H1K0
98de298e5b
Opening an original by URL (?access_token=) baked in the 15-minute access token, so a long video opened in a new tab stopped streaming once that token expired mid-playback: the access token can't be refreshed in an already-opened tab, and its next Range request 401'd. Add a content token: a signed, single-file capability (typ=content, fid claim) with its own longer TTL (CONTENT_TOKEN_TTL, default 6h) and — crucially — no session id, so it survives refresh rotation and outlives the short access TTL. POST /files/:id/content-token mints one after the same view-ACL check content serving does; GET /files/:id/content now runs under content-aware auth that accepts either a normal access token or a content token scoped to that file. View permission is still enforced against the token's user, so the token only changes when a file may be read by URL, never which files. It's a bearer capability for that one file until expiry, hence the bounded, configurable TTL. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
145 lines
4.0 KiB
Go
145 lines
4.0 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"log/slog"
|
|
"net/http"
|
|
"os"
|
|
"time"
|
|
|
|
"github.com/jackc/pgx/v5/stdlib"
|
|
"github.com/pressly/goose/v3"
|
|
|
|
"tanabata/backend/internal/config"
|
|
"tanabata/backend/internal/db/postgres"
|
|
"tanabata/backend/internal/handler"
|
|
"tanabata/backend/internal/service"
|
|
"tanabata/backend/internal/storage"
|
|
"tanabata/backend/migrations"
|
|
)
|
|
|
|
func main() {
|
|
cfg, err := config.Load()
|
|
if err != nil {
|
|
slog.Error("failed to load config", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
pool, err := postgres.NewPool(context.Background(), cfg.DatabaseURL)
|
|
if err != nil {
|
|
slog.Error("failed to connect to database", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
defer pool.Close()
|
|
slog.Info("database connected")
|
|
|
|
migDB := stdlib.OpenDBFromPool(pool)
|
|
goose.SetBaseFS(migrations.FS)
|
|
if err := goose.SetDialect("postgres"); err != nil {
|
|
slog.Error("goose dialect error", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
if err := goose.Up(migDB, "."); err != nil {
|
|
slog.Error("migrations failed", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
migDB.Close()
|
|
slog.Info("migrations applied")
|
|
|
|
// Storage
|
|
diskStorage, err := storage.NewDiskStorage(
|
|
cfg.FilesPath,
|
|
cfg.ThumbsCachePath,
|
|
cfg.ThumbWidth, cfg.ThumbHeight,
|
|
cfg.PreviewWidth, cfg.PreviewHeight,
|
|
cfg.ThumbMaxPixels, cfg.ThumbConcurrency,
|
|
)
|
|
if err != nil {
|
|
slog.Error("failed to initialise storage", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
// Repositories
|
|
userRepo := postgres.NewUserRepo(pool)
|
|
sessionRepo := postgres.NewSessionRepo(pool)
|
|
fileRepo := postgres.NewFileRepo(pool)
|
|
mimeRepo := postgres.NewMimeRepo(pool)
|
|
aclRepo := postgres.NewACLRepo(pool)
|
|
auditRepo := postgres.NewAuditRepo(pool)
|
|
tagRepo := postgres.NewTagRepo(pool)
|
|
tagRuleRepo := postgres.NewTagRuleRepo(pool)
|
|
categoryRepo := postgres.NewCategoryRepo(pool)
|
|
poolRepo := postgres.NewPoolRepo(pool)
|
|
transactor := postgres.NewTransactor(pool)
|
|
|
|
// Services
|
|
authSvc := service.NewAuthService(
|
|
userRepo,
|
|
sessionRepo,
|
|
cfg.JWTSecret,
|
|
cfg.JWTAccessTTL,
|
|
cfg.JWTRefreshTTL,
|
|
cfg.ContentTokenTTL,
|
|
)
|
|
aclSvc := service.NewACLService(aclRepo, fileRepo, tagRepo, categoryRepo, poolRepo, transactor)
|
|
auditSvc := service.NewAuditService(auditRepo)
|
|
tagSvc := service.NewTagService(tagRepo, tagRuleRepo, aclSvc, auditSvc, transactor)
|
|
categorySvc := service.NewCategoryService(categoryRepo, tagRepo, aclSvc, auditSvc)
|
|
poolSvc := service.NewPoolService(poolRepo, aclSvc, auditSvc)
|
|
fileSvc := service.NewFileService(
|
|
fileRepo,
|
|
mimeRepo,
|
|
diskStorage,
|
|
aclSvc,
|
|
auditSvc,
|
|
tagSvc,
|
|
transactor,
|
|
cfg.ImportPath,
|
|
)
|
|
userSvc := service.NewUserService(userRepo, sessionRepo, auditSvc)
|
|
|
|
// Bootstrap the initial administrator (idempotent).
|
|
if err := userSvc.EnsureAdmin(context.Background(), cfg.AdminUsername, cfg.AdminPassword); err != nil {
|
|
slog.Error("failed to bootstrap admin user", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
// Handlers
|
|
authMiddleware := handler.NewAuthMiddleware(authSvc)
|
|
authHandler := handler.NewAuthHandler(authSvc)
|
|
fileHandler := handler.NewFileHandler(fileSvc, tagSvc, authSvc, cfg.MaxUploadBytes)
|
|
tagHandler := handler.NewTagHandler(tagSvc, fileSvc)
|
|
categoryHandler := handler.NewCategoryHandler(categorySvc)
|
|
poolHandler := handler.NewPoolHandler(poolSvc)
|
|
userHandler := handler.NewUserHandler(userSvc)
|
|
aclHandler := handler.NewACLHandler(aclSvc)
|
|
auditHandler := handler.NewAuditHandler(auditSvc)
|
|
|
|
r, err := handler.NewRouter(
|
|
authMiddleware, authHandler,
|
|
fileHandler, tagHandler, categoryHandler, poolHandler,
|
|
userHandler, aclHandler, auditHandler,
|
|
cfg.StaticDir,
|
|
cfg.TrustedProxies,
|
|
)
|
|
if err != nil {
|
|
slog.Error("building router", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
// ReadHeaderTimeout bounds slow-header (Slowloris) attacks; body read/write
|
|
// are left unbounded so large file uploads and downloads can stream.
|
|
srv := &http.Server{
|
|
Addr: cfg.ListenAddr,
|
|
Handler: r,
|
|
ReadHeaderTimeout: 10 * time.Second,
|
|
IdleTimeout: 120 * time.Second,
|
|
}
|
|
|
|
slog.Info("starting server", "addr", cfg.ListenAddr)
|
|
if err := srv.ListenAndServe(); err != nil {
|
|
slog.Error("server error", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
}
|