feat(server): hot-reload config store and reloadable infra clients
- Replace single Load() with a watching Store that re-reads config files
(and config.local.yaml) and fans out a ReloadEvent with a per-field diff
so consumers can decide whether the change is hot-applicable or requires
a process restart.
- Wrap llm, retrieval, vector store, and object storage clients in
Reloadable* shells so the bootstrap can swap their underlying impls when
config changes without re-instantiating handlers.
- Make jwt.Manager and ops TokenIssuer mutable under a lock so secrets and
TTLs can be rotated live; thread default plan code through a setter on
the ops AdminUserService.
- Wire ConfigStore through bootstrap and every cmd/main.go, scheduler /
worker / tenant-api / ops-api start the watcher; services and handlers
take a config.Provider so they always read current values for things
like generation.stream_enabled, scheduler dispatch, retrieval, etc.
- Switch shared/config decoding off viper to a Kratos-derived runtime
package so env placeholders (\${VAR:default}) resolve consistently and
the same source machinery powers both the loader and the watcher.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -20,15 +20,11 @@ import (
|
||||
)
|
||||
|
||||
type AssetHandler struct {
|
||||
secret string
|
||||
app *bootstrap.App
|
||||
app *bootstrap.App
|
||||
}
|
||||
|
||||
func NewAssetHandler(app *bootstrap.App) *AssetHandler {
|
||||
return &AssetHandler{
|
||||
secret: strings.TrimSpace(app.Config.JWT.Secret),
|
||||
app: app,
|
||||
}
|
||||
return &AssetHandler{app: app}
|
||||
}
|
||||
|
||||
func (h *AssetHandler) BuildArticleImageURL(objectKey string) string {
|
||||
@@ -109,12 +105,19 @@ func convertPublicAssetFormat(content []byte, format string) ([]byte, string, bo
|
||||
|
||||
func (h *AssetHandler) signObjectKey(objectKey string) string {
|
||||
encodedKey := base64.RawURLEncoding.EncodeToString([]byte(objectKey))
|
||||
mac := hmac.New(sha256.New, []byte(h.secret))
|
||||
mac := hmac.New(sha256.New, []byte(h.secret()))
|
||||
_, _ = mac.Write([]byte(objectKey))
|
||||
signature := base64.RawURLEncoding.EncodeToString(mac.Sum(nil))
|
||||
return fmt.Sprintf("%s.%s", encodedKey, signature)
|
||||
}
|
||||
|
||||
func (h *AssetHandler) secret() string {
|
||||
if h == nil || h.app == nil || h.app.Config() == nil {
|
||||
return ""
|
||||
}
|
||||
return strings.TrimSpace(h.app.Config().JWT.Secret)
|
||||
}
|
||||
|
||||
func (h *AssetHandler) parseToken(token string) (string, bool) {
|
||||
parts := strings.Split(token, ".")
|
||||
if len(parts) != 2 {
|
||||
|
||||
Reference in New Issue
Block a user