package publichttp import ( "context" "errors" "fmt" "net" "net/http" "sync" "time" "galaxy/authsession/internal/service/confirmemailcode" "galaxy/authsession/internal/service/sendemailcode" "galaxy/authsession/internal/telemetry" "go.uber.org/zap" ) const ( defaultAddr = ":8080" defaultReadHeaderTimeout = 2 * time.Second defaultReadTimeout = 10 * time.Second defaultIdleTimeout = time.Minute defaultRequestTimeout = 3 * time.Second ) // SendEmailCodeUseCase describes the public send-email-code application // service consumed by the HTTP transport layer. type SendEmailCodeUseCase interface { // Execute validates input and creates a new login challenge. Execute(ctx context.Context, input sendemailcode.Input) (sendemailcode.Result, error) } // ConfirmEmailCodeUseCase describes the public confirm-email-code application // service consumed by the HTTP transport layer. type ConfirmEmailCodeUseCase interface { // Execute validates input and completes an existing login challenge. Execute(ctx context.Context, input confirmemailcode.Input) (confirmemailcode.Result, error) } // Config describes the public HTTP listener owned by authsession. type Config struct { // Addr is the TCP listen address used by the public HTTP server. Addr string // ReadHeaderTimeout bounds how long the listener may spend reading request // headers before the server rejects the connection. ReadHeaderTimeout time.Duration // ReadTimeout bounds how long the listener may spend reading one public // request. ReadTimeout time.Duration // IdleTimeout bounds how long the listener keeps an idle keep-alive // connection open. IdleTimeout time.Duration // RequestTimeout bounds one application-layer public-auth use-case call. RequestTimeout time.Duration } // Validate reports whether cfg contains a usable public HTTP listener // configuration. func (cfg Config) Validate() error { switch { case cfg.Addr == "": return errors.New("public HTTP addr must not be empty") case cfg.ReadHeaderTimeout <= 0: return errors.New("public HTTP read header timeout must be positive") case cfg.ReadTimeout <= 0: return errors.New("public HTTP read timeout must be positive") case cfg.IdleTimeout <= 0: return errors.New("public HTTP idle timeout must be positive") case cfg.RequestTimeout <= 0: return errors.New("public HTTP request timeout must be positive") default: return nil } } // DefaultConfig returns the default public HTTP listener settings aligned with // the gateway public-auth transport timeouts. func DefaultConfig() Config { return Config{ Addr: defaultAddr, ReadHeaderTimeout: defaultReadHeaderTimeout, ReadTimeout: defaultReadTimeout, IdleTimeout: defaultIdleTimeout, RequestTimeout: defaultRequestTimeout, } } // Dependencies describes the collaborators used by the public HTTP transport // layer. type Dependencies struct { // SendEmailCode executes the public send-email-code use case. SendEmailCode SendEmailCodeUseCase // ConfirmEmailCode executes the public confirm-email-code use case. ConfirmEmailCode ConfirmEmailCodeUseCase // Logger writes structured transport logs. When nil, a no-op logger is // used. Logger *zap.Logger // Telemetry records OpenTelemetry spans and low-cardinality HTTP metrics. // When nil, the transport still serves requests with no-op providers. Telemetry *telemetry.Runtime } // Server owns the public auth HTTP listener exposed by authsession. type Server struct { cfg Config handler http.Handler logger *zap.Logger stateMu sync.RWMutex server *http.Server listener net.Listener } // NewServer constructs one public auth HTTP server for cfg and deps. func NewServer(cfg Config, deps Dependencies) (*Server, error) { if err := cfg.Validate(); err != nil { return nil, fmt.Errorf("new public HTTP server: %w", err) } handler, err := newHandlerWithConfig(cfg, deps) if err != nil { return nil, fmt.Errorf("new public HTTP server: %w", err) } logger := deps.Logger if logger == nil { logger = zap.NewNop() } logger = logger.Named("public_http") return &Server{ cfg: cfg, handler: handler, logger: logger, }, nil } // Run binds the configured listener and serves the public auth HTTP surface // until Shutdown closes the server. func (s *Server) Run(ctx context.Context) error { if ctx == nil { return errors.New("run public HTTP server: nil context") } if err := ctx.Err(); err != nil { return err } listener, err := net.Listen("tcp", s.cfg.Addr) if err != nil { return fmt.Errorf("run public HTTP server: listen on %q: %w", s.cfg.Addr, err) } server := &http.Server{ Handler: s.handler, ReadHeaderTimeout: s.cfg.ReadHeaderTimeout, ReadTimeout: s.cfg.ReadTimeout, IdleTimeout: s.cfg.IdleTimeout, } s.stateMu.Lock() s.server = server s.listener = listener s.stateMu.Unlock() s.logger.Info("public HTTP server started", zap.String("addr", listener.Addr().String())) defer func() { s.stateMu.Lock() s.server = nil s.listener = nil s.stateMu.Unlock() }() err = server.Serve(listener) switch { case err == nil: return nil case errors.Is(err, http.ErrServerClosed): s.logger.Info("public HTTP server stopped") return nil default: return fmt.Errorf("run public HTTP server: serve on %q: %w", s.cfg.Addr, err) } } // Shutdown gracefully stops the public HTTP server within ctx. func (s *Server) Shutdown(ctx context.Context) error { if ctx == nil { return errors.New("shutdown public HTTP server: nil context") } s.stateMu.RLock() server := s.server s.stateMu.RUnlock() if server == nil { return nil } if err := server.Shutdown(ctx); err != nil && !errors.Is(err, http.ErrServerClosed) { return fmt.Errorf("shutdown public HTTP server: %w", err) } return nil } func normalizeDependencies(deps Dependencies) (Dependencies, error) { switch { case deps.SendEmailCode == nil: return Dependencies{}, errors.New("send email code use case must not be nil") case deps.ConfirmEmailCode == nil: return Dependencies{}, errors.New("confirm email code use case must not be nil") case deps.Logger == nil: deps.Logger = zap.NewNop() } deps.Logger = deps.Logger.Named("public_http") return deps, nil }