1
0
Fork 0
mirror of https://code.sup39.dev/repos/Wqawg synced 2024-12-31 04:54:51 +09:00
Commit graph

582 commits

Author SHA1 Message Date
fr33domlover
e341f62587 Fix typo in comment 2019-03-09 15:44:31 +00:00
fr33domlover
468202cf45 Fix instance mutex deadlock, accidentally initialized the MVar empty 2019-03-09 15:43:30 +00:00
fr33domlover
37216d9045 Move remote actor DB code from Foundation to separate module 2019-03-09 15:40:02 +00:00
fr33domlover
b0e33af4d8 Fix typo in actor key route 2019-03-06 01:49:55 +00:00
fr33domlover
043022d117 When verifying HTTP sig, make Ed25519 verification failure message clearer 2019-03-06 01:31:30 +00:00
fr33domlover
c26289cf42 Don't check CSRF token in InboxR, POSTs there freely come from other servers 2019-03-05 09:00:22 +00:00
fr33domlover
6e721797e9 Catch sig generation error when sending signed HTTP POST 2019-03-05 08:26:41 +00:00
fr33domlover
97594dc945 Fix default actor URI in OutboxR form, from /p to /s 2019-03-04 20:12:19 +00:00
fr33domlover
378ca1b3d4 Fix bug in FedURI parsing 2019-03-04 20:11:58 +00:00
fr33domlover
bb662e798f Display clearer error message when GETing recipient actor fails 2019-03-04 15:47:22 +00:00
fr33domlover
78b5bad2c4 Support bypassing email verification of new users 2019-03-04 14:51:51 +00:00
fr33domlover
c41f1183e0 Display instance host at the top of all pages 2019-03-04 09:06:23 +00:00
fr33domlover
ad034dbacc Make the registration switch work again 2019-03-04 08:14:36 +00:00
fr33domlover
6bbba4ce5c Use MVars to protect concurrenct access to instance/actor/key DB records 2019-03-02 19:13:51 +00:00
fr33domlover
f09bdd4141 Add key storage mode that replaces old keys instead of rejecting new ones 2019-02-26 14:00:22 +00:00
fr33domlover
2e705b6868 Make key storage limits configurable instead of hardcoding to 2 2019-02-24 01:35:07 +00:00
fr33domlover
17524b6ee1 Remove hardcoded-to-2 limit on length of an actor's list of public keys 2019-02-24 01:21:42 +00:00
fr33domlover
0912b8e291 Use the DB for checking key usage by actors
* When we refetch a personal key, we never need to separately fetch the actor
* When we refetch a shared key, check usage in DB and insert usage to DB
2019-02-23 17:17:52 +00:00
fr33domlover
b53a7b4f48 Refactor actor key fetching code a bit 2019-02-22 08:30:43 +00:00
fr33domlover
1affe269bb Refactor HTTP sig verification DB update code 2019-02-22 07:20:19 +00:00
fr33domlover
d3e14b3edf Add LocalURI type for recording shared URI host 2019-02-21 23:59:53 +00:00
fr33domlover
aefb2aaee7 Add InstanceURI datatype 2019-02-20 07:40:25 +00:00
fr33domlover
4053f2f2b4 Record usage of instance keys in the DB
When we verify an HTTP signature,

* If we know the key, check in the DB whether we know the actor lists it. If it
  doesn't, and there's room left for keys, HTTP GET the actor and update the DB
  accordingly.
* If we know the key but had to update it, do the same, check usage in DB and
  update DB if needed
* If we don't know the key, record usage in DB

However,

* If we're GETing a key and discovering it's a shared key, we GET the actor to
  verify it lists the key. When we don't know the key at all yet, that's fine
  (can be further optimized but it's marginal), but if it's a key we do know,
  it means we already know the actor and for now it's enough for us to rely
  only on the DB to test usage.
2019-02-19 10:54:55 +00:00
fr33domlover
312ccf6979 When verifying HTTP sig with known shared key, verify actor lists the key
Previously, when verifying an HTTP signature and we fetched the key and
discovered it's shared, we'd fetch the actor and make sure it lists the key URI
in the `publicKey` field. But if we already knew the key, had it cached in our
DB, we wouldn't check the actor at all, despite not knowing whether it lists
the key.

With this patch, we now always GET the actor when the key is shared,
determining the actor URI from the `ActivityPub-Actor` request header, and we
verify that the actor lists the key URI. We do that regardless of whether or
not we have the key in the DB, although these two cases and handled in
different parts of the code right now (for a new key, it's in Web.ActivityPub
fetchKey; for a known key, it's in Vervis.Foundation httpVerifySig).
2019-02-18 09:20:13 +00:00
fr33domlover
9b8cae79e0 Remove old commented out line of code 2019-02-18 09:18:50 +00:00
fr33domlover
69e807214d Even if we have the specified keyid in the DB, check AP actor header if present
Previously, when verifying an HTTP signature and we find out we have the
provided keyid in the DB, and this key is a personal key, we would just grab
the key owner from the DB and ignore the ActivityPub-Actor header.

This patch adds a check: If we find the key in the DB and it's a personal key,
do grab the owner from that DB row, but also check the actor header: If it's
provided, it has to be identical to the key owner ID URI.
2019-02-17 00:32:38 +00:00
fr33domlover
fa5c509a25 When we fetch a stand-alone personal key, make sure AP-Actor matches key owner
If the key we fetched is a shared key, the only way to determine the actor to
which the signature applies is to read the HTTP header ActivityPub-Actor. But
if it's a personal key, we can detect the actor by checking the key's owner
field. Still, if that actor header is provided, we now compare it to the key
owner and make sure they're identical.

When fetching a key that is embedded in the actor document, we were already
comparing the actor ID with the actor header, so that part didn't require
changes.
2019-02-17 00:14:05 +00:00
fr33domlover
bf56ebf158 Make the verification key update logic clearer 2019-02-16 21:47:58 +00:00
fr33domlover
9e0314fa09 Store remote actors' inbox URIs in DB, avoiding some actor fetch
When a local user wants to publish an activity, we were always GETing the
recipient actor, so that we could determine their inbox and POST the activity
to it. But now, instead, whenever we GET an actor (whether it's for the key sig
verification or for determining inbox URI), we keep their inbox URI in the
database, and we don't need to GET it again next time.
2019-02-14 23:27:40 +00:00
fr33domlover
128f1297ec In postInboxR, use the Activity type, so we only accept Create Note for now 2019-02-14 22:29:59 +00:00
fr33domlover
fb396bb984 Define breadcrumbs for shared actor key routes 2019-02-14 22:17:04 +00:00
fr33domlover
e6b7a5297a Fix error in key expiration check caused by a typo 2019-02-14 22:16:15 +00:00
fr33domlover
e8ba301c6a Switch actor ID URIs to be /s/ACTOR instead of /p and /g
See Vervis ticket #60.
2019-02-14 22:13:58 +00:00
fr33domlover
754709833a When a client posts to their outbox, allow only Create Note, not near-any JSON 2019-02-12 11:53:24 +00:00
fr33domlover
c2bf470fb6 Generate and keep permanent salt for generating hashids for URIs 2019-02-08 21:54:22 +00:00
fr33domlover
9536d870e5 Add utility for loading permanent key files, and use it for ocap signing key 2019-02-08 03:13:56 +00:00
fr33domlover
8ac559d064 New datatype FedURI for @id URIs
Using a dedicated type allows to record in the type the guarantees that we
provide, such as scheme being HTTPS and authority being present. Allows to
replace ugly `fromJust` and such with direct field access.
2019-02-07 23:08:28 +00:00
fr33domlover
e325175a9c Publish 2 rotating instance-scope keys instead of the one-implicitly-shared-key
Before, there was a single key used as a personal key for all actors. Now,
things work like this:

- There are 2 keys, each time one is rotated, this way the old key remains
  valid and we can freely rotate without a risk of race conditions on other
  servers and end up with our posts being rejected
- The keys are explicitly instance-scope keys, all actors refer to them
- We add the ActivityPub-Actor header to all activity POSTs we send, to declare
  for which specific actor our signature applies. Activities and otherwise
  different payloads may have varying ways to specify attribution; using this
  header will be a standard uniform way to specify the actor, regardless of
  payload format. Of course, servers should make sure the actual activity is
  attributed to the same actor we specified in the header. (This is important
  with instance-scope keys; for personal keys it's not critical)
2019-02-07 10:34:33 +00:00
fr33domlover
8166d5b5eb Support for instance-scope keys when verifying HTTP signature 2019-02-06 02:48:23 +00:00
fr33domlover
400245cf34 Accept HTTP signatures made with shared instance-scope actor keys 2019-02-05 13:02:15 +00:00
fr33domlover
e8a5ef4e86 Replace unused symbol name with underscore 2019-02-05 12:56:06 +00:00
fr33domlover
d4c7fa5809 When parsing ID URIs in AP JSON, make sure their authority part is non-empty 2019-02-05 12:54:55 +00:00
fr33domlover
c2c4e24497 Support actor key expiration
Allow keys to specify expiration time using w3c security vocabulary. If a key
has expired, we treat it like sig validation failure and re-fetch the key from
the other server. And we never accept a sig, even a valid sig, if the key has
expired.

