brut/bincio-wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a85a2eeb6d683e8bb2b0e1989cd5d6673266a18c
bincio-wiki/edit/server.py
T
brutsalvadi a85a2eeb6d Fix sidecar: advance refs/heads/main after each commit 
post-receive uses `git checkout -f <SHA>` which detaches HEAD in the bare
repo. Without this fix, sidecar commits advance the detached HEAD but not
refs/heads/main and are orphaned on the next push.

Also commits CLAUDE.md docs update and the retry-loop sync-vps.sh.
2026-05-08 08:57:55 +02:00

508 lines
20 KiB
Python
Raw Blame History

"""FastAPI edit sidecar for BincioWiki — reads and writes markdown pages."""
from __future__ import annotations
import asyncio
import os
import re
import secrets
import shutil
import sqlite3
import tempfile
import time
from contextlib import contextmanager
from dataclasses import dataclass
from pathlib import Path
from typing import Optional
import bcrypt
from fastapi import Cookie, Depends, FastAPI, File, HTTPException, UploadFile
from fastapi.middleware.cors import CORSMiddleware
from fastapi.middleware.gzip import GZipMiddleware
from fastapi.responses import JSONResponse
from fastapi.staticfiles import StaticFiles
from pydantic import BaseModel
_ROOT = Path(__file__).parent.parent
pages_dir: Path = _ROOT / os.environ.get("WIKI_PAGES_DIR", "pages")
stories_dir: Path = _ROOT / os.environ.get("WIKI_STORIES_DIR", "blog")
assets_dir: Path = _ROOT / os.environ.get("WIKI_ASSETS_DIR", "assets")
site_dir: Path = _ROOT / "site"
# On VPS, copy built dist here so nginx can serve from /var/www with proper permissions.
_wiki_webroot: Path | None = Path(os.environ["WIKI_WEBROOT"]) if os.environ.get("WIKI_WEBROOT") else None
# Shared DB with bincio_activity.
# Dev default: /tmp/bincio_dev_test/instance.db (created by bincio_activity dev_test.py --fresh).
# Production: set SHARED_DB_PATH=/var/bincio/data/instance.db in the systemd service.
_SHARED_DB_PATH = Path(
os.environ.get("SHARED_DB_PATH", "/tmp/bincio_dev_test/instance.db")
)
_SESSION_DOMAIN = os.environ.get("SESSION_DOMAIN") or None
_SESSION_TTL = 30 * 24 * 3600 # 30 days (matches bincio_activity)
_SESSION_COOKIE = "bincio_session"
_SAFE_SLUG = re.compile(r"^[a-zA-Z0-9_][a-zA-Z0-9_\-/]*$")
_ALLOWED_IMAGE_TYPES = {"image/jpeg", "image/png", "image/webp", "image/gif"}
_MAX_IMAGE_BYTES = 10 * 1024 * 1024 # 10 MB
# Git attribution — on VPS the work tree has no .git dir; bare repo is separate.
# Set GIT_DIR to the bare repo path in the systemd service; GIT_WORK_TREE is _ROOT.
_GIT_DIR = os.environ.get("GIT_DIR")
_git_lock = asyncio.Lock()
def _git_env() -> dict:
env = os.environ.copy()
if _GIT_DIR:
env["GIT_DIR"] = _GIT_DIR
env["GIT_WORK_TREE"] = str(_ROOT)
env.setdefault("GIT_COMMITTER_NAME", "bincio-wiki")
env.setdefault("GIT_COMMITTER_EMAIL", "wiki@bincio.wiki")
return env
async def _git_file_hash(file_path: Path) -> str:
rel = str(file_path.relative_to(_ROOT))
try:
proc = await asyncio.create_subprocess_exec(
"git", "log", "-1", "--format=%H", "--", rel,
cwd=str(_ROOT), env=_git_env(),
stdout=asyncio.subprocess.PIPE,
stderr=asyncio.subprocess.DEVNULL,
)
stdout, _ = await proc.communicate()
return stdout.decode().strip()
except Exception:
return ""
async def _three_way_merge(
file_path: Path, user_content: str, base_hash: str, handle: str
) -> tuple[str, bool]:
"""Returns (merged_content, has_conflict). Falls back to user_content on error."""
