package database import ( "context" "fmt" "time" "github.com/rs/zerolog/log" "github.com/spf13/viper" "golang.org/x/crypto/bcrypt" "gorm.io/driver/postgres" "gorm.io/gorm" "gorm.io/gorm/logger" "github.com/treytartt/honeydue-api/internal/config" "github.com/treytartt/honeydue-api/internal/models" ) // migrationAdvisoryLockKey is the pg_advisory_lock key that serializes // Migrate() across API replicas booting in parallel. Value is arbitrary but // stable ("hdmg" as bytes = honeydue migration). const migrationAdvisoryLockKey int64 = 0x68646d67 // zerologGormWriter adapts zerolog for GORM's logger interface type zerologGormWriter struct{} func (w zerologGormWriter) Printf(format string, args ...interface{}) { log.Warn().Msgf(format, args...) } var db *gorm.DB // Connect establishes a connection to the PostgreSQL database func Connect(cfg *config.DatabaseConfig, debug bool) (*gorm.DB, error) { // Configure GORM logger with slow query detection logLevel := logger.Silent if debug { logLevel = logger.Info } gormLogger := logger.New( zerologGormWriter{}, logger.Config{ SlowThreshold: 200 * time.Millisecond, LogLevel: logLevel, IgnoreRecordNotFoundError: true, }, ) gormConfig := &gorm.Config{ Logger: gormLogger, NowFunc: func() time.Time { return time.Now().UTC() }, PrepareStmt: true, } // Connect to database var err error db, err = gorm.Open(postgres.Open(cfg.DSN()), gormConfig) if err != nil { return nil, fmt.Errorf("failed to connect to database: %w", err) } // Get underlying sql.DB for connection pool settings sqlDB, err := db.DB() if err != nil { return nil, fmt.Errorf("failed to get underlying sql.DB: %w", err) } // Configure connection pool sqlDB.SetMaxOpenConns(cfg.MaxOpenConns) sqlDB.SetMaxIdleConns(cfg.MaxIdleConns) sqlDB.SetConnMaxLifetime(cfg.MaxLifetime) // Test connection if err := sqlDB.Ping(); err != nil { return nil, fmt.Errorf("failed to ping database: %w", err) } log.Info(). Str("host", cfg.Host). Int("port", cfg.Port). Str("database", cfg.Database). Msg("Connected to PostgreSQL database") return db, nil } // Get returns the database instance func Get() *gorm.DB { return db } // Close closes the database connection func Close() error { if db != nil { sqlDB, err := db.DB() if err != nil { return err } return sqlDB.Close() } return nil } // WithTransaction executes a function within a database transaction func WithTransaction(fn func(tx *gorm.DB) error) error { return db.Transaction(fn) } // Paginate returns a GORM scope for pagination func Paginate(page, pageSize int) func(db *gorm.DB) *gorm.DB { return func(db *gorm.DB) *gorm.DB { if page <= 0 { page = 1 } if pageSize <= 0 { pageSize = 100 } if pageSize > 1000 { pageSize = 1000 } offset := (page - 1) * pageSize return db.Offset(offset).Limit(pageSize) } } // MigrateWithLock runs Migrate() under a Postgres session-level advisory lock // so that multiple API replicas booting in parallel don't race on AutoMigrate. // On non-Postgres dialects (sqlite in tests) it falls through to Migrate(). func MigrateWithLock() error { if db == nil { return fmt.Errorf("database not initialised") } if db.Dialector.Name() != "postgres" { return Migrate() } sqlDB, err := db.DB() if err != nil { return fmt.Errorf("get underlying sql.DB: %w", err) } // Give ourselves up to 5 min to acquire the lock — long enough for a // slow migration on a peer replica, short enough to fail fast if Postgres // is hung. ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() conn, err := sqlDB.Conn(ctx) if err != nil { return fmt.Errorf("acquire dedicated migration connection: %w", err) } defer conn.Close() log.Info().Int64("lock_key", migrationAdvisoryLockKey).Msg("Acquiring migration advisory lock...") if _, err := conn.ExecContext(ctx, "SELECT pg_advisory_lock($1)", migrationAdvisoryLockKey); err != nil { return fmt.Errorf("pg_advisory_lock: %w", err) } log.Info().Msg("Migration advisory lock acquired") defer func() { // Unlock with a fresh context — the outer ctx may have expired. unlockCtx, unlockCancel := context.WithTimeout(context.Background(), 10*time.Second) defer unlockCancel() if _, err := conn.ExecContext(unlockCtx, "SELECT pg_advisory_unlock($1)", migrationAdvisoryLockKey); err != nil { log.Warn().Err(err).Msg("Failed to release migration advisory lock (session close will also release)") } else { log.Info().Msg("Migration advisory lock released") } }() return Migrate() } // Migrate runs database migrations for all models func Migrate() error { log.Info().Msg("Running database migrations...") // Migrate all models in order (respecting foreign key constraints) err := db.AutoMigrate( // Lookup tables first (no foreign keys) &models.ResidenceType{}, &models.TaskCategory{}, &models.TaskPriority{}, &models.TaskFrequency{}, &models.ContractorSpecialty{}, &models.TaskTemplate{}, // Task templates reference category and frequency &models.ClimateRegion{}, // IECC climate regions for regional templates &models.ZipClimateRegion{}, // ZIP to climate region lookup // User and auth tables &models.User{}, &models.AuthToken{}, &models.UserProfile{}, &models.ConfirmationCode{}, &models.PasswordResetCode{}, &models.AppleSocialAuth{}, &models.GoogleSocialAuth{}, // Admin users (separate from app users) &models.AdminUser{}, // Main entity tables (order matters for foreign keys!) &models.Residence{}, &models.ResidenceShareCode{}, &models.Contractor{}, // Contractor before Task (Task references Contractor) &models.Task{}, &models.TaskCompletion{}, &models.TaskCompletionImage{}, // Multiple images per completion &models.Document{}, &models.DocumentImage{}, // Multiple images per document // Notification tables &models.Notification{}, &models.NotificationPreference{}, &models.APNSDevice{}, &models.GCMDevice{}, &models.TaskReminderLog{}, // Smart reminder tracking // Subscription tables &models.SubscriptionSettings{}, &models.UserSubscription{}, &models.UpgradeTrigger{}, &models.FeatureBenefit{}, &models.Promotion{}, &models.TierLimits{}, // Onboarding email tracking &models.OnboardingEmail{}, ) if err != nil { return fmt.Errorf("failed to run migrations: %w", err) } // Add unique constraint for onboarding emails (one email type per user) db.Exec(`CREATE UNIQUE INDEX IF NOT EXISTS idx_onboarding_emails_user_type ON onboarding_emails(user_id, email_type)`) // Run GoAdmin migrations if err := migrateGoAdmin(); err != nil { return fmt.Errorf("failed to run GoAdmin migrations: %w", err) } // Run one-time data migrations (backfills, etc.) if err := RunDataMigrations(); err != nil { return fmt.Errorf("failed to run data migrations: %w", err) } log.Info().Msg("Database migrations completed successfully") return nil } // migrateGoAdmin creates GoAdmin required tables func migrateGoAdmin() error { log.Info().Msg("Running GoAdmin migrations...") // GoAdmin session table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_session ( id SERIAL PRIMARY KEY, sid VARCHAR(50) NOT NULL DEFAULT '', "values" TEXT NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_session_sid ON goadmin_session(sid)`) // GoAdmin users table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_users ( id SERIAL PRIMARY KEY, username VARCHAR(100) NOT NULL DEFAULT '', password VARCHAR(100) NOT NULL DEFAULT '', name VARCHAR(100) NOT NULL DEFAULT '', avatar VARCHAR(255) DEFAULT '', remember_token VARCHAR(100) DEFAULT '', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE UNIQUE INDEX IF NOT EXISTS idx_goadmin_users_username ON goadmin_users(username)`) // GoAdmin roles table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_roles ( id SERIAL PRIMARY KEY, name VARCHAR(50) NOT NULL DEFAULT '', slug VARCHAR(50) NOT NULL DEFAULT '', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE UNIQUE INDEX IF NOT EXISTS idx_goadmin_roles_slug ON