~sircmpwn/core-go

graphql: add support for multipart file uploads

Inspire from the python implementation in core.sr.ht.

Link: https://git.sr.ht/~sircmpwn/core.sr.ht/tree/7bcbc8ba8f4e/item/srht/graphql/client.py
Signed-off-by: Robin Jarry <robin@jarry.cc>
webhooks: do not crash when expire is NULL

This is currently not possible to create a webhook without an expiry
date. But the SQL database schema does not forbid it. If in the future
we would like to allow webhooks to be created without an expiry date, we
shouldn't crash when fetching them.

Check for the validity of the Expiry field before checking its value. If
it is nil, assume that the webhooks has no expiry date.

Signed-off-by: Robin Jarry <robin@jarry.cc>
auth: reduce scope of user_type
auth: grant scoped access to anon internal auth

Internal auth is granted access to everything, whereas anonymous
internal auth is pretty restricted. This is mostly to avoid accidentally
hitting resolvers that require a logged-in user, however. Given that all
anon internal use cases are hard-coded and tested, this seems like a
pretty low risk. Allowing this will have the huge benefit of making much
more information available to anon internal queries, which will unlock
removing a bunch of awkward work-arounds we put in place.

Note, however, that this is also a work-around. It saves us from adding
yet more work-arounds to the GQL schema, and in the meantime a redesign
of the schema (especially the directives) is being worked on.
config: decouple file loading from crypto init

Now that the algorithm for loading the config is non-trivial, the code
for it should be re-used everywhere. However, it is currently coupled
with a call to `InitCrypto()`, which requires certain things like
webhook keys to be configured. This is not suitable for many components
that still need the configuration.

This commit introduces `config.LoadFiles()` to do only the file loading.
`LoadConfig()` uses it, and so can any components that do not care about
crypto initialization.
email: set Content-Type to format=flowed

This allows us to start sending emails in flowed format. It does not
actually change anything, until the templates in the services get
updated.

As format=flowed is designed to be backwards-compatible, it also doesn't
break anything. All emails will still look like before, with static line
breaks. However, changing the templates to flowed will now produce
emails that render as flowed successfully. Tested on plain (signed) and
encrypted mails.

See https://www.ietf.org/rfc/rfc2646.txt
auth/middleware: fix user_type on new users
Upgrade Go, `go mod tidy`, build on Alpine 3.20
redis: use UniveralClient, support sentinel mode

This commit switches the redis client to using a UniversalClient [1],
which can operate in standard, cluster, or failover (sentinel) mode.

It also implements basic support for having (multiple)
`redis+sentinel://` URLs as connection URL in the config (e.g. for
`redis-host`).

This is the Go equivalent of the proposed Python patch [2]. It supports
the same examples given there.

[1] https://pkg.go.dev/github.com/go-redis/redis/v8#UniversalClient
[2] https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/55521
.builds/alpine.yml: upgrade to Alpine 3.20
server: add AnonRouter function

To expose anonymous (unauthenticated) routing to downstream core-go
users.
auth/middleware: convert user types to uppercase
server: fix playground on config.Debug

A recent change made it so that the playground required authentication
to access in debug mode; this moves it under the other auth-free
endpoints.
auth: add Grants.IsSubset

This is a little bit hacky. Previously DecodeGrants would only store the
list of grants associated with the current service. This minimizes API
breakage by storing all grants as $service/$grant in the map key and
stores the local service name in the grant object, and updates
Grants.Has() to accept "$grant" and infer that it refers to a local
service or accept the fully qualified "$service/$grant" to test against
grants for any service -- which IsSubset makes use of to test that one
Grant object is a subset of another with respect to all services it has
grants for.
server: use routing groups

Instead of hardcoding some exceptions in the auth middleware, use a
different routing group for routes that do not require auth. Makes the
auth middleware more generic and also removes a lot of unneccessary
middleware processing from routes that don't need it.

For now, the added group is not accessible from outside the module, but
if the need arises, this might be an option.
config: print loaded config(s) to log
email: update StartTLS usage per go-smtp changes
config: allow spreading config over multiple files

This is the Go-equivalent to
https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/47657

This commit enables spreading the config in /etc/sr.ht - and, crucially,
_only_ in /etc/sr.ht - over multiple .ini files.

If a file config.ini is found (either in current or parent directory, or
/etc/sr.ht) it (and only it) is loaded and any other ini files are
ignored. To utilize multiple configs, they must be in /etc/sr.ht, and
none of them must be called config.ini.

Spreading the config over multiple files will make it much easier to
create containerized versions, where e.g. different secrets can be made
available in different files, but rendering it all into one big file
would require some preprocessing.
auth: add auth.IPAddress

With support for X-Forwarded-For
auth/middleware: set WWW-Authenticate header field

See RFC 6750 section 3.
Next