feat: complete node-agent pipeline, TLS proxy, billing cancel, password reset

Node-agent — full render pipeline (items 1-3): - render-svc: ClaimedJob now includes aep_download_url (presigned MinIO GET, 2h TTL, path=templates/{original_project_id}/template.aep) - render-svc: POST /v1/internal/render/jobs/:id/output-upload-url allocates Export row + returns presigned MinIO PUT URL + export_id - render-svc: db.CreateExportForJob() inserts export row with 30-day retention - render-svc: InternalHandler now owns minio client (templatesBucket + exportsBucket) MINIO_TEMPLATES_BUCKET env var (default flatrender-templates) - node-agent: runner/download.go — DownloadFile() + UploadFile() (stdlib only) - node-agent: client.GetOutputUploadURL() + ClaimedJob.AEPDownloadURL field - node-agent: runJob() full flow: download AEP → render → get upload URL → PUT output to MinIO → Complete(export_id) All steps are non-fatal with fallback (AEP miss → mock, upload fail → no export) TLS reverse proxy (item 15): - Caddyfile: three virtual hosts (DOMAIN, API_DOMAIN, STORAGE_DOMAIN) auto-TLS via Let's Encrypt; security headers; 512MB upload limit on API - docker-compose.v2.yml: caddy:2-alpine service, ports 80/443/443udp, caddy_data + caddy_config volumes; env vars DOMAIN/API_DOMAIN/STORAGE_DOMAIN/ACME_EMAIL - .env.v2.example: new Caddy + MINIO_TEMPLATES_BUCKET entries Billing portal (item 5): - Identity: POST /v1/users/me/plan/cancel — sets cancelled_at, auto_renew=false (access continues to expiry); 404 when no active plan - POST /api/billing/cancel — frontend proxy, validates auth - GET /api/billing/portal — redirects to /dashboard/settings?tab=billing - SettingsBilling: "Cancel plan" button with confirm dialog + optimistic UI, "Change plan" button; becomes "use client" component Password reset UI (item 7): - POST /api/auth/password-reset — proxies /v1/auth/password/reset/request (always 200, anti-enumeration) - POST /api/auth/password-reset-confirm — proxies /v1/auth/password/reset/confirm - AuthPageContent: "Forgot password?" link on sign-in tab opens 2-step reset flow (email → OTP+new-password) without leaving the auth page Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-01 16:41:13 +03:30
parent 12773e125a
commit bcc69f0a2e
19 changed files with 767 additions and 72 deletions
@@ -9,4 +9,7 @@ public interface IPlanService
    Task<PlanResponse> GetByIdAsync(Guid planId);
    Task<UserPlanResponse?> GetCurrentPlanAsync(Guid userId);
    Task<PurchasePlanResponse> PurchasePlanAsync(Guid userId, Guid tenantId, PurchasePlanRequest request);
+    /// <summary>Cancel the current active plan. The subscription is marked cancelled
+    /// and will not auto-renew. Access continues until the expiry date.</summary>
+    Task CancelPlanAsync(Guid userId);
 }
@@ -161,6 +161,19 @@ public class PlanService(IdentityDbContext db) : IPlanService
        await Task.CompletedTask; // placeholder for future async work
    }

+    public async Task CancelPlanAsync(Guid userId)
+    {
+        var userPlan = await db.UserPlans
+            .Where(up => up.UserId == userId && up.CancelledAt == null && up.ExpiresAt > DateTime.UtcNow)
+            .OrderByDescending(up => up.StartsAt)
+            .FirstOrDefaultAsync()
+            ?? throw new KeyNotFoundException("No active plan to cancel");
+
+        userPlan.CancelledAt = DateTime.UtcNow;
+        userPlan.AutoRenew = false;
+        await db.SaveChangesAsync();
+    }
+
    private static PlanResponse MapPlanResponse(Plan p) => new(
        p.Id, p.Code, p.Name, p.Description,
        p.PriceMinor, p.BeforePriceMinor, p.Currency, p.BillingPeriod.ToString(),
@@ -39,6 +39,26 @@ public class PlansController(IPlanService planService) : ControllerBase
        return Ok(result);
    }

+    /// <summary>
+    /// Cancel the current active subscription. The plan stays active until its
+    /// expiry date but will not auto-renew. Returns 404 when no active plan exists.
+    /// </summary>
+    [HttpPost("users/me/plan/cancel")]
+    [ProducesResponseType(204)]
+    [ProducesResponseType(404)]
+    public async Task<IActionResult> Cancel()
+    {
+        try
+        {
+            await planService.CancelPlanAsync(GetUserId());
+            return NoContent();
+        }
+        catch (KeyNotFoundException ex)
+        {
+            return NotFound(new { error = ex.Message });
+        }
+    }
+
    private Guid GetUserId() => Guid.Parse(User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value
        ?? User.FindFirst("sub")?.Value ?? throw new UnauthorizedAccessException());

@@ -28,6 +28,7 @@ import (
 	"net/http"
 	"os"
 	"os/signal"
+	"path/filepath"
 	"runtime"
 	"sync"
 	"syscall"
@@ -227,12 +228,20 @@ func (a *Agent) tryClaimAndRun(ctx context.Context) {
 func (a *Agent) runJob(ctx context.Context, job *client.ClaimedJob) {
 	log.Printf("[job %s] starting render", job.JobID)

-	// In a full implementation, the agent would:
-	// 1. Fetch the saved project from the studio service
-	// 2. Download the .aep template from MinIO
-	// 3. Inject user customisations into the composition via JSXB/AE scripting
-	// Then call runner.Run().
-	// For the skeleton we pass an empty AEPFilePath, which triggers mock mode.
+	// ── Step 1: Download .aep template ───────────────────────────────────────
+	aepPath := ""
+	if job.AEPDownloadURL != "" && a.cfg.AEPath != "" {
+		localAEP := filepath.Join(a.cfg.WorkDir, "templates", job.JobID, "template.aep")
+		dlCtx, dlCancel := context.WithTimeout(ctx, 10*time.Minute)
+		n, dlErr := runner.DownloadFile(dlCtx, job.AEPDownloadURL, localAEP)
+		dlCancel()
+		if dlErr != nil {
+			log.Printf("[job %s] AEP download failed (%v) — falling back to mock", job.JobID, dlErr)
+		} else {
+			log.Printf("[job %s] AEP downloaded (%d bytes) → %s", job.JobID, n, localAEP)
+			aepPath = localAEP
+		}
+	}

 	rJob := &runner.Job{
 		JobID:          job.JobID,
@@ -242,7 +251,7 @@ func (a *Agent) runJob(ctx context.Context, job *client.ClaimedJob) {
 		FrameRate:      job.FrameRate,
 		HasMusic:       job.HasMusic,
 		HasVoiceover:   job.HasVoiceover,
-		AEPFilePath:    "", // TODO: download from MinIO
+		AEPFilePath:    aepPath,
 	}

 	onProgress := func(ctx context.Context, pct int, msg string) error {
@@ -259,6 +268,7 @@ func (a *Agent) runJob(ctx context.Context, job *client.ClaimedJob) {
 		return nil
 	}

+	// ── Step 2: Render ───────────────────────────────────────────────────────
 	outputPath, err := runner.Run(ctx, a.cfg.AEPath, a.cfg.WorkDir, rJob, onProgress, onPreview)
 	if err != nil {
 		if ctx.Err() != nil {
@@ -273,17 +283,33 @@ func (a *Agent) runJob(ctx context.Context, job *client.ClaimedJob) {
 		}
 		return
 	}
-
 	log.Printf("[job %s] render done → %s", job.JobID, outputPath)

-	// In full production: upload outputPath to MinIO, create an Export record,
-	// pass the export UUID to Complete(). Skeleton passes nil (no export yet).
-	completeCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	defer cancel()
-	if err := a.orch.Complete(completeCtx, job.JobID, nil); err != nil {
+	// ── Step 3: Get presigned upload URL + upload output to MinIO ─────────────
+	var exportID *string
+	uploadCtx, uploadCancel := context.WithTimeout(context.Background(), 5*time.Minute)
+	defer uploadCancel()
+
+	uploadInfo, urlErr := a.orch.GetOutputUploadURL(uploadCtx, job.JobID)
+	if urlErr != nil {
+		log.Printf("[job %s] get upload URL failed: %v — completing without export", job.JobID, urlErr)
+	} else {
+		log.Printf("[job %s] uploading output to %s", job.JobID, uploadInfo.ObjectKey)
+		if _, upErr := runner.UploadFile(uploadCtx, uploadInfo.UploadURL, outputPath); upErr != nil {
+			log.Printf("[job %s] upload failed: %v — completing without export", job.JobID, upErr)
+		} else {
+			log.Printf("[job %s] upload complete (export %s)", job.JobID, uploadInfo.ExportID)
+			exportID = &uploadInfo.ExportID
+		}
+	}
+
+	// ── Step 4: Report complete ───────────────────────────────────────────────
+	completeCtx, completeCancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer completeCancel()
+	if err := a.orch.Complete(completeCtx, job.JobID, exportID); err != nil {
 		log.Printf("[job %s] complete report error: %v", job.JobID, err)
 	} else {
-		log.Printf("[job %s] reported as completed", job.JobID)
+		log.Printf("[job %s] reported as completed (export=%v)", job.JobID, exportID)
 	}
 }

@@ -106,6 +106,16 @@ type ClaimedJob struct {
 	FrameRate      int    `json:"frame_rate"`
 	HasMusic       bool   `json:"has_music"`
 	HasVoiceover   bool   `json:"has_voiceover"`
+	// AEPDownloadURL is a presigned MinIO GET URL for the .aep template file.
+	// Empty when the template has not been uploaded yet — triggers mock render.
+	AEPDownloadURL string `json:"aep_download_url,omitempty"`
+}
+
+// OutputUploadURLResponse is returned by GetOutputUploadURL.
+type OutputUploadURLResponse struct {
+	ExportID  string `json:"export_id"`
+	UploadURL string `json:"upload_url"`
+	ObjectKey string `json:"object_key"`
 }

 // ProgressRequest reports render progress (frame-level) for a job.
@@ -204,6 +214,25 @@ func (c *Client) UpdatePreview(ctx context.Context, jobID, imageB64 string) erro
 	return nil
 }

+// GetOutputUploadURL asks the orchestrator to allocate an Export row and
+// return a presigned MinIO PUT URL for the rendered output file.
+func (c *Client) GetOutputUploadURL(ctx context.Context, jobID string) (*OutputUploadURLResponse, error) {
+	resp, err := c.do(ctx, http.MethodPost,
+		fmt.Sprintf("/v1/internal/render/jobs/%s/output-upload-url", jobID), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode >= 300 {
+		return nil, fmt.Errorf("output-upload-url: HTTP %d", resp.StatusCode)
+	}
+	var out OutputUploadURLResponse
+	if err := json.NewDecoder(resp.Body).Decode(&out); err != nil {
+		return nil, fmt.Errorf("decode: %w", err)
+	}
+	return &out, nil
+}
+
 // Complete marks a render job as Done.
 func (c *Client) Complete(ctx context.Context, jobID string, exportID *string) error {
 	resp, err := c.do(ctx, http.MethodPost,
@@ -0,0 +1,82 @@
+// download.go fetches a remote file (presigned MinIO URL or any HTTP URL) and
+// saves it to a local path. Uses stdlib only — no external HTTP client needed.
+package runner
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+)
+
+// DownloadFile fetches the resource at rawURL and writes it to destPath,
+// creating parent directories as needed. Returns the number of bytes written.
+func DownloadFile(ctx context.Context, rawURL, destPath string) (int64, error) {
+	if err := os.MkdirAll(filepath.Dir(destPath), 0o755); err != nil {
+		return 0, fmt.Errorf("mkdir: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, rawURL, nil)
+	if err != nil {
+		return 0, fmt.Errorf("new request: %w", err)
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return 0, fmt.Errorf("GET: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return 0, fmt.Errorf("server returned %d", resp.StatusCode)
+	}
+
+	f, err := os.Create(destPath)
+	if err != nil {
+		return 0, fmt.Errorf("create file: %w", err)
+	}
+	defer f.Close()
+
+	n, err := io.Copy(f, resp.Body)
+	if err != nil {
+		return 0, fmt.Errorf("write: %w", err)
+	}
+	return n, nil
+}
+
+// UploadFile PUTs a local file to a presigned MinIO/S3 URL.
+// MinIO presigned PUT expects the raw bytes in the request body with
+// Content-Type application/octet-stream.
+func UploadFile(ctx context.Context, rawURL, filePath string) (int64, error) {
+	f, err := os.Open(filePath)
+	if err != nil {
+		return 0, fmt.Errorf("open: %w", err)
+	}
+	defer f.Close()
+
+	stat, err := f.Stat()
+	if err != nil {
+		return 0, fmt.Errorf("stat: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPut, rawURL, f)
+	if err != nil {
+		return 0, fmt.Errorf("new request: %w", err)
+	}
+	req.ContentLength = stat.Size()
+	req.Header.Set("Content-Type", "application/octet-stream")
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return 0, fmt.Errorf("PUT: %w", err)
+	}
+	defer resp.Body.Close()
+
+	// MinIO returns 200 on successful PUT of presigned objects
+	if resp.StatusCode >= 300 {
+		return 0, fmt.Errorf("upload server returned %d", resp.StatusCode)
+	}
+	return stat.Size(), nil
+}
@@ -32,7 +32,8 @@ func main() {
 	minioAccessKey := getEnv("MINIO_ACCESS_KEY", "minioadmin")
 	minioSecretKey := getEnv("MINIO_SECRET_KEY", "minioadmin")
 	minioUseSSL := getEnv("MINIO_USE_SSL", "false") == "true"
-	minioBucket     := getEnv("MINIO_BUCKET",        "flatrender-exports")
+	minioBucket         := getEnv("MINIO_BUCKET",          "flatrender-exports")
+	minioTemplatesBucket := getEnv("MINIO_TEMPLATES_BUCKET", "flatrender-templates")
 	notificationURL := getEnv("NOTIFICATION_URL",   "http://localhost:8080")
 	serviceToken    := getEnv("SERVICE_TOKEN",       "internal-service-secret")
 	port            := getEnv("PORT",                "8080")
@@ -63,7 +64,7 @@ func main() {
 	snapH    := handlers.NewSnapshotHandler(store)
 	exportH  := handlers.NewExportHandler(store, mc, minioBucket)
 	nodeH    := handlers.NewNodeHandler(store)
-	internalH := handlers.NewInternalHandler(store, notifyClient)
+	internalH := handlers.NewInternalHandler(store, notifyClient, mc, minioTemplatesBucket, minioBucket)

