Files
vasyansk 879e9e14b1 fix(api): surface real provider error on apply/check instead of generic internal error
resolve (shared by Check/Apply) and Apply now wrap GetRecords/ApplyChanges
failures in service.ErrProviderUnavailable, matching ZoneRecords' existing
behavior. handleApply/handleCheck use errors.Is against it to return 502
with the real provider message (e.g. Selectel's 409 conflict body) instead
of masking every failure as a generic 500 "internal error"; non-provider
errors (decrypt/db/loader) are unaffected.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-05 15:53:27 +07:00

183 lines
6.9 KiB
Go

package api
import (
"encoding/json"
"errors"
"io"
"log"
"net/http"
"github.com/go-chi/chi/v5"
"github.com/google/uuid"
"github.com/vasyakrg/dns-autoresolver/internal/model"
"github.com/vasyakrg/dns-autoresolver/internal/service"
"github.com/vasyakrg/dns-autoresolver/internal/store/dto"
"github.com/vasyakrg/dns-autoresolver/internal/tmpl"
)
func writeJSON(w http.ResponseWriter, status int, v any) {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(status)
_ = json.NewEncoder(w).Encode(v)
}
func writeErr(w http.ResponseWriter, status int, msg string) {
writeJSON(w, status, map[string]string{"error": msg})
}
func (a *API) handleCheck(w http.ResponseWriter, r *http.Request) {
// pid is guaranteed present and owned by the caller — RequireProjectAccess
// validated it before this handler ever runs.
pid, _ := projectIDFrom(r.Context())
did, err := uuid.Parse(chi.URLParam(r, "did"))
if err != nil {
writeErr(w, http.StatusBadRequest, "invalid domain id")
return
}
cs, err := a.Svc.Check(r.Context(), pid, did)
if err != nil {
// Persist the failure so the domain badge reflects it instead of stale
// "unknown"; the write error (if any) is logged, never masks the 500.
if serr := a.Store.SetDomainStatus(r.Context(), did, pid, service.StatusError); serr != nil {
log.Printf("api: set domain status (error) failed: %v", serr)
}
log.Printf("api: check failed: %v", err)
// A provider failure (e.g. Selectel returning a 409 conflict) is safe
// and useful to show the user as-is; any other failure (decrypt/db/loader)
// stays a generic "internal error" to avoid leaking internals.
if errors.Is(err, service.ErrProviderUnavailable) {
writeErr(w, http.StatusBadGateway, service.ProviderMessage(err))
} else {
writeErr(w, http.StatusInternalServerError, "internal error")
}
return
}
// Manual check persists status/history only — no notification. Notify
// remains the scheduler's responsibility (see internal/scheduler).
if serr := a.Store.SetDomainStatus(r.Context(), did, pid, service.DeriveStatus(cs)); serr != nil {
log.Printf("api: set domain status failed: %v", serr)
}
writeJSON(w, http.StatusOK, toChangesetResponse(cs))
}
func (a *API) handleApply(w http.ResponseWriter, r *http.Request) {
// pid is guaranteed present and owned by the caller — RequireProjectAccess
// validated it before this handler ever runs.
pid, _ := projectIDFrom(r.Context())
did, err := uuid.Parse(chi.URLParam(r, "did"))
if err != nil {
writeErr(w, http.StatusBadRequest, "invalid domain id")
return
}
var req applyRequest
if r.Body != nil {
r.Body = http.MaxBytesReader(w, r.Body, 1<<20) // 1 MiB
// пустое тело допустимо → значения по умолчанию (пустые списки, ничего
// не применяется); любая другая ошибка decode (битый JSON, неверные
// типы) → 400
if err := json.NewDecoder(r.Body).Decode(&req); err != nil && !errors.Is(err, io.EOF) {
writeErr(w, http.StatusBadRequest, "invalid request body")
return
}
}
cs, err := a.Svc.Apply(r.Context(), pid, did, service.ApplyRequest{
Updates: req.Updates, Prunes: req.Prunes,
})
if err != nil {
log.Printf("api: apply failed: %v", err)
// Same distinction as handleCheck: surface the real provider message,
// keep everything else generic.
if errors.Is(err, service.ErrProviderUnavailable) {
writeErr(w, http.StatusBadGateway, service.ProviderMessage(err))
} else {
writeErr(w, http.StatusInternalServerError, "internal error")
}
return
}
writeJSON(w, http.StatusOK, toChangesetResponse(cs))
}
// handleZoneRecords reads a zone's current records straight from the
// provider — no template required, no diff computed. Backs read-only zone
// viewing for domains that don't have a template attached (yet).
func (a *API) handleZoneRecords(w http.ResponseWriter, r *http.Request) {
pid, _ := projectIDFrom(r.Context())
did, err := uuid.Parse(chi.URLParam(r, "did"))
if err != nil {
writeErr(w, http.StatusBadRequest, "invalid domain id")
return
}
recs, err := a.Svc.ZoneRecords(r.Context(), pid, did)
if err != nil {
log.Printf("api: zone records failed: %v", err)
if errors.Is(err, service.ErrProviderUnavailable) {
writeErr(w, http.StatusBadGateway, "не удалось получить записи зоны у провайдера")
} else {
writeErr(w, http.StatusNotFound, "домен не найден")
}
return
}
doc := dto.FromModel(recs)
writeJSON(w, http.StatusOK, doc.Records) // []dto.RecordDTO
}
// handleTemplateFromZone snapshots a zone's current managed records (NS/SOA
// excluded — they're read-only, never part of a template) into a brand new
// template, then auto-attaches it to the domain so check/apply become
// available immediately.
func (a *API) handleTemplateFromZone(w http.ResponseWriter, r *http.Request) {
pid, _ := projectIDFrom(r.Context())
did, err := uuid.Parse(chi.URLParam(r, "did"))
if err != nil {
writeErr(w, http.StatusBadRequest, "invalid domain id")
return
}
dom, err := a.Store.GetDomain(r.Context(), did, pid)
if err != nil {
log.Printf("api: template-from-zone: get domain failed: %v", err)
writeErr(w, http.StatusNotFound, "домен не найден")
return
}
// This endpoint only makes sense for a domain with no template attached
// yet — it snapshots the zone's live state into a brand-new template.
// If a template is already bound, re-attaching a fresh snapshot would
// silently orphan the existing one; re-pointing a domain to a different
// template is a separate, explicit action and must not happen as a side
// effect of a retried/duplicate POST here.
if dom.TemplateID != nil {
writeErr(w, http.StatusConflict, "шаблон уже привязан")
return
}
recs, err := a.Svc.ZoneRecords(r.Context(), pid, did)
if err != nil {
log.Printf("api: template-from-zone: zone records failed: %v", err)
if errors.Is(err, service.ErrProviderUnavailable) {
writeErr(w, http.StatusBadGateway, "не удалось получить записи зоны у провайдера")
} else {
writeErr(w, http.StatusNotFound, "домен не найден")
}
return
}
// Snapshot only managed records — NS/SOA are read-only and never templated.
managed := make([]model.Record, 0, len(recs))
for _, rc := range recs {
if rc.Type.Managed() {
managed = append(managed, rc)
}
}
doc := tmpl.Parameterize(managed, dom.ZoneName)
tpl, err := a.Store.CreateTemplate(r.Context(), pid, dom.ZoneName+" snapshot", doc)
if err != nil {
log.Printf("api: template-from-zone: create template failed: %v", err)
writeErr(w, http.StatusInternalServerError, "internal error")
return
}
if _, err := a.Store.SetDomainTemplate(r.Context(), did, pid, &tpl.ID); err != nil {
log.Printf("api: template-from-zone: attach template failed: %v", err)
writeErr(w, http.StatusInternalServerError, "internal error")
return
}
writeJSON(w, http.StatusCreated, toTemplateResponse(tpl))
}