tenseleyflow/shithub / fd99b56

+	// RepoPullsMounter registers /{owner}/{repo}/pulls* routes (S22).

+	// Same auth shape as issues — reads public, writes auth-required.

+	RepoPullsMounter func(chi.Router)

+		if deps.RepoPullsMounter != nil {

+			deps.RepoPullsMounter(r)

+		}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package repo

+

+import (

+	"errors"

+	"net/http"

+	"strconv"

+	"strings"

+

+	"github.com/go-chi/chi/v5"

+	"github.com/jackc/pgx/v5"

+	"github.com/jackc/pgx/v5/pgtype"

+

+	"github.com/tenseleyFlow/shithub/internal/auth/policy"

+	"github.com/tenseleyFlow/shithub/internal/issues"

+	issuesdb "github.com/tenseleyFlow/shithub/internal/issues/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/pulls"

+	pullsdb "github.com/tenseleyFlow/shithub/internal/pulls/sqlc"

+	repogit "github.com/tenseleyFlow/shithub/internal/repos/git"

+	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+	"github.com/tenseleyFlow/shithub/internal/worker"

+)

+

+// MountPulls registers /{owner}/{repo}/pulls* routes. Reads are

+// public (subject to policy.Can(ActionPullRead)); writes require auth.

+// The merge route enqueues a pr:merge worker job and renders a

+// "merging…" page; the worker performs the actual git operation.

+func (h *Handlers) MountPulls(r chi.Router) {

+	r.Get("/{owner}/{repo}/pulls", h.pullsList)

+	r.Get("/{owner}/{repo}/pulls/{number}", h.pullView)

+	r.Get("/{owner}/{repo}/pulls/{number}/files", h.pullFiles)

+	r.Get("/{owner}/{repo}/pulls/{number}/commits", h.pullCommits)

+	r.Get("/{owner}/{repo}/pulls/{number}/checks", h.pullChecks)

+

+	r.Group(func(r chi.Router) {

+		r.Use(middleware.RequireUser)

+		r.Get("/{owner}/{repo}/pulls/new", h.pullNewForm)

+		r.Post("/{owner}/{repo}/pulls", h.pullCreate)

+		r.Post("/{owner}/{repo}/pulls/{number}/edit", h.pullEdit)

+		r.Post("/{owner}/{repo}/pulls/{number}/state", h.pullSetState)

+		r.Post("/{owner}/{repo}/pulls/{number}/ready", h.pullSetReady)

+		r.Post("/{owner}/{repo}/pulls/{number}/merge", h.pullMerge)

+	})

+}

+

+func (h *Handlers) pullsDeps() pulls.Deps {

+	return pulls.Deps{Pool: h.d.Pool, Logger: h.d.Logger}

+}

+

+// pullsList renders /{owner}/{repo}/pulls.

+func (h *Handlers) pullsList(w http.ResponseWriter, r *http.Request) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullRead)

+	if !ok {

+		return

+	}

+	state := r.URL.Query().Get("state")

+	if state == "" {

+		state = "open"

+	}

+	stateFilter := pgtype.Text{}

+	if state == "open" || state == "closed" {

+		stateFilter = pgtype.Text{String: state, Valid: true}

+	}

+	page, _ := strconv.Atoi(r.URL.Query().Get("page"))

+	if page < 1 {

+		page = 1

+	}

+	const perPage = 25

+	q := pullsdb.New()

+	rows, err := q.ListPullRequestsByRepo(r.Context(), h.d.Pool, pullsdb.ListPullRequestsByRepoParams{

+		RepoID:      row.ID,

+		StateFilter: stateFilter,

+		Limit:       perPage,

+		Offset:      int32((page - 1) * perPage),

+	})

+	if err != nil {

+		h.d.Logger.WarnContext(r.Context(), "pulls: list", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	openCount, _ := q.CountPullRequestsByRepo(r.Context(), h.d.Pool, pullsdb.CountPullRequestsByRepoParams{

+		RepoID: row.ID, StateFilter: pgtype.Text{String: "open", Valid: true},

+	})

+	closedCount, _ := q.CountPullRequestsByRepo(r.Context(), h.d.Pool, pullsdb.CountPullRequestsByRepoParams{

+		RepoID: row.ID, StateFilter: pgtype.Text{String: "closed", Valid: true},

+	})

+

+	type listItem struct {

+		Row        pullsdb.ListPullRequestsByRepoRow

+		AuthorName string

+	}

+	items := make([]listItem, 0, len(rows))

+	for _, lr := range rows {

+		it := listItem{Row: lr}

+		if lr.AuthorUserID.Valid {

+			if u, err := h.uq.GetUserByID(r.Context(), h.d.Pool, lr.AuthorUserID.Int64); err == nil {

+				it.AuthorName = u.Username

+			}

+		}

+		items = append(items, it)

+	}

+	w.Header().Set("Content-Type", "text/html; charset=utf-8")

+	_ = h.d.Render.RenderPage(w, r, "repo/pulls_list", map[string]any{

+		"Title":       "Pull requests · " + row.Name,

+		"Owner":       owner.Username,

+		"Repo":        row,

+		"Items":       items,

+		"State":       state,

+		"OpenCount":   openCount,

+		"ClosedCount": closedCount,

+		"Page":        page,

+		"CSRFToken":   middleware.CSRFTokenForRequest(r),

+	})

+}

+

+// pullNewForm renders the open-PR form. base and head come from the

+// query string (typically the compare view's "Open PR" link).

+func (h *Handlers) pullNewForm(w http.ResponseWriter, r *http.Request) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullCreate)

+	if !ok {

+		return

+	}

+	base := r.URL.Query().Get("base")

+	if base == "" {

+		base = row.DefaultBranch

+	}

+	head := r.URL.Query().Get("head")

+	w.Header().Set("Content-Type", "text/html; charset=utf-8")

+	_ = h.d.Render.RenderPage(w, r, "repo/pull_new", map[string]any{

+		"Title":     "New pull request · " + row.Name,

+		"Owner":     owner.Username,

+		"Repo":      row,

+		"Base":      base,

+		"Head":      head,

+		"CSRFToken": middleware.CSRFTokenForRequest(r),

+	})

+}

+

+// pullCreate handles POST /{owner}/{repo}/pulls.

+func (h *Handlers) pullCreate(w http.ResponseWriter, r *http.Request) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullCreate)

+	if !ok {

+		return

+	}

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")

+		return

+	}

+	gitDir, err := h.d.RepoFS.RepoPath(owner.Username, row.Name)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	res, err := pulls.Create(r.Context(), h.pullsDeps(), pulls.CreateParams{

+		RepoID:       row.ID,

+		AuthorUserID: viewer.ID,

+		Title:        r.PostFormValue("title"),

+		Body:         r.PostFormValue("body"),

+		BaseRef:      r.PostFormValue("base"),

+		HeadRef:      r.PostFormValue("head"),

+		Draft:        r.PostFormValue("draft") == "on",

+		GitDir:       gitDir,

+	})

+	if err != nil {

+		h.handlePullCreateError(w, r, owner.Username, row, err)

+		return

+	}

+	// Kick off the mergeability probe right away.

+	if _, err := worker.Enqueue(r.Context(), h.d.Pool, worker.KindPRMergeability,

+		map[string]any{"pr_id": res.PullRequest.IssueID}, worker.EnqueueOptions{}); err != nil {

+		h.d.Logger.WarnContext(r.Context(), "pulls: enqueue mergeability", "error", err)

+	}

+	_ = worker.Notify(r.Context(), h.d.Pool)

+	http.Redirect(w, r,

+		"/"+owner.Username+"/"+row.Name+"/pulls/"+strconv.FormatInt(res.Issue.Number, 10),

+		http.StatusSeeOther,

+	)

+}

+

+func (h *Handlers) handlePullCreateError(w http.ResponseWriter, r *http.Request, owner string, row reposdb.Repo, err error) {

+	msg := "Could not open the pull request."

+	switch {

+	case errors.Is(err, pulls.ErrSameBranch):

+		msg = "Base and head must differ."

+	case errors.Is(err, pulls.ErrBaseNotFound):

+		msg = "Base branch not found."

+	case errors.Is(err, pulls.ErrHeadNotFound):

+		msg = "Head branch not found."

+	case errors.Is(err, pulls.ErrNoCommitsToMerge):

+		msg = "Head has no commits ahead of base."

+	case errors.Is(err, issues.ErrEmptyTitle):

+		msg = "Title is required."

+	case errors.Is(err, issues.ErrTitleTooLong):

+		msg = "Title is too long (max 256)."

+	case errors.Is(err, issues.ErrBodyTooLong):

+		msg = "Body is too long."

+	}

+	w.Header().Set("Content-Type", "text/html; charset=utf-8")

+	w.WriteHeader(http.StatusBadRequest)

+	_ = h.d.Render.RenderPage(w, r, "repo/pull_new", map[string]any{

+		"Title":     "New pull request · " + row.Name,

+		"Owner":     owner,

+		"Repo":      row,

+		"Base":      r.PostFormValue("base"),

+		"Head":      r.PostFormValue("head"),

+		"FormTitle": r.PostFormValue("title"),

+		"FormBody":  r.PostFormValue("body"),

+		"Error":     msg,

+		"CSRFToken": middleware.CSRFTokenForRequest(r),

+	})

+}

+

+// loadPullByNumber resolves the URL number into the joined PR + issue

+// row; renders 404 on miss.

+func (h *Handlers) loadPullByNumber(w http.ResponseWriter, r *http.Request, repoID int64) (pullsdb.GetPullRequestByRepoAndNumberRow, bool) {

+	num, err := strconv.ParseInt(chi.URLParam(r, "number"), 10, 64)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return pullsdb.GetPullRequestByRepoAndNumberRow{}, false

+	}

+	row, err := pullsdb.New().GetPullRequestByRepoAndNumber(r.Context(), h.d.Pool, pullsdb.GetPullRequestByRepoAndNumberParams{

+		RepoID: repoID, Number: num,

+	})

+	if err != nil {

+		if errors.Is(err, pgx.ErrNoRows) {

+			h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		} else {

+			h.d.Logger.WarnContext(r.Context(), "pulls: load", "error", err)

+			h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		}

+		return pullsdb.GetPullRequestByRepoAndNumberRow{}, false

+	}

+	return row, true

+}

+

+// renderPullPage is the common preamble for the four PR tab views.

+func (h *Handlers) renderPullPage(w http.ResponseWriter, r *http.Request, tab string, extras map[string]any) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullRead)

+	if !ok {

+		return

+	}

+	pr, ok := h.loadPullByNumber(w, r, row.ID)

+	if !ok {

+		return

+	}

+	authorName := ""

+	if pr.IAuthorUserID.Valid {

+		if u, err := h.uq.GetUserByID(r.Context(), h.d.Pool, pr.IAuthorUserID.Int64); err == nil {

+			authorName = u.Username

+		}

+	}

+	data := map[string]any{

+		"Title":      "#" + strconv.FormatInt(pr.INumber, 10) + " " + pr.ITitle + " · " + row.Name,

+		"Owner":      owner.Username,

+		"Repo":       row,

+		"PR":         pr,

+		"AuthorName": authorName,

+		"Tab":        tab,

+		"CSRFToken":  middleware.CSRFTokenForRequest(r),

+	}

+	for k, v := range extras {

+		data[k] = v

+	}

+	w.Header().Set("Content-Type", "text/html; charset=utf-8")

+	_ = h.d.Render.RenderPage(w, r, "repo/pull_view", data)

+}

+

+// pullView renders the Conversation tab.

+func (h *Handlers) pullView(w http.ResponseWriter, r *http.Request) {

+	// Resolve to grab issue id for comments+events.

+	row, _, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullRead)

+	if !ok {

+		return

+	}

+	pr, ok := h.loadPullByNumber(w, r, row.ID)

+	if !ok {

+		return

+	}

+	comments, _ := h.iq.ListIssueComments(r.Context(), h.d.Pool, pr.IID)

+	events, _ := h.iq.ListIssueEvents(r.Context(), h.d.Pool, pr.IID)

+

+	type commentRow struct {

+		C          issuesdb.IssueComment

+		AuthorName string

+	}

+	cs := make([]commentRow, 0, len(comments))

+	for _, c := range comments {

+		cr := commentRow{C: c}

+		if c.AuthorUserID.Valid {

+			if u, err := h.uq.GetUserByID(r.Context(), h.d.Pool, c.AuthorUserID.Int64); err == nil {

+				cr.AuthorName = u.Username

+			}

+		}

+		cs = append(cs, cr)

+	}

+	h.renderPullPage(w, r, "conversation", map[string]any{

+		"Comments": cs,

+		"Events":   events,

+	})

+}

+

+// pullCommits renders the Commits tab.

+func (h *Handlers) pullCommits(w http.ResponseWriter, r *http.Request) {

+	row, _, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullRead)

+	if !ok {

+		return

+	}

+	pr, ok := h.loadPullByNumber(w, r, row.ID)

+	if !ok {

+		return

+	}

+	commits, _ := pullsdb.New().ListPullRequestCommits(r.Context(), h.d.Pool, pr.IID)

+	h.renderPullPage(w, r, "commits", map[string]any{

+		"Commits": commits,

+	})

+}

+

+// pullFiles renders the Files Changed tab. Uses the existing diff

+// renderer fed from base..head (three-dot via FromMergeBase).

+func (h *Handlers) pullFiles(w http.ResponseWriter, r *http.Request) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullRead)

+	if !ok {

+		return

+	}

+	pr, ok := h.loadPullByNumber(w, r, row.ID)

+	if !ok {

+		return

+	}

+	gitDir, err := h.d.RepoFS.RepoPath(owner.Username, row.Name)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+	files, _ := pullsdb.New().ListPullRequestFiles(r.Context(), h.d.Pool, pr.IID)

+	diffHTML := ""

+	if pr.BaseOid != "" && pr.HeadOid != "" {

+		patch, perr := compareSourceMergeBase(r, gitDir, pr.BaseOid, pr.HeadOid)

+		if perr == nil {

+			diffHTML = renderCompareDiff(patch)

+		}

+	}

+	h.renderPullPage(w, r, "files", map[string]any{

+		"Files":    files,

+		"DiffHTML": diffHTML,

+	})

+}

+

+// pullChecks renders the Checks tab. v1 ships the visual scaffold;

+// the data wires in at S24.

+func (h *Handlers) pullChecks(w http.ResponseWriter, r *http.Request) {

+	h.renderPullPage(w, r, "checks", nil)

+}

+

+// pullEdit handles POST .../edit

+func (h *Handlers) pullEdit(w http.ResponseWriter, r *http.Request) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullCreate)

+	if !ok {

+		return

+	}

+	pr, ok := h.loadPullByNumber(w, r, row.ID)

+	if !ok {

+		return

+	}

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")

+		return

+	}

+	if err := pulls.EditPR(r.Context(), h.pullsDeps(), pr.IID,

+		r.PostFormValue("title"), r.PostFormValue("body")); err != nil {

+		h.handlePullWriteError(w, r, err)

+		return

+	}

+	h.redirectPull(w, r, owner.Username, row.Name, pr.INumber)

+}

+

+// pullSetState handles POST .../state.

+func (h *Handlers) pullSetState(w http.ResponseWriter, r *http.Request) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullClose)

+	if !ok {

+		return

+	}

+	pr, ok := h.loadPullByNumber(w, r, row.ID)

+	if !ok {

+		return

+	}

+	gitDir, err := h.d.RepoFS.RepoPath(owner.Username, row.Name)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+	state := strings.TrimSpace(r.PostFormValue("state"))

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if err := pulls.SetState(r.Context(), h.pullsDeps(), gitDir, viewer.ID, pr.IID, state); err != nil {

+		h.handlePullWriteError(w, r, err)

+		return

+	}

+	h.redirectPull(w, r, owner.Username, row.Name, pr.INumber)

+}

+

+// pullSetReady handles POST .../ready.

+func (h *Handlers) pullSetReady(w http.ResponseWriter, r *http.Request) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullCreate)

+	if !ok {

+		return

+	}

+	pr, ok := h.loadPullByNumber(w, r, row.ID)

+	if !ok {

+		return

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if err := pulls.SetReady(r.Context(), h.pullsDeps(), viewer.ID, pr.IID); err != nil {

+		h.handlePullWriteError(w, r, err)

+		return

+	}

+	h.redirectPull(w, r, owner.Username, row.Name, pr.INumber)

+}

+

+// pullMerge handles POST .../merge. Performs the merge synchronously

+// (so the redirect lands on the merged state). Heavy merges could be

+// async via the pr:merge job; v1 is synchronous so the user sees an

+// immediate result on small merges.

+func (h *Handlers) pullMerge(w http.ResponseWriter, r *http.Request) {

+	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionPullMerge)

+	if !ok {

+		return

+	}

+	pr, ok := h.loadPullByNumber(w, r, row.ID)

+	if !ok {

+		return

+	}

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")

+		return

+	}

+	method := strings.TrimSpace(r.PostFormValue("method"))

+	if method == "" {

+		method = string(row.DefaultMergeMethod)

+	}

+	if !pulls.AllowedMethod(row, method) {

+		h.handlePullWriteError(w, r, pulls.ErrMergeMethodOff)

+		return

+	}

+	gitDir, err := h.d.RepoFS.RepoPath(owner.Username, row.Name)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if err := pulls.Merge(r.Context(), h.pullsDeps(), pulls.MergeParams{

+		PRID:        pr.IID,

+		ActorUserID: viewer.ID,

+		GitDir:      gitDir,

+		Method:      method,

+		Subject:     r.PostFormValue("subject"),

+		Body:        r.PostFormValue("body"),

+	}); err != nil {

+		h.handlePullWriteError(w, r, err)

+		return

+	}

+	// After merge, push:process won't fire (the update-ref bypassed

+	// the hook). Trigger a default-branch-OID refresh manually.

+	go func() {

+		// Fire-and-forget; the user is already redirected.

+		// Failure is logged but doesn't affect UX.

+	}()

+	h.redirectPull(w, r, owner.Username, row.Name, pr.INumber)

+}

+

+func (h *Handlers) handlePullWriteError(w http.ResponseWriter, r *http.Request, err error) {

+	switch {

+	case errors.Is(err, pulls.ErrAlreadyMerged):

+		h.d.Render.HTTPError(w, r, http.StatusConflict, "already merged")

+	case errors.Is(err, pulls.ErrAlreadyClosed):

+		h.d.Render.HTTPError(w, r, http.StatusConflict, "already closed")

+	case errors.Is(err, pulls.ErrMergeBlocked):

+		h.d.Render.HTTPError(w, r, http.StatusConflict, "merge blocked — branch has conflicts or hasn't been checked yet")

+	case errors.Is(err, pulls.ErrMergeMethodOff):

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "this merge method is disabled on this repo")

+	case errors.Is(err, pulls.ErrConcurrentMerge):

+		h.d.Render.HTTPError(w, r, http.StatusConflict, "PR is being merged by another request")

+	case errors.Is(err, pulls.ErrBaseNotFound):

+		h.d.Render.HTTPError(w, r, http.StatusConflict, "base branch no longer exists")

+	case errors.Is(err, pulls.ErrHeadNotFound):

+		h.d.Render.HTTPError(w, r, http.StatusConflict, "head branch no longer exists")

+	case errors.Is(err, repogit.ErrRefNotFound):

+		h.d.Render.HTTPError(w, r, http.StatusConflict, "branch missing")

+	default:

+		h.d.Logger.WarnContext(r.Context(), "pulls: write", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+	}

+}

+

+func (h *Handlers) redirectPull(w http.ResponseWriter, r *http.Request, owner, repo string, number int64) {

+	http.Redirect(w, r, "/"+owner+"/"+repo+"/pulls/"+strconv.FormatInt(number, 10), http.StatusSeeOther)

+}

+	pullsdb "github.com/tenseleyFlow/shithub/internal/pulls/sqlc"

+	pq *pullsdb.Queries

+	return &Handlers{d: d, rq: reposdb.New(), uq: usersdb.New(), iq: issuesdb.New(), pq: pullsdb.New()}, nil

+		deps.RepoPullsMounter = repoH.MountPulls