uEdition-Editor 2.0.0__py3-none-any.whl

uedition_editor/__about__.py

@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: 2024-present Mark Hall <mark.hall@work.room3b.eu>
+#
+# SPDX-License-Identifier: MIT
+"""About this package."""
+
+__version__ = "2.0.0"

uedition_editor/__init__.py

@@ -0,0 +1,69 @@
+# SPDX-FileCopyrightText: 2024-present Mark Hall <mark.hall@work.room3b.eu>
+#
+# SPDX-License-Identifier: MIT
+"""The main uEditor server."""
+
+import logging
+from contextlib import asynccontextmanager
+from copy import deepcopy
+
+from fastapi import FastAPI
+from fastapi.exceptions import HTTPException
+from fastapi.responses import RedirectResponse, Response
+from fastapi.staticfiles import StaticFiles
+from httpx import AsyncClient
+from uvicorn.config import LOGGING_CONFIG
+
+from uedition_editor import cron
+from uedition_editor.api import router as api_router
+from uedition_editor.settings import init_settings
+
+logger = logging.getLogger(__name__)
+# Configure logging
+conf = deepcopy(LOGGING_CONFIG)
+conf["loggers"]["uedition_editor"] = {
+    "level": logging.INFO,
+    "qualname": "uedition_editor",
+    "handlers": ["default"],
+}
+conf["formatters"]["default"]["fmt"] = "%(levelprefix)s %(name)-40s %(message)s"
+conf["root"] = {"level": logging.INFO}
+if init_settings.test:  # pragma: no cover
+    conf["loggers"]["uedition_editor"]["level"] = logging.DEBUG
+logging.config.dictConfig(conf)
+logger.debug("Logging configuration set up")
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):  # noqa:ARG001
+    """Startup/shutdown handler."""
+    await cron.track_branches.func()
+    yield
+
+
+app = FastAPI(lifespan=lifespan)
+app.include_router(api_router)
+
+if init_settings.dev:
+
+    @app.get("/app/{path:path}")
+    async def ui_dev(path: str):
+        """Proxy the development frontend server."""
+        async with AsyncClient() as client:
+            response = await client.get(f"http://localhost:5173/app/{path}")
+            if response.status_code == 200:  # noqa:PLR2004
+                return Response(content=response.content, media_type=response.headers["Content-Type"])
+            else:
+                raise HTTPException(response.status_code)
+
+else:
+    app.mount("/app", StaticFiles(packages=[("uedition_editor", "frontend/dist")], html=True))
+
+
+@app.get("/", response_class=RedirectResponse)
+def redirect_to_app(timestamp: int | None = None):
+    """Redirect to the application UI."""
+    if timestamp is not None:
+        return f"/app/?timestamp={timestamp}"
+    else:
+        return "/app/"

uedition_editor/__main__.py

@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2024-present Mark Hall <mark.hall@work.room3b.eu>
+#
+# SPDX-License-Identifier: MIT
+"""The uEditor module entry point."""
+
+from uedition_editor.cli import app
+
+if __name__ == "__main__":
+    app()

uedition_editor/api/__init__.py

@@ -0,0 +1,72 @@
+# SPDX-FileCopyrightText: 2024-present Mark Hall <mark.hall@work.room3b.eu>
+#
+# SPDX-License-Identifier: MIT
+"""The uEditor server API."""
+
+from typing import Literal
+
+from fastapi import APIRouter
+from pydantic import BaseModel
+from pygit2 import GitError, Repository
+from pygit2.enums import RepositoryOpenFlag
+
+from uedition_editor.__about__ import __version__
+from uedition_editor.api.auth import router as auth_router
+from uedition_editor.api.branches import router as branches_router
+from uedition_editor.settings import init_settings
+
+router = APIRouter(prefix="/api")
+router.include_router(auth_router)
+router.include_router(branches_router)
+if init_settings.test:  # pragma: no cover
+    from uedition_editor.api.tests import router as tests_router
+
+    router.include_router(tests_router)
+
+
+class APIStatusAuth(BaseModel):
+    """Pydantic model for validating the auth settings."""
+
+    provider: Literal["no-auth"] | Literal["email"] | Literal["email-password"] | Literal["github"]
+
+
+class APIStatusGit(BaseModel):
+    """Pydantic model for validating the git API status."""
+
+    enabled: bool
+    default_branch: str | None = None
+    protect_default_branch: bool | None = None
+
+
+class APIStatus(BaseModel):
+    """Pydantic model for validating the API status."""
+
+    ready: bool
+    """Indicate whether the API is ready."""
+    git: APIStatusGit
+    """Indicate the Git status."""
+    auth: APIStatusAuth
+    """Indicate the authentication system status."""
+    version: str
+    """The backend API version."""
+
+
+@router.get("", response_model=APIStatus)
+def api() -> dict:
+    """Return the status of the API."""
+    api_status = {
+        "ready": True,
+        "git": {
+            "enabled": False,
+        },
+        "auth": {"provider": init_settings.auth.provider},
+        "version": __version__,
+    }
+    try:
+        Repository(init_settings.base_path, flags=RepositoryOpenFlag.NO_SEARCH)
+        api_status["git"]["enabled"] = True
+        api_status["git"]["default_branch"] = init_settings.git.default_branch
+        api_status["git"]["protect_default_branch"] = init_settings.git.protect_default_branch
+    except GitError:
+        pass
+    return api_status

