Port envd from e2b with internalized shared packages and Connect RPC

- Copy envd source from e2b-dev/infra, internalize shared dependencies into envd/internal/shared/ (keys, filesystem, id, smap, utils) - Switch from gRPC to Connect RPC for all envd services - Update module paths to git.omukk.dev/wrenn/{sandbox,sandbox/envd} - Add proto specs (process, filesystem) with buf-based code generation - Implement full envd: process exec, filesystem ops, port forwarding, cgroup management, MMDS integration, and HTTP API - Update main module dependencies (firecracker SDK, pgx, goose, etc.) - Remove placeholder .gitkeep files replaced by real implementations
2026-03-09 21:03:19 +06:00
parent bd78cc068c
commit a3898d68fb
99 changed files with 17185 additions and 24 deletions
--- a/envd/internal/permissions/authenticate.go
+++ b/envd/internal/permissions/authenticate.go
@ -0,0 +1,47 @@
+package permissions
+
+import (
+	"context"
+	"fmt"
+	"os/user"
+
+	"connectrpc.com/authn"
+	"connectrpc.com/connect"
+
+	"git.omukk.dev/wrenn/sandbox/envd/internal/execcontext"
+)
+
+func AuthenticateUsername(_ context.Context, req authn.Request) (any, error) {
+	username, _, ok := req.BasicAuth()
+	if !ok {
+		// When no username is provided, ignore the authentication method (not all endpoints require it)
+		// Missing user is then handled in the GetAuthUser function
+		return nil, nil
+	}
+
+	u, err := GetUser(username)
+	if err != nil {
+		return nil, authn.Errorf("invalid username: '%s'", username)
+	}
+
+	return u, nil
+}
+
+func GetAuthUser(ctx context.Context, defaultUser string) (*user.User, error) {
+	u, ok := authn.GetInfo(ctx).(*user.User)
+	if !ok {
+		username, err := execcontext.ResolveDefaultUsername(nil, defaultUser)
+		if err != nil {
+			return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("no user specified"))
+		}
+
+		u, err := GetUser(username)
+		if err != nil {
+			return nil, authn.Errorf("invalid default user: '%s'", username)
+		}
+
+		return u, nil
+	}
+
+	return u, nil
+}