web: Separate HTTP error pages into its own package
// SPDX-License-Identifier: AGPL-3.0-only
// SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org>
package forge
import (
"net/http"
)
func errorPage404(w http.ResponseWriter, params map[string]any) {
w.WriteHeader(http.StatusNotFound)
_ = templates.ExecuteTemplate(w, "404", params)
}
func errorPage400(w http.ResponseWriter, params map[string]any, msg string) {
w.WriteHeader(http.StatusBadRequest)
params["complete_error_msg"] = msg
_ = templates.ExecuteTemplate(w, "400", params)
}
func errorPage400Colon(w http.ResponseWriter, params map[string]any) {
w.WriteHeader(http.StatusBadRequest)
_ = templates.ExecuteTemplate(w, "400_colon", params)
}
func errorPage403(w http.ResponseWriter, params map[string]any, msg string) {
w.WriteHeader(http.StatusForbidden)
params["complete_error_msg"] = msg
_ = templates.ExecuteTemplate(w, "403", params)
}
func errorPage451(w http.ResponseWriter, params map[string]any, msg string) {
w.WriteHeader(http.StatusUnavailableForLegalReasons)
params["complete_error_msg"] = msg
_ = templates.ExecuteTemplate(w, "451", params)
}
func errorPage500(w http.ResponseWriter, params map[string]any, msg string) {
w.WriteHeader(http.StatusInternalServerError)
params["complete_error_msg"] = msg
_ = templates.ExecuteTemplate(w, "500", params)
}
func errorPage501(w http.ResponseWriter, params map[string]any) {
w.WriteHeader(http.StatusNotImplemented)
_ = templates.ExecuteTemplate(w, "501", params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "errors" "net/http" "path/filepath" "strconv" "github.com/jackc/pgx/v5" "github.com/jackc/pgx/v5/pgtype" "go.lindenii.runxiyu.org/forge/internal/misc"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// httpHandleGroupIndex provides index pages for groups, which includes a list
// of its subgroups and repos, as well as a form for group maintainers to
// create repos.
func (s *Server) httpHandleGroupIndex(writer http.ResponseWriter, request *http.Request, params map[string]any) {
var groupPath []string
var repos []nameDesc
var subgroups []nameDesc
var err error
var groupID int
var groupDesc string
groupPath = params["group_path"].([]string)
// The group itself
err = s.database.QueryRow(request.Context(), `
WITH RECURSIVE group_path_cte AS (
SELECT
id,
parent_group,
name,
1 AS depth
FROM groups
WHERE name = ($1::text[])[1]
AND parent_group IS NULL
UNION ALL
SELECT
g.id,
g.parent_group,
g.name,
group_path_cte.depth + 1
FROM groups g
JOIN group_path_cte ON g.parent_group = group_path_cte.id
WHERE g.name = ($1::text[])[group_path_cte.depth + 1]
AND group_path_cte.depth + 1 <= cardinality($1::text[])
)
SELECT c.id, COALESCE(g.description, '')
FROM group_path_cte c
JOIN groups g ON g.id = c.id
WHERE c.depth = cardinality($1::text[])
`,
pgtype.FlatArray[string](groupPath),
).Scan(&groupID, &groupDesc)
if errors.Is(err, pgx.ErrNoRows) {
errorPage404(writer, params)
web.ErrorPage404(templates, writer, params)
return
} else if err != nil {
errorPage500(writer, params, "Error getting group: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting group: "+err.Error())
return
}
// ACL
var count int
err = s.database.QueryRow(request.Context(), `
SELECT COUNT(*)
FROM user_group_roles
WHERE user_id = $1
AND group_id = $2
`, params["user_id"].(int), groupID).Scan(&count)
if err != nil {
errorPage500(writer, params, "Error checking access: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error checking access: "+err.Error())
return
}
directAccess := (count > 0)
if request.Method == http.MethodPost {
if !directAccess {
errorPage403(writer, params, "You do not have direct access to this group")
web.ErrorPage403(templates, writer, params, "You do not have direct access to this group")
return
}
repoName := request.FormValue("repo_name")
repoDesc := request.FormValue("repo_desc")
contribReq := request.FormValue("repo_contrib")
if repoName == "" {
errorPage400(writer, params, "Repo name is required")
web.ErrorPage400(templates, writer, params, "Repo name is required")
return
}
var newRepoID int
err := s.database.QueryRow(
request.Context(),
`INSERT INTO repos (name, description, group_id, contrib_requirements)
VALUES ($1, $2, $3, $4)
RETURNING id`,
repoName,
repoDesc,
groupID,
contribReq,
).Scan(&newRepoID)
if err != nil {
errorPage500(writer, params, "Error creating repo: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error creating repo: "+err.Error())
return
}
filePath := filepath.Join(s.config.Git.RepoDir, strconv.Itoa(newRepoID)+".git")
_, err = s.database.Exec(
request.Context(),
`UPDATE repos
SET filesystem_path = $1
WHERE id = $2`,
filePath,
newRepoID,
)
if err != nil {
errorPage500(writer, params, "Error updating repo path: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error updating repo path: "+err.Error())
return
}
if err = s.gitInit(filePath); err != nil {
errorPage500(writer, params, "Error initializing repo: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error initializing repo: "+err.Error())
return
}
misc.RedirectUnconditionally(writer, request)
return
}
// Repos
var rows pgx.Rows
rows, err = s.database.Query(request.Context(), `
SELECT name, COALESCE(description, '')
FROM repos
WHERE group_id = $1
`, groupID)
if err != nil {
errorPage500(writer, params, "Error getting repos: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting repos: "+err.Error())
return
}
defer rows.Close()
for rows.Next() {
var name, description string
if err = rows.Scan(&name, &description); err != nil {
errorPage500(writer, params, "Error getting repos: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting repos: "+err.Error())
return
}
repos = append(repos, nameDesc{name, description})
}
if err = rows.Err(); err != nil {
errorPage500(writer, params, "Error getting repos: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting repos: "+err.Error())
return
}
// Subgroups
rows, err = s.database.Query(request.Context(), `
SELECT name, COALESCE(description, '')
FROM groups
WHERE parent_group = $1
`, groupID)
if err != nil {
errorPage500(writer, params, "Error getting subgroups: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting subgroups: "+err.Error())
return
}
defer rows.Close()
for rows.Next() {
var name, description string
if err = rows.Scan(&name, &description); err != nil {
errorPage500(writer, params, "Error getting subgroups: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting subgroups: "+err.Error())
return
}
subgroups = append(subgroups, nameDesc{name, description})
}
if err = rows.Err(); err != nil {
errorPage500(writer, params, "Error getting subgroups: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting subgroups: "+err.Error())
return } params["repos"] = repos params["subgroups"] = subgroups params["description"] = groupDesc params["direct_access"] = directAccess renderTemplate(writer, "group", params) }
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "net/http" "runtime" "github.com/dustin/go-humanize"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// httpHandleIndex provides the main index page which includes a list of groups
// and some global information such as SSH keys.
func (s *Server) httpHandleIndex(writer http.ResponseWriter, request *http.Request, params map[string]any) {
var err error
var groups []nameDesc
groups, err = s.queryNameDesc(request.Context(), "SELECT name, COALESCE(description, '') FROM groups WHERE parent_group IS NULL")
if err != nil {
errorPage500(writer, params, "Error querying groups: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error querying groups: "+err.Error())
return
}
params["groups"] = groups
// Memory currently allocated
memstats := runtime.MemStats{} //exhaustruct:ignore
runtime.ReadMemStats(&memstats)
params["mem"] = humanize.IBytes(memstats.Alloc)
renderTemplate(writer, "index", params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "crypto/rand" "encoding/base64" "errors" "fmt" "net/http" "time" "github.com/alexedwards/argon2id" "github.com/jackc/pgx/v5"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// httpHandleLogin provides the login page for local users.
func (s *Server) httpHandleLogin(writer http.ResponseWriter, request *http.Request, params map[string]any) {
var username, password string
var userID int
var passwordHash string
var err error
var passwordMatches bool
var cookieValue string
var now time.Time
var expiry time.Time
var cookie http.Cookie
if request.Method != http.MethodPost {
renderTemplate(writer, "login", params)
return
}
username = request.PostFormValue("username")
password = request.PostFormValue("password")
err = s.database.QueryRow(request.Context(),
"SELECT id, COALESCE(password, '') FROM users WHERE username = $1",
username,
).Scan(&userID, &passwordHash)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
params["login_error"] = "Unknown username"
renderTemplate(writer, "login", params)
return
}
errorPage500(writer, params, "Error querying user information: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error querying user information: "+err.Error())
return
}
if passwordHash == "" {
params["login_error"] = "User has no password"
renderTemplate(writer, "login", params)
return
}
if passwordMatches, err = argon2id.ComparePasswordAndHash(password, passwordHash); err != nil {
errorPage500(writer, params, "Error comparing password and hash: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error comparing password and hash: "+err.Error())
return
}
if !passwordMatches {
params["login_error"] = "Invalid password"
renderTemplate(writer, "login", params)
return
}
if cookieValue, err = randomUrlsafeStr(16); err != nil {
errorPage500(writer, params, "Error getting random string: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting random string: "+err.Error())
return
}
now = time.Now()
expiry = now.Add(time.Duration(s.config.HTTP.CookieExpiry) * time.Second)
cookie = http.Cookie{
Name: "session",
Value: cookieValue,
SameSite: http.SameSiteLaxMode,
HttpOnly: true,
Secure: false, // TODO
Expires: expiry,
Path: "/",
} //exhaustruct:ignore
http.SetCookie(writer, &cookie)
_, err = s.database.Exec(request.Context(), "INSERT INTO sessions (user_id, session_id) VALUES ($1, $2)", userID, cookieValue)
if err != nil {
errorPage500(writer, params, "Error inserting session: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error inserting session: "+err.Error())
return
}
http.Redirect(writer, request, "/", http.StatusSeeOther)
}
// randomUrlsafeStr generates a random string of the given entropic size
// using the URL-safe base64 encoding. The actual size of the string returned
// will be 4*sz.
func randomUrlsafeStr(sz int) (string, error) {
r := make([]byte, 3*sz)
_, err := rand.Read(r)
if err != nil {
return "", fmt.Errorf("error generating random string: %w", err)
}
return base64.RawURLEncoding.EncodeToString(r), nil
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "fmt" "net/http" "strings" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/filemode" "github.com/go-git/go-git/v5/plumbing/format/diff" "github.com/go-git/go-git/v5/plumbing/object" "go.lindenii.runxiyu.org/forge/internal/misc"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// usableFilePatch is a [diff.FilePatch] that is structured in a way more
// friendly for use in HTML templates.
type usableFilePatch struct {
From diff.File
To diff.File
Chunks []usableChunk
}
// usableChunk is a [diff.Chunk] that is structured in a way more friendly for
// use in HTML templates.
type usableChunk struct {
Operation diff.Operation
Content string
}
func httpHandleRepoCommit(writer http.ResponseWriter, request *http.Request, params map[string]any) {
var repo *git.Repository
var commitIDStrSpec, commitIDStrSpecNoSuffix string
var commitID plumbing.Hash
var parentCommitHash plumbing.Hash
var commitObj *object.Commit
var commitIDStr string
var err error
var patch *object.Patch
repo, commitIDStrSpec = params["repo"].(*git.Repository), params["commit_id"].(string)
commitIDStrSpecNoSuffix = strings.TrimSuffix(commitIDStrSpec, ".patch")
commitID = plumbing.NewHash(commitIDStrSpecNoSuffix)
if commitObj, err = repo.CommitObject(commitID); err != nil {
errorPage500(writer, params, "Error getting commit object: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting commit object: "+err.Error())
return
}
if commitIDStrSpecNoSuffix != commitIDStrSpec {
var patchStr string
if patchStr, err = fmtCommitPatch(commitObj); err != nil {
errorPage500(writer, params, "Error formatting patch: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error formatting patch: "+err.Error())
return
}
fmt.Fprintln(writer, patchStr)
return
}
commitIDStr = commitObj.Hash.String()
if commitIDStr != commitIDStrSpec {
http.Redirect(writer, request, commitIDStr, http.StatusSeeOther)
return
}
params["commit_object"] = commitObj
params["commit_id"] = commitIDStr
parentCommitHash, patch, err = commitToPatch(commitObj)
if err != nil {
errorPage500(writer, params, "Error getting patch from commit: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting patch from commit: "+err.Error())
return
}
params["parent_commit_hash"] = parentCommitHash.String()
params["patch"] = patch
params["file_patches"] = makeUsableFilePatches(patch)
renderTemplate(writer, "repo_commit", params)
}
type fakeDiffFile struct {
hash plumbing.Hash
mode filemode.FileMode
path string
}
func (f fakeDiffFile) Hash() plumbing.Hash {
return f.hash
}
func (f fakeDiffFile) Mode() filemode.FileMode {
return f.mode
}
func (f fakeDiffFile) Path() string {
return f.path
}
var nullFakeDiffFile = fakeDiffFile{ //nolint:gochecknoglobals
hash: plumbing.NewHash("0000000000000000000000000000000000000000"),
mode: misc.FirstOrPanic(filemode.New("100644")),
path: "",
}
func makeUsableFilePatches(patch diff.Patch) (usableFilePatches []usableFilePatch) {
// TODO: Remove unnecessary context
// TODO: Prepend "+"/"-"/" " instead of solely distinguishing based on color
for _, filePatch := range patch.FilePatches() {
var fromFile, toFile diff.File
var ufp usableFilePatch
chunks := []usableChunk{}
fromFile, toFile = filePatch.Files()
if fromFile == nil {
fromFile = nullFakeDiffFile
}
if toFile == nil {
toFile = nullFakeDiffFile
}
for _, chunk := range filePatch.Chunks() {
var content string
content = chunk.Content()
if len(content) > 0 && content[0] == '\n' {
content = "\n" + content
} // Horrible hack to fix how browsers newlines that immediately proceed <pre>
chunks = append(chunks, usableChunk{
Operation: chunk.Type(),
Content: content,
})
}
ufp = usableFilePatch{
Chunks: chunks,
From: fromFile,
To: toFile,
}
usableFilePatches = append(usableFilePatches, ufp)
}
return
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "net/http" "github.com/jackc/pgx/v5"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// idTitleStatus describes properties of a merge request that needs to be
// present in MR listings.
type idTitleStatus struct {
ID int
Title string
Status string
}
// httpHandleRepoContribIndex provides an index to merge requests of a repo.
func (s *Server) httpHandleRepoContribIndex(writer http.ResponseWriter, request *http.Request, params map[string]any) {
var rows pgx.Rows
var result []idTitleStatus
var err error
if rows, err = s.database.Query(request.Context(),
"SELECT repo_local_id, COALESCE(title, 'Untitled'), status FROM merge_requests WHERE repo_id = $1",
params["repo_id"],
); err != nil {
errorPage500(writer, params, "Error querying merge requests: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error querying merge requests: "+err.Error())
return
}
defer rows.Close()
for rows.Next() {
var mrID int
var mrTitle, mrStatus string
if err = rows.Scan(&mrID, &mrTitle, &mrStatus); err != nil {
errorPage500(writer, params, "Error scanning merge request: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error scanning merge request: "+err.Error())
return
}
result = append(result, idTitleStatus{mrID, mrTitle, mrStatus})
}
if err = rows.Err(); err != nil {
errorPage500(writer, params, "Error ranging over merge requests: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error ranging over merge requests: "+err.Error())
return } params["merge_requests"] = result renderTemplate(writer, "repo_contrib_index", params) }
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "net/http" "strconv" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// httpHandleRepoContribOne provides an interface to each merge request of a
// repo.
func (s *Server) httpHandleRepoContribOne(writer http.ResponseWriter, request *http.Request, params map[string]any) {
var mrIDStr string
var mrIDInt int
var err error
var title, status, srcRefStr, dstBranchStr string
var repo *git.Repository
var srcRefHash plumbing.Hash
var dstBranchHash plumbing.Hash
var srcCommit, dstCommit, mergeBaseCommit *object.Commit
var mergeBases []*object.Commit
mrIDStr = params["mr_id"].(string)
mrIDInt64, err := strconv.ParseInt(mrIDStr, 10, strconv.IntSize)
if err != nil {
errorPage400(writer, params, "Merge request ID not an integer")
web.ErrorPage400(templates, writer, params, "Merge request ID not an integer")
return
}
mrIDInt = int(mrIDInt64)
if err = s.database.QueryRow(request.Context(),
"SELECT COALESCE(title, ''), status, source_ref, COALESCE(destination_branch, '') FROM merge_requests WHERE repo_id = $1 AND repo_local_id = $2",
params["repo_id"], mrIDInt,
).Scan(&title, &status, &srcRefStr, &dstBranchStr); err != nil {
errorPage500(writer, params, "Error querying merge request: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error querying merge request: "+err.Error())
return
}
repo = params["repo"].(*git.Repository)
if srcRefHash, err = getRefHash(repo, "branch", srcRefStr); err != nil {
errorPage500(writer, params, "Error getting source ref hash: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting source ref hash: "+err.Error())
return
}
if srcCommit, err = repo.CommitObject(srcRefHash); err != nil {
errorPage500(writer, params, "Error getting source commit: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting source commit: "+err.Error())
return
}
params["source_commit"] = srcCommit
if dstBranchStr == "" {
dstBranchStr = "HEAD"
dstBranchHash, err = getRefHash(repo, "", "")
} else {
dstBranchHash, err = getRefHash(repo, "branch", dstBranchStr)
}
if err != nil {
errorPage500(writer, params, "Error getting destination branch hash: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting destination branch hash: "+err.Error())
return
}
if dstCommit, err = repo.CommitObject(dstBranchHash); err != nil {
errorPage500(writer, params, "Error getting destination commit: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting destination commit: "+err.Error())
return
}
params["destination_commit"] = dstCommit
if mergeBases, err = srcCommit.MergeBase(dstCommit); err != nil {
errorPage500(writer, params, "Error getting merge base: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting merge base: "+err.Error())
return
}
if len(mergeBases) < 1 {
errorPage500(writer, params, "No merge base found for this merge request; these two branches do not share any common history")
web.ErrorPage500(templates, writer, params, "No merge base found for this merge request; these two branches do not share any common history")
// TODO
return
}
mergeBaseCommit = mergeBases[0]
params["merge_base"] = mergeBaseCommit
patch, err := mergeBaseCommit.Patch(srcCommit)
if err != nil {
errorPage500(writer, params, "Error getting patch: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting patch: "+err.Error())
return } params["file_patches"] = makeUsableFilePatches(patch) params["mr_title"], params["mr_status"], params["mr_source_ref"], params["mr_destination_branch"] = title, status, srcRefStr, dstBranchStr renderTemplate(writer, "repo_contrib_one", params) }
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "net/http" "go.lindenii.runxiyu.org/forge/internal/git2c" "go.lindenii.runxiyu.org/forge/internal/render"
"go.lindenii.runxiyu.org/forge/internal/web"
)
type commitDisplay struct {
Hash string
Author string
Email string
Date string
Message string
}
// httpHandleRepoIndex provides the front page of a repo using git2d.
func (s *Server) httpHandleRepoIndex(w http.ResponseWriter, req *http.Request, params map[string]any) {
repoName := params["repo_name"].(string)
groupPath := params["group_path"].([]string)
_, repoPath, _, _, _, _, _ := s.getRepoInfo(req.Context(), groupPath, repoName, "") // TODO: Don't use getRepoInfo
client, err := git2c.NewClient(s.config.Git.Socket)
if err != nil {
errorPage500(w, params, err.Error())
web.ErrorPage500(templates, w, params, err.Error())
return
}
defer client.Close()
commits, readme, err := client.Cmd1(repoPath)
if err != nil {
errorPage500(w, params, err.Error())
web.ErrorPage500(templates, w, params, err.Error())
return } params["commits"] = commits params["readme_filename"] = readme.Filename _, params["readme"] = render.Readme(readme.Content, readme.Filename) renderTemplate(w, "repo_index", params) // TODO: Caching }
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "net/http" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// httpHandleRepoLog provides a page with a complete Git log.
//
// TODO: This currently provides all commits in the branch. It should be
// paginated and cached instead.
func httpHandleRepoLog(writer http.ResponseWriter, _ *http.Request, params map[string]any) {
var repo *git.Repository
var refHash plumbing.Hash
var err error
repo = params["repo"].(*git.Repository)
if refHash, err = getRefHash(repo, params["ref_type"].(string), params["ref_name"].(string)); err != nil {
errorPage500(writer, params, "Error getting ref hash: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting ref hash: "+err.Error())
return
}
logOptions := git.LogOptions{From: refHash} //exhaustruct:ignore
commitIter, err := repo.Log(&logOptions)
if err != nil {
errorPage500(writer, params, "Error getting recent commits: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting recent commits: "+err.Error())
return } params["commits"], params["commits_err"] = commitIterSeqErr(commitIter) renderTemplate(writer, "repo_log", params) }
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "fmt" "html/template" "net/http" "strings" "go.lindenii.runxiyu.org/forge/internal/git2c" "go.lindenii.runxiyu.org/forge/internal/misc"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// httpHandleRepoRaw serves raw files, or directory listings that point to raw
// files.
