Merge pull request #41 from tstromberg/main

Add app tier support

Author: tstromberg

cmd/server/main.go

@@ -53,6 +53,7 @@ var (
 		return "*"
 	}(), "Comma-separated list of allowed webhook event types (use '*' for all, default: '*')")
 	debugHeaders = flag.Bool("debug-headers", false, "Log request headers for debugging (security warning: may log sensitive data)")
+	enforceTiers = flag.Bool("enforce-tiers", false, "Enforce GitHub Marketplace tier restrictions (default: false, logs warnings only)")
 )
 
 //nolint:funlen,gocognit,lll,revive,maintidx // Main function orchestrates entire server setup and cannot be split without losing clarity
@@ -88,9 +89,15 @@ func main() {
 
 	// CORS support removed - WebSocket clients should handle auth via Authorization header
 
-	hub := srv.NewHub()
+	hub := srv.NewHub(*enforceTiers)
 	go hub.Run(ctx)
 
+	if *enforceTiers {
+		log.Println("Tier enforcement ENABLED - private repo access restricted to Pro/Flock tiers")
+	} else {
+		log.Println("Tier enforcement DISABLED - will log warnings only (all users can access private repos)")
+	}
+
 	// Create connection limiter for WebSocket connections
 	connLimiter := security.NewConnectionLimiter(*maxConnsPerIP, *maxConnsTotal)
 

pkg/github/interface.go

@@ -10,6 +10,9 @@ type APIClient interface {
 
 	// ValidateOrgMembership validates that the authenticated user is a member of the specified organization.
 	ValidateOrgMembership(ctx context.Context, org string) (username string, orgs []string, err error)
+
+	// UserTier fetches the user's GitHub Marketplace subscription tier.
+	UserTier(ctx context.Context, username string) (Tier, error)
 }
 
 // Ensure Client implements APIClient interface.

pkg/github/mock.go

@@ -13,8 +13,10 @@ type MockClient struct {
 	Username                   string
 	LastValidatedOrg           string
 	Orgs                       []string
+	Tier                       Tier // Mock tier to return
 	UserAndOrgsCalls           int
 	ValidateOrgMembershipCalls int
+	UserTierCalls              int
 	mu                         sync.Mutex
 }
 
@@ -57,5 +59,20 @@ func (m *MockClient) ValidateOrgMembership(_ context.Context, org string) (usern
 	return m.Username, m.Orgs, nil
 }
 
+// UserTier returns the mock tier.
+func (m *MockClient) UserTier(_ context.Context, _ string) (Tier, error) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	m.UserTierCalls++
+	if m.Err != nil {
+		return TierFree, m.Err
+	}
+	// If no tier is set, default to TierFree
+	if m.Tier == "" {
+		return TierFree, nil
+	}
+	return m.Tier, nil
+}
+
 // Ensure MockClient implements APIClient interface.
 var _ APIClient = (*MockClient)(nil)

pkg/github/tier.go

@@ -0,0 +1,119 @@
+package github
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+)
+
+// Tier represents a GitHub Marketplace pricing tier.
+type Tier string
+
+const (
+	// TierFree is the default tier for users without a paid subscription.
+	TierFree Tier = "free"
+	// TierPro is the Pro tier for individual users.
+	TierPro Tier = "pro"
+	// TierFlock is the Flock tier for teams/organizations.
+	TierFlock Tier = "flock"
+)
+
+// MarketplacePlan represents a GitHub Marketplace subscription plan.
+type MarketplacePlan struct {
+	Name string `json:"name"`
+}
+
+// MarketplaceAccount represents a GitHub Marketplace account subscription.
+type MarketplaceAccount struct {
+	Plan MarketplacePlan `json:"plan"`
+}
+
+// UserTier fetches the user's GitHub Marketplace subscription tier.
+// Returns TierFree if no subscription exists or on API errors (graceful degradation).
+func (c *Client) UserTier(ctx context.Context, username string) (Tier, error) {
+	if username == "" {
+		return TierFree, errors.New("username cannot be empty")
+	}
+
+	// Query GitHub Marketplace API for user's subscription
+	url := fmt.Sprintf("https://api.github.com/marketplace_listing/accounts/%s", username)
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, http.NoBody)
+	if err != nil {
+		return TierFree, fmt.Errorf("failed to create marketplace API request: %w", err)
+	}
+
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", c.token))
+	req.Header.Set("Accept", "application/vnd.github+json")
+	req.Header.Set("X-Github-Api-Version", "2022-11-28")
+	req.Header.Set("User-Agent", "webhook-sprinkler/1.0")
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		c.logger.Warn("marketplace API request failed", "error", err, "username", username)
+		return TierFree, fmt.Errorf("marketplace API request failed: %w", err)
+	}
+	defer func() {
+		if closeErr := resp.Body.Close(); closeErr != nil {
+			c.logger.Warn("failed to close marketplace response body", "error", closeErr)
+		}
+	}()
+
+	// 404 means no subscription - this is normal, not an error
+	if resp.StatusCode == http.StatusNotFound {
+		c.logger.Info("no marketplace subscription found", "username", username)
+		return TierFree, nil
+	}
+
+	// Handle other error status codes
+	if resp.StatusCode != http.StatusOK {
+		body, err := io.ReadAll(io.LimitReader(resp.Body, 1<<10)) // Read up to 1KB for error message
+		if err != nil {
+			c.logger.Warn("failed to read error response", "error", err)
+		}
+		c.logger.Warn("marketplace API returned error",
+			"status", resp.StatusCode,
+			"username", username,
+			"body", string(body))
+		return TierFree, fmt.Errorf("marketplace API error: status %d", resp.StatusCode)
+	}
+
+	// Parse successful response
+	body, err := io.ReadAll(io.LimitReader(resp.Body, 1<<20)) // 1MB limit
+	if err != nil {
+		c.logger.Warn("failed to read marketplace response", "error", err)
+		return TierFree, fmt.Errorf("failed to read marketplace response: %w", err)
+	}
+
+	var account MarketplaceAccount
+	if err := json.Unmarshal(body, &account); err != nil {
+		c.logger.Warn("failed to parse marketplace response", "error", err, "body", string(body))
+		return TierFree, fmt.Errorf("failed to parse marketplace response: %w", err)
+	}
+
+	tier := mapPlanToTier(account.Plan.Name)
+	c.logger.Info("marketplace tier detected",
+		"username", username,
+		"plan", account.Plan.Name,
+		"tier", tier)
+
+	return tier, nil
+}
+
+// mapPlanToTier maps GitHub Marketplace plan names to internal tier constants.
+// Update this function when your marketplace listing is approved with the actual plan names.
+func mapPlanToTier(planName string) Tier {
+	switch strings.ToLower(planName) {
+	case "pro":
+		return TierPro
+	case "flock", "team", "enterprise":
+		return TierFlock
+	default:
+		// Unknown plan names default to free tier
+		return TierFree
+	}
+}

