kindred/silo
1
1
Fork 0
Code Issues 30 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ui-density-mode
silo/internal/api/middleware.go
Forbes 3d7302f383 feat: add SSE endpoint and server mode system 
Add server-sent events at GET /api/events for live mutation
notifications. Add server mode (normal/read-only/degraded) exposed
via /health, /ready, and SSE server.state events.

New files:
- broker.go: SSE event hub with client management, non-blocking
  fan-out, ring buffer history for Last-Event-ID replay, heartbeat
- servermode.go: mode state machine with periodic MinIO health
  check and SIGUSR1 read-only toggle
- sse_handler.go: HTTP handler using http.Flusher and
  ResponseController to disable WriteTimeout for long-lived SSE
- broker_test.go, servermode_test.go: 13 unit tests

Modified:
- handlers.go: Server struct gains broker/serverState fields,
  Health/Ready include mode and sse_clients, write handlers
  emit item.created/updated/deleted and revision.created events
- routes.go: register GET /api/events, add RequireWritable
  middleware to all 8 editor-gated route groups
- middleware.go: RequireWritable returns 503 in read-only mode
- csv.go, ods.go: emit bulk item.created events after import
- storage.go: add Ping() method for health checks
- config.go: add ReadOnly field to ServerConfig
- main.go: create broker/state, start background goroutines,
  SIGUSR1 handler, graceful shutdown sequence

Closes #38, closes #39
2026-02-08 15:59:23 -06:00

162 lines
4.7 KiB
Go
Raw Permalink Blame History

// Package api provides HTTP handlers and middleware for the Silo API.
package api
import (
"net/http"
"strings"
"time"
"github.com/go-chi/chi/v5/middleware"
"github.com/kindredsystems/silo/internal/auth"
"github.com/rs/zerolog"
)
// RequestLogger returns a middleware that logs HTTP requests using zerolog.
func RequestLogger(logger zerolog.Logger) func(next http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
start := time.Now()
ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
defer func() {
logger.Info().
Str("method", r.Method).
Str("path", r.URL.Path).
Str("query", r.URL.RawQuery).
Int("status", ww.Status()).
Int("bytes", ww.BytesWritten()).
Dur("duration", time.Since(start)).
Str("remote", r.RemoteAddr).
Str("user_agent", r.UserAgent()).
Msg("request")
}()
next.ServeHTTP(ww, r)
})
}
}
// Recoverer returns a middleware that recovers from panics and logs them.
func Recoverer(logger zerolog.Logger) func(next http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
defer func() {
if rec := recover(); rec != nil {
logger.Error().
Interface("panic", rec).
Str("method", r.Method).
Str("path", r.URL.Path).
Msg("panic recovered")
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
}
}()
next.ServeHTTP(w, r)
})
}
}
// RequireAuth extracts the user from a session cookie or API token and injects
// it into the request context. If auth is disabled, injects a synthetic dev user.
func (s *Server) RequireAuth(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Dev mode: inject synthetic admin user
if s.authConfig == nil || !s.authConfig.Enabled {
devUser := &auth.User{
ID: "00000000-0000-0000-0000-000000000000",
Username: "dev",
DisplayName: "Developer",
Email: "dev@localhost",
Role: auth.RoleAdmin,
AuthSource: "local",
}
ctx := auth.ContextWithUser(r.Context(), devUser)
next.ServeHTTP(w, r.WithContext(ctx))
return
}
// 1. Check for API token (Authorization: Bearer silo_...)
if token := extractBearerToken(r); token != "" {
user, err := s.auth.ValidateToken(r.Context(), token)
if err != nil {
writeError(w, http.StatusUnauthorized, "invalid_token", "Invalid or expired API token")
return
}
ctx := auth.ContextWithUser(r.Context(), user)
next.ServeHTTP(w, r.WithContext(ctx))
return
}
// 2. Check session
if s.sessions != nil {
userID := s.sessions.GetString(r.Context(), "user_id")
if userID != "" {
user, err := s.auth.GetUserByID(r.Context(), userID)
if err == nil && user != nil {
ctx := auth.ContextWithUser(r.Context(), user)
next.ServeHTTP(w, r.WithContext(ctx))
return
}
// Invalid session — destroy it
_ = s.sessions.Destroy(r.Context())
}
}
// 3. Not authenticated
if isAPIRequest(r) {
writeError(w, http.StatusUnauthorized, "unauthorized", "Authentication required")
} else {
next := r.URL.Path
if r.URL.RawQuery != "" {
next += "?" + r.URL.RawQuery
}
http.Redirect(w, r, "/login?next="+next, http.StatusSeeOther)
}
})
}
// RequireRole returns middleware that rejects users below the given role.
// Role hierarchy: admin > editor > viewer.
func (s *Server) RequireRole(minimum string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user := auth.UserFromContext(r.Context())
if user == nil {
writeError(w, http.StatusUnauthorized, "unauthorized", "Authentication required")
return
}
if !auth.RoleSatisfies(user.Role, minimum) {
writeError(w, http.StatusForbidden, "forbidden",
"Insufficient permissions: requires "+minimum+" role")
return
}
next.ServeHTTP(w, r)
})
}
}
// RequireWritable rejects requests with 503 when the server is in read-only mode.
func (s *Server) RequireWritable(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if s.serverState.IsReadOnly() {
writeError(w, http.StatusServiceUnavailable, "server_read_only",
"Server is in read-only mode")
return
}
next.ServeHTTP(w, r)
})
}
func extractBearerToken(r *http.Request) string {
h := r.Header.Get("Authorization")
if strings.HasPrefix(h, "Bearer ") {
return strings.TrimPrefix(h, "Bearer ")
}
return ""
}
func isAPIRequest(r *http.Request) bool {
return strings.HasPrefix(r.URL.Path, "/api/")
}
Reference in New Issue View Git Blame Copy Permalink