Kwaku Danso
3f8bc58ca9
Phase 1 — Core API (Go): - Events, guests, tokens, RSVPs CRUD on PostgreSQL via pgx/v5 - HMAC-signed per-guest tokens with format validation - Health endpoint with DB ping, slog JSON logging, graceful shutdown Phase 2 — NATS + Fraud Engine: - NATS JetStream pub/sub with explicit-ack consumers - Python/FastAPI fraud engine with heuristic risk scoring (fingerprint mismatch, IP change, missing signals, repeated access) - gRPC sync scoring with 250ms fail-open timeout - Per-guest baseline tracking; risk bands low/medium/high/block Phase 3 — Notifications + Frontend: - Notification worker scaffolding (Twilio/SES stubs, retry/backoff) - Nuxt 3 frontend with Tailwind dark theme + brand green - Live monitor via WebSocket with auto-reconnect - Activity history endpoint backfills monitor with RSVPs + scored access checks (including blocked attempts) UX polish: - Marketing-friendly landing page (hero mockup, how-it-works, features, use cases, testimonials, FAQ, final CTA) - Animated layered card mockups on landing + new-event page - Plus-ones stepper, RSVP status badges, filter buttons - Friendly access-check labels (Verified/Review/Suspicious/Blocked) - Dashboard hydration fix via ClientOnly wrapper Infrastructure: - docker-compose for full local dev (postgres, nats, api, fraud-engine, notifier, frontend) - Multi-stage Dockerfiles, non-root UID 1000 - Integration tests with testcontainers-go Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
173 lines
4.0 KiB
Go
173 lines
4.0 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"log/slog"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"syscall"
|
|
"time"
|
|
|
|
"github.com/alchemistkay/guestguard/internal/api"
|
|
"github.com/alchemistkay/guestguard/internal/config"
|
|
"github.com/alchemistkay/guestguard/internal/fraud"
|
|
"github.com/alchemistkay/guestguard/internal/natspub"
|
|
"github.com/alchemistkay/guestguard/internal/storage"
|
|
)
|
|
|
|
func main() {
|
|
if err := run(); err != nil {
|
|
slog.Error("fatal", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
}
|
|
|
|
func run() error {
|
|
cfg, err := config.Load()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
logger := newLogger(cfg.Env)
|
|
slog.SetDefault(logger)
|
|
|
|
rootCtx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
|
|
defer stop()
|
|
|
|
logger.Info("connecting to database")
|
|
db, err := storage.NewDB(rootCtx, cfg.DatabaseURL)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer db.Close()
|
|
|
|
logger.Info("running migrations")
|
|
if err := db.Migrate(rootCtx); err != nil {
|
|
return err
|
|
}
|
|
|
|
logger.Info("connecting to nats", "url", cfg.NATSURL)
|
|
natsClient, err := natspub.Connect(rootCtx, cfg.NATSURL, logger)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer natsClient.Close()
|
|
|
|
logger.Info("dialing fraud engine", "addr", cfg.FraudGRPCAddr)
|
|
fraudClient, err := fraud.Dial(rootCtx, cfg.FraudGRPCAddr, cfg.FraudGRPCTimeout, logger)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer fraudClient.Close()
|
|
|
|
hub := api.NewHub(logger)
|
|
|
|
accessLogs := storage.NewAccessLogRepo(db)
|
|
fraudSub, err := natspub.NewFraudScoredSubscriber(
|
|
rootCtx, natsClient, "core-api-fraud-scored",
|
|
func(ctx context.Context, evt natspub.FraudScored) error {
|
|
if err := accessLogs.ApplyScore(ctx, storage.ApplyScoreParams{
|
|
AccessLogID: evt.AccessLogID,
|
|
Score: evt.Score,
|
|
Reasons: evt.Reasons,
|
|
Flagged: evt.Score >= 60,
|
|
}); err != nil {
|
|
return err
|
|
}
|
|
payload, _ := json.Marshal(evt)
|
|
hub.Broadcast(api.WSEvent{
|
|
Type: "fraud.scored",
|
|
EventID: evt.EventID,
|
|
Payload: payload,
|
|
})
|
|
return nil
|
|
},
|
|
logger,
|
|
)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
fraudConsumeCtx, err := fraudSub.Start(rootCtx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer fraudConsumeCtx.Stop()
|
|
|
|
rsvpSub, err := natspub.NewRSVPConfirmedSubscriber(
|
|
rootCtx, natsClient, "core-api-rsvp-confirmed-ws",
|
|
func(ctx context.Context, evt natspub.RSVPConfirmed) error {
|
|
payload, _ := json.Marshal(evt)
|
|
hub.Broadcast(api.WSEvent{
|
|
Type: "rsvp.confirmed",
|
|
EventID: evt.EventID,
|
|
Payload: payload,
|
|
})
|
|
return nil
|
|
},
|
|
logger,
|
|
)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
rsvpConsumeCtx, err := rsvpSub.Start(rootCtx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer rsvpConsumeCtx.Stop()
|
|
|
|
srv := &http.Server{
|
|
Addr: cfg.HTTPAddr,
|
|
Handler: api.NewServer(api.ServerDeps{
|
|
Logger: logger,
|
|
DB: db,
|
|
Hub: hub,
|
|
AccessPublisher: natsClient,
|
|
RSVPPublisher: natsClient,
|
|
FraudScorer: fraudClient,
|
|
TokenTTL: cfg.TokenTTL,
|
|
}).Handler(),
|
|
ReadHeaderTimeout: 5 * time.Second,
|
|
ReadTimeout: 30 * time.Second,
|
|
WriteTimeout: 0, // 0 lets WS connections live; per-request handlers still bound by their own ctx
|
|
IdleTimeout: 60 * time.Second,
|
|
}
|
|
|
|
errCh := make(chan error, 1)
|
|
go func() {
|
|
logger.Info("http server starting", "addr", cfg.HTTPAddr, "env", cfg.Env)
|
|
if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
|
|
errCh <- err
|
|
}
|
|
close(errCh)
|
|
}()
|
|
|
|
select {
|
|
case <-rootCtx.Done():
|
|
logger.Info("shutdown signal received")
|
|
case err := <-errCh:
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
shutdownCtx, cancel := context.WithTimeout(context.Background(), cfg.ShutdownTimeout)
|
|
defer cancel()
|
|
if err := srv.Shutdown(shutdownCtx); err != nil {
|
|
logger.Error("graceful shutdown failed", "err", err)
|
|
return err
|
|
}
|
|
logger.Info("shutdown complete")
|
|
return nil
|
|
}
|
|
|
|
func newLogger(env string) *slog.Logger {
|
|
level := slog.LevelInfo
|
|
if env == "development" {
|
|
level = slog.LevelDebug
|
|
}
|
|
return slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: level}))
|
|
}
|