fix: P0+P1 critical bug fixes across controller (24 files)

Concurrency fixes: - Deep-copy stacks in GetStack/GetStacks to prevent shared state mutation (C04) - Add per-state mutex to watchdog pathProbeState (C05) - Guard MetricsCollector.Start() with sync.Once against double-start (C06) - Hold diskJobMu across entire raw mount operation (C07) - Add mutex to SetEncryptionKey (C08), MigrateEncryption write lock (H03) - Use sync.Once for sync.Stop() channel close (H08) - Set syncing=true before releasing lock in TriggerSync (H09) - Deep-copy lastDBDump/lastBackup in GetFullStatus (H11) - Add WaitGroup for stderr goroutine in MigrateDrive (H19) - Add mutex to SetBackupRunningCheck (M18) Security fixes: - Validate Bearer token against Hub API key in CSRF middleware (H16) - Validate backup paths start with expected prefix in RemoveStack (M12) - Guard uuid[:8] slice with length check (H20) - Parse fstab fields exactly for mount target matching (H21) Bug fixes: - Use decrypted env vars for compose deploy (C01) - Log decrypt failures in DecryptMap instead of swallowing (C02) - Move Deployed=false inside lock in runComposeDeploy (C03) - Fix activeDrives() to skip disconnected drives (H02) - Fix Snapshot() stderr extraction from exec.ExitError (H01) - Check unlockCmd.Run() error in restic (H01) - Buffer template rendering via bytes.Buffer (H07) - Thread context.Context through cloudflare client (H10) - Fix leaf-name collision detection in cross-drive backup (H15) - Add nil check for crossDriveRunner (H17) - Use strings.TrimSpace instead of slice on command output (H18) - Make SaveAppConfig atomic with write-to-tmp+rename (H04) - Pass encKey on deploy failure SaveAppConfig (H05) - Fix IPv6 address format in TCP health probe Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 13:39:45 +01:00
parent 2ad743b66f
commit 8b8c04a487
23 changed files with 248 additions and 83 deletions
@@ -1,6 +1,7 @@
 package cloudflare

 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"strings"
@@ -58,9 +59,9 @@ type GeoRule struct {

 // GetCustomRulesetID returns the zone's http_request_firewall_custom ruleset ID.
 // Returns empty string if no such ruleset exists yet.
-func (c *Client) GetCustomRulesetID(zoneID string) (string, error) {
+func (c *Client) GetCustomRulesetID(ctx context.Context, zoneID string) (string, error) {
 	path := fmt.Sprintf("/zones/%s/rulesets", zoneID)
-	resp, err := c.do("GET", path, nil)
+	resp, err := c.do(ctx, "GET", path, nil)
 	if err != nil {
 		return "", fmt.Errorf("list rulesets: %w", err)
 	}
@@ -80,7 +81,7 @@ func (c *Client) GetCustomRulesetID(zoneID string) (string, error) {
 }

 // CreateCustomRuleset creates the http_request_firewall_custom phase entry point ruleset.
-func (c *Client) CreateCustomRuleset(zoneID string) (string, error) {
+func (c *Client) CreateCustomRuleset(ctx context.Context, zoneID string) (string, error) {
 	path := fmt.Sprintf("/zones/%s/rulesets", zoneID)
 	body := map[string]interface{}{
 		"name":  "felhom custom rules",
@@ -89,7 +90,7 @@ func (c *Client) CreateCustomRuleset(zoneID string) (string, error) {
 		"rules": []interface{}{},
 	}

-	resp, err := c.do("POST", path, body)
+	resp, err := c.do(ctx, "POST", path, body)
 	if err != nil {
 		return "", fmt.Errorf("create ruleset: %w", err)
 	}
@@ -104,9 +105,9 @@ func (c *Client) CreateCustomRuleset(zoneID string) (string, error) {
 }

 // GetRules returns all rules in a ruleset.
-func (c *Client) GetRules(zoneID, rulesetID string) ([]rule, error) {
+func (c *Client) GetRules(ctx context.Context, zoneID, rulesetID string) ([]rule, error) {
 	path := fmt.Sprintf("/zones/%s/rulesets/%s", zoneID, rulesetID)
-	resp, err := c.do("GET", path, nil)
+	resp, err := c.do(ctx, "GET", path, nil)
 	if err != nil {
 		return nil, fmt.Errorf("get ruleset: %w", err)
 	}
@@ -122,8 +123,8 @@ func (c *Client) GetRules(zoneID, rulesetID string) ([]rule, error) {
 }

 // GetFelhomRules returns only rules with the [felhom-geo] prefix.
-func (c *Client) GetFelhomRules(zoneID, rulesetID string) ([]GeoRule, error) {
-	rules, err := c.GetRules(zoneID, rulesetID)
+func (c *Client) GetFelhomRules(ctx context.Context, zoneID, rulesetID string) ([]GeoRule, error) {
+	rules, err := c.GetRules(ctx, zoneID, rulesetID)
 	if err != nil {
 		return nil, err
 	}
@@ -144,9 +145,9 @@ func (c *Client) GetFelhomRules(zoneID, rulesetID string) ([]GeoRule, error) {
 }

 // CreateRule adds a new rule to the ruleset.
-func (c *Client) CreateRule(zoneID, rulesetID string, r rule) (string, error) {
+func (c *Client) CreateRule(ctx context.Context, zoneID, rulesetID string, r rule) (string, error) {
 	path := fmt.Sprintf("/zones/%s/rulesets/%s/rules", zoneID, rulesetID)
-	resp, err := c.do("POST", path, r)
+	resp, err := c.do(ctx, "POST", path, r)
 	if err != nil {
 		return "", fmt.Errorf("create rule: %w", err)
 	}
@@ -170,9 +171,9 @@ func (c *Client) CreateRule(zoneID, rulesetID string, r rule) (string, error) {
 }

 // UpdateRule updates an existing rule in the ruleset.
-func (c *Client) UpdateRule(zoneID, rulesetID, ruleID string, r rule) error {
+func (c *Client) UpdateRule(ctx context.Context, zoneID, rulesetID, ruleID string, r rule) error {
 	path := fmt.Sprintf("/zones/%s/rulesets/%s/rules/%s", zoneID, rulesetID, ruleID)
-	_, err := c.do("PATCH", path, r)
+	_, err := c.do(ctx, "PATCH", path, r)
 	if err != nil {
 		return fmt.Errorf("update rule %s: %w", ruleID, err)
 	}
@@ -181,9 +182,9 @@ func (c *Client) UpdateRule(zoneID, rulesetID, ruleID string, r rule) error {
 }

 // DeleteRule removes a rule from the ruleset.
-func (c *Client) DeleteRule(zoneID, rulesetID, ruleID string) error {
+func (c *Client) DeleteRule(ctx context.Context, zoneID, rulesetID, ruleID string) error {
 	path := fmt.Sprintf("/zones/%s/rulesets/%s/rules/%s", zoneID, rulesetID, ruleID)
-	_, err := c.do("DELETE", path, nil)
+	_, err := c.do(ctx, "DELETE", path, nil)
 	if err != nil {
 		return fmt.Errorf("delete rule %s: %w", ruleID, err)
 	}