h/golib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: h:cookies/v0.9.0
Branches Tags
h:master
h:tmdb/v0.10.0 h:hwsauth/v0.7.0 h:hws/v0.6.0 h:hlog/v0.11.0 h:ezconf/v0.2.1 h:ezconf/v0.2.0 h:hwsauth/v0.6.1 h:hwsauth/v0.6.0 h:hwsauth/v0.5.5 h:hws/v0.5.0 h:hwsauth/v0.5.4 h:hws/v0.4.4 h:hwsauth/v0.5.3 h:hws/v0.4.3 h:hws/v0.4.2 h:hws/v0.4.1 h:hws/v0.4.0 h:notify/v0.1.0 h:hws/v0.3.2 h:hwsauth/v0.5.2 h:hwsauth/v0.5.1 h:hws/v0.3.1 h:hwsauth/v0.5.0 h:hwsauth/v0.4.0 h:hws/v0.3.0 h:ezconf/v0.1.1 h:hlog/v0.10.4 h:tmdb/v0.9.2 h:hwsauth/v0.3.4 h:hws/v0.2.3 h:ezconf/v0.1.0 h:tmdb/v0.9.1 h:tmdb/v0.9.0 h:hwsauth/v0.3.3 h:jwt/v0.10.1 h:hwsauth/v0.3.2 h:hws/v0.2.2 h:hlog/v0.10.3 h:hlog/v0.10.2 h:hlog/v0.10.1 h:hws/v0.2.1 h:hwsauth/v0.3.1 h:hws/v0.2.0 h:hwsauth/v0.3.0 h:jwt/v0.10.0 h:hlog/v0.9.1 h:env/v0.9.1 h:hwsauth/v0.2.0 h:hwsauth/v0.1.0 h:hws/v0.1.0 h:env/v0.9.0 h:cookies/v0.9.0 h:jwt/v0.9.2 h:jwt/v0.9.1 h:tmdb/v0.8.0 h:jwt/v0.9.0 h:hlog/v0.9.0
...
compare: h:hws/v0.4.3
Branches Tags
h:master
h:tmdb/v0.10.0 h:hwsauth/v0.7.0 h:hws/v0.6.0 h:hlog/v0.11.0 h:ezconf/v0.2.1 h:ezconf/v0.2.0 h:hwsauth/v0.6.1 h:hwsauth/v0.6.0 h:hwsauth/v0.5.5 h:hws/v0.5.0 h:hwsauth/v0.5.4 h:hws/v0.4.4 h:hwsauth/v0.5.3 h:hws/v0.4.3 h:hws/v0.4.2 h:hws/v0.4.1 h:hws/v0.4.0 h:notify/v0.1.0 h:hws/v0.3.2 h:hwsauth/v0.5.2 h:hwsauth/v0.5.1 h:hws/v0.3.1 h:hwsauth/v0.5.0 h:hwsauth/v0.4.0 h:hws/v0.3.0 h:ezconf/v0.1.1 h:hlog/v0.10.4 h:tmdb/v0.9.2 h:hwsauth/v0.3.4 h:hws/v0.2.3 h:ezconf/v0.1.0 h:tmdb/v0.9.1 h:tmdb/v0.9.0 h:hwsauth/v0.3.3 h:jwt/v0.10.1 h:hwsauth/v0.3.2 h:hws/v0.2.2 h:hlog/v0.10.3 h:hlog/v0.10.2 h:hlog/v0.10.1 h:hws/v0.2.1 h:hwsauth/v0.3.1 h:hws/v0.2.0 h:hwsauth/v0.3.0 h:jwt/v0.10.0 h:hlog/v0.9.1 h:env/v0.9.1 h:hwsauth/v0.2.0 h:hwsauth/v0.1.0 h:hws/v0.1.0 h:env/v0.9.0 h:cookies/v0.9.0 h:jwt/v0.9.2 h:jwt/v0.9.1 h:tmdb/v0.8.0 h:jwt/v0.9.0 h:hlog/v0.9.0

48 Commits
cookies/v0 ... hws/v0.4.3

Author SHA1 Message Date
Haelnorr
596a4c0529 fixed stacktrace 2026-01-26 21:48:18 +11:00
Haelnorr
ed3bc4afb0 added stacktrace to error logging 2026-01-26 21:45:53 +11:00
Haelnorr
2c9de70018 fixed bug in NewMiddleware 2026-01-26 21:38:02 +11:00
Haelnorr
965721bd89 Merge branch 'hws-notify' 2026-01-26 00:23:56 +11:00
Haelnorr
5781aa523c added a notify system 2026-01-26 00:23:46 +11:00
Haelnorr
76c8a592af Merge branch 'notify' 2026-01-24 20:35:59 +11:00
Haelnorr
65e8bd07e1 added the notify module 2026-01-24 20:35:40 +11:00
Haelnorr
0c3d4ef095 middleware can only be added once 2026-01-24 16:35:17 +11:00
Haelnorr
5a3ed49ea4 fixed panic if loadfunc returns nil with no error 2026-01-24 15:17:19 +11:00
Haelnorr
2f49063432 added multiple method support for routes 2026-01-24 14:44:38 +11:00
Haelnorr
1c49b19197 fixed issue with hwsauth where table creation didnt work so user logins was broken if table didnt already exist 2026-01-24 03:08:39 +11:00
Haelnorr
f25bc437c4 updated hwsauth: uses new hws version 2026-01-23 12:55:44 +11:00
Haelnorr
378bd8006d updated hws: expanded error page functionality 2026-01-23 12:33:13 +11:00
Haelnorr
e9b96fedb1 Merge branch 'ezconf' 2026-01-21 19:23:27 +11:00
Haelnorr
da6ad0cf2e updated ezconf 2026-01-21 19:23:12 +11:00
Haelnorr
0ceeb37058 added ezconf and updated modules with integration 2026-01-13 21:18:35 +11:00
Haelnorr
f8919e8398 updated rules 2026-01-13 19:47:39 +11:00
Haelnorr
be889568c2 fixed tmdb bug with searchmovies and added tests 2026-01-13 19:41:36 +11:00
Haelnorr
cdd6b7a57c Merge branch 'tmdbconf' 2026-01-13 19:11:52 +11:00
Haelnorr
1a099a3724 updated tmdb 2026-01-13 19:11:17 +11:00
Haelnorr
7c91cbb08a updated hwsauth to use hlog 2026-01-13 18:07:11 +11:00
h
1c66e6dd66 Merge pull request 'hlogdoc' (#3) from hlogdoc into master 
Reviewed-on: #3
 2026-01-13 13:53:12 +11:00
h
614be4ed0e Merge branch 'master' into hlogdoc 2026-01-13 13:52:54 +11:00
Haelnorr
da8e3c2d10 fixed wiki links 2026-01-13 13:49:21 +11:00
Haelnorr
51045537b2 updated version numbers 2026-01-13 13:40:25 +11:00
Haelnorr
bdae21ec0b Updated documentation for JWT, HWS, and HWSAuth packages. 
- Updated JWT README.md with proper format and version number
- Updated HWS README.md and created comprehensive doc.go
- Updated HWSAuth README.md and doc.go with proper environment variable documentation
- All documentation now follows GOLIB rules format

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-13 13:37:37 +11:00
h
ddd570230b Merge pull request 'h-patch-1' (#2) from h-patch-1 into master 
Reviewed-on: #2
 2026-01-13 13:33:39 +11:00
h
a255ee578e Update hlog/README.md 2026-01-13 13:31:47 +11:00
h
1b1fa12a45 Add hlog/LICENSE 2026-01-13 13:31:15 +11:00
h
90976ca98b Update hlog/README.md 2026-01-13 13:26:09 +11:00
h
328adaadee Merge pull request 'Updated hlog documentation to comply with GOLIB rules.' (#1) from hlogdoc into master 
Reviewed-on: #1
 2026-01-13 13:24:55 +11:00
h
5be9811afc Update hlog/README.md 2026-01-13 13:24:07 +11:00
Haelnorr
52341aba56 Updated hlog documentation to comply with GOLIB rules. 
- Added comprehensive README.md with proper format and version number
- Enhanced doc.go with complete godoc-compliant documentation
- Updated RULES.md to clarify wiki home page requirement

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-13 13:20:40 +11:00
Haelnorr
7471ae881b updated RULES.md 2026-01-13 13:02:02 +11:00
Haelnorr
2a8c39002d updated hlog 2026-01-13 12:55:30 +11:00
Haelnorr
8c2ca4d79a removed trustedhost from hws config 2026-01-13 11:32:29 +11:00
Haelnorr
3726ad738a fixed bad import 2026-01-11 23:35:05 +11:00
Haelnorr
423a9ee26d updated docs 2026-01-11 23:33:48 +11:00
Haelnorr
9f98bbce2d refactored hws to improve database operability 2026-01-11 23:11:49 +11:00
Haelnorr
4c5af63ea2 refactor to improve database operability in hwsauth 2026-01-11 23:00:50 +11:00
Haelnorr
ae4094d426 refactor to improve database operability 2026-01-11 22:21:44 +11:00
Haelnorr
1b25e2f0a5 Refactor database interface to use *sql.DB directly 
Simplified the database layer by removing custom interface wrappers
and using standard library *sql.DB and *sql.Tx types directly.

Changes:
- Removed DBConnection and DBTransaction interfaces from database.go
- Removed NewDBConnection() wrapper function
- Updated TokenGenerator to use *sql.DB instead of DBConnection
- Updated all validation and revocation methods to accept *sql.Tx
- Updated TableManager to work with *sql.DB directly
- Updated all tests to use db.Begin() instead of custom wrappers
- Fixed GeneratorConfig.DB field (was DBConn)
- Updated documentation in doc.go with correct API usage

Benefits:
- Simpler API with fewer abstractions
- Works directly with database/sql standard library
- Compatible with GORM (via gormDB.DB()) and Bun (share same *sql.DB)
- Easier to understand and maintain
- No unnecessary wrapper layers

Breaking changes:
- GeneratorConfig.DBConn renamed to GeneratorConfig.DB
- Removed NewDBConnection() function - pass *sql.DB directly
- ValidateAccess/ValidateRefresh now accept *sql.Tx instead of DBTransaction
- Token.Revoke/CheckNotRevoked now accept *sql.Tx instead of DBTransaction

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-11 17:39:30 +11:00
Haelnorr
557e9812e6 added error or invalid log level 2026-01-10 18:52:17 +11:00
Haelnorr
f3312f7aef added more int parsing and tests 2026-01-10 18:22:16 +11:00
Haelnorr
61d519399f fixed incorrect import 2026-01-04 01:11:25 +11:00
Haelnorr
b13b783d7e created hwsauth module 2026-01-04 01:01:17 +11:00
Haelnorr
14eec74683 created hws module 2026-01-04 00:59:24 +11:00
Haelnorr
ade3fa0454 imported env module 2026-01-02 19:03:07 +11:00
136 changed files with 16983 additions and 228 deletions
Expand all files Collapse all files

47
RULES.md Normal file
View File

@@ -0,0 +1,47 @@
# GOLIB Rules
1. All changes should be documented
Documentation is done in a few ways:
- docstrings
- README.md
- doc.go
- wiki
The README for each module should be laid out as follows:
- Title and description with version number
- Feature list (DO NOT USE EMOTICONS)
- Installation (go get)
- Quick Start (brief example of setting up and using)
- Documentation links to the wiki (path is `../golib/wiki/<package>.md`)
- Additional information (e.g. supported databases if package has database features)
- License
- Contributing
- Related projects (if relevant)
Docstrings and doc.go should conform to godoc standards.
Any Config structs with environment variables should have their docstrings match the format
`// ENV ENV_NAME: Description (required <optional condition>) (default: <default value>)`
where the required and default fields are only present if relevant to that variable
The wiki is located at ~/projects/golib-wiki and should be laid out as follows:
- Link to wiki page from the Home page
- Title and description with version number
- Installation
- Key Concepts and features
- Quick start
- Configuration (explicity prefer using ConfigFromEnv for packages that support it)
- Detailed sections on how to use all the features
- Integration (many of the packages in this repo are designed to work in tandem. any close integration with other packages should be mentioned here)
- Best practices
- Troubleshooting
- See also (links to other related or imported packages from this repo)
- Links (GoDoc api link, source code, issue tracker)
2. All features should have tests.
Any changes to existing features or additional features implemented should have tests created and/or updated
3. Version control
Do not make any changes to master. Checkout a branch to work on new features
Version numbers are specified using git tags.
Do not change version numbers. When updating documentation, append the branch name to the version number.
Changes made to the golib-wiki repo should be made under the same branch name as the changes made in this repo

35
env/boolean.go vendored Normal file
View File

@@ -0,0 +1,35 @@
package env
import (
"os"
"strings"
)
// Get an environment variable as a boolean, specifying a default value if its
// not set or can't be parsed properly into a bool
func Bool(key string, defaultValue bool) bool {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
truthy := map[string]bool{
"true": true, "t": true, "yes": true, "y": true, "on": true, "1": true,
"enable": true, "enabled": true, "active": true, "affirmative": true,
}
falsy := map[string]bool{
"false": false, "f": false, "no": false, "n": false, "off": false, "0": false,
"disable": false, "disabled": false, "inactive": false, "negative": false,
}
normalized := strings.TrimSpace(strings.ToLower(val))
if val, ok := truthy[normalized]; ok {
return val
}
if val, ok := falsy[normalized]; ok {
return val
}
return defaultValue
}

91
env/boolean_test.go vendored Normal file
View File

@@ -0,0 +1,91 @@
package env
import (
"os"
"testing"
)
func TestBool(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue bool
expected bool
shouldSet bool
}{
// Truthy values
{"true lowercase", "TEST_BOOL", "true", false, true, true},
{"true uppercase", "TEST_BOOL", "TRUE", false, true, true},
{"true mixed case", "TEST_BOOL", "TrUe", false, true, true},
{"t", "TEST_BOOL", "t", false, true, true},
{"T", "TEST_BOOL", "T", false, true, true},
{"yes", "TEST_BOOL", "yes", false, true, true},
{"YES", "TEST_BOOL", "YES", false, true, true},
{"y", "TEST_BOOL", "y", false, true, true},
{"Y", "TEST_BOOL", "Y", false, true, true},
{"on", "TEST_BOOL", "on", false, true, true},
{"ON", "TEST_BOOL", "ON", false, true, true},
{"1", "TEST_BOOL", "1", false, true, true},
{"enable", "TEST_BOOL", "enable", false, true, true},
{"ENABLE", "TEST_BOOL", "ENABLE", false, true, true},
{"enabled", "TEST_BOOL", "enabled", false, true, true},
{"ENABLED", "TEST_BOOL", "ENABLED", false, true, true},
{"active", "TEST_BOOL", "active", false, true, true},
{"ACTIVE", "TEST_BOOL", "ACTIVE", false, true, true},
{"affirmative", "TEST_BOOL", "affirmative", false, true, true},
{"AFFIRMATIVE", "TEST_BOOL", "AFFIRMATIVE", false, true, true},
// Falsy values
{"false lowercase", "TEST_BOOL", "false", true, false, true},
{"false uppercase", "TEST_BOOL", "FALSE", true, false, true},
{"false mixed case", "TEST_BOOL", "FaLsE", true, false, true},
{"f", "TEST_BOOL", "f", true, false, true},
{"F", "TEST_BOOL", "F", true, false, true},
{"no", "TEST_BOOL", "no", true, false, true},
{"NO", "TEST_BOOL", "NO", true, false, true},
{"n", "TEST_BOOL", "n", true, false, true},
{"N", "TEST_BOOL", "N", true, false, true},
{"off", "TEST_BOOL", "off", true, false, true},
{"OFF", "TEST_BOOL", "OFF", true, false, true},
{"0", "TEST_BOOL", "0", true, false, true},
{"disable", "TEST_BOOL", "disable", true, false, true},
{"DISABLE", "TEST_BOOL", "DISABLE", true, false, true},
{"disabled", "TEST_BOOL", "disabled", true, false, true},
{"DISABLED", "TEST_BOOL", "DISABLED", true, false, true},
{"inactive", "TEST_BOOL", "inactive", true, false, true},
{"INACTIVE", "TEST_BOOL", "INACTIVE", true, false, true},
{"negative", "TEST_BOOL", "negative", true, false, true},
{"NEGATIVE", "TEST_BOOL", "NEGATIVE", true, false, true},
// Whitespace handling
{"true with spaces", "TEST_BOOL", " true ", false, true, true},
{"false with spaces", "TEST_BOOL", " false ", true, false, true},
// Default values
{"not set default true", "TEST_BOOL_NOTSET", "", true, true, false},
{"not set default false", "TEST_BOOL_NOTSET", "", false, false, false},
// Invalid values should return default
{"invalid value default true", "TEST_BOOL", "invalid", true, true, true},
{"invalid value default false", "TEST_BOOL", "invalid", false, false, true},
{"empty string default true", "TEST_BOOL", "", true, true, true},
{"empty string default false", "TEST_BOOL", "", false, false, true},
{"random text default true", "TEST_BOOL", "maybe", true, true, true},
{"random text default false", "TEST_BOOL", "maybe", false, false, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := Bool(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("Bool() = %v, want %v", result, tt.expected)
}
})
}
}

23
env/duration.go vendored Normal file
View File

@@ -0,0 +1,23 @@
package env
import (
"os"
"strconv"
"time"
)
// Get an environment variable as a time.Duration, specifying a default value if its
// not set or can't be parsed properly
func Duration(key string, defaultValue time.Duration) time.Duration {
val, exists := os.LookupEnv(key)
if !exists {
return time.Duration(defaultValue)
}
intVal, err := strconv.Atoi(val)
if err != nil {
return time.Duration(defaultValue)
}
return time.Duration(intVal)
}

42
env/duration_test.go vendored Normal file
View File

@@ -0,0 +1,42 @@
package env
import (
"os"
"testing"
"time"
)
func TestDuration(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue time.Duration
expected time.Duration
shouldSet bool
}{
{"valid positive duration", "TEST_DURATION", "100", 0, 100 * time.Nanosecond, true},
{"valid zero", "TEST_DURATION", "0", 10 * time.Second, 0, true},
{"large value", "TEST_DURATION", "1000000000", 0, 1 * time.Second, true},
{"valid negative duration", "TEST_DURATION", "-100", 0, -100 * time.Nanosecond, true},
{"not set", "TEST_DURATION_NOTSET", "", 5 * time.Minute, 5 * time.Minute, false},
{"invalid value", "TEST_DURATION", "not_a_number", 30 * time.Second, 30 * time.Second, true},
{"empty string", "TEST_DURATION", "", 1 * time.Hour, 1 * time.Hour, true},
{"float value", "TEST_DURATION", "10.5", 2 * time.Second, 2 * time.Second, true},
{"very large value", "TEST_DURATION", "9223372036854775807", 0, 9223372036854775807 * time.Nanosecond, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := Duration(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("Duration() = %v, want %v", result, tt.expected)
}
})
}
}

3
env/go.mod vendored Normal file
View File

@@ -0,0 +1,3 @@
module git.haelnorr.com/h/golib/env
go 1.25.5

82
env/int.go vendored Normal file
View File

@@ -0,0 +1,82 @@
package env
import (
"os"
"strconv"
)
// Get an environment variable as an int, specifying a default value if its
// not set or can't be parsed properly into an int
func Int(key string, defaultValue int) int {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
intVal, err := strconv.Atoi(val)
if err != nil {
return defaultValue
}
return intVal
}
// Get an environment variable as an int8, specifying a default value if its
// not set or can't be parsed properly into an int8
func Int8(key string, defaultValue int8) int8 {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
intVal, err := strconv.ParseInt(val, 10, 8)
if err != nil {
return defaultValue
}
return int8(intVal)
}
// Get an environment variable as an int16, specifying a default value if its
// not set or can't be parsed properly into an int16
func Int16(key string, defaultValue int16) int16 {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
intVal, err := strconv.ParseInt(val, 10, 16)
if err != nil {
return defaultValue
}
return int16(intVal)
}
// Get an environment variable as an int32, specifying a default value if its
// not set or can't be parsed properly into an int32
func Int32(key string, defaultValue int32) int32 {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
intVal, err := strconv.ParseInt(val, 10, 32)
if err != nil {
return defaultValue
}
return int32(intVal)
}
// Get an environment variable as an int64, specifying a default value if its
// not set or can't be parsed properly into an int64
func Int64(key string, defaultValue int64) int64 {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
intVal, err := strconv.ParseInt(val, 10, 64)
if err != nil {
return defaultValue
}
return intVal
}

170
env/int_test.go vendored Normal file
View File

@@ -0,0 +1,170 @@
package env
import (
"os"
"testing"
)
func TestInt(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue int
expected int
shouldSet bool
}{
{"valid positive int", "TEST_INT", "42", 0, 42, true},
{"valid negative int", "TEST_INT", "-42", 0, -42, true},
{"valid zero", "TEST_INT", "0", 10, 0, true},
{"not set", "TEST_INT_NOTSET", "", 100, 100, false},
{"invalid value", "TEST_INT", "not_a_number", 50, 50, true},
{"empty string", "TEST_INT", "", 75, 75, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := Int(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("Int() = %v, want %v", result, tt.expected)
}
})
}
}
func TestInt8(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue int8
expected int8
shouldSet bool
}{
{"valid positive int8", "TEST_INT8", "42", 0, 42, true},
{"valid negative int8", "TEST_INT8", "-42", 0, -42, true},
{"max int8", "TEST_INT8", "127", 0, 127, true},
{"min int8", "TEST_INT8", "-128", 0, -128, true},
{"overflow", "TEST_INT8", "128", 10, 10, true},
{"not set", "TEST_INT8_NOTSET", "", 50, 50, false},
{"invalid value", "TEST_INT8", "not_a_number", 25, 25, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := Int8(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("Int8() = %v, want %v", result, tt.expected)
}
})
}
}
func TestInt16(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue int16
expected int16
shouldSet bool
}{
{"valid positive int16", "TEST_INT16", "1000", 0, 1000, true},
{"valid negative int16", "TEST_INT16", "-1000", 0, -1000, true},
{"max int16", "TEST_INT16", "32767", 0, 32767, true},
{"min int16", "TEST_INT16", "-32768", 0, -32768, true},
{"overflow", "TEST_INT16", "32768", 100, 100, true},
{"not set", "TEST_INT16_NOTSET", "", 500, 500, false},
{"invalid value", "TEST_INT16", "invalid", 250, 250, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := Int16(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("Int16() = %v, want %v", result, tt.expected)
}
})
}
}
func TestInt32(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue int32
expected int32
shouldSet bool
}{
{"valid positive int32", "TEST_INT32", "100000", 0, 100000, true},
{"valid negative int32", "TEST_INT32", "-100000", 0, -100000, true},
{"max int32", "TEST_INT32", "2147483647", 0, 2147483647, true},
{"min int32", "TEST_INT32", "-2147483648", 0, -2147483648, true},
{"overflow", "TEST_INT32", "2147483648", 1000, 1000, true},
{"not set", "TEST_INT32_NOTSET", "", 5000, 5000, false},
{"invalid value", "TEST_INT32", "abc123", 2500, 2500, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := Int32(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("Int32() = %v, want %v", result, tt.expected)
}
})
}
}
func TestInt64(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue int64
expected int64
shouldSet bool
}{
{"valid positive int64", "TEST_INT64", "1000000000", 0, 1000000000, true},
{"valid negative int64", "TEST_INT64", "-1000000000", 0, -1000000000, true},
{"max int64", "TEST_INT64", "9223372036854775807", 0, 9223372036854775807, true},
{"min int64", "TEST_INT64", "-9223372036854775808", 0, -9223372036854775808, true},
{"overflow", "TEST_INT64", "9223372036854775808", 10000, 10000, true},
{"not set", "TEST_INT64_NOTSET", "", 50000, 50000, false},
{"invalid value", "TEST_INT64", "not_valid", 25000, 25000, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := Int64(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("Int64() = %v, want %v", result, tt.expected)
}
})
}
}

14
env/string.go vendored Normal file
View File

@@ -0,0 +1,14 @@
package env
import (
"os"
)
// Get an environment variable, specifying a default value if its not set
func String(key string, defaultValue string) string {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
return val
}

43
env/string_test.go vendored Normal file
View File

@@ -0,0 +1,43 @@
package env
import (
"os"
"testing"
)
func TestString(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue string
expected string
shouldSet bool
}{
{"valid string", "TEST_STRING", "hello", "default", "hello", true},
{"empty string", "TEST_STRING", "", "default", "", true},
{"string with spaces", "TEST_STRING", "hello world", "default", "hello world", true},
{"string with special chars", "TEST_STRING", "test@123!$%", "default", "test@123!$%", true},
{"multiline string", "TEST_STRING", "line1\nline2\nline3", "default", "line1\nline2\nline3", true},
{"unicode string", "TEST_STRING", "Hello 世界 🌍", "default", "Hello 世界 🌍", true},
{"not set", "TEST_STRING_NOTSET", "", "default_value", "default_value", false},
{"numeric string", "TEST_STRING", "12345", "default", "12345", true},
{"boolean string", "TEST_STRING", "true", "default", "true", true},
{"path string", "TEST_STRING", "/usr/local/bin", "default", "/usr/local/bin", true},
{"url string", "TEST_STRING", "https://example.com", "default", "https://example.com", true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := String(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("String() = %v, want %v", result, tt.expected)
}
})
}
}

81
env/uint.go vendored Normal file
View File

@@ -0,0 +1,81 @@
package env
import (
"os"
"strconv"
)
// Get an environment variable as a uint, specifying a default value if its
// not set or can't be parsed properly into a uint
func UInt(key string, defaultValue uint) uint {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
intVal, err := strconv.ParseUint(val, 10, 0)
if err != nil {
return defaultValue
}
return uint(intVal)
}
// Get an environment variable as a uint8, specifying a default value if its
// not set or can't be parsed properly into a uint8
func UInt8(key string, defaultValue uint8) uint8 {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
intVal, err := strconv.ParseUint(val, 10, 8)
if err != nil {
return defaultValue
}
return uint8(intVal)
}
// Get an environment variable as a uint16, specifying a default value if its
// not set or can't be parsed properly into a uint16
func UInt16(key string, defaultValue uint16) uint16 {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
intVal, err := strconv.ParseUint(val, 10, 16)
if err != nil {
return defaultValue
}
return uint16(intVal)
}
// Get an environment variable as a uint32, specifying a default value if its
// not set or can't be parsed properly into a uint32
func UInt32(key string, defaultValue uint32) uint32 {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
intVal, err := strconv.ParseUint(val, 10, 32)
if err != nil {
return defaultValue
}
return uint32(intVal)
}
// Get an environment variable as a uint64, specifying a default value if its
// not set or can't be parsed properly into a uint64
func UInt64(key string, defaultValue uint64) uint64 {
val, exists := os.LookupEnv(key)
if !exists {
return defaultValue
}
intVal, err := strconv.ParseUint(val, 10, 64)
if err != nil {
return defaultValue
}
return intVal
}

171
env/uint_test.go vendored Normal file
View File

@@ -0,0 +1,171 @@
package env
import (
"os"
"testing"
)
func TestUInt(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue uint
expected uint
shouldSet bool
}{
{"valid uint", "TEST_UINT", "42", 0, 42, true},
{"valid zero", "TEST_UINT", "0", 10, 0, true},
{"large value", "TEST_UINT", "4294967295", 0, 4294967295, true},
{"not set", "TEST_UINT_NOTSET", "", 100, 100, false},
{"invalid value", "TEST_UINT", "not_a_number", 50, 50, true},
{"negative value", "TEST_UINT", "-42", 75, 75, true},
{"empty string", "TEST_UINT", "", 25, 25, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := UInt(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("UInt() = %v, want %v", result, tt.expected)
}
})
}
}
func TestUInt8(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue uint8
expected uint8
shouldSet bool
}{
{"valid uint8", "TEST_UINT8", "42", 0, 42, true},
{"valid zero", "TEST_UINT8", "0", 10, 0, true},
{"max uint8", "TEST_UINT8", "255", 0, 255, true},
{"overflow", "TEST_UINT8", "256", 10, 10, true},
{"not set", "TEST_UINT8_NOTSET", "", 50, 50, false},
{"invalid value", "TEST_UINT8", "abc", 25, 25, true},
{"negative value", "TEST_UINT8", "-1", 30, 30, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := UInt8(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("UInt8() = %v, want %v", result, tt.expected)
}
})
}
}
func TestUInt16(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue uint16
expected uint16
shouldSet bool
}{
{"valid uint16", "TEST_UINT16", "1000", 0, 1000, true},
{"valid zero", "TEST_UINT16", "0", 100, 0, true},
{"max uint16", "TEST_UINT16", "65535", 0, 65535, true},
{"overflow", "TEST_UINT16", "65536", 100, 100, true},
{"not set", "TEST_UINT16_NOTSET", "", 500, 500, false},
{"invalid value", "TEST_UINT16", "invalid", 250, 250, true},
{"negative value", "TEST_UINT16", "-100", 300, 300, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := UInt16(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("UInt16() = %v, want %v", result, tt.expected)
}
})
}
}
func TestUInt32(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue uint32
expected uint32
shouldSet bool
}{
{"valid uint32", "TEST_UINT32", "100000", 0, 100000, true},
{"valid zero", "TEST_UINT32", "0", 1000, 0, true},
{"max uint32", "TEST_UINT32", "4294967295", 0, 4294967295, true},
{"overflow", "TEST_UINT32", "4294967296", 1000, 1000, true},
{"not set", "TEST_UINT32_NOTSET", "", 5000, 5000, false},
{"invalid value", "TEST_UINT32", "xyz", 2500, 2500, true},
{"negative value", "TEST_UINT32", "-1000", 3000, 3000, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := UInt32(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("UInt32() = %v, want %v", result, tt.expected)
}
})
}
}
func TestUInt64(t *testing.T) {
tests := []struct {
name string
key string
value string
defaultValue uint64
expected uint64
shouldSet bool
}{
{"valid uint64", "TEST_UINT64", "1000000000", 0, 1000000000, true},
{"valid zero", "TEST_UINT64", "0", 10000, 0, true},
{"max uint64", "TEST_UINT64", "18446744073709551615", 0, 18446744073709551615, true},
{"overflow", "TEST_UINT64", "18446744073709551616", 10000, 10000, true},
{"not set", "TEST_UINT64_NOTSET", "", 50000, 50000, false},
{"invalid value", "TEST_UINT64", "not_valid", 25000, 25000, true},
{"negative value", "TEST_UINT64", "-5000", 30000, 30000, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.shouldSet {
os.Setenv(tt.key, tt.value)
defer os.Unsetenv(tt.key)
}
result := UInt64(tt.key, tt.defaultValue)
if result != tt.expected {
t.Errorf("UInt64() = %v, want %v", result, tt.expected)
}
})
}
}

21
ezconf/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2026 haelnorr
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

161
ezconf/README.md Normal file
View File

@@ -0,0 +1,161 @@
# EZConf - v0.1.0
A unified configuration management system for loading and managing environment-based configurations across multiple packages in Go.
## Features
- Load configurations from multiple packages using their ConfigFromEnv functions
- Parse package source code to extract environment variable documentation from struct comments
- Generate and update .env files with all required environment variables
- Print environment variable lists with descriptions and current values
- Track additional custom environment variables
- Support for both inline and doc comments in ENV format
- Automatic environment variable value population
- Preserve existing values when updating .env files
## Installation
```bash
go get git.haelnorr.com/h/golib/ezconf
```
## Quick Start
### Easy Integration (Recommended)
```go
package main
import (
"log"
"os"
"git.haelnorr.com/h/golib/ezconf"
"git.haelnorr.com/h/golib/hlog"
"git.haelnorr.com/h/golib/hws"
"git.haelnorr.com/h/golib/hwsauth"
)
func main() {
// Create a new configuration loader
loader := ezconf.New()
// Register packages using built-in integrations
loader.RegisterIntegrations(
hlog.NewEZConfIntegration(),
hws.NewEZConfIntegration(),
hwsauth.NewEZConfIntegration(),
)
// Load all configurations
if err := loader.Load(); err != nil {
log.Fatal(err)
}
// Get configurations
hlogCfg, _ := loader.GetConfig("hlog")
cfg := hlogCfg.(*hlog.Config)
// Use configuration
logger, _ := hlog.NewLogger(cfg, os.Stdout)
logger.Info().Msg("Application started")
}
```
### Manual Integration
```go
package main
import (
"log"
"os"
"git.haelnorr.com/h/golib/ezconf"
"git.haelnorr.com/h/golib/hlog"
"git.haelnorr.com/h/golib/hws"
)
func main() {
// Create a new configuration loader
loader := ezconf.New()
// Add package paths to parse for ENV comments
loader.AddPackagePath("vendor/git.haelnorr.com/h/golib/hlog")
loader.AddPackagePath("vendor/git.haelnorr.com/h/golib/hws")
// Add configuration loaders
loader.AddConfigFunc("hlog", func() (interface{}, error) {
return hlog.ConfigFromEnv()
})
loader.AddConfigFunc("hws", func() (interface{}, error) {
return hws.ConfigFromEnv()
})
// Load all configurations
if err := loader.Load(); err != nil {
log.Fatal(err)
}
// Get a specific configuration
hlogCfg, ok := loader.GetConfig("hlog")
if ok {
cfg := hlogCfg.(*hlog.Config)
// Use configuration...
}
// Print all environment variables
if err := loader.PrintEnvVarsStdout(false); err != nil {
log.Fatal(err)
}
// Generate a .env file
if err := loader.GenerateEnvFile(".env", false); err != nil {
log.Fatal(err)
}
}
```
## Documentation
For detailed documentation, see the [EZConf Wiki](../golib-wiki/EZConf.md).
Additional API documentation is available at [GoDoc](https://pkg.go.dev/git.haelnorr.com/h/golib/ezconf).
## ENV Comment Format
EZConf parses struct field comments in the following format:
```go
type Config struct {
// ENV LOG_LEVEL: Log level for the application (default: info)
LogLevel string
// ENV DATABASE_URL: Database connection string (required)
DatabaseURL string
// Inline comments also work
Port int // ENV PORT: Server port (default: 8080)
}
```
The format is:
- `ENV ENV_VAR_NAME: Description (optional modifiers)`
- `(required)` or `(required if condition)` - marks variable as required
- `(default: value)` - specifies default value
## License
This project is licensed under the MIT License - see the LICENSE file for details.
## Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
## Related Projects
- [hlog](https://git.haelnorr.com/h/golib/hlog) - Structured logging package with ConfigFromEnv
- [hws](https://git.haelnorr.com/h/golib/hws) - HTTP web server with ConfigFromEnv
- [hwsauth](https://git.haelnorr.com/h/golib/hwsauth) - Authentication middleware with ConfigFromEnv
- [env](https://git.haelnorr.com/h/golib/env) - Environment variable helpers

120
ezconf/doc.go Normal file
View File

@@ -0,0 +1,120 @@
// Package ezconf provides a unified configuration management system for loading
// and managing environment-based configurations across multiple packages.
//
// ezconf allows you to:
// - Load configurations from multiple packages using their ConfigFromEnv functions
// - Parse package source code to extract environment variable documentation
// - Generate and update .env files with all required environment variables
// - Print environment variable lists with descriptions and current values
// - Track additional custom environment variables
//
// # Basic Usage
//
// Create a configuration loader and register packages using built-in integrations (recommended):
//
// import (
// "git.haelnorr.com/h/golib/ezconf"
// "git.haelnorr.com/h/golib/hlog"
// "git.haelnorr.com/h/golib/hws"
// "git.haelnorr.com/h/golib/hwsauth"
// )
//
// loader := ezconf.New()
//
// // Register packages using built-in integrations
// loader.RegisterIntegrations(
// hlog.NewEZConfIntegration(),
// hws.NewEZConfIntegration(),
// hwsauth.NewEZConfIntegration(),
// )
//
// // Load all configurations
// if err := loader.Load(); err != nil {
// log.Fatal(err)
// }
//
// // Get a specific configuration
// hlogCfg, ok := loader.GetConfig("hlog")
// if ok {
// cfg := hlogCfg.(*hlog.Config)
// // Use configuration...
// }
//
// Alternatively, you can manually register packages:
//
// loader := ezconf.New()
//
// // Add package paths to parse for ENV comments
// loader.AddPackagePath("/path/to/golib/hlog")
//
// // Add configuration loaders
// loader.AddConfigFunc("hlog", func() (interface{}, error) {
// return hlog.ConfigFromEnv()
// })
//
// loader.Load()
//
// # Printing Environment Variables
//
// Print all environment variables with their descriptions:
//
// // Print without values (useful for documentation)
// if err := loader.PrintEnvVarsStdout(false); err != nil {
// log.Fatal(err)
// }
//
// // Print with current values
// if err := loader.PrintEnvVarsStdout(true); err != nil {
// log.Fatal(err)
// }
//
// # Generating .env Files
//
// Generate a new .env file with all environment variables:
//
// // Generate with default values
// err := loader.GenerateEnvFile(".env", false)
//
// // Generate with current environment values
// err := loader.GenerateEnvFile(".env", true)
//
// Update an existing .env file:
//
// // Update existing file, preserving existing values
// err := loader.UpdateEnvFile(".env", true)
//
// # Adding Custom Environment Variables
//
// You can add additional environment variables that aren't in package configs:
//
// loader.AddEnvVar(ezconf.EnvVar{
// Name: "DATABASE_URL",
// Description: "PostgreSQL connection string",
// Required: true,
// Default: "postgres://localhost/mydb",
// })
//
// # ENV Comment Format
//
// ezconf parses struct field comments in the following format:
//
// type Config struct {
// // ENV LOG_LEVEL: Log level for the application (default: info)
// LogLevel string
//
// // ENV DATABASE_URL: Database connection string (required)
// DatabaseURL string
// }
//
// The format is:
// - ENV ENV_VAR_NAME: Description (optional modifiers)
// - (required) or (required if condition) - marks variable as required
// - (default: value) - specifies default value
//
// # Integration
//
// ezconf integrates with:
// - All golib packages that follow the ConfigFromEnv pattern
// - Any custom configuration structs with ENV comments
// - Standard .env file format
package ezconf

149
ezconf/ezconf.go Normal file
View File

@@ -0,0 +1,149 @@
package ezconf
import (
"os"
"github.com/pkg/errors"
)
// EnvVar represents a single environment variable with its metadata
type EnvVar struct {
Name string // The environment variable name (e.g., "LOG_LEVEL")
Description string // Description of what this variable does
Required bool // Whether this variable is required
Default string // Default value if not set
CurrentValue string // Current value from environment (empty if not set)
Group string // Group name for organizing variables (e.g., "Database", "Logging")
}
// ConfigLoader manages configuration loading from multiple sources
type ConfigLoader struct {
configFuncs map[string]ConfigFunc // Map of config names to ConfigFromEnv functions
packagePaths []string // Paths to packages to parse for ENV comments
groupNames map[string]string // Map of package paths to group names
extraEnvVars []EnvVar // Additional environment variables to track
envVars []EnvVar // All extracted environment variables
configs map[string]any // Loaded configurations
}
// ConfigFunc is a function that loads configuration from environment variables
type ConfigFunc func() (any, error)
// New creates a new ConfigLoader
func New() *ConfigLoader {
return &ConfigLoader{
configFuncs: make(map[string]ConfigFunc),
packagePaths: make([]string, 0),
groupNames: make(map[string]string),
extraEnvVars: make([]EnvVar, 0),
envVars: make([]EnvVar, 0),
configs: make(map[string]any),
}
}
// AddConfigFunc adds a ConfigFromEnv function to be called during loading.
// The name parameter is used as a key to retrieve the loaded config later.
func (cl *ConfigLoader) AddConfigFunc(name string, fn ConfigFunc) error {
if fn == nil {
return errors.New("config function cannot be nil")
}
if name == "" {
return errors.New("config name cannot be empty")
}
cl.configFuncs[name] = fn
return nil
}
// AddPackagePath adds a package directory path to parse for ENV comments
func (cl *ConfigLoader) AddPackagePath(path string) error {
if path == "" {
return errors.New("package path cannot be empty")
}
// Check if path exists
if _, err := os.Stat(path); os.IsNotExist(err) {
return errors.Errorf("package path does not exist: %s", path)
}
cl.packagePaths = append(cl.packagePaths, path)
return nil
}
// AddEnvVar adds an additional environment variable to track
func (cl *ConfigLoader) AddEnvVar(envVar EnvVar) {
cl.extraEnvVars = append(cl.extraEnvVars, envVar)
}
// ParseEnvVars extracts environment variables from packages and extra vars
// This can be called without having actual environment variables set
func (cl *ConfigLoader) ParseEnvVars() error {
// Clear existing env vars to prevent duplicates
cl.envVars = make([]EnvVar, 0)
// Parse packages for ENV comments
for _, pkgPath := range cl.packagePaths {
envVars, err := ParseConfigPackage(pkgPath)
if err != nil {
return errors.Wrapf(err, "failed to parse package: %s", pkgPath)
}
// Set group name for these variables from stored mapping
groupName := cl.groupNames[pkgPath]
if groupName == "" {
groupName = "Other"
}
for i := range envVars {
envVars[i].Group = groupName
}
cl.envVars = append(cl.envVars, envVars...)
}
// Add extra env vars
cl.envVars = append(cl.envVars, cl.extraEnvVars...)
// Populate current values from environment
for i := range cl.envVars {
cl.envVars[i].CurrentValue = os.Getenv(cl.envVars[i].Name)
}
return nil
}
// LoadConfigs executes the config functions to load actual configurations
// This should be called after environment variables are properly set
func (cl *ConfigLoader) LoadConfigs() error {
// Load configurations
for name, fn := range cl.configFuncs {
cfg, err := fn()
if err != nil {
return errors.Wrapf(err, "failed to load config: %s", name)
}
cl.configs[name] = cfg
}
return nil
}
// Load loads all configurations and extracts environment variables
func (cl *ConfigLoader) Load() error {
if err := cl.ParseEnvVars(); err != nil {
return err
}
return cl.LoadConfigs()
}
// GetConfig returns a loaded configuration by name
func (cl *ConfigLoader) GetConfig(name string) (any, bool) {
cfg, ok := cl.configs[name]
return cfg, ok
}
// GetAllConfigs returns all loaded configurations
func (cl *ConfigLoader) GetAllConfigs() map[string]any {
return cl.configs
}
// GetEnvVars returns all extracted environment variables
func (cl *ConfigLoader) GetEnvVars() []EnvVar {
return cl.envVars
}

488
ezconf/ezconf_test.go Normal file
View File

@@ -0,0 +1,488 @@
package ezconf
import (
"os"
"path/filepath"
"strings"
"testing"
)
func TestNew(t *testing.T) {
loader := New()
if loader == nil {
t.Fatal("New() returned nil")
}
if loader.configFuncs == nil {
t.Error("configFuncs map is nil")
}
if loader.packagePaths == nil {
t.Error("packagePaths slice is nil")
}
if loader.extraEnvVars == nil {
t.Error("extraEnvVars slice is nil")
}
if loader.configs == nil {
t.Error("configs map is nil")
}
}
func TestAddConfigFunc(t *testing.T) {
loader := New()
testFunc := func() (interface{}, error) {
return "test config", nil
}
err := loader.AddConfigFunc("test", testFunc)
if err != nil {
t.Errorf("AddConfigFunc failed: %v", err)
}
if len(loader.configFuncs) != 1 {
t.Errorf("expected 1 config func, got %d", len(loader.configFuncs))
}
}
func TestAddConfigFunc_NilFunction(t *testing.T) {
loader := New()
err := loader.AddConfigFunc("test", nil)
if err == nil {
t.Error("expected error for nil function")
}
}
func TestAddConfigFunc_EmptyName(t *testing.T) {
loader := New()
testFunc := func() (interface{}, error) {
return "test config", nil
}
err := loader.AddConfigFunc("", testFunc)
if err == nil {
t.Error("expected error for empty name")
}
}
func TestAddPackagePath(t *testing.T) {
loader := New()
// Use current directory as test path
err := loader.AddPackagePath(".")
if err != nil {
t.Errorf("AddPackagePath failed: %v", err)
}
if len(loader.packagePaths) != 1 {
t.Errorf("expected 1 package path, got %d", len(loader.packagePaths))
}
}
func TestAddPackagePath_InvalidPath(t *testing.T) {
loader := New()
err := loader.AddPackagePath("/nonexistent/path")
if err == nil {
t.Error("expected error for nonexistent path")
}
}
func TestAddPackagePath_EmptyPath(t *testing.T) {
loader := New()
err := loader.AddPackagePath("")
if err == nil {
t.Error("expected error for empty path")
}
}
func TestAddEnvVar(t *testing.T) {
loader := New()
envVar := EnvVar{
Name: "TEST_VAR",
Description: "Test variable",
Required: true,
Default: "default_value",
}
loader.AddEnvVar(envVar)
if len(loader.extraEnvVars) != 1 {
t.Errorf("expected 1 extra env var, got %d", len(loader.extraEnvVars))
}
if loader.extraEnvVars[0].Name != "TEST_VAR" {
t.Errorf("expected TEST_VAR, got %s", loader.extraEnvVars[0].Name)
}
}
func TestLoad(t *testing.T) {
loader := New()
// Add a test config function
testCfg := struct {
Value string
}{Value: "test"}
loader.AddConfigFunc("test", func() (interface{}, error) {
return testCfg, nil
})
// Add current package path
loader.AddPackagePath(".")
// Add an extra env var
loader.AddEnvVar(EnvVar{
Name: "EXTRA_VAR",
Description: "Extra test variable",
Default: "extra",
})
err := loader.Load()
if err != nil {
t.Fatalf("Load failed: %v", err)
}
// Check that config was loaded
cfg, ok := loader.GetConfig("test")
if !ok {
t.Error("test config not loaded")
}
if cfg == nil {
t.Error("test config is nil")
}
// Check that env vars were extracted
envVars := loader.GetEnvVars()
if len(envVars) == 0 {
t.Error("expected at least one env var")
}
// Check for extra var
foundExtra := false
for _, ev := range envVars {
if ev.Name == "EXTRA_VAR" {
foundExtra = true
break
}
}
if !foundExtra {
t.Error("extra env var not found")
}
}
func TestLoad_ConfigFuncError(t *testing.T) {
loader := New()
loader.AddConfigFunc("error", func() (interface{}, error) {
return nil, os.ErrNotExist
})
err := loader.Load()
if err == nil {
t.Error("expected error from failing config func")
}
}
func TestGetConfig(t *testing.T) {
loader := New()
testCfg := "test config"
loader.configs["test"] = testCfg
cfg, ok := loader.GetConfig("test")
if !ok {
t.Error("expected to find test config")
}
if cfg != testCfg {
t.Error("config value mismatch")
}
// Test non-existent config
_, ok = loader.GetConfig("nonexistent")
if ok {
t.Error("expected not to find nonexistent config")
}
}
func TestGetAllConfigs(t *testing.T) {
loader := New()
loader.configs["test1"] = "config1"
loader.configs["test2"] = "config2"
allConfigs := loader.GetAllConfigs()
if len(allConfigs) != 2 {
t.Errorf("expected 2 configs, got %d", len(allConfigs))
}
if allConfigs["test1"] != "config1" {
t.Error("test1 config mismatch")
}
if allConfigs["test2"] != "config2" {
t.Error("test2 config mismatch")
}
}
func TestGetEnvVars(t *testing.T) {
loader := New()
loader.envVars = []EnvVar{
{Name: "VAR1", Description: "Variable 1"},
{Name: "VAR2", Description: "Variable 2"},
}
envVars := loader.GetEnvVars()
if len(envVars) != 2 {
t.Errorf("expected 2 env vars, got %d", len(envVars))
}
}
func TestParseEnvVars(t *testing.T) {
loader := New()
// Add a test config function
loader.AddConfigFunc("test", func() (interface{}, error) {
return "test config", nil
})
// Add current package path
loader.AddPackagePath(".")
// Add an extra env var
loader.AddEnvVar(EnvVar{
Name: "EXTRA_VAR",
Description: "Extra test variable",
Default: "extra",
})
err := loader.ParseEnvVars()
if err != nil {
t.Fatalf("ParseEnvVars failed: %v", err)
}
// Check that env vars were extracted
envVars := loader.GetEnvVars()
if len(envVars) == 0 {
t.Error("expected at least one env var")
}
// Check for extra var
foundExtra := false
for _, ev := range envVars {
if ev.Name == "EXTRA_VAR" {
foundExtra = true
break
}
}
if !foundExtra {
t.Error("extra env var not found")
}
// Check that configs are NOT loaded (should be empty)
configs := loader.GetAllConfigs()
if len(configs) != 0 {
t.Errorf("expected no configs loaded after ParseEnvVars, got %d", len(configs))
}
}
func TestLoadConfigs(t *testing.T) {
loader := New()
// Add a test config function
testCfg := struct {
Value string
}{Value: "test"}
loader.AddConfigFunc("test", func() (interface{}, error) {
return testCfg, nil
})
// Manually set some env vars (simulating ParseEnvVars already called)
loader.envVars = []EnvVar{
{Name: "TEST_VAR", Description: "Test variable"},
}
err := loader.LoadConfigs()
if err != nil {
t.Fatalf("LoadConfigs failed: %v", err)
}
// Check that config was loaded
cfg, ok := loader.GetConfig("test")
if !ok {
t.Error("test config not loaded")
}
if cfg == nil {
t.Error("test config is nil")
}
_ = cfg // Use the variable to avoid unused variable error
// Check that env vars are NOT modified (should remain as set)
envVars := loader.GetEnvVars()
if len(envVars) != 1 {
t.Errorf("expected 1 env var, got %d", len(envVars))
}
}
func TestLoadConfigs_Error(t *testing.T) {
loader := New()
loader.AddConfigFunc("error", func() (interface{}, error) {
return nil, os.ErrNotExist
})
err := loader.LoadConfigs()
if err == nil {
t.Error("expected error from failing config func")
}
}
func TestParseEnvVars_Then_LoadConfigs(t *testing.T) {
loader := New()
// Add a test config function
testCfg := struct {
Value string
}{Value: "test"}
loader.AddConfigFunc("test", func() (interface{}, error) {
return testCfg, nil
})
// Add current package path
loader.AddPackagePath(".")
// Add an extra env var
loader.AddEnvVar(EnvVar{
Name: "EXTRA_VAR",
Description: "Extra test variable",
Default: "extra",
})
// First parse env vars
err := loader.ParseEnvVars()
if err != nil {
t.Fatalf("ParseEnvVars failed: %v", err)
}
// Check env vars are extracted but configs are not loaded
envVars := loader.GetEnvVars()
if len(envVars) == 0 {
t.Error("expected env vars to be extracted")
}
configs := loader.GetAllConfigs()
if len(configs) != 0 {
t.Error("expected no configs loaded yet")
}
// Then load configs
err = loader.LoadConfigs()
if err != nil {
t.Fatalf("LoadConfigs failed: %v", err)
}
// Check both env vars and configs are loaded
_, ok := loader.GetConfig("test")
if !ok {
t.Error("test config not loaded after LoadConfigs")
}
configs = loader.GetAllConfigs()
if len(configs) != 1 {
t.Errorf("expected 1 config loaded, got %d", len(configs))
}
}
func TestLoad_Integration(t *testing.T) {
// Integration test with real hlog package
hlogPath := filepath.Join("..", "hlog")
if _, err := os.Stat(hlogPath); os.IsNotExist(err) {
t.Skip("hlog package not found, skipping integration test")
}
loader := New()
// Add hlog package
if err := loader.AddPackagePath(hlogPath); err != nil {
t.Fatalf("failed to add hlog package: %v", err)
}
// Load without config function (just parse)
if err := loader.Load(); err != nil {
t.Fatalf("Load failed: %v", err)
}
envVars := loader.GetEnvVars()
if len(envVars) == 0 {
t.Error("expected env vars from hlog package")
}
t.Logf("Found %d environment variables from hlog", len(envVars))
for _, ev := range envVars {
t.Logf(" %s: %s (default: %s, required: %t)", ev.Name, ev.Description, ev.Default, ev.Required)
}
}
func TestParseEnvVars_GenerateEnvFile_Integration(t *testing.T) {
// Test the new separated ParseEnvVars functionality
hlogPath := filepath.Join("..", "hlog")
if _, err := os.Stat(hlogPath); os.IsNotExist(err) {
t.Skip("hlog package not found, skipping integration test")
}
loader := New()
// Add hlog package
if err := loader.AddPackagePath(hlogPath); err != nil {
t.Fatalf("failed to add hlog package: %v", err)
}
// Parse env vars without loading configs (this should work even if required env vars are missing)
if err := loader.ParseEnvVars(); err != nil {
t.Fatalf("ParseEnvVars failed: %v", err)
}
envVars := loader.GetEnvVars()
if len(envVars) == 0 {
t.Error("expected env vars from hlog package")
}
// Now test that we can generate an env file without calling Load()
tempDir := t.TempDir()
envFile := filepath.Join(tempDir, "test-generated.env")
err := loader.GenerateEnvFile(envFile, false)
if err != nil {
t.Fatalf("GenerateEnvFile failed: %v", err)
}
// Verify the file was created and contains expected content
content, err := os.ReadFile(envFile)
if err != nil {
t.Fatalf("failed to read generated file: %v", err)
}
output := string(content)
if !strings.Contains(output, "# Environment Configuration") {
t.Error("expected header in generated file")
}
// Should contain environment variables from hlog
foundHlogVar := false
for _, ev := range envVars {
if strings.Contains(output, ev.Name) {
foundHlogVar = true
break
}
}
if !foundHlogVar {
t.Error("expected to find at least one hlog environment variable in generated file")
}
t.Logf("Successfully generated env file with %d variables", len(envVars))
}

5
ezconf/go.mod Normal file
View File

@@ -0,0 +1,5 @@
module git.haelnorr.com/h/golib/ezconf
go 1.23.4
require github.com/pkg/errors v0.9.1

2
ezconf/go.sum Normal file
View File

@@ -0,0 +1,2 @@
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

46
ezconf/integration.go Normal file
View File

@@ -0,0 +1,46 @@
package ezconf
// Integration is an interface that packages can implement to provide
// easy integration with ezconf
type Integration interface {
// Name returns the name to use when registering the config
Name() string
// PackagePath returns the path to the package for source parsing
PackagePath() string
// ConfigFunc returns the ConfigFromEnv function
ConfigFunc() func() (interface{}, error)
// GroupName returns the display name for grouping environment variables
GroupName() string
}
// RegisterIntegration registers a package that implements the Integration interface
func (cl *ConfigLoader) RegisterIntegration(integration Integration) error {
// Add package path
pkgPath := integration.PackagePath()
if err := cl.AddPackagePath(pkgPath); err != nil {
return err
}
// Store group name for this package
cl.groupNames[pkgPath] = integration.GroupName()
// Add config function
if err := cl.AddConfigFunc(integration.Name(), integration.ConfigFunc()); err != nil {
return err
}
return nil
}
// RegisterIntegrations registers multiple integrations at once
func (cl *ConfigLoader) RegisterIntegrations(integrations ...Integration) error {
for _, integration := range integrations {
if err := cl.RegisterIntegration(integration); err != nil {
return err
}
}
return nil
}

212
ezconf/integration_test.go Normal file
View File

@@ -0,0 +1,212 @@
package ezconf
import (
"os"
"path/filepath"
"testing"
)
// Mock integration for testing
type mockIntegration struct {
name string
packagePath string
configFunc func() (interface{}, error)
}
func (m mockIntegration) Name() string {
return m.name
}
func (m mockIntegration) PackagePath() string {
return m.packagePath
}
func (m mockIntegration) ConfigFunc() func() (interface{}, error) {
return m.configFunc
}
func (m mockIntegration) GroupName() string {
return "Test Group"
}
func TestRegisterIntegration(t *testing.T) {
loader := New()
integration := mockIntegration{
name: "test",
packagePath: ".",
configFunc: func() (interface{}, error) {
return "test config", nil
},
}
err := loader.RegisterIntegration(integration)
if err != nil {
t.Fatalf("RegisterIntegration failed: %v", err)
}
// Verify package path was added
if len(loader.packagePaths) != 1 {
t.Errorf("expected 1 package path, got %d", len(loader.packagePaths))
}
// Verify config func was added
if len(loader.configFuncs) != 1 {
t.Errorf("expected 1 config func, got %d", len(loader.configFuncs))
}
// Load and verify config
if err := loader.Load(); err != nil {
t.Fatalf("Load failed: %v", err)
}
cfg, ok := loader.GetConfig("test")
if !ok {
t.Error("test config not found")
}
if cfg != "test config" {
t.Errorf("expected 'test config', got %v", cfg)
}
}
func TestRegisterIntegration_InvalidPath(t *testing.T) {
loader := New()
integration := mockIntegration{
name: "test",
packagePath: "/nonexistent/path",
configFunc: func() (interface{}, error) {
return "test config", nil
},
}
err := loader.RegisterIntegration(integration)
if err == nil {
t.Error("expected error for invalid package path")
}
}
func TestRegisterIntegrations(t *testing.T) {
loader := New()
integration1 := mockIntegration{
name: "test1",
packagePath: ".",
configFunc: func() (interface{}, error) {
return "config1", nil
},
}
integration2 := mockIntegration{
name: "test2",
packagePath: ".",
configFunc: func() (interface{}, error) {
return "config2", nil
},
}
err := loader.RegisterIntegrations(integration1, integration2)
if err != nil {
t.Fatalf("RegisterIntegrations failed: %v", err)
}
if len(loader.configFuncs) != 2 {
t.Errorf("expected 2 config funcs, got %d", len(loader.configFuncs))
}
// Load and verify configs
if err := loader.Load(); err != nil {
t.Fatalf("Load failed: %v", err)
}
cfg1, ok1 := loader.GetConfig("test1")
cfg2, ok2 := loader.GetConfig("test2")
if !ok1 || !ok2 {
t.Error("configs not found")
}
if cfg1 != "config1" || cfg2 != "config2" {
t.Error("config values mismatch")
}
}
func TestRegisterIntegrations_PartialFailure(t *testing.T) {
loader := New()
integration1 := mockIntegration{
name: "test1",
packagePath: ".",
configFunc: func() (interface{}, error) {
return "config1", nil
},
}
integration2 := mockIntegration{
name: "test2",
packagePath: "/nonexistent",
configFunc: func() (interface{}, error) {
return "config2", nil
},
}
err := loader.RegisterIntegrations(integration1, integration2)
if err == nil {
t.Error("expected error when one integration fails")
}
}
func TestIntegration_Interface(t *testing.T) {
// Verify that mockIntegration implements Integration interface
var _ Integration = (*mockIntegration)(nil)
}
func TestRegisterIntegration_RealPackage(t *testing.T) {
// Integration test with real hlog package if available
hlogPath := filepath.Join("..", "hlog")
if _, err := os.Stat(hlogPath); os.IsNotExist(err) {
t.Skip("hlog package not found, skipping integration test")
}
loader := New()
// Create a simple integration for testing
integration := mockIntegration{
name: "hlog",
packagePath: hlogPath,
configFunc: func() (interface{}, error) {
// Return a mock config instead of calling real ConfigFromEnv
return struct{ LogLevel string }{LogLevel: "info"}, nil
},
}
err := loader.RegisterIntegration(integration)
if err != nil {
t.Fatalf("RegisterIntegration with real package failed: %v", err)
}
if err := loader.Load(); err != nil {
t.Fatalf("Load failed: %v", err)
}
// Should have parsed env vars from hlog
envVars := loader.GetEnvVars()
if len(envVars) == 0 {
t.Error("expected env vars from hlog package")
}
// Check for known hlog variables
foundLogLevel := false
for _, ev := range envVars {
if ev.Name == "LOG_LEVEL" {
foundLogLevel = true
t.Logf("Found LOG_LEVEL: %s", ev.Description)
break
}
}
if !foundLogLevel {
t.Error("expected to find LOG_LEVEL from hlog")
}
}

365
ezconf/output.go Normal file
View File

@@ -0,0 +1,365 @@
package ezconf
import (
"bufio"
"fmt"
"io"
"os"
"strings"
"github.com/pkg/errors"
)
// PrintEnvVars prints all environment variables to the provided writer
func (cl *ConfigLoader) PrintEnvVars(w io.Writer, showValues bool) error {
if len(cl.envVars) == 0 {
return errors.New("no environment variables loaded (did you call Load()?)")
}
// Group variables by their Group field
groups := make(map[string][]EnvVar)
groupOrder := make([]string, 0)
for _, envVar := range cl.envVars {
group := envVar.Group
if group == "" {
group = "Other"
}
if _, exists := groups[group]; !exists {
groupOrder = append(groupOrder, group)
}
groups[group] = append(groups[group], envVar)
}
// Print variables grouped by section
for _, group := range groupOrder {
vars := groups[group]
// Calculate max name length for alignment within this group
maxNameLen := 0
for _, envVar := range vars {
nameLen := len(envVar.Name)
if showValues {
value := envVar.CurrentValue
if value == "" && envVar.Default != "" {
value = envVar.Default
}
nameLen += len(value) + 1 // +1 for the '=' sign
}
if nameLen > maxNameLen {
maxNameLen = nameLen
}
}
// Print group header
fmt.Fprintf(w, "\n%s Configuration\n", group)
fmt.Fprintln(w, strings.Repeat("=", len(group)+14))
fmt.Fprintln(w)
for _, envVar := range vars {
// Build the variable line
var varLine string
if showValues {
value := envVar.CurrentValue
if value == "" && envVar.Default != "" {
value = envVar.Default
}
varLine = fmt.Sprintf("%s=%s", envVar.Name, value)
} else {
varLine = envVar.Name
}
// Calculate padding for alignment
padding := maxNameLen - len(varLine) + 2
// Print with indentation and alignment
fmt.Fprintf(w, " %s%s# %s", varLine, strings.Repeat(" ", padding), envVar.Description)
if envVar.Required {
fmt.Fprint(w, " (required)")
}
if envVar.Default != "" {
fmt.Fprintf(w, " (default: %s)", envVar.Default)
}
fmt.Fprintln(w)
}
}
fmt.Fprintln(w)
return nil
}
// PrintEnvVarsStdout prints all environment variables to stdout
func (cl *ConfigLoader) PrintEnvVarsStdout(showValues bool) error {
return cl.PrintEnvVars(os.Stdout, showValues)
}
// GenerateEnvFile creates a new .env file with all environment variables
// If the file already exists, it will preserve any untracked variables
func (cl *ConfigLoader) GenerateEnvFile(filename string, useCurrentValues bool) error {
// Check if file exists and parse it to preserve untracked variables
var existingUntracked []envFileLine
if _, err := os.Stat(filename); err == nil {
existingVars, err := parseEnvFile(filename)
if err == nil {
// Track which variables are managed by ezconf
managedVars := make(map[string]bool)
for _, envVar := range cl.envVars {
managedVars[envVar.Name] = true
}
// Collect untracked variables
for _, line := range existingVars {
if line.IsVar && !managedVars[line.Key] {
existingUntracked = append(existingUntracked, line)
}
}
}
}
file, err := os.Create(filename)
if err != nil {
return errors.Wrap(err, "failed to create env file")
}
defer file.Close()
writer := bufio.NewWriter(file)
defer writer.Flush()
// Write header
fmt.Fprintln(writer, "# Environment Configuration")
fmt.Fprintln(writer, "# Generated by ezconf")
fmt.Fprintln(writer, "#")
fmt.Fprintln(writer, "# Variables marked as (required) must be set")
fmt.Fprintln(writer, "# Variables with defaults can be left commented out to use the default value")
// Group variables by their Group field
groups := make(map[string][]EnvVar)
groupOrder := make([]string, 0)
for _, envVar := range cl.envVars {
group := envVar.Group
if group == "" {
group = "Other"
}
if _, exists := groups[group]; !exists {
groupOrder = append(groupOrder, group)
}
groups[group] = append(groups[group], envVar)
}
// Write variables grouped by section
for _, group := range groupOrder {
vars := groups[group]
// Print group header
fmt.Fprintln(writer)
fmt.Fprintf(writer, "# %s Configuration\n", group)
fmt.Fprintln(writer, strings.Repeat("#", len(group)+15))
for _, envVar := range vars {
// Write comment with description
fmt.Fprintf(writer, "# %s", envVar.Description)
if envVar.Required {
fmt.Fprint(writer, " (required)")
}
if envVar.Default != "" {
fmt.Fprintf(writer, " (default: %s)", envVar.Default)
}
fmt.Fprintln(writer)
// Get value to write
value := ""
if useCurrentValues && envVar.CurrentValue != "" {
value = envVar.CurrentValue
} else if envVar.Default != "" {
value = envVar.Default
}
// Comment out optional variables with defaults
if !envVar.Required && envVar.Default != "" && (!useCurrentValues || envVar.CurrentValue == "") {
fmt.Fprintf(writer, "# %s=%s\n", envVar.Name, value)
} else {
fmt.Fprintf(writer, "%s=%s\n", envVar.Name, value)
}
fmt.Fprintln(writer)
}
}
// Write untracked variables from existing file
if len(existingUntracked) > 0 {
fmt.Fprintln(writer)
fmt.Fprintln(writer, "# Untracked Variables")
fmt.Fprintln(writer, "# These variables were in the original file but are not managed by ezconf")
fmt.Fprintln(writer, strings.Repeat("#", 72))
fmt.Fprintln(writer)
for _, line := range existingUntracked {
fmt.Fprintf(writer, "%s=%s\n", line.Key, line.Value)
}
}
return nil
}
// UpdateEnvFile updates an existing .env file with new variables or updates existing ones
func (cl *ConfigLoader) UpdateEnvFile(filename string, createIfNotExist bool) error {
// Check if file exists
_, err := os.Stat(filename)
if os.IsNotExist(err) {
if createIfNotExist {
return cl.GenerateEnvFile(filename, false)
}
return errors.Errorf("env file does not exist: %s", filename)
}
// Read existing file
existingVars, err := parseEnvFile(filename)
if err != nil {
return errors.Wrap(err, "failed to parse existing env file")
}
// Create a map for quick lookup
existingMap := make(map[string]string)
for _, line := range existingVars {
if line.IsVar {
existingMap[line.Key] = line.Value
}
}
// Create new file with updates
tempFile := filename + ".tmp"
file, err := os.Create(tempFile)
if err != nil {
return errors.Wrap(err, "failed to create temp file")
}
defer file.Close()
writer := bufio.NewWriter(file)
defer writer.Flush()
// Track which variables we've written
writtenVars := make(map[string]bool)
// Copy existing file, updating values as needed
for _, line := range existingVars {
if line.IsVar {
// Check if we have this variable in our config
found := false
for _, envVar := range cl.envVars {
if envVar.Name == line.Key {
found = true
// Keep existing value if it's set
if line.Value != "" {
fmt.Fprintf(writer, "%s=%s\n", line.Key, line.Value)
} else {
// Use default if available
value := envVar.Default
fmt.Fprintf(writer, "%s=%s\n", line.Key, value)
}
writtenVars[envVar.Name] = true
break
}
}
if !found {
// Variable not in our config, keep it anyway
fmt.Fprintf(writer, "%s=%s\n", line.Key, line.Value)
}
} else {
// Comment or empty line, keep as-is
fmt.Fprintln(writer, line.Line)
}
}
// Add new variables that weren't in the file
addedNew := false
for _, envVar := range cl.envVars {
if !writtenVars[envVar.Name] {
if !addedNew {
fmt.Fprintln(writer)
fmt.Fprintln(writer, "# New variables added by ezconf")
addedNew = true
}
// Write comment with description
fmt.Fprintf(writer, "# %s", envVar.Description)
if envVar.Required {
fmt.Fprint(writer, " (required)")
}
if envVar.Default != "" {
fmt.Fprintf(writer, " (default: %s)", envVar.Default)
}
fmt.Fprintln(writer)
// Write variable with default value
value := envVar.Default
fmt.Fprintf(writer, "%s=%s\n", envVar.Name, value)
fmt.Fprintln(writer)
}
}
writer.Flush()
file.Close()
// Replace original file with updated one
if err := os.Rename(tempFile, filename); err != nil {
return errors.Wrap(err, "failed to replace env file")
}
return nil
}
// envFileLine represents a line in an .env file
type envFileLine struct {
Line string // The full line
IsVar bool // Whether this is a variable assignment
Key string // Variable name (if IsVar is true)
Value string // Variable value (if IsVar is true)
}
// parseEnvFile parses an .env file and returns all lines
func parseEnvFile(filename string) ([]envFileLine, error) {
file, err := os.Open(filename)
if err != nil {
return nil, errors.Wrap(err, "failed to open file")
}
defer file.Close()
lines := make([]envFileLine, 0)
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := scanner.Text()
trimmed := strings.TrimSpace(line)
// Check if this is a variable assignment
if trimmed != "" && !strings.HasPrefix(trimmed, "#") && strings.Contains(trimmed, "=") {
parts := strings.SplitN(trimmed, "=", 2)
if len(parts) == 2 {
lines = append(lines, envFileLine{
Line: line,
IsVar: true,
Key: strings.TrimSpace(parts[0]),
Value: strings.TrimSpace(parts[1]),
})
continue
}
}
// Comment or empty line
lines = append(lines, envFileLine{
Line: line,
IsVar: false,
})
}
if err := scanner.Err(); err != nil {
return nil, errors.Wrap(err, "failed to scan file")
}
return lines, nil
}

405
ezconf/output_test.go Normal file
View File

@@ -0,0 +1,405 @@
package ezconf
import (
"bytes"
"os"
"path/filepath"
"strings"
"testing"
)
func TestPrintEnvVars(t *testing.T) {
loader := New()
loader.envVars = []EnvVar{
{
Name: "LOG_LEVEL",
Description: "Log level",
Required: false,
Default: "info",
CurrentValue: "debug",
},
{
Name: "DATABASE_URL",
Description: "Database connection",
Required: true,
Default: "",
CurrentValue: "postgres://localhost/db",
},
}
// Test without values
t.Run("without values", func(t *testing.T) {
buf := &bytes.Buffer{}
err := loader.PrintEnvVars(buf, false)
if err != nil {
t.Fatalf("PrintEnvVars failed: %v", err)
}
output := buf.String()
if !strings.Contains(output, "LOG_LEVEL") {
t.Error("output should contain LOG_LEVEL")
}
if !strings.Contains(output, "Log level") {
t.Error("output should contain description")
}
if !strings.Contains(output, "(default: info)") {
t.Error("output should contain default value")
}
if strings.Contains(output, "debug") {
t.Error("output should not contain current value when showValues is false")
}
})
// Test with values
t.Run("with values", func(t *testing.T) {
buf := &bytes.Buffer{}
err := loader.PrintEnvVars(buf, true)
if err != nil {
t.Fatalf("PrintEnvVars failed: %v", err)
}
output := buf.String()
if !strings.Contains(output, "LOG_LEVEL=debug") {
t.Error("output should contain LOG_LEVEL=debug")
}
if !strings.Contains(output, "DATABASE_URL=postgres://localhost/db") {
t.Error("output should contain DATABASE_URL value")
}
if !strings.Contains(output, "(required)") {
t.Error("output should indicate required variables")
}
})
}
func TestGenerateEnvFile(t *testing.T) {
loader := New()
loader.envVars = []EnvVar{
{
Name: "LOG_LEVEL",
Description: "Log level",
Required: false,
Default: "info",
CurrentValue: "debug",
},
{
Name: "DATABASE_URL",
Description: "Database connection",
Required: true,
Default: "postgres://localhost/db",
CurrentValue: "",
},
}
tempDir := t.TempDir()
t.Run("generate with defaults", func(t *testing.T) {
envFile := filepath.Join(tempDir, "test1.env")
err := loader.GenerateEnvFile(envFile, false)
if err != nil {
t.Fatalf("GenerateEnvFile failed: %v", err)
}
content, err := os.ReadFile(envFile)
if err != nil {
t.Fatalf("failed to read generated file: %v", err)
}
output := string(content)
if !strings.Contains(output, "LOG_LEVEL=info") {
t.Error("expected default value for LOG_LEVEL")
}
if !strings.Contains(output, "# Log level") {
t.Error("expected description comment")
}
if !strings.Contains(output, "# Database connection") {
t.Error("expected DATABASE_URL description")
}
})
t.Run("generate with current values", func(t *testing.T) {
envFile := filepath.Join(tempDir, "test2.env")
err := loader.GenerateEnvFile(envFile, true)
if err != nil {
t.Fatalf("GenerateEnvFile failed: %v", err)
}
content, err := os.ReadFile(envFile)
if err != nil {
t.Fatalf("failed to read generated file: %v", err)
}
output := string(content)
if !strings.Contains(output, "LOG_LEVEL=debug") {
t.Error("expected current value for LOG_LEVEL")
}
// DATABASE_URL has no current value, should use default
if !strings.Contains(output, "DATABASE_URL=postgres://localhost/db") {
t.Error("expected default value for DATABASE_URL when current is empty")
}
})
t.Run("preserve untracked variables", func(t *testing.T) {
envFile := filepath.Join(tempDir, "test3.env")
// Create existing file with untracked variable
existing := `# Existing file
LOG_LEVEL=warn
CUSTOM_VAR=custom_value
ANOTHER_VAR=another_value
`
if err := os.WriteFile(envFile, []byte(existing), 0644); err != nil {
t.Fatalf("failed to create existing file: %v", err)
}
// Generate new file - should preserve untracked variables
err := loader.GenerateEnvFile(envFile, false)
if err != nil {
t.Fatalf("GenerateEnvFile failed: %v", err)
}
content, err := os.ReadFile(envFile)
if err != nil {
t.Fatalf("failed to read generated file: %v", err)
}
output := string(content)
// Should have tracked variables with new format
if !strings.Contains(output, "LOG_LEVEL") {
t.Error("expected LOG_LEVEL to be present")
}
if !strings.Contains(output, "DATABASE_URL") {
t.Error("expected DATABASE_URL to be present")
}
// Should preserve untracked variables
if !strings.Contains(output, "CUSTOM_VAR=custom_value") {
t.Error("expected to preserve CUSTOM_VAR")
}
if !strings.Contains(output, "ANOTHER_VAR=another_value") {
t.Error("expected to preserve ANOTHER_VAR")
}
// Should have untracked section header
if !strings.Contains(output, "Untracked Variables") {
t.Error("expected untracked variables section header")
}
})
}
func TestUpdateEnvFile(t *testing.T) {
loader := New()
loader.envVars = []EnvVar{
{
Name: "LOG_LEVEL",
Description: "Log level",
Default: "info",
},
{
Name: "NEW_VAR",
Description: "New variable",
Default: "new_default",
},
}
tempDir := t.TempDir()
t.Run("update existing file", func(t *testing.T) {
envFile := filepath.Join(tempDir, "existing.env")
// Create existing file
existing := `# Existing file
LOG_LEVEL=debug
OLD_VAR=old_value
`
if err := os.WriteFile(envFile, []byte(existing), 0644); err != nil {
t.Fatalf("failed to create existing file: %v", err)
}
err := loader.UpdateEnvFile(envFile, false)
if err != nil {
t.Fatalf("UpdateEnvFile failed: %v", err)
}
content, err := os.ReadFile(envFile)
if err != nil {
t.Fatalf("failed to read updated file: %v", err)
}
output := string(content)
// Should preserve existing value
if !strings.Contains(output, "LOG_LEVEL=debug") {
t.Error("expected to preserve existing LOG_LEVEL value")
}
// Should keep old variable
if !strings.Contains(output, "OLD_VAR=old_value") {
t.Error("expected to preserve OLD_VAR")
}
// Should add new variable
if !strings.Contains(output, "NEW_VAR=new_default") {
t.Error("expected to add NEW_VAR")
}
})
t.Run("create if not exist", func(t *testing.T) {
envFile := filepath.Join(tempDir, "new.env")
err := loader.UpdateEnvFile(envFile, true)
if err != nil {
t.Fatalf("UpdateEnvFile failed: %v", err)
}
if _, err := os.Stat(envFile); os.IsNotExist(err) {
t.Error("expected file to be created")
}
})
t.Run("error if not exist and no create", func(t *testing.T) {
envFile := filepath.Join(tempDir, "nonexistent.env")
err := loader.UpdateEnvFile(envFile, false)
if err == nil {
t.Error("expected error for nonexistent file")
}
})
}
func TestParseEnvFile(t *testing.T) {
tempDir := t.TempDir()
envFile := filepath.Join(tempDir, "test.env")
content := `# Comment line
VAR1=value1
VAR2=value2
# Another comment
VAR3=value3
EMPTY_VAR=
`
if err := os.WriteFile(envFile, []byte(content), 0644); err != nil {
t.Fatalf("failed to create test file: %v", err)
}
lines, err := parseEnvFile(envFile)
if err != nil {
t.Fatalf("parseEnvFile failed: %v", err)
}
varCount := 0
for _, line := range lines {
if line.IsVar {
varCount++
}
}
if varCount != 4 {
t.Errorf("expected 4 variables, got %d", varCount)
}
// Check specific variables
found := false
for _, line := range lines {
if line.IsVar && line.Key == "VAR1" && line.Value == "value1" {
found = true
break
}
}
if !found {
t.Error("expected to find VAR1=value1")
}
}
func TestParseEnvFile_InvalidFile(t *testing.T) {
_, err := parseEnvFile("/nonexistent/file.env")
if err == nil {
t.Error("expected error for nonexistent file")
}
}
func TestPrintEnvVars_NoEnvVars(t *testing.T) {
loader := New()
buf := &bytes.Buffer{}
err := loader.PrintEnvVars(buf, false)
if err == nil {
t.Error("expected error when no env vars are loaded")
}
if !strings.Contains(err.Error(), "did you call Load()") {
t.Errorf("expected helpful error message, got: %v", err)
}
}
func TestPrintEnvVarsStdout(t *testing.T) {
loader := New()
loader.envVars = []EnvVar{
{
Name: "TEST_VAR",
Description: "Test variable",
Default: "test",
},
}
// This test just ensures it doesn't panic
// We can't easily capture stdout in a unit test without redirecting it
err := loader.PrintEnvVarsStdout(false)
if err != nil {
t.Errorf("PrintEnvVarsStdout(false) failed: %v", err)
}
err = loader.PrintEnvVarsStdout(true)
if err != nil {
t.Errorf("PrintEnvVarsStdout(true) failed: %v", err)
}
}
func TestPrintEnvVarsStdout_NoEnvVars(t *testing.T) {
loader := New()
err := loader.PrintEnvVarsStdout(false)
if err == nil {
t.Error("expected error when no env vars are loaded")
}
}
func TestPrintEnvVars_AfterParseEnvVars(t *testing.T) {
loader := New()
// Add some env vars manually to simulate ParseEnvVars
loader.envVars = []EnvVar{
{
Name: "LOG_LEVEL",
Description: "Log level for the application",
Required: false,
Default: "info",
CurrentValue: "",
},
{
Name: "DATABASE_URL",
Description: "Database connection string",
Required: true,
Default: "",
CurrentValue: "",
},
}
// Test that PrintEnvVars works after ParseEnvVars (without Load)
buf := &bytes.Buffer{}
err := loader.PrintEnvVars(buf, false)
if err != nil {
t.Fatalf("PrintEnvVars failed: %v", err)
}
output := buf.String()
if !strings.Contains(output, "LOG_LEVEL") {
t.Error("output should contain LOG_LEVEL")
}
if !strings.Contains(output, "DATABASE_URL") {
t.Error("output should contain DATABASE_URL")
}
if !strings.Contains(output, "(required)") {
t.Error("output should indicate required variables")
}
if !strings.Contains(output, "(default: info)") {
t.Error("output should contain default value")
}
}

146
ezconf/parser.go Normal file
View File

@@ -0,0 +1,146 @@
package ezconf
import (
"go/ast"
"go/parser"
"go/token"
"os"
"path/filepath"
"regexp"
"strings"
"github.com/pkg/errors"
)
// ParseConfigFile parses a Go source file and extracts ENV comments from struct fields
func ParseConfigFile(filename string) ([]EnvVar, error) {
content, err := os.ReadFile(filename)
if err != nil {
return nil, errors.Wrap(err, "failed to read file")
}
fset := token.NewFileSet()
file, err := parser.ParseFile(fset, filename, content, parser.ParseComments)
if err != nil {
return nil, errors.Wrap(err, "failed to parse file")
}
envVars := make([]EnvVar, 0)
// Walk through the AST
ast.Inspect(file, func(n ast.Node) bool {
// Look for struct type declarations
typeSpec, ok := n.(*ast.TypeSpec)
if !ok {
return true
}
structType, ok := typeSpec.Type.(*ast.StructType)
if !ok {
return true
}
// Iterate through struct fields
for _, field := range structType.Fields.List {
var comment string
// Try to get from doc comment (comment before field)
if field.Doc != nil && len(field.Doc.List) > 0 {
comment = field.Doc.List[0].Text
comment = strings.TrimPrefix(comment, "//")
comment = strings.TrimSpace(comment)
}
// Try to get from inline comment (comment after field)
if comment == "" && field.Comment != nil && len(field.Comment.List) > 0 {
comment = field.Comment.List[0].Text
comment = strings.TrimPrefix(comment, "//")
comment = strings.TrimSpace(comment)
}
// Parse ENV comment
if strings.HasPrefix(comment, "ENV ") {
envVar, err := parseEnvComment(comment)
if err == nil {
envVars = append(envVars, *envVar)
}
}
}
return true
})
return envVars, nil
}
// ParseConfigPackage parses all Go files in a package directory and extracts ENV comments
func ParseConfigPackage(packagePath string) ([]EnvVar, error) {
// Find all .go files in the package
files, err := filepath.Glob(filepath.Join(packagePath, "*.go"))
if err != nil {
return nil, errors.Wrap(err, "failed to glob package files")
}
allEnvVars := make([]EnvVar, 0)
for _, file := range files {
// Skip test files
if strings.HasSuffix(file, "_test.go") {
continue
}
envVars, err := ParseConfigFile(file)
if err != nil {
// Log error but continue with other files
continue
}
allEnvVars = append(allEnvVars, envVars...)
}
return allEnvVars, nil
}
// parseEnvComment parses a field comment to extract environment variable information.
// Expected format: ENV ENV_NAME: Description (required <condition>) (default: <value>)
func parseEnvComment(comment string) (*EnvVar, error) {
// Check if comment starts with ENV
if !strings.HasPrefix(comment, "ENV ") {
return nil, errors.New("comment does not start with 'ENV '")
}
// Remove "ENV " prefix
comment = strings.TrimPrefix(comment, "ENV ")
// Extract env var name (everything before the first colon)
colonIdx := strings.Index(comment, ":")
if colonIdx == -1 {
return nil, errors.New("missing colon separator")
}
envVar := &EnvVar{
Name: strings.TrimSpace(comment[:colonIdx]),
}
// Extract description and optional parts
remainder := strings.TrimSpace(comment[colonIdx+1:])
// Check for (required ...) pattern
requiredPattern := regexp.MustCompile(`\(required[^)]*\)`)
if requiredPattern.MatchString(remainder) {
envVar.Required = true
remainder = requiredPattern.ReplaceAllString(remainder, "")
}
// Check for (default: ...) pattern
defaultPattern := regexp.MustCompile(`\(default:\s*([^)]*)\)`)
if matches := defaultPattern.FindStringSubmatch(remainder); len(matches) > 1 {
envVar.Default = strings.TrimSpace(matches[1])
remainder = defaultPattern.ReplaceAllString(remainder, "")
}
// What remains is the description
envVar.Description = strings.TrimSpace(remainder)
return envVar, nil
}

202
ezconf/parser_test.go Normal file
View File

@@ -0,0 +1,202 @@
package ezconf
import (
"os"
"path/filepath"
"testing"
)
func TestParseEnvComment(t *testing.T) {
tests := []struct {
name string
comment string
wantEnvVar *EnvVar
expectError bool
}{
{
name: "simple env variable",
comment: "ENV LOG_LEVEL: Log level for the application",
wantEnvVar: &EnvVar{
Name: "LOG_LEVEL",
Description: "Log level for the application",
Required: false,
Default: "",
},
expectError: false,
},
{
name: "env variable with default",
comment: "ENV LOG_LEVEL: Log level for the application (default: info)",
wantEnvVar: &EnvVar{
Name: "LOG_LEVEL",
Description: "Log level for the application",
Required: false,
Default: "info",
},
expectError: false,
},
{
name: "required env variable",
comment: "ENV DATABASE_URL: Database connection string (required)",
wantEnvVar: &EnvVar{
Name: "DATABASE_URL",
Description: "Database connection string",
Required: true,
Default: "",
},
expectError: false,
},
{
name: "required with condition and default",
comment: "ENV LOG_DIR: Directory for log files (required when LOG_OUTPUT is file) (default: /var/log)",
wantEnvVar: &EnvVar{
Name: "LOG_DIR",
Description: "Directory for log files",
Required: true,
Default: "/var/log",
},
expectError: false,
},
{
name: "missing colon",
comment: "ENV LOG_LEVEL Log level",
wantEnvVar: nil,
expectError: true,
},
{
name: "not an ENV comment",
comment: "This is a regular comment",
wantEnvVar: nil,
expectError: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
envVar, err := parseEnvComment(tt.comment)
if tt.expectError {
if err == nil {
t.Errorf("expected error but got none")
}
return
}
if err != nil {
t.Errorf("unexpected error: %v", err)
return
}
if envVar.Name != tt.wantEnvVar.Name {
t.Errorf("Name = %v, want %v", envVar.Name, tt.wantEnvVar.Name)
}
if envVar.Description != tt.wantEnvVar.Description {
t.Errorf("Description = %v, want %v", envVar.Description, tt.wantEnvVar.Description)
}
if envVar.Required != tt.wantEnvVar.Required {
t.Errorf("Required = %v, want %v", envVar.Required, tt.wantEnvVar.Required)
}
if envVar.Default != tt.wantEnvVar.Default {
t.Errorf("Default = %v, want %v", envVar.Default, tt.wantEnvVar.Default)
}
})
}
}
func TestParseConfigFile(t *testing.T) {
// Create a temporary test file
tempDir := t.TempDir()
testFile := filepath.Join(tempDir, "config.go")
content := `package testpkg
type Config struct {
// ENV LOG_LEVEL: Log level for the application (default: info)
LogLevel string
// ENV LOG_OUTPUT: Output destination (default: console)
LogOutput string
// ENV DATABASE_URL: Database connection string (required)
DatabaseURL string
}
`
if err := os.WriteFile(testFile, []byte(content), 0644); err != nil {
t.Fatalf("failed to create test file: %v", err)
}
envVars, err := ParseConfigFile(testFile)
if err != nil {
t.Fatalf("ParseConfigFile failed: %v", err)
}
if len(envVars) != 3 {
t.Errorf("expected 3 env vars, got %d", len(envVars))
}
// Check first variable
if envVars[0].Name != "LOG_LEVEL" {
t.Errorf("expected LOG_LEVEL, got %s", envVars[0].Name)
}
if envVars[0].Default != "info" {
t.Errorf("expected default 'info', got %s", envVars[0].Default)
}
// Check required variable
if envVars[2].Name != "DATABASE_URL" {
t.Errorf("expected DATABASE_URL, got %s", envVars[2].Name)
}
if !envVars[2].Required {
t.Error("expected DATABASE_URL to be required")
}
}
func TestParseConfigPackage(t *testing.T) {
// Test with actual hlog package
hlogPath := filepath.Join("..", "hlog")
if _, err := os.Stat(hlogPath); os.IsNotExist(err) {
t.Skip("hlog package not found, skipping integration test")
}
envVars, err := ParseConfigPackage(hlogPath)
if err != nil {
t.Fatalf("ParseConfigPackage failed: %v", err)
}
if len(envVars) == 0 {
t.Error("expected at least one env var from hlog package")
}
// Check for known hlog variables
foundLogLevel := false
for _, envVar := range envVars {
if envVar.Name == "LOG_LEVEL" {
foundLogLevel = true
t.Logf("Found LOG_LEVEL: %s", envVar.Description)
}
}
if !foundLogLevel {
t.Error("expected to find LOG_LEVEL in hlog package")
}
}
func TestParseConfigFile_InvalidFile(t *testing.T) {
_, err := ParseConfigFile("/nonexistent/file.go")
if err == nil {
t.Error("expected error for nonexistent file")
}
}
func TestParseConfigPackage_InvalidPath(t *testing.T) {
envVars, err := ParseConfigPackage("/nonexistent/package")
if err != nil {
t.Fatalf("ParseConfigPackage should not error on invalid path: %v", err)
}
// Should return empty slice for invalid path
if len(envVars) != 0 {
t.Errorf("expected 0 env vars for invalid path, got %d", len(envVars))
}
}

21
hlog/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2026 haelnorr
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

73
hlog/README.md Normal file
View File

@@ -0,0 +1,73 @@
# HLog - v0.10.4
A structured logging package for Go built on top of [zerolog](https://github.com/rs/zerolog). HLog provides simple configuration via environment variables, flexible output options, and automatic log file management.
## Features
- Multiple output modes: console, file, or both simultaneously
- Configurable log levels: trace, debug, info, warn, error, fatal, panic
- Environment variable-based configuration with ConfigFromEnv
- Automatic log file management with append or overwrite modes
- Built on zerolog for high performance and structured logging
- Error stack trace support via pkg/errors integration
- Unix timestamp format
- Console-friendly output formatting
- Multi-writer support for simultaneous console and file output
## Installation
```bash
go get git.haelnorr.com/h/golib/hlog
```
## Quick Start
```go
package main
import (
"log"
"os"
"git.haelnorr.com/h/golib/hlog"
)
func main() {
// Load configuration from environment variables
cfg, err := hlog.ConfigFromEnv()
if err != nil {
log.Fatal(err)
}
// Create a new logger
logger, err := hlog.NewLogger(cfg, os.Stdout)
if err != nil {
log.Fatal(err)
}
defer logger.CloseLogFile()
// Start logging
logger.Info().Msg("Application started")
logger.Debug().Str("user", "john").Msg("User logged in")
logger.Error().Err(err).Msg("Something went wrong")
}
```
## Documentation
For detailed documentation, see the [HLog Wiki](https://git.haelnorr.com/h/golib/wiki/HLog.md).
Additional API documentation is available at [GoDoc](https://pkg.go.dev/git.haelnorr.com/h/golib/hlog).
## License
This project is licensed under the MIT License - see the LICENSE file for details.
## Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
## Related Projects
- [env](https://git.haelnorr.com/h/golib/env) - Environment variable helper used by hlog for configuration
- [zerolog](https://github.com/rs/zerolog) - The underlying logging library

55
hlog/config.go Normal file
View File

@@ -0,0 +1,55 @@
package hlog
import (
"git.haelnorr.com/h/golib/env"
"github.com/pkg/errors"
)
// Config holds the configuration settings for the logger.
// It can be populated from environment variables using ConfigFromEnv
// or created programmatically.
type Config struct {
LogLevel Level // ENV LOG_LEVEL: Log level for the logger - trace, debug, info, warn, error, fatal, panic (default: info)
LogOutput string // ENV LOG_OUTPUT: Output destination for logs - console, file, or both (default: console)
LogDir string // ENV LOG_DIR: Directory path for log files (required when LOG_OUTPUT is "file" or "both")
LogFileName string // ENV LOG_FILE_NAME: Name of the log file (required when LOG_OUTPUT is "file" or "both")
LogAppend bool // ENV LOG_APPEND: Append to existing log file or overwrite (default: true)
}
// ConfigFromEnv loads logger configuration from environment variables.
//
// Environment variables:
// - LOG_LEVEL: Log level (trace, debug, info, warn, error, fatal, panic) - default: info
// - LOG_OUTPUT: Output destination (console, file, both) - default: console
// - LOG_DIR: Directory for log files (required when LOG_OUTPUT is "file" or "both")
//
// Returns an error if:
// - LOG_LEVEL contains an invalid value
// - LOG_OUTPUT contains an invalid value
// - LogDir or LogFileName is not set and file logging is enabled
func ConfigFromEnv() (*Config, error) {
logLevel, err := LogLevel(env.String("LOG_LEVEL", "info"))
if err != nil {
return nil, errors.Wrap(err, "LogLevel")
}
logOutput := env.String("LOG_OUTPUT", "console")
if logOutput != "both" && logOutput != "console" && logOutput != "file" {
return nil, errors.Errorf("Invalid LOG_OUTPUT: %s", logOutput)
}
cfg := &Config{
LogLevel: logLevel,
LogOutput: logOutput,
LogDir: env.String("LOG_DIR", ""),
LogFileName: env.String("LOG_FILE_NAME", ""),
LogAppend: env.Bool("LOG_APPEND", true),
}
if cfg.LogOutput != "console" {
if cfg.LogDir == "" {
return nil, errors.New("LOG_DIR not set but file logging enabled")
}
if cfg.LogFileName == "" {
return nil, errors.New("LOG_FILE_NAME not set but file logging enabled")
}
}
return cfg, nil
}

181
hlog/config_test.go Normal file
View File

@@ -0,0 +1,181 @@
package hlog
import (
"os"
"testing"
"github.com/rs/zerolog"
)
func TestConfigFromEnv(t *testing.T) {
tests := []struct {
name string
envVars map[string]string
want *Config
wantErr bool
errMsg string
}{
{
name: "default values",
envVars: map[string]string{},
want: &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "console",
LogDir: "",
LogFileName: "",
LogAppend: true,
},
wantErr: false,
},
{
name: "custom values",
envVars: map[string]string{
"LOG_LEVEL": "debug",
"LOG_OUTPUT": "both",
"LOG_DIR": "/var/log/myapp",
"LOG_FILE_NAME": "application.log",
"LOG_APPEND": "false",
},
want: &Config{
LogLevel: zerolog.DebugLevel,
LogOutput: "both",
LogDir: "/var/log/myapp",
LogFileName: "application.log",
LogAppend: false,
},
wantErr: false,
},
{
name: "file output mode",
envVars: map[string]string{
"LOG_LEVEL": "warn",
"LOG_OUTPUT": "file",
"LOG_DIR": "/tmp/logs",
"LOG_FILE_NAME": "test.log",
"LOG_APPEND": "true",
},
want: &Config{
LogLevel: zerolog.WarnLevel,
LogOutput: "file",
LogDir: "/tmp/logs",
LogFileName: "test.log",
LogAppend: true,
},
wantErr: false,
},
{
name: "invalid log level",
envVars: map[string]string{
"LOG_LEVEL": "invalid",
"LOG_OUTPUT": "console",
},
want: nil,
wantErr: true,
errMsg: "LogLevel",
},
{
name: "invalid log output",
envVars: map[string]string{
"LOG_LEVEL": "info",
"LOG_OUTPUT": "invalid",
},
want: nil,
wantErr: true,
errMsg: "Invalid LOG_OUTPUT",
},
{
name: "trace log level with defaults",
envVars: map[string]string{
"LOG_LEVEL": "trace",
"LOG_OUTPUT": "console",
},
want: &Config{
LogLevel: zerolog.TraceLevel,
LogOutput: "console",
LogDir: "",
LogFileName: "",
LogAppend: true,
},
wantErr: false,
},
{
name: "file output without LOG_DIR",
envVars: map[string]string{
"LOG_OUTPUT": "file",
"LOG_FILE_NAME": "test.log",
},
want: nil,
wantErr: true,
errMsg: "LOG_DIR not set",
},
{
name: "file output without LOG_FILE_NAME",
envVars: map[string]string{
"LOG_OUTPUT": "file",
"LOG_DIR": "/tmp",
},
want: nil,
wantErr: true,
errMsg: "LOG_FILE_NAME not set",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// Clear all environment variables first
os.Unsetenv("LOG_LEVEL")
os.Unsetenv("LOG_OUTPUT")
os.Unsetenv("LOG_DIR")
os.Unsetenv("LOG_FILE_NAME")
os.Unsetenv("LOG_APPEND")
// Set test environment variables (only set if value provided)
for k, v := range tt.envVars {
os.Setenv(k, v)
}
// Cleanup after test
defer func() {
os.Unsetenv("LOG_LEVEL")
os.Unsetenv("LOG_OUTPUT")
os.Unsetenv("LOG_DIR")
os.Unsetenv("LOG_FILE_NAME")
os.Unsetenv("LOG_APPEND")
}()
got, err := ConfigFromEnv()
if tt.wantErr {
if err == nil {
t.Errorf("ConfigFromEnv() expected error but got nil")
return
}
if tt.errMsg != "" && err.Error() == "" {
t.Errorf("ConfigFromEnv() error = %v, should contain %v", err, tt.errMsg)
}
return
}
if err != nil {
t.Errorf("ConfigFromEnv() unexpected error = %v", err)
return
}
if got.LogLevel != tt.want.LogLevel {
t.Errorf("ConfigFromEnv() LogLevel = %v, want %v", got.LogLevel, tt.want.LogLevel)
}
if got.LogOutput != tt.want.LogOutput {
t.Errorf("ConfigFromEnv() LogOutput = %v, want %v", got.LogOutput, tt.want.LogOutput)
}
if got.LogDir != tt.want.LogDir {
t.Errorf("ConfigFromEnv() LogDir = %v, want %v", got.LogDir, tt.want.LogDir)
}
if got.LogFileName != tt.want.LogFileName {
t.Errorf("ConfigFromEnv() LogFileName = %v, want %v", got.LogFileName, tt.want.LogFileName)
}
if got.LogAppend != tt.want.LogAppend {
t.Errorf("ConfigFromEnv() LogAppend = %v, want %v", got.LogAppend, tt.want.LogAppend)
}
})
}
}

82
hlog/doc.go Normal file
View File

@@ -0,0 +1,82 @@
// Package hlog provides a structured logging solution built on top of zerolog.
//
// hlog supports multiple output modes (console, file, or both), configurable
// log levels, and automatic log file management. It is designed to be simple
// to configure via environment variables while remaining flexible for
// programmatic configuration.
//
// # Basic Usage
//
// Create a logger with environment-based configuration:
//
// cfg, err := hlog.ConfigFromEnv()
// if err != nil {
// log.Fatal(err)
// }
//
// logger, err := hlog.NewLogger(cfg, os.Stdout)
// if err != nil {
// log.Fatal(err)
// }
// defer logger.CloseLogFile()
//
// logger.Info().Msg("Application started")
//
// # Configuration
//
// hlog can be configured via environment variables using ConfigFromEnv:
//
// LOG_LEVEL=info # trace, debug, info, warn, error, fatal, panic (default: info)
// LOG_OUTPUT=console # console, file, or both (default: console)
// LOG_DIR=/var/log/app # Required when LOG_OUTPUT is "file" or "both"
// LOG_FILE_NAME=server.log # Required when LOG_OUTPUT is "file" or "both"
// LOG_APPEND=true # Append to existing file or overwrite (default: true)
//
// Or programmatically:
//
// cfg := &hlog.Config{
// LogLevel: hlog.InfoLevel,
// LogOutput: "both",
// LogDir: "/var/log/myapp",
// LogFileName: "server.log",
// LogAppend: true,
// }
//
// # Log Levels
//
// hlog supports the following log levels (from most to least verbose):
// - trace: Very detailed debugging information
// - debug: Detailed debugging information
// - info: General informational messages
// - warn: Warning messages for potentially harmful situations
// - error: Error messages for error events
// - fatal: Fatal messages that will exit the application
// - panic: Panic messages that will panic the application
//
// # Output Modes
//
// - console: Logs to the provided io.Writer (typically os.Stdout or os.Stderr)
// - file: Logs to a file in the configured directory
// - both: Logs to both console and file simultaneously using zerolog.MultiLevelWriter
//
// # File Management
//
// When using file output, hlog creates a file with the specified name in the
// configured directory. The file can be opened in append mode (default) to
// preserve logs across application restarts, or in overwrite mode to start
// fresh each time. Remember to call CloseLogFile() when shutting down your
// application to ensure all logs are flushed to disk.
//
// # Error Stack Traces
//
// hlog automatically configures zerolog to include stack traces for errors
// wrapped with github.com/pkg/errors. This provides detailed error context
// when using errors.Wrap or errors.WithStack.
//
// # Integration
//
// hlog integrates with:
// - git.haelnorr.com/h/golib/env: For environment variable configuration
// - github.com/rs/zerolog: The underlying logging implementation
// - github.com/pkg/errors: For error stack trace support
package hlog

35
hlog/ezconf.go Normal file
View File

@@ -0,0 +1,35 @@
package hlog
import "runtime"
// EZConfIntegration provides integration with ezconf for automatic configuration
type EZConfIntegration struct{}
// PackagePath returns the path to the hlog package for source parsing
func (e EZConfIntegration) PackagePath() string {
_, filename, _, _ := runtime.Caller(0)
// Return directory of this file
return filename[:len(filename)-len("/ezconf.go")]
}
// ConfigFunc returns the ConfigFromEnv function for ezconf
func (e EZConfIntegration) ConfigFunc() func() (interface{}, error) {
return func() (interface{}, error) {
return ConfigFromEnv()
}
}
// Name returns the name to use when registering with ezconf
func (e EZConfIntegration) Name() string {
return "hlog"
}
// GroupName returns the display name for grouping environment variables
func (e EZConfIntegration) GroupName() string {
return "HLog"
}
// NewEZConfIntegration creates a new EZConf integration helper
func NewEZConfIntegration() EZConfIntegration {
return EZConfIntegration{}
}

1
hlog/go.mod
View File

@@ -8,6 +8,7 @@ require (
) )
require ( require (
git.haelnorr.com/h/golib/env v0.9.1
github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect github.com/mattn/go-isatty v0.0.19 // indirect
golang.org/x/sys v0.12.0 // indirect golang.org/x/sys v0.12.0 // indirect

2
hlog/go.sum
View File

@@ -1,3 +1,5 @@
git.haelnorr.com/h/golib/env v0.9.1 h1:2Vsj+mJKnO5f1Md1GO5v9ggLN5zWa0baCewcSHTjoNY=
git.haelnorr.com/h/golib/env v0.9.1/go.mod h1:glUQVdA1HMKX1avTDyTyuhcr36SSxZtlJxKDT5KTztg=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=

26
hlog/levels.go
View File

@@ -1,12 +1,26 @@
package hlog package hlog
import "github.com/rs/zerolog" import (
"github.com/pkg/errors"
"github.com/rs/zerolog"
)
// Level is an alias for zerolog.Level, representing the severity of a log message.
type Level = zerolog.Level type Level = zerolog.Level
// Takes a log level as string and converts it to a Level interface. // LogLevel converts a string to a Level value.
// If the string is not a valid input it will return InfoLevel //
func LogLevel(level string) Level { // Valid level strings (case-sensitive):
// - "trace": Most verbose, for very detailed debugging
// - "debug": Detailed debugging information
// - "info": General informational messages
// - "warn": Warning messages for potentially harmful situations
// - "error": Error messages for error events
// - "fatal": Fatal messages that will exit the application
// - "panic": Panic messages that will panic the application
//
// Returns an error if the provided string is not a valid log level.
func LogLevel(level string) (Level, error) {
levels := map[string]zerolog.Level{ levels := map[string]zerolog.Level{
"trace": zerolog.TraceLevel, "trace": zerolog.TraceLevel,
"debug": zerolog.DebugLevel, "debug": zerolog.DebugLevel,
@@ -18,7 +32,7 @@ func LogLevel(level string) Level {
} }
logLevel, valid := levels[level] logLevel, valid := levels[level]
if !valid { if !valid {
return zerolog.InfoLevel return 0, errors.New("Invalid log level specified.")
} }
return logLevel return logLevel, nil
} }

155
hlog/levels_test.go Normal file
View File

@@ -0,0 +1,155 @@
package hlog
import (
"testing"
"github.com/rs/zerolog"
)
func TestLogLevel(t *testing.T) {
tests := []struct {
name string
level string
want Level
wantErr bool
}{
{
name: "trace level",
level: "trace",
want: zerolog.TraceLevel,
wantErr: false,
},
{
name: "debug level",
level: "debug",
want: zerolog.DebugLevel,
wantErr: false,
},
{
name: "info level",
level: "info",
want: zerolog.InfoLevel,
wantErr: false,
},
{
name: "warn level",
level: "warn",
want: zerolog.WarnLevel,
wantErr: false,
},
{
name: "error level",
level: "error",
want: zerolog.ErrorLevel,
wantErr: false,
},
{
name: "fatal level",
level: "fatal",
want: zerolog.FatalLevel,
wantErr: false,
},
{
name: "panic level",
level: "panic",
want: zerolog.PanicLevel,
wantErr: false,
},
{
name: "invalid level",
level: "invalid",
want: 0,
wantErr: true,
},
{
name: "empty string",
level: "",
want: 0,
wantErr: true,
},
{
name: "uppercase level (should fail - case sensitive)",
level: "INFO",
want: 0,
wantErr: true,
},
{
name: "mixed case level (should fail - case sensitive)",
level: "Info",
want: 0,
wantErr: true,
},
{
name: "numeric string",
level: "123",
want: 0,
wantErr: true,
},
{
name: "whitespace",
level: " ",
want: 0,
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := LogLevel(tt.level)
if tt.wantErr {
if err == nil {
t.Errorf("LogLevel() expected error but got nil")
}
return
}
if err != nil {
t.Errorf("LogLevel() unexpected error = %v", err)
return
}
if got != tt.want {
t.Errorf("LogLevel() = %v, want %v", got, tt.want)
}
})
}
}
func TestLogLevel_AllValidLevels(t *testing.T) {
// Ensure all valid levels are tested
validLevels := map[string]Level{
"trace": zerolog.TraceLevel,
"debug": zerolog.DebugLevel,
"info": zerolog.InfoLevel,
"warn": zerolog.WarnLevel,
"error": zerolog.ErrorLevel,
"fatal": zerolog.FatalLevel,
"panic": zerolog.PanicLevel,
}
for levelStr, expectedLevel := range validLevels {
t.Run("valid_"+levelStr, func(t *testing.T) {
got, err := LogLevel(levelStr)
if err != nil {
t.Errorf("LogLevel(%s) unexpected error = %v", levelStr, err)
return
}
if got != expectedLevel {
t.Errorf("LogLevel(%s) = %v, want %v", levelStr, got, expectedLevel)
}
})
}
}
func TestLogLevel_ErrorMessage(t *testing.T) {
_, err := LogLevel("invalid")
if err == nil {
t.Fatal("LogLevel() expected error but got nil")
}
expectedMsg := "Invalid log level specified."
if err.Error() != expectedMsg {
t.Errorf("LogLevel() error message = %v, want %v", err.Error(), expectedMsg)
}
}

46
hlog/logfile.go
View File

@@ -7,17 +7,45 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
) )
// Returns a pointer to a new log file with the specified path. // newLogFile creates or opens the log file based on the configuration.
// Remember to call file.Close() when finished writing to the log file // The file is created in the specified directory with the configured filename.
func NewLogFile(path string) (*os.File, error) { // File permissions are set to 0663 (rw-rw--w-).
logPath := filepath.Join(path, "server.log") //
file, err := os.OpenFile( // If append is true, the file is opened in append mode and new logs are added
logPath, // to the end. If append is false, the file is truncated on open, overwriting
os.O_APPEND|os.O_CREATE|os.O_WRONLY, // any existing content.
0663, //
) // Returns an error if the file cannot be opened or created.
func newLogFile(dir, filename string, append bool) (*os.File, error) {
logPath := filepath.Join(dir, filename)
flags := os.O_CREATE | os.O_WRONLY
if append {
flags |= os.O_APPEND
} else {
flags |= os.O_TRUNC
}
file, err := os.OpenFile(logPath, flags, 0663)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "os.OpenFile") return nil, errors.Wrap(err, "os.OpenFile")
} }
return file, nil return file, nil
} }
// CloseLogFile closes the underlying log file if one is open.
// This should be called when shutting down the application to ensure
// all buffered logs are flushed to disk.
//
// If no log file is open, this is a no-op and returns nil.
// Returns an error if the file cannot be closed.
func (l *Logger) CloseLogFile() error {
if l.logFile == nil {
return nil
}
err := l.logFile.Close()
if err != nil {
return err
}
return nil
}

242
hlog/logfile_test.go Normal file
View File

@@ -0,0 +1,242 @@
package hlog
import (
"os"
"path/filepath"
"strings"
"testing"
)
func TestNewLogFile(t *testing.T) {
tests := []struct {
name string
dir string
filename string
append bool
preCreate string // content to pre-create in file
write string // content to write during test
wantErr bool
}{
{
name: "create new file in append mode",
dir: t.TempDir(),
filename: "test.log",
append: true,
write: "test content",
wantErr: false,
},
{
name: "create new file in overwrite mode",
dir: t.TempDir(),
filename: "test.log",
append: false,
write: "test content",
wantErr: false,
},
{
name: "append to existing file",
dir: t.TempDir(),
filename: "existing.log",
append: true,
preCreate: "existing content\n",
write: "new content\n",
wantErr: false,
},
{
name: "overwrite existing file",
dir: t.TempDir(),
filename: "existing.log",
append: false,
preCreate: "old content\n",
write: "new content\n",
wantErr: false,
},
{
name: "invalid directory",
dir: "/nonexistent/invalid/path",
filename: "test.log",
append: true,
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
logPath := filepath.Join(tt.dir, tt.filename)
// Pre-create file if needed
if tt.preCreate != "" {
err := os.WriteFile(logPath, []byte(tt.preCreate), 0663)
if err != nil {
t.Fatalf("Failed to create pre-existing file: %v", err)
}
}
// Create log file
file, err := newLogFile(tt.dir, tt.filename, tt.append)
if tt.wantErr {
if err == nil {
t.Errorf("newLogFile() expected error but got nil")
if file != nil {
file.Close()
}
}
return
}
if err != nil {
t.Errorf("newLogFile() unexpected error = %v", err)
return
}
if file == nil {
t.Errorf("newLogFile() returned nil file")
return
}
defer file.Close()
// Write test content
if tt.write != "" {
_, err = file.WriteString(tt.write)
if err != nil {
t.Errorf("Failed to write to file: %v", err)
return
}
file.Sync()
}
// Verify file contents
file.Close()
content, err := os.ReadFile(logPath)
if err != nil {
t.Errorf("Failed to read file: %v", err)
return
}
contentStr := string(content)
if tt.append && tt.preCreate != "" {
// In append mode, both old and new content should exist
if !strings.Contains(contentStr, tt.preCreate) {
t.Errorf("Append mode: file missing pre-existing content. Got: %s", contentStr)
}
if !strings.Contains(contentStr, tt.write) {
t.Errorf("Append mode: file missing new content. Got: %s", contentStr)
}
} else if !tt.append && tt.preCreate != "" {
// In overwrite mode, only new content should exist
if strings.Contains(contentStr, tt.preCreate) {
t.Errorf("Overwrite mode: file still contains old content. Got: %s", contentStr)
}
if !strings.Contains(contentStr, tt.write) {
t.Errorf("Overwrite mode: file missing new content. Got: %s", contentStr)
}
} else {
// New file, should only have new content
if !strings.Contains(contentStr, tt.write) {
t.Errorf("New file: missing expected content. Got: %s", contentStr)
}
}
})
}
}
func TestNewLogFile_Permissions(t *testing.T) {
tempDir := t.TempDir()
filename := "permissions_test.log"
file, err := newLogFile(tempDir, filename, true)
if err != nil {
t.Fatalf("newLogFile() error = %v", err)
}
file.Close()
logPath := filepath.Join(tempDir, filename)
_, err = os.Stat(logPath)
if err != nil {
t.Fatalf("Failed to stat file: %v", err)
}
// Note: Actual file permissions may differ from requested permissions
// due to umask settings, so we just verify the file was created
// The OS will apply umask to the requested 0663 permissions
}
func TestNewLogFile_MultipleAppends(t *testing.T) {
tempDir := t.TempDir()
filename := "multiple_appends.log"
messages := []string{
"first message\n",
"second message\n",
"third message\n",
}
// Write messages sequentially
for _, msg := range messages {
file, err := newLogFile(tempDir, filename, true)
if err != nil {
t.Fatalf("newLogFile() error = %v", err)
}
_, err = file.WriteString(msg)
if err != nil {
t.Fatalf("WriteString() error = %v", err)
}
file.Close()
}
// Verify all messages are present
logPath := filepath.Join(tempDir, filename)
content, err := os.ReadFile(logPath)
if err != nil {
t.Fatalf("Failed to read file: %v", err)
}
contentStr := string(content)
for _, msg := range messages {
if !strings.Contains(contentStr, msg) {
t.Errorf("File missing message: %s. Got: %s", msg, contentStr)
}
}
}
func TestNewLogFile_OverwriteClears(t *testing.T) {
tempDir := t.TempDir()
filename := "overwrite_clear.log"
// Create file with initial content
initialContent := "this should be removed\n"
file1, err := newLogFile(tempDir, filename, true)
if err != nil {
t.Fatalf("newLogFile() error = %v", err)
}
file1.WriteString(initialContent)
file1.Close()
// Open in overwrite mode
newContent := "new content only\n"
file2, err := newLogFile(tempDir, filename, false)
if err != nil {
t.Fatalf("newLogFile() error = %v", err)
}
file2.WriteString(newContent)
file2.Close()
// Verify only new content exists
logPath := filepath.Join(tempDir, filename)
content, err := os.ReadFile(logPath)
if err != nil {
t.Fatalf("Failed to read file: %v", err)
}
contentStr := string(content)
if strings.Contains(contentStr, initialContent) {
t.Errorf("File still contains initial content after overwrite. Got: %s", contentStr)
}
if !strings.Contains(contentStr, newContent) {
t.Errorf("File missing new content. Got: %s", contentStr)
}
}

64
hlog/logger.go
View File

@@ -9,17 +9,42 @@ import (
"github.com/rs/zerolog/pkgerrors" "github.com/rs/zerolog/pkgerrors"
) )
type Logger = zerolog.Logger // Logger wraps a zerolog.Logger and manages an optional log file.
// It embeds *zerolog.Logger, so all zerolog methods are available directly.
type Logger struct {
*zerolog.Logger
logFile *os.File
}
// Get a pointer to a new zerolog.Logger with the specified level and output // NewLogger creates a new Logger instance based on the provided configuration.
// Can provide a file, writer or both. Must provide at least one of the two //
// The logger output depends on cfg.LogOutput:
// - "console": Logs to the provided io.Writer w
// - "file": Logs to a file in cfg.LogDir (w can be nil)
// - "both": Logs to both the io.Writer and a file
//
// When file logging is enabled, cfg.LogDir must be set to a valid directory path.
// The log file will be named "server.log" and placed in that directory.
//
// The logger is configured with:
// - Unix timestamp format
// - Error stack trace marshaling
// - Log level from cfg.LogLevel
//
// Returns an error if:
// - cfg is nil
// - w is nil when cfg.LogOutput is not "file"
// - cfg.LogDir is empty when file logging is enabled
// - cfg.LogFileName is empty when file logging is enabled
// - The log file cannot be created
func NewLogger( func NewLogger(
logLevel zerolog.Level, cfg *Config,
w io.Writer, w io.Writer,
logFile *os.File,
logDir string,
) (*Logger, error) { ) (*Logger, error) {
if w == nil && logFile == nil { if cfg == nil {
return nil, errors.New("No config provided")
}
if w == nil && cfg.LogOutput != "file" {
return nil, errors.New("No Writer provided for log output.") return nil, errors.New("No Writer provided for log output.")
} }
@@ -31,6 +56,21 @@ func NewLogger(
consoleWriter = zerolog.ConsoleWriter{Out: w} consoleWriter = zerolog.ConsoleWriter{Out: w}
} }
var logFile *os.File
var err error
if cfg.LogOutput == "file" || cfg.LogOutput == "both" {
if cfg.LogDir == "" {
return nil, errors.New("LOG_DIR must be set when LOG_OUTPUT is 'file' or 'both'")
}
if cfg.LogFileName == "" {
return nil, errors.New("LOG_FILE_NAME must be set when LOG_OUTPUT is 'file' or 'both'")
}
logFile, err = newLogFile(cfg.LogDir, cfg.LogFileName, cfg.LogAppend)
if err != nil {
return nil, errors.Wrap(err, "newLogFile")
}
}
var output io.Writer var output io.Writer
if logFile != nil { if logFile != nil {
if w != nil { if w != nil {
@@ -41,11 +81,17 @@ func NewLogger(
} else { } else {
output = consoleWriter output = consoleWriter
} }
logger := zerolog.New(output). logger := zerolog.New(output).
With(). With().
Timestamp(). Timestamp().
Logger(). Logger().
Level(logLevel) Level(cfg.LogLevel)
return &logger, nil hlog := &Logger{
Logger: &logger,
logFile: logFile,
}
return hlog, nil
} }

376
hlog/logger_test.go Normal file
View File

@@ -0,0 +1,376 @@
package hlog
import (
"bytes"
"io"
"os"
"path/filepath"
"strings"
"testing"
"github.com/rs/zerolog"
)
func TestNewLogger(t *testing.T) {
tests := []struct {
name string
cfg *Config
writer io.Writer
wantErr bool
errMsg string
}{
{
name: "console output only",
cfg: &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "console",
LogDir: "",
LogFileName: "",
LogAppend: true,
},
writer: bytes.NewBuffer(nil),
wantErr: false,
},
{
name: "nil config",
cfg: nil,
writer: bytes.NewBuffer(nil),
wantErr: true,
errMsg: "No config provided",
},
{
name: "nil writer for both output",
cfg: &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "both",
},
writer: nil,
wantErr: true,
errMsg: "No Writer provided",
},
{
name: "file output without LogDir",
cfg: &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "file",
LogDir: "",
LogFileName: "test.log",
LogAppend: true,
},
writer: nil,
wantErr: true,
errMsg: "LOG_DIR must be set",
},
{
name: "file output without LogFileName",
cfg: &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "file",
LogDir: "/tmp",
LogFileName: "",
LogAppend: true,
},
writer: nil,
wantErr: true,
errMsg: "LOG_FILE_NAME must be set",
},
{
name: "both output without LogDir",
cfg: &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "both",
LogDir: "",
LogFileName: "test.log",
LogAppend: true,
},
writer: bytes.NewBuffer(nil),
wantErr: true,
errMsg: "LOG_DIR must be set",
},
{
name: "both output without LogFileName",
cfg: &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "both",
LogDir: "/tmp",
LogFileName: "",
LogAppend: true,
},
writer: bytes.NewBuffer(nil),
wantErr: true,
errMsg: "LOG_FILE_NAME must be set",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
logger, err := NewLogger(tt.cfg, tt.writer)
if tt.wantErr {
if err == nil {
t.Errorf("NewLogger() expected error but got nil")
return
}
if tt.errMsg != "" && !strings.Contains(err.Error(), tt.errMsg) {
t.Errorf("NewLogger() error = %v, should contain %v", err, tt.errMsg)
}
return
}
if err != nil {
t.Errorf("NewLogger() unexpected error = %v", err)
return
}
if logger == nil {
t.Errorf("NewLogger() returned nil logger")
return
}
if logger.Logger == nil {
t.Errorf("NewLogger() returned logger with nil zerolog.Logger")
}
})
}
}
func TestNewLogger_FileOutput(t *testing.T) {
// Create temporary directory for test logs
tempDir := t.TempDir()
tests := []struct {
name string
cfg *Config
writer io.Writer
wantErr bool
checkFile bool
logMessage string
}{
{
name: "file output with append",
cfg: &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "file",
LogDir: tempDir,
LogFileName: "append_test.log",
LogAppend: true,
},
writer: nil,
wantErr: false,
checkFile: true,
logMessage: "test append message",
},
{
name: "file output with overwrite",
cfg: &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "file",
LogDir: tempDir,
LogFileName: "overwrite_test.log",
LogAppend: false,
},
writer: nil,
wantErr: false,
checkFile: true,
logMessage: "test overwrite message",
},
{
name: "both output modes",
cfg: &Config{
LogLevel: zerolog.DebugLevel,
LogOutput: "both",
LogDir: tempDir,
LogFileName: "both_test.log",
LogAppend: true,
},
writer: bytes.NewBuffer(nil),
wantErr: false,
checkFile: true,
logMessage: "test both message",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
logger, err := NewLogger(tt.cfg, tt.writer)
if tt.wantErr {
if err == nil {
t.Errorf("NewLogger() expected error but got nil")
}
return
}
if err != nil {
t.Errorf("NewLogger() unexpected error = %v", err)
return
}
if logger == nil {
t.Errorf("NewLogger() returned nil logger")
return
}
// Log a test message
logger.Info().Msg(tt.logMessage)
// Close the log file to flush
err = logger.CloseLogFile()
if err != nil {
t.Errorf("CloseLogFile() error = %v", err)
}
// Check if file exists and contains message
if tt.checkFile {
logPath := filepath.Join(tt.cfg.LogDir, tt.cfg.LogFileName)
content, err := os.ReadFile(logPath)
if err != nil {
t.Errorf("Failed to read log file: %v", err)
return
}
if !strings.Contains(string(content), tt.logMessage) {
t.Errorf("Log file doesn't contain expected message. Got: %s", string(content))
}
}
// Check console output for "both" mode
if tt.cfg.LogOutput == "both" && tt.writer != nil {
if buf, ok := tt.writer.(*bytes.Buffer); ok {
consoleOutput := buf.String()
if !strings.Contains(consoleOutput, tt.logMessage) {
t.Errorf("Console output doesn't contain expected message. Got: %s", consoleOutput)
}
}
}
})
}
}
func TestNewLogger_AppendVsOverwrite(t *testing.T) {
tempDir := t.TempDir()
logFileName := "append_vs_overwrite.log"
// First logger - write initial content
cfg1 := &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "file",
LogDir: tempDir,
LogFileName: logFileName,
LogAppend: true,
}
logger1, err := NewLogger(cfg1, nil)
if err != nil {
t.Fatalf("NewLogger() error = %v", err)
}
logger1.Info().Msg("first message")
logger1.CloseLogFile()
// Second logger - append mode
cfg2 := &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "file",
LogDir: tempDir,
LogFileName: logFileName,
LogAppend: true,
}
logger2, err := NewLogger(cfg2, nil)
if err != nil {
t.Fatalf("NewLogger() error = %v", err)
}
logger2.Info().Msg("second message")
logger2.CloseLogFile()
// Check both messages exist
logPath := filepath.Join(tempDir, logFileName)
content, err := os.ReadFile(logPath)
if err != nil {
t.Fatalf("Failed to read log file: %v", err)
}
contentStr := string(content)
if !strings.Contains(contentStr, "first message") {
t.Errorf("Log file missing 'first message' after append")
}
if !strings.Contains(contentStr, "second message") {
t.Errorf("Log file missing 'second message' after append")
}
// Third logger - overwrite mode
cfg3 := &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "file",
LogDir: tempDir,
LogFileName: logFileName,
LogAppend: false,
}
logger3, err := NewLogger(cfg3, nil)
if err != nil {
t.Fatalf("NewLogger() error = %v", err)
}
logger3.Info().Msg("third message")
logger3.CloseLogFile()
// Check only third message exists
content, err = os.ReadFile(logPath)
if err != nil {
t.Fatalf("Failed to read log file: %v", err)
}
contentStr = string(content)
if strings.Contains(contentStr, "first message") {
t.Errorf("Log file still contains 'first message' after overwrite")
}
if strings.Contains(contentStr, "second message") {
t.Errorf("Log file still contains 'second message' after overwrite")
}
if !strings.Contains(contentStr, "third message") {
t.Errorf("Log file missing 'third message' after overwrite")
}
}
func TestLogger_CloseLogFile(t *testing.T) {
t.Run("close with file", func(t *testing.T) {
tempDir := t.TempDir()
cfg := &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "file",
LogDir: tempDir,
LogFileName: "close_test.log",
LogAppend: true,
}
logger, err := NewLogger(cfg, nil)
if err != nil {
t.Fatalf("NewLogger() error = %v", err)
}
err = logger.CloseLogFile()
if err != nil {
t.Errorf("CloseLogFile() error = %v", err)
}
})
t.Run("close without file", func(t *testing.T) {
cfg := &Config{
LogLevel: zerolog.InfoLevel,
LogOutput: "console",
}
logger, err := NewLogger(cfg, bytes.NewBuffer(nil))
if err != nil {
t.Fatalf("NewLogger() error = %v", err)
}
err = logger.CloseLogFile()
if err != nil {
t.Errorf("CloseLogFile() should not error when no file is open, got: %v", err)
}
})
}

21
hws/.gitignore vendored Normal file
View File

@@ -0,0 +1,21 @@
# Test coverage files
coverage.out
coverage.html
# Binaries for programs and plugins
*.exe
*.exe~
*.dll
*.so
*.dylib
# Test binary, built with `go test -c`
*.test
# Output of the go coverage tool
*.out
# Go workspace file
go.work
.claude/

21
hws/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2026 haelnorr
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

114
hws/README.md Normal file
View File

@@ -0,0 +1,114 @@
# HWS (H Web Server) - v0.2.3
A lightweight, opinionated HTTP web server framework for Go built on top of the standard library's net/http.
## Features
- Built on Go 1.22+ routing patterns with method and path matching
- Structured error handling with customizable error pages
- Integrated logging with zerolog via hlog
- Middleware support with predictable execution order
- GZIP compression support
- Safe static file serving (prevents directory listing)
- Environment variable configuration with ConfigFromEnv
- Request timing and logging middleware
- Graceful shutdown support
- Built-in health check endpoint
## Installation
```bash
go get git.haelnorr.com/h/golib/hws
```
## Quick Start
```go
package main
import (
"context"
"net/http"
"git.haelnorr.com/h/golib/hws"
)
func main() {
// Load configuration from environment variables
config, _ := hws.ConfigFromEnv()
// Create server
server, _ := hws.NewServer(config)
// Define routes
routes := []hws.Route{
{
Path: "/",
Method: hws.MethodGET,
Handler: http.HandlerFunc(homeHandler),
},
{
Path: "/api/users/{id}",
Method: hws.MethodGET,
Handler: http.HandlerFunc(getUserHandler),
},
{
// Single route handling multiple HTTP methods
Path: "/api/resource",
Methods: []hws.Method{hws.MethodGET, hws.MethodPOST, hws.MethodPUT},
Handler: http.HandlerFunc(resourceHandler),
},
}
// Add routes and middleware
server.AddRoutes(routes...)
server.AddMiddleware()
// Start server
ctx := context.Background()
server.Start(ctx)
// Wait for server to be ready
<-server.Ready()
}
func homeHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Hello, World!"))
}
func getUserHandler(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
w.Write([]byte("User ID: " + id))
}
func resourceHandler(w http.ResponseWriter, r *http.Request) {
// Handle GET, POST, and PUT for the same path
switch r.Method {
case "GET":
w.Write([]byte("Getting resource"))
case "POST":
w.Write([]byte("Creating resource"))
case "PUT":
w.Write([]byte("Updating resource"))
}
}
```
## Documentation
For detailed documentation, see the [HWS Wiki](https://git.haelnorr.com/h/golib/wiki/HWS.md).
Additional API documentation is available at [GoDoc](https://pkg.go.dev/git.haelnorr.com/h/golib/hws).
## License
This project is licensed under the MIT License - see the LICENSE file for details.
## Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
## Related Projects
- [hwsauth](https://git.haelnorr.com/h/golib/hwsauth) - JWT authentication middleware for HWS
- [hlog](https://git.haelnorr.com/h/golib/hlog) - Structured logging with zerolog
- [jwt](https://git.haelnorr.com/h/golib/jwt) - JWT token generation and validation

32
hws/config.go Normal file
View File

@@ -0,0 +1,32 @@
package hws
import (
"time"
"git.haelnorr.com/h/golib/env"
)
type Config struct {
Host string // ENV HWS_HOST: Host to listen on (default: 127.0.0.1)
Port uint64 // ENV HWS_PORT: Port to listen on (default: 3000)
GZIP bool // ENV HWS_GZIP: Flag for GZIP compression on requests (default: false)
ReadHeaderTimeout time.Duration // ENV HWS_READ_HEADER_TIMEOUT: Timeout for reading request headers in seconds (default: 2)
WriteTimeout time.Duration // ENV HWS_WRITE_TIMEOUT: Timeout for writing requests in seconds (default: 10)
IdleTimeout time.Duration // ENV HWS_IDLE_TIMEOUT: Timeout for idle connections in seconds (default: 120)
ShutdownDelay time.Duration // ENV HWS_SHUTDOWN_DELAY: Delay in seconds before server shutsdown when Shutdown is called (default: 5)
}
// ConfigFromEnv returns a Config struct loaded from the environment variables
func ConfigFromEnv() (*Config, error) {
cfg := &Config{
Host: env.String("HWS_HOST", "127.0.0.1"),
Port: env.UInt64("HWS_PORT", 3000),
GZIP: env.Bool("HWS_GZIP", false),
ReadHeaderTimeout: time.Duration(env.Int("HWS_READ_HEADER_TIMEOUT", 2)) * time.Second,
WriteTimeout: time.Duration(env.Int("HWS_WRITE_TIMEOUT", 10)) * time.Second,
IdleTimeout: time.Duration(env.Int("HWS_IDLE_TIMEOUT", 120)) * time.Second,
ShutdownDelay: time.Duration(env.Int("HWS_SHUTDOWN_DELAY", 5)) * time.Second,
}
return cfg, nil
}

102
hws/config_test.go Normal file
View File

@@ -0,0 +1,102 @@
package hws_test
import (
"os"
"testing"
"time"
"git.haelnorr.com/h/golib/hws"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_ConfigFromEnv(t *testing.T) {
t.Run("Default values when no env vars set", func(t *testing.T) {
// Clear any existing env vars
os.Unsetenv("HWS_HOST")
os.Unsetenv("HWS_PORT")
os.Unsetenv("HWS_GZIP")
os.Unsetenv("HWS_READ_HEADER_TIMEOUT")
os.Unsetenv("HWS_WRITE_TIMEOUT")
os.Unsetenv("HWS_IDLE_TIMEOUT")
config, err := hws.ConfigFromEnv()
require.NoError(t, err)
require.NotNil(t, config)
assert.Equal(t, "127.0.0.1", config.Host)
assert.Equal(t, uint64(3000), config.Port)
assert.Equal(t, false, config.GZIP)
assert.Equal(t, 2*time.Second, config.ReadHeaderTimeout)
assert.Equal(t, 10*time.Second, config.WriteTimeout)
assert.Equal(t, 120*time.Second, config.IdleTimeout)
})
t.Run("Custom host", func(t *testing.T) {
os.Setenv("HWS_HOST", "192.168.1.1")
defer os.Unsetenv("HWS_HOST")
config, err := hws.ConfigFromEnv()
require.NoError(t, err)
assert.Equal(t, "192.168.1.1", config.Host)
})
t.Run("Custom port", func(t *testing.T) {
os.Setenv("HWS_PORT", "8080")
defer os.Unsetenv("HWS_PORT")
config, err := hws.ConfigFromEnv()
require.NoError(t, err)
assert.Equal(t, uint64(8080), config.Port)
})
t.Run("GZIP enabled", func(t *testing.T) {
os.Setenv("HWS_GZIP", "true")
defer os.Unsetenv("HWS_GZIP")
config, err := hws.ConfigFromEnv()
require.NoError(t, err)
assert.Equal(t, true, config.GZIP)
})
t.Run("Custom timeouts", func(t *testing.T) {
os.Setenv("HWS_READ_HEADER_TIMEOUT", "5")
os.Setenv("HWS_WRITE_TIMEOUT", "30")
os.Setenv("HWS_IDLE_TIMEOUT", "300")
defer os.Unsetenv("HWS_READ_HEADER_TIMEOUT")
defer os.Unsetenv("HWS_WRITE_TIMEOUT")
defer os.Unsetenv("HWS_IDLE_TIMEOUT")
config, err := hws.ConfigFromEnv()
require.NoError(t, err)
assert.Equal(t, 5*time.Second, config.ReadHeaderTimeout)
assert.Equal(t, 30*time.Second, config.WriteTimeout)
assert.Equal(t, 300*time.Second, config.IdleTimeout)
})
t.Run("All custom values", func(t *testing.T) {
os.Setenv("HWS_HOST", "0.0.0.0")
os.Setenv("HWS_PORT", "9000")
os.Setenv("HWS_GZIP", "true")
os.Setenv("HWS_READ_HEADER_TIMEOUT", "3")
os.Setenv("HWS_WRITE_TIMEOUT", "15")
os.Setenv("HWS_IDLE_TIMEOUT", "180")
defer func() {
os.Unsetenv("HWS_HOST")
os.Unsetenv("HWS_PORT")
os.Unsetenv("HWS_GZIP")
os.Unsetenv("HWS_READ_HEADER_TIMEOUT")
os.Unsetenv("HWS_WRITE_TIMEOUT")
os.Unsetenv("HWS_IDLE_TIMEOUT")
}()
config, err := hws.ConfigFromEnv()
require.NoError(t, err)
assert.Equal(t, "0.0.0.0", config.Host)
assert.Equal(t, uint64(9000), config.Port)
assert.Equal(t, true, config.GZIP)
assert.Equal(t, 3*time.Second, config.ReadHeaderTimeout)
assert.Equal(t, 15*time.Second, config.WriteTimeout)
assert.Equal(t, 180*time.Second, config.IdleTimeout)
})
}

156
hws/doc.go Normal file
View File

@@ -0,0 +1,156 @@
// Package hws provides a lightweight HTTP web server framework built on top of Go's standard library.
//
// HWS (H Web Server) is an opinionated framework that leverages Go 1.22+ routing patterns
// with built-in middleware, structured error handling, and production-ready defaults. It
// integrates seamlessly with other golib packages like hlog for logging and hwsauth for
// authentication.
//
// # Basic Usage
//
// Create a server with environment-based configuration:
//
// cfg, err := hws.ConfigFromEnv()
// if err != nil {
// log.Fatal(err)
// }
//
// server, err := hws.NewServer(cfg)
// if err != nil {
// log.Fatal(err)
// }
//
// routes := []hws.Route{
// {
// Path: "/",
// Method: hws.MethodGET,
// Handler: http.HandlerFunc(homeHandler),
// },
// }
//
// server.AddRoutes(routes...)
// server.AddMiddleware()
//
// ctx := context.Background()
// server.Start(ctx)
//
// <-server.Ready()
//
// # Configuration
//
// HWS can be configured via environment variables using ConfigFromEnv:
//
// HWS_HOST=127.0.0.1 # Host to listen on (default: 127.0.0.1)
// HWS_PORT=3000 # Port to listen on (default: 3000)
// HWS_GZIP=false # Enable GZIP compression (default: false)
// HWS_READ_HEADER_TIMEOUT=2 # Header read timeout in seconds (default: 2)
// HWS_WRITE_TIMEOUT=10 # Write timeout in seconds (default: 10)
// HWS_IDLE_TIMEOUT=120 # Idle connection timeout in seconds (default: 120)
//
// Or programmatically:
//
// cfg := &hws.Config{
// Host: "0.0.0.0",
// Port: 8080,
// GZIP: true,
// ReadHeaderTimeout: 5 * time.Second,
// WriteTimeout: 15 * time.Second,
// IdleTimeout: 120 * time.Second,
// }
//
// # Routing
//
// HWS uses Go 1.22+ routing patterns with method-specific handlers:
//
// routes := []hws.Route{
// {
// Path: "/users/{id}",
// Method: hws.MethodGET,
// Handler: http.HandlerFunc(getUser),
// },
// {
// Path: "/users/{id}",
// Method: hws.MethodPUT,
// Handler: http.HandlerFunc(updateUser),
// },
// }
//
// A single route can handle multiple HTTP methods using the Methods field:
//
// routes := []hws.Route{
// {
// Path: "/api/resource",
// Methods: []hws.Method{hws.MethodGET, hws.MethodPOST, hws.MethodPUT},
// Handler: http.HandlerFunc(resourceHandler),
// },
// }
//
// Note: The Methods field takes precedence over Method if both are provided.
//
// Path parameters can be accessed using r.PathValue():
//
// func getUser(w http.ResponseWriter, r *http.Request) {
// id := r.PathValue("id")
// // ... handle request
// }
//
// # Middleware
//
// HWS supports middleware with predictable execution order. Built-in middleware includes
// request logging, timing, and GZIP compression:
//
// server.AddMiddleware()
//
// Custom middleware can be added using standard http.Handler wrapping:
//
// server.AddMiddleware(customMiddleware)
//
// # Error Handling
//
// HWS provides structured error handling with customizable error pages:
//
// errorPageFunc := func(w http.ResponseWriter, r *http.Request, status int) {
// w.WriteHeader(status)
// fmt.Fprintf(w, "Error: %d", status)
// }
//
// server.AddErrorPage(errorPageFunc)
//
// # Logging
//
// HWS integrates with hlog for structured logging:
//
// logger, _ := hlog.NewLogger(loggerCfg, os.Stdout)
// server.AddLogger(logger)
//
// The server will automatically log requests, errors, and server lifecycle events.
//
// # Static Files
//
// HWS provides safe static file serving that prevents directory listing:
//
// server.AddStaticFiles("/static", "./public")
//
// # Graceful Shutdown
//
// HWS supports graceful shutdown via context cancellation:
//
// ctx, cancel := context.WithCancel(context.Background())
// defer cancel()
//
// server.Start(ctx)
//
// // Wait for shutdown signal
// sigChan := make(chan os.Signal, 1)
// signal.Notify(sigChan, os.Interrupt, syscall.SIGTERM)
// <-sigChan
//
// // Cancel context to trigger graceful shutdown
// cancel()
//
// # Integration
//
// HWS integrates with:
// - git.haelnorr.com/h/golib/hlog: For structured logging with zerolog
// - git.haelnorr.com/h/golib/hwsauth: For JWT-based authentication
// - git.haelnorr.com/h/golib/jwt: For JWT token management
package hws

108
hws/errors.go Normal file
View File

@@ -0,0 +1,108 @@
package hws
import (
"context"
"io"
"net/http"
"net/http/httptest"
"github.com/pkg/errors"
)
// Error to use with Server.ThrowError
type HWSError struct {
StatusCode int // HTTP Status code
Message string // Error message
Error error // Error
Level ErrorLevel // Error level to use for logging. Defaults to Error
RenderErrorPage bool // If true, the servers ErrorPage will be rendered
}
type ErrorLevel string
const (
ErrorDEBUG ErrorLevel = "Debug"
ErrorINFO ErrorLevel = "Info"
ErrorWARN ErrorLevel = "Warn"
ErrorERROR ErrorLevel = "Error"
ErrorFATAL ErrorLevel = "Fatal"
ErrorPANIC ErrorLevel = "Panic"
)
// ErrorPageFunc is a function that returns an ErrorPage with the specified HTTP Status code
// This will be called by the server when it needs to render an error page
type ErrorPageFunc func(error HWSError) (ErrorPage, error)
// ErrorPage must implement a Render() function that takes in a context and ResponseWriter,
// and should write a reponse as output to the ResponseWriter.
// Server.ThrowError will call the Render() function on the current request
type ErrorPage interface {
Render(ctx context.Context, w io.Writer) error
}
// AddErrorPage registers a handler that returns an ErrorPage
func (server *Server) AddErrorPage(pageFunc ErrorPageFunc) error {
rr := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/", nil)
page, err := pageFunc(HWSError{StatusCode: http.StatusInternalServerError})
if err != nil {
return errors.Wrap(err, "An error occured when trying to get the error page")
}
err = page.Render(req.Context(), rr)
if err != nil {
return errors.Wrap(err, "An error occured when trying to render the error page")
}
if len(rr.Header()) == 0 && rr.Body.String() == "" {
return errors.New("Render method of the error page did not write anything to the response writer")
}
server.errorPage = pageFunc
return nil
}
// ThrowError will write the HTTP status code to the response headers, and log
// the error with the level specified by the HWSError.
// If HWSError.RenderErrorPage is true, the error page will be rendered to the ResponseWriter
// and the request chain should be terminated.
func (server *Server) ThrowError(w http.ResponseWriter, r *http.Request, error HWSError) error {
if error.StatusCode <= 0 {
return errors.New("HWSError.StatusCode cannot be 0.")
}
if error.Message == "" {
return errors.New("HWSError.Message cannot be empty")
}
if error.Error == nil {
return errors.New("HWSError.Error cannot be nil")
}
if r == nil {
return errors.New("Request cannot be nil")
}
if !server.IsReady() {
return errors.New("ThrowError called before server started")
}
w.WriteHeader(error.StatusCode)
server.LogError(error)
if server.errorPage == nil {
server.LogError(HWSError{Message: "No error page provided", Error: nil, Level: ErrorDEBUG})
return nil
}
if error.RenderErrorPage {
server.LogError(HWSError{Message: "Error page rendering", Error: nil, Level: ErrorDEBUG})
errPage, err := server.errorPage(error)
if err != nil {
server.LogError(HWSError{Message: "Failed to get a valid error page", Error: err})
}
err = errPage.Render(r.Context(), w)
if err != nil {
server.LogError(HWSError{Message: "Failed to render error page", Error: err})
}
} else {
server.LogError(HWSError{Message: "Error page specified not to render", Error: nil, Level: ErrorDEBUG})
}
return nil
}
func (server *Server) ThrowFatal(w http.ResponseWriter, err error) {
w.WriteHeader(http.StatusInternalServerError)
server.LogFatal(err)
}

273
hws/errors_test.go Normal file
View File

@@ -0,0 +1,273 @@
package hws_test
import (
"bytes"
"context"
"io"
"net/http"
"net/http/httptest"
"testing"
"git.haelnorr.com/h/golib/hws"
"github.com/pkg/errors"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
type goodPage struct{}
type badPage struct{}
func goodRender(error hws.HWSError) (hws.ErrorPage, error) {
return goodPage{}, nil
}
func badRender1(error hws.HWSError) (hws.ErrorPage, error) {
return badPage{}, nil
}
func badRender2(error hws.HWSError) (hws.ErrorPage, error) {
return nil, errors.New("I'm an error")
}
func (g goodPage) Render(ctx context.Context, w io.Writer) error {
w.Write([]byte("Test write to ResponseWriter"))
return nil
}
func (b badPage) Render(ctx context.Context, w io.Writer) error {
return nil
}
func Test_AddErrorPage(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
goodRender := goodRender
badRender1 := badRender1
badRender2 := badRender2
tests := []struct {
name string
renderer hws.ErrorPageFunc
valid bool
}{
{
name: "Valid Renderer",
renderer: goodRender,
valid: true,
},
{
name: "Invalid Renderer 1",
renderer: badRender1,
valid: false,
},
{
name: "Invalid Renderer 2",
renderer: badRender2,
valid: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := server.AddErrorPage(tt.renderer)
if tt.valid {
assert.NoError(t, err)
} else {
assert.Error(t, err)
}
})
}
}
func Test_ThrowError(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
rr := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/", nil)
t.Run("Server not started", func(t *testing.T) {
err := server.ThrowError(rr, req, hws.HWSError{
StatusCode: http.StatusInternalServerError,
Message: "Error",
Error: errors.New("Error"),
})
assert.Error(t, err)
})
startTestServer(t, server)
defer server.Shutdown(t.Context())
tests := []struct {
name string
request *http.Request
error hws.HWSError
valid bool
}{
{
name: "No HWSError.Status code",
request: nil,
error: hws.HWSError{},
valid: false,
},
{
name: "Negative HWSError.Status code",
request: nil,
error: hws.HWSError{StatusCode: -1},
valid: false,
},
{
name: "No HWSError.Message",
request: nil,
error: hws.HWSError{StatusCode: http.StatusInternalServerError},
valid: false,
},
{
name: "No HWSError.Error",
request: nil,
error: hws.HWSError{
StatusCode: http.StatusInternalServerError,
Message: "An error occured",
},
valid: false,
},
{
name: "No request provided",
request: nil,
error: hws.HWSError{
StatusCode: http.StatusInternalServerError,
Message: "An error occured",
Error: errors.New("Error"),
},
valid: false,
},
{
name: "Valid",
request: httptest.NewRequest("GET", "/", nil),
error: hws.HWSError{
StatusCode: http.StatusInternalServerError,
Message: "An error occured",
Error: errors.New("Error"),
},
valid: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
rr := httptest.NewRecorder()
err := server.ThrowError(rr, tt.request, tt.error)
if tt.valid {
assert.NoError(t, err)
} else {
t.Log(err)
assert.Error(t, err)
}
})
}
t.Run("Log level set correctly", func(t *testing.T) {
buf.Reset()
rr := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/", nil)
err := server.ThrowError(rr, req, hws.HWSError{
StatusCode: http.StatusInternalServerError,
Message: "An error occured",
Error: errors.New("Error"),
Level: hws.ErrorWARN,
})
assert.NoError(t, err)
_, err = buf.ReadString([]byte(" ")[0])
loglvl, err := buf.ReadString([]byte(" ")[0])
assert.NoError(t, err)
if loglvl != "\x1b[33mWRN\x1b[0m " {
err = errors.New("Log level not set correctly")
}
assert.NoError(t, err)
buf.Reset()
err = server.ThrowError(rr, req, hws.HWSError{
StatusCode: http.StatusInternalServerError,
Message: "An error occured",
Error: errors.New("Error"),
})
assert.NoError(t, err)
_, err = buf.ReadString([]byte(" ")[0])
loglvl, err = buf.ReadString([]byte(" ")[0])
assert.NoError(t, err)
if loglvl != "\x1b[31mERR\x1b[0m " {
err = errors.New("Log level not set correctly")
}
assert.NoError(t, err)
})
t.Run("Error page doesnt render if no error page set", func(t *testing.T) {
// Must be run before adding the error page to the test server
rr := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/", nil)
err := server.ThrowError(rr, req, hws.HWSError{
StatusCode: http.StatusInternalServerError,
Message: "An error occured",
Error: errors.New("Error"),
RenderErrorPage: true,
})
assert.NoError(t, err)
body := rr.Body.String()
if body != "" {
assert.Error(t, nil)
}
})
t.Run("Error page renders", func(t *testing.T) {
rr := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/", nil)
// Adding the error page will carry over to all future tests and cant be undone
server.AddErrorPage(goodRender)
err := server.ThrowError(rr, req, hws.HWSError{
StatusCode: http.StatusInternalServerError,
Message: "An error occured",
Error: errors.New("Error"),
RenderErrorPage: true,
})
assert.NoError(t, err)
body := rr.Body.String()
if body == "" {
assert.Error(t, nil)
}
})
t.Run("Error page doesnt render if no told to render", func(t *testing.T) {
// Error page already added to server
rr := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/", nil)
err := server.ThrowError(rr, req, hws.HWSError{
StatusCode: http.StatusInternalServerError,
Message: "An error occured",
Error: errors.New("Error"),
})
assert.NoError(t, err)
body := rr.Body.String()
if body != "" {
assert.Error(t, nil)
}
})
server.Shutdown(t.Context())
t.Run("Doesn't error if no logger added to server", func(t *testing.T) {
server, err := hws.NewServer(&hws.Config{
Host: "127.0.0.1",
Port: randomPort(),
})
require.NoError(t, err)
err = server.AddRoutes(hws.Route{
Path: "/",
Method: hws.MethodGET,
Handler: testHandler,
})
require.NoError(t, err)
err = server.Start(t.Context())
require.NoError(t, err)
<-server.Ready()
rr := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/", nil)
err = server.ThrowError(rr, req, hws.HWSError{
StatusCode: http.StatusInternalServerError,
Message: "An error occured",
Error: errors.New("Error"),
})
assert.NoError(t, err)
})
}

35
hws/ezconf.go Normal file
View File

@@ -0,0 +1,35 @@
package hws
import "runtime"
// EZConfIntegration provides integration with ezconf for automatic configuration
type EZConfIntegration struct{}
// PackagePath returns the path to the hws package for source parsing
func (e EZConfIntegration) PackagePath() string {
_, filename, _, _ := runtime.Caller(0)
// Return directory of this file
return filename[:len(filename)-len("/ezconf.go")]
}
// ConfigFunc returns the ConfigFromEnv function for ezconf
func (e EZConfIntegration) ConfigFunc() func() (interface{}, error) {
return func() (interface{}, error) {
return ConfigFromEnv()
}
}
// Name returns the name to use when registering with ezconf
func (e EZConfIntegration) Name() string {
return "hws"
}
// GroupName returns the display name for grouping environment variables
func (e EZConfIntegration) GroupName() string {
return "HWS"
}
// NewEZConfIntegration creates a new EZConf integration helper
func NewEZConfIntegration() EZConfIntegration {
return EZConfIntegration{}
}

25
hws/go.mod Normal file
View File

@@ -0,0 +1,25 @@
module git.haelnorr.com/h/golib/hws
go 1.25.5
require (
git.haelnorr.com/h/golib/env v0.9.1
git.haelnorr.com/h/golib/hlog v0.9.0
git.haelnorr.com/h/golib/notify v0.1.0
github.com/pkg/errors v0.9.1
github.com/stretchr/testify v1.11.1
k8s.io/apimachinery v0.35.0
)
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/go-logr/logr v1.4.3 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/rs/zerolog v1.34.0 // indirect
golang.org/x/sys v0.12.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect
)

40
hws/go.sum Normal file
View File

@@ -0,0 +1,40 @@
git.haelnorr.com/h/golib/env v0.9.1 h1:2Vsj+mJKnO5f1Md1GO5v9ggLN5zWa0baCewcSHTjoNY=
git.haelnorr.com/h/golib/env v0.9.1/go.mod h1:glUQVdA1HMKX1avTDyTyuhcr36SSxZtlJxKDT5KTztg=
git.haelnorr.com/h/golib/hlog v0.9.0 h1:ib8n2MdmiRK2TF067p220kXmhDe9aAnlcsgpuv+QpvE=
git.haelnorr.com/h/golib/hlog v0.9.0/go.mod h1:oOlzb8UVHUYP1k7dN5PSJXVskAB2z8EYgRN85jAi0Zk=
git.haelnorr.com/h/golib/notify v0.1.0 h1:xdf6zd21F6n+SuGTeJiuLNMf6zFXMvwpKD0gmNq8N10=
git.haelnorr.com/h/golib/notify v0.1.0/go.mod h1:ARqaRmCYb8LMURhDM75sG+qX+YpqXmUVeAtacwjHjBc=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
k8s.io/apimachinery v0.35.0 h1:Z2L3IHvPVv/MJ7xRxHEtk6GoJElaAqDCCU0S6ncYok8=
k8s.io/apimachinery v0.35.0/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck=
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=

31
hws/gzip.go Normal file
View File

@@ -0,0 +1,31 @@
package hws
import (
"compress/gzip"
"io"
"net/http"
"strings"
)
func addgzip(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
next.ServeHTTP(w, r)
return
}
w.Header().Set("Content-Encoding", "gzip")
gz := gzip.NewWriter(w)
defer gz.Close()
gzw := gzipResponseWriter{Writer: gz, ResponseWriter: w}
next.ServeHTTP(gzw, r)
})
}
type gzipResponseWriter struct {
io.Writer
http.ResponseWriter
}
func (w gzipResponseWriter) Write(b []byte) (int, error) {
return w.Writer.Write(b)
}

223
hws/gzip_test.go Normal file
View File

@@ -0,0 +1,223 @@
package hws_test
import (
"bytes"
"compress/gzip"
"io"
"net/http"
"net/http/httptest"
"testing"
"git.haelnorr.com/h/golib/hlog"
"git.haelnorr.com/h/golib/hws"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_GZIP_Compression(t *testing.T) {
var buf bytes.Buffer
t.Run("GZIP enabled compresses response", func(t *testing.T) {
server, err := hws.NewServer(&hws.Config{
Host: "127.0.0.1",
Port: randomPort(),
GZIP: true,
})
require.NoError(t, err)
logger, err := hlog.NewLogger(hlog.LogLevel("Debug"), &buf, nil, "")
require.NoError(t, err)
err = server.AddLogger(logger)
require.NoError(t, err)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("This is a test response that should be compressed"))
})
err = server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
err = server.Start(t.Context())
require.NoError(t, err)
defer server.Shutdown(t.Context())
<-server.Ready()
// Make request with Accept-Encoding: gzip
client := &http.Client{}
req, err := http.NewRequest("GET", "http://"+server.Addr()+"/test", nil)
require.NoError(t, err)
req.Header.Set("Accept-Encoding", "gzip")
resp, err := client.Do(req)
require.NoError(t, err)
defer resp.Body.Close()
// Verify the response is gzip compressed
assert.Equal(t, "gzip", resp.Header.Get("Content-Encoding"))
// Decompress and verify content
gzReader, err := gzip.NewReader(resp.Body)
require.NoError(t, err)
defer gzReader.Close()
decompressed, err := io.ReadAll(gzReader)
require.NoError(t, err)
assert.Equal(t, "This is a test response that should be compressed", string(decompressed))
})
t.Run("GZIP disabled does not compress", func(t *testing.T) {
server, err := hws.NewServer(&hws.Config{
Host: "127.0.0.1",
Port: randomPort(),
GZIP: false,
})
require.NoError(t, err)
logger, err := hlog.NewLogger(hlog.LogLevel("Debug"), &buf, nil, "")
require.NoError(t, err)
err = server.AddLogger(logger)
require.NoError(t, err)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("This response should not be compressed"))
})
err = server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
err = server.Start(t.Context())
require.NoError(t, err)
defer server.Shutdown(t.Context())
<-server.Ready()
// Make request with Accept-Encoding: gzip
client := &http.Client{}
req, err := http.NewRequest("GET", "http://"+server.Addr()+"/test", nil)
require.NoError(t, err)
req.Header.Set("Accept-Encoding", "gzip")
resp, err := client.Do(req)
require.NoError(t, err)
defer resp.Body.Close()
// Verify the response is NOT gzip compressed
assert.Empty(t, resp.Header.Get("Content-Encoding"))
// Read plain content
body, err := io.ReadAll(resp.Body)
require.NoError(t, err)
assert.Equal(t, "This response should not be compressed", string(body))
})
t.Run("GZIP not used when client doesn't accept it", func(t *testing.T) {
server, err := hws.NewServer(&hws.Config{
Host: "127.0.0.1",
Port: randomPort(),
GZIP: true,
})
require.NoError(t, err)
logger, err := hlog.NewLogger(hlog.LogLevel("Debug"), &buf, nil, "")
require.NoError(t, err)
err = server.AddLogger(logger)
require.NoError(t, err)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("plain text"))
})
err = server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
err = server.Start(t.Context())
require.NoError(t, err)
defer server.Shutdown(t.Context())
<-server.Ready()
// Request without Accept-Encoding header should not be compressed
client := &http.Client{}
req, err := http.NewRequest("GET", "http://"+server.Addr()+"/test", nil)
require.NoError(t, err)
// Explicitly NOT setting Accept-Encoding header
resp, err := client.Do(req)
require.NoError(t, err)
defer resp.Body.Close()
// Verify the response is NOT gzip compressed even though server has GZIP enabled
assert.Empty(t, resp.Header.Get("Content-Encoding"))
// Read plain content
body, err := io.ReadAll(resp.Body)
require.NoError(t, err)
assert.Equal(t, "plain text", string(body))
})
}
func Test_GzipResponseWriter(t *testing.T) {
t.Run("Can write through gzip writer", func(t *testing.T) {
var buf bytes.Buffer
gzWriter := gzip.NewWriter(&buf)
testData := []byte("Test data to compress")
n, err := gzWriter.Write(testData)
require.NoError(t, err)
assert.Equal(t, len(testData), n)
err = gzWriter.Close()
require.NoError(t, err)
// Decompress and verify
gzReader, err := gzip.NewReader(&buf)
require.NoError(t, err)
defer gzReader.Close()
decompressed, err := io.ReadAll(gzReader)
require.NoError(t, err)
assert.Equal(t, testData, decompressed)
})
t.Run("Headers are set correctly", func(t *testing.T) {
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("test"))
})
// Create a simple middleware to test gzip behavior
testMiddleware := func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
r.Header.Set("Accept-Encoding", "gzip")
next.ServeHTTP(w, r)
})
}
wrapped := testMiddleware(handler)
req := httptest.NewRequest("GET", "/test", nil)
req.Header.Set("Accept-Encoding", "gzip")
rr := httptest.NewRecorder()
wrapped.ServeHTTP(rr, req)
// Note: This is a simplified test
})
}

84
hws/logger.go Normal file
View File

@@ -0,0 +1,84 @@
package hws
import (
"errors"
"fmt"
"net/url"
"git.haelnorr.com/h/golib/hlog"
)
type logger struct {
logger *hlog.Logger
ignoredPaths []string
}
// TODO: add tests to make sure all the fields are correctly set
func (s *Server) LogError(err HWSError) {
if s.logger == nil {
return
}
switch err.Level {
case ErrorDEBUG:
s.logger.logger.Debug().Msg(err.Message)
return
case ErrorINFO:
s.logger.logger.Info().Msg(err.Message)
return
case ErrorWARN:
s.logger.logger.Warn().Err(err.Error).Msg(err.Message)
return
case ErrorERROR:
s.logger.logger.Error().Str("stacktrace", fmt.Sprintf("%+v", err.Error)).Err(err.Error).Msg(err.Message)
return
case ErrorFATAL:
s.logger.logger.Fatal().Str("stacktrace", fmt.Sprintf("%+v", err.Error)).Err(err.Error).Msg(err.Message)
return
case ErrorPANIC:
s.logger.logger.Panic().Str("stacktrace", fmt.Sprintf("%+v", err.Error)).Err(err.Error).Msg(err.Message)
return
default:
s.logger.logger.Error().Str("stacktrace", fmt.Sprintf("%+v", err.Error)).Err(err.Error).Msg(err.Message)
}
}
func (server *Server) LogFatal(err error) {
if err == nil {
err = errors.New("LogFatal was called with a nil error")
}
if server.logger == nil {
fmt.Printf("FATAL - %s: %s", "A fatal error has occured", err.Error())
return
}
server.logger.logger.Fatal().Err(err).Msg("A fatal error has occured")
}
// Server.AddLogger adds a logger to the server to use for request logging.
func (server *Server) AddLogger(hlogger *hlog.Logger) error {
if hlogger == nil {
return errors.New("Unable to add logger, no logger provided")
}
server.logger = &logger{
logger: hlogger,
}
return nil
}
// Server.LoggerIgnorePaths sets a list of URL paths to ignore logging for.
// Path should match the url.URL.Path field, see https://pkg.go.dev/net/url#URL
// Useful for ignoring requests to CSS files or favicons
func (server *Server) LoggerIgnorePaths(paths ...string) error {
for _, path := range paths {
u, err := url.Parse(path)
valid := err == nil &&
u.Scheme == "" &&
u.Host == "" &&
u.RawQuery == "" &&
u.Fragment == ""
if !valid {
return fmt.Errorf("Invalid path: '%s'", path)
}
}
server.logger.ignoredPaths = paths
return nil
}

239
hws/logger_test.go Normal file
View File

@@ -0,0 +1,239 @@
package hws_test
import (
"bytes"
"testing"
"git.haelnorr.com/h/golib/hlog"
"git.haelnorr.com/h/golib/hws"
"github.com/pkg/errors"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_AddLogger(t *testing.T) {
server, err := hws.NewServer(&hws.Config{
Host: "127.0.0.1",
Port: randomPort(),
})
require.NoError(t, err)
t.Run("No logger provided", func(t *testing.T) {
err = server.AddLogger(nil)
assert.Error(t, err)
})
}
func Test_LogError_AllLevels(t *testing.T) {
t.Run("DEBUG level", func(t *testing.T) {
var buf bytes.Buffer
// Create server with logger explicitly set to Debug level
server, err := hws.NewServer(&hws.Config{
Host: "127.0.0.1",
Port: randomPort(),
})
require.NoError(t, err)
logger, err := hlog.NewLogger(hlog.LogLevel("debug"), &buf, nil, "")
require.NoError(t, err)
err = server.AddLogger(logger)
require.NoError(t, err)
testErr := hws.HWSError{
StatusCode: 500,
Message: "test message",
Error: errors.New("test error"),
Level: hws.ErrorDEBUG,
}
server.LogError(testErr)
output := buf.String()
// If output is empty, skip the test - debug logging might be disabled
if output == "" {
t.Skip("Debug logging appears to be disabled")
}
assert.Contains(t, output, "DBG", "Log output should contain the expected log level indicator")
assert.Contains(t, output, "test message", "Log output should contain the message")
assert.Contains(t, output, "test error", "Log output should contain the error")
})
tests := []struct {
name string
level hws.ErrorLevel
expected string
}{
{
name: "INFO level",
level: hws.ErrorINFO,
expected: "INF",
},
{
name: "WARN level",
level: hws.ErrorWARN,
expected: "WRN",
},
{
name: "ERROR level",
level: hws.ErrorERROR,
expected: "ERR",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
// Create an error with the specific level
testErr := hws.HWSError{
StatusCode: 500,
Message: "test message",
Error: errors.New("test error"),
Level: tt.level,
}
server.LogError(testErr)
output := buf.String()
assert.Contains(t, output, tt.expected, "Log output should contain the expected log level indicator")
assert.Contains(t, output, "test message", "Log output should contain the message")
assert.Contains(t, output, "test error", "Log output should contain the error")
})
}
t.Run("Default level when invalid level provided", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
testErr := hws.HWSError{
StatusCode: 500,
Message: "test message",
Error: errors.New("test error"),
Level: hws.ErrorLevel("InvalidLevel"),
}
server.LogError(testErr)
output := buf.String()
// Should default to ERROR level
assert.Contains(t, output, "ERR", "Invalid level should default to ERROR")
})
t.Run("LogError with nil logger does nothing", func(t *testing.T) {
server, err := hws.NewServer(&hws.Config{
Host: "127.0.0.1",
Port: randomPort(),
})
require.NoError(t, err)
// No logger added
testErr := hws.HWSError{
StatusCode: 500,
Message: "test message",
Error: errors.New("test error"),
Level: hws.ErrorERROR,
}
// Should not panic
server.LogError(testErr)
})
}
func Test_LogError_PANIC(t *testing.T) {
t.Run("PANIC level causes panic", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
testErr := hws.HWSError{
StatusCode: 500,
Message: "test panic message",
Error: errors.New("test panic error"),
Level: hws.ErrorPANIC,
}
// Should panic
assert.Panics(t, func() {
server.LogError(testErr)
}, "LogError with PANIC level should cause a panic")
// Check that the log was written before panic
output := buf.String()
assert.Contains(t, output, "test panic message")
assert.Contains(t, output, "test panic error")
})
}
func Test_LogFatal(t *testing.T) {
// Note: We cannot actually test Fatal() as it calls os.Exit()
// Testing this would require subprocess testing which is overly complex
// These tests document the expected behavior and verify the function signatures exist
t.Run("LogFatal with nil logger prints to stdout", func(t *testing.T) {
_, err := hws.NewServer(&hws.Config{
Host: "127.0.0.1",
Port: randomPort(),
})
require.NoError(t, err)
// No logger added
// In production, LogFatal would print to stdout and exit
})
t.Run("LogFatal with nil error", func(t *testing.T) {
_, err := hws.NewServer(&hws.Config{
Host: "127.0.0.1",
Port: randomPort(),
})
require.NoError(t, err)
// In production, nil errors are converted to a default error message
})
}
func Test_LoggerIgnorePaths(t *testing.T) {
t.Run("Invalid path with scheme", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
err := server.LoggerIgnorePaths("http://example.com/path")
assert.Error(t, err)
assert.Contains(t, err.Error(), "Invalid path")
})
t.Run("Invalid path with host", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
err := server.LoggerIgnorePaths("//example.com/path")
assert.Error(t, err)
if err != nil {
assert.Contains(t, err.Error(), "Invalid path")
}
})
t.Run("Invalid path with query", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
err := server.LoggerIgnorePaths("/path?query=value")
assert.Error(t, err)
assert.Contains(t, err.Error(), "Invalid path")
})
t.Run("Invalid path with fragment", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
err := server.LoggerIgnorePaths("/path#fragment")
assert.Error(t, err)
assert.Contains(t, err.Error(), "Invalid path")
})
t.Run("Valid paths", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
err := server.LoggerIgnorePaths("/static/css", "/favicon.ico", "/api/health")
assert.NoError(t, err)
})
}

63
hws/middleware.go Normal file
View File

@@ -0,0 +1,63 @@
package hws
import (
"errors"
"net/http"
)
type Middleware func(h http.Handler) http.Handler
type MiddlewareFunc func(w http.ResponseWriter, r *http.Request) (*http.Request, *HWSError)
// Server.AddMiddleware registers all the middleware.
// Middleware will be run in the order that they are provided.
// Can only be called once
func (server *Server) AddMiddleware(middleware ...Middleware) error {
if !server.routes {
return errors.New("Server.AddRoutes must be called before Server.AddMiddleware")
}
if server.middleware {
return errors.New("Server.AddMiddleware already called")
}
// RUN LOGGING MIDDLEWARE FIRST
server.server.Handler = logging(server.server.Handler, server.logger)
// LOOP PROVIDED MIDDLEWARE IN REVERSE order
for i := len(middleware); i > 0; i-- {
server.server.Handler = middleware[i-1](server.server.Handler)
}
// RUN GZIP
if server.GZIP {
server.server.Handler = addgzip(server.server.Handler)
}
// RUN TIMER MIDDLEWARE LAST
server.server.Handler = startTimer(server.server.Handler)
server.middleware = true
return nil
}
// NewMiddleware returns a new Middleware for the server.
// A MiddlewareFunc is a function that takes in a http.ResponseWriter and http.Request,
// and returns a new request and optional HWSError.
// If a HWSError is returned, server.ThrowError will be called.
// If HWSError.RenderErrorPage is true, the request chain will be terminated and the error page rendered
func (server *Server) NewMiddleware(
middlewareFunc MiddlewareFunc,
) Middleware {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
newReq, herr := middlewareFunc(w, r)
if herr != nil {
server.ThrowError(w, r, *herr)
if herr.RenderErrorPage {
return
}
next.ServeHTTP(w, r)
return
}
next.ServeHTTP(w, newReq)
})
}
}

38
hws/middleware_logging.go Normal file
View File

@@ -0,0 +1,38 @@
package hws
import (
"net/http"
"slices"
"time"
)
// Middleware to add logs to console with details of the request
func logging(next http.Handler, logger *logger) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if logger == nil {
next.ServeHTTP(w, r)
return
}
if slices.Contains(logger.ignoredPaths, r.URL.Path) {
next.ServeHTTP(w, r)
return
}
start, err := getStartTime(r.Context())
if err != nil {
logger.logger.Error().Err(err)
return
}
wrapped := &wrappedWriter{
ResponseWriter: w,
statusCode: http.StatusOK,
}
next.ServeHTTP(wrapped, r)
logger.logger.Info().
Int("status", wrapped.statusCode).
Str("method", r.Method).
Str("resource", r.URL.Path).
Dur("time_elapsed", time.Since(start)).
Str("remote_addr", r.Header.Get("X-Forwarded-For")).
Msg("Served")
})
}

249
hws/middleware_test.go Normal file
View File

@@ -0,0 +1,249 @@
package hws_test
import (
"bytes"
"net/http"
"net/http/httptest"
"testing"
"git.haelnorr.com/h/golib/hws"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_AddMiddleware(t *testing.T) {
var buf bytes.Buffer
t.Run("Cannot add middleware before routes", func(t *testing.T) {
server := createTestServer(t, &buf)
err := server.AddMiddleware()
assert.Error(t, err)
assert.Contains(t, err.Error(), "Server.AddRoutes must be called before")
})
t.Run("Can add middleware after routes", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
err = server.AddMiddleware()
assert.NoError(t, err)
})
t.Run("Can add custom middleware", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
customMiddleware := func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Custom", "test")
next.ServeHTTP(w, r)
})
}
err = server.AddMiddleware(customMiddleware)
assert.NoError(t, err)
})
t.Run("Can add multiple middlewares", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
middleware1 := func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
next.ServeHTTP(w, r)
})
}
middleware2 := func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
next.ServeHTTP(w, r)
})
}
err = server.AddMiddleware(middleware1, middleware2)
assert.NoError(t, err)
})
}
func Test_NewMiddleware(t *testing.T) {
var buf bytes.Buffer
t.Run("NewMiddleware without error", func(t *testing.T) {
server := createTestServer(t, &buf)
middlewareFunc := func(w http.ResponseWriter, r *http.Request) (*http.Request, *hws.HWSError) {
// Modify request or do something
return r, nil
}
middleware := server.NewMiddleware(middlewareFunc)
assert.NotNil(t, middleware)
// Test the middleware
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("success"))
})
wrappedHandler := middleware(handler)
req := httptest.NewRequest("GET", "/test", nil)
rr := httptest.NewRecorder()
wrappedHandler.ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
})
t.Run("NewMiddleware with error but no render", func(t *testing.T) {
server := createTestServer(t, &buf)
// Add routes and logger first
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
middlewareFunc := func(w http.ResponseWriter, r *http.Request) (*http.Request, *hws.HWSError) {
return r, &hws.HWSError{
StatusCode: http.StatusBadRequest,
Message: "Test error",
Error: assert.AnError,
RenderErrorPage: false,
}
}
middleware := server.NewMiddleware(middlewareFunc)
wrappedHandler := middleware(handler)
req := httptest.NewRequest("GET", "/test", nil)
rr := httptest.NewRecorder()
wrappedHandler.ServeHTTP(rr, req)
// Handler should still be called
assert.Equal(t, http.StatusOK, rr.Code)
})
t.Run("NewMiddleware with error and render", func(t *testing.T) {
server := createTestServer(t, &buf)
// Add routes and logger first
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("should not reach"))
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
middlewareFunc := func(w http.ResponseWriter, r *http.Request) (*http.Request, *hws.HWSError) {
return r, &hws.HWSError{
StatusCode: http.StatusForbidden,
Message: "Access denied",
Error: assert.AnError,
RenderErrorPage: true,
}
}
middleware := server.NewMiddleware(middlewareFunc)
wrappedHandler := middleware(handler)
req := httptest.NewRequest("GET", "/test", nil)
rr := httptest.NewRecorder()
wrappedHandler.ServeHTTP(rr, req)
// Handler should NOT be called, response should be empty or error page
body := rr.Body.String()
assert.NotContains(t, body, "should not reach")
})
t.Run("NewMiddleware can modify request", func(t *testing.T) {
server := createTestServer(t, &buf)
middlewareFunc := func(w http.ResponseWriter, r *http.Request) (*http.Request, *hws.HWSError) {
// Add a header to the request
r.Header.Set("X-Modified", "true")
return r, nil
}
middleware := server.NewMiddleware(middlewareFunc)
var capturedHeader string
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
capturedHeader = r.Header.Get("X-Modified")
w.WriteHeader(http.StatusOK)
})
wrappedHandler := middleware(handler)
req := httptest.NewRequest("GET", "/test", nil)
rr := httptest.NewRecorder()
wrappedHandler.ServeHTTP(rr, req)
assert.Equal(t, "true", capturedHeader)
})
}
func Test_Middleware_Ordering(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
var order []string
middleware1 := func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
order = append(order, "middleware1")
next.ServeHTTP(w, r)
})
}
middleware2 := func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
order = append(order, "middleware2")
next.ServeHTTP(w, r)
})
}
err = server.AddMiddleware(middleware1, middleware2)
require.NoError(t, err)
// The middleware should execute in the order provided
// Note: This test is simplified and may need adjustment based on actual execution
}

33
hws/middleware_timer.go Normal file
View File

@@ -0,0 +1,33 @@
package hws
import (
"context"
"errors"
"net/http"
"time"
)
func startTimer(next http.Handler) http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
start := time.Now()
ctx := setStart(r.Context(), start)
newReq := r.WithContext(ctx)
next.ServeHTTP(w, newReq)
},
)
}
// Set the start time of the request
func setStart(ctx context.Context, time time.Time) context.Context {
return context.WithValue(ctx, "hws context key request-timer", time)
}
// Get the start time of the request
func getStartTime(ctx context.Context) (time.Time, error) {
start, ok := ctx.Value("hws context key request-timer").(time.Time)
if !ok {
return time.Time{}, errors.New("Failed to get start time of request")
}
return start, nil
}

316
hws/notify.go Normal file
View File

@@ -0,0 +1,316 @@
package hws
import (
"context"
"errors"
"fmt"
"slices"
"sync"
"sync/atomic"
"time"
"git.haelnorr.com/h/golib/notify"
)
// LevelShutdown is a special level used for the notification sent on shutdown.
// This can be used to check if the notification is a shutdown event and if it should
// be passed on to consumers or special considerations should be made.
const LevelShutdown notify.Level = "shutdown"
// Notifier manages client subscriptions and notification delivery for the HWS server.
// It wraps the notify.Notifier with additional client management features including
// dual identification (subscription ID + alternate ID) and automatic cleanup of
// inactive clients after 5 minutes.
type Notifier struct {
*notify.Notifier
clients *Clients
running bool
ctx context.Context
cancel context.CancelFunc
}
// Clients maintains thread-safe mappings between subscriber IDs, alternate IDs,
// and Client instances. It supports querying clients by either their unique
// subscription ID or their alternate ID (where multiple clients can share an alternate ID).
type Clients struct {
clientsSubMap map[notify.Target]*Client
clientsIDMap map[string][]*Client
lock *sync.RWMutex
}
// Client represents a unique subscriber to the notifications channel.
// It tracks activity via lastSeen timestamp (updated atomically) and monitors
// consecutive send failures for automatic disconnect detection.
type Client struct {
sub *notify.Subscriber
lastSeen int64 // accessed atomically
altID string
consecutiveFails int32 // accessed atomically
}
func (s *Server) startNotifier() {
if s.notifier != nil && s.notifier.running {
return
}
ctx, cancel := context.WithCancel(context.Background())
s.notifier = &Notifier{
Notifier: notify.NewNotifier(50),
clients: &Clients{
clientsSubMap: make(map[notify.Target]*Client),
clientsIDMap: make(map[string][]*Client),
lock: new(sync.RWMutex),
},
running: true,
ctx: ctx,
cancel: cancel,
}
ticker := time.NewTicker(time.Minute)
go func() {
defer ticker.Stop()
for {
select {
case <-ctx.Done():
return
case <-ticker.C:
s.notifier.clients.cleanUp()
}
}
}()
}
func (s *Server) closeNotifier() {
if s.notifier != nil {
if s.notifier.cancel != nil {
s.notifier.cancel()
}
s.notifier.running = false
s.notifier.Close()
}
s.notifier = nil
}
// NotifySub sends a notification to a specific subscriber identified by the notification's Target field.
// If the subscriber doesn't exist, a warning is logged but the operation does not fail.
// This is thread-safe and can be called from multiple goroutines.
func (s *Server) NotifySub(nt notify.Notification) {
if s.notifier == nil {
return
}
_, exists := s.notifier.clients.getClient(nt.Target)
if !exists {
err := fmt.Errorf("Tried to notify subscriber that doesn't exist - subID: %s", nt.Target)
s.LogError(HWSError{Level: ErrorWARN, Message: "Failed to notify", Error: err})
return
}
s.notifier.Notify(nt)
}
// NotifyID sends a notification to all clients associated with the given alternate ID.
// Multiple clients can share the same alternate ID (e.g., multiple sessions for one user).
// If no clients exist with that ID, a warning is logged but the operation does not fail.
// This is thread-safe and can be called from multiple goroutines.
func (s *Server) NotifyID(nt notify.Notification, altID string) {
if s.notifier == nil {
return
}
s.notifier.clients.lock.RLock()
clients, exists := s.notifier.clients.clientsIDMap[altID]
s.notifier.clients.lock.RUnlock()
if !exists {
err := fmt.Errorf("Tried to notify client group that doesn't exist - altID: %s", altID)
s.LogError(HWSError{Level: ErrorWARN, Message: "Failed to notify", Error: err})
return
}
for _, client := range clients {
ntt := nt
ntt.Target = client.sub.ID
s.NotifySub(ntt)
}
}
// NotifyAll broadcasts a notification to all connected clients.
// This is thread-safe and can be called from multiple goroutines.
func (s *Server) NotifyAll(nt notify.Notification) {
if s.notifier == nil {
return
}
nt.Target = ""
s.notifier.NotifyAll(nt)
}
// GetClient returns a Client that can be used to receive notifications.
// If a client exists with the provided subID, that client will be returned.
// If altID is provided, it will update the existing Client.
// If subID is an empty string, a new client will be returned.
// If both altID and subID are empty, a new Client with no altID will be returned.
// Multiple clients with the same altID are permitted.
func (s *Server) GetClient(subID, altID string) (*Client, error) {
if s.notifier == nil || !s.notifier.running {
return nil, errors.New("notifier hasn't started")
}
target := notify.Target(subID)
client, exists := s.notifier.clients.getClient(target)
if exists {
s.notifier.clients.updateAltID(client, altID)
return client, nil
}
// An error should only be returned if there are 10 collisions of a randomly generated 16 bit byte string from rand.Rand()
// Basically never going to happen, and if it does its not my problem
sub, _ := s.notifier.Subscribe()
client = &Client{
sub: sub,
lastSeen: time.Now().Unix(),
altID: altID,
consecutiveFails: 0,
}
s.notifier.clients.addClient(client)
return client, nil
}
func (cs *Clients) getClient(target notify.Target) (*Client, bool) {
cs.lock.RLock()
client, exists := cs.clientsSubMap[target]
cs.lock.RUnlock()
return client, exists
}
func (cs *Clients) updateAltID(client *Client, altID string) {
cs.lock.Lock()
if altID != "" && !slices.Contains(cs.clientsIDMap[altID], client) {
cs.clientsIDMap[altID] = append(cs.clientsIDMap[altID], client)
}
if client.altID != altID && client.altID != "" {
cs.deleteFromID(client, client.altID)
}
client.altID = altID
cs.lock.Unlock()
}
func (cs *Clients) deleteFromID(client *Client, altID string) {
cs.clientsIDMap[altID] = deleteFromSlice(cs.clientsIDMap[altID], client, func(a, b *Client) bool {
return a.sub.ID == b.sub.ID
})
if len(cs.clientsIDMap[altID]) == 0 {
delete(cs.clientsIDMap, altID)
}
}
func (cs *Clients) addClient(client *Client) {
cs.lock.Lock()
cs.clientsSubMap[client.sub.ID] = client
if client.altID != "" {
cs.clientsIDMap[client.altID] = append(cs.clientsIDMap[client.altID], client)
}
cs.lock.Unlock()
}
func (cs *Clients) cleanUp() {
now := time.Now().Unix()
// Collect clients to kill while holding read lock
cs.lock.RLock()
toKill := make([]*Client, 0)
for _, client := range cs.clientsSubMap {
if now-atomic.LoadInt64(&client.lastSeen) > 300 {
toKill = append(toKill, client)
}
}
cs.lock.RUnlock()
// Kill clients without holding lock
for _, client := range toKill {
cs.killClient(client)
}
}
func (cs *Clients) killClient(client *Client) {
client.sub.Unsubscribe()
cs.lock.Lock()
delete(cs.clientsSubMap, client.sub.ID)
if client.altID != "" {
cs.deleteFromID(client, client.altID)
}
cs.lock.Unlock()
}
// Listen starts a goroutine that forwards notifications from the subscriber to a returned channel.
// It returns a receive-only channel for notifications and a channel to stop listening.
// The notification channel is buffered with size 10 to tolerate brief slowness.
//
// The goroutine automatically stops and closes the notification channel when:
// - The subscriber is unsubscribed
// - The stop channel is closed
// - The client fails to receive 5 consecutive notifications within 5 seconds each
//
// Client.lastSeen is updated every 30 seconds via heartbeat, or when a notification is successfully delivered.
// Consecutive send failures are tracked; after 5 failures, the client is considered disconnected and cleaned up.
func (c *Client) Listen() (<-chan notify.Notification, chan<- struct{}) {
ch := make(chan notify.Notification, 10)
stop := make(chan struct{})
go func() {
ticker := time.NewTicker(30 * time.Second)
defer ticker.Stop()
defer close(ch)
for {
select {
case <-stop:
return
case nt, ok := <-c.sub.Listen():
if !ok {
// Subscriber channel closed
return
}
// Try to send with timeout
timeout := time.NewTimer(5 * time.Second)
select {
case ch <- nt:
// Successfully sent - update lastSeen and reset failure count
atomic.StoreInt64(&c.lastSeen, time.Now().Unix())
atomic.StoreInt32(&c.consecutiveFails, 0)
timeout.Stop()
case <-timeout.C:
// Send timeout - increment failure count
fails := atomic.AddInt32(&c.consecutiveFails, 1)
if fails >= 5 {
// Too many consecutive failures - client is stuck/disconnected
c.sub.Unsubscribe()
return
}
case <-stop:
timeout.Stop()
return
}
case <-ticker.C:
// Heartbeat - update lastSeen to keep client alive
atomic.StoreInt64(&c.lastSeen, time.Now().Unix())
}
}
}()
return ch, stop
}
func (c *Client) ID() string {
return string(c.sub.ID)
}
func deleteFromSlice[T any](a []T, c T, eq func(T, T) bool) []T {
n := 0
for _, x := range a {
if !eq(x, c) {
a[n] = x
n++
}
}
return a[:n]
}

1014
hws/notify_test.go Normal file
View File

File diff suppressed because it is too large Load Diff

19
hws/responsewriter.go Normal file
View File

@@ -0,0 +1,19 @@
package hws
import "net/http"
// Wraps the http.ResponseWriter, adding a statusCode field
type wrappedWriter struct {
http.ResponseWriter
statusCode int
}
// Extends WriteHeader to the ResponseWriter to add the status code
func (w *wrappedWriter) WriteHeader(statusCode int) {
w.ResponseWriter.WriteHeader(statusCode)
w.statusCode = statusCode
}
func (w *wrappedWriter) Unwrap() http.ResponseWriter {
return w.ResponseWriter
}

78
hws/routes.go Normal file
View File

@@ -0,0 +1,78 @@
package hws
import (
"errors"
"fmt"
"net/http"
"slices"
)
type Route struct {
Path string // Absolute path to the requested resource
Method Method // HTTP Method
// Methods is an optional slice of Methods to use, if more than one can use the same handler.
// Will take precedence over the Method field if provided
Methods []Method
Handler http.Handler // Handler to use for the request
}
type Method string
const (
MethodGET Method = "GET"
MethodPOST Method = "POST"
MethodPUT Method = "PUT"
MethodHEAD Method = "HEAD"
MethodDELETE Method = "DELETE"
MethodCONNECT Method = "CONNECT"
MethodOPTIONS Method = "OPTIONS"
MethodTRACE Method = "TRACE"
MethodPATCH Method = "PATCH"
)
// Server.AddRoutes registers the page handlers for the server.
// At least one route must be provided.
// If any route patterns (path + method) are defined multiple times, the first
// instance will be added and any additional conflicts will be discarded.
func (server *Server) AddRoutes(routes ...Route) error {
if len(routes) == 0 {
return errors.New("No routes provided")
}
patterns := []string{}
mux := http.NewServeMux()
mux.HandleFunc("GET /healthz", func(http.ResponseWriter, *http.Request) {})
for _, route := range routes {
if len(route.Methods) == 0 {
route.Methods = []Method{route.Method}
}
for _, method := range route.Methods {
if !validMethod(method) {
return fmt.Errorf("Invalid method %s for path %s", method, route.Path)
}
if route.Handler == nil {
return fmt.Errorf("No handler provided for %s %s", method, route.Path)
}
pattern := fmt.Sprintf("%s %s", method, route.Path)
if slices.Contains(patterns, pattern) {
continue
}
patterns = append(patterns, pattern)
mux.Handle(pattern, route.Handler)
}
}
server.server.Handler = mux
server.routes = true
return nil
}
func validMethod(m Method) bool {
switch m {
case MethodGET, MethodPOST, MethodPUT, MethodHEAD,
MethodDELETE, MethodCONNECT, MethodOPTIONS, MethodTRACE, MethodPATCH:
return true
default:
return false
}
}

265
hws/routes_test.go Normal file
View File

@@ -0,0 +1,265 @@
package hws_test
import (
"bytes"
"net/http"
"net/http/httptest"
"testing"
"git.haelnorr.com/h/golib/hws"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_AddRoutes(t *testing.T) {
var buf bytes.Buffer
t.Run("No routes provided", func(t *testing.T) {
server := createTestServer(t, &buf)
err := server.AddRoutes()
assert.Error(t, err)
assert.Contains(t, err.Error(), "No routes provided")
})
t.Run("Single valid route", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
assert.NoError(t, err)
})
t.Run("Multiple valid routes", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(
hws.Route{Path: "/test1", Method: hws.MethodGET, Handler: handler},
hws.Route{Path: "/test2", Method: hws.MethodPOST, Handler: handler},
hws.Route{Path: "/test3", Method: hws.MethodPUT, Handler: handler},
)
assert.NoError(t, err)
})
t.Run("Invalid method", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.Method("INVALID"),
Handler: handler,
})
assert.Error(t, err)
assert.Contains(t, err.Error(), "Invalid method")
})
t.Run("No handler provided", func(t *testing.T) {
server := createTestServer(t, &buf)
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: nil,
})
assert.Error(t, err)
assert.Contains(t, err.Error(), "No handler provided")
})
t.Run("All HTTP methods are valid", func(t *testing.T) {
methods := []hws.Method{
hws.MethodGET,
hws.MethodPOST,
hws.MethodPUT,
hws.MethodHEAD,
hws.MethodDELETE,
hws.MethodCONNECT,
hws.MethodOPTIONS,
hws.MethodTRACE,
hws.MethodPATCH,
}
for _, method := range methods {
t.Run(string(method), func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: method,
Handler: handler,
})
assert.NoError(t, err)
})
}
})
t.Run("Healthz endpoint is automatically added", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
// Test using httptest instead of starting the server
req := httptest.NewRequest("GET", "/healthz", nil)
rr := httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
})
}
func Test_AddRoutes_MultipleMethods(t *testing.T) {
var buf bytes.Buffer
t.Run("Single route with multiple methods", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte(r.Method + " response"))
})
err := server.AddRoutes(hws.Route{
Path: "/api/resource",
Methods: []hws.Method{hws.MethodGET, hws.MethodPOST, hws.MethodPUT},
Handler: handler,
})
require.NoError(t, err)
// Test GET request
req := httptest.NewRequest("GET", "/api/resource", nil)
rr := httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
assert.Equal(t, "GET response", rr.Body.String())
// Test POST request
req = httptest.NewRequest("POST", "/api/resource", nil)
rr = httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
assert.Equal(t, "POST response", rr.Body.String())
// Test PUT request
req = httptest.NewRequest("PUT", "/api/resource", nil)
rr = httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
assert.Equal(t, "PUT response", rr.Body.String())
})
t.Run("Methods field takes precedence over Method field", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET, // This should be ignored
Methods: []hws.Method{hws.MethodPOST, hws.MethodPUT},
Handler: handler,
})
require.NoError(t, err)
// GET should not work (Method field ignored)
req := httptest.NewRequest("GET", "/test", nil)
rr := httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, http.StatusMethodNotAllowed, rr.Code)
// POST should work (from Methods field)
req = httptest.NewRequest("POST", "/test", nil)
rr = httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
// PUT should work (from Methods field)
req = httptest.NewRequest("PUT", "/test", nil)
rr = httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
})
t.Run("Invalid method in Methods slice", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Methods: []hws.Method{hws.MethodGET, hws.Method("INVALID")},
Handler: handler,
})
assert.Error(t, err)
assert.Contains(t, err.Error(), "Invalid method")
})
t.Run("Empty Methods slice falls back to Method field", func(t *testing.T) {
server := createTestServer(t, &buf)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Methods: []hws.Method{}, // Empty slice
Handler: handler,
})
require.NoError(t, err)
// GET should work (from Method field)
req := httptest.NewRequest("GET", "/test", nil)
rr := httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
})
}
func Test_Routes_EndToEnd(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
// Add multiple routes with different methods
getHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("GET response"))
})
postHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusCreated)
w.Write([]byte("POST response"))
})
err := server.AddRoutes(
hws.Route{Path: "/get", Method: hws.MethodGET, Handler: getHandler},
hws.Route{Path: "/post", Method: hws.MethodPOST, Handler: postHandler},
)
require.NoError(t, err)
// Test GET request using httptest
req := httptest.NewRequest("GET", "/get", nil)
rr := httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
assert.Equal(t, "GET response", rr.Body.String())
// Test POST request using httptest
req = httptest.NewRequest("POST", "/post", nil)
rr = httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, http.StatusCreated, rr.Code)
assert.Equal(t, "POST response", rr.Body.String())
}

52
hws/safefileserver.go Normal file
View File

@@ -0,0 +1,52 @@
package hws
import (
"net/http"
"os"
"github.com/pkg/errors"
)
// Wrapper for default FileSystem
type justFilesFilesystem struct {
fs http.FileSystem
}
// Wrapper for default File
type neuteredReaddirFile struct {
http.File
}
// Modifies the behavior of FileSystem.Open to return the neutered version of File
func (fs justFilesFilesystem) Open(name string) (http.File, error) {
f, err := fs.fs.Open(name)
if err != nil {
return nil, err
}
// Check if the requested path is a directory
// and explicitly return an error to trigger a 404
fileInfo, err := f.Stat()
if err != nil {
return nil, err
}
if fileInfo.IsDir() {
return nil, os.ErrNotExist
}
return neuteredReaddirFile{f}, nil
}
// Overrides the Readdir method of File to always return nil
func (f neuteredReaddirFile) Readdir(count int) ([]os.FileInfo, error) {
return nil, nil
}
func SafeFileServer(fileSystem *http.FileSystem) (http.Handler, error) {
if fileSystem == nil {
return nil, errors.New("No file system provided")
}
nfs := justFilesFilesystem{*fileSystem}
fs := http.FileServer(nfs)
return fs, nil
}

213
hws/safefileserver_test.go Normal file
View File

@@ -0,0 +1,213 @@
package hws_test
import (
"bytes"
"net/http"
"net/http/httptest"
"os"
"path/filepath"
"testing"
"git.haelnorr.com/h/golib/hws"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_SafeFileServer(t *testing.T) {
t.Run("Nil filesystem returns error", func(t *testing.T) {
handler, err := hws.SafeFileServer(nil)
assert.Error(t, err)
assert.Nil(t, handler)
assert.Contains(t, err.Error(), "No file system provided")
})
t.Run("Valid filesystem returns handler", func(t *testing.T) {
fs := http.Dir(".")
httpFS := http.FileSystem(fs)
handler, err := hws.SafeFileServer(&httpFS)
assert.NoError(t, err)
assert.NotNil(t, handler)
})
t.Run("Directory listing is blocked", func(t *testing.T) {
// Create a temporary directory
tmpDir := t.TempDir()
// Create some test files
testFile := filepath.Join(tmpDir, "test.txt")
err := os.WriteFile(testFile, []byte("test content"), 0644)
require.NoError(t, err)
fs := http.Dir(tmpDir)
httpFS := http.FileSystem(fs)
handler, err := hws.SafeFileServer(&httpFS)
require.NoError(t, err)
// Try to access the directory
req := httptest.NewRequest("GET", "/", nil)
rr := httptest.NewRecorder()
handler.ServeHTTP(rr, req)
// Should return 404 for directory listing
assert.Equal(t, http.StatusNotFound, rr.Code)
})
t.Run("Individual files are accessible", func(t *testing.T) {
// Create a temporary directory
tmpDir := t.TempDir()
// Create a test file
testFile := filepath.Join(tmpDir, "test.txt")
testContent := []byte("test content")
err := os.WriteFile(testFile, testContent, 0644)
require.NoError(t, err)
fs := http.Dir(tmpDir)
httpFS := http.FileSystem(fs)
handler, err := hws.SafeFileServer(&httpFS)
require.NoError(t, err)
// Try to access the file
req := httptest.NewRequest("GET", "/test.txt", nil)
rr := httptest.NewRecorder()
handler.ServeHTTP(rr, req)
// Should return 200 for file access
assert.Equal(t, http.StatusOK, rr.Code)
assert.Equal(t, string(testContent), rr.Body.String())
})
t.Run("Non-existent file returns 404", func(t *testing.T) {
tmpDir := t.TempDir()
fs := http.Dir(tmpDir)
httpFS := http.FileSystem(fs)
handler, err := hws.SafeFileServer(&httpFS)
require.NoError(t, err)
req := httptest.NewRequest("GET", "/nonexistent.txt", nil)
rr := httptest.NewRecorder()
handler.ServeHTTP(rr, req)
assert.Equal(t, http.StatusNotFound, rr.Code)
})
t.Run("Subdirectory listing is blocked", func(t *testing.T) {
tmpDir := t.TempDir()
// Create a subdirectory
subDir := filepath.Join(tmpDir, "subdir")
err := os.Mkdir(subDir, 0755)
require.NoError(t, err)
// Create a file in the subdirectory
testFile := filepath.Join(subDir, "test.txt")
err = os.WriteFile(testFile, []byte("content"), 0644)
require.NoError(t, err)
fs := http.Dir(tmpDir)
httpFS := http.FileSystem(fs)
handler, err := hws.SafeFileServer(&httpFS)
require.NoError(t, err)
// Try to list the subdirectory
req := httptest.NewRequest("GET", "/subdir/", nil)
rr := httptest.NewRecorder()
handler.ServeHTTP(rr, req)
// Should return 404 for subdirectory listing
assert.Equal(t, http.StatusNotFound, rr.Code)
})
t.Run("Files in subdirectories are accessible", func(t *testing.T) {
tmpDir := t.TempDir()
// Create a subdirectory
subDir := filepath.Join(tmpDir, "subdir")
err := os.Mkdir(subDir, 0755)
require.NoError(t, err)
// Create a file in the subdirectory
testFile := filepath.Join(subDir, "test.txt")
testContent := []byte("subdirectory content")
err = os.WriteFile(testFile, testContent, 0644)
require.NoError(t, err)
fs := http.Dir(tmpDir)
httpFS := http.FileSystem(fs)
handler, err := hws.SafeFileServer(&httpFS)
require.NoError(t, err)
// Try to access the file in the subdirectory
req := httptest.NewRequest("GET", "/subdir/test.txt", nil)
rr := httptest.NewRecorder()
handler.ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
assert.Equal(t, string(testContent), rr.Body.String())
})
t.Run("Hidden files are accessible", func(t *testing.T) {
tmpDir := t.TempDir()
// Create a hidden file (starting with .)
testFile := filepath.Join(tmpDir, ".hidden")
testContent := []byte("hidden content")
err := os.WriteFile(testFile, testContent, 0644)
require.NoError(t, err)
fs := http.Dir(tmpDir)
httpFS := http.FileSystem(fs)
handler, err := hws.SafeFileServer(&httpFS)
require.NoError(t, err)
req := httptest.NewRequest("GET", "/.hidden", nil)
rr := httptest.NewRecorder()
handler.ServeHTTP(rr, req)
// Hidden files should still be accessible
assert.Equal(t, http.StatusOK, rr.Code)
assert.Equal(t, string(testContent), rr.Body.String())
})
}
func Test_SafeFileServer_Integration(t *testing.T) {
var buf bytes.Buffer
tmpDir := t.TempDir()
// Create test files
indexFile := filepath.Join(tmpDir, "index.html")
err := os.WriteFile(indexFile, []byte("<html>Test</html>"), 0644)
require.NoError(t, err)
cssFile := filepath.Join(tmpDir, "style.css")
err = os.WriteFile(cssFile, []byte("body { color: red; }"), 0644)
require.NoError(t, err)
// Create server with SafeFileServer
server := createTestServer(t, &buf)
fs := http.Dir(tmpDir)
httpFS := http.FileSystem(fs)
handler, err := hws.SafeFileServer(&httpFS)
require.NoError(t, err)
err = server.AddRoutes(hws.Route{
Path: "/static/",
Method: hws.MethodGET,
Handler: http.StripPrefix("/static", handler),
})
require.NoError(t, err)
err = server.Start(t.Context())
require.NoError(t, err)
defer server.Shutdown(t.Context())
<-server.Ready()
t.Run("Can serve static files through server", func(t *testing.T) {
// This would need actual HTTP requests to the running server
// Simplified for now
})
}

195
hws/server.go Normal file
View File

@@ -0,0 +1,195 @@
package hws
import (
"context"
"fmt"
"net/http"
"sync"
"time"
"git.haelnorr.com/h/golib/notify"
"k8s.io/apimachinery/pkg/util/validation"
"github.com/pkg/errors"
)
type Server struct {
GZIP bool
server *http.Server
logger *logger
routes bool
middleware bool
errorPage ErrorPageFunc
ready chan struct{}
notifier *Notifier
shutdowndelay time.Duration
}
// Ready returns a channel that is closed when the server is started
func (server *Server) Ready() <-chan struct{} {
return server.ready
}
// IsReady checks if the server is running
func (server *Server) IsReady() bool {
select {
case <-server.ready:
return true
default:
return false
}
}
// Addr returns the server's network address
func (server *Server) Addr() string {
return server.server.Addr
}
// Handler returns the server's HTTP handler for testing purposes
func (server *Server) Handler() http.Handler {
return server.server.Handler
}
// NewServer returns a new hws.Server with the specified configuration.
func NewServer(config *Config) (*Server, error) {
if config == nil {
return nil, errors.New("Config cannot be nil")
}
// Apply defaults for undefined fields
if config.Host == "" {
config.Host = "127.0.0.1"
}
if config.Port == 0 {
config.Port = 3000
}
if config.ReadHeaderTimeout == 0 {
config.ReadHeaderTimeout = 2 * time.Second
}
if config.WriteTimeout == 0 {
config.WriteTimeout = 10 * time.Second
}
if config.IdleTimeout == 0 {
config.IdleTimeout = 120 * time.Second
}
valid := isValidHostname(config.Host)
if !valid {
return nil, fmt.Errorf("Hostname '%s' is not valid", config.Host)
}
httpServer := &http.Server{
Addr: fmt.Sprintf("%s:%v", config.Host, config.Port),
ReadHeaderTimeout: config.ReadHeaderTimeout,
WriteTimeout: config.WriteTimeout,
IdleTimeout: config.IdleTimeout,
}
server := &Server{
server: httpServer,
routes: false,
GZIP: config.GZIP,
ready: make(chan struct{}),
shutdowndelay: config.ShutdownDelay,
}
return server, nil
}
func (server *Server) Start(ctx context.Context) error {
if ctx == nil {
return errors.New("Context cannot be nil")
}
if !server.routes {
return errors.New("Server.AddRoutes must be run before starting the server")
}
if !server.middleware {
err := server.AddMiddleware()
if err != nil {
return errors.Wrap(err, "server.AddMiddleware")
}
}
server.startNotifier()
go func() {
if server.logger == nil {
fmt.Printf("Listening for requests on %s", server.server.Addr)
} else {
server.logger.logger.Info().Str("address", server.server.Addr).Msg("Listening for requests")
}
if err := server.server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
if server.logger == nil {
fmt.Printf("Server encountered a fatal error: %s", err.Error())
} else {
server.LogError(HWSError{Error: err, Message: "Server encountered a fatal error"})
}
}
}()
server.waitUntilReady(ctx)
return nil
}
func (server *Server) Shutdown(ctx context.Context) error {
server.logger.logger.Debug().Dur("shutdown_delay", server.shutdowndelay).Msg("HWS Server shutting down")
server.NotifyAll(notify.Notification{
Title: "Shutting down",
Message: fmt.Sprintf("Server is shutting down in %v", server.shutdowndelay),
Level: LevelShutdown,
})
<-time.NewTimer(server.shutdowndelay).C
if !server.IsReady() {
return errors.New("Server isn't running")
}
if ctx == nil {
return errors.New("Context cannot be nil")
}
err := server.server.Shutdown(ctx)
if err != nil {
return errors.Wrap(err, "Failed to shutdown the server gracefully")
}
server.closeNotifier()
server.ready = make(chan struct{})
return nil
}
func isValidHostname(host string) bool {
// Validate as IP or hostname
if errs := validation.IsDNS1123Subdomain(host); len(errs) == 0 {
return true
}
// Check IPv4 / IPv6
if errs := validation.IsValidIP(nil, host); len(errs) == 0 {
return true
}
return false
}
func (server *Server) waitUntilReady(ctx context.Context) error {
ticker := time.NewTicker(50 * time.Millisecond)
defer ticker.Stop()
closeOnce := sync.Once{}
for {
select {
case <-ctx.Done():
return ctx.Err()
case <-ticker.C:
resp, err := http.Get("http://" + server.server.Addr + "/healthz")
if err != nil {
continue // not accepting yet
}
resp.Body.Close()
if resp.StatusCode == http.StatusOK {
closeOnce.Do(func() { close(server.ready) })
return nil
}
}
}
}

211
hws/server_methods_test.go Normal file
View File

@@ -0,0 +1,211 @@
package hws_test
import (
"bytes"
"context"
"net/http"
"net/http/httptest"
"testing"
"git.haelnorr.com/h/golib/hws"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_Server_Addr(t *testing.T) {
server, err := hws.NewServer(&hws.Config{
Host: "192.168.1.1",
Port: 8080,
})
require.NoError(t, err)
addr := server.Addr()
assert.Equal(t, "192.168.1.1:8080", addr)
}
func Test_Server_Handler(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
// Add routes first
handler := testHandler
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: handler,
})
require.NoError(t, err)
// Get the handler
h := server.Handler()
require.NotNil(t, h)
// Test the handler directly with httptest
req := httptest.NewRequest("GET", "/test", nil)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, req)
assert.Equal(t, 200, rr.Code)
assert.Equal(t, "hello world", rr.Body.String())
}
func Test_LoggerIgnorePaths_Integration(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
// Add routes
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: testHandler,
}, hws.Route{
Path: "/ignore",
Method: hws.MethodGET,
Handler: testHandler,
})
require.NoError(t, err)
// Set paths to ignore
server.LoggerIgnorePaths("/ignore", "/healthz")
err = server.AddMiddleware()
require.NoError(t, err)
// Test that ignored path doesn't generate logs
buf.Reset()
req := httptest.NewRequest("GET", "/ignore", nil)
rr := httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
// Buffer should be empty for ignored path
assert.Empty(t, buf.String())
// Test that non-ignored path generates logs
buf.Reset()
req = httptest.NewRequest("GET", "/test", nil)
rr = httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
// Buffer should have logs for non-ignored path
assert.NotEmpty(t, buf.String())
}
func Test_WrappedWriter(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
// Add routes with different status codes
err := server.AddRoutes(
hws.Route{
Path: "/ok",
Method: hws.MethodGET,
Handler: testHandler,
},
hws.Route{
Path: "/created",
Method: hws.MethodPOST,
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(201)
w.Write([]byte("created"))
}),
},
)
require.NoError(t, err)
err = server.AddMiddleware()
require.NoError(t, err)
// Test OK status
req := httptest.NewRequest("GET", "/ok", nil)
rr := httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, 200, rr.Code)
// Test Created status
req = httptest.NewRequest("POST", "/created", nil)
rr = httptest.NewRecorder()
server.Handler().ServeHTTP(rr, req)
assert.Equal(t, 201, rr.Code)
}
func Test_Start_Errors(t *testing.T) {
t.Run("Start fails when AddRoutes not called", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
err := server.Start(t.Context())
assert.Error(t, err)
assert.Contains(t, err.Error(), "Server.AddRoutes must be run before starting the server")
})
t.Run("Start fails with nil context", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: testHandler,
})
require.NoError(t, err)
var nilCtx context.Context = nil
err = server.Start(nilCtx)
assert.Error(t, err)
assert.Contains(t, err.Error(), "Context cannot be nil")
})
}
func Test_Shutdown_Errors(t *testing.T) {
t.Run("Shutdown fails with nil context", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
startTestServer(t, server)
<-server.Ready()
var nilCtx context.Context = nil
err := server.Shutdown(nilCtx)
assert.Error(t, err)
assert.Contains(t, err.Error(), "Context cannot be nil")
// Clean up
server.Shutdown(t.Context())
})
t.Run("Shutdown fails when server not running", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
err := server.Shutdown(t.Context())
assert.Error(t, err)
assert.Contains(t, err.Error(), "Server isn't running")
})
}
func Test_WaitUntilReady_ContextCancelled(t *testing.T) {
t.Run("Context cancelled before server ready", func(t *testing.T) {
var buf bytes.Buffer
server := createTestServer(t, &buf)
err := server.AddRoutes(hws.Route{
Path: "/test",
Method: hws.MethodGET,
Handler: testHandler,
})
require.NoError(t, err)
// Create a context with a very short timeout
ctx, cancel := context.WithTimeout(t.Context(), 1)
defer cancel()
// Start should return with context error since timeout is so short
err = server.Start(ctx)
// The error could be nil if server started very quickly, or context.DeadlineExceeded
// This tests the ctx.Err() path in waitUntilReady
if err != nil {
assert.Equal(t, context.DeadlineExceeded, err)
}
})
}

231
hws/server_test.go Normal file
View File

@@ -0,0 +1,231 @@
package hws_test
import (
"io"
"math/rand/v2"
"net/http"
"slices"
"testing"
"git.haelnorr.com/h/golib/hlog"
"git.haelnorr.com/h/golib/hws"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
var ports []uint64
func randomPort() uint64 {
port := uint64(3000 + rand.IntN(1001))
for slices.Contains(ports, port) {
port = uint64(3000 + rand.IntN(1001))
}
ports = append(ports, port)
return port
}
func createTestServer(t *testing.T, w io.Writer) *hws.Server {
server, err := hws.NewServer(&hws.Config{
Host: "127.0.0.1",
Port: randomPort(),
})
require.NoError(t, err)
logger, err := hlog.NewLogger(hlog.LogLevel("Debug"), w, nil, "")
require.NoError(t, err)
err = server.AddLogger(logger)
require.NoError(t, err)
return server
}
var testHandler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("hello world"))
})
func startTestServer(t *testing.T, server *hws.Server) {
err := server.AddRoutes(hws.Route{
Path: "/",
Method: hws.MethodGET,
Handler: testHandler,
})
require.NoError(t, err)
err = server.Start(t.Context())
require.NoError(t, err)
t.Log("Test server started")
}
func Test_NewServer(t *testing.T) {
server, err := hws.NewServer(&hws.Config{
Host: "localhost",
Port: randomPort(),
})
require.NoError(t, err)
require.NotNil(t, server)
t.Run("Nil config returns error", func(t *testing.T) {
server, err := hws.NewServer(nil)
assert.Error(t, err)
assert.Nil(t, server)
assert.Contains(t, err.Error(), "Config cannot be nil")
})
tests := []struct {
name string
host string
port uint64
valid bool
}{
{
name: "Valid localhost on http",
host: "127.0.0.1",
port: 80,
valid: true,
},
{
name: "Valid IP on https",
host: "192.168.1.1",
port: 443,
valid: true,
},
{
name: "Valid IP on port 65535",
host: "10.0.0.5",
port: 65535,
valid: true,
},
{
name: "0.0.0.0 on port 8080",
host: "0.0.0.0",
port: 8080,
valid: true,
},
{
name: "Broadcast IP on port 1",
host: "255.255.255.255",
port: 1,
valid: true,
},
{
name: "Port 0 gets default",
host: "127.0.0.1",
port: 0,
valid: true, // port 0 now gets default value of 3000
},
{
name: "Invalid port 65536",
host: "127.0.0.1",
port: 65536,
valid: true, // port is accepted (validated at OS level)
},
{
name: "No hostname provided gets default",
host: "",
port: 80,
valid: true, // empty hostname gets default 127.0.0.1
},
{
name: "Spaces provided for host",
host: " ",
port: 80,
valid: false,
},
{
name: "Localhost as string",
host: "localhost",
port: 8080,
valid: true,
},
{
name: "Number only host",
host: "1234",
port: 80,
valid: true,
},
{
name: "Valid domain on http",
host: "example.com",
port: 80,
valid: true,
},
{
name: "Valid domain on https",
host: "a-b-c.example123.co",
port: 443,
valid: true,
},
{
name: "Valid domain starting with a digit",
host: "1example.com",
port: 8080,
valid: true, // labels may start with digits (RFC 1123)
},
{
name: "Single character hostname",
host: "a",
port: 1,
valid: true, // single-label hostname, min length
},
{
name: "Hostname starts with a hyphen",
host: "-example.com",
port: 80,
valid: false, // label starts with hyphen
},
{
name: "Hostname ends with a hyphen",
host: "example-.com",
port: 80,
valid: false, // label ends with hyphen
},
{
name: "Empty label in hostname",
host: "ex..ample.com",
port: 80,
valid: false, // empty label
},
{
name: "Invalid character: '_'",
host: "exa_mple.com",
port: 80,
valid: false, // invalid character (_)
},
{
name: "Trailing dot",
host: "example.com.",
port: 80,
valid: false, // trailing dot not allowed per spec
},
{
name: "Valid IPv6 localhost",
host: "::1",
port: 8080,
valid: true, // IPv6 localhost
},
{
name: "Valid IPv6 shortened",
host: "2001:db8::1",
port: 80,
valid: true, // shortened IPv6
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
server, err := hws.NewServer(&hws.Config{
Host: tt.host,
Port: tt.port,
})
if tt.valid {
assert.NoError(t, err)
assert.NotNil(t, server)
} else {
assert.Error(t, err)
}
})
}
}

21
hwsauth/LICENSE.md Normal file
View File

@@ -0,0 +1,21 @@
# MIT License
Copyright (c) 2026 haelnorr
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

142
hwsauth/README.md Normal file
View File

@@ -0,0 +1,142 @@
# HWSAuth - v0.3.4
JWT-based authentication middleware for the HWS web framework.
## Features
- JWT-based authentication with access and refresh tokens
- Automatic token rotation and refresh
- Generic over user model and transaction types
- ORM-agnostic transaction handling (works with GORM, Bun, sqlx, database/sql)
- Environment variable configuration with ConfigFromEnv
- Middleware for protecting routes
- SSL cookie security support
- Type-safe with Go generics
- Path ignoring for public routes
- Automatic re-authentication handling
## Installation
```bash
go get git.haelnorr.com/h/golib/hwsauth
```
## Quick Start
```go
package main
import (
"context"
"database/sql"
"net/http"
"git.haelnorr.com/h/golib/hwsauth"
"git.haelnorr.com/h/golib/hws"
"git.haelnorr.com/h/golib/hlog"
)
type User struct {
UserID int
Username string
Email string
}
func (u User) ID() int {
return u.UserID
}
func main() {
// Load configuration from environment variables
cfg, _ := hwsauth.ConfigFromEnv()
// Create database connection
db, _ := sql.Open("postgres", "postgres://...")
// Define transaction creation
beginTx := func(ctx context.Context) (hwsauth.DBTransaction, error) {
return db.BeginTx(ctx, nil)
}
// Define user loading function
loadUser := func(ctx context.Context, tx *sql.Tx, id int) (User, error) {
var user User
err := tx.QueryRowContext(ctx,
"SELECT id, username, email FROM users WHERE id = $1", id).
Scan(&user.UserID, &user.Username, &user.Email)
return user, err
}
// Create server
serverCfg, _ := hws.ConfigFromEnv()
server, _ := hws.NewServer(serverCfg)
// Create logger
logger, _ := hlog.NewLogger(loggerCfg, os.Stdout)
// Create error page function
errorPageFunc := func(w http.ResponseWriter, r *http.Request, status int) {
w.WriteHeader(status)
fmt.Fprintf(w, "Error: %d", status)
}
// Create authenticator
auth, _ := hwsauth.NewAuthenticator[User, *sql.Tx](
cfg,
loadUser,
server,
beginTx,
logger,
errorPageFunc,
)
// Define routes
routes := []hws.Route{
{
Path: "/dashboard",
Method: hws.MethodGET,
Handler: auth.LoginReq(http.HandlerFunc(dashboardHandler)),
},
}
server.AddRoutes(routes...)
// Add authentication middleware
server.AddMiddleware(auth.Authenticate())
// Ignore public paths
auth.IgnorePaths("/", "/login", "/register", "/static")
// Start server
ctx := context.Background()
server.Start(ctx)
<-server.Ready()
}
```
## Documentation
For detailed documentation, see the [HWSAuth Wiki](https://git.haelnorr.com/h/golib/wiki/HWSAuth.md).
Additional API documentation is available at [GoDoc](https://pkg.go.dev/git.haelnorr.com/h/golib/hwsauth).
## Supported ORMs
- database/sql (standard library)
- GORM
- Bun
- sqlx
## License
This project is licensed under the MIT License - see the LICENSE file for details.
## Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
## Related Projects
- [hws](https://git.haelnorr.com/h/golib/hws) - The web server framework
- [jwt](https://git.haelnorr.com/h/golib/jwt) - JWT token generation and validation
- [hlog](https://git.haelnorr.com/h/golib/hlog) - Structured logging with zerolog

57
hwsauth/authenticate.go Normal file
View File

@@ -0,0 +1,57 @@
package hwsauth
import (
"net/http"
"reflect"
"time"
"git.haelnorr.com/h/golib/jwt"
"github.com/pkg/errors"
)
// Check the cookies for token strings and attempt to authenticate them
func (auth *Authenticator[T, TX]) getAuthenticatedUser(
tx TX,
w http.ResponseWriter,
r *http.Request,
) (authenticatedModel[T], error) {
// Get token strings from cookies
atStr, rtStr := jwt.GetTokenCookies(r)
if atStr == "" && rtStr == "" {
return authenticatedModel[T]{}, errors.New("No token strings provided")
}
// Attempt to parse the access token
aT, err := auth.tokenGenerator.ValidateAccess(jwt.DBTransaction(tx), atStr)
if err != nil {
// Access token invalid, attempt to parse refresh token
rT, err := auth.tokenGenerator.ValidateRefresh(jwt.DBTransaction(tx), rtStr)
if err != nil {
return authenticatedModel[T]{}, errors.Wrap(err, "auth.tokenGenerator.ValidateRefresh")
}
// Refresh token valid, attempt to get a new token pair
model, err := auth.refreshAuthTokens(tx, w, r, rT)
if err != nil {
return authenticatedModel[T]{}, errors.Wrap(err, "auth.refreshAuthTokens")
}
// New token pair sent, return the authorized user
authUser := authenticatedModel[T]{
model: model,
fresh: time.Now().Unix(),
}
return authUser, nil
}
// Access token valid
model, err := auth.load(r.Context(), tx, aT.SUB)
if err != nil {
return authenticatedModel[T]{}, errors.Wrap(err, "auth.load")
}
if reflect.ValueOf(model).IsNil() {
return authenticatedModel[T]{}, errors.New("no user matching JWT in database")
}
authUser := authenticatedModel[T]{
model: model,
fresh: aT.Fresh,
}
return authUser, nil
}

140
hwsauth/authenticator.go Normal file
View File

@@ -0,0 +1,140 @@
package hwsauth
import (
"context"
"database/sql"
"os"
"time"
"git.haelnorr.com/h/golib/hlog"
"git.haelnorr.com/h/golib/hws"
"git.haelnorr.com/h/golib/jwt"
"github.com/pkg/errors"
)
type Authenticator[T Model, TX DBTransaction] struct {
tokenGenerator *jwt.TokenGenerator
load LoadFunc[T, TX]
beginTx BeginTX
ignoredPaths []string
logger *hlog.Logger
server *hws.Server
errorPage hws.ErrorPageFunc
SSL bool // Use SSL for JWT tokens. Default true
LandingPage string // Path of the desired landing page for logged in users
}
// NewAuthenticator creates and returns a new Authenticator using the provided configuration.
// If cfg is nil or any required fields are not set, default values will be used or an error returned.
// Required fields: SecretKey (no default)
// If SSL is true, TrustedHost is also required.
func NewAuthenticator[T Model, TX DBTransaction](
cfg *Config,
load LoadFunc[T, TX],
server *hws.Server,
beginTx BeginTX,
logger *hlog.Logger,
errorPage hws.ErrorPageFunc,
db *sql.DB,
) (*Authenticator[T, TX], error) {
if load == nil {
return nil, errors.New("No function to load model supplied")
}
if server == nil {
return nil, errors.New("No hws.Server provided")
}
if beginTx == nil {
return nil, errors.New("No beginTx function provided")
}
if logger == nil {
return nil, errors.New("No logger provided")
}
if errorPage == nil {
return nil, errors.New("No ErrorPage provided")
}
// Validate config
if cfg == nil {
return nil, errors.New("Config is required")
}
if cfg.SecretKey == "" {
return nil, errors.New("SecretKey is required")
}
if cfg.SSL && cfg.TrustedHost == "" {
cfg.SSL = false // Disable SSL if TrustedHost is not configured
}
if cfg.TrustedHost == "" {
cfg.TrustedHost = "localhost" // Default TrustedHost for JWT
}
if cfg.AccessTokenExpiry == 0 {
cfg.AccessTokenExpiry = 5
}
if cfg.RefreshTokenExpiry == 0 {
cfg.RefreshTokenExpiry = 1440
}
if cfg.TokenFreshTime == 0 {
cfg.TokenFreshTime = 5
}
if cfg.LandingPage == "" {
cfg.LandingPage = "/profile"
}
if cfg.DatabaseType == "" {
cfg.DatabaseType = "postgres"
}
if cfg.DatabaseVersion == "" {
cfg.DatabaseVersion = "15"
}
if db == nil {
return nil, errors.New("No Database provided")
}
// Test database connectivity
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
if err := db.PingContext(ctx); err != nil {
return nil, errors.Wrap(err, "database connection test failed")
}
// Configure JWT table
tableConfig := jwt.DefaultTableConfig()
if cfg.JWTTableName != "" {
tableConfig.TableName = cfg.JWTTableName
}
// Disable auto-creation for tests
// Check for test environment or mock database
if os.Getenv("GO_TEST") == "1" {
tableConfig.AutoCreate = false
tableConfig.EnableAutoCleanup = false
}
// Create token generator
tokenGen, err := jwt.CreateGenerator(jwt.GeneratorConfig{
AccessExpireAfter: cfg.AccessTokenExpiry,
RefreshExpireAfter: cfg.RefreshTokenExpiry,
FreshExpireAfter: cfg.TokenFreshTime,
TrustedHost: cfg.TrustedHost,
SecretKey: cfg.SecretKey,
DBType: jwt.DatabaseType{
Type: cfg.DatabaseType,
Version: cfg.DatabaseVersion,
},
DB: db,
TableConfig: tableConfig,
}, beginTx)
if err != nil {
return nil, errors.Wrap(err, "jwt.CreateGenerator")
}
auth := Authenticator[T, TX]{
tokenGenerator: tokenGen,
load: load,
server: server,
beginTx: beginTx,
logger: logger,
errorPage: errorPage,
SSL: cfg.SSL,
LandingPage: cfg.LandingPage,
}
return &auth, nil
}

55
hwsauth/config.go Normal file
View File

@@ -0,0 +1,55 @@
package hwsauth
import (
"git.haelnorr.com/h/golib/env"
"git.haelnorr.com/h/golib/jwt"
"github.com/pkg/errors"
)
// Config holds the configuration settings for the authenticator.
// All time-based settings are in minutes.
type Config struct {
SSL bool // ENV HWSAUTH_SSL: Enable SSL secure cookies (default: false)
TrustedHost string // ENV HWSAUTH_TRUSTED_HOST: Full server address for SSL (required if SSL is true)
SecretKey string // ENV HWSAUTH_SECRET_KEY: Secret key for signing JWT tokens (required)
AccessTokenExpiry int64 // ENV HWSAUTH_ACCESS_TOKEN_EXPIRY: Access token expiry in minutes (default: 5)
RefreshTokenExpiry int64 // ENV HWSAUTH_REFRESH_TOKEN_EXPIRY: Refresh token expiry in minutes (default: 1440)
TokenFreshTime int64 // ENV HWSAUTH_TOKEN_FRESH_TIME: Token fresh time in minutes (default: 5)
LandingPage string // ENV HWSAUTH_LANDING_PAGE: Redirect destination for authenticated users (default: "/profile")
DatabaseType string // ENV HWSAUTH_DATABASE_TYPE: Database type (postgres, mysql, sqlite, mariadb) (default: "postgres")
DatabaseVersion string // ENV HWSAUTH_DATABASE_VERSION: Database version string (default: "15")
JWTTableName string // ENV HWSAUTH_JWT_TABLE_NAME: Custom JWT blacklist table name (default: "jwtblacklist")
}
// ConfigFromEnv loads configuration from environment variables.
//
// Required environment variables:
// - HWSAUTH_SECRET_KEY: Secret key for JWT signing
// - HWSAUTH_TRUSTED_HOST: Required if HWSAUTH_SSL is true
//
// Returns an error if required variables are missing or invalid.
func ConfigFromEnv() (*Config, error) {
ssl := env.Bool("HWSAUTH_SSL", false)
trustedHost := env.String("HWSAUTH_TRUSTED_HOST", "")
if ssl && trustedHost == "" {
return nil, errors.New("SSL is enabled and no HWS_TRUSTED_HOST set")
}
cfg := &Config{
SSL: ssl,
TrustedHost: trustedHost,
SecretKey: env.String("HWSAUTH_SECRET_KEY", ""),
AccessTokenExpiry: env.Int64("HWSAUTH_ACCESS_TOKEN_EXPIRY", 5),
RefreshTokenExpiry: env.Int64("HWSAUTH_REFRESH_TOKEN_EXPIRY", 1440),
TokenFreshTime: env.Int64("HWSAUTH_TOKEN_FRESH_TIME", 5),
LandingPage: env.String("HWSAUTH_LANDING_PAGE", "/profile"),
DatabaseType: env.String("HWSAUTH_DATABASE_TYPE", jwt.DatabasePostgreSQL),
DatabaseVersion: env.String("HWSAUTH_DATABASE_VERSION", "15"),
JWTTableName: env.String("HWSAUTH_JWT_TABLE_NAME", "jwtblacklist"),
}
if cfg.SecretKey == "" {
return nil, errors.New("Envar not set: HWSAUTH_SECRET_KEY")
}
return cfg, nil
}

22
hwsauth/db.go Normal file
View File

@@ -0,0 +1,22 @@
package hwsauth
import (
"git.haelnorr.com/h/golib/jwt"
)
// DBTransaction represents a database transaction that can be committed or rolled back.
// This is an alias to jwt.DBTransaction.
//
// Standard library *sql.Tx implements this interface automatically.
// ORM transactions (GORM, Bun, etc.) should also implement this interface.
type DBTransaction = jwt.DBTransaction
// BeginTX is a function type for creating database transactions.
// This is an alias to jwt.BeginTX.
//
// Example:
//
// beginTx := func(ctx context.Context) (hwsauth.DBTransaction, error) {
// return db.BeginTx(ctx, nil)
// }
type BeginTX = jwt.BeginTX

212
hwsauth/doc.go Normal file
View File

@@ -0,0 +1,212 @@
// Package hwsauth provides JWT-based authentication middleware for the hws web framework.
//
// # Overview
//
// hwsauth integrates with the hws web server to provide secure, stateless authentication
// using JSON Web Tokens (JWT). It supports both access and refresh tokens, automatic
// token rotation, and flexible transaction handling compatible with any database or ORM.
//
// # Key Features
//
// - JWT-based authentication with access and refresh tokens
// - Automatic token rotation and refresh
// - Generic over user model and transaction types
// - ORM-agnostic transaction handling
// - Environment variable configuration
// - Middleware for protecting routes
// - Context-based user retrieval
// - Optional SSL cookie security
//
// # Quick Start
//
// First, define your user model:
//
// type User struct {
// UserID int
// Username string
// Email string
// }
//
// func (u User) ID() int {
// return u.UserID
// }
//
// Configure the authenticator using environment variables or programmatically:
//
// // Option 1: Load from environment variables
// cfg, err := hwsauth.ConfigFromEnv()
// if err != nil {
// log.Fatal(err)
// }
//
// // Option 2: Create config manually
// cfg := &hwsauth.Config{
// SSL: true,
// TrustedHost: "https://example.com",
// SecretKey: "your-secret-key",
// AccessTokenExpiry: 5, // 5 minutes
// RefreshTokenExpiry: 1440, // 1 day
// TokenFreshTime: 5, // 5 minutes
// LandingPage: "/dashboard",
// }
//
// Create the authenticator:
//
// // Define how to begin transactions
// beginTx := func(ctx context.Context) (hwsauth.DBTransaction, error) {
// return db.BeginTx(ctx, nil)
// }
//
// // Define how to load users from the database
// loadUser := func(ctx context.Context, tx *sql.Tx, id int) (User, error) {
// var user User
// err := tx.QueryRowContext(ctx, "SELECT id, username, email FROM users WHERE id = ?", id).
// Scan(&user.UserID, &user.Username, &user.Email)
// return user, err
// }
//
// // Create the authenticator
// auth, err := hwsauth.NewAuthenticator[User, *sql.Tx](
// cfg,
// loadUser,
// server,
// beginTx,
// logger,
// errorPage,
// )
// if err != nil {
// log.Fatal(err)
// }
//
// # Middleware
//
// Use the Authenticate middleware to protect routes:
//
// // Apply to all routes
// server.AddMiddleware(auth.Authenticate())
//
// // Ignore specific paths
// auth.IgnorePaths("/login", "/register", "/public")
//
// Use route guards for specific protection requirements:
//
// // LoginReq: Requires user to be authenticated
// protectedHandler := auth.LoginReq(myHandler)
//
// // LogoutReq: Redirects authenticated users (for login/register pages)
// loginHandler := auth.LogoutReq(loginPageHandler)
//
// // FreshReq: Requires fresh authentication (for sensitive operations)
// changePasswordHandler := auth.FreshReq(changePasswordHandler)
//
// # Login and Logout
//
// To log a user in:
//
// func loginHandler(w http.ResponseWriter, r *http.Request) {
// // Validate credentials...
// user := getUserFromDatabase(username)
//
// // Log the user in (sets JWT cookies)
// err := auth.Login(w, r, user, rememberMe)
// if err != nil {
// // Handle error
// }
//
// http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
// }
//
// To log a user out:
//
// func logoutHandler(w http.ResponseWriter, r *http.Request) {
// tx, _ := db.BeginTx(r.Context(), nil)
// defer tx.Rollback()
//
// err := auth.Logout(tx, w, r)
// if err != nil {
// // Handle error
// }
//
// tx.Commit()
// http.Redirect(w, r, "/", http.StatusSeeOther)
// }
//
// # Retrieving the Current User
//
// Access the authenticated user from the request context:
//
// func dashboardHandler(w http.ResponseWriter, r *http.Request) {
// user := auth.CurrentModel(r.Context())
// if user.ID() == 0 {
// // User not authenticated
// return
// }
//
// fmt.Fprintf(w, "Welcome, %s!", user.Username)
// }
//
// # ORM Support
//
// hwsauth works with any ORM that implements the DBTransaction interface.
//
// GORM Example:
//
// beginTx := func(ctx context.Context) (hwsauth.DBTransaction, error) {
// return gormDB.WithContext(ctx).Begin().Statement.ConnPool.(*sql.Tx), nil
// }
//
// loadUser := func(ctx context.Context, tx *gorm.DB, id int) (User, error) {
// var user User
// err := tx.First(&user, id).Error
// return user, err
// }
//
// auth, err := hwsauth.NewAuthenticator[User, *gorm.DB](...)
//
// Bun Example:
//
// beginTx := func(ctx context.Context) (hwsauth.DBTransaction, error) {
// return bunDB.BeginTx(ctx, nil)
// }
//
// loadUser := func(ctx context.Context, tx bun.Tx, id int) (User, error) {
// var user User
// err := tx.NewSelect().Model(&user).Where("id = ?", id).Scan(ctx)
// return user, err
// }
//
// auth, err := hwsauth.NewAuthenticator[User, bun.Tx](...)
//
// # Environment Variables
//
// The following environment variables are supported when using ConfigFromEnv:
//
// - HWSAUTH_SSL: Enable SSL secure cookies (default: false)
// - HWSAUTH_TRUSTED_HOST: Full server address for SSL (required if SSL is true)
// - HWSAUTH_SECRET_KEY: Secret key for signing JWT tokens (required)
// - HWSAUTH_ACCESS_TOKEN_EXPIRY: Access token expiry in minutes (default: 5)
// - HWSAUTH_REFRESH_TOKEN_EXPIRY: Refresh token expiry in minutes (default: 1440)
// - HWSAUTH_TOKEN_FRESH_TIME: Token fresh time in minutes (default: 5)
// - HWSAUTH_LANDING_PAGE: Redirect destination for authenticated users (default: "/profile")
// - HWSAUTH_DATABASE_TYPE: Database type - postgres, mysql, sqlite, mariadb (default: "postgres")
// - HWSAUTH_DATABASE_VERSION: Database version string (default: "15")
// - HWSAUTH_JWT_TABLE_NAME: Custom JWT blacklist table name (default: "jwtblacklist")
//
// # Security Considerations
//
// - Always use SSL in production (set HWSAUTH_SSL=true)
// - Use strong, randomly generated secret keys
// - Set appropriate token expiry times based on your security requirements
// - Use FreshReq middleware for sensitive operations (password changes, etc.)
// - Store refresh tokens securely in HTTP-only cookies
//
// # Type Parameters
//
// hwsauth uses Go generics for type safety:
//
// - T Model: Your user model type (must implement the Model interface)
// - TX DBTransaction: Your transaction type (must implement DBTransaction interface)
//
// This allows compile-time type checking and eliminates the need for type assertions
// when working with your user models.
package hwsauth

35
hwsauth/ezconf.go Normal file
View File

@@ -0,0 +1,35 @@
package hwsauth
import "runtime"
// EZConfIntegration provides integration with ezconf for automatic configuration
type EZConfIntegration struct{}
// PackagePath returns the path to the hwsauth package for source parsing
func (e EZConfIntegration) PackagePath() string {
_, filename, _, _ := runtime.Caller(0)
// Return directory of this file
return filename[:len(filename)-len("/ezconf.go")]
}
// ConfigFunc returns the ConfigFromEnv function for ezconf
func (e EZConfIntegration) ConfigFunc() func() (interface{}, error) {
return func() (interface{}, error) {
return ConfigFromEnv()
}
}
// Name returns the name to use when registering with ezconf
func (e EZConfIntegration) Name() string {
return "hwsauth"
}
// GroupName returns the display name for grouping environment variables
func (e EZConfIntegration) GroupName() string {
return "HWSAuth"
}
// NewEZConfIntegration creates a new EZConf integration helper
func NewEZConfIntegration() EZConfIntegration {
return EZConfIntegration{}
}

30
hwsauth/go.mod Normal file
View File

@@ -0,0 +1,30 @@
module git.haelnorr.com/h/golib/hwsauth
go 1.25.5
require (
git.haelnorr.com/h/golib/cookies v0.9.0
git.haelnorr.com/h/golib/env v0.9.1
git.haelnorr.com/h/golib/hlog v0.10.4
git.haelnorr.com/h/golib/hws v0.3.0
git.haelnorr.com/h/golib/jwt v0.10.1
github.com/DATA-DOG/go-sqlmock v1.5.2
github.com/pkg/errors v0.9.1
github.com/stretchr/testify v1.11.1
)
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/go-logr/logr v1.4.3 // indirect
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/rs/zerolog v1.34.0 // indirect
golang.org/x/sys v0.40.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apimachinery v0.35.0 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/utils v0.0.0-20260108192941-914a6e750570 // indirect
)

54
hwsauth/go.sum Normal file
View File

@@ -0,0 +1,54 @@
git.haelnorr.com/h/golib/cookies v0.9.0 h1:Vf+eX1prHkKuGrQon1BHY87yaPc1H+HJFRXDOV/AuWs=
git.haelnorr.com/h/golib/cookies v0.9.0/go.mod h1:y1385YExI9gLwckCVDCYVcsFXr6N7T3brJjnJD2QIuo=
git.haelnorr.com/h/golib/env v0.9.1 h1:2Vsj+mJKnO5f1Md1GO5v9ggLN5zWa0baCewcSHTjoNY=
git.haelnorr.com/h/golib/env v0.9.1/go.mod h1:glUQVdA1HMKX1avTDyTyuhcr36SSxZtlJxKDT5KTztg=
git.haelnorr.com/h/golib/hlog v0.10.4 h1:vpCsV/OddjIYx8F48U66WxojjmhEbeLGQAOBG4ViSRQ=
git.haelnorr.com/h/golib/hlog v0.10.4/go.mod h1:+wJ8vecQY/JITTXKmI3JfkHiUGyMs7N6wooj2wuWZbc=
git.haelnorr.com/h/golib/hws v0.3.0 h1:/YGzxd3sRR3DFU6qVZxpJMKV3W2wCONqZKYUDIercCo=
git.haelnorr.com/h/golib/hws v0.3.0/go.mod h1:6ZlRKnt8YMpv5XcMXmyBGmD1/euvBo3d1azEvHJjOLo=
git.haelnorr.com/h/golib/jwt v0.10.1 h1:1Adxt9H3Y4fWFvFjWpvg/vSFhbgCMDMxgiE3m7KvDMI=
git.haelnorr.com/h/golib/jwt v0.10.1/go.mod h1:fbuPrfucT9lL0faV5+Q5Gk9WFJxPlwzRPpbMQKYZok4=
github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
k8s.io/apimachinery v0.35.0 h1:Z2L3IHvPVv/MJ7xRxHEtk6GoJElaAqDCCU0S6ncYok8=
k8s.io/apimachinery v0.35.0/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/utils v0.0.0-20260108192941-914a6e750570 h1:JT4W8lsdrGENg9W+YwwdLJxklIuKWdRm+BC+xt33FOY=
k8s.io/utils v0.0.0-20260108192941-914a6e750570/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=

481
hwsauth/hwsauth_test.go Normal file
View File

@@ -0,0 +1,481 @@
package hwsauth
import (
"context"
"database/sql"
"io"
"net/http/httptest"
"os"
"testing"
"git.haelnorr.com/h/golib/hlog"
"git.haelnorr.com/h/golib/hws"
"github.com/DATA-DOG/go-sqlmock"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
type TestModel struct {
ID int
}
func (tm TestModel) GetID() int {
return tm.ID
}
type TestTransaction struct {
}
func (tt *TestTransaction) Exec(query string, args ...any) (sql.Result, error) {
return nil, nil
}
func (tt *TestTransaction) Query(query string, args ...any) (*sql.Rows, error) {
return nil, nil
}
func (tt *TestTransaction) Commit() error {
return nil
}
func (tt *TestTransaction) Rollback() error {
return nil
}
type TestErrorPage struct{}
func (tep TestErrorPage) Render(ctx context.Context, w io.Writer) error {
return nil
}
// createMockDB creates a mock SQL database for testing
func createMockDB() (*sql.DB, sqlmock.Sqlmock, error) {
db, mock, err := sqlmock.New()
if err != nil {
return nil, nil, err
}
// Expect a ping to succeed for database connectivity test
mock.ExpectPing()
// Expect table existence check (returns a row = table exists)
mock.ExpectQuery(`SELECT 1 FROM information_schema\.tables WHERE table_schema = 'public' AND table_name = \$1`).
WithArgs("jwtblacklist").
WillReturnRows(sqlmock.NewRows([]string{"1"}).AddRow(1))
// Expect cleanup function creation
mock.ExpectExec(`CREATE OR REPLACE FUNCTION cleanup_jwtblacklist\(\) RETURNS void AS \$\$ BEGIN DELETE FROM jwtblacklist WHERE exp < EXTRACT\(EPOCH FROM NOW\(\)\); END; \$\$ LANGUAGE plpgsql;`).
WillReturnResult(sqlmock.NewResult(0, 0))
return db, mock, nil
}
func TestGetNil(t *testing.T) {
var zero TestModel
result := getNil[TestModel]()
assert.Equal(t, zero, result)
}
func TestSetAndGetAuthenticatedModel(t *testing.T) {
ctx := context.Background()
model := TestModel{ID: 123}
authModel := authenticatedModel[TestModel]{
model: model,
fresh: 1234567890,
}
newCtx := setAuthenticatedModel(ctx, authModel)
retrieved, ok := getAuthorizedModel[TestModel](newCtx)
assert.True(t, ok)
assert.Equal(t, model, retrieved.model)
assert.Equal(t, int64(1234567890), retrieved.fresh)
}
func TestGetAuthorizedModel_NotSet(t *testing.T) {
ctx := context.Background()
retrieved, ok := getAuthorizedModel[TestModel](ctx)
assert.False(t, ok)
var zero TestModel
assert.Equal(t, zero, retrieved.model)
assert.Equal(t, int64(0), retrieved.fresh)
}
func TestCurrentModel(t *testing.T) {
auth := &Authenticator[TestModel, DBTransaction]{}
t.Run("nil context", func(t *testing.T) {
var nilContext context.Context = nil
result := auth.CurrentModel(nilContext)
var zero TestModel
assert.Equal(t, zero, result)
})
t.Run("context without authenticated model", func(t *testing.T) {
ctx := context.Background()
result := auth.CurrentModel(ctx)
var zero TestModel
assert.Equal(t, zero, result)
})
t.Run("context with authenticated model", func(t *testing.T) {
ctx := context.Background()
model := TestModel{ID: 456}
authModel := authenticatedModel[TestModel]{
model: model,
fresh: 1234567890,
}
ctx = setAuthenticatedModel(ctx, authModel)
result := auth.CurrentModel(ctx)
assert.Equal(t, model, result)
assert.Equal(t, 456, result.GetID())
})
}
func TestConfigFromEnv_MissingSecretKey(t *testing.T) {
// Clear environment variables
originalSecret := os.Getenv("HWSAUTH_SECRET_KEY")
os.Setenv("HWSAUTH_SECRET_KEY", "")
defer os.Setenv("HWSAUTH_SECRET_KEY", originalSecret)
_, err := ConfigFromEnv()
assert.Error(t, err)
assert.Contains(t, err.Error(), "Envar not set: HWSAUTH_SECRET_KEY")
}
func TestConfigFromEnv_SSLWithoutTrustedHost(t *testing.T) {
// Clear environment variables
t.Setenv("HWSAUTH_SECRET_KEY", "test-secret")
t.Setenv("HWSAUTH_SSL", "true")
t.Setenv("HWSAUTH_TRUSTED_HOST", "")
defer func() {
t.Setenv("HWSAUTH_SECRET_KEY", "")
t.Setenv("HWSAUTH_SSL", "")
t.Setenv("HWSAUTH_TRUSTED_HOST", "")
}()
_, err := ConfigFromEnv()
assert.Error(t, err)
assert.Contains(t, err.Error(), "SSL is enabled and no HWS_TRUSTED_HOST set")
}
func TestConfigFromEnv_ValidMinimalConfig(t *testing.T) {
// Set environment variables
t.Setenv("HWSAUTH_SECRET_KEY", "test-secret-key")
defer t.Setenv("HWSAUTH_SECRET_KEY", "")
cfg, err := ConfigFromEnv()
assert.NoError(t, err)
assert.Equal(t, "test-secret-key", cfg.SecretKey)
assert.Equal(t, false, cfg.SSL)
assert.Equal(t, int64(5), cfg.AccessTokenExpiry)
assert.Equal(t, int64(1440), cfg.RefreshTokenExpiry)
assert.Equal(t, int64(5), cfg.TokenFreshTime)
assert.Equal(t, "/profile", cfg.LandingPage)
assert.Equal(t, "postgres", cfg.DatabaseType)
assert.Equal(t, "15", cfg.DatabaseVersion)
assert.Equal(t, "jwtblacklist", cfg.JWTTableName)
}
func TestConfigFromEnv_ValidFullConfig(t *testing.T) {
// Set environment variables
t.Setenv("HWSAUTH_SECRET_KEY", "custom-secret")
t.Setenv("HWSAUTH_SSL", "true")
t.Setenv("HWSAUTH_TRUSTED_HOST", "example.com")
t.Setenv("HWSAUTH_ACCESS_TOKEN_EXPIRY", "15")
t.Setenv("HWSAUTH_REFRESH_TOKEN_EXPIRY", "2880")
t.Setenv("HWSAUTH_TOKEN_FRESH_TIME", "10")
t.Setenv("HWSAUTH_LANDING_PAGE", "/dashboard")
t.Setenv("HWSAUTH_DATABASE_TYPE", "mysql")
t.Setenv("HWSAUTH_DATABASE_VERSION", "8.0")
t.Setenv("HWSAUTH_JWT_TABLE_NAME", "custom_tokens")
defer func() {
t.Setenv("HWSAUTH_SECRET_KEY", "")
t.Setenv("HWSAUTH_SSL", "")
t.Setenv("HWSAUTH_TRUSTED_HOST", "")
t.Setenv("HWSAUTH_ACCESS_TOKEN_EXPIRY", "")
t.Setenv("HWSAUTH_REFRESH_TOKEN_EXPIRY", "")
t.Setenv("HWSAUTH_TOKEN_FRESH_TIME", "")
t.Setenv("HWSAUTH_LANDING_PAGE", "")
t.Setenv("HWSAUTH_DATABASE_TYPE", "")
t.Setenv("HWSAUTH_DATABASE_VERSION", "")
t.Setenv("HWSAUTH_JWT_TABLE_NAME", "")
}()
cfg, err := ConfigFromEnv()
assert.NoError(t, err)
assert.Equal(t, "custom-secret", cfg.SecretKey)
assert.Equal(t, true, cfg.SSL)
assert.Equal(t, "example.com", cfg.TrustedHost)
assert.Equal(t, int64(15), cfg.AccessTokenExpiry)
assert.Equal(t, int64(2880), cfg.RefreshTokenExpiry)
assert.Equal(t, int64(10), cfg.TokenFreshTime)
assert.Equal(t, "/dashboard", cfg.LandingPage)
assert.Equal(t, "mysql", cfg.DatabaseType)
assert.Equal(t, "8.0", cfg.DatabaseVersion)
assert.Equal(t, "custom_tokens", cfg.JWTTableName)
}
func TestNewAuthenticator_NilConfig(t *testing.T) {
load := func(ctx context.Context, tx DBTransaction, id int) (TestModel, error) {
return TestModel{ID: id}, nil
}
server := &hws.Server{}
beginTx := func(ctx context.Context) (DBTransaction, error) {
return &TestTransaction{}, nil
}
logger := &hlog.Logger{}
errorPage := func(error hws.HWSError) (hws.ErrorPage, error) {
return TestErrorPage{}, nil
}
auth, err := NewAuthenticator(
nil, // cfg
load,
server,
beginTx,
logger,
errorPage,
nil, // db
)
assert.Error(t, err)
assert.Nil(t, auth)
assert.Contains(t, err.Error(), "Config is required")
}
func TestNewAuthenticator_MissingSecretKey(t *testing.T) {
cfg := &Config{
SecretKey: "",
}
load := func(ctx context.Context, tx DBTransaction, id int) (TestModel, error) {
return TestModel{ID: id}, nil
}
server := &hws.Server{}
beginTx := func(ctx context.Context) (DBTransaction, error) {
return &TestTransaction{}, nil
}
logger := &hlog.Logger{}
errorPage := func(error hws.HWSError) (hws.ErrorPage, error) {
return TestErrorPage{}, nil
}
auth, err := NewAuthenticator(
cfg,
load,
server,
beginTx,
logger,
errorPage,
nil, // db - will fail before db check since SecretKey is missing
)
assert.Error(t, err)
assert.Nil(t, auth)
assert.Contains(t, err.Error(), "SecretKey is required")
}
func TestNewAuthenticator_NilLoadFunction(t *testing.T) {
cfg := &Config{
SecretKey: "test-secret",
}
server := &hws.Server{}
beginTx := func(ctx context.Context) (DBTransaction, error) {
return &TestTransaction{}, nil
}
logger := &hlog.Logger{}
errorPage := func(error hws.HWSError) (hws.ErrorPage, error) {
return TestErrorPage{}, nil
}
auth, err := NewAuthenticator[TestModel, DBTransaction](
cfg,
nil,
server,
beginTx,
logger,
errorPage,
nil, // db
)
assert.Error(t, err)
assert.Nil(t, auth)
assert.Contains(t, err.Error(), "No function to load model supplied")
}
func TestNewAuthenticator_SSLWithoutTrustedHost(t *testing.T) {
cfg := &Config{
SecretKey: "test-secret",
SSL: true,
}
load := func(ctx context.Context, tx DBTransaction, id int) (TestModel, error) {
return TestModel{ID: id}, nil
}
server := &hws.Server{}
beginTx := func(ctx context.Context) (DBTransaction, error) {
return &TestTransaction{}, nil
}
logger := &hlog.Logger{}
errorPage := func(error hws.HWSError) (hws.ErrorPage, error) {
return TestErrorPage{}, nil
}
db, _, err := createMockDB()
require.NoError(t, err)
defer db.Close()
auth, err := NewAuthenticator(
cfg,
load,
server,
beginTx,
logger,
errorPage,
db,
)
require.NoError(t, err)
require.NotNil(t, auth)
assert.Equal(t, false, auth.SSL)
assert.Equal(t, "/profile", auth.LandingPage)
}
func TestNewAuthenticator_NilDatabase(t *testing.T) {
cfg := &Config{
SecretKey: "test-secret",
}
load := func(ctx context.Context, tx DBTransaction, id int) (TestModel, error) {
return TestModel{ID: id}, nil
}
server := &hws.Server{}
beginTx := func(ctx context.Context) (DBTransaction, error) {
return &TestTransaction{}, nil
}
logger := &hlog.Logger{}
errorPage := func(error hws.HWSError) (hws.ErrorPage, error) {
return TestErrorPage{}, nil
}
auth, err := NewAuthenticator(
cfg,
load,
server,
beginTx,
logger,
errorPage,
nil, // db
)
assert.Error(t, err)
assert.Nil(t, auth)
assert.Contains(t, err.Error(), "No Database provided")
}
func TestModelInterface(t *testing.T) {
t.Run("TestModel implements Model interface", func(t *testing.T) {
var _ Model = TestModel{}
})
t.Run("GetID method", func(t *testing.T) {
model := TestModel{ID: 789}
assert.Equal(t, 789, model.GetID())
})
}
func TestGetAuthenticatedUser_NoTokens(t *testing.T) {
cfg := &Config{
SecretKey: "test-secret",
TrustedHost: "example.com",
}
load := func(ctx context.Context, tx DBTransaction, id int) (TestModel, error) {
return TestModel{ID: id}, nil
}
server := &hws.Server{}
beginTx := func(ctx context.Context) (DBTransaction, error) {
return &TestTransaction{}, nil
}
logger := &hlog.Logger{}
errorPage := func(error hws.HWSError) (hws.ErrorPage, error) {
return TestErrorPage{}, nil
}
db, _, err := createMockDB()
require.NoError(t, err)
defer db.Close()
auth, err := NewAuthenticator(
cfg,
load,
server,
beginTx,
logger,
errorPage,
db,
)
require.NoError(t, err)
tx := &TestTransaction{}
w := httptest.NewRecorder()
r := httptest.NewRequest("GET", "/", nil)
model, err := auth.getAuthenticatedUser(tx, w, r)
assert.Error(t, err)
assert.Contains(t, err.Error(), "No token strings provided")
var zero TestModel
assert.Equal(t, zero, model.model)
}
func TestLogin_BasicFunctionality(t *testing.T) {
cfg := &Config{
SecretKey: "test-secret",
TrustedHost: "example.com",
}
load := func(ctx context.Context, tx DBTransaction, id int) (TestModel, error) {
return TestModel{ID: id}, nil
}
server := &hws.Server{}
beginTx := func(ctx context.Context) (DBTransaction, error) {
return &TestTransaction{}, nil
}
logger := &hlog.Logger{}
errorPage := func(error hws.HWSError) (hws.ErrorPage, error) {
return TestErrorPage{}, nil
}
db, _, err := createMockDB()
require.NoError(t, err)
defer db.Close()
auth, err := NewAuthenticator(
cfg,
load,
server,
beginTx,
logger,
errorPage,
db,
)
require.NoError(t, err)
w := httptest.NewRecorder()
r := httptest.NewRequest("GET", "/", nil)
user := TestModel{ID: 123}
rememberMe := true
// This test mainly checks that the function doesn't panic and has right call signature
// The actual JWT functionality is tested in jwt package itself
assert.NotPanics(t, func() {
auth.Login(w, r, user, rememberMe)
})
}

30
hwsauth/ignorepaths.go Normal file
View File

@@ -0,0 +1,30 @@
package hwsauth
import (
"fmt"
"net/url"
)
// IgnorePaths excludes specified paths from authentication middleware.
// Paths must be valid URL paths (relative paths without scheme or host).
//
// Example:
//
// auth.IgnorePaths("/", "/login", "/register", "/public", "/static")
//
// Returns an error if any path is invalid.
func (auth *Authenticator[T, TX]) IgnorePaths(paths ...string) error {
for _, path := range paths {
u, err := url.Parse(path)
valid := err == nil &&
u.Scheme == "" &&
u.Host == "" &&
u.RawQuery == "" &&
u.Fragment == ""
if !valid {
return fmt.Errorf("Invalid path: '%s'", path)
}
}
auth.ignoredPaths = paths
return nil
}

46
hwsauth/login.go Normal file
View File

@@ -0,0 +1,46 @@
package hwsauth
import (
"net/http"
"git.haelnorr.com/h/golib/jwt"
"github.com/pkg/errors"
)
// Login authenticates a user and sets JWT tokens as HTTP-only cookies.
// The rememberMe parameter determines token expiration behavior.
//
// Parameters:
// - w: HTTP response writer for setting cookies
// - r: HTTP request
// - model: The authenticated user model
// - rememberMe: If true, tokens have extended expiry; if false, session-based
//
// Example:
//
// func loginHandler(w http.ResponseWriter, r *http.Request) {
// user, err := validateCredentials(username, password)
// if err != nil {
// http.Error(w, "Invalid credentials", http.StatusUnauthorized)
// return
// }
// err = auth.Login(w, r, user, true)
// if err != nil {
// http.Error(w, "Login failed", http.StatusInternalServerError)
// return
// }
// http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
// }
func (auth *Authenticator[T, TX]) Login(
w http.ResponseWriter,
r *http.Request,
model T,
rememberMe bool,
) error {
err := jwt.SetTokenCookies(w, r, auth.tokenGenerator, model.GetID(), true, rememberMe, auth.SSL)
if err != nil {
return errors.Wrap(err, "jwt.SetTokenCookies")
}
return nil
}

47
hwsauth/logout.go Normal file
View File

@@ -0,0 +1,47 @@
package hwsauth
import (
"net/http"
"git.haelnorr.com/h/golib/cookies"
"git.haelnorr.com/h/golib/jwt"
"github.com/pkg/errors"
)
// Logout revokes the user's authentication tokens and clears their cookies.
// This operation requires a database transaction to revoke tokens.
//
// Parameters:
// - tx: Database transaction for revoking tokens
// - w: HTTP response writer for clearing cookies
// - r: HTTP request containing the tokens to revoke
//
// Example:
//
// func logoutHandler(w http.ResponseWriter, r *http.Request) {
// tx, _ := db.BeginTx(r.Context(), nil)
// defer tx.Rollback()
// if err := auth.Logout(tx, w, r); err != nil {
// http.Error(w, "Logout failed", http.StatusInternalServerError)
// return
// }
// tx.Commit()
// http.Redirect(w, r, "/", http.StatusSeeOther)
// }
func (auth *Authenticator[T, TX]) Logout(tx TX, w http.ResponseWriter, r *http.Request) error {
aT, rT, err := auth.getTokens(tx, r)
if err != nil {
return errors.Wrap(err, "auth.getTokens")
}
err = aT.Revoke(jwt.DBTransaction(tx))
if err != nil {
return errors.Wrap(err, "aT.Revoke")
}
err = rT.Revoke(jwt.DBTransaction(tx))
if err != nil {
return errors.Wrap(err, "rT.Revoke")
}
cookies.DeleteCookie(w, "access", "/")
cookies.DeleteCookie(w, "refresh", "/")
return nil
}

54
hwsauth/middleware.go Normal file
View File

@@ -0,0 +1,54 @@
package hwsauth
import (
"context"
"git.haelnorr.com/h/golib/hws"
"net/http"
"slices"
"time"
)
// Authenticate returns the main authentication middleware.
// This middleware validates JWT tokens, refreshes expired tokens, and adds
// the authenticated user to the request context.
//
// Example:
//
// server.AddMiddleware(auth.Authenticate())
func (auth *Authenticator[T, TX]) Authenticate() hws.Middleware {
return auth.server.NewMiddleware(auth.authenticate())
}
func (auth *Authenticator[T, TX]) authenticate() hws.MiddlewareFunc {
return func(w http.ResponseWriter, r *http.Request) (*http.Request, *hws.HWSError) {
if slices.Contains(auth.ignoredPaths, r.URL.Path) {
return r, nil
}
ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
defer cancel()
// Start the transaction
tx, err := auth.beginTx(ctx)
if err != nil {
return nil, &hws.HWSError{Message: "Unable to start transaction", StatusCode: http.StatusServiceUnavailable, Error: err}
}
// Type assert to TX - safe because user's beginTx should return their TX type
txTyped, ok := tx.(TX)
if !ok {
return nil, &hws.HWSError{Message: "Transaction type mismatch", StatusCode: http.StatusInternalServerError, Error: err}
}
model, err := auth.getAuthenticatedUser(txTyped, w, r)
if err != nil {
tx.Rollback()
auth.logger.Debug().
Str("remote_addr", r.RemoteAddr).
Err(err).
Msg("Failed to authenticate user")
return r, nil
}
tx.Commit()
authContext := setAuthenticatedModel(r.Context(), model)
newReq := r.WithContext(authContext)
return newReq, nil
}
}

86
hwsauth/model.go Normal file
View File

@@ -0,0 +1,86 @@
package hwsauth
import (
"context"
)
type authenticatedModel[T Model] struct {
model T
fresh int64
}
func getNil[T Model]() T {
var result T
return result
}
// Model represents an authenticated user model.
// User types must implement this interface to be used with the authenticator.
type Model interface {
GetID() int // Returns the unique identifier for the user
}
// ContextLoader is a function type that loads a model from a context.
// Deprecated: Use CurrentModel method instead.
type ContextLoader[T Model] func(ctx context.Context) T
// LoadFunc is a function type that loads a user model from the database.
// It receives a context for cancellation, a transaction for database operations,
// and the user ID to load.
//
// Example:
//
// loadUser := func(ctx context.Context, tx *sql.Tx, id int) (User, error) {
// var user User
// err := tx.QueryRowContext(ctx,
// "SELECT id, username, email FROM users WHERE id = $1", id).
// Scan(&user.ID, &user.Username, &user.Email)
// return user, err
// }
type LoadFunc[T Model, TX DBTransaction] func(ctx context.Context, tx TX, id int) (T, error)
// Return a new context with the user added in
func setAuthenticatedModel[T Model](ctx context.Context, m authenticatedModel[T]) context.Context {
return context.WithValue(ctx, "hwsauth context key authenticated-model", m)
}
// Retrieve a user from the given context. Returns nil if not set
func getAuthorizedModel[T Model](ctx context.Context) (model authenticatedModel[T], ok bool) {
defer func() {
if r := recover(); r != nil {
// panic happened, return ok = false
ok = false
model = authenticatedModel[T]{}
}
}()
model, cok := ctx.Value("hwsauth context key authenticated-model").(authenticatedModel[T])
if !cok {
return authenticatedModel[T]{}, false
}
return model, true
}
// CurrentModel retrieves the authenticated user from the request context.
// Returns a zero-value T if no user is authenticated or context is nil.
//
// Example:
//
// func handler(w http.ResponseWriter, r *http.Request) {
// user := auth.CurrentModel(r.Context())
// if user.ID() == 0 {
// http.Error(w, "Not authenticated", http.StatusUnauthorized)
// return
// }
// fmt.Fprintf(w, "Hello, %s!", user.Username)
// }
func (auth *Authenticator[T, TX]) CurrentModel(ctx context.Context) T {
if ctx == nil {
return getNil[T]()
}
model, ok := getAuthorizedModel[T](ctx)
if !ok {
result := getNil[T]()
return result
}
return model.model
}

87
hwsauth/protectpage.go Normal file
View File

@@ -0,0 +1,87 @@
package hwsauth
import (
"net/http"
"time"
"git.haelnorr.com/h/golib/hws"
"github.com/pkg/errors"
)
// LoginReq returns a middleware that requires the user to be authenticated.
// If the user is not authenticated, it returns a 401 Unauthorized error page.
//
// Example:
//
// protectedHandler := auth.LoginReq(http.HandlerFunc(dashboardHandler))
// server.AddRoute("GET", "/dashboard", protectedHandler)
func (auth *Authenticator[T, TX]) LoginReq(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
_, ok := getAuthorizedModel[T](r.Context())
if !ok {
err := auth.server.ThrowError(w, r, hws.HWSError{
Error: errors.New("Login required"),
Message: "Please login to view this page",
StatusCode: http.StatusUnauthorized,
RenderErrorPage: true,
})
if err != nil {
auth.server.ThrowFatal(w, err)
}
return
}
next.ServeHTTP(w, r)
})
}
// LogoutReq returns a middleware that redirects authenticated users to the landing page.
// Use this for login and registration pages to prevent logged-in users from accessing them.
//
// Example:
//
// loginPageHandler := auth.LogoutReq(http.HandlerFunc(showLoginPage))
// server.AddRoute("GET", "/login", loginPageHandler)
func (auth *Authenticator[T, TX]) LogoutReq(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
_, ok := getAuthorizedModel[T](r.Context())
if ok {
http.Redirect(w, r, auth.LandingPage, http.StatusFound)
return
}
next.ServeHTTP(w, r)
})
}
// FreshReq returns a middleware that requires a fresh authentication token.
// If the token is not fresh (recently issued), it returns a 444 status code.
// Use this for sensitive operations like password changes or account deletions.
//
// Example:
//
// changePasswordHandler := auth.FreshReq(http.HandlerFunc(handlePasswordChange))
// server.AddRoute("POST", "/change-password", changePasswordHandler)
//
// The 444 status code can be used by the client to prompt for re-authentication.
func (auth *Authenticator[T, TX]) FreshReq(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
model, ok := getAuthorizedModel[T](r.Context())
if !ok {
err := auth.server.ThrowError(w, r, hws.HWSError{
Error: errors.New("Login required"),
Message: "Please login to view this page",
StatusCode: http.StatusUnauthorized,
RenderErrorPage: true,
})
if err != nil {
auth.server.ThrowFatal(w, err)
}
return
}
isFresh := time.Now().Before(time.Unix(model.fresh, 0))
if !isFresh {
w.WriteHeader(444)
return
}
next.ServeHTTP(w, r)
})
}

84
hwsauth/reauthenticate.go Normal file
View File

@@ -0,0 +1,84 @@
package hwsauth
import (
"net/http"
"git.haelnorr.com/h/golib/jwt"
"github.com/pkg/errors"
)
// RefreshAuthTokens manually refreshes the user's authentication tokens.
// This revokes the old tokens and issues new ones.
// Requires a database transaction for token operations.
//
// Note: Token refresh is normally handled automatically by the Authenticate middleware.
// Use this method only when you need explicit control over token refresh.
//
// Example:
//
// func refreshHandler(w http.ResponseWriter, r *http.Request) {
// tx, _ := db.BeginTx(r.Context(), nil)
// defer tx.Rollback()
// if err := auth.RefreshAuthTokens(tx, w, r); err != nil {
// http.Error(w, "Refresh failed", http.StatusUnauthorized)
// return
// }
// tx.Commit()
// w.WriteHeader(http.StatusOK)
// }
func (auth *Authenticator[T, TX]) RefreshAuthTokens(tx TX, w http.ResponseWriter, r *http.Request) error {
aT, rT, err := auth.getTokens(tx, r)
if err != nil {
return errors.Wrap(err, "getTokens")
}
rememberMe := map[string]bool{
"session": false,
"exp": true,
}[aT.TTL]
// issue new tokens for the user
err = jwt.SetTokenCookies(w, r, auth.tokenGenerator, rT.SUB, true, rememberMe, auth.SSL)
if err != nil {
return errors.Wrap(err, "jwt.SetTokenCookies")
}
err = revokeTokenPair(jwt.DBTransaction(tx), aT, rT)
if err != nil {
return errors.Wrap(err, "revokeTokenPair")
}
return nil
}
// Get the tokens from the request
func (auth *Authenticator[T, TX]) getTokens(
tx TX,
r *http.Request,
) (*jwt.AccessToken, *jwt.RefreshToken, error) {
// get the existing tokens from the cookies
atStr, rtStr := jwt.GetTokenCookies(r)
aT, err := auth.tokenGenerator.ValidateAccess(jwt.DBTransaction(tx), atStr)
if err != nil {
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateAccess")
}
rT, err := auth.tokenGenerator.ValidateRefresh(jwt.DBTransaction(tx), rtStr)
if err != nil {
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateRefresh")
}
return aT, rT, nil
}
// Revoke the given token pair
func revokeTokenPair(
tx jwt.DBTransaction,
aT *jwt.AccessToken,
rT *jwt.RefreshToken,
) error {
err := aT.Revoke(tx)
if err != nil {
return errors.Wrap(err, "aT.Revoke")
}
err = rT.Revoke(tx)
if err != nil {
return errors.Wrap(err, "rT.Revoke")
}
return nil
}

42
hwsauth/refreshtokens.go Normal file
View File

@@ -0,0 +1,42 @@
package hwsauth
import (
"net/http"
"reflect"
"git.haelnorr.com/h/golib/jwt"
"github.com/pkg/errors"
)
// Attempt to use a valid refresh token to generate a new token pair
func (auth *Authenticator[T, TX]) refreshAuthTokens(
tx TX,
w http.ResponseWriter,
r *http.Request,
rT *jwt.RefreshToken,
) (T, error) {
model, err := auth.load(r.Context(), tx, rT.SUB)
if err != nil {
return getNil[T](), errors.Wrap(err, "auth.load")
}
if reflect.ValueOf(model).IsNil() {
return getNil[T](), errors.New("no user matching JWT in database")
}
rememberMe := map[string]bool{
"session": false,
"exp": true,
}[rT.TTL]
// Set fresh to true because new tokens coming from refresh request
err = jwt.SetTokenCookies(w, r, auth.tokenGenerator, model.GetID(), false, rememberMe, auth.SSL)
if err != nil {
return getNil[T](), errors.Wrap(err, "jwt.SetTokenCookies")
}
// New tokens sent, revoke the old tokens
err = rT.Revoke(jwt.DBTransaction(tx))
if err != nil {
return getNil[T](), errors.Wrap(err, "rT.Revoke")
}
// Return the authorized user
return model, nil
}

1
jwt/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.claude/

21
jwt/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2026 haelnorr
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

102
jwt/README.md Normal file
View File

@@ -0,0 +1,102 @@
# JWT - v0.10.1
JWT (JSON Web Token) generation and validation with database-backed token revocation support.
## Features
- Access and refresh token generation
- Token validation with expiration checking
- Token revocation via database blacklist
- Multi-database support (PostgreSQL, MySQL, SQLite, MariaDB)
- Compatible with database/sql, GORM, and Bun ORMs
- Automatic table creation and management
- Database-native automatic cleanup
- Token freshness tracking for sensitive operations
- "Remember me" functionality with session vs persistent tokens
- Manual cleanup method for on-demand token cleanup
## Installation
```bash
go get git.haelnorr.com/h/golib/jwt
```
## Quick Start
```go
package main
import (
"context"
"database/sql"
"git.haelnorr.com/h/golib/jwt"
_ "github.com/lib/pq"
)
func main() {
// Open database
db, _ := sql.Open("postgres", "postgres://user:pass@localhost/db")
defer db.Close()
// Create a transaction getter function
txGetter := func(ctx context.Context) (jwt.DBTransaction, error) {
return db.BeginTx(ctx, nil)
}
// Create token generator
gen, err := jwt.CreateGenerator(jwt.GeneratorConfig{
AccessExpireAfter: 15, // 15 minutes
RefreshExpireAfter: 1440, // 24 hours
FreshExpireAfter: 5, // 5 minutes
TrustedHost: "example.com",
SecretKey: "your-secret-key",
DB: db,
DBType: jwt.DatabaseType{
Type: jwt.DatabasePostgreSQL,
Version: "15",
},
TableConfig: jwt.DefaultTableConfig(),
}, txGetter)
if err != nil {
panic(err)
}
// Generate tokens
accessToken, _, _ := gen.NewAccess(42, true, false)
refreshToken, _, _ := gen.NewRefresh(42, false)
// Validate token
tx, _ := db.Begin()
token, _ := gen.ValidateAccess(tx, accessToken)
// Revoke token
token.Revoke(tx)
tx.Commit()
}
```
## Documentation
For detailed documentation, see the [JWT Wiki](https://git.haelnorr.com/h/golib/wiki/JWT.md).
Additional API documentation is available at [GoDoc](https://pkg.go.dev/git.haelnorr.com/h/golib/jwt).
## Supported Databases
- PostgreSQL
- MySQL
- MariaDB
- SQLite
## License
This project is licensed under the MIT License - see the LICENSE file for details.
## Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
## Related Projects
- [hwsauth](https://git.haelnorr.com/h/golib/hwsauth) - JWT-based authentication middleware for HWS
- [hws](https://git.haelnorr.com/h/golib/hws) - HTTP web server framework

34
jwt/cookies.go
View File

@@ -6,7 +6,12 @@ import (
"time" "time"
) )
// Get the value of the access and refresh tokens // GetTokenCookies extracts access and refresh tokens from HTTP request cookies.
// Returns empty strings for any cookies that don't exist.
//
// Returns:
// - acc: The access token value from the "access" cookie (empty if not found)
// - ref: The refresh token value from the "refresh" cookie (empty if not found)
func GetTokenCookies( func GetTokenCookies(
r *http.Request, r *http.Request,
) (acc string, ref string) { ) (acc string, ref string) {
@@ -25,7 +30,16 @@ func GetTokenCookies(
return accStr, refStr return accStr, refStr
} }
// Set a token with the provided details // setToken is an internal helper that sets a token cookie with the specified parameters.
// The cookie is HttpOnly for security and uses SameSite=Lax mode.
//
// Parameters:
// - w: HTTP response writer to set the cookie on
// - token: The token value to store in the cookie
// - scope: The cookie name ("access" or "refresh")
// - exp: Unix timestamp when the token expires
// - rememberme: If true, sets cookie expiration; if false, cookie is session-only
// - useSSL: If true, marks cookie as Secure (HTTPS only)
func setToken( func setToken(
w http.ResponseWriter, w http.ResponseWriter,
token string, token string,
@@ -48,7 +62,21 @@ func setToken(
http.SetCookie(w, tokenCookie) http.SetCookie(w, tokenCookie)
} }
// Generate new tokens for the subject and set them as cookies // SetTokenCookies generates new access and refresh tokens for a user and sets them as HTTP cookies.
// This is a convenience function that combines token generation with cookie setting.
// Cookies are HttpOnly and use SameSite=Lax for security.
//
// Parameters:
// - w: HTTP response writer to set cookies on
// - r: HTTP request (unused but kept for API consistency)
// - tokenGen: The TokenGenerator to use for creating tokens
// - subject: The user ID to generate tokens for
// - fresh: If true, marks the access token as fresh for sensitive operations
// - rememberMe: If true, tokens persist beyond browser session
// - useSSL: If true, marks cookies as Secure (HTTPS only)
//
// Returns an error if token generation fails. Cookies are only set if both tokens
// are generated successfully.
func SetTokenCookies( func SetTokenCookies(
w http.ResponseWriter, w http.ResponseWriter,
r *http.Request, r *http.Request,

66
jwt/database.go Normal file
View File

@@ -0,0 +1,66 @@
package jwt
import (
"context"
"database/sql"
)
// DBTransaction represents a database transaction that can execute queries.
// This interface is compatible with *sql.Tx and can be implemented by ORM transactions
// from libraries like GORM (gormDB.Begin()), Bun (bunDB.Begin()), etc.
type DBTransaction interface {
Exec(query string, args ...any) (sql.Result, error)
Query(query string, args ...any) (*sql.Rows, error)
Commit() error
Rollback() error
}
// BeginTX represents a wrapper function that is used to start a transaction with any dependencies injected
type BeginTX func(ctx context.Context) (DBTransaction, error)
// DatabaseType specifies the database system and version being used.
type DatabaseType struct {
Type string // Database type: "postgres", "mysql", "sqlite", "mariadb"
Version string // Version string, e.g., "15.3", "8.0.32", "3.42.0"
}
// Predefined database type constants for easy configuration and validation.
const (
DatabasePostgreSQL = "postgres"
DatabaseMySQL = "mysql"
DatabaseSQLite = "sqlite"
DatabaseMariaDB = "mariadb"
)
// TableConfig configures the JWT blacklist table.
type TableConfig struct {
// TableName is the name of the blacklist table.
// Default: "jwtblacklist"
TableName string
// AutoCreate determines whether to automatically create the table if it doesn't exist.
// Default: true
AutoCreate bool
// EnableAutoCleanup configures database-native automatic cleanup of expired tokens.
// For PostgreSQL: Creates a cleanup function (requires external scheduler or pg_cron)
// For MySQL/MariaDB: Creates a database event
// For SQLite: No automatic cleanup (manual only)
// Default: true
EnableAutoCleanup bool
// CleanupInterval specifies how often automatic cleanup should run (in hours).
// Only used if EnableAutoCleanup is true.
// Default: 24 (daily cleanup)
CleanupInterval int
}
// DefaultTableConfig returns a TableConfig with sensible defaults.
func DefaultTableConfig() TableConfig {
return TableConfig{
TableName: "jwtblacklist",
AutoCreate: true,
EnableAutoCleanup: true,
CleanupInterval: 24,
}
}

150
jwt/doc.go Normal file
View File

@@ -0,0 +1,150 @@
// Package jwt provides JWT (JSON Web Token) generation and validation with token revocation support.
//
// This package implements JWT access and refresh tokens with the ability to revoke tokens
// using a database-backed blacklist. It supports multiple database backends including
// PostgreSQL, MySQL, SQLite, and MariaDB, and works with both standard library database/sql
// and popular ORMs like GORM and Bun.
//
// # Features
//
// - Access and refresh token generation
// - Token validation with expiration checking
// - Token revocation via database blacklist
// - Support for multiple database types (PostgreSQL, MySQL, SQLite, MariaDB)
// - Compatible with database/sql, GORM, and Bun ORMs
// - Automatic table creation and management
// - Database-native automatic cleanup (PostgreSQL functions, MySQL events)
// - Manual cleanup method for on-demand token cleanup
// - Token freshness tracking for sensitive operations
// - "Remember me" functionality with session vs persistent tokens
//
// # Basic Usage
//
// Create a token generator with database support:
//
// db, _ := sql.Open("postgres", "connection_string")
// gen, err := jwt.CreateGenerator(jwt.GeneratorConfig{
// AccessExpireAfter: 15, // 15 minutes
// RefreshExpireAfter: 1440, // 24 hours
// FreshExpireAfter: 5, // 5 minutes
// TrustedHost: "example.com",
// SecretKey: "your-secret-key",
// DB: db,
// DBType: jwt.DatabaseType{Type: jwt.DatabasePostgreSQL, Version: "15"},
// TableConfig: jwt.DefaultTableConfig(),
// })
//
// Generate tokens:
//
// accessToken, accessExp, err := gen.NewAccess(userID, true, false)
// refreshToken, refreshExp, err := gen.NewRefresh(userID, false)
//
// Validate tokens (using standard library):
//
// tx, _ := db.Begin()
// token, err := gen.ValidateAccess(tx, accessToken)
// if err != nil {
// // Token is invalid or revoked
// }
// tx.Commit()
//
// Validate tokens (using ORM like GORM):
//
// tx := gormDB.Begin()
// token, err := gen.ValidateAccess(tx.Statement.ConnPool, accessToken)
// // or with Bun: gen.ValidateAccess(bunDB.BeginTx(ctx, nil), accessToken)
// tx.Commit()
//
// Revoke tokens:
//
// tx, _ := db.Begin()
// err := token.Revoke(tx)
// tx.Commit()
//
// # Database Configuration
//
// The package automatically creates a blacklist table with the following schema:
//
// CREATE TABLE jwtblacklist (
// jti UUID PRIMARY KEY, -- Token unique identifier
// exp BIGINT NOT NULL, -- Expiration timestamp
// sub INT NOT NULL, -- Subject (user) ID
// created_at TIMESTAMP -- When token was blacklisted
// );
//
// # Cleanup
//
// For PostgreSQL, the package creates a cleanup function that can be called manually
// or scheduled with pg_cron:
//
// SELECT cleanup_jwtblacklist();
//
// For MySQL/MariaDB, the package creates a database event that runs automatically
// (requires event_scheduler to be enabled).
//
// Manual cleanup can be performed at any time:
//
// err := gen.Cleanup(context.Background())
//
// # Using with ORMs
//
// The package works with popular ORMs by using raw SQL queries. For GORM and Bun,
// wrap the underlying *sql.DB with NewDBConnection() when creating the generator:
//
// // GORM example - can use GORM transactions directly
// gormDB, _ := gorm.Open(postgres.Open(dsn), &gorm.Config{})
// sqlDB, _ := gormDB.DB()
// gen, _ := jwt.CreateGenerator(jwt.GeneratorConfig{
// // ... config ...
// DB: sqlDB,
// })
// // Use GORM transaction
// tx := gormDB.Begin()
// token, _ := gen.ValidateAccess(tx.Statement.ConnPool, tokenString)
// tx.Commit()
//
// // Bun example - can use Bun transactions directly
// sqlDB, _ := sql.Open("postgres", dsn)
// bunDB := bun.NewDB(sqlDB, pgdialect.New())
// gen, _ := jwt.CreateGenerator(jwt.GeneratorConfig{
// // ... config ...
// DB: sqlDB,
// })
// // Use Bun transaction
// tx, _ := bunDB.BeginTx(context.Background(), nil)
// token, _ := gen.ValidateAccess(tx, tokenString)
// tx.Commit()
//
// # Token Freshness
//
// Tokens can be marked as "fresh" for sensitive operations. Fresh tokens are typically
// required for actions like changing passwords or email addresses:
//
// token, err := gen.ValidateAccess(exec, tokenString)
// if time.Now().Unix() > token.Fresh {
// // Token is not fresh, require re-authentication
// }
//
// # Custom Table Names
//
// You can customize the blacklist table name:
//
// config := jwt.DefaultTableConfig()
// config.TableName = "my_token_blacklist"
//
// # Disabling Database Features
//
// To use JWT without revocation support (no database):
//
// gen, err := jwt.CreateGenerator(jwt.GeneratorConfig{
// AccessExpireAfter: 15,
// RefreshExpireAfter: 1440,
// FreshExpireAfter: 5,
// TrustedHost: "example.com",
// SecretKey: "your-secret-key",
// DB: nil, // No database
// })
//
// When DB is nil, revocation features are disabled and token validation
// will not check the blacklist.
package jwt

129
jwt/generator.go
View File

@@ -1,8 +1,12 @@
package jwt package jwt
import ( import (
"context"
"database/sql" "database/sql"
"errors" "errors"
"time"
pkgerrors "github.com/pkg/errors"
) )
type TokenGenerator struct { type TokenGenerator struct {
@@ -11,52 +15,121 @@ type TokenGenerator struct {
freshExpireAfter int64 // Token freshness expiry time in minutes freshExpireAfter int64 // Token freshness expiry time in minutes
trustedHost string // Trusted hostname to use for the tokens trustedHost string // Trusted hostname to use for the tokens
secretKey string // Secret key to use for token hashing secretKey string // Secret key to use for token hashing
dbConn *sql.DB // Database handle for token blacklisting beginTx BeginTX // Database transaction getter for token blacklisting
tableConfig TableConfig // Table configuration
tableManager *TableManager // Table lifecycle manager
}
// GeneratorConfig holds configuration for creating a TokenGenerator.
type GeneratorConfig struct {
// AccessExpireAfter is the access token expiry time in minutes.
AccessExpireAfter int64
// RefreshExpireAfter is the refresh token expiry time in minutes.
RefreshExpireAfter int64
// FreshExpireAfter is the token freshness expiry time in minutes.
FreshExpireAfter int64
// TrustedHost is the trusted hostname to use for the tokens.
TrustedHost string
// SecretKey is the secret key to use for token hashing.
SecretKey string
// DB is the database connection. Can be nil to disable token revocation.
// When using ORMs like GORM or Bun, pass the underlying *sql.DB.
DB *sql.DB
// DBType specifies the database type and version for proper table management.
// Only required if DB is not nil.
DBType DatabaseType
// TableConfig configures the blacklist table name and behavior.
// Only required if DB is not nil.
TableConfig TableConfig
} }
// CreateGenerator creates and returns a new TokenGenerator using the provided configuration. // CreateGenerator creates and returns a new TokenGenerator using the provided configuration.
// All expiry times should be provided in minutes. func CreateGenerator(config GeneratorConfig, txGetter BeginTX) (gen *TokenGenerator, err error) {
// trustedHost and secretKey strings must be provided. if config.AccessExpireAfter <= 0 {
// dbConn can be nil, but doing this will disable token revocation
func CreateGenerator(
accessExpireAfter int64,
refreshExpireAfter int64,
freshExpireAfter int64,
trustedHost string,
secretKey string,
dbConn *sql.DB,
) (gen *TokenGenerator, err error) {
if accessExpireAfter <= 0 {
return nil, errors.New("accessExpireAfter must be greater than 0") return nil, errors.New("accessExpireAfter must be greater than 0")
} }
if refreshExpireAfter <= 0 { if config.RefreshExpireAfter <= 0 {
return nil, errors.New("refreshExpireAfter must be greater than 0") return nil, errors.New("refreshExpireAfter must be greater than 0")
} }
if freshExpireAfter <= 0 { if config.FreshExpireAfter <= 0 {
return nil, errors.New("freshExpireAfter must be greater than 0") return nil, errors.New("freshExpireAfter must be greater than 0")
} }
if trustedHost == "" { if config.TrustedHost == "" {
return nil, errors.New("trustedHost cannot be an empty string") return nil, errors.New("trustedHost cannot be an empty string")
} }
if secretKey == "" { if config.SecretKey == "" {
return nil, errors.New("secretKey cannot be an empty string") return nil, errors.New("secretKey cannot be an empty string")
} }
if dbConn != nil { var tableManager *TableManager
err := dbConn.Ping() if config.DB != nil {
// Create table manager
tableManager = NewTableManager(config.DB, config.DBType, config.TableConfig)
// Create table if AutoCreate is enabled
if config.TableConfig.AutoCreate {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
err = tableManager.CreateTable(ctx)
if err != nil { if err != nil {
return nil, errors.New("Failed to ping database") return nil, pkgerrors.Wrap(err, "failed to create blacklist table")
}
}
// Setup automatic cleanup if enabled
if config.TableConfig.EnableAutoCleanup {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
err = tableManager.SetupAutoCleanup(ctx)
if err != nil {
return nil, pkgerrors.Wrap(err, "failed to setup automatic cleanup")
}
} }
// TODO: check if jwtblacklist table exists
// TODO: create jwtblacklist table if not existing
} }
return &TokenGenerator{ return &TokenGenerator{
accessExpireAfter: accessExpireAfter, accessExpireAfter: config.AccessExpireAfter,
refreshExpireAfter: refreshExpireAfter, refreshExpireAfter: config.RefreshExpireAfter,
freshExpireAfter: freshExpireAfter, freshExpireAfter: config.FreshExpireAfter,
trustedHost: trustedHost, trustedHost: config.TrustedHost,
secretKey: secretKey, secretKey: config.SecretKey,
dbConn: dbConn, beginTx: txGetter,
tableConfig: config.TableConfig,
tableManager: tableManager,
}, nil }, nil
} }
// Cleanup manually removes expired tokens from the blacklist table.
// This method should be called periodically if automatic cleanup is not enabled,
// or can be called on-demand regardless of automatic cleanup settings.
func (gen *TokenGenerator) Cleanup(ctx context.Context) error {
if gen.beginTx == nil {
return errors.New("No DB provided, unable to use this function")
}
tx, err := gen.beginTx(ctx)
if err != nil {
return pkgerrors.Wrap(err, "failed to begin transaction")
}
tableName := gen.tableConfig.TableName
currentTime := time.Now().Unix()
query := "DELETE FROM " + tableName + " WHERE exp < ?"
_, err = tx.Exec(query, currentTime)
if err != nil {
return pkgerrors.Wrap(err, "failed to cleanup expired tokens")
}
return nil
}

186
jwt/generator_test.go
View File

@@ -1,6 +1,7 @@
package jwt package jwt
import ( import (
"context"
"testing" "testing"
"github.com/DATA-DOG/go-sqlmock" "github.com/DATA-DOG/go-sqlmock"
@@ -8,14 +9,16 @@ import (
) )
func TestCreateGenerator_Success_NoDB(t *testing.T) { func TestCreateGenerator_Success_NoDB(t *testing.T) {
gen, err := CreateGenerator( gen, err := CreateGenerator(GeneratorConfig{
15, AccessExpireAfter: 15,
60, RefreshExpireAfter: 60,
5, FreshExpireAfter: 5,
"example.com", TrustedHost: "example.com",
"secret", SecretKey: "secret",
nil, DB: nil,
) DBType: DatabaseType{Type: DatabasePostgreSQL, Version: "15"},
TableConfig: DefaultTableConfig(),
}, nil)
require.NoError(t, err) require.NoError(t, err)
require.NotNil(t, gen) require.NotNil(t, gen)
@@ -26,14 +29,62 @@ func TestCreateGenerator_Success_WithDB(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
defer db.Close() defer db.Close()
gen, err := CreateGenerator( config := DefaultTableConfig()
15, config.AutoCreate = false
60, config.EnableAutoCleanup = false
5,
"example.com", txGetter := func(ctx context.Context) (DBTransaction, error) {
"secret", return db.Begin()
db, }
)
gen, err := CreateGenerator(GeneratorConfig{
AccessExpireAfter: 15,
RefreshExpireAfter: 60,
FreshExpireAfter: 5,
TrustedHost: "example.com",
SecretKey: "secret",
DB: db,
DBType: DatabaseType{Type: DatabasePostgreSQL, Version: "15"},
TableConfig: config,
}, txGetter)
require.NoError(t, err)
require.NotNil(t, gen)
require.NoError(t, mock.ExpectationsWereMet())
}
func TestCreateGenerator_WithDB_AutoCreate(t *testing.T) {
db, mock, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
// Mock table doesn't exist
mock.ExpectQuery("SELECT 1 FROM information_schema.tables").
WithArgs("jwtblacklist").
WillReturnRows(sqlmock.NewRows([]string{"1"}))
// Mock CREATE TABLE
mock.ExpectExec("CREATE TABLE IF NOT EXISTS jwtblacklist").
WillReturnResult(sqlmock.NewResult(0, 0))
// Mock cleanup function creation
mock.ExpectExec("CREATE OR REPLACE FUNCTION cleanup_jwtblacklist").
WillReturnResult(sqlmock.NewResult(0, 0))
txGetter := func(ctx context.Context) (DBTransaction, error) {
return db.Begin()
}
gen, err := CreateGenerator(GeneratorConfig{
AccessExpireAfter: 15,
RefreshExpireAfter: 60,
FreshExpireAfter: 5,
TrustedHost: "example.com",
SecretKey: "secret",
DB: db,
DBType: DatabaseType{Type: DatabasePostgreSQL, Version: "15"},
TableConfig: DefaultTableConfig(),
}, txGetter)
require.NoError(t, err) require.NoError(t, err)
require.NotNil(t, gen) require.NotNil(t, gen)
@@ -43,48 +94,117 @@ func TestCreateGenerator_Success_WithDB(t *testing.T) {
func TestCreateGenerator_InvalidInputs(t *testing.T) { func TestCreateGenerator_InvalidInputs(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
fn func() error config GeneratorConfig
}{ }{
{ {
"access expiry <= 0", "access expiry <= 0",
func() error { GeneratorConfig{
_, err := CreateGenerator(0, 1, 1, "h", "s", nil) AccessExpireAfter: 0,
return err RefreshExpireAfter: 1,
FreshExpireAfter: 1,
TrustedHost: "h",
SecretKey: "s",
}, },
}, },
{ {
"refresh expiry <= 0", "refresh expiry <= 0",
func() error { GeneratorConfig{
_, err := CreateGenerator(1, 0, 1, "h", "s", nil) AccessExpireAfter: 1,
return err RefreshExpireAfter: 0,
FreshExpireAfter: 1,
TrustedHost: "h",
SecretKey: "s",
}, },
}, },
{ {
"fresh expiry <= 0", "fresh expiry <= 0",
func() error { GeneratorConfig{
_, err := CreateGenerator(1, 1, 0, "h", "s", nil) AccessExpireAfter: 1,
return err RefreshExpireAfter: 1,
FreshExpireAfter: 0,
TrustedHost: "h",
SecretKey: "s",
}, },
}, },
{ {
"empty trustedHost", "empty trustedHost",
func() error { GeneratorConfig{
_, err := CreateGenerator(1, 1, 1, "", "s", nil) AccessExpireAfter: 1,
return err RefreshExpireAfter: 1,
FreshExpireAfter: 1,
TrustedHost: "",
SecretKey: "s",
}, },
}, },
{ {
"empty secretKey", "empty secretKey",
func() error { GeneratorConfig{
_, err := CreateGenerator(1, 1, 1, "h", "", nil) AccessExpireAfter: 1,
return err RefreshExpireAfter: 1,
FreshExpireAfter: 1,
TrustedHost: "h",
SecretKey: "",
}, },
}, },
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
require.Error(t, tt.fn()) _, err := CreateGenerator(tt.config, nil)
require.Error(t, err)
}) })
} }
} }
func TestCleanup_NoDB(t *testing.T) {
gen, err := CreateGenerator(GeneratorConfig{
AccessExpireAfter: 15,
RefreshExpireAfter: 60,
FreshExpireAfter: 5,
TrustedHost: "example.com",
SecretKey: "secret",
DB: nil,
DBType: DatabaseType{Type: DatabasePostgreSQL, Version: "15"},
TableConfig: DefaultTableConfig(),
}, nil)
require.NoError(t, err)
err = gen.Cleanup(context.Background())
require.Error(t, err)
require.Contains(t, err.Error(), "No DB provided")
}
func TestCleanup_Success(t *testing.T) {
db, mock, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
config := DefaultTableConfig()
config.AutoCreate = false
config.EnableAutoCleanup = false
txGetter := func(ctx context.Context) (DBTransaction, error) {
return db.Begin()
}
gen, err := CreateGenerator(GeneratorConfig{
AccessExpireAfter: 15,
RefreshExpireAfter: 60,
FreshExpireAfter: 5,
TrustedHost: "example.com",
SecretKey: "secret",
DB: db,
DBType: DatabaseType{Type: DatabasePostgreSQL, Version: "15"},
TableConfig: config,
}, txGetter)
require.NoError(t, err)
// Mock transaction begin and DELETE query
mock.ExpectBegin()
mock.ExpectExec("DELETE FROM jwtblacklist WHERE exp").
WillReturnResult(sqlmock.NewResult(0, 5))
err = gen.Cleanup(context.Background())
require.NoError(t, err)
require.NoError(t, mock.ExpectationsWereMet())
}

46
jwt/revoke.go
View File

@@ -1,38 +1,54 @@
package jwt package jwt
import ( import (
"database/sql" "fmt"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
// Revoke a token by adding it to the database // revoke is an internal method that adds a token to the blacklist database.
func (gen *TokenGenerator) revoke(tx *sql.Tx, t Token) error { // Once revoked, the token will fail validation checks even if it hasn't expired.
if gen.dbConn == nil { // This operation must be performed within a database transaction.
func (gen *TokenGenerator) revoke(tx DBTransaction, t Token) error {
if gen.beginTx == nil {
return errors.New("No DB provided, unable to use this function") return errors.New("No DB provided, unable to use this function")
} }
tableName := gen.tableConfig.TableName
jti := t.GetJTI() jti := t.GetJTI()
exp := t.GetEXP() exp := t.GetEXP()
query := `INSERT INTO jwtblacklist (jti, exp) VALUES (?, ?)` sub := t.GetSUB()
_, err := tx.Exec(query, jti, exp)
query := fmt.Sprintf("INSERT INTO %s (jti, exp, sub) VALUES (?, ?, ?)", tableName)
_, err := tx.Exec(query, jti.String(), exp, sub)
if err != nil { if err != nil {
return errors.Wrap(err, "tx.Exec") return errors.Wrap(err, "tx.ExecContext")
} }
return nil return nil
} }
// Check if a token has been revoked. Returns true if not revoked. // checkNotRevoked is an internal method that queries the blacklist to verify
func (gen *TokenGenerator) checkNotRevoked(tx *sql.Tx, t Token) (bool, error) { // a token hasn't been revoked. Returns true if the token is valid (not blacklisted),
if gen.dbConn == nil { // false if it has been revoked. This operation must be performed within a database transaction.
func (gen *TokenGenerator) checkNotRevoked(tx DBTransaction, t Token) (bool, error) {
if gen.beginTx == nil {
return false, errors.New("No DB provided, unable to use this function") return false, errors.New("No DB provided, unable to use this function")
} }
tableName := gen.tableConfig.TableName
jti := t.GetJTI() jti := t.GetJTI()
query := `SELECT 1 FROM jwtblacklist WHERE jti = ? LIMIT 1`
rows, err := tx.Query(query, jti) query := fmt.Sprintf("SELECT 1 FROM %s WHERE jti = ? LIMIT 1", tableName)
rows, err := tx.Query(query, jti.String())
if err != nil { if err != nil {
return false, errors.Wrap(err, "tx.Query") return false, errors.Wrap(err, "tx.QueryContext")
} }
defer rows.Close() defer rows.Close()
revoked := rows.Next()
return !revoked, nil exists := rows.Next()
if err := rows.Err(); err != nil {
return false, errors.Wrap(err, "rows iteration")
}
return !exists, nil
} }

63
jwt/revoke_test.go
View File

@@ -12,19 +12,48 @@ import (
) )
func newGeneratorWithNoDB(t *testing.T) *TokenGenerator { func newGeneratorWithNoDB(t *testing.T) *TokenGenerator {
gen, err := CreateGenerator( gen, err := CreateGenerator(GeneratorConfig{
15, AccessExpireAfter: 15,
60, RefreshExpireAfter: 60,
5, FreshExpireAfter: 5,
"example.com", TrustedHost: "example.com",
"supersecret", SecretKey: "supersecret",
nil, DB: nil,
) DBType: DatabaseType{Type: DatabasePostgreSQL, Version: "15"},
TableConfig: DefaultTableConfig(),
}, nil)
require.NoError(t, err) require.NoError(t, err)
return gen return gen
} }
func newGeneratorWithMockDB(t *testing.T) (*TokenGenerator, *sql.DB, sqlmock.Sqlmock, func()) {
db, mock, err := sqlmock.New()
require.NoError(t, err)
config := DefaultTableConfig()
config.AutoCreate = false
config.EnableAutoCleanup = false
txGetter := func(ctx context.Context) (DBTransaction, error) {
return db.Begin()
}
gen, err := CreateGenerator(GeneratorConfig{
AccessExpireAfter: 15,
RefreshExpireAfter: 60,
FreshExpireAfter: 5,
TrustedHost: "example.com",
SecretKey: "supersecret",
DB: db,
DBType: DatabaseType{Type: DatabasePostgreSQL, Version: "15"},
TableConfig: config,
}, txGetter)
require.NoError(t, err)
return gen, db, mock, func() { db.Close() }
}
func TestNoDBFail(t *testing.T) { func TestNoDBFail(t *testing.T) {
jti := uuid.New() jti := uuid.New()
exp := time.Now().Add(time.Hour).Unix() exp := time.Now().Add(time.Hour).Unix()
@@ -32,42 +61,48 @@ func TestNoDBFail(t *testing.T) {
token := AccessToken{ token := AccessToken{
JTI: jti, JTI: jti,
EXP: exp, EXP: exp,
SUB: 42,
gen: &TokenGenerator{}, gen: &TokenGenerator{},
} }
// Create a nil transaction (can't revoke without DB)
var tx *sql.Tx = nil
// Revoke should fail due to no DB // Revoke should fail due to no DB
err := token.Revoke(&sql.Tx{}) err := token.Revoke(tx)
require.Error(t, err) require.Error(t, err)
// CheckNotRevoked should fail // CheckNotRevoked should fail
_, err = token.CheckNotRevoked(&sql.Tx{}) _, err = token.CheckNotRevoked(tx)
require.Error(t, err) require.Error(t, err)
} }
func TestRevokeAndCheckNotRevoked(t *testing.T) { func TestRevokeAndCheckNotRevoked(t *testing.T) {
gen, mock, cleanup := newGeneratorWithMockDB(t) gen, db, mock, cleanup := newGeneratorWithMockDB(t)
defer cleanup() defer cleanup()
jti := uuid.New() jti := uuid.New()
exp := time.Now().Add(time.Hour).Unix() exp := time.Now().Add(time.Hour).Unix()
sub := 42
token := AccessToken{ token := AccessToken{
JTI: jti, JTI: jti,
EXP: exp, EXP: exp,
SUB: sub,
gen: gen, gen: gen,
} }
// Revoke expectations // Revoke expectations
mock.ExpectBegin() mock.ExpectBegin()
mock.ExpectExec(`INSERT INTO jwtblacklist`). mock.ExpectExec(`INSERT INTO jwtblacklist`).
WithArgs(jti, exp). WithArgs(jti.String(), exp, sub).
WillReturnResult(sqlmock.NewResult(1, 1)) WillReturnResult(sqlmock.NewResult(1, 1))
mock.ExpectQuery(`SELECT 1 FROM jwtblacklist`). mock.ExpectQuery(`SELECT 1 FROM jwtblacklist`).
WithArgs(jti). WithArgs(jti.String()).
WillReturnRows(sqlmock.NewRows([]string{"1"}).AddRow(1)) WillReturnRows(sqlmock.NewRows([]string{"1"}).AddRow(1))
mock.ExpectCommit() mock.ExpectCommit()
tx, err := gen.dbConn.BeginTx(context.Background(), nil) tx, err := db.Begin()
defer tx.Rollback() defer tx.Rollback()
require.NoError(t, err) require.NoError(t, err)

212
jwt/tablemanager.go Normal file
View File

@@ -0,0 +1,212 @@
package jwt
import (
"context"
"database/sql"
"fmt"
"github.com/pkg/errors"
)
// TableManager handles table creation, existence checks, and cleanup configuration.
type TableManager struct {
dbType DatabaseType
tableConfig TableConfig
db *sql.DB
}
// NewTableManager creates a new TableManager instance.
func NewTableManager(db *sql.DB, dbType DatabaseType, config TableConfig) *TableManager {
return &TableManager{
dbType: dbType,
tableConfig: config,
db: db,
}
}
// CreateTable creates the blacklist table if it doesn't exist.
func (tm *TableManager) CreateTable(ctx context.Context) error {
exists, err := tm.tableExists(ctx)
if err != nil {
return errors.Wrap(err, "failed to check if table exists")
}
if exists {
return nil // Table already exists
}
createSQL, err := tm.getCreateTableSQL()
if err != nil {
return err
}
_, err = tm.db.ExecContext(ctx, createSQL)
if err != nil {
return errors.Wrapf(err, "failed to create table %s", tm.tableConfig.TableName)
}
return nil
}
// tableExists checks if the blacklist table exists in the database.
func (tm *TableManager) tableExists(ctx context.Context) (bool, error) {
tableName := tm.tableConfig.TableName
var query string
var args []interface{}
switch tm.dbType.Type {
case DatabasePostgreSQL:
query = `
SELECT 1 FROM information_schema.tables
WHERE table_schema = 'public'
AND table_name = $1
`
args = []interface{}{tableName}
case DatabaseMySQL, DatabaseMariaDB:
query = `
SELECT 1 FROM information_schema.tables
WHERE table_schema = DATABASE()
AND table_name = ?
`
args = []interface{}{tableName}
case DatabaseSQLite:
query = `
SELECT 1 FROM sqlite_master
WHERE type = 'table'
AND name = ?
`
args = []interface{}{tableName}
default:
return false, errors.Errorf("unsupported database type: %s", tm.dbType.Type)
}
rows, err := tm.db.QueryContext(ctx, query, args...)
if err != nil {
return false, errors.Wrap(err, "failed to check table existence")
}
defer rows.Close()
return rows.Next(), nil
}
// getCreateTableSQL returns the CREATE TABLE statement for the given database type.
func (tm *TableManager) getCreateTableSQL() (string, error) {
tableName := tm.tableConfig.TableName
switch tm.dbType.Type {
case DatabasePostgreSQL:
return fmt.Sprintf(`
CREATE TABLE IF NOT EXISTS %s (
jti UUID PRIMARY KEY,
exp BIGINT NOT NULL,
sub INTEGER NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
CREATE INDEX IF NOT EXISTS idx_%s_exp ON %s(exp);
CREATE INDEX IF NOT EXISTS idx_%s_sub ON %s(sub);
`, tableName, tableName, tableName, tableName, tableName), nil
case DatabaseMySQL, DatabaseMariaDB:
return fmt.Sprintf(`
CREATE TABLE IF NOT EXISTS %s (
jti CHAR(36) PRIMARY KEY,
exp BIGINT NOT NULL,
sub INT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
INDEX idx_exp (exp),
INDEX idx_sub (sub)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
`, tableName), nil
case DatabaseSQLite:
return fmt.Sprintf(`
CREATE TABLE IF NOT EXISTS %s (
jti TEXT PRIMARY KEY,
exp INTEGER NOT NULL,
sub INTEGER NOT NULL,
created_at INTEGER DEFAULT (strftime('%%s', 'now'))
);
CREATE INDEX IF NOT EXISTS idx_%s_exp ON %s(exp);
CREATE INDEX IF NOT EXISTS idx_%s_sub ON %s(sub);
`, tableName, tableName, tableName, tableName, tableName), nil
default:
return "", errors.Errorf("unsupported database type: %s", tm.dbType.Type)
}
}
// SetupAutoCleanup configures database-native automatic cleanup of expired tokens.
func (tm *TableManager) SetupAutoCleanup(ctx context.Context) error {
if !tm.tableConfig.EnableAutoCleanup {
return nil
}
switch tm.dbType.Type {
case DatabasePostgreSQL:
return tm.setupPostgreSQLCleanup(ctx)
case DatabaseMySQL, DatabaseMariaDB:
return tm.setupMySQLCleanup(ctx)
case DatabaseSQLite:
// SQLite doesn't support automatic cleanup
return nil
default:
return errors.Errorf("unsupported database type: %s", tm.dbType.Type)
}
}
// setupPostgreSQLCleanup creates a cleanup function for PostgreSQL.
// Note: This creates a function but does not schedule it. You need to use pg_cron
// or an external scheduler to call this function periodically.
func (tm *TableManager) setupPostgreSQLCleanup(ctx context.Context) error {
tableName := tm.tableConfig.TableName
functionName := fmt.Sprintf("cleanup_%s", tableName)
createFunctionSQL := fmt.Sprintf(`
CREATE OR REPLACE FUNCTION %s()
RETURNS void AS $$
BEGIN
DELETE FROM %s WHERE exp < EXTRACT(EPOCH FROM NOW());
END;
$$ LANGUAGE plpgsql;
`, functionName, tableName)
_, err := tm.db.ExecContext(ctx, createFunctionSQL)
if err != nil {
return errors.Wrap(err, "failed to create cleanup function")
}
// Note: Actual scheduling requires pg_cron extension or external tools
// Users should call this function periodically using:
// SELECT cleanup_jwtblacklist();
return nil
}
// setupMySQLCleanup creates a MySQL event for automatic cleanup.
// Note: Requires event_scheduler to be enabled in MySQL/MariaDB configuration.
func (tm *TableManager) setupMySQLCleanup(ctx context.Context) error {
tableName := tm.tableConfig.TableName
eventName := fmt.Sprintf("cleanup_%s_event", tableName)
interval := tm.tableConfig.CleanupInterval
// Drop existing event if it exists
dropEventSQL := fmt.Sprintf("DROP EVENT IF EXISTS %s", eventName)
_, err := tm.db.ExecContext(ctx, dropEventSQL)
if err != nil {
return errors.Wrap(err, "failed to drop existing event")
}
// Create new event
createEventSQL := fmt.Sprintf(`
CREATE EVENT %s
ON SCHEDULE EVERY %d HOUR
DO
DELETE FROM %s WHERE exp < UNIX_TIMESTAMP()
`, eventName, interval, tableName)
_, err = tm.db.ExecContext(ctx, createEventSQL)
if err != nil {
return errors.Wrapf(err, "failed to create cleanup event (ensure event_scheduler is enabled)")
}
return nil
}

221
jwt/tablemanager_test.go Normal file
View File

@@ -0,0 +1,221 @@
package jwt
import (
"context"
"testing"
"github.com/DATA-DOG/go-sqlmock"
"github.com/stretchr/testify/require"
)
func TestNewTableManager(t *testing.T) {
db, _, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: DatabasePostgreSQL, Version: "15"}
config := DefaultTableConfig()
tm := NewTableManager(db, dbType, config)
require.NotNil(t, tm)
}
func TestGetCreateTableSQL_PostgreSQL(t *testing.T) {
db, _, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: DatabasePostgreSQL, Version: "15"}
config := DefaultTableConfig()
tm := NewTableManager(db, dbType, config)
sql, err := tm.getCreateTableSQL()
require.NoError(t, err)
require.Contains(t, sql, "CREATE TABLE IF NOT EXISTS jwtblacklist")
require.Contains(t, sql, "jti UUID PRIMARY KEY")
require.Contains(t, sql, "exp BIGINT NOT NULL")
require.Contains(t, sql, "sub INTEGER NOT NULL")
require.Contains(t, sql, "CREATE INDEX IF NOT EXISTS idx_jwtblacklist_exp")
require.Contains(t, sql, "CREATE INDEX IF NOT EXISTS idx_jwtblacklist_sub")
}
func TestGetCreateTableSQL_MySQL(t *testing.T) {
db, _, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: DatabaseMySQL, Version: "8.0"}
config := DefaultTableConfig()
tm := NewTableManager(db, dbType, config)
sql, err := tm.getCreateTableSQL()
require.NoError(t, err)
require.Contains(t, sql, "CREATE TABLE IF NOT EXISTS jwtblacklist")
require.Contains(t, sql, "jti CHAR(36) PRIMARY KEY")
require.Contains(t, sql, "exp BIGINT NOT NULL")
require.Contains(t, sql, "sub INT NOT NULL")
require.Contains(t, sql, "INDEX idx_exp")
require.Contains(t, sql, "ENGINE=InnoDB")
}
func TestGetCreateTableSQL_SQLite(t *testing.T) {
db, _, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: DatabaseSQLite, Version: "3.42"}
config := DefaultTableConfig()
tm := NewTableManager(db, dbType, config)
sql, err := tm.getCreateTableSQL()
require.NoError(t, err)
require.Contains(t, sql, "CREATE TABLE IF NOT EXISTS jwtblacklist")
require.Contains(t, sql, "jti TEXT PRIMARY KEY")
require.Contains(t, sql, "exp INTEGER NOT NULL")
require.Contains(t, sql, "sub INTEGER NOT NULL")
}
func TestGetCreateTableSQL_CustomTableName(t *testing.T) {
db, _, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: DatabasePostgreSQL, Version: "15"}
config := TableConfig{
TableName: "custom_blacklist",
AutoCreate: true,
EnableAutoCleanup: false,
CleanupInterval: 24,
}
tm := NewTableManager(db, dbType, config)
sql, err := tm.getCreateTableSQL()
require.NoError(t, err)
require.Contains(t, sql, "CREATE TABLE IF NOT EXISTS custom_blacklist")
require.Contains(t, sql, "CREATE INDEX IF NOT EXISTS idx_custom_blacklist_exp")
}
func TestGetCreateTableSQL_UnsupportedDB(t *testing.T) {
db, _, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: "unsupported", Version: "1.0"}
config := DefaultTableConfig()
tm := NewTableManager(db, dbType, config)
sql, err := tm.getCreateTableSQL()
require.Error(t, err)
require.Empty(t, sql)
require.Contains(t, err.Error(), "unsupported database type")
}
func TestTableExists_PostgreSQL(t *testing.T) {
db, mock, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: DatabasePostgreSQL, Version: "15"}
config := DefaultTableConfig()
tm := NewTableManager(db, dbType, config)
// Test table exists
mock.ExpectQuery("SELECT 1 FROM information_schema.tables").
WithArgs("jwtblacklist").
WillReturnRows(sqlmock.NewRows([]string{"1"}).AddRow(1))
exists, err := tm.tableExists(context.Background())
require.NoError(t, err)
require.True(t, exists)
// Test table doesn't exist
mock.ExpectQuery("SELECT 1 FROM information_schema.tables").
WithArgs("jwtblacklist").
WillReturnRows(sqlmock.NewRows([]string{"1"}))
exists, err = tm.tableExists(context.Background())
require.NoError(t, err)
require.False(t, exists)
require.NoError(t, mock.ExpectationsWereMet())
}
func TestCreateTable_AlreadyExists(t *testing.T) {
db, mock, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: DatabasePostgreSQL, Version: "15"}
config := DefaultTableConfig()
tm := NewTableManager(db, dbType, config)
// Mock table exists check
mock.ExpectQuery("SELECT 1 FROM information_schema.tables").
WithArgs("jwtblacklist").
WillReturnRows(sqlmock.NewRows([]string{"1"}).AddRow(1))
err = tm.CreateTable(context.Background())
require.NoError(t, err)
require.NoError(t, mock.ExpectationsWereMet())
}
func TestCreateTable_Success(t *testing.T) {
db, mock, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: DatabasePostgreSQL, Version: "15"}
config := DefaultTableConfig()
tm := NewTableManager(db, dbType, config)
// Mock table doesn't exist
mock.ExpectQuery("SELECT 1 FROM information_schema.tables").
WithArgs("jwtblacklist").
WillReturnRows(sqlmock.NewRows([]string{"1"}))
// Mock CREATE TABLE
mock.ExpectExec("CREATE TABLE IF NOT EXISTS jwtblacklist").
WillReturnResult(sqlmock.NewResult(0, 0))
err = tm.CreateTable(context.Background())
require.NoError(t, err)
require.NoError(t, mock.ExpectationsWereMet())
}
func TestSetupAutoCleanup_Disabled(t *testing.T) {
db, mock, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: DatabasePostgreSQL, Version: "15"}
config := TableConfig{
TableName: "jwtblacklist",
AutoCreate: true,
EnableAutoCleanup: false,
CleanupInterval: 24,
}
tm := NewTableManager(db, dbType, config)
err = tm.SetupAutoCleanup(context.Background())
require.NoError(t, err)
require.NoError(t, mock.ExpectationsWereMet())
}
func TestSetupAutoCleanup_SQLite(t *testing.T) {
db, mock, err := sqlmock.New()
require.NoError(t, err)
defer db.Close()
dbType := DatabaseType{Type: DatabaseSQLite, Version: "3.42"}
config := DefaultTableConfig()
tm := NewTableManager(db, dbType, config)
// SQLite doesn't support auto-cleanup, should return nil
err = tm.SetupAutoCleanup(context.Background())
require.NoError(t, err)
require.NoError(t, mock.ExpectationsWereMet())
}

30
jwt/tokengen.go
View File

@@ -8,7 +8,21 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
) )
// Generates an access token for the provided subject // NewAccess generates a new JWT access token for the specified subject (user).
//
// Parameters:
// - subjectID: The user ID or subject identifier to associate with the token
// - fresh: If true, marks the token as "fresh" for sensitive operations.
// Fresh tokens are typically required for actions like changing passwords
// or email addresses. The token remains fresh until FreshExpireAfter minutes.
// - rememberMe: If true, the token is persistent (TTL="exp") and will be stored
// with an expiration date. If false, it's session-only (TTL="session") and
// expires when the browser closes.
//
// Returns:
// - tokenString: The signed JWT token string
// - expiresIn: Unix timestamp when the token expires
// - err: Any error encountered during token generation
func (gen *TokenGenerator) NewAccess( func (gen *TokenGenerator) NewAccess(
subjectID int, subjectID int,
fresh bool, fresh bool,
@@ -47,7 +61,19 @@ func (gen *TokenGenerator) NewAccess(
return signedToken, expiresAt, nil return signedToken, expiresAt, nil
} }
// Generates a refresh token for the provided user // NewRefresh generates a new JWT refresh token for the specified subject (user).
// Refresh tokens are used to obtain new access tokens without re-authentication.
//
// Parameters:
// - subjectID: The user ID or subject identifier to associate with the token
// - rememberMe: If true, the token is persistent (TTL="exp") and will be stored
// with an expiration date. If false, it's session-only (TTL="session") and
// expires when the browser closes.
//
// Returns:
// - tokenStr: The signed JWT token string
// - exp: Unix timestamp when the token expires
// - err: Any error encountered during token generation
func (gen *TokenGenerator) NewRefresh( func (gen *TokenGenerator) NewRefresh(
subjectID int, subjectID int,
rememberMe bool, rememberMe bool,

Some files were not shown because too many files have changed in this diff Show More