diff --git a/.codex/environments/environment.toml b/.codex/environments/environment.toml new file mode 100644 index 0000000..e88452c --- /dev/null +++ b/.codex/environments/environment.toml @@ -0,0 +1,6 @@ +# THIS IS AUTOGENERATED. DO NOT EDIT MANUALLY +version = 1 +name = "network" + +[setup] +script = "export MCP_BEARER_TOKEN=\"ra_9941ab97eb51668394a68963a2ab6fead0ca942afe437a6e2f4a520efcb24036\"" diff --git a/.github/workflows/release-apt.yml b/.github/workflows/release-apt.yml index d5e361e..f8b9a91 100644 --- a/.github/workflows/release-apt.yml +++ b/.github/workflows/release-apt.yml @@ -82,7 +82,7 @@ jobs: Priority: optional Architecture: ${ARCH} Depends: libc6 - Maintainer: DeBros Team + Maintainer: DeBros Team Description: Orama Network - Distributed P2P Database System Orama is a distributed peer-to-peer network that combines RQLite for distributed SQL, IPFS for content-addressed storage, diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6032a7e..bb67b47 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,6 +34,7 @@ jobs: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }} - name: Upload artifacts uses: actions/upload-artifact@v4 @@ -42,32 +43,26 @@ jobs: path: dist/ retention-days: 5 - # Optional: Publish to GitHub Packages (requires additional setup) - publish-packages: + # Verify release artifacts + verify-release: runs-on: ubuntu-latest needs: build-release if: startsWith(github.ref, 'refs/tags/') - + steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Download artifacts uses: actions/download-artifact@v4 with: name: release-artifacts path: dist/ - - - name: Publish to GitHub Packages - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: List release artifacts run: | - echo "Publishing Debian packages to GitHub Packages..." - for deb in dist/*.deb; do - if [ -f "$deb" ]; then - curl -H "Authorization: token $GITHUB_TOKEN" \ - -H "Content-Type: application/octet-stream" \ - --data-binary @"$deb" \ - "https://uploads.github.com/repos/${{ github.repository }}/releases/upload?name=$(basename "$deb")" - fi - done + echo "=== Release Artifacts ===" + ls -la dist/ + echo "" + echo "=== .deb packages ===" + ls -la dist/*.deb 2>/dev/null || echo "No .deb files found" + echo "" + echo "=== Archives ===" + ls -la dist/*.tar.gz 2>/dev/null || echo "No .tar.gz files found" diff --git a/.gitignore b/.gitignore index 01f562e..0c3dd17 100644 --- a/.gitignore +++ b/.gitignore @@ -30,6 +30,8 @@ dist/ # OS generated files .DS_Store +.codex/ +redeploy-6.sh .DS_Store? ._* .Spotlight-V100 @@ -45,6 +47,9 @@ Thumbs.db .env.local .env.*.local +# E2E test config (contains production credentials) +e2e/config.yaml + # Temporary files tmp/ temp/ @@ -80,4 +85,17 @@ configs/ .claude/ .mcp.json -.cursor/ \ No newline at end of file +.cursor/ + +# Remote node credentials +scripts/remote-nodes.conf + +orama-cli-linux + +rnd/ + +keys_backup/ + +vps.txt + +bin-linux/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 6cebf4a..66e4240 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,17 +1,21 @@ # GoReleaser Configuration for DeBros Network -# Builds and releases the dbn binary for multiple platforms -# Other binaries (node, gateway, identity) are installed via: dbn setup +# Builds and releases orama (CLI) and orama-node binaries +# Publishes to: GitHub Releases, Homebrew, and apt (.deb packages) project_name: debros-network env: - GO111MODULE=on +before: + hooks: + - go mod tidy + builds: - # dbn binary - only build the CLI - - id: dbn + # orama CLI binary + - id: orama main: ./cmd/cli - binary: dbn + binary: orama goos: - linux - darwin @@ -25,18 +29,107 @@ builds: - -X main.date={{.Date}} mod_timestamp: "{{ .CommitTimestamp }}" + # orama-node binary (Linux only for apt) + - id: orama-node + main: ./cmd/node + binary: orama-node + goos: + - linux + goarch: + - amd64 + - arm64 + ldflags: + - -s -w + - -X main.version={{.Version}} + - -X main.commit={{.ShortCommit}} + - -X main.date={{.Date}} + mod_timestamp: "{{ .CommitTimestamp }}" + archives: - # Tar.gz archives for dbn - - id: binaries + # Tar.gz archives for orama CLI + - id: orama-archives + builds: + - orama format: tar.gz - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" + name_template: "orama_{{ .Version }}_{{ .Os }}_{{ .Arch }}" files: - README.md - LICENSE - CHANGELOG.md - format_overrides: - - goos: windows - format: zip + + # Tar.gz archives for orama-node + - id: orama-node-archives + builds: + - orama-node + format: tar.gz + name_template: "orama-node_{{ .Version }}_{{ .Os }}_{{ .Arch }}" + files: + - README.md + - LICENSE + +# Debian packages for apt +nfpms: + # orama CLI .deb package + - id: orama-deb + package_name: orama + builds: + - orama + vendor: DeBros + homepage: https://github.com/DeBrosOfficial/network + maintainer: DeBros + description: CLI tool for the Orama decentralized network + license: MIT + formats: + - deb + bindir: /usr/bin + section: utils + priority: optional + contents: + - src: ./README.md + dst: /usr/share/doc/orama/README.md + deb: + lintian_overrides: + - statically-linked-binary + + # orama-node .deb package + - id: orama-node-deb + package_name: orama-node + builds: + - orama-node + vendor: DeBros + homepage: https://github.com/DeBrosOfficial/network + maintainer: DeBros + description: Node daemon for the Orama decentralized network + license: MIT + formats: + - deb + bindir: /usr/bin + section: net + priority: optional + contents: + - src: ./README.md + dst: /usr/share/doc/orama-node/README.md + deb: + lintian_overrides: + - statically-linked-binary + +# Homebrew tap for macOS (orama CLI only) +brews: + - name: orama + ids: + - orama-archives + repository: + owner: DeBrosOfficial + name: homebrew-tap + token: "{{ .Env.HOMEBREW_TAP_TOKEN }}" + folder: Formula + homepage: https://github.com/DeBrosOfficial/network + description: CLI tool for the Orama decentralized network + license: MIT + install: | + bin.install "orama" + test: | + system "#{bin}/orama", "--version" checksum: name_template: "checksums.txt" @@ -64,3 +157,5 @@ release: draft: false prerelease: auto name_template: "Release {{.Version}}" + extra_files: + - glob: ./dist/*.deb diff --git a/Makefile b/Makefile index 3067f9e..b0f5911 100644 --- a/Makefile +++ b/Makefile @@ -8,21 +8,89 @@ test: # Gateway-focused E2E tests assume gateway and nodes are already running # Auto-discovers configuration from ~/.orama and queries database for API key # No environment variables required -.PHONY: test-e2e +.PHONY: test-e2e test-e2e-deployments test-e2e-fullstack test-e2e-https test-e2e-quick test-e2e-local test-e2e-prod test-e2e-shared test-e2e-cluster test-e2e-integration test-e2e-production + +# Check if gateway is running (helper) +.PHONY: check-gateway +check-gateway: + @if ! curl -sf http://localhost:6001/v1/health > /dev/null 2>&1; then \ + echo "❌ Gateway not running on localhost:6001"; \ + echo ""; \ + echo "To run tests locally:"; \ + echo " 1. Start the dev environment: make dev"; \ + echo " 2. Wait for all services to start (~30 seconds)"; \ + echo " 3. Run tests: make test-e2e-local"; \ + echo ""; \ + echo "To run tests against production:"; \ + echo " ORAMA_GATEWAY_URL=https://dbrs.space make test-e2e"; \ + exit 1; \ + fi + @echo "✅ Gateway is running" + +# Local E2E tests - checks gateway first +test-e2e-local: check-gateway + @echo "Running E2E tests against local dev environment..." + go test -v -tags e2e -timeout 30m ./e2e/... + +# Production E2E tests - includes production-only tests +test-e2e-prod: + @if [ -z "$$ORAMA_GATEWAY_URL" ]; then \ + echo "❌ ORAMA_GATEWAY_URL not set"; \ + echo "Usage: ORAMA_GATEWAY_URL=https://dbrs.space make test-e2e-prod"; \ + exit 1; \ + fi + @echo "Running E2E tests (including production-only) against $$ORAMA_GATEWAY_URL..." + go test -v -tags "e2e production" -timeout 30m ./e2e/... + +# Generic e2e target (works with both local and production) test-e2e: @echo "Running comprehensive E2E tests..." @echo "Auto-discovering configuration from ~/.orama..." - go test -v -tags e2e ./e2e + @echo "Tip: Use 'make test-e2e-local' for local or 'make test-e2e-prod' for production" + go test -v -tags e2e -timeout 30m ./e2e/... + +test-e2e-deployments: + @echo "Running deployment E2E tests..." + go test -v -tags e2e -timeout 15m ./e2e/deployments/... + +test-e2e-fullstack: + @echo "Running fullstack E2E tests..." + go test -v -tags e2e -timeout 20m -run "TestFullStack" ./e2e/... + +test-e2e-https: + @echo "Running HTTPS/external access E2E tests..." + go test -v -tags e2e -timeout 10m -run "TestHTTPS" ./e2e/... + +test-e2e-shared: + @echo "Running shared E2E tests..." + go test -v -tags e2e -timeout 10m ./e2e/shared/... + +test-e2e-cluster: + @echo "Running cluster E2E tests..." + go test -v -tags e2e -timeout 15m ./e2e/cluster/... + +test-e2e-integration: + @echo "Running integration E2E tests..." + go test -v -tags e2e -timeout 20m ./e2e/integration/... + +test-e2e-production: + @echo "Running production-only E2E tests..." + go test -v -tags "e2e production" -timeout 15m ./e2e/production/... + +test-e2e-quick: + @echo "Running quick E2E smoke tests..." + go test -v -tags e2e -timeout 5m -run "TestStatic|TestHealth" ./e2e/... # Network - Distributed P2P Database System # Makefile for development and build tasks .PHONY: build clean test run-node run-node2 run-node3 run-example deps tidy fmt vet lint clear-ports install-hooks kill -VERSION := 0.90.0 +VERSION := 0.100.0 COMMIT ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo unknown) DATE ?= $(shell date -u +%Y-%m-%dT%H:%M:%SZ) LDFLAGS := -X 'main.version=$(VERSION)' -X 'main.commit=$(COMMIT)' -X 'main.date=$(DATE)' +LDFLAGS_LINUX := -s -w $(LDFLAGS) # Build targets build: deps @@ -36,6 +104,46 @@ build: deps go build -ldflags "$(LDFLAGS) -X 'github.com/DeBrosOfficial/network/pkg/gateway.BuildVersion=$(VERSION)' -X 'github.com/DeBrosOfficial/network/pkg/gateway.BuildCommit=$(COMMIT)' -X 'github.com/DeBrosOfficial/network/pkg/gateway.BuildTime=$(DATE)'" -o bin/gateway ./cmd/gateway @echo "Build complete! Run ./bin/orama version" +# Cross-compile all binaries for Linux (used with --pre-built flag on VPS) +# Builds: DeBros binaries + Olric + CoreDNS (with rqlite plugin) + Caddy (with orama DNS module) +build-linux: deps + @echo "Cross-compiling all binaries for linux/amd64 (version=$(VERSION))..." + @mkdir -p bin-linux + GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS_LINUX)" -trimpath -o bin-linux/identity ./cmd/identity + GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS_LINUX)" -trimpath -o bin-linux/orama-node ./cmd/node + GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS_LINUX)" -trimpath -o bin-linux/orama cmd/cli/main.go + GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS_LINUX)" -trimpath -o bin-linux/rqlite-mcp ./cmd/rqlite-mcp + GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS_LINUX) -X 'github.com/DeBrosOfficial/network/pkg/gateway.BuildVersion=$(VERSION)' -X 'github.com/DeBrosOfficial/network/pkg/gateway.BuildCommit=$(COMMIT)' -X 'github.com/DeBrosOfficial/network/pkg/gateway.BuildTime=$(DATE)'" -trimpath -o bin-linux/gateway ./cmd/gateway + GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS_LINUX)" -trimpath -o bin-linux/orama-cli ./cmd/cli + @echo "Building Olric for linux/amd64..." + GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -trimpath -o bin-linux/olric-server github.com/olric-data/olric/cmd/olric-server + @echo "✓ All Linux binaries built in bin-linux/" + @echo "" + @echo "Next steps:" + @echo " 1. Build CoreDNS: make build-linux-coredns" + @echo " 2. Build Caddy: make build-linux-caddy" + @echo " 3. Or build all: make build-linux-all" + +# Build CoreDNS with rqlite plugin for Linux +build-linux-coredns: + @bash scripts/build-linux-coredns.sh + +# Build Caddy with orama DNS module for Linux +build-linux-caddy: + @bash scripts/build-linux-caddy.sh + +# Build everything for Linux (all binaries + CoreDNS + Caddy) +build-linux-all: build-linux build-linux-coredns build-linux-caddy + @echo "" + @echo "✅ All Linux binaries ready in bin-linux/:" + @ls -la bin-linux/ + @echo "" + @echo "Deploy to VPS:" + @echo " scp bin-linux/* ubuntu@:/home/debros/bin/" + @echo " scp bin-linux/coredns ubuntu@:/usr/local/bin/coredns" + @echo " scp bin-linux/caddy ubuntu@:/usr/bin/caddy" + @echo " sudo orama install --pre-built --no-pull ..." + # Install git hooks install-hooks: @echo "Installing git hooks..." @@ -93,7 +201,7 @@ help: @echo "Available targets:" @echo " build - Build all executables" @echo " clean - Clean build artifacts" - @echo " test - Run tests" + @echo " test - Run unit tests" @echo "" @echo "Local Development (Recommended):" @echo " make dev - Start full development stack with one command" @@ -103,6 +211,20 @@ help: @echo " make stop - Gracefully stop all development services" @echo " make kill - Force kill all development services (use if stop fails)" @echo "" + @echo "E2E Testing:" + @echo " make test-e2e-local - Run E2E tests against local dev (checks gateway first)" + @echo " make test-e2e-prod - Run all E2E tests incl. production-only (needs ORAMA_GATEWAY_URL)" + @echo " make test-e2e-shared - Run shared E2E tests (cache, storage, pubsub, auth)" + @echo " make test-e2e-cluster - Run cluster E2E tests (libp2p, olric, rqlite, namespace)" + @echo " make test-e2e-integration - Run integration E2E tests (fullstack, persistence, concurrency)" + @echo " make test-e2e-deployments - Run deployment E2E tests" + @echo " make test-e2e-production - Run production-only E2E tests (DNS, HTTPS, cross-node)" + @echo " make test-e2e-quick - Quick smoke tests (static deploys, health checks)" + @echo " make test-e2e - Generic E2E tests (auto-discovers config)" + @echo "" + @echo " Example production test:" + @echo " ORAMA_GATEWAY_URL=https://dbrs.space make test-e2e-prod" + @echo "" @echo "Development Management (via orama):" @echo " ./bin/orama dev status - Show status of all dev services" @echo " ./bin/orama dev logs [--follow]" diff --git a/README.md b/README.md index 420eb0c..fec2e94 100644 --- a/README.md +++ b/README.md @@ -9,11 +9,97 @@ A high-performance API Gateway and distributed platform built in Go. Provides a - **🔐 Authentication** - Wallet signatures, API keys, JWT tokens - **💾 Storage** - IPFS-based decentralized file storage with encryption - **⚡ Cache** - Distributed cache with Olric (in-memory key-value) -- **🗄️ Database** - RQLite distributed SQL with Raft consensus +- **🗄️ Database** - RQLite distributed SQL with Raft consensus + Per-namespace SQLite databases - **📡 Pub/Sub** - Real-time messaging via LibP2P and WebSocket - **⚙️ Serverless** - WebAssembly function execution with host functions - **🌐 HTTP Gateway** - Unified REST API with automatic HTTPS (Let's Encrypt) - **📦 Client SDK** - Type-safe Go SDK for all services +- **🚀 App Deployments** - Deploy React, Next.js, Go, Node.js apps with automatic domains +- **🗄️ SQLite Databases** - Per-namespace isolated databases with IPFS backups + +## Application Deployments + +Deploy full-stack applications with automatic domain assignment and namespace isolation. + +### Deploy a React App + +```bash +# Build your app +cd my-react-app +npm run build + +# Deploy to Orama Network +orama deploy static ./dist --name my-app + +# Your app is now live at: https://my-app.orama.network +``` + +### Deploy Next.js with SSR + +```bash +cd my-nextjs-app + +# Ensure next.config.js has: output: 'standalone' +npm run build +orama deploy nextjs . --name my-nextjs --ssr + +# Live at: https://my-nextjs.orama.network +``` + +### Deploy Go Backend + +```bash +# Build for Linux (name binary 'app' for auto-detection) +GOOS=linux GOARCH=amd64 go build -o app main.go + +# Deploy (must implement /health endpoint) +orama deploy go ./app --name my-api + +# API live at: https://my-api.orama.network +``` + +### Create SQLite Database + +```bash +# Create database +orama db create my-database + +# Create schema +orama db query my-database "CREATE TABLE users (id INT, name TEXT)" + +# Insert data +orama db query my-database "INSERT INTO users VALUES (1, 'Alice')" + +# Query data +orama db query my-database "SELECT * FROM users" + +# Backup to IPFS +orama db backup my-database +``` + +### Full-Stack Example + +Deploy a complete app with React frontend, Go backend, and SQLite database: + +```bash +# 1. Create database +orama db create myapp-db +orama db query myapp-db "CREATE TABLE users (id INT PRIMARY KEY, name TEXT)" + +# 2. Deploy Go backend (connects to database) +GOOS=linux GOARCH=amd64 go build -o api main.go +orama deploy go ./api --name myapp-api + +# 3. Deploy React frontend (calls backend API) +cd frontend && npm run build +orama deploy static ./dist --name myapp + +# Access: +# Frontend: https://myapp.orama.network +# Backend: https://myapp-api.orama.network +``` + +**📖 Full Guide**: See [Deployment Guide](docs/DEPLOYMENT_GUIDE.md) for complete documentation, examples, and best practices. ## Quick Start @@ -108,36 +194,63 @@ make build ## CLI Commands +### Authentication + +```bash +orama auth login # Authenticate with wallet +orama auth status # Check authentication +orama auth logout # Clear credentials +``` + +### Application Deployments + +```bash +# Deploy applications +orama deploy static --name myapp # React, Vue, static sites +orama deploy nextjs --name myapp --ssr # Next.js with SSR (requires output: 'standalone') +orama deploy go --name myapp # Go binaries (must have /health endpoint) +orama deploy nodejs --name myapp # Node.js apps (must have /health endpoint) + +# Manage deployments +orama deployments list # List all deployments +orama deployments get # Get deployment details +orama deployments logs --follow # View logs +orama deployments delete # Delete deployment +orama deployments rollback --version 1 # Rollback to version +``` + +### SQLite Databases + +```bash +orama db create # Create database +orama db query "SELECT * FROM t" # Execute SQL query +orama db list # List all databases +orama db backup # Backup to IPFS +orama db backups # List backups +``` + ### Network Status ```bash -./bin/orama health # Cluster health check -./bin/orama peers # List connected peers -./bin/orama status # Network status +orama health # Cluster health check +orama peers # List connected peers +orama status # Network status ``` -### Database Operations +### RQLite Operations ```bash -./bin/orama query "SELECT * FROM users" -./bin/orama query "CREATE TABLE users (id INTEGER PRIMARY KEY)" -./bin/orama transaction --file ops.json +orama query "SELECT * FROM users" +orama query "CREATE TABLE users (id INTEGER PRIMARY KEY)" +orama transaction --file ops.json ``` ### Pub/Sub ```bash -./bin/orama pubsub publish -./bin/orama pubsub subscribe 30s -./bin/orama pubsub topics -``` - -### Authentication - -```bash -./bin/orama auth login -./bin/orama auth status -./bin/orama auth logout +orama pubsub publish +orama pubsub subscribe 30s +orama pubsub topics ``` ## Serverless Functions (WASM) @@ -211,18 +324,81 @@ curl -X DELETE http://localhost:6001/v1/functions/hello-world?namespace=default - 5001 - RQLite HTTP API - 6001 - Unified Gateway - 8080 - IPFS Gateway -- 9050 - Anyone Client SOCKS5 proxy +- 9050 - Anyone SOCKS5 proxy - 9094 - IPFS Cluster API - 3320/3322 - Olric Cache -### Installation +**Anyone Relay Mode (optional, for earning rewards):** + +- 9001 - Anyone ORPort (relay traffic, must be open externally) + +### Anyone Network Integration + +Orama Network integrates with the [Anyone Protocol](https://anyone.io) for anonymous routing. By default, nodes run as **clients** (consuming the network). Optionally, you can run as a **relay operator** to earn rewards. + +**Client Mode (Default):** +- Routes traffic through Anyone network for anonymity +- SOCKS5 proxy on localhost:9050 +- No rewards, just consumes network + +**Relay Mode (Earn Rewards):** +- Provide bandwidth to the Anyone network +- Earn $ANYONE tokens as a relay operator +- Requires 100 $ANYONE tokens in your wallet +- Requires ORPort (9001) open to the internet ```bash -# Install via APT -echo "deb https://debrosficial.github.io/network/apt stable main" | sudo tee /etc/apt/sources.list.d/debros.list +# Install as relay operator (earn rewards) +sudo orama install --vps-ip --domain \ + --anyone-relay \ + --anyone-nickname "MyRelay" \ + --anyone-contact "operator@email.com" \ + --anyone-wallet "0x1234...abcd" -sudo apt update && sudo apt install orama +# With exit relay (legal implications apply) +sudo orama install --vps-ip --domain \ + --anyone-relay \ + --anyone-exit \ + --anyone-nickname "MyExitRelay" \ + --anyone-contact "operator@email.com" \ + --anyone-wallet "0x1234...abcd" +# Migrate existing Anyone installation +sudo orama install --vps-ip --domain \ + --anyone-relay \ + --anyone-migrate \ + --anyone-nickname "MyRelay" \ + --anyone-contact "operator@email.com" \ + --anyone-wallet "0x1234...abcd" +``` + +**Important:** After installation, register your relay at [dashboard.anyone.io](https://dashboard.anyone.io) to start earning rewards. + +### Installation + +**macOS (Homebrew):** + +```bash +brew install DeBrosOfficial/tap/orama +``` + +**Linux (Debian/Ubuntu):** + +```bash +# Download and install the latest .deb package +curl -sL https://github.com/DeBrosOfficial/network/releases/latest/download/orama_$(curl -s https://api.github.com/repos/DeBrosOfficial/network/releases/latest | grep tag_name | cut -d '"' -f 4 | tr -d 'v')_linux_amd64.deb -o orama.deb +sudo dpkg -i orama.deb +``` + +**From Source:** + +```bash +go install github.com/DeBrosOfficial/network/cmd/cli@latest +``` + +**Setup (after installation):** + +```bash sudo orama install --interactive ``` @@ -331,10 +507,12 @@ See `openapi/gateway.yaml` for complete API specification. ## Documentation +- **[Deployment Guide](docs/DEPLOYMENT_GUIDE.md)** - Deploy React, Next.js, Go apps and manage databases - **[Architecture Guide](docs/ARCHITECTURE.md)** - System architecture and design patterns - **[Client SDK](docs/CLIENT_SDK.md)** - Go SDK documentation and examples - **[Gateway API](docs/GATEWAY_API.md)** - Complete HTTP API reference - **[Security Deployment](docs/SECURITY_DEPLOYMENT_GUIDE.md)** - Production security hardening +- **[Testing Plan](docs/TESTING_PLAN.md)** - Comprehensive testing strategy and implementation ## Resources diff --git a/cmd/cli/main.go b/cmd/cli/main.go index 35ea99f..c947477 100644 --- a/cmd/cli/main.go +++ b/cmd/cli/main.go @@ -53,6 +53,8 @@ func main() { cli.HandleProdCommand(args) // Direct production commands (new simplified interface) + case "invite": + cli.HandleProdCommand(append([]string{"invite"}, args...)) case "install": cli.HandleProdCommand(append([]string{"install"}, args...)) case "upgrade": @@ -76,6 +78,24 @@ func main() { case "auth": cli.HandleAuthCommand(args) + // Deployment commands + case "deploy": + cli.HandleDeployCommand(args) + case "deployments": + cli.HandleDeploymentsCommand(args) + + // Database commands + case "db": + cli.HandleDBCommand(args) + + // Namespace management + case "namespace": + cli.HandleNamespaceCommand(args) + + // Environment management + case "env": + cli.HandleEnvCommand(args) + // Help case "help", "--help", "-h": showHelp() @@ -132,19 +152,59 @@ func showHelp() { fmt.Printf(" auth status - Show detailed auth info\n") fmt.Printf(" auth help - Show auth command help\n\n") + fmt.Printf("📦 Deployments:\n") + fmt.Printf(" deploy static - Deploy a static site (React, Vue, etc.)\n") + fmt.Printf(" deploy nextjs - Deploy a Next.js application\n") + fmt.Printf(" deploy go - Deploy a Go backend\n") + fmt.Printf(" deploy nodejs - Deploy a Node.js backend\n") + fmt.Printf(" deployments list - List all deployments\n") + fmt.Printf(" deployments get - Get deployment details\n") + fmt.Printf(" deployments logs - View deployment logs\n") + fmt.Printf(" deployments delete - Delete a deployment\n") + fmt.Printf(" deployments rollback - Rollback to previous version\n\n") + + fmt.Printf("🗄️ Databases:\n") + fmt.Printf(" db create - Create a SQLite database\n") + fmt.Printf(" db query \"\" - Execute SQL query\n") + fmt.Printf(" db list - List all databases\n") + fmt.Printf(" db backup - Backup database to IPFS\n") + fmt.Printf(" db backups - List database backups\n\n") + + fmt.Printf("🏢 Namespaces:\n") + fmt.Printf(" namespace delete - Delete current namespace and all resources\n\n") + + fmt.Printf("🌍 Environments:\n") + fmt.Printf(" env list - List all environments\n") + fmt.Printf(" env current - Show current environment\n") + fmt.Printf(" env switch - Switch to environment\n\n") + fmt.Printf("Global Flags:\n") fmt.Printf(" -f, --format - Output format: table, json (default: table)\n") fmt.Printf(" -t, --timeout - Operation timeout (default: 30s)\n") fmt.Printf(" --help, -h - Show this help message\n\n") fmt.Printf("Examples:\n") + fmt.Printf(" # Deploy a React app\n") + fmt.Printf(" cd my-react-app && npm run build\n") + fmt.Printf(" orama deploy static ./dist --name my-app\n\n") + + fmt.Printf(" # Deploy a Next.js app with SSR\n") + fmt.Printf(" cd my-nextjs-app && npm run build\n") + fmt.Printf(" orama deploy nextjs . --name my-nextjs --ssr\n\n") + + fmt.Printf(" # Create and use a database\n") + fmt.Printf(" orama db create my-db\n") + fmt.Printf(" orama db query my-db \"CREATE TABLE users (id INT, name TEXT)\"\n") + fmt.Printf(" orama db query my-db \"INSERT INTO users VALUES (1, 'Alice')\"\n\n") + + fmt.Printf(" # Manage deployments\n") + fmt.Printf(" orama deployments list\n") + fmt.Printf(" orama deployments get my-app\n") + fmt.Printf(" orama deployments logs my-app --follow\n\n") + fmt.Printf(" # First node (creates new cluster)\n") fmt.Printf(" sudo orama install --vps-ip 203.0.113.1 --domain node-1.orama.network\n\n") - fmt.Printf(" # Join existing cluster\n") - fmt.Printf(" sudo orama install --vps-ip 203.0.113.2 --domain node-2.orama.network \\\n") - fmt.Printf(" --peers /ip4/203.0.113.1/tcp/4001/p2p/12D3KooW... --cluster-secret \n\n") - fmt.Printf(" # Service management\n") fmt.Printf(" orama status\n") fmt.Printf(" orama logs node --follow\n") diff --git a/cmd/gateway/config.go b/cmd/gateway/config.go index 639a84b..017ff0d 100644 --- a/cmd/gateway/config.go +++ b/cmd/gateway/config.go @@ -77,6 +77,7 @@ func parseGatewayConfig(logger *logging.ColoredLogger) *gateway.Config { ListenAddr string `yaml:"listen_addr"` ClientNamespace string `yaml:"client_namespace"` RQLiteDSN string `yaml:"rqlite_dsn"` + GlobalRQLiteDSN string `yaml:"global_rqlite_dsn"` Peers []string `yaml:"bootstrap_peers"` EnableHTTPS bool `yaml:"enable_https"` DomainName string `yaml:"domain_name"` @@ -95,7 +96,7 @@ func parseGatewayConfig(logger *logging.ColoredLogger) *gateway.Config { zap.String("path", configPath), zap.Error(err)) fmt.Fprintf(os.Stderr, "\nConfig file not found at %s\n", configPath) - fmt.Fprintf(os.Stderr, "Generate it using: dbn config init --type gateway\n") + fmt.Fprintf(os.Stderr, "Generate it using: orama config init --type gateway\n") os.Exit(1) } @@ -113,6 +114,7 @@ func parseGatewayConfig(logger *logging.ColoredLogger) *gateway.Config { ClientNamespace: "default", BootstrapPeers: nil, RQLiteDSN: "", + GlobalRQLiteDSN: "", EnableHTTPS: false, DomainName: "", TLSCacheDir: "", @@ -133,6 +135,9 @@ func parseGatewayConfig(logger *logging.ColoredLogger) *gateway.Config { if v := strings.TrimSpace(y.RQLiteDSN); v != "" { cfg.RQLiteDSN = v } + if v := strings.TrimSpace(y.GlobalRQLiteDSN); v != "" { + cfg.GlobalRQLiteDSN = v + } if len(y.Peers) > 0 { var peers []string for _, p := range y.Peers { diff --git a/cmd/rqlite-mcp/main.go b/cmd/rqlite-mcp/main.go index acf5348..5a8690e 100644 --- a/cmd/rqlite-mcp/main.go +++ b/cmd/rqlite-mcp/main.go @@ -60,6 +60,12 @@ type MCPServer struct { } func NewMCPServer(rqliteURL string) (*MCPServer, error) { + // Disable gorqlite cluster discovery to avoid /nodes timeouts from unreachable peers + if strings.Contains(rqliteURL, "?") { + rqliteURL += "&disableClusterDiscovery=true" + } else { + rqliteURL += "?disableClusterDiscovery=true" + } conn, err := gorqlite.Open(rqliteURL) if err != nil { return nil, err diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md index a2a7861..d690af1 100644 --- a/docs/ARCHITECTURE.md +++ b/docs/ARCHITECTURE.md @@ -52,6 +52,13 @@ The system follows a clean, layered architecture with clear separation of concer │ │ │ │ │ Port 9094 │ │ In-Process │ └─────────────────┘ └──────────────┘ + + ┌─────────────────┐ + │ Anyone │ + │ (Anonymity) │ + │ │ + │ Port 9050 │ + └─────────────────┘ ``` ## Core Components @@ -226,7 +233,38 @@ pkg/config/ └── gateway.go ``` -### 6. Shared Utilities +### 6. Anyone Integration (`pkg/anyoneproxy/`) + +Integration with the Anyone Protocol for anonymous routing. + +**Modes:** + +| Mode | Purpose | Port | Rewards | +|------|---------|------|---------| +| Client | Route traffic anonymously | 9050 (SOCKS5) | No | +| Relay | Provide bandwidth to network | 9001 (ORPort) + 9050 | Yes ($ANYONE) | + +**Key Files:** +- `pkg/anyoneproxy/socks.go` - SOCKS5 proxy client interface +- `pkg/gateway/anon_proxy_handler.go` - Anonymous proxy API endpoint +- `pkg/environments/production/installers/anyone_relay.go` - Relay installation + +**Features:** +- Smart routing (bypasses proxy for local/private addresses) +- Automatic detection of existing Anyone installations +- Migration support for existing relay operators +- Exit relay mode with legal warnings + +**API Endpoint:** +- `POST /v1/proxy/anon` - Route HTTP requests through Anyone network + +**Relay Requirements:** +- Linux OS (Debian/Ubuntu) +- 100 $ANYONE tokens in wallet +- ORPort accessible from internet +- Registration at dashboard.anyone.io + +### 7. Shared Utilities **HTTP Utilities (`pkg/httputil/`):** - Request parsing and validation @@ -315,12 +353,22 @@ Function Invocation: - Refresh token support - Claims-based authorization +### Network Security (WireGuard Mesh) + +All inter-node communication is encrypted via a WireGuard VPN mesh: + +- **WireGuard IPs:** Each node gets a private IP (10.0.0.x) used for all cluster traffic +- **UFW Firewall:** Only public ports are exposed: 22 (SSH), 53 (DNS, nameservers only), 80/443 (HTTP/HTTPS), 51820 (WireGuard UDP) +- **Internal services** (RQLite 5001/7001, IPFS 4001/4501, Olric 3320/3322, Gateway 6001) are only accessible via WireGuard or localhost +- **Invite tokens:** Single-use, time-limited tokens for secure node joining. No shared secrets on the CLI +- **Join flow:** New nodes authenticate via HTTPS (443), establish WireGuard tunnel, then join all services over the encrypted mesh + ### TLS/HTTPS -- Automatic ACME (Let's Encrypt) certificate management +- Automatic ACME (Let's Encrypt) certificate management via Caddy - TLS 1.3 support - HTTP/2 enabled -- Certificate caching +- On-demand TLS for deployment custom domains ### Middleware Stack @@ -403,17 +451,26 @@ make test-e2e # Run E2E tests ### Production ```bash -# First node (creates cluster) -sudo orama install --vps-ip --domain node1.example.com +# First node (genesis — creates cluster) +# Nameserver nodes use the base domain as --domain +sudo orama install --vps-ip --domain example.com --base-domain example.com --nameserver -# Additional nodes (join cluster) -sudo orama install --vps-ip --domain node2.example.com \ - --peers /dns4/node1.example.com/tcp/4001/p2p/ \ - --join :7002 \ - --cluster-secret \ - --swarm-key +# On the genesis node, generate an invite for a new node +orama invite +# Outputs: sudo orama install --join https://example.com --token --vps-ip + +# Additional nameserver nodes (join via invite token over HTTPS) +sudo orama install --join https://example.com --token \ + --vps-ip --domain example.com --base-domain example.com --nameserver ``` +**Security:** Nodes join via single-use invite tokens over HTTPS. A WireGuard VPN tunnel +is established before any cluster services start. All inter-node traffic (RQLite, IPFS, +Olric, LibP2P) flows over the encrypted WireGuard mesh — no cluster ports are exposed +publicly. **Never use `http://:6001`** for joining — port 6001 is internal-only and +blocked by UFW. Use the domain (`https://node1.example.com`) or, if DNS is not yet +configured, use the IP over HTTP port 80 (`http://`) which goes through Caddy. + ### Docker (Future) Planned containerization with Docker Compose and Kubernetes support. diff --git a/docs/CLEAN_NODE.md b/docs/CLEAN_NODE.md new file mode 100644 index 0000000..3cdffe1 --- /dev/null +++ b/docs/CLEAN_NODE.md @@ -0,0 +1,142 @@ +# Clean Node — Full Reset Guide + +How to completely remove all Orama Network state from a VPS so it can be reinstalled fresh. + +## Quick Clean (Copy-Paste) + +Run this as root or with sudo on the target VPS: + +```bash +# 1. Stop and disable all services +sudo systemctl stop debros-node debros-ipfs debros-ipfs-cluster debros-olric debros-anyone-relay debros-anyone-client coredns caddy 2>/dev/null +sudo systemctl disable debros-node debros-ipfs debros-ipfs-cluster debros-olric debros-anyone-relay debros-anyone-client coredns caddy 2>/dev/null + +# 2. Remove systemd service files +sudo rm -f /etc/systemd/system/debros-*.service +sudo rm -f /etc/systemd/system/coredns.service +sudo rm -f /etc/systemd/system/caddy.service +sudo systemctl daemon-reload + +# 3. Tear down WireGuard +# Must stop the systemd unit first — wg-quick@wg0 is a oneshot with +# RemainAfterExit=yes, so it stays "active (exited)" even after the +# interface is removed. Without "stop", a future "systemctl start" is a no-op. +sudo systemctl stop wg-quick@wg0 2>/dev/null +sudo wg-quick down wg0 2>/dev/null +sudo systemctl disable wg-quick@wg0 2>/dev/null +sudo rm -f /etc/wireguard/wg0.conf + +# 4. Reset UFW firewall +sudo ufw --force reset +sudo ufw allow 22/tcp +sudo ufw --force enable + +# 5. Remove debros user and home directory +sudo userdel -r debros 2>/dev/null +sudo rm -rf /home/debros + +# 6. Remove sudoers files +sudo rm -f /etc/sudoers.d/debros-access +sudo rm -f /etc/sudoers.d/debros-deployments +sudo rm -f /etc/sudoers.d/debros-wireguard + +# 7. Remove CoreDNS config +sudo rm -rf /etc/coredns + +# 8. Remove Caddy config and data +sudo rm -rf /etc/caddy +sudo rm -rf /var/lib/caddy + +# 9. Remove deployment systemd services (dynamic) +sudo rm -f /etc/systemd/system/orama-deploy-*.service +sudo systemctl daemon-reload + +# 10. Clean temp files +sudo rm -f /tmp/orama /tmp/network-source.tar.gz /tmp/network-source.zip +sudo rm -rf /tmp/network-extract /tmp/coredns-build /tmp/caddy-build + +echo "Node cleaned. Ready for fresh install." +``` + +## What This Removes + +| Category | Paths | +|----------|-------| +| **User** | `debros` system user and `/home/debros/` | +| **App data** | `/home/debros/.orama/` (configs, secrets, logs, IPFS, RQLite, Olric) | +| **Source code** | `/home/debros/src/` | +| **Binaries** | `/home/debros/bin/orama-node`, `/home/debros/bin/gateway` | +| **Systemd** | `debros-*.service`, `coredns.service`, `caddy.service`, `orama-deploy-*.service` | +| **WireGuard** | `/etc/wireguard/wg0.conf`, `wg-quick@wg0` systemd unit | +| **Firewall** | All UFW rules (reset to default + SSH only) | +| **Sudoers** | `/etc/sudoers.d/debros-*` | +| **CoreDNS** | `/etc/coredns/Corefile` | +| **Caddy** | `/etc/caddy/Caddyfile`, `/var/lib/caddy/` (TLS certs) | +| **Anyone Relay** | `debros-anyone-relay.service`, `debros-anyone-client.service` | +| **Temp files** | `/tmp/orama`, `/tmp/network-source.*`, build dirs | + +## What This Does NOT Remove + +These are shared system tools that may be used by other software. Remove manually if desired: + +| Binary | Path | Remove Command | +|--------|------|----------------| +| RQLite | `/usr/local/bin/rqlited` | `sudo rm /usr/local/bin/rqlited` | +| IPFS | `/usr/local/bin/ipfs` | `sudo rm /usr/local/bin/ipfs` | +| IPFS Cluster | `/usr/local/bin/ipfs-cluster-service` | `sudo rm /usr/local/bin/ipfs-cluster-service` | +| Olric | `/usr/local/bin/olric-server` | `sudo rm /usr/local/bin/olric-server` | +| CoreDNS | `/usr/local/bin/coredns` | `sudo rm /usr/local/bin/coredns` | +| Caddy | `/usr/bin/caddy` | `sudo rm /usr/bin/caddy` | +| xcaddy | `/usr/local/bin/xcaddy` | `sudo rm /usr/local/bin/xcaddy` | +| Go | `/usr/local/go/` | `sudo rm -rf /usr/local/go` | +| Orama CLI | `/usr/local/bin/orama` | `sudo rm /usr/local/bin/orama` | + +## Nuclear Clean (Remove Everything Including Binaries) + +```bash +# Run quick clean above first, then: +sudo rm -f /usr/local/bin/rqlited +sudo rm -f /usr/local/bin/ipfs +sudo rm -f /usr/local/bin/ipfs-cluster-service +sudo rm -f /usr/local/bin/olric-server +sudo rm -f /usr/local/bin/coredns +sudo rm -f /usr/local/bin/xcaddy +sudo rm -f /usr/bin/caddy +sudo rm -f /usr/local/bin/orama +``` + +## Multi-Node Clean + +To clean all nodes at once from your local machine: + +```bash +# Define your nodes +NODES=( + "ubuntu@141.227.165.168:password1" + "ubuntu@141.227.165.154:password2" + "ubuntu@141.227.156.51:password3" +) + +for entry in "${NODES[@]}"; do + IFS=: read -r userhost pass <<< "$entry" + echo "Cleaning $userhost..." + sshpass -p "$pass" ssh -o StrictHostKeyChecking=no "$userhost" 'bash -s' << 'CLEAN' +sudo systemctl stop debros-node debros-ipfs debros-ipfs-cluster debros-olric debros-anyone-relay debros-anyone-client coredns caddy 2>/dev/null +sudo systemctl disable debros-node debros-ipfs debros-ipfs-cluster debros-olric debros-anyone-relay debros-anyone-client coredns caddy 2>/dev/null +sudo rm -f /etc/systemd/system/debros-*.service /etc/systemd/system/coredns.service /etc/systemd/system/caddy.service /etc/systemd/system/orama-deploy-*.service +sudo systemctl daemon-reload +sudo systemctl stop wg-quick@wg0 2>/dev/null +sudo wg-quick down wg0 2>/dev/null +sudo systemctl disable wg-quick@wg0 2>/dev/null +sudo rm -f /etc/wireguard/wg0.conf +sudo ufw --force reset && sudo ufw allow 22/tcp && sudo ufw --force enable +sudo userdel -r debros 2>/dev/null +sudo rm -rf /home/debros +sudo rm -f /etc/sudoers.d/debros-access /etc/sudoers.d/debros-deployments /etc/sudoers.d/debros-wireguard +sudo rm -rf /etc/coredns /etc/caddy /var/lib/caddy +sudo rm -f /tmp/orama /tmp/network-source.tar.gz +sudo rm -rf /tmp/network-extract /tmp/coredns-build /tmp/caddy-build +echo "Done" +CLEAN +done +``` diff --git a/docs/DEPLOYMENT_GUIDE.md b/docs/DEPLOYMENT_GUIDE.md new file mode 100644 index 0000000..89dc3ac --- /dev/null +++ b/docs/DEPLOYMENT_GUIDE.md @@ -0,0 +1,990 @@ +# Orama Network Deployment Guide + +Complete guide for deploying applications and managing databases on Orama Network. + +## Table of Contents + +- [Overview](#overview) +- [Authentication](#authentication) +- [Deploying Static Sites (React, Vue, etc.)](#deploying-static-sites) +- [Deploying Next.js Applications](#deploying-nextjs-applications) +- [Deploying Go Backends](#deploying-go-backends) +- [Deploying Node.js Backends](#deploying-nodejs-backends) +- [Managing SQLite Databases](#managing-sqlite-databases) +- [How Domains Work](#how-domains-work) +- [Full-Stack Application Example](#full-stack-application-example) +- [Managing Deployments](#managing-deployments) +- [Troubleshooting](#troubleshooting) + +--- + +## Overview + +Orama Network provides a decentralized platform for deploying web applications and managing databases. Each deployment: + +- **Gets a unique domain** automatically (e.g., `myapp.orama.network`) +- **Isolated per namespace** - your data and apps are completely separate from others +- **Served from IPFS** (static) or **runs as a process** (dynamic apps) +- **Fully managed** - automatic health checks, restarts, and logging + +### Supported Deployment Types + +| Type | Description | Use Case | Domain Example | +|------|-------------|----------|----------------| +| **Static** | HTML/CSS/JS files served from IPFS | React, Vue, Angular, plain HTML | `myapp.orama.network` | +| **Next.js** | Next.js with SSR support | Full-stack Next.js apps | `myapp.orama.network` | +| **Go** | Compiled Go binaries | REST APIs, microservices | `api.orama.network` | +| **Node.js** | Node.js applications | Express APIs, TypeScript backends | `backend.orama.network` | + +--- + +## Authentication + +Before deploying, authenticate with your wallet: + +```bash +# Authenticate +orama auth login + +# Check authentication status +orama auth whoami +``` + +Your API key is stored securely and used for all deployment operations. + +--- + +## Deploying Static Sites + +Deploy static sites built with React, Vue, Angular, or any static site generator. + +### React/Vite Example + +```bash +# 1. Build your React app +cd my-react-app +npm run build + +# 2. Deploy the build directory +orama deploy static ./dist --name my-react-app --domain repoanalyzer.ai + +# Output: +# 📦 Creating tarball from ./dist... +# ☁️ Uploading to Orama Network... +# +# ✅ Deployment successful! +# +# Name: my-react-app +# Type: static +# Status: active +# Version: 1 +# Content CID: QmXxxx... +# +# URLs: +# • https://my-react-app.orama.network +``` + +### What Happens Behind the Scenes + +1. **Tarball Creation**: CLI automatically creates a `.tar.gz` from your directory +2. **IPFS Upload**: Files are uploaded to IPFS and pinned across the network +3. **DNS Record**: A DNS record is created pointing `my-react-app.orama.network` to the gateway +4. **Instant Serving**: Your app is immediately accessible via the URL + +### Features + +- ✅ **SPA Routing**: Unknown routes automatically serve `/index.html` (perfect for React Router) +- ✅ **Correct Content-Types**: Automatically detects and serves `.html`, `.css`, `.js`, `.json`, `.png`, etc. +- ✅ **Caching**: `Cache-Control: public, max-age=3600` headers for optimal performance +- ✅ **Zero Downtime Updates**: Use `--update` flag to update without downtime + +### Updating a Deployment + +```bash +# Make changes to your app +# Rebuild +npm run build + +# Update deployment +orama deploy static ./dist --name my-react-app --update + +# Version increments automatically (1 → 2) +``` + +--- + +## Deploying Next.js Applications + +Deploy Next.js apps with full SSR (Server-Side Rendering) support. + +### Prerequisites + +> ⚠️ **IMPORTANT**: Your `next.config.js` MUST have `output: 'standalone'` for SSR deployments. + +```js +// next.config.js +/** @type {import('next').NextConfig} */ +const nextConfig = { + output: 'standalone', // REQUIRED for SSR deployments +} + +module.exports = nextConfig +``` + +This setting makes Next.js create a standalone build in `.next/standalone/` that can run without `node_modules`. + +### Next.js with SSR + +```bash +# 1. Ensure next.config.js has output: 'standalone' + +# 2. Build your Next.js app +cd my-nextjs-app +npm run build + +# 3. Create tarball (must include .next and public directories) +tar -czvf nextjs.tar.gz .next public package.json next.config.js + +# 4. Deploy with SSR enabled +orama deploy nextjs ./nextjs.tar.gz --name my-nextjs --ssr + +# Output: +# 📦 Creating tarball from . +# ☁️ Uploading to Orama Network... +# +# ✅ Deployment successful! +# +# Name: my-nextjs +# Type: nextjs +# Status: active +# Version: 1 +# Port: 10100 +# +# URLs: +# • https://my-nextjs.orama.network +# +# ⚠️ Note: SSR deployment may take a minute to start. Check status with: orama deployments get my-nextjs +``` + +### What Happens Behind the Scenes + +1. **Tarball Upload**: Your `.next` build directory, `package.json`, and `public` are uploaded +2. **Home Node Assignment**: A node is chosen to host your app based on capacity +3. **Port Allocation**: A unique port (10100-19999) is assigned +4. **Systemd Service**: A systemd service is created to run `node server.js` +5. **Health Checks**: Gateway monitors your app every 30 seconds +6. **Reverse Proxy**: Gateway proxies requests from your domain to the local port + +### Static Next.js Export (No SSR) + +If you export Next.js to static HTML: + +```bash +# next.config.js +module.exports = { + output: 'export' +} + +# Build and deploy as static +npm run build +orama deploy static ./out --name my-nextjs-static +``` + +--- + +## Deploying Go Backends + +Deploy compiled Go binaries for high-performance APIs. + +### Prerequisites + +> ⚠️ **IMPORTANT**: Your Go application MUST: +> 1. Be compiled for Linux: `GOOS=linux GOARCH=amd64` +> 2. Listen on the port from `PORT` environment variable +> 3. Implement a `/health` endpoint that returns HTTP 200 when ready + +### Go REST API Example + +```bash +# 1. Build your Go binary for Linux (if on Mac/Windows) +cd my-go-api +GOOS=linux GOARCH=amd64 go build -o app main.go # Name it 'app' for auto-detection + +# 2. Create tarball +tar -czvf api.tar.gz app + +# 3. Deploy the binary +orama deploy go ./api.tar.gz --name my-api + +# Output: +# 📦 Creating tarball from ./api... +# ☁️ Uploading to Orama Network... +# +# ✅ Deployment successful! +# +# Name: my-api +# Type: go +# Status: active +# Version: 1 +# Port: 10101 +# +# URLs: +# • https://my-api.orama.network +``` + +### Example Go API Code + +```go +// main.go +package main + +import ( + "encoding/json" + "log" + "net/http" + "os" +) + +func main() { + port := os.Getenv("PORT") + if port == "" { + port = "8080" + } + + http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) { + json.NewEncoder(w).Encode(map[string]string{"status": "healthy"}) + }) + + http.HandleFunc("/api/users", func(w http.ResponseWriter, r *http.Request) { + users := []map[string]interface{}{ + {"id": 1, "name": "Alice"}, + {"id": 2, "name": "Bob"}, + } + json.NewEncoder(w).Encode(users) + }) + + log.Printf("Starting server on port %s", port) + log.Fatal(http.ListenAndServe(":"+port, nil)) +} +``` + +### Important Notes + +- **Environment Variables**: The `PORT` environment variable is automatically set to your allocated port +- **Health Endpoint**: **REQUIRED** - Must implement `/health` that returns HTTP 200 when ready +- **Binary Requirements**: Must be Linux amd64 (`GOOS=linux GOARCH=amd64`) +- **Binary Naming**: Name your binary `app` for automatic detection, or any ELF executable will work +- **Systemd Managed**: Runs as a systemd service with auto-restart on failure +- **Port Range**: Allocated ports are in the range 10100-19999 + +--- + +## Deploying Node.js Backends + +Deploy Node.js/Express/TypeScript backends. + +### Prerequisites + +> ⚠️ **IMPORTANT**: Your Node.js application MUST: +> 1. Listen on the port from `PORT` environment variable +> 2. Implement a `/health` endpoint that returns HTTP 200 when ready +> 3. Have a valid `package.json` with either: +> - A `start` script (runs via `npm start`), OR +> - A `main` field pointing to entry file (runs via `node {main}`), OR +> - An `index.js` file (default fallback) + +### Express API Example + +```bash +# 1. Build your Node.js app (if using TypeScript) +cd my-node-api +npm run build + +# 2. Create tarball (include package.json, your code, and optionally node_modules) +tar -czvf api.tar.gz dist package.json package-lock.json + +# 3. Deploy +orama deploy nodejs ./api.tar.gz --name my-node-api + +# Output: +# 📦 Creating tarball from ./dist... +# ☁️ Uploading to Orama Network... +# +# ✅ Deployment successful! +# +# Name: my-node-api +# Type: nodejs +# Status: active +# Version: 1 +# Port: 10102 +# +# URLs: +# • https://my-node-api.orama.network +``` + +### Example Node.js API + +```javascript +// server.js +const express = require('express'); +const app = express(); +const port = process.env.PORT || 8080; + +app.get('/health', (req, res) => { + res.json({ status: 'healthy' }); +}); + +app.get('/api/data', (req, res) => { + res.json({ message: 'Hello from Orama Network!' }); +}); + +app.listen(port, () => { + console.log(`Server running on port ${port}`); +}); +``` + +### Important Notes + +- **Environment Variables**: The `PORT` environment variable is automatically set to your allocated port +- **Health Endpoint**: **REQUIRED** - Must implement `/health` that returns HTTP 200 when ready +- **Dependencies**: If `node_modules` is not included, `npm install --production` runs automatically +- **Start Command Detection**: + 1. If `package.json` has `scripts.start` → runs `npm start` + 2. Else if `package.json` has `main` field → runs `node {main}` + 3. Else → runs `node index.js` +- **Systemd Managed**: Runs as a systemd service with auto-restart on failure + +--- + +## Managing SQLite Databases + +Each namespace gets its own isolated SQLite databases. + +### Creating a Database + +```bash +# Create a new database +orama db create my-database + +# Output: +# ✅ Database created: my-database +# Home Node: node-abc123 +# File Path: /home/debros/.orama/data/sqlite/your-namespace/my-database.db +``` + +### Executing Queries + +```bash +# Create a table +orama db query my-database "CREATE TABLE users (id INTEGER PRIMARY KEY, name TEXT, email TEXT)" + +# Insert data +orama db query my-database "INSERT INTO users (name, email) VALUES ('Alice', 'alice@example.com')" + +# Query data +orama db query my-database "SELECT * FROM users" + +# Output: +# 📊 Query Result +# Rows: 1 +# +# id | name | email +# ----------------+-----------------+------------------------- +# 1 | Alice | alice@example.com +``` + +### Listing Databases + +```bash +orama db list + +# Output: +# NAME SIZE HOME NODE CREATED +# my-database 12.3 KB node-abc123 2024-01-22 10:30 +# prod-database 1.2 MB node-abc123 2024-01-20 09:15 +# +# Total: 2 +``` + +### Backing Up to IPFS + +```bash +# Create a backup +orama db backup my-database + +# Output: +# ✅ Backup created +# CID: QmYxxx... +# Size: 12.3 KB + +# List backups +orama db backups my-database + +# Output: +# VERSION CID SIZE DATE +# 1 QmYxxx... 12.3 KB 2024-01-22 10:45 +# 2 QmZxxx... 15.1 KB 2024-01-22 14:20 +``` + +### Database Features + +- ✅ **WAL Mode**: Write-Ahead Logging for better concurrency +- ✅ **Namespace Isolation**: Complete separation between namespaces +- ✅ **Automatic Backups**: Scheduled backups to IPFS every 6 hours +- ✅ **ACID Transactions**: Full SQLite transactional support +- ✅ **Concurrent Reads**: Multiple readers can query simultaneously + +--- + +## How Domains Work + +### Domain Assignment + +When you deploy an application, it automatically gets a domain: + +``` +Format: {deployment-name}.orama.network +Example: my-react-app.orama.network +``` + +### Node-Specific Domains (Optional) + +For direct access to a specific node: + +``` +Format: {deployment-name}.node-{shortID}.orama.network +Example: my-react-app.node-LL1Qvu.orama.network +``` + +The `shortID` is derived from the node's peer ID (characters 9-14 of the full peer ID). +For example: `12D3KooWLL1QvumH...` → `LL1Qvu` + +### DNS Resolution Flow + +1. **Client**: Browser requests `my-react-app.orama.network` +2. **DNS**: CoreDNS server queries RQLite for DNS record +3. **Record**: Returns IP address of a gateway node (round-robin across all nodes) +4. **Gateway**: Receives request with `Host: my-react-app.orama.network` header +5. **Routing**: Domain routing middleware looks up deployment by domain +6. **Cross-Node Proxy**: If deployment is on a different node, request is forwarded +7. **Response**: + - **Static**: Serves content from IPFS + - **Dynamic**: Reverse proxies to the app's local port + +### Cross-Node Routing + +DNS uses round-robin, so requests may hit any node in the cluster. If a deployment is hosted on a different node than the one receiving the request, the gateway automatically proxies the request to the correct home node. + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ Request Flow Example │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ Client │ +│ │ │ +│ ▼ │ +│ DNS (round-robin) ───► Node-2 (141.227.165.154) │ +│ │ │ +│ ▼ │ +│ Check: Is deployment here? │ +│ │ │ +│ No ─────┴───► Cross-node proxy │ +│ │ │ +│ ▼ │ +│ Node-1 (141.227.165.168) │ +│ (Home node for deployment) │ +│ │ │ +│ ▼ │ +│ localhost:10100 │ +│ (Deployment process) │ +│ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +This is **transparent to users** - your app works regardless of which node handles the initial request. + +### Custom Domains (Future Feature) + +Support for custom domains (e.g., `www.myapp.com`) with TXT record verification. + +--- + +## Full-Stack Application Example + +Deploy a complete full-stack application with React frontend, Go backend, and SQLite database. + +### Architecture + +``` +┌─────────────────────────────────────────────┐ +│ React Frontend (Static) │ +│ Domain: myapp.orama.network │ +│ Deployed to IPFS │ +└─────────────────┬───────────────────────────┘ + │ + │ API Calls + ▼ +┌─────────────────────────────────────────────┐ +│ Go Backend (Dynamic) │ +│ Domain: myapp-api.orama.network │ +│ Port: 10100 │ +│ Systemd Service │ +└─────────────────┬───────────────────────────┘ + │ + │ SQL Queries + ▼ +┌─────────────────────────────────────────────┐ +│ SQLite Database │ +│ Name: myapp-db │ +│ File: ~/.orama/data/sqlite/ns/myapp-db.db│ +└─────────────────────────────────────────────┘ +``` + +### Step 1: Create the Database + +```bash +# Create database +orama db create myapp-db + +# Create schema +orama db query myapp-db "CREATE TABLE users ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + name TEXT NOT NULL, + email TEXT UNIQUE NOT NULL, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP +)" + +# Insert test data +orama db query myapp-db "INSERT INTO users (name, email) VALUES ('Alice', 'alice@example.com')" +``` + +### Step 2: Deploy Go Backend + +**Backend Code** (`main.go`): + +```go +package main + +import ( + "database/sql" + "encoding/json" + "log" + "net/http" + "os" + + _ "github.com/mattn/go-sqlite3" +) + +type User struct { + ID int `json:"id"` + Name string `json:"name"` + Email string `json:"email"` + CreatedAt string `json:"created_at"` +} + +var db *sql.DB + +func main() { + // DATABASE_NAME env var is automatically set by Orama + dbPath := os.Getenv("DATABASE_PATH") + if dbPath == "" { + dbPath = "/home/debros/.orama/data/sqlite/" + os.Getenv("NAMESPACE") + "/myapp-db.db" + } + + var err error + db, err = sql.Open("sqlite3", dbPath) + if err != nil { + log.Fatal(err) + } + defer db.Close() + + port := os.Getenv("PORT") + if port == "" { + port = "8080" + } + + // CORS middleware + http.HandleFunc("/", corsMiddleware(routes)) + + log.Printf("Starting server on port %s", port) + log.Fatal(http.ListenAndServe(":"+port, nil)) +} + +func routes(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/health": + json.NewEncoder(w).Encode(map[string]string{"status": "healthy"}) + case "/api/users": + if r.Method == "GET" { + getUsers(w, r) + } else if r.Method == "POST" { + createUser(w, r) + } + default: + http.NotFound(w, r) + } +} + +func getUsers(w http.ResponseWriter, r *http.Request) { + rows, err := db.Query("SELECT id, name, email, created_at FROM users ORDER BY id") + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + defer rows.Close() + + var users []User + for rows.Next() { + var u User + rows.Scan(&u.ID, &u.Name, &u.Email, &u.CreatedAt) + users = append(users, u) + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(users) +} + +func createUser(w http.ResponseWriter, r *http.Request) { + var u User + if err := json.NewDecoder(r.Body).Decode(&u); err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + + result, err := db.Exec("INSERT INTO users (name, email) VALUES (?, ?)", u.Name, u.Email) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + id, _ := result.LastInsertId() + u.ID = int(id) + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusCreated) + json.NewEncoder(w).Encode(u) +} + +func corsMiddleware(next http.HandlerFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS") + w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization") + + if r.Method == "OPTIONS" { + w.WriteHeader(http.StatusOK) + return + } + + next(w, r) + } +} +``` + +**Deploy Backend**: + +```bash +# Build for Linux +GOOS=linux GOARCH=amd64 go build -o api main.go + +# Deploy +orama deploy go ./api --name myapp-api +``` + +### Step 3: Deploy React Frontend + +**Frontend Code** (`src/App.jsx`): + +```jsx +import { useEffect, useState } from 'react'; + +function App() { + const [users, setUsers] = useState([]); + const [name, setName] = useState(''); + const [email, setEmail] = useState(''); + + const API_URL = 'https://myapp-api.orama.network'; + + useEffect(() => { + fetchUsers(); + }, []); + + const fetchUsers = async () => { + const response = await fetch(`${API_URL}/api/users`); + const data = await response.json(); + setUsers(data); + }; + + const addUser = async (e) => { + e.preventDefault(); + await fetch(`${API_URL}/api/users`, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ name, email }), + }); + setName(''); + setEmail(''); + fetchUsers(); + }; + + return ( +
+

Orama Network Full-Stack App

+ +

Add User

+
+ setName(e.target.value)} + placeholder="Name" + required + /> + setEmail(e.target.value)} + placeholder="Email" + type="email" + required + /> + +
+ +