goadmin_roles(slug)`) // GoAdmin permissions table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_permissions ( id SERIAL PRIMARY KEY, name VARCHAR(50) NOT NULL DEFAULT '', slug VARCHAR(50) NOT NULL DEFAULT '', http_method VARCHAR(255) DEFAULT '', http_path TEXT NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE UNIQUE INDEX IF NOT EXISTS idx_goadmin_permissions_slug ON goadmin_permissions(slug)`) // GoAdmin role_users table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_role_users ( id SERIAL PRIMARY KEY, role_id INT NOT NULL, user_id INT NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_role_users_role_id ON goadmin_role_users(role_id)`) db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_role_users_user_id ON goadmin_role_users(user_id)`) // GoAdmin user_permissions table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_user_permissions ( id SERIAL PRIMARY KEY, user_id INT NOT NULL, permission_id INT NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_user_permissions_user_id ON goadmin_user_permissions(user_id)`) db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_user_permissions_permission_id ON goadmin_user_permissions(permission_id)`) // GoAdmin role_permissions table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_role_permissions ( id SERIAL PRIMARY KEY, role_id INT NOT NULL, permission_id INT NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_role_permissions_role_id ON goadmin_role_permissions(role_id)`) db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_role_permissions_permission_id ON goadmin_role_permissions(permission_id)`) // GoAdmin menu table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_menu ( id SERIAL PRIMARY KEY, parent_id INT NOT NULL DEFAULT 0, type INT NOT NULL DEFAULT 0, "order" INT NOT NULL DEFAULT 0, title VARCHAR(50) NOT NULL DEFAULT '', icon VARCHAR(50) NOT NULL DEFAULT '', uri VARCHAR(3000) NOT NULL DEFAULT '', header VARCHAR(150) DEFAULT '', plugin_name VARCHAR(150) NOT NULL DEFAULT '', uuid VARCHAR(150) DEFAULT '', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_menu_parent_id ON goadmin_menu(parent_id)`) // GoAdmin role_menu table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_role_menu ( id SERIAL PRIMARY KEY, role_id INT NOT NULL, menu_id INT NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_role_menu_role_id ON goadmin_role_menu(role_id)`) db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_role_menu_menu_id ON goadmin_role_menu(menu_id)`) // GoAdmin operation_log table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_operation_log ( id SERIAL PRIMARY KEY, user_id INT NOT NULL, path VARCHAR(255) NOT NULL DEFAULT '', method VARCHAR(10) NOT NULL DEFAULT '', ip VARCHAR(15) NOT NULL DEFAULT '', input TEXT NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_operation_log_user_id ON goadmin_operation_log(user_id)`) // GoAdmin site table if err := db.Exec(` CREATE TABLE IF NOT EXISTS goadmin_site ( id SERIAL PRIMARY KEY, key VARCHAR(100) NOT NULL DEFAULT '', value TEXT NOT NULL, description VARCHAR(3000) DEFAULT '', state INT NOT NULL DEFAULT 0, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) `).Error; err != nil { return err } db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_site_key ON goadmin_site(key)`) // Seed default GoAdmin user only on first run (ON CONFLICT DO NOTHING). // Password is NOT reset on subsequent migrations to preserve operator changes. goAdminUsername := viper.GetString("GOADMIN_ADMIN_USERNAME") goAdminPassword := viper.GetString("GOADMIN_ADMIN_PASSWORD") if goAdminUsername == "" || goAdminPassword == "" { log.Warn().Msg("GOADMIN_ADMIN_USERNAME and/or GOADMIN_ADMIN_PASSWORD not set; skipping GoAdmin admin user seed") } else { goAdminHash, err := bcrypt.GenerateFromPassword([]byte(goAdminPassword), bcrypt.DefaultCost) if err != nil { return fmt.Errorf("failed to hash