tenseleyflow/shithub / 0056ee6

+//	GET/POST /{owner}/{repo}/edit/*

+//	GET/POST /{owner}/{repo}/new/*

+//	GET/POST /{owner}/{repo}/delete/*

+//	GET/POST /{owner}/{repo}/upload/*

+	r.Post("/{owner}/{repo}/markdown-preview", h.codeMarkdownPreview)

+	r.Get("/{owner}/{repo}/edit/*", h.codeEditForm)

+	r.Post("/{owner}/{repo}/edit/*", h.codeEditSubmit)

+	r.Get("/{owner}/{repo}/new/*", h.codeNewForm)

+	r.Post("/{owner}/{repo}/new/*", h.codeNewSubmit)

+	r.Get("/{owner}/{repo}/delete/*", h.codeDeleteForm)

+	r.Post("/{owner}/{repo}/delete/*", h.codeDeleteSubmit)

+	r.Get("/{owner}/{repo}/upload/*", h.codeUploadForm)

+	r.Post("/{owner}/{repo}/upload/*", h.codeUploadSubmit)

+	return h.loadCodeContextFor(w, r, policy.ActionRepoRead)

+}

+

+func (h *Handlers) loadCodeContextFor(w http.ResponseWriter, r *http.Request, action policy.Action) (*codeContext, bool) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, action)

+func (cc *codeContext) isBranchRef() bool {

+	for _, b := range cc.refs.Branches {

+		if b.Name == cc.ref {

+			return true

+		}

+	}

+	return false

+}

+

+func (h *Handlers) canWriteRepo(r *http.Request, row reposdb.Repo) bool {

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if viewer.IsAnonymous() {

+		return false

+	}

+	dec := policy.Can(r.Context(), policy.Deps{Pool: h.d.Pool}, viewer.PolicyActor(), policy.ActionRepoWrite, policy.NewRepoRefFromRepo(row))

+	return dec.Allow

+}

+

+	readme := h.findAndRenderREADME(r, cc, entries)

+	canWrite := h.canWriteRepo(r, cc.row) && cc.isBranchRef()

+		"README":        template.HTML(readme.HTML), //nolint:gosec // sanitized by mdrender

+		"READMEPath":    readme.Path,

+		"CanWrite":      canWrite,

+type readmeRender struct {

+	HTML string

+	Path string

+}

+

+func (h *Handlers) findAndRenderREADME(r *http.Request, cc *codeContext, entries []repogit.TreeEntry) readmeRender {

+			return readmeRender{}

+				return readmeRender{Path: full, HTML: rewriteMarkdownRelativeURLs(

+				)}

+		return readmeRender{Path: full, HTML: "<pre class=\"shithub-readme-plain\">" + template.HTMLEscapeString(string(body)) + "</pre>"}

+	return readmeRender{}

+		"CanWrite":     h.canWriteRepo(r, cc.row) && cc.isBranchRef(),

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package repo

+

+import (

+	"errors"

+	"fmt"

+	"html/template"

+	"io"

+	"net/http"

+	"path"

+	"strings"

+

+	"github.com/tenseleyFlow/shithub/internal/auth/policy"

+	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"

+	repogit "github.com/tenseleyFlow/shithub/internal/repos/git"

+	"github.com/tenseleyFlow/shithub/internal/repos/webedit"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+)

+

+type codeEditorData struct {

+	Title       string

+	CSRFToken   string

+	Owner       string

+	Repo        any

+	Ref         string

+	RefDisplay  string

+	BaseOID     string

+	Path        string

+	Crumbs      []Breadcrumb

+	Mode        string

+	FormAction  string

+	CancelURL   string

+	PreviewURL  string

+	PathValue   string

+	Content     string

+	UploadDir   string

+	Message     string

+	Description string

+	Primary     string

+	Error       string

+	Notice      string

+	IsMarkdown  bool

+

+	RepoCounts   any

+	CanSettings  bool

+	ActiveSubnav string

+}

+

+func (h *Handlers) codeEditForm(w http.ResponseWriter, r *http.Request) {

+	cc, ok := h.loadCodeContextFor(w, r, policy.ActionRepoWrite)

+	if !ok || !h.requireEditableBranch(w, r, cc) {

+		return

+	}

+	content, ok := h.editableBlobContent(w, r, cc)

+	if !ok {

+		return

+	}

+	data := h.editorData(r, cc, "edit", cc.subpath, string(content))

+	h.renderEditor(w, r, data, http.StatusOK)

+}

+

+func (h *Handlers) codeEditSubmit(w http.ResponseWriter, r *http.Request) {

+	cc, ok := h.loadCodeContextFor(w, r, policy.ActionRepoWrite)

+	if !ok || !h.requireEditableBranch(w, r, cc) {

+		return

+	}

+	r.Body = http.MaxBytesReader(w, r.Body, webedit.MaxTextBytes+128*1024)

+	if err := r.ParseForm(); err != nil {

+		data := h.editorData(r, cc, "edit", cc.subpath, "")

+		data.Error = "The submitted file is too large or could not be read."

+		h.renderEditor(w, r, data, http.StatusRequestEntityTooLarge)

+		return

+	}

+	target := cleanEditorPath(r.PostFormValue("path"))

+	if target == "" {

+		target = cc.subpath

+	}

+	content := []byte(r.PostFormValue("content"))

+	if len(content) > webedit.MaxTextBytes {

+		data := h.editorData(r, cc, "edit", target, string(content))

+		data.Error = "Files edited in the browser must be 1 MiB or smaller."

+		h.renderEditor(w, r, data, http.StatusRequestEntityTooLarge)

+		return

+	}

+	if _, ok := h.editableBlobContent(w, r, cc); !ok {

+		return

+	}

+	op := webedit.OpEdit

+	if target != cc.subpath {

+		op = webedit.OpRename

+	}

+	_, err := h.commitWebEdit(r, cc, webedit.Params{

+		Op:          op,

+		SourcePath:  cc.subpath,

+		TargetPath:  target,

+		Content:     content,

+		BaseOID:     r.PostFormValue("base_oid"),

+		Message:     submittedCommitMessage(r, op, cc, target, nil),

+		Description: r.PostFormValue("commit_description"),

+	})

+	if err != nil {

+		data := h.editorData(r, cc, "edit", target, string(content))

+		data.Message = r.PostFormValue("commit_message")

+		data.Description = r.PostFormValue("commit_description")

+		h.renderWebEditError(w, r, data, err)

+		return

+	}

+	http.Redirect(w, r, codeURL(cc.owner, cc.row.Name, "blob", cc.ref, target), http.StatusSeeOther)

+}

+

+func (h *Handlers) codeNewForm(w http.ResponseWriter, r *http.Request) {

+	cc, ok := h.loadCodeContextFor(w, r, policy.ActionRepoWrite)

+	if !ok || !h.requireEditableBranch(w, r, cc) || !h.requireDirectory(w, r, cc) {

+		return

+	}

+	prefix := cc.subpath

+	if prefix != "" {

+		prefix += "/"

+	}

+	data := h.editorData(r, cc, "new", prefix, "")

+	h.renderEditor(w, r, data, http.StatusOK)

+}

+

+func (h *Handlers) codeNewSubmit(w http.ResponseWriter, r *http.Request) {

+	cc, ok := h.loadCodeContextFor(w, r, policy.ActionRepoWrite)

+	if !ok || !h.requireEditableBranch(w, r, cc) || !h.requireDirectory(w, r, cc) {

+		return

+	}

+	r.Body = http.MaxBytesReader(w, r.Body, webedit.MaxTextBytes+128*1024)

+	if err := r.ParseForm(); err != nil {

+		data := h.editorData(r, cc, "new", cc.subpath, "")

+		data.Error = "The submitted file is too large or could not be read."

+		h.renderEditor(w, r, data, http.StatusRequestEntityTooLarge)

+		return

+	}

+	target := cleanEditorPath(r.PostFormValue("path"))

+	content := []byte(r.PostFormValue("content"))

+	if len(content) > webedit.MaxTextBytes {

+		data := h.editorData(r, cc, "new", target, string(content))

+		data.Error = "Files edited in the browser must be 1 MiB or smaller."

+		h.renderEditor(w, r, data, http.StatusRequestEntityTooLarge)

+		return

+	}

+	if _, err := h.commitWebEdit(r, cc, webedit.Params{

+		Op:          webedit.OpCreate,

+		TargetPath:  target,

+		Content:     content,

+		BaseOID:     r.PostFormValue("base_oid"),

+		Message:     submittedCommitMessage(r, webedit.OpCreate, cc, target, nil),

+		Description: r.PostFormValue("commit_description"),

+	}); err != nil {

+		data := h.editorData(r, cc, "new", target, string(content))

+		data.Message = r.PostFormValue("commit_message")

+		data.Description = r.PostFormValue("commit_description")

+		h.renderWebEditError(w, r, data, err)

+		return

+	}

+	http.Redirect(w, r, codeURL(cc.owner, cc.row.Name, "blob", cc.ref, target), http.StatusSeeOther)

+}

+

+func (h *Handlers) codeDeleteForm(w http.ResponseWriter, r *http.Request) {

+	cc, ok := h.loadCodeContextFor(w, r, policy.ActionRepoWrite)

+	if !ok || !h.requireEditableBranch(w, r, cc) {

+		return

+	}

+	if !h.deletableBlob(w, r, cc) {

+		return

+	}

+	data := h.editorData(r, cc, "delete", cc.subpath, "")

+	h.renderEditor(w, r, data, http.StatusOK)

+}

+

+func (h *Handlers) codeDeleteSubmit(w http.ResponseWriter, r *http.Request) {

+	cc, ok := h.loadCodeContextFor(w, r, policy.ActionRepoWrite)

+	if !ok || !h.requireEditableBranch(w, r, cc) {

+		return

+	}

+	r.Body = http.MaxBytesReader(w, r.Body, 128*1024)

+	if err := r.ParseForm(); err != nil {

+		data := h.editorData(r, cc, "delete", cc.subpath, "")

+		data.Error = "The submitted form could not be read."

+		h.renderEditor(w, r, data, http.StatusBadRequest)

+		return

+	}

+	if _, err := h.commitWebEdit(r, cc, webedit.Params{

+		Op:          webedit.OpDelete,

+		SourcePath:  cc.subpath,

+		BaseOID:     r.PostFormValue("base_oid"),

+		Message:     submittedCommitMessage(r, webedit.OpDelete, cc, cc.subpath, nil),

+		Description: r.PostFormValue("commit_description"),

+	}); err != nil {

+		data := h.editorData(r, cc, "delete", cc.subpath, "")

+		data.Message = r.PostFormValue("commit_message")

+		data.Description = r.PostFormValue("commit_description")

+		h.renderWebEditError(w, r, data, err)

+		return

+	}

+	http.Redirect(w, r, codeURL(cc.owner, cc.row.Name, "tree", cc.ref, parentPath(cc.subpath)), http.StatusSeeOther)

+}

+

+func (h *Handlers) codeUploadForm(w http.ResponseWriter, r *http.Request) {

+	cc, ok := h.loadCodeContextFor(w, r, policy.ActionRepoWrite)

+	if !ok || !h.requireEditableBranch(w, r, cc) || !h.requireDirectory(w, r, cc) {

+		return

+	}

+	data := h.editorData(r, cc, "upload", "", "")

+	h.renderEditor(w, r, data, http.StatusOK)

+}

+

+func (h *Handlers) codeUploadSubmit(w http.ResponseWriter, r *http.Request) {

+	cc, ok := h.loadCodeContextFor(w, r, policy.ActionRepoWrite)

+	if !ok || !h.requireEditableBranch(w, r, cc) || !h.requireDirectory(w, r, cc) {

+		return

+	}

+	r.Body = http.MaxBytesReader(w, r.Body, webedit.MaxUploadBytes)

+	if err := r.ParseMultipartForm(webedit.MaxUploadBytes); err != nil {

+		data := h.editorData(r, cc, "upload", "", "")

+		data.Error = "The uploaded files are too large or could not be read."

