gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 12:21:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
certctl/internal/service/digest.go
T
shankar0123 21aeed4f4e legal: addlicense headers + normalize legacy variants (Phase 0 RED-4) 
Phase 0 closure (Path B2, post-rewrite):

addlicense sweep — adds the canonical certctl LLC copyright + BUSL-1.1
SPDX header to every production Go file. Template:

  // Copyright 2026 certctl LLC. All rights reserved.
  // SPDX-License-Identifier: BUSL-1.1

Coverage: 338 / 338 production Go files (cmd/ + internal/, excluding
*_test.go and **/testdata/**). Pre-sweep coverage was 22 / 338 (6.5%);
post-sweep is 338 / 338 (100%).

Normalized 22 pre-existing legacy headers (`// Copyright (c) certctl`
+ `// SPDX-License-Identifier: BSL-1.1`) and 1 file using a
`Certctl Contributors` attribution. The legacy SPDX ID `BSL-1.1`
is non-standard; the official SPDX identifier for Business Source
License 1.1 is `BUSL-1.1` (capital U). All 338 files now share the
canonical form.

Generated via:
  addlicense -c "certctl LLC" -y 2026 \
    -f cowork/legal/copyright-header.tpl \
    -ignore '**/testdata/**' -ignore '**/*_test.go' \
    cmd/ internal/

Verification:
  find cmd internal -name '*.go' -not -name '*_test.go' \
    -not -path '*/testdata/*' \
    -exec grep -L '^// Copyright 2026 certctl LLC' {} \; | wc -l

  Returns: 0

gofmt clean. Header additions are comments only, no compile impact.

Closes: cowork/certctl-architecture-diligence-audit.html#fix-RED-4
2026-05-13 21:23:35 +00:00

