userlocal

package
v0.2.4-dev Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 8, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package userlocal assembles the Personal-edition local-server HTTP handler.

This is the minimal Personal control surface — vault management + batch import + a stub identity endpoint — and exists so that `aikey-local-server` (the binary that runs on a Personal user's machine to serve the local Web Console on port 8090 by default) compiles without pulling in any SaaS-only modules.

It imports only:

  • pkg/userapi (top-level orchestrator: vault + import)
  • pkg/userapi/{cli,session,vault,intake} (transitively)
  • pkg/shared (DB + middleware utilities)

Routes provided:

POST   /api/user/vault/unlock
POST   /api/user/vault/lock
GET    /api/user/vault/status        (unauthed probe — used by Web UI)
POST   /api/user/vault/init          (first-run master-password setup)
GET    /api/user/vault/list          (requires unlock)
PATCH  /api/user/vault/entry/alias   (requires unlock)
POST   /api/user/vault/entry         (requires unlock)
DELETE /api/user/vault/entry         (requires unlock)
POST   /api/user/vault/use           (requires unlock)
POST   /api/user/import/parse        (requires unlock)
POST   /api/user/import/confirm      (requires unlock)
GET    /api/user/import/rules        (unauthed)
GET    /accounts/me                  (local_bypass identity stub)
GET    /accounts/me/seats            (empty — Personal has no orgs)
GET    /accounts/me/all-keys         (empty — Personal has no team keys)
GET    /accounts/me/pending-keys     (empty — Personal has no team keys)
GET    /accounts/me/sync-version     (always 0 — no team-key delta cursor)
GET    /accounts/me/managed-keys-snapshot (empty)

What this package does NOT provide (out of scope for Personal):

  • /accounts/login / /accounts/register (Personal uses local_bypass)
  • /v1/usage/* (served by aikey-data/query-service if installed)
  • /v1/keys/resolve (org-managed VK delivery resolve — SaaS only)
  • any backend admin route (SaaS-only, never compiled in)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewHandler

func NewHandler(cfg Config) http.Handler

NewHandler returns the HTTP handler for the Personal local-server.

Personal local-server runs in `local_bypass` auth mode — the user owns the machine, the SPA is served with `authMode:"local_bypass"`, and there is no SaaS account to authenticate against. So the auth middleware passed to intake is a passthrough (returns the inner handler unchanged).

Types

type Config

type Config struct {
	Logger     *slog.Logger
	SessionTTL time.Duration
	VKCacheTTL time.Duration
	CliTimeout time.Duration

	// UsageFacade is the in-proc query-service handler that owns
	// `/v1/usage/*`. Personal local-server runs the same single-port
	// pattern as cmd/full: trial-server's serve.Run constructs an
	// in-proc querykit.Handler against the local SQLite DB and threads
	// it through ControlConfig.UsageFacade, and we mount it here at
	// `/v1/usage/`. Nil-safe: when the facade isn't supplied, the five
	// `/v1/usage/personal/*` routes the SPA queries 404 (the FE's
	// `useQuery` defensively defaults to empty arrays — charts show
	// empty, no crash).
	UsageFacade http.Handler
}

Config bundles the optional knobs callers can tune at boot. Zero-valued fields fall back to userapi defaults (15min session TTL, 5min VK cache, 15s CLI timeout).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL