tenseleyflow/shithub / 7825298

+// ownerNameRE is the whitelist for owner names: lowercase ASCII letters,

+// digits, and hyphens; cannot start or end with a hyphen; length 1..39

+// (matches GitHub's username constraint).

+var ownerNameRE = regexp.MustCompile(`^[a-z0-9](?:[a-z0-9-]{0,37}[a-z0-9])?$`)

+// repoNameRE is the whitelist for repository names: lowercase ASCII

+// letters, digits, hyphens, dots, and underscores. Can't start or end

+// with a separator. Length 1..100 (matches GitHub).

+var repoNameRE = regexp.MustCompile(`^[a-z0-9](?:[a-z0-9._-]{0,98}[a-z0-9_])?$`)

+

+// validateName enforces the per-kind whitelist. Returns ErrInvalidPath

+// wrapped with a precise reason on failure.

+	maxLen, re, alphabet := 39, ownerNameRE, "[a-z0-9-]"

+	if kind == "repo" {

+		maxLen, re, alphabet = 100, repoNameRE, "[a-z0-9._-]"

+	}

+	if len(name) > maxLen {

+		return fmt.Errorf("%w: %s %q too long (max %d)", ErrInvalidPath, kind, name, maxLen)

+	if !re.MatchString(name) {

+		return fmt.Errorf("%w: %s %q fails whitelist %s", ErrInvalidPath, kind, name, alphabet)

+func TestRepoPath_AcceptsRepoExtraChars(t *testing.T) {

+	t.Parallel()

+	r, _ := mustNewRepoFS(t)

+	for _, name := range []string{"name.with.dots", "name_under", "rust-by-example", "a1.b2_c3"} {

+		if _, err := r.RepoPath("alice", name); err != nil {

+			t.Errorf("RepoPath %q: %v", name, err)

+		}

+	}

+}

+

+		{"alice", strings.Repeat("b", 101), "repo too long"},

+		{"alice", "al!ice", "repo punctuation"},

+		{"al!ice", "name", "owner punctuation"},

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package repos owns repository creation, validation, and identity. It

+// sits above sqlc-generated reposdb queries and orchestrates the

+// DB + filesystem dance that produces a usable bare repo. The git

+// plumbing helpers used to build the optional initial commit live in

+// internal/repos/git.

+package repos

+

+import "errors"

+

+// User-facing errors. Handlers map these to friendly UI strings; lower

+// layers wrap them with %w so handlers can errors.Is for routing.

+var (

+	// ErrInvalidName is returned when the requested repo name fails the

+	// shape whitelist (length, characters, edges, dot-dot, etc.).

+	ErrInvalidName = errors.New("repos: invalid name")

+

+	// ErrReservedName is returned when the name is on the reserved list.

+	// Distinguished from ErrInvalidName so the UI can say "reserved" vs

+	// "format" — they're different fixes for the user.

+	ErrReservedName = errors.New("repos: reserved name")

+

+	// ErrTaken is returned when an active repo (deleted_at IS NULL)

+	// already exists for this owner with the same name. Surfaces as

+	// either the explicit pre-check OR the unique-constraint error.

+	ErrTaken = errors.New("repos: name taken for owner")

+

+	// ErrNoVerifiedEmail is returned when the user has no verified

+	// primary email. We refuse rather than fabricate an author identity.

+	ErrNoVerifiedEmail = errors.New("repos: no verified primary email")

+

+	// ErrUnknownLicense / ErrUnknownGitignore — picker chose a key not

+	// in our curated set.

+	ErrUnknownLicense   = errors.New("repos: unknown license key")

+	ErrUnknownGitignore = errors.New("repos: unknown gitignore key")

+

+	// ErrDescriptionTooLong mirrors the DB CHECK on description (≤350).

+	ErrDescriptionTooLong = errors.New("repos: description too long")

+)

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package repos

+

+import (

+	"fmt"

+	"regexp"

+	"strings"

+	"unicode/utf8"

+)

+

+// MaxNameLen / MaxDescriptionLen mirror the DB CHECK constraints in

+// migration 0017. Validate before insert so we surface a friendly error

+// rather than a 500 from the constraint.

+const (

+	MaxNameLen        = 100

+	MaxDescriptionLen = 350

+)

+

+// nameRE matches the name shape we accept: lowercase letters, digits,

+// dots, hyphens, underscores. Edges can't be a separator. Length is

+// bounded separately to give a more specific error message.

+var nameRE = regexp.MustCompile(`^[a-z0-9](?:[a-z0-9._-]{0,98}[a-z0-9_])?$`)

+

+// reservedRepoNames is the set of names a repo may NOT take. Most are

+// special filenames git itself uses (or that would break our routing).

+// The list is kept short on purpose; it's all-lowercase because we

+// always lowercase the name before comparing.

+var reservedRepoNames = map[string]struct{}{

+	".git":         {},

+	".gitignore":   {},

+	".gitmodules":  {},

+	".gitattributes": {},

+	".well-known":  {},

+	".github":      {},

+	"head":         {},

+	"refs":         {},

+	"objects":      {},

+	"info":         {},

+	"hooks":        {},

+	"branches":     {},

+}

+

+// IsReservedRepoName reports whether name (case-insensitive) is on the

+// reserved list. Callers MUST also reject leading dots and the empty

+// string via ValidateName.

