robot-u-site/app.py

from __future__ import annotations

import hmac
from hashlib import sha256
from pathlib import Path
from typing import Any
from urllib.parse import urlencode

from fastapi import Body, FastAPI, HTTPException, Request
from fastapi.middleware.cors import CORSMiddleware
from fastapi.responses import FileResponse, JSONResponse, RedirectResponse, StreamingResponse
from fastapi.staticfiles import StaticFiles

from auth import (
    OAuthStateRecord,
    clear_login_session,
    consume_oauth_state,
    create_login_session,
    create_oauth_state,
    current_session_user,
    resolve_forgejo_auth,
)
from forgejo_client import ForgejoClient, ForgejoClientError
from live_prototype import (
    DISCUSSION_LABEL_NAME,
    discussion_card_from_issue,
    issue_has_discussion_label,
)
from prototype_cache import PrototypePayloadCache
from settings import Settings, get_settings
from update_events import UpdateBroker, stream_sse_events

BASE_DIR = Path(__file__).resolve().parent
DIST_DIR = BASE_DIR / "frontend" / "dist"


def create_app() -> FastAPI:
    settings = get_settings()
    app = FastAPI(title="Robot U Community Site")
    prototype_cache = PrototypePayloadCache()
    update_broker = UpdateBroker()

    app.add_middleware(
        CORSMiddleware,
        allow_origins=list(settings.cors_allow_origins),
        allow_methods=["GET", "POST", "DELETE", "OPTIONS"],
        allow_headers=[
            "Authorization",
            "Content-Type",
            "X-Forgejo-Signature",
            "X-Gitea-Signature",
            "X-Hub-Signature-256",
        ],
    )

    @app.get("/health")
    async def health() -> JSONResponse:
        return JSONResponse({"status": "ok"})

    @app.get("/api/prototype")
    async def prototype(request: Request) -> JSONResponse:
        settings = get_settings()
        session_user = current_session_user(request, settings)
        forgejo_token, auth_source, auth_scheme = resolve_forgejo_auth(request, settings)
        payload = await prototype_cache.get(settings)
        payload["auth"] = await _auth_payload_for_request(
            settings,
            forgejo_token=forgejo_token,
            auth_source=auth_source,
            auth_scheme=auth_scheme,
            session_user=session_user,
        )
        return JSONResponse(payload)

    @app.get("/api/auth/session")
    async def auth_session(request: Request) -> JSONResponse:
        settings = get_settings()
        session_user = current_session_user(request, settings)
        if session_user:
            return JSONResponse(_auth_payload(session_user, "session"))

        forgejo_token, auth_source, auth_scheme = resolve_forgejo_auth(request, settings)
        if not forgejo_token or auth_source == "server":
            return JSONResponse(_auth_payload(None, "none"))

        async with ForgejoClient(
            settings, forgejo_token=forgejo_token, auth_scheme=auth_scheme
        ) as client:
            try:
                user = await client.fetch_current_user()
            except ForgejoClientError as error:
                raise HTTPException(status_code=401, detail=str(error)) from error

        return JSONResponse(_auth_payload(user, auth_source))

    @app.get("/api/events/stream")
    async def events_stream() -> StreamingResponse:
        return StreamingResponse(
            stream_sse_events(update_broker),
            media_type="text/event-stream",
            headers={
                "Cache-Control": "no-store",
                "X-Accel-Buffering": "no",
            },
        )

    @app.post("/api/forgejo/webhook")
    async def forgejo_webhook(request: Request) -> JSONResponse:
        settings = get_settings()
        body = await request.body()
        if not _valid_webhook_signature(request, settings, body):
            raise HTTPException(status_code=401, detail="Invalid Forgejo webhook signature.")

        prototype_cache.invalidate()
        await update_broker.publish("content-updated", {"reason": "forgejo-webhook"})
        return JSONResponse({"status": "accepted"})

    @app.get("/api/auth/forgejo/start")
    async def forgejo_auth_start(request: Request, return_to: str = "/") -> RedirectResponse:
        settings = get_settings()
        if not _oauth_configured(settings):
            return _signin_error_redirect("Forgejo OAuth is not configured on the site yet.")

        redirect_uri = _oauth_redirect_uri(request, settings)
        state, code_challenge = create_oauth_state(redirect_uri, return_to)

        async with ForgejoClient(settings) as client:
            try:
                oidc = await client.fetch_openid_configuration()
            except ForgejoClientError as error:
                return _signin_error_redirect(str(error))

        authorization_endpoint = str(oidc.get("authorization_endpoint") or "")
        if not authorization_endpoint:
            return _signin_error_redirect("Forgejo did not return an OAuth authorization endpoint.")

        query = urlencode(
            {
                "client_id": settings.forgejo_oauth_client_id or "",
                "redirect_uri": redirect_uri,
                "response_type": "code",
                "scope": " ".join(settings.forgejo_oauth_scopes),
                "state": state,
                "code_challenge": code_challenge,
                "code_challenge_method": "S256",
            },
        )
        return RedirectResponse(f"{authorization_endpoint}?{query}", status_code=303)

    @app.get("/api/auth/forgejo/callback")
    async def forgejo_auth_callback(
        code: str | None = None,
        state: str | None = None,
        error: str | None = None,
    ) -> RedirectResponse:
        if error:
            return _signin_error_redirect(f"Forgejo sign-in failed: {error}")
        if not code or not state:
            return _signin_error_redirect("Forgejo did not return the expected sign-in data.")

        settings = get_settings()
        if not _oauth_configured(settings):
            return _signin_error_redirect("Forgejo OAuth is not configured on the site yet.")

        oauth_state = consume_oauth_state(state)
        if oauth_state is None:
            return _signin_error_redirect("The Forgejo sign-in request expired. Try again.")

        try:
            access_token = await _exchange_forgejo_code(settings, code, oauth_state)
            user = await _fetch_forgejo_oidc_user(settings, access_token)
        except ForgejoClientError as exchange_error:
            return _signin_error_redirect(str(exchange_error))

        response = RedirectResponse(oauth_state.return_to, status_code=303)
        create_login_session(response, settings, access_token, user)
        return response

    @app.delete("/api/auth/session")
    async def delete_auth_session(request: Request) -> JSONResponse:
        response = JSONResponse(_auth_payload(None, "none"))
        clear_login_session(request, response)
        return response

    @app.get("/api/discussions/{owner}/{repo}/{issue_number}")
    async def discussion_detail(owner: str, repo: str, issue_number: int) -> JSONResponse:
        if issue_number < 1:
            raise HTTPException(status_code=400, detail="issue_number must be positive.")

        settings = get_settings()
        async with ForgejoClient(settings, forgejo_token=settings.forgejo_token) as client:
            try:
                repo_payload = await client.fetch_repository(owner, repo)
                if repo_payload.get("private"):
                    raise HTTPException(
                        status_code=403,
                        detail="This site only reads public Forgejo repositories.",
                    )
                issue = await client.fetch_issue(owner, repo, issue_number)
                if not issue_has_discussion_label(issue):
                    raise HTTPException(
                        status_code=404,
                        detail="This issue is not labeled as a discussion.",
                    )
                comments = [
                    _discussion_reply(comment)
                    for comment in await client.list_issue_comments(owner, repo, issue_number)
                ]
            except ForgejoClientError as error:
                raise HTTPException(status_code=502, detail=str(error)) from error

        issue["repository"] = _issue_repository_payload(repo_payload, owner, repo)
        return JSONResponse(discussion_card_from_issue(issue, comments=comments))

    @app.post("/api/discussions/replies")
    async def create_discussion_reply(
        request: Request,
        payload: dict[str, object] = Body(...),
    ) -> JSONResponse:
        owner = _required_string(payload, "owner")
        repo = _required_string(payload, "repo")
        body = _required_string(payload, "body")
        issue_number = _required_positive_int(payload, "number")
        settings = get_settings()
        forgejo_token, auth_source, auth_scheme = resolve_forgejo_auth(request, settings)
        if not forgejo_token or auth_source == "server":
            raise HTTPException(
                status_code=401,
                detail="Sign in or send an Authorization token before replying.",
            )

        async with ForgejoClient(
            settings, forgejo_token=forgejo_token, auth_scheme=auth_scheme
        ) as client:
            try:
                repo_payload = await client.fetch_repository(owner, repo)
                if repo_payload.get("private"):
                    raise HTTPException(
                        status_code=403,
                        detail="This site only writes to public Forgejo repositories.",
                    )
                comment = await client.create_issue_comment(owner, repo, issue_number, body)
            except ForgejoClientError as error:
                raise HTTPException(status_code=502, detail=str(error)) from error

        prototype_cache.invalidate()
        await update_broker.publish(
            "content-updated",
            {"reason": "discussion-reply", "repo": f"{owner}/{repo}", "number": issue_number},
        )
        return JSONResponse(_discussion_reply(comment))

