forked from ryyst/kalzu-value-store
32b347f1fd
New types: UpdateResourceMetadataRequest and GetResourceMetadataResponse in types.go
AuthService methods: StoreResourceMetadata and GetResourceMetadata in auth/auth.go
Handlers: getResourceMetadataHandler and updateResourceMetadataHandler in server/handlers.go
Routes: /kv/{path}/metadata (GET for read, PUT for update) with auth middleware in server/routes.go
Enables fine-grained control over KV path ownership, group assignments, and POSIX-inspired permissions.
122 lines
4.8 KiB
Go
122 lines
4.8 KiB
Go
package server
|
|
|
|
import (
|
|
"github.com/gorilla/mux"
|
|
)
|
|
|
|
// setupRoutes configures all HTTP routes and their handlers
|
|
func (s *Server) setupRoutes() *mux.Router {
|
|
router := mux.NewRouter()
|
|
|
|
// Health endpoint (always available)
|
|
router.HandleFunc("/health", s.healthHandler).Methods("GET")
|
|
|
|
// KV endpoints (with conditional authentication based on anonymous access settings)
|
|
// GET endpoint - require auth if anonymous read is disabled
|
|
if s.config.AuthEnabled && !s.config.AllowAnonymousRead {
|
|
router.Handle("/kv/{path:.+}", s.authService.Middleware(
|
|
[]string{"read"}, nil, "",
|
|
)(s.getKVHandler)).Methods("GET")
|
|
} else {
|
|
router.HandleFunc("/kv/{path:.+}", s.getKVHandler).Methods("GET")
|
|
}
|
|
|
|
// PUT endpoint - require auth if anonymous write is disabled
|
|
if s.config.AuthEnabled && !s.config.AllowAnonymousWrite {
|
|
router.Handle("/kv/{path:.+}", s.authService.Middleware(
|
|
[]string{"write"}, nil, "",
|
|
)(s.putKVHandler)).Methods("PUT")
|
|
} else {
|
|
router.HandleFunc("/kv/{path:.+}", s.putKVHandler).Methods("PUT")
|
|
}
|
|
|
|
// DELETE endpoint - always require authentication (no anonymous delete)
|
|
if s.config.AuthEnabled {
|
|
router.Handle("/kv/{path:.+}", s.authService.Middleware(
|
|
[]string{"delete"}, nil, "",
|
|
)(s.deleteKVHandler)).Methods("DELETE")
|
|
} else {
|
|
router.HandleFunc("/kv/{path:.+}", s.deleteKVHandler).Methods("DELETE")
|
|
}
|
|
|
|
// Resource Metadata endpoints (available when auth is enabled)
|
|
if s.config.AuthEnabled {
|
|
// GET metadata - require read permission
|
|
router.Handle("/kv/{path:.+}/metadata", s.authService.Middleware(
|
|
[]string{"read"}, func(r *http.Request) string { return mux.Vars(r)["path"] }, "read",
|
|
)(s.getResourceMetadataHandler)).Methods("GET")
|
|
|
|
// PUT metadata - require write permission (owner write)
|
|
router.Handle("/kv/{path:.+}/metadata", s.authService.Middleware(
|
|
[]string{"write"}, func(r *http.Request) string { return mux.Vars(r)["path"] }, "write",
|
|
)(s.updateResourceMetadataHandler)).Methods("PUT")
|
|
}
|
|
|
|
// Member endpoints (available when clustering is enabled)
|
|
if s.config.ClusteringEnabled {
|
|
router.HandleFunc("/members/", s.getMembersHandler).Methods("GET")
|
|
router.HandleFunc("/members/join", s.joinMemberHandler).Methods("POST")
|
|
router.HandleFunc("/members/leave", s.leaveMemberHandler).Methods("DELETE")
|
|
router.HandleFunc("/members/gossip", s.gossipHandler).Methods("POST")
|
|
router.HandleFunc("/members/pairs_by_time", s.pairsByTimeHandler).Methods("POST")
|
|
|
|
// Merkle Tree endpoints (clustering feature)
|
|
router.HandleFunc("/merkle_tree/root", s.getMerkleRootHandler).Methods("GET")
|
|
router.HandleFunc("/merkle_tree/diff", s.getMerkleDiffHandler).Methods("POST")
|
|
router.HandleFunc("/kv_range", s.getKVRangeHandler).Methods("POST")
|
|
}
|
|
|
|
// Authentication and user management endpoints (available when auth is enabled)
|
|
if s.config.AuthEnabled {
|
|
// User Management endpoints (with authentication middleware)
|
|
router.Handle("/api/users", s.authService.Middleware(
|
|
[]string{"admin:users:create"}, nil, "",
|
|
)(s.createUserHandler)).Methods("POST")
|
|
|
|
router.Handle("/api/users/{uuid}", s.authService.Middleware(
|
|
[]string{"admin:users:read"}, nil, "",
|
|
)(s.getUserHandler)).Methods("GET")
|
|
|
|
router.Handle("/api/users/{uuid}", s.authService.Middleware(
|
|
[]string{"admin:users:update"}, nil, "",
|
|
)(s.updateUserHandler)).Methods("PUT")
|
|
|
|
router.Handle("/api/users/{uuid}", s.authService.Middleware(
|
|
[]string{"admin:users:delete"}, nil, "",
|
|
)(s.deleteUserHandler)).Methods("DELETE")
|
|
|
|
// Group Management endpoints (with authentication middleware)
|
|
router.Handle("/api/groups", s.authService.Middleware(
|
|
[]string{"admin:groups:create"}, nil, "",
|
|
)(s.createGroupHandler)).Methods("POST")
|
|
|
|
router.Handle("/api/groups/{uuid}", s.authService.Middleware(
|
|
[]string{"admin:groups:read"}, nil, "",
|
|
)(s.getGroupHandler)).Methods("GET")
|
|
|
|
router.Handle("/api/groups/{uuid}", s.authService.Middleware(
|
|
[]string{"admin:groups:update"}, nil, "",
|
|
)(s.updateGroupHandler)).Methods("PUT")
|
|
|
|
router.Handle("/api/groups/{uuid}", s.authService.Middleware(
|
|
[]string{"admin:groups:delete"}, nil, "",
|
|
)(s.deleteGroupHandler)).Methods("DELETE")
|
|
|
|
// Token Management endpoints (with authentication middleware)
|
|
router.Handle("/api/tokens", s.authService.Middleware(
|
|
[]string{"admin:tokens:create"}, nil, "",
|
|
)(s.createTokenHandler)).Methods("POST")
|
|
}
|
|
|
|
// Revision History endpoints (available when revision history is enabled)
|
|
if s.config.RevisionHistoryEnabled {
|
|
router.HandleFunc("/api/data/{key}/history", s.getRevisionHistoryHandler).Methods("GET")
|
|
router.HandleFunc("/api/data/{key}/history/{revision}", s.getSpecificRevisionHandler).Methods("GET")
|
|
}
|
|
|
|
// Backup Status endpoint (always available if backup is enabled)
|
|
router.HandleFunc("/api/backup/status", s.getBackupStatusHandler).Methods("GET")
|
|
|
|
return router
|
|
}
|