Pulse/internal/api/metadata_handlers_shared.go
rcourtman 6340cd36f2 Dedupe internal/api handler families behind shared flows and generics
Clears the sixteen dupl pair groups in internal/api plus the pkg/pulsecli
pair:

- router.go: privileged settings endpoints share the
  serveSetupTokenOrSettingsWrite gate; patrol findings convert via one
  unifiedFindingFromAI; the five infrastructure-summary chart loops share
  collectGuestChartData / fillChartSeriesFromBatch; the VM/LXC workloads
  summary loops share appendGuestWorkloadSummaries.
- deploy_handlers.go: preflight and job status/SSE handlers share
  handleDeployJobStatus / handleDeployJobEvents.
- recovery_handlers.go: points series/facets share
  parseRecoveryListPointsOptions.
- truenas_handlers.go / vmware_handlers.go / router_routes_registration.go:
  the connection update flow (locate, decode-with-fallback, normalize,
  preserve masked secrets, validate, save, redact) moves to the new
  platform_connection_shared.go (updatePlatformConnection +
  decodeOptionalInstanceRequest + the admin-gated item-route builder);
  per-platform wrappers carry nolint'd declarative wiring only.
- docker_metadata.go / guest_metadata.go: GET/PUT payload semantics move
  to metadata_handlers_shared.go; the zero-record-instead-of-404 contract
  is pinned by TestContract_MetadataGetPayloadsUseZeroRecordsInsteadOf404.
- kubernetes_agents.go / docker_agents.go: lifecycle PUTs share
  per-handler action helpers.
- config_node_handlers.go: PBS/PMG probes share
  testProxmoxPlatformConnection.
- cloud_handoff_handlers.go / purchase_return_redemptions.go: secrets
  sqlite stores open through openHardenedSecretsDB so permission
  hardening stays single-sourced.
- ai_handlers.go / chat_service_adapter.go: the GetMessages adapters are
  deliberate contract mirrors — suppressed with nolint and enforced by
  TestOrchestratorAndChatAdaptersMapTheSameMessageFields.
- pkg/pulsecli/actions.go: action subcommands seed env defaults via
  actionAPIDefaults (tested); the audit/events cobra registration pair is
  nolint'd parallel wiring.
- .golangci.yml: exclude gitignored tmp/ from ./... typechecking.
- subsystem_lookup_test.py: refresh the pinned api-contracts.md line
  numbers shifted by the contract additions.

golangci-lint run ./... is now fully green. Full internal/api and
pkg/pulsecli test suites pass.
2026-06-10 10:52:05 +01:00

113 lines
3.2 KiB
Go

package api
import (
"context"
"encoding/json"
"net/http"
"strings"
"github.com/rs/zerolog/log"
)
// handleMetadataGetRequest serves the GET flow shared by the guest and docker
// metadata handlers: the bare route returns the full metadata map (an empty
// object instead of null), a suffixed route returns that resource's metadata
// (a zero record instead of a 404).
func handleMetadataGetRequest[M any](
w http.ResponseWriter,
r *http.Request,
routePrefix string,
getAll func(ctx context.Context) map[string]*M,
get func(ctx context.Context, id string) *M,
emptyRecord func(id string) *M,
) {
if r.Method != http.MethodGet {
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
return
}
path := r.URL.Path
// Handle both the bare route and its trailing-slash form.
if path == routePrefix || path == routePrefix+"/" {
// Get all metadata
w.Header().Set("Content-Type", "application/json")
allMeta := getAll(r.Context())
if allMeta == nil {
// Return empty object instead of null
json.NewEncoder(w).Encode(make(map[string]*M))
} else {
json.NewEncoder(w).Encode(allMeta)
}
return
}
// Get specific resource ID from path
resourceID := strings.TrimPrefix(path, routePrefix+"/")
w.Header().Set("Content-Type", "application/json")
if resourceID != "" {
meta := get(r.Context(), resourceID)
if meta == nil {
// Return empty metadata instead of 404
json.NewEncoder(w).Encode(emptyRecord(resourceID))
} else {
json.NewEncoder(w).Encode(meta)
}
} else {
// This shouldn't happen with current routing, but handle it anyway
http.Error(w, "Invalid request path", http.StatusBadRequest)
}
}
// handleMetadataUpdateRequest serves the PUT/POST flow shared by the guest
// and docker metadata handlers: decode a bounded body, validate the custom
// URL, persist, and echo the stored record.
func handleMetadataUpdateRequest[M any](
w http.ResponseWriter,
r *http.Request,
routePrefix string,
idRequiredMsg string,
idLogKey string,
saveErrLogMsg string,
updatedLogMsg string,
customURL func(*M) string,
set func(ctx context.Context, id string, meta *M) error,
) {
if r.Method != http.MethodPut && r.Method != http.MethodPost {
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
return
}
resourceID := strings.TrimPrefix(r.URL.Path, routePrefix+"/")
if resourceID == "" || resourceID == "metadata" {
http.Error(w, idRequiredMsg, http.StatusBadRequest)
return
}
// Limit request body to 16KB to prevent memory exhaustion
r.Body = http.MaxBytesReader(w, r.Body, 16*1024)
var meta M
if err := json.NewDecoder(r.Body).Decode(&meta); err != nil {
http.Error(w, "Invalid request body", http.StatusBadRequest)
return
}
// Validate URL if provided
if errMsg := validateCustomURL(customURL(&meta)); errMsg != "" {
http.Error(w, errMsg, http.StatusBadRequest)
return
}
if err := set(r.Context(), resourceID, &meta); err != nil {
log.Error().Err(err).Str(idLogKey, resourceID).Msg(saveErrLogMsg)
http.Error(w, metadataSaveErrorMessage(err), http.StatusInternalServerError)
return
}
log.Info().Str(idLogKey, resourceID).Str("url", customURL(&meta)).Msg(updatedLogMsg)
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&meta)
}