First release of open core

2026-04-02 10:57:36 -04:00
parent 1c94f12d1c
commit 084c1321fc
101 changed files with 8812 additions and 17 deletions
--- a/pkg/tickets/handler.go
+++ b/pkg/tickets/handler.go
@@ -0,0 +1,15 @@
+package tickets
+
+import (
+	"epigas.gitea.cloud/RiskRancher/core/pkg/domain"
+)
+
+// Handler encapsulates all Ticket-related HTTP logic
+type Handler struct {
+	Store domain.Store
+}
+
+// NewHandler creates a new Tickets Handler
+func NewHandler(store domain.Store) *Handler {
+	return &Handler{Store: store}
+}
--- a/pkg/tickets/handlers_test.go
+++ b/pkg/tickets/handlers_test.go
@@ -0,0 +1,73 @@
+package tickets
+
+import (
+	"bytes"
+	"context"
+	"database/sql"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"epigas.gitea.cloud/RiskRancher/core/pkg/datastore"
+	"epigas.gitea.cloud/RiskRancher/core/pkg/domain"
+)
+
+func setupTestTickets(t *testing.T) (*Handler, *sql.DB) {
+	db := datastore.InitDB(":memory:")
+	store := datastore.NewSQLiteStore(db)
+	return NewHandler(store), db
+}
+
+// GetVIPCookie creates a dummy Sheriff user and an active session,
+func GetVIPCookie(store domain.Store) *http.Cookie {
+
+	user, err := store.GetUserByEmail(context.Background(), "vip_test@RiskRancher.com")
+	if err != nil {
+		user, _ = store.CreateUser(context.Background(), "vip_test@RiskRancher.com", "Test VIP", "hash", "Sheriff")
+	}
+
+	token := "vip_test_token_999"
+	store.CreateSession(context.Background(), token, user.ID, time.Now().Add(1*time.Hour))
+
+	return &http.Cookie{
+		Name:  "session_token",
+		Value: token,
+	}
+}
+
+func TestCreateSingleTicket(t *testing.T) {
+	app, db := setupTestTickets(t)
+	defer db.Close()
+
+	payload := []byte(`{
+		"title": "Manual Pentest Finding: XSS",
+		"description": "Found reflected XSS on the search page.",
+		"recommended_remediation": "Sanitize user input.",
+		"severity": "High"
+	}`)
+
+	req := httptest.NewRequest(http.MethodPost, "/api/tickets", bytes.NewBuffer(payload))
+	req.AddCookie(GetVIPCookie(app.Store))
+	req.Header.Set("Content-Type", "application/json")
+	rr := httptest.NewRecorder()
+
+	app.HandleCreateTicket(rr, req)
+
+	if status := rr.Code; status != http.StatusCreated {
+		t.Fatalf("Expected status %v, got %v. Body: %s", http.StatusCreated, status, rr.Body.String())
+	}
+
+	var createdTicket domain.Ticket
+	if err := json.NewDecoder(rr.Body).Decode(&createdTicket); err != nil {
+		t.Fatalf("Failed to decode JSON response: %v", err)
+	}
+
+	if createdTicket.ID == 0 {
+		t.Errorf("Expected database to generate an ID")
+	}
+	if createdTicket.DedupeHash == "" {
+		t.Errorf("Expected engine to generate a dedupe hash")
+	}
+}
--- a/pkg/tickets/tickets.go
+++ b/pkg/tickets/tickets.go
@@ -0,0 +1,74 @@
+package tickets
+
+import (
+	"encoding/json"
+	"net/http"
+	"strconv"
+
+	"epigas.gitea.cloud/RiskRancher/core/pkg/domain"
+)
+
+type InlineUpdateRequest struct {
+	Severity               string `json:"severity"`
+	Comment                string `json:"comment"`
+	Description            string `json:"description"`
+	RecommendedRemediation string `json:"recommended_remediation"`
+	Actor                  string `json:"actor"`
+	Status                 string `json:"status"`
+	Assignee               string `json:"assignee"`
+}
+
+type BulkUpdateRequest struct {
+	TicketIDs []int  `json:"ticket_ids"`
+	Status    string `json:"status"`
+	Comment   string `json:"comment"`
+	Assignee  string `json:"assignee"`
+	Actor     string `json:"actor"`
+}
+
+type MagistrateReviewRequest struct {
+	Action        string `json:"action"`
+	Actor         string `json:"actor"`
+	Comment       string `json:"comment"`
+	ExtensionDays int    `json:"extension_days"`
+}
+
+func (h *Handler) HandleUpdateTicket(w http.ResponseWriter, r *http.Request) {
+	id, _ := strconv.Atoi(r.PathValue("id"))
+	var req InlineUpdateRequest
+	json.NewDecoder(r.Body).Decode(&req)
+
+	if err := h.Store.UpdateTicketInline(r.Context(), id, req.Severity, req.Description, req.RecommendedRemediation, req.Comment, req.Actor, req.Status, req.Assignee); err != nil {
+		http.Error(w, "Database error", http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusOK)
+}
+
+// HandleGetTickets fetches a list of tickets via the API
+func (h *Handler) HandleGetTickets(w http.ResponseWriter, r *http.Request) {
+	tickets, err := h.Store.GetTickets(r.Context())
+	if err != nil {
+		http.Error(w, "Database error", http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(tickets)
+}
+
+// HandleCreateTicket creates a single ticket via the API
+func (h *Handler) HandleCreateTicket(w http.ResponseWriter, r *http.Request) {
+	var t domain.Ticket
+	if err := json.NewDecoder(r.Body).Decode(&t); err != nil {
+		http.Error(w, "Invalid JSON payload", http.StatusBadRequest)
+		return
+	}
+
+	if err := h.Store.CreateTicket(r.Context(), &t); err != nil {
+		http.Error(w, "Failed to create ticket", http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusCreated)
+	json.NewEncoder(w).Encode(t)
+}