feat: extend purgatory announcement expiry during git push authorization

Per design doc decision #4: when git auth finds a matching state event in purgatory that authorizes a push, extend the announcement's expiry. The repo is actively receiving git data so the announcement should not expire prematurely. Also triggers revival of soft-expired announcements.
author: DanConwayDev <DanConwayDev@protonmail.com> 2026-02-23 12:54:57 +0000
committer: DanConwayDev <DanConwayDev@protonmail.com> 2026-02-23 12:54:57 +0000
commit: c3dedb7a5b527c3a3deb1e781aba9d562c6eb294 (patch)
tree: 5abd314362d7455036cc1480444c7d958fcf3c06 /src
parent: 84c9003323162f166552d1dea15ee9ed1b1a025a (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/src/git/authorization.rs b/src/git/authorization.rs
index 9d53c4f..69a0751 100644
--- a/src/git/authorization.rs
+++ b/src/git/authorization.rs
@@ -661,6 +661,27 @@ pub async fn get_state_authorization_for_specific_owner_repo(
                        .unwrap_or_else(|_| latest_authorized.pubkey.to_hex())
                );
+                // Extend purgatory announcement expiry for the owner.
+                //
+                // Per design doc decision #4: git auth extending a state event's expiry
+                // also extends the announcement's expiry. The repo is actively receiving
+                // git data, so the announcement should not expire prematurely.
+                // This also revives soft-expired announcements (recreates bare repo).
+                if let Ok(owner_pk) = PublicKey::parse(owner_pubkey) {
+                    if purgatory.has_purgatory_announcement(&owner_pk, identifier) {
+                        purgatory.extend_announcement_expiry(
+                            &owner_pk,
+                            identifier,
+                            std::time::Duration::from_secs(1800),
+                        );
+                        debug!(
+                            identifier = %identifier,
+                            owner = %owner_pubkey,
+                            "Extended purgatory announcement expiry due to git push authorization"
+                        );
+                    }
+                }
                return Ok(AuthorizationResult {
                    authorized: true,
                    reason: "Authorized by state event in purgatory".to_string(),
author	DanConwayDev <DanConwayDev@protonmail.com>	2026-02-23 12:54:57 +0000
committer	DanConwayDev <DanConwayDev@protonmail.com>	2026-02-23 12:54:57 +0000
commit	c3dedb7a5b527c3a3deb1e781aba9d562c6eb294 (patch)
tree	5abd314362d7455036cc1480444c7d958fcf3c06 /src
parent	84c9003323162f166552d1dea15ee9ed1b1a025a (diff)

diff --git a/src/git/authorization.rs b/src/git/authorization.rs index 9d53c4f..69a0751 100644 --- a/src/git/authorization.rs +++ b/src/git/authorization.rs
@@ -661,6 +661,27 @@ pub async fn get_state_authorization_for_specific_owner_repo(
661	.unwrap_or_else(\|_\| latest_authorized.pubkey.to_hex())	661	.unwrap_or_else(\|_\| latest_authorized.pubkey.to_hex())
662	);	662	);
663		663
		664	// Extend purgatory announcement expiry for the owner.
		665	//
		666	// Per design doc decision #4: git auth extending a state event's expiry
		667	// also extends the announcement's expiry. The repo is actively receiving
		668	// git data, so the announcement should not expire prematurely.
		669	// This also revives soft-expired announcements (recreates bare repo).
		670	if let Ok(owner_pk) = PublicKey::parse(owner_pubkey) {
		671	if purgatory.has_purgatory_announcement(&owner_pk, identifier) {
		672	purgatory.extend_announcement_expiry(
		673	&owner_pk,
		674	identifier,
		675	std::time::Duration::from_secs(1800),
		676	);
		677	debug!(
		678	identifier = %identifier,
		679	owner = %owner_pubkey,
		680	"Extended purgatory announcement expiry due to git push authorization"
		681	);
		682	}
		683	}
		684
664	return Ok(AuthorizationResult {	685	return Ok(AuthorizationResult {
665	authorized: true,	686	authorized: true,
666	reason: "Authorized by state event in purgatory".to_string(),	687	reason: "Authorized by state event in purgatory".to_string(),