Kyle Isom
052d3ed1b8
- internal/ui/ui.go: add PGCred, Tags to AccountDetailData; register
PUT /accounts/{id}/pgcreds and PUT /accounts/{id}/tags routes; add
pgcreds_form.html and tags_editor.html to shared template set; remove
unused AccountTagsData; fix fieldalignment on PolicyRuleView, PoliciesData
- internal/ui/handlers_accounts.go: add handleSetPGCreds — encrypts
password via crypto.SealAESGCM, writes audit EventPGCredUpdated, renders
pgcreds_form fragment; password never echoed; load PG creds and tags in
handleAccountDetail
- internal/ui/handlers_policy.go: fix handleSetAccountTags to render with
AccountDetailData instead of removed AccountTagsData
- internal/ui/ui_test.go: add 5 PG credential UI tests
- web/templates/fragments/pgcreds_form.html: new fragment — metadata display
+ set/replace form; system accounts only; password write-only
- web/templates/fragments/tags_editor.html: new fragment — textarea editor
with HTMX PUT for atomic tag replacement
- web/templates/fragments/policy_form.html: rewrite to use structured fields
matching handleCreatePolicyRule (roles/account_types/actions multi-select,
resource_type, subject_uuid, service_names, required_tags, checkbox)
- web/templates/policies.html: new policies management page
- web/templates/fragments/policy_row.html: new HTMX table row with toggle
and delete
- web/templates/account_detail.html: add Tags card and PG Credentials card
- web/templates/base.html: add Policies nav link
- internal/server/server.go: remove ~220 lines of duplicate tag/policy
handler code (real implementations are in handlers_policy.go)
- internal/policy/engine_wrapper.go: fix corrupted source; use errors.New
- internal/db/policy_test.go: use model.AccountTypeHuman constant
- cmd/mciasctl/main.go: add nolint:gosec to int(os.Stdin.Fd()) calls
- gofmt/goimports: db/policy_test.go, policy/defaults.go,
policy/engine_test.go, ui/ui.go, cmd/mciasctl/main.go
- fieldalignment: model.PolicyRuleRecord, policy.Engine, policy.Rule,
policy.RuleBody, ui.PolicyRuleView
Security: PG password encrypted AES-256-GCM with fresh random nonce before
storage; plaintext never logged or returned in any response; audit event
written on every credential write.
325 lines
9.1 KiB
Go
325 lines
9.1 KiB
Go
package server
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"git.wntrmute.dev/kyle/mcias/internal/db"
|
|
"git.wntrmute.dev/kyle/mcias/internal/middleware"
|
|
"git.wntrmute.dev/kyle/mcias/internal/model"
|
|
"git.wntrmute.dev/kyle/mcias/internal/policy"
|
|
)
|
|
|
|
// ---- Tag endpoints ----
|
|
|
|
type tagsResponse struct {
|
|
Tags []string `json:"tags"`
|
|
}
|
|
|
|
func (s *Server) handleGetTags(w http.ResponseWriter, r *http.Request) {
|
|
acct, ok := s.loadAccount(w, r)
|
|
if !ok {
|
|
return
|
|
}
|
|
tags, err := s.db.GetAccountTags(acct.ID)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
if tags == nil {
|
|
tags = []string{}
|
|
}
|
|
writeJSON(w, http.StatusOK, tagsResponse{Tags: tags})
|
|
}
|
|
|
|
type setTagsRequest struct {
|
|
Tags []string `json:"tags"`
|
|
}
|
|
|
|
func (s *Server) handleSetTags(w http.ResponseWriter, r *http.Request) {
|
|
acct, ok := s.loadAccount(w, r)
|
|
if !ok {
|
|
return
|
|
}
|
|
var req setTagsRequest
|
|
if !decodeJSON(w, r, &req) {
|
|
return
|
|
}
|
|
|
|
// Validate tags: each must be non-empty.
|
|
for _, tag := range req.Tags {
|
|
if tag == "" {
|
|
middleware.WriteError(w, http.StatusBadRequest, "tag values must not be empty", "bad_request")
|
|
return
|
|
}
|
|
}
|
|
|
|
if err := s.db.SetAccountTags(acct.ID, req.Tags); err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
|
|
// Determine actor for audit log.
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
var actorID *int64
|
|
if claims != nil {
|
|
if actor, err := s.db.GetAccountByUUID(claims.Subject); err == nil {
|
|
actorID = &actor.ID
|
|
}
|
|
}
|
|
|
|
s.writeAudit(r, model.EventTagAdded, actorID, &acct.ID,
|
|
fmt.Sprintf(`{"account":%q,"tags":%s}`, acct.UUID, marshalStringSlice(req.Tags)))
|
|
|
|
tags, err := s.db.GetAccountTags(acct.ID)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
if tags == nil {
|
|
tags = []string{}
|
|
}
|
|
writeJSON(w, http.StatusOK, tagsResponse{Tags: tags})
|
|
}
|
|
|
|
// ---- Policy rule endpoints ----
|
|
|
|
type policyRuleResponse struct {
|
|
CreatedAt string `json:"created_at"`
|
|
UpdatedAt string `json:"updated_at"`
|
|
Description string `json:"description"`
|
|
RuleBody policy.RuleBody `json:"rule"`
|
|
ID int64 `json:"id"`
|
|
Priority int `json:"priority"`
|
|
Enabled bool `json:"enabled"`
|
|
}
|
|
|
|
func policyRuleToResponse(rec *model.PolicyRuleRecord) (policyRuleResponse, error) {
|
|
var body policy.RuleBody
|
|
if err := json.Unmarshal([]byte(rec.RuleJSON), &body); err != nil {
|
|
return policyRuleResponse{}, fmt.Errorf("decode rule body: %w", err)
|
|
}
|
|
return policyRuleResponse{
|
|
ID: rec.ID,
|
|
Priority: rec.Priority,
|
|
Description: rec.Description,
|
|
RuleBody: body,
|
|
Enabled: rec.Enabled,
|
|
CreatedAt: rec.CreatedAt.Format("2006-01-02T15:04:05Z"),
|
|
UpdatedAt: rec.UpdatedAt.Format("2006-01-02T15:04:05Z"),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) handleListPolicyRules(w http.ResponseWriter, _ *http.Request) {
|
|
rules, err := s.db.ListPolicyRules(false)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
resp := make([]policyRuleResponse, 0, len(rules))
|
|
for _, r := range rules {
|
|
rv, err := policyRuleToResponse(r)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
resp = append(resp, rv)
|
|
}
|
|
writeJSON(w, http.StatusOK, resp)
|
|
}
|
|
|
|
type createPolicyRuleRequest struct {
|
|
Description string `json:"description"`
|
|
Rule policy.RuleBody `json:"rule"`
|
|
Priority int `json:"priority"`
|
|
}
|
|
|
|
func (s *Server) handleCreatePolicyRule(w http.ResponseWriter, r *http.Request) {
|
|
var req createPolicyRuleRequest
|
|
if !decodeJSON(w, r, &req) {
|
|
return
|
|
}
|
|
|
|
if req.Description == "" {
|
|
middleware.WriteError(w, http.StatusBadRequest, "description is required", "bad_request")
|
|
return
|
|
}
|
|
if req.Rule.Effect != policy.Allow && req.Rule.Effect != policy.Deny {
|
|
middleware.WriteError(w, http.StatusBadRequest, "rule.effect must be 'allow' or 'deny'", "bad_request")
|
|
return
|
|
}
|
|
|
|
priority := req.Priority
|
|
if priority == 0 {
|
|
priority = 100 // default
|
|
}
|
|
|
|
ruleJSON, err := json.Marshal(req.Rule)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
var createdBy *int64
|
|
if claims != nil {
|
|
if actor, err := s.db.GetAccountByUUID(claims.Subject); err == nil {
|
|
createdBy = &actor.ID
|
|
}
|
|
}
|
|
|
|
rec, err := s.db.CreatePolicyRule(req.Description, priority, string(ruleJSON), createdBy)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
|
|
s.writeAudit(r, model.EventPolicyRuleCreated, createdBy, nil,
|
|
fmt.Sprintf(`{"rule_id":%d,"description":%q}`, rec.ID, rec.Description))
|
|
|
|
rv, err := policyRuleToResponse(rec)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusCreated, rv)
|
|
}
|
|
|
|
func (s *Server) handleGetPolicyRule(w http.ResponseWriter, r *http.Request) {
|
|
rec, ok := s.loadPolicyRule(w, r)
|
|
if !ok {
|
|
return
|
|
}
|
|
rv, err := policyRuleToResponse(rec)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusOK, rv)
|
|
}
|
|
|
|
type updatePolicyRuleRequest struct {
|
|
Description *string `json:"description,omitempty"`
|
|
Rule *policy.RuleBody `json:"rule,omitempty"`
|
|
Priority *int `json:"priority,omitempty"`
|
|
Enabled *bool `json:"enabled,omitempty"`
|
|
}
|
|
|
|
func (s *Server) handleUpdatePolicyRule(w http.ResponseWriter, r *http.Request) {
|
|
rec, ok := s.loadPolicyRule(w, r)
|
|
if !ok {
|
|
return
|
|
}
|
|
var req updatePolicyRuleRequest
|
|
if !decodeJSON(w, r, &req) {
|
|
return
|
|
}
|
|
|
|
// Validate effect if rule body is being updated.
|
|
var ruleJSON *string
|
|
if req.Rule != nil {
|
|
if req.Rule.Effect != policy.Allow && req.Rule.Effect != policy.Deny {
|
|
middleware.WriteError(w, http.StatusBadRequest, "rule.effect must be 'allow' or 'deny'", "bad_request")
|
|
return
|
|
}
|
|
b, err := json.Marshal(req.Rule)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
s := string(b)
|
|
ruleJSON = &s
|
|
}
|
|
|
|
if err := s.db.UpdatePolicyRule(rec.ID, req.Description, req.Priority, ruleJSON); err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
|
|
if req.Enabled != nil {
|
|
if err := s.db.SetPolicyRuleEnabled(rec.ID, *req.Enabled); err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
}
|
|
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
var actorID *int64
|
|
if claims != nil {
|
|
if actor, err := s.db.GetAccountByUUID(claims.Subject); err == nil {
|
|
actorID = &actor.ID
|
|
}
|
|
}
|
|
s.writeAudit(r, model.EventPolicyRuleUpdated, actorID, nil,
|
|
fmt.Sprintf(`{"rule_id":%d}`, rec.ID))
|
|
|
|
updated, err := s.db.GetPolicyRule(rec.ID)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
rv, err := policyRuleToResponse(updated)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusOK, rv)
|
|
}
|
|
|
|
func (s *Server) handleDeletePolicyRule(w http.ResponseWriter, r *http.Request) {
|
|
rec, ok := s.loadPolicyRule(w, r)
|
|
if !ok {
|
|
return
|
|
}
|
|
if err := s.db.DeletePolicyRule(rec.ID); err != nil {
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return
|
|
}
|
|
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
var actorID *int64
|
|
if claims != nil {
|
|
if actor, err := s.db.GetAccountByUUID(claims.Subject); err == nil {
|
|
actorID = &actor.ID
|
|
}
|
|
}
|
|
s.writeAudit(r, model.EventPolicyRuleDeleted, actorID, nil,
|
|
fmt.Sprintf(`{"rule_id":%d,"description":%q}`, rec.ID, rec.Description))
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
// loadPolicyRule retrieves a policy rule by the {id} path parameter.
|
|
func (s *Server) loadPolicyRule(w http.ResponseWriter, r *http.Request) (*model.PolicyRuleRecord, bool) {
|
|
idStr := r.PathValue("id")
|
|
if idStr == "" {
|
|
middleware.WriteError(w, http.StatusBadRequest, "rule id is required", "bad_request")
|
|
return nil, false
|
|
}
|
|
id, err := strconv.ParseInt(idStr, 10, 64)
|
|
if err != nil {
|
|
middleware.WriteError(w, http.StatusBadRequest, "rule id must be an integer", "bad_request")
|
|
return nil, false
|
|
}
|
|
rec, err := s.db.GetPolicyRule(id)
|
|
if err != nil {
|
|
if errors.Is(err, db.ErrNotFound) {
|
|
middleware.WriteError(w, http.StatusNotFound, "policy rule not found", "not_found")
|
|
return nil, false
|
|
}
|
|
middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
|
|
return nil, false
|
|
}
|
|
return rec, true
|
|
}
|
|
|
|
// marshalStringSlice encodes a string slice as a compact JSON array.
|
|
// Used for audit log details — never includes credential material.
|
|
func marshalStringSlice(ss []string) string {
|
|
b, _ := json.Marshal(ss)
|
|
return string(b)
|
|
}
|