tenseleyflow/shithub / df90732

+// S02 ships the full chi-routed surface plus error pages. Each future

+// sprint adds its own routes via this package.

+	"github.com/go-chi/chi/v5"

+

+	"github.com/tenseleyFlow/shithub/internal/auth/session"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+	Logger       *slog.Logger

+	TemplatesFS  fs.FS

+	StaticFS     fs.FS

+	LogoSVG      string

+	SessionStore session.Store

+// panicHandler implements middleware.PanicHandler. The recover middleware

+// invokes it when a downstream handler panics; we render the styled 500

+// page through the registered renderer.

+type panicHandler struct {

+	render *render.Renderer

+}

+

+func (h *panicHandler) HandlePanic(w http.ResponseWriter, r *http.Request, _ string, _ any) {

+	h.render.HTTPError(w, r, http.StatusInternalServerError, "")

+}

+

+// RegisterChi wires every S02 route into r. Returns the chi.Router (for

+// further wiring), a panic handler that the caller installs in the

+// recover middleware, and a NotFound handler for the catch-all.

+func RegisterChi(r *chi.Mux, deps Deps) (*chi.Mux, middleware.PanicHandler, http.HandlerFunc, error) {

+		return nil, nil, nil, fmt.Errorf("handlers.RegisterChi: nil Logger")

+		return nil, nil, nil, fmt.Errorf("handlers.RegisterChi: nil TemplatesFS")

+		return nil, nil, nil, fmt.Errorf("handlers.RegisterChi: nil StaticFS")

+	rr, err := render.New(deps.TemplatesFS, render.Options{

+		Octicons: render.BuiltinOcticons(),

+	})

+		return nil, nil, nil, fmt.Errorf("renderer: %w", err)

+	csrf := middleware.CSRF(middleware.CSRFConfig{

+		Secure: false, // S37 enables under TLS

+		FailureHandler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

+			rr.HTTPError(w, r, http.StatusForbidden, "csrf")

+		}),

+	})

+

+	// Static and health endpoints are CSRF-exempt; everything else passes

+	// through the CSRF wrapper for state-changing methods.

+	r.Group(func(r chi.Router) {

+		r.Handle("/static/*", http.StripPrefix("/static/", staticFileServer(deps.StaticFS)))

+		r.Get("/healthz", healthz)

+		r.Handle("/readyz", readinessHandler(deps.ReadyCheck, deps.Logger))

+	})

+	// Application routes — CSRF protected.

+	r.Group(func(r chi.Router) {

+		r.Use(csrf)

+		r.Get("/", helloHandler{render: rr, logoSVG: deps.LogoSVG, logger: deps.Logger}.ServeHTTP)

+		// /internal/panic is a dev affordance: GET it to trigger the

+		// panic-recovery path so an operator can confirm the styled 500

+		// page renders. S35 will gate this behind a dev flag.

+		r.Get("/internal/panic", panicTrigger)

+	})

+

+	notFound := func(w http.ResponseWriter, r *http.Request) {

+		rr.HTTPError(w, r, http.StatusNotFound, r.URL.Path)

+	}

+

+	return r, &panicHandler{render: rr}, notFound, nil

+}

+

+// Register is preserved for the existing test suite that exercises the

+// surface without bringing up the full server. Internally it wraps

+// RegisterChi and mounts the chi router on mux.

+func Register(mux *http.ServeMux, deps Deps) error {

+	r := chi.NewRouter()

+	_, _, notFound, err := RegisterChi(r, deps)

+	if err != nil {

+		return err

+	}

+	r.NotFound(notFound)

+	mux.Handle("/", r)

+

+// panicTrigger panics on demand to exercise the recover middleware.

+func panicTrigger(_ http.ResponseWriter, _ *http.Request) {

+	panic("S02 panic trigger: this is intentional")

+}

+// Package web boots the shithub HTTP server. S02 lights up the full

+// middleware stack (recover, request_id, logging, real-IP, timeout,

+// compress, secure headers, CSRF, session, CORS), the chi router, the

+// session store, and the styled error pages. Every later sprint adds

+// routes via internal/web/handlers.

+	"encoding/base64"

+	"github.com/go-chi/chi/v5"

+	"golang.org/x/crypto/chacha20poly1305"

+

+	"github.com/tenseleyFlow/shithub/internal/auth/session"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+// exit. The full middleware stack is composed here; handlers register their

+// routes via internal/web/handlers.RegisterChi.

+	sessionStore, err := buildSessionStore(logger)

+	if err != nil {

+		return err

+	}

+

+	// Optional DB pool (carried over from S01).

+	r := chi.NewRouter()

+

+	// Middleware stack — outermost first. Recover wraps the whole pipeline

+	// AFTER routes register so its panic handler has a renderer ready.

+	r.Use(middleware.RequestID)

+	r.Use(middleware.RealIP(middleware.RealIPConfig{}))

+	r.Use(middleware.AccessLog(logger))

+	r.Use(middleware.SecureHeaders(middleware.DefaultSecureHeaders()))

+	r.Use(middleware.Compress)

+	r.Use(middleware.Timeout(30 * time.Second))

+	r.Use(middleware.SessionLoader(sessionStore, logger))

+

+		Logger:       logger,

+		TemplatesFS:  TemplatesFS(),

+		StaticFS:     StaticFS(),

+		LogoSVG:      string(logoBytes),

+		SessionStore: sessionStore,

+

+	_, panicHandler, notFoundHandler, err := handlers.RegisterChi(r, deps)

+	if err != nil {

+	r.NotFound(notFoundHandler)

+

+	rootHandler := middleware.Recover(logger, panicHandler)(r)

+		Handler:           rootHandler,

+// buildSessionStore constructs the cookie session store. The key comes from

+// SHITHUB_SESSION_KEY (base64 32-byte). When unset (dev), a random key is

+// generated and the operator is warned — sessions don't survive restart.

+func buildSessionStore(logger *slog.Logger) (session.Store, error) {

+	keyB64 := os.Getenv("SHITHUB_SESSION_KEY")

+	var key []byte

+	if keyB64 != "" {

+		decoded, err := base64.StdEncoding.DecodeString(keyB64)

+		if err != nil {

+			return nil, fmt.Errorf("session key: invalid base64: %w", err)

+		}

+		if len(decoded) != chacha20poly1305.KeySize {

+			return nil, fmt.Errorf("session key: must be %d bytes, got %d",

+				chacha20poly1305.KeySize, len(decoded))

+		}

+		key = decoded

+	} else {

+		generated, err := session.GenerateKey()

+		if err != nil {

+			return nil, fmt.Errorf("session key: generate: %w", err)

+		}

+		key = generated

+		logger.Warn(

+			"session: SHITHUB_SESSION_KEY not set; generated an ephemeral key (sessions will not survive restart)",

+			"hint", "set SHITHUB_SESSION_KEY=<base64 32-byte key> in production",

+		)

+	}

+	store, err := session.NewCookieStore(session.CookieStoreConfig{

+		Key:    key,

+		Secure: false, // S37 deploy enables this under TLS

+	})

+	if err != nil {

+		return nil, fmt.Errorf("session: build store: %w", err)

+	}

+	return store, nil

+}

+

+// pgxpoolHandle adapts *pgxpool.Pool's lifecycle to the small interface

+// /readyz needs. Defined here (not in the db package) so internal/web stays

+// the boundary that owns runtime wiring.