fix: harden playback and migrations
This commit is contained in:
@@ -3,10 +3,14 @@ package main
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/signal"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
@@ -20,23 +24,49 @@ import (
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
||||
dbFile := os.Getenv("DATABASE_FILE")
|
||||
dbFile := strings.TrimSpace(os.Getenv("DATABASE_FILE"))
|
||||
if dbFile == "" {
|
||||
dbFile = "mal.db"
|
||||
}
|
||||
|
||||
db, err := sql.Open("sqlite3", dbFile)
|
||||
dsn := fmt.Sprintf("file:%s?_foreign_keys=on", dbFile)
|
||||
db, err := sql.Open("sqlite3", dsn)
|
||||
if err != nil {
|
||||
log.Fatalf("failed to open db: %v", err)
|
||||
}
|
||||
defer db.Close()
|
||||
|
||||
if err := db.Ping(); err != nil {
|
||||
log.Fatalf("failed to ping db: %v", err)
|
||||
}
|
||||
|
||||
if _, err := db.Exec("PRAGMA foreign_keys = ON"); err != nil {
|
||||
log.Fatalf("failed to enforce sqlite foreign keys: %v", err)
|
||||
}
|
||||
|
||||
var fkState int
|
||||
if err := db.QueryRow("PRAGMA foreign_keys").Scan(&fkState); err != nil {
|
||||
log.Fatalf("failed to verify sqlite foreign keys: %v", err)
|
||||
}
|
||||
if fkState != 1 {
|
||||
log.Fatal("sqlite foreign keys are disabled")
|
||||
}
|
||||
|
||||
migrationsDir, err := resolveMigrationsDir()
|
||||
if err != nil {
|
||||
log.Fatalf("failed to locate migrations directory: %v", err)
|
||||
}
|
||||
|
||||
// Run migrations with tracking
|
||||
if err := database.RunMigrations(db); err != nil {
|
||||
if err := database.RunMigrations(db, migrationsDir); err != nil {
|
||||
log.Fatalf("failed to run migrations: %v", err)
|
||||
}
|
||||
|
||||
playbackSecret := strings.TrimSpace(os.Getenv("PLAYBACK_PROXY_SECRET"))
|
||||
if len(playbackSecret) < 32 {
|
||||
log.Fatal("PLAYBACK_PROXY_SECRET must be set and at least 32 characters")
|
||||
}
|
||||
|
||||
queries := database.New(db)
|
||||
authService := auth.NewService(queries)
|
||||
jikanClient := jikan.NewClient(queries)
|
||||
@@ -50,9 +80,11 @@ func main() {
|
||||
go relationsWorker.Start(ctx)
|
||||
|
||||
app := server.Config{
|
||||
DB: queries,
|
||||
JikanClient: jikanClient,
|
||||
AuthService: authService,
|
||||
DB: queries,
|
||||
SQLDB: db,
|
||||
JikanClient: jikanClient,
|
||||
AuthService: authService,
|
||||
PlaybackProxySecret: playbackSecret,
|
||||
}
|
||||
|
||||
handler := server.NewRouter(app)
|
||||
@@ -86,3 +118,69 @@ func main() {
|
||||
log.Fatalf("Server failed to start: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func resolveMigrationsDir() (string, error) {
|
||||
configured := strings.TrimSpace(os.Getenv("MIGRATIONS_DIR"))
|
||||
if configured != "" {
|
||||
hasFiles, err := directoryHasSQLFiles(configured)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
if !hasFiles {
|
||||
return "", fmt.Errorf("MIGRATIONS_DIR has no .sql files: %s", configured)
|
||||
}
|
||||
|
||||
return configured, nil
|
||||
}
|
||||
|
||||
workingDir, err := os.Getwd()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
executablePath, err := os.Executable()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
candidates := []string{
|
||||
filepath.Join(workingDir, "migrations"),
|
||||
filepath.Join(filepath.Dir(executablePath), "migrations"),
|
||||
}
|
||||
|
||||
for _, candidate := range candidates {
|
||||
hasFiles, checkErr := directoryHasSQLFiles(candidate)
|
||||
if checkErr != nil {
|
||||
if errors.Is(checkErr, os.ErrNotExist) {
|
||||
continue
|
||||
}
|
||||
|
||||
return "", checkErr
|
||||
}
|
||||
|
||||
if hasFiles {
|
||||
return candidate, nil
|
||||
}
|
||||
}
|
||||
|
||||
return "", errors.New("could not find migrations directory")
|
||||
}
|
||||
|
||||
func directoryHasSQLFiles(dir string) (bool, error) {
|
||||
info, err := os.Stat(dir)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
if !info.IsDir() {
|
||||
return false, fmt.Errorf("not a directory: %s", dir)
|
||||
}
|
||||
|
||||
files, err := filepath.Glob(filepath.Join(dir, "*.sql"))
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
return len(files) > 0, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user