mc/metacrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cc1ac2e255a706a3434dfac972b6823c4503954b
metacrypt/internal/webserver/util.go
Kyle Isom cc1ac2e255 Separate web UI into standalone metacrypt-web binary 
The vault server holds in-memory unsealed state (KEK, engine keys) that
is lost on restart, requiring a full unseal ceremony. Previously the web
UI ran inside the vault process, so any UI change forced a restart and
re-unseal.

This change extracts the web UI into a separate metacrypt-web binary
that communicates with the vault over an authenticated gRPC connection.
The web server carries no sealed state and can be restarted freely.

- gen/metacrypt/v1/: generated Go bindings from proto/metacrypt/v1/
- internal/grpcserver/: full gRPC server implementation (System, Auth,
  Engine, PKI, Policy, ACME services) with seal/auth/admin interceptors
- internal/webserver/: web server with gRPC vault client; templates
  embedded via web/embed.go (no runtime web/ directory needed)
- cmd/metacrypt-web/: standalone binary entry point
- internal/config: added [web] section (listen_addr, vault_grpc, etc.)
- internal/server/routes.go: removed all web UI routes and handlers
- cmd/metacrypt/server.go: starts gRPC server alongside HTTP server
- Deploy: Dockerfile builds both binaries, docker-compose adds
  metacrypt-web service, new metacrypt-web.service systemd unit,
  Makefile gains proto/metacrypt-web targets

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 10:15:47 -07:00

38 lines
923 B
Go
Raw Blame History

package webserver
import (
"context"
"crypto/x509"
"encoding/pem"
"errors"
"google.golang.org/protobuf/types/known/structpb"
)
type contextKey int
const tokenInfoCtxKey contextKey = iota
func withTokenInfo(ctx context.Context, info *TokenInfo) context.Context {
return context.WithValue(ctx, tokenInfoCtxKey, info)
}
func tokenInfoFromContext(ctx context.Context) *TokenInfo {
v, _ := ctx.Value(tokenInfoCtxKey).(*TokenInfo)
return v
}
// structFromMap converts a map[string]interface{} to a *structpb.Struct.
func structFromMap(m map[string]interface{}) (*structpb.Struct, error) {
return structpb.NewStruct(m)
}
// parsePEMCert decodes the first PEM block and parses it as an x509 certificate.
func parsePEMCert(pemData []byte) (*x509.Certificate, error) {
block, _ := pem.Decode(pemData)
if block == nil {
return nil, errors.New("no PEM block found")
}
return x509.ParseCertificate(block.Bytes)
}
Reference in New Issue View Git Blame Copy Permalink