GW_MC/NxMesh-old-2
1
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: Add SSH authentication interceptor and update proto definitions

Browse Source
This commit is contained in:
GW_MC
2026-03-21 03:06:56 +00:00
parent 261e6b1bdb
commit 2fcdc7d0df
5 changed files with 82 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
crates/nxmesh-proto/proto/agent.proto
View File

@@ -3,6 +3,9 @@ package nxmesh.agent.v1;
option go_package = "github.com/nxmesh/api/agent/v1";
// For all file paths in this proto, we use forward slashes ("/") as the separator, even on Windows. This is because gRPC and protobuf are designed to be cross-platform and forward slashes are universally accepted as path separators in URLs and many programming languages. Using forward slashes ensures consistency and avoids issues with escaping backslashes on different platforms.
// All file paths MUST be relative paths from other config files, e.g. "site.conf", "private/example.com.conf". Absolute paths or path traversal above the config directory should be rejected by the agent for security reasons. The config files must live within the generated config directory, e.g. "/etc/nginx/conf-<timestamp>/site.conf". This allows the agent to manage the lifecycle of config files, e.g. cleanup old configs after successful apply.
// AgentService defines the bidirectional communication between master and agents
service AgentService {
// Stream establishes a persistent connection for real-time communication
@@ -43,13 +46,12 @@ message MasterMessage {
// Registration
message RegistrationRequest {
string token = 1;
string hostname = 2;
string ip_address = 3;
string version = 4;
repeated string capabilities = 5;
map<string, string> labels = 6;
DeploymentMode deployment_mode = 7;
string hostname = 1;
string ip_address = 2;
string version = 3;
repeated string capabilities = 4;
map<string, string> labels = 5;
DeploymentMode deployment_mode = 6;
}
message RegistrationResponse {
@@ -104,94 +106,22 @@ message Alert {
message ConfigUpdate {
string config_id = 1;
int64 version = 2;
repeated VirtualHost virtual_hosts = 3;
repeated Upstream upstreams = 4;
map<string, Certificate> certificates = 5;
GlobalSettings global_settings = 6;
repeated ConfigContent configs = 3;
repeated CertificateContent certificates = 4;
}
message VirtualHost {
string id = 1;
string name = 2;
string server_name = 3;
uint32 listen_port = 4;
bool ssl_enabled = 5;
string ssl_certificate_id = 6;
bool http2_enabled = 7;
bool http3_enabled = 8;
repeated Location locations = 9;
map<string, string> custom_directives = 10;
}
message Location {
message ConfigContent {
// relative path from other config files, e.g. "site.conf", "private/example.com.conf"
string path = 1;
string proxy_pass = 2;
string upstream_id = 3;
string root = 4;
string index = 5;
repeated Header custom_headers = 6;
repeated RewriteRule rewrite_rules = 7;
map<string, string> custom_directives = 8;
string content = 2;
}
message Header {
string name = 1;
string value = 2;
bool always = 3;
}
message RewriteRule {
string pattern = 1;
string replacement = 2;
string flag = 3;
}
message Upstream {
message CertificateContent {
string id = 1;
string name = 2;
LoadBalanceAlgorithm algorithm = 3;
repeated UpstreamServer servers = 4;
HealthCheckConfig health_check = 5;
uint32 keepalive_connections = 6;
}
enum LoadBalanceAlgorithm {
LOAD_BALANCE_ALGORITHM_UNSPECIFIED = 0;
ROUND_ROBIN = 1;
LEAST_CONNECTIONS = 2;
IP_HASH = 3;
WEIGHTED_ROUND_ROBIN = 4;
}
message UpstreamServer {
string address = 1;
uint32 weight = 2;
bool backup = 3;
bool down = 4;
uint32 max_fails = 5;
uint32 fail_timeout_seconds = 6;
}
message HealthCheckConfig {
bool enabled = 1;
// relative path from other config files, e.g. "certs/example.com.pem"
string path = 2;
uint32 interval_seconds = 3;
uint32 timeout_seconds = 4;
uint32 healthy_threshold = 5;
uint32 unhealthy_threshold = 6;
}
message Certificate {
string id = 1;
string domain = 2;
string certificate_pem = 3;
string private_key_pem = 4;
int64 expires_at = 5;
}
message GlobalSettings {
map<string, string> nginx_directives = 1;
map<string, string> env_vars = 2;
}
message ConfigStatus {