sendnrw/decent-webui
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

create_aio

Browse Source
This commit is contained in:
jbergner
2025-09-27 09:33:40 +02:00
parent b5ad30cfbd
commit de22d7c0f2
13 changed files with 1387 additions and 907 deletions
Download Patch File Download Diff File Expand all files Collapse all files

363
cmd/filesvc/main.go
View File

@@ -1,363 +0,0 @@
package main
import (
"context"
"crypto/subtle"
"embed"
"encoding/json"
"errors"
"log"
"mime"
"net/http"
"os"
"os/signal"
"path/filepath"
"strconv"
"strings"
"syscall"
"time"
"git.send.nrw/sendnrw/decent-webui/internal/store"
)
//go:embed ui/*
var uiFS embed.FS
type Config struct {
ListenAddr string
DataDir string
APIKey string
}
func (c Config) BlobDir() string { return filepath.Join(c.DataDir, "blobs") }
func (c Config) MetaDir() string { return filepath.Join(c.DataDir, "meta") }
func (c Config) TempDir() string { return filepath.Join(c.DataDir, "tmp") }
func getenv(k, d string) string {
if v := os.Getenv(k); v != "" {
return v
}
return d
}
func LoadConfig() Config {
addr := getenv("FILESVC_LISTEN", ":8085")
datadir := getenv("FILESVC_DATA", "/data")
key := os.Getenv("FILESVC_API_KEY")
if key == "" {
log.Println("[warn] FILESVC_API_KEY is empty — set it for protection")
}
return Config{ListenAddr: addr, DataDir: datadir, APIKey: key}
}
type App struct {
cfg Config
store *store.Store
}
func main() {
cfg := LoadConfig()
for _, p := range []string{cfg.DataDir, cfg.BlobDir(), cfg.MetaDir(), cfg.TempDir()} {
if err := os.MkdirAll(p, 0o755); err != nil {
log.Fatalf("mkdir %s: %v", p, err)
}
}
st, err := store.Open(cfg.BlobDir(), cfg.MetaDir(), cfg.TempDir())
if err != nil {
log.Fatal(err)
}
app := &App{cfg: cfg, store: st}
mux := http.NewServeMux()
// API routes
mux.HandleFunc("/healthz", app.health)
mux.HandleFunc("/v1/files", app.with(app.files))
mux.HandleFunc("/v1/files/", app.with(app.fileByID)) // /v1/files/{id}[ /meta]
mux.HandleFunc("/v1/uploads", app.with(app.uploadsRoot)) // POST init
mux.HandleFunc("/v1/uploads/", app.with(app.uploadsByID)) // parts/complete/abort
// UI routes (embedded)
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/" {
http.NotFound(w, r)
return
}
http.ServeFileFS(w, r, uiFS, "ui/index.html")
})
mux.Handle("/static/", http.StripPrefix("/static/", http.FileServerFS(uiFS)))
srv := &http.Server{
Addr: cfg.ListenAddr,
Handler: logMiddleware(securityHeaders(mux)),
ReadTimeout: 60 * time.Second,
ReadHeaderTimeout: 10 * time.Second,
WriteTimeout: 0,
IdleTimeout: 120 * time.Second,
}
go func() {
log.Printf("file-service listening on %s", cfg.ListenAddr)
if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
log.Fatalf("server: %v", err)
}
}()
stop := make(chan os.Signal, 1)
signal.Notify(stop, os.Interrupt, syscall.SIGTERM)
<-stop
log.Println("shutting down...")
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
_ = srv.Shutdown(ctx)
}
func (a *App) with(h func(http.ResponseWriter, *http.Request)) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if a.cfg.APIKey != "" {
key := r.Header.Get("X-API-Key")
if subtle.ConstantTimeCompare([]byte(key), []byte(a.cfg.APIKey)) != 1 {
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
}
h(w, r)
}
}
func logMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
start := time.Now()
next.ServeHTTP(w, r)
log.Printf("%s %s %s", r.Method, r.URL.Path, time.Since(start))
})
}
func securityHeaders(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// immer sinnvolle Sicherheits-Header
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("Referrer-Policy", "no-referrer")
// Für UI (/, /static/...) dürfen CSS/JS & XHR von "self" laden.
if r.URL.Path == "/" || strings.HasPrefix(r.URL.Path, "/static/") {
w.Header().Set("Content-Security-Policy",
"default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; connect-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'")
} else {
// Für API schön streng
w.Header().Set("Content-Security-Policy",
"default-src 'none'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'")
}
next.ServeHTTP(w, r)
})
}
func (a *App) writeJSON(w http.ResponseWriter, status int, v any) {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(status)
_ = json.NewEncoder(w).Encode(v)
}
func (a *App) health(w http.ResponseWriter, _ *http.Request) {
w.WriteHeader(200)
_, _ = w.Write([]byte("ok"))
}
// --- Routes ---
// /v1/files (GET list, POST upload)
func (a *App) files(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case http.MethodGet:
q := r.URL.Query().Get("q")
off := atoiDefault(r.URL.Query().Get("offset"), 0)
lim := atoiDefault(r.URL.Query().Get("limit"), 50)
items, next, err := a.store.List(r.Context(), q, off, lim)
if err != nil {
http.Error(w, err.Error(), 500)
return
}
a.writeJSON(w, 200, map[string]any{"items": items, "next": next})
case http.MethodPost:
r.Body = http.MaxBytesReader(w, r.Body, 1<<34) // ~16GiB
ct := r.Header.Get("Content-Type")
name := r.Header.Get("X-Filename")
meta := r.URL.Query().Get("meta")
if strings.HasPrefix(ct, "multipart/") {
if err := r.ParseMultipartForm(32 << 20); err != nil {
http.Error(w, err.Error(), 400)
return
}
f, hdr, err := r.FormFile("file")
if err != nil {
http.Error(w, err.Error(), 400)
return
}
defer f.Close()
if hdr != nil {
name = hdr.Filename
}
rec, err := a.store.Put(r.Context(), f, name, meta)
if err != nil {
http.Error(w, err.Error(), 500)
return
}
a.writeJSON(w, 201, rec)
return
}
rec, err := a.store.Put(r.Context(), r.Body, name, meta)
if err != nil {
http.Error(w, err.Error(), 500)
return
}
a.writeJSON(w, 201, rec)
default:
w.WriteHeader(http.StatusMethodNotAllowed)
}
}
// /v1/files/{id} and /v1/files/{id}/meta
func (a *App) fileByID(w http.ResponseWriter, r *http.Request) {
// path after /v1/files/
rest := strings.TrimPrefix(r.URL.Path, "/v1/files/")
parts := strings.Split(rest, "/")
if len(parts) == 0 || parts[0] == "" {
http.NotFound(w, r)
return
}
id := parts[0]
if len(parts) == 2 && parts[1] == "meta" {
switch r.Method {
case http.MethodGet:
rec, err := a.store.GetMeta(r.Context(), id)
if err != nil {
http.Error(w, err.Error(), 404)
return
}
a.writeJSON(w, 200, rec)
case http.MethodPut:
var m map[string]string
if err := json.NewDecoder(r.Body).Decode(&m); err != nil {
http.Error(w, err.Error(), 400)
return
}
rec, err := a.store.UpdateMeta(r.Context(), id, m)
if err != nil {
http.Error(w, err.Error(), 500)
return
}
a.writeJSON(w, 200, rec)
default:
w.WriteHeader(http.StatusMethodNotAllowed)
}
return
}
// /v1/files/{id}
switch r.Method {
case http.MethodGet:
f, rec, err := a.store.Open(r.Context(), id)
if err != nil {
http.Error(w, err.Error(), 404)
return
}
defer f.Close()
ctype := rec.ContentType
if ctype == "" {
ctype = mime.TypeByExtension(filepath.Ext(rec.Name))
}
if ctype == "" {
ctype = "application/octet-stream"
}
w.Header().Set("Content-Type", ctype)
w.Header().Set("Content-Length", strconv.FormatInt(rec.Size, 10))
w.Header().Set("Accept-Ranges", "bytes")
if r.URL.Query().Get("download") == "1" {
w.Header().Set("Content-Disposition", "attachment; filename=\""+rec.SafeName()+"\"")
}
http.ServeContent(w, r, rec.SafeName(), rec.CreatedAt, f)
case http.MethodDelete:
if err := a.store.Delete(r.Context(), id); err != nil {
http.Error(w, err.Error(), 404)
return
}
w.WriteHeader(204)
default:
w.WriteHeader(http.StatusMethodNotAllowed)
}
}
// /v1/uploads (POST) and /v1/uploads/{uid}/ ...
func (a *App) uploadsRoot(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
w.WriteHeader(http.StatusMethodNotAllowed)
return
}
name := r.URL.Query().Get("name")
meta := r.URL.Query().Get("meta")
u, err := a.store.UploadInit(r.Context(), name, meta)
if err != nil {
http.Error(w, err.Error(), 500)
return
}
a.writeJSON(w, 201, u)
}
func (a *App) uploadsByID(w http.ResponseWriter, r *http.Request) {
rest := strings.TrimPrefix(r.URL.Path, "/v1/uploads/")
parts := strings.Split(rest, "/")
if len(parts) < 1 || parts[0] == "" {
http.NotFound(w, r)
return
}
uid := parts[0]
if len(parts) == 3 && parts[1] == "parts" {
n := atoiDefault(parts[2], -1)
if r.Method != http.MethodPut || n < 1 {
http.Error(w, "invalid part", 400)
return
}
if err := a.store.UploadPart(r.Context(), uid, n, r.Body); err != nil {
http.Error(w, err.Error(), 400)
return
}
w.WriteHeader(204)
return
}
if len(parts) == 2 && parts[1] == "complete" {
if r.Method != http.MethodPost {
w.WriteHeader(http.StatusMethodNotAllowed)
return
}
rec, err := a.store.UploadComplete(r.Context(), uid)
if err != nil {
http.Error(w, err.Error(), 400)
return
}
a.writeJSON(w, 201, rec)
return
}
if len(parts) == 1 && r.Method == http.MethodDelete {
if err := a.store.UploadAbort(r.Context(), uid); err != nil {
http.Error(w, err.Error(), 400)
return
}
w.WriteHeader(204)
return
}
http.NotFound(w, r)
}
func atoiDefault(s string, d int) int {
n, err := strconv.Atoi(s)
if err != nil {
return d
}
return n
}

132
cmd/filesvc/ui/app.js
View File

@@ -1,132 +0,0 @@
(function() {
const $ = sel => document.querySelector(sel);
const $$ = sel => Array.from(document.querySelectorAll(sel));
const state = { offset: 0, limit: 20, total: null };
function loadCfg() {
try { return JSON.parse(localStorage.getItem('cfg')) || {}; } catch { return {}; }
}
function saveCfg(cfg) { localStorage.setItem('cfg', JSON.stringify(cfg)); }
const cfg = loadCfg();
$('#apiKey').value = cfg.apiKey || '';
$('#baseUrl').value = cfg.baseUrl || '';
$('#saveCfg').onclick = () => {
cfg.apiKey = $('#apiKey').value.trim();
cfg.baseUrl = $('#baseUrl').value.trim();
saveCfg(cfg);
refresh();
};
function api(path, opts = {}) {
const base = cfg.baseUrl || '';
opts.headers = Object.assign({ 'X-API-Key': cfg.apiKey || '' }, opts.headers || {});
return fetch(base + path, opts).then(r => {
if (!r.ok) throw new Error(`${r.status} ${r.statusText}`);
const ct = r.headers.get('content-type') || '';
if (ct.includes('application/json')) return r.json();
return r.text();
});
}
async function refresh() {
const q = encodeURIComponent($('#q').value || '');
try {
const data = await api(`/v1/files?limit=${state.limit}&offset=${state.offset}&q=${q}`);
renderTable(data.items || []);
const next = data.next || 0;
state.hasNext = next > 0;
state.nextOffset = next;
$('#pageInfo').textContent = `offset ${state.offset}`;
} catch (e) {
alert('List failed: ' + e.message);
}
}
function renderTable(items) {
const tbody = $('#files tbody');
tbody.innerHTML = '';
const tpl = $('#rowTpl').content;
