feat: adding background jobs, Dockerfile

2026-02-13 04:40:05 +01:00 · 2025-11-04 16:32:54 +00:00
parent 2170b9a945
commit 19d5cf7aab
34 changed files with 1269 additions and 148 deletions
--- a/internal/handlers/annotations.go
+++ b/internal/handlers/annotations.go
@@ -1,5 +1,19 @@
 package handlers

+import (
+	"errors"
+	"net/http"
+	"strings"
+
+	"github.com/glueops/autoglue/internal/api/httpmiddleware"
+	"github.com/glueops/autoglue/internal/handlers/dto"
+	"github.com/glueops/autoglue/internal/models"
+	"github.com/glueops/autoglue/internal/utils"
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+	"gorm.io/gorm"
+)
+
 // ListAnnotations godoc
 // @ID           ListAnnotations
 // @Summary      List annotations (org scoped)
@@ -11,11 +25,86 @@ package handlers
 // @Param        name query string false "Exact name"
 // @Param        value query string false "Exact value"
 // @Param        q query string false "name contains (case-insensitive)"
-// @Success      200 {array}  annotationResponse
+// @Success      200 {array}  dto.AnnotationResponse
 // @Failure      401 {string} string "Unauthorized"
 // @Failure      403 {string} string "organization required"
 // @Failure      500 {string} string "failed to list annotations"
-// @Router       /api/v1/annotations [get]
+// @Router       /annotations [get]
 // @Security     BearerAuth
 // @Security     OrgKeyAuth
 // @Security     OrgSecretAuth
+func ListAnnotations(db *gorm.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		orgID, ok := httpmiddleware.OrgIDFrom(r.Context())
+		if !ok {
+			utils.WriteError(w, http.StatusForbidden, "org_required", "specify X-Org-ID")
+			return
+		}
+
+		q := db.Where("organization_id = ?", orgID)
+
+		if key := strings.TrimSpace(r.URL.Query().Get("key")); key != "" {
+			q = q.Where(`key = ?`, key)
+		}
+		if val := strings.TrimSpace(r.URL.Query().Get("value")); val != "" {
+			q = q.Where(`value = ?`, val)
+		}
+		if needle := strings.TrimSpace(r.URL.Query().Get("q")); needle != "" {
+			q = q.Where(`key ILIKE ?`, "%"+needle+"%")
+		}
+
+		var out []dto.AnnotationResponse
+		if err := q.Model(&models.Annotation{}).Order("created_at DESC").Scan(&out).Error; err != nil {
+			utils.WriteError(w, http.StatusInternalServerError, "db_error", "db error")
+			return
+		}
+		utils.WriteJSON(w, http.StatusOK, out)
+	}
+}
+
+// GetAnnotation godoc
+// @ID           GetAnnotation
+// @Summary      Get annotation by ID (org scoped)
+// @Description  Returns one annotation. Add `include=node_pools` to include node pools.
+// @Tags         Annotations
+// @Accept       json
+// @Produce      json
+// @Param        X-Org-ID header string false "Organization UUID"
+// @Param        id path string true "Annotation ID (UUID)"
+// @Param        include query string false "Optional: node_pools"
+// @Success      200 {object} dto.AnnotationResponse
+// @Failure      400 {string} string "invalid id"
+// @Failure      401 {string} string "Unauthorized"
+// @Failure      403 {string} string "organization required"
+// @Failure      404 {string} string "not found"
+// @Failure      500 {string} string "fetch failed"
+// @Router       /annotations/{id} [get]
+// @Security     BearerAuth
+// @Security     OrgKeyAuth
+// @Security     OrgSecretAuth
+func GetAnnotation(db *gorm.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		orgID, ok := httpmiddleware.OrgIDFrom(r.Context())
+		if !ok {
+			utils.WriteError(w, http.StatusForbidden, "org_required", "specify X-Org-ID")
+			return
+		}
+
+		id, err := uuid.Parse(chi.URLParam(r, "id"))
+		if err != nil {
+			utils.WriteError(w, http.StatusBadRequest, "bad_request", "bad request")
+			return
+		}
+
+		var out dto.AnnotationResponse
+		if err := db.Model(&models.Annotation{}).Where("id = ? AND organization_id = ?", id, orgID).First(&out).Error; err != nil {
+			if errors.Is(err, gorm.ErrRecordNotFound) {
+				utils.WriteError(w, http.StatusNotFound, "not_found", "not_found")
+				return
+			}
+			utils.WriteError(w, http.StatusInternalServerError, "db_error", "db error")
+			return
+		}
+		utils.WriteJSON(w, http.StatusOK, out)
+	}
+}
--- a/internal/handlers/dto/ssh_keys.go
+++ b/internal/handlers/dto/ssh_keys.go
@@ -1,6 +1,8 @@
 package dto

-import "github.com/google/uuid"
+import (
+	"github.com/glueops/autoglue/internal/common"
+)

 type CreateSSHRequest struct {
 	Name    string  `json:"name"`
@@ -10,13 +12,13 @@ type CreateSSHRequest struct {
 }

 type SshResponse struct {
-	ID             uuid.UUID `json:"id"`
-	OrganizationID uuid.UUID `json:"organization_id"`
-	Name           string    `json:"name"`
-	PublicKey      string    `json:"public_key"`
-	Fingerprint    string    `json:"fingerprint"`
-	CreatedAt      string    `json:"created_at,omitempty"`
-	UpdatedAt      string    `json:"updated_at,omitempty"`
+	common.AuditFields
+	Name                string `json:"name"`
+	PublicKey           string `json:"public_key"`
+	Fingerprint         string `json:"fingerprint"`
+	EncryptedPrivateKey string `json:"-"`
+	PrivateIV           string `json:"-"`
+	PrivateTag          string `json:"-"`
 }

 type SshRevealResponse struct {
--- a/internal/handlers/health.go
+++ b/internal/handlers/health.go
@@ -0,0 +1,24 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/glueops/autoglue/internal/utils"
+)
+
+type HealthStatus struct {
+	Status string `json:"status" example:"ok"`
+}
+
+// HealthCheck godoc
+// @Summary      Basic health check
+// @Description  Returns 200 OK when the service is up
+// @Tags         Health
+// @ID           HealthCheck               // operationId
+// @Accept       json
+// @Produce      json
+// @Success      200 {object} HealthStatus
+// @Router       /healthz [get]
+func HealthCheck(w http.ResponseWriter, r *http.Request) {
+	utils.WriteJSON(w, http.StatusOK, HealthStatus{Status: "ok"})
+}
--- a/internal/handlers/ssh_keys.go
+++ b/internal/handlers/ssh_keys.go
@@ -13,9 +13,9 @@ import (
 	"fmt"
 	"net/http"
 	"strings"
-	"time"

 	"github.com/glueops/autoglue/internal/api/httpmiddleware"
+	"github.com/glueops/autoglue/internal/common"
 	"github.com/glueops/autoglue/internal/handlers/dto"
 	"github.com/glueops/autoglue/internal/models"
 	"github.com/glueops/autoglue/internal/utils"
@@ -49,25 +49,18 @@ func ListPublicSshKeys(db *gorm.DB) http.HandlerFunc {
 			return
 		}

-		var rows []models.SshKey
-		if err := db.Where("organization_id = ?", orgID).Order("created_at DESC").Find(&rows).Error; err != nil {
+		var out []dto.SshResponse
+		if err := db.
+			Model(&models.SshKey{}).
+			Where("organization_id = ?", orgID).
+			// avoid selecting encrypted columns here
+			Select("id", "organization_id", "name", "public_key", "fingerprint", "created_at", "updated_at").
+			Order("created_at DESC").
+			Scan(&out).Error; err != nil {
 			utils.WriteError(w, http.StatusInternalServerError, "db_error", "failed to list ssh keys")
 			return
 		}

-		out := make([]dto.SshResponse, 0, len(rows))
-		for _, row := range rows {
-			out = append(out, dto.SshResponse{
-				ID:             row.ID,
-				OrganizationID: row.OrganizationID,
-				Name:           row.Name,
-				PublicKey:      row.PublicKey,
-				Fingerprint:    row.Fingerprint,
-				CreatedAt:      row.CreatedAt.UTC().Format(time.RFC3339),
-				UpdatedAt:      row.UpdatedAt.UTC().Format(time.RFC3339),
-			})
-		}
-
 		utils.WriteJSON(w, http.StatusOK, out)
 	}
 }
@@ -160,7 +153,9 @@ func CreateSSHKey(db *gorm.DB) http.HandlerFunc {
 		fp := ssh.FingerprintSHA256(parsed)

 		key := models.SshKey{
-			OrganizationID:      orgID,
+			AuditFields: common.AuditFields{
+				OrganizationID: orgID,
+			},
 			Name:                req.Name,
 			PublicKey:           pubAuth,
 			EncryptedPrivateKey: cipher,
@@ -175,13 +170,10 @@ func CreateSSHKey(db *gorm.DB) http.HandlerFunc {
 		}

 		utils.WriteJSON(w, http.StatusCreated, dto.SshResponse{
-			ID:             key.ID,
-			OrganizationID: key.OrganizationID,
-			Name:           key.Name,
-			PublicKey:      key.PublicKey,
-			Fingerprint:    key.Fingerprint,
-			CreatedAt:      key.CreatedAt.UTC().Format(time.RFC3339),
-			UpdatedAt:      key.UpdatedAt.UTC().Format(time.RFC3339),
+			AuditFields: key.AuditFields,
+			Name:        key.Name,
+			PublicKey:   key.PublicKey,
+			Fingerprint: key.Fingerprint,
 		})
 	}
 }
@@ -221,30 +213,47 @@ func GetSSHKey(db *gorm.DB) http.HandlerFunc {
 			return
 		}

-		var key models.SshKey
-		if err := db.Where("id = ? AND organization_id = ?", id, orgID).First(&key).Error; err != nil {
-			if errors.Is(err, gorm.ErrRecordNotFound) {
+		reveal := strings.EqualFold(r.URL.Query().Get("reveal"), "true")
+
+		if !reveal {
+			var out dto.SshResponse
+			if err := db.
+				Model(&models.SshKey{}).
+				Where("id = ? AND organization_id = ?", id, orgID).
+				Select("id", "organization_id", "name", "public_key", "fingerprint", "created_at", "updated_at").
+				Limit(1).
+				Scan(&out).Error; err != nil {
+				utils.WriteError(w, http.StatusInternalServerError, "db_error", "failed to get ssh key")
+				return
+			}
+			if out.ID == uuid.Nil {
 				utils.WriteError(w, http.StatusNotFound, "ssh_key_not_found", "ssh key not found")
 				return
 			}
+			utils.WriteJSON(w, http.StatusOK, out)
+			return
+		}
+
+		var secret dto.SshResponse
+		if err := db.
+			Model(&models.SshKey{}).
+			Where("id = ? AND organization_id = ?", id, orgID).
+			// include the encrypted bits too
+			Select("id", "organization_id", "name", "public_key", "fingerprint",
+				"encrypted_private_key", "private_iv", "private_tag",
+				"created_at", "updated_at").
+			Limit(1).
+			Scan(&secret).Error; err != nil {
 			utils.WriteError(w, http.StatusInternalServerError, "db_error", "failed to get ssh key")
 			return
 		}

-		if r.URL.Query().Get("reveal") != "true" {
-			utils.WriteJSON(w, http.StatusOK, dto.SshResponse{
-				ID:             key.ID,
-				OrganizationID: key.OrganizationID,
-				Name:           key.Name,
-				PublicKey:      key.PublicKey,
-				Fingerprint:    key.Fingerprint,
-				CreatedAt:      key.CreatedAt.UTC().Format(time.RFC3339),
-				UpdatedAt:      key.UpdatedAt.UTC().Format(time.RFC3339),
-			})
+		if secret.ID == uuid.Nil {
+			utils.WriteError(w, http.StatusNotFound, "ssh_key_not_found", "ssh key not found")
 			return
 		}

-		plain, err := utils.DecryptForOrg(orgID, key.EncryptedPrivateKey, key.PrivateIV, key.PrivateTag, db)
+		plain, err := utils.DecryptForOrg(orgID, secret.EncryptedPrivateKey, secret.PrivateIV, secret.PrivateTag, db)
 		if err != nil {
 			utils.WriteError(w, http.StatusInternalServerError, "db_error", "failed to decrypt ssh key")
 			return
@@ -252,13 +261,10 @@ func GetSSHKey(db *gorm.DB) http.HandlerFunc {

 		utils.WriteJSON(w, http.StatusOK, dto.SshRevealResponse{
 			SshResponse: dto.SshResponse{
-				ID:             key.ID,
-				OrganizationID: key.OrganizationID,
-				Name:           key.Name,
-				PublicKey:      key.PublicKey,
-				Fingerprint:    key.Fingerprint,
-				CreatedAt:      key.CreatedAt.UTC().Format(time.RFC3339),
-				UpdatedAt:      key.UpdatedAt.UTC().Format(time.RFC3339),
+				AuditFields: secret.AuditFields,
+				Name:        secret.Name,
+				PublicKey:   secret.PublicKey,
+				Fingerprint: secret.Fingerprint,
 			},
 			PrivateKey: plain,
 		})
@@ -297,11 +303,16 @@ func DeleteSSHKey(db *gorm.DB) http.HandlerFunc {
 			return
 		}

-		if err := db.Where("id = ? AND organization_id = ?", id, orgID).
-			Delete(&models.SshKey{}).Error; err != nil {
+		res := db.Where("id = ? AND organization_id = ?", id, orgID).
+			Delete(&models.SshKey{})
+		if res.Error != nil {
 			utils.WriteError(w, http.StatusInternalServerError, "db_error", "failed to delete ssh key")
 			return
 		}
+		if res.RowsAffected == 0 {
+			utils.WriteError(w, http.StatusNotFound, "ssh_key_not_found", "ssh key not found")
+			return
+		}
 		w.WriteHeader(http.StatusNoContent)
 	}
 }
--- a/internal/handlers/taints.go
+++ b/internal/handlers/taints.go
@@ -55,24 +55,11 @@ func ListTaints(db *gorm.DB) http.HandlerFunc {
 			q = q.Where(`key ILIKE ?`, "%"+needle+"%")
 		}

-		var rows []models.Taint
-		if err := q.Order("created_at DESC").Find(&rows).Error; err != nil {
+		var out []dto.TaintResponse
+		if err := q.Model(&models.Taint{}).Order("created_at DESC").Find(&out).Error; err != nil {
 			utils.WriteError(w, http.StatusInternalServerError, "db_error", "db error")
 			return
 		}
-
-		out := make([]dto.TaintResponse, 0, len(rows))
-		for _, row := range rows {
-			out = append(out, dto.TaintResponse{
-				ID:             row.ID,
-				Key:            row.Key,
-				Value:          row.Value,
-				Effect:         row.Effect,
-				OrganizationID: row.OrganizationID,
-				CreatedAt:      row.CreatedAt.UTC().Format(time.RFC3339),
-				UpdatedAt:      row.UpdatedAt.UTC().Format(time.RFC3339),
-			})
-		}
 		utils.WriteJSON(w, http.StatusOK, out)
 	}
 }
@@ -109,8 +96,8 @@ func GetTaint(db *gorm.DB) http.HandlerFunc {
 			return
 		}

-		var row models.Taint
-		if err := db.Where("id = ? AND organization_id = ?", id, orgID).First(&row).Error; err != nil {
+		var out dto.TaintResponse
+		if err := db.Model(&models.Taint{}).Where("id = ? AND organization_id = ?", id, orgID).First(&out).Error; err != nil {
 			if errors.Is(err, gorm.ErrRecordNotFound) {
 				utils.WriteError(w, http.StatusNotFound, "not_found", "not_found")
 				return
@@ -118,15 +105,7 @@ func GetTaint(db *gorm.DB) http.HandlerFunc {
 			utils.WriteError(w, http.StatusInternalServerError, "db_error", "db error")
 			return
 		}
-		out := dto.TaintResponse{
-			ID:             row.ID,
-			Key:            row.Key,
-			Value:          row.Value,
-			Effect:         row.Effect,
-			OrganizationID: row.OrganizationID,
-			CreatedAt:      row.CreatedAt.UTC().Format(time.RFC3339),
-			UpdatedAt:      row.UpdatedAt.UTC().Format(time.RFC3339),
-		}
+
 		utils.WriteJSON(w, http.StatusOK, out)
 	}
 }