16 lines
1.2 KiB
Markdown
16 lines
1.2 KiB
Markdown
|
# unix database
|
||
|
|
|
||
|
|
The `unix` forgehook database is the reference implementation. Here, you will find information about its architecture.
|
||
|
|
|
||
|
|
A naive approach to subscriptions storage would have users manage their own database in `$HOME`. However, that would require to iterate over all homedirs on every webhook to figure out which are legitimate, which is a vector for DOS attacks, so we need another way.
|
||
|
|
|
||
|
|
Instead, we let the configured forgehook user manage a central database. This is done in its home directory, in a `database` folder (TODO: update code). For each known repository URL `$r` (where `$rhex` is the hex-encoded representation of it), there is in this folder:
|
||
|
|
|
||
|
|
- `$rhex.owner` is the local user owning the repository, and is therefore responsible for keeping the secret in sync with the remote
|
||
|
|
- `.$rhex.secret` contains the secret shared with the repo
|
||
|
|
- `$rhex.$u` for each `$u` local user subscribed to the repo
|
||
|
|
|
||
|
|
TODO: update code which currently does the exact opposite, see https://tildegit.org/southerntofu/webhook/issues/4
|
||
|
|
|
||
|
|
Additionally, for each user `$u` owning one or more repositories, there is a `.owned-by/$u` folder containing files named after the `$rhex` for each repository `$r` remote the user owns.
|