api

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2026 License: MIT Imports: 40 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdminHandler added in v0.1.0 

func AdminHandler(shared *Shared, r chi.Router)

func AutoHandler added in v0.1.0 

func AutoHandler(shared *Shared, r chi.Router)

func AutoRouteHandler added in v0.1.0 

func AutoRouteHandler(s *Shared, r chi.Router)

AutoRouteHandler registers the service self-registration routes under /auto/v1. Unlike RouterHandler (admin), these routes scope DELETE to the calling service's own identity — a service may only deregister routes it registered itself.

func CacheHandler added in v0.1.2 

func CacheHandler(shared *Shared, r chi.Router)

CacheHandler registers CDN cache management endpoints under /cache. Mirrors the FirewallHandler pattern exactly.

func CertsHandler added in v0.1.0 

func CertsHandler(s *Shared, r chi.Router)

CertsHandler registers all certificate management API endpoints under /certs. Caller must apply authentication middleware before mounting.

func ClusterHandler added in v0.1.0 

func ClusterHandler(s *Shared, r chi.Router)

ClusterHandler registers all cluster API routes directly on the provided chi.Router. It wires HTTP methods to dedicated handler functions on the Cluster instance.

func FirewallHandler added in v0.1.0 

func FirewallHandler(s *Shared, r chi.Router)

FirewallHandler registers all firewall management API endpoints under the /firewall prefix on the provided chi.Router. Caller should apply authentication middleware via r.Use() before or within the route group.

func HostHandler added in v0.1.0 

func HostHandler(s *Shared, r chi.Router)

HostHandler registers all host management API endpoints under the /discovery prefix on the provided chi.Router. Caller should apply authentication middleware via r.Use() before or within the route group.

func KVHandler added in v0.1.0 

func KVHandler(s *Shared, r chi.Router)

KVHandler registers in-memory KV endpoints under /api/v1/kv. Data is lost on server restart - this is intentional for temporary state.

func KeeperHandler added in v0.1.0 

func KeeperHandler(s *Shared, r chi.Router)

KeeperHandler registers all keeper API endpoints under /keeper. POST /keeper/unlock and GET /keeper/status are public — no auth required. All other routes must be protected by the caller's auth middleware.

func RevokeHandler added in v0.1.0 

func RevokeHandler(s *Shared, r chi.Router)

func RouterHandler added in v0.1.0 

func RouterHandler(s *Shared, r chi.Router)

RouterHandler registers all route management API endpoints directly on the provided chi.Router. It wires POST and DELETE methods to dedicated handlers on the Route instance.

func SecretsHandler added in v0.1.0 

func SecretsHandler(s *Shared, r chi.Router)

func SystemHandler added in v0.1.0 

func SystemHandler(s *Shared, r chi.Router)

func TOTPHandler added in v0.1.0 

func TOTPHandler(s *Shared, r chi.Router)

TOTPHandler registers all TOTP API endpoints under /totp.

func ValidateDomainParam added in v0.1.0 

func ValidateDomainParam(next http.Handler) http.Handler

ValidateDomainParam is chi middleware that rejects path-traversal attempts in {domain} route parameters. It validates the domain segment before handler execution and returns 400 for unsafe values.

func ValidateKeyParam added in v0.1.0 

func ValidateKeyParam(next http.Handler) http.Handler

ValidateKeyParam is chi middleware that validates key format. Rejects empty keys and keys with path traversal attempts.

Types

type ActiveState added in v0.1.0 

type ActiveState struct {
	Global   *alaye.Global
	Firewall *firewall.Engine
	TLSS     *tlss.Manager
}

type AutoRoute added in v0.1.0 

type AutoRoute struct {
	// contains filtered or unexported fields
}

func NewAutoRoute added in v0.1.0 

func NewAutoRoute(cfg *Shared) *AutoRoute

type Certs added in v0.1.0 

type Certs struct {
	// contains filtered or unexported fields
}

Certs provides HTTP handlers for listing, uploading, and deleting TLS certificates.

func NewCerts added in v0.1.0 

func NewCerts(cfg *Shared) *Certs

type Cluster added in v0.1.0 

type Cluster struct {
	// contains filtered or unexported fields
}

Cluster provides HTTP handlers for cluster route management operations. It encapsulates dependencies for logging, security, and cluster coordination.

func NewCluster added in v0.1.0 

func NewCluster(cfg *Shared) *Cluster

NewCluster initializes a Cluster instance with shared application dependencies. It configures the logger namespace and prepares middleware for request handling.

type Firewall added in v0.1.0 

type Firewall struct {
	// contains filtered or unexported fields
}

Firewall provides HTTP handlers for IP blocking, unblocking, and rule listing operations. It encapsulates the firewall ppk and logger for administrative control.

func NewFirewall added in v0.1.0 

func NewFirewall(cfg *Shared) *Firewall

NewFirewall initializes a Firewall instance with shared application dependencies. It configures the logger namespace and prepares the handler for firewall operations.

type Host added in v0.1.0 

type Host struct {
	// contains filtered or unexported fields
}

Host provides HTTP handlers for host configuration CRUD operations with HCL/JSON support. It encapsulates the discovery host ppk, storage directory, and logger for host operations.

func NewHost added in v0.1.0 

func NewHost(cfg *Shared) *Host

NewHost initializes a Host instance with shared application dependencies. It configures the logger namespace and prepares the handler for host management.

type KV added in v0.1.0 

type KV struct {
	// contains filtered or unexported fields
}

KV provides HTTP handlers for in-memory key-value storage. Uses mappo.Cache for high-performance, TTL-capable caching with automatic eviction.

func NewKV added in v0.1.0 

func NewKV(cfg *Shared) *KV

NewKV initializes a KV instance with a sized cache. Defaults to 100,000 entries max with automatic LRU eviction.

type Keeper added in v0.1.0 

type Keeper struct {
	// contains filtered or unexported fields
}

func NewKeeper added in v0.1.0 

func NewKeeper(cfg *Shared) *Keeper

NewKeeper constructs a Keeper handler from shared application state.

type Revoke added in v0.1.0 

type Revoke struct {
	// contains filtered or unexported fields
}

type Route added in v0.1.0 

type Route struct {
	// contains filtered or unexported fields
}

Route provides HTTP handlers for dynamic route registration and expiration management. It interacts with the cluster store to persist route metadata with optional TTL.

func NewRoute added in v0.1.0 

func NewRoute(cfg *Shared) *Route

NewRoute initializes a Route instance with shared application dependencies. It configures the logger namespace for consistent API-level logging.

type Secrets added in v0.1.0 

type Secrets struct {
	// contains filtered or unexported fields
}

func NewSecrets added in v0.1.0 

func NewSecrets(cfg *Shared) *Secrets

type Shared added in v0.1.0 

type Shared struct {
	Logger        *ll.Logger
	Cluster       *cluster.Manager
	Keeper        *keeper.Keeper
	Discovery     *discovery.Host
	PPK           *security.PPK
	Telemetry     *telemetry.Store
	RevokeStore   *revoke.Store
	UpdateChecker UpdateChecker

	// CacheStore is the active cache backend, wired in from admin.go at startup.
	// Used by CacheHandler for purge-by-tag and clear-all operations.
	CacheStore stash.Store
	// contains filtered or unexported fields
}

func (*Shared) State added in v0.1.0 

func (s *Shared) State() *ActiveState

func (*Shared) UpdateState added in v0.1.0 

func (s *Shared) UpdateState(newState *ActiveState)

type System added in v0.1.0 

type System struct {
	// contains filtered or unexported fields
}

type SystemInfo added in v0.1.0 

type SystemInfo struct {
	Version   string      `json:"version"`
	Commit    string      `json:"commit"`
	BuildDate string      `json:"build_date"`
	GoVersion string      `json:"go_version"`
	OS        string      `json:"os"`
	Arch      string      `json:"arch"`
	Update    *UpdateInfo `json:"update,omitempty"`
}

type TOTP added in v0.1.0 

type TOTP struct {
	// contains filtered or unexported fields
}

TOTP handles TOTP secret generation, QR provisioning, and code verification.

func NewTOTP added in v0.1.0 

func NewTOTP(cfg *Shared) *TOTP

func (*TOTP) VerifyCode added in v0.1.0 

func (t *TOTP) VerifyCode(username, code string) bool

VerifyCode checks a TOTP code for a user against the current admin config.

Secret resolution order (all handled transparently by expect.Value.ResolveErr): Plain base32 literal in HCL: secret = "JBSWY3DPEHPK3PXP" Keeper reference in HCL: secret = "vault://admin/totp/alice" Environment variable in HCL: secret = "env.ALICE_TOTP_SECRET"

Returns false when TOTP is disabled, the user is not found, or the code is wrong.

type UpdateChecker added in v0.1.0 

type UpdateChecker interface {
	GetCurrent() string
	GetLatest() string
	IsAvailable() bool
}

type UpdateInfo added in v0.1.0 

type UpdateInfo struct {
	Current   string    `json:"current"`
	Latest    string    `json:"latest,omitempty"`
	Available bool      `json:"available"`
	CheckedAt time.Time `json:"checked_at,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.