user

package

v0.2.3-dev Latest Latest Go to latest Published: Apr 30, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/AiKeyLabs/aikey-control

Links

Open Source Insights

Documentation ¶

Overview ¶

Package user is the top-level orchestrator for the user-facing HTTP surface (vault + import) shipped from the public repo.

Page rendering lives in aikey-control/web (React + Vite); the built SPA is embedded into the trial-server / local-server binaries at compile time and served for every unmatched non-API path. There are no Go-side page handlers in this layer.

Composition (post 2026-04-30 deep split):

cli — Bridge subprocess + shared error model
session — vault session store + RequireUnlock middleware
vault — unlock/lock/status/init + Vault-page CRUD
intake — bulk-import parse/confirm/rules + VK list cache

Handlers ties these four together with one shared vault.Store and cli.Bridge, then mounts every /api/user/{vault,import}/* route via Register().

Referral was removed from this struct on 2026-04-30 (Path A round 2): the referral handler depends on the SaaS-only `pkg/referral` package which now lives in `aikey-control-master`. Master appkit/core wires its own referral handler directly; Personal local-server doesn't expose referrals.

Index ¶

type Config
type Handlers
- func NewHandlers(cfg *Config, logger *slog.Logger) *Handlers
- func (h *Handlers) Register(mux *http.ServeMux, authMW func(http.Handler) http.Handler)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// SessionTTL is the idle timeout for an unlocked vault.
	// v4.1 Stage 13: 默认 15 分钟(之前 10 分钟),让用户在一次导入流程里(粘贴 → 解析 →
	// 编辑 → 逐个 OAuth 登录跳转)不会中途被强制 re-unlock。超过 15 分钟未操作仍自动锁,
	// 保持闲置时的安全边界。
	SessionTTL time.Duration
	// VKCacheTTL is the per-entry TTL for the virtual-key list cache.
	VKCacheTTL time.Duration
	// CliTimeout bounds every `aikey _internal` subprocess invocation.
	CliTimeout time.Duration
}

Config knobs the caller can tune at boot. Zero-valued fields fall back to the defaults below.

type Handlers ¶

type Handlers struct {
	// Store is the shared vault session store. Exposed so callers can stash
	// it in tests (most production callers won't touch it after NewHandlers).
	Store *vault.Store

	// Vault hosts the unlock/lock/status/init endpoints.
	Vault *vault.Handlers

	// VaultCRUD hosts the Vault-page list/add/rename/delete/use endpoints.
	VaultCRUD *vault.CRUDHandlers

	// Import hosts the bulk-import parse/confirm/rules endpoints.
	Import *intake.ImportHandlers
}

Handlers is the user-facing API bundle. Construct via NewHandlers — direct struct literals are supported but require pre-built sub-handlers and a shared vault.Store, which is what NewHandlers does for you.

func NewHandlers ¶

func NewHandlers(cfg *Config, logger *slog.Logger) *Handlers

NewHandlers constructs the user-facing Handlers bundle. A nil cfg triggers defaults (15min session TTL, 5min VK cache, 15s cli timeout).

func (*Handlers) Register ¶

func (h *Handlers) Register(mux *http.ServeMux, authMW func(http.Handler) http.Handler)

Register mounts every /api/user/{vault,import}/* route on mux. authMW is the caller's auth middleware — applied to every endpoint EXCEPT /vault/status (unauthed probe) and /vault/init (web-driven first-run path, pre-auth by design).

Route ownership:

POST   /api/user/vault/unlock        -> Vault.UnlockHandler
POST   /api/user/vault/lock          -> Vault.LockHandler
GET    /api/user/vault/status        -> Vault.StatusHandler  (unauthed probe)
POST   /api/user/vault/init          -> Vault.InitHandler    (unauthed; first-run web flow)
GET    /api/user/vault/list          -> VaultCRUD.ListHandler        (locked-aware; no unlock required)
PATCH  /api/user/vault/entry/alias   -> VaultCRUD.AliasPatchHandler  (requires unlock)
POST   /api/user/vault/entry         -> VaultCRUD.EntryAddHandler    (requires unlock)
DELETE /api/user/vault/entry         -> VaultCRUD.EntryDeleteHandler (requires unlock)
POST   /api/user/vault/use           -> VaultCRUD.UseHandler         (requires unlock)
POST   /api/user/import/parse        -> Import.ParseHandler
POST   /api/user/import/confirm      -> Import.ConfirmHandler        (requires unlock)
GET    /api/user/import/rules        -> Import.RulesHandler          (unauthed)

The former POST /api/user/vault/reveal endpoint (plaintext secret read) was removed 2026-04-24 security review round 2; see vault/crud.go.

Source Files ¶

View all Source files

handlers.go

Directories ¶

Path	Synopsis
cli Package cli provides the IPC bridge to `aikey _internal *` and the shared HTTP error model used by every handler that talks to the cli.	Package cli provides the IPC bridge to `aikey _internal *` and the shared HTTP error model used by every handler that talks to the cli.
intake Package intake implements the bulk-import HTTP surface (parse / confirm / rules) plus a small VK list cache.	Package intake implements the bulk-import HTTP surface (parse / confirm / rules) plus a small VK list cache.
vault Package vault hosts the personal-vault HTTP surface — unlock/lock/status/ init for the session lifecycle, plus the CRUD endpoints backing the User Vault Web page.	Package vault hosts the personal-vault HTTP surface — unlock/lock/status/ init for the session lifecycle, plus the CRUD endpoints backing the User Vault Web page.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL