user

package
v0.2.4-dev Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 8, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package user is the top-level orchestrator for the user-facing HTTP surface (vault + import) shipped from the public repo.

Page rendering lives in aikey-control/web (React + Vite); the built SPA is embedded into the trial-server / local-server binaries at compile time and served for every unmatched non-API path. There are no Go-side page handlers in this layer.

Composition (post 2026-04-30 deep split):

  • cli — Bridge subprocess + shared error model
  • session — vault session store + RequireUnlock middleware
  • vault — unlock/lock/status/init + Vault-page CRUD
  • intake — bulk-import parse/confirm/rules + VK list cache

Handlers ties these four together with one shared vault.Store and cli.Bridge, then mounts every /api/user/{vault,import}/* route via Register().

Referral was removed from this struct on 2026-04-30 (Path A round 2): the referral handler depends on a SaaS-only package and is wired separately in the SaaS edition. Personal local-server doesn't expose referrals.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	// SessionTTL is the idle timeout for an unlocked vault.
	// v4.1 Stage 13: 默认 15 分钟(之前 10 分钟),让用户在一次导入流程里(粘贴 → 解析 →
	// 编辑 → 逐个 OAuth 登录跳转)不会中途被强制 re-unlock。超过 15 分钟未操作仍自动锁,
	// 保持闲置时的安全边界。
	SessionTTL time.Duration
	// VKCacheTTL is the per-entry TTL for the virtual-key list cache.
	VKCacheTTL time.Duration
	// CliTimeout bounds every `aikey _internal` subprocess invocation.
	CliTimeout time.Duration
}

Config knobs the caller can tune at boot. Zero-valued fields fall back to the defaults below.

type Handlers

type Handlers struct {
	// Store is the shared vault session store. Exposed so callers can stash
	// it in tests (most production callers won't touch it after NewHandlers).
	Store *vault.Store

	// Vault hosts the unlock/lock/status/init endpoints.
	Vault *vault.Handlers

	// VaultCRUD hosts the Vault-page list/add/rename/delete/use endpoints.
	VaultCRUD *vault.CRUDHandlers

	// Import hosts the bulk-import parse/confirm/rules endpoints.
	Import *intake.ImportHandlers

	// Hook hosts the shell-hook rc-wiring endpoint (POST /api/user/hook/install).
	// Only mounted on local-user / trial-full editions — see RegisterHook.
	// Per 20260507-web-hook-rc-modal-自动注入.md.
	Hook *hook.Handlers
}

Handlers is the user-facing API bundle. Construct via NewHandlers — direct struct literals are supported but require pre-built sub-handlers and a shared vault.Store, which is what NewHandlers does for you.

func NewHandlers

func NewHandlers(cfg *Config, logger *slog.Logger) *Handlers

NewHandlers constructs the user-facing Handlers bundle. A nil cfg triggers defaults (15min session TTL, 5min VK cache, 15s cli timeout).

func (*Handlers) Register

func (h *Handlers) Register(mux *http.ServeMux, authMW func(http.Handler) http.Handler)

Register mounts every /api/user/{vault,import}/* route on mux. authMW is the caller's auth middleware — applied to every endpoint EXCEPT /vault/status (unauthed probe) and /vault/init (web-driven first-run path, pre-auth by design).

Route ownership:

POST   /api/user/vault/unlock        -> Vault.UnlockHandler
POST   /api/user/vault/lock          -> Vault.LockHandler
GET    /api/user/vault/status        -> Vault.StatusHandler  (unauthed probe)
POST   /api/user/vault/init          -> Vault.InitHandler    (unauthed; first-run web flow)
GET    /api/user/vault/list          -> VaultCRUD.ListHandler        (locked-aware; no unlock required)
PATCH  /api/user/vault/entry/alias   -> VaultCRUD.AliasPatchHandler  (requires unlock)
POST   /api/user/vault/entry         -> VaultCRUD.EntryAddHandler    (requires unlock)
DELETE /api/user/vault/entry         -> VaultCRUD.EntryDeleteHandler (requires unlock)
POST   /api/user/vault/use           -> VaultCRUD.UseHandler         (requires unlock)
POST   /api/user/import/parse        -> Import.ParseHandler
POST   /api/user/import/confirm      -> Import.ConfirmHandler        (requires unlock)
GET    /api/user/import/rules        -> Import.RulesHandler          (unauthed)

The former POST /api/user/vault/reveal endpoint (plaintext secret read) was removed 2026-04-24 security review round 2; see vault/crud.go.

func (*Handlers) RegisterHook

func (h *Handlers) RegisterHook(mux *http.ServeMux, authMW func(http.Handler) http.Handler)

RegisterHook mounts POST /api/user/hook/install behind authMW.

**Edition guard**: callers MUST only invoke this on local-user / trial-full editions (i.e., wherever the trial-server / local-server process and the user's terminal share the same `~/.zshrc`). Production multi-tenant deployments where the service runs on a remote box must NOT call RegisterHook — writing the server's dotfile would do nothing for the user's terminal and pollutes the service host. The decision lives at the caller (serve.go) so the edition check stays close to the rest of the deployment-mode logic.

Per 20260507-web-hook-rc-modal-自动注入.md.

Directories

Path Synopsis
Package cli provides the IPC bridge to `aikey _internal *` and the shared HTTP error model used by every handler that talks to the cli.
Package cli provides the IPC bridge to `aikey _internal *` and the shared HTTP error model used by every handler that talks to the cli.
Package hook serves the Web-modal "Allow" path for shell-hook rc wiring.
Package hook serves the Web-modal "Allow" path for shell-hook rc wiring.
Package intake implements the bulk-import HTTP surface (parse / confirm / rules) plus a small VK list cache.
Package intake implements the bulk-import HTTP surface (parse / confirm / rules) plus a small VK list cache.
Package vault hosts the personal-vault HTTP surface — unlock/lock/status/ init for the session lifecycle, plus the CRUD endpoints backing the User Vault Web page.
Package vault hosts the personal-vault HTTP surface — unlock/lock/status/ init for the session lifecycle, plus the CRUD endpoints backing the User Vault Web page.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL