admin
42e0617a6c
- Replace separate config detail and report detail pages with unified
/customers/{id} page showing both config info and live report data
- Add "blocked" status for customers (hidden from dashboard, notifications
suppressed, still accepts reports)
- Dashboard now shows config-only customers as "PENDING" status
- Customers list: all rows link to /customers/{id}, show BLOCKED badge
- New actions: block/unblock, push config to controller, auto-create
config from report data
- /configs/{id} now redirects to /customers/{id}
- Add config-badge CSS classes for MANAGED/MANUAL/BLOCKED badges
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
541 lines
17 KiB
Go
541 lines
17 KiB
Go
package api
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/subtle"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"gitea.dooplex.hu/admin/felhom-hub/internal/configgen"
|
|
"gitea.dooplex.hu/admin/felhom-hub/internal/store"
|
|
)
|
|
|
|
// ConfigTemplateProvider returns the controller.yaml template for config generation.
|
|
type ConfigTemplateProvider interface {
|
|
Template() string
|
|
}
|
|
|
|
// Handler handles API endpoints for report ingest and customer queries.
|
|
type Handler struct {
|
|
store *store.Store
|
|
apiKey string
|
|
resendAPIKey string
|
|
fromEmail string
|
|
logger *log.Logger
|
|
httpClient *http.Client
|
|
templateProvider ConfigTemplateProvider
|
|
}
|
|
|
|
// New creates a new API handler.
|
|
func New(store *store.Store, apiKey, resendAPIKey, fromEmail string, templateProvider ConfigTemplateProvider, logger *log.Logger) *Handler {
|
|
return &Handler{
|
|
store: store,
|
|
apiKey: apiKey,
|
|
resendAPIKey: resendAPIKey,
|
|
fromEmail: fromEmail,
|
|
logger: logger,
|
|
httpClient: &http.Client{Timeout: 10 * time.Second},
|
|
templateProvider: templateProvider,
|
|
}
|
|
}
|
|
|
|
// checkAuth verifies the Bearer token against the global API key or a per-customer API key.
|
|
// Returns true if authorized.
|
|
func (h *Handler) checkAuth(r *http.Request) bool {
|
|
auth := r.Header.Get("Authorization")
|
|
if !strings.HasPrefix(auth, "Bearer ") {
|
|
return false
|
|
}
|
|
token := strings.TrimPrefix(auth, "Bearer ")
|
|
|
|
// Check global key first
|
|
if h.apiKey != "" && subtle.ConstantTimeCompare([]byte(token), []byte(h.apiKey)) == 1 {
|
|
return true
|
|
}
|
|
|
|
// Check per-customer key
|
|
cfg, err := h.store.GetCustomerConfigByAPIKey(token)
|
|
return err == nil && cfg != nil
|
|
}
|
|
|
|
// ServeHTTP routes API requests.
|
|
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
path := strings.TrimPrefix(r.URL.Path, "/api/v1")
|
|
|
|
switch {
|
|
case r.Method == http.MethodPost && path == "/report":
|
|
h.handleReport(w, r)
|
|
case r.Method == http.MethodPost && path == "/notify":
|
|
h.handleNotify(w, r)
|
|
case r.Method == http.MethodPost && path == "/infra-backup":
|
|
h.handleInfraBackupPush(w, r)
|
|
case r.Method == http.MethodGet && strings.HasPrefix(path, "/infra-backup/"):
|
|
h.handleInfraBackupGet(w, r, strings.TrimPrefix(path, "/infra-backup/"))
|
|
case r.Method == http.MethodPost && path == "/preferences":
|
|
h.handleSavePreferences(w, r)
|
|
case r.Method == http.MethodGet && path == "/customers":
|
|
h.handleCustomers(w, r)
|
|
case r.Method == http.MethodGet && strings.HasPrefix(path, "/customers/"):
|
|
parts := strings.Split(strings.TrimPrefix(path, "/customers/"), "/")
|
|
customerID := parts[0]
|
|
if len(parts) > 1 && parts[1] == "history" {
|
|
h.handleCustomerHistory(w, r, customerID)
|
|
} else {
|
|
h.handleCustomer(w, r, customerID)
|
|
}
|
|
case r.Method == http.MethodGet && strings.HasPrefix(path, "/config/"):
|
|
customerID := strings.TrimPrefix(path, "/config/")
|
|
h.handleConfigRetrieve(w, r, customerID)
|
|
default:
|
|
http.NotFound(w, r)
|
|
}
|
|
}
|
|
|
|
func (h *Handler) handleReport(w http.ResponseWriter, r *http.Request) {
|
|
if !h.checkAuth(r) {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20)) // 1MB limit
|
|
if err != nil {
|
|
http.Error(w, "Bad request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
// Extract customer_id from JSON
|
|
var payload struct {
|
|
CustomerID string `json:"customer_id"`
|
|
}
|
|
if err := json.Unmarshal(body, &payload); err != nil || payload.CustomerID == "" {
|
|
http.Error(w, "Invalid payload: customer_id required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if err := h.store.SaveReport(payload.CustomerID, body); err != nil {
|
|
h.logger.Printf("[ERROR] Failed to save report from %s: %v", payload.CustomerID, err)
|
|
http.Error(w, "Internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
h.logger.Printf("[INFO] Received report from %s (%d bytes)", payload.CustomerID, len(body))
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte(`{"status":"ok"}`))
|
|
}
|
|
|
|
func (h *Handler) handleCustomers(w http.ResponseWriter, r *http.Request) {
|
|
customers, err := h.store.GetCustomers()
|
|
if err != nil {
|
|
h.logger.Printf("[ERROR] Failed to get customers: %v", err)
|
|
http.Error(w, "Internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
type customerJSON struct {
|
|
ID string `json:"id"`
|
|
Name string `json:"name"`
|
|
ControllerVersion string `json:"controller_version"`
|
|
ControllerURL string `json:"controller_url,omitempty"`
|
|
HealthStatus string `json:"health_status"`
|
|
LastSeen time.Time `json:"last_seen"`
|
|
CPUPercent float64 `json:"cpu_percent"`
|
|
MemoryPercent float64 `json:"memory_percent"`
|
|
ContainerTotal int `json:"container_total"`
|
|
ContainerRunning int `json:"container_running"`
|
|
BackupLastSnapshot *time.Time `json:"backup_last_snapshot"`
|
|
}
|
|
|
|
result := make([]customerJSON, 0, len(customers))
|
|
for _, c := range customers {
|
|
result = append(result, customerJSON{
|
|
ID: c.CustomerID,
|
|
Name: c.CustomerName,
|
|
ControllerVersion: c.ControllerVersion,
|
|
ControllerURL: c.ControllerURL,
|
|
HealthStatus: c.HealthStatus,
|
|
LastSeen: c.ReceivedAt,
|
|
CPUPercent: c.CPUPercent,
|
|
MemoryPercent: c.MemoryPercent,
|
|
ContainerTotal: c.ContainerTotal,
|
|
ContainerRunning: c.ContainerRunning,
|
|
BackupLastSnapshot: c.BackupLastSnapshot,
|
|
})
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(result)
|
|
}
|
|
|
|
func (h *Handler) handleCustomer(w http.ResponseWriter, r *http.Request, customerID string) {
|
|
customer, err := h.store.GetCustomer(customerID)
|
|
if err != nil {
|
|
h.logger.Printf("[ERROR] Failed to get customer %s: %v", customerID, err)
|
|
http.Error(w, "Internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
if customer == nil {
|
|
http.NotFound(w, r)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
// Return the full report JSON directly
|
|
w.Write([]byte(customer.ReportJSON))
|
|
}
|
|
|
|
func (h *Handler) handleCustomerHistory(w http.ResponseWriter, r *http.Request, customerID string) {
|
|
period := r.URL.Query().Get("period")
|
|
var since time.Duration
|
|
switch period {
|
|
case "7d":
|
|
since = 7 * 24 * time.Hour
|
|
case "30d":
|
|
since = 30 * 24 * time.Hour
|
|
default:
|
|
since = 24 * time.Hour
|
|
}
|
|
|
|
history, err := h.store.GetCustomerHistory(customerID, since)
|
|
if err != nil {
|
|
h.logger.Printf("[ERROR] Failed to get history for %s: %v", customerID, err)
|
|
http.Error(w, "Internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
type historyEntry struct {
|
|
ReceivedAt time.Time `json:"received_at"`
|
|
HealthStatus string `json:"health_status"`
|
|
CPUPercent float64 `json:"cpu_percent"`
|
|
MemoryPercent float64 `json:"memory_percent"`
|
|
}
|
|
|
|
result := make([]historyEntry, 0, len(history))
|
|
for _, h := range history {
|
|
result = append(result, historyEntry{
|
|
ReceivedAt: h.ReceivedAt,
|
|
HealthStatus: h.HealthStatus,
|
|
CPUPercent: h.CPUPercent,
|
|
MemoryPercent: h.MemoryPercent,
|
|
})
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(result)
|
|
}
|
|
|
|
// handleNotify processes notification events from customer controllers.
|
|
func (h *Handler) handleNotify(w http.ResponseWriter, r *http.Request) {
|
|
if !h.checkAuth(r) {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20))
|
|
if err != nil {
|
|
http.Error(w, "Bad request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
var payload struct {
|
|
CustomerID string `json:"customer_id"`
|
|
EventType string `json:"event_type"`
|
|
Severity string `json:"severity"`
|
|
Message string `json:"message"`
|
|
Details string `json:"details"`
|
|
}
|
|
if err := json.Unmarshal(body, &payload); err != nil || payload.CustomerID == "" || payload.EventType == "" {
|
|
http.Error(w, "Invalid payload: customer_id and event_type required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
h.logger.Printf("[INFO] Notification from %s: %s (%s) — %s", payload.CustomerID, payload.EventType, payload.Severity, payload.Message)
|
|
|
|
// Check if customer is blocked
|
|
if h.store.IsCustomerBlocked(payload.CustomerID) {
|
|
h.logger.Printf("[INFO] Notification suppressed for blocked customer %s", payload.CustomerID)
|
|
h.store.LogNotification(payload.CustomerID, payload.EventType, payload.Severity, payload.Message, "skipped", "customer blocked")
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte(`{"status":"ok","sent":false,"reason":"blocked"}`))
|
|
return
|
|
}
|
|
|
|
// Look up customer notification preferences
|
|
prefs, err := h.store.GetNotificationPrefs(payload.CustomerID)
|
|
if err != nil {
|
|
h.logger.Printf("[ERROR] Failed to get notification prefs for %s: %v", payload.CustomerID, err)
|
|
http.Error(w, "Internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
// Check if customer has email configured and event type is enabled
|
|
if prefs == nil || prefs.Email == "" {
|
|
h.logger.Printf("[INFO] No email configured for %s, skipping notification", payload.CustomerID)
|
|
h.store.LogNotification(payload.CustomerID, payload.EventType, payload.Severity, payload.Message, "skipped", "no email configured")
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte(`{"status":"ok","sent":false,"reason":"no_email"}`))
|
|
return
|
|
}
|
|
|
|
// Check if event type is in the enabled list (test events always pass)
|
|
eventEnabled := payload.EventType == "test"
|
|
for _, e := range prefs.EnabledEvents {
|
|
if e == payload.EventType {
|
|
eventEnabled = true
|
|
break
|
|
}
|
|
}
|
|
if !eventEnabled {
|
|
h.logger.Printf("[INFO] Event %s not enabled for %s, skipping", payload.EventType, payload.CustomerID)
|
|
h.store.LogNotification(payload.CustomerID, payload.EventType, payload.Severity, payload.Message, "skipped", "event not enabled")
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte(`{"status":"ok","sent":false,"reason":"event_disabled"}`))
|
|
return
|
|
}
|
|
|
|
// Send email via Resend API
|
|
if h.resendAPIKey == "" {
|
|
h.logger.Printf("[WARN] Resend API key not configured, cannot send notification email")
|
|
h.store.LogNotification(payload.CustomerID, payload.EventType, payload.Severity, payload.Message, "skipped", "resend api key not configured")
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte(`{"status":"ok","sent":false,"reason":"no_api_key"}`))
|
|
return
|
|
}
|
|
|
|
subject, emailBody := formatNotificationEmail(payload.CustomerID, payload.EventType, payload.Severity, payload.Message, payload.Details)
|
|
sendErr := h.sendResendEmail(prefs.Email, subject, emailBody)
|
|
if sendErr != nil {
|
|
h.logger.Printf("[ERROR] Failed to send notification email to %s: %v", prefs.Email, sendErr)
|
|
h.store.LogNotification(payload.CustomerID, payload.EventType, payload.Severity, payload.Message, "failed", sendErr.Error())
|
|
http.Error(w, "Failed to send email", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
h.logger.Printf("[INFO] Notification email sent to %s for %s/%s", prefs.Email, payload.CustomerID, payload.EventType)
|
|
h.store.LogNotification(payload.CustomerID, payload.EventType, payload.Severity, payload.Message, "sent", "")
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte(`{"status":"ok","sent":true}`))
|
|
}
|
|
|
|
// handleSavePreferences stores notification preferences pushed from a customer controller.
|
|
func (h *Handler) handleSavePreferences(w http.ResponseWriter, r *http.Request) {
|
|
if !h.checkAuth(r) {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20))
|
|
if err != nil {
|
|
http.Error(w, "Bad request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
var payload struct {
|
|
CustomerID string `json:"customer_id"`
|
|
Email string `json:"email"`
|
|
EnabledEvents []string `json:"enabled_events"`
|
|
}
|
|
if err := json.Unmarshal(body, &payload); err != nil || payload.CustomerID == "" {
|
|
http.Error(w, "Invalid payload: customer_id required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if err := h.store.SaveNotificationPrefs(payload.CustomerID, payload.Email, payload.EnabledEvents); err != nil {
|
|
h.logger.Printf("[ERROR] Failed to save notification prefs for %s: %v", payload.CustomerID, err)
|
|
http.Error(w, "Internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
h.logger.Printf("[INFO] Notification preferences updated for %s: email=%s, events=%v", payload.CustomerID, payload.Email, payload.EnabledEvents)
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte(`{"status":"ok"}`))
|
|
}
|
|
|
|
// handleInfraBackupPush stores an infrastructure snapshot from a controller.
|
|
func (h *Handler) handleInfraBackupPush(w http.ResponseWriter, r *http.Request) {
|
|
if !h.checkAuth(r) {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20)) // 1MB limit
|
|
if err != nil {
|
|
http.Error(w, "Bad request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
var payload struct {
|
|
CustomerID string `json:"customer_id"`
|
|
}
|
|
if err := json.Unmarshal(body, &payload); err != nil || payload.CustomerID == "" {
|
|
http.Error(w, "Invalid payload: customer_id required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if err := h.store.SaveInfraBackup(payload.CustomerID, body); err != nil {
|
|
h.logger.Printf("[ERROR] Failed to save infra backup for %s: %v", payload.CustomerID, err)
|
|
http.Error(w, "Internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
h.logger.Printf("[INFO] Infra backup saved for %s (%d bytes)", payload.CustomerID, len(body))
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte(`{"status":"ok"}`))
|
|
}
|
|
|
|
// handleInfraBackupGet returns the infrastructure backup for a customer.
|
|
func (h *Handler) handleInfraBackupGet(w http.ResponseWriter, r *http.Request, customerID string) {
|
|
if !h.checkAuth(r) {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
if customerID == "" {
|
|
http.Error(w, "Missing customer_id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
data, err := h.store.GetInfraBackup(customerID)
|
|
if err != nil {
|
|
h.logger.Printf("[ERROR] Failed to get infra backup for %s: %v", customerID, err)
|
|
http.Error(w, "Internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
if data == nil {
|
|
http.NotFound(w, r)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.Write(data)
|
|
}
|
|
|
|
// handleConfigRetrieve returns a generated controller.yaml for a customer.
|
|
// Auth: X-Retrieval-Password header (not Bearer token).
|
|
func (h *Handler) handleConfigRetrieve(w http.ResponseWriter, r *http.Request, customerID string) {
|
|
if customerID == "" {
|
|
http.Error(w, "Missing customer_id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
password := r.Header.Get("X-Retrieval-Password")
|
|
if password == "" {
|
|
http.Error(w, "Unauthorized: X-Retrieval-Password header required", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
cfg, err := h.store.GetCustomerConfig(customerID)
|
|
if err != nil {
|
|
h.logger.Printf("[ERROR] Failed to get customer config for %s: %v", customerID, err)
|
|
http.Error(w, "Internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
if cfg == nil {
|
|
http.Error(w, "Not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
// Constant-time comparison to prevent timing attacks
|
|
if subtle.ConstantTimeCompare([]byte(password), []byte(cfg.RetrievalPassword)) != 1 {
|
|
http.Error(w, "Unauthorized: invalid password", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
if h.templateProvider == nil {
|
|
http.Error(w, "Config generation not available", http.StatusServiceUnavailable)
|
|
return
|
|
}
|
|
|
|
yamlOutput, err := configgen.Generate(h.templateProvider.Template(), cfg)
|
|
if err != nil {
|
|
h.logger.Printf("[ERROR] Failed to generate config for %s: %v", customerID, err)
|
|
http.Error(w, "Internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
h.logger.Printf("[INFO] Config downloaded for customer %s", customerID)
|
|
w.Header().Set("Content-Type", "text/yaml; charset=utf-8")
|
|
w.Write([]byte(yamlOutput))
|
|
}
|
|
|
|
// sendResendEmail sends an email via the Resend HTTP API.
|
|
func (h *Handler) sendResendEmail(to, subject, textBody string) error {
|
|
payload := map[string]interface{}{
|
|
"from": h.fromEmail,
|
|
"to": []string{to},
|
|
"subject": subject,
|
|
"text": textBody,
|
|
}
|
|
|
|
jsonData, err := json.Marshal(payload)
|
|
if err != nil {
|
|
return fmt.Errorf("marshaling email payload: %w", err)
|
|
}
|
|
|
|
req, err := http.NewRequest("POST", "https://api.resend.com/emails", bytes.NewReader(jsonData))
|
|
if err != nil {
|
|
return fmt.Errorf("creating request: %w", err)
|
|
}
|
|
req.Header.Set("Authorization", "Bearer "+h.resendAPIKey)
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
|
resp, err := h.httpClient.Do(req)
|
|
if err != nil {
|
|
return fmt.Errorf("sending request: %w", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode >= 400 {
|
|
respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 1024))
|
|
return fmt.Errorf("resend API returned %d: %s", resp.StatusCode, string(respBody))
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// formatNotificationEmail creates a Hungarian email subject and body.
|
|
func formatNotificationEmail(customerID, eventType, severity, message, details string) (string, string) {
|
|
severityLabel := map[string]string{
|
|
"info": "Információ",
|
|
"warning": "Figyelmeztetés",
|
|
"critical": "Kritikus",
|
|
}
|
|
label := severityLabel[severity]
|
|
if label == "" {
|
|
label = severity
|
|
}
|
|
|
|
subject := fmt.Sprintf("[Felhom] %s: %s", label, message)
|
|
|
|
now := time.Now().Format("2006-01-02 15:04")
|
|
emailText := fmt.Sprintf(`Kedves Ügyfél!
|
|
|
|
A Felhom rendszered a következő figyelmeztetést jelezte:
|
|
|
|
%s
|
|
|
|
Részletek:
|
|
- Szerver: %s
|
|
- Időpont: %s
|
|
- Szint: %s
|
|
- Típus: %s`, message, customerID, now, label, eventType)
|
|
|
|
if details != "" {
|
|
emailText += fmt.Sprintf("\n- Megjegyzés: %s", details)
|
|
}
|
|
|
|
emailText += `
|
|
|
|
Ha kérdésed van, vedd fel a kapcsolatot az üzemeltetővel.
|
|
|
|
Üdvözlettel,
|
|
Felhom.eu monitoring`
|
|
|
|
return subject, emailText
|
|
}
|