fix: P0+P1 critical bug fixes across controller (24 files)

Concurrency fixes: - Deep-copy stacks in GetStack/GetStacks to prevent shared state mutation (C04) - Add per-state mutex to watchdog pathProbeState (C05) - Guard MetricsCollector.Start() with sync.Once against double-start (C06) - Hold diskJobMu across entire raw mount operation (C07) - Add mutex to SetEncryptionKey (C08), MigrateEncryption write lock (H03) - Use sync.Once for sync.Stop() channel close (H08) - Set syncing=true before releasing lock in TriggerSync (H09) - Deep-copy lastDBDump/lastBackup in GetFullStatus (H11) - Add WaitGroup for stderr goroutine in MigrateDrive (H19) - Add mutex to SetBackupRunningCheck (M18) Security fixes: - Validate Bearer token against Hub API key in CSRF middleware (H16) - Validate backup paths start with expected prefix in RemoveStack (M12) - Guard uuid[:8] slice with length check (H20) - Parse fstab fields exactly for mount target matching (H21) Bug fixes: - Use decrypted env vars for compose deploy (C01) - Log decrypt failures in DecryptMap instead of swallowing (C02) - Move Deployed=false inside lock in runComposeDeploy (C03) - Fix activeDrives() to skip disconnected drives (H02) - Fix Snapshot() stderr extraction from exec.ExitError (H01) - Check unlockCmd.Run() error in restic (H01) - Buffer template rendering via bytes.Buffer (H07) - Thread context.Context through cloudflare client (H10) - Fix leaf-name collision detection in cross-drive backup (H15) - Add nil check for crossDriveRunner (H17) - Use strings.TrimSpace instead of slice on command output (H18) - Make SaveAppConfig atomic with write-to-tmp+rename (H04) - Pass encKey on deploy failure SaveAppConfig (H05) - Fix IPv6 address format in TCP health probe Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 13:39:45 +01:00
parent 2ad743b66f
commit 8b8c04a487
23 changed files with 248 additions and 83 deletions
@@ -2,6 +2,7 @@ package cloudflare

 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -54,7 +55,7 @@ type apiMessage struct {
 }

 // do performs an HTTP request to the Cloudflare API and decodes the response.
-func (c *Client) do(method, path string, body interface{}) (*apiResponse, error) {
+func (c *Client) do(ctx context.Context, method, path string, body interface{}) (*apiResponse, error) {
 	var bodyReader io.Reader
 	if body != nil {
 		data, err := json.Marshal(body)
@@ -70,7 +71,7 @@ func (c *Client) do(method, path string, body interface{}) (*apiResponse, error)
 	}

 	url := apiBase + path
-	req, err := http.NewRequest(method, url, bodyReader)
+	req, err := http.NewRequestWithContext(ctx, method, url, bodyReader)
 	if err != nil {
 		return nil, fmt.Errorf("create request: %w", err)
 	}
@@ -76,7 +76,7 @@ func (g *GeoSyncManager) Sync(ctx context.Context) error {
 	zoneID := geo.ZoneID
 	if zoneID == "" {
 		var err error
-		zoneID, err = g.client.GetZoneID(g.domain)
+		zoneID, err = g.client.GetZoneID(ctx, g.domain)
 		if err != nil {
 			g.saveError(zoneID, "", err.Error())
 			return fmt.Errorf("resolve zone: %w", err)
@@ -87,13 +87,13 @@ func (g *GeoSyncManager) Sync(ctx context.Context) error {
 	rulesetID := geo.RulesetID
 	if rulesetID == "" {
 		var err error
-		rulesetID, err = g.client.GetCustomRulesetID(zoneID)
+		rulesetID, err = g.client.GetCustomRulesetID(ctx, zoneID)
 		if err != nil {
 			g.saveError(zoneID, "", err.Error())
 			return fmt.Errorf("get ruleset: %w", err)
 		}
 		if rulesetID == "" {
-			rulesetID, err = g.client.CreateCustomRuleset(zoneID)
+			rulesetID, err = g.client.CreateCustomRuleset(ctx, zoneID)
 			if err != nil {
 				g.saveError(zoneID, "", err.Error())
 				return fmt.Errorf("create ruleset: %w", err)
@@ -102,7 +102,7 @@ func (g *GeoSyncManager) Sync(ctx context.Context) error {
 	}

 	// 3. List existing felhom-managed rules
-	existing, err := g.client.GetFelhomRules(zoneID, rulesetID)
+	existing, err := g.client.GetFelhomRules(ctx, zoneID, rulesetID)
 	if err != nil {
 		g.saveError(zoneID, rulesetID, err.Error())
 		return fmt.Errorf("list existing rules: %w", err)
@@ -112,7 +112,7 @@ func (g *GeoSyncManager) Sync(ctx context.Context) error {
 	desired := g.buildDesiredRules(geo)

