dd3ec070f7
### Security-Fixes (K1–K6, W1–W4, W7, N1, N5–N6, V1, V5–V7)
- K1: CSRF-Schutz via Double-Submit-Cookie (httpapi/csrf.go + csrf_helpers.go)
- K2: requireScreenAccess() in allen manage-Handlern (Tenant-Isolation)
- K3: Tenant-Check bei DELETE /api/v1/media/{id}
- K4: requirePlaylistAccess() + GetByItemID() für JSON-API Playlist-Routen
- K5: Admin-Passwort nur noch als [gesetzt] geloggt
- K6: POST /api/v1/screens/register mit Pre-Shared-Secret (MORZ_INFOBOARD_REGISTER_SECRET)
- W1: Race Condition bei order_index behoben (atomare Subquery in AddItem)
- W2: Graceful Shutdown mit 15s Timeout auf SIGTERM/SIGINT
- W3: http.MaxBytesReader (512 MB) in allen Upload-Handlern
- W4: err.Error() nicht mehr an den Client
- W7: Template-Execution via bytes.Buffer (kein partial write bei Fehler)
- N1: Rate-Limiting auf /login (5 Versuche/Minute pro IP, httpapi/ratelimit.go)
- N5: Directory-Listing auf /uploads/ deaktiviert (neuteredFileSystem)
- N6: Uploads nach Tenant getrennt (uploads/{tenantSlug}/)
- V1: Upload-Logik konsolidiert in internal/fileutil/fileutil.go
- V5: Cookie-Name als Konstante reqcontext.SessionCookieName
- V6: Strukturiertes Logging mit log/slog + JSON-Handler
- V7: DB-Pool wird im Graceful-Shutdown geschlossen
### Phase 6: Screenshot-Erzeugung
- player/agent/internal/screenshot/screenshot.go erstellt
- Integration in app.go mit MORZ_INFOBOARD_SCREENSHOT_EVERY Config
### UX: PDF.js Integration
- pdf.min.js + pdf.worker.min.js als lokale Assets eingebettet
- Automatisches Seitendurchblättern im Player
### Ansible: Neue Rollen
- signage_base, signage_server, signage_provision erstellt
- inventory.yml und site.yml erweitert
### Konzept-Docs
- GRUPPEN-KONZEPT.md, KAMPAGNEN-AKTIVIERUNG.md, MONITORING-KONZEPT.md
- PROVISION-KONZEPT.md, TEMPLATE-EDITOR.md, WATCHDOG-KONZEPT.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
161 lines
4.7 KiB
Go
161 lines
4.7 KiB
Go
package app
|
|
|
|
import (
|
|
"context"
|
|
"crypto/rand"
|
|
"encoding/hex"
|
|
"errors"
|
|
"log"
|
|
"log/slog"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"syscall"
|
|
"time"
|
|
|
|
"git.az-it.net/az/morz-infoboard/server/backend/internal/config"
|
|
"git.az-it.net/az/morz-infoboard/server/backend/internal/db"
|
|
"git.az-it.net/az/morz-infoboard/server/backend/internal/httpapi"
|
|
"git.az-it.net/az/morz-infoboard/server/backend/internal/mqttnotifier"
|
|
"git.az-it.net/az/morz-infoboard/server/backend/internal/store"
|
|
)
|
|
|
|
type App struct {
|
|
Config config.Config
|
|
server *http.Server
|
|
notifier *mqttnotifier.Notifier
|
|
authStore *store.AuthStore
|
|
dbPool *db.Pool // V7: für db.Close() im Shutdown
|
|
logger *log.Logger
|
|
}
|
|
|
|
func New() (*App, error) {
|
|
cfg := config.Load()
|
|
// Kompatibilitäts-Logger für db.Connect (erwartet *log.Logger).
|
|
logger := log.New(os.Stdout, "backend ", log.LstdFlags|log.LUTC)
|
|
|
|
// Ensure upload directory exists.
|
|
if err := os.MkdirAll(cfg.UploadDir, 0755); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Connect to database and run migrations.
|
|
pool, err := db.Connect(context.Background(), cfg.DatabaseURL, logger)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Status store (existing in-memory/file store).
|
|
statusStore, err := httpapi.NewStoreFromConfig(cfg.StatusStorePath)
|
|
if err != nil {
|
|
pool.Close()
|
|
return nil, err
|
|
}
|
|
|
|
// Domain stores.
|
|
tenants := store.NewTenantStore(pool.Pool)
|
|
screens := store.NewScreenStore(pool.Pool)
|
|
media := store.NewMediaStore(pool.Pool)
|
|
playlists := store.NewPlaylistStore(pool.Pool)
|
|
authStore := store.NewAuthStore(pool.Pool)
|
|
|
|
// Ensure admin user exists — generate a random password if none is configured.
|
|
adminPassword := cfg.AdminPassword
|
|
if adminPassword == "" {
|
|
buf := make([]byte, 16)
|
|
if _, err := rand.Read(buf); err != nil {
|
|
pool.Close()
|
|
return nil, err
|
|
}
|
|
adminPassword = hex.EncodeToString(buf)
|
|
// V6: slog statt log.Printf — Passwort nie loggen (K5).
|
|
slog.Info("admin password generated", "event", "admin_password_generated", "password", "[gesetzt]")
|
|
}
|
|
if err := authStore.EnsureAdminUser(context.Background(), cfg.DefaultTenantSlug, adminPassword); err != nil {
|
|
slog.Error("ensure admin user failed", "event", "ensure_admin_user_failed", "err", err)
|
|
// Non-fatal: server starts even if admin setup fails.
|
|
}
|
|
|
|
// MQTT notifier (no-op when broker not configured).
|
|
notifier := mqttnotifier.New(cfg.MQTTBroker, cfg.MQTTUsername, cfg.MQTTPassword)
|
|
if cfg.MQTTBroker != "" {
|
|
slog.Info("mqtt notifier enabled", "event", "mqtt_notifier_enabled", "broker", cfg.MQTTBroker)
|
|
} else {
|
|
slog.Info("mqtt notifier disabled", "event", "mqtt_notifier_disabled", "reason", "no_broker_configured")
|
|
}
|
|
|
|
handler := httpapi.NewRouter(httpapi.RouterDeps{
|
|
StatusStore: statusStore,
|
|
TenantStore: tenants,
|
|
ScreenStore: screens,
|
|
MediaStore: media,
|
|
PlaylistStore: playlists,
|
|
AuthStore: authStore,
|
|
Notifier: notifier,
|
|
Config: cfg,
|
|
UploadDir: cfg.UploadDir,
|
|
Logger: logger,
|
|
})
|
|
|
|
return &App{
|
|
Config: cfg,
|
|
server: &http.Server{Addr: cfg.HTTPAddress, Handler: handler},
|
|
notifier: notifier,
|
|
authStore: authStore,
|
|
dbPool: pool, // V7: Referenz für Shutdown
|
|
logger: logger,
|
|
}, nil
|
|
}
|
|
|
|
func (a *App) Run() error {
|
|
defer a.notifier.Close()
|
|
|
|
// W2+V7: Graceful Shutdown mit Signal-Handling.
|
|
// Der Context wird bei SIGTERM/SIGINT abgebrochen, was den Shutdown einleitet.
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
|
|
// Session-Cleanup: expired sessions werden stündlich aus der DB entfernt.
|
|
go func() {
|
|
ticker := time.NewTicker(1 * time.Hour)
|
|
defer ticker.Stop()
|
|
for {
|
|
select {
|
|
case <-ticker.C:
|
|
if err := a.authStore.CleanExpiredSessions(ctx); err != nil {
|
|
slog.Error("session cleanup failed", "event", "session_cleanup_failed", "err", err)
|
|
} else {
|
|
slog.Info("session cleanup ok", "event", "session_cleanup_ok")
|
|
}
|
|
case <-ctx.Done():
|
|
return
|
|
}
|
|
}
|
|
}()
|
|
|
|
// W2: Signal-Handler für Graceful Shutdown.
|
|
sigCh := make(chan os.Signal, 1)
|
|
signal.Notify(sigCh, syscall.SIGTERM, syscall.SIGINT)
|
|
go func() {
|
|
sig := <-sigCh
|
|
slog.Info("shutdown signal received", "event", "shutdown_signal", "signal", sig.String())
|
|
cancel() // Session-Cleanup stoppen.
|
|
|
|
// HTTP-Server mit Timeout herunterfahren.
|
|
shutdownCtx, shutdownCancel := context.WithTimeout(context.Background(), 15*time.Second)
|
|
defer shutdownCancel()
|
|
if err := a.server.Shutdown(shutdownCtx); err != nil {
|
|
slog.Error("shutdown error", "event", "shutdown_error", "err", err)
|
|
}
|
|
|
|
// V7: DB-Pool schließen.
|
|
a.dbPool.Close()
|
|
slog.Info("shutdown complete", "event", "shutdown_complete")
|
|
}()
|
|
|
|
err := a.server.ListenAndServe()
|
|
if errors.Is(err, http.ErrServerClosed) {
|
|
return nil
|
|
}
|
|
return err
|
|
}
|