Add admin config page and runtime-tunable upload/rate-limit settings

internal/api/middleware/ratelimit.go

@@ -48,6 +48,8 @@ func (b *tokenBucket) allow() bool {
 
 type ipClient struct {
 	bucket   *tokenBucket
+	max      int
+	burst    int
 	lastSeen time.Time
 }
 
@@ -58,6 +60,12 @@ type ipClient struct {
 // burst: optional burst capacity (defaults to max if <=0)
 // ttl: how long to keep idle IP buckets around
 func RateLimitByIP(max int, per time.Duration, burst int, ttl time.Duration) gin.HandlerFunc {
+	return RateLimitByIPDynamic(func() int { return max }, per, func() int { return burst }, ttl)
+}
+
+// RateLimitByIPDynamic is like RateLimitByIP but reads max/burst dynamically.
+// This allows changing limits at runtime (e.g. from an admin config page).
+func RateLimitByIPDynamic(maxFn func() int, per time.Duration, burstFn func() int, ttl time.Duration) gin.HandlerFunc {
 	var (
 		mu      sync.Mutex
 		clients = make(map[string]*ipClient)
@@ -86,16 +94,22 @@ func RateLimitByIP(max int, per time.Duration, burst int, ttl time.Duration) gin
 		}
 	}
 
-	getClient := func(ip string, now time.Time) *ipClient {
+	getClient := func(ip string, now time.Time, max int, burst int) *ipClient {
 		mu.Lock()
 		defer mu.Unlock()
 		c, ok := clients[ip]
 		if !ok {
-			c = &ipClient{bucket: newTokenBucket(max, per, burst), lastSeen: now}
+			c = &ipClient{bucket: newTokenBucket(max, per, burst), max: max, burst: burst, lastSeen: now}
 			clients[ip] = c
 			return c
 		}
 		c.lastSeen = now
+		// If settings changed, reset the bucket.
+		if c.max != max || c.burst != burst {
+			c.bucket = newTokenBucket(max, per, burst)
+			c.max = max
+			c.burst = burst
+		}
 		return c
 	}
 
@@ -104,7 +118,15 @@ func RateLimitByIP(max int, per time.Duration, burst int, ttl time.Duration) gin
 		cleanup(now)
 
 		ip := c.ClientIP()
-		client := getClient(ip, now)
+		max := maxFn()
+		if max <= 0 {
+			max = 1
+		}
+		burst := burstFn()
+		if burst <= 0 {
+			burst = max
+		}
+		client := getClient(ip, now, max, burst)
 
 		if !client.bucket.allow() {
 			c.AbortWithStatusJSON(http.StatusTooManyRequests, gin.H{

internal/auth/routes.go

@@ -2,17 +2,30 @@ package auth
 
 import (
 	"ResendIt/internal/api/middleware"
+	"ResendIt/internal/config"
 	"time"
 
 	"github.com/gin-gonic/gin"
 )
 
-func RegisterRoutes(r *gin.RouterGroup, h *Handler) {
+type ConfigService interface {
+	GetIntDefault(key string, def int) int
+}
+
+func RegisterRoutes(r *gin.RouterGroup, h *Handler, cfg ConfigService) {
 	auth := r.Group("/auth")
 
 	// Stricter rate limit on login to reduce brute-force / log spam.
-	// 5 attempts per minute per IP, burst 10.
-	auth.POST("/login", middleware.RateLimitByIP(5, time.Minute, 10, 15*time.Minute), h.Login)
+	auth.POST("/login", middleware.RateLimitByIPDynamic(
+		func() int {
+			return cfg.GetIntDefault(config.KeyRateLimitLoginPerMinute, config.DefaultRateLimitLoginPerMinute)
+		},
+		time.Minute,
+		func() int {
+			return cfg.GetIntDefault(config.KeyRateLimitLoginBurst, config.DefaultRateLimitLoginBurst)
+		},
+		15*time.Minute,
+	), h.Login)
 
 	protected := auth.Group("/")
 	protected.Use(middleware.AuthMiddleware())

internal/config/defaults.go

@@ -0,0 +1,23 @@
+package config
+
+const (
+	KeyUploadMaxFileSizeBytes   = "upload.max_file_size_bytes"
+	KeyUploadMultiMaxFiles      = "upload.multi.max_files"
+	KeyUploadMaxHours           = "upload.max_hours"
+	KeyRateLimitLoginPerMinute  = "ratelimit.login.per_minute"
+	KeyRateLimitApiPerMinute    = "ratelimit.api.per_minute"
+	KeyRateLimitApiBurst        = "ratelimit.api.burst"
+	KeyRateLimitLoginBurst      = "ratelimit.login.burst"
+)
+
+// Defaults (used when DB does not have an override)
+const (
+	DefaultUploadMaxFileSizeBytes int64 = 10 << 30 // 10 GiB (matches MaxMultipartMemory intent)
+	DefaultUploadMultiMaxFiles          = 50
+	DefaultUploadMaxHours               = 24 * 7 // 7 days
+
+	DefaultRateLimitLoginPerMinute = 5
+	DefaultRateLimitLoginBurst     = 10
+	DefaultRateLimitApiPerMinute   = 60
+	DefaultRateLimitApiBurst       = 30
+)

internal/config/model.go

@@ -0,0 +1,21 @@
+package config
+
+import "time"
+
+// ConfigEntry stores runtime-tunable configuration in the database.
+// Values are stored as strings but helpers exist for ints/bools/durations.
+//
+// NOTE: keep keys stable; they are effectively part of the public admin surface.
+//
+// Example keys:
+// - upload.max_file_size_bytes
+// - upload.multi.max_files
+// - upload.max_hours
+// - ratelimit.login.per_minute
+// - ratelimit.api.per_minute
+//
+type ConfigEntry struct {
+	Key       string `gorm:"primaryKey;size:128"`
+	Value     string `gorm:"size:2048"`
+	UpdatedAt time.Time
+}

internal/config/repository.go

@@ -0,0 +1,40 @@
+package config
+
+import "gorm.io/gorm"
+
+type Repository struct {
+	db *gorm.DB
+}
+
+func NewRepository(db *gorm.DB) *Repository {
+	return &Repository{db: db}
+}
+
+func (r *Repository) Get(key string) (*ConfigEntry, error) {
+	var e ConfigEntry
+	if err := r.db.First(&e, "key = ?", key).Error; err != nil {
+		return nil, err
+	}
+	return &e, nil
+}
+
+func (r *Repository) Upsert(key, value string) error {
+	// Prefer a simple approach that works across sqlite/postgres/mysql.
+	// Try update first, then insert if nothing updated.
+	res := r.db.Model(&ConfigEntry{}).Where("key = ?", key).Update("value", value)
+	if res.Error != nil {
+		return res.Error
+	}
+	if res.RowsAffected > 0 {
+		return nil
+	}
+	return r.db.Create(&ConfigEntry{Key: key, Value: value}).Error
+}
+
+func (r *Repository) List() ([]ConfigEntry, error) {
+	var entries []ConfigEntry
+	if err := r.db.Order("key asc").Find(&entries).Error; err != nil {
+		return nil, err
+	}
+	return entries, nil
+}

internal/config/service.go

@@ -0,0 +1,125 @@
+package config
+
+import (
+	"errors"
+	"strconv"
+	"sync"
+	"time"
+
+	"gorm.io/gorm"
+)
+
+type Service struct {
+	repo *Repository
+
+	// Small in-memory cache to avoid hitting the DB on every request.
+	// Updated on SetString; lazy-filled on first Get.
+	mu    sync.RWMutex
+	cache map[string]string
+}
+
+func NewService(r *Repository) *Service {
+	return &Service{repo: r, cache: make(map[string]string)}
+}
+
+func (s *Service) List() ([]ConfigEntry, error) {
+	entries, err := s.repo.List()
+	if err != nil {
+		return nil, err
+	}
+	// refresh cache snapshot
+	s.mu.Lock()
+	for _, e := range entries {
+		s.cache[e.Key] = e.Value
+	}
+	s.mu.Unlock()
+	return entries, nil
+}
+
+func (s *Service) SetString(key, value string) error {
+	if err := s.repo.Upsert(key, value); err != nil {
+		return err
+	}
+	s.mu.Lock()
+	s.cache[key] = value
+	s.mu.Unlock()
+	return nil
+}
+
+func (s *Service) GetStringDefault(key, def string) string {
+	s.mu.RLock()
+	v, ok := s.cache[key]
+	s.mu.RUnlock()
+	if ok {
+		if v == "" {
+			return def
+		}
+		return v
+	}
+
+	e, err := s.repo.Get(key)
+	if err != nil {
+		return def
+	}
+
+	s.mu.Lock()
+	s.cache[key] = e.Value
+	s.mu.Unlock()
+
+	if e.Value == "" {
+		return def
+	}
+	return e.Value
+}
+
+func (s *Service) GetIntDefault(key string, def int) int {
+	v := s.GetStringDefault(key, "")
+	if v == "" {
+		return def
+	}
+	n, err := strconv.Atoi(v)
+	if err != nil {
+		return def
+	}
+	return n
+}
+
+func (s *Service) GetInt64Default(key string, def int64) int64 {
+	v := s.GetStringDefault(key, "")
+	if v == "" {
+		return def
+	}
+	n, err := strconv.ParseInt(v, 10, 64)
+	if err != nil {
+		return def
+	}
+	return n
+}
+
+func (s *Service) GetBoolDefault(key string, def bool) bool {
+	v := s.GetStringDefault(key, "")
+	if v == "" {
+		return def
+	}
+	b, err := strconv.ParseBool(v)
+	if err != nil {
+		return def
+	}
+	return b
+}
+
+func (s *Service) GetDurationSecondsDefault(key string, def time.Duration) time.Duration {
+	v := s.GetStringDefault(key, "")
+	if v == "" {
+		return def
+	}
+	n, err := strconv.Atoi(v)
+	if err != nil {
+		return def
+	}
+	return time.Duration(n) * time.Second
+}
+
+func IsNotFound(err error) bool {
+	return errors.Is(err, gorm.ErrRecordNotFound)
+}

internal/file/handlers.go

@@ -1,6 +1,7 @@
 package file
 
 import (
+	"ResendIt/internal/config"
 	"ResendIt/internal/util"
 	"fmt"
 	"net/http"
@@ -12,11 +13,19 @@ import (
 )
 
 type Handler struct {
-	service *Service
+	service       *Service
+	configService ConfigService
 }
 
-func NewHandler(s *Service) *Handler {
-	return &Handler{service: s}
+// ConfigService is the small interface we need from the config package.
+// Keeping it as an interface avoids import cycles and keeps file.Handler easy to test.
+type ConfigService interface {
+	GetIntDefault(key string, def int) int
+	GetInt64Default(key string, def int64) int64
+}
+
+func NewHandler(s *Service, cfg ConfigService) *Handler {
+	return &Handler{service: s, configService: cfg}
 }
 
 func (h *Handler) Upload(c *gin.Context) {
@@ -32,6 +41,12 @@ func (h *Handler) Upload(c *gin.Context) {
 		return
 	}
 
+	maxSize := h.configService.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
+	if file.Size > maxSize {
+		c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "file too large"})
+		return
+	}
+
 	f, err := file.Open()
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "cannot open file"})
@@ -46,6 +61,10 @@ func (h *Handler) Upload(c *gin.Context) {
 	if err != nil || hours <= 0 {
 		hours = 24 // default
 	}
+	maxHours := h.configService.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours)
+	if hours > maxHours {
+		hours = maxHours
+	}
 
 	duration := time.Duration(hours) * time.Hour
 

internal/file/upload_multi.go

@@ -1,6 +1,7 @@
 package file
 
 import (
+	"ResendIt/internal/config"
 	"net/http"
 	"strconv"
 	"time"
@@ -26,11 +27,27 @@ func (h *Handler) UploadMulti(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "missing files"})
 		return
 	}
-	if len(files) > 50 {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "too many files (max 50)"})
+	maxFiles := h.configService.GetIntDefault(config.KeyUploadMultiMaxFiles, config.DefaultUploadMultiMaxFiles)
+	if len(files) > maxFiles {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "too many files"})
 		return
 	}
 
