Commit Graph

161 Commits

Author SHA1 Message Date
Drew DeVault bd40a71a93 auth: add auth.IPAddress
With support for X-Forwarded-For
2024-02-18 12:43:38 +01:00
Simon Ser 88dff0eae2 auth/middleware: set WWW-Authenticate header field
See RFC 6750 section 3.
2024-02-13 10:40:52 +01:00
Simon Ser 942e19c351 s3: add Enabled 2024-02-02 12:08:06 +01:00
Simon Ser 864816cfbc client: rename Execute to Do
583d0b1bcb ("client/graphql: handle GraphQL errors") changed
Execute behavior by wrapping the result into a struct with "data"
and "errors" fields. This is a breaking change, but it's hard to
spot when upgrading core-go because it won't cause a compilation
error.

Rename Execute to Do to break the build and force callers to update
accordingly.
2024-01-24 11:50:42 +01:00
Simon Ser 23808bb099 auth: add RequireMiddleware
Same as Middleware, but requires auth for all requests. Will be
useful to drop hacks from pages.sr.ht.
2024-01-24 11:12:17 +01:00
Simon Ser d99f0983a0 s3: add [objects]s3-insecure
Disables TLS. Useful for local development.
2024-01-24 10:53:31 +01:00
Simon Ser e81358e299 s3: add NewClient and URL
Centralizes the logic to create an S3 client and get the base URL.
2024-01-24 10:53:26 +01:00
Simon Ser 1063e5b6ec email: make PGP private key optional
Services other than meta.sr.ht don't really have a use for the
private PGP key.

Add a CanPGPSign method so that meta.sr.ht can emit a warning or
error when the PGP key is missing.
2024-01-24 10:45:40 +01:00
Simon Ser 583d0b1bcb client/graphql: handle GraphQL errors
Instead of leaving it up to the caller to check for GraphQL errors,
centralize in core-go.
2024-01-24 10:40:29 +01:00
Simon Ser a88277c1bc email: improve mail.ParseAddress error message 2024-01-18 17:19:58 +01:00
Simon Ser 453dcaefd6 server/directives: disambiguate AnonInternal error message
AUTH_INTERNAL won't work with AnonInternal.
2024-01-09 11:49:19 +01:00
Simon Ser 53966da2d8 Drop gqlparser v1 dependency
Only use v2 throughout the repository.
2023-12-07 14:14:28 +01:00
Conrad Hoffmann 2e7ac4ecfd Update and simplify build manifest
Alpine 3.14 uses Go 1.16, but go.mod says 1.17. Also, no external
repository should be required for core-go.
2023-12-04 21:27:31 +01:00
Conrad Hoffmann cd87849358 webhooks: skip webhooks with expired credentials
The documentation states [1]:

> When the original authentication method becomes invalid (such as the
> expiration of or revocation of an OAuth 2.0 bearer token), the
> webhook is disabled.

However, this is currently not the case. Expired webhooks are indeed
filtered out in virtually all GraphQL queries (by means of core-go's
FilterWebhooks [2]), so users cannot see or delete them. They are _not_
filtered out upon scheduling, however. This commit fixes that.

The symptoms of this are that active webhooks may simply not be run - if
a user has both an expired and a valid, active webhook for some event,
the scheduling will retrieve both, fail on the expired one, and stop
processing, without any feedback to the user who scheduled the hooks.

This is a problem across all services, so core-go seems like the best
place to fix this.

[1]: https://man.sr.ht/graphql.md#webhook-authentication
[2]: https://git.sr.ht/~sircmpwn/core-go/tree/master/item/webhooks/config.go#L74,81
2023-12-04 21:14:55 +01:00
Simon Ser d2ad494f23 Migrate to chi v5
v1 is not maintained anymore.
2023-11-30 11:31:36 +01:00
Simon Ser 3902e4bd25 database: don't panic on context.DeadlineExceeded
Checking context.Cancelled is not enough, I also see the same issue
with context.DeadlineExceeded:

    panic: Transaction error: driver: bad connection
    Closure error: context deadline exceeded

    goroutine 66664 [running]:
    git.sr.ht/~sircmpwn/core-go/database.WithTx({0x5578e1847a58, 0xc0002c44e0}, 0x50?, 0xc000285f38)
            git.sr.ht/~sircmpwn/core-go@v0.0.0-20231129165057-e7b8e02696a1/database/middleware.go:74 +0x2ce
    git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders.fetchUsersByID.func1({0xc0002cf190, 0x1, 0x1})
            git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders/middleware.go:34 +0x118
    git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders.(*usersByIDLoaderBatch).end(...)
            git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders/usersbyidloader_gen.go:222
    git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders.(*usersByIDLoaderBatch).startTimer(0xc00044a360, 0xc00042d380)
            git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders/usersbyidloader_gen.go:218 +0xe7
    created by git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders.(*usersByIDLoaderBatch).keyIndex
            git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders/usersbyidloader_gen.go:191 +0x119
2023-11-30 11:31:27 +01:00
Conrad Hoffmann 86ad9b5a00 server/email: use go-message for address parsing
No need to additionally depend on net/mail
2023-11-30 11:28:12 +01:00
Simon Ser e7b8e02696 database: print both errors in WithTx
Make it easier to debug panics by printing both errors instead of
sending one of them to /dev/null.
2023-11-29 17:50:57 +01:00
Simon Ser 7f5f70710c database/middleware: fix error value used in panic
We were checking txErr, but panic'ing with err.

Fixes: a06a624789 ("database: don't panic with ErrBadConn")
2023-10-24 12:18:34 +02:00
Simon Ser cfae7baecb Upgrade dependencies 2023-10-04 15:46:32 +02:00
Simon Ser 72c2f060eb database: specify field name for graphql.CollectedField
Newer versions of the graphql package add new fields to this struct.
This results in errors:

    database/ql.go:40:4: too few values in struct literal of type graphql.CollectedField
    database/ql.go:71:4: too few values in struct literal of type graphql.CollectedField
2023-10-04 15:46:31 +02:00
наб bf4fe19c01 email: EnqueueStd: set Content-Type with charset=UTF-8 instead of just text/plain
Mails are now
	--11d2cbf164a9ae0dfbb310faf818762607dcfd20aa74e07c7be0eec1458d
	Mime-Version: 1.0
	Content-Transfer-Encoding: quoted-printable
	Content-Type: text/plain; charset=UTF-8

	=D1=82=D1=80=D1=83=D0=BF=D0=B08

	--=20
	View on the web: http://192.168.1.101:5003/~nab2/trupa/8
	--11d2cbf164a9ae0dfbb310faf818762607dcfd20aa74e07c7be0eec1458d
	Content-Type: application/pgp-signature

	-----BEGIN PGP MESSAGE-----

	wnUEARYIACcFAmUavj0JkKdioLsBS5scFiEE+ts/9LaoXcZuSmrHp2KguwFLmxwA
	AIm9AP9KB4cZyiby7jiiRMRESDeJXrdb4kNqyA3D3nVOt14bKgD/UiDfUKE1MwiV
	pOqj/S0wiJdChKW52zRAkwuQ7PtKkgI=
	=AiY9
	-----END PGP MESSAGE-----
	--11d2cbf164a9ae0dfbb310faf818762607dcfd20aa74e07c7be0eec1458d--
which is correct, and decodes correctly in neomutt.

Fixes: https://lists.sr.ht/~sircmpwn/sr.ht-discuss/%3C4uxbrlspm45s5i4bhhmqgmry374i22oqcxedtowda5zrzd7bpf2%405pyosds5owty%3E
2023-10-04 15:45:50 +02:00
Simon Ser a06a624789 database: don't panic with ErrBadConn
Sometimes we're panic'ing like so:

    panic: driver: bad connection

    goroutine 9333 [running]:
    git.sr.ht/~sircmpwn/core-go/database.WithTx({0x561c2e623478, 0xc0002b6ed0}, 0x50?, 0xc00025ff38)
    	git.sr.ht/~sircmpwn/core-go@v0.0.0-20230816134313-65b1657b30a1/database/middleware.go:57 +0x1fc
    git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders.fetchUsersByID.func1({0xc0002d80f0, 0x1, 0x1})
    	git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders/middleware.go:34 +0x118
    git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders.(*usersByIDLoaderBatch).end(...)
    	git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders/usersbyidloader_gen.go:222
    git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders.(*usersByIDLoaderBatch).startTimer(0xc0004e5380, 0xc0000e5140)
    	git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders/usersbyidloader_gen.go:218 +0xe7
    created by git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders.(*usersByIDLoaderBatch).keyIndex
    	git.sr.ht/~sircmpwn/builds.sr.ht/api/loaders/usersbyidloader_gen.go:191 +0x119

I believe this is a pq bug, see the linked bug report. Stop
panic'ing in that case.
2023-10-04 15:45:40 +02:00
Simon Ser d83af997da auth: make DecodeGrants return an error
We'll use this function to validate grants passed in via
builds.sr.ht manifests.
2023-10-04 15:45:28 +02:00
Simon Ser 65b1657b30 auth: add AuthContext.Access
Same logic as server.Access, but lower-level. Useful to check for
a permission not covered by the GraphQL schema @access directives
(such as builds.sr.ht secrets).
2023-08-16 15:43:13 +02:00
Simon Ser a941162edd server/email: don't panic in EmailRecover
A panic in here is not great, because this function is supposed to
be the panic handler. Let's just log the error instead.
2023-08-16 12:04:05 +02:00
Simon Ser 1fd2476d29 server/email: log missing mail::error-to, treat empty string as unset
Log a message when mail::error-to is unset, just in case the admin
forgot to set it. Don't try to parse an email address if error-to
is set to the empty string (the default value in the default config
file).
2023-08-16 12:04:03 +02:00
Simon Ser 2f23941546 server/email: simplify and cleanup
- Only print the error once
- Remove unnecessary var
- Use debug.Stack instead of hand-rolled logic
- Ignore json.Marshal errors in a simpler way
2023-08-16 12:03:59 +02:00
Simon Ser 30cea5cc3a server: fix error message on missing grant in Access
The error returned when a token is missing a required grant would
be "Access denied for invalid auth method" which is confusing.
Fix this with a more accurate error message.
2023-07-07 09:57:41 +02:00
Simon Ser 43a2be15d5 database/middleware: don't use sql.Conn in WithTx
We can just use sql.DB instead of sql.Conn here. Simplifies the
code and reduces the risk of getting "bad connection" errors.
2023-06-13 11:27:53 +02:00
Drew DeVault 6f6bb872c5 auth: add /query/external/* to anonymous whitelist 2023-06-07 09:07:53 +02:00
Adnan Maolood 083cb1606a redis: Update style
To match the s3 middleware.
2023-06-01 12:30:14 +02:00
Adnan Maolood 156c5e2649 s3: Import middleware from pages.sr.ht
Closes: https://todo.sr.ht/~sircmpwn/pages.sr.ht/19
2023-06-01 12:30:12 +02:00
Simon Ser 89b1b48997 auth/middleware: make auth scheme case-insensitive
According to RFC 7235 section 2.1, the auth scheme is
case-insensitive.
2023-04-11 16:11:00 +02:00
Simon Ser 209e1a8698 database/middleware: do not recover/panic in defer
defer always runs after a panic. There is no need to recover and
re-panic, we can just unconditionally tx.Rollback() (it will
silently error out if the transaction has already been committed or
rolled back).

This fixes the stack trace of the panic being incorrect. It points
to this function instead of the real culprit.
2023-04-11 14:59:51 +02:00
Simon Ser 1f6fac1dda go mod tidy
Fixes the following error when running `go test`:

    ../../go/pkg/mod/github.com/prometheus/client_golang@v1.14.0/prometheus/internal/metric.go:19:2: missing go.sum entry for module providing package github.com/prometheus/client_model/go (imported by github.com/prometheus/client_golang/prometheus); to add:
    	go get github.com/prometheus/client_golang/prometheus@v1.14.0
2023-04-11 14:59:51 +02:00
Simon Ser ca47b9fe14 server/directives: handle auth.AUTH_ANON_INTERNAL in Access 2023-03-13 14:56:28 +01:00
Conrad Hoffmann 78b6f7232a email: remove content headers of passed-in message
The email has already been parsed according to the headers, but they are
still present. However, signing or encrypting the email will change the
content format, so remove any such headers before continuing.
2023-03-07 09:36:00 +01:00
Drew DeVault 144fc447a3 server: register SQL collector
Missed this step
2023-01-31 16:47:08 +01:00
Drew DeVault fa27910a94 Add prometheus SQL connection stats
Also updates the prometheus client_go library
2023-01-31 16:38:04 +01:00
Dennis Schön 5752486235 auth: fix invalid json tag in InternalAuth 2022-12-19 13:20:59 +01:00
Dennis Schön 2fd72e9f66 email: handle error from Enqueue() in EnqueueStd() 2022-12-19 13:20:50 +01:00
Conrad Hoffmann b1540a2277 Update pq (Postgres driver) to latest version 2022-11-25 13:19:16 +01:00
Adnan Maolood 3e69641ef3 auth: Use canonical user IDs
When adding users to the database, use the canonical user ID from
meta.sr.ht.
2022-10-25 10:24:58 +02:00
Simon Ser bb33e3e749 email/worker: add more context to errors
For instance, failure to open the private PGP key would just fail
with an unhelpful "panic: open : no such file or directory" error.
2022-09-22 10:50:05 +02:00
Conrad Hoffmann 8110e635b5 database: add helpers to fetch all columns
The current solution of fetching columns based on the GraphQL context
has some limits. While probably not the solution for all use-cases, it
sometimes can be desirable to simply fetch all columns from the database
when retrieving objects.

This commit adds two simple functions doing just that. They can be used
when building SQL queries, like

    query := database.SelectAll(new(model.Email))

and

    rows.Scan(database.ScanAll(&email)...)
2022-09-22 10:49:54 +02:00
Drew DeVault 12000f491a Revert "auth: Use canonical user IDs"
This reverts commit 6c1036e270.
2022-08-29 14:31:41 +02:00
Conrad Hoffmann 236879ae0b Run `go fmt` 2022-08-29 11:03:46 +02:00
Adnan Maolood 6c1036e270 auth: Use canonical user IDs
When adding users to the database, use the canonical user ID from
meta.sr.ht.
2022-07-28 12:14:56 +02:00
Adnan Maolood d0bf1153ad webhooks.FilterWebhooks: Filter by user_id 2022-05-30 14:08:43 +02:00