Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
6fd4c2f65d | ||
|
|
623ea2e14b | ||
|
|
25bcbad081 | ||
|
|
39427c40e7 |
@ -25,6 +25,7 @@ syntax = "proto3";
|
||||
package abi.v1;
|
||||
|
||||
import "google/protobuf/timestamp.proto";
|
||||
import "v1/http.proto";
|
||||
import "v1/invoke.proto";
|
||||
|
||||
option go_package = "git.dev.alexdunmow.com/block/pluginsdk/abi/v1;abiv1";
|
||||
@ -310,6 +311,79 @@ message DatasourceResult {
|
||||
bytes meta_json = 3;
|
||||
}
|
||||
|
||||
// --- datatables.* (datatables.DataTables) ---
|
||||
|
||||
message DatatablesGetTableByKeyRequest {
|
||||
string table_key = 1;
|
||||
}
|
||||
|
||||
message DatatablesGetTableByKeyResponse {
|
||||
DataTableInfo table = 1;
|
||||
}
|
||||
|
||||
message DatatablesGetRowRequest {
|
||||
string row_id = 1; // UUID
|
||||
}
|
||||
|
||||
message DatatablesGetRowResponse {
|
||||
DataTableRowInfo row = 1;
|
||||
}
|
||||
|
||||
message DatatablesListRowsRequest {
|
||||
string table_id = 1; // UUID
|
||||
int32 limit = 2;
|
||||
int32 offset = 3;
|
||||
}
|
||||
|
||||
message DatatablesListRowsResponse {
|
||||
repeated DataTableRowInfo rows = 1;
|
||||
}
|
||||
|
||||
message DatatablesCreateRowRequest {
|
||||
string table_id = 1; // UUID
|
||||
bytes data_json = 2; // JSON object
|
||||
}
|
||||
|
||||
message DatatablesCreateRowResponse {
|
||||
DataTableRowInfo row = 1;
|
||||
}
|
||||
|
||||
message DatatablesUpdateRowDataRequest {
|
||||
string row_id = 1; // UUID
|
||||
bytes data_json = 2; // JSON object
|
||||
}
|
||||
|
||||
message DatatablesUpdateRowDataResponse {
|
||||
DataTableRowInfo row = 1;
|
||||
}
|
||||
|
||||
message DatatablesFindRowByFieldRequest {
|
||||
string table_id = 1; // UUID
|
||||
string field = 2;
|
||||
string value = 3;
|
||||
}
|
||||
|
||||
message DatatablesFindRowByFieldResponse {
|
||||
// Unset when no row matches (the guest maps that to nil, nil).
|
||||
DataTableRowInfo row = 1;
|
||||
}
|
||||
|
||||
// DataTableInfo mirrors datatables.Table.
|
||||
message DataTableInfo {
|
||||
string id = 1; // UUID
|
||||
string table_key = 2;
|
||||
string name = 3;
|
||||
int32 row_count = 4;
|
||||
}
|
||||
|
||||
// DataTableRowInfo mirrors datatables.Row (data column as JSON bytes).
|
||||
message DataTableRowInfo {
|
||||
string id = 1; // UUID
|
||||
string table_id = 2; // UUID
|
||||
bytes data_json = 3; // JSON object
|
||||
int32 sort_order = 4;
|
||||
}
|
||||
|
||||
// --- users.* (auth.PublicUsers) ---
|
||||
|
||||
message UsersGetByUsernameRequest {
|
||||
@ -854,3 +928,34 @@ message BridgeInvokeRequest {
|
||||
message BridgeInvokeResponse {
|
||||
bytes payload = 1;
|
||||
}
|
||||
|
||||
// --- http.request (egress.Client host-mediated outbound HTTP, ADR 0023) ---
|
||||
|
||||
// HttpRequestRequest asks the host to perform one outbound HTTPS request on
|
||||
// the plugin's behalf. The host enforces the plugin's egress grant (host
|
||||
// patterns + response cap), the platform denylist, the SSRF guard, and the
|
||||
// redirect policy before any bytes leave — the guest never touches a socket.
|
||||
// Names differ from the HANDLE_HTTP hook pair (HttpRequest/HttpResponse in
|
||||
// http.proto), which is inbound traffic INTO the guest mux.
|
||||
message HttpRequestRequest {
|
||||
string method = 1;
|
||||
// Absolute https URL (scheme required; http is refused by policy).
|
||||
string url = 2;
|
||||
map<string, HeaderValues> headers = 3;
|
||||
bytes body = 4;
|
||||
// Optional guest-side deadline. It may only LOWER the host's per-fetch
|
||||
// ceiling, never raise it; zero means the host ceiling applies.
|
||||
uint32 timeout_ms = 5;
|
||||
}
|
||||
|
||||
// HttpRequestResponse is the fully buffered upstream response. Bodies larger
|
||||
// than the granted cap fail the call (EGRESS_DENIED is policy; oversize is
|
||||
// INTERNAL with a too-large message) — never a silent truncation.
|
||||
message HttpRequestResponse {
|
||||
int32 status = 1;
|
||||
map<string, HeaderValues> headers = 2;
|
||||
bytes body = 3;
|
||||
// URL that produced the response after any (allowlist-validated)
|
||||
// redirects.
|
||||
string final_url = 4;
|
||||
}
|
||||
|
||||
@ -101,6 +101,12 @@ enum AbiErrorCode {
|
||||
// the cms dbexec side (adopted separately) and mapped guest-side to
|
||||
// bnwasm.ErrTxExpired.
|
||||
ABI_ERROR_CODE_TX_EXPIRED = 6;
|
||||
// An http.request egress call was refused by policy (host not granted,
|
||||
// grant revoked, platform-denylisted, or an off-allowlist redirect).
|
||||
// message names the offending host. Mapped guest-side to
|
||||
// egress.ErrDenied — deliberately distinct from a network failure
|
||||
// (ADR 0023, cms repo).
|
||||
ABI_ERROR_CODE_EGRESS_DENIED = 7;
|
||||
}
|
||||
|
||||
// AbiError is the structured error carried by InvokeResponse and
|
||||
|
||||
@ -125,6 +125,48 @@ message PluginManifest {
|
||||
// to describe): `ninja plugin build` synthesizes the manifest from
|
||||
// plugin.mod + the artifact's declarative files.
|
||||
bool codeless = 33;
|
||||
|
||||
// allowed_hosts declares the egress host patterns the plugin needs for
|
||||
// http.request (exact hostname or left-anchored multi-label wildcard,
|
||||
// e.g. "*.cal.com"; https/443 only unless an entry names an explicit
|
||||
// port). Like data_dir, its source of truth is plugin.mod — the packer
|
||||
// stamps it — because it lives outside the guest code. The host refuses
|
||||
// to load the plugin until an admin grants the full declared set
|
||||
// (ADR 0023, cms repo). Empty means no egress.
|
||||
repeated string allowed_hosts = 34;
|
||||
|
||||
// max_response_mb requests a larger per-request http.request response cap
|
||||
// than the 10 MB default. Rides the same admin grant as allowed_hosts.
|
||||
// Zero means the default.
|
||||
uint32 max_response_mb = 35;
|
||||
|
||||
// public_routes declares the site-root paths the plugin serves through its
|
||||
// HTTP handler (ADR 0026, cms repo): exact paths and path prefixes the host
|
||||
// mounts at the public site root, dispatching to HOOK_HANDLE_HTTP with the
|
||||
// full unstripped request path. Like data_dir and allowed_hosts, the source
|
||||
// of truth is plugin.mod; the packer validates and stamps it. Conflict
|
||||
// rules are host-side: core routes always win, between plugins the
|
||||
// first-installed plugin wins, and conflicts are surfaced in the admin UI,
|
||||
// never silently dropped. Empty means the plugin serves HTTP only under
|
||||
// /api/plugins/<name>.
|
||||
repeated PublicRoute public_routes = 36;
|
||||
|
||||
// sitemap requests sitemap contribution: when true the host fetches
|
||||
// entries from the plugin's well-known sitemap endpoint (served by its
|
||||
// HTTP handler) and merges them into the site sitemap. Requires
|
||||
// has_http_handler.
|
||||
bool sitemap = 37;
|
||||
}
|
||||
|
||||
// PublicRoute is one site-root path claim (see PluginManifest.public_routes).
|
||||
message PublicRoute {
|
||||
// Absolute site-root path, e.g. "/area" or "/api/directory". Validated by
|
||||
// the packer: must start with "/", no reserved prefixes ("/admin",
|
||||
// "/api/plugins", "/ws"), no traversal or empty segments.
|
||||
string path = 1;
|
||||
// When true the claim covers every path under path as well (a path-prefix
|
||||
// mount); when false only the exact path is claimed.
|
||||
bool prefix = 2;
|
||||
}
|
||||
|
||||
// Dependency mirrors plugin.Dependency.
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -168,6 +168,12 @@ const (
|
||||
// the cms dbexec side (adopted separately) and mapped guest-side to
|
||||
// bnwasm.ErrTxExpired.
|
||||
AbiErrorCode_ABI_ERROR_CODE_TX_EXPIRED AbiErrorCode = 6
|
||||
// An http.request egress call was refused by policy (host not granted,
|
||||
// grant revoked, platform-denylisted, or an off-allowlist redirect).
|
||||
// message names the offending host. Mapped guest-side to
|
||||
// egress.ErrDenied — deliberately distinct from a network failure
|
||||
// (ADR 0023, cms repo).
|
||||
AbiErrorCode_ABI_ERROR_CODE_EGRESS_DENIED AbiErrorCode = 7
|
||||
)
|
||||
|
||||
// Enum value maps for AbiErrorCode.
|
||||
@ -180,6 +186,7 @@ var (
|
||||
4: "ABI_ERROR_CODE_DEADLINE_EXCEEDED",
|
||||
5: "ABI_ERROR_CODE_PERMISSION_DENIED",
|
||||
6: "ABI_ERROR_CODE_TX_EXPIRED",
|
||||
7: "ABI_ERROR_CODE_EGRESS_DENIED",
|
||||
}
|
||||
AbiErrorCode_value = map[string]int32{
|
||||
"ABI_ERROR_CODE_UNSPECIFIED": 0,
|
||||
@ -189,6 +196,7 @@ var (
|
||||
"ABI_ERROR_CODE_DEADLINE_EXCEEDED": 4,
|
||||
"ABI_ERROR_CODE_PERMISSION_DENIED": 5,
|
||||
"ABI_ERROR_CODE_TX_EXPIRED": 6,
|
||||
"ABI_ERROR_CODE_EGRESS_DENIED": 7,
|
||||
}
|
||||
)
|
||||
|
||||
@ -1790,7 +1798,7 @@ const file_v1_invoke_proto_rawDesc = "" +
|
||||
"\x11HOOK_AI_TOOL_CALL\x10\f\x12\x14\n" +
|
||||
"\x10HOOK_BRIDGE_CALL\x10\r\x12 \n" +
|
||||
"\x1cHOOK_DIRECTORY_PANEL_SECTION\x10\x0e\x12 \n" +
|
||||
"\x1cHOOK_DIRECTORY_PIN_DECORATOR\x10\x0f*\xf3\x01\n" +
|
||||
"\x1cHOOK_DIRECTORY_PIN_DECORATOR\x10\x0f*\x95\x02\n" +
|
||||
"\fAbiErrorCode\x12\x1e\n" +
|
||||
"\x1aABI_ERROR_CODE_UNSPECIFIED\x10\x00\x12\x1b\n" +
|
||||
"\x17ABI_ERROR_CODE_INTERNAL\x10\x01\x12\x19\n" +
|
||||
@ -1798,7 +1806,8 @@ const file_v1_invoke_proto_rawDesc = "" +
|
||||
"\x1cABI_ERROR_CODE_UNIMPLEMENTED\x10\x03\x12$\n" +
|
||||
" ABI_ERROR_CODE_DEADLINE_EXCEEDED\x10\x04\x12$\n" +
|
||||
" ABI_ERROR_CODE_PERMISSION_DENIED\x10\x05\x12\x1d\n" +
|
||||
"\x19ABI_ERROR_CODE_TX_EXPIRED\x10\x06B5Z3git.dev.alexdunmow.com/block/pluginsdk/abi/v1;abiv1b\x06proto3"
|
||||
"\x19ABI_ERROR_CODE_TX_EXPIRED\x10\x06\x12 \n" +
|
||||
"\x1cABI_ERROR_CODE_EGRESS_DENIED\x10\aB5Z3git.dev.alexdunmow.com/block/pluginsdk/abi/v1;abiv1b\x06proto3"
|
||||
|
||||
var (
|
||||
file_v1_invoke_proto_rawDescOnce sync.Once
|
||||
|
||||
@ -122,7 +122,34 @@ type PluginManifest struct {
|
||||
// both reject the combination. Not produced by DESCRIBE (there is no guest
|
||||
// to describe): `ninja plugin build` synthesizes the manifest from
|
||||
// plugin.mod + the artifact's declarative files.
|
||||
Codeless bool `protobuf:"varint,33,opt,name=codeless,proto3" json:"codeless,omitempty"`
|
||||
Codeless bool `protobuf:"varint,33,opt,name=codeless,proto3" json:"codeless,omitempty"`
|
||||
// allowed_hosts declares the egress host patterns the plugin needs for
|
||||
// http.request (exact hostname or left-anchored multi-label wildcard,
|
||||
// e.g. "*.cal.com"; https/443 only unless an entry names an explicit
|
||||
// port). Like data_dir, its source of truth is plugin.mod — the packer
|
||||
// stamps it — because it lives outside the guest code. The host refuses
|
||||
// to load the plugin until an admin grants the full declared set
|
||||
// (ADR 0023, cms repo). Empty means no egress.
|
||||
AllowedHosts []string `protobuf:"bytes,34,rep,name=allowed_hosts,json=allowedHosts,proto3" json:"allowed_hosts,omitempty"`
|
||||
// max_response_mb requests a larger per-request http.request response cap
|
||||
// than the 10 MB default. Rides the same admin grant as allowed_hosts.
|
||||
// Zero means the default.
|
||||
MaxResponseMb uint32 `protobuf:"varint,35,opt,name=max_response_mb,json=maxResponseMb,proto3" json:"max_response_mb,omitempty"`
|
||||
// public_routes declares the site-root paths the plugin serves through its
|
||||
// HTTP handler (ADR 0026, cms repo): exact paths and path prefixes the host
|
||||
// mounts at the public site root, dispatching to HOOK_HANDLE_HTTP with the
|
||||
// full unstripped request path. Like data_dir and allowed_hosts, the source
|
||||
// of truth is plugin.mod; the packer validates and stamps it. Conflict
|
||||
// rules are host-side: core routes always win, between plugins the
|
||||
// first-installed plugin wins, and conflicts are surfaced in the admin UI,
|
||||
// never silently dropped. Empty means the plugin serves HTTP only under
|
||||
// /api/plugins/<name>.
|
||||
PublicRoutes []*PublicRoute `protobuf:"bytes,36,rep,name=public_routes,json=publicRoutes,proto3" json:"public_routes,omitempty"`
|
||||
// sitemap requests sitemap contribution: when true the host fetches
|
||||
// entries from the plugin's well-known sitemap endpoint (served by its
|
||||
// HTTP handler) and merges them into the site sitemap. Requires
|
||||
// has_http_handler.
|
||||
Sitemap bool `protobuf:"varint,37,opt,name=sitemap,proto3" json:"sitemap,omitempty"`
|
||||
unknownFields protoimpl.UnknownFields
|
||||
sizeCache protoimpl.SizeCache
|
||||
}
|
||||
@ -388,6 +415,92 @@ func (x *PluginManifest) GetCodeless() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (x *PluginManifest) GetAllowedHosts() []string {
|
||||
if x != nil {
|
||||
return x.AllowedHosts
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (x *PluginManifest) GetMaxResponseMb() uint32 {
|
||||
if x != nil {
|
||||
return x.MaxResponseMb
|
||||
}
|
||||
return 0
|
||||
}
|
||||
|
||||
func (x *PluginManifest) GetPublicRoutes() []*PublicRoute {
|
||||
if x != nil {
|
||||
return x.PublicRoutes
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (x *PluginManifest) GetSitemap() bool {
|
||||
if x != nil {
|
||||
return x.Sitemap
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// PublicRoute is one site-root path claim (see PluginManifest.public_routes).
|
||||
type PublicRoute struct {
|
||||
state protoimpl.MessageState `protogen:"open.v1"`
|
||||
// Absolute site-root path, e.g. "/area" or "/api/directory". Validated by
|
||||
// the packer: must start with "/", no reserved prefixes ("/admin",
|
||||
// "/api/plugins", "/ws"), no traversal or empty segments.
|
||||
Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
|
||||
// When true the claim covers every path under path as well (a path-prefix
|
||||
// mount); when false only the exact path is claimed.
|
||||
Prefix bool `protobuf:"varint,2,opt,name=prefix,proto3" json:"prefix,omitempty"`
|
||||
unknownFields protoimpl.UnknownFields
|
||||
sizeCache protoimpl.SizeCache
|
||||
}
|
||||
|
||||
func (x *PublicRoute) Reset() {
|
||||
*x = PublicRoute{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[1]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
||||
func (x *PublicRoute) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*PublicRoute) ProtoMessage() {}
|
||||
|
||||
func (x *PublicRoute) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[1]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use PublicRoute.ProtoReflect.Descriptor instead.
|
||||
func (*PublicRoute) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{1}
|
||||
}
|
||||
|
||||
func (x *PublicRoute) GetPath() string {
|
||||
if x != nil {
|
||||
return x.Path
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (x *PublicRoute) GetPrefix() bool {
|
||||
if x != nil {
|
||||
return x.Prefix
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// Dependency mirrors plugin.Dependency.
|
||||
type Dependency struct {
|
||||
state protoimpl.MessageState `protogen:"open.v1"`
|
||||
@ -400,7 +513,7 @@ type Dependency struct {
|
||||
|
||||
func (x *Dependency) Reset() {
|
||||
*x = Dependency{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[1]
|
||||
mi := &file_v1_manifest_proto_msgTypes[2]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -412,7 +525,7 @@ func (x *Dependency) String() string {
|
||||
func (*Dependency) ProtoMessage() {}
|
||||
|
||||
func (x *Dependency) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[1]
|
||||
mi := &file_v1_manifest_proto_msgTypes[2]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -425,7 +538,7 @@ func (x *Dependency) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use Dependency.ProtoReflect.Descriptor instead.
|
||||
func (*Dependency) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{1}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{2}
|
||||
}
|
||||
|
||||
func (x *Dependency) GetPlugin() string {
|
||||
@ -468,7 +581,7 @@ type BlockMeta struct {
|
||||
|
||||
func (x *BlockMeta) Reset() {
|
||||
*x = BlockMeta{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[2]
|
||||
mi := &file_v1_manifest_proto_msgTypes[3]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -480,7 +593,7 @@ func (x *BlockMeta) String() string {
|
||||
func (*BlockMeta) ProtoMessage() {}
|
||||
|
||||
func (x *BlockMeta) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[2]
|
||||
mi := &file_v1_manifest_proto_msgTypes[3]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -493,7 +606,7 @@ func (x *BlockMeta) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use BlockMeta.ProtoReflect.Descriptor instead.
|
||||
func (*BlockMeta) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{2}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{3}
|
||||
}
|
||||
|
||||
func (x *BlockMeta) GetKey() string {
|
||||
@ -559,7 +672,7 @@ type BlockTemplateOverride struct {
|
||||
|
||||
func (x *BlockTemplateOverride) Reset() {
|
||||
*x = BlockTemplateOverride{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[3]
|
||||
mi := &file_v1_manifest_proto_msgTypes[4]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -571,7 +684,7 @@ func (x *BlockTemplateOverride) String() string {
|
||||
func (*BlockTemplateOverride) ProtoMessage() {}
|
||||
|
||||
func (x *BlockTemplateOverride) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[3]
|
||||
mi := &file_v1_manifest_proto_msgTypes[4]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -584,7 +697,7 @@ func (x *BlockTemplateOverride) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use BlockTemplateOverride.ProtoReflect.Descriptor instead.
|
||||
func (*BlockTemplateOverride) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{3}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{4}
|
||||
}
|
||||
|
||||
func (x *BlockTemplateOverride) GetTemplateKey() string {
|
||||
@ -620,7 +733,7 @@ type SystemTemplateMeta struct {
|
||||
|
||||
func (x *SystemTemplateMeta) Reset() {
|
||||
*x = SystemTemplateMeta{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[4]
|
||||
mi := &file_v1_manifest_proto_msgTypes[5]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -632,7 +745,7 @@ func (x *SystemTemplateMeta) String() string {
|
||||
func (*SystemTemplateMeta) ProtoMessage() {}
|
||||
|
||||
func (x *SystemTemplateMeta) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[4]
|
||||
mi := &file_v1_manifest_proto_msgTypes[5]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -645,7 +758,7 @@ func (x *SystemTemplateMeta) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use SystemTemplateMeta.ProtoReflect.Descriptor instead.
|
||||
func (*SystemTemplateMeta) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{4}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{5}
|
||||
}
|
||||
|
||||
func (x *SystemTemplateMeta) GetKey() string {
|
||||
@ -684,7 +797,7 @@ type PageTemplateMeta struct {
|
||||
|
||||
func (x *PageTemplateMeta) Reset() {
|
||||
*x = PageTemplateMeta{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[5]
|
||||
mi := &file_v1_manifest_proto_msgTypes[6]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -696,7 +809,7 @@ func (x *PageTemplateMeta) String() string {
|
||||
func (*PageTemplateMeta) ProtoMessage() {}
|
||||
|
||||
func (x *PageTemplateMeta) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[5]
|
||||
mi := &file_v1_manifest_proto_msgTypes[6]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -709,7 +822,7 @@ func (x *PageTemplateMeta) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use PageTemplateMeta.ProtoReflect.Descriptor instead.
|
||||
func (*PageTemplateMeta) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{5}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{6}
|
||||
}
|
||||
|
||||
func (x *PageTemplateMeta) GetSystemKey() string {
|
||||
@ -760,7 +873,7 @@ type AdminPage struct {
|
||||
|
||||
func (x *AdminPage) Reset() {
|
||||
*x = AdminPage{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[6]
|
||||
mi := &file_v1_manifest_proto_msgTypes[7]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -772,7 +885,7 @@ func (x *AdminPage) String() string {
|
||||
func (*AdminPage) ProtoMessage() {}
|
||||
|
||||
func (x *AdminPage) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[6]
|
||||
mi := &file_v1_manifest_proto_msgTypes[7]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -785,7 +898,7 @@ func (x *AdminPage) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use AdminPage.ProtoReflect.Descriptor instead.
|
||||
func (*AdminPage) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{6}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{7}
|
||||
}
|
||||
|
||||
func (x *AdminPage) GetKey() string {
|
||||
@ -830,7 +943,7 @@ type AiAction struct {
|
||||
|
||||
func (x *AiAction) Reset() {
|
||||
*x = AiAction{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[7]
|
||||
mi := &file_v1_manifest_proto_msgTypes[8]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -842,7 +955,7 @@ func (x *AiAction) String() string {
|
||||
func (*AiAction) ProtoMessage() {}
|
||||
|
||||
func (x *AiAction) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[7]
|
||||
mi := &file_v1_manifest_proto_msgTypes[8]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -855,7 +968,7 @@ func (x *AiAction) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use AiAction.ProtoReflect.Descriptor instead.
|
||||
func (*AiAction) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{7}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{8}
|
||||
}
|
||||
|
||||
func (x *AiAction) GetKey() string {
|
||||
@ -905,7 +1018,7 @@ type CssManifest struct {
|
||||
|
||||
func (x *CssManifest) Reset() {
|
||||
*x = CssManifest{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[8]
|
||||
mi := &file_v1_manifest_proto_msgTypes[9]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -917,7 +1030,7 @@ func (x *CssManifest) String() string {
|
||||
func (*CssManifest) ProtoMessage() {}
|
||||
|
||||
func (x *CssManifest) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[8]
|
||||
mi := &file_v1_manifest_proto_msgTypes[9]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -930,7 +1043,7 @@ func (x *CssManifest) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use CssManifest.ProtoReflect.Descriptor instead.
|
||||
func (*CssManifest) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{8}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{9}
|
||||
}
|
||||
|
||||
func (x *CssManifest) GetNpmPackages() map[string]string {
|
||||
@ -971,7 +1084,7 @@ type DirectoryExtensions struct {
|
||||
|
||||
func (x *DirectoryExtensions) Reset() {
|
||||
*x = DirectoryExtensions{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[9]
|
||||
mi := &file_v1_manifest_proto_msgTypes[10]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -983,7 +1096,7 @@ func (x *DirectoryExtensions) String() string {
|
||||
func (*DirectoryExtensions) ProtoMessage() {}
|
||||
|
||||
func (x *DirectoryExtensions) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[9]
|
||||
mi := &file_v1_manifest_proto_msgTypes[10]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -996,7 +1109,7 @@ func (x *DirectoryExtensions) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use DirectoryExtensions.ProtoReflect.Descriptor instead.
|
||||
func (*DirectoryExtensions) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{9}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{10}
|
||||
}
|
||||
|
||||
func (x *DirectoryExtensions) GetBooleanFilterFields() []string {
|
||||
@ -1045,7 +1158,7 @@ type BadgeLabel struct {
|
||||
|
||||
func (x *BadgeLabel) Reset() {
|
||||
*x = BadgeLabel{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[10]
|
||||
mi := &file_v1_manifest_proto_msgTypes[11]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -1057,7 +1170,7 @@ func (x *BadgeLabel) String() string {
|
||||
func (*BadgeLabel) ProtoMessage() {}
|
||||
|
||||
func (x *BadgeLabel) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[10]
|
||||
mi := &file_v1_manifest_proto_msgTypes[11]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -1070,7 +1183,7 @@ func (x *BadgeLabel) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use BadgeLabel.ProtoReflect.Descriptor instead.
|
||||
func (*BadgeLabel) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{10}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{11}
|
||||
}
|
||||
|
||||
func (x *BadgeLabel) GetPositive() string {
|
||||
@ -1100,7 +1213,7 @@ type MasterPageDefinition struct {
|
||||
|
||||
func (x *MasterPageDefinition) Reset() {
|
||||
*x = MasterPageDefinition{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[11]
|
||||
mi := &file_v1_manifest_proto_msgTypes[12]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -1112,7 +1225,7 @@ func (x *MasterPageDefinition) String() string {
|
||||
func (*MasterPageDefinition) ProtoMessage() {}
|
||||
|
||||
func (x *MasterPageDefinition) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[11]
|
||||
mi := &file_v1_manifest_proto_msgTypes[12]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -1125,7 +1238,7 @@ func (x *MasterPageDefinition) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use MasterPageDefinition.ProtoReflect.Descriptor instead.
|
||||
func (*MasterPageDefinition) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{11}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{12}
|
||||
}
|
||||
|
||||
func (x *MasterPageDefinition) GetKey() string {
|
||||
@ -1172,7 +1285,7 @@ type MasterPageBlock struct {
|
||||
|
||||
func (x *MasterPageBlock) Reset() {
|
||||
*x = MasterPageBlock{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[12]
|
||||
mi := &file_v1_manifest_proto_msgTypes[13]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -1184,7 +1297,7 @@ func (x *MasterPageBlock) String() string {
|
||||
func (*MasterPageBlock) ProtoMessage() {}
|
||||
|
||||
func (x *MasterPageBlock) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[12]
|
||||
mi := &file_v1_manifest_proto_msgTypes[13]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -1197,7 +1310,7 @@ func (x *MasterPageBlock) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use MasterPageBlock.ProtoReflect.Descriptor instead.
