Local-first runtime cleanup and recovery hardening

2026-03-07 23:18:07 +03:00
parent 4e977737ee
commit 06397a6bd1
53 changed files with 1856 additions and 2080 deletions
--- a/internal/localdb/localdb.go
+++ b/internal/localdb/localdb.go
@@ -1,6 +1,7 @@
 package localdb

 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"log/slog"
@@ -42,6 +43,14 @@ type LocalDB struct {
 	path string
 }

+var localReadOnlyCacheTables = []string{
+	"local_pricelist_items",
+	"local_pricelists",
+	"local_components",
+	"local_partnumber_book_items",
+	"local_partnumber_books",
+}
+
 // ResetData clears local data tables while keeping connection settings.
 // It does not drop schema or connection_settings.
 func ResetData(dbPath string) error {
@@ -70,7 +79,6 @@ func ResetData(dbPath string) error {
 		"local_pricelists",
 		"local_pricelist_items",
 		"local_components",
-		"local_remote_migrations_applied",
 		"local_sync_guard_state",
 		"pending_changes",
 		"app_settings",
@@ -111,6 +119,12 @@ func New(dbPath string) (*LocalDB, error) {
 	if err := ensureLocalProjectsTable(db); err != nil {
 		return nil, fmt.Errorf("ensure local_projects table: %w", err)
 	}
+	if err := prepareLocalPartnumberBookCatalog(db); err != nil {
+		return nil, fmt.Errorf("prepare local partnumber book catalog: %w", err)
+	}
+	if err := cleanupStaleReadOnlyCacheTempTables(db); err != nil {
+		return nil, fmt.Errorf("cleanup stale read-only cache temp tables: %w", err)
+	}

 	// Preflight: ensure local_projects has non-null UUIDs before AutoMigrate rebuilds tables.
 	if db.Migrator().HasTable(&LocalProject{}) {
@@ -131,24 +145,28 @@ func New(dbPath string) (*LocalDB, error) {
 	}

 	// Auto-migrate all local tables
-	if err := db.AutoMigrate(
-		&ConnectionSettings{},
-		&LocalConfiguration{},
-		&LocalConfigurationVersion{},
-		&LocalPricelist{},
-		&LocalPricelistItem{},
-		&LocalComponent{},
-		&AppSetting{},
-		&LocalRemoteMigrationApplied{},
-		&LocalSyncGuardState{},
-		&PendingChange{},
-		&LocalPartnumberBook{},
-		&LocalPartnumberBookItem{},
-	); err != nil {
-		return nil, fmt.Errorf("migrating sqlite database: %w", err)
+	if err := autoMigrateLocalSchema(db); err != nil {
+		if recovered, recoveryErr := recoverFromReadOnlyCacheInitFailure(db, err); recoveryErr != nil {
+			return nil, fmt.Errorf("migrating sqlite database: %w (recovery failed: %v)", err, recoveryErr)
+		} else if !recovered {
+			return nil, fmt.Errorf("migrating sqlite database: %w", err)
+		}
+		if err := autoMigrateLocalSchema(db); err != nil {
+			return nil, fmt.Errorf("migrating sqlite database after cache recovery: %w", err)
+		}
+	}
+	if err := ensureLocalPartnumberBookItemTable(db); err != nil {
+		return nil, fmt.Errorf("ensure local partnumber book item table: %w", err)
 	}
 	if err := runLocalMigrations(db); err != nil {
-		return nil, fmt.Errorf("running local sqlite migrations: %w", err)
+		if recovered, recoveryErr := recoverFromReadOnlyCacheInitFailure(db, err); recoveryErr != nil {
+			return nil, fmt.Errorf("running local sqlite migrations: %w (recovery failed: %v)", err, recoveryErr)
+		} else if !recovered {
+			return nil, fmt.Errorf("running local sqlite migrations: %w", err)
+		}
+		if err := runLocalMigrations(db); err != nil {
+			return nil, fmt.Errorf("running local sqlite migrations after cache recovery: %w", err)
+		}
 	}

 	slog.Info("local SQLite database initialized", "path", dbPath)
@@ -191,6 +209,282 @@ CREATE TABLE local_projects (
 	return nil
 }

+func autoMigrateLocalSchema(db *gorm.DB) error {
+	return db.AutoMigrate(
+		&ConnectionSettings{},
+		&LocalConfiguration{},
+		&LocalConfigurationVersion{},
+		&LocalPricelist{},
+		&LocalPricelistItem{},
+		&LocalComponent{},
+		&AppSetting{},
+		&LocalSyncGuardState{},
+		&PendingChange{},
+		&LocalPartnumberBook{},
+	)
+}
+
+func sanitizeLocalPartnumberBookCatalog(db *gorm.DB) error {
+	if !db.Migrator().HasTable(&LocalPartnumberBookItem{}) {
+		return nil
+	}
+
+	// Old local databases may contain partially migrated catalog rows with NULL/empty
+	// partnumber values. SQLite table rebuild during AutoMigrate fails on such rows once
+	// the schema enforces NOT NULL, so remove them before AutoMigrate touches the table.
+	if err := db.Exec(`
+		DELETE FROM local_partnumber_book_items
+		WHERE partnumber IS NULL OR TRIM(partnumber) = ''
+	`).Error; err != nil {
+		return err
+	}
+	return nil
+}
+
+func prepareLocalPartnumberBookCatalog(db *gorm.DB) error {
+	if err := cleanupStaleLocalPartnumberBookCatalogTempTable(db); err != nil {
+		if recoveryErr := recoverLocalPartnumberBookCatalog(db, fmt.Errorf("cleanup stale temp table: %w", err)); recoveryErr != nil {
+			return recoveryErr
+		}
+		return nil
+	}
+	if err := sanitizeLocalPartnumberBookCatalog(db); err != nil {
+		if recoveryErr := recoverLocalPartnumberBookCatalog(db, fmt.Errorf("sanitize catalog: %w", err)); recoveryErr != nil {
+			return recoveryErr
+		}
+		return nil
+	}
+	if err := migrateLegacyPartnumberBookCatalogBeforeAutoMigrate(db); err != nil {
+		if recoveryErr := recoverLocalPartnumberBookCatalog(db, fmt.Errorf("migrate legacy catalog: %w", err)); recoveryErr != nil {
+			return recoveryErr
+		}
+		return nil
+	}
+	if err := ensureLocalPartnumberBookItemTable(db); err != nil {
+		if recoveryErr := recoverLocalPartnumberBookCatalog(db, fmt.Errorf("ensure canonical catalog table: %w", err)); recoveryErr != nil {
+			return recoveryErr
+		}
+		return nil
+	}
+	if err := validateLocalPartnumberBookCatalog(db); err != nil {
+		if recoveryErr := recoverLocalPartnumberBookCatalog(db, fmt.Errorf("validate canonical catalog: %w", err)); recoveryErr != nil {
+			return recoveryErr
+		}
+	}
+	return nil
+}
+
+func cleanupStaleReadOnlyCacheTempTables(db *gorm.DB) error {
+	for _, tableName := range localReadOnlyCacheTables {
+		tempName := tableName + "__temp"
+		if !db.Migrator().HasTable(tempName) {
+			continue
+		}
+		if db.Migrator().HasTable(tableName) {
+			if err := db.Exec(`DROP TABLE ` + tempName).Error; err != nil {
+				return err
+			}
+			continue
+		}
+		if err := quarantineSQLiteTable(db, tempName, localReadOnlyCacheQuarantineTableName(tableName, "temp")); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func cleanupStaleLocalPartnumberBookCatalogTempTable(db *gorm.DB) error {
+	if !db.Migrator().HasTable("local_partnumber_book_items__temp") {
+		return nil
+	}
+	if db.Migrator().HasTable(&LocalPartnumberBookItem{}) {
+		return db.Exec(`DROP TABLE local_partnumber_book_items__temp`).Error
+	}
+	return quarantineSQLiteTable(db, "local_partnumber_book_items__temp", localPartnumberBookCatalogQuarantineTableName("temp"))
+}
+
+func migrateLegacyPartnumberBookCatalogBeforeAutoMigrate(db *gorm.DB) error {
+	if !db.Migrator().HasTable(&LocalPartnumberBookItem{}) {
+		return nil
+	}
+
+	// Legacy databases may still have the pre-catalog shape (`book_id`/`lot_name`) or the
+	// intermediate canonical shape with obsolete columns like `is_primary_pn`. Let the
+	// explicit rebuild logic normalize this table before GORM AutoMigrate attempts a
+	// table-copy migration on its own.
+	return migrateLocalPartnumberBookCatalog(db)
+}
+
+func ensureLocalPartnumberBookItemTable(db *gorm.DB) error {
+	if db.Migrator().HasTable(&LocalPartnumberBookItem{}) {
+		return nil
+	}
+	if err := db.Exec(`
+		CREATE TABLE local_partnumber_book_items (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			partnumber TEXT NOT NULL UNIQUE,
+			lots_json TEXT NOT NULL,
+			description TEXT
+		)
+	`).Error; err != nil {
+		return err
+	}
+	return db.Exec(`CREATE UNIQUE INDEX IF NOT EXISTS idx_local_partnumber_book_items_partnumber ON local_partnumber_book_items(partnumber)`).Error
+}
+
+func validateLocalPartnumberBookCatalog(db *gorm.DB) error {
+	if !db.Migrator().HasTable(&LocalPartnumberBookItem{}) {
+		return nil
+	}
+
+	type rawCatalogRow struct {
+		Partnumber  string `gorm:"column:partnumber"`
+		LotsJSON    string `gorm:"column:lots_json"`
+		Description string `gorm:"column:description"`
+	}
+
+	var rows []rawCatalogRow
+	if err := db.Raw(`
+		SELECT partnumber, lots_json, COALESCE(description, '') AS description
+		FROM local_partnumber_book_items
+		ORDER BY id ASC
+	`).Scan(&rows).Error; err != nil {
+		return fmt.Errorf("load canonical catalog rows: %w", err)
+	}
+
+	seen := make(map[string]struct{}, len(rows))
+	for _, row := range rows {
+		partnumber := strings.TrimSpace(row.Partnumber)
+		if partnumber == "" {
+			return errors.New("catalog contains empty partnumber")
+		}
+		if _, exists := seen[partnumber]; exists {
+			return fmt.Errorf("catalog contains duplicate partnumber %q", partnumber)
+		}
+		seen[partnumber] = struct{}{}
+		if strings.TrimSpace(row.LotsJSON) == "" {
+			return fmt.Errorf("catalog row %q has empty lots_json", partnumber)
+		}
+		var lots LocalPartnumberBookLots
+		if err := json.Unmarshal([]byte(row.LotsJSON), &lots); err != nil {
+			return fmt.Errorf("catalog row %q has invalid lots_json: %w", partnumber, err)
+		}
+	}
+
+	return nil
+}
+
+func recoverLocalPartnumberBookCatalog(db *gorm.DB, cause error) error {
+	slog.Warn("recovering broken local partnumber book catalog", "error", cause.Error())
+
+	if err := ensureLocalPartnumberBooksCatalogColumn(db); err != nil {
+		return fmt.Errorf("ensure local_partnumber_books.partnumbers_json during recovery: %w", err)
+	}
+
+	if db.Migrator().HasTable("local_partnumber_book_items__temp") {
+		if err := quarantineSQLiteTable(db, "local_partnumber_book_items__temp", localPartnumberBookCatalogQuarantineTableName("temp")); err != nil {
+			return fmt.Errorf("quarantine local_partnumber_book_items__temp: %w", err)
+		}
+	}
+	if db.Migrator().HasTable(&LocalPartnumberBookItem{}) {
+		if err := quarantineSQLiteTable(db, "local_partnumber_book_items", localPartnumberBookCatalogQuarantineTableName("broken")); err != nil {
+			return fmt.Errorf("quarantine local_partnumber_book_items: %w", err)
+		}
+	}
+	if err := ensureLocalPartnumberBookItemTable(db); err != nil {
+		return fmt.Errorf("recreate local_partnumber_book_items after recovery: %w", err)
+	}
+
+	slog.Warn("local partnumber book catalog reset to empty cache; next sync will rebuild it")
+	return nil
+}
+
+func recoverFromReadOnlyCacheInitFailure(db *gorm.DB, cause error) (bool, error) {
+	lowerCause := strings.ToLower(cause.Error())
+	recoveredAny := false
+
+	for _, tableName := range affectedReadOnlyCacheTables(lowerCause) {
+		if err := resetReadOnlyCacheTable(db, tableName); err != nil {
+			return recoveredAny, err
+		}
+		recoveredAny = true
+	}
+
+	if strings.Contains(lowerCause, "local_partnumber_book_items") || strings.Contains(lowerCause, "local_partnumber_books") {
+		if err := recoverLocalPartnumberBookCatalog(db, cause); err != nil {
+			return recoveredAny, err
+		}
+		recoveredAny = true
+	}
+
+	if recoveredAny {
+		slog.Warn("recovered read-only local cache tables after startup failure", "error", cause.Error())
+	}
+	return recoveredAny, nil
+}
+
+func affectedReadOnlyCacheTables(lowerCause string) []string {
+	affected := make([]string, 0, len(localReadOnlyCacheTables))
+	for _, tableName := range localReadOnlyCacheTables {
+		if tableName == "local_partnumber_book_items" || tableName == "local_partnumber_books" {
+			continue
+		}
+		if strings.Contains(lowerCause, tableName) {
+			affected = append(affected, tableName)
+		}
+	}
+	return affected
+}
+
+func resetReadOnlyCacheTable(db *gorm.DB, tableName string) error {
+	slog.Warn("resetting read-only local cache table", "table", tableName)
+	tempName := tableName + "__temp"
+	if db.Migrator().HasTable(tempName) {
+		if err := quarantineSQLiteTable(db, tempName, localReadOnlyCacheQuarantineTableName(tableName, "temp")); err != nil {
+			return fmt.Errorf("quarantine temp table %s: %w", tempName, err)
+		}
+	}
+	if db.Migrator().HasTable(tableName) {
+		if err := quarantineSQLiteTable(db, tableName, localReadOnlyCacheQuarantineTableName(tableName, "broken")); err != nil {
+			return fmt.Errorf("quarantine table %s: %w", tableName, err)
+		}
+	}
+	return nil
+}
+
+func ensureLocalPartnumberBooksCatalogColumn(db *gorm.DB) error {
+	if !db.Migrator().HasTable(&LocalPartnumberBook{}) {
+		return nil
+	}
+	if db.Migrator().HasColumn(&LocalPartnumberBook{}, "partnumbers_json") {
+		return nil
+	}
+	return db.Exec(`ALTER TABLE local_partnumber_books ADD COLUMN partnumbers_json TEXT NOT NULL DEFAULT '[]'`).Error
+}
+
+func quarantineSQLiteTable(db *gorm.DB, tableName string, quarantineName string) error {
+	if !db.Migrator().HasTable(tableName) {
+		return nil
+	}
+	if tableName == quarantineName {
+		return nil
+	}
+	if db.Migrator().HasTable(quarantineName) {
+		if err := db.Exec(`DROP TABLE ` + quarantineName).Error; err != nil {
+			return err
+		}
+	}
+	return db.Exec(`ALTER TABLE ` + tableName + ` RENAME TO ` + quarantineName).Error
+}
+
+func localPartnumberBookCatalogQuarantineTableName(kind string) string {
+	return "local_partnumber_book_items_" + kind + "_" + time.Now().UTC().Format("20060102150405")
+}
+
+func localReadOnlyCacheQuarantineTableName(tableName string, kind string) string {
+	return tableName + "_" + kind + "_" + time.Now().UTC().Format("20060102150405")
+}
+
 // HasSettings returns true if connection settings exist
 func (l *LocalDB) HasSettings() bool {
 	var count int64
@@ -206,10 +500,23 @@ func (l *LocalDB) GetSettings() (*ConnectionSettings, error) {
 	}

