package http import ( "context" "encoding/json" stdhttp "net/http" "time" "github.com/go-chi/chi/v5" "github.com/oklog/ulid/v2" "gitea.dcglab.co.uk/steve/restic-manager/internal/api" "gitea.dcglab.co.uk/steve/restic-manager/internal/auth" "gitea.dcglab.co.uk/steve/restic-manager/internal/store" ) // runNowRequest is the body of POST /api/hosts/:id/jobs. type runNowRequest struct { Kind api.JobKind `json:"kind"` Args []string `json:"args,omitempty"` // restic CLI args (paths for backup, etc.) } type runNowResponse struct { JobID string `json:"job_id"` Status string `json:"status"` // "queued" } // handleRunNow dispatches a job to the named host. Authenticated; // rejects if the host isn't connected (caller should retry once // the agent comes back). func (s *Server) handleRunNow(w stdhttp.ResponseWriter, r *stdhttp.Request) { user, ok := s.requireUser(r) if !ok { writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorized", "") return } hostID := chi.URLParam(r, "id") if hostID == "" { writeJSONError(w, stdhttp.StatusBadRequest, "missing_host_id", "") return } var req runNowRequest if err := json.NewDecoder(r.Body).Decode(&req); err != nil { writeJSONError(w, stdhttp.StatusBadRequest, "invalid_json", err.Error()) return } res, status, code, msg := s.dispatchJob(r.Context(), user, hostID, req.Kind, req.Args) if code != "" { writeJSONError(w, status, code, msg) return } writeJSON(w, stdhttp.StatusAccepted, res) } // dispatchJob is the common path for HTTP-driven job dispatch. It // validates the kind, checks the host is online, persists the job // row, and ships command.run over the WS. Returns: // - res: the queued-job response (job_id + status) // - status: HTTP status to return on failure (or 0 on success) // - code, msg: error code/message for the wire (empty on success) // // JSON callers wrap with writeJSONError; HTML callers translate to // flash banner + redirect. func (s *Server) dispatchJob(ctx context.Context, user *store.User, hostID string, kind api.JobKind, args []string, ) (res runNowResponse, status int, code, msg string) { if !validJobKind(kind) { return res, stdhttp.StatusBadRequest, "invalid_kind", "kind must be one of backup|forget|prune|check|unlock" } host, err := s.deps.Store.GetHost(ctx, hostID) if err != nil { return res, stdhttp.StatusNotFound, "host_not_found", "" } if !s.deps.Hub.Connected(host.ID) { return res, stdhttp.StatusServiceUnavailable, "host_offline", "agent is not currently connected; try again when it reconnects" } jobID := ulid.Make().String() now := time.Now().UTC() if err := s.deps.Store.CreateJob(ctx, store.Job{ ID: jobID, HostID: host.ID, Kind: string(kind), ActorKind: "user", ActorID: &user.ID, CreatedAt: now, }); err != nil { return res, stdhttp.StatusInternalServerError, "internal", "" } env, err := api.Marshal(api.MsgCommandRun, jobID, api.CommandRunPayload{ JobID: jobID, Kind: kind, Args: args, }) if err != nil { return res, stdhttp.StatusInternalServerError, "internal", "" } if err := s.deps.Hub.Send(ctx, host.ID, env); err != nil { return res, stdhttp.StatusServiceUnavailable, "host_offline", err.Error() } _ = s.deps.Store.AppendAudit(ctx, store.AuditEntry{ ID: ulid.Make().String(), UserID: &user.ID, Actor: "user", Action: "job.run_now", TargetKind: ptr("job"), TargetID: &jobID, TS: now, }) return runNowResponse{JobID: jobID, Status: "queued"}, 0, "", "" } // requireUser resolves the session cookie to a user row. Stub of the // session-auth middleware that lands in P1-04's full pass. func (s *Server) requireUser(r *stdhttp.Request) (*store.User, bool) { c, err := r.Cookie(sessionCookieName) if err != nil { return nil, false } sess, err := s.deps.Store.LookupSession(r.Context(), auth.HashToken(c.Value)) if err != nil { return nil, false } u, err := s.deps.Store.GetUserByID(r.Context(), sess.UserID) if err != nil { return nil, false } return u, true } func validJobKind(k api.JobKind) bool { switch k { case api.JobBackup, api.JobInit, api.JobForget, api.JobPrune, api.JobCheck, api.JobUnlock: return true } return false }