for (const it of items) {
const tr = tpl.cloneNode(true);
tr.querySelector('.id').textContent = it.id;
tr.querySelector('.name').textContent = it.name;
tr.querySelector('.size').textContent = human(it.size);
tr.querySelector('.created').textContent = new Date(it.createdAt).toLocaleString();
const act = tr.querySelector('.actions');
const dl = btn('Download', async () => {
const base = cfg.baseUrl || '';
const url = `${base}/v1/files/${it.id}?download=1`;
const a = document.createElement('a');
a.href = url; a.download = '';
a.click();
});
const meta = btn('Meta', async () => showMeta(it.id));
const del = btn('Delete', async () => {
if (!confirm('Delete file?')) return;
try { await api(`/v1/files/${it.id}`, { method:'DELETE' }); refresh(); } catch(e){ alert('Delete failed: '+e.message); }
});
act.append(dl, meta, del);
tbody.appendChild(tr);
}
}
function btn(text, on) { const b = document.createElement('button'); b.textContent = text; b.onclick = on; return b; }
function human(n) { if (n < 1024) return n + ' B'; const u=['KB','MB','GB','TB']; let i=-1; do { n/=1024; i++; } while(n>=1024 && i<u.length-1); return n.toFixed(1)+' '+u[i]; }
$('#refresh').onclick = () => { state.offset = 0; refresh(); };
$('#q').addEventListener('keydown', e => { if (e.key==='Enter') { state.offset=0; refresh(); } });
$('#prev').onclick = () => { state.offset = Math.max(0, state.offset - state.limit); refresh(); };
$('#next').onclick = () => { if (state.hasNext) { state.offset = state.nextOffset; refresh(); } };
// Upload form
$('#uploadForm').addEventListener('submit', async (e) => {
e.preventDefault();
const f = $('#fileInput').files[0];
if (!f) return alert('Pick a file');
const meta = $('#metaInput').value.trim();
const fd = new FormData();
fd.append('file', f);
fd.append('meta', meta);
try { await api('/v1/files?meta='+encodeURIComponent(meta), { method: 'POST', body: fd }); refresh(); } catch(e){ alert('Upload failed: '+e.message); }
});
// Chunked upload
$('#chunkInit').onclick = async () => {
try {
const name = $('#chunkName').value.trim() || 'file';
const meta = $('#chunkMeta').value.trim();
const r = await api(`/v1/uploads?name=${encodeURIComponent(name)}&meta=${encodeURIComponent(meta)}`, { method:'POST' });
$('#chunkId').textContent = r.id;
} catch(e){ alert('Init failed: '+e.message); }
};
$('#chunkPut').onclick = async () => {
const uid = $('#chunkId').textContent.trim();
const part = parseInt($('#chunkPart').value,10) || 1;
const file = $('#chunkFile').files[0];
if (!uid) return alert('Init first');
if (!file) return alert('Choose a file (this will send the whole file as one part).');
try { await api(`/v1/uploads/${uid}/parts/${part}`, { method:'PUT', body: file }); alert('Part uploaded'); } catch(e){ alert('PUT failed: '+e.message); }
};
$('#chunkComplete').onclick = async () => {
const uid = $('#chunkId').textContent.trim(); if (!uid) return;
try { await api(`/v1/uploads/${uid}/complete`, { method:'POST' }); refresh(); } catch(e){ alert('Complete failed: '+e.message); }
