steve/restic-manager
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 1 Wiki Activity

phase 1 foundations: api types, store, crypto, auth

Browse Source 
Lands the bottom three layers of Phase 1:

P1-08 internal/api: protocol_version + envelope + every WS message
  shape from spec.md §6.2 (Hello, Heartbeat, Job*, Schedule*, etc).
  Wire-format tests pin the JSON shape so a rename here breaks
  tests instead of silently breaking the agent.

P1-02 + P1-03 internal/store: SQLite via modernc.org/sqlite,
  embed.FS + a tiny version table for hand-rolled migrations.
  0001_initial.sql covers every table from spec.md §5 plus
  enrollment_tokens and host_schedule_version. Typed accessors
  for users / sessions / enrollment / audit. WAL + foreign_keys
  + busy_timeout on by default.

P1-06 internal/crypto: XChaCha20-Poly1305 AEAD wrapper with
  per-message random nonce. Key file lifecycle (generate +
  refuse-to-overwrite, load with size validation). Optional
  additionalData binds ciphertext to the row that owns it.

P1-04 internal/auth (partial — passwords + tokens; sessions
  middleware lands with the HTTP handlers): argon2id following
  RFC 9106 (64 MiB / t=3 / p=4 / 32B), constant-time verify.
  HashToken stores SHA-256 of session/agent/enrollment tokens
  so a stolen DB doesn't hand over credentials.

Build floor moves to Go 1.25 (modernc.org/sqlite v1.50+ requires
it); CI + Dockerfile + README updated. Markdown lint diagnostics
on tasks.md cleared.

All packages tested. ~70 new tests pass in <1s.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Steve Cliff
2026-05-01 00:24:40 +01:00
parent 595546afb9
commit c275f4ff4c
28 changed files with 1952 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/store/audit.go
+36
View File
@@ -0,0 +1,36 @@
package store
import (
"context"
"encoding/json"
"fmt"
"time"
)
// AppendAudit records an audit log entry.
func (s *Store) AppendAudit(ctx context.Context, e AuditEntry) error {
if len(e.Payload) == 0 {
e.Payload = json.RawMessage("{}")
}
_, err := s.db.ExecContext(ctx,
`INSERT INTO audit_log (id, user_id, actor, action, target_kind, target_id, ts, payload)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
e.ID, nullable(e.UserID), e.Actor, e.Action,
nullable(e.TargetKind), nullable(e.TargetID),
e.TS.UTC().Format(time.RFC3339Nano),
string(e.Payload))
if err != nil {
return fmt.Errorf("store: append audit: %w", err)
}
return nil
}
// nullable returns nil for nil/empty *string so SQLite stores NULL.
// SQLite's driver treats Go nil as NULL but treats *string("") as ''.
// We want NULL semantics for "absent."
func nullable(p *string) any {
if p == nil || *p == "" {
return nil
}
return *p
}