hzhang
e706f3d6ef
Replaces the Python v1 (preserved on archive/python-v1 branch).
Stack: Go 1.23 + chi router + sqlx + MySQL 8. Distroless static
container. 12-factor config from env. Embedded SQL migrations.
Schema (internal/db/migrations/001_init.sql):
- topics: 议题 with 4-timestamp lifecycle (signup_open/close +
debate_start/end), visibility (default private), status state machine,
verdict_schema FK
- signups: agent self-enrollment with willing_camps (JSON array of
pro|con|judge), pre_validated audit flag, (topic,agent) unique
- camps: post-allocation lock (one row per topic+camp) — written by
Phase 2D allocator
- rounds + arguments: chronological debate transcript
- verdicts: judge structured output, one per topic, with token-cost
trail for future budgeting
- agent_keys + system_keys: peppered sha256 hashes, never raw
- verdict_schemas: seeded with binary, claim-resolution (for
analyze-intel), policy-recommendation, free-form
Auth (internal/auth):
- AgentAPIKey: real bearer-token middleware against agent_keys;
best-effort last_used_at touch on success
- OIDCBrowser: Phase 2 stub. Dev mode accepts x-dev-bypass header
(constant-time compare); prod 401s with a Phase-4-pending hint.
Real Keycloak JWKS verification lands with the frontend rewrite.
HTTP API (internal/httpapi):
- /api/healthz — db ping + version + uptime
- GET /api/topics — list with status/visibility/limit/offset filters;
anonymous callers see public only
- GET /api/topics/{id} — visibility-gated (private → 404 hide)
- POST /api/topics — create with RFC3339 lifecycle validation
(signup_open < signup_close <= debate_start < debate_end)
- PUT /api/topics/{id}/visibility — dialectic-admin role gate
- POST /api/topics/{id}/signups — agent self-enroll; rejects when
topic.status != signup_open OR outside signup window; idempotent
upsert per (topic, agent)
- GET /api/topics/{id}/signups — list (any authed caller)
Auth chains:
- optionalAuth: try bearer → try oidc → fall through anonymous
(handlers branch on Caller.Kind == ""). Uses captureWriter to demote
inner 401s to "try next" without leaking response bytes.
- requireAnyAuth: chain that 401s if neither succeeds.
- requireAgent: strict bearer-only (signup POST).
Run: `docker compose -f docker-compose.dev.yml up --build`. Migrations
auto-apply on first connect; idempotent on reboot. README documents
env vars, dev bypass usage, agent-key provisioning SQL, and the
Phase 2D/E/3/4/5 roadmap.
go vet clean, gofmt clean, single 11M static binary.
222 lines
6.6 KiB
Go
222 lines
6.6 KiB
Go
package handlers
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"net/http"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
|
|
"git.hangman-lab.top/hzhang/Dialectic.Backend/internal/auth"
|
|
"git.hangman-lab.top/hzhang/Dialectic.Backend/internal/models"
|
|
"git.hangman-lab.top/hzhang/Dialectic.Backend/internal/store"
|
|
)
|
|
|
|
type TopicsHandler struct {
|
|
store *store.TopicStore
|
|
}
|
|
|
|
func NewTopicsHandler(s *store.TopicStore) *TopicsHandler { return &TopicsHandler{store: s} }
|
|
|
|
// GET /api/topics?status=...&visibility=...&limit=...&offset=...
|
|
//
|
|
// Visibility filter is enforced at the auth layer: anonymous callers
|
|
// only see visibility=public; authenticated users (CallerUser) see all
|
|
// they're entitled to (Phase 2 v1: all; Phase 4 may add per-user ACLs).
|
|
// Agent callers (CallerAgent) see all — they're acting as system on
|
|
// behalf of the platform.
|
|
func (h *TopicsHandler) List(w http.ResponseWriter, r *http.Request) {
|
|
caller := auth.FromContext(r.Context())
|
|
f := store.ListFilter{
|
|
Status: r.URL.Query().Get("status"),
|
|
Visibility: r.URL.Query().Get("visibility"),
|
|
}
|
|
if v, _ := strconv.Atoi(r.URL.Query().Get("limit")); v > 0 {
|
|
f.Limit = v
|
|
}
|
|
if v, _ := strconv.Atoi(r.URL.Query().Get("offset")); v > 0 {
|
|
f.Offset = v
|
|
}
|
|
|
|
// Anonymous: force visibility=public.
|
|
if caller.Kind == "" {
|
|
f.Visibility = string(models.VisibilityPublic)
|
|
}
|
|
|
|
rows, err := h.store.List(r.Context(), f)
|
|
if err != nil {
|
|
http.Error(w, "list failed: "+err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusOK, map[string]any{"topics": rows, "count": len(rows)})
|
|
}
|
|
|
|
// GET /api/topics/{id}
|
|
func (h *TopicsHandler) Get(w http.ResponseWriter, r *http.Request) {
|
|
id := chi.URLParam(r, "id")
|
|
if id == "" {
|
|
http.Error(w, "missing id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
t, err := h.store.GetByID(r.Context(), id)
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
http.Error(w, "topic not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
if err != nil {
|
|
http.Error(w, "get failed: "+err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
// Visibility gate: anonymous can only see public; authenticated see all.
|
|
caller := auth.FromContext(r.Context())
|
|
if caller.Kind == "" && t.Visibility != models.VisibilityPublic {
|
|
http.Error(w, "not found", http.StatusNotFound) // 404 not 403 — hide existence
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusOK, t)
|
|
}
|
|
|
|
type createTopicBody struct {
|
|
Title string `json:"title"`
|
|
Summary string `json:"summary"`
|
|
Visibility string `json:"visibility"` // default "private"
|
|
VerdictSchemaID string `json:"verdict_schema_id"` // default "free-form"
|
|
SignupOpenAt string `json:"signup_open_at"` // RFC3339
|
|
SignupCloseAt string `json:"signup_close_at"`
|
|
DebateStartAt string `json:"debate_start_at"`
|
|
DebateEndAt string `json:"debate_end_at"`
|
|
}
|
|
|
|
// POST /api/topics
|
|
//
|
|
// Allowed callers: agent or authenticated user. Anonymous rejected
|
|
// (the route wires the auth-required middleware).
|
|
func (h *TopicsHandler) Create(w http.ResponseWriter, r *http.Request) {
|
|
caller := auth.FromContext(r.Context())
|
|
if caller.Kind == "" {
|
|
http.Error(w, "auth required", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
var body createTopicBody
|
|
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
|
http.Error(w, "bad body: "+err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
if body.Title == "" || body.Summary == "" {
|
|
http.Error(w, "title and summary required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if body.Visibility == "" {
|
|
body.Visibility = string(models.VisibilityPrivate)
|
|
}
|
|
if body.VerdictSchemaID == "" {
|
|
body.VerdictSchemaID = "free-form"
|
|
}
|
|
if err := validateLifecycleTimes(body); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
created, err := h.store.Create(r.Context(), store.CreateTopicInput{
|
|
Title: body.Title,
|
|
Summary: body.Summary,
|
|
Visibility: models.Visibility(body.Visibility),
|
|
VerdictSchemaID: body.VerdictSchemaID,
|
|
SignupOpenAt: body.SignupOpenAt,
|
|
SignupCloseAt: body.SignupCloseAt,
|
|
DebateStartAt: body.DebateStartAt,
|
|
DebateEndAt: body.DebateEndAt,
|
|
CreatorUserID: caller.ID,
|
|
})
|
|
if err != nil {
|
|
http.Error(w, "create failed: "+err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusCreated, created)
|
|
}
|
|
|
|
// validateLifecycleTimes enforces:
|
|
//
|
|
// signup_open < signup_close <= debate_start < debate_end
|
|
//
|
|
// All four timestamps must be parsable as RFC3339; failure → 400.
|
|
func validateLifecycleTimes(b createTopicBody) error {
|
|
type p struct {
|
|
name string
|
|
raw string
|
|
}
|
|
parts := []p{
|
|
{"signup_open_at", b.SignupOpenAt},
|
|
{"signup_close_at", b.SignupCloseAt},
|
|
{"debate_start_at", b.DebateStartAt},
|
|
{"debate_end_at", b.DebateEndAt},
|
|
}
|
|
parsed := make([]time.Time, 4)
|
|
for i, x := range parts {
|
|
t, err := time.Parse(time.RFC3339, x.raw)
|
|
if err != nil {
|
|
return errors.New(x.name + ": must be RFC3339")
|
|
}
|
|
parsed[i] = t
|
|
}
|
|
if !parsed[0].Before(parsed[1]) {
|
|
return errors.New("signup_open_at must be before signup_close_at")
|
|
}
|
|
if parsed[1].After(parsed[2]) {
|
|
return errors.New("signup_close_at must be <= debate_start_at")
|
|
}
|
|
if !parsed[2].Before(parsed[3]) {
|
|
return errors.New("debate_start_at must be before debate_end_at")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// PUT /api/topics/{id}/visibility — admin-only flip (Phase 2 stub: any
|
|
// authenticated user; Phase 4 will check the dialectic-admin role from JWT).
|
|
func (h *TopicsHandler) SetVisibility(w http.ResponseWriter, r *http.Request) {
|
|
caller := auth.FromContext(r.Context())
|
|
if caller.Kind == "" {
|
|
http.Error(w, "auth required", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
if caller.Kind == auth.CallerUser && !hasRole(caller, "dialectic-admin") {
|
|
http.Error(w, "dialectic-admin role required", http.StatusForbidden)
|
|
return
|
|
}
|
|
id := chi.URLParam(r, "id")
|
|
var body struct {
|
|
Visibility string `json:"visibility"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
|
http.Error(w, "bad body", http.StatusBadRequest)
|
|
return
|
|
}
|
|
v := models.Visibility(body.Visibility)
|
|
if v != models.VisibilityPublic && v != models.VisibilityPrivate {
|
|
http.Error(w, "visibility must be public|private", http.StatusBadRequest)
|
|
return
|
|
}
|
|
t, err := h.store.SetVisibility(r.Context(), id, v, caller.ID)
|
|
if err != nil {
|
|
http.Error(w, "update failed: "+err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusOK, t)
|
|
}
|
|
|
|
func hasRole(c auth.Caller, role string) bool {
|
|
for _, r := range c.Roles {
|
|
if r == role {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func writeJSON(w http.ResponseWriter, status int, v any) {
|
|
w.Header().Set("content-type", "application/json")
|
|
w.WriteHeader(status)
|
|
_ = json.NewEncoder(w).Encode(v)
|
|
}
|