+	maxSize := h.configService.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
+	var total int64
+	for _, fh := range files {
+		if fh.Size > maxSize {
+			c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "file too large"})
+			return
+		}
+		total += fh.Size
+		if total > maxSize {
+			// crude guard against huge bundles; you can add a separate config later.
+			c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "bundle too large"})
+			return
+		}
+	}
+
 	once := c.PostForm("once") == "true"
 
 	durationStr := c.PostForm("duration")
@@ -38,6 +55,10 @@ func (h *Handler) UploadMulti(c *gin.Context) {
 	if err != nil || hours <= 0 {
 		hours = 24
 	}
+	maxHours := h.configService.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours)
+	if hours > maxHours {
+		hours = maxHours
+	}
 	duration := time.Duration(hours) * time.Hour
 
 	record, err := h.service.UploadBundle(files, once, duration)

internal/web/config.go

@@ -0,0 +1,151 @@
+package web
+
+import (
+	"ResendIt/internal/config"
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+)
+
+type ConfigPageData struct {
+	Success bool
+	Error   string
+
+	UploadMaxFileSizeMB int64
+	UploadMultiMaxFiles int
+	UploadMaxHours      int
+
+	RateLimitLoginPerMinute int
+	RateLimitLoginBurst     int
+	RateLimitApiPerMinute   int
+	RateLimitApiBurst       int
+}
+
+// ConfigPage renders a modular admin config screen.
+func (h *Handler) ConfigPage(c *gin.Context) {
+	cfg := h.configService
+
+	maxBytes := cfg.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
+	data := ConfigPageData{
+		Success:             c.Query("saved") == "1",
+		UploadMaxFileSizeMB: maxBytes / (1024 * 1024),
+		UploadMultiMaxFiles: cfg.GetIntDefault(config.KeyUploadMultiMaxFiles, config.DefaultUploadMultiMaxFiles),
+		UploadMaxHours:      cfg.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours),
+		RateLimitLoginPerMinute: cfg.GetIntDefault(config.KeyRateLimitLoginPerMinute, config.DefaultRateLimitLoginPerMinute),
+		RateLimitLoginBurst:     cfg.GetIntDefault(config.KeyRateLimitLoginBurst, config.DefaultRateLimitLoginBurst),
+		RateLimitApiPerMinute:   cfg.GetIntDefault(config.KeyRateLimitApiPerMinute, config.DefaultRateLimitApiPerMinute),
+		RateLimitApiBurst:       cfg.GetIntDefault(config.KeyRateLimitApiBurst, config.DefaultRateLimitApiBurst),
+	}
+
+	c.HTML(http.StatusOK, "config.html", data)
+}
+
+func (h *Handler) ConfigSave(c *gin.Context) {
+	cfg := h.configService
+
+	// Parse + validate.
+	parseInt := func(name string, min, max int) (int, error) {
+		v := c.PostForm(name)
+		n, err := strconv.Atoi(v)
+		if err != nil {
+			return 0, err
+		}
+		if n < min {
+			n = min
+		}
+		if max > 0 && n > max {
+			n = max
+		}
+		return n, nil
+	}
+
+	parseInt64 := func(name string, min int64, max int64) (int64, error) {
+		v := c.PostForm(name)
+		n, err := strconv.ParseInt(v, 10, 64)
+		if err != nil {
+			return 0, err
+		}
+		if n < min {
+			n = min
+		}
+		if max > 0 && n > max {
+			n = max
+		}
+		return n, nil
+	}
+
+	maxMB, err := parseInt64("upload_max_file_size_mb", 1, 1024*1024)
+	if err != nil {
+		h.renderConfigError(c, "invalid max file size")
+		return
+	}
+	maxFiles, err := parseInt("upload_multi_max_files", 1, 500)
+	if err != nil {
+		h.renderConfigError(c, "invalid max files")
+		return
+	}
+	maxHours, err := parseInt("upload_max_hours", 1, 24*365)
+	if err != nil {
+		h.renderConfigError(c, "invalid max hours")
+		return
+	}
+
+	// Rate limits: stored, but not applied dynamically yet.
