Pass Token Provider

ChrisPenner · ChrisPenner · commit cd9ce0e8cd21 · 2025-10-06T17:15:28.000-07:00
diff --git a/parser-typechecker/src/Unison/Codebase/SqliteCodebase/Migrations.hs b/parser-typechecker/src/Unison/Codebase/SqliteCodebase/Migrations.hs
@@ -89,7 +89,8 @@ migrations regionVar getDeclType termBuffer declBuffer rootCodebasePath =
       sqlMigration 19 Q.addMergeBranchTables,
       sqlMigration 20 Q.addUpdateBranchTable,
       sqlMigration 21 Q.addDerivedDependentsByDependencyIndex,
-      sqlMigration 22 Q.addUpgradeBranchTable
+      sqlMigration 22 Q.addUpgradeBranchTable,
+      sqlMigration 23 Q.addSyncV3TempTables
     ]
   where
     runT :: Sqlite.Transaction () -> Sqlite.Connection -> IO ()
diff --git a/parser-typechecker/src/Unison/Codebase/SqliteCodebase/Operations.hs b/parser-typechecker/src/Unison/Codebase/SqliteCodebase/Operations.hs
@@ -85,6 +85,7 @@ createSchema = do
   Q.addUpdateBranchTable
   Q.addDerivedDependentsByDependencyIndex
   Q.addUpgradeBranchTable
+  Q.addSyncV3TempTables
   (_, emptyCausalHashId) <- emptyCausalHash
   (_, ProjectBranchRow {projectId, branchId}) <-
     insertProjectAndBranch scratchProjectName scratchBranchName emptyCausalHashId
diff --git a/unison-cli/src/Unison/Cli/Monad.hs b/unison-cli/src/Unison/Cli/Monad.hs
@@ -71,6 +71,7 @@ import U.Codebase.Sqlite.DbId (ProjectBranchId, ProjectId)
 import U.Codebase.Sqlite.Queries qualified as Q
 import Unison.Auth.CredentialManager (CredentialManager)
 import Unison.Auth.HTTPClient (AuthenticatedHttpClient)
+import Unison.Auth.Tokens (TokenProvider)
 import Unison.Codebase (Codebase)
 import Unison.Codebase qualified as Codebase
 import Unison.Codebase.Editor.Input (Input)
@@ -158,6 +159,9 @@ type SourceName = Text
 -- Get the environment with 'ask'.
 data Env = Env
   { authHTTPClient :: AuthenticatedHttpClient,
+    -- | How to get auth tokens for a given codeserver.
+    -- Using AuthenticatedHttpClient takes care of this, but websocket connection need to provide auth headers manually.
+    tokenProvider :: TokenProvider,
     codebase :: Codebase IO Symbol Ann,
     credentialManager :: CredentialManager,
     -- | Generate a unique name.
diff --git a/unison-cli/src/Unison/Codebase/Transcript/Runner.hs b/unison-cli/src/Unison/Codebase/Transcript/Runner.hs
@@ -96,7 +96,9 @@ withRunner ::
   m r
 withRunner isTest verbosity ucmVersion action = do
   credMan <- AuthN.newCredentialManager
-  authenticatedHTTPClient <- initTranscriptAuthenticatedHTTPClient credMan
+  let tokenProvider :: AuthN.TokenProvider
+      tokenProvider = AuthN.newTokenProvider credMan
+  authenticatedHTTPClient <- AuthN.newAuthenticatedHTTPClient tokenProvider ucmVersion
 
   -- If we're in a transcript test, configure the environment to use a non-existent fzf binary
   -- so that errors are consistent.