Since servers keep actors and keys in the DB, expiration can be a nice way to
ask that keys aren't used more than we want them to. The security vocab spec
also recommends to set expiration time on keys, so it's nice to support this
feature.
2019-02-05 04:05:44 +00:00
fr33domlover
37b3416a41 Support remote actors specifying 2 keys, and DB storage of these keys
It's now possible for activities we be attributed to actors that have more than
one key. We allow up to 2 keys. We also store in the DB. Scaling to support any
number of keys is trivial, but I'm limiting to 2 to avoid potential trouble and
because 2 is the actual number we need.

By having 2 keys, and replacing only one of them in each rotation, we avoid
race conditions. With 1 key, the following can happen:

1. We send an activity to another server
2. We rotate our key
3. The server reaches the activity in its processing queue, tries to verify our
   request signature, but fails because it can't fetch the key. It's the old
   key and we discarded it already, replaced it with the new one

When we use 2 keys, the previous key remains available and other servers have
time to finish processing our requests signed with that key. We can safely
rotate, without worrying about whether the user sent anything right before the
rotation time.

Caveat: With this feature, we allow OTHER servers to rotate freely. It's safe
because it's optional, but it's just Vervis right now. Once Vervis itself
starts using 2 keys, it will be able to rotate freely without race condition
risk, but probably Mastodon etc. won't accept its signatures because of the use
of 2 keys and because they're server-scope keys.

Maybe I can get these features adopted by the fediverse?
2019-02-04 19:38:50 +00:00
fr33domlover
02da508ed0 Allow actor publicKey to be a URI, and require the URI to match the Sig keyId 2019-02-04 10:07:25 +00:00
fr33domlover
c336d56036 Allow actor public key to be in a separate document 2019-02-03 23:39:56 +00:00
fr33domlover
8db38c087f Allow other servers to do blind key rotation by re-fetching if sig is invalid 2019-02-03 15:05:28 +00:00
fr33domlover
b0b2aa83c5 Store remote actor keys in the DB, reuse them instead of GETing every time 2019-02-03 13:58:14 +00:00
fr33domlover
21c8df1251 Actor public key specifies whether it's shared
Shared key means the key is used for multiple actors. I'm not sure explicitly
specifying this will be necessary, but I prefer to have it in place to help
with debugging in case something unexpected comes from other servers, or my
format overlaps with stuff used in other software and encodes a different
meaning.

Each public key can specify whether it's shared or personal, and this patch
checks for that when verifying a request signature. It rejects shared keys,
accepting valid sigs only from personal keys.

Very soon I'll add shared key support.
2019-02-03 11:12:18 +00:00
fr33domlover
991296faa1 Move some JSON/AP codec utils to new Data.Aeson.Local module 2019-02-03 11:01:36 +00:00
fr33domlover
e6f987817e Fix: HTTP signature wasn't being sent in AP POSTs 2019-02-03 10:59:35 +00:00
fr33domlover
cd8ed9ef89 Hold a persistent server key for ocap signatures 2019-01-30 03:12:42 +00:00
fr33domlover
c0965a4c47 Default roles for repos and turn user/anon collab tables into proj/repo fields
* Repo collab now supports basic default roles developer/user/guest like
  project collab does
* User/Anon collab for repos and projects are now stored as fields instead of
  in dedicated tables, there was never a need for dedicated tables but I didn't
  see that before
* Repo push op is now part of `ProjectOperation`
* `RepoRole` and related code has been entirely removed, only project roles
  remain and they're used for both repos and projects
* This is the first not-totally-trivial DB migration in Vervis, it's automatic
  but please be careful and report errors
2019-01-29 22:24:32 +00:00
fr33domlover
5cba838917 Enable basic default project roles
* When adding collaborators, you don't need a custom role. If you don't choose
  one, a basic default "developer" role will be used
* If you don't assign a `ProjectCollabUser` role, a default "user" role is
  assumed for logged in users, otherwise a "guest" role
* The "guest" role currently has no access at all
* Theoretically there may also be a "maintainer" role allowing project
  sharers/maintainers to give maintainer-level access to more people, but right
  now maintainer role would be the same as developer so I haven't added it yet
2019-01-28 14:43:07 +00:00
fr33domlover
577df6ddcf Add "about" field to person table, display in person page 2019-01-26 23:39:13 +00:00
fr33domlover
e9ac361f27 Uncomment new person form, it's not being used 2019-01-26 23:38:43 +00:00
fr33domlover
20c0e40638 Determine operation access in Vervis.Access, reuse it everywhere it's needed 2019-01-26 22:22:49 +00:00
fr33domlover
250701712a Move most of the DB graph modules to a separate persistent-graph library 2019-01-26 22:20:19 +00:00
fr33domlover
da6d8c008e Rename project field in Project Role assignment tables, it had the wrong name 2019-01-26 12:56:15 +00:00
fr33domlover
4875f0b9f7 Make login status display consider unverified login 2019-01-21 22:51:19 +00:00
fr33domlover
04e26a911d In httpGetAP, if we got an unexpected Content-Type, specify it in error message 2019-01-21 22:24:09 +00:00
fr33domlover
1f47ca39eb Federation test outbox page with form for entering JSON 2019-01-21 15:54:57 +00:00
fr33domlover
2cc621e3a5 Public ActivityPub actor in PersonR
It already had one, but it didn't have a public key and it was using the old
mess of the Vervis.ActivityStreams module, which I'll possibly remove soon.
It's hopefully more elegant now.
2019-01-19 05:56:58 +00:00
fr33domlover
2a4dc345f4 Back to using the (updated) YesodHttpSig class 2019-01-19 04:21:56 +00:00
fr33domlover
393cce0ede When GETing the keyId, set Accept header to JSON-LD/AS2 2019-01-19 02:57:58 +00:00
fr33domlover
93def0dfc8 When doing httpJSON to GET keyId, use appHttpManager, not the silly global one 2019-01-19 02:33:20 +00:00
fr33domlover
28439b0236 Add InboxR to breadcrumbs instance, I always forget and it causes errors 2019-01-19 02:20:49 +00:00
fr33domlover
e4153fc909 Ugh I forgot *again* to commit a new source file, the actual InboxR handler 2019-01-19 01:56:50 +00:00
fr33domlover
df01560ea6 ActivityPub inbox test page
This patch includes some ugliness and commented out code. Sorry for that. I'll
clean it up soon.

Basically there's a TVar holding a Vector of at most 10 AP activities. You can
freely POST stuff to /inbox, and then GET /inbox and see what you posted, or an
error description saying why your activity was rejected.
2019-01-19 01:44:21 +00:00
fr33domlover
499e26db48 Periodically rotated AP actor key for signing ActivityPub requests
The actor key will be used for all actors on the server. It's held in a `TVar`
so that it can always be safely updated and safely retrieved (technically there
is a single writer so IORef and MVar could work, but they require extra care
while TVar is by design suited for this sort of thing).
2019-01-14 22:08:44 +00:00
fr33domlover
adaa920aa4 Launch service thread with a function that re-throws if they fail
In Haskell by default if a thread has an exception, the main thread isn't
notified at all. This patch changes service thread launching to re-throw their
exceptions in the main thread, so that their failure is noticed.
2019-01-14 22:03:49 +00:00
fr33domlover
5862b03019 Remove HTTP connection manager, it's not being used
I suppose there's no performance difference in using one, but it requires
`http-conduit` as a build dependency, so potentially we may be reducing build
time by removing unnecessary deps.
2019-01-14 02:30:39 +00:00
fr33domlover
0e2001af0f Palette: Make the dark blue lighter, it's too dark against the #111 background 2019-01-03 10:18:09 +00:00
fr33domlover
632bfe1979 In repo change feed, entry ID is now the URL of patch page 2018-12-12 08:37:01 +00:00
fr33domlover
4bd33b59e5 Remove GitOld module, it's not in use anymore 2018-12-12 07:59:19 +00:00
fr33domlover
33338a73cc Upgrade to GHC 8.4 and LTS 12 2018-12-05 03:41:19 +00:00
fr33domlover
9bc5d411c8 Change color scheme to something hopefully not controversial 2018-07-12 09:25:04 +00:00
fr33domlover
cf3f8fb8f6 Add CSRF token to all buttons through a new buttonW widget 2018-07-11 08:15:19 +00:00
fr33domlover
01163dfe9a Darcs patch parser: Make sure we read the whole patch successfully 2018-07-10 16:00:01 +00:00
fr33domlover
edaf141359 Fix Darcs patch author parsing 2018-07-10 15:26:16 +00:00
fr33domlover
a50de1fe88 Darcs patch view, supporting only text file edit hunks so far 2018-07-10 14:02:30 +00:00
fr33domlover
13bd369de3 Darcs patch reader: Join adjacent remove-add sequences like in the Git module 2018-07-09 19:12:11 +00:00
fr33domlover
16c71b666f Data.List.Local: Generalize input list to be any Foldable 2018-07-08 21:57:08 +00:00
fr33domlover
c8146bbff4 Data.List.Local: Comment out the unused groupByFst 2018-07-08 21:56:08 +00:00
fr33domlover
7782e83419 Initial implementation of Darcs patch reader 2018-07-08 14:45:35 +00:00
fr33domlover
c8b085fbc8 Plan for parsing Darcs patch for patch view 2018-07-07 16:05:10 +00:00
fr33domlover
a1d0b8402e Disable CSRF token check for HTTP git pull
Git pull uses a POST request, which is treated as a write request and the CSRF
token is checked. However, no modification to the server is made by git pulls,
as far as I know (actually I'm not sure why it uses a POST). The entire
response is handled by the git command, and the client side is usually the git
command running in the terminal, there's no session and no cookies (as far as I
know). So I'm just disabling CSRF token checking for this route.
2018-07-01 15:04:33 +00:00
fr33domlover
c420b8d8ea Make the cookie encryption key and timeout configurable in settings file 2018-07-01 08:15:23 +00:00
fr33domlover
870123bfcc Enable CSRF middleware, hopefully this time it works 2018-07-01 04:51:43 +00:00
fr33domlover
9ed1f4c99d Fix: Sharer and repo in SSH address path weren't being lowercased in SSH server
The sharer and repo were being taken and used as is to check push permissions,
which is how it's supposed to be, *but* they were also being used as is to
build the repo path! So sharer and repo names that aren't all lowercase were
getting "No such repository" errors when trying to push.

