h/projectreshoot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #20 from Haelnorr/development

Browse Source 
General fixes and minor updates
This commit is contained in:
Haelnorr
2025-02-22 20:35:12 +11:00
committed by GitHub
parent 87b0e4385f f34c1c11aa
commit 6849e65334
26 changed files with 142 additions and 312 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/deploy_production.yaml vendored
View File

@@ -33,11 +33,15 @@ jobs:
- name: Build the binary
run: make build SUFFIX=-production-$GITHUB_SHA
- name: Build the migration binary
run: make migrate SUFFIX=-production-$GITHUB_SHA
- name: Deploy to Server
env:
USER: deploy
HOST: projectreshoot.com
DIR: /home/deploy/releases/production
MIG_DIR: /home/deploy/migration-bin
DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
run: |
mkdir -p ~/.ssh
@@ -49,7 +53,13 @@ jobs:
echo " UserKnownHostsFile /dev/null" >> ~/.ssh/config
ssh -i ~/.ssh/id_ed25519 $USER@$HOST mkdir -p $DIR
scp -i ~/.ssh/id_ed25519 projectreshoot-production-${GITHUB_SHA} $USER@$HOST:$DIR
ssh -i ~/.ssh/id_ed25519 $USER@$HOST 'bash -s' < ./deploy/deploy_production.sh $GITHUB_SHA
ssh -i ~/.ssh/id_ed25519 $USER@$HOST mkdir -p $MIG_DIR
scp -i ~/.ssh/id_ed25519 prmigrate-production-${GITHUB_SHA} $USER@$HOST:$MIG_DIR
scp -i ~/.ssh/id_ed25519 ./deploy/db/backup.sh $USER@$HOST:$MIG_DIR
scp -i ~/.ssh/id_ed25519 ./deploy/db/migrate.sh $USER@$HOST:$MIG_DIR
scp -i ~/.ssh/id_ed25519 ./deploy/db/migrationcleanup.sh $USER@$HOST:$MIG_DIR
ssh -i ~/.ssh/id_ed25519 $USER@$HOST 'bash -s' < ./deploy/deploy.sh $GITHUB_SHA production

28
db/user_functions.go
View File

@@ -56,21 +56,21 @@ func fetchUserData(
return rows, nil
}
// Scan the next row into the provided user pointer. Calls rows.Next() and
// assumes only row in the result. Providing a rows object with more than 1
// row may result in undefined behaviour.
// Calls rows.Next() and scans the row into the provided user pointer.
// Will error if no row available
func scanUserRow(user *User, rows *sql.Rows) error {
for rows.Next() {
err := rows.Scan(
&user.ID,
&user.Username,
&user.Password_hash,
&user.Created_at,
&user.Bio,
)
if err != nil {
return errors.Wrap(err, "rows.Scan")
}
if !rows.Next() {
return errors.New("User not found")
}
err := rows.Scan(
&user.ID,
&user.Username,
&user.Password_hash,
&user.Created_at,
&user.Bio,
)
if err != nil {
return errors.Wrap(err, "rows.Scan")
}
return nil
}

62
deploy/caddy/Caddyfile
View File

@@ -1,12 +1,58 @@
projectreshoot.com {
reverse_proxy localhost:3000 localhost:3001 localhost:3002 {
health_uri /healthz
fail_duration 30s
}
rate_limit {
zone auth {
match {
method POST
path /login /register
}
key {remote_host}
events 4
window 1m
}
zone client {
key {remote_host}
events 100
window 1m
}
}
reverse_proxy localhost:3000 localhost:3001 localhost:3002 {
transport http {
max_conns_per_host 10
}
health_uri /healthz
fail_duration 30s
}
log {
output file /var/log/caddy/access.log
}
}
staging.projectreshoot.com {
reverse_proxy localhost:3005 localhost:3006 localhost:3007 {
health_uri /healthz
fail_duration 30s
}
rate_limit {
zone auth {
match {
method POST
path /login /register
}
key {remote_host}
events 4
window 1m
}
zone client {
key {remote_host}
events 100
window 1m
}
}
reverse_proxy localhost:3005 localhost:3006 localhost:3007 {
transport http {
max_conns_per_host 10
}
health_uri /healthz
fail_duration 30s
}
log {
output file /var/log/caddy/access-staging.log
}
}

94
deploy/deploy_production.sh
View File

@@ -1,94 +0,0 @@
#!/bin/bash
# Exit on error
set -e
# Check if commit hash is passed as an argument
if [ -z "$1" ]; then
echo "Usage: $0 <commit-hash>"
exit 1
fi
COMMIT_HASH=$1
RELEASES_DIR="/home/deploy/releases/production"
DEPLOY_BIN="/home/deploy/production/projectreshoot"
SERVICE_NAME="projectreshoot"
BINARY_NAME="projectreshoot-production-${COMMIT_HASH}"
declare -a PORTS=("3000" "3001" "3002")
# Check if the binary exists
if [ ! -f "${RELEASES_DIR}/${BINARY_NAME}" ]; then
echo "Binary ${BINARY_NAME} not found in ${RELEASES_DIR}"
exit 1
fi
# Keep a reference to the previous binary from the symlink
if [ -L "${DEPLOY_BIN}" ]; then
PREVIOUS=$(readlink -f $DEPLOY_BIN)
echo "Current binary is ${PREVIOUS}, saved for rollback."
else
echo "No symbolic link found, no previous binary to backup."
PREVIOUS=""
fi
rollback_deployment() {
if [ -n "$PREVIOUS" ]; then
echo "Rolling back to previous binary: ${PREVIOUS}"
ln -sfn "${PREVIOUS}" "${DEPLOY_BIN}"
else
echo "No previous binary to roll back to."
fi
# wait to restart the services
sleep 10
# Restart all services with the previous binary
for port in "${PORTS[@]}"; do
SERVICE="${SERVICE_NAME}@${port}.service"
echo "Restarting $SERVICE..."
sudo systemctl restart $SERVICE
done
echo "Rollback completed."
}
# Copy the binary to the deployment directory
echo "Promoting ${BINARY_NAME} to ${DEPLOY_BIN}..."
ln -sf "${RELEASES_DIR}/${BINARY_NAME}" "${DEPLOY_BIN}"
WAIT_TIME=5
restart_service() {
local port=$1
local SERVICE="${SERVICE_NAME}@${port}.service"
echo "Restarting ${SERVICE}..."
# Restart the service
if ! sudo systemctl restart "$SERVICE"; then
echo "Error: Failed to restart ${SERVICE}. Rolling back deployment."
# Call the rollback function
rollback_deployment
exit 1
fi
# Wait a few seconds to allow the service to fully start
echo "Waiting for ${SERVICE} to fully start..."
sleep $WAIT_TIME
# Check the status of the service
if ! systemctl is-active --quiet "${SERVICE}"; then
echo "Error: ${SERVICE} failed to start correctly. Rolling back deployment."
# Call the rollback function
rollback_deployment
exit 1
fi
echo "${SERVICE}.service restarted successfully."
}
for port in "${PORTS[@]}"; do
restart_service $port
done
echo "Deployment completed successfully."

94
deploy/deploy_staging.sh
View File

@@ -1,94 +0,0 @@
#!/bin/bash
# Exit on error
set -e
# Check if commit hash is passed as an argument
if [ -z "$1" ]; then
echo "Usage: $0 <commit-hash>"
exit 1
fi
COMMIT_HASH=$1
RELEASES_DIR="/home/deploy/releases/staging"
DEPLOY_BIN="/home/deploy/staging/projectreshoot"
SERVICE_NAME="staging.projectreshoot"
BINARY_NAME="projectreshoot-staging-${COMMIT_HASH}"
declare -a PORTS=("3005" "3006" "3007")
# Check if the binary exists
if [ ! -f "${RELEASES_DIR}/${BINARY_NAME}" ]; then
echo "Binary ${BINARY_NAME} not found in ${RELEASES_DIR}"
exit 1
fi
# Keep a reference to the previous binary from the symlink
if [ -L "${DEPLOY_BIN}" ]; then
PREVIOUS=$(readlink -f $DEPLOY_BIN)
echo "Current binary is ${PREVIOUS}, saved for rollback."
else
echo "No symbolic link found, no previous binary to backup."
PREVIOUS=""
fi
rollback_deployment() {
if [ -n "$PREVIOUS" ]; then
echo "Rolling back to previous binary: ${PREVIOUS}"
ln -sfn "${PREVIOUS}" "${DEPLOY_BIN}"
else
echo "No previous binary to roll back to."
fi
# wait to restart the services
sleep 10
# Restart all services with the previous binary
for port in "${PORTS[@]}"; do
SERVICE="${SERVICE_NAME}@${port}.service"
echo "Restarting $SERVICE..."
sudo systemctl restart $SERVICE
done
echo "Rollback completed."
}
# Copy the binary to the deployment directory
echo "Promoting ${BINARY_NAME} to ${DEPLOY_BIN}..."
ln -sf "${RELEASES_DIR}/${BINARY_NAME}" "${DEPLOY_BIN}"
WAIT_TIME=5
restart_service() {
local port=$1
local SERVICE="${SERVICE_NAME}@${port}.service"
echo "Restarting ${SERVICE}..."
# Restart the service
if ! sudo systemctl restart "$SERVICE"; then
echo "Error: Failed to restart ${SERVICE}. Rolling back deployment."
# Call the rollback function
rollback_deployment
exit 1
fi
# Wait a few seconds to allow the service to fully start
echo "Waiting for ${SERVICE} to fully start..."
sleep $WAIT_TIME
# Check the status of the service
if ! systemctl is-active --quiet "${SERVICE}"; then
echo "Error: ${SERVICE} failed to start correctly. Rolling back deployment."
# Call the rollback function
rollback_deployment
exit 1
fi
echo "${SERVICE}.service restarted successfully."
}
for port in "${PORTS[@]}"; do
restart_service $port
done
echo "Deployment completed successfully."

2
go.mod
View File

@@ -1,6 +1,6 @@
module projectreshoot
go 1.23.5
go 1.24.0
require (
github.com/a-h/templ v0.3.833

12
handlers/account.go → handler/account.go
View File

@@ -1,4 +1,4 @@
package handlers
package handler
import (
"context"
@@ -16,7 +16,7 @@ import (
)
// Renders the account page on the 'General' subpage
func HandleAccountPage() http.Handler {
func AccountPage() http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("subpage")
@@ -30,7 +30,7 @@ func HandleAccountPage() http.Handler {
}
// Handles a request to change the subpage for the Accou/accountnt page
func HandleAccountSubpage() http.Handler {
func AccountSubpage() http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
@@ -42,7 +42,7 @@ func HandleAccountSubpage() http.Handler {
}
// Handles a request to change the users username
func HandleChangeUsername(
func ChangeUsername(
logger *zerolog.Logger,
conn *db.SafeConn,
) http.Handler {
@@ -88,7 +88,7 @@ func HandleChangeUsername(
}
// Handles a request to change the users bio
func HandleChangeBio(
func ChangeBio(
logger *zerolog.Logger,
conn *db.SafeConn,
) http.Handler {
@@ -144,7 +144,7 @@ func validateChangePassword(
}
// Handles a request to change the users password
func HandleChangePassword(
func ChangePassword(
logger *zerolog.Logger,
conn *db.SafeConn,
) http.Handler {

2
handlers/errorpage.go → handler/errorpage.go
View File

@@ -1,4 +1,4 @@
package handlers
package handler
import (
"net/http"

4
handlers/index.go → handler/index.go
View File

@@ -1,4 +1,4 @@
package handlers
package handler
import (
"net/http"
@@ -8,7 +8,7 @@ import (
// Handles responses to the / path. Also serves a 404 Page for paths that
// don't have explicit handlers
func HandleRoot() http.Handler {
func Root() http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/" {

6
handlers/login.go → handler/login.go
View File

@@ -1,4 +1,4 @@
package handlers
package handler
import (
"context"
@@ -49,7 +49,7 @@ func checkRememberMe(r *http.Request) bool {
// Handles an attempted login request. On success will return a HTMX redirect
// and on fail will return the login form again, passing the error to the
// template for user feedback
func HandleLoginRequest(
func LoginRequest(
config *config.Config,
logger *zerolog.Logger,
conn *db.SafeConn,
@@ -97,7 +97,7 @@ func HandleLoginRequest(
// Handles a request to view the login page. Will attempt to set "pagefrom"
// cookie so a successful login can redirect the user to the page they came
func HandleLoginPage(trustedHost string) http.Handler {
func LoginPage(trustedHost string) http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
cookies.SetPageFrom(w, r, trustedHost)

4
handlers/logout.go → handler/logout.go
View File

@@ -1,4 +1,4 @@
package handlers
package handler
import (
"context"
@@ -80,7 +80,7 @@ func revokeTokens(
}
// Handle a logout request
func HandleLogout(
func Logout(
config *config.Config,
logger *zerolog.Logger,
conn *db.SafeConn,

2
handlers/page.go → handler/page.go
View File

@@ -1,4 +1,4 @@
package handlers
package handler
import (
"net/http"

4
handlers/profile.go → handler/profile.go
View File

@@ -1,11 +1,11 @@
package handlers
package handler
import (
"net/http"
"projectreshoot/view/page"
)
func HandleProfilePage() http.Handler {
func ProfilePage() http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
page.Profile().Render(r.Context(), w)

4
handlers/reauthenticatate.go → handler/reauthenticatate.go
View File

@@ -1,4 +1,4 @@
package handlers
package handler
import (
"context"
@@ -99,7 +99,7 @@ func validatePassword(
}
// Handle request to reauthenticate (i.e. make token fresh again)
func HandleReauthenticate(
func Reauthenticate(
logger *zerolog.Logger,
config *config.Config,
conn *db.SafeConn,

6
handlers/register.go → handler/register.go
View File

@@ -1,4 +1,4 @@
package handlers
package handler
import (
"context"
@@ -44,7 +44,7 @@ func validateRegistration(
return user, nil
}
func HandleRegisterRequest(
func RegisterRequest(
config *config.Config,
logger *zerolog.Logger,
conn *db.SafeConn,
@@ -93,7 +93,7 @@ func HandleRegisterRequest(
// Handles a request to view the login page. Will attempt to set "pagefrom"
// cookie so a successful login can redirect the user to the page they came
func HandleRegisterPage(trustedHost string) http.Handler {
func RegisterPage(trustedHost string) http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
cookies.SetPageFrom(w, r, trustedHost)

4
handlers/static.go → handler/static.go
View File

@@ -1,4 +1,4 @@
package handlers
package handler
import (
"net/http"
@@ -42,7 +42,7 @@ func (f neuteredReaddirFile) Readdir(count int) ([]os.FileInfo, error) {
// Handles requests for static files, without allowing access to the
// directory viewer and returning 404 if an exact file is not found
func HandleStatic(staticFS *http.FileSystem) http.Handler {
func StaticFS(staticFS *http.FileSystem) http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
nfs := justFilesFilesystem{*staticFS}

2
handlers/withtransaction.go → handler/withtransaction.go
View File

@@ -1,4 +1,4 @@
package handlers
package handler
import (
"context"

4
middleware/authentication.go
View File

@@ -10,7 +10,7 @@ import (
"projectreshoot/contexts"
"projectreshoot/cookies"
"projectreshoot/db"
"projectreshoot/handlers"
"projectreshoot/handler"
"projectreshoot/jwt"
"github.com/pkg/errors"
@@ -119,7 +119,7 @@ func Authentication(
// Failed to start transaction, skip auth
logger.Warn().Err(err).
Msg("Skipping Auth - unable to start a transaction")
handlers.ErrorPage(http.StatusServiceUnavailable, w, r)
handler.ErrorPage(http.StatusServiceUnavailable, w, r)
return
}
user, err := getAuthenticatedUser(config, ctx, tx, w, r)

6
middleware/logging.go
View File

@@ -3,7 +3,7 @@ package middleware
import (
"net/http"
"projectreshoot/contexts"
"projectreshoot/handlers"
"projectreshoot/handler"
"time"
"github.com/rs/zerolog"
@@ -31,7 +31,7 @@ func Logging(logger *zerolog.Logger, next http.Handler) http.Handler {
}
start, err := contexts.GetStartTime(r.Context())
if err != nil {
handlers.ErrorPage(http.StatusInternalServerError, w, r)
handler.ErrorPage(http.StatusInternalServerError, w, r)
return
}
wrapped := &wrappedWriter{
@@ -44,7 +44,7 @@ func Logging(logger *zerolog.Logger, next http.Handler) http.Handler {
Str("method", r.Method).
Str("resource", r.URL.Path).
Dur("time_elapsed", time.Since(start)).
Str("remote_addr", r.RemoteAddr).
Str("remote_addr", r.Header.Get("X-Forwarded-For")).
Msg("Served")
})
}

8
middleware/pageprotection.go
View File

@@ -3,15 +3,15 @@ package middleware
import (
"net/http"
"projectreshoot/contexts"
"projectreshoot/handlers"
"projectreshoot/handler"
)
// Checks if the user is set in the context and shows 401 page if not logged in
func RequiresLogin(next http.Handler) http.Handler {
func LoginReq(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user := contexts.GetUser(r.Context())
if user == nil {
handlers.ErrorPage(http.StatusUnauthorized, w, r)
handler.ErrorPage(http.StatusUnauthorized, w, r)
return
}
next.ServeHTTP(w, r)
@@ -20,7 +20,7 @@ func RequiresLogin(next http.Handler) http.Handler {
// Checks if the user is set in the context and redirects them to profile if
// they are logged in
func RequiresLogout(next http.Handler) http.Handler {
func LogoutReq(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user := contexts.GetUser(r.Context())
if user != nil {

2
middleware/pageprotection_test.go
View File

@@ -33,7 +33,7 @@ func TestPageLoginRequired(t *testing.T) {
var maint uint32
atomic.StoreUint32(&maint, 0)
// Add the middleware and create the server
loginRequiredHandler := RequiresLogin(testHandler)
loginRequiredHandler := LoginReq(testHandler)
authHandler := Authentication(logger, cfg, sconn, loginRequiredHandler, &maint)
server := httptest.NewServer(authHandler)
defer server.Close()

2
middleware/reauthentication.go
View File

@@ -6,7 +6,7 @@ import (
"time"
)
func RequiresFresh(
func FreshReq(
next http.Handler,
) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

4
middleware/reauthentication_test.go
View File

@@ -33,8 +33,8 @@ func TestReauthRequired(t *testing.T) {
var maint uint32
atomic.StoreUint32(&maint, 0)
// Add the middleware and create the server
reauthRequiredHandler := RequiresFresh(testHandler)
loginRequiredHandler := RequiresLogin(reauthRequiredHandler)
reauthRequiredHandler := FreshReq(testHandler)
loginRequiredHandler := LoginReq(reauthRequiredHandler)
authHandler := Authentication(logger, cfg, sconn, loginRequiredHandler, &maint)
server := httptest.NewServer(authHandler)
defer server.Close()

80
server/routes.go
View File

@@ -5,7 +5,7 @@ import (
"projectreshoot/config"
"projectreshoot/db"
"projectreshoot/handlers"
"projectreshoot/handler"
"projectreshoot/middleware"
"projectreshoot/view/page"
@@ -20,82 +20,44 @@ func addRoutes(
conn *db.SafeConn,
staticFS *http.FileSystem,
) {
route := mux.Handle
loggedIn := middleware.LoginReq
loggedOut := middleware.LogoutReq
fresh := middleware.FreshReq
// Health check
mux.HandleFunc("GET /healthz", func(http.ResponseWriter, *http.Request) {})
// Static files
mux.Handle("GET /static/", http.StripPrefix("/static/", handlers.HandleStatic(staticFS)))
route("GET /static/", http.StripPrefix("/static/", handler.StaticFS(staticFS)))
// Index page and unhandled catchall (404)
mux.Handle("GET /", handlers.HandleRoot())
route("GET /", handler.Root())
// Static content, unprotected pages
mux.Handle("GET /about", handlers.HandlePage(page.About()))
route("GET /about", handler.HandlePage(page.About()))
// Login page and handlers
mux.Handle("GET /login",
middleware.RequiresLogout(
handlers.HandleLoginPage(config.TrustedHost),
))
mux.Handle("POST /login",
middleware.RequiresLogout(
handlers.HandleLoginRequest(
config,
logger,
conn,
)))
route("GET /login", loggedOut(handler.LoginPage(config.TrustedHost)))
route("POST /login", loggedOut(handler.LoginRequest(config, logger, conn)))
// Register page and handlers
mux.Handle("GET /register",
middleware.RequiresLogout(
handlers.HandleRegisterPage(config.TrustedHost),
))
mux.Handle("POST /register",
middleware.RequiresLogout(
handlers.HandleRegisterRequest(
config,
logger,
conn,
)))
route("GET /register", loggedOut(handler.RegisterPage(config.TrustedHost)))
route("POST /register", loggedOut(handler.RegisterRequest(config, logger, conn)))
// Logout
mux.Handle("POST /logout", handlers.HandleLogout(config, logger, conn))
route("POST /logout", handler.Logout(config, logger, conn))
// Reauthentication request
mux.Handle("POST /reauthenticate",
middleware.RequiresLogin(
handlers.HandleReauthenticate(logger, config, conn),
))
route("POST /reauthenticate", loggedIn(handler.Reauthenticate(logger, config, conn)))
// Profile page
mux.Handle("GET /profile",
middleware.RequiresLogin(
handlers.HandleProfilePage(),
))
route("GET /profile", loggedIn(handler.ProfilePage()))
// Account page
mux.Handle("GET /account",
middleware.RequiresLogin(
handlers.HandleAccountPage(),
))
mux.Handle("POST /account-select-page",
middleware.RequiresLogin(
handlers.HandleAccountSubpage(),
))
mux.Handle("POST /change-username",
middleware.RequiresLogin(
middleware.RequiresFresh(
handlers.HandleChangeUsername(logger, conn),
),
))
mux.Handle("POST /change-bio",
middleware.RequiresLogin(
handlers.HandleChangeBio(logger, conn),
))
mux.Handle("POST /change-password",
middleware.RequiresLogin(
middleware.RequiresFresh(
handlers.HandleChangePassword(logger, conn),
),
))
route("GET /account", loggedIn(handler.AccountPage()))
route("POST /account-select-page", loggedIn(handler.AccountSubpage()))
route("POST /change-username", loggedIn(fresh(handler.ChangeUsername(logger, conn))))
route("POST /change-bio", loggedIn(handler.ChangeBio(logger, conn)))
route("POST /change-password", loggedIn(fresh(handler.ChangePassword(logger, conn))))
}

2
view/component/form/loginform.templ
View File

@@ -33,7 +33,7 @@ templ LoginForm(loginError string) {
<!-- Form Group -->
<div>
<label
for="email"
for="username"
class="block text-sm mb-2"
>Username</label>
<div class="relative">

2
view/component/form/registerform.templ
View File

@@ -38,7 +38,7 @@ templ RegisterForm(registerError string) {
>
<div>
<label
for="email"
for="username"
class="block text-sm mb-2"
>Username</label>
<div class="relative">