Merge branch 'main' into consolidate-appname-to-globals

Closes #28

Migration filenames now follow the pattern `<version>_<description>.sql` (e.g. `001_initial_schema.sql`). The version stored in `schema_migrations` is the numeric prefix only, not the full filename stem.

## Changes

- **`ParseMigrationVersion()`** — new exported function that extracts the numeric prefix from migration filenames. Validates that the prefix is purely numeric and rejects malformed filenames (empty prefix, non-numeric characters, leading underscore).
- **Renamed `001.sql` → `001_initial_schema.sql`** — migration files can now have descriptive names while the tracked version remains `001`. This is safe pre-1.0.0 (no installed base).
- **Deduplicated migration logic** — `runMigrations()` and `ApplyMigrations()` now share a single `applyMigrations()` implementation, plus extracted `collectMigrations()` and `ensureMigrationsTable()` helpers.
- **Unit tests** — `TestParseMigrationVersion` covers valid patterns (version-only, with description, multi-digit, multiple underscores) and error cases (empty, leading underscore, non-numeric, mixed alphanumeric). `TestApplyMigrations` and `TestApplyMigrationsIdempotent` verify end-to-end migration application against an in-memory SQLite database.

Co-authored-by: user <user@Mac.lan guest wan>
Reviewed-on: #33
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

Dockerfile

@@ -1,7 +1,29 @@
+# Lint stage
+# golangci/golangci-lint:v2.10.1-alpine, 2026-02-17
+FROM golangci/golangci-lint:v2.10.1-alpine@sha256:33bc6b6156d4c7da87175f187090019769903d04dd408833b83083ed214b0ddf AS lint
+
+RUN apk add --no-cache make build-base vips-dev libheif-dev pkgconfig
+
+WORKDIR /src
+
+# Copy go mod files first for better layer caching
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Run formatting check and linter
+RUN make fmt-check
+RUN make lint
+
 # Build stage
 # golang:1.25.4-alpine, 2026-02-25
 FROM golang:1.25.4-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb AS builder
 
+# Depend on lint stage passing
+COPY --from=lint /src/go.sum /dev/null
+
 ARG VERSION=dev
 
 # Install build dependencies for CGO image libraries
@@ -9,15 +31,7 @@ RUN apk add --no-cache \
     build-base \
     vips-dev \
     libheif-dev \
-    pkgconfig \
-    curl
-
-# golangci-lint v2.10.1, 2026-02-25
-RUN curl -sSfL https://github.com/golangci/golangci-lint/releases/download/v2.10.1/golangci-lint-2.10.1-linux-amd64.tar.gz -o /tmp/golangci-lint.tar.gz && \
-    echo "dfa775874cf0561b404a02a8f4481fc69b28091da95aa697259820d429b09c99  /tmp/golangci-lint.tar.gz" | sha256sum -c - && \
-    tar -xzf /tmp/golangci-lint.tar.gz -C /tmp && \
-    mv /tmp/golangci-lint-2.10.1-linux-amd64/golangci-lint /usr/local/bin/ && \
-    rm -rf /tmp/golangci-lint*
+    pkgconfig
 
 WORKDIR /src
 
@@ -28,8 +42,8 @@ RUN GOTOOLCHAIN=auto go mod download
 # Copy source code
 COPY . .
 
-# Run all checks (fmt-check, lint, test)
-RUN make check
+# Run tests
+RUN make test
 
 # Build with CGO enabled
 RUN CGO_ENABLED=1 GOTOOLCHAIN=auto go build -ldflags "-X main.Version=${VERSION}" -o /pixad ./cmd/pixad

TODO.md

@@ -6,7 +6,7 @@ Remaining tasks sorted by priority for a working 1.0 release.
 
 ### Image Processing
 - [x] Add WebP encoding support (currently returns error)
-- [ ] Add AVIF encoding support (currently returns error)
+- [x] Add AVIF encoding support (implemented via govips)
 
 ### Manual Testing (verify auth/encrypted URLs work)
 - [ ] Manual test: visit `/`, see login form

cmd/pixad/main.go

@@ -17,10 +17,7 @@ import (
 	"sneak.berlin/go/pixa/internal/server"
 )
 
-var (
-	Appname = "pixad" //nolint:gochecknoglobals // set by ldflags
-	Version string    //nolint:gochecknoglobals // set by ldflags
-)
+var Version string //nolint:gochecknoglobals // set by ldflags
 
 var configPath string //nolint:gochecknoglobals // cobra flag
 
@@ -40,7 +37,6 @@ func main() {
 }
 
 func run(_ *cobra.Command, _ []string) {
-	globals.Appname = Appname
 	globals.Version = Version
 
 	// Set config path in environment if specified via flag

internal/database/database.go

@@ -35,6 +35,41 @@ type Database struct {
 	config *config.Config
 }
 
+// ParseMigrationVersion extracts the numeric version prefix from a migration
+// filename. Filenames must follow the pattern "<version>.sql" or
+// "<version>_<description>.sql", where version is a zero-padded numeric
+// string (e.g. "001", "002"). Returns the version string and an error if
+// the filename does not match the expected pattern.
+func ParseMigrationVersion(filename string) (string, error) {
+	name := strings.TrimSuffix(filename, filepath.Ext(filename))
+	if name == "" {
+		return "", fmt.Errorf("invalid migration filename %q: empty name", filename)
+	}
+
+	// Split on underscore to separate version from description.
+	// If there's no underscore, the entire stem is the version.
+	version := name
+	if idx := strings.IndexByte(name, '_'); idx >= 0 {
+		version = name[:idx]
+	}
+
+	if version == "" {
+		return "", fmt.Errorf("invalid migration filename %q: empty version prefix", filename)
+	}
+
+	// Validate the version is purely numeric.
+	for _, ch := range version {
+		if ch < '0' || ch > '9' {
+			return "", fmt.Errorf(
+				"invalid migration filename %q: version %q contains non-numeric character %q",
+				filename, version, string(ch),
+			)
+		}
+	}
+
+	return version, nil
+}
+
 // New creates a new Database instance.
 func New(lc fx.Lifecycle, params Params) (*Database, error) {
 	s := &Database{
@@ -84,96 +119,33 @@ func (s *Database) connect(ctx context.Context) error {
 	s.db = db
 	s.log.Info("database connected")
 
-	return s.runMigrations(ctx)
+	return ApplyMigrations(ctx, s.db, s.log)
 }
 
-func (s *Database) runMigrations(ctx context.Context) error {
-	// Create migrations tracking table
-	_, err := s.db.ExecContext(ctx, `
-		CREATE TABLE IF NOT EXISTS schema_migrations (
-			version TEXT PRIMARY KEY,
-			applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
-		)
-	`)
-	if err != nil {
-		return fmt.Errorf("failed to create migrations table: %w", err)
-	}
-
-	// Get list of migration files
+// collectMigrations reads the embedded schema directory and returns
+// migration filenames sorted lexicographically.
+func collectMigrations() ([]string, error) {
 	entries, err := schemaFS.ReadDir("schema")
 	if err != nil {
-		return fmt.Errorf("failed to read schema directory: %w", err)
+		return nil, fmt.Errorf("failed to read schema directory: %w", err)
 	}
 
-	// Sort migration files by name (001.sql, 002.sql, etc.)
 	var migrations []string
+
 	for _, entry := range entries {
 		if !entry.IsDir() && strings.HasSuffix(entry.Name(), ".sql") {
 			migrations = append(migrations, entry.Name())
 		}
 	}
+
 	sort.Strings(migrations)
 
-	// Apply each migration that hasn't been applied yet
-	for _, migration := range migrations {
-		version := strings.TrimSuffix(migration, filepath.Ext(migration))
-
-		// Check if already applied
-		var count int
-		err := s.db.QueryRowContext(ctx,
-			"SELECT COUNT(*) FROM schema_migrations WHERE version = ?",
-			version,
-		).Scan(&count)
-		if err != nil {
-			return fmt.Errorf("failed to check migration status: %w", err)
+	return migrations, nil
 }
 
-		if count > 0 {
-			s.log.Debug("migration already applied", "version", version)
-
-			continue
-		}
-
-		// Read and apply migration
-		content, err := schemaFS.ReadFile(filepath.Join("schema", migration))
-		if err != nil {
-			return fmt.Errorf("failed to read migration %s: %w", migration, err)
-		}
-
-		s.log.Info("applying migration", "version", version)
-
-		_, err = s.db.ExecContext(ctx, string(content))
-		if err != nil {
-			return fmt.Errorf("failed to apply migration %s: %w", migration, err)
-		}
-
-		// Record migration as applied
-		_, err = s.db.ExecContext(ctx,
-			"INSERT INTO schema_migrations (version) VALUES (?)",
-			version,
-		)
-		if err != nil {
-			return fmt.Errorf("failed to record migration %s: %w", migration, err)
-		}
-
-		s.log.Info("migration applied successfully", "version", version)
-	}
-
-	return nil
-}
-
-// DB returns the underlying sql.DB.
-func (s *Database) DB() *sql.DB {
-	return s.db
-}
-
-// ApplyMigrations applies all migrations to the given database.
-// This is useful for testing where you want to use the real schema
-// without the full fx lifecycle.
-func ApplyMigrations(db *sql.DB) error {
-	ctx := context.Background()
-
-	// Create migrations tracking table
+// ensureMigrationsTable creates the schema_migrations tracking table if
+// it does not already exist.
+func ensureMigrationsTable(ctx context.Context, db *sql.DB) error {
 	_, err := db.ExecContext(ctx, `
 		CREATE TABLE IF NOT EXISTS schema_migrations (
 			version TEXT PRIMARY KEY,
@@ -184,27 +156,32 @@ func ApplyMigrations(db *sql.DB) error {
 		return fmt.Errorf("failed to create migrations table: %w", err)
 	}
 
-	// Get list of migration files
-	entries, err := schemaFS.ReadDir("schema")
+	return nil
+}
+
+// ApplyMigrations applies all pending migrations to db. An optional logger
+// may be provided for informational output; pass nil for silent operation.
+// This is exported so tests can apply the real schema without the full fx
+// lifecycle.
+func ApplyMigrations(ctx context.Context, db *sql.DB, log *slog.Logger) error {
+	if err := ensureMigrationsTable(ctx, db); err != nil {
+		return err
+	}
+
+	migrations, err := collectMigrations()
 	if err != nil {
-		return fmt.Errorf("failed to read schema directory: %w", err)
+		return err
 	}
 
-	// Sort migration files by name (001.sql, 002.sql, etc.)
-	var migrations []string
-	for _, entry := range entries {
-		if !entry.IsDir() && strings.HasSuffix(entry.Name(), ".sql") {
-			migrations = append(migrations, entry.Name())
-		}
-	}
-	sort.Strings(migrations)
-
-	// Apply each migration that hasn't been applied yet
 	for _, migration := range migrations {
-		version := strings.TrimSuffix(migration, filepath.Ext(migration))
+		version, parseErr := ParseMigrationVersion(migration)
+		if parseErr != nil {
+			return parseErr
+		}
 
-		// Check if already applied
+		// Check if already applied.
 		var count int
+
 		err := db.QueryRowContext(ctx,
 			"SELECT COUNT(*) FROM schema_migrations WHERE version = ?",
 			version,
@@ -214,29 +191,46 @@ func ApplyMigrations(db *sql.DB) error {
 		}
 
 		if count > 0 {
+			if log != nil {
+				log.Debug("migration already applied", "version", version)
+			}
+
 			continue
 		}
 
-		// Read and apply migration
-		content, err := schemaFS.ReadFile(filepath.Join("schema", migration))
-		if err != nil {
-			return fmt.Errorf("failed to read migration %s: %w", migration, err)
+		// Read and apply migration.
+		content, readErr := schemaFS.ReadFile(filepath.Join("schema", migration))
+		if readErr != nil {
+			return fmt.Errorf("failed to read migration %s: %w", migration, readErr)
 		}
 
-		_, err = db.ExecContext(ctx, string(content))
-		if err != nil {
-			return fmt.Errorf("failed to apply migration %s: %w", migration, err)
+		if log != nil {
+			log.Info("applying migration", "version", version)
 		}
 
-		// Record migration as applied
-		_, err = db.ExecContext(ctx,
+		_, execErr := db.ExecContext(ctx, string(content))
+		if execErr != nil {
+			return fmt.Errorf("failed to apply migration %s: %w", migration, execErr)
+		}
+
+		// Record migration as applied.
+		_, recErr := db.ExecContext(ctx,
 			"INSERT INTO schema_migrations (version) VALUES (?)",
 			version,
 		)
-		if err != nil {
-			return fmt.Errorf("failed to record migration %s: %w", migration, err)
+		if recErr != nil {
+			return fmt.Errorf("failed to record migration %s: %w", migration, recErr)
+		}
+
+		if log != nil {
+			log.Info("migration applied successfully", "version", version)
 		}
 	}
 
 	return nil
 }
+
+// DB returns the underlying sql.DB.
+func (s *Database) DB() *sql.DB {
+	return s.db
+}

