Prototype with single host server and no admin panel (#2)

Reviewed-on: wrenn/sandbox#2 Co-authored-by: pptx704 <rafeed@omukk.dev> Co-committed-by: pptx704 <rafeed@omukk.dev>
2026-03-22 21:01:23 +00:00
parent bd78cc068c
commit 32e5a5a715
293 changed files with 46885 additions and 1033 deletions
--- a/db/migrations/20260310094104_initial.sql
+++ b/db/migrations/20260310094104_initial.sql
@ -0,0 +1,25 @@
+-- +goose Up
+
+CREATE TABLE sandboxes (
+    id              TEXT PRIMARY KEY,
+    owner_id        TEXT NOT NULL DEFAULT '',
+    host_id         TEXT NOT NULL DEFAULT 'default',
+    template        TEXT NOT NULL DEFAULT 'minimal',
+    status          TEXT NOT NULL DEFAULT 'pending',
+    vcpus           INTEGER NOT NULL DEFAULT 1,
+    memory_mb       INTEGER NOT NULL DEFAULT 512,
+    timeout_sec     INTEGER NOT NULL DEFAULT 0,
+    guest_ip        TEXT NOT NULL DEFAULT '',
+    host_ip         TEXT NOT NULL DEFAULT '',
+    created_at      TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    started_at      TIMESTAMPTZ,
+    last_active_at  TIMESTAMPTZ,
+    last_updated    TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX idx_sandboxes_status ON sandboxes(status);
+CREATE INDEX idx_sandboxes_host_status ON sandboxes(host_id, status);
+
+-- +goose Down
+
+DROP TABLE sandboxes;
--- a/db/migrations/20260311224925_snapshots.sql
+++ b/db/migrations/20260311224925_snapshots.sql
@ -0,0 +1,14 @@
+-- +goose Up
+
+CREATE TABLE templates (
+    name         TEXT PRIMARY KEY,
+    type         TEXT NOT NULL DEFAULT 'base',        -- 'base' or 'snapshot'
+    vcpus        INTEGER,
+    memory_mb    INTEGER,
+    size_bytes   BIGINT NOT NULL DEFAULT 0,
+    created_at   TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- +goose Down
+
+DROP TABLE templates;
--- a/db/migrations/20260313210608_auth.sql
+++ b/db/migrations/20260313210608_auth.sql
@ -0,0 +1,46 @@
+-- +goose Up
+
+CREATE TABLE users (
+    id            TEXT PRIMARY KEY,
+    email         TEXT NOT NULL UNIQUE,
+    password_hash TEXT NOT NULL,
+    created_at    TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at    TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE TABLE teams (
+    id         TEXT PRIMARY KEY,
+    name       TEXT NOT NULL,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE TABLE users_teams (
+    user_id    TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    team_id    TEXT NOT NULL REFERENCES teams(id) ON DELETE CASCADE,
+    is_default BOOLEAN NOT NULL DEFAULT TRUE,
+    role       TEXT NOT NULL DEFAULT 'owner',
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    PRIMARY KEY (team_id, user_id)
+);
+
+CREATE INDEX idx_users_teams_user ON users_teams(user_id);
+
+CREATE TABLE team_api_keys (
+    id         TEXT PRIMARY KEY,
+    team_id    TEXT NOT NULL REFERENCES teams(id) ON DELETE CASCADE,
+    name       TEXT NOT NULL DEFAULT '',
+    key_hash   TEXT NOT NULL UNIQUE,
+    key_prefix TEXT NOT NULL DEFAULT '',
+    created_by TEXT NOT NULL REFERENCES users(id),
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    last_used  TIMESTAMPTZ
+);
+
+CREATE INDEX idx_team_api_keys_team ON team_api_keys(team_id);
+
+-- +goose Down
+
+DROP TABLE team_api_keys;
+DROP TABLE users_teams;
+DROP TABLE teams;
+DROP TABLE users;
--- a/db/migrations/20260313210611_team_ownership.sql
+++ b/db/migrations/20260313210611_team_ownership.sql
@ -0,0 +1,31 @@
+-- +goose Up
+
+ALTER TABLE sandboxes
+    ADD COLUMN team_id TEXT NOT NULL DEFAULT '';
+
+UPDATE sandboxes SET team_id = owner_id WHERE owner_id != '';
+
+ALTER TABLE sandboxes
+    DROP COLUMN owner_id;
+
+ALTER TABLE templates
+    ADD COLUMN team_id TEXT NOT NULL DEFAULT '';
+
+CREATE INDEX idx_sandboxes_team ON sandboxes(team_id);
+CREATE INDEX idx_templates_team ON templates(team_id);
+
+-- +goose Down
+
+ALTER TABLE sandboxes
+    ADD COLUMN owner_id TEXT NOT NULL DEFAULT '';
+
+UPDATE sandboxes SET owner_id = team_id WHERE team_id != '';
+
+ALTER TABLE sandboxes
+    DROP COLUMN team_id;
+
+ALTER TABLE templates
+    DROP COLUMN team_id;
+
+DROP INDEX IF EXISTS idx_sandboxes_team;
+DROP INDEX IF EXISTS idx_templates_team;
--- a/db/migrations/20260315001514_oauth.sql
+++ b/db/migrations/20260315001514_oauth.sql
@ -0,0 +1,22 @@
+-- +goose Up
+
+ALTER TABLE users
+    ALTER COLUMN password_hash DROP NOT NULL;
+
+CREATE TABLE oauth_providers (
+    provider    TEXT NOT NULL,
+    provider_id TEXT NOT NULL,
+    user_id     TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    email       TEXT NOT NULL,
+    created_at  TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    PRIMARY KEY (provider, provider_id)
+);
+
+CREATE INDEX idx_oauth_providers_user ON oauth_providers(user_id);
+
+-- +goose Down
+
+DROP TABLE oauth_providers;
+
+UPDATE users SET password_hash = '' WHERE password_hash IS NULL;
+ALTER TABLE users ALTER COLUMN password_hash SET NOT NULL;
--- a/db/migrations/20260316203135_admin_users.sql
+++ b/db/migrations/20260316203135_admin_users.sql
@ -0,0 +1,21 @@
+-- +goose Up
+
+ALTER TABLE users
+    ADD COLUMN is_admin BOOLEAN NOT NULL DEFAULT FALSE;
+
+CREATE TABLE admin_permissions (
+    id         TEXT PRIMARY KEY,
+    user_id    TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    permission TEXT NOT NULL,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    UNIQUE (user_id, permission)
+);
+
+CREATE INDEX idx_admin_permissions_user ON admin_permissions(user_id);
+
+-- +goose Down
+
+DROP TABLE admin_permissions;
+
+ALTER TABLE users
+    DROP COLUMN is_admin;
--- a/db/migrations/20260316203138_byoc_teams.sql
+++ b/db/migrations/20260316203138_byoc_teams.sql
@ -0,0 +1,9 @@
+-- +goose Up
+
+ALTER TABLE teams
+    ADD COLUMN is_byoc BOOLEAN NOT NULL DEFAULT FALSE;
+
+-- +goose Down
+
+ALTER TABLE teams
+    DROP COLUMN is_byoc;
--- a/db/migrations/20260316203142_hosts.sql
+++ b/db/migrations/20260316203142_hosts.sql
@ -0,0 +1,47 @@
+-- +goose Up
+
+CREATE TABLE hosts (
+    id                TEXT PRIMARY KEY,
+    type              TEXT NOT NULL DEFAULT 'regular',  -- 'regular' or 'byoc'
+    team_id           TEXT REFERENCES teams(id) ON DELETE SET NULL,
+    provider          TEXT,
+    availability_zone TEXT,
+    arch              TEXT,
+    cpu_cores         INTEGER,
+    memory_mb         INTEGER,
+    disk_gb           INTEGER,
+    address           TEXT,                             -- ip:port of host agent
+    status            TEXT NOT NULL DEFAULT 'pending',  -- 'pending', 'online', 'offline', 'draining'
+    last_heartbeat_at TIMESTAMPTZ,
+    metadata          JSONB NOT NULL DEFAULT '{}',
+    created_by        TEXT NOT NULL REFERENCES users(id),
+    created_at        TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at        TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE TABLE host_tokens (
+    id         TEXT PRIMARY KEY,
+    host_id    TEXT NOT NULL REFERENCES hosts(id) ON DELETE CASCADE,
+    created_by TEXT NOT NULL REFERENCES users(id),
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    expires_at TIMESTAMPTZ NOT NULL,
+    used_at    TIMESTAMPTZ
+);
+
+CREATE TABLE host_tags (
+    host_id TEXT NOT NULL REFERENCES hosts(id) ON DELETE CASCADE,
+    tag     TEXT NOT NULL,
+    PRIMARY KEY (host_id, tag)
+);
+
+CREATE INDEX idx_hosts_type ON hosts(type);
+CREATE INDEX idx_hosts_team ON hosts(team_id);
+CREATE INDEX idx_hosts_status ON hosts(status);
+CREATE INDEX idx_host_tokens_host ON host_tokens(host_id);
+CREATE INDEX idx_host_tags_tag ON host_tags(tag);
+
+-- +goose Down
+
+DROP TABLE host_tags;
+DROP TABLE host_tokens;
+DROP TABLE hosts;
--- a/db/migrations/20260316223629_host_mtls.sql
+++ b/db/migrations/20260316223629_host_mtls.sql
@ -0,0 +1,11 @@
+-- +goose Up
+
+ALTER TABLE hosts
+    ADD COLUMN cert_fingerprint TEXT,
+    ADD COLUMN mtls_enabled     BOOLEAN NOT NULL DEFAULT FALSE;
+
+-- +goose Down
+
+ALTER TABLE hosts
+    DROP COLUMN cert_fingerprint,
+    DROP COLUMN mtls_enabled;