From b611d4a751dbc242e0a4f10a3f516fcdc64d57ec Mon Sep 17 00:00:00 2001
From: Alisdair MacLeod <git@alisdairmacleod.co.uk>
Date: Wed, 28 Jan 2026 08:39:09 +0000
Subject: [PATCH] pass account manager in to proxy grpc server for setup key
 generation

---
 management/internals/server/boot.go       |  2 +-
 management/internals/shared/grpc/proxy.go | 17 +++++++++--------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/management/internals/server/boot.go b/management/internals/server/boot.go
index 6f13b2d4b..0c7f6c695 100644
--- a/management/internals/server/boot.go
+++ b/management/internals/server/boot.go
@@ -159,7 +159,7 @@ func (s *BaseServer) GRPCServer() *grpc.Server {
 
 func (s *BaseServer) ReverseProxyGRPCServer() *nbgrpc.ProxyServiceServer {
 	return Create(s, func() *nbgrpc.ProxyServiceServer {
-		proxyService := nbgrpc.NewProxyServiceServer(s.Store())
+		proxyService := nbgrpc.NewProxyServiceServer(s.Store(), s.AccountManager())
 		return proxyService
 	})
 }
diff --git a/management/internals/shared/grpc/proxy.go b/management/internals/shared/grpc/proxy.go
index f02da46a3..41efaa507 100644
--- a/management/internals/shared/grpc/proxy.go
+++ b/management/internals/shared/grpc/proxy.go
@@ -53,10 +53,11 @@ type proxyConnection struct {
 }
 
 // NewProxyServiceServer creates a new proxy service server
-func NewProxyServiceServer(store reverseProxyStore) *ProxyServiceServer {
+func NewProxyServiceServer(store reverseProxyStore, keys keyStore) *ProxyServiceServer {
 	return &ProxyServiceServer{
 		updatesChan:       make(chan *proto.ProxyMapping, 100),
 		reverseProxyStore: store,
+		keyStore:          keys,
 	}
 }
 
@@ -113,9 +114,9 @@ func (s *ProxyServiceServer) GetMappingUpdate(req *proto.GetMappingUpdateRequest
 
 // sendSnapshot sends the initial snapshot of all reverse proxies to proxy
 func (s *ProxyServiceServer) sendSnapshot(ctx context.Context, conn *proxyConnection) error {
-	reverseProxies, err := s.reverseProxyStore.GetAccountReverseProxies(ctx, store.LockingStrengthNone, conn.proxyID) // TODO: check locking strength and accountID.
+	reverseProxies, err := s.reverseProxyStore.GetAccountReverseProxies(ctx, store.LockingStrengthNone, "accountID") // TODO: check locking strength and accountID.
 	if err != nil {
-		// TODO: something
+		// TODO: something?
 		return fmt.Errorf("get account reverse proxies from store: %w", err)
 	}
 
@@ -161,15 +162,15 @@ func (s *ProxyServiceServer) sendSnapshot(ctx context.Context, conn *proxyConnec
 
 		// TODO: should this even be here? We're running in a loop, and on each proxy, this will create a LOT of setup key entries that we currently have no way to remove.
 		key, err := s.keyStore.CreateSetupKey(ctx,
-			"accountID",
-			"keyname",
+			"accountID",                // TODO: get an account ID from somewhere, likely needs to be passed in from higher up.
+			"keyname",                  // TODO: define a sensible key name to make cleanup easier.
 			types.SetupKeyOneOff,       // TODO: is this correct? Might make cleanup simpler and we're going to generate a new key every time the proxy connects.
 			time.Minute,                // TODO: only provide just enough time for the proxy to make the connection before this key becomes invalid. Should help with cleanup as well as protection against these leaking in transit.
 			[]string{"auto", "groups"}, // TODO: join a group for proxy to simplify adding rules to proxies?
 			1,                          // TODO: usage limit, how is this different from the OneOff key type?
-			"userID",
-			false, // TODO: ephemeral peers are different...right?
-			false, // TODO: not sure but I think this should be false.
+			"userID",                   // TODO: use a set userID for proxy peers?
+			false,                      // TODO: ephemeral peers are different...right?
+			false,                      // TODO: not sure but I think this should be false.
 		)
 		if err != nil {
 			// TODO: how to handle this?