fyb/tingz
1
0
Fork 0
Code Issues 1 Pull Requests Packages Releases 1 Wiki Activity

initial commit

Browse Source
This commit is contained in:
yigid balaban
2025-10-14 21:20:25 +03:00
commit 5471f3b138
19 changed files with 1365 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
internal/config/config.go Normal file
View File

@@ -0,0 +1,112 @@
package config
import (
"fmt"
"os"
"strconv"
)
type Config struct {
AdminToken string
DeployRoot string
ReleaseRoot string
DBPath string
MaxUploadSize int64
LogLevel string
ReleasesToKeep int
DisableFileDeleteOnUserRemove bool
TLSCert string
TLSKey string
}
func LoadConfig() (*Config, error) {
cfg := &Config{
AdminToken: os.Getenv("ADMIN_TOKEN"),
DeployRoot: getEnvOrDefault("DEPLOY_ROOT", "/var/www/docs"),
ReleaseRoot: getEnvOrDefault("RELEASE_ROOT", "/var/www/deploys"),
DBPath: getEnvOrDefault("DB_PATH", "/data/deployer.db"),
MaxUploadSize: getEnvAsInt64("MAX_UPLOAD_SIZE", 104857600),
LogLevel: getEnvOrDefault("LOG_LEVEL", "info"),
ReleasesToKeep: getEnvAsInt("RELEASES_TO_KEEP", 5),
DisableFileDeleteOnUserRemove: getEnvAsBool("DISABLE_FILE_DELETE_ON_USER_REMOVE", false),
TLSCert: os.Getenv("TLS_CERT"),
TLSKey: os.Getenv("TLS_KEY"),
}
if err := cfg.validate(); err != nil {
return nil, err
}
return cfg, nil
}
func (c *Config) validate() error {
if c.AdminToken == "" {
return fmt.Errorf("ADMIN_TOKEN is required")
}
validLogLevels := map[string]bool{
"debug": true,
"info": true,
"warn": true,
"error": true,
}
if !validLogLevels[c.LogLevel] {
return fmt.Errorf("invalid LOG_LEVEL: %s (must be debug, info, warn, or error)", c.LogLevel)
}
if c.MaxUploadSize <= 0 {
return fmt.Errorf("MAX_UPLOAD_SIZE must be positive")
}
if c.ReleasesToKeep < 1 {
return fmt.Errorf("RELEASES_TO_KEEP must be at least 1")
}
return nil
}
func getEnvOrDefault(key, defaultValue string) string {
if value := os.Getenv(key); value != "" {
return value
}
return defaultValue
}
func getEnvAsInt(key string, defaultValue int) int {
valueStr := os.Getenv(key)
if valueStr == "" {
return defaultValue
}
value, err := strconv.Atoi(valueStr)
if err != nil {
return defaultValue
}
return value
}
func getEnvAsInt64(key string, defaultValue int64) int64 {
valueStr := os.Getenv(key)
if valueStr == "" {
return defaultValue
}
value, err := strconv.ParseInt(valueStr, 10, 64)
if err != nil {
return defaultValue
}
return value
}
func getEnvAsBool(key string, defaultValue bool) bool {
valueStr := os.Getenv(key)
if valueStr == "" {
return defaultValue
}
value, err := strconv.ParseBool(valueStr)
if err != nil {
return defaultValue
}
return value
}

63
internal/db/db.go Normal file
View File

@@ -0,0 +1,63 @@
package db
import (
"database/sql"
"fmt"
"os"
"path/filepath"
_ "modernc.org/sqlite"
)
func OpenDB(path string) (*sql.DB, error) {
dir := filepath.Dir(path)
if err := os.MkdirAll(dir, 0755); err != nil {
return nil, fmt.Errorf("failed to create database directory: %w", err)
}
db, err := sql.Open("sqlite", path)
if err != nil {
return nil, fmt.Errorf("failed to open database: %w", err)
}
if err := db.Ping(); err != nil {
db.Close()
return nil, fmt.Errorf("failed to ping database: %w", err)
}
pragmas := []string{
"PRAGMA journal_mode=WAL",
"PRAGMA foreign_keys=ON",
"PRAGMA synchronous=NORMAL",
"PRAGMA busy_timeout=5000",
}
for _, pragma := range pragmas {
if _, err := db.Exec(pragma); err != nil {
db.Close()
return nil, fmt.Errorf("failed to set pragma: %w", err)
}
}
return db, nil
}
func EnsureSchema(db *sql.DB) error {
schema := `
CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL UNIQUE,
token TEXT NOT NULL,
created_at TEXT NOT NULL,
updated_at TEXT NOT NULL
);
CREATE INDEX IF NOT EXISTS idx_users_token ON users(token);
`
if _, err := db.Exec(schema); err != nil {
return fmt.Errorf("failed to create schema: %w", err)
}
return nil
}

