dzming.li
commits
This new db migration won't migrate existing records in repos table.
Instead, it will simply rename the legacy table to `repos_old` and
create a new one with same name.
repo backfill will be done with tap
Signed-off-by: Seongmin Lee <git@boltless.me>
create new one if it's missing
Signed-off-by: Seongmin Lee <git@boltless.me>
This commit won't work without following spindle rewrite to use tap and
introduce backfill because repos table is empty yet.
Signed-off-by: Seongmin Lee <git@boltless.me>
1. Use repo AT-URI as identifier.
2. Use `dom` field rather than `obj` to filter by repository. So now
it's "user with role A in repo B can do action D to field C" where
`A,B,C,D` are `sub,dom,obj,act`.
3. Manage app-logic rules in embedded csv file which won't be saved in
db and load to memory on start. This makes app's global rbac rule
change easier as we just need to edit the csv file.
Many permission check methods are missing, but should be enough to test
this new RBAC enforcer package in spindle.
Related issue: <https://tangled.org/tangled.org/core/issues/282>
Signed-off-by: Seongmin Lee <git@boltless.me>
- did-method-plc
- bluesky-jetstream
- bluesky-relay
- tap
Signed-off-by: Seongmin Lee <git@boltless.me>
We will start using our own forked version of indigo package.
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: Lewis <lewis@tangled.org>
Signed-off-by: Lewis <lewis@tangled.org>
Signed-off-by: Lewis <lewis@tangled.org>
Signed-off-by: Lewis <lewis@tangled.org>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: Lewis <lewis@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: oppiliappan <me@oppi.li>
🤑📈
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Compares the incoming host to the domain in the KV map, and fetches the
relevant site from R2. Written in Rust, compiled to wasm using
`worker-build`.
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
wip: repo pages settings and cf r2/kv setup
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Orphaned `sh.tangled.string` records on users' PDSs cannot be cleaned up
by the appview and they would need to be removed manually by each user.
Signed-off-by: Youn Mélois <youn@melois.dev>
Add support for AVIF, JPEG XL, and HEIF image formats across the stack:
- knotserver/xrpc: override MIME types for formats that Go's
http.DetectContentType does not recognize (.avif, .jxl, .heic, .heif),
using a switch statement like the existing .svg override
- camo: add image/avif, image/heif, and image/jxl to the allowed MIME
types list
- appview/repo: add .avif, .jxl, .heic, .heif to the image extension
list in the blob viewer
Without these changes, AVIF files (and other modern formats) are rejected
by the knot server with a 403 (detected as application/octet-stream),
blocked by the camo proxy with a 415, and not previewed in the blob viewer.
Signed-off-by: Niclas Overby <niclas@overby.me>
Both policies were rebuilt on every NewSanitizer() call. This included
compiling the chroma syntax-highlight class regex by iterating
chroma.StandardTypes and joining ~200 type names into a regex alternation,
on every invocation — including from inside the pull request HTTP handler,
making it a per-request cost.
Move both policies to package-level vars initialized once in init().
NewSanitizer() is now a pair of pointer assignments. This is safe per the
bluemonday README: "it is safe to use the policy in multiple goroutines".
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
Signed-off-by: oppiliappan <me@oppi.li>
The devshell copied assets from the Nix store with preserved mode
bits, which left files in appview/pages/static read-only and caused
repeated cp permission errors on subsequent nix develop runs.
Stop preserving mode so generated static files remain writable across
shell entries.
AI-assisted: OpenCode (openai/gpt-5.3-codex)
Signed-off-by: Alessio Caiazza <code.git@caiazza.info>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
The appview crashes on startup if Redis is not running:
appview: failed to start appview err="failed to start oauth handler:
failed to connect to redis: dial tcp [::1]:6379: connect: connection refused"
Reorder the "Running the appview" section so the Redis and
OAuth JWKs prerequisites come before the watch-appview command,
matching the actual dependency order.
Signed-off-by: Alessio Caiazza <code.git@caiazza.info>
Signed-off-by: Evan Jarrett <evan@evanjarrett.com>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
do not refresh after token expiry, do it before
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
Move blobPattern, treePattern, and pathAfterRefRE to package-level
vars so they are compiled once and reused across GetRepoInfo and
path resolution calls instead of recompiling on every request.
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
the learn-more button in the features set caused an overflow on home
page.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: marco.tngl.sh <dev@marco.social>
Signed-off-by: marco.tngl.sh <dev@marco.social>
Signed-off-by: marco.tngl.sh <dev@marco.social>
Signed-off-by: marco.tngl.sh <dev@marco.social>
Add {ctrl,cmd}+Enter shortcut to submit issues.
See https://tangled.org/tangled.org/core/issues/412
Signed-off-by: marco.tngl.sh <dev@marco.social>
When reviewing a pull request with multiple files, the currently visible
file is now highlighted (bolded) in the filetree sidebar. This makes it
easier to track your position when scrolling through large diffs and
lose track of the header of the file you're looking at.
The highlight updates on scroll and also responds to clicks on filetree
links.
Signed-off-by: Jes Olson <j3s@c3f.net>
1. Use repo AT-URI as identifier.
2. Use `dom` field rather than `obj` to filter by repository. So now
it's "user with role A in repo B can do action D to field C" where
`A,B,C,D` are `sub,dom,obj,act`.
3. Manage app-logic rules in embedded csv file which won't be saved in
db and load to memory on start. This makes app's global rbac rule
change easier as we just need to edit the csv file.
Many permission check methods are missing, but should be enough to test
this new RBAC enforcer package in spindle.
Related issue: <https://tangled.org/tangled.org/core/issues/282>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Compares the incoming host to the domain in the KV map, and fetches the
relevant site from R2. Written in Rust, compiled to wasm using
`worker-build`.
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
wip: repo pages settings and cf r2/kv setup
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Add support for AVIF, JPEG XL, and HEIF image formats across the stack:
- knotserver/xrpc: override MIME types for formats that Go's
http.DetectContentType does not recognize (.avif, .jxl, .heic, .heif),
using a switch statement like the existing .svg override
- camo: add image/avif, image/heif, and image/jxl to the allowed MIME
types list
- appview/repo: add .avif, .jxl, .heic, .heif to the image extension
list in the blob viewer
Without these changes, AVIF files (and other modern formats) are rejected
by the knot server with a 403 (detected as application/octet-stream),
blocked by the camo proxy with a 415, and not previewed in the blob viewer.
Signed-off-by: Niclas Overby <niclas@overby.me>
Both policies were rebuilt on every NewSanitizer() call. This included
compiling the chroma syntax-highlight class regex by iterating
chroma.StandardTypes and joining ~200 type names into a regex alternation,
on every invocation — including from inside the pull request HTTP handler,
making it a per-request cost.
Move both policies to package-level vars initialized once in init().
NewSanitizer() is now a pair of pointer assignments. This is safe per the
bluemonday README: "it is safe to use the policy in multiple goroutines".
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
The devshell copied assets from the Nix store with preserved mode
bits, which left files in appview/pages/static read-only and caused
repeated cp permission errors on subsequent nix develop runs.
Stop preserving mode so generated static files remain writable across
shell entries.
AI-assisted: OpenCode (openai/gpt-5.3-codex)
Signed-off-by: Alessio Caiazza <code.git@caiazza.info>
The appview crashes on startup if Redis is not running:
appview: failed to start appview err="failed to start oauth handler:
failed to connect to redis: dial tcp [::1]:6379: connect: connection refused"
Reorder the "Running the appview" section so the Redis and
OAuth JWKs prerequisites come before the watch-appview command,
matching the actual dependency order.
Signed-off-by: Alessio Caiazza <code.git@caiazza.info>
When reviewing a pull request with multiple files, the currently visible
file is now highlighted (bolded) in the filetree sidebar. This makes it
easier to track your position when scrolling through large diffs and
lose track of the header of the file you're looking at.
The highlight updates on scroll and also responds to clicks on filetree
links.
Signed-off-by: Jes Olson <j3s@c3f.net>