uedition_editor/api/auth.py

@@ -0,0 +1,208 @@
+"""Authentication functionality."""
+
+import logging
+from datetime import datetime, timedelta, timezone
+from secrets import token_hex
+from typing import Annotated
+from urllib.parse import urlencode
+
+import jwt
+from fastapi import APIRouter, Cookie, Depends, Response
+from fastapi.exceptions import HTTPException
+from fastapi.responses import RedirectResponse
+from httpx import AsyncClient
+from pydantic import BaseModel, EmailStr
+
+from uedition_editor.settings import init_settings
+
+logger = logging.getLogger(__name__)
+router = APIRouter(prefix="/auth")
+
+
+def get_current_user(ueditor_user: Annotated[str | None, Cookie()] = None):
+    """Get the current user from the session cookie."""
+    if ueditor_user is not None:
+        try:
+            data = jwt.decode(
+                ueditor_user,
+                key=init_settings.session.key,
+                algorithms="HS512",
+                options={"require": ["exp", "iat", "name", "nbf", "provider", "sub"]},
+            )
+            if init_settings.auth.provider in ["no-auth", "email"]:
+                if data["sub"] != init_settings.auth.email or data["provider"] != init_settings.auth.provider:
+                    raise HTTPException(401)
+            elif init_settings.auth.provider == "email-password":
+                if data["provider"] != init_settings.auth.provider:
+                    raise HTTPException(401)
+                for user in init_settings.auth.users:
+                    if data["sub"] == user.email:
+                        return data
+                raise HTTPException(401)
+            return data
+        except jwt.InvalidTokenError as e:
+            logger.error(e)
+            raise HTTPException(401) from e
+    raise HTTPException(401)
+
+
+class EmailPasswordLoginModel(BaseModel):
+    """Model for validating login via email and password."""
+
+    email: EmailStr
+    password: str
+
+
+@router.post("/login", status_code=204)
+def login(response: Response, auth: EmailPasswordLoginModel | None = None) -> None:
+    """Log the user in using one of the local authentication methods."""
+    if init_settings.auth.provider in ["no-auth", "email"]:
+        now = datetime.now(timezone.utc)
+        ueditor_user = jwt.encode(
+            {
+                "sub": init_settings.auth.email,
+                "name": init_settings.auth.name,
+                "exp": now + timedelta(days=14),
+                "iat": now,
+                "nbf": now,
+                "provider": init_settings.auth.provider,
+            },
+            init_settings.session.key,
+            algorithm="HS512",
+        )
+        response.set_cookie(
+            "ueditor_user",
+            ueditor_user,
+            expires=now + timedelta(14),
+            secure=True,
+            samesite="strict",
+        )
+        return
+    elif init_settings.auth.provider == "email-password" and auth is not None:
+        for user in init_settings.auth.users:
+            if user.email == auth.email and user.password == auth.password:
+                now = datetime.now(timezone.utc)
+                ueditor_user = jwt.encode(
+                    {
+                        "sub": user.email,
+                        "name": user.name,
+                        "exp": now + timedelta(days=14),
+                        "iat": now,
+                        "nbf": now,
+                        "provider": init_settings.auth.provider,
+                    },
+                    init_settings.session.key,
+                    algorithm="HS512",
+                )
+                response.set_cookie(
+                    "ueditor_user",
+                    ueditor_user,
+                    expires=now + timedelta(14),
+                    secure=True,
+                    samesite="strict",
+                )
+                return
+    raise HTTPException(403)
+
+
+@router.delete("/login", status_code=204)
+def logout(response: Response) -> None:
+    """Log the user out."""
+    response.delete_cookie(
+        "ueditor_user",
+        secure=True,
+        samesite="strict",
+    )
+
+
+OIDC_STATES = {}
+
+
+@router.get("/oidc/login", response_class=RedirectResponse)
+def start_oidc_login():
+    """Start an OIDC (or equivalent) authorization process."""
+    if init_settings.auth.provider != "github":
+        raise HTTPException(404)
+    state = token_hex(64)
+    now = datetime.now(tz=timezone.utc).timestamp()
+    valid_until = now + 600
+    OIDC_STATES[state] = valid_until
+    for key in list(OIDC_STATES.keys()):
+        if now > OIDC_STATES[key]:
+            del OIDC_STATES[key]
+    params = {
+        "client_id": init_settings.auth.client_id,
+        "redirect_uri": f"{init_settings.auth.callback_base}/api/auth/oidc/callback",
+        "scope": "read:user",
+        "state": state,
+    }
+    return f"https://github.com/login/oauth/authorize?{urlencode(params)}"
+
+
+@router.get("/oidc/callback", response_class=RedirectResponse)
+async def complete_oidc_login(code: str, state: str, redirect_response: Response):
+    """Complete an OIDC (or equivalent) authorization process."""
+    if init_settings.auth.provider != "github":
+        raise HTTPException(404)
+    now = datetime.now(tz=timezone.utc)
+    if state not in OIDC_STATES or now.timestamp() > OIDC_STATES[state]:
+        raise HTTPException(403)
+    async with AsyncClient() as client:
+        params = {
+            "client_id": init_settings.auth.client_id,
+            "client_secret": init_settings.auth.client_secret,
+            "code": code,
+            "redirect_uri": f"{init_settings.auth.callback_base}/api/auth/oidc/callback",
+        }
+        response = await client.get(
+            f"https://github.com/login/oauth/access_token?{urlencode(params)}",
+            headers={"Accept": "application/json"},
+        )
+        if response.status_code != 200:  # noqa:PLR2004
+            raise HTTPException(403)
+        token = response.json()
+        response = await client.get(
+            "https://api.github.com/user",
+            headers={
+                "Accept": "application/vnd.github+json",
+                "Authorization": f"Bearer {token['access_token']}",
+            },
+        )
+        if response.status_code != 200:  # noqa: PLR2004
+            raise HTTPException(403)
+        user_data = response.json()
+        if user_data["email"] not in init_settings.auth.users:
+            raise HTTPException(403)
+        ueditor_user = jwt.encode(
+            {
+                "sub": user_data["email"],
+                "name": user_data["name"],
+                "exp": now + timedelta(days=14),
+                "iat": now,
+                "nbf": now,
+                "provider": init_settings.auth.provider,
+            },
+            init_settings.session.key,
+            algorithm="HS512",
+        )
+        redirect_response.set_cookie(
+            "ueditor_user",
+            ueditor_user,
+            expires=now + timedelta(14),
+            secure=True,
+            samesite="strict",
+        )
+        return "/app"
+
+
+class UserModel(BaseModel):
+    """Pydantic model for validating user responses."""
+
+    sub: str
+    name: str
+
+
+@router.get("/user", response_model=UserModel)
+def user(current_user: Annotated[dict, Depends(get_current_user)]):
+    """Return the currently logged in user."""
+    return current_user

