tiny-forge/internal/store/static_sites.go

package store

import (
	"database/sql"
	"errors"
	"fmt"
	"strings"

	"github.com/google/uuid"
)

// staticSiteCols is the column list for static_sites queries.
const staticSiteCols = `id, name, provider, gitea_url, repo_owner, repo_name, branch, folder_path,
	access_token, domain, mode, render_markdown, sync_trigger, tag_pattern,
	container_id, proxy_route_id, status, last_sync_at, last_commit_sha, error,
	storage_enabled, storage_limit_mb,
	webhook_secret, webhook_signing_secret, webhook_require_signature,
	notification_url, notification_secret,
	created_at, updated_at`

// CreateStaticSite inserts a new static site and returns it. A webhook secret
// is generated automatically if one is not already set on the input.
func (s *Store) CreateStaticSite(site StaticSite) (StaticSite, error) {
	site.ID = uuid.New().String()
	site.CreatedAt = Now()
	site.UpdatedAt = site.CreatedAt
	if site.WebhookSecret == "" {
		site.WebhookSecret = generateWebhookSecret()
	} else if len(site.WebhookSecret) < minWebhookSecretLength {
		return StaticSite{}, fmt.Errorf("webhook_secret must be at least %d characters", minWebhookSecretLength)
	}

	_, err := s.db.Exec(
		`INSERT INTO static_sites (`+staticSiteCols+`)
		 VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
		site.ID, site.Name, site.Provider, site.GiteaURL, site.RepoOwner, site.RepoName,
		site.Branch, site.FolderPath, site.AccessToken, site.Domain, site.Mode,
		BoolToInt(site.RenderMarkdown), site.SyncTrigger, site.TagPattern,
		site.ContainerID, site.ProxyRouteID, site.Status, site.LastSyncAt,
		site.LastCommitSHA, site.Error, BoolToInt(site.StorageEnabled), site.StorageLimitMB,
		site.WebhookSecret, site.WebhookSigningSecret, BoolToInt(site.WebhookRequireSignature),
		site.NotificationURL, site.NotificationSecret,
		site.CreatedAt, site.UpdatedAt,
	)
	if err != nil {
		return StaticSite{}, fmt.Errorf("insert static site: %w", err)
	}
	if err := s.SyncStaticSiteWorkload(site); err != nil {
		return StaticSite{}, fmt.Errorf("sync static site workload: %w", err)
	}
	return site, nil
}

// GetStaticSiteByID returns a single static site by its ID.
func (s *Store) GetStaticSiteByID(id string) (StaticSite, error) {
	site, err := scanStaticSiteRow(s.db.QueryRow(
		`SELECT `+staticSiteCols+` FROM static_sites WHERE id = ?`, id,
	))
	if errors.Is(err, sql.ErrNoRows) {
		return StaticSite{}, fmt.Errorf("static site %s: %w", id, ErrNotFound)
	}
	if err != nil {
		return StaticSite{}, fmt.Errorf("query static site: %w", err)
	}
	return site, nil
}

// GetAllStaticSites returns every static site ordered by name.
func (s *Store) GetAllStaticSites() ([]StaticSite, error) {
	rows, err := s.db.Query(
		`SELECT ` + staticSiteCols + ` FROM static_sites ORDER BY name`,
	)
	if err != nil {
		return nil, fmt.Errorf("query static sites: %w", err)
	}
	defer rows.Close()

	sites := []StaticSite{}
	for rows.Next() {
		site, err := scanStaticSiteRows(rows)
		if err != nil {
			return nil, err
		}
		sites = append(sites, site)
	}
	return sites, rows.Err()
}

// GetStaticSitesByRepo returns all static sites for a given repo owner/name.
func (s *Store) GetStaticSitesByRepo(giteaURL, owner, name string) ([]StaticSite, error) {
	rows, err := s.db.Query(
		`SELECT `+staticSiteCols+`
		 FROM static_sites WHERE gitea_url = ? AND repo_owner = ? AND repo_name = ?
		 ORDER BY name`,
		giteaURL, owner, name,
	)
	if err != nil {
		return nil, fmt.Errorf("query static sites by repo: %w", err)
	}
	defer rows.Close()

	sites := []StaticSite{}
	for rows.Next() {
		site, err := scanStaticSiteRows(rows)
		if err != nil {
			return nil, err
		}
		sites = append(sites, site)
	}
	return sites, rows.Err()
}

// UpdateStaticSite updates an existing static site's configuration fields.
// notification_secret is intentionally not updated here — use the dedicated
// SetStaticSiteNotificationSecret rotation helper.
func (s *Store) UpdateStaticSite(site StaticSite) error {
	site.UpdatedAt = Now()
	result, err := s.db.Exec(
		`UPDATE static_sites SET name=?, provider=?, gitea_url=?, repo_owner=?, repo_name=?, branch=?,
		 folder_path=?, access_token=?, domain=?, mode=?, render_markdown=?,
		 sync_trigger=?, tag_pattern=?, storage_enabled=?, storage_limit_mb=?,
		 notification_url=?, updated_at=?
		 WHERE id=?`,
		site.Name, site.Provider, site.GiteaURL, site.RepoOwner, site.RepoName, site.Branch,
		site.FolderPath, site.AccessToken, site.Domain, site.Mode,
		BoolToInt(site.RenderMarkdown), site.SyncTrigger, site.TagPattern,
		BoolToInt(site.StorageEnabled), site.StorageLimitMB,
		site.NotificationURL, site.UpdatedAt, site.ID,
	)
	if err != nil {
		return fmt.Errorf("update static site: %w", err)
	}
	n, _ := result.RowsAffected()
	if n == 0 {
		return fmt.Errorf("static site %s: %w", site.ID, ErrNotFound)
	}
	current, err := s.GetStaticSiteByID(site.ID)
	if err != nil {
		return fmt.Errorf("reread static site for workload sync: %w", err)
	}
	return s.SyncStaticSiteWorkload(current)
}

// UpdateStaticSiteStatus updates the deployment status fields.
func (s *Store) UpdateStaticSiteStatus(id, status, commitSHA, errMsg string) error {
	now := Now()
	result, err := s.db.Exec(
		`UPDATE static_sites SET status=?, last_commit_sha=?, last_sync_at=?, error=?, updated_at=?
		 WHERE id=?`,
		status, commitSHA, now, errMsg, now, id,
	)
	if err != nil {
		return fmt.Errorf("update static site status: %w", err)
	}
	n, _ := result.RowsAffected()
	if n == 0 {
		return fmt.Errorf("static site %s: %w", id, ErrNotFound)
	}
	return nil
}

// UpdateStaticSiteContainer updates the container and proxy route IDs after deployment.
func (s *Store) UpdateStaticSiteContainer(id, containerID, proxyRouteID string) error {
	now := Now()
	result, err := s.db.Exec(
		`UPDATE static_sites SET container_id=?, proxy_route_id=?, updated_at=? WHERE id=?`,
		containerID, proxyRouteID, now, id,
	)
	if err != nil {
		return fmt.Errorf("update static site container: %w", err)
	}
	n, _ := result.RowsAffected()
	if n == 0 {
		return fmt.Errorf("static site %s: %w", id, ErrNotFound)
	}
	return nil
}

// ListStaticSiteProxyRoutes returns proxy routes backed by static sites,
// shaped to match the unified ProxyRoute model used by the Proxies page.
// Sites without an active proxy route are skipped.
func (s *Store) ListStaticSiteProxyRoutes(domain string) ([]ProxyRoute, error) {
	rows, err := s.db.Query(
		`SELECT id, name, mode, provider, domain, container_id, proxy_route_id, status, created_at
		 FROM static_sites
		 WHERE proxy_route_id != ''
		 ORDER BY name`,
	)
	if err != nil {
		return nil, fmt.Errorf("query static site proxy routes: %w", err)
	}
	defer rows.Close()

	suffix := ""
	if domain != "" {
		suffix = "." + strings.ToLower(domain)
	}

	routes := []ProxyRoute{}
	for rows.Next() {
		var r ProxyRoute
		var mode, provider, fullDomain string
		if err := rows.Scan(
			&r.InstanceID, &r.ProjectName, &mode, &provider, &fullDomain,
			&r.ContainerID, &r.ProxyRouteID, &r.Status, &r.CreatedAt,
		); err != nil {
			return nil, fmt.Errorf("scan static site proxy route: %w", err)
		}
		r.Source = "static_site"
		r.StageName = mode
		r.ImageTag = provider
		r.Domain = fullDomain
		if suffix != "" && strings.HasSuffix(strings.ToLower(fullDomain), suffix) {
			r.Subdomain = fullDomain[:len(fullDomain)-len(suffix)]
		} else {
			r.Subdomain = fullDomain
		}
		routes = append(routes, r)
	}
	return routes, rows.Err()
}

// DeleteStaticSite removes a static site by ID. Cascading deletes handle secrets.
// Workload row + container index entries are removed too.
func (s *Store) DeleteStaticSite(id string) error {
	result, err := s.db.Exec(`DELETE FROM static_sites WHERE id = ?`, id)
	if err != nil {
		return fmt.Errorf("delete static site: %w", err)
	}
	n, _ := result.RowsAffected()
	if n == 0 {
		return fmt.Errorf("static site %s: %w", id, ErrNotFound)
	}
	if w, err := s.GetWorkloadByRef(WorkloadKindSite, id); err == nil {
		if err := s.DeleteContainersByWorkload(w.ID); err != nil {
			return fmt.Errorf("delete static site containers: %w", err)
		}
		if err := s.DeleteWorkload(w.ID); err != nil {
			return fmt.Errorf("delete static site workload: %w", err)
		}
	}
	return nil
}

// scanStaticSiteRow scans a static site from a *sql.Row.
func scanStaticSiteRow(row *sql.Row) (StaticSite, error) {
	var site StaticSite
	var renderMarkdown, storageEnabled, requireSig int
	err := row.Scan(
		&site.ID, &site.Name, &site.Provider, &site.GiteaURL, &site.RepoOwner, &site.RepoName,
		&site.Branch, &site.FolderPath, &site.AccessToken, &site.Domain, &site.Mode,
		&renderMarkdown, &site.SyncTrigger, &site.TagPattern,
		&site.ContainerID, &site.ProxyRouteID, &site.Status, &site.LastSyncAt,
		&site.LastCommitSHA, &site.Error, &storageEnabled, &site.StorageLimitMB,
		&site.WebhookSecret, &site.WebhookSigningSecret, &requireSig,
		&site.NotificationURL, &site.NotificationSecret,
		&site.CreatedAt, &site.UpdatedAt,
	)
	if err != nil {
		return StaticSite{}, err
	}
	site.RenderMarkdown = renderMarkdown != 0
	site.StorageEnabled = storageEnabled != 0
	site.WebhookRequireSignature = requireSig != 0
	return site, nil
}

// scanStaticSiteRows scans a static site from a *sql.Rows cursor.
func scanStaticSiteRows(rows *sql.Rows) (StaticSite, error) {
	var site StaticSite
	var renderMarkdown, storageEnabled, requireSig int
	err := rows.Scan(
		&site.ID, &site.Name, &site.Provider, &site.GiteaURL, &site.RepoOwner, &site.RepoName,
		&site.Branch, &site.FolderPath, &site.AccessToken, &site.Domain, &site.Mode,
		&renderMarkdown, &site.SyncTrigger, &site.TagPattern,
		&site.ContainerID, &site.ProxyRouteID, &site.Status, &site.LastSyncAt,
		&site.LastCommitSHA, &site.Error, &storageEnabled, &site.StorageLimitMB,
		&site.WebhookSecret, &site.WebhookSigningSecret, &requireSig,
		&site.NotificationURL, &site.NotificationSecret,
		&site.CreatedAt, &site.UpdatedAt,
	)
	if err != nil {
		return StaticSite{}, fmt.Errorf("scan static site: %w", err)
	}
	site.RenderMarkdown = renderMarkdown != 0
	site.StorageEnabled = storageEnabled != 0
	site.WebhookRequireSignature = requireSig != 0
	return site, nil
}

// SetStaticSiteWebhookSigningSecret assigns the inbound HMAC signing secret.
// Pass an empty string to clear it (also implicitly disables enforcement).
func (s *Store) SetStaticSiteWebhookSigningSecret(id, secret string) error {
	result, err := s.db.Exec(
		`UPDATE static_sites SET webhook_signing_secret=?, updated_at=? WHERE id=?`,
		secret, Now(), id,
	)
	if err != nil {
		return fmt.Errorf("set static site webhook signing secret: %w", err)
	}
	n, _ := result.RowsAffected()
	if n == 0 {
		return fmt.Errorf("static site %s: %w", id, ErrNotFound)
	}
	current, err := s.GetStaticSiteByID(id)
	if err != nil {
		return fmt.Errorf("reread static site for workload sync: %w", err)
	}
	return s.SyncStaticSiteWorkload(current)
}

// SetStaticSiteWebhookRequireSignature toggles whether unsigned (or
// invalidly-signed) inbound webhook requests are rejected with 401.
func (s *Store) SetStaticSiteWebhookRequireSignature(id string, require bool) error {
	v := 0
	if require {
		v = 1
	}
	result, err := s.db.Exec(
		`UPDATE static_sites SET webhook_require_signature=?, updated_at=? WHERE id=?`,
		v, Now(), id,
	)
	if err != nil {
		return fmt.Errorf("set static site webhook require_signature: %w", err)
	}
	n, _ := result.RowsAffected()
	if n == 0 {
		return fmt.Errorf("static site %s: %w", id, ErrNotFound)
	}
	current, err := s.GetStaticSiteByID(id)
	if err != nil {
		return fmt.Errorf("reread static site for workload sync: %w", err)
	}
	return s.SyncStaticSiteWorkload(current)
}

// SetStaticSiteNotificationSecret rotates the static site's outgoing-webhook
// signing secret. Empty string disables HMAC signing for this site
// (notifications still send unsigned, falling through to global resolution).
func (s *Store) SetStaticSiteNotificationSecret(id, secret string) error {
	result, err := s.db.Exec(
		`UPDATE static_sites SET notification_secret=?, updated_at=? WHERE id=?`,
		secret, Now(), id,
	)
	if err != nil {
		return fmt.Errorf("set static site notification secret: %w", err)
	}
	n, _ := result.RowsAffected()
	if n == 0 {
		return fmt.Errorf("static site %s: %w", id, ErrNotFound)
	}
	current, err := s.GetStaticSiteByID(id)
	if err != nil {
		return fmt.Errorf("reread static site for workload sync: %w", err)
	}
	return s.SyncStaticSiteWorkload(current)
}

// EnsureStaticSiteNotificationSecret returns the static site's outgoing-webhook
// signing secret, generating one lazily if missing.
func (s *Store) EnsureStaticSiteNotificationSecret(id string) (string, error) {
	site, err := s.GetStaticSiteByID(id)
	if err != nil {
		return "", err
	}
	if site.NotificationSecret != "" {
		return site.NotificationSecret, nil
	}
	secret := generateWebhookSecret()
	if err := s.SetStaticSiteNotificationSecret(id, secret); err != nil {
		return "", err
	}
	return secret, nil
}

// EnsureSettingsNotificationSecret returns the global outgoing-webhook signing
// secret, generating one lazily if missing.
func (s *Store) EnsureSettingsNotificationSecret() (string, error) {
	st, err := s.GetSettings()
	if err != nil {
		return "", err
	}
	if st.NotificationSecret != "" {
		return st.NotificationSecret, nil
	}
	secret := generateWebhookSecret()
	if err := s.SetSettingsNotificationSecret(secret); err != nil {
		return "", err
	}
	return secret, nil
}

// GetStaticSiteByWebhookSecret looks up a static site by its webhook secret.
// Returns ErrNotFound if no site has this secret (including empty).
func (s *Store) GetStaticSiteByWebhookSecret(secret string) (StaticSite, error) {
	if secret == "" {
		return StaticSite{}, ErrNotFound
	}
	site, err := scanStaticSiteRow(s.db.QueryRow(
		`SELECT `+staticSiteCols+` FROM static_sites WHERE webhook_secret = ?`, secret,
	))
	if errors.Is(err, sql.ErrNoRows) {
		return StaticSite{}, ErrNotFound
	}
	if err != nil {
		return StaticSite{}, fmt.Errorf("query static site by webhook secret: %w", err)
	}
	return site, nil
}

// SetStaticSiteWebhookSecret assigns a webhook secret to a static site.
// Pass an empty string to disable webhook access for the site.
func (s *Store) SetStaticSiteWebhookSecret(id, secret string) error {
	result, err := s.db.Exec(
		`UPDATE static_sites SET webhook_secret=?, updated_at=? WHERE id=?`,
		secret, Now(), id,
	)
	if err != nil {
		return fmt.Errorf("set static site webhook secret: %w", err)
	}
	n, _ := result.RowsAffected()
	if n == 0 {
		return fmt.Errorf("static site %s: %w", id, ErrNotFound)
	}
	current, err := s.GetStaticSiteByID(id)
	if err != nil {
		return fmt.Errorf("reread static site for workload sync: %w", err)
	}
	return s.SyncStaticSiteWorkload(current)
}

// EnsureStaticSiteWebhookSecret returns the current webhook secret for a site,
// generating one on the fly if the stored value is empty (lazy backfill).
func (s *Store) EnsureStaticSiteWebhookSecret(id string) (string, error) {
	site, err := s.GetStaticSiteByID(id)
	if err != nil {
		return "", err
	}
	if site.WebhookSecret != "" {
		return site.WebhookSecret, nil
	}
	secret := generateWebhookSecret()
	if err := s.SetStaticSiteWebhookSecret(id, secret); err != nil {
		return "", err
	}
	return secret, nil
}