Because of math being upsetting, we were adding 4 padding characters to
an already-properly-padded base64 string, which broke tazjin.
This also breaks this function out into panettone.util, and adds a test
for it.
Change-Id: I7bc8a440ad9d0917272dd9f2e341081ea14693da
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5782
Autosubmit: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
The JWT spec apparently specifies that base64 strings in jwts aren't to
be padded - but the common lisp base64 library doesn't know how to
decode unpadded base64 (it signals a condition in that case). This adds
the extra padding characters (a number of `=` characters such that the
length of the string is a multiple of 4) using some FORMAT wizardry (?).
Change-Id: Ic6b66f05db2699bf1f93f870f5dd614c37eccc2d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5781
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: grfn <grfn@gws.fyi>
Instead of directly connecting to LDAP and attempting to bind
usernames/password, authenticate users through an OAuth2 flow to
Keycloak.
This has the advantage of reusing the same SSO we already have for
Gerrit, Buildkite, ...
However, much of panettone's functionality makes assumptions about
LDAP being used. As a result there are some warts introduced by
this (for now):
* Since LDAP DNs are used as primary keys for users, we have to
construct fake DNs based on LDAP usernames
It might be sensible to migrate this to the UUIDs used by Keycloak
eventually.
* LDAP is part of the serving path for issues (for fetching user
information), however panettone no longer has a way to fetch
arbitrary user information unless it is persisted in its database.
To work around this, we construct a "fake" user based only on its
DN (i.e. only the username is going to be "correct") and use that to
serve issues.
* Email notifications no longer work (panettone can not access email
addresses)
Some of these need to be worked around by persisting some of that
information in the panettone database instead, as we don't want to
give the service the ability to access arbitrary user information
anymore.
We can probably do this with the user settings feature that already
exists and populate it on launch, but as of this commit email and
displayName functionality is simply broken.
Change-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5772
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Upcoming changes to the authentication model may mean that user
objects do not have an email address attached.
Change-Id: I4fddb810f723c790d243f779714ca7f189a02aeb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5770
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Don't render the <ol class="issue-history"> when we have nothing to put
in it, which is the case when there's no issue history and the user is
not logged in. This avoids an awkward-looking double bottom border on
issues with no comments for unauthenticated users.
Change-Id: I1c6aac40e4ba93e9428a0da589c67582b1589c17
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5445
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Instead of managing Postgres connections on our own, use the
`with-connection` postmodern function with pooling enabled as a route
decorator.
This should resolve at least some of the issues from b/113 with
leaking connections, and an unreported issue with connections being
reused while transactions are in progress.
Change-Id: I1ed68667a3240900de1ae69df37d2d3018caf204
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5198
Tested-by: BuildkiteCI
Reviewed-by: eta <tvl@eta.st>
Autosubmit: tazjin <tazjin@tvl.su>
unbind & close the stream of newly created LDAP connections after
auth, which might prevent some of the resource leaking we've got going
on
i did actually verify in sly that this still works. yay.
Change-Id: I92c8ca20de642585ae4c24aa455d051ee6e44a87
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5193
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
* //3p/nix: probably not worth investing time into this anymore
* //users/sterni/emacs: The emoji problem disappeared by itself with a
newer emacs version, however a different one remains…
* //web/panettone: If we ever want to change the behavior, we should
just decide the behavior statically instead of using conditions and
restarts, as we only call it in one place, so making different
decisions depending on call sites is not really a use case we have.
Change-Id: Iff9d439ce356db41ce34d690fb7b6a01822022fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5223
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
(who:html-mode) needs to be set at macro expansion time to properly take
effect which wasn't the case before, but is ensured now by
:compile-toplevel. :load-toplevel ensures that who inside the repl will
behave the same.
Since the :html5 behavior is now actually used, we need to adjust some
of the test cases to account for the different :html5 escaping mode.
Change-Id: I4dfe1d2db38da6a2486fde86596f7e5f50ed8b9f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4885
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Postmodern changed[0] how users customize the way lisp values get exported
to SQL - now, in addition to defining methods of
`cl-postgres:to-sql-string`, we have to pass `:col-export` and
`:col-import` args to the field itself in the dao class.
I'm not *entirely* sure why both are necessary, but without both this
doesn't work.
[0]: https://github.com/marijnh/Postmodern/blob/v1.33.1/CHANGELOG.md#changelog-v-1331
Change-Id: Iae8fb63c34fb6c79b9dfa350129032aab5cd2233
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4383
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: grfn <grfn@gws.fyi>
When the system is set to dark mode, this is detected through
prefers-color-scheme and the color scheme is adjusted accordingly. This
fixes#18.
The colors are set using CSS variables on the body that are overrridden
based on the current color scheme.
Change-Id: Id2f95dee4d6968e1b62ce37534f623e489fabde4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3722
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
This adds support for Clozure's CL implementation to buildLisp. This is
quite trivial in comparison to ECL since SBCL and CCL have very similar
in how they work (so much so that CCL also suffers from b/136).
Also the similarities in the code actually added here are striking, so
I'll try to make an effort to reduce the code duplication in the
future.
To fix builds with CCL the following changes were made:
* //3p/lisp/nibbles: The double inclusion of the types.lisp file was
fixed. CCL doesn't like double definitions and refuses to compile
otherwise.
* //3p/lisp/physical-quantities: Update to a new bug fix release which
contains a compilation fix for CCL.
* //3p/lisp/routes: apply a patch fixing the build which was previously
failing due to a double definition.
* //3p/lisp/usocket: only depend on sb-bsd-sockets for SBCL and ECL, the
latter of which seems to have a SBCL compatible implementation of the
package.
* Conditionally include a few CCL-specific source files and add
`badImplementation` entries for the remaining failures which are
//fun/gemma (to be expected) and //web/panettone which fails with an
incredibly vague message.
Change-Id: I666efdc39a0f16ee1bb6e23225784c709b04e740
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3350
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Adds ECL as a second supported implementation, specifically a statically
linked ECL. This is interesting because we can create statically linked
binaries, but has a few drawbacks which doesn't make it generally
useful:
* Loading things is very slow: The statically linked ECL only has byte
compilation available, so when we do load things or use the REPL it is
significantly worse than with e. g. SBCL.
* We can't load shared objects via the FFI since ECL's dffi is not
available when linked statically. This means that as it stands, we
can't build a statically linked //web/panettone for example.
Since ECL is quite slow anyways, I think these drawbacks are worth it
since the biggest reason for using ECL would be to get a statically
linked binary. If we change our minds, it shouldn't be too hard to
provide ecl-static and ecl-dynamic as separate implementations.
ECL is LGPL and some libraries it uses as part of its runtime are as
well. I've outlined in the ecl-static overlay why this should be of no
concern in the context of depot even though we are statically linking.
Currently everything is building except projects that are using cffi to
load shared libaries which have gotten an appropriate
`badImplementations` entry. To get the rest building the following
changes were made:
* Anywhere a dependency on UIOP is expressed as `bundled "uiop"` we now
use `bundled "asdf"` for all implementations except SBCL. From my
testing, SBCL seems to be the only implementation to support using
`(require 'uiop)` to only load the UIOP package. Where both a
dependency on ASDF and UIOP exists, we just delete the UIOP one.
`(require 'asdf)` always causes UIOP to be available.
* Where appropriate only conditionally compile SBCL-specific code and
if any build the corresponding files for ECL.
* //lisp/klatre: Use the standard condition parse-error for all
implementations except SBCL in try-parse-integer.
* //3p/lisp/ironclad: disable SBCL assembly optimization hack for all
other platforms as it may interfere with compilation.
* //3p/lisp/trivial-mimes: prevent call to asdf function by substituting
it out of the source since it always errors out in ECL and we hardcode
the correct path elsewhere anyways.
As it stands ECL still suffers from a very weird problem which happens
when compiling postmodern and moptilities:
https://gitlab.com/embeddable-common-lisp/ecl/-/issues/651
Change-Id: I0285924f92ac154126b4c42145073c3fb33702ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3297
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: eta <tvl@eta.st>
Issue bodies tend to be very long, so displaying the full diff whenever
the issue is updated takes up a lot of visual room and is very hard to
read. Specifically for this field, this changes the display to only show
"updated the body of this issue", hiding the previous and new values.
