MrKalzu/kalzu-value-store
1
0
Fork 0
forked from ryyst/kalzu-value-store
Code Pull Requests Activity

Add configuration options to disable optional functionalities

Browse Source 
Implemented feature toggles for:
- Authentication system (auth_enabled)
- Tamper-evident logging (tamper_logging_enabled)
- Clustering/gossip (clustering_enabled)
- Rate limiting (rate_limiting_enabled)
- Revision history (revision_history_enabled)

All features are enabled by default to maintain backward compatibility.
When disabled, features are gracefully skipped to reduce overhead.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
ryyst
2025-09-18 18:17:01 +03:00
parent 5ab03331fc
commit 7d7e6e412a
1 changed files with 52 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
main.go
View File

@@ -294,6 +294,13 @@ type Config struct {
BackupSchedule string `yaml:"backup_schedule"` // Cron schedule format BackupSchedule string `yaml:"backup_schedule"` // Cron schedule format
BackupPath string `yaml:"backup_path"` // Directory to store backups BackupPath string `yaml:"backup_path"` // Directory to store backups
BackupRetention int `yaml:"backup_retention"` // Days to keep backups BackupRetention int `yaml:"backup_retention"` // Days to keep backups
// Feature toggles for optional functionalities
AuthEnabled bool `yaml:"auth_enabled"` // Enable/disable authentication system
TamperLoggingEnabled bool `yaml:"tamper_logging_enabled"` // Enable/disable tamper-evident logging
ClusteringEnabled bool `yaml:"clustering_enabled"` // Enable/disable clustering/gossip
RateLimitingEnabled bool `yaml:"rate_limiting_enabled"` // Enable/disable rate limiting
RevisionHistoryEnabled bool `yaml:"revision_history_enabled"` // Enable/disable revision history
} }
// Server represents the KVS node // Server represents the KVS node
@@ -652,6 +659,12 @@ func (s *Server) checkResourcePermission(authCtx *AuthContext, resourceKey strin
func (s *Server) authMiddleware(requiredScopes []string, resourceKeyExtractor func(*http.Request) string, operation string) func(http.HandlerFunc) http.HandlerFunc { func (s *Server) authMiddleware(requiredScopes []string, resourceKeyExtractor func(*http.Request) string, operation string) func(http.HandlerFunc) http.HandlerFunc {
return func(next http.HandlerFunc) http.HandlerFunc { return func(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
// Skip authentication if disabled
if !s.config.AuthEnabled {
next(w, r)
return
}
// Authenticate request // Authenticate request
authCtx, err := s.authenticateRequest(r) authCtx, err := s.authenticateRequest(r)
if err != nil { if err != nil {
@@ -1082,6 +1095,12 @@ func (s *Server) checkRateLimit(userUUID string) (bool, error) {
// rateLimitMiddleware is the HTTP middleware that enforces rate limiting // rateLimitMiddleware is the HTTP middleware that enforces rate limiting
func (s *Server) rateLimitMiddleware(next http.HandlerFunc) http.HandlerFunc { func (s *Server) rateLimitMiddleware(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
// Skip rate limiting if disabled
if !s.config.RateLimitingEnabled {
next(w, r)
return
}
// Extract auth context to get user UUID // Extract auth context to get user UUID
authCtx, ok := r.Context().Value("auth").(*AuthContext) authCtx, ok := r.Context().Value("auth").(*AuthContext)
if !ok || authCtx == nil { if !ok || authCtx == nil {
@@ -1148,8 +1167,8 @@ func (s *Server) isActionLogged(action string) bool {
// createTamperLogEntry creates a new tamper-evident log entry // createTamperLogEntry creates a new tamper-evident log entry
