userlocal

package
v0.2.3-dev Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package userlocal assembles the Personal-edition local-server HTTP handler.

This is the minimal Personal control surface — vault management + batch import + a stub identity endpoint — and exists so that `aikey-local-server` (the binary that runs on a Personal user's machine to serve the local Web Console on port 8090 by default) compiles WITHOUT importing any of the SaaS-only packages (managedkey / organization / provider / snapshot).

Design intent (Path A refactor, 2026-04-30): 

Before: aikey-local-server pulled in appkit/user → appkit/core → all of
the SaaS handler dependencies (managedkey, internal/organization,
internal/provider, pkg/snapshot, internal/api). Even though the master
route mux was nil-ed out, the type/symbol surface still ended up in the
binary (231 master-related strings, 212 ManagedKey type symbols).

After: aikey-local-server imports this package only. It depends on:
  - pkg/userapi             (top-level orchestrator: vault + import)
  - pkg/userapi/{cli,session,vault,intake} (transitively)
  - pkg/shared              (DB + middleware utilities — public)

Zero imports from aikey-control-service (master path). The resulting
binary's `strings | grep aikey-control-master` count is 0.

Routes provided: 

POST   /api/user/vault/unlock
POST   /api/user/vault/lock
GET    /api/user/vault/status        (unauthed probe — used by Web UI)
POST   /api/user/vault/init          (first-run master-password setup)
GET    /api/user/vault/list          (requires unlock)
PATCH  /api/user/vault/entry/alias   (requires unlock)
POST   /api/user/vault/entry         (requires unlock)
DELETE /api/user/vault/entry         (requires unlock)
POST   /api/user/vault/use           (requires unlock)
POST   /api/user/import/parse        (requires unlock)
POST   /api/user/import/confirm      (requires unlock)
GET    /api/user/import/rules        (unauthed)
GET    /accounts/me                  (local_bypass identity stub)
GET    /accounts/me/seats            (empty — Personal has no orgs)
GET    /accounts/me/all-keys         (empty — Personal has no team keys)
GET    /accounts/me/pending-keys     (empty — Personal has no team keys)
GET    /accounts/me/sync-version     (always 0 — no team-key delta cursor)
GET    /accounts/me/managed-keys-snapshot (empty)

What this package does NOT provide (out of scope for Personal):

  • /accounts/login / /accounts/register (Personal uses local_bypass)
  • /v1/usage/* (served by aikey-data/query-service if installed)
  • /v1/keys/resolve (org-managed VK delivery resolve — SaaS only)
  • any /master/* route (handled by aikey-control-master, never compiled in)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewHandler 

func NewHandler(cfg Config) http.Handler

NewHandler returns the HTTP handler for the Personal local-server.

Personal local-server runs in `local_bypass` auth mode — the user owns the machine, the SPA is served with `authMode:"local_bypass"`, and there is no SaaS account to authenticate against. So the auth middleware passed to intake is a passthrough (returns the inner handler unchanged).

Types

type Config 

type Config struct {
	Logger     *slog.Logger
	SessionTTL time.Duration
	VKCacheTTL time.Duration
	CliTimeout time.Duration
}

Config bundles the optional knobs callers can tune at boot. Zero-valued fields fall back to userapi defaults (15min session TTL, 5min VK cache, 15s CLI timeout).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.