core

package
v0.3.1-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2026 License: MIT Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const TokenValidityDuration = 5 * time.Minute

Variables

View Source 
var ConfigUpdateMutex sync.Mutex

ConfigUpdateMutex serializes config updates.

Functions

func Contains 

func Contains(s, substr string) bool

Contains reports whether s contains substr.

func ExpandHomeDir 

func ExpandHomeDir(path string) string

ExpandHomeDir expands "~/" paths.

func GetDeniedDirectories 

func GetDeniedDirectories() []string

GetDeniedDirectories returns built-in denied directories.

func HashProxyConfig 

func HashProxyConfig(proxyConfig interface{}) string

HashProxyConfig creates a hash of proxy config for comparison using SHA-256

func IsDirAllowed 

func IsDirAllowed(dir string, allow, deny []string) bool

IsDirAllowed checks if a directory is allowed based on allow/deny lists.

func NoopOriginCheck 

func NoopOriginCheck(_ *http.Request) bool

NoopOriginCheck allows all origins, used by tests.

func ParsePagination 

func ParsePagination(c *gin.Context, defaultLimit, maxLimit int) (limit, offset int)

ParsePagination extracts limit and offset query parameters from a gin.Context. defaultLimit is used when the limit query param is missing or invalid. maxLimit caps the maximum allowed limit value.

func PathHasPrefix 

func PathHasPrefix(path, prefix string) bool

PathHasPrefix checks prefix with platform-aware behavior.

func SetDefaultRuntimeState 

func SetDefaultRuntimeState(runtime *RuntimeState)

SetDefaultRuntimeState stores runtime state used by components that cannot receive deps directly.

func ValidateAndOpenPath 

func ValidateAndOpenPath(userPath string, cfg *config.SecurityConfig) (*os.File, string, error)

ValidateAndOpenPath validates a user-provided path and returns an open *os.File to the validated directory, along with its canonical path.

This is the TOCTOU-safe version of ValidateScanPath. By holding the file descriptor open, symlink swap attacks between validation and use are prevented. On Unix, inode verification detects symlink swap attacks between the pre-open stat and the post-open file handle. On Windows, pre-open identity is unavailable, so only post-open TOCTOU protection is provided (the open handle references the actual file object).

The caller MUST close the returned file when done: 

f, path, err := core.ValidateAndOpenPath(req.Path, cfg)
if err != nil { ... }
defer f.Close()
// Use f.ReadDir() or path (file remains open, preventing swap)

func ValidateScanPath 

func ValidateScanPath(userPath string, cfg *config.SecurityConfig) (string, error)

ValidateScanPath validates and sanitizes user-provided paths for scanning. Returns the canonical path string. For TOCTOU-safe operations, use ValidateAndOpenPath.

Types

type AuthProvider 

type AuthProvider interface {
	SessionTTL() time.Duration
	IsInitialized() bool
	AuthenticateSession(sessionID string) (string, error)
	Setup(username, password string) error
	Login(username, password string, rememberMe bool) (string, error)
	Logout(sessionID string)
}

AuthProvider is the minimal auth contract used by API handlers.

type RuntimeState 

type RuntimeState struct {
	// contains filtered or unexported fields
}

RuntimeState holds mutable server runtime components.

func DefaultRuntimeState 

func DefaultRuntimeState() *RuntimeState

DefaultRuntimeState returns the shared runtime state.

func NewRuntimeState 

func NewRuntimeState() *RuntimeState

NewRuntimeState creates an initialized runtime container.

func (*RuntimeState) ResetWebSocketHub 

func (r *RuntimeState) ResetWebSocketHub() *ws.Hub

ResetWebSocketHub restarts the WebSocket hub and returns the active hub.

func (*RuntimeState) SetWebSocketHubForTesting 

func (r *RuntimeState) SetWebSocketHubForTesting(hub *ws.Hub)

SetWebSocketHubForTesting overrides the active hub for tests.

func (*RuntimeState) SetWebSocketUpgrader 

func (r *RuntimeState) SetWebSocketUpgrader(upgrader websocket.Upgrader)

SetWebSocketUpgrader configures the WebSocket upgrader.

func (*RuntimeState) SetWebSocketUpgraderForTesting 

func (r *RuntimeState) SetWebSocketUpgraderForTesting(upgrader websocket.Upgrader)

