History Comment Sync

share-api/src/Share/Postgres/Orphans.hs

@@ -33,10 +33,11 @@ import U.Codebase.TermEdit qualified as TermEdit
 import U.Util.Base32Hex qualified as Base32Hex
 import Unison.Hash (Hash)
 import Unison.Hash qualified as Hash
-import Unison.Hash32 (Hash32)
+import Unison.Hash32 (Hash32 (..))
 import Unison.Hash32 qualified as Hash32
 import Unison.Name (Name)
 import Unison.NameSegment.Internal (NameSegment (..))
+import Unison.Server.HistoryComments.Types
 import Unison.SyncV2.Types (CBORBytes (..))
 import Unison.Syntax.Name qualified as Name
 import UnliftIO (MonadUnliftIO (..))
@@ -103,6 +104,14 @@ deriving via Hash instance FromHttpApiData ComponentHash
 
 deriving via Hash instance ToHttpApiData ComponentHash
 
+deriving via Hash32 instance Hasql.DecodeValue HistoryCommentHash32
+
+deriving via Hash32 instance Hasql.EncodeValue HistoryCommentHash32
+
+deriving via Hash32 instance Hasql.DecodeValue HistoryCommentRevisionHash32
+
+deriving via Hash32 instance Hasql.EncodeValue HistoryCommentRevisionHash32
+
 deriving via Text instance Hasql.DecodeValue NameSegment
 
 deriving via Text instance Hasql.EncodeValue NameSegment

share-api/src/Share/Utils/Logging.hs

@@ -57,7 +57,7 @@ import Share.Utils.Logging.Types as X
 import Share.Utils.Tags (MonadTags)
 import System.Log.FastLogger qualified as FL
 import Unison.Server.Backend qualified as Backend
-import Unison.Server.HistoryComments.Types (UploadCommentsResponse (..))
+import Unison.Server.HistoryComments.Types (DownloadCommentsResponse (..), UploadCommentsResponse (..))
 import Unison.Server.Types (BranchRef (..))
 import Unison.Sync.Types qualified as Sync
 import Unison.Util.Monoid (intercalateMap)
@@ -285,3 +285,15 @@ instance Loggable UploadCommentsResponse where
 
 instance Loggable WS.ConnectionException where
   toLog = withSeverity Error . showLog
+
+instance Loggable DownloadCommentsResponse where
+  toLog = \case
+    DownloadCommentsProjectBranchNotFound (BranchRef branchRef) ->
+      textLog ("Project branch not found: " <> branchRef)
+        & withSeverity UserFault
+    DownloadCommentsNotAuthorized (BranchRef branchRef) ->
+      textLog ("Not authorized to download comments from branch: " <> branchRef)
+        & withSeverity UserFault
+    DownloadCommentsGenericFailure errMsg ->
+      textLog ("Download comments generic failure: " <> errMsg)
+        & withSeverity Error

share-api/src/Share/Web/Authorization.hs

@@ -43,7 +43,7 @@ module Share.Web.Authorization
     checkUploadToUserCodebase,
     checkUploadToProjectBranchCodebase,
     checkUserUpdate,
-    checkDownloadFromUserCodebase,
+    hashJWTAuthOverride,
     checkDownloadFromProjectBranchCodebase,
     checkCreateOrg,
     checkReadOrgRolesList,
@@ -389,17 +389,20 @@ checkUploadToUserCodebase reqUserId codebaseOwnerUserId = maybePermissionFailure
   assertUsersEqual reqUserId codebaseOwnerUserId
   pure $ AuthZ.UnsafeAuthZReceipt Nothing
 
--- | The download endpoint currently does all of its own auth using HashJWTs,
+-- | The download endpoints currently do all of its own auth using HashJWTs,
 -- So we don't add any other authz checks here, the HashJWT check is sufficient.
-checkDownloadFromUserCodebase :: WebApp (Either AuthZFailure AuthZ.AuthZReceipt)
-checkDownloadFromUserCodebase =
+hashJWTAuthOverride :: WebApp (Either AuthZFailure AuthZ.AuthZReceipt)
+hashJWTAuthOverride =
   pure . Right $ AuthZ.UnsafeAuthZReceipt Nothing
 
 -- | The download endpoint currently does all of its own auth using HashJWTs,
 -- So we don't add any other authz checks here, the HashJWT check is sufficient.
-checkDownloadFromProjectBranchCodebase :: WebApp (Either AuthZFailure AuthZ.AuthZReceipt)
-checkDownloadFromProjectBranchCodebase =
-  pure . Right $ AuthZ.UnsafeAuthZReceipt Nothing
+checkDownloadFromProjectBranchCodebase :: Maybe UserId -> ProjectId -> WebApp (Either AuthZFailure AuthZ.AuthZReceipt)
+checkDownloadFromProjectBranchCodebase reqUserId projectId =
+  mapLeft (const authzError) <$> do
+    checkProjectGet reqUserId projectId
+  where
+    authzError = AuthZFailure $ (ProjectPermission (ProjectBranchBrowse projectId))
 
 checkProjectCreate :: UserId -> UserId -> WebApp (Either AuthZFailure AuthZ.AuthZReceipt)
 checkProjectCreate reqUserId targetUserId = maybePermissionFailure (ProjectPermission (ProjectCreate targetUserId)) $ do

share-api/src/Share/Web/Errors.hs

@@ -68,7 +68,7 @@ import Share.Utils.URI (URIParam (..), addQueryParam)
 import Share.Web.App
 import Unison.Server.Backend qualified as Backend
 import Unison.Server.Errors qualified as Backend
-import Unison.Server.HistoryComments.Types (UploadCommentsResponse (..))
+import Unison.Server.HistoryComments.Types (DownloadCommentsResponse (..), UploadCommentsResponse (..))
 import Unison.Server.Types (BranchRef (..))
 import Unison.Sync.Types qualified as Sync
 import UnliftIO qualified
@@ -446,3 +446,12 @@ instance ToServerError WS.ConnectionException where
       (ErrorID "websocket:unicode-exception", err400 {errBody = BL.fromStrict $ Text.encodeUtf8 $ "Unicode decoding exception: " <> Text.pack msg})
     WS.ConnectionClosed ->
       (ErrorID "websocket:connection-closed", err400 {errBody = "WebSocket connection closed"})
+
+instance ToServerError DownloadCommentsResponse where
+  toServerError = \case
+    DownloadCommentsProjectBranchNotFound (BranchRef branchRef) ->
+      (ErrorID "download-comments:project-branch-not-found", err404 {errBody = BL.fromStrict $ Text.encodeUtf8 $ "Project branch not found: " <> branchRef})
+    DownloadCommentsNotAuthorized (BranchRef branchRef) ->
+      (ErrorID "download-comments:not-authorized", err403 {errBody = BL.fromStrict $ Text.encodeUtf8 $ "Not authorized to download comments from branch: " <> branchRef})
+    DownloadCommentsGenericFailure errMsg ->
+      (ErrorID "download-comments:generic-failure", err500 {errBody = BL.fromStrict $ Text.encodeUtf8 $ "Download comments failure: " <> errMsg})