tenseleyflow/shithub / 6341769

+	// RepoNewMounter, when non-nil, registers /new on the CSRF-protected

+	// group. The handler enforces auth itself.

+	RepoNewMounter func(chi.Router)

+	// RepoHomeMounter, when non-nil, registers /{owner}/{repo} on the

+	// CSRF-protected group. Two-segment match doesn't collide with the

+	// /{username} catch-all.

+	RepoHomeMounter func(chi.Router)

+		if deps.RepoNewMounter != nil {

+			deps.RepoNewMounter(r)

+		}

+		if deps.RepoHomeMounter != nil {

+			deps.RepoHomeMounter(r)

+		}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package repo wires the HTTP handlers for repository creation and the

+// (placeholder) repo home page. The actual orchestration lives in

+// internal/repos; this package is the thin web layer that calls into it.

+package repo

+

+import (

+	"context"

+	"errors"

+	"log/slog"

+	"net/http"

+	"strings"

+

+	"github.com/go-chi/chi/v5"

+	"github.com/jackc/pgx/v5"

+	"github.com/jackc/pgx/v5/pgtype"

+	"github.com/jackc/pgx/v5/pgxpool"

+

+	"github.com/tenseleyFlow/shithub/internal/auth/audit"

+	"github.com/tenseleyFlow/shithub/internal/auth/throttle"

+	"github.com/tenseleyFlow/shithub/internal/infra/storage"

+	"github.com/tenseleyFlow/shithub/internal/repos"

+	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/repos/templates"

+	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+	"github.com/tenseleyFlow/shithub/internal/web/render"

+)

+

+// CloneURLs configures the operator-visible HTTPS / SSH endpoints we

+// surface on the empty-repo placeholder. SSHEnabled flips whether the

+// "Clone over SSH" snippet renders at all (S12 wires the protocol).

+type CloneURLs struct {

+	BaseURL    string // e.g. "https://shithub.example"

+	SSHEnabled bool

+	SSHHost    string // e.g. "git@shithub.example" — only used when SSHEnabled

+}

+

+// Deps wires the handler set.

+type Deps struct {

+	Logger    *slog.Logger

+	Render    *render.Renderer

+	Pool      *pgxpool.Pool

+	RepoFS    *storage.RepoFS

+	Audit     *audit.Recorder

+	Limiter   *throttle.Limiter

+	CloneURLs CloneURLs

+}

+

+// Handlers is the registered handler set. Construct via New.

+type Handlers struct {

+	d  Deps

+	rq *reposdb.Queries

+	uq *usersdb.Queries

+}

+

+// New constructs the handler set, validating Deps.

+func New(d Deps) (*Handlers, error) {

+	if d.Render == nil {

+		return nil, errors.New("repo: nil Render")

+	}

+	if d.Pool == nil {

+		return nil, errors.New("repo: nil Pool")

+	}

+	if d.RepoFS == nil {

+		return nil, errors.New("repo: nil RepoFS")

+	}

+	if d.Audit == nil {

+		d.Audit = audit.NewRecorder()

+	}

+	if d.Limiter == nil {

+		d.Limiter = throttle.NewLimiter()

+	}

+	return &Handlers{d: d, rq: reposdb.New(), uq: usersdb.New()}, nil

+}

+

+// MountNew registers /new (auth-required). Caller wraps with

+// middleware.RequireUser before invoking.

+func (h *Handlers) MountNew(r chi.Router) {

+	r.Get("/new", h.newRepoForm)

+	r.Post("/new", h.newRepoSubmit)

+}

+

+// MountRepoHome registers /{owner}/{repo}. This is a 2-segment route so

+// it doesn't collide with the /{username} catch-all from S09. Caller is

+// responsible for ordering: register this BEFORE /{username}.

+func (h *Handlers) MountRepoHome(r chi.Router) {

+	r.Get("/{owner}/{repo}", h.repoHome)

+}

+

+// newRepoForm renders GET /new.

+func (h *Handlers) newRepoForm(w http.ResponseWriter, r *http.Request) {

+	h.renderNewForm(w, r, formState{

+		Visibility: "public",

+	}, "")

+}

+

+// formState mirrors the new-repo form so a re-render after a validation

+// error can repopulate the user's input.

+type formState struct {

+	Name        string

+	Description string

+	Visibility  string

+	InitReadme  bool

+	License     string

+	Gitignore   string

+}

+

+// newRepoSubmit handles POST /new.

+func (h *Handlers) newRepoSubmit(w http.ResponseWriter, r *http.Request) {

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")

+		return

+	}

+	user := middleware.CurrentUserFromContext(r.Context())

+	form := formState{

+		Name:        repos.NormalizeName(r.PostFormValue("name")),

+		Description: strings.TrimSpace(r.PostFormValue("description")),

+		Visibility:  strings.TrimSpace(r.PostFormValue("visibility")),

+		InitReadme:  r.PostFormValue("init_readme") == "on",

+		License:     strings.TrimSpace(r.PostFormValue("license")),

+		Gitignore:   strings.TrimSpace(r.PostFormValue("gitignore")),

+	}

+	if form.Visibility == "" {

+		form.Visibility = "public"

+	}

+

+	res, err := repos.Create(r.Context(), repos.Deps{

+		Pool:    h.d.Pool,

+		RepoFS:  h.d.RepoFS,

+		Audit:   h.d.Audit,

+		Limiter: h.d.Limiter,

+		Logger:  h.d.Logger,

+	}, repos.Params{

+		OwnerUserID:   user.ID,

+		OwnerUsername: user.Username,

+		Name:          form.Name,

+		Description:   form.Description,

+		Visibility:    form.Visibility,

+		InitReadme:    form.InitReadme,

+		LicenseKey:    form.License,

+		GitignoreKey:  form.Gitignore,

+	})

+	if err != nil {

+		h.renderNewForm(w, r, form, friendlyCreateError(err))

+		return

+	}

+

+	http.Redirect(w, r, "/"+user.Username+"/"+res.Repo.Name, http.StatusSeeOther)

+}

+

+func (h *Handlers) renderNewForm(w http.ResponseWriter, r *http.Request, form formState, errMsg string) {

+	w.Header().Set("Content-Type", "text/html; charset=utf-8")

+	if err := h.d.Render.Render(w, "repo/new", map[string]any{

+		"Title":      "New repository",

+		"CSRFToken":  middleware.CSRFTokenForRequest(r),

+		"Form":       form,

+		"Error":      errMsg,

+		"Licenses":   templates.Licenses(),

+		"Gitignores": templates.Gitignores(),

+	}); err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "repo: render new", "error", err)

+	}

+}

+

+// repoHome serves GET /{owner}/{repo}. For S11 it renders the empty-

+// repo placeholder when the repo has zero commits; once tree views land

+// (S17) this path will fork between empty and code-listing.

+func (h *Handlers) repoHome(w http.ResponseWriter, r *http.Request) {

+	owner := chi.URLParam(r, "owner")

+	name := chi.URLParam(r, "repo")

+

+	row, err := h.lookupRepoForViewer(r.Context(), owner, name, middleware.CurrentUserFromContext(r.Context()).ID)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+

+	w.Header().Set("Content-Type", "text/html; charset=utf-8")

+	if err := h.d.Render.Render(w, "repo/empty", map[string]any{

+		"Title":         row.Name + " · " + owner,

+		"CSRFToken":     middleware.CSRFTokenForRequest(r),

+		"Owner":         owner,

+		"Repo":          row,

+		"DefaultBranch": row.DefaultBranch,

+		"HTTPSCloneURL": h.d.CloneURLs.BaseURL + "/" + owner + "/" + row.Name + ".git",

+		"SSHEnabled":    h.d.CloneURLs.SSHEnabled,

+		"SSHCloneURL":   h.d.CloneURLs.SSHHost + ":" + owner + "/" + row.Name + ".git",

+	}); err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "repo: render empty", "error", err)

+	}

+}

+

+// lookupRepoForViewer returns the repo row when:

+//   - it exists,

+//   - it is not soft-deleted,

+//   - AND the viewer is allowed to see it (public OR viewer is owner).

+//

+// Anything else returns ErrNoRows so the caller can 404 uniformly.

+func (h *Handlers) lookupRepoForViewer(ctx context.Context, ownerName, repoName string, viewerID int64) (reposdb.Repo, error) {

+	owner, err := h.uq.GetUserByUsername(ctx, h.d.Pool, ownerName)

+	if err != nil {

+		return reposdb.Repo{}, err

+	}

+	row, err := h.rq.GetRepoByOwnerUserAndName(ctx, h.d.Pool, reposdb.GetRepoByOwnerUserAndNameParams{

+		OwnerUserID: pgtype.Int8{Int64: owner.ID, Valid: true},

+		Name:        repoName,

+	})

+	if err != nil {

+		return reposdb.Repo{}, err

+	}

+	if row.Visibility == reposdb.RepoVisibilityPrivate && (viewerID == 0 || viewerID != owner.ID) {

+		return reposdb.Repo{}, pgx.ErrNoRows

+	}

+	return row, nil

+}

+

+// friendlyCreateError maps the typed errors from internal/repos to the

+// strings the form surfaces to the user.

+func friendlyCreateError(err error) string {

+	switch {

+	case errors.Is(err, repos.ErrInvalidName):

+		return "Name must be 1–100 chars: lowercase letters, digits, dots, hyphens, underscores."

+	case errors.Is(err, repos.ErrReservedName):

+		return "That name is reserved."

+	case errors.Is(err, repos.ErrTaken):

+		return "You already own a repository with that name."

+	case errors.Is(err, repos.ErrNoVerifiedEmail):

+		return "Verify a primary email before creating a repository — we use it for the initial commit author."

+	case errors.Is(err, repos.ErrDescriptionTooLong):

+		return "Description is too long (max 350 characters)."

+	case errors.Is(err, repos.ErrUnknownLicense):

+		return "Unknown license selection."

+	case errors.Is(err, repos.ErrUnknownGitignore):

+		return "Unknown .gitignore selection."

+	}

+	if t, ok := isThrottled(err); ok {

+		return "You're creating repositories too quickly. Try again in " + t + "."

+	}

+	return "Could not create the repository. Try again."

+}

+

+// isThrottled extracts the user-friendly retry-after string from the

+// throttle package's typed error, if that's what we caught.

+func isThrottled(err error) (string, bool) {

+	var t *throttle.ErrThrottled

+	if errors.As(err, &t) {

+		return t.RetryAfter.String(), true

+	}

+	return "", false

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package web

+

+import (

+	"errors"

+	"fmt"

+	"io/fs"

+	"log/slog"

+	"path/filepath"

+

+	"github.com/jackc/pgx/v5/pgxpool"

+

+	"github.com/tenseleyFlow/shithub/internal/auth/audit"

+	"github.com/tenseleyFlow/shithub/internal/auth/throttle"

+	"github.com/tenseleyFlow/shithub/internal/infra/config"

+	"github.com/tenseleyFlow/shithub/internal/infra/storage"

+	repoh "github.com/tenseleyFlow/shithub/internal/web/handlers/repo"

+	"github.com/tenseleyFlow/shithub/internal/web/render"

+)

+

+// buildRepoHandlers wires the repo-create + empty-home handlers. The

+// bare repos live at cfg.Storage.ReposRoot (must be set; we refuse to

+// boot the repo surface without it).

+func buildRepoHandlers(

+	cfg config.Config,

+	pool *pgxpool.Pool,

+	tmplFS fs.FS,

+	logger *slog.Logger,

+) (*repoh.Handlers, error) {

+	if cfg.Storage.ReposRoot == "" {

+		return nil, errors.New("repo: cfg.Storage.ReposRoot is empty")

+	}

+	root, err := filepath.Abs(cfg.Storage.ReposRoot)

+	if err != nil {

+		return nil, fmt.Errorf("repo: resolve repos_root: %w", err)

+	}

+	rfs, err := storage.NewRepoFS(root)

+	if err != nil {

+		return nil, fmt.Errorf("repo: NewRepoFS: %w", err)

+	}

+	rr, err := render.New(tmplFS, render.Options{Octicons: render.BuiltinOcticons()})

+	if err != nil {

+		return nil, fmt.Errorf("repo: render.New: %w", err)

+	}

+	return repoh.New(repoh.Deps{

+		Logger:  logger,

+		Render:  rr,

+		Pool:    pool,

+		RepoFS:  rfs,

+		Audit:   audit.NewRecorder(),

+		Limiter: throttle.NewLimiter(),

+		CloneURLs: repoh.CloneURLs{

+			BaseURL:    cfg.Auth.BaseURL,

+			SSHEnabled: false, // S12/S13 will flip this when SSH service ships.

+		},

+	})

+}

+

+		repoH, err := buildRepoHandlers(cfg, pool, deps.TemplatesFS, logger)

+		if err != nil {

+			return fmt.Errorf("repo handlers: %w", err)

+		}

+		// /new is wrapped in RequireUser — it requires a logged-in caller.

+		deps.RepoNewMounter = func(r chi.Router) {

+			r.Group(func(r chi.Router) {

+				r.Use(middleware.RequireUser)

+				repoH.MountNew(r)

+			})

+		}

+		deps.RepoHomeMounter = repoH.MountRepoHome