Implement proper storage metrics (P0-009)\n\n- Add dedicated storage_metrics table\n- Create StorageMetricReport models with proper field names\n- Add ReportStorageMetrics to agent client\n- Update storage scanner to use new method\n- Implement server-side handlers and queries\n- Register new routes and update UI\n- Remove legacy Scan() method\n- Follow ETHOS principles: honest naming, clean architecture

2025-12-17 16:38:36 -05:00
parent f7c8d23c5d
commit 0fff047cb5
43 changed files with 3641 additions and 248 deletions
--- a/aggregator-server/internal/api/handlers/security_settings.go.broken
+++ b/aggregator-server/internal/api/handlers/security_settings.go.broken
@@ -0,0 +1,205 @@
+package handlers
+
+import (
+	"fmt"
+	"net/http"
+	"strconv"
+
+	"github.com/Fimeg/RedFlag/aggregator-server/internal/services"
+	"github.com/gin-gonic/gin"
+)
+
+// SecuritySettingsHandler handles security settings API endpoints
+type SecuritySettingsHandler struct {
+	securitySettingsService *services.SecuritySettingsService
+}
+
+// NewSecuritySettingsHandler creates a new security settings handler
+func NewSecuritySettingsHandler(securitySettingsService *services.SecuritySettingsService) *SecuritySettingsHandler {
+	return &SecuritySettingsHandler{
+		securitySettingsService: securitySettingsService,
+	}
+}
+
+// GetAllSecuritySettings returns all security settings for the authenticated user
+func (h *SecuritySettingsHandler) GetAllSecuritySettings(c *gin.Context) {
+	// Get user from context
+	userID := c.GetString("user_id")
+
+	settings, err := h.securitySettingsService.GetAllSettings(userID)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"settings": settings,
+		"user_has_permission": true, // Check actual permissions
+	})
+}
+
+// GetSecuritySettingsByCategory returns settings for a specific category
+func (h *SecuritySettingsHandler) GetSecuritySettingsByCategory(c *gin.Context) {
+	category := c.Param("category") // e.g., "command_signing", "nonce_validation"
+	userID := c.GetString("user_id")
+
+	settings, err := h.securitySettingsService.GetSettingsByCategory(userID, category)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, settings)
+}
+
+// UpdateSecuritySetting updates a specific security setting
+func (h *SecuritySettingsHandler) UpdateSecuritySetting(c *gin.Context) {
+	var req struct {
+		Value  interface{} `json:"value" binding:"required"`
+		Reason string      `json:"reason"` // Optional audit trail
+	}
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	category := c.Param("category")
+	key := c.Param("key")
+	userID := c.GetString("user_id")
+
+	// Validate before applying
+	if err := h.securitySettingsService.ValidateSetting(category, key, req.Value); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Apply the setting
+	err := h.securitySettingsService.SetSetting(category, key, req.Value, userID, req.Reason)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Return updated setting
+	setting, err := h.securitySettingsService.GetSetting(category, key)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "Setting updated successfully",
+		"setting": map[string]interface{}{
+			"category": category,
+			"key":       key,
+			"value":     setting,
+		},
+	})
+}
+
+// ValidateSecuritySettings validates settings without applying them
+func (h *SecuritySettingsHandler) ValidateSecuritySettings(c *gin.Context) {
+	var req struct {
+		Category string      `json:"category" binding:"required"`
+		Key      string      `json:"key" binding:"required"`
+		Value    interface{} `json:"value" binding:"required"`
+	}
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	err := h.securitySettingsService.ValidateSetting(req.Category, req.Key, req.Value)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"valid": false,
+			"error": err.Error(),
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"valid": true,
+		"message": "Setting is valid",
+	})
+}
+
+// GetSecurityAuditTrail returns audit trail of security setting changes
+func (h *SecuritySettingsHandler) GetSecurityAuditTrail(c *gin.Context) {
+	// Pagination parameters
+	page := c.DefaultQuery("page", "1")
+	pageSize := c.DefaultQuery("page_size", "50")
+
+	pageInt, _ := strconv.Atoi(page)
+	pageSizeInt, _ := strconv.Atoi(pageSize)
+
+	auditEntries, totalCount, err := h.securitySettingsService.GetAuditTrail(pageInt, pageSizeInt)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"audit_entries": auditEntries,
+		"pagination": gin.H{
+			"page":       pageInt,
+			"page_size":  pageSizeInt,
+			"total":      totalCount,
+			"total_pages": (totalCount + pageSizeInt - 1) / pageSizeInt,
+		},
+	})
+}
+
+// GetSecurityOverview returns current security status overview
+func (h *SecuritySettingsHandler) GetSecurityOverview(c *gin.Context) {
+	userID := c.GetString("user_id")
+
+	overview, err := h.securitySettingsService.GetSecurityOverview(userID)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, overview)
+}
+
+// ApplySecuritySettings applies batch of setting changes atomically
+func (h *SecuritySettingsHandler) ApplySecuritySettings(c *gin.Context) {
+	var req struct {
+		Settings map[string]map[string]interface{} `json:"settings" binding:"required"`
+		Reason   string                            `json:"reason"`
+	}
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	userID := c.GetString("user_id")
+
+	// Validate all settings first
+	for category, settings := range req.Settings {
+		for key, value := range settings {
+			if err := h.securitySettingsService.ValidateSetting(category, key, value); err != nil {
+				c.JSON(http.StatusBadRequest, gin.H{
+					"error": fmt.Sprintf("Validation failed for %s.%s: %v", category, key, err),
+				})
+				return
+			}
+		}
+	}
+
+	// Apply all settings atomically
+	err := h.securitySettingsService.ApplySettingsBatch(req.Settings, userID, req.Reason)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "All settings applied successfully",
+		"applied_count": len(req.Settings),
+	})
+}