 	// Decrypt password
-	password, err := Decrypt(settings.PasswordEncrypted)
+	password, migrated, err := DecryptWithMetadata(settings.PasswordEncrypted)
 	if err != nil {
 		return nil, fmt.Errorf("decrypting password: %w", err)
 	}
+
+	if migrated {
+		encrypted, encryptErr := Encrypt(password)
+		if encryptErr != nil {
+			return nil, fmt.Errorf("re-encrypting legacy password: %w", encryptErr)
+		}
+		if err := l.db.Model(&ConnectionSettings{}).
+			Where("id = ?", settings.ID).
+			Update("password_encrypted", encrypted).Error; err != nil {
+			return nil, fmt.Errorf("upgrading legacy password encryption: %w", err)
+		}
+	}
+
 	settings.PasswordEncrypted = password // Return decrypted password in this field

 	return &settings, nil
@@ -1235,42 +1542,6 @@ func (l *LocalDB) repairConfigurationChange(change *PendingChange) error {
 	return nil
 }

-// GetRemoteMigrationApplied returns a locally applied remote migration by ID.
-func (l *LocalDB) GetRemoteMigrationApplied(id string) (*LocalRemoteMigrationApplied, error) {
-	var migration LocalRemoteMigrationApplied
-	if err := l.db.Where("id = ?", id).First(&migration).Error; err != nil {
-		return nil, err
-	}
-	return &migration, nil
-}
-
-// UpsertRemoteMigrationApplied writes applied migration metadata.
-func (l *LocalDB) UpsertRemoteMigrationApplied(id, checksum, appVersion string, appliedAt time.Time) error {
-	record := &LocalRemoteMigrationApplied{
-		ID:         id,
-		Checksum:   checksum,
-		AppVersion: appVersion,
-		AppliedAt:  appliedAt,
-	}
-	return l.db.Clauses(clause.OnConflict{
-		Columns: []clause.Column{{Name: "id"}},
-		DoUpdates: clause.Assignments(map[string]interface{}{
-			"checksum":    checksum,
-			"app_version": appVersion,
-			"applied_at":  appliedAt,
-		}),
-	}).Create(record).Error
-}
-
-// GetLatestAppliedRemoteMigrationID returns last applied remote migration id.
-func (l *LocalDB) GetLatestAppliedRemoteMigrationID() (string, error) {
-	var record LocalRemoteMigrationApplied
-	if err := l.db.Order("applied_at DESC").First(&record).Error; err != nil {
-		return "", err
-	}
-	return record.ID, nil
-}
-
 // GetSyncGuardState returns the latest readiness guard state.
 func (l *LocalDB) GetSyncGuardState() (*LocalSyncGuardState, error) {
 	var state LocalSyncGuardState