Kyle Isom
4596ea08ab
The package-level defaultRateLimiter drained its token bucket across all test cases, causing later tests to hit ResourceExhausted. Move rateLimiter from a package-level var to a *grpcRateLimiter field on Server; New() allocates a fresh instance (10 req/s, burst 10) per server. Each test's newTestEnv() constructs its own Server, so tests no longer share limiter state. Production behaviour is unchanged: a single Server is constructed at startup and lives for the process lifetime.
128 lines
3.1 KiB
Go
128 lines
3.1 KiB
Go
package ui
|
|
|
|
import (
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"git.wntrmute.dev/kyle/mcias/internal/db"
|
|
"git.wntrmute.dev/kyle/mcias/internal/model"
|
|
)
|
|
|
|
const auditPageSize = 50
|
|
|
|
// auditEventTypes lists all known event types for the filter dropdown.
|
|
var auditEventTypes = []string{
|
|
model.EventLoginOK,
|
|
model.EventLoginFail,
|
|
model.EventLoginTOTPFail,
|
|
model.EventTokenIssued,
|
|
model.EventTokenRenewed,
|
|
model.EventTokenRevoked,
|
|
model.EventTokenExpired,
|
|
model.EventAccountCreated,
|
|
model.EventAccountUpdated,
|
|
model.EventAccountDeleted,
|
|
model.EventRoleGranted,
|
|
model.EventRoleRevoked,
|
|
model.EventTOTPEnrolled,
|
|
model.EventTOTPRemoved,
|
|
model.EventPGCredAccessed,
|
|
model.EventPGCredUpdated,
|
|
}
|
|
|
|
// handleAuditPage renders the full audit log page with the first page embedded.
|
|
func (u *UIServer) handleAuditPage(w http.ResponseWriter, r *http.Request) {
|
|
csrfToken, err := u.setCSRFCookies(w)
|
|
if err != nil {
|
|
http.Error(w, "internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
data, err := u.buildAuditData(r, 1, csrfToken)
|
|
if err != nil {
|
|
u.renderError(w, r, http.StatusInternalServerError, "failed to load audit log")
|
|
return
|
|
}
|
|
|
|
u.render(w, "audit", data)
|
|
}
|
|
|
|
// handleAuditRows returns only the <tbody> rows fragment for HTMX partial updates.
|
|
func (u *UIServer) handleAuditRows(w http.ResponseWriter, r *http.Request) {
|
|
pageStr := r.URL.Query().Get("page")
|
|
page, _ := strconv.Atoi(pageStr)
|
|
if page < 1 {
|
|
page = 1
|
|
}
|
|
|
|
data, err := u.buildAuditData(r, page, "")
|
|
if err != nil {
|
|
u.renderError(w, r, http.StatusInternalServerError, "failed to load audit log")
|
|
return
|
|
}
|
|
|
|
u.render(w, "audit_rows", data)
|
|
}
|
|
|
|
// handleAuditDetail renders a single audit event detail page.
|
|
func (u *UIServer) handleAuditDetail(w http.ResponseWriter, r *http.Request) {
|
|
csrfToken, err := u.setCSRFCookies(w)
|
|
if err != nil {
|
|
http.Error(w, "internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
idStr := r.PathValue("id")
|
|
id, err := strconv.ParseInt(idStr, 10, 64)
|
|
if err != nil {
|
|
u.renderError(w, r, http.StatusBadRequest, "invalid event ID")
|
|
return
|
|
}
|
|
|
|
event, err := u.db.GetAuditEventByID(id)
|
|
if err != nil {
|
|
u.renderError(w, r, http.StatusNotFound, "event not found")
|
|
return
|
|
}
|
|
|
|
u.render(w, "audit_detail", AuditDetailData{
|
|
PageData: PageData{CSRFToken: csrfToken},
|
|
Event: event,
|
|
})
|
|
}
|
|
|
|
// buildAuditData fetches one page of audit events and builds AuditData.
|
|
func (u *UIServer) buildAuditData(r *http.Request, page int, csrfToken string) (AuditData, error) {
|
|
filterType := r.URL.Query().Get("event_type")
|
|
offset := (page - 1) * auditPageSize
|
|
|
|
params := db.AuditQueryParams{
|
|
Limit: auditPageSize,
|
|
Offset: offset,
|
|
EventType: filterType,
|
|
}
|
|
|
|
events, total, err := u.db.ListAuditEventsPaged(params)
|
|
if err != nil {
|
|
return AuditData{}, err
|
|
}
|
|
|
|
totalPages := int(total) / auditPageSize
|
|
if int(total)%auditPageSize != 0 {
|
|
totalPages++
|
|
}
|
|
if totalPages < 1 {
|
|
totalPages = 1
|
|
}
|
|
|
|
return AuditData{
|
|
PageData: PageData{CSRFToken: csrfToken},
|
|
Events: events,
|
|
EventTypes: auditEventTypes,
|
|
FilterType: filterType,
|
|
Total: total,
|
|
Page: page,
|
|
TotalPages: totalPages,
|
|
}, nil
|
|
}
|