feat: add multitenancy

The goal of this change is to support the ability to let any user create
repos, similar to popular code forges.  Repos are created adhoc when a
user uploads a patchset.

As part of this change, we are deprecating the previous way to configure
repos.  Repos can be thought of as containers for patch requests and not
much more.  They don't need to strictly map to a git repo.

Multitenancy is opt-in via the `git-pr.toml` field:

```
create_repo = "user"
```

Author: neurosnap

Makefile

@@ -16,6 +16,10 @@ test:
 	go test ./...
 .PHONY: test
 
+snapshot:
+	UPDATE_SNAPS=true go test ./...
+.PHONY: snapshot
+
 build:
 	go build -o ./build/ssh ./cmd/ssh
 	go build -o ./build/web ./cmd/web

__snapshots__/e2e_test.snap

@@ -0,0 +1,49 @@
+
+[TestE2E - 1]
+ID RepoID Name                    Status Patchsets User  Date
+1  test   feat: lets build an rnn [open] 1         admin 
+
+---
+
+[TestE2E - 2]
+PR submitted! Use the ID for interacting with this PR.
+Info
+====
+URL: https://localhost/prs/8
+Repo: contributor/bin
+
+ID Name                    Status Date
+8  feat: lets build an rnn [open] 
+
+Patchsets
+====
+ID    Type User        Date
+ps-12      contributor 
+
+Patches from latest patchset
+====
+Idx Title                   Commit  Author                   Date
+0   feat: lets build an rnn 5945657 Eric Bower <me@erock.io> 
+
+---
+
+[TestE2E - 3]
+ID RepoID           Name                       Status     Patchsets User        Date
+8  contributor/bin  feat: lets build an rnn    [open]     1         contributor 
+7  admin/ai         feat: lets build an rnn    [accepted] 2         contributor 
+6  contributor/test Closed patch with review   [closed]   2         contributor 
+5  contributor/test Accepted patch with review [accepted] 2         contributor 
+4  contributor/test Reviewed patch             [reviewed] 2         contributor 
+3  contributor/test Closed patch (contributor) [closed]   1         contributor 
+2  contributor/test Closed patch (admin)       [closed]   1         contributor 
+1  contributor/test Accepted patch             [accepted] 1         contributor 
+
+---
+
+[TestE2E - 4]
+RepoID   PrID PatchsetID Event             Created Data
+admin/ai 7    ps-10      pr_created                
+admin/ai 7    ps-11      pr_patchset_added         
+admin/ai 7               pr_status_changed         {"status":"accepted"}
+
+---

backend.go

@@ -4,9 +4,8 @@ import (
 	"encoding/base64"
 	"fmt"
 	"log/slog"
-	"path/filepath"
+	"strings"
 
-	"github.com/charmbracelet/soft-serve/pkg/utils"
 	"github.com/charmbracelet/ssh"
 	"github.com/jmoiron/sqlx"
 	gossh "golang.org/x/crypto/ssh"
@@ -18,16 +17,56 @@ type Backend struct {
 	Cfg    *GitCfg
 }
 
-func (be *Backend) ReposDir() string {
-	return filepath.Join(be.Cfg.DataDir, "repos")
+var ErrRepoNoNamespace = fmt.Errorf("repo must be namespaced by username")
+
+// Repo Namespace.
+func (be *Backend) CreateRepoNs(userName, repoName string) string {
+	if be.Cfg.CreateRepo == "admin" {
+		return repoName
+	}
+	return fmt.Sprintf("%s/%s", userName, repoName)
 }
 
-func (be *Backend) RepoName(id string) string {
-	return utils.SanitizeRepo(id)
+func (be *Backend) ValidateRepoNs(repoNs string) error {
+	_, repoID := be.SplitRepoNs(repoNs)
+	if strings.Contains(repoID, "/") {
+		return fmt.Errorf("repo can only contain a single forward-slash")
+	}
+	return nil
 }
 
-func (be *Backend) RepoID(name string) string {
-	return name + ".git"
+func (be *Backend) SplitRepoNs(repoNs string) (string, string) {
+	results := strings.SplitN(repoNs, "/", 2)
+	if len(results) == 1 {
+		return "", results[0]
+	}
+
+	return results[0], results[1]
+}
+
+func (be *Backend) CanCreateRepo(repo *Repo, requester *User) error {
+	pubkey, err := be.PubkeyToPublicKey(requester.Pubkey)
+	if err != nil {
+		return err
+	}
+	isAdmin := be.IsAdmin(pubkey)
+	if isAdmin {
+		return nil
+	}
+
+	// can create repo is a misnomer since we are saying it's ok to create
+	// a repo even though one already exists.  this is a hack since this function
+	// is used exclusively inside pr creation flow.
+	if repo != nil {
+		return nil
+	}
+
+	if be.Cfg.CreateRepo == "user" {
+		return nil
+	}
+
+	// new repo with cfg indicating only admins can create prs/repos
+	return fmt.Errorf("you are not authorized to create repo")
 }
 
 func (be *Backend) Pubkey(pk ssh.PublicKey) string {
@@ -64,3 +103,40 @@ func (be *Backend) IsAdmin(pk ssh.PublicKey) bool {
 func (be *Backend) IsPrOwner(pka, pkb int64) bool {
 	return pka == pkb
 }
+
+type PrAcl struct {
+	CanModify bool
+	CanReview bool
+	CanDelete bool
+}
+
+func (be *Backend) GetPatchRequestAcl(prq *PatchRequest, requester *User) *PrAcl {
+	acl := &PrAcl{}
+	pubkey, err := be.PubkeyToPublicKey(requester.Pubkey)
+	if err != nil {
+		return acl
+	}
+
+	isAdmin := be.IsAdmin(pubkey)
+	// admin can do it all
+	if isAdmin {
+		acl.CanModify = true
+		acl.CanReview = true
+		acl.CanDelete = true
+		return acl
+	}
+
+	// pr creator have special priv
+	if requester != nil && be.IsPrOwner(prq.UserID, requester.ID) {
+		acl.CanModify = true
+		acl.CanReview = false
+		acl.CanDelete = true
+		return acl
+	}
+
+	acl.CanModify = false
+	acl.CanReview = false
+	acl.CanDelete = false
+
+	return acl
+}

cfg.go

@@ -14,30 +14,23 @@ import (
 	"github.com/knadh/koanf/v2"
 )
 
-type Repo struct {
-	ID            string `koanf:"id"`
-	Desc          string `koanf:"desc"`
-	CloneAddr     string `koanf:"clone_addr"`
-	DefaultBranch string `koanf:"default_branch"`
-}
-
 var k = koanf.New(".")
 
 type GitCfg struct {
 	DataDir    string          `koanf:"data_dir"`
-	Repos      []*Repo         `koanf:"repo"`
 	Url        string          `koanf:"url"`
 	Host       string          `koanf:"host"`
 	SshPort    string          `koanf:"ssh_port"`
 	WebPort    string          `koanf:"web_port"`
 	AdminsStr  []string        `koanf:"admins"`
 	Admins     []ssh.PublicKey `koanf:"admins_pk"`
+	CreateRepo string          `koanf:"create_repo"`
 	Theme      string          `koanf:"theme"`
 	TimeFormat string          `koanf:"time_format"`
 	Logger     *slog.Logger
 }
 
-func NewGitCfg(fpath string, logger *slog.Logger) *GitCfg {
+func LoadConfigFile(fpath string, logger *slog.Logger) {
 	fpp, err := filepath.Abs(fpath)
 	if err != nil {
 		panic(err)
@@ -47,8 +40,10 @@ func NewGitCfg(fpath string, logger *slog.Logger) *GitCfg {
 	if err := k.Load(file.Provider(fpp), toml.Parser()); err != nil {
 		panic(fmt.Sprintf("error loading config: %v", err))
 	}
+}
 
-	err = k.Load(env.Provider("GITPR_", ".", func(s string) string {
+func NewGitCfg(logger *slog.Logger) *GitCfg {
+	err := k.Load(env.Provider("GITPR_", ".", func(s string) string {
 		keyword := strings.ToLower(strings.TrimPrefix(s, "GITPR_"))
 		return keyword
 	}), nil)
@@ -63,7 +58,7 @@ func NewGitCfg(fpath string, logger *slog.Logger) *GitCfg {
 	}
 
 	if len(out.AdminsStr) > 0 {
-		keys, err := getAuthorizedKeys(out.AdminsStr)
+		keys, err := GetAuthorizedKeys(out.AdminsStr)
 		if err == nil {
 			out.Admins = keys
 		} else {
@@ -104,6 +99,10 @@ func NewGitCfg(fpath string, logger *slog.Logger) *GitCfg {
 		out.TimeFormat = time.RFC3339
 	}
 
+	if out.CreateRepo == "" {
+		out.CreateRepo = "admin"
+	}
+
 	logger.Info(
 		"config",
 		"url", out.Url,
@@ -113,25 +112,13 @@ func NewGitCfg(fpath string, logger *slog.Logger) *GitCfg {
 		"web_port", out.WebPort,
 		"theme", out.Theme,
 		"time_format", out.TimeFormat,
+		"create_repo", out.CreateRepo,
 	)
 
 	for _, pubkey := range out.AdminsStr {
 		logger.Info("admin", "pubkey", pubkey)
 	}
 
-	for _, repo := range out.Repos {
-		if repo.DefaultBranch == "" {
-			repo.DefaultBranch = "main"
-		}
-		logger.Info(
-			"repo",
-			"id", repo.ID,
-			"desc", repo.Desc,
-			"clone_addr", repo.CloneAddr,
-			"default_branch", repo.DefaultBranch,
-		)
-	}
-
 	out.Logger = logger
 	return &out
 }