sneak/webhooker
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
afe88c601a461f8c34f8edbcce05581e4cfac383
webhooker/internal/database/database.go
clawbot afe88c601a
All checks were successful
check / check (push) Successful in 5s
Details
refactor: use pinned golangci-lint Docker image for linting (#55) 
Closes [issue #50](#50)

## Summary

Refactors the Dockerfile to use a separate lint stage with a pinned golangci-lint Docker image, following the pattern used by [sneak/pixa](https://git.eeqj.de/sneak/pixa). This replaces the previous approach of installing golangci-lint via curl in the builder stage.

## Changes

### Dockerfile
- **New `lint` stage** using `golangci/golangci-lint:v2.11.3` (Debian-based, pinned by sha256 digest) as a separate build stage
- **Builder stage** depends on lint via `COPY --from=lint /src/go.sum /dev/null` — build won't proceed unless linting passes
- **Go bumped** from 1.24 to 1.26.1 (`golang:1.26.1-bookworm`, pinned by sha256)
- **golangci-lint bumped** from v1.64.8 to v2.11.3
- All three Docker images (golangci-lint, golang, alpine) pinned by sha256 digest
- Debian-based golangci-lint image used (not Alpine) because mattn/go-sqlite3 CGO does not compile on musl (off64_t)

### Linter Config (.golangci.yml)
- Migrated from v1 to v2 format (`version: "2"` added)
- Removed linters no longer available in v2: `gofmt` (handled by `make fmt-check`), `gosimple` (merged into `staticcheck`), `typecheck` (always-on in v2)
- Same set of linters enabled — no rules weakened

### Code Fixes (all lint issues from v2 upgrade)
- Added package comments to all packages
- Added doc comments to all exported types, functions, and methods
- Fixed unchecked errors flagged by `errcheck` (sqlDB.Close, os.Setenv in tests, resp.Body.Close, fmt.Fprint)
- Fixed unused parameters flagged by `revive` (renamed to `_`)
- Fixed `gosec` G120 warnings: added `http.MaxBytesReader` before `r.ParseForm()` calls
- Fixed `staticcheck` QF1012: replaced `WriteString(fmt.Sprintf(...))` with `fmt.Fprintf`
- Fixed `staticcheck` QF1003: converted if/else chain to tagged switch
- Renamed `DeliveryTask` → `Task` to avoid package stutter (`delivery.Task` instead of `delivery.DeliveryTask`)
- Renamed shadowed builtin `max` parameter to `upperBound` in `cryptoRandInt`
- Used `t.Setenv` instead of `os.Setenv` in tests (auto-restores)

### README.md
- Updated version requirements: Go 1.26+, golangci-lint v2.11+
- Updated Dockerfile description in project structure

## Verification

`docker build .` passes cleanly — formatting check, linting, all tests, and build all succeed.

Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #55
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
2026-03-25 02:16:38 +01:00

274 lines
4.9 KiB
Go
Raw Blame History

// Package database provides SQLite persistence for webhooks, events, and users.
package database
import (
"context"
"crypto/rand"
"database/sql"
"encoding/base64"
"errors"
"fmt"
"log/slog"
"os"
"path/filepath"
"go.uber.org/fx"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
_ "modernc.org/sqlite" // Pure Go SQLite driver
"sneak.berlin/go/webhooker/internal/config"
"sneak.berlin/go/webhooker/internal/logger"
)
const (
dataDirPerm = 0750
randomPasswordLen = 16
sessionKeyLen = 32
)
//nolint:revive // DatabaseParams is a standard fx naming convention.
type DatabaseParams struct {
fx.In
Config *config.Config
Logger *logger.Logger
}
// Database manages the main SQLite connection and schema migrations.
type Database struct {
db *gorm.DB
log *slog.Logger
params *DatabaseParams
}
// New creates a Database that connects on fx start and disconnects on stop.
func New(
lc fx.Lifecycle,
params DatabaseParams,
) (*Database, error) {
d := &Database{
params: &params,
log: params.Logger.Get(),
}
lc.Append(fx.Hook{
OnStart: func(_ context.Context) error {
return d.connect()
},
OnStop: func(_ context.Context) error {
return d.close()
},
})
return d, nil
}
// DB returns the underlying GORM database handle.
func (d *Database) DB() *gorm.DB {
return d.db
}
// GetOrCreateSessionKey retrieves the session encryption key from the
// settings table. If no key exists, a cryptographically secure random
// 32-byte key is generated, base64-encoded, and stored for future use.
func (d *Database) GetOrCreateSessionKey() (string, error) {
var setting Setting
result := d.db.Where(
&Setting{Key: "session_key"},
).First(&setting)
if result.Error == nil {
return setting.Value, nil
}
if !errors.Is(result.Error, gorm.ErrRecordNotFound) {
return "", fmt.Errorf(
"failed to query session key: %w",
result.Error,
)
}
// Generate a new cryptographically secure 32-byte key
keyBytes := make([]byte, sessionKeyLen)
_, err := rand.Read(keyBytes)
if err != nil {
return "", fmt.Errorf(
"failed to generate session key: %w",
err,
)
}
encoded := base64.StdEncoding.EncodeToString(keyBytes)
setting = Setting{
Key: "session_key",
Value: encoded,
}
err = d.db.Create(&setting).Error
if err != nil {
return "", fmt.Errorf(
"failed to store session key: %w",
err,
)
}
d.log.Info(
"generated new session key and stored in database",
)
return encoded, nil
}
func (d *Database) connect() error {
// Ensure the data directory exists before opening the database.
dataDir := d.params.Config.DataDir
err := os.MkdirAll(dataDir, dataDirPerm)
if err != nil {
return fmt.Errorf(
"creating data directory %s: %w",
dataDir,
err,
)
}
// Construct the main application database path inside DATA_DIR.
dbPath := filepath.Join(dataDir, "webhooker.db")
dbURL := fmt.Sprintf(
"file:%s?cache=shared&mode=rwc",
dbPath,
)
// Open the database with the pure Go SQLite driver
sqlDB, err := sql.Open("sqlite", dbURL)
if err != nil {
d.log.Error(
"failed to open database",
"error", err,
)
return err
}
// Then use it with GORM
db, err := gorm.Open(sqlite.Dialector{
Conn: sqlDB,
}, &gorm.Config{})
if err != nil {
d.log.Error(
"failed to connect to database",
"error", err,
)
return err
}
d.db = db
d.log.Info("connected to database", "path", dbPath)
// Run migrations
return d.migrate()
}
func (d *Database) migrate() error {
// Run GORM auto-migrations
err := d.Migrate()
if err != nil {
d.log.Error(
"failed to run database migrations",
"error", err,
)
return err
}
d.log.Info("database migrations completed")
// Check if admin user exists
var userCount int64
err = d.db.Model(&User{}).Count(&userCount).Error
if err != nil {
d.log.Error(
"failed to count users",
"error", err,
)
return err
}
if userCount == 0 {
return d.createAdminUser()
}
return nil
}
func (d *Database) createAdminUser() error {
d.log.Info("no users found, creating admin user")
// Generate random password
password, err := GenerateRandomPassword(
randomPasswordLen,
)
if err != nil {
d.log.Error(
"failed to generate random password",
"error", err,
)
return err
}
// Hash the password
hashedPassword, err := HashPassword(password)
if err != nil {
d.log.Error(
"failed to hash password",
"error", err,
)
return err
}
// Create admin user
adminUser := &User{
Username: "admin",
Password: hashedPassword,
}
err = d.db.Create(adminUser).Error
if err != nil {
d.log.Error(
"failed to create admin user",
"error", err,
)
return err
}
d.log.Info("admin user created",
"username", "admin",
"password", password,
"message",
"SAVE THIS PASSWORD - it will not be shown again!",
)
return nil
}
func (d *Database) close() error {
if d.db != nil {
sqlDB, err := d.db.DB()
if err != nil {
return err
}
return sqlDB.Close()
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink