mirror of
https://github.com/lukaszraczylo/gohoarder.git
synced 2026-07-12 04:50:45 +00:00
e39d6a0f0d
Multi-agent audit + fix pass covering bugs, security, dead config wiring,
and missing features. All quality gates green: build/vet/test -race/govulncheck/
golangci-lint. Frontend tests 47/47.
SECURITY & CORRECTNESS
- Scanner pipeline fail-closed: cache.go scan timeout now 503 (was goto servePkg);
scanner.go all-scanners-fail saves ScanStatusError; CheckVulnerabilities blocks
on missing/error result instead of allowing.
- Scanner argv corrections: govulncheck source-mode + go.mod discovery;
npm-audit generates lockfile via npm install --package-lock-only --ignore-scripts;
pip-audit per-extension dispatch (wheel direct / sdist extract+pyproject).
- GHSA version-range filtering implemented (was always-include); url.QueryEscape
on package name.
- pypi SSRF closed via host allowlist on original_url; url.QueryEscape on
rewriteURL output.
- Path traversal: cache temp file uses os.CreateTemp; smb keyToPath sanitized;
filesystem keyToPath returns error + filepath.Abs prefix-verify.
- Goroutine leaks plugged: cache.cleanupWorker stop channel; auth.ValidationCache
Stop() with sync.Once; ws.unregister buffered with non-blocking send.
- WebSocket double-close panic fixed via sync.Once Client.closeSend().
- Race conditions: gormstore.registryCache sync.RWMutex (was concurrent map
panic); auth.LastUsedAt no longer mutated under RLock; analytics strict
lock-ordering invariant (statsMu before downloadsMu).
- Auth validator fails CLOSED on transport/unknown-status errors (was returning
true,err 'allow cache fallback').
- Credential cache hash full SHA256 (was 8-byte truncate; eliminates 2^32
collision risk).
- filesystem.fs.used incremented after successful rename (no quota inflation
race).
- gormstore aggregation events deleted in same tx as insert (no double-counting).
- gormstore.SavePackage uses Updates(map) so zero-value security flags
(RequiresAuth=false) can be cleared.
- partition_manager validates partition name regex before DROP TABLE.
- vcs/git: version regex validation rejects --option-injection; checkout uses
--detach -- separator; removed TrimPrefix(repo,'v') that corrupted vault/
vitess/vim-go.
- WebSocket CheckOrigin allowlist (was return true; CSWSH closed); same-origin
default + ServerConfig.AllowedOrigins.
- fiber CVE GO-2026-4543 patched (v2.52.10 -> v2.52.12).
FUNCTIONAL FEATURES
- API key DB persistence: APIKeyModel + migration 202604280002, full CRUD,
async LastUsedAt updates with WaitGroup-tracked goroutines drained on Close.
- Admin bootstrap via GOHOARDER_BOOTSTRAP_ADMIN_KEY env var; idempotent
(skipped when non-revoked admin already exists).
- Auth middleware factory in pkg/app: RequireAuth, RequireRole, RequirePermission,
OptionalAuth. Mounted on proxy + read APIs when Auth.Enabled=true.
DELETE /api/packages/* requires admin role. /health public for k8s probes.
- NFS storage backend: pkg/storage/nfs wraps filesystem with /proc/mounts
detection (Linux), post-write fsync, read-after-write health probe.
- WebSocket real-time pipeline: pkg/events Broadcaster interface; cache + scanner
managers emit EventPackageCached / EventPackageDownloaded / EventScanComplete;
app.go runs 30s EventStatsUpdate ticker. Frontend has full WS client (reconnect
with exponential backoff 1s->30s, 25s heartbeat, subscriber pattern), Pinia
realtime store, Dashboard live indicator + activity feed + reactive stats
override.
- TLS termination: fiber.ListenTLS when Server.TLS.Enabled.
- Pre-warming: Prewarming.Enabled flag wired (was hardcoded false); Interval,
MaxConcurrent, TopPackages plumbed.
- NetworkConfig wired (timeouts, retry, rate-limit, circuit-breaker).
- AuthConfig.BcryptCost wired.
- Security.Scanners.Static.MaxPackageSize plumbed to cache.io.LimitReader.
- Handlers.{Go,NPM,PyPI}.Enabled gates route mounting.