I changed `RepoSpec` to hold `ShrIdent` and `RpIdent` instead of plain `Text`,
to avoid confusions like that and be clear and explicit about the
representation, and failures to find a repo after verifying it against the DB
are now logged as errors to help with debugging.

I hope this fixes the problem.
2018-06-18 08:30:57 +00:00
fr33domlover
6088b1e117 Display tickets in list view the same as in tree view 2018-06-17 10:29:51 +00:00
fr33domlover
ef21175ec2 Allow loading the SVG font from deployment data path 2018-05-26 10:27:05 +00:00
fr33domlover
0b2090f048 Fix issue: Ticket table was displaying project sharer instead of ticket author 2018-05-26 08:02:07 +00:00
fr33domlover
5c12e7c34f Add project role op for opening tickets, require it for opening a ticket
Before that only the project's sharer was authorized to open a ticket. Now
everyone can, once given a role with the op.
2018-05-26 06:59:54 +00:00
fr33domlover
ca1e83f504 Apply basic style to make commit diffs look a bit less very ugly 2018-05-24 22:42:01 +00:00
fr33domlover
0895fbf911 Minimal diff context line number is 1, not 0, latter caused vector slice error 2018-05-24 22:20:52 +00:00
fr33domlover
7d237b7540 Adapt to darcs-lights and changes in darcs-rev 2018-05-24 21:45:01 +00:00
fr33domlover
400ddf6089 Forgot breadcrumb for RepoPatchR 2018-05-24 21:44:13 +00:00
fr33domlover
b398f05ecc Ignore line numbers when computing diff 2018-05-21 20:54:05 +00:00
fr33domlover
9f77ea69cb Display commit diff for Git repos 2018-05-21 20:32:34 +00:00
fr33domlover
dbec638415 Generate commit diff data for git repos 2018-05-19 16:10:03 +00:00
fr33domlover
5e2ac28c30 Forgot to record new files! 2018-05-18 19:44:14 +00:00
fr33domlover
6d97636b0f Commit info display, no diff diplay yet 2018-05-17 23:33:37 +00:00
fr33domlover
ce89bded73 Add a commit view route, nothing displayed yet 2018-05-17 15:46:57 +00:00
fr33domlover
8eca3fa647 Upgrade to GHC 8 and LTS 10.10 2018-05-16 00:02:54 +00:00
fr33domlover
47b0cdfc2f Implement forgotten loadUserByEmailAddress (thanks ultrason) 2018-05-15 23:54:12 +00:00
fr33domlover
d49b5d678c Allow login using email address 2018-04-11 11:09:42 +00:00
fr33domlover
c172784d61 Display last change for Darcs repos in homepage 2018-04-09 22:00:01 +00:00
fr33domlover
c768659f57 Fix typo in message text 2018-04-09 00:38:40 +00:00
fr33domlover
3cc2810d4e Fix DB migrations and use the validating addEntities 2018-04-05 00:04:39 +00:00
fr33domlover
28f6cbaf5a Fix accidental infinite loop in error message formatting 2018-04-05 00:03:27 +00:00
fr33domlover
ec28256de5 Adapt to switch to typed default/fill values in persistent-migration 2018-04-03 01:20:24 +00:00
fr33domlover
7c2faa7faa Email tokens expire within 1 day 2018-04-01 03:02:35 +00:00
fr33domlover
282ed32fe6 Upgrade to latest yesod-auth-account 2018-04-01 01:29:50 +00:00
fr33domlover
c2785c8e47 Oops forgot to commit a source file 2018-04-01 00:59:13 +00:00
fr33domlover
bfa6436bb3 Atom and RSS feeds for repo history 2018-03-31 22:04:33 +00:00
fr33domlover
c5a50c336e Adapt to persistent-migration changes
We have gained:

* Haskell-side validation of schema changes before their execution
* Report of results of migration process
* Handling of old deployments

However:

* The validation code hasn't been tested yet at all
* Most of the migration list hasn't been applied at all yet
* Adding lists of entities from a model file is NOT VALIDATED!!! It's totally
  possible to implement, just need to catch all the small details right
2018-03-31 19:22:37 +00:00
fr33domlover
bec9290783 Complete DB migration list, allowing to upgrade 2016-08-04 running instance
Until now the list of DB migration actions was incomplete, containing only
changes made since I added the migration system itself. It now contains the
2016-08-04 model, and then every change made since then.

IMPORTANT: The 2016-08-04 instance doesn't have a schema version entity at all,
so it is assigned version 0, while the actual version of its schema is 1. I'm
going to patch persistent-migration to allow it to be 1, making the migration
path smooth.
2018-03-27 14:28:56 +00:00
fr33domlover
f149da8ec6 getPersonR respond with minimal ActivityPub actor 2018-03-25 19:26:30 +00:00
fr33domlover
abfb77479f Move DarcsRev and code we're sharing with it into a separate library 2018-03-20 23:45:09 +00:00
fr33domlover
ff5bb97383 Move Yesod.Mail.Send to a new dedicated separate library 2018-03-20 16:01:33 +00:00
fr33domlover
865d81c235 Resend POST and verify GET require unverified login 2018-03-18 00:13:22 +00:00
fr33domlover
baeef7873e Unverified login and dedicated route for verification email resend form 2018-03-17 22:59:40 +00:00
fr33domlover
f196bf38d6 Unverified variants of setCreds and clearCreds 2018-03-17 22:16:02 +00:00
fr33domlover
139cc996d6 Write unverified login user functions 2018-03-17 17:30:46 +00:00
fr33domlover
d026cf0656 Treat email address as EmailAddress instead of Text including in the mailer 2018-03-06 02:26:27 +00:00
fr33domlover
33af9fb289 Use HTTPS for avatar URL if approot in settings is https:// 2018-03-06 00:55:52 +00:00
fr33domlover
3398b56931 Switch to yesod-auth-account and make the mail code independent of Vervis 2018-03-03 21:33:59 +00:00
fr33domlover
fb47407f2b Adapt to changes in persistent-migration 2018-02-27 03:03:24 +00:00
fr33domlover
829fd72fef Use my new persistent-migration library, to which I moved the related modules 2018-02-26 14:23:02 +00:00
fr33domlover
3b4bd2a5e8 I made upgrades to the DB migration system in Funbot, apply them here too 2018-02-25 11:14:07 +00:00
fr33domlover
b8681e2681 Change breadcrumb separator from "::" to Unicode arrow "→" 2018-02-25 09:55:55 +00:00
fr33domlover
c2d1bb444b Add email sending capability to Vervis 2018-02-25 09:28:55 +00:00
fr33domlover
fc556e0eb3 Workflow scope field, minimal support 2016-09-01 17:40:02 +00:00
fr33domlover
6b4ecb99c7 Migration: Repsert, not update, otherwise schema version never saved 2016-09-01 17:38:44 +00:00
fr33domlover
cd1f7af46e Migration: Safe IsString instances for Field, Entity, Unique 2016-09-01 17:37:20 +00:00
fr33domlover
e027789fbd Migration: When escaping names, forgot to surround then with "s 2016-09-01 17:36:39 +00:00
fr33domlover
bff41673c4 Migration: Specify default value when adding non-null column 2016-09-01 16:30:39 +00:00
fr33domlover
7218262223 Don't update DB schema version if equal to app's version 2016-08-31 17:12:20 +00:00
fr33domlover
dc74456a6a Use the new migration system in place of persistent's one 2016-08-31 16:51:02 +00:00
fr33domlover
2640ecb8d1 Schema backend becomes associated datatype 2016-08-29 13:19:57 +00:00
fr33domlover
400c29289d Persistent schema backend, and PostgreSQL impl 2016-08-20 17:41:16 +00:00
fr33domlover
5909424644 Custom ticket field relevance filter by ticket status 2016-08-11 09:27:30 +00:00
fr33domlover
21192fef26 Route for accepting a New ticket 2016-08-11 07:58:51 +00:00
fr33domlover
3329b49b2e Turn boolean ticketDone into TicketStatus enum 2016-08-11 00:44:11 +00:00
fr33domlover
26624404ca Forgot to record Data.Maybe.Local util module 2016-08-10 21:23:55 +00:00
fr33domlover
941bd0ea03 Ticket content edit form lets you edit custom ticket params 2016-08-10 18:52:26 +00:00
fr33domlover
d7be2f04b2 Ticket custom fields can be constant, i.e. no edits 2016-08-09 13:22:56 +00:00
fr33domlover
19c18b031e Include custom ticket enum fields in new ticket form 2016-08-09 12:34:03 +00:00
fr33domlover
6457bf5607 Display custom enum fields in ticket page 2016-08-09 11:36:14 +00:00
fr33domlover
1d0d4f697d Include custom ticket text fields in new ticket form 2016-08-08 23:36:39 +00:00
fr33domlover
35933061c9 Display custom ticket field values in ticket page 2016-08-08 20:51:58 +00:00
fr33domlover
ec7dd4ee7e Experimental typeclass for ident+name model entities 2016-08-08 19:17:25 +00:00
fr33domlover
6e5ab77466 Projects must specify a ticket workflow 2016-08-08 19:05:22 +00:00
fr33domlover
a2ca78c790 Custom ticket fields specify whether required 2016-08-08 17:29:12 +00:00
fr33domlover
17643c6d49 Field enums aren't useful if you can't define values 2016-08-08 17:05:09 +00:00
fr33domlover
7ee28b97d2 Per-workflow custom ticket field enum types 2016-08-08 14:48:38 +00:00
fr33domlover
01385c480b Per-workflow custom ticket fields 2016-08-08 14:01:06 +00:00
fr33domlover
687aa68a04 Per-sharer ticket workflows
A workflow is a new entity in Vervis. It defines the workflow of a
projects' ticket system. That includes the possible ticket states,
custom ticket fields, various filters and so on. All ticket system
customization is currently planned to be managed using workflows.

Currently workflows are private and per sharer, but the plan is to
support public workflows that can be shared and cloned.
2016-08-08 11:05:19 +00:00
fr33domlover
ea38f17688 Specify repodir in darcs init, otherwise it fails
If `darcs init` isn't given a `--repodir`, even if you do specify the
new repository's path, it complains that it can't run inside a
repository, because it's running from a darcs clone of Vervis itself. If
the repo dir is specified using `--repodir` instead, Darcs doesn't
complain.

That's at least the situation with 2.8.5, didn't check other versions.
2016-08-04 08:00:29 +00:00
fr33domlover
dc54a89503 Ticket tree view page 2016-08-04 07:36:24 +00:00
fr33domlover
b5014a0f5f Ticket tree widget 2016-08-04 01:05:09 +00:00
fr33domlover
fe7aeb5162 Ticket summary widget 2016-08-04 00:40:29 +00:00
fr33domlover
7ebf189e93 More compact buildTree impl using foldr 2016-08-03 23:58:41 +00:00
fr33domlover
3807a02daf Generelize DAG tree view node from Int to any Eq+Ord+Hashable 2016-08-03 23:25:35 +00:00
fr33domlover
e7abd8eb9d DAG tree view model builder, based on (V, E) and user choices 2016-08-03 23:09:42 +00:00
fr33domlover
7d6ef47e05 DB actions for selecting nodes and edges of single graph 2016-08-03 21:26:39 +00:00
fr33domlover
6220c78f74 Extra persistent graph classes & instances for ticket graph 2016-08-03 19:32:33 +00:00
fr33domlover
52f91cb98a PersistEntityGraph specifies type of single graph selector 2016-08-02 15:44:45 +00:00
fr33domlover
51c99a1dfe SQL: Don't list starting nodes in graph reachable set 2016-08-02 11:58:49 +00:00
fr33domlover
521871c476 Refactor undirected edge SQL to remove repeated filter 2016-08-02 09:29:56 +00:00
fr33domlover
9cfaabc035 SQL: Define the undirected edge table once, use everywhere 2016-07-30 11:29:23 +00:00
fr33domlover
c111f66d7d SQL: Move some DBNames to common util module 2016-07-30 09:32:53 +00:00
fr33domlover
0904abd7e6 SQL: Use single recursive CTE reference in undirected traversal
At least in PostgreSQL, at most one reference is allowed. My undirected
recursion code used a UNION of two recursive steps, one for each
direction. That is invalid, so instead I define a CTE that's a union of
the edges and their reverse, and do a single recursion step on that CTE
instead of on the edge table itself.
2016-07-30 07:28:46 +00:00
fr33domlover
de384d0427 Persistent graph: Cyclic: Remove start temp table, not needed anymore 2016-07-29 23:27:26 +00:00
fr33domlover
9ca7ab3a57 SQL: Remove some =ANY(?) from trr code, left there by mistake 2016-07-29 23:03:01 +00:00
fr33domlover
dad1ed2e1f SQL: IN (1, 2, 3) instead of invalid ANY('[1, 2, 3]')
I thought SQL arrays were common and PersistList corresponded to SQL
array values. But that isn't the case. PersistList seems to be
serialized as a JSON list, and `filterClause` uses IN, not ANY. So I'm
doing the same thing here and using IN.

Note that I'm building the list myself using Text concatenation, not
using `filterClause`, because the latter takes a filter on an existing
`PersistEntity` while my filters often apply to temporary tables.
2016-07-29 22:57:52 +00:00
fr33domlover
1c2e5f86af SQL: Use ANY() with arrays, not IN 2016-07-28 16:50:08 +00:00
fr33domlover
5c153b0294 Ticket dependency add/remove and some fixes to recursive SQL 2016-07-28 16:40:10 +00:00
fr33domlover
ddd4393825 New YAML setting: Optional user limit 2016-07-27 21:46:48 +00:00
fr33domlover
188905f9aa Git clone over HTTP(S) using git binary 2016-07-27 15:17:03 +00:00
fr33domlover
c26fb389cf Reimplement git ref discovery using git binary :-/
My implementation in Haskell does work, but ref discovery also includes
capabilities. Since I'm going to use the git binary for the next steps,
I need the git binary to specify here which capabilities it supports.
2016-07-27 13:23:44 +00:00
fr33domlover
d1e1f3c0f7 Reverse dependencies page for tickets 2016-07-27 08:35:50 +00:00
fr33domlover
350f8a9521 Function trrFix for adapting intransitive DAG after edge insertion 2016-07-27 07:29:32 +00:00
fr33domlover
461283ba6e Simpler path selection in SQL transitive reduction
The transitive reduction query works by removing all the edges which
aren't the only paths between their nodes, i.e. longer paths exist. The
first step is to pick all the paths which include 2 or more edges.

The initial code did that appending in-edges to all paths, which results
with unnecessary duplicates and an INNER JOIN. Now, instead, just pick
all the paths with length of more than 3 nodes. This is hopefully not
just simpler, but also faster.
2016-07-20 11:24:01 +00:00
fr33domlover
a41f111bee Split recursive SQL query huge module into smaller modules 2016-07-20 10:08:42 +00:00
fr33domlover
8c1d4dd6f1 Transitive reduction of DAGs in SQL 2016-07-15 00:32:33 +00:00
fr33domlover
c340508385 Reachability sets of graph nodes using SQL 2016-07-14 13:48:24 +00:00
fr33domlover
87205772bb Transitive reduction of DAGs for FGL 2016-07-14 00:39:00 +00:00
fr33domlover
24040133a1 Graph path detection using recursive SQL queries 2016-07-13 19:05:02 +00:00
fr33domlover
7a33ef16f8 PersistEntityGraph is for any graph, PersistEntityHierarchy for DAGs 2016-07-05 16:13:48 +00:00
fr33domlover
7d8596c52b Path existence checking between graph nodes 2016-07-05 12:37:31 +00:00
fr33domlover
6f785d8e9a Graph cycle existence checking for FGL graphs 2016-07-05 08:49:25 +00:00
fr33domlover
879ad873e3 DB graph cycle existence checking using recursive SQL query 2016-07-05 08:46:58 +00:00
fr33domlover
fcb68ceea7 List ticket deps and reverse deps in ticket page 2016-07-04 09:58:25 +00:00
fr33domlover
6626e40340 Specify default role for repo and project visitors 2016-07-03 07:52:11 +00:00
fr33domlover
7542b33c7d Draw the arrows in role diagram 2016-07-02 11:57:20 +00:00
fr33domlover
c292bd51a4 Role diagram for repo roles too 2016-07-02 09:57:52 +00:00
fr33domlover
13afd17a40 Replace project role HTML flat list with an SVG diagram 2016-07-02 09:45:29 +00:00
fr33domlover
1191a3c5cd Role graph widget 2016-07-02 09:02:13 +00:00