dataforge/kanban
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merge: bring notifications-realtime + modules into master (preserves files attachments)

Browse Source
This commit is contained in:
egutierrez
2026-05-27 18:43:54 +02:00
parent 5b30fb1ded d13993c0d7
commit 172850178d
38 changed files with 6106 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/dist/assets/index-UVzY_37O.js
Vendored
+1280
View File
File diff suppressed because one or more lines are too long
backend/dist/index.html
Vendored
+1 -1
View File
@@ -4,7 +4,7 @@
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Kanban</title>
<script type="module" crossorigin src="/assets/index-DT3pghXY.js"></script>
<script type="module" crossorigin src="/assets/index-UVzY_37O.js"></script>
<link rel="stylesheet" crossorigin href="/assets/index-b0xjFtx2.css">
</head>
<body>
backend/events.go
+158
View File
@@ -0,0 +1,158 @@
package main
import (
"encoding/json"
"sync"
"sync/atomic"
"time"
)
// EventHub is an in-process pub/sub used to push board mutations and
// notifications to connected clients (SSE for board-wide events, WS for
// per-card chat). Drop policy on slow consumers: best-effort send; if a
// subscriber's buffered channel is full the event is dropped and the
// hub increments dropCount. Clients are expected to reconcile state via
// a full reload when reconnecting.
type EventHub struct {
mu sync.RWMutex
userSubs map[string]map[chan Event]struct{}
cardSubs map[string]map[chan Event]struct{}
dropCount uint64
}
// Event is the envelope broadcast to subscribers.
//
// Type — discriminator (e.g. "card.updated", "message.created").
// CardID — set when payload pertains to a specific card.
// UserID — set for per-user private events (e.g. notifications). Empty
// means broadcast to every user subscriber.
// Payload — arbitrary JSON describing the change.
// TS — RFC3339 timestamp.
type Event struct {
Type string `json:"type"`
CardID string `json:"card_id,omitempty"`
UserID string `json:"user_id,omitempty"`
Payload json.RawMessage `json:"payload,omitempty"`
TS string `json:"ts"`
}
const eventBufSize = 64
func NewEventHub() *EventHub {
return &EventHub{
userSubs: map[string]map[chan Event]struct{}{},
cardSubs: map[string]map[chan Event]struct{}{},
}
}
// SubscribeUser returns a channel that receives every public event plus
// private events targeted at userID. Caller MUST eventually call
// UnsubscribeUser to release resources.
func (h *EventHub) SubscribeUser(userID string) chan Event {
ch := make(chan Event, eventBufSize)
h.mu.Lock()
set, ok := h.userSubs[userID]
if !ok {
set = map[chan Event]struct{}{}
h.userSubs[userID] = set
}
set[ch] = struct{}{}
h.mu.Unlock()
return ch
}
func (h *EventHub) UnsubscribeUser(userID string, ch chan Event) {
h.mu.Lock()
if set, ok := h.userSubs[userID]; ok {
delete(set, ch)
if len(set) == 0 {
delete(h.userSubs, userID)
}
}
h.mu.Unlock()
close(ch)
}
// SubscribeCard returns a channel that receives events scoped to cardID
// (chat messages + typing indicators).
func (h *EventHub) SubscribeCard(cardID string) chan Event {
ch := make(chan Event, eventBufSize)
h.mu.Lock()
set, ok := h.cardSubs[cardID]
if !ok {
set = map[chan Event]struct{}{}
h.cardSubs[cardID] = set
}
set[ch] = struct{}{}
h.mu.Unlock()
return ch
}
func (h *EventHub) UnsubscribeCard(cardID string, ch chan Event) {
h.mu.Lock()
if set, ok := h.cardSubs[cardID]; ok {
delete(set, ch)
if len(set) == 0 {
delete(h.cardSubs, cardID)
}
}
h.mu.Unlock()
close(ch)
}
// Publish delivers ev to every matching subscriber. If ev.UserID is set
// it is delivered ONLY to that user's subscribers; otherwise it fans out
// to all user subscribers. Card subscribers ALWAYS receive events that
// match ev.CardID. Best-effort: full channels are skipped.
func (h *EventHub) Publish(ev Event) {
if ev.TS == "" {
ev.TS = time.Now().UTC().Format(time.RFC3339)
}
h.mu.RLock()
defer h.mu.RUnlock()
deliver := func(ch chan Event) {
select {
case ch <- ev:
default:
atomic.AddUint64(&h.dropCount, 1)
}
}
if ev.UserID != "" {
if set, ok := h.userSubs[ev.UserID]; ok {
for ch := range set {
deliver(ch)
}
}
} else {
for _, set := range h.userSubs {
for ch := range set {
deliver(ch)
}
}
}
if ev.CardID != "" {
if set, ok := h.cardSubs[ev.CardID]; ok {
for ch := range set {
deliver(ch)
}
}
}
}
func (h *EventHub) DropCount() uint64 {
return atomic.LoadUint64(&h.dropCount)
}
// PublishJSON marshals payload and publishes a single Event.
func (h *EventHub) PublishJSON(typ, cardID, userID string, payload interface{}) {
var raw json.RawMessage
if payload != nil {
b, err := json.Marshal(payload)
if err == nil {
raw = b
}
}
h.Publish(Event{Type: typ, CardID: cardID, UserID: userID, Payload: raw})
}
backend/events_test.go
+146
View File
@@ -0,0 +1,146 @@
package main
import (
"sync"
"sync/atomic"
"testing"
"time"
)
func TestEventHub_BroadcastToAllUsers(t *testing.T) {
hub := NewEventHub()
chA := hub.SubscribeUser("alice")
chB := hub.SubscribeUser("bob")
defer hub.UnsubscribeUser("alice", chA)
defer hub.UnsubscribeUser("bob", chB)
hub.PublishJSON("card.updated", "c1", "", map[string]string{"id": "c1"})
for _, ch := range []chan Event{chA, chB} {
select {
case ev := <-ch:
if ev.Type != "card.updated" {
t.Fatalf("type = %q, want card.updated", ev.Type)
}
case <-time.After(time.Second):
t.Fatal("timeout waiting for event")
}
}
}
func TestEventHub_PrivateUserEvent(t *testing.T) {
hub := NewEventHub()
chA := hub.SubscribeUser("alice")
chB := hub.SubscribeUser("bob")
defer hub.UnsubscribeUser("alice", chA)
defer hub.UnsubscribeUser("bob", chB)
hub.PublishJSON("notification.created", "", "alice", map[string]string{"foo": "bar"})
select {
case ev := <-chA:
if ev.UserID != "alice" {
t.Fatalf("user_id = %q, want alice", ev.UserID)
}
case <-time.After(time.Second):
t.Fatal("alice did not get private event")
}
select {
case ev := <-chB:
t.Fatalf("bob received private event for alice: %+v", ev)
case <-time.After(100 * time.Millisecond):
// expected
}
}
func TestEventHub_CardSubscription(t *testing.T) {
hub := NewEventHub()
ch := hub.SubscribeCard("card-1")
defer hub.UnsubscribeCard("card-1", ch)
hub.PublishJSON("message.created", "card-1", "", map[string]string{"id": "m1"})
hub.PublishJSON("message.created", "card-2", "", map[string]string{"id": "m2"})
select {
case ev := <-ch:
if ev.CardID != "card-1" {
t.Fatalf("card_id = %q, want card-1", ev.CardID)
}
case <-time.After(time.Second):
t.Fatal("timeout")
}
select {
case ev := <-ch:
t.Fatalf("received unexpected event for other card: %+v", ev)
case <-time.After(100 * time.Millisecond):
}
}
func TestEventHub_DropPolicyOnSlowConsumer(t *testing.T) {
hub := NewEventHub()
ch := hub.SubscribeUser("slow")
defer hub.UnsubscribeUser("slow", ch)
// Fill the buffer + N extra to force drops.
const extra = 50
for i := 0; i < eventBufSize+extra; i++ {
hub.PublishJSON("noise", "", "slow", nil)
}
if got := hub.DropCount(); got < extra {
t.Fatalf("DropCount = %d, want >= %d", got, extra)
}
}
func TestEventHub_UnsubscribeRemoves(t *testing.T) {
hub := NewEventHub()
ch := hub.SubscribeUser("alice")
hub.UnsubscribeUser("alice", ch)
// channel must be closed
select {
case _, ok := <-ch:
if ok {
t.Fatal("expected closed channel")
}
default:
// channel could be drained-and-closed
}
// Publish should not panic and should not deliver anywhere.
hub.PublishJSON("noise", "", "alice", nil)
}
func TestEventHub_ConcurrentPublishers(t *testing.T) {
hub := NewEventHub()
ch := hub.SubscribeUser("u")
defer hub.UnsubscribeUser("u", ch)
var received atomic.Uint64
done := make(chan struct{})
go func() {
for range ch {
received.Add(1)
}
close(done)
}()
var wg sync.WaitGroup
const writers = 10
const each = 100
for i := 0; i < writers; i++ {
wg.Add(1)
go func() {
defer wg.Done()
for j := 0; j < each; j++ {
hub.PublishJSON("ping", "", "u", nil)
}
}()
}
wg.Wait()
// Give the consumer time to drain.
time.Sleep(200 * time.Millisecond)
got := received.Load()
dropped := hub.DropCount()
if got+dropped < writers*each {
t.Fatalf("received=%d drop=%d want sum >= %d", got, dropped, writers*each)
}
}
backend/handlers.go
+97 -34
View File
@@ -74,8 +74,21 @@ func handleGetBoard(db *DB) http.HandlerFunc {
}
}
// publishInvalidated emits a board.invalidated event so connected clients
// refetch /api/board. Best-effort: dropped events recover on next mutation
// or via the periodic safety reload kept in the SPA.
func publishInvalidated(hub *EventHub, cardID, columnID string) {
if hub == nil {
return
}
hub.PublishJSON("board.invalidated", cardID, "", map[string]string{
"card_id": cardID,
"column_id": columnID,
})
}
// POST /api/columns { name }
func handleCreateColumn(db *DB) http.HandlerFunc {
func handleCreateColumn(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var body struct{ Name string `json:"name"` }
if err := infra.HTTPParseBody(r, &body, maxBodyBytes); err != nil {
@@ -91,12 +104,13 @@ func handleCreateColumn(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
publishInvalidated(hub, "", c.ID)
infra.HTTPJSONResponse(w, http.StatusCreated, c)
}
}
// PATCH /api/columns/{id} { name?, position?, location?, width? }
func handleUpdateColumn(db *DB) http.HandlerFunc {
func handleUpdateColumn(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
var body struct {
@@ -116,24 +130,26 @@ func handleUpdateColumn(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
publishInvalidated(hub, "", id)
w.WriteHeader(http.StatusNoContent)
}
}
// DELETE /api/columns/{id}
func handleDeleteColumn(db *DB) http.HandlerFunc {
func handleDeleteColumn(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
if err := db.DeleteColumn(id); err != nil {
serverError(w, err)
return
}
publishInvalidated(hub, "", id)
w.WriteHeader(http.StatusNoContent)
}
}
// POST /api/columns/reorder { ids: [...] }
func handleReorderColumns(db *DB) http.HandlerFunc {
func handleReorderColumns(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var body struct{ IDs []string `json:"ids"` }
if err := infra.HTTPParseBody(r, &body, maxBodyBytes); err != nil {
@@ -144,12 +160,13 @@ func handleReorderColumns(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
publishInvalidated(hub, "", "")
w.WriteHeader(http.StatusNoContent)
}
}
// POST /api/cards { column_id, requester?, title, description? }
func handleCreateCard(db *DB) http.HandlerFunc {
func handleCreateCard(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var body struct {
ColumnID string `json:"column_id"`
@@ -186,12 +203,13 @@ func handleCreateCard(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
publishInvalidated(hub, c.ID, body.ColumnID)
infra.HTTPJSONResponse(w, http.StatusCreated, c)
}
}
// PATCH /api/cards/{id} { requester?, title?, description?, color? }
func handleUpdateCard(db *DB) http.HandlerFunc {
func handleUpdateCard(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
var raw map[string]any
@@ -249,12 +267,13 @@ func handleUpdateCard(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
publishInvalidated(hub, id, "")
w.WriteHeader(http.StatusNoContent)
}
}
// PUT /api/cards/{id}/stickers { stickers: [{emoji,x,y}, ...] }
func handleUpdateCardStickers(db *DB) http.HandlerFunc {
func handleUpdateCardStickers(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
var body struct {
@@ -268,12 +287,13 @@ func handleUpdateCardStickers(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
publishInvalidated(hub, id, "")
w.WriteHeader(http.StatusNoContent)
}
}
// DELETE /api/cards/{id}
func handleDeleteCard(db *DB) http.HandlerFunc {
func handleDeleteCard(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
actor, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
@@ -281,12 +301,13 @@ func handleDeleteCard(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
publishInvalidated(hub, id, "")
w.WriteHeader(http.StatusNoContent)
}
}
// POST /api/cards/{id}/move { column_id, ordered_ids }
func handleMoveCard(db *DB) http.HandlerFunc {
func handleMoveCard(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
var body struct {
@@ -310,6 +331,7 @@ func handleMoveCard(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
publishInvalidated(hub, id, body.ColumnID)
w.WriteHeader(http.StatusNoContent)
}
}
@@ -328,7 +350,10 @@ func handleListCardMessages(db *DB) http.HandlerFunc {
}
// POST /api/cards/{id}/messages { body }
func handleCreateCardMessage(db *DB) http.HandlerFunc {
//
// Parses @mentions, fans out notifications and publishes message.created via
// the hub so SSE/WS subscribers see the message immediately.
func handleCreateCardMessage(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
var body struct {
@@ -347,7 +372,7 @@ func handleCreateCardMessage(db *DB) http.HandlerFunc {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
return
}
m, err := db.CreateCardMessage(id, actor, body.Body)
m, _, _, err := db.CreateCardMessageAndNotify(id, actor, body.Body, hub)
if err != nil {
if strings.Contains(err.Error(), "not found") {
notFound(w, err.Error())
@@ -361,8 +386,9 @@ func handleCreateCardMessage(db *DB) http.HandlerFunc {
}
// DELETE /api/cards/{cid}/messages/{mid}
func handleDeleteCardMessage(db *DB) http.HandlerFunc {
func handleDeleteCardMessage(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
cid := r.PathValue("id")
mid := r.PathValue("mid")
actor, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if actor == "" {
@@ -377,12 +403,15 @@ func handleDeleteCardMessage(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
if hub != nil {
hub.PublishJSON("message.deleted", cid, "", map[string]string{"id": mid})
}
w.WriteHeader(http.StatusNoContent)
}
}
// POST /api/cards/{id}/duplicate
func handleDuplicateCard(db *DB) http.HandlerFunc {
func handleDuplicateCard(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
actor, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
@@ -395,6 +424,7 @@ func handleDuplicateCard(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
publishInvalidated(hub, c.ID, c.ColumnID)
infra.HTTPJSONResponse(w, http.StatusCreated, c)
}
}
@@ -425,7 +455,7 @@ func handleListTrash(db *DB) http.HandlerFunc {
}
// POST /api/cards/{id}/restore
func handleRestoreCard(db *DB) http.HandlerFunc {
func handleRestoreCard(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
actor, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
@@ -433,6 +463,7 @@ func handleRestoreCard(db *DB) http.HandlerFunc {
serverError(w, err)
return
}
publishInvalidated(hub, id, "")
w.WriteHeader(http.StatusNoContent)
}
}
@@ -553,44 +584,48 @@ func handleListArchive(db *DB) http.HandlerFunc {
}
// POST /api/cards/{id}/archive
func handleArchiveCard(db *DB) http.HandlerFunc {
func handleArchiveCard(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
if err := db.ArchiveCard(id); err != nil {
serverError(w, err)
return
}
publishInvalidated(hub, id, "")
w.WriteHeader(http.StatusNoContent)
}
}
// POST /api/cards/{id}/unarchive
func handleUnarchiveCard(db *DB) http.HandlerFunc {
func handleUnarchiveCard(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
if err := db.UnarchiveCard(id); err != nil {
serverError(w, err)
return
}
publishInvalidated(hub, id, "")
w.WriteHeader(http.StatusNoContent)
}
}
// DELETE /api/cards/{id}/purge
func handlePurgeCard(db *DB) http.HandlerFunc {
func handlePurgeCard(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
if err := db.PurgeCard(id); err != nil {
serverError(w, err)
return
}
publishInvalidated(hub, id, "")
w.WriteHeader(http.StatusNoContent)
}
}
func apiRoutes(db *DB, chatWorkdir string, logger *ChatLogger, internalToken string, flags *FeatureFlags) []infra.Route {
func apiRoutes(db *DB, chatWorkdir string, logger *ChatLogger, internalToken string, flags *FeatureFlags, hub *EventHub, dispatcher *Dispatcher) []infra.Route {
return []infra.Route{
{Method: "GET", Path: "/api/flags", Handler: handleListFlags(flags)},
{Method: "GET", Path: "/api/version", Handler: handleVersion()},
{Method: "POST", Path: "/api/auth/register", Handler: handleRegister(db, flags)},
{Method: "POST", Path: "/api/auth/login", Handler: handleLogin(db)},
{Method: "POST", Path: "/api/auth/logout", Handler: handleLogout(db)},
@@ -598,31 +633,31 @@ func apiRoutes(db *DB, chatWorkdir string, logger *ChatLogger, internalToken str
{Method: "PATCH", Path: "/api/me", Handler: handlePatchMe(db)},
{Method: "GET", Path: "/api/users", Handler: handleListUsers(db)},
{Method: "GET", Path: "/api/board", Handler: handleGetBoard(db)},
{Method: "POST", Path: "/api/columns", Handler: handleCreateColumn(db)},
{Method: "POST", Path: "/api/columns/reorder", Handler: handleReorderColumns(db)},
{Method: "PATCH", Path: "/api/columns/{id}", Handler: handleUpdateColumn(db)},
{Method: "DELETE", Path: "/api/columns/{id}", Handler: handleDeleteColumn(db)},
{Method: "POST", Path: "/api/cards", Handler: handleCreateCard(db)},
{Method: "PATCH", Path: "/api/cards/{id}", Handler: handleUpdateCard(db)},
{Method: "PUT", Path: "/api/cards/{id}/stickers", Handler: handleUpdateCardStickers(db)},
{Method: "DELETE", Path: "/api/cards/{id}", Handler: handleDeleteCard(db)},
{Method: "POST", Path: "/api/cards/{id}/move", Handler: handleMoveCard(db)},
{Method: "POST", Path: "/api/cards/{id}/duplicate", Handler: handleDuplicateCard(db)},
{Method: "POST", Path: "/api/columns", Handler: handleCreateColumn(db, hub)},
{Method: "POST", Path: "/api/columns/reorder", Handler: handleReorderColumns(db, hub)},
{Method: "PATCH", Path: "/api/columns/{id}", Handler: handleUpdateColumn(db, hub)},
{Method: "DELETE", Path: "/api/columns/{id}", Handler: handleDeleteColumn(db, hub)},
{Method: "POST", Path: "/api/cards", Handler: handleCreateCard(db, hub)},
{Method: "PATCH", Path: "/api/cards/{id}", Handler: handleUpdateCard(db, hub)},
{Method: "PUT", Path: "/api/cards/{id}/stickers", Handler: handleUpdateCardStickers(db, hub)},
{Method: "DELETE", Path: "/api/cards/{id}", Handler: handleDeleteCard(db, hub)},
{Method: "POST", Path: "/api/cards/{id}/move", Handler: handleMoveCard(db, hub)},
{Method: "POST", Path: "/api/cards/{id}/duplicate", Handler: handleDuplicateCard(db, hub)},
{Method: "GET", Path: "/api/cards/{id}/messages", Handler: handleListCardMessages(db)},
{Method: "POST", Path: "/api/cards/{id}/messages", Handler: handleCreateCardMessage(db)},
{Method: "DELETE", Path: "/api/cards/{id}/messages/{mid}", Handler: handleDeleteCardMessage(db)},
{Method: "POST", Path: "/api/cards/{id}/messages", Handler: handleCreateCardMessage(db, hub)},
{Method: "DELETE", Path: "/api/cards/{id}/messages/{mid}", Handler: handleDeleteCardMessage(db, hub)},
{Method: "GET", Path: "/api/cards/{id}/history", Handler: handleCardHistory(db)},
{Method: "GET", Path: "/api/trash", Handler: handleListTrash(db)},
{Method: "POST", Path: "/api/cards/{id}/restore", Handler: handleRestoreCard(db)},
{Method: "POST", Path: "/api/cards/{id}/restore", Handler: handleRestoreCard(db, hub)},
{Method: "GET", Path: "/api/reports/daily", Handler: handleDailyReport(db)},
{Method: "GET", Path: "/api/reports/daily/summary", Handler: handleGetDailySummary(db)},
{Method: "POST", Path: "/api/reports/daily/summary", Handler: handleGenerateDailySummary(db)},
{Method: "GET", Path: "/api/settings/{key}", Handler: handleGetSetting(db)},
{Method: "PUT", Path: "/api/settings/{key}", Handler: handlePutSetting(db)},
{Method: "GET", Path: "/api/archive", Handler: handleListArchive(db)},
{Method: "POST", Path: "/api/cards/{id}/archive", Handler: handleArchiveCard(db)},
{Method: "POST", Path: "/api/cards/{id}/unarchive", Handler: handleUnarchiveCard(db)},
{Method: "DELETE", Path: "/api/cards/{id}/purge", Handler: handlePurgeCard(db)},
{Method: "POST", Path: "/api/cards/{id}/archive", Handler: handleArchiveCard(db, hub)},
{Method: "POST", Path: "/api/cards/{id}/unarchive", Handler: handleUnarchiveCard(db, hub)},
{Method: "DELETE", Path: "/api/cards/{id}/purge", Handler: handlePurgeCard(db, hub)},
{Method: "POST", Path: "/api/chat", Handler: handleChat(db, chatWorkdir, logger)},
{Method: "GET", Path: "/api/chat/ws", Handler: handleChatWS(db, chatWorkdir, logger, internalToken)},
{Method: "POST", Path: "/api/tool/{name}", Handler: handleInternalTool(db, internalToken, logger)},
@@ -634,6 +669,34 @@ func apiRoutes(db *DB, chatWorkdir string, logger *ChatLogger, internalToken str
{Method: "GET", Path: "/api/cards/{id}/files", Handler: handleListCardFiles(db)},
{Method: "GET", Path: "/api/files/{id}", Handler: handleServeFile(db)},
{Method: "DELETE", Path: "/api/files/{id}", Handler: handleDeleteCardFile(db)},
// Notifications + realtime (issue notifications-realtime).
{Method: "GET", Path: "/api/events", Handler: handleEventStream(hub)},
{Method: "GET", Path: "/api/cards/{id}/chat/ws", Handler: handleCardChatWS(db, hub)},
{Method: "GET", Path: "/api/notifications", Handler: handleListNotifications(db)},
{Method: "GET", Path: "/api/notifications/unread-count", Handler: handleUnreadCount(db)},
{Method: "POST", Path: "/api/notifications/{id}/read", Handler: handleMarkNotificationRead(db, hub)},
{Method: "POST", Path: "/api/notifications/read-all", Handler: handleMarkAllNotificationsRead(db, hub)},
// MCP per-user tokens.
{Method: "POST", Path: "/api/mcp-tokens", Handler: handleCreateMCPToken(db)},
{Method: "GET", Path: "/api/mcp-tokens", Handler: handleListMCPTokens(db)},
{Method: "DELETE", Path: "/api/mcp-tokens/{id}", Handler: handleRevokeMCPToken(db)},
// Modules: external integrations (Jira, ...).
{Method: "GET", Path: "/api/modules", Handler: handleListModules(db)},
{Method: "POST", Path: "/api/modules", Handler: handleCreateModule(db)},
{Method: "PATCH", Path: "/api/modules/{id}", Handler: handleUpdateModule(db)},
{Method: "DELETE", Path: "/api/modules/{id}", Handler: handleDeleteModule(db)},
{Method: "GET", Path: "/api/modules/{id}/logs", Handler: handleModuleLogs(db)},
{Method: "POST", Path: "/api/modules/{id}/test", Handler: handleTestModule(db, dispatcher)},
}
}
// GET /api/version → {"version": "<semver>"}
//
// Public, no auth. Skipped from session middleware via skip list updated in
// main.go to keep the SPA pre-login able to display the running build.
func handleVersion() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
infra.HTTPJSONResponse(w, http.StatusOK, map[string]string{"version": Version})
}
}
backend/main.go
+37 -3
View File
@@ -21,6 +21,11 @@ import (
//go:embed all:dist
var frontendDist embed.FS
// Version is the build-time identifier of the kanban app. It is injected
// from app.md's `version:` field via -ldflags "-X main.Version=..." by run.sh
// (and by docker/CI). Defaults to "dev" for hand-built binaries.
var Version = "dev"
func main() {
// Subcommand `kanban mcp` runs as MCP server over stdio (spawned by claude -p).
if len(os.Args) > 1 && os.Args[1] == "mcp" {
@@ -63,7 +68,13 @@ func main() {
wd := chatWorkdir(*dbPath)
logger := newChatLogger(filepath.Join(wd, "chat.log"))
log.Printf("chat tool log: %s", logger.path)
mux := infra.HTTPRouter(apiRoutes(db, wd, logger, internalToken, &featureFlags))
hub := NewEventHub()
dispatcher := NewDispatcher(db, hub)
dispatcher.Start()
defer dispatcher.Stop()
mux := infra.HTTPRouter(apiRoutes(db, wd, logger, internalToken, &featureFlags, hub, dispatcher))
mux.Handle("/mcp", mcpHTTPHandler(db))
feHandler := frontendHandler()
if feHandler != nil {
@@ -76,7 +87,7 @@ func main() {
authMW := infra.HTTPSessionCookieMiddleware(infra.SessionCookieConfig{
DB: db.conn,
CookieName: cookieName,
SkipPaths: []string{"/api/auth/", "/api/tool/", "/api/flags", "/health", "/assets/", "/index.html"},
SkipPaths: []string{"/api/auth/", "/api/tool/", "/api/flags", "/api/version", "/health", "/assets/", "/index.html"},
UserCtxKey: userCtxKey,
})
@@ -163,5 +174,28 @@ func frontendHandler() http.Handler {
if len(entries) == 0 {
return nil
}
return infra.SPAHandler(sub, "index.html")
return cacheHeadersMiddleware(infra.SPAHandler(sub, "index.html"))
}
// cacheHeadersMiddleware ensures the SPA shell is never cached while the
// hashed assets (which are content-addressed by Vite) are cached for a long
// time. Without this, browsers happily reuse an old index.html — pinned to a
// stale /assets/index-<hash>.js URL — and never pick up new releases.
//
// Policy:
//
// /assets/* → public, max-age=1y, immutable (filename changes per build)
// everything else → no-store, must-revalidate (forces revalidation on every
// navigation so the latest hash is always discovered)
func cacheHeadersMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if strings.HasPrefix(r.URL.Path, "/assets/") {
w.Header().Set("Cache-Control", "public, max-age=31536000, immutable")
} else {
w.Header().Set("Cache-Control", "no-store, no-cache, must-revalidate")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Expires", "0")
}
next.ServeHTTP(w, r)
})
}
backend/mcp.go
+25
View File
@@ -254,6 +254,31 @@ func mcpToolDefs() []infra.MCPToolDef {
"required": []string{"id"},
}),
},
{
Name: "add_comment",
Description: "Anade un comentario (card_message) a una tarjeta. Requiere card_id, body y autor (author_id o author_username). Devuelve el CardMessage creado.",
InputSchema: rawSchema(map[string]any{
"type": "object",
"properties": map[string]any{
"card_id": map[string]any{"type": "string"},
"body": map[string]any{"type": "string"},
"author_id": map[string]any{"type": "string"},
"author_username": map[string]any{"type": "string"},
},
"required": []string{"card_id", "body"},
}),
},
{
Name: "list_comments",
Description: "Lista los comentarios (card_messages) de una tarjeta en orden cronologico.",
InputSchema: rawSchema(map[string]any{
"type": "object",
"properties": map[string]any{
"card_id": map[string]any{"type": "string"},
},
"required": []string{"card_id"},
}),
},
}
}
backend/mcp_http.go
+55
View File
@@ -0,0 +1,55 @@
package main
import (
"context"
"encoding/json"
"errors"
"net/http"
"os"
"strings"
"fn-registry/functions/infra"
)
// mcpHTTPHandler builds the http.Handler that serves the MCP Streamable HTTP
// transport for remote Claude clients. Bearer-auth backed by the mcp_tokens
// table; tool dispatch reuses executeTool() — the same set of operations the
// chat assistant uses internally.
func mcpHTTPHandler(db *DB) http.Handler {
auth := func(r *http.Request) (context.Context, error) {
header := r.Header.Get("Authorization")
token := strings.TrimSpace(strings.TrimPrefix(header, "Bearer "))
if token == "" || token == header {
return nil, errors.New("missing bearer token")
}
userID, err := db.LookupMCPToken(token)
if err != nil {
return nil, err
}
if userID == "" {
return nil, errors.New("invalid or revoked token")
}
return context.WithValue(r.Context(), userCtxKey, userID), nil
}
handler := func(ctx context.Context, name string, input json.RawMessage) (any, bool, error) {
body := input
if len(body) == 0 {
body = json.RawMessage(`{}`)
}
res := executeTool(db, name, body)
if !res.OK {
return res.Error, true, nil
}
return res.Result, false, nil
}
return infra.MCPHTTPHandler(infra.MCPHTTPOpts{
Name: "kanban",
Version: Version,
Tools: mcpToolDefs(),
Handler: handler,
Auth: auth,
Logger: os.Stderr,
})
}
backend/mcp_tokens.go
+132
View File
@@ -0,0 +1,132 @@
package main
import (
"crypto/rand"
"crypto/sha256"
"database/sql"
"encoding/hex"
"errors"
"fmt"
)
// MCPToken is a per-user access token used by remote Claude clients to talk to
// the kanban MCP HTTP endpoint. The plaintext value is shown ONCE at creation
// time; we only persist the SHA-256 hash.
type MCPToken struct {
ID string `json:"id"`
Name string `json:"name"`
CreatedAt string `json:"created_at"`
LastUsedAt *string `json:"last_used_at,omitempty"`
}
const mcpTokenPrefix = "kmcp_"
var errMCPTokenNotFound = errors.New("mcp token not found")
// MintMCPToken creates a new active token for userID and returns the plaintext
// value (caller must surface it to the user immediately; it cannot be
// recovered later) along with the row metadata.
func (db *DB) MintMCPToken(userID, name string) (string, *MCPToken, error) {
if userID == "" {
return "", nil, fmt.Errorf("user_id required")
}
plaintext, err := generateMCPTokenPlaintext()
if err != nil {
return "", nil, fmt.Errorf("generate token: %w", err)
}
tok := &MCPToken{
ID: newID(),
Name: name,
CreatedAt: nowRFC3339(),
}
_, err = db.conn.Exec(
`INSERT INTO mcp_tokens (id, user_id, token_hash, name, created_at) VALUES (?, ?, ?, ?, ?)`,
tok.ID, userID, hashMCPToken(plaintext), tok.Name, tok.CreatedAt,
)
if err != nil {
return "", nil, err
}
return plaintext, tok, nil
}
func (db *DB) ListMCPTokens(userID string) ([]MCPToken, error) {
rows, err := db.conn.Query(
`SELECT id, name, created_at, last_used_at FROM mcp_tokens
WHERE user_id=? AND revoked_at IS NULL
ORDER BY created_at DESC`, userID,
)
if err != nil {
return nil, err
}
defer rows.Close()
out := []MCPToken{}
for rows.Next() {
var t MCPToken
var lastUsed sql.NullString
if err := rows.Scan(&t.ID, &t.Name, &t.CreatedAt, &lastUsed); err != nil {
return nil, err
}
if lastUsed.Valid {
t.LastUsedAt = &lastUsed.String
}
out = append(out, t)
}
return out, rows.Err()
}
// RevokeMCPToken sets revoked_at on the token belonging to userID. Returns
// errMCPTokenNotFound if no active row matches.
func (db *DB) RevokeMCPToken(userID, tokenID string) error {
res, err := db.conn.Exec(
`UPDATE mcp_tokens SET revoked_at=? WHERE id=? AND user_id=? AND revoked_at IS NULL`,
nowRFC3339(), tokenID, userID,
)
if err != nil {
return err
}
n, err := res.RowsAffected()
if err != nil {
return err
}
if n == 0 {
return errMCPTokenNotFound
}
return nil
}
// LookupMCPToken hashes plaintext and returns the owning user_id if the token
// is active. Updates last_used_at as a side effect. Returns "" + nil when the
// token does not match an active row.
func (db *DB) LookupMCPToken(plaintext string) (string, error) {
if plaintext == "" {
return "", nil
}
hash := hashMCPToken(plaintext)
var userID, id string
err := db.conn.QueryRow(
`SELECT id, user_id FROM mcp_tokens WHERE token_hash=? AND revoked_at IS NULL`, hash,
).Scan(&id, &userID)
if errors.Is(err, sql.ErrNoRows) {
return "", nil
}
if err != nil {
return "", err
}
if _, err := db.conn.Exec(`UPDATE mcp_tokens SET last_used_at=? WHERE id=?`, nowRFC3339(), id); err != nil {
return userID, fmt.Errorf("touch last_used_at: %w", err)
}
return userID, nil
}
func hashMCPToken(plaintext string) string {
sum := sha256.Sum256([]byte(plaintext))
return hex.EncodeToString(sum[:])
}
func generateMCPTokenPlaintext() (string, error) {
b := make([]byte, 32)
if _, err := rand.Read(b); err != nil {
return "", err
}
return mcpTokenPrefix + hex.EncodeToString(b), nil
}
backend/mcp_tokens_handlers.go
+83
View File
@@ -0,0 +1,83 @@
package main
import (
"errors"
"net/http"
"strings"
"fn-registry/functions/infra"
)
// POST /api/mcp-tokens {name}
//
// Mints a new MCP token for the current user. The plaintext token is returned
// ONLY in this response — there is no way to retrieve it again.
func handleCreateMCPToken(db *DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if userID == "" {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "login required"})
return
}
var body struct {
Name string `json:"name"`
}
if err := infra.HTTPParseBody(r, &body, maxBodyBytes); err != nil {
badRequest(w, err.Error())
return
}
name := strings.TrimSpace(body.Name)
if name == "" {
name = "default"
}
plaintext, tok, err := db.MintMCPToken(userID, name)
if err != nil {
serverError(w, err)
return
}
infra.HTTPJSONResponse(w, http.StatusCreated, map[string]any{
"id": tok.ID,
"name": tok.Name,
"created_at": tok.CreatedAt,
"token": plaintext,
})
}
}
// GET /api/mcp-tokens
func handleListMCPTokens(db *DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if userID == "" {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "login required"})
return
}
tokens, err := db.ListMCPTokens(userID)
if err != nil {
serverError(w, err)
return
}
infra.HTTPJSONResponse(w, http.StatusOK, tokens)
}
}
// DELETE /api/mcp-tokens/{id}
func handleRevokeMCPToken(db *DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if userID == "" {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "login required"})
return
}
id := r.PathValue("id")
if err := db.RevokeMCPToken(userID, id); err != nil {
if errors.Is(err, errMCPTokenNotFound) {
notFound(w, "token not found")
return
}
serverError(w, err)
return
}
w.WriteHeader(http.StatusNoContent)
}
}
backend/migrations/015_notifications.sql
+42
View File
@@ -0,0 +1,42 @@
-- Per-user notifications + persisted @mentions.
-- Created by card chat messages (card_messages).
--
-- Kinds:
-- mention — user mentioned via @username in body
-- assigned_chat — user is the card's assignee and someone else commented
-- reply — user previously commented on this card (or is requester)
-- A row is created per (recipient_user, message). The kind chosen is the
-- highest priority among those that apply: mention > assigned_chat > reply.
CREATE TABLE IF NOT EXISTS notifications (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL,
card_id TEXT NOT NULL,
message_id TEXT NOT NULL,
kind TEXT NOT NULL,
actor_id TEXT NOT NULL,
created_at TEXT NOT NULL,
read_at TEXT,
FOREIGN KEY (card_id) REFERENCES cards(id) ON DELETE CASCADE,
FOREIGN KEY (message_id) REFERENCES card_messages(id) ON DELETE CASCADE
);
CREATE INDEX IF NOT EXISTS idx_notifications_user_unread
ON notifications(user_id, read_at, created_at DESC);
CREATE INDEX IF NOT EXISTS idx_notifications_user_created
ON notifications(user_id, created_at DESC);
CREATE TABLE IF NOT EXISTS card_mentions (
id TEXT PRIMARY KEY,
card_id TEXT NOT NULL,
message_id TEXT NOT NULL,
user_id TEXT NOT NULL,
created_at TEXT NOT NULL,
FOREIGN KEY (card_id) REFERENCES cards(id) ON DELETE CASCADE,
FOREIGN KEY (message_id) REFERENCES card_messages(id) ON DELETE CASCADE
);
CREATE INDEX IF NOT EXISTS idx_card_mentions_user ON card_mentions(user_id, created_at DESC);
CREATE INDEX IF NOT EXISTS idx_card_mentions_card ON card_mentions(card_id);
CREATE INDEX IF NOT EXISTS idx_card_mentions_message ON card_mentions(message_id);
backend/migrations/016_modules.sql
+45
View File
@@ -0,0 +1,45 @@
-- Outbound modules (integrations): kanban events → external systems.
--
-- A module is a configured subscription. The dispatcher (modules.go)
-- subscribes to the EventHub and, for each event whose type matches the
-- module's event_filter, calls the kind-specific handler with the
-- decrypted config.
--
-- Tokens / secrets are encrypted with AES-GCM at rest. The key is derived
-- from the KANBAN_MODULE_KEY environment variable (sha256 of the value).
CREATE TABLE IF NOT EXISTS modules (
id TEXT PRIMARY KEY,
name TEXT NOT NULL,
kind TEXT NOT NULL, -- 'jira' | 'webhook' | …
enabled INTEGER NOT NULL DEFAULT 1,
event_filter TEXT NOT NULL, -- comma-separated event types
config_cipher BLOB NOT NULL, -- AES-GCM ciphertext of JSON
config_nonce BLOB NOT NULL,
created_at TEXT NOT NULL,
updated_at TEXT NOT NULL
);
CREATE TABLE IF NOT EXISTS module_logs (
id TEXT PRIMARY KEY,
module_id TEXT NOT NULL,
event_type TEXT NOT NULL,
card_id TEXT,
status INTEGER, -- HTTP status or 0 if pre-flight
duration_ms INTEGER,
error TEXT,
created_at TEXT NOT NULL
);
CREATE INDEX IF NOT EXISTS idx_module_logs_module_created
ON module_logs(module_id, created_at DESC);
-- jira_key: 1:1 link between a kanban card and its Jira issue. Empty
-- string when the card has not yet been synced to Jira.
ALTER TABLE cards ADD COLUMN jira_key TEXT NOT NULL DEFAULT '';
-- is_admin: gates /api/modules access and the Modulos menu item.
-- Bootstrap: egutierrez (the initial admin) is marked admin so the
-- feature is reachable on first deploy. Other users start as non-admin.
ALTER TABLE users ADD COLUMN is_admin INTEGER NOT NULL DEFAULT 0;
UPDATE users SET is_admin = 1 WHERE username = 'egutierrez';
backend/migrations/017_mcp_tokens.sql
+26
View File
@@ -0,0 +1,26 @@
-- Per-user MCP access tokens. Users mint tokens from the settings UI and
-- paste them into their local Claude (`claude mcp add --transport http ...`).
-- The plaintext token is shown ONCE at creation time; we only store the hash.
--
-- token_hash is a SHA-256 hex digest of the plaintext token. Lookup on
-- incoming requests: hash the bearer, look up the row, accept if not revoked.
--
-- revoked_at is NULL for active tokens. Tokens are never deleted (audit
-- trail); revocation is a soft delete.
CREATE TABLE IF NOT EXISTS mcp_tokens (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
token_hash TEXT NOT NULL UNIQUE,
name TEXT NOT NULL DEFAULT '',
created_at TEXT NOT NULL,
last_used_at TEXT,
revoked_at TEXT
);
CREATE INDEX IF NOT EXISTS idx_mcp_tokens_user_active
ON mcp_tokens(user_id)
WHERE revoked_at IS NULL;
CREATE INDEX IF NOT EXISTS idx_mcp_tokens_hash_active
ON mcp_tokens(token_hash)
WHERE revoked_at IS NULL;
backend/modules.go
+725
View File
@@ -0,0 +1,725 @@
package main
import (
"bytes"
"context"
"database/sql"
"encoding/base64"
"encoding/json"
"fmt"
"io"
"log"
"net/http"
"strings"
"time"
)
// =============================================================================
// Module model
// =============================================================================
type Module struct {
ID string `json:"id"`
Name string `json:"name"`
Kind string `json:"kind"`
Enabled bool `json:"enabled"`
EventFilter []string `json:"event_filter"`
Config JSONValue `json:"config"`
CreatedAt string `json:"created_at"`
UpdatedAt string `json:"updated_at"`
}
// JSONValue is an arbitrary JSON object decoded into a generic map. We do not
// model per-kind config in Go types because the set of kinds grows over time
// and the dispatcher only inspects fields it knows.
type JSONValue map[string]interface{}
type ModuleLog struct {
ID string `json:"id"`
ModuleID string `json:"module_id"`
EventType string `json:"event_type"`
CardID string `json:"card_id"`
Status int `json:"status"`
DurationMs int `json:"duration_ms"`
Error string `json:"error"`
CreatedAt string `json:"created_at"`
}
// =============================================================================
// DB helpers (modules + logs)
// =============================================================================
// listModulesEnabled returns all enabled modules with their config decrypted.
// Disabled modules are silently skipped — callers iterate the result without
// further filtering.
func (db *DB) listModulesEnabled() ([]Module, error) {
return db.listModulesWhere("WHERE enabled = 1")
}
func (db *DB) listModulesAll() ([]Module, error) {
return db.listModulesWhere("")
}
func (db *DB) listModulesWhere(filter string) ([]Module, error) {
q := `SELECT id, name, kind, enabled, event_filter, config_cipher, config_nonce, created_at, updated_at FROM modules ` + filter + ` ORDER BY created_at`
rows, err := db.conn.Query(q)
if err != nil {
return nil, err
}
defer rows.Close()
out := []Module{}
for rows.Next() {
var m Module
var enabled int
var filter, createdAt, updatedAt string
var cipherBlob, nonce []byte
if err := rows.Scan(&m.ID, &m.Name, &m.Kind, &enabled, &filter, &cipherBlob, &nonce, &createdAt, &updatedAt); err != nil {
return nil, err
}
m.Enabled = enabled == 1
m.EventFilter = splitCSV(filter)
m.CreatedAt = createdAt
m.UpdatedAt = updatedAt
cfg, err := decryptConfig(cipherBlob, nonce)
if err != nil {
// Surface the decrypt failure so the operator notices but
// avoid dropping the module from the list entirely.
log.Printf("module %s: decrypt config: %v", m.ID, err)
m.Config = JSONValue{"_decrypt_error": err.Error()}
} else {
_ = json.Unmarshal(cfg, &m.Config)
}
out = append(out, m)
}
return out, rows.Err()
}
func (db *DB) getModule(id string) (*Module, error) {
mods, err := db.listModulesWhere(`WHERE id = '` + escapeSQL(id) + `'`)
if err != nil || len(mods) == 0 {
if err == nil {
err = sql.ErrNoRows
}
return nil, err
}
return &mods[0], nil
}
func escapeSQL(s string) string {
return strings.ReplaceAll(s, "'", "''")
}
func (db *DB) saveModule(m *Module) error {
cfgJSON, err := json.Marshal(m.Config)
if err != nil {
return err
}
cipherBlob, nonce, err := encryptConfig(cfgJSON)
if err != nil {
return err
}
now := nowRFC3339()
if m.ID == "" {
m.ID = newID()
m.CreatedAt = now
m.UpdatedAt = now
_, err = db.conn.Exec(
`INSERT INTO modules (id, name, kind, enabled, event_filter, config_cipher, config_nonce, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
m.ID, m.Name, m.Kind, boolInt(m.Enabled), strings.Join(m.EventFilter, ","),
cipherBlob, nonce, m.CreatedAt, m.UpdatedAt,
)
return err
}
m.UpdatedAt = now
_, err = db.conn.Exec(
`UPDATE modules SET name=?, kind=?, enabled=?, event_filter=?, config_cipher=?, config_nonce=?, updated_at=? WHERE id=?`,
m.Name, m.Kind, boolInt(m.Enabled), strings.Join(m.EventFilter, ","),
cipherBlob, nonce, m.UpdatedAt, m.ID,
)
return err
}
func (db *DB) deleteModule(id string) error {
_, err := db.conn.Exec(`DELETE FROM modules WHERE id=?`, id)
return err
}
func (db *DB) appendModuleLog(l ModuleLog) error {
if l.ID == "" {
l.ID = newID()
}
if l.CreatedAt == "" {
l.CreatedAt = nowRFC3339()
}
_, err := db.conn.Exec(
`INSERT INTO module_logs (id, module_id, event_type, card_id, status, duration_ms, error, created_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
l.ID, l.ModuleID, l.EventType, l.CardID, l.Status, l.DurationMs, l.Error, l.CreatedAt,
)
return err
}
func (db *DB) listModuleLogs(moduleID string, limit int) ([]ModuleLog, error) {
if limit <= 0 {
limit = 100
}
rows, err := db.conn.Query(
`SELECT id, module_id, event_type, card_id, status, duration_ms, error, created_at
FROM module_logs WHERE module_id = ? ORDER BY created_at DESC LIMIT ?`,
moduleID, limit,
)
if err != nil {
return nil, err
}
defer rows.Close()
out := []ModuleLog{}
for rows.Next() {
var l ModuleLog
var cardID sql.NullString
if err := rows.Scan(&l.ID, &l.ModuleID, &l.EventType, &cardID, &l.Status, &l.DurationMs, &l.Error, &l.CreatedAt); err != nil {
return nil, err
}
if cardID.Valid {
l.CardID = cardID.String
}
out = append(out, l)
}
return out, rows.Err()
}
// setCardJiraKey stores the Jira issue key for a card after a successful
// create call. We skip the regular UpdateCard path to avoid emitting a
// `card.updated` event (which would loop us back through the dispatcher).
func (db *DB) setCardJiraKey(cardID, jiraKey string) error {
_, err := db.conn.Exec(`UPDATE cards SET jira_key=? WHERE id=?`, jiraKey, cardID)
return err
}
func (db *DB) getCardForJira(cardID string) (*cardForJira, error) {
var c cardForJira
var assignee, deadline, jiraKey sql.NullString
var tagsJSON string
err := db.conn.QueryRow(
`SELECT c.id, c.title, c.description, c.requester, c.column_id, c.assignee_id,
c.deadline, c.tags, c.jira_key, c.created_at, col.name
FROM cards c JOIN columns col ON col.id = c.column_id WHERE c.id = ?`,
cardID,
).Scan(&c.ID, &c.Title, &c.Description, &c.Requester, &c.ColumnID, &assignee,
&deadline, &tagsJSON, &jiraKey, &c.CreatedAt, &c.ColumnName)
if err != nil {
return nil, err
}
if assignee.Valid {
c.AssigneeID = assignee.String
}
if deadline.Valid {
c.Deadline = deadline.String
}
if jiraKey.Valid {
c.JiraKey = jiraKey.String
}
_ = json.Unmarshal([]byte(tagsJSON), &c.Tags)
return &c, nil
}
type cardForJira struct {
ID string
Title string
Description string
Requester string
ColumnID string
ColumnName string
AssigneeID string
Deadline string
Tags []string
JiraKey string
CreatedAt string
}
func (c *cardForJira) hasTag(name string) bool {
name = strings.ToLower(name)
for _, t := range c.Tags {
if strings.ToLower(t) == name {
return true
}
}
return false
}
func splitCSV(s string) []string {
if s == "" {
return nil
}
parts := strings.Split(s, ",")
out := make([]string, 0, len(parts))
for _, p := range parts {
p = strings.TrimSpace(p)
if p != "" {
out = append(out, p)
}
}
return out
}
func boolInt(b bool) int {
if b {
return 1
}
return 0
}
// =============================================================================
// Dispatcher
// =============================================================================
const (
moduleRetries = 3
moduleRetryDelay1 = 1 * time.Second
moduleRetryDelay2 = 5 * time.Second
moduleRetryDelay3 = 30 * time.Second
moduleHTTPTimeout = 15 * time.Second
moduleOptOutTag = "nojira"
moduleDispatchQueue = 256
)
// Dispatcher fans events from the EventHub into per-module handlers.
//
// Lifecycle:
// - Start() spawns a single subscriber goroutine on the hub plus a
// bounded worker pool.
// - Stop() cancels the context and waits for in-flight requests to drain.
//
// Handlers receive a decrypted Module copy + the Event; they own the HTTP
// call to the target system. The dispatcher logs every attempt.
type Dispatcher struct {
db *DB
hub *EventHub
handlers map[string]Handler
queue chan dispatchTask
ctx context.Context
cancel context.CancelFunc
enabled bool
}
type dispatchTask struct {
module Module
event Event
}
type Handler interface {
Handle(ctx context.Context, db *DB, m Module, ev Event) (status int, err error)
TestConnection(ctx context.Context, m Module) (status int, err error)
}
func NewDispatcher(db *DB, hub *EventHub) *Dispatcher {
_, hasKey := moduleKey()
return &Dispatcher{
db: db,
hub: hub,
handlers: map[string]Handler{"jira": &jiraHandler{}},
queue: make(chan dispatchTask, moduleDispatchQueue),
enabled: hasKey,
}
}
func (d *Dispatcher) Start() {
if !d.enabled {
log.Printf("module dispatcher disabled (%s not set)", moduleKeyEnv)
return
}
d.ctx, d.cancel = context.WithCancel(context.Background())
// Subscribe under a synthetic user so the hub treats us as a normal
// recipient of broadcast events. Private user-targeted events are
// uninteresting for outbound sync.
go d.run()
for i := 0; i < 4; i++ {
go d.worker(i)
}
log.Printf("module dispatcher started")
}
func (d *Dispatcher) Stop() {
if d.cancel != nil {
d.cancel()
}
}
func (d *Dispatcher) run() {
ch := d.hub.SubscribeUser("__module_dispatcher__")
defer d.hub.UnsubscribeUser("__module_dispatcher__", ch)
for {
select {
case <-d.ctx.Done():
return
case ev, ok := <-ch:
if !ok {
return
}
d.fanout(ev)
}
}
}
func (d *Dispatcher) fanout(ev Event) {
mods, err := d.db.listModulesEnabled()
if err != nil {
log.Printf("dispatcher: listModulesEnabled: %v", err)
return
}
for _, m := range mods {
if !filterMatches(m.EventFilter, ev.Type) {
continue
}
if !cutoffOK(d.db, m, ev) {
continue
}
if ev.CardID != "" {
c, err := d.db.getCardForJira(ev.CardID)
if err == nil && c.hasTag(moduleOptOutTag) {
continue
}
}
select {
case d.queue <- dispatchTask{module: m, event: ev}:
default:
log.Printf("dispatcher: queue full, dropping event %s for module %s", ev.Type, m.ID)
}
}
}
func (d *Dispatcher) worker(id int) {
for {
select {
case <-d.ctx.Done():
return
case task, ok := <-d.queue:
if !ok {
return
}
d.dispatch(task)
}
}
}
// dispatch runs the handler with up to moduleRetries attempts using a
// fixed back-off schedule (1s, 5s, 30s). Each attempt creates a log row;
// the final outcome is the one returned to the caller.
func (d *Dispatcher) dispatch(t dispatchTask) {
h, ok := d.handlers[t.module.Kind]
if !ok {
_ = d.db.appendModuleLog(ModuleLog{
ModuleID: t.module.ID, EventType: t.event.Type, CardID: t.event.CardID,
Error: "unknown module kind: " + t.module.Kind,
})
return
}
delays := []time.Duration{0, moduleRetryDelay1, moduleRetryDelay2, moduleRetryDelay3}
for attempt := 0; attempt < moduleRetries; attempt++ {
if delays[attempt] > 0 {
select {
case <-d.ctx.Done():
return
case <-time.After(delays[attempt]):
}
}
ctx, cancel := context.WithTimeout(d.ctx, moduleHTTPTimeout)
start := time.Now()
status, err := h.Handle(ctx, d.db, t.module, t.event)
cancel()
ml := ModuleLog{
ModuleID: t.module.ID, EventType: t.event.Type, CardID: t.event.CardID,
Status: status, DurationMs: int(time.Since(start).Milliseconds()),
}
if err != nil {
ml.Error = err.Error()
}
_ = d.db.appendModuleLog(ml)
if err == nil {
return
}
// 4xx client errors are not worth retrying.
if status >= 400 && status < 500 {
return
}
}
}
// =============================================================================
// Helpers
// =============================================================================
func filterMatches(filter []string, eventType string) bool {
for _, f := range filter {
if f == eventType || f == "*" {
return true
}
}
return false
}
// cutoffOK applies the "module only sees events posterior to its creation"
// rule. Cards that were already linked to Jira (jira_key != "") are always
// eligible regardless of timestamps.
func cutoffOK(db *DB, m Module, ev Event) bool {
if ev.CardID == "" {
return true
}
c, err := db.getCardForJira(ev.CardID)
if err != nil {
return false
}
if c.JiraKey != "" {
return true
}
return c.CreatedAt >= m.CreatedAt
}
// =============================================================================
// Jira handler
// =============================================================================
type jiraHandler struct{}
type jiraConfig struct {
BaseURL string `json:"base_url"`
Email string `json:"email"`
APIToken string `json:"api_token"`
ProjectKey string `json:"project_key"`
StatusMap map[string]string `json:"status_map"`
}
func parseJiraConfig(m Module) (jiraConfig, error) {
b, err := json.Marshal(m.Config)
if err != nil {
return jiraConfig{}, err
}
var c jiraConfig
if err := json.Unmarshal(b, &c); err != nil {
return jiraConfig{}, err
}
c.BaseURL = strings.TrimRight(c.BaseURL, "/")
if c.BaseURL == "" {
return c, fmt.Errorf("base_url required")
}
return c, nil
}
func (h *jiraHandler) jiraRequest(ctx context.Context, c jiraConfig, method, path string, body interface{}) (int, []byte, error) {
var rdr io.Reader
if body != nil {
b, err := json.Marshal(body)
if err != nil {
return 0, nil, err
}
rdr = bytes.NewReader(b)
}
req, err := http.NewRequestWithContext(ctx, method, c.BaseURL+path, rdr)
if err != nil {
return 0, nil, err
}
req.Header.Set("Accept", "application/json")
if body != nil {
req.Header.Set("Content-Type", "application/json")
}
if c.Email != "" && c.APIToken != "" {
basic := base64.StdEncoding.EncodeToString([]byte(c.Email + ":" + c.APIToken))
req.Header.Set("Authorization", "Basic "+basic)
}
resp, err := http.DefaultClient.Do(req)
if err != nil {
return 0, nil, err
}
defer resp.Body.Close()
respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
if resp.StatusCode >= 400 {
return resp.StatusCode, respBody, fmt.Errorf("jira %s %s: %d %s", method, path, resp.StatusCode, truncate(respBody, 240))
}
return resp.StatusCode, respBody, nil
}
func truncate(b []byte, n int) string {
if len(b) <= n {
return string(b)
}
return string(b[:n]) + "…"
}
func (h *jiraHandler) TestConnection(ctx context.Context, m Module) (int, error) {
c, err := parseJiraConfig(m)
if err != nil {
return 0, err
}
status, _, err := h.jiraRequest(ctx, c, http.MethodGet, "/rest/api/3/myself", nil)
return status, err
}
func (h *jiraHandler) Handle(ctx context.Context, db *DB, m Module, ev Event) (int, error) {
c, err := parseJiraConfig(m)
if err != nil {
return 0, err
}
switch ev.Type {
case "card.created":
return h.create(ctx, db, c, ev)
case "card.updated", "board.invalidated":
return h.update(ctx, db, c, ev)
case "card.moved":
return h.transition(ctx, db, c, ev)
case "message.created":
return h.comment(ctx, db, c, ev)
default:
// Silently ignore unhandled event types so the dispatcher does not
// retry on irrelevant traffic.
return 200, nil
}
}
func (h *jiraHandler) create(ctx context.Context, db *DB, c jiraConfig, ev Event) (int, error) {
if ev.CardID == "" {
return 0, nil
}
card, err := db.getCardForJira(ev.CardID)
if err != nil {
return 0, err
}
if card.JiraKey != "" {
// Idempotent: card already linked to Jira; treat as update.
return h.update(ctx, db, c, ev)
}
if c.ProjectKey == "" {
return 0, fmt.Errorf("project_key required for create")
}
body := map[string]interface{}{
"fields": map[string]interface{}{
"project": map[string]string{"key": c.ProjectKey},
"summary": card.Title,
"description": adfText(card.Description),
"issuetype": map[string]string{"name": "Task"},
},
}
status, resp, err := h.jiraRequest(ctx, c, http.MethodPost, "/rest/api/3/issue", body)
if err != nil {
return status, err
}
var parsed struct {
Key string `json:"key"`
}
_ = json.Unmarshal(resp, &parsed)
if parsed.Key != "" {
if err := db.setCardJiraKey(card.ID, parsed.Key); err != nil {
return status, fmt.Errorf("link jira key: %w", err)
}
}
return status, nil
}
func (h *jiraHandler) update(ctx context.Context, db *DB, c jiraConfig, ev Event) (int, error) {
if ev.CardID == "" {
return 0, nil
}
card, err := db.getCardForJira(ev.CardID)
if err != nil {
return 0, err
}
if card.JiraKey == "" {
// Card not yet linked — bootstrap by creating it.
return h.create(ctx, db, c, ev)
}
body := map[string]interface{}{
"fields": map[string]interface{}{
"summary": card.Title,
"description": adfText(card.Description),
},
}
status, _, err := h.jiraRequest(ctx, c, http.MethodPut, "/rest/api/3/issue/"+card.JiraKey, body)
return status, err
}
// transition uses the configured status_map to translate the kanban column
// to a Jira transition name. We list available transitions, find the one
// whose target status name matches, and POST it. Kanban remains the source
// of truth even if Jira's current state differs.
func (h *jiraHandler) transition(ctx context.Context, db *DB, c jiraConfig, ev Event) (int, error) {
if ev.CardID == "" {
return 0, nil
}
card, err := db.getCardForJira(ev.CardID)
if err != nil {
return 0, err
}
if card.JiraKey == "" {
return h.create(ctx, db, c, ev)
}
target, ok := c.StatusMap[card.ColumnName]
if !ok || target == "" {
return 0, fmt.Errorf("no status_map entry for column %q", card.ColumnName)
}
status, body, err := h.jiraRequest(ctx, c, http.MethodGet, "/rest/api/3/issue/"+card.JiraKey+"/transitions", nil)
if err != nil {
return status, err
}
var available struct {
Transitions []struct {
ID string `json:"id"`
Name string `json:"name"`
To struct {
Name string `json:"name"`
} `json:"to"`
} `json:"transitions"`
}
if err := json.Unmarshal(body, &available); err != nil {
return status, fmt.Errorf("decode transitions: %w", err)
}
var tID string
for _, t := range available.Transitions {
if strings.EqualFold(t.To.Name, target) || strings.EqualFold(t.Name, target) {
tID = t.ID
break
}
}
if tID == "" {
return 0, fmt.Errorf("transition %q not available for %s", target, card.JiraKey)
}
req := map[string]interface{}{"transition": map[string]string{"id": tID}}
status, _, err = h.jiraRequest(ctx, c, http.MethodPost, "/rest/api/3/issue/"+card.JiraKey+"/transitions", req)
return status, err
}
func (h *jiraHandler) comment(ctx context.Context, db *DB, c jiraConfig, ev Event) (int, error) {
if ev.CardID == "" {
return 0, nil
}
card, err := db.getCardForJira(ev.CardID)
if err != nil {
return 0, err
}
if card.JiraKey == "" {
// Cannot comment on a card not yet synced; skip.
return 0, nil
}
var payload struct {
Body string `json:"body"`
}
_ = json.Unmarshal(ev.Payload, &payload)
if payload.Body == "" {
return 0, nil
}
body := map[string]interface{}{"body": adfText(payload.Body)}
status, _, err := h.jiraRequest(ctx, c, http.MethodPost, "/rest/api/3/issue/"+card.JiraKey+"/comment", body)
return status, err
}
// adfText wraps a plain string into the minimal Atlassian Document Format
// fragment Jira Cloud requires for description / comment bodies.
func adfText(s string) map[string]interface{} {
return map[string]interface{}{
"type": "doc",
"version": 1,
"content": []map[string]interface{}{{
"type": "paragraph",
"content": []map[string]interface{}{{
"type": "text",
"text": s,
}},
}},
}
}
backend/modules_crypto.go
+68
View File
@@ -0,0 +1,68 @@
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/sha256"
"errors"
"fmt"
"io"
"os"
)
const moduleKeyEnv = "KANBAN_MODULE_KEY"
// moduleKey derives a 32-byte AES key from the KANBAN_MODULE_KEY env var.
// Returns (key, true) when present; (zero, false) when missing — callers
// must treat that as "module dispatcher disabled".
func moduleKey() ([32]byte, bool) {
v := os.Getenv(moduleKeyEnv)
if v == "" {
return [32]byte{}, false
}
return sha256.Sum256([]byte(v)), true
}
// encryptConfig encrypts a JSON config blob with AES-GCM. Returns the
// ciphertext and the 12-byte nonce. Caller persists both columns.
func encryptConfig(plain []byte) (cipherOut, nonce []byte, err error) {
key, ok := moduleKey()
if !ok {
return nil, nil, fmt.Errorf("%s not set; cannot encrypt module config", moduleKeyEnv)
}
block, err := aes.NewCipher(key[:])
if err != nil {
return nil, nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, nil, err
}
nonce = make([]byte, gcm.NonceSize())
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return nil, nil, err
}
cipherOut = gcm.Seal(nil, nonce, plain, nil)
return cipherOut, nonce, nil
}
// decryptConfig is the inverse of encryptConfig.
func decryptConfig(cipherIn, nonce []byte) ([]byte, error) {
key, ok := moduleKey()
if !ok {
return nil, fmt.Errorf("%s not set; cannot decrypt module config", moduleKeyEnv)
}
if len(nonce) == 0 {
return nil, errors.New("nonce empty")
}
block, err := aes.NewCipher(key[:])
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
return gcm.Open(nil, nonce, cipherIn, nil)
}
backend/modules_handlers.go
+226
View File
@@ -0,0 +1,226 @@
package main
import (
"context"
"encoding/json"
"net/http"
"strconv"
"strings"
"time"
"fn-registry/functions/infra"
)
// requireAdmin gates a handler so only users with users.is_admin = 1 can
// reach it. Non-admins get a 403. Anonymous callers get a 401.
func requireAdmin(db *DB, next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
uid, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if uid == "" {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
return
}
ok, err := db.IsAdmin(uid)
if err != nil {
serverError(w, err)
return
}
if !ok {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusForbidden, Code: "forbidden", Message: "admin required"})
return
}
next(w, r)
}
}
// publicModule strips secrets out of the config before responding. The
// API token is never returned to the client after it has been stored.
func publicModule(m Module) Module {
clone := m
if clone.Config != nil {
cleaned := JSONValue{}
for k, v := range clone.Config {
if strings.Contains(strings.ToLower(k), "token") || strings.Contains(strings.ToLower(k), "password") || strings.Contains(strings.ToLower(k), "secret") {
cleaned[k] = "***"
} else {
cleaned[k] = v
}
}
clone.Config = cleaned
}
return clone
}
func handleListModules(db *DB) http.HandlerFunc {
return requireAdmin(db, func(w http.ResponseWriter, r *http.Request) {
mods, err := db.listModulesAll()
if err != nil {
serverError(w, err)
return
}
out := make([]Module, 0, len(mods))
for _, m := range mods {
out = append(out, publicModule(m))
}
infra.HTTPJSONResponse(w, http.StatusOK, out)
})
}
type modulePayload struct {
Name string `json:"name"`
Kind string `json:"kind"`
Enabled bool `json:"enabled"`
EventFilter []string `json:"event_filter"`
Config JSONValue `json:"config"`
}
func handleCreateModule(db *DB) http.HandlerFunc {
return requireAdmin(db, func(w http.ResponseWriter, r *http.Request) {
var body modulePayload
if err := infra.HTTPParseBody(r, &body, maxBodyBytes); err != nil {
badRequest(w, err.Error())
return
}
if body.Name == "" || body.Kind == "" {
badRequest(w, "name and kind required")
return
}
m := &Module{
Name: body.Name, Kind: body.Kind, Enabled: body.Enabled,
EventFilter: body.EventFilter, Config: body.Config,
}
if err := db.saveModule(m); err != nil {
serverError(w, err)
return
}
infra.HTTPJSONResponse(w, http.StatusCreated, publicModule(*m))
})
}
func handleUpdateModule(db *DB) http.HandlerFunc {
return requireAdmin(db, func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
existing, err := db.getModule(id)
if err != nil {
notFound(w, "module not found")
return
}
// Partial body: preserve fields the client did not include. We rely
// on a generic map to detect omitted vs explicit-null because PATCH
// callers do not always send the full record.
var raw map[string]json.RawMessage
if err := infra.HTTPParseBody(r, &raw, maxBodyBytes); err != nil {
badRequest(w, err.Error())
return
}
decode := func(key string, into interface{}) {
if v, ok := raw[key]; ok {
_ = json.Unmarshal(v, into)
}
}
decode("name", &existing.Name)
decode("kind", &existing.Kind)
decode("enabled", &existing.Enabled)
if v, ok := raw["event_filter"]; ok {
_ = json.Unmarshal(v, &existing.EventFilter)
}
if v, ok := raw["config"]; ok {
var cfg JSONValue
_ = json.Unmarshal(v, &cfg)
// Re-inject masked fields the UI left as "***" so a partial
// edit does not nuke stored secrets.
merged := JSONValue{}
for k, val := range existing.Config {
merged[k] = val
}
for k, val := range cfg {
if s, isStr := val.(string); isStr && s == "***" {
continue
}
merged[k] = val
}
existing.Config = merged
}
if err := db.saveModule(existing); err != nil {
serverError(w, err)
return
}
infra.HTTPJSONResponse(w, http.StatusOK, publicModule(*existing))
})
}
func handleDeleteModule(db *DB) http.HandlerFunc {
return requireAdmin(db, func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
if err := db.deleteModule(id); err != nil {
serverError(w, err)
return
}
w.WriteHeader(http.StatusNoContent)
})
}
func handleModuleLogs(db *DB) http.HandlerFunc {
return requireAdmin(db, func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
limit := 100
if v := r.URL.Query().Get("limit"); v != "" {
if n, err := strconv.Atoi(v); err == nil && n > 0 && n <= 1000 {
limit = n
}
}
out, err := db.listModuleLogs(id, limit)
if err != nil {
serverError(w, err)
return
}
infra.HTTPJSONResponse(w, http.StatusOK, out)
})
}
// handleTestModule executes the kind-specific test_connection probe with
// the *current stored config* (or with an incoming config payload, for
// pre-save validation). Returns {ok, status, error} regardless of outcome
// so the UI can show a useful message.
func handleTestModule(db *DB, dispatcher *Dispatcher) http.HandlerFunc {
return requireAdmin(db, func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
var m *Module
if id == "draft" {
// Pre-save test path: caller supplies a full module payload.
var body modulePayload
if err := infra.HTTPParseBody(r, &body, maxBodyBytes); err != nil {
badRequest(w, err.Error())
return
}
m = &Module{Kind: body.Kind, Config: body.Config}
} else {
got, err := db.getModule(id)
if err != nil {
notFound(w, "module not found")
return
}
m = got
}
h, ok := dispatcher.handlers[m.Kind]
if !ok {
infra.HTTPJSONResponse(w, http.StatusOK, map[string]interface{}{
"ok": false, "status": 0, "error": "unknown kind: " + m.Kind,
})
return
}
ctx, cancel := context.WithTimeout(r.Context(), moduleHTTPTimeout)
defer cancel()
start := time.Now()
status, err := h.TestConnection(ctx, *m)
resp := map[string]interface{}{
"ok": err == nil,
"status": status,
"duration_ms": int(time.Since(start).Milliseconds()),
}
if err != nil {
resp["error"] = err.Error()
}
infra.HTTPJSONResponse(w, http.StatusOK, resp)
})
}
backend/modules_test.go
+227
View File
@@ -0,0 +1,227 @@
package main
import (
"context"
"encoding/json"
"io"
"net/http"
"net/http/httptest"
"os"
"strings"
"testing"
"time"
)
// withModuleKey sets KANBAN_MODULE_KEY for the duration of a test and
// restores the previous value afterwards.
func withModuleKey(t *testing.T, value string) {
t.Helper()
prev := os.Getenv(moduleKeyEnv)
t.Setenv(moduleKeyEnv, value)
t.Cleanup(func() { _ = os.Setenv(moduleKeyEnv, prev) })
}
func TestCryptoRoundTrip(t *testing.T) {
withModuleKey(t, "test-passphrase")
plain := []byte(`{"hello":"world"}`)
cipherBlob, nonce, err := encryptConfig(plain)
if err != nil {
t.Fatalf("encrypt: %v", err)
}
got, err := decryptConfig(cipherBlob, nonce)
if err != nil {
t.Fatalf("decrypt: %v", err)
}
if string(got) != string(plain) {
t.Fatalf("roundtrip mismatch: got %q want %q", got, plain)
}
}
func TestCryptoMissingKey(t *testing.T) {
t.Setenv(moduleKeyEnv, "")
if _, _, err := encryptConfig([]byte("x")); err == nil {
t.Fatal("expected error when KANBAN_MODULE_KEY unset")
}
}
func TestSaveAndLoadModule(t *testing.T) {
withModuleKey(t, "test-passphrase")
db := setupTestDB(t)
m := &Module{
Name: "jira-test", Kind: "jira", Enabled: true,
EventFilter: []string{"card.created", "card.moved"},
Config: JSONValue{
"base_url": "https://example.atlassian.net",
"email": "x@y.z",
"api_token": "secret-123",
},
}
if err := db.saveModule(m); err != nil {
t.Fatalf("save: %v", err)
}
if m.ID == "" {
t.Fatal("ID not assigned on insert")
}
got, err := db.getModule(m.ID)
if err != nil {
t.Fatalf("get: %v", err)
}
if got.Config["api_token"] != "secret-123" {
t.Fatalf("token roundtrip failed: %v", got.Config["api_token"])
}
}
func TestFilterMatches(t *testing.T) {
if !filterMatches([]string{"card.created"}, "card.created") {
t.Fatal("exact match")
}
if !filterMatches([]string{"*"}, "anything") {
t.Fatal("wildcard")
}
if filterMatches([]string{"card.created"}, "card.moved") {
t.Fatal("non-match should be false")
}
}
func TestCardOptOutTag(t *testing.T) {
c := cardForJira{Tags: []string{"foo", "NoJira", "bar"}}
if !c.hasTag("nojira") {
t.Fatal("nojira (case-insensitive) not detected")
}
if c.hasTag("missing") {
t.Fatal("missing tag returned true")
}
}
func TestJiraHandler_TransitionMappingMissing(t *testing.T) {
withModuleKey(t, "k")
db := setupTestDB(t)
col, _ := db.CreateColumn("Backlog")
card, _ := db.CreateCard(col.ID, "req", "t", "d", "")
// Link the card so the create-fallback path is skipped.
_ = db.setCardJiraKey(card.ID, "KAN-1")
h := &jiraHandler{}
_, err := h.transition(context.Background(), db, jiraConfig{BaseURL: "http://x"}, Event{Type: "card.moved", CardID: card.ID})
if err == nil || !strings.Contains(err.Error(), "status_map") {
t.Fatalf("expected status_map error, got %v", err)
}
}
func TestJiraHandler_TestConnectionHitsMyself(t *testing.T) {
var path string
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
path = r.URL.Path
w.WriteHeader(http.StatusOK)
_, _ = io.WriteString(w, `{"accountId":"abc"}`)
}))
defer srv.Close()
h := &jiraHandler{}
m := Module{Kind: "jira", Config: JSONValue{
"base_url": srv.URL,
"email": "x@y.z",
"api_token": "tok",
}}
status, err := h.TestConnection(context.Background(), m)
if err != nil {
t.Fatalf("TestConnection: %v", err)
}
if status != 200 {
t.Fatalf("status = %d, want 200", status)
}
if path != "/rest/api/3/myself" {
t.Fatalf("path = %q, want /rest/api/3/myself", path)
}
}
func TestJiraHandler_CreateLinksCardKey(t *testing.T) {
withModuleKey(t, "test-passphrase")
db := setupTestDB(t)
user, _ := db.CreateUser("alice", "passw", "Alice")
col, _ := db.CreateColumn("Todo")
card, _ := db.CreateCard(col.ID, "req", "Buy bread", "desc", user.ID)
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodPost && r.URL.Path == "/rest/api/3/issue" {
b, _ := io.ReadAll(r.Body)
var p struct {
Fields struct {
Summary string `json:"summary"`
} `json:"fields"`
}
_ = json.Unmarshal(b, &p)
if p.Fields.Summary != "Buy bread" {
t.Errorf("summary = %q", p.Fields.Summary)
}
w.WriteHeader(http.StatusCreated)
_, _ = io.WriteString(w, `{"id":"10000","key":"KAN-1"}`)
return
}
w.WriteHeader(http.StatusNotFound)
}))
defer srv.Close()
h := &jiraHandler{}
mod := Module{Kind: "jira", Config: JSONValue{
"base_url": srv.URL,
"email": "x@y.z",
"api_token": "tok",
"project_key": "KAN",
"status_map": map[string]interface{}{"Todo": "To Do"},
}}
status, err := h.Handle(context.Background(), db, mod, Event{Type: "card.created", CardID: card.ID})
if err != nil {
t.Fatalf("Handle: %v", err)
}
if status != http.StatusCreated {
t.Fatalf("status = %d, want 201", status)
}
again, err := db.getCardForJira(card.ID)
if err != nil {
t.Fatalf("get card: %v", err)
}
if again.JiraKey != "KAN-1" {
t.Fatalf("jira_key = %q, want KAN-1", again.JiraKey)
}
}
func TestDispatcher_Cutoff(t *testing.T) {
withModuleKey(t, "k")
db := setupTestDB(t)
col, _ := db.CreateColumn("Todo")
// Create card BEFORE the module so cutoffOK rejects it.
card, _ := db.CreateCard(col.ID, "req", "t", "d", "")
time.Sleep(20 * time.Millisecond)
mod := Module{ID: "m", CreatedAt: nowRFC3339()}
if cutoffOK(db, mod, Event{CardID: card.ID}) {
t.Fatal("card pre-dating module should be filtered out")
}
// Once linked, cutoff should allow it.
_ = db.setCardJiraKey(card.ID, "KAN-9")
if !cutoffOK(db, mod, Event{CardID: card.ID}) {
t.Fatal("linked card must pass cutoff even if older")
}
}
func TestIsAdmin(t *testing.T) {
db := setupTestDB(t)
u, _ := db.CreateUser("egutierrez", "passw", "Egu")
// Migration 015 marks egutierrez admin via UPDATE WHERE username, but
// that only takes effect when the row already exists. In production
// the migration runs against an existing user list; in tests we create
// users after migration, so simulate the same outcome explicitly.
if _, err := db.conn.Exec(`UPDATE users SET is_admin = 1 WHERE username = ?`, "egutierrez"); err != nil {
t.Fatalf("seed admin: %v", err)
}
ok, err := db.IsAdmin(u.ID)
if err != nil {
t.Fatalf("IsAdmin: %v", err)
}
if !ok {
t.Fatal("egutierrez must be admin after seed")
}
other, _ := db.CreateUser("alice", "passw", "Alice")
ok, _ = db.IsAdmin(other.ID)
if ok {
t.Fatal("alice must not be admin by default")
}
}
backend/notifications.go
+328
View File
@@ -0,0 +1,328 @@
package main
import (
"database/sql"
"fmt"
"regexp"
"strings"
"time"
)
// Notification kinds, ordered by priority (highest first). When a single
// message triggers multiple kinds for one user, the highest-priority kind
// is the one persisted.
const (
NotifKindMention = "mention"
NotifKindAssignedChat = "assigned_chat"
NotifKindReply = "reply"
)
func notifKindPriority(k string) int {
switch k {
case NotifKindMention:
return 3
case NotifKindAssignedChat:
return 2
case NotifKindReply:
return 1
}
return 0
}
type Notification struct {
ID string `json:"id"`
UserID string `json:"user_id"`
CardID string `json:"card_id"`
MessageID string `json:"message_id"`
Kind string `json:"kind"`
ActorID string `json:"actor_id"`
CreatedAt string `json:"created_at"`
ReadAt *string `json:"read_at"`
CardTitle string `json:"card_title"`
CardSeqNum int `json:"card_seq_num"`
ActorName string `json:"actor_name"`
Snippet string `json:"snippet"`
}
type CardMention struct {
ID string `json:"id"`
CardID string `json:"card_id"`
MessageID string `json:"message_id"`
UserID string `json:"user_id"`
CreatedAt string `json:"created_at"`
}
var mentionRe = regexp.MustCompile(`(?i)@([a-z0-9][a-z0-9_.-]{0,63})`)
// extractMentions returns the set of @usernames referenced in body, lowercased.
// The leading '@' is not included. Each username is returned at most once.
func extractMentions(body string) []string {
matches := mentionRe.FindAllStringSubmatch(body, -1)
if len(matches) == 0 {
return nil
}
seen := map[string]struct{}{}
out := make([]string, 0, len(matches))
for _, m := range matches {
u := strings.ToLower(m[1])
if _, ok := seen[u]; ok {
continue
}
seen[u] = struct{}{}
out = append(out, u)
}
return out
}
// CreateCardMessageAndNotify wraps CreateCardMessage with mention parsing,
// notification fan-out and pub/sub publication. The returned slice contains
// the user_ids that received a notification (useful for tests).
func (db *DB) CreateCardMessageAndNotify(cardID, authorID, body string, hub *EventHub) (*CardMessage, []Notification, []CardMention, error) {
msg, err := db.CreateCardMessage(cardID, authorID, body)
if err != nil {
return nil, nil, nil, err
}
mentions, err := db.resolveAndStoreMentions(cardID, msg.ID, body)
if err != nil {
return msg, nil, nil, err
}
notifs, err := db.fanoutNotifications(cardID, msg, authorID, mentions)
if err != nil {
return msg, nil, mentions, err
}
if hub != nil {
hub.PublishJSON("message.created", cardID, "", msg)
for _, n := range notifs {
hub.PublishJSON("notification.created", cardID, n.UserID, n)
}
}
return msg, notifs, mentions, nil
}
// resolveAndStoreMentions parses @usernames from body, resolves them to
// existing user_ids (silently ignoring unknowns) and persists the matches
// in card_mentions.
func (db *DB) resolveAndStoreMentions(cardID, messageID, body string) ([]CardMention, error) {
usernames := extractMentions(body)
if len(usernames) == 0 {
return nil, nil
}
placeholders := strings.Repeat("?,", len(usernames))
placeholders = placeholders[:len(placeholders)-1]
args := make([]interface{}, 0, len(usernames))
for _, u := range usernames {
args = append(args, u)
}
rows, err := db.conn.Query(
fmt.Sprintf(`SELECT id, username FROM users WHERE username IN (%s)`, placeholders),
args...,
)
if err != nil {
return nil, err
}
defer rows.Close()
resolved := map[string]string{}
for rows.Next() {
var id, uname string
if err := rows.Scan(&id, &uname); err != nil {
return nil, err
}
resolved[uname] = id
}
if err := rows.Err(); err != nil {
return nil, err
}
if len(resolved) == 0 {
return nil, nil
}
now := time.Now().UTC().Format(time.RFC3339)
out := make([]CardMention, 0, len(resolved))
for _, userID := range resolved {
m := CardMention{ID: newID(), CardID: cardID, MessageID: messageID, UserID: userID, CreatedAt: now}
if _, err := db.conn.Exec(
`INSERT INTO card_mentions (id, card_id, message_id, user_id, created_at) VALUES (?, ?, ?, ?, ?)`,
m.ID, m.CardID, m.MessageID, m.UserID, m.CreatedAt,
); err != nil {
return out, err
}
out = append(out, m)
}
return out, nil
}
// fanoutNotifications computes the recipient set for a new message and
// inserts one notification row per recipient with the highest-priority kind.
//
// Recipients = {assignee_id of card} {previous authors of card_messages
// on this card} {users mentioned in this message} \ {author}.
//
// Kind precedence: mention > assigned_chat > reply.
func (db *DB) fanoutNotifications(cardID string, msg *CardMessage, authorID string, mentions []CardMention) ([]Notification, error) {
recipients := map[string]string{} // userID -> kind
upgrade := func(userID, kind string) {
if userID == "" || userID == authorID {
return
}
existing, ok := recipients[userID]
if !ok || notifKindPriority(kind) > notifKindPriority(existing) {
recipients[userID] = kind
}
}
// Previous authors on this card.
rows, err := db.conn.Query(
`SELECT DISTINCT author_id FROM card_messages
WHERE card_id = ? AND author_id IS NOT NULL AND author_id != '' AND id != ?`,
cardID, msg.ID,
)
if err != nil {
return nil, err
}
for rows.Next() {
var uid sql.NullString
if err := rows.Scan(&uid); err != nil {
rows.Close()
return nil, err
}
if uid.Valid {
upgrade(uid.String, NotifKindReply)
}
}
rows.Close()
// Assignee.
var assignee sql.NullString
if err := db.conn.QueryRow(`SELECT assignee_id FROM cards WHERE id = ?`, cardID).Scan(&assignee); err != nil && err != sql.ErrNoRows {
return nil, err
}
if assignee.Valid {
upgrade(assignee.String, NotifKindAssignedChat)
}
// Mentions (highest priority).
for _, m := range mentions {
upgrade(m.UserID, NotifKindMention)
}
if len(recipients) == 0 {
return nil, nil
}
now := time.Now().UTC().Format(time.RFC3339)
out := make([]Notification, 0, len(recipients))
// Snippet for hydrated notif payload.
snippet := msg.Body
if len(snippet) > 140 {
snippet = snippet[:140] + "…"
}
var cardTitle string
var cardSeq int
_ = db.conn.QueryRow(`SELECT title, seq_num FROM cards WHERE id = ?`, cardID).Scan(&cardTitle, &cardSeq)
var actorName string
_ = db.conn.QueryRow(`SELECT COALESCE(NULLIF(display_name, ''), username) FROM users WHERE id = ?`, authorID).Scan(&actorName)
for userID, kind := range recipients {
n := Notification{
ID: newID(), UserID: userID, CardID: cardID, MessageID: msg.ID,
Kind: kind, ActorID: authorID, CreatedAt: now,
CardTitle: cardTitle, CardSeqNum: cardSeq, ActorName: actorName, Snippet: snippet,
}
if _, err := db.conn.Exec(
`INSERT INTO notifications (id, user_id, card_id, message_id, kind, actor_id, created_at) VALUES (?, ?, ?, ?, ?, ?, ?)`,
n.ID, n.UserID, n.CardID, n.MessageID, n.Kind, n.ActorID, n.CreatedAt,
); err != nil {
return out, err
}
out = append(out, n)
}
return out, nil
}
// ListNotifications returns notifications for userID. If onlyUnread is true,
// already-read entries are skipped. Limit defaults to 50 when <= 0.
func (db *DB) ListNotifications(userID string, onlyUnread bool, limit int) ([]Notification, error) {
if limit <= 0 {
limit = 50
}
q := `SELECT n.id, n.user_id, n.card_id, n.message_id, n.kind, n.actor_id, n.created_at, n.read_at,
COALESCE(c.title, ''), COALESCE(c.seq_num, 0),
COALESCE(NULLIF(u.display_name, ''), u.username, ''),
COALESCE(m.body, '')
FROM notifications n
LEFT JOIN cards c ON c.id = n.card_id
LEFT JOIN users u ON u.id = n.actor_id
LEFT JOIN card_messages m ON m.id = n.message_id
WHERE n.user_id = ?`
if onlyUnread {
q += ` AND n.read_at IS NULL`
}
q += ` ORDER BY n.created_at DESC LIMIT ?`
rows, err := db.conn.Query(q, userID, limit)
if err != nil {
return nil, err
}
defer rows.Close()
out := []Notification{}
for rows.Next() {
var n Notification
var readAt sql.NullString
var body string
if err := rows.Scan(&n.ID, &n.UserID, &n.CardID, &n.MessageID, &n.Kind, &n.ActorID, &n.CreatedAt,
&readAt, &n.CardTitle, &n.CardSeqNum, &n.ActorName, &body); err != nil {
return nil, err
}
if readAt.Valid {
s := readAt.String
n.ReadAt = &s
}
if len(body) > 140 {
n.Snippet = body[:140] + "…"
} else {
n.Snippet = body
}
out = append(out, n)
}
return out, rows.Err()
}
func (db *DB) CountUnreadNotifications(userID string) (int, error) {
var n int
err := db.conn.QueryRow(
`SELECT COUNT(*) FROM notifications WHERE user_id = ? AND read_at IS NULL`, userID,
).Scan(&n)
return n, err
}
func (db *DB) MarkNotificationRead(userID, notifID string) error {
now := time.Now().UTC().Format(time.RFC3339)
res, err := db.conn.Exec(
`UPDATE notifications SET read_at = ? WHERE id = ? AND user_id = ? AND read_at IS NULL`,
now, notifID, userID,
)
if err != nil {
return err
}
if n, _ := res.RowsAffected(); n == 0 {
// Not an error: idempotent.
return nil
}
return nil
}
func (db *DB) MarkAllNotificationsRead(userID string) (int, error) {
now := time.Now().UTC().Format(time.RFC3339)
res, err := db.conn.Exec(
`UPDATE notifications SET read_at = ? WHERE user_id = ? AND read_at IS NULL`,
now, userID,
)
if err != nil {
return 0, err
}
n, _ := res.RowsAffected()
return int(n), nil
}
backend/notifications_test.go
+179
View File
@@ -0,0 +1,179 @@
package main
import (
"reflect"
"sort"
"testing"
)
func TestExtractMentions(t *testing.T) {
cases := []struct {
in string
want []string
}{
{"hola @alice", []string{"alice"}},
{"@Bob y @bob mismo", []string{"bob"}},
{"sin menciones", nil},
{"email@foo.com no cuenta como @real_user", []string{"foo.com", "real_user"}},
{"@a-b-c y @d.e", []string{"a-b-c", "d.e"}},
}
for _, c := range cases {
got := extractMentions(c.in)
sort.Strings(got)
sort.Strings(c.want)
if !reflect.DeepEqual(got, c.want) {
t.Errorf("extractMentions(%q) = %v, want %v", c.in, got, c.want)
}
}
}
func mkUser(t *testing.T, db *DB, username string) string {
t.Helper()
u, err := db.CreateUser(username, "passw", username)
if err != nil {
t.Fatalf("CreateUser %q: %v", username, err)
}
return u.ID
}
func mkCard(t *testing.T, db *DB, columnID, requester, title, assigneeID string) string {
t.Helper()
c, err := db.CreateCard(columnID, requester, title, "", "")
if err != nil {
t.Fatalf("CreateCard: %v", err)
}
if assigneeID != "" {
if err := db.UpdateCardWithActor(c.ID, CardPatch{AssigneeID: &assigneeID, HasAssignee: true}, ""); err != nil {
t.Fatalf("assign: %v", err)
}
}
return c.ID
}
func TestCreateCardMessageAndNotify_AssigneeAndPreviousAuthors(t *testing.T) {
db := setupTestDB(t)
alice := mkUser(t, db, "alice")
bob := mkUser(t, db, "bob")
carol := mkUser(t, db, "carol")
col, err := db.CreateColumn("Todo")
if err != nil {
t.Fatalf("CreateColumn: %v", err)
}
card := mkCard(t, db, col.ID, "x", "card", bob)
// 1) alice writes; bob is assignee → bob gets assigned_chat.
_, notifs, _, err := db.CreateCardMessageAndNotify(card, alice, "hola", nil)
if err != nil {
t.Fatalf("create msg: %v", err)
}
if len(notifs) != 1 || notifs[0].UserID != bob || notifs[0].Kind != NotifKindAssignedChat {
t.Fatalf("expected single assigned_chat for bob, got %+v", notifs)
}
// 2) carol replies (carol is neither assignee nor previous author).
// alice (previous author) gets reply; bob (assignee) gets assigned_chat.
_, notifs, _, err = db.CreateCardMessageAndNotify(card, carol, "hola alice", nil)
if err != nil {
t.Fatalf("create msg: %v", err)
}
gotKinds := map[string]string{}
for _, n := range notifs {
gotKinds[n.UserID] = n.Kind
}
wantKinds := map[string]string{alice: NotifKindReply, bob: NotifKindAssignedChat}
if !reflect.DeepEqual(gotKinds, wantKinds) {
t.Fatalf("kinds = %+v, want %+v", gotKinds, wantKinds)
}
}
func TestCreateCardMessageAndNotify_MentionsBeatOtherKinds(t *testing.T) {
db := setupTestDB(t)
alice := mkUser(t, db, "alice")
bob := mkUser(t, db, "bob")
col, _ := db.CreateColumn("Todo")
card := mkCard(t, db, col.ID, "x", "card", bob) // bob is assignee
// alice mentions bob explicitly → kind must be 'mention', not 'assigned_chat'.
_, notifs, mentions, err := db.CreateCardMessageAndNotify(card, alice, "oye @bob mira esto", nil)
if err != nil {
t.Fatalf("create: %v", err)
}
if len(mentions) != 1 || mentions[0].UserID != bob {
t.Fatalf("mentions = %+v, want [bob]", mentions)
}
if len(notifs) != 1 || notifs[0].UserID != bob || notifs[0].Kind != NotifKindMention {
t.Fatalf("notifs = %+v, want single mention for bob", notifs)
}
}
func TestCreateCardMessageAndNotify_UnknownMentionsIgnored(t *testing.T) {
db := setupTestDB(t)
alice := mkUser(t, db, "alice")
col, _ := db.CreateColumn("Todo")
card := mkCard(t, db, col.ID, "x", "card", "")
_, notifs, mentions, err := db.CreateCardMessageAndNotify(card, alice, "hola @noexiste", nil)
if err != nil {
t.Fatalf("create: %v", err)
}
if len(mentions) != 0 || len(notifs) != 0 {
t.Fatalf("got mentions=%v notifs=%v, want empty", mentions, notifs)
}
}
func TestCreateCardMessageAndNotify_AuthorNeverSelfNotified(t *testing.T) {
db := setupTestDB(t)
alice := mkUser(t, db, "alice")
col, _ := db.CreateColumn("Todo")
card := mkCard(t, db, col.ID, "x", "card", alice) // alice is assignee
// alice mentions herself + is assignee → no notification.
_, notifs, _, err := db.CreateCardMessageAndNotify(card, alice, "monologo @alice", nil)
if err != nil {
t.Fatalf("create: %v", err)
}
if len(notifs) != 0 {
t.Fatalf("notifs = %+v, want empty (self)", notifs)
}
}
func TestListAndMarkRead(t *testing.T) {
db := setupTestDB(t)
alice := mkUser(t, db, "alice")
bob := mkUser(t, db, "bob")
col, _ := db.CreateColumn("Todo")
card := mkCard(t, db, col.ID, "x", "card", bob)
_, _, _, _ = db.CreateCardMessageAndNotify(card, alice, "1", nil)
_, _, _, _ = db.CreateCardMessageAndNotify(card, alice, "2", nil)
got, err := db.ListNotifications(bob, true, 0)
if err != nil {
t.Fatalf("list: %v", err)
}
if len(got) != 2 {
t.Fatalf("len = %d, want 2", len(got))
}
if n, _ := db.CountUnreadNotifications(bob); n != 2 {
t.Fatalf("unread count = %d, want 2", n)
}
if err := db.MarkNotificationRead(bob, got[0].ID); err != nil {
t.Fatalf("mark read: %v", err)
}
if n, _ := db.CountUnreadNotifications(bob); n != 1 {
t.Fatalf("unread count after mark = %d, want 1", n)
}
// idempotent
if err := db.MarkNotificationRead(bob, got[0].ID); err != nil {
t.Fatalf("mark read 2nd time: %v", err)
}
if n, _ := db.MarkAllNotificationsRead(bob); n != 1 {
t.Fatalf("mark all = %d, want 1", n)
}
if n, _ := db.CountUnreadNotifications(bob); n != 0 {
t.Fatalf("unread count after mark-all = %d, want 0", n)
}
}
backend/realtime.go
+297
View File
@@ -0,0 +1,297 @@
package main
import (
"context"
"encoding/json"
"fmt"
"net/http"
"time"
"fn-registry/functions/infra"
"nhooyr.io/websocket"
)
const (
sseHeartbeat = 25 * time.Second
wsChatHeartbeat = 30 * time.Second
wsChatReadLimit = 64 * 1024
wsChatWriteWait = 5 * time.Second
typingDebounceMs = 1500
)
// handleEventStream serves the per-user SSE channel.
//
// One stream per browser tab. Auto-reconnect lives on the client (browsers
// retry EventSource by default). The server publishes:
//
// board.* — column/card mutations (broadcast to every user).
// message.created — chat message added on any card (broadcast).
// notification.* — private events for one recipient (UserID set).
func handleEventStream(hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if userID == "" {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
return
}
flusher, ok := w.(http.Flusher)
if !ok {
http.Error(w, "streaming unsupported", http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "text/event-stream")
w.Header().Set("Cache-Control", "no-cache, no-transform")
w.Header().Set("Connection", "keep-alive")
w.Header().Set("X-Accel-Buffering", "no")
w.WriteHeader(http.StatusOK)
// Initial flush so the browser knows the stream is open.
fmt.Fprint(w, ": hello\n\n")
flusher.Flush()
ch := hub.SubscribeUser(userID)
defer hub.UnsubscribeUser(userID, ch)
ticker := time.NewTicker(sseHeartbeat)
defer ticker.Stop()
for {
select {
case <-r.Context().Done():
return
case <-ticker.C:
if _, err := fmt.Fprint(w, ": ping\n\n"); err != nil {
return
}
flusher.Flush()
case ev, ok := <-ch:
if !ok {
return
}
if ev.UserID != "" && ev.UserID != userID {
// Defensive: hub already routes private events but the
// broadcast path could leak if a future change adds
// fan-out. Skip explicitly.
continue
}
b, err := json.Marshal(ev)
if err != nil {
continue
}
if _, err := fmt.Fprintf(w, "event: %s\ndata: %s\n\n", ev.Type, b); err != nil {
return
}
flusher.Flush()
}
}
}
}
// cardChatWSIn is the message sent by the browser over the per-card WS.
type cardChatWSIn struct {
Type string `json:"type"` // "send" | "typing"
Body string `json:"body,omitempty"` // only for "send"
}
// cardChatWSOut is the message the server pushes to subscribers of a card.
//
// Types:
//
// message.created — new CardMessage (full payload).
// typing — UserID is typing (no body).
// error — server-side error, connection stays open.
type cardChatWSOut struct {
Type string `json:"type"`
Message *CardMessage `json:"message,omitempty"`
UserID string `json:"user_id,omitempty"`
Error string `json:"error,omitempty"`
}
// handleCardChatWS upgrades the request to WebSocket and provides bidirectional
// realtime chat for a single card. Each connection is subscribed to the
// card's event channel; sends originating from this connection are persisted
// then republished through the hub so peer connections (including this one)
// see them.
func handleCardChatWS(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
cardID := r.PathValue("id")
userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if userID == "" {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
return
}
// Confirm card exists before upgrading to avoid leaking goroutines on
// invalid IDs.
var exists int
if err := db.conn.QueryRow(`SELECT 1 FROM cards WHERE id = ?`, cardID).Scan(&exists); err != nil {
notFound(w, "card not found")
return
}
conn, err := infra.WSUpgrader(w, r, []string{"*"})
if err != nil {
return
}
defer conn.Close(websocket.StatusInternalError, "internal")
conn.SetReadLimit(wsChatReadLimit)
ch := hub.SubscribeCard(cardID)
defer hub.UnsubscribeCard(cardID, ch)
ctx, cancel := context.WithCancel(r.Context())
defer cancel()
// Writer goroutine: forward hub events to this socket.
go func() {
ticker := time.NewTicker(wsChatHeartbeat)
defer ticker.Stop()
for {
select {
case <-ctx.Done():
return
case <-ticker.C:
wctx, c := context.WithTimeout(ctx, wsChatWriteWait)
_ = conn.Ping(wctx)
c()
case ev, ok := <-ch:
if !ok {
return
}
if ev.CardID != cardID {
continue
}
out := cardChatWSOut{Type: ev.Type}
switch ev.Type {
case "message.created":
var m CardMessage
if err := json.Unmarshal(ev.Payload, &m); err == nil {
out.Message = &m
}
case "card.typing":
var p struct {
UserID string `json:"user_id"`
}
_ = json.Unmarshal(ev.Payload, &p)
// Skip echoing the typer's own indicator.
if p.UserID == userID {
continue
}
out.UserID = p.UserID
default:
continue
}
b, err := json.Marshal(out)
if err != nil {
continue
}
wctx, c := context.WithTimeout(ctx, wsChatWriteWait)
if err := conn.Write(wctx, websocket.MessageText, b); err != nil {
c()
cancel()
return
}
c()
}
}
}()
// Reader loop: persist sends and broadcast typing.
for {
_, raw, err := conn.Read(ctx)
if err != nil {
return
}
var in cardChatWSIn
if err := json.Unmarshal(raw, &in); err != nil {
continue
}
switch in.Type {
case "send":
if in.Body == "" {
continue
}
if _, _, _, err := db.CreateCardMessageAndNotify(cardID, userID, in.Body, hub); err != nil {
b, _ := json.Marshal(cardChatWSOut{Type: "error", Error: err.Error()})
wctx, c := context.WithTimeout(ctx, wsChatWriteWait)
_ = conn.Write(wctx, websocket.MessageText, b)
c()
}
case "typing":
hub.PublishJSON("card.typing", cardID, "", map[string]string{"user_id": userID})
}
}
}
}
// Notification HTTP handlers.
func handleListNotifications(db *DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if userID == "" {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
return
}
onlyUnread := r.URL.Query().Get("unread") == "1"
limit := 50
out, err := db.ListNotifications(userID, onlyUnread, limit)
if err != nil {
serverError(w, err)
return
}
infra.HTTPJSONResponse(w, http.StatusOK, out)
}
}
func handleUnreadCount(db *DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if userID == "" {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
return
}
n, err := db.CountUnreadNotifications(userID)
if err != nil {
serverError(w, err)
return
}
infra.HTTPJSONResponse(w, http.StatusOK, map[string]int{"count": n})
}
}
func handleMarkNotificationRead(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if userID == "" {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
return
}
id := r.PathValue("id")
if err := db.MarkNotificationRead(userID, id); err != nil {
serverError(w, err)
return
}
if hub != nil {
hub.PublishJSON("notification.read", "", userID, map[string]string{"id": id})
}
w.WriteHeader(http.StatusNoContent)
}
}
func handleMarkAllNotificationsRead(db *DB, hub *EventHub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
if userID == "" {
infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
return
}
n, err := db.MarkAllNotificationsRead(userID)
if err != nil {
serverError(w, err)
return
}
if hub != nil {
hub.PublishJSON("notification.read_all", "", userID, map[string]int{"count": n})
}
infra.HTTPJSONResponse(w, http.StatusOK, map[string]int{"count": n})
}
}
backend/tools.go
+63 -1
View File
@@ -50,6 +50,10 @@ func executeTool(db *DB, name string, input json.RawMessage) ToolResult {
return toolListUsers(db)
case "assign_card":
return toolAssignCard(db, input)
case "add_comment":
return toolAddComment(db, input)
case "list_comments":
return toolListComments(db, input)
default:
return errMsg("unknown tool: " + name)
}
@@ -59,7 +63,8 @@ func executeTool(db *DB, name string, input json.RawMessage) ToolResult {
func toolMutates(name string) bool {
switch name {
case "create_column", "update_column", "rename_column", "delete_column", "reorder_columns",
"create_card", "update_card", "delete_card", "move_card", "assign_card":
"create_card", "update_card", "delete_card", "move_card", "assign_card",
"add_comment":
return true
}
return false
@@ -347,9 +352,66 @@ func validateToolName(name string) error {
"update_card": true, "delete_card": true, "move_card": true,
"card_history": true, "find_cards": true,
"list_users": true, "assign_card": true,
"add_comment": true, "list_comments": true,
}
if !known[name] {
return fmt.Errorf("unknown tool: %s", name)
}
return nil
}
// toolAddComment appends a comment (card_message) to a card. Accepts either
// {card_id, body, author_id} or {card_id, body, author_username}. Resolves
// the username to an id when needed.
func toolAddComment(db *DB, input json.RawMessage) ToolResult {
var in struct {
CardID string `json:"card_id"`
Body string `json:"body"`
AuthorID string `json:"author_id"`
AuthorUsername string `json:"author_username"`
}
if err := json.Unmarshal(input, &in); err != nil {
return errResult(err)
}
if in.CardID == "" {
return errMsg("card_id required")
}
if strings.TrimSpace(in.Body) == "" {
return errMsg("body required")
}
authorID := strings.TrimSpace(in.AuthorID)
if authorID == "" {
if in.AuthorUsername == "" {
return errMsg("author_id or author_username required")
}
u, _, err := db.GetUserByUsername(in.AuthorUsername)
if err != nil {
return errResult(fmt.Errorf("author_username: %w", err))
}
authorID = u.ID
}
m, err := db.CreateCardMessage(in.CardID, authorID, in.Body)
if err != nil {
return errResult(err)
}
return okResult(m)
}
// toolListComments returns every comment (card_message) attached to a card
// sorted by created_at ascending.
func toolListComments(db *DB, input json.RawMessage) ToolResult {
var in struct {
CardID string `json:"card_id"`
}
if err := json.Unmarshal(input, &in); err != nil {
return errResult(err)
}
if in.CardID == "" {
return errMsg("card_id required")
}
msgs, err := db.ListCardMessages(in.CardID)
if err != nil {
return errResult(err)
}
return okResult(msgs)
}
backend/users.go
+25 -6
View File
@@ -14,6 +14,7 @@ type User struct {
Username string `json:"username"`
DisplayName string `json:"display_name"`
Color string `json:"color"`
IsAdmin bool `json:"is_admin"`
CreatedAt string `json:"created_at"`
}
@@ -51,36 +52,52 @@ func (db *DB) CreateUser(username, password, displayName string) (*User, error)
func (db *DB) GetUserByID(id string) (*User, error) {
var u User
var isAdmin int
err := db.conn.QueryRow(
`SELECT id, username, display_name, color, created_at FROM users WHERE id=?`, id,
).Scan(&u.ID, &u.Username, &u.DisplayName, &u.Color, &u.CreatedAt)
`SELECT id, username, display_name, color, is_admin, created_at FROM users WHERE id=?`, id,
).Scan(&u.ID, &u.Username, &u.DisplayName, &u.Color, &isAdmin, &u.CreatedAt)
if errors.Is(err, sql.ErrNoRows) {
return nil, errUserNotFound
}
if err != nil {
return nil, err
}
u.IsAdmin = isAdmin == 1
return &u, nil
}
func (db *DB) IsAdmin(userID string) (bool, error) {
if userID == "" {
return false, nil
}
var n int
err := db.conn.QueryRow(`SELECT COALESCE(is_admin, 0) FROM users WHERE id=?`, userID).Scan(&n)
if errors.Is(err, sql.ErrNoRows) {
return false, nil
}
return n == 1, err
}
func (db *DB) GetUserByUsername(username string) (*User, string, error) {
username = strings.TrimSpace(strings.ToLower(username))
var u User
var hash string
var isAdmin int
err := db.conn.QueryRow(
`SELECT id, username, display_name, color, created_at, password_hash FROM users WHERE username=?`, username,
).Scan(&u.ID, &u.Username, &u.DisplayName, &u.Color, &u.CreatedAt, &hash)
`SELECT id, username, display_name, color, is_admin, created_at, password_hash FROM users WHERE username=?`, username,
).Scan(&u.ID, &u.Username, &u.DisplayName, &u.Color, &isAdmin, &u.CreatedAt, &hash)
if errors.Is(err, sql.ErrNoRows) {
return nil, "", errUserNotFound
}
if err != nil {
return nil, "", err
}
u.IsAdmin = isAdmin == 1
return &u, hash, nil
}
func (db *DB) ListUsers() ([]User, error) {
rows, err := db.conn.Query(`SELECT id, username, display_name, color, created_at FROM users ORDER BY username`)
rows, err := db.conn.Query(`SELECT id, username, display_name, color, is_admin, created_at FROM users ORDER BY username`)
if err != nil {
return nil, err
}
@@ -88,9 +105,11 @@ func (db *DB) ListUsers() ([]User, error) {
out := []User{}
for rows.Next() {
var u User
if err := rows.Scan(&u.ID, &u.Username, &u.DisplayName, &u.Color, &u.CreatedAt); err != nil {
var isAdmin int
if err := rows.Scan(&u.ID, &u.Username, &u.DisplayName, &u.Color, &isAdmin, &u.CreatedAt); err != nil {
return nil, err
}
u.IsAdmin = isAdmin == 1
out = append(out, u)
}
return out, rows.Err()