feat(monitoring): generate daily tasks and optimize heartbeat writes
Adds a MonitoringDailyTaskWorker that materializes and dispatches daily collect tasks from active subscription/desktop-client state, with per-run atomic metrics and a Prometheus collector. Dashboard and question-detail APIs now surface a platform_authorization_status so the UI can distinguish no-desktop-client, no-authorized-platforms, and authorized states; quota/access-state lookups resolve by request workspace instead of tenant. Hardens heartbeat: a desktop_client_primary_leases table gives per-(tenant, workspace) sticky primary selection, read-mostly lease resolution avoids a per-heartbeat transaction, and unchanged platform access reports skip snapshot upserts outside a 10-minute refresh window. Adds heartbeat primary/snapshot metrics exposed via token-protected tenant-api /api/internal/metrics endpoints plus Prometheus. Monitoring quota seed is removed from dev-seed since daily plans now derive from desktop bindings, and the projection uses the canonical six-platform catalog so platforms with zero samples still render. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,61 @@
|
||||
package transport
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
|
||||
"github.com/geo-platform/tenant-api/internal/bootstrap"
|
||||
"github.com/geo-platform/tenant-api/internal/shared/response"
|
||||
tenantapp "github.com/geo-platform/tenant-api/internal/tenant/app"
|
||||
)
|
||||
|
||||
func registerInternalMetricsRoutes(app *bootstrap.App) {
|
||||
token := strings.TrimSpace(app.Config.Scheduler.InternalMetricsToken)
|
||||
if token == "" {
|
||||
app.Logger.Warn("tenant-api internal metrics routes not registered: scheduler.internal_metrics_token is required")
|
||||
return
|
||||
}
|
||||
|
||||
metrics := app.Engine.Group("/api/internal/metrics")
|
||||
metrics.Use(internalMetricsAuthMiddleware(token))
|
||||
metrics.GET("/monitoring/heartbeat-primary-lease", func(c *gin.Context) {
|
||||
response.Success(c, tenantapp.MonitoringHeartbeatPrimaryLeaseMetricsSnapshotValue())
|
||||
})
|
||||
primaryLeasePrometheusHandler := tenantapp.MonitoringHeartbeatPrimaryLeaseMetricsPrometheusHandler()
|
||||
metrics.GET("/monitoring/heartbeat-primary-lease/prometheus", func(c *gin.Context) {
|
||||
primaryLeasePrometheusHandler.ServeHTTP(c.Writer, c.Request)
|
||||
})
|
||||
metrics.GET("/monitoring/heartbeat-snapshots", func(c *gin.Context) {
|
||||
response.Success(c, tenantapp.MonitoringHeartbeatSnapshotMetricsSnapshotValue())
|
||||
})
|
||||
snapshotPrometheusHandler := tenantapp.MonitoringHeartbeatSnapshotMetricsPrometheusHandler()
|
||||
metrics.GET("/monitoring/heartbeat-snapshots/prometheus", func(c *gin.Context) {
|
||||
snapshotPrometheusHandler.ServeHTTP(c.Writer, c.Request)
|
||||
})
|
||||
}
|
||||
|
||||
func internalMetricsAuthMiddleware(token string) gin.HandlerFunc {
|
||||
expected := strings.TrimSpace(token)
|
||||
return func(c *gin.Context) {
|
||||
if expected == "" || !internalMetricsTokenMatches(c, expected) {
|
||||
response.Error(c, response.ErrUnauthorized(40181, "internal_metrics_unauthorized", "valid internal metrics token is required"))
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
func internalMetricsTokenMatches(c *gin.Context, expected string) bool {
|
||||
if c == nil {
|
||||
return false
|
||||
}
|
||||
header := strings.TrimSpace(c.GetHeader("Authorization"))
|
||||
if strings.HasPrefix(strings.ToLower(header), "bearer ") {
|
||||
if strings.TrimSpace(header[len("bearer "):]) == expected {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return strings.TrimSpace(c.GetHeader("X-Internal-Metrics-Token")) == expected
|
||||
}
|
||||
@@ -26,7 +26,7 @@ type monitoringCollectNowRequest struct {
|
||||
|
||||
func NewMonitoringHandler(a *bootstrap.App) *MonitoringHandler {
|
||||
return &MonitoringHandler{
|
||||
svc: app.NewMonitoringService(a.DB, a.MonitoringDB, a.RabbitMQ, a.Config.MonitoringDispatch, a.Logger),
|
||||
svc: app.NewMonitoringService(a.DB, a.MonitoringDB, a.RabbitMQ, a.Config.MonitoringDispatch, a.Config.BrandLibrary, a.Logger),
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -8,6 +8,8 @@ import (
|
||||
)
|
||||
|
||||
func RegisterRoutes(app *bootstrap.App) {
|
||||
registerInternalMetricsRoutes(app)
|
||||
|
||||
authAPI := app.Engine.Group("/api/auth")
|
||||
authHandler := NewAuthHandler(app)
|
||||
authAPI.POST("/login", authHandler.Login)
|
||||
@@ -21,6 +23,7 @@ func RegisterRoutes(app *bootstrap.App) {
|
||||
protected := app.Engine.Group("/api")
|
||||
protected.Use(auth.Middleware(app.JWT, app.Sessions))
|
||||
protected.Use(middleware.TenantScope())
|
||||
protected.Use(middleware.WorkspaceScope(app.DB))
|
||||
|
||||
protected.GET("/auth/me", authHandler.Me)
|
||||
protected.POST("/auth/logout", authHandler.Logout)
|
||||
|
||||
Reference in New Issue
Block a user