feat(web): initial implementation — server, mw, httputil, health (v1.0.0)

Introduces code.nochebuena.dev/einherjar/web — the HTTP transport layer of the Einherjar framework. Absorbs httpserver, httpmw, and httputil from micro-lib, replacing gorilla/mux with chi, adopting SecurityBag-native middleware, and centralizing error handling through a single httputil.Error function. server: - Server interface — embeds lifecycle.Component and chi.Router - Config struct (EINHERJAR_SERVER_* env vars); DefaultConfig - New(logger, cfg, opts...) Server; WithMiddleware option - Binds TCP synchronously in OnStart; logs "server: listening" on success - Graceful shutdown within ShutdownTimeout on OnStop mw: - Recover — catches panics, returns 500, logs at Error - RequestID — injects UUID v7 (UUID v4 fallback) into context and X-Request-ID header - RequestLogger — structured access log per request - CORS / CORSAllowAll — chi-based, applied only when origins non-empty - IPRateLimit / UserRateLimit — pluggable RateLimiterStore interface - InMemoryRateLimiterStore — token-bucket backed by golang.org/x/time/rate; background goroutine evicts stale entries every 5 minutes - StatusRecorder — wraps ResponseWriter to capture HTTP status code httputil: - Handle[Req, Res] / HandleNoBody[Res] / HandleEmpty[Req] — generic handler adapters - Error(logger, w, r, err) — derives log level from status (≥500→Error, 4xx→Warn, 499→Info); writes standardized JSON body; logz enriches *xerrors.Err automatically - JSON(w, status, v) / NoContent(w) — response helpers - HandlerFunc adapter type health: - NewHandler / NewHandlerWithConfig — runs all Checkable checks concurrently; returns JSON {status, components} with per-component latency and error - Config struct (EINHERJAR_HEALTH_CHECK_TIMEOUT, default 5s) Root factory: - web.New(logger, cfg...) Server — composes Recover+RequestID+RequestLogger+CORS in outermost-first order; CORS applied only when AllowedOrigins non-empty - server.Server interface and web/server/identifiable.go: embeds observability.Identifiable; ModulePath and ModuleVersion read via runtime/debug.ReadBuildInfo() — prints in launcher banner
2026-05-29 15:48:11 +00:00
commit c4ef1948f6
38 changed files with 3095 additions and 0 deletions
--- a/compliance_test.go
+++ b/compliance_test.go
@@ -0,0 +1,440 @@
+package web_test
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"go/ast"
+	"go/parser"
+	"go/token"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"code.nochebuena.dev/einherjar/contracts/lifecycle"
+	"code.nochebuena.dev/einherjar/contracts/observability"
+	"code.nochebuena.dev/einherjar/contracts/security"
+	"code.nochebuena.dev/einherjar/core/logz"
+	"code.nochebuena.dev/einherjar/core/valid"
+	"code.nochebuena.dev/einherjar/core/xerrors"
+	web "code.nochebuena.dev/einherjar/web"
+	"code.nochebuena.dev/einherjar/web/health"
+	"code.nochebuena.dev/einherjar/web/httputil"
+	"code.nochebuena.dev/einherjar/web/mw"
+	"code.nochebuena.dev/einherjar/web/server"
+)
+
+// ── Compile-time interface satisfaction ──────────────────────────────────────
+
+var _ mw.RateLimiterStore = (*mw.InMemoryRateLimiterStore)(nil)
+
+// server.Server embeds lifecycle.Component — verified at compile time via assignment.
+func init() {
+	var s server.Server = server.New(logz.New(logz.Config{}), server.Config{})
+	var _ lifecycle.Component = s
+}
+
+// ── Structural: at most one exported TypeSpec per file ────────────────────────
+
+func TestAtMostOneExportedTypePerFile(t *testing.T) {
+	fset := token.NewFileSet()
+	err := filepath.WalkDir(".", func(path string, d os.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if d.IsDir() && (d.Name() == ".git" || d.Name() == "vendor") {
+			return filepath.SkipDir
+		}
+		if !strings.HasSuffix(path, ".go") {
+			return nil
+		}
+		if strings.HasSuffix(path, "_test.go") {
+			return nil
+		}
+		if filepath.Base(path) == "doc.go" {
+			return nil
+		}
+		f, parseErr := parser.ParseFile(fset, path, nil, 0)
+		if parseErr != nil {
+			t.Errorf("%s: parse error: %v", path, parseErr)
+			return nil
+		}
+		if count := countExportedTypes(f); count > 1 {
+			t.Errorf("%s: has %d exported type declarations; want at most 1", path, count)
+		}
+		return nil
+	})
+	if err != nil {
+		t.Fatalf("walk error: %v", err)
+	}
+}
+
+func countExportedTypes(f *ast.File) int {
+	count := 0
+	for _, decl := range f.Decls {
+		gd, ok := decl.(*ast.GenDecl)
+		if !ok {
+			continue
+		}
+		for _, spec := range gd.Specs {
+			ts, ok := spec.(*ast.TypeSpec)
+			if ok && ts.Name.IsExported() {
+				count++
+			}
+		}
+	}
+	return count
+}
+
+// ── server ────────────────────────────────────────────────────────────────────
+
+func TestServerConfigDefaults(t *testing.T) {
+	cfg := server.Config{}
+	if cfg.Host != "" {
+		t.Errorf("Host zero value should be empty string (defaulted at runtime), got %q", cfg.Host)
+	}
+	if cfg.Port != 0 {
+		t.Errorf("Port zero value should be 0 (defaulted at runtime), got %d", cfg.Port)
+	}
+}
+
+func TestServerNew(t *testing.T) {
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	srv := server.New(logger, server.Config{})
+	if srv == nil {
+		t.Fatal("server.New returned nil")
+	}
+}
+
+// ── health ────────────────────────────────────────────────────────────────────
+
+type mockCheckable struct {
+	name     string
+	priority observability.Level
+	err      error
+}
+
+func (m *mockCheckable) HealthCheck(_ context.Context) error { return m.err }
+func (m *mockCheckable) Name() string                        { return m.name }
+func (m *mockCheckable) Priority() observability.Level       { return m.priority }
+
+var _ observability.Checkable = (*mockCheckable)(nil)
+
+func TestHealthConfigDefaultTimeout(t *testing.T) {
+	// Zero Config should still work — defaultCheckTimeout applied inside handler.
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	h := health.NewHandlerWithConfig(logger, health.Config{})
+	if h == nil {
+		t.Fatal("NewHandlerWithConfig returned nil")
+	}
+}
+
+func TestHealthHandlerAllUp(t *testing.T) {
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	c := &mockCheckable{name: "db", priority: observability.LevelCritical}
+	h := health.NewHandler(logger, c)
+
+	w := httptest.NewRecorder()
+	h.ServeHTTP(w, httptest.NewRequest(http.MethodGet, "/health", nil))
+
+	if w.Code != http.StatusOK {
+		t.Errorf("status: got %d, want 200", w.Code)
+	}
+	var resp health.Response
+	if err := json.NewDecoder(w.Body).Decode(&resp); err != nil {
+		t.Fatalf("decode: %v", err)
+	}
+	if resp.Status != "UP" {
+		t.Errorf("overall status: got %q, want UP", resp.Status)
+	}
+}
+
+func TestHealthHandlerCriticalDown(t *testing.T) {
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	c := &mockCheckable{name: "db", priority: observability.LevelCritical, err: errors.New("connection refused")}
+	h := health.NewHandler(logger, c)
+
+	w := httptest.NewRecorder()
+	h.ServeHTTP(w, httptest.NewRequest(http.MethodGet, "/health", nil))
+
+	if w.Code != http.StatusServiceUnavailable {
+		t.Errorf("status: got %d, want 503", w.Code)
+	}
+	var resp health.Response
+	json.NewDecoder(w.Body).Decode(&resp)
+	if resp.Status != "DOWN" {
+		t.Errorf("overall status: got %q, want DOWN", resp.Status)
+	}
+}
+
+func TestHealthHandlerDegradedDown(t *testing.T) {
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	c := &mockCheckable{name: "cache", priority: observability.LevelDegraded, err: errors.New("timeout")}
+	h := health.NewHandler(logger, c)
+
+	w := httptest.NewRecorder()
+	h.ServeHTTP(w, httptest.NewRequest(http.MethodGet, "/health", nil))
+
+	if w.Code != http.StatusOK {
+		t.Errorf("status: got %d, want 200 (degraded is not 503)", w.Code)
+	}
+	var resp health.Response
+	json.NewDecoder(w.Body).Decode(&resp)
+	if resp.Status != "DEGRADED" {
+		t.Errorf("overall status: got %q, want DEGRADED", resp.Status)
+	}
+}
+
+// ── httputil ──────────────────────────────────────────────────────────────────
+
+func TestHTTPUtilErrorMapping(t *testing.T) {
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	cases := []struct {
+		code     xerrors.Code
+		wantHTTP int
+	}{
+		{xerrors.ErrInvalidInput, 400},
+		{xerrors.ErrOutOfRange, 400},
+		{xerrors.ErrUnauthorized, 401},
+		{xerrors.ErrPermissionDenied, 403},
+		{xerrors.ErrNotFound, 404},
+		{xerrors.ErrAlreadyExists, 409},
+		{xerrors.ErrAborted, 409},
+		{xerrors.ErrGone, 410},
+		{xerrors.ErrPreconditionFailed, 412},
+		{xerrors.ErrRateLimited, 429},
+		{xerrors.ErrCancelled, 499},
+		{xerrors.ErrInternal, 500},
+		{xerrors.ErrDataLoss, 500},
+		{xerrors.ErrNotImplemented, 501},
+		{xerrors.ErrUnavailable, 503},
+		{xerrors.ErrDeadlineExceeded, 504},
+	}
+	for _, tc := range cases {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		httputil.Error(logger, w, r, xerrors.New(tc.code, "test"))
+		if w.Code != tc.wantHTTP {
+			t.Errorf("code %s: HTTP status got %d, want %d", tc.code, w.Code, tc.wantHTTP)
+		}
+	}
+}
+
+func TestHTTPUtilHandle(t *testing.T) {
+	type req struct {
+		Name string `json:"name" validate:"required"`
+	}
+	type res struct {
+		Greeting string `json:"greeting"`
+	}
+
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	v := valid.New()
+	h := httputil.Handle(v, logger, func(_ context.Context, r req) (res, error) {
+		return res{Greeting: "hello " + r.Name}, nil
+	})
+
+	w := httptest.NewRecorder()
+	h.ServeHTTP(w, httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{"name":"world"}`)))
+
+	if w.Code != http.StatusOK {
+		t.Errorf("status: got %d, want 200", w.Code)
+	}
+	var out res
+	if err := json.NewDecoder(w.Body).Decode(&out); err != nil {
+		t.Fatalf("decode: %v", err)
+	}
+	if out.Greeting != "hello world" {
+		t.Errorf("greeting: got %q, want %q", out.Greeting, "hello world")
+	}
+}
+
+func TestHTTPUtilHandleValidationError(t *testing.T) {
+	type req struct {
+		Name string `json:"name" validate:"required"`
+	}
+	type res struct{}
+
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	v := valid.New()
+	h := httputil.Handle(v, logger, func(_ context.Context, r req) (res, error) {
+		return res{}, nil
+	})
+
+	w := httptest.NewRecorder()
+	h.ServeHTTP(w, httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{}`)))
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("status: got %d, want 400", w.Code)
+	}
+}
+
+func TestHTTPUtilHandleNoBody(t *testing.T) {
+	type res struct {
+		Value int `json:"value"`
+	}
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	h := httputil.HandleNoBody(logger, func(_ context.Context) (res, error) {
+		return res{Value: 42}, nil
+	})
+
+	w := httptest.NewRecorder()
+	h.ServeHTTP(w, httptest.NewRequest(http.MethodGet, "/", nil))
+
+	if w.Code != http.StatusOK {
+		t.Errorf("status: got %d, want 200", w.Code)
+	}
+}
+
+func TestHTTPUtilHandleEmpty(t *testing.T) {
+	type req struct {
+		ID string `json:"id" validate:"required"`
+	}
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	v := valid.New()
+	h := httputil.HandleEmpty(v, logger, func(_ context.Context, r req) error {
+		return nil
+	})
+
+	w := httptest.NewRecorder()
+	h.ServeHTTP(w, httptest.NewRequest(http.MethodDelete, "/", strings.NewReader(`{"id":"abc"}`)))
+
+	if w.Code != http.StatusNoContent {
+		t.Errorf("status: got %d, want 204", w.Code)
+	}
+}
+
+// ── mw ────────────────────────────────────────────────────────────────────────
+
+func TestMWStatusRecorder(t *testing.T) {
+	w := httptest.NewRecorder()
+	rec := &mw.StatusRecorder{ResponseWriter: w, Status: http.StatusOK}
+	rec.WriteHeader(http.StatusCreated)
+	if rec.Status != http.StatusCreated {
+		t.Errorf("Status: got %d, want 201", rec.Status)
+	}
+}
+
+func TestInMemoryRateLimiterStore(t *testing.T) {
+	// burst=1, rps very low — first request passes, second is denied
+	store := mw.NewInMemoryRateLimiterStore(0.001, 1)
+	ctx := context.Background()
+
+	ok, err := store.Allow(ctx, "key1")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if !ok {
+		t.Fatal("first request should be allowed")
+	}
+
+	ok2, err2 := store.Allow(ctx, "key1")
+	if err2 != nil {
+		t.Fatalf("unexpected error: %v", err2)
+	}
+	if ok2 {
+		t.Fatal("second request should be denied after burst exhausted")
+	}
+}
+
+func TestIPRateLimit(t *testing.T) {
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	store := mw.NewInMemoryRateLimiterStore(0.001, 1)
+	handler := mw.IPRateLimit(store, logger)(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	make429 := func() int {
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		r.RemoteAddr = "10.0.0.1:1234"
+		w := httptest.NewRecorder()
+		handler.ServeHTTP(w, r)
+		return w.Code
+	}
+
+	// First request passes (burst=1)
+	if code := make429(); code != http.StatusOK {
+		t.Errorf("first request: got %d, want 200", code)
+	}
+	// Second request is rate limited
+	if code := make429(); code != http.StatusTooManyRequests {
+		t.Errorf("second request: got %d, want 429", code)
+	}
+}
+
+func TestIPRateLimitFailOpen(t *testing.T) {
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	handler := mw.IPRateLimit(&errorStore{}, logger)(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	r := httptest.NewRequest(http.MethodGet, "/", nil)
+	r.RemoteAddr = "10.0.0.1:1234"
+	w := httptest.NewRecorder()
+	handler.ServeHTTP(w, r)
+	if w.Code != http.StatusOK {
+		t.Errorf("fail-open: got %d, want 200", w.Code)
+	}
+}
+
+func TestUserRateLimit(t *testing.T) {
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	store := mw.NewInMemoryRateLimiterStore(0.001, 1)
+	handler := mw.UserRateLimit(store, logger)(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	id := security.NewIdentity("user-abc", "Alice", "alice@example.com")
+	ctx := security.SetInContext(context.Background(), id)
+
+	makeReq := func() int {
+		r := httptest.NewRequest(http.MethodGet, "/", nil).WithContext(ctx)
+		w := httptest.NewRecorder()
+		handler.ServeHTTP(w, r)
+		return w.Code
+	}
+
+	if code := makeReq(); code != http.StatusOK {
+		t.Errorf("first request: got %d, want 200", code)
+	}
+	if code := makeReq(); code != http.StatusTooManyRequests {
+		t.Errorf("second request (same user): got %d, want 429", code)
+	}
+
+	// A different IP (no identity) should have its own bucket
+	r2 := httptest.NewRequest(http.MethodGet, "/", nil)
+	r2.RemoteAddr = "9.9.9.9:9999"
+	w2 := httptest.NewRecorder()
+	handler.ServeHTTP(w2, r2)
+	if w2.Code != http.StatusOK {
+		t.Errorf("different key: got %d, want 200", w2.Code)
+	}
+}
+
+// ── web (root) ────────────────────────────────────────────────────────────────
+
+func TestWebNew(t *testing.T) {
+	logger := logz.New(logz.Config{Writer: io.Discard})
+	srv := web.New(logger)
+	if srv == nil {
+		t.Fatal("web.New returned nil")
+	}
+}
+
+// ── helpers ───────────────────────────────────────────────────────────────────
+
+// errorStore is a RateLimiterStore that always returns an error (for fail-open tests).
+type errorStore struct{}
+
+func (e *errorStore) Allow(_ context.Context, _ string) (bool, error) {
+	return false, errors.New("store unavailable")
+}
+
+var _ mw.RateLimiterStore = (*errorStore)(nil)
+
+// io.Discard
+var _ io.Writer = io.Discard