nav/AbstractWizard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: nav:0c4a1a4d3f7e359ea51bb4bb1d12d274de84d8cf
Branches Tags
nav:main nav:docs/readme-refresh
..
compare: nav:docs/readme-refresh
Branches Tags
nav:main nav:docs/readme-refresh

3 Commits
0c4a1a4d3f ... docs/readm

Author SHA1 Message Date
hzhang
73338349f6 docs: refresh README — accuracy pass + HarborForge platform context 
Verified against current code; fixed stale/inaccurate sections and
documented previously-undocumented features/flags/endpoints. Added a
"Part of the HarborForge platform" reference and role/port.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-16 17:49:59 +01:00
hzhang
8521b83e6d Merge pull request 'feat: add CORS support via CORS_ORIGINS env var' (#1) from feat/cors-support into master 
Reviewed-on: #1
 2026-03-11 10:45:59 +00:00
zhi
047f0b8422 feat: add CORS support via CORS_ORIGINS env var 
- New CORSMiddleware in server/cors.go
- Reads comma-separated origins from CORS_ORIGINS env
- Empty or "*" allows all origins
- Handles preflight OPTIONS requests
- Wraps existing LoggingMiddleware chain
 2026-03-11 10:07:32 +00:00
4 changed files with 84 additions and 14 deletions
Expand all files Collapse all files

24
README.md
View File

@@ -6,7 +6,9 @@
## English
Secure configuration file management service. Read, modify, and version-control JSON/YAML config files via REST API. Listens on localhost only — access remotely via SSH tunnel.
Secure configuration file management service for first-time platform setup. Read, modify, and version-control JSON/YAML config files via REST API. Bound to localhost only — access remotely via an SSH tunnel.
Part of the [HarborForge](../README.md) platform — `AbstractWizard` is the Go secure first-time setup service. The container listens on port `8080` (in the bundled compose file it is published as `127.0.0.1:18080`). It is intentionally separate from the core API (`HarborForge.Backend`, port 8000) and is used to seed and adjust configuration before/around bootstrap.
### Quick Start
@@ -32,6 +34,7 @@ CONFIG_DIR=./configs ./abstract-wizard
| `CONFIG_DIR` | `/config` | Base directory for config files |
| `LISTEN_ADDR` | `127.0.0.1:8080` | HTTP listen address |
| `MAX_BACKUPS` | `10` | Max backup versions per file |
| `CORS_ORIGINS` | _(empty)_ | Comma-separated allowed CORS origins. Empty or `*` allows all origins. |
### API
@@ -137,10 +140,11 @@ Then access via `http://127.0.0.1:18080` locally.
├── audit/
│ └── logger.go # Structured JSON audit log
├── server/
│ ├── server.go # HTTP server, routing, mode state machine
│ ├── middleware.go # Request logging middleware
│ ├── server.go # HTTP server, routing, mode state machine, graceful shutdown
│ ├── middleware.go # Request logging middleware
│ ├── cors.go # CORS middleware (CORS_ORIGINS)
│ └── handlers.go # API handlers
├── Dockerfile # Multi-stage build
├── Dockerfile # Multi-stage build (distroless, nonroot)
└── docker-compose.yaml # Example deployment
```
@@ -148,7 +152,9 @@ Then access via `http://127.0.0.1:18080` locally.
## 中文
安全配置文件管理服务。通过 REST API 对 JSON/YAML 配置文件进行读取、修改和版本管理,仅监听 localhost通过 SSH 隧道访问。
用于平台首次安装的安全配置文件管理服务。通过 REST API 对 JSON/YAML 配置文件进行读取、修改和版本管理,仅监听 localhost通过 SSH 隧道访问。
本组件是 [HarborForge](../README.md) 平台的一部分 —— `AbstractWizard` 是 Go 编写的安全首次安装服务。容器内监听 `8080` 端口(示例 compose 中映射为 `127.0.0.1:18080`),与核心 API`HarborForge.Backend`,端口 8000相互独立用于在引导前后写入和调整配置。
### 快速开始
@@ -174,6 +180,7 @@ CONFIG_DIR=./configs ./abstract-wizard
| `CONFIG_DIR` | `/config` | 配置文件存放目录 |
| `LISTEN_ADDR` | `127.0.0.1:8080` | 监听地址 |
| `MAX_BACKUPS` | `10` | 每个文件保留的最大备份数 |
| `CORS_ORIGINS` | _(空)_ | 逗号分隔的允许 CORS 来源;为空或 `*` 时允许所有来源 |
### API
@@ -279,9 +286,10 @@ ssh -L 18080:127.0.0.1:18080 user@server
├── audit/
│ └── logger.go # 结构化 JSON 审计日志
├── server/
│ ├── server.go # HTTP 服务、路由、模式状态机
│ ├── middleware.go # 请求日志中间件
│ ├── server.go # HTTP 服务、路由、模式状态机、优雅关闭
│ ├── middleware.go # 请求日志中间件
│ ├── cors.go # CORS 中间件CORS_ORIGINS
│ └── handlers.go # API 处理函数
├── Dockerfile # 多阶段构建
├── Dockerfile # 多阶段构建distroless、nonroot
└── docker-compose.yaml # 示例部署配置
```

26
main.go
View File

@@ -4,6 +4,7 @@ import (
"log"
"os"
"strconv"
"strings"
"AbstractWizard/audit"
"AbstractWizard/server"
@@ -11,9 +12,10 @@ import (
func main() {
cfg := server.AppConfig{
ConfigDir: envOrDefault("CONFIG_DIR", "/config"),
ListenAddr: envOrDefault("LISTEN_ADDR", "127.0.0.1:8080"),
MaxBackups: envOrDefaultInt("MAX_BACKUPS", 10),
ConfigDir: envOrDefault("CONFIG_DIR", "/config"),
ListenAddr: envOrDefault("LISTEN_ADDR", "127.0.0.1:8080"),
MaxBackups: envOrDefaultInt("MAX_BACKUPS", 10),
CORSOrigins: parseCSV(os.Getenv("CORS_ORIGINS")),
}
if err := os.MkdirAll(cfg.ConfigDir, 0o755); err != nil {
@@ -23,7 +25,8 @@ func main() {
auditLog := audit.NewLogger()
srv := server.New(cfg, auditLog)
log.Printf("config_dir=%s listen_addr=%s max_backups=%d", cfg.ConfigDir, cfg.ListenAddr, cfg.MaxBackups)
log.Printf("config_dir=%s listen_addr=%s max_backups=%d cors_origins=%v",
cfg.ConfigDir, cfg.ListenAddr, cfg.MaxBackups, cfg.CORSOrigins)
if err := srv.ListenAndServe(); err != nil {
log.Fatalf("server error: %v", err)
@@ -49,3 +52,18 @@ func envOrDefaultInt(key string, defaultVal int) int {
}
return n
}
func parseCSV(s string) []string {
if s == "" {
return nil
}
parts := strings.Split(s, ",")
result := make([]string, 0, len(parts))
for _, p := range parts {
p = strings.TrimSpace(p)
if p != "" {
result = append(result, p)
}
}
return result
}

43
server/cors.go Normal file
View File

@@ -0,0 +1,43 @@
package server
import (
"net/http"
"strings"
)
// CORSMiddleware adds CORS headers based on allowed origins.
// If allowedOrigins is empty or contains "*", all origins are allowed.
func CORSMiddleware(allowedOrigins []string, next http.Handler) http.Handler {
allowAll := len(allowedOrigins) == 0
originSet := make(map[string]bool, len(allowedOrigins))
for _, o := range allowedOrigins {
o = strings.TrimSpace(o)
if o == "*" {
allowAll = true
}
originSet[o] = true
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
origin := r.Header.Get("Origin")
if origin == "" {
next.ServeHTTP(w, r)
return
}
if allowAll || originSet[origin] {
w.Header().Set("Access-Control-Allow-Origin", origin)
w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, PATCH, POST, DELETE, OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
w.Header().Set("Access-Control-Max-Age", "3600")
w.Header().Set("Vary", "Origin")
}
if r.Method == http.MethodOptions {
w.WriteHeader(http.StatusNoContent)
return
}
next.ServeHTTP(w, r)
})
}

5
server/server.go
View File

@@ -48,7 +48,8 @@ func ParseMode(s string) (Mode, bool) {
type AppConfig struct {
ConfigDir string
ListenAddr string
MaxBackups int
MaxBackups int
CORSOrigins []string
}
// Server is the main HTTP server.
@@ -73,7 +74,7 @@ func New(cfg AppConfig, auditLog *audit.Logger) *Server {
s.srv = &http.Server{
Addr: cfg.ListenAddr,
Handler: LoggingMiddleware(mux),
Handler: CORSMiddleware(cfg.CORSOrigins, LoggingMiddleware(mux)),
ReadTimeout: 10 * time.Second,
WriteTimeout: 30 * time.Second,
IdleTimeout: 60 * time.Second,