|
||||
func (*MasterPageBlock) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{12}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{13}
|
||||
}
|
||||
|
||||
func (x *MasterPageBlock) GetBlockKey() string {
|
||||
@ -1254,7 +1367,7 @@ type CoreServiceBinding struct {
|
||||
|
||||
func (x *CoreServiceBinding) Reset() {
|
||||
*x = CoreServiceBinding{}
|
||||
mi := &file_v1_manifest_proto_msgTypes[13]
|
||||
mi := &file_v1_manifest_proto_msgTypes[14]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
@ -1266,7 +1379,7 @@ func (x *CoreServiceBinding) String() string {
|
||||
func (*CoreServiceBinding) ProtoMessage() {}
|
||||
|
||||
func (x *CoreServiceBinding) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_v1_manifest_proto_msgTypes[13]
|
||||
mi := &file_v1_manifest_proto_msgTypes[14]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
@ -1279,7 +1392,7 @@ func (x *CoreServiceBinding) ProtoReflect() protoreflect.Message {
|
||||
|
||||
// Deprecated: Use CoreServiceBinding.ProtoReflect.Descriptor instead.
|
||||
func (*CoreServiceBinding) Descriptor() ([]byte, []int) {
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{13}
|
||||
return file_v1_manifest_proto_rawDescGZIP(), []int{14}
|
||||
}
|
||||
|
||||
func (x *CoreServiceBinding) GetServiceName() string {
|
||||
@ -1300,7 +1413,7 @@ var File_v1_manifest_proto protoreflect.FileDescriptor
|
||||
|
||||
const file_v1_manifest_proto_rawDesc = "" +
|
||||
"\n" +
|
||||
"\x11v1/manifest.proto\x12\x06abi.v1\"\x8e\r\n" +
|
||||
"\x11v1/manifest.proto\x12\x06abi.v1\"\xaf\x0e\n" +
|
||||
"\x0ePluginManifest\x12\x1f\n" +
|
||||
"\vabi_version\x18\x01 \x01(\rR\n" +
|
||||
"abiVersion\x12\x12\n" +
|
||||
@ -1338,10 +1451,17 @@ const file_v1_manifest_proto_rawDesc = "" +
|
||||
"\bdata_dir\x18\x1e \x01(\bR\adataDir\x12#\n" +
|
||||
"\rdeclared_tags\x18\x1f \x03(\tR\fdeclaredTags\x12)\n" +
|
||||
"\x10declared_filters\x18 \x03(\tR\x0fdeclaredFilters\x12\x1a\n" +
|
||||
"\bcodeless\x18! \x01(\bR\bcodeless\x1aB\n" +
|
||||
"\bcodeless\x18! \x01(\bR\bcodeless\x12#\n" +
|
||||
"\rallowed_hosts\x18\" \x03(\tR\fallowedHosts\x12&\n" +
|
||||
"\x0fmax_response_mb\x18# \x01(\rR\rmaxResponseMb\x128\n" +
|
||||
"\rpublic_routes\x18$ \x03(\v2\x13.abi.v1.PublicRouteR\fpublicRoutes\x12\x18\n" +
|
||||
"\asitemap\x18% \x01(\bR\asitemap\x1aB\n" +
|
||||
"\x14RbacMethodRolesEntry\x12\x10\n" +
|
||||
"\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" +
|
||||
"\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"a\n" +
|
||||
"\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"9\n" +
|
||||
"\vPublicRoute\x12\x12\n" +
|
||||
"\x04path\x18\x01 \x01(\tR\x04path\x12\x16\n" +
|
||||
"\x06prefix\x18\x02 \x01(\bR\x06prefix\"a\n" +
|
||||
"\n" +
|
||||
"Dependency\x12\x16\n" +
|
||||
"\x06plugin\x18\x01 \x01(\tR\x06plugin\x12\x1f\n" +
|
||||
@ -1435,50 +1555,52 @@ func file_v1_manifest_proto_rawDescGZIP() []byte {
|
||||
return file_v1_manifest_proto_rawDescData
|
||||
}
|
||||
|
||||
var file_v1_manifest_proto_msgTypes = make([]protoimpl.MessageInfo, 18)
|
||||
var file_v1_manifest_proto_msgTypes = make([]protoimpl.MessageInfo, 19)
|
||||
var file_v1_manifest_proto_goTypes = []any{
|
||||
(*PluginManifest)(nil), // 0: abi.v1.PluginManifest
|
||||
(*Dependency)(nil), // 1: abi.v1.Dependency
|
||||
(*BlockMeta)(nil), // 2: abi.v1.BlockMeta
|
||||
(*BlockTemplateOverride)(nil), // 3: abi.v1.BlockTemplateOverride
|
||||
(*SystemTemplateMeta)(nil), // 4: abi.v1.SystemTemplateMeta
|
||||
(*PageTemplateMeta)(nil), // 5: abi.v1.PageTemplateMeta
|
||||
(*AdminPage)(nil), // 6: abi.v1.AdminPage
|
||||
(*AiAction)(nil), // 7: abi.v1.AiAction
|
||||
(*CssManifest)(nil), // 8: abi.v1.CssManifest
|
||||
(*DirectoryExtensions)(nil), // 9: abi.v1.DirectoryExtensions
|
||||
(*BadgeLabel)(nil), // 10: abi.v1.BadgeLabel
|
||||
(*MasterPageDefinition)(nil), // 11: abi.v1.MasterPageDefinition
|
||||
(*MasterPageBlock)(nil), // 12: abi.v1.MasterPageBlock
|
||||
(*CoreServiceBinding)(nil), // 13: abi.v1.CoreServiceBinding
|
||||
nil, // 14: abi.v1.PluginManifest.RbacMethodRolesEntry
|
||||
nil, // 15: abi.v1.CssManifest.NpmPackagesEntry
|
||||
nil, // 16: abi.v1.DirectoryExtensions.BadgeLabelsEntry
|
||||
nil, // 17: abi.v1.CoreServiceBinding.MethodRolesEntry
|
||||
(*PublicRoute)(nil), // 1: abi.v1.PublicRoute
|
||||
(*Dependency)(nil), // 2: abi.v1.Dependency
|
||||
(*BlockMeta)(nil), // 3: abi.v1.BlockMeta
|
||||
(*BlockTemplateOverride)(nil), // 4: abi.v1.BlockTemplateOverride
|
||||
(*SystemTemplateMeta)(nil), // 5: abi.v1.SystemTemplateMeta
|
||||
(*PageTemplateMeta)(nil), // 6: abi.v1.PageTemplateMeta
|
||||
(*AdminPage)(nil), // 7: abi.v1.AdminPage
|
||||
(*AiAction)(nil), // 8: abi.v1.AiAction
|
||||
(*CssManifest)(nil), // 9: abi.v1.CssManifest
|
||||
(*DirectoryExtensions)(nil), // 10: abi.v1.DirectoryExtensions
|
||||
(*BadgeLabel)(nil), // 11: abi.v1.BadgeLabel
|
||||
(*MasterPageDefinition)(nil), // 12: abi.v1.MasterPageDefinition
|
||||
(*MasterPageBlock)(nil), // 13: abi.v1.MasterPageBlock
|
||||
(*CoreServiceBinding)(nil), // 14: abi.v1.CoreServiceBinding
|
||||
nil, // 15: abi.v1.PluginManifest.RbacMethodRolesEntry
|
||||
nil, // 16: abi.v1.CssManifest.NpmPackagesEntry
|
||||
nil, // 17: abi.v1.DirectoryExtensions.BadgeLabelsEntry
|
||||
nil, // 18: abi.v1.CoreServiceBinding.MethodRolesEntry
|
||||
}
|
||||
var file_v1_manifest_proto_depIdxs = []int32{
|
||||
1, // 0: abi.v1.PluginManifest.dependencies:type_name -> abi.v1.Dependency
|
||||
2, // 1: abi.v1.PluginManifest.blocks:type_name -> abi.v1.BlockMeta
|
||||
3, // 2: abi.v1.PluginManifest.block_template_overrides:type_name -> abi.v1.BlockTemplateOverride
|
||||
4, // 3: abi.v1.PluginManifest.system_templates:type_name -> abi.v1.SystemTemplateMeta
|
||||
5, // 4: abi.v1.PluginManifest.page_templates:type_name -> abi.v1.PageTemplateMeta
|
||||
6, // 5: abi.v1.PluginManifest.admin_pages:type_name -> abi.v1.AdminPage
|
||||
11, // 6: abi.v1.PluginManifest.master_pages:type_name -> abi.v1.MasterPageDefinition
|
||||
7, // 7: abi.v1.PluginManifest.ai_actions:type_name -> abi.v1.AiAction
|
||||
14, // 8: abi.v1.PluginManifest.rbac_method_roles:type_name -> abi.v1.PluginManifest.RbacMethodRolesEntry
|
||||
8, // 9: abi.v1.PluginManifest.css_manifest:type_name -> abi.v1.CssManifest
|
||||
9, // 10: abi.v1.PluginManifest.directory_extensions:type_name -> abi.v1.DirectoryExtensions
|
||||
13, // 11: abi.v1.PluginManifest.core_service_bindings:type_name -> abi.v1.CoreServiceBinding
|
||||
15, // 12: abi.v1.CssManifest.npm_packages:type_name -> abi.v1.CssManifest.NpmPackagesEntry
|
||||
16, // 13: abi.v1.DirectoryExtensions.badge_labels:type_name -> abi.v1.DirectoryExtensions.BadgeLabelsEntry
|
||||
12, // 14: abi.v1.MasterPageDefinition.blocks:type_name -> abi.v1.MasterPageBlock
|
||||
17, // 15: abi.v1.CoreServiceBinding.method_roles:type_name -> abi.v1.CoreServiceBinding.MethodRolesEntry
|
||||
10, // 16: abi.v1.DirectoryExtensions.BadgeLabelsEntry.value:type_name -> abi.v1.BadgeLabel
|
||||
17, // [17:17] is the sub-list for method output_type
|
||||
17, // [17:17] is the sub-list for method input_type
|
||||
17, // [17:17] is the sub-list for extension type_name
|
||||
17, // [17:17] is the sub-list for extension extendee
|
||||
0, // [0:17] is the sub-list for field type_name
|
||||
2, // 0: abi.v1.PluginManifest.dependencies:type_name -> abi.v1.Dependency
|
||||
3, // 1: abi.v1.PluginManifest.blocks:type_name -> abi.v1.BlockMeta
|
||||
4, // 2: abi.v1.PluginManifest.block_template_overrides:type_name -> abi.v1.BlockTemplateOverride
|
||||
5, // 3: abi.v1.PluginManifest.system_templates:type_name -> abi.v1.SystemTemplateMeta
|
||||
6, // 4: abi.v1.PluginManifest.page_templates:type_name -> abi.v1.PageTemplateMeta
|
||||
7, // 5: abi.v1.PluginManifest.admin_pages:type_name -> abi.v1.AdminPage
|
||||
12, // 6: abi.v1.PluginManifest.master_pages:type_name -> abi.v1.MasterPageDefinition
|
||||
8, // 7: abi.v1.PluginManifest.ai_actions:type_name -> abi.v1.AiAction
|
||||
15, // 8: abi.v1.PluginManifest.rbac_method_roles:type_name -> abi.v1.PluginManifest.RbacMethodRolesEntry
|
||||
9, // 9: abi.v1.PluginManifest.css_manifest:type_name -> abi.v1.CssManifest
|
||||
10, // 10: abi.v1.PluginManifest.directory_extensions:type_name -> abi.v1.DirectoryExtensions
|
||||
14, // 11: abi.v1.PluginManifest.core_service_bindings:type_name -> abi.v1.CoreServiceBinding
|
||||
1, // 12: abi.v1.PluginManifest.public_routes:type_name -> abi.v1.PublicRoute
|
||||
16, // 13: abi.v1.CssManifest.npm_packages:type_name -> abi.v1.CssManifest.NpmPackagesEntry
|
||||
17, // 14: abi.v1.DirectoryExtensions.badge_labels:type_name -> abi.v1.DirectoryExtensions.BadgeLabelsEntry
|
||||
13, // 15: abi.v1.MasterPageDefinition.blocks:type_name -> abi.v1.MasterPageBlock
|
||||
18, // 16: abi.v1.CoreServiceBinding.method_roles:type_name -> abi.v1.CoreServiceBinding.MethodRolesEntry
|
||||
11, // 17: abi.v1.DirectoryExtensions.BadgeLabelsEntry.value:type_name -> abi.v1.BadgeLabel
|
||||
18, // [18:18] is the sub-list for method output_type
|
||||
18, // [18:18] is the sub-list for method input_type
|
||||
18, // [18:18] is the sub-list for extension type_name
|
||||
18, // [18:18] is the sub-list for extension extendee
|
||||
0, // [0:18] is the sub-list for field type_name
|
||||
}
|
||||
|
||||
func init() { file_v1_manifest_proto_init() }
|
||||
@ -1486,14 +1608,14 @@ func file_v1_manifest_proto_init() {
|
||||
if File_v1_manifest_proto != nil {
|
||||
return
|
||||
}
|
||||
file_v1_manifest_proto_msgTypes[12].OneofWrappers = []any{}
|
||||
file_v1_manifest_proto_msgTypes[13].OneofWrappers = []any{}
|
||||
type x struct{}
|
||||
out := protoimpl.TypeBuilder{
|
||||
File: protoimpl.DescBuilder{
|
||||
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
||||
RawDescriptor: unsafe.Slice(unsafe.StringData(file_v1_manifest_proto_rawDesc), len(file_v1_manifest_proto_rawDesc)),
|
||||
NumEnums: 0,
|
||||
NumMessages: 18,
|
||||
NumMessages: 19,
|
||||
NumExtensions: 0,
|
||||
NumServices: 0,
|
||||
},
|
||||
|
||||
@ -13,6 +13,17 @@ type MediaValue struct {
|
||||
Filename string // Original filename
|
||||
Width int // Image width in pixels
|
||||
Height int // Image height in pixels
|
||||
// Attribution is the stock-source credit (Pexels import), nil for
|
||||
// ordinary uploads. JSON tags mirror the CMS media row's attribution JSONB.
|
||||
Attribution *MediaAttribution
|
||||
}
|
||||
|
||||
// MediaAttribution is the stock-source credit for imported media.
|
||||
type MediaAttribution struct {
|
||||
Source string `json:"source"`
|
||||
SourceURL string `json:"source_url"`
|
||||
Photographer string `json:"photographer"`
|
||||
PhotographerURL string `json:"photographer_url"`
|
||||
}
|
||||
|
||||
// String renders the default <img> tag representation.
|
||||
|
||||
46
datatables/datatables.go
Normal file
46
datatables/datatables.go
Normal file
@ -0,0 +1,46 @@
|
||||
// Package datatables gives plugins typed access to site data tables (the Data
|
||||
// Platform's data_tables/data_table_rows), which the per-plugin Postgres role
|
||||
// deliberately cannot reach with raw SQL. The CMS implements this interface
|
||||
// host-side and wires it into CoreServices; row payloads cross the ABI as JSON.
|
||||
package datatables
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// DataTables provides read/write access to site data tables for plugins.
|
||||
type DataTables interface {
|
||||
// GetTableByKey resolves a data table by its stable key (e.g. "playgrounds").
|
||||
GetTableByKey(ctx context.Context, tableKey string) (*Table, error)
|
||||
// GetRow fetches a single row by ID.
|
||||
GetRow(ctx context.Context, rowID uuid.UUID) (*Row, error)
|
||||
// ListRows pages through a table's rows in sort order. limit <= 0 applies
|
||||
// the host default.
|
||||
ListRows(ctx context.Context, tableID uuid.UUID, limit, offset int32) ([]Row, error)
|
||||
// CreateRow appends a row with the given JSON object payload.
|
||||
CreateRow(ctx context.Context, tableID uuid.UUID, dataJSON []byte) (*Row, error)
|
||||
// UpdateRowData replaces a row's JSON payload, preserving its sort order.
|
||||
UpdateRowData(ctx context.Context, rowID uuid.UUID, dataJSON []byte) (*Row, error)
|
||||
// FindRowByField returns the first row whose data->>field equals value, or
|
||||
// (nil, nil) when no row matches.
|
||||
FindRowByField(ctx context.Context, tableID uuid.UUID, field, value string) (*Row, error)
|
||||
}
|
||||
|
||||
// Table is a plugin-facing view of a data table.
|
||||
type Table struct {
|
||||
ID uuid.UUID
|
||||
TableKey string
|
||||
Name string
|
||||
RowCount int32
|
||||
}
|
||||
|
||||
// Row is a plugin-facing view of a data table row. DataJSON is the row's data
|
||||
// column verbatim (a JSON object).
|
||||
type Row struct {
|
||||
ID uuid.UUID
|
||||
TableID uuid.UUID
|
||||
DataJSON []byte
|
||||
SortOrder int32
|
||||
}
|
||||
183
egress/egress.go
Normal file
183
egress/egress.go
Normal file
@ -0,0 +1,183 @@
|
||||
// Package egress defines the wire-independent policy for host-mediated plugin
|
||||
// HTTP egress (ADR 0023, cms repo): the host-pattern grammar and matching, the
|
||||
// default resource bounds, and the ErrDenied sentinel. Both the guest SDK
|
||||
// (validating plugin.mod at build) and the cms host (enforcing grants at
|
||||
// fetch) import this package so the pattern semantics have exactly one
|
||||
// definition.
|
||||
package egress
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/net/publicsuffix"
|
||||
)
|
||||
|
||||
// ErrDenied marks an egress request refused by policy — host not granted,
|
||||
// grant revoked, platform-denylisted, or an off-allowlist redirect. It is
|
||||
// deliberately distinct from a network failure: a plugin can catch it and
|
||||
// degrade gracefully. It maps to ABI_ERROR_CODE_EGRESS_DENIED across the wire.
|
||||
var ErrDenied = errors.New("egress denied")
|
||||
|
||||
const (
|
||||
// DefaultMaxResponseBytes is the per-request response cap when a plugin
|
||||
// declares no larger one. Oversize fails the request, never truncates.
|
||||
DefaultMaxResponseBytes = 10 << 20
|
||||
// MaxRequestBytes caps the request body a guest may marshal across the
|
||||
// host_call boundary.
|
||||
MaxRequestBytes = 10 << 20
|
||||
// DefaultPort is the port a host pattern authorizes when it names none.
|
||||
DefaultPort = 443
|
||||
)
|
||||
|
||||
// Pattern is one parsed allowed_hosts entry: an exact host or a left-anchored
|
||||
// multi-label wildcard, optionally pinned to a non-default port.
|
||||
type Pattern struct {
|
||||
// host is the bare hostname (wildcard: the base domain after "*.").
|
||||
host string
|
||||
wildcard bool
|
||||
port int
|
||||
}
|
||||
|
||||
// ParsePattern parses and validates one allowed_hosts entry. It rejects bare
|
||||
// "*", public-suffix wildcards ("*.com", "*.co.uk"), embedded schemes/paths,
|
||||
// and malformed ports. A leading "*." marks a multi-label wildcard whose base
|
||||
// must be a registrable domain (≥2 labels and not itself a public suffix).
|
||||
func ParsePattern(raw string) (Pattern, error) {
|
||||
s := strings.TrimSpace(strings.ToLower(raw))
|
||||
if s == "" {
|
||||
return Pattern{}, fmt.Errorf("empty host pattern")
|
||||
}
|
||||
if strings.ContainsAny(s, "/:@") && !strings.Contains(s, ":") {
|
||||
return Pattern{}, fmt.Errorf("host pattern %q must be a bare host, not a URL", raw)
|
||||
}
|
||||
if strings.Contains(s, "://") || strings.ContainsAny(s, "/@") {
|
||||
return Pattern{}, fmt.Errorf("host pattern %q must be a bare host, not a URL", raw)
|
||||
}
|
||||
|
||||
port := DefaultPort
|
||||
host := s
|
||||
if h, p, ok := splitHostPort(s); ok {
|
||||
host = h
|
||||
parsed, err := strconv.Atoi(p)
|
||||
if err != nil || parsed < 1 || parsed > 65535 {
|
||||
return Pattern{}, fmt.Errorf("host pattern %q has an invalid port", raw)
|
||||
}
|
||||
port = parsed
|
||||
}
|
||||
|
||||
wildcard := false
|
||||
if strings.HasPrefix(host, "*.") {
|
||||
wildcard = true
|
||||
host = strings.TrimPrefix(host, "*.")
|
||||
if host == "" || strings.Contains(host, "*") {
|
||||
return Pattern{}, fmt.Errorf("host pattern %q: only a single leading %q wildcard is allowed", raw, "*.")
|
||||
}
|
||||
if strings.Count(host, ".") < 1 {
|
||||
return Pattern{}, fmt.Errorf("host pattern %q: wildcard base must be a registrable domain (e.g. *.cal.com)", raw)
|
||||
}
|
||||
if suffix, _ := publicsuffix.PublicSuffix(host); suffix == host {
|
||||
return Pattern{}, fmt.Errorf("host pattern %q: cannot wildcard a public suffix", raw)
|
||||
}
|
||||
}
|
||||
if host == "" || strings.Contains(host, "*") {
|
||||
return Pattern{}, fmt.Errorf("host pattern %q is malformed", raw)
|
||||
}
|
||||
if !validHostname(host) {
|
||||
return Pattern{}, fmt.Errorf("host pattern %q is not a valid hostname", raw)
|
||||
}
|
||||
return Pattern{host: host, wildcard: wildcard, port: port}, nil
|
||||
}
|
||||
|
||||
// matches reports whether this pattern authorizes host:port.
|
||||
func (p Pattern) matches(host string, port int) bool {
|
||||
if port != p.port {
|
||||
return false
|
||||
}
|
||||
host = strings.ToLower(strings.TrimSuffix(host, "."))
|
||||
if p.wildcard {
|
||||
return strings.HasSuffix(host, "."+p.host)
|
||||
}
|
||||
return host == p.host
|
||||
}
|
||||
|
||||
// Allowlist is a plugin's parsed egress grant.
|
||||
type Allowlist []Pattern
|
||||
|
||||
// ParseAllowlist parses every entry, failing on the first invalid one.
|
||||
func ParseAllowlist(raw []string) (Allowlist, error) {
|
||||
out := make(Allowlist, 0, len(raw))
|
||||
for _, r := range raw {
|
||||
p, err := ParsePattern(r)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out = append(out, p)
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
// Allows returns nil if u is authorized by this allowlist, else an ErrDenied.
|
||||
// It enforces the https-only scheme rule and the port pinning; the caller
|
||||
// still applies the SSRF IP guard and platform denylist.
|
||||
func (a Allowlist) Allows(u *url.URL) error {
|
||||
if u == nil {
|
||||
return fmt.Errorf("%w: nil URL", ErrDenied)
|
||||
}
|
||||
if strings.ToLower(u.Scheme) != "https" {
|
||||
return fmt.Errorf("%w: %q is not https", ErrDenied, u.Scheme)
|
||||
}
|
||||
host := u.Hostname()
|
||||
if host == "" {
|
||||
return fmt.Errorf("%w: missing host", ErrDenied)
|
||||
}
|
||||
port := DefaultPort
|
||||
if p := u.Port(); p != "" {
|
||||
parsed, err := strconv.Atoi(p)
|
||||
if err != nil {
|
||||
return fmt.Errorf("%w: invalid port", ErrDenied)
|
||||
}
|
||||
port = parsed
|
||||
}
|
||||
for _, pat := range a {
|
||||
if pat.matches(host, port) {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return fmt.Errorf("%w: host %q not in allowlist", ErrDenied, u.Host)
|
||||
}
|
||||
|
||||
func splitHostPort(s string) (host, port string, ok bool) {
|
||||
i := strings.LastIndex(s, ":")
|
||||
if i < 0 {
|
||||
return "", "", false
|
||||
}
|
||||
// Reject bracketed IPv6 / multiple colons — patterns are hostnames.
