public_git
/
wg-portal
mirror of https://github.com/h44z/wg-portal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
wg-portal/internal/adapters/database.go

1862 lines
55 KiB
Go
Raw Blame History

package adapters
import (
"context"
"errors"
"fmt"
"log/slog"
"math/rand"
"strings"
"time"
"github.com/glebarez/sqlite"
"gorm.io/driver/mysql"
"gorm.io/driver/postgres"
"gorm.io/driver/sqlserver"
"gorm.io/gorm"
"gorm.io/gorm/clause"
"gorm.io/gorm/logger"
"gorm.io/gorm/utils"
"github.com/fedor-git/wg-portal-2/internal/config"
"github.com/fedor-git/wg-portal-2/internal/domain"
)
// SchemaVersion describes the current database schema version. It must be incremented if a manual migration is needed.
var SchemaVersion uint64 = 1
// SysStat stores the current database schema version and the timestamp when it was applied.
type SysStat struct {
MigratedAt time.Time `gorm:"column:migrated_at"`
SchemaVersion uint64 `gorm:"primaryKey,column:schema_version"`
}
// NodeSyncLock provides distributed locking for peer synchronization across nodes.
// Only one node can hold the lock at a time, preventing concurrent syncs that cause
// database contention and 504 Gateway Timeout errors.
type NodeSyncLock struct {
LockKey string `gorm:"primaryKey;column:lock_key"`
NodeID string `gorm:"column:node_id;index"`
LockedAt time.Time `gorm:"column:locked_at"`
ExpiresAt time.Time `gorm:"column:expires_at;index"` // Auto-release stuck locks after 5 minutes
}
func (NodeSyncLock) TableName() string {
return "node_sync_locks"
}
// GormLogger is a custom logger for Gorm, making it use slog
type GormLogger struct {
SlowThreshold time.Duration
SourceField string
IgnoreErrRecordNotFound bool
Debug bool
Silent bool
prefix string
}
func NewLogger(slowThreshold time.Duration, debug bool) *GormLogger {
return &GormLogger{
SlowThreshold: slowThreshold,
Debug: debug,
IgnoreErrRecordNotFound: true,
Silent: false,
SourceField: "src",
prefix: "GORM-SQL: ",
}
}
func (l *GormLogger) LogMode(level logger.LogLevel) logger.Interface {
if level == logger.Silent {
l.Silent = true
} else {
l.Silent = false
}
return l
}
func (l *GormLogger) Info(ctx context.Context, s string, args ...any) {
if l.Silent {
return
}
slog.InfoContext(ctx, l.prefix+s, args...)
}
func (l *GormLogger) Warn(ctx context.Context, s string, args ...any) {
if l.Silent {
return
}
slog.WarnContext(ctx, l.prefix+s, args...)
}
func (l *GormLogger) Error(ctx context.Context, s string, args ...any) {
if l.Silent {
return
}
slog.ErrorContext(ctx, l.prefix+s, args...)
}
func (l *GormLogger) Trace(ctx context.Context, begin time.Time, fc func() (string, int64), err error) {
if l.Silent {
return
}
elapsed := time.Since(begin)
sql, rows := fc()
attrs := []any{
"rows", rows,
"duration", elapsed,
}
if l.SourceField != "" {
attrs = append(attrs, l.SourceField, utils.FileWithLineNum())
}
if err != nil && !(errors.Is(err, gorm.ErrRecordNotFound) && l.IgnoreErrRecordNotFound) {
attrs = append(attrs, "error", err)
slog.ErrorContext(ctx, l.prefix+sql, attrs...)
return
}
if l.SlowThreshold != 0 && elapsed > l.SlowThreshold {
slog.WarnContext(ctx, l.prefix+sql, attrs...)
return
}
if l.Debug {
slog.DebugContext(ctx, l.prefix+sql, attrs...)
}
}
// applyConnectionPoolConfig applies the connection pool configuration from config to the database.
func applyConnectionPoolConfig(db *gorm.DB, cfg config.DatabaseConfig) error {
sqlDB, err := db.DB()
if err != nil {
return fmt.Errorf("failed to get underlying sql.DB: %w", err)
}
// Use configured values, or defaults if not specified
maxOpen := cfg.MaxOpenConnections
if maxOpen <= 0 {
maxOpen = 50
}
maxIdle := cfg.MaxIdleConnections
if maxIdle <= 0 {
maxIdle = 10
}
maxLifetime := cfg.ConnectionMaxLifetime
if maxLifetime <= 0 {
maxLifetime = 3 * time.Minute
}
// For multi-node cluster with 24 nodes, ensure adequate pool size
// Each node may need 2-3 concurrent connections for:
// - Interface/peer sync operations
// - Message bus event processing
// - Regular API requests
// Recommended: maxOpen = (nodes * 2-3) + buffer, e.g., 24*2.5 = 60
if maxOpen < 60 {
slog.Warn("Connection pool size may be too small for multi-node cluster",
"configured", maxOpen, "recommended_minimum", 60)
}
if maxIdle < 10 {
maxIdle = 10 // Ensure minimum idle connections for cluster
}
sqlDB.SetMaxOpenConns(maxOpen)
sqlDB.SetMaxIdleConns(maxIdle)
sqlDB.SetConnMaxLifetime(maxLifetime)
// Set connection max idle time to recycle stale connections faster
// Prevents "too many connections" by recycling idle connections after 5 minutes
sqlDB.SetConnMaxIdleTime(5 * time.Minute)
slog.Info("Database connection pool configured",
"max_open_connections", maxOpen,
"max_idle_connections", maxIdle,
"connection_max_lifetime", maxLifetime.String(),
"connection_max_idle_time", "5m")
return nil
}
// NewDatabase creates a new database connection and returns a Gorm database instance.
func NewDatabase(cfg config.DatabaseConfig) (*gorm.DB, error) {
var gormDb *gorm.DB
var err error
// Retry logic for initial database connection
// With 24 nodes starting simultaneously, initial connection can fail with "Too many connections"
// Increased to 50 retries to handle all 24 nodes with exponential backoff and jitter
// This gives us up to ~2 minutes of retry time with proper staggering
const maxRetries = 50
var lastErr error
for attempt := 0; attempt < maxRetries; attempt++ {
if attempt > 0 {
// Exponential backoff with random jitter to prevent thundering herd
// With 24 nodes starting simultaneously, stagger retries much more aggressively
// Exponential: 50ms, 100ms, 200ms, 400ms, 800ms, 1.6s, 3.2s, 6.4s...
// Jitter: ±100% randomness so not all nodes retry at same time
baseWaitTime := time.Duration(50*(1<<uint(attempt-1))) * time.Millisecond
// Cap base wait at 10 seconds to avoid excessive delays
if baseWaitTime > 10*time.Second {
baseWaitTime = 10 * time.Second
}
// Full randomness jitter to spread retries across time
jitterAmount := time.Duration(rand.Intn(int(baseWaitTime))) // ±100% jitter
waitTime := baseWaitTime + jitterAmount
slog.Warn("database connection attempt failed, retrying with exponential backoff",
"attempt", attempt+1,
"max_retries", maxRetries,
"base_wait", baseWaitTime.String(),
"actual_wait", waitTime.String(),
"error", lastErr)
time.Sleep(waitTime)
}
switch cfg.Type {
case config.DatabaseMySQL:
gormDb, err = gorm.Open(mysql.Open(cfg.DSN), &gorm.Config{
Logger: NewLogger(cfg.SlowQueryThreshold, cfg.Debug),
})
if err != nil {
lastErr = fmt.Errorf("failed to open MySQL database: %w", err)
if strings.Contains(err.Error(), "Too many connections") {
continue // Retry on connection pool exhaustion
}
return nil, lastErr
}
// Apply connection pool configuration
if err := applyConnectionPoolConfig(gormDb, cfg); err != nil {
lastErr = fmt.Errorf("failed to configure MySQL connection pool: %w", err)
continue
}
// Skip Ping() during initial connection to avoid connection pool exhaustion
// during multi-node startup. gorm.Open() already validates the connection.
// Ping would open another connection which might fail with "Too many connections"
slog.Info("database connected successfully", "type", "MySQL", "attempt", attempt+1)
return gormDb, nil
case config.DatabaseMsSQL:
gormDb, err = gorm.Open(sqlserver.Open(cfg.DSN), &gorm.Config{
Logger: NewLogger(cfg.SlowQueryThreshold, cfg.Debug),
})
if err != nil {
lastErr = fmt.Errorf("failed to open sqlserver database: %w", err)
if strings.Contains(err.Error(), "Too many connections") {
continue
}
return nil, lastErr
}
// Apply connection pool configuration
if err := applyConnectionPoolConfig(gormDb, cfg); err != nil {
lastErr = fmt.Errorf("failed to configure MSSQL connection pool: %w", err)
continue
}
slog.Info("database connected successfully", "type", "MSSQL", "attempt", attempt+1)
return gormDb, nil
case config.DatabasePostgres:
gormDb, err = gorm.Open(postgres.Open(cfg.DSN), &gorm.Config{
Logger: NewLogger(cfg.SlowQueryThreshold, cfg.Debug),
})
if err != nil {
lastErr = fmt.Errorf("failed to open Postgres database: %w", err)
if strings.Contains(err.Error(), "too many connections") {
continue
}
return nil, lastErr
}
// Apply connection pool configuration
if err := applyConnectionPoolConfig(gormDb, cfg); err != nil {
lastErr = fmt.Errorf("failed to configure Postgres connection pool: %w", err)
continue
}
slog.Info("database connected successfully", "type", "Postgres", "attempt", attempt+1)
return gormDb, nil
case config.DatabaseSQLite:
gormDb, err = gorm.Open(sqlite.Open(cfg.DSN), &gorm.Config{
Logger: NewLogger(cfg.SlowQueryThreshold, cfg.Debug),
})
if err != nil {
lastErr = fmt.Errorf("failed to open SQLite database: %w", err)
continue
}
// SQLite doesn't benefit from connection pooling, set to 1
if err := applyConnectionPoolConfig(gormDb, config.DatabaseConfig{
MaxOpenConnections: 1,
MaxIdleConnections: 1,
ConnectionMaxLifetime: 0,
}); err != nil {
lastErr = fmt.Errorf("failed to configure SQLite connection pool: %w", err)
continue
}
slog.Info("database connected successfully", "type", "SQLite", "attempt", attempt+1)
return gormDb, nil
default:
return nil, fmt.Errorf("unknown database type: %s", cfg.Type)
}
}
return nil, fmt.Errorf("failed to connect to database after %d attempts: %w", maxRetries, lastErr)
}
// SqlRepo is a SQL database repository implementation.
// Currently, it supports MySQL, SQLite, Microsoft SQL and Postgresql database systems.
type SqlRepo struct {
db *gorm.DB
cfg *config.Config
}
// NewSqlRepository creates a new SqlRepo instance.
func NewSqlRepository(db *gorm.DB, cfg *config.Config) (*SqlRepo, error) {
repo := &SqlRepo{
db: db,
cfg: cfg,
}
if err := repo.preCheck(); err != nil {
return nil, fmt.Errorf("failed to initialize database: %w", err)
}
if err := repo.migrate(); err != nil {
return nil, fmt.Errorf("failed to initialize database: %w", err)
}
return repo, nil
}
func (r *SqlRepo) preCheck() error {
// WireGuard Portal v1 database migration table
type DatabaseMigrationInfo struct {
Version string `gorm:"primaryKey"`
Applied time.Time
}
// temporarily disable logger as the next request might fail (intentionally)
r.db.Logger.LogMode(logger.Silent)
defer func() { r.db.Logger.LogMode(logger.Info) }()
lastVersion := DatabaseMigrationInfo{}
err := r.db.Order("applied desc, version desc").FirstOrInit(&lastVersion).Error
if err != nil {
return nil // we probably don't have a V1 database =)
}
return fmt.Errorf("detected a WireGuard Portal V1 database (version: %s) - please migrate first",
lastVersion.Version)
}
func (r *SqlRepo) migrate() error {
slog.Debug("running migration: sys-stat", "result", r.db.AutoMigrate(&SysStat{}))
slog.Debug("running migration: user", "result", r.db.AutoMigrate(&domain.User{}))
slog.Debug("running migration: user webauthn credentials", "result",
r.db.AutoMigrate(&domain.UserWebauthnCredential{}))
slog.Debug("running migration: interface", "result", r.db.AutoMigrate(&domain.Interface{}))
slog.Debug("running migration: peer", "result", r.db.AutoMigrate(&domain.Peer{}))
slog.Debug("running migration: peer status", "result", r.db.AutoMigrate(&domain.PeerStatus{}))
slog.Debug("running migration: interface status", "result", r.db.AutoMigrate(&domain.InterfaceStatus{}))
slog.Debug("running migration: audit data", "result", r.db.AutoMigrate(&domain.AuditEntry{}))
slog.Debug("running migration: node sync lock", "result", r.db.AutoMigrate(&NodeSyncLock{}))
// Clean up deprecated columns from peer_statuses table (traffic accumulation refactor)
// Previously we had PreviousSessionBytesReceived/Transmitted columns, now we use a simpler approach
// These columns are safe to drop if they exist
if r.db.Migrator().HasColumn("peer_statuses", "previous_session_received") {
slog.Debug("dropping deprecated column", "table", "peer_statuses", "column", "previous_session_received")
r.db.Migrator().DropColumn("peer_statuses", "previous_session_received")
}
if r.db.Migrator().HasColumn("peer_statuses", "previous_session_transmitted") {
slog.Debug("dropping deprecated column", "table", "peer_statuses", "column", "previous_session_transmitted")
r.db.Migrator().DropColumn("peer_statuses", "previous_session_transmitted")
}
// Clean up accumulated traffic columns (no longer needed - use current session traffic only)
// Simplified to keep only current session bytes which are accurate from WireGuard
if r.db.Migrator().HasColumn("peer_statuses", "accumulated_received") {
slog.Debug("dropping deprecated column", "table", "peer_statuses", "column", "accumulated_received")
r.db.Migrator().DropColumn("peer_statuses", "accumulated_received")
}
if r.db.Migrator().HasColumn("peer_statuses", "accumulated_transmitted") {
slog.Debug("dropping deprecated column", "table", "peer_statuses", "column", "accumulated_transmitted")
r.db.Migrator().DropColumn("peer_statuses", "accumulated_transmitted")
}
existingSysStat := SysStat{}
r.db.Where("schema_version = ?", SchemaVersion).First(&existingSysStat)
if existingSysStat.SchemaVersion == 0 {
sysStat := SysStat{
MigratedAt: time.Now(),
SchemaVersion: SchemaVersion,
}
if err := r.db.Create(&sysStat).Error; err != nil {
return fmt.Errorf("failed to write sysstat entry for schema version %d: %w", SchemaVersion, err)
}
slog.Debug("sys-stat entry written", "schema_version", SchemaVersion)
}
return nil
}
// region interfaces
// GetInterface returns the interface with the given id.
// If no interface is found, an error domain.ErrNotFound is returned.
func (r *SqlRepo) GetInterface(ctx context.Context, id domain.InterfaceIdentifier) (*domain.Interface, error) {
var in domain.Interface
err := r.db.WithContext(ctx).Preload("Addresses").First(&in, id).Error
if err != nil && errors.Is(err, gorm.ErrRecordNotFound) {
return nil, domain.ErrNotFound
}
if err != nil {
return nil, err
}
return &in, nil
}
// GetInterfaceAndPeers returns the interface with the given id and all peers associated with it.
// If no interface is found, an error domain.ErrNotFound is returned.
func (r *SqlRepo) GetInterfaceAndPeers(ctx context.Context, id domain.InterfaceIdentifier) (
*domain.Interface,
[]domain.Peer,
error,
) {
in, err := r.GetInterface(ctx, id)
if err != nil {
return nil, nil, fmt.Errorf("failed to load interface: %w", err)
}
peers, err := r.GetInterfacePeers(ctx, id)
if err != nil {
return nil, nil, fmt.Errorf("failed to load peers: %w", err)
}
return in, peers, nil
}
// GetPeersStats returns the stats for the given peer ids. The order of the returned stats is not guaranteed.
func (r *SqlRepo) GetPeersStats(ctx context.Context, ids ...domain.PeerIdentifier) ([]domain.PeerStatus, error) {
if len(ids) == 0 {
return nil, nil
}
var stats []domain.PeerStatus
err := r.db.WithContext(ctx).Where("identifier IN ?", ids).Find(&stats).Error
if err != nil {
return nil, err
}
return stats, nil
}
// GetAllInterfaces returns all interfaces.
func (r *SqlRepo) GetAllInterfaces(ctx context.Context) ([]domain.Interface, error) {
var interfaces []domain.Interface
err := r.db.WithContext(ctx).Preload("Addresses").Find(&interfaces).Error
if err != nil {
return nil, err
}
return interfaces, nil
}
// GetInterfaceStats returns the stats for the given interface id.
// If no stats are found, an error domain.ErrNotFound is returned.
func (r *SqlRepo) GetInterfaceStats(ctx context.Context, id domain.InterfaceIdentifier) (
*domain.InterfaceStatus,
error,
) {
if id == "" {
return nil, nil
}
var stats []domain.InterfaceStatus
err := r.db.WithContext(ctx).Where("identifier = ?", id).Find(&stats).Error
if err != nil {
return nil, err
}
if len(stats) == 0 {
return nil, domain.ErrNotFound
}
stat := stats[0]
return &stat, nil
}
// FindInterfaces returns all interfaces that match the given search string.
// The search string is matched against the interface identifier and display name.
func (r *SqlRepo) FindInterfaces(ctx context.Context, search string) ([]domain.Interface, error) {
var users []domain.Interface
searchValue := "%" + strings.ToLower(search) + "%"
err := r.db.WithContext(ctx).
Where("identifier LIKE ?", searchValue).
Or("display_name LIKE ?", searchValue).
Preload("Addresses").
Find(&users).Error
if err != nil {
return nil, err
}
return users, nil
}
// SaveInterface updates the interface with the given id.
func (r *SqlRepo) SaveInterface(
ctx context.Context,
id domain.InterfaceIdentifier,
updateFunc func(in *domain.Interface) (*domain.Interface, error),
) error {
userInfo := domain.GetUserInfo(ctx)
err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
in, err := r.getOrCreateInterface(userInfo, tx, id)
if err != nil {
return err // return any error will roll back
}
in, err = updateFunc(in)
if err != nil {
return err
}
err = r.upsertInterface(userInfo, tx, in)
if err != nil {
return err
}
// return nil will commit the whole transaction
return nil
})
if err != nil {
return err
}
return nil
}
func (r *SqlRepo) getOrCreateInterface(
ui *domain.ContextUserInfo,
tx *gorm.DB,
id domain.InterfaceIdentifier,
) (*domain.Interface, error) {
var in domain.Interface
// interfaceDefaults will be applied to newly created interface records
interfaceDefaults := domain.Interface{
BaseModel: domain.BaseModel{
CreatedBy: ui.UserId(),
UpdatedBy: ui.UserId(),
CreatedAt: time.Now(),
UpdatedAt: time.Now(),
},
Identifier: id,
}
err := tx.Preload("Addresses").Attrs(interfaceDefaults).FirstOrCreate(&in, id).Error
if err != nil {
return nil, err
}
return &in, nil
}
func (r *SqlRepo) upsertInterface(ui *domain.ContextUserInfo, tx *gorm.DB, in *domain.Interface) error {
in.UpdatedBy = ui.UserId()
in.UpdatedAt = time.Now()
err := tx.Save(in).Error
if err != nil {
return err
}
// Only update addresses if they were explicitly set (not nil)
// This prevents accidentally deleting all addresses when loading interface without preload
if in.Addresses != nil {
err = tx.Model(in).Association("Addresses").Replace(in.Addresses)
if err != nil {
return fmt.Errorf("failed to update interface addresses: %w", err)
}
}
return nil
}
// DeleteInterface deletes the interface with the given id.
func (r *SqlRepo) DeleteInterface(ctx context.Context, id domain.InterfaceIdentifier) error {
err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
err := tx.Where("interface_identifier = ?", id).Delete(&domain.Peer{}).Error
if err != nil {
return err
}
err = tx.Delete(&domain.InterfaceStatus{InterfaceId: id}).Error
if err != nil {
return err
}
err = tx.Select(clause.Associations).Delete(&domain.Interface{Identifier: id}).Error
if err != nil {
return err
}
return nil
})
if err != nil {
return err
}
return nil
}
// GetInterfaceIps returns a map of interface identifiers to their respective IP addresses.
func (r *SqlRepo) GetInterfaceIps(ctx context.Context) (map[domain.InterfaceIdentifier][]domain.Cidr, error) {
var ips []struct {
domain.Cidr
InterfaceId domain.InterfaceIdentifier `gorm:"column:interface_identifier"`
}
err := r.db.WithContext(ctx).
Table("interface_addresses").
Joins("LEFT JOIN cidrs ON interface_addresses.cidr_cidr = cidrs.cidr").
Scan(&ips).Error
if err != nil {
return nil, err
}
result := make(map[domain.InterfaceIdentifier][]domain.Cidr)
for _, ip := range ips {
result[ip.InterfaceId] = append(result[ip.InterfaceId], ip.Cidr)
}
return result, nil
}
// endregion interfaces
// region peers
// GetPeer returns the peer with the given id.
// If no peer is found, an error domain.ErrNotFound is returned.
func (r *SqlRepo) GetPeer(ctx context.Context, id domain.PeerIdentifier) (*domain.Peer, error) {
var peer domain.Peer
err := r.db.WithContext(ctx).Preload("Addresses").First(&peer, id).Error
if err != nil && errors.Is(err, gorm.ErrRecordNotFound) {
return nil, domain.ErrNotFound
}
if err != nil {
return nil, err
}
return &peer, nil
}
// GetInterfacePeers returns all peers associated with the given interface id.
func (r *SqlRepo) GetInterfacePeers(ctx context.Context, id domain.InterfaceIdentifier) ([]domain.Peer, error) {
var peers []domain.Peer
err := r.db.WithContext(ctx).Preload("Addresses").Where("interface_identifier = ?", id).Find(&peers).Error
if err != nil {
return nil, err
}
return peers, nil
}
// FindInterfacePeers returns all peers associated with the given interface id that match the given search string.
// The search string is matched against the peer identifier, display name and IP address.
func (r *SqlRepo) FindInterfacePeers(ctx context.Context, id domain.InterfaceIdentifier, search string) (
[]domain.Peer,
error,
) {
var peers []domain.Peer
searchValue := "%" + strings.ToLower(search) + "%"
err := r.db.WithContext(ctx).Where("interface_identifier = ?", id).
Where("identifier LIKE ?", searchValue).
Or("display_name LIKE ?", searchValue).
Or("iface_address_str_v LIKE ?", searchValue).
Find(&peers).Error
if err != nil {
return nil, err
}
return peers, nil
}
// GetUserPeers returns all peers associated with the given user id.
func (r *SqlRepo) GetUserPeers(ctx context.Context, id domain.UserIdentifier) ([]domain.Peer, error) {
var peers []domain.Peer
err := r.db.WithContext(ctx).Preload("Addresses").Where("user_identifier = ?", id).Find(&peers).Error
if err != nil {
return nil, err
}
return peers, nil
}
// FindUserPeers returns all peers associated with the given user id that match the given search string.
// The search string is matched against the peer identifier, display name and IP address.
func (r *SqlRepo) FindUserPeers(ctx context.Context, id domain.UserIdentifier, search string) ([]domain.Peer, error) {
var peers []domain.Peer
searchValue := "%" + strings.ToLower(search) + "%"
err := r.db.WithContext(ctx).Where("user_identifier = ?", id).
Where("identifier LIKE ?", searchValue).
Or("display_name LIKE ?", searchValue).
Or("iface_address_str_v LIKE ?", searchValue).
Find(&peers).Error
if err != nil {
return nil, err
}
return peers, nil
}
// SavePeer updates the peer with the given id.
// If no existing peer is found, a new peer is created.
// IMPORTANT: Also creates peer_status record to avoid deadlock during concurrent updates
func (r *SqlRepo) SavePeer(
ctx context.Context,
id domain.PeerIdentifier,
updateFunc func(in *domain.Peer) (*domain.Peer, error),
) error {
userInfo := domain.GetUserInfo(ctx)
err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
peer, err := r.getOrCreatePeer(userInfo, tx, id)
if err != nil {
return err // return any error will roll back
}
peer, err = updateFunc(peer)
if err != nil {
return err
}
err = r.upsertPeer(userInfo, tx, peer)
if err != nil {
return err
}
// DEADLOCK FIX: Ensure peer_status record exists WITHOUT FOR UPDATE lock
// This prevents lock contention when stats collection immediately tries to update it
// Use explicit WHERE clause with correct column name (identifier, not peer_id)
peerStatus := domain.PeerStatus{
PeerId: id,
UpdatedAt: time.Now(),
}
// Explicit WHERE using correct column name for FirstOrCreate
err = tx.Where("identifier = ?", id).FirstOrCreate(&peerStatus).Error
if err != nil {
// Log but don't fail - peer_status will be created on first stats update anyway
slog.Debug("peer status record already exists or creation deferred", "peer", id)
}
// return nil will commit the whole transaction
return nil
})
if err != nil {
return err
}
return nil
}
func (r *SqlRepo) getOrCreatePeer(ui *domain.ContextUserInfo, tx *gorm.DB, id domain.PeerIdentifier) (
*domain.Peer,
error,
) {
var peer domain.Peer
// interfaceDefaults will be applied to newly created interface records
interfaceDefaults := domain.Peer{
BaseModel: domain.BaseModel{
CreatedBy: ui.UserId(),
UpdatedBy: ui.UserId(),
CreatedAt: time.Now(),
UpdatedAt: time.Now(),
},
Identifier: id,
}
err := tx.Attrs(interfaceDefaults).FirstOrCreate(&peer, id).Error
if err != nil {
return nil, err
}
return &peer, nil
}
func (r *SqlRepo) upsertPeer(ui *domain.ContextUserInfo, tx *gorm.DB, peer *domain.Peer) error {
peer.UpdatedBy = ui.UserId()
peer.UpdatedAt = time.Now()
err := tx.Save(peer).Error
if err != nil {
return err
}
err = tx.Model(peer).Association("Addresses").Replace(peer.Interface.Addresses)
if err != nil {
return fmt.Errorf("failed to update peer addresses: %w", err)
}
return nil
}
// DeletePeer deletes the peer with the given id.
// This also deletes the peer_addresses associations (many-to-many relationships with Cidr)
// NOTE: We do NOT delete peer_status here.
// The peer_status will be cleaned up by CleanOrphanedStatuses on all cluster nodes.
// This ensures that other nodes can detect orphaned statuses and clean up their metrics.
func (r *SqlRepo) DeletePeer(ctx context.Context, id domain.PeerIdentifier) error {
err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
// First: delete peer_addresses many2many associations to avoid foreign key issues
// This is critical because we use raw SQL and explicit deletion like in DeletePeersByIDs
if err := tx.Table("peer_addresses").Where("peer_identifier = ?", string(id)).Delete(nil).Error; err != nil {
return err
}
// Second: delete the peer itself
err := tx.Where("identifier = ?", string(id)).Delete(&domain.Peer{}).Error
if err != nil {
return err
}
return nil
})
if err != nil {
return err
}
return nil
}
// GetPeerIps returns a map of peer identifiers to their respective IP addresses.
func (r *SqlRepo) GetPeerIps(ctx context.Context) (map[domain.PeerIdentifier][]domain.Cidr, error) {
var ips []struct {
domain.Cidr
PeerId domain.PeerIdentifier `gorm:"column:peer_identifier"`
}
err := r.db.WithContext(ctx).
Table("peer_addresses").
Joins("LEFT JOIN cidrs ON peer_addresses.cidr_cidr = cidrs.cidr").
Scan(&ips).Error
if err != nil {
return nil, err
}
result := make(map[domain.PeerIdentifier][]domain.Cidr)
for _, ip := range ips {
result[ip.PeerId] = append(result[ip.PeerId], ip.Cidr)
}
return result, nil
}
// GetUsedIpsPerSubnet returns a map of subnets to their respective used IP addresses.
func (r *SqlRepo) GetUsedIpsPerSubnet(ctx context.Context, subnets []domain.Cidr) (
map[domain.Cidr][]domain.Cidr,
error,
) {
var peerIps []struct {
domain.Cidr
PeerId domain.PeerIdentifier `gorm:"column:peer_identifier"`
}
err := r.db.WithContext(ctx).
Table("peer_addresses").
Joins("LEFT JOIN cidrs ON peer_addresses.cidr_cidr = cidrs.cidr").
Scan(&peerIps).Error
if err != nil {
return nil, fmt.Errorf("failed to fetch peer IP's: %w", err)
}
var interfaceIps []struct {
domain.Cidr
InterfaceId domain.InterfaceIdentifier `gorm:"column:interface_identifier"`
}
err = r.db.WithContext(ctx).
Table("interface_addresses").
Joins("LEFT JOIN cidrs ON interface_addresses.cidr_cidr = cidrs.cidr").
Scan(&interfaceIps).Error
if err != nil {
return nil, fmt.Errorf("failed to fetch interface IP's: %w", err)
}
result := make(map[domain.Cidr][]domain.Cidr, len(subnets))
for _, ip := range interfaceIps {
var subnet domain.Cidr // default empty subnet (if no subnet matches, we will add the IP to the empty subnet group)
for _, s := range subnets {
if s.Contains(ip.Cidr) {
subnet = s
break
}
}
result[subnet] = append(result[subnet], ip.Cidr)
}
for _, ip := range peerIps {
var subnet domain.Cidr // default empty subnet (if no subnet matches, we will add the IP to the empty subnet group)
for _, s := range subnets {
if s.Contains(ip.Cidr) {
subnet = s
break
}
}
result[subnet] = append(result[subnet], ip.Cidr)
}
return result, nil
}
// endregion peers
// region users
// GetUser returns the user with the given id.
// If no user is found, an error domain.ErrNotFound is returned.
func (r *SqlRepo) GetUser(ctx context.Context, id domain.UserIdentifier) (*domain.User, error) {
var user domain.User
err := r.db.WithContext(ctx).Preload("WebAuthnCredentialList").First(&user, id).Error
if err != nil && errors.Is(err, gorm.ErrRecordNotFound) {
return nil, domain.ErrNotFound
}
if err != nil {
return nil, err
}
return &user, nil
}
// GetUserByEmail returns the user with the given email.
// If no user is found, an error domain.ErrNotFound is returned.
// If multiple users are found, an error domain.ErrNotUnique is returned.
func (r *SqlRepo) GetUserByEmail(ctx context.Context, email string) (*domain.User, error) {
var users []domain.User
err := r.db.WithContext(ctx).Where("email = ?", email).Preload("WebAuthnCredentialList").Find(&users).Error
if err != nil && errors.Is(err, gorm.ErrRecordNotFound) {
return nil, domain.ErrNotFound
}
if err != nil {
return nil, err
}
if len(users) == 0 {
return nil, domain.ErrNotFound
}
if len(users) > 1 {
return nil, fmt.Errorf("found multiple users with email %s: %w", email, domain.ErrNotUnique)
}
user := users[0]
return &user, nil
}
// GetUserByWebAuthnCredential returns the user with the given webauthn credential id.
func (r *SqlRepo) GetUserByWebAuthnCredential(ctx context.Context, credentialIdBase64 string) (*domain.User, error) {
var credential domain.UserWebauthnCredential
err := r.db.WithContext(ctx).Where("credential_identifier = ?", credentialIdBase64).First(&credential).Error
if err != nil && errors.Is(err, gorm.ErrRecordNotFound) {
return nil, domain.ErrNotFound
}
if err != nil {
return nil, err
}
return r.GetUser(ctx, domain.UserIdentifier(credential.UserIdentifier))
}
// GetAllUsers returns all users.
func (r *SqlRepo) GetAllUsers(ctx context.Context) ([]domain.User, error) {
var users []domain.User
err := r.db.WithContext(ctx).Preload("WebAuthnCredentialList").Find(&users).Error
if err != nil {
return nil, err
}
return users, nil
}
// FindUsers returns all users that match the given search string.
// The search string is matched against the user identifier, firstname, lastname and email.
func (r *SqlRepo) FindUsers(ctx context.Context, search string) ([]domain.User, error) {
var users []domain.User
searchValue := "%" + strings.ToLower(search) + "%"
err := r.db.WithContext(ctx).
Where("identifier LIKE ?", searchValue).
Or("firstname LIKE ?", searchValue).
Or("lastname LIKE ?", searchValue).
Or("email LIKE ?", searchValue).
Preload("WebAuthnCredentialList").
Find(&users).Error
if err != nil {
return nil, err
}
return users, nil
}
// SaveUser updates the user with the given id.
// If no user is found, a new user is created.
func (r *SqlRepo) SaveUser(
ctx context.Context,
id domain.UserIdentifier,
updateFunc func(u *domain.User) (*domain.User, error),
) error {
userInfo := domain.GetUserInfo(ctx)
err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
user, err := r.getOrCreateUser(userInfo, tx, id)
if err != nil {
return err // return any error will roll back
}
user, err = updateFunc(user)
if err != nil {
return err
}
err = r.upsertUser(userInfo, tx, user)
if err != nil {
return err
}
// return nil will commit the whole transaction
return nil
})
if err != nil {
return err
}
return nil
}
// DeleteUser deletes the user with the given id.
func (r *SqlRepo) DeleteUser(ctx context.Context, id domain.UserIdentifier) error {
err := r.db.WithContext(ctx).Unscoped().Select(clause.Associations).Delete(&domain.User{Identifier: id}).Error
if err != nil {
return err
}
return nil
}
func (r *SqlRepo) getOrCreateUser(ui *domain.ContextUserInfo, tx *gorm.DB, id domain.UserIdentifier) (
*domain.User,
error,
) {
var user domain.User
// userDefaults will be applied to newly created user records
userDefaults := domain.User{
BaseModel: domain.BaseModel{
CreatedBy: ui.UserId(),
UpdatedBy: ui.UserId(),
CreatedAt: time.Now(),
UpdatedAt: time.Now(),
},
Identifier: id,
Source: domain.UserSourceDatabase,
IsAdmin: false,
}
err := tx.Attrs(userDefaults).FirstOrCreate(&user, id).Error
if err != nil {
return nil, err
}
return &user, nil
}
func (r *SqlRepo) upsertUser(ui *domain.ContextUserInfo, tx *gorm.DB, user *domain.User) error {
user.UpdatedBy = ui.UserId()
user.UpdatedAt = time.Now()
err := tx.Save(user).Error
if err != nil {
return err
}
err = tx.Session(&gorm.Session{FullSaveAssociations: true}).Unscoped().Model(user).Association("WebAuthnCredentialList").Unscoped().Replace(user.WebAuthnCredentialList)
if err != nil {
return fmt.Errorf("failed to update users webauthn credentials: %w", err)
}
return nil
}
// endregion users
// region statistics
// UpdateInterfaceStatus updates the interface status with the given id.
// If no interface status is found, a new one is created.
func (r *SqlRepo) UpdateInterfaceStatus(
ctx context.Context,
id domain.InterfaceIdentifier,
updateFunc func(in *domain.InterfaceStatus) (*domain.InterfaceStatus, error),
) error {
err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
in, err := r.getOrCreateInterfaceStatus(tx, id)
if err != nil {
return err // return any error will roll back
}
in, err = updateFunc(in)
if err != nil {
return err
}
err = r.upsertInterfaceStatus(tx, in)
if err != nil {
return err
}
// return nil will commit the whole transaction
return nil
})
if err != nil {
return err
}
return nil
}
func (r *SqlRepo) getOrCreateInterfaceStatus(tx *gorm.DB, id domain.InterfaceIdentifier) (
*domain.InterfaceStatus,
error,
) {
var in domain.InterfaceStatus
// defaults will be applied to newly created record
defaults := domain.InterfaceStatus{
InterfaceId: id,
UpdatedAt: time.Now(),
}
err := tx.Attrs(defaults).FirstOrCreate(&in, id).Error
if err != nil {
return nil, err
}
return &in, nil
}
func (r *SqlRepo) upsertInterfaceStatus(tx *gorm.DB, in *domain.InterfaceStatus) error {
err := tx.Save(in).Error
if err != nil {
return err
}
return nil
}
// UpdatePeerStatus updates the peer status with the given id.
// If no peer status is found, a new one is created.
// OWNERSHIP CHECK: If peer has an OwnerNodeId set, skip update to prevent conflicts with owner node.
// Includes automatic retry logic with exponential backoff for deadlock/conflict recovery.
// Uses row-level FOR UPDATE locking to prevent concurrent modification conflicts.
func (r *SqlRepo) UpdatePeerStatus(
ctx context.Context,
id domain.PeerIdentifier,
updateFunc func(in *domain.PeerStatus) (*domain.PeerStatus, error),
) error {
// Retry logic with exponential backoff for deadlocks and conflicts
// Increased to 10 retries (50ms, 100ms, 200ms, 400ms, 800ms, 1.6s, 3.2s, 6.4s, 12.8s, 25.6s)
// This handles high-concurrency scenarios with 24 cluster nodes and 100+ peers
// Total max wait time: ~50 seconds for all retries
const maxRetries = 10
var lastErr error
for attempt := 0; attempt < maxRetries; attempt++ {
if attempt > 0 {
// Exponential backoff with jitter to reduce synchronized retries
// Base: 50ms * 2^(attempt-1) + random 0-50ms jitter
baseWait := time.Duration(50*(1<<uint(attempt-1))) * time.Millisecond
jitter := time.Duration(rand.Intn(50)) * time.Millisecond
waitTime := baseWait + jitter
select {
case <-ctx.Done():
return ctx.Err()
case <-time.After(waitTime):
}
}
err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
in, err := r.getOrCreatePeerStatus(tx, id)
if err != nil {
return err // return any error will roll back
}
// Save original state to restore conflicting fields if peer is owned by another node
oldIsConnected := in.IsConnected
oldIsPingable := in.IsPingable
oldOwnerNodeId := in.OwnerNodeId
// IMPORTANT: Always allow updateFunc to proceed!
// This ensures non-conflicting data (BytesReceived, BytesTransmitted, LastHandshake, Endpoint)
// is captured for ALL nodes, not just the owner.
// We'll selectively restore conflicting fields below if owned by another node.
in, err = updateFunc(in)
if err != nil {
return err
}
// OWNERSHIP CHECK: If peer is CONNECTED and owned by another node,
// restore the conflicting state fields to prevent this node from overwriting owner's state
// BUT keep non-conflicting data like bytes and endpoint
if oldIsConnected && oldOwnerNodeId != "" && oldOwnerNodeId != r.cfg.Core.ClusterNodeId {
slog.Info("peer status owned by other node, restoring conflicting fields but KEEPING bytes",
"peer", id,
"owner", oldOwnerNodeId,
"our_node", r.cfg.Core.ClusterNodeId,
"restored_is_connected", oldIsConnected,
"bytes_received", in.BytesReceived,
"bytes_transmitted", in.BytesTransmitted,
"last_handshake", in.LastHandshake,
"endpoint", in.Endpoint)
// Restore conflicting fields to prevent state conflicts
in.IsConnected = oldIsConnected
in.IsPingable = oldIsPingable
in.OwnerNodeId = oldOwnerNodeId
// Keep the non-conflicting data:
// - BytesReceived, BytesTransmitted (traffic data)
// - LastHandshake, Endpoint (connection details)
// - LastSessionStart, LastPing (timestamps)
} else {
// Peer is either offline or not owned by another node - safe to save all data
slog.Debug("peer status update - saving all data",
"peer", id,
"is_connected", in.IsConnected,
"owned_by", in.OwnerNodeId,
"bytes_received", in.BytesReceived,
"bytes_transmitted", in.BytesTransmitted)
}
// CRITICAL: When peer transitions to OFFLINE, clear its ownership
// This allows any node to update it in future cycles
if !in.IsConnected && in.OwnerNodeId != "" {
slog.Debug("clearing peer ownership on offline transition",
"peer", id, "old_owner", in.OwnerNodeId)
in.OwnerNodeId = ""
}
err = r.upsertPeerStatus(tx, in)
if err != nil {
return err
}
// return nil will commit the whole transaction
return nil
})
if err == nil {
return nil // success
}
lastErr = err
// Check if this is a retryable error (deadlock or record changed)
errMsg := err.Error()
if !strings.Contains(errMsg, "Deadlock") && !strings.Contains(errMsg, "Record has changed") {
return err // not a retryable error
}
// Continue to retry
}
return fmt.Errorf("UpdatePeerStatus failed after %d retries: %w", maxRetries, lastErr)
}
// ClaimPeerStatus claims ownership of a peer status for this node.
// Only the owner node should update peer status to avoid conflicts.
// Once claimed, only this node (and nodes with same owner_node_id) can update it.
// Uses row-level FOR UPDATE locking to serialize concurrent claims.
func (r *SqlRepo) ClaimPeerStatus(
ctx context.Context,
id domain.PeerIdentifier,
ownerNodeId string,
updateFunc func(in *domain.PeerStatus) (*domain.PeerStatus, error),
) error {
if ownerNodeId == "" {
return fmt.Errorf("ownerNodeId cannot be empty")
}
// Retry logic with exponential backoff for deadlocks and conflicts
// Increased to 10 retries for high-concurrency multi-node ownership claiming
// Total max wait time: ~50 seconds for all retries
const maxRetries = 10
var lastErr error
for attempt := 0; attempt < maxRetries; attempt++ {
if attempt > 0 {
// Exponential backoff with jitter to reduce synchronized retries
// Base: 50ms * 2^(attempt-1) + random 0-50ms jitter
baseWait := time.Duration(50*(1<<uint(attempt-1))) * time.Millisecond
jitter := time.Duration(rand.Intn(50)) * time.Millisecond
waitTime := baseWait + jitter
select {
case <-ctx.Done():
return ctx.Err()
case <-time.After(waitTime):
}
}
err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
in, err := r.getOrCreatePeerStatus(tx, id)
if err != nil {
return err
}
// Claim ownership: set before calling updateFunc
in.OwnerNodeId = ownerNodeId
in.UpdatedAt = time.Now()
// Apply the custom update function
in, err = updateFunc(in)
if err != nil {
return err
}
// Ensure ownership is maintained
in.OwnerNodeId = ownerNodeId
err = r.upsertPeerStatus(tx, in)
if err != nil {
return err
}
return nil
})
if err == nil {
return nil // success
}
lastErr = err
// Check if this is a retryable error (deadlock or record changed)
errMsg := err.Error()
if !strings.Contains(errMsg, "Deadlock") && !strings.Contains(errMsg, "Record has changed") {
return err // not a retryable error
}
// Continue to retry
}
return fmt.Errorf("ClaimPeerStatus failed after %d retries: %w", maxRetries, lastErr)
}
// BatchUpdatePeerStatuses updates multiple peer statuses in a single optimized transaction.
// This is more efficient than calling UpdatePeerStatus individually and reduces deadlock risk.
// OWNERSHIP CHECK: Skips peers owned by other nodes to prevent conflicts.