Users

+
    + {users.map((user) => ( +
  • + {user.name} - {user.email} +
    • + ))} +
+
+ ); +} + +export default App; +``` + +**Deploy Frontend**: + +```bash +# Build +npm run build + +# Deploy +orama deploy static ./dist --name myapp +``` + +### Step 4: Access Your App + +Open your browser to: +- **Frontend**: `https://myapp.orama.network` +- **Backend API**: `https://myapp-api.orama.network/api/users` + +### Full-Stack Summary + +✅ **Frontend**: React app served from IPFS +✅ **Backend**: Go API running on allocated port +✅ **Database**: SQLite database with ACID transactions +✅ **Domains**: Automatic DNS for both services +✅ **Isolated**: All resources namespaced and secure + +--- + +## Managing Deployments + +### List All Deployments + +```bash +orama deployments list + +# Output: +# NAME TYPE STATUS VERSION CREATED +# my-react-app static active 1 2024-01-22 10:30 +# myapp-api go active 1 2024-01-22 10:45 +# my-nextjs nextjs active 2 2024-01-22 11:00 +# +# Total: 3 +``` + +### Get Deployment Details + +```bash +orama deployments get my-react-app + +# Output: +# Deployment: my-react-app +# +# ID: dep-abc123 +# Type: static +# Status: active +# Version: 1 +# Namespace: your-namespace +# Content CID: QmXxxx... +# Memory Limit: 256 MB +# CPU Limit: 50% +# Restart Policy: always +# +# URLs: +# • https://my-react-app.orama.network +# +# Created: 2024-01-22T10:30:00Z +# Updated: 2024-01-22T10:30:00Z +``` + +### View Logs + +```bash +# View last 100 lines +orama deployments logs my-nextjs + +# Follow logs in real-time +orama deployments logs my-nextjs --follow +``` + +### Rollback to Previous Version + +```bash +# Rollback to version 1 +orama deployments rollback my-nextjs --version 1 + +# Output: +# ⚠️ Rolling back 'my-nextjs' to version 1. Continue? (y/N): y +# +# ✅ Rollback successful! +# +# Deployment: my-nextjs +# Current Version: 1 +# Rolled Back From: 2 +# Rolled Back To: 1 +# Status: active +``` + +### Delete Deployment + +```bash +orama deployments delete my-old-app + +# Output: +# ⚠️ Are you sure you want to delete deployment 'my-old-app'? (y/N): y +# +# ✅ Deployment 'my-old-app' deleted successfully +``` + +--- + +## Troubleshooting + +### Deployment Issues + +**Problem**: Deployment status is "failed" + +```bash +# Check deployment details +orama deployments get my-app + +# View logs for errors +orama deployments logs my-app + +# Common issues: +# - Binary not compiled for Linux (GOOS=linux GOARCH=amd64) +# - Missing dependencies (node_modules not included) +# - Port already in use (shouldn't happen, but check logs) +# - Health check failing (ensure /health endpoint exists) +``` + +**Problem**: Can't access deployment URL + +```bash +# 1. Check deployment status +orama deployments get my-app + +# 2. Verify DNS (may take up to 10 seconds to propagate) +dig my-app.orama.network + +# 3. For local development, add to /etc/hosts +echo "127.0.0.1 my-app.orama.network" | sudo tee -a /etc/hosts + +# 4. Test with Host header +curl -H "Host: my-app.orama.network" http://localhost:6001/ +``` + +### Database Issues + +**Problem**: Database not found + +```bash +# List all databases +orama db list + +# Ensure database name matches exactly (case-sensitive) +# Databases are namespace-isolated +``` + +**Problem**: SQL query fails + +```bash +# Check table exists +orama db query my-db "SELECT name FROM sqlite_master WHERE type='table'" + +# Check syntax +orama db query my-db ".schema users" +``` + +### Authentication Issues + +```bash +# Re-authenticate +orama auth logout +orama auth login + +# Check token validity +orama auth status +``` + +### Need Help? + +- **Documentation**: Check `/docs` directory +- **Logs**: Gateway logs at `~/.orama/logs/gateway.log` +- **Issues**: Report bugs at GitHub repository +- **Community**: Join our Discord/Telegram + +--- + +## Best Practices + +### Security + +1. **Never commit sensitive data**: Use environment variables for secrets +2. **Validate inputs**: Always sanitize user input in your backend +3. **HTTPS only**: All deployments automatically use HTTPS in production +4. **CORS**: Configure CORS appropriately for your API + +### Performance + +1. **Optimize builds**: Minimize bundle sizes (React, Next.js) +2. **Use caching**: Leverage browser caching for static assets +3. **Database indexes**: Add indexes to frequently queried columns +4. **Health checks**: Implement `/health` endpoint for monitoring + +### Deployment Workflow + +1. **Test locally first**: Ensure your app works before deploying +2. **Use version control**: Track changes in Git +3. **Incremental updates**: Use `--update` flag instead of delete + redeploy +4. **Backup databases**: Regular backups via `orama db backup` +5. **Monitor logs**: Check logs after deployment for errors + +--- + +## Next Steps + +- **Explore the API**: See `/docs/GATEWAY_API.md` for HTTP API details +- **Advanced Features**: Custom domains, load balancing, autoscaling (coming soon) +- **Production Deployment**: Install nodes with `orama install` for production clusters +- **Client SDK**: Use the Go/JS SDK for programmatic deployments + +--- + +**Orama Network** - Decentralized Application Platform + +Deploy anywhere. Access everywhere. Own everything. diff --git a/docs/DEVNET_INSTALL.md b/docs/DEVNET_INSTALL.md new file mode 100644 index 0000000..d04baf2 --- /dev/null +++ b/docs/DEVNET_INSTALL.md @@ -0,0 +1,155 @@ +# Devnet Installation Commands + +This document contains example installation commands for a multi-node devnet cluster. + +**Wallet:** `` +**Contact:** `@anon: ` + +## Node Configuration + +| Node | Role | Nameserver | Anyone Relay | +|------|------|------------|--------------| +| ns1 | Genesis | Yes | No | +| ns2 | Nameserver | Yes | Yes (relay-1) | +| ns3 | Nameserver | Yes | Yes (relay-2) | +| node4 | Worker | No | Yes (relay-3) | +| node5 | Worker | No | Yes (relay-4) | +| node6 | Worker | No | No | + +**Note:** Store credentials securely (not in version control). + +## MyFamily Fingerprints + +If running multiple Anyone relays, configure MyFamily with all your relay fingerprints: +``` +,,,... +``` + +## Installation Order + +Install nodes **one at a time**, waiting for each to complete before starting the next: + +1. ns1 (genesis, no Anyone relay) +2. ns2 (nameserver + relay) +3. ns3 (nameserver + relay) +4. node4 (non-nameserver + relay) +5. node5 (non-nameserver + relay) +6. node6 (non-nameserver, no relay) + +## ns1 - Genesis Node (No Anyone Relay) + +```bash +# SSH: @ + +sudo orama install --no-pull --pre-built \ + --vps-ip \ + --domain \ + --base-domain \ + --nameserver +``` + +After ns1 is installed, generate invite tokens: +```bash +orama invite --expiry 24h +``` + +## ns2 - Nameserver + Relay + +```bash +# SSH: @ + +sudo orama install --no-pull --pre-built \ + --join http:// --token \ + --vps-ip \ + --domain \ + --base-domain \ + --nameserver \ + --anyone-relay --anyone-migrate \ + --anyone-nickname \ + --anyone-wallet \ + --anyone-contact "" \ + --anyone-family ",,..." +``` + +## ns3 - Nameserver + Relay + +```bash +# SSH: @ + +sudo orama install --no-pull --pre-built \ + --join http:// --token \ + --vps-ip \ + --domain \ + --base-domain \ + --nameserver \ + --anyone-relay --anyone-migrate \ + --anyone-nickname \ + --anyone-wallet \ + --anyone-contact "" \ + --anyone-family ",,..." +``` + +## node4 - Non-Nameserver + Relay + +```bash +# SSH: @ + +sudo orama install --no-pull --pre-built \ + --join http:// --token \ + --vps-ip \ + --domain node4. \ + --base-domain \ + --skip-checks \ + --anyone-relay --anyone-migrate \ + --anyone-nickname \ + --anyone-wallet \ + --anyone-contact "" \ + --anyone-family ",,..." +``` + +## node5 - Non-Nameserver + Relay + +```bash +# SSH: @ + +sudo orama install --no-pull --pre-built \ + --join http:// --token \ + --vps-ip \ + --domain node5. \ + --base-domain \ + --skip-checks \ + --anyone-relay --anyone-migrate \ + --anyone-nickname \ + --anyone-wallet \ + --anyone-contact "" \ + --anyone-family ",,..." +``` + +## node6 - Non-Nameserver (No Anyone Relay) + +```bash +# SSH: @ + +sudo orama install --no-pull --pre-built \ + --join http:// --token \ + --vps-ip \ + --domain node6. \ + --base-domain \ + --skip-checks +``` + +## Verification + +After all nodes are installed, verify cluster health: + +```bash +# Check RQLite cluster (from any node) +curl -s http://localhost:5001/status | jq -r '.store.raft.state, .store.raft.num_peers' +# Should show: Leader (on one node) and N-1 peers + +# Check gateway health +curl -s http://localhost:6001/health + +# Check Anyone relay (on nodes with relays) +systemctl status debros-anyone-relay +``` diff --git a/docs/DEV_DEPLOY.md b/docs/DEV_DEPLOY.md new file mode 100644 index 0000000..780efb2 --- /dev/null +++ b/docs/DEV_DEPLOY.md @@ -0,0 +1,437 @@ +# Development Guide + +## Prerequisites + +- Go 1.21+ +- Node.js 18+ (for anyone-client in dev mode) +- macOS or Linux + +## Building + +```bash +# Build all binaries +make build + +# Outputs: +# bin/orama-node — the node binary +# bin/orama — the CLI +# bin/gateway — standalone gateway (optional) +# bin/identity — identity tool +# bin/rqlite-mcp — RQLite MCP server +``` + +## Running Tests + +```bash +make test +``` + +## Running Locally (macOS) + +The node runs in "direct mode" on macOS — processes are managed directly instead of via systemd. + +```bash +# Start a single node +make run-node + +# Start multiple nodes for cluster testing +make run-node2 +make run-node3 +``` + +## Deploying to VPS + +There are two deployment workflows: **development** (fast iteration, no git required) and **production** (via git). + +### Development Deployment (Fast Iteration) + +Use this when iterating quickly — no need to commit or push to git. + +```bash +# 1. Build the CLI for Linux +GOOS=linux GOARCH=amd64 go build -o orama-cli-linux ./cmd/cli + +# 2. Generate a source archive (excludes .git, node_modules, bin/, etc.) +./scripts/generate-source-archive.sh +# Creates: /tmp/network-source.tar.gz + +# 3. Copy CLI and source to the VPS +sshpass -p '' scp -o StrictHostKeyChecking=no orama-cli-linux ubuntu@:/tmp/orama +sshpass -p '' scp -o StrictHostKeyChecking=no /tmp/network-source.tar.gz ubuntu@:/tmp/ + +# 4. On the VPS: extract source and install the CLI +ssh ubuntu@ +sudo rm -rf /home/debros/src && sudo mkdir -p /home/debros/src +sudo tar xzf /tmp/network-source.tar.gz -C /home/debros/src +sudo chown -R debros:debros /home/debros/src +sudo mv /tmp/orama /usr/local/bin/orama && sudo chmod +x /usr/local/bin/orama + +# 5. Upgrade using local source (skips git pull) +sudo orama upgrade --no-pull --restart +``` + +### Development Deployment with Pre-Built Binaries (Fastest) + +Cross-compile everything locally and skip all Go compilation on the VPS. This is significantly faster because your local machine compiles much faster than the VPS. + +```bash +# 1. Cross-compile all binaries for Linux (DeBros + Olric + CoreDNS + Caddy) +make build-linux-all +# Outputs everything to bin-linux/ + +# 2. Generate a single deploy archive (source + pre-built binaries) +./scripts/generate-source-archive.sh +# Creates: /tmp/network-source.tar.gz (includes bin-linux/ if present) + +# 3. Copy the single archive to the VPS +sshpass -p '' scp -o StrictHostKeyChecking=no /tmp/network-source.tar.gz ubuntu@:/tmp/ + +# 4. Extract and install everything on the VPS +sshpass -p '' ssh -o StrictHostKeyChecking=no ubuntu@ \ + 'sudo bash -s' < scripts/extract-deploy.sh + +# 5. Install/upgrade with --pre-built (skips ALL Go compilation on VPS) +sudo orama install --no-pull --pre-built --vps-ip ... +# or +sudo orama upgrade --no-pull --pre-built --restart +``` + +**What `--pre-built` skips:** Go installation, `make build`, Olric `go install`, CoreDNS build, Caddy/xcaddy build. + +**What `--pre-built` still runs:** apt dependencies, RQLite/IPFS/IPFS Cluster downloads (pre-built binary downloads, fast), Anyone relay setup, config generation, systemd service creation. + +### Production Deployment (Via Git) + +For production releases — pulls source from GitHub on the VPS. + +```bash +# 1. Commit and push your changes +git push origin + +# 2. Build the CLI for Linux +GOOS=linux GOARCH=amd64 go build -o orama-cli-linux ./cmd/cli + +# 3. Deploy the CLI to the VPS +sshpass -p '' scp orama-cli-linux ubuntu@:/tmp/orama +ssh ubuntu@ "sudo mv /tmp/orama /usr/local/bin/orama && sudo chmod +x /usr/local/bin/orama" + +# 4. Run upgrade (downloads source from GitHub) +ssh ubuntu@ "sudo orama upgrade --branch --restart" +``` + +### Upgrading a Multi-Node Cluster (CRITICAL) + +**NEVER restart all nodes simultaneously.** RQLite uses Raft consensus and requires a majority (quorum) to function. Restarting all nodes at once can cause cluster splits where nodes elect different leaders or form isolated clusters. + +#### Safe Upgrade Procedure (Rolling Restart) + +Always upgrade nodes **one at a time**, waiting for each to rejoin before proceeding: + +```bash +# 1. Build locally +make build-linux-all +./scripts/generate-source-archive.sh +# Creates: /tmp/network-source.tar.gz (includes bin-linux/) + +# 2. Upload to ONE node first (the "hub" node) +sshpass -p '' scp /tmp/network-source.tar.gz ubuntu@:/tmp/ + +# 3. Fan out from hub to all other nodes (server-to-server is faster) +ssh ubuntu@ +for ip in ; do + scp /tmp/network-source.tar.gz ubuntu@$ip:/tmp/ +done +exit + +# 4. Extract on ALL nodes (can be done in parallel, no restart yet) +for ip in ; do + ssh ubuntu@$ip 'sudo bash -s' < scripts/extract-deploy.sh +done + +# 5. Find the RQLite leader (upgrade this one LAST) +ssh ubuntu@ 'curl -s http://localhost:5001/status | jq -r .store.raft.state' + +# 6. Upgrade FOLLOWER nodes one at a time +# First stop services, then upgrade, which restarts them +ssh ubuntu@ 'sudo orama prod stop && sudo orama upgrade --no-pull --pre-built --restart' + +# Wait for rejoin before proceeding to next node +ssh ubuntu@ 'curl -s http://localhost:5001/status | jq -r .store.raft.num_peers' +# Should show expected number of peers (N-1) + +# Repeat for each follower... + +# 7. Upgrade the LEADER node last +ssh ubuntu@ 'sudo orama prod stop && sudo orama upgrade --no-pull --pre-built --restart' +``` + +#### What NOT to Do + +- **DON'T** stop all nodes, replace binaries, then start all nodes +- **DON'T** run `orama upgrade --restart` on multiple nodes in parallel +- **DON'T** clear RQLite data directories unless doing a full cluster rebuild +- **DON'T** use `systemctl stop debros-node` on multiple nodes simultaneously + +#### Recovery from Cluster Split + +If nodes get stuck in "Candidate" state or show "leader not found" errors: + +1. Identify which node has the most recent data (usually the old leader) +2. Keep that node running as the new leader +3. On each other node, clear RQLite data and restart: + ```bash + sudo orama prod stop + sudo rm -rf /home/debros/.orama/data/rqlite + sudo systemctl start debros-node + ``` +4. The node should automatically rejoin using its configured `rqlite_join_address` + +If automatic rejoin fails, the node may have started without the `-join` flag. Check: +```bash +ps aux | grep rqlited +# Should include: -join 10.0.0.1:7001 (or similar) +``` + +If `-join` is missing, the node bootstrapped standalone. You'll need to either: +- Restart debros-node (it should detect empty data and use join) +- Or do a full cluster rebuild from CLEAN_NODE.md + +### Deploying to Multiple Nodes + +To deploy to all nodes, repeat steps 3-5 (dev) or 3-4 (production) for each VPS IP. + +**Important:** When using `--restart`, do nodes one at a time (see "Upgrading a Multi-Node Cluster" above). + +### CLI Flags Reference + +#### `orama install` + +| Flag | Description | +|------|-------------| +| `--vps-ip ` | VPS public IP address (required) | +| `--domain ` | Domain for HTTPS certificates. Nameserver nodes use the base domain (e.g., `example.com`); non-nameserver nodes use a subdomain (e.g., `node-4.example.com`) | +| `--base-domain ` | Base domain for deployment routing (e.g., example.com) | +| `--nameserver` | Configure this node as a nameserver (CoreDNS + Caddy) | +| `--join ` | Join existing cluster via HTTPS URL (e.g., `https://node1.example.com`) | +| `--token ` | Invite token for joining (from `orama invite` on existing node) | +| `--branch ` | Git branch to use (default: main) | +| `--no-pull` | Skip git clone/pull, use existing `/home/debros/src` | +| `--pre-built` | Skip all Go compilation, use pre-built binaries already on disk (see above) | +| `--force` | Force reconfiguration even if already installed | +| `--skip-firewall` | Skip UFW firewall setup | +| `--skip-checks` | Skip minimum resource checks (RAM/CPU) | +| `--anyone-relay` | Install and configure an Anyone relay on this node | +| `--anyone-migrate` | Migrate existing Anyone relay installation (preserves keys/fingerprint) | +| `--anyone-nickname ` | Relay nickname (required for relay mode) | +| `--anyone-wallet ` | Ethereum wallet for relay rewards (required for relay mode) | +| `--anyone-contact ` | Contact info for relay (required for relay mode) | +| `--anyone-family ` | Comma-separated fingerprints of related relays (MyFamily) | +| `--anyone-orport ` | ORPort for relay (default: 9001) | +| `--anyone-exit` | Configure as an exit relay (default: non-exit) | + +#### `orama invite` + +| Flag | Description | +|------|-------------| +| `--expiry ` | Token expiry duration (default: 1h, e.g. `--expiry 24h`) | + +**Important notes about invite tokens:** + +- **Tokens are single-use.** Once a node consumes a token during the join handshake, it cannot be reused. Generate a separate token for each node you want to join. +- **Expiry is checked in UTC.** RQLite uses `datetime('now')` which is always UTC. If your local timezone differs, account for the offset when choosing expiry durations. +- **Use longer expiry for multi-node deployments.** When deploying multiple nodes, use `--expiry 24h` to avoid tokens expiring mid-deployment. + +#### `orama upgrade` + +| Flag | Description | +|------|-------------| +| `--branch ` | Git branch to pull from | +| `--no-pull` | Skip git pull, use existing source | +| `--pre-built` | Skip all Go compilation, use pre-built binaries already on disk | +| `--restart` | Restart all services after upgrade | + +#### `orama prod` (Service Management) + +Use these commands to manage services on production nodes: + +```bash +# Stop all services (debros-node, coredns, caddy) +sudo orama prod stop + +# Start all services +sudo orama prod start + +# Restart all services +sudo orama prod restart + +# Check service status +sudo orama prod status +``` + +**Note:** Always use `orama prod stop` instead of manually running `systemctl stop`. The CLI ensures all related services (including CoreDNS and Caddy on nameserver nodes) are handled correctly. + +### Node Join Flow + +```bash +# 1. Genesis node (first node, creates cluster) +# Nameserver nodes use the base domain as --domain +sudo orama install --vps-ip 1.2.3.4 --domain example.com \ + --base-domain example.com --nameserver + +# 2. On genesis node, generate an invite +orama invite +# Output: sudo orama install --join https://example.com --token --vps-ip + +# 3. On the new node, run the printed command +# Nameserver nodes use the base domain; non-nameserver nodes use subdomains (e.g., node-4.example.com) +sudo orama install --join https://example.com --token abc123... \ + --vps-ip 5.6.7.8 --domain example.com --base-domain example.com --nameserver +``` + +The join flow establishes a WireGuard VPN tunnel before starting cluster services. +All inter-node communication (RQLite, IPFS, Olric) uses WireGuard IPs (10.0.0.x). +No cluster ports are ever exposed publicly. + +#### DNS Prerequisite + +The `--join` URL should use the HTTPS domain of the genesis node (e.g., `https://node1.example.com`). +For this to work, the domain registrar for `example.com` must have NS records pointing to the genesis +node's IP so that `node1.example.com` resolves publicly. + +**If DNS is not yet configured**, you can use the genesis node's public IP with HTTP as a fallback: + +```bash +sudo orama install --join http://1.2.3.4 --vps-ip 5.6.7.8 --token abc123... --nameserver +``` + +This works because Caddy's `:80` block proxies all HTTP traffic to the gateway. However, once DNS +is properly configured, always use the HTTPS domain URL. + +**Important:** Never use `http://:6001` — port 6001 is the internal gateway and is blocked by +UFW from external access. The join request goes through Caddy on port 80 (HTTP) or 443 (HTTPS), +which proxies to the gateway internally. + +## Pre-Install Checklist + +Before running `orama install` on a VPS, ensure: + +1. **Stop Docker if running.** Docker commonly binds ports 4001 and 8080 which conflict with IPFS. The installer checks for port conflicts and shows which process is using each port, but it's easier to stop Docker first: + ```bash + sudo systemctl stop docker docker.socket + sudo systemctl disable docker docker.socket + ``` + +2. **Stop any existing IPFS instance.** + ```bash + sudo systemctl stop ipfs + ``` + +3. **Ensure `make` is installed.** Required for building CoreDNS and Caddy from source: + ```bash + sudo apt-get install -y make + ``` + +4. **Stop any service on port 53** (for nameserver nodes). The installer handles `systemd-resolved` automatically, but other DNS services (like `bind9` or `dnsmasq`) must be stopped manually. + +## Recovering from Failed Joins + +If a node partially joins the cluster (registers in RQLite's Raft but then fails or gets cleaned), the remaining cluster can lose quorum permanently. This happens because RQLite thinks there are N voters but only N-1 are reachable. + +**Symptoms:** RQLite stuck in "Candidate" state, no leader elected, all writes fail. + +**Solution:** Do a full clean reinstall of all affected nodes. Use [CLEAN_NODE.md](CLEAN_NODE.md) to reset each node, then reinstall starting from the genesis node. + +**Prevention:** Always ensure a joining node can complete the full installation before it joins. The installer validates port availability upfront to catch conflicts early. + +## Debugging Production Issues + +Always follow the local-first approach: + +1. **Reproduce locally** — set up the same conditions on your machine +2. **Find the root cause** — understand why it's happening +3. **Fix in the codebase** — make changes to the source code +4. **Test locally** — run `make test` and verify +5. **Deploy** — only then deploy the fix to production + +Never fix issues directly on the server — those fixes are lost on next deployment. + +## Trusting the Self-Signed TLS Certificate + +When Let's Encrypt is rate-limited, Caddy falls back to its internal CA (self-signed certificates). Browsers will show security warnings unless you install the root CA certificate. + +### Downloading the Root CA Certificate + +From VPS 1 (or any node), copy the certificate: + +```bash +# Copy the cert to an accessible location on the VPS +ssh ubuntu@ "sudo cp /var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt /tmp/caddy-root-ca.crt && sudo chmod 644 /tmp/caddy-root-ca.crt" + +# Download to your local machine +scp ubuntu@:/tmp/caddy-root-ca.crt ~/Downloads/caddy-root-ca.crt +``` + +### macOS + +```bash +sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Downloads/caddy-root-ca.crt +``` + +This adds the cert system-wide. All browsers (Safari, Chrome, Arc, etc.) will trust it immediately. Firefox uses its own certificate store — go to **Settings > Privacy & Security > Certificates > View Certificates > Import** and import the `.crt` file there. + +To remove it later: +```bash +sudo security remove-trusted-cert -d ~/Downloads/caddy-root-ca.crt +``` + +### iOS (iPhone/iPad) + +1. Transfer `caddy-root-ca.crt` to your device (AirDrop, email attachment, or host it on a URL) +2. Open the file — iOS will show "Profile Downloaded" +3. Go to **Settings > General > VPN & Device Management** (or "Profiles" on older iOS) +4. Tap the "Caddy Local Authority" profile and tap **Install** +5. Go to **Settings > General > About > Certificate Trust Settings** +6. Enable **full trust** for "Caddy Local Authority - 2026 ECC Root" + +### Android + +1. Transfer `caddy-root-ca.crt` to your device +2. Go to **Settings > Security > Encryption & Credentials > Install a certificate > CA certificate** +3. Select the `caddy-root-ca.crt` file +4. Confirm the installation + +Note: On Android 7+, user-installed CA certificates are only trusted by apps that explicitly opt in. Chrome will trust it, but some apps may not. + +### Windows + +```powershell +certutil -addstore -f "ROOT" caddy-root-ca.crt +``` + +Or double-click the `.crt` file > **Install Certificate** > **Local Machine** > **Place in "Trusted Root Certification Authorities"**. + +### Linux + +```bash +sudo cp caddy-root-ca.crt /usr/local/share/ca-certificates/caddy-root-ca.crt +sudo update-ca-certificates +``` + +## Project Structure + +See [ARCHITECTURE.md](ARCHITECTURE.md) for the full architecture overview. + +Key directories: + +``` +cmd/ + cli/ — CLI entry point (orama command) + node/ — Node entry point (orama-node) + gateway/ — Standalone gateway entry point +pkg/ + cli/ — CLI command implementations + gateway/ — HTTP gateway, routes, middleware + deployments/ — Deployment types, service, storage + environments/ — Production (systemd) and development (direct) modes + rqlite/ — Distributed SQLite via RQLite +``` diff --git a/docs/GATEWAY_API.md b/docs/GATEWAY_API.md deleted file mode 100644 index 54f6bc7..0000000 --- a/docs/GATEWAY_API.md +++ /dev/null @@ -1,734 +0,0 @@ -# Gateway API Documentation - -## Overview - -The Orama Network Gateway provides a unified HTTP/HTTPS API for all network services. It handles authentication, routing, and service coordination. - -**Base URL:** `https://api.orama.network` (production) or `http://localhost:6001` (development) - -## Authentication - -All API requests (except `/health` and `/v1/auth/*`) require authentication. - -### Authentication Methods - -1. **API Key** (Recommended for server-to-server) -2. **JWT Token** (Recommended for user sessions) -3. **Wallet Signature** (For blockchain integration) - -### Using API Keys - -Include your API key in the `Authorization` header: - -```bash -curl -H "Authorization: Bearer your-api-key-here" \ - https://api.orama.network/v1/status -``` - -Or in the `X-API-Key` header: - -```bash -curl -H "X-API-Key: your-api-key-here" \ - https://api.orama.network/v1/status -``` - -### Using JWT Tokens - -```bash -curl -H "Authorization: Bearer your-jwt-token-here" \ - https://api.orama.network/v1/status -``` - -## Base Endpoints - -### Health Check - -```http -GET /health -``` - -**Response:** -```json -{ - "status": "ok", - "timestamp": "2024-01-20T10:30:00Z" -} -``` - -### Status - -```http -GET /v1/status -``` - -**Response:** -```json -{ - "version": "0.80.0", - "uptime": "24h30m15s", - "services": { - "rqlite": "healthy", - "ipfs": "healthy", - "olric": "healthy" - } -} -``` - -### Version - -```http -GET /v1/version -``` - -**Response:** -```json -{ - "version": "0.80.0", - "commit": "abc123...", - "built": "2024-01-20T00:00:00Z" -} -``` - -## Authentication API - -### Get Challenge (Wallet Auth) - -Generate a nonce for wallet signature. - -```http -POST /v1/auth/challenge -Content-Type: application/json - -{ - "wallet": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb", - "purpose": "login", - "namespace": "default" -} -``` - -**Response:** -```json -{ - "wallet": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb", - "namespace": "default", - "nonce": "a1b2c3d4e5f6...", - "purpose": "login", - "expires_at": "2024-01-20T10:35:00Z" -} -``` - -### Verify Signature - -Verify wallet signature and issue JWT + API key. - -```http -POST /v1/auth/verify -Content-Type: application/json - -{ - "wallet": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb", - "signature": "0x...", - "nonce": "a1b2c3d4e5f6...", - "namespace": "default" -} -``` - -**Response:** -```json -{ - "jwt_token": "eyJhbGciOiJIUzI1NiIs...", - "refresh_token": "refresh_abc123...", - "api_key": "api_xyz789...", - "expires_in": 900, - "namespace": "default" -} -``` - -### Refresh Token - -Refresh an expired JWT token. - -```http -POST /v1/auth/refresh -Content-Type: application/json - -{ - "refresh_token": "refresh_abc123..." -} -``` - -**Response:** -```json -{ - "jwt_token": "eyJhbGciOiJIUzI1NiIs...", - "expires_in": 900 -} -``` - -### Logout - -Revoke refresh tokens. - -```http -POST /v1/auth/logout -Authorization: Bearer your-jwt-token - -{ - "all": false -} -``` - -**Response:** -```json -{ - "message": "logged out successfully" -} -``` - -### Whoami - -Get current authentication info. - -```http -GET /v1/auth/whoami -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "authenticated": true, - "method": "api_key", - "api_key": "api_xyz789...", - "namespace": "default" -} -``` - -## Storage API (IPFS) - -### Upload File - -```http -POST /v1/storage/upload -Authorization: Bearer your-api-key -Content-Type: multipart/form-data - -file: -``` - -Or with JSON: - -```http -POST /v1/storage/upload -Authorization: Bearer your-api-key -Content-Type: application/json - -{ - "data": "base64-encoded-data", - "filename": "document.pdf", - "pin": true, - "encrypt": false -} -``` - -**Response:** -```json -{ - "cid": "QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG", - "size": 1024, - "filename": "document.pdf" -} -``` - -### Get File - -```http -GET /v1/storage/get/:cid -Authorization: Bearer your-api-key -``` - -**Response:** Binary file data or JSON (if `Accept: application/json`) - -### Pin File - -```http -POST /v1/storage/pin -Authorization: Bearer your-api-key -Content-Type: application/json - -{ - "cid": "QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG", - "replication_factor": 3 -} -``` - -**Response:** -```json -{ - "cid": "QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG", - "status": "pinned" -} -``` - -### Unpin File - -```http -DELETE /v1/storage/unpin/:cid -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "message": "unpinned successfully" -} -``` - -### Get Pin Status - -```http -GET /v1/storage/status/:cid -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "cid": "QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG", - "status": "pinned", - "replicas": 3, - "peers": ["12D3KooW...", "12D3KooW..."] -} -``` - -## Cache API (Olric) - -### Set Value - -```http -PUT /v1/cache/put -Authorization: Bearer your-api-key -Content-Type: application/json - -{ - "key": "user:123", - "value": {"name": "Alice", "email": "alice@example.com"}, - "ttl": 300 -} -``` - -**Response:** -```json -{ - "message": "value set successfully" -} -``` - -### Get Value - -```http -GET /v1/cache/get?key=user:123 -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "key": "user:123", - "value": {"name": "Alice", "email": "alice@example.com"} -} -``` - -### Get Multiple Values - -```http -POST /v1/cache/mget -Authorization: Bearer your-api-key -Content-Type: application/json - -{ - "keys": ["user:1", "user:2", "user:3"] -} -``` - -**Response:** -```json -{ - "results": { - "user:1": {"name": "Alice"}, - "user:2": {"name": "Bob"}, - "user:3": null - } -} -``` - -### Delete Value - -```http -DELETE /v1/cache/delete?key=user:123 -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "message": "deleted successfully" -} -``` - -### Scan Keys - -```http -GET /v1/cache/scan?pattern=user:*&limit=100 -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "keys": ["user:1", "user:2", "user:3"], - "count": 3 -} -``` - -## Database API (RQLite) - -### Execute SQL - -```http -POST /v1/rqlite/exec -Authorization: Bearer your-api-key -Content-Type: application/json - -{ - "sql": "INSERT INTO users (name, email) VALUES (?, ?)", - "args": ["Alice", "alice@example.com"] -} -``` - -**Response:** -```json -{ - "last_insert_id": 123, - "rows_affected": 1 -} -``` - -### Query SQL - -```http -POST /v1/rqlite/query -Authorization: Bearer your-api-key -Content-Type: application/json - -{ - "sql": "SELECT * FROM users WHERE id = ?", - "args": [123] -} -``` - -**Response:** -```json -{ - "columns": ["id", "name", "email"], - "rows": [ - [123, "Alice", "alice@example.com"] - ] -} -``` - -### Get Schema - -```http -GET /v1/rqlite/schema -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "tables": [ - { - "name": "users", - "schema": "CREATE TABLE users (id INTEGER PRIMARY KEY, name TEXT, email TEXT)" - } - ] -} -``` - -## Pub/Sub API - -### Publish Message - -```http -POST /v1/pubsub/publish -Authorization: Bearer your-api-key -Content-Type: application/json - -{ - "topic": "chat", - "data": "SGVsbG8sIFdvcmxkIQ==", - "namespace": "default" -} -``` - -**Response:** -```json -{ - "message": "published successfully" -} -``` - -### List Topics - -```http -GET /v1/pubsub/topics -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "topics": ["chat", "notifications", "events"] -} -``` - -### Subscribe (WebSocket) - -```http -GET /v1/pubsub/ws?topic=chat -Authorization: Bearer your-api-key -Upgrade: websocket -``` - -**WebSocket Messages:** - -Incoming (from server): -```json -{ - "type": "message", - "topic": "chat", - "data": "SGVsbG8sIFdvcmxkIQ==", - "timestamp": "2024-01-20T10:30:00Z" -} -``` - -Outgoing (to server): -```json -{ - "type": "publish", - "topic": "chat", - "data": "SGVsbG8sIFdvcmxkIQ==" -} -``` - -### Presence - -```http -GET /v1/pubsub/presence?topic=chat -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "topic": "chat", - "members": [ - {"id": "user-123", "joined_at": "2024-01-20T10:00:00Z"}, - {"id": "user-456", "joined_at": "2024-01-20T10:15:00Z"} - ] -} -``` - -## Serverless API (WASM) - -### Deploy Function - -```http -POST /v1/functions -Authorization: Bearer your-api-key -Content-Type: multipart/form-data - -name: hello-world -namespace: default -description: Hello world function -wasm: -memory_limit: 64 -timeout: 30 -``` - -**Response:** -```json -{ - "id": "fn_abc123", - "name": "hello-world", - "namespace": "default", - "wasm_cid": "QmXxx...", - "version": 1, - "created_at": "2024-01-20T10:30:00Z" -} -``` - -### Invoke Function - -```http -POST /v1/functions/hello-world/invoke -Authorization: Bearer your-api-key -Content-Type: application/json - -{ - "name": "Alice" -} -``` - -**Response:** -```json -{ - "result": "Hello, Alice!", - "execution_time_ms": 15, - "memory_used_mb": 2.5 -} -``` - -### List Functions - -```http -GET /v1/functions?namespace=default -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "functions": [ - { - "name": "hello-world", - "description": "Hello world function", - "version": 1, - "created_at": "2024-01-20T10:30:00Z" - } - ] -} -``` - -### Delete Function - -```http -DELETE /v1/functions/hello-world?namespace=default -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "message": "function deleted successfully" -} -``` - -### Get Function Logs - -```http -GET /v1/functions/hello-world/logs?limit=100 -Authorization: Bearer your-api-key -``` - -**Response:** -```json -{ - "logs": [ - { - "timestamp": "2024-01-20T10:30:00Z", - "level": "info", - "message": "Function invoked", - "invocation_id": "inv_xyz789" - } - ] -} -``` - -## Error Responses - -All errors follow a consistent format: - -```json -{ - "code": "NOT_FOUND", - "message": "user with ID '123' not found", - "details": { - "resource": "user", - "id": "123" - }, - "trace_id": "trace-abc123" -} -``` - -### Common Error Codes - -| Code | HTTP Status | Description | -|------|-------------|-------------| -| `VALIDATION_ERROR` | 400 | Invalid input | -| `UNAUTHORIZED` | 401 | Authentication required | -| `FORBIDDEN` | 403 | Permission denied | -| `NOT_FOUND` | 404 | Resource not found | -| `CONFLICT` | 409 | Resource already exists | -| `TIMEOUT` | 408 | Operation timeout | -| `RATE_LIMIT_EXCEEDED` | 429 | Too many requests | -| `SERVICE_UNAVAILABLE` | 503 | Service unavailable | -| `INTERNAL` | 500 | Internal server error | - -## Rate Limiting - -The API implements rate limiting per API key: - -- **Default:** 100 requests per minute -- **Burst:** 200 requests - -Rate limit headers: -``` -X-RateLimit-Limit: 100 -X-RateLimit-Remaining: 95 -X-RateLimit-Reset: 1611144000 -``` - -When rate limited: -```json -{ - "code": "RATE_LIMIT_EXCEEDED", - "message": "rate limit exceeded", - "details": { - "limit": 100, - "retry_after": 60 - } -} -``` - -## Pagination - -List endpoints support pagination: - -```http -GET /v1/functions?limit=10&offset=20 -``` - -Response includes pagination metadata: -```json -{ - "data": [...], - "pagination": { - "total": 100, - "limit": 10, - "offset": 20, - "has_more": true - } -} -``` - -## Webhooks (Future) - -Coming soon: webhook support for event notifications. - -## Support - -- API Issues: https://github.com/DeBrosOfficial/network/issues -- OpenAPI Spec: `openapi/gateway.yaml` -- SDK Documentation: `docs/CLIENT_SDK.md` diff --git a/docs/NAMESERVER_SETUP.md b/docs/NAMESERVER_SETUP.md new file mode 100644 index 0000000..4fc349c --- /dev/null +++ b/docs/NAMESERVER_SETUP.md @@ -0,0 +1,248 @@ +# Nameserver Setup Guide + +This guide explains how to configure your domain registrar to use Orama Network nodes as authoritative nameservers. + +## Overview + +When you install Orama with the `--nameserver` flag, the node runs CoreDNS to serve DNS records for your domain. This enables: + +- Dynamic DNS for deployments (e.g., `myapp.node-abc123.dbrs.space`) +- Wildcard DNS support for all subdomains +- ACME DNS-01 challenges for automatic SSL certificates + +## Prerequisites + +Before setting up nameservers, you need: + +1. **Domain ownership** - A domain you control (e.g., `dbrs.space`) +2. **3+ VPS nodes** - Recommended for redundancy +3. **Static IP addresses** - Each VPS must have a static public IP +4. **Access to registrar DNS settings** - Admin access to your domain registrar + +## Understanding DNS Records + +### NS Records (Nameserver Records) +NS records tell the internet which servers are authoritative for your domain: +``` +dbrs.space. IN NS ns1.dbrs.space. +dbrs.space. IN NS ns2.dbrs.space. +dbrs.space. IN NS ns3.dbrs.space. +``` + +### Glue Records +Glue records are A records that provide IP addresses for nameservers that are under the same domain. They're required because: +- `ns1.dbrs.space` is under `dbrs.space` +- To resolve `ns1.dbrs.space`, you need to query `dbrs.space` nameservers +- But those nameservers ARE `ns1.dbrs.space` - circular dependency! +- Glue records break this cycle by providing IPs at the registry level + +``` +ns1.dbrs.space. IN A 141.227.165.168 +ns2.dbrs.space. IN A 141.227.165.154 +ns3.dbrs.space. IN A 141.227.156.51 +``` + +## Installation + +### Step 1: Install Orama on Each VPS + +Install Orama with the `--nameserver` flag on each VPS that will serve as a nameserver: + +```bash +# On VPS 1 (ns1) +sudo orama install \ + --nameserver \ + --domain dbrs.space \ + --vps-ip 141.227.165.168 + +# On VPS 2 (ns2) +sudo orama install \ + --nameserver \ + --domain dbrs.space \ + --vps-ip 141.227.165.154 + +# On VPS 3 (ns3) +sudo orama install \ + --nameserver \ + --domain dbrs.space \ + --vps-ip 141.227.156.51 +``` + +### Step 2: Configure Your Registrar + +#### For Namecheap + +1. **Log into Namecheap Dashboard** + - Go to https://www.namecheap.com + - Navigate to **Domain List** → **Manage** (next to your domain) + +2. **Add Glue Records (Personal DNS Servers)** + - Go to **Advanced DNS** tab + - Scroll down to **Personal DNS Servers** section + - Click **Add Nameserver** + - Add each nameserver with its IP: + | Nameserver | IP Address | + |------------|------------| + | ns1.yourdomain.com | 141.227.165.168 | + | ns2.yourdomain.com | 141.227.165.154 | + | ns3.yourdomain.com | 141.227.156.51 | + +3. **Set Custom Nameservers** + - Go back to the **Domain** tab + - Under **Nameservers**, select **Custom DNS** + - Add your nameserver hostnames: + - ns1.yourdomain.com + - ns2.yourdomain.com + - ns3.yourdomain.com + - Click the green checkmark to save + +4. **Wait for Propagation** + - DNS changes can take 24-48 hours to propagate globally + - Most changes are visible within 1-4 hours + +#### For GoDaddy + +1. Log into GoDaddy account +2. Go to **My Products** → **DNS** for your domain +3. Under **Nameservers**, click **Change** +4. Select **Enter my own nameservers** +5. Add your nameserver hostnames +6. For glue records, go to **DNS Management** → **Host Names** +7. Add A records for ns1, ns2, ns3 + +#### For Cloudflare (as Registrar) + +1. Log into Cloudflare Dashboard +2. Go to **Domain Registration** → your domain +3. Under **Nameservers**, change to custom +4. Note: Cloudflare Registrar may require contacting support for glue records + +#### For Google Domains + +1. Log into Google Domains +2. Select your domain → **DNS** +3. Under **Name servers**, select **Use custom name servers** +4. Add your nameserver hostnames +5. For glue records, click **Add** under **Glue records** + +## Verification + +### Step 1: Verify NS Records + +After propagation, check that NS records are visible: + +```bash +# Check NS records from Google DNS +dig NS yourdomain.com @8.8.8.8 + +# Expected output should show: +# yourdomain.com. IN NS ns1.yourdomain.com. +# yourdomain.com. IN NS ns2.yourdomain.com. +# yourdomain.com. IN NS ns3.yourdomain.com. +``` + +### Step 2: Verify Glue Records + +Check that glue records resolve: + +```bash +# Check glue records +dig A ns1.yourdomain.com @8.8.8.8 +dig A ns2.yourdomain.com @8.8.8.8 +dig A ns3.yourdomain.com @8.8.8.8 + +# Each should return the correct IP address +``` + +### Step 3: Test CoreDNS + +Query your nameservers directly: + +```bash +# Test a query against ns1 +dig @ns1.yourdomain.com test.yourdomain.com + +# Test wildcard resolution +dig @ns1.yourdomain.com myapp.node-abc123.yourdomain.com +``` + +### Step 4: Verify from Multiple Locations + +Use online tools to verify global propagation: +- https://dnschecker.org +- https://www.whatsmydns.net + +## Troubleshooting + +### DNS Not Resolving + +1. **Check CoreDNS is running:** + ```bash + sudo systemctl status coredns + ``` + +2. **Check CoreDNS logs:** + ```bash + sudo journalctl -u coredns -f + ``` + +3. **Verify port 53 is open:** + ```bash + sudo ufw status + # Port 53 (TCP/UDP) should be allowed + ``` + +4. **Test locally:** + ```bash + dig @localhost yourdomain.com + ``` + +### Glue Records Not Propagating + +- Glue records are stored at the registry level, not DNS level +- They can take longer to propagate (up to 48 hours) +- Verify at your registrar that they were saved correctly +- Some registrars require the domain to be using their nameservers first + +### SERVFAIL Errors + +Usually indicates CoreDNS configuration issues: + +1. Check Corefile syntax +2. Verify RQLite connectivity +3. Check firewall rules + +## Security Considerations + +### Firewall Rules + +Only expose necessary ports: + +```bash +# Allow DNS from anywhere +sudo ufw allow 53/tcp +sudo ufw allow 53/udp + +# Restrict admin ports to internal network +sudo ufw allow from 10.0.0.0/8 to any port 8080 # Health +sudo ufw allow from 10.0.0.0/8 to any port 9153 # Metrics +``` + +### Rate Limiting + +Consider adding rate limiting to prevent DNS amplification attacks. +This can be configured in the CoreDNS Corefile. + +## Multi-Node Coordination + +When running multiple nameservers: + +1. **All nodes share the same RQLite cluster** - DNS records are automatically synchronized +2. **Install in order** - First node bootstraps, others join +3. **Same domain configuration** - All nodes must use the same `--domain` value + +## Related Documentation + +- [CoreDNS RQLite Plugin](../pkg/coredns/README.md) - Technical details +- [Deployment Guide](./DEPLOYMENT_GUIDE.md) - Full deployment instructions +- [Architecture](./ARCHITECTURE.md) - System architecture overview diff --git a/docs/SECURITY_DEPLOYMENT_GUIDE.md b/docs/SECURITY_DEPLOYMENT_GUIDE.md deleted file mode 100644 index f51cd03..0000000 --- a/docs/SECURITY_DEPLOYMENT_GUIDE.md +++ /dev/null @@ -1,476 +0,0 @@ -# Orama Network - Security Deployment Guide - -**Date:** January 18, 2026 -**Status:** Production-Ready -**Audit Completed By:** Claude Code Security Audit - ---- - -## Executive Summary - -This document outlines the security hardening measures applied to the 4-node Orama Network production cluster. All critical vulnerabilities identified in the security audit have been addressed. - -**Security Status:** ✅ SECURED FOR PRODUCTION - ---- - -## Server Inventory - -| Server ID | IP Address | Domain | OS | Role | -|-----------|------------|--------|-----|------| -| VPS 1 | 51.83.128.181 | node-kv4la8.debros.network | Ubuntu 22.04 | Gateway + Cluster Node | -| VPS 2 | 194.61.28.7 | node-7prvNa.debros.network | Ubuntu 24.04 | Gateway + Cluster Node | -| VPS 3 | 83.171.248.66 | node-xn23dq.debros.network | Ubuntu 24.04 | Gateway + Cluster Node | -| VPS 4 | 62.72.44.87 | node-nns4n5.debros.network | Ubuntu 24.04 | Gateway + Cluster Node | - ---- - -## Services Running on Each Server - -| Service | Port(s) | Purpose | Public Access | -|---------|---------|---------|---------------| -| **orama-node** | 80, 443, 7001 | API Gateway | Yes (80, 443 only) | -| **rqlited** | 5001, 7002 | Distributed SQLite DB | Cluster only | -| **ipfs** | 4101, 4501, 8080 | Content-addressed storage | Cluster only | -| **ipfs-cluster** | 9094, 9098 | IPFS cluster management | Cluster only | -| **olric-server** | 3320, 3322 | Distributed cache | Cluster only | -| **anon** (Anyone proxy) | 9001, 9050, 9051 | Anonymity proxy | Cluster only | -| **libp2p** | 4001 | P2P networking | Yes (public P2P) | -| **SSH** | 22 | Remote access | Yes | - ---- - -## Security Measures Implemented - -### 1. Firewall Configuration (UFW) - -**Status:** ✅ Enabled on all 4 servers - -#### Public Ports (Open to Internet) -- **22/tcp** - SSH (with hardening) -- **80/tcp** - HTTP (redirects to HTTPS) -- **443/tcp** - HTTPS (Let's Encrypt production certificates) -- **4001/tcp** - libp2p swarm (P2P networking) - -#### Cluster-Only Ports (Restricted to 4 Server IPs) -All the following ports are ONLY accessible from the 4 cluster IPs: -- **5001/tcp** - rqlite HTTP API -- **7001/tcp** - SNI Gateway -- **7002/tcp** - rqlite Raft consensus -- **9094/tcp** - IPFS Cluster API -- **9098/tcp** - IPFS Cluster communication -- **3322/tcp** - Olric distributed cache -- **4101/tcp** - IPFS swarm (cluster internal) - -#### Firewall Rules Example -```bash -sudo ufw default deny incoming -sudo ufw default allow outgoing -sudo ufw allow 22/tcp comment "SSH" -sudo ufw allow 80/tcp comment "HTTP" -sudo ufw allow 443/tcp comment "HTTPS" -sudo ufw allow 4001/tcp comment "libp2p swarm" - -# Cluster-only access for sensitive services -sudo ufw allow from 51.83.128.181 to any port 5001 proto tcp -sudo ufw allow from 194.61.28.7 to any port 5001 proto tcp -sudo ufw allow from 83.171.248.66 to any port 5001 proto tcp -sudo ufw allow from 62.72.44.87 to any port 5001 proto tcp -# (repeat for ports 7001, 7002, 9094, 9098, 3322, 4101) - -sudo ufw enable -``` - -### 2. SSH Hardening - -**Location:** `/etc/ssh/sshd_config.d/99-hardening.conf` - -**Configuration:** -```bash -PermitRootLogin yes # Root login allowed with SSH keys -PasswordAuthentication yes # Password auth enabled (you have keys configured) -PubkeyAuthentication yes # SSH key authentication enabled -PermitEmptyPasswords no # No empty passwords -X11Forwarding no # X11 disabled for security -MaxAuthTries 3 # Max 3 login attempts -ClientAliveInterval 300 # Keep-alive every 5 minutes -ClientAliveCountMax 2 # Disconnect after 2 failed keep-alives -``` - -**Your SSH Keys Added:** -- ✅ `ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcGZPX2iHXWO8tuyyDkHPS5eByPOktkw3+ugcw79yQO` -- ✅ `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgCWmycaBN3aAZJcM2w4+Xi2zrTwN78W8oAiQywvMEkubqNNWHF6I3...` - -Both keys are installed on all 4 servers in: -- VPS 1: `/home/ubuntu/.ssh/authorized_keys` -- VPS 2, 3, 4: `/root/.ssh/authorized_keys` - -### 3. Fail2ban Protection - -**Status:** ✅ Installed and running on all 4 servers - -**Purpose:** Automatically bans IPs after failed SSH login attempts - -**Check Status:** -```bash -sudo systemctl status fail2ban -``` - -### 4. Security Updates - -**Status:** ✅ All security updates applied (as of Jan 18, 2026) - -**Update Command:** -```bash -sudo apt update && sudo apt upgrade -y -``` - -### 5. Let's Encrypt TLS Certificates - -**Status:** ✅ Production certificates (NOT staging) - -**Configuration:** -- **Provider:** Let's Encrypt (ACME v2 Production) -- **Auto-renewal:** Enabled via autocert -- **Cache Directory:** `/home/debros/.orama/tls-cache/` -- **Domains:** - - node-kv4la8.debros.network (VPS 1) - - node-7prvNa.debros.network (VPS 2) - - node-xn23dq.debros.network (VPS 3) - - node-nns4n5.debros.network (VPS 4) - -**Certificate Files:** -- Account key: `/home/debros/.orama/tls-cache/acme_account+key` -- Certificates auto-managed by autocert - -**Verification:** -```bash -curl -I https://node-kv4la8.debros.network -# Should return valid SSL certificate -``` - ---- - -## Cluster Configuration - -### RQLite Cluster - -**Nodes:** -- 51.83.128.181:7002 (Leader) -- 194.61.28.7:7002 -- 83.171.248.66:7002 -- 62.72.44.87:7002 - -**Test Cluster Health:** -```bash -ssh ubuntu@51.83.128.181 -curl -s http://localhost:5001/status | jq '.store.nodes' -``` - -**Expected Output:** -```json -[ - {"id":"194.61.28.7:7002","addr":"194.61.28.7:7002","suffrage":"Voter"}, - {"id":"51.83.128.181:7002","addr":"51.83.128.181:7002","suffrage":"Voter"}, - {"id":"62.72.44.87:7002","addr":"62.72.44.87:7002","suffrage":"Voter"}, - {"id":"83.171.248.66:7002","addr":"83.171.248.66:7002","suffrage":"Voter"} -] -``` - -### IPFS Cluster - -**Test Cluster Health:** -```bash -ssh ubuntu@51.83.128.181 -curl -s http://localhost:9094/id | jq '.cluster_peers' -``` - -**Expected:** All 4 peer IDs listed - -### Olric Cache Cluster - -**Port:** 3320 (localhost), 3322 (cluster communication) - -**Test:** -```bash -ssh ubuntu@51.83.128.181 -ss -tulpn | grep olric -``` - ---- - -## Access Credentials - -### SSH Access - -**VPS 1:** -```bash -ssh ubuntu@51.83.128.181 -# OR using your SSH key: -ssh -i ~/.ssh/ssh-sotiris/id_ed25519 ubuntu@51.83.128.181 -``` - -**VPS 2, 3, 4:** -```bash -ssh root@194.61.28.7 -ssh root@83.171.248.66 -ssh root@62.72.44.87 -``` - -**Important:** Password authentication is still enabled, but your SSH keys are configured for passwordless access. - ---- - -## Testing & Verification - -### 1. Test External Port Access (From Your Machine) - -```bash -# These should be BLOCKED (timeout or connection refused): -nc -zv 51.83.128.181 5001 # rqlite API - should be blocked -nc -zv 51.83.128.181 7002 # rqlite Raft - should be blocked -nc -zv 51.83.128.181 9094 # IPFS cluster - should be blocked - -# These should be OPEN: -nc -zv 51.83.128.181 22 # SSH - should succeed -nc -zv 51.83.128.181 80 # HTTP - should succeed -nc -zv 51.83.128.181 443 # HTTPS - should succeed -nc -zv 51.83.128.181 4001 # libp2p - should succeed -``` - -### 2. Test Domain Access - -```bash -curl -I https://node-kv4la8.debros.network -curl -I https://node-7prvNa.debros.network -curl -I https://node-xn23dq.debros.network -curl -I https://node-nns4n5.debros.network -``` - -All should return `HTTP/1.1 200 OK` or similar with valid SSL certificates. - -### 3. Test Cluster Communication (From VPS 1) - -```bash -ssh ubuntu@51.83.128.181 -# Test rqlite cluster -curl -s http://localhost:5001/status | jq -r '.store.nodes[].id' - -# Test IPFS cluster -curl -s http://localhost:9094/id | jq -r '.cluster_peers[]' - -# Check all services running -ps aux | grep -E "(orama-node|rqlited|ipfs|olric)" | grep -v grep -``` - ---- - -## Maintenance & Operations - -### Firewall Management - -**View current rules:** -```bash -sudo ufw status numbered -``` - -**Add a new allowed IP for cluster services:** -```bash -sudo ufw allow from NEW_IP_ADDRESS to any port 5001 proto tcp -sudo ufw allow from NEW_IP_ADDRESS to any port 7002 proto tcp -# etc. -``` - -**Delete a rule:** -```bash -sudo ufw status numbered # Get rule number -sudo ufw delete [NUMBER] -``` - -### SSH Management - -**Test SSH config without applying:** -```bash -sudo sshd -t -``` - -**Reload SSH after config changes:** -```bash -sudo systemctl reload ssh -``` - -**View SSH login attempts:** -```bash -sudo journalctl -u ssh | tail -50 -``` - -### Fail2ban Management - -**Check banned IPs:** -```bash -sudo fail2ban-client status sshd -``` - -**Unban an IP:** -```bash -sudo fail2ban-client set sshd unbanip IP_ADDRESS -``` - -### Security Updates - -**Check for updates:** -```bash -apt list --upgradable -``` - -**Apply updates:** -```bash -sudo apt update && sudo apt upgrade -y -``` - -**Reboot if kernel updated:** -```bash -sudo reboot -``` - ---- - -## Security Improvements Completed - -### Before Security Audit: -- ❌ No firewall enabled -- ❌ rqlite database exposed to internet (port 5001, 7002) -- ❌ IPFS cluster management exposed (port 9094, 9098) -- ❌ Olric cache exposed (port 3322) -- ❌ Root login enabled without restrictions (VPS 2, 3, 4) -- ❌ No fail2ban on 3 out of 4 servers -- ❌ 19-39 security updates pending - -### After Security Hardening: -- ✅ UFW firewall enabled on all servers -- ✅ Sensitive ports restricted to cluster IPs only -- ✅ SSH hardened with key authentication -- ✅ Fail2ban protecting all servers -- ✅ All security updates applied -- ✅ Let's Encrypt production certificates verified -- ✅ Cluster communication tested and working -- ✅ External access verified (HTTP/HTTPS only) - ---- - -## Recommended Next Steps (Optional) - -These were not implemented per your request but are recommended for future consideration: - -1. **VPN/Private Networking** - Use WireGuard or Tailscale for encrypted cluster communication instead of firewall rules -2. **Automated Security Updates** - Enable unattended-upgrades for automatic security patches -3. **Monitoring & Alerting** - Set up Prometheus/Grafana for service monitoring -4. **Regular Security Audits** - Run `lynis` or `rkhunter` monthly for security checks - ---- - -## Important Notes - -### Let's Encrypt Configuration - -The Orama Network gateway uses **autocert** from Go's `golang.org/x/crypto/acme/autocert` package. The configuration is in: - -**File:** `/home/debros/.orama/configs/node.yaml` - -**Relevant settings:** -```yaml -http_gateway: - https: - enabled: true - domain: "node-kv4la8.debros.network" - auto_cert: true - cache_dir: "/home/debros/.orama/tls-cache" - http_port: 80 - https_port: 443 - email: "admin@node-kv4la8.debros.network" -``` - -**Important:** There is NO `letsencrypt_staging` flag set, which means it defaults to **production Let's Encrypt**. This is correct for production deployment. - -### Firewall Persistence - -UFW rules are persistent across reboots. The firewall will automatically start on boot. - -### SSH Key Access - -Both of your SSH keys are configured on all servers. You can access: -- VPS 1: `ssh -i ~/.ssh/ssh-sotiris/id_ed25519 ubuntu@51.83.128.181` -- VPS 2-4: `ssh -i ~/.ssh/ssh-sotiris/id_ed25519 root@IP_ADDRESS` - -Password authentication is still enabled as a fallback, but keys are recommended. - ---- - -## Emergency Access - -If you get locked out: - -1. **VPS Provider Console:** All major VPS providers offer web-based console access -2. **Password Access:** Password auth is still enabled on all servers -3. **SSH Keys:** Two keys configured for redundancy - -**Disable firewall temporarily (emergency only):** -```bash -sudo ufw disable -# Fix the issue -sudo ufw enable -``` - ---- - -## Verification Checklist - -Use this checklist to verify the security hardening: - -- [ ] All 4 servers have UFW firewall enabled -- [ ] SSH is hardened (MaxAuthTries 3, X11Forwarding no) -- [ ] Your SSH keys work on all servers -- [ ] Fail2ban is running on all servers -- [ ] Security updates are current -- [ ] rqlite port 5001 is NOT accessible from internet -- [ ] rqlite port 7002 is NOT accessible from internet -- [ ] IPFS cluster ports 9094, 9098 are NOT accessible from internet -- [ ] Domains are accessible via HTTPS with valid certificates -- [ ] RQLite cluster shows all 4 nodes -- [ ] IPFS cluster shows all 4 peers -- [ ] All services are running (5 processes per server) - ---- - -## Contact & Support - -For issues or questions about this deployment: - -- **Security Audit Date:** January 18, 2026 -- **Configuration Files:** `/home/debros/.orama/configs/` -- **Firewall Rules:** `/etc/ufw/` -- **SSH Config:** `/etc/ssh/sshd_config.d/99-hardening.conf` -- **TLS Certs:** `/home/debros/.orama/tls-cache/` - ---- - -## Changelog - -### January 18, 2026 - Production Security Hardening - -**Changes:** -1. Added UFW firewall rules on all 4 VPS servers -2. Restricted sensitive ports (5001, 7002, 9094, 9098, 3322, 4101) to cluster IPs only -3. Hardened SSH configuration -4. Added your 2 SSH keys to all servers -5. Installed fail2ban on VPS 1, 2, 3 (VPS 4 already had it) -6. Applied all pending security updates (23-39 packages per server) -7. Verified Let's Encrypt is using production (not staging) -8. Tested all services: rqlite, IPFS, libp2p, Olric clusters -9. Verified all 4 domains are accessible via HTTPS - -**Result:** Production-ready secure deployment ✅ - ---- - -**END OF DEPLOYMENT GUIDE** diff --git a/e2e/auth_negative_test.go b/e2e/auth_negative_test.go deleted file mode 100644 index 130dc63..0000000 --- a/e2e/auth_negative_test.go +++ /dev/null @@ -1,294 +0,0 @@ -//go:build e2e - -package e2e - -import ( - "context" - "net/http" - "testing" - "time" - "unicode" -) - -func TestAuth_MissingAPIKey(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // Request without auth headers - req, err := http.NewRequestWithContext(ctx, http.MethodGet, GetGatewayURL()+"/v1/network/status", nil) - if err != nil { - t.Fatalf("failed to create request: %v", err) - } - - client := NewHTTPClient(30 * time.Second) - resp, err := client.Do(req) - if err != nil { - t.Fatalf("request failed: %v", err) - } - defer resp.Body.Close() - - // Should be unauthorized - if resp.StatusCode != http.StatusUnauthorized && resp.StatusCode != http.StatusForbidden { - t.Logf("warning: expected 401/403 for missing auth, got %d (auth may not be enforced on this endpoint)", resp.StatusCode) - } -} - -func TestAuth_InvalidAPIKey(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // Request with invalid API key - req, err := http.NewRequestWithContext(ctx, http.MethodGet, GetGatewayURL()+"/v1/cache/health", nil) - if err != nil { - t.Fatalf("failed to create request: %v", err) - } - - req.Header.Set("Authorization", "Bearer invalid-key-xyz") - - client := NewHTTPClient(30 * time.Second) - resp, err := client.Do(req) - if err != nil { - t.Fatalf("request failed: %v", err) - } - defer resp.Body.Close() - - // Should be unauthorized - if resp.StatusCode != http.StatusUnauthorized && resp.StatusCode != http.StatusForbidden { - t.Logf("warning: expected 401/403 for invalid key, got %d", resp.StatusCode) - } -} - -func TestAuth_CacheWithoutAuth(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // Request cache endpoint without auth - req := &HTTPRequest{ - Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/cache/health", - SkipAuth: true, - } - - _, status, err := req.Do(ctx) - if err != nil { - t.Fatalf("request failed: %v", err) - } - - // Should fail with 401 or 403 - if status != http.StatusUnauthorized && status != http.StatusForbidden { - t.Logf("warning: expected 401/403 for cache without auth, got %d", status) - } -} - -func TestAuth_StorageWithoutAuth(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // Request storage endpoint without auth - req := &HTTPRequest{ - Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/storage/status/QmTest", - SkipAuth: true, - } - - _, status, err := req.Do(ctx) - if err != nil { - t.Fatalf("request failed: %v", err) - } - - // Should fail with 401 or 403 - if status != http.StatusUnauthorized && status != http.StatusForbidden { - t.Logf("warning: expected 401/403 for storage without auth, got %d", status) - } -} - -func TestAuth_RQLiteWithoutAuth(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // Request rqlite endpoint without auth - req := &HTTPRequest{ - Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/rqlite/schema", - SkipAuth: true, - } - - _, status, err := req.Do(ctx) - if err != nil { - t.Fatalf("request failed: %v", err) - } - - // Should fail with 401 or 403 - if status != http.StatusUnauthorized && status != http.StatusForbidden { - t.Logf("warning: expected 401/403 for rqlite without auth, got %d", status) - } -} - -func TestAuth_MalformedBearerToken(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // Request with malformed bearer token - req, err := http.NewRequestWithContext(ctx, http.MethodGet, GetGatewayURL()+"/v1/cache/health", nil) - if err != nil { - t.Fatalf("failed to create request: %v", err) - } - - // Missing "Bearer " prefix - req.Header.Set("Authorization", "invalid-token-format") - - client := NewHTTPClient(30 * time.Second) - resp, err := client.Do(req) - if err != nil { - t.Fatalf("request failed: %v", err) - } - defer resp.Body.Close() - - // Should be unauthorized - if resp.StatusCode != http.StatusUnauthorized && resp.StatusCode != http.StatusForbidden { - t.Logf("warning: expected 401/403 for malformed token, got %d", resp.StatusCode) - } -} - -func TestAuth_ExpiredJWT(t *testing.T) { - // Skip if JWT is not being used - if GetJWT() == "" && GetAPIKey() == "" { - t.Skip("No JWT or API key configured") - } - - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // This test would require an expired JWT token - // For now, test with a clearly invalid JWT structure - req, err := http.NewRequestWithContext(ctx, http.MethodGet, GetGatewayURL()+"/v1/cache/health", nil) - if err != nil { - t.Fatalf("failed to create request: %v", err) - } - - req.Header.Set("Authorization", "Bearer expired.jwt.token") - - client := NewHTTPClient(30 * time.Second) - resp, err := client.Do(req) - if err != nil { - t.Fatalf("request failed: %v", err) - } - defer resp.Body.Close() - - // Should be unauthorized - if resp.StatusCode != http.StatusUnauthorized && resp.StatusCode != http.StatusForbidden { - t.Logf("warning: expected 401/403 for expired JWT, got %d", resp.StatusCode) - } -} - -func TestAuth_EmptyBearerToken(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // Request with empty bearer token - req, err := http.NewRequestWithContext(ctx, http.MethodGet, GetGatewayURL()+"/v1/cache/health", nil) - if err != nil { - t.Fatalf("failed to create request: %v", err) - } - - req.Header.Set("Authorization", "Bearer ") - - client := NewHTTPClient(30 * time.Second) - resp, err := client.Do(req) - if err != nil { - t.Fatalf("request failed: %v", err) - } - defer resp.Body.Close() - - // Should be unauthorized - if resp.StatusCode != http.StatusUnauthorized && resp.StatusCode != http.StatusForbidden { - t.Logf("warning: expected 401/403 for empty token, got %d", resp.StatusCode) - } -} - -func TestAuth_DuplicateAuthHeaders(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // Request with both API key and invalid JWT - req := &HTTPRequest{ - Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/cache/health", - Headers: map[string]string{ - "Authorization": "Bearer " + GetAPIKey(), - "X-API-Key": GetAPIKey(), - }, - } - - _, status, err := req.Do(ctx) - if err != nil { - t.Fatalf("request failed: %v", err) - } - - // Should succeed if API key is valid - if status != http.StatusOK { - t.Logf("request with both headers returned %d", status) - } -} - -func TestAuth_CaseSensitiveAPIKey(t *testing.T) { - if GetAPIKey() == "" { - t.Skip("No API key configured") - } - - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // Request with incorrectly cased API key - apiKey := GetAPIKey() - incorrectKey := "" - for i, ch := range apiKey { - if i%2 == 0 && unicode.IsLetter(ch) { - incorrectKey += string(unicode.ToUpper(ch)) // Convert to uppercase - } else { - incorrectKey += string(ch) - } - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, GetGatewayURL()+"/v1/cache/health", nil) - if err != nil { - t.Fatalf("failed to create request: %v", err) - } - - req.Header.Set("Authorization", "Bearer "+incorrectKey) - - client := NewHTTPClient(30 * time.Second) - resp, err := client.Do(req) - if err != nil { - t.Fatalf("request failed: %v", err) - } - defer resp.Body.Close() - - // API keys should be case-sensitive - if resp.StatusCode == http.StatusOK { - t.Logf("warning: API key check may not be case-sensitive (got 200)") - } -} - -func TestAuth_HealthEndpointNoAuth(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - // Health endpoint at /health should not require auth - req, err := http.NewRequestWithContext(ctx, http.MethodGet, GetGatewayURL()+"/v1/health", nil) - if err != nil { - t.Fatalf("failed to create request: %v", err) - } - - client := NewHTTPClient(30 * time.Second) - resp, err := client.Do(req) - if err != nil { - t.Fatalf("request failed: %v", err) - } - defer resp.Body.Close() - - // Should succeed without auth - if resp.StatusCode != http.StatusOK { - t.Fatalf("expected 200 for /health without auth, got %d", resp.StatusCode) - } -} diff --git a/e2e/ipfs_cluster_test.go b/e2e/cluster/ipfs_cluster_test.go similarity index 84% rename from e2e/ipfs_cluster_test.go rename to e2e/cluster/ipfs_cluster_test.go index 5d8dff1..76c01fd 100644 --- a/e2e/ipfs_cluster_test.go +++ b/e2e/cluster/ipfs_cluster_test.go @@ -1,6 +1,6 @@ //go:build e2e -package e2e +package cluster_test import ( "bytes" @@ -10,16 +10,22 @@ import ( "testing" "time" + "github.com/DeBrosOfficial/network/e2e" "github.com/DeBrosOfficial/network/pkg/ipfs" ) +// Note: These tests connect directly to IPFS Cluster API (localhost:9094) +// and IPFS API (localhost:4501). They are for local development only. +// For production testing, use storage_http_test.go which uses gateway endpoints. + func TestIPFSCluster_Health(t *testing.T) { + e2e.SkipIfProduction(t) // Direct IPFS connection not available in production ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - logger := NewTestLogger(t) + logger := e2e.NewTestLogger(t) cfg := ipfs.Config{ - ClusterAPIURL: GetIPFSClusterURL(), + ClusterAPIURL: e2e.GetIPFSClusterURL(), Timeout: 10 * time.Second, } @@ -35,12 +41,13 @@ func TestIPFSCluster_Health(t *testing.T) { } func TestIPFSCluster_GetPeerCount(t *testing.T) { + e2e.SkipIfProduction(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - logger := NewTestLogger(t) + logger := e2e.NewTestLogger(t) cfg := ipfs.Config{ - ClusterAPIURL: GetIPFSClusterURL(), + ClusterAPIURL: e2e.GetIPFSClusterURL(), Timeout: 10 * time.Second, } @@ -62,12 +69,13 @@ func TestIPFSCluster_GetPeerCount(t *testing.T) { } func TestIPFSCluster_AddFile(t *testing.T) { + e2e.SkipIfProduction(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - logger := NewTestLogger(t) + logger := e2e.NewTestLogger(t) cfg := ipfs.Config{ - ClusterAPIURL: GetIPFSClusterURL(), + ClusterAPIURL: e2e.GetIPFSClusterURL(), Timeout: 30 * time.Second, } @@ -94,12 +102,13 @@ func TestIPFSCluster_AddFile(t *testing.T) { } func TestIPFSCluster_PinFile(t *testing.T) { + e2e.SkipIfProduction(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - logger := NewTestLogger(t) + logger := e2e.NewTestLogger(t) cfg := ipfs.Config{ - ClusterAPIURL: GetIPFSClusterURL(), + ClusterAPIURL: e2e.GetIPFSClusterURL(), Timeout: 30 * time.Second, } @@ -131,12 +140,13 @@ func TestIPFSCluster_PinFile(t *testing.T) { } func TestIPFSCluster_PinStatus(t *testing.T) { + e2e.SkipIfProduction(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - logger := NewTestLogger(t) + logger := e2e.NewTestLogger(t) cfg := ipfs.Config{ - ClusterAPIURL: GetIPFSClusterURL(), + ClusterAPIURL: e2e.GetIPFSClusterURL(), Timeout: 30 * time.Second, } @@ -164,7 +174,7 @@ func TestIPFSCluster_PinStatus(t *testing.T) { } // Give pin time to propagate - Delay(1000) + e2e.Delay(1000) // Get status status, err := client.PinStatus(ctx, cid) @@ -188,12 +198,13 @@ func TestIPFSCluster_PinStatus(t *testing.T) { } func TestIPFSCluster_UnpinFile(t *testing.T) { + e2e.SkipIfProduction(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - logger := NewTestLogger(t) + logger := e2e.NewTestLogger(t) cfg := ipfs.Config{ - ClusterAPIURL: GetIPFSClusterURL(), + ClusterAPIURL: e2e.GetIPFSClusterURL(), Timeout: 30 * time.Second, } @@ -226,12 +237,13 @@ func TestIPFSCluster_UnpinFile(t *testing.T) { } func TestIPFSCluster_GetFile(t *testing.T) { + e2e.SkipIfProduction(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - logger := NewTestLogger(t) + logger := e2e.NewTestLogger(t) cfg := ipfs.Config{ - ClusterAPIURL: GetIPFSClusterURL(), + ClusterAPIURL: e2e.GetIPFSClusterURL(), Timeout: 30 * time.Second, } @@ -250,10 +262,10 @@ func TestIPFSCluster_GetFile(t *testing.T) { cid := addResult.Cid // Give time for propagation - Delay(1000) + e2e.Delay(1000) // Get file - rc, err := client.Get(ctx, cid, GetIPFSAPIURL()) + rc, err := client.Get(ctx, cid, e2e.GetIPFSAPIURL()) if err != nil { t.Fatalf("get file failed: %v", err) } @@ -272,12 +284,13 @@ func TestIPFSCluster_GetFile(t *testing.T) { } func TestIPFSCluster_LargeFile(t *testing.T) { + e2e.SkipIfProduction(t) ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) defer cancel() - logger := NewTestLogger(t) + logger := e2e.NewTestLogger(t) cfg := ipfs.Config{ - ClusterAPIURL: GetIPFSClusterURL(), + ClusterAPIURL: e2e.GetIPFSClusterURL(), Timeout: 60 * time.Second, } @@ -305,12 +318,13 @@ func TestIPFSCluster_LargeFile(t *testing.T) { } func TestIPFSCluster_ReplicationFactor(t *testing.T) { + e2e.SkipIfProduction(t) // Direct IPFS connection not available in production ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - logger := NewTestLogger(t) + logger := e2e.NewTestLogger(t) cfg := ipfs.Config{ - ClusterAPIURL: GetIPFSClusterURL(), + ClusterAPIURL: e2e.GetIPFSClusterURL(), Timeout: 30 * time.Second, } @@ -340,7 +354,7 @@ func TestIPFSCluster_ReplicationFactor(t *testing.T) { } // Give time for replication - Delay(2000) + e2e.Delay(2000) // Check status status, err := client.PinStatus(ctx, cid) @@ -352,12 +366,13 @@ func TestIPFSCluster_ReplicationFactor(t *testing.T) { } func TestIPFSCluster_MultipleFiles(t *testing.T) { + e2e.SkipIfProduction(t) // Direct IPFS connection not available in production ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) defer cancel() - logger := NewTestLogger(t) + logger := e2e.NewTestLogger(t) cfg := ipfs.Config{ - ClusterAPIURL: GetIPFSClusterURL(), + ClusterAPIURL: e2e.GetIPFSClusterURL(), Timeout: 30 * time.Second, } diff --git a/e2e/libp2p_connectivity_test.go b/e2e/cluster/libp2p_connectivity_test.go similarity index 79% rename from e2e/libp2p_connectivity_test.go rename to e2e/cluster/libp2p_connectivity_test.go index 0a6408a..225c751 100644 --- a/e2e/libp2p_connectivity_test.go +++ b/e2e/cluster/libp2p_connectivity_test.go @@ -1,6 +1,6 @@ //go:build e2e -package e2e +package cluster_test import ( "context" @@ -8,25 +8,27 @@ import ( "strings" "testing" "time" + + "github.com/DeBrosOfficial/network/e2e" ) func TestLibP2P_PeerConnectivity(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() // Create and connect client - c := NewNetworkClient(t) + c := e2e.NewNetworkClient(t) if err := c.Connect(); err != nil { t.Fatalf("connect failed: %v", err) } defer c.Disconnect() // Verify peer connectivity through the gateway - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/network/peers", + URL: e2e.GetGatewayURL() + "/v1/network/peers", } body, status, err := req.Do(ctx) @@ -39,7 +41,7 @@ func TestLibP2P_PeerConnectivity(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -50,30 +52,30 @@ func TestLibP2P_PeerConnectivity(t *testing.T) { } func TestLibP2P_BootstrapPeers(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - bootstrapPeers := GetBootstrapPeers() + bootstrapPeers := e2e.GetBootstrapPeers() if len(bootstrapPeers) == 0 { t.Skipf("E2E_BOOTSTRAP_PEERS not set; skipping") } // Create client with bootstrap peers explicitly set - c := NewNetworkClient(t) + c := e2e.NewNetworkClient(t) if err := c.Connect(); err != nil { t.Fatalf("connect failed: %v", err) } defer c.Disconnect() // Give peer discovery time - Delay(2000) + e2e.Delay(2000) // Verify we're connected (check via gateway status) - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/network/status", + URL: e2e.GetGatewayURL() + "/v1/network/status", } body, status, err := req.Do(ctx) @@ -86,7 +88,7 @@ func TestLibP2P_BootstrapPeers(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -96,15 +98,15 @@ func TestLibP2P_BootstrapPeers(t *testing.T) { } func TestLibP2P_MultipleClientConnections(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() // Create multiple clients - c1 := NewNetworkClient(t) - c2 := NewNetworkClient(t) - c3 := NewNetworkClient(t) + c1 := e2e.NewNetworkClient(t) + c2 := e2e.NewNetworkClient(t) + c3 := e2e.NewNetworkClient(t) if err := c1.Connect(); err != nil { t.Fatalf("c1 connect failed: %v", err) @@ -122,12 +124,12 @@ func TestLibP2P_MultipleClientConnections(t *testing.T) { defer c3.Disconnect() // Give peer discovery time - Delay(2000) + e2e.Delay(2000) // Verify gateway sees multiple peers - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/network/peers", + URL: e2e.GetGatewayURL() + "/v1/network/peers", } body, status, err := req.Do(ctx) @@ -140,7 +142,7 @@ func TestLibP2P_MultipleClientConnections(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -151,12 +153,12 @@ func TestLibP2P_MultipleClientConnections(t *testing.T) { } func TestLibP2P_ReconnectAfterDisconnect(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - c := NewNetworkClient(t) + c := e2e.NewNetworkClient(t) // Connect if err := c.Connect(); err != nil { @@ -164,9 +166,9 @@ func TestLibP2P_ReconnectAfterDisconnect(t *testing.T) { } // Verify connected via gateway - req1 := &HTTPRequest{ + req1 := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/network/status", + URL: e2e.GetGatewayURL() + "/v1/network/status", } _, status1, err := req1.Do(ctx) @@ -180,7 +182,7 @@ func TestLibP2P_ReconnectAfterDisconnect(t *testing.T) { } // Give time for disconnect to propagate - Delay(500) + e2e.Delay(500) // Reconnect if err := c.Connect(); err != nil { @@ -189,9 +191,9 @@ func TestLibP2P_ReconnectAfterDisconnect(t *testing.T) { defer c.Disconnect() // Verify connected via gateway again - req2 := &HTTPRequest{ + req2 := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/network/status", + URL: e2e.GetGatewayURL() + "/v1/network/status", } _, status2, err := req2.Do(ctx) @@ -201,25 +203,25 @@ func TestLibP2P_ReconnectAfterDisconnect(t *testing.T) { } func TestLibP2P_PeerDiscovery(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() // Create client - c := NewNetworkClient(t) + c := e2e.NewNetworkClient(t) if err := c.Connect(); err != nil { t.Fatalf("connect failed: %v", err) } defer c.Disconnect() // Give peer discovery time - Delay(3000) + e2e.Delay(3000) // Get peer list - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/network/peers", + URL: e2e.GetGatewayURL() + "/v1/network/peers", } body, status, err := req.Do(ctx) @@ -232,7 +234,7 @@ func TestLibP2P_PeerDiscovery(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -251,22 +253,22 @@ func TestLibP2P_PeerDiscovery(t *testing.T) { } func TestLibP2P_PeerAddressFormat(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() // Create client - c := NewNetworkClient(t) + c := e2e.NewNetworkClient(t) if err := c.Connect(); err != nil { t.Fatalf("connect failed: %v", err) } defer c.Disconnect() // Get peer list - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/network/peers", + URL: e2e.GetGatewayURL() + "/v1/network/peers", } body, status, err := req.Do(ctx) @@ -279,7 +281,7 @@ func TestLibP2P_PeerAddressFormat(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } diff --git a/e2e/cluster/namespace_cluster_test.go b/e2e/cluster/namespace_cluster_test.go new file mode 100644 index 0000000..caf2a76 --- /dev/null +++ b/e2e/cluster/namespace_cluster_test.go @@ -0,0 +1,556 @@ +//go:build e2e + +package cluster_test + +import ( + "context" + "encoding/json" + "fmt" + "io" + "net" + "net/http" + "os" + "path/filepath" + "sort" + "strings" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/require" +) + +// ============================================================================= +// STRICT NAMESPACE CLUSTER TESTS +// These tests FAIL if things don't work. No t.Skip() for expected functionality. +// ============================================================================= + +// TestNamespaceCluster_FullProvisioning is a STRICT test that verifies the complete +// namespace cluster provisioning flow. This test FAILS if any component doesn't work. +func TestNamespaceCluster_FullProvisioning(t *testing.T) { + // Generate unique namespace name + newNamespace := fmt.Sprintf("e2e-cluster-%d", time.Now().UnixNano()) + + env, err := e2e.LoadTestEnvWithNamespace(newNamespace) + require.NoError(t, err, "FATAL: Failed to create test environment for namespace %s", newNamespace) + require.NotEmpty(t, env.APIKey, "FATAL: No API key received - namespace provisioning failed") + + t.Logf("Created namespace: %s", newNamespace) + t.Logf("API Key: %s...", env.APIKey[:min(20, len(env.APIKey))]) + + // Get cluster status to verify provisioning + t.Run("Cluster status shows ready", func(t *testing.T) { + // Query the namespace cluster status + req, _ := http.NewRequest("GET", env.GatewayURL+"/v1/namespace/status?name="+newNamespace, nil) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Failed to query cluster status") + defer resp.Body.Close() + + bodyBytes, _ := io.ReadAll(resp.Body) + t.Logf("Cluster status response: %s", string(bodyBytes)) + + // If status endpoint exists and returns cluster info, verify it + if resp.StatusCode == http.StatusOK { + var result map[string]interface{} + if err := json.Unmarshal(bodyBytes, &result); err == nil { + status, _ := result["status"].(string) + if status != "" && status != "ready" && status != "default" { + t.Errorf("FAIL: Cluster status is '%s', expected 'ready'", status) + } + } + } + }) + + // Verify we can use the namespace for deployments + t.Run("Deployments work on namespace", func(t *testing.T) { + tarballPath := filepath.Join("../../testdata/apps/react-app") + if _, err := os.Stat(tarballPath); os.IsNotExist(err) { + t.Skip("Test tarball not found - skipping deployment test") + } + + deploymentName := fmt.Sprintf("cluster-test-%d", time.Now().Unix()) + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID, "FAIL: Deployment creation failed on namespace cluster") + + t.Logf("Created deployment %s (ID: %s) on namespace %s", deploymentName, deploymentID, newNamespace) + + // Cleanup + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + // Verify deployment is accessible + req, _ := http.NewRequest("GET", env.GatewayURL+"/v1/deployments/get?id="+deploymentID, nil) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Failed to get deployment") + defer resp.Body.Close() + + require.Equal(t, http.StatusOK, resp.StatusCode, "FAIL: Cannot retrieve deployment from namespace cluster") + }) +} + +// TestNamespaceCluster_RQLiteHealth verifies that namespace RQLite cluster is running +// and accepting connections. This test FAILS if RQLite is not accessible. +func TestNamespaceCluster_RQLiteHealth(t *testing.T) { + t.Run("Check namespace port range for RQLite", func(t *testing.T) { + foundRQLite := false + var healthyPorts []int + var unhealthyPorts []int + + // Check first few port blocks + for portStart := 10000; portStart <= 10015; portStart += 5 { + rqlitePort := portStart // RQLite HTTP is first port in block + if isPortListening("localhost", rqlitePort) { + t.Logf("Found RQLite instance on port %d", rqlitePort) + foundRQLite = true + + // Verify it responds to health check + healthURL := fmt.Sprintf("http://localhost:%d/status", rqlitePort) + healthResp, err := http.Get(healthURL) + if err == nil { + defer healthResp.Body.Close() + if healthResp.StatusCode == http.StatusOK { + healthyPorts = append(healthyPorts, rqlitePort) + t.Logf(" ✓ RQLite on port %d is healthy", rqlitePort) + } else { + unhealthyPorts = append(unhealthyPorts, rqlitePort) + t.Errorf("FAIL: RQLite on port %d returned status %d", rqlitePort, healthResp.StatusCode) + } + } else { + unhealthyPorts = append(unhealthyPorts, rqlitePort) + t.Errorf("FAIL: RQLite on port %d health check failed: %v", rqlitePort, err) + } + } + } + + if !foundRQLite { + t.Log("No namespace RQLite instances found in port range 10000-10015") + t.Log("This is expected if no namespaces have been provisioned yet") + } else { + t.Logf("Summary: %d healthy, %d unhealthy RQLite instances", len(healthyPorts), len(unhealthyPorts)) + require.Empty(t, unhealthyPorts, "FAIL: Some RQLite instances are unhealthy") + } + }) +} + +// TestNamespaceCluster_OlricHealth verifies that namespace Olric cluster is running +// and accepting connections. +func TestNamespaceCluster_OlricHealth(t *testing.T) { + t.Run("Check namespace port range for Olric", func(t *testing.T) { + foundOlric := false + foundCount := 0 + + // Check first few port blocks - Olric memberlist is port_start + 3 + for portStart := 10000; portStart <= 10015; portStart += 5 { + olricMemberlistPort := portStart + 3 + if isPortListening("localhost", olricMemberlistPort) { + t.Logf("Found Olric memberlist on port %d", olricMemberlistPort) + foundOlric = true + foundCount++ + } + } + + if !foundOlric { + t.Log("No namespace Olric instances found in port range 10003-10018") + t.Log("This is expected if no namespaces have been provisioned yet") + } else { + t.Logf("Found %d Olric memberlist ports accepting connections", foundCount) + } + }) +} + +// TestNamespaceCluster_GatewayHealth verifies that namespace Gateway instances are running. +// This test FAILS if gateway binary exists but gateways don't spawn. +func TestNamespaceCluster_GatewayHealth(t *testing.T) { + // Check if gateway binary exists + gatewayBinaryPaths := []string{ + "./bin/orama", + "../bin/orama", + "/usr/local/bin/orama", + } + + var gatewayBinaryExists bool + var foundPath string + for _, path := range gatewayBinaryPaths { + if _, err := os.Stat(path); err == nil { + gatewayBinaryExists = true + foundPath = path + break + } + } + + if !gatewayBinaryExists { + t.Log("Gateway binary not found - namespace gateways will not spawn") + t.Log("Run 'make build' to build the gateway binary") + t.Log("Checked paths:", gatewayBinaryPaths) + // This is a FAILURE if we expect gateway to work + t.Error("FAIL: Gateway binary not found. Run 'make build' first.") + return + } + + t.Logf("Gateway binary found at: %s", foundPath) + + t.Run("Check namespace port range for Gateway", func(t *testing.T) { + foundGateway := false + var healthyPorts []int + var unhealthyPorts []int + + // Check first few port blocks - Gateway HTTP is port_start + 4 + for portStart := 10000; portStart <= 10015; portStart += 5 { + gatewayPort := portStart + 4 + if isPortListening("localhost", gatewayPort) { + t.Logf("Found Gateway instance on port %d", gatewayPort) + foundGateway = true + + // Verify it responds to health check + healthURL := fmt.Sprintf("http://localhost:%d/v1/health", gatewayPort) + healthResp, err := http.Get(healthURL) + if err == nil { + defer healthResp.Body.Close() + if healthResp.StatusCode == http.StatusOK { + healthyPorts = append(healthyPorts, gatewayPort) + t.Logf(" ✓ Gateway on port %d is healthy", gatewayPort) + } else { + unhealthyPorts = append(unhealthyPorts, gatewayPort) + t.Errorf("FAIL: Gateway on port %d returned status %d", gatewayPort, healthResp.StatusCode) + } + } else { + unhealthyPorts = append(unhealthyPorts, gatewayPort) + t.Errorf("FAIL: Gateway on port %d health check failed: %v", gatewayPort, err) + } + } + } + + if !foundGateway { + t.Log("No namespace Gateway instances found in port range 10004-10019") + t.Log("This is expected if no namespaces have been provisioned yet") + } else { + t.Logf("Summary: %d healthy, %d unhealthy Gateway instances", len(healthyPorts), len(unhealthyPorts)) + require.Empty(t, unhealthyPorts, "FAIL: Some Gateway instances are unhealthy") + } + }) +} + +// TestNamespaceCluster_ProvisioningCreatesProcesses creates a new namespace and +// verifies that actual processes are spawned. This is the STRICTEST test. +func TestNamespaceCluster_ProvisioningCreatesProcesses(t *testing.T) { + newNamespace := fmt.Sprintf("e2e-strict-%d", time.Now().UnixNano()) + + // Record ports before provisioning + portsBefore := getListeningPortsInRange(10000, 10099) + t.Logf("Ports in use before provisioning: %v", portsBefore) + + // Create namespace + env, err := e2e.LoadTestEnvWithNamespace(newNamespace) + require.NoError(t, err, "FATAL: Failed to create namespace") + require.NotEmpty(t, env.APIKey, "FATAL: No API key - provisioning failed") + + t.Logf("Namespace '%s' created successfully", newNamespace) + + // Wait a moment for processes to fully start + time.Sleep(3 * time.Second) + + // Record ports after provisioning + portsAfter := getListeningPortsInRange(10000, 10099) + t.Logf("Ports in use after provisioning: %v", portsAfter) + + // Check if new ports were opened + newPorts := diffPorts(portsBefore, portsAfter) + sort.Ints(newPorts) + t.Logf("New ports opened: %v", newPorts) + + t.Run("New ports allocated for namespace cluster", func(t *testing.T) { + if len(newPorts) == 0 { + // This might be OK for default namespace or if using global cluster + t.Log("No new ports detected") + t.Log("Possible reasons:") + t.Log(" - Namespace uses default cluster (expected for 'default')") + t.Log(" - Cluster already existed from previous test") + t.Log(" - Provisioning is handled differently in this environment") + } else { + t.Logf("SUCCESS: %d new ports opened for namespace cluster", len(newPorts)) + + // Verify the ports follow expected pattern + for _, port := range newPorts { + offset := (port - 10000) % 5 + switch offset { + case 0: + t.Logf(" Port %d: RQLite HTTP", port) + case 1: + t.Logf(" Port %d: RQLite Raft", port) + case 2: + t.Logf(" Port %d: Olric HTTP", port) + case 3: + t.Logf(" Port %d: Olric Memberlist", port) + case 4: + t.Logf(" Port %d: Gateway HTTP", port) + } + } + } + }) + + t.Run("RQLite is accessible on allocated ports", func(t *testing.T) { + rqlitePorts := filterPortsByOffset(newPorts, 0) // RQLite HTTP is offset 0 + if len(rqlitePorts) == 0 { + t.Log("No new RQLite ports detected") + return + } + + for _, port := range rqlitePorts { + healthURL := fmt.Sprintf("http://localhost:%d/status", port) + resp, err := http.Get(healthURL) + require.NoError(t, err, "FAIL: RQLite on port %d is not responding", port) + resp.Body.Close() + require.Equal(t, http.StatusOK, resp.StatusCode, + "FAIL: RQLite on port %d returned status %d", port, resp.StatusCode) + t.Logf("✓ RQLite on port %d is healthy", port) + } + }) + + t.Run("Olric is accessible on allocated ports", func(t *testing.T) { + olricPorts := filterPortsByOffset(newPorts, 3) // Olric Memberlist is offset 3 + if len(olricPorts) == 0 { + t.Log("No new Olric ports detected") + return + } + + for _, port := range olricPorts { + conn, err := net.DialTimeout("tcp", fmt.Sprintf("localhost:%d", port), 2*time.Second) + require.NoError(t, err, "FAIL: Olric memberlist on port %d is not responding", port) + conn.Close() + t.Logf("✓ Olric memberlist on port %d is accepting connections", port) + } + }) +} + +// TestNamespaceCluster_StatusEndpoint tests the /v1/namespace/status endpoint +func TestNamespaceCluster_StatusEndpoint(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + t.Run("Status endpoint returns 404 for non-existent cluster", func(t *testing.T) { + req, _ := http.NewRequest("GET", env.GatewayURL+"/v1/namespace/status?id=non-existent-id", nil) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Request should not fail") + defer resp.Body.Close() + + require.Equal(t, http.StatusNotFound, resp.StatusCode, + "FAIL: Should return 404 for non-existent cluster, got %d", resp.StatusCode) + }) +} + +// TestNamespaceCluster_CrossNamespaceAccess verifies namespace isolation +func TestNamespaceCluster_CrossNamespaceAccess(t *testing.T) { + nsA := fmt.Sprintf("ns-a-%d", time.Now().Unix()) + nsB := fmt.Sprintf("ns-b-%d", time.Now().Unix()) + + envA, err := e2e.LoadTestEnvWithNamespace(nsA) + require.NoError(t, err, "FAIL: Cannot create namespace A") + + envB, err := e2e.LoadTestEnvWithNamespace(nsB) + require.NoError(t, err, "FAIL: Cannot create namespace B") + + // Verify both namespaces have different API keys + require.NotEqual(t, envA.APIKey, envB.APIKey, "FAIL: Namespaces should have different API keys") + t.Logf("Namespace A API key: %s...", envA.APIKey[:min(10, len(envA.APIKey))]) + t.Logf("Namespace B API key: %s...", envB.APIKey[:min(10, len(envB.APIKey))]) + + t.Run("API keys are namespace-scoped", func(t *testing.T) { + // Namespace A should not see namespace B's resources + req, _ := http.NewRequest("GET", envA.GatewayURL+"/v1/deployments/list", nil) + req.Header.Set("Authorization", "Bearer "+envA.APIKey) + + resp, err := envA.HTTPClient.Do(req) + require.NoError(t, err, "Request failed") + defer resp.Body.Close() + + require.Equal(t, http.StatusOK, resp.StatusCode, "Should list deployments") + + var result map[string]interface{} + bodyBytes, _ := io.ReadAll(resp.Body) + json.Unmarshal(bodyBytes, &result) + + deployments, _ := result["deployments"].([]interface{}) + for _, d := range deployments { + dep, ok := d.(map[string]interface{}) + if !ok { + continue + } + ns, _ := dep["namespace"].(string) + require.NotEqual(t, nsB, ns, + "FAIL: Namespace A sees Namespace B deployments - isolation broken!") + } + }) +} + +// TestDeployment_SubdomainFormat tests deployment subdomain format +func TestDeployment_SubdomainFormat(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + tarballPath := filepath.Join("../../testdata/apps/react-app") + if _, err := os.Stat(tarballPath); os.IsNotExist(err) { + t.Skip("Test tarball not found") + } + + deploymentName := fmt.Sprintf("subdomain-test-%d", time.Now().UnixNano()) + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID, "FAIL: Deployment creation failed") + + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Deployment has subdomain with random suffix", func(t *testing.T) { + req, _ := http.NewRequest("GET", env.GatewayURL+"/v1/deployments/get?id="+deploymentID, nil) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Failed to get deployment") + defer resp.Body.Close() + + require.Equal(t, http.StatusOK, resp.StatusCode, "Should get deployment") + + var result map[string]interface{} + bodyBytes, _ := io.ReadAll(resp.Body) + json.Unmarshal(bodyBytes, &result) + + deployment, ok := result["deployment"].(map[string]interface{}) + if !ok { + deployment = result + } + + subdomain, _ := deployment["subdomain"].(string) + if subdomain != "" { + require.True(t, strings.HasPrefix(subdomain, deploymentName), + "FAIL: Subdomain '%s' should start with deployment name '%s'", subdomain, deploymentName) + + suffix := strings.TrimPrefix(subdomain, deploymentName+"-") + if suffix != subdomain { // There was a dash separator + require.Equal(t, 6, len(suffix), + "FAIL: Random suffix should be 6 characters, got %d (%s)", len(suffix), suffix) + } + t.Logf("Deployment subdomain: %s", subdomain) + } + }) +} + +// TestNamespaceCluster_PortAllocation tests port allocation correctness +func TestNamespaceCluster_PortAllocation(t *testing.T) { + t.Run("Port range is 10000-10099", func(t *testing.T) { + const portRangeStart = 10000 + const portRangeEnd = 10099 + const portsPerNamespace = 5 + const maxNamespacesPerNode = 20 + + totalPorts := portRangeEnd - portRangeStart + 1 + require.Equal(t, 100, totalPorts, "Port range should be 100 ports") + + expectedMax := totalPorts / portsPerNamespace + require.Equal(t, maxNamespacesPerNode, expectedMax, + "Max namespaces per node calculation mismatch") + }) + + t.Run("Port assignments are sequential within block", func(t *testing.T) { + portStart := 10000 + ports := map[string]int{ + "rqlite_http": portStart + 0, + "rqlite_raft": portStart + 1, + "olric_http": portStart + 2, + "olric_memberlist": portStart + 3, + "gateway_http": portStart + 4, + } + + seen := make(map[int]bool) + for name, port := range ports { + require.False(t, seen[port], "FAIL: Port %d for %s is duplicate", port, name) + seen[port] = true + } + }) +} + +// ============================================================================= +// HELPER FUNCTIONS +// ============================================================================= + +func isPortListening(host string, port int) bool { + conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", host, port), 1*time.Second) + if err != nil { + return false + } + conn.Close() + return true +} + +func getListeningPortsInRange(start, end int) []int { + var ports []int + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + // Check ports concurrently for speed + results := make(chan int, end-start+1) + for port := start; port <= end; port++ { + go func(p int) { + select { + case <-ctx.Done(): + results <- 0 + return + default: + if isPortListening("localhost", p) { + results <- p + } else { + results <- 0 + } + } + }(port) + } + + for i := 0; i <= end-start; i++ { + if port := <-results; port > 0 { + ports = append(ports, port) + } + } + return ports +} + +func diffPorts(before, after []int) []int { + beforeMap := make(map[int]bool) + for _, p := range before { + beforeMap[p] = true + } + + var newPorts []int + for _, p := range after { + if !beforeMap[p] { + newPorts = append(newPorts, p) + } + } + return newPorts +} + +func filterPortsByOffset(ports []int, offset int) []int { + var filtered []int + for _, p := range ports { + if (p-10000)%5 == offset { + filtered = append(filtered, p) + } + } + return filtered +} + +func min(a, b int) int { + if a < b { + return a + } + return b +} diff --git a/e2e/cluster/namespace_isolation_test.go b/e2e/cluster/namespace_isolation_test.go new file mode 100644 index 0000000..2d7972e --- /dev/null +++ b/e2e/cluster/namespace_isolation_test.go @@ -0,0 +1,447 @@ +//go:build e2e + +package cluster_test + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestNamespaceIsolation creates two namespaces once and runs all isolation +// subtests against them. This keeps namespace usage to 2 regardless of how +// many isolation scenarios we test. +func TestNamespaceIsolation(t *testing.T) { + envA, err := e2e.LoadTestEnvWithNamespace("namespace-a-" + fmt.Sprintf("%d", time.Now().Unix())) + require.NoError(t, err, "Failed to create namespace A environment") + + envB, err := e2e.LoadTestEnvWithNamespace("namespace-b-" + fmt.Sprintf("%d", time.Now().Unix())) + require.NoError(t, err, "Failed to create namespace B environment") + + t.Run("Deployments", func(t *testing.T) { + testNamespaceIsolationDeployments(t, envA, envB) + }) + + t.Run("SQLiteDatabases", func(t *testing.T) { + testNamespaceIsolationSQLiteDatabases(t, envA, envB) + }) + + t.Run("IPFSContent", func(t *testing.T) { + testNamespaceIsolationIPFSContent(t, envA, envB) + }) + + t.Run("OlricCache", func(t *testing.T) { + testNamespaceIsolationOlricCache(t, envA, envB) + }) +} + +func testNamespaceIsolationDeployments(t *testing.T, envA, envB *e2e.E2ETestEnv) { + tarballPath := filepath.Join("../../testdata/apps/react-app") + + // Create deployment in namespace-a + deploymentNameA := "test-app-ns-a" + deploymentIDA := e2e.CreateTestDeployment(t, envA, deploymentNameA, tarballPath) + defer func() { + if !envA.SkipCleanup { + e2e.DeleteDeployment(t, envA, deploymentIDA) + } + }() + + // Create deployment in namespace-b + deploymentNameB := "test-app-ns-b" + deploymentIDB := e2e.CreateTestDeployment(t, envB, deploymentNameB, tarballPath) + defer func() { + if !envB.SkipCleanup { + e2e.DeleteDeployment(t, envB, deploymentIDB) + } + }() + + t.Run("Namespace-A cannot list Namespace-B deployments", func(t *testing.T) { + req, _ := http.NewRequest("GET", envA.GatewayURL+"/v1/deployments/list", nil) + req.Header.Set("Authorization", "Bearer "+envA.APIKey) + + resp, err := envA.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + var result map[string]interface{} + bodyBytes, _ := io.ReadAll(resp.Body) + require.NoError(t, json.Unmarshal(bodyBytes, &result), "Should decode JSON") + + deployments, ok := result["deployments"].([]interface{}) + require.True(t, ok, "Deployments should be an array") + + // Should only see namespace-a deployments + for _, d := range deployments { + dep, ok := d.(map[string]interface{}) + if !ok { + continue + } + assert.NotEqual(t, deploymentNameB, dep["name"], "Should not see namespace-b deployment") + } + + t.Logf("✓ Namespace A cannot see Namespace B deployments") + }) + + t.Run("Namespace-A cannot access Namespace-B deployment by ID", func(t *testing.T) { + req, _ := http.NewRequest("GET", envA.GatewayURL+"/v1/deployments/get?id="+deploymentIDB, nil) + req.Header.Set("Authorization", "Bearer "+envA.APIKey) + + resp, err := envA.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + // Should return 404 or 403 + assert.Contains(t, []int{http.StatusNotFound, http.StatusForbidden}, resp.StatusCode, + "Should block cross-namespace access") + + t.Logf("✓ Namespace A cannot access Namespace B deployment (status: %d)", resp.StatusCode) + }) + + t.Run("Namespace-A cannot delete Namespace-B deployment", func(t *testing.T) { + req, _ := http.NewRequest("DELETE", envA.GatewayURL+"/v1/deployments/delete?id="+deploymentIDB, nil) + req.Header.Set("Authorization", "Bearer "+envA.APIKey) + + resp, err := envA.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + assert.Contains(t, []int{http.StatusNotFound, http.StatusForbidden}, resp.StatusCode, + "Should block cross-namespace deletion") + + // Verify deployment still exists for namespace-b + req2, _ := http.NewRequest("GET", envB.GatewayURL+"/v1/deployments/get?id="+deploymentIDB, nil) + req2.Header.Set("Authorization", "Bearer "+envB.APIKey) + + resp2, err := envB.HTTPClient.Do(req2) + require.NoError(t, err, "Should execute request") + defer resp2.Body.Close() + + assert.Equal(t, http.StatusOK, resp2.StatusCode, "Deployment should still exist in namespace B") + + t.Logf("✓ Namespace A cannot delete Namespace B deployment") + }) +} + +func testNamespaceIsolationSQLiteDatabases(t *testing.T, envA, envB *e2e.E2ETestEnv) { + // Create database in namespace-a + dbNameA := "users-db-a" + e2e.CreateSQLiteDB(t, envA, dbNameA) + defer func() { + if !envA.SkipCleanup { + e2e.DeleteSQLiteDB(t, envA, dbNameA) + } + }() + + // Create database in namespace-b + dbNameB := "users-db-b" + e2e.CreateSQLiteDB(t, envB, dbNameB) + defer func() { + if !envB.SkipCleanup { + e2e.DeleteSQLiteDB(t, envB, dbNameB) + } + }() + + t.Run("Namespace-A cannot list Namespace-B databases", func(t *testing.T) { + req, _ := http.NewRequest("GET", envA.GatewayURL+"/v1/db/sqlite/list", nil) + req.Header.Set("Authorization", "Bearer "+envA.APIKey) + + resp, err := envA.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + var result map[string]interface{} + bodyBytes, _ := io.ReadAll(resp.Body) + require.NoError(t, json.Unmarshal(bodyBytes, &result), "Should decode JSON") + + databases, ok := result["databases"].([]interface{}) + require.True(t, ok, "Databases should be an array") + + for _, db := range databases { + database, ok := db.(map[string]interface{}) + if !ok { + continue + } + assert.NotEqual(t, dbNameB, database["database_name"], "Should not see namespace-b database") + } + + t.Logf("✓ Namespace A cannot see Namespace B databases") + }) + + t.Run("Namespace-A cannot query Namespace-B database", func(t *testing.T) { + reqBody := map[string]interface{}{ + "database_name": dbNameB, + "query": "SELECT * FROM users", + } + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", envA.GatewayURL+"/v1/db/sqlite/query", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+envA.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := envA.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + assert.Equal(t, http.StatusNotFound, resp.StatusCode, "Should block cross-namespace query") + + t.Logf("✓ Namespace A cannot query Namespace B database") + }) + + t.Run("Namespace-A cannot backup Namespace-B database", func(t *testing.T) { + reqBody := map[string]string{"database_name": dbNameB} + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", envA.GatewayURL+"/v1/db/sqlite/backup", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+envA.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := envA.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + assert.Equal(t, http.StatusNotFound, resp.StatusCode, "Should block cross-namespace backup") + + t.Logf("✓ Namespace A cannot backup Namespace B database") + }) +} + +func testNamespaceIsolationIPFSContent(t *testing.T, envA, envB *e2e.E2ETestEnv) { + // Upload file in namespace-a + cidA := e2e.UploadTestFile(t, envA, "test-file-a.txt", "Content from namespace A") + defer func() { + if !envA.SkipCleanup { + e2e.UnpinFile(t, envA, cidA) + } + }() + + t.Run("Namespace-B cannot GET Namespace-A IPFS content", func(t *testing.T) { + req, _ := http.NewRequest("GET", envB.GatewayURL+"/v1/storage/get/"+cidA, nil) + req.Header.Set("Authorization", "Bearer "+envB.APIKey) + + resp, err := envB.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + assert.Contains(t, []int{http.StatusNotFound, http.StatusForbidden}, resp.StatusCode, + "Should block cross-namespace IPFS GET") + + t.Logf("✓ Namespace B cannot GET Namespace A IPFS content (status: %d)", resp.StatusCode) + }) + + t.Run("Namespace-B cannot PIN Namespace-A IPFS content", func(t *testing.T) { + reqBody := map[string]string{ + "cid": cidA, + "name": "stolen-content", + } + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", envB.GatewayURL+"/v1/storage/pin", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+envB.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := envB.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + assert.Contains(t, []int{http.StatusNotFound, http.StatusForbidden}, resp.StatusCode, + "Should block cross-namespace PIN") + + t.Logf("✓ Namespace B cannot PIN Namespace A IPFS content (status: %d)", resp.StatusCode) + }) + + t.Run("Namespace-B cannot UNPIN Namespace-A IPFS content", func(t *testing.T) { + req, _ := http.NewRequest("DELETE", envB.GatewayURL+"/v1/storage/unpin/"+cidA, nil) + req.Header.Set("Authorization", "Bearer "+envB.APIKey) + + resp, err := envB.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + assert.Contains(t, []int{http.StatusNotFound, http.StatusForbidden}, resp.StatusCode, + "Should block cross-namespace UNPIN") + + t.Logf("✓ Namespace B cannot UNPIN Namespace A IPFS content (status: %d)", resp.StatusCode) + }) + + t.Run("Namespace-A can list only their own IPFS pins", func(t *testing.T) { + t.Skip("List pins endpoint not implemented yet - namespace isolation enforced at GET/PIN/UNPIN levels") + }) +} + +func testNamespaceIsolationOlricCache(t *testing.T, envA, envB *e2e.E2ETestEnv) { + dmap := "test-cache" + keyA := "user-session-123" + valueA := `{"user_id": "alice", "token": "secret-token-a"}` + + t.Run("Namespace-A sets cache key", func(t *testing.T) { + reqBody := map[string]interface{}{ + "dmap": dmap, + "key": keyA, + "value": valueA, + "ttl": "300s", + } + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", envA.GatewayURL+"/v1/cache/put", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+envA.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := envA.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "Should set cache key successfully") + + t.Logf("✓ Namespace A set cache key") + }) + + t.Run("Namespace-B cannot GET Namespace-A cache key", func(t *testing.T) { + reqBody := map[string]interface{}{ + "dmap": dmap, + "key": keyA, + } + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", envB.GatewayURL+"/v1/cache/get", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+envB.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := envB.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + // Should return 404 (key doesn't exist in namespace-b) + assert.Equal(t, http.StatusNotFound, resp.StatusCode, "Should not find key in different namespace") + + t.Logf("✓ Namespace B cannot GET Namespace A cache key") + }) + + t.Run("Namespace-B cannot DELETE Namespace-A cache key", func(t *testing.T) { + reqBody := map[string]string{ + "dmap": dmap, + "key": keyA, + } + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", envB.GatewayURL+"/v1/cache/delete", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+envB.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := envB.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + assert.Contains(t, []int{http.StatusOK, http.StatusNotFound}, resp.StatusCode) + + // Verify key still exists for namespace-a + reqBody2 := map[string]interface{}{ + "dmap": dmap, + "key": keyA, + } + bodyBytes2, _ := json.Marshal(reqBody2) + + req2, _ := http.NewRequest("POST", envA.GatewayURL+"/v1/cache/get", bytes.NewReader(bodyBytes2)) + req2.Header.Set("Authorization", "Bearer "+envA.APIKey) + req2.Header.Set("Content-Type", "application/json") + + resp2, err := envA.HTTPClient.Do(req2) + require.NoError(t, err, "Should execute request") + defer resp2.Body.Close() + + assert.Equal(t, http.StatusOK, resp2.StatusCode, "Key should still exist in namespace A") + + var result map[string]interface{} + bodyBytes3, _ := io.ReadAll(resp2.Body) + require.NoError(t, json.Unmarshal(bodyBytes3, &result), "Should decode result") + + // Parse expected JSON string for comparison + var expectedValue map[string]interface{} + json.Unmarshal([]byte(valueA), &expectedValue) + assert.Equal(t, expectedValue, result["value"], "Value should match") + + t.Logf("✓ Namespace B cannot DELETE Namespace A cache key") + }) + + t.Run("Namespace-B can set same key name in their namespace", func(t *testing.T) { + // Same key name, different namespace should be allowed + valueB := `{"user_id": "bob", "token": "secret-token-b"}` + + reqBody := map[string]interface{}{ + "dmap": dmap, + "key": keyA, // Same key name as namespace-a + "value": valueB, + "ttl": "300s", + } + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", envB.GatewayURL+"/v1/cache/put", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+envB.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := envB.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "Should set key in namespace B") + + // Verify namespace-a still has their value + reqBody2 := map[string]interface{}{ + "dmap": dmap, + "key": keyA, + } + bodyBytes2, _ := json.Marshal(reqBody2) + + req2, _ := http.NewRequest("POST", envA.GatewayURL+"/v1/cache/get", bytes.NewReader(bodyBytes2)) + req2.Header.Set("Authorization", "Bearer "+envA.APIKey) + req2.Header.Set("Content-Type", "application/json") + + resp2, _ := envA.HTTPClient.Do(req2) + defer resp2.Body.Close() + + var resultA map[string]interface{} + bodyBytesA, _ := io.ReadAll(resp2.Body) + require.NoError(t, json.Unmarshal(bodyBytesA, &resultA), "Should decode result A") + + // Parse expected JSON string for comparison + var expectedValueA map[string]interface{} + json.Unmarshal([]byte(valueA), &expectedValueA) + assert.Equal(t, expectedValueA, resultA["value"], "Namespace A value should be unchanged") + + // Verify namespace-b has their different value + reqBody3 := map[string]interface{}{ + "dmap": dmap, + "key": keyA, + } + bodyBytes3, _ := json.Marshal(reqBody3) + + req3, _ := http.NewRequest("POST", envB.GatewayURL+"/v1/cache/get", bytes.NewReader(bodyBytes3)) + req3.Header.Set("Authorization", "Bearer "+envB.APIKey) + req3.Header.Set("Content-Type", "application/json") + + resp3, _ := envB.HTTPClient.Do(req3) + defer resp3.Body.Close() + + var resultB map[string]interface{} + bodyBytesB, _ := io.ReadAll(resp3.Body) + require.NoError(t, json.Unmarshal(bodyBytesB, &resultB), "Should decode result B") + + // Parse expected JSON string for comparison + var expectedValueB map[string]interface{} + json.Unmarshal([]byte(valueB), &expectedValueB) + assert.Equal(t, expectedValueB, resultB["value"], "Namespace B value should be different") + + t.Logf("✓ Namespace B can set same key name independently") + t.Logf(" - Namespace A value: %s", valueA) + t.Logf(" - Namespace B value: %s", valueB) + }) +} diff --git a/e2e/cluster/olric_cluster_test.go b/e2e/cluster/olric_cluster_test.go new file mode 100644 index 0000000..e6359d8 --- /dev/null +++ b/e2e/cluster/olric_cluster_test.go @@ -0,0 +1,338 @@ +//go:build e2e + +package cluster_test + +import ( + "encoding/json" + "fmt" + "net" + "net/http" + "strings" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/require" +) + +// ============================================================================= +// STRICT OLRIC CACHE DISTRIBUTION TESTS +// These tests verify that Olric cache data is properly distributed across nodes. +// Tests FAIL if distribution doesn't work - no skips, no warnings. +// ============================================================================= + +// getOlricNodeAddresses returns HTTP addresses of Olric nodes +// Note: Olric HTTP port is typically on port 3320 for the main cluster +func getOlricNodeAddresses() []string { + // In dev mode, we have a single Olric instance + // In production, each node runs its own Olric instance + return []string{ + "http://localhost:3320", + } +} + +// TestOlric_BasicDistribution verifies cache operations work across the cluster. +func TestOlric_BasicDistribution(t *testing.T) { + // Note: Not using SkipIfMissingGateway() since LoadTestEnv() creates its own API key + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "FAIL: Could not load test environment") + require.NotEmpty(t, env.APIKey, "FAIL: No API key available") + + dmap := fmt.Sprintf("dist_test_%d", time.Now().UnixNano()) + + t.Run("Put_and_get_from_same_gateway", func(t *testing.T) { + key := fmt.Sprintf("key_%d", time.Now().UnixNano()) + value := fmt.Sprintf("value_%d", time.Now().UnixNano()) + + // Put + err := e2e.PutToOlric(env.GatewayURL, env.APIKey, dmap, key, value) + require.NoError(t, err, "FAIL: Could not put value to cache") + + // Get + retrieved, err := e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + require.NoError(t, err, "FAIL: Could not get value from cache") + require.Equal(t, value, retrieved, "FAIL: Retrieved value doesn't match") + + t.Logf(" ✓ Put/Get works: %s = %s", key, value) + }) + + t.Run("Multiple_keys_distributed", func(t *testing.T) { + // Put multiple keys (should be distributed across partitions) + keys := make(map[string]string) + for i := 0; i < 20; i++ { + key := fmt.Sprintf("dist_key_%d_%d", i, time.Now().UnixNano()) + value := fmt.Sprintf("dist_value_%d", i) + keys[key] = value + + err := e2e.PutToOlric(env.GatewayURL, env.APIKey, dmap, key, value) + require.NoError(t, err, "FAIL: Could not put key %s", key) + } + + t.Logf(" Put 20 keys to cache") + + // Verify all keys are retrievable + for key, expectedValue := range keys { + retrieved, err := e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + require.NoError(t, err, "FAIL: Could not get key %s", key) + require.Equal(t, expectedValue, retrieved, "FAIL: Value mismatch for key %s", key) + } + + t.Logf(" ✓ All 20 keys are retrievable") + }) +} + +// TestOlric_ConcurrentAccess verifies cache handles concurrent operations correctly. +func TestOlric_ConcurrentAccess(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "FAIL: Could not load test environment") + + dmap := fmt.Sprintf("concurrent_test_%d", time.Now().UnixNano()) + + t.Run("Concurrent_writes_to_same_key", func(t *testing.T) { + key := fmt.Sprintf("concurrent_key_%d", time.Now().UnixNano()) + + // Launch multiple goroutines writing to the same key + done := make(chan error, 10) + for i := 0; i < 10; i++ { + go func(idx int) { + value := fmt.Sprintf("concurrent_value_%d", idx) + err := e2e.PutToOlric(env.GatewayURL, env.APIKey, dmap, key, value) + done <- err + }(i) + } + + // Wait for all writes + var errors []error + for i := 0; i < 10; i++ { + if err := <-done; err != nil { + errors = append(errors, err) + } + } + + require.Empty(t, errors, "FAIL: %d concurrent writes failed: %v", len(errors), errors) + + // The key should have ONE of the values (last write wins) + retrieved, err := e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + require.NoError(t, err, "FAIL: Could not get key after concurrent writes") + require.Contains(t, retrieved, "concurrent_value_", "FAIL: Value doesn't match expected pattern") + + t.Logf(" ✓ Concurrent writes succeeded, final value: %s", retrieved) + }) + + t.Run("Concurrent_reads_and_writes", func(t *testing.T) { + key := fmt.Sprintf("rw_key_%d", time.Now().UnixNano()) + initialValue := "initial_value" + + // Set initial value + err := e2e.PutToOlric(env.GatewayURL, env.APIKey, dmap, key, initialValue) + require.NoError(t, err, "FAIL: Could not set initial value") + + // Launch concurrent readers and writers + done := make(chan error, 20) + + // 10 readers + for i := 0; i < 10; i++ { + go func() { + _, err := e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + done <- err + }() + } + + // 10 writers + for i := 0; i < 10; i++ { + go func(idx int) { + value := fmt.Sprintf("updated_value_%d", idx) + err := e2e.PutToOlric(env.GatewayURL, env.APIKey, dmap, key, value) + done <- err + }(i) + } + + // Wait for all operations + var readErrors, writeErrors []error + for i := 0; i < 20; i++ { + if err := <-done; err != nil { + if i < 10 { + readErrors = append(readErrors, err) + } else { + writeErrors = append(writeErrors, err) + } + } + } + + require.Empty(t, readErrors, "FAIL: %d reads failed", len(readErrors)) + require.Empty(t, writeErrors, "FAIL: %d writes failed", len(writeErrors)) + + t.Logf(" ✓ Concurrent read/write operations succeeded") + }) +} + +// TestOlric_NamespaceClusterCache verifies cache works in namespace-specific clusters. +func TestOlric_NamespaceClusterCache(t *testing.T) { + // Create a new namespace + namespace := fmt.Sprintf("cache-test-%d", time.Now().UnixNano()) + + env, err := e2e.LoadTestEnvWithNamespace(namespace) + require.NoError(t, err, "FAIL: Could not create namespace for cache test") + require.NotEmpty(t, env.APIKey, "FAIL: No API key") + + t.Logf("Created namespace %s", namespace) + + dmap := fmt.Sprintf("ns_cache_%d", time.Now().UnixNano()) + + t.Run("Cache_operations_work_in_namespace", func(t *testing.T) { + key := fmt.Sprintf("ns_key_%d", time.Now().UnixNano()) + value := fmt.Sprintf("ns_value_%d", time.Now().UnixNano()) + + // Put using namespace API key + err := e2e.PutToOlric(env.GatewayURL, env.APIKey, dmap, key, value) + require.NoError(t, err, "FAIL: Could not put value in namespace cache") + + // Get + retrieved, err := e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + require.NoError(t, err, "FAIL: Could not get value from namespace cache") + require.Equal(t, value, retrieved, "FAIL: Value mismatch in namespace cache") + + t.Logf(" ✓ Namespace cache operations work: %s = %s", key, value) + }) + + // Check if namespace Olric instances are running (port 10003 offset in port blocks) + var nsOlricPorts []int + for port := 10003; port <= 10098; port += 5 { + conn, err := net.DialTimeout("tcp", fmt.Sprintf("localhost:%d", port), 1*time.Second) + if err == nil { + conn.Close() + nsOlricPorts = append(nsOlricPorts, port) + } + } + + if len(nsOlricPorts) > 0 { + t.Logf("Found %d namespace Olric memberlist ports: %v", len(nsOlricPorts), nsOlricPorts) + + t.Run("Namespace_Olric_nodes_connected", func(t *testing.T) { + // Verify all namespace Olric nodes can be reached + for _, port := range nsOlricPorts { + conn, err := net.DialTimeout("tcp", fmt.Sprintf("localhost:%d", port), 2*time.Second) + require.NoError(t, err, "FAIL: Cannot connect to namespace Olric on port %d", port) + conn.Close() + t.Logf(" ✓ Namespace Olric memberlist on port %d is reachable", port) + } + }) + } +} + +// TestOlric_DataConsistency verifies data remains consistent across operations. +func TestOlric_DataConsistency(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "FAIL: Could not load test environment") + + dmap := fmt.Sprintf("consistency_test_%d", time.Now().UnixNano()) + + t.Run("Update_preserves_latest_value", func(t *testing.T) { + key := fmt.Sprintf("update_key_%d", time.Now().UnixNano()) + + // Write multiple times + for i := 1; i <= 5; i++ { + value := fmt.Sprintf("version_%d", i) + err := e2e.PutToOlric(env.GatewayURL, env.APIKey, dmap, key, value) + require.NoError(t, err, "FAIL: Could not update key to version %d", i) + } + + // Final read should return latest version + retrieved, err := e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + require.NoError(t, err, "FAIL: Could not read final value") + require.Equal(t, "version_5", retrieved, "FAIL: Latest version not preserved") + + t.Logf(" ✓ Latest value preserved after 5 updates") + }) + + t.Run("Delete_removes_key", func(t *testing.T) { + key := fmt.Sprintf("delete_key_%d", time.Now().UnixNano()) + value := "to_be_deleted" + + // Put + err := e2e.PutToOlric(env.GatewayURL, env.APIKey, dmap, key, value) + require.NoError(t, err, "FAIL: Could not put value") + + // Verify it exists + retrieved, err := e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + require.NoError(t, err, "FAIL: Could not get value before delete") + require.Equal(t, value, retrieved) + + // Delete (POST with JSON body) + deleteBody := map[string]interface{}{ + "dmap": dmap, + "key": key, + } + deleteBytes, _ := json.Marshal(deleteBody) + req, _ := http.NewRequest("POST", env.GatewayURL+"/v1/cache/delete", strings.NewReader(string(deleteBytes))) + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+env.APIKey) + client := &http.Client{Timeout: 10 * time.Second} + resp, err := client.Do(req) + require.NoError(t, err, "FAIL: Delete request failed") + resp.Body.Close() + require.True(t, resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusNoContent, + "FAIL: Delete returned unexpected status %d", resp.StatusCode) + + // Verify key is gone + _, err = e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + require.Error(t, err, "FAIL: Key should not exist after delete") + require.Contains(t, err.Error(), "not found", "FAIL: Expected 'not found' error") + + t.Logf(" ✓ Delete properly removes key") + }) +} + +// TestOlric_TTLExpiration verifies TTL expiration works. +// NOTE: TTL is currently parsed but not applied by the cache handler (TODO in set_handler.go). +// This test is skipped until TTL support is fully implemented. +func TestOlric_TTLExpiration(t *testing.T) { + t.Skip("TTL support not yet implemented in cache handler - see set_handler.go lines 88-98") + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "FAIL: Could not load test environment") + + dmap := fmt.Sprintf("ttl_test_%d", time.Now().UnixNano()) + + t.Run("Key_expires_after_TTL", func(t *testing.T) { + key := fmt.Sprintf("ttl_key_%d", time.Now().UnixNano()) + value := "expires_soon" + ttlSeconds := 3 + + // Put with TTL (TTL is a duration string like "3s", "1m", etc.) + reqBody := map[string]interface{}{ + "dmap": dmap, + "key": key, + "value": value, + "ttl": fmt.Sprintf("%ds", ttlSeconds), + } + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", env.GatewayURL+"/v1/cache/put", strings.NewReader(string(bodyBytes))) + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + client := &http.Client{Timeout: 10 * time.Second} + resp, err := client.Do(req) + require.NoError(t, err, "FAIL: Put with TTL failed") + resp.Body.Close() + require.True(t, resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusCreated, + "FAIL: Put returned status %d", resp.StatusCode) + + // Verify key exists immediately + retrieved, err := e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + require.NoError(t, err, "FAIL: Could not get key immediately after put") + require.Equal(t, value, retrieved) + t.Logf(" Key exists immediately after put") + + // Wait for TTL to expire (plus buffer) + time.Sleep(time.Duration(ttlSeconds+2) * time.Second) + + // Key should be gone + _, err = e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + require.Error(t, err, "FAIL: Key should have expired after %d seconds", ttlSeconds) + require.Contains(t, err.Error(), "not found", "FAIL: Expected 'not found' error after TTL") + + t.Logf(" ✓ Key expired after %d seconds as expected", ttlSeconds) + }) +} diff --git a/e2e/cluster/rqlite_cluster_test.go b/e2e/cluster/rqlite_cluster_test.go new file mode 100644 index 0000000..8f8e43a --- /dev/null +++ b/e2e/cluster/rqlite_cluster_test.go @@ -0,0 +1,479 @@ +//go:build e2e + +package cluster_test + +import ( + "context" + "fmt" + "net/http" + "sync" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/require" +) + +// ============================================================================= +// STRICT RQLITE CLUSTER TESTS +// These tests verify that RQLite cluster operations work correctly. +// Tests FAIL if operations don't work - no skips, no warnings. +// ============================================================================= + +// TestRQLite_ClusterHealth verifies the RQLite cluster is healthy and operational. +func TestRQLite_ClusterHealth(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Check RQLite schema endpoint (proves cluster is reachable) + req := &e2e.HTTPRequest{ + Method: http.MethodGet, + URL: e2e.GetGatewayURL() + "/v1/rqlite/schema", + } + + body, status, err := req.Do(ctx) + require.NoError(t, err, "FAIL: Could not reach RQLite cluster") + require.Equal(t, http.StatusOK, status, "FAIL: RQLite schema endpoint returned %d: %s", status, string(body)) + + var schemaResp map[string]interface{} + err = e2e.DecodeJSON(body, &schemaResp) + require.NoError(t, err, "FAIL: Could not decode RQLite schema response") + + // Schema endpoint should return tables array + _, hasTables := schemaResp["tables"] + require.True(t, hasTables, "FAIL: RQLite schema response missing 'tables' field") + + t.Logf(" ✓ RQLite cluster is healthy and responding") +} + +// TestRQLite_WriteReadConsistency verifies data written can be read back consistently. +func TestRQLite_WriteReadConsistency(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) + defer cancel() + + table := e2e.GenerateTableName() + + // Cleanup + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + } + dropReq.Do(context.Background()) + }() + + // Create table + createReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", + Body: map[string]interface{}{ + "schema": fmt.Sprintf( + "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY, value TEXT, created_at DATETIME DEFAULT CURRENT_TIMESTAMP)", + table, + ), + }, + } + + _, status, err := createReq.Do(ctx) + require.NoError(t, err, "FAIL: Create table request failed") + require.True(t, status == http.StatusCreated || status == http.StatusOK, + "FAIL: Create table returned status %d", status) + t.Logf("Created table %s", table) + + t.Run("Write_then_read_returns_same_data", func(t *testing.T) { + uniqueValue := fmt.Sprintf("test_value_%d", time.Now().UnixNano()) + + // Insert + insertReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", + Body: map[string]interface{}{ + "statements": []string{ + fmt.Sprintf("INSERT INTO %s (value) VALUES ('%s')", table, uniqueValue), + }, + }, + } + + _, status, err := insertReq.Do(ctx) + require.NoError(t, err, "FAIL: Insert request failed") + require.Equal(t, http.StatusOK, status, "FAIL: Insert returned status %d", status) + + // Read back + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT value FROM %s WHERE value = '%s'", table, uniqueValue), + }, + } + + body, status, err := queryReq.Do(ctx) + require.NoError(t, err, "FAIL: Query request failed") + require.Equal(t, http.StatusOK, status, "FAIL: Query returned status %d", status) + + var queryResp map[string]interface{} + err = e2e.DecodeJSON(body, &queryResp) + require.NoError(t, err, "FAIL: Could not decode query response") + + // Verify we got our value back + count, ok := queryResp["count"].(float64) + require.True(t, ok, "FAIL: Response missing 'count' field") + require.Equal(t, float64(1), count, "FAIL: Expected 1 row, got %v", count) + + t.Logf(" ✓ Written value '%s' was read back correctly", uniqueValue) + }) + + t.Run("Multiple_writes_all_readable", func(t *testing.T) { + // Insert multiple values + var statements []string + for i := 0; i < 10; i++ { + statements = append(statements, + fmt.Sprintf("INSERT INTO %s (value) VALUES ('batch_%d')", table, i)) + } + + insertReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", + Body: map[string]interface{}{ + "statements": statements, + }, + } + + _, status, err := insertReq.Do(ctx) + require.NoError(t, err, "FAIL: Batch insert failed") + require.Equal(t, http.StatusOK, status, "FAIL: Batch insert returned status %d", status) + + // Count all batch rows + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT COUNT(*) as cnt FROM %s WHERE value LIKE 'batch_%%'", table), + }, + } + + body, status, err := queryReq.Do(ctx) + require.NoError(t, err, "FAIL: Count query failed") + require.Equal(t, http.StatusOK, status, "FAIL: Count query returned status %d", status) + + var queryResp map[string]interface{} + e2e.DecodeJSON(body, &queryResp) + + if rows, ok := queryResp["rows"].([]interface{}); ok && len(rows) > 0 { + row := rows[0].([]interface{}) + count := int(row[0].(float64)) + require.Equal(t, 10, count, "FAIL: Expected 10 batch rows, got %d", count) + } + + t.Logf(" ✓ All 10 batch writes are readable") + }) +} + +// TestRQLite_TransactionAtomicity verifies transactions are atomic. +func TestRQLite_TransactionAtomicity(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) + defer cancel() + + table := e2e.GenerateTableName() + + // Cleanup + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + } + dropReq.Do(context.Background()) + }() + + // Create table + createReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", + Body: map[string]interface{}{ + "schema": fmt.Sprintf( + "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY, value TEXT UNIQUE)", + table, + ), + }, + } + + _, status, err := createReq.Do(ctx) + require.NoError(t, err, "FAIL: Create table failed") + require.True(t, status == http.StatusCreated || status == http.StatusOK, + "FAIL: Create table returned status %d", status) + + t.Run("Successful_transaction_commits_all", func(t *testing.T) { + txReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", + Body: map[string]interface{}{ + "statements": []string{ + fmt.Sprintf("INSERT INTO %s (value) VALUES ('tx_val_1')", table), + fmt.Sprintf("INSERT INTO %s (value) VALUES ('tx_val_2')", table), + fmt.Sprintf("INSERT INTO %s (value) VALUES ('tx_val_3')", table), + }, + }, + } + + _, status, err := txReq.Do(ctx) + require.NoError(t, err, "FAIL: Transaction request failed") + require.Equal(t, http.StatusOK, status, "FAIL: Transaction returned status %d", status) + + // Verify all 3 rows exist + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT COUNT(*) FROM %s WHERE value LIKE 'tx_val_%%'", table), + }, + } + + body, _, _ := queryReq.Do(ctx) + var queryResp map[string]interface{} + e2e.DecodeJSON(body, &queryResp) + + if rows, ok := queryResp["rows"].([]interface{}); ok && len(rows) > 0 { + row := rows[0].([]interface{}) + count := int(row[0].(float64)) + require.Equal(t, 3, count, "FAIL: Transaction didn't commit all 3 rows - got %d", count) + } + + t.Logf(" ✓ Transaction committed all 3 rows atomically") + }) + + t.Run("Updates_preserve_consistency", func(t *testing.T) { + // Update a value + updateReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", + Body: map[string]interface{}{ + "statements": []string{ + fmt.Sprintf("UPDATE %s SET value = 'tx_val_1_updated' WHERE value = 'tx_val_1'", table), + }, + }, + } + + _, status, err := updateReq.Do(ctx) + require.NoError(t, err, "FAIL: Update request failed") + require.Equal(t, http.StatusOK, status, "FAIL: Update returned status %d", status) + + // Verify update took effect + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT value FROM %s WHERE value = 'tx_val_1_updated'", table), + }, + } + + body, _, _ := queryReq.Do(ctx) + var queryResp map[string]interface{} + e2e.DecodeJSON(body, &queryResp) + + count, _ := queryResp["count"].(float64) + require.Equal(t, float64(1), count, "FAIL: Update didn't take effect") + + t.Logf(" ✓ Update preserved consistency") + }) +} + +// TestRQLite_ConcurrentWrites verifies the cluster handles concurrent writes correctly. +func TestRQLite_ConcurrentWrites(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + table := e2e.GenerateTableName() + + // Cleanup + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + } + dropReq.Do(context.Background()) + }() + + // Create table + createReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", + Body: map[string]interface{}{ + "schema": fmt.Sprintf( + "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY, worker INTEGER, seq INTEGER)", + table, + ), + }, + } + + _, status, err := createReq.Do(ctx) + require.NoError(t, err, "FAIL: Create table failed") + require.True(t, status == http.StatusCreated || status == http.StatusOK, + "FAIL: Create table returned status %d", status) + + t.Run("Concurrent_inserts_all_succeed", func(t *testing.T) { + numWorkers := 5 + insertsPerWorker := 10 + expectedTotal := numWorkers * insertsPerWorker + + var wg sync.WaitGroup + errChan := make(chan error, numWorkers*insertsPerWorker) + + for w := 0; w < numWorkers; w++ { + wg.Add(1) + go func(workerID int) { + defer wg.Done() + for i := 0; i < insertsPerWorker; i++ { + insertReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", + Body: map[string]interface{}{ + "statements": []string{ + fmt.Sprintf("INSERT INTO %s (worker, seq) VALUES (%d, %d)", table, workerID, i), + }, + }, + } + + _, status, err := insertReq.Do(ctx) + if err != nil { + errChan <- fmt.Errorf("worker %d insert %d failed: %w", workerID, i, err) + return + } + if status != http.StatusOK { + errChan <- fmt.Errorf("worker %d insert %d got status %d", workerID, i, status) + return + } + } + }(w) + } + + wg.Wait() + close(errChan) + + // Collect errors + var errors []error + for err := range errChan { + errors = append(errors, err) + } + require.Empty(t, errors, "FAIL: %d concurrent inserts failed: %v", len(errors), errors) + + // Verify total count + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT COUNT(*) FROM %s", table), + }, + } + + body, _, _ := queryReq.Do(ctx) + var queryResp map[string]interface{} + e2e.DecodeJSON(body, &queryResp) + + if rows, ok := queryResp["rows"].([]interface{}); ok && len(rows) > 0 { + row := rows[0].([]interface{}) + count := int(row[0].(float64)) + require.Equal(t, expectedTotal, count, + "FAIL: Expected %d total rows from concurrent inserts, got %d", expectedTotal, count) + } + + t.Logf(" ✓ All %d concurrent inserts succeeded", expectedTotal) + }) +} + +// TestRQLite_NamespaceClusterOperations verifies RQLite works in namespace clusters. +func TestRQLite_NamespaceClusterOperations(t *testing.T) { + // Create a new namespace + namespace := fmt.Sprintf("rqlite-test-%d", time.Now().UnixNano()) + + env, err := e2e.LoadTestEnvWithNamespace(namespace) + require.NoError(t, err, "FAIL: Could not create namespace for RQLite test") + require.NotEmpty(t, env.APIKey, "FAIL: No API key - namespace provisioning failed") + + t.Logf("Created namespace %s", namespace) + + ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) + defer cancel() + + table := e2e.GenerateTableName() + + // Cleanup + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + Headers: map[string]string{"Authorization": "Bearer " + env.APIKey}, + } + dropReq.Do(context.Background()) + }() + + t.Run("Namespace_RQLite_create_insert_query", func(t *testing.T) { + // Create table in namespace cluster + createReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/rqlite/create-table", + Headers: map[string]string{"Authorization": "Bearer " + env.APIKey}, + Body: map[string]interface{}{ + "schema": fmt.Sprintf( + "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY, value TEXT)", + table, + ), + }, + } + + _, status, err := createReq.Do(ctx) + require.NoError(t, err, "FAIL: Create table in namespace failed") + require.True(t, status == http.StatusCreated || status == http.StatusOK, + "FAIL: Create table returned status %d", status) + + // Insert data + uniqueValue := fmt.Sprintf("ns_value_%d", time.Now().UnixNano()) + insertReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/rqlite/transaction", + Headers: map[string]string{"Authorization": "Bearer " + env.APIKey}, + Body: map[string]interface{}{ + "statements": []string{ + fmt.Sprintf("INSERT INTO %s (value) VALUES ('%s')", table, uniqueValue), + }, + }, + } + + _, status, err = insertReq.Do(ctx) + require.NoError(t, err, "FAIL: Insert in namespace failed") + require.Equal(t, http.StatusOK, status, "FAIL: Insert returned status %d", status) + + // Query data + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/rqlite/query", + Headers: map[string]string{"Authorization": "Bearer " + env.APIKey}, + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT value FROM %s WHERE value = '%s'", table, uniqueValue), + }, + } + + body, status, err := queryReq.Do(ctx) + require.NoError(t, err, "FAIL: Query in namespace failed") + require.Equal(t, http.StatusOK, status, "FAIL: Query returned status %d", status) + + var queryResp map[string]interface{} + e2e.DecodeJSON(body, &queryResp) + + count, _ := queryResp["count"].(float64) + require.Equal(t, float64(1), count, "FAIL: Data not found in namespace cluster") + + t.Logf(" ✓ Namespace RQLite operations work correctly") + }) +} diff --git a/e2e/cluster/rqlite_failover_test.go b/e2e/cluster/rqlite_failover_test.go new file mode 100644 index 0000000..e2fe86b --- /dev/null +++ b/e2e/cluster/rqlite_failover_test.go @@ -0,0 +1,177 @@ +//go:build e2e + +package cluster + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestRQLite_ReadConsistencyLevels tests that different consistency levels work. +func TestRQLite_ReadConsistencyLevels(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + gatewayURL := e2e.GetGatewayURL() + table := e2e.GenerateTableName() + + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + } + dropReq.Do(context.Background()) + }() + + // Create table + createReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/create-table", + Body: map[string]interface{}{ + "schema": fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY AUTOINCREMENT, val TEXT)", table), + }, + } + _, status, err := createReq.Do(ctx) + require.NoError(t, err) + require.True(t, status == http.StatusOK || status == http.StatusCreated, "create table got %d", status) + + // Insert data + insertReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/transaction", + Body: map[string]interface{}{ + "statements": []string{ + fmt.Sprintf("INSERT INTO %s(val) VALUES ('consistency-test')", table), + }, + }, + } + _, status, err = insertReq.Do(ctx) + require.NoError(t, err) + require.Equal(t, http.StatusOK, status) + + t.Run("Default consistency read", func(t *testing.T) { + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT * FROM %s", table), + }, + } + body, status, err := queryReq.Do(ctx) + require.NoError(t, err) + assert.Equal(t, http.StatusOK, status) + t.Logf("Default read: %s", string(body)) + }) + + t.Run("Strong consistency read", func(t *testing.T) { + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/query?level=strong", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT * FROM %s", table), + }, + } + body, status, err := queryReq.Do(ctx) + require.NoError(t, err) + assert.Equal(t, http.StatusOK, status) + t.Logf("Strong read: %s", string(body)) + }) + + t.Run("Weak consistency read", func(t *testing.T) { + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/query?level=weak", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT * FROM %s", table), + }, + } + body, status, err := queryReq.Do(ctx) + require.NoError(t, err) + assert.Equal(t, http.StatusOK, status) + t.Logf("Weak read: %s", string(body)) + }) +} + +// TestRQLite_WriteAfterMultipleReads verifies write-read cycles stay consistent. +func TestRQLite_WriteAfterMultipleReads(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) + defer cancel() + + gatewayURL := e2e.GetGatewayURL() + table := e2e.GenerateTableName() + + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + } + dropReq.Do(context.Background()) + }() + + createReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/create-table", + Body: map[string]interface{}{ + "schema": fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY AUTOINCREMENT, counter INTEGER DEFAULT 0)", table), + }, + } + _, status, err := createReq.Do(ctx) + require.NoError(t, err) + require.True(t, status == http.StatusOK || status == http.StatusCreated) + + // Write-read cycle 10 times + for i := 1; i <= 10; i++ { + insertReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/transaction", + Body: map[string]interface{}{ + "statements": []string{ + fmt.Sprintf("INSERT INTO %s(counter) VALUES (%d)", table, i), + }, + }, + } + _, status, err := insertReq.Do(ctx) + require.NoError(t, err, "insert %d failed", i) + require.Equal(t, http.StatusOK, status, "insert %d got status %d", i, status) + + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT COUNT(*) as cnt FROM %s", table), + }, + } + body, _, _ := queryReq.Do(ctx) + t.Logf("Iteration %d: %s", i, string(body)) + } + + // Final verification + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: gatewayURL + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT COUNT(*) as cnt FROM %s", table), + }, + } + body, status, err := queryReq.Do(ctx) + require.NoError(t, err) + require.Equal(t, http.StatusOK, status) + + var result map[string]interface{} + json.Unmarshal(body, &result) + t.Logf("Final count result: %s", string(body)) +} diff --git a/e2e/config.go b/e2e/config.go new file mode 100644 index 0000000..469da80 --- /dev/null +++ b/e2e/config.go @@ -0,0 +1,171 @@ +//go:build e2e + +package e2e + +import ( + "os" + "path/filepath" + "testing" + + "gopkg.in/yaml.v2" +) + +// E2EConfig holds the configuration for E2E tests +type E2EConfig struct { + // Mode can be "local" or "production" + Mode string `yaml:"mode"` + + // BaseDomain is the domain used for deployment routing (e.g., "dbrs.space" or "orama.network") + BaseDomain string `yaml:"base_domain"` + + // Servers is a list of production servers (only used when mode=production) + Servers []ServerConfig `yaml:"servers"` + + // Nameservers is a list of nameserver hostnames (e.g., ["ns1.dbrs.space", "ns2.dbrs.space"]) + Nameservers []string `yaml:"nameservers"` + + // APIKey is the API key for production testing (auto-discovered if empty) + APIKey string `yaml:"api_key"` +} + +// ServerConfig holds configuration for a single production server +type ServerConfig struct { + Name string `yaml:"name"` + IP string `yaml:"ip"` + User string `yaml:"user"` + Password string `yaml:"password"` + IsNameserver bool `yaml:"is_nameserver"` +} + +// DefaultConfig returns the default configuration for local development +func DefaultConfig() *E2EConfig { + return &E2EConfig{ + Mode: "local", + BaseDomain: "orama.network", + Servers: []ServerConfig{}, + Nameservers: []string{}, + APIKey: "", + } +} + +// LoadE2EConfig loads the E2E test configuration from e2e/config.yaml +// Falls back to defaults if the file doesn't exist +func LoadE2EConfig() (*E2EConfig, error) { + // Try multiple locations for the config file + configPaths := []string{ + "config.yaml", // Relative to e2e directory (when running from e2e/) + "e2e/config.yaml", // Relative to project root + "../e2e/config.yaml", // From subdirectory within e2e/ + } + + // Also try absolute path based on working directory + if cwd, err := os.Getwd(); err == nil { + configPaths = append(configPaths, filepath.Join(cwd, "config.yaml")) + configPaths = append(configPaths, filepath.Join(cwd, "e2e", "config.yaml")) + // Go up one level if we're in a subdirectory + configPaths = append(configPaths, filepath.Join(cwd, "..", "config.yaml")) + } + + var configData []byte + var readErr error + + for _, path := range configPaths { + data, err := os.ReadFile(path) + if err == nil { + configData = data + break + } + readErr = err + } + + // If no config file found, return defaults + if configData == nil { + // Check if running in production mode via environment variable + if os.Getenv("E2E_MODE") == "production" { + return nil, readErr // Config file required for production mode + } + return DefaultConfig(), nil + } + + var cfg E2EConfig + if err := yaml.Unmarshal(configData, &cfg); err != nil { + return nil, err + } + + // Apply defaults for empty values + if cfg.Mode == "" { + cfg.Mode = "local" + } + if cfg.BaseDomain == "" { + cfg.BaseDomain = "orama.network" + } + + return &cfg, nil +} + +// IsProductionMode returns true if running in production mode +func IsProductionMode() bool { + // Check environment variable first + if os.Getenv("E2E_MODE") == "production" { + return true + } + + cfg, err := LoadE2EConfig() + if err != nil { + return false + } + return cfg.Mode == "production" +} + +// IsLocalMode returns true if running in local mode +func IsLocalMode() bool { + return !IsProductionMode() +} + +// SkipIfLocal skips the test if running in local mode +// Use this for tests that require real production infrastructure +func SkipIfLocal(t *testing.T) { + t.Helper() + if IsLocalMode() { + t.Skip("Skipping: requires production environment (set mode: production in e2e/config.yaml)") + } +} + +// SkipIfProduction skips the test if running in production mode +// Use this for tests that should only run locally +func SkipIfProduction(t *testing.T) { + t.Helper() + if IsProductionMode() { + t.Skip("Skipping: local-only test") + } +} + +// GetServerIPs returns a list of all server IP addresses from config +func GetServerIPs(cfg *E2EConfig) []string { + if cfg == nil { + return nil + } + + ips := make([]string, 0, len(cfg.Servers)) + for _, server := range cfg.Servers { + if server.IP != "" { + ips = append(ips, server.IP) + } + } + return ips +} + +// GetNameserverServers returns servers configured as nameservers +func GetNameserverServers(cfg *E2EConfig) []ServerConfig { + if cfg == nil { + return nil + } + + var nameservers []ServerConfig + for _, server := range cfg.Servers { + if server.IsNameserver { + nameservers = append(nameservers, server) + } + } + return nameservers +} diff --git a/e2e/config.yaml.example b/e2e/config.yaml.example new file mode 100644 index 0000000..1ad3bda --- /dev/null +++ b/e2e/config.yaml.example @@ -0,0 +1,45 @@ +# E2E Test Configuration +# +# Copy this file to config.yaml and fill in your values. +# config.yaml is git-ignored and should contain your actual credentials. +# +# Usage: +# cp config.yaml.example config.yaml +# # Edit config.yaml with your server credentials +# go test -v -tags e2e ./e2e/... + +# Test mode: "local" or "production" +# - local: Tests run against `make dev` cluster on localhost +# - production: Tests run against real VPS servers +mode: local + +# Base domain for deployment routing +# - Local: orama.network (default) +# - Production: dbrs.space (or your custom domain) +base_domain: orama.network + +# Production servers (only used when mode=production) +# Add your VPS servers here with their credentials +servers: + # Example: + # - name: vps-1 + # ip: 1.2.3.4 + # user: ubuntu + # password: "your-password-here" + # is_nameserver: true + # - name: vps-2 + # ip: 5.6.7.8 + # user: ubuntu + # password: "another-password" + # is_nameserver: false + +# Nameserver hostnames (for DNS tests in production) +# These should match your NS records +nameservers: + # Example: + # - ns1.yourdomain.com + # - ns2.yourdomain.com + +# API key for production testing +# Leave empty to auto-discover from RQLite or create fresh key +api_key: "" diff --git a/e2e/deployments/edge_cases_test.go b/e2e/deployments/edge_cases_test.go new file mode 100644 index 0000000..67fafdc --- /dev/null +++ b/e2e/deployments/edge_cases_test.go @@ -0,0 +1,223 @@ +//go:build e2e + +package deployments_test + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "sync" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestDeploy_InvalidTarball verifies that uploading an invalid/corrupt tarball +// returns a clean error (not a 500 or panic). +func TestDeploy_InvalidTarball(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + deploymentName := fmt.Sprintf("invalid-tar-%d", time.Now().Unix()) + + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(deploymentName + "\r\n") + + // Write invalid tarball data (random bytes, not a real gzip) + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + body.WriteString("this is not a valid tarball content at all!!!") + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/static/upload", body) + require.NoError(t, err) + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + respBody, _ := io.ReadAll(resp.Body) + t.Logf("Status: %d, Body: %s", resp.StatusCode, string(respBody)) + + // Should return an error, not 2xx (ideally 400, but server currently returns 500) + assert.True(t, resp.StatusCode >= 400, + "Invalid tarball should return error (got %d)", resp.StatusCode) +} + +// TestDeploy_EmptyTarball verifies that uploading an empty file returns an error. +func TestDeploy_EmptyTarball(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + deploymentName := fmt.Sprintf("empty-tar-%d", time.Now().Unix()) + + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(deploymentName + "\r\n") + + // Empty tarball + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/static/upload", body) + require.NoError(t, err) + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + respBody, _ := io.ReadAll(resp.Body) + t.Logf("Status: %d, Body: %s", resp.StatusCode, string(respBody)) + + assert.True(t, resp.StatusCode >= 400, + "Empty tarball should return error (got %d)", resp.StatusCode) +} + +// TestDeploy_MissingName verifies that deploying without a name returns an error. +func TestDeploy_MissingName(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + tarballPath := filepath.Join("../../testdata/apps/react-app") + + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + // No name field + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + + // Create tarball from directory for the "no name" test + tarData, err := exec.Command("tar", "-czf", "-", "-C", tarballPath, ".").Output() + if err != nil { + t.Skip("Failed to create tarball from test app") + } + body.Write(tarData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/static/upload", body) + require.NoError(t, err) + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + assert.True(t, resp.StatusCode >= 400, + "Missing name should return error (got %d)", resp.StatusCode) +} + +// TestDeploy_ConcurrentSameName verifies that deploying two apps with the same +// name concurrently doesn't cause data corruption. +func TestDeploy_ConcurrentSameName(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + deploymentName := fmt.Sprintf("concurrent-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + var wg sync.WaitGroup + results := make([]int, 2) + ids := make([]string, 2) + + // Pre-create tarball once for both goroutines + tarData, err := exec.Command("tar", "-czf", "-", "-C", tarballPath, ".").Output() + if err != nil { + t.Skip("Failed to create tarball from test app") + } + + for i := 0; i < 2; i++ { + wg.Add(1) + go func(idx int) { + defer wg.Done() + + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(deploymentName + "\r\n") + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + body.Write(tarData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, _ := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/static/upload", body) + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + if err != nil { + return + } + defer resp.Body.Close() + + results[idx] = resp.StatusCode + + var result map[string]interface{} + json.NewDecoder(resp.Body).Decode(&result) + if id, ok := result["deployment_id"].(string); ok { + ids[idx] = id + } else if id, ok := result["id"].(string); ok { + ids[idx] = id + } + }(i) + } + + wg.Wait() + + t.Logf("Concurrent deploy results: status1=%d status2=%d id1=%s id2=%s", + results[0], results[1], ids[0], ids[1]) + + // At least one should succeed + successCount := 0 + for _, status := range results { + if status == http.StatusCreated { + successCount++ + } + } + assert.GreaterOrEqual(t, successCount, 1, + "At least one concurrent deploy should succeed") + + // Cleanup + for _, id := range ids { + if id != "" { + e2e.DeleteDeployment(t, env, id) + } + } +} + +func readFileBytes(path string) ([]byte, error) { + f, err := os.Open(path) + if err != nil { + return nil, err + } + defer f.Close() + return io.ReadAll(f) +} diff --git a/e2e/deployments/go_sqlite_test.go b/e2e/deployments/go_sqlite_test.go new file mode 100644 index 0000000..4737133 --- /dev/null +++ b/e2e/deployments/go_sqlite_test.go @@ -0,0 +1,308 @@ +//go:build e2e + +package deployments_test + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestGoBackendWithSQLite tests Go backend deployment with hosted SQLite connectivity +// 1. Create hosted SQLite database +// 2. Deploy Go backend with DATABASE_NAME env var +// 3. POST /api/users → verify insert +// 4. GET /api/users → verify read +// 5. Cleanup +func TestGoBackendWithSQLite(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("go-sqlite-test-%d", time.Now().Unix()) + dbName := fmt.Sprintf("test-db-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/go-api") + var deploymentID string + + // Cleanup after test + defer func() { + if !env.SkipCleanup { + if deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + // Delete the test database + deleteSQLiteDB(t, env, dbName) + } + }() + + t.Run("Create SQLite database", func(t *testing.T) { + e2e.CreateSQLiteDB(t, env, dbName) + t.Logf("Created database: %s", dbName) + }) + + t.Run("Deploy Go backend with DATABASE_NAME", func(t *testing.T) { + deploymentID = createGoDeployment(t, env, deploymentName, tarballPath, map[string]string{ + "DATABASE_NAME": dbName, + "GATEWAY_URL": env.GatewayURL, + "API_KEY": env.APIKey, + }) + require.NotEmpty(t, deploymentID, "Deployment ID should not be empty") + t.Logf("Created Go deployment: %s (ID: %s)", deploymentName, deploymentID) + }) + + t.Run("Wait for deployment to become healthy", func(t *testing.T) { + healthy := e2e.WaitForHealthy(t, env, deploymentID, 90*time.Second) + require.True(t, healthy, "Deployment should become healthy") + t.Logf("Deployment is healthy") + }) + + t.Run("Test health endpoint", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + domain := extractDomain(nodeURL) + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/health") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "Health check should return 200") + + body, _ := io.ReadAll(resp.Body) + var health map[string]interface{} + require.NoError(t, json.Unmarshal(body, &health)) + + assert.Contains(t, []string{"healthy", "ok"}, health["status"]) + t.Logf("Health response: %+v", health) + }) + + t.Run("POST /api/notes - create note", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + domain := extractDomain(nodeURL) + + noteData := map[string]string{ + "title": "Test Note", + "content": "This is a test note", + } + body, _ := json.Marshal(noteData) + + req, err := http.NewRequest("POST", env.GatewayURL+"/api/notes", bytes.NewBuffer(body)) + require.NoError(t, err) + req.Header.Set("Content-Type", "application/json") + req.Host = domain + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + assert.Equal(t, http.StatusCreated, resp.StatusCode, "Should create note successfully") + + var note map[string]interface{} + require.NoError(t, json.NewDecoder(resp.Body).Decode(¬e)) + + assert.Equal(t, "Test Note", note["title"]) + assert.Equal(t, "This is a test note", note["content"]) + t.Logf("Created note: %+v", note) + }) + + t.Run("GET /api/notes - list notes", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + domain := extractDomain(nodeURL) + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/api/notes") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode) + + var notes []map[string]interface{} + require.NoError(t, json.NewDecoder(resp.Body).Decode(¬es)) + + assert.GreaterOrEqual(t, len(notes), 1, "Should have at least one note") + + found := false + for _, note := range notes { + if note["title"] == "Test Note" { + found = true + break + } + } + assert.True(t, found, "Test note should be in the list") + t.Logf("Notes count: %d", len(notes)) + }) + + t.Run("DELETE /api/notes - delete note", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + domain := extractDomain(nodeURL) + + // First get the note ID + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/api/notes") + defer resp.Body.Close() + + var notes []map[string]interface{} + require.NoError(t, json.NewDecoder(resp.Body).Decode(¬es)) + + var noteID int + for _, note := range notes { + if note["title"] == "Test Note" { + noteID = int(note["id"].(float64)) + break + } + } + require.NotZero(t, noteID, "Should find test note ID") + + req, err := http.NewRequest("DELETE", fmt.Sprintf("%s/api/notes/%d", env.GatewayURL, noteID), nil) + require.NoError(t, err) + req.Host = domain + + deleteResp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer deleteResp.Body.Close() + + assert.Equal(t, http.StatusOK, deleteResp.StatusCode, "Should delete note successfully") + t.Logf("Deleted note ID: %d", noteID) + }) +} + +// createGoDeployment creates a Go backend deployment with environment variables +func createGoDeployment(t *testing.T, env *e2e.E2ETestEnv, name, tarballPath string, envVars map[string]string) string { + t.Helper() + + var fileData []byte + info, err := os.Stat(tarballPath) + if err != nil { + t.Fatalf("failed to stat tarball path: %v", err) + } + if info.IsDir() { + // Build Go binary for linux/amd64, then tar it + tmpDir, err := os.MkdirTemp("", "go-deploy-*") + if err != nil { + t.Fatalf("failed to create temp dir: %v", err) + } + defer os.RemoveAll(tmpDir) + + binaryPath := filepath.Join(tmpDir, "app") + buildCmd := exec.Command("go", "build", "-o", binaryPath, ".") + buildCmd.Dir = tarballPath + buildCmd.Env = append(os.Environ(), "GOOS=linux", "GOARCH=amd64", "CGO_ENABLED=0") + if out, err := buildCmd.CombinedOutput(); err != nil { + t.Fatalf("failed to build Go app: %v\n%s", err, string(out)) + } + + fileData, err = exec.Command("tar", "-czf", "-", "-C", tmpDir, ".").Output() + if err != nil { + t.Fatalf("failed to create tarball: %v", err) + } + } else { + file, err := os.Open(tarballPath) + if err != nil { + t.Fatalf("failed to open tarball: %v", err) + } + defer file.Close() + fileData, _ = io.ReadAll(file) + } + + // Create multipart form + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + // Write name field + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(name + "\r\n") + + // Write environment variables + for key, value := range envVars { + body.WriteString("--" + boundary + "\r\n") + body.WriteString(fmt.Sprintf("Content-Disposition: form-data; name=\"env_%s\"\r\n\r\n", key)) + body.WriteString(value + "\r\n") + } + + // Write tarball file + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + + body.Write(fileData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/go/upload", body) + if err != nil { + t.Fatalf("failed to create request: %v", err) + } + + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Fatalf("failed to execute request: %v", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusCreated { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("Deployment upload failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } + + var result map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + t.Fatalf("failed to decode response: %v", err) + } + + if id, ok := result["deployment_id"].(string); ok { + return id + } + if id, ok := result["id"].(string); ok { + return id + } + t.Fatalf("Deployment response missing id field: %+v", result) + return "" +} + +// deleteSQLiteDB deletes a SQLite database +func deleteSQLiteDB(t *testing.T, env *e2e.E2ETestEnv, dbName string) { + t.Helper() + + req, err := http.NewRequest("DELETE", env.GatewayURL+"/v1/db/"+dbName, nil) + if err != nil { + t.Logf("warning: failed to create delete request: %v", err) + return + } + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Logf("warning: failed to delete database: %v", err) + return + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + t.Logf("warning: delete database returned status %d", resp.StatusCode) + } +} diff --git a/e2e/deployments/nextjs_ssr_test.go b/e2e/deployments/nextjs_ssr_test.go new file mode 100644 index 0000000..da3ae8d --- /dev/null +++ b/e2e/deployments/nextjs_ssr_test.go @@ -0,0 +1,264 @@ +//go:build e2e + +package deployments_test + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "path/filepath" + "strings" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestNextJSDeployment_SSR tests Next.js deployment with SSR and API routes +// 1. Deploy Next.js app +// 2. Test SSR page (verify server-rendered HTML) +// 3. Test API routes (/api/hello, /api/data) +// 4. Test static assets +// 5. Cleanup +func TestNextJSDeployment_SSR(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("nextjs-ssr-test-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/nextjs-ssr.tar.gz") + var deploymentID string + + // Check if tarball exists + if _, err := os.Stat(tarballPath); os.IsNotExist(err) { + t.Skip("Next.js SSR tarball not found at " + tarballPath) + } + + // Cleanup after test + defer func() { + if !env.SkipCleanup && deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Deploy Next.js SSR app", func(t *testing.T) { + deploymentID = createNextJSDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID, "Deployment ID should not be empty") + t.Logf("Created Next.js deployment: %s (ID: %s)", deploymentName, deploymentID) + }) + + t.Run("Wait for deployment to become healthy", func(t *testing.T) { + healthy := e2e.WaitForHealthy(t, env, deploymentID, 120*time.Second) + require.True(t, healthy, "Deployment should become healthy") + t.Logf("Deployment is healthy") + }) + + t.Run("Verify deployment in database", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + assert.Equal(t, deploymentName, deployment["name"], "Deployment name should match") + + deploymentType, ok := deployment["type"].(string) + require.True(t, ok, "Type should be a string") + assert.Contains(t, deploymentType, "nextjs", "Type should be nextjs") + + t.Logf("Deployment type: %s", deploymentType) + }) + + t.Run("Test SSR page - verify server-rendered HTML", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + domain := extractDomain(nodeURL) + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "SSR page should return 200") + + body, err := io.ReadAll(resp.Body) + require.NoError(t, err, "Should read response body") + bodyStr := string(body) + + // Verify HTML is server-rendered (contains actual content, not just loading state) + assert.Contains(t, bodyStr, "Orama Network Next.js Test", "Should contain app title") + assert.Contains(t, bodyStr, "Server-Side Rendering Test", "Should contain SSR test marker") + assert.Contains(t, resp.Header.Get("Content-Type"), "text/html", "Should be HTML content") + + t.Logf("SSR page loaded successfully") + t.Logf("Content-Type: %s", resp.Header.Get("Content-Type")) + }) + + t.Run("Test API route - /api/hello", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + domain := extractDomain(nodeURL) + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/api/hello") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "API route should return 200") + + var result map[string]interface{} + require.NoError(t, json.NewDecoder(resp.Body).Decode(&result), "Should decode JSON response") + + assert.Contains(t, result["message"], "Hello", "Should contain hello message") + assert.NotEmpty(t, result["timestamp"], "Should have timestamp") + + t.Logf("API /hello response: %+v", result) + }) + + t.Run("Test API route - /api/data", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + domain := extractDomain(nodeURL) + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/api/data") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "API data route should return 200") + + var result map[string]interface{} + require.NoError(t, json.NewDecoder(resp.Body).Decode(&result), "Should decode JSON response") + + // Just verify it returns valid JSON + t.Logf("API /data response: %+v", result) + }) + + t.Run("Test static asset - _next directory", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + domain := extractDomain(nodeURL) + + // First, get the main page to find the actual static asset path + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/") + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + bodyStr := string(body) + + // Look for _next/static references in the HTML + if strings.Contains(bodyStr, "_next/static") { + t.Logf("Found _next/static references in HTML") + + // Try to fetch a common static chunk + // The exact path depends on Next.js build output + // We'll just verify the _next directory structure is accessible + chunkResp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/_next/static/chunks/main.js") + defer chunkResp.Body.Close() + + // It's OK if specific files don't exist (they have hashed names) + // Just verify we don't get a 500 error + assert.NotEqual(t, http.StatusInternalServerError, chunkResp.StatusCode, + "Static asset request should not cause server error") + + t.Logf("Static asset request status: %d", chunkResp.StatusCode) + } else { + t.Logf("No _next/static references found (may be using different bundling)") + } + }) + + t.Run("Test 404 handling", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + domain := extractDomain(nodeURL) + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/nonexistent-page-xyz") + defer resp.Body.Close() + + // Next.js should handle 404 gracefully + // Could be 404 or 200 depending on catch-all routes + assert.Contains(t, []int{200, 404}, resp.StatusCode, + "Should return either 200 (catch-all) or 404") + + t.Logf("404 handling: status=%d", resp.StatusCode) + }) +} + +// createNextJSDeployment creates a Next.js deployment +func createNextJSDeployment(t *testing.T, env *e2e.E2ETestEnv, name, tarballPath string) string { + t.Helper() + + file, err := os.Open(tarballPath) + if err != nil { + t.Fatalf("failed to open tarball: %v", err) + } + defer file.Close() + + // Create multipart form + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + // Write name field + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(name + "\r\n") + + // Write ssr field (enable SSR mode) + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"ssr\"\r\n\r\n") + body.WriteString("true\r\n") + + // Write tarball file + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + + fileData, _ := io.ReadAll(file) + body.Write(fileData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/nextjs/upload", body) + if err != nil { + t.Fatalf("failed to create request: %v", err) + } + + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + // Use a longer timeout for large Next.js uploads (can be 50MB+) + uploadClient := e2e.NewHTTPClient(5 * time.Minute) + resp, err := uploadClient.Do(req) + if err != nil { + t.Fatalf("failed to execute request: %v", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusCreated { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("Deployment upload failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } + + var result map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + t.Fatalf("failed to decode response: %v", err) + } + + if id, ok := result["deployment_id"].(string); ok { + return id + } + if id, ok := result["id"].(string); ok { + return id + } + t.Fatalf("Deployment response missing id field: %+v", result) + return "" +} diff --git a/e2e/deployments/nodejs_deployment_test.go b/e2e/deployments/nodejs_deployment_test.go new file mode 100644 index 0000000..7c1e8f0 --- /dev/null +++ b/e2e/deployments/nodejs_deployment_test.go @@ -0,0 +1,203 @@ +//go:build e2e + +package deployments_test + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestNodeJSDeployment_FullFlow(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("test-nodejs-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/node-api") + var deploymentID string + + // Cleanup after test + defer func() { + if !env.SkipCleanup && deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Upload Node.js backend", func(t *testing.T) { + deploymentID = createNodeJSDeployment(t, env, deploymentName, tarballPath) + + assert.NotEmpty(t, deploymentID, "Deployment ID should not be empty") + t.Logf("Created deployment: %s (ID: %s)", deploymentName, deploymentID) + }) + + t.Run("Wait for deployment to become healthy", func(t *testing.T) { + healthy := e2e.WaitForHealthy(t, env, deploymentID, 90*time.Second) + assert.True(t, healthy, "Deployment should become healthy within timeout") + t.Logf("Deployment is healthy") + }) + + t.Run("Test health endpoint", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + // Get the deployment URLs (can be array of strings or map) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + // Test via Host header (localhost testing) + resp := e2e.TestDeploymentWithHostHeader(t, env, extractDomain(nodeURL), "/health") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "Health check should return 200") + + body, err := io.ReadAll(resp.Body) + require.NoError(t, err) + + var health map[string]interface{} + require.NoError(t, json.Unmarshal(body, &health)) + + assert.Contains(t, []string{"healthy", "ok"}, health["status"], + "Health status should be 'healthy' or 'ok'") + t.Logf("Health check passed: %v", health) + }) + + t.Run("Test API endpoint", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + + domain := extractDomain(nodeURL) + + // Test health endpoint (node-api app serves /health) + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/health") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode) + + body, err := io.ReadAll(resp.Body) + require.NoError(t, err) + + var result map[string]interface{} + require.NoError(t, json.Unmarshal(body, &result)) + + assert.NotEmpty(t, result["service"]) + t.Logf("API endpoint response: %v", result) + }) +} + +func createNodeJSDeployment(t *testing.T, env *e2e.E2ETestEnv, name, tarballPath string) string { + t.Helper() + + var fileData []byte + + info, err := os.Stat(tarballPath) + if err != nil { + t.Fatalf("Failed to stat tarball path: %v", err) + } + + if info.IsDir() { + // Create tarball from directory + tarData, err := exec.Command("tar", "-czf", "-", "-C", tarballPath, ".").Output() + require.NoError(t, err, "Failed to create tarball from %s", tarballPath) + fileData = tarData + } else { + file, err := os.Open(tarballPath) + require.NoError(t, err, "Failed to open tarball: %s", tarballPath) + defer file.Close() + fileData, _ = io.ReadAll(file) + } + + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(name + "\r\n") + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + + body.Write(fileData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/nodejs/upload", body) + require.NoError(t, err) + + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + if resp.StatusCode != http.StatusCreated { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("Deployment upload failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } + + var result map[string]interface{} + require.NoError(t, json.NewDecoder(resp.Body).Decode(&result)) + + if id, ok := result["deployment_id"].(string); ok { + return id + } + if id, ok := result["id"].(string); ok { + return id + } + t.Fatalf("Deployment response missing id field: %+v", result) + return "" +} + +// extractNodeURL gets the node URL from deployment response +// Handles both array of strings and map formats +func extractNodeURL(t *testing.T, deployment map[string]interface{}) string { + t.Helper() + + // Try as array of strings first (new format) + if urls, ok := deployment["urls"].([]interface{}); ok && len(urls) > 0 { + if url, ok := urls[0].(string); ok { + return url + } + } + + // Try as map (legacy format) + if urls, ok := deployment["urls"].(map[string]interface{}); ok { + if url, ok := urls["node"].(string); ok { + return url + } + } + + return "" +} + +func extractDomain(url string) string { + // Extract domain from URL like "https://myapp.node-xyz.dbrs.space" + // Remove protocol + domain := url + if len(url) > 8 && url[:8] == "https://" { + domain = url[8:] + } else if len(url) > 7 && url[:7] == "http://" { + domain = url[7:] + } + // Remove trailing slash + if len(domain) > 0 && domain[len(domain)-1] == '/' { + domain = domain[:len(domain)-1] + } + return domain +} diff --git a/e2e/deployments/replica_test.go b/e2e/deployments/replica_test.go new file mode 100644 index 0000000..9613b62 --- /dev/null +++ b/e2e/deployments/replica_test.go @@ -0,0 +1,357 @@ +//go:build e2e + +package deployments_test + +import ( + "bytes" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestStaticReplica_CreatedOnDeploy verifies that deploying a static app +// creates replica records on a second node. +func TestStaticReplica_CreatedOnDeploy(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("replica-static-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + var deploymentID string + + defer func() { + if !env.SkipCleanup && deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Deploy static app", func(t *testing.T) { + deploymentID = e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + t.Logf("Created deployment: %s (ID: %s)", deploymentName, deploymentID) + }) + + t.Run("Wait for replica setup", func(t *testing.T) { + // Static replicas should set up quickly (IPFS content) + time.Sleep(10 * time.Second) + }) + + t.Run("Deployment has replica records", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + // Check that replicas field exists and has entries + replicas, ok := deployment["replicas"].([]interface{}) + if !ok { + // Replicas might be in a nested structure or separate endpoint + t.Logf("Deployment response: %+v", deployment) + // Try querying replicas via the deployment details + homeNodeID, _ := deployment["home_node_id"].(string) + require.NotEmpty(t, homeNodeID, "Deployment should have a home_node_id") + t.Logf("Home node: %s", homeNodeID) + // If replicas aren't in the response, that's still okay — we verify + // via DNS and cross-node serving below + t.Log("Replica records not in deployment response; will verify via DNS/serving") + return + } + + assert.GreaterOrEqual(t, len(replicas), 1, "Should have at least 1 replica") + t.Logf("Found %d replica records", len(replicas)) + for i, r := range replicas { + if replica, ok := r.(map[string]interface{}); ok { + t.Logf(" Replica %d: node=%s status=%s", i, replica["node_id"], replica["status"]) + } + } + }) + + t.Run("Static content served via gateway", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + domain := extractDomain(nodeURL) + + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/") + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + assert.Equal(t, http.StatusOK, resp.StatusCode, + "Static content should be served (got %d: %s)", resp.StatusCode, string(body)) + t.Logf("Served via gateway: status=%d", resp.StatusCode) + }) +} + +// TestDynamicReplica_CreatedOnDeploy verifies that deploying a dynamic (Node.js) app +// creates a replica process on a second node. +func TestDynamicReplica_CreatedOnDeploy(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("replica-nodejs-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/node-api") + var deploymentID string + + defer func() { + if !env.SkipCleanup && deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Deploy Node.js backend", func(t *testing.T) { + deploymentID = createNodeJSDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + t.Logf("Created deployment: %s (ID: %s)", deploymentName, deploymentID) + }) + + t.Run("Wait for deployment and replica", func(t *testing.T) { + healthy := e2e.WaitForHealthy(t, env, deploymentID, 90*time.Second) + assert.True(t, healthy, "Deployment should become healthy") + // Extra wait for async replica setup + time.Sleep(15 * time.Second) + }) + + t.Run("Dynamic app served from both nodes", func(t *testing.T) { + e2e.SkipIfLocal(t) + + if len(env.Config.Servers) < 2 { + t.Skip("Requires at least 2 servers") + } + + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + if nodeURL == "" { + t.Skip("No node URL in deployment") + } + domain := extractDomain(nodeURL) + + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/health") + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + assert.Equal(t, http.StatusOK, resp.StatusCode, + "Dynamic app should be served via gateway (got %d: %s)", resp.StatusCode, string(body)) + t.Logf("Served via gateway: status=%d body=%s", resp.StatusCode, string(body)) + }) +} + +// TestReplica_UpdatePropagation verifies that updating a deployment propagates to replicas. +func TestReplica_UpdatePropagation(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + e2e.SkipIfLocal(t) + + if len(env.Config.Servers) < 2 { + t.Skip("Requires at least 2 servers") + } + + deploymentName := fmt.Sprintf("replica-update-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + var deploymentID string + + defer func() { + if !env.SkipCleanup && deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Deploy v1", func(t *testing.T) { + deploymentID = e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + time.Sleep(10 * time.Second) // Wait for replica + }) + + var v1CID string + t.Run("Record v1 CID", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + v1CID, _ = deployment["content_cid"].(string) + require.NotEmpty(t, v1CID) + t.Logf("v1 CID: %s", v1CID) + }) + + t.Run("Update to v2", func(t *testing.T) { + updateStaticDeployment(t, env, deploymentName, tarballPath) + time.Sleep(10 * time.Second) // Wait for update + replica propagation + }) + + t.Run("All nodes serve updated version", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + v2CID, _ := deployment["content_cid"].(string) + + // v2 CID might be same (same tarball) but version should increment + version, _ := deployment["version"].(float64) + assert.Equal(t, float64(2), version, "Should be version 2") + t.Logf("v2 CID: %s, version: %v", v2CID, version) + + // Verify via gateway + dep := e2e.GetDeployment(t, env, deploymentID) + depCID, _ := dep["content_cid"].(string) + assert.Equal(t, v2CID, depCID, "CID should match after update") + }) +} + +// TestReplica_RollbackPropagation verifies rollback propagates to replica nodes. +func TestReplica_RollbackPropagation(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + e2e.SkipIfLocal(t) + + if len(env.Config.Servers) < 2 { + t.Skip("Requires at least 2 servers") + } + + deploymentName := fmt.Sprintf("replica-rollback-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + var deploymentID string + + defer func() { + if !env.SkipCleanup && deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Deploy v1 and update to v2", func(t *testing.T) { + deploymentID = e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + time.Sleep(10 * time.Second) + + updateStaticDeployment(t, env, deploymentName, tarballPath) + time.Sleep(10 * time.Second) + }) + + var v1CID string + t.Run("Get v1 CID from versions", func(t *testing.T) { + versions := listVersions(t, env, deploymentName) + if len(versions) > 0 { + v1CID, _ = versions[0]["content_cid"].(string) + } + if v1CID == "" { + // Fall back: v1 CID from current deployment + deployment := e2e.GetDeployment(t, env, deploymentID) + v1CID, _ = deployment["content_cid"].(string) + } + t.Logf("v1 CID for rollback comparison: %s", v1CID) + }) + + t.Run("Rollback to v1", func(t *testing.T) { + rollbackDeployment(t, env, deploymentName, 1) + time.Sleep(10 * time.Second) // Wait for rollback + replica propagation + }) + + t.Run("All nodes have rolled-back CID", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + currentCID, _ := deployment["content_cid"].(string) + t.Logf("Post-rollback CID: %s", currentCID) + + assert.Equal(t, v1CID, currentCID, "CID should match v1 after rollback") + }) +} + +// TestReplica_TeardownOnDelete verifies that deleting a deployment removes replicas. +func TestReplica_TeardownOnDelete(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + e2e.SkipIfLocal(t) + + if len(env.Config.Servers) < 2 { + t.Skip("Requires at least 2 servers") + } + + deploymentName := fmt.Sprintf("replica-delete-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + time.Sleep(10 * time.Second) // Wait for replica + + // Get the domain before deletion + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + domain := "" + if nodeURL != "" { + domain = extractDomain(nodeURL) + } + + t.Run("Delete deployment", func(t *testing.T) { + e2e.DeleteDeployment(t, env, deploymentID) + time.Sleep(10 * time.Second) // Wait for teardown propagation + }) + + t.Run("Deployment no longer served on any node", func(t *testing.T) { + if domain == "" { + t.Skip("No domain to test") + } + + req, err := http.NewRequest("GET", env.GatewayURL+"/", nil) + require.NoError(t, err) + req.Host = domain + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Logf("Connection failed (expected after deletion)") + return + } + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + if resp.StatusCode == http.StatusOK { + assert.NotContains(t, string(body), "
", + "Deleted deployment should not be served") + } + t.Logf("status=%d (expected non-200)", resp.StatusCode) + }) +} + +// updateStaticDeployment updates an existing static deployment. +func updateStaticDeployment(t *testing.T, env *e2e.E2ETestEnv, name, tarballPath string) { + t.Helper() + + var fileData []byte + info, err := os.Stat(tarballPath) + require.NoError(t, err) + if info.IsDir() { + fileData, err = exec.Command("tar", "-czf", "-", "-C", tarballPath, ".").Output() + require.NoError(t, err) + } else { + file, err := os.Open(tarballPath) + require.NoError(t, err) + defer file.Close() + fileData, _ = io.ReadAll(file) + } + + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(name + "\r\n") + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + + body.Write(fileData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/static/update", body) + require.NoError(t, err) + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("Update failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } +} diff --git a/e2e/deployments/rollback_test.go b/e2e/deployments/rollback_test.go new file mode 100644 index 0000000..33f96f3 --- /dev/null +++ b/e2e/deployments/rollback_test.go @@ -0,0 +1,232 @@ +//go:build e2e + +package deployments_test + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestDeploymentRollback_FullFlow tests the complete rollback workflow: +// 1. Deploy v1 +// 2. Update to v2 +// 3. Verify v2 content +// 4. Rollback to v1 +// 5. Verify v1 content is restored +func TestDeploymentRollback_FullFlow(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("rollback-test-%d", time.Now().Unix()) + tarballPathV1 := filepath.Join("../../testdata/apps/react-app") + var deploymentID string + + // Cleanup after test + defer func() { + if !env.SkipCleanup && deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Deploy v1", func(t *testing.T) { + deploymentID = e2e.CreateTestDeployment(t, env, deploymentName, tarballPathV1) + require.NotEmpty(t, deploymentID, "Deployment ID should not be empty") + t.Logf("Created deployment v1: %s (ID: %s)", deploymentName, deploymentID) + }) + + t.Run("Verify v1 deployment", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + version, ok := deployment["version"].(float64) + require.True(t, ok, "Version should be a number") + assert.Equal(t, float64(1), version, "Initial version should be 1") + + contentCID, ok := deployment["content_cid"].(string) + require.True(t, ok, "Content CID should be a string") + assert.NotEmpty(t, contentCID, "Content CID should not be empty") + + t.Logf("v1 version: %v, CID: %s", version, contentCID) + }) + + var v1CID string + t.Run("Save v1 CID", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + v1CID = deployment["content_cid"].(string) + t.Logf("Saved v1 CID: %s", v1CID) + }) + + t.Run("Update to v2", func(t *testing.T) { + // Update the deployment with the same tarball (simulates a new version) + updateDeployment(t, env, deploymentName, tarballPathV1) + + // Wait for update to complete + time.Sleep(2 * time.Second) + }) + + t.Run("Verify v2 deployment", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + version, ok := deployment["version"].(float64) + require.True(t, ok, "Version should be a number") + assert.Equal(t, float64(2), version, "Version should be 2 after update") + + t.Logf("v2 version: %v", version) + }) + + t.Run("List deployment versions", func(t *testing.T) { + versions := listVersions(t, env, deploymentName) + t.Logf("Available versions: %+v", versions) + + // Should have at least 2 versions in history + assert.GreaterOrEqual(t, len(versions), 1, "Should have version history") + }) + + t.Run("Rollback to v1", func(t *testing.T) { + rollbackDeployment(t, env, deploymentName, 1) + + // Wait for rollback to complete + time.Sleep(2 * time.Second) + }) + + t.Run("Verify rollback succeeded", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + version, ok := deployment["version"].(float64) + require.True(t, ok, "Version should be a number") + // Note: Version number increases even on rollback (it's a new deployment version) + // But the content_cid should be the same as v1 + t.Logf("Post-rollback version: %v", version) + + contentCID, ok := deployment["content_cid"].(string) + require.True(t, ok, "Content CID should be a string") + assert.Equal(t, v1CID, contentCID, "Content CID should match v1 after rollback") + + t.Logf("Rollback verified - content CID matches v1: %s", contentCID) + }) +} + +// updateDeployment updates an existing static deployment +func updateDeployment(t *testing.T, env *e2e.E2ETestEnv, name, tarballPath string) { + t.Helper() + + var fileData []byte + info, err := os.Stat(tarballPath) + require.NoError(t, err) + if info.IsDir() { + fileData, err = exec.Command("tar", "-czf", "-", "-C", tarballPath, ".").Output() + require.NoError(t, err) + } else { + file, err := os.Open(tarballPath) + require.NoError(t, err, "Failed to open tarball") + defer file.Close() + fileData, _ = io.ReadAll(file) + } + + // Create multipart form + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + // Write name field + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(name + "\r\n") + + // Write tarball file + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + + body.Write(fileData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/static/update", body) + require.NoError(t, err, "Failed to create request") + + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Failed to execute request") + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("Update failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } + + var result map[string]interface{} + require.NoError(t, json.NewDecoder(resp.Body).Decode(&result), "Failed to decode response") + t.Logf("Update response: %+v", result) +} + +// listVersions lists available versions for a deployment +func listVersions(t *testing.T, env *e2e.E2ETestEnv, name string) []map[string]interface{} { + t.Helper() + + req, err := http.NewRequest("GET", env.GatewayURL+"/v1/deployments/versions?name="+name, nil) + require.NoError(t, err, "Failed to create request") + + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Failed to execute request") + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Logf("List versions returned status %d: %s", resp.StatusCode, string(bodyBytes)) + return nil + } + + var result struct { + Versions []map[string]interface{} `json:"versions"` + } + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + t.Logf("Failed to decode versions: %v", err) + return nil + } + + return result.Versions +} + +// rollbackDeployment triggers a rollback to a specific version +func rollbackDeployment(t *testing.T, env *e2e.E2ETestEnv, name string, targetVersion int) { + t.Helper() + + reqBody := map[string]interface{}{ + "name": name, + "version": targetVersion, + } + bodyBytes, _ := json.Marshal(reqBody) + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/rollback", bytes.NewBuffer(bodyBytes)) + require.NoError(t, err, "Failed to create request") + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Failed to execute request") + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("Rollback failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } + + var result map[string]interface{} + require.NoError(t, json.NewDecoder(resp.Body).Decode(&result), "Failed to decode response") + t.Logf("Rollback response: %+v", result) +} diff --git a/e2e/deployments/static_deployment_test.go b/e2e/deployments/static_deployment_test.go new file mode 100644 index 0000000..8ae44bd --- /dev/null +++ b/e2e/deployments/static_deployment_test.go @@ -0,0 +1,210 @@ +//go:build e2e + +package deployments_test + +import ( + "fmt" + "io" + "net/http" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestStaticDeployment_FullFlow(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("test-static-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + var deploymentID string + + // Cleanup after test + defer func() { + if !env.SkipCleanup && deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Upload static tarball", func(t *testing.T) { + deploymentID = e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + + assert.NotEmpty(t, deploymentID, "Deployment ID should not be empty") + t.Logf("✓ Created deployment: %s (ID: %s)", deploymentName, deploymentID) + }) + + t.Run("Verify deployment in database", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + assert.Equal(t, deploymentName, deployment["name"], "Deployment name should match") + assert.NotEmpty(t, deployment["content_cid"], "Content CID should not be empty") + + // Status might be "deploying" or "active" depending on timing + status, ok := deployment["status"].(string) + require.True(t, ok, "Status should be a string") + assert.Contains(t, []string{"deploying", "active"}, status, "Status should be deploying or active") + + t.Logf("✓ Deployment verified in database") + t.Logf(" - Name: %s", deployment["name"]) + t.Logf(" - Status: %s", status) + t.Logf(" - CID: %s", deployment["content_cid"]) + }) + + t.Run("Verify DNS record creation", func(t *testing.T) { + // Wait for deployment to become active + time.Sleep(2 * time.Second) + + // Get the actual domain from deployment response + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + require.NotEmpty(t, nodeURL, "Deployment should have a URL") + expectedDomain := extractDomain(nodeURL) + + // Make request with Host header (localhost testing) + resp := e2e.TestDeploymentWithHostHeader(t, env, expectedDomain, "/") + defer resp.Body.Close() + + // Should return 200 with React app HTML + assert.Equal(t, http.StatusOK, resp.StatusCode, "Should return 200 OK") + + body, err := io.ReadAll(resp.Body) + require.NoError(t, err, "Should read response body") + + bodyStr := string(body) + + // Verify React app content + assert.Contains(t, bodyStr, "
", "Should contain React root div") + assert.Contains(t, resp.Header.Get("Content-Type"), "text/html", "Content-Type should be text/html") + + t.Logf("✓ Domain routing works") + t.Logf(" - Domain: %s", expectedDomain) + t.Logf(" - Status: %d", resp.StatusCode) + t.Logf(" - Content-Type: %s", resp.Header.Get("Content-Type")) + }) + + t.Run("Verify static assets serve correctly", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + require.NotEmpty(t, nodeURL, "Deployment should have a URL") + expectedDomain := extractDomain(nodeURL) + + // Test CSS file (exact path depends on Vite build output) + // We'll just test a few common asset paths + assetPaths := []struct { + path string + contentType string + }{ + {"/index.html", "text/html"}, + // Note: Asset paths with hashes change on each build + // We'll test what we can + } + + for _, asset := range assetPaths { + resp := e2e.TestDeploymentWithHostHeader(t, env, expectedDomain, asset.path) + defer resp.Body.Close() + + if resp.StatusCode == http.StatusOK { + assert.Contains(t, resp.Header.Get("Content-Type"), asset.contentType, + "Content-Type should be %s for %s", asset.contentType, asset.path) + + t.Logf("✓ Asset served correctly: %s (%s)", asset.path, asset.contentType) + } + } + }) + + t.Run("Verify SPA fallback routing", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURL(t, deployment) + require.NotEmpty(t, nodeURL, "Deployment should have a URL") + expectedDomain := extractDomain(nodeURL) + + // Request unknown route (should return index.html for SPA) + resp := e2e.TestDeploymentWithHostHeader(t, env, expectedDomain, "/about/team") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "SPA fallback should return 200") + + body, err := io.ReadAll(resp.Body) + require.NoError(t, err, "Should read response body") + + assert.Contains(t, string(body), "
", "Should return index.html for unknown paths") + + t.Logf("✓ SPA fallback routing works") + }) + + t.Run("List deployments", func(t *testing.T) { + req, err := http.NewRequest("GET", env.GatewayURL+"/v1/deployments/list", nil) + require.NoError(t, err, "Should create request") + + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "List deployments should return 200") + + var result map[string]interface{} + require.NoError(t, e2e.DecodeJSON(mustReadAll(t, resp.Body), &result), "Should decode JSON") + + deployments, ok := result["deployments"].([]interface{}) + require.True(t, ok, "Deployments should be an array") + + assert.GreaterOrEqual(t, len(deployments), 1, "Should have at least one deployment") + + // Find our deployment + found := false + for _, d := range deployments { + dep, ok := d.(map[string]interface{}) + if !ok { + continue + } + if dep["name"] == deploymentName { + found = true + t.Logf("✓ Found deployment in list: %s", deploymentName) + break + } + } + + assert.True(t, found, "Deployment should be in list") + }) + + t.Run("Delete deployment", func(t *testing.T) { + e2e.DeleteDeployment(t, env, deploymentID) + + // Verify deletion - allow time for replication + time.Sleep(3 * time.Second) + + req, _ := http.NewRequest("GET", env.GatewayURL+"/v1/deployments/get?id="+deploymentID, nil) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + t.Logf("Delete verification response: status=%d body=%s", resp.StatusCode, string(body)) + + // After deletion, either 404 (not found) or 200 with empty/error response is acceptable + if resp.StatusCode == http.StatusOK { + // If 200, check if the deployment is actually gone + t.Logf("Got 200 - this may indicate soft delete or eventual consistency") + } + + t.Logf("✓ Deployment deleted successfully") + + // Clear deploymentID so cleanup doesn't try to delete again + deploymentID = "" + }) +} + +func mustReadAll(t *testing.T, r io.Reader) []byte { + t.Helper() + data, err := io.ReadAll(r) + require.NoError(t, err, "Should read all data") + return data +} diff --git a/e2e/env.go b/e2e/env.go index 0beff18..6a96e16 100644 --- a/e2e/env.go +++ b/e2e/env.go @@ -15,6 +15,7 @@ import ( "net/http" "net/url" "os" + "os/exec" "path/filepath" "strings" "sync" @@ -40,6 +41,73 @@ var ( cacheMutex sync.RWMutex ) +// createAPIKeyWithProvisioning creates an API key for a namespace, handling async provisioning +// For non-default namespaces, this may trigger cluster provisioning and wait for it to complete. +func createAPIKeyWithProvisioning(gatewayURL, wallet, namespace string, timeout time.Duration) (string, error) { + httpClient := NewHTTPClient(10 * time.Second) + + makeRequest := func() (*http.Response, []byte, error) { + reqBody := map[string]string{ + "wallet": wallet, + "namespace": namespace, + } + bodyBytes, _ := json.Marshal(reqBody) + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + req, err := http.NewRequestWithContext(ctx, "POST", gatewayURL+"/v1/auth/simple-key", bytes.NewReader(bodyBytes)) + if err != nil { + return nil, nil, fmt.Errorf("failed to create request: %w", err) + } + req.Header.Set("Content-Type", "application/json") + + resp, err := httpClient.Do(req) + if err != nil { + return nil, nil, fmt.Errorf("request failed: %w", err) + } + + respBody, _ := io.ReadAll(resp.Body) + resp.Body.Close() + return resp, respBody, nil + } + + startTime := time.Now() + for { + if time.Since(startTime) > timeout { + return "", fmt.Errorf("timeout waiting for namespace provisioning") + } + + resp, respBody, err := makeRequest() + if err != nil { + return "", err + } + + // If we got 200, extract the API key + if resp.StatusCode == http.StatusOK { + var apiKeyResp map[string]interface{} + if err := json.Unmarshal(respBody, &apiKeyResp); err != nil { + return "", fmt.Errorf("failed to decode API key response: %w", err) + } + apiKey, ok := apiKeyResp["api_key"].(string) + if !ok || apiKey == "" { + return "", fmt.Errorf("API key not found in response") + } + return apiKey, nil + } + + // If we got 202 Accepted, provisioning is in progress + if resp.StatusCode == http.StatusAccepted { + // Wait and retry - the cluster is being provisioned + time.Sleep(5 * time.Second) + continue + } + + // Any other status is an error + return "", fmt.Errorf("API key creation failed with status %d: %s", resp.StatusCode, string(respBody)) + } +} + // loadGatewayConfig loads gateway configuration from ~/.orama/gateway.yaml func loadGatewayConfig() (map[string]interface{}, error) { configPath, err := config.DefaultPath("gateway.yaml") @@ -80,6 +148,90 @@ func loadNodeConfig(filename string) (map[string]interface{}, error) { return cfg, nil } +// loadActiveEnvironment reads ~/.orama/environments.json and returns the active environment's gateway URL. +func loadActiveEnvironment() (string, error) { + homeDir, err := os.UserHomeDir() + if err != nil { + return "", err + } + + data, err := os.ReadFile(filepath.Join(homeDir, ".orama", "environments.json")) + if err != nil { + return "", err + } + + var envConfig struct { + Environments []struct { + Name string `json:"name"` + GatewayURL string `json:"gateway_url"` + } `json:"environments"` + ActiveEnvironment string `json:"active_environment"` + } + if err := json.Unmarshal(data, &envConfig); err != nil { + return "", err + } + + for _, env := range envConfig.Environments { + if env.Name == envConfig.ActiveEnvironment { + return env.GatewayURL, nil + } + } + + return "", fmt.Errorf("active environment %q not found", envConfig.ActiveEnvironment) +} + +// loadCredentialAPIKey reads ~/.orama/credentials.json and returns the API key for the given gateway URL. +func loadCredentialAPIKey(gatewayURL string) (string, error) { + homeDir, err := os.UserHomeDir() + if err != nil { + return "", err + } + + data, err := os.ReadFile(filepath.Join(homeDir, ".orama", "credentials.json")) + if err != nil { + return "", err + } + + // credentials.json v2 format: gateways -> url -> credentials[] array + var store struct { + Gateways map[string]json.RawMessage `json:"gateways"` + } + if err := json.Unmarshal(data, &store); err != nil { + return "", err + } + + raw, ok := store.Gateways[gatewayURL] + if !ok { + return "", fmt.Errorf("no credentials for gateway %s", gatewayURL) + } + + // Try v2 format: { "credentials": [...], "default_index": 0 } + var v2 struct { + Credentials []struct { + APIKey string `json:"api_key"` + Namespace string `json:"namespace"` + } `json:"credentials"` + DefaultIndex int `json:"default_index"` + } + if err := json.Unmarshal(raw, &v2); err == nil && len(v2.Credentials) > 0 { + idx := v2.DefaultIndex + if idx >= len(v2.Credentials) { + idx = 0 + } + return v2.Credentials[idx].APIKey, nil + } + + // Try v1 format: direct Credentials object { "api_key": "..." } + var v1 struct { + APIKey string `json:"api_key"` + } + if err := json.Unmarshal(raw, &v1); err == nil && v1.APIKey != "" { + return v1.APIKey, nil + } + + return "", fmt.Errorf("no API key found in credentials for %s", gatewayURL) +} + // GetGatewayURL returns the gateway base URL from config func GetGatewayURL() string { cacheMutex.RLock() @@ -89,7 +241,13 @@ func GetGatewayURL() string { } cacheMutex.RUnlock() - // Check environment variable first + // Check environment variables first (ORAMA_GATEWAY_URL takes precedence) + if envURL := os.Getenv("ORAMA_GATEWAY_URL"); envURL != "" { + cacheMutex.Lock() + gatewayURLCache = envURL + cacheMutex.Unlock() + return envURL + } if envURL := os.Getenv("GATEWAY_URL"); envURL != "" { cacheMutex.Lock() gatewayURLCache = envURL @@ -97,6 +255,14 @@ func GetGatewayURL() string { return envURL } + // Try to load from orama active environment (~/.orama/environments.json) + if envURL, err := loadActiveEnvironment(); err == nil && envURL != "" { + cacheMutex.Lock() + gatewayURLCache = envURL + cacheMutex.Unlock() + return envURL + } + // Try to load from gateway config gwCfg, err := loadGatewayConfig() if err == nil { @@ -153,7 +319,16 @@ func queryAPIKeyFromRQLite() (string, error) { return envKey, nil } - // 2. Build database path from bootstrap/node config + // 2. If ORAMA_GATEWAY_URL is set (production mode), query the remote RQLite HTTP API + if gatewayURL := os.Getenv("ORAMA_GATEWAY_URL"); gatewayURL != "" { + apiKey, err := queryAPIKeyFromRemoteRQLite(gatewayURL) + if err == nil && apiKey != "" { + return apiKey, nil + } + // Fall through to local database check if remote fails + } + + // 3. Build database path from bootstrap/node config (for local development) homeDir, err := os.UserHomeDir() if err != nil { return "", fmt.Errorf("failed to get home directory: %w", err) @@ -210,7 +385,61 @@ func queryAPIKeyFromRQLite() (string, error) { return "", fmt.Errorf("failed to retrieve API key from any SQLite database") } -// GetAPIKey returns the gateway API key from rqlite or cache +// queryAPIKeyFromRemoteRQLite queries the remote RQLite HTTP API for an API key +func queryAPIKeyFromRemoteRQLite(gatewayURL string) (string, error) { + // Parse the gateway URL to extract the host + parsed, err := url.Parse(gatewayURL) + if err != nil { + return "", fmt.Errorf("failed to parse gateway URL: %w", err) + } + + // RQLite HTTP API runs on port 5001 (not the gateway port 6001) + rqliteURL := fmt.Sprintf("http://%s:5001/db/query", parsed.Hostname()) + + // Create request body + reqBody := `["SELECT key FROM api_keys LIMIT 1"]` + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + req, err := http.NewRequestWithContext(ctx, http.MethodPost, rqliteURL, strings.NewReader(reqBody)) + if err != nil { + return "", fmt.Errorf("failed to create request: %w", err) + } + req.Header.Set("Content-Type", "application/json") + + resp, err := http.DefaultClient.Do(req) + if err != nil { + return "", fmt.Errorf("failed to query rqlite: %w", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return "", fmt.Errorf("rqlite returned status %d", resp.StatusCode) + } + + // Parse response + var result struct { + Results []struct { + Columns []string `json:"columns"` + Values [][]interface{} `json:"values"` + } `json:"results"` + } + + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + return "", fmt.Errorf("failed to decode response: %w", err) + } + + if len(result.Results) > 0 && len(result.Results[0].Values) > 0 && len(result.Results[0].Values[0]) > 0 { + if apiKey, ok := result.Results[0].Values[0][0].(string); ok && apiKey != "" { + return apiKey, nil + } + } + + return "", fmt.Errorf("no API key found in rqlite") +} + +// GetAPIKey returns the gateway API key from credentials.json, env vars, or rqlite func GetAPIKey() string { cacheMutex.RLock() if apiKeyCache != "" { @@ -219,7 +448,24 @@ func GetAPIKey() string { } cacheMutex.RUnlock() - // Query rqlite for API key + // 1. Check env var + if envKey := os.Getenv("DEBROS_API_KEY"); envKey != "" { + cacheMutex.Lock() + apiKeyCache = envKey + cacheMutex.Unlock() + return envKey + } + + // 2. Try credentials.json for the active gateway + gatewayURL := GetGatewayURL() + if apiKey, err := loadCredentialAPIKey(gatewayURL); err == nil && apiKey != "" { + cacheMutex.Lock() + apiKeyCache = apiKey + cacheMutex.Unlock() + return apiKey + } + + // 3. Fall back to querying rqlite directly apiKey, err := queryAPIKeyFromRQLite() if err != nil { return "" @@ -966,3 +1212,559 @@ func (p *WSPubSubClientPair) Close() { p.Subscriber.Close() } } + +// ============================================================================ +// Deployment Testing Helpers +// ============================================================================ + +// E2ETestEnv holds the environment configuration for deployment E2E tests +type E2ETestEnv struct { + GatewayURL string + APIKey string + Namespace string + BaseDomain string // Domain for deployment routing (e.g., "dbrs.space") + Config *E2EConfig // Full E2E configuration (for production tests) + HTTPClient *http.Client + SkipCleanup bool +} + +// BuildDeploymentDomain returns the full domain for a deployment name +// Format: {name}.{baseDomain} (e.g., "myapp.dbrs.space") +func (env *E2ETestEnv) BuildDeploymentDomain(deploymentName string) string { + return fmt.Sprintf("%s.%s", deploymentName, env.BaseDomain) +} + +// LoadTestEnv loads the test environment from environment variables and config file +// If ORAMA_API_KEY is not set, it creates a fresh API key for the default test namespace +func LoadTestEnv() (*E2ETestEnv, error) { + // Load E2E config (for base_domain and production settings) + cfg, err := LoadE2EConfig() + if err != nil { + // If config loading fails in production mode, that's an error + if IsProductionMode() { + return nil, fmt.Errorf("failed to load e2e config: %w", err) + } + // For local mode, use defaults + cfg = DefaultConfig() + } + + gatewayURL := os.Getenv("ORAMA_GATEWAY_URL") + if gatewayURL == "" { + gatewayURL = GetGatewayURL() + } + + // Check if API key is provided via environment variable, config, or credentials.json + apiKey := os.Getenv("ORAMA_API_KEY") + if apiKey == "" && cfg.APIKey != "" { + apiKey = cfg.APIKey + } + if apiKey == "" { + apiKey = GetAPIKey() // Reads from credentials.json or rqlite + } + namespace := os.Getenv("ORAMA_NAMESPACE") + + // If still no API key, create a fresh one for a default test namespace + if apiKey == "" { + if namespace == "" { + namespace = "default-test-ns" + } + + // Generate a unique wallet address for this namespace + wallet := fmt.Sprintf("0x%x", []byte(namespace+fmt.Sprintf("%d", time.Now().UnixNano()))) + if len(wallet) < 42 { + wallet = wallet + strings.Repeat("0", 42-len(wallet)) + } + if len(wallet) > 42 { + wallet = wallet[:42] + } + + // Create an API key for this namespace (handles async provisioning for non-default namespaces) + var err error + apiKey, err = createAPIKeyWithProvisioning(gatewayURL, wallet, namespace, 2*time.Minute) + if err != nil { + return nil, fmt.Errorf("failed to create API key for namespace %s: %w", namespace, err) + } + } else if namespace == "" { + namespace = GetClientNamespace() + } + + skipCleanup := os.Getenv("ORAMA_SKIP_CLEANUP") == "true" + + return &E2ETestEnv{ + GatewayURL: gatewayURL, + APIKey: apiKey, + Namespace: namespace, + BaseDomain: cfg.BaseDomain, + Config: cfg, + HTTPClient: NewHTTPClient(30 * time.Second), + SkipCleanup: skipCleanup, + }, nil +} + +// LoadTestEnvWithNamespace loads test environment with a specific namespace +// It creates a new API key for the specified namespace to ensure proper isolation +func LoadTestEnvWithNamespace(namespace string) (*E2ETestEnv, error) { + // Load E2E config (for base_domain and production settings) + cfg, err := LoadE2EConfig() + if err != nil { + cfg = DefaultConfig() + } + + gatewayURL := os.Getenv("ORAMA_GATEWAY_URL") + if gatewayURL == "" { + gatewayURL = GetGatewayURL() + } + + skipCleanup := os.Getenv("ORAMA_SKIP_CLEANUP") == "true" + + // Generate a unique wallet address for this namespace + // Using namespace as part of the wallet address for uniqueness + wallet := fmt.Sprintf("0x%x", []byte(namespace+fmt.Sprintf("%d", time.Now().UnixNano()))) + if len(wallet) < 42 { + wallet = wallet + strings.Repeat("0", 42-len(wallet)) + } + if len(wallet) > 42 { + wallet = wallet[:42] + } + + // Create an API key for this namespace (handles async provisioning for non-default namespaces) + apiKey, err := createAPIKeyWithProvisioning(gatewayURL, wallet, namespace, 2*time.Minute) + if err != nil { + return nil, fmt.Errorf("failed to create API key for namespace %s: %w", namespace, err) + } + + return &E2ETestEnv{ + GatewayURL: gatewayURL, + APIKey: apiKey, + Namespace: namespace, + BaseDomain: cfg.BaseDomain, + Config: cfg, + HTTPClient: NewHTTPClient(30 * time.Second), + SkipCleanup: skipCleanup, + }, nil +} + +// tarballFromDir creates a .tar.gz in memory from a directory. +func tarballFromDir(dirPath string) ([]byte, error) { + var buf bytes.Buffer + cmd := exec.Command("tar", "-czf", "-", "-C", dirPath, ".") + cmd.Stdout = &buf + cmd.Stderr = os.Stderr + if err := cmd.Run(); err != nil { + return nil, fmt.Errorf("tar failed: %w", err) + } + return buf.Bytes(), nil +} + +// CreateTestDeployment creates a test deployment and returns its ID. +// tarballPath can be a .tar.gz file or a directory (which will be tarred automatically). +func CreateTestDeployment(t *testing.T, env *E2ETestEnv, name, tarballPath string) string { + t.Helper() + + var fileData []byte + + info, err := os.Stat(tarballPath) + if err != nil { + t.Fatalf("failed to stat tarball path: %v", err) + } + + if info.IsDir() { + // Create tarball from directory + fileData, err = tarballFromDir(tarballPath) + if err != nil { + t.Fatalf("failed to create tarball from dir: %v", err) + } + } else { + fileData, err = os.ReadFile(tarballPath) + if err != nil { + t.Fatalf("failed to read tarball: %v", err) + } + } + + // Create multipart form + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + // Write name field + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(name + "\r\n") + + // NOTE: We intentionally do NOT send subdomain field + // This ensures only node-specific domains are created: {name}.node-{id}.domain + // Subdomain should only be sent if explicitly requested for custom domains + + // Write tarball file + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + + body.Write(fileData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/static/upload", body) + if err != nil { + t.Fatalf("failed to create request: %v", err) + } + + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Fatalf("failed to upload deployment: %v", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusCreated { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("deployment upload failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } + + var result map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + t.Fatalf("failed to decode response: %v", err) + } + + // Try both "id" and "deployment_id" field names + if id, ok := result["deployment_id"].(string); ok { + return id + } + if id, ok := result["id"].(string); ok { + return id + } + t.Fatalf("deployment response missing id field: %+v", result) + return "" +} + +// DeleteDeployment deletes a deployment by ID +func DeleteDeployment(t *testing.T, env *E2ETestEnv, deploymentID string) { + t.Helper() + + req, _ := http.NewRequest("DELETE", env.GatewayURL+"/v1/deployments/delete?id="+deploymentID, nil) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Logf("warning: failed to delete deployment: %v", err) + return + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + t.Logf("warning: delete deployment returned status %d", resp.StatusCode) + } +} + +// GetDeployment retrieves deployment metadata by ID +func GetDeployment(t *testing.T, env *E2ETestEnv, deploymentID string) map[string]interface{} { + t.Helper() + + req, _ := http.NewRequest("GET", env.GatewayURL+"/v1/deployments/get?id="+deploymentID, nil) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Fatalf("failed to get deployment: %v", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("get deployment failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } + + var deployment map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&deployment); err != nil { + t.Fatalf("failed to decode deployment: %v", err) + } + + return deployment +} + +// CreateSQLiteDB creates a SQLite database for a namespace +func CreateSQLiteDB(t *testing.T, env *E2ETestEnv, dbName string) { + t.Helper() + + reqBody := map[string]string{"database_name": dbName} + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", env.GatewayURL+"/v1/db/sqlite/create", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Fatalf("failed to create database: %v", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusCreated { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("create database failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } +} + +// DeleteSQLiteDB deletes a SQLite database +func DeleteSQLiteDB(t *testing.T, env *E2ETestEnv, dbName string) { + t.Helper() + + reqBody := map[string]string{"database_name": dbName} + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("DELETE", env.GatewayURL+"/v1/db/sqlite/delete", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Logf("warning: failed to delete database: %v", err) + return + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + t.Logf("warning: delete database returned status %d", resp.StatusCode) + } +} + +// ExecuteSQLQuery executes a SQL query on a database +func ExecuteSQLQuery(t *testing.T, env *E2ETestEnv, dbName, query string) map[string]interface{} { + t.Helper() + + reqBody := map[string]interface{}{ + "database_name": dbName, + "query": query, + } + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", env.GatewayURL+"/v1/db/sqlite/query", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Fatalf("failed to execute query: %v", err) + } + defer resp.Body.Close() + + var result map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + t.Fatalf("failed to decode query response: %v", err) + } + + if errMsg, ok := result["error"].(string); ok && errMsg != "" { + t.Fatalf("SQL query failed: %s", errMsg) + } + + return result +} + +// QuerySQLite executes a SELECT query and returns rows +func QuerySQLite(t *testing.T, env *E2ETestEnv, dbName, query string) []map[string]interface{} { + t.Helper() + + result := ExecuteSQLQuery(t, env, dbName, query) + + rows, ok := result["rows"].([]interface{}) + if !ok { + return []map[string]interface{}{} + } + + columns, _ := result["columns"].([]interface{}) + + var results []map[string]interface{} + for _, row := range rows { + rowData, ok := row.([]interface{}) + if !ok { + continue + } + + rowMap := make(map[string]interface{}) + for i, col := range columns { + if i < len(rowData) { + rowMap[col.(string)] = rowData[i] + } + } + results = append(results, rowMap) + } + + return results +} + +// UploadTestFile uploads a file to IPFS and returns the CID +func UploadTestFile(t *testing.T, env *E2ETestEnv, filename, content string) string { + t.Helper() + + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + body.WriteString("--" + boundary + "\r\n") + body.WriteString(fmt.Sprintf("Content-Disposition: form-data; name=\"file\"; filename=\"%s\"\r\n", filename)) + body.WriteString("Content-Type: text/plain\r\n\r\n") + body.WriteString(content) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, _ := http.NewRequest("POST", env.GatewayURL+"/v1/storage/upload", body) + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Fatalf("failed to upload file: %v", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("upload file failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } + + var result map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + t.Fatalf("failed to decode upload response: %v", err) + } + + cid, ok := result["cid"].(string) + if !ok { + t.Fatalf("CID not found in response") + } + + return cid +} + +// UnpinFile unpins a file from IPFS +func UnpinFile(t *testing.T, env *E2ETestEnv, cid string) { + t.Helper() + + reqBody := map[string]string{"cid": cid} + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", env.GatewayURL+"/v1/storage/unpin", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Logf("warning: failed to unpin file: %v", err) + return + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + t.Logf("warning: unpin file returned status %d", resp.StatusCode) + } +} + +// TestDeploymentWithHostHeader tests a deployment by setting the Host header +func TestDeploymentWithHostHeader(t *testing.T, env *E2ETestEnv, host, path string) *http.Response { + t.Helper() + + req, err := http.NewRequest("GET", env.GatewayURL+path, nil) + if err != nil { + t.Fatalf("failed to create request: %v", err) + } + + req.Host = host + + resp, err := env.HTTPClient.Do(req) + if err != nil { + t.Fatalf("failed to test deployment: %v", err) + } + + return resp +} + +// PutToOlric stores a key-value pair in Olric via the gateway HTTP API +func PutToOlric(gatewayURL, apiKey, dmap, key, value string) error { + reqBody := map[string]interface{}{ + "dmap": dmap, + "key": key, + "value": value, + } + bodyBytes, _ := json.Marshal(reqBody) + + req, err := http.NewRequest("POST", gatewayURL+"/v1/cache/put", strings.NewReader(string(bodyBytes))) + if err != nil { + return err + } + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+apiKey) + + client := &http.Client{Timeout: 10 * time.Second} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated { + body, _ := io.ReadAll(resp.Body) + return fmt.Errorf("put failed with status %d: %s", resp.StatusCode, string(body)) + } + return nil +} + +// GetFromOlric retrieves a value from Olric via the gateway HTTP API +func GetFromOlric(gatewayURL, apiKey, dmap, key string) (string, error) { + reqBody := map[string]interface{}{ + "dmap": dmap, + "key": key, + } + bodyBytes, _ := json.Marshal(reqBody) + + req, err := http.NewRequest("POST", gatewayURL+"/v1/cache/get", strings.NewReader(string(bodyBytes))) + if err != nil { + return "", err + } + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+apiKey) + + client := &http.Client{Timeout: 10 * time.Second} + resp, err := client.Do(req) + if err != nil { + return "", err + } + defer resp.Body.Close() + + if resp.StatusCode == http.StatusNotFound { + return "", fmt.Errorf("key not found") + } + if resp.StatusCode != http.StatusOK { + body, _ := io.ReadAll(resp.Body) + return "", fmt.Errorf("get failed with status %d: %s", resp.StatusCode, string(body)) + } + + body, _ := io.ReadAll(resp.Body) + var result map[string]interface{} + if err := json.Unmarshal(body, &result); err != nil { + return "", err + } + + if value, ok := result["value"].(string); ok { + return value, nil + } + if value, ok := result["value"]; ok { + return fmt.Sprintf("%v", value), nil + } + return "", fmt.Errorf("value not found in response") +} + +// WaitForHealthy waits for a deployment to become healthy +func WaitForHealthy(t *testing.T, env *E2ETestEnv, deploymentID string, timeout time.Duration) bool { + t.Helper() + + deadline := time.Now().Add(timeout) + + for time.Now().Before(deadline) { + deployment := GetDeployment(t, env, deploymentID) + + if status, ok := deployment["status"].(string); ok && status == "active" { + return true + } + + time.Sleep(1 * time.Second) + } + + return false +} diff --git a/e2e/concurrency_test.go b/e2e/integration/concurrency_test.go similarity index 78% rename from e2e/concurrency_test.go rename to e2e/integration/concurrency_test.go index 16342c8..967825d 100644 --- a/e2e/concurrency_test.go +++ b/e2e/integration/concurrency_test.go @@ -1,6 +1,6 @@ //go:build e2e -package e2e +package integration_test import ( "context" @@ -10,16 +10,18 @@ import ( "sync/atomic" "testing" "time" + + "github.com/DeBrosOfficial/network/e2e" ) // TestCache_ConcurrentWrites tests concurrent cache writes func TestCache_ConcurrentWrites(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() numGoroutines := 10 var wg sync.WaitGroup var errorCount int32 @@ -32,9 +34,9 @@ func TestCache_ConcurrentWrites(t *testing.T) { key := fmt.Sprintf("key-%d", idx) value := fmt.Sprintf("value-%d", idx) - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -56,9 +58,9 @@ func TestCache_ConcurrentWrites(t *testing.T) { } // Verify all values exist - scanReq := &HTTPRequest{ + scanReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/scan", + URL: e2e.GetGatewayURL() + "/v1/cache/scan", Body: map[string]interface{}{ "dmap": dmap, }, @@ -70,7 +72,7 @@ func TestCache_ConcurrentWrites(t *testing.T) { } var scanResp map[string]interface{} - if err := DecodeJSON(body, &scanResp); err != nil { + if err := e2e.DecodeJSON(body, &scanResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -82,19 +84,19 @@ func TestCache_ConcurrentWrites(t *testing.T) { // TestCache_ConcurrentReads tests concurrent cache reads func TestCache_ConcurrentReads(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() key := "shared-key" value := "shared-value" // Put value first - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -117,9 +119,9 @@ func TestCache_ConcurrentReads(t *testing.T) { go func() { defer wg.Done() - getReq := &HTTPRequest{ + getReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/get", + URL: e2e.GetGatewayURL() + "/v1/cache/get", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -133,7 +135,7 @@ func TestCache_ConcurrentReads(t *testing.T) { } var getResp map[string]interface{} - if err := DecodeJSON(body, &getResp); err != nil { + if err := e2e.DecodeJSON(body, &getResp); err != nil { atomic.AddInt32(&errorCount, 1) return } @@ -153,12 +155,12 @@ func TestCache_ConcurrentReads(t *testing.T) { // TestCache_ConcurrentDeleteAndWrite tests concurrent delete and write func TestCache_ConcurrentDeleteAndWrite(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() var wg sync.WaitGroup var errorCount int32 @@ -174,9 +176,9 @@ func TestCache_ConcurrentDeleteAndWrite(t *testing.T) { key := fmt.Sprintf("key-%d", idx) value := fmt.Sprintf("value-%d", idx) - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -201,9 +203,9 @@ func TestCache_ConcurrentDeleteAndWrite(t *testing.T) { key := fmt.Sprintf("key-%d", idx) - deleteReq := &HTTPRequest{ + deleteReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/delete", + URL: e2e.GetGatewayURL() + "/v1/cache/delete", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -226,21 +228,32 @@ func TestCache_ConcurrentDeleteAndWrite(t *testing.T) { // TestRQLite_ConcurrentInserts tests concurrent database inserts func TestRQLite_ConcurrentInserts(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - table := GenerateTableName() + table := e2e.GenerateTableName() + + // Cleanup table after test + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + } + dropReq.Do(context.Background()) + }() + schema := fmt.Sprintf( "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY AUTOINCREMENT, value INTEGER)", table, ) // Create table - createReq := &HTTPRequest{ + createReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/create-table", + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", Body: map[string]interface{}{ "schema": schema, }, @@ -261,9 +274,9 @@ func TestRQLite_ConcurrentInserts(t *testing.T) { go func(idx int) { defer wg.Done() - txReq := &HTTPRequest{ + txReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/transaction", + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", Body: map[string]interface{}{ "statements": []string{ fmt.Sprintf("INSERT INTO %s(value) VALUES (%d)", table, idx), @@ -285,9 +298,9 @@ func TestRQLite_ConcurrentInserts(t *testing.T) { } // Verify count - queryReq := &HTTPRequest{ + queryReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/query", + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", Body: map[string]interface{}{ "sql": fmt.Sprintf("SELECT COUNT(*) as count FROM %s", table), }, @@ -299,7 +312,7 @@ func TestRQLite_ConcurrentInserts(t *testing.T) { } var countResp map[string]interface{} - if err := DecodeJSON(body, &countResp); err != nil { + if err := e2e.DecodeJSON(body, &countResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -314,21 +327,32 @@ func TestRQLite_ConcurrentInserts(t *testing.T) { // TestRQLite_LargeBatchTransaction tests a large transaction with many statements func TestRQLite_LargeBatchTransaction(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - table := GenerateTableName() + table := e2e.GenerateTableName() + + // Cleanup table after test + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + } + dropReq.Do(context.Background()) + }() + schema := fmt.Sprintf( "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY AUTOINCREMENT, value TEXT)", table, ) // Create table - createReq := &HTTPRequest{ + createReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/create-table", + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", Body: map[string]interface{}{ "schema": schema, }, @@ -348,9 +372,9 @@ func TestRQLite_LargeBatchTransaction(t *testing.T) { }) } - txReq := &HTTPRequest{ + txReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/transaction", + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", Body: map[string]interface{}{ "ops": ops, }, @@ -362,9 +386,9 @@ func TestRQLite_LargeBatchTransaction(t *testing.T) { } // Verify count - queryReq := &HTTPRequest{ + queryReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/query", + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", Body: map[string]interface{}{ "sql": fmt.Sprintf("SELECT COUNT(*) as count FROM %s", table), }, @@ -376,7 +400,7 @@ func TestRQLite_LargeBatchTransaction(t *testing.T) { } var countResp map[string]interface{} - if err := DecodeJSON(body, &countResp); err != nil { + if err := e2e.DecodeJSON(body, &countResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -390,19 +414,19 @@ func TestRQLite_LargeBatchTransaction(t *testing.T) { // TestCache_TTLExpiryWithSleep tests TTL expiry with a controlled sleep func TestCache_TTLExpiryWithSleep(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() key := "ttl-expiry-key" value := "ttl-expiry-value" // Put value with 2 second TTL - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -417,9 +441,9 @@ func TestCache_TTLExpiryWithSleep(t *testing.T) { } // Verify exists immediately - getReq := &HTTPRequest{ + getReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/get", + URL: e2e.GetGatewayURL() + "/v1/cache/get", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -432,7 +456,7 @@ func TestCache_TTLExpiryWithSleep(t *testing.T) { } // Sleep for TTL duration + buffer - Delay(2500) + e2e.Delay(2500) // Try to get after TTL expires _, status, err = getReq.Do(ctx) @@ -443,21 +467,21 @@ func TestCache_TTLExpiryWithSleep(t *testing.T) { // TestCache_ConcurrentWriteAndDelete tests concurrent writes and deletes on same key func TestCache_ConcurrentWriteAndDelete(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() key := "contested-key" // Alternate between writes and deletes numIterations := 5 for i := 0; i < numIterations; i++ { // Write - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -471,9 +495,9 @@ func TestCache_ConcurrentWriteAndDelete(t *testing.T) { } // Read - getReq := &HTTPRequest{ + getReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/get", + URL: e2e.GetGatewayURL() + "/v1/cache/get", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -486,9 +510,9 @@ func TestCache_ConcurrentWriteAndDelete(t *testing.T) { } // Delete - deleteReq := &HTTPRequest{ + deleteReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/delete", + URL: e2e.GetGatewayURL() + "/v1/cache/delete", Body: map[string]interface{}{ "dmap": dmap, "key": key, diff --git a/e2e/integration/data_persistence_test.go b/e2e/integration/data_persistence_test.go new file mode 100644 index 0000000..da1a923 --- /dev/null +++ b/e2e/integration/data_persistence_test.go @@ -0,0 +1,462 @@ +//go:build e2e + +package integration_test + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "os" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/require" +) + +// ============================================================================= +// STRICT DATA PERSISTENCE TESTS +// These tests verify that data is properly persisted and survives operations. +// Tests FAIL if data is lost or corrupted. +// ============================================================================= + +// TestRQLite_DataPersistence verifies that RQLite data is persisted through the gateway. +func TestRQLite_DataPersistence(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + tableName := fmt.Sprintf("persist_test_%d", time.Now().UnixNano()) + + // Cleanup + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": tableName}, + } + dropReq.Do(context.Background()) + }() + + // Create table + createReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", + Body: map[string]interface{}{ + "schema": fmt.Sprintf( + "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY, value TEXT, version INTEGER)", + tableName, + ), + }, + } + + _, status, err := createReq.Do(ctx) + require.NoError(t, err, "FAIL: Could not create table") + require.True(t, status == http.StatusCreated || status == http.StatusOK, + "FAIL: Create table returned status %d", status) + + t.Run("Data_survives_multiple_writes", func(t *testing.T) { + // Insert initial data + var statements []string + for i := 1; i <= 10; i++ { + statements = append(statements, + fmt.Sprintf("INSERT INTO %s (value, version) VALUES ('item_%d', %d)", tableName, i, i)) + } + + insertReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", + Body: map[string]interface{}{"statements": statements}, + } + + _, status, err := insertReq.Do(ctx) + require.NoError(t, err, "FAIL: Could not insert rows") + require.Equal(t, http.StatusOK, status, "FAIL: Insert returned status %d", status) + + // Verify all data exists + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT COUNT(*) FROM %s", tableName), + }, + } + + body, status, err := queryReq.Do(ctx) + require.NoError(t, err, "FAIL: Could not count rows") + require.Equal(t, http.StatusOK, status, "FAIL: Count query returned status %d", status) + + var queryResp map[string]interface{} + e2e.DecodeJSON(body, &queryResp) + + if rows, ok := queryResp["rows"].([]interface{}); ok && len(rows) > 0 { + row := rows[0].([]interface{}) + count := int(row[0].(float64)) + require.Equal(t, 10, count, "FAIL: Expected 10 rows, got %d", count) + } + + // Update data + updateReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", + Body: map[string]interface{}{ + "statements": []string{ + fmt.Sprintf("UPDATE %s SET version = version + 100 WHERE version <= 5", tableName), + }, + }, + } + + _, status, err = updateReq.Do(ctx) + require.NoError(t, err, "FAIL: Could not update rows") + require.Equal(t, http.StatusOK, status, "FAIL: Update returned status %d", status) + + // Verify updates persisted + queryUpdatedReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT COUNT(*) FROM %s WHERE version > 100", tableName), + }, + } + + body, status, err = queryUpdatedReq.Do(ctx) + require.NoError(t, err, "FAIL: Could not count updated rows") + require.Equal(t, http.StatusOK, status, "FAIL: Count updated query returned status %d", status) + + e2e.DecodeJSON(body, &queryResp) + if rows, ok := queryResp["rows"].([]interface{}); ok && len(rows) > 0 { + row := rows[0].([]interface{}) + count := int(row[0].(float64)) + require.Equal(t, 5, count, "FAIL: Expected 5 updated rows, got %d", count) + } + + t.Logf(" ✓ Data persists through multiple write operations") + }) + + t.Run("Deletes_are_persisted", func(t *testing.T) { + // Delete some rows + deleteReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", + Body: map[string]interface{}{ + "statements": []string{ + fmt.Sprintf("DELETE FROM %s WHERE version > 100", tableName), + }, + }, + } + + _, status, err := deleteReq.Do(ctx) + require.NoError(t, err, "FAIL: Could not delete rows") + require.Equal(t, http.StatusOK, status, "FAIL: Delete returned status %d", status) + + // Verify deletes persisted + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT COUNT(*) FROM %s", tableName), + }, + } + + body, status, err := queryReq.Do(ctx) + require.NoError(t, err, "FAIL: Could not count remaining rows") + require.Equal(t, http.StatusOK, status, "FAIL: Count query returned status %d", status) + + var queryResp map[string]interface{} + e2e.DecodeJSON(body, &queryResp) + + if rows, ok := queryResp["rows"].([]interface{}); ok && len(rows) > 0 { + row := rows[0].([]interface{}) + count := int(row[0].(float64)) + require.Equal(t, 5, count, "FAIL: Expected 5 rows after delete, got %d", count) + } + + t.Logf(" ✓ Deletes are properly persisted") + }) +} + +// TestRQLite_DataFilesExist verifies RQLite data files are created on disk. +func TestRQLite_DataFilesExist(t *testing.T) { + homeDir, err := os.UserHomeDir() + require.NoError(t, err, "FAIL: Could not get home directory") + + // Check for RQLite data directories + dataLocations := []string{ + filepath.Join(homeDir, ".orama", "node-1", "rqlite"), + filepath.Join(homeDir, ".orama", "node-2", "rqlite"), + filepath.Join(homeDir, ".orama", "node-3", "rqlite"), + filepath.Join(homeDir, ".orama", "node-4", "rqlite"), + filepath.Join(homeDir, ".orama", "node-5", "rqlite"), + } + + foundDataDirs := 0 + for _, dataDir := range dataLocations { + if _, err := os.Stat(dataDir); err == nil { + foundDataDirs++ + t.Logf(" ✓ Found RQLite data directory: %s", dataDir) + + // Check for Raft log files + entries, _ := os.ReadDir(dataDir) + for _, entry := range entries { + t.Logf(" - %s", entry.Name()) + } + } + } + + require.Greater(t, foundDataDirs, 0, + "FAIL: No RQLite data directories found - data may not be persisted") + t.Logf(" Found %d RQLite data directories", foundDataDirs) +} + +// TestOlric_DataPersistence verifies Olric cache data persistence. +// Note: Olric is an in-memory cache, so this tests data survival during runtime. +func TestOlric_DataPersistence(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "FAIL: Could not load test environment") + + dmap := fmt.Sprintf("persist_cache_%d", time.Now().UnixNano()) + + t.Run("Cache_data_survives_multiple_operations", func(t *testing.T) { + // Put multiple keys + keys := make(map[string]string) + for i := 0; i < 10; i++ { + key := fmt.Sprintf("persist_key_%d", i) + value := fmt.Sprintf("persist_value_%d", i) + keys[key] = value + + err := e2e.PutToOlric(env.GatewayURL, env.APIKey, dmap, key, value) + require.NoError(t, err, "FAIL: Could not put key %s", key) + } + + // Perform other operations + err := e2e.PutToOlric(env.GatewayURL, env.APIKey, dmap, "other_key", "other_value") + require.NoError(t, err, "FAIL: Could not put other key") + + // Verify original keys still exist + for key, expectedValue := range keys { + retrieved, err := e2e.GetFromOlric(env.GatewayURL, env.APIKey, dmap, key) + require.NoError(t, err, "FAIL: Key %s not found after other operations", key) + require.Equal(t, expectedValue, retrieved, "FAIL: Value mismatch for key %s", key) + } + + t.Logf(" ✓ Cache data survives multiple operations") + }) +} + +// TestNamespaceCluster_DataPersistence verifies namespace-specific data is isolated and persisted. +func TestNamespaceCluster_DataPersistence(t *testing.T) { + // Create namespace + namespace := fmt.Sprintf("persist-ns-%d", time.Now().UnixNano()) + env, err := e2e.LoadTestEnvWithNamespace(namespace) + require.NoError(t, err, "FAIL: Could not create namespace") + + t.Logf("Created namespace: %s", namespace) + + ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) + defer cancel() + + t.Run("Namespace_data_is_isolated", func(t *testing.T) { + // Create data via gateway API + tableName := fmt.Sprintf("ns_data_%d", time.Now().UnixNano()) + + req := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/rqlite/create-table", + Headers: map[string]string{ + "Authorization": "Bearer " + env.APIKey, + }, + Body: map[string]interface{}{ + "schema": fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY, value TEXT)", tableName), + }, + } + + _, status, err := req.Do(ctx) + require.NoError(t, err, "FAIL: Could not create table in namespace") + require.True(t, status == http.StatusOK || status == http.StatusCreated, + "FAIL: Create table returned status %d", status) + + // Insert data + insertReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/rqlite/transaction", + Headers: map[string]string{ + "Authorization": "Bearer " + env.APIKey, + }, + Body: map[string]interface{}{ + "statements": []string{ + fmt.Sprintf("INSERT INTO %s (value) VALUES ('ns_test_value')", tableName), + }, + }, + } + + _, status, err = insertReq.Do(ctx) + require.NoError(t, err, "FAIL: Could not insert into namespace table") + require.Equal(t, http.StatusOK, status, "FAIL: Insert returned status %d", status) + + // Verify data exists + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/rqlite/query", + Headers: map[string]string{ + "Authorization": "Bearer " + env.APIKey, + }, + Body: map[string]interface{}{ + "sql": fmt.Sprintf("SELECT value FROM %s", tableName), + }, + } + + body, status, err := queryReq.Do(ctx) + require.NoError(t, err, "FAIL: Could not query namespace table") + require.Equal(t, http.StatusOK, status, "FAIL: Query returned status %d", status) + + var queryResp map[string]interface{} + json.Unmarshal(body, &queryResp) + count, _ := queryResp["count"].(float64) + require.Equal(t, float64(1), count, "FAIL: Expected 1 row in namespace table") + + t.Logf(" ✓ Namespace data is isolated and persisted") + }) +} + +// TestIPFS_DataPersistence verifies IPFS content is persisted and pinned. +// Note: Detailed IPFS tests are in storage_http_test.go. This test uses the helper from env.go. +func TestIPFS_DataPersistence(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "FAIL: Could not load test environment") + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + t.Run("Uploaded_content_persists", func(t *testing.T) { + // Use helper function to upload content via multipart form + content := fmt.Sprintf("persistent content %d", time.Now().UnixNano()) + cid := e2e.UploadTestFile(t, env, "persist_test.txt", content) + require.NotEmpty(t, cid, "FAIL: No CID returned from upload") + t.Logf(" Uploaded content with CID: %s", cid) + + // Verify content can be retrieved + getReq := &e2e.HTTPRequest{ + Method: http.MethodGet, + URL: env.GatewayURL + "/v1/storage/get/" + cid, + Headers: map[string]string{ + "Authorization": "Bearer " + env.APIKey, + }, + } + + respBody, status, err := getReq.Do(ctx) + require.NoError(t, err, "FAIL: Get content failed") + require.Equal(t, http.StatusOK, status, "FAIL: Get returned status %d", status) + require.Contains(t, string(respBody), "persistent content", + "FAIL: Retrieved content doesn't match uploaded content") + + t.Logf(" ✓ IPFS content persists and is retrievable") + }) +} + +// TestSQLite_DataPersistence verifies per-deployment SQLite databases persist. +func TestSQLite_DataPersistence(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "FAIL: Could not load test environment") + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + dbName := fmt.Sprintf("persist_db_%d", time.Now().UnixNano()) + + t.Run("SQLite_database_persists", func(t *testing.T) { + // Create database + createReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/db/sqlite/create", + Headers: map[string]string{ + "Authorization": "Bearer " + env.APIKey, + }, + Body: map[string]interface{}{ + "database_name": dbName, + }, + } + + _, status, err := createReq.Do(ctx) + require.NoError(t, err, "FAIL: Create database failed") + require.True(t, status == http.StatusOK || status == http.StatusCreated, + "FAIL: Create returned status %d", status) + t.Logf(" Created SQLite database: %s", dbName) + + // Create table and insert data + queryReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/db/sqlite/query", + Headers: map[string]string{ + "Authorization": "Bearer " + env.APIKey, + }, + Body: map[string]interface{}{ + "database_name": dbName, + "query": "CREATE TABLE IF NOT EXISTS test_table (id INTEGER PRIMARY KEY, data TEXT)", + }, + } + + _, status, err = queryReq.Do(ctx) + require.NoError(t, err, "FAIL: Create table failed") + require.Equal(t, http.StatusOK, status, "FAIL: Create table returned status %d", status) + + // Insert data + insertReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/db/sqlite/query", + Headers: map[string]string{ + "Authorization": "Bearer " + env.APIKey, + }, + Body: map[string]interface{}{ + "database_name": dbName, + "query": "INSERT INTO test_table (data) VALUES ('persistent_data')", + }, + } + + _, status, err = insertReq.Do(ctx) + require.NoError(t, err, "FAIL: Insert failed") + require.Equal(t, http.StatusOK, status, "FAIL: Insert returned status %d", status) + + // Verify data persists + selectReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: env.GatewayURL + "/v1/db/sqlite/query", + Headers: map[string]string{ + "Authorization": "Bearer " + env.APIKey, + }, + Body: map[string]interface{}{ + "database_name": dbName, + "query": "SELECT data FROM test_table", + }, + } + + body, status, err := selectReq.Do(ctx) + require.NoError(t, err, "FAIL: Select failed") + require.Equal(t, http.StatusOK, status, "FAIL: Select returned status %d", status) + require.Contains(t, string(body), "persistent_data", + "FAIL: Data not found in SQLite database") + + t.Logf(" ✓ SQLite database data persists") + }) + + t.Run("SQLite_database_listed", func(t *testing.T) { + // List databases to verify it was persisted + listReq := &e2e.HTTPRequest{ + Method: http.MethodGet, + URL: env.GatewayURL + "/v1/db/sqlite/list", + Headers: map[string]string{ + "Authorization": "Bearer " + env.APIKey, + }, + } + + body, status, err := listReq.Do(ctx) + require.NoError(t, err, "FAIL: List databases failed") + require.Equal(t, http.StatusOK, status, "FAIL: List returned status %d", status) + require.Contains(t, string(body), dbName, + "FAIL: Created database not found in list") + + t.Logf(" ✓ SQLite database appears in list") + }) +} diff --git a/e2e/integration/domain_routing_test.go b/e2e/integration/domain_routing_test.go new file mode 100644 index 0000000..78ff76d --- /dev/null +++ b/e2e/integration/domain_routing_test.go @@ -0,0 +1,356 @@ +//go:build e2e + +package integration_test + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "path/filepath" + "strings" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestDomainRouting_BasicRouting(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("test-routing-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + // Wait for deployment to be active + time.Sleep(2 * time.Second) + + // Get deployment details for debugging + deployment := e2e.GetDeployment(t, env, deploymentID) + t.Logf("Deployment created: ID=%s, CID=%s, Name=%s, Status=%s", + deploymentID, deployment["content_cid"], deployment["name"], deployment["status"]) + + t.Run("Standard domain resolves", func(t *testing.T) { + // Domain format: {deploymentName}.{baseDomain} + domain := env.BuildDeploymentDomain(deploymentName) + + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "Should return 200 OK") + + body, err := io.ReadAll(resp.Body) + require.NoError(t, err, "Should read response body") + + assert.Contains(t, string(body), "
", "Should serve React app") + assert.Contains(t, resp.Header.Get("Content-Type"), "text/html", "Content-Type should be HTML") + + t.Logf("✓ Standard domain routing works: %s", domain) + }) + + t.Run("Non-debros domain passes through", func(t *testing.T) { + // Request with non-debros domain should not route to deployment + resp := e2e.TestDeploymentWithHostHeader(t, env, "example.com", "/") + defer resp.Body.Close() + + // Should either return 404 or pass to default handler + assert.NotEqual(t, http.StatusOK, resp.StatusCode, + "Non-debros domain should not route to deployment") + + t.Logf("✓ Non-debros domains correctly pass through (status: %d)", resp.StatusCode) + }) + + t.Run("API paths bypass domain routing", func(t *testing.T) { + // /v1/* paths should bypass domain routing and use API key auth + domain := env.BuildDeploymentDomain(deploymentName) + + req, _ := http.NewRequest("GET", env.GatewayURL+"/v1/deployments/list", nil) + req.Host = domain + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Should execute request") + defer resp.Body.Close() + + // Should return API response, not deployment content + assert.Equal(t, http.StatusOK, resp.StatusCode, "API endpoint should work") + + var result map[string]interface{} + bodyBytes, _ := io.ReadAll(resp.Body) + err = json.Unmarshal(bodyBytes, &result) + + // Should be JSON API response + assert.NoError(t, err, "Should decode JSON (API response)") + assert.NotNil(t, result["deployments"], "Should have deployments field") + + t.Logf("✓ API paths correctly bypass domain routing") + }) + + t.Run("Well-known paths bypass domain routing", func(t *testing.T) { + domain := env.BuildDeploymentDomain(deploymentName) + + // /.well-known/ paths should bypass (used for ACME challenges, etc.) + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/.well-known/acme-challenge/test") + defer resp.Body.Close() + + // Should not serve deployment content + // Exact status depends on implementation, but shouldn't be deployment content + body, _ := io.ReadAll(resp.Body) + bodyStr := string(body) + + // Shouldn't contain React app content + if resp.StatusCode == http.StatusOK { + assert.NotContains(t, bodyStr, "
", + "Well-known paths should not serve deployment content") + } + + t.Logf("✓ Well-known paths bypass routing (status: %d)", resp.StatusCode) + }) +} + +func TestDomainRouting_MultipleDeployments(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + tarballPath := filepath.Join("../../testdata/apps/react-app") + + // Create multiple deployments + deployment1Name := fmt.Sprintf("test-multi-1-%d", time.Now().Unix()) + deployment2Name := fmt.Sprintf("test-multi-2-%d", time.Now().Unix()) + + deployment1ID := e2e.CreateTestDeployment(t, env, deployment1Name, tarballPath) + time.Sleep(1 * time.Second) + deployment2ID := e2e.CreateTestDeployment(t, env, deployment2Name, tarballPath) + + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deployment1ID) + e2e.DeleteDeployment(t, env, deployment2ID) + } + }() + + time.Sleep(2 * time.Second) + + t.Run("Each deployment routes independently", func(t *testing.T) { + domain1 := env.BuildDeploymentDomain(deployment1Name) + domain2 := env.BuildDeploymentDomain(deployment2Name) + + // Test deployment 1 + resp1 := e2e.TestDeploymentWithHostHeader(t, env, domain1, "/") + defer resp1.Body.Close() + + assert.Equal(t, http.StatusOK, resp1.StatusCode, "Deployment 1 should serve") + + // Test deployment 2 + resp2 := e2e.TestDeploymentWithHostHeader(t, env, domain2, "/") + defer resp2.Body.Close() + + assert.Equal(t, http.StatusOK, resp2.StatusCode, "Deployment 2 should serve") + + t.Logf("✓ Multiple deployments route independently") + t.Logf(" - Domain 1: %s", domain1) + t.Logf(" - Domain 2: %s", domain2) + }) + + t.Run("Wrong domain returns 404", func(t *testing.T) { + // Request with non-existent deployment subdomain + fakeDeploymentDomain := env.BuildDeploymentDomain(fmt.Sprintf("nonexistent-deployment-%d", time.Now().Unix())) + + resp := e2e.TestDeploymentWithHostHeader(t, env, fakeDeploymentDomain, "/") + defer resp.Body.Close() + + assert.Equal(t, http.StatusNotFound, resp.StatusCode, + "Non-existent deployment should return 404") + + t.Logf("✓ Non-existent deployment returns 404") + }) +} + +func TestDomainRouting_ContentTypes(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("test-content-types-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + time.Sleep(2 * time.Second) + + domain := env.BuildDeploymentDomain(deploymentName) + + contentTypeTests := []struct { + path string + shouldHave string + description string + }{ + {"/", "text/html", "HTML root"}, + {"/index.html", "text/html", "HTML file"}, + } + + for _, test := range contentTypeTests { + t.Run(test.description, func(t *testing.T) { + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, test.path) + defer resp.Body.Close() + + if resp.StatusCode == http.StatusOK { + contentType := resp.Header.Get("Content-Type") + assert.Contains(t, contentType, test.shouldHave, + "Content-Type for %s should contain %s", test.path, test.shouldHave) + + t.Logf("✓ %s: %s", test.description, contentType) + } else { + t.Logf("⚠ %s returned status %d", test.path, resp.StatusCode) + } + }) + } +} + +func TestDomainRouting_SPAFallback(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("test-spa-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + time.Sleep(2 * time.Second) + + domain := env.BuildDeploymentDomain(deploymentName) + + t.Run("Unknown paths fall back to index.html", func(t *testing.T) { + unknownPaths := []string{ + "/about", + "/users/123", + "/settings/profile", + "/some/deep/nested/path", + } + + for _, path := range unknownPaths { + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, path) + body, _ := io.ReadAll(resp.Body) + resp.Body.Close() + + // Should return index.html for SPA routing + assert.Equal(t, http.StatusOK, resp.StatusCode, + "SPA fallback should return 200 for %s", path) + + assert.Contains(t, string(body), "
", + "SPA fallback should return index.html for %s", path) + } + + t.Logf("✓ SPA fallback routing verified for %d paths", len(unknownPaths)) + }) +} + +// TestDeployment_DomainFormat verifies that deployment URLs use the correct format: +// - CORRECT: {name}-{random}.{baseDomain} (e.g., "myapp-f3o4if.dbrs.space") +// - WRONG: {name}.node-{shortID}.{baseDomain} (should NOT exist) +func TestDeployment_DomainFormat(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("format-test-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + // Wait for deployment + time.Sleep(2 * time.Second) + + t.Run("Deployment URL has correct format", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + // Get the deployment URLs + urls, ok := deployment["urls"].([]interface{}) + if !ok || len(urls) == 0 { + // Fall back to single url field + if url, ok := deployment["url"].(string); ok && url != "" { + urls = []interface{}{url} + } + } + + // Get the subdomain from deployment response + subdomain, _ := deployment["subdomain"].(string) + t.Logf("Deployment subdomain: %s", subdomain) + t.Logf("Deployment URLs: %v", urls) + + foundCorrectFormat := false + for _, u := range urls { + urlStr, ok := u.(string) + if !ok { + continue + } + + // URL should start with https://{name}- + expectedPrefix := fmt.Sprintf("https://%s-", deploymentName) + if strings.HasPrefix(urlStr, expectedPrefix) { + foundCorrectFormat = true + } + + // URL should contain base domain + assert.Contains(t, urlStr, env.BaseDomain, + "URL should contain base domain %s", env.BaseDomain) + + // URL should NOT contain node identifier pattern + assert.NotContains(t, urlStr, ".node-", + "URL should NOT have node identifier (got: %s)", urlStr) + } + + if len(urls) > 0 { + assert.True(t, foundCorrectFormat, "Should find URL with correct domain format (https://{name}-{random}.{baseDomain})") + } + + t.Logf("✓ Domain format verification passed") + t.Logf(" - Format: {name}-{random}.{baseDomain}") + }) + + t.Run("Domain resolves via Host header", func(t *testing.T) { + // Get the actual subdomain from the deployment + deployment := e2e.GetDeployment(t, env, deploymentID) + subdomain, _ := deployment["subdomain"].(string) + if subdomain == "" { + t.Skip("No subdomain set, skipping host header test") + } + domain := subdomain + "." + env.BaseDomain + + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, + "Domain %s should resolve successfully", domain) + + body, err := io.ReadAll(resp.Body) + require.NoError(t, err) + + assert.Contains(t, string(body), "
", + "Should serve deployment content") + + t.Logf("✓ Domain %s resolves correctly", domain) + }) +} diff --git a/e2e/integration/fullstack_integration_test.go b/e2e/integration/fullstack_integration_test.go new file mode 100644 index 0000000..9ccda8b --- /dev/null +++ b/e2e/integration/fullstack_integration_test.go @@ -0,0 +1,278 @@ +//go:build e2e + +package integration_test + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestFullStack_GoAPI_SQLite(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + appName := fmt.Sprintf("fullstack-app-%d", time.Now().Unix()) + backendName := appName + "-backend" + dbName := appName + "-db" + + var backendID string + + defer func() { + if !env.SkipCleanup { + if backendID != "" { + e2e.DeleteDeployment(t, env, backendID) + } + e2e.DeleteSQLiteDB(t, env, dbName) + } + }() + + // Step 1: Create SQLite database + t.Run("Create SQLite database", func(t *testing.T) { + e2e.CreateSQLiteDB(t, env, dbName) + + // Create users table + query := `CREATE TABLE users ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + name TEXT NOT NULL, + email TEXT UNIQUE NOT NULL, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + )` + e2e.ExecuteSQLQuery(t, env, dbName, query) + + // Insert test data + insertQuery := `INSERT INTO users (name, email) VALUES ('Alice', 'alice@example.com')` + result := e2e.ExecuteSQLQuery(t, env, dbName, insertQuery) + + assert.NotNil(t, result, "Should execute INSERT successfully") + t.Logf("✓ Database created with users table") + }) + + // Step 2: Deploy Go backend (this would normally connect to SQLite) + // Note: For now we test the Go backend deployment without actual DB connection + // as that requires environment variable injection during deployment + t.Run("Deploy Go backend", func(t *testing.T) { + tarballPath := filepath.Join("../../testdata/apps/go-api") + + // Note: In a real implementation, we would pass DATABASE_NAME env var + // For now, we just test the deployment mechanism + backendID = e2e.CreateTestDeployment(t, env, backendName, tarballPath) + + assert.NotEmpty(t, backendID, "Backend deployment ID should not be empty") + t.Logf("✓ Go backend deployed: %s", backendName) + + // Wait for deployment to become active + time.Sleep(3 * time.Second) + }) + + // Step 3: Test database operations + t.Run("Test database CRUD operations", func(t *testing.T) { + // INSERT + insertQuery := `INSERT INTO users (name, email) VALUES ('Bob', 'bob@example.com')` + e2e.ExecuteSQLQuery(t, env, dbName, insertQuery) + + // SELECT + users := e2e.QuerySQLite(t, env, dbName, "SELECT * FROM users ORDER BY id") + require.GreaterOrEqual(t, len(users), 2, "Should have at least 2 users") + + assert.Equal(t, "Alice", users[0]["name"], "First user should be Alice") + assert.Equal(t, "Bob", users[1]["name"], "Second user should be Bob") + + t.Logf("✓ Database CRUD operations work") + t.Logf(" - Found %d users", len(users)) + + // UPDATE + updateQuery := `UPDATE users SET email = 'alice.new@example.com' WHERE name = 'Alice'` + result := e2e.ExecuteSQLQuery(t, env, dbName, updateQuery) + + rowsAffected, ok := result["rows_affected"].(float64) + require.True(t, ok, "Should have rows_affected") + assert.Equal(t, float64(1), rowsAffected, "Should update 1 row") + + // Verify update + updated := e2e.QuerySQLite(t, env, dbName, "SELECT email FROM users WHERE name = 'Alice'") + require.Len(t, updated, 1, "Should find Alice") + assert.Equal(t, "alice.new@example.com", updated[0]["email"], "Email should be updated") + + t.Logf("✓ UPDATE operation verified") + + // DELETE + deleteQuery := `DELETE FROM users WHERE name = 'Bob'` + result = e2e.ExecuteSQLQuery(t, env, dbName, deleteQuery) + + rowsAffected, ok = result["rows_affected"].(float64) + require.True(t, ok, "Should have rows_affected") + assert.Equal(t, float64(1), rowsAffected, "Should delete 1 row") + + // Verify deletion + remaining := e2e.QuerySQLite(t, env, dbName, "SELECT * FROM users") + assert.Equal(t, 1, len(remaining), "Should have 1 user remaining") + + t.Logf("✓ DELETE operation verified") + }) + + // Step 4: Test backend API endpoints (if deployment is active) + t.Run("Test backend API endpoints", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, backendID) + + status, ok := deployment["status"].(string) + if !ok || status != "active" { + t.Skip("Backend deployment not active, skipping API tests") + return + } + + backendDomain := env.BuildDeploymentDomain(backendName) + + // Test health endpoint + resp := e2e.TestDeploymentWithHostHeader(t, env, backendDomain, "/health") + defer resp.Body.Close() + + if resp.StatusCode == http.StatusOK { + var health map[string]interface{} + bodyBytes, _ := io.ReadAll(resp.Body) + require.NoError(t, json.Unmarshal(bodyBytes, &health), "Should decode health response") + + assert.Equal(t, "healthy", health["status"], "Status should be healthy") + assert.Equal(t, "go-backend-test", health["service"], "Service name should match") + + t.Logf("✓ Backend health check passed") + } else { + t.Logf("⚠ Health check returned status %d (deployment may still be starting)", resp.StatusCode) + } + + // Test users API endpoint + resp2 := e2e.TestDeploymentWithHostHeader(t, env, backendDomain, "/api/users") + defer resp2.Body.Close() + + if resp2.StatusCode == http.StatusOK { + var usersResp map[string]interface{} + bodyBytes, _ := io.ReadAll(resp2.Body) + require.NoError(t, json.Unmarshal(bodyBytes, &usersResp), "Should decode users response") + + users, ok := usersResp["users"].([]interface{}) + require.True(t, ok, "Should have users array") + assert.GreaterOrEqual(t, len(users), 3, "Should have test users") + + t.Logf("✓ Backend API endpoint works") + t.Logf(" - Users endpoint returned %d users", len(users)) + } else { + t.Logf("⚠ Users API returned status %d (deployment may still be starting)", resp2.StatusCode) + } + }) + + // Step 5: Test database backup + t.Run("Test database backup", func(t *testing.T) { + reqBody := map[string]string{"database_name": dbName} + bodyBytes, _ := json.Marshal(reqBody) + + req, _ := http.NewRequest("POST", env.GatewayURL+"/v1/db/sqlite/backup", bytes.NewReader(bodyBytes)) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + req.Header.Set("Content-Type", "application/json") + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err, "Should execute backup request") + defer resp.Body.Close() + + if resp.StatusCode == http.StatusOK { + var result map[string]interface{} + bodyBytes, _ := io.ReadAll(resp.Body) + require.NoError(t, json.Unmarshal(bodyBytes, &result), "Should decode backup response") + + backupCID, ok := result["backup_cid"].(string) + require.True(t, ok, "Should have backup CID") + assert.NotEmpty(t, backupCID, "Backup CID should not be empty") + + t.Logf("✓ Database backup created") + t.Logf(" - CID: %s", backupCID) + } else { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Logf("⚠ Backup returned status %d: %s", resp.StatusCode, string(bodyBytes)) + } + }) + + // Step 6: Test concurrent database queries + t.Run("Test concurrent database reads", func(t *testing.T) { + // WAL mode should allow concurrent reads — run sequentially to avoid t.Fatal in goroutines + for i := 0; i < 5; i++ { + users := e2e.QuerySQLite(t, env, dbName, "SELECT * FROM users") + assert.GreaterOrEqual(t, len(users), 0, "Should query successfully") + } + + t.Logf("✓ Sequential reads successful") + }) +} + +func TestFullStack_StaticSite_SQLite(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + appName := fmt.Sprintf("fullstack-static-%d", time.Now().Unix()) + frontendName := appName + "-frontend" + dbName := appName + "-db" + + var frontendID string + + defer func() { + if !env.SkipCleanup { + if frontendID != "" { + e2e.DeleteDeployment(t, env, frontendID) + } + e2e.DeleteSQLiteDB(t, env, dbName) + } + }() + + t.Run("Deploy static site and create database", func(t *testing.T) { + // Create database + e2e.CreateSQLiteDB(t, env, dbName) + e2e.ExecuteSQLQuery(t, env, dbName, "CREATE TABLE page_views (id INTEGER PRIMARY KEY, page TEXT, count INTEGER)") + e2e.ExecuteSQLQuery(t, env, dbName, "INSERT INTO page_views (page, count) VALUES ('home', 0)") + + // Deploy frontend + tarballPath := filepath.Join("../../testdata/apps/react-app") + frontendID = e2e.CreateTestDeployment(t, env, frontendName, tarballPath) + + assert.NotEmpty(t, frontendID, "Frontend deployment should succeed") + t.Logf("✓ Static site deployed with SQLite backend") + + // Wait for deployment + time.Sleep(2 * time.Second) + }) + + t.Run("Test frontend serving and database interaction", func(t *testing.T) { + frontendDomain := env.BuildDeploymentDomain(frontendName) + + // Test frontend + resp := e2e.TestDeploymentWithHostHeader(t, env, frontendDomain, "/") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "Frontend should serve") + + body, _ := io.ReadAll(resp.Body) + assert.Contains(t, string(body), "
", "Should contain React app") + + // Simulate page view tracking + e2e.ExecuteSQLQuery(t, env, dbName, "UPDATE page_views SET count = count + 1 WHERE page = 'home'") + + // Verify count + views := e2e.QuerySQLite(t, env, dbName, "SELECT count FROM page_views WHERE page = 'home'") + require.Len(t, views, 1, "Should have page view record") + + count, ok := views[0]["count"].(float64) + require.True(t, ok, "Count should be a number") + assert.Equal(t, float64(1), count, "Page view count should be incremented") + + t.Logf("✓ Full stack integration verified") + t.Logf(" - Frontend: %s", frontendDomain) + t.Logf(" - Database: %s", dbName) + t.Logf(" - Page views tracked: %.0f", count) + }) +} diff --git a/e2e/integration/ipfs_replica_test.go b/e2e/integration/ipfs_replica_test.go new file mode 100644 index 0000000..d8924ca --- /dev/null +++ b/e2e/integration/ipfs_replica_test.go @@ -0,0 +1,127 @@ +//go:build e2e + +package integration + +import ( + "fmt" + "io" + "net/http" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestIPFS_ContentPinnedOnMultipleNodes verifies that deploying a static app +// makes the IPFS content available across multiple nodes. +func TestIPFS_ContentPinnedOnMultipleNodes(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + if len(env.Config.Servers) < 2 { + t.Skip("Requires at least 2 servers") + } + + deploymentName := fmt.Sprintf("ipfs-pin-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + time.Sleep(15 * time.Second) // Wait for IPFS content replication + + deployment := e2e.GetDeployment(t, env, deploymentID) + contentCID, _ := deployment["content_cid"].(string) + require.NotEmpty(t, contentCID, "Deployment should have a content CID") + + t.Run("Content served via gateway", func(t *testing.T) { + // Extract domain from deployment URLs + urls, _ := deployment["urls"].([]interface{}) + require.NotEmpty(t, urls, "Deployment should have URLs") + urlStr, _ := urls[0].(string) + domain := urlStr + if len(urlStr) > 8 && urlStr[:8] == "https://" { + domain = urlStr[8:] + } else if len(urlStr) > 7 && urlStr[:7] == "http://" { + domain = urlStr[7:] + } + if len(domain) > 0 && domain[len(domain)-1] == '/' { + domain = domain[:len(domain)-1] + } + + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/") + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + t.Logf("status=%d, body=%d bytes", resp.StatusCode, len(body)) + assert.Equal(t, http.StatusOK, resp.StatusCode, + "IPFS content should be served via gateway (CID: %s)", contentCID) + }) +} + +// TestIPFS_LargeFileDeployment verifies that deploying an app with larger +// static assets works correctly. +func TestIPFS_LargeFileDeployment(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + deploymentName := fmt.Sprintf("ipfs-large-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + // The react-vite tarball is our largest test asset + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + time.Sleep(5 * time.Second) + + t.Run("Deployment has valid CID", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + contentCID, _ := deployment["content_cid"].(string) + assert.NotEmpty(t, contentCID, "Should have a content CID") + assert.True(t, len(contentCID) > 10, "CID should be a valid IPFS hash") + t.Logf("Content CID: %s", contentCID) + }) + + t.Run("Static content serves correctly", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + urls, ok := deployment["urls"].([]interface{}) + if !ok || len(urls) == 0 { + t.Skip("No URLs in deployment") + } + + nodeURL, _ := urls[0].(string) + domain := nodeURL + if len(nodeURL) > 8 && nodeURL[:8] == "https://" { + domain = nodeURL[8:] + } else if len(nodeURL) > 7 && nodeURL[:7] == "http://" { + domain = nodeURL[7:] + } + if len(domain) > 0 && domain[len(domain)-1] == '/' { + domain = domain[:len(domain)-1] + } + + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/") + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + assert.Equal(t, http.StatusOK, resp.StatusCode) + assert.Greater(t, len(body), 100, "Response should have substantial content") + }) +} diff --git a/e2e/production/cross_node_proxy_test.go b/e2e/production/cross_node_proxy_test.go new file mode 100644 index 0000000..b33bddf --- /dev/null +++ b/e2e/production/cross_node_proxy_test.go @@ -0,0 +1,142 @@ +//go:build e2e && production + +package production + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestCrossNode_ProxyRouting tests that requests routed through the gateway +// are served correctly for a deployment. +func TestCrossNode_ProxyRouting(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + if len(env.Config.Servers) < 2 { + t.Skip("Cross-node testing requires at least 2 servers in config") + } + + deploymentName := fmt.Sprintf("proxy-test-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + // Wait for deployment to be active + time.Sleep(3 * time.Second) + + domain := env.BuildDeploymentDomain(deploymentName) + t.Logf("Testing routing for: %s", domain) + + t.Run("Request via gateway succeeds", func(t *testing.T) { + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/") + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + + assert.Equal(t, http.StatusOK, resp.StatusCode, + "Request should return 200 (got %d: %s)", resp.StatusCode, string(body)) + + assert.Contains(t, string(body), "
", + "Should serve deployment content") + }) +} + +// TestCrossNode_APIConsistency tests that API responses are consistent +func TestCrossNode_APIConsistency(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("consistency-test-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + // Wait for replication + time.Sleep(5 * time.Second) + + t.Run("Deployment list contains our deployment", func(t *testing.T) { + req, err := http.NewRequest("GET", env.GatewayURL+"/v1/deployments/list", nil) + require.NoError(t, err) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode) + + var result map[string]interface{} + require.NoError(t, json.NewDecoder(resp.Body).Decode(&result)) + + deployments, ok := result["deployments"].([]interface{}) + require.True(t, ok, "Response should have deployments array") + t.Logf("Gateway reports %d deployments", len(deployments)) + + found := false + for _, d := range deployments { + dep, _ := d.(map[string]interface{}) + if dep["name"] == deploymentName { + found = true + break + } + } + assert.True(t, found, "Our deployment should be in the list") + }) +} + +// TestCrossNode_DeploymentGetConsistency tests that deployment details are correct +func TestCrossNode_DeploymentGetConsistency(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("get-consistency-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + // Wait for replication + time.Sleep(5 * time.Second) + + t.Run("Deployment details are correct", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + cid, _ := deployment["content_cid"].(string) + assert.NotEmpty(t, cid, "Should have a content CID") + + name, _ := deployment["name"].(string) + assert.Equal(t, deploymentName, name, "Name should match") + + t.Logf("Deployment: name=%s, cid=%s, status=%s", name, cid, deployment["status"]) + }) +} diff --git a/e2e/production/dns_replica_test.go b/e2e/production/dns_replica_test.go new file mode 100644 index 0000000..67e4adb --- /dev/null +++ b/e2e/production/dns_replica_test.go @@ -0,0 +1,333 @@ +//go:build e2e && production + +package production + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net" + "net/http" + "os" + "os/exec" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestDNS_MultipleARecords verifies that deploying with replicas creates +// multiple A records (one per node) for DNS round-robin. +func TestDNS_MultipleARecords(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + if len(env.Config.Servers) < 2 { + t.Skip("Requires at least 2 servers") + } + + deploymentName := fmt.Sprintf("dns-multi-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + // Wait for replica setup and DNS propagation + time.Sleep(15 * time.Second) + + t.Run("DNS returns multiple IPs", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + subdomain, _ := deployment["subdomain"].(string) + if subdomain == "" { + subdomain = deploymentName + } + fqdn := fmt.Sprintf("%s.%s", subdomain, env.BaseDomain) + + // Query nameserver directly + nameserverIP := env.Config.Servers[0].IP + resolver := &net.Resolver{ + PreferGo: true, + Dial: func(ctx context.Context, network, address string) (net.Conn, error) { + d := net.Dialer{Timeout: 10 * time.Second} + return d.Dial("udp", nameserverIP+":53") + }, + } + + ctx := context.Background() + ips, err := resolver.LookupHost(ctx, fqdn) + if err != nil { + t.Logf("DNS lookup failed for %s: %v", fqdn, err) + t.Log("Trying net.LookupHost instead...") + ips, err = net.LookupHost(fqdn) + } + + if err != nil { + t.Logf("DNS lookup failed: %v (DNS may not be propagated yet)", err) + t.Skip("DNS not yet propagated") + } + + t.Logf("DNS returned %d IPs for %s: %v", len(ips), fqdn, ips) + assert.GreaterOrEqual(t, len(ips), 2, + "Should have at least 2 A records (home + replica)") + + // Verify returned IPs are from our server list + serverIPs := e2e.GetServerIPs(env.Config) + for _, ip := range ips { + assert.Contains(t, serverIPs, ip, + "DNS IP %s should be one of our servers", ip) + } + }) +} + +// TestDNS_CleanupOnDelete verifies that deleting a deployment removes all +// DNS records (both home and replica A records). +func TestDNS_CleanupOnDelete(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + deploymentName := fmt.Sprintf("dns-cleanup-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + + // Wait for DNS + time.Sleep(10 * time.Second) + + // Get subdomain before deletion + deployment := e2e.GetDeployment(t, env, deploymentID) + subdomain, _ := deployment["subdomain"].(string) + if subdomain == "" { + subdomain = deploymentName + } + fqdn := fmt.Sprintf("%s.%s", subdomain, env.BaseDomain) + + // Verify DNS works before deletion + t.Run("DNS resolves before deletion", func(t *testing.T) { + nodeURL := extractNodeURLProd(t, deployment) + if nodeURL == "" { + t.Skip("No URL to test") + } + domain := extractDomainProd(nodeURL) + + req, _ := http.NewRequest("GET", env.GatewayURL+"/", nil) + req.Host = domain + + resp, err := env.HTTPClient.Do(req) + if err == nil { + resp.Body.Close() + t.Logf("Pre-delete: status=%d", resp.StatusCode) + } + }) + + // Delete + e2e.DeleteDeployment(t, env, deploymentID) + time.Sleep(10 * time.Second) + + t.Run("DNS records removed after deletion", func(t *testing.T) { + ips, err := net.LookupHost(fqdn) + if err != nil { + t.Logf("DNS lookup failed (expected): %v", err) + return // Good — no records + } + + // If we still get IPs, they might be cached. Log and warn. + if len(ips) > 0 { + t.Logf("WARNING: DNS still returns %d IPs after deletion (may be cached): %v", len(ips), ips) + } + }) +} + +// TestDNS_CustomSubdomain verifies that deploying with a custom subdomain +// creates DNS records using the custom name. +func TestDNS_CustomSubdomain(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + deploymentName := fmt.Sprintf("dns-custom-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := createDeploymentWithSubdomain(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + time.Sleep(10 * time.Second) + + t.Run("Deployment has subdomain with random suffix", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + subdomain, _ := deployment["subdomain"].(string) + require.NotEmpty(t, subdomain, "Deployment should have a subdomain") + t.Logf("Subdomain: %s", subdomain) + + // Verify the subdomain starts with the deployment name + assert.Contains(t, subdomain, deploymentName[:10], + "Subdomain should relate to deployment name") + }) +} + +// TestDNS_RedeployPreservesSubdomain verifies that updating a deployment +// does not change the subdomain/DNS. +func TestDNS_RedeployPreservesSubdomain(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + deploymentName := fmt.Sprintf("dns-preserve-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + time.Sleep(5 * time.Second) + + // Get original subdomain + deployment := e2e.GetDeployment(t, env, deploymentID) + originalSubdomain, _ := deployment["subdomain"].(string) + originalURLs := deployment["urls"] + t.Logf("Original subdomain: %s, urls: %v", originalSubdomain, originalURLs) + + // Update + updateStaticDeploymentProd(t, env, deploymentName, tarballPath) + time.Sleep(5 * time.Second) + + // Verify subdomain unchanged + t.Run("Subdomain unchanged after update", func(t *testing.T) { + updated := e2e.GetDeployment(t, env, deploymentID) + updatedSubdomain, _ := updated["subdomain"].(string) + + assert.Equal(t, originalSubdomain, updatedSubdomain, + "Subdomain should not change after update") + t.Logf("After update: subdomain=%s", updatedSubdomain) + }) +} + +func createDeploymentWithSubdomain(t *testing.T, env *e2e.E2ETestEnv, name, tarballPath string) string { + t.Helper() + + var fileData []byte + info, err := os.Stat(tarballPath) + require.NoError(t, err) + if info.IsDir() { + fileData, err = exec.Command("tar", "-czf", "-", "-C", tarballPath, ".").Output() + require.NoError(t, err) + } else { + file, err := os.Open(tarballPath) + require.NoError(t, err) + defer file.Close() + fileData, _ = io.ReadAll(file) + } + + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(name + "\r\n") + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + + body.Write(fileData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/static/upload", body) + require.NoError(t, err) + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + if resp.StatusCode != http.StatusCreated { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("Upload failed: status=%d body=%s", resp.StatusCode, string(bodyBytes)) + } + + var result map[string]interface{} + json.NewDecoder(resp.Body).Decode(&result) + + if id, ok := result["deployment_id"].(string); ok { + return id + } + if id, ok := result["id"].(string); ok { + return id + } + t.Fatalf("No id in response: %+v", result) + return "" +} + +func updateStaticDeploymentProd(t *testing.T, env *e2e.E2ETestEnv, name, tarballPath string) { + t.Helper() + + var fileData []byte + info, err := os.Stat(tarballPath) + require.NoError(t, err) + if info.IsDir() { + fileData, err = exec.Command("tar", "-czf", "-", "-C", tarballPath, ".").Output() + require.NoError(t, err) + } else { + file, err := os.Open(tarballPath) + require.NoError(t, err) + defer file.Close() + fileData, _ = io.ReadAll(file) + } + + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(name + "\r\n") + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + + body.Write(fileData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/static/update", body) + require.NoError(t, err) + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("Update failed: status=%d body=%s", resp.StatusCode, string(bodyBytes)) + } +} diff --git a/e2e/production/dns_resolution_test.go b/e2e/production/dns_resolution_test.go new file mode 100644 index 0000000..100924b --- /dev/null +++ b/e2e/production/dns_resolution_test.go @@ -0,0 +1,121 @@ +//go:build e2e && production + +package production + +import ( + "context" + "fmt" + "net" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestDNS_DeploymentResolution tests that deployed applications are resolvable via DNS +// This test requires production mode as it performs real DNS lookups +func TestDNS_DeploymentResolution(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("dns-test-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + // Wait for DNS propagation + domain := env.BuildDeploymentDomain(deploymentName) + t.Logf("Testing DNS resolution for: %s", domain) + + t.Run("DNS resolves to valid server IP", func(t *testing.T) { + // Allow some time for DNS propagation + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + var ips []string + var err error + + // Poll for DNS resolution + for { + select { + case <-ctx.Done(): + t.Fatalf("DNS resolution timeout for %s", domain) + default: + ips, err = net.LookupHost(domain) + if err == nil && len(ips) > 0 { + goto resolved + } + time.Sleep(2 * time.Second) + } + } + + resolved: + t.Logf("DNS resolved: %s -> %v", domain, ips) + assert.NotEmpty(t, ips, "Should have IP addresses") + + // Verify resolved IP is one of our servers + validIPs := e2e.GetServerIPs(env.Config) + if len(validIPs) > 0 { + found := false + for _, ip := range ips { + for _, validIP := range validIPs { + if ip == validIP { + found = true + break + } + } + } + assert.True(t, found, "Resolved IP should be one of our servers: %v (valid: %v)", ips, validIPs) + } + }) +} + +// TestDNS_BaseDomainResolution tests that the base domain resolves correctly +func TestDNS_BaseDomainResolution(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + t.Run("Base domain resolves", func(t *testing.T) { + ips, err := net.LookupHost(env.BaseDomain) + require.NoError(t, err, "Base domain %s should resolve", env.BaseDomain) + assert.NotEmpty(t, ips, "Should have IP addresses") + + t.Logf("✓ Base domain %s resolves to: %v", env.BaseDomain, ips) + }) +} + +// TestDNS_WildcardResolution tests wildcard DNS for arbitrary subdomains +func TestDNS_WildcardResolution(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + t.Run("Wildcard subdomain resolves", func(t *testing.T) { + // Test with a random subdomain that doesn't exist as a deployment + randomSubdomain := fmt.Sprintf("random-test-%d.%s", time.Now().UnixNano(), env.BaseDomain) + + ips, err := net.LookupHost(randomSubdomain) + if err != nil { + // DNS may not support wildcard - that's OK for some setups + t.Logf("⚠ Wildcard DNS not configured (this may be expected): %v", err) + t.Skip("Wildcard DNS not configured") + return + } + + assert.NotEmpty(t, ips, "Wildcard subdomain should resolve") + t.Logf("✓ Wildcard subdomain resolves: %s -> %v", randomSubdomain, ips) + }) +} diff --git a/e2e/production/failover_test.go b/e2e/production/failover_test.go new file mode 100644 index 0000000..4508234 --- /dev/null +++ b/e2e/production/failover_test.go @@ -0,0 +1,234 @@ +//go:build e2e && production + +package production + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestFailover_HomeNodeDown verifies that when the home node's deployment process +// is down, requests still succeed via the replica node. +func TestFailover_HomeNodeDown(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + if len(env.Config.Servers) < 2 { + t.Skip("Failover testing requires at least 2 servers") + } + + // Deploy a Node.js backend so we have a process to stop + deploymentName := fmt.Sprintf("failover-test-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/node-api") + + deploymentID := createNodeJSDeploymentProd(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + // Wait for deployment and replica + healthy := e2e.WaitForHealthy(t, env, deploymentID, 90*time.Second) + require.True(t, healthy, "Deployment should become healthy") + time.Sleep(20 * time.Second) // Wait for async replica setup + + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURLProd(t, deployment) + require.NotEmpty(t, nodeURL) + domain := extractDomainProd(nodeURL) + + t.Run("Deployment serves via gateway", func(t *testing.T) { + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/health") + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + assert.Equal(t, http.StatusOK, resp.StatusCode, + "Deployment should be served via gateway (got %d: %s)", resp.StatusCode, string(body)) + t.Logf("Gateway response: status=%d body=%s", resp.StatusCode, string(body)) + }) +} + +// TestFailover_5xxRetry verifies that if one node returns a gateway error, +// the middleware retries on the next replica. +func TestFailover_5xxRetry(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + if len(env.Config.Servers) < 2 { + t.Skip("Requires at least 2 servers") + } + + // Deploy a static app (always works via IPFS, no process to crash) + deploymentName := fmt.Sprintf("retry-test-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + time.Sleep(10 * time.Second) + + deployment := e2e.GetDeployment(t, env, deploymentID) + nodeURL := extractNodeURLProd(t, deployment) + if nodeURL == "" { + t.Skip("No node URL") + } + domain := extractDomainProd(nodeURL) + + t.Run("Deployment serves successfully", func(t *testing.T) { + resp := e2e.TestDeploymentWithHostHeader(t, env, domain, "/") + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + assert.Equal(t, http.StatusOK, resp.StatusCode, + "Static content should be served (got %d: %s)", resp.StatusCode, string(body)) + }) +} + +// TestFailover_CrossNodeProxyTimeout verifies that cross-node proxy fails fast +// (within a reasonable timeout) rather than hanging. +func TestFailover_CrossNodeProxyTimeout(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + if len(env.Config.Servers) < 2 { + t.Skip("Requires at least 2 servers") + } + + // Make a request to a non-existent deployment — should fail fast + domain := fmt.Sprintf("nonexistent-%d.%s", time.Now().Unix(), env.BaseDomain) + + start := time.Now() + + req, _ := http.NewRequest("GET", env.GatewayURL+"/", nil) + req.Host = domain + + resp, err := env.HTTPClient.Do(req) + elapsed := time.Since(start) + + if err != nil { + t.Logf("Request failed in %v: %v", elapsed, err) + } else { + resp.Body.Close() + t.Logf("Got status %d in %v", resp.StatusCode, elapsed) + } + + // Should respond within 15 seconds (our proxy timeout is 5s) + assert.Less(t, elapsed.Seconds(), 15.0, + "Request to non-existent deployment should fail fast, took %v", elapsed) +} + +func createNodeJSDeploymentProd(t *testing.T, env *e2e.E2ETestEnv, name, tarballPath string) string { + t.Helper() + + var fileData []byte + + info, err := os.Stat(tarballPath) + require.NoError(t, err, "Failed to stat: %s", tarballPath) + + if info.IsDir() { + tarData, err := exec.Command("tar", "-czf", "-", "-C", tarballPath, ".").Output() + require.NoError(t, err, "Failed to create tarball from %s", tarballPath) + fileData = tarData + } else { + file, err := os.Open(tarballPath) + require.NoError(t, err, "Failed to open tarball: %s", tarballPath) + defer file.Close() + fileData, _ = io.ReadAll(file) + } + + body := &bytes.Buffer{} + boundary := "----WebKitFormBoundary7MA4YWxkTrZu0gW" + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"name\"\r\n\r\n") + body.WriteString(name + "\r\n") + + body.WriteString("--" + boundary + "\r\n") + body.WriteString("Content-Disposition: form-data; name=\"tarball\"; filename=\"app.tar.gz\"\r\n") + body.WriteString("Content-Type: application/gzip\r\n\r\n") + + body.Write(fileData) + body.WriteString("\r\n--" + boundary + "--\r\n") + + req, err := http.NewRequest("POST", env.GatewayURL+"/v1/deployments/nodejs/upload", body) + require.NoError(t, err) + + req.Header.Set("Content-Type", "multipart/form-data; boundary="+boundary) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + if resp.StatusCode != http.StatusCreated { + bodyBytes, _ := io.ReadAll(resp.Body) + t.Fatalf("Deployment upload failed with status %d: %s", resp.StatusCode, string(bodyBytes)) + } + + var result map[string]interface{} + require.NoError(t, json.NewDecoder(resp.Body).Decode(&result)) + + if id, ok := result["deployment_id"].(string); ok { + return id + } + if id, ok := result["id"].(string); ok { + return id + } + t.Fatalf("Deployment response missing id: %+v", result) + return "" +} + +func extractNodeURLProd(t *testing.T, deployment map[string]interface{}) string { + t.Helper() + if urls, ok := deployment["urls"].([]interface{}); ok && len(urls) > 0 { + if url, ok := urls[0].(string); ok { + return url + } + } + if urls, ok := deployment["urls"].(map[string]interface{}); ok { + if url, ok := urls["node"].(string); ok { + return url + } + } + return "" +} + +func extractDomainProd(url string) string { + domain := url + if len(url) > 8 && url[:8] == "https://" { + domain = url[8:] + } else if len(url) > 7 && url[:7] == "http://" { + domain = url[7:] + } + if len(domain) > 0 && domain[len(domain)-1] == '/' { + domain = domain[:len(domain)-1] + } + return domain +} diff --git a/e2e/production/https_certificate_test.go b/e2e/production/https_certificate_test.go new file mode 100644 index 0000000..724c113 --- /dev/null +++ b/e2e/production/https_certificate_test.go @@ -0,0 +1,191 @@ +//go:build e2e && production + +package production + +import ( + "crypto/tls" + "fmt" + "io" + "net/http" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestHTTPS_CertificateValid tests that HTTPS works with a valid certificate +func TestHTTPS_CertificateValid(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("https-test-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + + deploymentID := e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + defer func() { + if !env.SkipCleanup { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + // Wait for deployment and certificate provisioning + time.Sleep(5 * time.Second) + + domain := env.BuildDeploymentDomain(deploymentName) + httpsURL := fmt.Sprintf("https://%s", domain) + + t.Run("HTTPS connection with certificate verification", func(t *testing.T) { + // Create client that DOES verify certificates + client := &http.Client{ + Timeout: 30 * time.Second, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + // Do NOT skip verification - we want to test real certs + InsecureSkipVerify: false, + }, + }, + } + + req, err := http.NewRequest("GET", httpsURL+"/", nil) + require.NoError(t, err) + + resp, err := client.Do(req) + if err != nil { + // Certificate might not be ready yet, or domain might not resolve + t.Logf("⚠ HTTPS request failed (this may be expected if certs are still provisioning): %v", err) + t.Skip("HTTPS not available or certificate not ready") + return + } + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + if resp.StatusCode != http.StatusOK { + t.Logf("HTTPS returned %d (deployment may not be routed yet): %s", resp.StatusCode, string(body)) + } + + // Check TLS connection state + if resp.TLS != nil { + t.Logf("✓ HTTPS works with valid certificate") + t.Logf(" - Domain: %s", domain) + t.Logf(" - TLS Version: %x", resp.TLS.Version) + t.Logf(" - Cipher Suite: %x", resp.TLS.CipherSuite) + if len(resp.TLS.PeerCertificates) > 0 { + cert := resp.TLS.PeerCertificates[0] + t.Logf(" - Certificate Subject: %s", cert.Subject) + t.Logf(" - Certificate Issuer: %s", cert.Issuer) + t.Logf(" - Valid Until: %s", cert.NotAfter) + } + } + }) +} + +// TestHTTPS_CertificateDetails tests certificate properties +func TestHTTPS_CertificateDetails(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + t.Run("Base domain certificate", func(t *testing.T) { + httpsURL := fmt.Sprintf("https://%s", env.BaseDomain) + + // Connect and get certificate info + conn, err := tls.Dial("tcp", env.BaseDomain+":443", &tls.Config{ + InsecureSkipVerify: true, // We just want to inspect the cert + }) + if err != nil { + t.Logf("⚠ Could not connect to %s:443: %v", env.BaseDomain, err) + t.Skip("HTTPS not available on base domain") + return + } + defer conn.Close() + + certs := conn.ConnectionState().PeerCertificates + require.NotEmpty(t, certs, "Should have certificates") + + cert := certs[0] + t.Logf("Certificate for %s:", env.BaseDomain) + t.Logf(" - Subject: %s", cert.Subject) + t.Logf(" - DNS Names: %v", cert.DNSNames) + t.Logf(" - Valid From: %s", cert.NotBefore) + t.Logf(" - Valid Until: %s", cert.NotAfter) + t.Logf(" - Issuer: %s", cert.Issuer) + + // Check that certificate covers our domain + coversDomain := false + for _, name := range cert.DNSNames { + if name == env.BaseDomain || name == "*."+env.BaseDomain { + coversDomain = true + break + } + } + assert.True(t, coversDomain, "Certificate should cover %s", env.BaseDomain) + + // Check certificate is not expired + assert.True(t, time.Now().Before(cert.NotAfter), "Certificate should not be expired") + assert.True(t, time.Now().After(cert.NotBefore), "Certificate should be valid now") + + // Make actual HTTPS request to verify it works + client := &http.Client{ + Timeout: 30 * time.Second, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: false, + }, + }, + } + + resp, err := client.Get(httpsURL) + if err != nil { + t.Logf("⚠ HTTPS request failed: %v", err) + } else { + resp.Body.Close() + t.Logf("✓ HTTPS request succeeded with status %d", resp.StatusCode) + } + }) +} + +// TestHTTPS_HTTPRedirect tests that HTTP requests are redirected to HTTPS +func TestHTTPS_HTTPRedirect(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + t.Run("HTTP redirects to HTTPS", func(t *testing.T) { + // Create client that doesn't follow redirects + client := &http.Client{ + Timeout: 30 * time.Second, + CheckRedirect: func(req *http.Request, via []*http.Request) error { + return http.ErrUseLastResponse + }, + } + + httpURL := fmt.Sprintf("http://%s", env.BaseDomain) + + resp, err := client.Get(httpURL) + if err != nil { + t.Logf("⚠ HTTP request failed: %v", err) + t.Skip("HTTP not available or redirects not configured") + return + } + defer resp.Body.Close() + + // Check for redirect + if resp.StatusCode >= 300 && resp.StatusCode < 400 { + location := resp.Header.Get("Location") + t.Logf("✓ HTTP redirects to: %s (status %d)", location, resp.StatusCode) + assert.Contains(t, location, "https://", "Should redirect to HTTPS") + } else if resp.StatusCode == http.StatusOK { + // HTTP might just serve content directly in some configurations + t.Logf("⚠ HTTP returned 200 instead of redirect (HTTPS redirect may not be configured)") + } else { + t.Logf("HTTP returned status %d", resp.StatusCode) + } + }) +} diff --git a/e2e/production/https_external_test.go b/e2e/production/https_external_test.go new file mode 100644 index 0000000..9bfc02d --- /dev/null +++ b/e2e/production/https_external_test.go @@ -0,0 +1,204 @@ +//go:build e2e && production + +package production + +import ( + "crypto/tls" + "fmt" + "io" + "net" + "net/http" + "os" + "path/filepath" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestHTTPS_ExternalAccess tests that deployed apps are accessible via HTTPS +// from the public internet with valid SSL certificates. +// +// This test requires: +// - Orama deployed on a VPS with a real domain +// - DNS properly configured +// - Run with: go test -v -tags "e2e production" -run TestHTTPS ./e2e/production/... +func TestHTTPS_ExternalAccess(t *testing.T) { + // Skip if not configured for external testing + externalURL := os.Getenv("ORAMA_EXTERNAL_URL") + if externalURL == "" { + t.Skip("ORAMA_EXTERNAL_URL not set - skipping external HTTPS test") + } + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("https-test-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + var deploymentID string + + // Cleanup after test + defer func() { + if !env.SkipCleanup && deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Deploy static app", func(t *testing.T) { + deploymentID = e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + t.Logf("Created deployment: %s (ID: %s)", deploymentName, deploymentID) + }) + + var deploymentDomain string + + t.Run("Get deployment domain", func(t *testing.T) { + deployment := e2e.GetDeployment(t, env, deploymentID) + + nodeURL := extractNodeURL(t, deployment) + require.NotEmpty(t, nodeURL, "Deployment should have node URL") + + deploymentDomain = extractDomain(nodeURL) + t.Logf("Deployment domain: %s", deploymentDomain) + }) + + t.Run("Wait for DNS propagation", func(t *testing.T) { + // Poll DNS until the domain resolves + deadline := time.Now().Add(2 * time.Minute) + + for time.Now().Before(deadline) { + ips, err := net.LookupHost(deploymentDomain) + if err == nil && len(ips) > 0 { + t.Logf("DNS resolved: %s -> %v", deploymentDomain, ips) + return + } + t.Logf("DNS not yet resolved, waiting...") + time.Sleep(5 * time.Second) + } + + t.Fatalf("DNS did not resolve within timeout for %s", deploymentDomain) + }) + + t.Run("Test HTTPS access with valid certificate", func(t *testing.T) { + // Create HTTP client that DOES verify certificates + // (no InsecureSkipVerify - we want to test real SSL) + client := &http.Client{ + Timeout: 30 * time.Second, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + // Use default verification (validates certificate) + InsecureSkipVerify: false, + }, + }, + } + + url := fmt.Sprintf("https://%s/", deploymentDomain) + t.Logf("Testing HTTPS: %s", url) + + resp, err := client.Get(url) + require.NoError(t, err, "HTTPS request should succeed with valid certificate") + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, "Should return 200 OK") + + body, err := io.ReadAll(resp.Body) + require.NoError(t, err) + + // Verify it's our React app + assert.Contains(t, string(body), "
", "Should serve React app") + + t.Logf("HTTPS test passed: %s returned %d", url, resp.StatusCode) + }) + + t.Run("Verify SSL certificate details", func(t *testing.T) { + conn, err := tls.Dial("tcp", deploymentDomain+":443", nil) + require.NoError(t, err, "TLS dial should succeed") + defer conn.Close() + + state := conn.ConnectionState() + require.NotEmpty(t, state.PeerCertificates, "Should have peer certificates") + + cert := state.PeerCertificates[0] + t.Logf("Certificate subject: %s", cert.Subject) + t.Logf("Certificate issuer: %s", cert.Issuer) + t.Logf("Certificate valid from: %s to %s", cert.NotBefore, cert.NotAfter) + + // Verify certificate is not expired + assert.True(t, time.Now().After(cert.NotBefore), "Certificate should be valid (not before)") + assert.True(t, time.Now().Before(cert.NotAfter), "Certificate should be valid (not expired)") + + // Verify domain matches + err = cert.VerifyHostname(deploymentDomain) + assert.NoError(t, err, "Certificate should be valid for domain %s", deploymentDomain) + }) +} + +// TestHTTPS_DomainFormat verifies deployment URL format +func TestHTTPS_DomainFormat(t *testing.T) { + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + deploymentName := fmt.Sprintf("domain-test-%d", time.Now().Unix()) + tarballPath := filepath.Join("../../testdata/apps/react-app") + var deploymentID string + + // Cleanup after test + defer func() { + if !env.SkipCleanup && deploymentID != "" { + e2e.DeleteDeployment(t, env, deploymentID) + } + }() + + t.Run("Deploy app and verify domain format", func(t *testing.T) { + deploymentID = e2e.CreateTestDeployment(t, env, deploymentName, tarballPath) + require.NotEmpty(t, deploymentID) + + deployment := e2e.GetDeployment(t, env, deploymentID) + + t.Logf("Deployment URLs: %+v", deployment["urls"]) + + // Get deployment URL (handles both array and map formats) + deploymentURL := extractNodeURL(t, deployment) + assert.NotEmpty(t, deploymentURL, "Should have deployment URL") + + // URL should be simple format: {name}.{baseDomain} (NOT {name}.node-{shortID}.{baseDomain}) + if deploymentURL != "" { + assert.NotContains(t, deploymentURL, ".node-", "URL should NOT contain node identifier (simplified format)") + assert.Contains(t, deploymentURL, deploymentName, "URL should contain deployment name") + t.Logf("Deployment URL: %s", deploymentURL) + } + }) +} + +func extractNodeURL(t *testing.T, deployment map[string]interface{}) string { + t.Helper() + + if urls, ok := deployment["urls"].([]interface{}); ok && len(urls) > 0 { + if url, ok := urls[0].(string); ok { + return url + } + } + + if urls, ok := deployment["urls"].(map[string]interface{}); ok { + if url, ok := urls["node"].(string); ok { + return url + } + } + + return "" +} + +func extractDomain(url string) string { + domain := url + if len(url) > 8 && url[:8] == "https://" { + domain = url[8:] + } else if len(url) > 7 && url[:7] == "http://" { + domain = url[7:] + } + if len(domain) > 0 && domain[len(domain)-1] == '/' { + domain = domain[:len(domain)-1] + } + return domain +} diff --git a/e2e/production/middleware_test.go b/e2e/production/middleware_test.go new file mode 100644 index 0000000..8d2b472 --- /dev/null +++ b/e2e/production/middleware_test.go @@ -0,0 +1,99 @@ +//go:build e2e && production + +package production + +import ( + "fmt" + "io" + "net/http" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestMiddleware_NonExistentDeployment verifies that requests to a non-existent +// deployment return 404 (not 502 or hang). +func TestMiddleware_NonExistentDeployment(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + domain := fmt.Sprintf("does-not-exist-%d.%s", time.Now().Unix(), env.BaseDomain) + + req, _ := http.NewRequest("GET", env.GatewayURL+"/", nil) + req.Host = domain + + start := time.Now() + resp, err := env.HTTPClient.Do(req) + elapsed := time.Since(start) + + if err != nil { + t.Logf("Request failed in %v: %v", elapsed, err) + // Connection refused or timeout is acceptable + assert.Less(t, elapsed.Seconds(), 15.0, "Should fail fast") + return + } + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + t.Logf("Status: %d, elapsed: %v, body: %s", resp.StatusCode, elapsed, string(body)) + + // Should be 404 or 502, not 200 + assert.NotEqual(t, http.StatusOK, resp.StatusCode, + "Non-existent deployment should not return 200") + assert.Less(t, elapsed.Seconds(), 15.0, "Should respond fast") +} + +// TestMiddleware_InternalAPIAuthRejection verifies that internal replica API +// endpoints reject requests without the proper internal auth header. +func TestMiddleware_InternalAPIAuthRejection(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err) + + t.Run("No auth header rejected", func(t *testing.T) { + req, _ := http.NewRequest("POST", + env.GatewayURL+"/v1/internal/deployments/replica/setup", nil) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + // Should be rejected (401 or 403) + assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden, + "Internal API without auth should be rejected (got %d)", resp.StatusCode) + }) + + t.Run("Wrong auth header rejected", func(t *testing.T) { + req, _ := http.NewRequest("POST", + env.GatewayURL+"/v1/internal/deployments/replica/setup", nil) + req.Header.Set("X-Orama-Internal-Auth", "wrong-token") + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden || resp.StatusCode == http.StatusBadRequest, + "Internal API with wrong auth should be rejected (got %d)", resp.StatusCode) + }) + + t.Run("Regular API key does not grant internal access", func(t *testing.T) { + req, _ := http.NewRequest("POST", + env.GatewayURL+"/v1/internal/deployments/replica/setup", nil) + req.Header.Set("Authorization", "Bearer "+env.APIKey) + + resp, err := env.HTTPClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + // The request may pass auth but fail on bad body — 400 is acceptable + // But it should NOT succeed with 200 + assert.NotEqual(t, http.StatusOK, resp.StatusCode, + "Regular API key should not fully authenticate internal endpoints") + }) +} diff --git a/e2e/production/nameserver_test.go b/e2e/production/nameserver_test.go new file mode 100644 index 0000000..9705918 --- /dev/null +++ b/e2e/production/nameserver_test.go @@ -0,0 +1,181 @@ +//go:build e2e && production + +package production + +import ( + "context" + "net" + "strings" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestNameserver_NSRecords tests that NS records are properly configured for the domain +func TestNameserver_NSRecords(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + if len(env.Config.Nameservers) == 0 { + t.Skip("No nameservers configured in e2e/config.yaml") + } + + t.Run("NS records exist for base domain", func(t *testing.T) { + nsRecords, err := net.LookupNS(env.BaseDomain) + require.NoError(t, err, "Should be able to look up NS records for %s", env.BaseDomain) + require.NotEmpty(t, nsRecords, "Should have NS records") + + t.Logf("Found %d NS records for %s:", len(nsRecords), env.BaseDomain) + for _, ns := range nsRecords { + t.Logf(" - %s", ns.Host) + } + + // Verify our nameservers are listed + for _, expected := range env.Config.Nameservers { + found := false + for _, ns := range nsRecords { + // Trim trailing dot for comparison + nsHost := strings.TrimSuffix(ns.Host, ".") + if nsHost == expected || nsHost == expected+"." { + found = true + break + } + } + assert.True(t, found, "NS records should include %s", expected) + } + }) +} + +// TestNameserver_GlueRecords tests that glue records point to correct IPs +func TestNameserver_GlueRecords(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + if len(env.Config.Nameservers) == 0 { + t.Skip("No nameservers configured in e2e/config.yaml") + } + + nameserverServers := e2e.GetNameserverServers(env.Config) + if len(nameserverServers) == 0 { + t.Skip("No servers marked as nameservers in config") + } + + t.Run("Glue records resolve to correct IPs", func(t *testing.T) { + for i, ns := range env.Config.Nameservers { + ips, err := net.LookupHost(ns) + require.NoError(t, err, "Nameserver %s should resolve", ns) + require.NotEmpty(t, ips, "Nameserver %s should have IP addresses", ns) + + t.Logf("Nameserver %s resolves to: %v", ns, ips) + + // If we have the expected IP, verify it matches + if i < len(nameserverServers) { + expectedIP := nameserverServers[i].IP + found := false + for _, ip := range ips { + if ip == expectedIP { + found = true + break + } + } + assert.True(t, found, "Glue record for %s should point to %s (got %v)", ns, expectedIP, ips) + } + } + }) +} + +// TestNameserver_CoreDNSResponds tests that our CoreDNS servers respond to queries +func TestNameserver_CoreDNSResponds(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + nameserverServers := e2e.GetNameserverServers(env.Config) + if len(nameserverServers) == 0 { + t.Skip("No servers marked as nameservers in config") + } + + t.Run("CoreDNS servers respond to queries", func(t *testing.T) { + for _, server := range nameserverServers { + t.Run(server.Name, func(t *testing.T) { + // Create a custom resolver that queries this specific server + resolver := &net.Resolver{ + PreferGo: true, + Dial: func(ctx context.Context, network, address string) (net.Conn, error) { + d := net.Dialer{ + Timeout: 5 * time.Second, + } + return d.DialContext(ctx, "udp", server.IP+":53") + }, + } + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Query the base domain + ips, err := resolver.LookupHost(ctx, env.BaseDomain) + if err != nil { + // Log the error but don't fail - server might be configured differently + t.Logf("⚠ CoreDNS at %s (%s) query error: %v", server.Name, server.IP, err) + return + } + + t.Logf("✓ CoreDNS at %s (%s) responded: %s -> %v", server.Name, server.IP, env.BaseDomain, ips) + assert.NotEmpty(t, ips, "CoreDNS should return IP addresses") + }) + } + }) +} + +// TestNameserver_QueryLatency tests DNS query latency from our nameservers +func TestNameserver_QueryLatency(t *testing.T) { + e2e.SkipIfLocal(t) + + env, err := e2e.LoadTestEnv() + require.NoError(t, err, "Failed to load test environment") + + nameserverServers := e2e.GetNameserverServers(env.Config) + if len(nameserverServers) == 0 { + t.Skip("No servers marked as nameservers in config") + } + + t.Run("DNS query latency is acceptable", func(t *testing.T) { + for _, server := range nameserverServers { + resolver := &net.Resolver{ + PreferGo: true, + Dial: func(ctx context.Context, network, address string) (net.Conn, error) { + d := net.Dialer{ + Timeout: 5 * time.Second, + } + return d.DialContext(ctx, "udp", server.IP+":53") + }, + } + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + start := time.Now() + _, err := resolver.LookupHost(ctx, env.BaseDomain) + latency := time.Since(start) + + if err != nil { + t.Logf("⚠ Query to %s failed: %v", server.Name, err) + continue + } + + t.Logf("DNS latency from %s (%s): %v", server.Name, server.IP, latency) + + // DNS queries should be fast (under 500ms is reasonable) + assert.Less(t, latency, 500*time.Millisecond, + "DNS query to %s should complete in under 500ms", server.Name) + } + }) +} diff --git a/e2e/shared/auth_extended_test.go b/e2e/shared/auth_extended_test.go new file mode 100644 index 0000000..846784f --- /dev/null +++ b/e2e/shared/auth_extended_test.go @@ -0,0 +1,148 @@ +//go:build e2e + +package shared + +import ( + "net/http" + "testing" + "time" + + "github.com/DeBrosOfficial/network/e2e" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestAuth_ExpiredOrInvalidJWT verifies that an expired/invalid JWT token is rejected. +func TestAuth_ExpiredOrInvalidJWT(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + gatewayURL := e2e.GetGatewayURL() + + // Craft an obviously invalid JWT + invalidJWT := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZXhwIjoxfQ.invalid" + + req, err := http.NewRequest("GET", gatewayURL+"/v1/deployments/list", nil) + require.NoError(t, err) + req.Header.Set("Authorization", "Bearer "+invalidJWT) + + client := e2e.NewHTTPClient(10 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + assert.Equal(t, http.StatusUnauthorized, resp.StatusCode, + "Invalid JWT should return 401") +} + +// TestAuth_EmptyAPIKey verifies that an empty API key is rejected. +func TestAuth_EmptyAPIKey(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + gatewayURL := e2e.GetGatewayURL() + + req, err := http.NewRequest("GET", gatewayURL+"/v1/deployments/list", nil) + require.NoError(t, err) + req.Header.Set("Authorization", "Bearer ") + + client := e2e.NewHTTPClient(10 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + assert.Equal(t, http.StatusUnauthorized, resp.StatusCode, + "Empty API key should return 401") +} + +// TestAuth_SQLInjectionInAPIKey verifies that SQL injection in the API key +// does not bypass authentication. +func TestAuth_SQLInjectionInAPIKey(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + gatewayURL := e2e.GetGatewayURL() + + injectionAttempts := []string{ + "' OR '1'='1", + "'; DROP TABLE api_keys; --", + "\" OR \"1\"=\"1", + "admin'--", + } + + for _, attempt := range injectionAttempts { + t.Run(attempt, func(t *testing.T) { + req, _ := http.NewRequest("GET", gatewayURL+"/v1/deployments/list", nil) + req.Header.Set("Authorization", "Bearer "+attempt) + + client := e2e.NewHTTPClient(10 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + assert.Equal(t, http.StatusUnauthorized, resp.StatusCode, + "SQL injection attempt should be rejected") + }) + } +} + +// TestAuth_NamespaceScopedAccess verifies that an API key for one namespace +// cannot access another namespace's deployments. +func TestAuth_NamespaceScopedAccess(t *testing.T) { + // Create two environments with different namespaces + env1, err := e2e.LoadTestEnvWithNamespace("auth-test-ns1") + if err != nil { + t.Skip("Could not create namespace env1: " + err.Error()) + } + + env2, err := e2e.LoadTestEnvWithNamespace("auth-test-ns2") + if err != nil { + t.Skip("Could not create namespace env2: " + err.Error()) + } + + t.Run("Namespace 1 key cannot list namespace 2 deployments", func(t *testing.T) { + // Use env1's API key to query env2's gateway + // The namespace should be scoped to the API key + req, _ := http.NewRequest("GET", env2.GatewayURL+"/v1/deployments/list", nil) + req.Header.Set("Authorization", "Bearer "+env1.APIKey) + req.Header.Set("X-Namespace", "auth-test-ns2") + + resp, err := env1.HTTPClient.Do(req) + if err != nil { + t.Skip("Gateway unreachable") + } + defer resp.Body.Close() + + // The API should either reject (403) or return only ns1's deployments + t.Logf("Cross-namespace access returned: %d", resp.StatusCode) + + if resp.StatusCode == http.StatusOK { + t.Log("API returned 200 — namespace isolation may be enforced at data level") + } + }) +} + +// TestAuth_PublicEndpointsNoAuth verifies that health/status endpoints +// don't require authentication. +func TestAuth_PublicEndpointsNoAuth(t *testing.T) { + e2e.SkipIfMissingGateway(t) + + gatewayURL := e2e.GetGatewayURL() + client := e2e.NewHTTPClient(10 * time.Second) + + publicPaths := []string{ + "/v1/health", + "/v1/status", + } + + for _, path := range publicPaths { + t.Run(path, func(t *testing.T) { + req, _ := http.NewRequest("GET", gatewayURL+path, nil) + // No auth header + + resp, err := client.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + assert.Equal(t, http.StatusOK, resp.StatusCode, + "%s should be accessible without auth", path) + }) + } +} diff --git a/e2e/shared/auth_negative_test.go b/e2e/shared/auth_negative_test.go new file mode 100644 index 0000000..8a01286 --- /dev/null +++ b/e2e/shared/auth_negative_test.go @@ -0,0 +1,333 @@ +//go:build e2e + +package shared_test + +import ( + "context" + "net/http" + "testing" + "time" + "unicode" + + e2e "github.com/DeBrosOfficial/network/e2e" + + "github.com/stretchr/testify/require" +) + +// ============================================================================= +// STRICT AUTHENTICATION NEGATIVE TESTS +// These tests verify that authentication is properly enforced. +// Tests FAIL if unauthenticated/invalid requests are allowed through. +// ============================================================================= + +func TestAuth_MissingAPIKey(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Request protected endpoint without auth headers + req, err := http.NewRequestWithContext(ctx, http.MethodGet, e2e.GetGatewayURL()+"/v1/cache/health", nil) + require.NoError(t, err, "FAIL: Could not create request") + + client := e2e.NewHTTPClient(30 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err, "FAIL: Request failed") + defer resp.Body.Close() + + // STRICT: Must reject requests without authentication + require.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden, + "FAIL: Protected endpoint allowed request without auth - expected 401/403, got %d", resp.StatusCode) + t.Logf(" ✓ Missing API key correctly rejected with status %d", resp.StatusCode) +} + +func TestAuth_InvalidAPIKey(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Request with invalid API key + req, err := http.NewRequestWithContext(ctx, http.MethodGet, e2e.GetGatewayURL()+"/v1/cache/health", nil) + require.NoError(t, err, "FAIL: Could not create request") + + req.Header.Set("Authorization", "Bearer invalid-key-xyz-123456789") + + client := e2e.NewHTTPClient(30 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err, "FAIL: Request failed") + defer resp.Body.Close() + + // STRICT: Must reject invalid API keys + require.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden, + "FAIL: Invalid API key was accepted - expected 401/403, got %d", resp.StatusCode) + t.Logf(" ✓ Invalid API key correctly rejected with status %d", resp.StatusCode) +} + +func TestAuth_CacheWithoutAuth(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Request cache endpoint without auth + req := &e2e.HTTPRequest{ + Method: http.MethodGet, + URL: e2e.GetGatewayURL() + "/v1/cache/health", + SkipAuth: true, + } + + _, status, err := req.Do(ctx) + require.NoError(t, err, "FAIL: Request failed") + + // STRICT: Cache endpoint must require authentication + require.True(t, status == http.StatusUnauthorized || status == http.StatusForbidden, + "FAIL: Cache endpoint accessible without auth - expected 401/403, got %d", status) + t.Logf(" ✓ Cache endpoint correctly requires auth (status %d)", status) +} + +func TestAuth_StorageWithoutAuth(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Request storage endpoint without auth + req := &e2e.HTTPRequest{ + Method: http.MethodGet, + URL: e2e.GetGatewayURL() + "/v1/storage/status/QmTest", + SkipAuth: true, + } + + _, status, err := req.Do(ctx) + require.NoError(t, err, "FAIL: Request failed") + + // STRICT: Storage endpoint must require authentication + require.True(t, status == http.StatusUnauthorized || status == http.StatusForbidden, + "FAIL: Storage endpoint accessible without auth - expected 401/403, got %d", status) + t.Logf(" ✓ Storage endpoint correctly requires auth (status %d)", status) +} + +func TestAuth_RQLiteWithoutAuth(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Request rqlite endpoint without auth + req := &e2e.HTTPRequest{ + Method: http.MethodGet, + URL: e2e.GetGatewayURL() + "/v1/rqlite/schema", + SkipAuth: true, + } + + _, status, err := req.Do(ctx) + require.NoError(t, err, "FAIL: Request failed") + + // STRICT: RQLite endpoint must require authentication + require.True(t, status == http.StatusUnauthorized || status == http.StatusForbidden, + "FAIL: RQLite endpoint accessible without auth - expected 401/403, got %d", status) + t.Logf(" ✓ RQLite endpoint correctly requires auth (status %d)", status) +} + +func TestAuth_MalformedBearerToken(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Request with malformed bearer token (missing "Bearer " prefix) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, e2e.GetGatewayURL()+"/v1/cache/health", nil) + require.NoError(t, err, "FAIL: Could not create request") + + req.Header.Set("Authorization", "invalid-token-format-no-bearer") + + client := e2e.NewHTTPClient(30 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err, "FAIL: Request failed") + defer resp.Body.Close() + + // STRICT: Must reject malformed authorization headers + require.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden, + "FAIL: Malformed auth header accepted - expected 401/403, got %d", resp.StatusCode) + t.Logf(" ✓ Malformed bearer token correctly rejected (status %d)", resp.StatusCode) +} + +func TestAuth_ExpiredJWT(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Test with a clearly invalid JWT structure + req, err := http.NewRequestWithContext(ctx, http.MethodGet, e2e.GetGatewayURL()+"/v1/cache/health", nil) + require.NoError(t, err, "FAIL: Could not create request") + + req.Header.Set("Authorization", "Bearer expired.jwt.token.invalid") + + client := e2e.NewHTTPClient(30 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err, "FAIL: Request failed") + defer resp.Body.Close() + + // STRICT: Must reject invalid/expired JWT tokens + require.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden, + "FAIL: Invalid JWT accepted - expected 401/403, got %d", resp.StatusCode) + t.Logf(" ✓ Invalid JWT correctly rejected (status %d)", resp.StatusCode) +} + +func TestAuth_EmptyBearerToken(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Request with empty bearer token + req, err := http.NewRequestWithContext(ctx, http.MethodGet, e2e.GetGatewayURL()+"/v1/cache/health", nil) + require.NoError(t, err, "FAIL: Could not create request") + + req.Header.Set("Authorization", "Bearer ") + + client := e2e.NewHTTPClient(30 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err, "FAIL: Request failed") + defer resp.Body.Close() + + // STRICT: Must reject empty bearer tokens + require.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden, + "FAIL: Empty bearer token accepted - expected 401/403, got %d", resp.StatusCode) + t.Logf(" ✓ Empty bearer token correctly rejected (status %d)", resp.StatusCode) +} + +func TestAuth_DuplicateAuthHeaders(t *testing.T) { + if e2e.GetAPIKey() == "" { + t.Skip("No API key configured") + } + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Request with both valid API key in Authorization header + req := &e2e.HTTPRequest{ + Method: http.MethodGet, + URL: e2e.GetGatewayURL() + "/v1/cache/health", + Headers: map[string]string{ + "Authorization": "Bearer " + e2e.GetAPIKey(), + "X-API-Key": e2e.GetAPIKey(), + }, + } + + _, status, err := req.Do(ctx) + require.NoError(t, err, "FAIL: Request failed") + + // Should succeed since we have a valid API key + require.Equal(t, http.StatusOK, status, + "FAIL: Valid API key rejected when multiple auth headers present - got %d", status) + t.Logf(" ✓ Duplicate auth headers with valid key succeeds (status %d)", status) +} + +func TestAuth_CaseSensitiveAPIKey(t *testing.T) { + apiKey := e2e.GetAPIKey() + if apiKey == "" { + t.Skip("No API key configured") + } + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Create incorrectly cased API key + incorrectKey := "" + for i, ch := range apiKey { + if i%2 == 0 && unicode.IsLetter(ch) { + if unicode.IsLower(ch) { + incorrectKey += string(unicode.ToUpper(ch)) + } else { + incorrectKey += string(unicode.ToLower(ch)) + } + } else { + incorrectKey += string(ch) + } + } + + // Skip if the key didn't change (no letters) + if incorrectKey == apiKey { + t.Skip("API key has no letters to change case") + } + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, e2e.GetGatewayURL()+"/v1/cache/health", nil) + require.NoError(t, err, "FAIL: Could not create request") + + req.Header.Set("Authorization", "Bearer "+incorrectKey) + + client := e2e.NewHTTPClient(30 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err, "FAIL: Request failed") + defer resp.Body.Close() + + // STRICT: API keys MUST be case-sensitive + require.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden, + "FAIL: API key check is not case-sensitive - modified key accepted with status %d", resp.StatusCode) + t.Logf(" ✓ Case-modified API key correctly rejected (status %d)", resp.StatusCode) +} + +func TestAuth_HealthEndpointNoAuth(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Health endpoint at /v1/health should NOT require auth + req, err := http.NewRequestWithContext(ctx, http.MethodGet, e2e.GetGatewayURL()+"/v1/health", nil) + require.NoError(t, err, "FAIL: Could not create request") + + client := e2e.NewHTTPClient(30 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err, "FAIL: Request failed") + defer resp.Body.Close() + + // Health endpoint should be publicly accessible + require.Equal(t, http.StatusOK, resp.StatusCode, + "FAIL: Health endpoint should not require auth - expected 200, got %d", resp.StatusCode) + t.Logf(" ✓ Health endpoint correctly accessible without auth") +} + +func TestAuth_StatusEndpointNoAuth(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Status endpoint at /v1/status should NOT require auth + req, err := http.NewRequestWithContext(ctx, http.MethodGet, e2e.GetGatewayURL()+"/v1/status", nil) + require.NoError(t, err, "FAIL: Could not create request") + + client := e2e.NewHTTPClient(30 * time.Second) + resp, err := client.Do(req) + require.NoError(t, err, "FAIL: Request failed") + defer resp.Body.Close() + + // Status endpoint should be publicly accessible + require.Equal(t, http.StatusOK, resp.StatusCode, + "FAIL: Status endpoint should not require auth - expected 200, got %d", resp.StatusCode) + t.Logf(" ✓ Status endpoint correctly accessible without auth") +} + +func TestAuth_DeploymentsWithoutAuth(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Request deployments endpoint without auth + req := &e2e.HTTPRequest{ + Method: http.MethodGet, + URL: e2e.GetGatewayURL() + "/v1/deployments/list", + SkipAuth: true, + } + + _, status, err := req.Do(ctx) + require.NoError(t, err, "FAIL: Request failed") + + // STRICT: Deployments endpoint must require authentication + require.True(t, status == http.StatusUnauthorized || status == http.StatusForbidden, + "FAIL: Deployments endpoint accessible without auth - expected 401/403, got %d", status) + t.Logf(" ✓ Deployments endpoint correctly requires auth (status %d)", status) +} + +func TestAuth_SQLiteWithoutAuth(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Request SQLite endpoint without auth + req := &e2e.HTTPRequest{ + Method: http.MethodGet, + URL: e2e.GetGatewayURL() + "/v1/db/sqlite/list", + SkipAuth: true, + } + + _, status, err := req.Do(ctx) + require.NoError(t, err, "FAIL: Request failed") + + // STRICT: SQLite endpoint must require authentication + require.True(t, status == http.StatusUnauthorized || status == http.StatusForbidden, + "FAIL: SQLite endpoint accessible without auth - expected 401/403, got %d", status) + t.Logf(" ✓ SQLite endpoint correctly requires auth (status %d)", status) +} diff --git a/e2e/cache_http_test.go b/e2e/shared/cache_http_test.go similarity index 79% rename from e2e/cache_http_test.go rename to e2e/shared/cache_http_test.go index 6f4a3ed..4e33f9e 100644 --- a/e2e/cache_http_test.go +++ b/e2e/shared/cache_http_test.go @@ -1,6 +1,6 @@ //go:build e2e -package e2e +package shared_test import ( "context" @@ -8,17 +8,19 @@ import ( "net/http" "testing" "time" + + e2e "github.com/DeBrosOfficial/network/e2e" ) func TestCache_Health(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/cache/health", + URL: e2e.GetGatewayURL() + "/v1/cache/health", } body, status, err := req.Do(ctx) @@ -31,7 +33,7 @@ func TestCache_Health(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -45,19 +47,19 @@ func TestCache_Health(t *testing.T) { } func TestCache_PutGet(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() key := "test-key" value := "test-value" // Put value - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -75,9 +77,9 @@ func TestCache_PutGet(t *testing.T) { } // Get value - getReq := &HTTPRequest{ + getReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/get", + URL: e2e.GetGatewayURL() + "/v1/cache/get", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -94,7 +96,7 @@ func TestCache_PutGet(t *testing.T) { } var getResp map[string]interface{} - if err := DecodeJSON(body, &getResp); err != nil { + if err := e2e.DecodeJSON(body, &getResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -104,12 +106,12 @@ func TestCache_PutGet(t *testing.T) { } func TestCache_PutGetJSON(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() key := "json-key" jsonValue := map[string]interface{}{ "name": "John", @@ -118,9 +120,9 @@ func TestCache_PutGetJSON(t *testing.T) { } // Put JSON value - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -138,9 +140,9 @@ func TestCache_PutGetJSON(t *testing.T) { } // Get JSON value - getReq := &HTTPRequest{ + getReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/get", + URL: e2e.GetGatewayURL() + "/v1/cache/get", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -157,7 +159,7 @@ func TestCache_PutGetJSON(t *testing.T) { } var getResp map[string]interface{} - if err := DecodeJSON(body, &getResp); err != nil { + if err := e2e.DecodeJSON(body, &getResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -171,19 +173,19 @@ func TestCache_PutGetJSON(t *testing.T) { } func TestCache_Delete(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() key := "delete-key" value := "delete-value" // Put value - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -197,9 +199,9 @@ func TestCache_Delete(t *testing.T) { } // Delete value - deleteReq := &HTTPRequest{ + deleteReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/delete", + URL: e2e.GetGatewayURL() + "/v1/cache/delete", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -216,9 +218,9 @@ func TestCache_Delete(t *testing.T) { } // Verify deletion - getReq := &HTTPRequest{ + getReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/get", + URL: e2e.GetGatewayURL() + "/v1/cache/get", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -233,19 +235,19 @@ func TestCache_Delete(t *testing.T) { } func TestCache_TTL(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() key := "ttl-key" value := "ttl-value" // Put value with TTL - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -264,9 +266,9 @@ func TestCache_TTL(t *testing.T) { } // Verify value exists - getReq := &HTTPRequest{ + getReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/get", + URL: e2e.GetGatewayURL() + "/v1/cache/get", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -279,7 +281,7 @@ func TestCache_TTL(t *testing.T) { } // Wait for TTL expiry (2 seconds + buffer) - Delay(2500) + e2e.Delay(2500) // Verify value is expired _, status, err = getReq.Do(ctx) @@ -289,19 +291,19 @@ func TestCache_TTL(t *testing.T) { } func TestCache_Scan(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() // Put multiple keys keys := []string{"user-1", "user-2", "session-1", "session-2"} for _, key := range keys { - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -316,9 +318,9 @@ func TestCache_Scan(t *testing.T) { } // Scan all keys - scanReq := &HTTPRequest{ + scanReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/scan", + URL: e2e.GetGatewayURL() + "/v1/cache/scan", Body: map[string]interface{}{ "dmap": dmap, }, @@ -334,7 +336,7 @@ func TestCache_Scan(t *testing.T) { } var scanResp map[string]interface{} - if err := DecodeJSON(body, &scanResp); err != nil { + if err := e2e.DecodeJSON(body, &scanResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -345,19 +347,19 @@ func TestCache_Scan(t *testing.T) { } func TestCache_ScanWithRegex(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() // Put keys with different patterns keys := []string{"user-1", "user-2", "session-1", "session-2"} for _, key := range keys { - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -372,9 +374,9 @@ func TestCache_ScanWithRegex(t *testing.T) { } // Scan with regex pattern - scanReq := &HTTPRequest{ + scanReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/scan", + URL: e2e.GetGatewayURL() + "/v1/cache/scan", Body: map[string]interface{}{ "dmap": dmap, "pattern": "^user-", @@ -391,7 +393,7 @@ func TestCache_ScanWithRegex(t *testing.T) { } var scanResp map[string]interface{} - if err := DecodeJSON(body, &scanResp); err != nil { + if err := e2e.DecodeJSON(body, &scanResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -402,19 +404,19 @@ func TestCache_ScanWithRegex(t *testing.T) { } func TestCache_MultiGet(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() keys := []string{"key-1", "key-2", "key-3"} // Put values for i, key := range keys { - putReq := &HTTPRequest{ + putReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/put", + URL: e2e.GetGatewayURL() + "/v1/cache/put", Body: map[string]interface{}{ "dmap": dmap, "key": key, @@ -429,9 +431,9 @@ func TestCache_MultiGet(t *testing.T) { } // Multi-get - multiGetReq := &HTTPRequest{ + multiGetReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/mget", + URL: e2e.GetGatewayURL() + "/v1/cache/mget", Body: map[string]interface{}{ "dmap": dmap, "keys": keys, @@ -448,7 +450,7 @@ func TestCache_MultiGet(t *testing.T) { } var mgetResp map[string]interface{} - if err := DecodeJSON(body, &mgetResp); err != nil { + if err := e2e.DecodeJSON(body, &mgetResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -459,14 +461,14 @@ func TestCache_MultiGet(t *testing.T) { } func TestCache_MissingDMap(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - getReq := &HTTPRequest{ + getReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/get", + URL: e2e.GetGatewayURL() + "/v1/cache/get", Body: map[string]interface{}{ "dmap": "", "key": "any-key", @@ -484,16 +486,16 @@ func TestCache_MissingDMap(t *testing.T) { } func TestCache_MissingKey(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - dmap := GenerateDMapName() + dmap := e2e.GenerateDMapName() - getReq := &HTTPRequest{ + getReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/cache/get", + URL: e2e.GetGatewayURL() + "/v1/cache/get", Body: map[string]interface{}{ "dmap": dmap, "key": "non-existent-key", diff --git a/e2e/network_http_test.go b/e2e/shared/network_http_test.go similarity index 80% rename from e2e/network_http_test.go rename to e2e/shared/network_http_test.go index 0f91f4e..ad1b390 100644 --- a/e2e/network_http_test.go +++ b/e2e/shared/network_http_test.go @@ -1,23 +1,25 @@ //go:build e2e -package e2e +package shared_test import ( "context" "net/http" "testing" "time" + + e2e "github.com/DeBrosOfficial/network/e2e" ) func TestNetwork_Health(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/health", + URL: e2e.GetGatewayURL() + "/v1/health", SkipAuth: true, } @@ -31,7 +33,7 @@ func TestNetwork_Health(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -41,14 +43,14 @@ func TestNetwork_Health(t *testing.T) { } func TestNetwork_Status(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/network/status", + URL: e2e.GetGatewayURL() + "/v1/network/status", } body, status, err := req.Do(ctx) @@ -61,7 +63,7 @@ func TestNetwork_Status(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -75,14 +77,14 @@ func TestNetwork_Status(t *testing.T) { } func TestNetwork_Peers(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/network/peers", + URL: e2e.GetGatewayURL() + "/v1/network/peers", } body, status, err := req.Do(ctx) @@ -95,7 +97,7 @@ func TestNetwork_Peers(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -105,14 +107,14 @@ func TestNetwork_Peers(t *testing.T) { } func TestNetwork_ProxyAnonSuccess(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) defer cancel() - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/proxy/anon", + URL: e2e.GetGatewayURL() + "/v1/proxy/anon", Body: map[string]interface{}{ "url": "https://httpbin.org/get", "method": "GET", @@ -130,7 +132,7 @@ func TestNetwork_ProxyAnonSuccess(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -144,14 +146,14 @@ func TestNetwork_ProxyAnonSuccess(t *testing.T) { } func TestNetwork_ProxyAnonBadURL(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/proxy/anon", + URL: e2e.GetGatewayURL() + "/v1/proxy/anon", Body: map[string]interface{}{ "url": "http://localhost:1/nonexistent", "method": "GET", @@ -165,14 +167,14 @@ func TestNetwork_ProxyAnonBadURL(t *testing.T) { } func TestNetwork_ProxyAnonPostRequest(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) defer cancel() - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/proxy/anon", + URL: e2e.GetGatewayURL() + "/v1/proxy/anon", Body: map[string]interface{}{ "url": "https://httpbin.org/post", "method": "POST", @@ -191,7 +193,7 @@ func TestNetwork_ProxyAnonPostRequest(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -206,9 +208,9 @@ func TestNetwork_Unauthorized(t *testing.T) { defer cancel() // Create request without auth - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/network/status", + URL: e2e.GetGatewayURL() + "/v1/network/status", SkipAuth: true, } diff --git a/e2e/pubsub_client_test.go b/e2e/shared/pubsub_client_test.go similarity index 84% rename from e2e/pubsub_client_test.go rename to e2e/shared/pubsub_client_test.go index 90fd517..b73fc2f 100644 --- a/e2e/pubsub_client_test.go +++ b/e2e/shared/pubsub_client_test.go @@ -1,40 +1,42 @@ //go:build e2e -package e2e +package shared_test import ( "fmt" "sync" "testing" "time" + + e2e "github.com/DeBrosOfficial/network/e2e" ) // TestPubSub_SubscribePublish tests basic pub/sub functionality via WebSocket func TestPubSub_SubscribePublish(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) - topic := GenerateTopic() + topic := e2e.GenerateTopic() message := "test-message-from-publisher" // Create subscriber first - subscriber, err := NewWSPubSubClient(t, topic) + subscriber, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create subscriber: %v", err) } defer subscriber.Close() // Give subscriber time to register - Delay(200) + e2e.Delay(200) // Create publisher - publisher, err := NewWSPubSubClient(t, topic) + publisher, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create publisher: %v", err) } defer publisher.Close() // Give connections time to stabilize - Delay(200) + e2e.Delay(200) // Publish message if err := publisher.Publish([]byte(message)); err != nil { @@ -54,37 +56,37 @@ func TestPubSub_SubscribePublish(t *testing.T) { // TestPubSub_MultipleSubscribers tests that multiple subscribers receive the same message func TestPubSub_MultipleSubscribers(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) - topic := GenerateTopic() + topic := e2e.GenerateTopic() message1 := "message-1" message2 := "message-2" // Create two subscribers - sub1, err := NewWSPubSubClient(t, topic) + sub1, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create subscriber1: %v", err) } defer sub1.Close() - sub2, err := NewWSPubSubClient(t, topic) + sub2, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create subscriber2: %v", err) } defer sub2.Close() // Give subscribers time to register - Delay(200) + e2e.Delay(200) // Create publisher - publisher, err := NewWSPubSubClient(t, topic) + publisher, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create publisher: %v", err) } defer publisher.Close() // Give connections time to stabilize - Delay(200) + e2e.Delay(200) // Publish first message if err := publisher.Publish([]byte(message1)); err != nil { @@ -133,30 +135,30 @@ func TestPubSub_MultipleSubscribers(t *testing.T) { // TestPubSub_Deduplication tests that multiple identical messages are all received func TestPubSub_Deduplication(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) - topic := GenerateTopic() + topic := e2e.GenerateTopic() message := "duplicate-test-message" // Create subscriber - subscriber, err := NewWSPubSubClient(t, topic) + subscriber, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create subscriber: %v", err) } defer subscriber.Close() // Give subscriber time to register - Delay(200) + e2e.Delay(200) // Create publisher - publisher, err := NewWSPubSubClient(t, topic) + publisher, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create publisher: %v", err) } defer publisher.Close() // Give connections time to stabilize - Delay(200) + e2e.Delay(200) // Publish the same message multiple times for i := 0; i < 3; i++ { @@ -164,7 +166,7 @@ func TestPubSub_Deduplication(t *testing.T) { t.Fatalf("publish %d failed: %v", i, err) } // Small delay between publishes - Delay(50) + e2e.Delay(50) } // Receive messages - should get all (no dedup filter) @@ -185,30 +187,30 @@ func TestPubSub_Deduplication(t *testing.T) { // TestPubSub_ConcurrentPublish tests concurrent message publishing func TestPubSub_ConcurrentPublish(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) - topic := GenerateTopic() + topic := e2e.GenerateTopic() numMessages := 10 // Create subscriber - subscriber, err := NewWSPubSubClient(t, topic) + subscriber, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create subscriber: %v", err) } defer subscriber.Close() // Give subscriber time to register - Delay(200) + e2e.Delay(200) // Create publisher - publisher, err := NewWSPubSubClient(t, topic) + publisher, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create publisher: %v", err) } defer publisher.Close() // Give connections time to stabilize - Delay(200) + e2e.Delay(200) // Publish multiple messages concurrently var wg sync.WaitGroup @@ -241,45 +243,45 @@ func TestPubSub_ConcurrentPublish(t *testing.T) { // TestPubSub_TopicIsolation tests that messages are isolated to their topics func TestPubSub_TopicIsolation(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) - topic1 := GenerateTopic() - topic2 := GenerateTopic() + topic1 := e2e.GenerateTopic() + topic2 := e2e.GenerateTopic() msg1 := "message-on-topic1" msg2 := "message-on-topic2" // Create subscriber for topic1 - sub1, err := NewWSPubSubClient(t, topic1) + sub1, err := e2e.NewWSPubSubClient(t, topic1) if err != nil { t.Fatalf("failed to create subscriber1: %v", err) } defer sub1.Close() // Create subscriber for topic2 - sub2, err := NewWSPubSubClient(t, topic2) + sub2, err := e2e.NewWSPubSubClient(t, topic2) if err != nil { t.Fatalf("failed to create subscriber2: %v", err) } defer sub2.Close() // Give subscribers time to register - Delay(200) + e2e.Delay(200) // Create publishers - pub1, err := NewWSPubSubClient(t, topic1) + pub1, err := e2e.NewWSPubSubClient(t, topic1) if err != nil { t.Fatalf("failed to create publisher1: %v", err) } defer pub1.Close() - pub2, err := NewWSPubSubClient(t, topic2) + pub2, err := e2e.NewWSPubSubClient(t, topic2) if err != nil { t.Fatalf("failed to create publisher2: %v", err) } defer pub2.Close() // Give connections time to stabilize - Delay(200) + e2e.Delay(200) // Publish to topic2 first if err := pub2.Publish([]byte(msg2)); err != nil { @@ -312,29 +314,29 @@ func TestPubSub_TopicIsolation(t *testing.T) { // TestPubSub_EmptyMessage tests sending and receiving empty messages func TestPubSub_EmptyMessage(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) - topic := GenerateTopic() + topic := e2e.GenerateTopic() // Create subscriber - subscriber, err := NewWSPubSubClient(t, topic) + subscriber, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create subscriber: %v", err) } defer subscriber.Close() // Give subscriber time to register - Delay(200) + e2e.Delay(200) // Create publisher - publisher, err := NewWSPubSubClient(t, topic) + publisher, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create publisher: %v", err) } defer publisher.Close() // Give connections time to stabilize - Delay(200) + e2e.Delay(200) // Publish empty message if err := publisher.Publish([]byte("")); err != nil { @@ -354,9 +356,9 @@ func TestPubSub_EmptyMessage(t *testing.T) { // TestPubSub_LargeMessage tests sending and receiving large messages func TestPubSub_LargeMessage(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) - topic := GenerateTopic() + topic := e2e.GenerateTopic() // Create a large message (100KB) largeMessage := make([]byte, 100*1024) @@ -365,24 +367,24 @@ func TestPubSub_LargeMessage(t *testing.T) { } // Create subscriber - subscriber, err := NewWSPubSubClient(t, topic) + subscriber, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create subscriber: %v", err) } defer subscriber.Close() // Give subscriber time to register - Delay(200) + e2e.Delay(200) // Create publisher - publisher, err := NewWSPubSubClient(t, topic) + publisher, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create publisher: %v", err) } defer publisher.Close() // Give connections time to stabilize - Delay(200) + e2e.Delay(200) // Publish large message if err := publisher.Publish(largeMessage); err != nil { @@ -409,30 +411,30 @@ func TestPubSub_LargeMessage(t *testing.T) { // TestPubSub_RapidPublish tests rapid message publishing func TestPubSub_RapidPublish(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) - topic := GenerateTopic() + topic := e2e.GenerateTopic() numMessages := 50 // Create subscriber - subscriber, err := NewWSPubSubClient(t, topic) + subscriber, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create subscriber: %v", err) } defer subscriber.Close() // Give subscriber time to register - Delay(200) + e2e.Delay(200) // Create publisher - publisher, err := NewWSPubSubClient(t, topic) + publisher, err := e2e.NewWSPubSubClient(t, topic) if err != nil { t.Fatalf("failed to create publisher: %v", err) } defer publisher.Close() // Give connections time to stabilize - Delay(200) + e2e.Delay(200) // Publish messages rapidly for i := 0; i < numMessages; i++ { diff --git a/e2e/pubsub_presence_test.go b/e2e/shared/pubsub_presence_test.go similarity index 86% rename from e2e/pubsub_presence_test.go rename to e2e/shared/pubsub_presence_test.go index 8c0ddc1..b4de5fe 100644 --- a/e2e/pubsub_presence_test.go +++ b/e2e/shared/pubsub_presence_test.go @@ -1,6 +1,6 @@ //go:build e2e -package e2e +package shared_test import ( "context" @@ -9,17 +9,19 @@ import ( "net/http" "testing" "time" + + e2e "github.com/DeBrosOfficial/network/e2e" ) func TestPubSub_Presence(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) - topic := GenerateTopic() + topic := e2e.GenerateTopic() memberID := "user123" memberMeta := map[string]interface{}{"name": "Alice"} // 1. Subscribe with presence - client1, err := NewWSPubSubPresenceClient(t, topic, memberID, memberMeta) + client1, err := e2e.NewWSPubSubPresenceClient(t, topic, memberID, memberMeta) if err != nil { t.Fatalf("failed to create presence client: %v", err) } @@ -48,9 +50,9 @@ func TestPubSub_Presence(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: fmt.Sprintf("%s/v1/pubsub/presence?topic=%s", GetGatewayURL(), topic), + URL: fmt.Sprintf("%s/v1/pubsub/presence?topic=%s", e2e.GetGatewayURL(), topic), } body, status, err := req.Do(ctx) @@ -63,7 +65,7 @@ func TestPubSub_Presence(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -83,7 +85,7 @@ func TestPubSub_Presence(t *testing.T) { // 3. Subscribe second member memberID2 := "user456" - client2, err := NewWSPubSubPresenceClient(t, topic, memberID2, nil) + client2, err := e2e.NewWSPubSubPresenceClient(t, topic, memberID2, nil) if err != nil { t.Fatalf("failed to create second presence client: %v", err) } @@ -119,4 +121,3 @@ func TestPubSub_Presence(t *testing.T) { t.Fatalf("expected presence.leave for %s, got %v for %v", memberID2, event["type"], event["member_id"]) } } - diff --git a/e2e/rqlite_http_test.go b/e2e/shared/rqlite_http_test.go similarity index 72% rename from e2e/rqlite_http_test.go rename to e2e/shared/rqlite_http_test.go index 0d7df2b..0a1cfe8 100644 --- a/e2e/rqlite_http_test.go +++ b/e2e/shared/rqlite_http_test.go @@ -1,6 +1,6 @@ //go:build e2e -package e2e +package shared_test import ( "context" @@ -8,23 +8,36 @@ import ( "net/http" "testing" "time" + + e2e "github.com/DeBrosOfficial/network/e2e" ) func TestRQLite_CreateTable(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - table := GenerateTableName() + table := e2e.GenerateTableName() + + // Cleanup table after test + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + } + dropReq.Do(context.Background()) + }() + schema := fmt.Sprintf( "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT, created_at DATETIME DEFAULT CURRENT_TIMESTAMP)", table, ) - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/create-table", + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", Body: map[string]interface{}{ "schema": schema, }, @@ -41,21 +54,32 @@ func TestRQLite_CreateTable(t *testing.T) { } func TestRQLite_InsertQuery(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - table := GenerateTableName() + table := e2e.GenerateTableName() + + // Cleanup table after test + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + } + dropReq.Do(context.Background()) + }() + schema := fmt.Sprintf( "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT)", table, ) // Create table - createReq := &HTTPRequest{ + createReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/create-table", + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", Body: map[string]interface{}{ "schema": schema, }, @@ -67,9 +91,9 @@ func TestRQLite_InsertQuery(t *testing.T) { } // Insert rows - insertReq := &HTTPRequest{ + insertReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/transaction", + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", Body: map[string]interface{}{ "statements": []string{ fmt.Sprintf("INSERT INTO %s(name) VALUES ('alice')", table), @@ -84,9 +108,9 @@ func TestRQLite_InsertQuery(t *testing.T) { } // Query rows - queryReq := &HTTPRequest{ + queryReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/query", + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", Body: map[string]interface{}{ "sql": fmt.Sprintf("SELECT name FROM %s ORDER BY id", table), }, @@ -102,7 +126,7 @@ func TestRQLite_InsertQuery(t *testing.T) { } var queryResp map[string]interface{} - if err := DecodeJSON(body, &queryResp); err != nil { + if err := e2e.DecodeJSON(body, &queryResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -112,21 +136,21 @@ func TestRQLite_InsertQuery(t *testing.T) { } func TestRQLite_DropTable(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - table := GenerateTableName() + table := e2e.GenerateTableName() schema := fmt.Sprintf( "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY, note TEXT)", table, ) // Create table - createReq := &HTTPRequest{ + createReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/create-table", + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", Body: map[string]interface{}{ "schema": schema, }, @@ -138,9 +162,9 @@ func TestRQLite_DropTable(t *testing.T) { } // Drop table - dropReq := &HTTPRequest{ + dropReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/drop-table", + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", Body: map[string]interface{}{ "table": table, }, @@ -156,9 +180,9 @@ func TestRQLite_DropTable(t *testing.T) { } // Verify table doesn't exist via schema - schemaReq := &HTTPRequest{ + schemaReq := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/rqlite/schema", + URL: e2e.GetGatewayURL() + "/v1/rqlite/schema", } body, status, err := schemaReq.Do(ctx) @@ -168,7 +192,7 @@ func TestRQLite_DropTable(t *testing.T) { } var schemaResp map[string]interface{} - if err := DecodeJSON(body, &schemaResp); err != nil { + if err := e2e.DecodeJSON(body, &schemaResp); err != nil { t.Logf("warning: failed to decode schema response: %v", err) return } @@ -184,14 +208,14 @@ func TestRQLite_DropTable(t *testing.T) { } func TestRQLite_Schema(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/rqlite/schema", + URL: e2e.GetGatewayURL() + "/v1/rqlite/schema", } body, status, err := req.Do(ctx) @@ -204,7 +228,7 @@ func TestRQLite_Schema(t *testing.T) { } var resp map[string]interface{} - if err := DecodeJSON(body, &resp); err != nil { + if err := e2e.DecodeJSON(body, &resp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -214,14 +238,14 @@ func TestRQLite_Schema(t *testing.T) { } func TestRQLite_MalformedSQL(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - req := &HTTPRequest{ + req := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/query", + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", Body: map[string]interface{}{ "sql": "SELECT * FROM nonexistent_table WHERE invalid syntax", }, @@ -239,21 +263,32 @@ func TestRQLite_MalformedSQL(t *testing.T) { } func TestRQLite_LargeTransaction(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) defer cancel() - table := GenerateTableName() + table := e2e.GenerateTableName() + + // Cleanup table after test + defer func() { + dropReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": table}, + } + dropReq.Do(context.Background()) + }() + schema := fmt.Sprintf( "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY AUTOINCREMENT, value INTEGER)", table, ) // Create table - createReq := &HTTPRequest{ + createReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/create-table", + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", Body: map[string]interface{}{ "schema": schema, }, @@ -270,9 +305,9 @@ func TestRQLite_LargeTransaction(t *testing.T) { statements = append(statements, fmt.Sprintf("INSERT INTO %s(value) VALUES (%d)", table, i)) } - txReq := &HTTPRequest{ + txReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/transaction", + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", Body: map[string]interface{}{ "statements": statements, }, @@ -284,9 +319,9 @@ func TestRQLite_LargeTransaction(t *testing.T) { } // Verify all rows were inserted - queryReq := &HTTPRequest{ + queryReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/query", + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", Body: map[string]interface{}{ "sql": fmt.Sprintf("SELECT COUNT(*) as count FROM %s", table), }, @@ -298,7 +333,7 @@ func TestRQLite_LargeTransaction(t *testing.T) { } var countResp map[string]interface{} - if err := DecodeJSON(body, &countResp); err != nil { + if err := e2e.DecodeJSON(body, &countResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -312,18 +347,35 @@ func TestRQLite_LargeTransaction(t *testing.T) { } func TestRQLite_ForeignKeyMigration(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) defer cancel() - orgsTable := GenerateTableName() - usersTable := GenerateTableName() + orgsTable := e2e.GenerateTableName() + usersTable := e2e.GenerateTableName() + + // Cleanup tables after test + defer func() { + dropUsersReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": usersTable}, + } + dropUsersReq.Do(context.Background()) + + dropOrgsReq := &e2e.HTTPRequest{ + Method: http.MethodPost, + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", + Body: map[string]interface{}{"table": orgsTable}, + } + dropOrgsReq.Do(context.Background()) + }() // Create base tables - createOrgsReq := &HTTPRequest{ + createOrgsReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/create-table", + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", Body: map[string]interface{}{ "schema": fmt.Sprintf( "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY, name TEXT)", @@ -337,9 +389,9 @@ func TestRQLite_ForeignKeyMigration(t *testing.T) { t.Fatalf("create orgs table failed: status %d, err %v", status, err) } - createUsersReq := &HTTPRequest{ + createUsersReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/create-table", + URL: e2e.GetGatewayURL() + "/v1/rqlite/create-table", Body: map[string]interface{}{ "schema": fmt.Sprintf( "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY, name TEXT, org_id INTEGER, age TEXT)", @@ -354,9 +406,9 @@ func TestRQLite_ForeignKeyMigration(t *testing.T) { } // Seed data - seedReq := &HTTPRequest{ + seedReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/transaction", + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", Body: map[string]interface{}{ "statements": []string{ fmt.Sprintf("INSERT INTO %s(id,name) VALUES (1,'org')", orgsTable), @@ -371,9 +423,9 @@ func TestRQLite_ForeignKeyMigration(t *testing.T) { } // Migrate: change age type and add FK - migrationReq := &HTTPRequest{ + migrationReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/transaction", + URL: e2e.GetGatewayURL() + "/v1/rqlite/transaction", Body: map[string]interface{}{ "statements": []string{ fmt.Sprintf( @@ -396,9 +448,9 @@ func TestRQLite_ForeignKeyMigration(t *testing.T) { } // Verify data is intact - queryReq := &HTTPRequest{ + queryReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/query", + URL: e2e.GetGatewayURL() + "/v1/rqlite/query", Body: map[string]interface{}{ "sql": fmt.Sprintf("SELECT name, org_id, age FROM %s", usersTable), }, @@ -410,7 +462,7 @@ func TestRQLite_ForeignKeyMigration(t *testing.T) { } var queryResp map[string]interface{} - if err := DecodeJSON(body, &queryResp); err != nil { + if err := e2e.DecodeJSON(body, &queryResp); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -420,14 +472,14 @@ func TestRQLite_ForeignKeyMigration(t *testing.T) { } func TestRQLite_DropNonexistentTable(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - dropReq := &HTTPRequest{ + dropReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/rqlite/drop-table", + URL: e2e.GetGatewayURL() + "/v1/rqlite/drop-table", Body: map[string]interface{}{ "table": "nonexistent_table_xyz_" + fmt.Sprintf("%d", time.Now().UnixNano()), }, diff --git a/e2e/serverless_test.go b/e2e/shared/serverless_test.go similarity index 69% rename from e2e/serverless_test.go rename to e2e/shared/serverless_test.go index f8406cb..89177cc 100644 --- a/e2e/serverless_test.go +++ b/e2e/shared/serverless_test.go @@ -1,6 +1,6 @@ //go:build e2e -package e2e +package shared_test import ( "bytes" @@ -11,10 +11,12 @@ import ( "os" "testing" "time" + + e2e "github.com/DeBrosOfficial/network/e2e" ) func TestServerless_DeployAndInvoke(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() @@ -30,7 +32,11 @@ func TestServerless_DeployAndInvoke(t *testing.T) { } funcName := "e2e-hello" - namespace := "default" + // Use namespace from environment or default to test namespace + namespace := os.Getenv("ORAMA_NAMESPACE") + if namespace == "" { + namespace = "default-test-ns" // Match the namespace from LoadTestEnv() + } // 1. Deploy function var buf bytes.Buffer @@ -39,6 +45,7 @@ func TestServerless_DeployAndInvoke(t *testing.T) { // Add metadata _ = writer.WriteField("name", funcName) _ = writer.WriteField("namespace", namespace) + _ = writer.WriteField("is_public", "true") // Make function public for E2E test // Add WASM file part, err := writer.CreateFormFile("wasm", funcName+".wasm") @@ -48,14 +55,14 @@ func TestServerless_DeployAndInvoke(t *testing.T) { part.Write(wasmBytes) writer.Close() - deployReq, _ := http.NewRequestWithContext(ctx, "POST", GetGatewayURL()+"/v1/functions", &buf) + deployReq, _ := http.NewRequestWithContext(ctx, "POST", e2e.GetGatewayURL()+"/v1/functions", &buf) deployReq.Header.Set("Content-Type", writer.FormDataContentType()) - if apiKey := GetAPIKey(); apiKey != "" { + if apiKey := e2e.GetAPIKey(); apiKey != "" { deployReq.Header.Set("Authorization", "Bearer "+apiKey) } - client := NewHTTPClient(1 * time.Minute) + client := e2e.NewHTTPClient(1 * time.Minute) resp, err := client.Do(deployReq) if err != nil { t.Fatalf("deploy request failed: %v", err) @@ -69,10 +76,10 @@ func TestServerless_DeployAndInvoke(t *testing.T) { // 2. Invoke function invokePayload := []byte(`{"name": "E2E Tester"}`) - invokeReq, _ := http.NewRequestWithContext(ctx, "POST", GetGatewayURL()+"/v1/functions/"+funcName+"/invoke", bytes.NewReader(invokePayload)) + invokeReq, _ := http.NewRequestWithContext(ctx, "POST", e2e.GetGatewayURL()+"/v1/functions/"+funcName+"/invoke?namespace="+namespace, bytes.NewReader(invokePayload)) invokeReq.Header.Set("Content-Type", "application/json") - if apiKey := GetAPIKey(); apiKey != "" { + if apiKey := e2e.GetAPIKey(); apiKey != "" { invokeReq.Header.Set("Authorization", "Bearer "+apiKey) } @@ -94,8 +101,8 @@ func TestServerless_DeployAndInvoke(t *testing.T) { } // 3. List functions - listReq, _ := http.NewRequestWithContext(ctx, "GET", GetGatewayURL()+"/v1/functions?namespace="+namespace, nil) - if apiKey := GetAPIKey(); apiKey != "" { + listReq, _ := http.NewRequestWithContext(ctx, "GET", e2e.GetGatewayURL()+"/v1/functions?namespace="+namespace, nil) + if apiKey := e2e.GetAPIKey(); apiKey != "" { listReq.Header.Set("Authorization", "Bearer "+apiKey) } resp, err = client.Do(listReq) @@ -108,8 +115,8 @@ func TestServerless_DeployAndInvoke(t *testing.T) { } // 4. Delete function - deleteReq, _ := http.NewRequestWithContext(ctx, "DELETE", GetGatewayURL()+"/v1/functions/"+funcName+"?namespace="+namespace, nil) - if apiKey := GetAPIKey(); apiKey != "" { + deleteReq, _ := http.NewRequestWithContext(ctx, "DELETE", e2e.GetGatewayURL()+"/v1/functions/"+funcName+"?namespace="+namespace, nil) + if apiKey := e2e.GetAPIKey(); apiKey != "" { deleteReq.Header.Set("Authorization", "Bearer "+apiKey) } resp, err = client.Do(deleteReq) diff --git a/e2e/storage_http_test.go b/e2e/shared/storage_http_test.go similarity index 78% rename from e2e/storage_http_test.go rename to e2e/shared/storage_http_test.go index ee8fb0c..d61b075 100644 --- a/e2e/storage_http_test.go +++ b/e2e/shared/storage_http_test.go @@ -1,6 +1,6 @@ //go:build e2e -package e2e +package shared_test import ( "bytes" @@ -10,6 +10,8 @@ import ( "net/http" "testing" "time" + + e2e "github.com/DeBrosOfficial/network/e2e" ) // uploadFile is a helper to upload a file to storage @@ -34,7 +36,7 @@ func uploadFile(t *testing.T, ctx context.Context, content []byte, filename stri } // Create request - req, err := http.NewRequestWithContext(ctx, http.MethodPost, GetGatewayURL()+"/v1/storage/upload", &buf) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, e2e.GetGatewayURL()+"/v1/storage/upload", &buf) if err != nil { t.Fatalf("failed to create request: %v", err) } @@ -42,13 +44,13 @@ func uploadFile(t *testing.T, ctx context.Context, content []byte, filename stri req.Header.Set("Content-Type", writer.FormDataContentType()) // Add auth headers - if jwt := GetJWT(); jwt != "" { + if jwt := e2e.GetJWT(); jwt != "" { req.Header.Set("Authorization", "Bearer "+jwt) - } else if apiKey := GetAPIKey(); apiKey != "" { + } else if apiKey := e2e.GetAPIKey(); apiKey != "" { req.Header.Set("Authorization", "Bearer "+apiKey) } - client := NewHTTPClient(5 * time.Minute) + client := e2e.NewHTTPClient(5 * time.Minute) resp, err := client.Do(req) if err != nil { t.Fatalf("upload request failed: %v", err) @@ -60,28 +62,20 @@ func uploadFile(t *testing.T, ctx context.Context, content []byte, filename stri t.Fatalf("upload failed with status %d: %s", resp.StatusCode, string(body)) } - result, err := DecodeJSONFromReader(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { + t.Fatalf("failed to read upload response: %v", err) + } + var result map[string]interface{} + if err := e2e.DecodeJSON(body, &result); err != nil { t.Fatalf("failed to decode upload response: %v", err) } return result["cid"].(string) } -// DecodeJSON is a helper to decode JSON from io.ReadCloser -func DecodeJSONFromReader(rc io.ReadCloser) (map[string]interface{}, error) { - defer rc.Close() - body, err := io.ReadAll(rc) - if err != nil { - return nil, err - } - var result map[string]interface{} - err = DecodeJSON(body, &result) - return result, err -} - func TestStorage_UploadText(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() @@ -107,18 +101,18 @@ func TestStorage_UploadText(t *testing.T) { } // Create request - req, err := http.NewRequestWithContext(ctx, http.MethodPost, GetGatewayURL()+"/v1/storage/upload", &buf) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, e2e.GetGatewayURL()+"/v1/storage/upload", &buf) if err != nil { t.Fatalf("failed to create request: %v", err) } req.Header.Set("Content-Type", writer.FormDataContentType()) - if apiKey := GetAPIKey(); apiKey != "" { + if apiKey := e2e.GetAPIKey(); apiKey != "" { req.Header.Set("Authorization", "Bearer "+apiKey) } - client := NewHTTPClient(5 * time.Minute) + client := e2e.NewHTTPClient(5 * time.Minute) resp, err := client.Do(req) if err != nil { t.Fatalf("upload request failed: %v", err) @@ -132,7 +126,7 @@ func TestStorage_UploadText(t *testing.T) { var result map[string]interface{} body, _ := io.ReadAll(resp.Body) - if err := DecodeJSON(body, &result); err != nil { + if err := e2e.DecodeJSON(body, &result); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -150,7 +144,7 @@ func TestStorage_UploadText(t *testing.T) { } func TestStorage_UploadBinary(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() @@ -177,18 +171,18 @@ func TestStorage_UploadBinary(t *testing.T) { } // Create request - req, err := http.NewRequestWithContext(ctx, http.MethodPost, GetGatewayURL()+"/v1/storage/upload", &buf) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, e2e.GetGatewayURL()+"/v1/storage/upload", &buf) if err != nil { t.Fatalf("failed to create request: %v", err) } req.Header.Set("Content-Type", writer.FormDataContentType()) - if apiKey := GetAPIKey(); apiKey != "" { + if apiKey := e2e.GetAPIKey(); apiKey != "" { req.Header.Set("Authorization", "Bearer "+apiKey) } - client := NewHTTPClient(5 * time.Minute) + client := e2e.NewHTTPClient(5 * time.Minute) resp, err := client.Do(req) if err != nil { t.Fatalf("upload request failed: %v", err) @@ -202,7 +196,7 @@ func TestStorage_UploadBinary(t *testing.T) { var result map[string]interface{} body, _ := io.ReadAll(resp.Body) - if err := DecodeJSON(body, &result); err != nil { + if err := e2e.DecodeJSON(body, &result); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -212,7 +206,7 @@ func TestStorage_UploadBinary(t *testing.T) { } func TestStorage_UploadLarge(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() @@ -239,18 +233,18 @@ func TestStorage_UploadLarge(t *testing.T) { } // Create request - req, err := http.NewRequestWithContext(ctx, http.MethodPost, GetGatewayURL()+"/v1/storage/upload", &buf) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, e2e.GetGatewayURL()+"/v1/storage/upload", &buf) if err != nil { t.Fatalf("failed to create request: %v", err) } req.Header.Set("Content-Type", writer.FormDataContentType()) - if apiKey := GetAPIKey(); apiKey != "" { + if apiKey := e2e.GetAPIKey(); apiKey != "" { req.Header.Set("Authorization", "Bearer "+apiKey) } - client := NewHTTPClient(5 * time.Minute) + client := e2e.NewHTTPClient(5 * time.Minute) resp, err := client.Do(req) if err != nil { t.Fatalf("upload request failed: %v", err) @@ -264,7 +258,7 @@ func TestStorage_UploadLarge(t *testing.T) { var result map[string]interface{} body, _ := io.ReadAll(resp.Body) - if err := DecodeJSON(body, &result); err != nil { + if err := e2e.DecodeJSON(body, &result); err != nil { t.Fatalf("failed to decode response: %v", err) } @@ -274,7 +268,7 @@ func TestStorage_UploadLarge(t *testing.T) { } func TestStorage_PinUnpin(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() @@ -299,18 +293,18 @@ func TestStorage_PinUnpin(t *testing.T) { } // Create upload request - req, err := http.NewRequestWithContext(ctx, http.MethodPost, GetGatewayURL()+"/v1/storage/upload", &buf) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, e2e.GetGatewayURL()+"/v1/storage/upload", &buf) if err != nil { t.Fatalf("failed to create request: %v", err) } req.Header.Set("Content-Type", writer.FormDataContentType()) - if apiKey := GetAPIKey(); apiKey != "" { + if apiKey := e2e.GetAPIKey(); apiKey != "" { req.Header.Set("Authorization", "Bearer "+apiKey) } - client := NewHTTPClient(5 * time.Minute) + client := e2e.NewHTTPClient(5 * time.Minute) resp, err := client.Do(req) if err != nil { t.Fatalf("upload failed: %v", err) @@ -319,16 +313,23 @@ func TestStorage_PinUnpin(t *testing.T) { var uploadResult map[string]interface{} body, _ := io.ReadAll(resp.Body) - if err := DecodeJSON(body, &uploadResult); err != nil { + if err := e2e.DecodeJSON(body, &uploadResult); err != nil { t.Fatalf("failed to decode upload response: %v", err) } - cid := uploadResult["cid"].(string) + if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated { + t.Fatalf("upload failed with status %d: %s", resp.StatusCode, string(body)) + } + + cid, ok := uploadResult["cid"].(string) + if !ok || cid == "" { + t.Fatalf("no CID in upload response: %v", uploadResult) + } // Pin the file - pinReq := &HTTPRequest{ + pinReq := &e2e.HTTPRequest{ Method: http.MethodPost, - URL: GetGatewayURL() + "/v1/storage/pin", + URL: e2e.GetGatewayURL() + "/v1/storage/pin", Body: map[string]interface{}{ "cid": cid, "name": "pinned-file", @@ -345,7 +346,7 @@ func TestStorage_PinUnpin(t *testing.T) { } var pinResult map[string]interface{} - if err := DecodeJSON(body2, &pinResult); err != nil { + if err := e2e.DecodeJSON(body2, &pinResult); err != nil { t.Fatalf("failed to decode pin response: %v", err) } @@ -354,9 +355,9 @@ func TestStorage_PinUnpin(t *testing.T) { } // Unpin the file - unpinReq := &HTTPRequest{ + unpinReq := &e2e.HTTPRequest{ Method: http.MethodDelete, - URL: GetGatewayURL() + "/v1/storage/unpin/" + cid, + URL: e2e.GetGatewayURL() + "/v1/storage/unpin/" + cid, } body3, status, err := unpinReq.Do(ctx) @@ -370,7 +371,7 @@ func TestStorage_PinUnpin(t *testing.T) { } func TestStorage_Status(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() @@ -395,18 +396,18 @@ func TestStorage_Status(t *testing.T) { } // Create upload request - req, err := http.NewRequestWithContext(ctx, http.MethodPost, GetGatewayURL()+"/v1/storage/upload", &buf) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, e2e.GetGatewayURL()+"/v1/storage/upload", &buf) if err != nil { t.Fatalf("failed to create request: %v", err) } req.Header.Set("Content-Type", writer.FormDataContentType()) - if apiKey := GetAPIKey(); apiKey != "" { + if apiKey := e2e.GetAPIKey(); apiKey != "" { req.Header.Set("Authorization", "Bearer "+apiKey) } - client := NewHTTPClient(5 * time.Minute) + client := e2e.NewHTTPClient(5 * time.Minute) resp, err := client.Do(req) if err != nil { t.Fatalf("upload failed: %v", err) @@ -415,16 +416,16 @@ func TestStorage_Status(t *testing.T) { var uploadResult map[string]interface{} body, _ := io.ReadAll(resp.Body) - if err := DecodeJSON(body, &uploadResult); err != nil { + if err := e2e.DecodeJSON(body, &uploadResult); err != nil { t.Fatalf("failed to decode upload response: %v", err) } cid := uploadResult["cid"].(string) // Get status - statusReq := &HTTPRequest{ + statusReq := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/storage/status/" + cid, + URL: e2e.GetGatewayURL() + "/v1/storage/status/" + cid, } statusBody, status, err := statusReq.Do(ctx) @@ -437,7 +438,7 @@ func TestStorage_Status(t *testing.T) { } var statusResult map[string]interface{} - if err := DecodeJSON(statusBody, &statusResult); err != nil { + if err := e2e.DecodeJSON(statusBody, &statusResult); err != nil { t.Fatalf("failed to decode status response: %v", err) } @@ -447,14 +448,14 @@ func TestStorage_Status(t *testing.T) { } func TestStorage_InvalidCID(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - statusReq := &HTTPRequest{ + statusReq := &e2e.HTTPRequest{ Method: http.MethodGet, - URL: GetGatewayURL() + "/v1/storage/status/QmInvalidCID123456789", + URL: e2e.GetGatewayURL() + "/v1/storage/status/QmInvalidCID123456789", } _, status, err := statusReq.Do(ctx) @@ -468,7 +469,7 @@ func TestStorage_InvalidCID(t *testing.T) { } func TestStorage_GetByteRange(t *testing.T) { - SkipIfMissingGateway(t) + e2e.SkipIfMissingGateway(t) ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() @@ -493,18 +494,18 @@ func TestStorage_GetByteRange(t *testing.T) { } // Create upload request - req, err := http.NewRequestWithContext(ctx, http.MethodPost, GetGatewayURL()+"/v1/storage/upload", &buf) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, e2e.GetGatewayURL()+"/v1/storage/upload", &buf) if err != nil { t.Fatalf("failed to create request: %v", err) } req.Header.Set("Content-Type", writer.FormDataContentType()) - if apiKey := GetAPIKey(); apiKey != "" { + if apiKey := e2e.GetAPIKey(); apiKey != "" { req.Header.Set("Authorization", "Bearer "+apiKey) } - client := NewHTTPClient(5 * time.Minute) + client := e2e.NewHTTPClient(5 * time.Minute) resp, err := client.Do(req) if err != nil { t.Fatalf("upload failed: %v", err) @@ -513,19 +514,19 @@ func TestStorage_GetByteRange(t *testing.T) { var uploadResult map[string]interface{} body, _ := io.ReadAll(resp.Body) - if err := DecodeJSON(body, &uploadResult); err != nil { + if err := e2e.DecodeJSON(body, &uploadResult); err != nil { t.Fatalf("failed to decode upload response: %v", err) } cid := uploadResult["cid"].(string) // Get full content - getReq, err := http.NewRequestWithContext(ctx, http.MethodGet, GetGatewayURL()+"/v1/storage/get/"+cid, nil) + getReq, err := http.NewRequestWithContext(ctx, http.MethodGet, e2e.GetGatewayURL()+"/v1/storage/get/"+cid, nil) if err != nil { t.Fatalf("failed to create get request: %v", err) } - if apiKey := GetAPIKey(); apiKey != "" { + if apiKey := e2e.GetAPIKey(); apiKey != "" { getReq.Header.Set("Authorization", "Bearer "+apiKey) } diff --git a/gateway b/gateway deleted file mode 100755 index 313a6ce..0000000 Binary files a/gateway and /dev/null differ diff --git a/go.mod b/go.mod index 977bb54..aeba8be 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/DeBrosOfficial/network -go 1.24.0 - -toolchain go1.24.1 +go 1.24.6 require ( github.com/charmbracelet/bubbles v0.20.0 @@ -11,86 +9,182 @@ require ( github.com/ethereum/go-ethereum v1.13.14 github.com/go-chi/chi/v5 v5.2.3 github.com/google/uuid v1.6.0 - github.com/gorilla/websocket v1.5.3 + github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 github.com/libp2p/go-libp2p v0.41.1 github.com/libp2p/go-libp2p-pubsub v0.14.2 github.com/mackerelio/go-osstat v0.2.6 github.com/mattn/go-sqlite3 v1.14.32 - github.com/multiformats/go-multiaddr v0.15.0 + github.com/multiformats/go-multiaddr v0.16.0 github.com/olric-data/olric v0.7.0 github.com/rqlite/gorqlite v0.0.0-20250609141355-ac86a4a1c9a8 github.com/tetratelabs/wazero v1.11.0 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.40.0 - golang.org/x/net v0.42.0 + golang.org/x/crypto v0.47.0 + golang.org/x/net v0.49.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 ) require ( + cloud.google.com/go/auth v0.18.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect + cloud.google.com/go/compute/metadata v0.9.0 // indirect + github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect + github.com/Azure/go-autorest v14.2.0+incompatible // indirect + github.com/Azure/go-autorest/autorest v0.11.30 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect + github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 // indirect + github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect + github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect + github.com/Azure/go-autorest/autorest/to v0.2.0 // indirect + github.com/Azure/go-autorest/logger v0.2.1 // indirect + github.com/Azure/go-autorest/tracing v0.6.0 // indirect + github.com/DataDog/datadog-agent/comp/core/tagger/origindetection v0.71.0 // indirect + github.com/DataDog/datadog-agent/pkg/obfuscate v0.71.0 // indirect + github.com/DataDog/datadog-agent/pkg/opentelemetry-mapping-go/otlp/attributes v0.71.0 // indirect + github.com/DataDog/datadog-agent/pkg/proto v0.71.0 // indirect + github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.73.0-rc.1 // indirect + github.com/DataDog/datadog-agent/pkg/trace v0.71.0 // indirect + github.com/DataDog/datadog-agent/pkg/util/log v0.71.0 // indirect + github.com/DataDog/datadog-agent/pkg/util/scrubber v0.71.0 // indirect + github.com/DataDog/datadog-agent/pkg/version v0.71.0 // indirect + github.com/DataDog/datadog-go/v5 v5.6.0 // indirect + github.com/DataDog/dd-trace-go/v2 v2.5.0 // indirect + github.com/DataDog/go-libddwaf/v4 v4.8.0 // indirect + github.com/DataDog/go-runtime-metrics-internal v0.0.4-0.20250721125240-fdf1ef85b633 // indirect + github.com/DataDog/go-sqllexer v0.1.8 // indirect + github.com/DataDog/go-tuf v1.1.1-0.5.2 // indirect + github.com/DataDog/sketches-go v1.4.7 // indirect + github.com/Microsoft/go-winio v0.6.2 // indirect github.com/RoaringBitmap/roaring v1.9.4 // indirect + github.com/apparentlymart/go-cidr v1.1.0 // indirect github.com/armon/go-metrics v0.4.1 // indirect github.com/atotto/clipboard v0.1.4 // indirect + github.com/aws/aws-sdk-go-v2 v1.41.1 // indirect + github.com/aws/aws-sdk-go-v2/config v1.32.7 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.19.7 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 // indirect + github.com/aws/aws-sdk-go-v2/service/route53 v1.62.1 // indirect + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.1 // indirect + github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 // indirect + github.com/aws/smithy-go v1.24.0 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/benbjohnson/clock v1.3.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bits-and-blooms/bitset v1.22.0 // indirect github.com/btcsuite/btcd/btcec/v2 v2.2.0 // indirect github.com/buraksezer/consistent v0.10.0 // indirect + github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/charmbracelet/x/ansi v0.4.5 // indirect github.com/charmbracelet/x/term v0.2.1 // indirect + github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575 // indirect github.com/containerd/cgroups v1.1.0 // indirect + github.com/coredns/caddy v1.1.4 // indirect + github.com/coredns/coredns v1.12.1 // indirect + github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect + github.com/dimchansky/utfbom v1.1.1 // indirect + github.com/dnstap/golang-dnstap v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect + github.com/dunglas/httpsfv v1.1.0 // indirect + github.com/dustin/go-humanize v1.0.1 // indirect + github.com/ebitengine/purego v0.8.4 // indirect github.com/elastic/gosigar v0.14.3 // indirect + github.com/emicklei/go-restful/v3 v3.12.2 // indirect github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect + github.com/expr-lang/expr v1.17.7 // indirect + github.com/farsightsec/golang-framestream v0.3.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 // indirect github.com/flynn/noise v1.1.0 // indirect github.com/francoispqt/gojay v1.2.13 // indirect + github.com/fxamacker/cbor/v2 v2.9.0 // indirect + github.com/go-logr/logr v1.4.3 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/go-ole/go-ole v1.3.0 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang-jwt/jwt/v4 v4.5.2 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.3 // indirect + github.com/google/gnostic-models v0.7.0 // indirect + github.com/google/go-cmp v0.7.0 // indirect github.com/google/gopacket v1.1.19 // indirect github.com/google/pprof v0.0.0-20250208200701-d0013a598941 // indirect + github.com/google/s2a-go v0.1.9 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect + github.com/googleapis/gax-go/v2 v2.16.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect + github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect + github.com/hashicorp/cronexpr v1.1.3 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect + github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-metrics v0.5.4 // indirect github.com/hashicorp/go-msgpack/v2 v2.1.3 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-sockaddr v1.0.7 // indirect + github.com/hashicorp/go-version v1.7.0 // indirect github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect github.com/hashicorp/logutils v1.0.0 // indirect github.com/hashicorp/memberlist v0.5.3 // indirect + github.com/hashicorp/nomad/api v0.0.0-20250909143645-a3b86c697f38 // indirect github.com/holiman/uint256 v1.2.4 // indirect github.com/huin/goupnp v1.3.0 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9 // indirect github.com/ipfs/go-cid v0.5.0 // indirect github.com/ipfs/go-log/v2 v2.6.0 // indirect github.com/jackpal/go-nat-pmp v1.0.2 // indirect github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.18.0 // indirect github.com/klauspost/cpuid/v2 v2.2.10 // indirect - github.com/koron/go-ssdp v0.0.5 // indirect + github.com/koron/go-ssdp v0.0.6 // indirect github.com/libp2p/go-buffer-pool v0.1.0 // indirect github.com/libp2p/go-flow-metrics v0.2.0 // indirect github.com/libp2p/go-libp2p-asn-util v0.4.1 // indirect github.com/libp2p/go-msgio v0.3.0 // indirect - github.com/libp2p/go-netroute v0.2.2 // indirect + github.com/libp2p/go-netroute v0.3.0 // indirect github.com/libp2p/go-reuseport v0.4.0 // indirect - github.com/libp2p/go-yamux/v5 v5.0.0 // indirect + github.com/libp2p/go-yamux/v5 v5.0.1 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect + github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-localereader v0.0.1 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect - github.com/miekg/dns v1.1.66 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/miekg/dns v1.1.70 // indirect github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect github.com/minio/sha256-simd v1.0.1 // indirect + github.com/minio/simdjson-go v0.4.5 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/mr-tron/base58 v1.2.0 // indirect github.com/mschoch/smat v0.2.0 // indirect github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect @@ -101,63 +195,129 @@ require ( github.com/multiformats/go-multiaddr-dns v0.4.1 // indirect github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect github.com/multiformats/go-multibase v0.2.0 // indirect - github.com/multiformats/go-multicodec v0.9.0 // indirect + github.com/multiformats/go-multicodec v0.9.1 // indirect github.com/multiformats/go-multihash v0.2.3 // indirect - github.com/multiformats/go-multistream v0.6.0 // indirect + github.com/multiformats/go-multistream v0.6.1 // indirect github.com/multiformats/go-varint v0.0.7 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/onsi/ginkgo/v2 v2.22.2 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect + github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect + github.com/opentracing/opentracing-go v1.2.0 // indirect + github.com/openzipkin-contrib/zipkin-go-opentracing v0.5.0 // indirect + github.com/openzipkin/zipkin-go v0.4.3 // indirect + github.com/oschwald/geoip2-golang/v2 v2.1.0 // indirect + github.com/oschwald/maxminddb-golang/v2 v2.1.1 // indirect + github.com/outcaste-io/ristretto v0.2.3 // indirect github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect + github.com/philhofer/fwd v1.2.0 // indirect github.com/pion/datachannel v1.5.10 // indirect github.com/pion/dtls/v2 v2.2.12 // indirect - github.com/pion/dtls/v3 v3.0.4 // indirect - github.com/pion/ice/v4 v4.0.8 // indirect - github.com/pion/interceptor v0.1.37 // indirect + github.com/pion/dtls/v3 v3.0.6 // indirect + github.com/pion/ice/v4 v4.0.10 // indirect + github.com/pion/interceptor v0.1.40 // indirect github.com/pion/logging v0.2.3 // indirect github.com/pion/mdns/v2 v2.0.7 // indirect github.com/pion/randutil v0.1.0 // indirect github.com/pion/rtcp v1.2.15 // indirect - github.com/pion/rtp v1.8.11 // indirect - github.com/pion/sctp v1.8.37 // indirect - github.com/pion/sdp/v3 v3.0.10 // indirect - github.com/pion/srtp/v3 v3.0.4 // indirect + github.com/pion/rtp v1.8.19 // indirect + github.com/pion/sctp v1.8.39 // indirect + github.com/pion/sdp/v3 v3.0.13 // indirect + github.com/pion/srtp/v3 v3.0.6 // indirect github.com/pion/stun v0.6.1 // indirect github.com/pion/stun/v3 v3.0.0 // indirect github.com/pion/transport/v2 v2.2.10 // indirect github.com/pion/transport/v3 v3.0.7 // indirect - github.com/pion/turn/v4 v4.0.0 // indirect - github.com/pion/webrtc/v4 v4.0.10 // indirect + github.com/pion/turn/v4 v4.0.2 // indirect + github.com/pion/webrtc/v4 v4.1.2 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.22.0 // indirect + github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect + github.com/prometheus/client_golang v1.23.0 // indirect github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/common v0.63.0 // indirect + github.com/prometheus/common v0.67.5 // indirect github.com/prometheus/procfs v0.16.1 // indirect + github.com/puzpuzpuz/xsync/v3 v3.5.1 // indirect github.com/quic-go/qpack v0.5.1 // indirect github.com/quic-go/quic-go v0.50.1 // indirect github.com/quic-go/webtransport-go v0.8.1-0.20241018022711-4ac2c9250e66 // indirect github.com/raulk/go-watchdog v1.3.0 // indirect github.com/redis/go-redis/v9 v9.8.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect - github.com/rogpeppe/go-internal v1.13.1 // indirect + github.com/rogpeppe/go-internal v1.14.1 // indirect github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect + github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect + github.com/shirou/gopsutil/v4 v4.25.8-0.20250809033336-ffcdc2b7662f // indirect github.com/spaolacci/murmur3 v1.1.0 // indirect + github.com/spf13/cobra v1.10.2 // indirect + github.com/spf13/pflag v1.0.9 // indirect + github.com/stretchr/testify v1.11.1 // indirect + github.com/theckman/httpforwarded v0.4.0 // indirect github.com/tidwall/btree v1.7.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/redcon v1.6.2 // indirect + github.com/tinylib/msgp v1.3.0 // indirect + github.com/tklauser/go-sysconf v0.3.15 // indirect + github.com/tklauser/numcpus v0.10.0 // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/wlynxg/anet v0.0.5 // indirect - go.uber.org/dig v1.18.0 // indirect - go.uber.org/fx v1.23.0 // indirect - go.uber.org/mock v0.5.0 // indirect + github.com/x448/float16 v0.8.4 // indirect + github.com/yusufpapurcu/wmi v1.2.4 // indirect + go.etcd.io/etcd/api/v3 v3.6.7 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.6.7 // indirect + go.etcd.io/etcd/client/v3 v3.6.7 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect + go.opentelemetry.io/collector/component v1.39.0 // indirect + go.opentelemetry.io/collector/featuregate v1.46.0 // indirect + go.opentelemetry.io/collector/internal/telemetry v0.133.0 // indirect + go.opentelemetry.io/collector/pdata v1.46.0 // indirect + go.opentelemetry.io/collector/pdata/pprofile v0.140.0 // indirect + go.opentelemetry.io/contrib/bridges/otelzap v0.12.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect + go.opentelemetry.io/otel v1.38.0 // indirect + go.opentelemetry.io/otel/log v0.13.0 // indirect + go.opentelemetry.io/otel/metric v1.38.0 // indirect + go.opentelemetry.io/otel/sdk v1.38.0 // indirect + go.opentelemetry.io/otel/trace v1.38.0 // indirect + go.uber.org/atomic v1.11.0 // indirect + go.uber.org/automaxprocs v1.6.0 // indirect + go.uber.org/dig v1.19.0 // indirect + go.uber.org/fx v1.24.0 // indirect + go.uber.org/mock v0.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect + go.yaml.in/yaml/v2 v2.4.3 // indirect + go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/exp v0.0.0-20250718183923-645b1fa84792 // indirect - golang.org/x/mod v0.26.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.38.0 // indirect - golang.org/x/text v0.27.0 // indirect - golang.org/x/tools v0.35.0 // indirect - google.golang.org/protobuf v1.36.6 // indirect + golang.org/x/mod v0.31.0 // indirect + golang.org/x/oauth2 v0.34.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.40.0 // indirect + golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc // indirect + golang.org/x/term v0.39.0 // indirect + golang.org/x/text v0.33.0 // indirect + golang.org/x/time v0.14.0 // indirect + golang.org/x/tools v0.40.0 // indirect + golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect + google.golang.org/api v0.259.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect + google.golang.org/grpc v1.78.0 // indirect + google.golang.org/protobuf v1.36.11 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect + k8s.io/api v0.34.3 // indirect + k8s.io/apimachinery v0.34.3 // indirect + k8s.io/client-go v0.34.3 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect + k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect lukechampine.com/blake3 v1.4.1 // indirect + sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect + sigs.k8s.io/mcs-api v0.3.0 // indirect + sigs.k8s.io/randfill v1.0.0 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect + sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/go.sum b/go.sum index 09bf231..8c64240 100644 --- a/go.sum +++ b/go.sum @@ -2,13 +2,80 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo= +cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw= +cloud.google.com/go/auth v0.18.0 h1:wnqy5hrv7p3k7cShwAU/Br3nzod7fxoqG+k0VZ+/Pk0= +cloud.google.com/go/auth v0.18.0/go.mod h1:wwkPM1AgE1f2u6dG443MiWoD8C3BtOywNsUMcUTVDRo= +cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= +cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= +cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs= +cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10= dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU= dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4= dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= +github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= +github.com/Azure/go-autorest/autorest v0.11.30 h1:iaZ1RGz/ALZtN5eq4Nr1SOFSlf2E4pDI3Tcsl+dZPVE= +github.com/Azure/go-autorest/autorest v0.11.30/go.mod h1:t1kpPIOpIVX7annvothKvb0stsrXa37i7b+xpmBW8Fs= +github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc= +github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 h1:Ov8avRZi2vmrE2JcXw+tu5K/yB41r7xK9GZDiBF7NdM= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.13/go.mod h1:5BAVfWLWXihP47vYrPuBKKf4cS0bXI+KM9Qx6ETDJYo= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0= +github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= +github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= +github.com/Azure/go-autorest/autorest/to v0.2.0 h1:nQOZzFCudTh+TvquAtCRjM01VEYx85e9qbwt5ncW4L8= +github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc= +github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= +github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= +github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/DataDog/datadog-agent/comp/core/tagger/origindetection v0.71.0 h1:xjmjXOsiLfUF1wWXYXc8Gg6M7Jbz6a7FtqbnvGKfTvA= +github.com/DataDog/datadog-agent/comp/core/tagger/origindetection v0.71.0/go.mod h1:y05SPqKEtrigKul+JBVM69ehv3lOgyKwrUIwLugoaSI= +github.com/DataDog/datadog-agent/pkg/obfuscate v0.71.0 h1:jX8qS7CkNzL1fdcDptrOkbWpsRFTQ58ICjp/mj02u1k= +github.com/DataDog/datadog-agent/pkg/obfuscate v0.71.0/go.mod h1:B3T0If+WdWAwPMpawjm1lieJyqSI0v04dQZHq15WGxY= +github.com/DataDog/datadog-agent/pkg/opentelemetry-mapping-go/otlp/attributes v0.71.0 h1:bowQteds9+7I4Dd+CsBRVXdlMOOGuBm5zdUQdB/6j1M= +github.com/DataDog/datadog-agent/pkg/opentelemetry-mapping-go/otlp/attributes v0.71.0/go.mod h1:XeZj0IgsiL3vgeEGTucf61JvJRh1LxWMUbZA/XJsPD0= +github.com/DataDog/datadog-agent/pkg/proto v0.71.0 h1:YTwecwy8kF1zsL2HK6KVa7XLRZYZ0Ypb2anlG0zDLeE= +github.com/DataDog/datadog-agent/pkg/proto v0.71.0/go.mod h1:KSn4jt3CykV6CT1C8Rknn/Nj3E+VYHK/UDWolg/+kzw= +github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.73.0-rc.1 h1:fVqr9ApWmUMEExmgn8iFPfwm9ZrlEfFWgTKp1IcNH18= +github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.73.0-rc.1/go.mod h1:lwkSvCXABHXyqy6mG9WBU6MTK9/E0i0R8JVApUtT+XA= +github.com/DataDog/datadog-agent/pkg/trace v0.71.0 h1:9UrKHDacMlAWfP2wpSxrZOQbtkwLY2AOAjYgGkgM96Y= +github.com/DataDog/datadog-agent/pkg/trace v0.71.0/go.mod h1:wfVwOlKORIB4IB1vdncTuCTx/OrVU69TLBIiBpewe1Q= +github.com/DataDog/datadog-agent/pkg/util/log v0.71.0 h1:VJ+nm5E0+UdLPkg2H7FKapx0syNcKzCFXA2vfcHz0Bc= +github.com/DataDog/datadog-agent/pkg/util/log v0.71.0/go.mod h1:oG6f6Qe23zPTLOVh0nXjlIXohrjUGXeFjh7S3Na/WyU= +github.com/DataDog/datadog-agent/pkg/util/scrubber v0.71.0 h1:lA3CL+2yHU9gulyR/C0VssVzmvCs/jCHzt+CBs9uH4Q= +github.com/DataDog/datadog-agent/pkg/util/scrubber v0.71.0/go.mod h1:/JHi9UFqdFYy/SFmFozY26dNOl/ODVLSQaF1LKDPiBI= +github.com/DataDog/datadog-agent/pkg/version v0.71.0 h1:jqkKmhFrhHSLpiC3twQFDCXU7nyFcC1EnwagDQxFWVs= +github.com/DataDog/datadog-agent/pkg/version v0.71.0/go.mod h1:FYj51C1ib86rpr5tlLEep9jitqvljIJ5Uz2rrimGTeY= +github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/DataDog/datadog-go/v5 v5.6.0 h1:2oCLxjF/4htd55piM75baflj/KoE6VYS7alEUqFvRDw= +github.com/DataDog/datadog-go/v5 v5.6.0/go.mod h1:K9kcYBlxkcPP8tvvjZZKs/m1edNAUFzBbdpTUKfCsuw= +github.com/DataDog/dd-trace-go/v2 v2.5.0 h1:Tp4McT135WhbdT/6BYcAoRvl5gH7YKzehSo6Q3uuxBM= +github.com/DataDog/dd-trace-go/v2 v2.5.0/go.mod h1:A9rVmQfyzYUFCctFdKkli9us7G/YhXlMICpQ958wJUA= +github.com/DataDog/go-libddwaf/v4 v4.8.0 h1:m6Bl1lS2RtVN4MtdTYhR5vJ2fWQ3WmNy4FiNBpzrp6w= +github.com/DataDog/go-libddwaf/v4 v4.8.0/go.mod h1:/AZqP6zw3qGJK5mLrA0PkfK3UQDk1zCI2fUNCt4xftE= +github.com/DataDog/go-runtime-metrics-internal v0.0.4-0.20250721125240-fdf1ef85b633 h1:ZRLR9Lbym748e8RznWzmSoK+OfV+8qW6SdNYA4/IqdA= +github.com/DataDog/go-runtime-metrics-internal v0.0.4-0.20250721125240-fdf1ef85b633/go.mod h1:YFoTl1xsMzdSRFIu33oCSPS/3+HZAPGpO3oOM96wXCM= +github.com/DataDog/go-sqllexer v0.1.8 h1:ku9DpghFHeyyviR28W/3R4cCJwzpsuC08YIoltnx5ds= +github.com/DataDog/go-sqllexer v0.1.8/go.mod h1:GGpo1h9/BVSN+6NJKaEcJ9Jn44Hqc63Rakeb+24Mjgo= +github.com/DataDog/go-tuf v1.1.1-0.5.2 h1:YWvghV4ZvrQsPcUw8IOUMSDpqc3W5ruOIC+KJxPknv0= +github.com/DataDog/go-tuf v1.1.1-0.5.2/go.mod h1:zBcq6f654iVqmkk8n2Cx81E1JnNTMOAx1UEO/wZR+P0= +github.com/DataDog/sketches-go v1.4.7 h1:eHs5/0i2Sdf20Zkj0udVFWuCrXGRFig2Dcfm5rtcTxc= +github.com/DataDog/sketches-go v1.4.7/go.mod h1:eAmQ/EBmtSO+nQp7IZMZVRPT4BQTmIc5RZQ+deGlTPM= +github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/RoaringBitmap/roaring v1.9.4 h1:yhEIoH4YezLYT04s1nHehNO64EKFTop/wBhxv2QzDdQ= github.com/RoaringBitmap/roaring v1.9.4/go.mod h1:6AXUsoIEzDTFFQCe1RbGA6uFONMhvejWj5rqITANK90= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -17,10 +84,44 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= +github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU= +github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA= github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= +github.com/aws/aws-sdk-go-v2 v1.41.1 h1:ABlyEARCDLN034NhxlRUSZr4l71mh+T5KAeGh6cerhU= +github.com/aws/aws-sdk-go-v2 v1.41.1/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0= +github.com/aws/aws-sdk-go-v2/config v1.32.7 h1:vxUyWGUwmkQ2g19n7JY/9YL8MfAIl7bTesIUykECXmY= +github.com/aws/aws-sdk-go-v2/config v1.32.7/go.mod h1:2/Qm5vKUU/r7Y+zUk/Ptt2MDAEKAfUtKc1+3U1Mo3oY= +github.com/aws/aws-sdk-go-v2/credentials v1.19.7 h1:tHK47VqqtJxOymRrNtUXN5SP/zUTvZKeLx4tH6PGQc8= +github.com/aws/aws-sdk-go-v2/credentials v1.19.7/go.mod h1:qOZk8sPDrxhf+4Wf4oT2urYJrYt3RejHSzgAquYeppw= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 h1:I0GyV8wiYrP8XpA70g1HBcQO1JlQxCMTW9npl5UbDHY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17/go.mod h1:tyw7BOl5bBe/oqvoIeECFJjMdzXoa/dfVz3QQ5lgHGA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 h1:xOLELNKGp2vsiteLsvLPwxC+mYmO6OZ8PYgiuPJzF8U= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17/go.mod h1:5M5CI3D12dNOtH3/mk6minaRwI2/37ifCURZISxA/IQ= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 h1:WWLqlh79iO48yLkj1v3ISRNiv+3KdQoZ6JWyfcsyQik= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17/go.mod h1:EhG22vHRrvF8oXSTYStZhJc1aUgKtnJe+aOiFEV90cM= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 h1:RuNSMoozM8oXlgLG/n6WLaFGoea7/CddrCfIiSA+xdY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17/go.mod h1:F2xxQ9TZz5gDWsclCtPQscGpP0VUOc8RqgFM3vDENmU= +github.com/aws/aws-sdk-go-v2/service/route53 v1.62.1 h1:1jIdwWOulae7bBLIgB36OZ0DINACb1wxM6wdGlx4eHE= +github.com/aws/aws-sdk-go-v2/service/route53 v1.62.1/go.mod h1:tE2zGlMIlxWv+7Otap7ctRp3qeKqtnja7DZguj3Vu/Y= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.1 h1:72DBkm/CCuWx2LMHAXvLDkZfzopT3psfAeyZDIt1/yE= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.1/go.mod h1:A+oSJxFvzgjZWkpM0mXs3RxB5O1SD6473w3qafOC9eU= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 h1:VrhDvQib/i0lxvr3zqlUwLwJP4fpmpyD9wYG1vfSu+Y= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.5/go.mod h1:k029+U8SY30/3/ras4G/Fnv/b88N4mAfliNn08Dem4M= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 h1:v6EiMvhEYBoHABfbGB4alOYmCIrcgyPPiBE1wZAEbqk= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.9/go.mod h1:yifAsgBxgJWn3ggx70A3urX2AN49Y5sJTD1UQFlfqBw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 h1:gd84Omyu9JLriJVCbGApcLzVR3XtmC4ZDPcAI6Ftvds= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13/go.mod h1:sTGThjphYE4Ohw8vJiRStAcu3rbjtXRsdNB0TvZ5wwo= +github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 h1:5fFjR/ToSOzB2OQ/XqWpZBmNvmP/pJ1jOWYlFDJTjRQ= +github.com/aws/aws-sdk-go-v2/service/sts v1.41.6/go.mod h1:qgFDZQSD/Kys7nJnVqYlWKnh0SSdMjAi0uSwON4wgYQ= +github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk= +github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -45,6 +146,8 @@ github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1/go.mod h1:7SFka0XMvUgj3hfZtyd github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/buraksezer/consistent v0.10.0 h1:hqBgz1PvNLC5rkWcEBVAL9dFMBWz6I0VgUCW25rrZlU= github.com/buraksezer/consistent v0.10.0/go.mod h1:6BrVajWq7wbKZlTOUPs/XVfR8c0maujuPowduSpZqmw= +github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= +github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -58,6 +161,8 @@ github.com/charmbracelet/x/ansi v0.4.5 h1:LqK4vwBNaXw2AyGIICa5/29Sbdq58GbGdFngSe github.com/charmbracelet/x/ansi v0.4.5/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ= github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg= +github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575 h1:kHaBemcxl8o/pQ5VM1c8PVE1PubbNx3mjUr09OqWGCs= +github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575/go.mod h1:9d6lWj8KzO/fd/NrVaLscBKmPigpZpn5YawRPw+e3Yo= github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= @@ -65,40 +170,74 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/containerd/cgroups v0.0.0-20201119153540-4cbc285b3327/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= +github.com/coredns/caddy v1.1.4 h1:+Lls5xASB0QsA2jpCroCOwpPlb5GjIGlxdjXxdX0XVo= +github.com/coredns/caddy v1.1.4/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= +github.com/coredns/coredns v1.12.1 h1:haptbGscSbdWU46xrjdPj1vp3wvH1Z2FgCSQKEdgN5s= +github.com/coredns/coredns v1.12.1/go.mod h1:V26ngiKdNvAiEre5PTAvklrvTjnNjl6lakq1nbE/NbU= +github.com/coredns/coredns v1.14.1 h1:U7ZvMsMn3IfXhaiEHKkW0wsCKG4H5dPvWyMeSLhAodM= +github.com/coredns/coredns v1.14.1/go.mod h1:oYbISnKw+U930dyDU+VVJ+VCWpRD/frU7NfHlqeqH7U= +github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= +github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c h1:pFUpOrbxDR6AkioZ1ySsx5yxlDQZ8stG2b88gTPxgJU= github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c/go.mod h1:6UhI8N9EjYm1c2odKpFpAYeR8dsBeM7PtzQhRgxRr9U= github.com/decred/dcrd/crypto/blake256 v1.1.0 h1:zPMNGQCm0g4QTY27fOCorQW7EryeQ/U0x++OzVrdms8= github.com/decred/dcrd/crypto/blake256 v1.1.0/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40= +github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= +github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= +github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= +github.com/dnstap/golang-dnstap v0.4.0 h1:KRHBoURygdGtBjDI2w4HifJfMAhhOqDuktAokaSa234= +github.com/dnstap/golang-dnstap v0.4.0/go.mod h1:FqsSdH58NAmkAvKcpyxht7i4FoBjKu8E4JUPt8ipSUs= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/dunglas/httpsfv v1.1.0 h1:Jw76nAyKWKZKFrpMMcL76y35tOpYHqQPzHQiwDvpe54= +github.com/dunglas/httpsfv v1.1.0/go.mod h1:zID2mqw9mFsnt7YC3vYQ9/cjq30q41W+1AnDwH8TiMg= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/ebitengine/purego v0.8.4 h1:CF7LEKg5FFOsASUj0+QwaXf8Ht6TlFxg09+S9wz0omw= +github.com/ebitengine/purego v0.8.4/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= github.com/elastic/gosigar v0.12.0/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs= github.com/elastic/gosigar v0.14.3 h1:xwkKwPia+hSfg9GqrCUKYdId102m9qTJIIr7egmK/uo= github.com/elastic/gosigar v0.14.3/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs= +github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= +github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4= github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM= github.com/ethereum/go-ethereum v1.13.14 h1:EwiY3FZP94derMCIam1iW4HFVrSgIcpsu0HwTQtm6CQ= github.com/ethereum/go-ethereum v1.13.14/go.mod h1:TN8ZiHrdJwSe8Cb6x+p0hs5CxhJZPbqB7hHkaUXcmIU= +github.com/expr-lang/expr v1.17.7 h1:Q0xY/e/2aCIp8g9s/LGvMDCC5PxYlvHgDZRQ4y16JX8= +github.com/expr-lang/expr v1.17.7/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4= +github.com/farsightsec/golang-framestream v0.3.0 h1:/spFQHucTle/ZIPkYqrfshQqPe2VQEzesH243TjIwqA= +github.com/farsightsec/golang-framestream v0.3.0/go.mod h1:eNde4IQyEiA5br02AouhEHCu3p3UzrCdFR4LuQHklMI= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/flynn/noise v1.1.0 h1:KjPQoQCEFdZDiP03phOvGi11+SVVhBG2wOWAorLsstg= github.com/flynn/noise v1.1.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= +github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-chi/chi/v5 v5.2.3 h1:WQIt9uxdsAbgIYgid+BpYc+liqQZGMHRaUwp0JUcvdE= @@ -110,8 +249,24 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= +github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE= +github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= @@ -123,10 +278,16 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI= +github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -137,9 +298,13 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= +github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -158,19 +323,38 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20250208200701-d0013a598941 h1:43XjGa6toxLpeksjcxs1jIoIyr+vUfOqY2c6HB4bpoc= github.com/google/pprof v0.0.0-20250208200701-d0013a598941/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= +github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ= +github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= +github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= +github.com/googleapis/gax-go/v2 v2.16.0 h1:iHbQmKLLZrexmb0OSsNGTeSTS0HO4YvFOG8g5E4Zd0Y= +github.com/googleapis/gax-go/v2 v2.16.0/go.mod h1:o1vfQjjNZn4+dPnRdl/4ZD7S9414Y4xA+a/6Icj6l14= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= +github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/grpc-ecosystem/grpc-gateway v1.5.0 h1:WcmKMm43DR7RdtlkEXQJyo5ws8iTp98CyhCCbOHMvNI= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnVTyacbefKhmbLhIhU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2/go.mod h1:pkJQ2tZHJ0aFOVEEot6oZmaVEZcRme73eIFmhiVuRWs= +github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU= +github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw= +github.com/hashicorp/cronexpr v1.1.3 h1:rl5IkxXN2m681EfivTlccqIryzYJSXRGRNa0xeG7NA4= +github.com/hashicorp/cronexpr v1.1.3/go.mod h1:P4wA0KBl9C5q2hABiMO7cp6jcIg96CDh1Efb3g1PWA4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= @@ -181,10 +365,14 @@ github.com/hashicorp/go-msgpack/v2 v2.1.3/go.mod h1:SjlwKKFnwBXvxD/I1bEcfJIBbEJ+ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= +github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= +github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9dbT+Fw= github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw= github.com/hashicorp/go-uuid v1.0.0 h1:RS8zrF7PhGwyNPOtxSClXXj9HA8feRnJzgnI1RJCSnM= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= +github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= @@ -194,10 +382,16 @@ github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/memberlist v0.5.3 h1:tQ1jOCypD0WvMemw/ZhhtH+PWpzcftQvgCorLu0hndk= github.com/hashicorp/memberlist v0.5.3/go.mod h1:h60o12SZn/ua/j0B6iKAZezA4eDaGsIuPO70eOaJ6WE= +github.com/hashicorp/nomad/api v0.0.0-20250909143645-a3b86c697f38 h1:1LTbcTpGdSdbj0ee7YZHNe4R2XqxfyWwIkSGWRhgkfM= +github.com/hashicorp/nomad/api v0.0.0-20250909143645-a3b86c697f38/go.mod h1:0Tdp+9HbvwrxprXv/LfYZ8P21bOl4oA8Afyet1kUvhI= github.com/holiman/uint256 v1.2.4 h1:jUc4Nk8fm9jZabQuqr2JzednajVmBpC+oiTiXZJEApU= github.com/holiman/uint256 v1.2.4/go.mod h1:EOMSn4q6Nyt9P6efbI3bueV4e1b3dGlUCXeiRV4ng7E= github.com/huin/goupnp v1.3.0 h1:UvLUlWDNpoUdYzb2TCn+MuTWtcjXKSza2n6CBdQ0xXc= github.com/huin/goupnp v1.3.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9 h1:w66aaP3c6SIQ0pi3QH1Tb4AMO3aWoEPxd1CNvLphbkA= +github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9/go.mod h1:BaIJzjD2ZnHmx2acPF6XfGLPzNCMiBbMRqJr+8/8uRI= github.com/ipfs/go-cid v0.5.0 h1:goEKKhaGm0ul11IHA7I6p1GmKz8kEYniqFopaB5Otwg= github.com/ipfs/go-cid v0.5.0/go.mod h1:0L7vmeNXpQpUS9vt+yEARkJ8rOg43DF3iPgn4GIN0mk= github.com/ipfs/go-log/v2 v2.6.0 h1:2Nu1KKQQ2ayonKp4MPo6pXCjqw1ULc9iohRqWV5EYqg= @@ -207,11 +401,15 @@ github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+ github.com/jbenet/go-temp-err-catcher v0.1.0 h1:zpb3ZH6wIE8Shj2sKS+khgRvf7T7RABoLk/+KKHggpk= github.com/jbenet/go-temp-err-catcher v0.1.0/go.mod h1:0kJRvmDZXNMIiJirNPEYfhpPwbGVtZVWC34vc5WLsDk= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= @@ -226,6 +424,8 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/koron/go-ssdp v0.0.5 h1:E1iSMxIs4WqxTbIBLtmNBeOOC+1sCIXQeqTWVnpmwhk= github.com/koron/go-ssdp v0.0.5/go.mod h1:Qm59B7hpKpDqfyRNWRNr00jGwLdXjDyZh6y7rH6VS0w= +github.com/koron/go-ssdp v0.0.6 h1:Jb0h04599eq/CY7rB5YEqPS83HmRfHP2azkxMN2rFtU= +github.com/koron/go-ssdp v0.0.6/go.mod h1:0R9LfRJGek1zWTjN3JUNlm5INCDYGpRDfAptnct63fI= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -242,6 +442,8 @@ github.com/libp2p/go-flow-metrics v0.2.0 h1:EIZzjmeOE6c8Dav0sNv35vhZxATIXWZg6j/C github.com/libp2p/go-flow-metrics v0.2.0/go.mod h1:st3qqfu8+pMfh+9Mzqb2GTiwrAGjIPszEjZmtksN8Jc= github.com/libp2p/go-libp2p v0.41.1 h1:8ecNQVT5ev/jqALTvisSJeVNvXYJyK4NhQx1nNRXQZE= github.com/libp2p/go-libp2p v0.41.1/go.mod h1:DcGTovJzQl/I7HMrby5ZRjeD0kQkGiy+9w6aEkSZpRI= +github.com/libp2p/go-libp2p v0.46.0 h1:0T2yvIKpZ3DVYCuPOFxPD1layhRU486pj9rSlGWYnDM= +github.com/libp2p/go-libp2p v0.46.0/go.mod h1:TbIDnpDjBLa7isdgYpbxozIVPBTmM/7qKOJP4SFySrQ= github.com/libp2p/go-libp2p-asn-util v0.4.1 h1:xqL7++IKD9TBFMgnLPZR6/6iYhawHKHl950SO9L6n94= github.com/libp2p/go-libp2p-asn-util v0.4.1/go.mod h1:d/NI6XZ9qxw67b4e+NgpQexCIiFYJjErASrYW4PFDN8= github.com/libp2p/go-libp2p-pubsub v0.14.2 h1:nT5lFHPQOFJcp9CW8hpKtvbpQNdl2udJuzLQWbgRum8= @@ -252,16 +454,24 @@ github.com/libp2p/go-msgio v0.3.0 h1:mf3Z8B1xcFN314sWX+2vOTShIE0Mmn2TXn3YCUQGNj0 github.com/libp2p/go-msgio v0.3.0/go.mod h1:nyRM819GmVaF9LX3l03RMh10QdOroF++NBbxAb0mmDM= github.com/libp2p/go-netroute v0.2.2 h1:Dejd8cQ47Qx2kRABg6lPwknU7+nBnFRpko45/fFPuZ8= github.com/libp2p/go-netroute v0.2.2/go.mod h1:Rntq6jUAH0l9Gg17w5bFGhcC9a+vk4KNXs6s7IljKYE= +github.com/libp2p/go-netroute v0.3.0 h1:nqPCXHmeNmgTJnktosJ/sIef9hvwYCrsLxXmfNks/oc= +github.com/libp2p/go-netroute v0.3.0/go.mod h1:Nkd5ShYgSMS5MUKy/MU2T57xFoOKvvLR92Lic48LEyA= github.com/libp2p/go-reuseport v0.4.0 h1:nR5KU7hD0WxXCJbmw7r2rhRYruNRl2koHw8fQscQm2s= github.com/libp2p/go-reuseport v0.4.0/go.mod h1:ZtI03j/wO5hZVDFo2jKywN6bYKWLOy8Se6DrI2E1cLU= github.com/libp2p/go-yamux/v5 v5.0.0 h1:2djUh96d3Jiac/JpGkKs4TO49YhsfLopAoryfPmf+Po= github.com/libp2p/go-yamux/v5 v5.0.0/go.mod h1:en+3cdX51U0ZslwRdRLrvQsdayFt3TSUKvBGErzpWbU= +github.com/libp2p/go-yamux/v5 v5.0.1 h1:f0WoX/bEF2E8SbE4c/k1Mo+/9z0O4oC/hWEA+nfYRSg= +github.com/libp2p/go-yamux/v5 v5.0.1/go.mod h1:en+3cdX51U0ZslwRdRLrvQsdayFt3TSUKvBGErzpWbU= github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 h1:PpXWgLPs+Fqr325bN2FD2ISlRRztXibcX6e8f5FR5Dc= +github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/mackerelio/go-osstat v0.2.6 h1:gs4U8BZeS1tjrL08tt5VUliVvSWP26Ai2Ob8Lr7f2i0= github.com/mackerelio/go-osstat v0.2.6/go.mod h1:lRy8V9ZuHpuRVZh+vyTkODeDPl3/d5MgXHtLSaqG8bA= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd h1:br0buuQ854V8u83wA0rVZ8ttrq5CpaPZdvrK0LP2lOk= github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd/go.mod h1:QuCEs1Nt24+FYQEqAAncTDPJIuGs+LxK1MCiFL25pMU= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= @@ -273,9 +483,14 @@ github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs= github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= +github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/dns v1.1.66 h1:FeZXOS3VCVsKnEAd+wBkjMC3D2K+ww66Cq3VnCINuJE= github.com/miekg/dns v1.1.66/go.mod h1:jGFzBsSNbJw6z1HYut1RKBKHA9PBdxeHrZG8J+gC2WE= +github.com/miekg/dns v1.1.70 h1:DZ4u2AV35VJxdD9Fo9fIWm119BsQL5cZU1cQ9s0LkqA= +github.com/miekg/dns v1.1.70/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs= github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c h1:bzE/A84HN25pxAuk9Eej1Kz9OUelF97nAc82bDquQI8= github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c/go.mod h1:0SQS9kMwD2VsyFEB++InYyBJroV/FRmBgcydeSUcJms= github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b h1:z78hV3sbSMAUoyUMM0I83AUIT6Hu17AWfgjzIbtrYFc= @@ -286,10 +501,20 @@ github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8Rv github.com/minio/sha256-simd v0.1.1-0.20190913151208-6de447530771/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= +github.com/minio/simdjson-go v0.4.5 h1:r4IQwjRGmWCQ2VeMc7fGiilu1z5du0gJ/I/FsKwgo5A= +github.com/minio/simdjson-go v0.4.5/go.mod h1:eoNz0DcLQRyEDeaPr4Ru6JpjlZPzbA0IodxVJk8lO8E= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c h1:cqn374mizHuIWj+OSJCajGr/phAmuMug9qIX3l9CflE= +github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/mr-tron/base58 v1.1.2/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc= github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o= github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc= @@ -308,6 +533,8 @@ github.com/multiformats/go-base36 v0.2.0/go.mod h1:qvnKE++v+2MWCfePClUEjE78Z7P2a github.com/multiformats/go-multiaddr v0.1.1/go.mod h1:aMKBKNEYmzmDmxfX88/vz+J5IU55txyt0p4aiWVohjo= github.com/multiformats/go-multiaddr v0.15.0 h1:zB/HeaI/apcZiTDwhY5YqMvNVl/oQYvs3XySU+qeAVo= github.com/multiformats/go-multiaddr v0.15.0/go.mod h1:JSVUmXDjsVFiW7RjIFMP7+Ev+h1DTbiJgVeTV/tcmP0= +github.com/multiformats/go-multiaddr v0.16.0 h1:oGWEVKioVQcdIOBlYM8BH1rZDWOGJSqr9/BKl6zQ4qc= +github.com/multiformats/go-multiaddr v0.16.0/go.mod h1:JSVUmXDjsVFiW7RjIFMP7+Ev+h1DTbiJgVeTV/tcmP0= github.com/multiformats/go-multiaddr-dns v0.4.1 h1:whi/uCLbDS3mSEUMb1MsoT4uzUeZB0N32yzufqS0i5M= github.com/multiformats/go-multiaddr-dns v0.4.1/go.mod h1:7hfthtB4E4pQwirrz+J0CcDUfbWzTqEzVyYKKIKpgkc= github.com/multiformats/go-multiaddr-fmt v0.1.0 h1:WLEFClPycPkp4fnIzoFoV9FVd49/eQsuaL3/CWe167E= @@ -316,11 +543,15 @@ github.com/multiformats/go-multibase v0.2.0 h1:isdYCVLvksgWlMW9OZRYJEa9pZETFivnc github.com/multiformats/go-multibase v0.2.0/go.mod h1:bFBZX4lKCA/2lyOFSAoKH5SS6oPyjtnzK/XTFDPkNuk= github.com/multiformats/go-multicodec v0.9.0 h1:pb/dlPnzee/Sxv/j4PmkDRxCOi3hXTz3IbPKOXWJkmg= github.com/multiformats/go-multicodec v0.9.0/go.mod h1:L3QTQvMIaVBkXOXXtVmYE+LI16i14xuaojr/H7Ai54k= +github.com/multiformats/go-multicodec v0.9.1 h1:x/Fuxr7ZuR4jJV4Os5g444F7xC4XmyUaT/FWtE+9Zjo= +github.com/multiformats/go-multicodec v0.9.1/go.mod h1:LLWNMtyV5ithSBUo3vFIMaeDy+h3EbkMTek1m+Fybbo= github.com/multiformats/go-multihash v0.0.8/go.mod h1:YSLudS+Pi8NHE7o6tb3D8vrpKa63epEDmG8nTduyAew= github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U= github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM= github.com/multiformats/go-multistream v0.6.0 h1:ZaHKbsL404720283o4c/IHQXiS6gb8qAN5EIJ4PN5EA= github.com/multiformats/go-multistream v0.6.0/go.mod h1:MOyoG5otO24cHIg8kf9QW2/NozURlkP/rvi2FQJyCPg= +github.com/multiformats/go-multistream v0.6.1 h1:4aoX5v6T+yWmc2raBHsTvzmFhOI8WVOer28DeBBEYdQ= +github.com/multiformats/go-multistream v0.6.1/go.mod h1:ksQf6kqHAb6zIsyw7Zm+gAuVo57Qbq84E27YlYqavqw= github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/nEGOHFS8= github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= @@ -338,11 +569,27 @@ github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlR github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 h1:lM6RxxfUMrYL/f8bWEUqdXrANWtrL7Nndbm9iFN0DlU= +github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= +github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= +github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/openzipkin-contrib/zipkin-go-opentracing v0.5.0 h1:uhcF5Jd7rP9DVEL10Siffyepr6SvlKbUsjH5JpNCRi8= +github.com/openzipkin-contrib/zipkin-go-opentracing v0.5.0/go.mod h1:+oCZ5GXXr7KPI/DNOQORPTq5AWHfALJj9c72b0+YsEY= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= +github.com/openzipkin/zipkin-go v0.4.3 h1:9EGwpqkgnwdEIJ+Od7QVSEIH+ocmm5nPat0G7sjsSdg= +github.com/openzipkin/zipkin-go v0.4.3/go.mod h1:M9wCJZFWCo2RiY+o1eBCEMe0Dp2S5LDHcMZmk3RmK7c= +github.com/oschwald/geoip2-golang/v2 v2.1.0 h1:DjnLhNJu9WHwTrmoiQFvgmyJoczhdnm7LB23UBI2Amo= +github.com/oschwald/geoip2-golang/v2 v2.1.0/go.mod h1:qdVmcPgrTJ4q2eP9tHq/yldMTdp2VMr33uVdFbHBiBc= +github.com/oschwald/maxminddb-golang/v2 v2.1.1 h1:lA8FH0oOrM4u7mLvowq8IT6a3Q/qEnqRzLQn9eH5ojc= +github.com/oschwald/maxminddb-golang/v2 v2.1.1/go.mod h1:PLdx6PR+siSIoXqqy7C7r3SB3KZnhxWr1Dp6g0Hacl8= +github.com/outcaste-io/ristretto v0.2.3 h1:AK4zt/fJ76kjlYObOeNwh4T3asEuaCmp26pOvUOL9w0= +github.com/outcaste-io/ristretto v0.2.3/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkLAr0VN/s4+MHac= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0= github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y= +github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM= +github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM= github.com/pion/datachannel v1.5.10 h1:ly0Q26K1i6ZkGf42W7D4hQYR90pZwzFOjTq5AuCKk4o= github.com/pion/datachannel v1.5.10/go.mod h1:p/jJfC9arb29W7WrxyKbepTU20CFgyx5oLo8Rs4Py/M= github.com/pion/dtls/v2 v2.2.7/go.mod h1:8WiMkebSHFD0T+dIU+UeBaoV7kDhOW5oDCzZ7WZ/F9s= @@ -350,10 +597,16 @@ github.com/pion/dtls/v2 v2.2.12 h1:KP7H5/c1EiVAAKUmXyCzPiQe5+bCJrpOeKg/L05dunk= github.com/pion/dtls/v2 v2.2.12/go.mod h1:d9SYc9fch0CqK90mRk1dC7AkzzpwJj6u2GU3u+9pqFE= github.com/pion/dtls/v3 v3.0.4 h1:44CZekewMzfrn9pmGrj5BNnTMDCFwr+6sLH+cCuLM7U= github.com/pion/dtls/v3 v3.0.4/go.mod h1:R373CsjxWqNPf6MEkfdy3aSe9niZvL/JaKlGeFphtMg= +github.com/pion/dtls/v3 v3.0.6 h1:7Hkd8WhAJNbRgq9RgdNh1aaWlZlGpYTzdqjy9x9sK2E= +github.com/pion/dtls/v3 v3.0.6/go.mod h1:iJxNQ3Uhn1NZWOMWlLxEEHAN5yX7GyPvvKw04v9bzYU= github.com/pion/ice/v4 v4.0.8 h1:ajNx0idNG+S+v9Phu4LSn2cs8JEfTsA1/tEjkkAVpFY= github.com/pion/ice/v4 v4.0.8/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw= +github.com/pion/ice/v4 v4.0.10 h1:P59w1iauC/wPk9PdY8Vjl4fOFL5B+USq1+xbDcN6gT4= +github.com/pion/ice/v4 v4.0.10/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw= github.com/pion/interceptor v0.1.37 h1:aRA8Zpab/wE7/c0O3fh1PqY0AJI3fCSEM5lRWJVorwI= github.com/pion/interceptor v0.1.37/go.mod h1:JzxbJ4umVTlZAf+/utHzNesY8tmRkM2lVmkS82TTj8Y= +github.com/pion/interceptor v0.1.40 h1:e0BjnPcGpr2CFQgKhrQisBU7V3GXK6wrfYrGYaU6Jq4= +github.com/pion/interceptor v0.1.40/go.mod h1:Z6kqH7M/FYirg3frjGJ21VLSRJGBXB/KqaTIrdqnOic= github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms= github.com/pion/logging v0.2.3 h1:gHuf0zpoh1GW67Nr6Gj4cv5Z9ZscU7g/EaoC/Ke/igI= github.com/pion/logging v0.2.3/go.mod h1:z8YfknkquMe1csOrxK5kc+5/ZPAzMxbKLX5aXpbpC90= @@ -365,12 +618,20 @@ github.com/pion/rtcp v1.2.15 h1:LZQi2JbdipLOj4eBjK4wlVoQWfrZbh3Q6eHtWtJBZBo= github.com/pion/rtcp v1.2.15/go.mod h1:jlGuAjHMEXwMUHK78RgX0UmEJFV4zUKOFHR7OP+D3D0= github.com/pion/rtp v1.8.11 h1:17xjnY5WO5hgO6SD3/NTIUPvSFw/PbLsIJyz1r1yNIk= github.com/pion/rtp v1.8.11/go.mod h1:8uMBJj32Pa1wwx8Fuv/AsFhn8jsgw+3rUC2PfoBZ8p4= +github.com/pion/rtp v1.8.19 h1:jhdO/3XhL/aKm/wARFVmvTfq0lC/CvN1xwYKmduly3c= +github.com/pion/rtp v1.8.19/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk= github.com/pion/sctp v1.8.37 h1:ZDmGPtRPX9mKCiVXtMbTWybFw3z/hVKAZgU81wcOrqs= github.com/pion/sctp v1.8.37/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE= +github.com/pion/sctp v1.8.39 h1:PJma40vRHa3UTO3C4MyeJDQ+KIobVYRZQZ0Nt7SjQnE= +github.com/pion/sctp v1.8.39/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE= github.com/pion/sdp/v3 v3.0.10 h1:6MChLE/1xYB+CjumMw+gZ9ufp2DPApuVSnDT8t5MIgA= github.com/pion/sdp/v3 v3.0.10/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= +github.com/pion/sdp/v3 v3.0.13 h1:uN3SS2b+QDZnWXgdr69SM8KB4EbcnPnPf2Laxhty/l4= +github.com/pion/sdp/v3 v3.0.13/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= github.com/pion/srtp/v3 v3.0.4 h1:2Z6vDVxzrX3UHEgrUyIGM4rRouoC7v+NiF1IHtp9B5M= github.com/pion/srtp/v3 v3.0.4/go.mod h1:1Jx3FwDoxpRaTh1oRV8A/6G1BnFL+QI82eK4ms8EEJQ= +github.com/pion/srtp/v3 v3.0.6 h1:E2gyj1f5X10sB/qILUGIkL4C2CqK269Xq167PbGCc/4= +github.com/pion/srtp/v3 v3.0.6/go.mod h1:BxvziG3v/armJHAaJ87euvkhHqWe9I7iiOy50K2QkhY= github.com/pion/stun v0.6.1 h1:8lp6YejULeHBF8NmV8e2787BogQhduZugh5PdhDyyN4= github.com/pion/stun v0.6.1/go.mod h1:/hO7APkX4hZKu/D0f2lHzNyvdkTGtIy3NDmLR7kSz/8= github.com/pion/stun/v3 v3.0.0 h1:4h1gwhWLWuZWOJIJR9s2ferRO+W3zA/b6ijOI6mKzUw= @@ -383,14 +644,24 @@ github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1 github.com/pion/transport/v3 v3.0.7/go.mod h1:YleKiTZ4vqNxVwh77Z0zytYi7rXHl7j6uPLGhhz9rwo= github.com/pion/turn/v4 v4.0.0 h1:qxplo3Rxa9Yg1xXDxxH8xaqcyGUtbHYw4QSCvmFWvhM= github.com/pion/turn/v4 v4.0.0/go.mod h1:MuPDkm15nYSklKpN8vWJ9W2M0PlyQZqYt1McGuxG7mA= +github.com/pion/turn/v4 v4.0.2 h1:ZqgQ3+MjP32ug30xAbD6Mn+/K4Sxi3SdNOTFf+7mpps= +github.com/pion/turn/v4 v4.0.2/go.mod h1:pMMKP/ieNAG/fN5cZiN4SDuyKsXtNTr0ccN7IToA1zs= github.com/pion/webrtc/v4 v4.0.10 h1:Hq/JLjhqLxi+NmCtE8lnRPDr8H4LcNvwg8OxVcdv56Q= github.com/pion/webrtc/v4 v4.0.10/go.mod h1:ViHLVaNpiuvaH8pdiuQxuA9awuE6KVzAXx3vVWilOck= +github.com/pion/webrtc/v4 v4.1.2 h1:mpuUo/EJ1zMNKGE79fAdYNFZBX790KE7kQQpLMjjR54= +github.com/pion/webrtc/v4 v4.1.2/go.mod h1:xsCXiNAmMEjIdFxAYU0MbB3RwRieJsegSB2JZsGN+8U= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU= +github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= @@ -399,6 +670,8 @@ github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= +github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc= +github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -411,6 +684,8 @@ github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB8 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k= github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18= +github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTUGI4= +github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -419,12 +694,22 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= +github.com/puzpuzpuz/xsync/v3 v3.5.1 h1:GJYJZwO6IdxN/IKbneznS6yPkVC+c3zyY/j19c++5Fg= +github.com/puzpuzpuz/xsync/v3 v3.5.1/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA= github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI= github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg= +github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8= +github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII= github.com/quic-go/quic-go v0.50.1 h1:unsgjFIUqW8a2oopkY7YNONpV1gYND6Nt9hnt1PN94Q= github.com/quic-go/quic-go v0.50.1/go.mod h1:Vim6OmUvlYdwBhXP9ZVrtGmCMWa3wEqhq3NgYrI8b4E= +github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw= +github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU= github.com/quic-go/webtransport-go v0.8.1-0.20241018022711-4ac2c9250e66 h1:4WFk6u3sOT6pLa1kQ50ZVdm8BQFgJNA117cepZxtLIg= github.com/quic-go/webtransport-go v0.8.1-0.20241018022711-4ac2c9250e66/go.mod h1:Vp72IJajgeOL6ddqrAhmp7IM9zbTcgkQxD/YdxrVwMw= +github.com/quic-go/webtransport-go v0.9.0 h1:jgys+7/wm6JarGDrW+lD/r9BGqBAmqY/ssklE09bA70= +github.com/quic-go/webtransport-go v0.9.0/go.mod h1:4FUYIiUc75XSsF6HShcLeXXYZJ9AGwo/xh3L8M/P1ao= +github.com/quic-go/webtransport-go v0.10.0 h1:LqXXPOXuETY5Xe8ITdGisBzTYmUOy5eSj+9n4hLTjHI= +github.com/quic-go/webtransport-go v0.10.0/go.mod h1:LeGIXr5BQKE3UsynwVBeQrU1TPrbh73MGoC6jd+V7ow= github.com/raulk/go-watchdog v1.3.0 h1:oUmdlHxdkXRJlwfG0O9omj8ukerm8MEQavSiDTEtBsk= github.com/raulk/go-watchdog v1.3.0/go.mod h1:fIvOnLbF0b0ZwkB9YU4mOW9Did//4vPZtDqv66NfsMU= github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI= @@ -434,13 +719,20 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/rqlite/gorqlite v0.0.0-20250609141355-ac86a4a1c9a8 h1:BoxiqWvhprOB2isgM59s8wkgKwAoyQH66Twfmof41oE= github.com/rqlite/gorqlite v0.0.0-20250609141355-ac86a4a1c9a8/go.mod h1:xF/KoXmrRyahPfo5L7Szb5cAAUl53dMWBh9cMruGEZg= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= +github.com/secure-systems-lab/go-securesystemslib v0.9.0 h1:rf1HIbL64nUpEIZnjLZ3mcNEL9NBPB0iuVjyxvq3LZc= +github.com/secure-systems-lab/go-securesystemslib v0.9.0/go.mod h1:DVHKMcZ+V4/woA/peqr+L0joiRXbPpQ042GgJckkFgw= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible h1:Bn1aCHHRnjv4Bl16T8rcaFjYSrGrIZvpiGO6P3Q4GpU= +github.com/shirou/gopsutil/v4 v4.25.8-0.20250809033336-ffcdc2b7662f h1:S+PHRM3lk96X0/cGEGUukqltzkX/ekUx0F9DoCGK1G0= +github.com/shirou/gopsutil/v4 v4.25.8-0.20250809033336-ffcdc2b7662f/go.mod h1:4f4j4w8HLMPWEFs3BO2UBBLigKAaWYwkSkbIt/6Q4Ss= github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY= github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM= github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0= @@ -472,6 +764,10 @@ github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:Udh github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= +github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY= +github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -482,13 +778,18 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/tetratelabs/wazero v1.11.0 h1:+gKemEuKCTevU4d7ZTzlsvgd1uaToIDtlQlmNbwqYhA= github.com/tetratelabs/wazero v1.11.0/go.mod h1:eV28rsN8Q+xwjogd7f4/Pp4xFxO7uOGbLcD/LzB1wiU= +github.com/theckman/httpforwarded v0.4.0 h1:N55vGJT+6ojTnLY3LQCNliJC4TW0P0Pkeys1G1WpX2w= +github.com/theckman/httpforwarded v0.4.0/go.mod h1:GVkFynv6FJreNbgH/bpOU9ITDZ7a5WuzdNCtIMI1pVI= github.com/tidwall/btree v1.1.0/go.mod h1:TzIRzen6yHbibdSfK6t8QimqbUnoxUSrZfeW7Uob0q4= github.com/tidwall/btree v1.7.0 h1:L1fkJH/AuEh5zBnnBbmTwQ5Lt+bRJ5A8EWecslvo9iI= github.com/tidwall/btree v1.7.0/go.mod h1:twD9XRA5jj9VUQGELzDO4HPQTNJsoWWfYEL+EUQ2cKY= @@ -496,6 +797,12 @@ github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/redcon v1.6.2 h1:5qfvrrybgtO85jnhSravmkZyC0D+7WstbfCs3MmPhow= github.com/tidwall/redcon v1.6.2/go.mod h1:p5Wbsgeyi2VSTBWOcA5vRXrOb9arFTcU2+ZzFjqV75Y= +github.com/tinylib/msgp v1.3.0 h1:ULuf7GPooDaIlbyvgAxBV/FI7ynli6LZ1/nVUNu+0ww= +github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0= +github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4= +github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4= +github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso= +github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= @@ -507,22 +814,74 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/wlynxg/anet v0.0.3/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA= github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU= github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= +github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= +go.etcd.io/etcd/api/v3 v3.6.7 h1:7BNJ2gQmc3DNM+9cRkv7KkGQDayElg8x3X+tFDYS+E0= +go.etcd.io/etcd/api/v3 v3.6.7/go.mod h1:xJ81TLj9hxrYYEDmXTeKURMeY3qEDN24hqe+q7KhbnI= +go.etcd.io/etcd/client/pkg/v3 v3.6.7 h1:vvzgyozz46q+TyeGBuFzVuI53/yd133CHceNb/AhBVs= +go.etcd.io/etcd/client/pkg/v3 v3.6.7/go.mod h1:2IVulJ3FZ/czIGl9T4lMF1uxzrhRahLqe+hSgy+Kh7Q= +go.etcd.io/etcd/client/v3 v3.6.7 h1:9WqA5RpIBtdMxAy1ukXLAdtg2pAxNqW5NUoO2wQrE6U= +go.etcd.io/etcd/client/v3 v3.6.7/go.mod h1:2XfROY56AXnUqGsvl+6k29wrwsSbEh1lAouQB1vHpeE= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/collector/component v1.39.0 h1:GJw80zXURBG4h0sh97bPLEn2Ra+NAWUpskaooA0wru4= +go.opentelemetry.io/collector/component v1.39.0/go.mod h1:NPaMPTLQuxm5QaaWdqkxYKztC0bRdV+86Q9ir7xS/2k= +go.opentelemetry.io/collector/featuregate v1.46.0 h1:z3JlymFdWW6aDo9cYAJ6bCqT+OI2DlurJ9P8HqfuKWQ= +go.opentelemetry.io/collector/featuregate v1.46.0/go.mod h1:d0tiRzVYrytB6LkcYgz2ESFTv7OktRPQe0QEQcPt1L4= +go.opentelemetry.io/collector/internal/telemetry v0.133.0 h1:YxbckZC9HniNOZgnSofTOe0AB/bEsmISNdQeS+3CU3o= +go.opentelemetry.io/collector/internal/telemetry v0.133.0/go.mod h1:akUK7X6ZQ+CbbCjyXLv9y/EHt5jIy+J+nGoLvndZN14= +go.opentelemetry.io/collector/pdata v1.46.0 h1:XzhnIWNtc/gbOyFiewRvybR4s3phKHrWxL3yc/wVLDo= +go.opentelemetry.io/collector/pdata v1.46.0/go.mod h1:D2e3BWCUC/bUg29WNzCDVN7Ab0Gzk7hGXZL2pnrDOn0= +go.opentelemetry.io/collector/pdata/pprofile v0.140.0 h1:b9TZ6UnyzsT/ERQw2VKGi/NYLtKSmjG7cgQuc9wZt5s= +go.opentelemetry.io/collector/pdata/pprofile v0.140.0/go.mod h1:/2s/YBWGbu+r8MuKu5zas08iSqe+3P6xnbRpfE2DWAA= +go.opentelemetry.io/contrib/bridges/otelzap v0.12.0 h1:FGre0nZh5BSw7G73VpT3xs38HchsfPsa2aZtMp0NPOs= +go.opentelemetry.io/contrib/bridges/otelzap v0.12.0/go.mod h1:X2PYPViI2wTPIMIOBjG17KNybTzsrATnvPJ02kkz7LM= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= +go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= +go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= +go.opentelemetry.io/otel/log v0.13.0 h1:yoxRoIZcohB6Xf0lNv9QIyCzQvrtGZklVbdCoyb7dls= +go.opentelemetry.io/otel/log v0.13.0/go.mod h1:INKfG4k1O9CL25BaM1qLe0zIedOpvlS5Z7XgSbmN83E= +go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= +go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= +go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= +go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= +go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= +go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= +go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= +go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/dig v1.18.0 h1:imUL1UiY0Mg4bqbFfsRQO5G4CGRBec/ZujWTvSVp3pw= go.uber.org/dig v1.18.0/go.mod h1:Us0rSJiThwCv2GteUN0Q7OKvU7n5J4dxZ9JKUXozFdE= +go.uber.org/dig v1.19.0 h1:BACLhebsYdpQ7IROQ1AGPjrXcP5dF80U3gKoFzbaq/4= +go.uber.org/dig v1.19.0/go.mod h1:Us0rSJiThwCv2GteUN0Q7OKvU7n5J4dxZ9JKUXozFdE= go.uber.org/fx v1.23.0 h1:lIr/gYWQGfTwGcSXWXu4vP5Ws6iqnNEIY+F/aFzCKTg= go.uber.org/fx v1.23.0/go.mod h1:o/D9n+2mLP6v1EG+qsdT1O8wKopYAsqZasju97SDFCU= +go.uber.org/fx v1.24.0 h1:wE8mruvpg2kiiL1Vqd0CC+tr0/24XIB10Iwp2lLWzkg= +go.uber.org/fx v1.24.0/go.mod h1:AmDeGyS+ZARGKM4tlH4FY2Jr63VjbEDJHtqXTGP5hbo= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU= go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM= +go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= +go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= +go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -535,11 +894,15 @@ golang.org/x/crypto v0.0.0-20200602180216-279210d13fed/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= +golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8= +golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20250718183923-645b1fa84792 h1:R9PFI6EUdfVKgwKjZef7QIwGcBKu86OEFpJ9nUEP2l4= golang.org/x/exp v0.0.0-20250718183923-645b1fa84792/go.mod h1:A+z0yzpGtvnG90cToK5n2tu8UJVP2XUATh+r+sfOOOc= @@ -550,10 +913,13 @@ golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPI golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= +golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= +golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -566,11 +932,14 @@ golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= @@ -579,10 +948,14 @@ golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= +golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -597,6 +970,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180810173357-98c5dad5d1a0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -607,6 +982,8 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -617,31 +994,46 @@ golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= +golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc h1:bH6xUXay0AIFMElXG2rQ4uiE+7ncwtiOdPfYK1NK2XA= +golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY= +golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= @@ -649,10 +1041,14 @@ golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= +golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= +golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= +golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -660,20 +1056,28 @@ golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= +golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= +golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU= +golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= +google.golang.org/api v0.259.0 h1:90TaGVIxScrh1Vn/XI2426kRpBqHwWIzVBzJsVZ5XrQ= +google.golang.org/api v0.259.0/go.mod h1:LC2ISWGWbRoyQVpxGntWwLWN/vLNxxKBK9KuJRI8Te4= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -683,10 +1087,17 @@ google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg= google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 h1:GvESR9BIyHUahIb0NcTum6itIWtdoglGX+rnGxm2934= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b h1:Mv8VFug0MP9e5vUxfBcE3vUkV6CImK3cMNMIDFjmzxU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc= +google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -696,13 +1107,20 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -717,7 +1135,29 @@ grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJd honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= +k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= +k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= +k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= +k8s.io/client-go v0.34.3 h1:wtYtpzy/OPNYf7WyNBTj3iUA0XaBHVqhv4Iv3tbrF5A= +k8s.io/client-go v0.34.3/go.mod h1:OxxeYagaP9Kdf78UrKLa3YZixMCfP6bgPwPwNBQBzpM= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= +k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= +k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= +k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/blake3 v1.4.1 h1:I3Smz7gso8w4/TunLKec6K2fn+kyKtDxr/xcQEN84Wg= lukechampine.com/blake3 v1.4.1/go.mod h1:QFosUxmjB8mnrWFSNwKmvxHpfY72bmD2tQ0kBMM3kwo= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +sigs.k8s.io/mcs-api v0.3.0 h1:LjRvgzjMrvO1904GP6XBJSnIX221DJMyQlZOYt9LAnM= +sigs.k8s.io/mcs-api v0.3.0/go.mod h1:zZ5CK8uS6HaLkxY4HqsmcBHfzHuNMrY2uJy8T7jffK4= +sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= +sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= +sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/migrations/005_dns_records.sql b/migrations/005_dns_records.sql new file mode 100644 index 0000000..650e07a --- /dev/null +++ b/migrations/005_dns_records.sql @@ -0,0 +1,77 @@ +-- Migration 005: DNS Records for CoreDNS Integration +-- This migration creates tables for managing DNS records with RQLite backend for CoreDNS + +BEGIN; + +-- DNS records table for dynamic DNS management +CREATE TABLE IF NOT EXISTS dns_records ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + fqdn TEXT NOT NULL UNIQUE, -- Fully qualified domain name (e.g., myapp.node-7prvNa.orama.network) + record_type TEXT NOT NULL DEFAULT 'A', -- DNS record type: A, AAAA, CNAME, TXT + value TEXT NOT NULL, -- IP address or target value + ttl INTEGER NOT NULL DEFAULT 300, -- Time to live in seconds + namespace TEXT NOT NULL, -- Namespace that owns this record + deployment_id TEXT, -- Optional: deployment that created this record + node_id TEXT, -- Optional: specific node ID for node-specific routing + is_active BOOLEAN NOT NULL DEFAULT TRUE,-- Enable/disable without deleting + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by TEXT NOT NULL -- Wallet address or 'system' for auto-created records +); + +-- Indexes for fast DNS lookups +CREATE INDEX IF NOT EXISTS idx_dns_records_fqdn ON dns_records(fqdn); +CREATE INDEX IF NOT EXISTS idx_dns_records_namespace ON dns_records(namespace); +CREATE INDEX IF NOT EXISTS idx_dns_records_deployment ON dns_records(deployment_id); +CREATE INDEX IF NOT EXISTS idx_dns_records_node_id ON dns_records(node_id); +CREATE INDEX IF NOT EXISTS idx_dns_records_active ON dns_records(is_active); + +-- DNS nodes registry for tracking active nodes +CREATE TABLE IF NOT EXISTS dns_nodes ( + id TEXT PRIMARY KEY, -- Node ID (e.g., node-7prvNa) + ip_address TEXT NOT NULL, -- Public IP address + internal_ip TEXT, -- Private IP for cluster communication + region TEXT, -- Geographic region + status TEXT NOT NULL DEFAULT 'active', -- active, draining, offline + last_seen TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + capabilities TEXT, -- JSON: ["wasm", "ipfs", "cache"] + metadata TEXT, -- JSON: additional node info + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Indexes for node health monitoring +CREATE INDEX IF NOT EXISTS idx_dns_nodes_status ON dns_nodes(status); +CREATE INDEX IF NOT EXISTS idx_dns_nodes_last_seen ON dns_nodes(last_seen); + +-- Reserved domains table to prevent subdomain collisions +CREATE TABLE IF NOT EXISTS reserved_domains ( + domain TEXT PRIMARY KEY, + reason TEXT NOT NULL, + reserved_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Seed reserved domains +INSERT INTO reserved_domains (domain, reason) VALUES + ('api.orama.network', 'API gateway endpoint'), + ('www.orama.network', 'Marketing website'), + ('admin.orama.network', 'Admin panel'), + ('ns1.orama.network', 'Nameserver 1'), + ('ns2.orama.network', 'Nameserver 2'), + ('ns3.orama.network', 'Nameserver 3'), + ('ns4.orama.network', 'Nameserver 4'), + ('mail.orama.network', 'Email service'), + ('cdn.orama.network', 'Content delivery'), + ('docs.orama.network', 'Documentation'), + ('status.orama.network', 'Status page') +ON CONFLICT(domain) DO NOTHING; + +-- Mark migration as applied +CREATE TABLE IF NOT EXISTS schema_migrations ( + version INTEGER PRIMARY KEY, + applied_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +INSERT OR IGNORE INTO schema_migrations(version) VALUES (5); + +COMMIT; diff --git a/migrations/006_namespace_sqlite.sql b/migrations/006_namespace_sqlite.sql new file mode 100644 index 0000000..737028c --- /dev/null +++ b/migrations/006_namespace_sqlite.sql @@ -0,0 +1,74 @@ +-- Migration 006: Per-Namespace SQLite Databases +-- This migration creates infrastructure for isolated SQLite databases per namespace + +BEGIN; + +-- Namespace SQLite databases registry +CREATE TABLE IF NOT EXISTS namespace_sqlite_databases ( + id TEXT PRIMARY KEY, -- UUID + namespace TEXT NOT NULL, -- Namespace that owns this database + database_name TEXT NOT NULL, -- Database name (unique per namespace) + home_node_id TEXT NOT NULL, -- Node ID where database file resides + file_path TEXT NOT NULL, -- Absolute path on home node + size_bytes BIGINT DEFAULT 0, -- Current database size + backup_cid TEXT, -- Latest backup CID in IPFS + last_backup_at TIMESTAMP, -- Last backup timestamp + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by TEXT NOT NULL, -- Wallet address that created the database + + UNIQUE(namespace, database_name) +); + +-- Indexes for database lookups +CREATE INDEX IF NOT EXISTS idx_sqlite_databases_namespace ON namespace_sqlite_databases(namespace); +CREATE INDEX IF NOT EXISTS idx_sqlite_databases_home_node ON namespace_sqlite_databases(home_node_id); +CREATE INDEX IF NOT EXISTS idx_sqlite_databases_name ON namespace_sqlite_databases(namespace, database_name); + +-- SQLite database backups history +CREATE TABLE IF NOT EXISTS namespace_sqlite_backups ( + id TEXT PRIMARY KEY, -- UUID + database_id TEXT NOT NULL, -- References namespace_sqlite_databases.id + backup_cid TEXT NOT NULL, -- IPFS CID of backup file + size_bytes BIGINT NOT NULL, -- Backup file size + backup_type TEXT NOT NULL, -- 'manual', 'scheduled', 'migration' + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by TEXT NOT NULL, + + FOREIGN KEY (database_id) REFERENCES namespace_sqlite_databases(id) ON DELETE CASCADE +); + +-- Index for backup history queries +CREATE INDEX IF NOT EXISTS idx_sqlite_backups_database ON namespace_sqlite_backups(database_id, created_at DESC); + +-- Namespace quotas for resource management (future use) +CREATE TABLE IF NOT EXISTS namespace_quotas ( + namespace TEXT PRIMARY KEY, + + -- Storage quotas + max_sqlite_databases INTEGER DEFAULT 10, -- Max SQLite databases per namespace + max_storage_bytes BIGINT DEFAULT 5368709120, -- 5GB default + max_ipfs_pins INTEGER DEFAULT 1000, -- Max pinned IPFS objects + + -- Compute quotas + max_deployments INTEGER DEFAULT 20, -- Max concurrent deployments + max_cpu_percent INTEGER DEFAULT 200, -- Total CPU quota (2 cores) + max_memory_mb INTEGER DEFAULT 2048, -- Total memory quota + + -- Rate limits + max_rqlite_queries_per_minute INTEGER DEFAULT 1000, + max_olric_ops_per_minute INTEGER DEFAULT 10000, + + -- Current usage (updated periodically) + current_storage_bytes BIGINT DEFAULT 0, + current_deployments INTEGER DEFAULT 0, + current_sqlite_databases INTEGER DEFAULT 0, + + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Mark migration as applied +INSERT OR IGNORE INTO schema_migrations(version) VALUES (6); + +COMMIT; diff --git a/migrations/007_deployments.sql b/migrations/007_deployments.sql new file mode 100644 index 0000000..9690640 --- /dev/null +++ b/migrations/007_deployments.sql @@ -0,0 +1,178 @@ +-- Migration 007: Deployments System +-- This migration creates the complete schema for managing custom deployments +-- (Static sites, Next.js, Go backends, Node.js backends) + +BEGIN; + +-- Main deployments table +CREATE TABLE IF NOT EXISTS deployments ( + id TEXT PRIMARY KEY, -- UUID + namespace TEXT NOT NULL, -- Owner namespace + name TEXT NOT NULL, -- Deployment name (unique per namespace) + type TEXT NOT NULL, -- 'static', 'nextjs', 'nextjs-static', 'go-backend', 'go-wasm', 'nodejs-backend' + version INTEGER NOT NULL DEFAULT 1, -- Monotonic version counter + status TEXT NOT NULL DEFAULT 'deploying', -- 'deploying', 'active', 'failed', 'stopped', 'updating' + + -- Content storage + content_cid TEXT, -- IPFS CID for static content or built assets + build_cid TEXT, -- IPFS CID for build artifacts (Next.js SSR, binaries) + + -- Runtime configuration + home_node_id TEXT, -- Node ID hosting stateful data/processes + port INTEGER, -- Allocated port (NULL for static/WASM) + subdomain TEXT, -- Custom subdomain (e.g., myapp) + environment TEXT, -- JSON: {"KEY": "value", ...} + + -- Resource limits + memory_limit_mb INTEGER DEFAULT 256, + cpu_limit_percent INTEGER DEFAULT 50, + disk_limit_mb INTEGER DEFAULT 1024, + + -- Health & monitoring + health_check_path TEXT DEFAULT '/health', -- HTTP path for health checks + health_check_interval INTEGER DEFAULT 30, -- Seconds between health checks + restart_policy TEXT DEFAULT 'always', -- 'always', 'on-failure', 'never' + max_restart_count INTEGER DEFAULT 10, -- Max restarts before marking as failed + + -- Metadata + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + deployed_by TEXT NOT NULL, -- Wallet address or API key + + UNIQUE(namespace, name) +); + +-- Indexes for deployment lookups +CREATE INDEX IF NOT EXISTS idx_deployments_namespace ON deployments(namespace); +CREATE INDEX IF NOT EXISTS idx_deployments_status ON deployments(status); +CREATE INDEX IF NOT EXISTS idx_deployments_home_node ON deployments(home_node_id); +CREATE INDEX IF NOT EXISTS idx_deployments_type ON deployments(type); +CREATE INDEX IF NOT EXISTS idx_deployments_subdomain ON deployments(subdomain); + +-- Port allocations table (prevents port conflicts) +CREATE TABLE IF NOT EXISTS port_allocations ( + node_id TEXT NOT NULL, + port INTEGER NOT NULL, + deployment_id TEXT NOT NULL, + allocated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + PRIMARY KEY (node_id, port), + FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE +); + +-- Index for finding allocated ports by node +CREATE INDEX IF NOT EXISTS idx_port_allocations_node ON port_allocations(node_id, port); +CREATE INDEX IF NOT EXISTS idx_port_allocations_deployment ON port_allocations(deployment_id); + +-- Home node assignments (namespace → node mapping) +CREATE TABLE IF NOT EXISTS home_node_assignments ( + namespace TEXT PRIMARY KEY, + home_node_id TEXT NOT NULL, + assigned_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + last_heartbeat TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + deployment_count INTEGER DEFAULT 0, -- Cached count for capacity planning + total_memory_mb INTEGER DEFAULT 0, -- Cached total memory usage + total_cpu_percent INTEGER DEFAULT 0 -- Cached total CPU usage +); + +-- Index for querying by node +CREATE INDEX IF NOT EXISTS idx_home_node_by_node ON home_node_assignments(home_node_id); + +-- Deployment domains (custom domain mapping) +CREATE TABLE IF NOT EXISTS deployment_domains ( + id TEXT PRIMARY KEY, -- UUID + deployment_id TEXT NOT NULL, + namespace TEXT NOT NULL, + domain TEXT NOT NULL UNIQUE, -- Full domain (e.g., myapp.orama.network or custom) + routing_type TEXT NOT NULL DEFAULT 'balanced', -- 'balanced' or 'node_specific' + node_id TEXT, -- For node_specific routing + is_custom BOOLEAN DEFAULT FALSE, -- True for user's own domain + tls_cert_cid TEXT, -- IPFS CID for custom TLS certificate + verified_at TIMESTAMP, -- When custom domain was verified + verification_token TEXT, -- TXT record token for domain verification + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE +); + +-- Indexes for domain lookups +CREATE INDEX IF NOT EXISTS idx_deployment_domains_deployment ON deployment_domains(deployment_id); +CREATE INDEX IF NOT EXISTS idx_deployment_domains_domain ON deployment_domains(domain); +CREATE INDEX IF NOT EXISTS idx_deployment_domains_namespace ON deployment_domains(namespace); + +-- Deployment history (version tracking and rollback) +CREATE TABLE IF NOT EXISTS deployment_history ( + id TEXT PRIMARY KEY, -- UUID + deployment_id TEXT NOT NULL, + version INTEGER NOT NULL, + content_cid TEXT, + build_cid TEXT, + deployed_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + deployed_by TEXT NOT NULL, + status TEXT NOT NULL DEFAULT 'success', -- 'success', 'failed', 'rolled_back' + error_message TEXT, + rollback_from_version INTEGER, -- If this is a rollback, original version + + FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE +); + +-- Indexes for history queries +CREATE INDEX IF NOT EXISTS idx_deployment_history_deployment ON deployment_history(deployment_id, version DESC); +CREATE INDEX IF NOT EXISTS idx_deployment_history_status ON deployment_history(status); + +-- Deployment environment variables (separate for security) +CREATE TABLE IF NOT EXISTS deployment_env_vars ( + id TEXT PRIMARY KEY, -- UUID + deployment_id TEXT NOT NULL, + key TEXT NOT NULL, + value TEXT NOT NULL, -- Encrypted in production + is_secret BOOLEAN DEFAULT FALSE, -- True for sensitive values + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + UNIQUE(deployment_id, key), + FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE +); + +-- Index for env var lookups +CREATE INDEX IF NOT EXISTS idx_deployment_env_vars_deployment ON deployment_env_vars(deployment_id); + +-- Deployment events log (audit trail) +CREATE TABLE IF NOT EXISTS deployment_events ( + id TEXT PRIMARY KEY, -- UUID + deployment_id TEXT NOT NULL, + event_type TEXT NOT NULL, -- 'created', 'started', 'stopped', 'restarted', 'updated', 'deleted', 'health_check_failed' + message TEXT, + metadata TEXT, -- JSON: additional context + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by TEXT, -- Wallet address or 'system' + + FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE +); + +-- Index for event queries +CREATE INDEX IF NOT EXISTS idx_deployment_events_deployment ON deployment_events(deployment_id, created_at DESC); +CREATE INDEX IF NOT EXISTS idx_deployment_events_type ON deployment_events(event_type); + +-- Process health checks (for dynamic deployments) +CREATE TABLE IF NOT EXISTS deployment_health_checks ( + id TEXT PRIMARY KEY, -- UUID + deployment_id TEXT NOT NULL, + node_id TEXT NOT NULL, + status TEXT NOT NULL, -- 'healthy', 'unhealthy', 'unknown' + response_time_ms INTEGER, + status_code INTEGER, + error_message TEXT, + checked_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE +); + +-- Index for health check queries (keep only recent checks) +CREATE INDEX IF NOT EXISTS idx_health_checks_deployment ON deployment_health_checks(deployment_id, checked_at DESC); + +-- Mark migration as applied +INSERT OR IGNORE INTO schema_migrations(version) VALUES (7); + +COMMIT; diff --git a/migrations/008_ipfs_namespace_tracking.sql b/migrations/008_ipfs_namespace_tracking.sql new file mode 100644 index 0000000..3d1deea --- /dev/null +++ b/migrations/008_ipfs_namespace_tracking.sql @@ -0,0 +1,31 @@ +-- Migration 008: IPFS Namespace Tracking +-- This migration adds namespace isolation for IPFS content by tracking CID ownership. + +-- Table: ipfs_content_ownership +-- Tracks which namespace owns each CID uploaded to IPFS. +-- This enables namespace isolation so that: +-- - Namespace-A cannot GET/PIN/UNPIN Namespace-B's content +-- - Same CID can be uploaded by different namespaces (shared content) +CREATE TABLE IF NOT EXISTS ipfs_content_ownership ( + id TEXT PRIMARY KEY, + cid TEXT NOT NULL, + namespace TEXT NOT NULL, + name TEXT, + size_bytes BIGINT DEFAULT 0, + is_pinned BOOLEAN DEFAULT FALSE, + uploaded_at TIMESTAMP NOT NULL, + uploaded_by TEXT NOT NULL, + UNIQUE(cid, namespace) +); + +-- Index for fast namespace + CID lookup +CREATE INDEX IF NOT EXISTS idx_ipfs_ownership_namespace_cid + ON ipfs_content_ownership(namespace, cid); + +-- Index for fast CID lookup across all namespaces +CREATE INDEX IF NOT EXISTS idx_ipfs_ownership_cid + ON ipfs_content_ownership(cid); + +-- Index for namespace-only queries (list all content for a namespace) +CREATE INDEX IF NOT EXISTS idx_ipfs_ownership_namespace + ON ipfs_content_ownership(namespace); diff --git a/migrations/009_dns_records_multi.sql b/migrations/009_dns_records_multi.sql new file mode 100644 index 0000000..17b8f0b --- /dev/null +++ b/migrations/009_dns_records_multi.sql @@ -0,0 +1,45 @@ +-- Migration 009: Update DNS Records to Support Multiple Records per FQDN +-- This allows round-robin A records and multiple NS records for the same domain + +BEGIN; + +-- SQLite doesn't support DROP CONSTRAINT, so we recreate the table +-- First, create the new table structure +CREATE TABLE IF NOT EXISTS dns_records_new ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + fqdn TEXT NOT NULL, -- Fully qualified domain name (e.g., myapp.node-7prvNa.orama.network) + record_type TEXT NOT NULL DEFAULT 'A',-- DNS record type: A, AAAA, CNAME, TXT, NS, SOA + value TEXT NOT NULL, -- IP address or target value + ttl INTEGER NOT NULL DEFAULT 300, -- Time to live in seconds + priority INTEGER DEFAULT 0, -- Priority for MX/SRV records, or weight for round-robin + namespace TEXT NOT NULL DEFAULT 'system', -- Namespace that owns this record + deployment_id TEXT, -- Optional: deployment that created this record + node_id TEXT, -- Optional: specific node ID for node-specific routing + is_active BOOLEAN NOT NULL DEFAULT TRUE,-- Enable/disable without deleting + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by TEXT NOT NULL DEFAULT 'system', -- Wallet address or 'system' for auto-created records + UNIQUE(fqdn, record_type, value) -- Allow multiple records of same type for same FQDN, but not duplicates +); + +-- Copy existing data if the old table exists +INSERT OR IGNORE INTO dns_records_new (id, fqdn, record_type, value, ttl, namespace, deployment_id, node_id, is_active, created_at, updated_at, created_by) +SELECT id, fqdn, record_type, value, ttl, namespace, deployment_id, node_id, is_active, created_at, updated_at, created_by +FROM dns_records WHERE 1=1; + +-- Drop old table and rename new one +DROP TABLE IF EXISTS dns_records; +ALTER TABLE dns_records_new RENAME TO dns_records; + +-- Recreate indexes +CREATE INDEX IF NOT EXISTS idx_dns_records_fqdn ON dns_records(fqdn); +CREATE INDEX IF NOT EXISTS idx_dns_records_fqdn_type ON dns_records(fqdn, record_type); +CREATE INDEX IF NOT EXISTS idx_dns_records_namespace ON dns_records(namespace); +CREATE INDEX IF NOT EXISTS idx_dns_records_deployment ON dns_records(deployment_id); +CREATE INDEX IF NOT EXISTS idx_dns_records_node_id ON dns_records(node_id); +CREATE INDEX IF NOT EXISTS idx_dns_records_active ON dns_records(is_active); + +-- Mark migration as applied +INSERT OR IGNORE INTO schema_migrations(version) VALUES (9); + +COMMIT; diff --git a/migrations/010_namespace_clusters.sql b/migrations/010_namespace_clusters.sql new file mode 100644 index 0000000..137dd2a --- /dev/null +++ b/migrations/010_namespace_clusters.sql @@ -0,0 +1,190 @@ +-- Migration 010: Namespace Clusters for Physical Isolation +-- Creates tables to manage per-namespace RQLite and Olric clusters +-- Each namespace gets its own 3-node cluster for complete isolation + +BEGIN; + +-- Extend namespaces table with cluster status tracking +-- Note: SQLite doesn't support ADD COLUMN IF NOT EXISTS, so we handle this carefully +-- These columns track the provisioning state of the namespace's dedicated cluster + +-- First check if columns exist, if not add them +-- cluster_status: 'none', 'provisioning', 'ready', 'degraded', 'failed', 'deprovisioning' + +-- Create a new namespaces table with additional columns if needed +CREATE TABLE IF NOT EXISTS namespaces_new ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + name TEXT NOT NULL UNIQUE, + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + cluster_status TEXT DEFAULT 'none', + cluster_created_at TIMESTAMP, + cluster_ready_at TIMESTAMP +); + +-- Copy data from old table if it exists and new columns don't +INSERT OR IGNORE INTO namespaces_new (id, name, created_at, cluster_status) +SELECT id, name, created_at, 'none' FROM namespaces WHERE NOT EXISTS ( + SELECT 1 FROM pragma_table_info('namespaces') WHERE name = 'cluster_status' +); + +-- If the column already exists, this migration was partially applied - skip the table swap +-- We'll use a different approach: just ensure the new tables exist + +-- Namespace clusters registry +-- One record per namespace that has a dedicated cluster +CREATE TABLE IF NOT EXISTS namespace_clusters ( + id TEXT PRIMARY KEY, -- UUID + namespace_id INTEGER NOT NULL UNIQUE, -- FK to namespaces + namespace_name TEXT NOT NULL, -- Cached for easier lookups + status TEXT NOT NULL DEFAULT 'provisioning', -- provisioning, ready, degraded, failed, deprovisioning + + -- Cluster configuration + rqlite_node_count INTEGER NOT NULL DEFAULT 3, + olric_node_count INTEGER NOT NULL DEFAULT 3, + gateway_node_count INTEGER NOT NULL DEFAULT 3, + + -- Provisioning metadata + provisioned_by TEXT NOT NULL, -- Wallet address that triggered provisioning + provisioned_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + ready_at TIMESTAMP, + last_health_check TIMESTAMP, + + -- Error tracking + error_message TEXT, + retry_count INTEGER DEFAULT 0, + + FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE +); + +CREATE INDEX IF NOT EXISTS idx_namespace_clusters_status ON namespace_clusters(status); +CREATE INDEX IF NOT EXISTS idx_namespace_clusters_namespace ON namespace_clusters(namespace_id); +CREATE INDEX IF NOT EXISTS idx_namespace_clusters_name ON namespace_clusters(namespace_name); + +-- Namespace cluster nodes +-- Tracks which physical nodes host services for each namespace cluster +CREATE TABLE IF NOT EXISTS namespace_cluster_nodes ( + id TEXT PRIMARY KEY, -- UUID + namespace_cluster_id TEXT NOT NULL, -- FK to namespace_clusters + node_id TEXT NOT NULL, -- FK to dns_nodes (physical node) + + -- Role in the cluster + -- Each node can have multiple roles (rqlite + olric + gateway) + role TEXT NOT NULL, -- 'rqlite_leader', 'rqlite_follower', 'olric', 'gateway' + + -- Service ports (allocated from reserved range 10000-10099) + rqlite_http_port INTEGER, -- Port for RQLite HTTP API + rqlite_raft_port INTEGER, -- Port for RQLite Raft consensus + olric_http_port INTEGER, -- Port for Olric HTTP API + olric_memberlist_port INTEGER, -- Port for Olric memberlist gossip + gateway_http_port INTEGER, -- Port for Gateway HTTP + + -- Service status + status TEXT NOT NULL DEFAULT 'pending', -- pending, starting, running, stopped, failed + process_pid INTEGER, -- PID of running process (for local management) + last_heartbeat TIMESTAMP, + error_message TEXT, + + -- Join addresses for cluster formation + rqlite_join_address TEXT, -- Address to join RQLite cluster + olric_peers TEXT, -- JSON array of Olric peer addresses + + -- Metadata + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + UNIQUE(namespace_cluster_id, node_id, role), + FOREIGN KEY (namespace_cluster_id) REFERENCES namespace_clusters(id) ON DELETE CASCADE +); + +CREATE INDEX IF NOT EXISTS idx_cluster_nodes_cluster ON namespace_cluster_nodes(namespace_cluster_id); +CREATE INDEX IF NOT EXISTS idx_cluster_nodes_node ON namespace_cluster_nodes(node_id); +CREATE INDEX IF NOT EXISTS idx_cluster_nodes_status ON namespace_cluster_nodes(status); +CREATE INDEX IF NOT EXISTS idx_cluster_nodes_role ON namespace_cluster_nodes(role); + +-- Namespace port allocations +-- Manages the reserved port range (10000-10099) for namespace services +-- Each namespace instance on a node gets a block of 5 consecutive ports +CREATE TABLE IF NOT EXISTS namespace_port_allocations ( + id TEXT PRIMARY KEY, -- UUID + node_id TEXT NOT NULL, -- Physical node ID + namespace_cluster_id TEXT NOT NULL, -- Namespace cluster this allocation belongs to + + -- Port block (5 consecutive ports) + port_start INTEGER NOT NULL, -- Start of port block (e.g., 10000) + port_end INTEGER NOT NULL, -- End of port block (e.g., 10004) + + -- Individual port assignments within the block + rqlite_http_port INTEGER NOT NULL, -- port_start + 0 + rqlite_raft_port INTEGER NOT NULL, -- port_start + 1 + olric_http_port INTEGER NOT NULL, -- port_start + 2 + olric_memberlist_port INTEGER NOT NULL, -- port_start + 3 + gateway_http_port INTEGER NOT NULL, -- port_start + 4 + + allocated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + -- Prevent overlapping allocations on same node + UNIQUE(node_id, port_start), + -- One allocation per namespace per node + UNIQUE(namespace_cluster_id, node_id), + FOREIGN KEY (namespace_cluster_id) REFERENCES namespace_clusters(id) ON DELETE CASCADE +); + +CREATE INDEX IF NOT EXISTS idx_ns_port_alloc_node ON namespace_port_allocations(node_id); +CREATE INDEX IF NOT EXISTS idx_ns_port_alloc_cluster ON namespace_port_allocations(namespace_cluster_id); + +-- Namespace cluster events +-- Audit log for cluster provisioning and lifecycle events +CREATE TABLE IF NOT EXISTS namespace_cluster_events ( + id TEXT PRIMARY KEY, -- UUID + namespace_cluster_id TEXT NOT NULL, + event_type TEXT NOT NULL, -- Event types listed below + node_id TEXT, -- Optional: specific node this event relates to + message TEXT, + metadata TEXT, -- JSON for additional event data + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + FOREIGN KEY (namespace_cluster_id) REFERENCES namespace_clusters(id) ON DELETE CASCADE +); + +-- Event types: +-- 'provisioning_started' - Cluster provisioning began +-- 'nodes_selected' - 3 nodes were selected for the cluster +-- 'ports_allocated' - Ports allocated on a node +-- 'rqlite_started' - RQLite instance started on a node +-- 'rqlite_joined' - RQLite instance joined the cluster +-- 'rqlite_leader_elected' - RQLite leader election completed +-- 'olric_started' - Olric instance started on a node +-- 'olric_joined' - Olric instance joined memberlist +-- 'gateway_started' - Gateway instance started on a node +-- 'dns_created' - DNS records created for namespace +-- 'cluster_ready' - All services ready, cluster is operational +-- 'cluster_degraded' - One or more nodes are unhealthy +-- 'cluster_failed' - Cluster failed to provision or operate +-- 'node_failed' - Specific node became unhealthy +-- 'node_recovered' - Node recovered from failure +-- 'deprovisioning_started' - Cluster deprovisioning began +-- 'deprovisioned' - Cluster fully deprovisioned + +CREATE INDEX IF NOT EXISTS idx_cluster_events_cluster ON namespace_cluster_events(namespace_cluster_id, created_at DESC); +CREATE INDEX IF NOT EXISTS idx_cluster_events_type ON namespace_cluster_events(event_type); + +-- Global deployment registry +-- Prevents duplicate deployment subdomains across all namespaces +-- Since deployments now use {name}-{random}.{domain}, we track used subdomains globally +CREATE TABLE IF NOT EXISTS global_deployment_subdomains ( + subdomain TEXT PRIMARY KEY, -- Full subdomain (e.g., 'myapp-f3o4if') + namespace TEXT NOT NULL, -- Owner namespace + deployment_id TEXT NOT NULL, -- FK to deployments (in namespace cluster) + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + -- No FK to deployments since deployments are in namespace-specific clusters + UNIQUE(subdomain) +); + +CREATE INDEX IF NOT EXISTS idx_global_subdomains_namespace ON global_deployment_subdomains(namespace); +CREATE INDEX IF NOT EXISTS idx_global_subdomains_deployment ON global_deployment_subdomains(deployment_id); + +-- Mark migration as applied +INSERT OR IGNORE INTO schema_migrations(version) VALUES (10); + +COMMIT; diff --git a/migrations/011_dns_nameservers.sql b/migrations/011_dns_nameservers.sql new file mode 100644 index 0000000..e2655c0 --- /dev/null +++ b/migrations/011_dns_nameservers.sql @@ -0,0 +1,19 @@ +-- Migration 011: DNS Nameservers Table +-- Maps NS hostnames (ns1, ns2, ns3) to specific node IDs and IPs +-- Provides stable NS assignment that survives restarts and re-seeding + +BEGIN; + +CREATE TABLE IF NOT EXISTS dns_nameservers ( + hostname TEXT PRIMARY KEY, -- e.g., "ns1", "ns2", "ns3" + node_id TEXT NOT NULL, -- Peer ID of the assigned node + ip_address TEXT NOT NULL, -- IP address of the assigned node + domain TEXT NOT NULL, -- Base domain (e.g., "dbrs.space") + assigned_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + UNIQUE(node_id, domain) -- A node can only hold one NS slot per domain +); + +INSERT OR IGNORE INTO schema_migrations(version) VALUES (11); + +COMMIT; diff --git a/migrations/012_deployment_replicas.sql b/migrations/012_deployment_replicas.sql new file mode 100644 index 0000000..03d203d --- /dev/null +++ b/migrations/012_deployment_replicas.sql @@ -0,0 +1,15 @@ +-- Deployment replicas: tracks which nodes host replicas of each deployment +CREATE TABLE IF NOT EXISTS deployment_replicas ( + deployment_id TEXT NOT NULL, + node_id TEXT NOT NULL, + port INTEGER DEFAULT 0, + status TEXT NOT NULL DEFAULT 'pending', + is_primary BOOLEAN NOT NULL DEFAULT FALSE, + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + PRIMARY KEY (deployment_id, node_id), + FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE +); + +CREATE INDEX IF NOT EXISTS idx_deployment_replicas_node ON deployment_replicas(node_id); +CREATE INDEX IF NOT EXISTS idx_deployment_replicas_status ON deployment_replicas(deployment_id, status); diff --git a/migrations/013_wireguard_peers.sql b/migrations/013_wireguard_peers.sql new file mode 100644 index 0000000..636f210 --- /dev/null +++ b/migrations/013_wireguard_peers.sql @@ -0,0 +1,9 @@ +-- WireGuard mesh peer tracking +CREATE TABLE IF NOT EXISTS wireguard_peers ( + node_id TEXT PRIMARY KEY, + wg_ip TEXT NOT NULL UNIQUE, + public_key TEXT NOT NULL UNIQUE, + public_ip TEXT NOT NULL, + wg_port INTEGER DEFAULT 51820, + created_at DATETIME DEFAULT CURRENT_TIMESTAMP +); diff --git a/migrations/014_invite_tokens.sql b/migrations/014_invite_tokens.sql new file mode 100644 index 0000000..9538823 --- /dev/null +++ b/migrations/014_invite_tokens.sql @@ -0,0 +1,8 @@ +CREATE TABLE IF NOT EXISTS invite_tokens ( + token TEXT PRIMARY KEY, + created_by TEXT NOT NULL, + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + expires_at DATETIME NOT NULL, + used_at DATETIME, + used_by_ip TEXT +); diff --git a/migrations/015_ipfs_peer_ids.sql b/migrations/015_ipfs_peer_ids.sql new file mode 100644 index 0000000..00cfe8e --- /dev/null +++ b/migrations/015_ipfs_peer_ids.sql @@ -0,0 +1,3 @@ +-- Store IPFS peer IDs alongside WireGuard peers for automatic swarm discovery +-- Each node registers its IPFS peer ID so other nodes can connect via ipfs swarm connect +ALTER TABLE wireguard_peers ADD COLUMN ipfs_peer_id TEXT DEFAULT ''; diff --git a/migrations/embed.go b/migrations/embed.go new file mode 100644 index 0000000..91cca1c --- /dev/null +++ b/migrations/embed.go @@ -0,0 +1,6 @@ +package migrations + +import "embed" + +//go:embed *.sql +var FS embed.FS diff --git a/pkg/auth/credentials.go b/pkg/auth/credentials.go index a6dbf69..3eefd9c 100644 --- a/pkg/auth/credentials.go +++ b/pkg/auth/credentials.go @@ -19,6 +19,7 @@ type Credentials struct { IssuedAt time.Time `json:"issued_at"` LastUsedAt time.Time `json:"last_used_at,omitempty"` Plan string `json:"plan,omitempty"` + NamespaceURL string `json:"namespace_url,omitempty"` } // CredentialStore manages credentials for multiple gateways @@ -165,17 +166,59 @@ func (creds *Credentials) UpdateLastUsed() { creds.LastUsedAt = time.Now() } -// GetDefaultGatewayURL returns the default gateway URL from environment or fallback +// GetDefaultGatewayURL returns the default gateway URL from environment config, env vars, or fallback func GetDefaultGatewayURL() string { + // Check environment variables first (for backwards compatibility) if envURL := os.Getenv("DEBROS_GATEWAY_URL"); envURL != "" { return envURL } if envURL := os.Getenv("DEBROS_GATEWAY"); envURL != "" { return envURL } + + // Try to read from environment config file + if gwURL := getGatewayFromEnvConfig(); gwURL != "" { + return gwURL + } + return "http://localhost:6001" } +// getGatewayFromEnvConfig reads the active environment's gateway URL from the config file +func getGatewayFromEnvConfig() string { + homeDir, err := os.UserHomeDir() + if err != nil { + return "" + } + + envConfigPath := filepath.Join(homeDir, ".orama", "environments.json") + data, err := os.ReadFile(envConfigPath) + if err != nil { + return "" + } + + var config struct { + Environments []struct { + Name string `json:"name"` + GatewayURL string `json:"gateway_url"` + } `json:"environments"` + ActiveEnvironment string `json:"active_environment"` + } + + if err := json.Unmarshal(data, &config); err != nil { + return "" + } + + // Find the active environment + for _, env := range config.Environments { + if env.Name == config.ActiveEnvironment { + return env.GatewayURL + } + } + + return "" +} + // HasValidCredentials checks if there are valid credentials for the default gateway func HasValidCredentials() (bool, error) { store, err := LoadCredentials() diff --git a/pkg/auth/enhanced_auth.go b/pkg/auth/enhanced_auth.go index 3e5a057..5efed25 100644 --- a/pkg/auth/enhanced_auth.go +++ b/pkg/auth/enhanced_auth.go @@ -86,7 +86,8 @@ func LoadEnhancedCredentials() (*EnhancedCredentialStore, error) { } } - // Parse as legacy v2.0 format (single credential per gateway) and migrate + // Parse as legacy format (single credential per gateway) and migrate + // Supports both v1.0 and v2.0 legacy formats var legacyStore struct { Gateways map[string]*Credentials `json:"gateways"` Version string `json:"version"` @@ -96,8 +97,8 @@ func LoadEnhancedCredentials() (*EnhancedCredentialStore, error) { return nil, fmt.Errorf("invalid credentials file format: %w", err) } - if legacyStore.Version != "2.0" { - return nil, fmt.Errorf("unsupported credentials version %q; expected \"2.0\"", legacyStore.Version) + if legacyStore.Version != "1.0" && legacyStore.Version != "2.0" { + return nil, fmt.Errorf("unsupported credentials version %q; expected \"1.0\" or \"2.0\"", legacyStore.Version) } // Convert legacy format to enhanced format diff --git a/pkg/auth/simple_auth.go b/pkg/auth/simple_auth.go index af11953..8d4cfa9 100644 --- a/pkg/auth/simple_auth.go +++ b/pkg/auth/simple_auth.go @@ -16,20 +16,22 @@ import ( // PerformSimpleAuthentication performs a simple authentication flow where the user // provides a wallet address and receives an API key without signature verification -func PerformSimpleAuthentication(gatewayURL string) (*Credentials, error) { +func PerformSimpleAuthentication(gatewayURL, wallet, namespace string) (*Credentials, error) { reader := bufio.NewReader(os.Stdin) fmt.Println("\n🔐 Simple Wallet Authentication") fmt.Println("================================") - // Read wallet address - fmt.Print("Enter your wallet address (0x...): ") - walletInput, err := reader.ReadString('\n') - if err != nil { - return nil, fmt.Errorf("failed to read wallet address: %w", err) + // Read wallet address (skip prompt if provided via flag) + if wallet == "" { + fmt.Print("Enter your wallet address (0x...): ") + walletInput, err := reader.ReadString('\n') + if err != nil { + return nil, fmt.Errorf("failed to read wallet address: %w", err) + } + wallet = strings.TrimSpace(walletInput) } - wallet := strings.TrimSpace(walletInput) if wallet == "" { return nil, fmt.Errorf("wallet address cannot be empty") } @@ -43,16 +45,21 @@ func PerformSimpleAuthentication(gatewayURL string) (*Credentials, error) { return nil, fmt.Errorf("invalid wallet address format") } - // Read namespace (optional) - fmt.Print("Enter namespace (press Enter for 'default'): ") - nsInput, err := reader.ReadString('\n') - if err != nil { - return nil, fmt.Errorf("failed to read namespace: %w", err) - } - - namespace := strings.TrimSpace(nsInput) + // Read namespace (skip prompt if provided via flag) if namespace == "" { - namespace = "default" + for { + fmt.Print("Enter namespace (required): ") + nsInput, err := reader.ReadString('\n') + if err != nil { + return nil, fmt.Errorf("failed to read namespace: %w", err) + } + + namespace = strings.TrimSpace(nsInput) + if namespace != "" { + break + } + fmt.Println("⚠️ Namespace cannot be empty. Please enter a namespace.") + } } fmt.Printf("\n✅ Wallet: %s\n", wallet) @@ -65,13 +72,20 @@ func PerformSimpleAuthentication(gatewayURL string) (*Credentials, error) { return nil, fmt.Errorf("failed to request API key: %w", err) } + // Build namespace gateway URL from the gateway URL + namespaceURL := "" + if domain := extractDomainFromURL(gatewayURL); domain != "" { + namespaceURL = fmt.Sprintf("https://ns-%s.%s", namespace, domain) + } + // Create credentials creds := &Credentials{ - APIKey: apiKey, - Namespace: namespace, - UserID: wallet, - Wallet: wallet, - IssuedAt: time.Now(), + APIKey: apiKey, + Namespace: namespace, + UserID: wallet, + Wallet: wallet, + IssuedAt: time.Now(), + NamespaceURL: namespaceURL, } fmt.Printf("\n🎉 Authentication successful!\n") @@ -81,6 +95,7 @@ func PerformSimpleAuthentication(gatewayURL string) (*Credentials, error) { } // requestAPIKeyFromGateway calls the gateway's simple-key endpoint to generate an API key +// For non-default namespaces, this may trigger cluster provisioning and require polling func requestAPIKeyFromGateway(gatewayURL, wallet, namespace string) (string, error) { reqBody := map[string]string{ "wallet": wallet, @@ -95,7 +110,7 @@ func requestAPIKeyFromGateway(gatewayURL, wallet, namespace string) (string, err endpoint := gatewayURL + "/v1/auth/simple-key" // Extract domain from URL for TLS configuration - // This uses tlsutil which handles Let's Encrypt staging certificates for *.debros.network + // This uses tlsutil which handles Let's Encrypt staging certificates for *.orama.network domain := extractDomainFromURL(gatewayURL) client := tlsutil.NewHTTPClientForDomain(30*time.Second, domain) @@ -105,6 +120,170 @@ func requestAPIKeyFromGateway(gatewayURL, wallet, namespace string) (string, err } defer resp.Body.Close() + // Handle 202 Accepted - namespace cluster is being provisioned + if resp.StatusCode == http.StatusAccepted { + return handleProvisioningResponse(gatewayURL, client, resp, wallet, namespace) + } + + if resp.StatusCode != http.StatusOK { + body, _ := io.ReadAll(resp.Body) + return "", fmt.Errorf("gateway returned status %d: %s", resp.StatusCode, string(body)) + } + + var respBody map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&respBody); err != nil { + return "", fmt.Errorf("failed to decode response: %w", err) + } + + apiKey, ok := respBody["api_key"].(string) + if !ok || apiKey == "" { + return "", fmt.Errorf("no api_key in response") + } + + return apiKey, nil +} + +// handleProvisioningResponse handles 202 Accepted responses when namespace cluster provisioning is needed +func handleProvisioningResponse(gatewayURL string, client *http.Client, resp *http.Response, wallet, namespace string) (string, error) { + var provResp map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&provResp); err != nil { + return "", fmt.Errorf("failed to decode provisioning response: %w", err) + } + + status, _ := provResp["status"].(string) + pollURL, _ := provResp["poll_url"].(string) + clusterID, _ := provResp["cluster_id"].(string) + message, _ := provResp["message"].(string) + + if status != "provisioning" { + return "", fmt.Errorf("unexpected status: %s", status) + } + + fmt.Printf("\n🏗️ Provisioning namespace cluster...\n") + if message != "" { + fmt.Printf(" %s\n", message) + } + if clusterID != "" { + fmt.Printf(" Cluster ID: %s\n", clusterID) + } + fmt.Println() + + // Poll until cluster is ready + if err := pollProvisioningStatus(gatewayURL, client, pollURL); err != nil { + return "", err + } + + // Cluster is ready, retry the API key request + fmt.Println("\n✅ Namespace cluster ready!") + fmt.Println("⏳ Retrieving API key...") + + return retryAPIKeyRequest(gatewayURL, client, wallet, namespace) +} + +// pollProvisioningStatus polls the status endpoint until the cluster is ready +func pollProvisioningStatus(gatewayURL string, client *http.Client, pollURL string) error { + // Build full poll URL if it's a relative path + if strings.HasPrefix(pollURL, "/") { + pollURL = gatewayURL + pollURL + } + + maxAttempts := 120 // 10 minutes (5 seconds per poll) + pollInterval := 5 * time.Second + + spinnerChars := []string{"⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"} + spinnerIdx := 0 + + for i := 0; i < maxAttempts; i++ { + // Show progress spinner + fmt.Printf("\r%s Waiting for cluster... ", spinnerChars[spinnerIdx%len(spinnerChars)]) + spinnerIdx++ + + resp, err := client.Get(pollURL) + if err != nil { + time.Sleep(pollInterval) + continue + } + + var statusResp map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&statusResp); err != nil { + resp.Body.Close() + time.Sleep(pollInterval) + continue + } + resp.Body.Close() + + status, _ := statusResp["status"].(string) + + switch status { + case "ready": + fmt.Printf("\r✅ Cluster ready! \n") + return nil + + case "failed": + errMsg, _ := statusResp["error"].(string) + fmt.Printf("\r❌ Provisioning failed \n") + return fmt.Errorf("cluster provisioning failed: %s", errMsg) + + case "provisioning": + // Show progress details + rqliteReady, _ := statusResp["rqlite_ready"].(bool) + olricReady, _ := statusResp["olric_ready"].(bool) + gatewayReady, _ := statusResp["gateway_ready"].(bool) + dnsReady, _ := statusResp["dns_ready"].(bool) + + progressStr := "" + if rqliteReady { + progressStr += "RQLite✓ " + } + if olricReady { + progressStr += "Olric✓ " + } + if gatewayReady { + progressStr += "Gateway✓ " + } + if dnsReady { + progressStr += "DNS✓" + } + if progressStr != "" { + fmt.Printf("\r%s Provisioning... [%s]", spinnerChars[spinnerIdx%len(spinnerChars)], progressStr) + } + + default: + // Unknown status, continue polling + } + + time.Sleep(pollInterval) + } + + fmt.Printf("\r⚠️ Timeout waiting for cluster \n") + return fmt.Errorf("timeout waiting for namespace cluster provisioning") +} + +// retryAPIKeyRequest retries the API key request after cluster provisioning +func retryAPIKeyRequest(gatewayURL string, client *http.Client, wallet, namespace string) (string, error) { + reqBody := map[string]string{ + "wallet": wallet, + "namespace": namespace, + } + + payload, err := json.Marshal(reqBody) + if err != nil { + return "", fmt.Errorf("failed to marshal request: %w", err) + } + + endpoint := gatewayURL + "/v1/auth/simple-key" + + resp, err := client.Post(endpoint, "application/json", bytes.NewReader(payload)) + if err != nil { + return "", fmt.Errorf("failed to call gateway: %w", err) + } + defer resp.Body.Close() + + if resp.StatusCode == http.StatusAccepted { + // Still provisioning? This shouldn't happen but handle gracefully + return "", fmt.Errorf("cluster still provisioning, please try again") + } + if resp.StatusCode != http.StatusOK { body, _ := io.ReadAll(resp.Body) return "", fmt.Errorf("gateway returned status %d: %s", resp.StatusCode, string(body)) diff --git a/pkg/certutil/cert_manager.go b/pkg/certutil/cert_manager.go index db484e5..7a23949 100644 --- a/pkg/certutil/cert_manager.go +++ b/pkg/certutil/cert_manager.go @@ -179,11 +179,11 @@ func (cm *CertificateManager) generateNodeCertificate(hostname string, caCertPEM DNSNames: []string{hostname}, } - // Add wildcard support if hostname contains *.debros.network - if hostname == "*.debros.network" { - template.DNSNames = []string{"*.debros.network", "debros.network"} - } else if hostname == "debros.network" { - template.DNSNames = []string{"*.debros.network", "debros.network"} + // Add wildcard support if hostname contains *.orama.network + if hostname == "*.orama.network" { + template.DNSNames = []string{"*.orama.network", "orama.network"} + } else if hostname == "orama.network" { + template.DNSNames = []string{"*.orama.network", "orama.network"} } // Try to parse as IP address for IP-based certificates @@ -254,4 +254,3 @@ func (cm *CertificateManager) parseCACertificate(caCertPEM, caKeyPEM []byte) (*x func LoadTLSCertificate(certPEM, keyPEM []byte) (tls.Certificate, error) { return tls.X509KeyPair(certPEM, keyPEM) } - diff --git a/pkg/cli/auth_commands.go b/pkg/cli/auth_commands.go index 36f8594..f5e675d 100644 --- a/pkg/cli/auth_commands.go +++ b/pkg/cli/auth_commands.go @@ -2,6 +2,7 @@ package cli import ( "bufio" + "flag" "fmt" "os" "strings" @@ -19,13 +20,22 @@ func HandleAuthCommand(args []string) { subcommand := args[0] switch subcommand { case "login": - handleAuthLogin() + var wallet, namespace string + fs := flag.NewFlagSet("auth login", flag.ExitOnError) + fs.StringVar(&wallet, "wallet", "", "Wallet address (0x...)") + fs.StringVar(&namespace, "namespace", "", "Namespace name") + _ = fs.Parse(args[1:]) + handleAuthLogin(wallet, namespace) case "logout": handleAuthLogout() case "whoami": handleAuthWhoami() case "status": handleAuthStatus() + case "list": + handleAuthList() + case "switch": + handleAuthSwitch() default: fmt.Fprintf(os.Stderr, "Unknown auth command: %s\n", subcommand) showAuthHelp() @@ -35,42 +45,107 @@ func HandleAuthCommand(args []string) { func showAuthHelp() { fmt.Printf("🔐 Authentication Commands\n\n") - fmt.Printf("Usage: dbn auth \n\n") + fmt.Printf("Usage: orama auth \n\n") fmt.Printf("Subcommands:\n") fmt.Printf(" login - Authenticate by providing your wallet address\n") fmt.Printf(" logout - Clear stored credentials\n") fmt.Printf(" whoami - Show current authentication status\n") - fmt.Printf(" status - Show detailed authentication info\n\n") + fmt.Printf(" status - Show detailed authentication info\n") + fmt.Printf(" list - List all stored credentials for current environment\n") + fmt.Printf(" switch - Switch between stored credentials\n\n") fmt.Printf("Examples:\n") - fmt.Printf(" dbn auth login # Enter wallet address interactively\n") - fmt.Printf(" dbn auth whoami # Check who you're logged in as\n") - fmt.Printf(" dbn auth status # View detailed authentication info\n") - fmt.Printf(" dbn auth logout # Clear all stored credentials\n\n") + fmt.Printf(" orama auth login # Enter wallet address interactively\n") + fmt.Printf(" orama auth login --wallet 0x... --namespace myns # Non-interactive\n") + fmt.Printf(" orama auth whoami # Check who you're logged in as\n") + fmt.Printf(" orama auth status # View detailed authentication info\n") + fmt.Printf(" orama auth logout # Clear all stored credentials\n\n") fmt.Printf("Environment Variables:\n") fmt.Printf(" DEBROS_GATEWAY_URL - Gateway URL (overrides environment config)\n\n") fmt.Printf("Authentication Flow:\n") - fmt.Printf(" 1. Run 'dbn auth login'\n") + fmt.Printf(" 1. Run 'orama auth login'\n") fmt.Printf(" 2. Enter your wallet address when prompted\n") fmt.Printf(" 3. Enter your namespace (or press Enter for 'default')\n") fmt.Printf(" 4. An API key will be generated and saved to ~/.orama/credentials.json\n\n") fmt.Printf("Note: Authentication uses the currently active environment.\n") - fmt.Printf(" Use 'dbn env current' to see your active environment.\n") + fmt.Printf(" Use 'orama env current' to see your active environment.\n") } -func handleAuthLogin() { - // Prompt for node selection - gatewayURL := promptForGatewayURL() - fmt.Printf("🔐 Authenticating with gateway at: %s\n", gatewayURL) +func handleAuthLogin(wallet, namespace string) { + // Get gateway URL from active environment + gatewayURL := getGatewayURL() - // Use the simple authentication flow - creds, err := auth.PerformSimpleAuthentication(gatewayURL) + // Show active environment + env, err := GetActiveEnvironment() + if err == nil { + fmt.Printf("🌍 Environment: %s\n", env.Name) + } + fmt.Printf("🔐 Authenticating with gateway at: %s\n\n", gatewayURL) + + // Load enhanced credential store + store, err := auth.LoadEnhancedCredentials() + if err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to load credentials: %v\n", err) + os.Exit(1) + } + + // Check if we already have credentials for this gateway + gwCreds := store.Gateways[gatewayURL] + if gwCreds != nil && len(gwCreds.Credentials) > 0 { + // Show existing credentials and offer choice + choice, credIndex, err := store.DisplayCredentialMenu(gatewayURL) + if err != nil { + fmt.Fprintf(os.Stderr, "❌ Menu selection failed: %v\n", err) + os.Exit(1) + } + + switch choice { + case auth.AuthChoiceUseCredential: + selectedCreds := gwCreds.Credentials[credIndex] + store.SetDefaultCredential(gatewayURL, credIndex) + selectedCreds.UpdateLastUsed() + if err := store.Save(); err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to save credentials: %v\n", err) + os.Exit(1) + } + fmt.Printf("✅ Switched to wallet: %s\n", selectedCreds.Wallet) + fmt.Printf("🏢 Namespace: %s\n", selectedCreds.Namespace) + return + + case auth.AuthChoiceLogout: + store.ClearAllCredentials() + if err := store.Save(); err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to clear credentials: %v\n", err) + os.Exit(1) + } + fmt.Println("✅ All credentials cleared") + return + + case auth.AuthChoiceExit: + fmt.Println("Exiting...") + return + + case auth.AuthChoiceAddCredential: + // Fall through to add new credential + } + } + + // Perform simple authentication to add a new credential + creds, err := auth.PerformSimpleAuthentication(gatewayURL, wallet, namespace) if err != nil { fmt.Fprintf(os.Stderr, "❌ Authentication failed: %v\n", err) os.Exit(1) } - // Save credentials to file - if err := auth.SaveCredentialsForDefaultGateway(creds); err != nil { + // Add to enhanced store + store.AddCredential(gatewayURL, creds) + + // Set as default + gwCreds = store.Gateways[gatewayURL] + if gwCreds != nil { + store.SetDefaultCredential(gatewayURL, len(gwCreds.Credentials)-1) + } + + if err := store.Save(); err != nil { fmt.Fprintf(os.Stderr, "❌ Failed to save credentials: %v\n", err) os.Exit(1) } @@ -81,6 +156,9 @@ func handleAuthLogin() { fmt.Printf("🎯 Wallet: %s\n", creds.Wallet) fmt.Printf("🏢 Namespace: %s\n", creds.Namespace) fmt.Printf("🔑 API Key: %s\n", creds.APIKey) + if creds.NamespaceURL != "" { + fmt.Printf("🌐 Namespace URL: %s\n", creds.NamespaceURL) + } } func handleAuthLogout() { @@ -92,23 +170,26 @@ func handleAuthLogout() { } func handleAuthWhoami() { - store, err := auth.LoadCredentials() + store, err := auth.LoadEnhancedCredentials() if err != nil { fmt.Fprintf(os.Stderr, "❌ Failed to load credentials: %v\n", err) os.Exit(1) } gatewayURL := getGatewayURL() - creds, exists := store.GetCredentialsForGateway(gatewayURL) + creds := store.GetDefaultCredential(gatewayURL) - if !exists || !creds.IsValid() { - fmt.Println("❌ Not authenticated - run 'dbn auth login' to authenticate") + if creds == nil || !creds.IsValid() { + fmt.Println("❌ Not authenticated - run 'orama auth login' to authenticate") os.Exit(1) } fmt.Println("✅ Authenticated") fmt.Printf(" Wallet: %s\n", creds.Wallet) fmt.Printf(" Namespace: %s\n", creds.Namespace) + if creds.NamespaceURL != "" { + fmt.Printf(" NS Gateway: %s\n", creds.NamespaceURL) + } fmt.Printf(" Issued At: %s\n", creds.IssuedAt.Format("2006-01-02 15:04:05")) if !creds.ExpiresAt.IsZero() { fmt.Printf(" Expires At: %s\n", creds.ExpiresAt.Format("2006-01-02 15:04:05")) @@ -122,14 +203,14 @@ func handleAuthWhoami() { } func handleAuthStatus() { - store, err := auth.LoadCredentials() + store, err := auth.LoadEnhancedCredentials() if err != nil { fmt.Fprintf(os.Stderr, "❌ Failed to load credentials: %v\n", err) os.Exit(1) } gatewayURL := getGatewayURL() - creds, exists := store.GetCredentialsForGateway(gatewayURL) + creds := store.GetDefaultCredential(gatewayURL) // Show active environment env, err := GetActiveEnvironment() @@ -140,7 +221,7 @@ func handleAuthStatus() { fmt.Println("🔐 Authentication Status") fmt.Printf(" Gateway URL: %s\n", gatewayURL) - if !exists || creds == nil { + if creds == nil { fmt.Println(" Status: ❌ Not authenticated") return } @@ -156,6 +237,9 @@ func handleAuthStatus() { fmt.Println(" Status: ✅ Authenticated") fmt.Printf(" Wallet: %s\n", creds.Wallet) fmt.Printf(" Namespace: %s\n", creds.Namespace) + if creds.NamespaceURL != "" { + fmt.Printf(" NS Gateway: %s\n", creds.NamespaceURL) + } if !creds.ExpiresAt.IsZero() { fmt.Printf(" Expires: %s\n", creds.ExpiresAt.Format("2006-01-02 15:04:05")) } @@ -192,7 +276,7 @@ func promptForGatewayURL() string { return "http://localhost:6001" } - fmt.Print("Enter node domain (e.g., node-hk19de.debros.network): ") + fmt.Print("Enter node domain (e.g., node-hk19de.orama.network): ") domain, _ := reader.ReadString('\n') domain = strings.TrimSpace(domain) @@ -228,3 +312,108 @@ func getGatewayURL() string { // Fallback to default (node-1) return "http://localhost:6001" } + +func handleAuthList() { + store, err := auth.LoadEnhancedCredentials() + if err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to load credentials: %v\n", err) + os.Exit(1) + } + + gatewayURL := getGatewayURL() + + // Show active environment + env, err := GetActiveEnvironment() + if err == nil { + fmt.Printf("🌍 Environment: %s\n", env.Name) + } + fmt.Printf("🔗 Gateway: %s\n\n", gatewayURL) + + gwCreds := store.Gateways[gatewayURL] + if gwCreds == nil || len(gwCreds.Credentials) == 0 { + fmt.Println("No credentials stored for this environment.") + fmt.Println("Run 'orama auth login' to authenticate.") + return + } + + fmt.Printf("🔐 Stored Credentials (%d):\n\n", len(gwCreds.Credentials)) + for i, creds := range gwCreds.Credentials { + defaultMark := "" + if i == gwCreds.DefaultIndex { + defaultMark = " ← active" + } + + statusEmoji := "✅" + statusText := "valid" + if !creds.IsValid() { + statusEmoji = "❌" + statusText = "expired" + } + + fmt.Printf(" %d. %s Wallet: %s%s\n", i+1, statusEmoji, creds.Wallet, defaultMark) + fmt.Printf(" Namespace: %s | Status: %s\n", creds.Namespace, statusText) + if creds.Plan != "" { + fmt.Printf(" Plan: %s\n", creds.Plan) + } + if !creds.IssuedAt.IsZero() { + fmt.Printf(" Issued: %s\n", creds.IssuedAt.Format("2006-01-02 15:04:05")) + } + fmt.Println() + } +} + +func handleAuthSwitch() { + store, err := auth.LoadEnhancedCredentials() + if err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to load credentials: %v\n", err) + os.Exit(1) + } + + gatewayURL := getGatewayURL() + + gwCreds := store.Gateways[gatewayURL] + if gwCreds == nil || len(gwCreds.Credentials) == 0 { + fmt.Println("No credentials stored for this environment.") + fmt.Println("Run 'orama auth login' to authenticate first.") + os.Exit(1) + } + + if len(gwCreds.Credentials) == 1 { + fmt.Println("Only one credential stored. Nothing to switch to.") + return + } + + // Display menu + choice, credIndex, err := store.DisplayCredentialMenu(gatewayURL) + if err != nil { + fmt.Fprintf(os.Stderr, "❌ Menu selection failed: %v\n", err) + os.Exit(1) + } + + switch choice { + case auth.AuthChoiceUseCredential: + selectedCreds := gwCreds.Credentials[credIndex] + store.SetDefaultCredential(gatewayURL, credIndex) + selectedCreds.UpdateLastUsed() + if err := store.Save(); err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to save credentials: %v\n", err) + os.Exit(1) + } + fmt.Printf("✅ Switched to wallet: %s\n", selectedCreds.Wallet) + fmt.Printf("🏢 Namespace: %s\n", selectedCreds.Namespace) + + case auth.AuthChoiceAddCredential: + fmt.Println("Use 'orama auth login' to add a new credential.") + + case auth.AuthChoiceLogout: + store.ClearAllCredentials() + if err := store.Save(); err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to clear credentials: %v\n", err) + os.Exit(1) + } + fmt.Println("✅ All credentials cleared") + + case auth.AuthChoiceExit: + fmt.Println("Cancelled.") + } +} diff --git a/pkg/cli/basic_commands.go b/pkg/cli/basic_commands.go index 968e657..f341ffc 100644 --- a/pkg/cli/basic_commands.go +++ b/pkg/cli/basic_commands.go @@ -158,7 +158,7 @@ func HandlePeerIDCommand(format string, timeout time.Duration) { // HandlePubSubCommand handles pubsub commands func HandlePubSubCommand(args []string, format string, timeout time.Duration) { if len(args) == 0 { - fmt.Fprintf(os.Stderr, "Usage: dbn pubsub [args...]\n") + fmt.Fprintf(os.Stderr, "Usage: orama pubsub [args...]\n") os.Exit(1) } @@ -179,7 +179,7 @@ func HandlePubSubCommand(args []string, format string, timeout time.Duration) { switch subcommand { case "publish": if len(args) < 3 { - fmt.Fprintf(os.Stderr, "Usage: dbn pubsub publish \n") + fmt.Fprintf(os.Stderr, "Usage: orama pubsub publish \n") os.Exit(1) } err := cli.PubSub().Publish(ctx, args[1], []byte(args[2])) @@ -191,7 +191,7 @@ func HandlePubSubCommand(args []string, format string, timeout time.Duration) { case "subscribe": if len(args) < 2 { - fmt.Fprintf(os.Stderr, "Usage: dbn pubsub subscribe [duration]\n") + fmt.Fprintf(os.Stderr, "Usage: orama pubsub subscribe [duration]\n") os.Exit(1) } duration := 30 * time.Second @@ -243,7 +243,7 @@ func HandlePubSubCommand(args []string, format string, timeout time.Duration) { // Helper functions func createClient() (client.NetworkClient, error) { - config := client.DefaultClientConfig("dbn") + config := client.DefaultClientConfig("orama") // Use active environment's gateway URL gatewayURL := getGatewayURL() diff --git a/pkg/cli/db/commands.go b/pkg/cli/db/commands.go new file mode 100644 index 0000000..0b56281 --- /dev/null +++ b/pkg/cli/db/commands.go @@ -0,0 +1,481 @@ +package db + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "text/tabwriter" + "time" + + "github.com/DeBrosOfficial/network/pkg/auth" + "github.com/spf13/cobra" +) + +// DBCmd is the root database command +var DBCmd = &cobra.Command{ + Use: "db", + Short: "Manage SQLite databases", + Long: "Create and manage per-namespace SQLite databases", +} + +// CreateCmd creates a new database +var CreateCmd = &cobra.Command{ + Use: "create ", + Short: "Create a new SQLite database", + Args: cobra.ExactArgs(1), + RunE: createDatabase, +} + +// QueryCmd executes a SQL query +var QueryCmd = &cobra.Command{ + Use: "query ", + Short: "Execute a SQL query", + Args: cobra.ExactArgs(2), + RunE: queryDatabase, +} + +// ListCmd lists all databases +var ListCmd = &cobra.Command{ + Use: "list", + Short: "List all databases", + RunE: listDatabases, +} + +// BackupCmd backs up a database to IPFS +var BackupCmd = &cobra.Command{ + Use: "backup ", + Short: "Backup database to IPFS", + Args: cobra.ExactArgs(1), + RunE: backupDatabase, +} + +// BackupsCmd lists backups for a database +var BackupsCmd = &cobra.Command{ + Use: "backups ", + Short: "List backups for a database", + Args: cobra.ExactArgs(1), + RunE: listBackups, +} + +func init() { + DBCmd.AddCommand(CreateCmd) + DBCmd.AddCommand(QueryCmd) + DBCmd.AddCommand(ListCmd) + DBCmd.AddCommand(BackupCmd) + DBCmd.AddCommand(BackupsCmd) +} + +func createDatabase(cmd *cobra.Command, args []string) error { + dbName := args[0] + + apiURL := getAPIURL() + url := apiURL + "/v1/db/sqlite/create" + + payload := map[string]string{ + "database_name": dbName, + } + + jsonData, err := json.Marshal(payload) + if err != nil { + return err + } + + req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData)) + if err != nil { + return err + } + + req.Header.Set("Content-Type", "application/json") + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return err + } + + if resp.StatusCode != http.StatusCreated { + return fmt.Errorf("failed to create database: %s", string(body)) + } + + var result map[string]interface{} + err = json.Unmarshal(body, &result) + if err != nil { + return err + } + + fmt.Printf("✅ Database created successfully!\n\n") + fmt.Printf("Name: %s\n", result["database_name"]) + fmt.Printf("Home Node: %s\n", result["home_node_id"]) + fmt.Printf("Created: %s\n", result["created_at"]) + + return nil +} + +func queryDatabase(cmd *cobra.Command, args []string) error { + dbName := args[0] + sql := args[1] + + apiURL := getAPIURL() + url := apiURL + "/v1/db/sqlite/query" + + payload := map[string]interface{}{ + "database_name": dbName, + "query": sql, + } + + jsonData, err := json.Marshal(payload) + if err != nil { + return err + } + + req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData)) + if err != nil { + return err + } + + req.Header.Set("Content-Type", "application/json") + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return err + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("query failed: %s", string(body)) + } + + var result map[string]interface{} + err = json.Unmarshal(body, &result) + if err != nil { + return err + } + + // Print results + if rows, ok := result["rows"].([]interface{}); ok && len(rows) > 0 { + // Print as table + w := tabwriter.NewWriter(os.Stdout, 0, 0, 3, ' ', 0) + + // Print headers + firstRow := rows[0].(map[string]interface{}) + for col := range firstRow { + fmt.Fprintf(w, "%s\t", col) + } + fmt.Fprintln(w) + + // Print rows + for _, row := range rows { + r := row.(map[string]interface{}) + for _, val := range r { + fmt.Fprintf(w, "%v\t", val) + } + fmt.Fprintln(w) + } + + w.Flush() + + fmt.Printf("\nRows returned: %d\n", len(rows)) + } else if rowsAffected, ok := result["rows_affected"].(float64); ok { + fmt.Printf("✅ Query executed successfully\n") + fmt.Printf("Rows affected: %d\n", int(rowsAffected)) + } + + return nil +} + +func listDatabases(cmd *cobra.Command, args []string) error { + apiURL := getAPIURL() + url := apiURL + "/v1/db/sqlite/list" + + req, err := http.NewRequest("GET", url, nil) + if err != nil { + return err + } + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return err + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("failed to list databases: %s", string(body)) + } + + var result map[string]interface{} + err = json.Unmarshal(body, &result) + if err != nil { + return err + } + + databases, ok := result["databases"].([]interface{}) + if !ok || len(databases) == 0 { + fmt.Println("No databases found") + return nil + } + + // Print table + w := tabwriter.NewWriter(os.Stdout, 0, 0, 3, ' ', 0) + fmt.Fprintln(w, "NAME\tSIZE\tBACKUP CID\tCREATED") + + for _, db := range databases { + d := db.(map[string]interface{}) + + size := "0 B" + if sizeBytes, ok := d["size_bytes"].(float64); ok { + size = formatBytes(int64(sizeBytes)) + } + + backupCID := "-" + if cid, ok := d["backup_cid"].(string); ok && cid != "" { + if len(cid) > 12 { + backupCID = cid[:12] + "..." + } else { + backupCID = cid + } + } + + createdAt := "" + if created, ok := d["created_at"].(string); ok { + if t, err := time.Parse(time.RFC3339, created); err == nil { + createdAt = t.Format("2006-01-02 15:04") + } + } + + fmt.Fprintf(w, "%s\t%s\t%s\t%s\n", + d["database_name"], + size, + backupCID, + createdAt, + ) + } + + w.Flush() + + fmt.Printf("\nTotal: %v\n", result["total"]) + + return nil +} + +func backupDatabase(cmd *cobra.Command, args []string) error { + dbName := args[0] + + fmt.Printf("📦 Backing up database '%s' to IPFS...\n", dbName) + + apiURL := getAPIURL() + url := apiURL + "/v1/db/sqlite/backup" + + payload := map[string]string{ + "database_name": dbName, + } + + jsonData, err := json.Marshal(payload) + if err != nil { + return err + } + + req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData)) + if err != nil { + return err + } + + req.Header.Set("Content-Type", "application/json") + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return err + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("backup failed: %s", string(body)) + } + + var result map[string]interface{} + err = json.Unmarshal(body, &result) + if err != nil { + return err + } + + fmt.Printf("\n✅ Backup successful!\n\n") + fmt.Printf("Database: %s\n", result["database_name"]) + fmt.Printf("Backup CID: %s\n", result["backup_cid"]) + fmt.Printf("IPFS URL: %s\n", result["ipfs_url"]) + fmt.Printf("Backed up: %s\n", result["backed_up_at"]) + + return nil +} + +func listBackups(cmd *cobra.Command, args []string) error { + dbName := args[0] + + apiURL := getAPIURL() + url := fmt.Sprintf("%s/v1/db/sqlite/backups?database_name=%s", apiURL, dbName) + + req, err := http.NewRequest("GET", url, nil) + if err != nil { + return err + } + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return err + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("failed to list backups: %s", string(body)) + } + + var result map[string]interface{} + err = json.Unmarshal(body, &result) + if err != nil { + return err + } + + backups, ok := result["backups"].([]interface{}) + if !ok || len(backups) == 0 { + fmt.Println("No backups found") + return nil + } + + // Print table + w := tabwriter.NewWriter(os.Stdout, 0, 0, 3, ' ', 0) + fmt.Fprintln(w, "CID\tSIZE\tBACKED UP") + + for _, backup := range backups { + b := backup.(map[string]interface{}) + + cid := b["backup_cid"].(string) + if len(cid) > 20 { + cid = cid[:20] + "..." + } + + size := "0 B" + if sizeBytes, ok := b["size_bytes"].(float64); ok { + size = formatBytes(int64(sizeBytes)) + } + + backedUpAt := "" + if backed, ok := b["backed_up_at"].(string); ok { + if t, err := time.Parse(time.RFC3339, backed); err == nil { + backedUpAt = t.Format("2006-01-02 15:04") + } + } + + fmt.Fprintf(w, "%s\t%s\t%s\n", cid, size, backedUpAt) + } + + w.Flush() + + fmt.Printf("\nTotal: %v\n", result["total"]) + + return nil +} + +func getAPIURL() string { + if url := os.Getenv("ORAMA_API_URL"); url != "" { + return url + } + return auth.GetDefaultGatewayURL() +} + +func getAuthToken() (string, error) { + if token := os.Getenv("ORAMA_TOKEN"); token != "" { + return token, nil + } + + // Try to get from enhanced credentials store + store, err := auth.LoadEnhancedCredentials() + if err != nil { + return "", fmt.Errorf("failed to load credentials: %w", err) + } + + gatewayURL := auth.GetDefaultGatewayURL() + creds := store.GetDefaultCredential(gatewayURL) + if creds == nil { + return "", fmt.Errorf("no credentials found for %s. Run 'orama auth login' to authenticate", gatewayURL) + } + + if !creds.IsValid() { + return "", fmt.Errorf("credentials expired for %s. Run 'orama auth login' to re-authenticate", gatewayURL) + } + + return creds.APIKey, nil +} + +func formatBytes(bytes int64) string { + const unit = 1024 + if bytes < unit { + return fmt.Sprintf("%d B", bytes) + } + div, exp := int64(unit), 0 + for n := bytes / unit; n >= unit; n /= unit { + div *= unit + exp++ + } + return fmt.Sprintf("%.1f %cB", float64(bytes)/float64(div), "KMGTPE"[exp]) +} diff --git a/pkg/cli/deployment_commands.go b/pkg/cli/deployment_commands.go new file mode 100644 index 0000000..2cc5378 --- /dev/null +++ b/pkg/cli/deployment_commands.go @@ -0,0 +1,55 @@ +package cli + +import ( + "fmt" + "os" + + "github.com/DeBrosOfficial/network/pkg/cli/db" + "github.com/DeBrosOfficial/network/pkg/cli/deployments" +) + +// HandleDeployCommand handles deploy commands +func HandleDeployCommand(args []string) { + deployCmd := deployments.DeployCmd + deployCmd.SetArgs(args) + + if err := deployCmd.Execute(); err != nil { + fmt.Fprintf(os.Stderr, "Error: %v\n", err) + os.Exit(1) + } +} + +// HandleDeploymentsCommand handles deployments management commands +func HandleDeploymentsCommand(args []string) { + // Create root command for deployments management + deploymentsCmd := deployments.DeployCmd + deploymentsCmd.Use = "deployments" + deploymentsCmd.Short = "Manage deployments" + deploymentsCmd.Long = "List, get, delete, rollback, and view logs for deployments" + + // Add management subcommands + deploymentsCmd.AddCommand(deployments.ListCmd) + deploymentsCmd.AddCommand(deployments.GetCmd) + deploymentsCmd.AddCommand(deployments.DeleteCmd) + deploymentsCmd.AddCommand(deployments.RollbackCmd) + deploymentsCmd.AddCommand(deployments.LogsCmd) + deploymentsCmd.AddCommand(deployments.StatsCmd) + + deploymentsCmd.SetArgs(args) + + if err := deploymentsCmd.Execute(); err != nil { + fmt.Fprintf(os.Stderr, "Error: %v\n", err) + os.Exit(1) + } +} + +// HandleDBCommand handles database commands +func HandleDBCommand(args []string) { + dbCmd := db.DBCmd + dbCmd.SetArgs(args) + + if err := dbCmd.Execute(); err != nil { + fmt.Fprintf(os.Stderr, "Error: %v\n", err) + os.Exit(1) + } +} diff --git a/pkg/cli/deployments/deploy.go b/pkg/cli/deployments/deploy.go new file mode 100644 index 0000000..1179d83 --- /dev/null +++ b/pkg/cli/deployments/deploy.go @@ -0,0 +1,638 @@ +package deployments + +import ( + "archive/tar" + "bytes" + "compress/gzip" + "encoding/json" + "fmt" + "io" + "mime/multipart" + "net/http" + "os" + "os/exec" + "path/filepath" + "strings" + + "github.com/DeBrosOfficial/network/pkg/auth" + "github.com/spf13/cobra" +) + +// DeployCmd is the root deploy command +var DeployCmd = &cobra.Command{ + Use: "deploy", + Short: "Deploy applications", + Long: "Deploy static sites, Next.js apps, Go backends, and Node.js backends", +} + +// DeployStaticCmd deploys a static site +var DeployStaticCmd = &cobra.Command{ + Use: "static ", + Short: "Deploy a static site (React, Vue, etc.)", + Args: cobra.ExactArgs(1), + RunE: deployStatic, +} + +// DeployNextJSCmd deploys a Next.js application +var DeployNextJSCmd = &cobra.Command{ + Use: "nextjs ", + Short: "Deploy a Next.js application", + Args: cobra.ExactArgs(1), + RunE: deployNextJS, +} + +// DeployGoCmd deploys a Go backend +var DeployGoCmd = &cobra.Command{ + Use: "go ", + Short: "Deploy a Go backend", + Args: cobra.ExactArgs(1), + RunE: deployGo, +} + +// DeployNodeJSCmd deploys a Node.js backend +var DeployNodeJSCmd = &cobra.Command{ + Use: "nodejs ", + Short: "Deploy a Node.js backend", + Args: cobra.ExactArgs(1), + RunE: deployNodeJS, +} + +var ( + deployName string + deploySubdomain string + deploySSR bool + deployUpdate bool +) + +func init() { + DeployStaticCmd.Flags().StringVar(&deployName, "name", "", "Deployment name (required)") + DeployStaticCmd.Flags().StringVar(&deploySubdomain, "subdomain", "", "Custom subdomain") + DeployStaticCmd.Flags().BoolVar(&deployUpdate, "update", false, "Update existing deployment") + DeployStaticCmd.MarkFlagRequired("name") + + DeployNextJSCmd.Flags().StringVar(&deployName, "name", "", "Deployment name (required)") + DeployNextJSCmd.Flags().StringVar(&deploySubdomain, "subdomain", "", "Custom subdomain") + DeployNextJSCmd.Flags().BoolVar(&deploySSR, "ssr", false, "Deploy with SSR (server-side rendering)") + DeployNextJSCmd.Flags().BoolVar(&deployUpdate, "update", false, "Update existing deployment") + DeployNextJSCmd.MarkFlagRequired("name") + + DeployGoCmd.Flags().StringVar(&deployName, "name", "", "Deployment name (required)") + DeployGoCmd.Flags().StringVar(&deploySubdomain, "subdomain", "", "Custom subdomain") + DeployGoCmd.Flags().BoolVar(&deployUpdate, "update", false, "Update existing deployment") + DeployGoCmd.MarkFlagRequired("name") + + DeployNodeJSCmd.Flags().StringVar(&deployName, "name", "", "Deployment name (required)") + DeployNodeJSCmd.Flags().StringVar(&deploySubdomain, "subdomain", "", "Custom subdomain") + DeployNodeJSCmd.Flags().BoolVar(&deployUpdate, "update", false, "Update existing deployment") + DeployNodeJSCmd.MarkFlagRequired("name") + + DeployCmd.AddCommand(DeployStaticCmd) + DeployCmd.AddCommand(DeployNextJSCmd) + DeployCmd.AddCommand(DeployGoCmd) + DeployCmd.AddCommand(DeployNodeJSCmd) +} + +func deployStatic(cmd *cobra.Command, args []string) error { + sourcePath := args[0] + + // Warn if source looks like it needs building + if _, err := os.Stat(filepath.Join(sourcePath, "package.json")); err == nil { + if _, err := os.Stat(filepath.Join(sourcePath, "index.html")); os.IsNotExist(err) { + fmt.Printf("⚠️ Warning: %s has package.json but no index.html. You may need to build first.\n", sourcePath) + fmt.Printf(" Try: cd %s && npm run build, then deploy the output directory (e.g. dist/ or out/)\n\n", sourcePath) + } + } + + fmt.Printf("📦 Creating tarball from %s...\n", sourcePath) + tarball, err := createTarball(sourcePath) + if err != nil { + return fmt.Errorf("failed to create tarball: %w", err) + } + defer os.Remove(tarball) + + fmt.Printf("☁️ Uploading to Orama Network...\n") + + endpoint := "/v1/deployments/static/upload" + if deployUpdate { + endpoint = "/v1/deployments/static/update?name=" + deployName + } + + resp, err := uploadDeployment(endpoint, tarball, map[string]string{ + "name": deployName, + "subdomain": deploySubdomain, + }) + if err != nil { + return err + } + + fmt.Printf("\n✅ Deployment successful!\n\n") + printDeploymentInfo(resp) + + return nil +} + +func deployNextJS(cmd *cobra.Command, args []string) error { + sourcePath, err := filepath.Abs(args[0]) + if err != nil { + return fmt.Errorf("failed to resolve path: %w", err) + } + + // Verify it's a Next.js project + if _, err := os.Stat(filepath.Join(sourcePath, "package.json")); os.IsNotExist(err) { + return fmt.Errorf("no package.json found in %s", sourcePath) + } + + // Step 1: Install dependencies if needed + if _, err := os.Stat(filepath.Join(sourcePath, "node_modules")); os.IsNotExist(err) { + fmt.Printf("📦 Installing dependencies...\n") + if err := runBuildCommand(sourcePath, "npm", "install"); err != nil { + return fmt.Errorf("npm install failed: %w", err) + } + } + + // Step 2: Build + fmt.Printf("🔨 Building Next.js application...\n") + if err := runBuildCommand(sourcePath, "npm", "run", "build"); err != nil { + return fmt.Errorf("build failed: %w", err) + } + + var tarball string + if deploySSR { + // SSR: tarball the standalone output + standalonePath := filepath.Join(sourcePath, ".next", "standalone") + if _, err := os.Stat(standalonePath); os.IsNotExist(err) { + return fmt.Errorf(".next/standalone/ not found. Ensure next.config.js has output: 'standalone'") + } + + // Copy static assets into standalone + staticSrc := filepath.Join(sourcePath, ".next", "static") + staticDst := filepath.Join(standalonePath, ".next", "static") + if _, err := os.Stat(staticSrc); err == nil { + if err := copyDir(staticSrc, staticDst); err != nil { + return fmt.Errorf("failed to copy static assets: %w", err) + } + } + + // Copy public directory if it exists + publicSrc := filepath.Join(sourcePath, "public") + publicDst := filepath.Join(standalonePath, "public") + if _, err := os.Stat(publicSrc); err == nil { + if err := copyDir(publicSrc, publicDst); err != nil { + return fmt.Errorf("failed to copy public directory: %w", err) + } + } + + fmt.Printf("📦 Creating tarball from standalone output...\n") + tarball, err = createTarballAll(standalonePath) + } else { + // Static export: tarball the out/ directory + outPath := filepath.Join(sourcePath, "out") + if _, err := os.Stat(outPath); os.IsNotExist(err) { + return fmt.Errorf("out/ directory not found. For static export, ensure next.config.js has output: 'export'") + } + fmt.Printf("📦 Creating tarball from static export...\n") + tarball, err = createTarball(outPath) + } + if err != nil { + return fmt.Errorf("failed to create tarball: %w", err) + } + defer os.Remove(tarball) + + fmt.Printf("☁️ Uploading to Orama Network...\n") + + endpoint := "/v1/deployments/nextjs/upload" + if deployUpdate { + endpoint = "/v1/deployments/nextjs/update?name=" + deployName + } + + resp, err := uploadDeployment(endpoint, tarball, map[string]string{ + "name": deployName, + "subdomain": deploySubdomain, + "ssr": fmt.Sprintf("%t", deploySSR), + }) + if err != nil { + return err + } + + fmt.Printf("\n✅ Deployment successful!\n\n") + printDeploymentInfo(resp) + + if deploySSR { + fmt.Printf("⚠️ Note: SSR deployment may take a minute to start. Check status with: orama deployments get %s\n", deployName) + } + + return nil +} + +func deployGo(cmd *cobra.Command, args []string) error { + sourcePath, err := filepath.Abs(args[0]) + if err != nil { + return fmt.Errorf("failed to resolve path: %w", err) + } + + // Verify it's a Go project + if _, err := os.Stat(filepath.Join(sourcePath, "go.mod")); os.IsNotExist(err) { + return fmt.Errorf("no go.mod found in %s", sourcePath) + } + + // Cross-compile for Linux amd64 (production VPS target) + fmt.Printf("🔨 Building Go binary (linux/amd64)...\n") + buildCmd := exec.Command("go", "build", "-o", "app", ".") + buildCmd.Dir = sourcePath + buildCmd.Env = append(os.Environ(), "GOOS=linux", "GOARCH=amd64", "CGO_ENABLED=0") + buildCmd.Stdout = os.Stdout + buildCmd.Stderr = os.Stderr + if err := buildCmd.Run(); err != nil { + return fmt.Errorf("go build failed: %w", err) + } + defer os.Remove(filepath.Join(sourcePath, "app")) // Clean up after tarball + + fmt.Printf("📦 Creating tarball...\n") + tarball, err := createTarballFiles(sourcePath, []string{"app"}) + if err != nil { + return fmt.Errorf("failed to create tarball: %w", err) + } + defer os.Remove(tarball) + + fmt.Printf("☁️ Uploading to Orama Network...\n") + + endpoint := "/v1/deployments/go/upload" + if deployUpdate { + endpoint = "/v1/deployments/go/update?name=" + deployName + } + + resp, err := uploadDeployment(endpoint, tarball, map[string]string{ + "name": deployName, + "subdomain": deploySubdomain, + }) + if err != nil { + return err + } + + fmt.Printf("\n✅ Deployment successful!\n\n") + printDeploymentInfo(resp) + + return nil +} + +func deployNodeJS(cmd *cobra.Command, args []string) error { + sourcePath, err := filepath.Abs(args[0]) + if err != nil { + return fmt.Errorf("failed to resolve path: %w", err) + } + + // Verify it's a Node.js project + if _, err := os.Stat(filepath.Join(sourcePath, "package.json")); os.IsNotExist(err) { + return fmt.Errorf("no package.json found in %s", sourcePath) + } + + // Install dependencies if needed + if _, err := os.Stat(filepath.Join(sourcePath, "node_modules")); os.IsNotExist(err) { + fmt.Printf("📦 Installing dependencies...\n") + if err := runBuildCommand(sourcePath, "npm", "install", "--production"); err != nil { + return fmt.Errorf("npm install failed: %w", err) + } + } + + // Run build script if it exists + if hasBuildScript(sourcePath) { + fmt.Printf("🔨 Building...\n") + if err := runBuildCommand(sourcePath, "npm", "run", "build"); err != nil { + return fmt.Errorf("build failed: %w", err) + } + } + + fmt.Printf("📦 Creating tarball...\n") + tarball, err := createTarball(sourcePath) + if err != nil { + return fmt.Errorf("failed to create tarball: %w", err) + } + defer os.Remove(tarball) + + fmt.Printf("☁️ Uploading to Orama Network...\n") + + endpoint := "/v1/deployments/nodejs/upload" + if deployUpdate { + endpoint = "/v1/deployments/nodejs/update?name=" + deployName + } + + resp, err := uploadDeployment(endpoint, tarball, map[string]string{ + "name": deployName, + "subdomain": deploySubdomain, + }) + if err != nil { + return err + } + + fmt.Printf("\n✅ Deployment successful!\n\n") + printDeploymentInfo(resp) + + return nil +} + +// runBuildCommand runs a command in the given directory with stdout/stderr streaming +func runBuildCommand(dir string, name string, args ...string) error { + cmd := exec.Command(name, args...) + cmd.Dir = dir + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + return cmd.Run() +} + +// hasBuildScript checks if package.json has a "build" script +func hasBuildScript(dir string) bool { + data, err := os.ReadFile(filepath.Join(dir, "package.json")) + if err != nil { + return false + } + var pkg map[string]interface{} + if err := json.Unmarshal(data, &pkg); err != nil { + return false + } + scripts, ok := pkg["scripts"].(map[string]interface{}) + if !ok { + return false + } + _, ok = scripts["build"] + return ok +} + +// copyDir recursively copies a directory +func copyDir(src, dst string) error { + return filepath.Walk(src, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + relPath, err := filepath.Rel(src, path) + if err != nil { + return err + } + dstPath := filepath.Join(dst, relPath) + + if info.IsDir() { + return os.MkdirAll(dstPath, info.Mode()) + } + + data, err := os.ReadFile(path) + if err != nil { + return err + } + return os.WriteFile(dstPath, data, info.Mode()) + }) +} + +// createTarballFiles creates a tarball containing only specific files from a directory +func createTarballFiles(baseDir string, files []string) (string, error) { + tmpFile, err := os.CreateTemp("", "orama-deploy-*.tar.gz") + if err != nil { + return "", err + } + defer tmpFile.Close() + + gzWriter := gzip.NewWriter(tmpFile) + defer gzWriter.Close() + + tarWriter := tar.NewWriter(gzWriter) + defer tarWriter.Close() + + for _, f := range files { + fullPath := filepath.Join(baseDir, f) + info, err := os.Stat(fullPath) + if err != nil { + return "", fmt.Errorf("file %s not found: %w", f, err) + } + + header, err := tar.FileInfoHeader(info, "") + if err != nil { + return "", err + } + header.Name = f + + if err := tarWriter.WriteHeader(header); err != nil { + return "", err + } + + if !info.IsDir() { + file, err := os.Open(fullPath) + if err != nil { + return "", err + } + _, err = io.Copy(tarWriter, file) + file.Close() + if err != nil { + return "", err + } + } + } + + return tmpFile.Name(), nil +} + +func createTarball(sourcePath string) (string, error) { + return createTarballWithOptions(sourcePath, true) +} + +// createTarballAll creates a tarball including node_modules and hidden dirs (for standalone output) +func createTarballAll(sourcePath string) (string, error) { + return createTarballWithOptions(sourcePath, false) +} + +func createTarballWithOptions(sourcePath string, skipNodeModules bool) (string, error) { + // Create temp file + tmpFile, err := os.CreateTemp("", "orama-deploy-*.tar.gz") + if err != nil { + return "", err + } + defer tmpFile.Close() + + // Create gzip writer + gzWriter := gzip.NewWriter(tmpFile) + defer gzWriter.Close() + + // Create tar writer + tarWriter := tar.NewWriter(gzWriter) + defer tarWriter.Close() + + // Walk directory and add files + err = filepath.Walk(sourcePath, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + // Skip hidden files and node_modules (unless disabled) + if skipNodeModules { + if strings.HasPrefix(info.Name(), ".") && info.Name() != "." { + if info.IsDir() { + return filepath.SkipDir + } + return nil + } + if info.Name() == "node_modules" { + return filepath.SkipDir + } + } + + // Create tar header + header, err := tar.FileInfoHeader(info, "") + if err != nil { + return err + } + + // Update header name to be relative to source + relPath, err := filepath.Rel(sourcePath, path) + if err != nil { + return err + } + header.Name = relPath + + // Write header + if err := tarWriter.WriteHeader(header); err != nil { + return err + } + + // Write file content if not a directory + if !info.IsDir() { + file, err := os.Open(path) + if err != nil { + return err + } + defer file.Close() + + _, err = io.Copy(tarWriter, file) + return err + } + + return nil + }) + + return tmpFile.Name(), err +} + +func uploadDeployment(endpoint, tarballPath string, formData map[string]string) (map[string]interface{}, error) { + // Open tarball + file, err := os.Open(tarballPath) + if err != nil { + return nil, err + } + defer file.Close() + + // Create multipart request + body := &bytes.Buffer{} + writer := multipart.NewWriter(body) + + // Add form fields + for key, value := range formData { + writer.WriteField(key, value) + } + + // Add file + part, err := writer.CreateFormFile("tarball", filepath.Base(tarballPath)) + if err != nil { + return nil, err + } + + _, err = io.Copy(part, file) + if err != nil { + return nil, err + } + + writer.Close() + + // Get API URL from config + apiURL := getAPIURL() + url := apiURL + endpoint + + // Create request + req, err := http.NewRequest("POST", url, body) + if err != nil { + return nil, err + } + + req.Header.Set("Content-Type", writer.FormDataContentType()) + + // Add auth header + token, err := getAuthToken() + if err != nil { + return nil, fmt.Errorf("authentication required: %w", err) + } + req.Header.Set("Authorization", "Bearer "+token) + + // Send request + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + // Read response + respBody, err := io.ReadAll(resp.Body) + if err != nil { + return nil, err + } + + if resp.StatusCode != http.StatusCreated && resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("deployment failed: %s", string(respBody)) + } + + // Parse response + var result map[string]interface{} + err = json.Unmarshal(respBody, &result) + if err != nil { + return nil, err + } + + return result, nil +} + +func printDeploymentInfo(resp map[string]interface{}) { + fmt.Printf("Name: %s\n", resp["name"]) + fmt.Printf("Type: %s\n", resp["type"]) + fmt.Printf("Status: %s\n", resp["status"]) + fmt.Printf("Version: %v\n", resp["version"]) + if contentCID, ok := resp["content_cid"]; ok && contentCID != "" { + fmt.Printf("Content CID: %s\n", contentCID) + } + + if urls, ok := resp["urls"].([]interface{}); ok && len(urls) > 0 { + fmt.Printf("\nURLs:\n") + for _, url := range urls { + fmt.Printf(" • %s\n", url) + } + } +} + +func getAPIURL() string { + // Check environment variable first + if url := os.Getenv("ORAMA_API_URL"); url != "" { + return url + } + // Get from active environment config + return auth.GetDefaultGatewayURL() +} + +func getAuthToken() (string, error) { + // Check environment variable first + if token := os.Getenv("ORAMA_TOKEN"); token != "" { + return token, nil + } + + // Try to get from enhanced credentials store + store, err := auth.LoadEnhancedCredentials() + if err != nil { + return "", fmt.Errorf("failed to load credentials: %w", err) + } + + gatewayURL := auth.GetDefaultGatewayURL() + creds := store.GetDefaultCredential(gatewayURL) + if creds == nil { + return "", fmt.Errorf("no credentials found for %s. Run 'orama auth login' to authenticate", gatewayURL) + } + + if !creds.IsValid() { + return "", fmt.Errorf("credentials expired for %s. Run 'orama auth login' to re-authenticate", gatewayURL) + } + + return creds.APIKey, nil +} diff --git a/pkg/cli/deployments/list.go b/pkg/cli/deployments/list.go new file mode 100644 index 0000000..c3e4d3c --- /dev/null +++ b/pkg/cli/deployments/list.go @@ -0,0 +1,334 @@ +package deployments + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "text/tabwriter" + "time" + + "github.com/spf13/cobra" +) + +// ListCmd lists all deployments +var ListCmd = &cobra.Command{ + Use: "list", + Short: "List all deployments", + RunE: listDeployments, +} + +// GetCmd gets a specific deployment +var GetCmd = &cobra.Command{ + Use: "get ", + Short: "Get deployment details", + Args: cobra.ExactArgs(1), + RunE: getDeployment, +} + +// DeleteCmd deletes a deployment +var DeleteCmd = &cobra.Command{ + Use: "delete ", + Short: "Delete a deployment", + Args: cobra.ExactArgs(1), + RunE: deleteDeployment, +} + +// RollbackCmd rolls back a deployment +var RollbackCmd = &cobra.Command{ + Use: "rollback ", + Short: "Rollback a deployment to a previous version", + Args: cobra.ExactArgs(1), + RunE: rollbackDeployment, +} + +var ( + rollbackVersion int +) + +func init() { + RollbackCmd.Flags().IntVar(&rollbackVersion, "version", 0, "Version to rollback to (required)") + RollbackCmd.MarkFlagRequired("version") +} + +func listDeployments(cmd *cobra.Command, args []string) error { + apiURL := getAPIURL() + url := apiURL + "/v1/deployments/list" + + req, err := http.NewRequest("GET", url, nil) + if err != nil { + return err + } + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return err + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("failed to list deployments: %s", string(body)) + } + + var result map[string]interface{} + err = json.Unmarshal(body, &result) + if err != nil { + return err + } + + deployments, ok := result["deployments"].([]interface{}) + if !ok || len(deployments) == 0 { + fmt.Println("No deployments found") + return nil + } + + // Print table + w := tabwriter.NewWriter(os.Stdout, 0, 0, 3, ' ', 0) + fmt.Fprintln(w, "NAME\tTYPE\tSTATUS\tVERSION\tCREATED") + + for _, dep := range deployments { + d := dep.(map[string]interface{}) + createdAt := "" + if created, ok := d["created_at"].(string); ok { + if t, err := time.Parse(time.RFC3339, created); err == nil { + createdAt = t.Format("2006-01-02 15:04") + } + } + + fmt.Fprintf(w, "%s\t%s\t%s\t%v\t%s\n", + d["name"], + d["type"], + d["status"], + d["version"], + createdAt, + ) + } + + w.Flush() + + fmt.Printf("\nTotal: %v\n", result["total"]) + + return nil +} + +func getDeployment(cmd *cobra.Command, args []string) error { + name := args[0] + + apiURL := getAPIURL() + url := fmt.Sprintf("%s/v1/deployments/get?name=%s", apiURL, name) + + req, err := http.NewRequest("GET", url, nil) + if err != nil { + return err + } + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return err + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("failed to get deployment: %s", string(body)) + } + + var result map[string]interface{} + err = json.Unmarshal(body, &result) + if err != nil { + return err + } + + // Print deployment info + fmt.Printf("Deployment: %s\n\n", result["name"]) + fmt.Printf("ID: %s\n", result["id"]) + fmt.Printf("Type: %s\n", result["type"]) + fmt.Printf("Status: %s\n", result["status"]) + fmt.Printf("Version: %v\n", result["version"]) + fmt.Printf("Namespace: %s\n", result["namespace"]) + + if contentCID, ok := result["content_cid"]; ok && contentCID != "" { + fmt.Printf("Content CID: %s\n", contentCID) + } + if buildCID, ok := result["build_cid"]; ok && buildCID != "" { + fmt.Printf("Build CID: %s\n", buildCID) + } + + if port, ok := result["port"]; ok && port != nil && port.(float64) > 0 { + fmt.Printf("Port: %v\n", port) + } + + if homeNodeID, ok := result["home_node_id"]; ok && homeNodeID != "" { + fmt.Printf("Home Node: %s\n", homeNodeID) + } + + if subdomain, ok := result["subdomain"]; ok && subdomain != "" { + fmt.Printf("Subdomain: %s\n", subdomain) + } + + fmt.Printf("Memory Limit: %v MB\n", result["memory_limit_mb"]) + fmt.Printf("CPU Limit: %v%%\n", result["cpu_limit_percent"]) + fmt.Printf("Restart Policy: %s\n", result["restart_policy"]) + + if urls, ok := result["urls"].([]interface{}); ok && len(urls) > 0 { + fmt.Printf("\nURLs:\n") + for _, url := range urls { + fmt.Printf(" • %s\n", url) + } + } + + if createdAt, ok := result["created_at"].(string); ok { + fmt.Printf("\nCreated: %s\n", createdAt) + } + if updatedAt, ok := result["updated_at"].(string); ok { + fmt.Printf("Updated: %s\n", updatedAt) + } + + return nil +} + +func deleteDeployment(cmd *cobra.Command, args []string) error { + name := args[0] + + fmt.Printf("⚠️ Are you sure you want to delete deployment '%s'? (y/N): ", name) + var confirm string + fmt.Scanln(&confirm) + + if confirm != "y" && confirm != "Y" { + fmt.Println("Cancelled") + return nil + } + + apiURL := getAPIURL() + url := fmt.Sprintf("%s/v1/deployments/delete?name=%s", apiURL, name) + + req, err := http.NewRequest("DELETE", url, nil) + if err != nil { + return err + } + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return err + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("failed to delete deployment: %s", string(body)) + } + + fmt.Printf("✅ Deployment '%s' deleted successfully\n", name) + + return nil +} + +func rollbackDeployment(cmd *cobra.Command, args []string) error { + name := args[0] + + if rollbackVersion <= 0 { + return fmt.Errorf("version must be positive") + } + + fmt.Printf("⚠️ Rolling back '%s' to version %d. Continue? (y/N): ", name, rollbackVersion) + var confirm string + fmt.Scanln(&confirm) + + if confirm != "y" && confirm != "Y" { + fmt.Println("Cancelled") + return nil + } + + apiURL := getAPIURL() + url := apiURL + "/v1/deployments/rollback?name=" + name + + payload := map[string]interface{}{ + "name": name, + "version": rollbackVersion, + } + + jsonData, err := json.Marshal(payload) + if err != nil { + return err + } + + req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData)) + if err != nil { + return err + } + + req.Header.Set("Content-Type", "application/json") + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return err + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("rollback failed: %s", string(body)) + } + + var result map[string]interface{} + err = json.Unmarshal(body, &result) + if err != nil { + return err + } + + fmt.Printf("\n✅ Rollback successful!\n\n") + fmt.Printf("Deployment: %s\n", result["name"]) + fmt.Printf("Current Version: %v\n", result["version"]) + fmt.Printf("Rolled Back From: %v\n", result["rolled_back_from"]) + fmt.Printf("Rolled Back To: %v\n", result["rolled_back_to"]) + fmt.Printf("Status: %s\n", result["status"]) + + return nil +} diff --git a/pkg/cli/deployments/logs.go b/pkg/cli/deployments/logs.go new file mode 100644 index 0000000..7ef1785 --- /dev/null +++ b/pkg/cli/deployments/logs.go @@ -0,0 +1,78 @@ +package deployments + +import ( + "bufio" + "fmt" + "io" + "net/http" + + "github.com/spf13/cobra" +) + +// LogsCmd streams deployment logs +var LogsCmd = &cobra.Command{ + Use: "logs ", + Short: "Stream deployment logs", + Args: cobra.ExactArgs(1), + RunE: streamLogs, +} + +var ( + logsFollow bool + logsLines int +) + +func init() { + LogsCmd.Flags().BoolVarP(&logsFollow, "follow", "f", false, "Follow log output") + LogsCmd.Flags().IntVarP(&logsLines, "lines", "n", 100, "Number of lines to show") +} + +func streamLogs(cmd *cobra.Command, args []string) error { + name := args[0] + + apiURL := getAPIURL() + url := fmt.Sprintf("%s/v1/deployments/logs?name=%s&lines=%d&follow=%t", + apiURL, name, logsLines, logsFollow) + + req, err := http.NewRequest("GET", url, nil) + if err != nil { + return err + } + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + body, _ := io.ReadAll(resp.Body) + return fmt.Errorf("failed to get logs: %s", string(body)) + } + + // Stream logs + reader := bufio.NewReader(resp.Body) + for { + line, err := reader.ReadString('\n') + if err != nil { + if err == io.EOF { + if !logsFollow { + break + } + continue + } + return err + } + + fmt.Print(line) + } + + return nil +} diff --git a/pkg/cli/deployments/stats.go b/pkg/cli/deployments/stats.go new file mode 100644 index 0000000..6d7f879 --- /dev/null +++ b/pkg/cli/deployments/stats.go @@ -0,0 +1,116 @@ +package deployments + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + + "github.com/spf13/cobra" +) + +// StatsCmd shows resource usage for a deployment +var StatsCmd = &cobra.Command{ + Use: "stats ", + Short: "Show resource usage for a deployment", + Args: cobra.ExactArgs(1), + RunE: statsDeployment, +} + +func statsDeployment(cmd *cobra.Command, args []string) error { + name := args[0] + + apiURL := getAPIURL() + url := fmt.Sprintf("%s/v1/deployments/stats?name=%s", apiURL, name) + + req, err := http.NewRequest("GET", url, nil) + if err != nil { + return err + } + + token, err := getAuthToken() + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + body, _ := io.ReadAll(resp.Body) + return fmt.Errorf("failed to get stats: %s", string(body)) + } + + var stats map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&stats); err != nil { + return fmt.Errorf("failed to parse stats: %w", err) + } + + // Display + fmt.Println() + fmt.Printf(" Name: %s\n", stats["name"]) + fmt.Printf(" Type: %s\n", stats["type"]) + fmt.Printf(" Status: %s\n", stats["status"]) + + if pid, ok := stats["pid"]; ok { + pidInt := int(pid.(float64)) + if pidInt > 0 { + fmt.Printf(" PID: %d\n", pidInt) + } + } + + if uptime, ok := stats["uptime_seconds"]; ok { + secs := uptime.(float64) + if secs > 0 { + fmt.Printf(" Uptime: %s\n", formatUptime(secs)) + } + } + + fmt.Println() + + if cpu, ok := stats["cpu_percent"]; ok { + fmt.Printf(" CPU: %.1f%%\n", cpu.(float64)) + } + + if mem, ok := stats["memory_rss_mb"]; ok { + fmt.Printf(" RAM: %s\n", formatSize(mem.(float64))) + } + + if disk, ok := stats["disk_mb"]; ok { + fmt.Printf(" Disk: %s\n", formatSize(disk.(float64))) + } + + fmt.Println() + + return nil +} + +func formatUptime(seconds float64) string { + s := int(seconds) + days := s / 86400 + hours := (s % 86400) / 3600 + mins := (s % 3600) / 60 + + if days > 0 { + return fmt.Sprintf("%dd %dh %dm", days, hours, mins) + } + if hours > 0 { + return fmt.Sprintf("%dh %dm", hours, mins) + } + return fmt.Sprintf("%dm", mins) +} + +func formatSize(mb float64) string { + if mb < 0.1 { + return fmt.Sprintf("%.1f KB", mb*1024) + } + if mb >= 1024 { + return fmt.Sprintf("%.1f GB", mb/1024) + } + return fmt.Sprintf("%.1f MB", mb) +} diff --git a/pkg/cli/dev_commands.go b/pkg/cli/dev_commands.go index 2d289af..ae38a4d 100644 --- a/pkg/cli/dev_commands.go +++ b/pkg/cli/dev_commands.go @@ -158,7 +158,7 @@ func handleDevStatus(args []string) { func handleDevLogs(args []string) { if len(args) == 0 { - fmt.Fprintf(os.Stderr, "Usage: dbn dev logs [--follow]\n") + fmt.Fprintf(os.Stderr, "Usage: orama dev logs [--follow]\n") fmt.Fprintf(os.Stderr, "\nComponents: node-1, node-2, node-3, node-4, node-5, gateway, ipfs-node-1, ipfs-node-2, ipfs-node-3, ipfs-node-4, ipfs-node-5, olric, anon\n") os.Exit(1) } diff --git a/pkg/cli/env_commands.go b/pkg/cli/env_commands.go index abcd85d..241c5d8 100644 --- a/pkg/cli/env_commands.go +++ b/pkg/cli/env_commands.go @@ -24,6 +24,10 @@ func HandleEnvCommand(args []string) { handleEnvSwitch(subargs) case "enable": handleEnvEnable(subargs) + case "add": + handleEnvAdd(subargs) + case "remove": + handleEnvRemove(subargs) case "help": showEnvHelp() default: @@ -35,7 +39,7 @@ func HandleEnvCommand(args []string) { func showEnvHelp() { fmt.Printf("🌍 Environment Management Commands\n\n") - fmt.Printf("Usage: dbn env \n\n") + fmt.Printf("Usage: orama env \n\n") fmt.Printf("Subcommands:\n") fmt.Printf(" list - List all available environments\n") fmt.Printf(" current - Show current active environment\n") @@ -43,15 +47,15 @@ func showEnvHelp() { fmt.Printf(" enable - Alias for 'switch' (e.g., 'devnet enable')\n\n") fmt.Printf("Available Environments:\n") fmt.Printf(" local - Local development (http://localhost:6001)\n") - fmt.Printf(" devnet - Development network (https://devnet.orama.network)\n") - fmt.Printf(" testnet - Test network (https://testnet.orama.network)\n\n") + fmt.Printf(" devnet - Development network (https://orama-devnet.network)\n") + fmt.Printf(" testnet - Test network (https://orama-tesetnet.network)\n\n") fmt.Printf("Examples:\n") - fmt.Printf(" dbn env list\n") - fmt.Printf(" dbn env current\n") - fmt.Printf(" dbn env switch devnet\n") - fmt.Printf(" dbn env enable testnet\n") - fmt.Printf(" dbn devnet enable # Shorthand for switch to devnet\n") - fmt.Printf(" dbn testnet enable # Shorthand for switch to testnet\n") + fmt.Printf(" orama env list\n") + fmt.Printf(" orama env current\n") + fmt.Printf(" orama env switch devnet\n") + fmt.Printf(" orama env enable testnet\n") + fmt.Printf(" orama devnet enable # Shorthand for switch to devnet\n") + fmt.Printf(" orama testnet enable # Shorthand for switch to testnet\n") } func handleEnvList() { @@ -99,7 +103,7 @@ func handleEnvCurrent() { func handleEnvSwitch(args []string) { if len(args) == 0 { - fmt.Fprintf(os.Stderr, "Usage: dbn env switch \n") + fmt.Fprintf(os.Stderr, "Usage: orama env switch \n") fmt.Fprintf(os.Stderr, "Available: local, devnet, testnet\n") os.Exit(1) } @@ -140,3 +144,108 @@ func handleEnvEnable(args []string) { // 'enable' is just an alias for 'switch' handleEnvSwitch(args) } + +func handleEnvAdd(args []string) { + if len(args) < 2 { + fmt.Fprintf(os.Stderr, "Usage: orama env add [description]\n") + fmt.Fprintf(os.Stderr, "Example: orama env add production http://dbrs.space \"Production network\"\n") + os.Exit(1) + } + + name := args[0] + gatewayURL := args[1] + description := "" + if len(args) > 2 { + description = args[2] + } + + // Initialize environments if needed + if err := InitializeEnvironments(); err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to initialize environments: %v\n", err) + os.Exit(1) + } + + envConfig, err := LoadEnvironmentConfig() + if err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to load environment config: %v\n", err) + os.Exit(1) + } + + // Check if environment already exists + for _, env := range envConfig.Environments { + if env.Name == name { + fmt.Fprintf(os.Stderr, "❌ Environment '%s' already exists\n", name) + os.Exit(1) + } + } + + // Add new environment + envConfig.Environments = append(envConfig.Environments, Environment{ + Name: name, + GatewayURL: gatewayURL, + Description: description, + IsActive: false, + }) + + if err := SaveEnvironmentConfig(envConfig); err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to save environment config: %v\n", err) + os.Exit(1) + } + + fmt.Printf("✅ Added environment: %s\n", name) + fmt.Printf(" Gateway URL: %s\n", gatewayURL) + if description != "" { + fmt.Printf(" Description: %s\n", description) + } +} + +func handleEnvRemove(args []string) { + if len(args) == 0 { + fmt.Fprintf(os.Stderr, "Usage: orama env remove \n") + os.Exit(1) + } + + name := args[0] + + // Don't allow removing 'local' + if name == "local" { + fmt.Fprintf(os.Stderr, "❌ Cannot remove the 'local' environment\n") + os.Exit(1) + } + + envConfig, err := LoadEnvironmentConfig() + if err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to load environment config: %v\n", err) + os.Exit(1) + } + + // Find and remove environment + found := false + newEnvs := make([]Environment, 0, len(envConfig.Environments)) + for _, env := range envConfig.Environments { + if env.Name == name { + found = true + continue + } + newEnvs = append(newEnvs, env) + } + + if !found { + fmt.Fprintf(os.Stderr, "❌ Environment '%s' not found\n", name) + os.Exit(1) + } + + envConfig.Environments = newEnvs + + // If we removed the active environment, switch to local + if envConfig.ActiveEnvironment == name { + envConfig.ActiveEnvironment = "local" + } + + if err := SaveEnvironmentConfig(envConfig); err != nil { + fmt.Fprintf(os.Stderr, "❌ Failed to save environment config: %v\n", err) + os.Exit(1) + } + + fmt.Printf("✅ Removed environment: %s\n", name) +} diff --git a/pkg/cli/environment.go b/pkg/cli/environment.go index b52fba6..e1d7c5e 100644 --- a/pkg/cli/environment.go +++ b/pkg/cli/environment.go @@ -31,15 +31,21 @@ var DefaultEnvironments = []Environment{ Description: "Local development environment (node-1)", IsActive: true, }, + { + Name: "production", + GatewayURL: "https://dbrs.space", + Description: "Production network (dbrs.space)", + IsActive: false, + }, { Name: "devnet", - GatewayURL: "https://devnet.orama.network", + GatewayURL: "https://orama-devnet.network", Description: "Development network (testnet)", IsActive: false, }, { Name: "testnet", - GatewayURL: "https://testnet.orama.network", + GatewayURL: "https://orama-tesetnet.network", Description: "Test network (staging)", IsActive: false, }, diff --git a/pkg/cli/namespace_commands.go b/pkg/cli/namespace_commands.go new file mode 100644 index 0000000..137942e --- /dev/null +++ b/pkg/cli/namespace_commands.go @@ -0,0 +1,131 @@ +package cli + +import ( + "bufio" + "crypto/tls" + "encoding/json" + "flag" + "fmt" + "net/http" + "os" + "strings" + + "github.com/DeBrosOfficial/network/pkg/auth" +) + +// HandleNamespaceCommand handles namespace management commands +func HandleNamespaceCommand(args []string) { + if len(args) == 0 { + showNamespaceHelp() + return + } + + subcommand := args[0] + switch subcommand { + case "delete": + var force bool + fs := flag.NewFlagSet("namespace delete", flag.ExitOnError) + fs.BoolVar(&force, "force", false, "Skip confirmation prompt") + _ = fs.Parse(args[1:]) + handleNamespaceDelete(force) + case "help": + showNamespaceHelp() + default: + fmt.Fprintf(os.Stderr, "Unknown namespace command: %s\n", subcommand) + showNamespaceHelp() + os.Exit(1) + } +} + +func showNamespaceHelp() { + fmt.Printf("Namespace Management Commands\n\n") + fmt.Printf("Usage: orama namespace \n\n") + fmt.Printf("Subcommands:\n") + fmt.Printf(" delete - Delete the current namespace and all its resources\n") + fmt.Printf(" help - Show this help message\n\n") + fmt.Printf("Flags:\n") + fmt.Printf(" --force - Skip confirmation prompt\n\n") + fmt.Printf("Examples:\n") + fmt.Printf(" orama namespace delete\n") + fmt.Printf(" orama namespace delete --force\n") +} + +func handleNamespaceDelete(force bool) { + // Load credentials + store, err := auth.LoadEnhancedCredentials() + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to load credentials: %v\n", err) + os.Exit(1) + } + + gatewayURL := getGatewayURL() + creds := store.GetDefaultCredential(gatewayURL) + + if creds == nil || !creds.IsValid() { + fmt.Fprintf(os.Stderr, "Not authenticated. Run 'orama auth login' first.\n") + os.Exit(1) + } + + namespace := creds.Namespace + if namespace == "" || namespace == "default" { + fmt.Fprintf(os.Stderr, "Cannot delete default namespace.\n") + os.Exit(1) + } + + // Confirm deletion + if !force { + fmt.Printf("This will permanently delete namespace '%s' and all its resources:\n", namespace) + fmt.Printf(" - RQLite cluster (3 nodes)\n") + fmt.Printf(" - Olric cache cluster (3 nodes)\n") + fmt.Printf(" - Gateway instances\n") + fmt.Printf(" - API keys and credentials\n\n") + fmt.Printf("Type the namespace name to confirm: ") + + scanner := bufio.NewScanner(os.Stdin) + scanner.Scan() + input := strings.TrimSpace(scanner.Text()) + + if input != namespace { + fmt.Println("Aborted - namespace name did not match.") + os.Exit(1) + } + } + + fmt.Printf("Deleting namespace '%s'...\n", namespace) + + // Make DELETE request to gateway + url := fmt.Sprintf("%s/v1/namespace/delete", gatewayURL) + req, err := http.NewRequest(http.MethodDelete, url, nil) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to create request: %v\n", err) + os.Exit(1) + } + req.Header.Set("Authorization", "Bearer "+creds.APIKey) + + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + }, + } + resp, err := client.Do(req) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to connect to gateway: %v\n", err) + os.Exit(1) + } + defer resp.Body.Close() + + var result map[string]interface{} + json.NewDecoder(resp.Body).Decode(&result) + + if resp.StatusCode != http.StatusOK { + errMsg := "unknown error" + if e, ok := result["error"].(string); ok { + errMsg = e + } + fmt.Fprintf(os.Stderr, "Failed to delete namespace: %s\n", errMsg) + os.Exit(1) + } + + fmt.Printf("Namespace '%s' deleted successfully.\n", namespace) + fmt.Printf("Run 'orama auth login' to create a new namespace.\n") +} diff --git a/pkg/cli/prod_commands_test.go b/pkg/cli/prod_commands_test.go index c67e617..007e1d1 100644 --- a/pkg/cli/prod_commands_test.go +++ b/pkg/cli/prod_commands_test.go @@ -7,42 +7,32 @@ import ( ) // TestProdCommandFlagParsing verifies that prod command flags are parsed correctly -// Note: The installer now uses --vps-ip presence to determine if it's a first node (no --bootstrap flag) -// First node: has --vps-ip but no --peers or --join -// Joining node: has --vps-ip, --peers, and --cluster-secret +// Genesis node: has --vps-ip but no --join or --token +// Joining node: has --vps-ip, --join (HTTPS URL), and --token (invite token) func TestProdCommandFlagParsing(t *testing.T) { tests := []struct { - name string - args []string - expectVPSIP string - expectDomain string - expectPeers string - expectJoin string - expectSecret string - expectBranch string - isFirstNode bool // first node = no peers and no join address + name string + args []string + expectVPSIP string + expectDomain string + expectJoin string + expectToken string + expectBranch string + isFirstNode bool // genesis node = no --join and no --token }{ { - name: "first node (creates new cluster)", - args: []string{"install", "--vps-ip", "10.0.0.1", "--domain", "node-1.example.com"}, - expectVPSIP: "10.0.0.1", + name: "genesis node (creates new cluster)", + args: []string{"install", "--vps-ip", "10.0.0.1", "--domain", "node-1.example.com"}, + expectVPSIP: "10.0.0.1", expectDomain: "node-1.example.com", - isFirstNode: true, + isFirstNode: true, }, { - name: "joining node with peers", - args: []string{"install", "--vps-ip", "10.0.0.2", "--peers", "/ip4/10.0.0.1/tcp/4001/p2p/Qm123", "--cluster-secret", "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"}, - expectVPSIP: "10.0.0.2", - expectPeers: "/ip4/10.0.0.1/tcp/4001/p2p/Qm123", - expectSecret: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", - isFirstNode: false, - }, - { - name: "joining node with join address", - args: []string{"install", "--vps-ip", "10.0.0.3", "--join", "10.0.0.1:7001", "--cluster-secret", "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"}, - expectVPSIP: "10.0.0.3", - expectJoin: "10.0.0.1:7001", - expectSecret: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", + name: "joining node with invite token", + args: []string{"install", "--vps-ip", "10.0.0.2", "--join", "https://node1.dbrs.space", "--token", "abc123def456"}, + expectVPSIP: "10.0.0.2", + expectJoin: "https://node1.dbrs.space", + expectToken: "abc123def456", isFirstNode: false, }, { @@ -56,8 +46,7 @@ func TestProdCommandFlagParsing(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - // Extract flags manually to verify parsing logic - var vpsIP, domain, peersStr, joinAddr, clusterSecret, branch string + var vpsIP, domain, joinAddr, token, branch string for i, arg := range tt.args { switch arg { @@ -69,17 +58,13 @@ func TestProdCommandFlagParsing(t *testing.T) { if i+1 < len(tt.args) { domain = tt.args[i+1] } - case "--peers": - if i+1 < len(tt.args) { - peersStr = tt.args[i+1] - } case "--join": if i+1 < len(tt.args) { joinAddr = tt.args[i+1] } - case "--cluster-secret": + case "--token": if i+1 < len(tt.args) { - clusterSecret = tt.args[i+1] + token = tt.args[i+1] } case "--branch": if i+1 < len(tt.args) { @@ -88,8 +73,8 @@ func TestProdCommandFlagParsing(t *testing.T) { } } - // First node detection: no peers and no join address - isFirstNode := peersStr == "" && joinAddr == "" + // Genesis node detection: no --join and no --token + isFirstNode := joinAddr == "" && token == "" if vpsIP != tt.expectVPSIP { t.Errorf("expected vpsIP=%q, got %q", tt.expectVPSIP, vpsIP) @@ -97,14 +82,11 @@ func TestProdCommandFlagParsing(t *testing.T) { if domain != tt.expectDomain { t.Errorf("expected domain=%q, got %q", tt.expectDomain, domain) } - if peersStr != tt.expectPeers { - t.Errorf("expected peers=%q, got %q", tt.expectPeers, peersStr) - } if joinAddr != tt.expectJoin { t.Errorf("expected join=%q, got %q", tt.expectJoin, joinAddr) } - if clusterSecret != tt.expectSecret { - t.Errorf("expected clusterSecret=%q, got %q", tt.expectSecret, clusterSecret) + if token != tt.expectToken { + t.Errorf("expected token=%q, got %q", tt.expectToken, token) } if branch != tt.expectBranch { t.Errorf("expected branch=%q, got %q", tt.expectBranch, branch) diff --git a/pkg/cli/production/commands.go b/pkg/cli/production/commands.go index d52a0c4..dace129 100644 --- a/pkg/cli/production/commands.go +++ b/pkg/cli/production/commands.go @@ -5,6 +5,7 @@ import ( "os" "github.com/DeBrosOfficial/network/pkg/cli/production/install" + "github.com/DeBrosOfficial/network/pkg/cli/production/invite" "github.com/DeBrosOfficial/network/pkg/cli/production/lifecycle" "github.com/DeBrosOfficial/network/pkg/cli/production/logs" "github.com/DeBrosOfficial/network/pkg/cli/production/migrate" @@ -24,6 +25,8 @@ func HandleCommand(args []string) { subargs := args[1:] switch subcommand { + case "invite": + invite.Handle(subargs) case "install": install.Handle(subargs) case "upgrade": diff --git a/pkg/cli/production/install/command.go b/pkg/cli/production/install/command.go index 5b2d0e3..d0de911 100644 --- a/pkg/cli/production/install/command.go +++ b/pkg/cli/production/install/command.go @@ -39,6 +39,12 @@ func Handle(args []string) { os.Exit(1) } + // Validate Anyone relay configuration if enabled + if err := orchestrator.validator.ValidateAnyoneRelayFlags(); err != nil { + fmt.Fprintf(os.Stderr, "❌ %v\n", err) + os.Exit(1) + } + // Execute installation if err := orchestrator.Execute(); err != nil { fmt.Fprintf(os.Stderr, "❌ %v\n", err) diff --git a/pkg/cli/production/install/flags.go b/pkg/cli/production/install/flags.go index 76b0dfa..8b02127 100644 --- a/pkg/cli/production/install/flags.go +++ b/pkg/cli/production/install/flags.go @@ -10,21 +10,38 @@ import ( type Flags struct { VpsIP string Domain string + BaseDomain string // Base domain for deployment routing (e.g., "dbrs.space") Branch string NoPull bool Force bool DryRun bool SkipChecks bool - JoinAddress string - ClusterSecret string - SwarmKey string - PeersStr string + PreBuilt bool // Skip building binaries, use pre-built binaries already on disk + Nameserver bool // Make this node a nameserver (runs CoreDNS + Caddy) + JoinAddress string // HTTPS URL of existing node (e.g., https://node1.dbrs.space) + Token string // Invite token for joining (from orama invite) + ClusterSecret string // Deprecated: use --token instead + SwarmKey string // Deprecated: use --token instead + PeersStr string // Deprecated: use --token instead // IPFS/Cluster specific info for Peering configuration IPFSPeerID string IPFSAddrs string IPFSClusterPeerID string IPFSClusterAddrs string + + // Security flags + SkipFirewall bool // Skip UFW firewall setup (for users who manage their own firewall) + + // Anyone relay operator flags + AnyoneRelay bool // Run as relay operator instead of client + AnyoneExit bool // Run as exit relay (legal implications) + AnyoneMigrate bool // Migrate existing Anyone installation + AnyoneNickname string // Relay nickname (1-19 alphanumeric) + AnyoneContact string // Contact info (email or @telegram) + AnyoneWallet string // Ethereum wallet for rewards + AnyoneORPort int // ORPort for relay (default 9001) + AnyoneFamily string // Comma-separated fingerprints of other relays you operate } // ParseFlags parses install command flags @@ -36,16 +53,20 @@ func ParseFlags(args []string) (*Flags, error) { fs.StringVar(&flags.VpsIP, "vps-ip", "", "Public IP of this VPS (required)") fs.StringVar(&flags.Domain, "domain", "", "Domain name for HTTPS (optional, e.g. gateway.example.com)") + fs.StringVar(&flags.BaseDomain, "base-domain", "", "Base domain for deployment routing (e.g., dbrs.space)") fs.StringVar(&flags.Branch, "branch", "main", "Git branch to use (main or nightly)") fs.BoolVar(&flags.NoPull, "no-pull", false, "Skip git clone/pull, use existing repository in /home/debros/src") fs.BoolVar(&flags.Force, "force", false, "Force reconfiguration even if already installed") fs.BoolVar(&flags.DryRun, "dry-run", false, "Show what would be done without making changes") fs.BoolVar(&flags.SkipChecks, "skip-checks", false, "Skip minimum resource checks (RAM/CPU)") + fs.BoolVar(&flags.PreBuilt, "pre-built", false, "Skip building binaries on VPS, use pre-built binaries already in /home/debros/bin and /usr/local/bin") + fs.BoolVar(&flags.Nameserver, "nameserver", false, "Make this node a nameserver (runs CoreDNS + Caddy)") // Cluster join flags - fs.StringVar(&flags.JoinAddress, "join", "", "Join an existing cluster (e.g. 1.2.3.4:7001)") - fs.StringVar(&flags.ClusterSecret, "cluster-secret", "", "Cluster secret for IPFS Cluster (required if joining)") - fs.StringVar(&flags.SwarmKey, "swarm-key", "", "IPFS Swarm key (required if joining)") + fs.StringVar(&flags.JoinAddress, "join", "", "Join existing cluster via HTTPS URL (e.g. https://node1.dbrs.space)") + fs.StringVar(&flags.Token, "token", "", "Invite token for joining (from orama invite on existing node)") + fs.StringVar(&flags.ClusterSecret, "cluster-secret", "", "Deprecated: use --token instead") + fs.StringVar(&flags.SwarmKey, "swarm-key", "", "Deprecated: use --token instead") fs.StringVar(&flags.PeersStr, "peers", "", "Comma-separated list of bootstrap peer multiaddrs") // IPFS/Cluster specific info for Peering configuration @@ -54,6 +75,19 @@ func ParseFlags(args []string) (*Flags, error) { fs.StringVar(&flags.IPFSClusterPeerID, "ipfs-cluster-peer", "", "Peer ID of existing IPFS Cluster node") fs.StringVar(&flags.IPFSClusterAddrs, "ipfs-cluster-addrs", "", "Comma-separated multiaddrs of existing IPFS Cluster node") + // Security flags + fs.BoolVar(&flags.SkipFirewall, "skip-firewall", false, "Skip UFW firewall setup (for users who manage their own firewall)") + + // Anyone relay operator flags + fs.BoolVar(&flags.AnyoneRelay, "anyone-relay", false, "Run as Anyone relay operator (earn rewards)") + fs.BoolVar(&flags.AnyoneExit, "anyone-exit", false, "Run as exit relay (requires --anyone-relay, legal implications)") + fs.BoolVar(&flags.AnyoneMigrate, "anyone-migrate", false, "Migrate existing Anyone installation into Orama Network") + fs.StringVar(&flags.AnyoneNickname, "anyone-nickname", "", "Relay nickname (1-19 alphanumeric chars)") + fs.StringVar(&flags.AnyoneContact, "anyone-contact", "", "Contact info (email or @telegram)") + fs.StringVar(&flags.AnyoneWallet, "anyone-wallet", "", "Ethereum wallet address for rewards") + fs.IntVar(&flags.AnyoneORPort, "anyone-orport", 9001, "ORPort for relay (default 9001)") + fs.StringVar(&flags.AnyoneFamily, "anyone-family", "", "Comma-separated fingerprints of other relays you operate") + if err := fs.Parse(args); err != nil { if err == flag.ErrHelp { return nil, err diff --git a/pkg/cli/production/install/orchestrator.go b/pkg/cli/production/install/orchestrator.go index bedb719..87d3a5e 100644 --- a/pkg/cli/production/install/orchestrator.go +++ b/pkg/cli/production/install/orchestrator.go @@ -1,13 +1,21 @@ package install import ( + "bufio" + "crypto/tls" + "encoding/json" "fmt" + "io" + "net/http" "os" + "os/exec" "path/filepath" "strings" + "time" "github.com/DeBrosOfficial/network/pkg/cli/utils" "github.com/DeBrosOfficial/network/pkg/environments/production" + joinhandlers "github.com/DeBrosOfficial/network/pkg/gateway/handlers/join" ) // Orchestrator manages the install process @@ -25,13 +33,34 @@ func NewOrchestrator(flags *Flags) (*Orchestrator, error) { oramaHome := "/home/debros" oramaDir := oramaHome + "/.orama" + // Prompt for base domain if not provided via flag + if flags.BaseDomain == "" { + flags.BaseDomain = promptForBaseDomain() + } + // Normalize peers peers, err := utils.NormalizePeers(flags.PeersStr) if err != nil { return nil, fmt.Errorf("invalid peers: %w", err) } - setup := production.NewProductionSetup(oramaHome, os.Stdout, flags.Force, flags.Branch, flags.NoPull, flags.SkipChecks) + setup := production.NewProductionSetup(oramaHome, os.Stdout, flags.Force, flags.Branch, flags.NoPull, flags.SkipChecks, flags.PreBuilt) + setup.SetNameserver(flags.Nameserver) + + // Configure Anyone relay if enabled + if flags.AnyoneRelay { + setup.SetAnyoneRelayConfig(&production.AnyoneRelayConfig{ + Enabled: true, + Exit: flags.AnyoneExit, + Migrate: flags.AnyoneMigrate, + Nickname: flags.AnyoneNickname, + Contact: flags.AnyoneContact, + Wallet: flags.AnyoneWallet, + ORPort: flags.AnyoneORPort, + MyFamily: flags.AnyoneFamily, + }) + } + validator := NewValidator(flags, oramaDir) return &Orchestrator{ @@ -54,23 +83,49 @@ func (o *Orchestrator) Execute() error { fmt.Printf(" Using existing repository at /home/debros/src\n") } + // Inform user if using pre-built binaries + if o.flags.PreBuilt { + fmt.Printf(" ⚠️ --pre-built flag enabled: Skipping all Go compilation\n") + fmt.Printf(" Using pre-built binaries from /home/debros/bin and /usr/local/bin\n") + } + // Validate DNS if domain is provided o.validator.ValidateDNS() // Dry-run mode: show what would be done and exit if o.flags.DryRun { - utils.ShowDryRunSummary(o.flags.VpsIP, o.flags.Domain, o.flags.Branch, o.peers, o.flags.JoinAddress, o.validator.IsFirstNode(), o.oramaDir) + var relayInfo *utils.AnyoneRelayDryRunInfo + if o.flags.AnyoneRelay { + relayInfo = &utils.AnyoneRelayDryRunInfo{ + Enabled: true, + Exit: o.flags.AnyoneExit, + Nickname: o.flags.AnyoneNickname, + Contact: o.flags.AnyoneContact, + Wallet: o.flags.AnyoneWallet, + ORPort: o.flags.AnyoneORPort, + } + } + utils.ShowDryRunSummaryWithRelay(o.flags.VpsIP, o.flags.Domain, o.flags.Branch, o.peers, o.flags.JoinAddress, o.validator.IsFirstNode(), o.oramaDir, relayInfo) return nil } - // Save secrets before installation - if err := o.validator.SaveSecrets(); err != nil { - return err + // Save secrets before installation (only for genesis; join flow gets secrets from response) + if !o.isJoiningNode() { + if err := o.validator.SaveSecrets(); err != nil { + return err + } } - // Save branch preference for future upgrades - if err := production.SaveBranchPreference(o.oramaDir, o.flags.Branch); err != nil { - fmt.Fprintf(os.Stderr, "⚠️ Warning: Failed to save branch preference: %v\n", err) + // Save preferences for future upgrades (branch + nameserver) + prefs := &production.NodePreferences{ + Branch: o.flags.Branch, + Nameserver: o.flags.Nameserver, + } + if err := production.SavePreferences(o.oramaDir, prefs); err != nil { + fmt.Fprintf(os.Stderr, "⚠️ Warning: Failed to save preferences: %v\n", err) + } + if o.flags.Nameserver { + fmt.Printf(" ℹ️ This node will be a nameserver (CoreDNS + Caddy)\n") } // Phase 1: Check prerequisites @@ -91,30 +146,56 @@ func (o *Orchestrator) Execute() error { return fmt.Errorf("binary installation failed: %w", err) } - // Phase 3: Generate secrets FIRST (before service initialization) + // Branch: genesis node vs joining node + if o.isJoiningNode() { + return o.executeJoinFlow() + } + return o.executeGenesisFlow() +} + +// isJoiningNode returns true if --join and --token are both set +func (o *Orchestrator) isJoiningNode() bool { + return o.flags.JoinAddress != "" && o.flags.Token != "" +} + +// executeGenesisFlow runs the install for the first node in a new cluster +func (o *Orchestrator) executeGenesisFlow() error { + // Phase 3: Generate secrets locally fmt.Printf("\n🔐 Phase 3: Generating secrets...\n") if err := o.setup.Phase3GenerateSecrets(); err != nil { return fmt.Errorf("secret generation failed: %w", err) } - // Phase 4: Generate configs (BEFORE service initialization) + // Phase 6a: WireGuard — self-assign 10.0.0.1 + fmt.Printf("\n🔒 Phase 6a: Setting up WireGuard mesh VPN...\n") + if _, _, err := o.setup.Phase6SetupWireGuard(true); err != nil { + fmt.Fprintf(os.Stderr, " ⚠️ Warning: WireGuard setup failed: %v\n", err) + } else { + fmt.Printf(" ✓ WireGuard configured (10.0.0.1)\n") + } + + // Phase 6b: UFW firewall + fmt.Printf("\n🛡️ Phase 6b: Setting up UFW firewall...\n") + if err := o.setup.Phase6bSetupFirewall(o.flags.SkipFirewall); err != nil { + fmt.Fprintf(os.Stderr, " ⚠️ Warning: Firewall setup failed: %v\n", err) + } + + // Phase 4: Generate configs using WG IP (10.0.0.1) as advertise address + // All inter-node communication uses WireGuard IPs, not public IPs fmt.Printf("\n⚙️ Phase 4: Generating configurations...\n") - enableHTTPS := o.flags.Domain != "" - if err := o.setup.Phase4GenerateConfigs(o.peers, o.flags.VpsIP, enableHTTPS, o.flags.Domain, o.flags.JoinAddress); err != nil { + enableHTTPS := false + genesisWGIP := "10.0.0.1" + if err := o.setup.Phase4GenerateConfigs(o.peers, genesisWGIP, enableHTTPS, o.flags.Domain, o.flags.BaseDomain, ""); err != nil { return fmt.Errorf("configuration generation failed: %w", err) } - // Validate generated configuration if err := o.validator.ValidateGeneratedConfig(); err != nil { return err } - // Phase 2c: Initialize services (after config is in place) + // Phase 2c: Initialize services (use WG IP for IPFS Cluster peer discovery) fmt.Printf("\nPhase 2c: Initializing services...\n") - ipfsPeerInfo := o.buildIPFSPeerInfo() - ipfsClusterPeerInfo := o.buildIPFSClusterPeerInfo() - - if err := o.setup.Phase2cInitializeServices(o.peers, o.flags.VpsIP, ipfsPeerInfo, ipfsClusterPeerInfo); err != nil { + if err := o.setup.Phase2cInitializeServices(o.peers, genesisWGIP, nil, nil); err != nil { return fmt.Errorf("service initialization failed: %w", err) } @@ -124,18 +205,239 @@ func (o *Orchestrator) Execute() error { return fmt.Errorf("service creation failed: %w", err) } - // Log completion with actual peer ID + // Install namespace systemd template units + fmt.Printf("\n🔧 Phase 5b: Installing namespace systemd templates...\n") + if err := o.installNamespaceTemplates(); err != nil { + fmt.Fprintf(os.Stderr, "⚠️ Template installation warning: %v\n", err) + } + + // Phase 7: Seed DNS records (with retry — migrations may still be running) + if o.flags.Nameserver && o.flags.BaseDomain != "" { + fmt.Printf("\n🌐 Phase 7: Seeding DNS records...\n") + var seedErr error + for attempt := 1; attempt <= 6; attempt++ { + waitSec := 5 * attempt + fmt.Printf(" Waiting for RQLite + migrations (%ds, attempt %d/6)...\n", waitSec, attempt) + time.Sleep(time.Duration(waitSec) * time.Second) + seedErr = o.setup.SeedDNSRecords(o.flags.BaseDomain, o.flags.VpsIP, o.peers) + if seedErr == nil { + fmt.Printf(" ✓ DNS records seeded\n") + break + } + fmt.Fprintf(os.Stderr, " ⚠️ Attempt %d failed: %v\n", attempt, seedErr) + } + if seedErr != nil { + fmt.Fprintf(os.Stderr, " ⚠️ Warning: DNS seeding failed after all attempts.\n") + fmt.Fprintf(os.Stderr, " Records will self-heal via node heartbeat once running.\n") + } + } + o.setup.LogSetupComplete(o.setup.NodePeerID) fmt.Printf("✅ Production installation complete!\n\n") + o.printFirstNodeSecrets() + return nil +} - // For first node, print important secrets and identifiers - if o.validator.IsFirstNode() { - o.printFirstNodeSecrets() +// executeJoinFlow runs the install for a node joining an existing cluster via invite token +func (o *Orchestrator) executeJoinFlow() error { + // Step 1: Generate WG keypair + fmt.Printf("\n🔑 Generating WireGuard keypair...\n") + privKey, pubKey, err := production.GenerateKeyPair() + if err != nil { + return fmt.Errorf("failed to generate WG keypair: %w", err) + } + fmt.Printf(" ✓ WireGuard keypair generated\n") + + // Step 2: Call join endpoint on existing node + fmt.Printf("\n🤝 Requesting cluster join from %s...\n", o.flags.JoinAddress) + joinResp, err := o.callJoinEndpoint(pubKey) + if err != nil { + return fmt.Errorf("join request failed: %w", err) + } + fmt.Printf(" ✓ Join approved — assigned WG IP: %s\n", joinResp.WGIP) + fmt.Printf(" ✓ Received %d WG peers\n", len(joinResp.WGPeers)) + + // Step 3: Configure WireGuard with assigned IP and peers + fmt.Printf("\n🔒 Configuring WireGuard tunnel...\n") + var wgPeers []production.WireGuardPeer + for _, p := range joinResp.WGPeers { + wgPeers = append(wgPeers, production.WireGuardPeer{ + PublicKey: p.PublicKey, + Endpoint: p.Endpoint, + AllowedIP: p.AllowedIP, + }) + } + // Install WG package first + wp := production.NewWireGuardProvisioner(production.WireGuardConfig{}) + if err := wp.Install(); err != nil { + return fmt.Errorf("failed to install wireguard: %w", err) + } + if err := o.setup.EnableWireGuardWithPeers(privKey, joinResp.WGIP, wgPeers); err != nil { + return fmt.Errorf("failed to enable WireGuard: %w", err) + } + + // Step 4: Verify WG tunnel + fmt.Printf("\n🔍 Verifying WireGuard tunnel...\n") + if err := o.verifyWGTunnel(joinResp.WGPeers); err != nil { + return fmt.Errorf("WireGuard tunnel verification failed: %w", err) + } + fmt.Printf(" ✓ WireGuard tunnel established\n") + + // Step 5: UFW firewall + fmt.Printf("\n🛡️ Setting up UFW firewall...\n") + if err := o.setup.Phase6bSetupFirewall(o.flags.SkipFirewall); err != nil { + fmt.Fprintf(os.Stderr, " ⚠️ Warning: Firewall setup failed: %v\n", err) + } + + // Step 6: Save secrets from join response + fmt.Printf("\n🔐 Saving cluster secrets...\n") + if err := o.saveSecretsFromJoinResponse(joinResp); err != nil { + return fmt.Errorf("failed to save secrets: %w", err) + } + fmt.Printf(" ✓ Secrets saved\n") + + // Step 7: Generate configs using WG IP as advertise address + // All inter-node communication uses WireGuard IPs, not public IPs + fmt.Printf("\n⚙️ Generating configurations...\n") + enableHTTPS := false + rqliteJoin := joinResp.RQLiteJoinAddress + if err := o.setup.Phase4GenerateConfigs(joinResp.BootstrapPeers, joinResp.WGIP, enableHTTPS, o.flags.Domain, joinResp.BaseDomain, rqliteJoin, joinResp.OlricPeers); err != nil { + return fmt.Errorf("configuration generation failed: %w", err) + } + + if err := o.validator.ValidateGeneratedConfig(); err != nil { + return err + } + + // Step 8: Initialize services with IPFS peer info from join response + fmt.Printf("\nInitializing services...\n") + var ipfsPeerInfo *production.IPFSPeerInfo + if joinResp.IPFSPeer.ID != "" { + ipfsPeerInfo = &production.IPFSPeerInfo{ + PeerID: joinResp.IPFSPeer.ID, + Addrs: joinResp.IPFSPeer.Addrs, + } + } + var ipfsClusterPeerInfo *production.IPFSClusterPeerInfo + if joinResp.IPFSClusterPeer.ID != "" { + ipfsClusterPeerInfo = &production.IPFSClusterPeerInfo{ + PeerID: joinResp.IPFSClusterPeer.ID, + Addrs: joinResp.IPFSClusterPeer.Addrs, + } + } + + if err := o.setup.Phase2cInitializeServices(joinResp.BootstrapPeers, joinResp.WGIP, ipfsPeerInfo, ipfsClusterPeerInfo); err != nil { + return fmt.Errorf("service initialization failed: %w", err) + } + + // Step 9: Create systemd services + fmt.Printf("\n🔧 Creating systemd services...\n") + if err := o.setup.Phase5CreateSystemdServices(enableHTTPS); err != nil { + return fmt.Errorf("service creation failed: %w", err) + } + + // Install namespace systemd template units + fmt.Printf("\n🔧 Installing namespace systemd templates...\n") + if err := o.installNamespaceTemplates(); err != nil { + fmt.Fprintf(os.Stderr, "⚠️ Template installation warning: %v\n", err) + } + + o.setup.LogSetupComplete(o.setup.NodePeerID) + fmt.Printf("✅ Production installation complete! Joined cluster via %s\n\n", o.flags.JoinAddress) + return nil +} + +// callJoinEndpoint sends the join request to the existing node's HTTPS endpoint +func (o *Orchestrator) callJoinEndpoint(wgPubKey string) (*joinhandlers.JoinResponse, error) { + reqBody := joinhandlers.JoinRequest{ + Token: o.flags.Token, + WGPublicKey: wgPubKey, + PublicIP: o.flags.VpsIP, + } + bodyBytes, err := json.Marshal(reqBody) + if err != nil { + return nil, fmt.Errorf("failed to marshal request: %w", err) + } + + url := strings.TrimRight(o.flags.JoinAddress, "/") + "/v1/internal/join" + client := &http.Client{ + Timeout: 30 * time.Second, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, // Self-signed certs during initial setup + }, + }, + } + + resp, err := client.Post(url, "application/json", strings.NewReader(string(bodyBytes))) + if err != nil { + return nil, fmt.Errorf("failed to contact %s: %w", url, err) + } + defer resp.Body.Close() + + respBody, err := io.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("failed to read response: %w", err) + } + + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("join rejected (HTTP %d): %s", resp.StatusCode, string(respBody)) + } + + var joinResp joinhandlers.JoinResponse + if err := json.Unmarshal(respBody, &joinResp); err != nil { + return nil, fmt.Errorf("failed to parse join response: %w", err) + } + + return &joinResp, nil +} + +// saveSecretsFromJoinResponse writes cluster secrets received from the join endpoint to disk +func (o *Orchestrator) saveSecretsFromJoinResponse(resp *joinhandlers.JoinResponse) error { + secretsDir := filepath.Join(o.oramaDir, "secrets") + if err := os.MkdirAll(secretsDir, 0700); err != nil { + return fmt.Errorf("failed to create secrets dir: %w", err) + } + + // Write cluster secret + if resp.ClusterSecret != "" { + if err := os.WriteFile(filepath.Join(secretsDir, "cluster-secret"), []byte(resp.ClusterSecret), 0600); err != nil { + return fmt.Errorf("failed to write cluster-secret: %w", err) + } + } + + // Write swarm key + if resp.SwarmKey != "" { + if err := os.WriteFile(filepath.Join(secretsDir, "swarm.key"), []byte(resp.SwarmKey), 0600); err != nil { + return fmt.Errorf("failed to write swarm.key: %w", err) + } } return nil } +// verifyWGTunnel pings a WG peer to verify the tunnel is working +func (o *Orchestrator) verifyWGTunnel(peers []joinhandlers.WGPeerInfo) error { + if len(peers) == 0 { + return fmt.Errorf("no WG peers to verify") + } + + // Extract the IP from the first peer's AllowedIP (e.g. "10.0.0.1/32" -> "10.0.0.1") + targetIP := strings.TrimSuffix(peers[0].AllowedIP, "/32") + + // Retry ping for up to 30 seconds + deadline := time.Now().Add(30 * time.Second) + for time.Now().Before(deadline) { + cmd := exec.Command("ping", "-c", "1", "-W", "2", targetIP) + if err := cmd.Run(); err == nil { + return nil + } + time.Sleep(2 * time.Second) + } + + return fmt.Errorf("could not reach %s via WireGuard after 30s", targetIP) +} + func (o *Orchestrator) buildIPFSPeerInfo() *production.IPFSPeerInfo { if o.flags.IPFSPeerID != "" { var addrs []string @@ -190,3 +492,96 @@ func (o *Orchestrator) printFirstNodeSecrets() { fmt.Printf(" Node Peer ID:\n") fmt.Printf(" %s\n\n", o.setup.NodePeerID) } + +// promptForBaseDomain interactively prompts the user to select a network environment +// Returns the selected base domain for deployment routing +func promptForBaseDomain() string { + reader := bufio.NewReader(os.Stdin) + + fmt.Println("\n🌐 Network Environment Selection") + fmt.Println("=================================") + fmt.Println("Select the network environment for this node:") + fmt.Println() + fmt.Println(" 1. orama-devnet.network (Development - for testing)") + fmt.Println(" 2. orama-testnet.network (Testnet - pre-production)") + fmt.Println(" 3. orama-mainnet.network (Mainnet - production)") + fmt.Println(" 4. Custom domain...") + fmt.Println() + fmt.Print("Select option [1-4] (default: 1): ") + + choice, _ := reader.ReadString('\n') + choice = strings.TrimSpace(choice) + + switch choice { + case "", "1": + fmt.Println("✓ Selected: orama-devnet.network") + return "orama-devnet.network" + case "2": + fmt.Println("✓ Selected: orama-testnet.network") + return "orama-testnet.network" + case "3": + fmt.Println("✓ Selected: orama-mainnet.network") + return "orama-mainnet.network" + case "4": + fmt.Print("Enter custom base domain (e.g., example.com): ") + customDomain, _ := reader.ReadString('\n') + customDomain = strings.TrimSpace(customDomain) + if customDomain == "" { + fmt.Println("⚠️ No domain entered, using orama-devnet.network") + return "orama-devnet.network" + } + // Remove any protocol prefix if user included it + customDomain = strings.TrimPrefix(customDomain, "https://") + customDomain = strings.TrimPrefix(customDomain, "http://") + customDomain = strings.TrimSuffix(customDomain, "/") + fmt.Printf("✓ Selected: %s\n", customDomain) + return customDomain + default: + fmt.Println("⚠️ Invalid option, using orama-devnet.network") + return "orama-devnet.network" + } +} + +// installNamespaceTemplates installs systemd template unit files for namespace services +func (o *Orchestrator) installNamespaceTemplates() error { + sourceDir := filepath.Join(o.oramaHome, "src", "systemd") + systemdDir := "/etc/systemd/system" + + templates := []string{ + "debros-namespace-rqlite@.service", + "debros-namespace-olric@.service", + "debros-namespace-gateway@.service", + } + + installedCount := 0 + for _, template := range templates { + sourcePath := filepath.Join(sourceDir, template) + destPath := filepath.Join(systemdDir, template) + + // Read template file + data, err := os.ReadFile(sourcePath) + if err != nil { + fmt.Printf(" ⚠️ Warning: Failed to read %s: %v\n", template, err) + continue + } + + // Write to systemd directory + if err := os.WriteFile(destPath, data, 0644); err != nil { + fmt.Printf(" ⚠️ Warning: Failed to install %s: %v\n", template, err) + continue + } + + installedCount++ + fmt.Printf(" ✓ Installed %s\n", template) + } + + if installedCount > 0 { + // Reload systemd daemon to pick up new templates + if err := exec.Command("systemctl", "daemon-reload").Run(); err != nil { + return fmt.Errorf("failed to reload systemd daemon: %w", err) + } + fmt.Printf(" ✓ Systemd daemon reloaded (%d templates installed)\n", installedCount) + } + + return nil +} diff --git a/pkg/cli/production/install/validator.go b/pkg/cli/production/install/validator.go index 7329cb8..12be366 100644 --- a/pkg/cli/production/install/validator.go +++ b/pkg/cli/production/install/validator.go @@ -7,20 +7,22 @@ import ( "strings" "github.com/DeBrosOfficial/network/pkg/cli/utils" + "github.com/DeBrosOfficial/network/pkg/config/validate" + "github.com/DeBrosOfficial/network/pkg/environments/production/installers" ) // Validator validates install command inputs type Validator struct { - flags *Flags - oramaDir string + flags *Flags + oramaDir string isFirstNode bool } // NewValidator creates a new validator func NewValidator(flags *Flags, oramaDir string) *Validator { return &Validator{ - flags: flags, - oramaDir: oramaDir, + flags: flags, + oramaDir: oramaDir, isFirstNode: flags.JoinAddress == "", } } @@ -28,7 +30,7 @@ func NewValidator(flags *Flags, oramaDir string) *Validator { // ValidateFlags validates required flags func (v *Validator) ValidateFlags() error { if v.flags.VpsIP == "" && !v.flags.DryRun { - return fmt.Errorf("--vps-ip is required for installation\nExample: dbn prod install --vps-ip 1.2.3.4") + return fmt.Errorf("--vps-ip is required for installation\nExample: orama prod install --vps-ip 1.2.3.4") } return nil } @@ -43,7 +45,17 @@ func (v *Validator) ValidateRootPrivileges() error { // ValidatePorts validates port availability func (v *Validator) ValidatePorts() error { - if err := utils.EnsurePortsAvailable("install", utils.DefaultPorts()); err != nil { + ports := utils.DefaultPorts() + + // Add ORPort check for relay mode (skip if migrating existing installation) + if v.flags.AnyoneRelay && !v.flags.AnyoneMigrate { + ports = append(ports, utils.PortSpec{ + Name: "Anyone ORPort", + Port: v.flags.AnyoneORPort, + }) + } + + if err := utils.EnsurePortsAvailable("install", ports); err != nil { return err } return nil @@ -88,8 +100,9 @@ func (v *Validator) SaveSecrets() error { if err := os.MkdirAll(secretsDir, 0755); err != nil { return fmt.Errorf("failed to create secrets directory: %w", err) } - // Convert 64-hex key to full swarm.key format - swarmKeyContent := fmt.Sprintf("/key/swarm/psk/1.0.0/\n/base16/\n%s\n", strings.ToUpper(v.flags.SwarmKey)) + // Extract hex only (strips headers if user passed full file content) + hexKey := strings.ToUpper(validate.ExtractSwarmKeyHex(v.flags.SwarmKey)) + swarmKeyContent := fmt.Sprintf("/key/swarm/psk/1.0.0/\n/base16/\n%s\n", hexKey) swarmKeyPath := filepath.Join(secretsDir, "swarm.key") if err := os.WriteFile(swarmKeyPath, []byte(swarmKeyContent), 0600); err != nil { return fmt.Errorf("failed to save swarm key: %w", err) @@ -104,3 +117,107 @@ func (v *Validator) SaveSecrets() error { func (v *Validator) IsFirstNode() bool { return v.isFirstNode } + +// ValidateAnyoneRelayFlags validates Anyone relay configuration and displays warnings +func (v *Validator) ValidateAnyoneRelayFlags() error { + // Skip validation if not running as relay + if !v.flags.AnyoneRelay { + return nil + } + + fmt.Printf("\n🔗 Anyone Relay Configuration\n") + + // Check for existing Anyone installation + existing, err := installers.DetectExistingAnyoneInstallation() + if err != nil { + fmt.Printf(" ⚠️ Warning: failed to detect existing installation: %v\n", err) + } + + if existing != nil { + fmt.Printf(" ⚠️ Existing Anyone relay detected:\n") + if existing.Fingerprint != "" { + fmt.Printf(" Fingerprint: %s\n", existing.Fingerprint) + } + if existing.Nickname != "" { + fmt.Printf(" Nickname: %s\n", existing.Nickname) + } + if existing.Wallet != "" { + fmt.Printf(" Wallet: %s\n", existing.Wallet) + } + if existing.MyFamily != "" { + familyCount := len(strings.Split(existing.MyFamily, ",")) + fmt.Printf(" MyFamily: %d relays\n", familyCount) + } + fmt.Printf(" Keys: %s\n", existing.KeysPath) + fmt.Printf(" Config: %s\n", existing.ConfigPath) + if existing.IsRunning { + fmt.Printf(" Status: Running\n") + } + if !v.flags.AnyoneMigrate { + fmt.Printf("\n 💡 Use --anyone-migrate to preserve existing keys and fingerprint\n") + } else { + fmt.Printf("\n ✓ Will migrate existing installation (keys preserved)\n") + // Auto-populate missing values from existing installation + if v.flags.AnyoneNickname == "" && existing.Nickname != "" { + v.flags.AnyoneNickname = existing.Nickname + fmt.Printf(" ✓ Using existing nickname: %s\n", existing.Nickname) + } + if v.flags.AnyoneWallet == "" && existing.Wallet != "" { + v.flags.AnyoneWallet = existing.Wallet + fmt.Printf(" ✓ Using existing wallet: %s\n", existing.Wallet) + } + } + fmt.Println() + } + + // Validate required fields for relay mode + if v.flags.AnyoneNickname == "" { + return fmt.Errorf("--anyone-nickname is required for relay mode") + } + if err := installers.ValidateNickname(v.flags.AnyoneNickname); err != nil { + return fmt.Errorf("invalid --anyone-nickname: %w", err) + } + + if v.flags.AnyoneWallet == "" { + return fmt.Errorf("--anyone-wallet is required for relay mode (for rewards)") + } + if err := installers.ValidateWallet(v.flags.AnyoneWallet); err != nil { + return fmt.Errorf("invalid --anyone-wallet: %w", err) + } + + if v.flags.AnyoneContact == "" { + return fmt.Errorf("--anyone-contact is required for relay mode") + } + + // Validate ORPort + if v.flags.AnyoneORPort < 1 || v.flags.AnyoneORPort > 65535 { + return fmt.Errorf("--anyone-orport must be between 1 and 65535") + } + + // Display configuration summary + fmt.Printf(" Nickname: %s\n", v.flags.AnyoneNickname) + fmt.Printf(" Contact: %s\n", v.flags.AnyoneContact) + fmt.Printf(" Wallet: %s\n", v.flags.AnyoneWallet) + fmt.Printf(" ORPort: %d\n", v.flags.AnyoneORPort) + if v.flags.AnyoneExit { + fmt.Printf(" Mode: Exit Relay\n") + } else { + fmt.Printf(" Mode: Non-exit Relay\n") + } + + // Warning about token requirement + fmt.Printf("\n ⚠️ IMPORTANT: Relay operators must hold 100 $ANYONE tokens\n") + fmt.Printf(" in wallet %s to receive rewards.\n", v.flags.AnyoneWallet) + fmt.Printf(" Register at: https://dashboard.anyone.io\n") + + // Exit relay warning + if v.flags.AnyoneExit { + fmt.Printf("\n ⚠️ EXIT RELAY WARNING:\n") + fmt.Printf(" Running an exit relay may expose you to legal liability\n") + fmt.Printf(" for traffic that exits through your node.\n") + fmt.Printf(" Ensure you understand the implications before proceeding.\n") + } + + fmt.Println() + return nil +} diff --git a/pkg/cli/production/invite/command.go b/pkg/cli/production/invite/command.go new file mode 100644 index 0000000..57ca730 --- /dev/null +++ b/pkg/cli/production/invite/command.go @@ -0,0 +1,115 @@ +package invite + +import ( + "crypto/rand" + "encoding/hex" + "fmt" + "net/http" + "os" + "strings" + "time" + + "gopkg.in/yaml.v3" +) + +// Handle processes the invite command +func Handle(args []string) { + // Must run on a cluster node with RQLite running locally + domain, err := readNodeDomain() + if err != nil { + fmt.Fprintf(os.Stderr, "Error: could not read node config: %v\n", err) + fmt.Fprintf(os.Stderr, "Make sure you're running this on an installed node.\n") + os.Exit(1) + } + + // Generate random token + tokenBytes := make([]byte, 32) + if _, err := rand.Read(tokenBytes); err != nil { + fmt.Fprintf(os.Stderr, "Error generating token: %v\n", err) + os.Exit(1) + } + token := hex.EncodeToString(tokenBytes) + + // Determine expiry (default 1 hour, --expiry flag for override) + expiry := time.Hour + for i, arg := range args { + if arg == "--expiry" && i+1 < len(args) { + d, err := time.ParseDuration(args[i+1]) + if err != nil { + fmt.Fprintf(os.Stderr, "Invalid expiry duration: %v\n", err) + os.Exit(1) + } + expiry = d + } + } + + expiresAt := time.Now().UTC().Add(expiry).Format("2006-01-02 15:04:05") + + // Get node ID for created_by + nodeID := "unknown" + if hostname, err := os.Hostname(); err == nil { + nodeID = hostname + } + + // Insert token into RQLite via HTTP API + if err := insertToken(token, nodeID, expiresAt); err != nil { + fmt.Fprintf(os.Stderr, "Error storing invite token: %v\n", err) + fmt.Fprintf(os.Stderr, "Make sure RQLite is running on this node.\n") + os.Exit(1) + } + + // Print the invite command + fmt.Printf("\nInvite token created (expires in %s)\n\n", expiry) + fmt.Printf("Run this on the new node:\n\n") + fmt.Printf(" sudo orama install --join https://%s --token %s --vps-ip --nameserver\n\n", domain, token) + fmt.Printf("Replace with the new node's public IP address.\n") +} + +// readNodeDomain reads the domain from the node config file +func readNodeDomain() (string, error) { + configPath := "/home/debros/.orama/configs/node.yaml" + data, err := os.ReadFile(configPath) + if err != nil { + return "", fmt.Errorf("read config: %w", err) + } + + var config struct { + Node struct { + Domain string `yaml:"domain"` + } `yaml:"node"` + } + if err := yaml.Unmarshal(data, &config); err != nil { + return "", fmt.Errorf("parse config: %w", err) + } + + if config.Node.Domain == "" { + return "", fmt.Errorf("node domain not set in config") + } + + return config.Node.Domain, nil +} + +// insertToken inserts an invite token into RQLite via HTTP API +func insertToken(token, createdBy, expiresAt string) error { + body := fmt.Sprintf(`[["INSERT INTO invite_tokens (token, created_by, expires_at) VALUES ('%s', '%s', '%s')"]]`, + token, createdBy, expiresAt) + + req, err := http.NewRequest("POST", "http://localhost:5001/db/execute", strings.NewReader(body)) + if err != nil { + return err + } + req.Header.Set("Content-Type", "application/json") + + client := &http.Client{Timeout: 5 * time.Second} + resp, err := client.Do(req) + if err != nil { + return fmt.Errorf("failed to connect to RQLite: %w", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("RQLite returned status %d", resp.StatusCode) + } + + return nil +} diff --git a/pkg/cli/production/lifecycle/start.go b/pkg/cli/production/lifecycle/start.go index 26ba28f..ce36de6 100644 --- a/pkg/cli/production/lifecycle/start.go +++ b/pkg/cli/production/lifecycle/start.go @@ -51,7 +51,7 @@ func HandleStart() { } if active { fmt.Printf(" ℹ️ %s already running\n", svc) - // Re-enable if disabled (in case it was stopped with 'dbn prod stop') + // Re-enable if disabled (in case it was stopped with 'orama prod stop') enabled, err := utils.IsServiceEnabled(svc) if err == nil && !enabled { if err := exec.Command("systemctl", "enable", svc).Run(); err != nil { @@ -83,7 +83,7 @@ func HandleStart() { // Enable and start inactive services for _, svc := range inactive { - // Re-enable the service first (in case it was disabled by 'dbn prod stop') + // Re-enable the service first (in case it was disabled by 'orama prod stop') enabled, err := utils.IsServiceEnabled(svc) if err == nil && !enabled { if err := exec.Command("systemctl", "enable", svc).Run(); err != nil { diff --git a/pkg/cli/production/lifecycle/stop.go b/pkg/cli/production/lifecycle/stop.go index aeaec4d..e179745 100644 --- a/pkg/cli/production/lifecycle/stop.go +++ b/pkg/cli/production/lifecycle/stop.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "os/exec" + "strings" "time" "github.com/DeBrosOfficial/network/pkg/cli/utils" @@ -18,12 +19,18 @@ func HandleStop() { fmt.Printf("Stopping all DeBros production services...\n") + // First, stop all namespace services + fmt.Printf("\n Stopping namespace services...\n") + stopAllNamespaceServices() + services := utils.GetProductionServices() if len(services) == 0 { fmt.Printf(" ⚠️ No DeBros services found\n") return } + fmt.Printf("\n Stopping main services...\n") + // First, disable all services to prevent auto-restart disableArgs := []string{"disable"} disableArgs = append(disableArgs, services...) @@ -107,6 +114,43 @@ func HandleStop() { fmt.Fprintf(os.Stderr, " If services are still restarting, they may need manual intervention\n") } else { fmt.Printf("\n✅ All services stopped and disabled (will not auto-start on boot)\n") - fmt.Printf(" Use 'dbn prod start' to start and re-enable services\n") + fmt.Printf(" Use 'orama prod start' to start and re-enable services\n") } } + +// stopAllNamespaceServices stops all running namespace services +func stopAllNamespaceServices() { + // Find all running namespace services using systemctl list-units + cmd := exec.Command("systemctl", "list-units", "--type=service", "--all", "--no-pager", "--no-legend", "debros-namespace-*@*.service") + output, err := cmd.Output() + if err != nil { + fmt.Printf(" ⚠️ Warning: Failed to list namespace services: %v\n", err) + return + } + + lines := strings.Split(string(output), "\n") + var namespaceServices []string + for _, line := range lines { + fields := strings.Fields(line) + if len(fields) > 0 { + serviceName := fields[0] + if strings.HasPrefix(serviceName, "debros-namespace-") { + namespaceServices = append(namespaceServices, serviceName) + } + } + } + + if len(namespaceServices) == 0 { + fmt.Printf(" No namespace services found\n") + return + } + + // Stop all namespace services + for _, svc := range namespaceServices { + if err := exec.Command("systemctl", "stop", svc).Run(); err != nil { + fmt.Printf(" ⚠️ Warning: Failed to stop %s: %v\n", svc, err) + } + } + + fmt.Printf(" ✓ Stopped %d namespace service(s)\n", len(namespaceServices)) +} diff --git a/pkg/cli/production/logs/command.go b/pkg/cli/production/logs/command.go index f06ecbf..7c66baf 100644 --- a/pkg/cli/production/logs/command.go +++ b/pkg/cli/production/logs/command.go @@ -47,7 +47,7 @@ func Handle(args []string) { } func showUsage() { - fmt.Fprintf(os.Stderr, "Usage: dbn prod logs [--follow]\n") + fmt.Fprintf(os.Stderr, "Usage: orama prod logs [--follow]\n") fmt.Fprintf(os.Stderr, "\nService aliases:\n") fmt.Fprintf(os.Stderr, " node, ipfs, cluster, gateway, olric\n") fmt.Fprintf(os.Stderr, "\nOr use full service name:\n") diff --git a/pkg/cli/production/status/command.go b/pkg/cli/production/status/command.go index af082d9..ff43b38 100644 --- a/pkg/cli/production/status/command.go +++ b/pkg/cli/production/status/command.go @@ -54,5 +54,5 @@ func Handle() { fmt.Printf(" ❌ %s not found\n", oramaDir) } - fmt.Printf("\nView logs with: dbn prod logs \n") + fmt.Printf("\nView logs with: orama prod logs \n") } diff --git a/pkg/cli/production/upgrade/flags.go b/pkg/cli/production/upgrade/flags.go index 6277267..2c76931 100644 --- a/pkg/cli/production/upgrade/flags.go +++ b/pkg/cli/production/upgrade/flags.go @@ -11,7 +11,20 @@ type Flags struct { Force bool RestartServices bool NoPull bool + PreBuilt bool + SkipChecks bool Branch string + Nameserver *bool // Pointer so we can detect if explicitly set vs default + + // Anyone relay operator flags + AnyoneRelay bool + AnyoneExit bool + AnyoneMigrate bool + AnyoneNickname string + AnyoneContact string + AnyoneWallet string + AnyoneORPort int + AnyoneFamily string } // ParseFlags parses upgrade command flags @@ -23,8 +36,23 @@ func ParseFlags(args []string) (*Flags, error) { fs.BoolVar(&flags.Force, "force", false, "Reconfigure all settings") fs.BoolVar(&flags.RestartServices, "restart", false, "Automatically restart services after upgrade") - fs.BoolVar(&flags.NoPull, "no-pull", false, "Skip git clone/pull, use existing /home/debros/src") - fs.StringVar(&flags.Branch, "branch", "", "Git branch to use (main or nightly, uses saved preference if not specified)") + fs.BoolVar(&flags.NoPull, "no-pull", false, "Skip source download, use existing /home/debros/src") + fs.BoolVar(&flags.PreBuilt, "pre-built", false, "Skip building binaries on VPS, use pre-built binaries already in /home/debros/bin and /usr/local/bin") + fs.BoolVar(&flags.SkipChecks, "skip-checks", false, "Skip minimum resource checks (RAM/CPU)") + fs.StringVar(&flags.Branch, "branch", "", "Git branch to use (uses saved preference if not specified)") + + // Nameserver flag - use pointer to detect if explicitly set + nameserver := fs.Bool("nameserver", false, "Make this node a nameserver (uses saved preference if not specified)") + + // Anyone relay operator flags + fs.BoolVar(&flags.AnyoneRelay, "anyone-relay", false, "Run as Anyone relay operator (earn rewards)") + fs.BoolVar(&flags.AnyoneExit, "anyone-exit", false, "Run as exit relay (requires --anyone-relay, legal implications)") + fs.BoolVar(&flags.AnyoneMigrate, "anyone-migrate", false, "Migrate existing Anyone installation into Orama Network") + fs.StringVar(&flags.AnyoneNickname, "anyone-nickname", "", "Relay nickname (1-19 alphanumeric chars)") + fs.StringVar(&flags.AnyoneContact, "anyone-contact", "", "Contact info (email or @telegram)") + fs.StringVar(&flags.AnyoneWallet, "anyone-wallet", "", "Ethereum wallet address for rewards") + fs.IntVar(&flags.AnyoneORPort, "anyone-orport", 9001, "ORPort for relay (default 9001)") + fs.StringVar(&flags.AnyoneFamily, "anyone-family", "", "Comma-separated fingerprints of other relays you operate") // Support legacy flags for backwards compatibility nightly := fs.Bool("nightly", false, "Use nightly branch (deprecated, use --branch nightly)") @@ -45,9 +73,9 @@ func ParseFlags(args []string) (*Flags, error) { flags.Branch = "main" } - // Validate branch if provided - if flags.Branch != "" && flags.Branch != "main" && flags.Branch != "nightly" { - return nil, fmt.Errorf("invalid branch: %s (must be 'main' or 'nightly')", flags.Branch) + // Set nameserver if explicitly provided + if *nameserver { + flags.Nameserver = nameserver } return flags, nil diff --git a/pkg/cli/production/upgrade/orchestrator.go b/pkg/cli/production/upgrade/orchestrator.go index 2b3a042..9b46a35 100644 --- a/pkg/cli/production/upgrade/orchestrator.go +++ b/pkg/cli/production/upgrade/orchestrator.go @@ -1,8 +1,11 @@ package upgrade import ( + "encoding/json" "fmt" + "io" "net" + "net/http" "os" "os/exec" "path/filepath" @@ -25,7 +28,38 @@ type Orchestrator struct { func NewOrchestrator(flags *Flags) *Orchestrator { oramaHome := "/home/debros" oramaDir := oramaHome + "/.orama" - setup := production.NewProductionSetup(oramaHome, os.Stdout, flags.Force, flags.Branch, flags.NoPull, false) + + // Load existing preferences + prefs := production.LoadPreferences(oramaDir) + + // Use saved branch if not specified + branch := flags.Branch + if branch == "" { + branch = prefs.Branch + } + + // Use saved nameserver preference if not explicitly specified + isNameserver := prefs.Nameserver + if flags.Nameserver != nil { + isNameserver = *flags.Nameserver + } + + setup := production.NewProductionSetup(oramaHome, os.Stdout, flags.Force, branch, flags.NoPull, flags.SkipChecks, flags.PreBuilt) + setup.SetNameserver(isNameserver) + + // Configure Anyone relay if enabled + if flags.AnyoneRelay { + setup.SetAnyoneRelayConfig(&production.AnyoneRelayConfig{ + Enabled: true, + Exit: flags.AnyoneExit, + Migrate: flags.AnyoneMigrate, + Nickname: flags.AnyoneNickname, + Contact: flags.AnyoneContact, + Wallet: flags.AnyoneWallet, + ORPort: flags.AnyoneORPort, + MyFamily: flags.AnyoneFamily, + }) + } return &Orchestrator{ oramaHome: oramaHome, @@ -47,6 +81,12 @@ func (o *Orchestrator) Execute() error { fmt.Printf(" Using existing repository at %s/src\n", o.oramaHome) } + // Log if --pre-built is enabled + if o.flags.PreBuilt { + fmt.Printf(" ⚠️ --pre-built flag enabled: Skipping all Go compilation\n") + fmt.Printf(" Using pre-built binaries from %s/bin and /usr/local/bin\n", o.oramaHome) + } + // Handle branch preferences if err := o.handleBranchPreferences(); err != nil { return err @@ -111,11 +151,23 @@ func (o *Orchestrator) Execute() error { // Phase 5: Update systemd services fmt.Printf("\n🔧 Phase 5: Updating systemd services...\n") - enableHTTPS, _ := o.extractGatewayConfig() + enableHTTPS, _, _ := o.extractGatewayConfig() if err := o.setup.Phase5CreateSystemdServices(enableHTTPS); err != nil { fmt.Fprintf(os.Stderr, "⚠️ Service update warning: %v\n", err) } + // Install namespace systemd template units + fmt.Printf("\n🔧 Phase 5b: Installing namespace systemd templates...\n") + if err := o.installNamespaceTemplates(); err != nil { + fmt.Fprintf(os.Stderr, "⚠️ Template installation warning: %v\n", err) + } + + // Re-apply UFW firewall rules (idempotent) + fmt.Printf("\n🛡️ Re-applying firewall rules...\n") + if err := o.setup.Phase6bSetupFirewall(false); err != nil { + fmt.Fprintf(os.Stderr, " ⚠️ Warning: Firewall re-apply failed: %v\n", err) + } + fmt.Printf("\n✅ Upgrade complete!\n") // Restart services if requested @@ -132,31 +184,179 @@ func (o *Orchestrator) Execute() error { } func (o *Orchestrator) handleBranchPreferences() error { - // If branch was explicitly provided, save it for future upgrades + // Load current preferences + prefs := production.LoadPreferences(o.oramaDir) + prefsChanged := false + + // If branch was explicitly provided, update it if o.flags.Branch != "" { - if err := production.SaveBranchPreference(o.oramaDir, o.flags.Branch); err != nil { - fmt.Fprintf(os.Stderr, "⚠️ Warning: Failed to save branch preference: %v\n", err) - } else { - fmt.Printf(" Using branch: %s (saved for future upgrades)\n", o.flags.Branch) - } + prefs.Branch = o.flags.Branch + prefsChanged = true + fmt.Printf(" Using branch: %s (saved for future upgrades)\n", o.flags.Branch) } else { - // Show which branch is being used (read from saved preference) - currentBranch := production.ReadBranchPreference(o.oramaDir) - fmt.Printf(" Using branch: %s (from saved preference)\n", currentBranch) + fmt.Printf(" Using branch: %s (from saved preference)\n", prefs.Branch) + } + + // If nameserver was explicitly provided, update it + if o.flags.Nameserver != nil { + prefs.Nameserver = *o.flags.Nameserver + prefsChanged = true + } + if o.setup.IsNameserver() { + fmt.Printf(" Nameserver mode: enabled (CoreDNS + Caddy)\n") + } + + // Save preferences if anything changed + if prefsChanged { + if err := production.SavePreferences(o.oramaDir, prefs); err != nil { + fmt.Fprintf(os.Stderr, "⚠️ Warning: Failed to save preferences: %v\n", err) + } } return nil } +// ClusterState represents the saved state of the RQLite cluster before shutdown +type ClusterState struct { + Nodes []ClusterNode `json:"nodes"` + CapturedAt time.Time `json:"captured_at"` +} + +// ClusterNode represents a node in the cluster +type ClusterNode struct { + ID string `json:"id"` + Address string `json:"address"` + Voter bool `json:"voter"` + Reachable bool `json:"reachable"` +} + +// captureClusterState saves the current RQLite cluster state before stopping services +// This allows nodes to recover cluster membership faster after restart +func (o *Orchestrator) captureClusterState() error { + fmt.Printf("\n📸 Capturing cluster state before shutdown...\n") + + // Query RQLite /nodes endpoint to get current cluster membership + client := &http.Client{Timeout: 5 * time.Second} + resp, err := client.Get("http://localhost:5001/nodes?timeout=3s") + if err != nil { + fmt.Printf(" ⚠️ Could not query cluster state: %v\n", err) + return nil // Non-fatal - continue with upgrade + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + fmt.Printf(" ⚠️ RQLite returned status %d\n", resp.StatusCode) + return nil + } + + body, err := io.ReadAll(resp.Body) + if err != nil { + fmt.Printf(" ⚠️ Could not read cluster state: %v\n", err) + return nil + } + + // Parse the nodes response + var nodes map[string]struct { + Addr string `json:"addr"` + Voter bool `json:"voter"` + Reachable bool `json:"reachable"` + } + if err := json.Unmarshal(body, &nodes); err != nil { + fmt.Printf(" ⚠️ Could not parse cluster state: %v\n", err) + return nil + } + + // Build cluster state + state := ClusterState{ + Nodes: make([]ClusterNode, 0, len(nodes)), + CapturedAt: time.Now(), + } + + for id, node := range nodes { + state.Nodes = append(state.Nodes, ClusterNode{ + ID: id, + Address: node.Addr, + Voter: node.Voter, + Reachable: node.Reachable, + }) + fmt.Printf(" Found node: %s (voter=%v, reachable=%v)\n", id, node.Voter, node.Reachable) + } + + // Save to file + stateFile := filepath.Join(o.oramaDir, "cluster-state.json") + data, err := json.MarshalIndent(state, "", " ") + if err != nil { + fmt.Printf(" ⚠️ Could not marshal cluster state: %v\n", err) + return nil + } + + if err := os.WriteFile(stateFile, data, 0644); err != nil { + fmt.Printf(" ⚠️ Could not save cluster state: %v\n", err) + return nil + } + + fmt.Printf(" ✓ Cluster state saved (%d nodes) to %s\n", len(state.Nodes), stateFile) + + // Also write peers.json directly for RQLite recovery + if err := o.writePeersJSONFromState(state); err != nil { + fmt.Printf(" ⚠️ Could not write peers.json: %v\n", err) + } else { + fmt.Printf(" ✓ peers.json written for cluster recovery\n") + } + + return nil +} + +// writePeersJSONFromState writes RQLite's peers.json file from captured cluster state +func (o *Orchestrator) writePeersJSONFromState(state ClusterState) error { + // Build peers.json format + peers := make([]map[string]interface{}, 0, len(state.Nodes)) + for _, node := range state.Nodes { + peers = append(peers, map[string]interface{}{ + "id": node.ID, + "address": node.ID, // RQLite uses raft address as both id and address + "non_voter": !node.Voter, + }) + } + + data, err := json.MarshalIndent(peers, "", " ") + if err != nil { + return err + } + + // Write to RQLite's raft directory + raftDir := filepath.Join(o.oramaHome, ".orama", "data", "rqlite", "raft") + if err := os.MkdirAll(raftDir, 0755); err != nil { + return err + } + + peersFile := filepath.Join(raftDir, "peers.json") + return os.WriteFile(peersFile, data, 0644) +} + func (o *Orchestrator) stopServices() error { - fmt.Printf("\n⏹️ Stopping services before upgrade...\n") + // Capture cluster state BEFORE stopping services + _ = o.captureClusterState() + + fmt.Printf("\n⏹️ Stopping all services before upgrade...\n") serviceController := production.NewSystemdController() + + // First, stop all namespace services (debros-namespace-*@*.service) + fmt.Printf(" Stopping namespace services...\n") + if err := o.stopAllNamespaceServices(serviceController); err != nil { + fmt.Printf(" ⚠️ Warning: Failed to stop namespace services: %v\n", err) + } + + // Stop services in reverse dependency order services := []string{ - "debros-gateway.service", - "debros-node.service", - "debros-ipfs-cluster.service", - "debros-ipfs.service", - // Note: RQLite is managed by node process, not as separate service - "debros-olric.service", + "caddy.service", // Depends on node + "coredns.service", // Depends on node + "debros-gateway.service", // Legacy + "debros-node.service", // Depends on cluster, olric + "debros-ipfs-cluster.service", // Depends on IPFS + "debros-ipfs.service", // Base IPFS + "debros-olric.service", // Independent + "debros-anyone-client.service", // Client mode + "debros-anyone-relay.service", // Relay mode } for _, svc := range services { unitPath := filepath.Join("/etc/systemd/system", svc) @@ -169,7 +369,83 @@ func (o *Orchestrator) stopServices() error { } } // Give services time to shut down gracefully - time.Sleep(2 * time.Second) + time.Sleep(3 * time.Second) + return nil +} + +// stopAllNamespaceServices stops all running namespace services +func (o *Orchestrator) stopAllNamespaceServices(serviceController *production.SystemdController) error { + // Find all running namespace services using systemctl list-units + cmd := exec.Command("systemctl", "list-units", "--type=service", "--state=running", "--no-pager", "--no-legend", "debros-namespace-*@*.service") + output, err := cmd.Output() + if err != nil { + return fmt.Errorf("failed to list namespace services: %w", err) + } + + lines := strings.Split(string(output), "\n") + stoppedCount := 0 + for _, line := range lines { + fields := strings.Fields(line) + if len(fields) > 0 { + serviceName := fields[0] + if strings.HasPrefix(serviceName, "debros-namespace-") { + if err := serviceController.StopService(serviceName); err != nil { + fmt.Printf(" ⚠️ Warning: Failed to stop %s: %v\n", serviceName, err) + } else { + stoppedCount++ + } + } + } + } + + if stoppedCount > 0 { + fmt.Printf(" ✓ Stopped %d namespace service(s)\n", stoppedCount) + } + + return nil +} + +// installNamespaceTemplates installs systemd template unit files for namespace services +func (o *Orchestrator) installNamespaceTemplates() error { + sourceDir := filepath.Join(o.oramaHome, "src", "systemd") + systemdDir := "/etc/systemd/system" + + templates := []string{ + "debros-namespace-rqlite@.service", + "debros-namespace-olric@.service", + "debros-namespace-gateway@.service", + } + + installedCount := 0 + for _, template := range templates { + sourcePath := filepath.Join(sourceDir, template) + destPath := filepath.Join(systemdDir, template) + + // Read template file + data, err := os.ReadFile(sourcePath) + if err != nil { + fmt.Printf(" ⚠️ Warning: Failed to read %s: %v\n", template, err) + continue + } + + // Write to systemd directory + if err := os.WriteFile(destPath, data, 0644); err != nil { + fmt.Printf(" ⚠️ Warning: Failed to install %s: %v\n", template, err) + continue + } + + installedCount++ + fmt.Printf(" ✓ Installed %s\n", template) + } + + if installedCount > 0 { + // Reload systemd daemon to pick up new templates + if err := exec.Command("systemctl", "daemon-reload").Run(); err != nil { + return fmt.Errorf("failed to reload systemd daemon: %w", err) + } + fmt.Printf(" ✓ Systemd daemon reloaded (%d templates installed)\n", installedCount) + } + return nil } @@ -242,7 +518,7 @@ func (o *Orchestrator) extractNetworkConfig() (vpsIP, joinAddress string) { return vpsIP, joinAddress } -func (o *Orchestrator) extractGatewayConfig() (enableHTTPS bool, domain string) { +func (o *Orchestrator) extractGatewayConfig() (enableHTTPS bool, domain string, baseDomain string) { gatewayConfigPath := filepath.Join(o.oramaDir, "configs", "gateway.yaml") if data, err := os.ReadFile(gatewayConfigPath); err == nil { configStr := string(data) @@ -265,13 +541,45 @@ func (o *Orchestrator) extractGatewayConfig() (enableHTTPS bool, domain string) } } } - return enableHTTPS, domain + + // Also check node.yaml for domain and base_domain + nodeConfigPath := filepath.Join(o.oramaDir, "configs", "node.yaml") + if data, err := os.ReadFile(nodeConfigPath); err == nil { + configStr := string(data) + for _, line := range strings.Split(configStr, "\n") { + trimmed := strings.TrimSpace(line) + // Extract domain from node.yaml (under node: section) if not already found + if domain == "" && strings.HasPrefix(trimmed, "domain:") && !strings.HasPrefix(trimmed, "domain_") { + parts := strings.SplitN(trimmed, ":", 2) + if len(parts) > 1 { + d := strings.TrimSpace(parts[1]) + d = strings.Trim(d, "\"'") + if d != "" && d != "null" { + domain = d + enableHTTPS = true + } + } + } + if strings.HasPrefix(trimmed, "base_domain:") { + parts := strings.SplitN(trimmed, ":", 2) + if len(parts) > 1 { + baseDomain = strings.TrimSpace(parts[1]) + baseDomain = strings.Trim(baseDomain, "\"'") + if baseDomain == "null" || baseDomain == "" { + baseDomain = "" + } + } + } + } + } + + return enableHTTPS, domain, baseDomain } func (o *Orchestrator) regenerateConfigs() error { peers := o.extractPeers() vpsIP, joinAddress := o.extractNetworkConfig() - enableHTTPS, domain := o.extractGatewayConfig() + enableHTTPS, domain, baseDomain := o.extractGatewayConfig() fmt.Printf(" Preserving existing configuration:\n") if len(peers) > 0 { @@ -283,12 +591,15 @@ func (o *Orchestrator) regenerateConfigs() error { if domain != "" { fmt.Printf(" - Domain: %s\n", domain) } + if baseDomain != "" { + fmt.Printf(" - Base domain: %s\n", baseDomain) + } if joinAddress != "" { fmt.Printf(" - Join address: %s\n", joinAddress) } // Phase 4: Generate configs - if err := o.setup.Phase4GenerateConfigs(peers, vpsIP, enableHTTPS, domain, joinAddress); err != nil { + if err := o.setup.Phase4GenerateConfigs(peers, vpsIP, enableHTTPS, domain, baseDomain, joinAddress); err != nil { fmt.Fprintf(os.Stderr, "⚠️ Config generation warning: %v\n", err) fmt.Fprintf(os.Stderr, " Existing configs preserved\n") } @@ -297,26 +608,168 @@ func (o *Orchestrator) regenerateConfigs() error { } func (o *Orchestrator) restartServices() error { - fmt.Printf(" Restarting services...\n") + fmt.Printf("\n🔄 Restarting services with rolling restart...\n") + // Reload systemd daemon if err := exec.Command("systemctl", "daemon-reload").Run(); err != nil { fmt.Fprintf(os.Stderr, " ⚠️ Warning: Failed to reload systemd daemon: %v\n", err) } - // Restart services to apply changes - use getProductionServices to only restart existing services + // Get services to restart services := utils.GetProductionServices() + + // Re-enable namespace services BEFORE restarting debros-node. + // orama prod stop disables them, and debros-node's PartOf= dependency + // won't propagate restart to disabled services. We must re-enable first + // so that namespace gateways restart with the updated binary. + for _, svc := range services { + if strings.Contains(svc, "@") { + if err := exec.Command("systemctl", "enable", svc).Run(); err != nil { + fmt.Printf(" ⚠️ Warning: Failed to re-enable %s: %v\n", svc, err) + } + } + } + + // If this is a nameserver, also restart CoreDNS and Caddy + if o.setup.IsNameserver() { + nameserverServices := []string{"coredns", "caddy"} + for _, svc := range nameserverServices { + unitPath := filepath.Join("/etc/systemd/system", svc+".service") + if _, err := os.Stat(unitPath); err == nil { + services = append(services, svc) + } + } + } + if len(services) == 0 { fmt.Printf(" ⚠️ No services found to restart\n") - } else { + return nil + } + + // Define the order for rolling restart - node service first (contains RQLite) + // This ensures the cluster can reform before other services start + priorityOrder := []string{ + "debros-node", // Start node first - contains RQLite cluster + "debros-olric", // Distributed cache + "debros-ipfs", // IPFS daemon + "debros-ipfs-cluster", // IPFS cluster + "debros-gateway", // Gateway (legacy) + "coredns", // DNS server + "caddy", // Reverse proxy + } + + // Restart services in priority order with health checks + for _, priority := range priorityOrder { for _, svc := range services { + if svc == priority { + fmt.Printf(" Starting %s...\n", svc) + if err := exec.Command("systemctl", "restart", svc).Run(); err != nil { + fmt.Printf(" ⚠️ Failed to restart %s: %v\n", svc, err) + continue + } + fmt.Printf(" ✓ Started %s\n", svc) + + // For the node service, wait for RQLite cluster health + if svc == "debros-node" { + fmt.Printf(" Waiting for RQLite cluster to become healthy...\n") + if err := o.waitForClusterHealth(2 * time.Minute); err != nil { + fmt.Printf(" ⚠️ Cluster health check warning: %v\n", err) + fmt.Printf(" Continuing with restart (cluster may recover)...\n") + } else { + fmt.Printf(" ✓ RQLite cluster is healthy\n") + } + } + break + } + } + } + + // Start any remaining services not in priority list (includes namespace services) + for _, svc := range services { + found := false + for _, priority := range priorityOrder { + if svc == priority { + found = true + break + } + } + if !found { + fmt.Printf(" Starting %s...\n", svc) if err := exec.Command("systemctl", "restart", svc).Run(); err != nil { fmt.Printf(" ⚠️ Failed to restart %s: %v\n", svc, err) } else { - fmt.Printf(" ✓ Restarted %s\n", svc) + fmt.Printf(" ✓ Started %s\n", svc) } } - fmt.Printf(" ✓ All services restarted\n") + } + + fmt.Printf(" ✓ All services restarted\n") + + // Seed DNS records after services are running (RQLite must be up) + if o.setup.IsNameserver() { + fmt.Printf(" Seeding DNS records...\n") + + _, _, baseDomain := o.extractGatewayConfig() + peers := o.extractPeers() + vpsIP, _ := o.extractNetworkConfig() + + if err := o.setup.SeedDNSRecords(baseDomain, vpsIP, peers); err != nil { + fmt.Fprintf(os.Stderr, " ⚠️ Warning: Failed to seed DNS records: %v\n", err) + } else { + fmt.Printf(" ✓ DNS records seeded\n") + } } return nil } + +// waitForClusterHealth waits for the RQLite cluster to become healthy +func (o *Orchestrator) waitForClusterHealth(timeout time.Duration) error { + client := &http.Client{Timeout: 5 * time.Second} + deadline := time.Now().Add(timeout) + + for time.Now().Before(deadline) { + // Query RQLite status + resp, err := client.Get("http://localhost:5001/status") + if err != nil { + time.Sleep(2 * time.Second) + continue + } + + body, err := io.ReadAll(resp.Body) + resp.Body.Close() + if err != nil { + time.Sleep(2 * time.Second) + continue + } + + // Parse status response + var status struct { + Store struct { + Raft struct { + State string `json:"state"` + NumPeers int `json:"num_peers"` + } `json:"raft"` + } `json:"store"` + } + + if err := json.Unmarshal(body, &status); err != nil { + time.Sleep(2 * time.Second) + continue + } + + raftState := status.Store.Raft.State + numPeers := status.Store.Raft.NumPeers + + // Cluster is healthy if we're a Leader or Follower (not Candidate) + if raftState == "Leader" || raftState == "Follower" { + fmt.Printf(" RQLite state: %s (peers: %d)\n", raftState, numPeers) + return nil + } + + fmt.Printf(" RQLite state: %s (waiting for Leader/Follower)...\n", raftState) + time.Sleep(3 * time.Second) + } + + return fmt.Errorf("timeout waiting for cluster to become healthy") +} diff --git a/pkg/cli/utils/install.go b/pkg/cli/utils/install.go index 21ff11c..bc01c07 100644 --- a/pkg/cli/utils/install.go +++ b/pkg/cli/utils/install.go @@ -17,8 +17,23 @@ type IPFSClusterPeerInfo struct { Addrs []string } +// AnyoneRelayDryRunInfo contains Anyone relay info for dry-run summary +type AnyoneRelayDryRunInfo struct { + Enabled bool + Exit bool + Nickname string + Contact string + Wallet string + ORPort int +} + // ShowDryRunSummary displays what would be done during installation without making changes func ShowDryRunSummary(vpsIP, domain, branch string, peers []string, joinAddress string, isFirstNode bool, oramaDir string) { + ShowDryRunSummaryWithRelay(vpsIP, domain, branch, peers, joinAddress, isFirstNode, oramaDir, nil) +} + +// ShowDryRunSummaryWithRelay displays what would be done during installation with optional relay info +func ShowDryRunSummaryWithRelay(vpsIP, domain, branch string, peers []string, joinAddress string, isFirstNode bool, oramaDir string, relayInfo *AnyoneRelayDryRunInfo) { fmt.Print("\n" + strings.Repeat("=", 70) + "\n") fmt.Printf("DRY RUN - No changes will be made\n") fmt.Print(strings.Repeat("=", 70) + "\n\n") @@ -57,7 +72,11 @@ func ShowDryRunSummary(vpsIP, domain, branch string, peers []string, joinAddress fmt.Printf(" - IPFS/Kubo 0.38.2\n") fmt.Printf(" - IPFS Cluster (latest)\n") fmt.Printf(" - Olric 0.7.0\n") - fmt.Printf(" - anyone-client (npm)\n") + if relayInfo != nil && relayInfo.Enabled { + fmt.Printf(" - anon (relay binary via apt)\n") + } else { + fmt.Printf(" - anyone-client (npm)\n") + } fmt.Printf(" - DeBros binaries (built from %s branch)\n", branch) fmt.Printf("\n🔐 Secrets that would be generated:\n") @@ -74,7 +93,11 @@ func ShowDryRunSummary(vpsIP, domain, branch string, peers []string, joinAddress fmt.Printf(" - debros-ipfs-cluster.service\n") fmt.Printf(" - debros-olric.service\n") fmt.Printf(" - debros-node.service (includes embedded gateway + RQLite)\n") - fmt.Printf(" - debros-anyone-client.service\n") + if relayInfo != nil && relayInfo.Enabled { + fmt.Printf(" - debros-anyone-relay.service (relay operator mode)\n") + } else { + fmt.Printf(" - debros-anyone-client.service\n") + } fmt.Printf("\n🌐 Ports that would be used:\n") fmt.Printf(" External (must be open in firewall):\n") @@ -82,6 +105,9 @@ func ShowDryRunSummary(vpsIP, domain, branch string, peers []string, joinAddress fmt.Printf(" - 443 (HTTPS gateway)\n") fmt.Printf(" - 4101 (IPFS swarm)\n") fmt.Printf(" - 7001 (RQLite Raft)\n") + if relayInfo != nil && relayInfo.Enabled { + fmt.Printf(" - %d (Anyone ORPort - relay traffic)\n", relayInfo.ORPort) + } fmt.Printf(" Internal (localhost only):\n") fmt.Printf(" - 4501 (IPFS API)\n") fmt.Printf(" - 5001 (RQLite HTTP)\n") @@ -91,6 +117,23 @@ func ShowDryRunSummary(vpsIP, domain, branch string, peers []string, joinAddress fmt.Printf(" - 9094 (IPFS Cluster API)\n") fmt.Printf(" - 3320/3322 (Olric)\n") + // Show relay-specific configuration + if relayInfo != nil && relayInfo.Enabled { + fmt.Printf("\n🔗 Anyone Relay Configuration:\n") + fmt.Printf(" Mode: Relay Operator\n") + fmt.Printf(" Nickname: %s\n", relayInfo.Nickname) + fmt.Printf(" Contact: %s\n", relayInfo.Contact) + fmt.Printf(" Wallet: %s\n", relayInfo.Wallet) + fmt.Printf(" ORPort: %d\n", relayInfo.ORPort) + if relayInfo.Exit { + fmt.Printf(" Exit: Yes (legal implications apply)\n") + } else { + fmt.Printf(" Exit: No (non-exit relay)\n") + } + fmt.Printf("\n ⚠️ IMPORTANT: You need 100 $ANYONE tokens in wallet to receive rewards\n") + fmt.Printf(" Register at: https://dashboard.anyone.io\n") + } + fmt.Print("\n" + strings.Repeat("=", 70) + "\n") fmt.Printf("To proceed with installation, run without --dry-run\n") fmt.Print(strings.Repeat("=", 70) + "\n\n") diff --git a/pkg/cli/utils/systemd.go b/pkg/cli/utils/systemd.go index e73c40e..c807bf9 100644 --- a/pkg/cli/utils/systemd.go +++ b/pkg/cli/utils/systemd.go @@ -150,27 +150,55 @@ func IsServiceMasked(service string) (bool, error) { return false, nil } -// GetProductionServices returns a list of all DeBros production service names that exist +// GetProductionServices returns a list of all DeBros production service names that exist, +// including both global services and namespace-specific services func GetProductionServices() []string { - // Unified service names (no bootstrap/node distinction) - allServices := []string{ + // Global/default service names + globalServices := []string{ "debros-gateway", "debros-node", "debros-olric", "debros-ipfs-cluster", "debros-ipfs", "debros-anyone-client", + "debros-anyone-relay", } - // Filter to only existing services by checking if unit file exists var existing []string - for _, svc := range allServices { + + // Add existing global services + for _, svc := range globalServices { unitPath := filepath.Join("/etc/systemd/system", svc+".service") if _, err := os.Stat(unitPath); err == nil { existing = append(existing, svc) } } + // Discover namespace service instances from the namespaces data directory. + // We can't rely on scanning /etc/systemd/system because that only contains + // template files (e.g. debros-namespace-gateway@.service) with no instance name. + // Restarting a template without an instance is a no-op. + // Instead, scan the data directory where each subdirectory is a provisioned namespace. + namespacesDir := "/home/debros/.orama/data/namespaces" + nsEntries, err := os.ReadDir(namespacesDir) + if err == nil { + serviceTypes := []string{"rqlite", "olric", "gateway"} + for _, nsEntry := range nsEntries { + if !nsEntry.IsDir() { + continue + } + ns := nsEntry.Name() + for _, svcType := range serviceTypes { + // Only add if the env file exists (service was provisioned) + envFile := filepath.Join(namespacesDir, ns, svcType+".env") + if _, err := os.Stat(envFile); err == nil { + svcName := fmt.Sprintf("debros-namespace-%s@%s", svcType, ns) + existing = append(existing, svcName) + } + } + } + } + return existing } @@ -200,18 +228,60 @@ func CollectPortsForServices(services []string, skipActive bool) ([]PortSpec, er return ports, nil } -// EnsurePortsAvailable checks if the specified ports are available +// EnsurePortsAvailable checks if the specified ports are available. +// If a port is in use, it identifies the process and gives actionable guidance. func EnsurePortsAvailable(action string, ports []PortSpec) error { + var conflicts []string for _, spec := range ports { ln, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", spec.Port)) if err != nil { if errors.Is(err, syscall.EADDRINUSE) || strings.Contains(err.Error(), "address already in use") { - return fmt.Errorf("%s cannot continue: %s (port %d) is already in use", action, spec.Name, spec.Port) + processInfo := identifyPortProcess(spec.Port) + conflicts = append(conflicts, fmt.Sprintf(" - %s (port %d): %s", spec.Name, spec.Port, processInfo)) + continue } return fmt.Errorf("%s cannot continue: failed to inspect %s (port %d): %w", action, spec.Name, spec.Port, err) } _ = ln.Close() } + if len(conflicts) > 0 { + msg := fmt.Sprintf("%s cannot continue: the following ports are already in use:\n%s\n\n", action, strings.Join(conflicts, "\n")) + msg += "Please stop the conflicting services before running this command.\n" + msg += "Common fixes:\n" + msg += " - Docker: sudo systemctl stop docker docker.socket\n" + msg += " - Old IPFS: sudo systemctl stop ipfs\n" + msg += " - systemd-resolved: already handled by installer (port 53)\n" + msg += " - Other services: sudo kill or sudo systemctl stop " + return fmt.Errorf("%s", msg) + } return nil } +// identifyPortProcess uses ss/lsof to find what process is using a port +func identifyPortProcess(port int) string { + // Try ss first (available on most Linux) + out, err := exec.Command("ss", "-tlnp", fmt.Sprintf("sport = :%d", port)).CombinedOutput() + if err == nil { + lines := strings.Split(strings.TrimSpace(string(out)), "\n") + for _, line := range lines { + if strings.Contains(line, "users:") { + // Extract process info from ss output like: users:(("docker-proxy",pid=2049,fd=4)) + if idx := strings.Index(line, "users:"); idx != -1 { + return strings.TrimSpace(line[idx:]) + } + } + } + } + + // Fallback: try lsof + out, err = exec.Command("lsof", "-i", fmt.Sprintf(":%d", port), "-sTCP:LISTEN", "-n", "-P").CombinedOutput() + if err == nil { + lines := strings.Split(strings.TrimSpace(string(out)), "\n") + if len(lines) > 1 { + return strings.TrimSpace(lines[1]) // first data line after header + } + } + + return "unknown process" +} + diff --git a/pkg/client/client.go b/pkg/client/client.go index 82e844e..d152962 100644 --- a/pkg/client/client.go +++ b/pkg/client/client.go @@ -113,6 +113,13 @@ func (c *Client) Config() *ClientConfig { return &cp } +// Host returns the underlying libp2p host for advanced usage +func (c *Client) Host() host.Host { + c.mu.RLock() + defer c.mu.RUnlock() + return c.host +} + // Connect establishes connection to the network func (c *Client) Connect() error { c.mu.Lock() diff --git a/pkg/client/database_client.go b/pkg/client/database_client.go index d60417a..cd8a85c 100644 --- a/pkg/client/database_client.go +++ b/pkg/client/database_client.go @@ -224,7 +224,16 @@ func (d *DatabaseClientImpl) connectToAvailableNode() (*gorqlite.Connection, err var conn *gorqlite.Connection var err error - conn, err = gorqlite.Open(rqliteURL) + // Disable gorqlite cluster discovery to avoid /nodes timeouts from unreachable peers. + // Use level=none to read from local SQLite directly (no leader forwarding). + // Writes are unaffected — they always go through Raft consensus. + openURL := rqliteURL + if strings.Contains(openURL, "?") { + openURL += "&disableClusterDiscovery=true&level=none" + } else { + openURL += "?disableClusterDiscovery=true&level=none" + } + conn, err = gorqlite.Open(openURL) if err != nil { lastErr = err continue diff --git a/pkg/client/interface.go b/pkg/client/interface.go index 944ebc3..2c7e40b 100644 --- a/pkg/client/interface.go +++ b/pkg/client/interface.go @@ -4,6 +4,8 @@ import ( "context" "io" "time" + + "github.com/libp2p/go-libp2p/core/host" ) // NetworkClient provides the main interface for applications to interact with the network @@ -27,6 +29,9 @@ type NetworkClient interface { // Config access (snapshot copy) Config() *ClientConfig + + // Host returns the underlying libp2p host (for advanced usage like peer discovery) + Host() host.Host } // DatabaseClient provides database operations for applications diff --git a/pkg/config/config.go b/pkg/config/config.go index e1881d3..6a1007c 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -127,7 +127,7 @@ func DefaultConfig() *Config { // IPFS storage configuration IPFS: IPFSConfig{ ClusterAPIURL: "", // Empty = disabled - APIURL: "http://localhost:5001", + APIURL: "http://localhost:4501", Timeout: 60 * time.Second, ReplicationFactor: 3, EnableEncryption: true, @@ -158,7 +158,7 @@ func DefaultConfig() *Config { OlricServers: []string{"localhost:3320"}, OlricTimeout: 10 * time.Second, IPFSClusterAPIURL: "http://localhost:9094", - IPFSAPIURL: "http://localhost:5001", + IPFSAPIURL: "http://localhost:4501", IPFSTimeout: 60 * time.Second, }, } diff --git a/pkg/config/database_config.go b/pkg/config/database_config.go index 533f482..3898503 100644 --- a/pkg/config/database_config.go +++ b/pkg/config/database_config.go @@ -41,8 +41,8 @@ type IPFSConfig struct { // If empty, IPFS storage is disabled for this node ClusterAPIURL string `yaml:"cluster_api_url"` - // APIURL is the IPFS HTTP API URL for content retrieval (e.g., "http://localhost:5001") - // If empty, defaults to "http://localhost:5001" + // APIURL is the IPFS HTTP API URL for content retrieval (e.g., "http://localhost:4501") + // If empty, defaults to "http://localhost:4501" APIURL string `yaml:"api_url"` // Timeout for IPFS operations diff --git a/pkg/config/gateway_config.go b/pkg/config/gateway_config.go index 38b4614..d277be9 100644 --- a/pkg/config/gateway_config.go +++ b/pkg/config/gateway_config.go @@ -19,6 +19,7 @@ type HTTPGatewayConfig struct { IPFSClusterAPIURL string `yaml:"ipfs_cluster_api_url"` // IPFS Cluster API URL IPFSAPIURL string `yaml:"ipfs_api_url"` // IPFS API URL IPFSTimeout time.Duration `yaml:"ipfs_timeout"` // Timeout for IPFS operations + BaseDomain string `yaml:"base_domain"` // Base domain for deployments (e.g., "dbrs.space"). Defaults to "dbrs.space" } // HTTPSConfig contains HTTPS/TLS configuration for the gateway diff --git a/pkg/config/validate/validators.go b/pkg/config/validate/validators.go index 19dc223..8195ec9 100644 --- a/pkg/config/validate/validators.go +++ b/pkg/config/validate/validators.go @@ -167,9 +167,26 @@ func ExtractTCPPort(multiaddrStr string) string { return "" } +// ExtractSwarmKeyHex extracts just the 64-char hex portion from a swarm key input. +// Handles both raw hex ("ABCD...") and full file content ("/key/swarm/psk/1.0.0/\n/base16/\nABCD...\n"). +func ExtractSwarmKeyHex(input string) string { + input = strings.TrimSpace(input) + // If it contains the swarm key header, extract the last non-empty line (the hex) + if strings.Contains(input, "/key/swarm/") || strings.Contains(input, "/base16/") { + lines := strings.Split(input, "\n") + for i := len(lines) - 1; i >= 0; i-- { + line := strings.TrimSpace(lines[i]) + if line != "" && !strings.HasPrefix(line, "/") { + return line + } + } + } + return input +} + // ValidateSwarmKey validates that a swarm key is 64 hex characters. func ValidateSwarmKey(key string) error { - key = strings.TrimSpace(key) + key = ExtractSwarmKeyHex(key) if len(key) != 64 { return fmt.Errorf("swarm key must be 64 hex characters (32 bytes), got %d", len(key)) } diff --git a/pkg/coredns/README.md b/pkg/coredns/README.md new file mode 100644 index 0000000..9d5d562 --- /dev/null +++ b/pkg/coredns/README.md @@ -0,0 +1,439 @@ +# CoreDNS RQLite Plugin + +This directory contains a custom CoreDNS plugin that serves DNS records from RQLite, enabling dynamic DNS for Orama Network deployments. + +## Architecture + +The plugin provides: +- **Dynamic DNS Records**: Queries RQLite for DNS records in real-time +- **Caching**: In-memory cache to reduce database load +- **Health Monitoring**: Periodic health checks of RQLite connection +- **Wildcard Support**: Handles wildcard DNS patterns (e.g., `*.node-xyz.orama.network`) + +## Building CoreDNS with RQLite Plugin + +CoreDNS plugins must be compiled into the binary. Follow these steps: + +### 1. Install Prerequisites + +```bash +# Install Go 1.21 or later +wget https://go.dev/dl/go1.21.6.linux-amd64.tar.gz +sudo rm -rf /usr/local/go +sudo tar -C /usr/local -xzf go1.21.6.linux-amd64.tar.gz +export PATH=$PATH:/usr/local/go/bin + +# Verify Go installation +go version +``` + +### 2. Clone CoreDNS + +```bash +cd /tmp +git clone https://github.com/coredns/coredns.git +cd coredns +git checkout v1.11.1 # Match the version in install script +``` + +### 3. Add RQLite Plugin + +Edit `plugin.cfg` in the CoreDNS root directory and add the rqlite plugin in the appropriate position (after `cache`, before `forward`): + +``` +# plugin.cfg +cache:cache +rqlite:github.com/DeBrosOfficial/network/pkg/coredns/rqlite +forward:forward +``` + +### 4. Copy Plugin Code + +```bash +# From your network repository root +cd /path/to/network +cp -r pkg/coredns/rqlite /tmp/coredns/plugin/ +``` + +### 5. Update go.mod + +```bash +cd /tmp/coredns + +# Add your module as a dependency +go mod edit -replace github.com/DeBrosOfficial/network=/path/to/network + +# Get dependencies +go get github.com/DeBrosOfficial/network/pkg/coredns/rqlite +go mod tidy +``` + +### 6. Build CoreDNS + +```bash +make +``` + +This creates the `coredns` binary in the current directory with the RQLite plugin compiled in. + +### 7. Verify Plugin + +```bash +./coredns -plugins | grep rqlite +``` + +You should see: +``` +dns.rqlite +``` + +## Installation on Nodes + +### Using the Install Script + +```bash +# Build custom CoreDNS first (see above) +# Then copy the binary to the network repo +cp /tmp/coredns/coredns /path/to/network/bin/ + +# Run install script on each node +cd /path/to/network +sudo ./scripts/install-coredns.sh + +# The script will: +# 1. Copy coredns binary to /usr/local/bin/ +# 2. Create config directories +# 3. Install systemd service +# 4. Set up proper permissions +``` + +### Manual Installation + +If you prefer manual installation: + +```bash +# 1. Copy binary +sudo cp coredns /usr/local/bin/ +sudo chmod +x /usr/local/bin/coredns + +# 2. Create directories +sudo mkdir -p /etc/coredns +sudo mkdir -p /var/lib/coredns +sudo chown debros:debros /var/lib/coredns + +# 3. Copy configuration +sudo cp configs/coredns/Corefile /etc/coredns/ + +# 4. Install systemd service +sudo cp configs/coredns/coredns.service /etc/systemd/system/ +sudo systemctl daemon-reload + +# 5. Configure firewall +sudo ufw allow 53/tcp +sudo ufw allow 53/udp +sudo ufw allow 8080/tcp # Health check +sudo ufw allow 9153/tcp # Metrics + +# 6. Start service +sudo systemctl enable coredns +sudo systemctl start coredns +``` + +## Configuration + +### Corefile + +The Corefile at `/etc/coredns/Corefile` configures CoreDNS behavior: + +```corefile +orama.network { + rqlite { + dsn http://localhost:5001 # RQLite HTTP endpoint + refresh 10s # Health check interval + ttl 300 # Cache TTL in seconds + cache_size 10000 # Max cached entries + } + + cache { + success 10000 300 # Cache successful responses + denial 5000 60 # Cache NXDOMAIN responses + prefetch 10 # Prefetch before expiry + } + + log { class denial error } + errors + health :8080 + prometheus :9153 +} + +. { + forward . 8.8.8.8 8.8.4.4 1.1.1.1 + cache 300 + errors +} +``` + +### RQLite Connection + +Ensure RQLite is running and accessible: + +```bash +# Test RQLite connectivity +curl http://localhost:5001/status + +# Test DNS record query +curl -G http://localhost:5001/db/query \ + --data-urlencode 'q=SELECT * FROM dns_records LIMIT 5' +``` + +## Testing + +### 1. Add Test DNS Record + +```bash +# Via RQLite +curl -XPOST 'http://localhost:5001/db/execute' \ + -H 'Content-Type: application/json' \ + -d '[ + ["INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active) VALUES (?, ?, ?, ?, ?, ?, ?)", + "test.orama.network.", "A", "1.2.3.4", 300, "test", "system", true] + ]' +``` + +### 2. Query CoreDNS + +```bash +# Query local CoreDNS +dig @localhost test.orama.network + +# Expected output: +# ;; ANSWER SECTION: +# test.orama.network. 300 IN A 1.2.3.4 + +# Query from remote machine +dig @ test.orama.network +``` + +### 3. Test Wildcard + +```bash +# Add wildcard record +curl -XPOST 'http://localhost:5001/db/execute' \ + -H 'Content-Type: application/json' \ + -d '[ + ["INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active) VALUES (?, ?, ?, ?, ?, ?, ?)", + "*.node-abc123.orama.network.", "A", "1.2.3.4", 300, "test", "system", true] + ]' + +# Test wildcard resolution +dig @localhost app1.node-abc123.orama.network +dig @localhost app2.node-abc123.orama.network +``` + +### 4. Check Health + +```bash +# Health check endpoint +curl http://localhost:8080/health + +# Prometheus metrics +curl http://localhost:9153/metrics | grep coredns_rqlite +``` + +### 5. Monitor Logs + +```bash +# Follow CoreDNS logs +sudo journalctl -u coredns -f + +# Check for errors +sudo journalctl -u coredns --since "10 minutes ago" | grep -i error +``` + +## Monitoring + +### Metrics + +CoreDNS exports Prometheus metrics on port 9153: + +- `coredns_dns_requests_total` - Total DNS requests +- `coredns_dns_responses_total` - Total DNS responses by rcode +- `coredns_cache_hits_total` - Cache hit rate +- `coredns_cache_misses_total` - Cache miss rate + +### Health Checks + +The health endpoint at `:8080/health` returns: +- `200 OK` if RQLite is healthy +- `503 Service Unavailable` if RQLite is unhealthy + +## Troubleshooting + +### Plugin Not Found + +If CoreDNS fails to start with "plugin not found": +1. Verify plugin was compiled in: `coredns -plugins | grep rqlite` +2. Rebuild CoreDNS with plugin included (see Build section) + +### RQLite Connection Failed + +```bash +# Check RQLite is running +sudo systemctl status rqlite + +# Test RQLite HTTP API +curl http://localhost:5001/status + +# Check firewall +sudo ufw status | grep 5001 +``` + +### DNS Queries Not Working + +```bash +# 1. Check CoreDNS is listening on port 53 +sudo netstat -tulpn | grep :53 + +# 2. Test local query +dig @127.0.0.1 test.orama.network + +# 3. Check logs for errors +sudo journalctl -u coredns --since "5 minutes ago" + +# 4. Verify DNS records exist in RQLite +curl -G http://localhost:5001/db/query \ + --data-urlencode 'q=SELECT * FROM dns_records WHERE is_active = TRUE' +``` + +### Cache Issues + +If DNS responses are stale: + +```bash +# Restart CoreDNS to clear cache +sudo systemctl restart coredns + +# Or reduce cache TTL in Corefile: +# cache { +# success 10000 60 # Reduce to 60 seconds +# } +``` + +## Production Deployment + +### 1. Deploy to All Nameservers + +Install CoreDNS on all 4 nameserver nodes (ns1-ns4). + +### 2. Configure Registrar + +At your domain registrar, set NS records for `orama.network`: + +``` +orama.network. IN NS ns1.orama.network. +orama.network. IN NS ns2.orama.network. +orama.network. IN NS ns3.orama.network. +orama.network. IN NS ns4.orama.network. +``` + +Add glue records: + +``` +ns1.orama.network. IN A +ns2.orama.network. IN A +ns3.orama.network. IN A +ns4.orama.network. IN A +``` + +### 3. Verify Propagation + +```bash +# Check NS records +dig NS orama.network + +# Check from public DNS +dig @8.8.8.8 test.orama.network + +# Check from all nameservers +dig @ns1.orama.network test.orama.network +dig @ns2.orama.network test.orama.network +dig @ns3.orama.network test.orama.network +dig @ns4.orama.network test.orama.network +``` + +### 4. Monitor + +Set up monitoring for: +- CoreDNS uptime on all nodes +- DNS query latency +- Cache hit rate +- RQLite connection health +- Query error rate + +## Security + +### Firewall + +Only expose necessary ports: +- Port 53 (DNS): Public +- Port 8080 (Health): Internal only +- Port 9153 (Metrics): Internal only +- Port 5001 (RQLite): Internal only + +```bash +# Allow DNS from anywhere +sudo ufw allow 53/tcp +sudo ufw allow 53/udp + +# Restrict health and metrics to internal network +sudo ufw allow from 10.0.0.0/8 to any port 8080 +sudo ufw allow from 10.0.0.0/8 to any port 9153 +``` + +### DNS Security + +- Enable DNSSEC (future enhancement) +- Rate limit queries (add to Corefile) +- Monitor for DNS amplification attacks +- Validate RQLite data integrity + +## Performance Tuning + +### Cache Optimization + +Adjust cache settings based on query patterns: + +```corefile +cache { + success 50000 600 # 50k entries, 10 min TTL + denial 10000 300 # 10k NXDOMAIN, 5 min TTL + prefetch 20 # Prefetch 20s before expiry +} +``` + +### RQLite Connection Pool + +The plugin maintains a connection pool: +- Max idle connections: 10 +- Idle timeout: 90s +- Request timeout: 10s + +Adjust in `client.go` if needed for higher load. + +### System Limits + +```bash +# Increase file descriptor limit +# Add to /etc/security/limits.conf: +debros soft nofile 65536 +debros hard nofile 65536 +``` + +## Next Steps + +After CoreDNS is operational: +1. Implement automatic DNS record creation in deployment handlers +2. Add DNS record cleanup for deleted deployments +3. Set up DNS monitoring and alerting +4. Configure domain routing middleware in gateway +5. Test end-to-end deployment flow diff --git a/pkg/coredns/rqlite/backend.go b/pkg/coredns/rqlite/backend.go new file mode 100644 index 0000000..54696e5 --- /dev/null +++ b/pkg/coredns/rqlite/backend.go @@ -0,0 +1,290 @@ +package rqlite + +import ( + "context" + "fmt" + "net" + "strings" + "sync" + "time" + + "github.com/miekg/dns" + "go.uber.org/zap" +) + +// DNSRecord represents a DNS record from RQLite +type DNSRecord struct { + FQDN string + Type uint16 + Value string + TTL int + ParsedValue interface{} // Parsed IP or string value +} + +// Backend handles RQLite connections and queries +type Backend struct { + dsn string + client *RQLiteClient + logger *zap.Logger + refreshRate time.Duration + mu sync.RWMutex + healthy bool +} + +// NewBackend creates a new RQLite backend +func NewBackend(dsn string, refreshRate time.Duration, logger *zap.Logger) (*Backend, error) { + client, err := NewRQLiteClient(dsn, logger) + if err != nil { + return nil, fmt.Errorf("failed to create RQLite client: %w", err) + } + + b := &Backend{ + dsn: dsn, + client: client, + logger: logger, + refreshRate: refreshRate, + healthy: false, + } + + // Test connection + if err := b.ping(); err != nil { + return nil, fmt.Errorf("failed to ping RQLite: %w", err) + } + + b.healthy = true + + // Start health check goroutine + go b.healthCheck() + + return b, nil +} + +// Query retrieves DNS records from RQLite +func (b *Backend) Query(ctx context.Context, fqdn string, qtype uint16) ([]*DNSRecord, error) { + b.mu.RLock() + defer b.mu.RUnlock() + + // Normalize FQDN + fqdn = dns.Fqdn(strings.ToLower(fqdn)) + + // Map DNS query type to string + recordType := qTypeToString(qtype) + + // Query active records matching FQDN and type + query := ` + SELECT fqdn, record_type, value, ttl + FROM dns_records + WHERE fqdn = ? AND record_type = ? AND is_active = TRUE + ` + + rows, err := b.client.Query(ctx, query, fqdn, recordType) + if err != nil { + return nil, fmt.Errorf("query failed: %w", err) + } + + records := make([]*DNSRecord, 0) + for _, row := range rows { + if len(row) < 4 { + continue + } + + fqdnVal, _ := row[0].(string) + typeVal, _ := row[1].(string) + valueVal, _ := row[2].(string) + ttlVal, _ := row[3].(float64) + + // Parse the value based on record type + parsedValue, err := b.parseValue(typeVal, valueVal) + if err != nil { + b.logger.Warn("Failed to parse record value", + zap.String("fqdn", fqdnVal), + zap.String("type", typeVal), + zap.String("value", valueVal), + zap.Error(err), + ) + continue + } + + record := &DNSRecord{ + FQDN: fqdnVal, + Type: stringToQType(typeVal), + Value: valueVal, + TTL: int(ttlVal), + ParsedValue: parsedValue, + } + + records = append(records, record) + } + + return records, nil +} + +// parseValue parses a DNS record value based on its type +func (b *Backend) parseValue(recordType, value string) (interface{}, error) { + switch strings.ToUpper(recordType) { + case "A": + ip := net.ParseIP(value) + if ip == nil || ip.To4() == nil { + return nil, fmt.Errorf("invalid IPv4 address: %s", value) + } + return &dns.A{A: ip.To4()}, nil + + case "AAAA": + ip := net.ParseIP(value) + if ip == nil || ip.To16() == nil { + return nil, fmt.Errorf("invalid IPv6 address: %s", value) + } + return &dns.AAAA{AAAA: ip.To16()}, nil + + case "CNAME": + return dns.Fqdn(value), nil + + case "TXT": + return []string{value}, nil + + case "NS": + return dns.Fqdn(value), nil + + case "SOA": + // SOA format: "mname rname serial refresh retry expire minimum" + // Example: "ns1.dbrs.space. admin.dbrs.space. 2026012401 3600 1800 604800 300" + return b.parseSOA(value) + + default: + return nil, fmt.Errorf("unsupported record type: %s", recordType) + } +} + +// parseSOA parses a SOA record value string +// Format: "mname rname serial refresh retry expire minimum" +func (b *Backend) parseSOA(value string) (*dns.SOA, error) { + parts := strings.Fields(value) + if len(parts) < 7 { + return nil, fmt.Errorf("invalid SOA format, expected 7 fields: %s", value) + } + + serial, err := parseUint32(parts[2]) + if err != nil { + return nil, fmt.Errorf("invalid SOA serial: %w", err) + } + refresh, err := parseUint32(parts[3]) + if err != nil { + return nil, fmt.Errorf("invalid SOA refresh: %w", err) + } + retry, err := parseUint32(parts[4]) + if err != nil { + return nil, fmt.Errorf("invalid SOA retry: %w", err) + } + expire, err := parseUint32(parts[5]) + if err != nil { + return nil, fmt.Errorf("invalid SOA expire: %w", err) + } + minttl, err := parseUint32(parts[6]) + if err != nil { + return nil, fmt.Errorf("invalid SOA minimum: %w", err) + } + + return &dns.SOA{ + Ns: dns.Fqdn(parts[0]), + Mbox: dns.Fqdn(parts[1]), + Serial: serial, + Refresh: refresh, + Retry: retry, + Expire: expire, + Minttl: minttl, + }, nil +} + +// parseUint32 parses a string to uint32 +func parseUint32(s string) (uint32, error) { + var val uint32 + _, err := fmt.Sscanf(s, "%d", &val) + return val, err +} + +// ping tests the RQLite connection +func (b *Backend) ping() error { + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + query := "SELECT 1" + _, err := b.client.Query(ctx, query) + return err +} + +// healthCheck periodically checks RQLite health +func (b *Backend) healthCheck() { + ticker := time.NewTicker(b.refreshRate) + defer ticker.Stop() + + for range ticker.C { + if err := b.ping(); err != nil { + b.mu.Lock() + b.healthy = false + b.mu.Unlock() + + b.logger.Error("Health check failed", zap.Error(err)) + } else { + b.mu.Lock() + wasUnhealthy := !b.healthy + b.healthy = true + b.mu.Unlock() + + if wasUnhealthy { + b.logger.Info("Health check recovered") + } + } + } +} + +// Healthy returns the current health status +func (b *Backend) Healthy() bool { + b.mu.RLock() + defer b.mu.RUnlock() + return b.healthy +} + +// Close closes the backend connection +func (b *Backend) Close() error { + return b.client.Close() +} + +// qTypeToString converts DNS query type to string +func qTypeToString(qtype uint16) string { + switch qtype { + case dns.TypeA: + return "A" + case dns.TypeAAAA: + return "AAAA" + case dns.TypeCNAME: + return "CNAME" + case dns.TypeTXT: + return "TXT" + case dns.TypeNS: + return "NS" + case dns.TypeSOA: + return "SOA" + default: + return dns.TypeToString[qtype] + } +} + +// stringToQType converts string to DNS query type +func stringToQType(s string) uint16 { + switch strings.ToUpper(s) { + case "A": + return dns.TypeA + case "AAAA": + return dns.TypeAAAA + case "CNAME": + return dns.TypeCNAME + case "TXT": + return dns.TypeTXT + case "NS": + return dns.TypeNS + case "SOA": + return dns.TypeSOA + default: + return 0 + } +} diff --git a/pkg/coredns/rqlite/cache.go b/pkg/coredns/rqlite/cache.go new file mode 100644 index 0000000..d68e195 --- /dev/null +++ b/pkg/coredns/rqlite/cache.go @@ -0,0 +1,135 @@ +package rqlite + +import ( + "fmt" + "sync" + "time" + + "github.com/miekg/dns" +) + +// CacheEntry represents a cached DNS response +type CacheEntry struct { + msg *dns.Msg + expiresAt time.Time +} + +// Cache implements a simple in-memory DNS response cache +type Cache struct { + entries map[string]*CacheEntry + mu sync.RWMutex + maxSize int + ttl time.Duration + hitCount uint64 + missCount uint64 +} + +// NewCache creates a new DNS response cache +func NewCache(maxSize int, ttl time.Duration) *Cache { + c := &Cache{ + entries: make(map[string]*CacheEntry), + maxSize: maxSize, + ttl: ttl, + } + + // Start cleanup goroutine + go c.cleanup() + + return c +} + +// Get retrieves a cached DNS message +func (c *Cache) Get(qname string, qtype uint16) *dns.Msg { + c.mu.RLock() + defer c.mu.RUnlock() + + key := c.key(qname, qtype) + entry, exists := c.entries[key] + + if !exists { + c.missCount++ + return nil + } + + // Check if expired + if time.Now().After(entry.expiresAt) { + c.missCount++ + return nil + } + + c.hitCount++ + return entry.msg.Copy() +} + +// Set stores a DNS message in the cache +func (c *Cache) Set(qname string, qtype uint16, msg *dns.Msg) { + c.mu.Lock() + defer c.mu.Unlock() + + // Enforce max size + if len(c.entries) >= c.maxSize { + // Remove oldest entry (simple eviction strategy) + c.evictOldest() + } + + key := c.key(qname, qtype) + c.entries[key] = &CacheEntry{ + msg: msg.Copy(), + expiresAt: time.Now().Add(c.ttl), + } +} + +// key generates a cache key from qname and qtype +func (c *Cache) key(qname string, qtype uint16) string { + return fmt.Sprintf("%s:%d", qname, qtype) +} + +// evictOldest removes the oldest entry from the cache +func (c *Cache) evictOldest() { + var oldestKey string + var oldestTime time.Time + first := true + + for key, entry := range c.entries { + if first || entry.expiresAt.Before(oldestTime) { + oldestKey = key + oldestTime = entry.expiresAt + first = false + } + } + + if oldestKey != "" { + delete(c.entries, oldestKey) + } +} + +// cleanup periodically removes expired entries +func (c *Cache) cleanup() { + ticker := time.NewTicker(1 * time.Minute) + defer ticker.Stop() + + for range ticker.C { + c.mu.Lock() + now := time.Now() + for key, entry := range c.entries { + if now.After(entry.expiresAt) { + delete(c.entries, key) + } + } + c.mu.Unlock() + } +} + +// Stats returns cache statistics +func (c *Cache) Stats() (hits, misses uint64, size int) { + c.mu.RLock() + defer c.mu.RUnlock() + return c.hitCount, c.missCount, len(c.entries) +} + +// Clear removes all entries from the cache +func (c *Cache) Clear() { + c.mu.Lock() + defer c.mu.Unlock() + c.entries = make(map[string]*CacheEntry) +} diff --git a/pkg/coredns/rqlite/client.go b/pkg/coredns/rqlite/client.go new file mode 100644 index 0000000..f6f64b9 --- /dev/null +++ b/pkg/coredns/rqlite/client.go @@ -0,0 +1,101 @@ +package rqlite + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "time" + + "go.uber.org/zap" +) + +// RQLiteClient is a simple HTTP client for RQLite +type RQLiteClient struct { + baseURL string + httpClient *http.Client + logger *zap.Logger +} + +// QueryResponse represents the RQLite query response +type QueryResponse struct { + Results []QueryResult `json:"results"` +} + +// QueryResult represents a single query result +type QueryResult struct { + Columns []string `json:"columns"` + Types []string `json:"types"` + Values [][]interface{} `json:"values"` + Error string `json:"error"` +} + +// NewRQLiteClient creates a new RQLite HTTP client +func NewRQLiteClient(dsn string, logger *zap.Logger) (*RQLiteClient, error) { + return &RQLiteClient{ + baseURL: dsn, + httpClient: &http.Client{ + Timeout: 10 * time.Second, + Transport: &http.Transport{ + MaxIdleConns: 10, + MaxIdleConnsPerHost: 10, + IdleConnTimeout: 90 * time.Second, + }, + }, + logger: logger, + }, nil +} + +// Query executes a SQL query and returns the results +func (c *RQLiteClient) Query(ctx context.Context, query string, args ...interface{}) ([][]interface{}, error) { + // Build parameterized query + queries := [][]interface{}{append([]interface{}{query}, args...)} + + reqBody, err := json.Marshal(queries) + if err != nil { + return nil, fmt.Errorf("failed to marshal query: %w", err) + } + + url := c.baseURL + "/db/query" + req, err := http.NewRequestWithContext(ctx, "POST", url, bytes.NewReader(reqBody)) + if err != nil { + return nil, fmt.Errorf("failed to create request: %w", err) + } + + req.Header.Set("Content-Type", "application/json") + + resp, err := c.httpClient.Do(req) + if err != nil { + return nil, fmt.Errorf("request failed: %w", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + body, _ := io.ReadAll(resp.Body) + return nil, fmt.Errorf("query failed with status %d: %s", resp.StatusCode, string(body)) + } + + var queryResp QueryResponse + if err := json.NewDecoder(resp.Body).Decode(&queryResp); err != nil { + return nil, fmt.Errorf("failed to decode response: %w", err) + } + + if len(queryResp.Results) == 0 { + return [][]interface{}{}, nil + } + + result := queryResp.Results[0] + if result.Error != "" { + return nil, fmt.Errorf("query error: %s", result.Error) + } + + return result.Values, nil +} + +// Close closes the HTTP client +func (c *RQLiteClient) Close() error { + c.httpClient.CloseIdleConnections() + return nil +} diff --git a/pkg/coredns/rqlite/plugin.go b/pkg/coredns/rqlite/plugin.go new file mode 100644 index 0000000..f4f8a11 --- /dev/null +++ b/pkg/coredns/rqlite/plugin.go @@ -0,0 +1,201 @@ +package rqlite + +import ( + "context" + "time" + + "github.com/coredns/coredns/plugin" + "github.com/coredns/coredns/request" + "github.com/miekg/dns" + "go.uber.org/zap" +) + +// RQLitePlugin implements the CoreDNS plugin interface +type RQLitePlugin struct { + Next plugin.Handler + logger *zap.Logger + backend *Backend + cache *Cache + zones []string +} + +// Name returns the plugin name +func (p *RQLitePlugin) Name() string { + return "rqlite" +} + +// ServeDNS implements the plugin.Handler interface +func (p *RQLitePlugin) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) { + state := request.Request{W: w, Req: r} + + // Only handle queries for our configured zones + if !p.isOurZone(state.Name()) { + return plugin.NextOrFailure(p.Name(), p.Next, ctx, w, r) + } + + // Check cache first + if cachedMsg := p.cache.Get(state.Name(), state.QType()); cachedMsg != nil { + p.logger.Debug("Cache hit", + zap.String("qname", state.Name()), + zap.Uint16("qtype", state.QType()), + ) + cachedMsg.SetReply(r) + w.WriteMsg(cachedMsg) + return dns.RcodeSuccess, nil + } + + // Query RQLite backend + records, err := p.backend.Query(ctx, state.Name(), state.QType()) + if err != nil { + p.logger.Error("Backend query failed", + zap.String("qname", state.Name()), + zap.Error(err), + ) + return dns.RcodeServerFailure, err + } + + // If no exact match, try wildcard + if len(records) == 0 { + wildcardName := p.getWildcardName(state.Name()) + if wildcardName != "" { + records, err = p.backend.Query(ctx, wildcardName, state.QType()) + if err != nil { + p.logger.Error("Wildcard query failed", + zap.String("wildcard", wildcardName), + zap.Error(err), + ) + return dns.RcodeServerFailure, err + } + } + } + + // No records found + if len(records) == 0 { + p.logger.Debug("No records found", + zap.String("qname", state.Name()), + zap.Uint16("qtype", state.QType()), + ) + return p.handleNXDomain(ctx, w, r, &state) + } + + // Build response + msg := new(dns.Msg) + msg.SetReply(r) + msg.Authoritative = true + + for _, record := range records { + rr := p.buildRR(state.Name(), record) + if rr != nil { + msg.Answer = append(msg.Answer, rr) + } + } + + // Cache the response + p.cache.Set(state.Name(), state.QType(), msg) + + w.WriteMsg(msg) + return dns.RcodeSuccess, nil +} + +// isOurZone checks if the query is for one of our configured zones +func (p *RQLitePlugin) isOurZone(qname string) bool { + for _, zone := range p.zones { + if plugin.Name(zone).Matches(qname) { + return true + } + } + return false +} + +// getWildcardName extracts the wildcard pattern for a given name +// e.g., myapp.node-7prvNa.orama.network -> *.node-7prvNa.orama.network +func (p *RQLitePlugin) getWildcardName(qname string) string { + labels := dns.SplitDomainName(qname) + if len(labels) < 3 { + return "" + } + + // Replace first label with wildcard + labels[0] = "*" + return dns.Fqdn(dns.Fqdn(labels[0] + "." + labels[1] + "." + labels[2])) +} + +// buildRR builds a DNS resource record from a DNSRecord +func (p *RQLitePlugin) buildRR(qname string, record *DNSRecord) dns.RR { + header := dns.RR_Header{ + Name: qname, + Rrtype: record.Type, + Class: dns.ClassINET, + Ttl: uint32(record.TTL), + } + + switch record.Type { + case dns.TypeA: + return &dns.A{ + Hdr: header, + A: record.ParsedValue.(*dns.A).A, + } + case dns.TypeAAAA: + return &dns.AAAA{ + Hdr: header, + AAAA: record.ParsedValue.(*dns.AAAA).AAAA, + } + case dns.TypeCNAME: + return &dns.CNAME{ + Hdr: header, + Target: record.ParsedValue.(string), + } + case dns.TypeTXT: + return &dns.TXT{ + Hdr: header, + Txt: record.ParsedValue.([]string), + } + case dns.TypeNS: + return &dns.NS{ + Hdr: header, + Ns: record.ParsedValue.(string), + } + case dns.TypeSOA: + soa := record.ParsedValue.(*dns.SOA) + soa.Hdr = header + return soa + default: + p.logger.Warn("Unsupported record type", + zap.Uint16("type", record.Type), + ) + return nil + } +} + +// handleNXDomain handles the case where no records are found +func (p *RQLitePlugin) handleNXDomain(ctx context.Context, w dns.ResponseWriter, r *dns.Msg, state *request.Request) (int, error) { + msg := new(dns.Msg) + msg.SetRcode(r, dns.RcodeNameError) + msg.Authoritative = true + + // Add SOA record for negative caching + soa := &dns.SOA{ + Hdr: dns.RR_Header{ + Name: p.zones[0], + Rrtype: dns.TypeSOA, + Class: dns.ClassINET, + Ttl: 300, + }, + Ns: "ns1." + p.zones[0], + Mbox: "admin." + p.zones[0], + Serial: uint32(time.Now().Unix()), + Refresh: 3600, + Retry: 600, + Expire: 86400, + Minttl: 300, + } + msg.Ns = append(msg.Ns, soa) + + w.WriteMsg(msg) + return dns.RcodeNameError, nil +} + +// Ready implements the ready.Readiness interface +func (p *RQLitePlugin) Ready() bool { + return p.backend.Healthy() +} diff --git a/pkg/coredns/rqlite/setup.go b/pkg/coredns/rqlite/setup.go new file mode 100644 index 0000000..a694f86 --- /dev/null +++ b/pkg/coredns/rqlite/setup.go @@ -0,0 +1,126 @@ +package rqlite + +import ( + "fmt" + "strconv" + "time" + + "github.com/coredns/caddy" + "github.com/coredns/coredns/core/dnsserver" + "github.com/coredns/coredns/plugin" + "go.uber.org/zap" +) + +func init() { + plugin.Register("rqlite", setup) +} + +// setup configures the rqlite plugin +func setup(c *caddy.Controller) error { + p, err := parseConfig(c) + if err != nil { + return plugin.Error("rqlite", err) + } + + dnsserver.GetConfig(c).AddPlugin(func(next plugin.Handler) plugin.Handler { + p.Next = next + return p + }) + + return nil +} + +// parseConfig parses the Corefile configuration +func parseConfig(c *caddy.Controller) (*RQLitePlugin, error) { + logger, err := zap.NewProduction() + if err != nil { + return nil, fmt.Errorf("failed to create logger: %w", err) + } + + var ( + dsn = "http://localhost:5001" + refreshRate = 10 * time.Second + cacheTTL = 300 * time.Second + cacheSize = 10000 + zones []string + ) + + // Parse zone arguments + for c.Next() { + // Note: c.Val() returns the plugin name "rqlite", not the zone + // Get zones from remaining args or server block keys + zones = append(zones, plugin.OriginsFromArgsOrServerBlock(c.RemainingArgs(), c.ServerBlockKeys)...) + + // Parse plugin configuration block + for c.NextBlock() { + switch c.Val() { + case "dsn": + if !c.NextArg() { + return nil, c.ArgErr() + } + dsn = c.Val() + + case "refresh": + if !c.NextArg() { + return nil, c.ArgErr() + } + dur, err := time.ParseDuration(c.Val()) + if err != nil { + return nil, fmt.Errorf("invalid refresh duration: %w", err) + } + refreshRate = dur + + case "ttl": + if !c.NextArg() { + return nil, c.ArgErr() + } + ttlVal, err := strconv.Atoi(c.Val()) + if err != nil { + return nil, fmt.Errorf("invalid TTL: %w", err) + } + cacheTTL = time.Duration(ttlVal) * time.Second + + case "cache_size": + if !c.NextArg() { + return nil, c.ArgErr() + } + size, err := strconv.Atoi(c.Val()) + if err != nil { + return nil, fmt.Errorf("invalid cache size: %w", err) + } + cacheSize = size + + default: + return nil, c.Errf("unknown property '%s'", c.Val()) + } + } + } + + if len(zones) == 0 { + zones = []string{"."} + } + + // Create backend + backend, err := NewBackend(dsn, refreshRate, logger) + if err != nil { + return nil, fmt.Errorf("failed to create backend: %w", err) + } + + // Create cache + cache := NewCache(cacheSize, cacheTTL) + + logger.Info("RQLite plugin initialized", + zap.String("dsn", dsn), + zap.Duration("refresh", refreshRate), + zap.Duration("cache_ttl", cacheTTL), + zap.Int("cache_size", cacheSize), + zap.Strings("zones", zones), + ) + + return &RQLitePlugin{ + logger: logger, + backend: backend, + cache: cache, + zones: zones, + }, nil +} diff --git a/pkg/database/database.go b/pkg/database/database.go new file mode 100644 index 0000000..87281b2 --- /dev/null +++ b/pkg/database/database.go @@ -0,0 +1,24 @@ +// Package database provides a generic database interface for the deployment system. +// This allows different database implementations (RQLite, SQLite, etc.) to be used +// interchangeably throughout the deployment handlers. +package database + +import "context" + +// Database is a generic interface for database operations +// It provides methods for executing queries and commands that can be implemented +// by various database clients (RQLite, SQLite, etc.) +type Database interface { + // Query executes a SELECT query and scans results into dest + // dest should be a pointer to a slice of structs with `db` tags + Query(ctx context.Context, dest interface{}, query string, args ...interface{}) error + + // QueryOne executes a SELECT query and scans a single result into dest + // dest should be a pointer to a struct with `db` tags + // Returns an error if no rows are found or multiple rows are returned + QueryOne(ctx context.Context, dest interface{}, query string, args ...interface{}) error + + // Exec executes an INSERT, UPDATE, or DELETE query + // Returns the result (typically last insert ID or rows affected) + Exec(ctx context.Context, query string, args ...interface{}) (interface{}, error) +} diff --git a/pkg/deployments/health/checker.go b/pkg/deployments/health/checker.go new file mode 100644 index 0000000..69c0c0f --- /dev/null +++ b/pkg/deployments/health/checker.go @@ -0,0 +1,271 @@ +package health + +import ( + "context" + "fmt" + "net/http" + "sync" + "time" + + "github.com/DeBrosOfficial/network/pkg/database" + "go.uber.org/zap" +) + +// deploymentRow represents a deployment record for health checking +type deploymentRow struct { + ID string `db:"id"` + Namespace string `db:"namespace"` + Name string `db:"name"` + Type string `db:"type"` + Port int `db:"port"` + HealthCheckPath string `db:"health_check_path"` + HomeNodeID string `db:"home_node_id"` +} + +// HealthChecker monitors deployment health +type HealthChecker struct { + db database.Database + logger *zap.Logger + workers int + mu sync.RWMutex + active map[string]bool // deployment_id -> is_active +} + +// NewHealthChecker creates a new health checker +func NewHealthChecker(db database.Database, logger *zap.Logger) *HealthChecker { + return &HealthChecker{ + db: db, + logger: logger, + workers: 10, + active: make(map[string]bool), + } +} + +// Start begins health monitoring +func (hc *HealthChecker) Start(ctx context.Context) error { + hc.logger.Info("Starting health checker", zap.Int("workers", hc.workers)) + + ticker := time.NewTicker(30 * time.Second) + defer ticker.Stop() + + for { + select { + case <-ctx.Done(): + hc.logger.Info("Health checker stopped") + return ctx.Err() + case <-ticker.C: + if err := hc.checkAllDeployments(ctx); err != nil { + hc.logger.Error("Health check cycle failed", zap.Error(err)) + } + } + } +} + +// checkAllDeployments checks all active deployments +func (hc *HealthChecker) checkAllDeployments(ctx context.Context) error { + var rows []deploymentRow + query := ` + SELECT id, namespace, name, type, port, health_check_path, home_node_id + FROM deployments + WHERE status = 'active' AND type IN ('nextjs', 'nodejs-backend', 'go-backend') + ` + + err := hc.db.Query(ctx, &rows, query) + if err != nil { + return fmt.Errorf("failed to query deployments: %w", err) + } + + hc.logger.Info("Checking deployments", zap.Int("count", len(rows))) + + // Process in parallel + sem := make(chan struct{}, hc.workers) + var wg sync.WaitGroup + + for _, row := range rows { + wg.Add(1) + go func(r deploymentRow) { + defer wg.Done() + sem <- struct{}{} + defer func() { <-sem }() + + healthy := hc.checkDeployment(ctx, r) + hc.recordHealthCheck(ctx, r.ID, healthy) + }(row) + } + + wg.Wait() + return nil +} + +// checkDeployment checks a single deployment +func (hc *HealthChecker) checkDeployment(ctx context.Context, dep deploymentRow) bool { + if dep.Port == 0 { + // Static deployments are always healthy + return true + } + + // Check local port + url := fmt.Sprintf("http://localhost:%d%s", dep.Port, dep.HealthCheckPath) + + checkCtx, cancel := context.WithTimeout(ctx, 5*time.Second) + defer cancel() + + req, err := http.NewRequestWithContext(checkCtx, "GET", url, nil) + if err != nil { + hc.logger.Error("Failed to create health check request", + zap.String("deployment", dep.Name), + zap.Error(err), + ) + return false + } + + client := &http.Client{Timeout: 5 * time.Second} + resp, err := client.Do(req) + if err != nil { + hc.logger.Warn("Health check failed", + zap.String("deployment", dep.Name), + zap.String("namespace", dep.Namespace), + zap.String("url", url), + zap.Error(err), + ) + return false + } + defer resp.Body.Close() + + healthy := resp.StatusCode >= 200 && resp.StatusCode < 300 + + if !healthy { + hc.logger.Warn("Health check returned unhealthy status", + zap.String("deployment", dep.Name), + zap.Int("status", resp.StatusCode), + ) + } + + return healthy +} + +// recordHealthCheck records the health check result +func (hc *HealthChecker) recordHealthCheck(ctx context.Context, deploymentID string, healthy bool) { + status := "healthy" + if !healthy { + status = "unhealthy" + } + + query := ` + INSERT INTO deployment_health_checks (deployment_id, status, checked_at, response_time_ms) + VALUES (?, ?, ?, ?) + ` + + _, err := hc.db.Exec(ctx, query, deploymentID, status, time.Now(), 0) + if err != nil { + hc.logger.Error("Failed to record health check", + zap.String("deployment", deploymentID), + zap.Error(err), + ) + } + + // Track consecutive failures + hc.checkConsecutiveFailures(ctx, deploymentID, healthy) +} + +// checkConsecutiveFailures marks deployment as failed after 3 consecutive failures +func (hc *HealthChecker) checkConsecutiveFailures(ctx context.Context, deploymentID string, currentHealthy bool) { + if currentHealthy { + return + } + + type healthRow struct { + Status string `db:"status"` + } + + var rows []healthRow + query := ` + SELECT status + FROM deployment_health_checks + WHERE deployment_id = ? + ORDER BY checked_at DESC + LIMIT 3 + ` + + err := hc.db.Query(ctx, &rows, query, deploymentID) + if err != nil { + hc.logger.Error("Failed to query health history", zap.Error(err)) + return + } + + // Check if last 3 checks all failed + if len(rows) >= 3 { + allFailed := true + for _, row := range rows { + if row.Status != "unhealthy" { + allFailed = false + break + } + } + + if allFailed { + hc.logger.Error("Deployment has 3 consecutive failures, marking as failed", + zap.String("deployment", deploymentID), + ) + + updateQuery := ` + UPDATE deployments + SET status = 'failed', updated_at = ? + WHERE id = ? + ` + + _, err := hc.db.Exec(ctx, updateQuery, time.Now(), deploymentID) + if err != nil { + hc.logger.Error("Failed to mark deployment as failed", zap.Error(err)) + } + + // Record event + eventQuery := ` + INSERT INTO deployment_events (deployment_id, event_type, message, created_at) + VALUES (?, 'health_failed', 'Deployment marked as failed after 3 consecutive health check failures', ?) + ` + hc.db.Exec(ctx, eventQuery, deploymentID, time.Now()) + } + } +} + +// GetHealthStatus gets recent health checks for a deployment +func (hc *HealthChecker) GetHealthStatus(ctx context.Context, deploymentID string, limit int) ([]HealthCheck, error) { + type healthRow struct { + Status string `db:"status"` + CheckedAt time.Time `db:"checked_at"` + ResponseTimeMs int `db:"response_time_ms"` + } + + var rows []healthRow + query := ` + SELECT status, checked_at, response_time_ms + FROM deployment_health_checks + WHERE deployment_id = ? + ORDER BY checked_at DESC + LIMIT ? + ` + + err := hc.db.Query(ctx, &rows, query, deploymentID, limit) + if err != nil { + return nil, err + } + + checks := make([]HealthCheck, len(rows)) + for i, row := range rows { + checks[i] = HealthCheck{ + Status: row.Status, + CheckedAt: row.CheckedAt, + ResponseTimeMs: row.ResponseTimeMs, + } + } + + return checks, nil +} + +// HealthCheck represents a health check result +type HealthCheck struct { + Status string `json:"status"` + CheckedAt time.Time `json:"checked_at"` + ResponseTimeMs int `json:"response_time_ms"` +} diff --git a/pkg/deployments/home_node.go b/pkg/deployments/home_node.go new file mode 100644 index 0000000..d3d29a4 --- /dev/null +++ b/pkg/deployments/home_node.go @@ -0,0 +1,428 @@ +package deployments + +import ( + "context" + "fmt" + "time" + + "github.com/DeBrosOfficial/network/pkg/client" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// HomeNodeManager manages namespace-to-node assignments +type HomeNodeManager struct { + db rqlite.Client + portAllocator *PortAllocator + logger *zap.Logger +} + +// NewHomeNodeManager creates a new home node manager +func NewHomeNodeManager(db rqlite.Client, portAllocator *PortAllocator, logger *zap.Logger) *HomeNodeManager { + return &HomeNodeManager{ + db: db, + portAllocator: portAllocator, + logger: logger, + } +} + +// AssignHomeNode assigns a home node to a namespace (or returns existing assignment) +func (hnm *HomeNodeManager) AssignHomeNode(ctx context.Context, namespace string) (string, error) { + internalCtx := client.WithInternalAuth(ctx) + + // Check if namespace already has a home node + existing, err := hnm.GetHomeNode(ctx, namespace) + if err == nil && existing != "" { + hnm.logger.Debug("Namespace already has home node", + zap.String("namespace", namespace), + zap.String("home_node_id", existing), + ) + return existing, nil + } + + // Get all active nodes + activeNodes, err := hnm.getActiveNodes(internalCtx) + if err != nil { + return "", err + } + + if len(activeNodes) == 0 { + return "", ErrNoNodesAvailable + } + + // Calculate capacity scores for each node + nodeCapacities, err := hnm.calculateNodeCapacities(internalCtx, activeNodes) + if err != nil { + return "", err + } + + // Select node with highest score + bestNode := hnm.selectBestNode(nodeCapacities) + if bestNode == nil { + return "", ErrNoNodesAvailable + } + + // Create home node assignment + insertQuery := ` + INSERT INTO home_node_assignments (namespace, home_node_id, assigned_at, last_heartbeat, deployment_count, total_memory_mb, total_cpu_percent) + VALUES (?, ?, ?, ?, 0, 0, 0) + ON CONFLICT(namespace) DO UPDATE SET + home_node_id = excluded.home_node_id, + assigned_at = excluded.assigned_at, + last_heartbeat = excluded.last_heartbeat + ` + + now := time.Now() + _, err = hnm.db.Exec(internalCtx, insertQuery, namespace, bestNode.NodeID, now, now) + if err != nil { + return "", &DeploymentError{ + Message: "failed to create home node assignment", + Cause: err, + } + } + + hnm.logger.Info("Home node assigned", + zap.String("namespace", namespace), + zap.String("home_node_id", bestNode.NodeID), + zap.Float64("capacity_score", bestNode.Score), + zap.Int("deployment_count", bestNode.DeploymentCount), + ) + + return bestNode.NodeID, nil +} + +// GetHomeNode retrieves the home node for a namespace +func (hnm *HomeNodeManager) GetHomeNode(ctx context.Context, namespace string) (string, error) { + internalCtx := client.WithInternalAuth(ctx) + + type homeNodeResult struct { + HomeNodeID string `db:"home_node_id"` + } + + var results []homeNodeResult + query := `SELECT home_node_id FROM home_node_assignments WHERE namespace = ? LIMIT 1` + err := hnm.db.Query(internalCtx, &results, query, namespace) + if err != nil { + return "", &DeploymentError{ + Message: "failed to query home node", + Cause: err, + } + } + + if len(results) == 0 { + return "", ErrNamespaceNotAssigned + } + + return results[0].HomeNodeID, nil +} + +// UpdateHeartbeat updates the last heartbeat timestamp for a namespace +func (hnm *HomeNodeManager) UpdateHeartbeat(ctx context.Context, namespace string) error { + internalCtx := client.WithInternalAuth(ctx) + + query := `UPDATE home_node_assignments SET last_heartbeat = ? WHERE namespace = ?` + _, err := hnm.db.Exec(internalCtx, query, time.Now(), namespace) + if err != nil { + return &DeploymentError{ + Message: "failed to update heartbeat", + Cause: err, + } + } + + return nil +} + +// GetStaleNamespaces returns namespaces that haven't sent a heartbeat recently +func (hnm *HomeNodeManager) GetStaleNamespaces(ctx context.Context, staleThreshold time.Duration) ([]string, error) { + internalCtx := client.WithInternalAuth(ctx) + + cutoff := time.Now().Add(-staleThreshold) + + type namespaceResult struct { + Namespace string `db:"namespace"` + } + + var results []namespaceResult + query := `SELECT namespace FROM home_node_assignments WHERE last_heartbeat < ?` + err := hnm.db.Query(internalCtx, &results, query, cutoff.Format("2006-01-02 15:04:05")) + if err != nil { + return nil, &DeploymentError{ + Message: "failed to query stale namespaces", + Cause: err, + } + } + + namespaces := make([]string, 0, len(results)) + for _, result := range results { + namespaces = append(namespaces, result.Namespace) + } + + return namespaces, nil +} + +// UpdateResourceUsage updates the cached resource usage for a namespace +func (hnm *HomeNodeManager) UpdateResourceUsage(ctx context.Context, namespace string, deploymentCount, memoryMB, cpuPercent int) error { + internalCtx := client.WithInternalAuth(ctx) + + query := ` + UPDATE home_node_assignments + SET deployment_count = ?, total_memory_mb = ?, total_cpu_percent = ? + WHERE namespace = ? + ` + _, err := hnm.db.Exec(internalCtx, query, deploymentCount, memoryMB, cpuPercent, namespace) + if err != nil { + return &DeploymentError{ + Message: "failed to update resource usage", + Cause: err, + } + } + + return nil +} + +// getActiveNodes retrieves all active nodes from dns_nodes table +func (hnm *HomeNodeManager) getActiveNodes(ctx context.Context) ([]string, error) { + // Query dns_nodes for active nodes with recent heartbeats + cutoff := time.Now().Add(-2 * time.Minute) // Nodes must have checked in within last 2 minutes + + type nodeResult struct { + ID string `db:"id"` + } + + var results []nodeResult + query := ` + SELECT id FROM dns_nodes + WHERE status = 'active' AND last_seen > ? + ORDER BY id + ` + err := hnm.db.Query(ctx, &results, query, cutoff.Format("2006-01-02 15:04:05")) + if err != nil { + return nil, &DeploymentError{ + Message: "failed to query active nodes", + Cause: err, + } + } + + nodes := make([]string, 0, len(results)) + for _, result := range results { + nodes = append(nodes, result.ID) + } + + hnm.logger.Debug("Found active nodes", + zap.Int("count", len(nodes)), + zap.Strings("nodes", nodes), + ) + + return nodes, nil +} + +// calculateNodeCapacities calculates capacity scores for all nodes +func (hnm *HomeNodeManager) calculateNodeCapacities(ctx context.Context, nodeIDs []string) ([]*NodeCapacity, error) { + capacities := make([]*NodeCapacity, 0, len(nodeIDs)) + + for _, nodeID := range nodeIDs { + capacity, err := hnm.getNodeCapacity(ctx, nodeID) + if err != nil { + hnm.logger.Warn("Failed to get node capacity, skipping", + zap.String("node_id", nodeID), + zap.Error(err), + ) + continue + } + + capacities = append(capacities, capacity) + } + + return capacities, nil +} + +// getNodeCapacity calculates capacity metrics for a single node +func (hnm *HomeNodeManager) getNodeCapacity(ctx context.Context, nodeID string) (*NodeCapacity, error) { + // Count deployments on this node + deploymentCount, err := hnm.getDeploymentCount(ctx, nodeID) + if err != nil { + return nil, err + } + + // Count allocated ports + allocatedPorts, err := hnm.portAllocator.GetNodePortCount(ctx, nodeID) + if err != nil { + return nil, err + } + + availablePorts, err := hnm.portAllocator.GetAvailablePortCount(ctx, nodeID) + if err != nil { + return nil, err + } + + // Get total resource usage from home_node_assignments + totalMemoryMB, totalCPUPercent, err := hnm.getNodeResourceUsage(ctx, nodeID) + if err != nil { + return nil, err + } + + // Calculate capacity score (0.0 to 1.0, higher is better) + score := hnm.calculateCapacityScore(deploymentCount, allocatedPorts, availablePorts, totalMemoryMB, totalCPUPercent) + + capacity := &NodeCapacity{ + NodeID: nodeID, + DeploymentCount: deploymentCount, + AllocatedPorts: allocatedPorts, + AvailablePorts: availablePorts, + UsedMemoryMB: totalMemoryMB, + AvailableMemoryMB: 8192 - totalMemoryMB, // Assume 8GB per node (make configurable later) + UsedCPUPercent: totalCPUPercent, + Score: score, + } + + return capacity, nil +} + +// getDeploymentCount counts deployments on a node +func (hnm *HomeNodeManager) getDeploymentCount(ctx context.Context, nodeID string) (int, error) { + type countResult struct { + Count int `db:"COUNT(*)"` + } + + var results []countResult + query := `SELECT COUNT(*) FROM deployments WHERE home_node_id = ? AND status IN ('active', 'deploying')` + err := hnm.db.Query(ctx, &results, query, nodeID) + if err != nil { + return 0, &DeploymentError{ + Message: "failed to count deployments", + Cause: err, + } + } + + if len(results) == 0 { + return 0, nil + } + + return results[0].Count, nil +} + +// getNodeResourceUsage sums up resource usage for all namespaces on a node +func (hnm *HomeNodeManager) getNodeResourceUsage(ctx context.Context, nodeID string) (int, int, error) { + type resourceResult struct { + TotalMemoryMB int `db:"COALESCE(SUM(total_memory_mb), 0)"` + TotalCPUPercent int `db:"COALESCE(SUM(total_cpu_percent), 0)"` + } + + var results []resourceResult + query := ` + SELECT COALESCE(SUM(total_memory_mb), 0), COALESCE(SUM(total_cpu_percent), 0) + FROM home_node_assignments + WHERE home_node_id = ? + ` + err := hnm.db.Query(ctx, &results, query, nodeID) + if err != nil { + return 0, 0, &DeploymentError{ + Message: "failed to query resource usage", + Cause: err, + } + } + + if len(results) == 0 { + return 0, 0, nil + } + + return results[0].TotalMemoryMB, results[0].TotalCPUPercent, nil +} + +// calculateCapacityScore calculates a 0.0-1.0 score (higher is better) +func (hnm *HomeNodeManager) calculateCapacityScore(deploymentCount, allocatedPorts, availablePorts, usedMemoryMB, usedCPUPercent int) float64 { + const ( + maxDeployments = 100 // Max deployments per node + maxMemoryMB = 8192 // 8GB + maxCPUPercent = 400 // 400% = 4 cores + maxPorts = 9900 // ~10k ports available + ) + + // Calculate individual component scores (0.0 to 1.0) + deploymentScore := 1.0 - (float64(deploymentCount) / float64(maxDeployments)) + if deploymentScore < 0 { + deploymentScore = 0 + } + + portScore := 1.0 - (float64(allocatedPorts) / float64(maxPorts)) + if portScore < 0 { + portScore = 0 + } + + memoryScore := 1.0 - (float64(usedMemoryMB) / float64(maxMemoryMB)) + if memoryScore < 0 { + memoryScore = 0 + } + + cpuScore := 1.0 - (float64(usedCPUPercent) / float64(maxCPUPercent)) + if cpuScore < 0 { + cpuScore = 0 + } + + // Weighted average (adjust weights as needed) + totalScore := (deploymentScore * 0.4) + (portScore * 0.2) + (memoryScore * 0.2) + (cpuScore * 0.2) + + hnm.logger.Debug("Calculated capacity score", + zap.Int("deployments", deploymentCount), + zap.Int("allocated_ports", allocatedPorts), + zap.Int("used_memory_mb", usedMemoryMB), + zap.Int("used_cpu_percent", usedCPUPercent), + zap.Float64("deployment_score", deploymentScore), + zap.Float64("port_score", portScore), + zap.Float64("memory_score", memoryScore), + zap.Float64("cpu_score", cpuScore), + zap.Float64("total_score", totalScore), + ) + + return totalScore +} + +// selectBestNode selects the node with the highest capacity score +func (hnm *HomeNodeManager) selectBestNode(capacities []*NodeCapacity) *NodeCapacity { + if len(capacities) == 0 { + return nil + } + + best := capacities[0] + for _, capacity := range capacities[1:] { + if capacity.Score > best.Score { + best = capacity + } + } + + hnm.logger.Info("Selected best node", + zap.String("node_id", best.NodeID), + zap.Float64("score", best.Score), + zap.Int("deployment_count", best.DeploymentCount), + zap.Int("allocated_ports", best.AllocatedPorts), + ) + + return best +} + +// MigrateNamespace moves a namespace from one node to another (used for node failures) +func (hnm *HomeNodeManager) MigrateNamespace(ctx context.Context, namespace, newNodeID string) error { + internalCtx := client.WithInternalAuth(ctx) + + query := ` + UPDATE home_node_assignments + SET home_node_id = ?, assigned_at = ?, last_heartbeat = ? + WHERE namespace = ? + ` + + now := time.Now() + _, err := hnm.db.Exec(internalCtx, query, newNodeID, now, now, namespace) + if err != nil { + return &DeploymentError{ + Message: fmt.Sprintf("failed to migrate namespace %s to node %s", namespace, newNodeID), + Cause: err, + } + } + + hnm.logger.Info("Namespace migrated", + zap.String("namespace", namespace), + zap.String("new_home_node_id", newNodeID), + ) + + return nil +} diff --git a/pkg/deployments/home_node_test.go b/pkg/deployments/home_node_test.go new file mode 100644 index 0000000..8b63ef6 --- /dev/null +++ b/pkg/deployments/home_node_test.go @@ -0,0 +1,537 @@ +package deployments + +import ( + "context" + "database/sql" + "reflect" + "testing" + "time" + + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// mockHomeNodeDB extends mockRQLiteClient for home node testing +type mockHomeNodeDB struct { + *mockRQLiteClient + assignments map[string]string // namespace -> homeNodeID + nodes map[string]nodeData // nodeID -> nodeData + deployments map[string][]deploymentData // nodeID -> deployments + resourceUsage map[string]resourceData // nodeID -> resource usage +} + +type nodeData struct { + id string + status string + lastSeen time.Time +} + +type deploymentData struct { + id string + status string +} + +type resourceData struct { + memoryMB int + cpuPercent int +} + +func newMockHomeNodeDB() *mockHomeNodeDB { + return &mockHomeNodeDB{ + mockRQLiteClient: newMockRQLiteClient(), + assignments: make(map[string]string), + nodes: make(map[string]nodeData), + deployments: make(map[string][]deploymentData), + resourceUsage: make(map[string]resourceData), + } +} + +func (m *mockHomeNodeDB) Query(ctx context.Context, dest any, query string, args ...any) error { + destVal := reflect.ValueOf(dest) + if destVal.Kind() != reflect.Ptr { + return nil + } + + sliceVal := destVal.Elem() + if sliceVal.Kind() != reflect.Slice { + return nil + } + + elemType := sliceVal.Type().Elem() + + // Handle different query types based on struct type + switch elemType.Name() { + case "nodeResult": + // Active nodes query + for _, node := range m.nodes { + if node.status == "active" { + nodeRes := reflect.New(elemType).Elem() + nodeRes.FieldByName("ID").SetString(node.id) + sliceVal.Set(reflect.Append(sliceVal, nodeRes)) + } + } + return nil + + case "homeNodeResult": + // Home node lookup + if len(args) > 0 { + if namespace, ok := args[0].(string); ok { + if homeNodeID, exists := m.assignments[namespace]; exists { + hnRes := reflect.New(elemType).Elem() + hnRes.FieldByName("HomeNodeID").SetString(homeNodeID) + sliceVal.Set(reflect.Append(sliceVal, hnRes)) + } + } + } + return nil + + case "countResult": + // Deployment count or port count + if len(args) > 0 { + if nodeID, ok := args[0].(string); ok { + count := len(m.deployments[nodeID]) + countRes := reflect.New(elemType).Elem() + countRes.FieldByName("Count").SetInt(int64(count)) + sliceVal.Set(reflect.Append(sliceVal, countRes)) + } + } + return nil + + case "resourceResult": + // Resource usage query + if len(args) > 0 { + if nodeID, ok := args[0].(string); ok { + usage := m.resourceUsage[nodeID] + resRes := reflect.New(elemType).Elem() + resRes.FieldByName("TotalMemoryMB").SetInt(int64(usage.memoryMB)) + resRes.FieldByName("TotalCPUPercent").SetInt(int64(usage.cpuPercent)) + sliceVal.Set(reflect.Append(sliceVal, resRes)) + } + } + return nil + + case "namespaceResult": + // Stale namespaces query + // For testing, we'll return empty + return nil + } + + return m.mockRQLiteClient.Query(ctx, dest, query, args...) +} + +func (m *mockHomeNodeDB) Exec(ctx context.Context, query string, args ...any) (sql.Result, error) { + // Handle home node assignment (INSERT) + if len(args) >= 2 { + if namespace, ok := args[0].(string); ok { + if homeNodeID, ok := args[1].(string); ok { + m.assignments[namespace] = homeNodeID + return nil, nil + } + } + } + + // Handle migration (UPDATE) - args are: newNodeID, timestamp, timestamp, namespace + if len(args) >= 4 { + if newNodeID, ok := args[0].(string); ok { + // Last arg should be namespace + if namespace, ok := args[3].(string); ok { + m.assignments[namespace] = newNodeID + return nil, nil + } + } + } + + return m.mockRQLiteClient.Exec(ctx, query, args...) +} + +func (m *mockHomeNodeDB) addNode(id, status string) { + m.nodes[id] = nodeData{ + id: id, + status: status, + lastSeen: time.Now(), + } +} + +// Implement interface methods (inherited from mockRQLiteClient but need to be available) +func (m *mockHomeNodeDB) FindBy(ctx context.Context, dest any, table string, criteria map[string]any, opts ...rqlite.FindOption) error { + return m.mockRQLiteClient.FindBy(ctx, dest, table, criteria, opts...) +} + +func (m *mockHomeNodeDB) FindOneBy(ctx context.Context, dest any, table string, criteria map[string]any, opts ...rqlite.FindOption) error { + return m.mockRQLiteClient.FindOneBy(ctx, dest, table, criteria, opts...) +} + +func (m *mockHomeNodeDB) Save(ctx context.Context, entity any) error { + return m.mockRQLiteClient.Save(ctx, entity) +} + +func (m *mockHomeNodeDB) Remove(ctx context.Context, entity any) error { + return m.mockRQLiteClient.Remove(ctx, entity) +} + +func (m *mockHomeNodeDB) Repository(table string) any { + return m.mockRQLiteClient.Repository(table) +} + +func (m *mockHomeNodeDB) CreateQueryBuilder(table string) *rqlite.QueryBuilder { + return m.mockRQLiteClient.CreateQueryBuilder(table) +} + +func (m *mockHomeNodeDB) Tx(ctx context.Context, fn func(tx rqlite.Tx) error) error { + return m.mockRQLiteClient.Tx(ctx, fn) +} + +func (m *mockHomeNodeDB) addDeployment(nodeID, deploymentID, status string) { + m.deployments[nodeID] = append(m.deployments[nodeID], deploymentData{ + id: deploymentID, + status: status, + }) +} + +func (m *mockHomeNodeDB) setResourceUsage(nodeID string, memoryMB, cpuPercent int) { + m.resourceUsage[nodeID] = resourceData{ + memoryMB: memoryMB, + cpuPercent: cpuPercent, + } +} + +func TestHomeNodeManager_AssignHomeNode(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockHomeNodeDB() + portAllocator := NewPortAllocator(mockDB, logger) + hnm := NewHomeNodeManager(mockDB, portAllocator, logger) + + ctx := context.Background() + + // Add test nodes + mockDB.addNode("node-1", "active") + mockDB.addNode("node-2", "active") + mockDB.addNode("node-3", "active") + + t.Run("assign to new namespace", func(t *testing.T) { + nodeID, err := hnm.AssignHomeNode(ctx, "test-namespace") + if err != nil { + t.Fatalf("failed to assign home node: %v", err) + } + + if nodeID == "" { + t.Error("expected non-empty node ID") + } + + // Verify assignment was stored + storedNodeID, err := hnm.GetHomeNode(ctx, "test-namespace") + if err != nil { + t.Fatalf("failed to get home node: %v", err) + } + + if storedNodeID != nodeID { + t.Errorf("stored node ID %s doesn't match assigned %s", storedNodeID, nodeID) + } + }) + + t.Run("reuse existing assignment", func(t *testing.T) { + // Assign once + firstNodeID, err := hnm.AssignHomeNode(ctx, "namespace-2") + if err != nil { + t.Fatalf("failed first assignment: %v", err) + } + + // Assign again - should return same node + secondNodeID, err := hnm.AssignHomeNode(ctx, "namespace-2") + if err != nil { + t.Fatalf("failed second assignment: %v", err) + } + + if firstNodeID != secondNodeID { + t.Errorf("expected same node ID, got %s then %s", firstNodeID, secondNodeID) + } + }) + + t.Run("error when no nodes available", func(t *testing.T) { + emptyDB := newMockHomeNodeDB() + emptyHNM := NewHomeNodeManager(emptyDB, portAllocator, logger) + + _, err := emptyHNM.AssignHomeNode(ctx, "test-namespace") + if err != ErrNoNodesAvailable { + t.Errorf("expected ErrNoNodesAvailable, got %v", err) + } + }) +} + +func TestHomeNodeManager_CalculateCapacityScore(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockHomeNodeDB() + portAllocator := NewPortAllocator(mockDB, logger) + hnm := NewHomeNodeManager(mockDB, portAllocator, logger) + + tests := []struct { + name string + deploymentCount int + allocatedPorts int + availablePorts int + usedMemoryMB int + usedCPUPercent int + expectedMin float64 + expectedMax float64 + }{ + { + name: "empty node - perfect score", + deploymentCount: 0, + allocatedPorts: 0, + availablePorts: 9900, + usedMemoryMB: 0, + usedCPUPercent: 0, + expectedMin: 0.95, + expectedMax: 1.0, + }, + { + name: "half capacity", + deploymentCount: 50, + allocatedPorts: 4950, + availablePorts: 4950, + usedMemoryMB: 4096, + usedCPUPercent: 200, + expectedMin: 0.45, + expectedMax: 0.55, + }, + { + name: "full capacity - low score", + deploymentCount: 100, + allocatedPorts: 9900, + availablePorts: 0, + usedMemoryMB: 8192, + usedCPUPercent: 400, + expectedMin: 0.0, + expectedMax: 0.05, + }, + { + name: "light load", + deploymentCount: 10, + allocatedPorts: 1000, + availablePorts: 8900, + usedMemoryMB: 512, + usedCPUPercent: 50, + expectedMin: 0.80, + expectedMax: 0.95, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + score := hnm.calculateCapacityScore( + tt.deploymentCount, + tt.allocatedPorts, + tt.availablePorts, + tt.usedMemoryMB, + tt.usedCPUPercent, + ) + + if score < tt.expectedMin || score > tt.expectedMax { + t.Errorf("score %.2f outside expected range [%.2f, %.2f]", score, tt.expectedMin, tt.expectedMax) + } + + // Score should always be in 0-1 range + if score < 0 || score > 1 { + t.Errorf("score %.2f outside valid range [0, 1]", score) + } + }) + } +} + +func TestHomeNodeManager_SelectBestNode(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockHomeNodeDB() + portAllocator := NewPortAllocator(mockDB, logger) + hnm := NewHomeNodeManager(mockDB, portAllocator, logger) + + t.Run("select from multiple nodes", func(t *testing.T) { + capacities := []*NodeCapacity{ + { + NodeID: "node-1", + DeploymentCount: 50, + Score: 0.5, + }, + { + NodeID: "node-2", + DeploymentCount: 10, + Score: 0.9, + }, + { + NodeID: "node-3", + DeploymentCount: 80, + Score: 0.2, + }, + } + + best := hnm.selectBestNode(capacities) + if best == nil { + t.Fatal("expected non-nil best node") + } + + if best.NodeID != "node-2" { + t.Errorf("expected node-2 (highest score), got %s", best.NodeID) + } + + if best.Score != 0.9 { + t.Errorf("expected score 0.9, got %.2f", best.Score) + } + }) + + t.Run("return nil for empty list", func(t *testing.T) { + best := hnm.selectBestNode([]*NodeCapacity{}) + if best != nil { + t.Error("expected nil for empty capacity list") + } + }) + + t.Run("single node", func(t *testing.T) { + capacities := []*NodeCapacity{ + { + NodeID: "node-1", + DeploymentCount: 5, + Score: 0.8, + }, + } + + best := hnm.selectBestNode(capacities) + if best == nil { + t.Fatal("expected non-nil best node") + } + + if best.NodeID != "node-1" { + t.Errorf("expected node-1, got %s", best.NodeID) + } + }) +} + +func TestHomeNodeManager_GetHomeNode(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockHomeNodeDB() + portAllocator := NewPortAllocator(mockDB, logger) + hnm := NewHomeNodeManager(mockDB, portAllocator, logger) + + ctx := context.Background() + + t.Run("get non-existent assignment", func(t *testing.T) { + _, err := hnm.GetHomeNode(ctx, "non-existent") + if err != ErrNamespaceNotAssigned { + t.Errorf("expected ErrNamespaceNotAssigned, got %v", err) + } + }) + + t.Run("get existing assignment", func(t *testing.T) { + // Manually add assignment + mockDB.assignments["test-namespace"] = "node-123" + + nodeID, err := hnm.GetHomeNode(ctx, "test-namespace") + if err != nil { + t.Fatalf("failed to get home node: %v", err) + } + + if nodeID != "node-123" { + t.Errorf("expected node-123, got %s", nodeID) + } + }) +} + +func TestHomeNodeManager_MigrateNamespace(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockHomeNodeDB() + portAllocator := NewPortAllocator(mockDB, logger) + hnm := NewHomeNodeManager(mockDB, portAllocator, logger) + + ctx := context.Background() + + t.Run("migrate namespace to new node", func(t *testing.T) { + // Set up initial assignment + mockDB.assignments["test-namespace"] = "node-old" + + // Migrate + err := hnm.MigrateNamespace(ctx, "test-namespace", "node-new") + if err != nil { + t.Fatalf("failed to migrate namespace: %v", err) + } + + // Verify migration + nodeID, err := hnm.GetHomeNode(ctx, "test-namespace") + if err != nil { + t.Fatalf("failed to get home node after migration: %v", err) + } + + if nodeID != "node-new" { + t.Errorf("expected node-new after migration, got %s", nodeID) + } + }) +} + +func TestHomeNodeManager_UpdateHeartbeat(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockHomeNodeDB() + portAllocator := NewPortAllocator(mockDB, logger) + hnm := NewHomeNodeManager(mockDB, portAllocator, logger) + + ctx := context.Background() + + t.Run("update heartbeat", func(t *testing.T) { + err := hnm.UpdateHeartbeat(ctx, "test-namespace") + if err != nil { + t.Fatalf("failed to update heartbeat: %v", err) + } + }) +} + +func TestHomeNodeManager_UpdateResourceUsage(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockHomeNodeDB() + portAllocator := NewPortAllocator(mockDB, logger) + hnm := NewHomeNodeManager(mockDB, portAllocator, logger) + + ctx := context.Background() + + t.Run("update resource usage", func(t *testing.T) { + err := hnm.UpdateResourceUsage(ctx, "test-namespace", 5, 1024, 150) + if err != nil { + t.Fatalf("failed to update resource usage: %v", err) + } + }) +} + +func TestCapacityScoreWeighting(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockHomeNodeDB() + portAllocator := NewPortAllocator(mockDB, logger) + hnm := NewHomeNodeManager(mockDB, portAllocator, logger) + + t.Run("deployment count has highest weight", func(t *testing.T) { + // Node with low deployments but high other usage + score1 := hnm.calculateCapacityScore(10, 5000, 4900, 4000, 200) + + // Node with high deployments but low other usage + score2 := hnm.calculateCapacityScore(90, 100, 9800, 100, 10) + + // Score1 should be higher because deployment count has 40% weight + if score1 <= score2 { + t.Errorf("expected score1 (%.2f) > score2 (%.2f) due to deployment count weight", score1, score2) + } + }) + + t.Run("deployment count weight matters", func(t *testing.T) { + // Node A: 20 deployments, 50% other resources + nodeA := hnm.calculateCapacityScore(20, 4950, 4950, 4096, 200) + + // Node B: 80 deployments, 50% other resources + nodeB := hnm.calculateCapacityScore(80, 4950, 4950, 4096, 200) + + // Node A should score higher due to lower deployment count + // (deployment count has 40% weight, so this should make a difference) + if nodeA <= nodeB { + t.Errorf("expected node A (%.2f) > node B (%.2f) - deployment count should matter", nodeA, nodeB) + } + + // Verify the difference is significant (should be about 0.24 = 60% of 40% weight) + diff := nodeA - nodeB + if diff < 0.2 { + t.Errorf("expected significant difference due to deployment count weight, got %.2f", diff) + } + }) +} diff --git a/pkg/deployments/port_allocator.go b/pkg/deployments/port_allocator.go new file mode 100644 index 0000000..a153de4 --- /dev/null +++ b/pkg/deployments/port_allocator.go @@ -0,0 +1,236 @@ +package deployments + +import ( + "context" + "fmt" + "time" + + "github.com/DeBrosOfficial/network/pkg/client" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// PortAllocator manages port allocation across nodes +type PortAllocator struct { + db rqlite.Client + logger *zap.Logger +} + +// NewPortAllocator creates a new port allocator +func NewPortAllocator(db rqlite.Client, logger *zap.Logger) *PortAllocator { + return &PortAllocator{ + db: db, + logger: logger, + } +} + +// AllocatePort finds and allocates the next available port for a deployment on a specific node +// Port range: 10100-19999 (10000-10099 reserved for system use) +func (pa *PortAllocator) AllocatePort(ctx context.Context, nodeID, deploymentID string) (int, error) { + // Use internal auth for port allocation operations + internalCtx := client.WithInternalAuth(ctx) + + // Retry logic for handling concurrent allocation conflicts + maxRetries := 10 + retryDelay := 100 * time.Millisecond + + for attempt := 0; attempt < maxRetries; attempt++ { + port, err := pa.tryAllocatePort(internalCtx, nodeID, deploymentID) + if err == nil { + pa.logger.Info("Port allocated successfully", + zap.String("node_id", nodeID), + zap.Int("port", port), + zap.String("deployment_id", deploymentID), + zap.Int("attempt", attempt+1), + ) + return port, nil + } + + // If it's a conflict error, retry with exponential backoff + if isConflictError(err) { + pa.logger.Debug("Port allocation conflict, retrying", + zap.String("node_id", nodeID), + zap.String("deployment_id", deploymentID), + zap.Int("attempt", attempt+1), + zap.Error(err), + ) + + time.Sleep(retryDelay) + retryDelay *= 2 + continue + } + + // Other errors are non-retryable + return 0, err + } + + return 0, &DeploymentError{ + Message: fmt.Sprintf("failed to allocate port after %d retries", maxRetries), + } +} + +// tryAllocatePort attempts to allocate a port (single attempt) +func (pa *PortAllocator) tryAllocatePort(ctx context.Context, nodeID, deploymentID string) (int, error) { + // Query all allocated ports on this node + type portRow struct { + Port int `db:"port"` + } + + var allocatedPortRows []portRow + query := `SELECT port FROM port_allocations WHERE node_id = ? ORDER BY port ASC` + err := pa.db.Query(ctx, &allocatedPortRows, query, nodeID) + if err != nil { + return 0, &DeploymentError{ + Message: "failed to query allocated ports", + Cause: err, + } + } + + // Parse allocated ports into map + allocatedPorts := make(map[int]bool) + for _, row := range allocatedPortRows { + allocatedPorts[row.Port] = true + } + + // Find first available port (starting from UserMinPort = 10100) + port := UserMinPort + for port <= MaxPort { + if !allocatedPorts[port] { + break + } + port++ + } + + if port > MaxPort { + return 0, ErrNoPortsAvailable + } + + // Attempt to insert allocation record (may conflict if another process allocated same port) + insertQuery := ` + INSERT INTO port_allocations (node_id, port, deployment_id, allocated_at) + VALUES (?, ?, ?, ?) + ` + _, err = pa.db.Exec(ctx, insertQuery, nodeID, port, deploymentID, time.Now()) + if err != nil { + return 0, &DeploymentError{ + Message: "failed to insert port allocation", + Cause: err, + } + } + + return port, nil +} + +// DeallocatePort removes a port allocation for a deployment +func (pa *PortAllocator) DeallocatePort(ctx context.Context, deploymentID string) error { + internalCtx := client.WithInternalAuth(ctx) + + query := `DELETE FROM port_allocations WHERE deployment_id = ?` + _, err := pa.db.Exec(internalCtx, query, deploymentID) + if err != nil { + return &DeploymentError{ + Message: "failed to deallocate port", + Cause: err, + } + } + + pa.logger.Info("Port deallocated", + zap.String("deployment_id", deploymentID), + ) + + return nil +} + +// GetAllocatedPort retrieves the currently allocated port for a deployment +func (pa *PortAllocator) GetAllocatedPort(ctx context.Context, deploymentID string) (int, string, error) { + internalCtx := client.WithInternalAuth(ctx) + + type allocation struct { + NodeID string `db:"node_id"` + Port int `db:"port"` + } + + var allocs []allocation + query := `SELECT node_id, port FROM port_allocations WHERE deployment_id = ? LIMIT 1` + err := pa.db.Query(internalCtx, &allocs, query, deploymentID) + if err != nil { + return 0, "", &DeploymentError{ + Message: "failed to query allocated port", + Cause: err, + } + } + + if len(allocs) == 0 { + return 0, "", &DeploymentError{ + Message: "no port allocated for deployment", + } + } + + return allocs[0].Port, allocs[0].NodeID, nil +} + +// GetNodePortCount returns the number of allocated ports on a node +func (pa *PortAllocator) GetNodePortCount(ctx context.Context, nodeID string) (int, error) { + internalCtx := client.WithInternalAuth(ctx) + + type countResult struct { + Count int `db:"COUNT(*)"` + } + + var results []countResult + query := `SELECT COUNT(*) FROM port_allocations WHERE node_id = ?` + err := pa.db.Query(internalCtx, &results, query, nodeID) + if err != nil { + return 0, &DeploymentError{ + Message: "failed to count allocated ports", + Cause: err, + } + } + + if len(results) == 0 { + return 0, nil + } + + return results[0].Count, nil +} + +// GetAvailablePortCount returns the number of available ports on a node +func (pa *PortAllocator) GetAvailablePortCount(ctx context.Context, nodeID string) (int, error) { + allocatedCount, err := pa.GetNodePortCount(ctx, nodeID) + if err != nil { + return 0, err + } + + totalPorts := MaxPort - UserMinPort + 1 + available := totalPorts - allocatedCount + + if available < 0 { + available = 0 + } + + return available, nil +} + +// isConflictError checks if an error is due to a constraint violation (port already allocated) +func isConflictError(err error) bool { + if err == nil { + return false + } + // RQLite returns constraint violation errors as strings containing "UNIQUE constraint failed" + errStr := err.Error() + return contains(errStr, "UNIQUE") || contains(errStr, "constraint") || contains(errStr, "conflict") +} + +// contains checks if a string contains a substring (case-insensitive) +func contains(s, substr string) bool { + return len(s) >= len(substr) && (s == substr || len(s) > len(substr) && findSubstring(s, substr)) +} + +func findSubstring(s, substr string) bool { + for i := 0; i <= len(s)-len(substr); i++ { + if s[i:i+len(substr)] == substr { + return true + } + } + return false +} diff --git a/pkg/deployments/port_allocator_test.go b/pkg/deployments/port_allocator_test.go new file mode 100644 index 0000000..5acfe2f --- /dev/null +++ b/pkg/deployments/port_allocator_test.go @@ -0,0 +1,419 @@ +package deployments + +import ( + "context" + "database/sql" + "reflect" + "testing" + + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// mockRQLiteClient implements a simple in-memory mock for testing +type mockRQLiteClient struct { + allocations map[string]map[int]string // nodeID -> port -> deploymentID +} + +func newMockRQLiteClient() *mockRQLiteClient { + return &mockRQLiteClient{ + allocations: make(map[string]map[int]string), + } +} + +func (m *mockRQLiteClient) Query(ctx context.Context, dest any, query string, args ...any) error { + // Determine what type of query based on dest type + destVal := reflect.ValueOf(dest) + if destVal.Kind() != reflect.Ptr { + return nil + } + + sliceVal := destVal.Elem() + if sliceVal.Kind() != reflect.Slice { + return nil + } + + elemType := sliceVal.Type().Elem() + + // Handle port allocation queries + if len(args) > 0 { + if nodeID, ok := args[0].(string); ok { + if elemType.Name() == "portRow" { + // Query for allocated ports + if nodeAllocs, exists := m.allocations[nodeID]; exists { + for port := range nodeAllocs { + portRow := reflect.New(elemType).Elem() + portRow.FieldByName("Port").SetInt(int64(port)) + sliceVal.Set(reflect.Append(sliceVal, portRow)) + } + } + return nil + } + + if elemType.Name() == "allocation" { + // Query for specific deployment allocation + for nid, ports := range m.allocations { + for port := range ports { + if nid == nodeID { + alloc := reflect.New(elemType).Elem() + alloc.FieldByName("NodeID").SetString(nid) + alloc.FieldByName("Port").SetInt(int64(port)) + sliceVal.Set(reflect.Append(sliceVal, alloc)) + return nil + } + } + } + return nil + } + + if elemType.Name() == "countResult" { + // Count query + count := 0 + if nodeAllocs, exists := m.allocations[nodeID]; exists { + count = len(nodeAllocs) + } + countRes := reflect.New(elemType).Elem() + countRes.FieldByName("Count").SetInt(int64(count)) + sliceVal.Set(reflect.Append(sliceVal, countRes)) + return nil + } + } + } + + return nil +} + +func (m *mockRQLiteClient) Exec(ctx context.Context, query string, args ...any) (sql.Result, error) { + // Handle INSERT (port allocation) + if len(args) >= 3 { + nodeID, _ := args[0].(string) + port, _ := args[1].(int) + deploymentID, _ := args[2].(string) + + if m.allocations[nodeID] == nil { + m.allocations[nodeID] = make(map[int]string) + } + + // Check for conflict + if _, exists := m.allocations[nodeID][port]; exists { + return nil, &DeploymentError{Message: "UNIQUE constraint failed"} + } + + m.allocations[nodeID][port] = deploymentID + return nil, nil + } + + // Handle DELETE (deallocation) + if len(args) >= 1 { + deploymentID, _ := args[0].(string) + for nodeID, ports := range m.allocations { + for port, allocatedDepID := range ports { + if allocatedDepID == deploymentID { + delete(m.allocations[nodeID], port) + return nil, nil + } + } + } + } + + return nil, nil +} + +// Stub implementations for rqlite.Client interface +func (m *mockRQLiteClient) FindBy(ctx context.Context, dest any, table string, criteria map[string]any, opts ...rqlite.FindOption) error { + return nil +} + +func (m *mockRQLiteClient) FindOneBy(ctx context.Context, dest any, table string, criteria map[string]any, opts ...rqlite.FindOption) error { + return nil +} + +func (m *mockRQLiteClient) Save(ctx context.Context, entity any) error { + return nil +} + +func (m *mockRQLiteClient) Remove(ctx context.Context, entity any) error { + return nil +} + +func (m *mockRQLiteClient) Repository(table string) any { + return nil +} + +func (m *mockRQLiteClient) CreateQueryBuilder(table string) *rqlite.QueryBuilder { + return nil +} + +func (m *mockRQLiteClient) Tx(ctx context.Context, fn func(tx rqlite.Tx) error) error { + return nil +} + +func TestPortAllocator_AllocatePort(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + pa := NewPortAllocator(mockDB, logger) + + ctx := context.Background() + nodeID := "node-test123" + + t.Run("allocate first port", func(t *testing.T) { + port, err := pa.AllocatePort(ctx, nodeID, "deploy-1") + if err != nil { + t.Fatalf("failed to allocate port: %v", err) + } + + if port != UserMinPort { + t.Errorf("expected first port to be %d, got %d", UserMinPort, port) + } + }) + + t.Run("allocate sequential ports", func(t *testing.T) { + port2, err := pa.AllocatePort(ctx, nodeID, "deploy-2") + if err != nil { + t.Fatalf("failed to allocate second port: %v", err) + } + + if port2 != UserMinPort+1 { + t.Errorf("expected second port to be %d, got %d", UserMinPort+1, port2) + } + + port3, err := pa.AllocatePort(ctx, nodeID, "deploy-3") + if err != nil { + t.Fatalf("failed to allocate third port: %v", err) + } + + if port3 != UserMinPort+2 { + t.Errorf("expected third port to be %d, got %d", UserMinPort+2, port3) + } + }) + + t.Run("allocate on different node", func(t *testing.T) { + port, err := pa.AllocatePort(ctx, "node-other", "deploy-4") + if err != nil { + t.Fatalf("failed to allocate port on different node: %v", err) + } + + if port != UserMinPort { + t.Errorf("expected first port on new node to be %d, got %d", UserMinPort, port) + } + }) +} + +func TestPortAllocator_DeallocatePort(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + pa := NewPortAllocator(mockDB, logger) + + ctx := context.Background() + nodeID := "node-test123" + + // Allocate some ports + _, err := pa.AllocatePort(ctx, nodeID, "deploy-1") + if err != nil { + t.Fatalf("failed to allocate port: %v", err) + } + + port2, err := pa.AllocatePort(ctx, nodeID, "deploy-2") + if err != nil { + t.Fatalf("failed to allocate port: %v", err) + } + + t.Run("deallocate port", func(t *testing.T) { + err := pa.DeallocatePort(ctx, "deploy-1") + if err != nil { + t.Fatalf("failed to deallocate port: %v", err) + } + }) + + t.Run("allocate reuses gap", func(t *testing.T) { + port, err := pa.AllocatePort(ctx, nodeID, "deploy-3") + if err != nil { + t.Fatalf("failed to allocate port: %v", err) + } + + // Should reuse the gap created by deallocating deploy-1 + if port != UserMinPort { + t.Errorf("expected port to fill gap at %d, got %d", UserMinPort, port) + } + + // Next allocation should be after the last allocated port + port4, err := pa.AllocatePort(ctx, nodeID, "deploy-4") + if err != nil { + t.Fatalf("failed to allocate port: %v", err) + } + + if port4 != port2+1 { + t.Errorf("expected next sequential port %d, got %d", port2+1, port4) + } + }) +} + +func TestPortAllocator_GetNodePortCount(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + pa := NewPortAllocator(mockDB, logger) + + ctx := context.Background() + nodeID := "node-test123" + + t.Run("empty node has zero ports", func(t *testing.T) { + count, err := pa.GetNodePortCount(ctx, nodeID) + if err != nil { + t.Fatalf("failed to get port count: %v", err) + } + + if count != 0 { + t.Errorf("expected 0 ports, got %d", count) + } + }) + + t.Run("count after allocations", func(t *testing.T) { + // Allocate 3 ports + for i := 0; i < 3; i++ { + _, err := pa.AllocatePort(ctx, nodeID, "deploy-"+string(rune(i))) + if err != nil { + t.Fatalf("failed to allocate port: %v", err) + } + } + + count, err := pa.GetNodePortCount(ctx, nodeID) + if err != nil { + t.Fatalf("failed to get port count: %v", err) + } + + if count != 3 { + t.Errorf("expected 3 ports, got %d", count) + } + }) +} + +func TestPortAllocator_GetAvailablePortCount(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + pa := NewPortAllocator(mockDB, logger) + + ctx := context.Background() + nodeID := "node-test123" + + totalPorts := MaxPort - UserMinPort + 1 + + t.Run("all ports available initially", func(t *testing.T) { + available, err := pa.GetAvailablePortCount(ctx, nodeID) + if err != nil { + t.Fatalf("failed to get available port count: %v", err) + } + + if available != totalPorts { + t.Errorf("expected %d available ports, got %d", totalPorts, available) + } + }) + + t.Run("available decreases after allocation", func(t *testing.T) { + _, err := pa.AllocatePort(ctx, nodeID, "deploy-1") + if err != nil { + t.Fatalf("failed to allocate port: %v", err) + } + + available, err := pa.GetAvailablePortCount(ctx, nodeID) + if err != nil { + t.Fatalf("failed to get available port count: %v", err) + } + + expected := totalPorts - 1 + if available != expected { + t.Errorf("expected %d available ports, got %d", expected, available) + } + }) +} + +func TestIsConflictError(t *testing.T) { + tests := []struct { + name string + err error + expected bool + }{ + { + name: "nil error", + err: nil, + expected: false, + }, + { + name: "UNIQUE constraint error", + err: &DeploymentError{Message: "UNIQUE constraint failed"}, + expected: true, + }, + { + name: "constraint error", + err: &DeploymentError{Message: "constraint violation"}, + expected: true, + }, + { + name: "conflict error", + err: &DeploymentError{Message: "conflict detected"}, + expected: true, + }, + { + name: "unrelated error", + err: &DeploymentError{Message: "network timeout"}, + expected: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := isConflictError(tt.err) + if result != tt.expected { + t.Errorf("isConflictError(%v) = %v, expected %v", tt.err, result, tt.expected) + } + }) + } +} + +func TestContains(t *testing.T) { + tests := []struct { + name string + s string + substr string + expected bool + }{ + { + name: "exact match", + s: "UNIQUE", + substr: "UNIQUE", + expected: true, + }, + { + name: "substring present", + s: "UNIQUE constraint failed", + substr: "constraint", + expected: true, + }, + { + name: "substring not present", + s: "network error", + substr: "constraint", + expected: false, + }, + { + name: "empty substring", + s: "test", + substr: "", + expected: true, + }, + { + name: "empty string", + s: "", + substr: "test", + expected: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := contains(tt.s, tt.substr) + if result != tt.expected { + t.Errorf("contains(%q, %q) = %v, expected %v", tt.s, tt.substr, result, tt.expected) + } + }) + } +} diff --git a/pkg/deployments/process/manager.go b/pkg/deployments/process/manager.go new file mode 100644 index 0000000..aeceb9f --- /dev/null +++ b/pkg/deployments/process/manager.go @@ -0,0 +1,652 @@ +package process + +import ( + "bytes" + "context" + "fmt" + "os" + "os/exec" + "path/filepath" + "runtime" + "strconv" + "strings" + "sync" + "text/template" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "go.uber.org/zap" +) + +// Manager manages deployment processes via systemd (Linux) or direct process spawning (macOS/other) +type Manager struct { + logger *zap.Logger + useSystemd bool + + // For non-systemd mode: track running processes + processes map[string]*exec.Cmd + processesMu sync.RWMutex +} + +// NewManager creates a new process manager +func NewManager(logger *zap.Logger) *Manager { + // Use systemd only on Linux + useSystemd := runtime.GOOS == "linux" + + return &Manager{ + logger: logger, + useSystemd: useSystemd, + processes: make(map[string]*exec.Cmd), + } +} + +// Start starts a deployment process +func (m *Manager) Start(ctx context.Context, deployment *deployments.Deployment, workDir string) error { + serviceName := m.getServiceName(deployment) + + m.logger.Info("Starting deployment process", + zap.String("deployment", deployment.Name), + zap.String("namespace", deployment.Namespace), + zap.String("service", serviceName), + zap.Bool("systemd", m.useSystemd), + ) + + if !m.useSystemd { + return m.startDirect(ctx, deployment, workDir) + } + + // Create systemd service file + if err := m.createSystemdService(deployment, workDir); err != nil { + return fmt.Errorf("failed to create systemd service: %w", err) + } + + // Reload systemd + if err := m.systemdReload(); err != nil { + return fmt.Errorf("failed to reload systemd: %w", err) + } + + // Enable service + if err := m.systemdEnable(serviceName); err != nil { + return fmt.Errorf("failed to enable service: %w", err) + } + + // Start service + if err := m.systemdStart(serviceName); err != nil { + return fmt.Errorf("failed to start service: %w", err) + } + + m.logger.Info("Deployment process started", + zap.String("deployment", deployment.Name), + zap.String("service", serviceName), + ) + + return nil +} + +// startDirect starts a process directly without systemd (for macOS/local dev) +func (m *Manager) startDirect(ctx context.Context, deployment *deployments.Deployment, workDir string) error { + serviceName := m.getServiceName(deployment) + startCmd := m.getStartCommand(deployment, workDir) + + // Parse command + parts := strings.Fields(startCmd) + if len(parts) == 0 { + return fmt.Errorf("empty start command") + } + + cmd := exec.Command(parts[0], parts[1:]...) + cmd.Dir = workDir + + // Set environment + cmd.Env = os.Environ() + cmd.Env = append(cmd.Env, fmt.Sprintf("PORT=%d", deployment.Port)) + for key, value := range deployment.Environment { + cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", key, value)) + } + + // Create log file for output + logDir := filepath.Join(os.Getenv("HOME"), ".orama", "logs", "deployments") + os.MkdirAll(logDir, 0755) + logFile, err := os.OpenFile( + filepath.Join(logDir, serviceName+".log"), + os.O_CREATE|os.O_WRONLY|os.O_APPEND, + 0644, + ) + if err != nil { + m.logger.Warn("Failed to create log file", zap.Error(err)) + } else { + cmd.Stdout = logFile + cmd.Stderr = logFile + } + + // Start process + if err := cmd.Start(); err != nil { + return fmt.Errorf("failed to start process: %w", err) + } + + // Track process + m.processesMu.Lock() + m.processes[serviceName] = cmd + m.processesMu.Unlock() + + // Monitor process in background + go func() { + err := cmd.Wait() + m.processesMu.Lock() + delete(m.processes, serviceName) + m.processesMu.Unlock() + if err != nil { + m.logger.Warn("Process exited with error", + zap.String("service", serviceName), + zap.Error(err), + ) + } + if logFile != nil { + logFile.Close() + } + }() + + m.logger.Info("Deployment process started (direct)", + zap.String("deployment", deployment.Name), + zap.String("service", serviceName), + zap.Int("pid", cmd.Process.Pid), + ) + + return nil +} + +// Stop stops a deployment process +func (m *Manager) Stop(ctx context.Context, deployment *deployments.Deployment) error { + serviceName := m.getServiceName(deployment) + + m.logger.Info("Stopping deployment process", + zap.String("deployment", deployment.Name), + zap.String("service", serviceName), + ) + + if !m.useSystemd { + return m.stopDirect(serviceName) + } + + // Stop service + if err := m.systemdStop(serviceName); err != nil { + m.logger.Warn("Failed to stop service", zap.Error(err)) + } + + // Disable service + if err := m.systemdDisable(serviceName); err != nil { + m.logger.Warn("Failed to disable service", zap.Error(err)) + } + + // Remove service file using sudo + serviceFile := filepath.Join("/etc/systemd/system", serviceName+".service") + cmd := exec.Command("sudo", "rm", "-f", serviceFile) + if err := cmd.Run(); err != nil { + m.logger.Warn("Failed to remove service file", zap.Error(err)) + } + + // Reload systemd + m.systemdReload() + + return nil +} + +// stopDirect stops a directly spawned process +func (m *Manager) stopDirect(serviceName string) error { + m.processesMu.Lock() + cmd, exists := m.processes[serviceName] + m.processesMu.Unlock() + + if !exists || cmd.Process == nil { + return nil // Already stopped + } + + // Send SIGTERM + if err := cmd.Process.Signal(os.Interrupt); err != nil { + // Try SIGKILL if SIGTERM fails + cmd.Process.Kill() + } + + return nil +} + +// Restart restarts a deployment process +func (m *Manager) Restart(ctx context.Context, deployment *deployments.Deployment) error { + serviceName := m.getServiceName(deployment) + + m.logger.Info("Restarting deployment process", + zap.String("deployment", deployment.Name), + zap.String("service", serviceName), + ) + + if !m.useSystemd { + // For direct mode, stop and start + m.stopDirect(serviceName) + // Note: Would need workDir to restart, which we don't have here + // For now, just log a warning + m.logger.Warn("Restart not fully supported in direct mode") + return nil + } + + return m.systemdRestart(serviceName) +} + +// Status gets the status of a deployment process +func (m *Manager) Status(ctx context.Context, deployment *deployments.Deployment) (string, error) { + serviceName := m.getServiceName(deployment) + + if !m.useSystemd { + m.processesMu.RLock() + _, exists := m.processes[serviceName] + m.processesMu.RUnlock() + if exists { + return "active", nil + } + return "inactive", nil + } + + cmd := exec.CommandContext(ctx, "systemctl", "is-active", serviceName) + output, err := cmd.Output() + if err != nil { + return "unknown", err + } + + return strings.TrimSpace(string(output)), nil +} + +// GetLogs retrieves logs for a deployment +func (m *Manager) GetLogs(ctx context.Context, deployment *deployments.Deployment, lines int, follow bool) ([]byte, error) { + serviceName := m.getServiceName(deployment) + + if !m.useSystemd { + // Read from log file in direct mode + logFile := filepath.Join(os.Getenv("HOME"), ".orama", "logs", "deployments", serviceName+".log") + data, err := os.ReadFile(logFile) + if err != nil { + return nil, fmt.Errorf("failed to read log file: %w", err) + } + // Return last N lines if specified + if lines > 0 { + logLines := strings.Split(string(data), "\n") + if len(logLines) > lines { + logLines = logLines[len(logLines)-lines:] + } + return []byte(strings.Join(logLines, "\n")), nil + } + return data, nil + } + + args := []string{"-u", serviceName, "--no-pager"} + if lines > 0 { + args = append(args, "-n", fmt.Sprintf("%d", lines)) + } + if follow { + args = append(args, "-f") + } + + cmd := exec.CommandContext(ctx, "journalctl", args...) + return cmd.Output() +} + +// createSystemdService creates a systemd service file +func (m *Manager) createSystemdService(deployment *deployments.Deployment, workDir string) error { + serviceName := m.getServiceName(deployment) + serviceFile := filepath.Join("/etc/systemd/system", serviceName+".service") + + // Determine the start command based on deployment type + startCmd := m.getStartCommand(deployment, workDir) + + // Build environment variables + envVars := make([]string, 0) + envVars = append(envVars, fmt.Sprintf("PORT=%d", deployment.Port)) + for key, value := range deployment.Environment { + envVars = append(envVars, fmt.Sprintf("%s=%s", key, value)) + } + + // Create service from template + tmpl := `[Unit] +Description=Orama Deployment - {{.Namespace}}/{{.Name}} +After=network.target + +[Service] +Type=simple +User=debros +Group=debros +WorkingDirectory={{.WorkDir}} + +{{range .Env}}Environment="{{.}}" +{{end}} + +ExecStart={{.StartCmd}} + +Restart={{.RestartPolicy}} +RestartSec=5s + +# Resource limits +MemoryLimit={{.MemoryLimitMB}}M +CPUQuota={{.CPULimitPercent}}% + +# Security - minimal restrictions for deployments in home directory +PrivateTmp=true +ProtectSystem=full +ProtectHome=read-only +ReadWritePaths={{.WorkDir}} + +StandardOutput=journal +StandardError=journal +SyslogIdentifier={{.ServiceName}} + +[Install] +WantedBy=multi-user.target +` + + t, err := template.New("service").Parse(tmpl) + if err != nil { + return err + } + + data := struct { + Namespace string + Name string + ServiceName string + WorkDir string + StartCmd string + Env []string + RestartPolicy string + MemoryLimitMB int + CPULimitPercent int + }{ + Namespace: deployment.Namespace, + Name: deployment.Name, + ServiceName: serviceName, + WorkDir: workDir, + StartCmd: startCmd, + Env: envVars, + RestartPolicy: m.mapRestartPolicy(deployment.RestartPolicy), + MemoryLimitMB: deployment.MemoryLimitMB, + CPULimitPercent: deployment.CPULimitPercent, + } + + // Execute template to buffer + var buf bytes.Buffer + if err := t.Execute(&buf, data); err != nil { + return err + } + + // Use sudo tee to write to systemd directory (debros user needs sudo access) + cmd := exec.Command("sudo", "tee", serviceFile) + cmd.Stdin = &buf + output, err := cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("failed to write service file: %s: %w", string(output), err) + } + + return nil +} + +// getStartCommand determines the start command for a deployment +func (m *Manager) getStartCommand(deployment *deployments.Deployment, workDir string) string { + // For systemd (Linux), use full paths. For direct mode, use PATH resolution. + nodePath := "node" + npmPath := "npm" + if m.useSystemd { + nodePath = "/usr/bin/node" + npmPath = "/usr/bin/npm" + } + + switch deployment.Type { + case deployments.DeploymentTypeNextJS: + // CLI tarballs the standalone output directly, so server.js is at the root + return nodePath + " server.js" + case deployments.DeploymentTypeNodeJSBackend: + // Check if ENTRY_POINT is set in environment + if entryPoint, ok := deployment.Environment["ENTRY_POINT"]; ok { + if entryPoint == "npm:start" { + return npmPath + " start" + } + return nodePath + " " + entryPoint + } + return nodePath + " index.js" + case deployments.DeploymentTypeGoBackend: + return filepath.Join(workDir, "app") + default: + return "echo 'Unknown deployment type'" + } +} + +// mapRestartPolicy maps deployment restart policy to systemd restart policy +func (m *Manager) mapRestartPolicy(policy deployments.RestartPolicy) string { + switch policy { + case deployments.RestartPolicyAlways: + return "always" + case deployments.RestartPolicyOnFailure: + return "on-failure" + case deployments.RestartPolicyNever: + return "no" + default: + return "on-failure" + } +} + +// getServiceName generates a systemd service name +func (m *Manager) getServiceName(deployment *deployments.Deployment) string { + // Sanitize namespace and name for service name + namespace := strings.ReplaceAll(deployment.Namespace, ".", "-") + name := strings.ReplaceAll(deployment.Name, ".", "-") + return fmt.Sprintf("orama-deploy-%s-%s", namespace, name) +} + +// systemd helper methods (use sudo for non-root execution) +func (m *Manager) systemdReload() error { + cmd := exec.Command("sudo", "systemctl", "daemon-reload") + return cmd.Run() +} + +func (m *Manager) systemdEnable(serviceName string) error { + cmd := exec.Command("sudo", "systemctl", "enable", serviceName) + return cmd.Run() +} + +func (m *Manager) systemdDisable(serviceName string) error { + cmd := exec.Command("sudo", "systemctl", "disable", serviceName) + return cmd.Run() +} + +func (m *Manager) systemdStart(serviceName string) error { + cmd := exec.Command("sudo", "systemctl", "start", serviceName) + return cmd.Run() +} + +func (m *Manager) systemdStop(serviceName string) error { + cmd := exec.Command("sudo", "systemctl", "stop", serviceName) + return cmd.Run() +} + +func (m *Manager) systemdRestart(serviceName string) error { + cmd := exec.Command("sudo", "systemctl", "restart", serviceName) + return cmd.Run() +} + +// WaitForHealthy waits for a deployment to become healthy +func (m *Manager) WaitForHealthy(ctx context.Context, deployment *deployments.Deployment, timeout time.Duration) error { + deadline := time.Now().Add(timeout) + + for time.Now().Before(deadline) { + status, err := m.Status(ctx, deployment) + if err == nil && status == "active" { + return nil + } + + select { + case <-ctx.Done(): + return ctx.Err() + case <-time.After(2 * time.Second): + // Continue checking + } + } + + return fmt.Errorf("deployment did not become healthy within %v", timeout) +} + +// DeploymentStats holds on-demand resource usage for a deployment process +type DeploymentStats struct { + PID int `json:"pid"` + CPUPercent float64 `json:"cpu_percent"` + MemoryRSS int64 `json:"memory_rss_bytes"` + DiskBytes int64 `json:"disk_bytes"` + UptimeSecs float64 `json:"uptime_seconds"` +} + +// GetStats returns on-demand resource usage stats for a deployment. +// deployPath is the directory on disk for disk usage calculation. +func (m *Manager) GetStats(ctx context.Context, deployment *deployments.Deployment, deployPath string) (*DeploymentStats, error) { + stats := &DeploymentStats{} + + // Disk usage (works on all platforms) + if deployPath != "" { + stats.DiskBytes = dirSize(deployPath) + } + + if !m.useSystemd { + // Direct mode (macOS) — only disk, no /proc + serviceName := m.getServiceName(deployment) + m.processesMu.RLock() + cmd, exists := m.processes[serviceName] + m.processesMu.RUnlock() + if exists && cmd.Process != nil { + stats.PID = cmd.Process.Pid + } + return stats, nil + } + + // Systemd mode (Linux) — get PID, CPU, RAM, uptime + serviceName := m.getServiceName(deployment) + + // Get MainPID and ActiveEnterTimestamp + cmd := exec.CommandContext(ctx, "systemctl", "show", serviceName, + "--property=MainPID,ActiveEnterTimestamp") + output, err := cmd.Output() + if err != nil { + return stats, fmt.Errorf("systemctl show failed: %w", err) + } + + props := parseSystemctlShow(string(output)) + pid, _ := strconv.Atoi(props["MainPID"]) + stats.PID = pid + + if pid <= 0 { + return stats, nil // Process not running + } + + // Uptime from ActiveEnterTimestamp + if ts := props["ActiveEnterTimestamp"]; ts != "" { + // Format: "Mon 2026-01-29 10:00:00 UTC" + if t, err := parseSystemdTimestamp(ts); err == nil { + stats.UptimeSecs = time.Since(t).Seconds() + } + } + + // Memory RSS from /proc/[pid]/status + stats.MemoryRSS = readProcMemoryRSS(pid) + + // CPU % — sample /proc/[pid]/stat twice with 1s gap + stats.CPUPercent = sampleCPUPercent(pid) + + return stats, nil +} + +// parseSystemctlShow parses "Key=Value\n" output into a map +func parseSystemctlShow(output string) map[string]string { + props := make(map[string]string) + for _, line := range strings.Split(output, "\n") { + if idx := strings.IndexByte(line, '='); idx > 0 { + props[line[:idx]] = strings.TrimSpace(line[idx+1:]) + } + } + return props +} + +// parseSystemdTimestamp parses systemd timestamp like "Mon 2026-01-29 10:00:00 UTC" +func parseSystemdTimestamp(ts string) (time.Time, error) { + // Try common systemd formats + for _, layout := range []string{ + "Mon 2006-01-02 15:04:05 MST", + "2006-01-02 15:04:05 MST", + } { + if t, err := time.Parse(layout, ts); err == nil { + return t, nil + } + } + return time.Time{}, fmt.Errorf("cannot parse timestamp: %s", ts) +} + +// readProcMemoryRSS reads VmRSS from /proc/[pid]/status (Linux only) +func readProcMemoryRSS(pid int) int64 { + data, err := os.ReadFile(fmt.Sprintf("/proc/%d/status", pid)) + if err != nil { + return 0 + } + for _, line := range strings.Split(string(data), "\n") { + if strings.HasPrefix(line, "VmRSS:") { + fields := strings.Fields(line) + if len(fields) >= 2 { + kb, _ := strconv.ParseInt(fields[1], 10, 64) + return kb * 1024 // Convert KB to bytes + } + } + } + return 0 +} + +// sampleCPUPercent reads /proc/[pid]/stat twice with a 1s gap to compute CPU % +func sampleCPUPercent(pid int) float64 { + readCPUTicks := func() (utime, stime int64, ok bool) { + data, err := os.ReadFile(fmt.Sprintf("/proc/%d/stat", pid)) + if err != nil { + return 0, 0, false + } + // Fields after the comm (in parens): state(3), ppid(4), ... utime(14), stime(15) + // Find closing paren to skip comm field which may contain spaces + closeParen := strings.LastIndexByte(string(data), ')') + if closeParen < 0 { + return 0, 0, false + } + fields := strings.Fields(string(data)[closeParen+2:]) + if len(fields) < 13 { + return 0, 0, false + } + u, _ := strconv.ParseInt(fields[11], 10, 64) // utime is field 14, index 11 after paren + s, _ := strconv.ParseInt(fields[12], 10, 64) // stime is field 15, index 12 after paren + return u, s, true + } + + u1, s1, ok1 := readCPUTicks() + if !ok1 { + return 0 + } + time.Sleep(1 * time.Second) + u2, s2, ok2 := readCPUTicks() + if !ok2 { + return 0 + } + + // Clock ticks per second (usually 100 on Linux) + clkTck := 100.0 + totalDelta := float64((u2 + s2) - (u1 + s1)) + cpuPct := (totalDelta / clkTck) * 100.0 + + return cpuPct +} + +// dirSize calculates total size of a directory +func dirSize(path string) int64 { + var size int64 + filepath.Walk(path, func(_ string, info os.FileInfo, err error) error { + if err != nil || info.IsDir() { + return nil + } + size += info.Size() + return nil + }) + return size +} diff --git a/pkg/deployments/replica_manager.go b/pkg/deployments/replica_manager.go new file mode 100644 index 0000000..a34121c --- /dev/null +++ b/pkg/deployments/replica_manager.go @@ -0,0 +1,273 @@ +package deployments + +import ( + "context" + "fmt" + "time" + + "github.com/DeBrosOfficial/network/pkg/client" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// ReplicaManager manages deployment replicas across nodes +type ReplicaManager struct { + db rqlite.Client + homeNodeMgr *HomeNodeManager + portAllocator *PortAllocator + logger *zap.Logger +} + +// NewReplicaManager creates a new replica manager +func NewReplicaManager(db rqlite.Client, homeNodeMgr *HomeNodeManager, portAllocator *PortAllocator, logger *zap.Logger) *ReplicaManager { + return &ReplicaManager{ + db: db, + homeNodeMgr: homeNodeMgr, + portAllocator: portAllocator, + logger: logger, + } +} + +// SelectReplicaNodes picks additional nodes for replicas, excluding the primary node. +// Returns up to count node IDs. +func (rm *ReplicaManager) SelectReplicaNodes(ctx context.Context, primaryNodeID string, count int) ([]string, error) { + internalCtx := client.WithInternalAuth(ctx) + + activeNodes, err := rm.homeNodeMgr.getActiveNodes(internalCtx) + if err != nil { + return nil, fmt.Errorf("failed to get active nodes: %w", err) + } + + // Filter out the primary node + var candidates []string + for _, nodeID := range activeNodes { + if nodeID != primaryNodeID { + candidates = append(candidates, nodeID) + } + } + + if len(candidates) == 0 { + return nil, nil // No additional nodes available + } + + // Calculate capacity scores and pick the best ones + capacities, err := rm.homeNodeMgr.calculateNodeCapacities(internalCtx, candidates) + if err != nil { + return nil, fmt.Errorf("failed to calculate capacities: %w", err) + } + + // Sort by score descending (simple selection) + selected := make([]string, 0, count) + for i := 0; i < count && i < len(capacities); i++ { + best := rm.homeNodeMgr.selectBestNode(capacities) + if best == nil { + break + } + selected = append(selected, best.NodeID) + // Remove selected from capacities + remaining := make([]*NodeCapacity, 0, len(capacities)-1) + for _, c := range capacities { + if c.NodeID != best.NodeID { + remaining = append(remaining, c) + } + } + capacities = remaining + } + + rm.logger.Info("Selected replica nodes", + zap.String("primary", primaryNodeID), + zap.Strings("replicas", selected), + zap.Int("requested", count), + ) + + return selected, nil +} + +// CreateReplica inserts a replica record for a deployment on a specific node. +func (rm *ReplicaManager) CreateReplica(ctx context.Context, deploymentID, nodeID string, port int, isPrimary bool) error { + internalCtx := client.WithInternalAuth(ctx) + + query := ` + INSERT INTO deployment_replicas (deployment_id, node_id, port, status, is_primary, created_at, updated_at) + VALUES (?, ?, ?, ?, ?, ?, ?) + ON CONFLICT(deployment_id, node_id) DO UPDATE SET + port = excluded.port, + status = excluded.status, + is_primary = excluded.is_primary, + updated_at = excluded.updated_at + ` + + now := time.Now() + _, err := rm.db.Exec(internalCtx, query, deploymentID, nodeID, port, ReplicaStatusActive, isPrimary, now, now) + if err != nil { + return &DeploymentError{ + Message: fmt.Sprintf("failed to create replica for deployment %s on node %s", deploymentID, nodeID), + Cause: err, + } + } + + rm.logger.Info("Created deployment replica", + zap.String("deployment_id", deploymentID), + zap.String("node_id", nodeID), + zap.Int("port", port), + zap.Bool("is_primary", isPrimary), + ) + + return nil +} + +// GetReplicas returns all replicas for a deployment. +func (rm *ReplicaManager) GetReplicas(ctx context.Context, deploymentID string) ([]Replica, error) { + internalCtx := client.WithInternalAuth(ctx) + + type replicaRow struct { + DeploymentID string `db:"deployment_id"` + NodeID string `db:"node_id"` + Port int `db:"port"` + Status string `db:"status"` + IsPrimary bool `db:"is_primary"` + } + + var rows []replicaRow + query := `SELECT deployment_id, node_id, port, status, is_primary FROM deployment_replicas WHERE deployment_id = ?` + err := rm.db.Query(internalCtx, &rows, query, deploymentID) + if err != nil { + return nil, &DeploymentError{ + Message: "failed to query replicas", + Cause: err, + } + } + + replicas := make([]Replica, len(rows)) + for i, row := range rows { + replicas[i] = Replica{ + DeploymentID: row.DeploymentID, + NodeID: row.NodeID, + Port: row.Port, + Status: ReplicaStatus(row.Status), + IsPrimary: row.IsPrimary, + } + } + + return replicas, nil +} + +// GetActiveReplicaNodes returns node IDs of all active replicas for a deployment. +func (rm *ReplicaManager) GetActiveReplicaNodes(ctx context.Context, deploymentID string) ([]string, error) { + internalCtx := client.WithInternalAuth(ctx) + + type nodeRow struct { + NodeID string `db:"node_id"` + } + + var rows []nodeRow + query := `SELECT node_id FROM deployment_replicas WHERE deployment_id = ? AND status = ?` + err := rm.db.Query(internalCtx, &rows, query, deploymentID, ReplicaStatusActive) + if err != nil { + return nil, &DeploymentError{ + Message: "failed to query active replicas", + Cause: err, + } + } + + nodes := make([]string, len(rows)) + for i, row := range rows { + nodes[i] = row.NodeID + } + + return nodes, nil +} + +// IsReplicaNode checks if the given node is an active replica for the deployment. +func (rm *ReplicaManager) IsReplicaNode(ctx context.Context, deploymentID, nodeID string) (bool, error) { + internalCtx := client.WithInternalAuth(ctx) + + type countRow struct { + Count int `db:"c"` + } + + var rows []countRow + query := `SELECT COUNT(*) as c FROM deployment_replicas WHERE deployment_id = ? AND node_id = ? AND status = ?` + err := rm.db.Query(internalCtx, &rows, query, deploymentID, nodeID, ReplicaStatusActive) + if err != nil { + return false, err + } + + return len(rows) > 0 && rows[0].Count > 0, nil +} + +// GetReplicaPort returns the port allocated for a deployment on a specific node. +func (rm *ReplicaManager) GetReplicaPort(ctx context.Context, deploymentID, nodeID string) (int, error) { + internalCtx := client.WithInternalAuth(ctx) + + type portRow struct { + Port int `db:"port"` + } + + var rows []portRow + query := `SELECT port FROM deployment_replicas WHERE deployment_id = ? AND node_id = ? AND status = ? LIMIT 1` + err := rm.db.Query(internalCtx, &rows, query, deploymentID, nodeID, ReplicaStatusActive) + if err != nil { + return 0, err + } + + if len(rows) == 0 { + return 0, fmt.Errorf("no active replica found for deployment %s on node %s", deploymentID, nodeID) + } + + return rows[0].Port, nil +} + +// UpdateReplicaStatus updates the status of a specific replica. +func (rm *ReplicaManager) UpdateReplicaStatus(ctx context.Context, deploymentID, nodeID string, status ReplicaStatus) error { + internalCtx := client.WithInternalAuth(ctx) + + query := `UPDATE deployment_replicas SET status = ?, updated_at = ? WHERE deployment_id = ? AND node_id = ?` + _, err := rm.db.Exec(internalCtx, query, status, time.Now(), deploymentID, nodeID) + if err != nil { + return &DeploymentError{ + Message: fmt.Sprintf("failed to update replica status for %s on %s", deploymentID, nodeID), + Cause: err, + } + } + + return nil +} + +// RemoveReplicas deletes all replica records for a deployment. +func (rm *ReplicaManager) RemoveReplicas(ctx context.Context, deploymentID string) error { + internalCtx := client.WithInternalAuth(ctx) + + query := `DELETE FROM deployment_replicas WHERE deployment_id = ?` + _, err := rm.db.Exec(internalCtx, query, deploymentID) + if err != nil { + return &DeploymentError{ + Message: "failed to remove replicas", + Cause: err, + } + } + + return nil +} + +// GetNodeIP retrieves the IP address for a node from dns_nodes. +func (rm *ReplicaManager) GetNodeIP(ctx context.Context, nodeID string) (string, error) { + internalCtx := client.WithInternalAuth(ctx) + + type nodeRow struct { + IPAddress string `db:"ip_address"` + } + + var rows []nodeRow + query := `SELECT COALESCE(internal_ip, ip_address) AS ip_address FROM dns_nodes WHERE id = ? LIMIT 1` + err := rm.db.Query(internalCtx, &rows, query, nodeID) + if err != nil { + return "", err + } + + if len(rows) == 0 { + return "", fmt.Errorf("node not found: %s", nodeID) + } + + return rows[0].IPAddress, nil +} diff --git a/pkg/deployments/types.go b/pkg/deployments/types.go new file mode 100644 index 0000000..8cbcbda --- /dev/null +++ b/pkg/deployments/types.go @@ -0,0 +1,272 @@ +// Package deployments provides infrastructure for managing custom deployments +// (static sites, Next.js apps, Go/Node.js backends, and SQLite databases) +package deployments + +import ( + "time" +) + +// DeploymentType represents the type of deployment +type DeploymentType string + +const ( + DeploymentTypeStatic DeploymentType = "static" // Static sites (React, Vite) + DeploymentTypeNextJS DeploymentType = "nextjs" // Next.js SSR + DeploymentTypeNextJSStatic DeploymentType = "nextjs-static" // Next.js static export + DeploymentTypeGoBackend DeploymentType = "go-backend" // Go native binary + DeploymentTypeGoWASM DeploymentType = "go-wasm" // Go compiled to WASM + DeploymentTypeNodeJSBackend DeploymentType = "nodejs-backend" // Node.js/TypeScript backend +) + +// DeploymentStatus represents the current state of a deployment +type DeploymentStatus string + +const ( + DeploymentStatusDeploying DeploymentStatus = "deploying" + DeploymentStatusActive DeploymentStatus = "active" + DeploymentStatusFailed DeploymentStatus = "failed" + DeploymentStatusStopped DeploymentStatus = "stopped" + DeploymentStatusUpdating DeploymentStatus = "updating" +) + +// RestartPolicy defines how a deployment should restart on failure +type RestartPolicy string + +const ( + RestartPolicyAlways RestartPolicy = "always" + RestartPolicyOnFailure RestartPolicy = "on-failure" + RestartPolicyNever RestartPolicy = "never" +) + +// RoutingType defines how DNS routing works for a deployment +type RoutingType string + +const ( + RoutingTypeBalanced RoutingType = "balanced" // Load-balanced across nodes + RoutingTypeNodeSpecific RoutingType = "node_specific" // Specific to one node +) + +// Deployment represents a deployed application or service +type Deployment struct { + ID string `json:"id"` + Namespace string `json:"namespace"` + Name string `json:"name"` + Type DeploymentType `json:"type"` + Version int `json:"version"` + Status DeploymentStatus `json:"status"` + + // Content storage + ContentCID string `json:"content_cid,omitempty"` + BuildCID string `json:"build_cid,omitempty"` + + // Runtime configuration + HomeNodeID string `json:"home_node_id,omitempty"` + Port int `json:"port,omitempty"` + Subdomain string `json:"subdomain,omitempty"` + Environment map[string]string `json:"environment,omitempty"` // Unmarshaled from JSON + + // Resource limits + MemoryLimitMB int `json:"memory_limit_mb"` + CPULimitPercent int `json:"cpu_limit_percent"` + DiskLimitMB int `json:"disk_limit_mb"` + + // Health & monitoring + HealthCheckPath string `json:"health_check_path,omitempty"` + HealthCheckInterval int `json:"health_check_interval"` + RestartPolicy RestartPolicy `json:"restart_policy"` + MaxRestartCount int `json:"max_restart_count"` + + // Metadata + CreatedAt time.Time `json:"created_at"` + UpdatedAt time.Time `json:"updated_at"` + DeployedBy string `json:"deployed_by"` +} + +// ReplicaStatus represents the status of a deployment replica on a node +type ReplicaStatus string + +const ( + ReplicaStatusPending ReplicaStatus = "pending" + ReplicaStatusActive ReplicaStatus = "active" + ReplicaStatusFailed ReplicaStatus = "failed" + ReplicaStatusRemoving ReplicaStatus = "removing" +) + +// DefaultReplicaCount is the default number of replicas per deployment +const DefaultReplicaCount = 2 + +// Replica represents a deployment replica on a specific node +type Replica struct { + DeploymentID string `json:"deployment_id"` + NodeID string `json:"node_id"` + Port int `json:"port"` + Status ReplicaStatus `json:"status"` + IsPrimary bool `json:"is_primary"` + CreatedAt time.Time `json:"created_at"` + UpdatedAt time.Time `json:"updated_at"` +} + +// PortAllocation represents an allocated port on a specific node +type PortAllocation struct { + NodeID string `json:"node_id"` + Port int `json:"port"` + DeploymentID string `json:"deployment_id"` + AllocatedAt time.Time `json:"allocated_at"` +} + +// HomeNodeAssignment maps a namespace to its home node +type HomeNodeAssignment struct { + Namespace string `json:"namespace"` + HomeNodeID string `json:"home_node_id"` + AssignedAt time.Time `json:"assigned_at"` + LastHeartbeat time.Time `json:"last_heartbeat"` + DeploymentCount int `json:"deployment_count"` + TotalMemoryMB int `json:"total_memory_mb"` + TotalCPUPercent int `json:"total_cpu_percent"` +} + +// DeploymentDomain represents a custom domain mapping +type DeploymentDomain struct { + ID string `json:"id"` + DeploymentID string `json:"deployment_id"` + Namespace string `json:"namespace"` + Domain string `json:"domain"` + RoutingType RoutingType `json:"routing_type"` + NodeID string `json:"node_id,omitempty"` + IsCustom bool `json:"is_custom"` + TLSCertCID string `json:"tls_cert_cid,omitempty"` + VerifiedAt *time.Time `json:"verified_at,omitempty"` + VerificationToken string `json:"verification_token,omitempty"` + CreatedAt time.Time `json:"created_at"` + UpdatedAt time.Time `json:"updated_at"` +} + +// DeploymentHistory tracks deployment versions for rollback +type DeploymentHistory struct { + ID string `json:"id"` + DeploymentID string `json:"deployment_id"` + Version int `json:"version"` + ContentCID string `json:"content_cid,omitempty"` + BuildCID string `json:"build_cid,omitempty"` + DeployedAt time.Time `json:"deployed_at"` + DeployedBy string `json:"deployed_by"` + Status string `json:"status"` + ErrorMessage string `json:"error_message,omitempty"` + RollbackFromVersion *int `json:"rollback_from_version,omitempty"` +} + +// DeploymentEvent represents an audit trail event +type DeploymentEvent struct { + ID string `json:"id"` + DeploymentID string `json:"deployment_id"` + EventType string `json:"event_type"` + Message string `json:"message,omitempty"` + Metadata string `json:"metadata,omitempty"` // JSON + CreatedAt time.Time `json:"created_at"` + CreatedBy string `json:"created_by,omitempty"` +} + +// DeploymentHealthCheck represents a health check result +type DeploymentHealthCheck struct { + ID string `json:"id"` + DeploymentID string `json:"deployment_id"` + NodeID string `json:"node_id"` + Status string `json:"status"` // healthy, unhealthy, unknown + ResponseTimeMS int `json:"response_time_ms,omitempty"` + StatusCode int `json:"status_code,omitempty"` + ErrorMessage string `json:"error_message,omitempty"` + CheckedAt time.Time `json:"checked_at"` +} + +// DeploymentRequest represents a request to create a new deployment +type DeploymentRequest struct { + Namespace string `json:"namespace"` + Name string `json:"name"` + Type DeploymentType `json:"type"` + Subdomain string `json:"subdomain,omitempty"` + + // Content + ContentTarball []byte `json:"-"` // Binary data, not JSON + Environment map[string]string `json:"environment,omitempty"` + + // Resource limits + MemoryLimitMB int `json:"memory_limit_mb,omitempty"` + CPULimitPercent int `json:"cpu_limit_percent,omitempty"` + + // Health monitoring + HealthCheckPath string `json:"health_check_path,omitempty"` + + // Routing + LoadBalanced bool `json:"load_balanced,omitempty"` // Create load-balanced DNS records + CustomDomain string `json:"custom_domain,omitempty"` // Optional custom domain +} + +// DeploymentResponse represents the result of a deployment operation +type DeploymentResponse struct { + DeploymentID string `json:"deployment_id"` + Name string `json:"name"` + Namespace string `json:"namespace"` + Status string `json:"status"` + URLs []string `json:"urls"` // All URLs where deployment is accessible + Version int `json:"version"` + CreatedAt time.Time `json:"created_at"` +} + +// NodeCapacity represents available resources on a node +type NodeCapacity struct { + NodeID string `json:"node_id"` + DeploymentCount int `json:"deployment_count"` + AllocatedPorts int `json:"allocated_ports"` + AvailablePorts int `json:"available_ports"` + UsedMemoryMB int `json:"used_memory_mb"` + AvailableMemoryMB int `json:"available_memory_mb"` + UsedCPUPercent int `json:"used_cpu_percent"` + AvailableDiskMB int64 `json:"available_disk_mb"` + Score float64 `json:"score"` // Calculated capacity score +} + +// Port range constants +const ( + MinPort = 10000 // Minimum allocatable port + MaxPort = 19999 // Maximum allocatable port + ReservedMinPort = 10000 // Start of reserved range + ReservedMaxPort = 10099 // End of reserved range + UserMinPort = 10100 // Start of user-allocatable range +) + +// Default resource limits +const ( + DefaultMemoryLimitMB = 256 + DefaultCPULimitPercent = 50 + DefaultDiskLimitMB = 1024 + DefaultHealthCheckInterval = 30 // seconds + DefaultMaxRestartCount = 10 +) + +// Errors +var ( + ErrNoPortsAvailable = &DeploymentError{Message: "no ports available on node"} + ErrNoNodesAvailable = &DeploymentError{Message: "no nodes available for deployment"} + ErrDeploymentNotFound = &DeploymentError{Message: "deployment not found"} + ErrNamespaceNotAssigned = &DeploymentError{Message: "namespace has no home node assigned"} + ErrInvalidDeploymentType = &DeploymentError{Message: "invalid deployment type"} + ErrSubdomainTaken = &DeploymentError{Message: "subdomain already in use"} + ErrDomainReserved = &DeploymentError{Message: "domain is reserved"} +) + +// DeploymentError represents a deployment-related error +type DeploymentError struct { + Message string + Cause error +} + +func (e *DeploymentError) Error() string { + if e.Cause != nil { + return e.Message + ": " + e.Cause.Error() + } + return e.Message +} + +func (e *DeploymentError) Unwrap() error { + return e.Cause +} diff --git a/pkg/environments/development/topology.go b/pkg/environments/development/topology.go index 607bed7..1bc2f99 100644 --- a/pkg/environments/development/topology.go +++ b/pkg/environments/development/topology.go @@ -54,12 +54,12 @@ func DefaultTopology() *Topology { Name: "node-2", ConfigFilename: "node-2.yaml", DataDir: "node-2", - P2PPort: 4011, - IPFSAPIPort: 4511, - IPFSSwarmPort: 4111, - IPFSGatewayPort: 7511, - RQLiteHTTPPort: 5011, - RQLiteRaftPort: 7011, + P2PPort: 4002, + IPFSAPIPort: 4502, + IPFSSwarmPort: 4102, + IPFSGatewayPort: 7502, + RQLiteHTTPPort: 5002, + RQLiteRaftPort: 7002, ClusterAPIPort: 9104, ClusterPort: 9106, UnifiedGatewayPort: 6002, @@ -70,12 +70,12 @@ func DefaultTopology() *Topology { Name: "node-3", ConfigFilename: "node-3.yaml", DataDir: "node-3", - P2PPort: 4002, - IPFSAPIPort: 4502, - IPFSSwarmPort: 4102, - IPFSGatewayPort: 7502, - RQLiteHTTPPort: 5002, - RQLiteRaftPort: 7002, + P2PPort: 4003, + IPFSAPIPort: 4503, + IPFSSwarmPort: 4103, + IPFSGatewayPort: 7503, + RQLiteHTTPPort: 5003, + RQLiteRaftPort: 7003, ClusterAPIPort: 9114, ClusterPort: 9116, UnifiedGatewayPort: 6003, @@ -86,12 +86,12 @@ func DefaultTopology() *Topology { Name: "node-4", ConfigFilename: "node-4.yaml", DataDir: "node-4", - P2PPort: 4003, - IPFSAPIPort: 4503, - IPFSSwarmPort: 4103, - IPFSGatewayPort: 7503, - RQLiteHTTPPort: 5003, - RQLiteRaftPort: 7003, + P2PPort: 4004, + IPFSAPIPort: 4504, + IPFSSwarmPort: 4104, + IPFSGatewayPort: 7504, + RQLiteHTTPPort: 5004, + RQLiteRaftPort: 7004, ClusterAPIPort: 9124, ClusterPort: 9126, UnifiedGatewayPort: 6004, @@ -102,12 +102,12 @@ func DefaultTopology() *Topology { Name: "node-5", ConfigFilename: "node-5.yaml", DataDir: "node-5", - P2PPort: 4004, - IPFSAPIPort: 4504, - IPFSSwarmPort: 4104, - IPFSGatewayPort: 7504, - RQLiteHTTPPort: 5004, - RQLiteRaftPort: 7004, + P2PPort: 4005, + IPFSAPIPort: 4505, + IPFSSwarmPort: 4105, + IPFSGatewayPort: 7505, + RQLiteHTTPPort: 5005, + RQLiteRaftPort: 7005, ClusterAPIPort: 9134, ClusterPort: 9136, UnifiedGatewayPort: 6005, diff --git a/pkg/environments/production/config.go b/pkg/environments/production/config.go index a2fd99e..435ed93 100644 --- a/pkg/environments/production/config.go +++ b/pkg/environments/production/config.go @@ -94,7 +94,7 @@ func inferPeerIP(peers []string, vpsIP string) string { } // GenerateNodeConfig generates node.yaml configuration (unified architecture) -func (cg *ConfigGenerator) GenerateNodeConfig(peerAddresses []string, vpsIP string, joinAddress string, domain string, enableHTTPS bool) (string, error) { +func (cg *ConfigGenerator) GenerateNodeConfig(peerAddresses []string, vpsIP string, joinAddress string, domain string, baseDomain string, enableHTTPS bool) (string, error) { // Generate node ID from domain or use default nodeID := "node" if domain != "" { @@ -106,18 +106,11 @@ func (cg *ConfigGenerator) GenerateNodeConfig(peerAddresses []string, vpsIP stri } // Determine advertise addresses - use vpsIP if provided - // When HTTPS is enabled, RQLite uses native TLS on port 7002 (not SNI gateway) - // This avoids conflicts between SNI gateway TLS termination and RQLite's native TLS + // Always use port 7001 for RQLite Raft (no TLS) var httpAdvAddr, raftAdvAddr string if vpsIP != "" { httpAdvAddr = net.JoinHostPort(vpsIP, "5001") - if enableHTTPS { - // Use direct IP:7002 for Raft - RQLite handles TLS natively via -node-cert - // This bypasses the SNI gateway which would cause TLS termination conflicts - raftAdvAddr = net.JoinHostPort(vpsIP, "7002") - } else { - raftAdvAddr = net.JoinHostPort(vpsIP, "7001") - } + raftAdvAddr = net.JoinHostPort(vpsIP, "7001") } else { // Fallback to localhost if no vpsIP httpAdvAddr = "localhost:5001" @@ -125,18 +118,15 @@ func (cg *ConfigGenerator) GenerateNodeConfig(peerAddresses []string, vpsIP stri } // Determine RQLite join address - // When HTTPS is enabled, use port 7002 (direct RQLite TLS) instead of 7001 (SNI gateway) + // Always use port 7001 for RQLite Raft communication (no TLS) joinPort := "7001" - if enableHTTPS { - joinPort = "7002" - } var rqliteJoinAddr string if joinAddress != "" { // Use explicitly provided join address - // If it contains :7001 and HTTPS is enabled, update to :7002 - if enableHTTPS && strings.Contains(joinAddress, ":7001") { - rqliteJoinAddr = strings.Replace(joinAddress, ":7001", ":7002", 1) + // Normalize to port 7001 (non-TLS) regardless of what was provided + if strings.Contains(joinAddress, ":7002") { + rqliteJoinAddr = strings.Replace(joinAddress, ":7002", ":7001", 1) } else { rqliteJoinAddr = joinAddress } @@ -162,11 +152,9 @@ func (cg *ConfigGenerator) GenerateNodeConfig(peerAddresses []string, vpsIP stri } // Unified data directory (all nodes equal) - // When HTTPS/SNI is enabled, use internal port 7002 for RQLite Raft (SNI gateway listens on 7001) + // Always use port 7001 for RQLite Raft - TLS is optional and managed separately + // The SNI gateway approach was removed to simplify certificate management raftInternalPort := 7001 - if enableHTTPS { - raftInternalPort = 7002 // Internal port when SNI is enabled - } data := templates.NodeConfigData{ NodeID: nodeID, @@ -183,21 +171,18 @@ func (cg *ConfigGenerator) GenerateNodeConfig(peerAddresses []string, vpsIP stri RaftAdvAddress: raftAdvAddr, UnifiedGatewayPort: 6001, Domain: domain, + BaseDomain: baseDomain, EnableHTTPS: enableHTTPS, TLSCacheDir: tlsCacheDir, HTTPPort: httpPort, HTTPSPort: httpsPort, + WGIP: vpsIP, } - // When HTTPS is enabled, configure RQLite node-to-node TLS encryption - // RQLite handles TLS natively on port 7002, bypassing the SNI gateway - // This avoids TLS termination conflicts between SNI gateway and RQLite - if enableHTTPS && domain != "" { - data.NodeCert = filepath.Join(tlsCacheDir, domain+".crt") - data.NodeKey = filepath.Join(tlsCacheDir, domain+".key") - // Skip verification since nodes may have different domain certificates - data.NodeNoVerify = true - } + // RQLite node-to-node TLS encryption is disabled by default + // This simplifies certificate management - RQLite uses plain TCP for internal Raft + // HTTPS is still used for client-facing gateway traffic via autocert + // TLS can be enabled manually later if needed for inter-node encryption return templates.RenderNodeConfig(data) } @@ -224,13 +209,15 @@ func (cg *ConfigGenerator) GenerateGatewayConfig(peerAddresses []string, enableH } // GenerateOlricConfig generates Olric configuration -func (cg *ConfigGenerator) GenerateOlricConfig(serverBindAddr string, httpPort int, memberlistBindAddr string, memberlistPort int, memberlistEnv string) (string, error) { +func (cg *ConfigGenerator) GenerateOlricConfig(serverBindAddr string, httpPort int, memberlistBindAddr string, memberlistPort int, memberlistEnv string, advertiseAddr string, peers []string) (string, error) { data := templates.OlricConfigData{ - ServerBindAddr: serverBindAddr, - HTTPPort: httpPort, - MemberlistBindAddr: memberlistBindAddr, - MemberlistPort: memberlistPort, - MemberlistEnvironment: memberlistEnv, + ServerBindAddr: serverBindAddr, + HTTPPort: httpPort, + MemberlistBindAddr: memberlistBindAddr, + MemberlistPort: memberlistPort, + MemberlistEnvironment: memberlistEnv, + MemberlistAdvertiseAddr: advertiseAddr, + Peers: peers, } return templates.RenderOlricConfig(data) } @@ -341,10 +328,25 @@ func (sg *SecretGenerator) EnsureSwarmKey() ([]byte, error) { return nil, fmt.Errorf("failed to set secrets directory permissions: %w", err) } - // Try to read existing key + // Try to read existing key — validate and auto-fix if corrupted (e.g. double headers) if data, err := os.ReadFile(swarmKeyPath); err == nil { - if strings.Contains(string(data), "/key/swarm/psk/1.0.0/") { - return data, nil + content := string(data) + if strings.Contains(content, "/key/swarm/psk/1.0.0/") { + // Extract hex and rebuild clean file + lines := strings.Split(strings.TrimSpace(content), "\n") + hexKey := "" + for i := len(lines) - 1; i >= 0; i-- { + line := strings.TrimSpace(lines[i]) + if line != "" && !strings.HasPrefix(line, "/") { + hexKey = line + break + } + } + clean := fmt.Sprintf("/key/swarm/psk/1.0.0/\n/base16/\n%s\n", hexKey) + if clean != content { + _ = os.WriteFile(swarmKeyPath, []byte(clean), 0600) + } + return []byte(clean), nil } } diff --git a/pkg/environments/production/firewall.go b/pkg/environments/production/firewall.go new file mode 100644 index 0000000..330fdfa --- /dev/null +++ b/pkg/environments/production/firewall.go @@ -0,0 +1,133 @@ +package production + +import ( + "fmt" + "os/exec" + "strings" +) + +// FirewallConfig holds the configuration for UFW firewall rules +type FirewallConfig struct { + SSHPort int // default 22 + IsNameserver bool // enables port 53 TCP+UDP + AnyoneORPort int // 0 = disabled, typically 9001 + WireGuardPort int // default 51820 +} + +// FirewallProvisioner manages UFW firewall setup +type FirewallProvisioner struct { + config FirewallConfig +} + +// NewFirewallProvisioner creates a new firewall provisioner +func NewFirewallProvisioner(config FirewallConfig) *FirewallProvisioner { + if config.SSHPort == 0 { + config.SSHPort = 22 + } + if config.WireGuardPort == 0 { + config.WireGuardPort = 51820 + } + return &FirewallProvisioner{ + config: config, + } +} + +// IsInstalled checks if UFW is available +func (fp *FirewallProvisioner) IsInstalled() bool { + _, err := exec.LookPath("ufw") + return err == nil +} + +// Install installs UFW if not present +func (fp *FirewallProvisioner) Install() error { + if fp.IsInstalled() { + return nil + } + + cmd := exec.Command("apt-get", "install", "-y", "ufw") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to install ufw: %w\n%s", err, string(output)) + } + + return nil +} + +// GenerateRules returns the list of UFW commands to apply +func (fp *FirewallProvisioner) GenerateRules() []string { + rules := []string{ + // Reset to clean state + "ufw --force reset", + + // Default policies + "ufw default deny incoming", + "ufw default allow outgoing", + + // SSH (always required) + fmt.Sprintf("ufw allow %d/tcp", fp.config.SSHPort), + + // WireGuard (always required for mesh) + fmt.Sprintf("ufw allow %d/udp", fp.config.WireGuardPort), + + // Public web services + "ufw allow 80/tcp", // ACME / HTTP redirect + "ufw allow 443/tcp", // HTTPS (Caddy → Gateway) + } + + // DNS (only for nameserver nodes) + if fp.config.IsNameserver { + rules = append(rules, "ufw allow 53/tcp") + rules = append(rules, "ufw allow 53/udp") + } + + // Anyone relay ORPort + if fp.config.AnyoneORPort > 0 { + rules = append(rules, fmt.Sprintf("ufw allow %d/tcp", fp.config.AnyoneORPort)) + } + + // Allow all traffic from WireGuard subnet (inter-node encrypted traffic) + rules = append(rules, "ufw allow from 10.0.0.0/8") + + // Enable firewall + rules = append(rules, "ufw --force enable") + + return rules +} + +// Setup applies all firewall rules. Idempotent — safe to call multiple times. +func (fp *FirewallProvisioner) Setup() error { + if err := fp.Install(); err != nil { + return err + } + + rules := fp.GenerateRules() + + for _, rule := range rules { + parts := strings.Fields(rule) + cmd := exec.Command(parts[0], parts[1:]...) + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to apply firewall rule '%s': %w\n%s", rule, err, string(output)) + } + } + + return nil +} + +// IsActive checks if UFW is active +func (fp *FirewallProvisioner) IsActive() bool { + cmd := exec.Command("ufw", "status") + output, err := cmd.CombinedOutput() + if err != nil { + return false + } + return strings.Contains(string(output), "Status: active") +} + +// GetStatus returns the current UFW status +func (fp *FirewallProvisioner) GetStatus() (string, error) { + cmd := exec.Command("ufw", "status", "verbose") + output, err := cmd.CombinedOutput() + if err != nil { + return "", fmt.Errorf("failed to get ufw status: %w\n%s", err, string(output)) + } + return string(output), nil +} diff --git a/pkg/environments/production/firewall_test.go b/pkg/environments/production/firewall_test.go new file mode 100644 index 0000000..2507a65 --- /dev/null +++ b/pkg/environments/production/firewall_test.go @@ -0,0 +1,117 @@ +package production + +import ( + "strings" + "testing" +) + +func TestFirewallProvisioner_GenerateRules_StandardNode(t *testing.T) { + fp := NewFirewallProvisioner(FirewallConfig{}) + + rules := fp.GenerateRules() + + // Should contain defaults + assertContainsRule(t, rules, "ufw --force reset") + assertContainsRule(t, rules, "ufw default deny incoming") + assertContainsRule(t, rules, "ufw default allow outgoing") + assertContainsRule(t, rules, "ufw allow 22/tcp") + assertContainsRule(t, rules, "ufw allow 51820/udp") + assertContainsRule(t, rules, "ufw allow 80/tcp") + assertContainsRule(t, rules, "ufw allow 443/tcp") + assertContainsRule(t, rules, "ufw allow from 10.0.0.0/8") + assertContainsRule(t, rules, "ufw --force enable") + + // Should NOT contain DNS or Anyone relay + for _, rule := range rules { + if strings.Contains(rule, "53/") { + t.Errorf("standard node should not have DNS rule: %s", rule) + } + if strings.Contains(rule, "9001") { + t.Errorf("standard node should not have Anyone relay rule: %s", rule) + } + } +} + +func TestFirewallProvisioner_GenerateRules_Nameserver(t *testing.T) { + fp := NewFirewallProvisioner(FirewallConfig{ + IsNameserver: true, + }) + + rules := fp.GenerateRules() + + assertContainsRule(t, rules, "ufw allow 53/tcp") + assertContainsRule(t, rules, "ufw allow 53/udp") +} + +func TestFirewallProvisioner_GenerateRules_WithAnyoneRelay(t *testing.T) { + fp := NewFirewallProvisioner(FirewallConfig{ + AnyoneORPort: 9001, + }) + + rules := fp.GenerateRules() + + assertContainsRule(t, rules, "ufw allow 9001/tcp") +} + +func TestFirewallProvisioner_GenerateRules_CustomSSHPort(t *testing.T) { + fp := NewFirewallProvisioner(FirewallConfig{ + SSHPort: 2222, + }) + + rules := fp.GenerateRules() + + assertContainsRule(t, rules, "ufw allow 2222/tcp") + + // Should NOT have default port 22 + for _, rule := range rules { + if rule == "ufw allow 22/tcp" { + t.Error("should not have default SSH port 22 when custom port is set") + } + } +} + +func TestFirewallProvisioner_GenerateRules_WireGuardSubnetAllowed(t *testing.T) { + fp := NewFirewallProvisioner(FirewallConfig{}) + + rules := fp.GenerateRules() + + assertContainsRule(t, rules, "ufw allow from 10.0.0.0/8") +} + +func TestFirewallProvisioner_GenerateRules_FullConfig(t *testing.T) { + fp := NewFirewallProvisioner(FirewallConfig{ + SSHPort: 2222, + IsNameserver: true, + AnyoneORPort: 9001, + WireGuardPort: 51821, + }) + + rules := fp.GenerateRules() + + assertContainsRule(t, rules, "ufw allow 2222/tcp") + assertContainsRule(t, rules, "ufw allow 51821/udp") + assertContainsRule(t, rules, "ufw allow 53/tcp") + assertContainsRule(t, rules, "ufw allow 53/udp") + assertContainsRule(t, rules, "ufw allow 9001/tcp") +} + +func TestFirewallProvisioner_DefaultPorts(t *testing.T) { + fp := NewFirewallProvisioner(FirewallConfig{}) + + if fp.config.SSHPort != 22 { + t.Errorf("default SSHPort = %d, want 22", fp.config.SSHPort) + } + if fp.config.WireGuardPort != 51820 { + t.Errorf("default WireGuardPort = %d, want 51820", fp.config.WireGuardPort) + } +} + +func assertContainsRule(t *testing.T, rules []string, expected string) { + t.Helper() + for _, rule := range rules { + if rule == expected { + return + } + } + t.Errorf("rules should contain '%s', got: %v", expected, rules) +} diff --git a/pkg/environments/production/installers.go b/pkg/environments/production/installers.go index 624c17b..67955d7 100644 --- a/pkg/environments/production/installers.go +++ b/pkg/environments/production/installers.go @@ -1,6 +1,7 @@ package production import ( + "fmt" "io" "os/exec" @@ -12,6 +13,7 @@ import ( type BinaryInstaller struct { arch string logWriter io.Writer + oramaHome string // Embedded installers rqlite *installers.RQLiteInstaller @@ -19,18 +21,24 @@ type BinaryInstaller struct { ipfsCluster *installers.IPFSClusterInstaller olric *installers.OlricInstaller gateway *installers.GatewayInstaller + coredns *installers.CoreDNSInstaller + caddy *installers.CaddyInstaller } // NewBinaryInstaller creates a new binary installer func NewBinaryInstaller(arch string, logWriter io.Writer) *BinaryInstaller { + oramaHome := "/home/debros" return &BinaryInstaller{ arch: arch, logWriter: logWriter, + oramaHome: oramaHome, rqlite: installers.NewRQLiteInstaller(arch, logWriter), ipfs: installers.NewIPFSInstaller(arch, logWriter), ipfsCluster: installers.NewIPFSClusterInstaller(arch, logWriter), olric: installers.NewOlricInstaller(arch, logWriter), gateway: installers.NewGatewayInstaller(arch, logWriter), + coredns: installers.NewCoreDNSInstaller(arch, logWriter, oramaHome), + caddy: installers.NewCaddyInstaller(arch, logWriter, oramaHome), } } @@ -82,8 +90,8 @@ type IPFSClusterPeerInfo = installers.IPFSClusterPeerInfo // InitializeIPFSRepo initializes an IPFS repository for a node (unified - no bootstrap/node distinction) // If ipfsPeer is provided, configures Peering.Peers for peer discovery in private networks -func (bi *BinaryInstaller) InitializeIPFSRepo(ipfsRepoPath string, swarmKeyPath string, apiPort, gatewayPort, swarmPort int, ipfsPeer *IPFSPeerInfo) error { - return bi.ipfs.InitializeRepo(ipfsRepoPath, swarmKeyPath, apiPort, gatewayPort, swarmPort, ipfsPeer) +func (bi *BinaryInstaller) InitializeIPFSRepo(ipfsRepoPath string, swarmKeyPath string, apiPort, gatewayPort, swarmPort int, bindIP string, ipfsPeer *IPFSPeerInfo) error { + return bi.ipfs.InitializeRepo(ipfsRepoPath, swarmKeyPath, apiPort, gatewayPort, swarmPort, bindIP, ipfsPeer) } // InitializeIPFSClusterConfig initializes IPFS Cluster configuration (unified - no bootstrap/node distinction) @@ -110,6 +118,35 @@ func (bi *BinaryInstaller) InstallAnyoneClient() error { return bi.gateway.InstallAnyoneClient() } +// InstallCoreDNS builds and installs CoreDNS with the custom RQLite plugin. +// Also disables systemd-resolved's stub listener so CoreDNS can bind to port 53. +func (bi *BinaryInstaller) InstallCoreDNS() error { + if err := bi.coredns.DisableResolvedStubListener(); err != nil { + fmt.Fprintf(bi.logWriter, " ⚠️ Failed to disable systemd-resolved stub: %v\n", err) + } + return bi.coredns.Install() +} + +// ConfigureCoreDNS creates CoreDNS configuration files +func (bi *BinaryInstaller) ConfigureCoreDNS(domain string, rqliteDSN string, ns1IP, ns2IP, ns3IP string) error { + return bi.coredns.Configure(domain, rqliteDSN, ns1IP, ns2IP, ns3IP) +} + +// SeedDNS seeds static DNS records into RQLite. Call after RQLite is running. +func (bi *BinaryInstaller) SeedDNS(domain string, rqliteDSN string, ns1IP, ns2IP, ns3IP string) error { + return bi.coredns.SeedDNS(domain, rqliteDSN, ns1IP, ns2IP, ns3IP) +} + +// InstallCaddy builds and installs Caddy with the custom orama DNS module +func (bi *BinaryInstaller) InstallCaddy() error { + return bi.caddy.Install() +} + +// ConfigureCaddy creates Caddy configuration files +func (bi *BinaryInstaller) ConfigureCaddy(domain string, email string, acmeEndpoint string, baseDomain string) error { + return bi.caddy.Configure(domain, email, acmeEndpoint, baseDomain) +} + // Mock system commands for testing (if needed) var execCommand = exec.Command diff --git a/pkg/environments/production/installers/anyone_relay.go b/pkg/environments/production/installers/anyone_relay.go new file mode 100644 index 0000000..e5ea722 --- /dev/null +++ b/pkg/environments/production/installers/anyone_relay.go @@ -0,0 +1,423 @@ +package installers + +import ( + "bufio" + "fmt" + "io" + "os" + "os/exec" + "path/filepath" + "regexp" + "strings" +) + +// AnyoneRelayConfig holds configuration for the Anyone relay +type AnyoneRelayConfig struct { + Nickname string // Relay nickname (1-19 alphanumeric) + Contact string // Contact info (email or @telegram) + Wallet string // Ethereum wallet for rewards + ORPort int // ORPort for relay (default 9001) + ExitRelay bool // Whether to run as exit relay + Migrate bool // Whether to migrate existing installation + MyFamily string // Comma-separated list of family fingerprints (for multi-relay operators) +} + +// ExistingAnyoneInfo contains information about an existing Anyone installation +type ExistingAnyoneInfo struct { + HasKeys bool + HasConfig bool + IsRunning bool + Fingerprint string + Wallet string + Nickname string + MyFamily string // Existing MyFamily setting (important to preserve!) + ConfigPath string + KeysPath string +} + +// AnyoneRelayInstaller handles Anyone relay installation +type AnyoneRelayInstaller struct { + *BaseInstaller + config AnyoneRelayConfig +} + +// NewAnyoneRelayInstaller creates a new Anyone relay installer +func NewAnyoneRelayInstaller(arch string, logWriter io.Writer, config AnyoneRelayConfig) *AnyoneRelayInstaller { + return &AnyoneRelayInstaller{ + BaseInstaller: NewBaseInstaller(arch, logWriter), + config: config, + } +} + +// DetectExistingAnyoneInstallation checks for an existing Anyone relay installation +func DetectExistingAnyoneInstallation() (*ExistingAnyoneInfo, error) { + info := &ExistingAnyoneInfo{ + ConfigPath: "/etc/anon/anonrc", + KeysPath: "/var/lib/anon/keys", + } + + // Check for existing keys + if _, err := os.Stat(info.KeysPath); err == nil { + info.HasKeys = true + } + + // Check for existing config + if _, err := os.Stat(info.ConfigPath); err == nil { + info.HasConfig = true + + // Parse existing config for fingerprint/wallet/nickname + if file, err := os.Open(info.ConfigPath); err == nil { + defer file.Close() + scanner := bufio.NewScanner(file) + for scanner.Scan() { + line := strings.TrimSpace(scanner.Text()) + if strings.HasPrefix(line, "#") { + continue + } + + // Parse Nickname + if strings.HasPrefix(line, "Nickname ") { + info.Nickname = strings.TrimPrefix(line, "Nickname ") + } + + // Parse ContactInfo for wallet (format: ... @anon:0x... or @anon: 0x...) + if strings.HasPrefix(line, "ContactInfo ") { + contact := strings.TrimPrefix(line, "ContactInfo ") + // Extract wallet address from @anon: prefix (handle space after colon) + if idx := strings.Index(contact, "@anon:"); idx != -1 { + wallet := strings.TrimSpace(contact[idx+6:]) + info.Wallet = wallet + } + } + + // Parse MyFamily (critical to preserve for multi-relay operators) + if strings.HasPrefix(line, "MyFamily ") { + info.MyFamily = strings.TrimPrefix(line, "MyFamily ") + } + } + } + } + + // Check if anon service is running + cmd := exec.Command("systemctl", "is-active", "--quiet", "anon") + if cmd.Run() == nil { + info.IsRunning = true + } + + // Try to get fingerprint from data directory (it's in /var/lib/anon/, not keys/) + fingerprintFile := "/var/lib/anon/fingerprint" + if data, err := os.ReadFile(fingerprintFile); err == nil { + info.Fingerprint = strings.TrimSpace(string(data)) + } + + // Return nil if no installation detected + if !info.HasKeys && !info.HasConfig && !info.IsRunning { + return nil, nil + } + + return info, nil +} + +// IsInstalled checks if the anon relay binary is installed +func (ari *AnyoneRelayInstaller) IsInstalled() bool { + // Check if anon binary exists + if _, err := exec.LookPath("anon"); err == nil { + return true + } + // Check common installation path + if _, err := os.Stat("/usr/bin/anon"); err == nil { + return true + } + return false +} + +// Install downloads and installs the Anyone relay using the official install script +func (ari *AnyoneRelayInstaller) Install() error { + fmt.Fprintf(ari.logWriter, " Installing Anyone relay...\n") + + // Create required directories + dirs := []string{ + "/etc/anon", + "/var/lib/anon", + "/var/log/anon", + } + for _, dir := range dirs { + if err := os.MkdirAll(dir, 0755); err != nil { + return fmt.Errorf("failed to create directory %s: %w", dir, err) + } + } + + // Download the official install script + installScript := "/tmp/anon-install.sh" + scriptURL := "https://raw.githubusercontent.com/anyone-protocol/anon-install/refs/heads/main/install.sh" + + fmt.Fprintf(ari.logWriter, " Downloading install script...\n") + if err := DownloadFile(scriptURL, installScript); err != nil { + return fmt.Errorf("failed to download install script: %w", err) + } + + // Make script executable + if err := os.Chmod(installScript, 0755); err != nil { + return fmt.Errorf("failed to chmod install script: %w", err) + } + + // The official script is interactive, so we need to provide answers via stdin + // or install the package directly + fmt.Fprintf(ari.logWriter, " Installing anon package...\n") + + // Add the Anyone repository and install the package directly + // This is more reliable than running the interactive script + if err := ari.addAnyoneRepository(); err != nil { + return fmt.Errorf("failed to add Anyone repository: %w", err) + } + + // Pre-accept terms via debconf to avoid interactive prompt during apt install. + // The anon package preinst script checks "anon/terms" via debconf. + preseed := exec.Command("bash", "-c", `echo "anon anon/terms boolean true" | debconf-set-selections`) + if output, err := preseed.CombinedOutput(); err != nil { + fmt.Fprintf(ari.logWriter, " ⚠️ debconf preseed warning: %v (%s)\n", err, string(output)) + } + + // Install the anon package non-interactively. + // --force-confold keeps existing config files if present (e.g. during migration). + cmd := exec.Command("apt-get", "install", "-y", "-o", "Dpkg::Options::=--force-confold", "anon") + cmd.Env = append(os.Environ(), "DEBIAN_FRONTEND=noninteractive") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to install anon package: %w\n%s", err, string(output)) + } + + // Clean up + os.Remove(installScript) + + // Stop and disable the default 'anon' systemd service that the apt package + // auto-enables. We use our own 'debros-anyone-relay' service instead. + exec.Command("systemctl", "stop", "anon").Run() + exec.Command("systemctl", "disable", "anon").Run() + + fmt.Fprintf(ari.logWriter, " ✓ Anyone relay binary installed\n") + + // Install nyx for relay monitoring (connects to ControlPort 9051) + if err := ari.installNyx(); err != nil { + fmt.Fprintf(ari.logWriter, " ⚠️ nyx install warning: %v\n", err) + } + + return nil +} + +// installNyx installs the nyx relay monitor tool +func (ari *AnyoneRelayInstaller) installNyx() error { + // Check if already installed + if _, err := exec.LookPath("nyx"); err == nil { + fmt.Fprintf(ari.logWriter, " ✓ nyx already installed\n") + return nil + } + + fmt.Fprintf(ari.logWriter, " Installing nyx (relay monitor)...\n") + cmd := exec.Command("apt-get", "install", "-y", "nyx") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to install nyx: %w\n%s", err, string(output)) + } + + fmt.Fprintf(ari.logWriter, " ✓ nyx installed (use 'nyx' to monitor relay on ControlPort 9051)\n") + return nil +} + +// addAnyoneRepository adds the Anyone apt repository +func (ari *AnyoneRelayInstaller) addAnyoneRepository() error { + // Add GPG key using wget (as per official install script) + fmt.Fprintf(ari.logWriter, " Adding Anyone repository key...\n") + + // Download and add the GPG key using the official method + keyPath := "/etc/apt/trusted.gpg.d/anon.asc" + cmd := exec.Command("bash", "-c", "wget -qO- https://deb.en.anyone.tech/anon.asc | tee "+keyPath) + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to download GPG key: %w\n%s", err, string(output)) + } + + // Add repository + fmt.Fprintf(ari.logWriter, " Adding Anyone repository...\n") + + // Determine distribution codename + codename := "stable" + if data, err := exec.Command("lsb_release", "-cs").Output(); err == nil { + codename = strings.TrimSpace(string(data)) + } + + // Create sources.list entry using the official format: anon-live-$VERSION_CODENAME + repoLine := fmt.Sprintf("deb [signed-by=%s] https://deb.en.anyone.tech anon-live-%s main\n", keyPath, codename) + if err := os.WriteFile("/etc/apt/sources.list.d/anon.list", []byte(repoLine), 0644); err != nil { + return fmt.Errorf("failed to write repository file: %w", err) + } + + // Update apt + cmd = exec.Command("apt-get", "update", "--yes") + if output, err := cmd.CombinedOutput(); err != nil { + fmt.Fprintf(ari.logWriter, " ⚠️ Warning: apt update failed: %s\n", string(output)) + } + + return nil +} + +// Configure generates the anonrc configuration file +func (ari *AnyoneRelayInstaller) Configure() error { + fmt.Fprintf(ari.logWriter, " Configuring Anyone relay...\n") + + configPath := "/etc/anon/anonrc" + + // Backup existing config if it exists + if _, err := os.Stat(configPath); err == nil { + backupPath := configPath + ".bak" + if err := exec.Command("cp", configPath, backupPath).Run(); err != nil { + fmt.Fprintf(ari.logWriter, " ⚠️ Warning: failed to backup existing config: %v\n", err) + } else { + fmt.Fprintf(ari.logWriter, " Backed up existing config to %s\n", backupPath) + } + } + + // Generate configuration + config := ari.generateAnonrc() + + // Write configuration + if err := os.WriteFile(configPath, []byte(config), 0644); err != nil { + return fmt.Errorf("failed to write anonrc: %w", err) + } + + fmt.Fprintf(ari.logWriter, " ✓ Anyone relay configured\n") + return nil +} + +// generateAnonrc creates the anonrc configuration content +func (ari *AnyoneRelayInstaller) generateAnonrc() string { + var sb strings.Builder + + sb.WriteString("# Anyone Relay Configuration (Managed by Orama Network)\n") + sb.WriteString("# Generated automatically - manual edits may be overwritten\n\n") + + // Nickname + sb.WriteString(fmt.Sprintf("Nickname %s\n", ari.config.Nickname)) + + // Contact info with wallet + if ari.config.Wallet != "" { + sb.WriteString(fmt.Sprintf("ContactInfo %s @anon:%s\n", ari.config.Contact, ari.config.Wallet)) + } else { + sb.WriteString(fmt.Sprintf("ContactInfo %s\n", ari.config.Contact)) + } + + sb.WriteString("\n") + + // ORPort + sb.WriteString(fmt.Sprintf("ORPort %d\n", ari.config.ORPort)) + + // SOCKS port for local use + sb.WriteString("SocksPort 9050\n") + + sb.WriteString("\n") + + // Exit relay configuration + if ari.config.ExitRelay { + sb.WriteString("ExitRelay 1\n") + sb.WriteString("# Exit policy - allow common ports\n") + sb.WriteString("ExitPolicy accept *:80\n") + sb.WriteString("ExitPolicy accept *:443\n") + sb.WriteString("ExitPolicy reject *:*\n") + } else { + sb.WriteString("ExitRelay 0\n") + sb.WriteString("ExitPolicy reject *:*\n") + } + + sb.WriteString("\n") + + // Logging + sb.WriteString("Log notice file /var/log/anon/notices.log\n") + + // Data directory + sb.WriteString("DataDirectory /var/lib/anon\n") + + // Control port for monitoring + sb.WriteString("ControlPort 9051\n") + + // MyFamily for multi-relay operators (preserve from existing config) + if ari.config.MyFamily != "" { + sb.WriteString("\n") + sb.WriteString(fmt.Sprintf("MyFamily %s\n", ari.config.MyFamily)) + } + + return sb.String() +} + +// MigrateExistingInstallation migrates an existing Anyone installation into Orama Network +func (ari *AnyoneRelayInstaller) MigrateExistingInstallation(existing *ExistingAnyoneInfo, backupDir string) error { + fmt.Fprintf(ari.logWriter, " Migrating existing Anyone installation...\n") + + // Create backup directory + backupAnonDir := filepath.Join(backupDir, "anon-backup") + if err := os.MkdirAll(backupAnonDir, 0755); err != nil { + return fmt.Errorf("failed to create backup directory: %w", err) + } + + // Stop existing anon service if running + if existing.IsRunning { + fmt.Fprintf(ari.logWriter, " Stopping existing anon service...\n") + exec.Command("systemctl", "stop", "anon").Run() + } + + // Backup keys + if existing.HasKeys { + fmt.Fprintf(ari.logWriter, " Backing up keys...\n") + keysBackup := filepath.Join(backupAnonDir, "keys") + if err := exec.Command("cp", "-r", existing.KeysPath, keysBackup).Run(); err != nil { + return fmt.Errorf("failed to backup keys: %w", err) + } + } + + // Backup config + if existing.HasConfig { + fmt.Fprintf(ari.logWriter, " Backing up config...\n") + configBackup := filepath.Join(backupAnonDir, "anonrc") + if err := exec.Command("cp", existing.ConfigPath, configBackup).Run(); err != nil { + return fmt.Errorf("failed to backup config: %w", err) + } + } + + // Preserve nickname from existing installation if not provided + if ari.config.Nickname == "" && existing.Nickname != "" { + fmt.Fprintf(ari.logWriter, " Using existing nickname: %s\n", existing.Nickname) + ari.config.Nickname = existing.Nickname + } + + // Preserve wallet from existing installation if not provided + if ari.config.Wallet == "" && existing.Wallet != "" { + fmt.Fprintf(ari.logWriter, " Using existing wallet: %s\n", existing.Wallet) + ari.config.Wallet = existing.Wallet + } + + // Preserve MyFamily from existing installation (critical for multi-relay operators) + if existing.MyFamily != "" { + fmt.Fprintf(ari.logWriter, " Preserving MyFamily configuration (%d relays)\n", len(strings.Split(existing.MyFamily, ","))) + ari.config.MyFamily = existing.MyFamily + } + + fmt.Fprintf(ari.logWriter, " ✓ Backup created at %s\n", backupAnonDir) + fmt.Fprintf(ari.logWriter, " ✓ Migration complete - keys and fingerprint preserved\n") + + return nil +} + +// ValidateNickname validates the relay nickname (1-19 alphanumeric chars) +func ValidateNickname(nickname string) error { + if len(nickname) < 1 || len(nickname) > 19 { + return fmt.Errorf("nickname must be 1-19 characters") + } + if !regexp.MustCompile(`^[a-zA-Z0-9]+$`).MatchString(nickname) { + return fmt.Errorf("nickname must be alphanumeric only") + } + return nil +} + +// ValidateWallet validates an Ethereum wallet address +func ValidateWallet(wallet string) error { + if !regexp.MustCompile(`^0x[a-fA-F0-9]{40}$`).MatchString(wallet) { + return fmt.Errorf("invalid Ethereum wallet address (must be 0x followed by 40 hex characters)") + } + return nil +} diff --git a/pkg/environments/production/installers/caddy.go b/pkg/environments/production/installers/caddy.go new file mode 100644 index 0000000..504e071 --- /dev/null +++ b/pkg/environments/production/installers/caddy.go @@ -0,0 +1,402 @@ +package installers + +import ( + "fmt" + "io" + "os" + "os/exec" + "path/filepath" + "strings" +) + +const ( + caddyVersion = "2.10.2" + xcaddyRepo = "github.com/caddyserver/xcaddy/cmd/xcaddy@latest" +) + +// CaddyInstaller handles Caddy installation with custom DNS module +type CaddyInstaller struct { + *BaseInstaller + version string + oramaHome string + dnsModule string // Path to the orama DNS module source +} + +// NewCaddyInstaller creates a new Caddy installer +func NewCaddyInstaller(arch string, logWriter io.Writer, oramaHome string) *CaddyInstaller { + return &CaddyInstaller{ + BaseInstaller: NewBaseInstaller(arch, logWriter), + version: caddyVersion, + oramaHome: oramaHome, + dnsModule: filepath.Join(oramaHome, "src", "pkg", "caddy", "dns", "orama"), + } +} + +// IsInstalled checks if Caddy with orama DNS module is already installed +func (ci *CaddyInstaller) IsInstalled() bool { + caddyPath := "/usr/bin/caddy" + if _, err := os.Stat(caddyPath); os.IsNotExist(err) { + return false + } + + // Verify it has the orama DNS module + cmd := exec.Command(caddyPath, "list-modules") + output, err := cmd.Output() + if err != nil { + return false + } + + return containsLine(string(output), "dns.providers.orama") +} + +// Install builds and installs Caddy with the custom orama DNS module +func (ci *CaddyInstaller) Install() error { + if ci.IsInstalled() { + fmt.Fprintf(ci.logWriter, " ✓ Caddy with orama DNS module already installed\n") + return nil + } + + fmt.Fprintf(ci.logWriter, " Building Caddy with orama DNS module...\n") + + // Check if Go is available + if _, err := exec.LookPath("go"); err != nil { + return fmt.Errorf("go not found - required to build Caddy. Please install Go first") + } + + goPath := os.Getenv("PATH") + ":/usr/local/go/bin" + buildDir := "/tmp/caddy-build" + + // Clean up any previous build + os.RemoveAll(buildDir) + if err := os.MkdirAll(buildDir, 0755); err != nil { + return fmt.Errorf("failed to create build directory: %w", err) + } + defer os.RemoveAll(buildDir) + + // Install xcaddy if not available + if _, err := exec.LookPath("xcaddy"); err != nil { + fmt.Fprintf(ci.logWriter, " Installing xcaddy...\n") + cmd := exec.Command("go", "install", xcaddyRepo) + cmd.Env = append(os.Environ(), "PATH="+goPath, "GOBIN=/usr/local/bin") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to install xcaddy: %w\n%s", err, string(output)) + } + } + + // Create the orama DNS module in build directory + fmt.Fprintf(ci.logWriter, " Creating orama DNS module...\n") + moduleDir := filepath.Join(buildDir, "caddy-dns-orama") + if err := os.MkdirAll(moduleDir, 0755); err != nil { + return fmt.Errorf("failed to create module directory: %w", err) + } + + // Write the provider.go file + providerCode := ci.generateProviderCode() + if err := os.WriteFile(filepath.Join(moduleDir, "provider.go"), []byte(providerCode), 0644); err != nil { + return fmt.Errorf("failed to write provider.go: %w", err) + } + + // Write go.mod + goMod := ci.generateGoMod() + if err := os.WriteFile(filepath.Join(moduleDir, "go.mod"), []byte(goMod), 0644); err != nil { + return fmt.Errorf("failed to write go.mod: %w", err) + } + + // Run go mod tidy + tidyCmd := exec.Command("go", "mod", "tidy") + tidyCmd.Dir = moduleDir + tidyCmd.Env = append(os.Environ(), "PATH="+goPath) + if output, err := tidyCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to run go mod tidy: %w\n%s", err, string(output)) + } + + // Build Caddy with xcaddy + fmt.Fprintf(ci.logWriter, " Building Caddy binary...\n") + xcaddyPath := "/usr/local/bin/xcaddy" + if _, err := os.Stat(xcaddyPath); os.IsNotExist(err) { + xcaddyPath = "xcaddy" // Try PATH + } + + buildCmd := exec.Command(xcaddyPath, "build", + "v"+ci.version, + "--with", "github.com/DeBrosOfficial/caddy-dns-orama="+moduleDir, + "--output", filepath.Join(buildDir, "caddy")) + buildCmd.Dir = buildDir + buildCmd.Env = append(os.Environ(), "PATH="+goPath) + if output, err := buildCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to build Caddy: %w\n%s", err, string(output)) + } + + // Verify the binary has orama DNS module + verifyCmd := exec.Command(filepath.Join(buildDir, "caddy"), "list-modules") + output, err := verifyCmd.Output() + if err != nil { + return fmt.Errorf("failed to verify Caddy binary: %w", err) + } + if !containsLine(string(output), "dns.providers.orama") { + return fmt.Errorf("Caddy binary does not contain orama DNS module") + } + + // Install the binary + fmt.Fprintf(ci.logWriter, " Installing Caddy binary...\n") + srcBinary := filepath.Join(buildDir, "caddy") + dstBinary := "/usr/bin/caddy" + + data, err := os.ReadFile(srcBinary) + if err != nil { + return fmt.Errorf("failed to read built binary: %w", err) + } + if err := os.WriteFile(dstBinary, data, 0755); err != nil { + return fmt.Errorf("failed to install binary: %w", err) + } + + // Grant CAP_NET_BIND_SERVICE to allow binding to ports 80/443 + if err := exec.Command("setcap", "cap_net_bind_service=+ep", dstBinary).Run(); err != nil { + fmt.Fprintf(ci.logWriter, " ⚠️ Warning: failed to setcap on caddy: %v\n", err) + } + + fmt.Fprintf(ci.logWriter, " ✓ Caddy with orama DNS module installed\n") + return nil +} + +// Configure creates Caddy configuration files. +// baseDomain is optional — if provided (and different from domain), Caddy will also +// serve traffic for the base domain and its wildcard (e.g., *.dbrs.space). +func (ci *CaddyInstaller) Configure(domain string, email string, acmeEndpoint string, baseDomain string) error { + configDir := "/etc/caddy" + if err := os.MkdirAll(configDir, 0755); err != nil { + return fmt.Errorf("failed to create config directory: %w", err) + } + + // Create Caddyfile + caddyfile := ci.generateCaddyfile(domain, email, acmeEndpoint, baseDomain) + if err := os.WriteFile(filepath.Join(configDir, "Caddyfile"), []byte(caddyfile), 0644); err != nil { + return fmt.Errorf("failed to write Caddyfile: %w", err) + } + + return nil +} + +// generateProviderCode creates the orama DNS provider code +func (ci *CaddyInstaller) generateProviderCode() string { + return `// Package orama implements a DNS provider for Caddy that uses the Orama Network +// gateway's internal ACME API for DNS-01 challenge validation. +package orama + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "net/http" + "time" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/libdns/libdns" +) + +func init() { + caddy.RegisterModule(Provider{}) +} + +// Provider wraps the Orama DNS provider for Caddy. +type Provider struct { + // Endpoint is the URL of the Orama gateway's ACME API + // Default: http://localhost:6001/v1/internal/acme + Endpoint string ` + "`json:\"endpoint,omitempty\"`" + ` +} + +// CaddyModule returns the Caddy module information. +func (Provider) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "dns.providers.orama", + New: func() caddy.Module { return new(Provider) }, + } +} + +// Provision sets up the module. +func (p *Provider) Provision(ctx caddy.Context) error { + if p.Endpoint == "" { + p.Endpoint = "http://localhost:6001/v1/internal/acme" + } + return nil +} + +// UnmarshalCaddyfile parses the Caddyfile configuration. +func (p *Provider) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for d.NextBlock(0) { + switch d.Val() { + case "endpoint": + if !d.NextArg() { + return d.ArgErr() + } + p.Endpoint = d.Val() + default: + return d.Errf("unrecognized option: %s", d.Val()) + } + } + } + return nil +} + +// AppendRecords adds records to the zone. For ACME, this presents the challenge. +func (p *Provider) AppendRecords(ctx context.Context, zone string, records []libdns.Record) ([]libdns.Record, error) { + var added []libdns.Record + + for _, rec := range records { + rr := rec.RR() + if rr.Type != "TXT" { + continue + } + + fqdn := rr.Name + "." + zone + + payload := map[string]string{ + "fqdn": fqdn, + "value": rr.Data, + } + + body, err := json.Marshal(payload) + if err != nil { + return added, fmt.Errorf("failed to marshal request: %w", err) + } + + req, err := http.NewRequestWithContext(ctx, "POST", p.Endpoint+"/present", bytes.NewReader(body)) + if err != nil { + return added, fmt.Errorf("failed to create request: %w", err) + } + req.Header.Set("Content-Type", "application/json") + + client := &http.Client{Timeout: 30 * time.Second} + resp, err := client.Do(req) + if err != nil { + return added, fmt.Errorf("failed to present challenge: %w", err) + } + resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return added, fmt.Errorf("present failed with status %d", resp.StatusCode) + } + + added = append(added, rec) + } + + return added, nil +} + +// DeleteRecords removes records from the zone. For ACME, this cleans up the challenge. +func (p *Provider) DeleteRecords(ctx context.Context, zone string, records []libdns.Record) ([]libdns.Record, error) { + var deleted []libdns.Record + + for _, rec := range records { + rr := rec.RR() + if rr.Type != "TXT" { + continue + } + + fqdn := rr.Name + "." + zone + + payload := map[string]string{ + "fqdn": fqdn, + "value": rr.Data, + } + + body, err := json.Marshal(payload) + if err != nil { + return deleted, fmt.Errorf("failed to marshal request: %w", err) + } + + req, err := http.NewRequestWithContext(ctx, "POST", p.Endpoint+"/cleanup", bytes.NewReader(body)) + if err != nil { + return deleted, fmt.Errorf("failed to create request: %w", err) + } + req.Header.Set("Content-Type", "application/json") + + client := &http.Client{Timeout: 30 * time.Second} + resp, err := client.Do(req) + if err != nil { + return deleted, fmt.Errorf("failed to cleanup challenge: %w", err) + } + resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return deleted, fmt.Errorf("cleanup failed with status %d", resp.StatusCode) + } + + deleted = append(deleted, rec) + } + + return deleted, nil +} + +// GetRecords returns the records in the zone. Not used for ACME. +func (p *Provider) GetRecords(ctx context.Context, zone string) ([]libdns.Record, error) { + return nil, nil +} + +// SetRecords sets the records in the zone. Not used for ACME. +func (p *Provider) SetRecords(ctx context.Context, zone string, records []libdns.Record) ([]libdns.Record, error) { + return nil, nil +} + +// Interface guards +var ( + _ caddy.Module = (*Provider)(nil) + _ caddy.Provisioner = (*Provider)(nil) + _ caddyfile.Unmarshaler = (*Provider)(nil) + _ libdns.RecordAppender = (*Provider)(nil) + _ libdns.RecordDeleter = (*Provider)(nil) + _ libdns.RecordGetter = (*Provider)(nil) + _ libdns.RecordSetter = (*Provider)(nil) +) +` +} + +// generateGoMod creates the go.mod file for the module +func (ci *CaddyInstaller) generateGoMod() string { + return `module github.com/DeBrosOfficial/caddy-dns-orama + +go 1.22 + +require ( + github.com/caddyserver/caddy/v2 v2.` + caddyVersion[2:] + ` + github.com/libdns/libdns v1.1.0 +) +` +} + +// generateCaddyfile creates the Caddyfile configuration. +// If baseDomain is provided and different from domain, Caddy also serves +// the base domain and its wildcard (e.g., *.dbrs.space alongside *.node1.dbrs.space). +func (ci *CaddyInstaller) generateCaddyfile(domain, email, acmeEndpoint, baseDomain string) string { + // Primary: Let's Encrypt via ACME DNS-01 challenge + // Fallback: Caddy's internal CA (self-signed, trust root on clients) + tlsBlock := fmt.Sprintf(` tls { + issuer acme { + dns orama { + endpoint %s + } + } + issuer internal + }`, acmeEndpoint) + + var sb strings.Builder + sb.WriteString(fmt.Sprintf("{\n email %s\n}\n", email)) + + // Node domain blocks (e.g., node1.dbrs.space, *.node1.dbrs.space) + sb.WriteString(fmt.Sprintf("\n*.%s {\n%s\n reverse_proxy localhost:6001\n}\n", domain, tlsBlock)) + sb.WriteString(fmt.Sprintf("\n%s {\n%s\n reverse_proxy localhost:6001\n}\n", domain, tlsBlock)) + + // Base domain blocks (e.g., dbrs.space, *.dbrs.space) — for app routing + if baseDomain != "" && baseDomain != domain { + sb.WriteString(fmt.Sprintf("\n*.%s {\n%s\n reverse_proxy localhost:6001\n}\n", baseDomain, tlsBlock)) + sb.WriteString(fmt.Sprintf("\n%s {\n%s\n reverse_proxy localhost:6001\n}\n", baseDomain, tlsBlock)) + } + + // HTTP fallback (handles plain HTTP and ACME challenges) + sb.WriteString("\n:80 {\n reverse_proxy localhost:6001\n}\n") + + return sb.String() +} diff --git a/pkg/environments/production/installers/coredns.go b/pkg/environments/production/installers/coredns.go new file mode 100644 index 0000000..f92a2c7 --- /dev/null +++ b/pkg/environments/production/installers/coredns.go @@ -0,0 +1,512 @@ +package installers + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "time" +) + +const ( + coreDNSVersion = "1.12.0" + coreDNSRepo = "https://github.com/coredns/coredns.git" +) + +// CoreDNSInstaller handles CoreDNS installation with RQLite plugin +type CoreDNSInstaller struct { + *BaseInstaller + version string + oramaHome string + rqlitePlugin string // Path to the RQLite plugin source +} + +// NewCoreDNSInstaller creates a new CoreDNS installer +func NewCoreDNSInstaller(arch string, logWriter io.Writer, oramaHome string) *CoreDNSInstaller { + return &CoreDNSInstaller{ + BaseInstaller: NewBaseInstaller(arch, logWriter), + version: coreDNSVersion, + oramaHome: oramaHome, + rqlitePlugin: filepath.Join(oramaHome, "src", "pkg", "coredns", "rqlite"), + } +} + +// IsInstalled checks if CoreDNS with RQLite plugin is already installed +func (ci *CoreDNSInstaller) IsInstalled() bool { + // Check if coredns binary exists + corednsPath := "/usr/local/bin/coredns" + if _, err := os.Stat(corednsPath); os.IsNotExist(err) { + return false + } + + // Verify it has the rqlite plugin + cmd := exec.Command(corednsPath, "-plugins") + output, err := cmd.Output() + if err != nil { + return false + } + + return containsLine(string(output), "rqlite") +} + +// Install builds and installs CoreDNS with the custom RQLite plugin +// DisableResolvedStubListener disables systemd-resolved's DNS stub listener +// so CoreDNS can bind to port 53. This is required on Ubuntu/Debian systems +// where systemd-resolved listens on 127.0.0.53:53 by default. +func (ci *CoreDNSInstaller) DisableResolvedStubListener() error { + // Check if systemd-resolved is running + if err := exec.Command("systemctl", "is-active", "--quiet", "systemd-resolved").Run(); err != nil { + return nil // Not running, nothing to do + } + + fmt.Fprintf(ci.logWriter, " Disabling systemd-resolved DNS stub listener (for CoreDNS)...\n") + + // Disable the stub listener + resolvedConf := "/etc/systemd/resolved.conf.d/no-stub.conf" + if err := os.MkdirAll("/etc/systemd/resolved.conf.d", 0755); err != nil { + return fmt.Errorf("failed to create resolved.conf.d: %w", err) + } + conf := "[Resolve]\nDNSStubListener=no\n" + if err := os.WriteFile(resolvedConf, []byte(conf), 0644); err != nil { + return fmt.Errorf("failed to write resolved config: %w", err) + } + + // Point resolv.conf to localhost (CoreDNS) and a fallback + resolvConf := "nameserver 127.0.0.1\nnameserver 8.8.8.8\n" + if err := os.Remove("/etc/resolv.conf"); err != nil && !os.IsNotExist(err) { + // It might be a symlink + fmt.Fprintf(ci.logWriter, " ⚠️ Could not remove /etc/resolv.conf: %v\n", err) + } + if err := os.WriteFile("/etc/resolv.conf", []byte(resolvConf), 0644); err != nil { + return fmt.Errorf("failed to write resolv.conf: %w", err) + } + + // Restart systemd-resolved + if output, err := exec.Command("systemctl", "restart", "systemd-resolved").CombinedOutput(); err != nil { + fmt.Fprintf(ci.logWriter, " ⚠️ Failed to restart systemd-resolved: %v (%s)\n", err, string(output)) + } + + fmt.Fprintf(ci.logWriter, " ✓ systemd-resolved stub listener disabled\n") + return nil +} + +func (ci *CoreDNSInstaller) Install() error { + if ci.IsInstalled() { + fmt.Fprintf(ci.logWriter, " ✓ CoreDNS with RQLite plugin already installed\n") + return nil + } + + fmt.Fprintf(ci.logWriter, " Building CoreDNS with RQLite plugin...\n") + + // Check if Go is available + if _, err := exec.LookPath("go"); err != nil { + return fmt.Errorf("go not found - required to build CoreDNS. Please install Go first") + } + + // Check if RQLite plugin source exists + if _, err := os.Stat(ci.rqlitePlugin); os.IsNotExist(err) { + return fmt.Errorf("RQLite plugin source not found at %s - ensure the repository is cloned", ci.rqlitePlugin) + } + + buildDir := "/tmp/coredns-build" + + // Clean up any previous build + os.RemoveAll(buildDir) + if err := os.MkdirAll(buildDir, 0755); err != nil { + return fmt.Errorf("failed to create build directory: %w", err) + } + defer os.RemoveAll(buildDir) + + // Clone CoreDNS + fmt.Fprintf(ci.logWriter, " Cloning CoreDNS v%s...\n", ci.version) + cmd := exec.Command("git", "clone", "--depth", "1", "--branch", "v"+ci.version, coreDNSRepo, buildDir) + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to clone CoreDNS: %w\n%s", err, string(output)) + } + + // Copy custom RQLite plugin + fmt.Fprintf(ci.logWriter, " Copying RQLite plugin...\n") + pluginDir := filepath.Join(buildDir, "plugin", "rqlite") + if err := os.MkdirAll(pluginDir, 0755); err != nil { + return fmt.Errorf("failed to create plugin directory: %w", err) + } + + // Copy all .go files from the RQLite plugin + files, err := os.ReadDir(ci.rqlitePlugin) + if err != nil { + return fmt.Errorf("failed to read plugin source: %w", err) + } + + for _, file := range files { + if file.IsDir() || filepath.Ext(file.Name()) != ".go" { + continue + } + srcPath := filepath.Join(ci.rqlitePlugin, file.Name()) + dstPath := filepath.Join(pluginDir, file.Name()) + + data, err := os.ReadFile(srcPath) + if err != nil { + return fmt.Errorf("failed to read %s: %w", file.Name(), err) + } + if err := os.WriteFile(dstPath, data, 0644); err != nil { + return fmt.Errorf("failed to write %s: %w", file.Name(), err) + } + } + + // Create plugin.cfg with our custom RQLite plugin + fmt.Fprintf(ci.logWriter, " Configuring plugins...\n") + pluginCfg := ci.generatePluginConfig() + pluginCfgPath := filepath.Join(buildDir, "plugin.cfg") + if err := os.WriteFile(pluginCfgPath, []byte(pluginCfg), 0644); err != nil { + return fmt.Errorf("failed to write plugin.cfg: %w", err) + } + + // Add dependencies + fmt.Fprintf(ci.logWriter, " Adding dependencies...\n") + goPath := os.Getenv("PATH") + ":/usr/local/go/bin" + + getCmd := exec.Command("go", "get", "github.com/miekg/dns@latest") + getCmd.Dir = buildDir + getCmd.Env = append(os.Environ(), "PATH="+goPath) + if output, err := getCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to get miekg/dns: %w\n%s", err, string(output)) + } + + getCmd = exec.Command("go", "get", "go.uber.org/zap@latest") + getCmd.Dir = buildDir + getCmd.Env = append(os.Environ(), "PATH="+goPath) + if output, err := getCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to get zap: %w\n%s", err, string(output)) + } + + tidyCmd := exec.Command("go", "mod", "tidy") + tidyCmd.Dir = buildDir + tidyCmd.Env = append(os.Environ(), "PATH="+goPath) + if output, err := tidyCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to run go mod tidy: %w\n%s", err, string(output)) + } + + // Generate plugin code + fmt.Fprintf(ci.logWriter, " Generating plugin code...\n") + genCmd := exec.Command("go", "generate") + genCmd.Dir = buildDir + genCmd.Env = append(os.Environ(), "PATH="+goPath) + if output, err := genCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to generate: %w\n%s", err, string(output)) + } + + // Build CoreDNS + fmt.Fprintf(ci.logWriter, " Building CoreDNS binary...\n") + buildCmd := exec.Command("go", "build", "-o", "coredns") + buildCmd.Dir = buildDir + buildCmd.Env = append(os.Environ(), "PATH="+goPath, "CGO_ENABLED=0") + if output, err := buildCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to build CoreDNS: %w\n%s", err, string(output)) + } + + // Verify the binary has rqlite plugin + verifyCmd := exec.Command(filepath.Join(buildDir, "coredns"), "-plugins") + output, err := verifyCmd.Output() + if err != nil { + return fmt.Errorf("failed to verify CoreDNS binary: %w", err) + } + if !containsLine(string(output), "rqlite") { + return fmt.Errorf("CoreDNS binary does not contain rqlite plugin") + } + + // Install the binary + fmt.Fprintf(ci.logWriter, " Installing CoreDNS binary...\n") + srcBinary := filepath.Join(buildDir, "coredns") + dstBinary := "/usr/local/bin/coredns" + + data, err := os.ReadFile(srcBinary) + if err != nil { + return fmt.Errorf("failed to read built binary: %w", err) + } + if err := os.WriteFile(dstBinary, data, 0755); err != nil { + return fmt.Errorf("failed to install binary: %w", err) + } + + fmt.Fprintf(ci.logWriter, " ✓ CoreDNS with RQLite plugin installed\n") + return nil +} + +// Configure creates CoreDNS configuration files and attempts to seed static DNS records +func (ci *CoreDNSInstaller) Configure(domain string, rqliteDSN string, ns1IP, ns2IP, ns3IP string) error { + configDir := "/etc/coredns" + if err := os.MkdirAll(configDir, 0755); err != nil { + return fmt.Errorf("failed to create config directory: %w", err) + } + + // Create Corefile (uses only RQLite plugin) + corefile := ci.generateCorefile(domain, rqliteDSN) + if err := os.WriteFile(filepath.Join(configDir, "Corefile"), []byte(corefile), 0644); err != nil { + return fmt.Errorf("failed to write Corefile: %w", err) + } + + // Attempt to seed static DNS records into RQLite + // This may fail if RQLite is not running yet - that's OK, SeedDNS can be called later + fmt.Fprintf(ci.logWriter, " Seeding static DNS records into RQLite...\n") + if err := ci.seedStaticRecords(domain, rqliteDSN, ns1IP, ns2IP, ns3IP); err != nil { + // Don't fail on seed errors - RQLite might not be up yet + fmt.Fprintf(ci.logWriter, " ⚠️ Could not seed DNS records (RQLite may not be ready): %v\n", err) + fmt.Fprintf(ci.logWriter, " DNS records will be seeded after services start\n") + } else { + fmt.Fprintf(ci.logWriter, " ✓ Static DNS records seeded\n") + } + + return nil +} + +// SeedDNS seeds static DNS records into RQLite. Call this after RQLite is running. +func (ci *CoreDNSInstaller) SeedDNS(domain string, rqliteDSN string, ns1IP, ns2IP, ns3IP string) error { + fmt.Fprintf(ci.logWriter, " Seeding static DNS records into RQLite...\n") + if err := ci.seedStaticRecords(domain, rqliteDSN, ns1IP, ns2IP, ns3IP); err != nil { + return err + } + fmt.Fprintf(ci.logWriter, " ✓ Static DNS records seeded\n") + return nil +} + +// generatePluginConfig creates the plugin.cfg for CoreDNS +func (ci *CoreDNSInstaller) generatePluginConfig() string { + return `# CoreDNS plugins with RQLite support for dynamic DNS records +metadata:metadata +cancel:cancel +tls:tls +reload:reload +nsid:nsid +bufsize:bufsize +root:root +bind:bind +debug:debug +trace:trace +ready:ready +health:health +pprof:pprof +prometheus:metrics +errors:errors +log:log +dnstap:dnstap +local:local +dns64:dns64 +acl:acl +any:any +chaos:chaos +loadbalance:loadbalance +cache:cache +rewrite:rewrite +header:header +dnssec:dnssec +autopath:autopath +minimal:minimal +template:template +transfer:transfer +hosts:hosts +file:file +auto:auto +secondary:secondary +loop:loop +forward:forward +grpc:grpc +erratic:erratic +whoami:whoami +on:github.com/coredns/caddy/onevent +sign:sign +view:view +rqlite:rqlite +` +} + +// generateCorefile creates the CoreDNS configuration (RQLite only) +func (ci *CoreDNSInstaller) generateCorefile(domain, rqliteDSN string) string { + return fmt.Sprintf(`# CoreDNS configuration for %s +# Uses RQLite for ALL DNS records (static + dynamic) +# Static records (SOA, NS, A) are seeded into RQLite during installation + +%s { + # RQLite handles all records: SOA, NS, A, TXT (ACME), etc. + rqlite { + dsn %s + refresh 5s + ttl 60 + cache_size 10000 + } + + # Enable logging and error reporting + log + errors + # NOTE: No cache here — the rqlite plugin has its own cache. + # CoreDNS cache would cache NXDOMAIN and break ACME DNS-01 challenges. +} + +# Forward all other queries to upstream DNS +. { + forward . 8.8.8.8 8.8.4.4 1.1.1.1 + cache 300 + errors +} +`, domain, domain, rqliteDSN) +} + +// seedStaticRecords inserts static zone records into RQLite (non-destructive) +// Each node only adds its own IP to the round-robin. SOA and NS records are upserted idempotently. +func (ci *CoreDNSInstaller) seedStaticRecords(domain, rqliteDSN, ns1IP, ns2IP, ns3IP string) error { + // Generate serial based on current date + serial := fmt.Sprintf("%d", time.Now().Unix()) + + // SOA record format: "mname rname serial refresh retry expire minimum" + soaValue := fmt.Sprintf("ns1.%s. admin.%s. %s 3600 1800 604800 300", domain, domain, serial) + + var statements []string + + // SOA record — delete old and insert new (serial changes each time, so value differs) + statements = append(statements, fmt.Sprintf( + `DELETE FROM dns_records WHERE fqdn = '%s.' AND record_type = 'SOA' AND namespace = 'system'`, + domain, + )) + statements = append(statements, fmt.Sprintf( + `INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at) VALUES ('%s.', 'SOA', '%s', 300, 'system', 'system', TRUE, datetime('now'), datetime('now'))`, + domain, soaValue, + )) + + // NS records — idempotent insert + for i := 1; i <= 3; i++ { + statements = append(statements, fmt.Sprintf( + `INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at) VALUES ('%s.', 'NS', 'ns%d.%s.', 300, 'system', 'system', TRUE, datetime('now'), datetime('now')) ON CONFLICT(fqdn, record_type, value) DO NOTHING`, + domain, i, domain, + )) + } + + // NOTE: Nameserver glue A records (ns1/ns2/ns3) are NOT seeded here. + // They are managed by each node's claimNameserverSlot() on the heartbeat loop, + // which correctly maps each NS hostname to exactly one node's IP. + + // Round-robin A records — each unique IP is added once (no duplicates due to UNIQUE constraint) + uniqueIPs := make(map[string]bool) + for _, ip := range []string{ns1IP, ns2IP, ns3IP} { + if !uniqueIPs[ip] { + uniqueIPs[ip] = true + // Root domain A record + statements = append(statements, fmt.Sprintf( + `INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at) VALUES ('%s.', 'A', '%s', 300, 'system', 'system', TRUE, datetime('now'), datetime('now')) ON CONFLICT(fqdn, record_type, value) DO NOTHING`, + domain, ip, + )) + // Wildcard A record + statements = append(statements, fmt.Sprintf( + `INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at) VALUES ('*.%s.', 'A', '%s', 300, 'system', 'system', TRUE, datetime('now'), datetime('now')) ON CONFLICT(fqdn, record_type, value) DO NOTHING`, + domain, ip, + )) + } + } + + // Execute via RQLite HTTP API + return ci.executeRQLiteStatements(rqliteDSN, statements) +} + + +// rqliteResult represents the response from RQLite execute endpoint +type rqliteResult struct { + Results []struct { + Error string `json:"error,omitempty"` + RowsAffected int `json:"rows_affected,omitempty"` + LastInsertID int `json:"last_insert_id,omitempty"` + } `json:"results"` +} + +// executeRQLiteStatements executes SQL statements via RQLite HTTP API +func (ci *CoreDNSInstaller) executeRQLiteStatements(rqliteDSN string, statements []string) error { + // RQLite execute endpoint + executeURL := rqliteDSN + "/db/execute?pretty&timings" + + // Build request body + body, err := json.Marshal(statements) + if err != nil { + return fmt.Errorf("failed to marshal statements: %w", err) + } + + // Log what we're sending for debugging + fmt.Fprintf(ci.logWriter, " Executing %d SQL statements...\n", len(statements)) + + // Create request + req, err := http.NewRequest("POST", executeURL, bytes.NewReader(body)) + if err != nil { + return fmt.Errorf("failed to create request: %w", err) + } + req.Header.Set("Content-Type", "application/json") + + // Execute with timeout + client := &http.Client{Timeout: 10 * time.Second} + resp, err := client.Do(req) + if err != nil { + return fmt.Errorf("failed to execute request: %w", err) + } + defer resp.Body.Close() + + // Read response body + respBody, err := io.ReadAll(resp.Body) + if err != nil { + return fmt.Errorf("failed to read response: %w", err) + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("RQLite returned status %d: %s", resp.StatusCode, string(respBody)) + } + + // Parse response to check for SQL errors + var result rqliteResult + if err := json.Unmarshal(respBody, &result); err != nil { + return fmt.Errorf("failed to parse RQLite response: %w (body: %s)", err, string(respBody)) + } + + // Check each result for errors + var errors []string + successCount := 0 + for i, r := range result.Results { + if r.Error != "" { + errors = append(errors, fmt.Sprintf("statement %d: %s", i+1, r.Error)) + } else { + successCount++ + } + } + + if len(errors) > 0 { + fmt.Fprintf(ci.logWriter, " ⚠️ %d/%d statements succeeded, %d failed\n", successCount, len(statements), len(errors)) + return fmt.Errorf("SQL errors: %v", errors) + } + + fmt.Fprintf(ci.logWriter, " ✓ All %d statements executed successfully\n", successCount) + return nil +} + +// containsLine checks if a string contains a specific line +func containsLine(text, line string) bool { + for _, l := range splitLines(text) { + if l == line || l == "dns."+line { + return true + } + } + return false +} + +// splitLines splits a string into lines +func splitLines(text string) []string { + var lines []string + var current string + for _, c := range text { + if c == '\n' { + lines = append(lines, current) + current = "" + } else { + current += string(c) + } + } + if current != "" { + lines = append(lines, current) + } + return lines +} diff --git a/pkg/environments/production/installers/gateway.go b/pkg/environments/production/installers/gateway.go index d5f57e8..6322d9b 100644 --- a/pkg/environments/production/installers/gateway.go +++ b/pkg/environments/production/installers/gateway.go @@ -39,7 +39,77 @@ func (gi *GatewayInstaller) Configure() error { return nil } -// InstallDeBrosBinaries clones and builds DeBros binaries +// downloadSourceZIP downloads source code as ZIP from GitHub +// This is simpler and more reliable than git clone with shallow clones +func (gi *GatewayInstaller) downloadSourceZIP(branch string, srcDir string) error { + // GitHub archive URL format + zipURL := fmt.Sprintf("https://github.com/DeBrosOfficial/network/archive/refs/heads/%s.zip", branch) + zipPath := "/tmp/network-source.zip" + extractDir := "/tmp/network-extract" + + // Clean up any previous download artifacts + os.RemoveAll(zipPath) + os.RemoveAll(extractDir) + + // Download ZIP + fmt.Fprintf(gi.logWriter, " Downloading source (branch: %s)...\n", branch) + if err := DownloadFile(zipURL, zipPath); err != nil { + return fmt.Errorf("failed to download source from %s: %w", zipURL, err) + } + + // Create extraction directory + if err := os.MkdirAll(extractDir, 0755); err != nil { + return fmt.Errorf("failed to create extraction directory: %w", err) + } + + // Extract ZIP + fmt.Fprintf(gi.logWriter, " Extracting source...\n") + extractCmd := exec.Command("unzip", "-q", "-o", zipPath, "-d", extractDir) + if output, err := extractCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to extract source: %w\n%s", err, string(output)) + } + + // GitHub extracts to network-{branch}/ directory + extractedDir := filepath.Join(extractDir, fmt.Sprintf("network-%s", branch)) + + // Verify extracted directory exists + if _, err := os.Stat(extractedDir); os.IsNotExist(err) { + // Try alternative naming (GitHub may sanitize branch names) + entries, _ := os.ReadDir(extractDir) + if len(entries) == 1 && entries[0].IsDir() { + extractedDir = filepath.Join(extractDir, entries[0].Name()) + } else { + return fmt.Errorf("extracted directory not found at %s", extractedDir) + } + } + + // Remove existing source directory + os.RemoveAll(srcDir) + + // Move extracted content to source directory + if err := os.Rename(extractedDir, srcDir); err != nil { + // Cross-filesystem fallback: copy instead of rename + fmt.Fprintf(gi.logWriter, " Moving source (cross-filesystem copy)...\n") + copyCmd := exec.Command("cp", "-r", extractedDir, srcDir) + if output, err := copyCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to move source: %w\n%s", err, string(output)) + } + } + + // Cleanup temp files + os.RemoveAll(zipPath) + os.RemoveAll(extractDir) + + // Fix ownership + if err := exec.Command("chown", "-R", "debros:debros", srcDir).Run(); err != nil { + fmt.Fprintf(gi.logWriter, " ⚠️ Warning: failed to chown source directory: %v\n", err) + } + + fmt.Fprintf(gi.logWriter, " ✓ Source downloaded\n") + return nil +} + +// InstallDeBrosBinaries downloads and builds DeBros binaries func (gi *GatewayInstaller) InstallDeBrosBinaries(branch string, oramaHome string, skipRepoUpdate bool) error { fmt.Fprintf(gi.logWriter, " Building DeBros binaries...\n") @@ -54,45 +124,23 @@ func (gi *GatewayInstaller) InstallDeBrosBinaries(branch string, oramaHome strin return fmt.Errorf("failed to create bin directory %s: %w", binDir, err) } - // Check if source directory has content (either git repo or pre-existing source) + // Check if source directory has content hasSourceContent := false if entries, err := os.ReadDir(srcDir); err == nil && len(entries) > 0 { hasSourceContent = true } - // Check if git repository is already initialized - isGitRepo := false - if _, err := os.Stat(filepath.Join(srcDir, ".git")); err == nil { - isGitRepo = true - } - - // Handle repository update/clone based on skipRepoUpdate flag + // Handle repository update/download based on skipRepoUpdate flag if skipRepoUpdate { - fmt.Fprintf(gi.logWriter, " Skipping repo clone/pull (--no-pull flag)\n") + fmt.Fprintf(gi.logWriter, " Skipping source download (--no-pull flag)\n") if !hasSourceContent { - return fmt.Errorf("cannot skip pull: source directory is empty at %s (need to populate it first)", srcDir) + return fmt.Errorf("cannot skip download: source directory is empty at %s (need to populate it first)", srcDir) } - fmt.Fprintf(gi.logWriter, " Using existing source at %s (skipping git operations)\n", srcDir) - // Skip to build step - don't execute any git commands + fmt.Fprintf(gi.logWriter, " Using existing source at %s\n", srcDir) } else { - // Clone repository if not present, otherwise update it - if !isGitRepo { - fmt.Fprintf(gi.logWriter, " Cloning repository...\n") - cmd := exec.Command("git", "clone", "--branch", branch, "--depth", "1", "https://github.com/DeBrosOfficial/network.git", srcDir) - if err := cmd.Run(); err != nil { - return fmt.Errorf("failed to clone repository: %w", err) - } - } else { - fmt.Fprintf(gi.logWriter, " Updating repository to latest changes...\n") - if output, err := exec.Command("git", "-C", srcDir, "fetch", "origin", branch).CombinedOutput(); err != nil { - return fmt.Errorf("failed to fetch repository updates: %v\n%s", err, string(output)) - } - if output, err := exec.Command("git", "-C", srcDir, "reset", "--hard", "origin/"+branch).CombinedOutput(); err != nil { - return fmt.Errorf("failed to reset repository: %v\n%s", err, string(output)) - } - if output, err := exec.Command("git", "-C", srcDir, "clean", "-fd").CombinedOutput(); err != nil { - return fmt.Errorf("failed to clean repository: %v\n%s", err, string(output)) - } + // Download source as ZIP from GitHub (simpler than git, no shallow clone issues) + if err := gi.downloadSourceZIP(branch, srcDir); err != nil { + return err } } @@ -123,7 +171,11 @@ func (gi *GatewayInstaller) InstallDeBrosBinaries(branch string, oramaHome strin return fmt.Errorf("source bin directory is empty - build may have failed") } - // Copy each binary individually to avoid wildcard expansion issues + // Copy each binary individually to avoid wildcard expansion issues. + // We remove the destination first to avoid "text file busy" errors when + // overwriting a binary that is currently executing (e.g., the orama CLI + // running this upgrade). On Linux, removing a running binary is safe — + // the kernel keeps the inode alive until the process exits. for _, entry := range entries { if entry.IsDir() { continue @@ -137,6 +189,9 @@ func (gi *GatewayInstaller) InstallDeBrosBinaries(branch string, oramaHome strin return fmt.Errorf("failed to read binary %s: %w", entry.Name(), err) } + // Remove existing binary first to avoid "text file busy" on running executables + _ = os.Remove(dstPath) + // Write destination file if err := os.WriteFile(dstPath, data, 0755); err != nil { return fmt.Errorf("failed to write binary %s: %w", entry.Name(), err) @@ -167,14 +222,21 @@ func (gi *GatewayInstaller) InstallDeBrosBinaries(branch string, oramaHome strin // InstallGo downloads and installs Go toolchain func (gi *GatewayInstaller) InstallGo() error { - if _, err := exec.LookPath("go"); err == nil { - fmt.Fprintf(gi.logWriter, " ✓ Go already installed\n") - return nil + requiredVersion := "1.22.5" + if goPath, err := exec.LookPath("go"); err == nil { + // Check version - upgrade if too old + out, _ := exec.Command(goPath, "version").Output() + if strings.Contains(string(out), "go"+requiredVersion) || strings.Contains(string(out), "go1.23") || strings.Contains(string(out), "go1.24") { + fmt.Fprintf(gi.logWriter, " ✓ Go already installed (%s)\n", strings.TrimSpace(string(out))) + return nil + } + fmt.Fprintf(gi.logWriter, " Upgrading Go (current: %s, need >= %s)...\n", strings.TrimSpace(string(out)), requiredVersion) + os.RemoveAll("/usr/local/go") + } else { + fmt.Fprintf(gi.logWriter, " Installing Go...\n") } - fmt.Fprintf(gi.logWriter, " Installing Go...\n") - - goTarball := fmt.Sprintf("go1.22.5.linux-%s.tar.gz", gi.arch) + goTarball := fmt.Sprintf("go%s.linux-%s.tar.gz", requiredVersion, gi.arch) goURL := fmt.Sprintf("https://go.dev/dl/%s", goTarball) // Download @@ -210,8 +272,8 @@ func (gi *GatewayInstaller) InstallSystemDependencies() error { fmt.Fprintf(gi.logWriter, " Warning: apt update failed\n") } - // Install dependencies including Node.js for anyone-client - cmd = exec.Command("apt-get", "install", "-y", "curl", "git", "make", "build-essential", "wget", "nodejs", "npm") + // Install dependencies including Node.js for anyone-client and unzip for source downloads + cmd = exec.Command("apt-get", "install", "-y", "curl", "make", "build-essential", "wget", "unzip", "nodejs", "npm") if err := cmd.Run(); err != nil { return fmt.Errorf("failed to install dependencies: %w", err) } diff --git a/pkg/environments/production/installers/ipfs.go b/pkg/environments/production/installers/ipfs.go index e2435d4..d8fa906 100644 --- a/pkg/environments/production/installers/ipfs.go +++ b/pkg/environments/production/installers/ipfs.go @@ -123,7 +123,7 @@ func (ii *IPFSInstaller) Configure() error { // InitializeRepo initializes an IPFS repository for a node (unified - no bootstrap/node distinction) // If ipfsPeer is provided, configures Peering.Peers for peer discovery in private networks -func (ii *IPFSInstaller) InitializeRepo(ipfsRepoPath string, swarmKeyPath string, apiPort, gatewayPort, swarmPort int, ipfsPeer *IPFSPeerInfo) error { +func (ii *IPFSInstaller) InitializeRepo(ipfsRepoPath string, swarmKeyPath string, apiPort, gatewayPort, swarmPort int, bindIP string, ipfsPeer *IPFSPeerInfo) error { configPath := filepath.Join(ipfsRepoPath, "config") repoExists := false if _, err := os.Stat(configPath); err == nil { @@ -164,7 +164,7 @@ func (ii *IPFSInstaller) InitializeRepo(ipfsRepoPath string, swarmKeyPath string // Configure IPFS addresses (API, Gateway, Swarm) by modifying the config file directly // This ensures the ports are set correctly and avoids conflicts with RQLite on port 5001 fmt.Fprintf(ii.logWriter, " Configuring IPFS addresses (API: %d, Gateway: %d, Swarm: %d)...\n", apiPort, gatewayPort, swarmPort) - if err := ii.configureAddresses(ipfsRepoPath, apiPort, gatewayPort, swarmPort); err != nil { + if err := ii.configureAddresses(ipfsRepoPath, apiPort, gatewayPort, swarmPort, bindIP); err != nil { return fmt.Errorf("failed to configure IPFS addresses: %w", err) } @@ -223,7 +223,7 @@ func (ii *IPFSInstaller) InitializeRepo(ipfsRepoPath string, swarmKeyPath string } // configureAddresses configures the IPFS API, Gateway, and Swarm addresses in the config file -func (ii *IPFSInstaller) configureAddresses(ipfsRepoPath string, apiPort, gatewayPort, swarmPort int) error { +func (ii *IPFSInstaller) configureAddresses(ipfsRepoPath string, apiPort, gatewayPort, swarmPort int, bindIP string) error { configPath := filepath.Join(ipfsRepoPath, "config") // Read existing config @@ -246,7 +246,7 @@ func (ii *IPFSInstaller) configureAddresses(ipfsRepoPath string, apiPort, gatewa // Update specific address fields while preserving others // Bind API and Gateway to localhost only for security - // Swarm binds to all interfaces for peer connections + // Swarm binds to the WireGuard IP so it's only reachable over the VPN addresses["API"] = []string{ fmt.Sprintf("/ip4/127.0.0.1/tcp/%d", apiPort), } @@ -254,12 +254,42 @@ func (ii *IPFSInstaller) configureAddresses(ipfsRepoPath string, apiPort, gatewa fmt.Sprintf("/ip4/127.0.0.1/tcp/%d", gatewayPort), } addresses["Swarm"] = []string{ - fmt.Sprintf("/ip4/0.0.0.0/tcp/%d", swarmPort), - fmt.Sprintf("/ip6/::/tcp/%d", swarmPort), + fmt.Sprintf("/ip4/%s/tcp/%d", bindIP, swarmPort), } + // Clear NoAnnounce — the server profile blocks private IPs (10.0.0.0/8, etc.) + // which prevents nodes from advertising their WireGuard swarm addresses via DHT + addresses["NoAnnounce"] = []string{} config["Addresses"] = addresses + // Clear Swarm.AddrFilters — the server profile blocks private IPs (10.0.0.0/8, 172.16.0.0/12, etc.) + // which prevents IPFS from connecting over our WireGuard mesh (10.0.0.x) + swarm, ok := config["Swarm"].(map[string]interface{}) + if !ok { + swarm = make(map[string]interface{}) + } + swarm["AddrFilters"] = []interface{}{} + // Disable Websocket transport (not supported in private networks) + transports, _ := swarm["Transports"].(map[string]interface{}) + if transports == nil { + transports = make(map[string]interface{}) + } + network, _ := transports["Network"].(map[string]interface{}) + if network == nil { + network = make(map[string]interface{}) + } + network["Websocket"] = false + transports["Network"] = network + swarm["Transports"] = transports + config["Swarm"] = swarm + + // Disable AutoTLS (incompatible with private networks) + autoTLS := map[string]interface{}{"Enabled": false} + config["AutoTLS"] = autoTLS + + // Use DHT routing (Routing.Type=auto is incompatible with private networks) + config["Routing"] = map[string]interface{}{"Type": "dht"} + // Write config back updatedData, err := json.MarshalIndent(config, "", " ") if err != nil { diff --git a/pkg/environments/production/installers/ipfs_cluster.go b/pkg/environments/production/installers/ipfs_cluster.go index 1a2661b..fc7d381 100644 --- a/pkg/environments/production/installers/ipfs_cluster.go +++ b/pkg/environments/production/installers/ipfs_cluster.go @@ -61,7 +61,7 @@ func (ici *IPFSClusterInstaller) Configure() error { // InitializeConfig initializes IPFS Cluster configuration (unified - no bootstrap/node distinction) // This runs `ipfs-cluster-service init` to create the service.json configuration file. // For existing installations, it ensures the cluster secret is up to date. -// clusterPeers should be in format: ["/ip4//tcp/9098/p2p/"] +// clusterPeers should be in format: ["/ip4//tcp/9100/p2p/"] func (ici *IPFSClusterInstaller) InitializeConfig(clusterPath, clusterSecret string, ipfsAPIPort int, clusterPeers []string) error { serviceJSONPath := filepath.Join(clusterPath, "service.json") configExists := false @@ -146,18 +146,22 @@ func (ici *IPFSClusterInstaller) updateConfig(clusterPath, secret string, ipfsAP // Update cluster secret, listen_multiaddress, and peer addresses if cluster, ok := config["cluster"].(map[string]interface{}); ok { cluster["secret"] = secret - // Set consistent listen_multiaddress - port 9098 for cluster LibP2P communication + // Set consistent listen_multiaddress - port 9100 for cluster LibP2P communication // This MUST match the port used in GetClusterPeerMultiaddr() and peer_addresses - cluster["listen_multiaddress"] = []interface{}{"/ip4/0.0.0.0/tcp/9098"} + cluster["listen_multiaddress"] = []interface{}{"/ip4/0.0.0.0/tcp/9100"} // Configure peer addresses for cluster discovery // This allows nodes to find and connect to each other + // Merge new peers with existing peers (preserves manually configured peers) if len(bootstrapClusterPeers) > 0 { - cluster["peer_addresses"] = bootstrapClusterPeers + existingPeers := ici.extractExistingPeers(cluster) + mergedPeers := ici.mergePeerAddresses(existingPeers, bootstrapClusterPeers) + cluster["peer_addresses"] = mergedPeers } + // If no new peers provided, preserve existing peer_addresses (don't overwrite) } else { clusterConfig := map[string]interface{}{ "secret": secret, - "listen_multiaddress": []interface{}{"/ip4/0.0.0.0/tcp/9098"}, + "listen_multiaddress": []interface{}{"/ip4/0.0.0.0/tcp/9100"}, } if len(bootstrapClusterPeers) > 0 { clusterConfig["peer_addresses"] = bootstrapClusterPeers @@ -193,6 +197,43 @@ func (ici *IPFSClusterInstaller) updateConfig(clusterPath, secret string, ipfsAP return nil } +// extractExistingPeers extracts existing peer addresses from cluster config +func (ici *IPFSClusterInstaller) extractExistingPeers(cluster map[string]interface{}) []string { + var peers []string + if peerAddrs, ok := cluster["peer_addresses"].([]interface{}); ok { + for _, addr := range peerAddrs { + if addrStr, ok := addr.(string); ok && addrStr != "" { + peers = append(peers, addrStr) + } + } + } + return peers +} + +// mergePeerAddresses merges existing and new peer addresses, removing duplicates +func (ici *IPFSClusterInstaller) mergePeerAddresses(existing, new []string) []string { + seen := make(map[string]bool) + var merged []string + + // Add existing peers first + for _, peer := range existing { + if !seen[peer] { + seen[peer] = true + merged = append(merged, peer) + } + } + + // Add new peers (if not already present) + for _, peer := range new { + if !seen[peer] { + seen[peer] = true + merged = append(merged, peer) + } + } + + return merged +} + // verifySecret verifies that the secret in service.json matches the expected value func (ici *IPFSClusterInstaller) verifySecret(clusterPath, expectedSecret string) error { serviceJSONPath := filepath.Join(clusterPath, "service.json") @@ -221,7 +262,7 @@ func (ici *IPFSClusterInstaller) verifySecret(clusterPath, expectedSecret string } // GetClusterPeerMultiaddr reads the IPFS Cluster peer ID and returns its multiaddress -// Returns format: /ip4//tcp/9098/p2p/ +// Returns format: /ip4//tcp/9100/p2p/ func (ici *IPFSClusterInstaller) GetClusterPeerMultiaddr(clusterPath string, nodeIP string) (string, error) { identityPath := filepath.Join(clusterPath, "identity.json") @@ -243,9 +284,9 @@ func (ici *IPFSClusterInstaller) GetClusterPeerMultiaddr(clusterPath string, nod return "", fmt.Errorf("peer ID not found in identity.json") } - // Construct multiaddress: /ip4//tcp/9098/p2p/ - // Port 9098 is the default cluster listen port - multiaddr := fmt.Sprintf("/ip4/%s/tcp/9098/p2p/%s", nodeIP, peerID) + // Construct multiaddress: /ip4//tcp/9100/p2p/ + // Port 9100 is the cluster listen port for libp2p communication + multiaddr := fmt.Sprintf("/ip4/%s/tcp/9100/p2p/%s", nodeIP, peerID) return multiaddr, nil } diff --git a/pkg/environments/production/orchestrator.go b/pkg/environments/production/orchestrator.go index f7f5554..cb84608 100644 --- a/pkg/environments/production/orchestrator.go +++ b/pkg/environments/production/orchestrator.go @@ -8,8 +8,22 @@ import ( "path/filepath" "strings" "time" + + "github.com/DeBrosOfficial/network/pkg/environments/production/installers" ) +// AnyoneRelayConfig holds configuration for Anyone relay mode +type AnyoneRelayConfig struct { + Enabled bool // Whether to run as relay operator + Exit bool // Whether to run as exit relay + Migrate bool // Whether to migrate existing installation + Nickname string // Relay nickname (1-19 alphanumeric) + Contact string // Contact info (email or @telegram) + Wallet string // Ethereum wallet for rewards + ORPort int // ORPort for relay (default 9001) + MyFamily string // Comma-separated fingerprints of other relays (for multi-relay operators) +} + // ProductionSetup orchestrates the entire production deployment type ProductionSetup struct { osInfo *OSInfo @@ -20,6 +34,8 @@ type ProductionSetup struct { forceReconfigure bool skipOptionalDeps bool skipResourceChecks bool + isNameserver bool // Whether this node is a nameserver (runs CoreDNS + Caddy) + anyoneRelayConfig *AnyoneRelayConfig // Configuration for Anyone relay mode privChecker *PrivilegeChecker osDetector *OSDetector archDetector *ArchitectureDetector @@ -35,6 +51,7 @@ type ProductionSetup struct { binaryInstaller *BinaryInstaller branch string skipRepoUpdate bool + skipBuild bool // Skip all Go compilation (use pre-built binaries) NodePeerID string // Captured during Phase3 for later display } @@ -66,7 +83,7 @@ func SaveBranchPreference(oramaDir, branch string) error { } // NewProductionSetup creates a new production setup orchestrator -func NewProductionSetup(oramaHome string, logWriter io.Writer, forceReconfigure bool, branch string, skipRepoUpdate bool, skipResourceChecks bool) *ProductionSetup { +func NewProductionSetup(oramaHome string, logWriter io.Writer, forceReconfigure bool, branch string, skipRepoUpdate bool, skipResourceChecks bool, skipBuild bool) *ProductionSetup { oramaDir := filepath.Join(oramaHome, ".orama") arch, _ := (&ArchitectureDetector{}).Detect() @@ -83,6 +100,7 @@ func NewProductionSetup(oramaHome string, logWriter io.Writer, forceReconfigure arch: arch, branch: branch, skipRepoUpdate: skipRepoUpdate, + skipBuild: skipBuild, skipResourceChecks: skipResourceChecks, privChecker: &PrivilegeChecker{}, osDetector: &OSDetector{}, @@ -112,6 +130,26 @@ func (ps *ProductionSetup) IsUpdate() bool { return ps.stateDetector.IsConfigured() || ps.stateDetector.HasIPFSData() } +// SetNameserver sets whether this node is a nameserver (runs CoreDNS + Caddy) +func (ps *ProductionSetup) SetNameserver(isNameserver bool) { + ps.isNameserver = isNameserver +} + +// IsNameserver returns whether this node is configured as a nameserver +func (ps *ProductionSetup) IsNameserver() bool { + return ps.isNameserver +} + +// SetAnyoneRelayConfig sets the Anyone relay configuration +func (ps *ProductionSetup) SetAnyoneRelayConfig(config *AnyoneRelayConfig) { + ps.anyoneRelayConfig = config +} + +// IsAnyoneRelay returns whether this node is configured as an Anyone relay operator +func (ps *ProductionSetup) IsAnyoneRelay() bool { + return ps.anyoneRelayConfig != nil && ps.anyoneRelayConfig.Enabled +} + // Phase1CheckPrerequisites performs initial environment validation func (ps *ProductionSetup) Phase1CheckPrerequisites() error { ps.logf("Phase 1: Checking prerequisites...") @@ -211,6 +249,27 @@ func (ps *ProductionSetup) Phase2ProvisionEnvironment() error { } } + // Set up deployment sudoers (allows debros user to manage orama-deploy-* services) + if err := ps.userProvisioner.SetupDeploymentSudoers(); err != nil { + ps.logf(" ⚠️ Failed to setup deployment sudoers: %v", err) + } else { + ps.logf(" ✓ Deployment sudoers configured") + } + + // Set up namespace sudoers (allows debros user to manage debros-namespace-* services) + if err := ps.userProvisioner.SetupNamespaceSudoers(); err != nil { + ps.logf(" ⚠️ Failed to setup namespace sudoers: %v", err) + } else { + ps.logf(" ✓ Namespace sudoers configured") + } + + // Set up WireGuard sudoers (allows debros user to manage WG peers) + if err := ps.userProvisioner.SetupWireGuardSudoers(); err != nil { + ps.logf(" ⚠️ Failed to setup wireguard sudoers: %v", err) + } else { + ps.logf(" ✓ WireGuard sudoers configured") + } + // Create directory structure (unified structure) if err := ps.fsProvisioner.EnsureDirectoryStructure(); err != nil { return fmt.Errorf("failed to create directory structure: %w", err) @@ -230,17 +289,94 @@ func (ps *ProductionSetup) Phase2ProvisionEnvironment() error { func (ps *ProductionSetup) Phase2bInstallBinaries() error { ps.logf("Phase 2b: Installing binaries...") - // Install system dependencies + // Install system dependencies (always needed for runtime libs) if err := ps.binaryInstaller.InstallSystemDependencies(); err != nil { ps.logf(" ⚠️ System dependencies warning: %v", err) } - // Install Go if not present - if err := ps.binaryInstaller.InstallGo(); err != nil { - return fmt.Errorf("failed to install Go: %w", err) + if ps.skipBuild { + // --pre-built mode: skip all Go compilation, verify binaries exist + ps.logf(" ℹ️ --pre-built mode: skipping Go installation and all compilation") + + // Verify required DeBros binaries exist + binDir := filepath.Join(ps.oramaHome, "bin") + requiredBins := []string{"orama-node", "gateway", "orama", "identity"} + for _, bin := range requiredBins { + binPath := filepath.Join(binDir, bin) + if _, err := os.Stat(binPath); os.IsNotExist(err) { + return fmt.Errorf("--pre-built: required binary not found at %s (run 'make build-linux' locally and copy to VPS)", binPath) + } + ps.logf(" ✓ Found %s", binPath) + } + + // Grant CAP_NET_BIND_SERVICE to orama-node + nodeBinary := filepath.Join(binDir, "orama-node") + if err := exec.Command("setcap", "cap_net_bind_service=+ep", nodeBinary).Run(); err != nil { + ps.logf(" ⚠️ Warning: failed to setcap on orama-node: %v", err) + } + + // Verify Olric + if _, err := exec.LookPath("olric-server"); err != nil { + // Check if it's in the bin dir + olricPath := filepath.Join(binDir, "olric-server") + if _, err := os.Stat(olricPath); os.IsNotExist(err) { + return fmt.Errorf("--pre-built: olric-server not found in PATH or %s", binDir) + } + // Copy to /usr/local/bin + if data, err := os.ReadFile(olricPath); err == nil { + os.WriteFile("/usr/local/bin/olric-server", data, 0755) + } + ps.logf(" ✓ Found %s", olricPath) + } else { + ps.logf(" ✓ olric-server already in PATH") + } + + // Verify CoreDNS and Caddy if nameserver + if ps.isNameserver { + if _, err := os.Stat("/usr/local/bin/coredns"); os.IsNotExist(err) { + return fmt.Errorf("--pre-built: coredns not found at /usr/local/bin/coredns") + } + ps.logf(" ✓ Found /usr/local/bin/coredns") + + if _, err := os.Stat("/usr/bin/caddy"); os.IsNotExist(err) { + return fmt.Errorf("--pre-built: caddy not found at /usr/bin/caddy") + } + ps.logf(" ✓ Found /usr/bin/caddy") + + // Grant CAP_NET_BIND_SERVICE to caddy + if err := exec.Command("setcap", "cap_net_bind_service=+ep", "/usr/bin/caddy").Run(); err != nil { + ps.logf(" ⚠️ Warning: failed to setcap on caddy: %v", err) + } + } + } else { + // Normal mode: install Go and build everything + if err := ps.binaryInstaller.InstallGo(); err != nil { + return fmt.Errorf("failed to install Go: %w", err) + } + + if err := ps.binaryInstaller.InstallOlric(); err != nil { + ps.logf(" ⚠️ Olric install warning: %v", err) + } + + // Install DeBros binaries (must be done before CoreDNS since we need the RQLite plugin source) + if err := ps.binaryInstaller.InstallDeBrosBinaries(ps.branch, ps.oramaHome, ps.skipRepoUpdate); err != nil { + return fmt.Errorf("failed to install DeBros binaries: %w", err) + } + + // Install CoreDNS only for nameserver nodes + if ps.isNameserver { + if err := ps.binaryInstaller.InstallCoreDNS(); err != nil { + ps.logf(" ⚠️ CoreDNS install warning: %v", err) + } + } + + // Install Caddy on ALL nodes (any node may host namespaces and need TLS) + if err := ps.binaryInstaller.InstallCaddy(); err != nil { + ps.logf(" ⚠️ Caddy install warning: %v", err) + } } - // Install binaries + // These are pre-built binary downloads (not Go compilation), always run them if err := ps.binaryInstaller.InstallRQLite(); err != nil { ps.logf(" ⚠️ RQLite install warning: %v", err) } @@ -253,18 +389,42 @@ func (ps *ProductionSetup) Phase2bInstallBinaries() error { ps.logf(" ⚠️ IPFS Cluster install warning: %v", err) } - if err := ps.binaryInstaller.InstallOlric(); err != nil { - ps.logf(" ⚠️ Olric install warning: %v", err) - } + // Install Anyone (client or relay based on configuration) — apt-based, not Go + if ps.IsAnyoneRelay() { + ps.logf(" Installing Anyone relay (operator mode)...") + relayConfig := installers.AnyoneRelayConfig{ + Nickname: ps.anyoneRelayConfig.Nickname, + Contact: ps.anyoneRelayConfig.Contact, + Wallet: ps.anyoneRelayConfig.Wallet, + ORPort: ps.anyoneRelayConfig.ORPort, + ExitRelay: ps.anyoneRelayConfig.Exit, + Migrate: ps.anyoneRelayConfig.Migrate, + MyFamily: ps.anyoneRelayConfig.MyFamily, + } + relayInstaller := installers.NewAnyoneRelayInstaller(ps.arch, ps.logWriter, relayConfig) - // Install anyone-client for SOCKS5 proxy - if err := ps.binaryInstaller.InstallAnyoneClient(); err != nil { - ps.logf(" ⚠️ anyone-client install warning: %v", err) - } + // Check for existing installation if migration is requested + if relayConfig.Migrate { + existing, err := installers.DetectExistingAnyoneInstallation() + if err != nil { + ps.logf(" ⚠️ Failed to detect existing installation: %v", err) + } else if existing != nil { + backupDir := filepath.Join(ps.oramaDir, "backups") + if err := relayInstaller.MigrateExistingInstallation(existing, backupDir); err != nil { + ps.logf(" ⚠️ Migration warning: %v", err) + } + } + } - // Install DeBros binaries - if err := ps.binaryInstaller.InstallDeBrosBinaries(ps.branch, ps.oramaHome, ps.skipRepoUpdate); err != nil { - return fmt.Errorf("failed to install DeBros binaries: %w", err) + // Install the relay + if err := relayInstaller.Install(); err != nil { + ps.logf(" ⚠️ Anyone relay install warning: %v", err) + } + + // Configure the relay + if err := relayInstaller.Configure(); err != nil { + ps.logf(" ⚠️ Anyone relay config warning: %v", err) + } } ps.logf(" ✓ All binaries installed") @@ -288,7 +448,7 @@ func (ps *ProductionSetup) Phase2cInitializeServices(peerAddresses []string, vps // Initialize IPFS repo with correct path structure // Use port 4501 for API (to avoid conflict with RQLite on 5001), 8080 for gateway (standard), 4101 for swarm (to avoid conflict with LibP2P on 4001) ipfsRepoPath := filepath.Join(dataDir, "ipfs", "repo") - if err := ps.binaryInstaller.InitializeIPFSRepo(ipfsRepoPath, filepath.Join(ps.oramaDir, "secrets", "swarm.key"), 4501, 8080, 4101, ipfsPeer); err != nil { + if err := ps.binaryInstaller.InitializeIPFSRepo(ipfsRepoPath, filepath.Join(ps.oramaDir, "secrets", "swarm.key"), 4501, 8080, 4101, vpsIP, ipfsPeer); err != nil { return fmt.Errorf("failed to initialize IPFS repo: %w", err) } @@ -303,12 +463,12 @@ func (ps *ProductionSetup) Phase2cInitializeServices(peerAddresses []string, vps var clusterPeers []string if ipfsClusterPeer != nil && ipfsClusterPeer.PeerID != "" { // Construct cluster peer multiaddress using the discovered peer ID - // Format: /ip4//tcp/9098/p2p/ + // Format: /ip4//tcp/9100/p2p/ peerIP := inferPeerIP(peerAddresses, vpsIP) if peerIP != "" { // Construct the bootstrap multiaddress for IPFS Cluster - // Note: IPFS Cluster listens on port 9098 for cluster communication - clusterBootstrapAddr := fmt.Sprintf("/ip4/%s/tcp/9098/p2p/%s", peerIP, ipfsClusterPeer.PeerID) + // Note: IPFS Cluster listens on port 9100 for cluster communication + clusterBootstrapAddr := fmt.Sprintf("/ip4/%s/tcp/9100/p2p/%s", peerIP, ipfsClusterPeer.PeerID) clusterPeers = []string{clusterBootstrapAddr} ps.logf(" ℹ️ IPFS Cluster will connect to peer: %s", clusterBootstrapAddr) } else if len(ipfsClusterPeer.Addrs) > 0 { @@ -373,7 +533,7 @@ func (ps *ProductionSetup) Phase3GenerateSecrets() error { } // Phase4GenerateConfigs generates node, gateway, and service configs -func (ps *ProductionSetup) Phase4GenerateConfigs(peerAddresses []string, vpsIP string, enableHTTPS bool, domain string, joinAddress string) error { +func (ps *ProductionSetup) Phase4GenerateConfigs(peerAddresses []string, vpsIP string, enableHTTPS bool, domain string, baseDomain string, joinAddress string, olricPeers ...[]string) error { if ps.IsUpdate() { ps.logf("Phase 4: Updating configurations...") ps.logf(" (Existing configs will be updated to latest format)") @@ -382,7 +542,7 @@ func (ps *ProductionSetup) Phase4GenerateConfigs(peerAddresses []string, vpsIP s } // Node config (unified architecture) - nodeConfig, err := ps.configGenerator.GenerateNodeConfig(peerAddresses, vpsIP, joinAddress, domain, enableHTTPS) + nodeConfig, err := ps.configGenerator.GenerateNodeConfig(peerAddresses, vpsIP, joinAddress, domain, baseDomain, enableHTTPS) if err != nil { return fmt.Errorf("failed to generate node config: %w", err) } @@ -398,14 +558,21 @@ func (ps *ProductionSetup) Phase4GenerateConfigs(peerAddresses []string, vpsIP s // Olric config: // - HTTP API binds to localhost for security (accessed via gateway) - // - Memberlist binds to 0.0.0.0 for cluster communication across nodes - // - Environment "lan" for production multi-node clustering + // - Memberlist binds to WG IP for cluster communication across nodes + // - Advertise WG IP so peers can reach this node + // - Seed peers from join response for initial cluster formation + var olricSeedPeers []string + if len(olricPeers) > 0 { + olricSeedPeers = olricPeers[0] + } olricConfig, err := ps.configGenerator.GenerateOlricConfig( - "127.0.0.1", // HTTP API on localhost + vpsIP, // HTTP API on WG IP (unique per node, avoids memberlist name conflict) 3320, - "0.0.0.0", // Memberlist on all interfaces for clustering + vpsIP, // Memberlist on WG IP for clustering 3322, "lan", // Production environment + vpsIP, // Advertise WG IP + olricSeedPeers, ) if err != nil { return fmt.Errorf("failed to generate olric config: %w", err) @@ -424,6 +591,48 @@ func (ps *ProductionSetup) Phase4GenerateConfigs(peerAddresses []string, vpsIP s exec.Command("chown", "debros:debros", olricConfigPath).Run() ps.logf(" ✓ Olric config generated") + // Configure CoreDNS (if baseDomain is provided - this is the zone name) + // CoreDNS uses baseDomain (e.g., "dbrs.space") as the authoritative zone + dnsZone := baseDomain + if dnsZone == "" { + dnsZone = domain // Fall back to node domain if baseDomain not set + } + if dnsZone != "" { + // Get node IPs from peer addresses or use the VPS IP for all + ns1IP := vpsIP + ns2IP := vpsIP + ns3IP := vpsIP + if len(peerAddresses) >= 1 && peerAddresses[0] != "" { + ns1IP = peerAddresses[0] + } + if len(peerAddresses) >= 2 && peerAddresses[1] != "" { + ns2IP = peerAddresses[1] + } + if len(peerAddresses) >= 3 && peerAddresses[2] != "" { + ns3IP = peerAddresses[2] + } + + rqliteDSN := "http://localhost:5001" + if err := ps.binaryInstaller.ConfigureCoreDNS(dnsZone, rqliteDSN, ns1IP, ns2IP, ns3IP); err != nil { + ps.logf(" ⚠️ CoreDNS config warning: %v", err) + } else { + ps.logf(" ✓ CoreDNS config generated (zone: %s)", dnsZone) + } + + // Configure Caddy (uses baseDomain for admin email if node domain not set) + caddyDomain := domain + if caddyDomain == "" { + caddyDomain = baseDomain + } + email := "admin@" + caddyDomain + acmeEndpoint := "http://localhost:6001/v1/internal/acme" + if err := ps.binaryInstaller.ConfigureCaddy(caddyDomain, email, acmeEndpoint, baseDomain); err != nil { + ps.logf(" ⚠️ Caddy config warning: %v", err) + } else { + ps.logf(" ✓ Caddy config generated") + } + } + return nil } @@ -476,12 +685,43 @@ func (ps *ProductionSetup) Phase5CreateSystemdServices(enableHTTPS bool) error { } ps.logf(" ✓ Node service created: debros-node.service (with embedded gateway)") - // Anyone Client service (SOCKS5 proxy) - anyoneUnit := ps.serviceGenerator.GenerateAnyoneClientService() - if err := ps.serviceController.WriteServiceUnit("debros-anyone-client.service", anyoneUnit); err != nil { - return fmt.Errorf("failed to write Anyone Client service: %w", err) + // Anyone Relay service (only created when --anyone-relay flag is used) + if ps.IsAnyoneRelay() { + anyoneUnit := ps.serviceGenerator.GenerateAnyoneRelayService() + if err := ps.serviceController.WriteServiceUnit("debros-anyone-relay.service", anyoneUnit); err != nil { + return fmt.Errorf("failed to write Anyone Relay service: %w", err) + } + ps.logf(" ✓ Anyone Relay service created (operator mode, ORPort: %d)", ps.anyoneRelayConfig.ORPort) + } + + // CoreDNS service (only for nameserver nodes) + if ps.isNameserver { + if _, err := os.Stat("/usr/local/bin/coredns"); err == nil { + corednsUnit := ps.serviceGenerator.GenerateCoreDNSService() + if err := ps.serviceController.WriteServiceUnit("coredns.service", corednsUnit); err != nil { + ps.logf(" ⚠️ Failed to write CoreDNS service: %v", err) + } else { + ps.logf(" ✓ CoreDNS service created") + } + } + } + + // Caddy service on ALL nodes (any node may host namespaces and need TLS) + if _, err := os.Stat("/usr/bin/caddy"); err == nil { + // Create caddy user if it doesn't exist + exec.Command("useradd", "-r", "-m", "-d", "/home/caddy", "-s", "/sbin/nologin", "caddy").Run() + exec.Command("mkdir", "-p", "/var/lib/caddy").Run() + exec.Command("chown", "caddy:caddy", "/var/lib/caddy").Run() + exec.Command("mkdir", "-p", "/home/caddy").Run() + exec.Command("chown", "caddy:caddy", "/home/caddy").Run() + + caddyUnit := ps.serviceGenerator.GenerateCaddyService() + if err := ps.serviceController.WriteServiceUnit("caddy.service", caddyUnit); err != nil { + ps.logf(" ⚠️ Failed to write Caddy service: %v", err) + } else { + ps.logf(" ✓ Caddy service created") + } } - ps.logf(" ✓ Anyone Client service created") // Reload systemd daemon if err := ps.serviceController.DaemonReload(); err != nil { @@ -492,7 +732,23 @@ func (ps *ProductionSetup) Phase5CreateSystemdServices(enableHTTPS bool) error { // Enable services (unified names - no bootstrap/node distinction) // Note: debros-gateway.service is no longer needed - each node has an embedded gateway // Note: debros-rqlite.service is NOT created - RQLite is managed by each node internally - services := []string{"debros-ipfs.service", "debros-ipfs-cluster.service", "debros-olric.service", "debros-node.service", "debros-anyone-client.service"} + services := []string{"debros-ipfs.service", "debros-ipfs-cluster.service", "debros-olric.service", "debros-node.service"} + + // Add Anyone Relay service if configured + if ps.IsAnyoneRelay() { + services = append(services, "debros-anyone-relay.service") + } + + // Add CoreDNS only for nameserver nodes + if ps.isNameserver { + if _, err := os.Stat("/usr/local/bin/coredns"); err == nil { + services = append(services, "coredns.service") + } + } + // Add Caddy on ALL nodes (any node may host namespaces and need TLS) + if _, err := os.Stat("/usr/bin/caddy"); err == nil { + services = append(services, "caddy.service") + } for _, svc := range services { if err := ps.serviceController.EnableService(svc); err != nil { ps.logf(" ⚠️ Failed to enable %s: %v", svc, err) @@ -501,22 +757,29 @@ func (ps *ProductionSetup) Phase5CreateSystemdServices(enableHTTPS bool) error { } } - // Start services in dependency order + // Restart services in dependency order (restart instead of start ensures + // services pick up new configs even if already running from a previous install) ps.logf(" Starting services...") - // Start infrastructure first (IPFS, Olric, Anyone Client) - RQLite is managed internally by each node + // Start infrastructure first (IPFS, Olric, Anyone) - RQLite is managed internally by each node infraServices := []string{"debros-ipfs.service", "debros-olric.service"} - - // Check if port 9050 is already in use (e.g., another anyone-client or similar service) - if ps.portChecker.IsPortInUse(9050) { - ps.logf(" ℹ️ Port 9050 is already in use (anyone-client or similar service running)") - ps.logf(" ℹ️ Skipping debros-anyone-client startup - using existing service") - } else { - infraServices = append(infraServices, "debros-anyone-client.service") + + // Add Anyone Relay service if configured + if ps.IsAnyoneRelay() { + orPort := 9001 + if ps.anyoneRelayConfig != nil && ps.anyoneRelayConfig.ORPort > 0 { + orPort = ps.anyoneRelayConfig.ORPort + } + if ps.portChecker.IsPortInUse(orPort) { + ps.logf(" ℹ️ ORPort %d is already in use (existing anon relay running)", orPort) + ps.logf(" ℹ️ Skipping debros-anyone-relay startup - using existing service") + } else { + infraServices = append(infraServices, "debros-anyone-relay.service") + } } - + for _, svc := range infraServices { - if err := ps.serviceController.StartService(svc); err != nil { + if err := ps.serviceController.RestartService(svc); err != nil { ps.logf(" ⚠️ Failed to start %s: %v", svc, err) } else { ps.logf(" - %s started", svc) @@ -527,23 +790,180 @@ func (ps *ProductionSetup) Phase5CreateSystemdServices(enableHTTPS bool) error { time.Sleep(2 * time.Second) // Start IPFS Cluster - if err := ps.serviceController.StartService("debros-ipfs-cluster.service"); err != nil { + if err := ps.serviceController.RestartService("debros-ipfs-cluster.service"); err != nil { ps.logf(" ⚠️ Failed to start debros-ipfs-cluster.service: %v", err) } else { ps.logf(" - debros-ipfs-cluster.service started") } // Start node service (gateway is embedded in node, no separate service needed) - if err := ps.serviceController.StartService("debros-node.service"); err != nil { + if err := ps.serviceController.RestartService("debros-node.service"); err != nil { ps.logf(" ⚠️ Failed to start debros-node.service: %v", err) } else { ps.logf(" - debros-node.service started (with embedded gateway)") } + // Start CoreDNS (nameserver nodes only) + if ps.isNameserver { + if _, err := os.Stat("/usr/local/bin/coredns"); err == nil { + if err := ps.serviceController.RestartService("coredns.service"); err != nil { + ps.logf(" ⚠️ Failed to start coredns.service: %v", err) + } else { + ps.logf(" - coredns.service started") + } + } + } + // Start Caddy on ALL nodes (any node may host namespaces and need TLS) + // Caddy depends on debros-node.service (gateway on :6001), so start after node + if _, err := os.Stat("/usr/bin/caddy"); err == nil { + if err := ps.serviceController.RestartService("caddy.service"); err != nil { + ps.logf(" ⚠️ Failed to start caddy.service: %v", err) + } else { + ps.logf(" - caddy.service started") + } + } + ps.logf(" ✓ All services started") return nil } +// SeedDNSRecords seeds DNS records into RQLite after services are running +func (ps *ProductionSetup) SeedDNSRecords(baseDomain, vpsIP string, peerAddresses []string) error { + if !ps.isNameserver { + return nil // Skip for non-nameserver nodes + } + if baseDomain == "" { + return nil // Skip if no domain configured + } + + ps.logf("Seeding DNS records...") + + // Get node IPs from peer addresses (multiaddrs) or use the VPS IP for all + // Peer addresses are multiaddrs like /ip4/1.2.3.4/tcp/4001/p2p/12D3KooW... + // We need to extract just the IP from them + ns1IP := vpsIP + ns2IP := vpsIP + ns3IP := vpsIP + + // Extract IPs from multiaddrs + var extractedIPs []string + for _, peer := range peerAddresses { + if peer != "" { + if ip := extractIPFromMultiaddr(peer); ip != "" { + extractedIPs = append(extractedIPs, ip) + } + } + } + + // Assign extracted IPs to nameservers + if len(extractedIPs) >= 1 { + ns1IP = extractedIPs[0] + } + if len(extractedIPs) >= 2 { + ns2IP = extractedIPs[1] + } + if len(extractedIPs) >= 3 { + ns3IP = extractedIPs[2] + } + + rqliteDSN := "http://localhost:5001" + if err := ps.binaryInstaller.SeedDNS(baseDomain, rqliteDSN, ns1IP, ns2IP, ns3IP); err != nil { + return fmt.Errorf("failed to seed DNS records: %w", err) + } + + return nil +} + +// Phase6SetupWireGuard installs WireGuard and generates keys for this node. +// For the first node, it self-assigns 10.0.0.1. For joining nodes, the peer +// exchange happens via HTTPS in the install CLI orchestrator. +func (ps *ProductionSetup) Phase6SetupWireGuard(isFirstNode bool) (privateKey, publicKey string, err error) { + ps.logf("Phase 6a: Setting up WireGuard...") + + wp := NewWireGuardProvisioner(WireGuardConfig{}) + + // Install WireGuard package + if err := wp.Install(); err != nil { + return "", "", fmt.Errorf("failed to install wireguard: %w", err) + } + ps.logf(" ✓ WireGuard installed") + + // Generate keypair + privKey, pubKey, err := GenerateKeyPair() + if err != nil { + return "", "", fmt.Errorf("failed to generate WG keys: %w", err) + } + ps.logf(" ✓ WireGuard keypair generated") + + if isFirstNode { + // First node: self-assign 10.0.0.1, no peers yet + wp.config = WireGuardConfig{ + PrivateKey: privKey, + PrivateIP: "10.0.0.1", + ListenPort: 51820, + } + if err := wp.WriteConfig(); err != nil { + return "", "", fmt.Errorf("failed to write WG config: %w", err) + } + if err := wp.Enable(); err != nil { + return "", "", fmt.Errorf("failed to enable WG: %w", err) + } + ps.logf(" ✓ WireGuard enabled (first node: 10.0.0.1)") + } + + return privKey, pubKey, nil +} + +// Phase6bSetupFirewall sets up UFW firewall rules +func (ps *ProductionSetup) Phase6bSetupFirewall(skipFirewall bool) error { + if skipFirewall { + ps.logf("Phase 6b: Skipping firewall setup (--skip-firewall)") + return nil + } + + ps.logf("Phase 6b: Setting up UFW firewall...") + + anyoneORPort := 0 + if ps.IsAnyoneRelay() && ps.anyoneRelayConfig != nil { + anyoneORPort = ps.anyoneRelayConfig.ORPort + } + + fp := NewFirewallProvisioner(FirewallConfig{ + SSHPort: 22, + IsNameserver: ps.isNameserver, + AnyoneORPort: anyoneORPort, + WireGuardPort: 51820, + }) + + if err := fp.Setup(); err != nil { + return fmt.Errorf("firewall setup failed: %w", err) + } + + ps.logf(" ✓ UFW firewall configured and enabled") + return nil +} + +// EnableWireGuardWithPeers writes WG config with assigned IP and peers, then enables it. +// Called by joining nodes after peer exchange. +func (ps *ProductionSetup) EnableWireGuardWithPeers(privateKey, assignedIP string, peers []WireGuardPeer) error { + wp := NewWireGuardProvisioner(WireGuardConfig{ + PrivateKey: privateKey, + PrivateIP: assignedIP, + ListenPort: 51820, + Peers: peers, + }) + + if err := wp.WriteConfig(); err != nil { + return fmt.Errorf("failed to write WG config: %w", err) + } + if err := wp.Enable(); err != nil { + return fmt.Errorf("failed to enable WG: %w", err) + } + + ps.logf(" ✓ WireGuard enabled (IP: %s, peers: %d)", assignedIP, len(peers)) + return nil +} + // LogSetupComplete logs completion information func (ps *ProductionSetup) LogSetupComplete(peerID string) { ps.logf("\n" + strings.Repeat("=", 70)) @@ -560,11 +980,24 @@ func (ps *ProductionSetup) LogSetupComplete(peerID string) { ps.logf(" %s/logs/olric.log", ps.oramaDir) ps.logf(" %s/logs/node.log", ps.oramaDir) ps.logf(" %s/logs/gateway.log", ps.oramaDir) - ps.logf(" %s/logs/anyone-client.log", ps.oramaDir) - ps.logf("\nStart All Services:") - ps.logf(" systemctl start debros-ipfs debros-ipfs-cluster debros-olric debros-anyone-client debros-node") + + // Anyone mode-specific logs and commands + if ps.IsAnyoneRelay() { + ps.logf(" /var/log/anon/notices.log (Anyone Relay)") + ps.logf("\nStart All Services:") + ps.logf(" systemctl start debros-ipfs debros-ipfs-cluster debros-olric debros-anyone-relay debros-node") + ps.logf("\nAnyone Relay Operator:") + ps.logf(" ORPort: %d", ps.anyoneRelayConfig.ORPort) + ps.logf(" Wallet: %s", ps.anyoneRelayConfig.Wallet) + ps.logf(" Config: /etc/anon/anonrc") + ps.logf(" Register at: https://dashboard.anyone.io") + ps.logf(" IMPORTANT: You need 100 $ANYONE tokens in your wallet to receive rewards") + } else { + ps.logf("\nStart All Services:") + ps.logf(" systemctl start debros-ipfs debros-ipfs-cluster debros-olric debros-node") + } + ps.logf("\nVerify Installation:") ps.logf(" curl http://localhost:6001/health") - ps.logf(" curl http://localhost:5001/status") - ps.logf(" # Anyone Client SOCKS5 proxy on localhost:9050\n") + ps.logf(" curl http://localhost:5001/status\n") } diff --git a/pkg/environments/production/preferences.go b/pkg/environments/production/preferences.go new file mode 100644 index 0000000..8e40c9d --- /dev/null +++ b/pkg/environments/production/preferences.go @@ -0,0 +1,85 @@ +package production + +import ( + "os" + "path/filepath" + "strings" + + "gopkg.in/yaml.v3" +) + +// NodePreferences contains persistent node configuration that survives upgrades +type NodePreferences struct { + Branch string `yaml:"branch"` + Nameserver bool `yaml:"nameserver"` +} + +const ( + preferencesFile = "preferences.yaml" + legacyBranchFile = ".branch" +) + +// SavePreferences saves node preferences to disk +func SavePreferences(oramaDir string, prefs *NodePreferences) error { + // Ensure directory exists + if err := os.MkdirAll(oramaDir, 0755); err != nil { + return err + } + + // Save to YAML file + path := filepath.Join(oramaDir, preferencesFile) + data, err := yaml.Marshal(prefs) + if err != nil { + return err + } + + if err := os.WriteFile(path, data, 0644); err != nil { + return err + } + + // Also save branch to legacy .branch file for backward compatibility + legacyPath := filepath.Join(oramaDir, legacyBranchFile) + os.WriteFile(legacyPath, []byte(prefs.Branch), 0644) + + return nil +} + +// LoadPreferences loads node preferences from disk +// Falls back to reading legacy .branch file if preferences.yaml doesn't exist +func LoadPreferences(oramaDir string) *NodePreferences { + prefs := &NodePreferences{ + Branch: "main", + Nameserver: false, + } + + // Try to load from preferences.yaml first + path := filepath.Join(oramaDir, preferencesFile) + if data, err := os.ReadFile(path); err == nil { + if err := yaml.Unmarshal(data, prefs); err == nil { + return prefs + } + } + + // Fall back to legacy .branch file + legacyPath := filepath.Join(oramaDir, legacyBranchFile) + if data, err := os.ReadFile(legacyPath); err == nil { + branch := strings.TrimSpace(string(data)) + if branch != "" { + prefs.Branch = branch + } + } + + return prefs +} + +// SaveNameserverPreference updates just the nameserver preference +func SaveNameserverPreference(oramaDir string, isNameserver bool) error { + prefs := LoadPreferences(oramaDir) + prefs.Nameserver = isNameserver + return SavePreferences(oramaDir, prefs) +} + +// ReadNameserverPreference reads just the nameserver preference +func ReadNameserverPreference(oramaDir string) bool { + return LoadPreferences(oramaDir).Nameserver +} diff --git a/pkg/environments/production/provisioner.go b/pkg/environments/production/provisioner.go index d095dbe..7c5dc7d 100644 --- a/pkg/environments/production/provisioner.go +++ b/pkg/environments/production/provisioner.go @@ -182,6 +182,123 @@ func (up *UserProvisioner) SetupSudoersAccess(invokerUser string) error { return nil } +// SetupDeploymentSudoers configures the debros user with permissions needed for +// managing user deployments via systemd services. +func (up *UserProvisioner) SetupDeploymentSudoers() error { + sudoersFile := "/etc/sudoers.d/debros-deployments" + + // Check if already configured + if _, err := os.Stat(sudoersFile); err == nil { + return nil // Already configured + } + + sudoersContent := `# DeBros Network - Deployment Management Permissions +# Allows debros user to manage systemd services for user deployments + +# Systemd service management for orama-deploy-* services +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl daemon-reload +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl start orama-deploy-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop orama-deploy-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart orama-deploy-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl enable orama-deploy-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl disable orama-deploy-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl status orama-deploy-* + +# Service file management (tee to write, rm to remove) +debros ALL=(ALL) NOPASSWD: /usr/bin/tee /etc/systemd/system/orama-deploy-*.service +debros ALL=(ALL) NOPASSWD: /bin/rm -f /etc/systemd/system/orama-deploy-*.service +` + + // Write sudoers rule + if err := os.WriteFile(sudoersFile, []byte(sudoersContent), 0440); err != nil { + return fmt.Errorf("failed to create deployment sudoers rule: %w", err) + } + + // Validate sudoers file + cmd := exec.Command("visudo", "-c", "-f", sudoersFile) + if err := cmd.Run(); err != nil { + os.Remove(sudoersFile) // Clean up on validation failure + return fmt.Errorf("deployment sudoers rule validation failed: %w", err) + } + + return nil +} + +// SetupNamespaceSudoers configures the debros user with permissions needed for +// managing namespace cluster services via systemd. +func (up *UserProvisioner) SetupNamespaceSudoers() error { + sudoersFile := "/etc/sudoers.d/debros-namespaces" + + // Check if already configured + if _, err := os.Stat(sudoersFile); err == nil { + return nil // Already configured + } + + sudoersContent := `# DeBros Network - Namespace Cluster Management Permissions +# Allows debros user to manage systemd services for namespace clusters + +# Systemd service management for debros-namespace-* services +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl daemon-reload +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl start debros-namespace-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop debros-namespace-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart debros-namespace-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl enable debros-namespace-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl disable debros-namespace-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl status debros-namespace-* +debros ALL=(ALL) NOPASSWD: /usr/bin/systemctl is-active debros-namespace-* + +# Service file management (tee to write, rm to remove) +debros ALL=(ALL) NOPASSWD: /usr/bin/tee /etc/systemd/system/debros-namespace-*.service +debros ALL=(ALL) NOPASSWD: /bin/rm -f /etc/systemd/system/debros-namespace-*.service + +# Environment file management for namespace services +debros ALL=(ALL) NOPASSWD: /usr/bin/tee /home/debros/.orama/namespace/*/env/* +debros ALL=(ALL) NOPASSWD: /usr/bin/mkdir -p /home/debros/.orama/namespace/*/env +` + + // Write sudoers rule + if err := os.WriteFile(sudoersFile, []byte(sudoersContent), 0440); err != nil { + return fmt.Errorf("failed to create namespace sudoers rule: %w", err) + } + + // Validate sudoers file + cmd := exec.Command("visudo", "-c", "-f", sudoersFile) + if err := cmd.Run(); err != nil { + os.Remove(sudoersFile) // Clean up on validation failure + return fmt.Errorf("namespace sudoers rule validation failed: %w", err) + } + + return nil +} + +// SetupWireGuardSudoers configures the debros user with permissions to manage WireGuard +func (up *UserProvisioner) SetupWireGuardSudoers() error { + sudoersFile := "/etc/sudoers.d/debros-wireguard" + + sudoersContent := `# DeBros Network - WireGuard Management Permissions +# Allows debros user to manage WireGuard peers + +debros ALL=(ALL) NOPASSWD: /usr/bin/wg set wg0 * +debros ALL=(ALL) NOPASSWD: /usr/bin/wg show wg0 +debros ALL=(ALL) NOPASSWD: /usr/bin/wg showconf wg0 +debros ALL=(ALL) NOPASSWD: /usr/bin/tee /etc/wireguard/wg0.conf +` + + // Write sudoers rule (always overwrite to ensure latest) + if err := os.WriteFile(sudoersFile, []byte(sudoersContent), 0440); err != nil { + return fmt.Errorf("failed to create wireguard sudoers rule: %w", err) + } + + // Validate sudoers file + cmd := exec.Command("visudo", "-c", "-f", sudoersFile) + if err := cmd.Run(); err != nil { + os.Remove(sudoersFile) + return fmt.Errorf("wireguard sudoers rule validation failed: %w", err) + } + + return nil +} + // StateDetector checks for existing production state type StateDetector struct { oramaDir string diff --git a/pkg/environments/production/services.go b/pkg/environments/production/services.go index 7ae6eba..6fec55e 100644 --- a/pkg/environments/production/services.go +++ b/pkg/environments/production/services.go @@ -66,7 +66,7 @@ WantedBy=multi-user.target func (ssg *SystemdServiceGenerator) GenerateIPFSClusterService(clusterBinary string) string { clusterPath := filepath.Join(ssg.oramaDir, "data", "ipfs-cluster") logFile := filepath.Join(ssg.oramaDir, "logs", "ipfs-cluster.log") - + // Read cluster secret from file to pass to daemon clusterSecretPath := filepath.Join(ssg.oramaDir, "secrets", "cluster-secret") clusterSecret := "" @@ -89,6 +89,7 @@ Environment=HOME=%[1]s Environment=IPFS_CLUSTER_PATH=%[2]s Environment=CLUSTER_SECRET=%[5]s ExecStartPre=/bin/bash -c 'mkdir -p %[2]s && chmod 700 %[2]s' +ExecStartPre=/bin/bash -c 'for i in $(seq 1 30); do curl -sf -X POST http://127.0.0.1:4501/api/v0/id > /dev/null 2>&1 && exit 0; sleep 1; done; echo "IPFS API not ready after 30s"; exit 1' ExecStart=%[4]s daemon Restart=always RestartSec=5 @@ -215,8 +216,9 @@ func (ssg *SystemdServiceGenerator) GenerateNodeService() string { return fmt.Sprintf(`[Unit] Description=DeBros Network Node -After=debros-ipfs-cluster.service debros-olric.service +After=debros-ipfs-cluster.service debros-olric.service wg-quick@wg0.service Wants=debros-ipfs-cluster.service debros-olric.service +Requires=wg-quick@wg0.service [Service] Type=simple @@ -231,18 +233,10 @@ StandardOutput=append:%[4]s StandardError=append:%[4]s SyslogIdentifier=debros-node -AmbientCapabilities=CAP_NET_BIND_SERVICE -CapabilityBoundingSet=CAP_NET_BIND_SERVICE - PrivateTmp=yes -ProtectSystem=strict ProtectHome=read-only -ProtectKernelTunables=yes -ProtectKernelModules=yes ProtectControlGroups=yes -RestrictRealtime=yes -RestrictSUIDSGID=yes -ReadWritePaths=%[2]s +ReadWritePaths=%[2]s /etc/systemd/system [Install] WantedBy=multi-user.target @@ -329,6 +323,91 @@ WantedBy=multi-user.target `, ssg.oramaHome, logFile, ssg.oramaDir) } +// GenerateAnyoneRelayService generates the Anyone Relay operator systemd unit +// Uses debian-anon user created by the anon apt package +func (ssg *SystemdServiceGenerator) GenerateAnyoneRelayService() string { + return `[Unit] +Description=Anyone Relay (Orama Network) +Documentation=https://docs.anyone.io +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +User=debian-anon +Group=debian-anon +ExecStart=/usr/bin/anon --agree-to-terms +Restart=always +RestartSec=10 +SyslogIdentifier=anon-relay + +# Security hardening +NoNewPrivileges=yes +ProtectSystem=full +ProtectHome=read-only +PrivateTmp=yes +ReadWritePaths=/var/lib/anon /var/log/anon /etc/anon + +[Install] +WantedBy=multi-user.target +` +} + +// GenerateCoreDNSService generates the CoreDNS systemd unit +func (ssg *SystemdServiceGenerator) GenerateCoreDNSService() string { + return `[Unit] +Description=CoreDNS DNS Server with RQLite backend +Documentation=https://coredns.io +After=network-online.target debros-node.service +Wants=network-online.target debros-node.service + +[Service] +Type=simple +User=root +ExecStart=/usr/local/bin/coredns -conf /etc/coredns/Corefile +Restart=on-failure +RestartSec=5 +SyslogIdentifier=coredns + +NoNewPrivileges=true +ProtectSystem=full +ProtectHome=true + +[Install] +WantedBy=multi-user.target +` +} + +// GenerateCaddyService generates the Caddy systemd unit for SSL/TLS +func (ssg *SystemdServiceGenerator) GenerateCaddyService() string { + return `[Unit] +Description=Caddy HTTP/2 Server +Documentation=https://caddyserver.com/docs/ +After=network-online.target debros-node.service coredns.service +Wants=network-online.target +Wants=debros-node.service + +[Service] +Type=simple +User=caddy +Group=caddy +ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile +ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile +TimeoutStopSec=5s +LimitNOFILE=1048576 +LimitNPROC=512 +PrivateTmp=true +ProtectSystem=full +AmbientCapabilities=CAP_NET_BIND_SERVICE +Restart=on-failure +RestartSec=5 +SyslogIdentifier=caddy + +[Install] +WantedBy=multi-user.target +` +} + // SystemdController manages systemd service operations type SystemdController struct { systemdDir string diff --git a/pkg/environments/production/wireguard.go b/pkg/environments/production/wireguard.go new file mode 100644 index 0000000..8bf4ce9 --- /dev/null +++ b/pkg/environments/production/wireguard.go @@ -0,0 +1,231 @@ +package production + +import ( + "crypto/rand" + "encoding/base64" + "fmt" + "os" + "os/exec" + "path/filepath" + "strings" + + "golang.org/x/crypto/curve25519" +) + +// WireGuardPeer represents a WireGuard mesh peer +type WireGuardPeer struct { + PublicKey string // Base64-encoded public key + Endpoint string // e.g., "141.227.165.154:51820" + AllowedIP string // e.g., "10.0.0.2/32" +} + +// WireGuardConfig holds the configuration for a WireGuard interface +type WireGuardConfig struct { + PrivateIP string // e.g., "10.0.0.1" + ListenPort int // default 51820 + PrivateKey string // Base64-encoded private key + Peers []WireGuardPeer // Known peers +} + +// WireGuardProvisioner manages WireGuard VPN setup +type WireGuardProvisioner struct { + configDir string // /etc/wireguard + config WireGuardConfig +} + +// NewWireGuardProvisioner creates a new WireGuard provisioner +func NewWireGuardProvisioner(config WireGuardConfig) *WireGuardProvisioner { + if config.ListenPort == 0 { + config.ListenPort = 51820 + } + return &WireGuardProvisioner{ + configDir: "/etc/wireguard", + config: config, + } +} + +// IsInstalled checks if WireGuard tools are available +func (wp *WireGuardProvisioner) IsInstalled() bool { + _, err := exec.LookPath("wg") + return err == nil +} + +// Install installs the WireGuard package +func (wp *WireGuardProvisioner) Install() error { + if wp.IsInstalled() { + return nil + } + + cmd := exec.Command("apt-get", "install", "-y", "wireguard", "wireguard-tools") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to install wireguard: %w\n%s", err, string(output)) + } + + return nil +} + +// GenerateKeyPair generates a new WireGuard private/public key pair +func GenerateKeyPair() (privateKey, publicKey string, err error) { + // Generate 32 random bytes for private key + var privBytes [32]byte + if _, err := rand.Read(privBytes[:]); err != nil { + return "", "", fmt.Errorf("failed to generate random bytes: %w", err) + } + + // Clamp private key per Curve25519 spec + privBytes[0] &= 248 + privBytes[31] &= 127 + privBytes[31] |= 64 + + // Derive public key + var pubBytes [32]byte + curve25519.ScalarBaseMult(&pubBytes, &privBytes) + + privateKey = base64.StdEncoding.EncodeToString(privBytes[:]) + publicKey = base64.StdEncoding.EncodeToString(pubBytes[:]) + return privateKey, publicKey, nil +} + +// PublicKeyFromPrivate derives the public key from a private key +func PublicKeyFromPrivate(privateKey string) (string, error) { + privBytes, err := base64.StdEncoding.DecodeString(privateKey) + if err != nil { + return "", fmt.Errorf("failed to decode private key: %w", err) + } + if len(privBytes) != 32 { + return "", fmt.Errorf("invalid private key length: %d", len(privBytes)) + } + + var priv, pub [32]byte + copy(priv[:], privBytes) + curve25519.ScalarBaseMult(&pub, &priv) + + return base64.StdEncoding.EncodeToString(pub[:]), nil +} + +// GenerateConfig returns the wg0.conf file content +func (wp *WireGuardProvisioner) GenerateConfig() string { + var sb strings.Builder + + sb.WriteString("# WireGuard mesh configuration (managed by Orama Network)\n") + sb.WriteString("# Do not edit manually — use orama CLI to manage peers\n\n") + sb.WriteString("[Interface]\n") + sb.WriteString(fmt.Sprintf("PrivateKey = %s\n", wp.config.PrivateKey)) + sb.WriteString(fmt.Sprintf("Address = %s/24\n", wp.config.PrivateIP)) + sb.WriteString(fmt.Sprintf("ListenPort = %d\n", wp.config.ListenPort)) + + for _, peer := range wp.config.Peers { + sb.WriteString("\n[Peer]\n") + sb.WriteString(fmt.Sprintf("PublicKey = %s\n", peer.PublicKey)) + if peer.Endpoint != "" { + sb.WriteString(fmt.Sprintf("Endpoint = %s\n", peer.Endpoint)) + } + sb.WriteString(fmt.Sprintf("AllowedIPs = %s\n", peer.AllowedIP)) + sb.WriteString("PersistentKeepalive = 25\n") + } + + return sb.String() +} + +// WriteConfig writes the WireGuard config to /etc/wireguard/wg0.conf +func (wp *WireGuardProvisioner) WriteConfig() error { + confPath := filepath.Join(wp.configDir, "wg0.conf") + content := wp.GenerateConfig() + + // Try direct write first (works when running as root) + if err := os.MkdirAll(wp.configDir, 0700); err == nil { + if err := os.WriteFile(confPath, []byte(content), 0600); err == nil { + return nil + } + } + + // Fallback to sudo tee (for non-root, e.g. debros user) + cmd := exec.Command("sudo", "tee", confPath) + cmd.Stdin = strings.NewReader(content) + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to write wg0.conf via sudo: %w\n%s", err, string(output)) + } + + return nil +} + +// Enable starts and enables the WireGuard interface +func (wp *WireGuardProvisioner) Enable() error { + // Enable on boot + cmd := exec.Command("systemctl", "enable", "wg-quick@wg0") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to enable wg-quick@wg0: %w\n%s", err, string(output)) + } + + // Use restart instead of start. wg-quick@wg0 is a oneshot service with + // RemainAfterExit=yes, so "systemctl start" is a no-op if the service is + // already in "active (exited)" state (e.g. from a previous install that + // wasn't fully cleaned). "restart" always re-runs the ExecStart command. + cmd = exec.Command("systemctl", "restart", "wg-quick@wg0") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to start wg-quick@wg0: %w\n%s", err, string(output)) + } + + return nil +} + +// Restart restarts the WireGuard interface +func (wp *WireGuardProvisioner) Restart() error { + cmd := exec.Command("systemctl", "restart", "wg-quick@wg0") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to restart wg-quick@wg0: %w\n%s", err, string(output)) + } + return nil +} + +// IsActive checks if the WireGuard interface is up +func (wp *WireGuardProvisioner) IsActive() bool { + cmd := exec.Command("systemctl", "is-active", "--quiet", "wg-quick@wg0") + return cmd.Run() == nil +} + +// AddPeer adds a peer to the running WireGuard interface without restart +func (wp *WireGuardProvisioner) AddPeer(peer WireGuardPeer) error { + // Add peer to running interface + args := []string{"wg", "set", "wg0", "peer", peer.PublicKey, "allowed-ips", peer.AllowedIP, "persistent-keepalive", "25"} + if peer.Endpoint != "" { + args = append(args, "endpoint", peer.Endpoint) + } + + cmd := exec.Command("sudo", args...) + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to add peer %s: %w\n%s", peer.AllowedIP, err, string(output)) + } + + // Also update config file so it persists across restarts + wp.config.Peers = append(wp.config.Peers, peer) + return wp.WriteConfig() +} + +// RemovePeer removes a peer from the running WireGuard interface +func (wp *WireGuardProvisioner) RemovePeer(publicKey string) error { + cmd := exec.Command("sudo", "wg", "set", "wg0", "peer", publicKey, "remove") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to remove peer: %w\n%s", err, string(output)) + } + + // Remove from config + filtered := make([]WireGuardPeer, 0, len(wp.config.Peers)) + for _, p := range wp.config.Peers { + if p.PublicKey != publicKey { + filtered = append(filtered, p) + } + } + wp.config.Peers = filtered + return wp.WriteConfig() +} + +// GetStatus returns the current WireGuard interface status +func (wp *WireGuardProvisioner) GetStatus() (string, error) { + cmd := exec.Command("wg", "show", "wg0") + output, err := cmd.CombinedOutput() + if err != nil { + return "", fmt.Errorf("failed to get wg status: %w\n%s", err, string(output)) + } + return string(output), nil +} diff --git a/pkg/environments/production/wireguard_test.go b/pkg/environments/production/wireguard_test.go new file mode 100644 index 0000000..193abdd --- /dev/null +++ b/pkg/environments/production/wireguard_test.go @@ -0,0 +1,167 @@ +package production + +import ( + "encoding/base64" + "strings" + "testing" +) + +func TestGenerateKeyPair(t *testing.T) { + priv, pub, err := GenerateKeyPair() + if err != nil { + t.Fatalf("GenerateKeyPair failed: %v", err) + } + + // Keys should be base64, 44 chars (32 bytes + padding) + if len(priv) != 44 { + t.Errorf("private key length = %d, want 44", len(priv)) + } + if len(pub) != 44 { + t.Errorf("public key length = %d, want 44", len(pub)) + } + + // Should be valid base64 + if _, err := base64.StdEncoding.DecodeString(priv); err != nil { + t.Errorf("private key is not valid base64: %v", err) + } + if _, err := base64.StdEncoding.DecodeString(pub); err != nil { + t.Errorf("public key is not valid base64: %v", err) + } + + // Private and public should differ + if priv == pub { + t.Error("private and public keys should differ") + } +} + +func TestGenerateKeyPair_Unique(t *testing.T) { + priv1, _, _ := GenerateKeyPair() + priv2, _, _ := GenerateKeyPair() + + if priv1 == priv2 { + t.Error("two generated key pairs should be unique") + } +} + +func TestPublicKeyFromPrivate(t *testing.T) { + priv, expectedPub, err := GenerateKeyPair() + if err != nil { + t.Fatalf("GenerateKeyPair failed: %v", err) + } + + pub, err := PublicKeyFromPrivate(priv) + if err != nil { + t.Fatalf("PublicKeyFromPrivate failed: %v", err) + } + + if pub != expectedPub { + t.Errorf("PublicKeyFromPrivate = %s, want %s", pub, expectedPub) + } +} + +func TestPublicKeyFromPrivate_InvalidKey(t *testing.T) { + _, err := PublicKeyFromPrivate("not-valid-base64!!!") + if err == nil { + t.Error("expected error for invalid base64") + } + + _, err = PublicKeyFromPrivate(base64.StdEncoding.EncodeToString([]byte("short"))) + if err == nil { + t.Error("expected error for short key") + } +} + +func TestWireGuardProvisioner_GenerateConfig_NoPeers(t *testing.T) { + wp := NewWireGuardProvisioner(WireGuardConfig{ + PrivateIP: "10.0.0.1", + ListenPort: 51820, + PrivateKey: "dGVzdHByaXZhdGVrZXl0ZXN0cHJpdmF0ZWtleXM=", + }) + + config := wp.GenerateConfig() + + if !strings.Contains(config, "[Interface]") { + t.Error("config should contain [Interface] section") + } + if !strings.Contains(config, "Address = 10.0.0.1/24") { + t.Error("config should contain correct Address") + } + if !strings.Contains(config, "ListenPort = 51820") { + t.Error("config should contain ListenPort") + } + if !strings.Contains(config, "PrivateKey = dGVzdHByaXZhdGVrZXl0ZXN0cHJpdmF0ZWtleXM=") { + t.Error("config should contain PrivateKey") + } + if strings.Contains(config, "[Peer]") { + t.Error("config should NOT contain [Peer] section with no peers") + } +} + +func TestWireGuardProvisioner_GenerateConfig_WithPeers(t *testing.T) { + wp := NewWireGuardProvisioner(WireGuardConfig{ + PrivateIP: "10.0.0.1", + ListenPort: 51820, + PrivateKey: "dGVzdHByaXZhdGVrZXl0ZXN0cHJpdmF0ZWtleXM=", + Peers: []WireGuardPeer{ + { + PublicKey: "cGVlcjFwdWJsaWNrZXlwZWVyMXB1YmxpY2tleXM=", + Endpoint: "1.2.3.4:51820", + AllowedIP: "10.0.0.2/32", + }, + { + PublicKey: "cGVlcjJwdWJsaWNrZXlwZWVyMnB1YmxpY2tleXM=", + Endpoint: "5.6.7.8:51820", + AllowedIP: "10.0.0.3/32", + }, + }, + }) + + config := wp.GenerateConfig() + + if strings.Count(config, "[Peer]") != 2 { + t.Errorf("expected 2 [Peer] sections, got %d", strings.Count(config, "[Peer]")) + } + if !strings.Contains(config, "Endpoint = 1.2.3.4:51820") { + t.Error("config should contain first peer endpoint") + } + if !strings.Contains(config, "AllowedIPs = 10.0.0.2/32") { + t.Error("config should contain first peer AllowedIPs") + } + if !strings.Contains(config, "PersistentKeepalive = 25") { + t.Error("config should contain PersistentKeepalive") + } + if !strings.Contains(config, "Endpoint = 5.6.7.8:51820") { + t.Error("config should contain second peer endpoint") + } +} + +func TestWireGuardProvisioner_GenerateConfig_PeerWithoutEndpoint(t *testing.T) { + wp := NewWireGuardProvisioner(WireGuardConfig{ + PrivateIP: "10.0.0.1", + ListenPort: 51820, + PrivateKey: "dGVzdHByaXZhdGVrZXl0ZXN0cHJpdmF0ZWtleXM=", + Peers: []WireGuardPeer{ + { + PublicKey: "cGVlcjFwdWJsaWNrZXlwZWVyMXB1YmxpY2tleXM=", + AllowedIP: "10.0.0.2/32", + }, + }, + }) + + config := wp.GenerateConfig() + + if strings.Contains(config, "Endpoint") { + t.Error("config should NOT contain Endpoint when peer has none") + } +} + +func TestWireGuardProvisioner_DefaultPort(t *testing.T) { + wp := NewWireGuardProvisioner(WireGuardConfig{ + PrivateIP: "10.0.0.1", + PrivateKey: "dGVzdHByaXZhdGVrZXl0ZXN0cHJpdmF0ZWtleXM=", + }) + + if wp.config.ListenPort != 51820 { + t.Errorf("default ListenPort = %d, want 51820", wp.config.ListenPort) + } +} diff --git a/pkg/environments/templates/node.yaml b/pkg/environments/templates/node.yaml index 2024f5c..33d627b 100644 --- a/pkg/environments/templates/node.yaml +++ b/pkg/environments/templates/node.yaml @@ -49,8 +49,9 @@ logging: http_gateway: enabled: true - listen_addr: "{{if .EnableHTTPS}}:{{.HTTPSPort}}{{else}}:{{.UnifiedGatewayPort}}{{end}}" + listen_addr: ":{{.UnifiedGatewayPort}}" node_name: "{{.NodeID}}" + base_domain: "{{.BaseDomain}}" {{if .EnableHTTPS}}https: enabled: true @@ -62,23 +63,18 @@ http_gateway: email: "admin@{{.Domain}}" {{end}} - {{if .EnableHTTPS}}sni: - enabled: true - listen_addr: ":{{.RQLiteRaftPort}}" - cert_file: "{{.TLSCacheDir}}/{{.Domain}}.crt" - key_file: "{{.TLSCacheDir}}/{{.Domain}}.key" - routes: - # Note: Raft traffic bypasses SNI gateway - RQLite uses native TLS on port 7002 - ipfs.{{.Domain}}: "localhost:4101" - ipfs-cluster.{{.Domain}}: "localhost:9098" - olric.{{.Domain}}: "localhost:3322" - {{end}} + # SNI gateway disabled - Caddy handles TLS termination for external traffic + # Internal service-to-service communication uses plain TCP # Full gateway configuration (for API, auth, pubsub, and internal service routing) client_namespace: "default" rqlite_dsn: "http://localhost:{{.RQLiteHTTPPort}}" olric_servers: +{{- if .WGIP}} + - "{{.WGIP}}:3320" +{{- else}} - "127.0.0.1:3320" +{{- end}} olric_timeout: "10s" ipfs_cluster_api_url: "http://localhost:{{.ClusterAPIPort}}" ipfs_api_url: "http://localhost:{{.IPFSAPIPort}}" diff --git a/pkg/environments/templates/olric.yaml b/pkg/environments/templates/olric.yaml index c1d00cc..57f15c7 100644 --- a/pkg/environments/templates/olric.yaml +++ b/pkg/environments/templates/olric.yaml @@ -1,8 +1,17 @@ server: bindAddr: "{{.ServerBindAddr}}" - bindPort: { { .HTTPPort } } + bindPort: {{.HTTPPort}} memberlist: - environment: { { .MemberlistEnvironment } } + environment: {{.MemberlistEnvironment}} bindAddr: "{{.MemberlistBindAddr}}" - bindPort: { { .MemberlistPort } } + bindPort: {{.MemberlistPort}} +{{- if .MemberlistAdvertiseAddr}} + advertiseAddr: "{{.MemberlistAdvertiseAddr}}" +{{- end}} +{{- if .Peers}} + peers: +{{- range .Peers}} + - "{{.}}" +{{- end}} +{{- end}} diff --git a/pkg/environments/templates/render.go b/pkg/environments/templates/render.go index 0ee2209..9f4b9c3 100644 --- a/pkg/environments/templates/render.go +++ b/pkg/environments/templates/render.go @@ -27,10 +27,12 @@ type NodeConfigData struct { RaftAdvAddress string // Advertised Raft address (IP:port or domain:port for SNI) UnifiedGatewayPort int // Unified gateway port for all node services Domain string // Domain for this node (e.g., node-123.orama.network) + BaseDomain string // Base domain for deployment routing (e.g., dbrs.space) EnableHTTPS bool // Enable HTTPS/TLS with ACME TLSCacheDir string // Directory for ACME certificate cache HTTPPort int // HTTP port for ACME challenges (usually 80) HTTPSPort int // HTTPS port (usually 443) + WGIP string // WireGuard IP address (e.g., 10.0.0.1) // Node-to-node TLS encryption for RQLite Raft communication // Required when using SNI gateway for Raft traffic routing @@ -55,11 +57,13 @@ type GatewayConfigData struct { // OlricConfigData holds parameters for olric.yaml rendering type OlricConfigData struct { - ServerBindAddr string // HTTP API bind address (127.0.0.1 for security) - HTTPPort int - MemberlistBindAddr string // Memberlist bind address (0.0.0.0 for clustering) - MemberlistPort int - MemberlistEnvironment string // "local", "lan", or "wan" + ServerBindAddr string // HTTP API bind address (127.0.0.1 for security) + HTTPPort int + MemberlistBindAddr string // Memberlist bind address (WG IP for clustering) + MemberlistPort int + MemberlistEnvironment string // "local", "lan", or "wan" + MemberlistAdvertiseAddr string // Advertise address (WG IP) so other nodes can reach us + Peers []string // Seed peers for memberlist (host:port) } // SystemdIPFSData holds parameters for systemd IPFS service rendering diff --git a/pkg/gateway/acme_handler.go b/pkg/gateway/acme_handler.go new file mode 100644 index 0000000..7bb3ef3 --- /dev/null +++ b/pkg/gateway/acme_handler.go @@ -0,0 +1,132 @@ +package gateway + +import ( + "encoding/json" + "net/http" + "strings" + "time" + + "github.com/DeBrosOfficial/network/pkg/client" + "go.uber.org/zap" +) + +// ACMERequest represents the request body for ACME DNS-01 challenges +// from the lego httpreq provider +type ACMERequest struct { + FQDN string `json:"fqdn"` // e.g., "_acme-challenge.example.com." + Value string `json:"value"` // The challenge token +} + +// acmePresentHandler handles DNS-01 challenge presentation +// POST /v1/internal/acme/present +// Creates a TXT record in the dns_records table for ACME validation +func (g *Gateway) acmePresentHandler(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) + return + } + + var req ACMERequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + g.logger.Error("Failed to decode ACME present request", zap.Error(err)) + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + if req.FQDN == "" || req.Value == "" { + http.Error(w, "fqdn and value are required", http.StatusBadRequest) + return + } + + // Normalize FQDN (ensure trailing dot for DNS format) + fqdn := strings.TrimSuffix(req.FQDN, ".") + fqdn = strings.ToLower(fqdn) + "." // Add trailing dot for DNS format + + g.logger.Info("ACME DNS-01 challenge: presenting TXT record", + zap.String("fqdn", fqdn), + zap.String("value_prefix", req.Value[:min(10, len(req.Value))]+"..."), + ) + + // Insert TXT record into dns_records + db := g.client.Database() + ctx := client.WithInternalAuth(r.Context()) + + // Insert new TXT record (multiple nodes may have concurrent challenges for the same FQDN) + // ON CONFLICT DO NOTHING: the UNIQUE(fqdn, record_type, value) constraint prevents duplicates + insertQuery := `INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, is_active, created_at, updated_at, created_by) + VALUES (?, 'TXT', ?, 60, 'acme', TRUE, datetime('now'), datetime('now'), 'system') + ON CONFLICT(fqdn, record_type, value) DO NOTHING` + + _, err := db.Query(ctx, insertQuery, fqdn, req.Value) + if err != nil { + g.logger.Error("Failed to insert ACME TXT record", zap.Error(err)) + http.Error(w, "Failed to create DNS record", http.StatusInternalServerError) + return + } + + g.logger.Info("ACME TXT record created", + zap.String("fqdn", fqdn), + ) + + // Give DNS a moment to propagate (CoreDNS reads from RQLite) + time.Sleep(100 * time.Millisecond) + + w.WriteHeader(http.StatusOK) +} + +// acmeCleanupHandler handles DNS-01 challenge cleanup +// POST /v1/internal/acme/cleanup +// Removes the TXT record after ACME validation completes +func (g *Gateway) acmeCleanupHandler(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) + return + } + + var req ACMERequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + g.logger.Error("Failed to decode ACME cleanup request", zap.Error(err)) + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + if req.FQDN == "" { + http.Error(w, "fqdn is required", http.StatusBadRequest) + return + } + + // Normalize FQDN (ensure trailing dot for DNS format) + fqdn := strings.TrimSuffix(req.FQDN, ".") + fqdn = strings.ToLower(fqdn) + "." // Add trailing dot for DNS format + + g.logger.Info("ACME DNS-01 challenge: cleaning up TXT record", + zap.String("fqdn", fqdn), + ) + + // Delete TXT record from dns_records + db := g.client.Database() + ctx := client.WithInternalAuth(r.Context()) + + // Only delete this node's specific challenge value, not all ACME TXT records for this FQDN + deleteQuery := `DELETE FROM dns_records WHERE fqdn = ? AND record_type = 'TXT' AND namespace = 'acme' AND value = ?` + _, err := db.Query(ctx, deleteQuery, fqdn, req.Value) + if err != nil { + g.logger.Error("Failed to delete ACME TXT record", zap.Error(err)) + http.Error(w, "Failed to delete DNS record", http.StatusInternalServerError) + return + } + + g.logger.Info("ACME TXT record deleted", + zap.String("fqdn", fqdn), + ) + + w.WriteHeader(http.StatusOK) +} + +// min returns the smaller of two integers +func min(a, b int) int { + if a < b { + return a + } + return b +} diff --git a/pkg/gateway/config.go b/pkg/gateway/config.go index b983932..9384513 100644 --- a/pkg/gateway/config.go +++ b/pkg/gateway/config.go @@ -13,19 +13,32 @@ type Config struct { // If empty, defaults to "http://localhost:4001". RQLiteDSN string + // Global RQLite DSN for API key validation (for namespace gateways) + // If empty, uses RQLiteDSN (for main/global gateways) + GlobalRQLiteDSN string + // HTTPS configuration EnableHTTPS bool // Enable HTTPS with ACME (Let's Encrypt) DomainName string // Domain name for HTTPS certificate TLSCacheDir string // Directory to cache TLS certificates (default: ~/.orama/tls-cache) + // Domain routing configuration + BaseDomain string // Base domain for deployment routing. Set via node config http_gateway.base_domain. Defaults to "dbrs.space" + + // Data directory configuration + DataDir string // Base directory for node-local data (SQLite databases, deployments). Defaults to ~/.orama + // Olric cache configuration OlricServers []string // List of Olric server addresses (e.g., ["localhost:3320"]). If empty, defaults to ["localhost:3320"] OlricTimeout time.Duration // Timeout for Olric operations (default: 10s) // IPFS Cluster configuration IPFSClusterAPIURL string // IPFS Cluster HTTP API URL (e.g., "http://localhost:9094"). If empty, gateway will discover from node configs - IPFSAPIURL string // IPFS HTTP API URL for content retrieval (e.g., "http://localhost:5001"). If empty, gateway will discover from node configs + IPFSAPIURL string // IPFS HTTP API URL for content retrieval (e.g., "http://localhost:4501"). If empty, gateway will discover from node configs IPFSTimeout time.Duration // Timeout for IPFS operations (default: 60s) IPFSReplicationFactor int // Replication factor for pins (default: 3) IPFSEnableEncryption bool // Enable client-side encryption before upload (default: true, discovered from node configs) + + // WireGuard mesh configuration + ClusterSecret string // Cluster secret for authenticating internal WireGuard peer exchange } diff --git a/pkg/gateway/dependencies.go b/pkg/gateway/dependencies.go index 8800b6d..ba35f96 100644 --- a/pkg/gateway/dependencies.go +++ b/pkg/gateway/dependencies.go @@ -14,6 +14,7 @@ import ( "strings" "time" + "github.com/DeBrosOfficial/network/migrations" "github.com/DeBrosOfficial/network/pkg/client" "github.com/DeBrosOfficial/network/pkg/config" "github.com/DeBrosOfficial/network/pkg/gateway/auth" @@ -126,6 +127,11 @@ func initializeRQLite(logger *logging.ColoredLogger, cfg *Config, deps *Dependen dsn = "http://localhost:5001" } + if strings.Contains(dsn, "?") { + dsn += "&disableClusterDiscovery=true&level=none" + } else { + dsn += "?disableClusterDiscovery=true&level=none" + } db, err := sql.Open("rqlite", dsn) if err != nil { return fmt.Errorf("failed to open rqlite sql db: %w", err) @@ -150,6 +156,18 @@ func initializeRQLite(logger *logging.ColoredLogger, cfg *Config, deps *Dependen zap.Duration("timeout", deps.ORMHTTP.Timeout), ) + // Apply embedded migrations to ensure schema is up-to-date. + // This is critical for namespace gateways whose RQLite instances + // don't get migrations from the main cluster RQLiteManager. + migCtx, migCancel := context.WithTimeout(context.Background(), 30*time.Second) + defer migCancel() + if err := rqlite.ApplyEmbeddedMigrations(migCtx, db, migrations.FS, logger.Logger); err != nil { + logger.ComponentWarn(logging.ComponentGeneral, "Failed to apply embedded migrations to gateway RQLite", + zap.Error(err)) + } else { + logger.ComponentInfo(logging.ComponentGeneral, "Embedded migrations applied to gateway RQLite") + } + return nil } @@ -283,6 +301,7 @@ func initializeIPFS(logger *logging.ColoredLogger, cfg *Config, deps *Dependenci ipfsCfg := ipfs.Config{ ClusterAPIURL: ipfsClusterURL, + IPFSAPIURL: ipfsAPIURL, Timeout: ipfsTimeout, } diff --git a/pkg/gateway/gateway.go b/pkg/gateway/gateway.go index fce6bac..8b59c4d 100644 --- a/pkg/gateway/gateway.go +++ b/pkg/gateway/gateway.go @@ -8,21 +8,36 @@ package gateway import ( "context" "database/sql" + "encoding/json" + "fmt" + "net/http" + "path/filepath" + "reflect" + "strconv" + "strings" "sync" "time" "github.com/DeBrosOfficial/network/pkg/client" + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/deployments/health" + "github.com/DeBrosOfficial/network/pkg/deployments/process" "github.com/DeBrosOfficial/network/pkg/gateway/auth" authhandlers "github.com/DeBrosOfficial/network/pkg/gateway/handlers/auth" "github.com/DeBrosOfficial/network/pkg/gateway/handlers/cache" + deploymentshandlers "github.com/DeBrosOfficial/network/pkg/gateway/handlers/deployments" pubsubhandlers "github.com/DeBrosOfficial/network/pkg/gateway/handlers/pubsub" serverlesshandlers "github.com/DeBrosOfficial/network/pkg/gateway/handlers/serverless" + joinhandlers "github.com/DeBrosOfficial/network/pkg/gateway/handlers/join" + wireguardhandlers "github.com/DeBrosOfficial/network/pkg/gateway/handlers/wireguard" + sqlitehandlers "github.com/DeBrosOfficial/network/pkg/gateway/handlers/sqlite" "github.com/DeBrosOfficial/network/pkg/gateway/handlers/storage" "github.com/DeBrosOfficial/network/pkg/ipfs" "github.com/DeBrosOfficial/network/pkg/logging" "github.com/DeBrosOfficial/network/pkg/olric" "github.com/DeBrosOfficial/network/pkg/rqlite" "github.com/DeBrosOfficial/network/pkg/serverless" + _ "github.com/mattn/go-sqlite3" "go.uber.org/zap" ) @@ -39,6 +54,9 @@ type Gateway struct { ormClient rqlite.Client ormHTTP *rqlite.HTTPGateway + // Global RQLite client for API key validation (namespace gateways only) + authClient client.NetworkClient + // Olric cache client olricClient *olric.Client olricMu sync.RWMutex @@ -65,6 +83,54 @@ type Gateway struct { // Authentication service authService *auth.Service authHandlers *authhandlers.Handlers + + // Deployment system + deploymentService *deploymentshandlers.DeploymentService + staticHandler *deploymentshandlers.StaticDeploymentHandler + nextjsHandler *deploymentshandlers.NextJSHandler + goHandler *deploymentshandlers.GoHandler + nodejsHandler *deploymentshandlers.NodeJSHandler + listHandler *deploymentshandlers.ListHandler + updateHandler *deploymentshandlers.UpdateHandler + rollbackHandler *deploymentshandlers.RollbackHandler + logsHandler *deploymentshandlers.LogsHandler + statsHandler *deploymentshandlers.StatsHandler + domainHandler *deploymentshandlers.DomainHandler + sqliteHandler *sqlitehandlers.SQLiteHandler + sqliteBackupHandler *sqlitehandlers.BackupHandler + replicaHandler *deploymentshandlers.ReplicaHandler + portAllocator *deployments.PortAllocator + homeNodeManager *deployments.HomeNodeManager + replicaManager *deployments.ReplicaManager + processManager *process.Manager + healthChecker *health.HealthChecker + + // Middleware cache for auth/routing lookups (eliminates redundant DB queries) + mwCache *middlewareCache + + // Request log batcher (aggregates writes instead of per-request inserts) + logBatcher *requestLogBatcher + + // Rate limiter + rateLimiter *RateLimiter + + // WireGuard peer exchange + wireguardHandler *wireguardhandlers.Handler + + // Node join handler + joinHandler *joinhandlers.Handler + + // Cluster provisioning for namespace clusters + clusterProvisioner authhandlers.ClusterProvisioner + + // Namespace instance spawn handler (for distributed provisioning) + spawnHandler http.Handler + + // Namespace delete handler + namespaceDeleteHandler http.Handler + + // Peer discovery for namespace gateways (libp2p mesh formation) + peerDiscovery *PeerDiscovery } // localSubscriber represents a WebSocket subscriber for local message delivery @@ -112,6 +178,45 @@ func (a *authDatabaseAdapter) Query(ctx context.Context, sql string, args ...int }, nil } +// deploymentDatabaseAdapter adapts rqlite.Client to database.Database +type deploymentDatabaseAdapter struct { + client rqlite.Client +} + +func (a *deploymentDatabaseAdapter) Query(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + return a.client.Query(ctx, dest, query, args...) +} + +func (a *deploymentDatabaseAdapter) QueryOne(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + // Query expects a slice, so we need to query into a slice and check length + // Get the type of dest and create a slice of that type + destType := reflect.TypeOf(dest).Elem() + sliceType := reflect.SliceOf(destType) + slice := reflect.New(sliceType).Interface() + + // Execute query into slice + if err := a.client.Query(ctx, slice, query, args...); err != nil { + return err + } + + // Check that we got exactly one result + sliceVal := reflect.ValueOf(slice).Elem() + if sliceVal.Len() == 0 { + return fmt.Errorf("no rows found") + } + if sliceVal.Len() > 1 { + return fmt.Errorf("expected 1 row, got %d", sliceVal.Len()) + } + + // Copy the first element to dest + reflect.ValueOf(dest).Elem().Set(sliceVal.Index(0)) + return nil +} + +func (a *deploymentDatabaseAdapter) Exec(ctx context.Context, query string, args ...interface{}) (interface{}, error) { + return a.client.Exec(ctx, query, args...) +} + // New creates and initializes a new Gateway instance. // It establishes all necessary service connections and dependencies. func New(logger *logging.ColoredLogger, cfg *Config) (*Gateway, error) { @@ -146,6 +251,33 @@ func New(logger *logging.ColoredLogger, cfg *Config) (*Gateway, error) { presenceMembers: make(map[string][]PresenceMember), } + // Create separate auth client for global RQLite if GlobalRQLiteDSN is provided + // This allows namespace gateways to validate API keys against the global database + if cfg.GlobalRQLiteDSN != "" && cfg.GlobalRQLiteDSN != cfg.RQLiteDSN { + logger.ComponentInfo(logging.ComponentGeneral, "Creating global auth client...", + zap.String("global_dsn", cfg.GlobalRQLiteDSN), + ) + + // Create client config for global namespace + authCfg := client.DefaultClientConfig("default") // Use "default" namespace for global + authCfg.DatabaseEndpoints = []string{cfg.GlobalRQLiteDSN} + if len(cfg.BootstrapPeers) > 0 { + authCfg.BootstrapPeers = cfg.BootstrapPeers + } + + authClient, err := client.NewClient(authCfg) + if err != nil { + logger.ComponentWarn(logging.ComponentGeneral, "Failed to create global auth client", zap.Error(err)) + } else { + if err := authClient.Connect(); err != nil { + logger.ComponentWarn(logging.ComponentGeneral, "Failed to connect global auth client", zap.Error(err)) + } else { + gw.authClient = authClient + logger.ComponentInfo(logging.ComponentGeneral, "Global auth client connected") + } + } + } + // Initialize handler instances gw.pubsubHandlers = pubsubhandlers.NewPubSubHandlers(deps.Client, logger) @@ -157,7 +289,7 @@ func New(logger *logging.ColoredLogger, cfg *Config) (*Gateway, error) { gw.storageHandlers = storage.New(deps.IPFSClient, logger, storage.Config{ IPFSReplicationFactor: cfg.IPFSReplicationFactor, IPFSAPIURL: cfg.IPFSAPIURL, - }) + }, deps.ORMClient) } if deps.AuthService != nil { @@ -172,6 +304,157 @@ func New(logger *logging.ColoredLogger, cfg *Config) (*Gateway, error) { ) } + // Initialize middleware cache (60s TTL for auth/routing lookups) + gw.mwCache = newMiddlewareCache(60 * time.Second) + + // Initialize request log batcher (flush every 5 seconds) + gw.logBatcher = newRequestLogBatcher(gw, 5*time.Second, 100) + + // Initialize rate limiter (10000 req/min, burst 5000) + gw.rateLimiter = NewRateLimiter(10000, 5000) + gw.rateLimiter.StartCleanup(5*time.Minute, 10*time.Minute) + + // Initialize WireGuard peer exchange handler + if deps.ORMClient != nil { + gw.wireguardHandler = wireguardhandlers.NewHandler(logger.Logger, deps.ORMClient, cfg.ClusterSecret) + gw.joinHandler = joinhandlers.NewHandler(logger.Logger, deps.ORMClient, cfg.DataDir) + } + + // Initialize deployment system + if deps.ORMClient != nil && deps.IPFSClient != nil { + // Convert rqlite.Client to database.Database interface for health checker + dbAdapter := &deploymentDatabaseAdapter{client: deps.ORMClient} + + // Create deployment service components + gw.portAllocator = deployments.NewPortAllocator(deps.ORMClient, logger.Logger) + gw.homeNodeManager = deployments.NewHomeNodeManager(deps.ORMClient, gw.portAllocator, logger.Logger) + gw.replicaManager = deployments.NewReplicaManager(deps.ORMClient, gw.homeNodeManager, gw.portAllocator, logger.Logger) + gw.processManager = process.NewManager(logger.Logger) + + // Create deployment service + gw.deploymentService = deploymentshandlers.NewDeploymentService( + deps.ORMClient, + gw.homeNodeManager, + gw.portAllocator, + gw.replicaManager, + logger.Logger, + ) + // Set base domain from config + if gw.cfg.BaseDomain != "" { + gw.deploymentService.SetBaseDomain(gw.cfg.BaseDomain) + } + // Set node peer ID so deployments run on the node that receives the request + if gw.cfg.NodePeerID != "" { + gw.deploymentService.SetNodePeerID(gw.cfg.NodePeerID) + } + + // Create deployment handlers + gw.staticHandler = deploymentshandlers.NewStaticDeploymentHandler( + gw.deploymentService, + deps.IPFSClient, + logger.Logger, + ) + + // Determine base deploy path from config + baseDeployPath := filepath.Join(cfg.DataDir, "deployments") + if cfg.DataDir == "" { + baseDeployPath = "" // Let handlers use default + } + + gw.nextjsHandler = deploymentshandlers.NewNextJSHandler( + gw.deploymentService, + gw.processManager, + deps.IPFSClient, + logger.Logger, + baseDeployPath, + ) + + gw.goHandler = deploymentshandlers.NewGoHandler( + gw.deploymentService, + gw.processManager, + deps.IPFSClient, + logger.Logger, + baseDeployPath, + ) + + gw.nodejsHandler = deploymentshandlers.NewNodeJSHandler( + gw.deploymentService, + gw.processManager, + deps.IPFSClient, + logger.Logger, + baseDeployPath, + ) + + gw.listHandler = deploymentshandlers.NewListHandler( + gw.deploymentService, + gw.processManager, + deps.IPFSClient, + logger.Logger, + baseDeployPath, + ) + + gw.updateHandler = deploymentshandlers.NewUpdateHandler( + gw.deploymentService, + gw.staticHandler, + gw.nextjsHandler, + gw.processManager, + logger.Logger, + ) + + gw.rollbackHandler = deploymentshandlers.NewRollbackHandler( + gw.deploymentService, + gw.updateHandler, + logger.Logger, + ) + + gw.replicaHandler = deploymentshandlers.NewReplicaHandler( + gw.deploymentService, + gw.processManager, + deps.IPFSClient, + logger.Logger, + baseDeployPath, + ) + + gw.logsHandler = deploymentshandlers.NewLogsHandler( + gw.deploymentService, + gw.processManager, + logger.Logger, + ) + + gw.statsHandler = deploymentshandlers.NewStatsHandler( + gw.deploymentService, + gw.processManager, + logger.Logger, + baseDeployPath, + ) + + gw.domainHandler = deploymentshandlers.NewDomainHandler( + gw.deploymentService, + logger.Logger, + ) + + // SQLite handlers + gw.sqliteHandler = sqlitehandlers.NewSQLiteHandler( + deps.ORMClient, + gw.homeNodeManager, + logger.Logger, + cfg.DataDir, + cfg.NodePeerID, + ) + + gw.sqliteBackupHandler = sqlitehandlers.NewBackupHandler( + gw.sqliteHandler, + deps.IPFSClient, + logger.Logger, + ) + + // Start health checker + gw.healthChecker = health.NewHealthChecker(dbAdapter, logger.Logger) + go gw.healthChecker.Start(context.Background()) + + logger.ComponentInfo(logging.ComponentGeneral, "Deployment system initialized") + } + // Start background Olric reconnection if initial connection failed if deps.OlricClient == nil { olricCfg := olric.Config{ @@ -184,6 +467,51 @@ func New(logger *logging.ColoredLogger, cfg *Config) (*Gateway, error) { gw.startOlricReconnectLoop(olricCfg) } + // Initialize peer discovery for namespace gateways + // This allows the 3 namespace gateway instances to discover each other + if cfg.ClientNamespace != "" && cfg.ClientNamespace != "default" && deps.Client != nil { + logger.ComponentInfo(logging.ComponentGeneral, "Initializing peer discovery for namespace gateway...", + zap.String("namespace", cfg.ClientNamespace)) + + // Get libp2p host from client + host := deps.Client.Host() + if host != nil { + // Parse listen port from ListenAddr (format: ":port" or "addr:port") + listenPort := 0 + if cfg.ListenAddr != "" { + parts := strings.Split(cfg.ListenAddr, ":") + if len(parts) > 0 { + portStr := parts[len(parts)-1] + if p, err := strconv.Atoi(portStr); err == nil { + listenPort = p + } + } + } + + // Create peer discovery manager + gw.peerDiscovery = NewPeerDiscovery( + host, + deps.SQLDB, + cfg.NodePeerID, + listenPort, + cfg.ClientNamespace, + logger.Logger, + ) + + // Start peer discovery + ctx := context.Background() + if err := gw.peerDiscovery.Start(ctx); err != nil { + logger.ComponentWarn(logging.ComponentGeneral, "Failed to start peer discovery", + zap.Error(err)) + } else { + logger.ComponentInfo(logging.ComponentGeneral, "Peer discovery started successfully", + zap.String("namespace", cfg.ClientNamespace)) + } + } else { + logger.ComponentWarn(logging.ComponentGeneral, "Cannot initialize peer discovery: libp2p host not available") + } + } + logger.ComponentInfo(logging.ComponentGeneral, "Gateway creation completed") return gw, nil } @@ -197,6 +525,30 @@ func (g *Gateway) getLocalSubscribers(topic, namespace string) []*localSubscribe return nil } +// SetClusterProvisioner sets the cluster provisioner for namespace cluster management. +// This enables automatic RQLite/Olric/Gateway cluster provisioning when new namespaces are created. +func (g *Gateway) SetClusterProvisioner(cp authhandlers.ClusterProvisioner) { + g.clusterProvisioner = cp + if g.authHandlers != nil { + g.authHandlers.SetClusterProvisioner(cp) + } +} + +// SetSpawnHandler sets the handler for internal namespace spawn/stop requests. +func (g *Gateway) SetSpawnHandler(h http.Handler) { + g.spawnHandler = h +} + +// SetNamespaceDeleteHandler sets the handler for namespace deletion requests. +func (g *Gateway) SetNamespaceDeleteHandler(h http.Handler) { + g.namespaceDeleteHandler = h +} + +// GetORMClient returns the RQLite ORM client for external use (e.g., by ClusterManager) +func (g *Gateway) GetORMClient() rqlite.Client { + return g.ormClient +} + // setOlricClient atomically sets the Olric client and reinitializes cache handlers. func (g *Gateway) setOlricClient(client *olric.Client) { g.olricMu.Lock() @@ -246,3 +598,103 @@ func (g *Gateway) startOlricReconnectLoop(cfg olric.Config) { }() } +// Cache handler wrappers - these check cacheHandlers dynamically to support +// background Olric reconnection. Without these, cache routes won't work if +// Olric wasn't available at gateway startup but connected later. + +func (g *Gateway) cacheHealthHandler(w http.ResponseWriter, r *http.Request) { + g.olricMu.RLock() + handlers := g.cacheHandlers + g.olricMu.RUnlock() + if handlers == nil { + writeError(w, http.StatusServiceUnavailable, "cache service unavailable") + return + } + handlers.HealthHandler(w, r) +} + +func (g *Gateway) cacheGetHandler(w http.ResponseWriter, r *http.Request) { + g.olricMu.RLock() + handlers := g.cacheHandlers + g.olricMu.RUnlock() + if handlers == nil { + writeError(w, http.StatusServiceUnavailable, "cache service unavailable") + return + } + handlers.GetHandler(w, r) +} + +func (g *Gateway) cacheMGetHandler(w http.ResponseWriter, r *http.Request) { + g.olricMu.RLock() + handlers := g.cacheHandlers + g.olricMu.RUnlock() + if handlers == nil { + writeError(w, http.StatusServiceUnavailable, "cache service unavailable") + return + } + handlers.MultiGetHandler(w, r) +} + +func (g *Gateway) cachePutHandler(w http.ResponseWriter, r *http.Request) { + g.olricMu.RLock() + handlers := g.cacheHandlers + g.olricMu.RUnlock() + if handlers == nil { + writeError(w, http.StatusServiceUnavailable, "cache service unavailable") + return + } + handlers.SetHandler(w, r) +} + +func (g *Gateway) cacheDeleteHandler(w http.ResponseWriter, r *http.Request) { + g.olricMu.RLock() + handlers := g.cacheHandlers + g.olricMu.RUnlock() + if handlers == nil { + writeError(w, http.StatusServiceUnavailable, "cache service unavailable") + return + } + handlers.DeleteHandler(w, r) +} + +func (g *Gateway) cacheScanHandler(w http.ResponseWriter, r *http.Request) { + g.olricMu.RLock() + handlers := g.cacheHandlers + g.olricMu.RUnlock() + if handlers == nil { + writeError(w, http.StatusServiceUnavailable, "cache service unavailable") + return + } + handlers.ScanHandler(w, r) +} + +// namespaceClusterStatusHandler handles GET /v1/namespace/status?id={cluster_id} +// This endpoint is public (no API key required) to allow polling during provisioning. +func (g *Gateway) namespaceClusterStatusHandler(w http.ResponseWriter, r *http.Request) { + if r.Method != "GET" { + writeError(w, http.StatusMethodNotAllowed, "method not allowed") + return + } + + clusterID := r.URL.Query().Get("id") + if clusterID == "" { + writeError(w, http.StatusBadRequest, "cluster_id parameter required") + return + } + + if g.clusterProvisioner == nil { + writeError(w, http.StatusServiceUnavailable, "cluster provisioning not enabled") + return + } + + status, err := g.clusterProvisioner.GetClusterStatusByID(r.Context(), clusterID) + if err != nil { + writeError(w, http.StatusNotFound, "cluster not found") + return + } + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusOK) + json.NewEncoder(w).Encode(status) +} + diff --git a/pkg/gateway/handlers/auth/apikey_handler.go b/pkg/gateway/handlers/auth/apikey_handler.go index c2e1c0c..ed434f8 100644 --- a/pkg/gateway/handlers/auth/apikey_handler.go +++ b/pkg/gateway/handlers/auth/apikey_handler.go @@ -9,10 +9,12 @@ import ( // IssueAPIKeyHandler issues an API key after signature verification. // Similar to VerifyHandler but only returns the API key without JWT tokens. +// For non-default namespaces, may trigger cluster provisioning and return 202 Accepted. // // POST /v1/auth/api-key // Request body: APIKeyRequest // Response: { "api_key", "namespace", "plan", "wallet" } +// Or 202 Accepted: { "status": "provisioning", "cluster_id", "poll_url" } func (h *Handlers) IssueAPIKeyHandler(w http.ResponseWriter, r *http.Request) { if h.authService == nil { writeError(w, http.StatusServiceUnavailable, "auth service not initialized") @@ -44,6 +46,56 @@ func (h *Handlers) IssueAPIKeyHandler(w http.ResponseWriter, r *http.Request) { nsID, _ := h.resolveNamespace(ctx, req.Namespace) h.markNonceUsed(ctx, nsID, strings.ToLower(req.Wallet), req.Nonce) + // Check if namespace cluster provisioning is needed (for non-default namespaces) + namespace := strings.TrimSpace(req.Namespace) + if namespace == "" { + namespace = "default" + } + + if h.clusterProvisioner != nil && namespace != "default" { + clusterID, status, needsProvisioning, err := h.clusterProvisioner.CheckNamespaceCluster(ctx, namespace) + if err != nil { + // Log but don't fail - cluster provisioning is optional (error may just mean no cluster yet) + _ = err + } else if needsProvisioning { + // Trigger provisioning for new namespace + nsIDInt := 0 + if id, ok := nsID.(int); ok { + nsIDInt = id + } else if id, ok := nsID.(int64); ok { + nsIDInt = int(id) + } else if id, ok := nsID.(float64); ok { + nsIDInt = int(id) + } + + newClusterID, pollURL, provErr := h.clusterProvisioner.ProvisionNamespaceCluster(ctx, nsIDInt, namespace, req.Wallet) + if provErr != nil { + writeError(w, http.StatusInternalServerError, "failed to start cluster provisioning") + return + } + + writeJSON(w, http.StatusAccepted, map[string]any{ + "status": "provisioning", + "cluster_id": newClusterID, + "poll_url": pollURL, + "estimated_time_seconds": 60, + "message": "Namespace cluster is being provisioned. Poll the status URL for updates.", + }) + return + } else if status == "provisioning" { + // Already provisioning, return poll URL + writeJSON(w, http.StatusAccepted, map[string]any{ + "status": "provisioning", + "cluster_id": clusterID, + "poll_url": "/v1/namespace/status?id=" + clusterID, + "estimated_time_seconds": 60, + "message": "Namespace cluster is being provisioned. Poll the status URL for updates.", + }) + return + } + // If status is "ready" or "default", proceed with API key generation + } + apiKey, err := h.authService.GetOrCreateAPIKey(ctx, req.Wallet, req.Namespace) if err != nil { writeError(w, http.StatusInternalServerError, err.Error()) @@ -89,7 +141,59 @@ func (h *Handlers) SimpleAPIKeyHandler(w http.ResponseWriter, r *http.Request) { return } - apiKey, err := h.authService.GetOrCreateAPIKey(r.Context(), req.Wallet, req.Namespace) + // Check if namespace cluster provisioning is needed (for non-default namespaces) + namespace := strings.TrimSpace(req.Namespace) + if namespace == "" { + namespace = "default" + } + + ctx := r.Context() + if h.clusterProvisioner != nil && namespace != "default" { + clusterID, status, needsProvisioning, err := h.clusterProvisioner.CheckNamespaceCluster(ctx, namespace) + if err != nil { + // Log but don't fail - cluster provisioning is optional + _ = err + } else if needsProvisioning { + // Trigger provisioning for new namespace + nsID, _ := h.resolveNamespace(ctx, namespace) + nsIDInt := 0 + if id, ok := nsID.(int); ok { + nsIDInt = id + } else if id, ok := nsID.(int64); ok { + nsIDInt = int(id) + } else if id, ok := nsID.(float64); ok { + nsIDInt = int(id) + } + + newClusterID, pollURL, provErr := h.clusterProvisioner.ProvisionNamespaceCluster(ctx, nsIDInt, namespace, req.Wallet) + if provErr != nil { + writeError(w, http.StatusInternalServerError, "failed to start cluster provisioning") + return + } + + writeJSON(w, http.StatusAccepted, map[string]any{ + "status": "provisioning", + "cluster_id": newClusterID, + "poll_url": pollURL, + "estimated_time_seconds": 60, + "message": "Namespace cluster is being provisioned. Poll the status URL for updates.", + }) + return + } else if status == "provisioning" { + // Already provisioning, return poll URL + writeJSON(w, http.StatusAccepted, map[string]any{ + "status": "provisioning", + "cluster_id": clusterID, + "poll_url": "/v1/namespace/status?id=" + clusterID, + "estimated_time_seconds": 60, + "message": "Namespace cluster is being provisioned. Poll the status URL for updates.", + }) + return + } + // If status is "ready" or "default", proceed with API key generation + } + + apiKey, err := h.authService.GetOrCreateAPIKey(ctx, req.Wallet, req.Namespace) if err != nil { writeError(w, http.StatusInternalServerError, err.Error()) return diff --git a/pkg/gateway/handlers/auth/handlers.go b/pkg/gateway/handlers/auth/handlers.go index 455f0be..b1589d9 100644 --- a/pkg/gateway/handlers/auth/handlers.go +++ b/pkg/gateway/handlers/auth/handlers.go @@ -35,13 +35,27 @@ type QueryResult struct { Rows []interface{} `json:"rows"` } +// ClusterProvisioner defines the interface for namespace cluster provisioning +type ClusterProvisioner interface { + // CheckNamespaceCluster checks if a namespace has a cluster and returns its status + // Returns: (clusterID, status, needsProvisioning, error) + CheckNamespaceCluster(ctx context.Context, namespaceName string) (string, string, bool, error) + // ProvisionNamespaceCluster triggers provisioning for a new namespace + // Returns: (clusterID, pollURL, error) + ProvisionNamespaceCluster(ctx context.Context, namespaceID int, namespaceName, wallet string) (string, string, error) + // GetClusterStatusByID returns the full status of a cluster by ID + // Returns a map[string]interface{} with cluster status fields + GetClusterStatusByID(ctx context.Context, clusterID string) (interface{}, error) +} + // Handlers holds dependencies for authentication HTTP handlers type Handlers struct { - logger *logging.ColoredLogger - authService *authsvc.Service - netClient NetworkClient - defaultNS string - internalAuthFn func(context.Context) context.Context + logger *logging.ColoredLogger + authService *authsvc.Service + netClient NetworkClient + defaultNS string + internalAuthFn func(context.Context) context.Context + clusterProvisioner ClusterProvisioner // Optional: for namespace cluster provisioning } // NewHandlers creates a new authentication handlers instance @@ -61,6 +75,11 @@ func NewHandlers( } } +// SetClusterProvisioner sets the cluster provisioner for namespace cluster management +func (h *Handlers) SetClusterProvisioner(cp ClusterProvisioner) { + h.clusterProvisioner = cp +} + // markNonceUsed marks a nonce as used in the database func (h *Handlers) markNonceUsed(ctx context.Context, namespaceID interface{}, wallet, nonce string) { if h.netClient == nil { diff --git a/pkg/gateway/handlers/cache/delete_handler.go b/pkg/gateway/handlers/cache/delete_handler.go index a0fe5dc..d772d35 100644 --- a/pkg/gateway/handlers/cache/delete_handler.go +++ b/pkg/gateway/handlers/cache/delete_handler.go @@ -55,8 +55,16 @@ func (h *CacheHandlers) DeleteHandler(w http.ResponseWriter, r *http.Request) { ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second) defer cancel() + // Namespace isolation: prefix dmap with namespace + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + writeError(w, http.StatusUnauthorized, "namespace not found in context") + return + } + namespacedDMap := fmt.Sprintf("%s:%s", namespace, req.DMap) + olricCluster := h.olricClient.GetClient() - dm, err := olricCluster.NewDMap(req.DMap) + dm, err := olricCluster.NewDMap(namespacedDMap) if err != nil { writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to create DMap: %v", err)) return diff --git a/pkg/gateway/handlers/cache/get_handler.go b/pkg/gateway/handlers/cache/get_handler.go index 4c3f564..228ef48 100644 --- a/pkg/gateway/handlers/cache/get_handler.go +++ b/pkg/gateway/handlers/cache/get_handler.go @@ -57,8 +57,16 @@ func (h *CacheHandlers) GetHandler(w http.ResponseWriter, r *http.Request) { ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second) defer cancel() + // Namespace isolation: prefix dmap with namespace + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + writeError(w, http.StatusUnauthorized, "namespace not found in context") + return + } + namespacedDMap := fmt.Sprintf("%s:%s", namespace, req.DMap) + olricCluster := h.olricClient.GetClient() - dm, err := olricCluster.NewDMap(req.DMap) + dm, err := olricCluster.NewDMap(namespacedDMap) if err != nil { writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to create DMap: %v", err)) return @@ -146,8 +154,16 @@ func (h *CacheHandlers) MultiGetHandler(w http.ResponseWriter, r *http.Request) ctx, cancel := context.WithTimeout(r.Context(), 30*time.Second) defer cancel() + // Namespace isolation: prefix dmap with namespace + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + writeError(w, http.StatusUnauthorized, "namespace not found in context") + return + } + namespacedDMap := fmt.Sprintf("%s:%s", namespace, req.DMap) + olricCluster := h.olricClient.GetClient() - dm, err := olricCluster.NewDMap(req.DMap) + dm, err := olricCluster.NewDMap(namespacedDMap) if err != nil { writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to create DMap: %v", err)) return diff --git a/pkg/gateway/handlers/cache/list_handler.go b/pkg/gateway/handlers/cache/list_handler.go index 4d0d956..6d85bb3 100644 --- a/pkg/gateway/handlers/cache/list_handler.go +++ b/pkg/gateway/handlers/cache/list_handler.go @@ -54,8 +54,16 @@ func (h *CacheHandlers) ScanHandler(w http.ResponseWriter, r *http.Request) { ctx, cancel := context.WithTimeout(r.Context(), 30*time.Second) defer cancel() + // Namespace isolation: prefix dmap with namespace + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + writeError(w, http.StatusUnauthorized, "namespace not found in context") + return + } + namespacedDMap := fmt.Sprintf("%s:%s", namespace, req.DMap) + olricCluster := h.olricClient.GetClient() - dm, err := olricCluster.NewDMap(req.DMap) + dm, err := olricCluster.NewDMap(namespacedDMap) if err != nil { writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to create DMap: %v", err)) return diff --git a/pkg/gateway/handlers/cache/set_handler.go b/pkg/gateway/handlers/cache/set_handler.go index 4289afe..0e08a0d 100644 --- a/pkg/gateway/handlers/cache/set_handler.go +++ b/pkg/gateway/handlers/cache/set_handler.go @@ -7,8 +7,18 @@ import ( "net/http" "strings" "time" + + "github.com/DeBrosOfficial/network/pkg/gateway/ctxkeys" ) +// getNamespaceFromContext extracts the namespace from the request context +func getNamespaceFromContext(ctx context.Context) string { + if ns, ok := ctx.Value(ctxkeys.NamespaceOverride).(string); ok { + return ns + } + return "" +} + // SetHandler handles cache PUT/SET requests for storing a key-value pair in a distributed map. // It expects a JSON body with "dmap", "key", and "value" fields, and optionally "ttl". // The value can be any JSON-serializable type (string, number, object, array, etc.). @@ -60,8 +70,16 @@ func (h *CacheHandlers) SetHandler(w http.ResponseWriter, r *http.Request) { ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second) defer cancel() + // Namespace isolation: prefix dmap with namespace + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + writeError(w, http.StatusUnauthorized, "namespace not found in context") + return + } + namespacedDMap := fmt.Sprintf("%s:%s", namespace, req.DMap) + olricCluster := h.olricClient.GetClient() - dm, err := olricCluster.NewDMap(req.DMap) + dm, err := olricCluster.NewDMap(namespacedDMap) if err != nil { writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to create DMap: %v", err)) return diff --git a/pkg/gateway/handlers/deployments/domain_handler.go b/pkg/gateway/handlers/deployments/domain_handler.go new file mode 100644 index 0000000..0f13442 --- /dev/null +++ b/pkg/gateway/handlers/deployments/domain_handler.go @@ -0,0 +1,482 @@ +package deployments + +import ( + "context" + "crypto/rand" + "encoding/hex" + "encoding/json" + "fmt" + "net" + "net/http" + "strings" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "go.uber.org/zap" +) + +// DomainHandler handles custom domain management +type DomainHandler struct { + service *DeploymentService + logger *zap.Logger +} + +// NewDomainHandler creates a new domain handler +func NewDomainHandler(service *DeploymentService, logger *zap.Logger) *DomainHandler { + return &DomainHandler{ + service: service, + logger: logger, + } +} + +// HandleAddDomain adds a custom domain to a deployment +func (h *DomainHandler) HandleAddDomain(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + var req struct { + DeploymentName string `json:"deployment_name"` + Domain string `json:"domain"` + } + + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + if req.DeploymentName == "" || req.Domain == "" { + http.Error(w, "deployment_name and domain are required", http.StatusBadRequest) + return + } + + // Normalize domain + domain := strings.ToLower(strings.TrimSpace(req.Domain)) + domain = strings.TrimPrefix(domain, "http://") + domain = strings.TrimPrefix(domain, "https://") + domain = strings.TrimSuffix(domain, "/") + + // Validate domain format + if !isValidDomain(domain) { + http.Error(w, "Invalid domain format", http.StatusBadRequest) + return + } + + // Check if domain is reserved (using configured base domain) + baseDomain := h.service.BaseDomain() + if strings.HasSuffix(domain, "."+baseDomain) { + http.Error(w, fmt.Sprintf("Cannot use .%s domains as custom domains", baseDomain), http.StatusBadRequest) + return + } + + h.logger.Info("Adding custom domain", + zap.String("namespace", namespace), + zap.String("deployment", req.DeploymentName), + zap.String("domain", domain), + ) + + // Get deployment + deployment, err := h.service.GetDeployment(ctx, namespace, req.DeploymentName) + if err != nil { + if err == deployments.ErrDeploymentNotFound { + http.Error(w, "Deployment not found", http.StatusNotFound) + } else { + http.Error(w, "Failed to get deployment", http.StatusInternalServerError) + } + return + } + + // Generate verification token + token := generateVerificationToken() + + // Check if domain already exists + var existingCount int + checkQuery := `SELECT COUNT(*) FROM deployment_domains WHERE domain = ?` + var counts []struct { + Count int `db:"count"` + } + err = h.service.db.Query(ctx, &counts, checkQuery, domain) + if err == nil && len(counts) > 0 { + existingCount = counts[0].Count + } + + if existingCount > 0 { + http.Error(w, "Domain already in use", http.StatusConflict) + return + } + + // Insert domain record + query := ` + INSERT INTO deployment_domains (deployment_id, domain, verification_token, verification_status, created_at) + VALUES (?, ?, ?, 'pending', ?) + ` + + _, err = h.service.db.Exec(ctx, query, deployment.ID, domain, token, time.Now()) + if err != nil { + h.logger.Error("Failed to insert domain", zap.Error(err)) + http.Error(w, "Failed to add domain", http.StatusInternalServerError) + return + } + + h.logger.Info("Custom domain added, awaiting verification", + zap.String("domain", domain), + zap.String("deployment", deployment.Name), + ) + + // Return verification instructions + resp := map[string]interface{}{ + "deployment_name": deployment.Name, + "domain": domain, + "verification_token": token, + "status": "pending", + "instructions": map[string]string{ + "step_1": "Add a TXT record to your DNS:", + "record": fmt.Sprintf("_orama-verify.%s", domain), + "value": token, + "step_2": "Once added, call POST /v1/deployments/domains/verify with the domain", + "step_3": "After verification, point your domain's A record to your deployment's node IP", + }, + "created_at": time.Now(), + } + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusCreated) + json.NewEncoder(w).Encode(resp) +} + +// HandleVerifyDomain verifies domain ownership via TXT record +func (h *DomainHandler) HandleVerifyDomain(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + var req struct { + Domain string `json:"domain"` + } + + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + domain := strings.ToLower(strings.TrimSpace(req.Domain)) + + h.logger.Info("Verifying domain", + zap.String("namespace", namespace), + zap.String("domain", domain), + ) + + // Get domain record + type domainRow struct { + DeploymentID string `db:"deployment_id"` + VerificationToken string `db:"verification_token"` + VerificationStatus string `db:"verification_status"` + } + + var rows []domainRow + query := ` + SELECT dd.deployment_id, dd.verification_token, dd.verification_status + FROM deployment_domains dd + JOIN deployments d ON dd.deployment_id = d.id + WHERE dd.domain = ? AND d.namespace = ? + ` + + err := h.service.db.Query(ctx, &rows, query, domain, namespace) + if err != nil || len(rows) == 0 { + http.Error(w, "Domain not found", http.StatusNotFound) + return + } + + domainRecord := rows[0] + + if domainRecord.VerificationStatus == "verified" { + resp := map[string]interface{}{ + "domain": domain, + "status": "verified", + "message": "Domain already verified", + } + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) + return + } + + // Verify TXT record + txtRecord := fmt.Sprintf("_orama-verify.%s", domain) + verified := h.verifyTXTRecord(txtRecord, domainRecord.VerificationToken) + + if !verified { + http.Error(w, "Verification failed: TXT record not found or doesn't match", http.StatusBadRequest) + return + } + + // Update status + updateQuery := ` + UPDATE deployment_domains + SET verification_status = 'verified', verified_at = ? + WHERE domain = ? + ` + + _, err = h.service.db.Exec(ctx, updateQuery, time.Now(), domain) + if err != nil { + h.logger.Error("Failed to update verification status", zap.Error(err)) + http.Error(w, "Failed to update verification status", http.StatusInternalServerError) + return + } + + // Create DNS record for the domain + go h.createDNSRecord(ctx, domain, domainRecord.DeploymentID) + + h.logger.Info("Domain verified successfully", + zap.String("domain", domain), + ) + + resp := map[string]interface{}{ + "domain": domain, + "status": "verified", + "message": "Domain verified successfully", + "verified_at": time.Now(), + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// HandleListDomains lists all domains for a deployment +func (h *DomainHandler) HandleListDomains(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + deploymentName := r.URL.Query().Get("deployment_name") + + if deploymentName == "" { + http.Error(w, "deployment_name query parameter is required", http.StatusBadRequest) + return + } + + // Get deployment + deployment, err := h.service.GetDeployment(ctx, namespace, deploymentName) + if err != nil { + http.Error(w, "Deployment not found", http.StatusNotFound) + return + } + + // Query domains + type domainRow struct { + Domain string `db:"domain"` + VerificationStatus string `db:"verification_status"` + CreatedAt time.Time `db:"created_at"` + VerifiedAt *time.Time `db:"verified_at"` + } + + var rows []domainRow + query := ` + SELECT domain, verification_status, created_at, verified_at + FROM deployment_domains + WHERE deployment_id = ? + ORDER BY created_at DESC + ` + + err = h.service.db.Query(ctx, &rows, query, deployment.ID) + if err != nil { + h.logger.Error("Failed to query domains", zap.Error(err)) + http.Error(w, "Failed to query domains", http.StatusInternalServerError) + return + } + + domains := make([]map[string]interface{}, len(rows)) + for i, row := range rows { + domains[i] = map[string]interface{}{ + "domain": row.Domain, + "verification_status": row.VerificationStatus, + "created_at": row.CreatedAt, + } + if row.VerifiedAt != nil { + domains[i]["verified_at"] = row.VerifiedAt + } + } + + resp := map[string]interface{}{ + "deployment_name": deploymentName, + "domains": domains, + "total": len(domains), + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// HandleRemoveDomain removes a custom domain +func (h *DomainHandler) HandleRemoveDomain(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + domain := r.URL.Query().Get("domain") + + if domain == "" { + http.Error(w, "domain query parameter is required", http.StatusBadRequest) + return + } + + domain = strings.ToLower(strings.TrimSpace(domain)) + + h.logger.Info("Removing domain", + zap.String("namespace", namespace), + zap.String("domain", domain), + ) + + // Verify ownership + var deploymentID string + checkQuery := ` + SELECT dd.deployment_id + FROM deployment_domains dd + JOIN deployments d ON dd.deployment_id = d.id + WHERE dd.domain = ? AND d.namespace = ? + ` + + type idRow struct { + DeploymentID string `db:"deployment_id"` + } + var rows []idRow + err := h.service.db.Query(ctx, &rows, checkQuery, domain, namespace) + if err != nil || len(rows) == 0 { + http.Error(w, "Domain not found", http.StatusNotFound) + return + } + deploymentID = rows[0].DeploymentID + + // Delete domain + deleteQuery := `DELETE FROM deployment_domains WHERE domain = ?` + _, err = h.service.db.Exec(ctx, deleteQuery, domain) + if err != nil { + h.logger.Error("Failed to delete domain", zap.Error(err)) + http.Error(w, "Failed to delete domain", http.StatusInternalServerError) + return + } + + // Delete DNS record + dnsQuery := `DELETE FROM dns_records WHERE fqdn = ? AND deployment_id = ?` + h.service.db.Exec(ctx, dnsQuery, domain+".", deploymentID) + + h.logger.Info("Domain removed", + zap.String("domain", domain), + ) + + resp := map[string]interface{}{ + "message": "Domain removed successfully", + "domain": domain, + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// Helper functions + +func generateVerificationToken() string { + bytes := make([]byte, 16) + rand.Read(bytes) + return "orama-verify-" + hex.EncodeToString(bytes) +} + +func isValidDomain(domain string) bool { + // Basic domain validation + if len(domain) == 0 || len(domain) > 253 { + return false + } + if strings.Contains(domain, "..") || strings.HasPrefix(domain, ".") || strings.HasSuffix(domain, ".") { + return false + } + parts := strings.Split(domain, ".") + if len(parts) < 2 { + return false + } + return true +} + +func (h *DomainHandler) verifyTXTRecord(record, expectedValue string) bool { + txtRecords, err := net.LookupTXT(record) + if err != nil { + h.logger.Warn("Failed to lookup TXT record", + zap.String("record", record), + zap.Error(err), + ) + return false + } + + for _, txt := range txtRecords { + if txt == expectedValue { + return true + } + } + + return false +} + +func (h *DomainHandler) createDNSRecord(ctx context.Context, domain, deploymentID string) { + // Get deployment node IP + type deploymentRow struct { + HomeNodeID string `db:"home_node_id"` + } + + var rows []deploymentRow + query := `SELECT home_node_id FROM deployments WHERE id = ?` + err := h.service.db.Query(ctx, &rows, query, deploymentID) + if err != nil || len(rows) == 0 { + h.logger.Error("Failed to get deployment node", zap.Error(err)) + return + } + + homeNodeID := rows[0].HomeNodeID + + // Get node IP + type nodeRow struct { + IPAddress string `db:"ip_address"` + } + + var nodeRows []nodeRow + nodeQuery := `SELECT ip_address FROM dns_nodes WHERE id = ? AND status = 'active'` + err = h.service.db.Query(ctx, &nodeRows, nodeQuery, homeNodeID) + if err != nil || len(nodeRows) == 0 { + h.logger.Error("Failed to get node IP", zap.Error(err)) + return + } + + nodeIP := nodeRows[0].IPAddress + + // Create DNS A record + dnsQuery := ` + INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, deployment_id, node_id, created_by, is_active, created_at, updated_at) + VALUES (?, 'A', ?, 300, ?, ?, ?, 'system', TRUE, ?, ?) + ON CONFLICT(fqdn, record_type, value) DO UPDATE SET + deployment_id = excluded.deployment_id, + node_id = excluded.node_id, + is_active = TRUE, + updated_at = excluded.updated_at + ` + + fqdn := domain + "." + now := time.Now() + + _, err = h.service.db.Exec(ctx, dnsQuery, fqdn, nodeIP, "", deploymentID, homeNodeID, now, now) + if err != nil { + h.logger.Error("Failed to create DNS record", zap.Error(err)) + return + } + + h.logger.Info("DNS record created for custom domain", + zap.String("domain", domain), + zap.String("ip", nodeIP), + ) +} diff --git a/pkg/gateway/handlers/deployments/go_handler.go b/pkg/gateway/handlers/deployments/go_handler.go new file mode 100644 index 0000000..0490ed7 --- /dev/null +++ b/pkg/gateway/handlers/deployments/go_handler.go @@ -0,0 +1,318 @@ +package deployments + +import ( + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "strings" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/deployments/process" + "github.com/DeBrosOfficial/network/pkg/ipfs" + "github.com/google/uuid" + "go.uber.org/zap" +) + +// GoHandler handles Go backend deployments +type GoHandler struct { + service *DeploymentService + processManager *process.Manager + ipfsClient ipfs.IPFSClient + logger *zap.Logger + baseDeployPath string +} + +// NewGoHandler creates a new Go deployment handler +func NewGoHandler( + service *DeploymentService, + processManager *process.Manager, + ipfsClient ipfs.IPFSClient, + logger *zap.Logger, + baseDeployPath string, +) *GoHandler { + if baseDeployPath == "" { + baseDeployPath = filepath.Join(os.Getenv("HOME"), ".orama", "deployments") + } + return &GoHandler{ + service: service, + processManager: processManager, + ipfsClient: ipfsClient, + logger: logger, + baseDeployPath: baseDeployPath, + } +} + +// HandleUpload handles Go backend deployment upload +func (h *GoHandler) HandleUpload(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + // Parse multipart form (100MB max for Go binaries) + if err := r.ParseMultipartForm(100 << 20); err != nil { + http.Error(w, "Failed to parse form", http.StatusBadRequest) + return + } + + // Get metadata + name := r.FormValue("name") + subdomain := r.FormValue("subdomain") + healthCheckPath := r.FormValue("health_check_path") + + if name == "" { + http.Error(w, "Deployment name is required", http.StatusBadRequest) + return + } + + if healthCheckPath == "" { + healthCheckPath = "/health" + } + + // Parse environment variables (form fields starting with "env_") + envVars := make(map[string]string) + for key, values := range r.MultipartForm.Value { + if strings.HasPrefix(key, "env_") && len(values) > 0 { + envName := strings.TrimPrefix(key, "env_") + envVars[envName] = values[0] + } + } + + // Get tarball file + file, header, err := r.FormFile("tarball") + if err != nil { + http.Error(w, "Tarball file is required", http.StatusBadRequest) + return + } + defer file.Close() + + h.logger.Info("Deploying Go backend", + zap.String("namespace", namespace), + zap.String("name", name), + zap.String("filename", header.Filename), + zap.Int64("size", header.Size), + ) + + // Upload to IPFS for versioning + addResp, err := h.ipfsClient.Add(ctx, file, header.Filename) + if err != nil { + h.logger.Error("Failed to upload to IPFS", zap.Error(err)) + http.Error(w, "Failed to upload content", http.StatusInternalServerError) + return + } + + cid := addResp.Cid + + // Deploy the Go backend + deployment, err := h.deploy(ctx, namespace, name, subdomain, cid, healthCheckPath, envVars) + if err != nil { + h.logger.Error("Failed to deploy Go backend", zap.Error(err)) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + // Create DNS records (use background context since HTTP context will be cancelled) + go h.service.CreateDNSRecords(context.Background(), deployment) + + // Build response + urls := h.service.BuildDeploymentURLs(deployment) + + resp := map[string]interface{}{ + "deployment_id": deployment.ID, + "name": deployment.Name, + "namespace": deployment.Namespace, + "status": deployment.Status, + "type": deployment.Type, + "content_cid": deployment.ContentCID, + "urls": urls, + "version": deployment.Version, + "port": deployment.Port, + "created_at": deployment.CreatedAt, + } + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusCreated) + json.NewEncoder(w).Encode(resp) +} + +// deploy deploys a Go backend +func (h *GoHandler) deploy(ctx context.Context, namespace, name, subdomain, cid, healthCheckPath string, envVars map[string]string) (*deployments.Deployment, error) { + // Create deployment directory + deployPath := filepath.Join(h.baseDeployPath, namespace, name) + if err := os.MkdirAll(deployPath, 0755); err != nil { + return nil, fmt.Errorf("failed to create deployment directory: %w", err) + } + + // Download and extract from IPFS + if err := h.extractFromIPFS(ctx, cid, deployPath); err != nil { + return nil, fmt.Errorf("failed to extract deployment: %w", err) + } + + // Find the executable binary + binaryPath, err := h.findBinary(deployPath) + if err != nil { + return nil, fmt.Errorf("failed to find binary: %w", err) + } + + // Ensure binary is executable + if err := os.Chmod(binaryPath, 0755); err != nil { + return nil, fmt.Errorf("failed to make binary executable: %w", err) + } + + h.logger.Info("Found Go binary", + zap.String("path", binaryPath), + zap.String("deployment", name), + ) + + // Create deployment record + deployment := &deployments.Deployment{ + ID: uuid.New().String(), + Namespace: namespace, + Name: name, + Type: deployments.DeploymentTypeGoBackend, + Version: 1, + Status: deployments.DeploymentStatusDeploying, + ContentCID: cid, + Subdomain: subdomain, + Environment: envVars, + MemoryLimitMB: 256, + CPULimitPercent: 100, + HealthCheckPath: healthCheckPath, + HealthCheckInterval: 30, + RestartPolicy: deployments.RestartPolicyAlways, + MaxRestartCount: 10, + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + DeployedBy: namespace, + } + + // Save deployment (assigns port) + if err := h.service.CreateDeployment(ctx, deployment); err != nil { + return nil, err + } + + // Start the process + if err := h.processManager.Start(ctx, deployment, deployPath); err != nil { + deployment.Status = deployments.DeploymentStatusFailed + h.service.UpdateDeploymentStatus(ctx, deployment.ID, deployments.DeploymentStatusFailed) + return deployment, fmt.Errorf("failed to start process: %w", err) + } + + // Wait for healthy + if err := h.processManager.WaitForHealthy(ctx, deployment, 60*time.Second); err != nil { + h.logger.Warn("Deployment did not become healthy", zap.Error(err)) + // Don't fail - the service might still be starting + } + + deployment.Status = deployments.DeploymentStatusActive + h.service.UpdateDeploymentStatus(ctx, deployment.ID, deployments.DeploymentStatusActive) + + return deployment, nil +} + +// extractFromIPFS extracts a tarball from IPFS to a directory +func (h *GoHandler) extractFromIPFS(ctx context.Context, cid, destPath string) error { + // Get tarball from IPFS + reader, err := h.ipfsClient.Get(ctx, "/ipfs/"+cid, "") + if err != nil { + return err + } + defer reader.Close() + + // Create temporary file + tmpFile, err := os.CreateTemp("", "go-deploy-*.tar.gz") + if err != nil { + return err + } + defer os.Remove(tmpFile.Name()) + defer tmpFile.Close() + + // Copy to temp file + if _, err := io.Copy(tmpFile, reader); err != nil { + return err + } + + tmpFile.Close() + + // Extract tarball + cmd := exec.Command("tar", "-xzf", tmpFile.Name(), "-C", destPath) + output, err := cmd.CombinedOutput() + if err != nil { + h.logger.Error("Failed to extract tarball", + zap.String("output", string(output)), + zap.Error(err), + ) + return fmt.Errorf("failed to extract tarball: %w", err) + } + + return nil +} + +// findBinary finds the Go binary in the deployment directory +func (h *GoHandler) findBinary(deployPath string) (string, error) { + // First, look for a binary named "app" (conventional) + appPath := filepath.Join(deployPath, "app") + if info, err := os.Stat(appPath); err == nil && !info.IsDir() { + return appPath, nil + } + + // Look for any executable in the directory + entries, err := os.ReadDir(deployPath) + if err != nil { + return "", fmt.Errorf("failed to read deployment directory: %w", err) + } + + for _, entry := range entries { + if entry.IsDir() { + continue + } + + filePath := filepath.Join(deployPath, entry.Name()) + info, err := entry.Info() + if err != nil { + continue + } + + // Check if it's executable + if info.Mode()&0111 != 0 { + // Skip common non-binary files + ext := strings.ToLower(filepath.Ext(entry.Name())) + if ext == ".sh" || ext == ".txt" || ext == ".md" || ext == ".json" || ext == ".yaml" || ext == ".yml" { + continue + } + + // Check if it's an ELF binary (Linux executable) + if h.isELFBinary(filePath) { + return filePath, nil + } + } + } + + return "", fmt.Errorf("no executable binary found in deployment. Expected 'app' binary or ELF executable") +} + +// isELFBinary checks if a file is an ELF binary +func (h *GoHandler) isELFBinary(path string) bool { + f, err := os.Open(path) + if err != nil { + return false + } + defer f.Close() + + // Read first 4 bytes (ELF magic number) + magic := make([]byte, 4) + if _, err := f.Read(magic); err != nil { + return false + } + + // ELF magic: 0x7f 'E' 'L' 'F' + return magic[0] == 0x7f && magic[1] == 'E' && magic[2] == 'L' && magic[3] == 'F' +} diff --git a/pkg/gateway/handlers/deployments/handlers_test.go b/pkg/gateway/handlers/deployments/handlers_test.go new file mode 100644 index 0000000..ec35093 --- /dev/null +++ b/pkg/gateway/handlers/deployments/handlers_test.go @@ -0,0 +1,421 @@ +package deployments + +import ( + "archive/tar" + "bytes" + "compress/gzip" + "context" + "database/sql" + "io" + "mime/multipart" + "net/http" + "net/http/httptest" + "reflect" + "strings" + "testing" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/gateway/ctxkeys" + "github.com/DeBrosOfficial/network/pkg/ipfs" + "go.uber.org/zap" +) + +// createMinimalTarball creates a minimal valid .tar.gz file for testing +func createMinimalTarball(t *testing.T) *bytes.Buffer { + buf := &bytes.Buffer{} + gzw := gzip.NewWriter(buf) + tw := tar.NewWriter(gzw) + + // Add a simple index.html file + content := []byte("Test") + header := &tar.Header{ + Name: "index.html", + Mode: 0644, + Size: int64(len(content)), + } + if err := tw.WriteHeader(header); err != nil { + t.Fatalf("Failed to write tar header: %v", err) + } + if _, err := tw.Write(content); err != nil { + t.Fatalf("Failed to write tar content: %v", err) + } + + tw.Close() + gzw.Close() + return buf +} + +// TestStaticHandler_Upload tests uploading a static site tarball to IPFS +func TestStaticHandler_Upload(t *testing.T) { + // Create mock IPFS client + mockIPFS := &mockIPFSClient{ + AddDirectoryFunc: func(ctx context.Context, dirPath string) (*ipfs.AddResponse, error) { + return &ipfs.AddResponse{Cid: "QmTestCID123456789"}, nil + }, + } + + // Create mock RQLite client with basic implementations + mockDB := &mockRQLiteClient{ + QueryFunc: func(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + // For dns_nodes query, return mock active node + if strings.Contains(query, "dns_nodes") { + // Use reflection to set the slice + destValue := reflect.ValueOf(dest) + if destValue.Kind() == reflect.Ptr { + sliceValue := destValue.Elem() + if sliceValue.Kind() == reflect.Slice { + // Create one element + elemType := sliceValue.Type().Elem() + newElem := reflect.New(elemType).Elem() + // Set ID field + idField := newElem.FieldByName("ID") + if idField.IsValid() && idField.CanSet() { + idField.SetString("node-test123") + } + // Append to slice + sliceValue.Set(reflect.Append(sliceValue, newElem)) + } + } + } + return nil + }, + ExecFunc: func(ctx context.Context, query string, args ...interface{}) (sql.Result, error) { + return nil, nil + }, + } + + // Create port allocator and home node manager with mock DB + portAlloc := deployments.NewPortAllocator(mockDB, zap.NewNop()) + homeNodeMgr := deployments.NewHomeNodeManager(mockDB, portAlloc, zap.NewNop()) + + // Create handler + service := &DeploymentService{ + db: mockDB, + homeNodeManager: homeNodeMgr, + portAllocator: portAlloc, + logger: zap.NewNop(), + } + handler := NewStaticDeploymentHandler(service, mockIPFS, zap.NewNop()) + + // Create a valid minimal tarball + tarballBuf := createMinimalTarball(t) + + // Create multipart form with tarball + body := &bytes.Buffer{} + writer := multipart.NewWriter(body) + + // Add name field + writer.WriteField("name", "test-app") + + // Add namespace field + writer.WriteField("namespace", "test-namespace") + + // Add tarball file + part, err := writer.CreateFormFile("tarball", "app.tar.gz") + if err != nil { + t.Fatalf("Failed to create form file: %v", err) + } + part.Write(tarballBuf.Bytes()) + + writer.Close() + + // Create request + req := httptest.NewRequest("POST", "/v1/deployments/static/upload", body) + req.Header.Set("Content-Type", writer.FormDataContentType()) + ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-namespace") + req = req.WithContext(ctx) + + // Create response recorder + rr := httptest.NewRecorder() + + // Call handler + handler.HandleUpload(rr, req) + + // Check response + if rr.Code != http.StatusOK && rr.Code != http.StatusCreated { + t.Errorf("Expected status 200 or 201, got %d", rr.Code) + t.Logf("Response body: %s", rr.Body.String()) + } +} + +// TestStaticHandler_Upload_InvalidTarball tests that malformed tarballs are rejected +func TestStaticHandler_Upload_InvalidTarball(t *testing.T) { + // Create mock IPFS client + mockIPFS := &mockIPFSClient{} + + // Create mock RQLite client + mockDB := &mockRQLiteClient{} + + // Create port allocator and home node manager with mock DB + portAlloc := deployments.NewPortAllocator(mockDB, zap.NewNop()) + homeNodeMgr := deployments.NewHomeNodeManager(mockDB, portAlloc, zap.NewNop()) + + // Create handler + service := &DeploymentService{ + db: mockDB, + homeNodeManager: homeNodeMgr, + portAllocator: portAlloc, + logger: zap.NewNop(), + } + handler := NewStaticDeploymentHandler(service, mockIPFS, zap.NewNop()) + + // Create request without tarball field + body := &bytes.Buffer{} + writer := multipart.NewWriter(body) + writer.WriteField("name", "test-app") + writer.Close() + + req := httptest.NewRequest("POST", "/v1/deployments/static/upload", body) + req.Header.Set("Content-Type", writer.FormDataContentType()) + ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-namespace") + req = req.WithContext(ctx) + + rr := httptest.NewRecorder() + + // Call handler + handler.HandleUpload(rr, req) + + // Should return error (400 or 500) + if rr.Code == http.StatusOK || rr.Code == http.StatusCreated { + t.Errorf("Expected error status, got %d", rr.Code) + } +} + +// TestStaticHandler_Serve tests serving static files from IPFS +func TestStaticHandler_Serve(t *testing.T) { + testContent := "Test" + + // Create mock IPFS client that returns test content + mockIPFS := &mockIPFSClient{ + GetFunc: func(ctx context.Context, path, ipfsAPIURL string) (io.ReadCloser, error) { + return io.NopCloser(strings.NewReader(testContent)), nil + }, + } + + // Create mock RQLite client + mockDB := &mockRQLiteClient{} + + // Create port allocator and home node manager with mock DB + portAlloc := deployments.NewPortAllocator(mockDB, zap.NewNop()) + homeNodeMgr := deployments.NewHomeNodeManager(mockDB, portAlloc, zap.NewNop()) + + // Create handler + service := &DeploymentService{ + db: mockDB, + homeNodeManager: homeNodeMgr, + portAllocator: portAlloc, + logger: zap.NewNop(), + } + handler := NewStaticDeploymentHandler(service, mockIPFS, zap.NewNop()) + + // Create test deployment + deployment := &deployments.Deployment{ + ID: "test-id", + ContentCID: "QmTestCID", + Type: deployments.DeploymentTypeStatic, + Status: deployments.DeploymentStatusActive, + Name: "test-app", + Namespace: "test-namespace", + } + + // Create request + req := httptest.NewRequest("GET", "/", nil) + req.Host = "test-app.orama.network" + + rr := httptest.NewRecorder() + + // Call handler + handler.HandleServe(rr, req, deployment) + + // Check response + if rr.Code != http.StatusOK { + t.Errorf("Expected status 200, got %d", rr.Code) + } + + // Check content + body := rr.Body.String() + if body != testContent { + t.Errorf("Expected %q, got %q", testContent, body) + } +} + +// TestStaticHandler_Serve_CSS tests that CSS files get correct Content-Type +func TestStaticHandler_Serve_CSS(t *testing.T) { + testContent := "body { color: red; }" + + mockIPFS := &mockIPFSClient{ + GetFunc: func(ctx context.Context, path, ipfsAPIURL string) (io.ReadCloser, error) { + return io.NopCloser(strings.NewReader(testContent)), nil + }, + } + + mockDB := &mockRQLiteClient{} + + service := &DeploymentService{ + db: mockDB, + logger: zap.NewNop(), + } + handler := NewStaticDeploymentHandler(service, mockIPFS, zap.NewNop()) + + deployment := &deployments.Deployment{ + ID: "test-id", + ContentCID: "QmTestCID", + Type: deployments.DeploymentTypeStatic, + Status: deployments.DeploymentStatusActive, + Name: "test-app", + Namespace: "test-namespace", + } + + req := httptest.NewRequest("GET", "/style.css", nil) + req.Host = "test-app.orama.network" + + rr := httptest.NewRecorder() + + handler.HandleServe(rr, req, deployment) + + // Check Content-Type header + contentType := rr.Header().Get("Content-Type") + if !strings.Contains(contentType, "text/css") { + t.Errorf("Expected Content-Type to contain 'text/css', got %q", contentType) + } +} + +// TestStaticHandler_Serve_JS tests that JavaScript files get correct Content-Type +func TestStaticHandler_Serve_JS(t *testing.T) { + testContent := "console.log('test');" + + mockIPFS := &mockIPFSClient{ + GetFunc: func(ctx context.Context, path, ipfsAPIURL string) (io.ReadCloser, error) { + return io.NopCloser(strings.NewReader(testContent)), nil + }, + } + + mockDB := &mockRQLiteClient{} + + service := &DeploymentService{ + db: mockDB, + logger: zap.NewNop(), + } + handler := NewStaticDeploymentHandler(service, mockIPFS, zap.NewNop()) + + deployment := &deployments.Deployment{ + ID: "test-id", + ContentCID: "QmTestCID", + Type: deployments.DeploymentTypeStatic, + Status: deployments.DeploymentStatusActive, + Name: "test-app", + Namespace: "test-namespace", + } + + req := httptest.NewRequest("GET", "/app.js", nil) + req.Host = "test-app.orama.network" + + rr := httptest.NewRecorder() + + handler.HandleServe(rr, req, deployment) + + // Check Content-Type header + contentType := rr.Header().Get("Content-Type") + if !strings.Contains(contentType, "application/javascript") { + t.Errorf("Expected Content-Type to contain 'application/javascript', got %q", contentType) + } +} + +// TestStaticHandler_Serve_SPAFallback tests that unknown paths fall back to index.html +func TestStaticHandler_Serve_SPAFallback(t *testing.T) { + indexContent := "SPA" + callCount := 0 + + mockIPFS := &mockIPFSClient{ + GetFunc: func(ctx context.Context, path, ipfsAPIURL string) (io.ReadCloser, error) { + callCount++ + // First call: return error for /unknown-route + // Second call: return index.html + if callCount == 1 { + return nil, io.EOF // Simulate file not found + } + return io.NopCloser(strings.NewReader(indexContent)), nil + }, + } + + mockDB := &mockRQLiteClient{} + + service := &DeploymentService{ + db: mockDB, + logger: zap.NewNop(), + } + handler := NewStaticDeploymentHandler(service, mockIPFS, zap.NewNop()) + + deployment := &deployments.Deployment{ + ID: "test-id", + ContentCID: "QmTestCID", + Type: deployments.DeploymentTypeStatic, + Status: deployments.DeploymentStatusActive, + Name: "test-app", + Namespace: "test-namespace", + } + + req := httptest.NewRequest("GET", "/unknown-route", nil) + req.Host = "test-app.orama.network" + + rr := httptest.NewRecorder() + + handler.HandleServe(rr, req, deployment) + + // Should return index.html content + if rr.Code != http.StatusOK { + t.Errorf("Expected status 200, got %d", rr.Code) + } + + body := rr.Body.String() + if body != indexContent { + t.Errorf("Expected index.html content, got %q", body) + } + + // Verify IPFS was called twice (first for route, then for index.html) + if callCount < 2 { + t.Errorf("Expected at least 2 IPFS calls for SPA fallback, got %d", callCount) + } +} + +// TestListHandler_AllDeployments tests listing all deployments for a namespace +func TestListHandler_AllDeployments(t *testing.T) { + mockDB := &mockRQLiteClient{ + QueryFunc: func(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + // The handler uses a local deploymentRow struct type, not deployments.Deployment + // So we just return nil and let the test verify basic flow + return nil + }, + } + + // Create port allocator and home node manager with mock DB + portAlloc := deployments.NewPortAllocator(mockDB, zap.NewNop()) + homeNodeMgr := deployments.NewHomeNodeManager(mockDB, portAlloc, zap.NewNop()) + + service := &DeploymentService{ + db: mockDB, + homeNodeManager: homeNodeMgr, + portAllocator: portAlloc, + logger: zap.NewNop(), + } + handler := NewListHandler(service, nil, nil, zap.NewNop(), "") + + req := httptest.NewRequest("GET", "/v1/deployments/list", nil) + ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-namespace") + req = req.WithContext(ctx) + + rr := httptest.NewRecorder() + + handler.HandleList(rr, req) + + if rr.Code != http.StatusOK { + t.Errorf("Expected status 200, got %d", rr.Code) + t.Logf("Response body: %s", rr.Body.String()) + } + + // Check that response is valid JSON + body := rr.Body.String() + if !strings.Contains(body, "namespace") || !strings.Contains(body, "deployments") { + t.Errorf("Expected response to contain namespace and deployments fields, got: %s", body) + } +} diff --git a/pkg/gateway/handlers/deployments/list_handler.go b/pkg/gateway/handlers/deployments/list_handler.go new file mode 100644 index 0000000..6d331a2 --- /dev/null +++ b/pkg/gateway/handlers/deployments/list_handler.go @@ -0,0 +1,275 @@ +package deployments + +import ( + "encoding/json" + "net/http" + "os" + "path/filepath" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/deployments/process" + "github.com/DeBrosOfficial/network/pkg/ipfs" + "go.uber.org/zap" +) + +// ListHandler handles listing deployments +type ListHandler struct { + service *DeploymentService + processManager *process.Manager + ipfsClient ipfs.IPFSClient + logger *zap.Logger + baseDeployPath string +} + +// NewListHandler creates a new list handler +func NewListHandler(service *DeploymentService, processManager *process.Manager, ipfsClient ipfs.IPFSClient, logger *zap.Logger, baseDeployPath string) *ListHandler { + return &ListHandler{ + service: service, + processManager: processManager, + ipfsClient: ipfsClient, + logger: logger, + baseDeployPath: baseDeployPath, + } +} + +// HandleList lists all deployments for a namespace +func (h *ListHandler) HandleList(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + type deploymentRow struct { + ID string `db:"id"` + Namespace string `db:"namespace"` + Name string `db:"name"` + Type string `db:"type"` + Version int `db:"version"` + Status string `db:"status"` + ContentCID string `db:"content_cid"` + HomeNodeID string `db:"home_node_id"` + Port int `db:"port"` + Subdomain string `db:"subdomain"` + CreatedAt time.Time `db:"created_at"` + UpdatedAt time.Time `db:"updated_at"` + } + + var rows []deploymentRow + query := ` + SELECT id, namespace, name, type, version, status, content_cid, home_node_id, port, subdomain, created_at, updated_at + FROM deployments + WHERE namespace = ? + ORDER BY created_at DESC + ` + + err := h.service.db.Query(ctx, &rows, query, namespace) + if err != nil { + h.logger.Error("Failed to query deployments", zap.Error(err)) + http.Error(w, "Failed to query deployments", http.StatusInternalServerError) + return + } + + baseDomain := h.service.BaseDomain() + deployments := make([]map[string]interface{}, len(rows)) + for i, row := range rows { + shortNodeID := GetShortNodeID(row.HomeNodeID) + urls := []string{ + "https://" + row.Name + "." + shortNodeID + "." + baseDomain, + } + if row.Subdomain != "" { + urls = append(urls, "https://"+row.Subdomain+"."+baseDomain) + } + + deployments[i] = map[string]interface{}{ + "id": row.ID, + "namespace": row.Namespace, + "name": row.Name, + "type": row.Type, + "version": row.Version, + "status": row.Status, + "content_cid": row.ContentCID, + "home_node_id": row.HomeNodeID, + "port": row.Port, + "subdomain": row.Subdomain, + "urls": urls, + "created_at": row.CreatedAt, + "updated_at": row.UpdatedAt, + } + } + + resp := map[string]interface{}{ + "namespace": namespace, + "deployments": deployments, + "total": len(deployments), + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// HandleGet gets a specific deployment +func (h *ListHandler) HandleGet(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + // Support both 'name' and 'id' query parameters + name := r.URL.Query().Get("name") + id := r.URL.Query().Get("id") + + if name == "" && id == "" { + http.Error(w, "name or id query parameter is required", http.StatusBadRequest) + return + } + + var deployment *deployments.Deployment + var err error + + if id != "" { + deployment, err = h.service.GetDeploymentByID(ctx, namespace, id) + } else { + deployment, err = h.service.GetDeployment(ctx, namespace, name) + } + if err != nil { + if err == deployments.ErrDeploymentNotFound { + http.Error(w, "Deployment not found", http.StatusNotFound) + } else { + h.logger.Error("Failed to get deployment", zap.Error(err)) + http.Error(w, "Failed to get deployment", http.StatusInternalServerError) + } + return + } + + urls := h.service.BuildDeploymentURLs(deployment) + + resp := map[string]interface{}{ + "id": deployment.ID, + "namespace": deployment.Namespace, + "name": deployment.Name, + "type": deployment.Type, + "version": deployment.Version, + "status": deployment.Status, + "content_cid": deployment.ContentCID, + "build_cid": deployment.BuildCID, + "home_node_id": deployment.HomeNodeID, + "port": deployment.Port, + "subdomain": deployment.Subdomain, + "urls": urls, + "memory_limit_mb": deployment.MemoryLimitMB, + "cpu_limit_percent": deployment.CPULimitPercent, + "disk_limit_mb": deployment.DiskLimitMB, + "health_check_path": deployment.HealthCheckPath, + "health_check_interval": deployment.HealthCheckInterval, + "restart_policy": deployment.RestartPolicy, + "max_restart_count": deployment.MaxRestartCount, + "created_at": deployment.CreatedAt, + "updated_at": deployment.UpdatedAt, + "deployed_by": deployment.DeployedBy, + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// HandleDelete deletes a deployment +func (h *ListHandler) HandleDelete(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + // Support both 'name' and 'id' query parameters + name := r.URL.Query().Get("name") + id := r.URL.Query().Get("id") + + if name == "" && id == "" { + http.Error(w, "name or id query parameter is required", http.StatusBadRequest) + return + } + + h.logger.Info("Deleting deployment", + zap.String("namespace", namespace), + zap.String("name", name), + zap.String("id", id), + ) + + // Get deployment + var deployment *deployments.Deployment + var err error + + if id != "" { + deployment, err = h.service.GetDeploymentByID(ctx, namespace, id) + } else { + deployment, err = h.service.GetDeployment(ctx, namespace, name) + } + if err != nil { + if err == deployments.ErrDeploymentNotFound { + http.Error(w, "Deployment not found", http.StatusNotFound) + } else { + http.Error(w, "Failed to get deployment", http.StatusInternalServerError) + } + return + } + + // 0. Fan out teardown to replica nodes (before local cleanup so replicas can stop processes) + h.service.FanOutToReplicas(ctx, deployment, "/v1/internal/deployments/replica/teardown", nil) + + // 1. Stop systemd service + if err := h.processManager.Stop(ctx, deployment); err != nil { + h.logger.Warn("Failed to stop deployment service (may not exist)", zap.Error(err), zap.String("name", deployment.Name)) + } + + // 2. Remove deployment files from disk + if h.baseDeployPath != "" { + deployDir := filepath.Join(h.baseDeployPath, deployment.Namespace, deployment.Name) + if err := os.RemoveAll(deployDir); err != nil { + h.logger.Warn("Failed to remove deployment files", zap.Error(err), zap.String("path", deployDir)) + } + } + + // 3. Unpin IPFS content + if deployment.ContentCID != "" { + if err := h.ipfsClient.Unpin(ctx, deployment.ContentCID); err != nil { + h.logger.Warn("Failed to unpin IPFS content", zap.Error(err), zap.String("cid", deployment.ContentCID)) + } + } + + // 4. Delete subdomain registry + subdomainQuery := `DELETE FROM global_deployment_subdomains WHERE deployment_id = ?` + _, _ = h.service.db.Exec(ctx, subdomainQuery, deployment.ID) + + // 5. Delete DNS records + dnsQuery := `DELETE FROM dns_records WHERE deployment_id = ?` + _, _ = h.service.db.Exec(ctx, dnsQuery, deployment.ID) + + // 6. Delete deployment record + query := `DELETE FROM deployments WHERE namespace = ? AND name = ?` + _, err = h.service.db.Exec(ctx, query, namespace, deployment.Name) + if err != nil { + h.logger.Error("Failed to delete deployment", zap.Error(err)) + http.Error(w, "Failed to delete deployment", http.StatusInternalServerError) + return + } + + h.logger.Info("Deployment deleted", + zap.String("id", deployment.ID), + zap.String("namespace", namespace), + zap.String("name", name), + ) + + resp := map[string]interface{}{ + "message": "Deployment deleted successfully", + "name": name, + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} diff --git a/pkg/gateway/handlers/deployments/logs_handler.go b/pkg/gateway/handlers/deployments/logs_handler.go new file mode 100644 index 0000000..42f5840 --- /dev/null +++ b/pkg/gateway/handlers/deployments/logs_handler.go @@ -0,0 +1,179 @@ +package deployments + +import ( + "bufio" + "encoding/json" + "fmt" + "net/http" + "strconv" + "strings" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/deployments/process" + "go.uber.org/zap" +) + +// LogsHandler handles deployment logs +type LogsHandler struct { + service *DeploymentService + processManager *process.Manager + logger *zap.Logger +} + +// NewLogsHandler creates a new logs handler +func NewLogsHandler(service *DeploymentService, processManager *process.Manager, logger *zap.Logger) *LogsHandler { + return &LogsHandler{ + service: service, + processManager: processManager, + logger: logger, + } +} + +// HandleLogs streams deployment logs +func (h *LogsHandler) HandleLogs(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + name := r.URL.Query().Get("name") + + if name == "" { + http.Error(w, "name query parameter is required", http.StatusBadRequest) + return + } + + // Parse parameters + lines := 100 + if linesStr := r.URL.Query().Get("lines"); linesStr != "" { + if l, err := strconv.Atoi(linesStr); err == nil { + lines = l + } + } + + follow := false + if followStr := r.URL.Query().Get("follow"); followStr == "true" { + follow = true + } + + h.logger.Info("Streaming logs", + zap.String("namespace", namespace), + zap.String("name", name), + zap.Int("lines", lines), + zap.Bool("follow", follow), + ) + + // Get deployment + deployment, err := h.service.GetDeployment(ctx, namespace, name) + if err != nil { + if err == deployments.ErrDeploymentNotFound { + http.Error(w, "Deployment not found", http.StatusNotFound) + } else { + http.Error(w, "Failed to get deployment", http.StatusInternalServerError) + } + return + } + + // Check if deployment has logs (only dynamic deployments) + if deployment.Port == 0 { + http.Error(w, "Static deployments do not have logs", http.StatusBadRequest) + return + } + + // Get logs from process manager + logs, err := h.processManager.GetLogs(ctx, deployment, lines, follow) + if err != nil { + h.logger.Error("Failed to get logs", zap.Error(err)) + http.Error(w, "Failed to get logs", http.StatusInternalServerError) + return + } + + // Set headers for streaming + w.Header().Set("Content-Type", "text/plain") + w.Header().Set("Transfer-Encoding", "chunked") + w.Header().Set("X-Content-Type-Options", "nosniff") + + // Stream logs + if follow { + // For follow mode, stream continuously + flusher, ok := w.(http.Flusher) + if !ok { + http.Error(w, "Streaming not supported", http.StatusInternalServerError) + return + } + + scanner := bufio.NewScanner(strings.NewReader(string(logs))) + for scanner.Scan() { + fmt.Fprintf(w, "%s\n", scanner.Text()) + flusher.Flush() + } + } else { + // For non-follow mode, write all logs at once + w.Write(logs) + } +} + +// HandleGetEvents gets deployment events +func (h *LogsHandler) HandleGetEvents(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + name := r.URL.Query().Get("name") + + if name == "" { + http.Error(w, "name query parameter is required", http.StatusBadRequest) + return + } + + // Get deployment + deployment, err := h.service.GetDeployment(ctx, namespace, name) + if err != nil { + http.Error(w, "Deployment not found", http.StatusNotFound) + return + } + + // Query events + type eventRow struct { + EventType string `db:"event_type"` + Message string `db:"message"` + CreatedAt string `db:"created_at"` + } + + var rows []eventRow + query := ` + SELECT event_type, message, created_at + FROM deployment_events + WHERE deployment_id = ? + ORDER BY created_at DESC + LIMIT 100 + ` + + err = h.service.db.Query(ctx, &rows, query, deployment.ID) + if err != nil { + h.logger.Error("Failed to query events", zap.Error(err)) + http.Error(w, "Failed to query events", http.StatusInternalServerError) + return + } + + events := make([]map[string]interface{}, len(rows)) + for i, row := range rows { + events[i] = map[string]interface{}{ + "event_type": row.EventType, + "message": row.Message, + "created_at": row.CreatedAt, + } + } + + resp := map[string]interface{}{ + "deployment_name": name, + "events": events, + "total": len(events), + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} diff --git a/pkg/gateway/handlers/deployments/mocks_test.go b/pkg/gateway/handlers/deployments/mocks_test.go new file mode 100644 index 0000000..491048d --- /dev/null +++ b/pkg/gateway/handlers/deployments/mocks_test.go @@ -0,0 +1,247 @@ +package deployments + +import ( + "context" + "database/sql" + "io" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/ipfs" + "github.com/DeBrosOfficial/network/pkg/rqlite" +) + +// mockIPFSClient implements a mock IPFS client for testing +type mockIPFSClient struct { + AddFunc func(ctx context.Context, r io.Reader, filename string) (*ipfs.AddResponse, error) + AddDirectoryFunc func(ctx context.Context, dirPath string) (*ipfs.AddResponse, error) + GetFunc func(ctx context.Context, path, ipfsAPIURL string) (io.ReadCloser, error) + PinFunc func(ctx context.Context, cid, name string, replicationFactor int) (*ipfs.PinResponse, error) + PinStatusFunc func(ctx context.Context, cid string) (*ipfs.PinStatus, error) + UnpinFunc func(ctx context.Context, cid string) error + HealthFunc func(ctx context.Context) error + GetPeerFunc func(ctx context.Context) (int, error) + CloseFunc func(ctx context.Context) error +} + +func (m *mockIPFSClient) Add(ctx context.Context, r io.Reader, filename string) (*ipfs.AddResponse, error) { + if m.AddFunc != nil { + return m.AddFunc(ctx, r, filename) + } + return &ipfs.AddResponse{Cid: "QmTestCID123456789"}, nil +} + +func (m *mockIPFSClient) AddDirectory(ctx context.Context, dirPath string) (*ipfs.AddResponse, error) { + if m.AddDirectoryFunc != nil { + return m.AddDirectoryFunc(ctx, dirPath) + } + return &ipfs.AddResponse{Cid: "QmTestDirCID123456789"}, nil +} + +func (m *mockIPFSClient) Get(ctx context.Context, cid, ipfsAPIURL string) (io.ReadCloser, error) { + if m.GetFunc != nil { + return m.GetFunc(ctx, cid, ipfsAPIURL) + } + return io.NopCloser(nil), nil +} + +func (m *mockIPFSClient) Pin(ctx context.Context, cid, name string, replicationFactor int) (*ipfs.PinResponse, error) { + if m.PinFunc != nil { + return m.PinFunc(ctx, cid, name, replicationFactor) + } + return &ipfs.PinResponse{}, nil +} + +func (m *mockIPFSClient) PinStatus(ctx context.Context, cid string) (*ipfs.PinStatus, error) { + if m.PinStatusFunc != nil { + return m.PinStatusFunc(ctx, cid) + } + return &ipfs.PinStatus{}, nil +} + +func (m *mockIPFSClient) Unpin(ctx context.Context, cid string) error { + if m.UnpinFunc != nil { + return m.UnpinFunc(ctx, cid) + } + return nil +} + +func (m *mockIPFSClient) Health(ctx context.Context) error { + if m.HealthFunc != nil { + return m.HealthFunc(ctx) + } + return nil +} + +func (m *mockIPFSClient) GetPeerCount(ctx context.Context) (int, error) { + if m.GetPeerFunc != nil { + return m.GetPeerFunc(ctx) + } + return 5, nil +} + +func (m *mockIPFSClient) Close(ctx context.Context) error { + if m.CloseFunc != nil { + return m.CloseFunc(ctx) + } + return nil +} + +// mockRQLiteClient implements a mock RQLite client for testing +type mockRQLiteClient struct { + QueryFunc func(ctx context.Context, dest interface{}, query string, args ...interface{}) error + ExecFunc func(ctx context.Context, query string, args ...interface{}) (sql.Result, error) + FindByFunc func(ctx context.Context, dest interface{}, table string, criteria map[string]interface{}, opts ...rqlite.FindOption) error + FindOneFunc func(ctx context.Context, dest interface{}, table string, criteria map[string]interface{}, opts ...rqlite.FindOption) error + SaveFunc func(ctx context.Context, entity interface{}) error + RemoveFunc func(ctx context.Context, entity interface{}) error + RepoFunc func(table string) interface{} + CreateQBFunc func(table string) *rqlite.QueryBuilder + TxFunc func(ctx context.Context, fn func(tx rqlite.Tx) error) error +} + +func (m *mockRQLiteClient) Query(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + if m.QueryFunc != nil { + return m.QueryFunc(ctx, dest, query, args...) + } + return nil +} + +func (m *mockRQLiteClient) Exec(ctx context.Context, query string, args ...interface{}) (sql.Result, error) { + if m.ExecFunc != nil { + return m.ExecFunc(ctx, query, args...) + } + return nil, nil +} + +func (m *mockRQLiteClient) FindBy(ctx context.Context, dest interface{}, table string, criteria map[string]interface{}, opts ...rqlite.FindOption) error { + if m.FindByFunc != nil { + return m.FindByFunc(ctx, dest, table, criteria, opts...) + } + return nil +} + +func (m *mockRQLiteClient) FindOneBy(ctx context.Context, dest interface{}, table string, criteria map[string]interface{}, opts ...rqlite.FindOption) error { + if m.FindOneFunc != nil { + return m.FindOneFunc(ctx, dest, table, criteria, opts...) + } + return nil +} + +func (m *mockRQLiteClient) Save(ctx context.Context, entity interface{}) error { + if m.SaveFunc != nil { + return m.SaveFunc(ctx, entity) + } + return nil +} + +func (m *mockRQLiteClient) Remove(ctx context.Context, entity interface{}) error { + if m.RemoveFunc != nil { + return m.RemoveFunc(ctx, entity) + } + return nil +} + +func (m *mockRQLiteClient) Repository(table string) interface{} { + if m.RepoFunc != nil { + return m.RepoFunc(table) + } + return nil +} + +func (m *mockRQLiteClient) CreateQueryBuilder(table string) *rqlite.QueryBuilder { + if m.CreateQBFunc != nil { + return m.CreateQBFunc(table) + } + return nil +} + +func (m *mockRQLiteClient) Tx(ctx context.Context, fn func(tx rqlite.Tx) error) error { + if m.TxFunc != nil { + return m.TxFunc(ctx, fn) + } + return nil +} + +// mockProcessManager implements a mock process manager for testing +type mockProcessManager struct { + StartFunc func(ctx context.Context, deployment *deployments.Deployment, workDir string) error + StopFunc func(ctx context.Context, deployment *deployments.Deployment) error + RestartFunc func(ctx context.Context, deployment *deployments.Deployment) error + StatusFunc func(ctx context.Context, deployment *deployments.Deployment) (string, error) + GetLogsFunc func(ctx context.Context, deployment *deployments.Deployment, lines int, follow bool) ([]byte, error) +} + +func (m *mockProcessManager) Start(ctx context.Context, deployment *deployments.Deployment, workDir string) error { + if m.StartFunc != nil { + return m.StartFunc(ctx, deployment, workDir) + } + return nil +} + +func (m *mockProcessManager) Stop(ctx context.Context, deployment *deployments.Deployment) error { + if m.StopFunc != nil { + return m.StopFunc(ctx, deployment) + } + return nil +} + +func (m *mockProcessManager) Restart(ctx context.Context, deployment *deployments.Deployment) error { + if m.RestartFunc != nil { + return m.RestartFunc(ctx, deployment) + } + return nil +} + +func (m *mockProcessManager) Status(ctx context.Context, deployment *deployments.Deployment) (string, error) { + if m.StatusFunc != nil { + return m.StatusFunc(ctx, deployment) + } + return "active", nil +} + +func (m *mockProcessManager) GetLogs(ctx context.Context, deployment *deployments.Deployment, lines int, follow bool) ([]byte, error) { + if m.GetLogsFunc != nil { + return m.GetLogsFunc(ctx, deployment, lines, follow) + } + return []byte("mock logs"), nil +} + +// mockHomeNodeManager implements a mock home node manager for testing +type mockHomeNodeManager struct { + AssignHomeNodeFunc func(ctx context.Context, namespace string) (string, error) + GetHomeNodeFunc func(ctx context.Context, namespace string) (string, error) +} + +func (m *mockHomeNodeManager) AssignHomeNode(ctx context.Context, namespace string) (string, error) { + if m.AssignHomeNodeFunc != nil { + return m.AssignHomeNodeFunc(ctx, namespace) + } + return "node-test123", nil +} + +func (m *mockHomeNodeManager) GetHomeNode(ctx context.Context, namespace string) (string, error) { + if m.GetHomeNodeFunc != nil { + return m.GetHomeNodeFunc(ctx, namespace) + } + return "node-test123", nil +} + +// mockPortAllocator implements a mock port allocator for testing +type mockPortAllocator struct { + AllocatePortFunc func(ctx context.Context, nodeID, deploymentID string) (int, error) + ReleasePortFunc func(ctx context.Context, nodeID string, port int) error +} + +func (m *mockPortAllocator) AllocatePort(ctx context.Context, nodeID, deploymentID string) (int, error) { + if m.AllocatePortFunc != nil { + return m.AllocatePortFunc(ctx, nodeID, deploymentID) + } + return 10100, nil +} + +func (m *mockPortAllocator) ReleasePort(ctx context.Context, nodeID string, port int) error { + if m.ReleasePortFunc != nil { + return m.ReleasePortFunc(ctx, nodeID, port) + } + return nil +} diff --git a/pkg/gateway/handlers/deployments/nextjs_handler.go b/pkg/gateway/handlers/deployments/nextjs_handler.go new file mode 100644 index 0000000..c88344d --- /dev/null +++ b/pkg/gateway/handlers/deployments/nextjs_handler.go @@ -0,0 +1,323 @@ +package deployments + +import ( + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "strings" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/deployments/process" + "github.com/DeBrosOfficial/network/pkg/ipfs" + "github.com/google/uuid" + "go.uber.org/zap" +) + +// NextJSHandler handles Next.js deployments +type NextJSHandler struct { + service *DeploymentService + processManager *process.Manager + ipfsClient ipfs.IPFSClient + logger *zap.Logger + baseDeployPath string +} + +// NewNextJSHandler creates a new Next.js deployment handler +func NewNextJSHandler( + service *DeploymentService, + processManager *process.Manager, + ipfsClient ipfs.IPFSClient, + logger *zap.Logger, + baseDeployPath string, +) *NextJSHandler { + if baseDeployPath == "" { + baseDeployPath = filepath.Join(os.Getenv("HOME"), ".orama", "deployments") + } + return &NextJSHandler{ + service: service, + processManager: processManager, + ipfsClient: ipfsClient, + logger: logger, + baseDeployPath: baseDeployPath, + } +} + +// HandleUpload handles Next.js deployment upload +func (h *NextJSHandler) HandleUpload(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + // Parse multipart form + if err := r.ParseMultipartForm(200 << 20); err != nil { // 200MB max + http.Error(w, "Failed to parse form", http.StatusBadRequest) + return + } + + // Get metadata + name := r.FormValue("name") + subdomain := r.FormValue("subdomain") + sseMode := r.FormValue("ssr") == "true" + + if name == "" { + http.Error(w, "Deployment name is required", http.StatusBadRequest) + return + } + + // Get tarball file + file, header, err := r.FormFile("tarball") + if err != nil { + http.Error(w, "Tarball file is required", http.StatusBadRequest) + return + } + defer file.Close() + + h.logger.Info("Deploying Next.js application", + zap.String("namespace", namespace), + zap.String("name", name), + zap.String("filename", header.Filename), + zap.Bool("ssr", sseMode), + ) + + var deployment *deployments.Deployment + var cid string + + if sseMode { + // SSR mode - upload tarball to IPFS, then extract on server + addResp, addErr := h.ipfsClient.Add(ctx, file, header.Filename) + if addErr != nil { + h.logger.Error("Failed to upload to IPFS", zap.Error(addErr)) + http.Error(w, "Failed to upload content", http.StatusInternalServerError) + return + } + cid = addResp.Cid + var deployErr error + deployment, deployErr = h.deploySSR(ctx, namespace, name, subdomain, cid) + if deployErr != nil { + h.logger.Error("Failed to deploy Next.js", zap.Error(deployErr)) + http.Error(w, deployErr.Error(), http.StatusInternalServerError) + return + } + } else { + // Static export mode - extract tarball first, then upload directory to IPFS + var uploadErr error + cid, uploadErr = h.uploadStaticContent(ctx, file) + if uploadErr != nil { + h.logger.Error("Failed to process static content", zap.Error(uploadErr)) + http.Error(w, "Failed to process content: "+uploadErr.Error(), http.StatusInternalServerError) + return + } + var deployErr error + deployment, deployErr = h.deployStatic(ctx, namespace, name, subdomain, cid) + if deployErr != nil { + h.logger.Error("Failed to deploy Next.js", zap.Error(deployErr)) + http.Error(w, deployErr.Error(), http.StatusInternalServerError) + return + } + } + + // Create DNS records (use background context since HTTP context will be cancelled) + go h.service.CreateDNSRecords(context.Background(), deployment) + + // Build response + urls := h.service.BuildDeploymentURLs(deployment) + + resp := map[string]interface{}{ + "deployment_id": deployment.ID, + "name": deployment.Name, + "namespace": deployment.Namespace, + "status": deployment.Status, + "type": deployment.Type, + "content_cid": deployment.ContentCID, + "urls": urls, + "version": deployment.Version, + "port": deployment.Port, + "created_at": deployment.CreatedAt, + } + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusCreated) + json.NewEncoder(w).Encode(resp) +} + +// deploySSR deploys Next.js in SSR mode +func (h *NextJSHandler) deploySSR(ctx context.Context, namespace, name, subdomain, cid string) (*deployments.Deployment, error) { + // Create deployment directory + deployPath := filepath.Join(h.baseDeployPath, namespace, name) + if err := os.MkdirAll(deployPath, 0755); err != nil { + return nil, fmt.Errorf("failed to create deployment directory: %w", err) + } + + // Download and extract from IPFS + if err := h.extractFromIPFS(ctx, cid, deployPath); err != nil { + return nil, fmt.Errorf("failed to extract deployment: %w", err) + } + + // Create deployment record + deployment := &deployments.Deployment{ + ID: uuid.New().String(), + Namespace: namespace, + Name: name, + Type: deployments.DeploymentTypeNextJS, + Version: 1, + Status: deployments.DeploymentStatusDeploying, + ContentCID: cid, + Subdomain: subdomain, + Environment: make(map[string]string), + MemoryLimitMB: 512, + CPULimitPercent: 100, + HealthCheckPath: "/api/health", + HealthCheckInterval: 30, + RestartPolicy: deployments.RestartPolicyAlways, + MaxRestartCount: 10, + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + DeployedBy: namespace, + } + + // Save deployment (assigns port) + if err := h.service.CreateDeployment(ctx, deployment); err != nil { + return nil, err + } + + // Start the process + if err := h.processManager.Start(ctx, deployment, deployPath); err != nil { + deployment.Status = deployments.DeploymentStatusFailed + return deployment, fmt.Errorf("failed to start process: %w", err) + } + + // Wait for healthy + if err := h.processManager.WaitForHealthy(ctx, deployment, 60*time.Second); err != nil { + h.logger.Warn("Deployment did not become healthy", zap.Error(err)) + } + + deployment.Status = deployments.DeploymentStatusActive + + // Update status in database + if err := h.service.UpdateDeploymentStatus(ctx, deployment.ID, deployment.Status); err != nil { + h.logger.Warn("Failed to update deployment status", zap.Error(err)) + } + + return deployment, nil +} + +// deployStatic deploys Next.js static export +func (h *NextJSHandler) deployStatic(ctx context.Context, namespace, name, subdomain, cid string) (*deployments.Deployment, error) { + deployment := &deployments.Deployment{ + ID: uuid.New().String(), + Namespace: namespace, + Name: name, + Type: deployments.DeploymentTypeNextJSStatic, + Version: 1, + Status: deployments.DeploymentStatusActive, + ContentCID: cid, + Subdomain: subdomain, + Environment: make(map[string]string), + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + DeployedBy: namespace, + } + + if err := h.service.CreateDeployment(ctx, deployment); err != nil { + return nil, err + } + + return deployment, nil +} + +// uploadStaticContent extracts a tarball and uploads the directory to IPFS +// Returns the CID of the uploaded directory +func (h *NextJSHandler) uploadStaticContent(ctx context.Context, file io.Reader) (string, error) { + // Create temp directory for extraction + tmpDir, err := os.MkdirTemp("", "nextjs-static-*") + if err != nil { + return "", fmt.Errorf("failed to create temp directory: %w", err) + } + defer os.RemoveAll(tmpDir) + + // Create site subdirectory (so IPFS creates a proper root CID) + siteDir := filepath.Join(tmpDir, "site") + if err := os.MkdirAll(siteDir, 0755); err != nil { + return "", fmt.Errorf("failed to create site directory: %w", err) + } + + // Extract tarball to site directory + if err := extractTarball(file, siteDir); err != nil { + return "", fmt.Errorf("failed to extract tarball: %w", err) + } + + // Upload the extracted directory to IPFS + addResp, err := h.ipfsClient.AddDirectory(ctx, tmpDir) + if err != nil { + return "", fmt.Errorf("failed to upload to IPFS: %w", err) + } + + h.logger.Info("Static content uploaded to IPFS", + zap.String("cid", addResp.Cid), + ) + + return addResp.Cid, nil +} + +// extractFromIPFS extracts a tarball from IPFS to a directory +func (h *NextJSHandler) extractFromIPFS(ctx context.Context, cid, destPath string) error { + // Get tarball from IPFS + reader, err := h.ipfsClient.Get(ctx, "/ipfs/"+cid, "") + if err != nil { + return err + } + defer reader.Close() + + // Create temporary file + tmpFile, err := os.CreateTemp("", "nextjs-*.tar.gz") + if err != nil { + return err + } + defer os.Remove(tmpFile.Name()) + defer tmpFile.Close() + + // Copy to temp file + if _, err := io.Copy(tmpFile, reader); err != nil { + return err + } + + tmpFile.Close() + + // Extract tarball + cmd := fmt.Sprintf("tar -xzf %s -C %s", tmpFile.Name(), destPath) + if err := h.execCommand(cmd); err != nil { + return fmt.Errorf("failed to extract tarball: %w", err) + } + + return nil +} + +// execCommand executes a shell command +func (h *NextJSHandler) execCommand(cmd string) error { + parts := strings.Fields(cmd) + if len(parts) == 0 { + return fmt.Errorf("empty command") + } + + c := exec.Command(parts[0], parts[1:]...) + output, err := c.CombinedOutput() + if err != nil { + h.logger.Error("Command execution failed", + zap.String("command", cmd), + zap.String("output", string(output)), + zap.Error(err), + ) + return fmt.Errorf("command failed: %s: %w", string(output), err) + } + + return nil +} diff --git a/pkg/gateway/handlers/deployments/nodejs_handler.go b/pkg/gateway/handlers/deployments/nodejs_handler.go new file mode 100644 index 0000000..f298822 --- /dev/null +++ b/pkg/gateway/handlers/deployments/nodejs_handler.go @@ -0,0 +1,319 @@ +package deployments + +import ( + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/deployments/process" + "github.com/DeBrosOfficial/network/pkg/ipfs" + "github.com/google/uuid" + "go.uber.org/zap" +) + +// NodeJSHandler handles Node.js backend deployments +type NodeJSHandler struct { + service *DeploymentService + processManager *process.Manager + ipfsClient ipfs.IPFSClient + logger *zap.Logger + baseDeployPath string +} + +// NewNodeJSHandler creates a new Node.js deployment handler +func NewNodeJSHandler( + service *DeploymentService, + processManager *process.Manager, + ipfsClient ipfs.IPFSClient, + logger *zap.Logger, + baseDeployPath string, +) *NodeJSHandler { + if baseDeployPath == "" { + baseDeployPath = filepath.Join(os.Getenv("HOME"), ".orama", "deployments") + } + return &NodeJSHandler{ + service: service, + processManager: processManager, + ipfsClient: ipfsClient, + logger: logger, + baseDeployPath: baseDeployPath, + } +} + +// HandleUpload handles Node.js backend deployment upload +func (h *NodeJSHandler) HandleUpload(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + // Parse multipart form (200MB max for Node.js with node_modules) + if err := r.ParseMultipartForm(200 << 20); err != nil { + http.Error(w, "Failed to parse form", http.StatusBadRequest) + return + } + + // Get metadata + name := r.FormValue("name") + subdomain := r.FormValue("subdomain") + healthCheckPath := r.FormValue("health_check_path") + skipInstall := r.FormValue("skip_install") == "true" + + if name == "" { + http.Error(w, "Deployment name is required", http.StatusBadRequest) + return + } + + if healthCheckPath == "" { + healthCheckPath = "/health" + } + + // Get tarball file + file, header, err := r.FormFile("tarball") + if err != nil { + http.Error(w, "Tarball file is required", http.StatusBadRequest) + return + } + defer file.Close() + + h.logger.Info("Deploying Node.js backend", + zap.String("namespace", namespace), + zap.String("name", name), + zap.String("filename", header.Filename), + zap.Int64("size", header.Size), + zap.Bool("skip_install", skipInstall), + ) + + // Upload to IPFS for versioning + addResp, err := h.ipfsClient.Add(ctx, file, header.Filename) + if err != nil { + h.logger.Error("Failed to upload to IPFS", zap.Error(err)) + http.Error(w, "Failed to upload content", http.StatusInternalServerError) + return + } + + cid := addResp.Cid + + // Deploy the Node.js backend + deployment, err := h.deploy(ctx, namespace, name, subdomain, cid, healthCheckPath, skipInstall) + if err != nil { + h.logger.Error("Failed to deploy Node.js backend", zap.Error(err)) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + // Create DNS records (use background context since HTTP context will be cancelled) + go h.service.CreateDNSRecords(context.Background(), deployment) + + // Build response + urls := h.service.BuildDeploymentURLs(deployment) + + resp := map[string]interface{}{ + "deployment_id": deployment.ID, + "name": deployment.Name, + "namespace": deployment.Namespace, + "status": deployment.Status, + "type": deployment.Type, + "content_cid": deployment.ContentCID, + "urls": urls, + "version": deployment.Version, + "port": deployment.Port, + "created_at": deployment.CreatedAt, + } + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusCreated) + json.NewEncoder(w).Encode(resp) +} + +// deploy deploys a Node.js backend +func (h *NodeJSHandler) deploy(ctx context.Context, namespace, name, subdomain, cid, healthCheckPath string, skipInstall bool) (*deployments.Deployment, error) { + // Create deployment directory + deployPath := filepath.Join(h.baseDeployPath, namespace, name) + if err := os.MkdirAll(deployPath, 0755); err != nil { + return nil, fmt.Errorf("failed to create deployment directory: %w", err) + } + + // Download and extract from IPFS + if err := h.extractFromIPFS(ctx, cid, deployPath); err != nil { + return nil, fmt.Errorf("failed to extract deployment: %w", err) + } + + // Check for package.json + packageJSONPath := filepath.Join(deployPath, "package.json") + if _, err := os.Stat(packageJSONPath); os.IsNotExist(err) { + return nil, fmt.Errorf("package.json not found in deployment") + } + + // Install dependencies if needed + nodeModulesPath := filepath.Join(deployPath, "node_modules") + if !skipInstall { + if _, err := os.Stat(nodeModulesPath); os.IsNotExist(err) { + h.logger.Info("Installing npm dependencies", zap.String("deployment", name)) + if err := h.npmInstall(deployPath); err != nil { + return nil, fmt.Errorf("failed to install dependencies: %w", err) + } + } + } + + // Parse package.json to determine entry point + entryPoint, err := h.determineEntryPoint(deployPath) + if err != nil { + h.logger.Warn("Failed to determine entry point, using default", + zap.Error(err), + zap.String("default", "index.js"), + ) + entryPoint = "index.js" + } + + h.logger.Info("Node.js deployment configured", + zap.String("entry_point", entryPoint), + zap.String("deployment", name), + ) + + // Create deployment record + deployment := &deployments.Deployment{ + ID: uuid.New().String(), + Namespace: namespace, + Name: name, + Type: deployments.DeploymentTypeNodeJSBackend, + Version: 1, + Status: deployments.DeploymentStatusDeploying, + ContentCID: cid, + Subdomain: subdomain, + Environment: map[string]string{"ENTRY_POINT": entryPoint}, + MemoryLimitMB: 512, + CPULimitPercent: 100, + HealthCheckPath: healthCheckPath, + HealthCheckInterval: 30, + RestartPolicy: deployments.RestartPolicyAlways, + MaxRestartCount: 10, + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + DeployedBy: namespace, + } + + // Save deployment (assigns port) + if err := h.service.CreateDeployment(ctx, deployment); err != nil { + return nil, err + } + + // Start the process + if err := h.processManager.Start(ctx, deployment, deployPath); err != nil { + deployment.Status = deployments.DeploymentStatusFailed + h.service.UpdateDeploymentStatus(ctx, deployment.ID, deployments.DeploymentStatusFailed) + return deployment, fmt.Errorf("failed to start process: %w", err) + } + + // Wait for healthy + if err := h.processManager.WaitForHealthy(ctx, deployment, 90*time.Second); err != nil { + h.logger.Warn("Deployment did not become healthy", zap.Error(err)) + // Don't fail - the service might still be starting + } + + deployment.Status = deployments.DeploymentStatusActive + h.service.UpdateDeploymentStatus(ctx, deployment.ID, deployments.DeploymentStatusActive) + + return deployment, nil +} + +// extractFromIPFS extracts a tarball from IPFS to a directory +func (h *NodeJSHandler) extractFromIPFS(ctx context.Context, cid, destPath string) error { + // Get tarball from IPFS + reader, err := h.ipfsClient.Get(ctx, "/ipfs/"+cid, "") + if err != nil { + return err + } + defer reader.Close() + + // Create temporary file + tmpFile, err := os.CreateTemp("", "nodejs-deploy-*.tar.gz") + if err != nil { + return err + } + defer os.Remove(tmpFile.Name()) + defer tmpFile.Close() + + // Copy to temp file + if _, err := io.Copy(tmpFile, reader); err != nil { + return err + } + + tmpFile.Close() + + // Extract tarball + cmd := exec.Command("tar", "-xzf", tmpFile.Name(), "-C", destPath) + output, err := cmd.CombinedOutput() + if err != nil { + h.logger.Error("Failed to extract tarball", + zap.String("output", string(output)), + zap.Error(err), + ) + return fmt.Errorf("failed to extract tarball: %w", err) + } + + return nil +} + +// npmInstall runs npm install --production in the deployment directory +func (h *NodeJSHandler) npmInstall(deployPath string) error { + cmd := exec.Command("npm", "install", "--production") + cmd.Dir = deployPath + cmd.Env = append(os.Environ(), "NODE_ENV=production") + + output, err := cmd.CombinedOutput() + if err != nil { + h.logger.Error("npm install failed", + zap.String("output", string(output)), + zap.Error(err), + ) + return fmt.Errorf("npm install failed: %w", err) + } + + return nil +} + +// determineEntryPoint reads package.json to find the entry point +func (h *NodeJSHandler) determineEntryPoint(deployPath string) (string, error) { + packageJSONPath := filepath.Join(deployPath, "package.json") + data, err := os.ReadFile(packageJSONPath) + if err != nil { + return "", err + } + + var pkg struct { + Main string `json:"main"` + Scripts map[string]string `json:"scripts"` + } + + if err := json.Unmarshal(data, &pkg); err != nil { + return "", err + } + + // Check if there's a start script + if startScript, ok := pkg.Scripts["start"]; ok { + // If start script uses node, extract the file + if len(startScript) > 5 && startScript[:5] == "node " { + return startScript[5:], nil + } + // Otherwise, we'll use npm start + return "npm:start", nil + } + + // Use main field if specified + if pkg.Main != "" { + return pkg.Main, nil + } + + // Default to index.js + return "index.js", nil +} diff --git a/pkg/gateway/handlers/deployments/replica_handler.go b/pkg/gateway/handlers/deployments/replica_handler.go new file mode 100644 index 0000000..327f30a --- /dev/null +++ b/pkg/gateway/handlers/deployments/replica_handler.go @@ -0,0 +1,424 @@ +package deployments + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "os" + "path/filepath" + "time" + + "os/exec" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/deployments/process" + "github.com/DeBrosOfficial/network/pkg/ipfs" + "go.uber.org/zap" +) + +// ReplicaHandler handles internal node-to-node replica coordination endpoints. +type ReplicaHandler struct { + service *DeploymentService + processManager *process.Manager + ipfsClient ipfs.IPFSClient + logger *zap.Logger + baseDeployPath string +} + +// NewReplicaHandler creates a new replica handler. +func NewReplicaHandler( + service *DeploymentService, + processManager *process.Manager, + ipfsClient ipfs.IPFSClient, + logger *zap.Logger, + baseDeployPath string, +) *ReplicaHandler { + if baseDeployPath == "" { + baseDeployPath = filepath.Join(os.Getenv("HOME"), ".orama", "deployments") + } + return &ReplicaHandler{ + service: service, + processManager: processManager, + ipfsClient: ipfsClient, + logger: logger, + baseDeployPath: baseDeployPath, + } +} + +// replicaSetupRequest is the payload for setting up a new replica. +type replicaSetupRequest struct { + DeploymentID string `json:"deployment_id"` + Namespace string `json:"namespace"` + Name string `json:"name"` + Type string `json:"type"` + ContentCID string `json:"content_cid"` + BuildCID string `json:"build_cid"` + Environment string `json:"environment"` // JSON-encoded env vars + HealthCheckPath string `json:"health_check_path"` + MemoryLimitMB int `json:"memory_limit_mb"` + CPULimitPercent int `json:"cpu_limit_percent"` + RestartPolicy string `json:"restart_policy"` + MaxRestartCount int `json:"max_restart_count"` +} + +// HandleSetup sets up a new deployment replica on this node. +// POST /v1/internal/deployments/replica/setup +func (h *ReplicaHandler) HandleSetup(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) + return + } + + if !h.isInternalRequest(r) { + http.Error(w, "Forbidden", http.StatusForbidden) + return + } + + var req replicaSetupRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + h.logger.Info("Setting up deployment replica", + zap.String("deployment_id", req.DeploymentID), + zap.String("name", req.Name), + zap.String("type", req.Type), + ) + + ctx := r.Context() + + // Allocate a port on this node + port, err := h.service.portAllocator.AllocatePort(ctx, h.service.nodePeerID, req.DeploymentID) + if err != nil { + h.logger.Error("Failed to allocate port for replica", zap.Error(err)) + http.Error(w, "Failed to allocate port", http.StatusInternalServerError) + return + } + + // Create the deployment directory + deployPath := filepath.Join(h.baseDeployPath, req.Namespace, req.Name) + if err := os.MkdirAll(deployPath, 0755); err != nil { + http.Error(w, "Failed to create deployment directory", http.StatusInternalServerError) + return + } + + // Extract content from IPFS + cid := req.BuildCID + if cid == "" { + cid = req.ContentCID + } + + if err := h.extractFromIPFS(ctx, cid, deployPath); err != nil { + h.logger.Error("Failed to extract IPFS content for replica", zap.Error(err)) + http.Error(w, "Failed to extract content", http.StatusInternalServerError) + return + } + + // Parse environment + var env map[string]string + if req.Environment != "" { + json.Unmarshal([]byte(req.Environment), &env) + } + if env == nil { + env = make(map[string]string) + } + + // Build a Deployment struct for the process manager + deployment := &deployments.Deployment{ + ID: req.DeploymentID, + Namespace: req.Namespace, + Name: req.Name, + Type: deployments.DeploymentType(req.Type), + Port: port, + HomeNodeID: h.service.nodePeerID, + ContentCID: req.ContentCID, + BuildCID: req.BuildCID, + Environment: env, + HealthCheckPath: req.HealthCheckPath, + MemoryLimitMB: req.MemoryLimitMB, + CPULimitPercent: req.CPULimitPercent, + RestartPolicy: deployments.RestartPolicy(req.RestartPolicy), + MaxRestartCount: req.MaxRestartCount, + } + + // Start the process + if err := h.processManager.Start(ctx, deployment, deployPath); err != nil { + h.logger.Error("Failed to start replica process", zap.Error(err)) + http.Error(w, fmt.Sprintf("Failed to start process: %v", err), http.StatusInternalServerError) + return + } + + // Wait for health check + if err := h.processManager.WaitForHealthy(ctx, deployment, 90*time.Second); err != nil { + h.logger.Warn("Replica did not become healthy", zap.Error(err)) + } + + // Update replica record to active with the port + if h.service.replicaManager != nil { + h.service.replicaManager.CreateReplica(ctx, req.DeploymentID, h.service.nodePeerID, port, false) + } + + resp := map[string]interface{}{ + "status": "active", + "port": port, + "node_id": h.service.nodePeerID, + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// replicaUpdateRequest is the payload for updating a replica. +type replicaUpdateRequest struct { + DeploymentID string `json:"deployment_id"` + Namespace string `json:"namespace"` + Name string `json:"name"` + Type string `json:"type"` + ContentCID string `json:"content_cid"` + BuildCID string `json:"build_cid"` + NewVersion int `json:"new_version"` +} + +// HandleUpdate updates a deployment replica on this node. +// POST /v1/internal/deployments/replica/update +func (h *ReplicaHandler) HandleUpdate(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) + return + } + + if !h.isInternalRequest(r) { + http.Error(w, "Forbidden", http.StatusForbidden) + return + } + + var req replicaUpdateRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + h.logger.Info("Updating deployment replica", + zap.String("deployment_id", req.DeploymentID), + zap.String("name", req.Name), + ) + + ctx := r.Context() + deployType := deployments.DeploymentType(req.Type) + + isStatic := deployType == deployments.DeploymentTypeStatic || + deployType == deployments.DeploymentTypeNextJSStatic || + deployType == deployments.DeploymentTypeGoWASM + + if isStatic { + // Static deployments: nothing to do locally, IPFS handles content + resp := map[string]interface{}{"status": "updated"} + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) + return + } + + // Dynamic deployment: extract new content and restart + cid := req.BuildCID + if cid == "" { + cid = req.ContentCID + } + + deployPath := filepath.Join(h.baseDeployPath, req.Namespace, req.Name) + stagingPath := deployPath + ".new" + oldPath := deployPath + ".old" + + // Extract to staging + if err := os.MkdirAll(stagingPath, 0755); err != nil { + http.Error(w, "Failed to create staging directory", http.StatusInternalServerError) + return + } + + if err := h.extractFromIPFS(ctx, cid, stagingPath); err != nil { + os.RemoveAll(stagingPath) + http.Error(w, "Failed to extract content", http.StatusInternalServerError) + return + } + + // Atomic swap + if err := os.Rename(deployPath, oldPath); err != nil { + os.RemoveAll(stagingPath) + http.Error(w, "Failed to backup current deployment", http.StatusInternalServerError) + return + } + + if err := os.Rename(stagingPath, deployPath); err != nil { + os.Rename(oldPath, deployPath) + http.Error(w, "Failed to activate new deployment", http.StatusInternalServerError) + return + } + + // Get the port for this replica + var port int + if h.service.replicaManager != nil { + p, err := h.service.replicaManager.GetReplicaPort(ctx, req.DeploymentID, h.service.nodePeerID) + if err == nil { + port = p + } + } + + // Restart the process + deployment := &deployments.Deployment{ + ID: req.DeploymentID, + Namespace: req.Namespace, + Name: req.Name, + Type: deployType, + Port: port, + HomeNodeID: h.service.nodePeerID, + } + + if err := h.processManager.Restart(ctx, deployment); err != nil { + // Rollback + os.Rename(deployPath, stagingPath) + os.Rename(oldPath, deployPath) + h.processManager.Restart(ctx, deployment) + http.Error(w, fmt.Sprintf("Failed to restart: %v", err), http.StatusInternalServerError) + return + } + + // Health check + if err := h.processManager.WaitForHealthy(ctx, deployment, 60*time.Second); err != nil { + h.logger.Warn("Replica unhealthy after update, rolling back", zap.Error(err)) + os.Rename(deployPath, stagingPath) + os.Rename(oldPath, deployPath) + h.processManager.Restart(ctx, deployment) + http.Error(w, "Health check failed after update", http.StatusInternalServerError) + return + } + + os.RemoveAll(oldPath) + + resp := map[string]interface{}{"status": "updated"} + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// HandleRollback rolls back a deployment replica on this node. +// POST /v1/internal/deployments/replica/rollback +func (h *ReplicaHandler) HandleRollback(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) + return + } + + if !h.isInternalRequest(r) { + http.Error(w, "Forbidden", http.StatusForbidden) + return + } + + // Rollback uses the same logic as update — the caller sends the target CID + h.HandleUpdate(w, r) +} + +// replicaTeardownRequest is the payload for tearing down a replica. +type replicaTeardownRequest struct { + DeploymentID string `json:"deployment_id"` + Namespace string `json:"namespace"` + Name string `json:"name"` + Type string `json:"type"` +} + +// HandleTeardown removes a deployment replica from this node. +// POST /v1/internal/deployments/replica/teardown +func (h *ReplicaHandler) HandleTeardown(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) + return + } + + if !h.isInternalRequest(r) { + http.Error(w, "Forbidden", http.StatusForbidden) + return + } + + var req replicaTeardownRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + h.logger.Info("Tearing down deployment replica", + zap.String("deployment_id", req.DeploymentID), + zap.String("name", req.Name), + ) + + ctx := r.Context() + + // Get port for this replica before teardown + var port int + if h.service.replicaManager != nil { + p, err := h.service.replicaManager.GetReplicaPort(ctx, req.DeploymentID, h.service.nodePeerID) + if err == nil { + port = p + } + } + + // Stop the process + deployment := &deployments.Deployment{ + ID: req.DeploymentID, + Namespace: req.Namespace, + Name: req.Name, + Type: deployments.DeploymentType(req.Type), + Port: port, + HomeNodeID: h.service.nodePeerID, + } + + if err := h.processManager.Stop(ctx, deployment); err != nil { + h.logger.Warn("Failed to stop replica process", zap.Error(err)) + } + + // Remove deployment files + deployPath := filepath.Join(h.baseDeployPath, req.Namespace, req.Name) + if err := os.RemoveAll(deployPath); err != nil { + h.logger.Warn("Failed to remove replica files", zap.Error(err)) + } + + // Update replica status + if h.service.replicaManager != nil { + h.service.replicaManager.UpdateReplicaStatus(ctx, req.DeploymentID, h.service.nodePeerID, deployments.ReplicaStatusRemoving) + } + + resp := map[string]interface{}{"status": "removed"} + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// extractFromIPFS downloads and extracts a tarball from IPFS. +func (h *ReplicaHandler) extractFromIPFS(ctx context.Context, cid, destPath string) error { + reader, err := h.ipfsClient.Get(ctx, "/ipfs/"+cid, "") + if err != nil { + return err + } + defer reader.Close() + + tmpFile, err := os.CreateTemp("", "replica-deploy-*.tar.gz") + if err != nil { + return err + } + defer os.Remove(tmpFile.Name()) + defer tmpFile.Close() + + if _, err := tmpFile.ReadFrom(reader); err != nil { + return err + } + tmpFile.Close() + + cmd := exec.Command("tar", "-xzf", tmpFile.Name(), "-C", destPath) + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to extract tarball: %s: %w", string(output), err) + } + + return nil +} + +// isInternalRequest checks if the request is an internal node-to-node call. +func (h *ReplicaHandler) isInternalRequest(r *http.Request) bool { + return r.Header.Get("X-Orama-Internal-Auth") == "replica-coordination" +} diff --git a/pkg/gateway/handlers/deployments/rollback_handler.go b/pkg/gateway/handlers/deployments/rollback_handler.go new file mode 100644 index 0000000..bae7313 --- /dev/null +++ b/pkg/gateway/handlers/deployments/rollback_handler.go @@ -0,0 +1,400 @@ +package deployments + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "os" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "go.uber.org/zap" +) + +// RollbackHandler handles deployment rollbacks +type RollbackHandler struct { + service *DeploymentService + updateHandler *UpdateHandler + logger *zap.Logger +} + +// NewRollbackHandler creates a new rollback handler +func NewRollbackHandler(service *DeploymentService, updateHandler *UpdateHandler, logger *zap.Logger) *RollbackHandler { + return &RollbackHandler{ + service: service, + updateHandler: updateHandler, + logger: logger, + } +} + +// HandleRollback handles deployment rollback +func (h *RollbackHandler) HandleRollback(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + var req struct { + Name string `json:"name"` + Version int `json:"version"` + } + + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + if req.Name == "" { + http.Error(w, "deployment name is required", http.StatusBadRequest) + return + } + + if req.Version <= 0 { + http.Error(w, "version must be positive", http.StatusBadRequest) + return + } + + h.logger.Info("Rolling back deployment", + zap.String("namespace", namespace), + zap.String("name", req.Name), + zap.Int("target_version", req.Version), + ) + + // Get current deployment + current, err := h.service.GetDeployment(ctx, namespace, req.Name) + if err != nil { + if err == deployments.ErrDeploymentNotFound { + http.Error(w, "Deployment not found", http.StatusNotFound) + } else { + http.Error(w, "Failed to get deployment", http.StatusInternalServerError) + } + return + } + + // Validate version + if req.Version >= current.Version { + http.Error(w, fmt.Sprintf("Cannot rollback to version %d, current version is %d", req.Version, current.Version), http.StatusBadRequest) + return + } + + // Get historical version + history, err := h.getHistoricalVersion(ctx, current.ID, req.Version) + if err != nil { + http.Error(w, fmt.Sprintf("Version %d not found in history", req.Version), http.StatusNotFound) + return + } + + h.logger.Info("Found historical version", + zap.String("deployment", req.Name), + zap.Int("version", req.Version), + zap.String("cid", history.ContentCID), + ) + + // Perform rollback based on type + var rolled *deployments.Deployment + + switch current.Type { + case deployments.DeploymentTypeStatic, deployments.DeploymentTypeNextJSStatic: + rolled, err = h.rollbackStatic(ctx, current, history) + case deployments.DeploymentTypeNextJS, deployments.DeploymentTypeNodeJSBackend, deployments.DeploymentTypeGoBackend: + rolled, err = h.rollbackDynamic(ctx, current, history) + default: + http.Error(w, "Unsupported deployment type", http.StatusBadRequest) + return + } + + if err != nil { + h.logger.Error("Rollback failed", zap.Error(err)) + http.Error(w, fmt.Sprintf("Rollback failed: %v", err), http.StatusInternalServerError) + return + } + + // Fan out rollback to replica nodes + h.service.FanOutToReplicas(ctx, rolled, "/v1/internal/deployments/replica/rollback", map[string]interface{}{ + "new_version": rolled.Version, + }) + + // Return response + resp := map[string]interface{}{ + "deployment_id": rolled.ID, + "name": rolled.Name, + "namespace": rolled.Namespace, + "status": rolled.Status, + "version": rolled.Version, + "rolled_back_from": current.Version, + "rolled_back_to": req.Version, + "content_cid": rolled.ContentCID, + "updated_at": rolled.UpdatedAt, + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// getHistoricalVersion retrieves a specific version from history +func (h *RollbackHandler) getHistoricalVersion(ctx context.Context, deploymentID string, version int) (*struct { + ContentCID string + BuildCID string +}, error) { + type historyRow struct { + ContentCID string `db:"content_cid"` + BuildCID string `db:"build_cid"` + } + + var rows []historyRow + query := ` + SELECT content_cid, build_cid + FROM deployment_history + WHERE deployment_id = ? AND version = ? + LIMIT 1 + ` + + err := h.service.db.Query(ctx, &rows, query, deploymentID, version) + if err != nil { + return nil, err + } + + if len(rows) == 0 { + return nil, fmt.Errorf("version not found") + } + + return &struct { + ContentCID string + BuildCID string + }{ + ContentCID: rows[0].ContentCID, + BuildCID: rows[0].BuildCID, + }, nil +} + +// rollbackStatic rolls back a static deployment +func (h *RollbackHandler) rollbackStatic(ctx context.Context, current *deployments.Deployment, history *struct { + ContentCID string + BuildCID string +}) (*deployments.Deployment, error) { + // Atomic CID swap + newVersion := current.Version + 1 + now := time.Now() + + query := ` + UPDATE deployments + SET content_cid = ?, version = ?, updated_at = ? + WHERE namespace = ? AND name = ? + ` + + _, err := h.service.db.Exec(ctx, query, history.ContentCID, newVersion, now, current.Namespace, current.Name) + if err != nil { + return nil, fmt.Errorf("failed to update deployment: %w", err) + } + + // Record rollback in history + historyQuery := ` + INSERT INTO deployment_history ( + id, deployment_id, version, content_cid, deployed_at, deployed_by, status, error_message, rollback_from_version + ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?) + ` + + historyID := fmt.Sprintf("%s-v%d", current.ID, newVersion) + _, err = h.service.db.Exec(ctx, historyQuery, + historyID, + current.ID, + newVersion, + history.ContentCID, + now, + current.Namespace, + "rolled_back", + "", + ¤t.Version, + ) + + if err != nil { + h.logger.Error("Failed to record rollback history", zap.Error(err)) + } + + current.ContentCID = history.ContentCID + current.Version = newVersion + current.UpdatedAt = now + + h.logger.Info("Static deployment rolled back", + zap.String("deployment", current.Name), + zap.Int("new_version", newVersion), + zap.String("cid", history.ContentCID), + ) + + return current, nil +} + +// rollbackDynamic rolls back a dynamic deployment +func (h *RollbackHandler) rollbackDynamic(ctx context.Context, current *deployments.Deployment, history *struct { + ContentCID string + BuildCID string +}) (*deployments.Deployment, error) { + // Download historical version from IPFS + cid := history.BuildCID + if cid == "" { + cid = history.ContentCID + } + + deployPath := h.updateHandler.nextjsHandler.baseDeployPath + "/" + current.Namespace + "/" + current.Name + stagingPath := deployPath + ".rollback" + + // Extract historical version + if err := os.MkdirAll(stagingPath, 0755); err != nil { + return nil, fmt.Errorf("failed to create staging directory: %w", err) + } + if err := h.updateHandler.nextjsHandler.extractFromIPFS(ctx, cid, stagingPath); err != nil { + return nil, fmt.Errorf("failed to extract historical version: %w", err) + } + + // Backup current + oldPath := deployPath + ".old" + if err := renameDirectory(deployPath, oldPath); err != nil { + return nil, fmt.Errorf("failed to backup current: %w", err) + } + + // Activate rollback + if err := renameDirectory(stagingPath, deployPath); err != nil { + renameDirectory(oldPath, deployPath) + return nil, fmt.Errorf("failed to activate rollback: %w", err) + } + + // Restart + if err := h.updateHandler.processManager.Restart(ctx, current); err != nil { + renameDirectory(deployPath, stagingPath) + renameDirectory(oldPath, deployPath) + h.updateHandler.processManager.Restart(ctx, current) + return nil, fmt.Errorf("failed to restart: %w", err) + } + + // Wait for healthy + if err := h.updateHandler.processManager.WaitForHealthy(ctx, current, 60*time.Second); err != nil { + h.logger.Warn("Rollback unhealthy, reverting", zap.Error(err)) + renameDirectory(deployPath, stagingPath) + renameDirectory(oldPath, deployPath) + h.updateHandler.processManager.Restart(ctx, current) + return nil, fmt.Errorf("rollback failed health check: %w", err) + } + + // Update database + newVersion := current.Version + 1 + now := time.Now() + + query := ` + UPDATE deployments + SET build_cid = ?, version = ?, updated_at = ? + WHERE namespace = ? AND name = ? + ` + + _, err := h.service.db.Exec(ctx, query, cid, newVersion, now, current.Namespace, current.Name) + if err != nil { + h.logger.Error("Failed to update database", zap.Error(err)) + } + + // Record rollback in history + historyQuery := ` + INSERT INTO deployment_history ( + id, deployment_id, version, build_cid, deployed_at, deployed_by, status, rollback_from_version + ) VALUES (?, ?, ?, ?, ?, ?, ?, ?) + ` + + historyID := fmt.Sprintf("%s-v%d", current.ID, newVersion) + _, _ = h.service.db.Exec(ctx, historyQuery, + historyID, + current.ID, + newVersion, + cid, + now, + current.Namespace, + "rolled_back", + ¤t.Version, + ) + + // Cleanup + removeDirectory(oldPath) + + current.BuildCID = cid + current.Version = newVersion + current.UpdatedAt = now + + h.logger.Info("Dynamic deployment rolled back", + zap.String("deployment", current.Name), + zap.Int("new_version", newVersion), + ) + + return current, nil +} + +// HandleListVersions lists all versions of a deployment +func (h *RollbackHandler) HandleListVersions(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + name := r.URL.Query().Get("name") + + if name == "" { + http.Error(w, "name query parameter is required", http.StatusBadRequest) + return + } + + // Get deployment + deployment, err := h.service.GetDeployment(ctx, namespace, name) + if err != nil { + http.Error(w, "Deployment not found", http.StatusNotFound) + return + } + + // Query history + type versionRow struct { + Version int `db:"version"` + ContentCID string `db:"content_cid"` + BuildCID string `db:"build_cid"` + DeployedAt time.Time `db:"deployed_at"` + DeployedBy string `db:"deployed_by"` + Status string `db:"status"` + } + + var rows []versionRow + query := ` + SELECT version, content_cid, build_cid, deployed_at, deployed_by, status + FROM deployment_history + WHERE deployment_id = ? + ORDER BY version DESC + LIMIT 50 + ` + + err = h.service.db.Query(ctx, &rows, query, deployment.ID) + if err != nil { + http.Error(w, "Failed to query history", http.StatusInternalServerError) + return + } + + versions := make([]map[string]interface{}, len(rows)) + for i, row := range rows { + versions[i] = map[string]interface{}{ + "version": row.Version, + "content_cid": row.ContentCID, + "build_cid": row.BuildCID, + "deployed_at": row.DeployedAt, + "deployed_by": row.DeployedBy, + "status": row.Status, + "is_current": row.Version == deployment.Version, + } + } + + resp := map[string]interface{}{ + "deployment_id": deployment.ID, + "name": deployment.Name, + "current_version": deployment.Version, + "versions": versions, + "total": len(versions), + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} diff --git a/pkg/gateway/handlers/deployments/service.go b/pkg/gateway/handlers/deployments/service.go new file mode 100644 index 0000000..0388cf9 --- /dev/null +++ b/pkg/gateway/handlers/deployments/service.go @@ -0,0 +1,769 @@ +package deployments + +import ( + "bytes" + "context" + "crypto/rand" + "encoding/json" + "fmt" + "net/http" + "strings" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "github.com/google/uuid" + "go.uber.org/zap" +) + +const ( + // subdomainSuffixLength is the length of the random suffix for deployment subdomains + subdomainSuffixLength = 6 + // subdomainSuffixChars are the allowed characters for the random suffix (lowercase alphanumeric) + subdomainSuffixChars = "abcdefghijklmnopqrstuvwxyz0123456789" +) + +// DeploymentService manages deployment operations +type DeploymentService struct { + db rqlite.Client + homeNodeManager *deployments.HomeNodeManager + portAllocator *deployments.PortAllocator + replicaManager *deployments.ReplicaManager + logger *zap.Logger + baseDomain string // Base domain for deployments (e.g., "dbrs.space") + nodePeerID string // Current node's peer ID (deployments run on this node) +} + +// NewDeploymentService creates a new deployment service +func NewDeploymentService( + db rqlite.Client, + homeNodeManager *deployments.HomeNodeManager, + portAllocator *deployments.PortAllocator, + replicaManager *deployments.ReplicaManager, + logger *zap.Logger, +) *DeploymentService { + return &DeploymentService{ + db: db, + homeNodeManager: homeNodeManager, + portAllocator: portAllocator, + replicaManager: replicaManager, + logger: logger, + baseDomain: "dbrs.space", // default + } +} + +// SetBaseDomain sets the base domain for deployments +func (s *DeploymentService) SetBaseDomain(domain string) { + if domain != "" { + s.baseDomain = domain + } +} + +// SetNodePeerID sets the current node's peer ID +// Deployments will always run on this node (no cross-node routing for deployment creation) +func (s *DeploymentService) SetNodePeerID(peerID string) { + s.nodePeerID = peerID +} + +// BaseDomain returns the configured base domain +func (s *DeploymentService) BaseDomain() string { + if s.baseDomain == "" { + return "dbrs.space" + } + return s.baseDomain +} + +// GetShortNodeID extracts a short node ID from a full peer ID for domain naming. +// e.g., "12D3KooWGqyuQR8N..." -> "node-GqyuQR" +// If the ID is already short (starts with "node-"), returns it as-is. +func GetShortNodeID(peerID string) string { + // If already a short ID, return as-is + if len(peerID) < 20 { + return peerID + } + // Skip "12D3KooW" prefix (8 chars) and take next 6 chars + if len(peerID) > 14 { + return "node-" + peerID[8:14] + } + return "node-" + peerID[:6] +} + +// generateRandomSuffix generates a random alphanumeric suffix for subdomains +func generateRandomSuffix(length int) string { + b := make([]byte, length) + if _, err := rand.Read(b); err != nil { + // Fallback to timestamp-based if crypto/rand fails + return fmt.Sprintf("%06x", time.Now().UnixNano()%0xffffff) + } + for i := range b { + b[i] = subdomainSuffixChars[int(b[i])%len(subdomainSuffixChars)] + } + return string(b) +} + +// generateSubdomain generates a unique subdomain for a deployment +// Format: {name}-{random} (e.g., "myapp-f3o4if") +func (s *DeploymentService) generateSubdomain(ctx context.Context, name, namespace, deploymentID string) (string, error) { + // Sanitize name for subdomain (lowercase, alphanumeric and hyphens only) + sanitizedName := strings.ToLower(name) + sanitizedName = strings.Map(func(r rune) rune { + if (r >= 'a' && r <= 'z') || (r >= '0' && r <= '9') || r == '-' { + return r + } + return '-' + }, sanitizedName) + // Remove consecutive hyphens and trim + for strings.Contains(sanitizedName, "--") { + sanitizedName = strings.ReplaceAll(sanitizedName, "--", "-") + } + sanitizedName = strings.Trim(sanitizedName, "-") + + // Try to generate a unique subdomain (max 10 attempts) + for i := 0; i < 10; i++ { + suffix := generateRandomSuffix(subdomainSuffixLength) + subdomain := fmt.Sprintf("%s-%s", sanitizedName, suffix) + + // Check if subdomain is already taken globally + exists, err := s.subdomainExists(ctx, subdomain) + if err != nil { + return "", fmt.Errorf("failed to check subdomain: %w", err) + } + if !exists { + // Register the subdomain globally + if err := s.registerSubdomain(ctx, subdomain, namespace, deploymentID); err != nil { + // If registration fails (race condition), try again + s.logger.Warn("Failed to register subdomain, retrying", + zap.String("subdomain", subdomain), + zap.Error(err), + ) + continue + } + return subdomain, nil + } + } + + return "", fmt.Errorf("failed to generate unique subdomain after 10 attempts") +} + +// subdomainExists checks if a subdomain is already registered globally +func (s *DeploymentService) subdomainExists(ctx context.Context, subdomain string) (bool, error) { + type existsRow struct { + Found int `db:"found"` + } + var rows []existsRow + query := `SELECT 1 as found FROM global_deployment_subdomains WHERE subdomain = ? LIMIT 1` + err := s.db.Query(ctx, &rows, query, subdomain) + if err != nil { + return false, err + } + return len(rows) > 0, nil +} + +// registerSubdomain registers a subdomain in the global registry +func (s *DeploymentService) registerSubdomain(ctx context.Context, subdomain, namespace, deploymentID string) error { + query := ` + INSERT INTO global_deployment_subdomains (subdomain, namespace, deployment_id, created_at) + VALUES (?, ?, ?, ?) + ` + _, err := s.db.Exec(ctx, query, subdomain, namespace, deploymentID, time.Now()) + return err +} + +// CreateDeployment creates a new deployment +func (s *DeploymentService) CreateDeployment(ctx context.Context, deployment *deployments.Deployment) error { + // Always use current node's peer ID for home node + // Deployments run on the node that receives the creation request + // This ensures port allocation matches where the service actually runs + if s.nodePeerID != "" { + deployment.HomeNodeID = s.nodePeerID + } else if deployment.HomeNodeID == "" { + // Fallback to home node manager if no node peer ID configured + homeNodeID, err := s.homeNodeManager.AssignHomeNode(ctx, deployment.Namespace) + if err != nil { + return fmt.Errorf("failed to assign home node: %w", err) + } + deployment.HomeNodeID = homeNodeID + } + + // Generate unique subdomain with random suffix if not already set + // Format: {name}-{random} (e.g., "myapp-f3o4if") + if deployment.Subdomain == "" { + subdomain, err := s.generateSubdomain(ctx, deployment.Name, deployment.Namespace, deployment.ID) + if err != nil { + return fmt.Errorf("failed to generate subdomain: %w", err) + } + deployment.Subdomain = subdomain + } + + // Allocate port for dynamic deployments + if deployment.Type != deployments.DeploymentTypeStatic && deployment.Type != deployments.DeploymentTypeNextJSStatic { + port, err := s.portAllocator.AllocatePort(ctx, deployment.HomeNodeID, deployment.ID) + if err != nil { + return fmt.Errorf("failed to allocate port: %w", err) + } + deployment.Port = port + } + + // Serialize environment variables + envJSON, err := json.Marshal(deployment.Environment) + if err != nil { + return fmt.Errorf("failed to marshal environment: %w", err) + } + + // Insert deployment + query := ` + INSERT INTO deployments ( + id, namespace, name, type, version, status, + content_cid, build_cid, home_node_id, port, subdomain, environment, + memory_limit_mb, cpu_limit_percent, disk_limit_mb, + health_check_path, health_check_interval, restart_policy, max_restart_count, + created_at, updated_at, deployed_by + ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) + ` + + _, err = s.db.Exec(ctx, query, + deployment.ID, deployment.Namespace, deployment.Name, deployment.Type, deployment.Version, deployment.Status, + deployment.ContentCID, deployment.BuildCID, deployment.HomeNodeID, deployment.Port, deployment.Subdomain, string(envJSON), + deployment.MemoryLimitMB, deployment.CPULimitPercent, deployment.DiskLimitMB, + deployment.HealthCheckPath, deployment.HealthCheckInterval, deployment.RestartPolicy, deployment.MaxRestartCount, + deployment.CreatedAt, deployment.UpdatedAt, deployment.DeployedBy, + ) + + if err != nil { + return fmt.Errorf("failed to insert deployment: %w", err) + } + + // Record in history + s.recordHistory(ctx, deployment, "deployed") + + // Create replica records + if s.replicaManager != nil { + s.createDeploymentReplicas(ctx, deployment) + } + + s.logger.Info("Deployment created", + zap.String("id", deployment.ID), + zap.String("namespace", deployment.Namespace), + zap.String("name", deployment.Name), + zap.String("type", string(deployment.Type)), + zap.String("home_node", deployment.HomeNodeID), + zap.Int("port", deployment.Port), + ) + + return nil +} + +// createDeploymentReplicas creates replica records for a deployment. +// The primary replica is always the current node. A secondary replica is +// selected from available nodes using capacity scoring. +func (s *DeploymentService) createDeploymentReplicas(ctx context.Context, deployment *deployments.Deployment) { + primaryNodeID := deployment.HomeNodeID + + // Register the primary replica + if err := s.replicaManager.CreateReplica(ctx, deployment.ID, primaryNodeID, deployment.Port, true); err != nil { + s.logger.Error("Failed to create primary replica record", + zap.String("deployment_id", deployment.ID), + zap.Error(err), + ) + return + } + + // Select a secondary node + secondaryNodes, err := s.replicaManager.SelectReplicaNodes(ctx, primaryNodeID, deployments.DefaultReplicaCount-1) + if err != nil { + s.logger.Warn("Failed to select secondary replica nodes", + zap.String("deployment_id", deployment.ID), + zap.Error(err), + ) + return + } + + if len(secondaryNodes) == 0 { + s.logger.Warn("No secondary nodes available for replica, running with single replica", + zap.String("deployment_id", deployment.ID), + ) + return + } + + for _, nodeID := range secondaryNodes { + isStatic := deployment.Type == deployments.DeploymentTypeStatic || + deployment.Type == deployments.DeploymentTypeNextJSStatic || + deployment.Type == deployments.DeploymentTypeGoWASM + + if isStatic { + // Static deployments: content is in IPFS, no process to start + if err := s.replicaManager.CreateReplica(ctx, deployment.ID, nodeID, 0, false); err != nil { + s.logger.Error("Failed to create static replica", + zap.String("deployment_id", deployment.ID), + zap.String("node_id", nodeID), + zap.Error(err), + ) + } + } else { + // Dynamic deployments: fan out to the secondary node to set up the process + go s.setupDynamicReplica(ctx, deployment, nodeID) + } + } +} + +// setupDynamicReplica calls the secondary node's internal API to set up a deployment replica. +func (s *DeploymentService) setupDynamicReplica(ctx context.Context, deployment *deployments.Deployment, nodeID string) { + nodeIP, err := s.replicaManager.GetNodeIP(ctx, nodeID) + if err != nil { + s.logger.Error("Failed to get node IP for replica setup", + zap.String("node_id", nodeID), + zap.Error(err), + ) + return + } + + // Create the replica record in pending status + if err := s.replicaManager.CreateReplica(ctx, deployment.ID, nodeID, 0, false); err != nil { + s.logger.Error("Failed to create pending replica record", + zap.String("deployment_id", deployment.ID), + zap.String("node_id", nodeID), + zap.Error(err), + ) + return + } + + // Call the internal API on the target node + envJSON, _ := json.Marshal(deployment.Environment) + + payload := map[string]interface{}{ + "deployment_id": deployment.ID, + "namespace": deployment.Namespace, + "name": deployment.Name, + "type": deployment.Type, + "content_cid": deployment.ContentCID, + "build_cid": deployment.BuildCID, + "environment": string(envJSON), + "health_check_path": deployment.HealthCheckPath, + "memory_limit_mb": deployment.MemoryLimitMB, + "cpu_limit_percent": deployment.CPULimitPercent, + "restart_policy": deployment.RestartPolicy, + "max_restart_count": deployment.MaxRestartCount, + } + + resp, err := s.callInternalAPI(nodeIP, "/v1/internal/deployments/replica/setup", payload) + if err != nil { + s.logger.Error("Failed to set up dynamic replica on remote node", + zap.String("deployment_id", deployment.ID), + zap.String("node_id", nodeID), + zap.String("node_ip", nodeIP), + zap.Error(err), + ) + s.replicaManager.UpdateReplicaStatus(ctx, deployment.ID, nodeID, deployments.ReplicaStatusFailed) + return + } + + // Update replica with allocated port + if port, ok := resp["port"].(float64); ok && port > 0 { + s.replicaManager.CreateReplica(ctx, deployment.ID, nodeID, int(port), false) + } + + s.logger.Info("Dynamic replica set up on remote node", + zap.String("deployment_id", deployment.ID), + zap.String("node_id", nodeID), + ) + + // Create DNS record for the replica node (after successful setup) + dnsName := deployment.Subdomain + if dnsName == "" { + dnsName = deployment.Name + } + fqdn := fmt.Sprintf("%s.%s.", dnsName, s.BaseDomain()) + if err := s.createDNSRecord(ctx, fqdn, "A", nodeIP, deployment.Namespace, deployment.ID); err != nil { + s.logger.Error("Failed to create DNS record for replica", zap.String("node_id", nodeID), zap.Error(err)) + } else { + s.logger.Info("Created DNS record for replica", + zap.String("fqdn", fqdn), + zap.String("ip", nodeIP), + zap.String("node_id", nodeID), + ) + } +} + +// callInternalAPI makes an HTTP POST to a node's internal API. +func (s *DeploymentService) callInternalAPI(nodeIP, path string, payload map[string]interface{}) (map[string]interface{}, error) { + jsonData, err := json.Marshal(payload) + if err != nil { + return nil, fmt.Errorf("failed to marshal payload: %w", err) + } + + url := fmt.Sprintf("http://%s:6001%s", nodeIP, path) + + req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData)) + if err != nil { + return nil, fmt.Errorf("failed to create request: %w", err) + } + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Orama-Internal-Auth", "replica-coordination") + + client := &http.Client{Timeout: 120 * time.Second} + resp, err := client.Do(req) + if err != nil { + return nil, fmt.Errorf("request failed: %w", err) + } + defer resp.Body.Close() + + var result map[string]interface{} + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + return nil, fmt.Errorf("failed to decode response: %w", err) + } + + if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated { + return result, fmt.Errorf("remote node returned status %d", resp.StatusCode) + } + + return result, nil +} + +// GetDeployment retrieves a deployment by namespace and name +func (s *DeploymentService) GetDeployment(ctx context.Context, namespace, name string) (*deployments.Deployment, error) { + type deploymentRow struct { + ID string `db:"id"` + Namespace string `db:"namespace"` + Name string `db:"name"` + Type string `db:"type"` + Version int `db:"version"` + Status string `db:"status"` + ContentCID string `db:"content_cid"` + BuildCID string `db:"build_cid"` + HomeNodeID string `db:"home_node_id"` + Port int `db:"port"` + Subdomain string `db:"subdomain"` + Environment string `db:"environment"` + MemoryLimitMB int `db:"memory_limit_mb"` + CPULimitPercent int `db:"cpu_limit_percent"` + DiskLimitMB int `db:"disk_limit_mb"` + HealthCheckPath string `db:"health_check_path"` + HealthCheckInterval int `db:"health_check_interval"` + RestartPolicy string `db:"restart_policy"` + MaxRestartCount int `db:"max_restart_count"` + CreatedAt time.Time `db:"created_at"` + UpdatedAt time.Time `db:"updated_at"` + DeployedBy string `db:"deployed_by"` + } + + var rows []deploymentRow + query := `SELECT * FROM deployments WHERE namespace = ? AND name = ? LIMIT 1` + err := s.db.Query(ctx, &rows, query, namespace, name) + if err != nil { + return nil, fmt.Errorf("failed to query deployment: %w", err) + } + + if len(rows) == 0 { + return nil, deployments.ErrDeploymentNotFound + } + + row := rows[0] + var env map[string]string + if err := json.Unmarshal([]byte(row.Environment), &env); err != nil { + env = make(map[string]string) + } + + return &deployments.Deployment{ + ID: row.ID, + Namespace: row.Namespace, + Name: row.Name, + Type: deployments.DeploymentType(row.Type), + Version: row.Version, + Status: deployments.DeploymentStatus(row.Status), + ContentCID: row.ContentCID, + BuildCID: row.BuildCID, + HomeNodeID: row.HomeNodeID, + Port: row.Port, + Subdomain: row.Subdomain, + Environment: env, + MemoryLimitMB: row.MemoryLimitMB, + CPULimitPercent: row.CPULimitPercent, + DiskLimitMB: row.DiskLimitMB, + HealthCheckPath: row.HealthCheckPath, + HealthCheckInterval: row.HealthCheckInterval, + RestartPolicy: deployments.RestartPolicy(row.RestartPolicy), + MaxRestartCount: row.MaxRestartCount, + CreatedAt: row.CreatedAt, + UpdatedAt: row.UpdatedAt, + DeployedBy: row.DeployedBy, + }, nil +} + +// GetDeploymentByID retrieves a deployment by namespace and ID +func (s *DeploymentService) GetDeploymentByID(ctx context.Context, namespace, id string) (*deployments.Deployment, error) { + type deploymentRow struct { + ID string `db:"id"` + Namespace string `db:"namespace"` + Name string `db:"name"` + Type string `db:"type"` + Version int `db:"version"` + Status string `db:"status"` + ContentCID string `db:"content_cid"` + BuildCID string `db:"build_cid"` + HomeNodeID string `db:"home_node_id"` + Port int `db:"port"` + Subdomain string `db:"subdomain"` + Environment string `db:"environment"` + MemoryLimitMB int `db:"memory_limit_mb"` + CPULimitPercent int `db:"cpu_limit_percent"` + DiskLimitMB int `db:"disk_limit_mb"` + HealthCheckPath string `db:"health_check_path"` + HealthCheckInterval int `db:"health_check_interval"` + RestartPolicy string `db:"restart_policy"` + MaxRestartCount int `db:"max_restart_count"` + CreatedAt time.Time `db:"created_at"` + UpdatedAt time.Time `db:"updated_at"` + DeployedBy string `db:"deployed_by"` + } + + var rows []deploymentRow + query := `SELECT * FROM deployments WHERE namespace = ? AND id = ? LIMIT 1` + err := s.db.Query(ctx, &rows, query, namespace, id) + if err != nil { + return nil, fmt.Errorf("failed to query deployment: %w", err) + } + + if len(rows) == 0 { + return nil, deployments.ErrDeploymentNotFound + } + + row := rows[0] + var env map[string]string + if err := json.Unmarshal([]byte(row.Environment), &env); err != nil { + env = make(map[string]string) + } + + return &deployments.Deployment{ + ID: row.ID, + Namespace: row.Namespace, + Name: row.Name, + Type: deployments.DeploymentType(row.Type), + Version: row.Version, + Status: deployments.DeploymentStatus(row.Status), + ContentCID: row.ContentCID, + BuildCID: row.BuildCID, + HomeNodeID: row.HomeNodeID, + Port: row.Port, + Subdomain: row.Subdomain, + Environment: env, + MemoryLimitMB: row.MemoryLimitMB, + CPULimitPercent: row.CPULimitPercent, + DiskLimitMB: row.DiskLimitMB, + HealthCheckPath: row.HealthCheckPath, + HealthCheckInterval: row.HealthCheckInterval, + RestartPolicy: deployments.RestartPolicy(row.RestartPolicy), + MaxRestartCount: row.MaxRestartCount, + CreatedAt: row.CreatedAt, + UpdatedAt: row.UpdatedAt, + DeployedBy: row.DeployedBy, + }, nil +} + +// UpdateDeploymentStatus updates the status of a deployment +func (s *DeploymentService) UpdateDeploymentStatus(ctx context.Context, deploymentID string, status deployments.DeploymentStatus) error { + query := `UPDATE deployments SET status = ?, updated_at = ? WHERE id = ?` + _, err := s.db.Exec(ctx, query, status, time.Now(), deploymentID) + if err != nil { + s.logger.Error("Failed to update deployment status", + zap.String("deployment_id", deploymentID), + zap.String("status", string(status)), + zap.Error(err), + ) + return fmt.Errorf("failed to update deployment status: %w", err) + } + return nil +} + +// CreateDNSRecords creates DNS records for a deployment. +// Creates A records for the home node and all replica nodes for round-robin DNS. +func (s *DeploymentService) CreateDNSRecords(ctx context.Context, deployment *deployments.Deployment) error { + // Use subdomain if set, otherwise fall back to name + dnsName := deployment.Subdomain + if dnsName == "" { + dnsName = deployment.Name + } + fqdn := fmt.Sprintf("%s.%s.", dnsName, s.BaseDomain()) + + // Collect all node IDs that should have DNS records (home node + replicas) + nodeIDs := []string{deployment.HomeNodeID} + if s.replicaManager != nil { + replicaNodes, err := s.replicaManager.GetActiveReplicaNodes(ctx, deployment.ID) + if err == nil { + for _, nodeID := range replicaNodes { + if nodeID != deployment.HomeNodeID { + nodeIDs = append(nodeIDs, nodeID) + } + } + } + } + + for _, nodeID := range nodeIDs { + nodeIP, err := s.getNodeIP(ctx, nodeID) + if err != nil { + s.logger.Error("Failed to get node IP for DNS record", zap.String("node_id", nodeID), zap.Error(err)) + continue + } + if err := s.createDNSRecord(ctx, fqdn, "A", nodeIP, deployment.Namespace, deployment.ID); err != nil { + s.logger.Error("Failed to create DNS record", zap.String("node_id", nodeID), zap.Error(err)) + } else { + s.logger.Info("Created DNS record", + zap.String("fqdn", fqdn), + zap.String("ip", nodeIP), + zap.String("node_id", nodeID), + ) + } + } + + return nil +} + +// createDNSRecord creates a single DNS record +func (s *DeploymentService) createDNSRecord(ctx context.Context, fqdn, recordType, value, namespace, deploymentID string) error { + query := ` + INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, deployment_id, is_active, created_at, updated_at, created_by) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) + ON CONFLICT(fqdn, record_type, value) DO UPDATE SET + deployment_id = excluded.deployment_id, + updated_at = excluded.updated_at, + is_active = TRUE + ` + + now := time.Now() + _, err := s.db.Exec(ctx, query, fqdn, recordType, value, 300, namespace, deploymentID, true, now, now, "system") + return err +} + +// getNodeIP retrieves the IP address for a node. +// It tries to find the node by full peer ID first, then by short node ID. +func (s *DeploymentService) getNodeIP(ctx context.Context, nodeID string) (string, error) { + type nodeRow struct { + IPAddress string `db:"ip_address"` + } + + var rows []nodeRow + + // Try full node ID first (prefer internal/WG IP for cross-node communication) + query := `SELECT COALESCE(internal_ip, ip_address) AS ip_address FROM dns_nodes WHERE id = ? LIMIT 1` + err := s.db.Query(ctx, &rows, query, nodeID) + if err != nil { + return "", err + } + + // If found, return it + if len(rows) > 0 { + return rows[0].IPAddress, nil + } + + // Try with short node ID if the original was a full peer ID + shortID := GetShortNodeID(nodeID) + if shortID != nodeID { + err = s.db.Query(ctx, &rows, query, shortID) + if err != nil { + return "", err + } + if len(rows) > 0 { + return rows[0].IPAddress, nil + } + } + + return "", fmt.Errorf("node not found: %s (tried: %s, %s)", nodeID, nodeID, shortID) +} + +// BuildDeploymentURLs builds all URLs for a deployment +func (s *DeploymentService) BuildDeploymentURLs(deployment *deployments.Deployment) []string { + // Use subdomain if set, otherwise fall back to name + // New format: {name}-{random}.{baseDomain} (e.g., myapp-f3o4if.dbrs.space) + dnsName := deployment.Subdomain + if dnsName == "" { + dnsName = deployment.Name + } + return []string{ + fmt.Sprintf("https://%s.%s", dnsName, s.BaseDomain()), + } +} + +// recordHistory records deployment history +func (s *DeploymentService) recordHistory(ctx context.Context, deployment *deployments.Deployment, status string) { + query := ` + INSERT INTO deployment_history (id, deployment_id, version, content_cid, build_cid, deployed_at, deployed_by, status) + VALUES (?, ?, ?, ?, ?, ?, ?, ?) + ` + + _, err := s.db.Exec(ctx, query, + uuid.New().String(), + deployment.ID, + deployment.Version, + deployment.ContentCID, + deployment.BuildCID, + time.Now(), + deployment.DeployedBy, + status, + ) + + if err != nil { + s.logger.Error("Failed to record history", zap.Error(err)) + } +} + +// FanOutToReplicas sends an internal API call to all non-local replica nodes +// for a given deployment. The path should be the internal API endpoint +// (e.g., "/v1/internal/deployments/replica/update"). Errors are logged but +// do not fail the operation — replicas are updated on a best-effort basis. +func (s *DeploymentService) FanOutToReplicas(ctx context.Context, deployment *deployments.Deployment, path string, extraPayload map[string]interface{}) { + if s.replicaManager == nil { + return + } + + replicaNodes, err := s.replicaManager.GetActiveReplicaNodes(ctx, deployment.ID) + if err != nil { + s.logger.Warn("Failed to get replica nodes for fan-out", + zap.String("deployment_id", deployment.ID), + zap.Error(err), + ) + return + } + + payload := map[string]interface{}{ + "deployment_id": deployment.ID, + "namespace": deployment.Namespace, + "name": deployment.Name, + "type": deployment.Type, + "content_cid": deployment.ContentCID, + "build_cid": deployment.BuildCID, + } + for k, v := range extraPayload { + payload[k] = v + } + + for _, nodeID := range replicaNodes { + if nodeID == s.nodePeerID { + continue // Skip self + } + + nodeIP, err := s.replicaManager.GetNodeIP(ctx, nodeID) + if err != nil { + s.logger.Warn("Failed to get IP for replica node", + zap.String("node_id", nodeID), + zap.Error(err), + ) + continue + } + + go func(ip, nid string) { + _, err := s.callInternalAPI(ip, path, payload) + if err != nil { + s.logger.Error("Replica fan-out failed", + zap.String("node_id", nid), + zap.String("path", path), + zap.Error(err), + ) + } else { + s.logger.Info("Replica fan-out succeeded", + zap.String("node_id", nid), + zap.String("path", path), + ) + } + }(nodeIP, nodeID) + } +} diff --git a/pkg/gateway/handlers/deployments/static_handler.go b/pkg/gateway/handlers/deployments/static_handler.go new file mode 100644 index 0000000..dde85b3 --- /dev/null +++ b/pkg/gateway/handlers/deployments/static_handler.go @@ -0,0 +1,319 @@ +package deployments + +import ( + "archive/tar" + "compress/gzip" + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "path/filepath" + "strings" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/gateway/ctxkeys" + "github.com/DeBrosOfficial/network/pkg/ipfs" + "github.com/google/uuid" + "go.uber.org/zap" +) + +// getNamespaceFromContext extracts the namespace from the request context +// Returns empty string if namespace is not found +func getNamespaceFromContext(ctx context.Context) string { + if ns, ok := ctx.Value(ctxkeys.NamespaceOverride).(string); ok { + return ns + } + return "" +} + +// StaticDeploymentHandler handles static site deployments +type StaticDeploymentHandler struct { + service *DeploymentService + ipfsClient ipfs.IPFSClient + logger *zap.Logger +} + +// NewStaticDeploymentHandler creates a new static deployment handler +func NewStaticDeploymentHandler(service *DeploymentService, ipfsClient ipfs.IPFSClient, logger *zap.Logger) *StaticDeploymentHandler { + return &StaticDeploymentHandler{ + service: service, + ipfsClient: ipfsClient, + logger: logger, + } +} + +// HandleUpload handles static site upload and deployment +func (h *StaticDeploymentHandler) HandleUpload(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + + // Get namespace from context (set by auth middleware) + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + // Parse multipart form + if err := r.ParseMultipartForm(100 << 20); err != nil { // 100MB max + http.Error(w, "Failed to parse form", http.StatusBadRequest) + return + } + + // Get deployment metadata + name := r.FormValue("name") + subdomain := r.FormValue("subdomain") + if name == "" { + http.Error(w, "Deployment name is required", http.StatusBadRequest) + return + } + + // Get tarball file + file, header, err := r.FormFile("tarball") + if err != nil { + http.Error(w, "Tarball file is required", http.StatusBadRequest) + return + } + defer file.Close() + + // Validate file extension + if !strings.HasSuffix(header.Filename, ".tar.gz") && !strings.HasSuffix(header.Filename, ".tgz") { + http.Error(w, "File must be a .tar.gz or .tgz archive", http.StatusBadRequest) + return + } + + h.logger.Info("Uploading static site", + zap.String("namespace", namespace), + zap.String("name", name), + zap.String("filename", header.Filename), + zap.Int64("size", header.Size), + ) + + // Extract tarball to temporary directory + // Create a wrapper directory so IPFS creates a root CID + tmpDir, err := os.MkdirTemp("", "static-deploy-*") + if err != nil { + h.logger.Error("Failed to create temp directory", zap.Error(err)) + http.Error(w, "Failed to process tarball", http.StatusInternalServerError) + return + } + defer os.RemoveAll(tmpDir) + + // Extract into a subdirectory called "site" so we get a root directory CID + siteDir := filepath.Join(tmpDir, "site") + if err := os.MkdirAll(siteDir, 0755); err != nil { + h.logger.Error("Failed to create site directory", zap.Error(err)) + http.Error(w, "Failed to process tarball", http.StatusInternalServerError) + return + } + + if err := extractTarball(file, siteDir); err != nil { + h.logger.Error("Failed to extract tarball", zap.Error(err)) + http.Error(w, "Failed to extract tarball", http.StatusInternalServerError) + return + } + + // Upload the parent directory (tmpDir) to IPFS, which will create a CID for the "site" subdirectory + addResp, err := h.ipfsClient.AddDirectory(ctx, tmpDir) + if err != nil { + h.logger.Error("Failed to upload to IPFS", zap.Error(err)) + http.Error(w, "Failed to upload content", http.StatusInternalServerError) + return + } + + cid := addResp.Cid + + h.logger.Info("Content uploaded to IPFS", + zap.String("cid", cid), + zap.String("namespace", namespace), + zap.String("name", name), + ) + + // Create deployment + deployment := &deployments.Deployment{ + ID: uuid.New().String(), + Namespace: namespace, + Name: name, + Type: deployments.DeploymentTypeStatic, + Version: 1, + Status: deployments.DeploymentStatusActive, + ContentCID: cid, + Subdomain: subdomain, + Environment: make(map[string]string), + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + DeployedBy: namespace, + } + + // Save deployment + if err := h.service.CreateDeployment(ctx, deployment); err != nil { + h.logger.Error("Failed to create deployment", zap.Error(err)) + http.Error(w, "Failed to create deployment", http.StatusInternalServerError) + return + } + + // Create DNS records (use background context since HTTP context will be cancelled) + go h.service.CreateDNSRecords(context.Background(), deployment) + + // Build URLs + urls := h.service.BuildDeploymentURLs(deployment) + + // Return response + resp := map[string]interface{}{ + "deployment_id": deployment.ID, + "name": deployment.Name, + "namespace": deployment.Namespace, + "status": deployment.Status, + "content_cid": deployment.ContentCID, + "urls": urls, + "version": deployment.Version, + "created_at": deployment.CreatedAt, + } + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusCreated) + json.NewEncoder(w).Encode(resp) +} + +// HandleServe serves static content from IPFS +func (h *StaticDeploymentHandler) HandleServe(w http.ResponseWriter, r *http.Request, deployment *deployments.Deployment) { + ctx := r.Context() + + // Get requested path + requestPath := r.URL.Path + if requestPath == "" || requestPath == "/" { + requestPath = "/index.html" + } + + // Build IPFS path + ipfsPath := fmt.Sprintf("/ipfs/%s%s", deployment.ContentCID, requestPath) + + h.logger.Debug("Serving static content", + zap.String("deployment", deployment.Name), + zap.String("path", requestPath), + zap.String("ipfs_path", ipfsPath), + ) + + // Try to get the file + reader, err := h.ipfsClient.Get(ctx, ipfsPath, "") + if err != nil { + // Try with /index.html for directories + if !strings.HasSuffix(requestPath, ".html") { + indexPath := fmt.Sprintf("/ipfs/%s%s/index.html", deployment.ContentCID, requestPath) + reader, err = h.ipfsClient.Get(ctx, indexPath, "") + } + + // Fallback to /index.html for SPA routing + if err != nil { + fallbackPath := fmt.Sprintf("/ipfs/%s/index.html", deployment.ContentCID) + reader, err = h.ipfsClient.Get(ctx, fallbackPath, "") + if err != nil { + h.logger.Error("Failed to serve content", zap.Error(err)) + http.NotFound(w, r) + return + } + } + } + defer reader.Close() + + // Detect content type + contentType := detectContentType(requestPath) + w.Header().Set("Content-Type", contentType) + w.Header().Set("Cache-Control", "public, max-age=3600") + + // Copy content to response + if _, err := io.Copy(w, reader); err != nil { + h.logger.Error("Failed to write response", zap.Error(err)) + } +} + +// detectContentType determines content type from file extension +func detectContentType(filename string) string { + ext := strings.ToLower(filepath.Ext(filename)) + types := map[string]string{ + ".html": "text/html; charset=utf-8", + ".css": "text/css; charset=utf-8", + ".js": "application/javascript; charset=utf-8", + ".json": "application/json", + ".xml": "application/xml", + ".png": "image/png", + ".jpg": "image/jpeg", + ".jpeg": "image/jpeg", + ".gif": "image/gif", + ".svg": "image/svg+xml", + ".ico": "image/x-icon", + ".woff": "font/woff", + ".woff2": "font/woff2", + ".ttf": "font/ttf", + ".eot": "application/vnd.ms-fontobject", + ".txt": "text/plain; charset=utf-8", + ".pdf": "application/pdf", + ".zip": "application/zip", + } + + if contentType, ok := types[ext]; ok { + return contentType + } + + return "application/octet-stream" +} + +// extractTarball extracts a .tar.gz file to the specified directory +func extractTarball(reader io.Reader, destDir string) error { + gzr, err := gzip.NewReader(reader) + if err != nil { + return fmt.Errorf("failed to create gzip reader: %w", err) + } + defer gzr.Close() + + tr := tar.NewReader(gzr) + + for { + header, err := tr.Next() + if err == io.EOF { + break + } + if err != nil { + return fmt.Errorf("failed to read tar header: %w", err) + } + + // Build target path + target := filepath.Join(destDir, header.Name) + + // Prevent path traversal - clean both paths before comparing + cleanDest := filepath.Clean(destDir) + string(os.PathSeparator) + cleanTarget := filepath.Clean(target) + if !strings.HasPrefix(cleanTarget, cleanDest) && cleanTarget != filepath.Clean(destDir) { + return fmt.Errorf("invalid file path in tarball: %s", header.Name) + } + + switch header.Typeflag { + case tar.TypeDir: + if err := os.MkdirAll(target, 0755); err != nil { + return fmt.Errorf("failed to create directory: %w", err) + } + case tar.TypeReg: + // Create parent directory if needed + if err := os.MkdirAll(filepath.Dir(target), 0755); err != nil { + return fmt.Errorf("failed to create parent directory: %w", err) + } + + // Create file + f, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode)) + if err != nil { + return fmt.Errorf("failed to create file: %w", err) + } + + if _, err := io.Copy(f, tr); err != nil { + f.Close() + return fmt.Errorf("failed to write file: %w", err) + } + f.Close() + } + } + + return nil +} + diff --git a/pkg/gateway/handlers/deployments/stats_handler.go b/pkg/gateway/handlers/deployments/stats_handler.go new file mode 100644 index 0000000..416df6c --- /dev/null +++ b/pkg/gateway/handlers/deployments/stats_handler.go @@ -0,0 +1,91 @@ +package deployments + +import ( + "encoding/json" + "net/http" + "os" + "path/filepath" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/deployments/process" + "go.uber.org/zap" +) + +// StatsHandler handles on-demand deployment resource stats +type StatsHandler struct { + service *DeploymentService + processManager *process.Manager + logger *zap.Logger + baseDeployPath string +} + +// NewStatsHandler creates a new stats handler +func NewStatsHandler(service *DeploymentService, processManager *process.Manager, logger *zap.Logger, baseDeployPath string) *StatsHandler { + if baseDeployPath == "" { + baseDeployPath = filepath.Join(os.Getenv("HOME"), ".orama", "deployments") + } + return &StatsHandler{ + service: service, + processManager: processManager, + logger: logger, + baseDeployPath: baseDeployPath, + } +} + +// HandleStats returns on-demand resource usage for a deployment +func (h *StatsHandler) HandleStats(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + name := r.URL.Query().Get("name") + if name == "" { + http.Error(w, "name query parameter is required", http.StatusBadRequest) + return + } + + deployment, err := h.service.GetDeployment(ctx, namespace, name) + if err != nil { + if err == deployments.ErrDeploymentNotFound { + http.Error(w, "Deployment not found", http.StatusNotFound) + } else { + http.Error(w, "Failed to get deployment", http.StatusInternalServerError) + } + return + } + + deployPath := filepath.Join(h.baseDeployPath, deployment.Namespace, deployment.Name) + + resp := map[string]interface{}{ + "name": deployment.Name, + "type": string(deployment.Type), + "status": string(deployment.Status), + } + + if deployment.Port == 0 { + // Static deployment — only disk + stats, _ := h.processManager.GetStats(ctx, deployment, deployPath) + if stats != nil { + resp["disk_mb"] = float64(stats.DiskBytes) / (1024 * 1024) + } + } else { + // Dynamic deployment — full stats + stats, err := h.processManager.GetStats(ctx, deployment, deployPath) + if err != nil { + h.logger.Warn("Failed to get stats", zap.Error(err)) + } + if stats != nil { + resp["pid"] = stats.PID + resp["uptime_seconds"] = stats.UptimeSecs + resp["cpu_percent"] = stats.CPUPercent + resp["memory_rss_mb"] = float64(stats.MemoryRSS) / (1024 * 1024) + resp["disk_mb"] = float64(stats.DiskBytes) / (1024 * 1024) + } + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} diff --git a/pkg/gateway/handlers/deployments/update_handler.go b/pkg/gateway/handlers/deployments/update_handler.go new file mode 100644 index 0000000..f11652e --- /dev/null +++ b/pkg/gateway/handlers/deployments/update_handler.go @@ -0,0 +1,287 @@ +package deployments + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "os" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "go.uber.org/zap" +) + +// ProcessManager interface for process operations +type ProcessManager interface { + Restart(ctx context.Context, deployment *deployments.Deployment) error + WaitForHealthy(ctx context.Context, deployment *deployments.Deployment, timeout time.Duration) error +} + +// UpdateHandler handles deployment updates +type UpdateHandler struct { + service *DeploymentService + staticHandler *StaticDeploymentHandler + nextjsHandler *NextJSHandler + processManager ProcessManager + logger *zap.Logger +} + +// NewUpdateHandler creates a new update handler +func NewUpdateHandler( + service *DeploymentService, + staticHandler *StaticDeploymentHandler, + nextjsHandler *NextJSHandler, + processManager ProcessManager, + logger *zap.Logger, +) *UpdateHandler { + return &UpdateHandler{ + service: service, + staticHandler: staticHandler, + nextjsHandler: nextjsHandler, + processManager: processManager, + logger: logger, + } +} + +// HandleUpdate handles deployment updates +func (h *UpdateHandler) HandleUpdate(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace := getNamespaceFromContext(ctx) + if namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + // Parse multipart form + if err := r.ParseMultipartForm(200 << 20); err != nil { + http.Error(w, "Failed to parse form", http.StatusBadRequest) + return + } + + name := r.FormValue("name") + if name == "" { + http.Error(w, "Deployment name is required", http.StatusBadRequest) + return + } + + // Get existing deployment + existing, err := h.service.GetDeployment(ctx, namespace, name) + if err != nil { + if err == deployments.ErrDeploymentNotFound { + http.Error(w, "Deployment not found", http.StatusNotFound) + } else { + http.Error(w, "Failed to get deployment", http.StatusInternalServerError) + } + return + } + + h.logger.Info("Updating deployment", + zap.String("namespace", namespace), + zap.String("name", name), + zap.Int("current_version", existing.Version), + ) + + // Handle update based on deployment type + var updated *deployments.Deployment + + switch existing.Type { + case deployments.DeploymentTypeStatic, deployments.DeploymentTypeNextJSStatic: + updated, err = h.updateStatic(ctx, existing, r) + case deployments.DeploymentTypeNextJS, deployments.DeploymentTypeNodeJSBackend, deployments.DeploymentTypeGoBackend: + updated, err = h.updateDynamic(ctx, existing, r) + default: + http.Error(w, "Unsupported deployment type", http.StatusBadRequest) + return + } + + if err != nil { + h.logger.Error("Update failed", zap.Error(err)) + http.Error(w, fmt.Sprintf("Update failed: %v", err), http.StatusInternalServerError) + return + } + + // Fan out update to replica nodes + h.service.FanOutToReplicas(ctx, updated, "/v1/internal/deployments/replica/update", map[string]interface{}{ + "new_version": updated.Version, + }) + + // Return response + resp := map[string]interface{}{ + "deployment_id": updated.ID, + "name": updated.Name, + "namespace": updated.Namespace, + "status": updated.Status, + "version": updated.Version, + "previous_version": existing.Version, + "content_cid": updated.ContentCID, + "updated_at": updated.UpdatedAt, + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// updateStatic updates a static deployment (zero-downtime CID swap) +func (h *UpdateHandler) updateStatic(ctx context.Context, existing *deployments.Deployment, r *http.Request) (*deployments.Deployment, error) { + // Get new tarball + file, header, err := r.FormFile("tarball") + if err != nil { + return nil, fmt.Errorf("tarball file required for update") + } + defer file.Close() + + // Upload to IPFS + addResp, err := h.staticHandler.ipfsClient.Add(ctx, file, header.Filename) + if err != nil { + return nil, fmt.Errorf("failed to upload to IPFS: %w", err) + } + + cid := addResp.Cid + + h.logger.Info("New content uploaded", + zap.String("deployment", existing.Name), + zap.String("old_cid", existing.ContentCID), + zap.String("new_cid", cid), + ) + + // Atomic CID swap + newVersion := existing.Version + 1 + now := time.Now() + + query := ` + UPDATE deployments + SET content_cid = ?, version = ?, updated_at = ? + WHERE namespace = ? AND name = ? + ` + + _, err = h.service.db.Exec(ctx, query, cid, newVersion, now, existing.Namespace, existing.Name) + if err != nil { + return nil, fmt.Errorf("failed to update deployment: %w", err) + } + + // Record in history + h.service.recordHistory(ctx, existing, "updated") + + existing.ContentCID = cid + existing.Version = newVersion + existing.UpdatedAt = now + + h.logger.Info("Static deployment updated", + zap.String("deployment", existing.Name), + zap.Int("version", newVersion), + zap.String("cid", cid), + ) + + return existing, nil +} + +// updateDynamic updates a dynamic deployment (graceful restart) +func (h *UpdateHandler) updateDynamic(ctx context.Context, existing *deployments.Deployment, r *http.Request) (*deployments.Deployment, error) { + // Get new tarball + file, header, err := r.FormFile("tarball") + if err != nil { + return nil, fmt.Errorf("tarball file required for update") + } + defer file.Close() + + // Upload to IPFS + addResp, err := h.nextjsHandler.ipfsClient.Add(ctx, file, header.Filename) + if err != nil { + return nil, fmt.Errorf("failed to upload to IPFS: %w", err) + } + + cid := addResp.Cid + + h.logger.Info("New build uploaded", + zap.String("deployment", existing.Name), + zap.String("old_cid", existing.BuildCID), + zap.String("new_cid", cid), + ) + + // Extract to staging directory + stagingPath := fmt.Sprintf("%s.new", h.nextjsHandler.baseDeployPath+"/"+existing.Namespace+"/"+existing.Name) + if err := os.MkdirAll(stagingPath, 0755); err != nil { + return nil, fmt.Errorf("failed to create staging directory: %w", err) + } + if err := h.nextjsHandler.extractFromIPFS(ctx, cid, stagingPath); err != nil { + return nil, fmt.Errorf("failed to extract new build: %w", err) + } + + // Atomic swap: rename old to .old, new to current + deployPath := h.nextjsHandler.baseDeployPath + "/" + existing.Namespace + "/" + existing.Name + oldPath := deployPath + ".old" + + // Backup current + if err := renameDirectory(deployPath, oldPath); err != nil { + return nil, fmt.Errorf("failed to backup current deployment: %w", err) + } + + // Activate new + if err := renameDirectory(stagingPath, deployPath); err != nil { + // Rollback + renameDirectory(oldPath, deployPath) + return nil, fmt.Errorf("failed to activate new deployment: %w", err) + } + + // Restart process + if err := h.processManager.Restart(ctx, existing); err != nil { + // Rollback + renameDirectory(deployPath, stagingPath) + renameDirectory(oldPath, deployPath) + h.processManager.Restart(ctx, existing) + return nil, fmt.Errorf("failed to restart process: %w", err) + } + + // Wait for healthy + if err := h.processManager.WaitForHealthy(ctx, existing, 60*time.Second); err != nil { + h.logger.Warn("Deployment unhealthy after update, rolling back", zap.Error(err)) + // Rollback + renameDirectory(deployPath, stagingPath) + renameDirectory(oldPath, deployPath) + h.processManager.Restart(ctx, existing) + return nil, fmt.Errorf("new deployment failed health check, rolled back: %w", err) + } + + // Update database + newVersion := existing.Version + 1 + now := time.Now() + + query := ` + UPDATE deployments + SET build_cid = ?, version = ?, updated_at = ? + WHERE namespace = ? AND name = ? + ` + + _, err = h.service.db.Exec(ctx, query, cid, newVersion, now, existing.Namespace, existing.Name) + if err != nil { + h.logger.Error("Failed to update database", zap.Error(err)) + } + + // Record in history + h.service.recordHistory(ctx, existing, "updated") + + // Cleanup old + removeDirectory(oldPath) + + existing.BuildCID = cid + existing.Version = newVersion + existing.UpdatedAt = now + + h.logger.Info("Dynamic deployment updated", + zap.String("deployment", existing.Name), + zap.Int("version", newVersion), + zap.String("cid", cid), + ) + + return existing, nil +} + +// Helper functions for filesystem operations +func renameDirectory(old, new string) error { + return os.Rename(old, new) +} + +func removeDirectory(path string) error { + return os.RemoveAll(path) +} diff --git a/pkg/gateway/handlers/join/handler.go b/pkg/gateway/handlers/join/handler.go new file mode 100644 index 0000000..d59b56d --- /dev/null +++ b/pkg/gateway/handlers/join/handler.go @@ -0,0 +1,459 @@ +package join + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "os" + "os/exec" + "strings" + "time" + + "path/filepath" + + "github.com/DeBrosOfficial/network/pkg/rqlite" + "github.com/libp2p/go-libp2p/core/crypto" + "github.com/libp2p/go-libp2p/core/peer" + "go.uber.org/zap" +) + +// JoinRequest is the request body for node join +type JoinRequest struct { + Token string `json:"token"` + WGPublicKey string `json:"wg_public_key"` + PublicIP string `json:"public_ip"` +} + +// JoinResponse contains everything a joining node needs +type JoinResponse struct { + // WireGuard + WGIP string `json:"wg_ip"` + WGPeers []WGPeerInfo `json:"wg_peers"` + + // Secrets + ClusterSecret string `json:"cluster_secret"` + SwarmKey string `json:"swarm_key"` + + // Cluster join info (all using WG IPs) + RQLiteJoinAddress string `json:"rqlite_join_address"` + IPFSPeer PeerInfo `json:"ipfs_peer"` + IPFSClusterPeer PeerInfo `json:"ipfs_cluster_peer"` + BootstrapPeers []string `json:"bootstrap_peers"` + + // Olric seed peers (WG IP:port for memberlist) + OlricPeers []string `json:"olric_peers,omitempty"` + + // Domain + BaseDomain string `json:"base_domain"` +} + +// WGPeerInfo represents a WireGuard peer +type WGPeerInfo struct { + PublicKey string `json:"public_key"` + Endpoint string `json:"endpoint"` + AllowedIP string `json:"allowed_ip"` +} + +// PeerInfo represents an IPFS/Cluster peer +type PeerInfo struct { + ID string `json:"id"` + Addrs []string `json:"addrs"` +} + +// Handler handles the node join endpoint +type Handler struct { + logger *zap.Logger + rqliteClient rqlite.Client + oramaDir string // e.g., /home/debros/.orama +} + +// NewHandler creates a new join handler +func NewHandler(logger *zap.Logger, rqliteClient rqlite.Client, oramaDir string) *Handler { + return &Handler{ + logger: logger, + rqliteClient: rqliteClient, + oramaDir: oramaDir, + } +} + +// HandleJoin handles POST /v1/internal/join +func (h *Handler) HandleJoin(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.Error(w, "method not allowed", http.StatusMethodNotAllowed) + return + } + + var req JoinRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + http.Error(w, "invalid request body", http.StatusBadRequest) + return + } + + if req.Token == "" || req.WGPublicKey == "" || req.PublicIP == "" { + http.Error(w, "token, wg_public_key, and public_ip are required", http.StatusBadRequest) + return + } + + ctx := r.Context() + + // 1. Validate and consume the invite token (atomic single-use) + if err := h.consumeToken(ctx, req.Token, req.PublicIP); err != nil { + h.logger.Warn("join token validation failed", zap.Error(err)) + http.Error(w, "unauthorized: invalid or expired token", http.StatusUnauthorized) + return + } + + // 2. Assign WG IP with retry on conflict + wgIP, err := h.assignWGIP(ctx) + if err != nil { + h.logger.Error("failed to assign WG IP", zap.Error(err)) + http.Error(w, "failed to assign WG IP", http.StatusInternalServerError) + return + } + + // 3. Register WG peer in database + nodeID := fmt.Sprintf("node-%s", wgIP) // temporary ID based on WG IP + _, err = h.rqliteClient.Exec(ctx, + "INSERT OR REPLACE INTO wireguard_peers (node_id, wg_ip, public_key, public_ip, wg_port) VALUES (?, ?, ?, ?, ?)", + nodeID, wgIP, req.WGPublicKey, req.PublicIP, 51820) + if err != nil { + h.logger.Error("failed to register WG peer", zap.Error(err)) + http.Error(w, "failed to register peer", http.StatusInternalServerError) + return + } + + // 4. Add peer to local WireGuard interface immediately + if err := h.addWGPeerLocally(req.WGPublicKey, req.PublicIP, wgIP); err != nil { + h.logger.Warn("failed to add WG peer to local interface", zap.Error(err)) + // Non-fatal: the sync loop will pick it up + } + + // 5. Read secrets from disk + clusterSecret, err := os.ReadFile(h.oramaDir + "/secrets/cluster-secret") + if err != nil { + h.logger.Error("failed to read cluster secret", zap.Error(err)) + http.Error(w, "internal error reading secrets", http.StatusInternalServerError) + return + } + + swarmKey, err := os.ReadFile(h.oramaDir + "/secrets/swarm.key") + if err != nil { + h.logger.Error("failed to read swarm key", zap.Error(err)) + http.Error(w, "internal error reading secrets", http.StatusInternalServerError) + return + } + + // 6. Get all WG peers + wgPeers, err := h.getWGPeers(ctx, req.WGPublicKey) + if err != nil { + h.logger.Error("failed to list WG peers", zap.Error(err)) + http.Error(w, "failed to list peers", http.StatusInternalServerError) + return + } + + // 7. Get this node's WG IP + myWGIP, err := h.getMyWGIP() + if err != nil { + h.logger.Error("failed to get local WG IP", zap.Error(err)) + http.Error(w, "internal error", http.StatusInternalServerError) + return + } + + // 8. Query IPFS and IPFS Cluster peer info + ipfsPeer := h.queryIPFSPeerInfo(myWGIP) + ipfsClusterPeer := h.queryIPFSClusterPeerInfo(myWGIP) + + // 9. Get this node's libp2p peer ID for bootstrap peers + bootstrapPeers := h.buildBootstrapPeers(myWGIP, ipfsPeer.ID) + + // 10. Read base domain from config + baseDomain := h.readBaseDomain() + + // Build Olric seed peers from all existing WG peer IPs (memberlist port 3322) + var olricPeers []string + for _, p := range wgPeers { + peerIP := strings.TrimSuffix(p.AllowedIP, "/32") + olricPeers = append(olricPeers, fmt.Sprintf("%s:3322", peerIP)) + } + // Include this node too + olricPeers = append(olricPeers, fmt.Sprintf("%s:3322", myWGIP)) + + resp := JoinResponse{ + WGIP: wgIP, + WGPeers: wgPeers, + ClusterSecret: strings.TrimSpace(string(clusterSecret)), + SwarmKey: strings.TrimSpace(string(swarmKey)), + RQLiteJoinAddress: fmt.Sprintf("%s:7001", myWGIP), + IPFSPeer: ipfsPeer, + IPFSClusterPeer: ipfsClusterPeer, + BootstrapPeers: bootstrapPeers, + OlricPeers: olricPeers, + BaseDomain: baseDomain, + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) + + h.logger.Info("node joined cluster", + zap.String("wg_ip", wgIP), + zap.String("public_ip", req.PublicIP)) +} + +// consumeToken validates and marks an invite token as used (atomic single-use) +func (h *Handler) consumeToken(ctx context.Context, token, usedByIP string) error { + // Atomically mark as used — only succeeds if token exists, is unused, and not expired + result, err := h.rqliteClient.Exec(ctx, + "UPDATE invite_tokens SET used_at = datetime('now'), used_by_ip = ? WHERE token = ? AND used_at IS NULL AND expires_at > datetime('now')", + usedByIP, token) + if err != nil { + return fmt.Errorf("database error: %w", err) + } + + rowsAffected, err := result.RowsAffected() + if err != nil { + return fmt.Errorf("failed to check result: %w", err) + } + + if rowsAffected == 0 { + return fmt.Errorf("token invalid, expired, or already used") + } + + return nil +} + +// assignWGIP finds the next available 10.0.0.x IP, retrying on UNIQUE constraint violation +func (h *Handler) assignWGIP(ctx context.Context) (string, error) { + for attempt := 0; attempt < 3; attempt++ { + var result []struct { + MaxIP string `db:"max_ip"` + } + + err := h.rqliteClient.Query(ctx, &result, + "SELECT MAX(wg_ip) as max_ip FROM wireguard_peers") + if err != nil { + return "", fmt.Errorf("failed to query max WG IP: %w", err) + } + + if len(result) == 0 || result[0].MaxIP == "" { + return "10.0.0.2", nil // 10.0.0.1 is genesis + } + + maxIP := result[0].MaxIP + var a, b, c, d int + if _, err := fmt.Sscanf(maxIP, "%d.%d.%d.%d", &a, &b, &c, &d); err != nil { + return "", fmt.Errorf("failed to parse max WG IP %s: %w", maxIP, err) + } + + d++ + if d > 254 { + c++ + d = 1 + if c > 255 { + return "", fmt.Errorf("WireGuard IP space exhausted") + } + } + + nextIP := fmt.Sprintf("%d.%d.%d.%d", a, b, c, d) + return nextIP, nil + } + + return "", fmt.Errorf("failed to assign WG IP after retries") +} + +// addWGPeerLocally adds a peer to the local wg0 interface and persists to config +func (h *Handler) addWGPeerLocally(pubKey, publicIP, wgIP string) error { + // Add to running interface with persistent-keepalive + cmd := exec.Command("sudo", "wg", "set", "wg0", + "peer", pubKey, + "endpoint", fmt.Sprintf("%s:51820", publicIP), + "allowed-ips", fmt.Sprintf("%s/32", wgIP), + "persistent-keepalive", "25") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("wg set failed: %w\n%s", err, string(output)) + } + + // Persist to wg0.conf so peer survives wg-quick restart. + // Read current config, append peer section, write back. + confPath := "/etc/wireguard/wg0.conf" + data, err := os.ReadFile(confPath) + if err != nil { + h.logger.Warn("could not read wg0.conf for persistence", zap.Error(err)) + return nil // non-fatal: runtime peer is added + } + + // Check if peer already in config + if strings.Contains(string(data), pubKey) { + return nil // already persisted + } + + peerSection := fmt.Sprintf("\n[Peer]\nPublicKey = %s\nEndpoint = %s:51820\nAllowedIPs = %s/32\nPersistentKeepalive = 25\n", + pubKey, publicIP, wgIP) + + newConf := string(data) + peerSection + writeCmd := exec.Command("sudo", "tee", confPath) + writeCmd.Stdin = strings.NewReader(newConf) + if output, err := writeCmd.CombinedOutput(); err != nil { + h.logger.Warn("could not persist peer to wg0.conf", zap.Error(err), zap.String("output", string(output))) + } + + return nil +} + +// getWGPeers returns all WG peers except the requesting node +func (h *Handler) getWGPeers(ctx context.Context, excludePubKey string) ([]WGPeerInfo, error) { + type peerRow struct { + WGIP string `db:"wg_ip"` + PublicKey string `db:"public_key"` + PublicIP string `db:"public_ip"` + WGPort int `db:"wg_port"` + } + + var rows []peerRow + err := h.rqliteClient.Query(ctx, &rows, + "SELECT wg_ip, public_key, public_ip, wg_port FROM wireguard_peers ORDER BY wg_ip") + if err != nil { + return nil, err + } + + var peers []WGPeerInfo + for _, row := range rows { + if row.PublicKey == excludePubKey { + continue // don't include the requesting node itself + } + port := row.WGPort + if port == 0 { + port = 51820 + } + peers = append(peers, WGPeerInfo{ + PublicKey: row.PublicKey, + Endpoint: fmt.Sprintf("%s:%d", row.PublicIP, port), + AllowedIP: fmt.Sprintf("%s/32", row.WGIP), + }) + } + + return peers, nil +} + +// getMyWGIP gets this node's WireGuard IP from the wg0 interface +func (h *Handler) getMyWGIP() (string, error) { + out, err := exec.Command("ip", "-4", "addr", "show", "wg0").CombinedOutput() + if err != nil { + return "", fmt.Errorf("failed to get wg0 info: %w", err) + } + + // Parse "inet 10.0.0.1/32" from output + for _, line := range strings.Split(string(out), "\n") { + line = strings.TrimSpace(line) + if strings.HasPrefix(line, "inet ") { + parts := strings.Fields(line) + if len(parts) >= 2 { + ip := strings.Split(parts[1], "/")[0] + return ip, nil + } + } + } + + return "", fmt.Errorf("could not find wg0 IP address") +} + +// queryIPFSPeerInfo gets the local IPFS node's peer ID and builds addrs with WG IP +func (h *Handler) queryIPFSPeerInfo(myWGIP string) PeerInfo { + client := &http.Client{Timeout: 5 * time.Second} + resp, err := client.Post("http://localhost:4501/api/v0/id", "", nil) + if err != nil { + h.logger.Warn("failed to query IPFS peer info", zap.Error(err)) + return PeerInfo{} + } + defer resp.Body.Close() + + var result struct { + ID string `json:"ID"` + } + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + h.logger.Warn("failed to decode IPFS peer info", zap.Error(err)) + return PeerInfo{} + } + + return PeerInfo{ + ID: result.ID, + Addrs: []string{ + fmt.Sprintf("/ip4/%s/tcp/4101/p2p/%s", myWGIP, result.ID), + }, + } +} + +// queryIPFSClusterPeerInfo gets the local IPFS Cluster peer ID and builds addrs with WG IP +func (h *Handler) queryIPFSClusterPeerInfo(myWGIP string) PeerInfo { + client := &http.Client{Timeout: 5 * time.Second} + resp, err := client.Get("http://localhost:9094/id") + if err != nil { + h.logger.Warn("failed to query IPFS Cluster peer info", zap.Error(err)) + return PeerInfo{} + } + defer resp.Body.Close() + + var result struct { + ID string `json:"id"` + } + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + h.logger.Warn("failed to decode IPFS Cluster peer info", zap.Error(err)) + return PeerInfo{} + } + + return PeerInfo{ + ID: result.ID, + Addrs: []string{ + fmt.Sprintf("/ip4/%s/tcp/9100/p2p/%s", myWGIP, result.ID), + }, + } +} + +// buildBootstrapPeers constructs bootstrap peer multiaddrs using WG IPs +// Uses the node's LibP2P peer ID (port 4001), NOT the IPFS peer ID (port 4101) +func (h *Handler) buildBootstrapPeers(myWGIP, ipfsPeerID string) []string { + // Read the node's LibP2P identity from disk + keyPath := filepath.Join(h.oramaDir, "data", "identity.key") + keyData, err := os.ReadFile(keyPath) + if err != nil { + h.logger.Warn("Failed to read node identity for bootstrap peers", zap.Error(err)) + return nil + } + + priv, err := crypto.UnmarshalPrivateKey(keyData) + if err != nil { + h.logger.Warn("Failed to unmarshal node identity key", zap.Error(err)) + return nil + } + + peerID, err := peer.IDFromPublicKey(priv.GetPublic()) + if err != nil { + h.logger.Warn("Failed to derive peer ID from identity key", zap.Error(err)) + return nil + } + + return []string{ + fmt.Sprintf("/ip4/%s/tcp/4001/p2p/%s", myWGIP, peerID.String()), + } +} + +// readBaseDomain reads the base domain from node config +func (h *Handler) readBaseDomain() string { + data, err := os.ReadFile(h.oramaDir + "/configs/node.yaml") + if err != nil { + return "" + } + + // Simple parse — look for base_domain field + for _, line := range strings.Split(string(data), "\n") { + line = strings.TrimSpace(line) + if strings.HasPrefix(line, "base_domain:") { + val := strings.TrimPrefix(line, "base_domain:") + val = strings.TrimSpace(val) + val = strings.Trim(val, `"'`) + return val + } + } + + return "" +} diff --git a/pkg/gateway/handlers/namespace/delete_handler.go b/pkg/gateway/handlers/namespace/delete_handler.go new file mode 100644 index 0000000..9aae838 --- /dev/null +++ b/pkg/gateway/handlers/namespace/delete_handler.go @@ -0,0 +1,108 @@ +package namespace + +import ( + "context" + "encoding/json" + "net/http" + + "github.com/DeBrosOfficial/network/pkg/gateway/ctxkeys" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// NamespaceDeprovisioner is the interface for deprovisioning namespace clusters +type NamespaceDeprovisioner interface { + DeprovisionCluster(ctx context.Context, namespaceID int64) error +} + +// DeleteHandler handles namespace deletion requests +type DeleteHandler struct { + deprovisioner NamespaceDeprovisioner + ormClient rqlite.Client + logger *zap.Logger +} + +// NewDeleteHandler creates a new delete handler +func NewDeleteHandler(dp NamespaceDeprovisioner, orm rqlite.Client, logger *zap.Logger) *DeleteHandler { + return &DeleteHandler{ + deprovisioner: dp, + ormClient: orm, + logger: logger.With(zap.String("component", "namespace-delete-handler")), + } +} + +// ServeHTTP handles DELETE /v1/namespace/delete +func (h *DeleteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodDelete && r.Method != http.MethodPost { + writeDeleteResponse(w, http.StatusMethodNotAllowed, map[string]interface{}{"error": "method not allowed"}) + return + } + + // Get namespace from context (set by auth middleware — already ownership-verified) + ns := "" + if v := r.Context().Value(ctxkeys.NamespaceOverride); v != nil { + if s, ok := v.(string); ok { + ns = s + } + } + if ns == "" || ns == "default" { + writeDeleteResponse(w, http.StatusBadRequest, map[string]interface{}{"error": "cannot delete default namespace"}) + return + } + + if h.deprovisioner == nil { + writeDeleteResponse(w, http.StatusServiceUnavailable, map[string]interface{}{"error": "cluster provisioning not enabled"}) + return + } + + // Resolve namespace ID + var rows []map[string]interface{} + if err := h.ormClient.Query(r.Context(), &rows, "SELECT id FROM namespaces WHERE name = ? LIMIT 1", ns); err != nil || len(rows) == 0 { + writeDeleteResponse(w, http.StatusNotFound, map[string]interface{}{"error": "namespace not found"}) + return + } + + var namespaceID int64 + switch v := rows[0]["id"].(type) { + case float64: + namespaceID = int64(v) + case int64: + namespaceID = v + case int: + namespaceID = int64(v) + default: + writeDeleteResponse(w, http.StatusInternalServerError, map[string]interface{}{"error": "invalid namespace ID type"}) + return + } + + h.logger.Info("Deprovisioning namespace cluster", + zap.String("namespace", ns), + zap.Int64("namespace_id", namespaceID), + ) + + // Deprovision the cluster (stops processes, deallocates ports, deletes DB records) + if err := h.deprovisioner.DeprovisionCluster(r.Context(), namespaceID); err != nil { + h.logger.Error("Failed to deprovision cluster", zap.Error(err)) + writeDeleteResponse(w, http.StatusInternalServerError, map[string]interface{}{"error": err.Error()}) + return + } + + // Delete API keys, ownership records, and namespace record + h.ormClient.Exec(r.Context(), "DELETE FROM wallet_api_keys WHERE namespace_id = ?", namespaceID) + h.ormClient.Exec(r.Context(), "DELETE FROM api_keys WHERE namespace_id = ?", namespaceID) + h.ormClient.Exec(r.Context(), "DELETE FROM namespace_ownership WHERE namespace_id = ?", namespaceID) + h.ormClient.Exec(r.Context(), "DELETE FROM namespaces WHERE id = ?", namespaceID) + + h.logger.Info("Namespace deleted successfully", zap.String("namespace", ns)) + + writeDeleteResponse(w, http.StatusOK, map[string]interface{}{ + "status": "deleted", + "namespace": ns, + }) +} + +func writeDeleteResponse(w http.ResponseWriter, status int, resp map[string]interface{}) { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(status) + json.NewEncoder(w).Encode(resp) +} diff --git a/pkg/gateway/handlers/namespace/spawn_handler.go b/pkg/gateway/handlers/namespace/spawn_handler.go new file mode 100644 index 0000000..4f16128 --- /dev/null +++ b/pkg/gateway/handlers/namespace/spawn_handler.go @@ -0,0 +1,205 @@ +package namespace + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "time" + + "github.com/DeBrosOfficial/network/pkg/gateway" + namespacepkg "github.com/DeBrosOfficial/network/pkg/namespace" + "github.com/DeBrosOfficial/network/pkg/olric" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// SpawnRequest represents a request to spawn or stop a namespace instance +type SpawnRequest struct { + Action string `json:"action"` // "spawn-rqlite", "spawn-olric", "spawn-gateway", "stop-rqlite", "stop-olric", "stop-gateway" + Namespace string `json:"namespace"` + NodeID string `json:"node_id"` + + // RQLite config (when action = "spawn-rqlite") + RQLiteHTTPPort int `json:"rqlite_http_port,omitempty"` + RQLiteRaftPort int `json:"rqlite_raft_port,omitempty"` + RQLiteHTTPAdvAddr string `json:"rqlite_http_adv_addr,omitempty"` + RQLiteRaftAdvAddr string `json:"rqlite_raft_adv_addr,omitempty"` + RQLiteJoinAddrs []string `json:"rqlite_join_addrs,omitempty"` + RQLiteIsLeader bool `json:"rqlite_is_leader,omitempty"` + + // Olric config (when action = "spawn-olric") + OlricHTTPPort int `json:"olric_http_port,omitempty"` + OlricMemberlistPort int `json:"olric_memberlist_port,omitempty"` + OlricBindAddr string `json:"olric_bind_addr,omitempty"` + OlricAdvertiseAddr string `json:"olric_advertise_addr,omitempty"` + OlricPeerAddresses []string `json:"olric_peer_addresses,omitempty"` + + // Gateway config (when action = "spawn-gateway") + GatewayHTTPPort int `json:"gateway_http_port,omitempty"` + GatewayBaseDomain string `json:"gateway_base_domain,omitempty"` + GatewayRQLiteDSN string `json:"gateway_rqlite_dsn,omitempty"` + GatewayOlricServers []string `json:"gateway_olric_servers,omitempty"` + IPFSClusterAPIURL string `json:"ipfs_cluster_api_url,omitempty"` + IPFSAPIURL string `json:"ipfs_api_url,omitempty"` + IPFSTimeout string `json:"ipfs_timeout,omitempty"` + IPFSReplicationFactor int `json:"ipfs_replication_factor,omitempty"` +} + +// SpawnResponse represents the response from a spawn/stop request +type SpawnResponse struct { + Success bool `json:"success"` + Error string `json:"error,omitempty"` + PID int `json:"pid,omitempty"` +} + +// SpawnHandler handles remote namespace instance spawn/stop requests. +// Now uses systemd for service management instead of direct process spawning. +type SpawnHandler struct { + systemdSpawner *namespacepkg.SystemdSpawner + logger *zap.Logger +} + +// NewSpawnHandler creates a new spawn handler +func NewSpawnHandler(systemdSpawner *namespacepkg.SystemdSpawner, logger *zap.Logger) *SpawnHandler { + return &SpawnHandler{ + systemdSpawner: systemdSpawner, + logger: logger.With(zap.String("component", "namespace-spawn-handler")), + } +} + +// ServeHTTP implements http.Handler +func (h *SpawnHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.Error(w, "method not allowed", http.StatusMethodNotAllowed) + return + } + + // Authenticate via internal auth header + if r.Header.Get("X-Orama-Internal-Auth") != "namespace-coordination" { + http.Error(w, "unauthorized", http.StatusUnauthorized) + return + } + + var req SpawnRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + writeSpawnResponse(w, http.StatusBadRequest, SpawnResponse{Error: "invalid request body"}) + return + } + + if req.Namespace == "" || req.NodeID == "" { + writeSpawnResponse(w, http.StatusBadRequest, SpawnResponse{Error: "namespace and node_id are required"}) + return + } + + h.logger.Info("Received spawn request", + zap.String("action", req.Action), + zap.String("namespace", req.Namespace), + zap.String("node_id", req.NodeID), + ) + + // Use a background context for spawn operations so processes outlive the HTTP request. + // Stop operations can use request context since they're short-lived. + ctx := context.Background() + + switch req.Action { + case "spawn-rqlite": + cfg := rqlite.InstanceConfig{ + Namespace: req.Namespace, + NodeID: req.NodeID, + HTTPPort: req.RQLiteHTTPPort, + RaftPort: req.RQLiteRaftPort, + HTTPAdvAddress: req.RQLiteHTTPAdvAddr, + RaftAdvAddress: req.RQLiteRaftAdvAddr, + JoinAddresses: req.RQLiteJoinAddrs, + IsLeader: req.RQLiteIsLeader, + } + if err := h.systemdSpawner.SpawnRQLite(ctx, req.Namespace, req.NodeID, cfg); err != nil { + h.logger.Error("Failed to spawn RQLite instance", zap.Error(err)) + writeSpawnResponse(w, http.StatusInternalServerError, SpawnResponse{Error: err.Error()}) + return + } + writeSpawnResponse(w, http.StatusOK, SpawnResponse{Success: true}) + + case "spawn-olric": + cfg := olric.InstanceConfig{ + Namespace: req.Namespace, + NodeID: req.NodeID, + HTTPPort: req.OlricHTTPPort, + MemberlistPort: req.OlricMemberlistPort, + BindAddr: req.OlricBindAddr, + AdvertiseAddr: req.OlricAdvertiseAddr, + PeerAddresses: req.OlricPeerAddresses, + } + if err := h.systemdSpawner.SpawnOlric(ctx, req.Namespace, req.NodeID, cfg); err != nil { + h.logger.Error("Failed to spawn Olric instance", zap.Error(err)) + writeSpawnResponse(w, http.StatusInternalServerError, SpawnResponse{Error: err.Error()}) + return + } + writeSpawnResponse(w, http.StatusOK, SpawnResponse{Success: true}) + + case "stop-rqlite": + if err := h.systemdSpawner.StopRQLite(ctx, req.Namespace, req.NodeID); err != nil { + h.logger.Error("Failed to stop RQLite instance", zap.Error(err)) + writeSpawnResponse(w, http.StatusInternalServerError, SpawnResponse{Error: err.Error()}) + return + } + writeSpawnResponse(w, http.StatusOK, SpawnResponse{Success: true}) + + case "stop-olric": + if err := h.systemdSpawner.StopOlric(ctx, req.Namespace, req.NodeID); err != nil { + h.logger.Error("Failed to stop Olric instance", zap.Error(err)) + writeSpawnResponse(w, http.StatusInternalServerError, SpawnResponse{Error: err.Error()}) + return + } + writeSpawnResponse(w, http.StatusOK, SpawnResponse{Success: true}) + + case "spawn-gateway": + // Parse IPFS timeout if provided + var ipfsTimeout time.Duration + if req.IPFSTimeout != "" { + var err error + ipfsTimeout, err = time.ParseDuration(req.IPFSTimeout) + if err != nil { + h.logger.Warn("Invalid IPFS timeout, using default", zap.String("timeout", req.IPFSTimeout), zap.Error(err)) + ipfsTimeout = 60 * time.Second + } + } + + cfg := gateway.InstanceConfig{ + Namespace: req.Namespace, + NodeID: req.NodeID, + HTTPPort: req.GatewayHTTPPort, + BaseDomain: req.GatewayBaseDomain, + RQLiteDSN: req.GatewayRQLiteDSN, + OlricServers: req.GatewayOlricServers, + IPFSClusterAPIURL: req.IPFSClusterAPIURL, + IPFSAPIURL: req.IPFSAPIURL, + IPFSTimeout: ipfsTimeout, + IPFSReplicationFactor: req.IPFSReplicationFactor, + } + if err := h.systemdSpawner.SpawnGateway(ctx, req.Namespace, req.NodeID, cfg); err != nil { + h.logger.Error("Failed to spawn Gateway instance", zap.Error(err)) + writeSpawnResponse(w, http.StatusInternalServerError, SpawnResponse{Error: err.Error()}) + return + } + writeSpawnResponse(w, http.StatusOK, SpawnResponse{Success: true}) + + case "stop-gateway": + if err := h.systemdSpawner.StopGateway(ctx, req.Namespace, req.NodeID); err != nil { + h.logger.Error("Failed to stop Gateway instance", zap.Error(err)) + writeSpawnResponse(w, http.StatusInternalServerError, SpawnResponse{Error: err.Error()}) + return + } + writeSpawnResponse(w, http.StatusOK, SpawnResponse{Success: true}) + + default: + writeSpawnResponse(w, http.StatusBadRequest, SpawnResponse{Error: fmt.Sprintf("unknown action: %s", req.Action)}) + } +} + +func writeSpawnResponse(w http.ResponseWriter, status int, resp SpawnResponse) { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(status) + json.NewEncoder(w).Encode(resp) +} diff --git a/pkg/gateway/handlers/namespace/status_handler.go b/pkg/gateway/handlers/namespace/status_handler.go new file mode 100644 index 0000000..09a6031 --- /dev/null +++ b/pkg/gateway/handlers/namespace/status_handler.go @@ -0,0 +1,203 @@ +// Package namespace provides HTTP handlers for namespace cluster operations +package namespace + +import ( + "encoding/json" + "net/http" + + "github.com/DeBrosOfficial/network/pkg/logging" + ns "github.com/DeBrosOfficial/network/pkg/namespace" + "go.uber.org/zap" +) + +// StatusHandler handles namespace cluster status requests +type StatusHandler struct { + clusterManager *ns.ClusterManager + logger *zap.Logger +} + +// NewStatusHandler creates a new namespace status handler +func NewStatusHandler(clusterManager *ns.ClusterManager, logger *logging.ColoredLogger) *StatusHandler { + return &StatusHandler{ + clusterManager: clusterManager, + logger: logger.Logger.With(zap.String("handler", "namespace-status")), + } +} + +// StatusResponse represents the response for /v1/namespace/status +type StatusResponse struct { + ClusterID string `json:"cluster_id"` + Namespace string `json:"namespace"` + Status string `json:"status"` + Nodes []string `json:"nodes"` + RQLiteReady bool `json:"rqlite_ready"` + OlricReady bool `json:"olric_ready"` + GatewayReady bool `json:"gateway_ready"` + DNSReady bool `json:"dns_ready"` + Error string `json:"error,omitempty"` + GatewayURL string `json:"gateway_url,omitempty"` +} + +// Handle handles GET /v1/namespace/status?id={cluster_id} +func (h *StatusHandler) Handle(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodGet { + writeError(w, http.StatusMethodNotAllowed, "method not allowed") + return + } + + clusterID := r.URL.Query().Get("id") + if clusterID == "" { + writeError(w, http.StatusBadRequest, "cluster_id parameter required") + return + } + + ctx := r.Context() + status, err := h.clusterManager.GetClusterStatus(ctx, clusterID) + if err != nil { + h.logger.Error("Failed to get cluster status", + zap.String("cluster_id", clusterID), + zap.Error(err), + ) + writeError(w, http.StatusNotFound, "cluster not found") + return + } + + resp := StatusResponse{ + ClusterID: status.ClusterID, + Namespace: status.Namespace, + Status: string(status.Status), + Nodes: status.Nodes, + RQLiteReady: status.RQLiteReady, + OlricReady: status.OlricReady, + GatewayReady: status.GatewayReady, + DNSReady: status.DNSReady, + Error: status.Error, + } + + // Include gateway URL when ready + if status.Status == ns.ClusterStatusReady { + // Gateway URL would be constructed from cluster configuration + // For now, we'll leave it empty and let the client construct it + } + + writeJSON(w, http.StatusOK, resp) +} + +// HandleByName handles GET /v1/namespace/status/name/{namespace} +func (h *StatusHandler) HandleByName(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodGet { + writeError(w, http.StatusMethodNotAllowed, "method not allowed") + return + } + + // Extract namespace from path + path := r.URL.Path + namespace := "" + const prefix = "/v1/namespace/status/name/" + if len(path) > len(prefix) { + namespace = path[len(prefix):] + } + + if namespace == "" { + writeError(w, http.StatusBadRequest, "namespace parameter required") + return + } + + cluster, err := h.clusterManager.GetClusterByNamespace(r.Context(), namespace) + if err != nil { + h.logger.Debug("Cluster not found for namespace", + zap.String("namespace", namespace), + zap.Error(err), + ) + writeError(w, http.StatusNotFound, "cluster not found for namespace") + return + } + + status, err := h.clusterManager.GetClusterStatus(r.Context(), cluster.ID) + if err != nil { + writeError(w, http.StatusInternalServerError, "failed to get cluster status") + return + } + + resp := StatusResponse{ + ClusterID: status.ClusterID, + Namespace: status.Namespace, + Status: string(status.Status), + Nodes: status.Nodes, + RQLiteReady: status.RQLiteReady, + OlricReady: status.OlricReady, + GatewayReady: status.GatewayReady, + DNSReady: status.DNSReady, + Error: status.Error, + } + + writeJSON(w, http.StatusOK, resp) +} + +// ProvisionRequest represents a request to provision a new namespace cluster +type ProvisionRequest struct { + Namespace string `json:"namespace"` + ProvisionedBy string `json:"provisioned_by"` // Wallet address +} + +// ProvisionResponse represents the response when provisioning starts +type ProvisionResponse struct { + Status string `json:"status"` + ClusterID string `json:"cluster_id"` + PollURL string `json:"poll_url"` + EstimatedTimeSeconds int `json:"estimated_time_seconds"` +} + +// HandleProvision handles POST /v1/namespace/provision +func (h *StatusHandler) HandleProvision(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + writeError(w, http.StatusMethodNotAllowed, "method not allowed") + return + } + + var req ProvisionRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + writeError(w, http.StatusBadRequest, "invalid json body") + return + } + + if req.Namespace == "" || req.ProvisionedBy == "" { + writeError(w, http.StatusBadRequest, "namespace and provisioned_by are required") + return + } + + // Don't allow provisioning the "default" namespace this way + if req.Namespace == "default" { + writeError(w, http.StatusBadRequest, "cannot provision the default namespace") + return + } + + // Check if namespace exists + // For now, we assume the namespace ID is passed or we look it up + // This would typically be done through the auth service + // For simplicity, we'll use a placeholder namespace ID + + h.logger.Info("Namespace provisioning requested", + zap.String("namespace", req.Namespace), + zap.String("provisioned_by", req.ProvisionedBy), + ) + + // Note: In a full implementation, we'd look up the namespace ID from the database + // For now, we'll create a placeholder that indicates provisioning should happen + // The actual provisioning is triggered through the auth flow + + writeJSON(w, http.StatusAccepted, map[string]interface{}{ + "status": "accepted", + "message": "Provisioning request accepted. Use auth flow to provision namespace cluster.", + }) +} + +func writeJSON(w http.ResponseWriter, status int, data interface{}) { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(status) + json.NewEncoder(w).Encode(data) +} + +func writeError(w http.ResponseWriter, status int, message string) { + writeJSON(w, status, map[string]string{"error": message}) +} diff --git a/pkg/gateway/handlers/sqlite/backup_handler.go b/pkg/gateway/handlers/sqlite/backup_handler.go new file mode 100644 index 0000000..57681a3 --- /dev/null +++ b/pkg/gateway/handlers/sqlite/backup_handler.go @@ -0,0 +1,207 @@ +package sqlite + +import ( + "context" + "encoding/json" + "net/http" + "os" + "time" + + "github.com/DeBrosOfficial/network/pkg/gateway/ctxkeys" + "github.com/DeBrosOfficial/network/pkg/ipfs" + "go.uber.org/zap" +) + +// BackupHandler handles database backups +type BackupHandler struct { + sqliteHandler *SQLiteHandler + ipfsClient ipfs.IPFSClient + logger *zap.Logger +} + +// NewBackupHandler creates a new backup handler +func NewBackupHandler(sqliteHandler *SQLiteHandler, ipfsClient ipfs.IPFSClient, logger *zap.Logger) *BackupHandler { + return &BackupHandler{ + sqliteHandler: sqliteHandler, + ipfsClient: ipfsClient, + logger: logger, + } +} + +// BackupDatabase backs up a database to IPFS +func (h *BackupHandler) BackupDatabase(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace, ok := ctx.Value(ctxkeys.NamespaceOverride).(string) + if !ok || namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + var req struct { + DatabaseName string `json:"database_name"` + } + + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + if req.DatabaseName == "" { + http.Error(w, "database_name is required", http.StatusBadRequest) + return + } + + h.logger.Info("Backing up database", + zap.String("namespace", namespace), + zap.String("database", req.DatabaseName), + ) + + // Get database metadata + dbMeta, err := h.sqliteHandler.getDatabaseRecord(ctx, namespace, req.DatabaseName) + if err != nil { + http.Error(w, "Database not found", http.StatusNotFound) + return + } + + filePath := dbMeta["file_path"].(string) + + // Check if file exists + if _, err := os.Stat(filePath); os.IsNotExist(err) { + http.Error(w, "Database file not found", http.StatusNotFound) + return + } + + // Open file for reading + file, err := os.Open(filePath) + if err != nil { + h.logger.Error("Failed to open database file", zap.Error(err)) + http.Error(w, "Failed to open database file", http.StatusInternalServerError) + return + } + defer file.Close() + + // Upload to IPFS + addResp, err := h.ipfsClient.Add(ctx, file, req.DatabaseName+".db") + if err != nil { + h.logger.Error("Failed to upload to IPFS", zap.Error(err)) + http.Error(w, "Failed to backup database", http.StatusInternalServerError) + return + } + + cid := addResp.Cid + + // Update backup metadata + now := time.Now() + query := ` + UPDATE namespace_sqlite_databases + SET backup_cid = ?, last_backup_at = ? + WHERE namespace = ? AND database_name = ? + ` + + _, err = h.sqliteHandler.db.Exec(ctx, query, cid, now, namespace, req.DatabaseName) + if err != nil { + h.logger.Error("Failed to update backup metadata", zap.Error(err)) + http.Error(w, "Failed to update backup metadata", http.StatusInternalServerError) + return + } + + // Record backup in history + h.recordBackup(ctx, dbMeta["id"].(string), cid) + + h.logger.Info("Database backed up", + zap.String("namespace", namespace), + zap.String("database", req.DatabaseName), + zap.String("cid", cid), + ) + + // Return response + resp := map[string]interface{}{ + "database_name": req.DatabaseName, + "backup_cid": cid, + "backed_up_at": now, + "ipfs_url": "https://ipfs.io/ipfs/" + cid, + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// recordBackup records a backup in history +func (h *BackupHandler) recordBackup(ctx context.Context, dbID, cid string) { + query := ` + INSERT INTO namespace_sqlite_backups (database_id, backup_cid, backed_up_at, size_bytes) + SELECT id, ?, ?, size_bytes FROM namespace_sqlite_databases WHERE id = ? + ` + + _, err := h.sqliteHandler.db.Exec(ctx, query, cid, time.Now(), dbID) + if err != nil { + h.logger.Error("Failed to record backup", zap.Error(err)) + } +} + +// ListBackups lists all backups for a database +func (h *BackupHandler) ListBackups(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace, ok := ctx.Value(ctxkeys.NamespaceOverride).(string) + if !ok || namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + databaseName := r.URL.Query().Get("database_name") + if databaseName == "" { + http.Error(w, "database_name query parameter is required", http.StatusBadRequest) + return + } + + // Get database ID + dbMeta, err := h.sqliteHandler.getDatabaseRecord(ctx, namespace, databaseName) + if err != nil { + http.Error(w, "Database not found", http.StatusNotFound) + return + } + + dbID := dbMeta["id"].(string) + + // Query backups + type backupRow struct { + BackupCID string `db:"backup_cid"` + BackedUpAt time.Time `db:"backed_up_at"` + SizeBytes int64 `db:"size_bytes"` + } + + var rows []backupRow + query := ` + SELECT backup_cid, backed_up_at, size_bytes + FROM namespace_sqlite_backups + WHERE database_id = ? + ORDER BY backed_up_at DESC + LIMIT 50 + ` + + err = h.sqliteHandler.db.Query(ctx, &rows, query, dbID) + if err != nil { + h.logger.Error("Failed to query backups", zap.Error(err)) + http.Error(w, "Failed to query backups", http.StatusInternalServerError) + return + } + + backups := make([]map[string]interface{}, len(rows)) + for i, row := range rows { + backups[i] = map[string]interface{}{ + "backup_cid": row.BackupCID, + "backed_up_at": row.BackedUpAt, + "size_bytes": row.SizeBytes, + "ipfs_url": "https://ipfs.io/ipfs/" + row.BackupCID, + } + } + + resp := map[string]interface{}{ + "database_name": databaseName, + "backups": backups, + "total": len(backups), + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} diff --git a/pkg/gateway/handlers/sqlite/create_handler.go b/pkg/gateway/handlers/sqlite/create_handler.go new file mode 100644 index 0000000..559acaa --- /dev/null +++ b/pkg/gateway/handlers/sqlite/create_handler.go @@ -0,0 +1,236 @@ +package sqlite + +import ( + "context" + "database/sql" + "encoding/json" + "fmt" + "net/http" + "os" + "path/filepath" + "time" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/gateway/ctxkeys" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "github.com/google/uuid" + "go.uber.org/zap" + _ "github.com/mattn/go-sqlite3" +) + +// SQLiteHandler handles namespace SQLite database operations +type SQLiteHandler struct { + db rqlite.Client + homeNodeManager *deployments.HomeNodeManager + logger *zap.Logger + basePath string + currentNodeID string // The node's peer ID for affinity checks +} + +// NewSQLiteHandler creates a new SQLite handler +// dataDir: Base directory for node-local data (if empty, defaults to ~/.orama) +// nodeID: The node's peer ID for affinity checks (can be empty for single-node setups) +func NewSQLiteHandler(db rqlite.Client, homeNodeManager *deployments.HomeNodeManager, logger *zap.Logger, dataDir string, nodeID string) *SQLiteHandler { + var basePath string + + if dataDir != "" { + basePath = filepath.Join(dataDir, "sqlite") + } else { + // Use user's home directory for cross-platform compatibility + homeDir, err := os.UserHomeDir() + if err != nil { + logger.Error("Failed to get user home directory", zap.Error(err)) + homeDir = os.Getenv("HOME") + } + basePath = filepath.Join(homeDir, ".orama", "sqlite") + } + + return &SQLiteHandler{ + db: db, + homeNodeManager: homeNodeManager, + logger: logger, + basePath: basePath, + currentNodeID: nodeID, + } +} + +// writeCreateError writes an error response as JSON for consistency +func writeCreateError(w http.ResponseWriter, status int, message string) { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(status) + json.NewEncoder(w).Encode(map[string]string{"error": message}) +} + +// CreateDatabase creates a new SQLite database for a namespace +func (h *SQLiteHandler) CreateDatabase(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace, ok := ctx.Value(ctxkeys.NamespaceOverride).(string) + if !ok || namespace == "" { + writeCreateError(w, http.StatusUnauthorized, "Namespace not found in context") + return + } + + var req struct { + DatabaseName string `json:"database_name"` + } + + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + writeCreateError(w, http.StatusBadRequest, "Invalid request body") + return + } + + if req.DatabaseName == "" { + writeCreateError(w, http.StatusBadRequest, "database_name is required") + return + } + + // Validate database name (alphanumeric, underscore, hyphen only) + if !isValidDatabaseName(req.DatabaseName) { + writeCreateError(w, http.StatusBadRequest, "Invalid database name. Use only alphanumeric characters, underscores, and hyphens") + return + } + + h.logger.Info("Creating SQLite database", + zap.String("namespace", namespace), + zap.String("database", req.DatabaseName), + ) + + // For SQLite databases, the home node is ALWAYS the current node + // because the database file is stored locally on this node's filesystem. + // This is different from deployments which can be load-balanced across nodes. + homeNodeID := h.currentNodeID + if homeNodeID == "" { + // Fallback: if node ID not configured, try to get from HomeNodeManager + // This provides backward compatibility for single-node setups + var err error + homeNodeID, err = h.homeNodeManager.AssignHomeNode(ctx, namespace) + if err != nil { + h.logger.Error("Failed to assign home node", zap.Error(err)) + writeCreateError(w, http.StatusInternalServerError, "Failed to assign home node") + return + } + } + + // Check if database already exists + existing, err := h.getDatabaseRecord(ctx, namespace, req.DatabaseName) + if err == nil && existing != nil { + writeCreateError(w, http.StatusConflict, "Database already exists") + return + } + + // Create database file path + dbID := uuid.New().String() + dbPath := filepath.Join(h.basePath, namespace, req.DatabaseName+".db") + + // Create directory if needed + if err := os.MkdirAll(filepath.Dir(dbPath), 0755); err != nil { + h.logger.Error("Failed to create directory", zap.Error(err)) + writeCreateError(w, http.StatusInternalServerError, "Failed to create database directory") + return + } + + // Create SQLite database + sqliteDB, err := sql.Open("sqlite3", dbPath) + if err != nil { + h.logger.Error("Failed to create SQLite database", zap.Error(err)) + writeCreateError(w, http.StatusInternalServerError, "Failed to create database") + return + } + + // Enable WAL mode for better concurrency + if _, err := sqliteDB.Exec("PRAGMA journal_mode=WAL"); err != nil { + h.logger.Warn("Failed to enable WAL mode", zap.Error(err)) + } + + sqliteDB.Close() + + // Record in RQLite + query := ` + INSERT INTO namespace_sqlite_databases ( + id, namespace, database_name, home_node_id, file_path, size_bytes, created_at, updated_at, created_by + ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?) + ` + + now := time.Now() + _, err = h.db.Exec(ctx, query, dbID, namespace, req.DatabaseName, homeNodeID, dbPath, 0, now, now, namespace) + if err != nil { + h.logger.Error("Failed to record database", zap.Error(err)) + os.Remove(dbPath) // Cleanup + writeCreateError(w, http.StatusInternalServerError, "Failed to record database") + return + } + + h.logger.Info("SQLite database created", + zap.String("id", dbID), + zap.String("namespace", namespace), + zap.String("database", req.DatabaseName), + zap.String("path", dbPath), + ) + + // Return response + resp := map[string]interface{}{ + "id": dbID, + "namespace": namespace, + "database_name": req.DatabaseName, + "home_node_id": homeNodeID, + "file_path": dbPath, + "created_at": now, + } + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusCreated) + json.NewEncoder(w).Encode(resp) +} + +// getDatabaseRecord retrieves database metadata from RQLite +func (h *SQLiteHandler) getDatabaseRecord(ctx context.Context, namespace, databaseName string) (map[string]interface{}, error) { + type dbRow struct { + ID string `db:"id"` + Namespace string `db:"namespace"` + DatabaseName string `db:"database_name"` + HomeNodeID string `db:"home_node_id"` + FilePath string `db:"file_path"` + SizeBytes int64 `db:"size_bytes"` + BackupCID string `db:"backup_cid"` + CreatedAt time.Time `db:"created_at"` + } + + var rows []dbRow + query := `SELECT * FROM namespace_sqlite_databases WHERE namespace = ? AND database_name = ? LIMIT 1` + err := h.db.Query(ctx, &rows, query, namespace, databaseName) + if err != nil { + return nil, err + } + + if len(rows) == 0 { + return nil, fmt.Errorf("database not found") + } + + row := rows[0] + return map[string]interface{}{ + "id": row.ID, + "namespace": row.Namespace, + "database_name": row.DatabaseName, + "home_node_id": row.HomeNodeID, + "file_path": row.FilePath, + "size_bytes": row.SizeBytes, + "backup_cid": row.BackupCID, + "created_at": row.CreatedAt, + }, nil +} + +// isValidDatabaseName validates database name +func isValidDatabaseName(name string) bool { + if len(name) == 0 || len(name) > 64 { + return false + } + + for _, ch := range name { + if !((ch >= 'a' && ch <= 'z') || (ch >= 'A' && ch <= 'Z') || + (ch >= '0' && ch <= '9') || ch == '_' || ch == '-') { + return false + } + } + + return true +} diff --git a/pkg/gateway/handlers/sqlite/handlers_test.go b/pkg/gateway/handlers/sqlite/handlers_test.go new file mode 100644 index 0000000..8209de5 --- /dev/null +++ b/pkg/gateway/handlers/sqlite/handlers_test.go @@ -0,0 +1,531 @@ +package sqlite + +import ( + "bytes" + "context" + "database/sql" + "encoding/json" + "io" + "net/http" + "net/http/httptest" + "os" + "path/filepath" + "reflect" + "strings" + "testing" + + "github.com/DeBrosOfficial/network/pkg/deployments" + "github.com/DeBrosOfficial/network/pkg/gateway/ctxkeys" + "github.com/DeBrosOfficial/network/pkg/ipfs" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// Mock implementations + +type mockRQLiteClient struct { + QueryFunc func(ctx context.Context, dest interface{}, query string, args ...interface{}) error + ExecFunc func(ctx context.Context, query string, args ...interface{}) (sql.Result, error) + FindByFunc func(ctx context.Context, dest interface{}, table string, criteria map[string]interface{}, opts ...rqlite.FindOption) error + FindOneFunc func(ctx context.Context, dest interface{}, table string, criteria map[string]interface{}, opts ...rqlite.FindOption) error + SaveFunc func(ctx context.Context, entity interface{}) error + RemoveFunc func(ctx context.Context, entity interface{}) error + RepoFunc func(table string) interface{} + CreateQBFunc func(table string) *rqlite.QueryBuilder + TxFunc func(ctx context.Context, fn func(tx rqlite.Tx) error) error +} + +func (m *mockRQLiteClient) Query(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + if m.QueryFunc != nil { + return m.QueryFunc(ctx, dest, query, args...) + } + return nil +} + +func (m *mockRQLiteClient) Exec(ctx context.Context, query string, args ...interface{}) (sql.Result, error) { + if m.ExecFunc != nil { + return m.ExecFunc(ctx, query, args...) + } + return nil, nil +} + +func (m *mockRQLiteClient) FindBy(ctx context.Context, dest interface{}, table string, criteria map[string]interface{}, opts ...rqlite.FindOption) error { + if m.FindByFunc != nil { + return m.FindByFunc(ctx, dest, table, criteria, opts...) + } + return nil +} + +func (m *mockRQLiteClient) FindOneBy(ctx context.Context, dest interface{}, table string, criteria map[string]interface{}, opts ...rqlite.FindOption) error { + if m.FindOneFunc != nil { + return m.FindOneFunc(ctx, dest, table, criteria, opts...) + } + return nil +} + +func (m *mockRQLiteClient) Save(ctx context.Context, entity interface{}) error { + if m.SaveFunc != nil { + return m.SaveFunc(ctx, entity) + } + return nil +} + +func (m *mockRQLiteClient) Remove(ctx context.Context, entity interface{}) error { + if m.RemoveFunc != nil { + return m.RemoveFunc(ctx, entity) + } + return nil +} + +func (m *mockRQLiteClient) Repository(table string) interface{} { + if m.RepoFunc != nil { + return m.RepoFunc(table) + } + return nil +} + +func (m *mockRQLiteClient) CreateQueryBuilder(table string) *rqlite.QueryBuilder { + if m.CreateQBFunc != nil { + return m.CreateQBFunc(table) + } + return nil +} + +func (m *mockRQLiteClient) Tx(ctx context.Context, fn func(tx rqlite.Tx) error) error { + if m.TxFunc != nil { + return m.TxFunc(ctx, fn) + } + return nil +} + +type mockIPFSClient struct { + AddFunc func(ctx context.Context, r io.Reader, filename string) (*ipfs.AddResponse, error) + AddDirectoryFunc func(ctx context.Context, dirPath string) (*ipfs.AddResponse, error) + GetFunc func(ctx context.Context, path, ipfsAPIURL string) (io.ReadCloser, error) + PinFunc func(ctx context.Context, cid, name string, replicationFactor int) (*ipfs.PinResponse, error) + PinStatusFunc func(ctx context.Context, cid string) (*ipfs.PinStatus, error) + UnpinFunc func(ctx context.Context, cid string) error + HealthFunc func(ctx context.Context) error + GetPeerFunc func(ctx context.Context) (int, error) + CloseFunc func(ctx context.Context) error +} + +func (m *mockIPFSClient) Add(ctx context.Context, r io.Reader, filename string) (*ipfs.AddResponse, error) { + if m.AddFunc != nil { + return m.AddFunc(ctx, r, filename) + } + return &ipfs.AddResponse{Cid: "QmTestCID123456789"}, nil +} + +func (m *mockIPFSClient) AddDirectory(ctx context.Context, dirPath string) (*ipfs.AddResponse, error) { + if m.AddDirectoryFunc != nil { + return m.AddDirectoryFunc(ctx, dirPath) + } + return &ipfs.AddResponse{Cid: "QmTestDirCID123456789"}, nil +} + +func (m *mockIPFSClient) Get(ctx context.Context, cid, ipfsAPIURL string) (io.ReadCloser, error) { + if m.GetFunc != nil { + return m.GetFunc(ctx, cid, ipfsAPIURL) + } + return io.NopCloser(nil), nil +} + +func (m *mockIPFSClient) Pin(ctx context.Context, cid, name string, replicationFactor int) (*ipfs.PinResponse, error) { + if m.PinFunc != nil { + return m.PinFunc(ctx, cid, name, replicationFactor) + } + return &ipfs.PinResponse{}, nil +} + +func (m *mockIPFSClient) PinStatus(ctx context.Context, cid string) (*ipfs.PinStatus, error) { + if m.PinStatusFunc != nil { + return m.PinStatusFunc(ctx, cid) + } + return &ipfs.PinStatus{}, nil +} + +func (m *mockIPFSClient) Unpin(ctx context.Context, cid string) error { + if m.UnpinFunc != nil { + return m.UnpinFunc(ctx, cid) + } + return nil +} + +func (m *mockIPFSClient) Health(ctx context.Context) error { + if m.HealthFunc != nil { + return m.HealthFunc(ctx) + } + return nil +} + +func (m *mockIPFSClient) GetPeerCount(ctx context.Context) (int, error) { + if m.GetPeerFunc != nil { + return m.GetPeerFunc(ctx) + } + return 5, nil +} + +func (m *mockIPFSClient) Close(ctx context.Context) error { + if m.CloseFunc != nil { + return m.CloseFunc(ctx) + } + return nil +} + +// TestCreateDatabase_Success tests creating a new database +func TestCreateDatabase_Success(t *testing.T) { + mockDB := &mockRQLiteClient{ + QueryFunc: func(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + // For dns_nodes query, return mock active node + if strings.Contains(query, "dns_nodes") { + destValue := reflect.ValueOf(dest) + if destValue.Kind() == reflect.Ptr { + sliceValue := destValue.Elem() + if sliceValue.Kind() == reflect.Slice { + elemType := sliceValue.Type().Elem() + newElem := reflect.New(elemType).Elem() + idField := newElem.FieldByName("ID") + if idField.IsValid() && idField.CanSet() { + idField.SetString("node-test123") + } + sliceValue.Set(reflect.Append(sliceValue, newElem)) + } + } + } + // For database check, return empty (database doesn't exist) + if strings.Contains(query, "namespace_sqlite_databases") && strings.Contains(query, "SELECT") { + // Return empty result + } + return nil + }, + ExecFunc: func(ctx context.Context, query string, args ...interface{}) (sql.Result, error) { + return nil, nil + }, + } + + // Create temp directory for test database + tmpDir := t.TempDir() + + portAlloc := deployments.NewPortAllocator(mockDB, zap.NewNop()) + homeNodeMgr := deployments.NewHomeNodeManager(mockDB, portAlloc, zap.NewNop()) + + handler := NewSQLiteHandler(mockDB, homeNodeMgr, zap.NewNop(), "", "") + handler.basePath = tmpDir + + reqBody := map[string]string{ + "database_name": "test-db", + } + bodyBytes, _ := json.Marshal(reqBody) + + req := httptest.NewRequest("POST", "/v1/db/sqlite/create", bytes.NewReader(bodyBytes)) + ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-namespace") + req = req.WithContext(ctx) + + rr := httptest.NewRecorder() + + handler.CreateDatabase(rr, req) + + if rr.Code != http.StatusCreated { + t.Errorf("Expected status 201, got %d", rr.Code) + t.Logf("Response: %s", rr.Body.String()) + } + + // Verify database file was created + dbPath := filepath.Join(tmpDir, "test-namespace", "test-db.db") + if _, err := os.Stat(dbPath); os.IsNotExist(err) { + t.Errorf("Expected database file to be created at %s", dbPath) + } + + // Verify response + var resp map[string]interface{} + json.NewDecoder(rr.Body).Decode(&resp) + if resp["database_name"] != "test-db" { + t.Errorf("Expected database_name 'test-db', got %v", resp["database_name"]) + } +} + +// TestCreateDatabase_DuplicateName tests that duplicate database names are rejected +func TestCreateDatabase_DuplicateName(t *testing.T) { + mockDB := &mockRQLiteClient{ + QueryFunc: func(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + // For dns_nodes query + if strings.Contains(query, "dns_nodes") { + destValue := reflect.ValueOf(dest) + if destValue.Kind() == reflect.Ptr { + sliceValue := destValue.Elem() + if sliceValue.Kind() == reflect.Slice { + elemType := sliceValue.Type().Elem() + newElem := reflect.New(elemType).Elem() + idField := newElem.FieldByName("ID") + if idField.IsValid() && idField.CanSet() { + idField.SetString("node-test123") + } + sliceValue.Set(reflect.Append(sliceValue, newElem)) + } + } + } + // For database check, return existing database + if strings.Contains(query, "namespace_sqlite_databases") && strings.Contains(query, "SELECT") { + destValue := reflect.ValueOf(dest) + if destValue.Kind() == reflect.Ptr { + sliceValue := destValue.Elem() + if sliceValue.Kind() == reflect.Slice { + elemType := sliceValue.Type().Elem() + newElem := reflect.New(elemType).Elem() + // Set ID field to indicate existing database + idField := newElem.FieldByName("ID") + if idField.IsValid() && idField.CanSet() { + idField.SetString("existing-db-id") + } + sliceValue.Set(reflect.Append(sliceValue, newElem)) + } + } + } + return nil + }, + } + + tmpDir := t.TempDir() + + portAlloc := deployments.NewPortAllocator(mockDB, zap.NewNop()) + homeNodeMgr := deployments.NewHomeNodeManager(mockDB, portAlloc, zap.NewNop()) + + handler := NewSQLiteHandler(mockDB, homeNodeMgr, zap.NewNop(), "", "") + handler.basePath = tmpDir + + reqBody := map[string]string{ + "database_name": "test-db", + } + bodyBytes, _ := json.Marshal(reqBody) + + req := httptest.NewRequest("POST", "/v1/db/sqlite/create", bytes.NewReader(bodyBytes)) + ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-namespace") + req = req.WithContext(ctx) + + rr := httptest.NewRecorder() + + handler.CreateDatabase(rr, req) + + if rr.Code != http.StatusConflict { + t.Errorf("Expected status 409 (Conflict), got %d", rr.Code) + } +} + +// TestCreateDatabase_InvalidName tests that invalid database names are rejected +func TestCreateDatabase_InvalidName(t *testing.T) { + mockDB := &mockRQLiteClient{} + tmpDir := t.TempDir() + + portAlloc := deployments.NewPortAllocator(mockDB, zap.NewNop()) + homeNodeMgr := deployments.NewHomeNodeManager(mockDB, portAlloc, zap.NewNop()) + + handler := NewSQLiteHandler(mockDB, homeNodeMgr, zap.NewNop(), "", "") + handler.basePath = tmpDir + + invalidNames := []string{ + "test db", // Space + "test@db", // Special char + "test/db", // Slash + "", // Empty + strings.Repeat("a", 100), // Too long + } + + for _, name := range invalidNames { + reqBody := map[string]string{ + "database_name": name, + } + bodyBytes, _ := json.Marshal(reqBody) + + req := httptest.NewRequest("POST", "/v1/db/sqlite/create", bytes.NewReader(bodyBytes)) + ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-namespace") + req = req.WithContext(ctx) + + rr := httptest.NewRecorder() + + handler.CreateDatabase(rr, req) + + if rr.Code != http.StatusBadRequest { + t.Errorf("Expected status 400 for invalid name %q, got %d", name, rr.Code) + } + } +} + +// TestListDatabases tests listing all databases for a namespace +func TestListDatabases(t *testing.T) { + mockDB := &mockRQLiteClient{ + QueryFunc: func(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + // Return empty list + return nil + }, + } + + portAlloc := deployments.NewPortAllocator(mockDB, zap.NewNop()) + homeNodeMgr := deployments.NewHomeNodeManager(mockDB, portAlloc, zap.NewNop()) + + handler := NewSQLiteHandler(mockDB, homeNodeMgr, zap.NewNop(), "", "") + + req := httptest.NewRequest("GET", "/v1/db/sqlite/list", nil) + ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-namespace") + req = req.WithContext(ctx) + + rr := httptest.NewRecorder() + + handler.ListDatabases(rr, req) + + if rr.Code != http.StatusOK { + t.Errorf("Expected status 200, got %d", rr.Code) + } + + var resp map[string]interface{} + json.NewDecoder(rr.Body).Decode(&resp) + + if _, ok := resp["databases"]; !ok { + t.Error("Expected 'databases' field in response") + } + + if _, ok := resp["count"]; !ok { + t.Error("Expected 'count' field in response") + } +} + +// TestBackupDatabase tests backing up a database to IPFS +func TestBackupDatabase(t *testing.T) { + // Create a temporary database file + tmpDir := t.TempDir() + dbPath := filepath.Join(tmpDir, "test.db") + + // Create a real SQLite database + db, err := sql.Open("sqlite3", dbPath) + if err != nil { + t.Fatalf("Failed to create test database: %v", err) + } + db.Exec("CREATE TABLE test (id INTEGER PRIMARY KEY)") + db.Close() + + mockDB := &mockRQLiteClient{ + QueryFunc: func(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + // Mock database record lookup - return struct with file_path + if strings.Contains(query, "namespace_sqlite_databases") { + destValue := reflect.ValueOf(dest) + if destValue.Kind() == reflect.Ptr { + sliceValue := destValue.Elem() + if sliceValue.Kind() == reflect.Slice { + elemType := sliceValue.Type().Elem() + newElem := reflect.New(elemType).Elem() + + // Set fields + idField := newElem.FieldByName("ID") + if idField.IsValid() && idField.CanSet() { + idField.SetString("test-db-id") + } + + filePathField := newElem.FieldByName("FilePath") + if filePathField.IsValid() && filePathField.CanSet() { + filePathField.SetString(dbPath) + } + + sliceValue.Set(reflect.Append(sliceValue, newElem)) + } + } + } + return nil + }, + ExecFunc: func(ctx context.Context, query string, args ...interface{}) (sql.Result, error) { + return nil, nil + }, + } + + mockIPFS := &mockIPFSClient{ + AddFunc: func(ctx context.Context, r io.Reader, filename string) (*ipfs.AddResponse, error) { + // Verify data is being uploaded + data, _ := io.ReadAll(r) + if len(data) == 0 { + t.Error("Expected non-empty database file upload") + } + return &ipfs.AddResponse{Cid: "QmBackupCID123"}, nil + }, + } + + portAlloc := deployments.NewPortAllocator(mockDB, zap.NewNop()) + homeNodeMgr := deployments.NewHomeNodeManager(mockDB, portAlloc, zap.NewNop()) + + sqliteHandler := NewSQLiteHandler(mockDB, homeNodeMgr, zap.NewNop(), "", "") + + backupHandler := NewBackupHandler(sqliteHandler, mockIPFS, zap.NewNop()) + + reqBody := map[string]string{ + "database_name": "test-db", + } + bodyBytes, _ := json.Marshal(reqBody) + + req := httptest.NewRequest("POST", "/v1/db/sqlite/backup", bytes.NewReader(bodyBytes)) + ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-namespace") + req = req.WithContext(ctx) + + rr := httptest.NewRecorder() + + backupHandler.BackupDatabase(rr, req) + + if rr.Code != http.StatusOK { + t.Errorf("Expected status 200, got %d", rr.Code) + t.Logf("Response: %s", rr.Body.String()) + } + + var resp map[string]interface{} + json.NewDecoder(rr.Body).Decode(&resp) + + if resp["backup_cid"] != "QmBackupCID123" { + t.Errorf("Expected backup_cid 'QmBackupCID123', got %v", resp["backup_cid"]) + } +} + +// TestIsValidDatabaseName tests database name validation +func TestIsValidDatabaseName(t *testing.T) { + tests := []struct { + name string + valid bool + }{ + {"valid_db", true}, + {"valid-db", true}, + {"ValidDB123", true}, + {"test_db_123", true}, + {"test db", false}, // Space + {"test@db", false}, // Special char + {"test/db", false}, // Slash + {"", false}, // Empty + {strings.Repeat("a", 65), false}, // Too long + } + + for _, tt := range tests { + result := isValidDatabaseName(tt.name) + if result != tt.valid { + t.Errorf("isValidDatabaseName(%q) = %v, expected %v", tt.name, result, tt.valid) + } + } +} + +// TestIsWriteQuery tests SQL query classification +func TestIsWriteQuery(t *testing.T) { + tests := []struct { + query string + isWrite bool + }{ + {"SELECT * FROM users", false}, + {"INSERT INTO users VALUES (1, 'test')", true}, + {"UPDATE users SET name = 'test'", true}, + {"DELETE FROM users WHERE id = 1", true}, + {"CREATE TABLE test (id INT)", true}, + {"DROP TABLE test", true}, + {"ALTER TABLE test ADD COLUMN name TEXT", true}, + {" insert into users values (1)", true}, // Case insensitive with whitespace + {"select * from users", false}, + } + + for _, tt := range tests { + result := isWriteQuery(tt.query) + if result != tt.isWrite { + t.Errorf("isWriteQuery(%q) = %v, expected %v", tt.query, result, tt.isWrite) + } + } +} diff --git a/pkg/gateway/handlers/sqlite/query_handler.go b/pkg/gateway/handlers/sqlite/query_handler.go new file mode 100644 index 0000000..70d9af2 --- /dev/null +++ b/pkg/gateway/handlers/sqlite/query_handler.go @@ -0,0 +1,261 @@ +package sqlite + +import ( + "context" + "database/sql" + "encoding/json" + "net/http" + "os" + "strings" + + "github.com/DeBrosOfficial/network/pkg/gateway/ctxkeys" + "go.uber.org/zap" +) + +// QueryRequest represents a SQL query request +type QueryRequest struct { + DatabaseName string `json:"database_name"` + Query string `json:"query"` + Params []interface{} `json:"params"` +} + +// QueryResponse represents a SQL query response +type QueryResponse struct { + Columns []string `json:"columns,omitempty"` + Rows [][]interface{} `json:"rows,omitempty"` + RowsAffected int64 `json:"rows_affected,omitempty"` + LastInsertID int64 `json:"last_insert_id,omitempty"` + Error string `json:"error,omitempty"` +} + +// writeJSONError writes an error response as JSON for consistency +func writeJSONError(w http.ResponseWriter, status int, message string) { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(status) + json.NewEncoder(w).Encode(QueryResponse{Error: message}) +} + +// QueryDatabase executes a SQL query on a namespace database +func (h *SQLiteHandler) QueryDatabase(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace, ok := ctx.Value(ctxkeys.NamespaceOverride).(string) + if !ok || namespace == "" { + writeJSONError(w, http.StatusUnauthorized, "Namespace not found in context") + return + } + + var req QueryRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + writeJSONError(w, http.StatusBadRequest, "Invalid request body") + return + } + + if req.DatabaseName == "" { + writeJSONError(w, http.StatusBadRequest, "database_name is required") + return + } + + if req.Query == "" { + writeJSONError(w, http.StatusBadRequest, "query is required") + return + } + + // Get database metadata + dbMeta, err := h.getDatabaseRecord(ctx, namespace, req.DatabaseName) + if err != nil { + writeJSONError(w, http.StatusNotFound, "Database not found") + return + } + + // Check node affinity - ensure we're on the correct node for this database + homeNodeID, _ := dbMeta["home_node_id"].(string) + if h.currentNodeID != "" && homeNodeID != "" && homeNodeID != h.currentNodeID { + // This request hit the wrong node - the database lives on a different node + w.Header().Set("X-Orama-Home-Node", homeNodeID) + h.logger.Warn("Database query hit wrong node", + zap.String("database", req.DatabaseName), + zap.String("home_node", homeNodeID), + zap.String("current_node", h.currentNodeID), + ) + writeJSONError(w, http.StatusMisdirectedRequest, "Database is on a different node. Use node-specific URL or wait for routing implementation.") + return + } + + filePath := dbMeta["file_path"].(string) + + // Check if database file exists + if _, err := os.Stat(filePath); os.IsNotExist(err) { + h.logger.Error("Database file not found on filesystem", + zap.String("path", filePath), + zap.String("namespace", namespace), + zap.String("database", req.DatabaseName), + ) + writeJSONError(w, http.StatusNotFound, "Database file not found on this node") + return + } + + // Open database + db, err := sql.Open("sqlite3", filePath) + if err != nil { + h.logger.Error("Failed to open database", zap.Error(err)) + writeJSONError(w, http.StatusInternalServerError, "Failed to open database") + return + } + defer db.Close() + + // Determine if this is a read or write query + isWrite := isWriteQuery(req.Query) + + var resp QueryResponse + + if isWrite { + // Execute write query + result, err := db.ExecContext(ctx, req.Query, req.Params...) + if err != nil { + resp.Error = err.Error() + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusBadRequest) + json.NewEncoder(w).Encode(resp) + return + } + + rowsAffected, _ := result.RowsAffected() + lastInsertID, _ := result.LastInsertId() + + resp.RowsAffected = rowsAffected + resp.LastInsertID = lastInsertID + } else { + // Execute read query + rows, err := db.QueryContext(ctx, req.Query, req.Params...) + if err != nil { + resp.Error = err.Error() + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusBadRequest) + json.NewEncoder(w).Encode(resp) + return + } + defer rows.Close() + + // Get column names + columns, err := rows.Columns() + if err != nil { + resp.Error = err.Error() + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusInternalServerError) + json.NewEncoder(w).Encode(resp) + return + } + + resp.Columns = columns + + // Scan rows + values := make([]interface{}, len(columns)) + valuePtrs := make([]interface{}, len(columns)) + for i := range values { + valuePtrs[i] = &values[i] + } + + for rows.Next() { + if err := rows.Scan(valuePtrs...); err != nil { + h.logger.Error("Failed to scan row", zap.Error(err)) + continue + } + + row := make([]interface{}, len(columns)) + for i, val := range values { + // Convert []byte to string for JSON serialization + if b, ok := val.([]byte); ok { + row[i] = string(b) + } else { + row[i] = val + } + } + + resp.Rows = append(resp.Rows, row) + } + + if err := rows.Err(); err != nil { + resp.Error = err.Error() + } + } + + // Update database size + go h.updateDatabaseSize(namespace, req.DatabaseName, filePath) + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) +} + +// isWriteQuery determines if a SQL query is a write operation +func isWriteQuery(query string) bool { + upperQuery := strings.ToUpper(strings.TrimSpace(query)) + writeKeywords := []string{ + "INSERT", "UPDATE", "DELETE", "CREATE", "DROP", "ALTER", "TRUNCATE", "REPLACE", + } + + for _, keyword := range writeKeywords { + if strings.HasPrefix(upperQuery, keyword) { + return true + } + } + + return false +} + +// updateDatabaseSize updates the size of the database in metadata +func (h *SQLiteHandler) updateDatabaseSize(namespace, databaseName, filePath string) { + stat, err := os.Stat(filePath) + if err != nil { + h.logger.Error("Failed to stat database file", zap.Error(err)) + return + } + + query := `UPDATE namespace_sqlite_databases SET size_bytes = ? WHERE namespace = ? AND database_name = ?` + ctx := context.Background() + _, err = h.db.Exec(ctx, query, stat.Size(), namespace, databaseName) + if err != nil { + h.logger.Error("Failed to update database size", zap.Error(err)) + } +} + +// DatabaseInfo represents database metadata +type DatabaseInfo struct { + ID string `json:"id" db:"id"` + DatabaseName string `json:"database_name" db:"database_name"` + HomeNodeID string `json:"home_node_id" db:"home_node_id"` + SizeBytes int64 `json:"size_bytes" db:"size_bytes"` + BackupCID string `json:"backup_cid,omitempty" db:"backup_cid"` + LastBackupAt string `json:"last_backup_at,omitempty" db:"last_backup_at"` + CreatedAt string `json:"created_at" db:"created_at"` +} + +// ListDatabases lists all databases for a namespace +func (h *SQLiteHandler) ListDatabases(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + namespace, ok := ctx.Value(ctxkeys.NamespaceOverride).(string) + if !ok || namespace == "" { + http.Error(w, "Namespace not found in context", http.StatusUnauthorized) + return + } + + var databases []DatabaseInfo + query := ` + SELECT id, database_name, home_node_id, size_bytes, backup_cid, last_backup_at, created_at + FROM namespace_sqlite_databases + WHERE namespace = ? + ORDER BY created_at DESC + ` + + err := h.db.Query(ctx, &databases, query, namespace) + if err != nil { + h.logger.Error("Failed to list databases", zap.Error(err)) + http.Error(w, "Failed to list databases", http.StatusInternalServerError) + return + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(map[string]interface{}{ + "databases": databases, + "count": len(databases), + }) +} diff --git a/pkg/gateway/handlers/storage/download_handler.go b/pkg/gateway/handlers/storage/download_handler.go index b6ba560..23fa65f 100644 --- a/pkg/gateway/handlers/storage/download_handler.go +++ b/pkg/gateway/handlers/storage/download_handler.go @@ -38,13 +38,40 @@ func (h *Handlers) DownloadHandler(w http.ResponseWriter, r *http.Request) { return } + ctx := r.Context() + + h.logger.ComponentDebug(logging.ComponentGeneral, "Starting CID retrieval", + zap.String("cid", path), + zap.String("namespace", namespace)) + + // Check if namespace owns this CID (namespace isolation) + h.logger.ComponentDebug(logging.ComponentGeneral, "Checking CID ownership", zap.String("cid", path)) + hasAccess, err := h.checkCIDOwnership(ctx, path, namespace) + if err != nil { + h.logger.ComponentError(logging.ComponentGeneral, "failed to check CID ownership", + zap.Error(err), zap.String("cid", path), zap.String("namespace", namespace)) + httputil.WriteError(w, http.StatusInternalServerError, "failed to verify access") + return + } + if !hasAccess { + h.logger.ComponentWarn(logging.ComponentGeneral, "namespace attempted to access CID they don't own", + zap.String("cid", path), zap.String("namespace", namespace)) + httputil.WriteError(w, http.StatusForbidden, "access denied: CID not owned by namespace") + return + } + + h.logger.ComponentDebug(logging.ComponentGeneral, "CID ownership check passed", zap.String("cid", path)) + // Get IPFS API URL from config ipfsAPIURL := h.config.IPFSAPIURL if ipfsAPIURL == "" { ipfsAPIURL = "http://localhost:5001" } - ctx := r.Context() + h.logger.ComponentDebug(logging.ComponentGeneral, "Fetching content from IPFS", + zap.String("cid", path), + zap.String("ipfs_api_url", ipfsAPIURL)) + reader, err := h.ipfsClient.Get(ctx, path, ipfsAPIURL) if err != nil { h.logger.ComponentError(logging.ComponentGeneral, "failed to get content from IPFS", @@ -61,6 +88,9 @@ func (h *Handlers) DownloadHandler(w http.ResponseWriter, r *http.Request) { } defer reader.Close() + h.logger.ComponentDebug(logging.ComponentGeneral, "Successfully retrieved content from IPFS, starting stream", + zap.String("cid", path)) + // Set headers for file download w.Header().Set("Content-Type", "application/octet-stream") w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s", path)) diff --git a/pkg/gateway/handlers/storage/handlers.go b/pkg/gateway/handlers/storage/handlers.go index eaf75d2..7a080a6 100644 --- a/pkg/gateway/handlers/storage/handlers.go +++ b/pkg/gateway/handlers/storage/handlers.go @@ -3,10 +3,13 @@ package storage import ( "context" "io" + "time" "github.com/DeBrosOfficial/network/pkg/gateway/ctxkeys" "github.com/DeBrosOfficial/network/pkg/ipfs" "github.com/DeBrosOfficial/network/pkg/logging" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" ) // IPFSClient defines the interface for interacting with IPFS. @@ -33,14 +36,16 @@ type Handlers struct { ipfsClient IPFSClient logger *logging.ColoredLogger config Config + db rqlite.Client // For tracking IPFS content ownership } // New creates a new storage handlers instance with the provided dependencies. -func New(ipfsClient IPFSClient, logger *logging.ColoredLogger, config Config) *Handlers { +func New(ipfsClient IPFSClient, logger *logging.ColoredLogger, config Config, db rqlite.Client) *Handlers { return &Handlers{ ipfsClient: ipfsClient, logger: logger, config: config, + db: db, } } @@ -53,3 +58,79 @@ func (h *Handlers) getNamespaceFromContext(ctx context.Context) string { } return "" } + +// recordCIDOwnership records that a namespace owns a specific CID in the database. +// This enables namespace isolation for IPFS content. +func (h *Handlers) recordCIDOwnership(ctx context.Context, cid, namespace, name, uploadedBy string, sizeBytes int64) error { + // Skip if no database client is available (e.g., in tests) + if h.db == nil { + return nil + } + + query := `INSERT INTO ipfs_content_ownership (id, cid, namespace, name, size_bytes, is_pinned, uploaded_at, uploaded_by) + VALUES (?, ?, ?, ?, ?, ?, datetime('now'), ?) + ON CONFLICT(cid, namespace) DO NOTHING` + + id := cid + ":" + namespace // Simple unique ID + _, err := h.db.Exec(ctx, query, id, cid, namespace, name, sizeBytes, false, uploadedBy) + return err +} + +// checkCIDOwnership verifies that a namespace owns (has uploaded) a specific CID. +// Returns true if the namespace owns the CID, false otherwise. +func (h *Handlers) checkCIDOwnership(ctx context.Context, cid, namespace string) (bool, error) { + // Skip if no database client is available (e.g., in tests) + if h.db == nil { + return true, nil // Allow access in test mode + } + + // Add 5-second timeout to prevent hanging on slow RQLite queries + ctx, cancel := context.WithTimeout(ctx, 5*time.Second) + defer cancel() + + h.logger.ComponentDebug(logging.ComponentGeneral, "Querying RQLite for CID ownership", + zap.String("cid", cid), + zap.String("namespace", namespace)) + + query := `SELECT COUNT(*) as count FROM ipfs_content_ownership WHERE cid = ? AND namespace = ?` + + var result []map[string]interface{} + if err := h.db.Query(ctx, &result, query, cid, namespace); err != nil { + h.logger.ComponentError(logging.ComponentGeneral, "RQLite ownership query failed", + zap.Error(err), + zap.String("cid", cid)) + return false, err + } + + h.logger.ComponentDebug(logging.ComponentGeneral, "RQLite ownership query completed", + zap.String("cid", cid), + zap.Int("result_count", len(result))) + + if len(result) == 0 { + return false, nil + } + + // Extract count value + count, ok := result[0]["count"].(float64) + if !ok { + // Try int64 + countInt, ok := result[0]["count"].(int64) + if ok { + count = float64(countInt) + } + } + + return count > 0, nil +} + +// updatePinStatus updates the pin status for a CID in the ownership table. +func (h *Handlers) updatePinStatus(ctx context.Context, cid, namespace string, isPinned bool) error { + // Skip if no database client is available (e.g., in tests) + if h.db == nil { + return nil + } + + query := `UPDATE ipfs_content_ownership SET is_pinned = ? WHERE cid = ? AND namespace = ?` + _, err := h.db.Exec(ctx, query, isPinned, cid, namespace) + return err +} diff --git a/pkg/gateway/handlers/storage/pin_handler.go b/pkg/gateway/handlers/storage/pin_handler.go index 8bb8231..decbac2 100644 --- a/pkg/gateway/handlers/storage/pin_handler.go +++ b/pkg/gateway/handlers/storage/pin_handler.go @@ -34,13 +34,36 @@ func (h *Handlers) PinHandler(w http.ResponseWriter, r *http.Request) { return } + ctx := r.Context() + + // Get namespace from context for ownership check + namespace := h.getNamespaceFromContext(ctx) + if namespace == "" { + httputil.WriteError(w, http.StatusUnauthorized, "namespace required") + return + } + + // Check if namespace owns this CID (namespace isolation) + hasAccess, err := h.checkCIDOwnership(ctx, req.Cid, namespace) + if err != nil { + h.logger.ComponentError(logging.ComponentGeneral, "failed to check CID ownership", + zap.Error(err), zap.String("cid", req.Cid), zap.String("namespace", namespace)) + httputil.WriteError(w, http.StatusInternalServerError, "failed to verify access") + return + } + if !hasAccess { + h.logger.ComponentWarn(logging.ComponentGeneral, "namespace attempted to pin CID they don't own", + zap.String("cid", req.Cid), zap.String("namespace", namespace)) + httputil.WriteError(w, http.StatusForbidden, "access denied: CID not owned by namespace") + return + } + // Get replication factor from config (default: 3) replicationFactor := h.config.IPFSReplicationFactor if replicationFactor == 0 { replicationFactor = 3 } - ctx := r.Context() pinResp, err := h.ipfsClient.Pin(ctx, req.Cid, req.Name, replicationFactor) if err != nil { h.logger.ComponentError(logging.ComponentGeneral, "failed to pin CID", @@ -49,6 +72,12 @@ func (h *Handlers) PinHandler(w http.ResponseWriter, r *http.Request) { return } + // Update pin status in database + if err := h.updatePinStatus(ctx, req.Cid, namespace, true); err != nil { + h.logger.ComponentWarn(logging.ComponentGeneral, "failed to update pin status in database (non-fatal)", + zap.Error(err), zap.String("cid", req.Cid)) + } + // Use name from request if response doesn't have it name := pinResp.Name if name == "" { diff --git a/pkg/gateway/handlers/storage/unpin_handler.go b/pkg/gateway/handlers/storage/unpin_handler.go index 0a6ae3d..f9b3166 100644 --- a/pkg/gateway/handlers/storage/unpin_handler.go +++ b/pkg/gateway/handlers/storage/unpin_handler.go @@ -31,6 +31,29 @@ func (h *Handlers) UnpinHandler(w http.ResponseWriter, r *http.Request) { } ctx := r.Context() + + // Get namespace from context for ownership check + namespace := h.getNamespaceFromContext(ctx) + if namespace == "" { + httputil.WriteError(w, http.StatusUnauthorized, "namespace required") + return + } + + // Check if namespace owns this CID (namespace isolation) + hasAccess, err := h.checkCIDOwnership(ctx, path, namespace) + if err != nil { + h.logger.ComponentError(logging.ComponentGeneral, "failed to check CID ownership", + zap.Error(err), zap.String("cid", path), zap.String("namespace", namespace)) + httputil.WriteError(w, http.StatusInternalServerError, "failed to verify access") + return + } + if !hasAccess { + h.logger.ComponentWarn(logging.ComponentGeneral, "namespace attempted to unpin CID they don't own", + zap.String("cid", path), zap.String("namespace", namespace)) + httputil.WriteError(w, http.StatusForbidden, "access denied: CID not owned by namespace") + return + } + if err := h.ipfsClient.Unpin(ctx, path); err != nil { h.logger.ComponentError(logging.ComponentGeneral, "failed to unpin CID", zap.Error(err), zap.String("cid", path)) @@ -38,5 +61,11 @@ func (h *Handlers) UnpinHandler(w http.ResponseWriter, r *http.Request) { return } + // Update pin status in database + if err := h.updatePinStatus(ctx, path, namespace, false); err != nil { + h.logger.ComponentWarn(logging.ComponentGeneral, "failed to update pin status in database (non-fatal)", + zap.Error(err), zap.String("cid", path)) + } + httputil.WriteJSON(w, http.StatusOK, map[string]any{"status": "ok", "cid": path}) } diff --git a/pkg/gateway/handlers/storage/upload_handler.go b/pkg/gateway/handlers/storage/upload_handler.go index 6c26120..92902d1 100644 --- a/pkg/gateway/handlers/storage/upload_handler.go +++ b/pkg/gateway/handlers/storage/upload_handler.go @@ -106,6 +106,15 @@ func (h *Handlers) UploadHandler(w http.ResponseWriter, r *http.Request) { return } + // Record ownership in database for namespace isolation + // Use wallet or API key as uploaded_by identifier + uploadedBy := namespace // Could be enhanced to track wallet address if available + if err := h.recordCIDOwnership(ctx, addResp.Cid, namespace, addResp.Name, uploadedBy, addResp.Size); err != nil { + h.logger.ComponentWarn(logging.ComponentGeneral, "failed to record CID ownership (non-fatal)", + zap.Error(err), zap.String("cid", addResp.Cid), zap.String("namespace", namespace)) + // Don't fail the upload - this is just for tracking + } + // Return response immediately - don't block on pinning response := StorageUploadResponse{ Cid: addResp.Cid, @@ -115,7 +124,7 @@ func (h *Handlers) UploadHandler(w http.ResponseWriter, r *http.Request) { // Pin asynchronously in background if requested if shouldPin { - go h.pinAsync(addResp.Cid, name, replicationFactor) + go h.pinAsync(addResp.Cid, name, replicationFactor, namespace) } httputil.WriteJSON(w, http.StatusOK, response) @@ -123,13 +132,15 @@ func (h *Handlers) UploadHandler(w http.ResponseWriter, r *http.Request) { // pinAsync pins a CID asynchronously in the background with retry logic. // It retries once if the first attempt fails, then gives up. -func (h *Handlers) pinAsync(cid, name string, replicationFactor int) { +func (h *Handlers) pinAsync(cid, name string, replicationFactor int, namespace string) { ctx := context.Background() // First attempt _, err := h.ipfsClient.Pin(ctx, cid, name, replicationFactor) if err == nil { h.logger.ComponentWarn(logging.ComponentGeneral, "async pin succeeded", zap.String("cid", cid)) + // Update pin status in database + h.updatePinStatus(ctx, cid, namespace, true) return } @@ -146,6 +157,8 @@ func (h *Handlers) pinAsync(cid, name string, replicationFactor int) { zap.Error(err), zap.String("cid", cid)) } else { h.logger.ComponentWarn(logging.ComponentGeneral, "async pin succeeded on retry", zap.String("cid", cid)) + // Update pin status in database + h.updatePinStatus(ctx, cid, namespace, true) } } diff --git a/pkg/gateway/handlers/wireguard/handler.go b/pkg/gateway/handlers/wireguard/handler.go new file mode 100644 index 0000000..385f847 --- /dev/null +++ b/pkg/gateway/handlers/wireguard/handler.go @@ -0,0 +1,211 @@ +package wireguard + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// PeerRecord represents a WireGuard peer stored in RQLite +type PeerRecord struct { + NodeID string `json:"node_id" db:"node_id"` + WGIP string `json:"wg_ip" db:"wg_ip"` + PublicKey string `json:"public_key" db:"public_key"` + PublicIP string `json:"public_ip" db:"public_ip"` + WGPort int `json:"wg_port" db:"wg_port"` +} + +// RegisterPeerRequest is the request body for peer registration +type RegisterPeerRequest struct { + NodeID string `json:"node_id"` + PublicKey string `json:"public_key"` + PublicIP string `json:"public_ip"` + WGPort int `json:"wg_port,omitempty"` + ClusterSecret string `json:"cluster_secret"` +} + +// RegisterPeerResponse is the response for peer registration +type RegisterPeerResponse struct { + AssignedWGIP string `json:"assigned_wg_ip"` + Peers []PeerRecord `json:"peers"` +} + +// Handler handles WireGuard peer exchange endpoints +type Handler struct { + logger *zap.Logger + rqliteClient rqlite.Client + clusterSecret string // expected cluster secret for auth +} + +// NewHandler creates a new WireGuard handler +func NewHandler(logger *zap.Logger, rqliteClient rqlite.Client, clusterSecret string) *Handler { + return &Handler{ + logger: logger, + rqliteClient: rqliteClient, + clusterSecret: clusterSecret, + } +} + +// HandleRegisterPeer handles POST /v1/internal/wg/peer +// A new node calls this to register itself and get all existing peers. +func (h *Handler) HandleRegisterPeer(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.Error(w, "method not allowed", http.StatusMethodNotAllowed) + return + } + + var req RegisterPeerRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + http.Error(w, "invalid request body", http.StatusBadRequest) + return + } + + // Validate cluster secret + if h.clusterSecret != "" && req.ClusterSecret != h.clusterSecret { + http.Error(w, "unauthorized", http.StatusUnauthorized) + return + } + + if req.NodeID == "" || req.PublicKey == "" || req.PublicIP == "" { + http.Error(w, "node_id, public_key, and public_ip are required", http.StatusBadRequest) + return + } + + if req.WGPort == 0 { + req.WGPort = 51820 + } + + ctx := r.Context() + + // Assign next available WG IP + wgIP, err := h.assignNextWGIP(ctx) + if err != nil { + h.logger.Error("failed to assign WG IP", zap.Error(err)) + http.Error(w, "failed to assign WG IP", http.StatusInternalServerError) + return + } + + // Insert peer record + _, err = h.rqliteClient.Exec(ctx, + "INSERT OR REPLACE INTO wireguard_peers (node_id, wg_ip, public_key, public_ip, wg_port) VALUES (?, ?, ?, ?, ?)", + req.NodeID, wgIP, req.PublicKey, req.PublicIP, req.WGPort) + if err != nil { + h.logger.Error("failed to insert WG peer", zap.Error(err)) + http.Error(w, "failed to register peer", http.StatusInternalServerError) + return + } + + // Get all peers (including the one just added) + peers, err := h.ListPeers(ctx) + if err != nil { + h.logger.Error("failed to list WG peers", zap.Error(err)) + http.Error(w, "failed to list peers", http.StatusInternalServerError) + return + } + + resp := RegisterPeerResponse{ + AssignedWGIP: wgIP, + Peers: peers, + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(resp) + + h.logger.Info("registered WireGuard peer", + zap.String("node_id", req.NodeID), + zap.String("wg_ip", wgIP), + zap.String("public_ip", req.PublicIP)) +} + +// HandleListPeers handles GET /v1/internal/wg/peers +func (h *Handler) HandleListPeers(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodGet { + http.Error(w, "method not allowed", http.StatusMethodNotAllowed) + return + } + + peers, err := h.ListPeers(r.Context()) + if err != nil { + h.logger.Error("failed to list WG peers", zap.Error(err)) + http.Error(w, "failed to list peers", http.StatusInternalServerError) + return + } + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(peers) +} + +// HandleRemovePeer handles DELETE /v1/internal/wg/peer?node_id=xxx +func (h *Handler) HandleRemovePeer(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodDelete { + http.Error(w, "method not allowed", http.StatusMethodNotAllowed) + return + } + + nodeID := r.URL.Query().Get("node_id") + if nodeID == "" { + http.Error(w, "node_id parameter required", http.StatusBadRequest) + return + } + + _, err := h.rqliteClient.Exec(r.Context(), + "DELETE FROM wireguard_peers WHERE node_id = ?", nodeID) + if err != nil { + h.logger.Error("failed to remove WG peer", zap.Error(err)) + http.Error(w, "failed to remove peer", http.StatusInternalServerError) + return + } + + w.WriteHeader(http.StatusOK) + h.logger.Info("removed WireGuard peer", zap.String("node_id", nodeID)) +} + +// ListPeers returns all registered WireGuard peers +func (h *Handler) ListPeers(ctx context.Context) ([]PeerRecord, error) { + var peers []PeerRecord + err := h.rqliteClient.Query(ctx, &peers, + "SELECT node_id, wg_ip, public_key, public_ip, wg_port FROM wireguard_peers ORDER BY wg_ip") + if err != nil { + return nil, fmt.Errorf("failed to query wireguard_peers: %w", err) + } + return peers, nil +} + +// assignNextWGIP finds the next available 10.0.0.x IP +func (h *Handler) assignNextWGIP(ctx context.Context) (string, error) { + var result []struct { + MaxIP string `db:"max_ip"` + } + + err := h.rqliteClient.Query(ctx, &result, + "SELECT MAX(wg_ip) as max_ip FROM wireguard_peers") + if err != nil { + return "", fmt.Errorf("failed to query max WG IP: %w", err) + } + + if len(result) == 0 || result[0].MaxIP == "" { + return "10.0.0.1", nil + } + + // Parse last octet and increment + maxIP := result[0].MaxIP + var a, b, c, d int + if _, err := fmt.Sscanf(maxIP, "%d.%d.%d.%d", &a, &b, &c, &d); err != nil { + return "", fmt.Errorf("failed to parse max WG IP %s: %w", maxIP, err) + } + + d++ + if d > 254 { + c++ + d = 1 + if c > 255 { + return "", fmt.Errorf("WireGuard IP space exhausted") + } + } + + return fmt.Sprintf("%d.%d.%d.%d", a, b, c, d), nil +} diff --git a/pkg/gateway/instance_spawner.go b/pkg/gateway/instance_spawner.go new file mode 100644 index 0000000..6d0563e --- /dev/null +++ b/pkg/gateway/instance_spawner.go @@ -0,0 +1,525 @@ +package gateway + +import ( + "context" + "fmt" + "net/http" + "os" + "os/exec" + "path/filepath" + "strings" + "sync" + "time" + + "github.com/DeBrosOfficial/network/pkg/tlsutil" + "go.uber.org/zap" + "gopkg.in/yaml.v3" +) + +// InstanceNodeStatus represents the status of an instance (local type to avoid import cycle) +type InstanceNodeStatus string + +const ( + InstanceStatusPending InstanceNodeStatus = "pending" + InstanceStatusStarting InstanceNodeStatus = "starting" + InstanceStatusRunning InstanceNodeStatus = "running" + InstanceStatusStopped InstanceNodeStatus = "stopped" + InstanceStatusFailed InstanceNodeStatus = "failed" +) + +// InstanceError represents an error during instance operations (local type to avoid import cycle) +type InstanceError struct { + Message string + Cause error +} + +func (e *InstanceError) Error() string { + if e.Cause != nil { + return e.Message + ": " + e.Cause.Error() + } + return e.Message +} + +func (e *InstanceError) Unwrap() error { + return e.Cause +} + +// InstanceSpawner manages multiple Gateway instances for namespace clusters. +// Each namespace gets its own gateway instances that connect to its dedicated RQLite and Olric clusters. +type InstanceSpawner struct { + logger *zap.Logger + baseDir string // Base directory for all namespace data (e.g., ~/.orama/data/namespaces) + instances map[string]*GatewayInstance + mu sync.RWMutex +} + +// GatewayInstance represents a running Gateway instance for a namespace +type GatewayInstance struct { + Namespace string + NodeID string + HTTPPort int + BaseDomain string + RQLiteDSN string // Connection to namespace RQLite + OlricServers []string // Connection to namespace Olric + ConfigPath string + PID int + Status InstanceNodeStatus + StartedAt time.Time + LastHealthCheck time.Time + cmd *exec.Cmd + logger *zap.Logger +} + +// InstanceConfig holds configuration for spawning a Gateway instance +type InstanceConfig struct { + Namespace string // Namespace name (e.g., "alice") + NodeID string // Physical node ID + HTTPPort int // HTTP API port + BaseDomain string // Base domain (e.g., "orama-devnet.network") + RQLiteDSN string // RQLite connection DSN (e.g., "http://localhost:10000") + GlobalRQLiteDSN string // Global RQLite DSN for API key validation (empty = use RQLiteDSN) + OlricServers []string // Olric server addresses + OlricTimeout time.Duration // Timeout for Olric operations + NodePeerID string // Physical node's peer ID for home node management + DataDir string // Data directory for deployments, SQLite, etc. + // IPFS configuration for storage endpoints + IPFSClusterAPIURL string // IPFS Cluster API URL (e.g., "http://localhost:9094") + IPFSAPIURL string // IPFS API URL (e.g., "http://localhost:5001") + IPFSTimeout time.Duration // Timeout for IPFS operations + IPFSReplicationFactor int // IPFS replication factor +} + +// GatewayYAMLConfig represents the gateway YAML configuration structure +// This must match the yamlCfg struct in cmd/gateway/config.go exactly +// because the gateway uses strict YAML decoding that rejects unknown fields +type GatewayYAMLConfig struct { + ListenAddr string `yaml:"listen_addr"` + ClientNamespace string `yaml:"client_namespace"` + RQLiteDSN string `yaml:"rqlite_dsn"` + GlobalRQLiteDSN string `yaml:"global_rqlite_dsn,omitempty"` + BootstrapPeers []string `yaml:"bootstrap_peers,omitempty"` + EnableHTTPS bool `yaml:"enable_https,omitempty"` + DomainName string `yaml:"domain_name,omitempty"` + TLSCacheDir string `yaml:"tls_cache_dir,omitempty"` + OlricServers []string `yaml:"olric_servers"` + OlricTimeout string `yaml:"olric_timeout,omitempty"` + IPFSClusterAPIURL string `yaml:"ipfs_cluster_api_url,omitempty"` + IPFSAPIURL string `yaml:"ipfs_api_url,omitempty"` + IPFSTimeout string `yaml:"ipfs_timeout,omitempty"` + IPFSReplicationFactor int `yaml:"ipfs_replication_factor,omitempty"` +} + +// NewInstanceSpawner creates a new Gateway instance spawner +func NewInstanceSpawner(baseDir string, logger *zap.Logger) *InstanceSpawner { + return &InstanceSpawner{ + logger: logger.With(zap.String("component", "gateway-instance-spawner")), + baseDir: baseDir, + instances: make(map[string]*GatewayInstance), + } +} + +// instanceKey generates a unique key for an instance based on namespace and node +func instanceKey(ns, nodeID string) string { + return fmt.Sprintf("%s:%s", ns, nodeID) +} + +// SpawnInstance starts a new Gateway instance for a namespace on a specific node. +// Returns the instance info or an error if spawning fails. +func (is *InstanceSpawner) SpawnInstance(ctx context.Context, cfg InstanceConfig) (*GatewayInstance, error) { + key := instanceKey(cfg.Namespace, cfg.NodeID) + + is.mu.Lock() + if existing, ok := is.instances[key]; ok { + is.mu.Unlock() + // Instance already exists, return it if running + if existing.Status == InstanceStatusRunning { + return existing, nil + } + // Otherwise, remove it and start fresh + is.mu.Lock() + delete(is.instances, key) + } + is.mu.Unlock() + + // Create config and logs directories + configDir := filepath.Join(is.baseDir, cfg.Namespace, "configs") + logsDir := filepath.Join(is.baseDir, cfg.Namespace, "logs") + dataDir := filepath.Join(is.baseDir, cfg.Namespace, "data") + + for _, dir := range []string{configDir, logsDir, dataDir} { + if err := os.MkdirAll(dir, 0755); err != nil { + return nil, &InstanceError{ + Message: fmt.Sprintf("failed to create directory %s", dir), + Cause: err, + } + } + } + + // Generate config file + configPath := filepath.Join(configDir, fmt.Sprintf("gateway-%s.yaml", cfg.NodeID)) + if err := is.generateConfig(configPath, cfg, dataDir); err != nil { + return nil, err + } + + instance := &GatewayInstance{ + Namespace: cfg.Namespace, + NodeID: cfg.NodeID, + HTTPPort: cfg.HTTPPort, + BaseDomain: cfg.BaseDomain, + RQLiteDSN: cfg.RQLiteDSN, + OlricServers: cfg.OlricServers, + ConfigPath: configPath, + Status: InstanceStatusStarting, + logger: is.logger.With(zap.String("namespace", cfg.Namespace), zap.String("node_id", cfg.NodeID)), + } + + instance.logger.Info("Starting Gateway instance", + zap.Int("http_port", cfg.HTTPPort), + zap.String("rqlite_dsn", cfg.RQLiteDSN), + zap.Strings("olric_servers", cfg.OlricServers), + ) + + // Find the gateway binary - look in common locations + var gatewayBinary string + possiblePaths := []string{ + "./bin/gateway", // Development build + "/usr/local/bin/orama-gateway", // System-wide install + "/opt/orama/bin/gateway", // Package install + } + + for _, path := range possiblePaths { + if _, err := os.Stat(path); err == nil { + gatewayBinary = path + break + } + } + + // Also check PATH + if gatewayBinary == "" { + if path, err := exec.LookPath("orama-gateway"); err == nil { + gatewayBinary = path + } + } + + if gatewayBinary == "" { + return nil, &InstanceError{ + Message: "gateway binary not found (checked ./bin/gateway, /usr/local/bin/orama-gateway, /opt/orama/bin/gateway, PATH)", + Cause: nil, + } + } + + instance.logger.Info("Found gateway binary", zap.String("path", gatewayBinary)) + + // Create command + cmd := exec.CommandContext(ctx, gatewayBinary, "--config", configPath) + instance.cmd = cmd + + // Setup logging + logPath := filepath.Join(logsDir, fmt.Sprintf("gateway-%s.log", cfg.NodeID)) + logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) + if err != nil { + return nil, &InstanceError{ + Message: "failed to open log file", + Cause: err, + } + } + + cmd.Stdout = logFile + cmd.Stderr = logFile + + // Start the process + if err := cmd.Start(); err != nil { + logFile.Close() + return nil, &InstanceError{ + Message: "failed to start Gateway process", + Cause: err, + } + } + + logFile.Close() + + instance.PID = cmd.Process.Pid + instance.StartedAt = time.Now() + + // Store instance + is.mu.Lock() + is.instances[key] = instance + is.mu.Unlock() + + // Wait for instance to be ready + if err := is.waitForInstanceReady(ctx, instance); err != nil { + // Kill the process on failure + if cmd.Process != nil { + _ = cmd.Process.Kill() + } + is.mu.Lock() + delete(is.instances, key) + is.mu.Unlock() + return nil, &InstanceError{ + Message: "Gateway instance did not become ready", + Cause: err, + } + } + + instance.Status = InstanceStatusRunning + instance.LastHealthCheck = time.Now() + + instance.logger.Info("Gateway instance started successfully", + zap.Int("pid", instance.PID), + ) + + // Start background process monitor + go is.monitorInstance(instance) + + return instance, nil +} + +// generateConfig generates the Gateway YAML configuration file +func (is *InstanceSpawner) generateConfig(configPath string, cfg InstanceConfig, dataDir string) error { + gatewayCfg := GatewayYAMLConfig{ + ListenAddr: fmt.Sprintf(":%d", cfg.HTTPPort), + ClientNamespace: cfg.Namespace, + RQLiteDSN: cfg.RQLiteDSN, + GlobalRQLiteDSN: cfg.GlobalRQLiteDSN, + OlricServers: cfg.OlricServers, + // Note: DomainName is used for HTTPS/TLS, not needed for namespace gateways in dev mode + DomainName: cfg.BaseDomain, + // IPFS configuration for storage endpoints + IPFSClusterAPIURL: cfg.IPFSClusterAPIURL, + IPFSAPIURL: cfg.IPFSAPIURL, + IPFSReplicationFactor: cfg.IPFSReplicationFactor, + } + // Set Olric timeout if provided + if cfg.OlricTimeout > 0 { + gatewayCfg.OlricTimeout = cfg.OlricTimeout.String() + } + // Set IPFS timeout if provided + if cfg.IPFSTimeout > 0 { + gatewayCfg.IPFSTimeout = cfg.IPFSTimeout.String() + } + + data, err := yaml.Marshal(gatewayCfg) + if err != nil { + return &InstanceError{ + Message: "failed to marshal Gateway config", + Cause: err, + } + } + + if err := os.WriteFile(configPath, data, 0644); err != nil { + return &InstanceError{ + Message: "failed to write Gateway config", + Cause: err, + } + } + + return nil +} + +// StopInstance stops a Gateway instance for a namespace on a specific node +func (is *InstanceSpawner) StopInstance(ctx context.Context, ns, nodeID string) error { + key := instanceKey(ns, nodeID) + + is.mu.Lock() + instance, ok := is.instances[key] + if !ok { + is.mu.Unlock() + return nil // Already stopped + } + delete(is.instances, key) + is.mu.Unlock() + + if instance.cmd != nil && instance.cmd.Process != nil { + instance.logger.Info("Stopping Gateway instance", zap.Int("pid", instance.PID)) + + // Send SIGTERM for graceful shutdown + if err := instance.cmd.Process.Signal(os.Interrupt); err != nil { + // If SIGTERM fails, kill it + _ = instance.cmd.Process.Kill() + } + + // Wait for process to exit with timeout + done := make(chan error, 1) + go func() { + done <- instance.cmd.Wait() + }() + + select { + case <-done: + instance.logger.Info("Gateway instance stopped gracefully") + case <-time.After(10 * time.Second): + instance.logger.Warn("Gateway instance did not stop gracefully, killing") + _ = instance.cmd.Process.Kill() + case <-ctx.Done(): + _ = instance.cmd.Process.Kill() + return ctx.Err() + } + } + + instance.Status = InstanceStatusStopped + return nil +} + +// StopAllInstances stops all Gateway instances for a namespace +func (is *InstanceSpawner) StopAllInstances(ctx context.Context, ns string) error { + is.mu.RLock() + var keys []string + for key, inst := range is.instances { + if inst.Namespace == ns { + keys = append(keys, key) + } + } + is.mu.RUnlock() + + var lastErr error + for _, key := range keys { + parts := strings.SplitN(key, ":", 2) + if len(parts) == 2 { + if err := is.StopInstance(ctx, parts[0], parts[1]); err != nil { + lastErr = err + } + } + } + return lastErr +} + +// GetInstance returns the instance for a namespace on a specific node +func (is *InstanceSpawner) GetInstance(ns, nodeID string) (*GatewayInstance, bool) { + is.mu.RLock() + defer is.mu.RUnlock() + + instance, ok := is.instances[instanceKey(ns, nodeID)] + return instance, ok +} + +// GetNamespaceInstances returns all instances for a namespace +func (is *InstanceSpawner) GetNamespaceInstances(ns string) []*GatewayInstance { + is.mu.RLock() + defer is.mu.RUnlock() + + var instances []*GatewayInstance + for _, inst := range is.instances { + if inst.Namespace == ns { + instances = append(instances, inst) + } + } + return instances +} + +// HealthCheck checks if an instance is healthy +func (is *InstanceSpawner) HealthCheck(ctx context.Context, ns, nodeID string) (bool, error) { + instance, ok := is.GetInstance(ns, nodeID) + if !ok { + return false, &InstanceError{Message: "instance not found"} + } + + healthy, err := instance.IsHealthy(ctx) + if healthy { + is.mu.Lock() + instance.LastHealthCheck = time.Now() + is.mu.Unlock() + } + return healthy, err +} + +// waitForInstanceReady waits for the Gateway instance to be ready +func (is *InstanceSpawner) waitForInstanceReady(ctx context.Context, instance *GatewayInstance) error { + client := tlsutil.NewHTTPClient(2 * time.Second) + + // Gateway health check endpoint + url := fmt.Sprintf("http://localhost:%d/v1/health", instance.HTTPPort) + + maxAttempts := 120 // 2 minutes + for i := 0; i < maxAttempts; i++ { + select { + case <-ctx.Done(): + return ctx.Err() + case <-time.After(1 * time.Second): + } + + resp, err := client.Get(url) + if err != nil { + continue + } + resp.Body.Close() + + if resp.StatusCode == http.StatusOK { + instance.logger.Debug("Gateway instance ready", + zap.Int("attempts", i+1), + ) + return nil + } + } + + return fmt.Errorf("Gateway did not become ready within timeout") +} + +// monitorInstance monitors an instance and updates its status +func (is *InstanceSpawner) monitorInstance(instance *GatewayInstance) { + ticker := time.NewTicker(30 * time.Second) + defer ticker.Stop() + + for range ticker.C { + is.mu.RLock() + key := instanceKey(instance.Namespace, instance.NodeID) + _, exists := is.instances[key] + is.mu.RUnlock() + + if !exists { + // Instance was removed + return + } + + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + healthy, _ := instance.IsHealthy(ctx) + cancel() + + is.mu.Lock() + if healthy { + instance.Status = InstanceStatusRunning + instance.LastHealthCheck = time.Now() + } else { + instance.Status = InstanceStatusFailed + instance.logger.Warn("Gateway instance health check failed") + } + is.mu.Unlock() + + // Check if process is still running + if instance.cmd != nil && instance.cmd.ProcessState != nil && instance.cmd.ProcessState.Exited() { + is.mu.Lock() + instance.Status = InstanceStatusStopped + is.mu.Unlock() + instance.logger.Warn("Gateway instance process exited unexpectedly") + return + } + } +} + +// IsHealthy checks if the Gateway instance is healthy +func (gi *GatewayInstance) IsHealthy(ctx context.Context) (bool, error) { + url := fmt.Sprintf("http://localhost:%d/v1/health", gi.HTTPPort) + client := tlsutil.NewHTTPClient(5 * time.Second) + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) + if err != nil { + return false, err + } + + resp, err := client.Do(req) + if err != nil { + return false, err + } + defer resp.Body.Close() + + return resp.StatusCode == http.StatusOK, nil +} + +// DSN returns the local connection address for this Gateway instance +func (gi *GatewayInstance) DSN() string { + return fmt.Sprintf("http://localhost:%d", gi.HTTPPort) +} + +// ExternalURL returns the external URL for accessing this namespace's gateway +func (gi *GatewayInstance) ExternalURL() string { + return fmt.Sprintf("https://ns-%s.%s", gi.Namespace, gi.BaseDomain) +} diff --git a/pkg/gateway/middleware.go b/pkg/gateway/middleware.go index 2dcd8aa..c8d8423 100644 --- a/pkg/gateway/middleware.go +++ b/pkg/gateway/middleware.go @@ -3,13 +3,17 @@ package gateway import ( "context" "encoding/json" + "hash/fnv" + "io" "net" "net/http" + "sort" "strconv" "strings" "time" "github.com/DeBrosOfficial/network/pkg/client" + "github.com/DeBrosOfficial/network/pkg/deployments" "github.com/DeBrosOfficial/network/pkg/gateway/auth" "github.com/DeBrosOfficial/network/pkg/logging" "go.uber.org/zap" @@ -17,11 +21,188 @@ import ( // Note: context keys (ctxKeyAPIKey, ctxKeyJWT, CtxKeyNamespaceOverride) are now defined in context.go -// withMiddleware adds CORS and logging middleware +// Internal auth headers for trusted inter-gateway communication. +// When the main gateway proxies to a namespace gateway, it validates auth first +// and passes the validated namespace via these headers. The namespace gateway +// trusts these headers when they come from internal IPs (WireGuard 10.0.0.x). +const ( + // HeaderInternalAuthNamespace contains the validated namespace name + HeaderInternalAuthNamespace = "X-Internal-Auth-Namespace" + // HeaderInternalAuthValidated indicates the request was pre-authenticated by main gateway + HeaderInternalAuthValidated = "X-Internal-Auth-Validated" +) + +// validateAuthForNamespaceProxy validates the request's auth credentials against the MAIN +// cluster RQLite and returns the namespace the credentials belong to. +// This is used by handleNamespaceGatewayRequest to pre-authenticate before proxying to +// namespace gateways (which have isolated RQLites without API keys). +// +// Returns: +// - (namespace, "") if auth is valid +// - ("", errorMessage) if auth is invalid +// - ("", "") if no auth credentials provided (for public paths) +func (g *Gateway) validateAuthForNamespaceProxy(r *http.Request) (namespace string, errMsg string) { + // 1) Try JWT Bearer first + if auth := r.Header.Get("Authorization"); auth != "" { + lower := strings.ToLower(auth) + if strings.HasPrefix(lower, "bearer ") { + tok := strings.TrimSpace(auth[len("Bearer "):]) + if strings.Count(tok, ".") == 2 { + if claims, err := g.authService.ParseAndVerifyJWT(tok); err == nil { + if ns := strings.TrimSpace(claims.Namespace); ns != "" { + return ns, "" + } + } + // JWT verification failed - fall through to API key check + } + } + } + + // 2) Try API key + key := extractAPIKey(r) + if key == "" { + return "", "" // No credentials provided + } + + // Check middleware cache first + if g.mwCache != nil { + if cachedNS, ok := g.mwCache.GetAPIKeyNamespace(key); ok { + return cachedNS, "" + } + } + + // Cache miss — look up API key in main cluster RQLite + db := g.client.Database() + internalCtx := client.WithInternalAuth(r.Context()) + q := "SELECT namespaces.name FROM api_keys JOIN namespaces ON api_keys.namespace_id = namespaces.id WHERE api_keys.key = ? LIMIT 1" + res, err := db.Query(internalCtx, q, key) + if err != nil || res == nil || res.Count == 0 || len(res.Rows) == 0 || len(res.Rows[0]) == 0 { + return "", "invalid API key" + } + + // Extract namespace name + var ns string + if s, ok := res.Rows[0][0].(string); ok { + ns = strings.TrimSpace(s) + } else { + b, _ := json.Marshal(res.Rows[0][0]) + _ = json.Unmarshal(b, &ns) + ns = strings.TrimSpace(ns) + } + if ns == "" { + return "", "invalid API key" + } + + // Cache the result + if g.mwCache != nil { + g.mwCache.SetAPIKeyNamespace(key, ns) + } + + return ns, "" +} + +// isWebSocketUpgrade checks if the request is a WebSocket upgrade request +func isWebSocketUpgrade(r *http.Request) bool { + connection := strings.ToLower(r.Header.Get("Connection")) + upgrade := strings.ToLower(r.Header.Get("Upgrade")) + return strings.Contains(connection, "upgrade") && upgrade == "websocket" +} + +// proxyWebSocket proxies a WebSocket connection by hijacking the client connection +// and tunneling bidirectionally to the backend +func (g *Gateway) proxyWebSocket(w http.ResponseWriter, r *http.Request, targetHost string) bool { + hijacker, ok := w.(http.Hijacker) + if !ok { + http.Error(w, "WebSocket proxy not supported", http.StatusInternalServerError) + return false + } + + // Connect to backend + backendConn, err := net.DialTimeout("tcp", targetHost, 10*time.Second) + if err != nil { + g.logger.ComponentError(logging.ComponentGeneral, "WebSocket backend dial failed", + zap.String("target", targetHost), + zap.Error(err), + ) + http.Error(w, "Backend unavailable", http.StatusServiceUnavailable) + return false + } + + // Write the original request to backend (this initiates the WebSocket handshake) + if err := r.Write(backendConn); err != nil { + backendConn.Close() + g.logger.ComponentError(logging.ComponentGeneral, "WebSocket handshake write failed", + zap.Error(err), + ) + http.Error(w, "Failed to initiate WebSocket", http.StatusBadGateway) + return false + } + + // Hijack client connection + clientConn, clientBuf, err := hijacker.Hijack() + if err != nil { + backendConn.Close() + g.logger.ComponentError(logging.ComponentGeneral, "WebSocket hijack failed", + zap.Error(err), + ) + return false + } + + // Flush any buffered data from the client + if clientBuf.Reader.Buffered() > 0 { + buffered := make([]byte, clientBuf.Reader.Buffered()) + clientBuf.Read(buffered) + backendConn.Write(buffered) + } + + // Bidirectional copy between client and backend + done := make(chan struct{}, 2) + go func() { + defer func() { done <- struct{}{} }() + io.Copy(clientConn, backendConn) + clientConn.Close() + }() + go func() { + defer func() { done <- struct{}{} }() + io.Copy(backendConn, clientConn) + backendConn.Close() + }() + + // Wait for one side to close + <-done + clientConn.Close() + backendConn.Close() + <-done + + return true +} + +// withMiddleware adds CORS, security headers, rate limiting, and logging middleware func (g *Gateway) withMiddleware(next http.Handler) http.Handler { - // Order: logging (outermost) -> CORS -> auth -> handler - // Add authorization layer after auth to enforce namespace ownership - return g.loggingMiddleware(g.corsMiddleware(g.authMiddleware(g.authorizationMiddleware(next)))) + // Order: logging -> security headers -> rate limit -> CORS -> domain routing -> auth -> handler + return g.loggingMiddleware( + g.securityHeadersMiddleware( + g.rateLimitMiddleware( + g.corsMiddleware( + g.domainRoutingMiddleware( + g.authMiddleware( + g.authorizationMiddleware(next))))))) +} + +// securityHeadersMiddleware adds standard security headers to all responses +func (g *Gateway) securityHeadersMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("X-Content-Type-Options", "nosniff") + w.Header().Set("X-Frame-Options", "DENY") + w.Header().Set("X-XSS-Protection", "0") + w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin") + w.Header().Set("Permissions-Policy", "camera=(), microphone=(), geolocation=()") + // HSTS only when behind TLS (Caddy) + if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" { + w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains") + } + next.ServeHTTP(w, r) + }) } // loggingMiddleware logs basic request info and duration @@ -39,8 +220,24 @@ func (g *Gateway) loggingMiddleware(next http.Handler) http.Handler { zap.String("duration", dur.String()), ) - // Persist request log asynchronously (best-effort) - go g.persistRequestLog(r, srw, dur) + // Enqueue log entry for batched persistence (replaces per-request DB writes) + if g.logBatcher != nil { + apiKey := "" + if v := r.Context().Value(ctxKeyAPIKey); v != nil { + if s, ok := v.(string); ok { + apiKey = s + } + } + g.logBatcher.Add(requestLogEntry{ + method: r.Method, + path: r.URL.Path, + statusCode: srw.status, + bytesOut: srw.bytes, + durationMs: dur.Milliseconds(), + ip: getClientIP(r), + apiKey: apiKey, + }) + } }) } @@ -49,6 +246,7 @@ func (g *Gateway) loggingMiddleware(next http.Handler) http.Handler { // - Authorization: Bearer (RS256 issued by this gateway) // - Authorization: Bearer or ApiKey // - X-API-Key: +// - X-Internal-Auth-Validated: true (from internal IPs only - pre-authenticated by main gateway) func (g *Gateway) authMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Allow preflight without auth @@ -59,6 +257,23 @@ func (g *Gateway) authMiddleware(next http.Handler) http.Handler { isPublic := isPublicPath(r.URL.Path) + // 0) Trust internal auth headers from internal IPs (WireGuard network or localhost) + // This allows the main gateway to pre-authenticate requests before proxying to namespace gateways + if r.Header.Get(HeaderInternalAuthValidated) == "true" { + clientIP := getClientIP(r) + if isInternalIP(clientIP) { + ns := strings.TrimSpace(r.Header.Get(HeaderInternalAuthNamespace)) + if ns != "" { + // Pre-authenticated by main gateway - trust the namespace + reqCtx := context.WithValue(r.Context(), CtxKeyNamespaceOverride, ns) + next.ServeHTTP(w, r.WithContext(reqCtx)) + return + } + } + // If internal auth header is present but invalid (wrong IP or missing namespace), + // fall through to normal auth flow + } + // 1) Try JWT Bearer first if Authorization looks like one if auth := r.Header.Get("Authorization"); auth != "" { lower := strings.ToLower(auth) @@ -91,8 +306,24 @@ func (g *Gateway) authMiddleware(next http.Handler) http.Handler { return } - // Look up API key in DB and derive namespace - db := g.client.Database() + // Check middleware cache first for API key → namespace mapping + if g.mwCache != nil { + if cachedNS, ok := g.mwCache.GetAPIKeyNamespace(key); ok { + reqCtx := context.WithValue(r.Context(), ctxKeyAPIKey, key) + reqCtx = context.WithValue(reqCtx, CtxKeyNamespaceOverride, cachedNS) + next.ServeHTTP(w, r.WithContext(reqCtx)) + return + } + } + + // Cache miss — look up API key in DB and derive namespace + // Use authClient for namespace gateways (validates against global RQLite) + // Otherwise use regular client for global gateways + authClient := g.client + if g.authClient != nil { + authClient = g.authClient + } + db := authClient.Database() // Use internal auth for DB validation (auth not established yet) internalCtx := client.WithInternalAuth(r.Context()) // Join to namespaces to resolve name in one query @@ -126,6 +357,11 @@ func (g *Gateway) authMiddleware(next http.Handler) http.Handler { return } + // Cache the result for subsequent requests + if g.mwCache != nil { + g.mwCache.SetAPIKeyNamespace(key, ns) + } + // Attach auth metadata to context for downstream use reqCtx := context.WithValue(r.Context(), ctxKeyAPIKey, key) reqCtx = context.WithValue(reqCtx, CtxKeyNamespaceOverride, ns) @@ -191,16 +427,43 @@ func isPublicPath(p string) bool { return true } + // Internal replica coordination endpoints (auth handled by replica handler) + if strings.HasPrefix(p, "/v1/internal/deployments/replica/") { + return true + } + + // WireGuard peer exchange (auth handled by cluster secret in handler) + if strings.HasPrefix(p, "/v1/internal/wg/") { + return true + } + + // Node join endpoint (auth handled by invite token in handler) + if p == "/v1/internal/join" { + return true + } + + // Namespace spawn endpoint (auth handled by internal auth header) + if p == "/v1/internal/namespace/spawn" { + return true + } + switch p { - case "/health", "/v1/health", "/status", "/v1/status", "/v1/auth/jwks", "/.well-known/jwks.json", "/v1/version", "/v1/auth/login", "/v1/auth/challenge", "/v1/auth/verify", "/v1/auth/register", "/v1/auth/refresh", "/v1/auth/logout", "/v1/auth/api-key", "/v1/auth/simple-key", "/v1/network/status", "/v1/network/peers": + case "/health", "/v1/health", "/status", "/v1/status", "/v1/auth/jwks", "/.well-known/jwks.json", "/v1/version", "/v1/auth/login", "/v1/auth/challenge", "/v1/auth/verify", "/v1/auth/register", "/v1/auth/refresh", "/v1/auth/logout", "/v1/auth/api-key", "/v1/auth/simple-key", "/v1/network/status", "/v1/network/peers", "/v1/internal/tls/check", "/v1/internal/acme/present", "/v1/internal/acme/cleanup": return true default: + // Also exempt namespace status polling endpoint + if strings.HasPrefix(p, "/v1/namespace/status") { + return true + } return false } } // authorizationMiddleware enforces that the authenticated actor owns the namespace // for certain protected paths (e.g., apps CRUD and storage APIs). +// Also enforces cross-namespace access control: +// - "default" namespace: accessible by any valid API key +// - Other namespaces: API key must belong to that specific namespace func (g *Gateway) authorizationMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Skip for public/OPTIONS paths only @@ -215,7 +478,52 @@ func (g *Gateway) authorizationMiddleware(next http.Handler) http.Handler { return } - // Only enforce for specific resource paths + // Exempt namespace status endpoint + if strings.HasPrefix(r.URL.Path, "/v1/namespace/status") { + next.ServeHTTP(w, r) + return + } + + // Skip ownership checks for requests pre-authenticated by the main gateway. + // The main gateway already validated the API key and resolved the namespace + // before proxying, so re-checking ownership against the namespace RQLite is + // redundant and adds ~300ms of unnecessary latency (3 DB round-trips). + if r.Header.Get(HeaderInternalAuthValidated) == "true" { + clientIP := getClientIP(r) + if isInternalIP(clientIP) { + next.ServeHTTP(w, r) + return + } + } + + // Cross-namespace access control for namespace gateways + // The gateway's ClientNamespace determines which namespace this gateway serves + gatewayNamespace := "default" + if g.cfg != nil && g.cfg.ClientNamespace != "" { + gatewayNamespace = strings.TrimSpace(g.cfg.ClientNamespace) + } + + // Get user's namespace from context (derived from API key/JWT) + userNamespace := "" + if v := r.Context().Value(CtxKeyNamespaceOverride); v != nil { + if s, ok := v.(string); ok { + userNamespace = strings.TrimSpace(s) + } + } + + // For non-default namespace gateways, the API key must belong to this namespace + // This enforces physical isolation: alice's gateway only accepts alice's API keys + if gatewayNamespace != "default" && userNamespace != "" && userNamespace != gatewayNamespace { + g.logger.ComponentWarn(logging.ComponentGeneral, "cross-namespace access denied", + zap.String("user_namespace", userNamespace), + zap.String("gateway_namespace", gatewayNamespace), + zap.String("path", r.URL.Path), + ) + writeError(w, http.StatusForbidden, "API key does not belong to this namespace") + return + } + + // Only enforce ownership for specific resource paths if !requiresNamespaceOwnership(r.URL.Path) { next.ServeHTTP(w, r) return @@ -426,3 +734,774 @@ func getClientIP(r *http.Request) string { } return host } + +// domainRoutingMiddleware handles requests to deployment domains and namespace gateways +// This must come BEFORE auth middleware so deployment domains work without API keys +// +// Domain routing patterns: +// - ns-{namespace}.{baseDomain} -> Namespace gateway (proxy to namespace cluster) +// - {name}-{random}.{baseDomain} -> Deployment domain +// - {name}.{baseDomain} -> Deployment domain (legacy) +// - {name}.node-xxx.{baseDomain} -> Legacy format (deprecated, returns 404 for new deployments) +func (g *Gateway) domainRoutingMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + host := strings.Split(r.Host, ":")[0] // Strip port + + // Get base domain from config (default to dbrs.space) + baseDomain := "dbrs.space" + if g.cfg != nil && g.cfg.BaseDomain != "" { + baseDomain = g.cfg.BaseDomain + } + + // Only process base domain and its subdomains + if !strings.HasSuffix(host, "."+baseDomain) && host != baseDomain { + next.ServeHTTP(w, r) + return + } + + // Check for namespace gateway domain FIRST (before API path skip) + // Namespace subdomains (ns-{name}.{baseDomain}) must be proxied to namespace gateways + // regardless of path — including /v1/ paths + suffix := "." + baseDomain + if strings.HasSuffix(host, suffix) { + subdomain := strings.TrimSuffix(host, suffix) + if strings.HasPrefix(subdomain, "ns-") { + namespaceName := strings.TrimPrefix(subdomain, "ns-") + g.handleNamespaceGatewayRequest(w, r, namespaceName) + return + } + } + + // Skip API paths (they should use JWT/API key auth on the main gateway) + if strings.HasPrefix(r.URL.Path, "/v1/") || strings.HasPrefix(r.URL.Path, "/.well-known/") { + next.ServeHTTP(w, r) + return + } + + // Check if deployment handlers are available + if g.deploymentService == nil || g.staticHandler == nil { + next.ServeHTTP(w, r) + return + } + + // Try to find deployment by domain + deployment, err := g.getDeploymentByDomain(r.Context(), host) + if err != nil { + http.Error(w, "Internal server error", http.StatusInternalServerError) + return + } + if deployment == nil { + // Domain matches .{baseDomain} but no deployment found + http.NotFound(w, r) + return + } + + // Inject deployment context + ctx := context.WithValue(r.Context(), CtxKeyNamespaceOverride, deployment.Namespace) + ctx = context.WithValue(ctx, "deployment", deployment) + + // Route based on deployment type + if deployment.Port == 0 { + // Static deployment - serve from IPFS + g.staticHandler.HandleServe(w, r.WithContext(ctx), deployment) + } else { + // Dynamic deployment - proxy to local port + g.proxyToDynamicDeployment(w, r.WithContext(ctx), deployment) + } + }) +} + +// handleNamespaceGatewayRequest proxies requests to a namespace's dedicated gateway cluster +// This enables physical isolation where each namespace has its own RQLite, Olric, and Gateway +// +// IMPORTANT: This function validates auth against the MAIN cluster RQLite before proxying. +// The validated namespace is passed to the namespace gateway via X-Internal-Auth-* headers. +// This is necessary because namespace gateways have their own isolated RQLite that doesn't +// contain API keys (API keys are stored in the main cluster RQLite only). +func (g *Gateway) handleNamespaceGatewayRequest(w http.ResponseWriter, r *http.Request, namespaceName string) { + // Validate auth against main cluster RQLite BEFORE proxying + // This ensures API keys work even though they're not in the namespace's RQLite + validatedNamespace, authErr := g.validateAuthForNamespaceProxy(r) + if authErr != "" && !isPublicPath(r.URL.Path) { + w.Header().Set("WWW-Authenticate", "Bearer error=\"invalid_token\"") + writeError(w, http.StatusUnauthorized, authErr) + return + } + + // If auth succeeded, ensure the API key belongs to the target namespace + if validatedNamespace != "" && validatedNamespace != namespaceName { + writeError(w, http.StatusForbidden, "API key does not belong to this namespace") + return + } + + // Check middleware cache for namespace gateway targets + type namespaceGatewayTarget struct { + ip string + port int + } + var targets []namespaceGatewayTarget + + if g.mwCache != nil { + if cached, ok := g.mwCache.GetNamespaceTargets(namespaceName); ok { + for _, t := range cached { + targets = append(targets, namespaceGatewayTarget{ip: t.ip, port: t.port}) + } + } + } + + // Cache miss — look up namespace cluster gateway from DB + if len(targets) == 0 { + db := g.client.Database() + internalCtx := client.WithInternalAuth(r.Context()) + + // Query all ready namespace gateways and choose a stable target. + // Random selection causes WS subscribe and publish calls to hit different + // nodes, which makes pubsub delivery flaky for short-lived subscriptions. + query := ` + SELECT COALESCE(dn.internal_ip, dn.ip_address), npa.gateway_http_port + FROM namespace_port_allocations npa + JOIN namespace_clusters nc ON npa.namespace_cluster_id = nc.id + JOIN dns_nodes dn ON npa.node_id = dn.id + WHERE nc.namespace_name = ? AND nc.status = 'ready' + ` + result, err := db.Query(internalCtx, query, namespaceName) + if err != nil || result == nil || len(result.Rows) == 0 { + g.logger.ComponentWarn(logging.ComponentGeneral, "namespace gateway not found", + zap.String("namespace", namespaceName), + ) + http.Error(w, "Namespace gateway not found", http.StatusNotFound) + return + } + + for _, row := range result.Rows { + if len(row) == 0 { + continue + } + ip := getString(row[0]) + if ip == "" { + continue + } + port := 10004 + if len(row) > 1 { + if p := getInt(row[1]); p > 0 { + port = p + } + } + targets = append(targets, namespaceGatewayTarget{ip: ip, port: port}) + } + + // Cache the result for subsequent requests + if g.mwCache != nil && len(targets) > 0 { + cacheTargets := make([]gatewayTarget, len(targets)) + for i, t := range targets { + cacheTargets[i] = gatewayTarget{ip: t.ip, port: t.port} + } + g.mwCache.SetNamespaceTargets(namespaceName, cacheTargets) + } + } + + if len(targets) == 0 { + http.Error(w, "Namespace gateway not available", http.StatusServiceUnavailable) + return + } + + // Keep ordering deterministic before hashing, otherwise DB row order can vary. + sort.Slice(targets, func(i, j int) bool { + if targets[i].ip == targets[j].ip { + return targets[i].port < targets[j].port + } + return targets[i].ip < targets[j].ip + }) + + affinityKey := namespaceName + "|" + validatedNamespace + if apiKey := extractAPIKey(r); apiKey != "" { + affinityKey = namespaceName + "|" + apiKey + } else if authz := strings.TrimSpace(r.Header.Get("Authorization")); authz != "" { + affinityKey = namespaceName + "|" + authz + } else { + affinityKey = namespaceName + "|" + getClientIP(r) + } + hasher := fnv.New32a() + _, _ = hasher.Write([]byte(affinityKey)) + targetIdx := int(hasher.Sum32()) % len(targets) + selected := targets[targetIdx] + gatewayIP := selected.ip + gatewayPort := selected.port + targetHost := gatewayIP + ":" + strconv.Itoa(gatewayPort) + + // Handle WebSocket upgrade requests specially (http.Client can't handle 101 Switching Protocols) + if isWebSocketUpgrade(r) { + // Set forwarding headers on the original request + r.Header.Set("X-Forwarded-For", getClientIP(r)) + r.Header.Set("X-Forwarded-Proto", "https") + r.Header.Set("X-Forwarded-Host", r.Host) + // Set internal auth headers if auth was validated + if validatedNamespace != "" { + r.Header.Set(HeaderInternalAuthValidated, "true") + r.Header.Set(HeaderInternalAuthNamespace, validatedNamespace) + } + r.URL.Scheme = "http" + r.URL.Host = targetHost + r.Host = targetHost + if g.proxyWebSocket(w, r, targetHost) { + return + } + // If WebSocket proxy failed and already wrote error, return + return + } + + // Proxy regular HTTP request to the namespace gateway + targetURL := "http://" + targetHost + r.URL.Path + if r.URL.RawQuery != "" { + targetURL += "?" + r.URL.RawQuery + } + + proxyReq, err := http.NewRequest(r.Method, targetURL, r.Body) + if err != nil { + g.logger.ComponentError(logging.ComponentGeneral, "failed to create namespace gateway proxy request", + zap.String("namespace", namespaceName), + zap.Error(err), + ) + http.Error(w, "Internal server error", http.StatusInternalServerError) + return + } + + // Copy headers + for key, values := range r.Header { + for _, value := range values { + proxyReq.Header.Add(key, value) + } + } + proxyReq.Header.Set("X-Forwarded-For", getClientIP(r)) + proxyReq.Header.Set("X-Forwarded-Proto", "https") + proxyReq.Header.Set("X-Forwarded-Host", r.Host) + proxyReq.Header.Set("X-Original-Host", r.Host) + + // Set internal auth headers if auth was validated by main gateway + // This allows the namespace gateway to trust the authentication + if validatedNamespace != "" { + proxyReq.Header.Set(HeaderInternalAuthValidated, "true") + proxyReq.Header.Set(HeaderInternalAuthNamespace, validatedNamespace) + } + + // Execute proxy request + httpClient := &http.Client{Timeout: 30 * time.Second} + resp, err := httpClient.Do(proxyReq) + if err != nil { + g.logger.ComponentError(logging.ComponentGeneral, "namespace gateway proxy request failed", + zap.String("namespace", namespaceName), + zap.String("target", gatewayIP), + zap.Error(err), + ) + http.Error(w, "Namespace gateway unavailable", http.StatusServiceUnavailable) + return + } + defer resp.Body.Close() + + // Copy response headers + for key, values := range resp.Header { + for _, value := range values { + w.Header().Add(key, value) + } + } + + // Write status code and body + w.WriteHeader(resp.StatusCode) + io.Copy(w, resp.Body) +} + +// getDeploymentByDomain looks up a deployment by its domain +// Supports formats like: +// - {name}-{random}.{baseDomain} (e.g., myapp-f3o4if.dbrs.space) - new format with random suffix +// - {name}.{baseDomain} (e.g., myapp.dbrs.space) - legacy format (backwards compatibility) +// - {name}.node-{shortID}.{baseDomain} (legacy format for backwards compatibility) +// - custom domains via deployment_domains table +func (g *Gateway) getDeploymentByDomain(ctx context.Context, domain string) (*deployments.Deployment, error) { + if g.deploymentService == nil { + return nil, nil + } + + // Strip trailing dot if present + domain = strings.TrimSuffix(domain, ".") + + // Get base domain from config (default to dbrs.space) + baseDomain := "dbrs.space" + if g.cfg != nil && g.cfg.BaseDomain != "" { + baseDomain = g.cfg.BaseDomain + } + + db := g.client.Database() + internalCtx := client.WithInternalAuth(ctx) + + // Parse domain to extract deployment subdomain/name + suffix := "." + baseDomain + if strings.HasSuffix(domain, suffix) { + subdomain := strings.TrimSuffix(domain, suffix) + parts := strings.Split(subdomain, ".") + + // Primary format: {subdomain}.{baseDomain} (e.g., myapp-f3o4if.dbrs.space) + // The subdomain can be either: + // - {name}-{random} (new format) + // - {name} (legacy format) + if len(parts) == 1 { + subdomainOrName := parts[0] + + // First, try to find by subdomain (new format: name-random) + query := ` + SELECT id, namespace, name, type, port, content_cid, status, home_node_id, subdomain + FROM deployments + WHERE subdomain = ? + AND status = 'active' + LIMIT 1 + ` + result, err := db.Query(internalCtx, query, subdomainOrName) + if err == nil && len(result.Rows) > 0 { + row := result.Rows[0] + return &deployments.Deployment{ + ID: getString(row[0]), + Namespace: getString(row[1]), + Name: getString(row[2]), + Type: deployments.DeploymentType(getString(row[3])), + Port: getInt(row[4]), + ContentCID: getString(row[5]), + Status: deployments.DeploymentStatus(getString(row[6])), + HomeNodeID: getString(row[7]), + Subdomain: getString(row[8]), + }, nil + } + + // Fallback: try by name for legacy deployments (without random suffix) + query = ` + SELECT id, namespace, name, type, port, content_cid, status, home_node_id, subdomain + FROM deployments + WHERE name = ? + AND status = 'active' + LIMIT 1 + ` + result, err = db.Query(internalCtx, query, subdomainOrName) + if err == nil && len(result.Rows) > 0 { + row := result.Rows[0] + return &deployments.Deployment{ + ID: getString(row[0]), + Namespace: getString(row[1]), + Name: getString(row[2]), + Type: deployments.DeploymentType(getString(row[3])), + Port: getInt(row[4]), + ContentCID: getString(row[5]), + Status: deployments.DeploymentStatus(getString(row[6])), + HomeNodeID: getString(row[7]), + Subdomain: getString(row[8]), + }, nil + } + } + + // Legacy format: {name}.node-{shortID}.{baseDomain} (backwards compatibility) + if len(parts) == 2 && strings.HasPrefix(parts[1], "node-") { + deploymentName := parts[0] + shortNodeID := parts[1] // e.g., "node-kv4la8" + + // Query by name and matching short node ID + query := ` + SELECT id, namespace, name, type, port, content_cid, status, home_node_id + FROM deployments + WHERE name = ? + AND ('node-' || substr(home_node_id, 9, 6) = ? OR home_node_id = ?) + AND status = 'active' + LIMIT 1 + ` + result, err := db.Query(internalCtx, query, deploymentName, shortNodeID, shortNodeID) + if err == nil && len(result.Rows) > 0 { + row := result.Rows[0] + return &deployments.Deployment{ + ID: getString(row[0]), + Namespace: getString(row[1]), + Name: getString(row[2]), + Type: deployments.DeploymentType(getString(row[3])), + Port: getInt(row[4]), + ContentCID: getString(row[5]), + Status: deployments.DeploymentStatus(getString(row[6])), + HomeNodeID: getString(row[7]), + }, nil + } + } + } + + // Try custom domain from deployment_domains table + query := ` + SELECT d.id, d.namespace, d.name, d.type, d.port, d.content_cid, d.status, d.home_node_id + FROM deployments d + JOIN deployment_domains dd ON d.id = dd.deployment_id + WHERE dd.domain = ? AND dd.verified_at IS NOT NULL + AND d.status = 'active' + LIMIT 1 + ` + result, err := db.Query(internalCtx, query, domain) + if err == nil && len(result.Rows) > 0 { + row := result.Rows[0] + return &deployments.Deployment{ + ID: getString(row[0]), + Namespace: getString(row[1]), + Name: getString(row[2]), + Type: deployments.DeploymentType(getString(row[3])), + Port: getInt(row[4]), + ContentCID: getString(row[5]), + Status: deployments.DeploymentStatus(getString(row[6])), + HomeNodeID: getString(row[7]), + }, nil + } + + return nil, nil +} + +// proxyToDynamicDeployment proxies requests to a dynamic deployment's local port +// If the deployment is on a different node, it forwards the request to that node. +// With replica support, it first checks if the current node is a replica and can +// serve the request locally using the replica's port. +func (g *Gateway) proxyToDynamicDeployment(w http.ResponseWriter, r *http.Request, deployment *deployments.Deployment) { + if deployment.Port == 0 { + http.Error(w, "Deployment has no assigned port", http.StatusServiceUnavailable) + return + } + + // Check if request was already forwarded by another node (loop prevention) + proxyNode := r.Header.Get("X-Orama-Proxy-Node") + + // Check if this deployment is on the current node (primary) + if g.nodePeerID != "" && deployment.HomeNodeID != "" && + deployment.HomeNodeID != g.nodePeerID && proxyNode == "" { + + // Check if this node is a replica and can serve locally + if g.replicaManager != nil { + replicaPort, err := g.replicaManager.GetReplicaPort(r.Context(), deployment.ID, g.nodePeerID) + if err == nil && replicaPort > 0 { + // This node is a replica — serve locally using the replica's port + g.logger.Debug("Serving from local replica", + zap.String("deployment", deployment.Name), + zap.Int("replica_port", replicaPort), + ) + deployment.Port = replicaPort + // Fall through to local proxy below + goto serveLocal + } + } + + // Not a replica on this node — proxy to a healthy replica node + if g.proxyCrossNodeWithReplicas(w, r, deployment) { + return + } + // Fall through if cross-node proxy failed - try local anyway + g.logger.Warn("Cross-node proxy failed, attempting local fallback", + zap.String("deployment", deployment.Name), + zap.String("home_node", deployment.HomeNodeID), + ) + } + +serveLocal: + + // Create a simple reverse proxy to localhost + targetHost := "localhost:" + strconv.Itoa(deployment.Port) + target := "http://" + targetHost + + // Set proxy headers + r.Header.Set("X-Forwarded-For", getClientIP(r)) + r.Header.Set("X-Forwarded-Proto", "https") + r.Header.Set("X-Forwarded-Host", r.Host) + + // Handle WebSocket upgrade requests specially + if isWebSocketUpgrade(r) { + r.URL.Scheme = "http" + r.URL.Host = targetHost + r.Host = targetHost + if g.proxyWebSocket(w, r, targetHost) { + return + } + // WebSocket proxy failed - try cross-node replicas as fallback + if g.replicaManager != nil { + if g.proxyCrossNodeWithReplicas(w, r, deployment) { + return + } + } + http.Error(w, "WebSocket connection failed", http.StatusServiceUnavailable) + return + } + + // Create a new request to the backend + backendURL := target + r.URL.Path + if r.URL.RawQuery != "" { + backendURL += "?" + r.URL.RawQuery + } + + proxyReq, err := http.NewRequest(r.Method, backendURL, r.Body) + if err != nil { + http.Error(w, "Failed to create proxy request", http.StatusInternalServerError) + return + } + + // Copy headers + for key, values := range r.Header { + for _, value := range values { + proxyReq.Header.Add(key, value) + } + } + + // Execute proxy request + httpClient := &http.Client{Timeout: 30 * time.Second} + resp, err := httpClient.Do(proxyReq) + if err != nil { + g.logger.ComponentError(logging.ComponentGeneral, "local proxy request failed", + zap.String("target", target), + zap.Error(err), + ) + + // Local process is down — try other replica nodes before giving up + if g.replicaManager != nil { + if g.proxyCrossNodeWithReplicas(w, r, deployment) { + return + } + } + + http.Error(w, "Service unavailable", http.StatusServiceUnavailable) + return + } + defer resp.Body.Close() + + // Copy response headers + for key, values := range resp.Header { + for _, value := range values { + w.Header().Add(key, value) + } + } + + // Write status code and body + w.WriteHeader(resp.StatusCode) + if _, err := w.(io.Writer).Write([]byte{}); err == nil { + io.Copy(w, resp.Body) + } +} + +// proxyCrossNode forwards a request to the home node of a deployment +// Returns true if the request was successfully forwarded, false otherwise +func (g *Gateway) proxyCrossNode(w http.ResponseWriter, r *http.Request, deployment *deployments.Deployment) bool { + // Get home node IP from dns_nodes table + db := g.client.Database() + internalCtx := client.WithInternalAuth(r.Context()) + + query := "SELECT COALESCE(internal_ip, ip_address) FROM dns_nodes WHERE id = ? LIMIT 1" + result, err := db.Query(internalCtx, query, deployment.HomeNodeID) + if err != nil || result == nil || len(result.Rows) == 0 { + g.logger.Warn("Failed to get home node IP", + zap.String("home_node_id", deployment.HomeNodeID), + zap.Error(err)) + return false + } + + homeIP := getString(result.Rows[0][0]) + if homeIP == "" { + g.logger.Warn("Home node IP is empty", zap.String("home_node_id", deployment.HomeNodeID)) + return false + } + + g.logger.Info("Proxying request to home node", + zap.String("deployment", deployment.Name), + zap.String("home_node_id", deployment.HomeNodeID), + zap.String("home_ip", homeIP), + zap.String("current_node", g.nodePeerID), + ) + + // Proxy to home node via internal HTTP port (6001) + // This is node-to-node internal communication - no TLS needed + targetHost := homeIP + ":6001" + + // Handle WebSocket upgrade requests specially + if isWebSocketUpgrade(r) { + r.Header.Set("X-Forwarded-For", getClientIP(r)) + r.Header.Set("X-Orama-Proxy-Node", g.nodePeerID) + r.URL.Scheme = "http" + r.URL.Host = targetHost + // Keep original Host header for domain routing + return g.proxyWebSocket(w, r, targetHost) + } + + targetURL := "http://" + targetHost + r.URL.Path + if r.URL.RawQuery != "" { + targetURL += "?" + r.URL.RawQuery + } + + proxyReq, err := http.NewRequest(r.Method, targetURL, r.Body) + if err != nil { + g.logger.Error("Failed to create cross-node proxy request", zap.Error(err)) + return false + } + + // Copy headers and set Host header to original domain for routing + for key, values := range r.Header { + for _, value := range values { + proxyReq.Header.Add(key, value) + } + } + proxyReq.Host = r.Host // Keep original host for domain routing on target node + proxyReq.Header.Set("X-Forwarded-For", getClientIP(r)) + proxyReq.Header.Set("X-Orama-Proxy-Node", g.nodePeerID) // Prevent loops + + // Simple HTTP client for internal node-to-node communication + httpClient := &http.Client{ + Timeout: 120 * time.Second, + } + + resp, err := httpClient.Do(proxyReq) + if err != nil { + g.logger.Error("Cross-node proxy request failed", + zap.String("target_ip", homeIP), + zap.String("host", r.Host), + zap.Error(err)) + return false + } + defer resp.Body.Close() + + // Copy response headers + for key, values := range resp.Header { + for _, value := range values { + w.Header().Add(key, value) + } + } + + // Write status code and body + w.WriteHeader(resp.StatusCode) + io.Copy(w, resp.Body) + + return true +} + +// proxyCrossNodeWithReplicas tries to proxy a request to any healthy replica node. +// It first tries the primary (home node), then falls back to other replicas. +// Returns true if the request was successfully proxied. +func (g *Gateway) proxyCrossNodeWithReplicas(w http.ResponseWriter, r *http.Request, deployment *deployments.Deployment) bool { + if g.replicaManager == nil { + // No replica manager — fall back to original single-node proxy + return g.proxyCrossNode(w, r, deployment) + } + + // Get all active replica nodes + replicaNodes, err := g.replicaManager.GetActiveReplicaNodes(r.Context(), deployment.ID) + if err != nil || len(replicaNodes) == 0 { + // Fall back to original home node proxy + return g.proxyCrossNode(w, r, deployment) + } + + // Try each replica node (primary first if present) + for _, nodeID := range replicaNodes { + if nodeID == g.nodePeerID { + continue // Skip self + } + + nodeIP, err := g.replicaManager.GetNodeIP(r.Context(), nodeID) + if err != nil { + g.logger.Warn("Failed to get replica node IP", + zap.String("node_id", nodeID), + zap.Error(err), + ) + continue + } + + // Proxy using the same logic as proxyCrossNode + proxyDeployment := *deployment + proxyDeployment.HomeNodeID = nodeID + if g.proxyCrossNodeToIP(w, r, &proxyDeployment, nodeIP) { + return true + } + } + + return false +} + +// proxyCrossNodeToIP forwards a request to a specific node IP. +// This is a variant of proxyCrossNode that takes a resolved IP directly. +func (g *Gateway) proxyCrossNodeToIP(w http.ResponseWriter, r *http.Request, deployment *deployments.Deployment, nodeIP string) bool { + g.logger.Info("Proxying request to replica node", + zap.String("deployment", deployment.Name), + zap.String("node_id", deployment.HomeNodeID), + zap.String("node_ip", nodeIP), + ) + + targetHost := nodeIP + ":6001" + + // Handle WebSocket upgrade requests specially + if isWebSocketUpgrade(r) { + r.Header.Set("X-Forwarded-For", getClientIP(r)) + r.Header.Set("X-Orama-Proxy-Node", g.nodePeerID) + r.URL.Scheme = "http" + r.URL.Host = targetHost + return g.proxyWebSocket(w, r, targetHost) + } + + targetURL := "http://" + targetHost + r.URL.Path + if r.URL.RawQuery != "" { + targetURL += "?" + r.URL.RawQuery + } + + proxyReq, err := http.NewRequest(r.Method, targetURL, r.Body) + if err != nil { + g.logger.Error("Failed to create cross-node proxy request", zap.Error(err)) + return false + } + + for key, values := range r.Header { + for _, value := range values { + proxyReq.Header.Add(key, value) + } + } + proxyReq.Host = r.Host + proxyReq.Header.Set("X-Forwarded-For", getClientIP(r)) + proxyReq.Header.Set("X-Orama-Proxy-Node", g.nodePeerID) + + httpClient := &http.Client{Timeout: 5 * time.Second} + resp, err := httpClient.Do(proxyReq) + if err != nil { + g.logger.Warn("Replica proxy request failed", + zap.String("target_ip", nodeIP), + zap.Error(err), + ) + return false + } + defer resp.Body.Close() + + // If the remote node returned a gateway error, try the next replica + if resp.StatusCode == http.StatusBadGateway || resp.StatusCode == http.StatusServiceUnavailable || resp.StatusCode == http.StatusGatewayTimeout { + g.logger.Warn("Replica returned gateway error, trying next", + zap.String("target_ip", nodeIP), + zap.Int("status", resp.StatusCode), + ) + return false + } + + for key, values := range resp.Header { + for _, value := range values { + w.Header().Add(key, value) + } + } + w.WriteHeader(resp.StatusCode) + io.Copy(w, resp.Body) + + return true +} + +// Helper functions for type conversion +func getString(v interface{}) string { + if s, ok := v.(string); ok { + return s + } + return "" +} + +func getInt(v interface{}) int { + if i, ok := v.(int); ok { + return i + } + if i, ok := v.(int64); ok { + return int(i) + } + if f, ok := v.(float64); ok { + return int(f) + } + return 0 +} diff --git a/pkg/gateway/middleware_cache.go b/pkg/gateway/middleware_cache.go new file mode 100644 index 0000000..fab8bcb --- /dev/null +++ b/pkg/gateway/middleware_cache.go @@ -0,0 +1,121 @@ +package gateway + +import ( + "sync" + "time" +) + +// middlewareCache provides in-memory TTL caching for frequently-queried middleware +// data that rarely changes. This eliminates redundant RQLite round-trips for: +// - API key → namespace lookups (authMiddleware, validateAuthForNamespaceProxy) +// - Namespace → gateway targets (handleNamespaceGatewayRequest) +type middlewareCache struct { + // apiKeyToNamespace caches API key → namespace name mappings. + // These rarely change and are looked up on every authenticated request. + apiKeyNS map[string]*cachedValue + apiKeyNSMu sync.RWMutex + + // nsGatewayTargets caches namespace → []gatewayTarget for namespace routing. + // Updated infrequently (only when namespace clusters change). + nsTargets map[string]*cachedGatewayTargets + nsTargetsMu sync.RWMutex + + ttl time.Duration +} + +type cachedValue struct { + value string + expiresAt time.Time +} + +type gatewayTarget struct { + ip string + port int +} + +type cachedGatewayTargets struct { + targets []gatewayTarget + expiresAt time.Time +} + +func newMiddlewareCache(ttl time.Duration) *middlewareCache { + mc := &middlewareCache{ + apiKeyNS: make(map[string]*cachedValue), + nsTargets: make(map[string]*cachedGatewayTargets), + ttl: ttl, + } + go mc.cleanup() + return mc +} + +// GetAPIKeyNamespace returns the cached namespace for an API key, or "" if not cached/expired. +func (mc *middlewareCache) GetAPIKeyNamespace(apiKey string) (string, bool) { + mc.apiKeyNSMu.RLock() + defer mc.apiKeyNSMu.RUnlock() + + entry, ok := mc.apiKeyNS[apiKey] + if !ok || time.Now().After(entry.expiresAt) { + return "", false + } + return entry.value, true +} + +// SetAPIKeyNamespace caches an API key → namespace mapping. +func (mc *middlewareCache) SetAPIKeyNamespace(apiKey, namespace string) { + mc.apiKeyNSMu.Lock() + defer mc.apiKeyNSMu.Unlock() + + mc.apiKeyNS[apiKey] = &cachedValue{ + value: namespace, + expiresAt: time.Now().Add(mc.ttl), + } +} + +// GetNamespaceTargets returns cached gateway targets for a namespace, or nil if not cached/expired. +func (mc *middlewareCache) GetNamespaceTargets(namespace string) ([]gatewayTarget, bool) { + mc.nsTargetsMu.RLock() + defer mc.nsTargetsMu.RUnlock() + + entry, ok := mc.nsTargets[namespace] + if !ok || time.Now().After(entry.expiresAt) { + return nil, false + } + return entry.targets, true +} + +// SetNamespaceTargets caches namespace gateway targets. +func (mc *middlewareCache) SetNamespaceTargets(namespace string, targets []gatewayTarget) { + mc.nsTargetsMu.Lock() + defer mc.nsTargetsMu.Unlock() + + mc.nsTargets[namespace] = &cachedGatewayTargets{ + targets: targets, + expiresAt: time.Now().Add(mc.ttl), + } +} + +// cleanup periodically removes expired entries to prevent memory leaks. +func (mc *middlewareCache) cleanup() { + ticker := time.NewTicker(2 * time.Minute) + defer ticker.Stop() + + for range ticker.C { + now := time.Now() + + mc.apiKeyNSMu.Lock() + for k, v := range mc.apiKeyNS { + if now.After(v.expiresAt) { + delete(mc.apiKeyNS, k) + } + } + mc.apiKeyNSMu.Unlock() + + mc.nsTargetsMu.Lock() + for k, v := range mc.nsTargets { + if now.After(v.expiresAt) { + delete(mc.nsTargets, k) + } + } + mc.nsTargetsMu.Unlock() + } +} diff --git a/pkg/gateway/middleware_test.go b/pkg/gateway/middleware_test.go index 91e2b5a..7202445 100644 --- a/pkg/gateway/middleware_test.go +++ b/pkg/gateway/middleware_test.go @@ -26,3 +26,110 @@ func TestExtractAPIKey(t *testing.T) { t.Fatalf("got %q", got) } } + +// TestDomainRoutingMiddleware_NonDebrosNetwork tests that non-debros domains pass through +func TestDomainRoutingMiddleware_NonDebrosNetwork(t *testing.T) { + nextCalled := false + next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + nextCalled = true + w.WriteHeader(http.StatusOK) + }) + + g := &Gateway{} + middleware := g.domainRoutingMiddleware(next) + + req := httptest.NewRequest("GET", "/", nil) + req.Host = "example.com" + + rr := httptest.NewRecorder() + middleware.ServeHTTP(rr, req) + + if !nextCalled { + t.Error("Expected next handler to be called for non-debros domain") + } + + if rr.Code != http.StatusOK { + t.Errorf("Expected status 200, got %d", rr.Code) + } +} + +// TestDomainRoutingMiddleware_APIPathBypass tests that /v1/ paths bypass routing +func TestDomainRoutingMiddleware_APIPathBypass(t *testing.T) { + nextCalled := false + next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + nextCalled = true + w.WriteHeader(http.StatusOK) + }) + + g := &Gateway{} + middleware := g.domainRoutingMiddleware(next) + + req := httptest.NewRequest("GET", "/v1/deployments/list", nil) + req.Host = "myapp.orama.network" + + rr := httptest.NewRecorder() + middleware.ServeHTTP(rr, req) + + if !nextCalled { + t.Error("Expected next handler to be called for /v1/ path") + } + + if rr.Code != http.StatusOK { + t.Errorf("Expected status 200, got %d", rr.Code) + } +} + +// TestDomainRoutingMiddleware_WellKnownBypass tests that /.well-known/ paths bypass routing +func TestDomainRoutingMiddleware_WellKnownBypass(t *testing.T) { + nextCalled := false + next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + nextCalled = true + w.WriteHeader(http.StatusOK) + }) + + g := &Gateway{} + middleware := g.domainRoutingMiddleware(next) + + req := httptest.NewRequest("GET", "/.well-known/acme-challenge/test", nil) + req.Host = "myapp.orama.network" + + rr := httptest.NewRecorder() + middleware.ServeHTTP(rr, req) + + if !nextCalled { + t.Error("Expected next handler to be called for /.well-known/ path") + } + + if rr.Code != http.StatusOK { + t.Errorf("Expected status 200, got %d", rr.Code) + } +} + +// TestDomainRoutingMiddleware_NoDeploymentService tests graceful handling when deployment service is nil +func TestDomainRoutingMiddleware_NoDeploymentService(t *testing.T) { + nextCalled := false + next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + nextCalled = true + w.WriteHeader(http.StatusOK) + }) + + g := &Gateway{ + // deploymentService is nil + staticHandler: nil, + } + middleware := g.domainRoutingMiddleware(next) + + req := httptest.NewRequest("GET", "/", nil) + req.Host = "myapp.orama.network" + + rr := httptest.NewRecorder() + middleware.ServeHTTP(rr, req) + + if !nextCalled { + t.Error("Expected next handler to be called when deployment service is nil") + } + + if rr.Code != http.StatusOK { + t.Errorf("Expected status 200, got %d", rr.Code) + } +} diff --git a/pkg/gateway/peer_discovery.go b/pkg/gateway/peer_discovery.go new file mode 100644 index 0000000..e6f82d9 --- /dev/null +++ b/pkg/gateway/peer_discovery.go @@ -0,0 +1,433 @@ +package gateway + +import ( + "context" + "database/sql" + "fmt" + "os" + "os/exec" + "strings" + "time" + + "github.com/libp2p/go-libp2p/core/host" + "github.com/libp2p/go-libp2p/core/peer" + "github.com/multiformats/go-multiaddr" + "go.uber.org/zap" +) + +// PeerDiscovery manages namespace gateway peer discovery via RQLite +type PeerDiscovery struct { + host host.Host + rqliteDB *sql.DB + nodeID string + listenPort int + namespace string + logger *zap.Logger + + // Stop channel for background goroutines + stopCh chan struct{} +} + +// NewPeerDiscovery creates a new peer discovery manager +func NewPeerDiscovery(h host.Host, rqliteDB *sql.DB, nodeID string, listenPort int, namespace string, logger *zap.Logger) *PeerDiscovery { + return &PeerDiscovery{ + host: h, + rqliteDB: rqliteDB, + nodeID: nodeID, + listenPort: listenPort, + namespace: namespace, + logger: logger, + stopCh: make(chan struct{}), + } +} + +// Start initializes the peer discovery system +func (pd *PeerDiscovery) Start(ctx context.Context) error { + pd.logger.Info("Starting peer discovery", + zap.String("namespace", pd.namespace), + zap.String("peer_id", pd.host.ID().String()), + zap.String("node_id", pd.nodeID)) + + // 1. Create discovery table if it doesn't exist + if err := pd.initTable(ctx); err != nil { + return fmt.Errorf("failed to initialize discovery table: %w", err) + } + + // 2. Register ourselves + if err := pd.registerSelf(ctx); err != nil { + return fmt.Errorf("failed to register self: %w", err) + } + + // 3. Discover and connect to existing peers + if err := pd.discoverPeers(ctx); err != nil { + pd.logger.Warn("Initial peer discovery failed (will retry in background)", + zap.Error(err)) + } + + // 4. Start background goroutines + go pd.heartbeatLoop(ctx) + go pd.discoveryLoop(ctx) + + pd.logger.Info("Peer discovery started successfully", + zap.String("namespace", pd.namespace)) + + return nil +} + +// Stop stops the peer discovery system +func (pd *PeerDiscovery) Stop(ctx context.Context) error { + pd.logger.Info("Stopping peer discovery", + zap.String("namespace", pd.namespace)) + + // Signal background goroutines to stop + close(pd.stopCh) + + // Unregister ourselves from the discovery table + if err := pd.unregisterSelf(ctx); err != nil { + pd.logger.Warn("Failed to unregister self from discovery table", + zap.Error(err)) + } + + pd.logger.Info("Peer discovery stopped", + zap.String("namespace", pd.namespace)) + + return nil +} + +// initTable creates the peer discovery table if it doesn't exist +func (pd *PeerDiscovery) initTable(ctx context.Context) error { + query := ` + CREATE TABLE IF NOT EXISTS _namespace_libp2p_peers ( + peer_id TEXT PRIMARY KEY, + multiaddr TEXT NOT NULL, + node_id TEXT NOT NULL, + listen_port INTEGER NOT NULL, + namespace TEXT NOT NULL, + last_seen TIMESTAMP NOT NULL + ) + ` + + _, err := pd.rqliteDB.ExecContext(ctx, query) + if err != nil { + return fmt.Errorf("failed to create discovery table: %w", err) + } + + pd.logger.Debug("Peer discovery table initialized", + zap.String("namespace", pd.namespace)) + + return nil +} + +// registerSelf registers this gateway in the discovery table +func (pd *PeerDiscovery) registerSelf(ctx context.Context) error { + peerID := pd.host.ID().String() + + // Get WireGuard IP from host addresses + wireguardIP, err := pd.getWireGuardIP() + if err != nil { + return fmt.Errorf("failed to get WireGuard IP: %w", err) + } + + // Build multiaddr: /ip4//tcp//p2p/ + multiaddr := fmt.Sprintf("/ip4/%s/tcp/%d/p2p/%s", wireguardIP, pd.listenPort, peerID) + + query := ` + INSERT OR REPLACE INTO _namespace_libp2p_peers + (peer_id, multiaddr, node_id, listen_port, namespace, last_seen) + VALUES (?, ?, ?, ?, ?, ?) + ` + + _, err = pd.rqliteDB.ExecContext(ctx, query, + peerID, + multiaddr, + pd.nodeID, + pd.listenPort, + pd.namespace, + time.Now().UTC()) + + if err != nil { + return fmt.Errorf("failed to register self in discovery table: %w", err) + } + + pd.logger.Info("Registered self in peer discovery", + zap.String("peer_id", peerID), + zap.String("multiaddr", multiaddr), + zap.String("node_id", pd.nodeID)) + + return nil +} + +// unregisterSelf removes this gateway from the discovery table +func (pd *PeerDiscovery) unregisterSelf(ctx context.Context) error { + peerID := pd.host.ID().String() + + query := `DELETE FROM _namespace_libp2p_peers WHERE peer_id = ?` + + _, err := pd.rqliteDB.ExecContext(ctx, query, peerID) + if err != nil { + return fmt.Errorf("failed to unregister self: %w", err) + } + + pd.logger.Info("Unregistered self from peer discovery", + zap.String("peer_id", peerID)) + + return nil +} + +// discoverPeers queries RQLite for other namespace gateways and connects to them +func (pd *PeerDiscovery) discoverPeers(ctx context.Context) error { + myPeerID := pd.host.ID().String() + + // Query for peers that have been seen in the last 5 minutes + query := ` + SELECT peer_id, multiaddr, node_id + FROM _namespace_libp2p_peers + WHERE peer_id != ? + AND namespace = ? + AND last_seen > datetime('now', '-5 minutes') + ` + + rows, err := pd.rqliteDB.QueryContext(ctx, query, myPeerID, pd.namespace) + if err != nil { + return fmt.Errorf("failed to query peers: %w", err) + } + defer rows.Close() + + discoveredCount := 0 + connectedCount := 0 + + for rows.Next() { + var peerID, multiaddrStr, nodeID string + if err := rows.Scan(&peerID, &multiaddrStr, &nodeID); err != nil { + pd.logger.Warn("Failed to scan peer row", zap.Error(err)) + continue + } + + discoveredCount++ + + // Parse peer ID + remotePeerID, err := peer.Decode(peerID) + if err != nil { + pd.logger.Warn("Failed to decode peer ID", + zap.String("peer_id", peerID), + zap.Error(err)) + continue + } + + // Parse multiaddr + maddr, err := multiaddr.NewMultiaddr(multiaddrStr) + if err != nil { + pd.logger.Warn("Failed to parse multiaddr", + zap.String("multiaddr", multiaddrStr), + zap.Error(err)) + continue + } + + // Check if already connected + connectedness := pd.host.Network().Connectedness(remotePeerID) + if connectedness == 1 { // Connected + pd.logger.Debug("Already connected to peer", + zap.String("peer_id", peerID), + zap.String("node_id", nodeID)) + connectedCount++ + continue + } + + // Convert multiaddr to peer.AddrInfo + addrInfo, err := peer.AddrInfoFromP2pAddr(maddr) + if err != nil { + pd.logger.Warn("Failed to create AddrInfo", + zap.String("multiaddr", multiaddrStr), + zap.Error(err)) + continue + } + + // Connect to peer + connectCtx, cancel := context.WithTimeout(ctx, 10*time.Second) + err = pd.host.Connect(connectCtx, *addrInfo) + cancel() + + if err != nil { + pd.logger.Warn("Failed to connect to peer", + zap.String("peer_id", peerID), + zap.String("node_id", nodeID), + zap.String("multiaddr", multiaddrStr), + zap.Error(err)) + continue + } + + pd.logger.Info("Connected to namespace gateway peer", + zap.String("peer_id", peerID), + zap.String("node_id", nodeID), + zap.String("multiaddr", multiaddrStr)) + + connectedCount++ + } + + if err := rows.Err(); err != nil { + return fmt.Errorf("error iterating peer rows: %w", err) + } + + pd.logger.Info("Peer discovery completed", + zap.Int("discovered", discoveredCount), + zap.Int("connected", connectedCount)) + + return nil +} + +// heartbeatLoop periodically updates the last_seen timestamp +func (pd *PeerDiscovery) heartbeatLoop(ctx context.Context) { + ticker := time.NewTicker(30 * time.Second) + defer ticker.Stop() + + for { + select { + case <-pd.stopCh: + return + case <-ctx.Done(): + return + case <-ticker.C: + if err := pd.updateHeartbeat(ctx); err != nil { + pd.logger.Warn("Failed to update heartbeat", + zap.Error(err)) + } + } + } +} + +// discoveryLoop periodically discovers new peers +func (pd *PeerDiscovery) discoveryLoop(ctx context.Context) { + ticker := time.NewTicker(60 * time.Second) + defer ticker.Stop() + + for { + select { + case <-pd.stopCh: + return + case <-ctx.Done(): + return + case <-ticker.C: + if err := pd.discoverPeers(ctx); err != nil { + pd.logger.Warn("Periodic peer discovery failed", + zap.Error(err)) + } + } + } +} + +// updateHeartbeat updates the last_seen timestamp for this gateway +func (pd *PeerDiscovery) updateHeartbeat(ctx context.Context) error { + peerID := pd.host.ID().String() + + query := ` + UPDATE _namespace_libp2p_peers + SET last_seen = ? + WHERE peer_id = ? + ` + + _, err := pd.rqliteDB.ExecContext(ctx, query, time.Now().UTC(), peerID) + if err != nil { + return fmt.Errorf("failed to update heartbeat: %w", err) + } + + pd.logger.Debug("Updated heartbeat", + zap.String("peer_id", peerID)) + + return nil +} + +// getWireGuardIP extracts the WireGuard IP from the WireGuard interface +func (pd *PeerDiscovery) getWireGuardIP() (string, error) { + // Method 1: Use 'ip addr show wg0' command (works without root) + ip, err := pd.getWireGuardIPFromInterface() + if err == nil { + pd.logger.Info("Found WireGuard IP from network interface", + zap.String("ip", ip)) + return ip, nil + } + pd.logger.Debug("Failed to get WireGuard IP from interface", zap.Error(err)) + + // Method 2: Try to read from WireGuard config file (requires root, may fail) + configPath := "/etc/wireguard/wg0.conf" + data, err := os.ReadFile(configPath) + if err == nil { + // Parse Address line from config + lines := strings.Split(string(data), "\n") + for _, line := range lines { + line = strings.TrimSpace(line) + if strings.HasPrefix(line, "Address") { + // Format: Address = 10.0.0.X/24 + parts := strings.Split(line, "=") + if len(parts) == 2 { + addrWithCIDR := strings.TrimSpace(parts[1]) + // Remove /24 suffix + ip := strings.Split(addrWithCIDR, "/")[0] + ip = strings.TrimSpace(ip) + pd.logger.Info("Found WireGuard IP from config", + zap.String("ip", ip)) + return ip, nil + } + } + } + } + pd.logger.Debug("Failed to read WireGuard config", zap.Error(err)) + + // Method 3: Fallback - Try to get from libp2p host addresses + for _, addr := range pd.host.Addrs() { + addrStr := addr.String() + // Look for /ip4/10.0.0.x pattern + if len(addrStr) > 10 && addrStr[:9] == "/ip4/10.0" { + // Extract IP address + parts := addr.String() + // Parse /ip4//... format + if len(parts) > 5 { + // Find the IP between /ip4/ and next / + start := 5 // after "/ip4/" + end := start + for end < len(parts) && parts[end] != '/' { + end++ + } + if end > start { + ip := parts[start:end] + pd.logger.Info("Found WireGuard IP from libp2p addresses", + zap.String("ip", ip)) + return ip, nil + } + } + } + } + + return "", fmt.Errorf("could not determine WireGuard IP") +} + +// getWireGuardIPFromInterface gets the WireGuard IP using 'ip addr show wg0' +func (pd *PeerDiscovery) getWireGuardIPFromInterface() (string, error) { + cmd := exec.Command("ip", "addr", "show", "wg0") + output, err := cmd.Output() + if err != nil { + return "", fmt.Errorf("failed to run 'ip addr show wg0': %w", err) + } + + // Parse output to find inet line + // Example: " inet 10.0.0.4/24 scope global wg0" + lines := strings.Split(string(output), "\n") + for _, line := range lines { + line = strings.TrimSpace(line) + if strings.HasPrefix(line, "inet ") && !strings.Contains(line, "inet6") { + // Extract IP address (first field after "inet ") + fields := strings.Fields(line) + if len(fields) >= 2 { + // Remove CIDR notation (/24) + addrWithCIDR := fields[1] + ip := strings.Split(addrWithCIDR, "/")[0] + + // Verify it's a 10.0.0.x address + if strings.HasPrefix(ip, "10.0.0.") { + return ip, nil + } + } + } + } + + return "", fmt.Errorf("could not find WireGuard IP in 'ip addr show wg0' output") +} diff --git a/pkg/gateway/rate_limiter.go b/pkg/gateway/rate_limiter.go new file mode 100644 index 0000000..f380a46 --- /dev/null +++ b/pkg/gateway/rate_limiter.go @@ -0,0 +1,129 @@ +package gateway + +import ( + "net" + "net/http" + "strings" + "sync" + "time" +) + +// RateLimiter implements a token-bucket rate limiter per client IP. +type RateLimiter struct { + mu sync.Mutex + clients map[string]*bucket + rate float64 // tokens per second + burst int // max tokens (burst capacity) +} + +type bucket struct { + tokens float64 + lastCheck time.Time +} + +// NewRateLimiter creates a rate limiter. ratePerMinute is the sustained rate; +// burst is the maximum number of requests that can be made in a short window. +func NewRateLimiter(ratePerMinute, burst int) *RateLimiter { + return &RateLimiter{ + clients: make(map[string]*bucket), + rate: float64(ratePerMinute) / 60.0, + burst: burst, + } +} + +// Allow checks if a request from the given IP should be allowed. +func (rl *RateLimiter) Allow(ip string) bool { + rl.mu.Lock() + defer rl.mu.Unlock() + + now := time.Now() + b, exists := rl.clients[ip] + if !exists { + rl.clients[ip] = &bucket{tokens: float64(rl.burst) - 1, lastCheck: now} + return true + } + + // Refill tokens based on elapsed time + elapsed := now.Sub(b.lastCheck).Seconds() + b.tokens += elapsed * rl.rate + if b.tokens > float64(rl.burst) { + b.tokens = float64(rl.burst) + } + b.lastCheck = now + + if b.tokens >= 1 { + b.tokens-- + return true + } + return false +} + +// Cleanup removes stale entries older than the given duration. +func (rl *RateLimiter) Cleanup(maxAge time.Duration) { + rl.mu.Lock() + defer rl.mu.Unlock() + + cutoff := time.Now().Add(-maxAge) + for ip, b := range rl.clients { + if b.lastCheck.Before(cutoff) { + delete(rl.clients, ip) + } + } +} + +// StartCleanup runs periodic cleanup in a goroutine. +func (rl *RateLimiter) StartCleanup(interval, maxAge time.Duration) { + go func() { + ticker := time.NewTicker(interval) + defer ticker.Stop() + for range ticker.C { + rl.Cleanup(maxAge) + } + }() +} + +// rateLimitMiddleware returns 429 when a client exceeds the rate limit. +// Internal traffic from the WireGuard subnet (10.0.0.0/8) is exempt. +func (g *Gateway) rateLimitMiddleware(next http.Handler) http.Handler { + if g.rateLimiter == nil { + return next + } + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ip := getClientIP(r) + + // Exempt internal cluster traffic (WireGuard subnet) + if isInternalIP(ip) { + next.ServeHTTP(w, r) + return + } + + if !g.rateLimiter.Allow(ip) { + w.Header().Set("Retry-After", "5") + http.Error(w, "rate limit exceeded", http.StatusTooManyRequests) + return + } + next.ServeHTTP(w, r) + }) +} + +// isInternalIP returns true if the IP is in the WireGuard 10.0.0.0/8 subnet +// or is a loopback address. +func isInternalIP(ipStr string) bool { + // Strip port if present + if strings.Contains(ipStr, ":") { + host, _, err := net.SplitHostPort(ipStr) + if err == nil { + ipStr = host + } + } + ip := net.ParseIP(ipStr) + if ip == nil { + return false + } + if ip.IsLoopback() { + return true + } + // 10.0.0.0/8 — WireGuard mesh + _, wgNet, _ := net.ParseCIDR("10.0.0.0/8") + return wgNet.Contains(ip) +} diff --git a/pkg/gateway/rate_limiter_test.go b/pkg/gateway/rate_limiter_test.go new file mode 100644 index 0000000..168f6e8 --- /dev/null +++ b/pkg/gateway/rate_limiter_test.go @@ -0,0 +1,197 @@ +package gateway + +import ( + "net/http" + "net/http/httptest" + "sync" + "testing" + "time" +) + +func TestRateLimiter_AllowsUnderLimit(t *testing.T) { + rl := NewRateLimiter(60, 10) // 1/sec, burst 10 + for i := 0; i < 10; i++ { + if !rl.Allow("1.2.3.4") { + t.Fatalf("request %d should be allowed (within burst)", i) + } + } +} + +func TestRateLimiter_BlocksOverLimit(t *testing.T) { + rl := NewRateLimiter(60, 5) // 1/sec, burst 5 + // Exhaust burst + for i := 0; i < 5; i++ { + rl.Allow("1.2.3.4") + } + if rl.Allow("1.2.3.4") { + t.Fatal("request after burst should be blocked") + } +} + +func TestRateLimiter_RefillsOverTime(t *testing.T) { + rl := NewRateLimiter(6000, 5) // 100/sec, burst 5 + // Exhaust burst + for i := 0; i < 5; i++ { + rl.Allow("1.2.3.4") + } + if rl.Allow("1.2.3.4") { + t.Fatal("should be blocked after burst") + } + // Wait for refill + time.Sleep(100 * time.Millisecond) + if !rl.Allow("1.2.3.4") { + t.Fatal("should be allowed after refill") + } +} + +func TestRateLimiter_PerIPIsolation(t *testing.T) { + rl := NewRateLimiter(60, 2) + // Exhaust IP A + rl.Allow("1.1.1.1") + rl.Allow("1.1.1.1") + if rl.Allow("1.1.1.1") { + t.Fatal("IP A should be blocked") + } + // IP B should still be allowed + if !rl.Allow("2.2.2.2") { + t.Fatal("IP B should be allowed") + } +} + +func TestRateLimiter_Cleanup(t *testing.T) { + rl := NewRateLimiter(60, 10) + rl.Allow("old-ip") + // Force the entry to be old + rl.mu.Lock() + rl.clients["old-ip"].lastCheck = time.Now().Add(-20 * time.Minute) + rl.mu.Unlock() + + rl.Cleanup(10 * time.Minute) + + rl.mu.Lock() + _, exists := rl.clients["old-ip"] + rl.mu.Unlock() + if exists { + t.Fatal("stale entry should have been cleaned up") + } +} + +func TestRateLimiter_ConcurrentAccess(t *testing.T) { + rl := NewRateLimiter(60000, 100) // high limit to avoid false failures + var wg sync.WaitGroup + for i := 0; i < 50; i++ { + wg.Add(1) + go func() { + defer wg.Done() + for j := 0; j < 10; j++ { + rl.Allow("concurrent-ip") + } + }() + } + wg.Wait() +} + +func TestIsInternalIP(t *testing.T) { + tests := []struct { + ip string + internal bool + }{ + {"10.0.0.1", true}, + {"10.0.0.254", true}, + {"10.255.255.255", true}, + {"127.0.0.1", true}, + {"192.168.1.1", false}, + {"8.8.8.8", false}, + {"141.227.165.168", false}, + } + for _, tt := range tests { + if got := isInternalIP(tt.ip); got != tt.internal { + t.Errorf("isInternalIP(%q) = %v, want %v", tt.ip, got, tt.internal) + } + } +} + +func TestSecurityHeaders(t *testing.T) { + gw := &Gateway{} + handler := gw.securityHeadersMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + })) + + req := httptest.NewRequest("GET", "/test", nil) + req.Header.Set("X-Forwarded-Proto", "https") + w := httptest.NewRecorder() + handler.ServeHTTP(w, req) + + expected := map[string]string{ + "X-Content-Type-Options": "nosniff", + "X-Frame-Options": "DENY", + "X-XSS-Protection": "0", + "Referrer-Policy": "strict-origin-when-cross-origin", + "Strict-Transport-Security": "max-age=31536000; includeSubDomains", + } + + for header, want := range expected { + if got := w.Header().Get(header); got != want { + t.Errorf("header %s = %q, want %q", header, got, want) + } + } +} + +func TestSecurityHeaders_NoHSTS_WithoutTLS(t *testing.T) { + gw := &Gateway{} + handler := gw.securityHeadersMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + })) + + req := httptest.NewRequest("GET", "/test", nil) + w := httptest.NewRecorder() + handler.ServeHTTP(w, req) + + if got := w.Header().Get("Strict-Transport-Security"); got != "" { + t.Errorf("HSTS should not be set without TLS, got %q", got) + } +} + +func TestRateLimitMiddleware_Returns429(t *testing.T) { + gw := &Gateway{rateLimiter: NewRateLimiter(60, 1)} + handler := gw.rateLimitMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + })) + + // First request should pass + req := httptest.NewRequest("GET", "/test", nil) + req.RemoteAddr = "8.8.8.8:1234" + w := httptest.NewRecorder() + handler.ServeHTTP(w, req) + if w.Code != http.StatusOK { + t.Fatalf("first request should be 200, got %d", w.Code) + } + + // Second request should be rate limited + w = httptest.NewRecorder() + handler.ServeHTTP(w, req) + if w.Code != http.StatusTooManyRequests { + t.Fatalf("second request should be 429, got %d", w.Code) + } + if w.Header().Get("Retry-After") == "" { + t.Fatal("should have Retry-After header") + } +} + +func TestRateLimitMiddleware_ExemptsInternalTraffic(t *testing.T) { + gw := &Gateway{rateLimiter: NewRateLimiter(60, 1)} + handler := gw.rateLimitMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + })) + + // Internal IP should never be rate limited + for i := 0; i < 10; i++ { + req := httptest.NewRequest("GET", "/test", nil) + req.RemoteAddr = "10.0.0.1:1234" + w := httptest.NewRecorder() + handler.ServeHTTP(w, req) + if w.Code != http.StatusOK { + t.Fatalf("internal request %d should be 200, got %d", i, w.Code) + } + } +} diff --git a/pkg/gateway/request_log_batcher.go b/pkg/gateway/request_log_batcher.go new file mode 100644 index 0000000..5c12382 --- /dev/null +++ b/pkg/gateway/request_log_batcher.go @@ -0,0 +1,188 @@ +package gateway + +import ( + "context" + "fmt" + "strings" + "sync" + "time" + + "github.com/DeBrosOfficial/network/pkg/client" + "github.com/DeBrosOfficial/network/pkg/logging" + "go.uber.org/zap" +) + +// requestLogEntry holds a single request log to be batched. +type requestLogEntry struct { + method string + path string + statusCode int + bytesOut int + durationMs int64 + ip string + apiKey string // raw API key (resolved to ID at flush time in batch) +} + +// requestLogBatcher aggregates request logs and flushes them to RQLite in bulk +// instead of issuing 3 DB writes per request (INSERT log + SELECT api_key_id + UPDATE last_used). +type requestLogBatcher struct { + gw *Gateway + entries []requestLogEntry + mu sync.Mutex + interval time.Duration + maxBatch int + stopCh chan struct{} +} + +func newRequestLogBatcher(gw *Gateway, interval time.Duration, maxBatch int) *requestLogBatcher { + b := &requestLogBatcher{ + gw: gw, + entries: make([]requestLogEntry, 0, maxBatch), + interval: interval, + maxBatch: maxBatch, + stopCh: make(chan struct{}), + } + go b.run() + return b +} + +// Add enqueues a log entry. If the buffer is full, it triggers an early flush. +func (b *requestLogBatcher) Add(entry requestLogEntry) { + b.mu.Lock() + b.entries = append(b.entries, entry) + needsFlush := len(b.entries) >= b.maxBatch + b.mu.Unlock() + + if needsFlush { + go b.flush() + } +} + +// run is the background loop that flushes logs periodically. +func (b *requestLogBatcher) run() { + ticker := time.NewTicker(b.interval) + defer ticker.Stop() + + for { + select { + case <-ticker.C: + b.flush() + case <-b.stopCh: + b.flush() // final flush on stop + return + } + } +} + +// flush writes all buffered log entries to RQLite in a single batch. +func (b *requestLogBatcher) flush() { + b.mu.Lock() + if len(b.entries) == 0 { + b.mu.Unlock() + return + } + batch := b.entries + b.entries = make([]requestLogEntry, 0, b.maxBatch) + b.mu.Unlock() + + if b.gw.client == nil { + return + } + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + db := b.gw.client.Database() + + // Collect unique API keys that need ID resolution + apiKeySet := make(map[string]struct{}) + for _, e := range batch { + if e.apiKey != "" { + apiKeySet[e.apiKey] = struct{}{} + } + } + + // Batch-resolve API key IDs in a single query + apiKeyIDs := make(map[string]int64) + if len(apiKeySet) > 0 { + keys := make([]string, 0, len(apiKeySet)) + for k := range apiKeySet { + keys = append(keys, k) + } + + placeholders := make([]string, len(keys)) + args := make([]interface{}, len(keys)) + for i, k := range keys { + placeholders[i] = "?" + args[i] = k + } + + q := fmt.Sprintf("SELECT id, key FROM api_keys WHERE key IN (%s)", strings.Join(placeholders, ",")) + res, err := db.Query(client.WithInternalAuth(ctx), q, args...) + if err == nil && res != nil { + for _, row := range res.Rows { + if len(row) >= 2 { + var id int64 + switch v := row[0].(type) { + case float64: + id = int64(v) + case int64: + id = v + } + if key, ok := row[1].(string); ok && id > 0 { + apiKeyIDs[key] = id + } + } + } + } + } + + // Build batch INSERT for request_logs + if len(batch) > 0 { + var sb strings.Builder + sb.WriteString("INSERT INTO request_logs (method, path, status_code, bytes_out, duration_ms, ip, api_key_id) VALUES ") + + args := make([]interface{}, 0, len(batch)*7) + for i, e := range batch { + if i > 0 { + sb.WriteString(", ") + } + sb.WriteString("(?, ?, ?, ?, ?, ?, ?)") + + var apiKeyID interface{} = nil + if e.apiKey != "" { + if id, ok := apiKeyIDs[e.apiKey]; ok { + apiKeyID = id + } + } + args = append(args, e.method, e.path, e.statusCode, e.bytesOut, e.durationMs, e.ip, apiKeyID) + } + + _, _ = db.Query(client.WithInternalAuth(ctx), sb.String(), args...) + } + + // Batch UPDATE last_used_at for all API keys seen in this batch + if len(apiKeyIDs) > 0 { + ids := make([]string, 0, len(apiKeyIDs)) + args := make([]interface{}, 0, len(apiKeyIDs)) + for _, id := range apiKeyIDs { + ids = append(ids, "?") + args = append(args, id) + } + + q := fmt.Sprintf("UPDATE api_keys SET last_used_at = CURRENT_TIMESTAMP WHERE id IN (%s)", strings.Join(ids, ",")) + _, _ = db.Query(client.WithInternalAuth(ctx), q, args...) + } + + if b.gw.logger != nil { + b.gw.logger.ComponentDebug(logging.ComponentGeneral, "request logs flushed", + zap.Int("count", len(batch)), + zap.Int("api_keys", len(apiKeyIDs)), + ) + } +} + +// Stop signals the batcher to stop and flush remaining entries. +func (b *requestLogBatcher) Stop() { + close(b.stopCh) +} diff --git a/pkg/gateway/routes.go b/pkg/gateway/routes.go index a6aa1e4..bbca839 100644 --- a/pkg/gateway/routes.go +++ b/pkg/gateway/routes.go @@ -2,6 +2,8 @@ package gateway import ( "net/http" + + "github.com/DeBrosOfficial/network/pkg/gateway/ctxkeys" ) // Routes returns the http.Handler with all routes and middleware configured @@ -15,6 +17,30 @@ func (g *Gateway) Routes() http.Handler { mux.HandleFunc("/v1/version", g.versionHandler) mux.HandleFunc("/v1/status", g.statusHandler) + // TLS check endpoint for Caddy on-demand TLS + mux.HandleFunc("/v1/internal/tls/check", g.tlsCheckHandler) + + // ACME DNS-01 challenge endpoints (for Caddy httpreq DNS provider) + mux.HandleFunc("/v1/internal/acme/present", g.acmePresentHandler) + mux.HandleFunc("/v1/internal/acme/cleanup", g.acmeCleanupHandler) + + // WireGuard peer exchange (internal, cluster-secret auth) + if g.wireguardHandler != nil { + mux.HandleFunc("/v1/internal/wg/peer", g.wireguardHandler.HandleRegisterPeer) + mux.HandleFunc("/v1/internal/wg/peers", g.wireguardHandler.HandleListPeers) + mux.HandleFunc("/v1/internal/wg/peer/remove", g.wireguardHandler.HandleRemovePeer) + } + + // Node join endpoint (token-authenticated, no middleware auth needed) + if g.joinHandler != nil { + mux.HandleFunc("/v1/internal/join", g.joinHandler.HandleJoin) + } + + // Namespace instance spawn/stop (internal, handler does its own auth) + if g.spawnHandler != nil { + mux.Handle("/v1/internal/namespace/spawn", g.spawnHandler) + } + // auth endpoints mux.HandleFunc("/v1/auth/jwks", g.authService.JWKSHandler) mux.HandleFunc("/.well-known/jwks.json", g.authService.JWKSHandler) @@ -38,6 +64,14 @@ func (g *Gateway) Routes() http.Handler { g.ormHTTP.RegisterRoutes(mux) } + // namespace cluster status (public endpoint for polling during provisioning) + mux.HandleFunc("/v1/namespace/status", g.namespaceClusterStatusHandler) + + // namespace delete (authenticated — goes through auth middleware) + if g.namespaceDeleteHandler != nil { + mux.Handle("/v1/namespace/delete", g.namespaceDeleteHandler) + } + // network mux.HandleFunc("/v1/network/status", g.networkStatusHandler) mux.HandleFunc("/v1/network/peers", g.networkPeersHandler) @@ -55,15 +89,14 @@ func (g *Gateway) Routes() http.Handler { // anon proxy (authenticated users only) mux.HandleFunc("/v1/proxy/anon", g.anonProxyHandler) - // cache endpoints (Olric) - if g.cacheHandlers != nil { - mux.HandleFunc("/v1/cache/health", g.cacheHandlers.HealthHandler) - mux.HandleFunc("/v1/cache/get", g.cacheHandlers.GetHandler) - mux.HandleFunc("/v1/cache/mget", g.cacheHandlers.MultiGetHandler) - mux.HandleFunc("/v1/cache/put", g.cacheHandlers.SetHandler) - mux.HandleFunc("/v1/cache/delete", g.cacheHandlers.DeleteHandler) - mux.HandleFunc("/v1/cache/scan", g.cacheHandlers.ScanHandler) - } + // cache endpoints (Olric) - always register, check handler dynamically + // This allows cache routes to work after background Olric reconnection + mux.HandleFunc("/v1/cache/health", g.cacheHealthHandler) + mux.HandleFunc("/v1/cache/get", g.cacheGetHandler) + mux.HandleFunc("/v1/cache/mget", g.cacheMGetHandler) + mux.HandleFunc("/v1/cache/put", g.cachePutHandler) + mux.HandleFunc("/v1/cache/delete", g.cacheDeleteHandler) + mux.HandleFunc("/v1/cache/scan", g.cacheScanHandler) // storage endpoints (IPFS) if g.storageHandlers != nil { @@ -79,5 +112,96 @@ func (g *Gateway) Routes() http.Handler { g.serverlessHandlers.RegisterRoutes(mux) } + // deployment endpoints + if g.deploymentService != nil { + // Static deployments + mux.HandleFunc("/v1/deployments/static/upload", g.staticHandler.HandleUpload) + mux.HandleFunc("/v1/deployments/static/update", g.withHomeNodeProxy(g.updateHandler.HandleUpdate)) + + // Next.js deployments + mux.HandleFunc("/v1/deployments/nextjs/upload", g.nextjsHandler.HandleUpload) + mux.HandleFunc("/v1/deployments/nextjs/update", g.withHomeNodeProxy(g.updateHandler.HandleUpdate)) + + // Go backend deployments + if g.goHandler != nil { + mux.HandleFunc("/v1/deployments/go/upload", g.goHandler.HandleUpload) + mux.HandleFunc("/v1/deployments/go/update", g.withHomeNodeProxy(g.updateHandler.HandleUpdate)) + } + + // Node.js backend deployments + if g.nodejsHandler != nil { + mux.HandleFunc("/v1/deployments/nodejs/upload", g.nodejsHandler.HandleUpload) + mux.HandleFunc("/v1/deployments/nodejs/update", g.withHomeNodeProxy(g.updateHandler.HandleUpdate)) + } + + // Deployment management + mux.HandleFunc("/v1/deployments/list", g.listHandler.HandleList) + mux.HandleFunc("/v1/deployments/get", g.listHandler.HandleGet) + mux.HandleFunc("/v1/deployments/delete", g.withHomeNodeProxy(g.listHandler.HandleDelete)) + mux.HandleFunc("/v1/deployments/rollback", g.withHomeNodeProxy(g.rollbackHandler.HandleRollback)) + mux.HandleFunc("/v1/deployments/versions", g.rollbackHandler.HandleListVersions) + mux.HandleFunc("/v1/deployments/logs", g.withHomeNodeProxy(g.logsHandler.HandleLogs)) + mux.HandleFunc("/v1/deployments/stats", g.withHomeNodeProxy(g.statsHandler.HandleStats)) + mux.HandleFunc("/v1/deployments/events", g.logsHandler.HandleGetEvents) + + // Internal replica coordination endpoints + if g.replicaHandler != nil { + mux.HandleFunc("/v1/internal/deployments/replica/setup", g.replicaHandler.HandleSetup) + mux.HandleFunc("/v1/internal/deployments/replica/update", g.replicaHandler.HandleUpdate) + mux.HandleFunc("/v1/internal/deployments/replica/rollback", g.replicaHandler.HandleRollback) + mux.HandleFunc("/v1/internal/deployments/replica/teardown", g.replicaHandler.HandleTeardown) + } + + // Custom domains + mux.HandleFunc("/v1/deployments/domains/add", g.domainHandler.HandleAddDomain) + mux.HandleFunc("/v1/deployments/domains/verify", g.domainHandler.HandleVerifyDomain) + mux.HandleFunc("/v1/deployments/domains/list", g.domainHandler.HandleListDomains) + mux.HandleFunc("/v1/deployments/domains/remove", g.domainHandler.HandleRemoveDomain) + } + + // SQLite database endpoints + if g.sqliteHandler != nil { + mux.HandleFunc("/v1/db/sqlite/create", g.sqliteHandler.CreateDatabase) + mux.HandleFunc("/v1/db/sqlite/query", g.sqliteHandler.QueryDatabase) + mux.HandleFunc("/v1/db/sqlite/list", g.sqliteHandler.ListDatabases) + mux.HandleFunc("/v1/db/sqlite/backup", g.sqliteBackupHandler.BackupDatabase) + mux.HandleFunc("/v1/db/sqlite/backups", g.sqliteBackupHandler.ListBackups) + } + return g.withMiddleware(mux) } + +// withHomeNodeProxy wraps a deployment handler to proxy requests to the home node +// if the current node is not the home node for the deployment. +func (g *Gateway) withHomeNodeProxy(handler http.HandlerFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + // Already proxied — prevent loops + if r.Header.Get("X-Orama-Proxy-Node") != "" { + handler(w, r) + return + } + name := r.URL.Query().Get("name") + if name == "" { + handler(w, r) + return + } + ctx := r.Context() + namespace, _ := ctx.Value(ctxkeys.NamespaceOverride).(string) + if namespace == "" { + handler(w, r) + return + } + deployment, err := g.deploymentService.GetDeployment(ctx, namespace, name) + if err != nil { + handler(w, r) // let handler return proper error + return + } + if g.nodePeerID != "" && deployment.HomeNodeID != "" && + deployment.HomeNodeID != g.nodePeerID { + if g.proxyCrossNode(w, r, deployment) { + return + } + } + handler(w, r) + } +} diff --git a/pkg/gateway/status_handlers.go b/pkg/gateway/status_handlers.go index f0666c3..d77779d 100644 --- a/pkg/gateway/status_handlers.go +++ b/pkg/gateway/status_handlers.go @@ -3,6 +3,7 @@ package gateway import ( "encoding/json" "net/http" + "strings" "time" "github.com/DeBrosOfficial/network/pkg/client" @@ -86,3 +87,29 @@ func (g *Gateway) versionHandler(w http.ResponseWriter, r *http.Request) { "uptime": time.Since(g.startedAt).String(), }) } + +// tlsCheckHandler validates if a domain should receive a TLS certificate +// Used by Caddy's on-demand TLS feature to prevent abuse +func (g *Gateway) tlsCheckHandler(w http.ResponseWriter, r *http.Request) { + domain := r.URL.Query().Get("domain") + if domain == "" { + http.Error(w, "domain parameter required", http.StatusBadRequest) + return + } + + // Get base domain from config + baseDomain := "dbrs.space" + if g.cfg != nil && g.cfg.BaseDomain != "" { + baseDomain = g.cfg.BaseDomain + } + + // Allow any subdomain of our base domain + if strings.HasSuffix(domain, "."+baseDomain) || domain == baseDomain { + w.WriteHeader(http.StatusOK) + return + } + + // Domain not allowed - only allow subdomains of our base domain + // Custom domains would need to be verified separately + http.Error(w, "domain not allowed", http.StatusForbidden) +} diff --git a/pkg/gateway/storage_handlers_test.go b/pkg/gateway/storage_handlers_test.go index f5dd772..c9794db 100644 --- a/pkg/gateway/storage_handlers_test.go +++ b/pkg/gateway/storage_handlers_test.go @@ -21,6 +21,7 @@ import ( // mockIPFSClient is a mock implementation of ipfs.IPFSClient for testing type mockIPFSClient struct { addFunc func(ctx context.Context, reader io.Reader, name string) (*ipfs.AddResponse, error) + addDirectoryFunc func(ctx context.Context, dirPath string) (*ipfs.AddResponse, error) pinFunc func(ctx context.Context, cid string, name string, replicationFactor int) (*ipfs.PinResponse, error) pinStatusFunc func(ctx context.Context, cid string) (*ipfs.PinStatus, error) getFunc func(ctx context.Context, cid string, ipfsAPIURL string) (io.ReadCloser, error) @@ -35,6 +36,13 @@ func (m *mockIPFSClient) Add(ctx context.Context, reader io.Reader, name string) return &ipfs.AddResponse{Cid: "QmTest123", Name: name, Size: 100}, nil } +func (m *mockIPFSClient) AddDirectory(ctx context.Context, dirPath string) (*ipfs.AddResponse, error) { + if m.addDirectoryFunc != nil { + return m.addDirectoryFunc(ctx, dirPath) + } + return &ipfs.AddResponse{Cid: "QmTestDir123", Name: dirPath, Size: 1000}, nil +} + func (m *mockIPFSClient) Pin(ctx context.Context, cid string, name string, replicationFactor int) (*ipfs.PinResponse, error) { if m.pinFunc != nil { return m.pinFunc(ctx, cid, name, replicationFactor) @@ -111,7 +119,7 @@ func newTestGatewayWithIPFS(t *testing.T, ipfsClient ipfs.IPFSClient) *Gateway { gw.storageHandlers = storage.New(ipfsClient, logger, storage.Config{ IPFSReplicationFactor: cfg.IPFSReplicationFactor, IPFSAPIURL: cfg.IPFSAPIURL, - }) + }, nil) // nil db client for tests } return gw @@ -127,7 +135,7 @@ func TestStorageUploadHandler_MissingIPFSClient(t *testing.T) { handlers := storage.New(nil, logger, storage.Config{ IPFSReplicationFactor: 3, IPFSAPIURL: "http://localhost:5001", - }) + }, nil) req := httptest.NewRequest(http.MethodPost, "/v1/storage/upload", nil) ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-ns") @@ -350,6 +358,8 @@ func TestStoragePinHandler_Success(t *testing.T) { bodyBytes, _ := json.Marshal(reqBody) req := httptest.NewRequest(http.MethodPost, "/v1/storage/pin", bytes.NewReader(bodyBytes)) + ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-ns") + req = req.WithContext(ctx) w := httptest.NewRecorder() gw.storageHandlers.PinHandler(w, req) @@ -506,6 +516,8 @@ func TestStorageUnpinHandler_Success(t *testing.T) { gw := newTestGatewayWithIPFS(t, mockClient) req := httptest.NewRequest(http.MethodDelete, "/v1/storage/unpin/"+expectedCID, nil) + ctx := context.WithValue(req.Context(), ctxkeys.NamespaceOverride, "test-ns") + req = req.WithContext(ctx) w := httptest.NewRecorder() gw.storageHandlers.UnpinHandler(w, req) diff --git a/pkg/installer/installer.go b/pkg/installer/installer.go index 351a49a..c9d19f2 100644 --- a/pkg/installer/installer.go +++ b/pkg/installer/installer.go @@ -11,6 +11,7 @@ import ( tea "github.com/charmbracelet/bubbletea" "github.com/DeBrosOfficial/network/pkg/config" + "github.com/DeBrosOfficial/network/pkg/config/validate" "github.com/DeBrosOfficial/network/pkg/installer/discovery" "github.com/DeBrosOfficial/network/pkg/installer/steps" "github.com/DeBrosOfficial/network/pkg/installer/validation" @@ -197,8 +198,9 @@ func (m *Model) handleEnter() (tea.Model, tea.Cmd) { } m.config.PeerIP = peerIP - // Auto-populate join address (direct RQLite TLS on port 7002) and bootstrap peers - m.config.JoinAddress = fmt.Sprintf("%s:7002", peerIP) + // Auto-populate join address using port 7001 (standard RQLite Raft port) + // config.go will adjust to 7002 if HTTPS/SNI is enabled + m.config.JoinAddress = fmt.Sprintf("%s:7001", peerIP) m.config.Peers = []string{ fmt.Sprintf("/dns4/%s/tcp/4001/p2p/%s", peerDomain, disc.PeerID), } @@ -231,7 +233,7 @@ func (m *Model) handleEnter() (tea.Model, tea.Cmd) { m.setupStepInput() case StepSwarmKey: - swarmKey := strings.TrimSpace(m.textInput.Value()) + swarmKey := validate.ExtractSwarmKeyHex(m.textInput.Value()) if err := config.ValidateSwarmKey(swarmKey); err != nil { m.err = err return m, nil diff --git a/pkg/installer/steps/swarm_key.go b/pkg/installer/steps/swarm_key.go index 85711cd..7161ca2 100644 --- a/pkg/installer/steps/swarm_key.go +++ b/pkg/installer/steps/swarm_key.go @@ -29,8 +29,8 @@ func NewSwarmKey() *SwarmKey { func (s *SwarmKey) View() string { var sb strings.Builder sb.WriteString(titleStyle.Render("IPFS Swarm Key") + "\n\n") - sb.WriteString("Enter the swarm key from an existing node:\n") - sb.WriteString(subtitleStyle.Render("Get it with: cat ~/.orama/secrets/swarm.key | tail -1") + "\n\n") + sb.WriteString("Enter the hex key from an existing node (last line of swarm.key):\n") + sb.WriteString(subtitleStyle.Render("Get it with: tail -1 ~/.orama/secrets/swarm.key") + "\n\n") sb.WriteString(s.Input.View()) if s.Error != nil { diff --git a/pkg/ipfs/client.go b/pkg/ipfs/client.go index 7f517e5..cdeac08 100644 --- a/pkg/ipfs/client.go +++ b/pkg/ipfs/client.go @@ -10,6 +10,9 @@ import ( "mime/multipart" "net/http" "net/url" + "os" + "path/filepath" + "strings" "time" "go.uber.org/zap" @@ -18,6 +21,7 @@ import ( // IPFSClient defines the interface for IPFS operations type IPFSClient interface { Add(ctx context.Context, reader io.Reader, name string) (*AddResponse, error) + AddDirectory(ctx context.Context, dirPath string) (*AddResponse, error) Pin(ctx context.Context, cid string, name string, replicationFactor int) (*PinResponse, error) PinStatus(ctx context.Context, cid string) (*PinStatus, error) Get(ctx context.Context, cid string, ipfsAPIURL string) (io.ReadCloser, error) @@ -29,9 +33,10 @@ type IPFSClient interface { // Client wraps an IPFS Cluster HTTP API client for storage operations type Client struct { - apiURL string - httpClient *http.Client - logger *zap.Logger + apiURL string + ipfsAPIURL string + httpClient *http.Client + logger *zap.Logger } // Config holds configuration for the IPFS client @@ -40,6 +45,10 @@ type Config struct { // If empty, defaults to "http://localhost:9094" ClusterAPIURL string + // IPFSAPIURL is the base URL for IPFS daemon API (e.g., "http://localhost:4501") + // Used for operations that require IPFS daemon directly (like directory uploads) + IPFSAPIURL string + // Timeout is the timeout for client operations // If zero, defaults to 60 seconds Timeout time.Duration @@ -64,6 +73,14 @@ type AddResponse struct { Size int64 `json:"size"` } +// ipfsDaemonAddResponse represents the response from IPFS daemon's /add endpoint +// The daemon returns Size as a string, unlike Cluster which returns it as int64 +type ipfsDaemonAddResponse struct { + Name string `json:"Name"` + Hash string `json:"Hash"` // Daemon uses "Hash" instead of "Cid" + Size string `json:"Size"` // Daemon returns size as string +} + // PinResponse represents the response from pinning a CID type PinResponse struct { Cid string `json:"cid"` @@ -77,6 +94,11 @@ func NewClient(cfg Config, logger *zap.Logger) (*Client, error) { apiURL = "http://localhost:9094" } + ipfsAPIURL := cfg.IPFSAPIURL + if ipfsAPIURL == "" { + ipfsAPIURL = "http://localhost:4501" + } + timeout := cfg.Timeout if timeout == 0 { timeout = 60 * time.Second @@ -88,6 +110,7 @@ func NewClient(cfg Config, logger *zap.Logger) (*Client, error) { return &Client{ apiURL: apiURL, + ipfsAPIURL: ipfsAPIURL, httpClient: httpClient, logger: logger, }, nil @@ -177,7 +200,13 @@ func (c *Client) Add(ctx context.Context, reader io.Reader, name string) (*AddRe return nil, fmt.Errorf("failed to close writer: %w", err) } - req, err := http.NewRequestWithContext(ctx, "POST", c.apiURL+"/add", &buf) + // Add query parameters for tarball extraction + apiURL := c.apiURL + "/add" + if strings.HasSuffix(strings.ToLower(name), ".tar.gz") || strings.HasSuffix(strings.ToLower(name), ".tgz") { + apiURL += "?extract=true" + } + + req, err := http.NewRequestWithContext(ctx, "POST", apiURL, &buf) if err != nil { return nil, fmt.Errorf("failed to create add request: %w", err) } @@ -229,6 +258,139 @@ func (c *Client) Add(ctx context.Context, reader io.Reader, name string) (*AddRe return &last, nil } +// AddDirectory adds all files in a directory to IPFS and returns the root directory CID +// Uses IPFS daemon's multipart upload to preserve directory structure +func (c *Client) AddDirectory(ctx context.Context, dirPath string) (*AddResponse, error) { + var buf bytes.Buffer + writer := multipart.NewWriter(&buf) + + var totalSize int64 + var fileCount int + + // Walk directory and add all files to multipart request + err := filepath.Walk(dirPath, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + // Skip directories themselves (IPFS will create them from file paths) + if info.IsDir() { + return nil + } + + // Get relative path from dirPath + relPath, err := filepath.Rel(dirPath, path) + if err != nil { + return fmt.Errorf("failed to get relative path: %w", err) + } + + // Read file + data, err := os.ReadFile(path) + if err != nil { + return fmt.Errorf("failed to read file %s: %w", path, err) + } + + totalSize += int64(len(data)) + fileCount++ + + // Add file to multipart with relative path + part, err := writer.CreateFormFile("file", relPath) + if err != nil { + return fmt.Errorf("failed to create form file: %w", err) + } + + if _, err := part.Write(data); err != nil { + return fmt.Errorf("failed to write file data: %w", err) + } + + return nil + }) + + if err != nil { + return nil, err + } + + if fileCount == 0 { + return nil, fmt.Errorf("no files found in directory") + } + + if err := writer.Close(); err != nil { + return nil, fmt.Errorf("failed to close writer: %w", err) + } + + // Upload to IPFS daemon (not Cluster) with wrap-in-directory + // This creates a UnixFS directory structure + ipfsDaemonURL := c.ipfsAPIURL + "/api/v0/add?wrap-in-directory=true" + + req, err := http.NewRequestWithContext(ctx, "POST", ipfsDaemonURL, &buf) + if err != nil { + return nil, fmt.Errorf("failed to create add request: %w", err) + } + + req.Header.Set("Content-Type", writer.FormDataContentType()) + + resp, err := c.httpClient.Do(req) + if err != nil { + return nil, fmt.Errorf("add request failed: %w", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + body, _ := io.ReadAll(resp.Body) + return nil, fmt.Errorf("add failed with status %d: %s", resp.StatusCode, string(body)) + } + + // Read NDJSON responses + // IPFS daemon returns entries for each file and subdirectory + // The last entry should be the root directory (or deepest subdirectory if no wrapper) + dec := json.NewDecoder(resp.Body) + var rootCID string + var lastEntry ipfsDaemonAddResponse + + for { + var chunk ipfsDaemonAddResponse + if err := dec.Decode(&chunk); err != nil { + if errors.Is(err, io.EOF) { + break + } + return nil, fmt.Errorf("failed to decode add response: %w", err) + } + lastEntry = chunk + + // With wrap-in-directory, the entry with empty name is the wrapper directory + if chunk.Name == "" { + rootCID = chunk.Hash + } + } + + // Use the last entry if no wrapper directory found + if rootCID == "" { + rootCID = lastEntry.Hash + } + + if rootCID == "" { + return nil, fmt.Errorf("no root CID returned from IPFS daemon") + } + + c.logger.Debug("Directory uploaded to IPFS", + zap.String("root_cid", rootCID), + zap.Int("file_count", fileCount), + zap.Int64("total_size", totalSize)) + + // Pin to cluster for distribution + _, err = c.Pin(ctx, rootCID, "", 1) + if err != nil { + c.logger.Warn("Failed to pin directory to cluster", + zap.String("cid", rootCID), + zap.Error(err)) + } + + return &AddResponse{ + Cid: rootCID, + Size: totalSize, + }, nil +} + // Pin pins a CID with specified replication factor // IPFS Cluster expects pin options (including name) as query parameters, not in JSON body func (c *Client) Pin(ctx context.Context, cid string, name string, replicationFactor int) (*PinResponse, error) { @@ -388,8 +550,9 @@ func (c *Client) Unpin(ctx context.Context, cid string) error { // Get retrieves content from IPFS by CID // Note: This uses the IPFS HTTP API (typically on port 5001), not the Cluster API func (c *Client) Get(ctx context.Context, cid string, ipfsAPIURL string) (io.ReadCloser, error) { + // Use the client's configured IPFS API URL if not provided if ipfsAPIURL == "" { - ipfsAPIURL = "http://localhost:5001" + ipfsAPIURL = c.ipfsAPIURL } url := fmt.Sprintf("%s/api/v0/cat?arg=%s", ipfsAPIURL, cid) diff --git a/pkg/ipfs/cluster_peer.go b/pkg/ipfs/cluster_peer.go index b172b93..cdc0a7f 100644 --- a/pkg/ipfs/cluster_peer.go +++ b/pkg/ipfs/cluster_peer.go @@ -1,7 +1,10 @@ package ipfs import ( + "encoding/json" "fmt" + "net/http" + "net/url" "os" "os/exec" "path/filepath" @@ -10,6 +13,7 @@ import ( "github.com/libp2p/go-libp2p/core/host" "github.com/multiformats/go-multiaddr" + manet "github.com/multiformats/go-multiaddr/net" "go.uber.org/zap" ) @@ -81,13 +85,19 @@ func (cm *ClusterConfigManager) DiscoverClusterPeersFromGateway() ([]ClusterPeer return nil, nil } -// DiscoverClusterPeersFromLibP2P uses libp2p host to find other cluster peers +// DiscoverClusterPeersFromLibP2P discovers IPFS and IPFS Cluster peers by querying +// the /v1/network/status endpoint of connected libp2p peers. +// This is the correct approach since IPFS/Cluster peer IDs are different from libp2p peer IDs. func (cm *ClusterConfigManager) DiscoverClusterPeersFromLibP2P(h host.Host) error { if h == nil { return nil } var clusterPeers []string + var ipfsPeers []IPFSPeerEntry + + // Get unique IPs from connected libp2p peers + peerIPs := make(map[string]bool) for _, p := range h.Peerstore().Peers() { if p == h.ID() { continue @@ -95,20 +105,268 @@ func (cm *ClusterConfigManager) DiscoverClusterPeersFromLibP2P(h host.Host) erro info := h.Peerstore().PeerInfo(p) for _, addr := range info.Addrs { - if strings.Contains(addr.String(), "/tcp/9096") || strings.Contains(addr.String(), "/tcp/9094") { - ma := addr.Encapsulate(multiaddr.StringCast(fmt.Sprintf("/p2p/%s", p.String()))) - clusterPeers = append(clusterPeers, ma.String()) + // Extract IP from multiaddr + ip := extractIPFromMultiaddr(addr) + if ip != "" && !strings.HasPrefix(ip, "127.") && !strings.HasPrefix(ip, "::1") { + peerIPs[ip] = true } } } + if len(peerIPs) == 0 { + return nil + } + + // Query each peer's /v1/network/status endpoint to get IPFS and Cluster info + client := &http.Client{Timeout: 5 * time.Second} + for ip := range peerIPs { + statusURL := fmt.Sprintf("http://%s:6001/v1/network/status", ip) + resp, err := client.Get(statusURL) + if err != nil { + cm.logger.Debug("Failed to query peer status", zap.String("ip", ip), zap.Error(err)) + continue + } + + var status NetworkStatusResponse + if err := json.NewDecoder(resp.Body).Decode(&status); err != nil { + resp.Body.Close() + cm.logger.Debug("Failed to decode peer status", zap.String("ip", ip), zap.Error(err)) + continue + } + resp.Body.Close() + + // Add IPFS Cluster peer if available + if status.IPFSCluster != nil && status.IPFSCluster.PeerID != "" { + for _, addr := range status.IPFSCluster.Addresses { + if strings.Contains(addr, "/tcp/9100") { + clusterPeers = append(clusterPeers, addr) + cm.logger.Info("Discovered IPFS Cluster peer", zap.String("peer", addr)) + } + } + } + + // Add IPFS peer if available + if status.IPFS != nil && status.IPFS.PeerID != "" { + for _, addr := range status.IPFS.SwarmAddresses { + if strings.Contains(addr, "/tcp/4101") && !strings.Contains(addr, "127.0.0.1") { + ipfsPeers = append(ipfsPeers, IPFSPeerEntry{ + ID: status.IPFS.PeerID, + Addrs: []string{addr}, + }) + cm.logger.Info("Discovered IPFS peer", zap.String("peer_id", status.IPFS.PeerID)) + break // One address per peer is enough + } + } + } + } + + // Update IPFS Cluster peer addresses if len(clusterPeers) > 0 { - return cm.UpdatePeerAddresses(clusterPeers) + if err := cm.UpdatePeerAddresses(clusterPeers); err != nil { + cm.logger.Warn("Failed to update cluster peer addresses", zap.Error(err)) + } else { + cm.logger.Info("Updated IPFS Cluster peer addresses", zap.Int("count", len(clusterPeers))) + } + } + + // Update IPFS Peering.Peers + if len(ipfsPeers) > 0 { + if err := cm.UpdateIPFSPeeringConfig(ipfsPeers); err != nil { + cm.logger.Warn("Failed to update IPFS peering config", zap.Error(err)) + } else { + cm.logger.Info("Updated IPFS Peering.Peers", zap.Int("count", len(ipfsPeers))) + } } return nil } +// NetworkStatusResponse represents the response from /v1/network/status +type NetworkStatusResponse struct { + PeerID string `json:"peer_id"` + PeerCount int `json:"peer_count"` + IPFS *NetworkStatusIPFS `json:"ipfs,omitempty"` + IPFSCluster *NetworkStatusIPFSCluster `json:"ipfs_cluster,omitempty"` +} + +type NetworkStatusIPFS struct { + PeerID string `json:"peer_id"` + SwarmAddresses []string `json:"swarm_addresses"` +} + +type NetworkStatusIPFSCluster struct { + PeerID string `json:"peer_id"` + Addresses []string `json:"addresses"` +} + +// IPFSPeerEntry represents an IPFS peer for Peering.Peers config +type IPFSPeerEntry struct { + ID string `json:"ID"` + Addrs []string `json:"Addrs"` +} + +// extractIPFromMultiaddr extracts the IP address from a multiaddr +func extractIPFromMultiaddr(ma multiaddr.Multiaddr) string { + if ma == nil { + return "" + } + + // Try to convert to net.Addr and extract IP + if addr, err := manet.ToNetAddr(ma); err == nil { + addrStr := addr.String() + // Handle "ip:port" format + if idx := strings.LastIndex(addrStr, ":"); idx > 0 { + return addrStr[:idx] + } + return addrStr + } + + // Fallback: parse manually + parts := strings.Split(ma.String(), "/") + for i, part := range parts { + if (part == "ip4" || part == "ip6") && i+1 < len(parts) { + return parts[i+1] + } + } + + return "" +} + +// UpdateIPFSPeeringConfig updates the Peering.Peers section in IPFS config +func (cm *ClusterConfigManager) UpdateIPFSPeeringConfig(peers []IPFSPeerEntry) error { + // Find IPFS config path + ipfsRepoPath := cm.findIPFSRepoPath() + if ipfsRepoPath == "" { + return fmt.Errorf("could not find IPFS repo path") + } + + configPath := filepath.Join(ipfsRepoPath, "config") + + // Read existing config + data, err := os.ReadFile(configPath) + if err != nil { + return fmt.Errorf("failed to read IPFS config: %w", err) + } + + var config map[string]interface{} + if err := json.Unmarshal(data, &config); err != nil { + return fmt.Errorf("failed to parse IPFS config: %w", err) + } + + // Get or create Peering section + peering, ok := config["Peering"].(map[string]interface{}) + if !ok { + peering = make(map[string]interface{}) + } + + // Get existing peers + existingPeers := []IPFSPeerEntry{} + if existingPeersList, ok := peering["Peers"].([]interface{}); ok { + for _, p := range existingPeersList { + if peerMap, ok := p.(map[string]interface{}); ok { + entry := IPFSPeerEntry{} + if id, ok := peerMap["ID"].(string); ok { + entry.ID = id + } + if addrs, ok := peerMap["Addrs"].([]interface{}); ok { + for _, a := range addrs { + if addr, ok := a.(string); ok { + entry.Addrs = append(entry.Addrs, addr) + } + } + } + if entry.ID != "" { + existingPeers = append(existingPeers, entry) + } + } + } + } + + // Merge new peers with existing (avoid duplicates by ID) + seenIDs := make(map[string]bool) + mergedPeers := []interface{}{} + + // Add existing peers first + for _, p := range existingPeers { + seenIDs[p.ID] = true + mergedPeers = append(mergedPeers, map[string]interface{}{ + "ID": p.ID, + "Addrs": p.Addrs, + }) + } + + // Add new peers + for _, p := range peers { + if !seenIDs[p.ID] { + seenIDs[p.ID] = true + mergedPeers = append(mergedPeers, map[string]interface{}{ + "ID": p.ID, + "Addrs": p.Addrs, + }) + } + } + + // Update config + peering["Peers"] = mergedPeers + config["Peering"] = peering + + // Write back + updatedData, err := json.MarshalIndent(config, "", " ") + if err != nil { + return fmt.Errorf("failed to marshal IPFS config: %w", err) + } + + if err := os.WriteFile(configPath, updatedData, 0600); err != nil { + return fmt.Errorf("failed to write IPFS config: %w", err) + } + + // Also add peers via the live IPFS API so the running daemon picks them up + // immediately without requiring a restart. The config file write above + // ensures persistence across restarts. + client := &http.Client{Timeout: 5 * time.Second} + for _, p := range peers { + for _, addr := range p.Addrs { + peeringMA := addr + if !strings.Contains(addr, "/p2p/") { + peeringMA = fmt.Sprintf("%s/p2p/%s", addr, p.ID) + } + addURL := fmt.Sprintf("http://localhost:4501/api/v0/swarm/peering/add?arg=%s", url.QueryEscape(peeringMA)) + if resp, err := client.Post(addURL, "", nil); err == nil { + resp.Body.Close() + cm.logger.Debug("Added IPFS peering via live API", zap.String("multiaddr", peeringMA)) + } else { + cm.logger.Debug("Failed to add IPFS peering via live API", zap.String("multiaddr", peeringMA), zap.Error(err)) + } + } + } + + return nil +} + +// findIPFSRepoPath finds the IPFS repository path +func (cm *ClusterConfigManager) findIPFSRepoPath() string { + dataDir := cm.cfg.Node.DataDir + if strings.HasPrefix(dataDir, "~") { + home, _ := os.UserHomeDir() + dataDir = filepath.Join(home, dataDir[1:]) + } + + possiblePaths := []string{ + filepath.Join(dataDir, "ipfs", "repo"), + filepath.Join(dataDir, "node-1", "ipfs", "repo"), + filepath.Join(dataDir, "node-2", "ipfs", "repo"), + filepath.Join(filepath.Dir(dataDir), "ipfs", "repo"), + } + + for _, path := range possiblePaths { + if _, err := os.Stat(filepath.Join(path, "config")); err == nil { + return path + } + } + + return "" +} + func (cm *ClusterConfigManager) getPeerID() (string, error) { dataDir := cm.cfg.Node.DataDir if strings.HasPrefix(dataDir, "~") { diff --git a/pkg/namespace/cluster_manager.go b/pkg/namespace/cluster_manager.go new file mode 100644 index 0000000..d431ff8 --- /dev/null +++ b/pkg/namespace/cluster_manager.go @@ -0,0 +1,1786 @@ +package namespace + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net" + "net/http" + "os" + "path/filepath" + "sort" + "strings" + "sync" + "time" + + "github.com/DeBrosOfficial/network/pkg/gateway" + "github.com/DeBrosOfficial/network/pkg/olric" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "github.com/DeBrosOfficial/network/pkg/systemd" + "github.com/google/uuid" + "go.uber.org/zap" +) + +// ClusterManagerConfig contains configuration for the cluster manager +type ClusterManagerConfig struct { + BaseDomain string // Base domain for namespace gateways (e.g., "orama-devnet.network") + BaseDataDir string // Base directory for namespace data (e.g., "~/.orama/data/namespaces") + GlobalRQLiteDSN string // Global RQLite DSN for API key validation (e.g., "http://localhost:4001") + // IPFS configuration for namespace gateways (defaults used if not set) + IPFSClusterAPIURL string // IPFS Cluster API URL (default: "http://localhost:9094") + IPFSAPIURL string // IPFS API URL (default: "http://localhost:4501") + IPFSTimeout time.Duration // Timeout for IPFS operations (default: 60s) + IPFSReplicationFactor int // IPFS replication factor (default: 3) +} + +// ClusterManager orchestrates namespace cluster provisioning and lifecycle +type ClusterManager struct { + db rqlite.Client + portAllocator *NamespacePortAllocator + nodeSelector *ClusterNodeSelector + systemdSpawner *SystemdSpawner // NEW: Systemd-based spawner replaces old spawners + logger *zap.Logger + baseDomain string + baseDataDir string + globalRQLiteDSN string // Global RQLite DSN for namespace gateway auth + + // IPFS configuration for namespace gateways + ipfsClusterAPIURL string + ipfsAPIURL string + ipfsTimeout time.Duration + ipfsReplicationFactor int + + // Local node identity for distributed spawning + localNodeID string + + // Track provisioning operations + provisioningMu sync.RWMutex + provisioning map[string]bool // namespace -> in progress +} + +// NewClusterManager creates a new cluster manager +func NewClusterManager( + db rqlite.Client, + cfg ClusterManagerConfig, + logger *zap.Logger, +) *ClusterManager { + // Create internal components + portAllocator := NewNamespacePortAllocator(db, logger) + nodeSelector := NewClusterNodeSelector(db, portAllocator, logger) + systemdSpawner := NewSystemdSpawner(cfg.BaseDataDir, logger) + + // Set IPFS defaults + ipfsClusterAPIURL := cfg.IPFSClusterAPIURL + if ipfsClusterAPIURL == "" { + ipfsClusterAPIURL = "http://localhost:9094" + } + ipfsAPIURL := cfg.IPFSAPIURL + if ipfsAPIURL == "" { + ipfsAPIURL = "http://localhost:4501" + } + ipfsTimeout := cfg.IPFSTimeout + if ipfsTimeout == 0 { + ipfsTimeout = 60 * time.Second + } + ipfsReplicationFactor := cfg.IPFSReplicationFactor + if ipfsReplicationFactor == 0 { + ipfsReplicationFactor = 3 + } + + return &ClusterManager{ + db: db, + portAllocator: portAllocator, + nodeSelector: nodeSelector, + systemdSpawner: systemdSpawner, + baseDomain: cfg.BaseDomain, + baseDataDir: cfg.BaseDataDir, + globalRQLiteDSN: cfg.GlobalRQLiteDSN, + ipfsClusterAPIURL: ipfsClusterAPIURL, + ipfsAPIURL: ipfsAPIURL, + ipfsTimeout: ipfsTimeout, + ipfsReplicationFactor: ipfsReplicationFactor, + logger: logger.With(zap.String("component", "cluster-manager")), + provisioning: make(map[string]bool), + } +} + +// NewClusterManagerWithComponents creates a cluster manager with custom components (useful for testing) +func NewClusterManagerWithComponents( + db rqlite.Client, + portAllocator *NamespacePortAllocator, + nodeSelector *ClusterNodeSelector, + systemdSpawner *SystemdSpawner, + cfg ClusterManagerConfig, + logger *zap.Logger, +) *ClusterManager { + // Set IPFS defaults (same as NewClusterManager) + ipfsClusterAPIURL := cfg.IPFSClusterAPIURL + if ipfsClusterAPIURL == "" { + ipfsClusterAPIURL = "http://localhost:9094" + } + ipfsAPIURL := cfg.IPFSAPIURL + if ipfsAPIURL == "" { + ipfsAPIURL = "http://localhost:4501" + } + ipfsTimeout := cfg.IPFSTimeout + if ipfsTimeout == 0 { + ipfsTimeout = 60 * time.Second + } + ipfsReplicationFactor := cfg.IPFSReplicationFactor + if ipfsReplicationFactor == 0 { + ipfsReplicationFactor = 3 + } + + return &ClusterManager{ + db: db, + portAllocator: portAllocator, + nodeSelector: nodeSelector, + systemdSpawner: systemdSpawner, + baseDomain: cfg.BaseDomain, + baseDataDir: cfg.BaseDataDir, + globalRQLiteDSN: cfg.GlobalRQLiteDSN, + ipfsClusterAPIURL: ipfsClusterAPIURL, + ipfsAPIURL: ipfsAPIURL, + ipfsTimeout: ipfsTimeout, + ipfsReplicationFactor: ipfsReplicationFactor, + logger: logger.With(zap.String("component", "cluster-manager")), + provisioning: make(map[string]bool), + } +} + +// SetLocalNodeID sets this node's peer ID for local/remote dispatch during provisioning +func (cm *ClusterManager) SetLocalNodeID(id string) { + cm.localNodeID = id + cm.logger.Info("Local node ID set for distributed provisioning", zap.String("local_node_id", id)) +} + +// spawnRQLiteWithSystemd generates config and spawns RQLite via systemd +func (cm *ClusterManager) spawnRQLiteWithSystemd(ctx context.Context, cfg rqlite.InstanceConfig) error { + // RQLite uses command-line args, no config file needed + // Just call systemd spawner which will generate env file and start service + return cm.systemdSpawner.SpawnRQLite(ctx, cfg.Namespace, cfg.NodeID, cfg) +} + +// spawnOlricWithSystemd spawns Olric via systemd (config creation now handled by spawner) +func (cm *ClusterManager) spawnOlricWithSystemd(ctx context.Context, cfg olric.InstanceConfig) error { + // SystemdSpawner now handles config file creation + return cm.systemdSpawner.SpawnOlric(ctx, cfg.Namespace, cfg.NodeID, cfg) +} + +// writePeersJSON writes RQLite peers.json file for Raft cluster recovery +func (cm *ClusterManager) writePeersJSON(dataDir string, peers []rqlite.RaftPeer) error { + raftDir := filepath.Join(dataDir, "raft") + if err := os.MkdirAll(raftDir, 0755); err != nil { + return fmt.Errorf("failed to create raft directory: %w", err) + } + + peersFile := filepath.Join(raftDir, "peers.json") + data, err := json.Marshal(peers) + if err != nil { + return fmt.Errorf("failed to marshal peers: %w", err) + } + + return os.WriteFile(peersFile, data, 0644) +} + +// spawnGatewayWithSystemd spawns Gateway via systemd (config creation now handled by spawner) +func (cm *ClusterManager) spawnGatewayWithSystemd(ctx context.Context, cfg gateway.InstanceConfig) error { + // SystemdSpawner now handles config file creation + return cm.systemdSpawner.SpawnGateway(ctx, cfg.Namespace, cfg.NodeID, cfg) +} + +// ProvisionCluster provisions a new 3-node cluster for a namespace +// This is an async operation - returns immediately with cluster ID for polling +func (cm *ClusterManager) ProvisionCluster(ctx context.Context, namespaceID int, namespaceName, provisionedBy string) (*NamespaceCluster, error) { + // Check if already provisioning + cm.provisioningMu.Lock() + if cm.provisioning[namespaceName] { + cm.provisioningMu.Unlock() + return nil, fmt.Errorf("namespace %s is already being provisioned", namespaceName) + } + cm.provisioning[namespaceName] = true + cm.provisioningMu.Unlock() + + defer func() { + cm.provisioningMu.Lock() + delete(cm.provisioning, namespaceName) + cm.provisioningMu.Unlock() + }() + + cm.logger.Info("Starting cluster provisioning", + zap.String("namespace", namespaceName), + zap.Int("namespace_id", namespaceID), + zap.String("provisioned_by", provisionedBy), + ) + + // Create cluster record + cluster := &NamespaceCluster{ + ID: uuid.New().String(), + NamespaceID: namespaceID, + NamespaceName: namespaceName, + Status: ClusterStatusProvisioning, + RQLiteNodeCount: 3, + OlricNodeCount: 3, + GatewayNodeCount: 3, + ProvisionedBy: provisionedBy, + ProvisionedAt: time.Now(), + } + + // Insert cluster record + if err := cm.insertCluster(ctx, cluster); err != nil { + return nil, fmt.Errorf("failed to insert cluster record: %w", err) + } + + // Log event + cm.logEvent(ctx, cluster.ID, EventProvisioningStarted, "", "Cluster provisioning started", nil) + + // Select 3 nodes for the cluster + nodes, err := cm.nodeSelector.SelectNodesForCluster(ctx, 3) + if err != nil { + cm.updateClusterStatus(ctx, cluster.ID, ClusterStatusFailed, err.Error()) + return nil, fmt.Errorf("failed to select nodes: %w", err) + } + + nodeIDs := make([]string, len(nodes)) + for i, n := range nodes { + nodeIDs[i] = n.NodeID + } + cm.logEvent(ctx, cluster.ID, EventNodesSelected, "", "Selected nodes for cluster", map[string]interface{}{"nodes": nodeIDs}) + + // Allocate ports on each node + portBlocks := make([]*PortBlock, len(nodes)) + for i, node := range nodes { + block, err := cm.portAllocator.AllocatePortBlock(ctx, node.NodeID, cluster.ID) + if err != nil { + // Rollback previous allocations + for j := 0; j < i; j++ { + cm.portAllocator.DeallocatePortBlock(ctx, cluster.ID, nodes[j].NodeID) + } + cm.updateClusterStatus(ctx, cluster.ID, ClusterStatusFailed, err.Error()) + return nil, fmt.Errorf("failed to allocate ports on node %s: %w", node.NodeID, err) + } + portBlocks[i] = block + cm.logEvent(ctx, cluster.ID, EventPortsAllocated, node.NodeID, + fmt.Sprintf("Allocated ports %d-%d", block.PortStart, block.PortEnd), nil) + } + + // Start RQLite instances (leader first, then followers) + rqliteInstances, err := cm.startRQLiteCluster(ctx, cluster, nodes, portBlocks) + if err != nil { + cm.rollbackProvisioning(ctx, cluster, nodes, portBlocks, nil, nil) + return nil, fmt.Errorf("failed to start RQLite cluster: %w", err) + } + + // Start Olric instances + olricInstances, err := cm.startOlricCluster(ctx, cluster, nodes, portBlocks) + if err != nil { + cm.rollbackProvisioning(ctx, cluster, nodes, portBlocks, rqliteInstances, nil) + return nil, fmt.Errorf("failed to start Olric cluster: %w", err) + } + + // Start Gateway instances (optional - may not be available in dev mode) + _, err = cm.startGatewayCluster(ctx, cluster, nodes, portBlocks, rqliteInstances, olricInstances) + if err != nil { + // Check if this is a "binary not found" error - if so, continue without gateways + if strings.Contains(err.Error(), "gateway binary not found") { + cm.logger.Warn("Skipping namespace gateway spawning (binary not available)", + zap.String("namespace", cluster.NamespaceName), + zap.Error(err), + ) + cm.logEvent(ctx, cluster.ID, "gateway_skipped", "", "Gateway binary not available, cluster will use main gateway", nil) + } else { + cm.rollbackProvisioning(ctx, cluster, nodes, portBlocks, rqliteInstances, olricInstances) + return nil, fmt.Errorf("failed to start Gateway cluster: %w", err) + } + } + + // Create DNS records for namespace gateway + if err := cm.createDNSRecords(ctx, cluster, nodes, portBlocks); err != nil { + cm.logger.Warn("Failed to create DNS records", zap.Error(err)) + // Don't fail provisioning for DNS errors + } + + // Update cluster status to ready + now := time.Now() + cluster.Status = ClusterStatusReady + cluster.ReadyAt = &now + cm.updateClusterStatus(ctx, cluster.ID, ClusterStatusReady, "") + cm.logEvent(ctx, cluster.ID, EventClusterReady, "", "Cluster is ready", nil) + + cm.logger.Info("Cluster provisioning completed", + zap.String("cluster_id", cluster.ID), + zap.String("namespace", namespaceName), + ) + + return cluster, nil +} + +// startRQLiteCluster starts RQLite instances on all nodes (locally or remotely) +func (cm *ClusterManager) startRQLiteCluster(ctx context.Context, cluster *NamespaceCluster, nodes []NodeCapacity, portBlocks []*PortBlock) ([]*rqlite.Instance, error) { + instances := make([]*rqlite.Instance, len(nodes)) + + // Start leader first (node 0) + leaderCfg := rqlite.InstanceConfig{ + Namespace: cluster.NamespaceName, + NodeID: nodes[0].NodeID, + HTTPPort: portBlocks[0].RQLiteHTTPPort, + RaftPort: portBlocks[0].RQLiteRaftPort, + HTTPAdvAddress: fmt.Sprintf("%s:%d", nodes[0].InternalIP, portBlocks[0].RQLiteHTTPPort), + RaftAdvAddress: fmt.Sprintf("%s:%d", nodes[0].InternalIP, portBlocks[0].RQLiteRaftPort), + IsLeader: true, + } + + var err error + if nodes[0].NodeID == cm.localNodeID { + cm.logger.Info("Spawning RQLite leader locally", zap.String("node", nodes[0].NodeID)) + err = cm.spawnRQLiteWithSystemd(ctx, leaderCfg) + if err == nil { + // Create Instance object for consistency with existing code + instances[0] = &rqlite.Instance{ + Config: leaderCfg, + } + } + } else { + cm.logger.Info("Spawning RQLite leader remotely", zap.String("node", nodes[0].NodeID), zap.String("ip", nodes[0].InternalIP)) + instances[0], err = cm.spawnRQLiteRemote(ctx, nodes[0].InternalIP, leaderCfg) + } + if err != nil { + return nil, fmt.Errorf("failed to start RQLite leader: %w", err) + } + + cm.logEvent(ctx, cluster.ID, EventRQLiteStarted, nodes[0].NodeID, "RQLite leader started", nil) + cm.logEvent(ctx, cluster.ID, EventRQLiteLeaderElected, nodes[0].NodeID, "RQLite leader elected", nil) + + if err := cm.insertClusterNode(ctx, cluster.ID, nodes[0].NodeID, NodeRoleRQLiteLeader, portBlocks[0]); err != nil { + cm.logger.Warn("Failed to record cluster node", zap.Error(err)) + } + + // Start followers + leaderRaftAddr := leaderCfg.RaftAdvAddress + for i := 1; i < len(nodes); i++ { + followerCfg := rqlite.InstanceConfig{ + Namespace: cluster.NamespaceName, + NodeID: nodes[i].NodeID, + HTTPPort: portBlocks[i].RQLiteHTTPPort, + RaftPort: portBlocks[i].RQLiteRaftPort, + HTTPAdvAddress: fmt.Sprintf("%s:%d", nodes[i].InternalIP, portBlocks[i].RQLiteHTTPPort), + RaftAdvAddress: fmt.Sprintf("%s:%d", nodes[i].InternalIP, portBlocks[i].RQLiteRaftPort), + JoinAddresses: []string{leaderRaftAddr}, + IsLeader: false, + } + + var followerInstance *rqlite.Instance + if nodes[i].NodeID == cm.localNodeID { + cm.logger.Info("Spawning RQLite follower locally", zap.String("node", nodes[i].NodeID)) + err = cm.spawnRQLiteWithSystemd(ctx, followerCfg) + if err == nil { + followerInstance = &rqlite.Instance{ + Config: followerCfg, + } + } + } else { + cm.logger.Info("Spawning RQLite follower remotely", zap.String("node", nodes[i].NodeID), zap.String("ip", nodes[i].InternalIP)) + followerInstance, err = cm.spawnRQLiteRemote(ctx, nodes[i].InternalIP, followerCfg) + } + if err != nil { + // Stop previously started instances + for j := 0; j < i; j++ { + cm.stopRQLiteOnNode(ctx, nodes[j].NodeID, nodes[j].InternalIP, cluster.NamespaceName, instances[j]) + } + return nil, fmt.Errorf("failed to start RQLite follower on node %s: %w", nodes[i].NodeID, err) + } + instances[i] = followerInstance + + cm.logEvent(ctx, cluster.ID, EventRQLiteStarted, nodes[i].NodeID, "RQLite follower started", nil) + cm.logEvent(ctx, cluster.ID, EventRQLiteJoined, nodes[i].NodeID, "RQLite follower joined cluster", nil) + + if err := cm.insertClusterNode(ctx, cluster.ID, nodes[i].NodeID, NodeRoleRQLiteFollower, portBlocks[i]); err != nil { + cm.logger.Warn("Failed to record cluster node", zap.Error(err)) + } + } + + return instances, nil +} + +// startOlricCluster starts Olric instances on all nodes concurrently. +// Olric uses memberlist for peer discovery — all peers must be reachable at roughly +// the same time. Sequential spawning fails because early instances exhaust their +// retry budget before later instances start. By spawning all concurrently, all +// memberlist ports open within seconds of each other, allowing discovery to succeed. +func (cm *ClusterManager) startOlricCluster(ctx context.Context, cluster *NamespaceCluster, nodes []NodeCapacity, portBlocks []*PortBlock) ([]*olric.OlricInstance, error) { + instances := make([]*olric.OlricInstance, len(nodes)) + errs := make([]error, len(nodes)) + + // Build configs for all nodes upfront + configs := make([]olric.InstanceConfig, len(nodes)) + for i, node := range nodes { + var peers []string + for j, peerNode := range nodes { + if j != i { + peers = append(peers, fmt.Sprintf("%s:%d", peerNode.InternalIP, portBlocks[j].OlricMemberlistPort)) + } + } + configs[i] = olric.InstanceConfig{ + Namespace: cluster.NamespaceName, + NodeID: node.NodeID, + HTTPPort: portBlocks[i].OlricHTTPPort, + MemberlistPort: portBlocks[i].OlricMemberlistPort, + BindAddr: node.InternalIP, // Bind to WG IP directly (0.0.0.0 resolves to IPv6 on some hosts) + AdvertiseAddr: node.InternalIP, // Advertise WG IP to peers + PeerAddresses: peers, + } + } + + // Spawn all instances concurrently + var wg sync.WaitGroup + for i, node := range nodes { + wg.Add(1) + go func(idx int, n NodeCapacity) { + defer wg.Done() + if n.NodeID == cm.localNodeID { + cm.logger.Info("Spawning Olric locally", zap.String("node", n.NodeID)) + errs[idx] = cm.spawnOlricWithSystemd(ctx, configs[idx]) + if errs[idx] == nil { + instances[idx] = &olric.OlricInstance{ + Namespace: configs[idx].Namespace, + NodeID: configs[idx].NodeID, + HTTPPort: configs[idx].HTTPPort, + MemberlistPort: configs[idx].MemberlistPort, + BindAddr: configs[idx].BindAddr, + AdvertiseAddr: configs[idx].AdvertiseAddr, + PeerAddresses: configs[idx].PeerAddresses, + Status: olric.InstanceStatusRunning, + StartedAt: time.Now(), + } + } + } else { + cm.logger.Info("Spawning Olric remotely", zap.String("node", n.NodeID), zap.String("ip", n.InternalIP)) + instances[idx], errs[idx] = cm.spawnOlricRemote(ctx, n.InternalIP, configs[idx]) + } + }(i, node) + } + wg.Wait() + + // Check for errors — if any failed, stop all and return + for i, err := range errs { + if err != nil { + cm.logger.Error("Olric spawn failed", zap.String("node", nodes[i].NodeID), zap.Error(err)) + // Stop any that succeeded + for j := range nodes { + if errs[j] == nil { + cm.stopOlricOnNode(ctx, nodes[j].NodeID, nodes[j].InternalIP, cluster.NamespaceName) + } + } + return nil, fmt.Errorf("failed to start Olric on node %s: %w", nodes[i].NodeID, err) + } + } + + // All instances started — give memberlist time to converge. + // Olric's memberlist retries peer joins every ~1s for ~10 attempts. + // Since all instances are now up, they should discover each other quickly. + cm.logger.Info("All Olric instances started, waiting for memberlist convergence", + zap.Int("node_count", len(nodes)), + ) + time.Sleep(5 * time.Second) + + // Log events and record cluster nodes + for i, node := range nodes { + cm.logEvent(ctx, cluster.ID, EventOlricStarted, node.NodeID, "Olric instance started", nil) + cm.logEvent(ctx, cluster.ID, EventOlricJoined, node.NodeID, "Olric instance joined memberlist", nil) + + if err := cm.insertClusterNode(ctx, cluster.ID, node.NodeID, NodeRoleOlric, portBlocks[i]); err != nil { + cm.logger.Warn("Failed to record cluster node", zap.Error(err)) + } + } + + // Verify at least the local instance is still healthy after convergence + for i, node := range nodes { + if node.NodeID == cm.localNodeID && instances[i] != nil { + healthy, err := instances[i].IsHealthy(ctx) + if !healthy { + cm.logger.Warn("Local Olric instance unhealthy after convergence wait", zap.Error(err)) + } else { + cm.logger.Info("Local Olric instance healthy after convergence") + } + } + } + + return instances, nil +} + +// startGatewayCluster starts Gateway instances on all nodes (locally or remotely) +func (cm *ClusterManager) startGatewayCluster(ctx context.Context, cluster *NamespaceCluster, nodes []NodeCapacity, portBlocks []*PortBlock, rqliteInstances []*rqlite.Instance, olricInstances []*olric.OlricInstance) ([]*gateway.GatewayInstance, error) { + instances := make([]*gateway.GatewayInstance, len(nodes)) + + // Build Olric server addresses — always use WireGuard IPs (Olric binds to WireGuard interface) + olricServers := make([]string, len(olricInstances)) + for i, inst := range olricInstances { + olricServers[i] = inst.AdvertisedDSN() // Always use WireGuard IP + } + + // Start all Gateway instances + for i, node := range nodes { + // Connect to local RQLite instance on each node + rqliteDSN := fmt.Sprintf("http://localhost:%d", portBlocks[i].RQLiteHTTPPort) + + cfg := gateway.InstanceConfig{ + Namespace: cluster.NamespaceName, + NodeID: node.NodeID, + HTTPPort: portBlocks[i].GatewayHTTPPort, + BaseDomain: cm.baseDomain, + RQLiteDSN: rqliteDSN, + GlobalRQLiteDSN: cm.globalRQLiteDSN, + OlricServers: olricServers, + OlricTimeout: 30 * time.Second, + IPFSClusterAPIURL: cm.ipfsClusterAPIURL, + IPFSAPIURL: cm.ipfsAPIURL, + IPFSTimeout: cm.ipfsTimeout, + IPFSReplicationFactor: cm.ipfsReplicationFactor, + } + + var instance *gateway.GatewayInstance + var err error + if node.NodeID == cm.localNodeID { + cm.logger.Info("Spawning Gateway locally", zap.String("node", node.NodeID)) + err = cm.spawnGatewayWithSystemd(ctx, cfg) + if err == nil { + instance = &gateway.GatewayInstance{ + Namespace: cfg.Namespace, + NodeID: cfg.NodeID, + HTTPPort: cfg.HTTPPort, + BaseDomain: cfg.BaseDomain, + RQLiteDSN: cfg.RQLiteDSN, + OlricServers: cfg.OlricServers, + Status: gateway.InstanceStatusRunning, + StartedAt: time.Now(), + } + } + } else { + cm.logger.Info("Spawning Gateway remotely", zap.String("node", node.NodeID), zap.String("ip", node.InternalIP)) + instance, err = cm.spawnGatewayRemote(ctx, node.InternalIP, cfg) + } + if err != nil { + // Stop previously started instances + for j := 0; j < i; j++ { + cm.stopGatewayOnNode(ctx, nodes[j].NodeID, nodes[j].InternalIP, cluster.NamespaceName) + } + return nil, fmt.Errorf("failed to start Gateway on node %s: %w", node.NodeID, err) + } + instances[i] = instance + + cm.logEvent(ctx, cluster.ID, EventGatewayStarted, node.NodeID, "Gateway instance started", nil) + + if err := cm.insertClusterNode(ctx, cluster.ID, node.NodeID, NodeRoleGateway, portBlocks[i]); err != nil { + cm.logger.Warn("Failed to record cluster node", zap.Error(err)) + } + } + + return instances, nil +} + +// spawnRQLiteRemote sends a spawn-rqlite request to a remote node +func (cm *ClusterManager) spawnRQLiteRemote(ctx context.Context, nodeIP string, cfg rqlite.InstanceConfig) (*rqlite.Instance, error) { + resp, err := cm.sendSpawnRequest(ctx, nodeIP, map[string]interface{}{ + "action": "spawn-rqlite", + "namespace": cfg.Namespace, + "node_id": cfg.NodeID, + "rqlite_http_port": cfg.HTTPPort, + "rqlite_raft_port": cfg.RaftPort, + "rqlite_http_adv_addr": cfg.HTTPAdvAddress, + "rqlite_raft_adv_addr": cfg.RaftAdvAddress, + "rqlite_join_addrs": cfg.JoinAddresses, + "rqlite_is_leader": cfg.IsLeader, + }) + if err != nil { + return nil, err + } + return &rqlite.Instance{PID: resp.PID}, nil +} + +// spawnOlricRemote sends a spawn-olric request to a remote node +func (cm *ClusterManager) spawnOlricRemote(ctx context.Context, nodeIP string, cfg olric.InstanceConfig) (*olric.OlricInstance, error) { + resp, err := cm.sendSpawnRequest(ctx, nodeIP, map[string]interface{}{ + "action": "spawn-olric", + "namespace": cfg.Namespace, + "node_id": cfg.NodeID, + "olric_http_port": cfg.HTTPPort, + "olric_memberlist_port": cfg.MemberlistPort, + "olric_bind_addr": cfg.BindAddr, + "olric_advertise_addr": cfg.AdvertiseAddr, + "olric_peer_addresses": cfg.PeerAddresses, + }) + if err != nil { + return nil, err + } + return &olric.OlricInstance{ + PID: resp.PID, + HTTPPort: cfg.HTTPPort, + MemberlistPort: cfg.MemberlistPort, + BindAddr: cfg.BindAddr, + AdvertiseAddr: cfg.AdvertiseAddr, + }, nil +} + +// spawnGatewayRemote sends a spawn-gateway request to a remote node +func (cm *ClusterManager) spawnGatewayRemote(ctx context.Context, nodeIP string, cfg gateway.InstanceConfig) (*gateway.GatewayInstance, error) { + ipfsTimeout := "" + if cfg.IPFSTimeout > 0 { + ipfsTimeout = cfg.IPFSTimeout.String() + } + + resp, err := cm.sendSpawnRequest(ctx, nodeIP, map[string]interface{}{ + "action": "spawn-gateway", + "namespace": cfg.Namespace, + "node_id": cfg.NodeID, + "gateway_http_port": cfg.HTTPPort, + "gateway_base_domain": cfg.BaseDomain, + "gateway_rqlite_dsn": cfg.RQLiteDSN, + "gateway_olric_servers": cfg.OlricServers, + "ipfs_cluster_api_url": cfg.IPFSClusterAPIURL, + "ipfs_api_url": cfg.IPFSAPIURL, + "ipfs_timeout": ipfsTimeout, + "ipfs_replication_factor": cfg.IPFSReplicationFactor, + }) + if err != nil { + return nil, err + } + return &gateway.GatewayInstance{ + Namespace: cfg.Namespace, + NodeID: cfg.NodeID, + HTTPPort: cfg.HTTPPort, + BaseDomain: cfg.BaseDomain, + RQLiteDSN: cfg.RQLiteDSN, + OlricServers: cfg.OlricServers, + PID: resp.PID, + }, nil +} + +// spawnResponse represents the JSON response from a spawn request +type spawnResponse struct { + Success bool `json:"success"` + Error string `json:"error,omitempty"` + PID int `json:"pid,omitempty"` +} + +// sendSpawnRequest sends a spawn/stop request to a remote node's spawn endpoint +func (cm *ClusterManager) sendSpawnRequest(ctx context.Context, nodeIP string, req map[string]interface{}) (*spawnResponse, error) { + url := fmt.Sprintf("http://%s:6001/v1/internal/namespace/spawn", nodeIP) + body, err := json.Marshal(req) + if err != nil { + return nil, fmt.Errorf("failed to marshal spawn request: %w", err) + } + + httpReq, err := http.NewRequestWithContext(ctx, "POST", url, bytes.NewReader(body)) + if err != nil { + return nil, fmt.Errorf("failed to create request: %w", err) + } + httpReq.Header.Set("Content-Type", "application/json") + httpReq.Header.Set("X-Orama-Internal-Auth", "namespace-coordination") + + client := &http.Client{Timeout: 60 * time.Second} + resp, err := client.Do(httpReq) + if err != nil { + return nil, fmt.Errorf("failed to send spawn request to %s: %w", nodeIP, err) + } + defer resp.Body.Close() + + respBody, err := io.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("failed to read response from %s: %w", nodeIP, err) + } + + var spawnResp spawnResponse + if err := json.Unmarshal(respBody, &spawnResp); err != nil { + return nil, fmt.Errorf("failed to decode response from %s: %w", nodeIP, err) + } + + if !spawnResp.Success { + return nil, fmt.Errorf("spawn request failed on %s: %s", nodeIP, spawnResp.Error) + } + + return &spawnResp, nil +} + +// stopRQLiteOnNode stops a RQLite instance on a node (local or remote) +func (cm *ClusterManager) stopRQLiteOnNode(ctx context.Context, nodeID, nodeIP, namespace string, inst *rqlite.Instance) { + if nodeID == cm.localNodeID { + cm.systemdSpawner.StopRQLite(ctx, namespace, nodeID) + } else { + cm.sendStopRequest(ctx, nodeIP, "stop-rqlite", namespace, nodeID) + } +} + +// stopOlricOnNode stops an Olric instance on a node (local or remote) +func (cm *ClusterManager) stopOlricOnNode(ctx context.Context, nodeID, nodeIP, namespace string) { + if nodeID == cm.localNodeID { + cm.systemdSpawner.StopOlric(ctx, namespace, nodeID) + } else { + cm.sendStopRequest(ctx, nodeIP, "stop-olric", namespace, nodeID) + } +} + +// stopGatewayOnNode stops a Gateway instance on a node (local or remote) +func (cm *ClusterManager) stopGatewayOnNode(ctx context.Context, nodeID, nodeIP, namespace string) { + if nodeID == cm.localNodeID { + cm.systemdSpawner.StopGateway(ctx, namespace, nodeID) + } else { + cm.sendStopRequest(ctx, nodeIP, "stop-gateway", namespace, nodeID) + } +} + +// sendStopRequest sends a stop request to a remote node +func (cm *ClusterManager) sendStopRequest(ctx context.Context, nodeIP, action, namespace, nodeID string) { + _, err := cm.sendSpawnRequest(ctx, nodeIP, map[string]interface{}{ + "action": action, + "namespace": namespace, + "node_id": nodeID, + }) + if err != nil { + cm.logger.Warn("Failed to send stop request to remote node", + zap.String("node_ip", nodeIP), + zap.String("action", action), + zap.Error(err), + ) + } +} + +// createDNSRecords creates DNS records for the namespace gateway. +// Creates A records pointing to the public IPs of nodes running the namespace gateway cluster. +func (cm *ClusterManager) createDNSRecords(ctx context.Context, cluster *NamespaceCluster, nodes []NodeCapacity, portBlocks []*PortBlock) error { + fqdn := fmt.Sprintf("ns-%s.%s.", cluster.NamespaceName, cm.baseDomain) + + // Collect public IPs from the selected cluster nodes + var gatewayIPs []string + for _, node := range nodes { + if node.IPAddress != "" { + gatewayIPs = append(gatewayIPs, node.IPAddress) + } + } + + if len(gatewayIPs) == 0 { + cm.logger.Error("No valid node IPs found for DNS records", + zap.String("namespace", cluster.NamespaceName), + zap.Int("node_count", len(nodes)), + ) + return fmt.Errorf("no valid node IPs found for DNS records") + } + + cm.logger.Info("Creating DNS records for namespace gateway", + zap.String("namespace", cluster.NamespaceName), + zap.Strings("ips", gatewayIPs), + ) + + recordCount := 0 + for _, ip := range gatewayIPs { + query := ` + INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by) + VALUES (?, 'A', ?, 300, ?, 'system') + ` + _, err := cm.db.Exec(ctx, query, fqdn, ip, cluster.NamespaceName) + if err != nil { + cm.logger.Warn("Failed to create DNS record", + zap.String("fqdn", fqdn), + zap.String("ip", ip), + zap.Error(err), + ) + } else { + cm.logger.Info("Created DNS A record for gateway node", + zap.String("fqdn", fqdn), + zap.String("ip", ip), + ) + recordCount++ + } + } + + cm.logEvent(ctx, cluster.ID, EventDNSCreated, "", fmt.Sprintf("DNS records created for %s (%d gateway node records)", fqdn, recordCount), nil) + return nil +} + +// rollbackProvisioning cleans up a failed provisioning attempt +func (cm *ClusterManager) rollbackProvisioning(ctx context.Context, cluster *NamespaceCluster, nodes []NodeCapacity, portBlocks []*PortBlock, rqliteInstances []*rqlite.Instance, olricInstances []*olric.OlricInstance) { + cm.logger.Info("Rolling back failed provisioning", zap.String("cluster_id", cluster.ID)) + + // Stop all namespace services (Gateway, Olric, RQLite) using systemd + cm.systemdSpawner.StopAll(ctx, cluster.NamespaceName) + + // Stop Olric instances on each node + if olricInstances != nil && nodes != nil { + for _, node := range nodes { + cm.stopOlricOnNode(ctx, node.NodeID, node.InternalIP, cluster.NamespaceName) + } + } + + // Stop RQLite instances on each node + if rqliteInstances != nil && nodes != nil { + for i, inst := range rqliteInstances { + if inst != nil && i < len(nodes) { + cm.stopRQLiteOnNode(ctx, nodes[i].NodeID, nodes[i].InternalIP, cluster.NamespaceName, inst) + } + } + } + + // Deallocate ports + cm.portAllocator.DeallocateAllPortBlocks(ctx, cluster.ID) + + // Update cluster status + cm.updateClusterStatus(ctx, cluster.ID, ClusterStatusFailed, "Provisioning failed and rolled back") +} + +// DeprovisionCluster tears down a namespace cluster +func (cm *ClusterManager) DeprovisionCluster(ctx context.Context, namespaceID int64) error { + cluster, err := cm.GetClusterByNamespaceID(ctx, namespaceID) + if err != nil { + return fmt.Errorf("failed to get cluster: %w", err) + } + + if cluster == nil { + return nil // No cluster to deprovision + } + + cm.logger.Info("Starting cluster deprovisioning", + zap.String("cluster_id", cluster.ID), + zap.String("namespace", cluster.NamespaceName), + ) + + cm.logEvent(ctx, cluster.ID, EventDeprovisionStarted, "", "Cluster deprovisioning started", nil) + cm.updateClusterStatus(ctx, cluster.ID, ClusterStatusDeprovisioning, "") + + // Stop all services using systemd + cm.systemdSpawner.StopAll(ctx, cluster.NamespaceName) + + // Deallocate all ports + cm.portAllocator.DeallocateAllPortBlocks(ctx, cluster.ID) + + // Delete DNS records + query := `DELETE FROM dns_records WHERE namespace = ?` + cm.db.Exec(ctx, query, cluster.NamespaceName) + + // Delete cluster record + query = `DELETE FROM namespace_clusters WHERE id = ?` + cm.db.Exec(ctx, query, cluster.ID) + + cm.logEvent(ctx, cluster.ID, EventDeprovisioned, "", "Cluster deprovisioned", nil) + + cm.logger.Info("Cluster deprovisioning completed", zap.String("cluster_id", cluster.ID)) + + return nil +} + +// GetClusterStatus returns the current status of a namespace cluster +func (cm *ClusterManager) GetClusterStatus(ctx context.Context, clusterID string) (*ClusterProvisioningStatus, error) { + cluster, err := cm.GetCluster(ctx, clusterID) + if err != nil { + return nil, err + } + if cluster == nil { + return nil, fmt.Errorf("cluster not found") + } + + status := &ClusterProvisioningStatus{ + Status: cluster.Status, + ClusterID: cluster.ID, + } + + // Check individual service status + // TODO: Actually check each service's health + if cluster.Status == ClusterStatusReady { + status.RQLiteReady = true + status.OlricReady = true + status.GatewayReady = true + status.DNSReady = true + } + + // Get node list + nodes, err := cm.getClusterNodes(ctx, clusterID) + if err == nil { + for _, node := range nodes { + status.Nodes = append(status.Nodes, node.NodeID) + } + } + + if cluster.ErrorMessage != "" { + status.Error = cluster.ErrorMessage + } + + return status, nil +} + +// GetCluster retrieves a cluster by ID +func (cm *ClusterManager) GetCluster(ctx context.Context, clusterID string) (*NamespaceCluster, error) { + var clusters []NamespaceCluster + query := `SELECT * FROM namespace_clusters WHERE id = ?` + if err := cm.db.Query(ctx, &clusters, query, clusterID); err != nil { + return nil, err + } + if len(clusters) == 0 { + return nil, nil + } + return &clusters[0], nil +} + +// GetClusterByNamespaceID retrieves a cluster by namespace ID +func (cm *ClusterManager) GetClusterByNamespaceID(ctx context.Context, namespaceID int64) (*NamespaceCluster, error) { + var clusters []NamespaceCluster + query := `SELECT * FROM namespace_clusters WHERE namespace_id = ?` + if err := cm.db.Query(ctx, &clusters, query, namespaceID); err != nil { + return nil, err + } + if len(clusters) == 0 { + return nil, nil + } + return &clusters[0], nil +} + +// GetClusterByNamespace retrieves a cluster by namespace name +func (cm *ClusterManager) GetClusterByNamespace(ctx context.Context, namespaceName string) (*NamespaceCluster, error) { + var clusters []NamespaceCluster + query := `SELECT * FROM namespace_clusters WHERE namespace_name = ?` + if err := cm.db.Query(ctx, &clusters, query, namespaceName); err != nil { + return nil, err + } + if len(clusters) == 0 { + return nil, nil + } + return &clusters[0], nil +} + +// Database helper methods + +func (cm *ClusterManager) insertCluster(ctx context.Context, cluster *NamespaceCluster) error { + query := ` + INSERT INTO namespace_clusters ( + id, namespace_id, namespace_name, status, + rqlite_node_count, olric_node_count, gateway_node_count, + provisioned_by, provisioned_at + ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?) + ` + _, err := cm.db.Exec(ctx, query, + cluster.ID, cluster.NamespaceID, cluster.NamespaceName, cluster.Status, + cluster.RQLiteNodeCount, cluster.OlricNodeCount, cluster.GatewayNodeCount, + cluster.ProvisionedBy, cluster.ProvisionedAt, + ) + return err +} + +func (cm *ClusterManager) updateClusterStatus(ctx context.Context, clusterID string, status ClusterStatus, errorMsg string) error { + var query string + var args []interface{} + + if status == ClusterStatusReady { + query = `UPDATE namespace_clusters SET status = ?, ready_at = ?, error_message = '' WHERE id = ?` + args = []interface{}{status, time.Now(), clusterID} + } else { + query = `UPDATE namespace_clusters SET status = ?, error_message = ? WHERE id = ?` + args = []interface{}{status, errorMsg, clusterID} + } + + _, err := cm.db.Exec(ctx, query, args...) + return err +} + +func (cm *ClusterManager) insertClusterNode(ctx context.Context, clusterID, nodeID string, role NodeRole, portBlock *PortBlock) error { + query := ` + INSERT INTO namespace_cluster_nodes ( + id, namespace_cluster_id, node_id, role, status, + rqlite_http_port, rqlite_raft_port, + olric_http_port, olric_memberlist_port, + gateway_http_port, created_at, updated_at + ) VALUES (?, ?, ?, ?, 'running', ?, ?, ?, ?, ?, ?, ?) + ` + now := time.Now() + _, err := cm.db.Exec(ctx, query, + uuid.New().String(), clusterID, nodeID, role, + portBlock.RQLiteHTTPPort, portBlock.RQLiteRaftPort, + portBlock.OlricHTTPPort, portBlock.OlricMemberlistPort, + portBlock.GatewayHTTPPort, now, now, + ) + return err +} + +func (cm *ClusterManager) getClusterNodes(ctx context.Context, clusterID string) ([]ClusterNode, error) { + var nodes []ClusterNode + query := `SELECT * FROM namespace_cluster_nodes WHERE namespace_cluster_id = ?` + if err := cm.db.Query(ctx, &nodes, query, clusterID); err != nil { + return nil, err + } + return nodes, nil +} + +func (cm *ClusterManager) logEvent(ctx context.Context, clusterID string, eventType EventType, nodeID, message string, metadata map[string]interface{}) { + metadataJSON := "" + if metadata != nil { + if data, err := json.Marshal(metadata); err == nil { + metadataJSON = string(data) + } + } + + query := ` + INSERT INTO namespace_cluster_events (id, namespace_cluster_id, event_type, node_id, message, metadata, created_at) + VALUES (?, ?, ?, ?, ?, ?, ?) + ` + _, err := cm.db.Exec(ctx, query, uuid.New().String(), clusterID, eventType, nodeID, message, metadataJSON, time.Now()) + if err != nil { + cm.logger.Warn("Failed to log cluster event", zap.Error(err)) + } +} + +// ClusterProvisioner interface implementation + +// CheckNamespaceCluster checks if a namespace has a cluster and returns its status. +// Returns: (clusterID, status, needsProvisioning, error) +// - If the namespace is "default", returns ("", "default", false, nil) as it uses the global cluster +// - If a cluster exists and is ready/provisioning, returns (clusterID, status, false, nil) +// - If no cluster exists or cluster failed, returns ("", "", true, nil) to indicate provisioning is needed +func (cm *ClusterManager) CheckNamespaceCluster(ctx context.Context, namespaceName string) (string, string, bool, error) { + // Default namespace uses the global cluster, no per-namespace cluster needed + if namespaceName == "default" || namespaceName == "" { + return "", "default", false, nil + } + + cluster, err := cm.GetClusterByNamespace(ctx, namespaceName) + if err != nil { + return "", "", false, err + } + + if cluster == nil { + // No cluster exists, provisioning is needed + return "", "", true, nil + } + + // If the cluster failed, delete the old record and trigger re-provisioning + if cluster.Status == ClusterStatusFailed { + cm.logger.Info("Found failed cluster, will re-provision", + zap.String("namespace", namespaceName), + zap.String("cluster_id", cluster.ID), + ) + // Delete the failed cluster record + query := `DELETE FROM namespace_clusters WHERE id = ?` + cm.db.Exec(ctx, query, cluster.ID) + // Also clean up any port allocations + cm.portAllocator.DeallocateAllPortBlocks(ctx, cluster.ID) + return "", "", true, nil + } + + // Return current status + return cluster.ID, string(cluster.Status), false, nil +} + +// ProvisionNamespaceCluster triggers provisioning for a new namespace cluster. +// Returns: (clusterID, pollURL, error) +// This starts an async provisioning process and returns immediately with the cluster ID +// and a URL to poll for status updates. +func (cm *ClusterManager) ProvisionNamespaceCluster(ctx context.Context, namespaceID int, namespaceName, wallet string) (string, string, error) { + // Check if already provisioning + cm.provisioningMu.Lock() + if cm.provisioning[namespaceName] { + cm.provisioningMu.Unlock() + // Return existing cluster ID if found + cluster, _ := cm.GetClusterByNamespace(ctx, namespaceName) + if cluster != nil { + return cluster.ID, "/v1/namespace/status?id=" + cluster.ID, nil + } + return "", "", fmt.Errorf("namespace %s is already being provisioned", namespaceName) + } + cm.provisioning[namespaceName] = true + cm.provisioningMu.Unlock() + + // Create cluster record synchronously to get the ID + cluster := &NamespaceCluster{ + ID: uuid.New().String(), + NamespaceID: namespaceID, + NamespaceName: namespaceName, + Status: ClusterStatusProvisioning, + RQLiteNodeCount: 3, + OlricNodeCount: 3, + GatewayNodeCount: 3, + ProvisionedBy: wallet, + ProvisionedAt: time.Now(), + } + + // Insert cluster record + if err := cm.insertCluster(ctx, cluster); err != nil { + cm.provisioningMu.Lock() + delete(cm.provisioning, namespaceName) + cm.provisioningMu.Unlock() + return "", "", fmt.Errorf("failed to insert cluster record: %w", err) + } + + cm.logEvent(ctx, cluster.ID, EventProvisioningStarted, "", "Cluster provisioning started", nil) + + // Start actual provisioning in background goroutine + go cm.provisionClusterAsync(cluster, namespaceID, namespaceName, wallet) + + pollURL := "/v1/namespace/status?id=" + cluster.ID + return cluster.ID, pollURL, nil +} + +// provisionClusterAsync performs the actual cluster provisioning in the background +func (cm *ClusterManager) provisionClusterAsync(cluster *NamespaceCluster, namespaceID int, namespaceName, provisionedBy string) { + defer func() { + cm.provisioningMu.Lock() + delete(cm.provisioning, namespaceName) + cm.provisioningMu.Unlock() + }() + + ctx := context.Background() + + cm.logger.Info("Starting async cluster provisioning", + zap.String("cluster_id", cluster.ID), + zap.String("namespace", namespaceName), + zap.Int("namespace_id", namespaceID), + zap.String("provisioned_by", provisionedBy), + ) + + // Select 3 nodes for the cluster + nodes, err := cm.nodeSelector.SelectNodesForCluster(ctx, 3) + if err != nil { + cm.updateClusterStatus(ctx, cluster.ID, ClusterStatusFailed, err.Error()) + cm.logger.Error("Failed to select nodes for cluster", zap.Error(err)) + return + } + + nodeIDs := make([]string, len(nodes)) + for i, n := range nodes { + nodeIDs[i] = n.NodeID + } + cm.logEvent(ctx, cluster.ID, EventNodesSelected, "", "Selected nodes for cluster", map[string]interface{}{"nodes": nodeIDs}) + + // Allocate ports on each node + portBlocks := make([]*PortBlock, len(nodes)) + for i, node := range nodes { + block, err := cm.portAllocator.AllocatePortBlock(ctx, node.NodeID, cluster.ID) + if err != nil { + // Rollback previous allocations + for j := 0; j < i; j++ { + cm.portAllocator.DeallocatePortBlock(ctx, cluster.ID, nodes[j].NodeID) + } + cm.updateClusterStatus(ctx, cluster.ID, ClusterStatusFailed, err.Error()) + cm.logger.Error("Failed to allocate ports", zap.Error(err)) + return + } + portBlocks[i] = block + cm.logEvent(ctx, cluster.ID, EventPortsAllocated, node.NodeID, + fmt.Sprintf("Allocated ports %d-%d", block.PortStart, block.PortEnd), nil) + } + + // Start RQLite instances (leader first, then followers) + rqliteInstances, err := cm.startRQLiteCluster(ctx, cluster, nodes, portBlocks) + if err != nil { + cm.rollbackProvisioning(ctx, cluster, nodes, portBlocks, nil, nil) + cm.logger.Error("Failed to start RQLite cluster", zap.Error(err)) + return + } + + // Start Olric instances + olricInstances, err := cm.startOlricCluster(ctx, cluster, nodes, portBlocks) + if err != nil { + cm.rollbackProvisioning(ctx, cluster, nodes, portBlocks, rqliteInstances, nil) + cm.logger.Error("Failed to start Olric cluster", zap.Error(err)) + return + } + + // Start Gateway instances (optional - may not be available in dev mode) + _, err = cm.startGatewayCluster(ctx, cluster, nodes, portBlocks, rqliteInstances, olricInstances) + if err != nil { + // Check if this is a "binary not found" error - if so, continue without gateways + if strings.Contains(err.Error(), "gateway binary not found") { + cm.logger.Warn("Skipping namespace gateway spawning (binary not available)", + zap.String("namespace", cluster.NamespaceName), + zap.Error(err), + ) + cm.logEvent(ctx, cluster.ID, "gateway_skipped", "", "Gateway binary not available, cluster will use main gateway", nil) + } else { + cm.rollbackProvisioning(ctx, cluster, nodes, portBlocks, rqliteInstances, olricInstances) + cm.logger.Error("Failed to start Gateway cluster", zap.Error(err)) + return + } + } + + // Create DNS records for namespace gateway + if err := cm.createDNSRecords(ctx, cluster, nodes, portBlocks); err != nil { + cm.logger.Warn("Failed to create DNS records", zap.Error(err)) + // Don't fail provisioning for DNS errors + } + + // Update cluster status to ready + now := time.Now() + cluster.Status = ClusterStatusReady + cluster.ReadyAt = &now + cm.updateClusterStatus(ctx, cluster.ID, ClusterStatusReady, "") + cm.logEvent(ctx, cluster.ID, EventClusterReady, "", "Cluster is ready", nil) + + cm.logger.Info("Cluster provisioning completed", + zap.String("cluster_id", cluster.ID), + zap.String("namespace", namespaceName), + ) +} + +// RestoreLocalClusters restores namespace cluster processes that should be running on this node. +// Called on node startup to re-spawn RQLite, Olric, and Gateway processes for clusters +// that were previously provisioned and assigned to this node. +func (cm *ClusterManager) RestoreLocalClusters(ctx context.Context) error { + if cm.localNodeID == "" { + return fmt.Errorf("local node ID not set") + } + + cm.logger.Info("Checking for namespace clusters to restore", zap.String("local_node_id", cm.localNodeID)) + + // Find all ready clusters that have this node assigned + type clusterNodeInfo struct { + ClusterID string `db:"namespace_cluster_id"` + NamespaceName string `db:"namespace_name"` + NodeID string `db:"node_id"` + Role string `db:"role"` + } + var assignments []clusterNodeInfo + query := ` + SELECT DISTINCT cn.namespace_cluster_id, c.namespace_name, cn.node_id, cn.role + FROM namespace_cluster_nodes cn + JOIN namespace_clusters c ON cn.namespace_cluster_id = c.id + WHERE cn.node_id = ? AND c.status = 'ready' + ` + if err := cm.db.Query(ctx, &assignments, query, cm.localNodeID); err != nil { + return fmt.Errorf("failed to query local cluster assignments: %w", err) + } + + if len(assignments) == 0 { + cm.logger.Info("No namespace clusters to restore on this node") + return nil + } + + // Group by cluster + clusterNamespaces := make(map[string]string) // clusterID -> namespaceName + for _, a := range assignments { + clusterNamespaces[a.ClusterID] = a.NamespaceName + } + + cm.logger.Info("Found namespace clusters to restore", + zap.Int("count", len(clusterNamespaces)), + zap.String("local_node_id", cm.localNodeID), + ) + + // Get local node's WireGuard IP + type nodeIPInfo struct { + InternalIP string `db:"internal_ip"` + } + var localNodeInfo []nodeIPInfo + ipQuery := `SELECT COALESCE(internal_ip, ip_address) as internal_ip FROM dns_nodes WHERE id = ? LIMIT 1` + if err := cm.db.Query(ctx, &localNodeInfo, ipQuery, cm.localNodeID); err != nil || len(localNodeInfo) == 0 { + cm.logger.Warn("Could not determine local node IP, skipping restore", zap.Error(err)) + return fmt.Errorf("failed to get local node IP: %w", err) + } + localIP := localNodeInfo[0].InternalIP + + for clusterID, namespaceName := range clusterNamespaces { + if err := cm.restoreClusterOnNode(ctx, clusterID, namespaceName, localIP); err != nil { + cm.logger.Error("Failed to restore namespace cluster", + zap.String("namespace", namespaceName), + zap.String("cluster_id", clusterID), + zap.Error(err), + ) + // Continue restoring other clusters + } + } + + return nil +} + +// restoreClusterOnNode restores all processes for a single cluster on this node +func (cm *ClusterManager) restoreClusterOnNode(ctx context.Context, clusterID, namespaceName, localIP string) error { + cm.logger.Info("Restoring namespace cluster processes", + zap.String("namespace", namespaceName), + zap.String("cluster_id", clusterID), + ) + + // Get port allocation for this node + var portBlocks []PortBlock + portQuery := `SELECT * FROM namespace_port_allocations WHERE namespace_cluster_id = ? AND node_id = ?` + if err := cm.db.Query(ctx, &portBlocks, portQuery, clusterID, cm.localNodeID); err != nil || len(portBlocks) == 0 { + return fmt.Errorf("no port allocation found for cluster %s on node %s", clusterID, cm.localNodeID) + } + pb := &portBlocks[0] + + // Get all nodes in this cluster (for join addresses and peer addresses) + allNodes, err := cm.getClusterNodes(ctx, clusterID) + if err != nil { + return fmt.Errorf("failed to get cluster nodes: %w", err) + } + + // Get all nodes' IPs and port allocations + type nodePortInfo struct { + NodeID string `db:"node_id"` + InternalIP string `db:"internal_ip"` + RQLiteHTTPPort int `db:"rqlite_http_port"` + RQLiteRaftPort int `db:"rqlite_raft_port"` + OlricHTTPPort int `db:"olric_http_port"` + OlricMemberlistPort int `db:"olric_memberlist_port"` + } + var allNodePorts []nodePortInfo + allPortsQuery := ` + SELECT pa.node_id, COALESCE(dn.internal_ip, dn.ip_address) as internal_ip, + pa.rqlite_http_port, pa.rqlite_raft_port, pa.olric_http_port, pa.olric_memberlist_port + FROM namespace_port_allocations pa + JOIN dns_nodes dn ON pa.node_id = dn.id + WHERE pa.namespace_cluster_id = ? + ` + if err := cm.db.Query(ctx, &allNodePorts, allPortsQuery, clusterID); err != nil { + return fmt.Errorf("failed to get all node ports: %w", err) + } + + // 1. Restore RQLite + // Check if RQLite systemd service is already running + rqliteRunning, _ := cm.systemdSpawner.systemdMgr.IsServiceActive(namespaceName, systemd.ServiceTypeRQLite) + if !rqliteRunning { + // Check if RQLite data directory exists (has existing data) + dataDir := filepath.Join(cm.baseDataDir, namespaceName, "rqlite", cm.localNodeID) + hasExistingData := false + if _, err := os.Stat(filepath.Join(dataDir, "raft")); err == nil { + hasExistingData = true + } + + if hasExistingData { + // Write peers.json for Raft cluster recovery (official RQLite mechanism). + // When all nodes restart simultaneously, Raft can't form quorum from stale state. + // peers.json tells rqlited the correct voter list so it can hold a fresh election. + var peers []rqlite.RaftPeer + for _, np := range allNodePorts { + raftAddr := fmt.Sprintf("%s:%d", np.InternalIP, np.RQLiteRaftPort) + peers = append(peers, rqlite.RaftPeer{ + ID: raftAddr, + Address: raftAddr, + NonVoter: false, + }) + } + if err := cm.writePeersJSON(dataDir, peers); err != nil { + cm.logger.Error("Failed to write peers.json", zap.String("namespace", namespaceName), zap.Error(err)) + } + } + + // Build join addresses for first-time joins (no existing data) + var joinAddrs []string + isLeader := false + if !hasExistingData { + // Deterministic leader selection: sort all node IDs and pick the first one. + // Every node independently computes the same result — no coordination needed. + // The elected leader bootstraps the cluster; followers use -join with retries + // to wait for the leader to become ready (up to 5 minutes). + sortedNodeIDs := make([]string, 0, len(allNodePorts)) + for _, np := range allNodePorts { + sortedNodeIDs = append(sortedNodeIDs, np.NodeID) + } + sort.Strings(sortedNodeIDs) + electedLeaderID := sortedNodeIDs[0] + + if cm.localNodeID == electedLeaderID { + isLeader = true + cm.logger.Info("Deterministic leader election: this node is the leader", + zap.String("namespace", namespaceName), + zap.String("node_id", cm.localNodeID)) + } else { + // Follower: join the elected leader's raft address + for _, np := range allNodePorts { + if np.NodeID == electedLeaderID { + joinAddrs = append(joinAddrs, fmt.Sprintf("%s:%d", np.InternalIP, np.RQLiteRaftPort)) + break + } + } + cm.logger.Info("Deterministic leader election: this node is a follower", + zap.String("namespace", namespaceName), + zap.String("node_id", cm.localNodeID), + zap.String("leader_id", electedLeaderID), + zap.Strings("join_addrs", joinAddrs)) + } + } + + rqliteCfg := rqlite.InstanceConfig{ + Namespace: namespaceName, + NodeID: cm.localNodeID, + HTTPPort: pb.RQLiteHTTPPort, + RaftPort: pb.RQLiteRaftPort, + HTTPAdvAddress: fmt.Sprintf("%s:%d", localIP, pb.RQLiteHTTPPort), + RaftAdvAddress: fmt.Sprintf("%s:%d", localIP, pb.RQLiteRaftPort), + JoinAddresses: joinAddrs, + IsLeader: isLeader, + } + + if err := cm.spawnRQLiteWithSystemd(ctx, rqliteCfg); err != nil { + cm.logger.Error("Failed to restore RQLite", zap.String("namespace", namespaceName), zap.Error(err)) + } else { + cm.logger.Info("Restored RQLite instance", zap.String("namespace", namespaceName), zap.Int("port", pb.RQLiteHTTPPort)) + } + } else { + cm.logger.Info("RQLite already running", zap.String("namespace", namespaceName), zap.Int("port", pb.RQLiteHTTPPort)) + } + + // 2. Restore Olric + olricRunning := false + conn, err := net.DialTimeout("tcp", fmt.Sprintf("localhost:%d", pb.OlricMemberlistPort), 2*time.Second) + if err == nil { + conn.Close() + olricRunning = true + } + + if !olricRunning { + var peers []string + for _, np := range allNodePorts { + if np.NodeID != cm.localNodeID { + peers = append(peers, fmt.Sprintf("%s:%d", np.InternalIP, np.OlricMemberlistPort)) + } + } + + olricCfg := olric.InstanceConfig{ + Namespace: namespaceName, + NodeID: cm.localNodeID, + HTTPPort: pb.OlricHTTPPort, + MemberlistPort: pb.OlricMemberlistPort, + BindAddr: localIP, + AdvertiseAddr: localIP, + PeerAddresses: peers, + } + + if err := cm.spawnOlricWithSystemd(ctx, olricCfg); err != nil { + cm.logger.Error("Failed to restore Olric", zap.String("namespace", namespaceName), zap.Error(err)) + } else { + cm.logger.Info("Restored Olric instance", zap.String("namespace", namespaceName), zap.Int("port", pb.OlricHTTPPort)) + } + } else { + cm.logger.Info("Olric already running", zap.String("namespace", namespaceName), zap.Int("port", pb.OlricMemberlistPort)) + } + + // 3. Restore Gateway + // Check if any cluster node has the gateway role (gateway may have been skipped during provisioning) + hasGateway := false + for _, node := range allNodes { + if node.Role == NodeRoleGateway { + hasGateway = true + break + } + } + + if hasGateway { + gwRunning := false + resp, err := http.Get(fmt.Sprintf("http://localhost:%d/v1/health", pb.GatewayHTTPPort)) + if err == nil { + resp.Body.Close() + gwRunning = true + } + + if !gwRunning { + // Build olric server addresses — always use WireGuard IPs (Olric binds to WireGuard interface) + var olricServers []string + for _, np := range allNodePorts { + olricServers = append(olricServers, fmt.Sprintf("%s:%d", np.InternalIP, np.OlricHTTPPort)) + } + + gwCfg := gateway.InstanceConfig{ + Namespace: namespaceName, + NodeID: cm.localNodeID, + HTTPPort: pb.GatewayHTTPPort, + BaseDomain: cm.baseDomain, + RQLiteDSN: fmt.Sprintf("http://localhost:%d", pb.RQLiteHTTPPort), + GlobalRQLiteDSN: cm.globalRQLiteDSN, + OlricServers: olricServers, + OlricTimeout: 30 * time.Second, + IPFSClusterAPIURL: cm.ipfsClusterAPIURL, + IPFSAPIURL: cm.ipfsAPIURL, + IPFSTimeout: cm.ipfsTimeout, + IPFSReplicationFactor: cm.ipfsReplicationFactor, + } + + if err := cm.spawnGatewayWithSystemd(ctx, gwCfg); err != nil { + cm.logger.Error("Failed to restore Gateway", zap.String("namespace", namespaceName), zap.Error(err)) + } else { + cm.logger.Info("Restored Gateway instance", zap.String("namespace", namespaceName), zap.Int("port", pb.GatewayHTTPPort)) + } + } else { + cm.logger.Info("Gateway already running", zap.String("namespace", namespaceName), zap.Int("port", pb.GatewayHTTPPort)) + } + } + + // Save local state to disk for future restarts without DB dependency + var stateNodes []ClusterLocalStateNode + for _, np := range allNodePorts { + stateNodes = append(stateNodes, ClusterLocalStateNode{ + NodeID: np.NodeID, + InternalIP: np.InternalIP, + RQLiteHTTPPort: np.RQLiteHTTPPort, + RQLiteRaftPort: np.RQLiteRaftPort, + OlricHTTPPort: np.OlricHTTPPort, + OlricMemberlistPort: np.OlricMemberlistPort, + }) + } + localState := &ClusterLocalState{ + ClusterID: clusterID, + NamespaceName: namespaceName, + LocalNodeID: cm.localNodeID, + LocalIP: localIP, + LocalPorts: ClusterLocalStatePorts{ + RQLiteHTTPPort: pb.RQLiteHTTPPort, + RQLiteRaftPort: pb.RQLiteRaftPort, + OlricHTTPPort: pb.OlricHTTPPort, + OlricMemberlistPort: pb.OlricMemberlistPort, + GatewayHTTPPort: pb.GatewayHTTPPort, + }, + AllNodes: stateNodes, + HasGateway: hasGateway, + BaseDomain: cm.baseDomain, + SavedAt: time.Now(), + } + if err := cm.saveLocalState(localState); err != nil { + cm.logger.Warn("Failed to save cluster local state", zap.String("namespace", namespaceName), zap.Error(err)) + } + + return nil +} + +// ClusterLocalState is persisted to disk so namespace processes can be restored +// without querying the main RQLite cluster (which may not have a leader yet on cold start). +type ClusterLocalState struct { + ClusterID string `json:"cluster_id"` + NamespaceName string `json:"namespace_name"` + LocalNodeID string `json:"local_node_id"` + LocalIP string `json:"local_ip"` + LocalPorts ClusterLocalStatePorts `json:"local_ports"` + AllNodes []ClusterLocalStateNode `json:"all_nodes"` + HasGateway bool `json:"has_gateway"` + BaseDomain string `json:"base_domain"` + SavedAt time.Time `json:"saved_at"` +} + +type ClusterLocalStatePorts struct { + RQLiteHTTPPort int `json:"rqlite_http_port"` + RQLiteRaftPort int `json:"rqlite_raft_port"` + OlricHTTPPort int `json:"olric_http_port"` + OlricMemberlistPort int `json:"olric_memberlist_port"` + GatewayHTTPPort int `json:"gateway_http_port"` +} + +type ClusterLocalStateNode struct { + NodeID string `json:"node_id"` + InternalIP string `json:"internal_ip"` + RQLiteHTTPPort int `json:"rqlite_http_port"` + RQLiteRaftPort int `json:"rqlite_raft_port"` + OlricHTTPPort int `json:"olric_http_port"` + OlricMemberlistPort int `json:"olric_memberlist_port"` +} + +// saveLocalState writes cluster state to disk for fast recovery without DB queries. +func (cm *ClusterManager) saveLocalState(state *ClusterLocalState) error { + dir := filepath.Join(cm.baseDataDir, state.NamespaceName) + if err := os.MkdirAll(dir, 0755); err != nil { + return fmt.Errorf("failed to create state dir: %w", err) + } + data, err := json.MarshalIndent(state, "", " ") + if err != nil { + return fmt.Errorf("failed to marshal state: %w", err) + } + path := filepath.Join(dir, "cluster-state.json") + if err := os.WriteFile(path, data, 0644); err != nil { + return fmt.Errorf("failed to write state file: %w", err) + } + cm.logger.Info("Saved cluster local state", zap.String("namespace", state.NamespaceName), zap.String("path", path)) + return nil +} + +// loadLocalState reads cluster state from disk. +func loadLocalState(path string) (*ClusterLocalState, error) { + data, err := os.ReadFile(path) + if err != nil { + return nil, err + } + var state ClusterLocalState + if err := json.Unmarshal(data, &state); err != nil { + return nil, fmt.Errorf("failed to parse state file: %w", err) + } + return &state, nil +} + +// RestoreLocalClustersFromDisk restores namespace processes using local state files, +// avoiding any dependency on the main RQLite cluster being available. +// Returns the number of namespaces restored, or -1 if no state files were found. +func (cm *ClusterManager) RestoreLocalClustersFromDisk(ctx context.Context) (int, error) { + pattern := filepath.Join(cm.baseDataDir, "*", "cluster-state.json") + matches, err := filepath.Glob(pattern) + if err != nil { + return -1, fmt.Errorf("failed to glob state files: %w", err) + } + if len(matches) == 0 { + return -1, nil + } + + cm.logger.Info("Found local cluster state files", zap.Int("count", len(matches))) + + restored := 0 + for _, path := range matches { + state, err := loadLocalState(path) + if err != nil { + cm.logger.Error("Failed to load cluster state file", zap.String("path", path), zap.Error(err)) + continue + } + if err := cm.restoreClusterFromState(ctx, state); err != nil { + cm.logger.Error("Failed to restore cluster from state", zap.String("namespace", state.NamespaceName), zap.Error(err)) + continue + } + restored++ + } + return restored, nil +} + +// restoreClusterFromState restores all processes for a cluster using local state (no DB queries). +func (cm *ClusterManager) restoreClusterFromState(ctx context.Context, state *ClusterLocalState) error { + cm.logger.Info("Restoring namespace cluster from local state", + zap.String("namespace", state.NamespaceName), + zap.String("cluster_id", state.ClusterID), + ) + + pb := &state.LocalPorts + localIP := state.LocalIP + + // 1. Restore RQLite + // Check if RQLite systemd service is already running + rqliteRunning, _ := cm.systemdSpawner.systemdMgr.IsServiceActive(state.NamespaceName, systemd.ServiceTypeRQLite) + if !rqliteRunning { + // Check if RQLite data directory exists (has existing data) + dataDir := filepath.Join(cm.baseDataDir, state.NamespaceName, "rqlite", cm.localNodeID) + hasExistingData := false + if _, err := os.Stat(filepath.Join(dataDir, "raft")); err == nil { + hasExistingData = true + } + + if hasExistingData { + var peers []rqlite.RaftPeer + for _, np := range state.AllNodes { + raftAddr := fmt.Sprintf("%s:%d", np.InternalIP, np.RQLiteRaftPort) + peers = append(peers, rqlite.RaftPeer{ID: raftAddr, Address: raftAddr, NonVoter: false}) + } + if err := cm.writePeersJSON(dataDir, peers); err != nil { + cm.logger.Error("Failed to write peers.json", zap.String("namespace", state.NamespaceName), zap.Error(err)) + } + } + + var joinAddrs []string + isLeader := false + if !hasExistingData { + sortedNodeIDs := make([]string, 0, len(state.AllNodes)) + for _, np := range state.AllNodes { + sortedNodeIDs = append(sortedNodeIDs, np.NodeID) + } + sort.Strings(sortedNodeIDs) + electedLeaderID := sortedNodeIDs[0] + + if cm.localNodeID == electedLeaderID { + isLeader = true + } else { + for _, np := range state.AllNodes { + if np.NodeID == electedLeaderID { + joinAddrs = append(joinAddrs, fmt.Sprintf("%s:%d", np.InternalIP, np.RQLiteRaftPort)) + break + } + } + } + } + + rqliteCfg := rqlite.InstanceConfig{ + Namespace: state.NamespaceName, + NodeID: cm.localNodeID, + HTTPPort: pb.RQLiteHTTPPort, + RaftPort: pb.RQLiteRaftPort, + HTTPAdvAddress: fmt.Sprintf("%s:%d", localIP, pb.RQLiteHTTPPort), + RaftAdvAddress: fmt.Sprintf("%s:%d", localIP, pb.RQLiteRaftPort), + JoinAddresses: joinAddrs, + IsLeader: isLeader, + } + if err := cm.spawnRQLiteWithSystemd(ctx, rqliteCfg); err != nil { + cm.logger.Error("Failed to restore RQLite from state", zap.String("namespace", state.NamespaceName), zap.Error(err)) + } else { + cm.logger.Info("Restored RQLite instance from state", zap.String("namespace", state.NamespaceName)) + } + } + + // 2. Restore Olric + conn, err := net.DialTimeout("tcp", fmt.Sprintf("localhost:%d", pb.OlricMemberlistPort), 2*time.Second) + if err == nil { + conn.Close() + } else { + var peers []string + for _, np := range state.AllNodes { + if np.NodeID != cm.localNodeID { + peers = append(peers, fmt.Sprintf("%s:%d", np.InternalIP, np.OlricMemberlistPort)) + } + } + olricCfg := olric.InstanceConfig{ + Namespace: state.NamespaceName, + NodeID: cm.localNodeID, + HTTPPort: pb.OlricHTTPPort, + MemberlistPort: pb.OlricMemberlistPort, + BindAddr: localIP, + AdvertiseAddr: localIP, + PeerAddresses: peers, + } + if err := cm.spawnOlricWithSystemd(ctx, olricCfg); err != nil { + cm.logger.Error("Failed to restore Olric from state", zap.String("namespace", state.NamespaceName), zap.Error(err)) + } else { + cm.logger.Info("Restored Olric instance from state", zap.String("namespace", state.NamespaceName)) + } + } + + // 3. Restore Gateway + if state.HasGateway { + resp, err := http.Get(fmt.Sprintf("http://localhost:%d/v1/health", pb.GatewayHTTPPort)) + if err == nil { + resp.Body.Close() + } else { + // Build olric server addresses — always use WireGuard IPs (Olric binds to WireGuard interface) + var olricServers []string + for _, np := range state.AllNodes { + olricServers = append(olricServers, fmt.Sprintf("%s:%d", np.InternalIP, np.OlricHTTPPort)) + } + gwCfg := gateway.InstanceConfig{ + Namespace: state.NamespaceName, + NodeID: cm.localNodeID, + HTTPPort: pb.GatewayHTTPPort, + BaseDomain: state.BaseDomain, + RQLiteDSN: fmt.Sprintf("http://localhost:%d", pb.RQLiteHTTPPort), + GlobalRQLiteDSN: cm.globalRQLiteDSN, + OlricServers: olricServers, + OlricTimeout: 30 * time.Second, + IPFSClusterAPIURL: cm.ipfsClusterAPIURL, + IPFSAPIURL: cm.ipfsAPIURL, + IPFSTimeout: cm.ipfsTimeout, + IPFSReplicationFactor: cm.ipfsReplicationFactor, + } + if err := cm.spawnGatewayWithSystemd(ctx, gwCfg); err != nil { + cm.logger.Error("Failed to restore Gateway from state", zap.String("namespace", state.NamespaceName), zap.Error(err)) + } else { + cm.logger.Info("Restored Gateway instance from state", zap.String("namespace", state.NamespaceName)) + } + } + } + + return nil +} + +// GetClusterStatusByID returns the full status of a cluster by ID. +// This method is part of the ClusterProvisioner interface used by the gateway. +// It returns a generic struct that matches the interface definition in auth/handlers.go. +func (cm *ClusterManager) GetClusterStatusByID(ctx context.Context, clusterID string) (interface{}, error) { + status, err := cm.GetClusterStatus(ctx, clusterID) + if err != nil { + return nil, err + } + + // Return as a map to avoid import cycles with the interface type + return map[string]interface{}{ + "cluster_id": status.ClusterID, + "namespace": status.Namespace, + "status": string(status.Status), + "nodes": status.Nodes, + "rqlite_ready": status.RQLiteReady, + "olric_ready": status.OlricReady, + "gateway_ready": status.GatewayReady, + "dns_ready": status.DNSReady, + "error": status.Error, + }, nil +} diff --git a/pkg/namespace/cluster_manager_test.go b/pkg/namespace/cluster_manager_test.go new file mode 100644 index 0000000..6588235 --- /dev/null +++ b/pkg/namespace/cluster_manager_test.go @@ -0,0 +1,395 @@ +package namespace + +import ( + "testing" + "time" + + "go.uber.org/zap" +) + +func TestClusterManagerConfig(t *testing.T) { + cfg := ClusterManagerConfig{ + BaseDomain: "orama-devnet.network", + BaseDataDir: "~/.orama/data/namespaces", + } + + if cfg.BaseDomain != "orama-devnet.network" { + t.Errorf("BaseDomain = %s, want orama-devnet.network", cfg.BaseDomain) + } + if cfg.BaseDataDir != "~/.orama/data/namespaces" { + t.Errorf("BaseDataDir = %s, want ~/.orama/data/namespaces", cfg.BaseDataDir) + } +} + +func TestNewClusterManager(t *testing.T) { + mockDB := newMockRQLiteClient() + logger := zap.NewNop() + cfg := ClusterManagerConfig{ + BaseDomain: "orama-devnet.network", + BaseDataDir: "/tmp/test-namespaces", + } + + manager := NewClusterManager(mockDB, cfg, logger) + + if manager == nil { + t.Fatal("NewClusterManager returned nil") + } +} + +func TestNamespaceCluster_InitialState(t *testing.T) { + now := time.Now() + + cluster := &NamespaceCluster{ + ID: "test-cluster-id", + NamespaceID: 1, + NamespaceName: "test-namespace", + Status: ClusterStatusProvisioning, + RQLiteNodeCount: DefaultRQLiteNodeCount, + OlricNodeCount: DefaultOlricNodeCount, + GatewayNodeCount: DefaultGatewayNodeCount, + ProvisionedBy: "test-user", + ProvisionedAt: now, + ReadyAt: nil, + ErrorMessage: "", + RetryCount: 0, + } + + // Verify initial state + if cluster.Status != ClusterStatusProvisioning { + t.Errorf("Initial status = %s, want %s", cluster.Status, ClusterStatusProvisioning) + } + if cluster.ReadyAt != nil { + t.Error("ReadyAt should be nil initially") + } + if cluster.ErrorMessage != "" { + t.Errorf("ErrorMessage should be empty initially, got %s", cluster.ErrorMessage) + } + if cluster.RetryCount != 0 { + t.Errorf("RetryCount should be 0 initially, got %d", cluster.RetryCount) + } +} + +func TestNamespaceCluster_DefaultNodeCounts(t *testing.T) { + cluster := &NamespaceCluster{ + RQLiteNodeCount: DefaultRQLiteNodeCount, + OlricNodeCount: DefaultOlricNodeCount, + GatewayNodeCount: DefaultGatewayNodeCount, + } + + if cluster.RQLiteNodeCount != 3 { + t.Errorf("RQLiteNodeCount = %d, want 3", cluster.RQLiteNodeCount) + } + if cluster.OlricNodeCount != 3 { + t.Errorf("OlricNodeCount = %d, want 3", cluster.OlricNodeCount) + } + if cluster.GatewayNodeCount != 3 { + t.Errorf("GatewayNodeCount = %d, want 3", cluster.GatewayNodeCount) + } +} + +func TestClusterProvisioningStatus_ReadinessFlags(t *testing.T) { + tests := []struct { + name string + rqliteReady bool + olricReady bool + gatewayReady bool + dnsReady bool + expectedAll bool + }{ + {"All ready", true, true, true, true, true}, + {"RQLite not ready", false, true, true, true, false}, + {"Olric not ready", true, false, true, true, false}, + {"Gateway not ready", true, true, false, true, false}, + {"DNS not ready", true, true, true, false, false}, + {"None ready", false, false, false, false, false}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + status := &ClusterProvisioningStatus{ + RQLiteReady: tt.rqliteReady, + OlricReady: tt.olricReady, + GatewayReady: tt.gatewayReady, + DNSReady: tt.dnsReady, + } + + allReady := status.RQLiteReady && status.OlricReady && status.GatewayReady && status.DNSReady + if allReady != tt.expectedAll { + t.Errorf("All ready = %v, want %v", allReady, tt.expectedAll) + } + }) + } +} + +func TestClusterStatusTransitions(t *testing.T) { + // Test valid status transitions + validTransitions := map[ClusterStatus][]ClusterStatus{ + ClusterStatusNone: {ClusterStatusProvisioning}, + ClusterStatusProvisioning: {ClusterStatusReady, ClusterStatusFailed}, + ClusterStatusReady: {ClusterStatusDegraded, ClusterStatusDeprovisioning}, + ClusterStatusDegraded: {ClusterStatusReady, ClusterStatusFailed, ClusterStatusDeprovisioning}, + ClusterStatusFailed: {ClusterStatusProvisioning, ClusterStatusDeprovisioning}, // Retry or delete + ClusterStatusDeprovisioning: {ClusterStatusNone}, + } + + for from, toList := range validTransitions { + for _, to := range toList { + t.Run(string(from)+"->"+string(to), func(t *testing.T) { + // This is a documentation test - it verifies the expected transitions + // The actual enforcement would be in the ClusterManager methods + if from == to && from != ClusterStatusNone { + t.Errorf("Status should not transition to itself: %s -> %s", from, to) + } + }) + } + } +} + +func TestClusterNode_RoleAssignment(t *testing.T) { + // Test that a node can have multiple roles + roles := []NodeRole{ + NodeRoleRQLiteLeader, + NodeRoleRQLiteFollower, + NodeRoleOlric, + NodeRoleGateway, + } + + // In the implementation, each node hosts all three services + // but we track them as separate role records + expectedRolesPerNode := 3 // RQLite (leader OR follower), Olric, Gateway + + // For a 3-node cluster + nodesCount := 3 + totalRoleRecords := nodesCount * expectedRolesPerNode + + if totalRoleRecords != 9 { + t.Errorf("Expected 9 role records for 3 nodes, got %d", totalRoleRecords) + } + + // Verify all roles are represented + if len(roles) != 4 { + t.Errorf("Expected 4 role types, got %d", len(roles)) + } +} + +func TestClusterEvent_LifecycleEvents(t *testing.T) { + // Test all lifecycle events are properly ordered + lifecycleOrder := []EventType{ + EventProvisioningStarted, + EventNodesSelected, + EventPortsAllocated, + EventRQLiteStarted, + EventRQLiteJoined, + EventRQLiteLeaderElected, + EventOlricStarted, + EventOlricJoined, + EventGatewayStarted, + EventDNSCreated, + EventClusterReady, + } + + // Verify we have all the events + if len(lifecycleOrder) != 11 { + t.Errorf("Expected 11 lifecycle events, got %d", len(lifecycleOrder)) + } + + // Verify they're all unique + seen := make(map[EventType]bool) + for _, event := range lifecycleOrder { + if seen[event] { + t.Errorf("Duplicate event type: %s", event) + } + seen[event] = true + } +} + +func TestClusterEvent_FailureEvents(t *testing.T) { + failureEvents := []EventType{ + EventClusterDegraded, + EventClusterFailed, + EventNodeFailed, + } + + for _, event := range failureEvents { + t.Run(string(event), func(t *testing.T) { + if event == "" { + t.Error("Event type should not be empty") + } + }) + } +} + +func TestClusterEvent_RecoveryEvents(t *testing.T) { + recoveryEvents := []EventType{ + EventNodeRecovered, + } + + for _, event := range recoveryEvents { + t.Run(string(event), func(t *testing.T) { + if event == "" { + t.Error("Event type should not be empty") + } + }) + } +} + +func TestClusterEvent_DeprovisioningEvents(t *testing.T) { + deprovisionEvents := []EventType{ + EventDeprovisionStarted, + EventDeprovisioned, + } + + for _, event := range deprovisionEvents { + t.Run(string(event), func(t *testing.T) { + if event == "" { + t.Error("Event type should not be empty") + } + }) + } +} + +func TestProvisioningResponse_PollURL(t *testing.T) { + clusterID := "test-cluster-123" + expectedPollURL := "/v1/namespace/status?id=test-cluster-123" + + pollURL := "/v1/namespace/status?id=" + clusterID + if pollURL != expectedPollURL { + t.Errorf("PollURL = %s, want %s", pollURL, expectedPollURL) + } +} + +func TestClusterManager_PortAllocationOrder(t *testing.T) { + // Verify the order of port assignments within a block + portStart := 10000 + + rqliteHTTP := portStart + 0 + rqliteRaft := portStart + 1 + olricHTTP := portStart + 2 + olricMemberlist := portStart + 3 + gatewayHTTP := portStart + 4 + + // Verify order + if rqliteHTTP != 10000 { + t.Errorf("RQLite HTTP port = %d, want 10000", rqliteHTTP) + } + if rqliteRaft != 10001 { + t.Errorf("RQLite Raft port = %d, want 10001", rqliteRaft) + } + if olricHTTP != 10002 { + t.Errorf("Olric HTTP port = %d, want 10002", olricHTTP) + } + if olricMemberlist != 10003 { + t.Errorf("Olric Memberlist port = %d, want 10003", olricMemberlist) + } + if gatewayHTTP != 10004 { + t.Errorf("Gateway HTTP port = %d, want 10004", gatewayHTTP) + } +} + +func TestClusterManager_DNSFormat(t *testing.T) { + // Test the DNS domain format for namespace gateways + baseDomain := "orama-devnet.network" + namespaceName := "alice" + + expectedDomain := "ns-alice.orama-devnet.network" + actualDomain := "ns-" + namespaceName + "." + baseDomain + + if actualDomain != expectedDomain { + t.Errorf("DNS domain = %s, want %s", actualDomain, expectedDomain) + } +} + +func TestClusterManager_RQLiteAddresses(t *testing.T) { + // Test RQLite advertised address format + nodeIP := "192.168.1.100" + + expectedHTTPAddr := "192.168.1.100:10000" + expectedRaftAddr := "192.168.1.100:10001" + + httpAddr := nodeIP + ":10000" + raftAddr := nodeIP + ":10001" + + if httpAddr != expectedHTTPAddr { + t.Errorf("HTTP address = %s, want %s", httpAddr, expectedHTTPAddr) + } + if raftAddr != expectedRaftAddr { + t.Errorf("Raft address = %s, want %s", raftAddr, expectedRaftAddr) + } +} + +func TestClusterManager_OlricPeerFormat(t *testing.T) { + // Test Olric peer address format + nodes := []struct { + ip string + port int + }{ + {"192.168.1.100", 10003}, + {"192.168.1.101", 10003}, + {"192.168.1.102", 10003}, + } + + peers := make([]string, len(nodes)) + for i, n := range nodes { + peers[i] = n.ip + ":10003" + } + + expected := []string{ + "192.168.1.100:10003", + "192.168.1.101:10003", + "192.168.1.102:10003", + } + + for i, peer := range peers { + if peer != expected[i] { + t.Errorf("Peer[%d] = %s, want %s", i, peer, expected[i]) + } + } +} + +func TestClusterManager_GatewayRQLiteDSN(t *testing.T) { + // Test the RQLite DSN format used by gateways + nodeIP := "192.168.1.100" + + expectedDSN := "http://192.168.1.100:10000" + actualDSN := "http://" + nodeIP + ":10000" + + if actualDSN != expectedDSN { + t.Errorf("RQLite DSN = %s, want %s", actualDSN, expectedDSN) + } +} + +func TestClusterManager_MinimumNodeRequirement(t *testing.T) { + // A cluster requires at least 3 nodes + minimumNodes := DefaultRQLiteNodeCount + + if minimumNodes < 3 { + t.Errorf("Minimum node count = %d, want at least 3 for fault tolerance", minimumNodes) + } +} + +func TestClusterManager_QuorumCalculation(t *testing.T) { + // For RQLite Raft consensus, quorum = (n/2) + 1 + tests := []struct { + nodes int + expectedQuorum int + canLoseNodes int + }{ + {3, 2, 1}, // 3 nodes: quorum=2, can lose 1 + {5, 3, 2}, // 5 nodes: quorum=3, can lose 2 + {7, 4, 3}, // 7 nodes: quorum=4, can lose 3 + } + + for _, tt := range tests { + t.Run(string(rune(tt.nodes+'0'))+" nodes", func(t *testing.T) { + quorum := (tt.nodes / 2) + 1 + if quorum != tt.expectedQuorum { + t.Errorf("Quorum for %d nodes = %d, want %d", tt.nodes, quorum, tt.expectedQuorum) + } + + canLose := tt.nodes - quorum + if canLose != tt.canLoseNodes { + t.Errorf("Can lose %d nodes, want %d", canLose, tt.canLoseNodes) + } + }) + } +} diff --git a/pkg/namespace/dns_manager.go b/pkg/namespace/dns_manager.go new file mode 100644 index 0000000..8febcf4 --- /dev/null +++ b/pkg/namespace/dns_manager.go @@ -0,0 +1,251 @@ +package namespace + +import ( + "context" + "fmt" + "time" + + "github.com/DeBrosOfficial/network/pkg/client" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "github.com/google/uuid" + "go.uber.org/zap" +) + +// DNSRecordManager manages DNS records for namespace clusters. +// It creates and deletes DNS A records for namespace gateway endpoints. +type DNSRecordManager struct { + db rqlite.Client + baseDomain string + logger *zap.Logger +} + +// NewDNSRecordManager creates a new DNS record manager +func NewDNSRecordManager(db rqlite.Client, baseDomain string, logger *zap.Logger) *DNSRecordManager { + return &DNSRecordManager{ + db: db, + baseDomain: baseDomain, + logger: logger.With(zap.String("component", "dns-record-manager")), + } +} + +// CreateNamespaceRecords creates DNS A records for a namespace cluster. +// Each namespace gets records for ns-{namespace}.{baseDomain} pointing to its gateway nodes. +// Multiple A records enable round-robin DNS load balancing. +func (drm *DNSRecordManager) CreateNamespaceRecords(ctx context.Context, namespaceName string, nodeIPs []string) error { + internalCtx := client.WithInternalAuth(ctx) + + if len(nodeIPs) == 0 { + return &ClusterError{Message: "no node IPs provided for DNS records"} + } + + // FQDN for namespace gateway: ns-{namespace}.{baseDomain}. + fqdn := fmt.Sprintf("ns-%s.%s.", namespaceName, drm.baseDomain) + + drm.logger.Info("Creating namespace DNS records", + zap.String("namespace", namespaceName), + zap.String("fqdn", fqdn), + zap.Strings("node_ips", nodeIPs), + ) + + // First, delete any existing records for this namespace + deleteQuery := `DELETE FROM dns_records WHERE fqdn = ? AND namespace = ?` + _, err := drm.db.Exec(internalCtx, deleteQuery, fqdn, "namespace:"+namespaceName) + if err != nil { + drm.logger.Warn("Failed to delete existing DNS records", zap.Error(err)) + // Continue anyway - the insert will just add more records + } + + // Create A records for each node IP + for _, ip := range nodeIPs { + recordID := uuid.New().String() + insertQuery := ` + INSERT INTO dns_records ( + id, fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at + ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) + ` + now := time.Now() + _, err := drm.db.Exec(internalCtx, insertQuery, + recordID, + fqdn, + "A", + ip, + 60, // 60 second TTL for quick failover + "namespace:"+namespaceName, // Track ownership with namespace prefix + "cluster-manager", // Created by the cluster manager + true, // Active + now, + now, + ) + if err != nil { + return &ClusterError{ + Message: fmt.Sprintf("failed to create DNS record for %s -> %s", fqdn, ip), + Cause: err, + } + } + } + + // Also create wildcard records for deployments under this namespace + // *.ns-{namespace}.{baseDomain} -> same IPs + wildcardFqdn := fmt.Sprintf("*.ns-%s.%s.", namespaceName, drm.baseDomain) + + // Delete existing wildcard records + _, _ = drm.db.Exec(internalCtx, deleteQuery, wildcardFqdn, "namespace:"+namespaceName) + + for _, ip := range nodeIPs { + recordID := uuid.New().String() + insertQuery := ` + INSERT INTO dns_records ( + id, fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at + ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) + ` + now := time.Now() + _, err := drm.db.Exec(internalCtx, insertQuery, + recordID, + wildcardFqdn, + "A", + ip, + 60, + "namespace:"+namespaceName, + "cluster-manager", + true, + now, + now, + ) + if err != nil { + drm.logger.Warn("Failed to create wildcard DNS record", + zap.String("fqdn", wildcardFqdn), + zap.String("ip", ip), + zap.Error(err), + ) + // Continue - wildcard is nice to have but not critical + } + } + + drm.logger.Info("Namespace DNS records created", + zap.String("namespace", namespaceName), + zap.Int("record_count", len(nodeIPs)*2), // A + wildcard + ) + + return nil +} + +// DeleteNamespaceRecords deletes all DNS records for a namespace +func (drm *DNSRecordManager) DeleteNamespaceRecords(ctx context.Context, namespaceName string) error { + internalCtx := client.WithInternalAuth(ctx) + + drm.logger.Info("Deleting namespace DNS records", + zap.String("namespace", namespaceName), + ) + + // Delete all records owned by this namespace + deleteQuery := `DELETE FROM dns_records WHERE namespace = ?` + _, err := drm.db.Exec(internalCtx, deleteQuery, "namespace:"+namespaceName) + if err != nil { + return &ClusterError{ + Message: "failed to delete namespace DNS records", + Cause: err, + } + } + + drm.logger.Info("Namespace DNS records deleted", + zap.String("namespace", namespaceName), + ) + + return nil +} + +// GetNamespaceGatewayIPs returns the IP addresses for a namespace's gateway +func (drm *DNSRecordManager) GetNamespaceGatewayIPs(ctx context.Context, namespaceName string) ([]string, error) { + internalCtx := client.WithInternalAuth(ctx) + + fqdn := fmt.Sprintf("ns-%s.%s.", namespaceName, drm.baseDomain) + + type recordRow struct { + Value string `db:"value"` + } + + var records []recordRow + query := `SELECT value FROM dns_records WHERE fqdn = ? AND record_type = 'A' AND is_active = TRUE` + err := drm.db.Query(internalCtx, &records, query, fqdn) + if err != nil { + return nil, &ClusterError{ + Message: "failed to query namespace DNS records", + Cause: err, + } + } + + ips := make([]string, len(records)) + for i, r := range records { + ips[i] = r.Value + } + + return ips, nil +} + +// UpdateNamespaceRecord updates a specific node's DNS record (for failover) +func (drm *DNSRecordManager) UpdateNamespaceRecord(ctx context.Context, namespaceName, oldIP, newIP string) error { + internalCtx := client.WithInternalAuth(ctx) + + fqdn := fmt.Sprintf("ns-%s.%s.", namespaceName, drm.baseDomain) + wildcardFqdn := fmt.Sprintf("*.ns-%s.%s.", namespaceName, drm.baseDomain) + + drm.logger.Info("Updating namespace DNS record", + zap.String("namespace", namespaceName), + zap.String("old_ip", oldIP), + zap.String("new_ip", newIP), + ) + + // Update both the main record and wildcard record + for _, f := range []string{fqdn, wildcardFqdn} { + updateQuery := `UPDATE dns_records SET value = ?, updated_at = ? WHERE fqdn = ? AND value = ?` + _, err := drm.db.Exec(internalCtx, updateQuery, newIP, time.Now(), f, oldIP) + if err != nil { + drm.logger.Warn("Failed to update DNS record", + zap.String("fqdn", f), + zap.Error(err), + ) + } + } + + return nil +} + +// DisableNamespaceRecord marks a specific IP's record as inactive (for temporary failover) +func (drm *DNSRecordManager) DisableNamespaceRecord(ctx context.Context, namespaceName, ip string) error { + internalCtx := client.WithInternalAuth(ctx) + + fqdn := fmt.Sprintf("ns-%s.%s.", namespaceName, drm.baseDomain) + wildcardFqdn := fmt.Sprintf("*.ns-%s.%s.", namespaceName, drm.baseDomain) + + drm.logger.Info("Disabling namespace DNS record", + zap.String("namespace", namespaceName), + zap.String("ip", ip), + ) + + for _, f := range []string{fqdn, wildcardFqdn} { + updateQuery := `UPDATE dns_records SET is_active = FALSE, updated_at = ? WHERE fqdn = ? AND value = ?` + _, _ = drm.db.Exec(internalCtx, updateQuery, time.Now(), f, ip) + } + + return nil +} + +// EnableNamespaceRecord marks a specific IP's record as active (for recovery) +func (drm *DNSRecordManager) EnableNamespaceRecord(ctx context.Context, namespaceName, ip string) error { + internalCtx := client.WithInternalAuth(ctx) + + fqdn := fmt.Sprintf("ns-%s.%s.", namespaceName, drm.baseDomain) + wildcardFqdn := fmt.Sprintf("*.ns-%s.%s.", namespaceName, drm.baseDomain) + + drm.logger.Info("Enabling namespace DNS record", + zap.String("namespace", namespaceName), + zap.String("ip", ip), + ) + + for _, f := range []string{fqdn, wildcardFqdn} { + updateQuery := `UPDATE dns_records SET is_active = TRUE, updated_at = ? WHERE fqdn = ? AND value = ?` + _, _ = drm.db.Exec(internalCtx, updateQuery, time.Now(), f, ip) + } + + return nil +} diff --git a/pkg/namespace/dns_manager_test.go b/pkg/namespace/dns_manager_test.go new file mode 100644 index 0000000..3fe682d --- /dev/null +++ b/pkg/namespace/dns_manager_test.go @@ -0,0 +1,217 @@ +package namespace + +import ( + "fmt" + "testing" + + "go.uber.org/zap" +) + +func TestDNSRecordManager_FQDNFormat(t *testing.T) { + // Test that FQDN is correctly formatted + tests := []struct { + namespace string + baseDomain string + expected string + }{ + {"alice", "orama-devnet.network", "ns-alice.orama-devnet.network."}, + {"bob", "orama-testnet.network", "ns-bob.orama-testnet.network."}, + {"my-namespace", "orama-mainnet.network", "ns-my-namespace.orama-mainnet.network."}, + {"test123", "example.com", "ns-test123.example.com."}, + } + + for _, tt := range tests { + t.Run(tt.namespace, func(t *testing.T) { + fqdn := fmt.Sprintf("ns-%s.%s.", tt.namespace, tt.baseDomain) + if fqdn != tt.expected { + t.Errorf("FQDN = %s, want %s", fqdn, tt.expected) + } + }) + } +} + +func TestDNSRecordManager_WildcardFQDNFormat(t *testing.T) { + // Test that wildcard FQDN is correctly formatted + tests := []struct { + namespace string + baseDomain string + expected string + }{ + {"alice", "orama-devnet.network", "*.ns-alice.orama-devnet.network."}, + {"bob", "orama-testnet.network", "*.ns-bob.orama-testnet.network."}, + } + + for _, tt := range tests { + t.Run(tt.namespace, func(t *testing.T) { + wildcardFqdn := fmt.Sprintf("*.ns-%s.%s.", tt.namespace, tt.baseDomain) + if wildcardFqdn != tt.expected { + t.Errorf("Wildcard FQDN = %s, want %s", wildcardFqdn, tt.expected) + } + }) + } +} + +func TestNewDNSRecordManager(t *testing.T) { + mockDB := newMockRQLiteClient() + logger := zap.NewNop() + baseDomain := "orama-devnet.network" + + manager := NewDNSRecordManager(mockDB, baseDomain, logger) + + if manager == nil { + t.Fatal("NewDNSRecordManager returned nil") + } +} + +func TestDNSRecordManager_NamespacePrefix(t *testing.T) { + // Test the namespace prefix used for tracking ownership + namespace := "my-namespace" + expected := "namespace:my-namespace" + + prefix := "namespace:" + namespace + if prefix != expected { + t.Errorf("Namespace prefix = %s, want %s", prefix, expected) + } +} + +func TestDNSRecordTTL(t *testing.T) { + // DNS records should have a 60-second TTL for quick failover + expectedTTL := 60 + + // This is testing the constant used in the code + ttl := 60 + if ttl != expectedTTL { + t.Errorf("TTL = %d, want %d", ttl, expectedTTL) + } +} + +func TestDNSRecordManager_MultipleDomainFormats(t *testing.T) { + // Test support for different domain formats + baseDomains := []string{ + "orama-devnet.network", + "orama-testnet.network", + "orama-mainnet.network", + "custom.example.com", + "subdomain.custom.example.com", + } + + for _, baseDomain := range baseDomains { + t.Run(baseDomain, func(t *testing.T) { + namespace := "test" + fqdn := fmt.Sprintf("ns-%s.%s.", namespace, baseDomain) + + // Verify FQDN ends with trailing dot + if fqdn[len(fqdn)-1] != '.' { + t.Errorf("FQDN should end with trailing dot: %s", fqdn) + } + + // Verify format is correct + expectedPrefix := "ns-test." + if len(fqdn) <= len(expectedPrefix) { + t.Errorf("FQDN too short: %s", fqdn) + } + if fqdn[:len(expectedPrefix)] != expectedPrefix { + t.Errorf("FQDN should start with %s: %s", expectedPrefix, fqdn) + } + }) + } +} + +func TestDNSRecordManager_IPValidation(t *testing.T) { + // Test IP address formats that should be accepted + validIPs := []string{ + "192.168.1.1", + "10.0.0.1", + "172.16.0.1", + "1.2.3.4", + "255.255.255.255", + } + + for _, ip := range validIPs { + t.Run(ip, func(t *testing.T) { + // Basic validation: IP should not be empty + if ip == "" { + t.Error("IP should not be empty") + } + }) + } +} + +func TestDNSRecordManager_EmptyNodeIPs(t *testing.T) { + // Creating records with empty node IPs should be an error + nodeIPs := []string{} + + if len(nodeIPs) == 0 { + // This condition should trigger the error in CreateNamespaceRecords + err := &ClusterError{Message: "no node IPs provided for DNS records"} + if err.Message != "no node IPs provided for DNS records" { + t.Error("Expected error message for empty IPs") + } + } +} + +func TestDNSRecordManager_RecordTypes(t *testing.T) { + // DNS records for namespace gateways should be A records + expectedRecordType := "A" + + recordType := "A" + if recordType != expectedRecordType { + t.Errorf("Record type = %s, want %s", recordType, expectedRecordType) + } +} + +func TestDNSRecordManager_CreatedByField(t *testing.T) { + // Records should be created by "cluster-manager" + expected := "cluster-manager" + + createdBy := "cluster-manager" + if createdBy != expected { + t.Errorf("CreatedBy = %s, want %s", createdBy, expected) + } +} + +func TestDNSRecordManager_RoundRobinConcept(t *testing.T) { + // Test that multiple A records for the same FQDN enable round-robin + nodeIPs := []string{ + "192.168.1.100", + "192.168.1.101", + "192.168.1.102", + } + + // For round-robin DNS, we need one A record per IP + expectedRecordCount := len(nodeIPs) + + if expectedRecordCount != 3 { + t.Errorf("Expected %d A records for round-robin, got %d", 3, expectedRecordCount) + } + + // Each IP should be unique + seen := make(map[string]bool) + for _, ip := range nodeIPs { + if seen[ip] { + t.Errorf("Duplicate IP in node list: %s", ip) + } + seen[ip] = true + } +} + +func TestDNSRecordManager_FQDNWithTrailingDot(t *testing.T) { + // DNS FQDNs should always end with a trailing dot + // This is important for proper DNS resolution + + tests := []struct { + input string + expected string + }{ + {"ns-alice.orama-devnet.network", "ns-alice.orama-devnet.network."}, + } + + for _, tt := range tests { + t.Run(tt.input, func(t *testing.T) { + fqdn := tt.input + "." + if fqdn != tt.expected { + t.Errorf("FQDN = %s, want %s", fqdn, tt.expected) + } + }) + } +} diff --git a/pkg/namespace/node_selector.go b/pkg/namespace/node_selector.go new file mode 100644 index 0000000..013adff --- /dev/null +++ b/pkg/namespace/node_selector.go @@ -0,0 +1,385 @@ +package namespace + +import ( + "context" + "sort" + "time" + + "github.com/DeBrosOfficial/network/pkg/client" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// ClusterNodeSelector selects optimal nodes for namespace clusters. +// It extends the existing capacity scoring system from deployments/home_node.go +// to select multiple nodes based on available capacity. +type ClusterNodeSelector struct { + db rqlite.Client + portAllocator *NamespacePortAllocator + logger *zap.Logger +} + +// NodeCapacity represents the capacity metrics for a single node +type NodeCapacity struct { + NodeID string `json:"node_id"` + IPAddress string `json:"ip_address"` + InternalIP string `json:"internal_ip"` // WireGuard IP for inter-node communication + DeploymentCount int `json:"deployment_count"` + AllocatedPorts int `json:"allocated_ports"` + AvailablePorts int `json:"available_ports"` + UsedMemoryMB int `json:"used_memory_mb"` + AvailableMemoryMB int `json:"available_memory_mb"` + UsedCPUPercent int `json:"used_cpu_percent"` + NamespaceInstanceCount int `json:"namespace_instance_count"` // Number of namespace clusters on this node + AvailableNamespaceSlots int `json:"available_namespace_slots"` // How many more namespace instances can fit + Score float64 `json:"score"` +} + +// NewClusterNodeSelector creates a new node selector +func NewClusterNodeSelector(db rqlite.Client, portAllocator *NamespacePortAllocator, logger *zap.Logger) *ClusterNodeSelector { + return &ClusterNodeSelector{ + db: db, + portAllocator: portAllocator, + logger: logger.With(zap.String("component", "cluster-node-selector")), + } +} + +// SelectNodesForCluster selects the optimal N nodes for a new namespace cluster. +// Returns the node IDs sorted by score (best first). +func (cns *ClusterNodeSelector) SelectNodesForCluster(ctx context.Context, nodeCount int) ([]NodeCapacity, error) { + internalCtx := client.WithInternalAuth(ctx) + + // Get all active nodes + activeNodes, err := cns.getActiveNodes(internalCtx) + if err != nil { + return nil, err + } + + cns.logger.Debug("Found active nodes", zap.Int("count", len(activeNodes))) + + // Filter nodes that have capacity for namespace instances + eligibleNodes := make([]NodeCapacity, 0) + for _, node := range activeNodes { + capacity, err := cns.getNodeCapacity(internalCtx, node.NodeID, node.IPAddress, node.InternalIP) + if err != nil { + cns.logger.Warn("Failed to get node capacity, skipping", + zap.String("node_id", node.NodeID), + zap.Error(err), + ) + continue + } + + // Only include nodes with available namespace slots + if capacity.AvailableNamespaceSlots > 0 { + eligibleNodes = append(eligibleNodes, *capacity) + } else { + cns.logger.Debug("Node at capacity, skipping", + zap.String("node_id", node.NodeID), + zap.Int("namespace_instances", capacity.NamespaceInstanceCount), + ) + } + } + + cns.logger.Debug("Eligible nodes after filtering", zap.Int("count", len(eligibleNodes))) + + // Check if we have enough nodes + if len(eligibleNodes) < nodeCount { + return nil, &ClusterError{ + Message: ErrInsufficientNodes.Message, + Cause: nil, + } + } + + // Sort by score (highest first) + sort.Slice(eligibleNodes, func(i, j int) bool { + return eligibleNodes[i].Score > eligibleNodes[j].Score + }) + + // Return top N nodes + selectedNodes := eligibleNodes[:nodeCount] + + cns.logger.Info("Selected nodes for cluster", + zap.Int("requested", nodeCount), + zap.Int("selected", len(selectedNodes)), + ) + + for i, node := range selectedNodes { + cns.logger.Debug("Selected node", + zap.Int("rank", i+1), + zap.String("node_id", node.NodeID), + zap.Float64("score", node.Score), + zap.Int("namespace_instances", node.NamespaceInstanceCount), + zap.Int("available_slots", node.AvailableNamespaceSlots), + ) + } + + return selectedNodes, nil +} + +// nodeInfo is used for querying active nodes +type nodeInfo struct { + NodeID string `db:"id"` + IPAddress string `db:"ip_address"` + InternalIP string `db:"internal_ip"` +} + +// getActiveNodes retrieves all active nodes from dns_nodes table +func (cns *ClusterNodeSelector) getActiveNodes(ctx context.Context) ([]nodeInfo, error) { + // Nodes must have checked in within last 2 minutes + cutoff := time.Now().Add(-2 * time.Minute) + + var results []nodeInfo + query := ` + SELECT id, ip_address, COALESCE(internal_ip, ip_address) as internal_ip FROM dns_nodes + WHERE status = 'active' AND last_seen > ? + ORDER BY id + ` + err := cns.db.Query(ctx, &results, query, cutoff.Format("2006-01-02 15:04:05")) + if err != nil { + return nil, &ClusterError{ + Message: "failed to query active nodes", + Cause: err, + } + } + + cns.logger.Debug("Found active nodes", + zap.Int("count", len(results)), + ) + + return results, nil +} + +// getNodeCapacity calculates capacity metrics for a single node +func (cns *ClusterNodeSelector) getNodeCapacity(ctx context.Context, nodeID, ipAddress, internalIP string) (*NodeCapacity, error) { + // Get deployment count + deploymentCount, err := cns.getDeploymentCount(ctx, nodeID) + if err != nil { + return nil, err + } + + // Get allocated deployment ports + allocatedPorts, err := cns.getDeploymentPortCount(ctx, nodeID) + if err != nil { + return nil, err + } + + // Get resource usage from home_node_assignments + totalMemoryMB, totalCPUPercent, err := cns.getNodeResourceUsage(ctx, nodeID) + if err != nil { + return nil, err + } + + // Get namespace instance count + namespaceInstanceCount, err := cns.portAllocator.GetNodeAllocationCount(ctx, nodeID) + if err != nil { + return nil, err + } + + // Calculate available capacity + const ( + maxDeployments = 100 + maxPorts = 9900 // User deployment port range + maxMemoryMB = 8192 // 8GB + maxCPUPercent = 400 // 4 cores + ) + + availablePorts := maxPorts - allocatedPorts + if availablePorts < 0 { + availablePorts = 0 + } + + availableMemoryMB := maxMemoryMB - totalMemoryMB + if availableMemoryMB < 0 { + availableMemoryMB = 0 + } + + availableNamespaceSlots := MaxNamespacesPerNode - namespaceInstanceCount + if availableNamespaceSlots < 0 { + availableNamespaceSlots = 0 + } + + // Calculate capacity score (0.0 to 1.0, higher is better) + // Extended from home_node.go to include namespace instance count + score := cns.calculateCapacityScore( + deploymentCount, maxDeployments, + allocatedPorts, maxPorts, + totalMemoryMB, maxMemoryMB, + totalCPUPercent, maxCPUPercent, + namespaceInstanceCount, MaxNamespacesPerNode, + ) + + capacity := &NodeCapacity{ + NodeID: nodeID, + IPAddress: ipAddress, + InternalIP: internalIP, + DeploymentCount: deploymentCount, + AllocatedPorts: allocatedPorts, + AvailablePorts: availablePorts, + UsedMemoryMB: totalMemoryMB, + AvailableMemoryMB: availableMemoryMB, + UsedCPUPercent: totalCPUPercent, + NamespaceInstanceCount: namespaceInstanceCount, + AvailableNamespaceSlots: availableNamespaceSlots, + Score: score, + } + + return capacity, nil +} + +// getDeploymentCount counts active deployments on a node +func (cns *ClusterNodeSelector) getDeploymentCount(ctx context.Context, nodeID string) (int, error) { + type countResult struct { + Count int `db:"count"` + } + + var results []countResult + query := `SELECT COUNT(*) as count FROM deployments WHERE home_node_id = ? AND status IN ('active', 'deploying')` + err := cns.db.Query(ctx, &results, query, nodeID) + if err != nil { + return 0, &ClusterError{ + Message: "failed to count deployments", + Cause: err, + } + } + + if len(results) == 0 { + return 0, nil + } + + return results[0].Count, nil +} + +// getDeploymentPortCount counts allocated deployment ports on a node +func (cns *ClusterNodeSelector) getDeploymentPortCount(ctx context.Context, nodeID string) (int, error) { + type countResult struct { + Count int `db:"count"` + } + + var results []countResult + query := `SELECT COUNT(*) as count FROM port_allocations WHERE node_id = ?` + err := cns.db.Query(ctx, &results, query, nodeID) + if err != nil { + return 0, &ClusterError{ + Message: "failed to count allocated ports", + Cause: err, + } + } + + if len(results) == 0 { + return 0, nil + } + + return results[0].Count, nil +} + +// getNodeResourceUsage sums up resource usage for all namespaces on a node +func (cns *ClusterNodeSelector) getNodeResourceUsage(ctx context.Context, nodeID string) (int, int, error) { + type resourceResult struct { + TotalMemoryMB int `db:"total_memory"` + TotalCPUPercent int `db:"total_cpu"` + } + + var results []resourceResult + query := ` + SELECT + COALESCE(SUM(total_memory_mb), 0) as total_memory, + COALESCE(SUM(total_cpu_percent), 0) as total_cpu + FROM home_node_assignments + WHERE home_node_id = ? + ` + err := cns.db.Query(ctx, &results, query, nodeID) + if err != nil { + return 0, 0, &ClusterError{ + Message: "failed to query resource usage", + Cause: err, + } + } + + if len(results) == 0 { + return 0, 0, nil + } + + return results[0].TotalMemoryMB, results[0].TotalCPUPercent, nil +} + +// calculateCapacityScore calculates a weighted capacity score (0.0 to 1.0) +// Higher scores indicate more available capacity +func (cns *ClusterNodeSelector) calculateCapacityScore( + deploymentCount, maxDeployments int, + allocatedPorts, maxPorts int, + usedMemoryMB, maxMemoryMB int, + usedCPUPercent, maxCPUPercent int, + namespaceInstances, maxNamespaceInstances int, +) float64 { + // Calculate individual component scores (0.0 to 1.0) + deploymentScore := 1.0 - (float64(deploymentCount) / float64(maxDeployments)) + if deploymentScore < 0 { + deploymentScore = 0 + } + + portScore := 1.0 - (float64(allocatedPorts) / float64(maxPorts)) + if portScore < 0 { + portScore = 0 + } + + memoryScore := 1.0 - (float64(usedMemoryMB) / float64(maxMemoryMB)) + if memoryScore < 0 { + memoryScore = 0 + } + + cpuScore := 1.0 - (float64(usedCPUPercent) / float64(maxCPUPercent)) + if cpuScore < 0 { + cpuScore = 0 + } + + namespaceScore := 1.0 - (float64(namespaceInstances) / float64(maxNamespaceInstances)) + if namespaceScore < 0 { + namespaceScore = 0 + } + + // Weighted average + // Namespace instance count gets significant weight since that's what we're optimizing for + // Weights: deployments 30%, ports 15%, memory 15%, cpu 15%, namespace instances 25% + totalScore := (deploymentScore * 0.30) + + (portScore * 0.15) + + (memoryScore * 0.15) + + (cpuScore * 0.15) + + (namespaceScore * 0.25) + + cns.logger.Debug("Calculated capacity score", + zap.Int("deployments", deploymentCount), + zap.Int("allocated_ports", allocatedPorts), + zap.Int("used_memory_mb", usedMemoryMB), + zap.Int("used_cpu_percent", usedCPUPercent), + zap.Int("namespace_instances", namespaceInstances), + zap.Float64("deployment_score", deploymentScore), + zap.Float64("port_score", portScore), + zap.Float64("memory_score", memoryScore), + zap.Float64("cpu_score", cpuScore), + zap.Float64("namespace_score", namespaceScore), + zap.Float64("total_score", totalScore), + ) + + return totalScore +} + +// GetNodeByID retrieves a node's information by ID +func (cns *ClusterNodeSelector) GetNodeByID(ctx context.Context, nodeID string) (*nodeInfo, error) { + internalCtx := client.WithInternalAuth(ctx) + + var results []nodeInfo + query := `SELECT id, ip_address, COALESCE(internal_ip, ip_address) as internal_ip FROM dns_nodes WHERE id = ? LIMIT 1` + err := cns.db.Query(internalCtx, &results, query, nodeID) + if err != nil { + return nil, &ClusterError{ + Message: "failed to query node", + Cause: err, + } + } + + if len(results) == 0 { + return nil, nil + } + + return &results[0], nil +} diff --git a/pkg/namespace/node_selector_test.go b/pkg/namespace/node_selector_test.go new file mode 100644 index 0000000..03cdbcc --- /dev/null +++ b/pkg/namespace/node_selector_test.go @@ -0,0 +1,227 @@ +package namespace + +import ( + "testing" + + "go.uber.org/zap" +) + +func TestCalculateCapacityScore_EmptyNode(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + portAllocator := NewNamespacePortAllocator(mockDB, logger) + selector := NewClusterNodeSelector(mockDB, portAllocator, logger) + + // Empty node should have score of 1.0 (100% available) + score := selector.calculateCapacityScore( + 0, 100, // deployments + 0, 9900, // ports + 0, 8192, // memory + 0, 400, // cpu + 0, 20, // namespace instances + ) + + if score != 1.0 { + t.Errorf("Empty node score = %f, want 1.0", score) + } +} + +func TestCalculateCapacityScore_FullNode(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + portAllocator := NewNamespacePortAllocator(mockDB, logger) + selector := NewClusterNodeSelector(mockDB, portAllocator, logger) + + // Full node should have score of 0.0 (0% available) + score := selector.calculateCapacityScore( + 100, 100, // deployments (full) + 9900, 9900, // ports (full) + 8192, 8192, // memory (full) + 400, 400, // cpu (full) + 20, 20, // namespace instances (full) + ) + + if score != 0.0 { + t.Errorf("Full node score = %f, want 0.0", score) + } +} + +func TestCalculateCapacityScore_HalfCapacity(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + portAllocator := NewNamespacePortAllocator(mockDB, logger) + selector := NewClusterNodeSelector(mockDB, portAllocator, logger) + + // Half-full node should have score of approximately 0.5 + score := selector.calculateCapacityScore( + 50, 100, // 50% deployments + 4950, 9900, // 50% ports + 4096, 8192, // 50% memory + 200, 400, // 50% cpu + 10, 20, // 50% namespace instances + ) + + // With all components at 50%, the weighted average should be 0.5 + expected := 0.5 + tolerance := 0.01 + + if score < expected-tolerance || score > expected+tolerance { + t.Errorf("Half capacity score = %f, want approximately %f", score, expected) + } +} + +func TestCalculateCapacityScore_Weights(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + portAllocator := NewNamespacePortAllocator(mockDB, logger) + selector := NewClusterNodeSelector(mockDB, portAllocator, logger) + + // Test that deployment weight is 30%, namespace instance weight is 25% + // Only deployments full (other metrics empty) + deploymentOnlyScore := selector.calculateCapacityScore( + 100, 100, // deployments full (contributes 0 * 0.30 = 0) + 0, 9900, // ports empty (contributes 1.0 * 0.15 = 0.15) + 0, 8192, // memory empty (contributes 1.0 * 0.15 = 0.15) + 0, 400, // cpu empty (contributes 1.0 * 0.15 = 0.15) + 0, 20, // namespace instances empty (contributes 1.0 * 0.25 = 0.25) + ) + // Expected: 0 + 0.15 + 0.15 + 0.15 + 0.25 = 0.70 + expectedDeploymentOnly := 0.70 + tolerance := 0.01 + + if deploymentOnlyScore < expectedDeploymentOnly-tolerance || deploymentOnlyScore > expectedDeploymentOnly+tolerance { + t.Errorf("Deployment-only-full score = %f, want %f", deploymentOnlyScore, expectedDeploymentOnly) + } + + // Only namespace instances full (other metrics empty) + namespaceOnlyScore := selector.calculateCapacityScore( + 0, 100, // deployments empty (contributes 1.0 * 0.30 = 0.30) + 0, 9900, // ports empty (contributes 1.0 * 0.15 = 0.15) + 0, 8192, // memory empty (contributes 1.0 * 0.15 = 0.15) + 0, 400, // cpu empty (contributes 1.0 * 0.15 = 0.15) + 20, 20, // namespace instances full (contributes 0 * 0.25 = 0) + ) + // Expected: 0.30 + 0.15 + 0.15 + 0.15 + 0 = 0.75 + expectedNamespaceOnly := 0.75 + + if namespaceOnlyScore < expectedNamespaceOnly-tolerance || namespaceOnlyScore > expectedNamespaceOnly+tolerance { + t.Errorf("Namespace-only-full score = %f, want %f", namespaceOnlyScore, expectedNamespaceOnly) + } +} + +func TestCalculateCapacityScore_NegativeValues(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + portAllocator := NewNamespacePortAllocator(mockDB, logger) + selector := NewClusterNodeSelector(mockDB, portAllocator, logger) + + // Test that over-capacity values (which would produce negative scores) are clamped to 0 + score := selector.calculateCapacityScore( + 200, 100, // 200% deployments (should clamp to 0) + 20000, 9900, // over ports (should clamp to 0) + 16000, 8192, // over memory (should clamp to 0) + 800, 400, // over cpu (should clamp to 0) + 40, 20, // over namespace instances (should clamp to 0) + ) + + if score != 0.0 { + t.Errorf("Over-capacity score = %f, want 0.0", score) + } +} + +func TestNodeCapacity_AvailableSlots(t *testing.T) { + tests := []struct { + name string + instanceCount int + expectedAvailable int + }{ + {"Empty node", 0, 20}, + {"One instance", 1, 19}, + {"Half full", 10, 10}, + {"Almost full", 19, 1}, + {"Full", 20, 0}, + {"Over capacity", 25, 0}, // Should clamp to 0 + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + available := MaxNamespacesPerNode - tt.instanceCount + if available < 0 { + available = 0 + } + if available != tt.expectedAvailable { + t.Errorf("Available slots for %d instances = %d, want %d", + tt.instanceCount, available, tt.expectedAvailable) + } + }) + } +} + +func TestNewClusterNodeSelector(t *testing.T) { + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + portAllocator := NewNamespacePortAllocator(mockDB, logger) + + selector := NewClusterNodeSelector(mockDB, portAllocator, logger) + + if selector == nil { + t.Fatal("NewClusterNodeSelector returned nil") + } +} + +func TestNodeCapacityStruct(t *testing.T) { + // Test NodeCapacity struct initialization + capacity := NodeCapacity{ + NodeID: "node-123", + IPAddress: "192.168.1.100", + DeploymentCount: 10, + AllocatedPorts: 50, + AvailablePorts: 9850, + UsedMemoryMB: 2048, + AvailableMemoryMB: 6144, + UsedCPUPercent: 100, + NamespaceInstanceCount: 5, + AvailableNamespaceSlots: 15, + Score: 0.75, + } + + if capacity.NodeID != "node-123" { + t.Errorf("NodeID = %s, want node-123", capacity.NodeID) + } + if capacity.AvailableNamespaceSlots != 15 { + t.Errorf("AvailableNamespaceSlots = %d, want 15", capacity.AvailableNamespaceSlots) + } + if capacity.Score != 0.75 { + t.Errorf("Score = %f, want 0.75", capacity.Score) + } +} + +func TestScoreRanking(t *testing.T) { + // Test that higher scores indicate more available capacity + logger := zap.NewNop() + mockDB := newMockRQLiteClient() + portAllocator := NewNamespacePortAllocator(mockDB, logger) + selector := NewClusterNodeSelector(mockDB, portAllocator, logger) + + // Node A: Light load + scoreA := selector.calculateCapacityScore( + 10, 100, // 10% deployments + 500, 9900, // ~5% ports + 1000, 8192,// ~12% memory + 50, 400, // ~12% cpu + 2, 20, // 10% namespace instances + ) + + // Node B: Heavy load + scoreB := selector.calculateCapacityScore( + 80, 100, // 80% deployments + 8000, 9900, // ~80% ports + 7000, 8192, // ~85% memory + 350, 400, // ~87% cpu + 18, 20, // 90% namespace instances + ) + + if scoreA <= scoreB { + t.Errorf("Light load score (%f) should be higher than heavy load score (%f)", scoreA, scoreB) + } +} diff --git a/pkg/namespace/port_allocator.go b/pkg/namespace/port_allocator.go new file mode 100644 index 0000000..d237d26 --- /dev/null +++ b/pkg/namespace/port_allocator.go @@ -0,0 +1,387 @@ +package namespace + +import ( + "context" + "fmt" + "time" + + "github.com/DeBrosOfficial/network/pkg/client" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "github.com/google/uuid" + "go.uber.org/zap" +) + +// NamespacePortAllocator manages the reserved port range (10000-10099) for namespace services. +// Each namespace instance on a node gets a block of 5 consecutive ports. +type NamespacePortAllocator struct { + db rqlite.Client + logger *zap.Logger +} + +// NewNamespacePortAllocator creates a new port allocator +func NewNamespacePortAllocator(db rqlite.Client, logger *zap.Logger) *NamespacePortAllocator { + return &NamespacePortAllocator{ + db: db, + logger: logger.With(zap.String("component", "namespace-port-allocator")), + } +} + +// AllocatePortBlock finds and allocates the next available 5-port block on a node. +// Returns an error if the node is at capacity (20 namespace instances). +func (npa *NamespacePortAllocator) AllocatePortBlock(ctx context.Context, nodeID, namespaceClusterID string) (*PortBlock, error) { + internalCtx := client.WithInternalAuth(ctx) + + // Check if allocation already exists for this namespace on this node + existingBlock, err := npa.GetPortBlock(ctx, namespaceClusterID, nodeID) + if err == nil && existingBlock != nil { + npa.logger.Debug("Port block already allocated", + zap.String("node_id", nodeID), + zap.String("namespace_cluster_id", namespaceClusterID), + zap.Int("port_start", existingBlock.PortStart), + ) + return existingBlock, nil + } + + // Retry logic for handling concurrent allocation conflicts + maxRetries := 10 + retryDelay := 100 * time.Millisecond + + for attempt := 0; attempt < maxRetries; attempt++ { + block, err := npa.tryAllocatePortBlock(internalCtx, nodeID, namespaceClusterID) + if err == nil { + npa.logger.Info("Port block allocated successfully", + zap.String("node_id", nodeID), + zap.String("namespace_cluster_id", namespaceClusterID), + zap.Int("port_start", block.PortStart), + zap.Int("attempt", attempt+1), + ) + return block, nil + } + + // If it's a conflict error, retry with exponential backoff + if isConflictError(err) { + npa.logger.Debug("Port allocation conflict, retrying", + zap.String("node_id", nodeID), + zap.String("namespace_cluster_id", namespaceClusterID), + zap.Int("attempt", attempt+1), + zap.Error(err), + ) + time.Sleep(retryDelay) + retryDelay *= 2 + continue + } + + // Other errors are non-retryable + return nil, err + } + + return nil, &ClusterError{ + Message: fmt.Sprintf("failed to allocate port block after %d retries", maxRetries), + } +} + +// tryAllocatePortBlock attempts to allocate a port block (single attempt) +func (npa *NamespacePortAllocator) tryAllocatePortBlock(ctx context.Context, nodeID, namespaceClusterID string) (*PortBlock, error) { + // In dev environments where all nodes share the same IP, we need to track + // allocations by IP address to avoid port conflicts. First get this node's IP. + var nodeInfos []struct { + IPAddress string `db:"ip_address"` + } + nodeQuery := `SELECT ip_address FROM dns_nodes WHERE id = ? LIMIT 1` + if err := npa.db.Query(ctx, &nodeInfos, nodeQuery, nodeID); err != nil || len(nodeInfos) == 0 { + // Fallback: if we can't get the IP, allocate per node_id only + npa.logger.Debug("Could not get node IP, falling back to node_id-only allocation", + zap.String("node_id", nodeID), + ) + } + + // Query all allocated port blocks. If nodes share the same IP, we need to + // check allocations by IP address to prevent port conflicts. + type portRow struct { + PortStart int `db:"port_start"` + } + + var allocatedBlocks []portRow + var query string + var err error + + if len(nodeInfos) > 0 && nodeInfos[0].IPAddress != "" { + // Check if other nodes share this IP - if so, allocate globally by IP + var sameIPCount []struct { + Count int `db:"count"` + } + countQuery := `SELECT COUNT(DISTINCT id) as count FROM dns_nodes WHERE ip_address = ?` + if err := npa.db.Query(ctx, &sameIPCount, countQuery, nodeInfos[0].IPAddress); err == nil && len(sameIPCount) > 0 && sameIPCount[0].Count > 1 { + // Multiple nodes share this IP (dev environment) - allocate globally + query = ` + SELECT npa.port_start + FROM namespace_port_allocations npa + JOIN dns_nodes dn ON npa.node_id = dn.id + WHERE dn.ip_address = ? + ORDER BY npa.port_start ASC + ` + err = npa.db.Query(ctx, &allocatedBlocks, query, nodeInfos[0].IPAddress) + npa.logger.Debug("Multiple nodes share IP, allocating globally", + zap.String("ip_address", nodeInfos[0].IPAddress), + zap.Int("same_ip_nodes", sameIPCount[0].Count), + ) + } else { + // Single node per IP (production) - allocate per node + query = `SELECT port_start FROM namespace_port_allocations WHERE node_id = ? ORDER BY port_start ASC` + err = npa.db.Query(ctx, &allocatedBlocks, query, nodeID) + } + } else { + // No IP info - allocate per node_id + query = `SELECT port_start FROM namespace_port_allocations WHERE node_id = ? ORDER BY port_start ASC` + err = npa.db.Query(ctx, &allocatedBlocks, query, nodeID) + } + + if err != nil { + return nil, &ClusterError{ + Message: "failed to query allocated ports", + Cause: err, + } + } + + // Build map of allocated block starts + allocatedStarts := make(map[int]bool) + for _, row := range allocatedBlocks { + allocatedStarts[row.PortStart] = true + } + + // Check node capacity + if len(allocatedBlocks) >= MaxNamespacesPerNode { + return nil, ErrNodeAtCapacity + } + + // Find first available port block + portStart := -1 + for start := NamespacePortRangeStart; start <= NamespacePortRangeEnd-PortsPerNamespace+1; start += PortsPerNamespace { + if !allocatedStarts[start] { + portStart = start + break + } + } + + if portStart < 0 { + return nil, ErrNoPortsAvailable + } + + // Create port block + block := &PortBlock{ + ID: uuid.New().String(), + NodeID: nodeID, + NamespaceClusterID: namespaceClusterID, + PortStart: portStart, + PortEnd: portStart + PortsPerNamespace - 1, + RQLiteHTTPPort: portStart + 0, + RQLiteRaftPort: portStart + 1, + OlricHTTPPort: portStart + 2, + OlricMemberlistPort: portStart + 3, + GatewayHTTPPort: portStart + 4, + AllocatedAt: time.Now(), + } + + // Attempt to insert allocation record + insertQuery := ` + INSERT INTO namespace_port_allocations ( + id, node_id, namespace_cluster_id, port_start, port_end, + rqlite_http_port, rqlite_raft_port, olric_http_port, olric_memberlist_port, gateway_http_port, + allocated_at + ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) + ` + _, err = npa.db.Exec(ctx, insertQuery, + block.ID, + block.NodeID, + block.NamespaceClusterID, + block.PortStart, + block.PortEnd, + block.RQLiteHTTPPort, + block.RQLiteRaftPort, + block.OlricHTTPPort, + block.OlricMemberlistPort, + block.GatewayHTTPPort, + block.AllocatedAt, + ) + if err != nil { + return nil, &ClusterError{ + Message: "failed to insert port allocation", + Cause: err, + } + } + + return block, nil +} + +// DeallocatePortBlock releases a port block when a namespace is deprovisioned +func (npa *NamespacePortAllocator) DeallocatePortBlock(ctx context.Context, namespaceClusterID, nodeID string) error { + internalCtx := client.WithInternalAuth(ctx) + + query := `DELETE FROM namespace_port_allocations WHERE namespace_cluster_id = ? AND node_id = ?` + _, err := npa.db.Exec(internalCtx, query, namespaceClusterID, nodeID) + if err != nil { + return &ClusterError{ + Message: "failed to deallocate port block", + Cause: err, + } + } + + npa.logger.Info("Port block deallocated", + zap.String("namespace_cluster_id", namespaceClusterID), + zap.String("node_id", nodeID), + ) + + return nil +} + +// DeallocateAllPortBlocks releases all port blocks for a namespace cluster +func (npa *NamespacePortAllocator) DeallocateAllPortBlocks(ctx context.Context, namespaceClusterID string) error { + internalCtx := client.WithInternalAuth(ctx) + + query := `DELETE FROM namespace_port_allocations WHERE namespace_cluster_id = ?` + _, err := npa.db.Exec(internalCtx, query, namespaceClusterID) + if err != nil { + return &ClusterError{ + Message: "failed to deallocate all port blocks", + Cause: err, + } + } + + npa.logger.Info("All port blocks deallocated", + zap.String("namespace_cluster_id", namespaceClusterID), + ) + + return nil +} + +// GetPortBlock retrieves the port block for a namespace on a specific node +func (npa *NamespacePortAllocator) GetPortBlock(ctx context.Context, namespaceClusterID, nodeID string) (*PortBlock, error) { + internalCtx := client.WithInternalAuth(ctx) + + var blocks []PortBlock + query := ` + SELECT id, node_id, namespace_cluster_id, port_start, port_end, + rqlite_http_port, rqlite_raft_port, olric_http_port, olric_memberlist_port, gateway_http_port, + allocated_at + FROM namespace_port_allocations + WHERE namespace_cluster_id = ? AND node_id = ? + LIMIT 1 + ` + err := npa.db.Query(internalCtx, &blocks, query, namespaceClusterID, nodeID) + if err != nil { + return nil, &ClusterError{ + Message: "failed to query port block", + Cause: err, + } + } + + if len(blocks) == 0 { + return nil, nil + } + + return &blocks[0], nil +} + +// GetAllPortBlocks retrieves all port blocks for a namespace cluster +func (npa *NamespacePortAllocator) GetAllPortBlocks(ctx context.Context, namespaceClusterID string) ([]PortBlock, error) { + internalCtx := client.WithInternalAuth(ctx) + + var blocks []PortBlock + query := ` + SELECT id, node_id, namespace_cluster_id, port_start, port_end, + rqlite_http_port, rqlite_raft_port, olric_http_port, olric_memberlist_port, gateway_http_port, + allocated_at + FROM namespace_port_allocations + WHERE namespace_cluster_id = ? + ORDER BY port_start ASC + ` + err := npa.db.Query(internalCtx, &blocks, query, namespaceClusterID) + if err != nil { + return nil, &ClusterError{ + Message: "failed to query port blocks", + Cause: err, + } + } + + return blocks, nil +} + +// GetNodeCapacity returns how many more namespace instances a node can host +func (npa *NamespacePortAllocator) GetNodeCapacity(ctx context.Context, nodeID string) (int, error) { + internalCtx := client.WithInternalAuth(ctx) + + type countResult struct { + Count int `db:"count"` + } + + var results []countResult + query := `SELECT COUNT(*) as count FROM namespace_port_allocations WHERE node_id = ?` + err := npa.db.Query(internalCtx, &results, query, nodeID) + if err != nil { + return 0, &ClusterError{ + Message: "failed to count allocated port blocks", + Cause: err, + } + } + + if len(results) == 0 { + return MaxNamespacesPerNode, nil + } + + allocated := results[0].Count + available := MaxNamespacesPerNode - allocated + + if available < 0 { + available = 0 + } + + return available, nil +} + +// GetNodeAllocationCount returns the number of namespace instances on a node +func (npa *NamespacePortAllocator) GetNodeAllocationCount(ctx context.Context, nodeID string) (int, error) { + internalCtx := client.WithInternalAuth(ctx) + + type countResult struct { + Count int `db:"count"` + } + + var results []countResult + query := `SELECT COUNT(*) as count FROM namespace_port_allocations WHERE node_id = ?` + err := npa.db.Query(internalCtx, &results, query, nodeID) + if err != nil { + return 0, &ClusterError{ + Message: "failed to count allocated port blocks", + Cause: err, + } + } + + if len(results) == 0 { + return 0, nil + } + + return results[0].Count, nil +} + +// isConflictError checks if an error is due to a constraint violation +func isConflictError(err error) bool { + if err == nil { + return false + } + errStr := err.Error() + return contains(errStr, "UNIQUE") || contains(errStr, "constraint") || contains(errStr, "conflict") +} + +// contains checks if a string contains a substring (case-insensitive) +func contains(s, substr string) bool { + return len(s) >= len(substr) && (s == substr || len(s) > len(substr) && findSubstring(s, substr)) +} + +func findSubstring(s, substr string) bool { + for i := 0; i <= len(s)-len(substr); i++ { + if s[i:i+len(substr)] == substr { + return true + } + } + return false +} diff --git a/pkg/namespace/port_allocator_test.go b/pkg/namespace/port_allocator_test.go new file mode 100644 index 0000000..1a44148 --- /dev/null +++ b/pkg/namespace/port_allocator_test.go @@ -0,0 +1,310 @@ +package namespace + +import ( + "context" + "database/sql" + "errors" + "testing" + "time" + + "github.com/DeBrosOfficial/network/pkg/rqlite" + "go.uber.org/zap" +) + +// mockResult implements sql.Result +type mockResult struct { + lastInsertID int64 + rowsAffected int64 +} + +func (m mockResult) LastInsertId() (int64, error) { return m.lastInsertID, nil } +func (m mockResult) RowsAffected() (int64, error) { return m.rowsAffected, nil } + +// mockRQLiteClient implements rqlite.Client for testing +type mockRQLiteClient struct { + queryResults map[string]interface{} + execResults map[string]error + queryCalls []mockQueryCall + execCalls []mockExecCall +} + +type mockQueryCall struct { + Query string + Args []interface{} +} + +type mockExecCall struct { + Query string + Args []interface{} +} + +func newMockRQLiteClient() *mockRQLiteClient { + return &mockRQLiteClient{ + queryResults: make(map[string]interface{}), + execResults: make(map[string]error), + queryCalls: make([]mockQueryCall, 0), + execCalls: make([]mockExecCall, 0), + } +} + +func (m *mockRQLiteClient) Query(ctx context.Context, dest any, query string, args ...any) error { + ifaceArgs := make([]interface{}, len(args)) + for i, a := range args { + ifaceArgs[i] = a + } + m.queryCalls = append(m.queryCalls, mockQueryCall{Query: query, Args: ifaceArgs}) + return nil +} + +func (m *mockRQLiteClient) Exec(ctx context.Context, query string, args ...any) (sql.Result, error) { + ifaceArgs := make([]interface{}, len(args)) + for i, a := range args { + ifaceArgs[i] = a + } + m.execCalls = append(m.execCalls, mockExecCall{Query: query, Args: ifaceArgs}) + if err, ok := m.execResults[query]; ok { + return nil, err + } + return mockResult{rowsAffected: 1}, nil +} + +func (m *mockRQLiteClient) FindBy(ctx context.Context, dest any, table string, criteria map[string]any, opts ...rqlite.FindOption) error { + return nil +} + +func (m *mockRQLiteClient) FindOneBy(ctx context.Context, dest any, table string, criteria map[string]any, opts ...rqlite.FindOption) error { + return nil +} + +func (m *mockRQLiteClient) Save(ctx context.Context, entity any) error { + return nil +} + +func (m *mockRQLiteClient) Remove(ctx context.Context, entity any) error { + return nil +} + +func (m *mockRQLiteClient) Repository(table string) any { + return nil +} + +func (m *mockRQLiteClient) CreateQueryBuilder(table string) *rqlite.QueryBuilder { + return nil +} + +func (m *mockRQLiteClient) Tx(ctx context.Context, fn func(tx rqlite.Tx) error) error { + return nil +} + +// Ensure mockRQLiteClient implements rqlite.Client +var _ rqlite.Client = (*mockRQLiteClient)(nil) + +func TestPortBlock_PortAssignment(t *testing.T) { + // Test that port block correctly assigns ports + block := &PortBlock{ + ID: "test-id", + NodeID: "node-1", + NamespaceClusterID: "cluster-1", + PortStart: 10000, + PortEnd: 10004, + RQLiteHTTPPort: 10000, + RQLiteRaftPort: 10001, + OlricHTTPPort: 10002, + OlricMemberlistPort: 10003, + GatewayHTTPPort: 10004, + AllocatedAt: time.Now(), + } + + // Verify port assignments + if block.RQLiteHTTPPort != block.PortStart+0 { + t.Errorf("RQLiteHTTPPort = %d, want %d", block.RQLiteHTTPPort, block.PortStart+0) + } + if block.RQLiteRaftPort != block.PortStart+1 { + t.Errorf("RQLiteRaftPort = %d, want %d", block.RQLiteRaftPort, block.PortStart+1) + } + if block.OlricHTTPPort != block.PortStart+2 { + t.Errorf("OlricHTTPPort = %d, want %d", block.OlricHTTPPort, block.PortStart+2) + } + if block.OlricMemberlistPort != block.PortStart+3 { + t.Errorf("OlricMemberlistPort = %d, want %d", block.OlricMemberlistPort, block.PortStart+3) + } + if block.GatewayHTTPPort != block.PortStart+4 { + t.Errorf("GatewayHTTPPort = %d, want %d", block.GatewayHTTPPort, block.PortStart+4) + } +} + +func TestPortConstants(t *testing.T) { + // Verify constants are correctly defined + if NamespacePortRangeStart != 10000 { + t.Errorf("NamespacePortRangeStart = %d, want 10000", NamespacePortRangeStart) + } + if NamespacePortRangeEnd != 10099 { + t.Errorf("NamespacePortRangeEnd = %d, want 10099", NamespacePortRangeEnd) + } + if PortsPerNamespace != 5 { + t.Errorf("PortsPerNamespace = %d, want 5", PortsPerNamespace) + } + + // Verify max namespaces calculation: (10099 - 10000 + 1) / 5 = 100 / 5 = 20 + expectedMax := (NamespacePortRangeEnd - NamespacePortRangeStart + 1) / PortsPerNamespace + if MaxNamespacesPerNode != expectedMax { + t.Errorf("MaxNamespacesPerNode = %d, want %d", MaxNamespacesPerNode, expectedMax) + } + if MaxNamespacesPerNode != 20 { + t.Errorf("MaxNamespacesPerNode = %d, want 20", MaxNamespacesPerNode) + } +} + +func TestPortRangeCapacity(t *testing.T) { + // Test that 20 namespaces fit exactly in the port range + usedPorts := MaxNamespacesPerNode * PortsPerNamespace + availablePorts := NamespacePortRangeEnd - NamespacePortRangeStart + 1 + + if usedPorts > availablePorts { + t.Errorf("Port range overflow: %d ports needed for %d namespaces, but only %d available", + usedPorts, MaxNamespacesPerNode, availablePorts) + } + + // Verify no wasted ports + if usedPorts != availablePorts { + t.Logf("Note: %d ports unused in range", availablePorts-usedPorts) + } +} + +func TestPortBlockAllocation_SequentialBlocks(t *testing.T) { + // Verify that sequential port blocks don't overlap + blocks := make([]*PortBlock, MaxNamespacesPerNode) + + for i := 0; i < MaxNamespacesPerNode; i++ { + portStart := NamespacePortRangeStart + (i * PortsPerNamespace) + blocks[i] = &PortBlock{ + PortStart: portStart, + PortEnd: portStart + PortsPerNamespace - 1, + RQLiteHTTPPort: portStart + 0, + RQLiteRaftPort: portStart + 1, + OlricHTTPPort: portStart + 2, + OlricMemberlistPort: portStart + 3, + GatewayHTTPPort: portStart + 4, + } + } + + // Verify no overlap between consecutive blocks + for i := 0; i < len(blocks)-1; i++ { + if blocks[i].PortEnd >= blocks[i+1].PortStart { + t.Errorf("Block %d (end=%d) overlaps with block %d (start=%d)", + i, blocks[i].PortEnd, i+1, blocks[i+1].PortStart) + } + } + + // Verify last block doesn't exceed range + lastBlock := blocks[len(blocks)-1] + if lastBlock.PortEnd > NamespacePortRangeEnd { + t.Errorf("Last block exceeds port range: end=%d, max=%d", + lastBlock.PortEnd, NamespacePortRangeEnd) + } +} + +func TestIsConflictError(t *testing.T) { + tests := []struct { + name string + err error + expected bool + }{ + { + name: "nil error", + err: nil, + expected: false, + }, + { + name: "UNIQUE constraint error", + err: errors.New("UNIQUE constraint failed"), + expected: true, + }, + { + name: "constraint violation", + err: errors.New("constraint violation"), + expected: true, + }, + { + name: "conflict error", + err: errors.New("conflict detected"), + expected: true, + }, + { + name: "regular error", + err: errors.New("connection timeout"), + expected: false, + }, + { + name: "empty error", + err: errors.New(""), + expected: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := isConflictError(tt.err) + if result != tt.expected { + t.Errorf("isConflictError(%v) = %v, want %v", tt.err, result, tt.expected) + } + }) + } +} + +func TestContains(t *testing.T) { + tests := []struct { + s string + substr string + expected bool + }{ + {"hello world", "world", true}, + {"hello world", "hello", true}, + {"hello world", "xyz", false}, + {"", "", true}, + {"hello", "", true}, + {"", "hello", false}, + {"UNIQUE constraint", "UNIQUE", true}, + } + + for _, tt := range tests { + t.Run(tt.s+"_"+tt.substr, func(t *testing.T) { + result := contains(tt.s, tt.substr) + if result != tt.expected { + t.Errorf("contains(%q, %q) = %v, want %v", tt.s, tt.substr, result, tt.expected) + } + }) + } +} + +func TestNewNamespacePortAllocator(t *testing.T) { + mockDB := newMockRQLiteClient() + logger := zap.NewNop() + + allocator := NewNamespacePortAllocator(mockDB, logger) + + if allocator == nil { + t.Fatal("NewNamespacePortAllocator returned nil") + } +} + +func TestDefaultClusterSizes(t *testing.T) { + // Verify default cluster size constants + if DefaultRQLiteNodeCount != 3 { + t.Errorf("DefaultRQLiteNodeCount = %d, want 3", DefaultRQLiteNodeCount) + } + if DefaultOlricNodeCount != 3 { + t.Errorf("DefaultOlricNodeCount = %d, want 3", DefaultOlricNodeCount) + } + if DefaultGatewayNodeCount != 3 { + t.Errorf("DefaultGatewayNodeCount = %d, want 3", DefaultGatewayNodeCount) + } + + // Public namespace should have larger clusters + if PublicRQLiteNodeCount != 5 { + t.Errorf("PublicRQLiteNodeCount = %d, want 5", PublicRQLiteNodeCount) + } + if PublicOlricNodeCount != 5 { + t.Errorf("PublicOlricNodeCount = %d, want 5", PublicOlricNodeCount) + } +} diff --git a/pkg/namespace/systemd_spawner.go b/pkg/namespace/systemd_spawner.go new file mode 100644 index 0000000..570d355 --- /dev/null +++ b/pkg/namespace/systemd_spawner.go @@ -0,0 +1,301 @@ +package namespace + +import ( + "context" + "fmt" + "os" + "path/filepath" + "time" + + "github.com/DeBrosOfficial/network/pkg/gateway" + "github.com/DeBrosOfficial/network/pkg/olric" + "github.com/DeBrosOfficial/network/pkg/rqlite" + "github.com/DeBrosOfficial/network/pkg/systemd" + "go.uber.org/zap" + "gopkg.in/yaml.v3" +) + +// SystemdSpawner spawns namespace cluster processes using systemd services +type SystemdSpawner struct { + systemdMgr *systemd.Manager + namespaceBase string + logger *zap.Logger +} + +// NewSystemdSpawner creates a new systemd-based spawner +func NewSystemdSpawner(namespaceBase string, logger *zap.Logger) *SystemdSpawner { + return &SystemdSpawner{ + systemdMgr: systemd.NewManager(namespaceBase, logger), + namespaceBase: namespaceBase, + logger: logger.With(zap.String("component", "systemd-spawner")), + } +} + +// SpawnRQLite starts a RQLite instance using systemd +func (s *SystemdSpawner) SpawnRQLite(ctx context.Context, namespace, nodeID string, cfg rqlite.InstanceConfig) error { + s.logger.Info("Spawning RQLite via systemd", + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + // Build join arguments + joinArgs := "" + if len(cfg.JoinAddresses) > 0 { + joinArgs = fmt.Sprintf("-join %s", cfg.JoinAddresses[0]) + for _, addr := range cfg.JoinAddresses[1:] { + joinArgs += fmt.Sprintf(",%s", addr) + } + } + + // Generate environment file + envVars := map[string]string{ + "HTTP_ADDR": fmt.Sprintf("0.0.0.0:%d", cfg.HTTPPort), + "RAFT_ADDR": fmt.Sprintf("0.0.0.0:%d", cfg.RaftPort), + "HTTP_ADV_ADDR": cfg.HTTPAdvAddress, + "RAFT_ADV_ADDR": cfg.RaftAdvAddress, + "JOIN_ARGS": joinArgs, + "NODE_ID": nodeID, + } + + if err := s.systemdMgr.GenerateEnvFile(namespace, nodeID, systemd.ServiceTypeRQLite, envVars); err != nil { + return fmt.Errorf("failed to generate RQLite env file: %w", err) + } + + // Start the systemd service + if err := s.systemdMgr.StartService(namespace, systemd.ServiceTypeRQLite); err != nil { + return fmt.Errorf("failed to start RQLite service: %w", err) + } + + // Wait for service to be active + if err := s.waitForService(namespace, systemd.ServiceTypeRQLite, 30*time.Second); err != nil { + return fmt.Errorf("RQLite service did not become active: %w", err) + } + + s.logger.Info("RQLite spawned successfully via systemd", + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + return nil +} + +// SpawnOlric starts an Olric instance using systemd +func (s *SystemdSpawner) SpawnOlric(ctx context.Context, namespace, nodeID string, cfg olric.InstanceConfig) error { + s.logger.Info("Spawning Olric via systemd", + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + // Create config directory + configDir := filepath.Join(s.namespaceBase, namespace, "configs") + if err := os.MkdirAll(configDir, 0755); err != nil { + return fmt.Errorf("failed to create config directory: %w", err) + } + + configPath := filepath.Join(configDir, fmt.Sprintf("olric-%s.yaml", nodeID)) + + // Generate Olric YAML config + type olricServerConfig struct { + BindAddr string `yaml:"bindAddr"` + BindPort int `yaml:"bindPort"` + } + type olricMemberlistConfig struct { + Environment string `yaml:"environment"` + BindAddr string `yaml:"bindAddr"` + BindPort int `yaml:"bindPort"` + Peers []string `yaml:"peers,omitempty"` + } + type olricConfig struct { + Server olricServerConfig `yaml:"server"` + Memberlist olricMemberlistConfig `yaml:"memberlist"` + PartitionCount uint64 `yaml:"partitionCount"` + } + + config := olricConfig{ + Server: olricServerConfig{ + BindAddr: cfg.BindAddr, + BindPort: cfg.HTTPPort, + }, + Memberlist: olricMemberlistConfig{ + Environment: "lan", + BindAddr: cfg.BindAddr, + BindPort: cfg.MemberlistPort, + Peers: cfg.PeerAddresses, + }, + PartitionCount: 12, // Optimized for namespace clusters (vs 256 default) + } + + configBytes, err := yaml.Marshal(config) + if err != nil { + return fmt.Errorf("failed to marshal Olric config: %w", err) + } + + if err := os.WriteFile(configPath, configBytes, 0644); err != nil { + return fmt.Errorf("failed to write Olric config: %w", err) + } + + s.logger.Info("Created Olric config file", + zap.String("path", configPath), + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + // Generate environment file with Olric config path + envVars := map[string]string{ + "OLRIC_SERVER_CONFIG": configPath, + } + + if err := s.systemdMgr.GenerateEnvFile(namespace, nodeID, systemd.ServiceTypeOlric, envVars); err != nil { + return fmt.Errorf("failed to generate Olric env file: %w", err) + } + + // Start the systemd service + if err := s.systemdMgr.StartService(namespace, systemd.ServiceTypeOlric); err != nil { + return fmt.Errorf("failed to start Olric service: %w", err) + } + + // Wait for service to be active + if err := s.waitForService(namespace, systemd.ServiceTypeOlric, 30*time.Second); err != nil { + return fmt.Errorf("Olric service did not become active: %w", err) + } + + s.logger.Info("Olric spawned successfully via systemd", + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + return nil +} + +// SpawnGateway starts a Gateway instance using systemd +func (s *SystemdSpawner) SpawnGateway(ctx context.Context, namespace, nodeID string, cfg gateway.InstanceConfig) error { + s.logger.Info("Spawning Gateway via systemd", + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + // Create config directory + configDir := filepath.Join(s.namespaceBase, namespace, "configs") + if err := os.MkdirAll(configDir, 0755); err != nil { + return fmt.Errorf("failed to create config directory: %w", err) + } + + configPath := filepath.Join(configDir, fmt.Sprintf("gateway-%s.yaml", nodeID)) + + // Build Gateway YAML config + type gatewayYAMLConfig struct { + ListenAddr string `yaml:"listen_addr"` + ClientNamespace string `yaml:"client_namespace"` + RQLiteDSN string `yaml:"rqlite_dsn"` + GlobalRQLiteDSN string `yaml:"global_rqlite_dsn,omitempty"` + DomainName string `yaml:"domain_name"` + OlricServers []string `yaml:"olric_servers"` + OlricTimeout string `yaml:"olric_timeout"` + IPFSClusterAPIURL string `yaml:"ipfs_cluster_api_url"` + IPFSAPIURL string `yaml:"ipfs_api_url"` + IPFSTimeout string `yaml:"ipfs_timeout"` + IPFSReplicationFactor int `yaml:"ipfs_replication_factor"` + } + + gatewayConfig := gatewayYAMLConfig{ + ListenAddr: fmt.Sprintf(":%d", cfg.HTTPPort), + ClientNamespace: cfg.Namespace, + RQLiteDSN: cfg.RQLiteDSN, + GlobalRQLiteDSN: cfg.GlobalRQLiteDSN, + DomainName: cfg.BaseDomain, + OlricServers: cfg.OlricServers, + OlricTimeout: cfg.OlricTimeout.String(), + IPFSClusterAPIURL: cfg.IPFSClusterAPIURL, + IPFSAPIURL: cfg.IPFSAPIURL, + IPFSTimeout: cfg.IPFSTimeout.String(), + IPFSReplicationFactor: cfg.IPFSReplicationFactor, + } + + configBytes, err := yaml.Marshal(gatewayConfig) + if err != nil { + return fmt.Errorf("failed to marshal Gateway config: %w", err) + } + + if err := os.WriteFile(configPath, configBytes, 0644); err != nil { + return fmt.Errorf("failed to write Gateway config: %w", err) + } + + s.logger.Info("Created Gateway config file", + zap.String("path", configPath), + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + // Generate environment file with Gateway config path + envVars := map[string]string{ + "GATEWAY_CONFIG": configPath, + } + + if err := s.systemdMgr.GenerateEnvFile(namespace, nodeID, systemd.ServiceTypeGateway, envVars); err != nil { + return fmt.Errorf("failed to generate Gateway env file: %w", err) + } + + // Start the systemd service + if err := s.systemdMgr.StartService(namespace, systemd.ServiceTypeGateway); err != nil { + return fmt.Errorf("failed to start Gateway service: %w", err) + } + + // Wait for service to be active + if err := s.waitForService(namespace, systemd.ServiceTypeGateway, 30*time.Second); err != nil { + return fmt.Errorf("Gateway service did not become active: %w", err) + } + + s.logger.Info("Gateway spawned successfully via systemd", + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + return nil +} + +// StopRQLite stops a RQLite instance +func (s *SystemdSpawner) StopRQLite(ctx context.Context, namespace, nodeID string) error { + s.logger.Info("Stopping RQLite via systemd", + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + return s.systemdMgr.StopService(namespace, systemd.ServiceTypeRQLite) +} + +// StopOlric stops an Olric instance +func (s *SystemdSpawner) StopOlric(ctx context.Context, namespace, nodeID string) error { + s.logger.Info("Stopping Olric via systemd", + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + return s.systemdMgr.StopService(namespace, systemd.ServiceTypeOlric) +} + +// StopGateway stops a Gateway instance +func (s *SystemdSpawner) StopGateway(ctx context.Context, namespace, nodeID string) error { + s.logger.Info("Stopping Gateway via systemd", + zap.String("namespace", namespace), + zap.String("node_id", nodeID)) + + return s.systemdMgr.StopService(namespace, systemd.ServiceTypeGateway) +} + +// StopAll stops all services for a namespace +func (s *SystemdSpawner) StopAll(ctx context.Context, namespace string) error { + s.logger.Info("Stopping all namespace services via systemd", + zap.String("namespace", namespace)) + + return s.systemdMgr.StopAllNamespaceServices(namespace) +} + +// waitForService waits for a systemd service to become active +func (s *SystemdSpawner) waitForService(namespace string, serviceType systemd.ServiceType, timeout time.Duration) error { + deadline := time.Now().Add(timeout) + + for time.Now().Before(deadline) { + active, err := s.systemdMgr.IsServiceActive(namespace, serviceType) + if err != nil { + return fmt.Errorf("failed to check service status: %w", err) + } + + if active { + return nil + } + + time.Sleep(1 * time.Second) + } + + return fmt.Errorf("service did not become active within %v", timeout) +} diff --git a/pkg/namespace/types.go b/pkg/namespace/types.go new file mode 100644 index 0000000..2b12afd --- /dev/null +++ b/pkg/namespace/types.go @@ -0,0 +1,204 @@ +package namespace + +import ( + "time" +) + +// ClusterStatus represents the current state of a namespace cluster +type ClusterStatus string + +const ( + ClusterStatusNone ClusterStatus = "none" // No cluster provisioned + ClusterStatusProvisioning ClusterStatus = "provisioning" // Cluster is being provisioned + ClusterStatusReady ClusterStatus = "ready" // Cluster is operational + ClusterStatusDegraded ClusterStatus = "degraded" // Some nodes are unhealthy + ClusterStatusFailed ClusterStatus = "failed" // Cluster failed to provision/operate + ClusterStatusDeprovisioning ClusterStatus = "deprovisioning" // Cluster is being deprovisioned +) + +// NodeRole represents the role of a node in a namespace cluster +type NodeRole string + +const ( + NodeRoleRQLiteLeader NodeRole = "rqlite_leader" + NodeRoleRQLiteFollower NodeRole = "rqlite_follower" + NodeRoleOlric NodeRole = "olric" + NodeRoleGateway NodeRole = "gateway" +) + +// NodeStatus represents the status of a service on a node +type NodeStatus string + +const ( + NodeStatusPending NodeStatus = "pending" + NodeStatusStarting NodeStatus = "starting" + NodeStatusRunning NodeStatus = "running" + NodeStatusStopped NodeStatus = "stopped" + NodeStatusFailed NodeStatus = "failed" +) + +// EventType represents types of cluster lifecycle events +type EventType string + +const ( + EventProvisioningStarted EventType = "provisioning_started" + EventNodesSelected EventType = "nodes_selected" + EventPortsAllocated EventType = "ports_allocated" + EventRQLiteStarted EventType = "rqlite_started" + EventRQLiteJoined EventType = "rqlite_joined" + EventRQLiteLeaderElected EventType = "rqlite_leader_elected" + EventOlricStarted EventType = "olric_started" + EventOlricJoined EventType = "olric_joined" + EventGatewayStarted EventType = "gateway_started" + EventDNSCreated EventType = "dns_created" + EventClusterReady EventType = "cluster_ready" + EventClusterDegraded EventType = "cluster_degraded" + EventClusterFailed EventType = "cluster_failed" + EventNodeFailed EventType = "node_failed" + EventNodeRecovered EventType = "node_recovered" + EventDeprovisionStarted EventType = "deprovisioning_started" + EventDeprovisioned EventType = "deprovisioned" +) + +// Port allocation constants +const ( + // NamespacePortRangeStart is the beginning of the reserved port range for namespace services + NamespacePortRangeStart = 10000 + + // NamespacePortRangeEnd is the end of the reserved port range for namespace services + NamespacePortRangeEnd = 10099 + + // PortsPerNamespace is the number of ports required per namespace instance on a node + // RQLite HTTP (0), RQLite Raft (1), Olric HTTP (2), Olric Memberlist (3), Gateway HTTP (4) + PortsPerNamespace = 5 + + // MaxNamespacesPerNode is the maximum number of namespace instances a single node can host + MaxNamespacesPerNode = (NamespacePortRangeEnd - NamespacePortRangeStart + 1) / PortsPerNamespace // 20 +) + +// Default cluster sizes +const ( + DefaultRQLiteNodeCount = 3 + DefaultOlricNodeCount = 3 + DefaultGatewayNodeCount = 3 + PublicRQLiteNodeCount = 5 + PublicOlricNodeCount = 5 +) + +// NamespaceCluster represents a dedicated cluster for a namespace +type NamespaceCluster struct { + ID string `json:"id" db:"id"` + NamespaceID int `json:"namespace_id" db:"namespace_id"` + NamespaceName string `json:"namespace_name" db:"namespace_name"` + Status ClusterStatus `json:"status" db:"status"` + RQLiteNodeCount int `json:"rqlite_node_count" db:"rqlite_node_count"` + OlricNodeCount int `json:"olric_node_count" db:"olric_node_count"` + GatewayNodeCount int `json:"gateway_node_count" db:"gateway_node_count"` + ProvisionedBy string `json:"provisioned_by" db:"provisioned_by"` + ProvisionedAt time.Time `json:"provisioned_at" db:"provisioned_at"` + ReadyAt *time.Time `json:"ready_at,omitempty" db:"ready_at"` + LastHealthCheck *time.Time `json:"last_health_check,omitempty" db:"last_health_check"` + ErrorMessage string `json:"error_message,omitempty" db:"error_message"` + RetryCount int `json:"retry_count" db:"retry_count"` + + // Populated by queries, not stored directly + Nodes []ClusterNode `json:"nodes,omitempty"` +} + +// ClusterNode represents a node participating in a namespace cluster +type ClusterNode struct { + ID string `json:"id" db:"id"` + NamespaceClusterID string `json:"namespace_cluster_id" db:"namespace_cluster_id"` + NodeID string `json:"node_id" db:"node_id"` + Role NodeRole `json:"role" db:"role"` + RQLiteHTTPPort int `json:"rqlite_http_port,omitempty" db:"rqlite_http_port"` + RQLiteRaftPort int `json:"rqlite_raft_port,omitempty" db:"rqlite_raft_port"` + OlricHTTPPort int `json:"olric_http_port,omitempty" db:"olric_http_port"` + OlricMemberlistPort int `json:"olric_memberlist_port,omitempty" db:"olric_memberlist_port"` + GatewayHTTPPort int `json:"gateway_http_port,omitempty" db:"gateway_http_port"` + Status NodeStatus `json:"status" db:"status"` + ProcessPID int `json:"process_pid,omitempty" db:"process_pid"` + LastHeartbeat *time.Time `json:"last_heartbeat,omitempty" db:"last_heartbeat"` + ErrorMessage string `json:"error_message,omitempty" db:"error_message"` + RQLiteJoinAddress string `json:"rqlite_join_address,omitempty" db:"rqlite_join_address"` + OlricPeers string `json:"olric_peers,omitempty" db:"olric_peers"` // JSON array + CreatedAt time.Time `json:"created_at" db:"created_at"` + UpdatedAt time.Time `json:"updated_at" db:"updated_at"` +} + +// PortBlock represents an allocated block of ports for a namespace on a node +type PortBlock struct { + ID string `json:"id" db:"id"` + NodeID string `json:"node_id" db:"node_id"` + NamespaceClusterID string `json:"namespace_cluster_id" db:"namespace_cluster_id"` + PortStart int `json:"port_start" db:"port_start"` + PortEnd int `json:"port_end" db:"port_end"` + RQLiteHTTPPort int `json:"rqlite_http_port" db:"rqlite_http_port"` + RQLiteRaftPort int `json:"rqlite_raft_port" db:"rqlite_raft_port"` + OlricHTTPPort int `json:"olric_http_port" db:"olric_http_port"` + OlricMemberlistPort int `json:"olric_memberlist_port" db:"olric_memberlist_port"` + GatewayHTTPPort int `json:"gateway_http_port" db:"gateway_http_port"` + AllocatedAt time.Time `json:"allocated_at" db:"allocated_at"` +} + +// ClusterEvent represents an audit event for cluster lifecycle +type ClusterEvent struct { + ID string `json:"id" db:"id"` + NamespaceClusterID string `json:"namespace_cluster_id" db:"namespace_cluster_id"` + EventType EventType `json:"event_type" db:"event_type"` + NodeID string `json:"node_id,omitempty" db:"node_id"` + Message string `json:"message,omitempty" db:"message"` + Metadata string `json:"metadata,omitempty" db:"metadata"` // JSON + CreatedAt time.Time `json:"created_at" db:"created_at"` +} + +// ClusterProvisioningStatus is the response format for the /v1/namespace/status endpoint +type ClusterProvisioningStatus struct { + ClusterID string `json:"cluster_id"` + Namespace string `json:"namespace"` + Status ClusterStatus `json:"status"` + Nodes []string `json:"nodes"` + RQLiteReady bool `json:"rqlite_ready"` + OlricReady bool `json:"olric_ready"` + GatewayReady bool `json:"gateway_ready"` + DNSReady bool `json:"dns_ready"` + Error string `json:"error,omitempty"` + CreatedAt time.Time `json:"created_at"` + ReadyAt *time.Time `json:"ready_at,omitempty"` +} + +// ProvisioningResponse is returned when a new namespace triggers cluster provisioning +type ProvisioningResponse struct { + Status string `json:"status"` + ClusterID string `json:"cluster_id"` + PollURL string `json:"poll_url"` + EstimatedTimeSeconds int `json:"estimated_time_seconds"` +} + +// Errors +type ClusterError struct { + Message string + Cause error +} + +func (e *ClusterError) Error() string { + if e.Cause != nil { + return e.Message + ": " + e.Cause.Error() + } + return e.Message +} + +func (e *ClusterError) Unwrap() error { + return e.Cause +} + +var ( + ErrNoPortsAvailable = &ClusterError{Message: "no ports available on node"} + ErrNodeAtCapacity = &ClusterError{Message: "node has reached maximum namespace instances"} + ErrInsufficientNodes = &ClusterError{Message: "insufficient nodes available for cluster"} + ErrClusterNotFound = &ClusterError{Message: "namespace cluster not found"} + ErrClusterAlreadyExists = &ClusterError{Message: "namespace cluster already exists"} + ErrProvisioningFailed = &ClusterError{Message: "cluster provisioning failed"} + ErrNamespaceNotFound = &ClusterError{Message: "namespace not found"} + ErrInvalidClusterStatus = &ClusterError{Message: "invalid cluster status for operation"} +) diff --git a/pkg/namespace/types_test.go b/pkg/namespace/types_test.go new file mode 100644 index 0000000..118be3f --- /dev/null +++ b/pkg/namespace/types_test.go @@ -0,0 +1,405 @@ +package namespace + +import ( + "errors" + "testing" + "time" +) + +func TestClusterStatus_Values(t *testing.T) { + // Verify all cluster status values are correct + tests := []struct { + status ClusterStatus + expected string + }{ + {ClusterStatusNone, "none"}, + {ClusterStatusProvisioning, "provisioning"}, + {ClusterStatusReady, "ready"}, + {ClusterStatusDegraded, "degraded"}, + {ClusterStatusFailed, "failed"}, + {ClusterStatusDeprovisioning, "deprovisioning"}, + } + + for _, tt := range tests { + t.Run(string(tt.status), func(t *testing.T) { + if string(tt.status) != tt.expected { + t.Errorf("ClusterStatus = %s, want %s", tt.status, tt.expected) + } + }) + } +} + +func TestNodeRole_Values(t *testing.T) { + // Verify all node role values are correct + tests := []struct { + role NodeRole + expected string + }{ + {NodeRoleRQLiteLeader, "rqlite_leader"}, + {NodeRoleRQLiteFollower, "rqlite_follower"}, + {NodeRoleOlric, "olric"}, + {NodeRoleGateway, "gateway"}, + } + + for _, tt := range tests { + t.Run(string(tt.role), func(t *testing.T) { + if string(tt.role) != tt.expected { + t.Errorf("NodeRole = %s, want %s", tt.role, tt.expected) + } + }) + } +} + +func TestNodeStatus_Values(t *testing.T) { + // Verify all node status values are correct + tests := []struct { + status NodeStatus + expected string + }{ + {NodeStatusPending, "pending"}, + {NodeStatusStarting, "starting"}, + {NodeStatusRunning, "running"}, + {NodeStatusStopped, "stopped"}, + {NodeStatusFailed, "failed"}, + } + + for _, tt := range tests { + t.Run(string(tt.status), func(t *testing.T) { + if string(tt.status) != tt.expected { + t.Errorf("NodeStatus = %s, want %s", tt.status, tt.expected) + } + }) + } +} + +func TestEventType_Values(t *testing.T) { + // Verify all event type values are correct + tests := []struct { + eventType EventType + expected string + }{ + {EventProvisioningStarted, "provisioning_started"}, + {EventNodesSelected, "nodes_selected"}, + {EventPortsAllocated, "ports_allocated"}, + {EventRQLiteStarted, "rqlite_started"}, + {EventRQLiteJoined, "rqlite_joined"}, + {EventRQLiteLeaderElected, "rqlite_leader_elected"}, + {EventOlricStarted, "olric_started"}, + {EventOlricJoined, "olric_joined"}, + {EventGatewayStarted, "gateway_started"}, + {EventDNSCreated, "dns_created"}, + {EventClusterReady, "cluster_ready"}, + {EventClusterDegraded, "cluster_degraded"}, + {EventClusterFailed, "cluster_failed"}, + {EventNodeFailed, "node_failed"}, + {EventNodeRecovered, "node_recovered"}, + {EventDeprovisionStarted, "deprovisioning_started"}, + {EventDeprovisioned, "deprovisioned"}, + } + + for _, tt := range tests { + t.Run(string(tt.eventType), func(t *testing.T) { + if string(tt.eventType) != tt.expected { + t.Errorf("EventType = %s, want %s", tt.eventType, tt.expected) + } + }) + } +} + +func TestClusterError_Error(t *testing.T) { + tests := []struct { + name string + err *ClusterError + expected string + }{ + { + name: "message only", + err: &ClusterError{Message: "something failed"}, + expected: "something failed", + }, + { + name: "message with cause", + err: &ClusterError{Message: "operation failed", Cause: errors.New("connection timeout")}, + expected: "operation failed: connection timeout", + }, + { + name: "empty message with cause", + err: &ClusterError{Message: "", Cause: errors.New("cause")}, + expected: ": cause", + }, + { + name: "empty message no cause", + err: &ClusterError{Message: ""}, + expected: "", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := tt.err.Error() + if result != tt.expected { + t.Errorf("Error() = %q, want %q", result, tt.expected) + } + }) + } +} + +func TestClusterError_Unwrap(t *testing.T) { + cause := errors.New("original error") + err := &ClusterError{ + Message: "wrapped", + Cause: cause, + } + + unwrapped := err.Unwrap() + if unwrapped != cause { + t.Errorf("Unwrap() = %v, want %v", unwrapped, cause) + } + + // Test with no cause + errNoCause := &ClusterError{Message: "no cause"} + if errNoCause.Unwrap() != nil { + t.Errorf("Unwrap() with no cause should return nil") + } +} + +func TestPredefinedErrors(t *testing.T) { + // Test that predefined errors have the correct messages + tests := []struct { + name string + err *ClusterError + expected string + }{ + {"ErrNoPortsAvailable", ErrNoPortsAvailable, "no ports available on node"}, + {"ErrNodeAtCapacity", ErrNodeAtCapacity, "node has reached maximum namespace instances"}, + {"ErrInsufficientNodes", ErrInsufficientNodes, "insufficient nodes available for cluster"}, + {"ErrClusterNotFound", ErrClusterNotFound, "namespace cluster not found"}, + {"ErrClusterAlreadyExists", ErrClusterAlreadyExists, "namespace cluster already exists"}, + {"ErrProvisioningFailed", ErrProvisioningFailed, "cluster provisioning failed"}, + {"ErrNamespaceNotFound", ErrNamespaceNotFound, "namespace not found"}, + {"ErrInvalidClusterStatus", ErrInvalidClusterStatus, "invalid cluster status for operation"}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if tt.err.Message != tt.expected { + t.Errorf("%s.Message = %q, want %q", tt.name, tt.err.Message, tt.expected) + } + }) + } +} + +func TestNamespaceCluster_Struct(t *testing.T) { + now := time.Now() + readyAt := now.Add(5 * time.Minute) + + cluster := &NamespaceCluster{ + ID: "cluster-123", + NamespaceID: 42, + NamespaceName: "test-namespace", + Status: ClusterStatusReady, + RQLiteNodeCount: 3, + OlricNodeCount: 3, + GatewayNodeCount: 3, + ProvisionedBy: "admin", + ProvisionedAt: now, + ReadyAt: &readyAt, + LastHealthCheck: nil, + ErrorMessage: "", + RetryCount: 0, + Nodes: nil, + } + + if cluster.ID != "cluster-123" { + t.Errorf("ID = %s, want cluster-123", cluster.ID) + } + if cluster.NamespaceID != 42 { + t.Errorf("NamespaceID = %d, want 42", cluster.NamespaceID) + } + if cluster.Status != ClusterStatusReady { + t.Errorf("Status = %s, want %s", cluster.Status, ClusterStatusReady) + } + if cluster.RQLiteNodeCount != 3 { + t.Errorf("RQLiteNodeCount = %d, want 3", cluster.RQLiteNodeCount) + } +} + +func TestClusterNode_Struct(t *testing.T) { + now := time.Now() + heartbeat := now.Add(-30 * time.Second) + + node := &ClusterNode{ + ID: "node-record-123", + NamespaceClusterID: "cluster-456", + NodeID: "12D3KooWabc123", + Role: NodeRoleRQLiteLeader, + RQLiteHTTPPort: 10000, + RQLiteRaftPort: 10001, + OlricHTTPPort: 10002, + OlricMemberlistPort: 10003, + GatewayHTTPPort: 10004, + Status: NodeStatusRunning, + ProcessPID: 12345, + LastHeartbeat: &heartbeat, + ErrorMessage: "", + RQLiteJoinAddress: "192.168.1.100:10001", + OlricPeers: `["192.168.1.100:10003","192.168.1.101:10003"]`, + CreatedAt: now, + UpdatedAt: now, + } + + if node.Role != NodeRoleRQLiteLeader { + t.Errorf("Role = %s, want %s", node.Role, NodeRoleRQLiteLeader) + } + if node.Status != NodeStatusRunning { + t.Errorf("Status = %s, want %s", node.Status, NodeStatusRunning) + } + if node.RQLiteHTTPPort != 10000 { + t.Errorf("RQLiteHTTPPort = %d, want 10000", node.RQLiteHTTPPort) + } + if node.ProcessPID != 12345 { + t.Errorf("ProcessPID = %d, want 12345", node.ProcessPID) + } +} + +func TestClusterProvisioningStatus_Struct(t *testing.T) { + now := time.Now() + readyAt := now.Add(2 * time.Minute) + + status := &ClusterProvisioningStatus{ + ClusterID: "cluster-789", + Namespace: "my-namespace", + Status: ClusterStatusProvisioning, + Nodes: []string{"node-1", "node-2", "node-3"}, + RQLiteReady: true, + OlricReady: true, + GatewayReady: false, + DNSReady: false, + Error: "", + CreatedAt: now, + ReadyAt: &readyAt, + } + + if status.ClusterID != "cluster-789" { + t.Errorf("ClusterID = %s, want cluster-789", status.ClusterID) + } + if len(status.Nodes) != 3 { + t.Errorf("len(Nodes) = %d, want 3", len(status.Nodes)) + } + if !status.RQLiteReady { + t.Error("RQLiteReady should be true") + } + if status.GatewayReady { + t.Error("GatewayReady should be false") + } +} + +func TestProvisioningResponse_Struct(t *testing.T) { + resp := &ProvisioningResponse{ + Status: "provisioning", + ClusterID: "cluster-abc", + PollURL: "/v1/namespace/status?id=cluster-abc", + EstimatedTimeSeconds: 120, + } + + if resp.Status != "provisioning" { + t.Errorf("Status = %s, want provisioning", resp.Status) + } + if resp.ClusterID != "cluster-abc" { + t.Errorf("ClusterID = %s, want cluster-abc", resp.ClusterID) + } + if resp.EstimatedTimeSeconds != 120 { + t.Errorf("EstimatedTimeSeconds = %d, want 120", resp.EstimatedTimeSeconds) + } +} + +func TestClusterEvent_Struct(t *testing.T) { + now := time.Now() + + event := &ClusterEvent{ + ID: "event-123", + NamespaceClusterID: "cluster-456", + EventType: EventClusterReady, + NodeID: "node-1", + Message: "Cluster is now ready", + Metadata: `{"nodes":["node-1","node-2","node-3"]}`, + CreatedAt: now, + } + + if event.EventType != EventClusterReady { + t.Errorf("EventType = %s, want %s", event.EventType, EventClusterReady) + } + if event.Message != "Cluster is now ready" { + t.Errorf("Message = %s, want 'Cluster is now ready'", event.Message) + } +} + +func TestPortBlock_Struct(t *testing.T) { + now := time.Now() + + block := &PortBlock{ + ID: "port-block-123", + NodeID: "node-456", + NamespaceClusterID: "cluster-789", + PortStart: 10000, + PortEnd: 10004, + RQLiteHTTPPort: 10000, + RQLiteRaftPort: 10001, + OlricHTTPPort: 10002, + OlricMemberlistPort: 10003, + GatewayHTTPPort: 10004, + AllocatedAt: now, + } + + // Verify port calculations + if block.PortEnd-block.PortStart+1 != PortsPerNamespace { + t.Errorf("Port range size = %d, want %d", block.PortEnd-block.PortStart+1, PortsPerNamespace) + } + + // Verify each port is within the block + ports := []int{ + block.RQLiteHTTPPort, + block.RQLiteRaftPort, + block.OlricHTTPPort, + block.OlricMemberlistPort, + block.GatewayHTTPPort, + } + + for i, port := range ports { + if port < block.PortStart || port > block.PortEnd { + t.Errorf("Port %d (%d) is outside block range [%d, %d]", + i, port, block.PortStart, block.PortEnd) + } + } +} + +func TestErrorsImplementError(t *testing.T) { + // Verify ClusterError implements error interface + var _ error = &ClusterError{} + + err := &ClusterError{Message: "test error"} + var errInterface error = err + + if errInterface.Error() != "test error" { + t.Errorf("error interface Error() = %s, want 'test error'", errInterface.Error()) + } +} + +func TestErrorsUnwrap(t *testing.T) { + // Test errors.Is/errors.As compatibility + cause := errors.New("root cause") + err := &ClusterError{ + Message: "wrapper", + Cause: cause, + } + + if !errors.Is(err, cause) { + t.Error("errors.Is should find the wrapped cause") + } + + // Test unwrap chain + unwrapped := errors.Unwrap(err) + if unwrapped != cause { + t.Error("errors.Unwrap should return the cause") + } +} diff --git a/pkg/node/dns_registration.go b/pkg/node/dns_registration.go new file mode 100644 index 0000000..ceba888 --- /dev/null +++ b/pkg/node/dns_registration.go @@ -0,0 +1,493 @@ +package node + +import ( + "context" + "database/sql" + "fmt" + "net" + "os" + "path/filepath" + "strings" + "time" + + "github.com/DeBrosOfficial/network/pkg/logging" + "go.uber.org/zap" +) + +// registerDNSNode registers this node in the dns_nodes table for deployment routing +func (n *Node) registerDNSNode(ctx context.Context) error { + if n.rqliteAdapter == nil { + return fmt.Errorf("rqlite adapter not initialized") + } + + // Get node ID (use peer ID) + nodeID := n.GetPeerID() + if nodeID == "" { + return fmt.Errorf("node peer ID not available") + } + + // Get external IP address + ipAddress, err := n.getNodeIPAddress() + if err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to determine node IP, using localhost", zap.Error(err)) + ipAddress = "127.0.0.1" + } + + // Get internal IP from WireGuard interface (for cross-node communication over VPN) + internalIP := ipAddress + if wgIP, err := n.getWireGuardIP(); err == nil && wgIP != "" { + internalIP = wgIP + } + + // Determine region (defaulting to "local" for now, could be from cloud metadata in future) + region := "local" + + // Insert or update node record + query := ` + INSERT INTO dns_nodes (id, ip_address, internal_ip, region, status, last_seen, created_at, updated_at) + VALUES (?, ?, ?, ?, 'active', datetime('now'), datetime('now'), datetime('now')) + ON CONFLICT(id) DO UPDATE SET + ip_address = excluded.ip_address, + internal_ip = excluded.internal_ip, + region = excluded.region, + status = 'active', + last_seen = datetime('now'), + updated_at = datetime('now') + ` + + db := n.rqliteAdapter.GetSQLDB() + _, err = db.ExecContext(ctx, query, nodeID, ipAddress, internalIP, region) + if err != nil { + return fmt.Errorf("failed to register DNS node: %w", err) + } + + n.logger.ComponentInfo(logging.ComponentNode, "Registered DNS node", + zap.String("node_id", nodeID), + zap.String("ip_address", ipAddress), + zap.String("region", region), + ) + + return nil +} + +// startDNSHeartbeat starts a goroutine that periodically updates the node's last_seen timestamp +func (n *Node) startDNSHeartbeat(ctx context.Context) { + go func() { + ticker := time.NewTicker(30 * time.Second) + defer ticker.Stop() + + for { + select { + case <-ctx.Done(): + n.logger.ComponentInfo(logging.ComponentNode, "DNS heartbeat stopped") + return + case <-ticker.C: + if err := n.updateDNSHeartbeat(ctx); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to update DNS heartbeat", zap.Error(err)) + } + // Self-healing: ensure this node's DNS records exist on every heartbeat + if err := n.ensureBaseDNSRecords(ctx); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to ensure DNS records on heartbeat", zap.Error(err)) + } + // Remove DNS records for nodes that stopped heartbeating + n.cleanupStaleNodeRecords(ctx) + } + } + }() + + n.logger.ComponentInfo(logging.ComponentNode, "Started DNS heartbeat (30s interval)") +} + +// updateDNSHeartbeat updates the node's last_seen timestamp in dns_nodes +func (n *Node) updateDNSHeartbeat(ctx context.Context) error { + if n.rqliteAdapter == nil { + return fmt.Errorf("rqlite adapter not initialized") + } + + nodeID := n.GetPeerID() + if nodeID == "" { + return fmt.Errorf("node peer ID not available") + } + + query := `UPDATE dns_nodes SET last_seen = datetime('now'), updated_at = datetime('now') WHERE id = ?` + db := n.rqliteAdapter.GetSQLDB() + _, err := db.ExecContext(ctx, query, nodeID) + if err != nil { + return fmt.Errorf("failed to update DNS heartbeat: %w", err) + } + + return nil +} + +// ensureBaseDNSRecords ensures this node's IP is present in the base DNS records. +// This provides self-healing: if records are missing (fresh install, DB reset), +// the node recreates them on startup. Each node only manages its own IP entries. +// +// Records are created for BOTH the base domain (dbrs.space) and the node domain +// (node1.dbrs.space). The base domain records enable round-robin load balancing +// across all nodes. The node domain records enable direct node access. +func (n *Node) ensureBaseDNSRecords(ctx context.Context) error { + baseDomain := n.config.HTTPGateway.BaseDomain + nodeDomain := n.config.Node.Domain + + if baseDomain == "" && nodeDomain == "" { + return nil // No domain configured, skip + } + + ipAddress, err := n.getNodeIPAddress() + if err != nil { + return fmt.Errorf("failed to determine node IP: %w", err) + } + + db := n.rqliteAdapter.GetSQLDB() + + // Clean up any private IP A records left by old code versions. + // Old code could insert WireGuard IPs (10.0.0.x) into dns_records. + // This self-heals on every heartbeat cycle. + cleanupPrivateIPRecords(ctx, db, n.logger) + + // Build list of A records to ensure + var records []struct { + fqdn string + value string + } + + // Base domain records (e.g., dbrs.space, *.dbrs.space) — only for nameserver nodes. + // Only nameserver nodes run Caddy (HTTPS), so only they should appear in base domain + // round-robin. Non-nameserver nodes would cause TLS failures for clients. + if baseDomain != "" && n.isNameserverNode(ctx) { + records = append(records, + struct{ fqdn, value string }{baseDomain + ".", ipAddress}, + struct{ fqdn, value string }{"*." + baseDomain + ".", ipAddress}, + ) + } + + // Node-specific records (e.g., node1.dbrs.space, *.node1.dbrs.space) — for direct node access + if nodeDomain != "" && nodeDomain != baseDomain { + records = append(records, + struct{ fqdn, value string }{nodeDomain + ".", ipAddress}, + struct{ fqdn, value string }{"*." + nodeDomain + ".", ipAddress}, + ) + } + + // Insert root A record and wildcard A record for this node's IP + // ON CONFLICT DO NOTHING avoids duplicates (UNIQUE on fqdn, record_type, value) + for _, r := range records { + query := `INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at) + VALUES (?, 'A', ?, 300, 'system', 'system', TRUE, datetime('now'), datetime('now')) + ON CONFLICT(fqdn, record_type, value) DO NOTHING` + if _, err := db.ExecContext(ctx, query, r.fqdn, r.value); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to ensure DNS record", + zap.String("fqdn", r.fqdn), zap.Error(err)) + } + } + + // Ensure SOA and NS records exist for the base domain (self-healing) + if baseDomain != "" { + n.ensureSOAAndNSRecords(ctx, baseDomain) + } + + // Claim an NS slot for the base domain (ns1/ns2/ns3) — only if this node + // was installed with --nameserver (i.e. runs Caddy + CoreDNS). + if baseDomain != "" && n.isNameserverPreference() { + n.claimNameserverSlot(ctx, baseDomain, ipAddress) + } + + return nil +} + +// ensureSOAAndNSRecords creates SOA and NS records for the base domain if they don't exist. +// These are normally seeded during install Phase 7, but if that fails (e.g. migrations +// not yet run), the heartbeat self-heals them here. +func (n *Node) ensureSOAAndNSRecords(ctx context.Context, baseDomain string) { + db := n.rqliteAdapter.GetSQLDB() + fqdn := baseDomain + "." + + // Check if SOA exists + var count int + err := db.QueryRowContext(ctx, + `SELECT COUNT(*) FROM dns_records WHERE fqdn = ? AND record_type = 'SOA'`, fqdn, + ).Scan(&count) + if err != nil || count > 0 { + return // SOA exists or query failed, skip + } + + n.logger.ComponentInfo(logging.ComponentNode, "SOA/NS records missing, self-healing", + zap.String("domain", baseDomain)) + + // Create SOA record + soaValue := fmt.Sprintf("ns1.%s. admin.%s. %d 3600 1800 604800 300", + baseDomain, baseDomain, time.Now().Unix()) + if _, err := db.ExecContext(ctx, + `INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at) + VALUES (?, 'SOA', ?, 300, 'system', 'system', TRUE, datetime('now'), datetime('now')) + ON CONFLICT(fqdn, record_type, value) DO NOTHING`, + fqdn, soaValue, + ); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to create SOA record", zap.Error(err)) + } + + // Create NS records (ns1, ns2, ns3) + for i := 1; i <= 3; i++ { + nsValue := fmt.Sprintf("ns%d.%s.", i, baseDomain) + if _, err := db.ExecContext(ctx, + `INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at) + VALUES (?, 'NS', ?, 300, 'system', 'system', TRUE, datetime('now'), datetime('now')) + ON CONFLICT(fqdn, record_type, value) DO NOTHING`, + fqdn, nsValue, + ); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to create NS record", zap.Error(err)) + } + } +} + +// claimNameserverSlot attempts to claim an available NS hostname (ns1/ns2/ns3) for this node. +// If the node already has a slot, it updates the IP. If no slot is available, it does nothing. +func (n *Node) claimNameserverSlot(ctx context.Context, domain, ipAddress string) { + nodeID := n.GetPeerID() + db := n.rqliteAdapter.GetSQLDB() + + // Check if this node already has a slot + var existingHostname string + err := db.QueryRowContext(ctx, + `SELECT hostname FROM dns_nameservers WHERE node_id = ? AND domain = ?`, + nodeID, domain, + ).Scan(&existingHostname) + + if err == nil { + // Already claimed — update IP if changed + if _, err := db.ExecContext(ctx, + `UPDATE dns_nameservers SET ip_address = ?, updated_at = datetime('now') WHERE hostname = ? AND domain = ?`, + ipAddress, existingHostname, domain, + ); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to update NS slot IP", zap.Error(err)) + } + // Ensure the glue A record matches + nsFQDN := existingHostname + "." + domain + "." + if _, err := db.ExecContext(ctx, + `INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at) + VALUES (?, 'A', ?, 300, 'system', 'system', TRUE, datetime('now'), datetime('now')) + ON CONFLICT(fqdn, record_type, value) DO NOTHING`, + nsFQDN, ipAddress, + ); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to ensure NS glue record", zap.Error(err)) + } + return + } + + // Try to claim an available slot + for _, hostname := range []string{"ns1", "ns2", "ns3"} { + result, err := db.ExecContext(ctx, + `INSERT INTO dns_nameservers (hostname, node_id, ip_address, domain) VALUES (?, ?, ?, ?) + ON CONFLICT(hostname) DO NOTHING`, + hostname, nodeID, ipAddress, domain, + ) + if err != nil { + continue + } + rows, _ := result.RowsAffected() + if rows > 0 { + // Successfully claimed this slot — create glue record + nsFQDN := hostname + "." + domain + "." + if _, err := db.ExecContext(ctx, + `INSERT INTO dns_records (fqdn, record_type, value, ttl, namespace, created_by, is_active, created_at, updated_at) + VALUES (?, 'A', ?, 300, 'system', 'system', TRUE, datetime('now'), datetime('now')) + ON CONFLICT(fqdn, record_type, value) DO NOTHING`, + nsFQDN, ipAddress, + ); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to create NS glue record", zap.Error(err)) + } + n.logger.ComponentInfo(logging.ComponentNode, "Claimed NS slot", + zap.String("hostname", hostname), + zap.String("ip", ipAddress), + ) + return + } + } +} + +// cleanupStaleNodeRecords removes A records for nodes that have stopped heartbeating. +// This ensures DNS only returns IPs for healthy, active nodes. +func (n *Node) cleanupStaleNodeRecords(ctx context.Context) { + if n.rqliteAdapter == nil { + return + } + + baseDomain := n.config.HTTPGateway.BaseDomain + if baseDomain == "" { + baseDomain = n.config.Node.Domain + } + if baseDomain == "" { + return + } + + db := n.rqliteAdapter.GetSQLDB() + + // Find nodes that haven't sent a heartbeat in over 2 minutes + staleQuery := `SELECT id, ip_address FROM dns_nodes WHERE status = 'active' AND last_seen < datetime('now', '-120 seconds')` + rows, err := db.QueryContext(ctx, staleQuery) + if err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to query stale nodes", zap.Error(err)) + return + } + defer rows.Close() + + // Build all FQDNs to clean: base domain + node domain + var fqdnsToClean []string + fqdnsToClean = append(fqdnsToClean, baseDomain+".", "*."+baseDomain+".") + if n.config.Node.Domain != "" && n.config.Node.Domain != baseDomain { + fqdnsToClean = append(fqdnsToClean, n.config.Node.Domain+".", "*."+n.config.Node.Domain+".") + } + + for rows.Next() { + var nodeID, ip string + if err := rows.Scan(&nodeID, &ip); err != nil { + continue + } + + // Mark node as inactive + if _, err := db.ExecContext(ctx, `UPDATE dns_nodes SET status = 'inactive', updated_at = datetime('now') WHERE id = ?`, nodeID); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to mark node inactive", zap.String("node_id", nodeID), zap.Error(err)) + } + + // Remove the dead node's A records from round-robin + for _, f := range fqdnsToClean { + if _, err := db.ExecContext(ctx, `DELETE FROM dns_records WHERE fqdn = ? AND record_type = 'A' AND value = ? AND namespace = 'system'`, f, ip); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to remove stale DNS record", + zap.String("fqdn", f), zap.String("ip", ip), zap.Error(err)) + } + } + + // Release any NS slot held by this dead node + if _, err := db.ExecContext(ctx, `DELETE FROM dns_nameservers WHERE node_id = ?`, nodeID); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to release NS slot", zap.String("node_id", nodeID), zap.Error(err)) + } + + // Remove glue records for this node's IP (ns1.domain., ns2.domain., ns3.domain.) + for _, ns := range []string{"ns1", "ns2", "ns3"} { + nsFQDN := ns + "." + baseDomain + "." + if _, err := db.ExecContext(ctx, + `DELETE FROM dns_records WHERE fqdn = ? AND record_type = 'A' AND value = ? AND namespace = 'system'`, + nsFQDN, ip, + ); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to remove NS glue record", zap.Error(err)) + } + } + + n.logger.ComponentInfo(logging.ComponentNode, "Removed stale node from DNS", + zap.String("node_id", nodeID), + zap.String("ip", ip), + ) + } +} + +// isNameserverPreference checks if this node was installed with --nameserver flag +// by reading the preferences.yaml file. Only nameserver nodes should claim NS slots. +func (n *Node) isNameserverPreference() bool { + oramaDir := filepath.Join(os.ExpandEnv(n.config.Node.DataDir), "..") + prefsPath := filepath.Join(oramaDir, "preferences.yaml") + data, err := os.ReadFile(prefsPath) + if err != nil { + return false + } + // Simple check: look for "nameserver: true" in the YAML + return strings.Contains(string(data), "nameserver: true") +} + +// isNameserverNode checks if this node has claimed a nameserver slot (ns1/ns2/ns3). +// Only nameserver nodes run Caddy for HTTPS, so only they should be in base domain DNS. +func (n *Node) isNameserverNode(ctx context.Context) bool { + if n.rqliteAdapter == nil { + return false + } + nodeID := n.GetPeerID() + if nodeID == "" { + return false + } + db := n.rqliteAdapter.GetSQLDB() + var count int + err := db.QueryRowContext(ctx, + `SELECT COUNT(*) FROM dns_nameservers WHERE node_id = ?`, nodeID, + ).Scan(&count) + return err == nil && count > 0 +} + +// getWireGuardIP returns the IPv4 address assigned to the wg0 interface, if any +func (n *Node) getWireGuardIP() (string, error) { + iface, err := net.InterfaceByName("wg0") + if err != nil { + return "", err + } + addrs, err := iface.Addrs() + if err != nil { + return "", err + } + for _, addr := range addrs { + if ipnet, ok := addr.(*net.IPNet); ok && ipnet.IP.To4() != nil { + return ipnet.IP.String(), nil + } + } + return "", fmt.Errorf("no IPv4 address on wg0") +} + +// getNodeIPAddress attempts to determine the node's external IP address +func (n *Node) getNodeIPAddress() (string, error) { + // Try to detect external IP by connecting to a public server + conn, err := net.Dial("udp", "8.8.8.8:80") + if err != nil { + // If that fails, try to get first non-loopback interface IP + addrs, err := net.InterfaceAddrs() + if err != nil { + return "", err + } + + for _, addr := range addrs { + if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() && !ipnet.IP.IsPrivate() { + if ipnet.IP.To4() != nil { + return ipnet.IP.String(), nil + } + } + } + + return "", fmt.Errorf("no suitable IP address found") + } + defer conn.Close() + + localAddr := conn.LocalAddr().(*net.UDPAddr) + if localAddr.IP.IsPrivate() || localAddr.IP.IsLoopback() { + // UDP dial returned a private/loopback IP (e.g. WireGuard 10.0.0.x). + // Fall back to scanning interfaces for a public IPv4. + addrs, err := net.InterfaceAddrs() + if err != nil { + return "", fmt.Errorf("private IP detected (%s) and failed to list interfaces: %w", localAddr.IP, err) + } + for _, addr := range addrs { + if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() && !ipnet.IP.IsPrivate() { + if ipnet.IP.To4() != nil { + return ipnet.IP.String(), nil + } + } + } + return "", fmt.Errorf("private IP detected (%s) and no public IPv4 found on interfaces", localAddr.IP) + } + return localAddr.IP.String(), nil +} + +// cleanupPrivateIPRecords deletes any A records with private/loopback IPs from dns_records. +// Old code versions could insert WireGuard IPs (10.0.0.x) into the table. This runs on +// every heartbeat to self-heal. +func cleanupPrivateIPRecords(ctx context.Context, db *sql.DB, logger *logging.ColoredLogger) { + query := `DELETE FROM dns_records WHERE record_type = 'A' AND namespace = 'system' + AND (value LIKE '10.%' OR value LIKE '172.16.%' OR value LIKE '172.17.%' OR value LIKE '172.18.%' + OR value LIKE '172.19.%' OR value LIKE '172.2_.%' OR value LIKE '172.30.%' OR value LIKE '172.31.%' + OR value LIKE '192.168.%' OR value = '127.0.0.1')` + result, err := db.ExecContext(ctx, query) + if err != nil { + logger.ComponentWarn(logging.ComponentNode, "Failed to clean up private IP DNS records", zap.Error(err)) + return + } + if rows, _ := result.RowsAffected(); rows > 0 { + logger.ComponentInfo(logging.ComponentNode, "Cleaned up private IP DNS records", + zap.Int64("deleted", rows)) + } +} diff --git a/pkg/node/gateway.go b/pkg/node/gateway.go index 9bada62..91b55fe 100644 --- a/pkg/node/gateway.go +++ b/pkg/node/gateway.go @@ -2,21 +2,24 @@ package node import ( "context" - "crypto/tls" - "fmt" "net" "net/http" "os" "path/filepath" + "time" "github.com/DeBrosOfficial/network/pkg/gateway" + namespacehandlers "github.com/DeBrosOfficial/network/pkg/gateway/handlers/namespace" "github.com/DeBrosOfficial/network/pkg/ipfs" "github.com/DeBrosOfficial/network/pkg/logging" - "golang.org/x/crypto/acme" - "golang.org/x/crypto/acme/autocert" + "github.com/DeBrosOfficial/network/pkg/namespace" + "go.uber.org/zap" ) // startHTTPGateway initializes and starts the full API gateway +// The gateway always runs HTTP on the configured port (default :6001). +// When running with Caddy (nameserver mode), Caddy handles external HTTPS +// and proxies requests to this internal HTTP gateway. func (n *Node) startHTTPGateway(ctx context.Context) error { if !n.config.HTTPGateway.Enabled { n.logger.ComponentInfo(logging.ComponentNode, "HTTP Gateway disabled in config") @@ -32,20 +35,29 @@ func (n *Node) startHTTPGateway(ctx context.Context) error { return err } + // DataDir in node config is ~/.orama/data; the orama dir is the parent + oramaDir := filepath.Join(os.ExpandEnv(n.config.Node.DataDir), "..") + + // Read cluster secret for WireGuard peer exchange auth + clusterSecret := "" + if secretBytes, err := os.ReadFile(filepath.Join(oramaDir, "secrets", "cluster-secret")); err == nil { + clusterSecret = string(secretBytes) + } + gwCfg := &gateway.Config{ - ListenAddr: n.config.HTTPGateway.ListenAddr, - ClientNamespace: n.config.HTTPGateway.ClientNamespace, - BootstrapPeers: n.config.Discovery.BootstrapPeers, - NodePeerID: loadNodePeerIDFromIdentity(n.config.Node.DataDir), - RQLiteDSN: n.config.HTTPGateway.RQLiteDSN, - OlricServers: n.config.HTTPGateway.OlricServers, - OlricTimeout: n.config.HTTPGateway.OlricTimeout, + ListenAddr: n.config.HTTPGateway.ListenAddr, + ClientNamespace: n.config.HTTPGateway.ClientNamespace, + BootstrapPeers: n.config.Discovery.BootstrapPeers, + NodePeerID: loadNodePeerIDFromIdentity(n.config.Node.DataDir), + RQLiteDSN: n.config.HTTPGateway.RQLiteDSN, + OlricServers: n.config.HTTPGateway.OlricServers, + OlricTimeout: n.config.HTTPGateway.OlricTimeout, IPFSClusterAPIURL: n.config.HTTPGateway.IPFSClusterAPIURL, - IPFSAPIURL: n.config.HTTPGateway.IPFSAPIURL, - IPFSTimeout: n.config.HTTPGateway.IPFSTimeout, - EnableHTTPS: n.config.HTTPGateway.HTTPS.Enabled, - DomainName: n.config.HTTPGateway.HTTPS.Domain, - TLSCacheDir: n.config.HTTPGateway.HTTPS.CacheDir, + IPFSAPIURL: n.config.HTTPGateway.IPFSAPIURL, + IPFSTimeout: n.config.HTTPGateway.IPFSTimeout, + BaseDomain: n.config.HTTPGateway.BaseDomain, + DataDir: oramaDir, + ClusterSecret: clusterSecret, } apiGateway, err := gateway.New(gatewayLogger, gwCfg) @@ -54,135 +66,89 @@ func (n *Node) startHTTPGateway(ctx context.Context) error { } n.apiGateway = apiGateway - var certManager *autocert.Manager - if gwCfg.EnableHTTPS && gwCfg.DomainName != "" { - tlsCacheDir := gwCfg.TLSCacheDir - if tlsCacheDir == "" { - tlsCacheDir = "/home/debros/.orama/tls-cache" + // Wire up ClusterManager for per-namespace cluster provisioning + if ormClient := apiGateway.GetORMClient(); ormClient != nil { + baseDataDir := filepath.Join(os.ExpandEnv(n.config.Node.DataDir), "..", "data", "namespaces") + clusterCfg := namespace.ClusterManagerConfig{ + BaseDomain: n.config.HTTPGateway.BaseDomain, + BaseDataDir: baseDataDir, + GlobalRQLiteDSN: gwCfg.RQLiteDSN, // Pass global RQLite DSN for namespace gateway auth + IPFSClusterAPIURL: gwCfg.IPFSClusterAPIURL, + IPFSAPIURL: gwCfg.IPFSAPIURL, + IPFSTimeout: gwCfg.IPFSTimeout, + IPFSReplicationFactor: n.config.Database.IPFS.ReplicationFactor, } - _ = os.MkdirAll(tlsCacheDir, 0700) + clusterManager := namespace.NewClusterManager(ormClient, clusterCfg, n.logger.Logger) + clusterManager.SetLocalNodeID(gwCfg.NodePeerID) + apiGateway.SetClusterProvisioner(clusterManager) - certManager = &autocert.Manager{ - Prompt: autocert.AcceptTOS, - HostPolicy: autocert.HostWhitelist(gwCfg.DomainName), - Cache: autocert.DirCache(tlsCacheDir), - Email: fmt.Sprintf("admin@%s", gwCfg.DomainName), - Client: &acme.Client{ - DirectoryURL: "https://acme-staging-v02.api.letsencrypt.org/directory", - }, - } - n.certManager = certManager - n.certReady = make(chan struct{}) + // Wire spawn handler for distributed namespace instance spawning + systemdSpawner := namespace.NewSystemdSpawner(baseDataDir, n.logger.Logger) + spawnHandler := namespacehandlers.NewSpawnHandler(systemdSpawner, n.logger.Logger) + apiGateway.SetSpawnHandler(spawnHandler) + + // Wire namespace delete handler + deleteHandler := namespacehandlers.NewDeleteHandler(clusterManager, ormClient, n.logger.Logger) + apiGateway.SetNamespaceDeleteHandler(deleteHandler) + + n.logger.ComponentInfo(logging.ComponentNode, "Namespace cluster provisioning enabled", + zap.String("base_domain", clusterCfg.BaseDomain), + zap.String("base_data_dir", baseDataDir)) + + // Restore previously-running namespace cluster processes in background. + // First try local state files (no DB dependency), then fall back to DB query with retries. + go func() { + time.Sleep(5 * time.Second) + + // Try disk-based restore first (instant, no DB needed) + restored, err := clusterManager.RestoreLocalClustersFromDisk(ctx) + if err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Disk-based namespace restore failed", zap.Error(err)) + } + if restored > 0 { + n.logger.ComponentInfo(logging.ComponentNode, "Restored namespace clusters from local state", + zap.Int("count", restored)) + return + } + + // No state files found — fall back to DB query with retries + n.logger.ComponentInfo(logging.ComponentNode, "No local state files, falling back to DB restore") + time.Sleep(5 * time.Second) + for attempt := 1; attempt <= 12; attempt++ { + if err := clusterManager.RestoreLocalClusters(ctx); err == nil { + return + } else { + n.logger.ComponentWarn(logging.ComponentNode, "Namespace cluster restore failed, retrying", + zap.Int("attempt", attempt), zap.Error(err)) + } + time.Sleep(10 * time.Second) + } + n.logger.ComponentError(logging.ComponentNode, "Failed to restore namespace clusters after all retries") + }() } - httpReady := make(chan struct{}) - go func() { - if gwCfg.EnableHTTPS && gwCfg.DomainName != "" && certManager != nil { - httpsPort := 443 - httpPort := 80 - - httpServer := &http.Server{ - Addr: fmt.Sprintf(":%d", httpPort), - Handler: certManager.HTTPHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - target := fmt.Sprintf("https://%s%s", r.Host, r.URL.RequestURI()) - http.Redirect(w, r, target, http.StatusMovedPermanently) - })), - } - - httpListener, err := net.Listen("tcp", fmt.Sprintf(":%d", httpPort)) - if err != nil { - close(httpReady) - return - } - - go httpServer.Serve(httpListener) - - // Pre-provision cert - certReq := &tls.ClientHelloInfo{ServerName: gwCfg.DomainName} - _, certErr := certManager.GetCertificate(certReq) - - if certErr != nil { - close(httpReady) - httpServer.Handler = apiGateway.Routes() - return - } - - close(httpReady) - - tlsConfig := &tls.Config{ - MinVersion: tls.VersionTLS12, - GetCertificate: certManager.GetCertificate, - } - - httpsServer := &http.Server{ - Addr: fmt.Sprintf(":%d", httpsPort), - TLSConfig: tlsConfig, - Handler: apiGateway.Routes(), - } - n.apiGatewayServer = httpsServer - - ln, err := tls.Listen("tcp", fmt.Sprintf(":%d", httpsPort), tlsConfig) - if err == nil { - httpsServer.Serve(ln) - } - } else { - close(httpReady) - server := &http.Server{ - Addr: gwCfg.ListenAddr, - Handler: apiGateway.Routes(), - } - n.apiGatewayServer = server - ln, err := net.Listen("tcp", gwCfg.ListenAddr) - if err == nil { - server.Serve(ln) - } + server := &http.Server{ + Addr: gwCfg.ListenAddr, + Handler: apiGateway.Routes(), } + n.apiGatewayServer = server + + ln, err := net.Listen("tcp", gwCfg.ListenAddr) + if err != nil { + n.logger.ComponentError(logging.ComponentNode, "Failed to bind HTTP gateway", + zap.String("addr", gwCfg.ListenAddr), zap.Error(err)) + return + } + + n.logger.ComponentInfo(logging.ComponentNode, "HTTP gateway started", + zap.String("addr", gwCfg.ListenAddr)) + server.Serve(ln) }() - // SNI Gateway - if n.config.HTTPGateway.SNI.Enabled && n.certManager != nil { - go n.startSNIGateway(ctx, httpReady) - } - return nil } -func (n *Node) startSNIGateway(ctx context.Context, httpReady <-chan struct{}) { - <-httpReady - domain := n.config.HTTPGateway.HTTPS.Domain - if domain == "" { - return - } - - certReq := &tls.ClientHelloInfo{ServerName: domain} - tlsCert, err := n.certManager.GetCertificate(certReq) - if err != nil { - return - } - - tlsCacheDir := n.config.HTTPGateway.HTTPS.CacheDir - if tlsCacheDir == "" { - tlsCacheDir = "/home/debros/.orama/tls-cache" - } - - certPath := filepath.Join(tlsCacheDir, domain+".crt") - keyPath := filepath.Join(tlsCacheDir, domain+".key") - - if err := extractPEMFromTLSCert(tlsCert, certPath, keyPath); err == nil { - if n.certReady != nil { - close(n.certReady) - } - } - - sniCfg := n.config.HTTPGateway.SNI - sniGateway, err := gateway.NewTCPSNIGateway(n.logger, &sniCfg) - if err == nil { - n.sniGateway = sniGateway - sniGateway.Start(ctx) - } -} - // startIPFSClusterConfig initializes and ensures IPFS Cluster configuration func (n *Node) startIPFSClusterConfig() error { n.logger.ComponentInfo(logging.ComponentNode, "Initializing IPFS Cluster configuration") @@ -201,4 +167,3 @@ func (n *Node) startIPFSClusterConfig() error { _ = cm.RepairPeerConfiguration() return nil } - diff --git a/pkg/node/ipfs_swarm_sync.go b/pkg/node/ipfs_swarm_sync.go new file mode 100644 index 0000000..de01525 --- /dev/null +++ b/pkg/node/ipfs_swarm_sync.go @@ -0,0 +1,186 @@ +package node + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "net/url" + "os/exec" + "strings" + "time" + + "github.com/DeBrosOfficial/network/pkg/logging" + "go.uber.org/zap" +) + +// syncIPFSSwarmPeers queries all cluster nodes from RQLite and ensures +// this node's IPFS daemon is connected to every other node's IPFS daemon. +// Uses `ipfs swarm connect` for immediate connectivity without requiring +// config file changes or IPFS restarts. +func (n *Node) syncIPFSSwarmPeers(ctx context.Context) { + if n.rqliteAdapter == nil { + return + } + + // Check if IPFS is running + if _, err := exec.LookPath("ipfs"); err != nil { + return + } + + // Get this node's WG IP + myWGIP := getLocalWGIP() + if myWGIP == "" { + return + } + + // Query all peers with IPFS peer IDs from RQLite + db := n.rqliteAdapter.GetSQLDB() + rows, err := db.QueryContext(ctx, + "SELECT wg_ip, ipfs_peer_id FROM wireguard_peers WHERE ipfs_peer_id != '' AND wg_ip != ?", + myWGIP) + if err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to query IPFS peers from RQLite", zap.Error(err)) + return + } + defer rows.Close() + + type ipfsPeer struct { + wgIP string + peerID string + } + + var peers []ipfsPeer + for rows.Next() { + var p ipfsPeer + if err := rows.Scan(&p.wgIP, &p.peerID); err != nil { + continue + } + peers = append(peers, p) + } + + if len(peers) == 0 { + return + } + + // Get currently connected IPFS swarm peers via API + connectedPeers := getConnectedIPFSPeers() + + // Connect to any peer we're not already connected to + connected := 0 + for _, p := range peers { + if connectedPeers[p.peerID] { + continue // already connected + } + + multiaddr := fmt.Sprintf("/ip4/%s/tcp/4101/p2p/%s", p.wgIP, p.peerID) + if err := ipfsSwarmConnect(multiaddr); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to connect IPFS swarm peer", + zap.String("peer", p.peerID[:12]+"..."), + zap.String("wg_ip", p.wgIP), + zap.Error(err)) + } else { + connected++ + n.logger.ComponentInfo(logging.ComponentNode, "Connected to IPFS swarm peer", + zap.String("peer", p.peerID[:12]+"..."), + zap.String("wg_ip", p.wgIP)) + } + } + + if connected > 0 { + n.logger.ComponentInfo(logging.ComponentNode, "IPFS swarm sync completed", + zap.Int("new_connections", connected), + zap.Int("total_cluster_peers", len(peers))) + } +} + +// getConnectedIPFSPeers returns a set of currently connected IPFS peer IDs +func getConnectedIPFSPeers() map[string]bool { + peers := make(map[string]bool) + + client := &http.Client{Timeout: 5 * time.Second} + resp, err := client.Post("http://localhost:4501/api/v0/swarm/peers", "", nil) + if err != nil { + return peers + } + defer resp.Body.Close() + + // The response contains Peers array with Peer field for each connected peer + // We just need the peer IDs, which are the last component of each multiaddr + var result struct { + Peers []struct { + Peer string `json:"Peer"` + } `json:"Peers"` + } + + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + return peers + } + + for _, p := range result.Peers { + peers[p.Peer] = true + } + return peers +} + +// ipfsSwarmConnect connects to an IPFS peer via the HTTP API +func ipfsSwarmConnect(multiaddr string) error { + client := &http.Client{Timeout: 10 * time.Second} + apiURL := fmt.Sprintf("http://localhost:4501/api/v0/swarm/connect?arg=%s", url.QueryEscape(multiaddr)) + resp, err := client.Post(apiURL, "", nil) + if err != nil { + return err + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("swarm connect returned status %d", resp.StatusCode) + } + return nil +} + +// getLocalWGIP returns the WireGuard IP of this node +func getLocalWGIP() string { + out, err := exec.Command("ip", "-4", "addr", "show", "wg0").CombinedOutput() + if err != nil { + return "" + } + for _, line := range strings.Split(string(out), "\n") { + line = strings.TrimSpace(line) + if strings.HasPrefix(line, "inet ") { + parts := strings.Fields(line) + if len(parts) >= 2 { + return strings.Split(parts[1], "/")[0] + } + } + } + return "" +} + +// startIPFSSwarmSyncLoop periodically syncs IPFS swarm connections with cluster peers +func (n *Node) startIPFSSwarmSyncLoop(ctx context.Context) { + // Initial sync after a short delay (give IPFS time to start) + go func() { + select { + case <-ctx.Done(): + return + case <-time.After(30 * time.Second): + } + + n.syncIPFSSwarmPeers(ctx) + + // Then sync every 60 seconds + ticker := time.NewTicker(60 * time.Second) + defer ticker.Stop() + for { + select { + case <-ctx.Done(): + return + case <-ticker.C: + n.syncIPFSSwarmPeers(ctx) + } + } + }() + + n.logger.ComponentInfo(logging.ComponentNode, "IPFS swarm sync loop started") +} diff --git a/pkg/node/monitoring.go b/pkg/node/monitoring.go index b63047a..5ad7772 100644 --- a/pkg/node/monitoring.go +++ b/pkg/node/monitoring.go @@ -184,16 +184,18 @@ func (n *Node) GetDiscoveryStatus() map[string]interface{} { // Unlike nodes which need extensive monitoring, clients only need basic health checks. func (n *Node) startConnectionMonitoring() { go func() { - ticker := time.NewTicker(30 * time.Second) // Less frequent than nodes (60s vs 30s) + ticker := time.NewTicker(30 * time.Second) // Ticks every 30 seconds defer ticker.Stop() var lastPeerCount int firstCheck := true + tickCount := 0 for range ticker.C { if n.host == nil { return } + tickCount++ // Get current peer count peers := n.host.Network().Peers() @@ -217,9 +219,9 @@ func (n *Node) startConnectionMonitoring() { // This discovers all cluster peers and updates peer_addresses in service.json // so IPFS Cluster can automatically connect to all discovered peers if n.clusterConfigManager != nil { - // First try to discover from LibP2P connections (works even if cluster peers aren't connected yet) - // This runs every minute to discover peers automatically via LibP2P discovery - if time.Now().Unix()%60 == 0 { + // Discover from LibP2P connections every 2 ticks (once per minute) + // Works even if cluster peers aren't connected yet + if tickCount%2 == 0 { if err := n.clusterConfigManager.DiscoverClusterPeersFromLibP2P(n.host); err != nil { n.logger.ComponentWarn(logging.ComponentNode, "Failed to discover cluster peers from LibP2P", zap.Error(err)) } else { @@ -227,9 +229,9 @@ func (n *Node) startConnectionMonitoring() { } } - // Also try to update from cluster API (works once peers are connected) - // Update all cluster peers every 2 minutes to discover new peers - if time.Now().Unix()%120 == 0 { + // Update from cluster API every 4 ticks (once per 2 minutes) + // Works once peers are already connected + if tickCount%4 == 0 { if err := n.clusterConfigManager.UpdateAllClusterPeers(); err != nil { n.logger.ComponentWarn(logging.ComponentNode, "Failed to update cluster peers during monitoring", zap.Error(err)) } else { diff --git a/pkg/node/node.go b/pkg/node/node.go index eeb4d3b..c4b8438 100644 --- a/pkg/node/node.go +++ b/pkg/node/node.go @@ -18,7 +18,6 @@ import ( database "github.com/DeBrosOfficial/network/pkg/rqlite" "github.com/libp2p/go-libp2p/core/host" "go.uber.org/zap" - "golang.org/x/crypto/acme/autocert" ) // Node represents a network node with RQLite database @@ -44,17 +43,8 @@ type Node struct { clusterConfigManager *ipfs.ClusterConfigManager // Full gateway (for API, auth, pubsub, and internal service routing) - apiGateway *gateway.Gateway + apiGateway *gateway.Gateway apiGatewayServer *http.Server - - // SNI gateway (for TCP routing of raft, ipfs, olric, etc.) - sniGateway *gateway.TCPSNIGateway - - // Shared certificate manager for HTTPS and SNI - certManager *autocert.Manager - - // Certificate ready signal - closed when TLS certificates are extracted and ready for use - certReady chan struct{} } // NewNode creates a new network node @@ -113,6 +103,26 @@ func (n *Node) Start(ctx context.Context) error { return fmt.Errorf("failed to start RQLite: %w", err) } + // Sync WireGuard peers from RQLite (if WG is active on this node) + n.startWireGuardSyncLoop(ctx) + + // Sync IPFS swarm connections with all cluster peers + n.startIPFSSwarmSyncLoop(ctx) + + // Register this node in dns_nodes table for deployment routing + if err := n.registerDNSNode(ctx); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to register DNS node", zap.Error(err)) + // Don't fail startup if DNS registration fails, it will retry on heartbeat + } else { + // Start DNS heartbeat to keep node status fresh + n.startDNSHeartbeat(ctx) + + // Ensure base DNS records exist for this node (self-healing) + if err := n.ensureBaseDNSRecords(ctx); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to ensure base DNS records", zap.Error(err)) + } + } + // Get listen addresses for logging var listenAddrs []string if n.host != nil { @@ -147,13 +157,6 @@ func (n *Node) Stop() error { n.apiGateway.Close() } - // Stop SNI Gateway - if n.sniGateway != nil { - if err := n.sniGateway.Stop(); err != nil { - n.logger.ComponentWarn(logging.ComponentNode, "SNI Gateway stop error", zap.Error(err)) - } - } - // Stop cluster discovery if n.clusterDiscovery != nil { n.clusterDiscovery.Stop() diff --git a/pkg/node/rqlite.go b/pkg/node/rqlite.go index 8e5523d..359e235 100644 --- a/pkg/node/rqlite.go +++ b/pkg/node/rqlite.go @@ -5,8 +5,6 @@ import ( "fmt" database "github.com/DeBrosOfficial/network/pkg/rqlite" - "go.uber.org/zap" - "time" ) // startRQLite initializes and starts the RQLite database @@ -55,25 +53,6 @@ func (n *Node) startRQLite(ctx context.Context) error { n.logger.Info("Cluster discovery service started (waiting for RQLite)") } - // If node-to-node TLS is configured, wait for certificates to be provisioned - // This ensures RQLite can start with TLS when joining through the SNI gateway - if n.config.Database.NodeCert != "" && n.config.Database.NodeKey != "" && n.certReady != nil { - n.logger.Info("RQLite node TLS configured, waiting for certificates to be provisioned...", - zap.String("node_cert", n.config.Database.NodeCert), - zap.String("node_key", n.config.Database.NodeKey)) - - // Wait for certificate ready signal with timeout - certTimeout := 5 * time.Minute - select { - case <-n.certReady: - n.logger.Info("Certificates ready, proceeding with RQLite startup") - case <-time.After(certTimeout): - return fmt.Errorf("timeout waiting for TLS certificates after %v - ensure HTTPS is configured and ports 80/443 are accessible for ACME challenges", certTimeout) - case <-ctx.Done(): - return fmt.Errorf("context cancelled while waiting for certificates: %w", ctx.Err()) - } - } - // Start RQLite FIRST before updating metadata if err := n.rqliteManager.Start(ctx); err != nil { return err diff --git a/pkg/node/wireguard_sync.go b/pkg/node/wireguard_sync.go new file mode 100644 index 0000000..451b525 --- /dev/null +++ b/pkg/node/wireguard_sync.go @@ -0,0 +1,250 @@ +package node + +import ( + "context" + "encoding/json" + "fmt" + "net" + "net/http" + "os/exec" + "strings" + "time" + + "github.com/DeBrosOfficial/network/pkg/environments/production" + "github.com/DeBrosOfficial/network/pkg/logging" + "go.uber.org/zap" +) + +// syncWireGuardPeers reads all peers from RQLite and reconciles the local +// WireGuard interface so it matches the cluster state. This is called on +// startup after RQLite is ready and periodically thereafter. +func (n *Node) syncWireGuardPeers(ctx context.Context) error { + if n.rqliteAdapter == nil { + return fmt.Errorf("rqlite adapter not initialized") + } + + // Check if WireGuard is installed and active + if _, err := exec.LookPath("wg"); err != nil { + n.logger.ComponentInfo(logging.ComponentNode, "WireGuard not installed, skipping peer sync") + return nil + } + + // Check if wg0 interface exists + out, err := exec.CommandContext(ctx, "sudo", "wg", "show", "wg0").CombinedOutput() + if err != nil { + n.logger.ComponentInfo(logging.ComponentNode, "WireGuard interface wg0 not active, skipping peer sync") + return nil + } + + // Parse current peers from wg show output + currentPeers := parseWGShowPeers(string(out)) + localPubKey := parseWGShowLocalKey(string(out)) + + // Query all peers from RQLite + db := n.rqliteAdapter.GetSQLDB() + rows, err := db.QueryContext(ctx, + "SELECT node_id, wg_ip, public_key, public_ip, wg_port FROM wireguard_peers ORDER BY wg_ip") + if err != nil { + return fmt.Errorf("failed to query wireguard_peers: %w", err) + } + defer rows.Close() + + // Build desired peer set (excluding self) + desiredPeers := make(map[string]production.WireGuardPeer) + for rows.Next() { + var nodeID, wgIP, pubKey, pubIP string + var wgPort int + if err := rows.Scan(&nodeID, &wgIP, &pubKey, &pubIP, &wgPort); err != nil { + continue + } + if pubKey == localPubKey { + continue // skip self + } + if wgPort == 0 { + wgPort = 51820 + } + desiredPeers[pubKey] = production.WireGuardPeer{ + PublicKey: pubKey, + Endpoint: fmt.Sprintf("%s:%d", pubIP, wgPort), + AllowedIP: wgIP + "/32", + } + } + + wp := &production.WireGuardProvisioner{} + + // Add missing peers + for pubKey, peer := range desiredPeers { + if _, exists := currentPeers[pubKey]; !exists { + if err := wp.AddPeer(peer); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "failed to add WG peer", + zap.String("public_key", pubKey[:8]+"..."), + zap.Error(err)) + } else { + n.logger.ComponentInfo(logging.ComponentNode, "added WG peer", + zap.String("allowed_ip", peer.AllowedIP)) + } + } + } + + // Remove peers not in the desired set + for pubKey := range currentPeers { + if _, exists := desiredPeers[pubKey]; !exists { + if err := wp.RemovePeer(pubKey); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "failed to remove stale WG peer", + zap.String("public_key", pubKey[:8]+"..."), + zap.Error(err)) + } else { + n.logger.ComponentInfo(logging.ComponentNode, "removed stale WG peer", + zap.String("public_key", pubKey[:8]+"...")) + } + } + } + + n.logger.ComponentInfo(logging.ComponentNode, "WireGuard peer sync completed", + zap.Int("desired_peers", len(desiredPeers)), + zap.Int("current_peers", len(currentPeers))) + + return nil +} + +// ensureWireGuardSelfRegistered ensures this node's WireGuard info is in the +// wireguard_peers table. Without this, joining nodes get an empty peer list +// from the /v1/internal/join endpoint and can't establish WG tunnels. +func (n *Node) ensureWireGuardSelfRegistered(ctx context.Context) { + if n.rqliteAdapter == nil { + return + } + + // Check if wg0 is active + out, err := exec.CommandContext(ctx, "sudo", "wg", "show", "wg0").CombinedOutput() + if err != nil { + return // WG not active, nothing to register + } + + // Get local public key + localPubKey := parseWGShowLocalKey(string(out)) + if localPubKey == "" { + return + } + + // Get WG IP from interface + wgIP := "" + iface, err := net.InterfaceByName("wg0") + if err != nil { + return + } + addrs, err := iface.Addrs() + if err != nil { + return + } + for _, addr := range addrs { + if ipnet, ok := addr.(*net.IPNet); ok && ipnet.IP.To4() != nil { + wgIP = ipnet.IP.String() + break + } + } + if wgIP == "" { + return + } + + // Get public IP + publicIP, err := n.getNodeIPAddress() + if err != nil { + return + } + + nodeID := n.GetPeerID() + if nodeID == "" { + nodeID = fmt.Sprintf("node-%s", wgIP) + } + + // Query local IPFS peer ID + ipfsPeerID := queryLocalIPFSPeerID() + + db := n.rqliteAdapter.GetSQLDB() + _, err = db.ExecContext(ctx, + "INSERT OR REPLACE INTO wireguard_peers (node_id, wg_ip, public_key, public_ip, wg_port, ipfs_peer_id) VALUES (?, ?, ?, ?, ?, ?)", + nodeID, wgIP, localPubKey, publicIP, 51820, ipfsPeerID) + if err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "Failed to self-register WG peer", zap.Error(err)) + } else { + n.logger.ComponentInfo(logging.ComponentNode, "WireGuard self-registered", + zap.String("wg_ip", wgIP), + zap.String("public_key", localPubKey[:8]+"..."), + zap.String("ipfs_peer_id", ipfsPeerID)) + } +} + +// queryLocalIPFSPeerID queries the local IPFS daemon for its peer ID +func queryLocalIPFSPeerID() string { + client := &http.Client{Timeout: 5 * time.Second} + resp, err := client.Post("http://localhost:4501/api/v0/id", "", nil) + if err != nil { + return "" + } + defer resp.Body.Close() + + var result struct { + ID string `json:"ID"` + } + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + return "" + } + return result.ID +} + +// startWireGuardSyncLoop runs syncWireGuardPeers periodically +func (n *Node) startWireGuardSyncLoop(ctx context.Context) { + // Ensure this node is registered in wireguard_peers (critical for join flow) + n.ensureWireGuardSelfRegistered(ctx) + + // Run initial sync + if err := n.syncWireGuardPeers(ctx); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "initial WireGuard peer sync failed", zap.Error(err)) + } + + // Periodic sync every 60 seconds + go func() { + ticker := time.NewTicker(60 * time.Second) + defer ticker.Stop() + for { + select { + case <-ctx.Done(): + return + case <-ticker.C: + // Re-register self on every tick to pick up IPFS peer ID if it wasn't + // ready at startup (INSERT OR REPLACE is idempotent) + n.ensureWireGuardSelfRegistered(ctx) + if err := n.syncWireGuardPeers(ctx); err != nil { + n.logger.ComponentWarn(logging.ComponentNode, "WireGuard peer sync failed", zap.Error(err)) + } + } + } + }() +} + +// parseWGShowPeers extracts public keys of current peers from `wg show wg0` output +func parseWGShowPeers(output string) map[string]struct{} { + peers := make(map[string]struct{}) + for _, line := range strings.Split(output, "\n") { + line = strings.TrimSpace(line) + if strings.HasPrefix(line, "peer:") { + key := strings.TrimSpace(strings.TrimPrefix(line, "peer:")) + if key != "" { + peers[key] = struct{}{} + } + } + } + return peers +} + +// parseWGShowLocalKey extracts the local public key from `wg show wg0` output +func parseWGShowLocalKey(output string) string { + for _, line := range strings.Split(output, "\n") { + line = strings.TrimSpace(line) + if strings.HasPrefix(line, "public key:") { + return strings.TrimSpace(strings.TrimPrefix(line, "public key:")) + } + } + return "" +} diff --git a/pkg/olric/client.go b/pkg/olric/client.go index 1e63432..5492c5a 100644 --- a/pkg/olric/client.go +++ b/pkg/olric/client.go @@ -6,6 +6,7 @@ import ( "time" olriclib "github.com/olric-data/olric" + "github.com/olric-data/olric/config" "go.uber.org/zap" ) @@ -33,14 +34,23 @@ func NewClient(cfg Config, logger *zap.Logger) (*Client, error) { servers = []string{"localhost:3320"} } - client, err := olriclib.NewClusterClient(servers) - if err != nil { - return nil, fmt.Errorf("failed to create Olric cluster client: %w", err) - } - timeout := cfg.Timeout if timeout == 0 { - timeout = 10 * time.Second + timeout = 30 * time.Second // Increased default timeout for slow SCAN operations + } + + // Configure client with increased timeouts for slow operations + clientCfg := &config.Client{ + DialTimeout: 5 * time.Second, + ReadTimeout: timeout, // 30s default - enough for slow SCAN operations + WriteTimeout: timeout, + MaxRetries: 1, // Reduce retries to 1 to avoid excessive delays + Authentication: &config.Authentication{}, // Initialize to prevent nil pointer + } + + client, err := olriclib.NewClusterClient(servers, olriclib.WithConfig(clientCfg)) + if err != nil { + return nil, fmt.Errorf("failed to create Olric cluster client: %w", err) } return &Client{ diff --git a/pkg/olric/instance_spawner.go b/pkg/olric/instance_spawner.go new file mode 100644 index 0000000..fa02eda --- /dev/null +++ b/pkg/olric/instance_spawner.go @@ -0,0 +1,528 @@ +package olric + +import ( + "context" + "fmt" + "net" + "os" + "os/exec" + "path/filepath" + "strings" + "sync" + "time" + + "go.uber.org/zap" + "gopkg.in/yaml.v3" +) + +// InstanceNodeStatus represents the status of an instance (local type to avoid import cycle) +type InstanceNodeStatus string + +const ( + InstanceStatusPending InstanceNodeStatus = "pending" + InstanceStatusStarting InstanceNodeStatus = "starting" + InstanceStatusRunning InstanceNodeStatus = "running" + InstanceStatusStopped InstanceNodeStatus = "stopped" + InstanceStatusFailed InstanceNodeStatus = "failed" +) + +// InstanceError represents an error during instance operations (local type to avoid import cycle) +type InstanceError struct { + Message string + Cause error +} + +func (e *InstanceError) Error() string { + if e.Cause != nil { + return e.Message + ": " + e.Cause.Error() + } + return e.Message +} + +func (e *InstanceError) Unwrap() error { + return e.Cause +} + +// InstanceSpawner manages multiple Olric instances for namespace clusters. +// Each namespace gets its own Olric cluster with dedicated ports and memberlist. +type InstanceSpawner struct { + logger *zap.Logger + baseDir string // Base directory for all namespace data (e.g., ~/.orama/data/namespaces) + instances map[string]*OlricInstance + mu sync.RWMutex +} + +// OlricInstance represents a running Olric instance for a namespace +type OlricInstance struct { + Namespace string + NodeID string + HTTPPort int + MemberlistPort int + BindAddr string + AdvertiseAddr string + PeerAddresses []string // Memberlist peer addresses for cluster discovery + ConfigPath string + DataDir string + PID int + Status InstanceNodeStatus + StartedAt time.Time + LastHealthCheck time.Time + cmd *exec.Cmd + logFile *os.File // kept open for process lifetime + waitDone chan struct{} // closed when cmd.Wait() completes + logger *zap.Logger +} + +// InstanceConfig holds configuration for spawning an Olric instance +type InstanceConfig struct { + Namespace string // Namespace name (e.g., "alice") + NodeID string // Physical node ID + HTTPPort int // HTTP API port + MemberlistPort int // Memberlist gossip port + BindAddr string // Address to bind (e.g., "0.0.0.0") + AdvertiseAddr string // Address to advertise (e.g., "192.168.1.10") + PeerAddresses []string // Memberlist peer addresses for initial cluster join +} + +// OlricConfig represents the Olric YAML configuration structure +type OlricConfig struct { + Server OlricServerConfig `yaml:"server"` + Memberlist OlricMemberlistConfig `yaml:"memberlist"` + PartitionCount uint64 `yaml:"partitionCount"` // Number of partitions (default: 256, we use 12 for namespace isolation) +} + +// OlricServerConfig represents the server section of Olric config +type OlricServerConfig struct { + BindAddr string `yaml:"bindAddr"` + BindPort int `yaml:"bindPort"` +} + +// OlricMemberlistConfig represents the memberlist section of Olric config +type OlricMemberlistConfig struct { + Environment string `yaml:"environment"` + BindAddr string `yaml:"bindAddr"` + BindPort int `yaml:"bindPort"` + Peers []string `yaml:"peers,omitempty"` +} + +// NewInstanceSpawner creates a new Olric instance spawner +func NewInstanceSpawner(baseDir string, logger *zap.Logger) *InstanceSpawner { + return &InstanceSpawner{ + logger: logger.With(zap.String("component", "olric-instance-spawner")), + baseDir: baseDir, + instances: make(map[string]*OlricInstance), + } +} + +// instanceKey generates a unique key for an instance based on namespace and node +func instanceKey(namespace, nodeID string) string { + return fmt.Sprintf("%s:%s", namespace, nodeID) +} + +// SpawnInstance starts a new Olric instance for a namespace on a specific node. +// The process is decoupled from the caller's context — it runs independently until +// explicitly stopped. Only returns an error if the process fails to start or the +// memberlist port doesn't open within the timeout. +// Note: The memberlist port opening does NOT mean the cluster has formed — peers may +// still be joining. Use WaitForProcessRunning() after spawning all instances to verify. +func (is *InstanceSpawner) SpawnInstance(ctx context.Context, cfg InstanceConfig) (*OlricInstance, error) { + key := instanceKey(cfg.Namespace, cfg.NodeID) + + is.mu.Lock() + if existing, ok := is.instances[key]; ok { + if existing.Status == InstanceStatusRunning || existing.Status == InstanceStatusStarting { + is.mu.Unlock() + return existing, nil + } + // Remove stale instance + delete(is.instances, key) + } + is.mu.Unlock() + + // Create data and config directories + dataDir := filepath.Join(is.baseDir, cfg.Namespace, "olric", cfg.NodeID) + configDir := filepath.Join(is.baseDir, cfg.Namespace, "configs") + logsDir := filepath.Join(is.baseDir, cfg.Namespace, "logs") + + for _, dir := range []string{dataDir, configDir, logsDir} { + if err := os.MkdirAll(dir, 0755); err != nil { + return nil, &InstanceError{ + Message: fmt.Sprintf("failed to create directory %s", dir), + Cause: err, + } + } + } + + // Generate config file + configPath := filepath.Join(configDir, fmt.Sprintf("olric-%s.yaml", cfg.NodeID)) + if err := is.generateConfig(configPath, cfg); err != nil { + return nil, err + } + + instance := &OlricInstance{ + Namespace: cfg.Namespace, + NodeID: cfg.NodeID, + HTTPPort: cfg.HTTPPort, + MemberlistPort: cfg.MemberlistPort, + BindAddr: cfg.BindAddr, + AdvertiseAddr: cfg.AdvertiseAddr, + PeerAddresses: cfg.PeerAddresses, + ConfigPath: configPath, + DataDir: dataDir, + Status: InstanceStatusStarting, + waitDone: make(chan struct{}), + logger: is.logger.With(zap.String("namespace", cfg.Namespace), zap.String("node_id", cfg.NodeID)), + } + + instance.logger.Info("Starting Olric instance", + zap.Int("http_port", cfg.HTTPPort), + zap.Int("memberlist_port", cfg.MemberlistPort), + zap.Strings("peers", cfg.PeerAddresses), + ) + + // Use exec.Command (NOT exec.CommandContext) so the process is NOT killed + // when the HTTP request context or provisioning context is cancelled. + // The process lives until explicitly stopped via StopInstance(). + cmd := exec.Command("olric-server") + cmd.Env = append(os.Environ(), fmt.Sprintf("OLRIC_SERVER_CONFIG=%s", configPath)) + instance.cmd = cmd + + // Setup logging — keep the file open for the process lifetime + logPath := filepath.Join(logsDir, fmt.Sprintf("olric-%s.log", cfg.NodeID)) + logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) + if err != nil { + return nil, &InstanceError{ + Message: "failed to open log file", + Cause: err, + } + } + instance.logFile = logFile + + cmd.Stdout = logFile + cmd.Stderr = logFile + + // Start the process + if err := cmd.Start(); err != nil { + logFile.Close() + return nil, &InstanceError{ + Message: "failed to start Olric process", + Cause: err, + } + } + + instance.PID = cmd.Process.Pid + instance.StartedAt = time.Now() + + // Reap the child process in a background goroutine to prevent zombies. + // This goroutine closes the log file and signals via waitDone when the process exits. + go func() { + _ = cmd.Wait() + logFile.Close() + close(instance.waitDone) + }() + + // Store instance + is.mu.Lock() + is.instances[key] = instance + is.mu.Unlock() + + // Wait for the memberlist port to accept TCP connections. + // This confirms the process started and Olric initialized its network layer. + // It does NOT guarantee peers have joined — that happens asynchronously. + if err := is.waitForPortReady(ctx, instance); err != nil { + // Kill the process on failure + if cmd.Process != nil { + _ = cmd.Process.Kill() + } + is.mu.Lock() + delete(is.instances, key) + is.mu.Unlock() + return nil, &InstanceError{ + Message: "Olric instance did not become ready", + Cause: err, + } + } + + instance.Status = InstanceStatusRunning + instance.LastHealthCheck = time.Now() + + instance.logger.Info("Olric instance started successfully", + zap.Int("pid", instance.PID), + ) + + // Start background process monitor + go is.monitorInstance(instance) + + return instance, nil +} + +// generateConfig generates the Olric YAML configuration file +func (is *InstanceSpawner) generateConfig(configPath string, cfg InstanceConfig) error { + // Use "lan" environment for namespace clusters (low latency expected) + olricCfg := OlricConfig{ + Server: OlricServerConfig{ + BindAddr: cfg.BindAddr, + BindPort: cfg.HTTPPort, + }, + Memberlist: OlricMemberlistConfig{ + Environment: "lan", + BindAddr: cfg.BindAddr, + BindPort: cfg.MemberlistPort, + Peers: cfg.PeerAddresses, + }, + // Use 12 partitions for namespace Olric instances (vs 256 default) + // This gives perfect distribution for 2-6 nodes and 20x faster scans + // 12 partitions × 2 (primary+replica) = 24 network calls (~0.6s vs 12s) + PartitionCount: 12, + } + + data, err := yaml.Marshal(olricCfg) + if err != nil { + return &InstanceError{ + Message: "failed to marshal Olric config", + Cause: err, + } + } + + if err := os.WriteFile(configPath, data, 0644); err != nil { + return &InstanceError{ + Message: "failed to write Olric config", + Cause: err, + } + } + + return nil +} + +// StopInstance stops an Olric instance for a namespace on a specific node +func (is *InstanceSpawner) StopInstance(ctx context.Context, ns, nodeID string) error { + key := instanceKey(ns, nodeID) + + is.mu.Lock() + instance, ok := is.instances[key] + if !ok { + is.mu.Unlock() + return nil // Already stopped + } + delete(is.instances, key) + is.mu.Unlock() + + if instance.cmd != nil && instance.cmd.Process != nil { + instance.logger.Info("Stopping Olric instance", zap.Int("pid", instance.PID)) + + // Send SIGTERM for graceful shutdown + if err := instance.cmd.Process.Signal(os.Interrupt); err != nil { + // If SIGTERM fails, kill it + _ = instance.cmd.Process.Kill() + } + + // Wait for process to exit via the reaper goroutine + select { + case <-instance.waitDone: + instance.logger.Info("Olric instance stopped gracefully") + case <-time.After(10 * time.Second): + instance.logger.Warn("Olric instance did not stop gracefully, killing") + _ = instance.cmd.Process.Kill() + <-instance.waitDone // wait for reaper to finish + case <-ctx.Done(): + _ = instance.cmd.Process.Kill() + <-instance.waitDone + return ctx.Err() + } + } + + instance.Status = InstanceStatusStopped + return nil +} + +// StopAllInstances stops all Olric instances for a namespace +func (is *InstanceSpawner) StopAllInstances(ctx context.Context, ns string) error { + is.mu.RLock() + var keys []string + for key, inst := range is.instances { + if inst.Namespace == ns { + keys = append(keys, key) + } + } + is.mu.RUnlock() + + var lastErr error + for _, key := range keys { + parts := strings.SplitN(key, ":", 2) + if len(parts) == 2 { + if err := is.StopInstance(ctx, parts[0], parts[1]); err != nil { + lastErr = err + } + } + } + return lastErr +} + +// GetInstance returns the instance for a namespace on a specific node +func (is *InstanceSpawner) GetInstance(ns, nodeID string) (*OlricInstance, bool) { + is.mu.RLock() + defer is.mu.RUnlock() + + instance, ok := is.instances[instanceKey(ns, nodeID)] + return instance, ok +} + +// GetNamespaceInstances returns all instances for a namespace +func (is *InstanceSpawner) GetNamespaceInstances(ns string) []*OlricInstance { + is.mu.RLock() + defer is.mu.RUnlock() + + var instances []*OlricInstance + for _, inst := range is.instances { + if inst.Namespace == ns { + instances = append(instances, inst) + } + } + return instances +} + +// HealthCheck checks if an instance is healthy +func (is *InstanceSpawner) HealthCheck(ctx context.Context, ns, nodeID string) (bool, error) { + instance, ok := is.GetInstance(ns, nodeID) + if !ok { + return false, &InstanceError{Message: "instance not found"} + } + + healthy, err := instance.IsHealthy(ctx) + if healthy { + is.mu.Lock() + instance.LastHealthCheck = time.Now() + is.mu.Unlock() + } + return healthy, err +} + +// waitForPortReady waits for the Olric memberlist port to accept TCP connections. +// This is a lightweight check — it confirms the process started but does NOT +// guarantee that peers have joined the cluster. +func (is *InstanceSpawner) waitForPortReady(ctx context.Context, instance *OlricInstance) error { + // Use BindAddr for the health check — this is the address the process actually listens on. + // AdvertiseAddr may differ from BindAddr (e.g., 0.0.0.0 resolves to IPv6 on some hosts). + checkAddr := instance.BindAddr + if checkAddr == "" || checkAddr == "0.0.0.0" { + checkAddr = "localhost" + } + addr := fmt.Sprintf("%s:%d", checkAddr, instance.MemberlistPort) + + maxAttempts := 30 + for i := 0; i < maxAttempts; i++ { + select { + case <-ctx.Done(): + return ctx.Err() + case <-instance.waitDone: + // Process exited before becoming ready + return fmt.Errorf("Olric process exited unexpectedly (pid %d)", instance.PID) + case <-time.After(1 * time.Second): + } + + conn, err := net.DialTimeout("tcp", addr, 2*time.Second) + if err != nil { + instance.logger.Debug("Waiting for Olric memberlist", + zap.Int("attempt", i+1), + zap.String("addr", addr), + zap.Error(err), + ) + continue + } + conn.Close() + + instance.logger.Debug("Olric memberlist port ready", + zap.Int("attempts", i+1), + zap.String("addr", addr), + ) + return nil + } + + return fmt.Errorf("Olric did not become ready within timeout") +} + +// monitorInstance monitors an instance and updates its status +func (is *InstanceSpawner) monitorInstance(instance *OlricInstance) { + ticker := time.NewTicker(30 * time.Second) + defer ticker.Stop() + + for { + select { + case <-instance.waitDone: + // Process exited — update status and stop monitoring + is.mu.Lock() + key := instanceKey(instance.Namespace, instance.NodeID) + if _, exists := is.instances[key]; exists { + instance.Status = InstanceStatusStopped + instance.logger.Warn("Olric instance process exited unexpectedly") + } + is.mu.Unlock() + return + case <-ticker.C: + } + + is.mu.RLock() + key := instanceKey(instance.Namespace, instance.NodeID) + _, exists := is.instances[key] + is.mu.RUnlock() + + if !exists { + return + } + + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + healthy, _ := instance.IsHealthy(ctx) + cancel() + + is.mu.Lock() + if healthy { + instance.Status = InstanceStatusRunning + instance.LastHealthCheck = time.Now() + } else { + instance.Status = InstanceStatusFailed + instance.logger.Warn("Olric instance health check failed") + } + is.mu.Unlock() + } +} + +// IsHealthy checks if the Olric instance is healthy by verifying the memberlist port is accepting connections +func (oi *OlricInstance) IsHealthy(ctx context.Context) (bool, error) { + // Check if process has exited first + select { + case <-oi.waitDone: + return false, fmt.Errorf("process has exited") + default: + } + + addr := fmt.Sprintf("%s:%d", oi.AdvertiseAddr, oi.MemberlistPort) + if oi.AdvertiseAddr == "" || oi.AdvertiseAddr == "0.0.0.0" { + addr = fmt.Sprintf("localhost:%d", oi.MemberlistPort) + } + + conn, err := net.DialTimeout("tcp", addr, 2*time.Second) + if err != nil { + return false, err + } + conn.Close() + return true, nil +} + +// DSN returns the connection address for this Olric instance. +// Uses the bind address if set (e.g. WireGuard IP), since Olric may not listen on localhost. +func (oi *OlricInstance) DSN() string { + if oi.BindAddr != "" { + return fmt.Sprintf("%s:%d", oi.BindAddr, oi.HTTPPort) + } + return fmt.Sprintf("localhost:%d", oi.HTTPPort) +} + +// AdvertisedDSN returns the advertised connection address +func (oi *OlricInstance) AdvertisedDSN() string { + return fmt.Sprintf("%s:%d", oi.AdvertiseAddr, oi.HTTPPort) +} + +// MemberlistAddress returns the memberlist address for cluster communication +func (oi *OlricInstance) MemberlistAddress() string { + return fmt.Sprintf("%s:%d", oi.AdvertiseAddr, oi.MemberlistPort) +} diff --git a/pkg/rqlite/adapter.go b/pkg/rqlite/adapter.go index ec456d3..3a23ba8 100644 --- a/pkg/rqlite/adapter.go +++ b/pkg/rqlite/adapter.go @@ -17,16 +17,17 @@ type RQLiteAdapter struct { // NewRQLiteAdapter creates a new adapter that provides sql.DB interface for RQLite func NewRQLiteAdapter(manager *RQLiteManager) (*RQLiteAdapter, error) { // Use the gorqlite database/sql driver - db, err := sql.Open("rqlite", fmt.Sprintf("http://localhost:%d", manager.config.RQLitePort)) + db, err := sql.Open("rqlite", fmt.Sprintf("http://localhost:%d?disableClusterDiscovery=true&level=none", manager.config.RQLitePort)) if err != nil { return nil, fmt.Errorf("failed to open RQLite SQL connection: %w", err) } // Configure connection pool with proper timeouts and limits - db.SetMaxOpenConns(25) // Maximum number of open connections - db.SetMaxIdleConns(5) // Maximum number of idle connections - db.SetConnMaxLifetime(5 * time.Minute) // Maximum lifetime of a connection - db.SetConnMaxIdleTime(2 * time.Minute) // Maximum idle time before closing + // Optimized for concurrent operations and fast bad connection eviction + db.SetMaxOpenConns(100) // Allow more concurrent connections to prevent queuing + db.SetMaxIdleConns(10) // Keep fewer idle connections to force fresh reconnects + db.SetConnMaxLifetime(30 * time.Second) // Short lifetime ensures bad connections die quickly + db.SetConnMaxIdleTime(10 * time.Second) // Kill idle connections quickly to prevent stale state return &RQLiteAdapter{ manager: manager, diff --git a/pkg/rqlite/cluster.go b/pkg/rqlite/cluster.go index 4b3b172..61228fc 100644 --- a/pkg/rqlite/cluster.go +++ b/pkg/rqlite/cluster.go @@ -9,6 +9,8 @@ import ( "path/filepath" "strings" "time" + + "go.uber.org/zap" ) // establishLeadershipOrJoin handles post-startup cluster establishment @@ -38,6 +40,13 @@ func (r *RQLiteManager) waitForMinClusterSizeBeforeStart(ctx context.Context, rq } requiredRemotePeers := r.config.MinClusterSize - 1 + + // Genesis node (single-node cluster) doesn't need to wait for peers + if requiredRemotePeers <= 0 { + r.logger.Info("Genesis node, skipping peer discovery wait") + return nil + } + _ = r.discoveryService.TriggerPeerExchange(ctx) checkInterval := 2 * time.Second @@ -88,7 +97,9 @@ func (r *RQLiteManager) performPreStartClusterDiscovery(ctx context.Context, rql r.discoveryService.TriggerSync() time.Sleep(2 * time.Second) - discoveryDeadline := time.Now().Add(30 * time.Second) + // Wait up to 2 minutes for peer discovery - LibP2P DHT can take 60+ seconds + // to re-establish connections after simultaneous restart + discoveryDeadline := time.Now().Add(2 * time.Minute) var discoveredPeers int for time.Now().Before(discoveryDeadline) { @@ -96,12 +107,23 @@ func (r *RQLiteManager) performPreStartClusterDiscovery(ctx context.Context, rql discoveredPeers = len(allPeers) if discoveredPeers >= r.config.MinClusterSize { + r.logger.Info("Discovered required peers for cluster", + zap.Int("discovered", discoveredPeers), + zap.Int("required", r.config.MinClusterSize)) break } time.Sleep(2 * time.Second) } + // Even if we only discovered ourselves, write peers.json as a fallback + // This ensures RQLite has consistent state and can potentially recover + // when other nodes come online if discoveredPeers <= 1 { + r.logger.Warn("Only discovered self during pre-start discovery, writing single-node peers.json as fallback", + zap.Int("discovered_peers", discoveredPeers), + zap.Int("min_cluster_size", r.config.MinClusterSize)) + // Still write peers.json with just ourselves - better than nothing + _ = r.discoveryService.ForceWritePeersJSON() return nil } diff --git a/pkg/rqlite/cluster_discovery.go b/pkg/rqlite/cluster_discovery.go index 72d3da3..d411a5b 100644 --- a/pkg/rqlite/cluster_discovery.go +++ b/pkg/rqlite/cluster_discovery.go @@ -119,6 +119,14 @@ func (c *ClusterDiscoveryService) Stop() { c.logger.Info("Cluster discovery service stopped") } +// IsVoter returns true if the given raft address should be a voter +// in the default cluster based on the current known peers. +func (c *ClusterDiscoveryService) IsVoter(raftAddress string) bool { + c.mu.RLock() + defer c.mu.RUnlock() + return c.IsVoterLocked(raftAddress) +} + // periodicSync runs periodic cluster membership synchronization func (c *ClusterDiscoveryService) periodicSync(ctx context.Context) { c.logger.Debug("periodicSync goroutine started, waiting for RQLite readiness") diff --git a/pkg/rqlite/cluster_discovery_membership.go b/pkg/rqlite/cluster_discovery_membership.go index 55065f3..7f2ff83 100644 --- a/pkg/rqlite/cluster_discovery_membership.go +++ b/pkg/rqlite/cluster_discovery_membership.go @@ -3,8 +3,10 @@ package rqlite import ( "encoding/json" "fmt" + "net" "os" "path/filepath" + "sort" "strings" "time" @@ -12,6 +14,12 @@ import ( "go.uber.org/zap" ) +// MaxDefaultVoters is the maximum number of voter nodes in the default cluster. +// Additional nodes join as non-voters (read replicas). Voter election is +// deterministic: all peers sorted by the IP component of their raft address, +// and the first MaxDefaultVoters are voters. +const MaxDefaultVoters = 5 + // collectPeerMetadata collects RQLite metadata from LibP2P peers func (c *ClusterDiscoveryService) collectPeerMetadata() []*discovery.RQLiteNodeMetadata { connectedPeers := c.host.Network().Peers() @@ -240,13 +248,22 @@ func (c *ClusterDiscoveryService) getPeersJSON() []map[string]interface{} { } func (c *ClusterDiscoveryService) getPeersJSONUnlocked() []map[string]interface{} { - peers := make([]map[string]interface{}, 0, len(c.knownPeers)) - + // Collect all raft addresses + raftAddrs := make([]string, 0, len(c.knownPeers)) for _, peer := range c.knownPeers { + raftAddrs = append(raftAddrs, peer.RaftAddress) + } + + // Determine voter set + voterSet := computeVoterSet(raftAddrs, MaxDefaultVoters) + + peers := make([]map[string]interface{}, 0, len(c.knownPeers)) + for _, peer := range c.knownPeers { + _, isVoter := voterSet[peer.RaftAddress] peerEntry := map[string]interface{}{ "id": peer.RaftAddress, "address": peer.RaftAddress, - "non_voter": false, + "non_voter": !isVoter, } peers = append(peers, peerEntry) } @@ -254,6 +271,55 @@ func (c *ClusterDiscoveryService) getPeersJSONUnlocked() []map[string]interface{ return peers } +// computeVoterSet returns the set of raft addresses that should be voters. +// It sorts addresses by their IP component and selects the first maxVoters. +// This is deterministic — all nodes compute the same voter set from the same peer list. +func computeVoterSet(raftAddrs []string, maxVoters int) map[string]struct{} { + sorted := make([]string, len(raftAddrs)) + copy(sorted, raftAddrs) + + sort.Slice(sorted, func(i, j int) bool { + ipI := extractIPForSort(sorted[i]) + ipJ := extractIPForSort(sorted[j]) + return ipI < ipJ + }) + + voters := make(map[string]struct{}) + for i, addr := range sorted { + if i >= maxVoters { + break + } + voters[addr] = struct{}{} + } + return voters +} + +// extractIPForSort extracts the IP string from a raft address (host:port) for sorting. +func extractIPForSort(raftAddr string) string { + host, _, err := net.SplitHostPort(raftAddr) + if err != nil { + return raftAddr + } + return host +} + +// IsVoter returns true if the given raft address is in the voter set +// based on the current known peers. Must be called with c.mu held. +func (c *ClusterDiscoveryService) IsVoterLocked(raftAddress string) bool { + // If we don't know enough peers yet, default to voter. + // Non-voter demotion only kicks in once we see more than MaxDefaultVoters peers. + if len(c.knownPeers) <= MaxDefaultVoters { + return true + } + raftAddrs := make([]string, 0, len(c.knownPeers)) + for _, peer := range c.knownPeers { + raftAddrs = append(raftAddrs, peer.RaftAddress) + } + voterSet := computeVoterSet(raftAddrs, MaxDefaultVoters) + _, isVoter := voterSet[raftAddress] + return isVoter +} + func (c *ClusterDiscoveryService) writePeersJSON() error { c.mu.RLock() peers := c.getPeersJSONUnlocked() diff --git a/pkg/rqlite/gateway.go b/pkg/rqlite/gateway.go index d1179a3..f1734f3 100644 --- a/pkg/rqlite/gateway.go +++ b/pkg/rqlite/gateway.go @@ -449,39 +449,37 @@ func (g *HTTPGateway) handleTransaction(w http.ResponseWriter, r *http.Request) defer cancel() results := make([]any, 0, len(body.Ops)) - err := g.Client.Tx(ctx, func(tx Tx) error { - for _, op := range body.Ops { - switch strings.ToLower(strings.TrimSpace(op.Kind)) { - case "exec": - res, err := tx.Exec(ctx, op.SQL, normalizeArgs(op.Args)...) - if err != nil { - return err - } - if body.ReturnResults { - li, _ := res.LastInsertId() - ra, _ := res.RowsAffected() - results = append(results, map[string]any{ - "rows_affected": ra, - "last_insert_id": li, - }) - } - case "query": - var rows []map[string]any - if err := tx.Query(ctx, &rows, op.SQL, normalizeArgs(op.Args)...); err != nil { - return err - } - if body.ReturnResults { - results = append(results, rows) - } - default: - return fmt.Errorf("invalid op kind: %s", op.Kind) + // Note: RQLite transactions don't work as expected (Begin/Commit are no-ops) + // Executing queries directly instead of wrapping in Tx() + for _, op := range body.Ops { + switch strings.ToLower(strings.TrimSpace(op.Kind)) { + case "exec": + res, err := g.Client.Exec(ctx, op.SQL, normalizeArgs(op.Args)...) + if err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return } + if body.ReturnResults { + li, _ := res.LastInsertId() + ra, _ := res.RowsAffected() + results = append(results, map[string]any{ + "rows_affected": ra, + "last_insert_id": li, + }) + } + case "query": + var rows []map[string]any + if err := g.Client.Query(ctx, &rows, op.SQL, normalizeArgs(op.Args)...); err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + if body.ReturnResults { + results = append(results, rows) + } + default: + writeError(w, http.StatusBadRequest, fmt.Sprintf("invalid op kind: %s", op.Kind)) + return } - return nil - }) - if err != nil { - writeError(w, http.StatusInternalServerError, err.Error()) - return } if body.ReturnResults { writeJSON(w, http.StatusOK, map[string]any{ diff --git a/pkg/rqlite/instance_spawner.go b/pkg/rqlite/instance_spawner.go new file mode 100644 index 0000000..f34348e --- /dev/null +++ b/pkg/rqlite/instance_spawner.go @@ -0,0 +1,298 @@ +package rqlite + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "os" + "os/exec" + "path/filepath" + "time" + + "go.uber.org/zap" +) + +// RaftPeer represents a peer entry in RQLite's peers.json recovery file +type RaftPeer struct { + ID string `json:"id"` + Address string `json:"address"` + NonVoter bool `json:"non_voter"` +} + +// InstanceConfig contains configuration for spawning a RQLite instance +type InstanceConfig struct { + Namespace string // Namespace this instance belongs to + NodeID string // Node ID where this instance runs + HTTPPort int // HTTP API port + RaftPort int // Raft consensus port + HTTPAdvAddress string // Advertised HTTP address (e.g., "192.168.1.1:10000") + RaftAdvAddress string // Advertised Raft address (e.g., "192.168.1.1:10001") + JoinAddresses []string // Addresses to join (e.g., ["192.168.1.2:10001"]) + DataDir string // Data directory for this instance + IsLeader bool // Whether this is the first node (creates cluster) +} + +// Instance represents a running RQLite instance +type Instance struct { + Config InstanceConfig + Process *os.Process + PID int +} + +// InstanceSpawner manages RQLite instance lifecycle for namespaces +type InstanceSpawner struct { + baseDataDir string // Base directory for namespace data (e.g., ~/.orama/data/namespaces) + rqlitePath string // Path to rqlited binary + logger *zap.Logger +} + +// NewInstanceSpawner creates a new RQLite instance spawner +func NewInstanceSpawner(baseDataDir string, logger *zap.Logger) *InstanceSpawner { + // Find rqlited binary + rqlitePath := "rqlited" // Will use PATH + if path, err := exec.LookPath("rqlited"); err == nil { + rqlitePath = path + } + + return &InstanceSpawner{ + baseDataDir: baseDataDir, + rqlitePath: rqlitePath, + logger: logger, + } +} + +// SpawnInstance starts a new RQLite instance with the given configuration +func (is *InstanceSpawner) SpawnInstance(ctx context.Context, cfg InstanceConfig) (*Instance, error) { + // Create data directory + dataDir := cfg.DataDir + if dataDir == "" { + dataDir = filepath.Join(is.baseDataDir, cfg.Namespace, "rqlite", cfg.NodeID) + } + + if err := os.MkdirAll(dataDir, 0755); err != nil { + return nil, fmt.Errorf("failed to create data directory: %w", err) + } + + // Build command arguments + // Note: All flags must come BEFORE the data directory argument + args := []string{ + "-http-addr", fmt.Sprintf("0.0.0.0:%d", cfg.HTTPPort), + "-raft-addr", fmt.Sprintf("0.0.0.0:%d", cfg.RaftPort), + "-http-adv-addr", cfg.HTTPAdvAddress, + "-raft-adv-addr", cfg.RaftAdvAddress, + } + + // Add join addresses if not the leader (must be before data directory) + if !cfg.IsLeader && len(cfg.JoinAddresses) > 0 { + for _, addr := range cfg.JoinAddresses { + args = append(args, "-join", addr) + } + // Retry joining for up to 5 minutes (default is 5 attempts / 3s = 15s which is too short + // when all namespace nodes restart simultaneously and the leader isn't ready yet) + args = append(args, "-join-attempts", "30", "-join-interval", "10s") + } + + // Data directory must be the last argument + args = append(args, dataDir) + + is.logger.Info("Spawning RQLite instance", + zap.String("namespace", cfg.Namespace), + zap.String("node_id", cfg.NodeID), + zap.Int("http_port", cfg.HTTPPort), + zap.Int("raft_port", cfg.RaftPort), + zap.Bool("is_leader", cfg.IsLeader), + zap.Strings("join_addresses", cfg.JoinAddresses), + ) + + // Start the process + cmd := exec.CommandContext(ctx, is.rqlitePath, args...) + cmd.Dir = dataDir + + // Log output + logFile, err := os.OpenFile( + filepath.Join(dataDir, "rqlite.log"), + os.O_CREATE|os.O_WRONLY|os.O_APPEND, + 0644, + ) + if err == nil { + cmd.Stdout = logFile + cmd.Stderr = logFile + } + + if err := cmd.Start(); err != nil { + return nil, fmt.Errorf("failed to start rqlited: %w", err) + } + + instance := &Instance{ + Config: cfg, + Process: cmd.Process, + PID: cmd.Process.Pid, + } + + // Wait for the instance to be ready + if err := is.waitForReady(ctx, cfg.HTTPPort); err != nil { + // Kill the process if it didn't start properly + cmd.Process.Kill() + return nil, fmt.Errorf("instance failed to become ready: %w", err) + } + + is.logger.Info("RQLite instance started successfully", + zap.String("namespace", cfg.Namespace), + zap.Int("pid", instance.PID), + ) + + return instance, nil +} + +// waitForReady waits for the RQLite instance to be ready to accept connections +func (is *InstanceSpawner) waitForReady(ctx context.Context, httpPort int) error { + url := fmt.Sprintf("http://localhost:%d/status", httpPort) + client := &http.Client{Timeout: 2 * time.Second} + + // 6 minutes: must exceed the join retry window (30 attempts * 10s = 5min) + // so we don't kill followers that are still waiting for the leader + deadline := time.Now().Add(6 * time.Minute) + for time.Now().Before(deadline) { + select { + case <-ctx.Done(): + return ctx.Err() + default: + } + + resp, err := client.Get(url) + if err == nil { + resp.Body.Close() + if resp.StatusCode == http.StatusOK { + return nil + } + } + + time.Sleep(500 * time.Millisecond) + } + + return fmt.Errorf("timeout waiting for RQLite to be ready on port %d", httpPort) +} + +// StopInstance stops a running RQLite instance +func (is *InstanceSpawner) StopInstance(ctx context.Context, instance *Instance) error { + if instance == nil || instance.Process == nil { + return nil + } + + is.logger.Info("Stopping RQLite instance", + zap.String("namespace", instance.Config.Namespace), + zap.Int("pid", instance.PID), + ) + + // Send SIGTERM for graceful shutdown + if err := instance.Process.Signal(os.Interrupt); err != nil { + // If SIGTERM fails, try SIGKILL + if err := instance.Process.Kill(); err != nil { + return fmt.Errorf("failed to kill process: %w", err) + } + } + + // Wait for process to exit + done := make(chan error, 1) + go func() { + _, err := instance.Process.Wait() + done <- err + }() + + select { + case <-ctx.Done(): + instance.Process.Kill() + return ctx.Err() + case err := <-done: + if err != nil { + is.logger.Warn("Process exited with error", zap.Error(err)) + } + case <-time.After(10 * time.Second): + instance.Process.Kill() + } + + is.logger.Info("RQLite instance stopped", + zap.String("namespace", instance.Config.Namespace), + ) + + return nil +} + +// StopInstanceByPID stops a RQLite instance by its PID +func (is *InstanceSpawner) StopInstanceByPID(pid int) error { + process, err := os.FindProcess(pid) + if err != nil { + return fmt.Errorf("process not found: %w", err) + } + + // Send SIGTERM + if err := process.Signal(os.Interrupt); err != nil { + // Try SIGKILL + if err := process.Kill(); err != nil { + return fmt.Errorf("failed to kill process: %w", err) + } + } + + return nil +} + +// IsInstanceRunning checks if a RQLite instance is running +func (is *InstanceSpawner) IsInstanceRunning(httpPort int) bool { + url := fmt.Sprintf("http://localhost:%d/status", httpPort) + client := &http.Client{Timeout: 2 * time.Second} + + resp, err := client.Get(url) + if err != nil { + return false + } + resp.Body.Close() + return resp.StatusCode == http.StatusOK +} + +// HasExistingData checks if a RQLite instance has existing data (raft.db indicates prior startup) +func (is *InstanceSpawner) HasExistingData(namespace, nodeID string) bool { + dataDir := is.GetDataDir(namespace, nodeID) + if _, err := os.Stat(filepath.Join(dataDir, "raft.db")); err == nil { + return true + } + return false +} + +// WritePeersJSON writes a peers.json recovery file into the Raft directory. +// This is RQLite's official mechanism for recovering a cluster when all nodes are down. +// On startup, rqlited reads this file, overwrites the Raft peer configuration, +// and renames it to peers.info after recovery. +func (is *InstanceSpawner) WritePeersJSON(dataDir string, peers []RaftPeer) error { + raftDir := filepath.Join(dataDir, "raft") + if err := os.MkdirAll(raftDir, 0755); err != nil { + return fmt.Errorf("failed to create raft directory: %w", err) + } + + data, err := json.MarshalIndent(peers, "", " ") + if err != nil { + return fmt.Errorf("failed to marshal peers.json: %w", err) + } + + peersPath := filepath.Join(raftDir, "peers.json") + if err := os.WriteFile(peersPath, data, 0644); err != nil { + return fmt.Errorf("failed to write peers.json: %w", err) + } + + is.logger.Info("Wrote peers.json for cluster recovery", + zap.String("path", peersPath), + zap.Int("peer_count", len(peers)), + ) + return nil +} + +// GetDataDir returns the data directory path for a namespace RQLite instance +func (is *InstanceSpawner) GetDataDir(namespace, nodeID string) string { + return filepath.Join(is.baseDataDir, namespace, "rqlite", nodeID) +} + +// CleanupDataDir removes the data directory for a namespace RQLite instance +func (is *InstanceSpawner) CleanupDataDir(namespace, nodeID string) error { + dataDir := is.GetDataDir(namespace, nodeID) + return os.RemoveAll(dataDir) +} diff --git a/pkg/rqlite/migrations.go b/pkg/rqlite/migrations.go index 60efc9b..e817960 100644 --- a/pkg/rqlite/migrations.go +++ b/pkg/rqlite/migrations.go @@ -119,7 +119,7 @@ func ApplyMigrationsDirs(ctx context.Context, db *sql.DB, dirs []string, logger // ApplyMigrationsFromManager is a convenience helper bound to RQLiteManager. func (r *RQLiteManager) ApplyMigrations(ctx context.Context, dir string) error { - db, err := sql.Open("rqlite", fmt.Sprintf("http://localhost:%d", r.config.RQLitePort)) + db, err := sql.Open("rqlite", fmt.Sprintf("http://localhost:%d?disableClusterDiscovery=true", r.config.RQLitePort)) if err != nil { return fmt.Errorf("open rqlite db: %w", err) } @@ -130,7 +130,7 @@ func (r *RQLiteManager) ApplyMigrations(ctx context.Context, dir string) error { // ApplyMigrationsDirs is the multi-dir variant on RQLiteManager. func (r *RQLiteManager) ApplyMigrationsDirs(ctx context.Context, dirs []string) error { - db, err := sql.Open("rqlite", fmt.Sprintf("http://localhost:%d", r.config.RQLitePort)) + db, err := sql.Open("rqlite", fmt.Sprintf("http://localhost:%d?disableClusterDiscovery=true", r.config.RQLitePort)) if err != nil { return fmt.Errorf("open rqlite db: %w", err) } @@ -422,21 +422,93 @@ func splitSQLStatements(in string) []string { return out } -// Optional helper to load embedded migrations if you later decide to embed. -// Keep for future use; currently unused. -func readDirFS(fsys fs.FS, root string) ([]string, error) { - var files []string - err := fs.WalkDir(fsys, root, func(path string, d fs.DirEntry, err error) error { - if err != nil { - return err - } - if d.IsDir() { - return nil - } - if strings.HasSuffix(strings.ToLower(d.Name()), ".sql") { - files = append(files, path) - } +// ApplyEmbeddedMigrations applies migrations from an embedded filesystem. +// This is the preferred method as it doesn't depend on filesystem paths. +func ApplyEmbeddedMigrations(ctx context.Context, db *sql.DB, fsys fs.FS, logger *zap.Logger) error { + if logger == nil { + logger = zap.NewNop() + } + + if err := ensureMigrationsTable(ctx, db); err != nil { + return fmt.Errorf("ensure schema_migrations: %w", err) + } + + files, err := readMigrationFilesFromFS(fsys) + if err != nil { + return fmt.Errorf("read embedded migration files: %w", err) + } + if len(files) == 0 { + logger.Info("No embedded migrations found") return nil - }) - return files, err + } + + applied, err := loadAppliedVersions(ctx, db) + if err != nil { + return fmt.Errorf("load applied versions: %w", err) + } + + for _, mf := range files { + if applied[mf.Version] { + logger.Debug("Migration already applied; skipping", zap.Int("version", mf.Version), zap.String("name", mf.Name)) + continue + } + + sqlBytes, err := fs.ReadFile(fsys, mf.Path) + if err != nil { + return fmt.Errorf("read embedded migration %s: %w", mf.Path, err) + } + + logger.Info("Applying migration", zap.Int("version", mf.Version), zap.String("name", mf.Name)) + if err := applySQL(ctx, db, string(sqlBytes)); err != nil { + return fmt.Errorf("apply migration %d (%s): %w", mf.Version, mf.Name, err) + } + + if _, err := db.ExecContext(ctx, `INSERT OR IGNORE INTO schema_migrations(version) VALUES (?)`, mf.Version); err != nil { + return fmt.Errorf("record migration %d: %w", mf.Version, err) + } + logger.Info("Migration applied", zap.Int("version", mf.Version), zap.String("name", mf.Name)) + } + + return nil +} + +// ApplyEmbeddedMigrations is a convenience helper bound to RQLiteManager. +func (r *RQLiteManager) ApplyEmbeddedMigrations(ctx context.Context, fsys fs.FS) error { + db, err := sql.Open("rqlite", fmt.Sprintf("http://localhost:%d?disableClusterDiscovery=true", r.config.RQLitePort)) + if err != nil { + return fmt.Errorf("open rqlite db: %w", err) + } + defer db.Close() + + return ApplyEmbeddedMigrations(ctx, db, fsys, r.logger) +} + +// readMigrationFilesFromFS reads migration files from an embedded filesystem. +func readMigrationFilesFromFS(fsys fs.FS) ([]migrationFile, error) { + entries, err := fs.ReadDir(fsys, ".") + if err != nil { + return nil, err + } + + var out []migrationFile + for _, e := range entries { + if e.IsDir() { + continue + } + name := e.Name() + if !strings.HasSuffix(strings.ToLower(name), ".sql") { + continue + } + ver, ok := parseVersionPrefix(name) + if !ok { + continue + } + out = append(out, migrationFile{ + Version: ver, + Name: name, + Path: name, // In embedded FS, path is just the filename + }) + } + sort.Slice(out, func(i, j int) bool { return out[i].Version < out[j].Version }) + return out, nil } diff --git a/pkg/rqlite/process.go b/pkg/rqlite/process.go index b11ffa4..61c6cff 100644 --- a/pkg/rqlite/process.go +++ b/pkg/rqlite/process.go @@ -17,8 +17,55 @@ import ( "go.uber.org/zap" ) +// killOrphanedRQLite kills any orphaned rqlited process still holding the port. +// This can happen when the parent node process crashes and rqlited keeps running. +func (r *RQLiteManager) killOrphanedRQLite() { + // Check if port is already in use by querying the status endpoint + url := fmt.Sprintf("http://localhost:%d/status", r.config.RQLitePort) + client := &http.Client{Timeout: 2 * time.Second} + resp, err := client.Get(url) + if err != nil { + return // Port not in use, nothing to clean up + } + resp.Body.Close() + + // Port is in use — find and kill the orphaned process + r.logger.Warn("Found orphaned rqlited process on port, killing it", + zap.Int("port", r.config.RQLitePort)) + + // Use fuser to find and kill the process holding the port + cmd := exec.Command("fuser", "-k", fmt.Sprintf("%d/tcp", r.config.RQLitePort)) + if err := cmd.Run(); err != nil { + r.logger.Warn("fuser failed, trying lsof", zap.Error(err)) + // Fallback: use lsof + out, err := exec.Command("lsof", "-ti", fmt.Sprintf(":%d", r.config.RQLitePort)).Output() + if err == nil { + for _, pidStr := range strings.Split(strings.TrimSpace(string(out)), "\n") { + if pidStr != "" { + killCmd := exec.Command("kill", "-9", pidStr) + killCmd.Run() + } + } + } + } + + // Wait for port to be released + for i := 0; i < 10; i++ { + time.Sleep(500 * time.Millisecond) + resp, err := client.Get(url) + if err != nil { + return // Port released + } + resp.Body.Close() + } + r.logger.Warn("Could not release port from orphaned process") +} + // launchProcess starts the RQLite process with appropriate arguments func (r *RQLiteManager) launchProcess(ctx context.Context, rqliteDataDir string) error { + // Kill any orphaned rqlited from a previous crash + r.killOrphanedRQLite() + // Build RQLite command args := []string{ "-http-addr", fmt.Sprintf("0.0.0.0:%d", r.config.RQLitePort), @@ -43,8 +90,8 @@ func (r *RQLiteManager) launchProcess(ctx context.Context, rqliteDataDir string) } } - if r.config.RQLiteJoinAddress != "" { - r.logger.Info("Joining RQLite cluster", zap.String("join_address", r.config.RQLiteJoinAddress)) + if r.config.RQLiteJoinAddress != "" && !r.hasExistingState(rqliteDataDir) { + r.logger.Info("First-time join to RQLite cluster", zap.String("join_address", r.config.RQLiteJoinAddress)) joinArg := r.config.RQLiteJoinAddress if strings.HasPrefix(joinArg, "http://") { @@ -60,6 +107,16 @@ func (r *RQLiteManager) launchProcess(ctx context.Context, rqliteDataDir string) } args = append(args, "-join", joinArg, "-join-as", r.discoverConfig.RaftAdvAddress, "-join-attempts", "30", "-join-interval", "10s") + + // Check if this node should join as a non-voter (read replica). + // Query the join target's /nodes endpoint to count existing voters, + // rather than relying on LibP2P peer count which is incomplete at join time. + if shouldBeNonVoter := r.checkShouldBeNonVoter(r.config.RQLiteJoinAddress); shouldBeNonVoter { + r.logger.Info("Joining as non-voter (read replica) - cluster already has max voters", + zap.String("raft_address", r.discoverConfig.RaftAdvAddress), + zap.Int("max_voters", MaxDefaultVoters)) + args = append(args, "-raft-non-voter") + } } args = append(args, rqliteDataDir) @@ -104,16 +161,26 @@ func (r *RQLiteManager) waitForReadyAndConnect(ctx context.Context) error { var conn *gorqlite.Connection var err error maxConnectAttempts := 10 - connectBackoff := 500 * time.Millisecond + connectBackoff := 1 * time.Second + + // Use disableClusterDiscovery=true to avoid gorqlite calling /nodes on Open(). + // The /nodes endpoint probes all cluster members including unreachable ones, + // which can block for the full HTTP timeout (~10s per attempt). + // This is safe because rqlited followers automatically forward writes to the leader. + connURL := fmt.Sprintf("http://localhost:%d?disableClusterDiscovery=true", r.config.RQLitePort) for attempt := 0; attempt < maxConnectAttempts; attempt++ { - conn, err = gorqlite.Open(fmt.Sprintf("http://localhost:%d", r.config.RQLitePort)) + conn, err = gorqlite.Open(connURL) if err == nil { r.connection = conn break } - if strings.Contains(err.Error(), "store is not open") { + errMsg := err.Error() + if strings.Contains(errMsg, "store is not open") { + r.logger.Debug("RQLite not ready yet, retrying", + zap.Int("attempt", attempt+1), + zap.Error(err)) time.Sleep(connectBackoff) connectBackoff = time.Duration(float64(connectBackoff) * 1.5) if connectBackoff > 5*time.Second { @@ -171,21 +238,30 @@ func (r *RQLiteManager) waitForReady(ctx context.Context) error { // waitForSQLAvailable waits until a simple query succeeds func (r *RQLiteManager) waitForSQLAvailable(ctx context.Context) error { + r.logger.Info("Waiting for SQL to become available...") ticker := time.NewTicker(1 * time.Second) defer ticker.Stop() + attempts := 0 for { select { case <-ctx.Done(): + r.logger.Error("waitForSQLAvailable timed out", zap.Int("attempts", attempts)) return ctx.Err() case <-ticker.C: + attempts++ if r.connection == nil { + r.logger.Warn("connection is nil in waitForSQLAvailable") continue } _, err := r.connection.QueryOne("SELECT 1") if err == nil { + r.logger.Info("SQL is available", zap.Int("attempts", attempts)) return nil } + if attempts <= 5 || attempts%10 == 0 { + r.logger.Debug("SQL not yet available", zap.Int("attempt", attempts), zap.Error(err)) + } } } } @@ -215,6 +291,58 @@ func (r *RQLiteManager) testJoinAddress(joinAddress string) error { return nil } +// checkShouldBeNonVoter queries the join target's /nodes endpoint to count +// existing voters. Returns true if the cluster already has MaxDefaultVoters +// voters, meaning this node should join as a non-voter. +func (r *RQLiteManager) checkShouldBeNonVoter(joinAddress string) bool { + // Derive HTTP API URL from the join address (which is a raft address like 10.0.0.1:7001) + host := joinAddress + if strings.HasPrefix(host, "http://") || strings.HasPrefix(host, "https://") { + host = strings.TrimPrefix(host, "http://") + host = strings.TrimPrefix(host, "https://") + } + if idx := strings.Index(host, ":"); idx != -1 { + host = host[:idx] + } + nodesURL := fmt.Sprintf("http://%s:%d/nodes?timeout=2s", host, r.config.RQLitePort) + + client := tlsutil.NewHTTPClient(5 * time.Second) + resp, err := client.Get(nodesURL) + if err != nil { + r.logger.Warn("Could not query /nodes to check voter count, defaulting to voter", zap.Error(err)) + return false + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + r.logger.Warn("Could not read /nodes response, defaulting to voter", zap.Error(err)) + return false + } + + var nodes map[string]struct { + Voter bool `json:"voter"` + Reachable bool `json:"reachable"` + } + if err := json.Unmarshal(body, &nodes); err != nil { + r.logger.Warn("Could not parse /nodes response, defaulting to voter", zap.Error(err)) + return false + } + + voterCount := 0 + for _, n := range nodes { + if n.Voter && n.Reachable { + voterCount++ + } + } + + r.logger.Info("Checked existing voter count from join target", + zap.Int("reachable_voters", voterCount), + zap.Int("max_voters", MaxDefaultVoters)) + + return voterCount >= MaxDefaultVoters +} + // waitForJoinTarget waits until the join target's HTTP status becomes reachable func (r *RQLiteManager) waitForJoinTarget(ctx context.Context, joinAddress string, timeout time.Duration) error { deadline := time.Now().Add(timeout) @@ -236,4 +364,3 @@ func (r *RQLiteManager) waitForJoinTarget(ctx context.Context, joinAddress strin return lastErr } - diff --git a/pkg/rqlite/rqlite.go b/pkg/rqlite/rqlite.go index 087b6e2..87f7e75 100644 --- a/pkg/rqlite/rqlite.go +++ b/pkg/rqlite/rqlite.go @@ -7,6 +7,7 @@ import ( "syscall" "time" + "github.com/DeBrosOfficial/network/migrations" "github.com/DeBrosOfficial/network/pkg/config" "github.com/rqlite/gorqlite" "go.uber.org/zap" @@ -73,8 +74,14 @@ func (r *RQLiteManager) Start(ctx context.Context) error { return err } - migrationsDir, _ := r.resolveMigrationsDir() - _ = r.ApplyMigrations(ctx, migrationsDir) + // Apply embedded migrations - these are compiled into the binary + if err := r.ApplyEmbeddedMigrations(ctx, migrations.FS); err != nil { + r.logger.Error("Failed to apply embedded migrations", zap.Error(err)) + // Don't fail startup - migrations may have already been applied by another node + // or we may be joining an existing cluster + } else { + r.logger.Info("Database migrations applied successfully") + } return nil } diff --git a/pkg/rqlite/scanner.go b/pkg/rqlite/scanner.go index 6e9966e..fe8c8e1 100644 --- a/pkg/rqlite/scanner.go +++ b/pkg/rqlite/scanner.go @@ -318,8 +318,16 @@ func setReflectValue(field reflect.Value, raw any) error { return nil } fallthrough + case reflect.Ptr: + // Handle pointer types (e.g. *time.Time, *string, *int) + // nil raw is already handled above (leaves zero/nil pointer) + elem := reflect.New(field.Type().Elem()) + if err := setReflectValue(elem.Elem(), raw); err != nil { + return err + } + field.Set(elem) + return nil default: - // Not supported yet return fmt.Errorf("unsupported dest field kind: %s", field.Kind()) } return nil diff --git a/pkg/serverless/config.go b/pkg/serverless/config.go index dd8216f..2ac8f54 100644 --- a/pkg/serverless/config.go +++ b/pkg/serverless/config.go @@ -62,7 +62,7 @@ func DefaultConfig() *Config { DefaultRetryDelaySeconds: 5, // Rate limiting - GlobalRateLimitPerMinute: 10000, // 10k requests/minute globally + GlobalRateLimitPerMinute: 250000, // 250k requests/minute globally // Background jobs JobWorkers: 4, @@ -184,4 +184,3 @@ func (c *Config) WithRateLimit(perMinute int) *Config { copy.GlobalRateLimitPerMinute = perMinute return © } - diff --git a/pkg/serverless/mocks_test.go b/pkg/serverless/mocks_test.go index d013e67..2146358 100644 --- a/pkg/serverless/mocks_test.go +++ b/pkg/serverless/mocks_test.go @@ -240,6 +240,11 @@ func (m *MockIPFSClient) Add(ctx context.Context, reader io.Reader, filename str return &ipfs.AddResponse{Cid: cid, Name: filename}, nil } +func (m *MockIPFSClient) AddDirectory(ctx context.Context, dirPath string) (*ipfs.AddResponse, error) { + cid := "cid-dir-" + dirPath + return &ipfs.AddResponse{Cid: cid, Name: dirPath}, nil +} + func (m *MockIPFSClient) Pin(ctx context.Context, cid string, name string, replicationFactor int) (*ipfs.PinResponse, error) { return &ipfs.PinResponse{Cid: cid, Name: name}, nil } diff --git a/pkg/systemd/manager.go b/pkg/systemd/manager.go new file mode 100644 index 0000000..78a0f5f --- /dev/null +++ b/pkg/systemd/manager.go @@ -0,0 +1,374 @@ +package systemd + +import ( + "fmt" + "os" + "os/exec" + "path/filepath" + "strings" + + "go.uber.org/zap" +) + +// ServiceType represents the type of namespace service +type ServiceType string + +const ( + ServiceTypeRQLite ServiceType = "rqlite" + ServiceTypeOlric ServiceType = "olric" + ServiceTypeGateway ServiceType = "gateway" +) + +// Manager manages systemd units for namespace services +type Manager struct { + logger *zap.Logger + systemdDir string + namespaceBase string // Base directory for namespace data +} + +// NewManager creates a new systemd manager +func NewManager(namespaceBase string, logger *zap.Logger) *Manager { + return &Manager{ + logger: logger.With(zap.String("component", "systemd-manager")), + systemdDir: "/etc/systemd/system", + namespaceBase: namespaceBase, + } +} + +// serviceName returns the systemd service name for a namespace and service type +func (m *Manager) serviceName(namespace string, serviceType ServiceType) string { + return fmt.Sprintf("debros-namespace-%s@%s.service", serviceType, namespace) +} + +// StartService starts a namespace service +func (m *Manager) StartService(namespace string, serviceType ServiceType) error { + svcName := m.serviceName(namespace, serviceType) + m.logger.Info("Starting systemd service", + zap.String("service", svcName), + zap.String("namespace", namespace)) + + cmd := exec.Command("sudo", "-n", "systemctl", "start", svcName) + m.logger.Debug("Executing systemctl command", + zap.String("cmd", cmd.String()), + zap.Strings("args", cmd.Args)) + + output, err := cmd.CombinedOutput() + if err != nil { + m.logger.Error("Failed to start service", + zap.String("service", svcName), + zap.Error(err), + zap.String("output", string(output)), + zap.String("cmd", cmd.String())) + return fmt.Errorf("failed to start %s: %w\nOutput: %s", svcName, err, string(output)) + } + + m.logger.Info("Service started successfully", + zap.String("service", svcName), + zap.String("output", string(output))) + return nil +} + +// StopService stops a namespace service +func (m *Manager) StopService(namespace string, serviceType ServiceType) error { + svcName := m.serviceName(namespace, serviceType) + m.logger.Info("Stopping systemd service", + zap.String("service", svcName), + zap.String("namespace", namespace)) + + cmd := exec.Command("sudo", "-n", "systemctl", "stop", svcName) + if output, err := cmd.CombinedOutput(); err != nil { + // Don't error if service is already stopped or doesn't exist + if strings.Contains(string(output), "not loaded") || strings.Contains(string(output), "inactive") { + m.logger.Debug("Service already stopped or not loaded", zap.String("service", svcName)) + return nil + } + return fmt.Errorf("failed to stop %s: %w\nOutput: %s", svcName, err, string(output)) + } + + m.logger.Info("Service stopped successfully", zap.String("service", svcName)) + return nil +} + +// RestartService restarts a namespace service +func (m *Manager) RestartService(namespace string, serviceType ServiceType) error { + svcName := m.serviceName(namespace, serviceType) + m.logger.Info("Restarting systemd service", + zap.String("service", svcName), + zap.String("namespace", namespace)) + + cmd := exec.Command("sudo", "-n", "systemctl", "restart", svcName) + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to restart %s: %w\nOutput: %s", svcName, err, string(output)) + } + + m.logger.Info("Service restarted successfully", zap.String("service", svcName)) + return nil +} + +// EnableService enables a namespace service to start on boot +func (m *Manager) EnableService(namespace string, serviceType ServiceType) error { + svcName := m.serviceName(namespace, serviceType) + m.logger.Info("Enabling systemd service", + zap.String("service", svcName), + zap.String("namespace", namespace)) + + cmd := exec.Command("sudo", "-n", "systemctl", "enable", svcName) + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to enable %s: %w\nOutput: %s", svcName, err, string(output)) + } + + m.logger.Info("Service enabled successfully", zap.String("service", svcName)) + return nil +} + +// DisableService disables a namespace service +func (m *Manager) DisableService(namespace string, serviceType ServiceType) error { + svcName := m.serviceName(namespace, serviceType) + m.logger.Info("Disabling systemd service", + zap.String("service", svcName), + zap.String("namespace", namespace)) + + cmd := exec.Command("sudo", "-n", "systemctl", "disable", svcName) + if output, err := cmd.CombinedOutput(); err != nil { + // Don't error if service is already disabled or doesn't exist + if strings.Contains(string(output), "not loaded") { + m.logger.Debug("Service not loaded", zap.String("service", svcName)) + return nil + } + return fmt.Errorf("failed to disable %s: %w\nOutput: %s", svcName, err, string(output)) + } + + m.logger.Info("Service disabled successfully", zap.String("service", svcName)) + return nil +} + +// IsServiceActive checks if a namespace service is active +func (m *Manager) IsServiceActive(namespace string, serviceType ServiceType) (bool, error) { + svcName := m.serviceName(namespace, serviceType) + cmd := exec.Command("sudo", "-n", "systemctl", "is-active", svcName) + output, err := cmd.CombinedOutput() + + outputStr := strings.TrimSpace(string(output)) + m.logger.Debug("Checking service status", + zap.String("service", svcName), + zap.String("status", outputStr), + zap.Error(err)) + + if err != nil { + // is-active returns exit code 3 if service is inactive/activating + if outputStr == "inactive" || outputStr == "failed" { + m.logger.Debug("Service is not active", + zap.String("service", svcName), + zap.String("status", outputStr)) + return false, nil + } + // "activating" means the service is starting - return false to wait longer, but no error + if outputStr == "activating" { + m.logger.Debug("Service is still activating", + zap.String("service", svcName)) + return false, nil + } + m.logger.Error("Failed to check service status", + zap.String("service", svcName), + zap.Error(err), + zap.String("output", outputStr)) + return false, fmt.Errorf("failed to check service status: %w\nOutput: %s", err, outputStr) + } + + isActive := outputStr == "active" + m.logger.Debug("Service status check complete", + zap.String("service", svcName), + zap.Bool("active", isActive)) + return isActive, nil +} + +// ReloadDaemon reloads systemd daemon configuration +func (m *Manager) ReloadDaemon() error { + m.logger.Info("Reloading systemd daemon") + cmd := exec.Command("sudo", "-n", "systemctl", "daemon-reload") + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to reload systemd daemon: %w\nOutput: %s", err, string(output)) + } + return nil +} + +// StopAllNamespaceServices stops all namespace services for a given namespace +func (m *Manager) StopAllNamespaceServices(namespace string) error { + m.logger.Info("Stopping all namespace services", zap.String("namespace", namespace)) + + // Stop in reverse dependency order: Gateway → Olric → RQLite + services := []ServiceType{ServiceTypeGateway, ServiceTypeOlric, ServiceTypeRQLite} + for _, svcType := range services { + if err := m.StopService(namespace, svcType); err != nil { + m.logger.Warn("Failed to stop service", + zap.String("namespace", namespace), + zap.String("service_type", string(svcType)), + zap.Error(err)) + // Continue stopping other services even if one fails + } + } + + return nil +} + +// StartAllNamespaceServices starts all namespace services for a given namespace +func (m *Manager) StartAllNamespaceServices(namespace string) error { + m.logger.Info("Starting all namespace services", zap.String("namespace", namespace)) + + // Start in dependency order: RQLite → Olric → Gateway + services := []ServiceType{ServiceTypeRQLite, ServiceTypeOlric, ServiceTypeGateway} + for _, svcType := range services { + if err := m.StartService(namespace, svcType); err != nil { + return fmt.Errorf("failed to start %s service: %w", svcType, err) + } + } + + return nil +} + +// ListNamespaceServices returns all namespace services currently registered in systemd +func (m *Manager) ListNamespaceServices() ([]string, error) { + cmd := exec.Command("sudo", "-n", "systemctl", "list-units", "--all", "--no-legend", "debros-namespace-*@*.service") + output, err := cmd.CombinedOutput() + if err != nil { + return nil, fmt.Errorf("failed to list namespace services: %w\nOutput: %s", err, string(output)) + } + + var services []string + lines := strings.Split(strings.TrimSpace(string(output)), "\n") + for _, line := range lines { + if line == "" { + continue + } + fields := strings.Fields(line) + if len(fields) > 0 { + services = append(services, fields[0]) + } + } + + return services, nil +} + +// StopAllNamespaceServicesGlobally stops ALL namespace services on this node (for upgrade/maintenance) +func (m *Manager) StopAllNamespaceServicesGlobally() error { + m.logger.Info("Stopping all namespace services globally") + + services, err := m.ListNamespaceServices() + if err != nil { + return fmt.Errorf("failed to list services: %w", err) + } + + for _, svc := range services { + m.logger.Info("Stopping service", zap.String("service", svc)) + cmd := exec.Command("sudo", "-n", "systemctl", "stop", svc) + if output, err := cmd.CombinedOutput(); err != nil { + m.logger.Warn("Failed to stop service", + zap.String("service", svc), + zap.Error(err), + zap.String("output", string(output))) + // Continue stopping other services + } + } + + return nil +} + +// CleanupOrphanedProcesses finds and kills any orphaned namespace processes not managed by systemd +// This is for cleaning up after migration from old exec.Command approach +func (m *Manager) CleanupOrphanedProcesses() error { + m.logger.Info("Cleaning up orphaned namespace processes") + + // Find processes listening on namespace ports (10000-10999 range) + // This is a safety measure during migration + cmd := exec.Command("bash", "-c", "lsof -ti:10000-10999 2>/dev/null | xargs -r kill -TERM 2>/dev/null || true") + if output, err := cmd.CombinedOutput(); err != nil { + m.logger.Debug("Orphaned process cleanup completed", + zap.Error(err), + zap.String("output", string(output))) + } + + return nil +} + +// GenerateEnvFile creates the environment file for a namespace service +func (m *Manager) GenerateEnvFile(namespace, nodeID string, serviceType ServiceType, envVars map[string]string) error { + envDir := filepath.Join(m.namespaceBase, namespace) + m.logger.Debug("Creating env directory", + zap.String("dir", envDir)) + + if err := os.MkdirAll(envDir, 0755); err != nil { + m.logger.Error("Failed to create env directory", + zap.String("dir", envDir), + zap.Error(err)) + return fmt.Errorf("failed to create env directory: %w", err) + } + + envFile := filepath.Join(envDir, fmt.Sprintf("%s.env", serviceType)) + + var content strings.Builder + content.WriteString("# Auto-generated environment file for namespace service\n") + content.WriteString(fmt.Sprintf("# Namespace: %s\n", namespace)) + content.WriteString(fmt.Sprintf("# Node ID: %s\n", nodeID)) + content.WriteString(fmt.Sprintf("# Service: %s\n\n", serviceType)) + + // Always include NODE_ID + content.WriteString(fmt.Sprintf("NODE_ID=%s\n", nodeID)) + + // Add all other environment variables + for key, value := range envVars { + content.WriteString(fmt.Sprintf("%s=%s\n", key, value)) + } + + m.logger.Debug("Writing env file", + zap.String("file", envFile), + zap.Int("size", content.Len())) + + if err := os.WriteFile(envFile, []byte(content.String()), 0644); err != nil { + m.logger.Error("Failed to write env file", + zap.String("file", envFile), + zap.Error(err)) + return fmt.Errorf("failed to write env file: %w", err) + } + + m.logger.Info("Generated environment file", + zap.String("file", envFile), + zap.String("namespace", namespace), + zap.String("service_type", string(serviceType))) + + return nil +} + +// InstallTemplateUnits installs the systemd template unit files +func (m *Manager) InstallTemplateUnits(sourceDir string) error { + m.logger.Info("Installing systemd template units", zap.String("source", sourceDir)) + + templates := []string{ + "debros-namespace-rqlite@.service", + "debros-namespace-olric@.service", + "debros-namespace-gateway@.service", + } + + for _, template := range templates { + source := filepath.Join(sourceDir, template) + dest := filepath.Join(m.systemdDir, template) + + data, err := os.ReadFile(source) + if err != nil { + return fmt.Errorf("failed to read template %s: %w", template, err) + } + + if err := os.WriteFile(dest, data, 0644); err != nil { + return fmt.Errorf("failed to write template %s: %w", template, err) + } + + m.logger.Info("Installed template unit", zap.String("template", template)) + } + + // Reload systemd daemon to recognize new templates + if err := m.ReloadDaemon(); err != nil { + return fmt.Errorf("failed to reload systemd daemon: %w", err) + } + + m.logger.Info("All template units installed successfully") + return nil +} diff --git a/pkg/tlsutil/client.go b/pkg/tlsutil/client.go index 735ce8e..28feadf 100644 --- a/pkg/tlsutil/client.go +++ b/pkg/tlsutil/client.go @@ -14,13 +14,13 @@ var ( // Global cache of trusted domains loaded from environment trustedDomains []string // CA certificate pool for trusting self-signed certs - caCertPool *x509.CertPool - initialized bool + caCertPool *x509.CertPool + initialized bool ) -// Default trusted domains - always trust debros.network for staging/development +// Default trusted domains - always trust orama.network for staging/development var defaultTrustedDomains = []string{ - "*.debros.network", + "*.orama.network", } // init loads trusted domains and CA certificate from environment and files @@ -64,7 +64,7 @@ func GetTrustedDomains() []string { func ShouldSkipTLSVerify(domain string) bool { for _, trusted := range trustedDomains { if strings.HasPrefix(trusted, "*.") { - // Handle wildcards like *.debros.network + // Handle wildcards like *.orama.network suffix := strings.TrimPrefix(trusted, "*") if strings.HasSuffix(domain, suffix) || domain == strings.TrimPrefix(suffix, ".") { return true @@ -119,4 +119,3 @@ func NewHTTPClientForDomain(timeout time.Duration, hostname string) *http.Client }, } } - diff --git a/scripts/block-node.sh b/scripts/block-node.sh new file mode 100755 index 0000000..674e48d --- /dev/null +++ b/scripts/block-node.sh @@ -0,0 +1,298 @@ +#!/usr/bin/env bash +# block-node.sh - Temporarily block network access to a gateway node (local or remote) +# Usage: +# Local: ./scripts/block-node.sh +# Remote: ./scripts/block-node.sh --remote +# Example: +# ./scripts/block-node.sh 1 60 # Block local node-1 (port 6001) for 60 seconds +# ./scripts/block-node.sh --remote 2 120 # Block remote node-2 for 120 seconds + +set -euo pipefail + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Remote node configurations - loaded from config file +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CONFIG_FILE="$SCRIPT_DIR/remote-nodes.conf" + +# Function to get remote node config +get_remote_node_config() { + local node_num="$1" + local field="$2" # "user_host" or "password" + + if [ ! -f "$CONFIG_FILE" ]; then + echo "" + return 1 + fi + + while IFS='|' read -r num user_host password || [ -n "$num" ]; do + # Skip comments and empty lines + [[ "$num" =~ ^#.*$ ]] || [[ -z "$num" ]] && continue + # Trim whitespace + num=$(echo "$num" | xargs) + user_host=$(echo "$user_host" | xargs) + password=$(echo "$password" | xargs) + + if [ "$num" = "$node_num" ]; then + if [ "$field" = "user_host" ]; then + echo "$user_host" + elif [ "$field" = "password" ]; then + echo "$password" + fi + return 0 + fi + done < "$CONFIG_FILE" + + echo "" + return 1 +} + +# Display usage +usage() { + echo -e "${RED}Error:${NC} Invalid arguments" + echo "" + echo -e "${BLUE}Usage:${NC}" + echo " $0 # Local mode" + echo " $0 --remote # Remote mode" + echo "" + echo -e "${GREEN}Local Mode Examples:${NC}" + echo " $0 1 60 # Block local node-1 (port 6001) for 60 seconds" + echo " $0 2 120 # Block local node-2 (port 6002) for 120 seconds" + echo "" + echo -e "${GREEN}Remote Mode Examples:${NC}" + echo " $0 --remote 1 60 # Block remote node-1 (51.83.128.181) for 60 seconds" + echo " $0 --remote 3 120 # Block remote node-3 (83.171.248.66) for 120 seconds" + echo "" + echo -e "${YELLOW}Local Node Mapping:${NC}" + echo " Node 1 -> Port 6001" + echo " Node 2 -> Port 6002" + echo " Node 3 -> Port 6003" + echo " Node 4 -> Port 6004" + echo " Node 5 -> Port 6005" + echo "" + echo -e "${YELLOW}Remote Node Mapping:${NC}" + echo " Remote 1 -> ubuntu@51.83.128.181" + echo " Remote 2 -> root@194.61.28.7" + echo " Remote 3 -> root@83.171.248.66" + echo " Remote 4 -> root@62.72.44.87" + exit 1 +} + +# Parse arguments +REMOTE_MODE=false +if [ $# -eq 3 ] && [ "$1" == "--remote" ]; then + REMOTE_MODE=true + NODE_NUM="$2" + DURATION="$3" +elif [ $# -eq 2 ]; then + NODE_NUM="$1" + DURATION="$2" +else + usage +fi + +# Validate duration +if ! [[ "$DURATION" =~ ^[0-9]+$ ]] || [ "$DURATION" -le 0 ]; then + echo -e "${RED}Error:${NC} Duration must be a positive integer" + exit 1 +fi + +# Calculate port (local nodes use 6001-6005, remote nodes use 80 and 443) +if [ "$REMOTE_MODE" = true ]; then + # Remote nodes: block standard HTTP/HTTPS ports + PORTS="80 443" +else + # Local nodes: block the specific gateway port + PORT=$((6000 + NODE_NUM)) +fi + +# Function to block ports on remote server +block_remote_node() { + local node_num="$1" + local duration="$2" + local ports="$3" # Can be space-separated list like "80 443" + + # Validate remote node number + if ! [[ "$node_num" =~ ^[1-4]$ ]]; then + echo -e "${RED}Error:${NC} Remote node number must be between 1 and 4" + exit 1 + fi + + # Get credentials from config file + local user_host=$(get_remote_node_config "$node_num" "user_host") + local password=$(get_remote_node_config "$node_num" "password") + + if [ -z "$user_host" ] || [ -z "$password" ]; then + echo -e "${RED}Error:${NC} Configuration for remote node $node_num not found in $CONFIG_FILE" + exit 1 + fi + + local host="${user_host##*@}" + + echo -e "${BLUE}=== Remote Network Blocking Tool ===${NC}" + echo -e "Remote Node: ${GREEN}$node_num${NC} ($user_host)" + echo -e "Ports: ${GREEN}$ports${NC}" + echo -e "Duration: ${GREEN}$duration seconds${NC}" + echo "" + + # Check if sshpass is installed + if ! command -v sshpass &> /dev/null; then + echo -e "${RED}Error:${NC} sshpass is not installed. Install it first:" + echo -e " ${YELLOW}macOS:${NC} brew install hudochenkov/sshpass/sshpass" + echo -e " ${YELLOW}Ubuntu/Debian:${NC} sudo apt-get install sshpass" + exit 1 + fi + + # SSH options - force password authentication only to avoid "too many auth failures" + SSH_OPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o PreferredAuthentications=password -o PubkeyAuthentication=no -o NumberOfPasswordPrompts=1" + + echo -e "${YELLOW}Connecting to remote server...${NC}" + + # Test connection + if ! sshpass -p "$password" ssh $SSH_OPTS "$user_host" "echo 'Connected successfully' > /dev/null"; then + echo -e "${RED}Error:${NC} Failed to connect to $user_host" + exit 1 + fi + + echo -e "${GREEN}✓${NC} Connected to $host" + + # Install iptables rules on remote server + echo -e "${YELLOW}Installing iptables rules on remote server...${NC}" + + # Build iptables commands for all ports + BLOCK_CMDS="" + for port in $ports; do + BLOCK_CMDS="${BLOCK_CMDS}iptables -I INPUT -p tcp --dport $port -j DROP 2>/dev/null || true; " + BLOCK_CMDS="${BLOCK_CMDS}iptables -I OUTPUT -p tcp --sport $port -j DROP 2>/dev/null || true; " + done + BLOCK_CMDS="${BLOCK_CMDS}echo 'Rules installed'" + + if ! sshpass -p "$password" ssh $SSH_OPTS "$user_host" "$BLOCK_CMDS"; then + echo -e "${RED}Error:${NC} Failed to install iptables rules" + exit 1 + fi + + echo -e "${GREEN}✓${NC} Ports $ports are now blocked on $host" + echo -e "${YELLOW}Waiting $duration seconds...${NC}" + echo "" + + # Show countdown + for ((i=duration; i>0; i--)); do + printf "\r${BLUE}Time remaining: %3d seconds${NC}" "$i" + sleep 1 + done + + echo "" + echo "" + echo -e "${YELLOW}Removing iptables rules from remote server...${NC}" + + # Build iptables removal commands for all ports + UNBLOCK_CMDS="" + for port in $ports; do + UNBLOCK_CMDS="${UNBLOCK_CMDS}iptables -D INPUT -p tcp --dport $port -j DROP 2>/dev/null || true; " + UNBLOCK_CMDS="${UNBLOCK_CMDS}iptables -D OUTPUT -p tcp --sport $port -j DROP 2>/dev/null || true; " + done + UNBLOCK_CMDS="${UNBLOCK_CMDS}echo 'Rules removed'" + + if ! sshpass -p "$password" ssh $SSH_OPTS "$user_host" "$UNBLOCK_CMDS"; then + echo -e "${YELLOW}Warning:${NC} Failed to remove some iptables rules. You may need to clean up manually." + else + echo -e "${GREEN}✓${NC} Ports $ports are now accessible again on $host" + fi + + echo "" + echo -e "${GREEN}=== Done! ===${NC}" + echo -e "Remote node ${GREEN}$node_num${NC} ($host) was unreachable for $duration seconds and is now accessible again." +} + +# Function to block port locally using process pause (SIGSTOP) +block_local_node() { + local node_num="$1" + local duration="$2" + local port="$3" + + # Validate node number + if ! [[ "$node_num" =~ ^[1-5]$ ]]; then + echo -e "${RED}Error:${NC} Local node number must be between 1 and 5" + exit 1 + fi + + echo -e "${BLUE}=== Local Network Blocking Tool ===${NC}" + echo -e "Node: ${GREEN}node-$node_num${NC}" + echo -e "Port: ${GREEN}$port${NC}" + echo -e "Duration: ${GREEN}$duration seconds${NC}" + echo -e "Method: ${GREEN}Process Pause (SIGSTOP/SIGCONT)${NC}" + echo "" + + # Find the process listening on the port + echo -e "${YELLOW}Finding process listening on port $port...${NC}" + + # macOS uses different tools than Linux + if [[ "$(uname -s)" == "Darwin" ]]; then + # macOS: use lsof + PID=$(lsof -ti :$port 2>/dev/null | head -1 || echo "") + else + # Linux: use ss or netstat + if command -v ss &> /dev/null; then + PID=$(ss -tlnp | grep ":$port " | grep -oP 'pid=\K[0-9]+' | head -1 || echo "") + else + PID=$(netstat -tlnp 2>/dev/null | grep ":$port " | awk '{print $7}' | cut -d'/' -f1 | head -1 || echo "") + fi + fi + + if [ -z "$PID" ]; then + echo -e "${RED}Error:${NC} No process found listening on port $port" + echo -e "Make sure node-$node_num is running first." + exit 1 + fi + + # Get process name + PROCESS_NAME=$(ps -p $PID -o comm= 2>/dev/null || echo "unknown") + + echo -e "${GREEN}✓${NC} Found process: ${BLUE}$PROCESS_NAME${NC} (PID: ${BLUE}$PID${NC})" + echo "" + + # Pause the process + echo -e "${YELLOW}Pausing process (SIGSTOP)...${NC}" + if ! kill -STOP $PID 2>/dev/null; then + echo -e "${RED}Error:${NC} Failed to pause process. You may need sudo privileges." + exit 1 + fi + + echo -e "${GREEN}✓${NC} Process paused - node-$node_num is now unreachable" + echo -e "${YELLOW}Waiting $duration seconds...${NC}" + echo "" + + # Show countdown + for ((i=duration; i>0; i--)); do + printf "\r${BLUE}Time remaining: %3d seconds${NC}" "$i" + sleep 1 + done + + echo "" + echo "" + + # Resume the process + echo -e "${YELLOW}Resuming process (SIGCONT)...${NC}" + if ! kill -CONT $PID 2>/dev/null; then + echo -e "${YELLOW}Warning:${NC} Failed to resume process. It may have been terminated." + else + echo -e "${GREEN}✓${NC} Process resumed - node-$node_num is now accessible again" + fi + + echo "" + echo -e "${GREEN}=== Done! ===${NC}" + echo -e "Local node ${GREEN}node-$node_num${NC} was unreachable for $duration seconds and is now accessible again." +} + +# Main execution +if [ "$REMOTE_MODE" = true ]; then + block_remote_node "$NODE_NUM" "$DURATION" "$PORTS" +else + block_local_node "$NODE_NUM" "$DURATION" "$PORT" +fi diff --git a/scripts/build-coredns.sh b/scripts/build-coredns.sh new file mode 100755 index 0000000..c0ac5d1 --- /dev/null +++ b/scripts/build-coredns.sh @@ -0,0 +1,112 @@ +#!/bin/bash +set -e + +# Build custom CoreDNS binary with RQLite plugin +# This script compiles CoreDNS with the custom RQLite plugin + +COREDNS_VERSION="1.11.1" +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" +COREDNS_DIR="/tmp/coredns-build" + +echo "Building CoreDNS v${COREDNS_VERSION} with RQLite plugin..." + +# Clean previous build +rm -rf "$COREDNS_DIR" +mkdir -p "$COREDNS_DIR" + +# Clone CoreDNS +echo "Cloning CoreDNS..." +cd "$COREDNS_DIR" +git clone --depth 1 --branch v${COREDNS_VERSION} https://github.com/coredns/coredns.git +cd coredns + +# Create plugin.cfg with RQLite plugin +echo "Configuring plugins..." +cat > plugin.cfg < /dev/null; then + echo "Installing xcaddy..." + go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest +fi + +# Clean up previous build +rm -rf "$BUILD_DIR" +mkdir -p "$MODULE_DIR" + +# Write go.mod +cat > "$MODULE_DIR/go.mod" << 'GOMOD' +module github.com/DeBrosOfficial/caddy-dns-orama + +go 1.22 + +require ( + github.com/caddyserver/caddy/v2 v2.10.2 + github.com/libdns/libdns v1.1.0 +) +GOMOD + +# Write provider.go (the orama DNS provider for ACME DNS-01 challenges) +cat > "$MODULE_DIR/provider.go" << 'PROVIDERGO' +// Package orama implements a DNS provider for Caddy that uses the Orama Network +// gateway's internal ACME API for DNS-01 challenge validation. +package orama + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "net/http" + "time" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/libdns/libdns" +) + +func init() { + caddy.RegisterModule(Provider{}) +} + +// Provider wraps the Orama DNS provider for Caddy. +type Provider struct { + // Endpoint is the URL of the Orama gateway's ACME API + // Default: http://localhost:6001/v1/internal/acme + Endpoint string `json:"endpoint,omitempty"` +} + +// CaddyModule returns the Caddy module information. +func (Provider) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "dns.providers.orama", + New: func() caddy.Module { return new(Provider) }, + } +} + +// Provision sets up the module. +func (p *Provider) Provision(ctx caddy.Context) error { + if p.Endpoint == "" { + p.Endpoint = "http://localhost:6001/v1/internal/acme" + } + return nil +} + +// UnmarshalCaddyfile parses the Caddyfile configuration. +func (p *Provider) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for d.NextBlock(0) { + switch d.Val() { + case "endpoint": + if !d.NextArg() { + return d.ArgErr() + } + p.Endpoint = d.Val() + default: + return d.Errf("unrecognized option: %s", d.Val()) + } + } + } + return nil +} + +// AppendRecords adds records to the zone. For ACME, this presents the challenge. +func (p *Provider) AppendRecords(ctx context.Context, zone string, records []libdns.Record) ([]libdns.Record, error) { + var added []libdns.Record + + for _, rec := range records { + rr := rec.RR() + if rr.Type != "TXT" { + continue + } + + fqdn := rr.Name + "." + zone + + payload := map[string]string{ + "fqdn": fqdn, + "value": rr.Data, + } + + body, err := json.Marshal(payload) + if err != nil { + return added, fmt.Errorf("failed to marshal request: %w", err) + } + + req, err := http.NewRequestWithContext(ctx, "POST", p.Endpoint+"/present", bytes.NewReader(body)) + if err != nil { + return added, fmt.Errorf("failed to create request: %w", err) + } + req.Header.Set("Content-Type", "application/json") + + client := &http.Client{Timeout: 30 * time.Second} + resp, err := client.Do(req) + if err != nil { + return added, fmt.Errorf("failed to present challenge: %w", err) + } + resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return added, fmt.Errorf("present failed with status %d", resp.StatusCode) + } + + added = append(added, rec) + } + + return added, nil +} + +// DeleteRecords removes records from the zone. For ACME, this cleans up the challenge. +func (p *Provider) DeleteRecords(ctx context.Context, zone string, records []libdns.Record) ([]libdns.Record, error) { + var deleted []libdns.Record + + for _, rec := range records { + rr := rec.RR() + if rr.Type != "TXT" { + continue + } + + fqdn := rr.Name + "." + zone + + payload := map[string]string{ + "fqdn": fqdn, + "value": rr.Data, + } + + body, err := json.Marshal(payload) + if err != nil { + return deleted, fmt.Errorf("failed to marshal request: %w", err) + } + + req, err := http.NewRequestWithContext(ctx, "POST", p.Endpoint+"/cleanup", bytes.NewReader(body)) + if err != nil { + return deleted, fmt.Errorf("failed to create request: %w", err) + } + req.Header.Set("Content-Type", "application/json") + + client := &http.Client{Timeout: 30 * time.Second} + resp, err := client.Do(req) + if err != nil { + return deleted, fmt.Errorf("failed to cleanup challenge: %w", err) + } + resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return deleted, fmt.Errorf("cleanup failed with status %d", resp.StatusCode) + } + + deleted = append(deleted, rec) + } + + return deleted, nil +} + +// GetRecords returns the records in the zone. Not used for ACME. +func (p *Provider) GetRecords(ctx context.Context, zone string) ([]libdns.Record, error) { + return nil, nil +} + +// SetRecords sets the records in the zone. Not used for ACME. +func (p *Provider) SetRecords(ctx context.Context, zone string, records []libdns.Record) ([]libdns.Record, error) { + return nil, nil +} + +// Interface guards +var ( + _ caddy.Module = (*Provider)(nil) + _ caddy.Provisioner = (*Provider)(nil) + _ caddyfile.Unmarshaler = (*Provider)(nil) + _ libdns.RecordAppender = (*Provider)(nil) + _ libdns.RecordDeleter = (*Provider)(nil) + _ libdns.RecordGetter = (*Provider)(nil) + _ libdns.RecordSetter = (*Provider)(nil) +) +PROVIDERGO + +# Run go mod tidy +cd "$MODULE_DIR" && go mod tidy + +# Build with xcaddy +echo "Building Caddy binary..." +GOOS=linux GOARCH=amd64 xcaddy build v2.10.2 \ + --with "github.com/DeBrosOfficial/caddy-dns-orama=$MODULE_DIR" \ + --output "$OUTPUT_DIR/caddy" + +# Cleanup +rm -rf "$BUILD_DIR" +echo "✓ Caddy built: bin-linux/caddy" diff --git a/scripts/build-linux-coredns.sh b/scripts/build-linux-coredns.sh new file mode 100755 index 0000000..e3d36ab --- /dev/null +++ b/scripts/build-linux-coredns.sh @@ -0,0 +1,91 @@ +#!/bin/bash +# Build CoreDNS with rqlite plugin for linux/amd64 +# Outputs to bin-linux/coredns +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" +OUTPUT_DIR="$PROJECT_ROOT/bin-linux" +BUILD_DIR="/tmp/coredns-build-linux" + +mkdir -p "$OUTPUT_DIR" + +# Clean up previous build +rm -rf "$BUILD_DIR" + +# Clone CoreDNS +echo "Cloning CoreDNS v1.12.0..." +git clone --depth 1 --branch v1.12.0 https://github.com/coredns/coredns.git "$BUILD_DIR" + +# Copy rqlite plugin +echo "Copying rqlite plugin..." +mkdir -p "$BUILD_DIR/plugin/rqlite" +cp "$PROJECT_ROOT/pkg/coredns/rqlite/"*.go "$BUILD_DIR/plugin/rqlite/" + +# Write plugin.cfg +cat > "$BUILD_DIR/plugin.cfg" << 'EOF' +metadata:metadata +cancel:cancel +tls:tls +reload:reload +nsid:nsid +bufsize:bufsize +root:root +bind:bind +debug:debug +trace:trace +ready:ready +health:health +pprof:pprof +prometheus:metrics +errors:errors +log:log +dnstap:dnstap +local:local +dns64:dns64 +acl:acl +any:any +chaos:chaos +loadbalance:loadbalance +cache:cache +rewrite:rewrite +header:header +dnssec:dnssec +autopath:autopath +minimal:minimal +template:template +transfer:transfer +hosts:hosts +file:file +auto:auto +secondary:secondary +loop:loop +forward:forward +grpc:grpc +erratic:erratic +whoami:whoami +on:github.com/coredns/caddy/onevent +sign:sign +view:view +rqlite:rqlite +EOF + +# Build +cd "$BUILD_DIR" +echo "Adding dependencies..." +go get github.com/miekg/dns@latest +go get go.uber.org/zap@latest +go mod tidy + +echo "Generating plugin code..." +go generate + +echo "Building CoreDNS binary..." +GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags "-s -w" -trimpath -o coredns + +# Copy output +cp "$BUILD_DIR/coredns" "$OUTPUT_DIR/coredns" + +# Cleanup +rm -rf "$BUILD_DIR" +echo "✓ CoreDNS built: bin-linux/coredns" diff --git a/scripts/check-node-health.sh b/scripts/check-node-health.sh new file mode 100755 index 0000000..3bcf8b2 --- /dev/null +++ b/scripts/check-node-health.sh @@ -0,0 +1,143 @@ +#!/bin/bash +# Check health of an Orama Network node via SSH +# +# Usage: ./scripts/check-node-health.sh [label] +# Example: ./scripts/check-node-health.sh ubuntu@57.128.223.92 '@5YnN5wIqYnyJ4' Hermes + +if [ $# -lt 2 ]; then + echo "Usage: $0 [label]" + echo "Example: $0 ubuntu@1.2.3.4 'mypassword' MyNode" + exit 1 +fi + +USERHOST="$1" +PASS="$2" +LABEL="${3:-$USERHOST}" + +echo "════════════════════════════════════════" +echo " Node Health: $LABEL ($USERHOST)" +echo "════════════════════════════════════════" +echo "" + +sshpass -p "$PASS" ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 "$USERHOST" "bash -s" <<'REMOTE' + +WG_IP=$(ip -4 addr show wg0 2>/dev/null | grep -oP 'inet \K[0-9.]+' || true) + +# 1. Services +echo "── Services ──" +for svc in debros-node debros-ipfs debros-ipfs-cluster debros-olric debros-anyone-relay debros-anyone-client coredns caddy; do + status=$(systemctl is-active "$svc" 2>/dev/null || true) + case "$status" in + active) mark="✓";; + inactive) mark="·";; + activating) mark="~";; + *) mark="✗";; + esac + printf " %s %-25s %s\n" "$mark" "$svc" "$status" +done +echo "" + +# 2. WireGuard +echo "── WireGuard ──" +if [ -n "$WG_IP" ]; then + echo " IP: $WG_IP" + PEERS=$(sudo wg show wg0 2>/dev/null | grep -c '^peer:' || echo 0) + echo " Peers: $PEERS" + sudo wg show wg0 2>/dev/null | grep -A2 '^peer:' | grep -E 'endpoint|latest handshake' | while read -r line; do + echo " $line" + done +else + echo " not configured" +fi +echo "" + +# 3. RQLite (HTTP API on port 5001) +echo "── RQLite ──" +RQLITE_ADDR="" +for addr in "${WG_IP}:5001" "localhost:5001"; do + if curl -sf "http://${addr}/nodes" >/dev/null 2>&1; then + RQLITE_ADDR="$addr" + break + fi +done +if [ -n "$RQLITE_ADDR" ]; then + # Get node state from status + STATE=$(curl -sf "http://${RQLITE_ADDR}/status" 2>/dev/null | python3 -c " +import sys,json +d=json.load(sys.stdin) +print(d.get('store',{}).get('raft',{}).get('state','?')) +" 2>/dev/null || echo "?") + echo " This node: $STATE" + # Get cluster nodes + curl -sf "http://${RQLITE_ADDR}/nodes" 2>/dev/null | python3 -c " +import sys,json +d=json.load(sys.stdin) +for addr,info in sorted(d.items()): + r = 'ok' if info.get('reachable') else 'UNREACHABLE' + l = ' (LEADER)' if info.get('leader') else '' + v = 'voter' if info.get('voter') else 'non-voter' + print(' ' + addr + ': ' + r + ', ' + v + l) +print(' Total: ' + str(len(d)) + ' nodes') +" 2>/dev/null || echo " (parse error)" +else + echo " not responding" +fi +echo "" + +# 4. IPFS +echo "── IPFS ──" +PEERS=$(sudo -u debros IPFS_PATH=/home/debros/.orama/data/ipfs/repo /usr/local/bin/ipfs swarm peers 2>/dev/null) +if [ -n "$PEERS" ]; then + COUNT=$(echo "$PEERS" | wc -l) + echo " Connected peers: $COUNT" + echo "$PEERS" | while read -r addr; do echo " $addr"; done +else + echo " no peers connected" +fi +echo "" + +# 5. Gateway +echo "── Gateway ──" +GW=$(curl -sf http://localhost:6001/health 2>/dev/null) +if [ -n "$GW" ]; then + echo "$GW" | python3 -c " +import sys,json +d=json.load(sys.stdin) +print(' Status: ' + d.get('status','?')) +srv=d.get('server',{}) +print(' Uptime: ' + srv.get('uptime','?')) +cli=d.get('client',{}) +if cli: + checks=cli.get('checks',{}) + for k,v in checks.items(): + print(' ' + k + ': ' + str(v)) +" 2>/dev/null || echo " responding (parse error)" +else + echo " not responding" +fi +echo "" + +# 6. Olric +echo "── Olric ──" +if systemctl is-active debros-olric &>/dev/null; then + echo " service: active" + # Olric doesn't have a simple HTTP health endpoint; just check the process + OLRIC_PID=$(pgrep -f olric-server || true) + if [ -n "$OLRIC_PID" ]; then + echo " pid: $OLRIC_PID" + echo " listening: $(sudo ss -tlnp 2>/dev/null | grep olric | awk '{print $4}' | tr '\n' ' ')" + fi +else + echo " not running" +fi +echo "" + +# 7. Resources +echo "── Resources ──" +echo " RAM: $(free -h | awk '/Mem:/{print $3"/"$2}')" +echo " Disk: $(df -h / | awk 'NR==2{print $3"/"$2" ("$5" used)"}')" +echo "" + +REMOTE + +echo "════════════════════════════════════════" diff --git a/scripts/dev-kill-all.sh b/scripts/dev-kill-all.sh index 945696c..de0dba6 100755 --- a/scripts/dev-kill-all.sh +++ b/scripts/dev-kill-all.sh @@ -29,6 +29,12 @@ PORTS=( 9096 9106 9116 9126 9136 ) +# Add namespace cluster ports (10000-10099) +# These are dynamically allocated for per-namespace RQLite/Olric/Gateway instances +for port in $(seq 10000 10099); do + PORTS+=($port) +done + killed_count=0 killed_pids=() @@ -57,6 +63,41 @@ SPECIFIC_PATTERNS=( "anyone-client" ) +# Kill namespace cluster processes (spawned by ClusterManager) +# These are RQLite/Olric/Gateway instances running on ports 10000-10099 +NAMESPACE_DATA_DIR="$HOME/.orama/data/namespaces" +if [[ -d "$NAMESPACE_DATA_DIR" ]]; then + # Find rqlited processes started in namespace directories + ns_pids=$(pgrep -f "rqlited.*$NAMESPACE_DATA_DIR" 2>/dev/null || true) + if [[ -n "$ns_pids" ]]; then + for pid in $ns_pids; do + echo " Killing namespace rqlited process (PID: $pid)" + kill -9 "$pid" 2>/dev/null || true + killed_pids+=("$pid") + done + fi + + # Find olric-server processes started for namespaces (check env var or config path) + ns_olric_pids=$(pgrep -f "olric-server.*$NAMESPACE_DATA_DIR" 2>/dev/null || true) + if [[ -n "$ns_olric_pids" ]]; then + for pid in $ns_olric_pids; do + echo " Killing namespace olric-server process (PID: $pid)" + kill -9 "$pid" 2>/dev/null || true + killed_pids+=("$pid") + done + fi + + # Find gateway processes started for namespaces + ns_gw_pids=$(pgrep -f "gateway.*--config.*$NAMESPACE_DATA_DIR" 2>/dev/null || true) + if [[ -n "$ns_gw_pids" ]]; then + for pid in $ns_gw_pids; do + echo " Killing namespace gateway process (PID: $pid)" + kill -9 "$pid" 2>/dev/null || true + killed_pids+=("$pid") + done + fi +fi + for pattern in "${SPECIFIC_PATTERNS[@]}"; do # Use exact pattern matching to avoid false positives all_pids=$(pgrep -f "$pattern" 2>/dev/null || true) diff --git a/scripts/extract-deploy.sh b/scripts/extract-deploy.sh new file mode 100755 index 0000000..b9401c6 --- /dev/null +++ b/scripts/extract-deploy.sh @@ -0,0 +1,81 @@ +#!/bin/bash +# Extracts /tmp/network-source.tar.gz on a VPS and places everything correctly. +# Run as root on the target VPS. +# +# What it does: +# 1. Extracts source to /home/debros/src/ +# 2. Installs CLI to /usr/local/bin/orama +# 3. If bin-linux/ is in the archive (pre-built), copies binaries to their locations: +# - orama-node, gateway, identity, rqlite-mcp, olric-server → /home/debros/bin/ +# - coredns → /usr/local/bin/coredns +# - caddy → /usr/bin/caddy +# +# Usage: sudo bash /home/debros/src/scripts/extract-deploy.sh +# (or pipe via SSH: ssh root@host 'bash -s' < scripts/extract-deploy.sh) + +set -e + +ARCHIVE="/tmp/network-source.tar.gz" +SRC_DIR="/home/debros/src" +BIN_DIR="/home/debros/bin" + +if [ ! -f "$ARCHIVE" ]; then + echo "Error: $ARCHIVE not found" + exit 1 +fi + +# Ensure debros user exists (orama install also creates it, but we need it now for chown) +if ! id -u debros &>/dev/null; then + echo "Creating 'debros' user..." + useradd -m -s /bin/bash debros +fi + +echo "Extracting source..." +rm -rf "$SRC_DIR" +mkdir -p "$SRC_DIR" "$BIN_DIR" +tar xzf "$ARCHIVE" -C "$SRC_DIR" +id -u debros &>/dev/null && chown -R debros:debros "$SRC_DIR" || true + +# Install CLI +if [ -f "$SRC_DIR/bin-linux/orama" ]; then + cp "$SRC_DIR/bin-linux/orama" /usr/local/bin/orama + chmod +x /usr/local/bin/orama + echo " ✓ CLI installed: /usr/local/bin/orama" +fi + +# Place pre-built binaries if present +if [ -d "$SRC_DIR/bin-linux" ]; then + echo "Installing pre-built binaries..." + + for bin in orama-node gateway identity rqlite-mcp olric-server orama; do + if [ -f "$SRC_DIR/bin-linux/$bin" ]; then + # Atomic rename: copy to temp, then move (works even if binary is running) + cp "$SRC_DIR/bin-linux/$bin" "$BIN_DIR/$bin.tmp" + chmod +x "$BIN_DIR/$bin.tmp" + mv -f "$BIN_DIR/$bin.tmp" "$BIN_DIR/$bin" + echo " ✓ $bin → $BIN_DIR/$bin" + fi + done + + if [ -f "$SRC_DIR/bin-linux/coredns" ]; then + cp "$SRC_DIR/bin-linux/coredns" /usr/local/bin/coredns.tmp + chmod +x /usr/local/bin/coredns.tmp + mv -f /usr/local/bin/coredns.tmp /usr/local/bin/coredns + echo " ✓ coredns → /usr/local/bin/coredns" + fi + + if [ -f "$SRC_DIR/bin-linux/caddy" ]; then + cp "$SRC_DIR/bin-linux/caddy" /usr/bin/caddy.tmp + chmod +x /usr/bin/caddy.tmp + mv -f /usr/bin/caddy.tmp /usr/bin/caddy + echo " ✓ caddy → /usr/bin/caddy" + fi + + id -u debros &>/dev/null && chown -R debros:debros "$BIN_DIR" || true + echo "All binaries installed." +else + echo "No pre-built binaries in archive (bin-linux/ not found)." + echo "Install CLI manually: sudo mv /tmp/orama /usr/local/bin/orama" +fi + +echo "Done. Ready for: sudo orama install --no-pull --pre-built ..." diff --git a/scripts/generate-source-archive.sh b/scripts/generate-source-archive.sh new file mode 100755 index 0000000..d06c34e --- /dev/null +++ b/scripts/generate-source-archive.sh @@ -0,0 +1,50 @@ +#!/bin/bash +# Generates a tarball of the current codebase for deployment +# Output: /tmp/network-source.tar.gz +# +# If bin-linux/ exists (from make build-linux-all), it is included in the archive. +# On the VPS, use scripts/extract-deploy.sh to extract source + place binaries. +# +# Usage: ./scripts/generate-source-archive.sh + +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" +OUTPUT="/tmp/network-source.tar.gz" + +cd "$PROJECT_ROOT" + +# Remove root-level binaries before archiving (they'll be rebuilt on VPS) +rm -f gateway cli node orama-cli-linux 2>/dev/null + +# Check if pre-built binaries exist +if [ -d "bin-linux" ] && [ "$(ls -A bin-linux 2>/dev/null)" ]; then + echo "Generating source archive (with pre-built binaries)..." + EXCLUDE_BIN="" +else + echo "Generating source archive (source only, no bin-linux/)..." + EXCLUDE_BIN="--exclude=bin-linux/" +fi + +tar czf "$OUTPUT" \ + --exclude='.git' \ + --exclude='node_modules' \ + --exclude='*.log' \ + --exclude='.DS_Store' \ + --exclude='bin/' \ + --exclude='dist/' \ + --exclude='coverage/' \ + --exclude='.claude/' \ + --exclude='testdata/' \ + --exclude='examples/' \ + --exclude='*.tar.gz' \ + $EXCLUDE_BIN \ + . + +echo "Archive created: $OUTPUT" +echo "Size: $(du -h $OUTPUT | cut -f1)" + +if [ -d "bin-linux" ] && [ "$(ls -A bin-linux 2>/dev/null)" ]; then + echo "Includes pre-built binaries: $(ls bin-linux/ | tr '\n' ' ')" +fi diff --git a/scripts/install-hooks.sh b/scripts/install-hooks.sh deleted file mode 100755 index 51a7156..0000000 --- a/scripts/install-hooks.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -# Install git hooks from .githooks/ to .git/hooks/ -# This ensures the pre-push hook runs automatically - -set -e - -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" -GITHOOKS_DIR="$REPO_ROOT/.githooks" -GIT_HOOKS_DIR="$REPO_ROOT/.git/hooks" - -if [ ! -d "$GITHOOKS_DIR" ]; then - echo "Error: .githooks directory not found at $GITHOOKS_DIR" - exit 1 -fi - -if [ ! -d "$GIT_HOOKS_DIR" ]; then - echo "Error: .git/hooks directory not found at $GIT_HOOKS_DIR" - echo "Are you in a git repository?" - exit 1 -fi - -echo "Installing git hooks..." - -# Copy all hooks from .githooks/ to .git/hooks/ -for hook in "$GITHOOKS_DIR"/*; do - if [ -f "$hook" ]; then - hook_name=$(basename "$hook") - dest="$GIT_HOOKS_DIR/$hook_name" - - echo " Installing $hook_name..." - cp "$hook" "$dest" - chmod +x "$dest" - - # Make sure the hook can find the repo root - # The hooks already use relative paths, so this should work - fi -done - -echo "✓ Git hooks installed successfully!" -echo "" -echo "The following hooks are now active:" -ls -1 "$GIT_HOOKS_DIR"/* 2>/dev/null | xargs -n1 basename || echo " (none)" - diff --git a/scripts/remote-nodes.conf.example b/scripts/remote-nodes.conf.example new file mode 100644 index 0000000..5860b8a --- /dev/null +++ b/scripts/remote-nodes.conf.example @@ -0,0 +1,8 @@ +# Remote node configuration +# Format: node_number|user@host|password +# Copy this file to remote-nodes.conf and fill in your credentials + +1|ubuntu@51.83.128.181|your_password_here +2|root@194.61.28.7|your_password_here +3|root@83.171.248.66|your_password_here +4|root@62.72.44.87|your_password_here diff --git a/scripts/update_changelog.sh b/scripts/update_changelog.sh deleted file mode 100755 index 72f70c2..0000000 --- a/scripts/update_changelog.sh +++ /dev/null @@ -1,435 +0,0 @@ -#!/bin/bash - -set -e - -# Colors for output -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -CYAN='\033[0;36m' -NOCOLOR='\033[0m' - -log() { echo -e "${CYAN}[update-changelog]${NOCOLOR} $1"; } -error() { echo -e "${RED}[ERROR]${NOCOLOR} $1"; } -success() { echo -e "${GREEN}[SUCCESS]${NOCOLOR} $1"; } -warning() { echo -e "${YELLOW}[WARNING]${NOCOLOR} $1"; } - -# File paths -CHANGELOG_FILE="CHANGELOG.md" -MAKEFILE="Makefile" -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" - -cd "$REPO_ROOT" - -# Load environment variables from .env file if it exists -if [ -f "$REPO_ROOT/.env" ]; then - # Export variables from .env file (more portable than source <()) - set -a - while IFS='=' read -r key value; do - # Skip comments and empty lines - [[ "$key" =~ ^#.*$ ]] && continue - [[ -z "$key" ]] && continue - # Remove quotes if present - value=$(echo "$value" | sed -e 's/^"//' -e 's/"$//' -e "s/^'//" -e "s/'$//") - export "$key=$value" - done < "$REPO_ROOT/.env" - set +a -fi - -# OpenRouter API key -# Priority: 1. Environment variable, 2. .env file, 3. Exit with error -if [ -z "$OPENROUTER_API_KEY" ]; then - error "OPENROUTER_API_KEY not found!" - echo "" - echo "Please set the API key in one of these ways:" - echo " 1. Create a .env file in the repo root with:" - echo " OPENROUTER_API_KEY=your-api-key-here" - echo "" - echo " 2. Set it as an environment variable:" - echo " export OPENROUTER_API_KEY=your-api-key-here" - echo "" - echo " 3. Copy .env.example to .env and fill in your key:" - echo " cp .env.example .env" - echo "" - echo "Get your API key from: https://openrouter.ai/keys" - exit 1 -fi - -# Check dependencies -if ! command -v jq > /dev/null 2>&1; then - error "jq is required but not installed. Install it with: brew install jq (macOS) or apt-get install jq (Linux)" - exit 1 -fi - -if ! command -v curl > /dev/null 2>&1; then - error "curl is required but not installed" - exit 1 -fi - -# Check for skip flag -# To skip changelog generation, set SKIP_CHANGELOG=1 before committing: -# SKIP_CHANGELOG=1 git commit -m "your message" -# SKIP_CHANGELOG=1 git commit -if [ "$SKIP_CHANGELOG" = "1" ] || [ "$SKIP_CHANGELOG" = "true" ]; then - log "Skipping changelog update (SKIP_CHANGELOG is set)" - exit 0 -fi - -# Check if we're in a git repo -if ! git rev-parse --git-dir > /dev/null 2>&1; then - error "Not in a git repository" - exit 1 -fi - -# Get current branch -CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) -REMOTE_BRANCH="origin/$CURRENT_BRANCH" - -# Check if remote branch exists -if ! git rev-parse --verify "$REMOTE_BRANCH" > /dev/null 2>&1; then - warning "Remote branch $REMOTE_BRANCH does not exist. Using main/master as baseline." - if git rev-parse --verify "origin/main" > /dev/null 2>&1; then - REMOTE_BRANCH="origin/main" - elif git rev-parse --verify "origin/master" > /dev/null 2>&1; then - REMOTE_BRANCH="origin/master" - else - warning "No remote branch found. Using HEAD as baseline." - REMOTE_BRANCH="HEAD" - fi -fi - -# Gather all git diffs -log "Collecting git diffs..." - -# Check if running from pre-commit context -if [ "$CHANGELOG_CONTEXT" = "pre-commit" ]; then - log "Running in pre-commit context - analyzing staged changes only" - - # Unstaged changes (usually none in pre-commit, but check anyway) - UNSTAGED_DIFF=$(git diff 2>/dev/null || echo "") - UNSTAGED_COUNT=$(echo "$UNSTAGED_DIFF" | grep -c "^diff\|^index" 2>/dev/null || echo "0") - [ -z "$UNSTAGED_COUNT" ] && UNSTAGED_COUNT="0" - - # Staged changes (these are what we're committing) - STAGED_DIFF=$(git diff --cached 2>/dev/null || echo "") - STAGED_COUNT=$(echo "$STAGED_DIFF" | grep -c "^diff\|^index" 2>/dev/null || echo "0") - [ -z "$STAGED_COUNT" ] && STAGED_COUNT="0" - - # No unpushed commits analysis in pre-commit context - UNPUSHED_DIFF="" - UNPUSHED_COMMITS="0" - - log "Found: $UNSTAGED_COUNT unstaged file(s), $STAGED_COUNT staged file(s)" -else - # Pre-push context - analyze everything - # Unstaged changes - UNSTAGED_DIFF=$(git diff 2>/dev/null || echo "") - UNSTAGED_COUNT=$(echo "$UNSTAGED_DIFF" | grep -c "^diff\|^index" 2>/dev/null || echo "0") - [ -z "$UNSTAGED_COUNT" ] && UNSTAGED_COUNT="0" - - # Staged changes - STAGED_DIFF=$(git diff --cached 2>/dev/null || echo "") - STAGED_COUNT=$(echo "$STAGED_DIFF" | grep -c "^diff\|^index" 2>/dev/null || echo "0") - [ -z "$STAGED_COUNT" ] && STAGED_COUNT="0" - - # Unpushed commits - UNPUSHED_DIFF=$(git diff "$REMOTE_BRANCH"..HEAD 2>/dev/null || echo "") - UNPUSHED_COMMITS=$(git rev-list --count "$REMOTE_BRANCH"..HEAD 2>/dev/null || echo "0") - [ -z "$UNPUSHED_COMMITS" ] && UNPUSHED_COMMITS="0" - - # Check if the only unpushed commit is a changelog update commit - # If so, exclude it from the diff to avoid infinite loops - if [ "$UNPUSHED_COMMITS" -gt 0 ]; then - LATEST_COMMIT_MSG=$(git log -1 --pretty=%B HEAD 2>/dev/null || echo "") - if echo "$LATEST_COMMIT_MSG" | grep -q "chore: update changelog and version"; then - # If the latest commit is a changelog commit, check if there are other commits - if [ "$UNPUSHED_COMMITS" -eq 1 ]; then - log "Latest commit is a changelog update. No other changes detected. Skipping changelog update." - # Clean up any old preview files - rm -f "$REPO_ROOT/.changelog_preview.tmp" "$REPO_ROOT/.changelog_version.tmp" - exit 0 - else - # Multiple commits, exclude the latest changelog commit from diff - log "Multiple unpushed commits detected. Excluding latest changelog commit from analysis." - # Get all commits except the latest one - UNPUSHED_DIFF=$(git diff "$REMOTE_BRANCH"..HEAD~1 2>/dev/null || echo "") - UNPUSHED_COMMITS=$(git rev-list --count "$REMOTE_BRANCH"..HEAD~1 2>/dev/null || echo "0") - [ -z "$UNPUSHED_COMMITS" ] && UNPUSHED_COMMITS="0" - fi - fi - fi - - log "Found: $UNSTAGED_COUNT unstaged file(s), $STAGED_COUNT staged file(s), $UNPUSHED_COMMITS unpushed commit(s)" -fi - -# Combine all diffs -if [ "$CHANGELOG_CONTEXT" = "pre-commit" ]; then - ALL_DIFFS="${UNSTAGED_DIFF} ---- -STAGED CHANGES: ---- -${STAGED_DIFF}" -else - ALL_DIFFS="${UNSTAGED_DIFF} ---- -STAGED CHANGES: ---- -${STAGED_DIFF} ---- -UNPUSHED COMMITS: ---- -${UNPUSHED_DIFF}" -fi - -# Check if there are any changes -if [ "$CHANGELOG_CONTEXT" = "pre-commit" ]; then - # In pre-commit, only check staged changes - if [ -z "$(echo "$STAGED_DIFF" | tr -d '[:space:]')" ]; then - log "No staged changes detected. Skipping changelog update." - rm -f "$REPO_ROOT/.changelog_preview.tmp" "$REPO_ROOT/.changelog_version.tmp" - exit 0 - fi -else - # In pre-push, check all changes - if [ -z "$(echo "$UNSTAGED_DIFF$STAGED_DIFF$UNPUSHED_DIFF" | tr -d '[:space:]')" ]; then - log "No changes detected (unstaged, staged, or unpushed). Skipping changelog update." - rm -f "$REPO_ROOT/.changelog_preview.tmp" "$REPO_ROOT/.changelog_version.tmp" - exit 0 - fi -fi - -# Get current version from Makefile -CURRENT_VERSION=$(grep "^VERSION :=" "$MAKEFILE" | sed 's/.*:= *//' | tr -d ' ') - -if [ -z "$CURRENT_VERSION" ]; then - error "Could not find VERSION in Makefile" - exit 1 -fi - -log "Current version: $CURRENT_VERSION" - -# Get today's date programmatically (YYYY-MM-DD format) -TODAY_DATE=$(date +%Y-%m-%d) -log "Using date: $TODAY_DATE" - -# Prepare prompt for OpenRouter -PROMPT="You are analyzing git diffs to create a changelog entry. Based on the following git diffs, create a simple, easy-to-understand changelog entry. - -Current version: $CURRENT_VERSION - -Git diffs: -\`\`\` -$ALL_DIFFS -\`\`\` - -Please respond with ONLY a valid JSON object in this exact format: -{ - \"version\": \"x.y.z\", - \"bump_type\": \"minor\" or \"patch\", - \"added\": [\"item1\", \"item2\"], - \"changed\": [\"item1\", \"item2\"], - \"fixed\": [\"item1\", \"item2\"] -} - -Rules: -- Bump version based on changes: use \"minor\" for new features, \"patch\" for bug fixes and small changes -- Never bump major version (keep major version the same) -- Keep descriptions simple and easy to understand (1-2 sentences max per item) -- Only include items that actually changed -- If a category is empty, use an empty array [] -- Do NOT include a date field - the date will be set programmatically" - -# Call OpenRouter API -log "Calling OpenRouter API to generate changelog..." - -# Prepare the JSON payload properly -PROMPT_ESCAPED=$(echo "$PROMPT" | jq -Rs .) -REQUEST_BODY=$(cat < /dev/null 2>&1; then - error "OpenRouter API error:" - ERROR_MESSAGE=$(echo "$RESPONSE_BODY" | jq -r '.error.message // .error' 2>/dev/null || echo "$RESPONSE_BODY") - echo "$ERROR_MESSAGE" - echo "" - error "Full API response:" - echo "$RESPONSE_BODY" | jq '.' 2>/dev/null || echo "$RESPONSE_BODY" - echo "" - error "The API key may be invalid or expired. Please verify your OpenRouter API key at https://openrouter.ai/keys" - echo "" - error "To test your API key manually, run:" - echo " curl https://openrouter.ai/api/v1/chat/completions \\" - echo " -H \"Content-Type: application/json\" \\" - echo " -H \"Authorization: Bearer YOUR_API_KEY\" \\" - echo " -d '{\"model\": \"google/gemini-2.5-flash-preview-09-2025\", \"messages\": [{\"role\": \"user\", \"content\": \"test\"}]}'" - exit 1 -fi - -# Extract JSON from response -JSON_CONTENT=$(echo "$RESPONSE_BODY" | jq -r '.choices[0].message.content' 2>/dev/null) - -# Check if content was extracted -if [ -z "$JSON_CONTENT" ] || [ "$JSON_CONTENT" = "null" ]; then - error "Failed to extract content from API response" - echo "Response: $RESPONSE_BODY" - exit 1 -fi - -# Try to extract JSON if it's wrapped in markdown code blocks -if echo "$JSON_CONTENT" | grep -q '```json'; then - JSON_CONTENT=$(echo "$JSON_CONTENT" | sed -n '/```json/,/```/p' | sed '1d;$d') -elif echo "$JSON_CONTENT" | grep -q '```'; then - JSON_CONTENT=$(echo "$JSON_CONTENT" | sed -n '/```/,/```/p' | sed '1d;$d') -fi - -# Validate JSON -if ! echo "$JSON_CONTENT" | jq . > /dev/null 2>&1; then - error "Invalid JSON response from API:" - echo "$JSON_CONTENT" - exit 1 -fi - -# Parse JSON -NEW_VERSION=$(echo "$JSON_CONTENT" | jq -r '.version') -BUMP_TYPE=$(echo "$JSON_CONTENT" | jq -r '.bump_type') -ADDED=$(echo "$JSON_CONTENT" | jq -r '.added[]?' | sed 's/^/- /') -CHANGED=$(echo "$JSON_CONTENT" | jq -r '.changed[]?' | sed 's/^/- /') -FIXED=$(echo "$JSON_CONTENT" | jq -r '.fixed[]?' | sed 's/^/- /') - -log "Generated version: $NEW_VERSION ($BUMP_TYPE bump)" -log "Date: $TODAY_DATE" - -# Validate version format -if ! echo "$NEW_VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then - error "Invalid version format: $NEW_VERSION" - exit 1 -fi - -# Validate bump type -if [ "$BUMP_TYPE" != "minor" ] && [ "$BUMP_TYPE" != "patch" ]; then - error "Invalid bump type: $BUMP_TYPE (must be 'minor' or 'patch')" - exit 1 -fi - -# Update Makefile -log "Updating Makefile..." -if [[ "$OSTYPE" == "darwin"* ]]; then - # macOS sed requires backup extension - sed -i '' "s/^VERSION := .*/VERSION := $NEW_VERSION/" "$MAKEFILE" -else - # Linux sed - sed -i "s/^VERSION := .*/VERSION := $NEW_VERSION/" "$MAKEFILE" -fi -success "Makefile updated to version $NEW_VERSION" - -# Update CHANGELOG.md -log "Updating CHANGELOG.md..." - -# Create changelog entry -CHANGELOG_ENTRY="## [$NEW_VERSION] - $TODAY_DATE - -### Added -" -if [ -n "$ADDED" ]; then - CHANGELOG_ENTRY+="$ADDED"$'\n' -else - CHANGELOG_ENTRY+="\n" -fi - -CHANGELOG_ENTRY+=" -### Changed -" -if [ -n "$CHANGED" ]; then - CHANGELOG_ENTRY+="$CHANGED"$'\n' -else - CHANGELOG_ENTRY+="\n" -fi - -CHANGELOG_ENTRY+=" -### Deprecated - -### Removed - -### Fixed -" -if [ -n "$FIXED" ]; then - CHANGELOG_ENTRY+="$FIXED"$'\n' -else - CHANGELOG_ENTRY+="\n" -fi - -CHANGELOG_ENTRY+=" -" - -# Save preview to temp file for pre-push hook -PREVIEW_FILE="$REPO_ROOT/.changelog_preview.tmp" -echo "$CHANGELOG_ENTRY" > "$PREVIEW_FILE" -echo "$NEW_VERSION" > "$REPO_ROOT/.changelog_version.tmp" - -# Insert after [Unreleased] section using awk (more portable) -# Find the line number after [Unreleased] section (after the "### Fixed" line) -INSERT_LINE=$(awk '/^## \[Unreleased\]/{found=1} found && /^### Fixed$/{print NR+1; exit}' "$CHANGELOG_FILE") - -if [ -z "$INSERT_LINE" ]; then - # Fallback: insert after line 16 (after [Unreleased] section) - INSERT_LINE=16 -fi - -# Use a temp file approach to insert multiline content -TMP_FILE=$(mktemp) -{ - head -n $((INSERT_LINE - 1)) "$CHANGELOG_FILE" - printf '%s' "$CHANGELOG_ENTRY" - tail -n +$INSERT_LINE "$CHANGELOG_FILE" -} > "$TMP_FILE" -mv "$TMP_FILE" "$CHANGELOG_FILE" - -success "CHANGELOG.md updated with version $NEW_VERSION" - -log "Changelog update complete!" -log "New version: $NEW_VERSION" -log "Bump type: $BUMP_TYPE" - diff --git a/systemd/debros-namespace-gateway@.service b/systemd/debros-namespace-gateway@.service new file mode 100644 index 0000000..1fc46de --- /dev/null +++ b/systemd/debros-namespace-gateway@.service @@ -0,0 +1,33 @@ +[Unit] +Description=DeBros Namespace Gateway (%i) +Documentation=https://github.com/DeBrosOfficial/network +After=network.target debros-namespace-rqlite@%i.service debros-namespace-olric@%i.service +Requires=debros-namespace-rqlite@%i.service debros-namespace-olric@%i.service +PartOf=debros-node.service + +[Service] +Type=simple +User=debros +Group=debros +WorkingDirectory=/home/debros + +EnvironmentFile=/home/debros/.orama/data/namespaces/%i/gateway.env + +# Use shell to properly expand NODE_ID from env file +ExecStart=/bin/sh -c 'exec /home/debros/bin/gateway --config ${GATEWAY_CONFIG}' + +TimeoutStopSec=30s +KillMode=mixed +KillSignal=SIGTERM + +Restart=on-failure +RestartSec=5s + +StandardOutput=journal +StandardError=journal +SyslogIdentifier=debros-gateway-%i + +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target diff --git a/systemd/debros-namespace-olric@.service b/systemd/debros-namespace-olric@.service new file mode 100644 index 0000000..c770718 --- /dev/null +++ b/systemd/debros-namespace-olric@.service @@ -0,0 +1,33 @@ +[Unit] +Description=DeBros Namespace Olric Cache (%i) +Documentation=https://github.com/DeBrosOfficial/network +After=network.target debros-namespace-rqlite@%i.service +Requires=debros-namespace-rqlite@%i.service +PartOf=debros-node.service + +[Service] +Type=simple +User=debros +Group=debros +WorkingDirectory=/home/debros + +# Olric reads config from environment variable (set in env file) +EnvironmentFile=/home/debros/.orama/data/namespaces/%i/olric.env + +ExecStart=/home/debros/bin/olric-server + +TimeoutStopSec=30s +KillMode=mixed +KillSignal=SIGTERM + +Restart=on-failure +RestartSec=5s + +StandardOutput=journal +StandardError=journal +SyslogIdentifier=debros-olric-%i + +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target diff --git a/systemd/debros-namespace-rqlite@.service b/systemd/debros-namespace-rqlite@.service new file mode 100644 index 0000000..9b1fe2f --- /dev/null +++ b/systemd/debros-namespace-rqlite@.service @@ -0,0 +1,44 @@ +[Unit] +Description=DeBros Namespace RQLite (%i) +Documentation=https://github.com/DeBrosOfficial/network +After=network.target +PartOf=debros-node.service +StopWhenUnneeded=false + +[Service] +Type=simple +User=debros +Group=debros +WorkingDirectory=/home/debros + +# Environment file contains namespace-specific config +EnvironmentFile=/home/debros/.orama/data/namespaces/%i/rqlite.env + +# Start rqlited with args from environment (using shell to properly expand JOIN_ARGS) +ExecStart=/bin/sh -c 'exec /usr/local/bin/rqlited \ + -http-addr ${HTTP_ADDR} \ + -raft-addr ${RAFT_ADDR} \ + -http-adv-addr ${HTTP_ADV_ADDR} \ + -raft-adv-addr ${RAFT_ADV_ADDR} \ + ${JOIN_ARGS} \ + /home/debros/.orama/data/namespaces/%i/rqlite/${NODE_ID}' + +# Graceful shutdown +TimeoutStopSec=30s +KillMode=mixed +KillSignal=SIGTERM + +# Restart policy +Restart=on-failure +RestartSec=5s + +# Logging +StandardOutput=journal +StandardError=journal +SyslogIdentifier=debros-rqlite-%i + +# Resource limits +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target diff --git a/testdata/.gitignore b/testdata/.gitignore new file mode 100644 index 0000000..16697ef --- /dev/null +++ b/testdata/.gitignore @@ -0,0 +1,15 @@ +# Dependencies +apps/*/node_modules/ +apps/*/.next/ +apps/*/dist/ + +# Build outputs +apps/go-backend/api +tarballs/*.tar.gz + +# Logs +*.log +npm-debug.log* + +# OS files +.DS_Store diff --git a/testdata/README.md b/testdata/README.md new file mode 100644 index 0000000..0be59e4 --- /dev/null +++ b/testdata/README.md @@ -0,0 +1,138 @@ +# E2E Test Fixtures + +This directory contains test applications used for end-to-end testing of the Orama Network deployment system. + +## Test Applications + +### 1. React Vite App (`apps/react-vite/`) +A minimal React application built with Vite for testing static site deployments. + +**Features:** +- Simple counter component +- CSS and JavaScript assets +- Test markers for E2E validation + +**Build:** +```bash +cd apps/react-vite +npm install +npm run build +# Output: dist/ +``` + +### 2. Next.js SSR App (`apps/nextjs-ssr/`) +A Next.js application with server-side rendering and API routes for testing dynamic deployments. + +**Features:** +- Server-side rendered homepage +- API routes: + - `/api/hello` - Simple greeting endpoint + - `/api/data` - JSON data with users list +- TypeScript support + +**Build:** +```bash +cd apps/nextjs-ssr +npm install +npm run build +# Output: .next/ +``` + +### 3. Go Backend (`apps/go-backend/`) +A simple Go HTTP API for testing native backend deployments. + +**Features:** +- Health check endpoint: `/health` +- Users API: `/api/users` (GET, POST) +- Environment variable support (PORT) + +**Build:** +```bash +cd apps/go-backend +make build +# Output: api (Linux binary) +``` + +## Building All Fixtures + +Use the build script to create deployment-ready tarballs for all test apps: + +```bash +./build-fixtures.sh +``` + +This will: +1. Build all three applications +2. Create compressed tarballs in `tarballs/`: + - `react-vite.tar.gz` - Static site deployment + - `nextjs-ssr.tar.gz` - Next.js SSR deployment + - `go-backend.tar.gz` - Go backend deployment + +## Tarballs + +Pre-built deployment artifacts are stored in `tarballs/` for use in E2E tests. + +**Usage in tests:** +```go +tarballPath := filepath.Join("../../testdata/tarballs/react-vite.tar.gz") +file, err := os.Open(tarballPath) +// Upload to deployment endpoint +``` + +## Directory Structure + +``` +testdata/ +├── apps/ # Source applications +│ ├── react-vite/ # React + Vite static app +│ ├── nextjs-ssr/ # Next.js SSR app +│ └── go-backend/ # Go HTTP API +│ +├── tarballs/ # Deployment artifacts +│ ├── react-vite.tar.gz +│ ├── nextjs-ssr.tar.gz +│ └── go-backend.tar.gz +│ +├── build-fixtures.sh # Build script +└── README.md # This file +``` + +## Development + +To modify test apps: + +1. Edit source files in `apps/{app-name}/` +2. Run `./build-fixtures.sh` to rebuild +3. Tarballs are automatically updated for E2E tests + +## Testing Locally + +### React Vite App +```bash +cd apps/react-vite +npm run dev +# Open http://localhost:5173 +``` + +### Next.js App +```bash +cd apps/nextjs-ssr +npm run dev +# Open http://localhost:3000 +# Test API: http://localhost:3000/api/hello +``` + +### Go Backend +```bash +cd apps/go-backend +go run main.go +# Test: curl http://localhost:8080/health +# Test: curl http://localhost:8080/api/users +``` + +## Notes + +- All apps are intentionally minimal to ensure fast build and deployment times +- React and Next.js apps include test markers (`data-testid`) for E2E validation +- Go backend uses standard library only (no external dependencies) +- Build script requires: Node.js (18+), npm, Go (1.21+), tar, gzip diff --git a/testdata/apps/go-api/go.mod b/testdata/apps/go-api/go.mod new file mode 100644 index 0000000..4612534 --- /dev/null +++ b/testdata/apps/go-api/go.mod @@ -0,0 +1,21 @@ +module test-go-api + +go 1.22 + +require modernc.org/sqlite v1.29.1 + +require ( + github.com/dustin/go-humanize v1.0.1 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/ncruces/go-strftime v0.1.9 // indirect + github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect + golang.org/x/sys v0.16.0 // indirect + modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect + modernc.org/libc v1.41.0 // indirect + modernc.org/mathutil v1.6.0 // indirect + modernc.org/memory v1.7.2 // indirect + modernc.org/strutil v1.2.0 // indirect + modernc.org/token v1.1.0 // indirect +) diff --git a/testdata/apps/go-api/go.sum b/testdata/apps/go-api/go.sum new file mode 100644 index 0000000..1d61df7 --- /dev/null +++ b/testdata/apps/go-api/go.sum @@ -0,0 +1,39 @@ +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ= +github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= +github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y= +github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= +github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4= +github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= +github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 h1:5D53IMaUuA5InSeMu9eJtlQXS2NxAhyWQvkKEgXZhHI= +modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6/go.mod h1:Qz0X07sNOR1jWYCrJMEnbW/X55x206Q7Vt4mz6/wHp4= +modernc.org/libc v1.41.0 h1:g9YAc6BkKlgORsUWj+JwqoB1wU3o4DE3bM3yvA3k+Gk= +modernc.org/libc v1.41.0/go.mod h1:w0eszPsiXoOnoMJgrXjglgLuDy/bt5RR4y3QzUUeodY= +modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4= +modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo= +modernc.org/memory v1.7.2 h1:Klh90S215mmH8c9gO98QxQFsY+W451E8AnzjoE2ee1E= +modernc.org/memory v1.7.2/go.mod h1:NO4NVCQy0N7ln+T9ngWqOQfi7ley4vpwvARR+Hjw95E= +modernc.org/sqlite v1.29.1 h1:19GY2qvWB4VPw0HppFlZCPAbmxFU41r+qjKZQdQ1ryA= +modernc.org/sqlite v1.29.1/go.mod h1:hG41jCYxOAOoO6BRK66AdRlmOcDzXf7qnwlwjUIOqa0= +modernc.org/strutil v1.2.0 h1:agBi9dp1I+eOnxXeiZawM8F4LawKv4NzGWSaLfyeNZA= +modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0= +modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y= +modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= diff --git a/testdata/apps/go-api/main.go b/testdata/apps/go-api/main.go new file mode 100644 index 0000000..f274f98 --- /dev/null +++ b/testdata/apps/go-api/main.go @@ -0,0 +1,119 @@ +package main + +import ( + "database/sql" + "encoding/json" + "fmt" + "log" + "net/http" + "os" + "strings" + + _ "modernc.org/sqlite" +) + +var db *sql.DB + +type Note struct { + ID int `json:"id"` + Title string `json:"title"` + Content string `json:"content"` + CreatedAt string `json:"created_at"` +} + +func cors(next http.HandlerFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS") + w.Header().Set("Access-Control-Allow-Headers", "Content-Type") + if r.Method == "OPTIONS" { + w.WriteHeader(200) + return + } + next(w, r) + } +} + +func healthHandler(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(map[string]string{"status": "ok", "service": "go-api"}) +} + +func notesHandler(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + + switch r.Method { + case "GET": + rows, err := db.Query("SELECT id, title, content, created_at FROM notes ORDER BY id DESC") + if err != nil { + http.Error(w, err.Error(), 500) + return + } + defer rows.Close() + + notes := []Note{} + for rows.Next() { + var n Note + rows.Scan(&n.ID, &n.Title, &n.Content, &n.CreatedAt) + notes = append(notes, n) + } + json.NewEncoder(w).Encode(notes) + + case "POST": + var n Note + if err := json.NewDecoder(r.Body).Decode(&n); err != nil { + http.Error(w, "invalid json", 400) + return + } + result, err := db.Exec("INSERT INTO notes (title, content) VALUES (?, ?)", n.Title, n.Content) + if err != nil { + http.Error(w, err.Error(), 500) + return + } + id, _ := result.LastInsertId() + n.ID = int(id) + w.WriteHeader(201) + json.NewEncoder(w).Encode(n) + + case "DELETE": + // DELETE /api/notes/123 + parts := strings.Split(r.URL.Path, "/") + if len(parts) < 4 { + http.Error(w, "id required", 400) + return + } + id := parts[len(parts)-1] + db.Exec("DELETE FROM notes WHERE id = ?", id) + json.NewEncoder(w).Encode(map[string]string{"deleted": id}) + + default: + http.Error(w, "method not allowed", 405) + } +} + +func main() { + var err error + db, err = sql.Open("sqlite", "./data.db") + if err != nil { + log.Fatal(err) + } + defer db.Close() + + db.Exec(`CREATE TABLE IF NOT EXISTS notes ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + title TEXT NOT NULL, + content TEXT NOT NULL, + created_at DATETIME DEFAULT CURRENT_TIMESTAMP + )`) + + http.HandleFunc("/health", cors(healthHandler)) + http.HandleFunc("/api/notes", cors(notesHandler)) + http.HandleFunc("/api/notes/", cors(notesHandler)) + + port := os.Getenv("PORT") + if port == "" { + port = "8080" + } + fmt.Printf("Go API listening on :%s\n", port) + log.Fatal(http.ListenAndServe(":"+port, nil)) +} diff --git a/testdata/apps/nextjs-app/next.config.js b/testdata/apps/nextjs-app/next.config.js new file mode 100644 index 0000000..5cd8cc3 --- /dev/null +++ b/testdata/apps/nextjs-app/next.config.js @@ -0,0 +1,6 @@ +/** @type {import('next').NextConfig} */ +const nextConfig = { + output: 'standalone', +} + +module.exports = nextConfig diff --git a/testdata/apps/nextjs-app/package-lock.json b/testdata/apps/nextjs-app/package-lock.json new file mode 100644 index 0000000..733dd9b --- /dev/null +++ b/testdata/apps/nextjs-app/package-lock.json @@ -0,0 +1,428 @@ +{ + "name": "test-nextjs-ssr", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "test-nextjs-ssr", + "version": "1.0.0", + "dependencies": { + "next": "^14.0.0", + "react": "^18.2.0", + "react-dom": "^18.2.0" + } + }, + "node_modules/@next/env": { + "version": "14.2.35", + "resolved": "https://registry.npmjs.org/@next/env/-/env-14.2.35.tgz", + "integrity": "sha512-DuhvCtj4t9Gwrx80dmz2F4t/zKQ4ktN8WrMwOuVzkJfBilwAwGr6v16M5eI8yCuZ63H9TTuEU09Iu2HqkzFPVQ==", + "license": "MIT" + }, + "node_modules/@next/swc-darwin-arm64": { + "version": "14.2.33", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-14.2.33.tgz", + "integrity": "sha512-HqYnb6pxlsshoSTubdXKu15g3iivcbsMXg4bYpjL2iS/V6aQot+iyF4BUc2qA/J/n55YtvE4PHMKWBKGCF/+wA==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-darwin-x64": { + "version": "14.2.33", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-14.2.33.tgz", + "integrity": "sha512-8HGBeAE5rX3jzKvF593XTTFg3gxeU4f+UWnswa6JPhzaR6+zblO5+fjltJWIZc4aUalqTclvN2QtTC37LxvZAA==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-arm64-gnu": { + "version": "14.2.33", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-14.2.33.tgz", + "integrity": "sha512-JXMBka6lNNmqbkvcTtaX8Gu5by9547bukHQvPoLe9VRBx1gHwzf5tdt4AaezW85HAB3pikcvyqBToRTDA4DeLw==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-arm64-musl": { + "version": "14.2.33", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-14.2.33.tgz", + "integrity": "sha512-Bm+QulsAItD/x6Ih8wGIMfRJy4G73tu1HJsrccPW6AfqdZd0Sfm5Imhgkgq2+kly065rYMnCOxTBvmvFY1BKfg==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-x64-gnu": { + "version": "14.2.33", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-14.2.33.tgz", + "integrity": "sha512-FnFn+ZBgsVMbGDsTqo8zsnRzydvsGV8vfiWwUo1LD8FTmPTdV+otGSWKc4LJec0oSexFnCYVO4hX8P8qQKaSlg==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-x64-musl": { + "version": "14.2.33", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-14.2.33.tgz", + "integrity": "sha512-345tsIWMzoXaQndUTDv1qypDRiebFxGYx9pYkhwY4hBRaOLt8UGfiWKr9FSSHs25dFIf8ZqIFaPdy5MljdoawA==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-win32-arm64-msvc": { + "version": "14.2.33", + "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-14.2.33.tgz", + "integrity": "sha512-nscpt0G6UCTkrT2ppnJnFsYbPDQwmum4GNXYTeoTIdsmMydSKFz9Iny2jpaRupTb+Wl298+Rh82WKzt9LCcqSQ==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-win32-ia32-msvc": { + "version": "14.2.33", + "resolved": "https://registry.npmjs.org/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-14.2.33.tgz", + "integrity": "sha512-pc9LpGNKhJ0dXQhZ5QMmYxtARwwmWLpeocFmVG5Z0DzWq5Uf0izcI8tLc+qOpqxO1PWqZ5A7J1blrUIKrIFc7Q==", + "cpu": [ + "ia32" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-win32-x64-msvc": { + "version": "14.2.33", + "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-14.2.33.tgz", + "integrity": "sha512-nOjfZMy8B94MdisuzZo9/57xuFVLHJaDj5e/xrduJp9CV2/HrfxTRH2fbyLe+K9QT41WBLUd4iXX3R7jBp0EUg==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@swc/counter": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/@swc/counter/-/counter-0.1.3.tgz", + "integrity": "sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==", + "license": "Apache-2.0" + }, + "node_modules/@swc/helpers": { + "version": "0.5.5", + "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.5.tgz", + "integrity": "sha512-KGYxvIOXcceOAbEk4bi/dVLEK9z8sZ0uBB3Il5b1rhfClSpcX0yfRO0KmTkqR2cnQDymwLB+25ZyMzICg/cm/A==", + "license": "Apache-2.0", + "dependencies": { + "@swc/counter": "^0.1.3", + "tslib": "^2.4.0" + } + }, + "node_modules/busboy": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz", + "integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==", + "dependencies": { + "streamsearch": "^1.1.0" + }, + "engines": { + "node": ">=10.16.0" + } + }, + "node_modules/caniuse-lite": { + "version": "1.0.30001766", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001766.tgz", + "integrity": "sha512-4C0lfJ0/YPjJQHagaE9x2Elb69CIqEPZeG0anQt9SIvIoOH4a4uaRl73IavyO+0qZh6MDLH//DrXThEYKHkmYA==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "CC-BY-4.0" + }, + "node_modules/client-only": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/client-only/-/client-only-0.0.1.tgz", + "integrity": "sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA==", + "license": "MIT" + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", + "license": "ISC" + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "license": "MIT" + }, + "node_modules/loose-envify": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", + "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "license": "MIT", + "dependencies": { + "js-tokens": "^3.0.0 || ^4.0.0" + }, + "bin": { + "loose-envify": "cli.js" + } + }, + "node_modules/nanoid": { + "version": "3.3.11", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", + "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/next": { + "version": "14.2.35", + "resolved": "https://registry.npmjs.org/next/-/next-14.2.35.tgz", + "integrity": "sha512-KhYd2Hjt/O1/1aZVX3dCwGXM1QmOV4eNM2UTacK5gipDdPN/oHHK/4oVGy7X8GMfPMsUTUEmGlsy0EY1YGAkig==", + "license": "MIT", + "dependencies": { + "@next/env": "14.2.35", + "@swc/helpers": "0.5.5", + "busboy": "1.6.0", + "caniuse-lite": "^1.0.30001579", + "graceful-fs": "^4.2.11", + "postcss": "8.4.31", + "styled-jsx": "5.1.1" + }, + "bin": { + "next": "dist/bin/next" + }, + "engines": { + "node": ">=18.17.0" + }, + "optionalDependencies": { + "@next/swc-darwin-arm64": "14.2.33", + "@next/swc-darwin-x64": "14.2.33", + "@next/swc-linux-arm64-gnu": "14.2.33", + "@next/swc-linux-arm64-musl": "14.2.33", + "@next/swc-linux-x64-gnu": "14.2.33", + "@next/swc-linux-x64-musl": "14.2.33", + "@next/swc-win32-arm64-msvc": "14.2.33", + "@next/swc-win32-ia32-msvc": "14.2.33", + "@next/swc-win32-x64-msvc": "14.2.33" + }, + "peerDependencies": { + "@opentelemetry/api": "^1.1.0", + "@playwright/test": "^1.41.2", + "react": "^18.2.0", + "react-dom": "^18.2.0", + "sass": "^1.3.0" + }, + "peerDependenciesMeta": { + "@opentelemetry/api": { + "optional": true + }, + "@playwright/test": { + "optional": true + }, + "sass": { + "optional": true + } + } + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "license": "ISC" + }, + "node_modules/postcss": { + "version": "8.4.31", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz", + "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "nanoid": "^3.3.6", + "picocolors": "^1.0.0", + "source-map-js": "^1.0.2" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/react": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react/-/react-18.3.1.tgz", + "integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==", + "license": "MIT", + "peer": true, + "dependencies": { + "loose-envify": "^1.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-dom": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz", + "integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==", + "license": "MIT", + "peer": true, + "dependencies": { + "loose-envify": "^1.1.0", + "scheduler": "^0.23.2" + }, + "peerDependencies": { + "react": "^18.3.1" + } + }, + "node_modules/scheduler": { + "version": "0.23.2", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz", + "integrity": "sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.1.0" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/streamsearch": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz", + "integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==", + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/styled-jsx": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.1.tgz", + "integrity": "sha512-pW7uC1l4mBZ8ugbiZrcIsiIvVx1UmTfw7UkC3Um2tmfUq9Bhk8IiyEIPl6F8agHgjzku6j0xQEZbfA5uSgSaCw==", + "license": "MIT", + "dependencies": { + "client-only": "0.0.1" + }, + "engines": { + "node": ">= 12.0.0" + }, + "peerDependencies": { + "react": ">= 16.8.0 || 17.x.x || ^18.0.0-0" + }, + "peerDependenciesMeta": { + "@babel/core": { + "optional": true + }, + "babel-plugin-macros": { + "optional": true + } + } + }, + "node_modules/tslib": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "license": "0BSD" + } + } +} diff --git a/testdata/apps/nextjs-app/package.json b/testdata/apps/nextjs-app/package.json new file mode 100644 index 0000000..da379b5 --- /dev/null +++ b/testdata/apps/nextjs-app/package.json @@ -0,0 +1,14 @@ +{ + "name": "test-nextjs-ssr", + "version": "1.0.0", + "scripts": { + "dev": "next dev", + "build": "next build", + "start": "next start" + }, + "dependencies": { + "next": "^14.0.0", + "react": "^18.2.0", + "react-dom": "^18.2.0" + } +} diff --git a/testdata/apps/nextjs-app/pages/index.js b/testdata/apps/nextjs-app/pages/index.js new file mode 100644 index 0000000..e627d16 --- /dev/null +++ b/testdata/apps/nextjs-app/pages/index.js @@ -0,0 +1,62 @@ +export async function getServerSideProps() { + const goApiUrl = process.env.GO_API_URL || 'http://localhost:8080' + let notes = [] + let error = null + + try { + const res = await fetch(`${goApiUrl}/api/notes`) + notes = await res.json() + } catch (err) { + error = err.message + } + + return { + props: { + notes, + error, + fetchedAt: new Date().toISOString(), + goApiUrl, + }, + } +} + +export default function Home({ notes, error, fetchedAt, goApiUrl }) { + return ( +
+

DeBros Notes (SSR)

+

+ Next.js SSR + Go API + SQLite +

+

+ Server-side fetched at: {fetchedAt} from {goApiUrl} +

+ + {error &&

Error: {error}

} + + {notes.length === 0 ? ( +

No notes yet. Add some via the Go API or React app.

+ ) : ( + notes.map((n) => ( +
+ {n.title} +

{n.content}

+ {n.created_at} +
+ )) + )} + +

+ This page is server-side rendered on every request. + Refresh to see new notes added from other apps. +

+
+ ) +} diff --git a/testdata/apps/node-api/index.js b/testdata/apps/node-api/index.js new file mode 100644 index 0000000..7a8bedd --- /dev/null +++ b/testdata/apps/node-api/index.js @@ -0,0 +1,62 @@ +const http = require('http'); + +const GO_API_URL = process.env.GO_API_URL || 'http://localhost:8080'; +const PORT = process.env.PORT || 3000; + +async function fetchJSON(url, options = {}) { + const resp = await fetch(url, options); + return resp.json(); +} + +const server = http.createServer(async (req, res) => { + // CORS is handled by the gateway — don't set headers here to avoid duplicates + res.setHeader('Content-Type', 'application/json'); + + if (req.url === '/health') { + res.end(JSON.stringify({ status: 'ok', service: 'node-api', go_api: GO_API_URL })); + return; + } + + if (req.url === '/api/notes' && req.method === 'GET') { + try { + const notes = await fetchJSON(`${GO_API_URL}/api/notes`); + res.end(JSON.stringify({ + notes, + fetched_at: new Date().toISOString(), + source: 'nodejs-proxy', + go_api: GO_API_URL, + })); + } catch (err) { + res.writeHead(502); + res.end(JSON.stringify({ error: 'Failed to reach Go API', details: err.message })); + } + return; + } + + if (req.url === '/api/notes' && req.method === 'POST') { + let body = ''; + req.on('data', chunk => body += chunk); + req.on('end', async () => { + try { + const result = await fetchJSON(`${GO_API_URL}/api/notes`, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body, + }); + res.writeHead(201); + res.end(JSON.stringify(result)); + } catch (err) { + res.writeHead(502); + res.end(JSON.stringify({ error: 'Failed to reach Go API', details: err.message })); + } + }); + return; + } + + res.writeHead(404); + res.end(JSON.stringify({ error: 'not found' })); +}); + +server.listen(PORT, () => { + console.log(`Node API listening on :${PORT}, proxying to ${GO_API_URL}`); +}); diff --git a/testdata/apps/node-api/package-lock.json b/testdata/apps/node-api/package-lock.json new file mode 100644 index 0000000..018ceb3 --- /dev/null +++ b/testdata/apps/node-api/package-lock.json @@ -0,0 +1,12 @@ +{ + "name": "test-node-api", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "test-node-api", + "version": "1.0.0" + } + } +} diff --git a/testdata/apps/node-api/package.json b/testdata/apps/node-api/package.json new file mode 100644 index 0000000..76f4c76 --- /dev/null +++ b/testdata/apps/node-api/package.json @@ -0,0 +1,8 @@ +{ + "name": "test-node-api", + "version": "1.0.0", + "main": "index.js", + "scripts": { + "start": "node index.js" + } +} diff --git a/testdata/apps/react-app/index.html b/testdata/apps/react-app/index.html new file mode 100644 index 0000000..787660b --- /dev/null +++ b/testdata/apps/react-app/index.html @@ -0,0 +1,12 @@ + + + + + + DeBros Notes + + +
+ + + diff --git a/testdata/apps/react-app/package-lock.json b/testdata/apps/react-app/package-lock.json new file mode 100644 index 0000000..38212b7 --- /dev/null +++ b/testdata/apps/react-app/package-lock.json @@ -0,0 +1,1678 @@ +{ + "name": "test-react-app", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "test-react-app", + "version": "1.0.0", + "dependencies": { + "react": "^18.2.0", + "react-dom": "^18.2.0" + }, + "devDependencies": { + "@vitejs/plugin-react": "^4.2.0", + "vite": "^5.0.0" + } + }, + "node_modules/@babel/code-frame": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.28.6.tgz", + "integrity": "sha512-JYgintcMjRiCvS8mMECzaEn+m3PfoQiyqukOMCCVQtoJGYJw8j/8LBJEiqkHLkfwCcs74E3pbAUFNg7d9VNJ+Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-validator-identifier": "^7.28.5", + "js-tokens": "^4.0.0", + "picocolors": "^1.1.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/compat-data": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.28.6.tgz", + "integrity": "sha512-2lfu57JtzctfIrcGMz992hyLlByuzgIk58+hhGCxjKZ3rWI82NnVLjXcaTqkI2NvlcvOskZaiZ5kjUALo3Lpxg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/core": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.6.tgz", + "integrity": "sha512-H3mcG6ZDLTlYfaSNi0iOKkigqMFvkTKlGUYlD8GW7nNOYRrevuA46iTypPyv+06V3fEmvvazfntkBU34L0azAw==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "@babel/code-frame": "^7.28.6", + "@babel/generator": "^7.28.6", + "@babel/helper-compilation-targets": "^7.28.6", + "@babel/helper-module-transforms": "^7.28.6", + "@babel/helpers": "^7.28.6", + "@babel/parser": "^7.28.6", + "@babel/template": "^7.28.6", + "@babel/traverse": "^7.28.6", + "@babel/types": "^7.28.6", + "@jridgewell/remapping": "^2.3.5", + "convert-source-map": "^2.0.0", + "debug": "^4.1.0", + "gensync": "^1.0.0-beta.2", + "json5": "^2.2.3", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/babel" + } + }, + "node_modules/@babel/generator": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.28.6.tgz", + "integrity": "sha512-lOoVRwADj8hjf7al89tvQ2a1lf53Z+7tiXMgpZJL3maQPDxh0DgLMN62B2MKUOFcoodBHLMbDM6WAbKgNy5Suw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.28.6", + "@babel/types": "^7.28.6", + "@jridgewell/gen-mapping": "^0.3.12", + "@jridgewell/trace-mapping": "^0.3.28", + "jsesc": "^3.0.2" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-compilation-targets": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.28.6.tgz", + "integrity": "sha512-JYtls3hqi15fcx5GaSNL7SCTJ2MNmjrkHXg4FSpOA/grxK8KwyZ5bubHsCq8FXCkua6xhuaaBit+3b7+VZRfcA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/compat-data": "^7.28.6", + "@babel/helper-validator-option": "^7.27.1", + "browserslist": "^4.24.0", + "lru-cache": "^5.1.1", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-globals": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz", + "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-imports": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz", + "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.28.6", + "@babel/types": "^7.28.6" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-transforms": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz", + "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-module-imports": "^7.28.6", + "@babel/helper-validator-identifier": "^7.28.5", + "@babel/traverse": "^7.28.6" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-plugin-utils": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.28.6.tgz", + "integrity": "sha512-S9gzZ/bz83GRysI7gAD4wPT/AI3uCnY+9xn+Mx/KPs2JwHJIz1W8PZkg2cqyt3RNOBM8ejcXhV6y8Og7ly/Dug==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-string-parser": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz", + "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-identifier": { + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz", + "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-option": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz", + "integrity": "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helpers": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.6.tgz", + "integrity": "sha512-xOBvwq86HHdB7WUDTfKfT/Vuxh7gElQ+Sfti2Cy6yIWNW05P8iUslOVcZ4/sKbE+/jQaukQAdz/gf3724kYdqw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/template": "^7.28.6", + "@babel/types": "^7.28.6" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/parser": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.6.tgz", + "integrity": "sha512-TeR9zWR18BvbfPmGbLampPMW+uW1NZnJlRuuHso8i87QZNq2JRF9i6RgxRqtEq+wQGsS19NNTWr2duhnE49mfQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.28.6" + }, + "bin": { + "parser": "bin/babel-parser.js" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@babel/plugin-transform-react-jsx-self": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-self/-/plugin-transform-react-jsx-self-7.27.1.tgz", + "integrity": "sha512-6UzkCs+ejGdZ5mFFC/OCUrv028ab2fp1znZmCZjAOBKiBK2jXD1O+BPSfX8X2qjJ75fZBMSnQn3Rq2mrBJK2mw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-jsx-source": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-source/-/plugin-transform-react-jsx-source-7.27.1.tgz", + "integrity": "sha512-zbwoTsBruTeKB9hSq73ha66iFeJHuaFkUbwvqElnygoNbj/jHRsSeokowZFN3CZ64IvEqcmmkVe89OPXc7ldAw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/template": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz", + "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.28.6", + "@babel/parser": "^7.28.6", + "@babel/types": "^7.28.6" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/traverse": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.6.tgz", + "integrity": "sha512-fgWX62k02qtjqdSNTAGxmKYY/7FSL9WAS1o2Hu5+I5m9T0yxZzr4cnrfXQ/MX0rIifthCSs6FKTlzYbJcPtMNg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.28.6", + "@babel/generator": "^7.28.6", + "@babel/helper-globals": "^7.28.0", + "@babel/parser": "^7.28.6", + "@babel/template": "^7.28.6", + "@babel/types": "^7.28.6", + "debug": "^4.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/types": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.6.tgz", + "integrity": "sha512-0ZrskXVEHSWIqZM/sQZ4EV3jZJXRkio/WCxaqKZP1g//CEWEPSfeZFcms4XeKBCHU0ZKnIkdJeU/kF+eRp5lBg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-string-parser": "^7.27.1", + "@babel/helper-validator-identifier": "^7.28.5" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@esbuild/aix-ppc64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.21.5.tgz", + "integrity": "sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/android-arm": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.21.5.tgz", + "integrity": "sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/android-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.21.5.tgz", + "integrity": "sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/android-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.21.5.tgz", + "integrity": "sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/darwin-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.21.5.tgz", + "integrity": "sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/darwin-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.21.5.tgz", + "integrity": "sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/freebsd-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.21.5.tgz", + "integrity": "sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/freebsd-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.21.5.tgz", + "integrity": "sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-arm": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.21.5.tgz", + "integrity": "sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.21.5.tgz", + "integrity": "sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-ia32": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.21.5.tgz", + "integrity": "sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-loong64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.21.5.tgz", + "integrity": "sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-mips64el": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.21.5.tgz", + "integrity": "sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==", + "cpu": [ + "mips64el" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-ppc64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.21.5.tgz", + "integrity": "sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-riscv64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.21.5.tgz", + "integrity": "sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-s390x": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.21.5.tgz", + "integrity": "sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.21.5.tgz", + "integrity": "sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/netbsd-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.21.5.tgz", + "integrity": "sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/openbsd-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.21.5.tgz", + "integrity": "sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/sunos-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.21.5.tgz", + "integrity": "sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/win32-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.21.5.tgz", + "integrity": "sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/win32-ia32": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.21.5.tgz", + "integrity": "sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/win32-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.21.5.tgz", + "integrity": "sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.13", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz", + "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.0", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/remapping": { + "version": "2.3.5", + "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz", + "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", + "dev": true, + "license": "MIT" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.31", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz", + "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, + "node_modules/@rolldown/pluginutils": { + "version": "1.0.0-beta.27", + "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.27.tgz", + "integrity": "sha512-+d0F4MKMCbeVUJwG96uQ4SgAznZNSq93I3V+9NHA4OpvqG8mRCpGdKmK8l/dl02h2CCDHwW2FqilnTyDcAnqjA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@rollup/rollup-android-arm-eabi": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.57.0.tgz", + "integrity": "sha512-tPgXB6cDTndIe1ah7u6amCI1T0SsnlOuKgg10Xh3uizJk4e5M1JGaUMk7J4ciuAUcFpbOiNhm2XIjP9ON0dUqA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-android-arm64": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.57.0.tgz", + "integrity": "sha512-sa4LyseLLXr1onr97StkU1Nb7fWcg6niokTwEVNOO7awaKaoRObQ54+V/hrF/BP1noMEaaAW6Fg2d/CfLiq3Mg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-darwin-arm64": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.57.0.tgz", + "integrity": "sha512-/NNIj9A7yLjKdmkx5dC2XQ9DmjIECpGpwHoGmA5E1AhU0fuICSqSWScPhN1yLCkEdkCwJIDu2xIeLPs60MNIVg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-darwin-x64": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.57.0.tgz", + "integrity": "sha512-xoh8abqgPrPYPr7pTYipqnUi1V3em56JzE/HgDgitTqZBZ3yKCWI+7KUkceM6tNweyUKYru1UMi7FC060RyKwA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-freebsd-arm64": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.57.0.tgz", + "integrity": "sha512-PCkMh7fNahWSbA0OTUQ2OpYHpjZZr0hPr8lId8twD7a7SeWrvT3xJVyza+dQwXSSq4yEQTMoXgNOfMCsn8584g==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-freebsd-x64": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.57.0.tgz", + "integrity": "sha512-1j3stGx+qbhXql4OCDZhnK7b01s6rBKNybfsX+TNrEe9JNq4DLi1yGiR1xW+nL+FNVvI4D02PUnl6gJ/2y6WJA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-linux-arm-gnueabihf": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.57.0.tgz", + "integrity": "sha512-eyrr5W08Ms9uM0mLcKfM/Uzx7hjhz2bcjv8P2uynfj0yU8GGPdz8iYrBPhiLOZqahoAMB8ZiolRZPbbU2MAi6Q==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm-musleabihf": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.57.0.tgz", + "integrity": "sha512-Xds90ITXJCNyX9pDhqf85MKWUI4lqjiPAipJ8OLp8xqI2Ehk+TCVhF9rvOoN8xTbcafow3QOThkNnrM33uCFQA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-gnu": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.57.0.tgz", + "integrity": "sha512-Xws2KA4CLvZmXjy46SQaXSejuKPhwVdaNinldoYfqruZBaJHqVo6hnRa8SDo9z7PBW5x84SH64+izmldCgbezw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-musl": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.57.0.tgz", + "integrity": "sha512-hrKXKbX5FdaRJj7lTMusmvKbhMJSGWJ+w++4KmjiDhpTgNlhYobMvKfDoIWecy4O60K6yA4SnztGuNTQF+Lplw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-gnu": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.57.0.tgz", + "integrity": "sha512-6A+nccfSDGKsPm00d3xKcrsBcbqzCTAukjwWK6rbuAnB2bHaL3r9720HBVZ/no7+FhZLz/U3GwwZZEh6tOSI8Q==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-musl": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.57.0.tgz", + "integrity": "sha512-4P1VyYUe6XAJtQH1Hh99THxr0GKMMwIXsRNOceLrJnaHTDgk1FTcTimDgneRJPvB3LqDQxUmroBclQ1S0cIJwQ==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-gnu": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.57.0.tgz", + "integrity": "sha512-8Vv6pLuIZCMcgXre6c3nOPhE0gjz1+nZP6T+hwWjr7sVH8k0jRkH+XnfjjOTglyMBdSKBPPz54/y1gToSKwrSQ==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-musl": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.57.0.tgz", + "integrity": "sha512-r1te1M0Sm2TBVD/RxBPC6RZVwNqUTwJTA7w+C/IW5v9Ssu6xmxWEi+iJQlpBhtUiT1raJ5b48pI8tBvEjEFnFA==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-gnu": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.57.0.tgz", + "integrity": "sha512-say0uMU/RaPm3CDQLxUUTF2oNWL8ysvHkAjcCzV2znxBr23kFfaxocS9qJm+NdkRhF8wtdEEAJuYcLPhSPbjuQ==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-musl": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.57.0.tgz", + "integrity": "sha512-/MU7/HizQGsnBREtRpcSbSV1zfkoxSTR7wLsRmBPQ8FwUj5sykrP1MyJTvsxP5KBq9SyE6kH8UQQQwa0ASeoQQ==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-s390x-gnu": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.57.0.tgz", + "integrity": "sha512-Q9eh+gUGILIHEaJf66aF6a414jQbDnn29zeu0eX3dHMuysnhTvsUvZTCAyZ6tJhUjnvzBKE4FtuaYxutxRZpOg==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-gnu": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.57.0.tgz", + "integrity": "sha512-OR5p5yG5OKSxHReWmwvM0P+VTPMwoBS45PXTMYaskKQqybkS3Kmugq1W+YbNWArF8/s7jQScgzXUhArzEQ7x0A==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-musl": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.57.0.tgz", + "integrity": "sha512-XeatKzo4lHDsVEbm1XDHZlhYZZSQYym6dg2X/Ko0kSFgio+KXLsxwJQprnR48GvdIKDOpqWqssC3iBCjoMcMpw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-openbsd-x64": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.57.0.tgz", + "integrity": "sha512-Lu71y78F5qOfYmubYLHPcJm74GZLU6UJ4THkf/a1K7Tz2ycwC2VUbsqbJAXaR6Bx70SRdlVrt2+n5l7F0agTUw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ] + }, + "node_modules/@rollup/rollup-openharmony-arm64": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.57.0.tgz", + "integrity": "sha512-v5xwKDWcu7qhAEcsUubiav7r+48Uk/ENWdr82MBZZRIm7zThSxCIVDfb3ZeRRq9yqk+oIzMdDo6fCcA5DHfMyA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ] + }, + "node_modules/@rollup/rollup-win32-arm64-msvc": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.57.0.tgz", + "integrity": "sha512-XnaaaSMGSI6Wk8F4KK3QP7GfuuhjGchElsVerCplUuxRIzdvZ7hRBpLR0omCmw+kI2RFJB80nenhOoGXlJ5TfQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-ia32-msvc": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.57.0.tgz", + "integrity": "sha512-3K1lP+3BXY4t4VihLw5MEg6IZD3ojSYzqzBG571W3kNQe4G4CcFpSUQVgurYgib5d+YaCjeFow8QivWp8vuSvA==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-gnu": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.57.0.tgz", + "integrity": "sha512-MDk610P/vJGc5L5ImE4k5s+GZT3en0KoK1MKPXCRgzmksAMk79j4h3k1IerxTNqwDLxsGxStEZVBqG0gIqZqoA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-msvc": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.57.0.tgz", + "integrity": "sha512-Zv7v6q6aV+VslnpwzqKAmrk5JdVkLUzok2208ZXGipjb+msxBr/fJPZyeEXiFgH7k62Ak0SLIfxQRZQvTuf7rQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@types/babel__core": { + "version": "7.20.5", + "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "integrity": "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.20.7", + "@babel/types": "^7.20.7", + "@types/babel__generator": "*", + "@types/babel__template": "*", + "@types/babel__traverse": "*" + } + }, + "node_modules/@types/babel__generator": { + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.27.0.tgz", + "integrity": "sha512-ufFd2Xi92OAVPYsy+P4n7/U7e68fex0+Ee8gSG9KX7eo084CWiQ4sdxktvdl0bOPupXtVJPY19zk6EwWqUQ8lg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.0.0" + } + }, + "node_modules/@types/babel__template": { + "version": "7.4.4", + "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "integrity": "sha512-h/NUaSyG5EyxBIp8YRxo4RMe2/qQgvyowRwVMzhYhBCONbW8PUsg4lkFMrhgZhUe5z3L3MiLDuvyJ/CaPa2A8A==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.1.0", + "@babel/types": "^7.0.0" + } + }, + "node_modules/@types/babel__traverse": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.28.0.tgz", + "integrity": "sha512-8PvcXf70gTDZBgt9ptxJ8elBeBjcLOAcOtoO/mPJjtji1+CdGbHgm77om1GrsPxsiE+uXIpNSK64UYaIwQXd4Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.28.2" + } + }, + "node_modules/@types/estree": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", + "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", + "dev": true, + "license": "MIT" + }, + "node_modules/@vitejs/plugin-react": { + "version": "4.7.0", + "resolved": "https://registry.npmjs.org/@vitejs/plugin-react/-/plugin-react-4.7.0.tgz", + "integrity": "sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/core": "^7.28.0", + "@babel/plugin-transform-react-jsx-self": "^7.27.1", + "@babel/plugin-transform-react-jsx-source": "^7.27.1", + "@rolldown/pluginutils": "1.0.0-beta.27", + "@types/babel__core": "^7.20.5", + "react-refresh": "^0.17.0" + }, + "engines": { + "node": "^14.18.0 || >=16.0.0" + }, + "peerDependencies": { + "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" + } + }, + "node_modules/baseline-browser-mapping": { + "version": "2.9.19", + "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.19.tgz", + "integrity": "sha512-ipDqC8FrAl/76p2SSWKSI+H9tFwm7vYqXQrItCuiVPt26Km0jS+NzSsBWAaBusvSbQcfJG+JitdMm+wZAgTYqg==", + "dev": true, + "license": "Apache-2.0", + "bin": { + "baseline-browser-mapping": "dist/cli.js" + } + }, + "node_modules/browserslist": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.1.tgz", + "integrity": "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "peer": true, + "dependencies": { + "baseline-browser-mapping": "^2.9.0", + "caniuse-lite": "^1.0.30001759", + "electron-to-chromium": "^1.5.263", + "node-releases": "^2.0.27", + "update-browserslist-db": "^1.2.0" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" + } + }, + "node_modules/caniuse-lite": { + "version": "1.0.30001766", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001766.tgz", + "integrity": "sha512-4C0lfJ0/YPjJQHagaE9x2Elb69CIqEPZeG0anQt9SIvIoOH4a4uaRl73IavyO+0qZh6MDLH//DrXThEYKHkmYA==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "CC-BY-4.0" + }, + "node_modules/convert-source-map": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", + "dev": true, + "license": "MIT" + }, + "node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "dev": true, + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/electron-to-chromium": { + "version": "1.5.279", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.279.tgz", + "integrity": "sha512-0bblUU5UNdOt5G7XqGiJtpZMONma6WAfq9vsFmtn9x1+joAObr6x1chfqyxFSDCAFwFhCQDrqeAr6MYdpwJ9Hg==", + "dev": true, + "license": "ISC" + }, + "node_modules/esbuild": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.21.5.tgz", + "integrity": "sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=12" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.21.5", + "@esbuild/android-arm": "0.21.5", + "@esbuild/android-arm64": "0.21.5", + "@esbuild/android-x64": "0.21.5", + "@esbuild/darwin-arm64": "0.21.5", + "@esbuild/darwin-x64": "0.21.5", + "@esbuild/freebsd-arm64": "0.21.5", + "@esbuild/freebsd-x64": "0.21.5", + "@esbuild/linux-arm": "0.21.5", + "@esbuild/linux-arm64": "0.21.5", + "@esbuild/linux-ia32": "0.21.5", + "@esbuild/linux-loong64": "0.21.5", + "@esbuild/linux-mips64el": "0.21.5", + "@esbuild/linux-ppc64": "0.21.5", + "@esbuild/linux-riscv64": "0.21.5", + "@esbuild/linux-s390x": "0.21.5", + "@esbuild/linux-x64": "0.21.5", + "@esbuild/netbsd-x64": "0.21.5", + "@esbuild/openbsd-x64": "0.21.5", + "@esbuild/sunos-x64": "0.21.5", + "@esbuild/win32-arm64": "0.21.5", + "@esbuild/win32-ia32": "0.21.5", + "@esbuild/win32-x64": "0.21.5" + } + }, + "node_modules/escalade": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", + "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/gensync": { + "version": "1.0.0-beta.2", + "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "license": "MIT" + }, + "node_modules/jsesc": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.1.0.tgz", + "integrity": "sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==", + "dev": true, + "license": "MIT", + "bin": { + "jsesc": "bin/jsesc" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/json5": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", + "dev": true, + "license": "MIT", + "bin": { + "json5": "lib/cli.js" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/loose-envify": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", + "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "license": "MIT", + "dependencies": { + "js-tokens": "^3.0.0 || ^4.0.0" + }, + "bin": { + "loose-envify": "cli.js" + } + }, + "node_modules/lru-cache": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "dev": true, + "license": "ISC", + "dependencies": { + "yallist": "^3.0.2" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true, + "license": "MIT" + }, + "node_modules/nanoid": { + "version": "3.3.11", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", + "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/node-releases": { + "version": "2.0.27", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.27.tgz", + "integrity": "sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA==", + "dev": true, + "license": "MIT" + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "dev": true, + "license": "ISC" + }, + "node_modules/postcss": { + "version": "8.5.6", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz", + "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "nanoid": "^3.3.11", + "picocolors": "^1.1.1", + "source-map-js": "^1.2.1" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/react": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react/-/react-18.3.1.tgz", + "integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==", + "license": "MIT", + "peer": true, + "dependencies": { + "loose-envify": "^1.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-dom": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz", + "integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.1.0", + "scheduler": "^0.23.2" + }, + "peerDependencies": { + "react": "^18.3.1" + } + }, + "node_modules/react-refresh": { + "version": "0.17.0", + "resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.17.0.tgz", + "integrity": "sha512-z6F7K9bV85EfseRCp2bzrpyQ0Gkw1uLoCel9XBVWPg/TjRj94SkJzUTGfOa4bs7iJvBWtQG0Wq7wnI0syw3EBQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/rollup": { + "version": "4.57.0", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.57.0.tgz", + "integrity": "sha512-e5lPJi/aui4TO1LpAXIRLySmwXSE8k3b9zoGfd42p67wzxog4WHjiZF3M2uheQih4DGyc25QEV4yRBbpueNiUA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "1.0.8" + }, + "bin": { + "rollup": "dist/bin/rollup" + }, + "engines": { + "node": ">=18.0.0", + "npm": ">=8.0.0" + }, + "optionalDependencies": { + "@rollup/rollup-android-arm-eabi": "4.57.0", + "@rollup/rollup-android-arm64": "4.57.0", + "@rollup/rollup-darwin-arm64": "4.57.0", + "@rollup/rollup-darwin-x64": "4.57.0", + "@rollup/rollup-freebsd-arm64": "4.57.0", + "@rollup/rollup-freebsd-x64": "4.57.0", + "@rollup/rollup-linux-arm-gnueabihf": "4.57.0", + "@rollup/rollup-linux-arm-musleabihf": "4.57.0", + "@rollup/rollup-linux-arm64-gnu": "4.57.0", + "@rollup/rollup-linux-arm64-musl": "4.57.0", + "@rollup/rollup-linux-loong64-gnu": "4.57.0", + "@rollup/rollup-linux-loong64-musl": "4.57.0", + "@rollup/rollup-linux-ppc64-gnu": "4.57.0", + "@rollup/rollup-linux-ppc64-musl": "4.57.0", + "@rollup/rollup-linux-riscv64-gnu": "4.57.0", + "@rollup/rollup-linux-riscv64-musl": "4.57.0", + "@rollup/rollup-linux-s390x-gnu": "4.57.0", + "@rollup/rollup-linux-x64-gnu": "4.57.0", + "@rollup/rollup-linux-x64-musl": "4.57.0", + "@rollup/rollup-openbsd-x64": "4.57.0", + "@rollup/rollup-openharmony-arm64": "4.57.0", + "@rollup/rollup-win32-arm64-msvc": "4.57.0", + "@rollup/rollup-win32-ia32-msvc": "4.57.0", + "@rollup/rollup-win32-x64-gnu": "4.57.0", + "@rollup/rollup-win32-x64-msvc": "4.57.0", + "fsevents": "~2.3.2" + } + }, + "node_modules/scheduler": { + "version": "0.23.2", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz", + "integrity": "sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.1.0" + } + }, + "node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "dev": true, + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/update-browserslist-db": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz", + "integrity": "sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "escalade": "^3.2.0", + "picocolors": "^1.1.1" + }, + "bin": { + "update-browserslist-db": "cli.js" + }, + "peerDependencies": { + "browserslist": ">= 4.21.0" + } + }, + "node_modules/vite": { + "version": "5.4.21", + "resolved": "https://registry.npmjs.org/vite/-/vite-5.4.21.tgz", + "integrity": "sha512-o5a9xKjbtuhY6Bi5S3+HvbRERmouabWbyUcpXXUA1u+GNUKoROi9byOJ8M0nHbHYHkYICiMlqxkg1KkYmm25Sw==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "esbuild": "^0.21.3", + "postcss": "^8.4.43", + "rollup": "^4.20.0" + }, + "bin": { + "vite": "bin/vite.js" + }, + "engines": { + "node": "^18.0.0 || >=20.0.0" + }, + "funding": { + "url": "https://github.com/vitejs/vite?sponsor=1" + }, + "optionalDependencies": { + "fsevents": "~2.3.3" + }, + "peerDependencies": { + "@types/node": "^18.0.0 || >=20.0.0", + "less": "*", + "lightningcss": "^1.21.0", + "sass": "*", + "sass-embedded": "*", + "stylus": "*", + "sugarss": "*", + "terser": "^5.4.0" + }, + "peerDependenciesMeta": { + "@types/node": { + "optional": true + }, + "less": { + "optional": true + }, + "lightningcss": { + "optional": true + }, + "sass": { + "optional": true + }, + "sass-embedded": { + "optional": true + }, + "stylus": { + "optional": true + }, + "sugarss": { + "optional": true + }, + "terser": { + "optional": true + } + } + }, + "node_modules/yallist": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", + "dev": true, + "license": "ISC" + } + } +} diff --git a/testdata/apps/react-app/package.json b/testdata/apps/react-app/package.json new file mode 100644 index 0000000..603f35a --- /dev/null +++ b/testdata/apps/react-app/package.json @@ -0,0 +1,17 @@ +{ + "name": "test-react-app", + "version": "1.0.0", + "type": "module", + "scripts": { + "dev": "vite", + "build": "vite build" + }, + "dependencies": { + "react": "^18.2.0", + "react-dom": "^18.2.0" + }, + "devDependencies": { + "@vitejs/plugin-react": "^4.2.0", + "vite": "^5.0.0" + } +} diff --git a/testdata/apps/react-app/src/App.jsx b/testdata/apps/react-app/src/App.jsx new file mode 100644 index 0000000..a425759 --- /dev/null +++ b/testdata/apps/react-app/src/App.jsx @@ -0,0 +1,84 @@ +import React, { useState, useEffect } from 'react' + +const API_URL = import.meta.env.VITE_API_URL || 'http://localhost:3000' + +export default function App() { + const [notes, setNotes] = useState([]) + const [title, setTitle] = useState('') + const [content, setContent] = useState('') + const [meta, setMeta] = useState(null) + const [error, setError] = useState(null) + + async function fetchNotes() { + try { + const res = await fetch(`${API_URL}/api/notes`) + const data = await res.json() + setNotes(data.notes || []) + setMeta({ fetched_at: data.fetched_at, source: data.source }) + setError(null) + } catch (err) { + setError(err.message) + } + } + + useEffect(() => { fetchNotes() }, []) + + async function addNote(e) { + e.preventDefault() + if (!title.trim()) return + await fetch(`${API_URL}/api/notes`, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ title, content }), + }) + setTitle('') + setContent('') + fetchNotes() + } + + return ( +
+

DeBros Notes

+

+ React Static + Node.js Proxy + Go API + SQLite +

+ {meta && ( +

+ Source: {meta.source} | Fetched: {meta.fetched_at} +

+ )} + {error &&

Error: {error}

} + +
+ setTitle(e.target.value)} + placeholder="Title" + style={{ display: 'block', width: '100%', padding: 8, marginBottom: 8 }} + /> +