sourcebot/packages/web/src/features/search/fileSourceApi.ts

'use server';

import escapeStringRegexp from "escape-string-regexp";
import { fileNotFound, ServiceError } from "../../lib/serviceError";
import { FileSourceRequest, FileSourceResponse } from "./types";
import { isServiceError } from "../../lib/utils";
import { search } from "./searchApi";
import { sew, withAuth, withOrgMembership } from "@/actions";
import { OrgRole } from "@sourcebot/db";
import { getAuditService } from "@/ee/features/audit/factory";
// @todo (bkellam) : We should really be using `git show <hash>:<path>` to fetch file contents here.
// This will allow us to support permalinks to files at a specific revision that may not be indexed
// by zoekt.

const auditService = getAuditService();

export const getFileSource = async ({ fileName, repository, branch }: FileSourceRequest, domain: string, apiKey: string | undefined = undefined): Promise<FileSourceResponse | ServiceError> => sew(() =>
    withAuth((userId, apiKeyHash) =>
        withOrgMembership(userId, domain, async ({ org }) => {
            const escapedFileName = escapeStringRegexp(fileName);
            const escapedRepository = escapeStringRegexp(repository);

            let query = `file:${escapedFileName} repo:^${escapedRepository}$`;
            if (branch) {
                query = query.concat(` branch:${branch}`);
            }

            const searchResponse = await search({
                query,
                matches: 1,
                whole: true,
            }, domain, apiKey);

            if (isServiceError(searchResponse)) {
                return searchResponse;
            }

            const files = searchResponse.files;

            if (!files || files.length === 0) {
                return fileNotFound(fileName, repository);
            }

            const file = files[0];
            const source = file.content ?? '';
            const language = file.language;
            
            await auditService.createAudit({
                action: "query.file_source",
                actor: {
                    id: apiKeyHash ?? userId,
                    type: apiKeyHash ? "api_key" : "user"
                },
                orgId: org.id,
                target: {
                    id: `${escapedRepository}/${escapedFileName}${branch ? `:${branch}` : ''}`,
                    type: "file"
                }
            });
            return {
                source,
                language,
                webUrl: file.webUrl,
            } satisfies FileSourceResponse;

        }, /* minRequiredRole = */ OrgRole.GUEST), /* allowSingleTenantUnauthedAccess = */ true, apiKey ? { apiKey, domain } : undefined)
);
V4 (#311) Sourcebot V4 introduces authentication, performance improvements and code navigation. Checkout the [migration guide](https://docs.sourcebot.dev/self-hosting/upgrade/v3-to-v4-guide) for information on upgrading your instance to v4. ### Changed - [Breaking Change] Authentication is now required by default. Notes: - When setting up your instance, email / password login will be the default authentication provider. - The first user that logs into the instance is given the `owner` role. ([docs](https://docs.sourcebot.dev/docs/more/roles-and-permissions)). - Subsequent users can request to join the instance. The `owner` can approve / deny requests to join the instance via `Settings` > `Members` > `Pending Requests`. - If a user is approved to join the instance, they are given the `member` role. - Additional login providers, including email links and SSO, can be configured with additional environment variables. ([docs](https://docs.sourcebot.dev/self-hosting/configuration/authentication)). - Clicking on a search result now takes you to the `/browse` view. Files can still be previewed by clicking the "Preview" button or holding `Cmd` / `Ctrl` when clicking on a search result. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Added - [Sourcebot EE] Added search-based code navigation, allowing you to jump between symbol definition and references when viewing source files. [Read the documentation](https://docs.sourcebot.dev/docs/search/code-navigation). [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) - Added collapsible filter panel. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Fixed - Improved scroll performance for large numbers of search results. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) 2025-05-28 23:08:42 +00:00			`'use server';`

chore: Sourcebot REST api surface (#290) 2025-05-03 18:33:58 +00:00			`import escapeStringRegexp from "escape-string-regexp";`
			`import { fileNotFound, ServiceError } from "../../lib/serviceError";`
			`import { FileSourceRequest, FileSourceResponse } from "./types";`
			`import { isServiceError } from "../../lib/utils";`
			`import { search } from "./searchApi";`
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			`import { sew, withAuth, withOrgMembership } from "@/actions";`
V4 (#311) Sourcebot V4 introduces authentication, performance improvements and code navigation. Checkout the [migration guide](https://docs.sourcebot.dev/self-hosting/upgrade/v3-to-v4-guide) for information on upgrading your instance to v4. ### Changed - [Breaking Change] Authentication is now required by default. Notes: - When setting up your instance, email / password login will be the default authentication provider. - The first user that logs into the instance is given the `owner` role. ([docs](https://docs.sourcebot.dev/docs/more/roles-and-permissions)). - Subsequent users can request to join the instance. The `owner` can approve / deny requests to join the instance via `Settings` > `Members` > `Pending Requests`. - If a user is approved to join the instance, they are given the `member` role. - Additional login providers, including email links and SSO, can be configured with additional environment variables. ([docs](https://docs.sourcebot.dev/self-hosting/configuration/authentication)). - Clicking on a search result now takes you to the `/browse` view. Files can still be previewed by clicking the "Preview" button or holding `Cmd` / `Ctrl` when clicking on a search result. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Added - [Sourcebot EE] Added search-based code navigation, allowing you to jump between symbol definition and references when viewing source files. [Read the documentation](https://docs.sourcebot.dev/docs/search/code-navigation). [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) - Added collapsible filter panel. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Fixed - Improved scroll performance for large numbers of search results. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) 2025-05-28 23:08:42 +00:00			`import { OrgRole } from "@sourcebot/db";`
feat(audit-logging): Adds audit logging support (#355) * add audit factory skeleton * add additional audit events * add more audit logs * delete account join request when redeeming an invite * add audit event for account request removed * wip api to fetch audits * add check for audit with public access and entitlement * fix issues with merge * add docs for audit logs * add proper audit log for audit fetch and proper handling of api key hash in audit * format nit * feedback 2025-06-18 17:50:36 +00:00			`import { getAuditService } from "@/ee/features/audit/factory";`
chore: Sourcebot REST api surface (#290) 2025-05-03 18:33:58 +00:00			// @todo (bkellam) : We should really be using `git show <hash>:<path>` to fetch file contents here.
			`// This will allow us to support permalinks to files at a specific revision that may not be indexed`
			`// by zoekt.`
feat(audit-logging): Adds audit logging support (#355) * add audit factory skeleton * add additional audit events * add more audit logs * delete account join request when redeeming an invite * add audit event for account request removed * wip api to fetch audits * add check for audit with public access and entitlement * fix issues with merge * add docs for audit logs * add proper audit log for audit fetch and proper handling of api key hash in audit * format nit * feedback 2025-06-18 17:50:36 +00:00
			`const auditService = getAuditService();`

