feat: admin web UI POC (dbdeployer admin ui)

admin/actions.go

@@ -0,0 +1,58 @@
+package admin
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/ProxySQL/dbdeployer/defaults"
+)
+
+// ExecuteSandboxScript runs a lifecycle script (start, stop, restart) in a sandbox directory.
+// It tries <script> first, then <script>_all for multi-node sandboxes.
+func ExecuteSandboxScript(sandboxName string, script string) error {
+	sbDir := sandboxDirFor(sandboxName)
+
+	scriptPath := filepath.Join(sbDir, script)
+	if _, err := os.Stat(scriptPath); err != nil {
+		// Try the _all variant for multi-node sandboxes.
+		scriptPath = filepath.Join(sbDir, script+"_all")
+		if _, err2 := os.Stat(scriptPath); err2 != nil {
+			return fmt.Errorf("script %q not found in %s", script, sbDir)
+		}
+	}
+
+	cmd := exec.Command("bash", scriptPath)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("%s failed: %s: %w", script, string(output), err)
+	}
+	return nil
+}
+
+// DestroySandbox stops a sandbox and removes its directory and catalog entry.
+func DestroySandbox(sandboxName string) error {
+	sbDir := sandboxDirFor(sandboxName)
+
+	// Try stop (log warning if fails — sandbox may already be stopped).
+	if err := ExecuteSandboxScript(sandboxName, "stop"); err != nil {
+		fmt.Printf("Warning: failed to stop sandbox %s during destruction: %v\n", sandboxName, err)
+	}
+
+	// Remove directory.
+	if err := os.RemoveAll(sbDir); err != nil {
+		return fmt.Errorf("removing %s: %w", sbDir, err)
+	}
+
+	// Remove from catalog. The catalog key is the full destination path.
+	if err := defaults.DeleteFromCatalog(sbDir); err != nil {
+		return fmt.Errorf("removing %s from catalog: %w", sandboxName, err)
+	}
+	return nil
+}
+
+// sandboxDirFor resolves the full path for a sandbox name.
+func sandboxDirFor(sandboxName string) string {
+	return filepath.Join(defaults.Defaults().SandboxHome, sandboxName)
+}

admin/auth.go

@@ -0,0 +1,75 @@
+package admin
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"net/http"
+	"sync"
+	"time"
+)
+
+type AuthManager struct {
+	otp      string
+	otpUsed  bool
+	sessions map[string]time.Time
+	mu       sync.RWMutex
+}
+
+func NewAuthManager() *AuthManager {
+	otp := generateOTP()
+	return &AuthManager{
+		otp:      otp,
+		sessions: make(map[string]time.Time),
+	}
+}
+
+func (a *AuthManager) OTP() string {
+	return a.otp
+}
+
+func (a *AuthManager) ValidateOTP(token string) bool {
+	a.mu.Lock()
+	defer a.mu.Unlock()
+	if a.otpUsed || token != a.otp {
+		return false
+	}
+	a.otpUsed = true
+	return true
+}
+
+func (a *AuthManager) CreateSession() string {
+	a.mu.Lock()
+	defer a.mu.Unlock()
+	sessionID := generateOTP()
+	a.sessions[sessionID] = time.Now().Add(1 * time.Hour)
+	return sessionID
+}
+
+func (a *AuthManager) ValidateSession(r *http.Request) bool {
+	cookie, err := r.Cookie("dbdeployer_session")
+	if err != nil {
+		return false
+	}
+	a.mu.RLock()
+	defer a.mu.RUnlock()
+	expiry, ok := a.sessions[cookie.Value]
+	return ok && time.Now().Before(expiry)
+}
+
+func (a *AuthManager) AuthMiddleware(next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if !a.ValidateSession(r) {
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
+		next(w, r)
+	}
+}
+
+func generateOTP() string {
+	b := make([]byte, 16)
+	if _, err := rand.Read(b); err != nil {
+		panic("crypto/rand.Read failed: " + err.Error())
+	}
+	return hex.EncodeToString(b)
+}

admin/handlers.go

@@ -0,0 +1,144 @@
+package admin
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+func (s *Server) handleLogin(w http.ResponseWriter, r *http.Request) {
+	token := r.URL.Query().Get("token")
+	if token == "" {
+		if err := s.templates.ExecuteTemplate(w, "login.html", nil); err != nil {
+			http.Error(w, "template error: "+err.Error(), http.StatusInternalServerError)
+		}
+		return
+	}
+	if !s.auth.ValidateOTP(token) {
+		http.Error(w, "Invalid or expired token", http.StatusUnauthorized)
+		return
+	}
+	sessionID := s.auth.CreateSession()
+	http.SetCookie(w, &http.Cookie{
+		Name:     "dbdeployer_session",
+		Value:    sessionID,
+		Path:     "/",
+		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
+	})
+	http.Redirect(w, r, "/", http.StatusSeeOther)
+}
+
+func (s *Server) handleDashboard(w http.ResponseWriter, r *http.Request) {
+	if r.URL.Path != "/" {
+		http.NotFound(w, r)
+		return
+	}
+	sandboxes, err := GetAllSandboxes()
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	data := map[string]interface{}{
+		"Sandboxes": sandboxes,
+		"Count":     len(sandboxes),
+	}
+	if err := s.templates.ExecuteTemplate(w, "dashboard.html", data); err != nil {
+		http.Error(w, "template error: "+err.Error(), http.StatusInternalServerError)
+	}
+}
+
+func (s *Server) handleListSandboxes(w http.ResponseWriter, r *http.Request) {
+	sandboxes, err := GetAllSandboxes()
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	_ = json.NewEncoder(w).Encode(sandboxes)
+}
+
+func (s *Server) handleRefreshSandboxList(w http.ResponseWriter, r *http.Request) {
+	sandboxes, err := GetAllSandboxes()
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	data := map[string]interface{}{
+		"Sandboxes": sandboxes,
+		"Count":     len(sandboxes),
+	}
+	if err := s.templates.ExecuteTemplate(w, "sandbox-list.html", data); err != nil {
+		http.Error(w, "template error: "+err.Error(), http.StatusInternalServerError)
+	}
+}
+
+func (s *Server) handleSandboxAction(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// Parse: /api/sandboxes/<name>/<action>
+	parts := strings.Split(strings.TrimPrefix(r.URL.Path, "/api/sandboxes/"), "/")
+	if len(parts) != 2 {
+		http.Error(w, "Invalid path format. Expected /api/sandboxes/<name>/<action>", http.StatusBadRequest)
+		return
+	}
+	rawName, action := parts[0], parts[1]
+
+	// URL-decode the sandbox name (it was urlquery-encoded in the template).
+	name, err := url.PathUnescape(rawName)
+	if err != nil {
+		http.Error(w, "Invalid sandbox name encoding", http.StatusBadRequest)
+		return
+	}
+
+	// Reject names that could escape the sandbox directory.
+	if name == "" || strings.ContainsAny(name, "/\\") || name == "." || name == ".." {
+		http.Error(w, "Invalid sandbox name", http.StatusBadRequest)
+		return
+	}
+
+	var actionErr error
+	switch action {
+	case "start":
+		actionErr = ExecuteSandboxScript(name, "start")
+	case "stop":
+		actionErr = ExecuteSandboxScript(name, "stop")
+	case "destroy":
+		actionErr = DestroySandbox(name)
+	default:
+		http.Error(w, "Unknown action", http.StatusBadRequest)
+		return
+	}
+
+	if actionErr != nil {
+		http.Error(w, actionErr.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	// Wait briefly for start/stop to take effect before reading status.
+	// Start scripts launch mysqld in the background; the PID file
+	// and status script need a moment to reflect the new state.
+	if action == "start" || action == "stop" {
+		time.Sleep(2 * time.Second)
+	}
+
+	// Return updated sandbox list fragment for HTMX.
+	sandboxes, err := GetAllSandboxes()
+	if err != nil {
+		http.Error(w, "Action succeeded but failed to refresh: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+	data := map[string]interface{}{
+		"Sandboxes": sandboxes,
+		"Count":     len(sandboxes),
+	}
+	if err := s.templates.ExecuteTemplate(w, "sandbox-list.html", data); err != nil {
+		http.Error(w, "template error: "+err.Error(), http.StatusInternalServerError)
+	}
+}