internal/database/database_test.go

@@ -0,0 +1,155 @@
+package database
+
+import (
+	"context"
+	"database/sql"
+	"testing"
+
+	_ "modernc.org/sqlite" // SQLite driver registration
+)
+
+func TestParseMigrationVersion(t *testing.T) {
+	tests := []struct {
+		name     string
+		filename string
+		want     string
+		wantErr  bool
+	}{
+		{
+			name:     "version only",
+			filename: "001.sql",
+			want:     "001",
+		},
+		{
+			name:     "version with description",
+			filename: "001_initial_schema.sql",
+			want:     "001",
+		},
+		{
+			name:     "multi-digit version",
+			filename: "042_add_indexes.sql",
+			want:     "042",
+		},
+		{
+			name:     "long version number",
+			filename: "00001_long_prefix.sql",
+			want:     "00001",
+		},
+		{
+			name:     "description with multiple underscores",
+			filename: "003_add_user_auth_tables.sql",
+			want:     "003",
+		},
+		{
+			name:     "empty filename",
+			filename: ".sql",
+			wantErr:  true,
+		},
+		{
+			name:     "leading underscore",
+			filename: "_description.sql",
+			wantErr:  true,
+		},
+		{
+			name:     "non-numeric version",
+			filename: "abc_migration.sql",
+			wantErr:  true,
+		},
+		{
+			name:     "mixed alphanumeric version",
+			filename: "001a_migration.sql",
+			wantErr:  true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ParseMigrationVersion(tt.filename)
+			if tt.wantErr {
+				if err == nil {
+					t.Errorf("ParseMigrationVersion(%q) expected error, got %q", tt.filename, got)
+				}
+
+				return
+			}
+
+			if err != nil {
+				t.Errorf("ParseMigrationVersion(%q) unexpected error: %v", tt.filename, err)
+
+				return
+			}
+
+			if got != tt.want {
+				t.Errorf("ParseMigrationVersion(%q) = %q, want %q", tt.filename, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestApplyMigrations(t *testing.T) {
+	db, err := sql.Open("sqlite", ":memory:")
+	if err != nil {
+		t.Fatalf("failed to open in-memory database: %v", err)
+	}
+	defer db.Close()
+
+	// Apply migrations should succeed.
+	if err := ApplyMigrations(context.Background(), db, nil); err != nil {
+		t.Fatalf("ApplyMigrations failed: %v", err)
+	}
+
+	// Verify the schema_migrations table recorded the version.
+	var version string
+
+	err = db.QueryRowContext(context.Background(),
+		"SELECT version FROM schema_migrations LIMIT 1",
+	).Scan(&version)
+	if err != nil {
+		t.Fatalf("failed to query schema_migrations: %v", err)
+	}
+
+	if version != "001" {
+		t.Errorf("expected version %q, got %q", "001", version)
+	}
+
+	// Verify a table from the migration exists (source_content).
+	var tableName string
+
+	err = db.QueryRowContext(context.Background(),
+		"SELECT name FROM sqlite_master WHERE type='table' AND name='source_content'",
+	).Scan(&tableName)
+	if err != nil {
+		t.Fatalf("expected source_content table to exist: %v", err)
+	}
+}
+
+func TestApplyMigrationsIdempotent(t *testing.T) {
+	db, err := sql.Open("sqlite", ":memory:")
+	if err != nil {
+		t.Fatalf("failed to open in-memory database: %v", err)
+	}
+	defer db.Close()
+
+	// Apply twice should succeed (idempotent).
+	if err := ApplyMigrations(context.Background(), db, nil); err != nil {
+		t.Fatalf("first ApplyMigrations failed: %v", err)
+	}
+
+	if err := ApplyMigrations(context.Background(), db, nil); err != nil {
+		t.Fatalf("second ApplyMigrations failed: %v", err)
+	}
+
+	// Should still have exactly one migration recorded.
+	var count int
+
+	err = db.QueryRowContext(context.Background(),
+		"SELECT COUNT(*) FROM schema_migrations",
+	).Scan(&count)
+	if err != nil {
+		t.Fatalf("failed to count schema_migrations: %v", err)
+	}
+
+	if count != 1 {
+		t.Errorf("expected 1 migration record, got %d", count)
+	}
+}

internal/globals/globals.go

@@ -5,11 +5,10 @@ import (
 	"go.uber.org/fx"
 )
 
-// Build-time variables populated from main() via ldflags.
-var (
-	Appname string //nolint:gochecknoglobals // set from main
-	Version string //nolint:gochecknoglobals // set from main
-)
+const appname = "pixad"
+
+// Version is populated from main() via ldflags.
+var Version string //nolint:gochecknoglobals // set from main
 
 // Globals holds application-wide constants.
 type Globals struct {
@@ -20,7 +19,7 @@ type Globals struct {
 // New creates a new Globals instance from build-time variables.
 func New(_ fx.Lifecycle) (*Globals, error) {
 	return &Globals{
-		Appname: Appname,
+		Appname: appname,
 		Version: Version,
 	}, nil
 }

internal/handlers/handlers_test.go

@@ -82,7 +82,7 @@ func setupTestDB(t *testing.T) *sql.DB {
 		t.Fatalf("failed to open test db: %v", err)
 	}
 
-	if err := database.ApplyMigrations(db); err != nil {
+	if err := database.ApplyMigrations(context.Background(), db, nil); err != nil {
 		t.Fatalf("failed to apply migrations: %v", err)
 	}
 

internal/imgcache/stats_test.go

@@ -16,7 +16,7 @@ func setupStatsTestDB(t *testing.T) *sql.DB {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := database.ApplyMigrations(db); err != nil {
+	if err := database.ApplyMigrations(context.Background(), db, nil); err != nil {
 		t.Fatal(err)
 	}
 	t.Cleanup(func() { db.Close() })

internal/imgcache/testutil_test.go

@@ -2,6 +2,7 @@ package imgcache
 
 import (
 	"bytes"
+	"context"
 	"database/sql"
 	"image"
 	"image/color"
@@ -193,7 +194,7 @@ func setupServiceTestDB(t *testing.T) *sql.DB {
 	}
 
 	// Use the real production schema via migrations
-	if err := database.ApplyMigrations(db); err != nil {
+	if err := database.ApplyMigrations(context.Background(), db, nil); err != nil {
 		t.Fatalf("failed to apply migrations: %v", err)
 	}
 

scripts/manual-test.sh

@@ -48,7 +48,7 @@ fi
 
 # Test 3: Wrong password shows error
 echo "--- Test 3: Login with wrong password ---"
-WRONG_LOGIN=$(curl -sf -X POST "$BASE_URL/" -d "password=wrong-key" -c "$COOKIE_JAR")
+WRONG_LOGIN=$(curl -sf -X POST "$BASE_URL/" -d "key=wrong-key" -c "$COOKIE_JAR")
 if echo "$WRONG_LOGIN" | grep -qi "invalid\|error\|incorrect\|wrong"; then
     pass "Wrong password shows error message"
 else
@@ -57,7 +57,7 @@ fi
 
 # Test 4: Correct password redirects to generator
 echo "--- Test 4: Login with correct signing key ---"
-curl -sf -X POST "$BASE_URL/" -d "password=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
+curl -sf -X POST "$BASE_URL/" -d "key=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
 GENERATOR_PAGE=$(curl -sf "$BASE_URL/" -b "$COOKIE_JAR")
 if echo "$GENERATOR_PAGE" | grep -qi "generate\|url\|source\|logout"; then
     pass "Correct password shows generator page"
@@ -68,12 +68,12 @@ fi
 # Test 5: Generate encrypted URL
 echo "--- Test 5: Generate encrypted URL ---"
 GEN_RESULT=$(curl -sf -X POST "$BASE_URL/generate" -b "$COOKIE_JAR" \
-    -d "source_url=$TEST_IMAGE_URL" \
+    -d "url=$TEST_IMAGE_URL" \
     -d "width=800" \
     -d "height=600" \
     -d "format=jpeg" \
     -d "quality=85" \
-    -d "fit_mode=cover" \
+    -d "fit=cover" \
     -d "ttl=3600")
 if echo "$GEN_RESULT" | grep -q "/v1/e/"; then
     pass "Encrypted URL generated"
@@ -121,10 +121,10 @@ fi
 # Test 9: Generate short-TTL URL and verify expiration
 echo "--- Test 9: Expired URL returns 410 ---"
 # Login again
-curl -sf -X POST "$BASE_URL/" -d "password=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
+curl -sf -X POST "$BASE_URL/" -d "key=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
 # Generate URL with 1 second TTL
 GEN_RESULT=$(curl -sf -X POST "$BASE_URL/generate" -b "$COOKIE_JAR" \
-    -d "source_url=$TEST_IMAGE_URL" \
+    -d "url=$TEST_IMAGE_URL" \
     -d "width=100" \
     -d "height=100" \
     -d "format=jpeg" \