hongming
8019231a16
ci-arm64-advisory / fast-checks (push) Waiting to run
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (push) Successful in 8s
Block internal-flavored paths / Block forbidden paths (push) Successful in 8s
CI / Detect changes (push) Successful in 9s
CI / Python Lint & Test (push) Successful in 5s
E2E API Smoke Test / detect-changes (push) Successful in 9s
E2E Chat / detect-changes (push) Successful in 8s
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (push) Successful in 49s
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 12s
publish-workspace-server-image / build-and-push (push) Successful in 3m12s
E2E Staging SaaS (full lifecycle) / pr-validate (push) Successful in 39s
Handlers Postgres Integration / detect-changes (push) Successful in 4s
Harness Replays / detect-changes (push) Successful in 5s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 6s
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (push) Successful in 4s
Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (push) Successful in 3s
lint-required-workflows-docker-host-pinned / Lint docker-host pin on docker-touching workflows (push) Successful in 3s
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 1m6s
Secret scan / Scan diff for credential-shaped strings (push) Successful in 14s
CI / Canvas (Next.js) (push) Successful in 3s
CI / Shellcheck (E2E scripts) (push) Successful in 2s
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m25s
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (push) Successful in 5m19s
E2E Staging External Runtime / E2E Staging External Runtime (push) Successful in 5m30s
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 2m23s
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (push) Successful in 6m5s
E2E Chat / E2E Chat (push) Successful in 4m6s
CI / Platform (Go) (push) Successful in 5m0s
CI / all-required (push) Successful in 9m45s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 2s
publish-workspace-server-image / Production auto-deploy (push) Successful in 8m32s
Harness Replays / Harness Replays (push) Successful in 12s
CI / Canvas Deploy Reminder (push) Successful in 2s
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 1m37s
Sweep stale Cloudflare Tunnels / Sweep CF tunnels (push) Successful in 8s
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 12s
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 5m9s
main-red-watchdog / watchdog (push) Successful in 32s
gate-check-v3 / gate-check (push) Successful in 25s
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 6m10s
CTO-bypass merge 2026-05-24: #1760 Go module rename to git.moleculesai.app path
75 lines
2.0 KiB
Go
75 lines
2.0 KiB
Go
package handlers
|
|
|
|
import (
|
|
"database/sql"
|
|
"encoding/json"
|
|
"io"
|
|
"log"
|
|
"net/http"
|
|
|
|
"git.moleculesai.app/molecule-ai/molecule-core/workspace-server/internal/db"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
type ConfigHandler struct{}
|
|
|
|
func NewConfigHandler() *ConfigHandler { return &ConfigHandler{} }
|
|
|
|
// Get handles GET /workspaces/:id/config
|
|
func (h *ConfigHandler) Get(c *gin.Context) {
|
|
workspaceID := c.Param("id")
|
|
|
|
var data []byte
|
|
err := db.DB.QueryRowContext(c.Request.Context(),
|
|
`SELECT data FROM workspace_config WHERE workspace_id = $1`,
|
|
workspaceID,
|
|
).Scan(&data)
|
|
|
|
if err == sql.ErrNoRows {
|
|
c.JSON(http.StatusOK, gin.H{"data": json.RawMessage("{}")})
|
|
return
|
|
}
|
|
if err != nil {
|
|
log.Printf("Config get error: %v", err)
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "query failed"})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{"data": json.RawMessage(data)})
|
|
}
|
|
|
|
// Patch handles PATCH /workspaces/:id/config
|
|
func (h *ConfigHandler) Patch(c *gin.Context) {
|
|
workspaceID := c.Param("id")
|
|
|
|
// 256 KiB cap: Postgres jsonb comfortably handles this and real
|
|
// configs are <10 KiB. The cap blocks naive memory-exhaustion DoS
|
|
// — a caller streaming a gigabyte of JSON would OOM the instance.
|
|
const maxConfigBody = 256 << 10
|
|
c.Request.Body = http.MaxBytesReader(c.Writer, c.Request.Body, maxConfigBody)
|
|
body, err := io.ReadAll(c.Request.Body)
|
|
if err != nil {
|
|
c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "body too large or unreadable"})
|
|
return
|
|
}
|
|
|
|
if !json.Valid(body) {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid JSON"})
|
|
return
|
|
}
|
|
|
|
_, err = db.DB.ExecContext(c.Request.Context(), `
|
|
INSERT INTO workspace_config(workspace_id, data, updated_at)
|
|
VALUES($1, $2::jsonb, NOW())
|
|
ON CONFLICT(workspace_id) DO UPDATE
|
|
SET data = workspace_config.data || $2::jsonb, updated_at = NOW()
|
|
`, workspaceID, string(body))
|
|
if err != nil {
|
|
log.Printf("Config patch error: %v", err)
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to update config"})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{"status": "updated"})
|
|
}
|