mirror of
https://github.com/harivansh-afk/betterNAS.git
synced 2026-04-15 09:01:13 +00:00
Secure first-loop control-plane auth and mount routing.
Protect the control-plane API with explicit bearer auth, add node-scoped registration/heartbeat credentials, and make export mount paths an explicit contract field so mount profiles stay correct across runtimes. Generated with [Devin](https://cli.devin.ai/docs) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
This commit is contained in:
parent
a7f85f4871
commit
ed40da7326
23 changed files with 3676 additions and 124 deletions
|
|
@ -7,9 +7,16 @@ It is intentionally small for now:
|
|||
- `GET /health`
|
||||
- `GET /version`
|
||||
- `POST /api/v1/nodes/register`
|
||||
- `POST /api/v1/nodes/{nodeId}/heartbeat`
|
||||
- `GET /api/v1/exports`
|
||||
- `POST /api/v1/mount-profiles/issue`
|
||||
- `POST /api/v1/cloud-profiles/issue`
|
||||
|
||||
The request and response shapes must follow the contracts in
|
||||
[`packages/contracts`](../../packages/contracts).
|
||||
|
||||
`/api/v1/*` endpoints require bearer auth. New nodes register with
|
||||
`BETTERNAS_CONTROL_PLANE_NODE_BOOTSTRAP_TOKEN`, client flows use
|
||||
`BETTERNAS_CONTROL_PLANE_CLIENT_TOKEN`, and node registration returns an
|
||||
`X-BetterNAS-Node-Token` header for subsequent node-scoped register and
|
||||
heartbeat calls. Multi-export registrations should also send an explicit `mountPath` per export so mount profiles can stay stable across runtimes.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue