feat: Complete AG Loadbalancer & Cluster API

Refactor routing logic (Chi can be a pain when you're managing large sets of routes, but its one of the better options when considering a potential gRPC future) Upgrade API Generation to fully support OAS3.1 Update swagger interface to RapiDoc - the old swagger interface doesnt support OAS3.1 yet Docs are now embedded as part of the UI - once logged in they pick up the cookies and org id from what gets set by the UI, but you can override it Other updates include better portability of the db-studio Signed-off-by: allanice001 <allanice001@gmail.com>
2026-02-13 04:40:05 +01:00 · 2025-11-17 04:59:39 +00:00
parent 165d2a2af1
commit 7985b310c5
67 changed files with 10745 additions and 3283 deletions
--- a/internal/api/mount_api_routes.go
+++ b/internal/api/mount_api_routes.go
@@ -32,6 +32,8 @@ func mountAPIRoutes(r chi.Router, db *gorm.DB, jobs *bg.Jobs) {
 			mountAnnotationRoutes(v1, db, authOrg)
 			mountNodePoolRoutes(v1, db, authOrg)
 			mountDNSRoutes(v1, db, authOrg)
+			mountLoadBalancerRoutes(v1, db, authOrg)
+			mountClusterRoutes(v1, db, authOrg)
 		})
 	})
 }
--- a/internal/api/mount_cluster_routes.go
+++ b/internal/api/mount_cluster_routes.go
@@ -0,0 +1,39 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/glueops/autoglue/internal/handlers"
+	"github.com/go-chi/chi/v5"
+	"gorm.io/gorm"
+)
+
+func mountClusterRoutes(r chi.Router, db *gorm.DB, authOrg func(http.Handler) http.Handler) {
+	r.Route("/clusters", func(c chi.Router) {
+		c.Use(authOrg)
+		c.Get("/", handlers.ListClusters(db))
+		c.Post("/", handlers.CreateCluster(db))
+
+		c.Get("/{clusterID}", handlers.GetCluster(db))
+		c.Patch("/{clusterID}", handlers.UpdateCluster(db))
+		c.Delete("/{clusterID}", handlers.DeleteCluster(db))
+
+		c.Post("/{clusterID}/captain-domain", handlers.AttachCaptainDomain(db))
+		c.Delete("/{clusterID}/captain-domain", handlers.DetachCaptainDomain(db))
+
+		c.Post("/{clusterID}/control-plane-record-set", handlers.AttachControlPlaneRecordSet(db))
+		c.Delete("/{clusterID}/control-plane-record-set", handlers.DetachControlPlaneRecordSet(db))
+
+		c.Post("/{clusterID}/apps-load-balancer", handlers.AttachAppsLoadBalancer(db))
+		c.Delete("/{clusterID}/apps-load-balancer", handlers.DetachAppsLoadBalancer(db))
+		c.Post("/{clusterID}/glueops-load-balancer", handlers.AttachGlueOpsLoadBalancer(db))
+		c.Delete("/{clusterID}/glueops-load-balancer", handlers.DetachGlueOpsLoadBalancer(db))
+
+		c.Post("/{clusterID}/bastion", handlers.AttachBastionServer(db))
+		c.Delete("/{clusterID}/bastion", handlers.DetachBastionServer(db))
+
+		c.Post("/{clusterID}/kubeconfig", handlers.SetClusterKubeconfig(db))
+		c.Delete("/{clusterID}/kubeconfig", handlers.ClearClusterKubeconfig(db))
+
+	})
+}
--- a/internal/api/mount_db_studio.go
+++ b/internal/api/mount_db_studio.go
@@ -10,7 +10,7 @@ import (
 	pgcmd "github.com/sosedoff/pgweb/pkg/command"
 )

-func PgwebHandler(dbURL, prefix string, readonly bool) (http.Handler, error) {
+func MountDbStudio(dbURL, prefix string, readonly bool) (http.Handler, error) {
 	// Normalize prefix for pgweb:
 	//  - no leading slash
 	//  - always trailing slash if not empty
--- a/internal/api/mount_load_balancer_routes.go
+++ b/internal/api/mount_load_balancer_routes.go
@@ -0,0 +1,20 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/glueops/autoglue/internal/handlers"
+	"github.com/go-chi/chi/v5"
+	"gorm.io/gorm"
+)
+
+func mountLoadBalancerRoutes(r chi.Router, db *gorm.DB, authOrg func(http.Handler) http.Handler) {
+	r.Route("/load-balancers", func(l chi.Router) {
+		l.Use(authOrg)
+		l.Get("/", handlers.ListLoadBalancers(db))
+		l.Post("/", handlers.CreateLoadBalancer(db))
+		l.Get("/{id}", handlers.GetLoadBalancer(db))
+		l.Patch("/{id}", handlers.UpdateLoadBalancer(db))
+		l.Delete("/{id}", handlers.DeleteLoadBalancer(db))
+	})
+}
--- a/internal/api/mount_swagger_routes.go
+++ b/internal/api/mount_swagger_routes.go
@@ -1,15 +1,87 @@
 package api

 import (
+	"fmt"
+	"html/template"
+	"net/http"
+
 	"github.com/glueops/autoglue/docs"
 	"github.com/go-chi/chi/v5"
-	httpSwagger "github.com/swaggo/http-swagger/v2"
 )

 func mountSwaggerRoutes(r chi.Router) {
-	r.Get("/swagger/*", httpSwagger.Handler(
-		httpSwagger.URL("swagger.json"),
-	))
+	r.Get("/swagger", RapidDocHandler("/swagger/swagger.yaml"))
+	r.Get("/swagger/index.html", RapidDocHandler("/swagger/swagger.yaml"))
 	r.Get("/swagger/swagger.json", serveSwaggerFromEmbed(docs.SwaggerJSON, "application/json"))
 	r.Get("/swagger/swagger.yaml", serveSwaggerFromEmbed(docs.SwaggerYAML, "application/x-yaml"))
 }
+
+var rapidDocTmpl = template.Must(template.New("redoc").Parse(`<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <title>AutoGlue API Docs</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <meta charset="utf-8">
+  <style>
+    body { margin: 0; padding: 0; }
+    .redoc-container { height: 100vh; }
+  </style>
+</head>
+<body>
+  <rapi-doc
+    id="autoglue-docs"
+    spec-url="{{.SpecURL}}"
+    render-style="read"
+    theme="dark"
+    show-header="false"
+    persist-auth="true"
+	allow-advanced-search="true"
+	schema-description-expanded="true"                                                                                                                                   
+	allow-schema-description-expand-toggle="false"                                                                                                                       
+	allow-spec-file-download="true"                                                                                                                                      
+	allow-spec-file-load="false"                                                                                                                                         
+	allow-spec-url-load="false"                       
+    allow-try="true"
+    schema-style="tree"
+	fetch-credentials="include"
+    default-api-server="{{.DefaultServer}}"
+ 	api-key-name="X-ORG-ID"
+  	api-key-location="header"
+  	api-key-value=""
+  />
+  <script type="module" src="https://unpkg.com/rapidoc/dist/rapidoc-min.js"></script>
+  <script>
+    window.addEventListener('DOMContentLoaded', () => {
+      const rd = document.getElementById('autoglue-docs');
+      if (!rd) return;
+
+      const storedOrg = localStorage.getItem('autoglue.org');
+      if (storedOrg) {
+        rd.setAttribute('api-key-value', storedOrg);
+      }
+    }
+  </script>
+</body>
+</html>`))
+
+func RapidDocHandler(specURL string) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		scheme := "http"
+		if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" {
+			scheme = "https"
+		}
+
+		host := r.Host
+		defaultServer := fmt.Sprintf("%s://%s/api/v1", scheme, host)
+
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		if err := rapidDocTmpl.Execute(w, map[string]string{
+			"SpecURL":       specURL,
+			"DefaultServer": defaultServer,
+		}); err != nil {
+			http.Error(w, "failed to render docs", http.StatusInternalServerError)
+			return
+		}
+	}
+}
--- a/internal/api/mw_security.go
+++ b/internal/api/mw_security.go
@@ -29,14 +29,14 @@ func SecurityHeaders(next http.Handler) http.Handler {
 				"base-uri 'self'",
 				"form-action 'self'",
 				// Vite dev & inline preamble/eval:
-				"script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:5173",
+				"script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:5173 https://unpkg.com",
 				// allow dev style + Google Fonts
 				"style-src 'self' 'unsafe-inline' http://localhost:5173 https://fonts.googleapis.com",
 				"img-src 'self' data: blob:",
 				// Google font files
 				"font-src 'self' data: https://fonts.gstatic.com",
 				// HMR connections
-				"connect-src 'self' http://localhost:5173 ws://localhost:5173 ws://localhost:8080 https://api.github.com",
+				"connect-src 'self' http://localhost:5173 ws://localhost:5173 ws://localhost:8080 https://api.github.com https://unpkg.com",
 				"frame-ancestors 'none'",
 			}, "; "))
 		} else {
@@ -49,11 +49,11 @@ func SecurityHeaders(next http.Handler) http.Handler {
 				"default-src 'self'",
 				"base-uri 'self'",
 				"form-action 'self'",
-				"script-src 'self' 'unsafe-inline'",
+				"script-src 'self' 'unsafe-inline' https://unpkg.com",
 				"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
 				"img-src 'self' data: blob:",
 				"font-src 'self' data: https://fonts.gstatic.com",
-				"connect-src 'self' ws://localhost:8080 https://api.github.com",
+				"connect-src 'self' ws://localhost:8080 https://api.github.com https://unpkg.com",
 				"frame-ancestors 'none'",
 			}, "; "))
 		}
--- a/internal/api/routes.go
+++ b/internal/api/routes.go
@@ -38,6 +38,7 @@ func NewRouter(db *gorm.DB, jobs *bg.Jobs, studio http.Handler) http.Handler {
 	r.Use(SecurityHeaders)
 	r.Use(requestBodyLimit(10 << 20))
 	r.Use(httprate.LimitByIP(100, 1*time.Minute))
+	r.Use(middleware.StripSlashes)

 	allowed := getAllowedOrigins()
 	r.Use(cors.Handler(cors.Options{
@@ -103,18 +104,19 @@ func NewRouter(db *gorm.DB, jobs *bg.Jobs, studio http.Handler) http.Handler {
 		mux := http.NewServeMux()
 		mux.Handle("/api/", r)
 		mux.Handle("/api", r)
+		mux.Handle("/swagger", r)
 		mux.Handle("/swagger/", r)
 		mux.Handle("/db-studio/", r)
 		mux.Handle("/debug/pprof/", r)
 		mux.Handle("/", proxy)
 		return mux
-	}
-
-	fmt.Println("Running in production mode")
-	if h, err := web.SPAHandler(); err == nil {
-		r.NotFound(h.ServeHTTP)
 	} else {
-		log.Error().Err(err).Msg("spa handler init failed")
+		fmt.Println("Running in production mode")
+		if h, err := web.SPAHandler(); err == nil {
+			r.NotFound(h.ServeHTTP)
+		} else {
+			log.Error().Err(err).Msg("spa handler init failed")
+		}
 	}

 	return r
--- a/internal/api/utils.go
+++ b/internal/api/utils.go
@@ -40,6 +40,7 @@ func serveSwaggerFromEmbed(data []byte, contentType string) http.HandlerFunc {
 	return func(w http.ResponseWriter, _ *http.Request) {
 		w.Header().Set("Content-Type", contentType)
 		w.WriteHeader(http.StatusOK)
+		// nosemgrep: go.lang.security.audit.xss.no-direct-write-to-responsewriter
 		_, _ = w.Write(data)
 	}
 }