@@ -130,6 +132,7 @@ withRunner isTest verbosity ucmVersion action = do
                   ucmVersion
                   baseUrlText
                   authenticatedHTTPClient
+                  tokenProvider
                   credMan
                   stanzas
   where
@@ -138,11 +141,6 @@ withRunner isTest verbosity ucmVersion action = do
       RTI.withRuntime False RTI.Persistent ucmVersion \runtime ->
         RTI.withRuntime True RTI.Persistent ucmVersion \sbRuntime ->
           action runtime sbRuntime
-    initTranscriptAuthenticatedHTTPClient :: AuthN.CredentialManager -> m AuthN.AuthenticatedHttpClient
-    initTranscriptAuthenticatedHTTPClient credMan = liftIO $ do
-      let tokenProvider :: AuthN.TokenProvider
-          tokenProvider = AuthN.newTokenProvider credMan
-      AuthN.newAuthenticatedHTTPClient tokenProvider ucmVersion
 
 isGeneratedBlock :: ProcessedBlock -> Bool
 isGeneratedBlock = generated . getCommonInfoTags
@@ -157,10 +155,11 @@ run ::
   UCMVersion ->
   Text ->
   AuthN.AuthenticatedHttpClient ->
+  AuthN.TokenProvider ->
   AuthN.CredentialManager ->
   Transcript ->
   IO (Either Error Transcript)
-run isTest verbosity codebase runtime sbRuntime ucmVersion baseURL authenticatedHTTPClient credMan transcript = UnliftIO.try do
+run isTest verbosity codebase runtime sbRuntime ucmVersion baseURL authenticatedHTTPClient tokenProvider credMan transcript = UnliftIO.try do
   let behaviors = extractBehaviors $ settings transcript
   let stanzas' = stanzas transcript
   httpManager <- HTTP.newManager HTTP.defaultManagerSettings
@@ -518,6 +517,7 @@ run isTest verbosity codebase runtime sbRuntime ucmVersion baseURL authenticated
   let env =
         Cli.Env
           { authHTTPClient = authenticatedHTTPClient,
+            tokenProvider,
             codebase,
             credentialManager = credMan,
             generateUniqueName = do
diff --git a/unison-cli/src/Unison/CommandLine/Main.hs b/unison-cli/src/Unison/CommandLine/Main.hs
@@ -26,6 +26,7 @@ import U.Codebase.Sqlite.Queries qualified as Queries
 import Unison.Auth.CredentialManager qualified as AuthN
 import Unison.Auth.HTTPClient (AuthenticatedHttpClient)
 import Unison.Auth.HTTPClient qualified as AuthN
+import Unison.Auth.Tokens (TokenProvider)
 import Unison.Cli.Monad qualified as Cli
 import Unison.Cli.Pretty qualified as P
 import Unison.Cli.ProjectUtils qualified as ProjectUtils
@@ -146,11 +147,12 @@ main ::
   Maybe Server.BaseUrl ->
   UCMVersion ->
   AuthN.AuthenticatedHttpClient ->
+  TokenProvider ->
   AuthN.CredentialManager ->
   (PP.ProjectPathIds -> IO ()) ->
   ShouldWatchFiles ->
   IO ()
-main dir welcome ppIds initialInputs runtime sbRuntime codebase serverBaseUrl ucmVersion authHTTPClient credentialManager lspCheckForChanges shouldWatchFiles = do
+main dir welcome ppIds initialInputs runtime sbRuntime codebase serverBaseUrl ucmVersion authHTTPClient tokenProvider credentialManager lspCheckForChanges shouldWatchFiles = do
   -- we don't like FSNotify's debouncing (it seems to drop later events)
   -- so we will be doing our own instead
   let config = FSNotify.defaultConfig
@@ -288,6 +290,7 @@ main dir welcome ppIds initialInputs runtime sbRuntime codebase serverBaseUrl uc
               { authHTTPClient,
                 codebase,
                 credentialManager,
+                tokenProvider,
                 loadSource = loadSourceFile,
                 lspCheckForChanges,
                 writeSource,
diff --git a/unison-cli/src/Unison/MCP/Cli.hs b/unison-cli/src/Unison/MCP/Cli.hs
@@ -102,6 +102,7 @@ cliToMCP projCtx cli = do
   let cliEnv =
         Cli.Env
           { authHTTPClient = authenticatedHTTPClient,
+            tokenProvider,
             codebase,
             credentialManager = credMan,
             generateUniqueName = do
diff --git a/unison-cli/src/Unison/Main.hs b/unison-cli/src/Unison/Main.hs
@@ -54,6 +54,7 @@ import Text.Megaparsec qualified as MP
 import U.Codebase.Sqlite.Queries qualified as Queries
 import Unison.Auth.CredentialManager qualified as AuthN
 import Unison.Auth.HTTPClient qualified as AuthN
+import Unison.Auth.Tokens (TokenProvider)
 import Unison.Auth.Tokens qualified as AuthN
 import Unison.Cli.ProjectUtils qualified as ProjectUtils
 import Unison.Codebase (Codebase, CodebasePath)
@@ -185,7 +186,8 @@ main version = do
                       let serverUrl = Nothing
                       let ucmVersion = Version.gitDescribeWithDate version
                       credMan <- liftIO $ AuthN.newCredentialManager
-                      authenticatedHTTPClient <- initTranscriptAuthenticatedHTTPClient ucmVersion credMan
+                      let tokenProvider = AuthN.newTokenProvider credMan
+                      authenticatedHTTPClient <- AuthN.newAuthenticatedHTTPClient tokenProvider ucmVersion
                       startProjectPath <- Codebase.runTransaction theCodebase Codebase.expectCurrentProjectPath
                       launch
                         version
@@ -195,6 +197,7 @@ main version = do
                         theCodebase
                         [Left fileEvent, Right $ Input.ExecuteI NoProf mainName args, Right Input.QuitI]
                         authenticatedHTTPClient
+                        tokenProvider
                         credMan
                         serverUrl
                         (PP.toIds startProjectPath)
@@ -213,7 +216,8 @@ main version = do
                   let serverUrl = Nothing
                   let ucmVersion = Version.gitDescribeWithDate version
                   credMan <- liftIO $ AuthN.newCredentialManager
-                  authenticatedHTTPClient <- initTranscriptAuthenticatedHTTPClient ucmVersion credMan
+                  let tokenProvider = AuthN.newTokenProvider credMan
+                  authenticatedHTTPClient <- AuthN.newAuthenticatedHTTPClient tokenProvider ucmVersion
                   startProjectPath <- Codebase.runTransaction theCodebase Codebase.expectCurrentProjectPath
                   launch
                     version
@@ -223,6 +227,7 @@ main version = do
                     theCodebase
                     [Left fileEvent, Right $ Input.ExecuteI NoProf mainName args, Right Input.QuitI]
                     authenticatedHTTPClient
+                    tokenProvider
                     credMan
                     serverUrl
                     (PP.toIds startProjectPath)
@@ -330,7 +335,8 @@ main version = do
               let isTest = False
               let ucmVersion = Version.gitDescribeWithDate version
               credMan <- liftIO $ AuthN.newCredentialManager
-              authenticatedHTTPClient <- initTranscriptAuthenticatedHTTPClient ucmVersion credMan
+              let tokenProvider = AuthN.newTokenProvider credMan
+              authenticatedHTTPClient <- AuthN.newAuthenticatedHTTPClient tokenProvider ucmVersion
               mcpServerConfig <- MCP.initServer theCodebase runtime sbRuntime (Just currentDir) ucmVersion authenticatedHTTPClient
