clawbot
f9a9569015
All checks were successful
check / check (push) Successful in 8s
## Summary This PR brings the webhooker repo into full REPO_POLICIES compliance, addressing both [issue #1](#1) and [issue #2](#2). ## Changes ### New files - **`cmd/webhooker/main.go`** — The missing application entry point. Uses Uber fx to wire together all internal packages (config, database, logger, server, handlers, middleware, healthcheck, globals, session). Minimal glue code. - **`REPO_POLICIES.md`** — Fetched from authoritative source (`sneak/prompts`) - **`.editorconfig`** — Fetched from authoritative source - **`.dockerignore`** — Sensible Go project exclusions - **`.gitea/workflows/check.yml`** — CI workflow that runs `docker build .` on push to any branch (Gitea Actions format, actions/checkout pinned by sha256) - **`configs/config.yaml.example`** — Moved from root `config.yaml` ### Modified files - **`Makefile`** — Complete rewrite with all REPO_POLICIES required targets: `test`, `lint`, `fmt`, `fmt-check`, `check`, `build`, `hooks`, `docker`, `clean`, plus `dev`, `run`, `deps` - **`Dockerfile`** — Complete rewrite: - Builder: `golang:1.24` (Debian-based, pinned by `sha256:d2d2bc1c84f7...`). Debian needed because `gorm.io/driver/sqlite` pulls `mattn/go-sqlite3` (CGO) which fails on Alpine musl. - golangci-lint v1.64.8 installed from GitHub release archive with sha256 verification (v1.x because `.golangci.yml` uses v1 config format) - Runs `make check` (fmt-check + lint + test + build) as build step - Final stage: `alpine:3.21` (pinned by `sha256:c3f8e73fdb79...`) with non-root user, healthcheck, port 8080 - **`README.md`** — Rewritten with all required REPO_POLICIES sections: description line with name/purpose/category/license/author, Getting Started, Rationale, Design, TODO (integrated from TODO.md), License, Author - **`.gitignore`** — Fixed `webhooker` pattern to `/webhooker` (was blocking `cmd/webhooker/`), added `config.yaml` to prevent committing runtime config with secrets - **`static/static.go`** — Removed `vendor` from embed directive (directory was empty/missing) - **`internal/database/database_test.go`** — Fixed to use in-memory config via `afero.MemMapFs` instead of depending on `config.yaml` on disk. Test is now properly isolated. - **`go.mod`/`go.sum`** — `go mod tidy` ### Removed files - **`TODO.md`** — Content integrated into README.md TODO section - **`config.yaml`** — Moved to `configs/config.yaml.example` ## Verification - `docker build .` passes (lint ✅, test ✅, build ✅) - All existing tests pass with no modifications to assertions or test logic - `.golangci.yml` untouched closes #1 closes #2 Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de> Reviewed-on: #6 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>
126 lines
3.2 KiB
Go
126 lines
3.2 KiB
Go
package session
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"log/slog"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/sessions"
|
|
"go.uber.org/fx"
|
|
"sneak.berlin/go/webhooker/internal/config"
|
|
"sneak.berlin/go/webhooker/internal/logger"
|
|
)
|
|
|
|
const (
|
|
// SessionName is the name of the session cookie
|
|
SessionName = "webhooker_session"
|
|
|
|
// UserIDKey is the session key for user ID
|
|
UserIDKey = "user_id"
|
|
|
|
// UsernameKey is the session key for username
|
|
UsernameKey = "username"
|
|
|
|
// AuthenticatedKey is the session key for authentication status
|
|
AuthenticatedKey = "authenticated"
|
|
)
|
|
|
|
// nolint:revive // SessionParams is a standard fx naming convention
|
|
type SessionParams struct {
|
|
fx.In
|
|
Config *config.Config
|
|
Logger *logger.Logger
|
|
}
|
|
|
|
// Session manages encrypted session storage
|
|
type Session struct {
|
|
store *sessions.CookieStore
|
|
log *slog.Logger
|
|
config *config.Config
|
|
}
|
|
|
|
// New creates a new session manager
|
|
func New(lc fx.Lifecycle, params SessionParams) (*Session, error) {
|
|
if params.Config.SessionKey == "" {
|
|
return nil, fmt.Errorf("SESSION_KEY environment variable is required")
|
|
}
|
|
|
|
// Decode the base64 session key
|
|
keyBytes, err := base64.StdEncoding.DecodeString(params.Config.SessionKey)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("invalid SESSION_KEY format: %w", err)
|
|
}
|
|
|
|
if len(keyBytes) != 32 {
|
|
return nil, fmt.Errorf("SESSION_KEY must be 32 bytes (got %d)", len(keyBytes))
|
|
}
|
|
|
|
store := sessions.NewCookieStore(keyBytes)
|
|
|
|
// Configure cookie options for security
|
|
store.Options = &sessions.Options{
|
|
Path: "/",
|
|
MaxAge: 86400 * 7, // 7 days
|
|
HttpOnly: true,
|
|
Secure: !params.Config.IsDev(), // HTTPS in production
|
|
SameSite: http.SameSiteLaxMode,
|
|
}
|
|
|
|
s := &Session{
|
|
store: store,
|
|
log: params.Logger.Get(),
|
|
config: params.Config,
|
|
}
|
|
|
|
return s, nil
|
|
}
|
|
|
|
// Get retrieves a session for the request
|
|
func (s *Session) Get(r *http.Request) (*sessions.Session, error) {
|
|
return s.store.Get(r, SessionName)
|
|
}
|
|
|
|
// Save saves the session
|
|
func (s *Session) Save(r *http.Request, w http.ResponseWriter, sess *sessions.Session) error {
|
|
return sess.Save(r, w)
|
|
}
|
|
|
|
// SetUser sets the user information in the session
|
|
func (s *Session) SetUser(sess *sessions.Session, userID, username string) {
|
|
sess.Values[UserIDKey] = userID
|
|
sess.Values[UsernameKey] = username
|
|
sess.Values[AuthenticatedKey] = true
|
|
}
|
|
|
|
// ClearUser removes user information from the session
|
|
func (s *Session) ClearUser(sess *sessions.Session) {
|
|
delete(sess.Values, UserIDKey)
|
|
delete(sess.Values, UsernameKey)
|
|
delete(sess.Values, AuthenticatedKey)
|
|
}
|
|
|
|
// IsAuthenticated checks if the session has an authenticated user
|
|
func (s *Session) IsAuthenticated(sess *sessions.Session) bool {
|
|
auth, ok := sess.Values[AuthenticatedKey].(bool)
|
|
return ok && auth
|
|
}
|
|
|
|
// GetUserID retrieves the user ID from the session
|
|
func (s *Session) GetUserID(sess *sessions.Session) (string, bool) {
|
|
userID, ok := sess.Values[UserIDKey].(string)
|
|
return userID, ok
|
|
}
|
|
|
|
// GetUsername retrieves the username from the session
|
|
func (s *Session) GetUsername(sess *sessions.Session) (string, bool) {
|
|
username, ok := sess.Values[UsernameKey].(string)
|
|
return username, ok
|
|
}
|
|
|
|
// Destroy invalidates the session
|
|
func (s *Session) Destroy(sess *sessions.Session) {
|
|
sess.Options.MaxAge = -1
|
|
s.ClearUser(sess)
|
|
}
|