Files
dns-autoresolver/internal/api/api.go
T
vasyansk 7d4bf153d7 feat(api): CRUD расписания/каналов + тест-отправка + история проверок
Task 5 Фазы 3: GET/PUT /schedule (дефолт при отсутствии строки, валидация
interval>=60), POST/GET/DELETE /channels (секрет шифруется Cipher, никогда
не возвращается в ответах), POST /channels/{cid}/test через узкий
TestSender-интерфейс (200/502 без утечки секрета), GET /domains/{did}/history
(сначала GetDomain для project-scoping, затем ListCheckRuns — иначе IDOR
через check_runs, который сам по себе не scoped по project).

Добавлены store.GetDomain (обёртка над существующим sqlc-запросом) и
store.ListCheckRuns (новый запрос + sqlc regen) для поддержки истории.
2026-07-04 13:24:50 +07:00

154 lines
5.6 KiB
Go

package api
import (
"context"
"net/http"
"time"
"github.com/go-chi/chi/v5"
"github.com/go-chi/chi/v5/middleware"
"github.com/google/uuid"
"github.com/vasyakrg/dns-autoresolver/internal/diff"
"github.com/vasyakrg/dns-autoresolver/internal/provider"
"github.com/vasyakrg/dns-autoresolver/internal/service"
"github.com/vasyakrg/dns-autoresolver/internal/store"
"github.com/vasyakrg/dns-autoresolver/internal/store/dto"
)
// CheckApplier is the service surface the API depends on.
type CheckApplier interface {
Check(ctx context.Context, projectID, domainID uuid.UUID) (diff.Changeset, error)
Apply(ctx context.Context, projectID, domainID uuid.UUID, req service.ApplyRequest) (diff.Changeset, error)
}
// TenantStore is the narrow persistence surface the CRUD handlers depend on.
// *store.Store satisfies it directly via its thin wrapper methods (see
// internal/store/tenant.go); tests can supply their own mock.
type TenantStore interface {
CreateAccount(ctx context.Context, projectID uuid.UUID, provider, secretEnc, comment string) (store.Account, error)
ListAccounts(ctx context.Context, projectID uuid.UUID) ([]store.Account, error)
GetAccount(ctx context.Context, id, projectID uuid.UUID) (store.Account, error)
DeleteAccount(ctx context.Context, id, projectID uuid.UUID) error
CreateTemplate(ctx context.Context, projectID uuid.UUID, name string, doc dto.TemplateDoc) (store.Template, error)
ListTemplates(ctx context.Context, projectID uuid.UUID) ([]store.Template, error)
UpdateTemplate(ctx context.Context, id, projectID uuid.UUID, name string, doc dto.TemplateDoc) (store.Template, error)
DeleteTemplate(ctx context.Context, id, projectID uuid.UUID) error
GetTemplate(ctx context.Context, id, projectID uuid.UUID) (store.Template, error)
CreateDomain(ctx context.Context, projectID, accountID uuid.UUID, zoneName, zoneID string, templateID *uuid.UUID) (store.Domain, error)
ListDomains(ctx context.Context, projectID uuid.UUID) ([]store.Domain, error)
DeleteDomain(ctx context.Context, id, projectID uuid.UUID) error
ImportDomains(ctx context.Context, projectID, accountID uuid.UUID, zones []provider.Zone) ([]store.Domain, error)
SetDomainTemplate(ctx context.Context, domainID, projectID uuid.UUID, templateID *uuid.UUID) (store.Domain, error)
}
// Cipher encrypts/decrypts provider account secrets. *crypto.Cipher satisfies it.
type Cipher interface {
Encrypt(plaintext []byte) (string, error)
Decrypt(enc string) ([]byte, error)
}
// ProviderRegistry resolves a provider.Provider by name. *registry.Registry satisfies it.
type ProviderRegistry interface {
ByName(name string) (provider.Provider, error)
}
// AuthStore is the persistence surface the auth handlers depend on.
// *store.Store satisfies it directly (see internal/store/store.go); tests
// can supply their own mock.
type AuthStore interface {
RegisterUser(ctx context.Context, email, passwordHash string) (store.User, store.Project, error)
GetUserByEmail(ctx context.Context, email string) (store.User, error)
GetUserByID(ctx context.Context, userID uuid.UUID) (store.User, error)
GetUserProject(ctx context.Context, userID uuid.UUID) (store.Project, error)
// GetProjectOwned looks up projectID and returns it only if it's owned by
// userID — RequireProjectAccess uses this to reject foreign/nonexistent
// projects with 404 before any handler runs.
GetProjectOwned(ctx context.Context, projectID, userID uuid.UUID) (store.Project, error)
}
// SessionManager creates/validates/destroys login sessions. *auth.Sessions
// satisfies it directly (see internal/auth/session.go).
type SessionManager interface {
Create(ctx context.Context, userID uuid.UUID) (string, time.Time, error)
Validate(ctx context.Context, token string) (uuid.UUID, error)
Destroy(ctx context.Context, token string) error
}
// API holds handler dependencies.
type API struct {
Svc CheckApplier
Store TenantStore
Cipher Cipher
Reg ProviderRegistry
Auth AuthStore
Sessions SessionManager
Schedule ScheduleStore
Dispatch TestSender
}
func NewRouter(a *API) http.Handler {
r := chi.NewRouter()
r.Use(middleware.RequestID)
r.Use(middleware.Recoverer)
r.Route("/api/v1/auth", func(r chi.Router) {
r.Post("/register", a.handleRegister)
r.Post("/login", a.handleLogin)
r.Group(func(r chi.Router) {
r.Use(a.RequireAuth)
r.Post("/logout", a.handleLogout)
r.Get("/me", a.handleMe)
})
})
r.Route("/api/v1/projects/{pid}", func(r chi.Router) {
r.Use(a.RequireAuth)
r.Use(a.RequireProjectAccess)
r.Route("/domains", func(r chi.Router) {
r.Post("/", a.handleCreateDomain)
r.Get("/", a.handleListDomains)
r.Route("/{did}", func(r chi.Router) {
r.Get("/check", a.handleCheck)
r.Post("/apply", a.handleApply)
r.Patch("/", a.handleSetDomainTemplate)
r.Delete("/", a.handleDeleteDomain)
r.Get("/history", a.handleDomainHistory)
})
})
r.Get("/schedule", a.handleGetSchedule)
r.Put("/schedule", a.handlePutSchedule)
r.Route("/channels", func(r chi.Router) {
r.Post("/", a.handleCreateChannel)
r.Get("/", a.handleListChannels)
r.Route("/{cid}", func(r chi.Router) {
r.Delete("/", a.handleDeleteChannel)
r.Post("/test", a.handleTestChannel)
})
})
r.Route("/accounts", func(r chi.Router) {
r.Post("/", a.handleCreateAccount)
r.Get("/", a.handleListAccounts)
r.Route("/{aid}", func(r chi.Router) {
r.Delete("/", a.handleDeleteAccount)
r.Post("/import", a.handleImportZones)
})
})
r.Route("/templates", func(r chi.Router) {
r.Post("/", a.handleCreateTemplate)
r.Get("/", a.handleListTemplates)
r.Route("/{tid}", func(r chi.Router) {
r.Put("/", a.handleUpdateTemplate)
r.Delete("/", a.handleDeleteTemplate)
})
})
})
return r
}