Files
minstrel/internal/api/auth_register.go
T
bvandeusen 7fac264c73 feat(playlists): wire Refresh into PUT /api/me/timezone + registration
Completes the server side of #392 Half B.

PUT /api/me/timezone now calls scheduler.Refresh(ctx, userID) after
the DB write so the rescheduled daily-at-03:00-local job takes
effect synchronously. Failure to refresh is logged but doesn't
undo the DB write — the hourly reconciliation pass would pick it
up within an hour regardless.

POST /api/auth/register calls Refresh after successful user
insert so brand-new users get scheduled immediately rather than
waiting for the hourly pass to discover them.

system_cron.go deleted: the new scheduler subsumes its
responsibilities. The StartSystemPlaylistCron call in main.go is
also removed. Server restart now runs the new scheduler's startup
recovery + catch-up instead.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 11:58:24 -04:00

225 lines
7.5 KiB
Go

package api
import (
"encoding/json"
"errors"
"net/http"
"regexp"
"time"
"github.com/jackc/pgerrcode"
"github.com/jackc/pgx/v5"
"github.com/jackc/pgx/v5/pgconn"
"golang.org/x/crypto/bcrypt"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
)
// usernameRe enforces a conservative username shape: 3-32 chars,
// alphanumeric + underscore + hyphen. The same regex is reused on
// the frontend for live validation.
var usernameRe = regexp.MustCompile(`^[a-zA-Z0-9_-]{3,32}$`)
const minPasswordLength = 8
type registerReq struct {
Username string `json:"username"`
Password string `json:"password"`
InviteToken string `json:"invite_token"`
DisplayName *string `json:"display_name"`
}
// handleRegister implements POST /api/auth/register.
//
// Flow:
// 1. Validate username/password format + minimum lengths.
// 2. Look up registration_settings.mode and current user count.
// 3. If users table is empty: insert via CreateUserFirstAdminRace
// (sets is_admin from a SELECT NOT EXISTS subquery). Skip invite
// check.
// 4. Else if mode == 'invite_only': atomically redeem invite via
// RedeemInvite (returns rows-affected; 0 means no usable
// invite — reject 400).
// 5. Else (mode == 'open'): proceed without invite check.
// 6. Hash password, mint session token, insert session row, set
// cookie, return user + token.
// 7. Audit ActionRegister and (if invite was used) ActionInviteRedeem.
//
// Errors:
// - 400 invalid_body / username_invalid / password_too_short
// - 400 invite_required (invite_only mode, no token supplied)
// - 400 invite_invalid (token doesn't exist, expired, or already redeemed)
// - 409 username_taken (PG unique violation on users.username)
// - 500 server_error otherwise
func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
var req registerReq
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeErr(w, apierror.BadRequest("invalid_body", "invalid JSON body"))
return
}
if !usernameRe.MatchString(req.Username) {
writeErr(w, apierror.BadRequest("username_invalid", "username must be 3-32 chars, alphanumeric + underscore + hyphen"))
return
}
if len(req.Password) < minPasswordLength {
writeErr(w, apierror.BadRequest("password_too_short", "password must be at least 8 chars"))
return
}
q := dbq.New(h.pool)
// Determine whether this is the empty-users (bootstrap-admin) case.
userCount, err := q.CountUsers(r.Context())
if err != nil {
h.logger.Error("register: count users failed", "err", err)
writeErr(w, apierror.Internal(err))
return
}
// Validate invite (skipped on empty-users state; skipped in 'open' mode).
usedInviteToken := ""
if userCount > 0 {
mode, err := q.GetRegistrationMode(r.Context())
if err != nil {
h.logger.Error("register: get mode failed", "err", err)
writeErr(w, apierror.Internal(err))
return
}
if mode == "invite_only" {
if req.InviteToken == "" {
writeErr(w, apierror.BadRequest("invite_required", "an invite token is required to register"))
return
}
// Pre-validate existence + non-redeemed + non-expired so we fail
// fast on bad tokens before creating the user.
invite, ierr := q.GetInviteByToken(r.Context(), req.InviteToken)
if ierr != nil {
if errors.Is(ierr, pgx.ErrNoRows) {
writeErr(w, apierror.BadRequest("invite_invalid", "invite token not found"))
return
}
h.logger.Error("register: get invite failed", "err", ierr)
writeErr(w, apierror.Internal(ierr))
return
}
if invite.RedeemedAt.Valid || invite.ExpiresAt.Time.Before(time.Now()) {
writeErr(w, apierror.BadRequest("invite_invalid", "invite token is expired or already redeemed"))
return
}
usedInviteToken = req.InviteToken
}
}
// Hash password.
hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
if err != nil {
h.logger.Error("register: hash password failed", "err", err)
writeErr(w, apierror.Internal(err))
return
}
// Mint API token (same primitive used by bootstrap).
apiToken, err := auth.MintSessionToken()
if err != nil {
h.logger.Error("register: mint api_token failed", "err", err)
writeErr(w, apierror.Internal(err))
return
}
// Insert user (race-safe-first-admin variant).
user, err := q.CreateUserFirstAdminRace(r.Context(), dbq.CreateUserFirstAdminRaceParams{
Username: req.Username,
PasswordHash: string(hash),
ApiToken: apiToken,
DisplayName: req.DisplayName,
})
if err != nil {
var pgErr *pgconn.PgError
if errors.As(err, &pgErr) && pgErr.Code == pgerrcode.UniqueViolation {
writeErr(w, apierror.Conflict("username_taken", "username is already taken"))
return
}
h.logger.Error("register: create user failed", "err", err)
writeErr(w, apierror.Internal(err))
return
}
// Atomic invite redeem (if applicable). Now we have user.ID for redeemed_by.
if usedInviteToken != "" {
rows, rerr := q.RedeemInvite(r.Context(), dbq.RedeemInviteParams{
Token: usedInviteToken,
RedeemedBy: user.ID,
})
if rerr != nil || rows != 1 {
// Race: another caller redeemed between our pre-check and now.
// User was already inserted — the redeem failed but the user
// row exists. Best to leave the user in place (operator can
// promote them manually) but surface a clear log entry.
h.logger.Error("register: invite redeem failed; user inserted but invite not consumed",
"user_id", uuidToString(user.ID), "rows", rows, "err", rerr)
// Don't fail the response — the user IS registered.
}
}
// Mint session token + cookie (same shape as handleLogin).
sessionToken, err := auth.MintSessionToken()
if err != nil {
h.logger.Error("register: mint session failed", "err", err)
writeErr(w, apierror.Internal(err))
return
}
if _, err := q.InsertSession(r.Context(), dbq.InsertSessionParams{
UserID: user.ID,
TokenHash: auth.HashSessionToken(sessionToken),
UserAgent: r.UserAgent(),
}); err != nil {
h.logger.Error("register: insert session failed", "err", err)
writeErr(w, apierror.Internal(err))
return
}
http.SetCookie(w, &http.Cookie{
Name: auth.SessionCookieName,
Value: sessionToken,
Path: "/",
HttpOnly: true,
Secure: r.TLS != nil,
SameSite: http.SameSiteStrictMode,
MaxAge: int(sessionCookieMaxAge.Seconds()),
})
// Audit (best-effort; a failed audit write does NOT fail the user-
// facing operation).
auditMeta := map[string]any{}
if user.IsAdmin {
auditMeta["first_admin"] = true
}
audit.WriteOrLog(r.Context(), h.pool, h.logger, user.ID, user.ID, audit.ActionRegister, auditMeta)
if usedInviteToken != "" {
audit.WriteOrLog(r.Context(), h.pool, h.logger, user.ID, user.ID, audit.ActionInviteRedeem,
map[string]any{"token": usedInviteToken})
}
// Register the new user with the playlist scheduler so their daily
// builds are scheduled without waiting for the hourly reconciliation
// pass. Failure here is logged but doesn't fail registration — the
// next hourly pass will pick them up.
if h.playlistScheduler != nil {
if err := h.playlistScheduler.Refresh(r.Context(), user.ID); err != nil {
h.logger.Warn("api: scheduler refresh after registration",
"user_id", uuidToString(user.ID), "err", err)
}
}
writeJSON(w, http.StatusOK, LoginResponse{
Token: sessionToken,
User: UserView{
ID: user.ID,
Username: user.Username,
IsAdmin: user.IsAdmin,
},
})
}