pkg/github/tier_cache.go

@@ -0,0 +1,111 @@
+package github
+
+import (
+	"sync"
+	"time"
+)
+
+// TierCache caches tier lookups to reduce API calls to GitHub Marketplace.
+// Implements thread-safe in-memory caching with TTL expiration.
+type TierCache struct {
+	mu      sync.RWMutex
+	cache   map[string]*tierEntry
+	ttl     time.Duration
+	stopCh  chan struct{}
+	stopped chan struct{}
+}
+
+// tierEntry represents a cached tier with expiration.
+type tierEntry struct {
+	tier      Tier
+	expiresAt time.Time
+}
+
+// NewTierCache creates a new tier cache with the specified TTL.
+// A background goroutine periodically cleans up expired entries.
+func NewTierCache(ttl time.Duration) *TierCache {
+	tc := &TierCache{
+		cache:   make(map[string]*tierEntry),
+		ttl:     ttl,
+		stopCh:  make(chan struct{}),
+		stopped: make(chan struct{}),
+	}
+
+	// Start cleanup goroutine
+	go tc.cleanupLoop()
+
+	return tc
+}
+
+// Get retrieves a tier from the cache.
+// Returns (tier, true) if found and not expired, (TierFree, false) otherwise.
+func (tc *TierCache) Get(username string) (Tier, bool) {
+	tc.mu.RLock()
+	defer tc.mu.RUnlock()
+
+	entry, ok := tc.cache[username]
+	if !ok {
+		return TierFree, false
+	}
+
+	// Check expiration
+	if time.Now().After(entry.expiresAt) {
+		return TierFree, false
+	}
+
+	return entry.tier, true
+}
+
+// Set stores a tier in the cache with TTL expiration.
+func (tc *TierCache) Set(username string, tier Tier) {
+	tc.mu.Lock()
+	defer tc.mu.Unlock()
+
+	tc.cache[username] = &tierEntry{
+		tier:      tier,
+		expiresAt: time.Now().Add(tc.ttl),
+	}
+}
+
+// Stop stops the cleanup goroutine and waits for it to finish.
+// Safe to call multiple times (subsequent calls are no-ops).
+func (tc *TierCache) Stop() {
+	select {
+	case <-tc.stopCh:
+		// Already stopped
+		return
+	default:
+		close(tc.stopCh)
+		<-tc.stopped
+	}
+}
+
+// cleanupLoop runs periodically to remove expired cache entries.
+func (tc *TierCache) cleanupLoop() {
+	defer close(tc.stopped)
+
+	ticker := time.NewTicker(1 * time.Hour)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-tc.stopCh:
+			return
+		case <-ticker.C:
+			tc.cleanup()
+		}
+	}
+}
+
+// cleanup removes expired entries from the cache.
+func (tc *TierCache) cleanup() {
+	tc.mu.Lock()
+	defer tc.mu.Unlock()
+
+	now := time.Now()
+	for username, entry := range tc.cache {
+		if now.After(entry.expiresAt) {
+			delete(tc.cache, username)
+		}
+	}
+}

pkg/srv/client.go

@@ -10,6 +10,7 @@ import (
 
 	"golang.org/x/net/websocket"
 
+	"github.com/codeGROOVE-dev/sprinkler/pkg/github"
 	"github.com/codeGROOVE-dev/sprinkler/pkg/logger"
 )
 
@@ -52,12 +53,13 @@ type Client struct {
 	userOrgs     map[string]bool
 	ID           string
 	subscription Subscription
+	tier         github.Tier // GitHub Marketplace tier
 	closeOnce    sync.Once
 	closed       uint32 // Atomic flag: 1 if closed, 0 if open
 }
 
 // NewClient creates a new client.
-func NewClient(ctx context.Context, id string, sub Subscription, conn *websocket.Conn, hub *Hub, userOrgs []string) *Client {
+func NewClient(ctx context.Context, id string, sub Subscription, conn *websocket.Conn, hub *Hub, userOrgs []string, tier github.Tier) *Client {
 	// Limit the number of orgs to prevent memory exhaustion
 	const maxOrgs = 1000
 	orgsToProcess := userOrgs
@@ -85,6 +87,7 @@ func NewClient(ctx context.Context, id string, sub Subscription, conn *websocket
 		hub:          hub,
 		done:         make(chan struct{}),
 		userOrgs:     orgsMap,
+		tier:         tier,
 	}
 }
 
@@ -197,3 +200,9 @@ func (c *Client) Close() {
 func (c *Client) IsClosed() bool {
 	return atomic.LoadUint32(&c.closed) != 0
 }
+
+// CanAccessPrivateRepos returns true if the client's tier allows private repo access.
+// Only Pro and Flock tiers have access to private repository events.
+func (c *Client) CanAccessPrivateRepos() bool {
+	return c.tier == github.TierPro || c.tier == github.TierFlock
+}

pkg/srv/client_test_helper.go

@@ -0,0 +1,15 @@
+package srv
+
+import (
+	"context"
+
+	"golang.org/x/net/websocket"
+
+	"github.com/codeGROOVE-dev/sprinkler/pkg/github"
+)
+
+// NewClientForTest creates a new client for testing with default TierFree.
+// This maintains backward compatibility with existing tests.
+func NewClientForTest(ctx context.Context, id string, sub Subscription, conn *websocket.Conn, hub *Hub, userOrgs []string) *Client {
+	return NewClient(ctx, id, sub, conn, hub, userOrgs, github.TierFree)
+}