89 lines
3 KiB
Go
89 lines
3 KiB
Go
// Package api — session-host endpoints for web-tui (T019).
|
|
//
|
|
// Provides two endpoints under /api/v1:
|
|
//
|
|
// POST /api/v1/pods/session-host
|
|
// Idempotent create-or-get of the authenticated user's durable
|
|
// session-host pod. Also ensures per-user Certificate, Ingress,
|
|
// PVCs, and namespace exist. Safe to call on every page load.
|
|
//
|
|
// GET /api/v1/pods/session-host/{user}/status
|
|
// Reports readiness of the user's session-host pod and the cert.
|
|
//
|
|
// Both sit under the existing AuthMiddleware (API-key Bearer auth).
|
|
// The {user} path parameter is validated against the authenticated
|
|
// user's ID — cross-tenant access is refused with 403.
|
|
package api
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
)
|
|
|
|
// SessionHostStatus is the canonical response for both endpoints. Mirrors
|
|
// specs/001-mobile-tui/contracts/dev-pod-api-extension.openapi.yaml in
|
|
// ~/Work/web-tui.
|
|
type SessionHostStatus struct {
|
|
Ready bool `json:"ready"`
|
|
PodName string `json:"podName"`
|
|
Namespace string `json:"namespace,omitempty"`
|
|
CertReady bool `json:"certReady"`
|
|
CertPendingReason string `json:"certPendingReason,omitempty"`
|
|
AtchSessionCount int `json:"atchSessionCount,omitempty"`
|
|
CreatedAt time.Time `json:"createdAt,omitempty"`
|
|
}
|
|
|
|
// SessionHostManager owns the lifecycle of per-user durable session-host
|
|
// pods, PVCs, services, ingress, and cert-manager Certificate. The
|
|
// concrete implementation lives in internal/k8s/sessionhost.go.
|
|
type SessionHostManager interface {
|
|
// EnsureForUser is idempotent: returns the current status for user,
|
|
// creating namespace/PVCs/Pod/Service/Ingress/Certificate if absent.
|
|
EnsureForUser(ctx context.Context, user string) (SessionHostStatus, error)
|
|
// StatusForUser returns the current status without creating anything.
|
|
StatusForUser(ctx context.Context, user string) (SessionHostStatus, error)
|
|
}
|
|
|
|
func (s *Server) handleCreateSessionHost(w http.ResponseWriter, r *http.Request) {
|
|
u := UserFromContext(r.Context())
|
|
if u == nil {
|
|
writeError(w, http.StatusUnauthorized, "not authenticated")
|
|
return
|
|
}
|
|
if s.SessionHost == nil {
|
|
writeError(w, http.StatusServiceUnavailable, "session-host manager not configured")
|
|
return
|
|
}
|
|
st, err := s.SessionHost.EnsureForUser(r.Context(), u.ID)
|
|
if err != nil {
|
|
writeError(w, http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusOK, st)
|
|
}
|
|
|
|
func (s *Server) handleSessionHostStatus(w http.ResponseWriter, r *http.Request) {
|
|
u := UserFromContext(r.Context())
|
|
if u == nil {
|
|
writeError(w, http.StatusUnauthorized, "not authenticated")
|
|
return
|
|
}
|
|
urlUser := chi.URLParam(r, "user")
|
|
if u.ID != urlUser {
|
|
writeError(w, http.StatusForbidden, "subject mismatch")
|
|
return
|
|
}
|
|
if s.SessionHost == nil {
|
|
writeError(w, http.StatusServiceUnavailable, "session-host manager not configured")
|
|
return
|
|
}
|
|
st, err := s.SessionHost.StatusForUser(r.Context(), u.ID)
|
|
if err != nil {
|
|
writeError(w, http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusOK, st)
|
|
}
|