Merge pull request #82 from router-for-me/mgmt
feat: Implement hot-reloading for management endpoints
This commit is contained in:
Luis Pater
+117
-63
@@ -13,6 +13,7 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync/atomic"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
@@ -126,6 +127,11 @@ type Server struct {
|
|||||||
// management handler
|
// management handler
|
||||||
mgmt *managementHandlers.Handler
|
mgmt *managementHandlers.Handler
|
||||||
|
|
||||||
|
// managementRoutesRegistered tracks whether the management routes have been attached to the engine.
|
||||||
|
managementRoutesRegistered atomic.Bool
|
||||||
|
// managementRoutesEnabled controls whether management endpoints serve real handlers.
|
||||||
|
managementRoutesEnabled atomic.Bool
|
||||||
|
|
||||||
localPassword string
|
localPassword string
|
||||||
|
|
||||||
keepAliveEnabled bool
|
keepAliveEnabled bool
|
||||||
@@ -210,6 +216,12 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk
|
|||||||
optionState.routerConfigurator(engine, s.handlers, cfg)
|
optionState.routerConfigurator(engine, s.handlers, cfg)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Register management routes only when a secret is present at startup.
|
||||||
|
s.managementRoutesEnabled.Store(cfg.RemoteManagement.SecretKey != "")
|
||||||
|
if cfg.RemoteManagement.SecretKey != "" {
|
||||||
|
s.registerManagementRoutes()
|
||||||
|
}
|
||||||
|
|
||||||
if optionState.keepAliveEnabled {
|
if optionState.keepAliveEnabled {
|
||||||
s.enableKeepAlive(optionState.keepAliveTimeout, optionState.keepAliveOnTimeout)
|
s.enableKeepAlive(optionState.keepAliveTimeout, optionState.keepAliveOnTimeout)
|
||||||
}
|
}
|
||||||
@@ -308,85 +320,104 @@ func (s *Server) setupRoutes() {
|
|||||||
c.String(http.StatusOK, "<html><body><h1>Authentication successful!</h1><p>You can close this window.</p></body></html>")
|
c.String(http.StatusOK, "<html><body><h1>Authentication successful!</h1><p>You can close this window.</p></body></html>")
|
||||||
})
|
})
|
||||||
|
|
||||||
// Management API routes (delegated to management handlers)
|
// Management routes are registered lazily by registerManagementRoutes when a secret is configured.
|
||||||
// New logic: if remote-management-key is empty, do not expose any management endpoint (404).
|
}
|
||||||
if s.cfg.RemoteManagement.SecretKey != "" {
|
|
||||||
mgmt := s.engine.Group("/v0/management")
|
|
||||||
mgmt.Use(s.mgmt.Middleware())
|
|
||||||
{
|
|
||||||
mgmt.GET("/usage", s.mgmt.GetUsageStatistics)
|
|
||||||
mgmt.GET("/config", s.mgmt.GetConfig)
|
|
||||||
|
|
||||||
mgmt.GET("/debug", s.mgmt.GetDebug)
|
func (s *Server) registerManagementRoutes() {
|
||||||
mgmt.PUT("/debug", s.mgmt.PutDebug)
|
if s == nil || s.engine == nil || s.mgmt == nil {
|
||||||
mgmt.PATCH("/debug", s.mgmt.PutDebug)
|
return
|
||||||
|
}
|
||||||
|
if !s.managementRoutesRegistered.CompareAndSwap(false, true) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
mgmt.GET("/logging-to-file", s.mgmt.GetLoggingToFile)
|
log.Info("management routes registered after secret key configuration")
|
||||||
mgmt.PUT("/logging-to-file", s.mgmt.PutLoggingToFile)
|
|
||||||
mgmt.PATCH("/logging-to-file", s.mgmt.PutLoggingToFile)
|
|
||||||
|
|
||||||
mgmt.GET("/usage-statistics-enabled", s.mgmt.GetUsageStatisticsEnabled)
|
mgmt := s.engine.Group("/v0/management")
|
||||||
mgmt.PUT("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled)
|
mgmt.Use(s.managementAvailabilityMiddleware(), s.mgmt.Middleware())
|
||||||
mgmt.PATCH("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled)
|
{
|
||||||
|
mgmt.GET("/usage", s.mgmt.GetUsageStatistics)
|
||||||
|
mgmt.GET("/config", s.mgmt.GetConfig)
|
||||||
|
|
||||||
mgmt.GET("/proxy-url", s.mgmt.GetProxyURL)
|
mgmt.GET("/debug", s.mgmt.GetDebug)
|
||||||
mgmt.PUT("/proxy-url", s.mgmt.PutProxyURL)
|
mgmt.PUT("/debug", s.mgmt.PutDebug)
|
||||||
mgmt.PATCH("/proxy-url", s.mgmt.PutProxyURL)
|
mgmt.PATCH("/debug", s.mgmt.PutDebug)
|
||||||
mgmt.DELETE("/proxy-url", s.mgmt.DeleteProxyURL)
|
|
||||||
|
|
||||||
mgmt.GET("/quota-exceeded/switch-project", s.mgmt.GetSwitchProject)
|
mgmt.GET("/logging-to-file", s.mgmt.GetLoggingToFile)
|
||||||
mgmt.PUT("/quota-exceeded/switch-project", s.mgmt.PutSwitchProject)
|
mgmt.PUT("/logging-to-file", s.mgmt.PutLoggingToFile)
|
||||||
mgmt.PATCH("/quota-exceeded/switch-project", s.mgmt.PutSwitchProject)
|
mgmt.PATCH("/logging-to-file", s.mgmt.PutLoggingToFile)
|
||||||
|
|
||||||
mgmt.GET("/quota-exceeded/switch-preview-model", s.mgmt.GetSwitchPreviewModel)
|
mgmt.GET("/usage-statistics-enabled", s.mgmt.GetUsageStatisticsEnabled)
|
||||||
mgmt.PUT("/quota-exceeded/switch-preview-model", s.mgmt.PutSwitchPreviewModel)
|
mgmt.PUT("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled)
|
||||||
mgmt.PATCH("/quota-exceeded/switch-preview-model", s.mgmt.PutSwitchPreviewModel)
|
mgmt.PATCH("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled)
|
||||||
|
|
||||||
mgmt.GET("/api-keys", s.mgmt.GetAPIKeys)
|
mgmt.GET("/proxy-url", s.mgmt.GetProxyURL)
|
||||||
mgmt.PUT("/api-keys", s.mgmt.PutAPIKeys)
|
mgmt.PUT("/proxy-url", s.mgmt.PutProxyURL)
|
||||||
mgmt.PATCH("/api-keys", s.mgmt.PatchAPIKeys)
|
mgmt.PATCH("/proxy-url", s.mgmt.PutProxyURL)
|
||||||
mgmt.DELETE("/api-keys", s.mgmt.DeleteAPIKeys)
|
mgmt.DELETE("/proxy-url", s.mgmt.DeleteProxyURL)
|
||||||
|
|
||||||
mgmt.GET("/generative-language-api-key", s.mgmt.GetGlKeys)
|
mgmt.GET("/quota-exceeded/switch-project", s.mgmt.GetSwitchProject)
|
||||||
mgmt.PUT("/generative-language-api-key", s.mgmt.PutGlKeys)
|
mgmt.PUT("/quota-exceeded/switch-project", s.mgmt.PutSwitchProject)
|
||||||
mgmt.PATCH("/generative-language-api-key", s.mgmt.PatchGlKeys)
|
mgmt.PATCH("/quota-exceeded/switch-project", s.mgmt.PutSwitchProject)
|
||||||
