metadata addresses.
|
|
client := NewSafeHTTPClient(5 * time.Second)
|
|
base := strings.TrimRight(baseURL, "/")
|
|
|
|
// Try Gitea/Forgejo API.
|
|
if resp, err := httpGet(ctx, client, base+"/api/v1/version"); err == nil && resp == http.StatusOK {
|
|
return ProviderGitea
|
|
}
|
|
|
|
// Try GitLab API.
|
|
if resp, err := httpGet(ctx, client, base+"/api/v4/version"); err == nil && resp == http.StatusOK {
|
|
return ProviderGitLab
|
|
}
|
|
|
|
// Default to Gitea.
|
|
return ProviderGitea
|
|
}
|
|
|
|
// httpGet performs a simple GET and returns the status code.
|
|
func httpGet(ctx context.Context, client *http.Client, url string) (int, error) {
|
|
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
resp.Body.Close()
|
|
return resp.StatusCode, nil
|
|
}
|
|
|
|
// downloadFileHTTP is a shared helper for downloading a file from a URL.
|
|
func downloadFileHTTP(ctx context.Context, client *http.Client, url, localPath string, authHeader func(r *http.Request)) error {
|
|
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
|
|
if err != nil {
|
|
return fmt.Errorf("create request: %w", err)
|
|
}
|
|
if authHeader != nil {
|
|
authHeader(req)
|
|
}
|
|
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
return fmt.Errorf("execute request: %w", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != http.StatusOK {
|
|
return fmt.Errorf("unexpected status %d for %s", resp.StatusCode, url)
|
|
}
|
|
|
|
if err := os.MkdirAll(filepath.Dir(localPath), 0o755); err != nil {
|
|
return fmt.Errorf("create directory: %w", err)
|
|
}
|
|
|
|
file, err := os.Create(localPath)
|
|
if err != nil {
|
|
return fmt.Errorf("create file: %w", err)
|
|
}
|
|
defer file.Close()
|
|
|
|
if _, err := io.Copy(file, resp.Body); err != nil {
|
|
return fmt.Errorf("write file: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|