377 lines
13 KiB
Go
Raw Permalink Blame History

// Copyright 2026 certctl LLC. All rights reserved.
// SPDX-License-Identifier: BUSL-1.1
package service
import (
"bytes"
"context"
"fmt"
"html/template"
"log/slog"
"time"
"github.com/certctl-io/certctl/internal/repository"
)
// DigestService generates and sends periodic certificate digest emails.
// It aggregates statistics from StatsService and sends HTML-formatted
// summary emails to configured recipients.
type DigestService struct {
statsService *StatsService
certRepo repository.CertificateRepository
ownerRepo repository.OwnerRepository
emailSender HTMLEmailSender
recipients []string
logger *slog.Logger
}
// HTMLEmailSender defines the interface for sending HTML emails.
// Implemented by the email notifier adapter.
type HTMLEmailSender interface {
SendHTML(ctx context.Context, recipient string, subject string, htmlBody string) error
}
// DigestData holds the aggregated data for a digest email.
type DigestData struct {
GeneratedAt time.Time `json:"generated_at"`
TotalCertificates int64 `json:"total_certificates"`
ExpiringCertificates int64 `json:"expiring_certificates"`
ExpiredCertificates int64 `json:"expired_certificates"`
RevokedCertificates int64 `json:"revoked_certificates"`
ActiveAgents int64 `json:"active_agents"`
OfflineAgents int64 `json:"offline_agents"`
TotalAgents int64 `json:"total_agents"`
PendingJobs int64 `json:"pending_jobs"`
FailedJobs int64 `json:"failed_jobs"`
CompletedJobs int64 `json:"completed_jobs"`
ExpiringCerts []DigestCertEntry `json:"expiring_certs"`
RecentFailures []DigestJobEntry `json:"recent_failures"`
StatusCounts []DigestStatusCount `json:"status_counts"`
}
// DigestCertEntry represents a certificate entry in the digest.
type DigestCertEntry struct {
ID string `json:"id"`
CommonName string `json:"common_name"`
ExpiresAt time.Time `json:"expires_at"`
DaysLeft int `json:"days_left"`
OwnerID string `json:"owner_id"`
}
// DigestJobEntry represents a failed job entry in the digest.
type DigestJobEntry struct {
ID string `json:"id"`
CertificateID string `json:"certificate_id"`
Type string `json:"type"`
Error string `json:"error"`
}
// DigestStatusCount represents certificate counts by status for the digest.
type DigestStatusCount struct {
Status string `json:"status"`
Count int64 `json:"count"`
}
// NewDigestService creates a new digest service.
func NewDigestService(
statsService *StatsService,
certRepo repository.CertificateRepository,
ownerRepo repository.OwnerRepository,
emailSender HTMLEmailSender,
recipients []string,
logger *slog.Logger,
) *DigestService {
if logger == nil {
logger = slog.Default()
}
return &DigestService{
statsService: statsService,
certRepo: certRepo,
ownerRepo: ownerRepo,
emailSender: emailSender,
recipients: recipients,
logger: logger,
}
}
// GenerateDigest aggregates current system statistics into a DigestData struct.
func (s *DigestService) GenerateDigest(ctx context.Context) (*DigestData, error) {
digest := &DigestData{
GeneratedAt: time.Now(),
}
// Get dashboard summary
summaryRaw, err := s.statsService.GetDashboardSummary(ctx)
if err != nil {
return nil, fmt.Errorf("failed to get dashboard summary: %w", err)
}
if summary, ok := summaryRaw.(*DashboardSummary); ok {
digest.TotalCertificates = summary.TotalCertificates
digest.ExpiringCertificates = summary.ExpiringCertificates
digest.ExpiredCertificates = summary.ExpiredCertificates
digest.RevokedCertificates = summary.RevokedCertificates
digest.ActiveAgents = summary.ActiveAgents
digest.OfflineAgents = summary.OfflineAgents
digest.TotalAgents = summary.TotalAgents
digest.PendingJobs = summary.PendingJobs
digest.FailedJobs = summary.FailedJobs
digest.CompletedJobs = summary.CompleteJobs
}
// Get certificates by status
statusRaw, err := s.statsService.GetCertificatesByStatus(ctx)
if err != nil {
s.logger.Warn("failed to get status counts for digest", "error", err)
} else if counts, ok := statusRaw.([]CertificateStatusCount); ok {
for _, c := range counts {
digest.StatusCounts = append(digest.StatusCounts, DigestStatusCount(c))
}
}
// Get expiring certificates (next 30 days)
now := time.Now()
thirtyDaysFromNow := now.AddDate(0, 0, 30)
allCerts, _, err := s.certRepo.List(ctx, &repository.CertificateFilter{Page: 1, PerPage: 10000})
if err != nil {
s.logger.Warn("failed to list certs for digest", "error", err)
} else {
for _, cert := range allCerts {
if !cert.ExpiresAt.IsZero() && cert.ExpiresAt.After(now) && cert.ExpiresAt.Before(thirtyDaysFromNow) {
daysLeft := int(time.Until(cert.ExpiresAt).Hours() / 24)
digest.ExpiringCerts = append(digest.ExpiringCerts, DigestCertEntry{
ID: cert.ID,
CommonName: cert.CommonName,
ExpiresAt: cert.ExpiresAt,
DaysLeft: daysLeft,
OwnerID: cert.OwnerID,
})
}
}
}
return digest, nil
}
// SendDigest generates a digest and sends it to all configured recipients.
func (s *DigestService) SendDigest(ctx context.Context) error {
if s.emailSender == nil {
return fmt.Errorf("email sender not configured — set CERTCTL_SMTP_HOST and CERTCTL_SMTP_FROM_ADDRESS")
}
digest, err := s.GenerateDigest(ctx)
if err != nil {
return fmt.Errorf("failed to generate digest: %w", err)
}
htmlBody, err := s.RenderDigestHTML(digest)
if err != nil {
return fmt.Errorf("failed to render digest HTML: %w", err)
}
subject := fmt.Sprintf("certctl Certificate Digest — %s", digest.GeneratedAt.Format("2006-01-02"))
recipients := s.recipients
if len(recipients) == 0 {
// Fall back to owner emails
recipients = s.resolveOwnerEmails(ctx)
}
if len(recipients) == 0 {
s.logger.Warn("no digest recipients configured and no owner emails found")
return nil
}
var sendErrors int
for _, recipient := range recipients {
if err := s.emailSender.SendHTML(ctx, recipient, subject, htmlBody); err != nil {
s.logger.Error("failed to send digest to recipient",
"recipient", recipient,
"error", err)
sendErrors++
} else {
s.logger.Info("digest email sent", "recipient", recipient)
}
}
if sendErrors > 0 {
return fmt.Errorf("failed to send digest to %d of %d recipients", sendErrors, len(recipients))
}
return nil
}
// ProcessDigest is the scheduler-facing method. It generates and sends the digest,
// logging errors rather than propagating them to match the scheduler pattern.
func (s *DigestService) ProcessDigest(ctx context.Context) error {
return s.SendDigest(ctx)
}
// RenderDigestHTML renders the digest data into an HTML email body.
func (s *DigestService) RenderDigestHTML(data *DigestData) (string, error) {
tmpl, err := template.New("digest").Parse(digestHTMLTemplate)
if err != nil {
return "", fmt.Errorf("failed to parse digest template: %w", err)
}
var buf bytes.Buffer
if err := tmpl.Execute(&buf, data); err != nil {
return "", fmt.Errorf("failed to execute digest template: %w", err)
}
return buf.String(), nil
}
// PreviewDigest generates and renders a digest without sending it.
// Used by the API handler for preview endpoints.
func (s *DigestService) PreviewDigest(ctx context.Context) (string, error) {
digest, err := s.GenerateDigest(ctx)
if err != nil {
return "", fmt.Errorf("failed to generate digest: %w", err)
}
return s.RenderDigestHTML(digest)
}
// resolveOwnerEmails collects unique email addresses from all certificate owners.
func (s *DigestService) resolveOwnerEmails(ctx context.Context) []string {
if s.ownerRepo == nil {
return nil
}
owners, err := s.ownerRepo.List(ctx)
if err != nil {
s.logger.Warn("failed to list owners for digest recipients", "error", err)
return nil
}
seen := make(map[string]bool)
var emails []string
for _, owner := range owners {
if owner.Email != "" && !seen[owner.Email] {
seen[owner.Email] = true
emails = append(emails, owner.Email)
}
}
return emails
}
// digestHTMLTemplate is the HTML template for the certificate digest email.
const digestHTMLTemplate = `<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>certctl Certificate Digest</title>
<style>
body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; margin: 0; padding: 0; background: #f5f5f5; color: #333; }
.container { max-width: 640px; margin: 0 auto; background: #fff; }
.header { background: #1a1a2e; color: #fff; padding: 24px 32px; }
.header h1 { margin: 0; font-size: 22px; font-weight: 600; }
.header .date { color: #a0a0b0; font-size: 13px; margin-top: 4px; }
.section { padding: 24px 32px; border-bottom: 1px solid #eee; }
.section h2 { font-size: 16px; font-weight: 600; margin: 0 0 16px 0; color: #1a1a2e; }
.stats-grid { display: flex; flex-wrap: wrap; gap: 12px; }
.stat-card { flex: 1; min-width: 120px; background: #f8f9fa; border-radius: 8px; padding: 16px; text-align: center; }
.stat-value { font-size: 28px; font-weight: 700; color: #1a1a2e; }
.stat-label { font-size: 12px; color: #666; margin-top: 4px; text-transform: uppercase; letter-spacing: 0.5px; }
.stat-warn .stat-value { color: #e67e22; }
.stat-danger .stat-value { color: #e74c3c; }
.stat-success .stat-value { color: #27ae60; }
table { width: 100%; border-collapse: collapse; font-size: 13px; }
th { text-align: left; padding: 8px 12px; background: #f8f9fa; color: #666; font-weight: 600; font-size: 11px; text-transform: uppercase; letter-spacing: 0.5px; }
td { padding: 10px 12px; border-bottom: 1px solid #f0f0f0; }
.badge { display: inline-block; padding: 2px 8px; border-radius: 4px; font-size: 11px; font-weight: 600; }
.badge-warn { background: #fef3e2; color: #e67e22; }
.badge-danger { background: #fde8e8; color: #e74c3c; }
.badge-ok { background: #e8f8ef; color: #27ae60; }
.footer { padding: 20px 32px; text-align: center; color: #999; font-size: 12px; background: #f8f9fa; }
.empty-state { text-align: center; padding: 24px; color: #999; font-size: 14px; }
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>certctl Certificate Digest</h1>
<div class="date">Generated: {{.GeneratedAt.Format "January 2, 2006 3:04 PM"}}</div>
</div>
<div class="section">
<h2>System Overview</h2>
<div class="stats-grid">
<div class="stat-card">
<div class="stat-value">{{.TotalCertificates}}</div>
<div class="stat-label">Total Certs</div>
</div>
<div class="stat-card stat-warn">
<div class="stat-value">{{.ExpiringCertificates}}</div>
<div class="stat-label">Expiring</div>
</div>
<div class="stat-card stat-danger">
<div class="stat-value">{{.ExpiredCertificates}}</div>
<div class="stat-label">Expired</div>
</div>
<div class="stat-card stat-success">
<div class="stat-value">{{.ActiveAgents}}</div>
<div class="stat-label">Active Agents</div>
</div>
</div>
</div>
<div class="section">
<h2>Jobs Summary</h2>
<div class="stats-grid">
<div class="stat-card">
<div class="stat-value">{{.PendingJobs}}</div>
<div class="stat-label">Pending</div>
</div>
<div class="stat-card stat-danger">
<div class="stat-value">{{.FailedJobs}}</div>
<div class="stat-label">Failed</div>
</div>
<div class="stat-card stat-success">
<div class="stat-value">{{.CompletedJobs}}</div>
<div class="stat-label">Completed</div>
</div>
</div>
</div>
{{if .ExpiringCerts}}
<div class="section">
<h2>Certificates Expiring Soon</h2>
<table>
<thead>
<tr><th>Common Name</th><th>Expires</th><th>Days Left</th></tr>
</thead>
<tbody>
{{range .ExpiringCerts}}
<tr>
<td>{{.CommonName}}</td>
<td>{{.ExpiresAt.Format "Jan 2, 2006"}}</td>
<td>
{{if le .DaysLeft 7}}<span class="badge badge-danger">{{.DaysLeft}} days</span>
{{else if le .DaysLeft 14}}<span class="badge badge-warn">{{.DaysLeft}} days</span>
{{else}}<span class="badge badge-ok">{{.DaysLeft}} days</span>
{{end}}
</td>
</tr>
{{end}}
</tbody>
</table>
</div>
{{else}}
<div class="section">
<h2>Certificates Expiring Soon</h2>
<div class="empty-state">No certificates expiring in the next 30 days.</div>
</div>
{{end}}
<div class="footer">
This digest was automatically generated by certctl.<br>
Configure digest settings with CERTCTL_DIGEST_* environment variables.
</div>
</div>
</body>
</html>`
Reference in New Issue View Git Blame Copy Permalink