Documentation
¶
Overview ¶
Cross-service bot endpoints introduced by the fleet split (PR-A.2).
Both endpoints sit in bot_provision rather than botfather because they are the new contract surface between octo-server and octo-fleet/daemon — keeping them here makes the eventual deprecation of botfather's older runtime/bot APIs cleaner.
POST /v1/bot/mint — web-callable, session-auth, mints a bot
OBO and returns {bot_uid}. bot_token
is server-generated and stays in the
server's robot table.
GET /v1/bot/:uid/token — daemon-callable, api_key Bearer (uk_ prefix),
returns {bot_token}. Authz: caller's api_key
uid must equal the bot's creator_uid AND the
bot must be a member of the api_key's bound
space. (Pre-v2 file-top doc described a JWT
path that no longer exists — JWT teardown
landed in 决策一+二 Phase 4.)
Module bootstrap for bot_provision (package name kept for git history continuity from the previous auth_jwt module). JWT signing / verification / JWKS endpoints have been removed (plan 决策一+二 Phase 4). What's left is:
- bot_api.go: mintBot (web session) + botToken (daemon api_key)
- resolve.go: api_key → uid + space_id lookup with membership check
Module should be renamed to e.g. "bot_api" in a follow-up cleanup; the rename touches internal/modules.go import path so it's left for later.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BotProvision ¶
BotProvision is the module entrypoint registered with octo-lib. Only ctx + logger are needed now — RSA key state was for JWT signing, all gone.
func New ¶
func New(ctx *config.Context) *BotProvision
New returns a configured module. No more loadOrGenerateKey since JWT signing was removed in 合并 plan 决策一+二 Phase 4.
func (*BotProvision) Route ¶
func (a *BotProvision) Route(r *wkhttp.WKHttp)
Route mounts the two bot endpoints. JWT exchange + JWKS endpoints have been removed in Phase 4 — daemon/web now hit fleet/matter directly with api_key/session tokens.
POST /v1/bot/mint — web session auth (octo-lib session middleware) GET /v1/bot/:uid/token — daemon api_key Bearer (validated inline)