+		h.renderEditor(w, r, data, http.StatusRequestEntityTooLarge)

+		return

+	}

+	files, err := uploadedFiles(r, cc.subpath)

+	if err != nil {

+		data := h.editorData(r, cc, "upload", "", "")

+		data.Message = r.PostFormValue("commit_message")

+		data.Description = r.PostFormValue("commit_description")

+		data.Error = friendlyWebEditError(err)

+		h.renderEditor(w, r, data, editorStatus(err))

+		return

+	}

+	if _, err := h.commitWebEdit(r, cc, webedit.Params{

+		Op:          webedit.OpUpload,

+		Files:       files,

+		BaseOID:     r.PostFormValue("base_oid"),

+		Message:     submittedCommitMessage(r, webedit.OpUpload, cc, "", files),

+		Description: r.PostFormValue("commit_description"),

+	}); err != nil {

+		data := h.editorData(r, cc, "upload", "", "")

+		data.Message = r.PostFormValue("commit_message")

+		data.Description = r.PostFormValue("commit_description")

+		h.renderWebEditError(w, r, data, err)

+		return

+	}

+	target := codeURL(cc.owner, cc.row.Name, "tree", cc.ref, cc.subpath)

+	if len(files) == 1 {

+		target = codeURL(cc.owner, cc.row.Name, "blob", cc.ref, files[0].Path)

+	}

+	http.Redirect(w, r, target, http.StatusSeeOther)

+}

+

+func (h *Handlers) codeMarkdownPreview(w http.ResponseWriter, r *http.Request) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionRepoRead)

+	if !ok {

+		return

+	}

+	r.Body = http.MaxBytesReader(w, r.Body, webedit.MaxTextBytes+128*1024)

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusRequestEntityTooLarge, "")

+		return

+	}

+	body := []byte(r.PostFormValue("content"))

+	if len(body) > webedit.MaxTextBytes {

+		h.d.Render.HTTPError(w, r, http.StatusRequestEntityTooLarge, "")

+		return

+	}

+	rendered, err := mdrender.RenderDocumentHTML(body)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	ref := r.PostFormValue("ref")

+	if ref == "" {

+		ref = row.DefaultBranch

+	}

+	filePath := cleanEditorPath(r.PostFormValue("path"))

+	dir := parentPath(filePath)

+	if !validateSubpath(dir) {

+		dir = ""

+	}

+	rendered = rewriteMarkdownRelativeURLs(

+		rendered,

+		codeRouteBase(owner.Username, row.Name, "blob", ref, dir),

+		codeRouteBase(owner.Username, row.Name, "blob", ref, ""),

+		codeRouteBase(owner.Username, row.Name, "raw", ref, dir),

+		codeRouteBase(owner.Username, row.Name, "raw", ref, ""),

+	)

+	w.Header().Set("Content-Type", "text/html; charset=utf-8")

+	if err := h.d.Render.RenderFragment(w, "repo/markdown_preview", map[string]any{

+		"MarkdownHTML": template.HTML(rendered), //nolint:gosec // sanitized by markdown renderer

+	}); err != nil {

+		h.d.Logger.WarnContext(r.Context(), "code: markdown preview", "error", err)

+	}

+}

+

+func (h *Handlers) editorData(r *http.Request, cc *codeContext, mode, pathValue, content string) codeEditorData {

+	head, headFound, _ := repogit.CommitAt(r.Context(), cc.gitDir, cc.ref)

+	baseOID := ""

+	if headFound {

+		baseOID = head.OID

+	}

+	titleVerb := map[string]string{

+		"edit":   "Edit",

+		"new":    "Create new file",

+		"delete": "Delete",

+		"upload": "Upload files",

+	}[mode]

+	primary := map[string]string{

+		"edit":   "Commit changes",

+		"new":    "Commit new file",

+		"delete": "Commit deletion",

+		"upload": "Commit files",

+	}[mode]

+	if titleVerb == "" {

+		titleVerb = "Edit"

+	}

+	cancelPath := cc.subpath

+	cancelKind := "blob"

+	if mode == "new" || mode == "upload" || cc.subpath == "" {

+		cancelKind = "tree"

+	}

+	if mode == "delete" {

+		cancelPath = cc.subpath

+	}

+	defaultOp := webedit.Op(mode)

+	if mode == "edit" {

+		defaultOp = webedit.OpEdit

+	}

+	if mode == "new" {

+		defaultOp = webedit.OpCreate

+	}

+	if mode == "delete" {

+		defaultOp = webedit.OpDelete

+	}

+	if mode == "upload" {

+		defaultOp = webedit.OpUpload

+	}

+	message := webedit.DefaultMessage(defaultOp, cc.subpath, cleanEditorPath(pathValue), nil)

+	if mode == "upload" {

+		message = webedit.DefaultMessage(webedit.OpUpload, "", "", nil)

+	}

+	return codeEditorData{

+		Title:        titleVerb + " · " + cc.row.Name,

+		CSRFToken:    middleware.CSRFTokenForRequest(r),

+		Owner:        cc.owner,

+		Repo:         cc.row,

+		Ref:          cc.ref,

+		RefDisplay:   codeRefDisplay(cc.ref),

+		BaseOID:      baseOID,

+		Path:         cc.subpath,

+		Crumbs:       breadcrumbs(cc.owner, cc.row.Name, cc.ref, cc.subpath),

+		Mode:         mode,

+		FormAction:   editorActionURL(cc.owner, cc.row.Name, mode, cc.ref, cc.subpath),

+		CancelURL:    codeURL(cc.owner, cc.row.Name, cancelKind, cc.ref, cancelPath),

+		PreviewURL:   "/" + cc.owner + "/" + cc.row.Name + "/markdown-preview",

+		PathValue:    pathValue,

+		Content:      content,

+		UploadDir:    cc.subpath,

+		Message:      message,

+		Primary:      primary,

+		IsMarkdown:   hasExt(strings.ToLower(pathValue), []string{".md", ".markdown"}),

+		RepoCounts:   h.subnavCounts(r.Context(), cc.row.ID, cc.row.ForkCount),

+		CanSettings:  h.canViewSettings(middleware.CurrentUserFromContext(r.Context())),

+		ActiveSubnav: "code",

+	}

+}

+

+func (h *Handlers) renderEditor(w http.ResponseWriter, r *http.Request, data codeEditorData, status int) {

+	if status != http.StatusOK {

+		w.WriteHeader(status)

+	}

+	h.d.Render.RenderPage(w, r, "repo/editor", data)

+}

+

+func (h *Handlers) renderWebEditError(w http.ResponseWriter, r *http.Request, data codeEditorData, err error) {

+	if editorStatus(err) >= http.StatusInternalServerError {

+		h.d.Logger.WarnContext(r.Context(), "code: web edit", "error", err)

+	}

+	data.Error = friendlyWebEditError(err)

+	h.renderEditor(w, r, data, editorStatus(err))

+}

+

+func (h *Handlers) commitWebEdit(r *http.Request, cc *codeContext, p webedit.Params) (webedit.Result, error) {

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	p.GitDir = cc.gitDir

+	p.Repo = cc.row

+	p.Branch = cc.ref

+	p.ActorUserID = viewer.ID

+	p.RequestID = middleware.RequestIDFromContext(r.Context())

+	return webedit.Commit(r.Context(), webedit.Deps{Pool: h.d.Pool, Logger: h.d.Logger}, p)

+}

+

+func (h *Handlers) requireEditableBranch(w http.ResponseWriter, r *http.Request, cc *codeContext) bool {

+	if cc.isBranchRef() {

+		return true

+	}

+	h.d.Render.HTTPError(w, r, http.StatusBadRequest, "Files can only be edited on a branch.")

+	return false

+}

+

+func (h *Handlers) requireDirectory(w http.ResponseWriter, r *http.Request, cc *codeContext) bool {

+	if cc.subpath == "" {

+		return true

+	}

+	kind, _, _, err := repogit.StatPath(r.Context(), cc.gitDir, cc.ref, cc.subpath)

+	if err != nil || kind != repogit.EntryTree {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return false

+	}

+	return true

+}

+

+func (h *Handlers) editableBlobContent(w http.ResponseWriter, r *http.Request, cc *codeContext) ([]byte, bool) {

+	kind, _, size, err := repogit.StatPath(r.Context(), cc.gitDir, cc.ref, cc.subpath)

+	if err != nil || kind != repogit.EntryBlob {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return nil, false

+	}

+	if size > webedit.MaxTextBytes {

+		h.d.Render.HTTPError(w, r, http.StatusRequestEntityTooLarge, "Files edited in the browser must be 1 MiB or smaller.")

+		return nil, false

+	}

+	body, err := repogit.ReadBlobBytes(r.Context(), cc.gitDir, cc.ref, cc.subpath, webedit.MaxTextBytes)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return nil, false

+	}

+	if webedit.IsBinary(body) {

+		h.d.Render.HTTPError(w, r, http.StatusUnsupportedMediaType, "Binary files cannot be edited in the browser.")

+		return nil, false

+	}

+	return body, true

+}

+

+func (h *Handlers) deletableBlob(w http.ResponseWriter, r *http.Request, cc *codeContext) bool {

+	kind, _, _, err := repogit.StatPath(r.Context(), cc.gitDir, cc.ref, cc.subpath)

+	if err != nil || kind != repogit.EntryBlob {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return false

+	}

+	return true

+}

+

+func uploadedFiles(r *http.Request, dir string) ([]webedit.File, error) {

+	if r.MultipartForm == nil || r.MultipartForm.File == nil {

+		return nil, webedit.ErrInvalidOperation

+	}

+	headers := r.MultipartForm.File["files"]

+	if len(headers) == 0 {

+		return nil, webedit.ErrInvalidOperation

+	}

+	files := make([]webedit.File, 0, len(headers))

+	for _, header := range headers {

+		name := strings.ReplaceAll(header.Filename, "\\", "/")

+		name = path.Base(name)

+		if name == "." || name == "/" || strings.TrimSpace(name) == "" {

+			return nil, webedit.ErrInvalidPath

+		}

+		target := joinPath(dir, name)

+		if err := webedit.ValidateFilePath(target); err != nil {

+			return nil, err

+		}

+		f, err := header.Open()

+		if err != nil {

+			return nil, fmt.Errorf("webedit: open upload: %w", err)

+		}

+		body, readErr := io.ReadAll(io.LimitReader(f, webedit.MaxUploadFileBytes+1))

+		closeErr := f.Close()

+		if readErr != nil {

+			return nil, fmt.Errorf("webedit: read upload: %w", readErr)

+		}

+		if closeErr != nil {

+			return nil, fmt.Errorf("webedit: close upload: %w", closeErr)

+		}

+		if len(body) > webedit.MaxUploadFileBytes {

+			return nil, webedit.ErrBlobTooLarge

+		}

+		files = append(files, webedit.File{Path: target, Body: body})

+	}

+	return files, nil

+}

+

+func friendlyWebEditError(err error) string {

+	switch {

+	case errors.Is(err, webedit.ErrNoVerifiedEmail):

+		return "You need a verified primary email address before committing from the web editor."

+	case errors.Is(err, webedit.ErrConflict):

+		return "This branch changed while you were editing. Review your changes and try again."

+	case errors.Is(err, webedit.ErrProtected):

+		msg := strings.TrimPrefix(err.Error(), webedit.ErrProtected.Error()+": ")

+		if msg != err.Error() {

+			return msg

+		}

+		return "This branch is protected and cannot accept direct commits."

+	case errors.Is(err, webedit.ErrPathExists):

+		return "A file already exists at that path."

+	case errors.Is(err, webedit.ErrPathNotFound):

+		return "The file no longer exists on this branch."

+	case errors.Is(err, webedit.ErrInvalidBranch):

+		return "Choose a branch before committing changes."

+	case errors.Is(err, webedit.ErrInvalidPath):

+		return "Enter a valid repository path."