 	// 5. Diff and apply
-	if err := g.applyDiff(zoneID, rulesetID, existing, desired); err != nil {
+	if err := g.applyDiff(ctx, zoneID, rulesetID, existing, desired); err != nil {
 		g.saveError(zoneID, rulesetID, err.Error())
 		return fmt.Errorf("apply diff: %w", err)
 	}
@@ -138,14 +138,14 @@ func (g *GeoSyncManager) deleteAllRules(ctx context.Context, geo *settings.GeoRe
 		return nil
 	}

-	existing, err := g.client.GetFelhomRules(zoneID, rulesetID)
+	existing, err := g.client.GetFelhomRules(ctx, zoneID, rulesetID)
 	if err != nil {
 		g.logger.Printf("[GEO] Warning: could not list rules for cleanup: %v", err)
 		return nil
 	}

 	for _, r := range existing {
-		if err := g.client.DeleteRule(zoneID, rulesetID, r.ID); err != nil {
+		if err := g.client.DeleteRule(ctx, zoneID, rulesetID, r.ID); err != nil {
 			g.logger.Printf("[GEO] Warning: could not delete rule %s: %v", r.ID, err)
 		}
 	}
@@ -202,7 +202,7 @@ func (g *GeoSyncManager) buildDesiredRules(geo *settings.GeoRestriction) []desir
 }

 // applyDiff applies the difference between existing and desired rules.
-func (g *GeoSyncManager) applyDiff(zoneID, rulesetID string, existing []GeoRule, desired []desiredRule) error {
+func (g *GeoSyncManager) applyDiff(ctx context.Context, zoneID, rulesetID string, existing []GeoRule, desired []desiredRule) error {
 	// Index existing by description
 	existingByDesc := make(map[string]GeoRule)
 	for _, r := range existing {
@@ -221,14 +221,14 @@ func (g *GeoSyncManager) applyDiff(zoneID, rulesetID string, existing []GeoRule,
 			// Rule exists — check if expression changed
 			if ex.Expression != d.expression {
 				r := newBlockRule(d.description, d.expression)
-				if err := g.client.UpdateRule(zoneID, rulesetID, ex.ID, r); err != nil {
+				if err := g.client.UpdateRule(ctx, zoneID, rulesetID, ex.ID, r); err != nil {
 					return fmt.Errorf("update rule %q: %w", d.description, err)
 				}
 			}
 		} else {
 			// New rule — create
 			r := newBlockRule(d.description, d.expression)
-			if _, err := g.client.CreateRule(zoneID, rulesetID, r); err != nil {
+			if _, err := g.client.CreateRule(ctx, zoneID, rulesetID, r); err != nil {
 				return fmt.Errorf("create rule %q: %w", d.description, err)
 			}
 		}
@@ -237,7 +237,7 @@ func (g *GeoSyncManager) applyDiff(zoneID, rulesetID string, existing []GeoRule,
 	// Delete rules that are no longer desired
 	for _, ex := range existing {
 		if _, ok := desiredByDesc[ex.Description]; !ok {
-			if err := g.client.DeleteRule(zoneID, rulesetID, ex.ID); err != nil {
+			if err := g.client.DeleteRule(ctx, zoneID, rulesetID, ex.ID); err != nil {
 				return fmt.Errorf("delete rule %q: %w", ex.Description, err)
 			}
 		}
@@ -1,6 +1,7 @@
 package cloudflare

 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"strings"
@@ -58,9 +59,9 @@ type GeoRule struct {

 // GetCustomRulesetID returns the zone's http_request_firewall_custom ruleset ID.
 // Returns empty string if no such ruleset exists yet.
-func (c *Client) GetCustomRulesetID(zoneID string) (string, error) {
+func (c *Client) GetCustomRulesetID(ctx context.Context, zoneID string) (string, error) {
 	path := fmt.Sprintf("/zones/%s/rulesets", zoneID)
-	resp, err := c.do("GET", path, nil)
+	resp, err := c.do(ctx, "GET", path, nil)
 	if err != nil {
 		return "", fmt.Errorf("list rulesets: %w", err)
 	}
@@ -80,7 +81,7 @@ func (c *Client) GetCustomRulesetID(zoneID string) (string, error) {
 }

 // CreateCustomRuleset creates the http_request_firewall_custom phase entry point ruleset.
-func (c *Client) CreateCustomRuleset(zoneID string) (string, error) {
+func (c *Client) CreateCustomRuleset(ctx context.Context, zoneID string) (string, error) {
 	path := fmt.Sprintf("/zones/%s/rulesets", zoneID)
 	body := map[string]interface{}{
 		"name":  "felhom custom rules",
@@ -89,7 +90,7 @@ func (c *Client) CreateCustomRuleset(zoneID string) (string, error) {
 		"rules": []interface{}{},
 	}

-	resp, err := c.do("POST", path, body)
+	resp, err := c.do(ctx, "POST", path, body)
 	if err != nil {
 		return "", fmt.Errorf("create ruleset: %w", err)
 	}
@@ -104,9 +105,9 @@ func (c *Client) CreateCustomRuleset(zoneID string) (string, error) {
 }