- Graceful shutdown: authManager.Close drains async writes.
LINT/HYGIENE
- 80 golangci-lint issues resolved: errcheck (Close/Write/RemoveAll wrapped),
gofmt, gosec G104/G306, govet shadow renames + fieldalignment reorders,
staticcheck ST1000 pkg comments + QF1003 tagged switches + QF1008 embedded
field selectors + QF1001 De Morgan's law.
BEHAVIOR CHANGES
- Scanner now fail-closed: deployments without scanner binaries
(trivy/govulncheck/npm-audit/pip-audit/grype) BLOCK packages instead of
serving unscanned. Add binaries or plan a future allow-on-scan-error flag.
- WS origin defaults to same-origin; cross-origin dashboards must set
server.allowed_origins.
- Validator no longer fails open; private packages won't serve from cache when
validation can't be performed.
- download_events retention dropped from 24h to ~5min (deleted in agg tx).
Migration 202604280001 purges pre-upgrade events.
- DELETE /api/packages/* requires admin role when auth enabled.
NEW PACKAGES
- pkg/events - Broadcaster interface
- pkg/storage/nfs - NFS-aware filesystem wrapper
DEFERRED (out of scope this pass)
- Static scanner implementation (config defines AllowedLicenses/MaxPackageSize/
BlockSuspicious but pkg/scanner/static/ does not exist).
- AuthConfig.AuditLog wiring (no audit log infra yet).
- CacheConfig.TTLOverrides passthrough (would touch cache.Config beyond
integrator scope).
314 lines
7.4 KiB
Go
314 lines
7.4 KiB
Go
// Package prewarming runs background workers that pre-fetch hot packages
|
|
// to reduce first-request latency.
|
|
package prewarming
|
|
|
|
import (
|
|
"context"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/lukaszraczylo/gohoarder/pkg/analytics"
|
|
"github.com/lukaszraczylo/gohoarder/pkg/cache"
|
|
"github.com/lukaszraczylo/gohoarder/pkg/network"
|
|
"github.com/rs/zerolog/log"
|
|
)
|
|
|
|
// PackageInfo represents a package to pre-warm
|
|
type PackageInfo struct {
|
|
Registry string
|
|
Name string
|
|
Version string
|
|
Priority int
|
|
}
|
|
|
|
// Worker handles background pre-warming of popular packages
|
|
type Worker struct {
|
|
cache *cache.Manager
|
|
analytics *analytics.Engine
|
|
client *network.Client
|
|
stopChan chan struct{}
|
|
wg sync.WaitGroup
|
|
interval time.Duration
|
|
maxConcurrent int
|
|
enabled bool
|
|
}
|
|
|
|
// Config holds pre-warming worker configuration
|
|
type Config struct {
|
|
CacheManager *cache.Manager
|
|
Analytics *analytics.Engine
|
|
NetworkClient *network.Client
|
|
Interval time.Duration
|
|
MaxConcurrent int
|
|
TopPackages int
|
|
Enabled bool
|
|
}
|
|
|
|
// NewWorker creates a new pre-warming worker
|
|
func NewWorker(cfg Config) *Worker {
|
|
if cfg.Interval <= 0 {
|
|
cfg.Interval = 1 * time.Hour
|
|
}
|
|
if cfg.MaxConcurrent <= 0 {
|
|
cfg.MaxConcurrent = 5
|
|
}
|
|
if cfg.TopPackages <= 0 {
|
|
cfg.TopPackages = 100
|
|
}
|
|
|
|
worker := &Worker{
|
|
cache: cfg.CacheManager,
|
|
analytics: cfg.Analytics,
|
|
client: cfg.NetworkClient,
|
|
interval: cfg.Interval,
|
|
maxConcurrent: cfg.MaxConcurrent,
|
|
enabled: cfg.Enabled,
|
|
stopChan: make(chan struct{}),
|
|
}
|
|
|
|
if cfg.Enabled {
|
|
log.Info().
|
|
Dur("interval", cfg.Interval).
|
|
Int("max_concurrent", cfg.MaxConcurrent).
|
|
Msg("Pre-warming worker initialized")
|
|
} else {
|
|
log.Info().Msg("Pre-warming worker disabled")
|
|
}
|
|
|
|
return worker
|
|
}
|
|
|
|
// Start begins the pre-warming worker
|
|
func (w *Worker) Start(ctx context.Context) {
|
|
if !w.enabled {
|
|
log.Debug().Msg("Pre-warming worker is disabled, not starting")
|
|
return
|
|
}
|
|
|
|
w.wg.Add(1)
|
|
go w.run(ctx)
|
|
log.Info().Msg("Pre-warming worker started")
|
|
}
|
|
|
|
// run is the main worker loop
|
|
func (w *Worker) run(ctx context.Context) {
|
|
defer w.wg.Done()
|
|
|
|
ticker := time.NewTicker(w.interval)
|
|
defer ticker.Stop()
|
|
|
|
// Run immediately on start
|
|
w.prewarmPopularPackages(ctx)
|
|
|
|
for {
|
|
select {
|
|
case <-ctx.Done():
|
|
log.Info().Msg("Pre-warming worker stopping due to context cancellation")
|
|
return
|
|
case <-w.stopChan:
|
|
log.Info().Msg("Pre-warming worker stopped")
|
|
return
|
|
case <-ticker.C:
|
|
w.prewarmPopularPackages(ctx)
|
|
}
|
|
}
|
|
}
|
|
|
|
// prewarmPopularPackages fetches and caches popular packages
|
|
func (w *Worker) prewarmPopularPackages(ctx context.Context) {
|
|
log.Info().Msg("Starting pre-warming cycle")
|
|
|
|
// Get popular packages from analytics
|
|
popularPackages := w.analytics.GetTopPackages(100)
|
|
if len(popularPackages) == 0 {
|
|
log.Debug().Msg("No popular packages found for pre-warming")
|
|
return
|
|
}
|
|
|
|
// Get trending packages for additional candidates
|
|
trendingPackages := w.analytics.GetTrendingPackages(50)
|
|
|
|
// Combine and deduplicate
|
|
packages := w.combinePackages(popularPackages, trendingPackages)
|
|
|
|
log.Info().
|
|
Int("packages", len(packages)).
|
|
Msg("Identified packages for pre-warming")
|
|
|
|
// Create work queue
|
|
workChan := make(chan PackageInfo, len(packages))
|
|
for _, pkg := range packages {
|
|
workChan <- PackageInfo{
|
|
Registry: pkg.Registry,
|
|
Name: pkg.Name,
|
|
Version: "latest", // Pre-warm latest version
|
|
Priority: int(pkg.Downloads),
|
|
}
|
|
}
|
|
close(workChan)
|
|
|
|
// Start worker goroutines
|
|
var wg sync.WaitGroup
|
|
for i := 0; i < w.maxConcurrent; i++ {
|
|
wg.Add(1)
|
|
go func(workerID int) {
|
|
defer wg.Done()
|
|
w.processPackages(ctx, workerID, workChan)
|
|
}(i)
|
|
}
|
|
|
|
wg.Wait()
|
|
log.Info().Msg("Pre-warming cycle completed")
|
|
}
|
|
|
|
// processPackages processes packages from the work queue
|
|
func (w *Worker) processPackages(ctx context.Context, workerID int, workChan <-chan PackageInfo) {
|
|
for pkg := range workChan {
|
|
select {
|
|
case <-ctx.Done():
|
|
return
|
|
default:
|
|
w.prewarmPackage(ctx, pkg, workerID)
|
|
}
|
|
}
|
|
}
|
|
|
|
// prewarmPackage fetches and caches a single package
|
|
func (w *Worker) prewarmPackage(ctx context.Context, pkg PackageInfo, workerID int) {
|
|
log.Debug().
|
|
Int("worker", workerID).
|
|
Str("registry", pkg.Registry).
|
|
Str("package", pkg.Name).
|
|
Str("version", pkg.Version).
|
|
Msg("Pre-warming package")
|
|
|
|
// Build URL based on registry
|
|
url := w.buildPackageURL(pkg)
|
|
if url == "" {
|
|
log.Warn().
|
|
Str("registry", pkg.Registry).
|
|
Str("package", pkg.Name).
|
|
Msg("Cannot build URL for registry")
|
|
return
|
|
}
|
|
|
|
// Fetch package from upstream
|
|
reqCtx, cancel := context.WithTimeout(ctx, 5*time.Minute)
|
|
defer cancel()
|
|
|
|
body, statusCode, err := w.client.Get(reqCtx, url, nil)
|
|
if err != nil {
|
|
log.Error().
|
|
Err(err).
|
|
Str("package", pkg.Name).
|
|
Msg("Failed to fetch package for pre-warming")
|
|
return
|
|
}
|
|
defer func() { _ = body.Close() }() // #nosec G104 -- Cleanup, error not critical
|
|
|
|
if statusCode != 200 {
|
|
log.Warn().
|
|
Int("status", statusCode).
|
|
Str("package", pkg.Name).
|
|
Msg("Non-200 response for package")
|
|
return
|
|
}
|
|
|
|
// Cache the package
|
|
// In a real implementation, this would read the response body and store it
|
|
log.Info().
|
|
Str("package", pkg.Name).
|
|
Str("version", pkg.Version).
|
|
Msg("Successfully pre-warmed package")
|
|
}
|
|
|
|
// buildPackageURL builds the upstream URL for a package
|
|
func (w *Worker) buildPackageURL(pkg PackageInfo) string {
|
|
// This is simplified - in reality, each registry has different URL patterns
|
|
switch pkg.Registry {
|
|
case "npm":
|
|
return "https://registry.npmjs.org/" + pkg.Name
|
|
case "pypi":
|
|
return "https://pypi.org/simple/" + pkg.Name + "/"
|
|
case "go":
|
|
// Go modules use different URL patterns
|
|
return "https://proxy.golang.org/" + pkg.Name + "/@latest"
|
|
default:
|
|
return ""
|
|
}
|
|
}
|
|
|
|
// combinePackages merges popular and trending packages, removing duplicates
|
|
func (w *Worker) combinePackages(popular, trending []analytics.PopularPackage) []analytics.PopularPackage {
|
|
seen := make(map[string]bool)
|
|
result := make([]analytics.PopularPackage, 0, len(popular)+len(trending))
|
|
|
|
for _, pkg := range popular {
|
|
key := pkg.Registry + ":" + pkg.Name
|
|
if !seen[key] {
|
|
result = append(result, pkg)
|
|
seen[key] = true
|
|
}
|
|
}
|
|
|
|
for _, pkg := range trending {
|
|
key := pkg.Registry + ":" + pkg.Name
|
|
if !seen[key] {
|
|
result = append(result, pkg)
|
|
seen[key] = true
|
|
}
|
|
}
|
|
|
|
return result
|
|
}
|
|
|
|
// Stop gracefully stops the pre-warming worker
|
|
func (w *Worker) Stop() {
|
|
if !w.enabled {
|
|
return
|
|
}
|
|
|
|
log.Info().Msg("Stopping pre-warming worker")
|
|
close(w.stopChan)
|
|
w.wg.Wait()
|
|
log.Info().Msg("Pre-warming worker stopped")
|
|
}
|
|
|
|
// TriggerPrewarm manually triggers a pre-warming cycle
|
|
func (w *Worker) TriggerPrewarm(ctx context.Context) {
|
|
if !w.enabled {
|
|
log.Warn().Msg("Cannot trigger pre-warm: worker is disabled")
|
|
return
|
|
}
|
|
|
|
log.Info().Msg("Manual pre-warming triggered")
|
|
go w.prewarmPopularPackages(ctx)
|
|
}
|
|
|
|
// PrewarmPackage pre-warms a specific package
|
|
func (w *Worker) PrewarmPackage(ctx context.Context, registry, name, version string) error {
|
|
if !w.enabled {
|
|
log.Warn().Msg("Pre-warming worker is disabled")
|
|
return nil
|
|
}
|
|
|
|
pkg := PackageInfo{
|
|
Registry: registry,
|
|
Name: name,
|
|
Version: version,
|
|
Priority: 100,
|
|
}
|
|
|
|
w.prewarmPackage(ctx, pkg, 0)
|
|
return nil
|
|
}
|
|
|
|
// GetStatus returns the current status of the pre-warming worker
|
|
func (w *Worker) GetStatus() map[string]interface{} {
|
|
return map[string]interface{}{
|
|
"enabled": w.enabled,
|
|
"interval": w.interval.String(),
|
|
"max_concurrent": w.maxConcurrent,
|
|
}
|
|
}
|