Files
veola/main.go
prosolis 7c95e4fd4e Add Authentik SSO, budget visibility, Resend email, 12h item default
Opens Veola up to more users (Parodia's Authentik) and makes Apify spend
visible to everyone.

- Auth: Traefik forward-auth (trust X-Authentik-* headers only from
  trusted_proxies CIDRs, keyed by email, role synced from admin_group),
  keeping local password login as break-glass. New [auth] config,
  CaptureDirectIP + ForwardAuth middleware, deploy/authentik-forward-auth.md.
- Budget: count every Apify run (apify_api_usage table) and show
  calls + estimated cost to all users on the dashboard, with an optional
  monthly-budget bar. New [budget] config + settings.
- Email: Resend client for opt-in deal alerts and a weekly digest
  (Mon 09:00). Per-user email + toggles on Settings. New [resend] config.
- Defaults: new items default to a 12-hour poll interval to cut spend.

users table gains email/auth_source/email-pref columns (migrated in place).
go build/vet/test green; boots and migrates cleanly.
2026-06-20 11:12:11 -07:00

135 lines
3.4 KiB
Go

package main
import (
"context"
"errors"
"flag"
"fmt"
"log/slog"
"net/http"
"os"
"os/signal"
"syscall"
"time"
// Embed the timezone database so eBay's Pacific-time quota reset resolves
// correctly even on minimal hosts without system zoneinfo.
_ "time/tzdata"
"veola/internal/apify"
"veola/internal/auth"
"veola/internal/config"
"veola/internal/crypto"
"veola/internal/db"
"veola/internal/handlers"
"veola/internal/ntfy"
"veola/internal/scheduler"
)
func main() {
configPath := flag.String("config", "config.toml", "path to config TOML file")
debug := flag.Bool("debug", false, "enable debug-level logging (verbose; raw external payloads logged)")
flag.Parse()
level := slog.LevelInfo
if *debug {
level = slog.LevelDebug
}
slog.SetDefault(slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: level})))
if *debug {
slog.Debug("debug logging enabled")
}
if err := run(*configPath); err != nil {
slog.Error("fatal", "err", err)
os.Exit(1)
}
}
func run(configPath string) error {
cfg, err := config.Load(configPath)
if err != nil {
return fmt.Errorf("config: %w", err)
}
key, err := crypto.DeriveKey([]byte(cfg.Security.EncryptionKey))
if err != nil {
return fmt.Errorf("derive key: %w", err)
}
sqlDB, err := db.Open(cfg.Server.DBPath)
if err != nil {
return fmt.Errorf("db open: %w", err)
}
defer sqlDB.Close()
store := db.NewStore(sqlDB, key)
authMgr, err := auth.NewManager(sqlDB, store, cfg.Security.SessionSecret, cfg.Server.UseSecureCookies())
if err != nil {
return fmt.Errorf("auth manager: %w", err)
}
if cfg.Auth.ForwardAuthEnabled() {
fa, err := auth.NewForwardAuthConfig(
cfg.Auth.ForwardHeaderUser, cfg.Auth.ForwardHeaderEmail,
cfg.Auth.ForwardHeaderName, cfg.Auth.ForwardHeaderGroups,
cfg.Auth.AdminGroup, cfg.Auth.TrustedProxies,
)
if err != nil {
return fmt.Errorf("forward-auth config: %w", err)
}
authMgr.SetForwardAuth(fa)
slog.Info("forward-auth enabled", "trusted_proxies", cfg.Auth.TrustedProxies, "admin_group", cfg.Auth.AdminGroup)
}
apifyClient := apify.New(cfg.Apify.APIKey)
ntfyClient := ntfy.New(cfg.Ntfy.BaseURL)
sched := scheduler.New(cfg, store, apifyClient, ntfyClient)
startCtx, cancelStart := context.WithTimeout(context.Background(), 30*time.Second)
defer cancelStart()
if err := sched.Start(startCtx); err != nil {
return fmt.Errorf("scheduler start: %w", err)
}
app := handlers.New(cfg, store, authMgr, apifyClient, ntfyClient, sched)
addr := fmt.Sprintf(":%d", cfg.Server.Port)
srv := &http.Server{
Addr: addr,
Handler: app.Routes(),
ReadHeaderTimeout: 10 * time.Second,
ReadTimeout: 30 * time.Second,
WriteTimeout: 60 * time.Second,
IdleTimeout: 120 * time.Second,
}
errCh := make(chan error, 1)
go func() {
slog.Info("listening", "addr", addr)
if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
errCh <- err
}
close(errCh)
}()
sigCh := make(chan os.Signal, 1)
signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
select {
case sig := <-sigCh:
slog.Info("shutting down", "signal", sig.String())
case err := <-errCh:
if err != nil {
return fmt.Errorf("http: %w", err)
}
}
shutdownCtx, cancelShutdown := context.WithTimeout(context.Background(), 30*time.Second)
defer cancelShutdown()
if err := srv.Shutdown(shutdownCtx); err != nil {
slog.Error("http shutdown", "err", err)
}
sched.Stop()
slog.Info("shutdown complete")
return nil
}