func (s *Server) httpHandleRepoRaw(writer http.ResponseWriter, request *http.Request, params map[string]any) {
repoName := params["repo_name"].(string)
groupPath := params["group_path"].([]string)
rawPathSpec := params["rest"].(string)
pathSpec := strings.TrimSuffix(rawPathSpec, "/")
params["path_spec"] = pathSpec
_, repoPath, _, _, _, _, _ := s.getRepoInfo(request.Context(), groupPath, repoName, "")
client, err := git2c.NewClient(s.config.Git.Socket)
if err != nil {
errorPage500(writer, params, err.Error())
web.ErrorPage500(templates, writer, params, err.Error())
return
}
defer client.Close()
files, content, err := client.Cmd2(repoPath, pathSpec)
if err != nil {
errorPage500(writer, params, err.Error())
web.ErrorPage500(templates, writer, params, err.Error())
return
}
switch {
case files != nil:
params["files"] = files
params["readme_filename"] = "README.md"
params["readme"] = template.HTML("<p>README rendering here is WIP again</p>") // TODO
renderTemplate(writer, "repo_raw_dir", params)
case content != "":
if misc.RedirectNoDir(writer, request) {
return
}
writer.Header().Set("Content-Type", "application/octet-stream")
fmt.Fprint(writer, content)
default:
errorPage500(writer, params, "Unknown error fetching repo raw data")
web.ErrorPage500(templates, writer, params, "Unknown error fetching repo raw data")
} }
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "html/template" "net/http" "strings" "go.lindenii.runxiyu.org/forge/internal/git2c" "go.lindenii.runxiyu.org/forge/internal/render"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// httpHandleRepoTree provides a friendly, syntax-highlighted view of
// individual files, and provides directory views that link to these files.
//
// TODO: Do not highlight files that are too large.
func (s *Server) httpHandleRepoTree(writer http.ResponseWriter, request *http.Request, params map[string]any) {
repoName := params["repo_name"].(string)
groupPath := params["group_path"].([]string)
rawPathSpec := params["rest"].(string)
pathSpec := strings.TrimSuffix(rawPathSpec, "/")
params["path_spec"] = pathSpec
_, repoPath, _, _, _, _, _ := s.getRepoInfo(request.Context(), groupPath, repoName, "")
client, err := git2c.NewClient(s.config.Git.Socket)
if err != nil {
errorPage500(writer, params, err.Error())
web.ErrorPage500(templates, writer, params, err.Error())
return
}
defer client.Close()
files, content, err := client.Cmd2(repoPath, pathSpec)
if err != nil {
errorPage500(writer, params, err.Error())
web.ErrorPage500(templates, writer, params, err.Error())
return
}
switch {
case files != nil:
params["files"] = files
params["readme_filename"] = "README.md"
params["readme"] = template.HTML("<p>README rendering here is WIP again</p>") // TODO
renderTemplate(writer, "repo_tree_dir", params)
case content != "":
rendered := render.Highlight(pathSpec, content)
params["file_contents"] = rendered
renderTemplate(writer, "repo_tree_file", params)
default:
errorPage500(writer, params, "Unknown object type, something is seriously wrong")
web.ErrorPage500(templates, writer, params, "Unknown object type, something is seriously wrong")
} }
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "net/http"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// httpHandleUsers is a useless stub.
func httpHandleUsers(writer http.ResponseWriter, _ *http.Request, params map[string]any) {
errorPage501(writer, params)
web.ErrorPage501(templates, writer, params)
}
// SPDX-License-Identifier: AGPL-3.0-only // SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org> package forge import ( "errors" "log/slog" "net/http" "net/url" "strconv" "strings" "github.com/jackc/pgx/v5" "go.lindenii.runxiyu.org/forge/internal/misc"
"go.lindenii.runxiyu.org/forge/internal/web"
)
// ServeHTTP handles all incoming HTTP requests and routes them to the correct
// location.
//
// TODO: This function is way too large.
func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
var remoteAddr string
if s.config.HTTP.ReverseProxy {
remoteAddrs, ok := request.Header["X-Forwarded-For"]
if ok && len(remoteAddrs) == 1 {
remoteAddr = remoteAddrs[0]
} else {
remoteAddr = request.RemoteAddr
}
} else {
remoteAddr = request.RemoteAddr
}
slog.Info("incoming http", "addr", remoteAddr, "method", request.Method, "uri", request.RequestURI)
var segments []string
var err error
var sepIndex int
params := make(map[string]any)
if segments, _, err = misc.ParseReqURI(request.RequestURI); err != nil {
errorPage400(writer, params, "Error parsing request URI: "+err.Error())
web.ErrorPage400(templates, writer, params, "Error parsing request URI: "+err.Error())
return
}
dirMode := false
if segments[len(segments)-1] == "" {
dirMode = true
segments = segments[:len(segments)-1]
}
params["url_segments"] = segments
params["dir_mode"] = dirMode
params["global"] = s.globalData
var userID int // 0 for none
userID, params["username"], err = s.getUserFromRequest(request)
params["user_id"] = userID
if err != nil && !errors.Is(err, http.ErrNoCookie) && !errors.Is(err, pgx.ErrNoRows) {
errorPage500(writer, params, "Error getting user info from request: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error getting user info from request: "+err.Error())
return
}
if userID == 0 {
params["user_id_string"] = ""
} else {
params["user_id_string"] = strconv.Itoa(userID)
}
for _, v := range segments {
if strings.Contains(v, ":") {
errorPage400Colon(writer, params)
web.ErrorPage400Colon(templates, writer, params)
return
}
}
if len(segments) == 0 {
s.httpHandleIndex(writer, request, params)
return
}
if segments[0] == "-" {
if len(segments) < 2 {
errorPage404(writer, params)
web.ErrorPage404(templates, writer, params)
return
} else if len(segments) == 2 && misc.RedirectDir(writer, request) {
return
}
switch segments[1] {
case "static":
s.staticHandler.ServeHTTP(writer, request)
return
case "source":
s.sourceHandler.ServeHTTP(writer, request)
return
}
}
if segments[0] == "-" {
switch segments[1] {
case "login":
s.httpHandleLogin(writer, request, params)
return
case "users":
httpHandleUsers(writer, request, params)
return
default:
errorPage404(writer, params)
web.ErrorPage404(templates, writer, params)
return
}
}
sepIndex = -1
for i, part := range segments {
if part == "-" {
sepIndex = i
break
}
}
params["separator_index"] = sepIndex
var groupPath []string
var moduleType string
var moduleName string
if sepIndex > 0 {
groupPath = segments[:sepIndex]
} else {
groupPath = segments
}
params["group_path"] = groupPath
switch {
case sepIndex == -1:
if misc.RedirectDir(writer, request) {
return
}
s.httpHandleGroupIndex(writer, request, params)
case len(segments) == sepIndex+1:
errorPage404(writer, params)
web.ErrorPage404(templates, writer, params)
return case len(segments) == sepIndex+2:
errorPage404(writer, params)
web.ErrorPage404(templates, writer, params)
return
default:
moduleType = segments[sepIndex+1]
moduleName = segments[sepIndex+2]
switch moduleType {
case "repos":
params["repo_name"] = moduleName
if len(segments) > sepIndex+3 {
switch segments[sepIndex+3] {
case "info":
if err = s.httpHandleRepoInfo(writer, request, params); err != nil {
errorPage500(writer, params, err.Error())
web.ErrorPage500(templates, writer, params, err.Error())
}
return
case "git-upload-pack":
if err = s.httpHandleUploadPack(writer, request, params); err != nil {
errorPage500(writer, params, err.Error())
web.ErrorPage500(templates, writer, params, err.Error())
}
return
}
}
if params["ref_type"], params["ref_name"], err = misc.GetParamRefTypeName(request); err != nil {
if errors.Is(err, misc.ErrNoRefSpec) {
params["ref_type"] = ""
} else {
errorPage400(writer, params, "Error querying ref type: "+err.Error())
web.ErrorPage400(templates, writer, params, "Error querying ref type: "+err.Error())
return
}
}
if params["repo"], params["repo_description"], params["repo_id"], _, err = s.openRepo(request.Context(), groupPath, moduleName); err != nil {
errorPage500(writer, params, "Error opening repo: "+err.Error())
web.ErrorPage500(templates, writer, params, "Error opening repo: "+err.Error())
return
}
repoURLRoot := "/"
for _, part := range segments[:sepIndex+3] {
repoURLRoot = repoURLRoot + url.PathEscape(part) + "/"
}
params["repo_url_root"] = repoURLRoot
params["repo_patch_mailing_list"] = repoURLRoot[1:len(repoURLRoot)-1] + "@" + s.config.LMTP.Domain
params["http_clone_url"] = s.genHTTPRemoteURL(groupPath, moduleName)
params["ssh_clone_url"] = s.genSSHRemoteURL(groupPath, moduleName)
if len(segments) == sepIndex+3 {
if misc.RedirectDir(writer, request) {
return
}
s.httpHandleRepoIndex(writer, request, params)
return
}
repoFeature := segments[sepIndex+3]
switch repoFeature {
case "tree":
if misc.AnyContain(segments[sepIndex+4:], "/") {
errorPage400(writer, params, "Repo tree paths may not contain slashes in any segments")
web.ErrorPage400(templates, writer, params, "Repo tree paths may not contain slashes in any segments")
return
}
if dirMode {
params["rest"] = strings.Join(segments[sepIndex+4:], "/") + "/"
} else {
params["rest"] = strings.Join(segments[sepIndex+4:], "/")
}
if len(segments) < sepIndex+5 && misc.RedirectDir(writer, request) {
return
}
s.httpHandleRepoTree(writer, request, params)
case "branches":
if misc.RedirectDir(writer, request) {
return
}
s.httpHandleRepoBranches(writer, request, params)
return
case "raw":
if misc.AnyContain(segments[sepIndex+4:], "/") {
errorPage400(writer, params, "Repo tree paths may not contain slashes in any segments")
web.ErrorPage400(templates, writer, params, "Repo tree paths may not contain slashes in any segments")
return
}
if dirMode {
params["rest"] = strings.Join(segments[sepIndex+4:], "/") + "/"
} else {
params["rest"] = strings.Join(segments[sepIndex+4:], "/")
}
if len(segments) < sepIndex+5 && misc.RedirectDir(writer, request) {
return
}
s.httpHandleRepoRaw(writer, request, params)
case "log":
if len(segments) > sepIndex+4 {
errorPage400(writer, params, "Too many parameters")
web.ErrorPage400(templates, writer, params, "Too many parameters")
return
}
if misc.RedirectDir(writer, request) {
return
}
httpHandleRepoLog(writer, request, params)
case "commit":
if len(segments) != sepIndex+5 {
errorPage400(writer, params, "Incorrect number of parameters")
web.ErrorPage400(templates, writer, params, "Incorrect number of parameters")
return
}
if misc.RedirectNoDir(writer, request) {
return
}
params["commit_id"] = segments[sepIndex+4]
httpHandleRepoCommit(writer, request, params)
case "contrib":
if misc.RedirectDir(writer, request) {
return
}
switch len(segments) {
case sepIndex + 4:
s.httpHandleRepoContribIndex(writer, request, params)
case sepIndex + 5:
params["mr_id"] = segments[sepIndex+4]
s.httpHandleRepoContribOne(writer, request, params)
default:
errorPage400(writer, params, "Too many parameters")
web.ErrorPage400(templates, writer, params, "Too many parameters")
} default:
errorPage404(writer, params)
web.ErrorPage404(templates, writer, params)
return } default:
errorPage404(writer, params)
web.ErrorPage404(templates, writer, params)
return } } }
// SPDX-License-Identifier: AGPL-3.0-only
// SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org>
package web
import (
"html/template"
"net/http"
)
func ErrorPage404(templates *template.Template, w http.ResponseWriter, params map[string]any) {
w.WriteHeader(http.StatusNotFound)
_ = templates.ExecuteTemplate(w, "404", params)
}
func ErrorPage400(templates *template.Template, w http.ResponseWriter, params map[string]any, msg string) {
w.WriteHeader(http.StatusBadRequest)
params["complete_error_msg"] = msg
_ = templates.ExecuteTemplate(w, "400", params)
}
func ErrorPage400Colon(templates *template.Template, w http.ResponseWriter, params map[string]any) {
w.WriteHeader(http.StatusBadRequest)
_ = templates.ExecuteTemplate(w, "400_colon", params)
}
func ErrorPage403(templates *template.Template, w http.ResponseWriter, params map[string]any, msg string) {
w.WriteHeader(http.StatusForbidden)
params["complete_error_msg"] = msg
_ = templates.ExecuteTemplate(w, "403", params)
}
func ErrorPage451(templates *template.Template, w http.ResponseWriter, params map[string]any, msg string) {
w.WriteHeader(http.StatusUnavailableForLegalReasons)
params["complete_error_msg"] = msg
_ = templates.ExecuteTemplate(w, "451", params)
}
func ErrorPage500(templates *template.Template, w http.ResponseWriter, params map[string]any, msg string) {
w.WriteHeader(http.StatusInternalServerError)
params["complete_error_msg"] = msg
_ = templates.ExecuteTemplate(w, "500", params)
}
func ErrorPage501(templates *template.Template, w http.ResponseWriter, params map[string]any) {
w.WriteHeader(http.StatusNotImplemented)
_ = templates.ExecuteTemplate(w, "501", params)
}