rel = str(file_path.relative_to(_ROOT))
env = _git_env()
proc = await asyncio.create_subprocess_exec(
"git", "show", f"{base_hash}:{rel}",
cwd=str(_ROOT), env=env,
stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.DEVNULL,
)
stdout, _ = await proc.communicate()
if proc.returncode != 0:
return user_content, False
base_content = stdout.decode()
current_content = file_path.read_text(encoding="utf-8")
tmpdir = tempfile.mkdtemp()
try:
p_current = Path(tmpdir) / "current.md"
p_base = Path(tmpdir) / "base.md"
p_user = Path(tmpdir) / "user.md"
p_current.write_text(current_content, encoding="utf-8")
p_base.write_text(base_content, encoding="utf-8")
p_user.write_text(user_content, encoding="utf-8")
proc = await asyncio.create_subprocess_exec(
"git", "merge-file",
"-L", "attuale", "-L", "base", "-L", handle,
str(p_current), str(p_base), str(p_user),
stdout=asyncio.subprocess.DEVNULL, stderr=asyncio.subprocess.DEVNULL,
)
await proc.wait()
return p_current.read_text(encoding="utf-8"), proc.returncode > 0
finally:
shutil.rmtree(tmpdir, ignore_errors=True)
async def _git_commit(file_path: Path, handle: str, verb: str) -> None:
rel = str(file_path.relative_to(_ROOT))
env = _git_env()
try:
async with _git_lock:
add = await asyncio.create_subprocess_exec(
"git", "add", rel,
cwd=str(_ROOT), env=env,
stdout=asyncio.subprocess.DEVNULL,
stderr=asyncio.subprocess.DEVNULL,
)
await add.wait()
commit = await asyncio.create_subprocess_exec(
"git", "commit",
"-m", f"{handle}: {verb} {file_path.stem}",
"--author", f"{handle} <{handle}@bincio.wiki>",
cwd=str(_ROOT), env=env,
stdout=asyncio.subprocess.DEVNULL,
stderr=asyncio.subprocess.DEVNULL,
)
await commit.wait()
# post-receive uses `git checkout -f <SHA>` which detaches HEAD, so
# commits would advance the detached HEAD but not refs/heads/main and
# would be lost on the next push. Explicitly keep main up to date.
update_ref = await asyncio.create_subprocess_exec(
"git", "update-ref", "refs/heads/main", "HEAD",
cwd=str(_ROOT), env=env,
stdout=asyncio.subprocess.DEVNULL,
stderr=asyncio.subprocess.DEVNULL,
)
await update_ref.wait()
except Exception as e:
print(f"[git] commit failed for {rel}: {e}", flush=True)
def _unique_name(directory: Path, filename: str) -> str:
stem, suffix = Path(filename).stem, Path(filename).suffix
candidate = filename
counter = 1
while (directory / candidate).exists():
candidate = f"{stem}_{counter}{suffix}"
counter += 1
return candidate
# ── Shared DB helpers ─────────────────────────────────────────────────────────
@dataclass
class User:
handle: str
display_name: str
is_admin: bool
wiki_access: bool
activity_access: bool
@contextmanager
def _db():
if not _SHARED_DB_PATH.exists():
raise HTTPException(503, f"Shared DB not found at {_SHARED_DB_PATH}. "
"Set SHARED_DB_PATH or run bincio_activity first.")
con = sqlite3.connect(_SHARED_DB_PATH, check_same_thread=False)
con.row_factory = sqlite3.Row
con.execute("PRAGMA journal_mode=WAL")
con.execute("PRAGMA foreign_keys=ON")
try:
yield con
finally:
con.close()
def _get_session_user(token: str) -> Optional[User]:
try:
with _db() as con:
row = con.execute(
"SELECT s.handle, s.expires_at, u.display_name, u.is_admin, "
"u.wiki_access, u.activity_access "
"FROM sessions s JOIN users u ON s.handle = u.handle "
"WHERE s.token = ?",
(token,),
).fetchone()
except HTTPException:
raise
except Exception:
return None
if not row:
return None
if row["expires_at"] < int(time.time()):
return None
if not row["wiki_access"]:
return None
return User(
handle=row["handle"],
display_name=row["display_name"],
is_admin=bool(row["is_admin"]),
wiki_access=bool(row["wiki_access"]),
activity_access=bool(row["activity_access"]),
)
# ── Auth dependency ───────────────────────────────────────────────────────────
async def require_auth(bincio_session: Optional[str] = Cookie(default=None)) -> User:
if not bincio_session:
raise HTTPException(401, "Authentication required")
user = _get_session_user(bincio_session)
if not user:
raise HTTPException(401, "Authentication required")
return user
# ── App setup ─────────────────────────────────────────────────────────────────
_extra_origin = os.environ.get("WIKI_ORIGIN", "")
_origins = [_extra_origin] if _extra_origin else []
app = FastAPI(title="BincioWiki Edit Sidecar", docs_url=None, redoc_url=None)
app.add_middleware(GZipMiddleware, minimum_size=1024)
app.add_middleware(
CORSMiddleware,
allow_origins=_origins,
allow_origin_regex=r"https?://localhost(:\d+)?",
allow_credentials=True,
allow_methods=["GET", "POST", "DELETE"],
allow_headers=["Content-Type"],
)
# ── Auth endpoints ────────────────────────────────────────────────────────────
@app.get("/api/log")
async def get_wiki_log(user: User = Depends(require_auth)) -> JSONResponse:
env = _git_env()
proc = await asyncio.create_subprocess_exec(
"git", "log", "--format=%h|%ar|%aN|%s", "-n", "50", "--", "pages/", "blog/",
cwd=str(_ROOT), env=env,
stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.DEVNULL,
)
stdout, _ = await proc.communicate()
entries = []
for line in stdout.decode().strip().splitlines():
parts = line.split("|", 3)
if len(parts) == 4:
entries.append({"hash": parts[0], "date": parts[1], "author": parts[2], "message": parts[3]})
return JSONResponse({"log": entries})
@app.get("/api/me")
async def me(user: User = Depends(require_auth)) -> JSONResponse:
return JSONResponse({
"handle": user.handle,
"display_name": user.display_name,
"is_admin": user.is_admin,
"wiki_access": user.wiki_access,
"activity_access": user.activity_access,
})
class LoginBody(BaseModel):
handle: str
password: str
@app.post("/api/auth/login")
async def login(body: LoginBody) -> JSONResponse:
"""Login endpoint for local dev. In production, login via bincio.org."""
try:
with _db() as con:
row = con.execute(
"SELECT handle, display_name, password_hash, is_admin, "
"wiki_access, activity_access FROM users WHERE handle = ?",
(body.handle.strip().lower(),),
).fetchone()
except HTTPException:
raise
if not row or not bcrypt.checkpw(body.password.encode(), row["password_hash"].encode()):
raise HTTPException(401, "Credenziali non valide")
if not row["wiki_access"]:
raise HTTPException(403, "Accesso al wiki non autorizzato")
token = secrets.token_hex(32)
expires = int(time.time()) + _SESSION_TTL
with _db() as con:
con.execute(
"INSERT INTO sessions (token, handle, created_at, expires_at) VALUES (?, ?, ?, ?)",
(token, row["handle"], int(time.time()), expires),
)
con.commit()
resp = JSONResponse({"handle": row["handle"], "display_name": row["display_name"]})
kwargs: dict = dict(
key=_SESSION_COOKIE, value=token,
httponly=True, samesite="lax", max_age=_SESSION_TTL,
)
if _SESSION_DOMAIN:
kwargs["domain"] = _SESSION_DOMAIN
resp.set_cookie(**kwargs)
return resp
@app.post("/api/auth/logout")
async def logout(bincio_session: Optional[str] = Cookie(default=None)) -> JSONResponse:
if bincio_session:
try:
with _db() as con:
con.execute("DELETE FROM sessions WHERE token = ?", (bincio_session,))
con.commit()
except Exception:
pass
resp = JSONResponse({"ok": True})
kwargs: dict = dict(key=_SESSION_COOKIE)
if _SESSION_DOMAIN:
kwargs["domain"] = _SESSION_DOMAIN
resp.delete_cookie(**kwargs)
return resp
# ── File helpers ──────────────────────────────────────────────────────────────
def _slug_to_path(slug: str, base: Path) -> Path:
if not _SAFE_SLUG.match(slug):
raise HTTPException(400, "Invalid slug")
resolved = (base / f"{slug}.md").resolve()
if not str(resolved).startswith(str(base.resolve())):
raise HTTPException(400, "Path traversal detected")
return resolved
class PageBody(BaseModel):
content: str
base_hash: str | None = None
def _list(base: Path) -> list[str]:
if not base.exists():
return []
return [str(p.relative_to(base).with_suffix("")) for p in sorted(base.rglob("*.md"))]
async def _get(slug: str, base: Path) -> JSONResponse:
path = _slug_to_path(slug, base)
if not path.exists():
raise HTTPException(404, "Not found")
content = path.read_text(encoding="utf-8")
base_hash = await _git_file_hash(path)
return JSONResponse({"slug": slug, "content": content, "base_hash": base_hash})
def _save(slug: str, body: PageBody, base: Path) -> JSONResponse:
path = _slug_to_path(slug, base)
path.parent.mkdir(parents=True, exist_ok=True)
path.write_text(body.content, encoding="utf-8")
return JSONResponse({"slug": slug, "saved": True})
def _delete(slug: str, base: Path) -> JSONResponse:
path = _slug_to_path(slug, base)
if not path.exists():
raise HTTPException(404, "Not found")
path.unlink()
return JSONResponse({"slug": slug, "deleted": True})
# ── Page endpoints ────────────────────────────────────────────────────────────
@app.get("/pages")
async def list_pages(user: User = Depends(require_auth)) -> JSONResponse:
return JSONResponse({"pages": _list(pages_dir)})
@app.get("/pages/{slug:path}")
async def get_page(slug: str, user: User = Depends(require_auth)) -> JSONResponse:
return await _get(slug, pages_dir)
@app.post("/pages/{slug:path}")
async def save_page(slug: str, body: PageBody, user: User = Depends(require_auth)) -> JSONResponse:
path = _slug_to_path(slug, pages_dir)
content = body.content
if body.base_hash and path.exists():
current_hash = await _git_file_hash(path)
if current_hash and current_hash != body.base_hash:
merged, conflict = await _three_way_merge(path, body.content, body.base_hash, user.handle)
if conflict:
raise HTTPException(409, detail={
"message": "Conflitto — risolvi i marcatori e salva di nuovo",
"content": merged,
"base_hash": current_hash,
})
content = merged
path.parent.mkdir(parents=True, exist_ok=True)
path.write_text(content, encoding="utf-8")
await _git_commit(path, user.handle, "edited")
return JSONResponse({"slug": str(path.relative_to(pages_dir).with_suffix("")), "saved": True})
@app.delete("/pages/{slug:path}")
async def delete_page(slug: str, user: User = Depends(require_auth)) -> JSONResponse:
path = _slug_to_path(slug, pages_dir)
result = _delete(slug, pages_dir)
await _git_commit(path, user.handle, "deleted")
return result
# ── Story endpoints ───────────────────────────────────────────────────────────
@app.get("/stories")
async def list_stories(user: User = Depends(require_auth)) -> JSONResponse:
return JSONResponse({"stories": _list(stories_dir)})
@app.get("/stories/{slug:path}")
async def get_story(slug: str, user: User = Depends(require_auth)) -> JSONResponse:
return await _get(slug, stories_dir)
@app.post("/stories/{slug:path}")
async def save_story(slug: str, body: PageBody, user: User = Depends(require_auth)) -> JSONResponse:
path = _slug_to_path(slug, stories_dir)
content = body.content
if body.base_hash and path.exists():
current_hash = await _git_file_hash(path)
if current_hash and current_hash != body.base_hash:
merged, conflict = await _three_way_merge(path, body.content, body.base_hash, user.handle)
if conflict:
raise HTTPException(409, detail={
"message": "Conflitto — risolvi i marcatori e salva di nuovo",
"content": merged,
"base_hash": current_hash,
})
content = merged
path.parent.mkdir(parents=True, exist_ok=True)
path.write_text(content, encoding="utf-8")
await _git_commit(path, user.handle, "edited")
return JSONResponse({"slug": str(path.relative_to(stories_dir).with_suffix("")), "saved": True})
@app.delete("/stories/{slug:path}")
async def delete_story(slug: str, user: User = Depends(require_auth)) -> JSONResponse:
path = _slug_to_path(slug, stories_dir)
result = _delete(slug, stories_dir)
await _git_commit(path, user.handle, "deleted")
return result
# ── Asset upload ─────────────────────────────────────────────────────────────
@app.post("/api/assets")
async def upload_asset(file: UploadFile = File(...), user: User = Depends(require_auth)) -> JSONResponse:
if not file.filename:
raise HTTPException(400, "No filename")
ct = file.content_type or ""
if ct not in _ALLOWED_IMAGE_TYPES:
raise HTTPException(400, "Only JPEG, PNG, WebP, or GIF images are accepted")
contents = await file.read()
if len(contents) > _MAX_IMAGE_BYTES:
raise HTTPException(413, f"Image too large (max {_MAX_IMAGE_BYTES // (1024 * 1024)} MB)")
assets_dir.mkdir(parents=True, exist_ok=True)
safe_name = _unique_name(assets_dir, Path(file.filename).name)
(assets_dir / safe_name).write_bytes(contents)
return JSONResponse({"ok": True, "filename": safe_name, "url": f"/assets/{safe_name}"})
@app.post("/rebuild")
async def rebuild(user: User = Depends(require_auth)) -> JSONResponse:
try:
# Clear Astro content cache so changed files outside site/ are re-read.
try:
(site_dir / ".astro" / "data-store.json").unlink(missing_ok=True)
except Exception:
pass
proc = await asyncio.create_subprocess_exec(
"npm", "run", "build", "--", "--force",
cwd=site_dir,
stdout=asyncio.subprocess.PIPE,
stderr=asyncio.subprocess.PIPE,
)
try:
stdout, stderr = await asyncio.wait_for(proc.communicate(), timeout=120)
except asyncio.TimeoutError:
proc.kill()
raise HTTPException(504, "Build timed out after 120s")
if proc.returncode == 0 and _wiki_webroot:
sync = await asyncio.create_subprocess_exec(
"rsync", "-a", "--delete",
str(site_dir / "dist") + "/",
str(_wiki_webroot) + "/",
)
await sync.wait()
return JSONResponse({
"success": proc.returncode == 0,
"stdout": stdout.decode()[-3000:] if stdout else "",
"stderr": stderr.decode()[-3000:] if stderr else "",
})
except HTTPException:
raise
except Exception as e:
raise HTTPException(500, str(e))
# Serve uploaded assets. Must be mounted after all route definitions.
assets_dir.mkdir(parents=True, exist_ok=True)
app.mount("/assets", StaticFiles(directory=assets_dir), name="assets")
Reference in New Issue View Git Blame Copy Permalink