20634302296

Committed 01 Jan 2026 06:59AM UTC coverage: 83.804% (+0.07%) from 83.735%

Build # 20634302296

Build Type

Pull #53

github

Committed by

umputun

Commit Message

fix(e2e): add positive confirmation after key creation in FilterToggle test

wait for key to appear in table after modal closes to prevent flaky test

Pull Request Pull Request #53: feat(audit): add audit log web UI

Coverage Stats

229 of 261 new or added lines in 7 files covered. (87.74%)

3 existing lines in 2 files now uncovered.

3943 of 4705 relevant lines covered (83.8%)

79.83 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.11

/app/server/web/handler.go

// Package web provides HTTP handlers for the web UI.
package web

import (
        "context"
        "embed"
        "encoding/base64"
        "fmt"
        "html/template"
        "io/fs"
        "maps"
        "net/http"
        "net/url"
        "sort"
        "strconv"
        "strings"
        "time"
        "unicode/utf8"

        log "github.com/go-pkgz/lgr"
        "github.com/go-pkgz/rest/realip"
        "github.com/go-pkgz/routegroup"

        "github.com/umputun/stash/app/enum"
        "github.com/umputun/stash/app/git"
        "github.com/umputun/stash/app/server/internal/cookie"
        "github.com/umputun/stash/app/store"
)

//go:generate moq -out mocks/kvstore.go -pkg mocks -skip-ensure -fmt goimports . KVStore
//go:generate moq -out mocks/validator.go -pkg mocks -skip-ensure -fmt goimports . Validator
//go:generate moq -out mocks/authprovider.go -pkg mocks -skip-ensure -fmt goimports . AuthProvider
//go:generate moq -out mocks/gitservice.go -pkg mocks -skip-ensure -fmt goimports . GitService
//go:generate moq -out mocks/auditlogger.go -pkg mocks -skip-ensure -fmt goimports . AuditLogger

//go:embed static
var staticFS embed.FS

//go:embed templates
var templatesFS embed.FS

// StaticFS returns the embedded static filesystem for external use.
func StaticFS() (fs.FS, error) {
        sub, err := fs.Sub(staticFS, "static")
        if err != nil {
                return nil, fmt.Errorf("failed to get static sub-filesystem: %w", err)
        }
        return sub, nil
}

// KVStore defines the interface for key-value storage operations.
type KVStore interface {
        GetWithFormat(ctx context.Context, key string) ([]byte, string, error)
        GetInfo(ctx context.Context, key string) (store.KeyInfo, error)
        Set(ctx context.Context, key string, value []byte, format string) (created bool, err error)
        SetWithVersion(ctx context.Context, key string, value []byte, format string, expectedVersion time.Time) error
        Delete(ctx context.Context, key string) error
        List(ctx context.Context, filter enum.SecretsFilter) ([]store.KeyInfo, error)
        SecretsEnabled() bool
}

// Validator defines the interface for format validation.
type Validator interface {
        Validate(format string, value []byte) error
        IsValidFormat(format string) bool
        SupportedFormats() []string
}

// AuthProvider defines the interface for authentication operations.
type AuthProvider interface {
        Enabled() bool
        GetSessionUser(ctx context.Context, token string) (string, bool)
        FilterUserKeys(username string, keys []string) []string
        CheckUserPermission(username, key string, write bool) bool
        UserCanWrite(username string) bool
        IsAdmin(username string) bool

        IsValidUser(username, password string) bool
        CreateSession(ctx context.Context, username string) (string, error)
        InvalidateSession(ctx context.Context, token string)
        LoginTTL() time.Duration
}

// GitService defines the interface for git operations.
type GitService interface {
        Commit(req git.CommitRequest) error
        Delete(key string, author git.Author) error
        History(key string, limit int) ([]git.HistoryEntry, error)
        GetRevision(key string, rev string) ([]byte, string, error)
}

// AuditLogger defines the interface for audit log storage.
type AuditLogger interface {
        LogAudit(ctx context.Context, entry store.AuditEntry) error
}

// Config holds web handler configuration.
type Config struct {
        BaseURL      string
        PageSize     int
        AuditEnabled bool
}

// Handler handles web UI requests.
type Handler struct {
        store        KVStore
        validator    Validator
        auth         AuthProvider
        highlighter  *Highlighter
        tmpl         *template.Template
        baseURL      string
        pageSize     int
        auditEnabled bool
        git          GitService
        audit        AuditLogger
}

// New creates a new web handler.
// auditLogger is optional, pass nil to disable audit logging in web handlers.
func New(st KVStore, auth AuthProvider, val Validator, gs GitService, auditLogger AuditLogger, cfg Config) (*Handler, error) {
        tmpl, err := parseTemplates()
        if err != nil {
                return nil, fmt.Errorf("failed to parse templates: %w", err)
        }

        return &Handler{
                store:        st,
                validator:    val,
                auth:         auth,
                highlighter:  NewHighlighter(),
                tmpl:         tmpl,
                baseURL:      cfg.BaseURL,
                pageSize:     cfg.PageSize,
                auditEnabled: cfg.AuditEnabled,
                git:          gs,
                audit:        auditLogger,
        }, nil
}

// Register registers web UI routes on the given router.
func (h *Handler) Register(r *routegroup.Bundle) {
        r.HandleFunc("GET /{$}", h.handleIndex)
        r.HandleFunc("GET /web/keys", h.handleKeyList)
        r.HandleFunc("GET /web/keys/new", h.handleKeyNew)
        r.HandleFunc("GET /web/keys/view/{key...}", h.handleKeyView)
        r.HandleFunc("GET /web/keys/edit/{key...}", h.handleKeyEdit)
        r.HandleFunc("GET /web/keys/history/{key...}", h.handleKeyHistory)
        r.HandleFunc("GET /web/keys/revision/{key...}", h.handleKeyRevision)
        r.HandleFunc("POST /web/keys/restore/{key...}", h.handleKeyRestore)
        r.HandleFunc("POST /web/keys", h.handleKeyCreate)
        r.HandleFunc("PUT /web/keys/{key...}", h.handleKeyUpdate)
        r.HandleFunc("DELETE /web/keys/{key...}", h.handleKeyDelete)
        r.HandleFunc("POST /web/theme", h.handleThemeToggle)
        r.HandleFunc("POST /web/view-mode", h.handleViewModeToggle)
        r.HandleFunc("POST /web/sort", h.handleSortToggle)
        r.HandleFunc("POST /web/secrets-filter", h.handleSecretsFilterToggle)
}

// RegisterAuth registers auth routes (login/logout) on the given router.
func (h *Handler) RegisterAuth(r *routegroup.Bundle) {
        r.HandleFunc("GET /login", h.handleLoginForm)
        r.HandleFunc("POST /logout", h.handleLogout)
}

// RegisterLogin registers the login POST handler with custom middleware.
func (h *Handler) RegisterLogin(r *routegroup.Bundle, middleware func(http.Handler) http.Handler) {
        r.Handle("POST /login", middleware(http.HandlerFunc(h.handleLogin)))
}

// templateFuncs returns custom template functions.
func templateFuncs() template.FuncMap {
        // sortModeLabel returns a human-readable label for the sort mode.
        sortModeLabel := func(mode enum.SortMode) string {
                s := mode.String()
                return strings.ToUpper(s[:1]) + s[1:]
        }

        funcs := template.FuncMap{
                "formatTime": func(t time.Time) string {
                        return t.Format("2006-01-02 15:04")
                },
                "formatSize": func(size int) string {
                        if size < 1024 {
                                return strconv.Itoa(size) + " B"
                        }
                        if size < 1024*1024 {
                                return strconv.FormatFloat(float64(size)/1024, 'f', 1, 64) + " KB"
                        }
                        return strconv.FormatFloat(float64(size)/(1024*1024), 'f', 1, 64) + " MB"
                },
                "urlEncode":     url.PathEscape,
                "sortModeLabel": sortModeLabel,
                "add":           func(a, b int) int { return a + b },
                "sub":           func(a, b int) int { return a - b },
        }

        // add audit template functions
        maps.Copy(funcs, AuditTemplateFuncs())

        return funcs
}

// parseTemplates parses all templates from embedded filesystem.
func parseTemplates() (*template.Template, error) {
        tmpl := template.New("").Funcs(templateFuncs())

        // parse base template
        baseContent, err := templatesFS.ReadFile("templates/base.html")
        if err != nil {
                return nil, fmt.Errorf("read base.html: %w", err)
        }
        tmpl, err = tmpl.Parse(string(baseContent))
        if err != nil {
                return nil, fmt.Errorf("parse base.html: %w", err)
        }

        // parse login template
        loginContent, err := templatesFS.ReadFile("templates/login.html")
        if err != nil {
                return nil, fmt.Errorf("read login.html: %w", err)
        }
        _, err = tmpl.New("login.html").Parse(string(loginContent))
        if err != nil {
                return nil, fmt.Errorf("parse login.html: %w", err)
        }

        // parse index template
        indexContent, err := templatesFS.ReadFile("templates/index.html")
        if err != nil {
                return nil, fmt.Errorf("read index.html: %w", err)
        }
        _, err = tmpl.New("index.html").Parse(string(indexContent))
        if err != nil {
                return nil, fmt.Errorf("parse index.html: %w", err)
        }

        // parse audit template
        auditContent, err := templatesFS.ReadFile("templates/audit.html")
        if err != nil {
                return nil, fmt.Errorf("read audit.html: %w", err)
        }
        _, err = tmpl.New("audit.html").Parse(string(auditContent))
        if err != nil {
                return nil, fmt.Errorf("parse audit.html: %w", err)
        }

        // parse partials
        partials := []string{"keys-table", "form", "view", "history", "revision", "error", "audit-table"}
        for _, name := range partials {
                content, readErr := templatesFS.ReadFile("templates/partials/" + name + ".html")
                if readErr != nil {
                        return nil, fmt.Errorf("read partial %s: %w", name, readErr)
                }
                _, parseErr := tmpl.New(name).Parse(string(content))
                if parseErr != nil {
                        return nil, fmt.Errorf("parse partial %s: %w", name, parseErr)
                }
        }

        return tmpl, nil
}

// keyWithPermission wraps KeyInfo with per-key write permission.
type keyWithPermission struct {
        store.KeyInfo
        CanWrite bool // user has write permission for this specific key
}

// conflictData holds conflict detection fields for optimistic locking.
type conflictData struct {
        UpdatedAt       int64  // unix timestamp when key was loaded (for optimistic locking)
        Conflict        bool   // true when a conflict was detected on save
        ServerValue     string // current server value (shown during conflict)
        ServerFormat    string // current server format (shown during conflict)
        ServerUpdatedAt int64  // server's updated_at timestamp (for retry after conflict)
}

// paginationData holds pagination state.
type paginationData struct {
        Page       int  // current page (1-based)
        TotalPages int  // total number of pages
        TotalKeys  int  // total keys after filtering (before pagination)
        HasPrev    bool // has previous page
        HasNext    bool // has next page
}

// secretsData holds secrets filter state.
type secretsData struct {
        SecretsFilter  enum.SecretsFilter // current filter mode (all/secrets/keys)
        SecretsEnabled bool               // secrets feature enabled
}

// historyData holds git history state.
type historyData struct {
        GitEnabled bool               // git integration enabled
        History    []git.HistoryEntry // commit history entries
        RevHash    string             // specific revision hash being viewed
}

// templateData holds data passed to templates.
type templateData struct {
        // key display fields
        Keys           []keyWithPermission
        Key            string
        Value          string
        HighlightedVal template.HTML // syntax-highlighted value for view modal
        Format         string        // format type (text, json, yaml, etc.)
        Formats        []string      // available format options
        IsBinary       bool
        IsNew          bool
        ZKEncrypted    bool // true if value is ZK-encrypted (client-side encryption)

        // display settings
        Theme    enum.Theme
        ViewMode enum.ViewMode
        SortMode enum.SortMode

        // form state
        Search   string
        Error    string
        CanForce bool // allow force submit despite error (for validation errors, not conflicts)

        // auth and permissions
        AuthEnabled  bool
        AuditEnabled bool // audit feature enabled (for showing audit link)
        BaseURL      string
        CanWrite     bool   // user has write permission (for showing edit controls)
        Username     string // current logged-in username
        IsAdmin      bool   // user has admin privileges

        // modal sizing
        ModalWidth     int
        TextareaHeight int

        // embedded groups
        conflictData
        paginationData
        secretsData
        historyData
}

// getTheme returns the current theme from cookie, defaulting to system.
func (h *Handler) getTheme(r *http.Request) enum.Theme {
        if c, err := r.Cookie("theme"); err == nil {
                if theme, err := enum.ParseTheme(c.Value); err == nil {
                        return theme
                }
        }
        return enum.ThemeSystem
}

// getViewMode returns the current view mode from cookie, defaulting to grid.
func (h *Handler) getViewMode(r *http.Request) enum.ViewMode {
        if c, err := r.Cookie("view_mode"); err == nil {
                if mode, err := enum.ParseViewMode(c.Value); err == nil {
                        return mode
                }
        }
        return enum.ViewModeGrid
}