|
||||
if strings.Contains(s[:i], ":") {
|
||||
return "", "", false
|
||||
}
|
||||
return s[:i], s[i+1:], true
|
||||
}
|
||||
|
||||
func validHostname(h string) bool {
|
||||
if len(h) > 253 {
|
||||
return false
|
||||
}
|
||||
for _, label := range strings.Split(h, ".") {
|
||||
if label == "" || len(label) > 63 {
|
||||
return false
|
||||
}
|
||||
for _, r := range label {
|
||||
if !(r >= 'a' && r <= 'z') && !(r >= '0' && r <= '9') && r != '-' {
|
||||
return false
|
||||
}
|
||||
}
|
||||
if label[0] == '-' || label[len(label)-1] == '-' {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
67
egress/egress_test.go
Normal file
67
egress/egress_test.go
Normal file
@ -0,0 +1,67 @@
|
||||
package egress
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"net/url"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestParsePatternRejects(t *testing.T) {
|
||||
for _, raw := range []string{
|
||||
"", "*", "*.com", "*.co.uk", "*.uk",
|
||||
"https://api.cal.com", "api.cal.com/path", "user@api.cal.com",
|
||||
"*.*.cal.com", "api.cal.com:0", "api.cal.com:99999",
|
||||
"*.", "-bad.com", "bad-.com",
|
||||
} {
|
||||
if _, err := ParsePattern(raw); err == nil {
|
||||
t.Errorf("ParsePattern(%q) = nil error, want rejection", raw)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestParsePatternAccepts(t *testing.T) {
|
||||
for _, raw := range []string{
|
||||
"api.cal.com", "*.cal.com", "example.com",
|
||||
"api.example.com:8443", "sub.deep.example.org",
|
||||
} {
|
||||
if _, err := ParsePattern(raw); err != nil {
|
||||
t.Errorf("ParsePattern(%q) = %v, want accept", raw, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestAllowlistAllows(t *testing.T) {
|
||||
al, err := ParseAllowlist([]string{"api.cal.com", "*.example.org", "api.svc.com:8443"})
|
||||
if err != nil {
|
||||
t.Fatalf("ParseAllowlist: %v", err)
|
||||
}
|
||||
tests := []struct {
|
||||
url string
|
||||
allow bool
|
||||
}{
|
||||
{"https://api.cal.com/v1/slots", true},
|
||||
{"https://api.cal.com:443/v1/slots", true},
|
||||
{"https://cal.com/", false}, // apex not matched by exact api.cal.com
|
||||
{"http://api.cal.com/", false}, // http refused
|
||||
{"https://api.cal.com:8443/", false}, // wrong port
|
||||
{"https://a.example.org/", true}, // wildcard depth 1
|
||||
{"https://a.b.c.example.org/", true}, // wildcard multi-label
|
||||
{"https://example.org/", false}, // wildcard excludes apex
|
||||
{"https://evilexample.org/", false}, // suffix must be dot-anchored
|
||||
{"https://api.svc.com:8443/", true}, // explicit port
|
||||
{"https://api.svc.com/", false}, // default port not authorized
|
||||
}
|
||||
for _, tt := range tests {
|
||||
u, _ := url.Parse(tt.url)
|
||||
err := al.Allows(u)
|
||||
if tt.allow && err != nil {
|
||||
t.Errorf("Allows(%q) = %v, want allow", tt.url, err)
|
||||
}
|
||||
if !tt.allow && err == nil {
|
||||
t.Errorf("Allows(%q) = nil, want deny", tt.url)
|
||||
}
|
||||
if !tt.allow && err != nil && !errors.Is(err, ErrDenied) {
|
||||
t.Errorf("Allows(%q) denial not ErrDenied: %v", tt.url, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
6
go.mod
6
go.mod
@ -4,19 +4,19 @@ go 1.26.4
|
||||
|
||||
require (
|
||||
connectrpc.com/connect v1.20.0
|
||||
git.dev.alexdunmow.com/block/ninjatpl v1.0.2
|
||||
github.com/BurntSushi/toml v1.6.0
|
||||
github.com/a-h/templ v0.3.1020
|
||||
github.com/google/uuid v1.6.0
|
||||
github.com/jackc/pgx/v5 v5.10.0
|
||||
github.com/tetratelabs/wazero v1.12.0
|
||||
golang.org/x/mod v0.37.0
|
||||
golang.org/x/net v0.56.0
|
||||
google.golang.org/protobuf v1.36.11
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/jackc/pgpassfile v1.0.0 // indirect
|
||||
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
|
||||
golang.org/x/sys v0.44.0 // indirect
|
||||
golang.org/x/text v0.33.0 // indirect
|
||||
golang.org/x/sys v0.46.0 // indirect
|
||||
golang.org/x/text v0.38.0 // indirect
|
||||
)
|
||||
|
||||
16
go.sum
16
go.sum
@ -1,7 +1,5 @@
|
||||
connectrpc.com/connect v1.20.0 h1:6TNDAB+WeNd2uolWNlYczB5E0KNNaVMNUEx8JEUsPmQ=
|
||||
connectrpc.com/connect v1.20.0/go.mod h1:A2ygJrukXwWy32vkCAAHNVguZrqZ+jeZ9rGRnGR4dN4=
|
||||
git.dev.alexdunmow.com/block/ninjatpl v1.0.2 h1:KQS90HNW35PSzvwDZ3Z9OOwX3OSjX0x62w0AtOYps8s=
|
||||
git.dev.alexdunmow.com/block/ninjatpl v1.0.2/go.mod h1:WrLz0KysnP5EzJlRCkU2VC1uvazyAXZR99Tn+3Mx1pw=
|
||||
github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk=
|
||||
github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
|
||||
github.com/a-h/templ v0.3.1020 h1:ypAT/L5ySWEnZ6Zft/5yfoWXYYkhFNvEFOeeqecg4tw=
|
||||
@ -32,12 +30,14 @@ github.com/tetratelabs/wazero v1.12.0 h1:DuWcpNu/FzgEXgGBDp8J1Spc+CWOvvtvVyjKlaZ
|
||||
github.com/tetratelabs/wazero v1.12.0/go.mod h1:LvKtzl2RqO4gyF27BiXU+nKAjcV8f38U+kP/q2vgxh0=
|
||||
golang.org/x/mod v0.37.0 h1:vF1DjpVEshcIqoEaauuHebaLk1O1forxjxBaVn884JQ=
|
||||
golang.org/x/mod v0.37.0/go.mod h1:m8S8VeM9r4dzDwjrKO0a1sZP3YjeMamRRlD+fmR2Q/0=
|
||||
golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
|
||||
golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
|
||||
golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
|
||||
golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
||||
golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
|
||||
golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
|
||||
golang.org/x/net v0.56.0 h1:Rw8j/hFzGvJUZwNBXnAtf5sVDVt+65SK2C7IxCxZt5o=
|
||||
golang.org/x/net v0.56.0/go.mod h1:D3Ku6r+V6JROoZK144D2XfMHFcMq/0zSfLelVTCFKec=
|
||||
golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
|
||||
golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
|
||||
golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
|
||||
golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
||||
golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE=
|
||||
golang.org/x/text v0.38.0/go.mod h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4=
|
||||
google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
|
||||
google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
|
||||
@ -2,6 +2,7 @@ package plugin
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"connectrpc.com/connect"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/ai"
|
||||
@ -9,6 +10,7 @@ import (
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/content"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/crypto"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/datasources"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/datatables"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/gating"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/menus"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/settings"
|
||||
@ -26,6 +28,7 @@ type CoreServices struct {
|
||||
Crypto crypto.Crypto
|
||||
Menus menus.Menus
|
||||
Datasources datasources.Datasources
|
||||
DataTables datatables.DataTables
|
||||
PublicUsers auth.PublicUsers
|
||||
Subscriptions subscriptions.Subscriptions
|
||||
|
||||
@ -52,6 +55,13 @@ type CoreServices struct {
|
||||
// Plugin interop
|
||||
Bridge PluginBridge
|
||||
|
||||
// OutboundHTTP is the host-mediated egress transport (ADR 0023, cms repo).
|
||||
// Plugins make outbound requests through &http.Client{Transport:
|
||||
// deps.OutboundHTTP}; the host enforces the plugin's allowed_hosts grant,
|
||||
// the SSRF guard, and the platform denylist. Nil when the plugin declared
|
||||
// no allowed_hosts — a request through it fails closed.
|
||||
OutboundHTTP http.RoundTripper
|
||||
|
||||
// Core RPC services — pre-built bindings for CMS-provided services
|
||||
CoreServiceBindings CoreServiceBindings
|
||||
ReviewSubmitter ReviewSubmitter
|
||||
|
||||
@ -53,6 +53,40 @@ type ModPlugin struct {
|
||||
// packed manifest (PluginManifest.data_dir); the .bnp reader also reads it
|
||||
// straight from plugin.mod as a fallback. OFF by default.
|
||||
DataDir bool `toml:"data_dir,omitempty"`
|
||||
// AllowedHosts declares the egress host patterns the plugin needs for
|
||||
// http.request (ADR 0023, cms repo): an exact hostname or a left-anchored
|
||||
// multi-label wildcard (e.g. "*.cal.com"), each https/443 unless the entry
|
||||
// names an explicit port. First-class for the same reason as DataDir — the
|
||||
// writeMod round-trip drops any key without a struct home. `ninja plugin
|
||||
// build` validates the patterns and stamps them into the manifest
|
||||
// (PluginManifest.allowed_hosts). Empty means no egress.
|
||||
AllowedHosts []string `toml:"allowed_hosts,omitempty"`
|
||||
// MaxResponseMB requests a larger per-request http.request response cap
|
||||
// than the 10 MB default. Rides the same admin grant as AllowedHosts. Zero
|
||||
// means the default.
|
||||
MaxResponseMB uint32 `toml:"max_response_mb,omitempty"`
|
||||
// PublicRoutes declares site-root paths the plugin serves through its
|
||||
// HTTP handler (ADR 0026, cms repo): exact paths and path prefixes the
|
||||
// host mounts at the public site root. First-class for the same reason as
|
||||
// DataDir and AllowedHosts: the writeMod round-trip drops any key without
|
||||
// a struct home, and a dropped route claim silently unmounts live SEO
|
||||
// URLs on the next publish. `ninja plugin build` validates the claims
|
||||
// (ValidatePublicRoutes) and stamps them into the manifest
|
||||
// (PluginManifest.public_routes). Empty means the plugin serves HTTP only
|
||||
// under /api/plugins/<name>.
|
||||
PublicRoutes []ModPublicRoute `toml:"public_routes,omitempty"`
|
||||
// Sitemap requests sitemap contribution: when true the host fetches
|
||||
// entries from the plugin's well-known sitemap endpoint and merges them
|
||||
// into the site sitemap. Stamped into the manifest alongside
|
||||
// PublicRoutes; requires an HTTP handler.
|
||||
Sitemap bool `toml:"sitemap,omitempty"`
|
||||
}
|
||||
|
||||
// ModPublicRoute is one site-root path claim in plugin.mod, e.g.
|
||||
// { path = "/area", prefix = true }.
|
||||
type ModPublicRoute struct {
|
||||
Path string `toml:"path"`
|
||||
Prefix bool `toml:"prefix,omitempty"`
|
||||
}
|
||||
|
||||
type ModCompat struct {
|
||||
|
||||
90
plugin/public_routes.go
Normal file
90
plugin/public_routes.go
Normal file
@ -0,0 +1,90 @@
|
||||
package plugin
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"regexp"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// MaxPublicRoutes caps the number of site-root claims a single plugin may
|
||||
// declare. Generous: real plugins claim a handful of SEO prefixes.
|
||||
const MaxPublicRoutes = 64
|
||||
|
||||
// ReservedRoutePrefixes are site-root prefixes plugins may never claim: the
|
||||
// admin SPA, the namespaced plugin HTTP mount, and the realtime websocket.
|
||||
// A claim equal to or under one of these is rejected, as is a prefix claim
|
||||
// that would cover one (e.g. prefix "/api" covers "/api/plugins").
|
||||
var ReservedRoutePrefixes = []string{"/admin", "/api/plugins", "/ws"}
|
||||
|
||||
// routeSegmentRe matches one path segment: URL-safe unreserved characters.
|
||||
var routeSegmentRe = regexp.MustCompile(`^[A-Za-z0-9._~-]+$`)
|
||||
|
||||
// ValidatePublicRoutes checks a plugin.mod public_routes declaration. It
|
||||
// returns an error listing every offending entry so authors fix them in one
|
||||
// pass.
|
||||
//
|
||||
// Rules:
|
||||
// - at most MaxPublicRoutes entries
|
||||
// - each path is absolute ("/..."), not the site root "/" itself
|
||||
// - segments are non-empty (no "//", no trailing "/"), never "." or "..",
|
||||
// and use URL-safe unreserved characters only
|
||||
// - no claim equal to or under a reserved prefix (ReservedRoutePrefixes),
|
||||
// and no prefix claim that covers a reserved prefix
|
||||
// - no duplicate paths
|
||||
func ValidatePublicRoutes(routes []ModPublicRoute) error {
|
||||
if len(routes) > MaxPublicRoutes {
|
||||
return fmt.Errorf("too many public_routes: got %d, max %d", len(routes), MaxPublicRoutes)
|
||||
}
|
||||
seen := make(map[string]struct{}, len(routes))
|
||||
var bad []string
|
||||
for _, r := range routes {
|
||||
if reason := checkRoutePath(r); reason != "" {
|
||||
bad = append(bad, fmt.Sprintf("%q (%s)", r.Path, reason))
|
||||
continue
|
||||
}
|
||||
if _, dup := seen[r.Path]; dup {
|
||||
bad = append(bad, fmt.Sprintf("%q (duplicate path)", r.Path))
|
||||
continue
|
||||
}
|
||||
seen[r.Path] = struct{}{}
|
||||
}
|
||||
if len(bad) > 0 {
|
||||
return fmt.Errorf("invalid public_routes: %s", strings.Join(bad, "; "))
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkRoutePath(r ModPublicRoute) string {
|
||||
p := r.Path
|
||||
if p == "" {
|
||||
return "empty path"
|
||||
}
|
||||
if !strings.HasPrefix(p, "/") {
|
||||
return "path must be absolute, starting with /"
|
||||
}
|
||||
if p == "/" {
|
||||
return "cannot claim the site root"
|
||||
}
|
||||
if strings.HasSuffix(p, "/") {
|
||||
return "no trailing slash; set prefix = true to claim the subtree"
|
||||
}
|
||||
for _, seg := range strings.Split(p[1:], "/") {
|
||||
switch {
|
||||
case seg == "":
|
||||
return "empty path segment"
|
||||
case seg == "." || seg == "..":
|
||||
return "path traversal segment"
|
||||
case !routeSegmentRe.MatchString(seg):
|
||||
return fmt.Sprintf("segment %q has characters outside [A-Za-z0-9._~-]", seg)
|
||||
}
|
||||
}
|
||||
for _, reserved := range ReservedRoutePrefixes {
|
||||
if p == reserved || strings.HasPrefix(p, reserved+"/") {
|
||||
return fmt.Sprintf("reserved prefix %s", reserved)
|
||||
}
|
||||
if r.Prefix && strings.HasPrefix(reserved, p+"/") {
|
||||
return fmt.Sprintf("prefix claim covers reserved prefix %s", reserved)
|
||||
}
|
||||
}
|
||||
return ""
|
||||
}
|
||||
214
plugin/public_routes_test.go
Normal file
214
plugin/public_routes_test.go
Normal file
@ -0,0 +1,214 @@
|
||||
package plugin
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestParseModFull_PublicRoutesAndSitemap(t *testing.T) {
|
||||
src := []byte(`
|
||||
[plugin]
|
||||
name = "perthplaygrounds"
|
||||
version = "1.0.0"
|
||||
public_routes = [{ path = "/area", prefix = true }, { path = "/badges" }, { path = "/api/directory", prefix = true }]
|
||||
sitemap = true
|
||||
`)
|
||||
m, err := ParseModFull(src)
|
||||
if err != nil {
|
||||
t.Fatalf("ParseModFull err: %v", err)
|
||||
}
|
||||
routes := m.Plugin.PublicRoutes
|
||||
if len(routes) != 3 {
|
||||
t.Fatalf("PublicRoutes len = %d, want 3 (%v)", len(routes), routes)
|
||||
}
|
||||
want := []ModPublicRoute{
|
||||
{Path: "/area", Prefix: true},
|
||||
{Path: "/badges", Prefix: false},
|
||||
{Path: "/api/directory", Prefix: true},
|
||||
}
|
||||
for i, w := range want {
|
||||
if routes[i] != w {
|
||||
t.Errorf("PublicRoutes[%d] = %+v, want %+v", i, routes[i], w)
|
||||
}
|
||||
}
|
||||
if !m.Plugin.Sitemap {
|
||||
t.Errorf("Sitemap = false, want true")
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseModFull_PublicRoutesArrayOfTables(t *testing.T) {
|
||||
src := []byte(`
|
||||
[plugin]
|
||||
name = "perthplaygrounds"
|
||||
version = "1.0.0"
|
||||
|
||||
[[plugin.public_routes]]
|
||||
path = "/area"
|
||||
prefix = true
|
||||
|
||||
[[plugin.public_routes]]
|
||||
path = "/badges"
|
||||
`)
|
||||
m, err := ParseModFull(src)
|
||||
if err != nil {
|
||||
t.Fatalf("ParseModFull err: %v", err)
|
||||
}
|
||||
routes := m.Plugin.PublicRoutes
|
||||
if len(routes) != 2 {
|
||||
t.Fatalf("PublicRoutes len = %d, want 2 (%v)", len(routes), routes)
|
||||
}
|
||||
if routes[0] != (ModPublicRoute{Path: "/area", Prefix: true}) {
|
||||
t.Errorf("PublicRoutes[0] = %+v", routes[0])
|
||||
}
|
||||
if routes[1] != (ModPublicRoute{Path: "/badges"}) {
|
||||
t.Errorf("PublicRoutes[1] = %+v", routes[1])
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseModFull_PublicRoutesOmitted(t *testing.T) {
|
||||
src := []byte(`
|
||||
[plugin]
|
||||
name = "plain"
|
||||
version = "0.1.0"
|
||||
`)
|
||||
m, err := ParseModFull(src)
|
||||
if err != nil {
|
||||
t.Fatalf("ParseModFull err: %v", err)
|
||||
}
|
||||
if m.Plugin.PublicRoutes != nil {
|
||||
t.Errorf("PublicRoutes = %v, want nil when omitted", m.Plugin.PublicRoutes)
|
||||
}
|
||||
if m.Plugin.Sitemap {
|
||||
t.Errorf("Sitemap = true, want false (absent key)")
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidatePublicRoutes_HappyPath(t *testing.T) {
|
||||
err := ValidatePublicRoutes([]ModPublicRoute{
|
||||
{Path: "/area", Prefix: true},
|
||||
{Path: "/badges", Prefix: true},
|
||||
{Path: "/age", Prefix: true},
|
||||
{Path: "/api/directory", Prefix: true},
|
||||
{Path: "/api/semantic-search"},
|
||||
{Path: "/some_page.html"},
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatalf("ValidatePublicRoutes err: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidatePublicRoutes_EmptyAndNil(t *testing.T) {
|
||||
if err := ValidatePublicRoutes(nil); err != nil {
|
||||
t.Errorf("nil err: %v", err)
|
||||
}
|
||||
if err := ValidatePublicRoutes([]ModPublicRoute{}); err != nil {
|
||||
t.Errorf("empty err: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidatePublicRoutes_RejectsReservedPrefixes(t *testing.T) {
|
||||
cases := []ModPublicRoute{
|
||||
{Path: "/admin"},
|
||||
{Path: "/admin", Prefix: true},
|
||||
{Path: "/admin/settings"},
|
||||
{Path: "/api/plugins"},
|
||||
{Path: "/api/plugins/foo", Prefix: true},
|
||||
{Path: "/ws"},
|
||||
}
|
||||
for _, c := range cases {
|
||||
err := ValidatePublicRoutes([]ModPublicRoute{c})
|
||||
if err == nil {
|
||||
t.Errorf("ValidatePublicRoutes(%+v) = nil, want reserved-prefix error", c)
|
||||
continue
|
||||
}
|
||||
if !strings.Contains(err.Error(), "reserved prefix") {
|
||||
t.Errorf("error for %+v does not mention reserved prefix: %v", c, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidatePublicRoutes_RejectsPrefixCoveringReserved(t *testing.T) {
|
||||
err := ValidatePublicRoutes([]ModPublicRoute{{Path: "/api", Prefix: true}})
|
||||
if err == nil {
|
||||
t.Fatal("prefix claim /api should be rejected: it covers /api/plugins")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "covers reserved prefix /api/plugins") {
|
||||
t.Errorf("error does not explain the covered prefix: %v", err)
|
||||
}
|
||||
if err := ValidatePublicRoutes([]ModPublicRoute{{Path: "/api"}}); err != nil {
|
||||
t.Errorf("exact claim /api should be allowed: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidatePublicRoutes_RejectsMalformedPaths(t *testing.T) {
|
||||
cases := []struct {
|
||||
route ModPublicRoute
|
||||
frag string
|
||||
}{
|
||||
{ModPublicRoute{Path: ""}, "empty path"},
|
||||
{ModPublicRoute{Path: "area"}, "absolute"},
|
||||
{ModPublicRoute{Path: "/"}, "site root"},
|
||||
{ModPublicRoute{Path: "/area/"}, "trailing slash"},
|
||||
{ModPublicRoute{Path: "/area//list"}, "empty path segment"},
|
||||
{ModPublicRoute{Path: "/area/../admin"}, "traversal"},
|
||||
{ModPublicRoute{Path: "/area?x=1"}, "characters outside"},
|
||||
{ModPublicRoute{Path: "/area list"}, "characters outside"},
|
||||
}
|
||||
for _, c := range cases {
|
||||
err := ValidatePublicRoutes([]ModPublicRoute{c.route})
|
||||
if err == nil {
|
||||
t.Errorf("ValidatePublicRoutes(%q) = nil, want error", c.route.Path)
|
||||
continue
|
||||
}
|
||||
if !strings.Contains(err.Error(), c.frag) {
|
||||
t.Errorf("error for %q = %v, want mention of %q", c.route.Path, err, c.frag)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidatePublicRoutes_RejectsDuplicates(t *testing.T) {
|
||||
err := ValidatePublicRoutes([]ModPublicRoute{
|
||||
{Path: "/area"},
|
||||
{Path: "/area", Prefix: true},
|
||||
})
|
||||
if err == nil {
|
||||
t.Fatal("duplicate path should be rejected")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "duplicate path") {
|
||||
t.Errorf("error does not mention duplicate: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidatePublicRoutes_ReportsAllOffendersInOnePass(t *testing.T) {
|
||||
err := ValidatePublicRoutes([]ModPublicRoute{
|
||||
{Path: "bad"},
|
||||
{Path: "/admin/x"},
|
||||
{Path: "/fine"},
|
||||
})
|
||||
if err == nil {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
for _, frag := range []string{`"bad"`, `"/admin/x"`} {
|
||||
if !strings.Contains(err.Error(), frag) {
|
||||
t.Errorf("error %q does not mention %s", err.Error(), frag)
|
||||
}
|
||||
}
|
||||
if strings.Contains(err.Error(), `"/fine"`) {
|
||||
t.Errorf("error should not name the valid route: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidatePublicRoutes_CapEnforced(t *testing.T) {
|
||||
routes := make([]ModPublicRoute, MaxPublicRoutes+1)
|
||||
for i := range routes {
|
||||
routes[i] = ModPublicRoute{Path: fmt.Sprintf("/r%d", i)}
|
||||
}
|
||||
err := ValidatePublicRoutes(routes)
|
||||
if err == nil {
|
||||
t.Fatal("expected too-many error")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "too many public_routes") {
|
||||
t.Errorf("error %q does not mention the cap", err.Error())
|
||||
}
|
||||
}
|
||||
@ -4,6 +4,8 @@ import (
|
||||
"context"
|
||||
"errors"
|
||||
"flag"
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
@ -13,6 +15,7 @@ import (
|
||||
abiv1 "git.dev.alexdunmow.com/block/pluginsdk/abi/v1"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/ai"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/content"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/egress"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/gating"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/plugin"
|
||||
"github.com/google/uuid"
|
||||
@ -402,6 +405,90 @@ func TestCapabilityRoundTrip(t *testing.T) {
|
||||
}
|
||||
},
|
||||
},
|
||||
// --- datatables ---
|
||||
{
|
||||
name: "datatables_get_table_by_key", wantMethod: "datatables.get_table_by_key",
|
||||
resp: &abiv1.DatatablesGetTableByKeyResponse{Table: &abiv1.DataTableInfo{
|
||||
Id: idTable.String(), TableKey: "playgrounds", Name: "Playgrounds", RowCount: 678,
|
||||
}},
|
||||
run: func(t *testing.T, cs plugin.CoreServices) {
|
||||
got, err := cs.DataTables.GetTableByKey(ctx, "playgrounds")
|
||||
if err != nil || got.ID != idTable || got.TableKey != "playgrounds" || got.RowCount != 678 {
|
||||
t.Errorf("table = %+v err = %v", got, err)
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "datatables_get_row", wantMethod: "datatables.get_row",
|
||||
resp: &abiv1.DatatablesGetRowResponse{Row: &abiv1.DataTableRowInfo{
|
||||
Id: idRow.String(), TableId: idTable.String(), DataJson: []byte(`{"name":"Whiteman Park"}`), SortOrder: 3,
|
||||
}},
|
||||
run: func(t *testing.T, cs plugin.CoreServices) {
|
||||
got, err := cs.DataTables.GetRow(ctx, idRow)
|
||||
if err != nil || got.ID != idRow || got.TableID != idTable || got.SortOrder != 3 {
|
||||
t.Errorf("row = %+v err = %v", got, err)
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "datatables_list_rows", wantMethod: "datatables.list_rows",
|
||||
resp: &abiv1.DatatablesListRowsResponse{Rows: []*abiv1.DataTableRowInfo{
|
||||
{Id: idRow.String(), TableId: idTable.String(), DataJson: []byte(`{"name":"A"}`)},
|
||||
{Id: idItem.String(), TableId: idTable.String(), DataJson: []byte(`{"name":"B"}`), SortOrder: 1},
|
||||
}},
|
||||
run: func(t *testing.T, cs plugin.CoreServices) {
|
||||
got, err := cs.DataTables.ListRows(ctx, idTable, 100, 0)
|
||||
if err != nil || len(got) != 2 || got[0].ID != idRow || got[1].SortOrder != 1 {
|
||||
t.Errorf("rows = %+v err = %v", got, err)
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "datatables_create_row", wantMethod: "datatables.create_row",
|
||||
resp: &abiv1.DatatablesCreateRowResponse{Row: &abiv1.DataTableRowInfo{
|
||||
Id: idRow.String(), TableId: idTable.String(), DataJson: []byte(`{"name":"New"}`),
|
||||
}},
|
||||
run: func(t *testing.T, cs plugin.CoreServices) {
|
||||
got, err := cs.DataTables.CreateRow(ctx, idTable, []byte(`{"name":"New"}`))
|
||||
if err != nil || got.ID != idRow || string(got.DataJSON) != `{"name":"New"}` {
|
||||
t.Errorf("row = %+v err = %v", got, err)
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "datatables_update_row_data", wantMethod: "datatables.update_row_data",
|
||||
resp: &abiv1.DatatablesUpdateRowDataResponse{Row: &abiv1.DataTableRowInfo{
|
||||
Id: idRow.String(), TableId: idTable.String(), DataJson: []byte(`{"name":"Updated"}`), SortOrder: 7,
|
||||
}},
|
||||
run: func(t *testing.T, cs plugin.CoreServices) {
|
||||
got, err := cs.DataTables.UpdateRowData(ctx, idRow, []byte(`{"name":"Updated"}`))
|
||||
if err != nil || got.SortOrder != 7 || string(got.DataJSON) != `{"name":"Updated"}` {
|
||||
t.Errorf("row = %+v err = %v", got, err)
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "datatables_find_row_by_field", wantMethod: "datatables.find_row_by_field",
|
||||
resp: &abiv1.DatatablesFindRowByFieldResponse{Row: &abiv1.DataTableRowInfo{
|
||||
Id: idRow.String(), TableId: idTable.String(), DataJson: []byte(`{"google_place_id":"abc"}`),
|
||||
}},
|
||||
run: func(t *testing.T, cs plugin.CoreServices) {
|
||||
got, err := cs.DataTables.FindRowByField(ctx, idTable, "google_place_id", "abc")
|
||||
if err != nil || got == nil || got.ID != idRow {
|
||||
t.Errorf("row = %+v err = %v", got, err)
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "datatables_find_row_by_field_miss", wantMethod: "datatables.find_row_by_field",
|
||||
resp: &abiv1.DatatablesFindRowByFieldResponse{},
|
||||
run: func(t *testing.T, cs plugin.CoreServices) {
|
||||
got, err := cs.DataTables.FindRowByField(ctx, idTable, "google_place_id", "missing")
|
||||
if err != nil || got != nil {
|
||||
t.Errorf("want nil, nil on miss; row = %+v err = %v", got, err)
|
||||
}
|
||||
},
|
||||
},
|
||||
// --- users ---
|
||||
{
|
||||
name: "users_get_by_username", wantMethod: "users.get_by_username",
|
||||
@ -864,6 +951,35 @@ func TestCapabilityRoundTrip(t *testing.T) {
|
||||
}
|
||||
},
|
||||
},
|
||||
// --- http.request (ADR 0023; RoundTripper, not a value-returning stub) ---
|
||||
{
|
||||
name: "http_request", wantMethod: "http.request",
|
||||
resp: &abiv1.HttpRequestResponse{
|
||||
Status: 200,
|
||||
Headers: map[string]*abiv1.HeaderValues{"Content-Type": {Values: []string{"application/json"}}},
|
||||
Body: []byte(`{"ok":true}`),
|
||||
FinalUrl: "https://api.cal.com/v1/slots",
|
||||
},
|
||||
run: func(t *testing.T, cs plugin.CoreServices) {
|
||||
req, err := http.NewRequest(http.MethodGet, "https://api.cal.com/v1/slots", nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
req.Header.Set("Authorization", "Bearer test")
|
||||
res, err := cs.OutboundHTTP.RoundTrip(req)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer func() { _ = res.Body.Close() }()
|
||||
if res.StatusCode != 200 || res.Header.Get("Content-Type") != "application/json" {
|
||||
t.Errorf("response = %+v", res)
|
||||
}
|
||||
body, _ := io.ReadAll(res.Body)
|
||||
if string(body) != `{"ok":true}` {
|
||||
t.Errorf("body = %q", body)
|
||||
}
|
||||
},
|
||||
},
|
||||
// --- jobs.progress (WO-WZ-019; sent by the job dispatch path, not a
|
||||
// CoreServices stub, so the case drives the transport directly) ---
|
||||
{
|
||||
@ -932,6 +1048,22 @@ func TestErrorMappingDeadlineBecomesContextDeadline(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestEgressDeniedMapsToErrDenied(t *testing.T) {
|
||||
f := &fakeTransport{t: t, err: &fakeAbiErr{code: abiv1.AbiErrorCode_ABI_ERROR_CODE_EGRESS_DENIED, msg: `host "evil.example" not in allowlist`}}
|
||||
cs := NewCoreServices(f.call)
|
||||
f.name = "http_request" // reuse the request golden for the compare
|
||||
|
||||
req, _ := http.NewRequest(http.MethodGet, "https://api.cal.com/v1/slots", nil)
|
||||
req.Header.Set("Authorization", "Bearer test") // match the http_request_req golden
|
||||
_, err := cs.OutboundHTTP.RoundTrip(req)
|
||||
if err == nil {
|
||||
t.Fatal("want error")
|
||||
}
|
||||
if !errors.Is(err, egress.ErrDenied) {
|
||||
t.Errorf("error %q does not wrap egress.ErrDenied", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestNilTransportFailsCleanly(t *testing.T) {
|
||||
cs := NewCoreServices(nil)
|
||||
_, err := cs.Content.GetPage(context.Background(), "about")
|
||||
|
||||
@ -34,6 +34,7 @@ func NewCoreServices(call CallFunc) plugin.CoreServices {
|
||||
Crypto: &cryptoStub{base{family: "crypto", call: call}},
|
||||
Menus: &menusStub{base{family: "menus", call: call}},
|
||||
Datasources: &datasourcesStub{base{family: "datasources", call: call}},
|
||||
DataTables: &datatablesStub{base{family: "datatables", call: call}},
|
||||
PublicUsers: &usersStub{base{family: "users", call: call}},
|
||||
Subscriptions: &subscriptionsStub{base{family: "subscriptions", call: call}},
|
||||
Media: &mediaStub{base{family: "media", call: call}},
|
||||
@ -47,5 +48,6 @@ func NewCoreServices(call CallFunc) plugin.CoreServices {
|
||||
EmbeddingService: &embeddingsStub{base{family: "embeddings", call: call}},
|
||||
RAGService: NewRAGStub(call),
|
||||
Provisioner: &provisionerStub{base{family: "provisioner", call: call}},
|
||||
OutboundHTTP: &httpStub{base{family: "http", call: call}},
|
||||
}
|
||||
}
|
||||
|
||||
102
plugin/wasmguest/caps/datatables.go
Normal file
102
plugin/wasmguest/caps/datatables.go
Normal file
@ -0,0 +1,102 @@
|
||||
package caps
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
abiv1 "git.dev.alexdunmow.com/block/pluginsdk/abi/v1"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/datatables"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// datatablesStub implements datatables.DataTables over datatables.* capability
|
||||
// calls. Row payloads cross as JSON bytes.
|
||||
type datatablesStub struct{ base }
|
||||
|
||||
var _ datatables.DataTables = (*datatablesStub)(nil)
|
||||
|
||||
func (s *datatablesStub) GetTableByKey(ctx context.Context, tableKey string) (*datatables.Table, error) {
|
||||
resp := &abiv1.DatatablesGetTableByKeyResponse{}
|
||||
req := &abiv1.DatatablesGetTableByKeyRequest{TableKey: tableKey}
|
||||
if err := s.invoke(ctx, "get_table_by_key", req, resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return dataTableFromProto(resp.GetTable()), nil
|
||||
}
|
||||
|
||||
func (s *datatablesStub) GetRow(ctx context.Context, rowID uuid.UUID) (*datatables.Row, error) {
|
||||
resp := &abiv1.DatatablesGetRowResponse{}
|
||||
req := &abiv1.DatatablesGetRowRequest{RowId: rowID.String()}
|
||||
if err := s.invoke(ctx, "get_row", req, resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return dataTableRowFromProto(resp.GetRow()), nil
|
||||
}
|
||||
|
||||
func (s *datatablesStub) ListRows(ctx context.Context, tableID uuid.UUID, limit, offset int32) ([]datatables.Row, error) {
|
||||
resp := &abiv1.DatatablesListRowsResponse{}
|
||||
req := &abiv1.DatatablesListRowsRequest{TableId: tableID.String(), Limit: limit, Offset: offset}
|
||||
if err := s.invoke(ctx, "list_rows", req, resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
rows := make([]datatables.Row, 0, len(resp.GetRows()))
|
||||
for _, r := range resp.GetRows() {
|
||||
if row := dataTableRowFromProto(r); row != nil {
|
||||
rows = append(rows, *row)
|
||||
}
|
||||
}
|
||||
return rows, nil
|
||||
}
|
||||
|
||||
func (s *datatablesStub) CreateRow(ctx context.Context, tableID uuid.UUID, dataJSON []byte) (*datatables.Row, error) {
|
||||
resp := &abiv1.DatatablesCreateRowResponse{}
|
||||
req := &abiv1.DatatablesCreateRowRequest{TableId: tableID.String(), DataJson: dataJSON}
|
||||
if err := s.invoke(ctx, "create_row", req, resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return dataTableRowFromProto(resp.GetRow()), nil
|
||||
}
|
||||
|
||||
func (s *datatablesStub) UpdateRowData(ctx context.Context, rowID uuid.UUID, dataJSON []byte) (*datatables.Row, error) {
|
||||
resp := &abiv1.DatatablesUpdateRowDataResponse{}
|
||||
req := &abiv1.DatatablesUpdateRowDataRequest{RowId: rowID.String(), DataJson: dataJSON}
|
||||
if err := s.invoke(ctx, "update_row_data", req, resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return dataTableRowFromProto(resp.GetRow()), nil
|
||||
}
|
||||
|
||||
func (s *datatablesStub) FindRowByField(ctx context.Context, tableID uuid.UUID, field, value string) (*datatables.Row, error) {
|
||||
resp := &abiv1.DatatablesFindRowByFieldResponse{}
|
||||
req := &abiv1.DatatablesFindRowByFieldRequest{TableId: tableID.String(), Field: field, Value: value}
|
||||
if err := s.invoke(ctx, "find_row_by_field", req, resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return dataTableRowFromProto(resp.GetRow()), nil
|
||||
}
|
||||
|
||||
func dataTableFromProto(t *abiv1.DataTableInfo) *datatables.Table {
|
||||
if t == nil {
|
||||
return nil
|
||||
}
|
||||
id, _ := uuid.Parse(t.GetId())
|
||||
return &datatables.Table{
|
||||
ID: id,
|
||||
TableKey: t.GetTableKey(),
|
||||
Name: t.GetName(),
|
||||
RowCount: t.GetRowCount(),
|
||||
}
|
||||
}
|
||||
|
||||
func dataTableRowFromProto(r *abiv1.DataTableRowInfo) *datatables.Row {
|
||||
if r == nil {
|
||||
return nil
|
||||
}
|
||||
id, _ := uuid.Parse(r.GetId())
|
||||
tableID, _ := uuid.Parse(r.GetTableId())
|
||||
return &datatables.Row{
|
||||
ID: id,
|
||||
TableID: tableID,
|
||||
DataJSON: r.GetDataJson(),
|
||||
SortOrder: r.GetSortOrder(),
|
||||
}
|
||||
}
|
||||
87
plugin/wasmguest/caps/net.go
Normal file
87
plugin/wasmguest/caps/net.go
Normal file
@ -0,0 +1,87 @@
|
||||
package caps
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
abiv1 "git.dev.alexdunmow.com/block/pluginsdk/abi/v1"
|
||||
"git.dev.alexdunmow.com/block/pluginsdk/egress"
|
||||
)
|
||||
|
||||
// httpStub implements http.RoundTripper over the http.request capability: it
|
||||
// marshals the outbound *http.Request into an HttpRequestRequest, hands it to
|
||||
// the host (which enforces the plugin's egress grant, the SSRF guard, and the
|
||||
// platform denylist, then performs the request), and rebuilds the reply into
|
||||
// an *http.Response. The guest never touches a socket. Plugins use it through
|
||||
// an ordinary &http.Client{Transport: deps.OutboundHTTP}.
|
||||
type httpStub struct{ base }
|
||||
|
||||
var _ http.RoundTripper = (*httpStub)(nil)
|
||||
|
||||
// MaxRequestBytes bounds the request body the guest will marshal across the
|
||||
// boundary, matching the host's cap; larger fails before any host call.
|
||||
func (s *httpStub) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||
var body []byte
|
||||
if req.Body != nil {
|
||||
defer func() { _ = req.Body.Close() }()
|
||||
b, err := io.ReadAll(io.LimitReader(req.Body, egress.MaxRequestBytes+1))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("http.request: read body: %w", err)
|
||||
}
|
||||
if len(b) > egress.MaxRequestBytes {
|
||||
return nil, fmt.Errorf("http.request: request body exceeds %d bytes", egress.MaxRequestBytes)
|
||||
}
|
||||
body = b
|
||||
}
|
||||
|
||||
out := &abiv1.HttpRequestRequest{
|
||||
Method: req.Method,
|
||||
Url: req.URL.String(),
|
||||
Headers: make(map[string]*abiv1.HeaderValues, len(req.Header)),
|
||||
Body: body,
|
||||
}
|
||||
for name, values := range req.Header {
|
||||
out.Headers[name] = &abiv1.HeaderValues{Values: values}
|
||||
}
|
||||
if dl, ok := req.Context().Deadline(); ok {
|
||||
if ms := time.Until(dl).Milliseconds(); ms > 0 {
|
||||
out.TimeoutMs = uint32(ms)
|
||||
}
|
||||
}
|
||||
|
||||
resp := &abiv1.HttpRequestResponse{}
|
||||
if err := s.invoke(req.Context(), "request", out, resp); err != nil {
|
||||
if isEgressDenied(err) {
|
||||
return nil, fmt.Errorf("%w: %s", egress.ErrDenied, err.Error())
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
||||
header := make(http.Header, len(resp.GetHeaders()))
|
||||
for name, hv := range resp.GetHeaders() {
|
||||
for _, v := range hv.GetValues() {
|
||||
header.Add(name, v)
|
||||
}
|
||||
}
|
||||
return &http.Response{
|
||||
Status: http.StatusText(int(resp.GetStatus())),
|
||||
StatusCode: int(resp.GetStatus()),
|
||||
Proto: "HTTP/1.1",
|
||||
ProtoMajor: 1,
|
||||
ProtoMinor: 1,
|
||||
Header: header,
|
||||
Body: io.NopCloser(bytes.NewReader(resp.GetBody())),
|
||||
ContentLength: int64(len(resp.GetBody())),
|
||||
Request: req,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func isEgressDenied(err error) bool {
|
||||
var coded abiCoded
|
||||
return errors.As(err, &coded) &&
|
||||
coded.AbiErrorCode() == abiv1.AbiErrorCode_ABI_ERROR_CODE_EGRESS_DENIED
|
||||
}
|
||||
2
plugin/wasmguest/caps/testdata/golden/datatables_create_row_req.pb
vendored
Normal file
2
plugin/wasmguest/caps/testdata/golden/datatables_create_row_req.pb
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
|
||||
$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa{"name":"New"}
|
||||
3
plugin/wasmguest/caps/testdata/golden/datatables_create_row_resp.pb
vendored
Normal file
3
plugin/wasmguest/caps/testdata/golden/datatables_create_row_resp.pb
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
|
||||
\
|
||||
$bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa{"name":"New"}
|
||||
2
plugin/wasmguest/caps/testdata/golden/datatables_find_row_by_field_miss_req.pb
vendored
Normal file
2
plugin/wasmguest/caps/testdata/golden/datatables_find_row_by_field_miss_req.pb
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
|
||||
$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaagoogle_place_idmissing
|
||||
0
plugin/wasmguest/caps/testdata/golden/datatables_find_row_by_field_miss_resp.pb
vendored
Normal file
0
plugin/wasmguest/caps/testdata/golden/datatables_find_row_by_field_miss_resp.pb
vendored
Normal file
2
plugin/wasmguest/caps/testdata/golden/datatables_find_row_by_field_req.pb
vendored
Normal file
2
plugin/wasmguest/caps/testdata/golden/datatables_find_row_by_field_req.pb
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
|
||||
$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaagoogle_place_idabc
|
||||
3
plugin/wasmguest/caps/testdata/golden/datatables_find_row_by_field_resp.pb
vendored
Normal file
3
plugin/wasmguest/caps/testdata/golden/datatables_find_row_by_field_resp.pb
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
|
||||
g
|
||||
$bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa{"google_place_id":"abc"}
|
||||
2
plugin/wasmguest/caps/testdata/golden/datatables_get_row_req.pb
vendored
Normal file
2
plugin/wasmguest/caps/testdata/golden/datatables_get_row_req.pb
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
|
||||
$bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
|
||||
3
plugin/wasmguest/caps/testdata/golden/datatables_get_row_resp.pb
vendored
Normal file
3
plugin/wasmguest/caps/testdata/golden/datatables_get_row_resp.pb
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
|
||||
h
|
||||
$bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa{"name":"Whiteman Park"}
|
||||
2
plugin/wasmguest/caps/testdata/golden/datatables_get_table_by_key_req.pb
vendored
Normal file
2
plugin/wasmguest/caps/testdata/golden/datatables_get_table_by_key_req.pb
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
|
||||
playgrounds
|
||||
3
plugin/wasmguest/caps/testdata/golden/datatables_get_table_by_key_resp.pb
vendored
Normal file
3
plugin/wasmguest/caps/testdata/golden/datatables_get_table_by_key_resp.pb
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
|
||||
C
|
||||
$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaaplaygroundsPlaygrounds ¦
|
||||
2
plugin/wasmguest/caps/testdata/golden/datatables_list_rows_req.pb
vendored
Normal file
2
plugin/wasmguest/caps/testdata/golden/datatables_list_rows_req.pb
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
|
||||
$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaad
|
||||
5
plugin/wasmguest/caps/testdata/golden/datatables_list_rows_resp.pb
vendored
Normal file
5
plugin/wasmguest/caps/testdata/golden/datatables_list_rows_resp.pb
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
|
||||
Z
|
||||
$bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa{"name":"A"}
|
||||
\
|
||||
$44444444-4444-4444-4444-444444444444$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa{"name":"B"}
|
||||
2
plugin/wasmguest/caps/testdata/golden/datatables_update_row_data_req.pb
vendored
Normal file
2
plugin/wasmguest/caps/testdata/golden/datatables_update_row_data_req.pb
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
|
||||
$bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb{"name":"Updated"}
|
||||
3
plugin/wasmguest/caps/testdata/golden/datatables_update_row_data_resp.pb
vendored
Normal file
3
plugin/wasmguest/caps/testdata/golden/datatables_update_row_data_resp.pb
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
|
||||
b
|
||||
$bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb$aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa{"name":"Updated"}
|
||||
4
plugin/wasmguest/caps/testdata/golden/http_request_req.pb
vendored
Normal file
4
plugin/wasmguest/caps/testdata/golden/http_request_req.pb
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
|
||||
GEThttps://api.cal.com/v1/slots
|
||||
Authorization
|
||||
Bearer test
|
||||
3
plugin/wasmguest/caps/testdata/golden/http_request_resp.pb
vendored
Normal file
3
plugin/wasmguest/caps/testdata/golden/http_request_resp.pb
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
È"
|
||||
Content-Type
|
||||
application/json{"ok":true}"https://api.cal.com/v1/slots
|
||||
@ -292,11 +292,87 @@ func renderBlock(ctx context.Context, block map[string]any) string {
|
||||
if alt == "" {
|
||||
alt = caption
|
||||
}
|
||||
sb.WriteString(`<figure class="my-6">`)
|
||||
fmt.Fprintf(&sb, `<img src="%s" alt="%s" />`, html.EscapeString(url), html.EscapeString(alt))
|
||||
link := ""
|
||||
if l, ok := props["link"].(string); ok {
|
||||
link = l
|
||||
}
|
||||
width := ""
|
||||
if w, ok := props["width"].(string); ok {
|
||||
width = w
|
||||
}
|
||||
align := ""
|
||||
if a, ok := props["align"].(string); ok {
|
||||
align = a
|
||||
}
|
||||
attMode := ""
|
||||
if m, ok := props["attributionMode"].(string); ok {
|
||||
attMode = m
|
||||
}
|
||||
|
||||
var att *blocks.MediaAttribution
|
||||
if attMode == "chip" || attMode == "chipHover" || attMode == "below" {
|
||||
if idStr, ok := props["mediaId"].(string); ok && idStr != "" {
|
||||
if id, err := uuid.Parse(idStr); err == nil {
|
||||
if resolver := blocks.GetMediaResolver(ctx); resolver != nil {
|
||||
if mv := resolver.ResolveMedia(ctx, id); mv != nil {
|
||||
att = mv.Attribution
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
chip := ""
|
||||
switch attMode {
|
||||
case "chip":
|
||||
chip = buildAttributionHTML(att, imageChipClass)
|
||||
case "chipHover":
|
||||
chip = buildAttributionHTML(att, imageChipClass+" opacity-0 group-hover:opacity-100 focus-within:opacity-100 transition-opacity")
|
||||
}
|
||||
|
||||
figureClass := "my-6"
|
||||
switch width {
|
||||
case "small":
|
||||
figureClass += " max-w-[400px]"
|
||||
case "medium":
|
||||
figureClass += " max-w-[600px]"
|
||||
case "wide":
|
||||
figureClass += " max-w-[800px]"
|
||||
}
|
||||
if width == "small" || width == "medium" || width == "wide" {
|
||||
switch align {
|
||||
case "left":
|
||||
figureClass += " float-left mr-6 mb-4"
|
||||
case "right":
|
||||
figureClass += " float-right ml-6 mb-4"
|
||||
default:
|
||||
figureClass += " mx-auto"
|
||||
}
|
||||
}
|
||||
|
||||
img := fmt.Sprintf(`<img src="%s" alt="%s" />`, html.EscapeString(url), html.EscapeString(alt))
|
||||
if link != "" {
|
||||
img = fmt.Sprintf(`<a href="%s">%s</a>`, html.EscapeString(link), img)
|
||||
}
|
||||
// The positioning wrapper only exists when a chip is rendered, so
|
||||
// legacy and chip-less blocks keep today's exact markup.
|
||||
if chip != "" {
|
||||
wrapClass := "relative overflow-hidden"
|
||||
if attMode == "chipHover" {
|
||||
wrapClass = "group " + wrapClass
|
||||
}
|
||||
img = fmt.Sprintf(`<div class="%s">%s%s</div>`, wrapClass, img, chip)
|
||||
}
|
||||
|
||||
fmt.Fprintf(&sb, `<figure class="%s">`, figureClass)
|
||||
sb.WriteString(img)
|
||||
if caption != "" {
|
||||
fmt.Fprintf(&sb, "<figcaption>%s</figcaption>", html.EscapeString(caption))
|
||||
}
|
||||
if attMode == "below" {
|
||||
if credit := buildAttributionHTML(att, ""); credit != "" {
|
||||
fmt.Fprintf(&sb, `<div class="mt-1 text-xs text-muted-foreground text-center">%s</div>`, credit)
|
||||
}
|
||||
}
|
||||
sb.WriteString("</figure>\n")
|
||||
|
||||
case "video":
|
||||
@ -580,6 +656,43 @@ func renderInlineContent(content []map[string]any, insideLink bool) string {
|
||||
return sb.String()
|
||||
}
|
||||
|
||||
// imageChipClass matches the page-builder image block's attribution chip
|
||||
// (backend/blocks/tags via image.ninjatpl in the cms repo) so themes style
|
||||
// blog and page credits identically.
|
||||
const imageChipClass = "absolute bottom-2 right-2 z-10 px-2 py-1 rounded-md bg-background/80 backdrop-blur-sm text-xs text-muted-foreground"
|
||||
|
||||
// buildAttributionHTML renders the escaped "Photo by NAME on SOURCE" credit,
|
||||
// or "" when there is no photographer to credit. The "on SOURCE" suffix is
|
||||
// omitted when no source is set.
|
||||
func buildAttributionHTML(att *blocks.MediaAttribution, class string) string {
|
||||
if att == nil || att.Photographer == "" {
|
||||
return ""
|
||||
}
|
||||
var b strings.Builder
|
||||
b.WriteString(`<span`)
|
||||
if class != "" {
|
||||
fmt.Fprintf(&b, ` class="%s"`, html.EscapeString(class))
|
||||
}
|
||||
b.WriteString(`>Photo by `)
|
||||
writeAttributionLink(&b, att.PhotographerURL, att.Photographer)
|
||||
if att.Source != "" {
|
||||
sourceLabel := strings.ToUpper(att.Source[:1]) + att.Source[1:]
|
||||
b.WriteString(` on `)
|
||||
writeAttributionLink(&b, att.SourceURL, sourceLabel)
|
||||
}
|
||||
b.WriteString(`</span>`)
|
||||
return b.String()
|
||||
}
|
||||
|
||||
func writeAttributionLink(b *strings.Builder, href, label string) {
|
||||
if href != "" && (strings.HasPrefix(href, "https://") || strings.HasPrefix(href, "http://")) {
|
||||
fmt.Fprintf(b, `<a href="%s" target="_blank" rel="noopener noreferrer" class="underline">%s</a>`,
|
||||
html.EscapeString(href), html.EscapeString(label))
|
||||
return
|
||||
}
|
||||
b.WriteString(html.EscapeString(label))
|
||||
}
|
||||
|
||||
// autolinkText escapes plain text for HTML output and wraps any https:// URL
|
||||
// substring in <a href="..." rel="noopener">URL</a>. Bare domains, www. and
|
||||
// http:// URLs are intentionally not auto-linked.
|
||||
|
||||
@ -672,3 +672,111 @@ func TestUnknownBlockType(t *testing.T) {
|
||||
t.Errorf("expected fallback rendering of unknown block: %s", html)
|
||||
}
|
||||
}
|
||||
|
||||
type testMediaResolver struct {
|
||||
att *blocks.MediaAttribution
|
||||
}
|
||||
|
||||
func (r testMediaResolver) ResolveMedia(_ context.Context, mediaID uuid.UUID) *blocks.MediaValue {
|
||||
return &blocks.MediaValue{Src: "/media/" + mediaID.String(), Attribution: r.att}
|
||||
}
|
||||
|
||||
func imageBlock(props map[string]any) map[string]any {
|
||||
return map[string]any{"blocks": []any{map[string]any{"type": "image", "props": props}}}
|
||||
}
|
||||
|
||||
// Legacy blocks (url/caption only) must render byte-identical to the old output.
|
||||
func TestImageBlockLegacyUnchanged(t *testing.T) {
|
||||
html := BlockNoteToHTML(context.Background(), imageBlock(map[string]any{
|
||||
"url": "https://example.com/pic.jpg", "caption": "A pic",
|
||||
}))
|
||||
want := "<figure class=\"my-6\"><img src=\"https://example.com/pic.jpg\" alt=\"A pic\" /><figcaption>A pic</figcaption></figure>\n"
|
||||
if html != want {
|
||||
t.Fatalf("legacy image output changed:\n got: %s\nwant: %s", html, want)
|
||||
}
|
||||
}
|
||||
|
||||
func TestImageBlockAltAndLink(t *testing.T) {
|
||||
html := BlockNoteToHTML(context.Background(), imageBlock(map[string]any{
|
||||
"url": "/media/x.webp", "alt": "Sunset", "link": "https://example.com/story",
|
||||
}))
|
||||
if !strings.Contains(html, `alt="Sunset"`) {
|
||||
t.Fatalf("alt not rendered: %s", html)
|
||||
}
|
||||
if !strings.Contains(html, `<a href="https://example.com/story"><img `) {
|
||||
t.Fatalf("link wrap not rendered: %s", html)
|
||||
}
|
||||
}
|
||||
|
||||
func TestImageBlockWidthAndAlign(t *testing.T) {
|
||||
html := BlockNoteToHTML(context.Background(), imageBlock(map[string]any{
|
||||
"url": "/media/x.webp", "width": "medium", "align": "right",
|
||||
}))
|
||||
if !strings.Contains(html, `max-w-[600px]`) || !strings.Contains(html, `float-right ml-6 mb-4`) {
|
||||
t.Fatalf("width/align classes missing: %s", html)
|
||||
}
|
||||
|
||||
centered := BlockNoteToHTML(context.Background(), imageBlock(map[string]any{
|
||||
"url": "/media/x.webp", "width": "small", "align": "center",
|
||||
}))
|
||||
if !strings.Contains(centered, `max-w-[400px]`) || !strings.Contains(centered, `mx-auto`) {
|
||||
t.Fatalf("centered width classes missing: %s", centered)
|
||||
}
|
||||
}
|
||||
|
||||
func TestImageBlockAttributionModes(t *testing.T) {
|
||||
mediaID := uuid.MustParse("33333333-3333-3333-3333-333333333333")
|
||||
att := &blocks.MediaAttribution{
|
||||
Photographer: "Jane Doe",
|
||||
PhotographerURL: "https://www.pexels.com/@janedoe",
|
||||
Source: "pexels",
|
||||
SourceURL: "https://www.pexels.com/photo/123",
|
||||
}
|
||||
ctx := blocks.WithMediaResolver(context.Background(), testMediaResolver{att: att})
|
||||
props := func(mode string) map[string]any {
|
||||
return map[string]any{"url": "/media/x.webp", "mediaId": mediaID.String(), "attributionMode": mode}
|
||||
}
|
||||
|
||||
chip := BlockNoteToHTML(ctx, imageBlock(props("chip")))
|
||||
if !strings.Contains(chip, "Photo by ") || !strings.Contains(chip, "Jane Doe") ||
|
||||
!strings.Contains(chip, "on ") || !strings.Contains(chip, "Pexels") ||
|
||||
!strings.Contains(chip, `absolute bottom-2 right-2`) {
|
||||
t.Fatalf("chip mode wrong: %s", chip)
|
||||
}
|
||||
|
||||
hover := BlockNoteToHTML(ctx, imageBlock(props("chipHover")))
|
||||
if !strings.Contains(hover, `group-hover:opacity-100`) || !strings.Contains(hover, `class="group relative overflow-hidden"`) {
|
||||
t.Fatalf("chipHover mode wrong: %s", hover)
|
||||
}
|
||||
|
||||
below := BlockNoteToHTML(ctx, imageBlock(props("below")))
|
||||
if !strings.Contains(below, `mt-1 text-xs text-muted-foreground text-center`) || !strings.Contains(below, "Jane Doe") {
|
||||
t.Fatalf("below mode wrong: %s", below)
|
||||
}
|
||||
|
||||
off := BlockNoteToHTML(ctx, imageBlock(map[string]any{"url": "/media/x.webp", "mediaId": mediaID.String()}))
|
||||
if strings.Contains(off, "Photo by") {
|
||||
t.Fatalf("default mode must render no credit: %s", off)
|
||||
}
|
||||
}
|
||||
|
||||
func TestImageBlockAttributionDegradesGracefully(t *testing.T) {
|
||||
mediaID := uuid.MustParse("44444444-4444-4444-4444-444444444444")
|
||||
props := imageBlock(map[string]any{"url": "/media/x.webp", "mediaId": mediaID.String(), "attributionMode": "chip"})
|
||||
|
||||
// No resolver in ctx.
|
||||
if html := BlockNoteToHTML(context.Background(), props); strings.Contains(html, "Photo by") {
|
||||
t.Fatalf("no-resolver ctx must render no credit: %s", html)
|
||||
}
|
||||
// Resolver returns media without attribution.
|
||||
ctx := blocks.WithMediaResolver(context.Background(), testMediaResolver{att: nil})
|
||||
if html := BlockNoteToHTML(ctx, props); strings.Contains(html, "Photo by") {
|
||||
t.Fatalf("nil attribution must render no credit: %s", html)
|
||||
}
|
||||
// Photographer-only credit omits the "on SOURCE" suffix.
|
||||
ctx = blocks.WithMediaResolver(context.Background(), testMediaResolver{att: &blocks.MediaAttribution{Photographer: "Jane"}})
|
||||
html := BlockNoteToHTML(ctx, props)
|
||||
if !strings.Contains(html, "Photo by ") || strings.Contains(html, " on ") {
|
||||
t.Fatalf("photographer-only credit wrong: %s", html)
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user