SetWebSocketUpgraderForTesting overrides the upgrader for tests.

func (*RuntimeState) Shutdown 

func (r *RuntimeState) Shutdown()

Shutdown stops active runtime goroutines.

func (*RuntimeState) WebSocketHub 

func (r *RuntimeState) WebSocketHub() *ws.Hub

WebSocketHub returns the active WebSocket hub.

func (*RuntimeState) WebSocketUpgrader 

func (r *RuntimeState) WebSocketUpgrader() websocket.Upgrader

WebSocketUpgrader returns the currently configured upgrader.

type ServerDependencies 

type ServerDependencies struct {
	ConfigFile           string
	Registry             *models.ScraperRegistry
	DB                   *database.DB
	Aggregator           *aggregator.Aggregator
	MovieRepo            *database.MovieRepository
	ActressRepo          *database.ActressRepository
	HistoryRepo          *database.HistoryRepository
	JobRepo              *database.JobRepository
	BatchFileOpRepo      *database.BatchFileOperationRepository
	EventRepo            *database.EventRepository
	EventEmitter         eventlog.EventEmitter
	Reverter             *history.Reverter
	Matcher              *matcher.Matcher
	JobQueue             *worker.JobQueue
	Auth                 AuthProvider
	Runtime              *RuntimeState
	TokenStore           *TokenStore
	GenreReplacementRepo *database.GenreReplacementRepository
	WordReplacementRepo  *database.WordReplacementRepository
	// contains filtered or unexported fields
}

ServerDependencies holds all dependencies needed to create the API server. Access to Config, Registry, Aggregator, and Matcher must be synchronized to prevent data races during config reload.

func (*ServerDependencies) EnsureRuntime 

func (d *ServerDependencies) EnsureRuntime() *RuntimeState

EnsureRuntime initializes runtime state when absent.

func (*ServerDependencies) GetAggregator 

func (d *ServerDependencies) GetAggregator() *aggregator.Aggregator

GetAggregator returns the current aggregator (thread-safe).

func (*ServerDependencies) GetConfig 

func (d *ServerDependencies) GetConfig() *config.Config

GetConfig returns the current configuration (thread-safe).

func (*ServerDependencies) GetMatcher 

func (d *ServerDependencies) GetMatcher() *matcher.Matcher

GetMatcher returns the current matcher (thread-safe).

func (*ServerDependencies) GetRegistry 

func (d *ServerDependencies) GetRegistry() *models.ScraperRegistry

GetRegistry returns the current scraper registry (thread-safe).

func (*ServerDependencies) ReplaceReloadable 

func (d *ServerDependencies) ReplaceReloadable(
	cfg *config.Config,
	registry *models.ScraperRegistry,
	aggregator *aggregator.Aggregator,
	mat *matcher.Matcher,
)

ReplaceReloadable swaps config-coupled runtime components atomically.

func (*ServerDependencies) SetConfig 

func (d *ServerDependencies) SetConfig(cfg *config.Config)

SetConfig atomically sets the configuration (thread-safe).

func (*ServerDependencies) Shutdown 

func (d *ServerDependencies) Shutdown()

Shutdown gracefully shuts down runtime resources.

type TokenStore 

type TokenStore struct {
	// contains filtered or unexported fields
}

TokenStore manages verification tokens in-memory

func NewTokenStore 

func NewTokenStore() *TokenStore

NewTokenStore creates a new token store with background cleanup

func (*TokenStore) CleanupExpired 

func (s *TokenStore) CleanupExpired()

CleanupExpired removes expired tokens from the store

func (*TokenStore) Create 

func (s *TokenStore) Create(scope string, configHash string) VerificationToken

Create generates a new verification token for the given scope and config hash

func (*TokenStore) Validate 

func (s *TokenStore) Validate(token string, scope string, configHash string) bool

Validate checks if a token is valid for the given scope and config hash

type VerificationToken 

type VerificationToken struct {
	Token      string    `json:"token"`
	Scope      string    `json:"scope"`       // "global", "flaresolverr", or "profile:{name}"
	ConfigHash string    `json:"config_hash"` // Hash of config at test time
	ExpiresAt  time.Time `json:"expires_at"`
	CreatedAt  time.Time `json:"created_at"`
}

VerificationToken represents a successful proxy test that can be used for save authorization

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.