cart and checkout
This commit is contained in:
+65
-7
@@ -17,9 +17,39 @@ import (
|
||||
"git.k6n.net/mats/go-cart-actor/internal/ucp"
|
||||
"git.k6n.net/mats/go-cart-actor/pkg/actor"
|
||||
"git.k6n.net/mats/go-cart-actor/pkg/profile"
|
||||
"git.k6n.net/mats/go-cart-actor/pkg/proxy"
|
||||
"git.k6n.net/mats/go-cart-actor/pkg/telemetry"
|
||||
"github.com/redis/go-redis/v9"
|
||||
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
|
||||
)
|
||||
|
||||
// buildAuthStorage selects the credential store and login limiter that back the
|
||||
// customer-auth surface. With REDIS_ADDRESS set it uses shared Redis storage so
|
||||
// the service scales horizontally; otherwise it falls back to the file-backed
|
||||
// store and an in-memory limiter (single-instance / local dev). A Redis failure
|
||||
// at startup is fatal rather than silently degrading to per-replica state.
|
||||
func buildAuthStorage(ctx context.Context, profileDir string) (customerauth.Credentials, customerauth.Limiter) {
|
||||
if addr := os.Getenv("REDIS_ADDRESS"); addr != "" {
|
||||
rdb := redis.NewClient(&redis.Options{
|
||||
Addr: addr,
|
||||
Password: os.Getenv("REDIS_PASSWORD"),
|
||||
DB: 0,
|
||||
})
|
||||
store, err := customerauth.NewRedisCredentialStore(ctx, rdb)
|
||||
if err != nil {
|
||||
log.Fatalf("Error connecting customer-auth credential store to Redis at %s: %v", addr, err)
|
||||
}
|
||||
log.Printf("customer-auth: using shared Redis storage at %s", addr)
|
||||
return store, customerauth.NewRedisLoginLimiter(rdb, 0, 0)
|
||||
}
|
||||
credStore, err := customerauth.LoadCredentialStore(filepath.Join(profileDir, "credentials.json"))
|
||||
if err != nil {
|
||||
log.Fatalf("Error loading credential store: %v", err)
|
||||
}
|
||||
log.Print("customer-auth: REDIS_ADDRESS unset — using file credential store + in-memory limiter (single-instance only)")
|
||||
return credStore, customerauth.NewLoginLimiter(0, 0)
|
||||
}
|
||||
|
||||
// authSecret returns the HMAC key for customer session cookies. It reads
|
||||
// CUSTOMER_AUTH_SECRET; when unset it generates an ephemeral random key and
|
||||
// warns that issued sessions will not survive a restart (fine for dev).
|
||||
@@ -86,6 +116,13 @@ func main() {
|
||||
// Destroy is an optional grain-eviction cleanup hook; profiles need none
|
||||
// (disk storage persists via its own loop), so it's left unset — purge()
|
||||
// skips a nil Destroy.
|
||||
// SpawnHost makes the pool cluster-aware: when a grain is owned by a peer
|
||||
// replica, the pool proxies to it over gRPC :1337 (control) + HTTP :8080
|
||||
// (requests). With POD_IP unset and no discovered peers this is never
|
||||
// invoked, so the service still runs fine single-node.
|
||||
SpawnHost: func(host string) (actor.Host[profile.ProfileGrain], error) {
|
||||
return proxy.NewRemoteHost[profile.ProfileGrain](host)
|
||||
},
|
||||
TTL: 10 * time.Minute,
|
||||
PoolSize: 65535,
|
||||
Hostname: podIp,
|
||||
@@ -96,19 +133,40 @@ func main() {
|
||||
log.Fatalf("Error creating profile pool: %v\n", err)
|
||||
}
|
||||
|
||||
// Clustering control plane: gRPC server on :1337 serves peer pools'
|
||||
// ownership announcements and remote Apply/Get calls; UseDiscovery watches
|
||||
// for sibling profile pods (label actor-pool=profile) and wires them into the
|
||||
// pool. Both are no-ops in single-node mode (POD_IP unset → nil discovery).
|
||||
grpcSrv, err := actor.NewControlServer[profile.ProfileGrain](actor.DefaultServerConfig(), pool)
|
||||
if err != nil {
|
||||
log.Fatalf("Error starting control plane gRPC server: %v\n", err)
|
||||
}
|
||||
defer grpcSrv.GracefulStop()
|
||||
|
||||
UseDiscovery(pool)
|
||||
|
||||
mux := http.NewServeMux()
|
||||
debugMux := http.NewServeMux()
|
||||
|
||||
ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt)
|
||||
defer stop()
|
||||
|
||||
otelShutdown, err := setupOTelSDK(ctx)
|
||||
otelShutdown, err := telemetry.SetupOTelSDK(ctx)
|
||||
if err != nil {
|
||||
log.Fatalf("Unable to start otel %v", err)
|
||||
}
|
||||
|
||||
// Customer auth storage and failed-login limiter.
|
||||
// Credentials and the failed-login limiter use shared Redis storage when
|
||||
// REDIS_ADDRESS is set (so the service scales horizontally), and fall back to
|
||||
// the file store + in-memory limiter for single-instance / local dev. Session
|
||||
// and verify/reset tokens are stateless HMAC values, so a shared
|
||||
// CUSTOMER_AUTH_SECRET is all they need to work across replicas.
|
||||
credStore, limiter := buildAuthStorage(ctx, profileDir)
|
||||
|
||||
// UCP Customer REST adapter
|
||||
customerUCP := ucp.CustomerHandler(pool)
|
||||
auditLogPath := filepath.Join(profileDir, "audit.log")
|
||||
customerUCP := ucp.CustomerHandler(pool, auditLogPath, credStore)
|
||||
if signer := loadUCPProfileSigner(); signer != nil {
|
||||
customerUCP = ucp.WithSigning(customerUCP, signer)
|
||||
log.Print("ucp customer signing enabled")
|
||||
@@ -119,11 +177,11 @@ func main() {
|
||||
mux.Handle("/ucp/v1/customers/", http.StripPrefix("/ucp/v1/customers", customerUCP))
|
||||
|
||||
// Customer auth: password signup/login + session cookies + identity linking.
|
||||
credStore, err := customerauth.LoadCredentialStore(filepath.Join(profileDir, "credentials.json"))
|
||||
if err != nil {
|
||||
log.Fatalf("Error loading credential store: %v\n", err)
|
||||
}
|
||||
authHandler := customerauth.NewServer(credStore, pool, customerauth.NewSigner(authSecret()), 0).Handler()
|
||||
authHandler := customerauth.NewServer(credStore, pool, customerauth.NewSigner(authSecret()), 0, customerauth.Options{
|
||||
Limiter: limiter,
|
||||
BaseURL: os.Getenv("CUSTOMER_AUTH_BASE_URL"),
|
||||
RequireVerifiedEmail: os.Getenv("CUSTOMER_AUTH_REQUIRE_VERIFIED") == "true",
|
||||
}).Handler()
|
||||
mux.Handle("/ucp/v1/auth/", http.StripPrefix("/ucp/v1/auth", authHandler))
|
||||
|
||||
mux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
Reference in New Issue
Block a user