mgmt.DELETE("/generative-language-api-key", s.mgmt.DeleteGlKeys)
|
|
||||||
|
|
||||||
mgmt.GET("/request-log", s.mgmt.GetRequestLog)
|
mgmt.GET("/quota-exceeded/switch-preview-model", s.mgmt.GetSwitchPreviewModel)
|
||||||
mgmt.PUT("/request-log", s.mgmt.PutRequestLog)
|
mgmt.PUT("/quota-exceeded/switch-preview-model", s.mgmt.PutSwitchPreviewModel)
|
||||||
mgmt.PATCH("/request-log", s.mgmt.PutRequestLog)
|
mgmt.PATCH("/quota-exceeded/switch-preview-model", s.mgmt.PutSwitchPreviewModel)
|
||||||
|
|
||||||
mgmt.GET("/request-retry", s.mgmt.GetRequestRetry)
|
mgmt.GET("/api-keys", s.mgmt.GetAPIKeys)
|
||||||
mgmt.PUT("/request-retry", s.mgmt.PutRequestRetry)
|
mgmt.PUT("/api-keys", s.mgmt.PutAPIKeys)
|
||||||
mgmt.PATCH("/request-retry", s.mgmt.PutRequestRetry)
|
mgmt.PATCH("/api-keys", s.mgmt.PatchAPIKeys)
|
||||||
|
mgmt.DELETE("/api-keys", s.mgmt.DeleteAPIKeys)
|
||||||
|
|
||||||
mgmt.GET("/claude-api-key", s.mgmt.GetClaudeKeys)
|
mgmt.GET("/generative-language-api-key", s.mgmt.GetGlKeys)
|
||||||
mgmt.PUT("/claude-api-key", s.mgmt.PutClaudeKeys)
|
mgmt.PUT("/generative-language-api-key", s.mgmt.PutGlKeys)
|
||||||
mgmt.PATCH("/claude-api-key", s.mgmt.PatchClaudeKey)
|
mgmt.PATCH("/generative-language-api-key", s.mgmt.PatchGlKeys)
|
||||||
mgmt.DELETE("/claude-api-key", s.mgmt.DeleteClaudeKey)
|
mgmt.DELETE("/generative-language-api-key", s.mgmt.DeleteGlKeys)
|
||||||
|
|
||||||
mgmt.GET("/codex-api-key", s.mgmt.GetCodexKeys)
|
mgmt.GET("/request-log", s.mgmt.GetRequestLog)
|
||||||
mgmt.PUT("/codex-api-key", s.mgmt.PutCodexKeys)
|
mgmt.PUT("/request-log", s.mgmt.PutRequestLog)
|
||||||
mgmt.PATCH("/codex-api-key", s.mgmt.PatchCodexKey)
|
mgmt.PATCH("/request-log", s.mgmt.PutRequestLog)
|
||||||
mgmt.DELETE("/codex-api-key", s.mgmt.DeleteCodexKey)
|
|
||||||
|
|
||||||
mgmt.GET("/openai-compatibility", s.mgmt.GetOpenAICompat)
|
mgmt.GET("/request-retry", s.mgmt.GetRequestRetry)
|
||||||
mgmt.PUT("/openai-compatibility", s.mgmt.PutOpenAICompat)
|
mgmt.PUT("/request-retry", s.mgmt.PutRequestRetry)
|
||||||
mgmt.PATCH("/openai-compatibility", s.mgmt.PatchOpenAICompat)
|
mgmt.PATCH("/request-retry", s.mgmt.PutRequestRetry)
|
||||||
mgmt.DELETE("/openai-compatibility", s.mgmt.DeleteOpenAICompat)
|
|
||||||
|
|
||||||
mgmt.GET("/auth-files", s.mgmt.ListAuthFiles)
|
mgmt.GET("/claude-api-key", s.mgmt.GetClaudeKeys)
|
||||||
mgmt.GET("/auth-files/download", s.mgmt.DownloadAuthFile)
|
mgmt.PUT("/claude-api-key", s.mgmt.PutClaudeKeys)
|
||||||
mgmt.POST("/auth-files", s.mgmt.UploadAuthFile)
|
mgmt.PATCH("/claude-api-key", s.mgmt.PatchClaudeKey)
|
||||||
mgmt.DELETE("/auth-files", s.mgmt.DeleteAuthFile)
|
mgmt.DELETE("/claude-api-key", s.mgmt.DeleteClaudeKey)
|
||||||
|
|
||||||
mgmt.GET("/anthropic-auth-url", s.mgmt.RequestAnthropicToken)
|
mgmt.GET("/codex-api-key", s.mgmt.GetCodexKeys)
|
||||||
mgmt.GET("/codex-auth-url", s.mgmt.RequestCodexToken)
|
mgmt.PUT("/codex-api-key", s.mgmt.PutCodexKeys)
|
