package api import ( "context" "net/http" "strconv" "time" "github.com/TopherMayor/unified-media-manager/internal/cardigann" "github.com/TopherMayor/unified-media-manager/internal/service" "github.com/labstack/echo/v4" ) func listIndexers(svc *service.IndexerService) echo.HandlerFunc { return func(c echo.Context) error { ctx, cancel := context.WithTimeout(c.Request().Context(), 10*time.Second) defer cancel() items, err := svc.List(ctx) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{"error": err.Error()}) } return c.JSON(http.StatusOK, map[string]interface{}{"data": items}) } } func createIndexer(svc *service.IndexerService) echo.HandlerFunc { return func(c echo.Context) error { ctx, cancel := context.WithTimeout(c.Request().Context(), 5*time.Second) defer cancel() var req service.CreateIndexerRequest if err := c.Bind(&req); err != nil { return c.JSON(http.StatusBadRequest, map[string]string{"error": err.Error()}) } if req.Name == "" || req.Implementation == "" { return c.JSON(http.StatusBadRequest, map[string]string{"error": "name and implementation are required"}) } // Cardigann indexers get URL from YAML definition; others require explicit URL if req.Implementation != "cardigann" && req.URL == "" { return c.JSON(http.StatusBadRequest, map[string]string{"error": "url is required"}) } id, err := svc.Create(ctx, req) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{"error": err.Error()}) } return c.JSON(http.StatusCreated, map[string]int64{"id": id}) } } func updateIndexer(svc *service.IndexerService) echo.HandlerFunc { return func(c echo.Context) error { ctx, cancel := context.WithTimeout(c.Request().Context(), 5*time.Second) defer cancel() id, err := strconv.ParseInt(c.Param("id"), 10, 64) if err != nil { return c.JSON(http.StatusBadRequest, map[string]string{"error": "invalid id"}) } var req service.UpdateIndexerRequest if err := c.Bind(&req); err != nil { return c.JSON(http.StatusBadRequest, map[string]string{"error": err.Error()}) } if err := svc.Update(ctx, id, req); err != nil { if err.Error() == "no fields to update" { return c.JSON(http.StatusBadRequest, map[string]string{"error": err.Error()}) } if err.Error() == "indexer not found" { return c.JSON(http.StatusNotFound, map[string]string{"error": err.Error()}) } return c.JSON(http.StatusInternalServerError, map[string]string{"error": err.Error()}) } return c.JSON(http.StatusOK, map[string]string{"status": "updated"}) } } func deleteIndexer(svc *service.IndexerService) echo.HandlerFunc { return func(c echo.Context) error { ctx, cancel := context.WithTimeout(c.Request().Context(), 5*time.Second) defer cancel() id, err := strconv.ParseInt(c.Param("id"), 10, 64) if err != nil { return c.JSON(http.StatusBadRequest, map[string]string{"error": "invalid id"}) } if err := svc.Delete(ctx, id); err != nil { if err.Error() == "indexer not found" { return c.JSON(http.StatusNotFound, map[string]string{"error": err.Error()}) } return c.JSON(http.StatusInternalServerError, map[string]string{"error": err.Error()}) } return c.JSON(http.StatusOK, map[string]string{"status": "deleted"}) } } func testIndexer(svc *service.IndexerService) echo.HandlerFunc { return func(c echo.Context) error { ctx, cancel := context.WithTimeout(c.Request().Context(), 15*time.Second) defer cancel() id, err := strconv.ParseInt(c.Param("id"), 10, 64) if err != nil { return c.JSON(http.StatusBadRequest, map[string]string{"error": "invalid id"}) } result, err := svc.Test(ctx, id) if err != nil { return c.JSON(http.StatusNotFound, map[string]string{"error": "indexer not found"}) } return c.JSON(http.StatusOK, result) } } func indexerStats(svc *service.IndexerService) echo.HandlerFunc { return func(c echo.Context) error { ctx, cancel := context.WithTimeout(c.Request().Context(), 10*time.Second) defer cancel() id, err := strconv.ParseInt(c.Param("id"), 10, 64) if err != nil { return c.JSON(http.StatusBadRequest, map[string]string{"error": "invalid id"}) } result, err := svc.Stats(ctx, id) if err != nil { return c.JSON(http.StatusNotFound, map[string]string{"error": "indexer not found"}) } return c.JSON(http.StatusOK, result) } } type validateCardigannRequest struct { YAML string `json:"yaml"` } type validateCardigannResponse struct { Valid bool `json:"valid"` Definition *cardigannDefinitionResponse `json:"definition,omitempty"` Error string `json:"error,omitempty"` Warnings []string `json:"warnings,omitempty"` } type cardigannDefinitionResponse struct { Site string `json:"site"` Name string `json:"name"` Settings []cardigannSettingsFieldResponse `json:"settings"` HasLogin bool `json:"has_login"` } type cardigannSettingsFieldResponse struct { Name string `json:"name"` Type string `json:"type"` Label string `json:"label"` } func validateCardigannDefinition() echo.HandlerFunc { return func(c echo.Context) error { var req validateCardigannRequest if err := c.Bind(&req); err != nil { return c.JSON(http.StatusBadRequest, map[string]string{"error": err.Error()}) } if req.YAML == "" { return c.JSON(http.StatusBadRequest, validateCardigannResponse{ Valid: false, Error: "yaml field is required", }) } // Threat model T-10-01: Validate YAML size limit (512KB max) if len(req.YAML) > 512*1024 { return c.JSON(http.StatusBadRequest, validateCardigannResponse{ Valid: false, Error: "YAML definition exceeds maximum size of 512KB", }) } def, err := cardigann.ParseDefinition([]byte(req.YAML)) if err != nil { return c.JSON(http.StatusOK, validateCardigannResponse{ Valid: false, Error: err.Error(), }) } warnings := cardigann.ValidateDefinition(def) settings := make([]cardigannSettingsFieldResponse, 0, len(def.Settings)) for _, s := range def.Settings { settings = append(settings, cardigannSettingsFieldResponse{ Name: s.Name, Type: s.Type, Label: s.Label, }) } return c.JSON(http.StatusOK, validateCardigannResponse{ Valid: true, Definition: &cardigannDefinitionResponse{ Site: def.Site, Name: def.Name, Settings: settings, HasLogin: def.Login.Path != "" || len(def.Login.Inputs) > 0, }, Warnings: warnings, }) } }