215
internal/deploy/manager.go Normal file
View File

@@ -0,0 +1,215 @@
package deploy
import (
"archive/tar"
"compress/gzip"
"context"
"fmt"
"io"
"log/slog"
"os"
"path/filepath"
"sort"
"strings"
"time"
)
type Manager struct {
deployRoot string
releaseRoot string
releasesToKeep int
logger *slog.Logger
}
func NewManager(deployRoot, releaseRoot string, releasesToKeep int, logger *slog.Logger) *Manager {
return &Manager{
deployRoot: deployRoot,
releaseRoot: releaseRoot,
releasesToKeep: releasesToKeep,
logger: logger,
}
}
func (m *Manager) Deploy(ctx context.Context, username, project string, r io.Reader) (string, error) {
releaseID := time.Now().UTC().Format("20060102T150405")
m.logger.Info("starting deployment",
slog.String("username", username),
slog.String("project", project),
slog.String("release_id", releaseID))
tmpFile, err := os.CreateTemp("", fmt.Sprintf("deployer-upload-%s-%s-*.tar.gz", username, releaseID))
if err != nil {
return "", fmt.Errorf("failed to create temp file: %w", err)
}
defer os.Remove(tmpFile.Name())
defer tmpFile.Close()
written, err := io.Copy(tmpFile, r)
if err != nil {
return "", fmt.Errorf("failed to write tarball: %w", err)
}
m.logger.Debug("tarball saved to temp file",
slog.String("path", tmpFile.Name()),
slog.Int64("bytes", written))
if _, err := tmpFile.Seek(0, 0); err != nil {
return "", fmt.Errorf("failed to seek temp file: %w", err)
}
releasePath := filepath.Join(m.releaseRoot, username, project, releaseID)
if err := os.MkdirAll(releasePath, 0755); err != nil {
return "", fmt.Errorf("failed to create release directory: %w", err)
}
if err := m.extractTarball(tmpFile, releasePath); err != nil {
os.RemoveAll(releasePath)
return "", fmt.Errorf("failed to extract tarball: %w", err)
}
deployPath := filepath.Join(m.deployRoot, username, project)
deployParentDir := filepath.Dir(deployPath)
if err := os.MkdirAll(deployParentDir, 0755); err != nil {
return "", fmt.Errorf("failed to create deploy parent directory: %w", err)
}
tmpLink := deployPath + ".tmp." + releaseID
if err := os.Symlink(releasePath, tmpLink); err != nil {
return "", fmt.Errorf("failed to create temporary symlink: %w", err)
}
if err := os.Rename(tmpLink, deployPath); err != nil {
os.Remove(tmpLink)
return "", fmt.Errorf("failed to swap symlink: %w", err)
}
m.logger.Info("deployment successful",
slog.String("username", username),
slog.String("project", project),
slog.String("release_id", releaseID))
if err := m.cleanupOldReleases(username, project); err != nil {
m.logger.Warn("failed to cleanup old releases",
slog.String("error", err.Error()))
}
return releaseID, nil
}
func (m *Manager) extractTarball(r io.Reader, destDir string) error {
gzr, err := gzip.NewReader(r)
if err != nil {
return fmt.Errorf("failed to create gzip reader: %w", err)
}
defer gzr.Close()
tr := tar.NewReader(gzr)
for {
header, err := tr.Next()
if err == io.EOF {
break
}
if err != nil {
return fmt.Errorf("failed to read tar header: %w", err)
}
if err := validateTarPath(header.Name); err != nil {
return err
}
cleanName := filepath.Clean(header.Name)
if cleanName == "." || cleanName == ".." {
continue
}
target := filepath.Join(destDir, cleanName)
if !strings.HasPrefix(target, filepath.Clean(destDir)+string(os.PathSeparator)) {
return fmt.Errorf("path traversal detected: %s", header.Name)
}
switch header.Typeflag {
case tar.TypeDir:
if err := os.MkdirAll(target, 0755); err != nil {
return fmt.Errorf("failed to create directory: %w", err)
}
case tar.TypeReg:
if err := os.MkdirAll(filepath.Dir(target), 0755); err != nil {
return fmt.Errorf("failed to create parent directory: %w", err)
}
f, err := os.OpenFile(target, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.FileMode(header.Mode))
if err != nil {
return fmt.Errorf("failed to create file: %w", err)
}
if _, err := io.Copy(f, tr); err != nil {
f.Close()
return fmt.Errorf("failed to write file: %w", err)
}
f.Close()
}
}
return nil
}
func validateTarPath(path string) error {
clean := filepath.Clean(path)
parts := strings.Split(clean, string(filepath.Separator))
for _, part := range parts {
if part == ".." {
return fmt.Errorf("path contains '..' component which is not allowed: %s", path)
}
}
if filepath.IsAbs(path) {
return fmt.Errorf("absolute paths not allowed: %s", path)
}
return nil
}
func (m *Manager) cleanupOldReleases(username, project string) error {
releasesDir := filepath.Join(m.releaseRoot, username, project)
entries, err := os.ReadDir(releasesDir)
if err != nil {
if os.IsNotExist(err) {
return nil
}
return fmt.Errorf("failed to read releases directory: %w", err)
}
var releases []os.DirEntry
for _, entry := range entries {
if entry.IsDir() {
releases = append(releases, entry)
}
}
if len(releases) <= m.releasesToKeep {
return nil
}
sort.Slice(releases, func(i, j int) bool {
return releases[i].Name() > releases[j].Name()
})
for i := m.releasesToKeep; i < len(releases); i++ {
oldReleasePath := filepath.Join(releasesDir, releases[i].Name())
m.logger.Info("removing old release",
slog.String("path", oldReleasePath))
if err := os.RemoveAll(oldReleasePath); err != nil {
m.logger.Warn("failed to remove old release",
slog.String("path", oldReleasePath),
slog.String("error", err.Error()))
}
}
return nil
}

210
internal/http/handlers.go Normal file
View File

@@ -0,0 +1,210 @@
package http
import (
"encoding/json"
"fmt"
"log/slog"
"net/http"
"git.yigid.dev/fyb/tingz/internal/deploy"
"git.yigid.dev/fyb/tingz/internal/user"
)
type Server struct {
userMgr *user.Manager
deployMgr *deploy.Manager
logger *slog.Logger
baseURL string
}
func NewServer(userMgr *user.Manager, deployMgr *deploy.Manager, logger *slog.Logger, baseURL string) *Server {
return &Server{
userMgr: userMgr,
deployMgr: deployMgr,
logger: logger,
baseURL: baseURL,
}
}
func (s *Server) handleAuthCreate(w http.ResponseWriter, r *http.Request) {
var req struct {
Username string `json:"username"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
s.logger.Warn("failed to decode request", slog.String("error", err.Error()))
writeJSON(w, http.StatusBadRequest, map[string]string{
"status": "error",
"error": "invalid request body",
})
return
}
if !user.ValidateUsername(req.Username) {
s.logger.Warn("invalid username", slog.String("username", req.Username))
writeJSON(w, http.StatusBadRequest, map[string]string{
"status": "error",
"error": "invalid username format",
})
return
}
token, err := s.userMgr.CreateOrUpdate(r.Context(), req.Username)
if err != nil {
s.logger.Error("failed to create/update user",
slog.String("username", req.Username),
slog.String("error", err.Error()))
writeJSON(w, http.StatusInternalServerError, map[string]string{
"status": "error",
"error": "failed to create user",
})
return
}
s.logger.Info("user created/updated", slog.String("username", req.Username))
writeJSON(w, http.StatusOK, map[string]string{
"status": "ok",
"token": token,
})
}
func (s *Server) handleAuthDelete(w http.ResponseWriter, r *http.Request) {
var req struct {
Username string `json:"username"`
Files string `json:"files"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
s.logger.Warn("failed to decode request", slog.String("error", err.Error()))
writeJSON(w, http.StatusBadRequest, map[string]string{
"status": "error",
"error": "invalid request body",
})
return
}
if !user.ValidateUsername(req.Username) {
s.logger.Warn("invalid username", slog.String("username", req.Username))
writeJSON(w, http.StatusBadRequest, map[string]string{
"status": "error",
"error": "invalid username format",
})
return
}
if req.Files == "" {
req.Files = "persist"
}
deleteFiles := false
if req.Files == "delete" {
deleteFiles = true
} else if req.Files != "persist" {
writeJSON(w, http.StatusBadRequest, map[string]string{
"status": "error",
"error": "files must be 'persist' or 'delete'",
})
return
}
err := s.userMgr.Delete(r.Context(), req.Username, deleteFiles)
if err != nil {
s.logger.Error("failed to delete user",
slog.String("username", req.Username),
slog.String("error", err.Error()))
writeJSON(w, http.StatusInternalServerError, map[string]string{
"status": "error",
"error": err.Error(),
})
return
}
s.logger.Info("user deleted",
slog.String("username", req.Username),
slog.Bool("files_deleted", deleteFiles))
writeJSON(w, http.StatusOK, map[string]string{
"status": "ok",
})
}
func (s *Server) handleDeploy(w http.ResponseWriter, r *http.Request) {
username, ok := getUsernameFromContext(r.Context())
if !ok {
writeJSON(w, http.StatusUnauthorized, map[string]string{
"status": "error",
"error": "unauthorized",
})
return
}
if err := r.ParseMultipartForm(32 << 20); err != nil {
s.logger.Warn("failed to parse multipart form", slog.String("error", err.Error()))
writeJSON(w, http.StatusBadRequest, map[string]string{
"status": "error",
"error": "failed to parse multipart form",
})
return
}
project := r.FormValue("project")
if !user.ValidateProjectName(project) {
s.logger.Warn("invalid project name", slog.String("project", project))
writeJSON(w, http.StatusBadRequest, map[string]string{
"status": "error",
"error": "invalid project name format",
})
return
}
file, header, err := r.FormFile("file")
if err != nil {
s.logger.Warn("failed to get file from form", slog.String("error", err.Error()))
writeJSON(w, http.StatusBadRequest, map[string]string{
"status": "error",
"error": "missing or invalid file",
})
return
}
defer file.Close()
s.logger.Info("processing deployment",
slog.String("username", username),
slog.String("project", project),
slog.String("filename", header.Filename),
slog.Int64("size", header.Size))
releaseID, err := s.deployMgr.Deploy(r.Context(), username, project, file)
if err != nil {
s.logger.Error("deployment failed",
slog.String("username", username),
slog.String("project", project),
slog.String("error", err.Error()))
writeJSON(w, http.StatusInternalServerError, map[string]string{
"status": "error",
"error": err.Error(),
})
return
}
url := fmt.Sprintf("%s/%s/%s/", s.baseURL, username, project)
writeJSON(w, http.StatusOK, map[string]string{
"status": "ok",
"project": project,
"username": username,
"url": url,
"release": releaseID,
})
}
func (s *Server) handleStatus(w http.ResponseWriter, r *http.Request) {
writeJSON(w, http.StatusOK, map[string]string{
"status": "ok",
})
}
func writeJSON(w http.ResponseWriter, status int, data interface{}) {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(status)
json.NewEncoder(w).Encode(data)
}

138
internal/http/middleware.go Normal file
View File

@@ -0,0 +1,138 @@
package http
import (
"context"
"crypto/subtle"
"log/slog"
"net/http"
"strings"
"time"
"git.yigid.dev/fyb/tingz/internal/user"
)
type contextKey string
const usernameKey contextKey = "username"
func AdminAuthMiddleware(adminToken string, logger *slog.Logger) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
logger.Warn("missing authorization header")
writeJSON(w, http.StatusUnauthorized, map[string]string{
"status": "error",
"error": "missing authorization header",
})
return
}
parts := strings.SplitN(authHeader, " ", 2)
if len(parts) != 2 || parts[0] != "Bearer" {
logger.Warn("invalid authorization header format")
writeJSON(w, http.StatusUnauthorized, map[string]string{
"status": "error",
"error": "invalid authorization header format",
})
return
}
token := parts[1]
if subtle.ConstantTimeCompare([]byte(token), []byte(adminToken)) != 1 {
logger.Warn("invalid admin token")
writeJSON(w, http.StatusUnauthorized, map[string]string{
"status": "error",
"error": "invalid admin token",
})
return
}
next.ServeHTTP(w, r)
})
}
}
func UserAuthMiddleware(userMgr *user.Manager, logger *slog.Logger) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
logger.Warn("missing authorization header")
writeJSON(w, http.StatusUnauthorized, map[string]string{
"status": "error",
"error": "missing authorization header",
})
return
}
parts := strings.SplitN(authHeader, " ", 2)
if len(parts) != 2 || parts[0] != "Bearer" {
logger.Warn("invalid authorization header format")
writeJSON(w, http.StatusUnauthorized, map[string]string{
"status": "error",
"error": "invalid authorization header format",
})
return
}
token := parts[1]
username, err := userMgr.GetByToken(r.Context(), token)
if err != nil {
logger.Warn("invalid user token", slog.String("error", err.Error()))
writeJSON(w, http.StatusUnauthorized, map[string]string{
"status": "error",
"error": "invalid token",
})
return
}
ctx := context.WithValue(r.Context(), usernameKey, username)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
}
func LoggingMiddleware(logger *slog.Logger) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
start := time.Now()
wrapped := &responseWriter{ResponseWriter: w, statusCode: http.StatusOK}
next.ServeHTTP(wrapped, r)
duration := time.Since(start)
logger.Info("request completed",
slog.String("method", r.Method),
slog.String("path", r.URL.Path),
slog.Int("status", wrapped.statusCode),
slog.Duration("duration", duration),
slog.String("remote_addr", r.RemoteAddr))
})
}
}
func MaxBytesMiddleware(maxBytes int64) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxBytes)
next.ServeHTTP(w, r)
})
}
}
type responseWriter struct {
http.ResponseWriter
statusCode int
}
func (rw *responseWriter) WriteHeader(code int) {
rw.statusCode = code
rw.ResponseWriter.WriteHeader(code)
}
func getUsernameFromContext(ctx context.Context) (string, bool) {
username, ok := ctx.Value(usernameKey).(string)
return username, ok
}

29
internal/http/router.go Normal file
View File

@@ -0,0 +1,29 @@
package http
import (
"log/slog"
"net/http"
"git.yigid.dev/fyb/tingz/internal/config"
"git.yigid.dev/fyb/tingz/internal/deploy"
"git.yigid.dev/fyb/tingz/internal/user"
)
func NewRouter(cfg *config.Config, userMgr *user.Manager, deployMgr *deploy.Manager, logger *slog.Logger) http.Handler {
mux := http.NewServeMux()
baseURL := "https://docs.yigid.dev"
server := NewServer(userMgr, deployMgr, logger, baseURL)
adminAuth := AdminAuthMiddleware(cfg.AdminToken, logger)
userAuth := UserAuthMiddleware(userMgr, logger)
maxBytes := MaxBytesMiddleware(cfg.MaxUploadSize)
mux.Handle("POST /api/v1/auth", adminAuth(http.HandlerFunc(server.handleAuthCreate)))
mux.Handle("DELETE /api/v1/auth", adminAuth(http.HandlerFunc(server.handleAuthDelete)))
mux.Handle("POST /api/v1/deploy", userAuth(maxBytes(http.HandlerFunc(server.handleDeploy))))
mux.HandleFunc("GET /api/v1/status", server.handleStatus)
return LoggingMiddleware(logger)(mux)
}

29
internal/logging/logger.go Normal file
View File

@@ -0,0 +1,29 @@
package logging
import (
"log/slog"
"os"
)
func New(level string) *slog.Logger {
var logLevel slog.Level
switch level {
case "debug":
logLevel = slog.LevelDebug
case "info":
logLevel = slog.LevelInfo
case "warn":
logLevel = slog.LevelWarn
case "error":
logLevel = slog.LevelError
default:
logLevel = slog.LevelInfo
}
handler := slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{
Level: logLevel,
})
return slog.New(handler)
}

182
internal/user/manager.go Normal file
View File

@@ -0,0 +1,182 @@
package user
import (
"context"
"crypto/rand"
"database/sql"
"encoding/base64"
"fmt"
"os"
"path/filepath"
"regexp"
"strings"
"time"
)
var usernameRegex = regexp.MustCompile(`^[a-z0-9]([a-z0-9_-]{0,62}[a-z0-9])?$`)
type Manager struct {
db *sql.DB
deployRoot string
releaseRoot string
}
func NewManager(db *sql.DB, deployRoot, releaseRoot string) *Manager {
return &Manager{
db: db,
deployRoot: deployRoot,
releaseRoot: releaseRoot,
}
}
func (m *Manager) CreateOrUpdate(ctx context.Context, username string) (string, error) {
if !ValidateUsername(username) {
return "", fmt.Errorf("invalid username format")
}
token, err := generateToken()
if err != nil {
return "", fmt.Errorf("failed to generate token: %w", err)
}
now := time.Now().UTC().Format(time.RFC3339)
var existingID int
err = m.db.QueryRowContext(ctx, "SELECT id FROM users WHERE username = ?", username).Scan(&existingID)
if err == sql.ErrNoRows {
_, err = m.db.ExecContext(ctx,
"INSERT INTO users (username, token, created_at, updated_at) VALUES (?, ?, ?, ?)",
username, token, now, now)
if err != nil {
return "", fmt.Errorf("failed to create user: %w", err)
}
} else if err == nil {
_, err = m.db.ExecContext(ctx,
"UPDATE users SET token = ?, updated_at = ? WHERE username = ?",
token, now, username)
if err != nil {
return "", fmt.Errorf("failed to update user: %w", err)
}
} else {
return "", fmt.Errorf("failed to check user existence: %w", err)
}
if err := m.ensureUserDirectories(username); err != nil {
return "", fmt.Errorf("failed to create user directories: %w", err)
}
return token, nil
}
func (m *Manager) Delete(ctx context.Context, username string, deleteFiles bool) error {
if !ValidateUsername(username) {
return fmt.Errorf("invalid username format")
}
result, err := m.db.ExecContext(ctx, "DELETE FROM users WHERE username = ?", username)
if err != nil {
return fmt.Errorf("failed to delete user: %w", err)
}
rowsAffected, err := result.RowsAffected()
if err != nil {
return fmt.Errorf("failed to check deletion: %w", err)
}
if rowsAffected == 0 {
return fmt.Errorf("user not found")
}
if deleteFiles {
deployPath := filepath.Join(m.deployRoot, username)
releasePath := filepath.Join(m.releaseRoot, username)
if err := os.RemoveAll(deployPath); err != nil && !os.IsNotExist(err) {
return fmt.Errorf("failed to remove deploy directory: %w", err)
}
if err := os.RemoveAll(releasePath); err != nil && !os.IsNotExist(err) {
return fmt.Errorf("failed to remove release directory: %w", err)
}
}
return nil
}
func (m *Manager) GetByToken(ctx context.Context, token string) (string, error) {
var username string
err := m.db.QueryRowContext(ctx, "SELECT username FROM users WHERE token = ?", token).Scan(&username)
if err == sql.ErrNoRows {
return "", fmt.Errorf("invalid token")
}
if err != nil {
return "", fmt.Errorf("failed to query user: %w", err)
}
return username, nil
}
func (m *Manager) Exists(ctx context.Context, username string) (bool, error) {
var count int
err := m.db.QueryRowContext(ctx, "SELECT COUNT(*) FROM users WHERE username = ?", username).Scan(&count)
if err != nil {
return false, fmt.Errorf("failed to check user existence: %w", err)
}
return count > 0, nil
}
func (m *Manager) ensureUserDirectories(username string) error {
deployPath := filepath.Join(m.deployRoot, username)
releasePath := filepath.Join(m.releaseRoot, username)
if err := os.MkdirAll(deployPath, 0755); err != nil {
return fmt.Errorf("failed to create deploy directory: %w", err)
}
if err := os.MkdirAll(releasePath, 0755); err != nil {
return fmt.Errorf("failed to create release directory: %w", err)
}
return nil
}
func ValidateUsername(username string) bool {
return usernameRegex.MatchString(username)
}
func ValidateProjectName(project string) bool {
return usernameRegex.MatchString(project)
}
func generateToken() (string, error) {
b := make([]byte, 24)
if _, err := rand.Read(b); err != nil {
return "", err
}
encoded := base64.URLEncoding.EncodeToString(b)
alphanumeric := strings.Map(func(r rune) rune {
if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') {
return r
}
return -1
}, encoded)
if len(alphanumeric) < 32 {
for len(alphanumeric) < 32 {
extra := make([]byte, 8)
rand.Read(extra)
extraEncoded := base64.URLEncoding.EncodeToString(extra)
extraAlphanumeric := strings.Map(func(r rune) rune {
if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') {
return r
}
return -1
}, extraEncoded)
alphanumeric += extraAlphanumeric
}
}
return alphanumeric[:32], nil
}