From 36e96015f5036b53abf365387b38aa870aa9c77b Mon Sep 17 00:00:00 2001 From: Arthur Belleville Date: Thu, 14 May 2026 19:24:16 +0200 Subject: [PATCH] feat(01-03): pgxpool wrapper, RequestID/slog middleware, slog handler switch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove //go:build red_gate tag from internal/web/handlers_test.go and internal/db/pool_test.go now that consumer symbols are about to exist - go mod tidy after real importers land (deferred from Plan 01-01 per Codex concern #1) — chi/v5, templ, pgx/v5, google/uuid now in require list - internal/db/pool.go: NewPool(ctx, dsn) builds a pgxpool.Pool with MaxConns=10, MinConns=1; no eager Ping (RESEARCH Pitfall 2) - internal/web/slog.go: NewSlogHandler returns JSON when env='production', text otherwise; pure helper, no slog.SetDefault side effect - internal/web/middleware.go: RequestIDMiddleware (UUIDv4 → ctx + X-Request-ID header), LoggerFromContext helper, SlogLoggerMiddleware factory using chi WrapResponseWriter; field allowlist per V7/T-01-09 --- backend/go.mod | 15 +++++- backend/go.sum | 25 +++++----- backend/internal/db/pool.go | 23 +++++++++ backend/internal/db/pool_test.go | 2 - backend/internal/web/handlers_test.go | 2 - backend/internal/web/middleware.go | 70 +++++++++++++++++++++++++++ backend/internal/web/slog.go | 23 +++++++++ 7 files changed, 143 insertions(+), 17 deletions(-) create mode 100644 backend/internal/db/pool.go create mode 100644 backend/internal/web/middleware.go create mode 100644 backend/internal/web/slog.go diff --git a/backend/go.mod b/backend/go.mod index feebdfb..f5c16f6 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -2,4 +2,17 @@ module backend go 1.26.1 -require github.com/a-h/templ v0.3.1020 +require ( + github.com/a-h/templ v0.3.1020 + github.com/go-chi/chi/v5 v5.2.5 + github.com/google/uuid v1.6.0 + github.com/jackc/pgx/v5 v5.9.2 +) + +require ( + github.com/jackc/pgpassfile v1.0.0 // indirect + github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect + github.com/jackc/puddle/v2 v2.2.2 // indirect + golang.org/x/sync v0.17.0 // indirect + golang.org/x/text v0.29.0 // indirect +) diff --git a/backend/go.sum b/backend/go.sum index 0edf8db..eb20e0b 100644 --- a/backend/go.sum +++ b/backend/go.sum @@ -1,8 +1,12 @@ github.com/a-h/templ v0.3.1020 h1:ypAT/L5ySWEnZ6Zft/5yfoWXYYkhFNvEFOeeqecg4tw= github.com/a-h/templ v0.3.1020/go.mod h1:A2DlK61v+K+NRoGnhmYbNYVmtYHcFO5/AisMvBdDxTM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-chi/chi/v5 v5.2.5 h1:Eg4myHZBjyvJmAFjFvWgrqDTXFyOzjj7YIm3L3mu6Ug= github.com/go-chi/chi/v5 v5.2.5/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= @@ -11,23 +15,20 @@ github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7Ulw github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= github.com/jackc/pgx/v5 v5.9.2 h1:3ZhOzMWnR4yJ+RW1XImIPsD1aNSz4T4fyP7zlQb56hw= github.com/jackc/pgx/v5 v5.9.2/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4= -github.com/mfridman/interpolate v0.0.2 h1:pnuTK7MQIxxFz1Gr+rjSIx9u7qVjf5VOoM/u6BbAxPY= -github.com/mfridman/interpolate v0.0.2/go.mod h1:p+7uk6oE07mpE/Ik1b8EckO0O4ZXiGAfshKBWLUM9Xg= +github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= +github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pressly/goose/v3 v3.27.1 h1:6uEvcprBybDmW4hcz3gYujhARhye+GoWKhEWyzD5sh4= -github.com/pressly/goose/v3 v3.27.1/go.mod h1:maruOxsPnIG2yHHyo8UqKWXYKFcH7Q76csUV7+7KYoM= -github.com/sethvargo/go-retry v0.3.0 h1:EEt31A35QhrcRZtrYFDTBg91cqZVnFL2navjDrah2SE= -github.com/sethvargo/go-retry v0.3.0/go.mod h1:mNX17F0C/HguQMyMyJxcnU471gOZGxCLyYaFyAZraas= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= -golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= +golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk= golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4= -golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= -golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/backend/internal/db/pool.go b/backend/internal/db/pool.go new file mode 100644 index 0000000..ba6faff --- /dev/null +++ b/backend/internal/db/pool.go @@ -0,0 +1,23 @@ +// Package db owns the Postgres connection pool wiring and (in later phases) +// sqlc-generated query methods. +package db + +import ( + "context" + + "github.com/jackc/pgx/v5/pgxpool" +) + +// NewPool constructs a *pgxpool.Pool from the supplied DSN. Connections are +// lazy — NewPool does NOT call Ping (RESEARCH Pitfall 2: lazy is the +// canonical pgxpool behavior; callers exercise the pool via /healthz instead +// of an eager startup ping). Returns an error if the DSN cannot be parsed. +func NewPool(ctx context.Context, dsn string) (*pgxpool.Pool, error) { + cfg, err := pgxpool.ParseConfig(dsn) + if err != nil { + return nil, err + } + cfg.MaxConns = 10 + cfg.MinConns = 1 + return pgxpool.NewWithConfig(ctx, cfg) +} diff --git a/backend/internal/db/pool_test.go b/backend/internal/db/pool_test.go index afcd3ff..27935e1 100644 --- a/backend/internal/db/pool_test.go +++ b/backend/internal/db/pool_test.go @@ -1,5 +1,3 @@ -//go:build red_gate - package db import ( diff --git a/backend/internal/web/handlers_test.go b/backend/internal/web/handlers_test.go index 934cb25..f8b3df6 100644 --- a/backend/internal/web/handlers_test.go +++ b/backend/internal/web/handlers_test.go @@ -1,5 +1,3 @@ -//go:build red_gate - package web import ( diff --git a/backend/internal/web/middleware.go b/backend/internal/web/middleware.go new file mode 100644 index 0000000..4c3fad1 --- /dev/null +++ b/backend/internal/web/middleware.go @@ -0,0 +1,70 @@ +package web + +import ( + "context" + "log/slog" + "net/http" + "time" + + chimw "github.com/go-chi/chi/v5/middleware" + "github.com/google/uuid" +) + +// ctxKey is the unexported type used for context.Context keys owned by the +// web package. Per Go convention, using an unexported named type prevents +// accidental collisions with other packages' context keys. +type ctxKey string + +const requestIDKey ctxKey = "request_id" + +// RequestIDMiddleware emits a UUIDv4 for each request, attaches it to the +// request context under requestIDKey, and sets the X-Request-ID response +// header. The downstream handler (and any nested middleware) can recover +// the ID via LoggerFromContext for structured logging. +func RequestIDMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + id := uuid.NewString() + ctx := context.WithValue(r.Context(), requestIDKey, id) + w.Header().Set("X-Request-ID", id) + next.ServeHTTP(w, r.WithContext(ctx)) + }) +} + +// LoggerFromContext returns slog.Default() decorated with the request_id +// attribute if one is present in ctx, otherwise plain slog.Default(). +// Handlers should prefer this helper over slog.Default() so per-request +// log lines carry the request_id correlator. +func LoggerFromContext(ctx context.Context) *slog.Logger { + if id, ok := ctx.Value(requestIDKey).(string); ok && id != "" { + return slog.Default().With("request_id", id) + } + return slog.Default() +} + +// SlogLoggerMiddleware returns chi-compatible middleware that emits one +// structured log line per request. The line carries method, path, status, +// duration_ms, and request_id (when present). Per RESEARCH Pitfall 6 this +// REPLACES chi's built-in middleware.Logger — never register both. +// +// The middleware deliberately allowlists fields (V7 / T-01-09): it never +// logs request bodies, Authorization headers, Cookie headers, or the DSN. +func SlogLoggerMiddleware(logger *slog.Logger) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + start := time.Now() + ww := chimw.NewWrapResponseWriter(w, r.ProtoMajor) + next.ServeHTTP(ww, r) + + l := logger + if id, ok := r.Context().Value(requestIDKey).(string); ok && id != "" { + l = l.With("request_id", id) + } + l.Info("request", + "method", r.Method, + "path", r.URL.Path, + "status", ww.Status(), + "duration_ms", time.Since(start).Milliseconds(), + ) + }) + } +} diff --git a/backend/internal/web/slog.go b/backend/internal/web/slog.go new file mode 100644 index 0000000..5f8e578 --- /dev/null +++ b/backend/internal/web/slog.go @@ -0,0 +1,23 @@ +package web + +import ( + "io" + "log/slog" +) + +// NewSlogHandler returns a slog.Handler appropriate for the supplied +// environment. When env == "production" the returned handler emits +// machine-parseable JSON; for any other value (including the empty string +// and "development") the handler emits human-readable text. Both handlers +// are configured at slog.LevelInfo. +// +// The caller is responsible for wiring the returned handler into a +// slog.Logger (typically via slog.SetDefault) — this function is a pure +// helper and intentionally has no side effects. +func NewSlogHandler(env string, w io.Writer) slog.Handler { + opts := &slog.HandlerOptions{Level: slog.LevelInfo} + if env == "production" { + return slog.NewJSONHandler(w, opts) + } + return slog.NewTextHandler(w, opts) +}