josh
8b3d9a312e
CI / Lint + build + test (push) Failing after 5m15s
Operator pastes `curl -fsSL $ORCH/register/quick.sh | sudo bash` on the target host (pre-wipe). The script probes MAC + CPU/RAM/disks/NICs/GPUs, emits an expected-spec YAML, and POSTs to a new LAN-trusted JSON endpoint /api/v1/hosts. The register page shows the command prefilled with the orchestrator URL; the manual form moves into a collapsible "Register manually" disclosure.
71 lines
2.1 KiB
Go
71 lines
2.1 KiB
Go
// Package httpserver assembles the chi router. It lives in its own
|
|
// package because it depends on both `api` and `orchestrator`, and
|
|
// those two packages must stay import-independent.
|
|
package httpserver
|
|
|
|
import (
|
|
"io/fs"
|
|
"net/http"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-chi/chi/v5/middleware"
|
|
|
|
"vetting/internal/api"
|
|
"vetting/internal/web"
|
|
)
|
|
|
|
type Deps struct {
|
|
UI *api.UI
|
|
Agent *api.Agent
|
|
LiveDir string // directory containing vmlinuz + initrd.img; "" disables /live
|
|
}
|
|
|
|
func NewRouter(d Deps) http.Handler {
|
|
r := chi.NewRouter()
|
|
r.Use(middleware.RealIP)
|
|
r.Use(middleware.Recoverer)
|
|
r.Use(middleware.Logger)
|
|
|
|
staticFS, err := fs.Sub(web.Static, "static")
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
r.Handle("/static/*", http.StripPrefix("/static/", http.FileServer(http.FS(staticFS))))
|
|
|
|
if d.LiveDir != "" {
|
|
r.Handle("/live/*", http.StripPrefix("/live/", http.FileServer(http.Dir(d.LiveDir))))
|
|
}
|
|
|
|
// Agent / PXE endpoints — authenticated per-request by bearer token
|
|
// or by the unforgeable MAC path parameter.
|
|
r.Get("/ipxe/{mac}", d.Agent.IPXEScript)
|
|
r.Route("/api/v1/runs/{id}", func(r chi.Router) {
|
|
r.Post("/hello", d.Agent.Hello)
|
|
r.Post("/claim", d.Agent.Claim)
|
|
r.Post("/heartbeat", d.Agent.Heartbeat)
|
|
r.Post("/log", d.Agent.Log)
|
|
r.Post("/result", d.Agent.Result)
|
|
r.Post("/hold", d.Agent.Hold)
|
|
r.Post("/sensor", d.Agent.Sensor)
|
|
})
|
|
|
|
// Quick-register: the bash one-liner fetched from /register/quick.sh
|
|
// POSTs here from the target host. LAN-trusted, same threat model
|
|
// as the browser UI.
|
|
r.Post("/api/v1/hosts", d.UI.CreateHostJSON)
|
|
|
|
// Browser UI — no auth; bind to loopback or LAN only, or front
|
|
// with a reverse proxy if you need a password.
|
|
r.Get("/", d.UI.Dashboard)
|
|
r.Get("/hosts/new", d.UI.NewHostForm)
|
|
r.Post("/hosts", d.UI.CreateHost)
|
|
r.Post("/hosts/{id}/delete", d.UI.DeleteHost)
|
|
r.Post("/hosts/{id}/start", d.UI.StartRun)
|
|
r.Post("/hosts/{id}/override-wipe", d.UI.OverrideWipeStorage)
|
|
r.Get("/reports/{runID}", d.UI.Report)
|
|
r.Get("/register/quick.sh", d.UI.QuickRegisterScript)
|
|
r.Get("/events", d.UI.SSE)
|
|
|
|
return r
|
|
}
|