Implemented a comprehensive secure authentication mechanism for inter-node
cluster communication with the following features:
1. Global Cluster Secret (GCS)
- Auto-generated cryptographically secure random secret (256-bit)
- Configurable via YAML config file
- Shared across all cluster nodes for authentication
2. Cluster Authentication Middleware
- Validates X-Cluster-Secret and X-Node-ID headers
- Applied to all cluster endpoints (/members/*, /merkle_tree/*, /kv_range)
- Comprehensive logging of authentication attempts
3. Authenticated HTTP Client
- Custom HTTP client with cluster auth headers
- TLS support with configurable certificate verification
- Protocol-aware (http/https based on TLS settings)
4. Secure Bootstrap Endpoint
- New /auth/cluster-bootstrap endpoint
- Protected by JWT authentication with admin scope
- Allows new nodes to securely obtain cluster secret
5. Updated Cluster Communication
- All gossip protocol requests include auth headers
- All Merkle tree sync requests include auth headers
- All data replication requests include auth headers
6. Configuration
- cluster_secret: Shared secret (auto-generated if not provided)
- cluster_tls_enabled: Enable TLS for inter-node communication
- cluster_tls_cert_file: Path to TLS certificate
- cluster_tls_key_file: Path to TLS private key
- cluster_tls_skip_verify: Skip TLS verification (testing only)
This implementation addresses the security vulnerability of unprotected
cluster endpoints and provides a flexible, secure approach to protecting
internal cluster communication while allowing for automated node bootstrapping.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add AllowAnonymousRead and AllowAnonymousWrite config parameters
- Set both to false by default for security
- Apply conditional authentication middleware to KV endpoints:
- GET requires auth if AllowAnonymousRead is false
- PUT requires auth if AllowAnonymousWrite is false
- DELETE always requires authentication (no anonymous delete)
- Update integration tests to enable anonymous access for testing
- Maintain backward compatibility when AuthEnabled is false
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Move defaultConfig() and loadConfig() functions to config package
- Remove unused yaml import from main.go
- Clean separation of configuration logic
- Update main() to use config.Load()
Reduced main.go from ~3650 to ~3570 lines
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
