Commit Graph

98 Commits

Author SHA1 Message Date
vasyansk 568452846a feat(api): structured provider credentials + trial-auth validation on account create
POST /accounts now accepts secret as a provider-specific JSON object
instead of an opaque string, and validates credentials via
provider.Provider.Validate before persisting — invalid credentials get
a generic 400 without ever reaching Store.CreateAccount or echoing the
secret back.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 20:12:41 +07:00
vasyansk 32107571d1 feat(selectel): project-scoped IAM auth with token cache; provider Validate
Selectel Cloud DNS v2 requires a project IAM token in X-Auth-Token, not the
raw service-user secret; the previous client sent the static secret directly
and got 401. The client now parses Credentials.Secret as a Creds JSON blob
(username/password/account_id/project_name), exchanges it for a token via
the Identity API (POST /identity/v3/auth/tokens), and caches the token in
memory per-account until 5 minutes before expiry. ListZones/GetRecords/
ApplyChanges send the cached IAM token instead of the raw secret.

provider.Provider gains a Validate(ctx, Credentials) method so a bad account
can be rejected via trial login at creation time; all Provider fakes across
provider/registry/api/service test packages implement it as a no-op stub for
now (Task 2 will make api's mock configurable).

Security: the service-user password is folded into the token cache key via
SHA-256 (never stored in the clear) so a password change invalidates the
cached token; identity errors are generic and never echo the request body.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 20:02:36 +07:00
vasyansk 617b02dbfb docs: plan for Selectel IAM auth (Cloud DNS v2)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 19:52:42 +07:00
vasyansk 774b480677 Merge feature/tech-debt-docker: техдолг Фаз 1-3 + docker compose
T1 graceful scheduler shutdown + /healthz + healthcheck-режим;
T2 per-channel notification metrics; T3 frontend code-splitting + allowlist;
T4 multi-stage Dockerfile (distroless nonroot); T5 docker compose (app+postgres).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 16:38:45 +07:00
vasyansk 77ca0200ae build: docker compose (app + postgres) with healthchecks and .env
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 16:27:16 +07:00
vasyansk 675136e488 build: mirror .gitignore dist rules in .dockerignore for hermetic builds
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 16:23:20 +07:00
vasyansk 7d875ea19a build: multi-stage Dockerfile (node build -> go embed -> distroless)
Three-stage image: node:22-alpine builds the Vite SPA, golang:1.26.4-alpine
compiles the server with the built SPA copied into the //go:embed path
before build, distroless/static-debian12:nonroot runs the static binary
as non-root on :8080. .dockerignore keeps node_modules/dist/docs/git out
of the build context while preserving the internal/web/dist/index.html
placeholder needed for a valid embed target pre-COPY.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 16:15:55 +07:00
vasyansk 7256adf637 fix(web): scope Suspense to page body; guard formatConfig against null config
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-04 16:12:21 +07:00
vasyansk 8c35aed8f2 perf(web): route-level code-splitting; harden channel config rendering
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 16:04:17 +07:00
vasyansk 41844d49a0 test(notify): assert per-channel results on decrypt-fail and unknown-type
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-04 16:01:14 +07:00
vasyansk f14916396c feat(notify): per-channel delivery results + accurate notification metrics
Dispatcher.Send now returns []ChannelResult{Type, Err} alongside the
aggregated error, and scheduler.checkDomain increments
NotificationsTotal per channel type/status instead of a single
unconditional IncNotification("dispatch", newStatus) placeholder that
ignored per-channel delivery outcome.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 15:56:15 +07:00
vasyansk e9a100ab4a fix(server): drain scheduler on unexpected serve error before exit
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-04 15:52:40 +07:00
vasyansk a27ddc79e8 feat(server): graceful scheduler shutdown, /healthz, healthcheck mode
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 15:46:56 +07:00
vasyansk c265d36bdb docs: plan for tech-debt cleanup + docker compose
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 15:43:00 +07:00
vasyansk f80d700a83 Merge feature/phase-3: scheduler, notifications (Telegram/Webhook), Prometheus metrics
Планировщик периодических проверок (read-only), уведомления по смене статуса
(bot_token шифруется, SSRF-guard с пиннингом IP + CGNAT), Prometheus /metrics.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 15:16:58 +07:00
vasyansk 504c4c081f fix(phase3): skip templateless domains in scheduler; block CGNAT range in webhook SSRF guard
Domains imported without a template (TemplateID == nil) are a valid,
unconfigured state, not a failure — RunOnce now skips them before
calling checkDomain instead of letting LoadDomain's "no template" error
turn into StatusError and a spammy unknown->error notification.

isBlockedIP now also rejects 100.64.0.0/10 (RFC 6598 carrier-grade
NAT), which net.IP.IsPrivate() does not cover, closing an SSRF gap in
the webhook destination guard (both the pre-request check and the
per-dial check use isBlockedIP).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 14:58:09 +07:00
vasyansk 34422420ca feat(web): расписание, каналы уведомлений, история проверок, drift-badge 2026-07-04 14:40:29 +07:00
vasyansk 45259b9720 feat(web,api): клиент/хуки расписания/каналов/истории + lastCheckStatus в domainResponse
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-04 14:24:02 +07:00
vasyansk b31f886ae2 feat(server): запуск планировщика, /metrics, graceful shutdown 2026-07-04 14:14:00 +07:00
vasyansk 9475af441e fix(scheduler): убрать двойной SaveCheckRun (Checker персистит), SetDrift через CountDriftDomains, resolved после error 2026-07-04 14:03:49 +07:00
vasyansk 23e02d6804 feat(scheduler): in-process планировщик проверок + смена статуса + уведомления + метрики 2026-07-04 13:53:06 +07:00
vasyansk 070a32717f fix(sec): webhook SSRF-guard через Dialer.Control (закрытие DNS-rebinding TOCTOU) 2026-07-04 13:48:22 +07:00
vasyansk 29f448d4b5 fix(sec): санитизация Telegram-ошибок, SSRF-guard Webhook, чистка логов test-канала, go mod tidy, histogram-бакеты 2026-07-04 13:40:29 +07:00
vasyansk 5a2903ca1e merge 3 wave: worktree-agent-ab476f3616a493a88 2026-07-04 13:32:02 +07:00
vasyansk d3e83ee81f merge 3 wave: worktree-agent-abf50211e004f196f 2026-07-04 13:32:02 +07:00
vasyansk d184b12b29 merge 3 wave: worktree-agent-a23ea3cfa26561e67 2026-07-04 13:32:02 +07:00
vasyansk 7d4bf153d7 feat(api): CRUD расписания/каналов + тест-отправка + история проверок
Task 5 Фазы 3: GET/PUT /schedule (дефолт при отсутствии строки, валидация
interval>=60), POST/GET/DELETE /channels (секрет шифруется Cipher, никогда
не возвращается в ответах), POST /channels/{cid}/test через узкий
TestSender-интерфейс (200/502 без утечки секрета), GET /domains/{did}/history
(сначала GetDomain для project-scoping, затем ListCheckRuns — иначе IDOR
через check_runs, который сам по себе не scoped по project).

Добавлены store.GetDomain (обёртка над существующим sqlc-запросом) и
store.ListCheckRuns (новый запрос + sqlc regen) для поддержки истории.
2026-07-04 13:24:50 +07:00
vasyansk e82fb0b13d feat(notify): Telegram/Webhook нотификаторы + Dispatcher по каналам проекта 2026-07-04 13:19:21 +07:00
vasyansk 98d8dee413 feat(metrics): Prometheus registry (checks/drift/notifications) + /metrics handler 2026-07-04 13:18:58 +07:00
vasyansk 6fd847a909 feat(store): schedules, notification_channels, domain last_check_status + методы 2026-07-04 13:10:42 +07:00
vasyansk 1cdb32b747 docs: план реализации Фазы 3 (расписание, уведомления, метрики)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-04 13:02:44 +07:00
vasyansk 6125af4bab docs: детализация дизайна Фазы 3 (расписание, уведомления, метрики)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-04 12:58:59 +07:00
vasyansk 0c21694ec4 merge: Фаза 2 — авторизация
- internal/store: миграция sessions/password + методы users/sessions/projects
- internal/auth: argon2id пароли + session store (sha256 токена)
- internal/api: auth-хендлеры (register/login/logout/me) + cookie, RequireAuth+RequireProjectAccess middleware
- IDOR закрыт: все /projects/{pid}/* под middleware, LoadDomainFull scoped, projectID из контекста
- web: AuthContext + клиент под cookie, Login/Register, protected routes, logout, 401→/login
Финальный ревью: READY TO MERGE, IDOR закрыт end-to-end. Go 105+/15 пакетов, web 58 тестов.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-03 21:40:45 +07:00
vasyansk 901eb51e2a fix(auth): серверная проверка длины пароля, loading-guard и различение ошибок на auth-страницах 2026-07-03 21:33:03 +07:00
vasyansk 5a4d560e70 feat(web): Login/Register страницы, protected routes, logout
- ProtectedRoute: loading -> спиннер, !user -> /login, иначе children
- LoginPage/RegisterPage: field+react-hook-form/zod, ошибка через role=alert,
  редирект на /domains при успехе/уже авторизован
- main.tsx: AuthProvider + QueryCache/MutationCache onError -> notifyUnauthorized
  на UnauthorizedError (сброс сессии из кода вне React-дерева)
- AuthContext: logout и notifyUnauthorized чистят react-query кэш (qc.clear())
- Layout: email пользователя + кнопка Выйти
- App: /login и /register публичные (авторизованный -> /domains), остальное
  под ProtectedRoute

Починка page-тестов (Accounts/Domains/Templates/DomainDiff/App): AuthProvider
+ мок api.auth.me, спай-ассерты обновлены под projectId-первым-аргументом
сигнатур api.* (T5).
2026-07-03 21:21:29 +07:00
vasyansk 222d6c0453 fix(web): null-guard в мутациях (no active project), AuthContext различает 401 и ошибки сервера
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-03 21:07:48 +07:00
vasyansk b5d9e8f7ab feat(web): AuthContext + клиент под cookie-сессии, projectId из контекста 2026-07-03 21:00:18 +07:00
vasyansk 4533b0ca25 feat(api): RequireAuth+RequireProjectAccess middleware, IDOR-scope check/apply по projectID 2026-07-03 20:47:40 +07:00
vasyansk 35ffe73ae3 fix(auth): wiring Auth/Sessions, нормализация email, GetUserByID для /me, 409 на дубль, timing-guard логина 2026-07-03 20:29:05 +07:00
vasyansk aa0ef1c6a9 feat(api): auth-хендлеры register/login/logout/me + session cookie 2026-07-03 20:11:00 +07:00
vasyansk a584cf5c37 fix(auth): VerifyPassword валидирует параметры/версию, не паникует на битом хэше 2026-07-03 19:58:54 +07:00
vasyansk 12b7945efc feat(auth): argon2id пароли + session store (sha256 токена) 2026-07-03 19:50:11 +07:00
vasyansk 3bd237d562 feat(store): миграция sessions/password + методы users/sessions/projects
Фаза 2, Task 1: добавлена таблица sessions и nullable password_hash у
users, sqlc-запросы и *Store-обёртки (CreateUser, GetUserByEmail,
CreateProjectForUser, GetProjectOwned, GetUserProject, CreateSession,
GetSessionUser, DeleteSession, RegisterUser в транзакции), интеграционные
тесты на testcontainers.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-03 19:44:36 +07:00
vasyansk bd82fe5509 docs: план реализации Фазы 2 (авторизация)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-03 19:37:27 +07:00
vasyansk fc5d3cdbae docs: детализация дизайна Фазы 2 (авторизация)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-03 19:33:12 +07:00
vasyansk 136708bdf0 merge: Фаза 1C — React SPA
- web/: Vite+React+TS+TanStack Query+shadcn/Tailwind, тёмная technical console
- API-клиент+типы+хуки (зеркало Go DTO), DEFAULT_PROJECT_ID
- DiffView+DomainDiffPage (prune-guard по умолчанию выключен)
- DomainsPage (импорт зон, привязка шаблона), AccountsPage (secret+Selectel), TemplatesPage+RecordEditor
- internal/web: embed SPA + SPA-fallback, cmd/server монтирование (API приоритетно)
Финальный ревью: READY TO MERGE. web 32 теста, Go 74/14 пакетов.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-03 19:17:45 +07:00
vasyansk 4140847a15 fix(web,server): плейсхолдер dist для воспроизводимой сборки + /api без слэша → API
Коммитим internal/web/dist/index.html как минимальный плейсхолдер, чтобы
//go:embed all:dist находил совпадения на чистом клоне без npm/`make web`
(CRITICAL: go build ./... падал с "pattern all:dist: no matching files
found"). .gitignore теперь игнорирует только реальные build-ассеты
(internal/web/dist/* кроме index.html); `make web` перезаписывает
плейсхолдер настоящей сборкой.

Также чинит MEDIUM: голый /api (без хвостового слэша) уходил в
SPA-fallback вместо API-роутера — вынесен isAPIPath() с явной проверкой
path == "/api", покрыт TestIsAPIPath.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-03 18:24:24 +07:00
vasyansk bba72cc70f feat(web,server): embed статики SPA + fallback, монтирование в cmd/server 2026-07-03 18:14:18 +07:00
vasyansk 388bf4aeb6 fix(web): валидация записей шаблона — пустые values не уходят в API, ошибки видимы 2026-07-03 18:10:10 +07:00
vasyansk 99e09d35fb feat(web): TemplatesPage + RecordEditor — CRUD шаблонов с редактором записей 2026-07-03 18:02:08 +07:00