core

package
v0.2.10-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 25, 2026 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const TokenValidityDuration = 5 * time.Minute

Variables

View Source 
var ConfigUpdateMutex sync.Mutex

ConfigUpdateMutex serializes config updates.

Functions

func Contains 

func Contains(s, substr string) bool

Contains reports whether s contains substr.

func ExpandHomeDir 

func ExpandHomeDir(path string) string

ExpandHomeDir expands "~/" paths.

func GetDeniedDirectories 

func GetDeniedDirectories() []string

GetDeniedDirectories returns built-in denied directories.

func HashProxyConfig 

func HashProxyConfig(proxyConfig interface{}) string

HashProxyConfig creates a hash of proxy config for comparison using SHA-256

func IsDirAllowed 

func IsDirAllowed(dir string, allow, deny []string) bool

IsDirAllowed checks if a directory is allowed based on allow/deny lists.

func NoopOriginCheck 

func NoopOriginCheck(_ *http.Request) bool

NoopOriginCheck allows all origins, used by tests.

func PathHasPrefix 

func PathHasPrefix(path, prefix string) bool

PathHasPrefix checks prefix with platform-aware behavior.

func SetDefaultRuntimeState 

func SetDefaultRuntimeState(runtime *RuntimeState)

SetDefaultRuntimeState stores runtime state used by components that cannot receive deps directly.

func ValidateAndOpenPath 

func ValidateAndOpenPath(userPath string, cfg *config.SecurityConfig) (*os.File, string, error)

ValidateAndOpenPath validates a user-provided path and returns an open *os.File to the validated directory, along with its canonical path.

This is the TOCTOU-safe version of ValidateScanPath. By holding the file descriptor open, symlink swap attacks between validation and use are prevented. On Unix, inode verification detects symlink swap attacks between the pre-open stat and the post-open file handle. On Windows, pre-open identity is unavailable, so only post-open TOCTOU protection is provided (the open handle references the actual file object).

The caller MUST close the returned file when done: 

f, path, err := core.ValidateAndOpenPath(req.Path, cfg)
if err != nil { ... }
defer f.Close()
// Use f.ReadDir() or path (file remains open, preventing swap)

func ValidateScanPath 

func ValidateScanPath(userPath string, cfg *config.SecurityConfig) (string, error)

ValidateScanPath validates and sanitizes user-provided paths for scanning. Returns the canonical path string. For TOCTOU-safe operations, use ValidateAndOpenPath.

Types

type AuthProvider 

type AuthProvider interface {
	SessionTTL() time.Duration
	IsInitialized() bool
	AuthenticateSession(sessionID string) (string, error)
	Setup(username, password string) error
	Login(username, password string, rememberMe bool) (string, error)
	Logout(sessionID string)
}

AuthProvider is the minimal auth contract used by API handlers.

type RuntimeState 

type RuntimeState struct {
	// contains filtered or unexported fields
}

RuntimeState holds mutable server runtime components.

func DefaultRuntimeState 

func DefaultRuntimeState() *RuntimeState

DefaultRuntimeState returns the shared runtime state.

func NewRuntimeState 

func NewRuntimeState() *RuntimeState

NewRuntimeState creates an initialized runtime container.

func (*RuntimeState) ResetWebSocketHub 

func (r *RuntimeState) ResetWebSocketHub() *ws.Hub

ResetWebSocketHub restarts the WebSocket hub and returns the active hub.

func (*RuntimeState) SetWebSocketHubForTesting 

func (r *RuntimeState) SetWebSocketHubForTesting(hub *ws.Hub)

SetWebSocketHubForTesting overrides the active hub for tests.

func (*RuntimeState) SetWebSocketUpgrader 

func (r *RuntimeState) SetWebSocketUpgrader(upgrader websocket.Upgrader)

SetWebSocketUpgrader configures the WebSocket upgrader.

func (*RuntimeState) SetWebSocketUpgraderForTesting 

func (r *RuntimeState) SetWebSocketUpgraderForTesting(upgrader websocket.Upgrader)

SetWebSocketUpgraderForTesting overrides the upgrader for tests.

func (*RuntimeState) Shutdown 

func (r *RuntimeState) Shutdown()

Shutdown stops active runtime goroutines.

func (*RuntimeState) WebSocketHub 

func (r *RuntimeState) WebSocketHub() *ws.Hub

WebSocketHub returns the active WebSocket hub.

func (*RuntimeState) WebSocketUpgrader 

func (r *RuntimeState) WebSocketUpgrader() websocket.Upgrader

WebSocketUpgrader returns the currently configured upgrader.

type ServerDependencies 

type ServerDependencies struct {
	ConfigFile           string
	Registry             *models.ScraperRegistry
	DB                   *database.DB
	Aggregator           *aggregator.Aggregator
	MovieRepo            *database.MovieRepository
	ActressRepo          *database.ActressRepository
	HistoryRepo          *database.HistoryRepository
	JobRepo              *database.JobRepository
	BatchFileOpRepo      *database.BatchFileOperationRepository
	EventRepo            *database.EventRepository
	EventEmitter         eventlog.EventEmitter
	Reverter             *history.Reverter
	Matcher              *matcher.Matcher
	JobQueue             *worker.JobQueue
	Auth                 AuthProvider
	Runtime              *RuntimeState
	TokenStore           *TokenStore
	GenreReplacementRepo *database.GenreReplacementRepository
	// contains filtered or unexported fields
}

ServerDependencies holds all dependencies needed to create the API server. Access to Config, Registry, Aggregator, and Matcher must be synchronized to prevent data races during config reload.

func (*ServerDependencies) EnsureRuntime 

func (d *ServerDependencies) EnsureRuntime() *RuntimeState

EnsureRuntime initializes runtime state when absent.

func (*ServerDependencies) GetAggregator 

func (d *ServerDependencies) GetAggregator() *aggregator.Aggregator

GetAggregator returns the current aggregator (thread-safe).

func (*ServerDependencies) GetConfig 

func (d *ServerDependencies) GetConfig() *config.Config

GetConfig returns the current configuration (thread-safe).

func (*ServerDependencies) GetMatcher 

func (d *ServerDependencies) GetMatcher() *matcher.Matcher

GetMatcher returns the current matcher (thread-safe).

func (*ServerDependencies) GetRegistry 

func (d *ServerDependencies) GetRegistry() *models.ScraperRegistry

GetRegistry returns the current scraper registry (thread-safe).

func (*ServerDependencies) ReplaceReloadable 

func (d *ServerDependencies) ReplaceReloadable(
	cfg *config.Config,
	registry *models.ScraperRegistry,
	aggregator *aggregator.Aggregator,
	mat *matcher.Matcher,
)

ReplaceReloadable swaps config-coupled runtime components atomically.

func (*ServerDependencies) SetConfig 

func (d *ServerDependencies) SetConfig(cfg *config.Config)

SetConfig atomically sets the configuration (thread-safe).

func (*ServerDependencies) Shutdown 

func (d *ServerDependencies) Shutdown()

Shutdown gracefully shuts down runtime resources.

type TokenStore 

type TokenStore struct {
	// contains filtered or unexported fields
}

TokenStore manages verification tokens in-memory

func NewTokenStore 

func NewTokenStore() *TokenStore

NewTokenStore creates a new token store with background cleanup

func (*TokenStore) CleanupExpired 

func (s *TokenStore) CleanupExpired()

CleanupExpired removes expired tokens from the store

func (*TokenStore) Create 

func (s *TokenStore) Create(scope string, configHash string) VerificationToken

Create generates a new verification token for the given scope and config hash

func (*TokenStore) Validate 

func (s *TokenStore) Validate(token string, scope string, configHash string) bool

Validate checks if a token is valid for the given scope and config hash

type VerificationToken 

type VerificationToken struct {
	Token      string    `json:"token"`
	Scope      string    `json:"scope"`       // "global", "flaresolverr", or "profile:{name}"
	ConfigHash string    `json:"config_hash"` // Hash of config at test time
	ExpiresAt  time.Time `json:"expires_at"`
	CreatedAt  time.Time `json:"created_at"`
}

VerificationToken represents a successful proxy test that can be used for save authorization

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.