webhooker/internal/database/database.go

package database

import (
	"context"
	"crypto/rand"
	"database/sql"
	"encoding/base64"
	"errors"
	"fmt"
	"log/slog"
	"os"
	"path/filepath"

	"go.uber.org/fx"
	"gorm.io/driver/sqlite"
	"gorm.io/gorm"
	_ "modernc.org/sqlite" // Pure Go SQLite driver
	"sneak.berlin/go/webhooker/internal/config"
	"sneak.berlin/go/webhooker/internal/logger"
)

// nolint:revive // DatabaseParams is a standard fx naming convention
type DatabaseParams struct {
	fx.In
	Config *config.Config
	Logger *logger.Logger
}

type Database struct {
	db     *gorm.DB
	log    *slog.Logger
	params *DatabaseParams
}

func New(lc fx.Lifecycle, params DatabaseParams) (*Database, error) {
	d := &Database{
		params: &params,
		log:    params.Logger.Get(),
	}

	lc.Append(fx.Hook{
		OnStart: func(_ context.Context) error { // nolint:revive // ctx unused but required by fx
			return d.connect()
		},
		OnStop: func(_ context.Context) error { // nolint:revive // ctx unused but required by fx
			return d.close()
		},
	})

	return d, nil
}

func (d *Database) connect() error {
	// Ensure the data directory exists before opening the database.
	dataDir := d.params.Config.DataDir
	if err := os.MkdirAll(dataDir, 0750); err != nil {
		return fmt.Errorf("creating data directory %s: %w", dataDir, err)
	}

	// Construct the main application database path inside DATA_DIR.
	dbPath := filepath.Join(dataDir, "webhooker.db")
	dbURL := fmt.Sprintf("file:%s?cache=shared&mode=rwc", dbPath)

	// Open the database with the pure Go SQLite driver
	sqlDB, err := sql.Open("sqlite", dbURL)
	if err != nil {
		d.log.Error("failed to open database", "error", err)
		return err
	}

	// Then use it with GORM
	db, err := gorm.Open(sqlite.Dialector{
		Conn: sqlDB,
	}, &gorm.Config{})
	if err != nil {
		d.log.Error("failed to connect to database", "error", err)
		return err
	}

	d.db = db
	d.log.Info("connected to database", "path", dbPath)

	// Run migrations
	return d.migrate()
}

func (d *Database) migrate() error {
	// Run GORM auto-migrations
	if err := d.Migrate(); err != nil {
		d.log.Error("failed to run database migrations", "error", err)
		return err
	}
	d.log.Info("database migrations completed")

	// Check if admin user exists
	var userCount int64
	if err := d.db.Model(&User{}).Count(&userCount).Error; err != nil {
		d.log.Error("failed to count users", "error", err)
		return err
	}

	if userCount == 0 {
		// Create admin user
		d.log.Info("no users found, creating admin user")

		// Generate random password
		password, err := GenerateRandomPassword(16)
		if err != nil {
			d.log.Error("failed to generate random password", "error", err)
			return err
		}

		// Hash the password
		hashedPassword, err := HashPassword(password)
		if err != nil {
			d.log.Error("failed to hash password", "error", err)
			return err
		}

		// Create admin user
		adminUser := &User{
			Username: "admin",
			Password: hashedPassword,
		}

		if err := d.db.Create(adminUser).Error; err != nil {
			d.log.Error("failed to create admin user", "error", err)
			return err
		}

		d.log.Info("admin user created",
			"username", "admin",
			"password", password,
			"message", "SAVE THIS PASSWORD - it will not be shown again!",
		)
	}

	return nil
}

func (d *Database) close() error {
	if d.db != nil {
		sqlDB, err := d.db.DB()
		if err != nil {
			return err
		}
		return sqlDB.Close()
	}
	return nil
}

func (d *Database) DB() *gorm.DB {
	return d.db
}

// GetOrCreateSessionKey retrieves the session encryption key from the
// settings table. If no key exists, a cryptographically secure random
// 32-byte key is generated, base64-encoded, and stored for future use.
func (d *Database) GetOrCreateSessionKey() (string, error) {
	var setting Setting
	result := d.db.Where(&Setting{Key: "session_key"}).First(&setting)
	if result.Error == nil {
		return setting.Value, nil
	}
	if !errors.Is(result.Error, gorm.ErrRecordNotFound) {
		return "", fmt.Errorf("failed to query session key: %w", result.Error)
	}

	// Generate a new cryptographically secure 32-byte key
	keyBytes := make([]byte, 32)
	if _, err := rand.Read(keyBytes); err != nil {
		return "", fmt.Errorf("failed to generate session key: %w", err)
	}
	encoded := base64.StdEncoding.EncodeToString(keyBytes)

	setting = Setting{
		Key:   "session_key",
		Value: encoded,
	}
	if err := d.db.Create(&setting).Error; err != nil {
		return "", fmt.Errorf("failed to store session key: %w", err)
	}

	d.log.Info("generated new session key and stored in database")
	return encoded, nil
}