mirror of
https://github.com/lukaszraczylo/gohoarder.git
synced 2026-06-29 03:12:54 +00:00
chore(schema): migrate to GORM V2 with multi-database support
- [x] Implement GORM V2 metadata store with SQLite, PostgreSQL, and MySQL support - [x] Add database migration system using gormigrate for schema versioning - [x] Create migration CLI tool with support for migrate, rollback, and status commands - [x] Add Docker support for migration container (Dockerfile.migrate) - [x] Implement automatic partition management for PostgreSQL time-series tables - [x] Add background aggregation worker for download statistics - [x] Support connection pooling configuration (max_open_conns, max_idle_conns, conn_max_lifetime) - [x] Add blocking mechanism based on vulnerability thresholds in stats and handlers - [x] Update Helm charts with migration init containers and multi-database configuration - [x] Replace deprecated SQLite store with optimized GORM implementation - [x] Add comprehensive integration tests for MySQL and PostgreSQL - [x] Update frontend to display blocked packages and storage utilization - [x] Add goreleaser configuration for migrate binary and container image - [x] Update configuration examples with database backend options and recommendations
This commit is contained in:
+72
-7
@@ -19,7 +19,7 @@ import (
|
||||
"github.com/lukaszraczylo/gohoarder/pkg/health"
|
||||
"github.com/lukaszraczylo/gohoarder/pkg/metadata"
|
||||
metafile "github.com/lukaszraczylo/gohoarder/pkg/metadata/file"
|
||||
metasqlite "github.com/lukaszraczylo/gohoarder/pkg/metadata/sqlite"
|
||||
metagorm "github.com/lukaszraczylo/gohoarder/pkg/metadata/gormstore"
|
||||
"github.com/lukaszraczylo/gohoarder/pkg/metrics"
|
||||
"github.com/lukaszraczylo/gohoarder/pkg/network"
|
||||
"github.com/lukaszraczylo/gohoarder/pkg/prewarming"
|
||||
@@ -119,18 +119,67 @@ func (a *App) initializeComponents() error {
|
||||
log.Info().Str("backend", a.config.Metadata.Backend).Msg("Initializing metadata store")
|
||||
switch a.config.Metadata.Backend {
|
||||
case "sqlite":
|
||||
a.metadata, err = metasqlite.New(metasqlite.Config{
|
||||
Path: a.config.Metadata.Connection,
|
||||
WALMode: a.config.Metadata.SQLite.WALMode,
|
||||
// Use GORM for SQLite
|
||||
a.metadata, err = metagorm.NewV2(metagorm.Config{
|
||||
Driver: "sqlite",
|
||||
DSN: metagorm.BuildSQLiteDSN(a.config.Metadata.SQLite.Path, a.config.Metadata.SQLite.WALMode),
|
||||
MaxOpenConns: getOrDefault(a.config.Metadata.MaxOpenConns, 25),
|
||||
MaxIdleConns: getOrDefault(a.config.Metadata.MaxIdleConns, 5),
|
||||
ConnMaxLifetime: time.Duration(getOrDefault(a.config.Metadata.ConnMaxLifetime, 3600)) * time.Second,
|
||||
LogLevel: getOrDefaultStr(a.config.Metadata.LogLevel, "warn"),
|
||||
})
|
||||
|
||||
case "postgresql", "postgres":
|
||||
// Use GORM for PostgreSQL
|
||||
dsn := metagorm.BuildPostgresDSN(
|
||||
a.config.Metadata.PostgreSQL.Host,
|
||||
a.config.Metadata.PostgreSQL.Port,
|
||||
a.config.Metadata.PostgreSQL.User,
|
||||
a.config.Metadata.PostgreSQL.Password,
|
||||
a.config.Metadata.PostgreSQL.Database,
|
||||
getOrDefaultStr(a.config.Metadata.PostgreSQL.SSLMode, "disable"),
|
||||
)
|
||||
a.metadata, err = metagorm.NewV2(metagorm.Config{
|
||||
Driver: "postgres",
|
||||
DSN: dsn,
|
||||
MaxOpenConns: getOrDefault(a.config.Metadata.MaxOpenConns, 25),
|
||||
MaxIdleConns: getOrDefault(a.config.Metadata.MaxIdleConns, 5),
|
||||
ConnMaxLifetime: time.Duration(getOrDefault(a.config.Metadata.ConnMaxLifetime, 3600)) * time.Second,
|
||||
LogLevel: getOrDefaultStr(a.config.Metadata.LogLevel, "warn"),
|
||||
})
|
||||
|
||||
case "mysql", "mariadb":
|
||||
// Use GORM for MySQL/MariaDB
|
||||
dsn := metagorm.BuildMySQLDSN(
|
||||
a.config.Metadata.MySQL.Host,
|
||||
a.config.Metadata.MySQL.Port,
|
||||
a.config.Metadata.MySQL.User,
|
||||
a.config.Metadata.MySQL.Password,
|
||||
a.config.Metadata.MySQL.Database,
|
||||
getOrDefaultStr(a.config.Metadata.MySQL.Charset, "utf8mb4"),
|
||||
)
|
||||
a.metadata, err = metagorm.NewV2(metagorm.Config{
|
||||
Driver: "mysql",
|
||||
DSN: dsn,
|
||||
MaxOpenConns: getOrDefault(a.config.Metadata.MaxOpenConns, 25),
|
||||
MaxIdleConns: getOrDefault(a.config.Metadata.MaxIdleConns, 5),
|
||||
ConnMaxLifetime: time.Duration(getOrDefault(a.config.Metadata.ConnMaxLifetime, 3600)) * time.Second,
|
||||
LogLevel: getOrDefaultStr(a.config.Metadata.LogLevel, "warn"),
|
||||
})
|
||||
|
||||
case "file":
|
||||
// Keep file backend as-is for file-based metadata
|
||||
a.metadata, err = metafile.New(metafile.Config{
|
||||
Path: a.config.Metadata.Connection,
|
||||
})
|
||||
|
||||
default:
|
||||
a.metadata, err = metasqlite.New(metasqlite.Config{
|
||||
Path: "gohoarder.db",
|
||||
WALMode: false, // Default to DELETE mode for compatibility
|
||||
// Default to SQLite with GORM
|
||||
log.Warn().Str("backend", a.config.Metadata.Backend).Msg("Unknown metadata backend, defaulting to SQLite with GORM")
|
||||
a.metadata, err = metagorm.NewV2(metagorm.Config{
|
||||
Driver: "sqlite",
|
||||
DSN: metagorm.BuildSQLiteDSN("gohoarder.db", false),
|
||||
LogLevel: "warn",
|
||||
})
|
||||
}
|
||||
if err != nil {
|
||||
@@ -479,3 +528,19 @@ func (a *App) startAggregationWorker(ctx context.Context) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// getOrDefault returns the value if it's non-zero, otherwise returns the default
|
||||
func getOrDefault(value, defaultValue int) int {
|
||||
if value == 0 {
|
||||
return defaultValue
|
||||
}
|
||||
return value
|
||||
}
|
||||
|
||||
// getOrDefaultStr returns the value if it's non-empty, otherwise returns the default
|
||||
func getOrDefaultStr(value, defaultValue string) string {
|
||||
if value == "" {
|
||||
return defaultValue
|
||||
}
|
||||
return value
|
||||
}
|
||||
|
||||
+27
-6
@@ -142,6 +142,13 @@ func (a *App) handleListPackages(c *fiber.Ctx) error {
|
||||
severityCounts[strings.ToUpper(vuln.Severity)]++
|
||||
}
|
||||
|
||||
// Check if package should be blocked based on thresholds
|
||||
isBlocked := false
|
||||
if a.scanManager != nil {
|
||||
blocked, _, _ := a.scanManager.CheckVulnerabilities(ctx, pkg.Registry, entry.originalName, pkg.Version)
|
||||
isBlocked = blocked
|
||||
}
|
||||
|
||||
pkgMap["vulnerabilities"] = map[string]interface{}{
|
||||
"scanned": true,
|
||||
"status": scanResult.Status,
|
||||
@@ -152,18 +159,21 @@ func (a *App) handleListPackages(c *fiber.Ctx) error {
|
||||
"moderate": severityCounts["MODERATE"],
|
||||
"low": severityCounts["LOW"],
|
||||
},
|
||||
"total": scanResult.VulnerabilityCount,
|
||||
"total": scanResult.VulnerabilityCount,
|
||||
"isBlocked": isBlocked,
|
||||
}
|
||||
} else {
|
||||
pkgMap["vulnerabilities"] = map[string]interface{}{
|
||||
"scanned": false,
|
||||
"status": "pending",
|
||||
"scanned": false,
|
||||
"status": "pending",
|
||||
"isBlocked": false,
|
||||
}
|
||||
}
|
||||
} else {
|
||||
pkgMap["vulnerabilities"] = map[string]interface{}{
|
||||
"scanned": false,
|
||||
"status": "not_scanned",
|
||||
"scanned": false,
|
||||
"status": "not_scanned",
|
||||
"isBlocked": false,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -351,8 +361,9 @@ func (a *App) handleStats(c *fiber.Ctx) error {
|
||||
packages = []*metadata.Package{}
|
||||
}
|
||||
|
||||
// Calculate per-registry breakdown (exclude metadata entries like "list", "latest")
|
||||
// Calculate per-registry breakdown and blocked packages count
|
||||
registryStats := make(map[string]map[string]interface{})
|
||||
blockedCount := int64(0)
|
||||
|
||||
for _, pkg := range packages {
|
||||
// Skip metadata entries (npm metadata pages, pypi pages, etc.)
|
||||
@@ -371,6 +382,14 @@ func (a *App) handleStats(c *fiber.Ctx) error {
|
||||
registryStats[pkg.Registry]["count"] = registryStats[pkg.Registry]["count"].(int) + 1
|
||||
registryStats[pkg.Registry]["size"] = registryStats[pkg.Registry]["size"].(int64) + pkg.Size
|
||||
registryStats[pkg.Registry]["downloads"] = registryStats[pkg.Registry]["downloads"].(int64) + int64(pkg.DownloadCount)
|
||||
|
||||
// Check if package is blocked (only if security scanning is enabled and package is scanned)
|
||||
if a.config.Security.Enabled && a.scanManager != nil && pkg.SecurityScanned {
|
||||
blocked, _, _ := a.scanManager.CheckVulnerabilities(ctx, pkg.Registry, pkg.Name, pkg.Version)
|
||||
if blocked {
|
||||
blockedCount++
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Combine statistics using database stats for accuracy
|
||||
@@ -378,12 +397,14 @@ func (a *App) handleStats(c *fiber.Ctx) error {
|
||||
"total_packages": cacheStats.TotalPackages,
|
||||
"total_downloads": cacheStats.TotalDownloads,
|
||||
"total_size": cacheStats.TotalSize,
|
||||
"max_cache_size": a.config.Cache.MaxSizeBytes,
|
||||
"cache_hits": cacheStats.TotalDownloads,
|
||||
"cache_misses": 0, // TODO: Track cache misses
|
||||
"cache_evictions": 0, // TODO: Track evictions
|
||||
"cache_size": cacheStats.TotalSize,
|
||||
"scanned_packages": cacheStats.ScannedPackages,
|
||||
"vulnerable_packages": cacheStats.VulnerablePackages,
|
||||
"blocked_packages": blockedCount,
|
||||
}
|
||||
|
||||
// Convert registry stats to interface map
|
||||
|
||||
Reference in New Issue
Block a user