marktvogt.de/backend/internal/server/server.go

package server

import (
	"context"
	"fmt"
	"log/slog"
	"net/http"

	"github.com/gin-gonic/gin"
	"github.com/jackc/pgx/v5/pgxpool"
	"github.com/valkey-io/valkey-go"

	"marktvogt.de/backend/internal/config"
	"marktvogt.de/backend/internal/middleware"
)

type Server struct {
	cfg    *config.Config
	router *gin.Engine
	http   *http.Server
	db     *pgxpool.Pool
	valkey valkey.Client
}

func New(cfg *config.Config, db *pgxpool.Pool, vk valkey.Client) *Server {
	if !cfg.IsDev() {
		gin.SetMode(gin.ReleaseMode)
	}

	router := gin.New()

	// Trust only the configured reverse-proxy CIDRs for X-Forwarded-For /
	// X-Real-IP. Empty list disables proxy-header trust entirely (gin reads
	// RemoteAddr) — this is the safe production default until the ingress
	// pod CIDR is wired into APP_TRUSTED_PROXIES. Audit H4.
	if err := router.SetTrustedProxies(cfg.App.TrustedProxies); err != nil {
		slog.Warn("invalid APP_TRUSTED_PROXIES; disabling proxy trust", "error", err)
		_ = router.SetTrustedProxies(nil)
	}

	// NewCORSConfig only errors on bad regexes; config.Load already validates them.
	corsCfg, _ := middleware.NewCORSConfig(cfg.CORS.Origins, cfg.CORS.OriginPatterns)

	router.Use(
		middleware.Recovery(),
		middleware.RequestID(),
		middleware.Logging(),
		middleware.CORS(corsCfg),
		middleware.CSRF(corsCfg),
		middleware.BodyLimitBytes(middleware.DefaultBodyLimitBytes),
		middleware.RateLimit(cfg.Rate.RPS, cfg.Rate.Burst),
	)

	s := &Server{
		cfg:    cfg,
		router: router,
		db:     db,
		valkey: vk,
		http: &http.Server{
			Addr:    cfg.Addr(),
			Handler: router,
		},
	}

	s.registerRoutes()

	return s
}

func (s *Server) Start() error {
	slog.Info("starting server", "addr", s.cfg.Addr(), "env", s.cfg.App.Env)
	if err := s.http.ListenAndServe(); err != nil && err != http.ErrServerClosed {
		return fmt.Errorf("server listen: %w", err)
	}
	return nil
}

func (s *Server) Shutdown(ctx context.Context) error {
	slog.Info("shutting down server")
	return s.http.Shutdown(ctx)
}

func (s *Server) Router() *gin.Engine {
	return s.router
}