steve
e6729a5a3d
Closes the P1-21 remainder.
internal/server/ws/jobhub.go — new JobHub. Per-job_id set of
subscribers; each gets a 64-deep buffered channel with a writer
goroutine. Broadcast is non-blocking: if a subscriber is slow,
its channel fills and messages are dropped for that subscriber
only — the agent's read loop is never blocked by a stuck browser.
The agent dispatchAgentMessage path mirrors job.started /
job.progress / log.stream / job.finished envelopes onto the hub
in addition to its existing persistence work. The wire shape is
the same end-to-end, so client-side JS switches on env.type the
same way Go code does.
GET /api/jobs/{id}/stream is the browser endpoint. Auth via
session cookie (HTTP layer); upgrade; subscribe; pump until
context closes.
GET /jobs/{id} renders the live log page. Three states (queued/
running/succeeded/failed) drive the header pill, the progress
bar block, the failure summary panel, and the action button
(Cancel job while running, Back to host afterwards). Already-
persisted log lines are server-rendered on initial load; new
lines arrive over the WS and append to #log-stream. Auto-scrolls
unless the user scrolls up (a "⇢ Follow" pill re-attaches).
On job.finished the page reloads after 600ms to pick up the
final-state header rendered server-side.
POST /hosts/{id}/run-backup now sets HX-Redirect → /jobs/{job_id}
on success so HTMX lands the operator straight on the live log.
For non-HTMX callers (curl / plain form post) it 303s to the
same target.
store.ListJobLogs returns persisted log lines for initial render
on page load.
Browser-verified end-to-end: enrol → run a real backup against a
sibling restic/rest-server → live progress + 11 log lines stream
in → succeeded pill + final stats land after page reload.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
179 lines
5.0 KiB
Go
179 lines
5.0 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"flag"
|
|
"fmt"
|
|
"log/slog"
|
|
"os"
|
|
"os/signal"
|
|
"path/filepath"
|
|
"syscall"
|
|
"time"
|
|
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/auth"
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/crypto"
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/server/config"
|
|
rmhttp "gitea.dcglab.co.uk/steve/restic-manager/internal/server/http"
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/server/ui"
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/server/ws"
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/store"
|
|
)
|
|
|
|
var version = "dev"
|
|
|
|
func main() {
|
|
if err := run(); err != nil {
|
|
slog.Error("server fatal", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
}
|
|
|
|
func run() error {
|
|
configPath := flag.String("config", "", "path to YAML config (optional; env vars win regardless)")
|
|
showVersion := flag.Bool("version", false, "print version and exit")
|
|
flag.Parse()
|
|
|
|
if *showVersion {
|
|
fmt.Println("restic-manager-server", version)
|
|
return nil
|
|
}
|
|
|
|
logger := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelInfo}))
|
|
slog.SetDefault(logger)
|
|
|
|
cfg, err := config.Load(*configPath)
|
|
if err != nil {
|
|
return fmt.Errorf("config: %w", err)
|
|
}
|
|
slog.Info("config resolved", "listen", cfg.Listen, "data_dir", cfg.DataDir,
|
|
"cookie_secure", cfg.CookieSecure, "trusted_proxies", cfg.TrustedProxies)
|
|
|
|
if err := os.MkdirAll(cfg.DataDir, 0o700); err != nil {
|
|
return fmt.Errorf("ensure data dir: %w", err)
|
|
}
|
|
|
|
// Mint or load the encryption key.
|
|
if _, err := os.Stat(cfg.SecretKeyFile); errors.Is(err, os.ErrNotExist) {
|
|
slog.Warn("no secret key found; generating a new one — back this up before continuing",
|
|
"path", cfg.SecretKeyFile)
|
|
if err := crypto.GenerateKeyFile(cfg.SecretKeyFile); err != nil {
|
|
return fmt.Errorf("generate secret key: %w", err)
|
|
}
|
|
}
|
|
keyBytes, err := crypto.LoadKeyFromFile(cfg.SecretKeyFile)
|
|
if err != nil {
|
|
return fmt.Errorf("load secret key: %w", err)
|
|
}
|
|
aead, err := crypto.NewAEAD(keyBytes)
|
|
if err != nil {
|
|
return fmt.Errorf("init AEAD: %w", err)
|
|
}
|
|
|
|
dbPath := filepath.Join(cfg.DataDir, "restic-manager.db")
|
|
st, err := store.Open(context.Background(), dbPath)
|
|
if err != nil {
|
|
return fmt.Errorf("open store: %w", err)
|
|
}
|
|
defer func() { _ = st.Close() }()
|
|
|
|
hub := ws.NewHub()
|
|
jobHub := ws.NewJobHub()
|
|
|
|
renderer, err := ui.New()
|
|
if err != nil {
|
|
return fmt.Errorf("ui: %w", err)
|
|
}
|
|
|
|
deps := rmhttp.Deps{
|
|
Cfg: cfg,
|
|
Store: st,
|
|
AEAD: aead,
|
|
Hub: hub,
|
|
JobHub: jobHub,
|
|
UI: renderer,
|
|
Version: version,
|
|
}
|
|
|
|
// First-run bootstrap: if the users table is empty, mint a one-time
|
|
// token and print it. /api/bootstrap accepts it to create the first
|
|
// admin user, then becomes a no-op.
|
|
n, err := st.CountUsers(context.Background())
|
|
if err != nil {
|
|
return fmt.Errorf("count users: %w", err)
|
|
}
|
|
if n == 0 {
|
|
token, err := auth.NewToken()
|
|
if err != nil {
|
|
return fmt.Errorf("mint bootstrap token: %w", err)
|
|
}
|
|
deps.BootstrapToken = token
|
|
// Stable, easy-to-grep marker so an operator finds this in
|
|
// scrolling logs without spelunking. Token is shown in plain
|
|
// text exactly once; we hash it into BootstrapToken on the
|
|
// server-side handler.
|
|
fmt.Fprintln(os.Stderr, "================================================================")
|
|
fmt.Fprintln(os.Stderr, " FIRST RUN — bootstrap token (use within 1 hour, then it's gone):")
|
|
fmt.Fprintln(os.Stderr, " "+token)
|
|
fmt.Fprintln(os.Stderr, " POST it to /api/bootstrap with {token, username, password}.")
|
|
fmt.Fprintln(os.Stderr, "================================================================")
|
|
}
|
|
|
|
srv := rmhttp.New(deps)
|
|
|
|
ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
|
|
defer stop()
|
|
|
|
errCh := make(chan error, 1)
|
|
go func() {
|
|
slog.Info("server listening", "addr", cfg.Listen, "version", version)
|
|
errCh <- srv.Start()
|
|
}()
|
|
|
|
// Background sweepers:
|
|
// - sessions/tokens purge: 15 min
|
|
// - host offline-after-90s mark: every 30s (matches heartbeat
|
|
// cadence — agent sends every 30s, P1-12)
|
|
purgeTick := time.NewTicker(15 * time.Minute)
|
|
defer purgeTick.Stop()
|
|
offlineTick := time.NewTicker(30 * time.Second)
|
|
defer offlineTick.Stop()
|
|
go func() {
|
|
for {
|
|
select {
|
|
case <-ctx.Done():
|
|
return
|
|
case <-purgeTick.C:
|
|
if n, err := st.PurgeExpiredSessions(ctx); err == nil && n > 0 {
|
|
slog.Info("purged expired sessions", "n", n)
|
|
}
|
|
if n, err := st.PurgeExpiredEnrollmentTokens(ctx); err == nil && n > 0 {
|
|
slog.Info("purged expired enrollment tokens", "n", n)
|
|
}
|
|
case <-offlineTick.C:
|
|
cutoff := time.Now().Add(-90 * time.Second)
|
|
if n, err := st.MarkHostsOfflineStale(ctx, cutoff); err == nil && n > 0 {
|
|
slog.Info("marked hosts offline (stale heartbeat)", "n", n)
|
|
}
|
|
}
|
|
}
|
|
}()
|
|
|
|
select {
|
|
case err := <-errCh:
|
|
if err != nil {
|
|
return fmt.Errorf("listen: %w", err)
|
|
}
|
|
case <-ctx.Done():
|
|
slog.Info("shutting down")
|
|
}
|
|
|
|
shutCtx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
|
|
defer cancel()
|
|
if err := srv.Shutdown(shutCtx); err != nil {
|
|
return fmt.Errorf("shutdown: %w", err)
|
|
}
|
|
return nil
|
|
}
|