// getSortMode returns the current sort mode from cookie, defaulting to updated.
func (h *Handler) getSortMode(r *http.Request) enum.SortMode {
        if c, err := r.Cookie("sort_mode"); err == nil {
                if mode, err := enum.ParseSortMode(c.Value); err == nil {
                        return mode
                }
        }
        return enum.SortModeUpdated
}

// getSecretsFilter returns the current secrets filter from cookie, defaulting to all.
func (h *Handler) getSecretsFilter(r *http.Request) enum.SecretsFilter {
        if c, err := r.Cookie("secrets_filter"); err == nil {
                if filter, err := enum.ParseSecretsFilter(c.Value); err == nil {
                        return filter
                }
        }
        return enum.SecretsFilterAll
}

// listParams holds view state parameters extracted from cookies and Set-Cookie headers.
type listParams struct {
        viewMode      enum.ViewMode
        sortMode      enum.SortMode
        secretsFilter enum.SecretsFilter
}

// getListParams extracts view/sort/filter state, checking Set-Cookie header for just-set values.
// this is needed when toggle handlers set cookie and then call handleKeyList in same request.
func (h *Handler) getListParams(w http.ResponseWriter, r *http.Request) listParams {
        p := listParams{
                viewMode:      h.getViewMode(r),
                sortMode:      h.getSortMode(r),
                secretsFilter: h.getSecretsFilter(r),
        }
        for _, c := range w.Header()["Set-Cookie"] {
                switch {
                case strings.Contains(c, "view_mode=cards"):
                        p.viewMode = enum.ViewModeCards
                case strings.Contains(c, "view_mode=grid"):
                        p.viewMode = enum.ViewModeGrid
                case strings.Contains(c, "sort_mode=key"):
                        p.sortMode = enum.SortModeKey
                case strings.Contains(c, "sort_mode=size"):
                        p.sortMode = enum.SortModeSize
                case strings.Contains(c, "sort_mode=created"):
                        p.sortMode = enum.SortModeCreated
                case strings.Contains(c, "sort_mode=updated"):
                        p.sortMode = enum.SortModeUpdated
                case strings.Contains(c, "secrets_filter=all"):
                        p.secretsFilter = enum.SecretsFilterAll
                case strings.Contains(c, "secrets_filter=secretsonly"):
                        p.secretsFilter = enum.SecretsFilterSecretsOnly
                case strings.Contains(c, "secrets_filter=keysonly"):
                        p.secretsFilter = enum.SecretsFilterKeysOnly
                }
        }
        return p
}

// url returns a URL path with the base URL prefix.
func (h *Handler) url(path string) string {
        return h.baseURL + path
}

// cookiePath returns the path for cookies (base URL with trailing slash or "/").
func (h *Handler) cookiePath() string {
        if h.baseURL == "" {
                return "/"
        }
        return h.baseURL + "/"
}

// getCurrentUser returns the username from the session cookie, or empty string if not logged in.
func (h *Handler) getCurrentUser(r *http.Request) string {
        for _, cookieName := range cookie.SessionCookieNames {
                if c, err := r.Cookie(cookieName); err == nil {
                        if username, ok := h.auth.GetSessionUser(r.Context(), c.Value); ok {
                                return username
                        }
                }
        }
        return ""
}

// getIdentityForLog returns identity string for audit logging.
// returns "user:xxx" for authenticated users, "anonymous" otherwise.
func (h *Handler) getIdentityForLog(r *http.Request) string {
        if username := h.getCurrentUser(r); username != "" {
                return "user:" + username
        }
        return "anonymous"
}

// getAuthor returns git author for the given username.
func (h *Handler) getAuthor(username string) git.Author {
        if username == "" {
                return git.DefaultAuthor()
        }
        return git.Author{Name: username, Email: username + "@stash"}
}

// sortByMode sorts a slice by the given mode using a key accessor.
func (h *Handler) sortByMode(keys []keyWithPermission, mode enum.SortMode) {
        switch mode {
        case enum.SortModeKey:
                sort.Slice(keys, func(i, j int) bool {
                        return strings.ToLower(keys[i].Key) < strings.ToLower(keys[j].Key)
                })
        case enum.SortModeSize:
                sort.Slice(keys, func(i, j int) bool {
                        return keys[i].Size > keys[j].Size // largest first
                })
        case enum.SortModeCreated:
                sort.Slice(keys, func(i, j int) bool {
                        return keys[i].CreatedAt.After(keys[j].CreatedAt) // newest first
                })
        default: // updated
                sort.Slice(keys, func(i, j int) bool {
                        return keys[i].UpdatedAt.After(keys[j].UpdatedAt) // newest first
                })
        }
}

// valueForDisplay converts a byte slice to a display string, detecting binary content.
func (h *Handler) valueForDisplay(value []byte) (string, bool) {
        if !utf8.Valid(value) {
                return base64.StdEncoding.EncodeToString(value), true
        }
        return string(value), false
}

// valueFromForm converts form input back to bytes, handling binary encoding.
func (h *Handler) valueFromForm(value string, isBinary bool) ([]byte, error) {
        if isBinary {
                decoded, err := base64.StdEncoding.DecodeString(value)
                if err != nil {
                        return nil, fmt.Errorf("decode base64: %w", err)
                }
                return decoded, nil
        }
        return []byte(value), nil
}

// filterBySearch filters keys by search term.
func (h *Handler) filterBySearch(keys []keyWithPermission, search string) []keyWithPermission {
        if search == "" {
                return keys
        }
        search = strings.ToLower(search)
        var filtered []keyWithPermission
        for _, k := range keys {
                if strings.Contains(strings.ToLower(k.Key), search) {
                        filtered = append(filtered, k)
                }
        }
        return filtered
}

// paginateResult holds the result of pagination.
type paginateResult struct {
        keys       []keyWithPermission
        page       int
        totalPages int
        hasPrev    bool
        hasNext    bool
}

// paginate applies pagination to a slice of keys and returns pagination info.
// page is 1-based, pageSize is the max keys per page.
func (h *Handler) paginate(keys []keyWithPermission, page, pageSize int) paginateResult {
        total := len(keys)
        if pageSize <= 0 {
                return paginateResult{keys: keys, page: 1, totalPages: 1}
        }

        totalPages := (total + pageSize - 1) / pageSize
        if totalPages == 0 {
                totalPages = 1
        }
        if page < 1 {
                page = 1
        }
        if page > totalPages {
                page = totalPages
        }

        start := (page - 1) * pageSize
        end := start + pageSize
        if start >= total {
                return paginateResult{page: page, totalPages: totalPages, hasPrev: page > 1}
        }
        if end > total {
                end = total
        }
        return paginateResult{keys: keys[start:end], page: page, totalPages: totalPages, hasPrev: page > 1, hasNext: page < totalPages}
}

// filterKeysByPermission filters keys based on user permissions and wraps with write permission info.
func (h *Handler) filterKeysByPermission(username string, keys []store.KeyInfo) []keyWithPermission {
        keyNames := make([]string, len(keys))
        for i, k := range keys {
                keyNames[i] = k.Key
        }
        allowedKeys := h.auth.FilterUserKeys(username, keyNames)
        allowedSet := make(map[string]bool, len(allowedKeys))
        for _, k := range allowedKeys {
                allowedSet[k] = true
        }
        var filtered []keyWithPermission
        for _, k := range keys {
                if allowedSet[k.Key] {
                        filtered = append(filtered, keyWithPermission{
                                KeyInfo:  k,
                                CanWrite: h.auth.CheckUserPermission(username, k.Key, true),
                        })
                }
        }
        return filtered
}

// logAudit logs an audit entry if audit logging is enabled.
func (h *Handler) logAudit(r *http.Request, key string, action enum.AuditAction, result enum.AuditResult, valueSize *int) {
        if h.audit == nil {
                return
        }

        username := h.getCurrentUser(r)
        actorType := enum.ActorTypePublic
        actor := "anonymous"
        if username != "" {
                actor = username
                actorType = enum.ActorTypeUser
        }

        ip, _ := realip.Get(r)

        entry := store.AuditEntry{
                Timestamp: time.Now(),
                Action:    action,
                Key:       key,
                Actor:     actor,
                ActorType: actorType,
                Result:    result,
                IP:        ip,
                UserAgent: r.UserAgent(),
                RequestID: r.Header.Get("X-Request-ID"),
                ValueSize: valueSize,
        }

        if err := h.audit.LogAudit(r.Context(), entry); err != nil {
                log.Printf("[WARN] failed to log audit entry for web operation: %v", err)
        }
}

umputun / stash / 20634302296

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous