pptx704
2c66959b92
Add host registration, heartbeat, and multi-host management
Implements the full host ↔ control plane connection flow:
- Host CRUD endpoints (POST/GET/DELETE /v1/hosts) with role-based access:
regular hosts admin-only, BYOC hosts for admins and team owners
- One-time registration token flow: admin creates host → gets token (1hr TTL
in Redis + Postgres audit trail) → host agent registers with specs → gets
long-lived JWT (1yr)
- Host agent registration client with automatic spec detection (arch, CPU,
memory, disk) and token persistence to disk
- Periodic heartbeat (30s) via POST /v1/hosts/{id}/heartbeat with X-Host-Token
auth and host ID cross-check
- Token regeneration endpoint (POST /v1/hosts/{id}/token) for retry after
failed registration
- Tag management (add/remove/list) with team-scoped access control
- Host JWT with typ:"host" claim, cross-use prevention in both VerifyJWT and
VerifyHostJWT
- requireHostToken middleware for host agent authentication
- DB-level race protection: RegisterHost uses AND status='pending' with
rows-affected check; Redis GetDel for atomic token consume
- Migration for future mTLS support (cert_fingerprint, mtls_enabled columns)
- Host agent flags: --register (one-time token), --address (required ip:port)
- serviceErrToHTTP extended with "forbidden" → 403 mapping
- OpenAPI spec, .env.example, and README updated
2026-03-17 05:51:28 +06:00
..
2026-03-17 05:51:28 +06:00
2026-03-17 05:51:28 +06:00
2026-03-17 03:26:42 +06:00
2026-03-17 05:51:28 +06:00
2026-03-14 06:42:34 +06:00
2026-03-11 05:42:42 +06:00
2026-03-17 05:51:28 +06:00
2026-03-17 05:51:28 +06:00
2026-03-10 16:50:12 +06:00
2026-03-10 16:50:12 +06:00
2026-03-10 03:54:53 +06:00
2026-03-13 08:40:36 +06:00
2026-03-15 05:15:18 +06:00
2026-03-10 16:50:12 +06:00
2026-03-17 05:51:28 +06:00
2026-03-13 09:41:58 +06:00
2026-03-13 08:25:40 +06:00
2026-03-13 08:40:36 +06:00
2026-03-13 09:41:58 +06:00