harivansh-afk/betterNAS
1
1
Fork 0
mirror of https://github.com/harivansh-afk/betterNAS.git synced 2026-04-15 15:03:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
betterNAS/apps/control-plane
History
Harivansh Rathi c499e46a4d Add SQLite store and user auth for production deployment 
Replace the in-memory JSON-backed store with a SQLite option using
modernc.org/sqlite (pure Go, no CGo). Add user authentication with
bcrypt password hashing and random session tokens.

SQLite store:
- Schema covers nodes, exports, tokens, ordinals, users, sessions
- WAL mode and foreign keys enabled
- Set BETTERNAS_CONTROL_PLANE_DB_PATH to activate (falls back to
  memory store when empty)

User auth:
- POST /api/v1/auth/register, login, logout, GET /me
- bcrypt (cost 10) for passwords, 32-byte hex session tokens
- Sessions stored in SQLite with configurable TTL
- Client endpoints accept session tokens or static client token
- CORS middleware via BETTERNAS_CORS_ORIGIN env var

New env vars: BETTERNAS_CONTROL_PLANE_DB_PATH, BETTERNAS_SESSION_TTL,
BETTERNAS_REGISTRATION_ENABLED, BETTERNAS_CORS_ORIGIN

24 tests pass including 7 SQLite store tests and 7 auth tests.
Builds clean with CGO_ENABLED=0.
2026-04-01 18:47:59 -04:00
..
cmd/control-plane Add SQLite store and user auth for production deployment 2026-04-01 18:47:59 -04:00
Dockerfile init (#5) 2026-03-31 23:50:51 -04:00
go.mod Add SQLite store and user auth for production deployment 2026-04-01 18:47:59 -04:00
go.sum Add SQLite store and user auth for production deployment 2026-04-01 18:47:59 -04:00
package.json pnpm, verify, cleanup (#6) 2026-03-31 23:59:52 -04:00
README.md Make control-plane the real mount authority 2026-04-01 17:46:50 +00:00

README.md

betterNAS Control Plane

Go service that owns the product control plane.

It is intentionally small for now:

  • GET /health
  • GET /version
  • POST /api/v1/nodes/register
  • POST /api/v1/nodes/{nodeId}/heartbeat
  • PUT /api/v1/nodes/{nodeId}/exports
  • GET /api/v1/exports
  • POST /api/v1/mount-profiles/issue
  • POST /api/v1/cloud-profiles/issue

The request and response shapes must follow the contracts in packages/contracts.

/api/v1/* endpoints require bearer auth. New nodes register with BETTERNAS_CONTROL_PLANE_NODE_BOOTSTRAP_TOKEN, client flows use BETTERNAS_CONTROL_PLANE_CLIENT_TOKEN, and node registration returns an X-BetterNAS-Node-Token header for subsequent node-scoped register and heartbeat and export sync calls. Mount profiles now return standard WebDAV username and password credentials, and multi-export sync should send an explicit mountPath per export so mount profiles can stay stable across runtimes.