||||||
mgmt.GET("/gemini-cli-auth-url", s.mgmt.RequestGeminiCLIToken)
|
mgmt.PATCH("/codex-api-key", s.mgmt.PatchCodexKey)
|
||||||
mgmt.POST("/gemini-web-token", s.mgmt.CreateGeminiWebToken)
|
mgmt.DELETE("/codex-api-key", s.mgmt.DeleteCodexKey)
|
||||||
mgmt.GET("/qwen-auth-url", s.mgmt.RequestQwenToken)
|
|
||||||
mgmt.GET("/get-auth-status", s.mgmt.GetAuthStatus)
|
mgmt.GET("/openai-compatibility", s.mgmt.GetOpenAICompat)
|
||||||
|
mgmt.PUT("/openai-compatibility", s.mgmt.PutOpenAICompat)
|
||||||
|
mgmt.PATCH("/openai-compatibility", s.mgmt.PatchOpenAICompat)
|
||||||
|
mgmt.DELETE("/openai-compatibility", s.mgmt.DeleteOpenAICompat)
|
||||||
|
|
||||||
|
mgmt.GET("/auth-files", s.mgmt.ListAuthFiles)
|
||||||
|
mgmt.GET("/auth-files/download", s.mgmt.DownloadAuthFile)
|
||||||
|
mgmt.POST("/auth-files", s.mgmt.UploadAuthFile)
|
||||||
|
mgmt.DELETE("/auth-files", s.mgmt.DeleteAuthFile)
|
||||||
|
|
||||||
|
mgmt.GET("/anthropic-auth-url", s.mgmt.RequestAnthropicToken)
|
||||||
|
mgmt.GET("/codex-auth-url", s.mgmt.RequestCodexToken)
|
||||||
|
mgmt.GET("/gemini-cli-auth-url", s.mgmt.RequestGeminiCLIToken)
|
||||||
|
mgmt.POST("/gemini-web-token", s.mgmt.CreateGeminiWebToken)
|
||||||
|
mgmt.GET("/qwen-auth-url", s.mgmt.RequestQwenToken)
|
||||||
|
mgmt.GET("/get-auth-status", s.mgmt.GetAuthStatus)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Server) managementAvailabilityMiddleware() gin.HandlerFunc {
|
||||||
|
return func(c *gin.Context) {
|
||||||
|
if !s.managementRoutesEnabled.Load() {
|
||||||
|
c.AbortWithStatus(http.StatusNotFound)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
c.Next()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -641,6 +672,29 @@ func (s *Server) UpdateClients(cfg *config.Config) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
prevSecretEmpty := true
|
||||||
|
if oldCfg != nil {
|
||||||
|
prevSecretEmpty = oldCfg.RemoteManagement.SecretKey == ""
|
||||||
|
}
|
||||||
|
newSecretEmpty := cfg.RemoteManagement.SecretKey == ""
|
||||||
|
switch {
|
||||||
|
case prevSecretEmpty && !newSecretEmpty:
|
||||||
|
s.registerManagementRoutes()
|
||||||
|
if s.managementRoutesEnabled.CompareAndSwap(false, true) {
|
||||||
|
log.Info("management routes enabled after secret key update")
|
||||||
|
} else {
|
||||||
|
s.managementRoutesEnabled.Store(true)
|
||||||
|
}
|
||||||
|
case !prevSecretEmpty && newSecretEmpty:
|
||||||
|
if s.managementRoutesEnabled.CompareAndSwap(true, false) {
|
||||||
|
log.Info("management routes disabled after secret key removal")
|
||||||
|
} else {
|
||||||
|
s.managementRoutesEnabled.Store(false)
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
s.managementRoutesEnabled.Store(!newSecretEmpty)
|
||||||
|
}
|
||||||
|
|
||||||
s.applyAccessConfig(oldCfg, cfg)
|
s.applyAccessConfig(oldCfg, cfg)
|
||||||
s.cfg = cfg
|
s.cfg = cfg
|
||||||
s.handlers.UpdateClients(&cfg.SDKConfig)
|
