admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
29c9014a33a846160a9d8a41fe86a168a5e2438a
honeyDueAPI/internal/dto/requests/task.go
T
Trey t 29c9014a33
Backend CI / Test (push) Has been cancelled
Details
Backend CI / Contract Tests (push) Has been cancelled
Details
Backend CI / Build (push) Has been cancelled
Details
Backend CI / Lint (push) Has been cancelled
Details
Backend CI / Secret Scanning (push) Has been cancelled
Details
feat(uploads): direct-to-B2 presigned uploads with content-length-range policy 
Replaces the multipart-via-API path for image uploads with a three-step
direct-to-storage flow:

  1. Client POSTs /api/uploads/presign with content_length + content_type;
     server validates size (10 MB cap), mime allow-list per category, rate
     limit (50/hour/user via Redis sliding window), and concurrent unclaimed
     cap (10 in-flight per user). On success it persists a pending_uploads
     row, signs an S3 POST policy with content-length-range bound to the
     claimed length ±256 bytes, and returns the URL+fields.
  2. Client POSTs the bytes directly to B2 using the signed policy. B2
     enforces size, content-type, and key match before accepting.
  3. Client passes upload_ids[] to /api/task-completions/ or /api/documents/.
     Service HEADs each B2 object, verifies size matches expected_bytes
     within slack, marks pending_uploads claimed_at, and creates the
     associated TaskCompletionImage / DocumentImage rows.

Bytes never traverse our API server. The 1 MB Echo BodyLimit middleware
that was rejecting all task-completion image uploads becomes irrelevant
for this path. Existing multipart endpoints stay functional alongside,
soak-testing the new path before legacy removal.

Cleanup:
  - cmd/worker registers a new hourly cron (TypeUploadCleanup, "30 * * * *")
    that reaps pending_uploads where claimed_at IS NULL AND expires_at < NOW().
    Reaps both the B2 object and the row.
  - B2 bucket lifecycle rule on `uploads/` prefix (7 days hide → 1 day delete)
    documented in deploy-k3s/manifests/b2-lifecycle.md as a backstop.

Schema:
  - migrations/000002_pending_uploads.sql adds the table + partial index for
    cleanup + nullable pending_upload_id FKs on task_taskcompletionimage and
    task_documentimage.

Policy (single tier, no free/pro split):
  - 10 MB cap per upload
  - 50 presigns/hour/user
  - 10 concurrent unclaimed uploads/user
  - allow-list: jpeg/png/heic/heif/webp for image categories;
    + pdf for document_file

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 14:36:42 -07:00

140 lines
5.5 KiB
Go
Raw Blame History

package requests
import (
"encoding/json"
"strings"
"time"
"github.com/shopspring/decimal"
)
// FlexibleDate handles both "2025-11-27" and "2025-11-27T00:00:00Z" formats
type FlexibleDate struct {
time.Time
}
func (fd *FlexibleDate) UnmarshalJSON(data []byte) error {
// Remove quotes
s := strings.Trim(string(data), "\"")
if s == "" || s == "null" {
return nil
}
// Try RFC3339 first (full datetime)
t, err := time.Parse(time.RFC3339, s)
if err == nil {
fd.Time = t
return nil
}
// Try date-only format
t, err = time.Parse("2006-01-02", s)
if err == nil {
fd.Time = t
return nil
}
return err
}
func (fd FlexibleDate) MarshalJSON() ([]byte, error) {
if fd.Time.IsZero() {
return json.Marshal(nil)
}
return json.Marshal(fd.Time.Format(time.RFC3339))
}
// ToTimePtr returns a pointer to the underlying time, or nil if zero
func (fd *FlexibleDate) ToTimePtr() *time.Time {
if fd == nil || fd.Time.IsZero() {
return nil
}
return &fd.Time
}
// BulkCreateTasksRequest represents a batch create. Used by onboarding to
// insert 1-N selected tasks atomically in a single transaction so that a
// failure halfway through doesn't leave a partial task list behind.
//
// ResidenceID is validated once at the service layer; individual task
// entries must reference the same residence or be left empty (the service
// overrides each entry's ResidenceID with the top-level value).
type BulkCreateTasksRequest struct {
ResidenceID uint `json:"residence_id" validate:"required"`
Tasks []CreateTaskRequest `json:"tasks" validate:"required,min=1,max=50,dive"`
}
// CreateTaskRequest represents the request to create a task
type CreateTaskRequest struct {
ResidenceID uint `json:"residence_id" validate:"required"`
Title string `json:"title" validate:"required,min=1,max=200"`
Description string `json:"description" validate:"max=10000"`
CategoryID *uint `json:"category_id"`
PriorityID *uint `json:"priority_id"`
FrequencyID *uint `json:"frequency_id"`
CustomIntervalDays *int `json:"custom_interval_days" validate:"omitempty,min=1"` // For "Custom" frequency, user-specified days
InProgress bool `json:"in_progress"`
AssignedToID *uint `json:"assigned_to_id"`
DueDate *FlexibleDate `json:"due_date"`
EstimatedCost *decimal.Decimal `json:"estimated_cost"`
ContractorID *uint `json:"contractor_id"`
// TemplateID links the created task to the TaskTemplate it was spawned from
// (e.g. onboarding suggestion or catalog pick). Optional — custom tasks
// leave this nil.
TemplateID *uint `json:"template_id"`
}
// UpdateTaskRequest represents the request to update a task
type UpdateTaskRequest struct {
Title *string `json:"title" validate:"omitempty,min=1,max=200"`
Description *string `json:"description" validate:"omitempty,max=10000"`
CategoryID *uint `json:"category_id"`
PriorityID *uint `json:"priority_id"`
FrequencyID *uint `json:"frequency_id"`
CustomIntervalDays *int `json:"custom_interval_days" validate:"omitempty,min=1"` // For "Custom" frequency, user-specified days
InProgress *bool `json:"in_progress"`
AssignedToID *uint `json:"assigned_to_id"`
DueDate *FlexibleDate `json:"due_date"`
EstimatedCost *decimal.Decimal `json:"estimated_cost"`
ActualCost *decimal.Decimal `json:"actual_cost"`
ContractorID *uint `json:"contractor_id"`
}
// CreateTaskCompletionRequest represents the request to create a task completion
type CreateTaskCompletionRequest struct {
TaskID uint `json:"task_id" validate:"required"`
CompletedAt *time.Time `json:"completed_at"` // Defaults to now
Notes string `json:"notes" validate:"max=10000"`
ActualCost *decimal.Decimal `json:"actual_cost"`
Rating *int `json:"rating" validate:"omitempty,min=1,max=5"` // 1-5 star rating
// ImageURLs is the legacy multipart-upload path: the handler uploaded the
// images first via the same request and produced URLs. Still supported for
// older client builds.
ImageURLs []string `json:"image_urls" validate:"omitempty,max=20,dive,max=500"`
// UploadIDs is the new direct-to-B2 path: the client uploaded each image
// via a presigned URL and now claims the resulting pending_uploads rows
// by id. The service verifies ownership + size, marks each row claimed,
// and creates task_completion_image rows from them.
//
// If both ImageURLs and UploadIDs are present, both contribute to the
// final set of images so a single completion can mix legacy and new
// uploads (helps during the rollout window).
UploadIDs []uint `json:"upload_ids" validate:"omitempty,max=20"`
}
// UpdateTaskCompletionRequest represents the request to update a task completion
type UpdateTaskCompletionRequest struct {
Notes *string `json:"notes" validate:"omitempty,max=10000"`
ActualCost *decimal.Decimal `json:"actual_cost"`
Rating *int `json:"rating" validate:"omitempty,min=1,max=5"`
ImageURLs []string `json:"image_urls" validate:"omitempty,max=20,dive,max=500"`
}
// CompletionImageInput represents an image to add to a completion
type CompletionImageInput struct {
ImageURL string `json:"image_url" validate:"required"`
Caption string `json:"caption"`
}
Reference in New Issue View Git Blame Copy Permalink