// Uses ON CONFLICT DO UPDATE for bulk upsert with automatic conflict resolution.
func (r *SqlRepo) BatchUpdatePeerStatuses(
ctx context.Context,
updates map[domain.PeerIdentifier]func(in *domain.PeerStatus) (*domain.PeerStatus, error),
) error {
if len(updates) == 0 {
return nil
}
// Retry logic for batch operations - more retries for bulk operations
const maxRetries = 5
var lastErr error
for attempt := 0; attempt < maxRetries; attempt++ {
if attempt > 0 {
// Exponential backoff: 50ms, 100ms, 200ms, 400ms, 800ms
waitTime := time.Duration(50*(1<<uint(attempt-1))) * time.Millisecond
select {
case <-ctx.Done():
return ctx.Err()
case <-time.After(waitTime):
}
}
err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
var allStatuses []*domain.PeerStatus
// Load all peer statuses we need to update
for id := range updates {
in, err := r.getOrCreatePeerStatus(tx, id)
if err != nil {
return err
}
// OWNERSHIP CHECK: Skip peers owned by other nodes
if in.OwnerNodeId != "" {
// Peer is owned by another node - skip update
slog.Debug("peer status owned by other node, skipping batch update",
"peer", id, "owner", in.OwnerNodeId)
continue
}
// Apply the update function
updateFunc := updates[id]
in, err = updateFunc(in)
if err != nil {
return err
}
allStatuses = append(allStatuses, in)
}
// Batch insert/update all statuses in one operation
if len(allStatuses) > 0 {
err := tx.Clauses(clause.OnConflict{
UpdateAll: true,
}).CreateInBatches(allStatuses, 50).Error // batch insert in groups of 50
if err != nil {
return err
}
}
return nil
})
if err == nil {
return nil // success
}
lastErr = err
// Check if this is a retryable error
errMsg := err.Error()
if !strings.Contains(errMsg, "Deadlock") && !strings.Contains(errMsg, "Record has changed") {
return err // not a retryable error
}
// Continue to retry
}
return fmt.Errorf("BatchUpdatePeerStatuses failed after %d retries: %w", maxRetries, lastErr)
}
func (r *SqlRepo) getOrCreatePeerStatus(tx *gorm.DB, id domain.PeerIdentifier) (*domain.PeerStatus, error) {
var in domain.PeerStatus
// defaults will be applied to newly created record
defaults := domain.PeerStatus{
PeerId: id,
UpdatedAt: time.Now(),
}
// DEADLOCK FIX: Two-phase approach to reduce lock contention
// 1. First try to get existing record with FOR UPDATE lock
// (This avoids gap locks on non-existent rows)
err := tx.Clauses(clause.Locking{Strength: "UPDATE"}).Where("identifier = ?", id).First(&in).Error
if err == nil {
// Record found and locked - proceed with update
return &in, nil
}
if err != gorm.ErrRecordNotFound {
// Unexpected error
return nil, err
}
// Record doesn't exist - create it WITHOUT FOR UPDATE lock
// This is safe because SavePeer pre-creates peer_status, so this is rare
// Explicit WHERE clause using correct column name
err = tx.Where("identifier = ?", id).Attrs(defaults).FirstOrCreate(&in).Error
if err != nil {
return nil, err
}
// Now that record exists, acquire FOR UPDATE lock for modifications
err = tx.Clauses(clause.Locking{Strength: "UPDATE"}).Where("identifier = ?", id).First(&in).Error
if err != nil {
return nil, fmt.Errorf("failed to lock peer status after creation: %w", err)
}
return &in, nil
}
func (r *SqlRepo) getOrCreatePeerStatusForRead(tx *gorm.DB, id domain.PeerIdentifier) (*domain.PeerStatus, error) {
var in domain.PeerStatus
// defaults will be applied to newly created record
defaults := domain.PeerStatus{
PeerId: id,
UpdatedAt: time.Now(),
}
// For read-only access without modifications (used in conditionals)
// No FOR UPDATE lock - allows concurrent reads
err := tx.Attrs(defaults).FirstOrCreate(&in, id).Error
if err != nil {
return nil, err
}
return &in, nil
}
func (r *SqlRepo) upsertPeerStatus(tx *gorm.DB, in *domain.PeerStatus) error {
err := tx.Save(in).Error
if err != nil {
return err
}
return nil
}
// DeletePeerStatus deletes the peer status with the given id.
func (r *SqlRepo) DeletePeerStatus(ctx context.Context, id domain.PeerIdentifier) error {
err := r.db.WithContext(ctx).Delete(&domain.PeerStatus{}, id).Error
if err != nil {
return err
}
return nil
}
// GetAllPeerStatuses returns all peer statuses from the database.
func (r *SqlRepo) GetAllPeerStatuses(ctx context.Context) ([]domain.PeerStatus, error) {
var statuses []domain.PeerStatus
err := r.db.WithContext(ctx).Find(&statuses).Error
if err != nil {
return nil, err
}
return statuses, nil
}
// endregion statistics
// region audit
// SaveAuditEntry saves the given audit entry.
func (r *SqlRepo) SaveAuditEntry(ctx context.Context, entry *domain.AuditEntry) error {
err := r.db.WithContext(ctx).Save(entry).Error
if err != nil {
return err
}
return nil
}
// GetAllAuditEntries retrieves all audit entries from the database.
// The entries are ordered by timestamp, with the newest entries first.
func (r *SqlRepo) GetAllAuditEntries(ctx context.Context) ([]domain.AuditEntry, error) {
var entries []domain.AuditEntry
err := r.db.WithContext(ctx).Order("created_at desc").Find(&entries).Error
if err != nil {
return nil, err
}
return entries, nil
}
// endregion audit
func (r *SqlRepo) GetAllPeers(ctx context.Context) ([]domain.Peer, error) {
var peers []domain.Peer
// OPTIMIZED: Select only peer identifiers and basic fields to avoid N+1 queries
// from Preload("Addresses") and Preload("Interface") which would create 600+ queries
// This method is used mainly for cleanup validation, not for full peer data display
err := r.db.WithContext(ctx).
Select("id, identifier, display_name, interface_identifier").
Find(&peers).Error
if err != nil {
return nil, err
}
return peers, nil
}
// region node sync lock
const (
syncLockKey = "peer:sync"
syncLockDuration = 5 * time.Minute // Auto-release stuck locks after 5 minutes
syncLockTimeout = 2 * time.Minute // Total wait time for acquiring lock
)
// AcquireSyncLock attempts to acquire the global peer sync lock.
// Returns nodeID that holds the lock, or empty string if we acquired it.
// Uses exponential backoff to retry up to syncLockTimeout.
func (r *SqlRepo) AcquireSyncLock(ctx context.Context, nodeID string) (acquiredBy string, err error) {
// Use generic lock mechanism
return r.AcquireLock(ctx, syncLockKey, nodeID, syncLockDuration)
}
// ReleaseSyncLock releases the global peer sync lock.
func (r *SqlRepo) ReleaseSyncLock(ctx context.Context, nodeID string) error {
return r.ReleaseLock(ctx, syncLockKey, nodeID)
}
// SyncAllPeersFromDBWithLock wraps sync to ensure only one node syncs at a time.
// This prevents database contention and 504 Gateway Timeout cascades.
func (r *SqlRepo) SyncAllPeersFromDBWithLock(ctx context.Context, nodeID string) (int, error) {
// Try to acquire lock with timeout
lockCtx, cancel := context.WithTimeout(ctx, syncLockTimeout)
defer cancel()
heldBy, err := r.AcquireSyncLock(lockCtx, nodeID)
if err != nil {
slog.Warn("[SYNC_LOCK] cannot acquire sync lock, another node is syncing",
"held_by", heldBy, "self", nodeID, "error", err)
// Return 0,0 to indicate no sync performed (not an error condition)
return 0, nil
}
// Ensure lock is released after we're done (even if sync fails)
defer func() {
if relErr := r.ReleaseSyncLock(context.Background(), nodeID); relErr != nil {
slog.Error("failed to release sync lock", "error", relErr)
}
// Clean up expired locks in background to prevent table bloat
go func() {
goCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
if cleanErr := r.CleanupExpiredLocks(goCtx); cleanErr != nil {
slog.Debug("cleanup expired locks failed", "error", cleanErr)
}
}()
}()
// Now perform the actual sync with the lock held
count, err := r.SyncAllPeersFromDB(ctx)
if err != nil {
slog.Error("[SYNC_LOCK] sync failed while holding lock", "node_id", nodeID, "error", err)
return count, err
}
slog.Info("[SYNC_LOCK] sync completed", "node_id", nodeID, "synced_count", count)
return count, nil
}
// endregion node sync lock
// SyncAllPeersFromDB synchronizes all peers from the database.
func (r *SqlRepo) SyncAllPeersFromDB(ctx context.Context) (int, error) {
slog.Debug("SyncAllPeersFromDB called, but no operation performed")
return 0, nil
}
// region expired peers cleanup
const (
expireCleanupLockKey = "expire:cleanup"
expireCleanupLockDuration = 10 * time.Minute // Lock to ensure only one node performs cleanup
expireCleanupTimeout = 30 * time.Second // Timeout for acquiring lock
)
// GetExpiredPeers finds all peers with expiredAt in the past
func (r *SqlRepo) GetExpiredPeers(ctx context.Context) ([]domain.Peer, error) {
var peers []domain.Peer
now := time.Now()
err := r.db.WithContext(ctx).
Where("expires_at IS NOT NULL AND expires_at < ?", now).
Select("identifier, interface_identifier").
Find(&peers).Error
if err != nil {
return nil, err
}
return peers, nil
}
// DeletePeersByIDs deletes peers by their Identifier (public key) and their associated addresses
// Used when cleaning up expired peers
// IMPORTANT: Deletes peer_addresses associations first to avoid foreign key constraint violations
// Also deletes peer statuses to avoid orphaned status records
func (r *SqlRepo) DeletePeersByIDs(ctx context.Context, peerIDs []string) (int64, error) {
if len(peerIDs) == 0 {
return 0, nil
}
// Start transaction to ensure atomic deletion (associations first, then peers, then statuses)
tx := r.db.WithContext(ctx).Begin()
if tx.Error != nil {
return 0, tx.Error
}
// First: delete peer_addresses many2many associations via raw SQL
if err := tx.Table("peer_addresses").Where("peer_identifier IN ?", peerIDs).Delete(nil).Error; err != nil {
tx.Rollback()
return 0, err
}
// Second: delete peer statuses to avoid orphaned status records
if err := tx.Where("identifier IN ?", peerIDs).Delete(&domain.PeerStatus{}).Error; err != nil {
tx.Rollback()
return 0, err
}
// Third: delete peers
result := tx.Where("identifier IN ?", peerIDs).Delete(&domain.Peer{})
if result.Error != nil {
tx.Rollback()
return 0, result.Error
}
// Commit transaction
if err := tx.Commit().Error; err != nil {
return 0, err
}
return result.RowsAffected, nil
}
// FindAndDeleteExpiredPeersWithLock ensures only MASTER node deletes expired peers
// Other nodes skip cleanup to avoid conflicts across multiple nodes
// If this node is not configured as master, cleanup is skipped
func (r *SqlRepo) FindAndDeleteExpiredPeersWithLock(ctx context.Context, nodeID string) (expiredPeerIDs []string, err error) {
// Only MASTER node can delete expired peers
if !r.cfg.Core.Master {
slog.Debug("[EXPIRE_CLEANUP] this node is not master, skipping cleanup", "node_id", nodeID)
return nil, nil
}
// Find expired peers
expiredPeers, err := r.GetExpiredPeers(ctx)
if err != nil {
slog.Error("[EXPIRE_CLEANUP] failed to get expired peers", "error", err)
return nil, err
}
if len(expiredPeers) == 0 {
slog.Debug("[EXPIRE_CLEANUP] no expired peers found")
return nil, nil
}
// Delete them from DB
peerIDs := make([]string, len(expiredPeers))
for i, p := range expiredPeers {
peerIDs[i] = string(p.Identifier)
}
deletedCount, err := r.DeletePeersByIDs(ctx, peerIDs)
if err != nil {
slog.Error("[EXPIRE_CLEANUP] failed to delete expired peers", "error", err, "count", len(peerIDs))
return nil, err
}
slog.Info("[EXPIRE_CLEANUP] deleted expired peers",
"node_id", nodeID, "count", deletedCount, "peer_ids_count", len(peerIDs))
return peerIDs, nil
}
// endregion expired peers cleanup
// region generic distributed locking (for reuse)
// AcquireLock is a generic lock mechanism for various operations.
// IMPORTANT: Uses simple INSERT without ON DUPLICATE KEY UPDATE to avoid deadlocks.
// If lock already exists and is not expired, returns who holds it (no retry loop).
func (r *SqlRepo) AcquireLock(ctx context.Context, lockKey string, nodeID string, duration time.Duration) (acquiredBy string, err error) {
now := time.Now()
// Clean up expired locks (but don't retry on failure)
if delErr := r.db.WithContext(ctx).
Where("lock_key = ? AND expires_at < ?", lockKey, now).
Delete(&NodeSyncLock{}).Error; delErr != nil {
slog.Debug("failed to clean expired locks", "lock_key", lockKey, "error", delErr)
}
// Try simple INSERT (no ON DUPLICATE KEY UPDATE to avoid deadlock)
result := r.db.WithContext(ctx).
Create(&NodeSyncLock{
LockKey: lockKey,
NodeID: nodeID,
LockedAt: now,
ExpiresAt: now.Add(duration),
})
if result.Error == nil {
slog.Debug("[LOCK] acquired", "lock_key", lockKey, "node_id", nodeID)
return "", nil
}
// INSERT failed - check who holds the lock (no retry, just check)
var lock NodeSyncLock
if err := r.db.WithContext(ctx).
Where("lock_key = ?", lockKey).
First(&lock).Error; err == nil {
if lock.ExpiresAt.Before(now) {
// Lock expired, clean it up (best effort)
r.db.WithContext(ctx).Delete(&lock)
return "", fmt.Errorf("lock expired, please retry")
}
// Lock is held by another node
acquiredBy = lock.NodeID
return acquiredBy, fmt.Errorf("lock held by %s", acquiredBy)
}
// Couldn't determine lock holder
return "", fmt.Errorf("failed to acquire lock %s", lockKey)
}
// ReleaseLock releases a distributed lock
func (r *SqlRepo) ReleaseLock(ctx context.Context, lockKey string, nodeID string) error {
// Only delete lock if it belongs to us AND it hasn't expired yet
// This prevents deadlocks from competing DELETE operations on expired locks
result := r.db.WithContext(ctx).
Where("lock_key = ? AND node_id = ? AND expires_at > NOW()", lockKey, nodeID).
Delete(&NodeSyncLock{})
if result.Error != nil {
// Log but don't fail - lock might already be released or expired
slog.Debug("failed to release lock", "lockKey", lockKey, "nodeID", nodeID, "error", result.Error)
return nil
}
if result.RowsAffected == 0 {
// Lock was already released or expired - not an error
slog.Debug("lock already released or expired", "lockKey", lockKey, "nodeID", nodeID)
return nil
}
return nil
}
// CleanupExpiredLocks removes all expired locks from the database
// This prevents deadlocks from piling up expired lock rows
func (r *SqlRepo) CleanupExpiredLocks(ctx context.Context) error {
result := r.db.WithContext(ctx).
Where("expires_at < ?", time.Now()).
Delete(&NodeSyncLock{})
if result.Error != nil {
slog.Warn("failed to cleanup expired locks", "error", result.Error)
return result.Error
}
if result.RowsAffected > 0 {
slog.Debug("cleaned up expired locks", "rows_deleted", result.RowsAffected)
}
return nil
}
// endregion generic distributed locking
Reference in New Issue View Git Blame Copy Permalink