s.handlers.UpdateClients(&cfg.SDKConfig)
|
||||||
|
|||||||
@@ -430,8 +430,15 @@ func (w *Watcher) handleEvent(event fsnotify.Event) {
|
|||||||
}
|
}
|
||||||
fmt.Printf("config file changed, reloading: %s\n", w.configPath)
|
fmt.Printf("config file changed, reloading: %s\n", w.configPath)
|
||||||
if w.reloadConfig() {
|
if w.reloadConfig() {
|
||||||
|
finalHash := newHash
|
||||||
|
if updatedData, errRead := os.ReadFile(w.configPath); errRead == nil && len(updatedData) > 0 {
|
||||||
|
sumUpdated := sha256.Sum256(updatedData)
|
||||||
|
finalHash = hex.EncodeToString(sumUpdated[:])
|
||||||
|
} else if errRead != nil {
|
||||||
|
log.WithError(errRead).Debug("failed to compute updated config hash after reload")
|
||||||
|
}
|
||||||
w.clientsMutex.Lock()
|
w.clientsMutex.Lock()
|
||||||
w.lastConfigHash = newHash
|
w.lastConfigHash = finalHash
|
||||||
w.clientsMutex.Unlock()
|
w.clientsMutex.Unlock()
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
@@ -532,6 +539,21 @@ func (w *Watcher) reloadConfig() bool {
|
|||||||
if oldConfig.RemoteManagement.AllowRemote != newConfig.RemoteManagement.AllowRemote {
|
if oldConfig.RemoteManagement.AllowRemote != newConfig.RemoteManagement.AllowRemote {
|
||||||
log.Debugf(" remote-management.allow-remote: %t -> %t", oldConfig.RemoteManagement.AllowRemote, newConfig.RemoteManagement.AllowRemote)
|
log.Debugf(" remote-management.allow-remote: %t -> %t", oldConfig.RemoteManagement.AllowRemote, newConfig.RemoteManagement.AllowRemote)
|
||||||
}
|
}
|
||||||
|
if oldConfig.RemoteManagement.SecretKey != newConfig.RemoteManagement.SecretKey {
|
||||||
|
switch {
|
||||||
|
case oldConfig.RemoteManagement.SecretKey == "" && newConfig.RemoteManagement.SecretKey != "":
|
||||||
|
log.Debug(" remote-management.secret-key: created")
|
||||||
|
case oldConfig.RemoteManagement.SecretKey != "" && newConfig.RemoteManagement.SecretKey == "":
|
||||||
|
log.Debug(" remote-management.secret-key: deleted")
|
||||||
|
default:
|
||||||
|
log.Debug(" remote-management.secret-key: updated")
|
||||||
|
}
|
||||||
|
if newConfig.RemoteManagement.SecretKey == "" {
|
||||||
|
log.Info("management routes will be disabled after secret key removal")
|
||||||
|
} else {
|
||||||
|
log.Info("management routes will be enabled after secret key update")
|
||||||
|
}
|
||||||
|
}
|
||||||
if oldConfig.RemoteManagement.DisableControlPanel != newConfig.RemoteManagement.DisableControlPanel {
|
if oldConfig.RemoteManagement.DisableControlPanel != newConfig.RemoteManagement.DisableControlPanel {
|
||||||
log.Debugf(" remote-management.disable-control-panel: %t -> %t", oldConfig.RemoteManagement.DisableControlPanel, newConfig.RemoteManagement.DisableControlPanel)
|
log.Debugf(" remote-management.disable-control-panel: %t -> %t", oldConfig.RemoteManagement.DisableControlPanel, newConfig.RemoteManagement.DisableControlPanel)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user