feat(server/ops-api): add operations console backend
Stand up an internal ops-api service with operator account, auth, and audit log subsystems backed by a dedicated migrations_ops migration set. Wire Makefile targets and the migrate Dockerfile stage so the new schema ships alongside the existing tenant + monitoring databases. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,103 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/signal"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
|
||||
opsconfig "github.com/geo-platform/tenant-api/internal/ops/config"
|
||||
"github.com/geo-platform/tenant-api/internal/ops/app"
|
||||
"github.com/geo-platform/tenant-api/internal/ops/repository"
|
||||
"github.com/geo-platform/tenant-api/internal/ops/transport"
|
||||
"github.com/geo-platform/tenant-api/internal/shared/observability"
|
||||
"github.com/geo-platform/tenant-api/internal/shared/repository/postgres"
|
||||
)
|
||||
|
||||
func main() {
|
||||
configPath := "configs/ops-config.yaml"
|
||||
if p := os.Getenv("CONFIG_PATH"); p != "" {
|
||||
configPath = p
|
||||
}
|
||||
|
||||
cfg, err := opsconfig.Load(configPath)
|
||||
if err != nil {
|
||||
log.Fatalf("ops-api load config: %v", err)
|
||||
}
|
||||
|
||||
logger, err := observability.NewLogger(cfg.Log.Level, cfg.Log.Format)
|
||||
if err != nil {
|
||||
log.Fatalf("ops-api init logger: %v", err)
|
||||
}
|
||||
defer func() { _ = logger.Sync() }()
|
||||
|
||||
ctx := context.Background()
|
||||
pool, err := postgres.NewPool(ctx, cfg.Database)
|
||||
if err != nil {
|
||||
logger.Sugar().Fatalf("ops-api init postgres: %v", err)
|
||||
}
|
||||
defer pool.Close()
|
||||
|
||||
accountsRepo := repository.NewAccountRepository(pool)
|
||||
auditsRepo := repository.NewAuditRepository(pool)
|
||||
|
||||
auditSvc := app.NewAuditService(auditsRepo, logger)
|
||||
issuer := app.NewTokenIssuer(cfg.JWT.Secret, cfg.JWT.AccessTTL)
|
||||
authSvc := app.NewAuthService(accountsRepo, auditSvc, issuer)
|
||||
accountSvc := app.NewAccountService(accountsRepo, auditSvc)
|
||||
|
||||
if err := app.SeedDefaultAdmin(ctx, accountsRepo, app.DefaultAdminSeed{
|
||||
Username: cfg.DefaultAdmin.Username,
|
||||
Password: cfg.DefaultAdmin.Password,
|
||||
DisplayName: cfg.DefaultAdmin.DisplayName,
|
||||
Email: cfg.DefaultAdmin.Email,
|
||||
}, logger); err != nil {
|
||||
logger.Sugar().Fatalf("ops-api seed default admin: %v", err)
|
||||
}
|
||||
|
||||
if cfg.Server.Mode == "release" {
|
||||
gin.SetMode(gin.ReleaseMode)
|
||||
}
|
||||
engine := gin.New()
|
||||
|
||||
transport.RegisterRoutes(transport.Deps{
|
||||
Engine: engine,
|
||||
Logger: logger,
|
||||
DB: pool,
|
||||
Issuer: issuer,
|
||||
Auth: authSvc,
|
||||
Accounts: accountSvc,
|
||||
Audits: auditSvc,
|
||||
})
|
||||
|
||||
addr := fmt.Sprintf(":%d", cfg.Server.Port)
|
||||
srv := &http.Server{
|
||||
Addr: addr,
|
||||
Handler: engine,
|
||||
ReadHeaderTimeout: 10 * time.Second,
|
||||
}
|
||||
|
||||
logger.Sugar().Infof("ops-api starting on %s", addr)
|
||||
go func() {
|
||||
if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
|
||||
logger.Sugar().Fatalf("ops-api server: %v", err)
|
||||
}
|
||||
}()
|
||||
|
||||
quit := make(chan os.Signal, 1)
|
||||
signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
|
||||
<-quit
|
||||
|
||||
logger.Info("ops-api shutting down...")
|
||||
shutdownCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer cancel()
|
||||
if err := srv.Shutdown(shutdownCtx); err != nil {
|
||||
logger.Sugar().Warnf("ops-api shutdown: %v", err)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user