At some point in the future, I'd love to have some CSS fun with active
anchor links to have an "expanded" view that *does* display the previous
and new value, but for now this should be fine - the data isn't gone,
after all!
Fixes: b/111
Change-Id: I0188540188729142e0b9205ff5cc9ea576c4edb6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3142
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
7aebba7, which added anchor links to comments, also incorrectly added
only the *key* for the `:id` attribute to the `li` element for
issue *events*, swallowing up the next form (which happened to be the
username) as the value. this adds a *proper* value for the `:id`
attribute, bringing back the actual display of the username.
Fixes: b/97
Change-Id: I33ee628ddfd4a291e069980512fcc5f74014aac4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3141
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
The accessor function to get the ID of the `model:issue-not-found`
condition is `not-found-id`, not `id`! Also, add a missing space to the
title.
Fixes: b/127
Change-Id: I91c71feaf1fe877e6a14453a9e75cf27d56fee31
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3140
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This reverts commit 77c09076ec.
Reason for revert: It doesn't work - attempting to request any of the pages now gives:
[ERROR]] No keys match in SWITCH. Testing against
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
with EQUAL.
Change-Id: Ic4c795fd2a971003a6823a3b68ddee9a03b9f7c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3061
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Allow specifying an `Accept: application/json` header to the index and
show issue routes, to request that those pages be returned as JSON.
Change-Id: Ic225139fc9e7fdce0da98984df4ca987685dafe0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3043
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Rename my //users directory and all places that refer to glittershark to
grfn, including nix references and documentation.
This may require some extra attention inside of gerrit's database after
it lands to allow me to actually push things.
Change-Id: I4728b7ec2c60024392c1c1fa6e0d4a59b3e266fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2933
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
Since we are still using third_party, underscores are kind of common in
issue titles and are probably often forgotten to escape. Let's just
support `*` for emphasized text in titles for now.
Change-Id: I305bcf4d4c59123bba4ce816a6da2ee8b022c34e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2926
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Emails for (re)opening and closing where send out with the user's DN in
the subject which is probably not what we want.
Using displayname-if-known is probably not necessary as there is not
really a case where (not *user*) wouldn't justify a 500 in this context.
Change-Id: Id12d3d9619f42eb5337c2d3482b7c1646b5d6a81
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2911
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
drakma ignores the :external-format-in parameter if :want-stream is t:
> If want-stream is true, the message body is NOT read and instead
> the (open) socket stream is returned as the first return value.
> If the sixth value of HTTP-REQUEST is true, the stream should be
> closed (and not be re-used) after the body has been read. The
> stream returned is a flexi-stream with a chunked stream as its
> underlying stream. If you want to read binary data from this
> stream, read from the underlying stream which you can get with
> FLEXI-STREAM-STREAM.
Since it doesn't return a plain CL stream which would just work with
SBCL, we need to set the external format on the resulting flexi-stream.
Fixes b/107.
Change-Id: I6e3178123c0927ef21fabf8118d9d357c8afbd42
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2869
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Move the common part (encoding/decoding json and connecting to cheddar)
into request-markdown-from-cheddar. The two render-markdown
implementations are now only thin wrappers around that function.
Change-Id: I81bb34b684af44228dcad02fca541082e6d060ce
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2868
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
email.lisp was missing from the buildLisp derivaation's source files,
which meant that none of its definitions were being loaded into the
image even though the package was defined by packages.lisp.
As an aside, this really should've broken the build - we got a
style-warning in panettone.lisp for referencing the missing definitions,
but that only surfaced as a warning, and ended up breaking once deployed
Change-Id: Ie99c3efeef8e6943aa1f9cfc426957d622c2d718
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2845
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Add a little bit more information to issue notification emails,
including the IDs of issues and links to the issues themselves.
Change-Id: Ia54209f936a37c6dbdb60ebff5bb8c1034cffc9a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2809
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Send notifications both to IRC and email when issues are reopened after
being closed
Change-Id: I3a63419c6547ac28eeaafbe212a2a01a5fc2b5af
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2808
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Send notification emails to the same group of users who receive
notifications on issue comments when issues are marked as closed. This
also takes the opportunity to generalize issue notification emails a
bit, and lay the groundwork for (but not implement) explicit issue
subscriber lists.