+func IsReservedRepoName(name string) bool {

+	_, ok := reservedRepoNames[strings.ToLower(name)]

+	return ok

+}

+

+// NormalizeName lowercases and trims. Repos are case-preserved in the

+// DB (citext does case-insensitive uniqueness), but disk paths are

+// lowercased. We lowercase up-front so the same string drives both.

+func NormalizeName(name string) string {

+	return strings.ToLower(strings.TrimSpace(name))

+}

+

+// ValidateName enforces the shape whitelist. Returns ErrInvalidName /

+// ErrReservedName wrapped with a precise reason on failure.

+//

+// Caller is expected to have lowercased the name first; uppercase input

+// is rejected as a defensive check in case a future caller forgets.

+func ValidateName(name string) error {

+	if name == "" {

+		return fmt.Errorf("%w: empty", ErrInvalidName)

+	}

+	if utf8.RuneCountInString(name) > MaxNameLen {

+		return fmt.Errorf("%w: too long (max %d)", ErrInvalidName, MaxNameLen)

+	}

+	if name != strings.ToLower(name) {

+		return fmt.Errorf("%w: must be lowercase", ErrInvalidName)

+	}

+	if strings.Contains(name, "..") {

+		return fmt.Errorf("%w: contains dot-dot", ErrInvalidName)

+	}

+	if strings.HasPrefix(name, ".") {

+		return fmt.Errorf("%w: starts with dot", ErrInvalidName)

+	}

+	if strings.HasSuffix(name, ".") || strings.HasSuffix(name, "-") {

+		return fmt.Errorf("%w: ends with separator", ErrInvalidName)

+	}

+	if !nameRE.MatchString(name) {

+		return fmt.Errorf("%w: must match [a-z0-9._-] with non-separator edges", ErrInvalidName)

+	}

+	if IsReservedRepoName(name) {

+		return fmt.Errorf("%w: %q", ErrReservedName, name)

+	}

+	return nil

+}

+

+// ValidateDescription enforces the DB CHECK length cap.

+func ValidateDescription(desc string) error {

+	if utf8.RuneCountInString(desc) > MaxDescriptionLen {

+		return fmt.Errorf("%w: max %d characters", ErrDescriptionTooLong, MaxDescriptionLen)

+	}

+	return nil

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package repos_test

+

+import (

+	"errors"

+	"strings"

+	"testing"

+

+	"github.com/tenseleyFlow/shithub/internal/repos"

+)

+

+func TestValidateName_Accepts(t *testing.T) {

+	t.Parallel()

+	for _, name := range []string{

+		"a", "abc", "rust-by-example", "name.with.dots", "name_under",

+		"a1.b2-c3_d4", "letter9", strings.Repeat("a", 100),

+	} {

+		if err := repos.ValidateName(name); err != nil {

+			t.Errorf("ValidateName(%q): %v", name, err)

+		}

+	}

+}

+

+func TestValidateName_Rejects(t *testing.T) {

+	t.Parallel()

+	cases := []struct {

+		name string

+		want error

+		why  string

+	}{

+		{"", repos.ErrInvalidName, "empty"},

+		{strings.Repeat("a", 101), repos.ErrInvalidName, "too long"},

+		{"UPPER", repos.ErrInvalidName, "uppercase"},

+		{".dotfile", repos.ErrInvalidName, "leading dot"},

+		{"-dash", repos.ErrInvalidName, "leading dash"},

+		{"trailing-", repos.ErrInvalidName, "trailing dash"},

+		{"trailing.", repos.ErrInvalidName, "trailing dot"},

+		{"two..dots", repos.ErrInvalidName, "dot-dot"},

+		{"a@b", repos.ErrInvalidName, "punctuation"},

+		{"with space", repos.ErrInvalidName, "space"},

+		{"café", repos.ErrInvalidName, "non-ASCII"},

+		{".git", repos.ErrInvalidName, "leading dot beats reserved"},

+		{"head", repos.ErrReservedName, "reserved (head)"},

+		{"refs", repos.ErrReservedName, "reserved (refs)"},

+		{"objects", repos.ErrReservedName, "reserved (objects)"},

+		{"hooks", repos.ErrReservedName, "reserved (hooks)"},

+	}

+	for _, c := range cases {

+		err := repos.ValidateName(c.name)

+		if err == nil {

+			t.Errorf("%s: expected error", c.why)

+			continue

+		}

+		if !errors.Is(err, c.want) {

+			t.Errorf("%s: err = %v, want sentinel %v", c.why, err, c.want)

+		}

+	}

+}

+

+func TestValidateDescription(t *testing.T) {

+	t.Parallel()

+	if err := repos.ValidateDescription(""); err != nil {

+		t.Errorf("empty desc: %v", err)

+	}

+	if err := repos.ValidateDescription(strings.Repeat("a", 350)); err != nil {

+		t.Errorf("at-cap desc: %v", err)

+	}

+	if err := repos.ValidateDescription(strings.Repeat("a", 351)); err == nil {

+		t.Errorf("over-cap desc should error")

+	}

+}