Add RBAC support with roles, permissions, and session management. Implement middleware for authentication and CSRF protection. Enhance audit logging with additional fields. Update HTTP handlers and routes for new features.

migrations/0003_jobs_details.sql

@@ -0,0 +1,2 @@
+-- 0003_jobs_details.sql
+ALTER TABLE jobs ADD COLUMN details TEXT;

migrations/0004_shares.sql

@@ -0,0 +1,9 @@
+-- 0004_shares.sql
+CREATE TABLE IF NOT EXISTS shares (
+  id TEXT PRIMARY KEY,
+  name TEXT,
+  path TEXT,
+  type TEXT,
+  options TEXT,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);

migrations/0006_minio.sql

@@ -0,0 +1,17 @@
+-- 0006_minio.sql
+CREATE TABLE IF NOT EXISTS object_storage (
+  id TEXT PRIMARY KEY,
+  name TEXT,
+  access_key TEXT,
+  secret_key TEXT,
+  data_path TEXT,
+  port INTEGER,
+  tls INTEGER DEFAULT 0,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS buckets (
+  id TEXT PRIMARY KEY,
+  name TEXT,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);

migrations/0007_iscsi.sql

@@ -0,0 +1,36 @@
+-- 0007_iscsi.sql
+CREATE TABLE IF NOT EXISTS iscsi_targets (
+  id TEXT PRIMARY KEY,
+  iqn TEXT NOT NULL UNIQUE,
+  name TEXT,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS iscsi_portals (
+  id TEXT PRIMARY KEY,
+  target_id TEXT NOT NULL,
+  address TEXT NOT NULL,
+  port INTEGER DEFAULT 3260,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY(target_id) REFERENCES iscsi_targets(id) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS iscsi_initiators (
+  id TEXT PRIMARY KEY,
+  target_id TEXT NOT NULL,
+  initiator_iqn TEXT NOT NULL,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY(target_id) REFERENCES iscsi_targets(id) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS iscsi_luns (
+  id TEXT PRIMARY KEY,
+  target_id TEXT NOT NULL,
+  lun_id INTEGER NOT NULL,
+  zvol TEXT NOT NULL,
+  size INTEGER,
+  blocksize INTEGER,
+  mapped INTEGER DEFAULT 0,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY(target_id) REFERENCES iscsi_targets(id) ON DELETE CASCADE
+);

migrations/0008_auth_rbac.sql

@@ -0,0 +1,54 @@
+-- 0008_auth_rbac.sql
+-- Enhanced users table (if not already exists, will be created by migrations.go)
+-- Roles table
+CREATE TABLE IF NOT EXISTS roles (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL UNIQUE,
+  description TEXT,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Permissions table
+CREATE TABLE IF NOT EXISTS permissions (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL UNIQUE,
+  description TEXT,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Many-to-many: roles to permissions
+CREATE TABLE IF NOT EXISTS role_permissions (
+  role_id TEXT NOT NULL,
+  permission_id TEXT NOT NULL,
+  PRIMARY KEY (role_id, permission_id),
+  FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE CASCADE,
+  FOREIGN KEY (permission_id) REFERENCES permissions(id) ON DELETE CASCADE
+);
+
+-- Many-to-many: users to roles
+CREATE TABLE IF NOT EXISTS user_roles (
+  user_id TEXT NOT NULL,
+  role_id TEXT NOT NULL,
+  PRIMARY KEY (user_id, role_id),
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+  FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE CASCADE
+);
+
+-- Sessions table for authentication
+CREATE TABLE IF NOT EXISTS sessions (
+  id TEXT PRIMARY KEY,
+  user_id TEXT NOT NULL,
+  token TEXT NOT NULL UNIQUE,
+  expires_at DATETIME NOT NULL,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_sessions_token ON sessions(token);
+CREATE INDEX IF NOT EXISTS idx_sessions_user_id ON sessions(user_id);
+CREATE INDEX IF NOT EXISTS idx_sessions_expires_at ON sessions(expires_at);
+
+-- Enhanced audit_events table (add missing columns if they don't exist)
+-- Note: SQLite doesn't support ALTER TABLE ADD COLUMN IF NOT EXISTS easily,
+-- so we'll handle this in the migration code
+