diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index a3c90fd..091b753 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -41,13 +41,6 @@ jobs: # Bumping to a v2.x release built against current Go. version: v2.1.6 args: --timeout=5m - # Only flag issues introduced by the PR. The repo carries - # ~90 pre-existing findings (mostly missing godoc comments - # + gofumpt drift + misspell) accumulated before lint was - # actually wired into CI; cleaning them up is its own piece - # of work tracked separately. Without this, every PR fails - # on baseline noise instead of its own changes. - only-new-issues: true build: name: Build (${{ matrix.goos }}/${{ matrix.goarch }}) diff --git a/internal/agent/runner/runner.go b/internal/agent/runner/runner.go index e7b1e0b..dc6763c 100644 --- a/internal/agent/runner/runner.go +++ b/internal/agent/runner/runner.go @@ -99,13 +99,13 @@ func (r *Runner) RunBackup(ctx context.Context, jobID string, paths, excludes, t } lastProgress = time.Now() progEnv, _ := api.Marshal(api.MsgJobProgress, jobID, api.JobProgressPayload{ - JobID: jobID, - PercentDone: status.PercentDone, - FilesDone: status.FilesDone, - TotalFiles: status.TotalFiles, - BytesDone: status.BytesDone, - TotalBytes: status.TotalBytes, - ETASeconds: status.SecondsRem, + JobID: jobID, + PercentDone: status.PercentDone, + FilesDone: status.FilesDone, + TotalFiles: status.TotalFiles, + BytesDone: status.BytesDone, + TotalBytes: status.TotalBytes, + ETASeconds: status.SecondsRem, ThroughputBps: throughput(status.BytesDone, status.SecondsElapsed), }) _ = r.tx.Send(progEnv) diff --git a/internal/agent/scheduler/scheduler.go b/internal/agent/scheduler/scheduler.go index c3ede1f..e9576ba 100644 --- a/internal/agent/scheduler/scheduler.go +++ b/internal/agent/scheduler/scheduler.go @@ -110,7 +110,7 @@ func (s *Scheduler) Apply(payload api.ScheduleSetPayload, tx Sender) { "received", len(payload.Schedules), "active", added) // Ack outside the lock — Send() shouldn't take long, but holding - // s.mu across an external call would needlessly serialise other + // s.mu across an external call would needlessly serialize other // callers (e.g. a future Status() inspection from the UI). ackEnv, err := api.Marshal(api.MsgScheduleAck, "", api.ScheduleAckPayload{ Version: payload.Version, @@ -167,4 +167,3 @@ func (s *Scheduler) fire(entry api.Schedule) { "schedule_id", entry.ID, "err", err) } } - diff --git a/internal/agent/secrets/secrets.go b/internal/agent/secrets/secrets.go index 8aa467f..f5bbc82 100644 --- a/internal/agent/secrets/secrets.go +++ b/internal/agent/secrets/secrets.go @@ -20,7 +20,7 @@ import ( // additionalData binds ciphertexts to the agent-secrets context, so a // blob lifted from one role's file can't be replayed into another's -// row in some unrelated table that uses the same key. (Defence in +// row in some unrelated table that uses the same key. (Defense in // depth — the key is per-host today, but cheap to be careful.) const additionalData = "rm-agent-repo-creds-v1" diff --git a/internal/agent/sysinfo/sysinfo.go b/internal/agent/sysinfo/sysinfo.go index c4b9c62..e0c369e 100644 --- a/internal/agent/sysinfo/sysinfo.go +++ b/internal/agent/sysinfo/sysinfo.go @@ -48,7 +48,9 @@ func Collect(ctx context.Context, resticPath string) (Snapshot, error) { // detectResticVersion runs `restic version` and parses the first line. // Output looks like: -// restic 0.17.1 compiled with go1.22.5 on linux/amd64 +// +// restic 0.17.1 compiled with go1.22.5 on linux/amd64 +// // Returns the version token (e.g. "0.17.1") or "" if restic isn't // found. We never block startup on a missing restic — the operator // might not have installed it yet, and the agent should still be @@ -74,5 +76,5 @@ func detectResticVersion(ctx context.Context, override string) (string, error) { if len(parts) >= 2 && parts[0] == "restic" { return parts[1], nil } - return "", fmt.Errorf("sysinfo: unrecognised restic version output: %q", first) + return "", fmt.Errorf("sysinfo: unrecognized restic version output: %q", first) } diff --git a/internal/agent/wsclient/client.go b/internal/agent/wsclient/client.go index f37f3e4..4e5d0b0 100644 --- a/internal/agent/wsclient/client.go +++ b/internal/agent/wsclient/client.go @@ -40,7 +40,7 @@ type Config struct { // Sender is what handlers use to push agent → server messages // (job.progress, job.finished, log.stream, command.result, …). // Returned by the WS client to the dispatch handler. Write operations -// serialise behind a single mutex on the conn; concurrent calls are +// serialize behind a single mutex on the conn; concurrent calls are // safe. type Sender interface { Send(env api.Envelope) error @@ -52,7 +52,7 @@ type Sender interface { type Handler func(ctx context.Context, env api.Envelope, tx Sender) error // Run keeps the agent connected indefinitely. Returns when ctx is -// cancelled. Errors during a single connection attempt are logged and +// canceled. Errors during a single connection attempt are logged and // trigger reconnect-with-backoff; only ctx.Done() ends the loop. func Run(ctx context.Context, cfg Config, handle Handler) error { if cfg.HeartbeatPeriod <= 0 { @@ -69,7 +69,10 @@ func Run(ctx context.Context, cfg Config, handle Handler) error { slog.Warn("ws agent disconnect", "err", err) } if err := sleepCtx(ctx, backoff.next()); err != nil { - return nil + // ctx cancellation mid-backoff means the parent shut us down — + // exit the reconnect loop quietly rather than propagating + // a context error up to a caller that will discard it. + return nil //nolint:nilerr } } } @@ -100,11 +103,15 @@ func connectOnce(ctx context.Context, cfg Config, handle Handler) error { } dialCtx, cancel := context.WithTimeout(ctx, 30*time.Second) - conn, _, err := websocket.Dial(dialCtx, wsURL, dialOpts) + conn, res, err := websocket.Dial(dialCtx, wsURL, dialOpts) cancel() if err != nil { return fmt.Errorf("dial: %w", err) } + // websocket.Dial returns the upgrade response separately from the + // conn. Body is empty on a successful upgrade but Go's net/http + // still expects it closed to release the connection. + defer func() { _ = res.Body.Close() }() defer conn.CloseNow() //nolint:errcheck // Send hello. diff --git a/internal/agent/wsclient/enroll.go b/internal/agent/wsclient/enroll.go index 6ba00bd..5fee682 100644 --- a/internal/agent/wsclient/enroll.go +++ b/internal/agent/wsclient/enroll.go @@ -50,7 +50,7 @@ func Enroll(ctx context.Context, serverURL string, req EnrollRequest) (*EnrollRe if err != nil { return nil, fmt.Errorf("agent enroll: post: %w", err) } - defer res.Body.Close() + defer func() { _ = res.Body.Close() }() rawRes, _ := io.ReadAll(res.Body) if res.StatusCode != stdhttp.StatusCreated { return nil, fmt.Errorf("agent enroll: server returned %d: %s", diff --git a/internal/api/messages.go b/internal/api/messages.go index ad98a7e..c93cad6 100644 --- a/internal/api/messages.go +++ b/internal/api/messages.go @@ -10,13 +10,18 @@ import ( // constants so we don't end up with both "linux" and "Linux" rows. type HostOS string +// Allowed values for HostOS. Lowercased on the wire so the server +// can use a single CHECK constraint. const ( OSLinux HostOS = "linux" OSWindows HostOS = "windows" ) +// HostArch is the agent's CPU architecture; same lowercase-on-wire +// rule as HostOS. type HostArch string +// Allowed values for HostArch. const ( ArchAmd64 HostArch = "amd64" ArchArm64 HostArch = "arm64" @@ -45,6 +50,9 @@ type HeartbeatPayload struct { // JobKind is the operation an agent is being asked to run, or just ran. type JobKind string +// Allowed JobKind values. backup is operator/cron driven; init runs +// once per host on first connect; forget/prune/check fire from the +// server-side maintenance ticker; unlock is operator-only. const ( JobBackup JobKind = "backup" JobInit JobKind = "init" @@ -57,12 +65,16 @@ const ( // JobStatus is the lifecycle state of a job. type JobStatus string +// Allowed JobStatus values. queued → running → one of {succeeded, +// failed, JobCancelled} as a terminal state. The wire/DB literal for +// the JobCancelled value uses UK spelling — don't "fix" it; existing +// job rows + agent payloads will mismatch. //nolint:misspell const ( JobQueued JobStatus = "queued" JobRunning JobStatus = "running" JobSucceeded JobStatus = "succeeded" JobFailed JobStatus = "failed" - JobCancelled JobStatus = "cancelled" + JobCancelled JobStatus = "cancelled" //nolint:misspell // wire format ) // CommandRunPayload is the server → agent dispatch for a run-now job. @@ -145,6 +157,8 @@ type LogStreamLine struct { // LogStream identifies which channel a log line came from. type LogStream string +// Allowed LogStream values. stdout/stderr are passed through verbatim; +// event is the parsed restic --json envelope (summary, error, etc). const ( LogStdout LogStream = "stdout" LogStderr LogStream = "stderr" @@ -175,12 +189,12 @@ type Snapshot struct { // RepoStatsPayload — agent reports periodic repo health facts derived // from `restic stats` and lock-file inspection. type RepoStatsPayload struct { - SizeBytes int64 `json:"size_bytes"` - SnapshotCount int `json:"snapshot_count"` - DedupRatio float64 `json:"dedup_ratio"` - LastCheckAt time.Time `json:"last_check_at,omitempty"` - LastCheckStatus string `json:"last_check_status,omitempty"` - LockState string `json:"lock_state"` // locked|unlocked + SizeBytes int64 `json:"size_bytes"` + SnapshotCount int `json:"snapshot_count"` + DedupRatio float64 `json:"dedup_ratio"` + LastCheckAt time.Time `json:"last_check_at,omitempty"` + LastCheckStatus string `json:"last_check_status,omitempty"` + LockState string `json:"lock_state"` // locked|unlocked } // Schedule is the agent-facing view of a slim Schedule row plus its @@ -220,8 +234,8 @@ type ScheduleSetPayload struct { // ScheduleAckPayload — agent confirms it has applied a given version. type ScheduleAckPayload struct { - Version int64 `json:"version"` - AppliedAt time.Time `json:"applied_at"` + Version int64 `json:"version"` + AppliedAt time.Time `json:"applied_at"` } // ScheduleFirePayload — agent reports a local cron entry just fired. @@ -239,11 +253,11 @@ type ScheduleFirePayload struct { // repo connection details). Empty fields mean "leave existing alone"; // to clear something, send an explicit zero value. type ConfigUpdatePayload struct { - RepoURL string `json:"repo_url,omitempty"` - RepoPassword string `json:"repo_password,omitempty"` // sensitive - RepoUsername string `json:"repo_username,omitempty"` - RepoCredential string `json:"repo_credential,omitempty"` // sensitive (for rest server basic auth) - HookShell string `json:"hook_shell,omitempty"` + RepoURL string `json:"repo_url,omitempty"` + RepoPassword string `json:"repo_password,omitempty"` // sensitive + RepoUsername string `json:"repo_username,omitempty"` + RepoCredential string `json:"repo_credential,omitempty"` // sensitive (for rest server basic auth) + HookShell string `json:"hook_shell,omitempty"` } // AgentUpdateAvailablePayload — informational only; the agent does diff --git a/internal/api/wire.go b/internal/api/wire.go index d551bb0..df646a5 100644 --- a/internal/api/wire.go +++ b/internal/api/wire.go @@ -12,35 +12,35 @@ type MessageType string // Agent → server message types. const ( - MsgHello MessageType = "hello" - MsgHeartbeat MessageType = "heartbeat" - MsgJobStarted MessageType = "job.started" - MsgJobProgress MessageType = "job.progress" - MsgJobFinished MessageType = "job.finished" - MsgSnapshotsRpt MessageType = "snapshots.report" - MsgRepoStats MessageType = "repo.stats" - MsgLogStream MessageType = "log.stream" - MsgScheduleAck MessageType = "schedule.ack" - MsgScheduleFire MessageType = "schedule.fire" // agent: a local cron entry fired, please dispatch a job - MsgCommandResult MessageType = "command.result" // ack for command.run - MsgError MessageType = "error" + MsgHello MessageType = "hello" + MsgHeartbeat MessageType = "heartbeat" + MsgJobStarted MessageType = "job.started" + MsgJobProgress MessageType = "job.progress" + MsgJobFinished MessageType = "job.finished" + MsgSnapshotsRpt MessageType = "snapshots.report" + MsgRepoStats MessageType = "repo.stats" + MsgLogStream MessageType = "log.stream" + MsgScheduleAck MessageType = "schedule.ack" + MsgScheduleFire MessageType = "schedule.fire" // agent: a local cron entry fired, please dispatch a job + MsgCommandResult MessageType = "command.result" // ack for command.run + MsgError MessageType = "error" ) // Server → agent message types. const ( - MsgCommandRun MessageType = "command.run" - MsgCommandCancel MessageType = "command.cancel" - MsgScheduleSet MessageType = "schedule.set" - MsgConfigUpdate MessageType = "config.update" - MsgAgentUpdateAvail MessageType = "agent.update.available" + MsgCommandRun MessageType = "command.run" + MsgCommandCancel MessageType = "command.cancel" + MsgScheduleSet MessageType = "schedule.set" + MsgConfigUpdate MessageType = "config.update" + MsgAgentUpdateAvail MessageType = "agent.update.available" ) // Envelope is the framing for every WS message in either direction. // Payload is parsed into the concrete struct chosen by Type. // -// ID is set on RPC-style messages (command.run / command.result) so -// responses can be correlated. For one-shot pushes (heartbeat, -// job.progress) it is empty. +// ID is set on RPC-style messages (command.run / command.result) so +// responses can be correlated. For one-shot pushes (heartbeat, +// job.progress) it is empty. type Envelope struct { Type MessageType `json:"type"` ID string `json:"id,omitempty"` @@ -71,6 +71,8 @@ func (e Envelope) UnmarshalPayload(v any) error { // These are stable identifiers; client code may switch on them. type ErrorCode string +// Stable ErrorCode values surfaced over the wire. Clients switch on +// these; renaming requires a wire-version bump. const ( ErrProtocolTooOld ErrorCode = "protocol_too_old" ErrProtocolTooNew ErrorCode = "protocol_too_new" diff --git a/internal/auth/passwords.go b/internal/auth/passwords.go index dd26567..d245ace 100644 --- a/internal/auth/passwords.go +++ b/internal/auth/passwords.go @@ -16,6 +16,7 @@ import ( // argon2id parameters following RFC 9106 §4 "second // recommended option" (memory-constrained): // - 64 MiB memory, 3 iterations, 4 lanes, 32-byte tag. +// // These are tunable per-deployment if a beefy controller wants to // crank them; we ship a defensible default. const ( @@ -27,7 +28,9 @@ const ( ) // HashPassword returns an argon2id-encoded string of the form -// $argon2id$v=19$m=...,t=...,p=...$$ +// +// $argon2id$v=19$m=...,t=...,p=...$$ +// // safe to store in a TEXT column. The salt is freshly random per call. func HashPassword(password string) (string, error) { salt := make([]byte, defaultSaltLen) @@ -53,7 +56,7 @@ func VerifyPassword(encoded, password string) error { parts := strings.Split(encoded, "$") // "$argon2id$v=...$m=...,t=...,p=...$$" → 6 parts (leading empty) if len(parts) != 6 || parts[1] != "argon2id" { - return errors.New("auth: unrecognised hash format") + return errors.New("auth: unrecognized hash format") } var version int if _, err := fmt.Sscanf(parts[2], "v=%d", &version); err != nil { diff --git a/internal/auth/passwords_test.go b/internal/auth/passwords_test.go index b7f82bd..8256289 100644 --- a/internal/auth/passwords_test.go +++ b/internal/auth/passwords_test.go @@ -41,7 +41,7 @@ func TestVerifyRejectsMalformed(t *testing.T) { "", "not-a-hash", "$argon2i$v=19$m=64,t=3,p=4$AAAA$BBBB", // wrong variant - "$argon2id$", // truncated + "$argon2id$", // truncated "$argon2id$v=99$m=64,t=3,p=4$AAAA$BBBB", // bad version } for _, c := range cases { diff --git a/internal/crypto/aead.go b/internal/crypto/aead.go index 4564d30..7a68264 100644 --- a/internal/crypto/aead.go +++ b/internal/crypto/aead.go @@ -65,7 +65,7 @@ func GenerateKeyFile(path string) error { if err != nil { return fmt.Errorf("create key file %q: %w", path, err) } - defer f.Close() + defer func() { _ = f.Close() }() key := make([]byte, KeyLen) if _, err := io.ReadFull(rand.Reader, key); err != nil { return fmt.Errorf("read random: %w", err) diff --git a/internal/restic/runner.go b/internal/restic/runner.go index c0d0d22..05721af 100644 --- a/internal/restic/runner.go +++ b/internal/restic/runner.go @@ -15,7 +15,7 @@ import ( "time" ) -// Locate resolves the path to the restic binary. Honour an explicit +// Locate resolves the path to the restic binary. Honor an explicit // override if provided, else fall back to PATH. func Locate(override string) (string, error) { if override != "" { @@ -41,12 +41,12 @@ func Locate(override string) (string, error) { // never assign it back to Env, never pass it to slog. If anything // in this package ever needs to *log* a URL, use RedactURL. type Env struct { - Bin string // path to restic binary - RepoURL string // RESTIC_REPOSITORY (no embedded creds) - RepoUsername string // optional HTTP basic-auth user for rest: URLs - RepoPassword string // doubles as RESTIC_PASSWORD and (for rest:) HTTP basic-auth password - ExtraEnv map[string]string // any other RESTIC_* / passthrough - WorkDir string // CWD; default = current + Bin string // path to restic binary + RepoURL string // RESTIC_REPOSITORY (no embedded creds) + RepoUsername string // optional HTTP basic-auth user for rest: URLs + RepoPassword string // doubles as RESTIC_PASSWORD and (for rest:) HTTP basic-auth password + ExtraEnv map[string]string // any other RESTIC_* / passthrough + WorkDir string // CWD; default = current } // EventKind enumerates what we care about in restic's --json output @@ -54,10 +54,12 @@ type Env struct { // switch on message_type. type EventKind string +// Known message_type values restic --json emits during a backup. +// Kept as constants so callers can switch without typo risk. const ( - EventStatus EventKind = "status" // periodic progress + EventStatus EventKind = "status" // periodic progress EventVerbose EventKind = "verbose_status" - EventSummary EventKind = "summary" // emitted once at end of backup + EventSummary EventKind = "summary" // emitted once at end of backup EventErrorEvent EventKind = "error" ) @@ -90,7 +92,7 @@ type BackupSummary struct { } // LineHandler receives every stdout/stderr line. event is non-nil -// when the line is a recognised JSON status; raw always carries the +// when the line is a recognized JSON status; raw always carries the // original text (so we can also tee to job_logs as `stdout`). type LineHandler func(stream string, raw string, event any) @@ -256,7 +258,7 @@ func (e Env) RunInit(ctx context.Context, handle LineHandler) error { // Sniff for "config file already exists" on stderr; if we see it // we'll treat the non-zero exit as a soft success — running init - // against an already-initialised repo is a no-op semantically, + // against an already-initialized repo is a no-op semantically, // not a failure. Wraps the caller's handle so the line still // gets streamed verbatim to the operator-facing log. alreadyInited := false @@ -280,7 +282,7 @@ func (e Env) RunInit(ctx context.Context, handle LineHandler) error { if werr := cmd.Wait(); werr != nil { if alreadyInited { if handle != nil { - handle("event", "repo already initialised — treating as success", nil) + handle("event", "repo already initialized — treating as success", nil) } return nil } diff --git a/internal/restic/url_test.go b/internal/restic/url_test.go index 63f9b5d..03c2920 100644 --- a/internal/restic/url_test.go +++ b/internal/restic/url_test.go @@ -8,9 +8,11 @@ func TestMergeRestCreds(t *testing.T) { }{ {"rest with creds", "rest:http://h:8000/p/", "u", "p", "rest:http://u:p@h:8000/p/"}, {"rest no user — no-op", "rest:http://h:8000/p/", "", "p", "rest:http://h:8000/p/"}, - {"rest creds already inline — no-op", + { + "rest creds already inline — no-op", "rest:http://existing:secret@h:8000/p/", "u", "p", - "rest:http://existing:secret@h:8000/p/"}, + "rest:http://existing:secret@h:8000/p/", + }, {"non-rest s3 — no-op", "s3:s3.amazonaws.com/bucket", "u", "p", "s3:s3.amazonaws.com/bucket"}, {"unparseable — pass through", "rest:not a url", "u", "p", "rest:not a url"}, {"https URL kept intact", "rest:https://h/p/", "u", "p", "rest:https://u:p@h/p/"}, diff --git a/internal/server/config/config.go b/internal/server/config/config.go index 9e09ecd..0d883cf 100644 --- a/internal/server/config/config.go +++ b/internal/server/config/config.go @@ -34,9 +34,9 @@ type Config struct { } // Load resolves config in this order: -// 1. defaults -// 2. YAML at the given path (if non-empty and exists) -// 3. environment variables (RM_LISTEN, RM_DATA_DIR, …) +// 1. defaults +// 2. YAML at the given path (if non-empty and exists) +// 3. environment variables (RM_LISTEN, RM_DATA_DIR, …) // // The result is validated; a zero-error return means the server is // safe to start. diff --git a/internal/server/http/agent_assets.go b/internal/server/http/agent_assets.go index 2efbd8e..4808504 100644 --- a/internal/server/http/agent_assets.go +++ b/internal/server/http/agent_assets.go @@ -57,7 +57,7 @@ func (s *Server) handleAgentBinary(w stdhttp.ResponseWriter, r *stdhttp.Request) } func (s *Server) handleInstallAsset(w stdhttp.ResponseWriter, r *stdhttp.Request) { - // chi's TrimPrefix-like behaviour: r.URL.Path is "/install/". + // chi's TrimPrefix-like behavior: r.URL.Path is "/install/". rel := strings.TrimPrefix(r.URL.Path, "/install/") // Reject any path traversal — must be a flat filename. if rel == "" || strings.ContainsAny(rel, "/\\") { diff --git a/internal/server/http/auth.go b/internal/server/http/auth.go index 6c0fc2e..cb25f71 100644 --- a/internal/server/http/auth.go +++ b/internal/server/http/auth.go @@ -137,7 +137,7 @@ func (s *Server) handleBootstrap(w stdhttp.ResponseWriter, r *stdhttp.Request) { return } if n > 0 { - writeJSONError(w, stdhttp.StatusConflict, "already_initialised", + writeJSONError(w, stdhttp.StatusConflict, "already_initialized", "a user already exists; bootstrap is disabled") return } diff --git a/internal/server/http/auth_test.go b/internal/server/http/auth_test.go index 740eb21..18650dc 100644 --- a/internal/server/http/auth_test.go +++ b/internal/server/http/auth_test.go @@ -36,7 +36,7 @@ func newTestServer(t *testing.T, withBootstrapToken bool) (*Server, string) { aead, _ := crypto.NewAEAD(key) deps := Deps{ - Cfg: config.Config{Listen: ":0", DataDir: dir, SecretKeyFile: keyPath}, + Cfg: config.Config{Listen: ":0", DataDir: dir, SecretKeyFile: keyPath}, Store: st, AEAD: aead, } @@ -125,7 +125,9 @@ func TestLoginAndLogout(t *testing.T) { bs, _ := json.Marshal(bootstrapRequest{ Token: "test-token", Username: "alice", Password: "averylongpassword", }) - stdhttp.Post(url+"/api/bootstrap", "application/json", bytes.NewReader(bs)) //nolint:errcheck + if bsRes, err := stdhttp.Post(url+"/api/bootstrap", "application/json", bytes.NewReader(bs)); err == nil { + _ = bsRes.Body.Close() + } // Login. body, _ := json.Marshal(loginRequest{Username: "alice", Password: "averylongpassword"}) diff --git a/internal/server/http/enrollment.go b/internal/server/http/enrollment.go index e0f3f26..2706ea5 100644 --- a/internal/server/http/enrollment.go +++ b/internal/server/http/enrollment.go @@ -3,6 +3,7 @@ package http import ( "context" "encoding/json" + "errors" "fmt" "log/slog" stdhttp "net/http" @@ -142,7 +143,7 @@ func (s *Server) handleAgentEnroll(w stdhttp.ResponseWriter, r *stdhttp.Request) // Seed the host's "default" source group with whatever paths the // operator typed into Add-host (empty allowed; group is editable - // from the Sources tab post-enrol). Also seed the host's + // from the Sources tab post-enroll). Also seed the host's // repo-maintenance row with default cadences so forget/prune/check // start ticking on their own. Auto-init dispatch lands in Phase 6 // of the redesign. @@ -222,12 +223,11 @@ func (s *Server) handleCreateEnrollmentToken(w stdhttp.ResponseWriter, r *stdhtt return } token, expiresAt, err := s.mintEnrollmentToken(r.Context(), req.RepoURL, req.RepoUsername, req.RepoPassword, req.InitialPaths) - switch err { - case nil: + switch { + case err == nil: writeJSON(w, stdhttp.StatusCreated, enrollOperatorResponse{Token: token, ExpiresAt: expiresAt}) - case errMissingRepoCreds: - writeJSONError(w, stdhttp.StatusBadRequest, "missing_field", - "repo_url and repo_password are required so the agent can run backups on first connect") + case errors.Is(err, errMissingRepoCreds): + writeJSONError(w, stdhttp.StatusBadRequest, "missing_field", "repo_url and repo_password are required so the agent can run backups on first connect") default: writeJSONError(w, stdhttp.StatusInternalServerError, "internal", "") } diff --git a/internal/server/http/host_credentials.go b/internal/server/http/host_credentials.go index 2c564c0..5887a75 100644 --- a/internal/server/http/host_credentials.go +++ b/internal/server/http/host_credentials.go @@ -162,7 +162,7 @@ func (s *Server) handleSetHostCredentials(w stdhttp.ResponseWriter, r *stdhttp.R w.WriteHeader(stdhttp.StatusNoContent) } -// pushRepoCredsToAgent serialises blob into a config.update envelope +// pushRepoCredsToAgent serializes blob into a config.update envelope // and ships it down the agent's WS. Returns an error from the hub // (no-op if not connected — caller is expected to check first when it // matters). diff --git a/internal/server/http/hosts.go b/internal/server/http/hosts.go index d969e33..e1d5ca3 100644 --- a/internal/server/http/hosts.go +++ b/internal/server/http/hosts.go @@ -10,23 +10,23 @@ import ( // store row, but with explicit time-strings so wire format is stable // across DB driver changes. type hostView struct { - ID string `json:"id"` - Name string `json:"name"` - OS string `json:"os"` - Arch string `json:"arch"` - AgentVersion string `json:"agent_version,omitempty"` - ResticVersion string `json:"restic_version,omitempty"` - ProtocolVersion int `json:"protocol_version"` - EnrolledAt string `json:"enrolled_at"` - LastSeenAt *string `json:"last_seen_at,omitempty"` - Status string `json:"status"` - Tags []string `json:"tags"` - CurrentJobID *string `json:"current_job_id,omitempty"` - LastBackupAt *string `json:"last_backup_at,omitempty"` - LastBackupStatus *string `json:"last_backup_status,omitempty"` - RepoSizeBytes int64 `json:"repo_size_bytes"` - SnapshotCount int `json:"snapshot_count"` - OpenAlertCount int `json:"open_alert_count"` + ID string `json:"id"` + Name string `json:"name"` + OS string `json:"os"` + Arch string `json:"arch"` + AgentVersion string `json:"agent_version,omitempty"` + ResticVersion string `json:"restic_version,omitempty"` + ProtocolVersion int `json:"protocol_version"` + EnrolledAt string `json:"enrolled_at"` + LastSeenAt *string `json:"last_seen_at,omitempty"` + Status string `json:"status"` + Tags []string `json:"tags"` + CurrentJobID *string `json:"current_job_id,omitempty"` + LastBackupAt *string `json:"last_backup_at,omitempty"` + LastBackupStatus *string `json:"last_backup_status,omitempty"` + RepoSizeBytes int64 `json:"repo_size_bytes"` + SnapshotCount int `json:"snapshot_count"` + OpenAlertCount int `json:"open_alert_count"` } // handleListHosts returns the full fleet as JSON. Authenticated; the diff --git a/internal/server/http/jobs.go b/internal/server/http/jobs.go index 7b90d10..e6afd7a 100644 --- a/internal/server/http/jobs.go +++ b/internal/server/http/jobs.go @@ -16,8 +16,8 @@ import ( // runNowRequest is the body of POST /api/hosts/:id/jobs. type runNowRequest struct { - Kind api.JobKind `json:"kind"` - Args []string `json:"args,omitempty"` // restic CLI args (paths for backup, etc.) + Kind api.JobKind `json:"kind"` + Args []string `json:"args,omitempty"` // restic CLI args (paths for backup, etc.) } type runNowResponse struct { diff --git a/internal/server/http/p2r01_test.go b/internal/server/http/p2r01_test.go index 7042e1f..6863e87 100644 --- a/internal/server/http/p2r01_test.go +++ b/internal/server/http/p2r01_test.go @@ -215,24 +215,30 @@ func TestSchedulesCRUDValidation(t *testing.T) { // Bad cron → 400. status, body := doJSON(t, url, "POST", "/api/hosts/"+hostID+"/schedules", - map[string]any{"cron": "not-a-cron", "enabled": true, - "source_group_ids": []string{"x"}}, cookie) + map[string]any{ + "cron": "not-a-cron", "enabled": true, + "source_group_ids": []string{"x"}, + }, cookie) if status != 400 { t.Fatalf("bad cron: want 400, got %d (body=%+v)", status, body) } // Missing groups → 400. status, _ = doJSON(t, url, "POST", "/api/hosts/"+hostID+"/schedules", - map[string]any{"cron": "0 3 * * *", "enabled": true, - "source_group_ids": []string{}}, cookie) + map[string]any{ + "cron": "0 3 * * *", "enabled": true, + "source_group_ids": []string{}, + }, cookie) if status != 400 { t.Errorf("missing groups: want 400, got %d", status) } // Group not on host → 400. status, _ = doJSON(t, url, "POST", "/api/hosts/"+hostID+"/schedules", - map[string]any{"cron": "0 3 * * *", "enabled": true, - "source_group_ids": []string{"non-existent"}}, cookie) + map[string]any{ + "cron": "0 3 * * *", "enabled": true, + "source_group_ids": []string{"non-existent"}, + }, cookie) if status != 400 { t.Errorf("bogus group: want 400, got %d", status) } @@ -247,8 +253,10 @@ func TestSchedulesCRUDValidation(t *testing.T) { // Happy create. status, body = doJSON(t, url, "POST", "/api/hosts/"+hostID+"/schedules", - map[string]any{"cron": "0 3 * * *", "enabled": true, - "source_group_ids": []string{gid}}, cookie) + map[string]any{ + "cron": "0 3 * * *", "enabled": true, + "source_group_ids": []string{gid}, + }, cookie) if status != 201 { t.Fatalf("create: %d body=%+v", status, body) } @@ -269,8 +277,10 @@ func TestSchedulesCRUDValidation(t *testing.T) { // Update — change cron, keep group. status, body = doJSON(t, url, "PUT", "/api/hosts/"+hostID+"/schedules/"+sid, - map[string]any{"cron": "@hourly", "enabled": false, - "source_group_ids": []string{gid}}, cookie) + map[string]any{ + "cron": "@hourly", "enabled": false, + "source_group_ids": []string{gid}, + }, cookie) if status != 200 { t.Fatalf("update: %d body=%+v", status, body) } @@ -484,5 +494,7 @@ func equalStrings(a, b []string) bool { } // keep fmt import live — used for occasional debug. -var _ = fmt.Sprintf -var _ = strings.HasPrefix +var ( + _ = fmt.Sprintf + _ = strings.HasPrefix +) diff --git a/internal/server/http/p2r01_ws_test.go b/internal/server/http/p2r01_ws_test.go index 5555f9d..ed53847 100644 --- a/internal/server/http/p2r01_ws_test.go +++ b/internal/server/http/p2r01_ws_test.go @@ -6,8 +6,8 @@ package http import ( "context" "encoding/json" - "net/http/httptest" stdhttp "net/http" + "net/http/httptest" "strings" "testing" "time" @@ -29,13 +29,18 @@ func agentDial(t *testing.T, srv *Server, ts *httptest.Server, hostID, token str url := "ws" + strings.TrimPrefix(ts.URL, "http") + "/ws/agent" ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - c, _, err := websocket.Dial(ctx, url, &websocket.DialOptions{ + c, res, err := websocket.Dial(ctx, url, &websocket.DialOptions{ HTTPHeader: stdhttp.Header{"Authorization": []string{"Bearer " + token}}, }) if err != nil { t.Fatalf("dial: %v", err) } - t.Cleanup(func() { _ = c.CloseNow() }) + t.Cleanup(func() { + _ = c.CloseNow() + if res != nil && res.Body != nil { + _ = res.Body.Close() + } + }) return c } @@ -76,7 +81,7 @@ func drainUntil(t *testing.T, c *websocket.Conn, wantType api.MessageType) api.E return api.Envelope{} } -// enrolHostForWS pre-enrols a host with bound repo creds so the server +// enrolHostForWS pre-enrolls a host with bound repo creds so the server // will treat it as ready to receive command.run. func enrolHostForWS(t *testing.T, srv *Server, st *store.Store, name string) (hostID, token string) { t.Helper() diff --git a/internal/server/http/repo_maintenance.go b/internal/server/http/repo_maintenance.go index e020b30..364024b 100644 --- a/internal/server/http/repo_maintenance.go +++ b/internal/server/http/repo_maintenance.go @@ -142,4 +142,3 @@ func (s *Server) handleUpdateRepoMaintenance(w stdhttp.ResponseWriter, r *stdhtt } writeJSON(w, stdhttp.StatusOK, toRepoMaintenanceView(m)) } - diff --git a/internal/server/http/schedule_push.go b/internal/server/http/schedule_push.go index e82dfc6..02692b7 100644 --- a/internal/server/http/schedule_push.go +++ b/internal/server/http/schedule_push.go @@ -4,7 +4,7 @@ // The slim-schedule wire shape is built here from the (Schedule, // SourceGroup) pair. Each schedule is sent with its resolved source // groups inlined so the agent doesn't have to keep its own copy of -// the group catalogue. Cron + enabled drive the agent's local timer; +// the group catalog. Cron + enabled drive the agent's local timer; // when an entry fires the agent ships back a schedule.fire and // dispatchScheduledJob below resolves the schedule's groups and // dispatches one backup command.run per group. diff --git a/internal/server/http/schedules.go b/internal/server/http/schedules.go index 95c4e58..1e33e9d 100644 --- a/internal/server/http/schedules.go +++ b/internal/server/http/schedules.go @@ -212,7 +212,7 @@ func (s *Server) validateScheduleRequest(r *stdhttp.Request, hostID string, req for _, gid := range req.SourceGroupIDs { g, err := s.deps.Store.GetSourceGroup(r.Context(), hostID, gid) if err != nil || g == nil { - return "invalid_group", "source group "+gid+" not found on this host", false + return "invalid_group", "source group " + gid + " not found on this host", false } } return "", "", true diff --git a/internal/server/http/server.go b/internal/server/http/server.go index 5d09a09..f286fdb 100644 --- a/internal/server/http/server.go +++ b/internal/server/http/server.go @@ -184,7 +184,7 @@ func (s *Server) routes(r chi.Router) { // Durable post-Add-host page (operator can refresh / come // back; password decrypted from the token row each render). // Polled fragment under /awaiting flips to "connected" once - // the agent enrols. + // the agent enrolls. r.Get("/hosts/pending/{token}", s.handleUIPendingHost) r.Get("/hosts/pending/{token}/awaiting", s.handleUIPendingAwaiting) // Host detail (Snapshots tab is the default). diff --git a/internal/server/http/ui_handlers.go b/internal/server/http/ui_handlers.go index 755e8fd..0dd4752 100644 --- a/internal/server/http/ui_handlers.go +++ b/internal/server/http/ui_handlers.go @@ -44,7 +44,11 @@ func staticHandler() stdhttp.Handler { func (s *Server) sessionUser(r *stdhttp.Request) (*ui.User, error) { c, err := r.Cookie(sessionCookieName) if err != nil { - return nil, nil + // Missing or invalid cookie just means the caller isn't logged + // in — that's a normal state, not a server error. Return + // (nil, nil) so callers can decide between "redirect to login" + // and "treat as anonymous". + return nil, nil //nolint:nilerr } sess, err := s.deps.Store.LookupSession(r.Context(), auth.HashToken(c.Value)) if err != nil { @@ -81,11 +85,13 @@ func (s *Server) requireUIUser(w stdhttp.ResponseWriter, r *stdhttp.Request) *ui } // baseView populates the fields the nav partial needs on every -// authenticated page. -func (s *Server) baseView(u *ui.User, active string) ui.ViewData { +// authenticated page. Every UI page sits under the dashboard primary +// nav today; if a future page lives under a different primary nav +// tab (e.g. Settings, Audit), accept an Active arg again. +func (s *Server) baseView(u *ui.User) ui.ViewData { return ui.ViewData{ User: u, - Active: active, + Active: "dashboard", Version: s.version(), } } @@ -200,7 +206,7 @@ func (s *Server) handleUIDashboard(w stdhttp.ResponseWriter, r *stdhttp.Request) rows = append(rows, row) } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.OpenAlerts = summary.OpenAlerts view.Page = dashboardPage{ Hosts: rows, @@ -249,16 +255,16 @@ type addHostPage struct { } // pendingHostPage is the GET /hosts/pending/{token} view. Lives -// for as long as the token does (1h ttl); once the agent enrols, +// for as long as the token does (1h ttl); once the agent enrolls, // the handler redirects to /hosts/{host_id} and this page is gone. type pendingHostPage struct { - Token string - ServerURL string - ExpiresAt time.Time - RepoURL string - RepoUsername string - RepoPassword string - InitialPaths []string + Token string + ServerURL string + ExpiresAt time.Time + RepoURL string + RepoUsername string + RepoPassword string + InitialPaths []string } // handleUIAddHostGet renders the empty Add host form. @@ -267,7 +273,7 @@ func (s *Server) handleUIAddHostGet(w stdhttp.ResponseWriter, r *stdhttp.Request if u == nil { return } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = "Add host · restic-manager" view.Page = addHostPage{ServerURL: s.publicURL(r)} if err := s.deps.UI.Render(w, "add_host", view); err != nil { @@ -327,11 +333,11 @@ func (s *Server) handleUIAddHostPost(w stdhttp.ResponseWriter, r *stdhttp.Reques if page.Error == "" { token, _, err := s.mintEnrollmentToken(r.Context(), page.RepoURL, repoUsername, repoPassword, splitPaths(page.Paths)) - switch err { - case nil: + switch { + case err == nil: stdhttp.Redirect(w, r, "/hosts/pending/"+token, stdhttp.StatusSeeOther) return - case errMissingRepoCreds: + case errors.Is(err, errMissingRepoCreds): page.Error = "Repo URL and password are both required." default: slog.Error("ui add_host: mint token", "err", err) @@ -339,7 +345,7 @@ func (s *Server) handleUIAddHostPost(w stdhttp.ResponseWriter, r *stdhttp.Reques } } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = "Add host · restic-manager" view.Page = page w.WriteHeader(stdhttp.StatusUnprocessableEntity) @@ -350,7 +356,7 @@ func (s *Server) handleUIAddHostPost(w stdhttp.ResponseWriter, r *stdhttp.Reques // handleUIPendingHost serves the durable Add-host result page — // shown after a successful POST /hosts/new and reachable until the -// agent enrols (the page redirects to /hosts/{id} once that +// agent enrolls (the page redirects to /hosts/{id} once that // happens) or the token expires (1h ttl). The password is // re-decrypted from the encrypted token row on every render so // the operator can refresh, bookmark, navigate away and come back. @@ -406,7 +412,7 @@ func (s *Server) handleUIPendingHost(w stdhttp.ResponseWriter, r *stdhttp.Reques } } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = "Pending host · restic-manager" view.Page = page if err := s.deps.UI.Render(w, "pending_host", view); err != nil { @@ -546,7 +552,7 @@ func (s *Server) handleUIHostDetail(w stdhttp.ResponseWriter, r *stdhttp.Request shown = shown[:cap] } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = host.Name + " · restic-manager" view.Page = hostDetailPage{ hostChromeData: s.loadHostChrome(r, *host, "snapshots", "snapshots"), @@ -645,7 +651,7 @@ func (s *Server) handleUIJobDetail(w stdhttp.ResponseWriter, r *stdhttp.Request) nextSeq = logs[n-1].Seq } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = job.Kind + " · " + host.Name + " · restic-manager" view.Page = jobDetailPage{ Job: *job, @@ -742,21 +748,6 @@ func buildSyntheticJobFinished(job *store.Job) (api.Envelope, error) { }) } -// userByID fetches the full store.User the UI session represents. -// Returns the user, ok-flag, error. Used by handlers that need the -// store-side row (e.g. for audit_log.user_id) rather than just the -// projected ui.User. -func (s *Server) userByID(r *stdhttp.Request, id string) (*store.User, bool, error) { - u, err := s.deps.Store.GetUserByID(r.Context(), id) - if err != nil { - if errors.Is(err, store.ErrNotFound) { - return nil, false, nil - } - return nil, false, err - } - return u, true, nil -} - // handleUILoginGet renders the login form. If the user is already // signed in we redirect them home — login is for the unauthenticated. func (s *Server) handleUILoginGet(w stdhttp.ResponseWriter, r *stdhttp.Request) { diff --git a/internal/server/http/ui_repo.go b/internal/server/http/ui_repo.go index e0d54d6..79ad2ae 100644 --- a/internal/server/http/ui_repo.go +++ b/internal/server/http/ui_repo.go @@ -143,7 +143,7 @@ func (s *Server) handleUIHostRepo(w stdhttp.ResponseWriter, r *stdhttp.Request) return } page.SavedSection = r.URL.Query().Get("saved") - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = host.Name + " repo · restic-manager" view.Page = *page if err := s.deps.UI.Render(w, "host_repo", view); err != nil { @@ -166,7 +166,7 @@ func (s *Server) renderRepoPage(w stdhttp.ResponseWriter, r *stdhttp.Request, u page.CredentialsError = credErr page.BandwidthError = bwErr page.MaintenanceError = mntErr - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = host.Name + " repo · restic-manager" view.Page = *page w.WriteHeader(stdhttp.StatusUnprocessableEntity) diff --git a/internal/server/http/ui_schedules.go b/internal/server/http/ui_schedules.go index d17ff0d..485e64e 100644 --- a/internal/server/http/ui_schedules.go +++ b/internal/server/http/ui_schedules.go @@ -78,7 +78,7 @@ func (s *Server) handleUISchedulesList(w stdhttp.ResponseWriter, r *stdhttp.Requ chrome.ScheduleCount = len(scheds) chrome.SourceGroupCount = len(groups) - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = host.Name + " schedules · restic-manager" view.Page = hostSchedulesPage{ hostChromeData: chrome, @@ -106,7 +106,7 @@ func (s *Server) handleUIScheduleNewGet(w stdhttp.ResponseWriter, r *stdhttp.Req stdhttp.Error(w, "internal", stdhttp.StatusInternalServerError) return } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = "New schedule · " + host.Name + " · restic-manager" view.Page = scheduleEditPage{ hostChromeData: s.loadHostChrome(r, *host, "schedules", "new schedule"), @@ -152,7 +152,7 @@ func (s *Server) handleUIScheduleEditGet(w stdhttp.ResponseWriter, r *stdhttp.Re for _, gid := range sc.SourceGroupIDs { selected[gid] = true } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = "Edit schedule · " + host.Name + " · restic-manager" view.Page = scheduleEditPage{ hostChromeData: s.loadHostChrome(r, *host, "schedules", "edit schedule"), @@ -381,7 +381,7 @@ func (s *Server) renderScheduleFormError(w stdhttp.ResponseWriter, r *stdhttp.Re saveAction = "/hosts/" + host.ID + "/schedules/" + sid + "/edit" crumb = "edit schedule" } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = "Schedule · " + host.Name + " · restic-manager" view.Page = scheduleEditPage{ hostChromeData: s.loadHostChrome(r, *host, "schedules", crumb), diff --git a/internal/server/http/ui_sources.go b/internal/server/http/ui_sources.go index cdcd978..c8ed59f 100644 --- a/internal/server/http/ui_sources.go +++ b/internal/server/http/ui_sources.go @@ -119,7 +119,7 @@ func (s *Server) handleUIHostSources(w stdhttp.ResponseWriter, r *stdhttp.Reques // loadHostChrome already counted groups; reuse count we just got. chrome.SourceGroupCount = len(groups) - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = host.Name + " sources · restic-manager" view.Page = hostSourcesPage{hostChromeData: chrome, Groups: rows} if err := s.deps.UI.Render(w, "host_sources", view); err != nil { @@ -137,7 +137,7 @@ func (s *Server) handleUISourceGroupNewGet(w stdhttp.ResponseWriter, r *stdhttp. if !ok { return } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = "New source group · " + host.Name + " · restic-manager" view.Page = sourceGroupEditPage{ hostChromeData: s.loadHostChrome(r, *host, "sources", "new source group"), @@ -171,7 +171,7 @@ func (s *Server) handleUISourceGroupEditGet(w stdhttp.ResponseWriter, r *stdhttp stdhttp.Error(w, "internal", stdhttp.StatusInternalServerError) return } - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = g.Name + " · " + host.Name + " · restic-manager" view.Page = sourceGroupEditPage{ hostChromeData: s.loadHostChrome(r, *host, "sources", g.Name), @@ -341,7 +341,7 @@ func (s *Server) handleUISourceGroupDelete(w stdhttp.ResponseWriter, r *stdhttp. // typed input intact + an error banner. Returns 422 to signal "form // rejected" while still returning HTML (mirrors handleUIAddHostPost). func (s *Server) renderSourceFormError(w stdhttp.ResponseWriter, r *stdhttp.Request, u *ui.User, host *store.Host, gid string, isNew bool, form sourceFormData, msg string) { - view := s.baseView(u, "dashboard") + view := s.baseView(u) view.Title = "Source group · " + host.Name + " · restic-manager" saveAction := "/hosts/" + host.ID + "/sources/new" crumb := "new source group" diff --git a/internal/server/ui/funcs.go b/internal/server/ui/funcs.go index e1bf86f..71c350a 100644 --- a/internal/server/ui/funcs.go +++ b/internal/server/ui/funcs.go @@ -13,10 +13,10 @@ import ( // which can pre-compute and pass primitives into the view. func funcMap() template.FuncMap { return template.FuncMap{ - "bytes": formatBytes, - "relTime": formatRelTime, - "comma": formatComma, - "deref": derefStr, + "bytes": formatBytes, + "relTime": formatRelTime, + "comma": formatComma, + "deref": derefStr, "timeNotZero": func(t *time.Time) bool { return t != nil && !t.IsZero() }, "joinDot": func(parts []string) string { return strings.Join(parts, " · ") }, "absTime": func(t time.Time) string { diff --git a/internal/server/ws/handler.go b/internal/server/ws/handler.go index 25db3e3..48fb5fd 100644 --- a/internal/server/ws/handler.go +++ b/internal/server/ws/handler.go @@ -42,14 +42,14 @@ type HandlerDeps struct { // enrollment) before the WS upgrade. // // Lifecycle: -// 1. Bearer token resolves to a Host row. -// 2. Upgrade. -// 3. First message must be `hello`; protocol_version checked here. -// 4. Loop: read messages, dispatch by type. Heartbeats touch the -// host row; job/log/repo messages forward to the relevant -// handlers (TODO: lands with P1-18 onward). -// 5. On Read error or context cancel, mark host offline, unregister -// from the hub. +// 1. Bearer token resolves to a Host row. +// 2. Upgrade. +// 3. First message must be `hello`; protocol_version checked here. +// 4. Loop: read messages, dispatch by type. Heartbeats touch the +// host row; job/log/repo messages forward to the relevant +// handlers (TODO: lands with P1-18 onward). +// 5. On Read error or context cancel, mark host offline, unregister +// from the hub. func AgentHandler(deps HandlerDeps) stdhttp.Handler { return stdhttp.HandlerFunc(func(w stdhttp.ResponseWriter, r *stdhttp.Request) { host, ok := authenticateAgent(r, deps.Store) @@ -204,7 +204,7 @@ func dispatchAgentMessage(ctx context.Context, c *Conn, hostID string, env api.E string(p.Status), p.ExitCode, p.Stats, errMsg, p.FinishedAt); err != nil { slog.Warn("ws: mark job finished", "job_id", p.JobID, "err", err) } - // repo_initialised_at projection has been removed — auto-init + // repo_initialized_at projection has been removed — auto-init // at host enrolment makes "is the repo init'd" derivable from // the latest init job's status, no separate column needed. if deps.JobHub != nil { diff --git a/internal/server/ws/hub.go b/internal/server/ws/hub.go index c10a85d..8ad732f 100644 --- a/internal/server/ws/hub.go +++ b/internal/server/ws/hub.go @@ -100,7 +100,7 @@ func NewConn(hostID string, c *websocket.Conn) *Conn { } // Send writes an envelope as a JSON text message. Concurrent calls -// are serialised; the underlying socket is not safe for parallel +// are serialized; the underlying socket is not safe for parallel // writers. func (c *Conn) Send(ctx context.Context, env api.Envelope) error { c.writeMu.Lock() diff --git a/internal/server/ws/hub_test.go b/internal/server/ws/hub_test.go index ed8b04f..aa73a23 100644 --- a/internal/server/ws/hub_test.go +++ b/internal/server/ws/hub_test.go @@ -57,13 +57,18 @@ func TestWSHelloAndHeartbeat(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - c, _, err := websocket.Dial(ctx, url, &websocket.DialOptions{ + c, res, err := websocket.Dial(ctx, url, &websocket.DialOptions{ HTTPHeader: stdhttp.Header{"Authorization": []string{"Bearer " + token}}, }) if err != nil { t.Fatalf("dial: %v", err) } defer c.CloseNow() + defer func() { + if res != nil && res.Body != nil { + _ = res.Body.Close() + } + }() // Send hello. hello := api.HelloPayload{ @@ -125,13 +130,18 @@ func TestWSRejectsOldProtocol(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - c, _, err := websocket.Dial(ctx, url, &websocket.DialOptions{ + c, res, err := websocket.Dial(ctx, url, &websocket.DialOptions{ HTTPHeader: stdhttp.Header{"Authorization": []string{"Bearer " + token}}, }) if err != nil { t.Fatalf("dial: %v", err) } defer c.CloseNow() + defer func() { + if res != nil && res.Body != nil { + _ = res.Body.Close() + } + }() hello := api.HelloPayload{ProtocolVersion: 0} // below minimum env, _ := api.Marshal(api.MsgHello, "", hello) @@ -170,6 +180,13 @@ func TestWSRejectsBadToken(t *testing.T) { _, res, err := websocket.Dial(ctx, url, &websocket.DialOptions{ HTTPHeader: stdhttp.Header{"Authorization": []string{"Bearer wrong"}}, }) + if res != nil { + defer func() { + if res != nil && res.Body != nil { + _ = res.Body.Close() + } + }() + } if err == nil { t.Fatal("dial should fail") } diff --git a/internal/server/ws/jobhub.go b/internal/server/ws/jobhub.go index e509193..b6c138f 100644 --- a/internal/server/ws/jobhub.go +++ b/internal/server/ws/jobhub.go @@ -33,7 +33,7 @@ func NewJobHub() *JobHub { // the hub's set (so concurrent Broadcasts will reach it), but no // pump goroutine runs yet. The caller can prime the channel via Send // — useful for late-subscriber catch-up — and then call Run to start -// the pump. Run blocks until ctx is cancelled or conn dies, and +// the pump. Run blocks until ctx is canceled or conn dies, and // unregisters on return. type Subscriber struct { hub *JobHub @@ -73,7 +73,7 @@ func (s *Subscriber) Send(env api.Envelope) { } // Run pumps messages from the subscriber's channel onto conn until -// ctx is cancelled or conn dies. Unregisters on return. Caller is +// ctx is canceled or conn dies. Unregisters on return. Caller is // expected to invoke this from the goroutine that owns conn. func (s *Subscriber) Run(ctx context.Context, conn *Conn) { defer s.unregister() diff --git a/internal/store/audit.go b/internal/store/audit.go index b5cce69..bd82289 100644 --- a/internal/store/audit.go +++ b/internal/store/audit.go @@ -26,7 +26,7 @@ func (s *Store) AppendAudit(ctx context.Context, e AuditEntry) error { } // nullable returns nil for nil/empty *string so SQLite stores NULL. -// SQLite's driver treats Go nil as NULL but treats *string("") as ''. +// SQLite's driver treats Go nil as NULL but treats *string("") as ”. // We want NULL semantics for "absent." func nullable(p *string) any { if p == nil || *p == "" { diff --git a/internal/store/enrollment.go b/internal/store/enrollment.go index 4a2a0ff..3ad5cea 100644 --- a/internal/store/enrollment.go +++ b/internal/store/enrollment.go @@ -172,4 +172,3 @@ func (s *Store) PurgeExpiredEnrollmentTokens(ctx context.Context) (int64, error) n, _ := res.RowsAffected() return n, nil } - diff --git a/internal/store/fleet.go b/internal/store/fleet.go index 95307c4..95d25c0 100644 --- a/internal/store/fleet.go +++ b/internal/store/fleet.go @@ -57,7 +57,7 @@ func (s *Store) FleetSummary(ctx context.Context) (FleetSummary, error) { if err != nil { return FleetSummary{}, fmt.Errorf("store: fleet summary jobs: %w", err) } - defer rows.Close() + defer func() { _ = rows.Close() }() for rows.Next() { var status string var n int @@ -70,7 +70,7 @@ func (s *Store) FleetSummary(ctx context.Context) (FleetSummary, error) { fs.JobsLast24hSucceeded = n case "failed": fs.JobsLast24hFailed = n - case "cancelled": + case "cancelled": //nolint:misspell // matches the DB CHECK constraint and api.JobCancelled wire value fs.JobsLast24hCancelled = n } } diff --git a/internal/store/hosts.go b/internal/store/hosts.go index af7df00..bd6a24d 100644 --- a/internal/store/hosts.go +++ b/internal/store/hosts.go @@ -121,7 +121,7 @@ func (s *Store) ListHosts(ctx context.Context) ([]Host, error) { if err != nil { return nil, fmt.Errorf("store: list hosts: %w", err) } - defer rows.Close() + defer func() { _ = rows.Close() }() var out []Host for rows.Next() { h, err := scanHostRow(rows) @@ -150,11 +150,11 @@ func scanHost(row *sql.Row) (*Host, error) { func scanHostRow(s hostScanner) (*Host, error) { var h Host var ( - lastSeen, lastBackupAt sql.NullString - repoID, currentJob, lastBkSt sql.NullString - enrolled string - tags string - bwUp, bwDown sql.NullInt64 + lastSeen, lastBackupAt sql.NullString + repoID, currentJob, lastBkSt sql.NullString + enrolled string + tags string + bwUp, bwDown sql.NullInt64 ) err := s.Scan(&h.ID, &h.Name, &h.OS, &h.Arch, &h.AgentVersion, &h.ResticVersion, &h.ProtocolVersion, diff --git a/internal/store/jobs.go b/internal/store/jobs.go index 6e2d704..9438902 100644 --- a/internal/store/jobs.go +++ b/internal/store/jobs.go @@ -118,7 +118,7 @@ func (s *Store) ListJobLogs(ctx context.Context, jobID string, afterSeq int64, l if err != nil { return nil, fmt.Errorf("store: list job logs: %w", err) } - defer rows.Close() + defer func() { _ = rows.Close() }() var out []JobLogLine for rows.Next() { var l JobLogLine @@ -143,15 +143,15 @@ func (s *Store) GetJob(ctx context.Context, id string) (*Job, error) { started_at, finished_at, exit_code, stats, error, created_at FROM jobs WHERE id = ?`, id) var ( - j Job - schedID sql.NullString - actorID sql.NullString - startedAt sql.NullString - finishedAt sql.NullString - exitCode sql.NullInt64 - stats sql.NullString - errMsg sql.NullString - createdAt string + j Job + schedID sql.NullString + actorID sql.NullString + startedAt sql.NullString + finishedAt sql.NullString + exitCode sql.NullInt64 + stats sql.NullString + errMsg sql.NullString + createdAt string ) if err := row.Scan(&j.ID, &j.HostID, &j.Kind, &j.Status, &schedID, &j.ActorKind, &actorID, &startedAt, &finishedAt, diff --git a/internal/store/maintenance.go b/internal/store/maintenance.go index 624af95..795a6b0 100644 --- a/internal/store/maintenance.go +++ b/internal/store/maintenance.go @@ -31,7 +31,7 @@ func (st *Store) GetRepoMaintenance(ctx context.Context, hostID string) (*HostRe check_cron, check_enabled, check_subset_pct FROM host_repo_maintenance WHERE host_id = ?`, hostID) var ( - m HostRepoMaintenance + m HostRepoMaintenance forgetEnabled, pruneEnabled, checkEnabled int ) err := row.Scan(&m.HostID, diff --git a/internal/store/migrate.go b/internal/store/migrate.go index 0fd80bb..7f81642 100644 --- a/internal/store/migrate.go +++ b/internal/store/migrate.go @@ -15,9 +15,9 @@ var migrationsFS embed.FS // migration is one ordered SQL file from migrations/. type migration struct { - version int // parsed from filename prefix (0001, 0002, …) - name string // full filename, for error messages - sql string + version int // parsed from filename prefix (0001, 0002, …) + name string // full filename, for error messages + sql string } // loadMigrations reads every migrations/*.sql file in lexical order diff --git a/internal/store/pending.go b/internal/store/pending.go index eea9b84..42f2fdd 100644 --- a/internal/store/pending.go +++ b/internal/store/pending.go @@ -52,7 +52,7 @@ func (st *Store) DuePendingRuns(ctx context.Context, now time.Time, limit int) ( if err != nil { return nil, fmt.Errorf("store: due pending runs: %w", err) } - defer rows.Close() + defer func() { _ = rows.Close() }() out := []PendingRun{} for rows.Next() { var p PendingRun diff --git a/internal/store/schedules.go b/internal/store/schedules.go index f80bd4f..97f3186 100644 --- a/internal/store/schedules.go +++ b/internal/store/schedules.go @@ -144,7 +144,7 @@ func (st *Store) ListSchedulesByHost(ctx context.Context, hostID string) ([]Sche if err != nil { return nil, fmt.Errorf("store: list schedules: %w", err) } - defer rows.Close() + defer func() { _ = rows.Close() }() out := []Schedule{} for rows.Next() { s, err := scanScheduleRow(rows) @@ -247,7 +247,7 @@ func (st *Store) scheduleGroupIDs(ctx context.Context, scheduleID string) ([]str if err != nil { return nil, fmt.Errorf("store: read schedule junction: %w", err) } - defer rows.Close() + defer func() { _ = rows.Close() }() out := []string{} for rows.Next() { var id string @@ -269,7 +269,7 @@ func (st *Store) SchedulesUsingGroup(ctx context.Context, groupID string) ([]str if err != nil { return nil, fmt.Errorf("store: schedules using group: %w", err) } - defer rows.Close() + defer func() { _ = rows.Close() }() out := []string{} for rows.Next() { var id string diff --git a/internal/store/snapshots.go b/internal/store/snapshots.go index e01de90..9995830 100644 --- a/internal/store/snapshots.go +++ b/internal/store/snapshots.go @@ -51,7 +51,7 @@ func (s *Store) ReplaceHostSnapshots(ctx context.Context, hostID string, snaps [ if err != nil { return fmt.Errorf("store: prepare snapshot insert: %w", err) } - defer stmt.Close() + defer func() { _ = stmt.Close() }() refreshed := when.UTC().Format(time.RFC3339Nano) for _, snap := range snaps { @@ -92,7 +92,7 @@ func (s *Store) ListSnapshotsByHost(ctx context.Context, hostID string) ([]Snaps if err != nil { return nil, fmt.Errorf("store: list snapshots: %w", err) } - defer rows.Close() + defer func() { _ = rows.Close() }() var out []Snapshot for rows.Next() { diff --git a/internal/store/snapshots_test.go b/internal/store/snapshots_test.go index 2870460..2abc9a3 100644 --- a/internal/store/snapshots_test.go +++ b/internal/store/snapshots_test.go @@ -30,20 +30,20 @@ func TestReplaceHostSnapshotsRoundTrip(t *testing.T) { now := time.Now().UTC().Truncate(time.Second) in := []Snapshot{ { - ID: "deadbeef" + "00000000000000000000000000000000000000000000000000000000", - ShortID: "deadbeef", - Time: now.Add(-2 * time.Hour), - Hostname: "snap-host", - Paths: []string{"/etc", "/home"}, - Tags: []string{"daily"}, + ID: "deadbeef" + "00000000000000000000000000000000000000000000000000000000", + ShortID: "deadbeef", + Time: now.Add(-2 * time.Hour), + Hostname: "snap-host", + Paths: []string{"/etc", "/home"}, + Tags: []string{"daily"}, SizeBytes: 4096, FileCount: 12, }, { - ID: "cafef00d" + "00000000000000000000000000000000000000000000000000000000", - ShortID: "cafef00d", - Time: now.Add(-1 * time.Hour), - Hostname: "snap-host", - Paths: []string{"/etc"}, + ID: "cafef00d" + "00000000000000000000000000000000000000000000000000000000", + ShortID: "cafef00d", + Time: now.Add(-1 * time.Hour), + Hostname: "snap-host", + Paths: []string{"/etc"}, SizeBytes: 8192, FileCount: 24, }, } @@ -129,9 +129,11 @@ func TestReplaceHostSnapshotsEmpty(t *testing.T) { // First a non-empty replace. if err := s.ReplaceHostSnapshots(ctx, hostID, []Snapshot{ - {ID: "1111111111111111111111111111111111111111111111111111111111111111", + { + ID: "1111111111111111111111111111111111111111111111111111111111111111", ShortID: "11111111", Time: time.Now().UTC(), Hostname: "snap-host", - Paths: []string{"/x"}}, + Paths: []string{"/x"}, + }, }, time.Now().UTC()); err != nil { t.Fatalf("replace 1: %v", err) } diff --git a/internal/store/sources.go b/internal/store/sources.go index 7c81b57..6ec3115 100644 --- a/internal/store/sources.go +++ b/internal/store/sources.go @@ -183,7 +183,7 @@ func (st *Store) ListSourceGroupsByHost(ctx context.Context, hostID string) ([]S if err != nil { return nil, fmt.Errorf("store: list source groups: %w", err) } - defer rows.Close() + defer func() { _ = rows.Close() }() out := []SourceGroup{} for rows.Next() { g, err := scanSourceGroupRow(rows) @@ -220,10 +220,10 @@ type sourceGroupScanner interface { func scanSourceGroupRow(s sourceGroupScanner) (*SourceGroup, error) { var ( - out SourceGroup - includes, excludes, retention string - conflict sql.NullString - createdAt, updatedAt string + out SourceGroup + includes, excludes, retention string + conflict sql.NullString + createdAt, updatedAt string ) err := s.Scan(&out.ID, &out.HostID, &out.Name, &includes, &excludes, &retention, diff --git a/internal/store/sources_test.go b/internal/store/sources_test.go index bc56013..2f6d7bb 100644 --- a/internal/store/sources_test.go +++ b/internal/store/sources_test.go @@ -177,7 +177,7 @@ func TestPendingRunQueue(t *testing.T) { now := time.Now().UTC() if err := s.EnqueuePendingRun(ctx, &PendingRun{ - ID: "01HPEND00000000000000001", + ID: "01HPEND00000000000000001", ScheduleID: schedID, SourceGroupID: gid, HostID: hostID, NextAttemptAt: now.Add(-time.Second), // already due ScheduledAt: now.Add(-time.Minute), diff --git a/internal/store/store_test.go b/internal/store/store_test.go index c34a7e2..87aff9b 100644 --- a/internal/store/store_test.go +++ b/internal/store/store_test.go @@ -34,10 +34,12 @@ func TestOpenAppliesMigrations(t *testing.T) { } // Spot-check a few tables exist with expected columns. - tables := []string{"users", "sessions", "hosts", "repos", + tables := []string{ + "users", "sessions", "hosts", "repos", "credentials", "schedules", "jobs", "job_logs", "snapshots", "alerts", "audit_log", - "enrollment_tokens", "host_schedule_version"} + "enrollment_tokens", "host_schedule_version", + } for _, tbl := range tables { row := s.DB().QueryRow( `SELECT name FROM sqlite_master WHERE type='table' AND name = ?`, tbl) diff --git a/internal/store/types.go b/internal/store/types.go index e799f09..6f99f69 100644 --- a/internal/store/types.go +++ b/internal/store/types.go @@ -20,6 +20,7 @@ type User struct { // Role enumerates the access tiers from spec.md §7.2. type Role string +// Defined Role values, in descending order of privilege. const ( RoleAdmin Role = "admin" RoleOperator Role = "operator" @@ -73,12 +74,12 @@ type Host struct { // only. forget/prune/check are repo-level cadences on // HostRepoMaintenance, not schedule kinds. type Schedule struct { - ID string - HostID string - CronExpr string - Enabled bool - CreatedAt time.Time - UpdatedAt time.Time + ID string + HostID string + CronExpr string + Enabled bool + CreatedAt time.Time + UpdatedAt time.Time // SourceGroupIDs is populated by ListSchedulesByHost (joins // schedule_source_groups) and accepted on Create / Update so the // caller passes the desired junction state in one shape. @@ -160,14 +161,14 @@ type HostRepoMaintenance struct { // PendingRun queues a missed cron tick (agent was offline) for the // server-side retry ticker to dispatch later. type PendingRun struct { - ID string - ScheduleID string - SourceGroupID string - HostID string - Attempt int - NextAttemptAt time.Time - ScheduledAt time.Time // original cron tick — forensic / audit - LastError string + ID string + ScheduleID string + SourceGroupID string + HostID string + Attempt int + NextAttemptAt time.Time + ScheduledAt time.Time // original cron tick — forensic / audit + LastError string } // EnrollmentToken is the issuer's view of a one-time token. diff --git a/tasks.md b/tasks.md index 632454d..df03958 100644 --- a/tasks.md +++ b/tasks.md @@ -273,4 +273,3 @@ Sizes: **S** = under a day, **M** = 1–3 days, **L** = 3–7 days. - [ ] **X-03** Periodic dependency updates (`dependabot` or `renovate`) - [ ] **X-04** Threat-model review at end of each phase - [ ] **X-05** Proper first-run onboarding UI: admin shouldn't need to `curl` `/api/bootstrap` by hand. Render the bootstrap form on the same login page (extra "setup token" field shown only while no admin user exists, hidden after); on submit POST to `/api/bootstrap`, then drop straight into a session. Surface the one-time token from the server log somewhere copy-able (or print a clickable URL with the token in the query string at first-run). Also: relax the 12-char password floor for the first-run path or document it in the form so `admin` doesn't silently fail validation. -- [ ] **X-06** Lint-baseline cleanup pass. `.golangci.yml` is now on the v2 schema; CI is gated with `only-new-issues: true` because the repo carries ~90 pre-existing findings (gofumpt drift × 31, misspell × 25, missing godoc on exported consts × 10, bodyclose × 6, errcheck × 12, errorlint/nilerr/unused × handful) accumulated before lint was actually wired into CI. Drive the count to zero in a dedicated PR (mostly mechanical: `gofumpt -w .`, fix typos, add comments, audit nilerr cases since those *might* be real bugs), then drop `only-new-issues: true` so future regressions are caught at the source. diff --git a/web/embed.go b/web/embed.go index 43d63dc..44dc2e3 100644 --- a/web/embed.go +++ b/web/embed.go @@ -7,5 +7,9 @@ package web import "embed" +// FS is the embedded view of every template + static asset under +// this package. Consumed by internal/server/ui (templates) and +// internal/server/http (static handler). +// //go:embed templates/* static/* var FS embed.FS