feat: complete node-agent pipeline, TLS proxy, billing cancel, password reset
Node-agent — full render pipeline (items 1-3):
- render-svc: ClaimedJob now includes aep_download_url (presigned MinIO GET,
2h TTL, path=templates/{original_project_id}/template.aep)
- render-svc: POST /v1/internal/render/jobs/:id/output-upload-url
allocates Export row + returns presigned MinIO PUT URL + export_id
- render-svc: db.CreateExportForJob() inserts export row with 30-day retention
- render-svc: InternalHandler now owns minio client (templatesBucket + exportsBucket)
MINIO_TEMPLATES_BUCKET env var (default flatrender-templates)
- node-agent: runner/download.go — DownloadFile() + UploadFile() (stdlib only)
- node-agent: client.GetOutputUploadURL() + ClaimedJob.AEPDownloadURL field
- node-agent: runJob() full flow: download AEP → render → get upload URL →
PUT output to MinIO → Complete(export_id)
All steps are non-fatal with fallback (AEP miss → mock, upload fail → no export)
TLS reverse proxy (item 15):
- Caddyfile: three virtual hosts (DOMAIN, API_DOMAIN, STORAGE_DOMAIN)
auto-TLS via Let's Encrypt; security headers; 512MB upload limit on API
- docker-compose.v2.yml: caddy:2-alpine service, ports 80/443/443udp,
caddy_data + caddy_config volumes; env vars DOMAIN/API_DOMAIN/STORAGE_DOMAIN/ACME_EMAIL
- .env.v2.example: new Caddy + MINIO_TEMPLATES_BUCKET entries
Billing portal (item 5):
- Identity: POST /v1/users/me/plan/cancel — sets cancelled_at, auto_renew=false
(access continues to expiry); 404 when no active plan
- POST /api/billing/cancel — frontend proxy, validates auth
- GET /api/billing/portal — redirects to /dashboard/settings?tab=billing
- SettingsBilling: "Cancel plan" button with confirm dialog + optimistic UI,
"Change plan" button; becomes "use client" component
Password reset UI (item 7):
- POST /api/auth/password-reset — proxies /v1/auth/password/reset/request
(always 200, anti-enumeration)
- POST /api/auth/password-reset-confirm — proxies /v1/auth/password/reset/confirm
- AuthPageContent: "Forgot password?" link on sign-in tab opens 2-step reset flow
(email → OTP+new-password) without leaving the auth page
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
@@ -1,22 +1,35 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/flatrender/render-svc/internal/db"
|
||||
"github.com/flatrender/render-svc/internal/models"
|
||||
"github.com/flatrender/render-svc/internal/notifier"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/google/uuid"
|
||||
"github.com/minio/minio-go/v7"
|
||||
)
|
||||
|
||||
type InternalHandler struct {
|
||||
store *db.Store
|
||||
notifier *notifier.Client // may be nil — notifications are best-effort
|
||||
store *db.Store
|
||||
notifier *notifier.Client // may be nil — notifications are best-effort
|
||||
minio *minio.Client
|
||||
templatesBucket string // bucket that holds .aep project files
|
||||
exportsBucket string // bucket that receives rendered MP4 outputs
|
||||
}
|
||||
|
||||
func NewInternalHandler(store *db.Store, n *notifier.Client) *InternalHandler {
|
||||
return &InternalHandler{store: store, notifier: n}
|
||||
func NewInternalHandler(store *db.Store, n *notifier.Client, mc *minio.Client, templatesBucket, exportsBucket string) *InternalHandler {
|
||||
return &InternalHandler{
|
||||
store: store,
|
||||
notifier: n,
|
||||
minio: mc,
|
||||
templatesBucket: templatesBucket,
|
||||
exportsBucket: exportsBucket,
|
||||
}
|
||||
}
|
||||
|
||||
// completeRequest is the body for POST .../complete
|
||||
@@ -241,6 +254,21 @@ func (h *InternalHandler) Claim(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
// Generate presigned AEP download URL. AEP files are stored at
|
||||
// templates/{original_project_id}/template.aep in the templates bucket.
|
||||
// Errors are non-fatal — node agent falls back to mock render when URL is empty.
|
||||
aepURL := ""
|
||||
if h.minio != nil {
|
||||
objectKey := fmt.Sprintf("templates/%s/template.aep", job.OriginalProjectID)
|
||||
purl, perr := h.minio.PresignedGetObject(
|
||||
context.Background(), h.templatesBucket, objectKey,
|
||||
2*time.Hour, nil,
|
||||
)
|
||||
if perr == nil {
|
||||
aepURL = purl.String()
|
||||
}
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, models.ClaimedJob{
|
||||
JobID: job.ID,
|
||||
SavedProjectID: job.SavedProjectID,
|
||||
@@ -249,6 +277,43 @@ func (h *InternalHandler) Claim(c *gin.Context) {
|
||||
FrameRate: job.FrameRate,
|
||||
HasMusic: job.HasMusic,
|
||||
HasVoiceover: job.HasVoiceover,
|
||||
AEPDownloadURL: aepURL,
|
||||
})
|
||||
}
|
||||
|
||||
// POST /v1/internal/render/jobs/:job_id/output-upload-url
|
||||
// Node agent calls this after rendering to get a presigned MinIO PUT URL.
|
||||
// Creates an Export record in the DB and returns the export_id + upload URL.
|
||||
func (h *InternalHandler) OutputUploadURL(c *gin.Context) {
|
||||
jobID, err := uuid.Parse(c.Param("job_id"))
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, models.APIError{Code: "bad_request", Message: "invalid job_id"})
|
||||
return
|
||||
}
|
||||
|
||||
export, err := h.store.CreateExportForJob(c.Request.Context(), jobID)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusInternalServerError, models.APIError{Code: "internal_error", Message: err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
expiry := 2 * time.Hour
|
||||
purl, err := h.minio.PresignedPutObject(
|
||||
context.Background(), h.exportsBucket, export.Path, expiry,
|
||||
)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusInternalServerError, models.APIError{
|
||||
Code: "presign_error",
|
||||
Message: "could not generate upload URL",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, models.OutputUploadURLResponse{
|
||||
ExportID: export.ID,
|
||||
UploadURL: purl.String(),
|
||||
ObjectKey: export.Path,
|
||||
ExpiresAt: time.Now().Add(expiry),
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user