Change-Id: Ie2572ed3ad0207d415b4c362438f772925e7a2c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2807
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Add a user settings page, with a single checkbox that allows disabling
receiving all email notifications.
Change-Id: Ibef2a497cd59f93b695ff8b9cd36047e514e00c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2806
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
When a user posts a comment on an issue, send email
notifications (respecting the enable-email-notifications setting) to the
author of that issue and all the other users who have commented on that
issue. Since the oauth & gmail API stuff that the relay does is slow,
this happens in a background thread.
Change-Id: Ic00c265deab1030d9ba64c29c9f56314dd179141
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2805
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Add a new package to panettone, :panettone.email with functions to send
email notifications to users through the SMTP relay on whitby,
respecting the value of `enable_email_notifications` on the
user_settings table.
Change-Id: Ia4ec65965abda06f1fadb178143d66bb8eae6482
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2804
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Add a new user-settings table and dao class, with a flag that allows an
individual user to disable receiving email notifications
Change-Id: I537bfca74490941934c0adc7328bcd6ed5c9c0b9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2803
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
When sending irc notifications, insert a zero-width space after the
first character of the username of the author of issues, to prevent that
user from receiving a ping.
Fixes: b/95
Change-Id: Ibcacb45129b2cb99b587744eb61f4f1dbc0060d6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2693
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Sterni has been doing a lot of good mainenance work, and I'd like to
enable that in as unblocked a fashion as possible.
Change-Id: I5bbd2459864c3d4b7e6b9927fc5d4824efc854e6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2692
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
* Fix find-user-by-dn raising an error condition if the search returns
no results, return nil instead.
* Adopt strategy of defaulting to “someone” as displayname if lookup
fails for all usage of displaynames in panettone.
I've tested this change for issues and comments created by missing
users. Adjusting the displayname seems to fix all 500 being created
by missing users both logged out and logged in.
Change-Id: I0a84eb0631c4a49f1664bed6d03afa60dce6eb47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2448
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This is achieved by implementing a simple markdown renderer in CL which
has the following limitations:
* Only supports inline `code`, *emphasize 1*, _emphasize 2_ and
~~strikethrough~~.
* Does not support nested markup.
This allows for a relatively simple renderer which doesn't need to parse
markdown into a in-memory data structure first. The rendered result is
directly written to a stream to integrate well with cl-who which is also
reused for rendering tags and xml-escaping strings.
Fixes#90.
Change-Id: Ice88ed770b1fab6365f3b93e8663e25077befa0b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2389
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
I checked all :value attributes in panettone.lisp and wrapped them with
who:escape-string if its value comes from user-influenced places. Static
values or values from panettone internals are left as is.
I did not do a comprehensive check for other places where something
similar could happen though.
Fixes#92.
Change-Id: I134acc0d2f025f173588b37c19a93589365e879b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2401
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Prefix all IRC notifications from panettone with a unicode
zero-width-space so that they don't get picked up by other IRC
bots (notably bslsk05).
Change-Id: I350fd1b6d2145e496c22a8f56ba3530fc9f1a978
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2127
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Send an irc notification when issues are marked closed, in a similar
format to the notifications sent when new issues are created.
Change-Id: I2fdde33f0dedc223a5c2265eed778161938f8e9a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2126
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This reverts commit e1067b1497.
The original issue here was misusing ISSUE-ID instead of ID, but also
the associated username for the message should've been CN instead of DN
Change-Id: I1629c0cb7597ff2ee2867f27870378eecdafe126
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2125
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
This reverts commit 2e2bdf9c6c.
Reason for revert: this is not working, and is resulting in newly created issues just showing a blank page (b/74)
Change-Id: I3f06afc52d6c5289269402fc75bb32ad9c376bf4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2082
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
- The new PANETTONE.IRC package contains the SEND-IRC-NOTIFICATION function,
which opens a new TCP socket to irccat (if it's running and configured) in
order to announce the creation of new issues.
- The IRCCATHOST and IRCCATPORT environment variables must be set for this to
work.
- Additionally, the ISSUECHANNEL environment variable may be used to direct
announcements at a given channel (otherwise it'll just use the first one).
Change-Id: I429a66f24d0f80ed10db173d6af7105fb1d3d023
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2077
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>