func (s *Server) createTamperLogEntry(action, userUUID, resource string) *TamperLogEntry { func (s *Server) createTamperLogEntry(action, userUUID, resource string) *TamperLogEntry {
if !s.isActionLogged(action) { if !s.config.TamperLoggingEnabled || !s.isActionLogged(action) {
return nil // Action not configured for logging return nil // Tamper logging disabled or action not configured for logging
} }
timestamp := time.Now().UTC().Format(time.RFC3339) timestamp := time.Now().UTC().Format(time.RFC3339)
@@ -1486,6 +1505,13 @@ func defaultConfig() *Config {
BackupSchedule: "0 0 * * *", // Daily at midnight BackupSchedule: "0 0 * * *", // Daily at midnight
BackupPath: "./backups", BackupPath: "./backups",
BackupRetention: 7, // Keep backups for 7 days BackupRetention: 7, // Keep backups for 7 days
// Default feature toggle settings (all enabled by default)
AuthEnabled: true,
TamperLoggingEnabled: true,
ClusteringEnabled: true,
RateLimitingEnabled: true,
RevisionHistoryEnabled: true,
} }
} }
@@ -2100,8 +2126,8 @@ func (s *Server) Start() error {
// Start gossip and sync routines // Start gossip and sync routines
s.startBackgroundTasks() s.startBackgroundTasks()
// Try to join cluster if seed nodes are configured // Try to join cluster if seed nodes are configured and clustering is enabled
if len(s.config.SeedNodes) > 0 { if s.config.ClusteringEnabled && len(s.config.SeedNodes) > 0 {
go s.bootstrap() go s.bootstrap()
} }
@@ -2131,6 +2157,8 @@ func (s *Server) Stop() error {
// Background tasks (gossip, sync, Merkle tree rebuild, etc.) // Background tasks (gossip, sync, Merkle tree rebuild, etc.)
func (s *Server) startBackgroundTasks() { func (s *Server) startBackgroundTasks() {
// Start clustering-related routines only if clustering is enabled
if s.config.ClusteringEnabled {
// Start gossip routine // Start gossip routine
s.wg.Add(1) s.wg.Add(1)
go s.gossipRoutine() go s.gossipRoutine()
@@ -2138,8 +2166,9 @@ func (s *Server) startBackgroundTasks() {
// Start sync routine (now Merkle-based) // Start sync routine (now Merkle-based)
s.wg.Add(1) s.wg.Add(1)
go s.syncRoutine() go s.syncRoutine()
}
// Start Merkle tree rebuild routine // Start Merkle tree rebuild routine (always needed for data integrity)
s.wg.Add(1) s.wg.Add(1)
go s.merkleTreeRebuildRoutine() go s.merkleTreeRebuildRoutine()
} }
@@ -3194,6 +3223,12 @@ func (s *Server) createTokenHandler(w http.ResponseWriter, r *http.Request) {
// getRevisionHistoryHandler handles GET /api/data/{key}/history // getRevisionHistoryHandler handles GET /api/data/{key}/history
func (s *Server) getRevisionHistoryHandler(w http.ResponseWriter, r *http.Request) { func (s *Server) getRevisionHistoryHandler(w http.ResponseWriter, r *http.Request) {
// Check if revision history is enabled
if !s.config.RevisionHistoryEnabled {
http.Error(w, "Revision history is disabled", http.StatusServiceUnavailable)
return
}
vars := mux.Vars(r) vars := mux.Vars(r)
key := vars["key"] key := vars["key"]
@@ -3224,6 +3259,12 @@ func (s *Server) getRevisionHistoryHandler(w http.ResponseWriter, r *http.Reques
// getSpecificRevisionHandler handles GET /api/data/{key}/history/{revision} // getSpecificRevisionHandler handles GET /api/data/{key}/history/{revision}
func (s *Server) getSpecificRevisionHandler(w http.ResponseWriter, r *http.Request) { func (s *Server) getSpecificRevisionHandler(w http.ResponseWriter, r *http.Request) {
// Check if revision history is enabled
if !s.config.RevisionHistoryEnabled {
http.Error(w, "Revision history is disabled", http.StatusServiceUnavailable)
return
}
vars := mux.Vars(r) vars := mux.Vars(r)
key := vars["key"] key := vars["key"]
revisionStr := vars["revision"] revisionStr := vars["revision"]