 // GetRules returns all rules in a ruleset.
-func (c *Client) GetRules(zoneID, rulesetID string) ([]rule, error) {
+func (c *Client) GetRules(ctx context.Context, zoneID, rulesetID string) ([]rule, error) {
 	path := fmt.Sprintf("/zones/%s/rulesets/%s", zoneID, rulesetID)
-	resp, err := c.do("GET", path, nil)
+	resp, err := c.do(ctx, "GET", path, nil)
 	if err != nil {
 		return nil, fmt.Errorf("get ruleset: %w", err)
 	}
@@ -122,8 +123,8 @@ func (c *Client) GetRules(zoneID, rulesetID string) ([]rule, error) {
 }

 // GetFelhomRules returns only rules with the [felhom-geo] prefix.
-func (c *Client) GetFelhomRules(zoneID, rulesetID string) ([]GeoRule, error) {
-	rules, err := c.GetRules(zoneID, rulesetID)
+func (c *Client) GetFelhomRules(ctx context.Context, zoneID, rulesetID string) ([]GeoRule, error) {
+	rules, err := c.GetRules(ctx, zoneID, rulesetID)
 	if err != nil {
 		return nil, err
 	}
@@ -144,9 +145,9 @@ func (c *Client) GetFelhomRules(zoneID, rulesetID string) ([]GeoRule, error) {
 }

 // CreateRule adds a new rule to the ruleset.
-func (c *Client) CreateRule(zoneID, rulesetID string, r rule) (string, error) {
+func (c *Client) CreateRule(ctx context.Context, zoneID, rulesetID string, r rule) (string, error) {
 	path := fmt.Sprintf("/zones/%s/rulesets/%s/rules", zoneID, rulesetID)
-	resp, err := c.do("POST", path, r)
+	resp, err := c.do(ctx, "POST", path, r)
 	if err != nil {
 		return "", fmt.Errorf("create rule: %w", err)
 	}
@@ -170,9 +171,9 @@ func (c *Client) CreateRule(zoneID, rulesetID string, r rule) (string, error) {
 }

 // UpdateRule updates an existing rule in the ruleset.
-func (c *Client) UpdateRule(zoneID, rulesetID, ruleID string, r rule) error {
+func (c *Client) UpdateRule(ctx context.Context, zoneID, rulesetID, ruleID string, r rule) error {
 	path := fmt.Sprintf("/zones/%s/rulesets/%s/rules/%s", zoneID, rulesetID, ruleID)
-	_, err := c.do("PATCH", path, r)
+	_, err := c.do(ctx, "PATCH", path, r)
 	if err != nil {
 		return fmt.Errorf("update rule %s: %w", ruleID, err)
 	}
@@ -181,9 +182,9 @@ func (c *Client) UpdateRule(zoneID, rulesetID, ruleID string, r rule) error {
 }

 // DeleteRule removes a rule from the ruleset.
-func (c *Client) DeleteRule(zoneID, rulesetID, ruleID string) error {
+func (c *Client) DeleteRule(ctx context.Context, zoneID, rulesetID, ruleID string) error {
 	path := fmt.Sprintf("/zones/%s/rulesets/%s/rules/%s", zoneID, rulesetID, ruleID)
-	_, err := c.do("DELETE", path, nil)
+	_, err := c.do(ctx, "DELETE", path, nil)
 	if err != nil {
 		return fmt.Errorf("delete rule %s: %w", ruleID, err)
 	}
@@ -1,6 +1,7 @@
 package cloudflare

 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"net/url"
@@ -14,9 +15,9 @@ type zone struct {

 // GetZoneID resolves the Cloudflare zone ID for a domain.
 // It tries the exact domain first, then strips subdomains progressively.
-func (c *Client) GetZoneID(domain string) (string, error) {
+func (c *Client) GetZoneID(ctx context.Context, domain string) (string, error) {
 	// Try exact domain first (e.g., "demo-felhom.eu")
-	id, err := c.lookupZone(domain)
+	id, err := c.lookupZone(ctx, domain)
 	if err != nil {
 		return "", err
 	}
@@ -31,7 +32,7 @@ func (c *Client) GetZoneID(domain string) (string, error) {
 			if parent == "" {
 				break
 			}
-			id, err = c.lookupZone(parent)
+			id, err = c.lookupZone(ctx, parent)
 			if err != nil {
 				return "", err
 			}
@@ -45,9 +46,9 @@ func (c *Client) GetZoneID(domain string) (string, error) {
 }

 // lookupZone queries the CF API for a zone by name.
-func (c *Client) lookupZone(name string) (string, error) {
+func (c *Client) lookupZone(ctx context.Context, name string) (string, error) {
 	path := "/zones?name=" + url.QueryEscape(name) + "&status=active"
-	resp, err := c.do("GET", path, nil)
+	resp, err := c.do(ctx, "GET", path, nil)
 	if err != nil {
 		return "", fmt.Errorf("lookup zone %q: %w", name, err)
 	}