GoAdmin admin password: %w", err) } db.Exec(` INSERT INTO goadmin_users (username, password, name, avatar) VALUES (?, ?, 'Administrator', '') ON CONFLICT DO NOTHING `, goAdminUsername, string(goAdminHash)) } // Seed default roles db.Exec(`INSERT INTO goadmin_roles (name, slug) VALUES ('Administrator', 'administrator') ON CONFLICT DO NOTHING`) db.Exec(`INSERT INTO goadmin_roles (name, slug) VALUES ('Operator', 'operator') ON CONFLICT DO NOTHING`) // Seed default permissions db.Exec(`INSERT INTO goadmin_permissions (name, slug, http_method, http_path) VALUES ('All permissions', '*', '', '*') ON CONFLICT DO NOTHING`) db.Exec(`INSERT INTO goadmin_permissions (name, slug, http_method, http_path) VALUES ('Dashboard', 'dashboard', 'GET', '/') ON CONFLICT DO NOTHING`) // Assign admin user to administrator role (if not already assigned) if goAdminUsername != "" { db.Exec(` INSERT INTO goadmin_role_users (role_id, user_id) SELECT r.id, u.id FROM goadmin_roles r, goadmin_users u WHERE r.slug = 'administrator' AND u.username = ? AND NOT EXISTS ( SELECT 1 FROM goadmin_role_users ru WHERE ru.role_id = r.id AND ru.user_id = u.id ) `, goAdminUsername) } // Assign all permissions to administrator role (if not already assigned) db.Exec(` INSERT INTO goadmin_role_permissions (role_id, permission_id) SELECT r.id, p.id FROM goadmin_roles r, goadmin_permissions p WHERE r.slug = 'administrator' AND p.slug = '*' AND NOT EXISTS ( SELECT 1 FROM goadmin_role_permissions rp WHERE rp.role_id = r.id AND rp.permission_id = p.id ) `) // Seed default menu items (only if menu is empty) var menuCount int64 db.Raw(`SELECT COUNT(*) FROM goadmin_menu`).Scan(&menuCount) if menuCount == 0 { db.Exec(` INSERT INTO goadmin_menu (parent_id, type, "order", title, icon, uri, plugin_name) VALUES (0, 1, 1, 'Dashboard', 'fa-bar-chart', '/', ''), (0, 1, 2, 'Admin', 'fa-tasks', '', ''), (2, 1, 1, 'Users', 'fa-users', '/info/goadmin_users', ''), (2, 1, 2, 'Roles', 'fa-user', '/info/goadmin_roles', ''), (2, 1, 3, 'Permissions', 'fa-ban', '/info/goadmin_permissions', ''), (2, 1, 4, 'Menu', 'fa-bars', '/menu', ''), (2, 1, 5, 'Operation Log', 'fa-history', '/info/goadmin_operation_log', ''), (0, 1, 3, 'HoneyDue', 'fa-home', '', ''), (8, 1, 1, 'Users', 'fa-user', '/info/users', ''), (8, 1, 2, 'Residences', 'fa-building', '/info/residences', ''), (8, 1, 3, 'Tasks', 'fa-tasks', '/info/tasks', ''), (8, 1, 4, 'Contractors', 'fa-wrench', '/info/contractors', ''), (8, 1, 5, 'Documents', 'fa-file', '/info/documents', ''), (8, 1, 6, 'Notifications', 'fa-bell', '/info/notifications', '') `) // Assign all menus to administrator role db.Exec(` INSERT INTO goadmin_role_menu (role_id, menu_id) SELECT r.id, m.id FROM goadmin_roles r, goadmin_menu m WHERE r.slug = 'administrator' `) } log.Info().Msg("GoAdmin migrations completed") // Seed default Next.js admin user only on first run. // Password is NOT reset on subsequent migrations to preserve operator changes. adminEmail := viper.GetString("ADMIN_EMAIL") adminPassword := viper.GetString("ADMIN_PASSWORD") if adminEmail == "" || adminPassword == "" { log.Warn().Msg("ADMIN_EMAIL and/or ADMIN_PASSWORD not set; skipping Next.js admin user seed") } else { var adminCount int64 db.Raw(`SELECT COUNT(*) FROM admin_users WHERE email = ?`, adminEmail).Scan(&adminCount) if adminCount == 0 { log.Info().Str("email", adminEmail).Msg("Seeding default admin user for Next.js admin panel...") adminHash, err := bcrypt.GenerateFromPassword([]byte(adminPassword), bcrypt.DefaultCost) if err != nil { return fmt.Errorf("failed to hash admin password: %w", err) } db.Exec(` INSERT INTO admin_users (email, password, first_name, last_name, role, is_active, created_at, updated_at) VALUES (?, ?, 'Admin', 'User', 'super_admin', true, NOW(), NOW()) `, adminEmail, string(adminHash)) log.Info().Str("email", adminEmail).Msg("Default admin user created") } } return nil }