update
Build and Publish / BuildAndDeployArm64 (push) Failing after 6s
Build and Publish / BuildAndDeployAmd64 (push) Failing after 4s

This commit is contained in:
2026-07-03 17:45:51 +02:00
parent f339b60351
commit cecf4abe76
12 changed files with 1818 additions and 112 deletions
+20 -4
View File
@@ -243,12 +243,28 @@ func main() {
// UCP Customer REST adapter
auditLogPath := filepath.Join(profileDir, "audit.log")
customerUCP := ucp.CustomerHandler(pool, auditLogPath,
// Session signer is shared by the auth server (HMAC verifier for the
// "sid" cookie); NewSigner is stateless once built so a single
// instance can be reused across the auth server's NewServer call.
sessionSigner := customerauth.NewSigner(authSecret())
// Cluster-aware ProfileApplier: routes Get/Apply to the replica that
// currently owns the grain. With a remote owner we forward there so
// the request reads the authoritative in-memory state; with no owner
// we let pool.Get / pool.Apply spawn the grain locally from the
// disk-backed event log and broadcast ownership. Centralising this
// choice in the applicr (rather than HTTP middleware) prevents the
// split-brain hazard where a non-owner pod reads a stale or empty
// grain from disk and caches it under its own (conflicting)
// ownership.
applier := &clusterAwareApplier{pool: pool}
customerUCP := ucp.CustomerHandler(applier, auditLogPath,
ucp.WithEmailIndex(emailIndex),
ucp.WithCredentialDeleter(credStore),
)
if signer := loadUCPProfileSigner(); signer != nil {
customerUCP = ucp.WithSigning(customerUCP, signer)
if ucpSigner := loadUCPProfileSigner(); ucpSigner != nil {
customerUCP = ucp.WithSigning(customerUCP, ucpSigner)
log.Print("ucp customer signing enabled")
}
// StripPrefix is required because the sub-mux (CustomerHandler) registers
@@ -258,7 +274,7 @@ func main() {
// Customer auth: password signup/login + session cookies + identity linking.
authNotifier := selectAuthNotifier()
authHandler := customerauth.NewServer(credStore, pool, customerauth.NewSigner(authSecret()), 0, customerauth.Options{
authHandler := customerauth.NewServer(credStore, applier, sessionSigner, 0, customerauth.Options{
Notifier: authNotifier,
Limiter: limiter,
BaseURL: os.Getenv("CUSTOMER_AUTH_BASE_URL"),