    @app.post("/api/discussions")
    async def create_discussion(
        request: Request,
        payload: dict[str, object] = Body(...),
    ) -> JSONResponse:
        title = _required_string(payload, "title")
        body = _required_string(payload, "body")
        owner, repo = _discussion_target(payload, get_settings())
        context_url = _optional_string(payload, "context_url")
        context_title = _optional_string(payload, "context_title")
        context_path = _optional_string(payload, "context_path")
        issue_body = _discussion_issue_body(
            body,
            context_url=context_url,
            context_title=context_title,
            context_path=context_path,
        )

        settings = get_settings()
        forgejo_token, auth_source, auth_scheme = resolve_forgejo_auth(request, settings)
        if not forgejo_token or auth_source == "server":
            raise HTTPException(
                status_code=401,
                detail="Sign in or send an Authorization token before starting a discussion.",
            )

        async with ForgejoClient(
            settings, forgejo_token=forgejo_token, auth_scheme=auth_scheme
        ) as client:
            try:
                repo_payload = await client.fetch_repository(owner, repo)
                if repo_payload.get("private"):
                    raise HTTPException(
                        status_code=403,
                        detail="This site only writes to public Forgejo repositories.",
                    )
                discussion_label_id = await client.ensure_repo_label(
                    owner,
                    repo,
                    DISCUSSION_LABEL_NAME,
                    color="#0f6f8f",
                    description="Shown on Robot U as a community discussion.",
                )
                issue = await client.create_issue(
                    owner,
                    repo,
                    title,
                    issue_body,
                    label_ids=[discussion_label_id],
                )
            except ForgejoClientError as error:
                raise HTTPException(status_code=502, detail=str(error)) from error

        issue["repository"] = _issue_repository_payload(repo_payload, owner, repo)
        if not issue_has_discussion_label(issue):
            issue["labels"] = [
                *[label for label in issue.get("labels", []) if isinstance(label, dict)],
                {"id": discussion_label_id, "name": DISCUSSION_LABEL_NAME},
            ]
        prototype_cache.invalidate()
        await update_broker.publish(
            "content-updated",
            {"reason": "discussion-created", "repo": f"{owner}/{repo}"},
        )
        return JSONResponse(discussion_card_from_issue(issue, comments=[]))

    if DIST_DIR.exists():
        assets_dir = DIST_DIR / "assets"
        if assets_dir.exists():
            app.mount("/assets", StaticFiles(directory=str(assets_dir)), name="assets")

        @app.get("/{full_path:path}")
        async def spa_fallback(full_path: str) -> FileResponse:
            candidate = DIST_DIR / full_path
            if candidate.is_file():
                return FileResponse(str(candidate))

            response = FileResponse(str(DIST_DIR / "index.html"))
            response.headers["Cache-Control"] = "no-store, no-cache, must-revalidate"
            response.headers["Pragma"] = "no-cache"
            response.headers["Expires"] = "0"
            return response

    return app


app = create_app()


def _required_string(payload: dict[str, object], key: str) -> str:
    value = payload.get(key)
    if not isinstance(value, str) or not value.strip():
        raise HTTPException(status_code=400, detail=f"{key} is required.")
    return value.strip()


def _optional_string(payload: dict[str, object], key: str) -> str | None:
    value = payload.get(key)
    if value is None:
        return None
    if not isinstance(value, str):
        raise HTTPException(status_code=400, detail=f"{key} must be a string.")
    stripped = value.strip()
    return stripped or None


def _required_positive_int(payload: dict[str, object], key: str) -> int:
    value = payload.get(key)
    if isinstance(value, bool):
        raise HTTPException(status_code=400, detail=f"{key} must be a positive integer.")

    if isinstance(value, int):
        parsed = value
    elif isinstance(value, str) and value.isdigit():
        parsed = int(value)
    else:
        raise HTTPException(status_code=400, detail=f"{key} must be a positive integer.")

    if parsed < 1:
        raise HTTPException(status_code=400, detail=f"{key} must be a positive integer.")
    return parsed


def _discussion_target(payload: dict[str, object], settings: Settings) -> tuple[str, str]:
    owner = _optional_string(payload, "owner")
    repo = _optional_string(payload, "repo")
    if owner and repo:
        return owner, repo
    if owner or repo:
        raise HTTPException(status_code=400, detail="owner and repo must be provided together.")

    configured_repo = settings.forgejo_general_discussion_repo
    if configured_repo:
        parts = [part for part in configured_repo.strip().split("/", 1) if part]
        if len(parts) == 2:
            return parts[0], parts[1]

    raise HTTPException(
        status_code=400,
        detail="General discussion repo is not configured.",
    )


def _discussion_issue_body(
    body: str,
    *,
    context_url: str | None,
    context_title: str | None,
    context_path: str | None,
) -> str:
    related_lines: list[str] = []
    if context_title:
        related_lines.append(f"Related content: {context_title}")
    if context_url:
        related_lines.append(f"Canonical URL: {context_url}")
    if context_path:
        related_lines.append(f"Source path: {context_path}")

    if not related_lines:
        return body

    return f"{body}\n\n---\n" + "\n".join(related_lines)


def _issue_repository_payload(
    repo_payload: dict[str, Any],
    owner: str,
    repo: str,
) -> dict[str, object]:
    repo_owner = repo_payload.get("owner") or {}
    owner_login = repo_owner.get("login") if isinstance(repo_owner, dict) else owner
    return {
        "owner": owner_login or owner,
        "name": repo_payload.get("name") or repo,
        "full_name": repo_payload.get("full_name") or f"{owner}/{repo}",
        "private": False,
    }


def _discussion_reply(comment: dict[str, Any]) -> dict[str, object]:
    author = comment.get("user") or {}
    body = str(comment.get("body", "") or "").strip()
    if not body:
        body = "No comment body provided."

    return {
        "id": int(comment.get("id", 0)),
        "author": author.get("login", "Unknown author"),
        "avatar_url": author.get("avatar_url", ""),
        "body": body,
        "created_at": comment.get("created_at", ""),
        "html_url": comment.get("html_url", ""),
    }


def _auth_payload(user: dict[str, Any] | None, source: str) -> dict[str, object]:
    oauth_configured = _oauth_configured(get_settings())
    if not user:
        return {
            "authenticated": False,
            "login": None,
            "source": source,
            "can_reply": source in {"authorization", "session"},
            "oauth_configured": oauth_configured,
        }

    return {
        "authenticated": True,
        "login": user.get("login", "Unknown user"),
        "source": source,
        "can_reply": source in {"authorization", "session"},
        "oauth_configured": oauth_configured,
    }


async def _auth_payload_for_request(
    settings: Settings,
    *,
    forgejo_token: str | None,
    auth_source: str,
    auth_scheme: str,
    session_user: dict[str, Any] | None,
) -> dict[str, object]:
    if session_user:
        return _auth_payload(session_user, "session")

    if not forgejo_token or auth_source == "server":
        return _auth_payload(None, "none")

    async with ForgejoClient(
        settings, forgejo_token=forgejo_token, auth_scheme=auth_scheme
    ) as client:
        try:
            user = await client.fetch_current_user()
        except ForgejoClientError as error:
            raise HTTPException(status_code=401, detail=str(error)) from error

    return _auth_payload(user, auth_source)


def _valid_webhook_signature(request: Request, settings: Settings, body: bytes) -> bool:
    secret = settings.forgejo_webhook_secret
    if not secret:
        return True

    expected = hmac.new(secret.encode("utf-8"), body, sha256).hexdigest()
    candidates = [
        request.headers.get("x-forgejo-signature", ""),
        request.headers.get("x-gitea-signature", ""),
        request.headers.get("x-hub-signature-256", "").removeprefix("sha256="),
    ]
    return any(hmac.compare_digest(expected, candidate.strip()) for candidate in candidates)


def _oauth_configured(settings: Settings) -> bool:
    return bool(
        settings.auth_secret_key
        and settings.forgejo_oauth_client_id
        and settings.forgejo_oauth_client_secret
    )


def _oauth_redirect_uri(request: Request, settings: Settings) -> str:
    if settings.app_base_url:
        return f"{settings.app_base_url}/api/auth/forgejo/callback"
    return str(request.url_for("forgejo_auth_callback"))


def _signin_error_redirect(message: str) -> RedirectResponse:
    return RedirectResponse(f"/signin?{urlencode({'error': message})}", status_code=303)


async def _exchange_forgejo_code(
    settings: Settings,
    code: str,
    oauth_state: OAuthStateRecord,
) -> str:
    async with ForgejoClient(settings) as client:
        oidc = await client.fetch_openid_configuration()
        token_endpoint = str(oidc.get("token_endpoint") or "")
        if not token_endpoint:
            raise ForgejoClientError("Forgejo did not return an OAuth token endpoint.")

        token_payload = await client.exchange_oauth_code(
            token_endpoint=token_endpoint,
            client_id=settings.forgejo_oauth_client_id or "",
            client_secret=settings.forgejo_oauth_client_secret or "",
            code=code,
            redirect_uri=oauth_state.redirect_uri,
            code_verifier=oauth_state.code_verifier,
        )

    access_token = token_payload.get("access_token")
    if not isinstance(access_token, str) or not access_token:
        raise ForgejoClientError("Forgejo did not return an access token.")
    return access_token


async def _fetch_forgejo_oidc_user(settings: Settings, access_token: str) -> dict[str, Any]:
    async with ForgejoClient(settings) as client:
        oidc = await client.fetch_openid_configuration()
        userinfo_endpoint = str(oidc.get("userinfo_endpoint") or "")
        if not userinfo_endpoint:
            raise ForgejoClientError("Forgejo did not return an OIDC UserInfo endpoint.")

        userinfo = await client.fetch_userinfo(userinfo_endpoint, access_token)

    login = userinfo.get("preferred_username") or userinfo.get("name") or userinfo.get("sub")
    if not isinstance(login, str) or not login:
        raise ForgejoClientError("Forgejo did not return a usable user identity.")

    return {
        "login": login,
        "avatar_url": userinfo.get("picture", ""),
        "email": userinfo.get("email", ""),
    }