MosswartOverlord

SawatoMosswartsEnjoyersClub/MosswartOverlord

Fork 0

Commit graph

Author	SHA1	Message	Date
Erik	27757636e4	feat(go-services): tracker WS servers (/ws/position + /ws/live) + robust shadow Completes the Go tracker as a cutover-ready drop-in: - wslive.go: browser broadcast hub with per-client subscribe filters (nil=all), request_dungeon_map replies, and command routing; auth = internal-trust or session cookie. The ingestor broadcasts every handled event to it. - wsposition.go: plugin ingest server with X-Plugin-Secret/SHARED_SECRET auth (constant-time, fails closed, legacy fallback), register -> plugin_conns, and dispatch into the shared Ingestor. plugin registry for backend->plugin commands. - main.go: statusRecorder.Unwrap() so coder/websocket can hijack through the logging middleware (WS handshakes failed without it); /ws/ bypasses HTTP auth. Shadow consumer robustness (the harness was being evicted under the full firehose): decouple socket read from processing — the read loop only copies raw frames to a queue; a worker unmarshals + dispatches. JSON parsing in the read loop was slowing it enough that Python's broadcast send errored and evicted us (Read then blocked forever). Added a 25s read-deadline watchdog to self-heal. Validated live: shadow /live online = 73 = production; telemetry sustained ~12/s, 0 drops, no eviction; and the shadow's /ws/live re-broadcast stream is IDENTICAL to production's (TOTAL 2150=2150, every event type exact). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-24 11:15:05 +02:00
Erik	bf15d4a2f7	feat(go-services): tracker-go — auth gate (itsdangerous + internal-trust) Replicates main.py's AuthMiddleware so /go/ can be exposed safely: - internal-trust: private source IP AND no X-Forwarded-For => skip auth (loopback/compose callers; nginx adds XFF to all internet traffic). - session cookie: byte-compatible itsdangerous URLSafeTimedSerializer verify (HMAC-SHA1, django-concat key derivation sha1("itsdangerous"+"signer"+key), Unix-epoch timestamp, urlsafe-b64 no pad, optional zlib payload), keyed on the same SECRET_KEY. 30-day max-age. Public allowlist (/login,/logout,login assets, /icons/,/health); 302->/login for html, 401 JSON otherwise. Validated on the server: internal-trust loopback 200; external no-cookie 401; html 302; valid cookie 200; tampered 401; /health public 200; and the SAME Python-issued cookie authenticates BOTH services (cross-compat proof). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-24 09:48:47 +02:00

Author

SHA1

Message

Date

Erik

27757636e4

feat(go-services): tracker WS servers (/ws/position + /ws/live) + robust shadow

Completes the Go tracker as a cutover-ready drop-in:
- wslive.go: browser broadcast hub with per-client subscribe filters (nil=all),
  request_dungeon_map replies, and command routing; auth = internal-trust or
  session cookie. The ingestor broadcasts every handled event to it.
- wsposition.go: plugin ingest server with X-Plugin-Secret/SHARED_SECRET auth
  (constant-time, fails closed, legacy fallback), register -> plugin_conns, and
  dispatch into the shared Ingestor. plugin registry for backend->plugin commands.
- main.go: statusRecorder.Unwrap() so coder/websocket can hijack through the
  logging middleware (WS handshakes failed without it); /ws/ bypasses HTTP auth.

Shadow consumer robustness (the harness was being evicted under the full
firehose): decouple socket read from processing — the read loop only copies raw
frames to a queue; a worker unmarshals + dispatches. JSON parsing in the read
loop was slowing it enough that Python's broadcast send errored and evicted us
(Read then blocked forever). Added a 25s read-deadline watchdog to self-heal.

Validated live: shadow /live online = 73 = production; telemetry sustained ~12/s,
0 drops, no eviction; and the shadow's /ws/live re-broadcast stream is IDENTICAL
to production's (TOTAL 2150=2150, every event type exact).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-24 11:15:05 +02:00

Erik

bf15d4a2f7

feat(go-services): tracker-go — auth gate (itsdangerous + internal-trust)

Replicates main.py's AuthMiddleware so /go/ can be exposed safely:
- internal-trust: private source IP AND no X-Forwarded-For => skip auth
  (loopback/compose callers; nginx adds XFF to all internet traffic).
- session cookie: byte-compatible itsdangerous URLSafeTimedSerializer verify
  (HMAC-SHA1, django-concat key derivation sha1("itsdangerous"+"signer"+key),
  Unix-epoch timestamp, urlsafe-b64 no pad, optional zlib payload), keyed on the
  same SECRET_KEY. 30-day max-age. Public allowlist (/login,/logout,login assets,
  /icons/,/health); 302->/login for html, 401 JSON otherwise.

Validated on the server: internal-trust loopback 200; external no-cookie 401;
html 302; valid cookie 200; tampered 401; /health public 200; and the SAME
Python-issued cookie authenticates BOTH services (cross-compat proof).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-24 09:48:47 +02:00

2 commits