+	case errors.Is(err, webedit.ErrUnsupportedEntry):

+		return "Only regular files can be edited from the browser."

+	case errors.Is(err, webedit.ErrBinary):

+		return "Binary content cannot be edited from the browser."

+	case errors.Is(err, webedit.ErrBlobTooLarge):

+		return "The submitted file is too large."

+	case errors.Is(err, webedit.ErrInvalidOperation):

+		return "Choose at least one file to commit."

+	default:

+		return "The file could not be committed."

+	}

+}

+

+func editorStatus(err error) int {

+	switch {

+	case errors.Is(err, webedit.ErrConflict), errors.Is(err, webedit.ErrPathExists):

+		return http.StatusConflict

+	case errors.Is(err, webedit.ErrProtected):

+		return http.StatusForbidden

+	case errors.Is(err, webedit.ErrPathNotFound):

+		return http.StatusNotFound

+	case errors.Is(err, webedit.ErrBlobTooLarge):

+		return http.StatusRequestEntityTooLarge

+	case errors.Is(err, webedit.ErrInvalidPath), errors.Is(err, webedit.ErrInvalidBranch), errors.Is(err, webedit.ErrInvalidOperation), errors.Is(err, webedit.ErrUnsupportedEntry), errors.Is(err, webedit.ErrBinary), errors.Is(err, webedit.ErrNoVerifiedEmail):

+		return http.StatusBadRequest

+	default:

+		return http.StatusInternalServerError

+	}

+}

+

+func cleanEditorPath(p string) string {

+	return strings.Trim(strings.TrimSpace(p), "/")

+}

+

+func parentPath(p string) string {

+	if p == "" {

+		return ""

+	}

+	parent := path.Dir(p)

+	if parent == "." {

+		return ""

+	}

+	return parent

+}

+

+func editorActionURL(owner, repoName, mode, ref, p string) string {

+	return codeURL(owner, repoName, mode, ref, p)

+}

+

+func submittedCommitMessage(r *http.Request, op webedit.Op, cc *codeContext, target string, files []webedit.File) string {

+	msg := strings.TrimSpace(r.PostFormValue("commit_message"))

+	switch op {

+	case webedit.OpRename:

+		if msg == webedit.DefaultMessage(webedit.OpEdit, cc.subpath, cc.subpath, nil) {

+			return ""

+		}

+	case webedit.OpCreate:

+		if msg == "Create" || msg == webedit.DefaultMessage(webedit.OpCreate, "", cc.subpath, nil) || msg == webedit.DefaultMessage(webedit.OpCreate, "", cc.subpath+"/", nil) {

+			return ""

+		}

+	case webedit.OpUpload:

+		if msg == webedit.DefaultMessage(webedit.OpUpload, "", "", nil) {

+			return ""

+		}

+	case webedit.OpDelete:

+		if msg == "" {

+			return ""

+		}

+	}

+	return msg

+}

+

+func codeURL(owner, repoName, kind, ref, p string) string {

+	base := "/" + owner + "/" + repoName + "/" + kind + "/" + ref

+	if p == "" {

+		return base + "/"

+	}

+	return base + "/" + p

+}

+		"pencil": trustedSVG(`<svg xmlns="http://www.w3.org/2000/svg" ` + cls +

+			`><path d="M11.013 1.427a1.75 1.75 0 0 1 2.474 2.474l-.9.9-2.474-2.474.9-.9Zm-1.96 1.96L2.75 9.69a.75.75 0 0 0-.197.35l-.75 3.25a.75.75 0 0 0 .9.9l3.25-.75a.75.75 0 0 0 .35-.197l6.303-6.303-2.474-2.474ZM4.25 10.61l5.884-5.884 1.414 1.414-5.884 5.884-2.02.466.466-2.02a.75.75 0 0 0 .14-.14Z"/></svg>`),

+		"trash": trustedSVG(`<svg xmlns="http://www.w3.org/2000/svg" ` + cls +

+			`><path d="M6.5 1.75A1.75 1.75 0 0 1 8.25 0h1.5a1.75 1.75 0 0 1 1.75 1.75V2h3.75a.75.75 0 0 1 0 1.5h-.82l-.76 10.64A2 2 0 0 1 11.68 16H4.32a2 2 0 0 1-1.99-1.86L1.57 3.5H.75a.75.75 0 0 1 0-1.5H6.5v-.25ZM8 2h2v-.25a.25.25 0 0 0-.25-.25h-1.5A.25.25 0 0 0 8 1.75V2ZM3.07 3.5l.76 10.53a.5.5 0 0 0 .5.47h7.34a.5.5 0 0 0 .5-.47l.76-10.53H3.07Zm2.43 2.75A.75.75 0 0 1 6.25 7v5a.75.75 0 0 1-1.5 0V7a.75.75 0 0 1 .75-.75Zm5 0a.75.75 0 0 1 .75.75v5a.75.75 0 0 1-1.5 0V7a.75.75 0 0 1 .75-.75Z"/></svg>`),

+		"upload": trustedSVG(`<svg xmlns="http://www.w3.org/2000/svg" ` + cls +

+			`><path d="M2.75 14A1.75 1.75 0 0 1 1 12.25v-2.5a.75.75 0 0 1 1.5 0v2.5c0 .138.112.25.25.25h10.5a.25.25 0 0 0 .25-.25v-2.5a.75.75 0 0 1 1.5 0v2.5A1.75 1.75 0 0 1 13.25 14ZM7.47 1.22a.75.75 0 0 1 1.06 0l3.75 3.75a.749.749 0 1 1-1.06 1.06L8.75 3.56V11a.75.75 0 0 1-1.5 0V3.56L4.78 6.03a.749.749 0 1 1-1.06-1.06Z"/></svg>`),

+.shithub-button-icon {

+  width: 32px;

+  height: 32px;

+  padding: 0;

+}

+.shithub-add-file-dropdown { position: relative; }

+.shithub-add-file-dropdown > summary {

+  list-style: none;

+  height: 32px;

+  white-space: nowrap;