V4 (#311) Sourcebot V4 introduces authentication, performance improvements and code navigation. Checkout the [migration guide](https://docs.sourcebot.dev/self-hosting/upgrade/v3-to-v4-guide) for information on upgrading your instance to v4. ### Changed - [Breaking Change] Authentication is now required by default. Notes: - When setting up your instance, email / password login will be the default authentication provider. - The first user that logs into the instance is given the `owner` role. ([docs](https://docs.sourcebot.dev/docs/more/roles-and-permissions)). - Subsequent users can request to join the instance. The `owner` can approve / deny requests to join the instance via `Settings` > `Members` > `Pending Requests`. - If a user is approved to join the instance, they are given the `member` role. - Additional login providers, including email links and SSO, can be configured with additional environment variables. ([docs](https://docs.sourcebot.dev/self-hosting/configuration/authentication)). - Clicking on a search result now takes you to the `/browse` view. Files can still be previewed by clicking the "Preview" button or holding `Cmd` / `Ctrl` when clicking on a search result. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Added - [Sourcebot EE] Added search-based code navigation, allowing you to jump between symbol definition and references when viewing source files. [Read the documentation](https://docs.sourcebot.dev/docs/search/code-navigation). [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) - Added collapsible filter panel. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Fixed - Improved scroll performance for large numbers of search results. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) 2025-05-28 23:08:42 +00:00			`export const getFileSource = async ({ fileName, repository, branch }: FileSourceRequest, domain: string, apiKey: string \| undefined = undefined): Promise<FileSourceResponse \| ServiceError> => sew(() =>`
feat(audit-logging): Adds audit logging support (#355) * add audit factory skeleton * add additional audit events * add more audit logs * delete account join request when redeeming an invite * add audit event for account request removed * wip api to fetch audits * add check for audit with public access and entitlement * fix issues with merge * add docs for audit logs * add proper audit log for audit fetch and proper handling of api key hash in audit * format nit * feedback 2025-06-18 17:50:36 +00:00			`withAuth((userId, apiKeyHash) =>`
			`withOrgMembership(userId, domain, async ({ org }) => {`
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			`const escapedFileName = escapeStringRegexp(fileName);`
			`const escapedRepository = escapeStringRegexp(repository);`
chore: Sourcebot REST api surface (#290) 2025-05-03 18:33:58 +00:00
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			let query = `file:${escapedFileName} repo:^${escapedRepository}$`;
			`if (branch) {`
			query = query.concat(` branch:${branch}`);
			`}`
chore: Sourcebot REST api surface (#290) 2025-05-03 18:33:58 +00:00
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			`const searchResponse = await search({`
			`query,`
			`matches: 1,`
			`whole: true,`
V4 (#311) Sourcebot V4 introduces authentication, performance improvements and code navigation. Checkout the [migration guide](https://docs.sourcebot.dev/self-hosting/upgrade/v3-to-v4-guide) for information on upgrading your instance to v4. ### Changed - [Breaking Change] Authentication is now required by default. Notes: - When setting up your instance, email / password login will be the default authentication provider. - The first user that logs into the instance is given the `owner` role. ([docs](https://docs.sourcebot.dev/docs/more/roles-and-permissions)). - Subsequent users can request to join the instance. The `owner` can approve / deny requests to join the instance via `Settings` > `Members` > `Pending Requests`. - If a user is approved to join the instance, they are given the `member` role. - Additional login providers, including email links and SSO, can be configured with additional environment variables. ([docs](https://docs.sourcebot.dev/self-hosting/configuration/authentication)). - Clicking on a search result now takes you to the `/browse` view. Files can still be previewed by clicking the "Preview" button or holding `Cmd` / `Ctrl` when clicking on a search result. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Added - [Sourcebot EE] Added search-based code navigation, allowing you to jump between symbol definition and references when viewing source files. [Read the documentation](https://docs.sourcebot.dev/docs/search/code-navigation). [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) - Added collapsible filter panel. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Fixed - Improved scroll performance for large numbers of search results. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) 2025-05-28 23:08:42 +00:00			`}, domain, apiKey);`
chore: Sourcebot REST api surface (#290) 2025-05-03 18:33:58 +00:00
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			`if (isServiceError(searchResponse)) {`
			`return searchResponse;`
			`}`
chore: Sourcebot REST api surface (#290) 2025-05-03 18:33:58 +00:00
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			`const files = searchResponse.files;`
chore: Sourcebot REST api surface (#290) 2025-05-03 18:33:58 +00:00
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			`if (!files \|\| files.length === 0) {`
			`return fileNotFound(fileName, repository);`
			`}`
chore: Sourcebot REST api surface (#290) 2025-05-03 18:33:58 +00:00
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			`const file = files[0];`
			`const source = file.content ?? '';`
			`const language = file.language;`
feat(audit-logging): Adds audit logging support (#355) * add audit factory skeleton * add additional audit events * add more audit logs * delete account join request when redeeming an invite * add audit event for account request removed * wip api to fetch audits * add check for audit with public access and entitlement * fix issues with merge * add docs for audit logs * add proper audit log for audit fetch and proper handling of api key hash in audit * format nit * feedback 2025-06-18 17:50:36 +00:00
			`await auditService.createAudit({`
			`action: "query.file_source",`
			`actor: {`
			`id: apiKeyHash ?? userId,`
			`type: apiKeyHash ? "api_key" : "user"`
			`},`
			`orgId: org.id,`
			`target: {`
			id: `${escapedRepository}/${escapedFileName}${branch ? `:${branch}` : ''}`,
			`type: "file"`
			`}`
			`});`
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			`return {`
			`source,`
			`language,`
V4 (#311) Sourcebot V4 introduces authentication, performance improvements and code navigation. Checkout the [migration guide](https://docs.sourcebot.dev/self-hosting/upgrade/v3-to-v4-guide) for information on upgrading your instance to v4. ### Changed - [Breaking Change] Authentication is now required by default. Notes: - When setting up your instance, email / password login will be the default authentication provider. - The first user that logs into the instance is given the `owner` role. ([docs](https://docs.sourcebot.dev/docs/more/roles-and-permissions)). - Subsequent users can request to join the instance. The `owner` can approve / deny requests to join the instance via `Settings` > `Members` > `Pending Requests`. - If a user is approved to join the instance, they are given the `member` role. - Additional login providers, including email links and SSO, can be configured with additional environment variables. ([docs](https://docs.sourcebot.dev/self-hosting/configuration/authentication)). - Clicking on a search result now takes you to the `/browse` view. Files can still be previewed by clicking the "Preview" button or holding `Cmd` / `Ctrl` when clicking on a search result. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Added - [Sourcebot EE] Added search-based code navigation, allowing you to jump between symbol definition and references when viewing source files. [Read the documentation](https://docs.sourcebot.dev/docs/search/code-navigation). [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) - Added collapsible filter panel. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Fixed - Improved scroll performance for large numbers of search results. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) 2025-05-28 23:08:42 +00:00			`webUrl: file.webUrl,`
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			`} satisfies FileSourceResponse;`
feat(audit-logging): Adds audit logging support (#355) * add audit factory skeleton * add additional audit events * add more audit logs * delete account join request when redeeming an invite * add audit event for account request removed * wip api to fetch audits * add check for audit with public access and entitlement * fix issues with merge * add docs for audit logs * add proper audit log for audit fetch and proper handling of api key hash in audit * format nit * feedback 2025-06-18 17:50:36 +00:00
V4 (#311) Sourcebot V4 introduces authentication, performance improvements and code navigation. Checkout the [migration guide](https://docs.sourcebot.dev/self-hosting/upgrade/v3-to-v4-guide) for information on upgrading your instance to v4. ### Changed - [Breaking Change] Authentication is now required by default. Notes: - When setting up your instance, email / password login will be the default authentication provider. - The first user that logs into the instance is given the `owner` role. ([docs](https://docs.sourcebot.dev/docs/more/roles-and-permissions)). - Subsequent users can request to join the instance. The `owner` can approve / deny requests to join the instance via `Settings` > `Members` > `Pending Requests`. - If a user is approved to join the instance, they are given the `member` role. - Additional login providers, including email links and SSO, can be configured with additional environment variables. ([docs](https://docs.sourcebot.dev/self-hosting/configuration/authentication)). - Clicking on a search result now takes you to the `/browse` view. Files can still be previewed by clicking the "Preview" button or holding `Cmd` / `Ctrl` when clicking on a search result. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Added - [Sourcebot EE] Added search-based code navigation, allowing you to jump between symbol definition and references when viewing source files. [Read the documentation](https://docs.sourcebot.dev/docs/search/code-navigation). [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) - Added collapsible filter panel. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Fixed - Improved scroll performance for large numbers of search results. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) 2025-05-28 23:08:42 +00:00			`}, /* minRequiredRole = / OrgRole.GUEST), / allowSingleTenantUnauthedAccess = */ true, apiKey ? { apiKey, domain } : undefined)`
feat: Generic git host support (local & remote) (#307) 2025-05-15 20:42:58 +00:00			`);`