soroushdes/flatrender
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3fc7bf2b97a2731df6b79461f7a9b5483e8eb622
flatrender/services/render/cmd/server/main.go
T
soroush.asadi bcc69f0a2e feat: complete node-agent pipeline, TLS proxy, billing cancel, password reset 
Node-agent — full render pipeline (items 1-3):
- render-svc: ClaimedJob now includes aep_download_url (presigned MinIO GET,
  2h TTL, path=templates/{original_project_id}/template.aep)
- render-svc: POST /v1/internal/render/jobs/:id/output-upload-url
  allocates Export row + returns presigned MinIO PUT URL + export_id
- render-svc: db.CreateExportForJob() inserts export row with 30-day retention
- render-svc: InternalHandler now owns minio client (templatesBucket + exportsBucket)
  MINIO_TEMPLATES_BUCKET env var (default flatrender-templates)
- node-agent: runner/download.go — DownloadFile() + UploadFile() (stdlib only)
- node-agent: client.GetOutputUploadURL() + ClaimedJob.AEPDownloadURL field
- node-agent: runJob() full flow: download AEP → render → get upload URL →
  PUT output to MinIO → Complete(export_id)
  All steps are non-fatal with fallback (AEP miss → mock, upload fail → no export)

TLS reverse proxy (item 15):
- Caddyfile: three virtual hosts (DOMAIN, API_DOMAIN, STORAGE_DOMAIN)
  auto-TLS via Let's Encrypt; security headers; 512MB upload limit on API
- docker-compose.v2.yml: caddy:2-alpine service, ports 80/443/443udp,
  caddy_data + caddy_config volumes; env vars DOMAIN/API_DOMAIN/STORAGE_DOMAIN/ACME_EMAIL
- .env.v2.example: new Caddy + MINIO_TEMPLATES_BUCKET entries

Billing portal (item 5):
- Identity: POST /v1/users/me/plan/cancel — sets cancelled_at, auto_renew=false
  (access continues to expiry); 404 when no active plan
- POST /api/billing/cancel — frontend proxy, validates auth
- GET /api/billing/portal — redirects to /dashboard/settings?tab=billing
- SettingsBilling: "Cancel plan" button with confirm dialog + optimistic UI,
  "Change plan" button; becomes "use client" component

Password reset UI (item 7):
- POST /api/auth/password-reset — proxies /v1/auth/password/reset/request
  (always 200, anti-enumeration)
- POST /api/auth/password-reset-confirm — proxies /v1/auth/password/reset/confirm
- AuthPageContent: "Forgot password?" link on sign-in tab opens 2-step reset flow
  (email → OTP+new-password) without leaving the auth page

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-01 16:41:13 +03:30

155 lines
6.9 KiB
Go
Raw Blame History

package main
import (
"context"
"log"
"net/http"
"os"
"github.com/flatrender/render-svc/internal/db"
"github.com/flatrender/render-svc/internal/handlers"
"github.com/flatrender/render-svc/internal/middleware"
"github.com/flatrender/render-svc/internal/notifier"
"github.com/gin-gonic/gin"
"github.com/jackc/pgx/v5/pgxpool"
"github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials"
)
func getEnv(key, fallback string) string {
if v := os.Getenv(key); v != "" {
return v
}
return fallback
}
func main() {
// ── Config ────────────────────────────────────────────────────────────────
dbURL := getEnv("DATABASE_URL", "postgres://postgres:postgres@localhost:5432/flatrender?search_path=render,public")
jwtSecret := getEnv("JWT_SECRET", "change-me")
nodeSecret := getEnv("NODE_HMAC_SECRET", "node-secret")
minioEndpoint := getEnv("MINIO_ENDPOINT", "localhost:9000")
minioAccessKey := getEnv("MINIO_ACCESS_KEY", "minioadmin")
minioSecretKey := getEnv("MINIO_SECRET_KEY", "minioadmin")
minioUseSSL := getEnv("MINIO_USE_SSL", "false") == "true"
minioBucket := getEnv("MINIO_BUCKET", "flatrender-exports")
minioTemplatesBucket := getEnv("MINIO_TEMPLATES_BUCKET", "flatrender-templates")
notificationURL := getEnv("NOTIFICATION_URL", "http://localhost:8080")
serviceToken := getEnv("SERVICE_TOKEN", "internal-service-secret")
port := getEnv("PORT", "8080")
// ── Database ──────────────────────────────────────────────────────────────
pool, err := pgxpool.New(context.Background(), dbURL)
if err != nil {
log.Fatalf("connect db: %v", err)
}
defer pool.Close()
if err := pool.Ping(context.Background()); err != nil {
log.Fatalf("ping db: %v", err)
}
// ── MinIO ──────────────────────────────────────────────────────────────────
mc, err := minio.New(minioEndpoint, &minio.Options{
Creds: credentials.NewStaticV4(minioAccessKey, minioSecretKey, ""),
Secure: minioUseSSL,
})
if err != nil {
log.Fatalf("minio client: %v", err)
}
// ── Store + handlers ──────────────────────────────────────────────────────
store := db.NewStore(pool)
notifyClient := notifier.New(notificationURL, serviceToken)
renderH := handlers.NewRenderHandler(store)
snapH := handlers.NewSnapshotHandler(store)
exportH := handlers.NewExportHandler(store, mc, minioBucket)
nodeH := handlers.NewNodeHandler(store)
internalH := handlers.NewInternalHandler(store, notifyClient, mc, minioTemplatesBucket, minioBucket)
// ── Router ────────────────────────────────────────────────────────────────
r := gin.Default()
r.GET("/health", func(c *gin.Context) {
if err := pool.Ping(c.Request.Context()); err != nil {
c.JSON(http.StatusServiceUnavailable, gin.H{"status": "down", "error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"status": "ok"})
})
auth := middleware.JWTAuth(jwtSecret)
admin := middleware.RequireAdmin()
nodeAuth := middleware.NodeHMAC(nodeSecret)
v1 := r.Group("/v1")
// ── Render jobs ───────────────────────────────────────────────────────────
renders := v1.Group("/renders", auth)
{
renders.GET("", renderH.List)
renders.POST("", renderH.Create)
renders.GET("/:job_id", renderH.Get)
renders.POST("/:job_id/cancel", renderH.Cancel)
renders.POST("/:job_id/retry", renderH.Retry)
renders.GET("/:job_id/progress", renderH.Progress)
renders.GET("/:job_id/logs", renderH.Logs)
}
// ── Snapshots ─────────────────────────────────────────────────────────────
snaps := v1.Group("/snapshots", auth)
{
snaps.POST("", snapH.Create)
snaps.GET("/:snapshot_id", snapH.Get)
}
// ── Exports ───────────────────────────────────────────────────────────────
exports := v1.Group("/exports", auth)
{
exports.GET("", exportH.List)
exports.GET("/:export_id", exportH.Get)
exports.DELETE("/:export_id", exportH.Delete)
exports.POST("/:export_id/extend", exportH.Extend)
exports.GET("/:export_id/download-url", exportH.DownloadURL)
}
// ── Nodes (admin) ─────────────────────────────────────────────────────────
nodes := v1.Group("/nodes", auth, admin)
{
nodes.GET("", nodeH.List)
nodes.POST("", nodeH.Create)
nodes.GET("/:node_id", nodeH.Get)
nodes.PATCH("/:node_id", nodeH.Patch)
nodes.POST("/:node_id/restart", nodeH.Restart)
nodes.POST("/:node_id/release", nodeH.Release)
nodes.POST("/:node_id/close-ae", nodeH.CloseAE)
nodes.GET("/:node_id/health", nodeH.Health)
nodes.GET("/:node_id/health/history", nodeH.HealthHistory)
nodes.GET("/:node_id/crashes", nodeH.Crashes)
}
// ── Node updates (admin) ──────────────────────────────────────────────────
v1.GET("/node-updates", auth, admin, nodeH.ListUpdates)
v1.POST("/node-updates/:update_id/rollout", auth, admin, nodeH.Rollout)
// ── Internal (node agents only — HMAC auth) ───────────────────────────────
internal := v1.Group("/internal", nodeAuth)
{
internal.POST("/nodes/:node_id/heartbeat", internalH.Heartbeat)
internal.POST("/nodes/:node_id/online", internalH.Online)
internal.POST("/nodes/:node_id/cache-update", internalH.CacheUpdate)
internal.POST("/render/jobs/claim", internalH.Claim)
internal.POST("/render/jobs/:job_id/preview", internalH.Preview)
internal.POST("/render/jobs/:job_id/output-upload-url", internalH.OutputUploadURL)
internal.POST("/render/jobs/:job_id/frames", internalH.FrameProgress)
internal.POST("/render/jobs/:job_id/complete", internalH.Complete)
internal.POST("/render/jobs/:job_id/fail", internalH.Fail)
internal.POST("/render/jobs/:job_id/crash", internalH.Crash)
internal.POST("/render/jobs/:job_id/replica-ready", internalH.ReplicaReady)
}
log.Printf("render-svc listening on :%s", port)
if err := r.Run(":" + port); err != nil {
log.Fatalf("server: %v", err)
}
}
Reference in New Issue View Git Blame Copy Permalink