feat: production hardening — slog, rate limiting, integration tests, seed data (Phase 4)

- Structured logging: replace log.* with log/slog JSON output across backend - Request logger middleware: logs method, path, status, duration for all non-health requests - Rate limiting: token bucket (5 req/min, burst 10) on AI endpoints (/api/ai/*) - Integration tests: full critical path test (auth -> create case -> add deadline -> dashboard) - Seed demo data: 1 tenant, 5 cases with deadlines/appointments/parties/events - docker-compose.yml: add all required env vars (DATABASE_URL, SUPABASE_*, ANTHROPIC_API_KEY) - .env.example: document all env vars including DATABASE_URL and CalDAV note
2026-03-25 14:32:27 +01:00
parent b49992b9c0
commit c5c3f41e08
10 changed files with 694 additions and 17 deletions
--- a/backend/internal/integration_test.go
+++ b/backend/internal/integration_test.go
@@ -0,0 +1,273 @@
+package internal_test
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"testing"
+	"time"
+
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/config"
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/db"
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/router"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
+)
+
+// testServer sets up the full router with a real DB connection.
+// Requires DATABASE_URL and SUPABASE_JWT_SECRET env vars.
+func testServer(t *testing.T) (http.Handler, func()) {
+	t.Helper()
+
+	dbURL := os.Getenv("DATABASE_URL")
+	if dbURL == "" {
+		t.Skip("DATABASE_URL not set, skipping integration test")
+	}
+	jwtSecret := os.Getenv("SUPABASE_JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-jwt-secret-for-integration-tests"
+		os.Setenv("SUPABASE_JWT_SECRET", jwtSecret)
+	}
+
+	database, err := db.Connect(dbURL)
+	if err != nil {
+		t.Fatalf("connecting to database: %v", err)
+	}
+
+	cfg := &config.Config{
+		Port:              "0",
+		DatabaseURL:       dbURL,
+		SupabaseJWTSecret: jwtSecret,
+	}
+
+	authMW := auth.NewMiddleware(jwtSecret, database)
+	handler := router.New(database, authMW, cfg, nil)
+
+	return handler, func() { database.Close() }
+}
+
+// createTestJWT creates a JWT for the given user ID, signed with the test secret.
+func createTestJWT(t *testing.T, userID uuid.UUID) string {
+	t.Helper()
+	secret := os.Getenv("SUPABASE_JWT_SECRET")
+	if secret == "" {
+		secret = "test-jwt-secret-for-integration-tests"
+	}
+
+	claims := jwt.MapClaims{
+		"sub": userID.String(),
+		"aud": "authenticated",
+		"exp": time.Now().Add(1 * time.Hour).Unix(),
+		"iat": time.Now().Unix(),
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	signed, err := token.SignedString([]byte(secret))
+	if err != nil {
+		t.Fatalf("signing JWT: %v", err)
+	}
+	return signed
+}
+
+// setupTestTenant creates a temporary tenant and user_tenant for testing.
+// Returns tenantID and userID. Cleans up on test completion.
+func setupTestTenant(t *testing.T, handler http.Handler) (tenantID, userID uuid.UUID) {
+	t.Helper()
+
+	dbURL := os.Getenv("DATABASE_URL")
+	database, err := db.Connect(dbURL)
+	if err != nil {
+		t.Fatalf("connecting to database for setup: %v", err)
+	}
+	defer database.Close()
+
+	tenantID = uuid.New()
+	userID = uuid.New()
+
+	_, err = database.Exec(`INSERT INTO tenants (id, name, slug) VALUES ($1, $2, $3)`,
+		tenantID, "Integration Test Kanzlei "+tenantID.String()[:8], "test-"+tenantID.String()[:8])
+	if err != nil {
+		t.Fatalf("creating test tenant: %v", err)
+	}
+
+	// Create a user in auth.users so JWT auth works
+	_, err = database.Exec(`INSERT INTO auth.users (id, instance_id, role, aud, email, encrypted_password, email_confirmed_at, created_at, updated_at, confirmation_token, recovery_token)
+		VALUES ($1, '00000000-0000-0000-0000-000000000000', 'authenticated', 'authenticated', $2, '', NOW(), NOW(), NOW(), '', '')`,
+		userID, fmt.Sprintf("test-%s@kanzlai.test", userID.String()[:8]))
+	if err != nil {
+		t.Fatalf("creating test user: %v", err)
+	}
+
+	_, err = database.Exec(`INSERT INTO user_tenants (user_id, tenant_id, role) VALUES ($1, $2, 'owner')`,
+		userID, tenantID)
+	if err != nil {
+		t.Fatalf("creating user_tenant: %v", err)
+	}
+
+	t.Cleanup(func() {
+		cleanupDB, _ := db.Connect(dbURL)
+		if cleanupDB != nil {
+			cleanupDB.Exec(`DELETE FROM case_events WHERE tenant_id = $1`, tenantID)
+			cleanupDB.Exec(`DELETE FROM deadlines WHERE tenant_id = $1`, tenantID)
+			cleanupDB.Exec(`DELETE FROM appointments WHERE tenant_id = $1`, tenantID)
+			cleanupDB.Exec(`DELETE FROM parties WHERE tenant_id = $1`, tenantID)
+			cleanupDB.Exec(`DELETE FROM documents WHERE tenant_id = $1`, tenantID)
+			cleanupDB.Exec(`DELETE FROM cases WHERE tenant_id = $1`, tenantID)
+			cleanupDB.Exec(`DELETE FROM user_tenants WHERE tenant_id = $1`, tenantID)
+			cleanupDB.Exec(`DELETE FROM tenants WHERE id = $1`, tenantID)
+			cleanupDB.Exec(`DELETE FROM auth.users WHERE id = $1`, userID)
+			cleanupDB.Close()
+		}
+	})
+
+	return tenantID, userID
+}
+
+func TestHealthEndpoint(t *testing.T) {
+	handler, cleanup := testServer(t)
+	defer cleanup()
+
+	req := httptest.NewRequest("GET", "/health", nil)
+	w := httptest.NewRecorder()
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var resp map[string]string
+	json.Unmarshal(w.Body.Bytes(), &resp)
+	if resp["status"] != "ok" {
+		t.Fatalf("expected status ok, got %v", resp)
+	}
+}
+
+func TestCriticalPath_CreateCase_AddDeadline_Dashboard(t *testing.T) {
+	handler, cleanup := testServer(t)
+	defer cleanup()
+
+	_, userID := setupTestTenant(t, handler)
+	token := createTestJWT(t, userID)
+
+	// Step 1: Create a case
+	caseBody := `{"case_number":"TEST/001","title":"Integration Test — Patentverletzung","case_type":"patent","court":"UPC München"}`
+	req := httptest.NewRequest("POST", "/api/cases", bytes.NewBufferString(caseBody))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+token)
+	w := httptest.NewRecorder()
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusCreated {
+		t.Fatalf("create case: expected 201, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var createdCase map[string]interface{}
+	json.Unmarshal(w.Body.Bytes(), &createdCase)
+	caseID, ok := createdCase["id"].(string)
+	if !ok || caseID == "" {
+		t.Fatalf("create case: missing ID in response: %v", createdCase)
+	}
+	t.Logf("Created case: %s", caseID)
+
+	// Step 2: List cases — verify our case is there
+	req = httptest.NewRequest("GET", "/api/cases", nil)
+	req.Header.Set("Authorization", "Bearer "+token)
+	w = httptest.NewRecorder()
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("list cases: expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var caseList map[string]interface{}
+	json.Unmarshal(w.Body.Bytes(), &caseList)
+	total := caseList["total"].(float64)
+	if total < 1 {
+		t.Fatalf("list cases: expected at least 1 case, got %.0f", total)
+	}
+
+	// Step 3: Add a deadline to the case
+	dueDate := time.Now().AddDate(0, 0, 14).Format("2006-01-02")
+	warnDate := time.Now().AddDate(0, 0, 10).Format("2006-01-02")
+	deadlineBody := fmt.Sprintf(`{"title":"Klageerwiderung einreichen","due_date":"%s","warning_date":"%s","source":"manual"}`, dueDate, warnDate)
+	req = httptest.NewRequest("POST", "/api/cases/"+caseID+"/deadlines", bytes.NewBufferString(deadlineBody))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+token)
+	w = httptest.NewRecorder()
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusCreated {
+		t.Fatalf("create deadline: expected 201, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var createdDeadline map[string]interface{}
+	json.Unmarshal(w.Body.Bytes(), &createdDeadline)
+	deadlineID, ok := createdDeadline["id"].(string)
+	if !ok || deadlineID == "" {
+		t.Fatalf("create deadline: missing ID in response: %v", createdDeadline)
+	}
+	t.Logf("Created deadline: %s", deadlineID)
+
+	// Step 4: Verify deadline appears in case deadlines
+	req = httptest.NewRequest("GET", "/api/cases/"+caseID+"/deadlines", nil)
+	req.Header.Set("Authorization", "Bearer "+token)
+	w = httptest.NewRecorder()
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("list deadlines: expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var deadlines []interface{}
+	json.Unmarshal(w.Body.Bytes(), &deadlines)
+	if len(deadlines) < 1 {
+		t.Fatalf("list deadlines: expected at least 1, got %d", len(deadlines))
+	}
+
+	// Step 5: Fetch dashboard — should include our case and deadline
+	req = httptest.NewRequest("GET", "/api/dashboard", nil)
+	req.Header.Set("Authorization", "Bearer "+token)
+	w = httptest.NewRecorder()
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("dashboard: expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var dashboard map[string]interface{}
+	json.Unmarshal(w.Body.Bytes(), &dashboard)
+
+	// Verify dashboard has expected sections
+	for _, key := range []string{"deadline_summary", "case_summary", "upcoming_deadlines"} {
+		if _, exists := dashboard[key]; !exists {
+			t.Errorf("dashboard: missing key %q in response", key)
+		}
+	}
+
+	// Verify case_summary shows at least 1 active case
+	if cs, ok := dashboard["case_summary"].(map[string]interface{}); ok {
+		if active, ok := cs["active"].(float64); ok && active < 1 {
+			t.Errorf("dashboard: expected at least 1 active case, got %.0f", active)
+		}
+	}
+
+	t.Logf("Full critical path passed: auth -> create case -> add deadline -> dashboard")
+}
+
+func TestUnauthenticatedAccess(t *testing.T) {
+	handler, cleanup := testServer(t)
+	defer cleanup()
+
+	// Accessing API without token should return 401
+	req := httptest.NewRequest("GET", "/api/cases", nil)
+	w := httptest.NewRecorder()
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusUnauthorized {
+		t.Fatalf("expected 401, got %d: %s", w.Code, w.Body.String())
+	}
+}
--- a/backend/internal/logging/logging.go
+++ b/backend/internal/logging/logging.go
@@ -0,0 +1,14 @@
+package logging
+
+import (
+	"log/slog"
+	"os"
+)
+
+// Setup initializes the global slog logger with JSON output for production.
+func Setup() {
+	handler := slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{
+		Level: slog.LevelInfo,
+	})
+	slog.SetDefault(slog.New(handler))
+}
--- a/backend/internal/middleware/ratelimit.go
+++ b/backend/internal/middleware/ratelimit.go
@@ -0,0 +1,98 @@
+package middleware
+
+import (
+	"log/slog"
+	"net/http"
+	"sync"
+	"time"
+)
+
+// TokenBucket implements a simple per-IP token bucket rate limiter.
+type TokenBucket struct {
+	mu      sync.Mutex
+	buckets map[string]*bucket
+	rate    float64 // tokens per second
+	burst   int     // max tokens
+}
+
+type bucket struct {
+	tokens   float64
+	lastTime time.Time
+}
+
+// NewTokenBucket creates a rate limiter allowing rate requests per second with burst capacity.
+func NewTokenBucket(rate float64, burst int) *TokenBucket {
+	tb := &TokenBucket{
+		buckets: make(map[string]*bucket),
+		rate:    rate,
+		burst:   burst,
+	}
+	// Periodically clean up stale buckets
+	go tb.cleanup()
+	return tb
+}
+
+func (tb *TokenBucket) allow(key string) bool {
+	tb.mu.Lock()
+	defer tb.mu.Unlock()
+
+	b, ok := tb.buckets[key]
+	if !ok {
+		b = &bucket{tokens: float64(tb.burst), lastTime: time.Now()}
+		tb.buckets[key] = b
+	}
+
+	now := time.Now()
+	elapsed := now.Sub(b.lastTime).Seconds()
+	b.tokens += elapsed * tb.rate
+	if b.tokens > float64(tb.burst) {
+		b.tokens = float64(tb.burst)
+	}
+	b.lastTime = now
+
+	if b.tokens < 1 {
+		return false
+	}
+	b.tokens--
+	return true
+}
+
+func (tb *TokenBucket) cleanup() {
+	ticker := time.NewTicker(5 * time.Minute)
+	defer ticker.Stop()
+	for range ticker.C {
+		tb.mu.Lock()
+		cutoff := time.Now().Add(-10 * time.Minute)
+		for key, b := range tb.buckets {
+			if b.lastTime.Before(cutoff) {
+				delete(tb.buckets, key)
+			}
+		}
+		tb.mu.Unlock()
+	}
+}
+
+// Limit wraps an http.Handler with rate limiting.
+func (tb *TokenBucket) Limit(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ip := r.Header.Get("X-Forwarded-For")
+		if ip == "" {
+			ip = r.RemoteAddr
+		}
+		if !tb.allow(ip) {
+			slog.Warn("rate limit exceeded", "ip", ip, "path", r.URL.Path)
+			w.Header().Set("Content-Type", "application/json")
+			w.Header().Set("Retry-After", "10")
+			w.WriteHeader(http.StatusTooManyRequests)
+			w.Write([]byte(`{"error":"rate limit exceeded, try again later"}`))
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}
+
+// LimitFunc wraps an http.HandlerFunc with rate limiting.
+func (tb *TokenBucket) LimitFunc(next http.HandlerFunc) http.HandlerFunc {
+	limited := tb.Limit(http.HandlerFunc(next))
+	return limited.ServeHTTP
+}
--- a/backend/internal/middleware/ratelimit_test.go
+++ b/backend/internal/middleware/ratelimit_test.go
@@ -0,0 +1,70 @@
+package middleware
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestTokenBucket_AllowsBurst(t *testing.T) {
+	tb := NewTokenBucket(1.0, 5) // 1/sec, burst 5
+
+	handler := tb.LimitFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	})
+
+	// Should allow burst of 5 requests
+	for i := 0; i < 5; i++ {
+		req := httptest.NewRequest("GET", "/test", nil)
+		w := httptest.NewRecorder()
+		handler.ServeHTTP(w, req)
+		if w.Code != http.StatusOK {
+			t.Fatalf("request %d: expected 200, got %d", i+1, w.Code)
+		}
+	}
+
+	// 6th request should be rate limited
+	req := httptest.NewRequest("GET", "/test", nil)
+	w := httptest.NewRecorder()
+	handler.ServeHTTP(w, req)
+	if w.Code != http.StatusTooManyRequests {
+		t.Fatalf("request 6: expected 429, got %d", w.Code)
+	}
+}
+
+func TestTokenBucket_DifferentIPs(t *testing.T) {
+	tb := NewTokenBucket(1.0, 2) // 1/sec, burst 2
+
+	handler := tb.LimitFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	})
+
+	// Exhaust IP1's bucket
+	for i := 0; i < 2; i++ {
+		req := httptest.NewRequest("GET", "/test", nil)
+		req.Header.Set("X-Forwarded-For", "1.2.3.4")
+		w := httptest.NewRecorder()
+		handler.ServeHTTP(w, req)
+		if w.Code != http.StatusOK {
+			t.Fatalf("ip1 request %d: expected 200, got %d", i+1, w.Code)
+		}
+	}
+
+	// IP1 should now be limited
+	req := httptest.NewRequest("GET", "/test", nil)
+	req.Header.Set("X-Forwarded-For", "1.2.3.4")
+	w := httptest.NewRecorder()
+	handler.ServeHTTP(w, req)
+	if w.Code != http.StatusTooManyRequests {
+		t.Fatalf("ip1 request 3: expected 429, got %d", w.Code)
+	}
+
+	// IP2 should still work
+	req = httptest.NewRequest("GET", "/test", nil)
+	req.Header.Set("X-Forwarded-For", "5.6.7.8")
+	w = httptest.NewRecorder()
+	handler.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("ip2 request 1: expected 200, got %d", w.Code)
+	}
+}
--- a/backend/internal/router/router.go
+++ b/backend/internal/router/router.go
@@ -2,13 +2,16 @@ package router

 import (
 	"encoding/json"
+	"log/slog"
 	"net/http"
+	"time"

 	"github.com/jmoiron/sqlx"

 	"mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
 	"mgit.msbls.de/m/KanzlAI-mGMT/internal/config"
 	"mgit.msbls.de/m/KanzlAI-mGMT/internal/handlers"
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/middleware"
 	"mgit.msbls.de/m/KanzlAI-mGMT/internal/services"
 )

@@ -112,10 +115,11 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
 	scoped.HandleFunc("GET /api/documents/{docId}/meta", docH.GetMeta)
 	scoped.HandleFunc("DELETE /api/documents/{docId}", docH.Delete)

-	// AI endpoints
+	// AI endpoints (rate limited: 5 req/min burst 10 per IP)
 	if aiH != nil {
-		scoped.HandleFunc("POST /api/ai/extract-deadlines", aiH.ExtractDeadlines)
-		scoped.HandleFunc("POST /api/ai/summarize-case", aiH.SummarizeCase)
+		aiLimiter := middleware.NewTokenBucket(5.0/60.0, 10)
+		scoped.HandleFunc("POST /api/ai/extract-deadlines", aiLimiter.LimitFunc(aiH.ExtractDeadlines))
+		scoped.HandleFunc("POST /api/ai/summarize-case", aiLimiter.LimitFunc(aiH.SummarizeCase))
 	}

 	// CalDAV sync endpoints
@@ -130,7 +134,7 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se

 	mux.Handle("/api/", authMW.RequireAuth(api))

-	return mux
+	return requestLogger(mux)
 }

 func handleHealth(db *sqlx.DB) http.HandlerFunc {
@@ -145,3 +149,34 @@ func handleHealth(db *sqlx.DB) http.HandlerFunc {
 	}
 }

+type statusWriter struct {
+	http.ResponseWriter
+	status int
+}
+
+func (w *statusWriter) WriteHeader(code int) {
+	w.status = code
+	w.ResponseWriter.WriteHeader(code)
+}
+
+func requestLogger(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Skip health checks to reduce noise
+		if r.URL.Path == "/health" {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		sw := &statusWriter{ResponseWriter: w, status: http.StatusOK}
+		start := time.Now()
+		next.ServeHTTP(sw, r)
+
+		slog.Info("request",
+			"method", r.Method,
+			"path", r.URL.Path,
+			"status", sw.status,
+			"duration_ms", time.Since(start).Milliseconds(),
+		)
+	})
+}
+
--- a/backend/internal/services/caldav_service.go
+++ b/backend/internal/services/caldav_service.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"log"
+	"log/slog"
 	"strings"
 	"sync"
 	"time"
@@ -83,14 +83,14 @@ func (s *CalDAVService) Start() {
 	s.wg.Go(func() {
 		s.backgroundLoop()
 	})
-	log.Println("CalDAV sync service started")
+	slog.Info("CalDAV sync service started")
 }

 // Stop gracefully stops the background sync.
 func (s *CalDAVService) Stop() {
 	close(s.stopCh)
 	s.wg.Wait()
-	log.Println("CalDAV sync service stopped")
+	slog.Info("CalDAV sync service stopped")
 }

 // backgroundLoop polls tenants at their configured interval.
@@ -113,7 +113,7 @@ func (s *CalDAVService) backgroundLoop() {
 func (s *CalDAVService) syncAllTenants() {
 	configs, err := s.loadAllTenantConfigs()
 	if err != nil {
-		log.Printf("CalDAV: failed to load tenant configs: %v", err)
+		slog.Error("CalDAV: failed to load tenant configs", "error", err)
 		return
 	}

@@ -137,7 +137,7 @@ func (s *CalDAVService) syncAllTenants() {
 			ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
 			defer cancel()
 			if _, err := s.SyncTenant(ctx, tid, c); err != nil {
-				log.Printf("CalDAV: sync failed for tenant %s: %v", tid, err)
+				slog.Error("CalDAV: sync failed", "tenant_id", tid, "error", err)
 			}
 		}(tenantID, cfg)
 	}
@@ -649,7 +649,7 @@ func (s *CalDAVService) logConflictEvent(ctx context.Context, tenantID, caseID u
 		VALUES ($1, $2, $3, 'caldav_conflict', $4, $5, $6, NOW(), NOW())`,
 		uuid.New(), tenantID, caseID, "CalDAV sync conflict", msg, metadata)
 	if err != nil {
-		log.Printf("CalDAV: failed to log conflict event: %v", err)
+		slog.Error("CalDAV: failed to log conflict event", "error", err)
 	}
 }