uedition_editor/api/branches.py

@@ -0,0 +1,175 @@
+# SPDX-FileCopyrightText: 2024-present Mark Hall <mark.hall@work.room3b.eu>
+#
+# SPDX-License-Identifier: MIT
+"""The uEditor API for accessing branches."""
+
+import logging
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, Header
+from fastapi.exceptions import HTTPException
+from pydantic import BaseModel, Field
+from pygit2 import GitError, Repository, Signature
+from pygit2.enums import RepositoryOpenFlag
+
+from uedition_editor import cron
+from uedition_editor.api.auth import get_current_user
+from uedition_editor.api.configs import router as configs_router
+from uedition_editor.api.files import router as files_router
+from uedition_editor.api.util import (
+    BranchContextManager,
+    RemoteRepositoryCallbacks,
+    commit_and_push,
+    de_slugify,
+    fetch_and_pull_branch,
+    fetch_repo,
+    pull_branch,
+    slugify,
+    uedition_lock,
+)
+from uedition_editor.settings import init_settings
+from uedition_editor.state import local_branches, remote_branches
+
+logger = logging.getLogger(__name__)
+router = APIRouter(prefix="/branches")
+router.include_router(files_router, prefix="/{branch_id}")
+router.include_router(configs_router, prefix="/{branch_id}")
+
+
+class BranchModel(BaseModel):
+    """A model of a single branch."""
+
+    id: str
+    title: str
+    nogit: bool = False
+    update_from_default: bool = False
+    modified_files: list[str] = []
+
+
+class BranchesModel(BaseModel):
+    """A model combining local and remote branches."""
+
+    local: list[BranchModel]
+    remote: list[BranchModel]
+
+
+@router.get("", response_model=BranchesModel)
+async def branches(
+    current_user: Annotated[dict, Depends(get_current_user)],  # noqa:ARG001
+) -> list:
+    """Fetch the available branches."""
+    return {"local": local_branches, "remote": remote_branches}
+
+
+@router.patch("", status_code=204)
+async def synchronise_remote() -> None:
+    """Synchronise with the git remote."""
+    await cron.track_branches.func()
+
+
+class CreateBranchModel(BaseModel):
+    """Model representing a new branch."""
+
+    title: str = Field(min_length=1)
+
+
+@router.post("", response_model=BranchModel)
+async def create_branch(
+    data: CreateBranchModel,
+    current_user: Annotated[dict, Depends(get_current_user)],  # noqa:ARG001
+    x_ueditor_import_branch: Annotated[bool, Header()] = False,  # noqa: FBT002
+) -> dict:
+    """Create a new branch."""
+    async with uedition_lock:
+        try:
+            branch_id = slugify(data.title)
+            repo = Repository(init_settings.base_path, flags=RepositoryOpenFlag.NO_SEARCH)
+            if branch_id in repo.branches.local:
+                raise HTTPException(422, detail=[{"msg": "this branch name is already in use"}])
+            if init_settings.git.remote_name in list(repo.remotes.names()):
+                fetch_and_pull_branch(
+                    repo,
+                    init_settings.git.remote_name,
+                    init_settings.git.default_branch,
+                )
+            repo.checkout(repo.branches[init_settings.git.default_branch])
+            if x_ueditor_import_branch:
+                commit, reference = repo.resolve_refish(f"{init_settings.git.remote_name}/{branch_id}")
+                repo.branches.local.create(branch_id, commit)
+                repo.checkout(repo.branches[branch_id])
+                repo.branches[branch_id].upstream = repo.branches[f"{init_settings.git.remote_name}/{branch_id}"]
+                await cron.insecure_track_branches()
+                return {"id": branch_id, "title": de_slugify(data.title)}
+            else:
+                for remote_branch_id in repo.branches.remote:
+                    if remote_branch_id.endswith(branch_id):
+                        raise HTTPException(
+                            422,
+                            detail=[{"msg": "this branch name is already used in the remote repository"}],
+                        )
+                last_default_commit = repo.revparse_single(str(repo.branches[init_settings.git.default_branch].target))
+                repo.branches.local.create(branch_id, last_default_commit)
+                repo.checkout(repo.branches[branch_id])
+                if init_settings.git.remote_name in list(repo.remotes.names()):
+                    repo.remotes[init_settings.git.remote_name].push(
+                        [f"refs/heads/{branch_id}"],
+                        callbacks=RemoteRepositoryCallbacks(),
+                    )
+                    fetch_repo(repo, init_settings.git.remote_name)
+                    repo.branches[branch_id].upstream = repo.branches[f"{init_settings.git.remote_name}/{branch_id}"]
+                await cron.insecure_track_branches()
+                return {"id": branch_id, "title": data.title}
+        except GitError as ge:
+            logger.error(ge)
+            raise HTTPException(500, "Git error") from ge
+
+
+@router.post("/{branch_id}/merge-from-default", status_code=204)
+async def merge_from_default(
+    branch_id: str,
+    current_user: Annotated[dict, Depends(get_current_user)],
+) -> None:
+    """Merge all changes from the default branch."""
+    branch_id = branch_id.replace("%2F", "/")
+    async with BranchContextManager(branch_id) as repo:
+        repo.checkout(repo.branches[init_settings.git.default_branch])
+        if init_settings.git.remote_name in list(repo.remotes.names()):
+            fetch_repo(repo, init_settings.git.remote_name)
+            pull_branch(repo, init_settings.git.default_branch)
+        repo.checkout(repo.branches[branch_id])
+        default_branch_head = repo.revparse_single(init_settings.git.default_branch)
+        diff = repo.diff(default_branch_head)
+        if diff.stats.files_changed > 0:
+            repo.merge(default_branch_head.id)
+            commit_and_push(
+                repo,
+                init_settings.git.remote_name,
+                branch_id,
+                f"Merged {init_settings.git.default_branch}",
+                Signature(current_user["name"], current_user["sub"]),
+                extra_parents=[default_branch_head.id],
+            )
+        await cron.insecure_track_branches()
+
+
+@router.delete("/{branch_id}", status_code=204)
+async def delete_branch(
+    branch_id: str,
+    current_user: Annotated[dict, Depends(get_current_user)],  # noqa:ARG001
+    local_delete: Annotated[bool, Header(alias="x-ueditor-delete-local-only")] = False,  # noqa:FBT002
+) -> None:
+    """Delete the given branch locally and remotely."""
+    branch_id = branch_id.replace("%2F", "/")
+    async with BranchContextManager(branch_id) as repo:
+        fetch_and_pull_branch(repo, init_settings.git.remote_name, branch_id)
+        if init_settings.git.default_branch == branch_id:
+            raise HTTPException(422, detail=[{"msg": "you cannot delete the default branch"}])
+        repo.checkout(repo.branches[init_settings.git.default_branch])
+        if init_settings.git.remote_name in list(repo.remotes.names()) and not local_delete:
+            if repo.branches[branch_id].upstream is not None:
+                repo.remotes[init_settings.git.remote_name].push(
+                    [f":refs/heads/{branch_id}"], callbacks=RemoteRepositoryCallbacks()
+                )
+        if branch_id in repo.branches:
+            repo.branches.delete(branch_id)
+        await cron.insecure_track_branches()

uedition_editor/api/configs.py

@@ -0,0 +1,86 @@
+# SPDX-FileCopyrightText: 2024-present Mark Hall <mark.hall@work.room3b.eu>
+#
+# SPDX-License-Identifier: MIT
+"""The uEditor API for accessing configurations."""
+
+import logging
+import os
+from typing import Annotated
+
+from fastapi import APIRouter, Depends
+from fastapi.exceptions import HTTPException
+from fastapi.responses import Response
+
+from uedition_editor.api.auth import get_current_user
+from uedition_editor.api.util import BranchContextManager, BranchNotFoundError
+from uedition_editor.settings import (
+    TEINode,
+    UEditionSettings,
+    UEditorSettings,
+    get_uedition_settings,
+    get_ueditor_settings,
+    init_settings,
+)
+
+router = APIRouter(prefix="/configs")
+logger = logging.getLogger(__name__)
+
+
+@router.get("/uedition", response_model=UEditionSettings)
+async def uedition_config(
+    branch_id: str,
+    current_user: Annotated[dict, Depends(get_current_user)],  # noqa:ARG001
+) -> dict:
+    """Fetch the uEdition configuration."""
+    branch_id = branch_id.replace("%2F", "/")
+    try:
+        async with BranchContextManager(branch_id):
+            settings = get_uedition_settings()
+            if "tei" in settings.sphinx_config:
+                if "blocks" in settings.sphinx_config["tei"]:
+                    settings.sphinx_config["tei"]["blocks"] = [
+                        TEINode(**block).model_dump() for block in settings.sphinx_config["tei"]["blocks"]
+                    ]
+                if "marks" in settings.sphinx_config["tei"]:
+                    settings.sphinx_config["tei"]["marks"] = [
+                        TEINode(**mark).model_dump() for mark in settings.sphinx_config["tei"]["marks"]
+                    ]
+            return settings.model_dump()
+    except BranchNotFoundError as bnfe:
+        raise HTTPException(404) from bnfe
+
+
+@router.get("/ueditor", response_model=UEditorSettings)
+async def tei_config(
+    branch_id: str,
+    current_user: Annotated[dict, Depends(get_current_user)],  # noqa:ARG001
+) -> dict:
+    """Fetch the uEditor configuration."""
+    branch_id = branch_id.replace("%2F", "/")
+    try:
+        async with BranchContextManager(branch_id):
+            return get_ueditor_settings().model_dump()
+    except BranchNotFoundError as bnfe:
+        raise HTTPException(404) from bnfe
+
+
+@router.get("/ui-stylesheet")
+async def ui_stylesheet(
+    branch_id: str,
+    current_user: Annotated[dict, Depends(get_current_user)],  # noqa:ARG001
+) -> str:
+    """Fetch the configured CSS stylesheets."""
+    branch_id = branch_id.replace("%2F", "/")
+    try:
+        async with BranchContextManager(branch_id):
+            tmp = []
+            for filename in get_ueditor_settings().ui.css_files:
+                full_path = os.path.join(init_settings.base_path, filename)
+                if os.path.exists(full_path):
+                    with open(full_path) as in_f:
+                        tmp.append(in_f.read())
+                else:
+                    raise HTTPException(404)
+            return Response("\n\n".join(tmp), media_type="text/css")
+    except BranchNotFoundError as bnfe:
+        raise HTTPException(404) from bnfe