Files
vasyansk 27d70a987e fix(store): scope SetDomainStatus by project (IDOR); scheduler reuses DeriveStatus
handleCheck's error branch wrote last_check_status via an id-only UPDATE, so
an authenticated caller's own valid project id paired with a foreign domain
id in the URL could flip a stranger's domain to "error" even though Check
itself is project-scoped and would 404/error out first. Add project_id to
the WHERE clause (queries/domains.sql + generated db/domains.sql.go), thread
projectID through Store/TenantStore/SchedStore SetDomainStatus, and pass pid
from context at both call sites in handleCheck plus the scheduler.

Also collapse checkDomain's inline status derivation in scheduler.go into a
call to service.DeriveStatus, the same helper handleCheck already uses, so
there's a single source of truth for "drift vs in_sync" instead of two
copies that could drift apart.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-05 14:40:13 +07:00

261 lines
6.9 KiB
Go

// Code generated by sqlc. DO NOT EDIT.
// versions:
// sqlc v1.31.1
// source: domains.sql
package db
import (
"context"
"github.com/google/uuid"
dto "github.com/vasyakrg/dns-autoresolver/internal/store/dto"
)
const countDriftDomains = `-- name: CountDriftDomains :one
SELECT count(*) FROM domains WHERE last_check_status = 'drift'
`
func (q *Queries) CountDriftDomains(ctx context.Context) (int64, error) {
row := q.db.QueryRow(ctx, countDriftDomains)
var count int64
err := row.Scan(&count)
return count, err
}
const createDomain = `-- name: CreateDomain :one
INSERT INTO domains (id, project_id, provider_account_id, zone_name, zone_id, template_id)
VALUES ($1, $2, $3, $4, $5, $6)
RETURNING id, project_id, provider_account_id, zone_name, zone_id, template_id, created_at, last_check_status
`
type CreateDomainParams struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
ProviderAccountID uuid.UUID `json:"provider_account_id"`
ZoneName string `json:"zone_name"`
ZoneID string `json:"zone_id"`
TemplateID *uuid.UUID `json:"template_id"`
}
func (q *Queries) CreateDomain(ctx context.Context, arg CreateDomainParams) (Domain, error) {
row := q.db.QueryRow(ctx, createDomain,
arg.ID,
arg.ProjectID,
arg.ProviderAccountID,
arg.ZoneName,
arg.ZoneID,
arg.TemplateID,
)
var i Domain
err := row.Scan(
&i.ID,
&i.ProjectID,
&i.ProviderAccountID,
&i.ZoneName,
&i.ZoneID,
&i.TemplateID,
&i.CreatedAt,
&i.LastCheckStatus,
)
return i, err
}
const deleteDomain = `-- name: DeleteDomain :exec
DELETE FROM domains WHERE id = $1 AND project_id = $2
`
type DeleteDomainParams struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
}
func (q *Queries) DeleteDomain(ctx context.Context, arg DeleteDomainParams) error {
_, err := q.db.Exec(ctx, deleteDomain, arg.ID, arg.ProjectID)
return err
}
const getDomain = `-- name: GetDomain :one
SELECT id, project_id, provider_account_id, zone_name, zone_id, template_id, created_at, last_check_status FROM domains WHERE id = $1 AND project_id = $2
`
type GetDomainParams struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
}
func (q *Queries) GetDomain(ctx context.Context, arg GetDomainParams) (Domain, error) {
row := q.db.QueryRow(ctx, getDomain, arg.ID, arg.ProjectID)
var i Domain
err := row.Scan(
&i.ID,
&i.ProjectID,
&i.ProviderAccountID,
&i.ZoneName,
&i.ZoneID,
&i.TemplateID,
&i.CreatedAt,
&i.LastCheckStatus,
)
return i, err
}
const getDomainStatus = `-- name: GetDomainStatus :one
SELECT last_check_status FROM domains WHERE id = $1
`
func (q *Queries) GetDomainStatus(ctx context.Context, id uuid.UUID) (string, error) {
row := q.db.QueryRow(ctx, getDomainStatus, id)
var last_check_status string
err := row.Scan(&last_check_status)
return last_check_status, err
}
const importDomain = `-- name: ImportDomain :one
INSERT INTO domains (id, project_id, provider_account_id, zone_name, zone_id, template_id)
VALUES ($1, $2, $3, $4, $5, $6)
ON CONFLICT (project_id, zone_id) DO NOTHING
RETURNING id, project_id, provider_account_id, zone_name, zone_id, template_id, created_at, last_check_status
`
type ImportDomainParams struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
ProviderAccountID uuid.UUID `json:"provider_account_id"`
ZoneName string `json:"zone_name"`
ZoneID string `json:"zone_id"`
TemplateID *uuid.UUID `json:"template_id"`
}
func (q *Queries) ImportDomain(ctx context.Context, arg ImportDomainParams) (Domain, error) {
row := q.db.QueryRow(ctx, importDomain,
arg.ID,
arg.ProjectID,
arg.ProviderAccountID,
arg.ZoneName,
arg.ZoneID,
arg.TemplateID,
)
var i Domain
err := row.Scan(
&i.ID,
&i.ProjectID,
&i.ProviderAccountID,
&i.ZoneName,
&i.ZoneID,
&i.TemplateID,
&i.CreatedAt,
&i.LastCheckStatus,
)
return i, err
}
const listDomains = `-- name: ListDomains :many
SELECT id, project_id, provider_account_id, zone_name, zone_id, template_id, created_at, last_check_status FROM domains WHERE project_id = $1 ORDER BY created_at
`
func (q *Queries) ListDomains(ctx context.Context, projectID uuid.UUID) ([]Domain, error) {
rows, err := q.db.Query(ctx, listDomains, projectID)
if err != nil {
return nil, err
}
defer rows.Close()
var items []Domain
for rows.Next() {
var i Domain
if err := rows.Scan(
&i.ID,
&i.ProjectID,
&i.ProviderAccountID,
&i.ZoneName,
&i.ZoneID,
&i.TemplateID,
&i.CreatedAt,
&i.LastCheckStatus,
); err != nil {
return nil, err
}
items = append(items, i)
}
if err := rows.Err(); err != nil {
return nil, err
}
return items, nil
}
const loadDomainFull = `-- name: LoadDomainFull :one
SELECT d.zone_id, d.zone_name, a.provider, a.secret_enc, t.doc
FROM domains d
JOIN provider_accounts a ON a.id = d.provider_account_id
LEFT JOIN templates t ON t.id = d.template_id
WHERE d.id = $1 AND d.project_id = $2
`
type LoadDomainFullParams struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
}
type LoadDomainFullRow struct {
ZoneID string `json:"zone_id"`
ZoneName string `json:"zone_name"`
Provider string `json:"provider"`
SecretEnc string `json:"secret_enc"`
Doc *dto.TemplateDoc `json:"doc"`
}
func (q *Queries) LoadDomainFull(ctx context.Context, arg LoadDomainFullParams) (LoadDomainFullRow, error) {
row := q.db.QueryRow(ctx, loadDomainFull, arg.ID, arg.ProjectID)
var i LoadDomainFullRow
err := row.Scan(
&i.ZoneID,
&i.ZoneName,
&i.Provider,
&i.SecretEnc,
&i.Doc,
)
return i, err
}
const setDomainStatus = `-- name: SetDomainStatus :exec
UPDATE domains SET last_check_status = $2 WHERE id = $1 AND project_id = $3
`
type SetDomainStatusParams struct {
ID uuid.UUID `json:"id"`
LastCheckStatus string `json:"last_check_status"`
ProjectID uuid.UUID `json:"project_id"`
}
func (q *Queries) SetDomainStatus(ctx context.Context, arg SetDomainStatusParams) error {
_, err := q.db.Exec(ctx, setDomainStatus, arg.ID, arg.LastCheckStatus, arg.ProjectID)
return err
}
const updateDomainTemplate = `-- name: UpdateDomainTemplate :one
UPDATE domains SET template_id = $3 WHERE id = $1 AND project_id = $2
RETURNING id, project_id, provider_account_id, zone_name, zone_id, template_id, created_at, last_check_status
`
type UpdateDomainTemplateParams struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
TemplateID *uuid.UUID `json:"template_id"`
}
func (q *Queries) UpdateDomainTemplate(ctx context.Context, arg UpdateDomainTemplateParams) (Domain, error) {
row := q.db.QueryRow(ctx, updateDomainTemplate, arg.ID, arg.ProjectID, arg.TemplateID)
var i Domain
err := row.Scan(
&i.ID,
&i.ProjectID,
&i.ProviderAccountID,
&i.ZoneName,
&i.ZoneID,
&i.TemplateID,
&i.CreatedAt,
&i.LastCheckStatus,
)
return i, err
}