harivansh-afk/betterNAS
1
1
Fork 0
mirror of https://github.com/harivansh-afk/betterNAS.git synced 2026-04-15 13:03:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
betterNAS/apps/control-plane/README.md
Harivansh Rathi ed40da7326 Secure first-loop control-plane auth and mount routing. 
Protect the control-plane API with explicit bearer auth, add node-scoped
registration/heartbeat credentials, and make export mount paths an explicit
contract field so mount profiles stay correct across runtimes.

Generated with [Devin](https://cli.devin.ai/docs)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2026-04-01 14:13:14 +00:00

856 B
Raw Blame History

betterNAS Control Plane

Go service that owns the product control plane.

It is intentionally small for now:

  • GET /health
  • GET /version
  • POST /api/v1/nodes/register
  • POST /api/v1/nodes/{nodeId}/heartbeat
  • GET /api/v1/exports
  • POST /api/v1/mount-profiles/issue
  • POST /api/v1/cloud-profiles/issue

The request and response shapes must follow the contracts in packages/contracts.

/api/v1/* endpoints require bearer auth. New nodes register with BETTERNAS_CONTROL_PLANE_NODE_BOOTSTRAP_TOKEN, client flows use BETTERNAS_CONTROL_PLANE_CLIENT_TOKEN, and node registration returns an X-BetterNAS-Node-Token header for subsequent node-scoped register and heartbeat calls. Multi-export registrations should also send an explicit mountPath per export so mount profiles can stay stable across runtimes.