feat(m28+m29+m30): ACME ARI, email digest, and Helm chart

M28: ACME Renewal Information (RFC 9702) — CA-directed renewal timing with cert ID computation, directory endpoint discovery, graceful degradation for non-ARI CAs. 19 tests. M29: Email notifier wiring + scheduled certificate digest — SMTP connector bridged to service layer via NotifierAdapter, DigestService with HTML email template, 7th scheduler loop (24h), digest preview/send API endpoints and GUI card. 21 tests. M30: Production-ready Helm chart — server Deployment, PostgreSQL StatefulSet, agent DaemonSet, ConfigMaps, Secrets, Ingress, security contexts, health probes, example values for dev/prod/ACME scenarios. Also: OpenAPI spec updates, MCP tool additions, CI helm-lint job, documentation updates across 5 doc files and README. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-07 18:01:37 +00:00 · 2026-03-28 21:18:35 -04:00
parent cb2ef9d0e7
commit ec21c9bb29
61 changed files with 6106 additions and 27 deletions
@@ -0,0 +1,76 @@
+package handler
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+)
+
+// DigestServicer defines the interface for digest operations used by the handler.
+type DigestServicer interface {
+	PreviewDigest(ctx context.Context) (string, error)
+	SendDigest(ctx context.Context) error
+}
+
+// DigestHandler provides HTTP endpoints for certificate digest operations.
+type DigestHandler struct {
+	service DigestServicer
+}
+
+// NewDigestHandler creates a new digest handler.
+func NewDigestHandler(service DigestServicer) *DigestHandler {
+	return &DigestHandler{service: service}
+}
+
+// PreviewDigest renders the digest HTML without sending it.
+// GET /api/v1/digest/preview
+func (h *DigestHandler) PreviewDigest(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	if h.service == nil {
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusServiceUnavailable)
+		json.NewEncoder(w).Encode(map[string]string{"error": "digest service not configured"})
+		return
+	}
+
+	html, err := h.service.PreviewDigest(r.Context())
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	w.WriteHeader(http.StatusOK)
+	w.Write([]byte(html))
+}
+
+// SendDigest triggers an immediate digest send.
+// POST /api/v1/digest/send
+func (h *DigestHandler) SendDigest(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	if h.service == nil {
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusServiceUnavailable)
+		json.NewEncoder(w).Encode(map[string]string{"error": "digest service not configured"})
+		return
+	}
+
+	if err := h.service.SendDigest(r.Context()); err != nil {
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusInternalServerError)
+		json.NewEncoder(w).Encode(map[string]string{"error": err.Error()})
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusOK)
+	json.NewEncoder(w).Encode(map[string]string{"status": "sent"})
+}
@@ -0,0 +1,157 @@
+package handler
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+// mockDigestService implements DigestServicer for testing.
+type mockDigestService struct {
+	previewHTML string
+	previewErr  error
+	sendErr     error
+	sendCalled  bool
+}
+
+func (m *mockDigestService) PreviewDigest(ctx context.Context) (string, error) {
+	if m.previewErr != nil {
+		return "", m.previewErr
+	}
+	return m.previewHTML, nil
+}
+
+func (m *mockDigestService) SendDigest(ctx context.Context) error {
+	m.sendCalled = true
+	return m.sendErr
+}
+
+func TestDigestHandler_PreviewDigest_Success(t *testing.T) {
+	svc := &mockDigestService{
+		previewHTML: "<html><body>Digest Preview</body></html>",
+	}
+	h := NewDigestHandler(svc)
+
+	req := httptest.NewRequest(http.MethodGet, "/api/v1/digest/preview", nil)
+	w := httptest.NewRecorder()
+
+	h.PreviewDigest(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected status 200, got %d", w.Code)
+	}
+
+	if w.Header().Get("Content-Type") != "text/html; charset=utf-8" {
+		t.Errorf("expected Content-Type text/html, got %s", w.Header().Get("Content-Type"))
+	}
+
+	if w.Body.String() != "<html><body>Digest Preview</body></html>" {
+		t.Errorf("unexpected body: %s", w.Body.String())
+	}
+}
+
+func TestDigestHandler_PreviewDigest_MethodNotAllowed(t *testing.T) {
+	svc := &mockDigestService{}
+	h := NewDigestHandler(svc)
+
+	req := httptest.NewRequest(http.MethodPost, "/api/v1/digest/preview", nil)
+	w := httptest.NewRecorder()
+
+	h.PreviewDigest(w, req)
+
+	if w.Code != http.StatusMethodNotAllowed {
+		t.Errorf("expected status 405, got %d", w.Code)
+	}
+}
+
+func TestDigestHandler_PreviewDigest_ServiceError(t *testing.T) {
+	svc := &mockDigestService{
+		previewErr: errors.New("stats unavailable"),
+	}
+	h := NewDigestHandler(svc)
+
+	req := httptest.NewRequest(http.MethodGet, "/api/v1/digest/preview", nil)
+	w := httptest.NewRecorder()
+
+	h.PreviewDigest(w, req)
+
+	if w.Code != http.StatusInternalServerError {
+		t.Errorf("expected status 500, got %d", w.Code)
+	}
+}
+
+func TestDigestHandler_PreviewDigest_NotConfigured(t *testing.T) {
+	h := NewDigestHandler(nil)
+
+	req := httptest.NewRequest(http.MethodGet, "/api/v1/digest/preview", nil)
+	w := httptest.NewRecorder()
+
+	h.PreviewDigest(w, req)
+
+	if w.Code != http.StatusServiceUnavailable {
+		t.Errorf("expected status 503, got %d", w.Code)
+	}
+}
+
+func TestDigestHandler_SendDigest_Success(t *testing.T) {
+	svc := &mockDigestService{}
+	h := NewDigestHandler(svc)
+
+	req := httptest.NewRequest(http.MethodPost, "/api/v1/digest/send", nil)
+	w := httptest.NewRecorder()
+
+	h.SendDigest(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected status 200, got %d", w.Code)
+	}
+
+	if !svc.sendCalled {
+		t.Error("expected SendDigest to be called")
+	}
+}
+
+func TestDigestHandler_SendDigest_MethodNotAllowed(t *testing.T) {
+	svc := &mockDigestService{}
+	h := NewDigestHandler(svc)
+
+	req := httptest.NewRequest(http.MethodGet, "/api/v1/digest/send", nil)
+	w := httptest.NewRecorder()
+
+	h.SendDigest(w, req)
+
+	if w.Code != http.StatusMethodNotAllowed {
+		t.Errorf("expected status 405, got %d", w.Code)
+	}
+}
+
+func TestDigestHandler_SendDigest_ServiceError(t *testing.T) {
+	svc := &mockDigestService{
+		sendErr: errors.New("SMTP connection refused"),
+	}
+	h := NewDigestHandler(svc)
+
+	req := httptest.NewRequest(http.MethodPost, "/api/v1/digest/send", nil)
+	w := httptest.NewRecorder()
+
+	h.SendDigest(w, req)
+
+	if w.Code != http.StatusInternalServerError {
+		t.Errorf("expected status 500, got %d", w.Code)
+	}
+}
+
+func TestDigestHandler_SendDigest_NotConfigured(t *testing.T) {
+	h := NewDigestHandler(nil)
+
+	req := httptest.NewRequest(http.MethodPost, "/api/v1/digest/send", nil)
+	w := httptest.NewRecorder()
+
+	h.SendDigest(w, req)
+
+	if w.Code != http.StatusServiceUnavailable {
+		t.Errorf("expected status 503, got %d", w.Code)
+	}
+}