harivansh-afk/betterNAS
1
1
Fork 0
mirror of https://github.com/harivansh-afk/betterNAS.git synced 2026-04-15 14:03:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
betterNAS/apps/control-plane
History
Harivansh Rathi ed40da7326 Secure first-loop control-plane auth and mount routing. 
Protect the control-plane API with explicit bearer auth, add node-scoped
registration/heartbeat credentials, and make export mount paths an explicit
contract field so mount profiles stay correct across runtimes.

Generated with [Devin](https://cli.devin.ai/docs)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2026-04-01 14:13:14 +00:00
..
cmd/control-plane Secure first-loop control-plane auth and mount routing. 2026-04-01 14:13:14 +00:00
Dockerfile init (#5) 2026-03-31 23:50:51 -04:00
go.mod init (#5) 2026-03-31 23:50:51 -04:00
package.json pnpm, verify, cleanup (#6) 2026-03-31 23:59:52 -04:00
README.md Secure first-loop control-plane auth and mount routing. 2026-04-01 14:13:14 +00:00

README.md

betterNAS Control Plane

Go service that owns the product control plane.

It is intentionally small for now:

  • GET /health
  • GET /version
  • POST /api/v1/nodes/register
  • POST /api/v1/nodes/{nodeId}/heartbeat
  • GET /api/v1/exports
  • POST /api/v1/mount-profiles/issue
  • POST /api/v1/cloud-profiles/issue

The request and response shapes must follow the contracts in packages/contracts.

/api/v1/* endpoints require bearer auth. New nodes register with BETTERNAS_CONTROL_PLANE_NODE_BOOTSTRAP_TOKEN, client flows use BETTERNAS_CONTROL_PLANE_CLIENT_TOKEN, and node registration returns an X-BetterNAS-Node-Token header for subsequent node-scoped register and heartbeat calls. Multi-export registrations should also send an explicit mountPath per export so mount profiles can stay stable across runtimes.