 	// ── Router ────────────────────────────────────────────────────────────────
 	r := gin.Default()
@@ -138,6 +139,7 @@ func main() {
 		internal.POST("/nodes/:node_id/cache-update", internalH.CacheUpdate)
 		internal.POST("/render/jobs/claim", internalH.Claim)
 		internal.POST("/render/jobs/:job_id/preview", internalH.Preview)
+		internal.POST("/render/jobs/:job_id/output-upload-url", internalH.OutputUploadURL)
 		internal.POST("/render/jobs/:job_id/frames", internalH.FrameProgress)
 		internal.POST("/render/jobs/:job_id/complete", internalH.Complete)
 		internal.POST("/render/jobs/:job_id/fail", internalH.Fail)
@@ -519,6 +519,57 @@ func (s *Store) ClaimJob(ctx context.Context, nodeID uuid.UUID, region string) (
 	return s.getJobByIDInternal(ctx, jobID)
 }

+// CreateExportForJob allocates a new Export row for a completed render job.
+// The export starts with a placeholder path `exports/{export_id}/output.mp4`.
+// The node agent uploads the MP4 to that MinIO path, then calls CompleteJob
+// with the returned export_id.
+func (s *Store) CreateExportForJob(ctx context.Context, jobID uuid.UUID) (*models.Export, error) {
+	// Look up the job to get tenant/user/project context
+	job, err := s.getJobByIDInternal(ctx, jobID)
+	if err != nil {
+		return nil, fmt.Errorf("job not found: %w", err)
+	}
+
+	exportID := uuid.New()
+	path := fmt.Sprintf("exports/%s/output.mp4", exportID)
+	now := time.Now()
+	autoDelete := now.AddDate(0, 0, 30) // 30-day retention
+
+	_, err = s.pool.Exec(ctx, `
+		INSERT INTO render.exports
+			(id, tenant_id, user_id, saved_project_id, original_project_id,
+			 render_job_id, path, file_extension, file_type, render_quality,
+			 create_type, size_bytes, produce_date, auto_delete_date,
+			 delete_notified, created_at)
+		VALUES
+			($1, $2, $3, $4, $5,
+			 $6, $7, 'mp4', 'video', $8,
+			 'render', 0, $9, $10,
+			 false, $9)`,
+		exportID, job.TenantID, job.UserID, job.SavedProjectID, job.OriginalProjectID,
+		job.ID, path, job.Quality,
+		now, autoDelete,
+	)
+	if err != nil {
+		return nil, fmt.Errorf("create export: %w", err)
+	}
+
+	return &models.Export{
+		ID:             exportID,
+		TenantID:       job.TenantID,
+		UserID:         job.UserID,
+		SavedProjectID: job.SavedProjectID,
+		Path:           path,
+		FileExtension:  "mp4",
+		FileType:       "video",
+		RenderQuality:  job.Quality,
+		CreateType:     "render",
+		ProduceDate:    now,
+		AutoDeleteDate: autoDelete,
+		CreatedAt:      now,
+	}, nil
+}
+
 // UpdateJobPreview stores a base64-encoded preview frame for a running job.
 // Called by the node agent every N frames to power the live preview UI.
 func (s *Store) UpdateJobPreview(ctx context.Context, jobID uuid.UUID, imageB64 string) error {
@@ -1,22 +1,35 @@
 package handlers

 import (
+	"context"
+	"fmt"
 	"net/http"
+	"time"

 	"github.com/flatrender/render-svc/internal/db"
 	"github.com/flatrender/render-svc/internal/models"
 	"github.com/flatrender/render-svc/internal/notifier"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
+	"github.com/minio/minio-go/v7"
 )

 type InternalHandler struct {
-	store    *db.Store
-	notifier *notifier.Client // may be nil — notifications are best-effort
+	store           *db.Store
+	notifier        *notifier.Client // may be nil — notifications are best-effort
+	minio           *minio.Client
+	templatesBucket string // bucket that holds .aep project files
+	exportsBucket   string // bucket that receives rendered MP4 outputs
 }

-func NewInternalHandler(store *db.Store, n *notifier.Client) *InternalHandler {
-	return &InternalHandler{store: store, notifier: n}
+func NewInternalHandler(store *db.Store, n *notifier.Client, mc *minio.Client, templatesBucket, exportsBucket string) *InternalHandler {
+	return &InternalHandler{
+		store:           store,
+		notifier:        n,
+		minio:           mc,
+		templatesBucket: templatesBucket,
+		exportsBucket:   exportsBucket,
+	}
 }

 // completeRequest is the body for POST .../complete
@@ -241,6 +254,21 @@ func (h *InternalHandler) Claim(c *gin.Context) {
 		return
 	}

+	// Generate presigned AEP download URL. AEP files are stored at
+	// templates/{original_project_id}/template.aep in the templates bucket.
+	// Errors are non-fatal — node agent falls back to mock render when URL is empty.
+	aepURL := ""
+	if h.minio != nil {
+		objectKey := fmt.Sprintf("templates/%s/template.aep", job.OriginalProjectID)
+		purl, perr := h.minio.PresignedGetObject(
+			context.Background(), h.templatesBucket, objectKey,
+			2*time.Hour, nil,
+		)
+		if perr == nil {
+			aepURL = purl.String()
+		}
+	}
+
 	c.JSON(http.StatusOK, models.ClaimedJob{
 		JobID:          job.ID,
 		SavedProjectID: job.SavedProjectID,
@@ -249,6 +277,43 @@ func (h *InternalHandler) Claim(c *gin.Context) {
 		FrameRate:      job.FrameRate,
 		HasMusic:       job.HasMusic,
 		HasVoiceover:   job.HasVoiceover,
+		AEPDownloadURL: aepURL,
+	})
+}
+
+// POST /v1/internal/render/jobs/:job_id/output-upload-url
+// Node agent calls this after rendering to get a presigned MinIO PUT URL.
+// Creates an Export record in the DB and returns the export_id + upload URL.
+func (h *InternalHandler) OutputUploadURL(c *gin.Context) {
+	jobID, err := uuid.Parse(c.Param("job_id"))
+	if err != nil {
+		c.JSON(http.StatusBadRequest, models.APIError{Code: "bad_request", Message: "invalid job_id"})
+		return
+	}
+
+	export, err := h.store.CreateExportForJob(c.Request.Context(), jobID)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, models.APIError{Code: "internal_error", Message: err.Error()})
+		return
+	}
+
+	expiry := 2 * time.Hour
+	purl, err := h.minio.PresignedPutObject(
+		context.Background(), h.exportsBucket, export.Path, expiry,
+	)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, models.APIError{
+			Code:    "presign_error",
+			Message: "could not generate upload URL",
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, models.OutputUploadURLResponse{
+		ExportID:  export.ID,
+		UploadURL: purl.String(),
+		ObjectKey: export.Path,
+		ExpiresAt: time.Now().Add(expiry),
 	})
 }

@@ -415,6 +415,17 @@ type ClaimedJob struct {
 	FrameRate      int       `json:"frame_rate"`
 	HasMusic       bool      `json:"has_music"`
 	HasVoiceover   bool      `json:"has_voiceover"`
+	// AEPDownloadURL is a presigned MinIO GET URL for the .aep project file.
+	// Valid for 2 hours. Empty when the template is not yet uploaded.
+	AEPDownloadURL string `json:"aep_download_url,omitempty"`
+}
+
+// OutputUploadURLResponse is returned by POST .../output-upload-url.
+type OutputUploadURLResponse struct {
+	ExportID  uuid.UUID `json:"export_id"`
+	UploadURL string    `json:"upload_url"`
+	ObjectKey string    `json:"object_key"`
+	ExpiresAt time.Time `json:"expires_at"`
 }

 type CacheUpdateRequest struct {