};
$('#chunkAbort').onclick = async () => {
const uid = $('#chunkId').textContent.trim(); if (!uid) return;
try { await api(`/v1/uploads/${uid}`, { method:'DELETE' }); $('#chunkId').textContent=''; alert('Aborted'); } catch(e){ alert('Abort failed: '+e.message); }
};
async function showMeta(id) {
try {
const rec = await api(`/v1/files/${id}/meta`);
const json = prompt('Edit meta as JSON (object of string:string)', JSON.stringify(rec.meta||{}));
if (json == null) return;
const obj = JSON.parse(json);
await api(`/v1/files/${id}/meta`, { method:'PUT', headers:{'Content-Type':'application/json'}, body: JSON.stringify(obj) });
refresh();
} catch(e){ alert('Meta failed: '+e.message); }
}
refresh();
})();

77
cmd/filesvc/ui/index.html
View File

@@ -1,77 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>File Service UI</title>
<link rel="stylesheet" href="/static/ui/style.css" />
</head>
<body>
<header>
<h1>File Service</h1>
<div class="cfg">
<label>API Base <input id="baseUrl" value="" placeholder="(same origin)"/></label>
<label>API Key <input id="apiKey" placeholder="X-API-Key"/></label>
<button id="saveCfg">Save</button>
</div>
</header>
<main>
<section class="card">
<h2>Upload</h2>
<form id="uploadForm">
<input type="file" id="fileInput" name="file" required />
<input type="text" id="metaInput" placeholder="meta e.g. project=alpha,owner=alice" />
<button type="submit">Upload</button>
</form>
<details>
<summary>Chunked upload</summary>
<div class="chunk">
<input type="text" id="chunkName" placeholder="filename"/>
<input type="text" id="chunkMeta" placeholder="meta key=val,..."/>
<button id="chunkInit">Init</button>
<span id="chunkId"></span>
<div>
<input type="file" id="chunkFile"/>
<input type="number" id="chunkPart" min="1" value="1"/>
<button id="chunkPut">PUT Part</button>
<button id="chunkComplete">Complete</button>
<button id="chunkAbort">Abort</button>
</div>
</div>
</details>
</section>
<section class="card">
<h2>Files</h2>
<div class="toolbar">
<input type="search" id="q" placeholder="search by name"/>
<button id="refresh">Refresh</button>
</div>
<table id="files">
<thead>
<tr><th>ID</th><th>Name</th><th>Size</th><th>Created</th><th>Actions</th></tr>
</thead>
<tbody></tbody>
</table>
<div class="pager">
<button id="prev">Prev</button>
<span id="pageInfo"></span>
<button id="next">Next</button>
</div>
</section>
</main>
<template id="rowTpl">
<tr>
<td class="mono id"></td>
<td class="name"></td>
<td class="size"></td>
<td class="created"></td>
<td class="actions"></td>
</tr>
</template>
<script src="/static/ui/app.js"></script>
</body>
</html>

19
cmd/filesvc/ui/style.css
View File

@@ -1,19 +0,0 @@
:root { --bg: #0b0f14; --fg: #e6eef8; --muted: #9bb0c8; --card: #121923; --accent: #5aa9ff; }
* { box-sizing: border-box; }
body { margin: 0; font-family: ui-sans-serif, system-ui, -apple-system, Segoe UI, Roboto, sans-serif; background: var(--bg); color: var(--fg); }
header { display: flex; justify-content: space-between; align-items: center; padding: 16px 20px; background: #0e141b; border-bottom: 1px solid #2a3543; }
h1 { margin: 0; font-size: 20px; }
.cfg label { margin-right: 8px; font-size: 12px; color: var(--muted); }
.cfg input { margin-left: 6px; padding: 6px 8px; background: #0c1219; border: 1px solid #2a3543; color: var(--fg); border-radius: 6px; }
button { padding: 8px 12px; border: 1px solid #2a3543; background: #111a24; color: var(--fg); border-radius: 8px; cursor: pointer; }
button:hover { border-color: var(--accent); }
main { padding: 20px; max-width: 1100px; margin: 0 auto; }
.card { background: var(--card); border: 1px solid #1f2a38; border-radius: 14px; padding: 16px; margin-bottom: 16px; box-shadow: 0 6px 20px rgba(0,0,0,.25); }
.toolbar { display:flex; gap: 8px; align-items: center; margin-bottom: 10px; }
table { width: 100%; border-collapse: collapse; }
th, td { text-align: left; padding: 8px; border-bottom: 1px solid #213043; }
.mono { font-family: ui-monospace, SFMono-Regular, Menlo, Consolas, monospace; font-size: 12px; }
.name { max-width: 340px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
.pager { display:flex; gap: 8px; align-items:center; justify-content:flex-end; padding-top: 8px; }
.actions button { margin-right: 6px; }
summary { cursor: pointer; }

398
cmd/unified/main.go Normal file
View File

@@ -0,0 +1,398 @@
package main
import (
"context"
"encoding/json"
"errors"
"fmt"
"log"
"net/http"
"os"
"os/signal"
"strconv"
"strings"
"syscall"
"time"
// ← Passe diese Import-Pfade an dein go.mod an
"git.send.nrw/sendnrw/decent-webui/internal/admin"
"git.send.nrw/sendnrw/decent-webui/internal/filesvc"
"git.send.nrw/sendnrw/decent-webui/internal/mesh"
)
/*** Config ***/
func loadConfig() AppConfig {
// HTTP
httpAddr := getenvDefault("ADDR", ":8080")
// API
apiKey := os.Getenv("FILE_SERVICE_API_KEY")
// Admin UI (BasicAuth optional)
adminUser := os.Getenv("ADMIN_USER")
adminPass := os.Getenv("ADMIN_PASS")
// Mesh (mit sinnvollen Defaults)
m := mesh.Config{
BindAddr: getenvDefault("MESH_BIND", ":9090"),
AdvertURL: os.Getenv("MESH_ADVERT"), // kann leer sein → wir leiten ab
Seeds: splitCSV(os.Getenv("MESH_SEEDS")),
ClusterSecret: os.Getenv("MESH_CLUSTER_SECRET"),
EnableDiscovery: parseBoolEnv("MESH_ENABLE_DISCOVERY", false),
DiscoveryAddress: getenvDefault("MESH_DISCOVERY_ADDR", "239.8.8.8:9898"),
}
// Wenn keine AdvertURL gesetzt ist, versuche eine sinnvolle Herleitung:
if strings.TrimSpace(m.AdvertURL) == "" {
m.AdvertURL = inferAdvertURL(m.BindAddr)
log.Printf("[mesh] MESH_ADVERT nicht gesetzt abgeleitet: %s", m.AdvertURL)
}
// Minimal-Validierung mit hilfreicher Meldung
if strings.TrimSpace(m.BindAddr) == "" {
log.Fatal("MESH_BIND fehlt (z.B. :9090)")
}
if strings.TrimSpace(m.AdvertURL) == "" {
log.Fatal("MESH_ADVERT fehlt und konnte nicht abgeleitet werden (z.B. http://unified_a:9090)")
}
if strings.TrimSpace(m.ClusterSecret) == "" {
log.Printf("[mesh] WARN: MESH_CLUSTER_SECRET ist leer für produktive Netze unbedingt setzen!")
}
return AppConfig{
HTTPAddr: httpAddr,
APIKey: apiKey,
AdminUser: adminUser,
AdminPass: adminPass,
Mesh: m,
}
}
// --- Helpers
func getenvDefault(k, def string) string {
v := os.Getenv(k)
if v == "" {
return def
}
return v
}
func parseBoolEnv(k string, def bool) bool {
v := strings.ToLower(strings.TrimSpace(os.Getenv(k)))
if v == "" {
return def
}
return v == "1" || v == "true" || v == "yes" || v == "on"
}
func splitCSV(s string) []string {
s = strings.TrimSpace(s)
if s == "" {
return nil
}
parts := strings.Split(s, ",")
out := make([]string, 0, len(parts))
seen := map[string]struct{}{}
for _, p := range parts {
p = strings.TrimSpace(p)
if p == "" {
continue
}
if _, ok := seen[p]; ok {
continue
}
seen[p] = struct{}{}
out = append(out, p)
}
return out
}
// inferAdvertURL baut eine brauchbare Default-AdvertURL:
// - MESH_ADVERT_HOST (wenn gesetzt) → z.B. Service-Name aus Compose
// - sonst HOSTNAME
// - sonst "localhost"
//
// Port wird aus MESH_BIND entnommen (z.B. ":9090" → 9090)
func inferAdvertURL(meshBind string) string {
host := strings.TrimSpace(os.Getenv("MESH_ADVERT_HOST"))
if host == "" {
host = strings.TrimSpace(os.Getenv("HOSTNAME"))
}
if host == "" {
host = "localhost"
}
port := "9090"
if i := strings.LastIndex(meshBind, ":"); i != -1 && len(meshBind) > i+1 {
port = meshBind[i+1:]
}
return fmt.Sprintf("http://%s:%s", host, port)
}
type AppConfig struct {
HTTPAddr string
APIKey string
AdminUser string
AdminPass string
Mesh mesh.Config
}
/*** Middleware ***/
func authMiddleware(apiKey string, next http.Handler) http.Handler {
// Dev-Mode: ohne API-Key kein Auth-Zwang
if strings.TrimSpace(apiKey) == "" {
return next
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
got := r.Header.Get("Authorization")
if !strings.HasPrefix(got, "Bearer ") || strings.TrimPrefix(got, "Bearer ") != apiKey {
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
next.ServeHTTP(w, r)
})
}
func cors(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Passe nach Bedarf an (Origin-Whitelist etc.)
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
w.Header().Set("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS")
if r.Method == http.MethodOptions {
w.WriteHeader(http.StatusNoContent)
return
}
next.ServeHTTP(w, r)
})
}
func accessLog(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
start := time.Now()
next.ServeHTTP(w, r)
log.Printf("%s %s %s", r.Method, r.URL.Path, time.Since(start))
})
}
/*** HTTP helpers ***/
func writeJSON(w http.ResponseWriter, code int, v any) {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(code)
_ = json.NewEncoder(w).Encode(v)
}
/*** API-Routen ***/
func fileRoutes(mux *http.ServeMux, store filesvc.MeshStore) {
// Health
mux.HandleFunc("/api/v1/health", func(w http.ResponseWriter, r *http.Request) {
writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
})
// List + Create
mux.HandleFunc("/api/v1/items", func(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case http.MethodGet:
nextStr := r.URL.Query().Get("next")
var next filesvc.ID
if nextStr != "" {
if n, err := strconv.ParseInt(nextStr, 10, 64); err == nil {
next = filesvc.ID(n)
}
}
items, nextOut, err := store.List(r.Context(), next, 100)
if err != nil {
writeJSON(w, http.StatusInternalServerError, map[string]string{"error": err.Error()})
return
}
writeJSON(w, http.StatusOK, map[string]any{"items": items, "next": nextOut})
case http.MethodPost:
var in struct {
Name string `json:"name"`
}
if err := json.NewDecoder(r.Body).Decode(&in); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid json"})
return
}
it, err := store.Create(r.Context(), in.Name)
if err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": err.Error()})
return
}
writeJSON(w, http.StatusCreated, it)
default:
w.WriteHeader(http.StatusMethodNotAllowed)
}
})
// Rename
mux.HandleFunc("/api/v1/items/rename", func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
w.WriteHeader(http.StatusMethodNotAllowed)
return
}
var in struct {
ID filesvc.ID `json:"id"`
Name string `json:"name"`
}
if err := json.NewDecoder(r.Body).Decode(&in); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid json"})
return
}
it, err := store.Rename(r.Context(), in.ID, in.Name)
if err != nil {
status := http.StatusBadRequest
if errors.Is(err, filesvc.ErrNotFound) {
status = http.StatusNotFound
}
writeJSON(w, status, map[string]string{"error": err.Error()})
return
}
writeJSON(w, http.StatusOK, it)
})
// Delete
mux.HandleFunc("/api/v1/items/delete", func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
w.WriteHeader(http.StatusMethodNotAllowed)
return
}
var in struct {
ID filesvc.ID `json:"id"`
}
if err := json.NewDecoder(r.Body).Decode(&in); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid json"})
return
}
it, err := store.Delete(r.Context(), in.ID)
if err != nil {
status := http.StatusBadRequest
if errors.Is(err, filesvc.ErrNotFound) {
status = http.StatusNotFound
}
writeJSON(w, status, map[string]string{"error": err.Error()})
return
}
writeJSON(w, http.StatusOK, it)
})
}
/*** Mesh <-> Store Mapping (falls Typen getrennt sind) ***/
func toMeshSnapshot(s filesvc.Snapshot) mesh.Snapshot {
out := mesh.Snapshot{Items: make([]mesh.Item, 0, len(s.Items))}
for _, it := range s.Items {
out.Items = append(out.Items, mesh.Item{
ID: int64(it.ID),
Name: it.Name,
UpdatedAt: it.UpdatedAt,
Deleted: it.Deleted,
})
}
return out
}
func fromMeshSnapshot(ms mesh.Snapshot) filesvc.Snapshot {
out := filesvc.Snapshot{Items: make([]filesvc.File, 0, len(ms.Items))}
for _, it := range ms.Items {
out.Items = append(out.Items, filesvc.File{
ID: filesvc.ID(it.ID),
Name: it.Name,
UpdatedAt: it.UpdatedAt,
Deleted: it.Deleted,
})
}
return out
}
/*** main ***/
func main() {
cfg := loadConfig()
// Domain-Store (mesh-fähig)
st := filesvc.NewMemStore()
// Mesh starten
mcfg := mesh.FromEnv()
mnode, err := mesh.New(mcfg, mesh.Callbacks{
GetSnapshot: func(ctx context.Context) (mesh.Snapshot, error) {
s, err := st.Snapshot(ctx)
if err != nil {
return mesh.Snapshot{}, err
}
return toMeshSnapshot(s), nil
},
ApplyRemote: func(ctx context.Context, s mesh.Snapshot) error {
return st.ApplyRemote(ctx, fromMeshSnapshot(s))
},
})
if err != nil {
log.Fatalf("mesh init: %v", err)
}
go func() {
log.Printf("[mesh] listening on %s advertise %s seeds=%v discovery=%v",
mcfg.BindAddr, mcfg.AdvertURL, mcfg.Seeds, mcfg.EnableDiscovery)
if err := mnode.Serve(); err != nil && !errors.Is(err, http.ErrServerClosed) {
log.Fatalf("mesh serve: %v", err)
}
}()
// Root-Mux
root := http.NewServeMux()
// API (Bearer-Auth)
apiMux := http.NewServeMux()
fileRoutes(apiMux, st)
root.Handle("/api/", authMiddleware(cfg.APIKey, apiMux))
// Admin-UI (optional BasicAuth via ADMIN_USER/ADMIN_PASS)
adminRoot := http.NewServeMux()
admin.Register(adminRoot, admin.Deps{Store: st, Mesh: mnode})
adminUser := os.Getenv("ADMIN_USER")
adminPass := os.Getenv("ADMIN_PASS")
if strings.TrimSpace(adminUser) != "" {
wrapped := admin.BasicAuth(adminUser, adminPass, adminRoot)
root.Handle("/admin", wrapped)
root.Handle("/admin/", wrapped)
} else {
root.Handle("/admin", adminRoot)
root.Handle("/admin/", adminRoot)
}
// Startseite → /admin
root.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/admin", http.StatusFound)
})
// Finaler Handler-Stack
handler := cors(accessLog(root))
srv := &http.Server{
Addr: cfg.HTTPAddr,
Handler: handler,
ReadHeaderTimeout: 5 * time.Second,
}
// Graceful shutdown
go func() {
log.Printf("http listening on %s (api=/api/v1, admin=/admin)", cfg.Mesh.BindAddr)
if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
log.Fatalf("http server: %v", err)
}
}()
// OS-Signale abfangen
stop := make(chan os.Signal, 1)
signal.Notify(stop, syscall.SIGINT, syscall.SIGTERM)
<-stop
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
_ = srv.Shutdown(ctx)
_ = mnode.Close(ctx)
log.Println("shutdown complete")
}