+	loginPerMin, err := parseInt("ratelimit_login_per_minute", 1, 10000)
+	if err != nil {
+		h.renderConfigError(c, "invalid login rate")
+		return
+	}
+	loginBurst, err := parseInt("ratelimit_login_burst", 1, 10000)
+	if err != nil {
+		h.renderConfigError(c, "invalid login burst")
+		return
+	}
+	apiPerMin, err := parseInt("ratelimit_api_per_minute", 1, 100000)
+	if err != nil {
+		h.renderConfigError(c, "invalid api rate")
+		return
+	}
+	apiBurst, err := parseInt("ratelimit_api_burst", 1, 100000)
+	if err != nil {
+		h.renderConfigError(c, "invalid api burst")
+		return
+	}
+
+	// Persist.
+	if err := cfg.SetString(config.KeyUploadMaxFileSizeBytes, strconv.FormatInt(maxMB*1024*1024, 10)); err != nil {
+		h.renderConfigError(c, err.Error())
+		return
+	}
+	if err := cfg.SetString(config.KeyUploadMultiMaxFiles, strconv.Itoa(maxFiles)); err != nil {
+		h.renderConfigError(c, err.Error())
+		return
+	}
+	if err := cfg.SetString(config.KeyUploadMaxHours, strconv.Itoa(maxHours)); err != nil {
+		h.renderConfigError(c, err.Error())
+		return
+	}
+
+	_ = cfg.SetString(config.KeyRateLimitLoginPerMinute, strconv.Itoa(loginPerMin))
+	_ = cfg.SetString(config.KeyRateLimitLoginBurst, strconv.Itoa(loginBurst))
+	_ = cfg.SetString(config.KeyRateLimitApiPerMinute, strconv.Itoa(apiPerMin))
+	_ = cfg.SetString(config.KeyRateLimitApiBurst, strconv.Itoa(apiBurst))
+
+	c.Redirect(http.StatusFound, "/config?saved=1")
+}
+
+func (h *Handler) renderConfigError(c *gin.Context, msg string) {
+	maxBytes := h.configService.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
+	data := ConfigPageData{
+		Error:               msg,
+		UploadMaxFileSizeMB: maxBytes / (1024 * 1024),
+		UploadMultiMaxFiles: h.configService.GetIntDefault(config.KeyUploadMultiMaxFiles, config.DefaultUploadMultiMaxFiles),
+		UploadMaxHours:      h.configService.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours),
+		RateLimitLoginPerMinute: h.configService.GetIntDefault(config.KeyRateLimitLoginPerMinute, config.DefaultRateLimitLoginPerMinute),
+		RateLimitLoginBurst:     h.configService.GetIntDefault(config.KeyRateLimitLoginBurst, config.DefaultRateLimitLoginBurst),
+		RateLimitApiPerMinute:   h.configService.GetIntDefault(config.KeyRateLimitApiPerMinute, config.DefaultRateLimitApiPerMinute),
+		RateLimitApiBurst:       h.configService.GetIntDefault(config.KeyRateLimitApiBurst, config.DefaultRateLimitApiBurst),
+	}
+	c.HTML(http.StatusBadRequest, "config.html", data)
+}

internal/web/handler.go

@@ -9,12 +9,21 @@ import (
 )
 
 type Handler struct {
-	fileService *file.Service
+	fileService   *file.Service
+	configService ConfigService
 }
 
-func NewHandler(fileService *file.Service) *Handler {
+// ConfigService is the small interface needed by the web layer.
+type ConfigService interface {
+	GetIntDefault(key string, def int) int
+	GetInt64Default(key string, def int64) int64
+	SetString(key, value string) error
+}
+
+func NewHandler(fileService *file.Service, cfg ConfigService) *Handler {
 	return &Handler{
-		fileService: fileService,
+		fileService:   fileService,
+		configService: cfg,
 	}
 }
 

internal/web/routes.go

@@ -20,6 +20,8 @@ func RegisterRoutes(r *gin.Engine, h *Handler, userService *user.Service) {
 	adminRoutes.Use(user.ForcePasswordChangeMiddleware(userService))
 
 	adminRoutes.GET("/admin", h.AdminPage)
+	adminRoutes.GET("/config", h.ConfigPage)
+	adminRoutes.POST("/config", h.ConfigSave)
 	adminRoutes.GET("/logout", h.Logout)
 	adminRoutes.GET("/change-password", h.ChangePasswordPage)
 }