0a6f81beaa
REST-API mit Response-Envelope (1:1 mail-gateway), HS256-JWT-Signer (Secret persistent unter /var/lib/edgeguard/.jwt_fingerprint), Setup-Wizard (Bcrypt-Admin-Passwort in setup.json), Auth-Middleware (Cookie + Bearer), Setup-Gate. Update-Banner-Endpoints /system/package-versions + /system/upgrade ab Tag 1 wired (Pattern aus enconf-management-agent: systemd-run detached, HTTP-Response geht VOR dem Self-Replace raus). CRUD-Repos für domains/backends/routing_rules mit pgxpool + handgeschriebenem SQL (mail-gateway-Pattern, kein GORM zur Laufzeit). Audit-Log-Schreiber auf jede Mutation, NodeID aus /etc/machine-id. DB-Pool öffnet best-effort — ohne erreichbare PG bleiben CRUD-Routen unregistriert, Auth/Setup/System antworten weiter (Dev ohne PG). End-to-end live-getestet gegen lokale postgres-16: Setup → Login → POST/PUT/DELETE Backends + Domains + Routing-Rules → audit_log schreibt 5 Zeilen mit korrektem actor/action/subject. Graceful degrade ohne DB ebenfalls verifiziert. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
116 lines
3.0 KiB
Go
116 lines
3.0 KiB
Go
// Package domains implements CRUD against the `domains` table.
|
|
package domains
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
|
|
"github.com/jackc/pgx/v5"
|
|
"github.com/jackc/pgx/v5/pgxpool"
|
|
|
|
"git.netcell-it.de/projekte/edgeguard-native/internal/models"
|
|
)
|
|
|
|
var ErrNotFound = errors.New("domain not found")
|
|
|
|
type Repo struct {
|
|
Pool *pgxpool.Pool
|
|
}
|
|
|
|
func New(pool *pgxpool.Pool) *Repo { return &Repo{Pool: pool} }
|
|
|
|
const baseSelect = `
|
|
SELECT id, name, active, primary_backend_id, http_to_https, hsts_enabled,
|
|
notes, created_at, updated_at
|
|
FROM domains
|
|
`
|
|
|
|
func (r *Repo) List(ctx context.Context) ([]models.Domain, error) {
|
|
rows, err := r.Pool.Query(ctx, baseSelect+" ORDER BY name ASC")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer rows.Close()
|
|
out := make([]models.Domain, 0, 16)
|
|
for rows.Next() {
|
|
d, err := scanDomain(rows)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
out = append(out, *d)
|
|
}
|
|
return out, rows.Err()
|
|
}
|
|
|
|
func (r *Repo) Get(ctx context.Context, id int64) (*models.Domain, error) {
|
|
row := r.Pool.QueryRow(ctx, baseSelect+" WHERE id = $1", id)
|
|
d, err := scanDomain(row)
|
|
if err != nil {
|
|
if errors.Is(err, pgx.ErrNoRows) {
|
|
return nil, ErrNotFound
|
|
}
|
|
return nil, err
|
|
}
|
|
return d, nil
|
|
}
|
|
|
|
func (r *Repo) Create(ctx context.Context, d models.Domain) (*models.Domain, error) {
|
|
row := r.Pool.QueryRow(ctx, `
|
|
INSERT INTO domains (name, active, primary_backend_id, http_to_https, hsts_enabled, notes)
|
|
VALUES ($1, $2, $3, $4, $5, $6)
|
|
RETURNING id, name, active, primary_backend_id, http_to_https, hsts_enabled,
|
|
notes, created_at, updated_at`,
|
|
d.Name, d.Active, d.PrimaryBackendID, d.HTTPToHTTPS, d.HSTSEnabled, d.Notes)
|
|
return scanDomain(row)
|
|
}
|
|
|
|
func (r *Repo) Update(ctx context.Context, id int64, d models.Domain) (*models.Domain, error) {
|
|
row := r.Pool.QueryRow(ctx, `
|
|
UPDATE domains SET
|
|
name = $1,
|
|
active = $2,
|
|
primary_backend_id = $3,
|
|
http_to_https = $4,
|
|
hsts_enabled = $5,
|
|
notes = $6,
|
|
updated_at = NOW()
|
|
WHERE id = $7
|
|
RETURNING id, name, active, primary_backend_id, http_to_https, hsts_enabled,
|
|
notes, created_at, updated_at`,
|
|
d.Name, d.Active, d.PrimaryBackendID, d.HTTPToHTTPS, d.HSTSEnabled, d.Notes, id)
|
|
out, err := scanDomain(row)
|
|
if err != nil {
|
|
if errors.Is(err, pgx.ErrNoRows) {
|
|
return nil, ErrNotFound
|
|
}
|
|
return nil, err
|
|
}
|
|
return out, nil
|
|
}
|
|
|
|
func (r *Repo) Delete(ctx context.Context, id int64) error {
|
|
tag, err := r.Pool.Exec(ctx, `DELETE FROM domains WHERE id = $1`, id)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if tag.RowsAffected() == 0 {
|
|
return ErrNotFound
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// scanDomain accepts both pgx.Row (Get/Create/Update) and pgx.Rows
|
|
// (List, via the Scanner shape). pgx exposes both as a single
|
|
// Scan(...any) error method.
|
|
func scanDomain(row interface{ Scan(...any) error }) (*models.Domain, error) {
|
|
var d models.Domain
|
|
if err := row.Scan(
|
|
&d.ID, &d.Name, &d.Active, &d.PrimaryBackendID,
|
|
&d.HTTPToHTTPS, &d.HSTSEnabled, &d.Notes,
|
|
&d.CreatedAt, &d.UpdatedAt,
|
|
); err != nil {
|
|
return nil, err
|
|
}
|
|
return &d, nil
|
|
}
|