chore: harden production readiness gates and runbooks

2026-02-09 11:27:23 +08:00
parent 05a0d07dbb
commit f1412a371d
15 changed files with 1001 additions and 322 deletions
--- a/backend/providers/http/config.go
+++ b/backend/providers/http/config.go
@@ -2,6 +2,7 @@ package http

 import (
 	"fmt"
+	"strings"
 )

 const DefaultPrefix = "Http"
@@ -60,3 +61,11 @@ func (h *Config) Address() string {

 	return fmt.Sprintf("%s:%d", h.Host, h.Port)
 }
+
+func (h *Config) HasTLS() bool {
+	if h == nil || h.TLS == nil {
+		return false
+	}
+
+	return strings.TrimSpace(h.TLS.Cert) != "" && strings.TrimSpace(h.TLS.Key) != ""
+}
--- a/backend/providers/http/engine.go
+++ b/backend/providers/http/engine.go
@@ -2,6 +2,7 @@ package http

 import (
 	"context"
+	"database/sql"
 	"errors"
 	"fmt"
 	"net"
@@ -9,9 +10,13 @@ import (
 	"strings"
 	"time"

+	"quyun/v2/app/errorx"
+	"quyun/v2/providers/storage"
+
 	logrus "github.com/sirupsen/logrus"
 	"go.ipao.vip/atom/container"
 	"go.ipao.vip/atom/opt"
+	"go.uber.org/dig"

 	"github.com/gofiber/fiber/v3"
 	"github.com/gofiber/fiber/v3/middleware/compress"
@@ -22,8 +27,6 @@ import (
 	"github.com/gofiber/fiber/v3/middleware/recover"
 	"github.com/gofiber/fiber/v3/middleware/requestid"
 	"github.com/samber/lo"
-
-	"quyun/v2/app/errorx"
 )

 func DefaultProvider() container.ProviderContainer {
@@ -36,8 +39,10 @@ func DefaultProvider() container.ProviderContainer {
 }

 type Service struct {
-	conf   *Config
-	Engine *fiber.App
+	conf        *Config
+	Engine      *fiber.App
+	healthCheck func(context.Context) error
+	readyCheck  func(context.Context) error
 }

 var errTLSCertKeyRequired = errors.New("tls cert and key must be set")
@@ -98,7 +103,11 @@ func Provide(opts ...opt.Option) error {
 		return err
 	}

-	return container.Container.Provide(func() (*Service, error) {
+	return container.Container.Provide(func(params struct {
+		dig.In
+		DB      *sql.DB          `optional:"true"`
+		Storage *storage.Storage `optional:"true"`
+	}) (*Service, error) {
 		engine := fiber.New(fiber.Config{
 			StrictRouting:      true,
 			CaseSensitive:      true,
@@ -198,8 +207,14 @@ func Provide(opts ...opt.Option) error {
 			}))
 		}

-		engine.Get("/healthz", func(c fiber.Ctx) error { return c.SendStatus(fiber.StatusNoContent) })
-		engine.Get("/readyz", func(c fiber.Ctx) error { return c.SendStatus(fiber.StatusNoContent) })
+		service := &Service{
+			Engine: engine,
+			conf:   &config,
+		}
+		service.healthCheck = service.buildHealthCheck()
+		service.readyCheck = service.buildReadyCheck(params.DB, params.Storage)
+		engine.Get("/healthz", service.handleHealthz)
+		engine.Get("/readyz", service.handleReadyz)

 		engine.Hooks().OnPostShutdown(func(err error) error {
 			if err != nil {
@@ -210,14 +225,72 @@ func Provide(opts ...opt.Option) error {
 			return nil
 		})

-		return &Service{
-			Engine: engine,
-			conf:   &config,
-		}, nil
+		return service, nil
 	}, o.DiOptions()...)
 }

 // buildCORSConfig converts provider Cors config into fiber cors.Config
+func (svc *Service) buildHealthCheck() func(context.Context) error {
+	return func(_ context.Context) error {
+		return nil
+	}
+}
+
+func (svc *Service) buildReadyCheck(db *sql.DB, store *storage.Storage) func(context.Context) error {
+	var dbPing func(context.Context) error
+	if db != nil {
+		dbPing = func(ctx context.Context) error {
+			pingCtx, cancel := context.WithTimeout(ctx, 1500*time.Millisecond)
+			defer cancel()
+
+			return db.PingContext(pingCtx)
+		}
+	}
+
+	return newReadyCheck(dbPing, store)
+}
+
+func newReadyCheck(dbPing func(context.Context) error, store *storage.Storage) func(context.Context) error {
+	return func(ctx context.Context) error {
+		if dbPing != nil {
+			if err := dbPing(ctx); err != nil {
+				return errorx.ErrServiceUnavailable.WithCause(err).WithMsg("database not ready")
+			}
+		}
+		if store != nil && store.Config != nil && strings.EqualFold(strings.TrimSpace(store.Config.Type), "s3") && store.Config.CheckOnBoot {
+			if strings.TrimSpace(store.Config.Endpoint) == "" || strings.TrimSpace(store.Config.Bucket) == "" {
+				return errorx.ErrServiceUnavailable.WithMsg("storage not ready")
+			}
+		}
+
+		return nil
+	}
+}
+
+func (svc *Service) handleHealthz(c fiber.Ctx) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+	defer cancel()
+	if svc.healthCheck != nil {
+		if err := svc.healthCheck(ctx); err != nil {
+			return errorx.SendError(c, err)
+		}
+	}
+
+	return c.SendStatus(fiber.StatusNoContent)
+}
+
+func (svc *Service) handleReadyz(c fiber.Ctx) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+	defer cancel()
+	if svc.readyCheck != nil {
+		if err := svc.readyCheck(ctx); err != nil {
+			return errorx.SendError(c, err)
+		}
+	}
+
+	return c.SendStatus(fiber.StatusNoContent)
+}
+
 func buildCORSConfig(c *Cors) *cors.Config {
 	if c == nil {
 		return nil
--- a/backend/providers/http/engine_test.go
+++ b/backend/providers/http/engine_test.go
@@ -0,0 +1,52 @@
+package http
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"quyun/v2/providers/storage"
+)
+
+func TestNewReadyCheck(t *testing.T) {
+	t.Run("returns error when database ping fails", func(t *testing.T) {
+		checker := newReadyCheck(func(context.Context) error {
+			return errors.New("db down")
+		}, nil)
+
+		err := checker(context.Background())
+		if err == nil {
+			t.Fatalf("expected readiness error when db ping fails")
+		}
+	})
+
+	t.Run("returns error when s3 storage config is incomplete and check on boot enabled", func(t *testing.T) {
+		checker := newReadyCheck(nil, &storage.Storage{Config: &storage.Config{
+			Type:        "s3",
+			CheckOnBoot: true,
+			Endpoint:    "",
+			Bucket:      "",
+		}})
+
+		err := checker(context.Background())
+		if err == nil {
+			t.Fatalf("expected readiness error when storage config is incomplete")
+		}
+	})
+
+	t.Run("returns nil when dependencies are ready", func(t *testing.T) {
+		checker := newReadyCheck(func(context.Context) error {
+			return nil
+		}, &storage.Storage{Config: &storage.Config{
+			Type:        "s3",
+			CheckOnBoot: true,
+			Endpoint:    "http://127.0.0.1:9000",
+			Bucket:      "bucket",
+		}})
+
+		err := checker(context.Background())
+		if err != nil {
+			t.Fatalf("expected nil error, got %v", err)
+		}
+	})
+}
--- a/backend/providers/postgres/config.go
+++ b/backend/providers/postgres/config.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"math"
 	"strconv"
+	"strings"
 	"time"

 	"go.ipao.vip/atom/container"
@@ -92,6 +93,8 @@ func (config *Config) checkDefault() {

 	if config.SslMode == "" {
 		config.SslMode = "disable"
+	} else {
+		config.SslMode = strings.ToLower(strings.TrimSpace(config.SslMode))
 	}

 	if config.TimeZone == "" {
@@ -141,3 +144,9 @@ func (config *Config) DSN() string {

 	return base + extras
 }
+
+func (config *Config) IsTLSEnabled() bool {
+	mode := strings.ToLower(strings.TrimSpace(config.SslMode))
+
+	return mode != "" && mode != "disable"
+}
--- a/backend/providers/postgres/postgres.go
+++ b/backend/providers/postgres/postgres.go
@@ -3,12 +3,16 @@ package postgres
 import (
 	"context"
 	"database/sql"
+	"fmt"
 	"math"
 	"time"

+	"quyun/v2/providers/app"
+
 	logrus "github.com/sirupsen/logrus"
 	"go.ipao.vip/atom/container"
 	"go.ipao.vip/atom/opt"
+	"go.uber.org/dig"
 	"gorm.io/driver/postgres"
 	"gorm.io/gorm"
 	"gorm.io/gorm/logger"
@@ -22,7 +26,13 @@ func Provide(opts ...opt.Option) error {
 		return err
 	}

-	return container.Container.Provide(func() (*gorm.DB, *sql.DB, *Config, error) {
+	return container.Container.Provide(func(params struct {
+		dig.In
+		App *app.Config `optional:"true"`
+	}) (*gorm.DB, *sql.DB, *Config, error) {
+		if params.App != nil && params.App.IsReleaseMode() && !conf.IsTLSEnabled() {
+			return nil, nil, nil, fmt.Errorf("release mode requires Database.SslMode to enable TLS")
+		}
 		dbConfig := postgres.Config{DSN: conf.DSN()}

 		// 安全日志：不打印密码，仅输出关键连接信息