+}

+.shithub-add-file-dropdown > summary::-webkit-details-marker { display: none; }

+.shithub-add-file-dropdown > summary svg:last-child { width: 12px; height: 12px; }

+.shithub-add-file-panel {

+  position: absolute;

+  z-index: 30;

+  top: calc(100% + 0.4rem);

+  right: 0;

+  min-width: 190px;

+  padding: 0.4rem;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+  background: var(--canvas-default);

+  box-shadow: 0 8px 24px rgba(0, 0, 0, 0.12);

+}

+.shithub-add-file-panel a {

+  display: flex;

+  align-items: center;

+  gap: 0.5rem;

+  padding: 0.45rem 0.55rem;

+  border-radius: 6px;

+  color: var(--fg-default);

+  font-size: 0.875rem;

+  text-decoration: none;

+}

+.shithub-add-file-panel a:hover {

+  background: var(--canvas-subtle);

+  text-decoration: none;

+}

+

+.shithub-readme-head-actions {

+  display: flex;

+  align-items: center;

+  gap: 0.35rem;

+  margin-left: auto;

+}

+  margin: 0;

+.shithub-editor {

+  max-width: 980px;

+  margin: 0 auto;

+}

+.shithub-editor-head {

+  display: flex;

+  align-items: center;

+  justify-content: space-between;

+  gap: 0.75rem;

+  margin: 0 0 0.75rem;

+  flex-wrap: wrap;

+}

+.shithub-editor-ref {

+  display: inline-flex;

+  align-items: center;

+  gap: 0.35rem;

+  min-height: 32px;

+  padding: 0.3rem 0.7rem;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+  color: var(--fg-default);

+  background: var(--canvas-subtle);

+  font-size: 0.875rem;

+}

+.shithub-editor-form {

+  display: grid;

+  gap: 1rem;

+}

+.shithub-editor-path-row {

+  display: grid;

+  grid-template-columns: minmax(120px, 180px) minmax(0, 1fr);

+  align-items: center;

+  gap: 0.75rem;

+  min-width: 0;

+}

+.shithub-editor-path-row span {

+  color: var(--fg-muted);

+  font-size: 0.875rem;

+  font-weight: 600;

+}

+.shithub-editor-path-row input {

+  width: 100%;

+  min-height: 36px;

+  padding: 0.45rem 0.6rem;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+  font: 0.9rem ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, monospace;

+}

+.shithub-editor-panel,

+.shithub-commit-box {

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+  background: var(--canvas-default);

+}

+.shithub-editor-panel-head {

+  display: flex;

+  align-items: center;

+  justify-content: space-between;

+  gap: 0.75rem;

+  padding: 0.75rem 1rem;

+  border-bottom: 1px solid var(--border-default);

+  flex-wrap: wrap;

+}

+.shithub-editor-panel-head h2,

+.shithub-commit-box h2 {

+  margin: 0;

+  font-size: 1rem;

+}

+.shithub-editor-panel-head span {

+  min-width: 0;

+  color: var(--fg-muted);

+  font: 0.85rem ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, monospace;

+  overflow-wrap: anywhere;

+}

+.shithub-editor-tabs {

+  display: flex;

+  gap: 0.25rem;

+  padding: 0 0.75rem;

+  border-bottom: 1px solid var(--border-default);

+  background: var(--canvas-subtle);

+}

+.shithub-editor-tabs button {

+  display: inline-flex;

+  align-items: center;

+  gap: 0.4rem;

+  min-height: 42px;

+  padding: 0 0.75rem;

+  border: 0;

+  border-bottom: 2px solid transparent;

+  color: var(--fg-muted);

+  background: transparent;

+  cursor: pointer;

+  font: inherit;

+  font-size: 0.875rem;

+  font-weight: 600;

+}

+.shithub-editor-tabs button.is-active {

+  color: var(--fg-default);

+  border-bottom-color: var(--accent-emphasis);

+}

+.shithub-editor-textbox {

+  display: grid;

+  grid-template-columns: minmax(3.25rem, auto) minmax(0, 1fr);

+  min-height: min(62vh, 680px);

+  max-height: 720px;

+  overflow: hidden;

+}

+.shithub-editor-gutter,

+.shithub-editor-textbox textarea {

+  margin: 0;

+  padding: 0.75rem 0;

+  border: 0;

+  font-family: ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, "Liberation Mono", monospace;

+  font-size: 0.875rem;

+  line-height: 20px;

+  tab-size: 2;

+}

+.shithub-editor-gutter {

+  min-width: 3.25rem;

+  padding-left: 0.75rem;

+  padding-right: 0.75rem;

+  overflow: hidden;

+  border-right: 1px solid var(--border-default);

+  color: var(--fg-muted);

+  background: var(--canvas-subtle);

+  text-align: right;

+  user-select: none;

+}

+.shithub-editor-textbox textarea {

+  width: 100%;

+  min-height: min(62vh, 680px);

+  padding-left: 0.75rem;

+  padding-right: 0.75rem;

+  resize: vertical;

+  outline: none;

+  background: var(--canvas-default);

+  color: var(--fg-default);

+  white-space: pre;

+  overflow: auto;

+}

+.shithub-editor-textbox textarea:focus {

+  box-shadow: inset 0 0 0 2px var(--accent-emphasis);

+}

+.shithub-editor-preview {

+  min-height: 280px;

+  padding: 1rem;

+}

+.shithub-editor-preview-body {

+  color: var(--fg-default);

+}

+.shithub-editor-preview-empty {

+  margin: 0;

+  color: var(--fg-muted);

+}

+.shithub-editor-danger {

+  border-color: rgba(248, 81, 73, 0.35);

+}

+.shithub-editor-danger p {

+  margin: 0;

+  padding: 1rem;

+  color: var(--fg-muted);

+}

+.shithub-upload-drop {

+  position: relative;

+  display: flex;

+  align-items: center;

+  justify-content: center;

+  gap: 0.5rem;

+  min-height: 156px;

+  margin: 1rem;

+  border: 1px dashed var(--border-default);

+  border-radius: 6px;

+  color: var(--fg-muted);

+  background: var(--canvas-subtle);

+  cursor: pointer;

