feat(api): CRUD расписания/каналов + тест-отправка + история проверок

Task 5 Фазы 3: GET/PUT /schedule (дефолт при отсутствии строки, валидация
interval>=60), POST/GET/DELETE /channels (секрет шифруется Cipher, никогда
не возвращается в ответах), POST /channels/{cid}/test через узкий
TestSender-интерфейс (200/502 без утечки секрета), GET /domains/{did}/history
(сначала GetDomain для project-scoping, затем ListCheckRuns — иначе IDOR
через check_runs, который сам по себе не scoped по project).

Добавлены store.GetDomain (обёртка над существующим sqlc-запросом) и
store.ListCheckRuns (новый запрос + sqlc regen) для поддержки истории.
This commit is contained in:
2026-07-04 13:24:50 +07:00
parent 6fd847a909
commit 7d4bf153d7
7 changed files with 801 additions and 0 deletions
+29
View File
@@ -34,3 +34,32 @@ func (q *Queries) CreateCheckRun(ctx context.Context, arg CreateCheckRunParams)
)
return i, err
}
const listCheckRuns = `-- name: ListCheckRuns :many
SELECT id, domain_id, result, created_at FROM check_runs WHERE domain_id = $1 ORDER BY created_at DESC LIMIT 50
`
func (q *Queries) ListCheckRuns(ctx context.Context, domainID uuid.UUID) ([]CheckRun, error) {
rows, err := q.db.Query(ctx, listCheckRuns, domainID)
if err != nil {
return nil, err
}
defer rows.Close()
var items []CheckRun
for rows.Next() {
var i CheckRun
if err := rows.Scan(
&i.ID,
&i.DomainID,
&i.Result,
&i.CreatedAt,
); err != nil {
return nil, err
}
items = append(items, i)
}
if err := rows.Err(); err != nil {
return nil, err
}
return items, nil
}
+35
View File
@@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"fmt"
"time"
"github.com/google/uuid"
@@ -51,6 +52,40 @@ func (s *Store) SaveCheckRun(ctx context.Context, domainID uuid.UUID, cs diff.Ch
return err
}
// CheckRun is a provider-neutral summary of a past check/apply run, returned
// by ListCheckRuns for the domain history endpoint (Фаза 3).
type CheckRun struct {
ID uuid.UUID
DomainID uuid.UUID
Result json.RawMessage
CreatedAt time.Time
}
func checkRunFromDB(c db.CheckRun) CheckRun {
return CheckRun{
ID: c.ID,
DomainID: c.DomainID,
Result: json.RawMessage(c.Result),
CreatedAt: c.CreatedAt.Time,
}
}
// ListCheckRuns returns the most recent check_runs rows for a domain (newest
// first, capped at 50). Not scoped by project itself — callers must verify
// the domain belongs to the caller's project first (e.g. via GetDomain)
// since check_runs only references domain_id.
func (s *Store) ListCheckRuns(ctx context.Context, domainID uuid.UUID) ([]CheckRun, error) {
rows, err := s.q.ListCheckRuns(ctx, domainID)
if err != nil {
return nil, err
}
out := make([]CheckRun, 0, len(rows))
for _, r := range rows {
out = append(out, checkRunFromDB(r))
}
return out, nil
}
// compile-time interface checks
var _ service.Loader = (*Store)(nil)
var _ service.Recorder = (*Store)(nil)
+3
View File
@@ -2,3 +2,6 @@
INSERT INTO check_runs (id, domain_id, result)
VALUES ($1, $2, $3)
RETURNING *;
-- name: ListCheckRuns :many
SELECT * FROM check_runs WHERE domain_id = $1 ORDER BY created_at DESC LIMIT 50;
+11
View File
@@ -176,6 +176,17 @@ func (s *Store) DeleteDomain(ctx context.Context, id, projectID uuid.UUID) error
return s.q.DeleteDomain(ctx, db.DeleteDomainParams{ID: id, ProjectID: projectID})
}
// GetDomain is a scoped lookup used to verify a domain belongs to projectID
// before it's referenced elsewhere (e.g. history — check_runs isn't itself
// scoped by project, so callers must confirm domain ownership first).
func (s *Store) GetDomain(ctx context.Context, id, projectID uuid.UUID) (Domain, error) {
d, err := s.q.GetDomain(ctx, db.GetDomainParams{ID: id, ProjectID: projectID})
if err != nil {
return Domain{}, err
}
return domainFromDB(d), nil
}
// ImportDomains creates one domain per zone inside a single transaction: if
// any zone fails to be created, the whole batch is rolled back so callers
// never observe a partially-imported set of domains.