Initial implementation of mcq — document reading queue

Single-binary service: push raw markdown via REST/gRPC API, read rendered HTML through mobile-friendly web UI. MCIAS auth on all endpoints, SQLite storage, goldmark rendering with GFM and syntax highlighting. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 11:53:26 -07:00
commit bc1627915e
36 changed files with 3773 additions and 0 deletions
--- a/internal/grpcserver/interceptors.go
+++ b/internal/grpcserver/interceptors.go
@@ -0,0 +1,40 @@
+package grpcserver
+
+import (
+	mcdslgrpc "git.wntrmute.dev/mc/mcdsl/grpcserver"
+)
+
+// methodMap builds the mcdsl grpcserver.MethodMap for MCQ.
+//
+// Adding a new RPC without adding it to the correct map is a security
+// defect — the mcdsl auth interceptor denies unmapped methods by default.
+func methodMap() mcdslgrpc.MethodMap {
+	return mcdslgrpc.MethodMap{
+		Public:        publicMethods(),
+		AuthRequired:  authRequiredMethods(),
+		AdminRequired: adminRequiredMethods(),
+	}
+}
+
+func publicMethods() map[string]bool {
+	return map[string]bool{
+		"/mcq.v1.AdminService/Health": true,
+		"/mcq.v1.AuthService/Login":   true,
+	}
+}
+
+func authRequiredMethods() map[string]bool {
+	return map[string]bool{
+		"/mcq.v1.AuthService/Logout":             true,
+		"/mcq.v1.DocumentService/ListDocuments":   true,
+		"/mcq.v1.DocumentService/GetDocument":     true,
+		"/mcq.v1.DocumentService/PutDocument":     true,
+		"/mcq.v1.DocumentService/DeleteDocument":  true,
+		"/mcq.v1.DocumentService/MarkRead":        true,
+		"/mcq.v1.DocumentService/MarkUnread":      true,
+	}
+}
+
+func adminRequiredMethods() map[string]bool {
+	return map[string]bool{}
+}