+  font-weight: 600;

+}

+.shithub-upload-drop:hover {

+  color: var(--fg-default);

+  border-color: var(--accent-emphasis);

+}

+.shithub-upload-drop input {

+  position: absolute;

+  inline-size: 1px;

+  block-size: 1px;

+  opacity: 0;

+  pointer-events: none;

+}

+.shithub-upload-list {

+  margin: 0 1rem 1rem;

+  padding-left: 1.25rem;

+  color: var(--fg-muted);

+  font-size: 0.875rem;

+}

+.shithub-commit-box {

+  display: grid;

+  gap: 0.75rem;

+  padding: 1rem;

+}

+.shithub-commit-box input,

+.shithub-commit-box textarea {

+  width: 100%;

+  padding: 0.5rem 0.6rem;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+  font: inherit;

+}

+.shithub-commit-target {

+  display: flex;

+  align-items: center;

+  gap: 0.4rem;

+  color: var(--fg-muted);

+  font-size: 0.875rem;

+}

+@media (max-width: 640px) {

+  .shithub-editor-path-row {

+    grid-template-columns: 1fr;

+    gap: 0.35rem;

+  }

+  .shithub-editor-tabs {

+    overflow-x: auto;

+  }

+  .shithub-editor-textbox {

+    min-height: 460px;

+  }

+  .shithub-editor-textbox textarea {

+    min-height: 460px;

+  }

+  .shithub-editor .shithub-form-actions {

+    justify-content: stretch;

+    flex-wrap: wrap;

+  }

+  .shithub-editor .shithub-form-actions .shithub-button,

+  .shithub-editor .shithub-form-actions button {

+    flex: 1 1 160px;

+  }

+}

+

+      {{ if and .CanWrite (not .IsLarge) (not .IsBinary) }}

+      <a href="/{{ .Owner }}/{{ .Repo.Name }}/edit/{{ .Ref }}/{{ .Path }}" class="shithub-button shithub-button-icon" title="Edit this file" aria-label="Edit this file">{{ octicon "pencil" }}</a>

+      {{ end }}

+      {{ if .CanWrite }}

+      <a href="/{{ .Owner }}/{{ .Repo.Name }}/delete/{{ .Ref }}/{{ .Path }}" class="shithub-button shithub-button-icon" title="Delete this file" aria-label="Delete this file">{{ octicon "trash" }}</a>

+      {{ end }}

+{{ define "page" -}}

+<section class="shithub-repo-page">

+  {{ template "repo-header" . }}

+

+  <main class="shithub-editor" data-code-editor>

+    <header class="shithub-editor-head">

+      <nav class="shithub-code-crumbs" aria-label="Breadcrumb">

+        {{ range $i, $c := .Crumbs }}

+          {{ if $i }}<span class="shithub-code-sep">/</span>{{ end }}

+          <a href="{{ $c.URL }}">{{ $c.Name }}</a>

+        {{ end }}

+      </nav>

+      <span class="shithub-editor-ref">{{ octicon "git-branch" }} {{ .RefDisplay }}</span>

+    </header>

+

+    {{ with .Error }}<p class="shithub-flash shithub-flash-error" role="alert">{{ . }}</p>{{ end }}

+    {{ with .Notice }}<p class="shithub-flash shithub-flash-notice" role="status">{{ . }}</p>{{ end }}

+

+    <form method="post" action="{{ .FormAction }}" class="shithub-editor-form"{{ if eq .Mode "upload" }} enctype="multipart/form-data"{{ end }}>

+      <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+      <input type="hidden" name="base_oid" value="{{ .BaseOID }}">

+

+      {{ if eq .Mode "upload" }}

+      <section class="shithub-editor-panel">

+        <div class="shithub-editor-panel-head">

+          <h2>Upload files</h2>

+          <span>{{ if .UploadDir }}{{ .UploadDir }}{{ else }}/{{ end }}</span>

+        </div>

+        <label class="shithub-upload-drop">

+          {{ octicon "upload" }}

+          <span>Choose files</span>

+          <input type="file" name="files" multiple required data-upload-input>

+        </label>

+        <ul class="shithub-upload-list" data-upload-list></ul>

+      </section>

+      {{ else if eq .Mode "delete" }}

+      <section class="shithub-editor-panel shithub-editor-danger">

+        <div class="shithub-editor-panel-head">

+          <h2>Delete this file</h2>

+          <span>{{ .Path }}</span>

+        </div>

+        <p>This commit removes <code>{{ .Path }}</code> from <code>{{ .RefDisplay }}</code>.</p>

+      </section>

+      {{ else }}

+      <label class="shithub-editor-path-row">

+        <span>Name your file...</span>

+        <input type="text" name="path" value="{{ .PathValue }}" autocomplete="off" spellcheck="false" data-editor-path>

+      </label>

+

+      <section class="shithub-editor-panel">

+        <div class="shithub-editor-tabs" role="tablist" aria-label="File editor tabs">

+          <button type="button" class="is-active" role="tab" aria-selected="true" data-editor-tab="edit">{{ octicon "code" }} Edit file</button>

+          <button type="button" role="tab" aria-selected="false" data-editor-tab="preview">{{ octicon "eye" }} Preview</button>

+        </div>

+        <div class="shithub-editor-pane" data-editor-pane="edit">

+          <div class="shithub-editor-textbox">

+            <pre class="shithub-editor-gutter" aria-hidden="true" data-editor-gutter>1</pre>

+            <textarea name="content" spellcheck="false" autocomplete="off" autocapitalize="off" data-editor-content>{{ .Content }}</textarea>

+          </div>

+        </div>

+        <div class="shithub-editor-pane shithub-editor-preview" data-editor-pane="preview" hidden>

+          <div class="markdown-body shithub-editor-preview-body" data-editor-preview data-preview-url="{{ .PreviewURL }}" data-preview-ref="{{ .Ref }}">

+            <p class="shithub-editor-preview-empty">Nothing to preview.</p>

+          </div>

+        </div>

+      </section>

+      {{ end }}

+

+      <section class="shithub-commit-box">

+        <h2>Commit changes</h2>

+        <label class="shithub-form-row">

+          <span>Commit message</span>

+          <input type="text" name="commit_message" value="{{ .Message }}" required>

+        </label>

+        <label class="shithub-form-row">

+          <span>Extended description</span>

+          <textarea name="commit_description" rows="4">{{ .Description }}</textarea>

+        </label>

+        <div class="shithub-commit-target">{{ octicon "git-commit" }} Commit directly to the <strong>{{ .RefDisplay }}</strong> branch.</div>

+        <div class="shithub-form-actions">

+          <a href="{{ .CancelURL }}" class="shithub-button" data-editor-cancel>Cancel</a>

+          <button type="submit" class="shithub-button{{ if eq .Mode "delete" }} shithub-button-danger{{ else }} shithub-button-primary{{ end }}">{{ .Primary }}</button>

+        </div>

+      </section>

+    </form>

+  </main>

+</section>

+

+<script>

+(function () {

+  const root = document.querySelector("[data-code-editor]");

+  if (!root) return;

+  const textarea = root.querySelector("[data-editor-content]");

+  const gutter = root.querySelector("[data-editor-gutter]");

+  const pathInput = root.querySelector("[data-editor-path]");

+  const preview = root.querySelector("[data-editor-preview]");

+  const uploadInput = root.querySelector("[data-upload-input]");

+  const uploadList = root.querySelector("[data-upload-list]");

+  let previewDirty = true;

+  let submitting = false;

+

+  function updateGutter() {

+    if (!textarea || !gutter) return;

+    const count = Math.max(1, textarea.value.split("\n").length);

+    let lines = "";

+    for (let i = 1; i <= count; i++) lines += i + "\n";

+    gutter.textContent = lines;

+  }

+

+  function dirty() {

+    if (!textarea) return false;

+    return textarea.value !== (textarea.dataset.original || "");

+  }

+

+  async function renderPreview() {

+    if (!textarea || !preview || !previewDirty) return;

+    const body = new URLSearchParams();

+    body.set("csrf_token", root.querySelector("input[name='csrf_token']").value);

+    body.set("content", textarea.value);

+    body.set("ref", preview.dataset.previewRef || "");

+    body.set("path", pathInput ? pathInput.value : "");

+    preview.innerHTML = "<p class=\"shithub-editor-preview-empty\">Rendering preview...</p>";

+    const res = await fetch(preview.dataset.previewUrl, {

+      method: "POST",

+      headers: { "Content-Type": "application/x-www-form-urlencoded", "X-Requested-With": "XMLHttpRequest" },

+      body: body.toString()

+    });

+    preview.innerHTML = res.ok ? await res.text() : "<p class=\"shithub-editor-preview-empty\">Preview failed.</p>";

+    previewDirty = false;

+  }

+

+  root.addEventListener("submit", function () { submitting = true; });

+  window.addEventListener("beforeunload", function (event) {

+    if (submitting || !dirty()) return;

+    event.preventDefault();

+    event.returnValue = "";

+  });

+

+  if (textarea) {

+    textarea.dataset.original = textarea.value;

+    updateGutter();

+    textarea.addEventListener("input", function () {

+      updateGutter();

+      previewDirty = true;

+    });

+    textarea.addEventListener("scroll", function () {

+      if (gutter) gutter.scrollTop = textarea.scrollTop;

+    });

+    textarea.addEventListener("keydown", function (event) {

+      if (event.key !== "Tab") return;

+      event.preventDefault();

+      const start = textarea.selectionStart;

+      const end = textarea.selectionEnd;

+      textarea.setRangeText("  ", start, end, "end");

+      updateGutter();

+      previewDirty = true;

+    });

+  }

+

+  root.querySelectorAll("[data-editor-tab]").forEach(function (button) {

+    button.addEventListener("click", function () {

+      const tab = button.dataset.editorTab;

+      root.querySelectorAll("[data-editor-tab]").forEach(function (b) {

+        const active = b === button;

+        b.classList.toggle("is-active", active);

+        b.setAttribute("aria-selected", active ? "true" : "false");

+      });

+      root.querySelectorAll("[data-editor-pane]").forEach(function (pane) {

+        pane.hidden = pane.dataset.editorPane !== tab;

+      });

+      if (tab === "preview") renderPreview();

+    });

+  });

+

+  if (pathInput) {

+    pathInput.addEventListener("input", function () { previewDirty = true; });

+  }

+

+  if (uploadInput && uploadList) {

+    uploadInput.addEventListener("change", function () {

+      uploadList.innerHTML = "";

+      Array.from(uploadInput.files || []).forEach(function (file) {

+        const item = document.createElement("li");

+        item.textContent = file.name + " · " + file.size + " bytes";

+        uploadList.appendChild(item);

+      });

+    });

+  }

+}());

+</script>

+{{- end }}

+{{ define "page" -}}

+<div class="markdown-body shithub-editor-preview-body">{{ .MarkdownHTML }}</div>

+{{- end }}

+            {{ if .CanWrite }}

+            <details class="shithub-add-file-dropdown">

+              <summary class="shithub-button">{{ octicon "plus" }} Add file {{ octicon "triangle-down" }}</summary>

+              <div class="shithub-add-file-panel" role="dialog" aria-label="Add file">

+                <a href="/{{ .Owner }}/{{ .Repo.Name }}/new/{{ .Ref }}/{{ .Path }}">{{ octicon "file" }} Create new file</a>

+                <a href="/{{ .Owner }}/{{ .Repo.Name }}/upload/{{ .Ref }}/{{ .Path }}">{{ octicon "upload" }} Upload files</a>

+              </div>

+            </details>

+            {{ end }}

+          <div class="shithub-readme-head-actions">

+            {{ if and .CanWrite .READMEPath }}

+            <a class="shithub-button shithub-button-icon" href="/{{ .Owner }}/{{ .Repo.Name }}/edit/{{ .Ref }}/{{ .READMEPath }}" title="Edit README" aria-label="Edit README">{{ octicon "pencil" }}</a>

+            {{ end }}

+        </div>