sneak/upaas
1
0
Fork 0
Code Issues 9 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: sneak:feature/edit-config-entities
Branches Tags
sneak:main sneak:fix/issue-156-env-vars-404 sneak:fix/js-formatting sneak:fix/module-path sneak:fix/1.0-audit-bugs sneak:fix/disable-api-write-methods sneak:chore/code-cleanup sneak:ci/check-workflow-only sneak:fix/repo-url-validation sneak:fix/main-lint-issues sneak:feature/api-token-auth sneak:revert/pr-98 sneak:feat/ci-make-check sneak:ci/add-check-action sneak:fix/deploy-cancel-cleanup sneak:schema-consolidation sneak:feature/json-api sneak:chore/update-todo sneak:feature/edit-config-entities sneak:feature/deployment-rollback-tests sneak:update-todo-md sneak:feature/edit-entities sneak:feature/deployment-rollback sneak:feature/deploy-cancel
sneak:1.0.0
..
compare: sneak:81c109914be3a1d204f9d0f2dac0da7371a05fbc
Branches Tags
sneak:fix/issue-156-env-vars-404 sneak:fix/js-formatting sneak:main sneak:fix/module-path sneak:fix/1.0-audit-bugs sneak:fix/disable-api-write-methods sneak:chore/code-cleanup sneak:ci/check-workflow-only sneak:fix/repo-url-validation sneak:fix/main-lint-issues sneak:feature/api-token-auth sneak:revert/pr-98 sneak:feat/ci-make-check sneak:ci/add-check-action sneak:fix/deploy-cancel-cleanup sneak:schema-consolidation sneak:feature/json-api sneak:chore/update-todo sneak:feature/edit-config-entities sneak:feature/deployment-rollback-tests sneak:update-todo-md sneak:feature/edit-entities sneak:feature/deployment-rollback sneak:feature/deploy-cancel
sneak:1.0.0

2 Commits
feature/ed ... 81c109914b

Author SHA1 Message Date
Jeffrey Paul
81c109914b Merge branch 'main' into feature/json-api 2026-02-16 09:24:24 +01:00
user
a9829ce48f feat: add JSON API with token auth (closes #69) 
- Add API token model with SHA-256 hashed tokens
- Add migration 006_add_api_tokens.sql
- Add Bearer token auth middleware
- Add API endpoints under /api/v1/:
  - GET /whoami
  - POST /tokens (create new API token)
  - GET /apps (list all apps)
  - POST /apps (create app)
  - GET /apps/{id} (get app)
  - DELETE /apps/{id} (delete app)
  - POST /apps/{id}/deploy (trigger deployment)
  - GET /apps/{id}/deployments (list deployments)
- Add comprehensive tests for all API endpoints
- All tests pass, zero lint issues
 2026-02-16 00:20:41 -08:00
15 changed files with 981 additions and 508 deletions
Expand all files Collapse all files

8
TODO.md
View File

@@ -54,7 +54,7 @@
- [x] View deployment history per app
- [x] Container logs viewing
- [ ] Deployment rollback to previous image
- [x] Deployment cancellation
- [ ] Deployment cancellation
### Manual Container Controls
- [x] Restart container
@@ -210,9 +210,9 @@ Protected Routes (require auth):
- [ ] Update deploy service to save previous image before building new one
### 3.3 Deployment Cancellation
- [x] Add cancellation context to deploy service
- [x] Add `POST /apps/:id/deployments/:id/cancel` endpoint
- [x] Handle cleanup of partial builds/containers
- [ ] Add cancellation context to deploy service
- [ ] Add `POST /apps/:id/deployments/:id/cancel` endpoint
- [ ] Handle cleanup of partial builds/containers
## Phase 4: Lower Priority (Nice to Have)

11
internal/database/migrations/006_add_api_tokens.sql Normal file
View File

@@ -0,0 +1,11 @@
CREATE TABLE IF NOT EXISTS api_tokens (
id INTEGER PRIMARY KEY AUTOINCREMENT,
user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
name TEXT NOT NULL DEFAULT '',
token_hash TEXT NOT NULL UNIQUE,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
last_used_at DATETIME
);
CREATE INDEX IF NOT EXISTS idx_api_tokens_token_hash ON api_tokens(token_hash);
CREATE INDEX IF NOT EXISTS idx_api_tokens_user_id ON api_tokens(user_id);

2
internal/database/migrations/006_add_previous_image_id.sql
View File

@@ -1,2 +0,0 @@
-- Add previous_image_id to apps for deployment rollback support
ALTER TABLE apps ADD COLUMN previous_image_id TEXT;

372
internal/handlers/api.go Normal file
View File

@@ -0,0 +1,372 @@
package handlers
import (
"encoding/json"
"net/http"
"strconv"
"github.com/go-chi/chi/v5"
"git.eeqj.de/sneak/upaas/internal/middleware"
"git.eeqj.de/sneak/upaas/internal/models"
"git.eeqj.de/sneak/upaas/internal/service/app"
)
// apiAppResponse is the JSON representation of an app.
type apiAppResponse struct {
ID string `json:"id"`
Name string `json:"name"`
RepoURL string `json:"repoUrl"`
Branch string `json:"branch"`
DockerfilePath string `json:"dockerfilePath"`
Status string `json:"status"`
WebhookSecret string `json:"webhookSecret"`
SSHPublicKey string `json:"sshPublicKey"`
CreatedAt string `json:"createdAt"`
UpdatedAt string `json:"updatedAt"`
}
// apiDeploymentResponse is the JSON representation of a deployment.
type apiDeploymentResponse struct {
ID int64 `json:"id"`
AppID string `json:"appId"`
CommitSHA string `json:"commitSha,omitempty"`
Status string `json:"status"`
Duration string `json:"duration,omitempty"`
StartedAt string `json:"startedAt"`
FinishedAt string `json:"finishedAt,omitempty"`
}
func appToAPI(a *models.App) apiAppResponse {
return apiAppResponse{
ID: a.ID,
Name: a.Name,
RepoURL: a.RepoURL,
Branch: a.Branch,
DockerfilePath: a.DockerfilePath,
Status: string(a.Status),
WebhookSecret: a.WebhookSecret,
SSHPublicKey: a.SSHPublicKey,
CreatedAt: a.CreatedAt.Format("2006-01-02T15:04:05Z"),
UpdatedAt: a.UpdatedAt.Format("2006-01-02T15:04:05Z"),
}
}
func deploymentToAPI(d *models.Deployment) apiDeploymentResponse {
resp := apiDeploymentResponse{
ID: d.ID,
AppID: d.AppID,
Status: string(d.Status),
Duration: d.Duration(),
StartedAt: d.StartedAt.Format("2006-01-02T15:04:05Z"),
}
if d.CommitSHA.Valid {
resp.CommitSHA = d.CommitSHA.String
}
if d.FinishedAt.Valid {
resp.FinishedAt = d.FinishedAt.Time.Format("2006-01-02T15:04:05Z")
}
return resp
}
// HandleAPIListApps returns a handler that lists all apps as JSON.
func (h *Handlers) HandleAPIListApps() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
apps, err := h.appService.ListApps(request.Context())
if err != nil {
h.respondJSON(writer, request,
map[string]string{"error": "failed to list apps"},
http.StatusInternalServerError)
return
}
result := make([]apiAppResponse, 0, len(apps))
for _, a := range apps {
result = append(result, appToAPI(a))
}
h.respondJSON(writer, request, result, http.StatusOK)
}
}
// HandleAPIGetApp returns a handler that gets a single app by ID.
func (h *Handlers) HandleAPIGetApp() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id")
application, err := h.appService.GetApp(request.Context(), appID)
if err != nil {
h.respondJSON(writer, request,
map[string]string{"error": "internal server error"},
http.StatusInternalServerError)
return
}
if application == nil {
h.respondJSON(writer, request,
map[string]string{"error": "app not found"},
http.StatusNotFound)
return
}
h.respondJSON(writer, request, appToAPI(application), http.StatusOK)
}
}
// HandleAPICreateApp returns a handler that creates a new app.
func (h *Handlers) HandleAPICreateApp() http.HandlerFunc {
type createRequest struct {
Name string `json:"name"`
RepoURL string `json:"repoUrl"`
Branch string `json:"branch"`
DockerfilePath string `json:"dockerfilePath"`
DockerNetwork string `json:"dockerNetwork"`
NtfyTopic string `json:"ntfyTopic"`
SlackWebhook string `json:"slackWebhook"`
}
return func(writer http.ResponseWriter, request *http.Request) {
var req createRequest
decodeErr := json.NewDecoder(request.Body).Decode(&req)
if decodeErr != nil {
h.respondJSON(writer, request,
map[string]string{"error": "invalid JSON body"},
http.StatusBadRequest)
return
}
if req.Name == "" || req.RepoURL == "" {
h.respondJSON(writer, request,
map[string]string{"error": "name and repo_url are required"},
http.StatusBadRequest)
return
}
nameErr := validateAppName(req.Name)
if nameErr != nil {
h.respondJSON(writer, request,
map[string]string{"error": "invalid app name: " + nameErr.Error()},
http.StatusBadRequest)
return
}
createdApp, createErr := h.appService.CreateApp(request.Context(), app.CreateAppInput{
Name: req.Name,
RepoURL: req.RepoURL,
Branch: req.Branch,
DockerfilePath: req.DockerfilePath,
DockerNetwork: req.DockerNetwork,
NtfyTopic: req.NtfyTopic,
SlackWebhook: req.SlackWebhook,
})
if createErr != nil {
h.log.Error("api: failed to create app", "error", createErr)
h.respondJSON(writer, request,
map[string]string{"error": "failed to create app"},
http.StatusInternalServerError)
return
}
h.respondJSON(writer, request, appToAPI(createdApp), http.StatusCreated)
}
}
// HandleAPIDeleteApp returns a handler that deletes an app.
func (h *Handlers) HandleAPIDeleteApp() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id")
application, err := h.appService.GetApp(request.Context(), appID)
if err != nil {
h.respondJSON(writer, request,
map[string]string{"error": "internal server error"},
http.StatusInternalServerError)
return
}
if application == nil {
h.respondJSON(writer, request,
map[string]string{"error": "app not found"},
http.StatusNotFound)
return
}
deleteErr := h.appService.DeleteApp(request.Context(), application)
if deleteErr != nil {
h.log.Error("api: failed to delete app", "error", deleteErr)
h.respondJSON(writer, request,
map[string]string{"error": "failed to delete app"},
http.StatusInternalServerError)
return
}
h.respondJSON(writer, request,
map[string]string{"status": "deleted"}, http.StatusOK)
}
}
// deploymentsPageLimit is the default number of deployments per page.
const deploymentsPageLimit = 20
// HandleAPIListDeployments returns a handler that lists deployments for an app.
func (h *Handlers) HandleAPIListDeployments() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id")
application, err := h.appService.GetApp(request.Context(), appID)
if err != nil || application == nil {
h.respondJSON(writer, request,
map[string]string{"error": "app not found"},
http.StatusNotFound)
return
}
limit := deploymentsPageLimit
if l := request.URL.Query().Get("limit"); l != "" {
parsed, parseErr := strconv.Atoi(l)
if parseErr == nil && parsed > 0 {
limit = parsed
}
}
deployments, deployErr := application.GetDeployments(
request.Context(), limit,
)
if deployErr != nil {
h.respondJSON(writer, request,
map[string]string{"error": "failed to list deployments"},
http.StatusInternalServerError)
return
}
result := make([]apiDeploymentResponse, 0, len(deployments))
for _, d := range deployments {
result = append(result, deploymentToAPI(d))
}
h.respondJSON(writer, request, result, http.StatusOK)
}
}
// HandleAPITriggerDeploy returns a handler that triggers a deployment for an app.
func (h *Handlers) HandleAPITriggerDeploy() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id")
application, err := h.appService.GetApp(request.Context(), appID)
if err != nil || application == nil {
h.respondJSON(writer, request,
map[string]string{"error": "app not found"},
http.StatusNotFound)
return
}
deployErr := h.deploy.Deploy(request.Context(), application, nil, true)
if deployErr != nil {
h.log.Error("api: failed to trigger deploy", "error", deployErr)
h.respondJSON(writer, request,
map[string]string{"error": deployErr.Error()},
http.StatusConflict)
return
}
h.respondJSON(writer, request,
map[string]string{"status": "deploying"}, http.StatusAccepted)
}
}
// HandleAPICreateToken returns a handler that creates an API token.
func (h *Handlers) HandleAPICreateToken() http.HandlerFunc {
type createTokenRequest struct {
Name string `json:"name"`
}
type createTokenResponse struct {
Token string `json:"token"`
Name string `json:"name"`
ID int64 `json:"id"`
}
return func(writer http.ResponseWriter, request *http.Request) {
user := middleware.APIUserFromContext(request.Context())
if user == nil {
h.respondJSON(writer, request,
map[string]string{"error": "unauthorized"},
http.StatusUnauthorized)
return
}
var req createTokenRequest
decodeErr := json.NewDecoder(request.Body).Decode(&req)
if decodeErr != nil {
req.Name = "default"
}
if req.Name == "" {
req.Name = "default"
}
rawToken, token, err := models.GenerateAPIToken(
request.Context(), h.db, user.ID, req.Name,
)
if err != nil {
h.log.Error("api: failed to create token", "error", err)
h.respondJSON(writer, request,
map[string]string{"error": "failed to create token"},
http.StatusInternalServerError)
return
}
h.respondJSON(writer, request, createTokenResponse{
Token: rawToken,
Name: token.Name,
ID: token.ID,
}, http.StatusCreated)
}
}
// HandleAPIWhoAmI returns a handler that shows the current authenticated user.
func (h *Handlers) HandleAPIWhoAmI() http.HandlerFunc {
type whoAmIResponse struct {
UserID int64 `json:"userId"`
Username string `json:"username"`
}
return func(writer http.ResponseWriter, request *http.Request) {
user := middleware.APIUserFromContext(request.Context())
if user == nil {
h.respondJSON(writer, request,
map[string]string{"error": "unauthorized"},
http.StatusUnauthorized)
return
}
h.respondJSON(writer, request, whoAmIResponse{
UserID: user.ID,
Username: user.Username,
}, http.StatusOK)
}
}

254
internal/handlers/api_test.go Normal file
View File

@@ -0,0 +1,254 @@
package handlers_test
import (
"encoding/json"
"net/http"
"net/http/httptest"
"strings"
"testing"
"github.com/go-chi/chi/v5"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"git.eeqj.de/sneak/upaas/internal/models"
)
func setupAPITest(t *testing.T) (*testContext, string) {
t.Helper()
tc := setupTestHandlers(t)
// Create a user first.
_, err := tc.authSvc.CreateUser(t.Context(), "admin", "password123")
require.NoError(t, err)
user, err := models.FindUserByUsername(t.Context(), tc.database, "admin")
require.NoError(t, err)
require.NotNil(t, user)
// Generate an API token.
rawToken, _, err := models.GenerateAPIToken(t.Context(), tc.database, user.ID, "test")
require.NoError(t, err)
return tc, rawToken
}
func apiRequest(
t *testing.T,
tc *testContext,
token, method, path string,
body string,
) *httptest.ResponseRecorder {
t.Helper()
var req *http.Request
if body != "" {
req = httptest.NewRequest(method, path, strings.NewReader(body))
req.Header.Set("Content-Type", "application/json")
} else {
req = httptest.NewRequest(method, path, nil)
}
req.Header.Set("Authorization", "Bearer "+token)
rr := httptest.NewRecorder()
// Build a chi router with API routes.
r := chi.NewRouter()
mw := tc.middleware
r.Route("/api/v1", func(apiR chi.Router) {
apiR.Use(mw.APITokenAuth())
apiR.Get("/whoami", tc.handlers.HandleAPIWhoAmI())
apiR.Post("/tokens", tc.handlers.HandleAPICreateToken())
apiR.Get("/apps", tc.handlers.HandleAPIListApps())
apiR.Post("/apps", tc.handlers.HandleAPICreateApp())
apiR.Get("/apps/{id}", tc.handlers.HandleAPIGetApp())
apiR.Delete("/apps/{id}", tc.handlers.HandleAPIDeleteApp())
apiR.Post("/apps/{id}/deploy", tc.handlers.HandleAPITriggerDeploy())
apiR.Get("/apps/{id}/deployments", tc.handlers.HandleAPIListDeployments())
})
r.ServeHTTP(rr, req)
return rr
}
func TestAPIAuthRejectsNoToken(t *testing.T) {
t.Parallel()
tc := setupTestHandlers(t)
req := httptest.NewRequest(http.MethodGet, "/api/v1/apps", nil)
rr := httptest.NewRecorder()
r := chi.NewRouter()
r.Route("/api/v1", func(apiR chi.Router) {
apiR.Use(tc.middleware.APITokenAuth())
apiR.Get("/apps", tc.handlers.HandleAPIListApps())
})
r.ServeHTTP(rr, req)
assert.Equal(t, http.StatusUnauthorized, rr.Code)
}
func TestAPIAuthRejectsInvalidToken(t *testing.T) {
t.Parallel()
tc := setupTestHandlers(t)
rr := apiRequest(t, tc, "invalid-token", http.MethodGet, "/api/v1/apps", "")
assert.Equal(t, http.StatusUnauthorized, rr.Code)
}
func TestAPIWhoAmI(t *testing.T) {
t.Parallel()
tc, token := setupAPITest(t)
rr := apiRequest(t, tc, token, http.MethodGet, "/api/v1/whoami", "")
assert.Equal(t, http.StatusOK, rr.Code)
var resp map[string]any
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &resp))
assert.Equal(t, "admin", resp["username"])
}
func TestAPIListAppsEmpty(t *testing.T) {
t.Parallel()
tc, token := setupAPITest(t)
rr := apiRequest(t, tc, token, http.MethodGet, "/api/v1/apps", "")
assert.Equal(t, http.StatusOK, rr.Code)
var apps []any
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &apps))
assert.Empty(t, apps)
}
func TestAPICreateApp(t *testing.T) {
t.Parallel()
tc, token := setupAPITest(t)
body := `{"name":"test-app","repoUrl":"https://github.com/example/repo"}`
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/apps", body)
assert.Equal(t, http.StatusCreated, rr.Code)
var app map[string]any
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &app))
assert.Equal(t, "test-app", app["name"])
assert.Equal(t, "pending", app["status"])
}
func TestAPICreateAppValidation(t *testing.T) {
t.Parallel()
tc, token := setupAPITest(t)
// Missing required fields.
body := `{"name":"","repoUrl":""}`
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/apps", body)
assert.Equal(t, http.StatusBadRequest, rr.Code)
}
func TestAPIGetApp(t *testing.T) {
t.Parallel()
tc, token := setupAPITest(t)
// Create an app first.
body := `{"name":"my-app","repoUrl":"https://github.com/example/repo"}`
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/apps", body)
require.Equal(t, http.StatusCreated, rr.Code)
var created map[string]any
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &created))
appID, ok := created["id"].(string)
require.True(t, ok)
// Get the app.
rr = apiRequest(t, tc, token, http.MethodGet, "/api/v1/apps/"+appID, "")
assert.Equal(t, http.StatusOK, rr.Code)
var app map[string]any
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &app))
assert.Equal(t, "my-app", app["name"])
}
func TestAPIGetAppNotFound(t *testing.T) {
t.Parallel()
tc, token := setupAPITest(t)
rr := apiRequest(t, tc, token, http.MethodGet, "/api/v1/apps/nonexistent", "")
assert.Equal(t, http.StatusNotFound, rr.Code)
}
func TestAPIDeleteApp(t *testing.T) {
t.Parallel()
tc, token := setupAPITest(t)
// Create an app.
body := `{"name":"delete-me","repoUrl":"https://github.com/example/repo"}`
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/apps", body)
require.Equal(t, http.StatusCreated, rr.Code)
var created map[string]any
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &created))
appID, ok := created["id"].(string)
require.True(t, ok)
// Delete it.
rr = apiRequest(t, tc, token, http.MethodDelete, "/api/v1/apps/"+appID, "")
assert.Equal(t, http.StatusOK, rr.Code)
// Verify it's gone.
rr = apiRequest(t, tc, token, http.MethodGet, "/api/v1/apps/"+appID, "")
assert.Equal(t, http.StatusNotFound, rr.Code)
}
func TestAPIListDeployments(t *testing.T) {
t.Parallel()
tc, token := setupAPITest(t)
// Create an app.
body := `{"name":"deploy-app","repoUrl":"https://github.com/example/repo"}`
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/apps", body)
require.Equal(t, http.StatusCreated, rr.Code)
var created map[string]any
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &created))
appID, ok := created["id"].(string)
require.True(t, ok)
// List deployments (should be empty).
rr = apiRequest(t, tc, token, http.MethodGet, "/api/v1/apps/"+appID+"/deployments", "")
assert.Equal(t, http.StatusOK, rr.Code)
var deployments []any
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &deployments))
assert.Empty(t, deployments)
}
func TestAPICreateToken(t *testing.T) {
t.Parallel()
tc, token := setupAPITest(t)
body := `{"name":"new-token"}`
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/tokens", body)
assert.Equal(t, http.StatusCreated, rr.Code)
var resp map[string]any
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &resp))
assert.Equal(t, "new-token", resp["name"])
assert.NotEmpty(t, resp["token"])
}

227
internal/handlers/app.go
View File

@@ -4,8 +4,6 @@ import (
"context"
"database/sql"
"encoding/json"
"errors"
"fmt"
"net/http"
"os"
"path/filepath"
@@ -382,30 +380,6 @@ func (h *Handlers) HandleCancelDeploy() http.HandlerFunc {
}
}
// HandleAppRollback handles rolling back to the previous deployment image.
func (h *Handlers) HandleAppRollback() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id")
application, findErr := models.FindApp(request.Context(), h.db, appID)
if findErr != nil || application == nil {
http.NotFound(writer, request)
return
}
rollbackErr := h.deploy.Rollback(request.Context(), application)
if rollbackErr != nil {
h.log.Error("rollback failed", "error", rollbackErr, "app", application.Name)
http.Redirect(writer, request, "/apps/"+application.ID, http.StatusSeeOther)
return
}
http.Redirect(writer, request, "/apps/"+application.ID+"?success=rolledback", http.StatusSeeOther)
}
}
// HandleAppDeployments returns the deployments history handler.
func (h *Handlers) HandleAppDeployments() http.HandlerFunc {
tmpl := templates.GetParsed()
@@ -1142,207 +1116,6 @@ func (h *Handlers) HandlePortDelete() http.HandlerFunc {
}
}
// ErrVolumePathEmpty is returned when a volume path is empty.
var ErrVolumePathEmpty = errors.New("path must not be empty")
// ErrVolumePathNotAbsolute is returned when a volume path is not absolute.
var ErrVolumePathNotAbsolute = errors.New("path must be absolute")
// ErrVolumePathNotClean is returned when a volume path is not clean.
var ErrVolumePathNotClean = errors.New("path must be clean")
// ValidateVolumePath checks that a path is absolute and clean.
func ValidateVolumePath(p string) error {
if p == "" {
return ErrVolumePathEmpty
}
if !filepath.IsAbs(p) {
return ErrVolumePathNotAbsolute
}
cleaned := filepath.Clean(p)
if cleaned != p {
return fmt.Errorf("%w (expected %q)", ErrVolumePathNotClean, cleaned)
}
return nil
}
// HandleEnvVarEdit handles editing an existing environment variable.
func (h *Handlers) HandleEnvVarEdit() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id")
envVarIDStr := chi.URLParam(request, "varID")
envVarID, parseErr := strconv.ParseInt(envVarIDStr, 10, 64)
if parseErr != nil {
http.NotFound(writer, request)
return
}
envVar, findErr := models.FindEnvVar(request.Context(), h.db, envVarID)
if findErr != nil || envVar == nil || envVar.AppID != appID {
http.NotFound(writer, request)
return
}
formErr := request.ParseForm()
if formErr != nil {
http.Error(writer, "Bad Request", http.StatusBadRequest)
return
}
key := request.FormValue("key")
value := request.FormValue("value")
if key == "" || value == "" {
http.Redirect(writer, request, "/apps/"+appID, http.StatusSeeOther)
return
}
envVar.Key = key
envVar.Value = value
saveErr := envVar.Save(request.Context())
if saveErr != nil {
h.log.Error("failed to update env var", "error", saveErr)
}
http.Redirect(
writer,
request,
"/apps/"+appID+"?success=env-updated",
http.StatusSeeOther,
)
}
}
// HandleLabelEdit handles editing an existing label.
func (h *Handlers) HandleLabelEdit() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id")
labelIDStr := chi.URLParam(request, "labelID")
labelID, parseErr := strconv.ParseInt(labelIDStr, 10, 64)
if parseErr != nil {
http.NotFound(writer, request)
return
}
label, findErr := models.FindLabel(request.Context(), h.db, labelID)
if findErr != nil || label == nil || label.AppID != appID {
http.NotFound(writer, request)
return
}
formErr := request.ParseForm()
if formErr != nil {
http.Error(writer, "Bad Request", http.StatusBadRequest)
return
}
key := request.FormValue("key")
value := request.FormValue("value")
if key == "" || value == "" {
http.Redirect(writer, request, "/apps/"+appID, http.StatusSeeOther)
return
}
label.Key = key
label.Value = value
saveErr := label.Save(request.Context())
if saveErr != nil {
h.log.Error("failed to update label", "error", saveErr)
}
http.Redirect(writer, request, "/apps/"+appID, http.StatusSeeOther)
}
}
// HandleVolumeEdit handles editing an existing volume mount.
func (h *Handlers) HandleVolumeEdit() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id")
volumeIDStr := chi.URLParam(request, "volumeID")
volumeID, parseErr := strconv.ParseInt(volumeIDStr, 10, 64)
if parseErr != nil {
http.NotFound(writer, request)
return
}
volume, findErr := models.FindVolume(request.Context(), h.db, volumeID)
if findErr != nil || volume == nil || volume.AppID != appID {
http.NotFound(writer, request)
return
}
formErr := request.ParseForm()
if formErr != nil {
http.Error(writer, "Bad Request", http.StatusBadRequest)
return
}
hostPath := request.FormValue("host_path")
containerPath := request.FormValue("container_path")
readOnly := request.FormValue("readonly") == "1"
if hostPath == "" || containerPath == "" {
http.Redirect(writer, request, "/apps/"+appID, http.StatusSeeOther)
return
}
pathErr := validateVolumePaths(hostPath, containerPath)
if pathErr != nil {
h.log.Error("invalid volume path", "error", pathErr)
http.Redirect(writer, request, "/apps/"+appID, http.StatusSeeOther)
return
}
volume.HostPath = hostPath
volume.ContainerPath = containerPath
volume.ReadOnly = readOnly
saveErr := volume.Save(request.Context())
if saveErr != nil {
h.log.Error("failed to update volume", "error", saveErr)
}
http.Redirect(writer, request, "/apps/"+appID, http.StatusSeeOther)
}
}
// validateVolumePaths validates both host and container paths for a volume.
func validateVolumePaths(hostPath, containerPath string) error {
hostErr := ValidateVolumePath(hostPath)
if hostErr != nil {
return fmt.Errorf("host path: %w", hostErr)
}
containerErr := ValidateVolumePath(containerPath)
if containerErr != nil {
return fmt.Errorf("container path: %w", containerErr)
}
return nil
}
// formatDeployKey formats an SSH public key with a descriptive comment.
// Format: ssh-ed25519 AAAA... upaas_2025-01-15_myapp
func formatDeployKey(pubKey string, createdAt time.Time, appName string) string {

28
internal/handlers/handlers_test.go
View File

@@ -24,6 +24,7 @@ import (
"git.eeqj.de/sneak/upaas/internal/handlers"
"git.eeqj.de/sneak/upaas/internal/healthcheck"
"git.eeqj.de/sneak/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/middleware"
"git.eeqj.de/sneak/upaas/internal/service/app"
"git.eeqj.de/sneak/upaas/internal/service/auth"
"git.eeqj.de/sneak/upaas/internal/service/deploy"
@@ -32,10 +33,11 @@ import (
)
type testContext struct {
handlers *handlers.Handlers
database *database.Database
authSvc *auth.Service
appSvc *app.Service
handlers *handlers.Handlers
database *database.Database
authSvc *auth.Service
appSvc *app.Service
middleware *middleware.Middleware
}
func createTestConfig(t *testing.T) *config.Config {
@@ -166,11 +168,21 @@ func setupTestHandlers(t *testing.T) *testContext {
)
require.NoError(t, handlerErr)
mw, mwErr := middleware.New(fx.Lifecycle(nil), middleware.Params{
Logger: logInstance,
Globals: globalInstance,
Config: cfg,
Auth: authSvc,
Database: dbInstance,
})
require.NoError(t, mwErr)
return &testContext{
handlers: handlersInstance,
database: dbInstance,
authSvc: authSvc,
appSvc: appSvc,
handlers: handlersInstance,
database: dbInstance,
authSvc: authSvc,
appSvc: appSvc,
middleware: mw,
}
}

34
internal/handlers/volume_validation_test.go
View File

@@ -1,34 +0,0 @@
package handlers //nolint:testpackage // tests exported ValidateVolumePath function
import "testing"
func TestValidateVolumePath(t *testing.T) {
t.Parallel()
tests := []struct {
name string
path string
wantErr bool
}{
{"valid absolute path", "/data/myapp", false},
{"root path", "/", false},
{"empty path", "", true},
{"relative path", "data/myapp", true},
{"path with dotdot", "/data/../etc", true},
{"path with trailing slash", "/data/", true},
{"path with double slash", "/data//myapp", true},
{"single dot path", ".", true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
err := ValidateVolumePath(tt.path)
if (err != nil) != tt.wantErr {
t.Errorf("ValidateVolumePath(%q) error = %v, wantErr %v",
tt.path, err, tt.wantErr)
}
})
}
}

83
internal/middleware/middleware.go
View File

@@ -2,6 +2,7 @@
package middleware
import (
"context"
"log/slog"
"math"
"net"
@@ -19,22 +20,28 @@ import (
"golang.org/x/time/rate"
"git.eeqj.de/sneak/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/models"
"git.eeqj.de/sneak/upaas/internal/service/auth"
)
// corsMaxAge is the maximum age for CORS preflight responses in seconds.
const corsMaxAge = 300
// apiUserContextKey is the context key for the authenticated API user.
type apiUserContextKey struct{}
// Params contains dependencies for Middleware.
type Params struct {
fx.In
Logger *logger.Logger
Globals *globals.Globals
Config *config.Config
Auth *auth.Service
Logger *logger.Logger
Globals *globals.Globals
Config *config.Config
Auth *auth.Service
Database *database.Database
}
// Middleware provides HTTP middleware.
@@ -339,6 +346,74 @@ func (m *Middleware) LoginRateLimit() func(http.Handler) http.Handler {
}
}
// APITokenAuth returns middleware that authenticates requests via Bearer token.
// It looks up the token hash in the database and stores the user in context.
func (m *Middleware) APITokenAuth() func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(
writer http.ResponseWriter,
request *http.Request,
) {
authHeader := request.Header.Get("Authorization")
if authHeader == "" {
http.Error(writer, `{"error":"missing Authorization header"}`, http.StatusUnauthorized)
return
}
const bearerPrefix = "Bearer "
if !strings.HasPrefix(authHeader, bearerPrefix) {
http.Error(writer, `{"error":"invalid Authorization header"}`, http.StatusUnauthorized)
return
}
rawToken := strings.TrimPrefix(authHeader, bearerPrefix)
if rawToken == "" {
http.Error(writer, `{"error":"empty token"}`, http.StatusUnauthorized)
return
}
hash := models.HashAPIToken(rawToken)
apiToken, err := models.FindAPITokenByHash(request.Context(), m.params.Database, hash)
if err != nil {
m.log.Error("api token lookup error", "error", err)
http.Error(writer, `{"error":"internal server error"}`, http.StatusInternalServerError)
return
}
if apiToken == nil {
http.Error(writer, `{"error":"invalid token"}`, http.StatusUnauthorized)
return
}
// Touch last used (best-effort, don't block on error)
_ = apiToken.TouchLastUsed(request.Context())
user, userErr := models.FindUser(request.Context(), m.params.Database, apiToken.UserID)
if userErr != nil || user == nil {
http.Error(writer, `{"error":"token user not found"}`, http.StatusUnauthorized)
return
}
ctx := context.WithValue(request.Context(), apiUserContextKey{}, user)
next.ServeHTTP(writer, request.WithContext(ctx))
})
}
}
// APIUserFromContext extracts the authenticated API user from the context.
func APIUserFromContext(ctx context.Context) *models.User {
user, _ := ctx.Value(apiUserContextKey{}).(*models.User)
return user
}
// SetupRequired returns middleware that redirects to setup if no user exists.
func (m *Middleware) SetupRequired() func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {

187
internal/models/api_token.go Normal file
View File

@@ -0,0 +1,187 @@
package models
import (
"context"
"crypto/rand"
"crypto/sha256"
"database/sql"
"encoding/hex"
"errors"
"fmt"
"time"
"git.eeqj.de/sneak/upaas/internal/database"
)
// tokenBytes is the number of random bytes for a raw API token.
const tokenBytes = 32
// APIToken represents an API authentication token.
type APIToken struct {
db *database.Database
ID int64
UserID int64
Name string
TokenHash string
CreatedAt time.Time
LastUsedAt sql.NullTime
}
// NewAPIToken creates a new APIToken with a database reference.
func NewAPIToken(db *database.Database) *APIToken {
return &APIToken{db: db}
}
// GenerateAPIToken creates a new API token for a user, returning the raw token
// string (shown once) and the persisted APIToken record.
func GenerateAPIToken(
ctx context.Context,
db *database.Database,
userID int64,
name string,
) (string, *APIToken, error) {
raw := make([]byte, tokenBytes)
_, err := rand.Read(raw)
if err != nil {
return "", nil, fmt.Errorf("generating token bytes: %w", err)
}
rawHex := hex.EncodeToString(raw)
hash := HashAPIToken(rawHex)
token := NewAPIToken(db)
token.UserID = userID
token.Name = name
token.TokenHash = hash
query := `INSERT INTO api_tokens (user_id, name, token_hash) VALUES (?, ?, ?)`
result, execErr := db.Exec(ctx, query, userID, name, hash)
if execErr != nil {
return "", nil, fmt.Errorf("inserting api token: %w", execErr)
}
id, idErr := result.LastInsertId()
if idErr != nil {
return "", nil, fmt.Errorf("getting token id: %w", idErr)
}
token.ID = id
reloadErr := token.Reload(ctx)
if reloadErr != nil {
return "", nil, fmt.Errorf("reloading token: %w", reloadErr)
}
return rawHex, token, nil
}
// HashAPIToken returns the SHA-256 hex digest of a raw token string.
func HashAPIToken(raw string) string {
sum := sha256.Sum256([]byte(raw))
return hex.EncodeToString(sum[:])
}
// Reload refreshes the token from the database.
func (t *APIToken) Reload(ctx context.Context) error {
row := t.db.QueryRow(ctx,
`SELECT id, user_id, name, token_hash, created_at, last_used_at
FROM api_tokens WHERE id = ?`, t.ID,
)
return t.scan(row)
}
// Delete removes the token from the database.
func (t *APIToken) Delete(ctx context.Context) error {
_, err := t.db.Exec(ctx, "DELETE FROM api_tokens WHERE id = ?", t.ID)
return err
}
// TouchLastUsed updates the last_used_at timestamp.
func (t *APIToken) TouchLastUsed(ctx context.Context) error {
_, err := t.db.Exec(ctx,
"UPDATE api_tokens SET last_used_at = CURRENT_TIMESTAMP WHERE id = ?",
t.ID,
)
return err
}
func (t *APIToken) scan(row *sql.Row) error {
return row.Scan(
&t.ID, &t.UserID, &t.Name, &t.TokenHash,
&t.CreatedAt, &t.LastUsedAt,
)
}
// FindAPITokenByHash looks up a token by its SHA-256 hash.
//
//nolint:nilnil // returning nil,nil is idiomatic for "not found" in Active Record
func FindAPITokenByHash(
ctx context.Context,
db *database.Database,
hash string,
) (*APIToken, error) {
token := NewAPIToken(db)
row := db.QueryRow(ctx,
`SELECT id, user_id, name, token_hash, created_at, last_used_at
FROM api_tokens WHERE token_hash = ?`, hash,
)
err := token.scan(row)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
return nil, nil
}
return nil, fmt.Errorf("scanning api token: %w", err)
}
return token, nil
}
// FindAPITokensByUserID returns all tokens for a user.
func FindAPITokensByUserID(
ctx context.Context,
db *database.Database,
userID int64,
) ([]*APIToken, error) {
rows, err := db.Query(ctx,
`SELECT id, user_id, name, token_hash, created_at, last_used_at
FROM api_tokens WHERE user_id = ? ORDER BY created_at DESC`, userID,
)
if err != nil {
return nil, fmt.Errorf("querying api tokens: %w", err)
}
defer func() { _ = rows.Close() }()
var tokens []*APIToken
for rows.Next() {
tok := NewAPIToken(db)
scanErr := rows.Scan(
&tok.ID, &tok.UserID, &tok.Name, &tok.TokenHash,
&tok.CreatedAt, &tok.LastUsedAt,
)
if scanErr != nil {
return nil, fmt.Errorf("scanning api token row: %w", scanErr)
}
tokens = append(tokens, tok)
}
rowsErr := rows.Err()
if rowsErr != nil {
return nil, fmt.Errorf("iterating api token rows: %w", rowsErr)
}
return tokens, nil
}

17
internal/models/app.go
View File

@@ -14,7 +14,7 @@ import (
const appColumns = `id, name, repo_url, branch, dockerfile_path, webhook_secret,
ssh_private_key, ssh_public_key, image_id, status,
docker_network, ntfy_topic, slack_webhook, webhook_secret_hash,
previous_image_id, created_at, updated_at`
created_at, updated_at`
// AppStatus represents the status of an app.
type AppStatus string
@@ -41,9 +41,8 @@ type App struct {
WebhookSecretHash string
SSHPrivateKey string
SSHPublicKey string
ImageID sql.NullString
PreviousImageID sql.NullString
Status AppStatus
ImageID sql.NullString
Status AppStatus
DockerNetwork sql.NullString
NtfyTopic sql.NullString
SlackWebhook sql.NullString
@@ -141,15 +140,13 @@ func (a *App) insert(ctx context.Context) error {
INSERT INTO apps (
id, name, repo_url, branch, dockerfile_path, webhook_secret,
ssh_private_key, ssh_public_key, image_id, status,
docker_network, ntfy_topic, slack_webhook, webhook_secret_hash,
previous_image_id
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
docker_network, ntfy_topic, slack_webhook, webhook_secret_hash
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
_, err := a.db.Exec(ctx, query,
a.ID, a.Name, a.RepoURL, a.Branch, a.DockerfilePath, a.WebhookSecret,
a.SSHPrivateKey, a.SSHPublicKey, a.ImageID, a.Status,
a.DockerNetwork, a.NtfyTopic, a.SlackWebhook, a.WebhookSecretHash,
a.PreviousImageID,
)
if err != nil {
return err
@@ -164,7 +161,6 @@ func (a *App) update(ctx context.Context) error {
name = ?, repo_url = ?, branch = ?, dockerfile_path = ?,
image_id = ?, status = ?,
docker_network = ?, ntfy_topic = ?, slack_webhook = ?,
previous_image_id = ?,
updated_at = CURRENT_TIMESTAMP
WHERE id = ?`
@@ -172,7 +168,6 @@ func (a *App) update(ctx context.Context) error {
a.Name, a.RepoURL, a.Branch, a.DockerfilePath,
a.ImageID, a.Status,
a.DockerNetwork, a.NtfyTopic, a.SlackWebhook,
a.PreviousImageID,
a.ID,
)
@@ -187,7 +182,6 @@ func (a *App) scan(row *sql.Row) error {
&a.ImageID, &a.Status,
&a.DockerNetwork, &a.NtfyTopic, &a.SlackWebhook,
&a.WebhookSecretHash,
&a.PreviousImageID,
&a.CreatedAt, &a.UpdatedAt,
)
}
@@ -205,7 +199,6 @@ func scanApps(appDB *database.Database, rows *sql.Rows) ([]*App, error) {
&app.ImageID, &app.Status,
&app.DockerNetwork, &app.NtfyTopic, &app.SlackWebhook,
&app.WebhookSecretHash,
&app.PreviousImageID,
&app.CreatedAt, &app.UpdatedAt,
)
if scanErr != nil {

19
internal/server/routes.go
View File

@@ -76,24 +76,20 @@ func (s *Server) SetupRoutes() {
r.Get("/apps/{id}/container-logs", s.handlers.HandleContainerLogsAPI())
r.Get("/apps/{id}/status", s.handlers.HandleAppStatusAPI())
r.Get("/apps/{id}/recent-deployments", s.handlers.HandleRecentDeploymentsAPI())
r.Post("/apps/{id}/rollback", s.handlers.HandleAppRollback())
r.Post("/apps/{id}/restart", s.handlers.HandleAppRestart())
r.Post("/apps/{id}/stop", s.handlers.HandleAppStop())
r.Post("/apps/{id}/start", s.handlers.HandleAppStart())
// Environment variables
r.Post("/apps/{id}/env-vars", s.handlers.HandleEnvVarAdd())
r.Post("/apps/{id}/env-vars/{varID}/edit", s.handlers.HandleEnvVarEdit())
r.Post("/apps/{id}/env-vars/{varID}/delete", s.handlers.HandleEnvVarDelete())
// Labels
r.Post("/apps/{id}/labels", s.handlers.HandleLabelAdd())
r.Post("/apps/{id}/labels/{labelID}/edit", s.handlers.HandleLabelEdit())
r.Post("/apps/{id}/labels/{labelID}/delete", s.handlers.HandleLabelDelete())
// Volumes
r.Post("/apps/{id}/volumes", s.handlers.HandleVolumeAdd())
r.Post("/apps/{id}/volumes/{volumeID}/edit", s.handlers.HandleVolumeEdit())
r.Post("/apps/{id}/volumes/{volumeID}/delete", s.handlers.HandleVolumeDelete())
// Ports
@@ -102,6 +98,21 @@ func (s *Server) SetupRoutes() {
})
})
// API v1 routes (Bearer token auth, no CSRF)
s.router.Route("/api/v1", func(r chi.Router) {
r.Use(s.mw.APITokenAuth())
r.Get("/whoami", s.handlers.HandleAPIWhoAmI())
r.Post("/tokens", s.handlers.HandleAPICreateToken())
r.Get("/apps", s.handlers.HandleAPIListApps())
r.Post("/apps", s.handlers.HandleAPICreateApp())
r.Get("/apps/{id}", s.handlers.HandleAPIGetApp())
r.Delete("/apps/{id}", s.handlers.HandleAPIDeleteApp())
r.Post("/apps/{id}/deploy", s.handlers.HandleAPITriggerDeploy())
r.Get("/apps/{id}/deployments", s.handlers.HandleAPIListDeployments())
})
// Metrics endpoint (optional, with basic auth)
if s.params.Config.MetricsUsername != "" {
s.router.Group(func(r chi.Router) {

108
internal/service/deploy/deploy.go
View File

@@ -49,8 +49,6 @@ var (
ErrBuildTimeout = errors.New("build timeout exceeded")
// ErrDeployTimeout indicates the deploy phase exceeded the timeout.
ErrDeployTimeout = errors.New("deploy timeout exceeded")
// ErrNoPreviousImage indicates there is no previous image to rollback to.
ErrNoPreviousImage = errors.New("no previous image available for rollback")
)
// logFlushInterval is how often to flush buffered logs to the database.
@@ -361,107 +359,6 @@ func (svc *Service) Deploy(
return svc.runBuildAndDeploy(deployCtx, bgCtx, app, deployment)
}
// Rollback rolls back an app to its previous image.
// It stops the current container, starts a new one with the previous image,
// and creates a deployment record for the rollback.
func (svc *Service) Rollback(ctx context.Context, app *models.App) error {
if !app.PreviousImageID.Valid || app.PreviousImageID.String == "" {
return ErrNoPreviousImage
}
// Acquire per-app deployment lock
if !svc.tryLockApp(app.ID) {
return ErrDeploymentInProgress
}
defer svc.unlockApp(app.ID)
bgCtx := context.WithoutCancel(ctx)
deployment, err := svc.createRollbackDeployment(bgCtx, app)
if err != nil {
return err
}
return svc.executeRollback(ctx, bgCtx, app, deployment)
}
// createRollbackDeployment creates a deployment record for a rollback operation.
func (svc *Service) createRollbackDeployment(
ctx context.Context,
app *models.App,
) (*models.Deployment, error) {
deployment := models.NewDeployment(svc.db)
deployment.AppID = app.ID
deployment.Status = models.DeploymentStatusDeploying
deployment.ImageID = sql.NullString{String: app.PreviousImageID.String, Valid: true}
saveErr := deployment.Save(ctx)
if saveErr != nil {
return nil, fmt.Errorf("failed to create rollback deployment: %w", saveErr)
}
_ = deployment.AppendLog(ctx, "Rolling back to previous image: "+app.PreviousImageID.String)
return deployment, nil
}
// executeRollback performs the container swap for a rollback.
func (svc *Service) executeRollback(
ctx context.Context,
bgCtx context.Context,
app *models.App,
deployment *models.Deployment,
) error {
previousImageID := app.PreviousImageID.String
svc.removeOldContainer(ctx, app, deployment)
rollbackOpts, err := svc.buildContainerOptions(ctx, app, deployment.ID)
if err != nil {
svc.failDeployment(bgCtx, app, deployment, err)
return fmt.Errorf("failed to build container options: %w", err)
}
rollbackOpts.Image = previousImageID
containerID, err := svc.docker.CreateContainer(ctx, rollbackOpts)
if err != nil {
svc.failDeployment(bgCtx, app, deployment, fmt.Errorf("failed to create rollback container: %w", err))
return fmt.Errorf("failed to create rollback container: %w", err)
}
deployment.ContainerID = sql.NullString{String: containerID, Valid: true}
_ = deployment.AppendLog(bgCtx, "Rollback container created: "+containerID)
startErr := svc.docker.StartContainer(ctx, containerID)
if startErr != nil {
svc.failDeployment(bgCtx, app, deployment, fmt.Errorf("failed to start rollback container: %w", startErr))
return fmt.Errorf("failed to start rollback container: %w", startErr)
}
_ = deployment.AppendLog(bgCtx, "Rollback container started")
currentImageID := app.ImageID
app.ImageID = sql.NullString{String: previousImageID, Valid: true}
app.PreviousImageID = currentImageID
app.Status = models.AppStatusRunning
saveErr := app.Save(bgCtx)
if saveErr != nil {
return fmt.Errorf("failed to update app after rollback: %w", saveErr)
}
_ = deployment.MarkFinished(bgCtx, models.DeploymentStatusSuccess)
_ = deployment.AppendLog(bgCtx, "Rollback complete")
svc.log.Info("rollback completed", "app", app.Name, "image", previousImageID)
return nil
}
// runBuildAndDeploy executes the build and deploy phases, handling cancellation.
func (svc *Service) runBuildAndDeploy(
deployCtx context.Context,
@@ -493,11 +390,6 @@ func (svc *Service) runBuildAndDeploy(
return err
}
// Save current image as previous before updating to new one
if app.ImageID.Valid && app.ImageID.String != "" {
app.PreviousImageID = app.ImageID
}
err = svc.updateAppRunning(bgCtx, app, imageID)
if err != nil {
return err

4
static/css/input.css
View File

@@ -57,10 +57,6 @@
@apply inline-flex items-center justify-center px-4 py-2 rounded-md font-medium text-sm transition-all duration-200 focus:outline-none focus:ring-2 focus:ring-offset-2 disabled:opacity-50 disabled:cursor-not-allowed bg-success-500 text-white hover:bg-success-700 active:bg-green-800 focus:ring-green-500 shadow-elevation-1 hover:shadow-elevation-2;
}
.btn-warning {
@apply inline-flex items-center justify-center px-4 py-2 rounded-md font-medium text-sm transition-all duration-200 focus:outline-none focus:ring-2 focus:ring-offset-2 disabled:opacity-50 disabled:cursor-not-allowed bg-warning-500 text-white hover:bg-warning-700 active:bg-orange-800 focus:ring-orange-500 shadow-elevation-1 hover:shadow-elevation-2;
}
.btn-text {
@apply inline-flex items-center justify-center px-4 py-2 rounded-md font-medium text-sm transition-all duration-200 focus:outline-none focus:ring-2 focus:ring-offset-2 disabled:opacity-50 disabled:cursor-not-allowed text-primary-600 hover:bg-primary-50 active:bg-primary-100;
}

135
templates/app_detail.html
View File

@@ -44,12 +44,6 @@
{{ .CSRFField }}
<button type="submit" class="btn-danger">Cancel Deploy</button>
</form>
{{if .App.PreviousImageID.Valid}}
<form method="POST" action="/apps/{{.App.ID}}/rollback" class="inline" x-data="confirmAction('Roll back to the previous deployment?')" @submit="confirm($event)">
{{ .CSRFField }}
<button type="submit" class="btn-warning">Rollback</button>
</form>
{{end}}
</div>
</div>
@@ -112,34 +106,15 @@
</thead>
<tbody class="table-body">
{{range .EnvVars}}
<tr x-data="{ editing: false }">
<template x-if="!editing">
<td class="font-mono font-medium">{{.Key}}</td>
</template>
<template x-if="!editing">
<td class="font-mono text-gray-500">{{.Value}}</td>
</template>
<template x-if="!editing">
<td class="text-right">
<button @click="editing = true" class="text-primary-600 hover:text-primary-800 text-sm mr-2">Edit</button>
<form method="POST" action="/apps/{{$.App.ID}}/env-vars/{{.ID}}/delete" class="inline" x-data="confirmAction('Delete this environment variable?')" @submit="confirm($event)">
{{ $.CSRFField }}
<button type="submit" class="text-error-500 hover:text-error-700 text-sm">Delete</button>
</form>
</td>
</template>
<template x-if="editing">
<td colspan="3">
<form method="POST" action="/apps/{{$.App.ID}}/env-vars/{{.ID}}/edit" class="flex gap-2 items-center">
{{ $.CSRFField }}
<input type="text" name="key" value="{{.Key}}" required class="input flex-1 font-mono text-sm">
<input type="text" name="value" value="{{.Value}}" required class="input flex-1 font-mono text-sm">
<button type="submit" class="btn-primary text-sm">Save</button>
<button type="button" @click="editing = false" class="text-gray-500 hover:text-gray-700 text-sm">Cancel</button>
</form>
<p class="text-xs text-amber-600 mt-1">⚠ Container restart needed after env var changes.</p>
</td>
</template>
<tr>
<td class="font-mono font-medium">{{.Key}}</td>
<td class="font-mono text-gray-500">{{.Value}}</td>
<td class="text-right">
<form method="POST" action="/apps/{{$.App.ID}}/env/{{.ID}}/delete" class="inline" x-data="confirmAction('Delete this environment variable?')" @submit="confirm($event)">
{{ .CSRFField }}
<button type="submit" class="text-error-500 hover:text-error-700 text-sm">Delete</button>
</form>
</td>
</tr>
{{end}}
</tbody>
@@ -176,33 +151,15 @@
</td>
</tr>
{{range .Labels}}
<tr x-data="{ editing: false }">
<template x-if="!editing">
<td class="font-mono font-medium">{{.Key}}</td>
</template>
<template x-if="!editing">
<td class="font-mono text-gray-500">{{.Value}}</td>
</template>
<template x-if="!editing">
<td class="text-right">
<button @click="editing = true" class="text-primary-600 hover:text-primary-800 text-sm mr-2">Edit</button>
<form method="POST" action="/apps/{{$.App.ID}}/labels/{{.ID}}/delete" class="inline" x-data="confirmAction('Delete this label?')" @submit="confirm($event)">
{{ $.CSRFField }}
<button type="submit" class="text-error-500 hover:text-error-700 text-sm">Delete</button>
</form>
</td>
</template>
<template x-if="editing">
<td colspan="3">
<form method="POST" action="/apps/{{$.App.ID}}/labels/{{.ID}}/edit" class="flex gap-2 items-center">
{{ $.CSRFField }}
<input type="text" name="key" value="{{.Key}}" required class="input flex-1 font-mono text-sm">
<input type="text" name="value" value="{{.Value}}" required class="input flex-1 font-mono text-sm">
<button type="submit" class="btn-primary text-sm">Save</button>
<button type="button" @click="editing = false" class="text-gray-500 hover:text-gray-700 text-sm">Cancel</button>
</form>
</td>
</template>
<tr>
<td class="font-mono font-medium">{{.Key}}</td>
<td class="font-mono text-gray-500">{{.Value}}</td>
<td class="text-right">
<form method="POST" action="/apps/{{$.App.ID}}/labels/{{.ID}}/delete" class="inline" x-data="confirmAction('Delete this label?')" @submit="confirm($event)">
{{ .CSRFField }}
<button type="submit" class="text-error-500 hover:text-error-700 text-sm">Delete</button>
</form>
</td>
</tr>
{{end}}
</tbody>
@@ -232,46 +189,22 @@
</thead>
<tbody class="table-body">
{{range .Volumes}}
<tr x-data="{ editing: false }">
<template x-if="!editing">
<td class="font-mono">{{.HostPath}}</td>
</template>
<template x-if="!editing">
<td class="font-mono">{{.ContainerPath}}</td>
</template>
<template x-if="!editing">
<td>
{{if .ReadOnly}}
<span class="badge-neutral">Read-only</span>
{{else}}
<span class="badge-info">Read-write</span>
{{end}}
</td>
</template>
<template x-if="!editing">
<td class="text-right">
<button @click="editing = true" class="text-primary-600 hover:text-primary-800 text-sm mr-2">Edit</button>
<form method="POST" action="/apps/{{$.App.ID}}/volumes/{{.ID}}/delete" class="inline" x-data="confirmAction('Delete this volume mount?')" @submit="confirm($event)">
{{ $.CSRFField }}
<button type="submit" class="text-error-500 hover:text-error-700 text-sm">Delete</button>
</form>
</td>
</template>
<template x-if="editing">
<td colspan="4">
<form method="POST" action="/apps/{{$.App.ID}}/volumes/{{.ID}}/edit" class="flex gap-2 items-center">
{{ $.CSRFField }}
<input type="text" name="host_path" value="{{.HostPath}}" required class="input flex-1 font-mono text-sm" placeholder="/host/path">
<input type="text" name="container_path" value="{{.ContainerPath}}" required class="input flex-1 font-mono text-sm" placeholder="/container/path">
<label class="flex items-center gap-1 text-sm text-gray-600 whitespace-nowrap">
<input type="checkbox" name="readonly" value="1" {{if .ReadOnly}}checked{{end}} class="rounded border-gray-300 text-primary-600 focus:ring-primary-500">
RO
</label>
<button type="submit" class="btn-primary text-sm">Save</button>
<button type="button" @click="editing = false" class="text-gray-500 hover:text-gray-700 text-sm">Cancel</button>
</form>
</td>
</template>
<tr>
<td class="font-mono">{{.HostPath}}</td>
<td class="font-mono">{{.ContainerPath}}</td>
<td>
{{if .ReadOnly}}
<span class="badge-neutral">Read-only</span>
{{else}}
<span class="badge-info">Read-write</span>
{{end}}
</td>
<td class="text-right">
<form method="POST" action="/apps/{{$.App.ID}}/volumes/{{.ID}}/delete" class="inline" x-data="confirmAction('Delete this volume mount?')" @submit="confirm($event)">
{{ .CSRFField }}
<button type="submit" class="text-error-500 hover:text-error-700 text-sm">Delete</button>
</form>
</td>
</tr>
{{end}}
</tbody>