wangjia
e6897ecda4
build(server): codes 依赖改伪版本 pin(经 gitea),去本地路径 replace
...
replace github.com/wangjia/codes => 本地路径 换成
require github.com/wangjia/codes v0.0.0-20260710045055-c772d5256794(gitea @ c772d52)。
本地/CI 需配 GOPRIVATE=github.com/wangjia/codes + git insteadOf(github→gitea ssh)。
交叉编译 linux/amd64 已验证:部署走本地编译+传二进制,目标机无需 go/gitea。
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
Claude-Session: https://claude.ai/code/session_013nMthbVEmQquxBRKb9Fj8u
2026-07-11 09:21:53 +08:00
wangjia
5a9b5f1d8e
feat(server): cmd/migrate up 接入 codes 库自建迁移(ApplyCodesLibMigrations)(#codes-lib)
...
顺带修 000020 sqlite 索引名冲突:ALTER TABLE RENAME 不会带着重命名索引,
legacy_codes 上遗留的 idx_codes_status 与 codes 库自己迁移里同名索引撞名,
一并改成 idx_legacy_codes_status(up/down 对称)。
2026-07-10 13:55:14 +08:00
wangjia
e44e4616cd
feat(server): 接入 github.com/wangjia/codes 共享库依赖(pin c772d52)(#codes-lib)
...
Task 0 preflight: 验证锚点(表结构/service.go 行为/main.go 装配点)无漂移,
建立改动前基线(25 包全绿)。
Controller resolution 覆盖计划原文 Step 2:验证分支不改机器级 git config /
GOPRIVATE,改用 server/go.mod 内 replace 本地路径(见 go.mod 注释),合并前
需切换为 git insteadOf + 已发布版本(登记为协调项)。go get + go mod tidy
后 codes 因尚无代码 import 而未在 go.mod 落 require(预期行为,后续任务
接线后会重新出现);replace 指令本身及其带出的依赖抬升(modernc.org/sqlite
1.18.1→1.38.2, redis/go-redis/v9 9.20.1→9.21.0)已保留并通过改动前/改动后
两轮全量测试(均 25 ok / 0 FAIL)。
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com >
Claude-Session: https://claude.ai/code/session_013nMthbVEmQquxBRKb9Fj8u
2026-07-10 13:39:08 +08:00
wangjia
0fd3bce7a5
fix(server): 修复腐烂的集成测试套件 + devices 注册回填 last_seen
...
这批 -tags integration 测试(usage/auth/codes/devices/store)因依赖冲突
长期编译不过、从未进 CI 跑过,代码静默腐烂。本次逐层修复:
- 依赖:testcontainers-go v0.34→v0.43(原 v0.34 配 docker v28.3.3 编译失败:
archive.Compression/sockets.DialPipe undefined)。
- auth: LoginOutcome 重构成 Tokens 嵌套后,测试仍引用扁平 RefreshToken;
users 测试 schema 缺 totp_enabled 列 → GetUserByEmail 报错 → SendCode 500。
- usage/auth/codes/devices: DSN 里 time_zone='+00:00' 作 URL query 透传时 '+'
被解码成空格 → MySQL Error 1298 ' 00:00';改百分号编码。
- store: 测试 DSN 缺 multiStatements=true → 多语句迁移 Error 1064;
WithConfigFile("") 在 v0.43 被拒,改写真 my.cnf 设 +08:00 真正考验 UTC 覆盖。
- devices(产品 bug):insertDeviceTx 把 last_seen 写进库却没回填返回值,
刚注册的设备 API 响应 last_seen=null 与库不一致;TestFullChain 据此把关。
修复后完整 integration 套件 -p 1 串行全绿(25 包 + 5 testcontainers 包)。
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-25 21:19:10 +08:00
wangjia
f3471ae139
feat(server/db): 数据层多库支持(1/4)— 连接分派 + 双方言迁移管线
...
- config 增 DB_DRIVER(mysql 默认 | sqlite);DSN 对 sqlite 为文件路径
- db.OpenDriver 按驱动分派:sqlite 用 modernc(纯 Go 免 CGO)+ WAL/
busy_timeout/foreign_keys/_txlock=immediate;mysql 路径不变
- store.Open 分派;mysql 保留 UTC/collation 断言,sqlite 跳过
- 迁移拆 migrations/{mysql,sqlite}/ 双套,embed 双 FS,migrate 按驱动选源
与 golang-migrate 驱动;修复 m.Close() 误关调用方 *sql.DB 的坑
- cmd/migrate 串入 DB_DRIVER;集成测试 MigrateUp 签名更新
- 新增 SQLite 时间往返 smoke 测试与端到端迁移测试(免 docker)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-18 00:01:03 +08:00
wangjia
20a1f8e2af
merge: 管理端最小后台 + TOTP 双因素 [tsk_SCMtcGF4F434]
...
以 main 现有 cmd/server 设计为准(保留 probe + /v1 路由),叠加分支新增:internal/admin/ 自包含后台(session/2FA/IP 白名单/审计/模板)、internal/totp/ + cmd/adminctl/(TOTP + 管理员创建 CLI)、cmd/server/main.go 的 startAdminIfConfigured()(opt-in:ADMIN_SECRET_KEY+DB_DSN 才起)。统一 getenvDefault 命名;go.mod 取 HEAD + go mod tidy(x/term 提为直接依赖);admins 迁移与 main 既有 000008_provision 撞号,重排为 000009_admins。
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-13 18:47:38 +08:00
wangjia
b05d7ed416
merge: oapi-codegen 接线 + 生成代码入库 [tsk_Kp80nvHV2yLc]
...
# Conflicts:
# server/Makefile
# server/cmd/server/main.go
# server/go.mod
# server/go.sum
2026-06-13 17:32:25 +08:00
wangjia
4e2a444572
merge: usage 用量 + 广告解锁 [tsk_1taxhtV2k3RP]
...
# Conflicts:
# server/internal/apierr/apierr.go
2026-06-13 17:30:36 +08:00
wangjia
6ec7cd8146
merge: maestro/tsk_V9IrIk2g5Q78 [proto 契约 + buf 工具链] (tsk_FrRarw9YO8Nf)
...
合并 proto 契约 + buf 工具链任务到 main(已含 apierr + idgen + CONVENTIONS.md):
- server/proto/pangolin/agent/v1/agent.proto: AgentService 6 个 RPC(Enroll/Register/
Heartbeat/Subscribe/Ack/ReportUsage)及全量消息类型,隐私红线注释保留
- server/buf.yaml: v2 格式,STANDARD lint + FILE breaking 规则
- server/buf.gen.yaml: remote protoc-gen-go v1.36.4 + protoc-gen-go-grpc v1.5.1 插件
- server/internal/pb/: 生成的 agent.pb.go + agent_grpc.pb.go 提交入库
- server/Makefile: 新增 proto / proto-lint / proto-breaking 目标
- server/tools.go: 新增 buf v1.70.0、protoc-gen-go、protoc-gen-go-grpc 工具依赖
- server/go.mod / go.sum: 合并 buf 工具链依赖;github.com/google/uuid 保留为 direct
依赖(idgen 直接 import);go 版本升至 1.25.10
冲突解决:两侧均修改 go.mod,以 proto 分支(超集)为基础,将 google/uuid 移至
直接依赖 require 块,保留 apierr/idgen 的已有文件不变。
go build ./... ✓ | go test ./internal/apierr/... ./internal/idgen/... ✓
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-13 15:11:11 +08:00
wangjia
6e99e32285
feat(admin): 管理端最小后台(独立监听 + 白名单 + 2FA)tsk_SCMtcGF4F434
...
实现「一个二进制三个监听」中的管理端:
- 独立监听 ADMIN_LISTEN(默认 127.0.0.1:9443,FromEnv 拒绝 0.0.0.0/:: 等公网绑定)
- 中间件链:mw_ipallow(CIDR 白名单,仅信任 RemoteAddr,默认内网段)→
mw_session(HttpOnly+Secure+SameSite=Strict cookie,Redis 30min 滑动 TTL)
- 登录双因素:argon2id 密码 + RFC6238 TOTP;失败限流与临时锁定;
TOTP 密钥 AES-GCM 加密入库;migration 000008 增补 admins 表;
首个管理员由 cmd/adminctl create 创建(终端输出 otpauth URI/Secret)
- 功能三块(html/template + embed 静态资源,原生 JS 二次确认):
1. 码批次:表单生成→明文仅在本次 CSV 下载出现(不落盘/不入日志);
批次列表 + 整批作废(复用 #3 codes,新增 Store.ListBatches/VoidBatch)
2. 节点操作:列表 + 近期 node_events;replace 经 #14 ProvisionService、
draining/up 经 #5 Lifecycle(二者未就绪→注入 stub,UI 置灰);二次确认 + CSRF
3. audit_log 查看:actor/action/target/时间范围过滤分页;同页查 node_events
- 所有写操作写 audit_log(actor=用户名,meta 不含明文);管理端仅记安全事件
(登录失败/锁定/白名单拦截),不记常规访问日志
- internal/totp 复用包(与 doc/05 用户中心 2FA 同算法,纯标准库)
测试:totp RFC6238 向量、argon2/AES 往返、白名单放行/拦截、会话滑动过期、
登录成功/密码错/TOTP 错/未知用户/锁定、批次 CSV 含明文且 audit 不泄露、
作废/节点操作的二次确认与 CSRF 缺失被拒、mock 断言 service 调用参数、审计过滤。
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-13 14:49:32 +08:00
wangjia
dd060fd34a
feat(1d): wire oapi-codegen, generate types/server/client, add 501 stubs — tsk_Kp80nvHV2yLc
...
- Fix openapi.yaml: quote bearerAuth description that contained unquoted `: ` plain-scalar YAML
- Add server/api/cfg-{types,server,client}.yaml — oapi-codegen v2 config for three split outputs
- Add server/api/gen/gen.go — three //go:generate directives; run `make generate`
- Generate server/api/gen/{types,server,client}.gen.go from the contract (all 15 operations)
- Add github.com/oapi-codegen/runtime v1.4.1 to go.mod (runtime types needed by generated code)
- Add server/internal/httpapi/unimplemented.go — UnimplementedServer satisfies gen.ServerInterface;
every method writes HTTP 501 + {code,message_zh,message_en} JSON body (no dep on task-1f apierr)
- Update server/cmd/server/main.go — mount /v1 API via gen.HandlerFromMuxWithBaseURL; keep /healthz
- Update server/Makefile — `generate` target now runs `go generate ./...`;
add `check-generate` CI guard (regenerate + git diff --exit-code)
- Add server/internal/httpapi/unimplemented_test.go — 19 httptest cases covering all 15 API routes
(501+body), undefined routes (404), and /healthz isolation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-13 14:36:21 +08:00
wangjia
b64c002a33
feat(tsk_GXDoc3Cs07Rn): apierr + idgen + CONVENTIONS.md
...
apierr:
- Add New() constructor, StatusFor() HTTP-status mapping
- Add ErrUnauthorized, ErrForbidden, ErrNotFound, ErrConflict predefined errors
- Add chi-compatible Middleware for panic(*Error) → JSON recovery
- Add apierr_test.go (8 tests; covers New, StatusFor, WriteJSON, Middleware)
idgen:
- Implement idgen.go: New()/NewString() (UUID v7 via google/uuid v1.6.0)
- Implement GenerateCode/CanonicalizeCode/HashCode (Crockford Base32 moved from codes)
- Add idgen_test.go (12 tests; UUID v7 ordering/uniqueness + Crockford format/normalization/check)
codes:
- Refactor generator.go to delegate GenerateCode/Canonicalize/Hash to idgen
- All existing codes generator tests continue to pass unchanged
server:
- Add CONVENTIONS.md covering package structure, error handling, ID generation,
database conventions, handler templates, auth context, testing, and logging rules
- Move google/uuid from indirect to direct dependency in go.mod
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-13 11:58:38 +08:00
wangjia
787151245e
merge: maestro/tsk_tFMU7-hKzfOf [tsk_tFMU7-hKzfOf] codes 激活码模块
...
解决与 1A 骨架的冲突:module 统一为 github.com/wangjia/pangolin/server
(codes 分支原用 pangolin/server,7 个源文件 import 已改写);
go.mod require 并集(redis 取 9.20.1);Makefile 以骨架为基底并入
build-codegen/test-unit/test-integration target。
go build/vet 通过,codes 单测通过。
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-13 03:03:11 +08:00
wangjia
8c516d4f2a
merge: maestro/tsk_FUQws_DMIcXa [tsk_FUQws_DMIcXa] mTLS/CA + 引导 token 框架
...
解决与 Go 骨架(1A)的 add/add 冲突:go.mod 统一 module 路径为
github.com/wangjia/pangolin/server,require 取并集;setup.sh 合并两边意图。
go build ./... 与 go test ./internal/mtls/... 通过。
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-13 03:01:31 +08:00
wangjia
afcd7b325c
feat(codes): implement activation-code module (tsk_tFMU7-hKzfOf)
...
Implements server/internal/codes/ with all required functionality:
## Generator (generator.go)
- Crockford Base32 16-char codes (15 data + 1 Crockford mod-37 check char)
- crypto/rand for unbiased random generation with rejection sampling
- Canonicalize(): I/L→1, O→0 folding, hyphen/space stripping
- Hash(): SHA-256 of canonical plaintext (only value stored in DB)
- Algorithm hard-coded; check char detects all single-char substitution errors
## Store (store.go)
- MySQL-backed via database/sql
- CreateBatch / CreateCode with ErrDuplicate on UNIQUE conflict
- FindCodeByHashForUpdate: SELECT … FOR UPDATE for row-level concurrency control
- MarkRedeemed, ExtendSubscription, CreateSubscription, GetActiveSubscriptions
- WriteAuditLog, CodeExistsByHash
- BeginTx at READ COMMITTED (FOR UPDATE provides row exclusivity)
## Service (service.go)
- Redeem(): 9-step flow with full idempotency and concurrency safety
- isLocked / recordFail / clearFail via Redis key redeem:fail:{user_id}
- SELECT … FOR UPDATE → single winner under N-concurrent redemptions
- Same-plan: extends existing subscription (max(expires_at,now)+days)
- Cross-plan: creates new subscription (max(now,latest)+days)
- Idempotent: same user re-submits → 200 without re-applying
- 5 failures → ACCOUNT_LOCKED for 1 hour (sliding window via Redis)
- CreateBatch(): generates N codes, stores hashes, returns plaintext once
- Automatic retry on hash collision (birthday probability ≈10⁻⁸)
## Webhook (webhook.go)
- POST /webhook/store/codes — outside /v1, no JWT required
- HMAC-SHA256 with hmac.Equal constant-time comparison
- ±5 min timestamp window
- Redis SetNX nonce deduplication (15-min TTL)
- Idempotent: duplicate nonce → 200; duplicate code_hash → 200
## HTTP Handler (handler.go)
- POST /v1/redeem endpoint wired to Service.Redeem
- Reads userID from context key (set by JWT middleware from auth module)
- Bilingual error responses {code, message_zh, message_en}
## Export (export.go)
- ExportCSV(): streams plaintext codes to io.Writer as CSV
- Plaintext NEVER stored in DB; only SHA-256 hash persists
## CLI (cmd/codegen/main.go)
- codegen -plan -days -count -channel -note -dsn [-out]
- Transition tool until admin panel (#8 ) is ready
- Outputs CSV to stdout or file; warns operator about plaintext sensitivity
## Infrastructure (skeleton)
- internal/config/config.go: env-var configuration
- internal/db/db.go: MySQL connection pool helper
- internal/redisutil/redis.go: Redis client constructor
- internal/apierr/apierr.go: bilingual error types
- migrations/001_init.sql: DDL for codes module tables
- go.mod with all dependencies
## Tests
- generator_test.go (unit, no deps):
- Format, uniqueness (10k codes, zero collisions), normalization,
check-char detection of all single-char errors, hash consistency
- webhook_test.go (unit, no deps):
- Signature rejection, missing signature, stale/future timestamp,
missing nonce, constant-time HMAC comparison
- service_test.go (//go:build integration, testcontainers):
- N=20 concurrent redeemers → exactly 1 winner
- Idempotent redeem returns success for same user
- Other-user redemption → CODE_REDEEMED + failure counted
- 5 failures → ACCOUNT_LOCKED on 6th attempt
- Same-plan extension: expires_at precision assertion
- Cross-plan creation: new subscription row
- Audit log written on every successful redemption
- CSV export: no plaintext in DB, hash present
- Webhook nonce replay: idempotent 200
- Webhook same-hash: idempotent 200, single DB row
Run unit tests: make test
Run integration tests: make test-integration (requires Docker)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-13 02:16:16 +08:00
wangjia
73fd281bb5
feat(mtls): implement mTLS/CA + bootstrap token framework [tsk_FUQws_DMIcXa]
...
ECDSA P-256 self-signed CA with disk persistence (load-or-generate),
CSR signing (CN=nodeUUID, 90d validity, EKU=ClientAuth), one-time
bootstrap tokens via Redis GETDEL (15min TTL), CRL revocation with
Redis SET + DB interface, gRPC unary+stream interceptors that extract
CN from verified TLS chains (Enroll whitelisted, others require cert),
and NewServerTLSConfig (VerifyClientCertIfGiven + TLS 1.3 + CRL hook).
Frozen API: SignCSR / CAPEM / IssueToken / ConsumeToken / Revoke /
NewServerTLSConfig / UnaryServerInterceptor / NodeUUIDFromContext
Tests cover: CA sign+verify, token one-time guarantee, TTL expiry,
revocation rejection, interceptor whitelist (5 categories).
Redis layer backed by miniredis in tests.
Run setup.sh from server/ to fetch deps and verify tests pass.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-13 01:44:21 +08:00
wangjia
1629385c70
feat(server): Go 模块骨架 + 工具链 [tsk_L2k2VrEujof8]
...
新建 server/ Go 模块:
- go.mod: module github.com/wangjia/pangolin/server, Go 1.22
依赖: go-chi/chi/v5, google/uuid
- tools.go: //go:build tools 锁定 oapi-codegen / golang-migrate 版本
- cmd/server/main.go: chi router + GET /healthz → {"status":"ok"},监听 :8080
- cmd/migrate/main.go: 占位入口(实逻辑归 1e)
- internal/{config,store,apierr,idgen,auth,codes,devices,nodes,usage,admin}/doc.go
各包职责说明
- Makefile: build/test/vet/lint/generate/migrate-up/migrate-down
- .golangci.yml: govet/errcheck/staticcheck/revive/gofmt 基线
- README.md: 定位 + 目录树 + make 入口说明
- setup.sh: 首次 go mod tidy 引导脚本(go.sum 需运行后生成)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-13 01:28:37 +08:00