`653dfcb`

Plumb config + observability into web server (logger from config, /metrics route, panic counter, error report from recover)

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 6 days ago

SHA: 653dfcb935cfdeb0d6e2f74f8ad1d888e533665d
Parents: 40877b4
Tree: c1c4701

3 changed files

Status	File	+	-
M	`internal/web/handlers/handlers.go`	6	0
M	`internal/web/middleware/recover.go`	5	0
M	`internal/web/server.go`	98	55

internal/web/handlers/handlers.gomodified

  	// ReadyCheck is optionally invoked by /readyz. Returning a non-nil
  	// error makes /readyz report 503. If nil, /readyz always reports ready.
  	ReadyCheck func(context.Context) error
 +	// MetricsHandler, when non-nil, is mounted at /metrics. Caller is
 +	// responsible for any access control (e.g. HTTP Basic auth wrapping).
 +	MetricsHandler http.Handler
+ }
  // panicHandler implements middleware.PanicHandler. The recover middleware
  		r.Handle("/static/*", http.StripPrefix("/static/", staticFileServer(deps.StaticFS)))
  		r.Get("/healthz", healthz)
  		r.Handle("/readyz", readinessHandler(deps.ReadyCheck, deps.Logger))
 +		if deps.MetricsHandler != nil {
 +			r.Handle("/metrics", deps.MetricsHandler)
 +		}
  	})
  	// Application routes — CSRF protected.

internal/web/middleware/recover.gomodified

  	"log/slog"
  	"net/http"
  	"runtime/debug"
++
 +	"github.com/tenseleyFlow/shithub/internal/infra/errrep"
 +	"github.com/tenseleyFlow/shithub/internal/infra/metrics"
+ )
  // PanicHandler renders a styled error response when the request handler
  					if rec == http.ErrAbortHandler {
  						panic(rec)
+ 					}
 +					metrics.PanicsTotal.Inc()
  					reqID := RequestIDFromContext(r.Context())
  					if logger != nil {
  						logger.ErrorContext(
  							slog.String("stack", string(debug.Stack())),
+ 						)
+ 					}
 +					errrep.CapturePanic(rec, reqID)
  					if handler != nil {
  						handler.HandlePanic(w, r, reqID, rec)
  						return

internal/web/server.gomodified

  // SPDX-License-Identifier: AGPL-3.0-or-later
 -// Package web boots the shithub HTTP server. S02 lights up the full
 -// middleware stack (recover, request_id, logging, real-IP, timeout,
 -// compress, secure headers, CSRF, session, CORS), the chi router, the
 -// session store, and the styled error pages. Every later sprint adds
 -// routes via internal/web/handlers.
 +// Package web boots the shithub HTTP server. The full middleware stack
 +// (recover, request_id, logging, real-IP, timeout, compress, secure
 +// headers, CSRF, session, CORS, metrics, tracing), the chi router, the
 +// session store, the styled error pages, and the observability sinks
 +// (logging, metrics, tracing, error reporting) are composed here.
  package web
  import (
  	"time"
  	"github.com/go-chi/chi/v5"
 +	"github.com/jackc/pgx/v5/pgxpool"
  	"golang.org/x/crypto/chacha20poly1305"
  	"github.com/tenseleyFlow/shithub/internal/auth/session"
 +	"github.com/tenseleyFlow/shithub/internal/infra/config"
  	"github.com/tenseleyFlow/shithub/internal/infra/db"
 +	"github.com/tenseleyFlow/shithub/internal/infra/errrep"
 +	infralog "github.com/tenseleyFlow/shithub/internal/infra/log"
 +	"github.com/tenseleyFlow/shithub/internal/infra/metrics"
 +	"github.com/tenseleyFlow/shithub/internal/infra/tracing"
  	"github.com/tenseleyFlow/shithub/internal/web/handlers"
  	"github.com/tenseleyFlow/shithub/internal/web/middleware"
+ )
 -// Options configures the web server.
 +// Options configures the web server. Addr overrides config when non-empty
 +// (preserves the existing --addr CLI flag behavior).
  type Options struct {
  	Addr string
+ }
  // Run boots the web server and blocks until shutdown.
 -//
 -// It listens for SIGINT/SIGTERM and gracefully drains in-flight requests on
 -// exit. The full middleware stack is composed here; handlers register their
 -// routes via internal/web/handlers.RegisterChi.
  func Run(ctx context.Context, opts Options) error {
 -	if opts.Addr == "" {
 -		opts.Addr = ":8080"
 +	cfg, err := config.Load(nil)
 +	if err != nil {
 +		return err
 +	}
 +	if opts.Addr != "" {
 +		cfg.Web.Addr = opts.Addr
+ 	}
 -	logger := slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
 -		Level: slog.LevelInfo,
 -	}))
 +	logger := infralog.New(infralog.Options{
 +		Level:  cfg.Log.Level,
 +		Format: cfg.Log.Format,
 +		Writer: os.Stderr,
 +	})
++
 +	// Error reporting (no-op when DSN empty).
 +	flushErrRep, err := errrep.Init(errrep.Config{
 +		DSN:         cfg.ErrorReporting.DSN,
 +		Environment: cfg.ErrorReporting.Environment,
 +		Release:     cfg.ErrorReporting.Release,
 +	})
 +	if err != nil {
 +		return fmt.Errorf("errrep: %w", err)
 +	}
 +	defer func() { _ = flushErrRep(context.Background()) }()
 +	if cfg.ErrorReporting.DSN != "" {
 +		// Wrap the slog handler so error-level records are reported.
 +		// We rebuild the logger so every component that pulls it from
 +		// here gets the wrapped chain.
 +		logger = slog.New(&errrep.SlogHandler{Inner: logger.Handler()})
 +	}
++
 +	// Tracing (no-op when disabled).
 +	flushTracing, err := tracing.Init(ctx, tracing.Config{
 +		Enabled:     cfg.Tracing.Enabled,
 +		Endpoint:    cfg.Tracing.Endpoint,
 +		SampleRate:  cfg.Tracing.SampleRate,
 +		ServiceName: cfg.Tracing.ServiceName,
 +	})
 +	if err != nil {
 +		return fmt.Errorf("tracing: %w", err)
 +	}
 +	defer func() { _ = flushTracing(context.Background()) }()
  	logoBytes, err := LogoSVG()
  	if err != nil {
  		return fmt.Errorf("load logo: %w", err)
+ 	}
 -	sessionStore, err := buildSessionStore(logger)
 +	sessionStore, err := buildSessionStore(cfg.Session, logger)
  	if err != nil {
  		return err
+ 	}
 -	// Optional DB pool (carried over from S01).
 -	var pool *pgxpoolHandle
 -	if cfg := db.Defaults().Resolve(); cfg.URL != "" {
 -		p, err := db.Open(ctx, cfg)
 +	// Optional DB pool (carried over from S01); now driven by config.
 +	var pool *pgxpool.Pool
 +	if cfg.DB.URL != "" {
 +		//nolint:gosec // G115: max_conns is operator-configured with small numeric values (typ. 10–100).
 +		p, err := db.Open(ctx, db.Config{
 +			URL:            cfg.DB.URL,
 +			MaxConns:       int32(cfg.DB.MaxConns),
 +			MinConns:       int32(cfg.DB.MinConns),
 +			ConnectTimeout: cfg.DB.ConnectTimeout,
 +		})
  		if err != nil {
  			logger.Warn("db: open failed; /readyz will report unhealthy", "error", err)
  		} else {
 -			pool = &pgxpoolHandle{p: p}
 +			pool = p
  			defer p.Close()
 +			metrics.ObserveDBPool(ctx, pool, 10*time.Second)
+ 		}
+ 	}
  	r := chi.NewRouter()
 -	// Middleware stack — outermost first. Recover wraps the whole pipeline
 -	// AFTER routes register so its panic handler has a renderer ready.
 +	// Middleware stack — outermost first.
  	r.Use(middleware.RequestID)
  	r.Use(middleware.RealIP(middleware.RealIPConfig{}))
  	r.Use(middleware.AccessLog(logger))
 +	r.Use(middleware.Metrics)
 +	if cfg.Tracing.Enabled {
 +		r.Use(tracing.Middleware)
 +	}
  	r.Use(middleware.SecureHeaders(middleware.DefaultSecureHeaders()))
  	r.Use(middleware.Compress)
  	r.Use(middleware.Timeout(30 * time.Second))
  		SessionStore: sessionStore,
+ 	}
  	if pool != nil {
 -		deps.ReadyCheck = pool.healthcheck
 +		deps.ReadyCheck = func(ctx context.Context) error { return pool.Ping(ctx) }
 +	}
 +	if cfg.Metrics.Enabled {
 +		deps.MetricsHandler = metrics.Handler(cfg.Metrics.BasicAuthUser, cfg.Metrics.BasicAuthPass)
+ 	}
  	_, panicHandler, notFoundHandler, err := handlers.RegisterChi(r, deps)
  	rootHandler := middleware.Recover(logger, panicHandler)(r)
  	srv := &http.Server{
 -		Addr:              opts.Addr,
 +		Addr:              cfg.Web.Addr,
  		Handler:           rootHandler,
  		ReadHeaderTimeout: 10 * time.Second,
 -		ReadTimeout:       30 * time.Second,
 -		WriteTimeout:      30 * time.Second,
 +		ReadTimeout:       cfg.Web.ReadTimeout,
 +		WriteTimeout:      cfg.Web.WriteTimeout,
  		IdleTimeout:       120 * time.Second,
+ 	}
  	errCh := make(chan error, 1)
  	go func() {
 -		logger.Info("shithub web server starting", "addr", opts.Addr)
 +		logger.Info(
 +			"shithub web server starting",
 +			"addr", srv.Addr,
 +			"env", cfg.Env,
 +			"db", pool != nil,
 +			"metrics", cfg.Metrics.Enabled,
 +			"tracing", cfg.Tracing.Enabled,
 +			"errrep", cfg.ErrorReporting.DSN != "",
 +		)
  		if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
  			errCh <- err
+ 		}
  		logger.Info("context canceled, shutting down")
+ 	}
 -	shutdownCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 +	shutdownCtx, cancel := context.WithTimeout(context.Background(), cfg.Web.ShutdownTimeout)
  	defer cancel()
  	if err := srv.Shutdown(shutdownCtx); err != nil {
  		return fmt.Errorf("shutdown: %w", err)
  	return nil
+ }
 -// buildSessionStore constructs the cookie session store. The key comes from
 -// SHITHUB_SESSION_KEY (base64 32-byte). When unset (dev), a random key is
 -// generated and the operator is warned — sessions don't survive restart.
 -func buildSessionStore(logger *slog.Logger) (session.Store, error) {
 +// buildSessionStore constructs the cookie session store from the config's
 +// session block. SHITHUB_SESSION_KEY (env) overrides cfg.KeyB64 when set.
 +func buildSessionStore(cfg config.SessionConfig, logger *slog.Logger) (session.Store, error) {
  	keyB64 := os.Getenv("SHITHUB_SESSION_KEY")
 +	if keyB64 == "" {
 +		keyB64 = cfg.KeyB64
 +	}
  	var key []byte
  	if keyB64 != "" {
  		decoded, err := base64.StdEncoding.DecodeString(keyB64)
+ 		}
  		key = generated
  		logger.Warn(
 -			"session: SHITHUB_SESSION_KEY not set; generated an ephemeral key (sessions will not survive restart)",
 -			"hint", "set SHITHUB_SESSION_KEY=<base64 32-byte key> in production",
 +			"session: no key configured; generated an ephemeral key (sessions will not survive restart)",
 +			"hint", "set SHITHUB_SESSION_KEY=<base64 32-byte> or session.key_b64 in production",
+ 		)
+ 	}
  	store, err := session.NewCookieStore(session.CookieStoreConfig{
  		Key:    key,
 -		Secure: false, // S37 deploy enables this under TLS
 +		MaxAge: cfg.MaxAge,
 +		Secure: cfg.Secure,
  	})
  	if err != nil {
  		return nil, fmt.Errorf("session: build store: %w", err)
+ 	}
  	return store, nil
+ }
+-
 -// pgxpoolHandle adapts *pgxpool.Pool's lifecycle to the small interface
 -// /readyz needs. Defined here (not in the db package) so internal/web stays
 -// the boundary that owns runtime wiring.
 -type pgxpoolHandle struct {
 -	p interface {
 -		Close()
 -	}
 -}
+-
 -func (h *pgxpoolHandle) healthcheck(ctx context.Context) error {
 -	type pinger interface {
 -		Ping(context.Context) error
 -	}
 -	if p, ok := h.p.(pinger); ok {
 -		return p.Ping(ctx)
 -	}
 -	return nil
 -}