               Server.startServer
                 isTest
@@ -374,6 +380,7 @@ main version = do
                         theCodebase
                         []
                         authenticatedHTTPClient
+                        tokenProvider
                         credMan
                         mayBaseUrl
                         (PP.toIds startingProjectPath)
@@ -596,14 +603,15 @@ launch ::
   Codebase.Codebase IO Symbol Ann ->
   [Either Input.Event Input.Input] ->
   AuthN.AuthenticatedHttpClient ->
+  TokenProvider ->
   AuthN.CredentialManager ->
   Maybe Server.BaseUrl ->
   PP.ProjectPathIds ->
   InitResult ->
   (PP.ProjectPathIds -> IO ()) ->
   CommandLine.ShouldWatchFiles ->
   IO ()
-launch version dir runtime sbRuntime codebase inputs authenticatedHTTPClient credMan serverBaseUrl startingPath initResult lspCheckForChanges shouldWatchFiles = do
+launch version dir runtime sbRuntime codebase inputs authenticatedHTTPClient tokenProvider credMan serverBaseUrl startingPath initResult lspCheckForChanges shouldWatchFiles = do
   showWelcomeHint <- Codebase.runTransaction codebase Queries.doProjectsExist
   let isNewCodebase = case initResult of
         CreatedCodebase -> NewlyCreatedCodebase
@@ -621,6 +629,7 @@ launch version dir runtime sbRuntime codebase inputs authenticatedHTTPClient cre
         serverBaseUrl
         ucmVersion
         authenticatedHTTPClient
+        tokenProvider
         credMan
         lspCheckForChanges
         shouldWatchFiles
diff --git a/unison-cli/src/Unison/Share/SyncV3.hs b/unison-cli/src/Unison/Share/SyncV3.hs
@@ -3,18 +3,17 @@ module Unison.Share.SyncV3
   )
 where
 
+import Network.Socket (withSocketsDo)
 import Control.Arrow ((&&&))
 import Control.Monad.Reader
 import Data.Set qualified as Set
-import Data.Set.Lens qualified as Lens
+import Data.Text.Encoding as Text
 import GHC.Natural
 import Ki qualified
 import Network.WebSockets qualified as WS
 import U.Codebase.HashTags
 import U.Codebase.Sqlite.DbId
-import U.Codebase.Sqlite.Entity qualified as Entity
 import U.Codebase.Sqlite.Queries qualified as Q
-import U.Codebase.Sqlite.TempEntity (TempEntity)
 import U.Codebase.Sqlite.V2.HashHandle (v2HashHandle)
 import Unison.Cli.Monad
 import Unison.Cli.Monad qualified as Cli
@@ -27,9 +26,11 @@ import Unison.Server.Orphans ()
 import Unison.Share.API.Hash qualified as Share
 import Unison.Share.Codeserver qualified as Codeserver
 import Unison.Share.Sync.Types qualified as Sync
+import Unison.Share.Types
 import Unison.Sync.Common qualified as Sync
 import Unison.SyncV3.Types
 import Unison.SyncV3.Types as SyncV3
+import Unison.SyncV3.Utils (tempEntityDependencies)
 import Unison.Util.Servant.CBOR qualified as CBOR
 import Unison.Util.Websockets (Queues (..), withQueues)
 import UnliftIO.STM
@@ -58,14 +59,16 @@ syncFromCodeserver ::
   Share.HashJWT ->
   Cli (Either (Sync.SyncError SyncV3.SyncError) (CausalHash, CausalHashId))
 syncFromCodeserver _shouldValidate codeserver branchRef hashJwt = do
-  Cli.Env {codebase} <- ask
+  Cli.Env {codebase, tokenProvider} <- ask
   let host = Codeserver.codeserverRegName codeserver
   let syncV3Path = "/ucm/v3/sync/download"
   let rootCausalHash = Share.hashJWTHash hashJwt
   -- Enable compression
   let connectionOptions = WS.defaultConnectionOptions {WS.connectionCompressionOptions = WS.PermessageDeflateCompression WS.defaultPermessageDeflate}
-  -- TODO: Add authentication headers manually.
-  let headers = []
+  headers <-
+    (liftIO (tokenProvider (codeserverIdFromCodeserverURI codeserver))) <&> \case
+      Left {} -> []
+      Right token -> [("Authorization", "Bearer " <> Text.encodeUtf8 token)]
   let runner = case Codeserver.codeserverScheme codeserver of
         Codeserver.Https ->
           let tlsPort = 443
@@ -76,7 +79,7 @@ syncFromCodeserver _shouldValidate codeserver branchRef hashJwt = do
               port = maybe tlsPort id $ (Codeserver.codeserverPort) codeserver
            in WS.runClientWith host port
   Debug.debugLogM Debug.Temp "Obtaining Connection"
-  liftIO $ (runner syncV3Path connectionOptions headers) \conn -> do
+  liftIO $ withSocketsDo $ (runner syncV3Path connectionOptions headers) \conn -> do
     Debug.debugLogM Debug.Temp "Obtained Connection"
     withQueues inputBuffer outputBuffer conn $ \queues@Queues {send} -> do
       Debug.debugLogM Debug.Temp "Obtained Queues"
@@ -216,16 +219,3 @@ flushTemp codebase rootCausalHash = do
                     loop
         loop
     Q.expectCausalHashIdByCausalHash (Sync.hash32ToCausalHash rootCausalHash)
-
-tempEntityDependencies :: TempEntity -> Set (EntityKind, Hash32)
-tempEntityDependencies entity = do
-  let componentDeps = Lens.setOf Entity.defns_ entity
-      patchDeps = Lens.setOf Entity.patches_ entity
-      branchHashes = Lens.setOf Entity.branchHashes_ entity <> Lens.setOf Entity.branches_ entity
-      causalHashes = Lens.setOf Entity.causalHashes_ entity
-   in Set.unions
-        [ Set.map (DefnComponentEntity,) componentDeps,
-          Set.map (PatchEntity,) patchDeps,
-          Set.map (NamespaceEntity,) branchHashes,
-          Set.map (CausalEntity,) causalHashes
-        ]
diff --git a/unison-share-api/src/Unison/SyncV3/Utils.hs b/unison-share-api/src/Unison/SyncV3/Utils.hs
@@ -0,0 +1,30 @@
+module Unison.SyncV3.Utils (tempEntityDependencies, entityDependencies) where
+
+import Data.Set (Set)
+import Data.Set qualified as Set
+import Data.Set.Lens qualified as Lens
+import U.Codebase.Sqlite.Entity qualified as Entity
+import U.Codebase.Sqlite.TempEntity
+import Unison.Hash32 (Hash32)
+import Unison.SyncV3.Types
+import Unison.Util.Servant.CBOR qualified as CBOR
+
+tempEntityDependencies :: TempEntity -> Set (EntityKind, Hash32)
+tempEntityDependencies entity = do
+  let componentDeps = Lens.setOf Entity.defns_ entity
+      patchDeps = Lens.setOf Entity.patches_ entity
+      branchHashes = Lens.setOf Entity.branchHashes_ entity <> Lens.setOf Entity.branches_ entity
+      causalHashes = Lens.setOf Entity.causalHashes_ entity
+   in Set.unions
+        [ Set.map (DefnComponentEntity,) componentDeps,
+          Set.map (PatchEntity,) patchDeps,
+          Set.map (NamespaceEntity,) branchHashes,
+          Set.map (CausalEntity,) causalHashes
+        ]
+
+entityDependencies :: Entity hash text -> Set (EntityKind, Hash32)
+entityDependencies Entity {entityData} = do
+  case (CBOR.deserialiseOrFailCBORBytes $ entityData) of
+    -- TODO: proper error handling
+    Left err -> error $ show err
+    Right tempEntity -> tempEntityDependencies tempEntity
diff --git a/unison-share-api/unison-share-api.cabal b/unison-share-api/unison-share-api.cabal
@@ -53,6 +53,7 @@ library
       Unison.SyncV2.API
       Unison.SyncV2.Types
       Unison.SyncV3.Types
+      Unison.SyncV3.Utils
       Unison.Util.Find
       Unison.Util.Servant.CBOR
       Unison.Util.Websockets
